1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 /* the netlink family */ 27 static struct genl_family nl80211_fam = { 28 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 29 .name = "nl80211", /* have users key off the name instead */ 30 .hdrsize = 0, /* no private header */ 31 .version = 1, /* no particular meaning now */ 32 .maxattr = NL80211_ATTR_MAX, 33 .netnsok = true, 34 }; 35 36 /* internal helper: get rdev and dev */ 37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info, 38 struct cfg80211_registered_device **rdev, 39 struct net_device **dev) 40 { 41 struct nlattr **attrs = info->attrs; 42 int ifindex; 43 44 if (!attrs[NL80211_ATTR_IFINDEX]) 45 return -EINVAL; 46 47 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 48 *dev = dev_get_by_index(genl_info_net(info), ifindex); 49 if (!*dev) 50 return -ENODEV; 51 52 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex); 53 if (IS_ERR(*rdev)) { 54 dev_put(*dev); 55 return PTR_ERR(*rdev); 56 } 57 58 return 0; 59 } 60 61 /* policy for the attributes */ 62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 65 .len = 20-1 }, 66 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 67 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 68 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 69 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 74 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 77 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 78 79 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN }, 80 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN }, 81 82 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 83 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 84 .len = WLAN_MAX_KEY_LEN }, 85 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 86 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 87 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 88 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 89 90 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 91 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 92 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 93 .len = IEEE80211_MAX_DATA_LEN }, 94 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 95 .len = IEEE80211_MAX_DATA_LEN }, 96 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 97 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 98 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 99 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 100 .len = NL80211_MAX_SUPP_RATES }, 101 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 102 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 103 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 104 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 105 .len = IEEE80211_MAX_MESH_ID_LEN }, 106 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 107 108 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 109 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 110 111 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 112 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 113 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 114 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 115 .len = NL80211_MAX_SUPP_RATES }, 116 117 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED }, 118 119 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 120 .len = NL80211_HT_CAPABILITY_LEN }, 121 122 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 123 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 124 .len = IEEE80211_MAX_DATA_LEN }, 125 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 127 128 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 129 .len = IEEE80211_MAX_SSID_LEN }, 130 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 131 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 132 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 134 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 135 [NL80211_ATTR_STA_FLAGS2] = { 136 .len = sizeof(struct nl80211_sta_flag_update), 137 }, 138 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 139 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 145 .len = WLAN_PMKID_LEN }, 146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 150 .len = IEEE80211_MAX_DATA_LEN }, 151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 153 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 154 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 156 157 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 158 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 159 }; 160 161 /* policy for the attributes */ 162 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 163 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 164 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 165 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 166 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 167 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 168 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 169 }; 170 171 /* ifidx get helper */ 172 static int nl80211_get_ifidx(struct netlink_callback *cb) 173 { 174 int res; 175 176 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 177 nl80211_fam.attrbuf, nl80211_fam.maxattr, 178 nl80211_policy); 179 if (res) 180 return res; 181 182 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 183 return -EINVAL; 184 185 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 186 if (!res) 187 return -EINVAL; 188 return res; 189 } 190 191 /* IE validation */ 192 static bool is_valid_ie_attr(const struct nlattr *attr) 193 { 194 const u8 *pos; 195 int len; 196 197 if (!attr) 198 return true; 199 200 pos = nla_data(attr); 201 len = nla_len(attr); 202 203 while (len) { 204 u8 elemlen; 205 206 if (len < 2) 207 return false; 208 len -= 2; 209 210 elemlen = pos[1]; 211 if (elemlen > len) 212 return false; 213 214 len -= elemlen; 215 pos += 2 + elemlen; 216 } 217 218 return true; 219 } 220 221 /* message building helper */ 222 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 223 int flags, u8 cmd) 224 { 225 /* since there is no private header just add the generic one */ 226 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 227 } 228 229 static int nl80211_msg_put_channel(struct sk_buff *msg, 230 struct ieee80211_channel *chan) 231 { 232 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 233 chan->center_freq); 234 235 if (chan->flags & IEEE80211_CHAN_DISABLED) 236 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 237 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 238 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 239 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 240 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 241 if (chan->flags & IEEE80211_CHAN_RADAR) 242 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 243 244 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 245 DBM_TO_MBM(chan->max_power)); 246 247 return 0; 248 249 nla_put_failure: 250 return -ENOBUFS; 251 } 252 253 /* netlink command implementations */ 254 255 struct key_parse { 256 struct key_params p; 257 int idx; 258 bool def, defmgmt; 259 }; 260 261 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 262 { 263 struct nlattr *tb[NL80211_KEY_MAX + 1]; 264 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 265 nl80211_key_policy); 266 if (err) 267 return err; 268 269 k->def = !!tb[NL80211_KEY_DEFAULT]; 270 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 271 272 if (tb[NL80211_KEY_IDX]) 273 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 274 275 if (tb[NL80211_KEY_DATA]) { 276 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 277 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 278 } 279 280 if (tb[NL80211_KEY_SEQ]) { 281 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 282 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 283 } 284 285 if (tb[NL80211_KEY_CIPHER]) 286 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 287 288 return 0; 289 } 290 291 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 292 { 293 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 294 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 295 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 296 } 297 298 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 299 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 300 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 301 } 302 303 if (info->attrs[NL80211_ATTR_KEY_IDX]) 304 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 305 306 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 307 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 308 309 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 310 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 311 312 return 0; 313 } 314 315 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 316 { 317 int err; 318 319 memset(k, 0, sizeof(*k)); 320 k->idx = -1; 321 322 if (info->attrs[NL80211_ATTR_KEY]) 323 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 324 else 325 err = nl80211_parse_key_old(info, k); 326 327 if (err) 328 return err; 329 330 if (k->def && k->defmgmt) 331 return -EINVAL; 332 333 if (k->idx != -1) { 334 if (k->defmgmt) { 335 if (k->idx < 4 || k->idx > 5) 336 return -EINVAL; 337 } else if (k->def) { 338 if (k->idx < 0 || k->idx > 3) 339 return -EINVAL; 340 } else { 341 if (k->idx < 0 || k->idx > 5) 342 return -EINVAL; 343 } 344 } 345 346 return 0; 347 } 348 349 static struct cfg80211_cached_keys * 350 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 351 struct nlattr *keys) 352 { 353 struct key_parse parse; 354 struct nlattr *key; 355 struct cfg80211_cached_keys *result; 356 int rem, err, def = 0; 357 358 result = kzalloc(sizeof(*result), GFP_KERNEL); 359 if (!result) 360 return ERR_PTR(-ENOMEM); 361 362 result->def = -1; 363 result->defmgmt = -1; 364 365 nla_for_each_nested(key, keys, rem) { 366 memset(&parse, 0, sizeof(parse)); 367 parse.idx = -1; 368 369 err = nl80211_parse_key_new(key, &parse); 370 if (err) 371 goto error; 372 err = -EINVAL; 373 if (!parse.p.key) 374 goto error; 375 if (parse.idx < 0 || parse.idx > 4) 376 goto error; 377 if (parse.def) { 378 if (def) 379 goto error; 380 def = 1; 381 result->def = parse.idx; 382 } else if (parse.defmgmt) 383 goto error; 384 err = cfg80211_validate_key_settings(rdev, &parse.p, 385 parse.idx, NULL); 386 if (err) 387 goto error; 388 result->params[parse.idx].cipher = parse.p.cipher; 389 result->params[parse.idx].key_len = parse.p.key_len; 390 result->params[parse.idx].key = result->data[parse.idx]; 391 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 392 } 393 394 return result; 395 error: 396 kfree(result); 397 return ERR_PTR(err); 398 } 399 400 static int nl80211_key_allowed(struct wireless_dev *wdev) 401 { 402 ASSERT_WDEV_LOCK(wdev); 403 404 if (!netif_running(wdev->netdev)) 405 return -ENETDOWN; 406 407 switch (wdev->iftype) { 408 case NL80211_IFTYPE_AP: 409 case NL80211_IFTYPE_AP_VLAN: 410 break; 411 case NL80211_IFTYPE_ADHOC: 412 if (!wdev->current_bss) 413 return -ENOLINK; 414 break; 415 case NL80211_IFTYPE_STATION: 416 if (wdev->sme_state != CFG80211_SME_CONNECTED) 417 return -ENOLINK; 418 break; 419 default: 420 return -EINVAL; 421 } 422 423 return 0; 424 } 425 426 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 427 struct cfg80211_registered_device *dev) 428 { 429 void *hdr; 430 struct nlattr *nl_bands, *nl_band; 431 struct nlattr *nl_freqs, *nl_freq; 432 struct nlattr *nl_rates, *nl_rate; 433 struct nlattr *nl_modes; 434 struct nlattr *nl_cmds; 435 enum ieee80211_band band; 436 struct ieee80211_channel *chan; 437 struct ieee80211_rate *rate; 438 int i; 439 u16 ifmodes = dev->wiphy.interface_modes; 440 441 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 442 if (!hdr) 443 return -1; 444 445 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 446 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 447 448 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 449 cfg80211_rdev_list_generation); 450 451 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 452 dev->wiphy.retry_short); 453 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 454 dev->wiphy.retry_long); 455 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 456 dev->wiphy.frag_threshold); 457 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 458 dev->wiphy.rts_threshold); 459 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 460 dev->wiphy.coverage_class); 461 462 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 463 dev->wiphy.max_scan_ssids); 464 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 465 dev->wiphy.max_scan_ie_len); 466 467 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 468 sizeof(u32) * dev->wiphy.n_cipher_suites, 469 dev->wiphy.cipher_suites); 470 471 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 472 dev->wiphy.max_num_pmkids); 473 474 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 475 if (!nl_modes) 476 goto nla_put_failure; 477 478 i = 0; 479 while (ifmodes) { 480 if (ifmodes & 1) 481 NLA_PUT_FLAG(msg, i); 482 ifmodes >>= 1; 483 i++; 484 } 485 486 nla_nest_end(msg, nl_modes); 487 488 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 489 if (!nl_bands) 490 goto nla_put_failure; 491 492 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 493 if (!dev->wiphy.bands[band]) 494 continue; 495 496 nl_band = nla_nest_start(msg, band); 497 if (!nl_band) 498 goto nla_put_failure; 499 500 /* add HT info */ 501 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 502 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 503 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 504 &dev->wiphy.bands[band]->ht_cap.mcs); 505 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 506 dev->wiphy.bands[band]->ht_cap.cap); 507 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 508 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 509 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 510 dev->wiphy.bands[band]->ht_cap.ampdu_density); 511 } 512 513 /* add frequencies */ 514 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 515 if (!nl_freqs) 516 goto nla_put_failure; 517 518 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 519 nl_freq = nla_nest_start(msg, i); 520 if (!nl_freq) 521 goto nla_put_failure; 522 523 chan = &dev->wiphy.bands[band]->channels[i]; 524 525 if (nl80211_msg_put_channel(msg, chan)) 526 goto nla_put_failure; 527 528 nla_nest_end(msg, nl_freq); 529 } 530 531 nla_nest_end(msg, nl_freqs); 532 533 /* add bitrates */ 534 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 535 if (!nl_rates) 536 goto nla_put_failure; 537 538 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 539 nl_rate = nla_nest_start(msg, i); 540 if (!nl_rate) 541 goto nla_put_failure; 542 543 rate = &dev->wiphy.bands[band]->bitrates[i]; 544 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 545 rate->bitrate); 546 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 547 NLA_PUT_FLAG(msg, 548 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 549 550 nla_nest_end(msg, nl_rate); 551 } 552 553 nla_nest_end(msg, nl_rates); 554 555 nla_nest_end(msg, nl_band); 556 } 557 nla_nest_end(msg, nl_bands); 558 559 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 560 if (!nl_cmds) 561 goto nla_put_failure; 562 563 i = 0; 564 #define CMD(op, n) \ 565 do { \ 566 if (dev->ops->op) { \ 567 i++; \ 568 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 569 } \ 570 } while (0) 571 572 CMD(add_virtual_intf, NEW_INTERFACE); 573 CMD(change_virtual_intf, SET_INTERFACE); 574 CMD(add_key, NEW_KEY); 575 CMD(add_beacon, NEW_BEACON); 576 CMD(add_station, NEW_STATION); 577 CMD(add_mpath, NEW_MPATH); 578 CMD(set_mesh_params, SET_MESH_PARAMS); 579 CMD(change_bss, SET_BSS); 580 CMD(auth, AUTHENTICATE); 581 CMD(assoc, ASSOCIATE); 582 CMD(deauth, DEAUTHENTICATE); 583 CMD(disassoc, DISASSOCIATE); 584 CMD(join_ibss, JOIN_IBSS); 585 CMD(set_pmksa, SET_PMKSA); 586 CMD(del_pmksa, DEL_PMKSA); 587 CMD(flush_pmksa, FLUSH_PMKSA); 588 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 589 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 590 CMD(action, ACTION); 591 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 592 i++; 593 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 594 } 595 CMD(set_channel, SET_CHANNEL); 596 597 #undef CMD 598 599 if (dev->ops->connect || dev->ops->auth) { 600 i++; 601 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 602 } 603 604 if (dev->ops->disconnect || dev->ops->deauth) { 605 i++; 606 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 607 } 608 609 nla_nest_end(msg, nl_cmds); 610 611 return genlmsg_end(msg, hdr); 612 613 nla_put_failure: 614 genlmsg_cancel(msg, hdr); 615 return -EMSGSIZE; 616 } 617 618 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 619 { 620 int idx = 0; 621 int start = cb->args[0]; 622 struct cfg80211_registered_device *dev; 623 624 mutex_lock(&cfg80211_mutex); 625 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 626 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 627 continue; 628 if (++idx <= start) 629 continue; 630 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 631 cb->nlh->nlmsg_seq, NLM_F_MULTI, 632 dev) < 0) { 633 idx--; 634 break; 635 } 636 } 637 mutex_unlock(&cfg80211_mutex); 638 639 cb->args[0] = idx; 640 641 return skb->len; 642 } 643 644 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 645 { 646 struct sk_buff *msg; 647 struct cfg80211_registered_device *dev; 648 649 dev = cfg80211_get_dev_from_info(info); 650 if (IS_ERR(dev)) 651 return PTR_ERR(dev); 652 653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 654 if (!msg) 655 goto out_err; 656 657 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) 658 goto out_free; 659 660 cfg80211_unlock_rdev(dev); 661 662 return genlmsg_reply(msg, info); 663 664 out_free: 665 nlmsg_free(msg); 666 out_err: 667 cfg80211_unlock_rdev(dev); 668 return -ENOBUFS; 669 } 670 671 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 672 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 673 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 674 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 675 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 676 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 677 }; 678 679 static int parse_txq_params(struct nlattr *tb[], 680 struct ieee80211_txq_params *txq_params) 681 { 682 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 683 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 684 !tb[NL80211_TXQ_ATTR_AIFS]) 685 return -EINVAL; 686 687 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 688 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 689 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 690 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 691 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 692 693 return 0; 694 } 695 696 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 697 { 698 /* 699 * You can only set the channel explicitly for AP, mesh 700 * and WDS type interfaces; all others have their channel 701 * managed via their respective "establish a connection" 702 * command (connect, join, ...) 703 * 704 * Monitors are special as they are normally slaved to 705 * whatever else is going on, so they behave as though 706 * you tried setting the wiphy channel itself. 707 */ 708 return !wdev || 709 wdev->iftype == NL80211_IFTYPE_AP || 710 wdev->iftype == NL80211_IFTYPE_WDS || 711 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 712 wdev->iftype == NL80211_IFTYPE_MONITOR; 713 } 714 715 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 716 struct wireless_dev *wdev, 717 struct genl_info *info) 718 { 719 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 720 u32 freq; 721 int result; 722 723 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 724 return -EINVAL; 725 726 if (!nl80211_can_set_dev_channel(wdev)) 727 return -EOPNOTSUPP; 728 729 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 730 channel_type = nla_get_u32(info->attrs[ 731 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 732 if (channel_type != NL80211_CHAN_NO_HT && 733 channel_type != NL80211_CHAN_HT20 && 734 channel_type != NL80211_CHAN_HT40PLUS && 735 channel_type != NL80211_CHAN_HT40MINUS) 736 return -EINVAL; 737 } 738 739 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 740 741 mutex_lock(&rdev->devlist_mtx); 742 if (wdev) { 743 wdev_lock(wdev); 744 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 745 wdev_unlock(wdev); 746 } else { 747 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 748 } 749 mutex_unlock(&rdev->devlist_mtx); 750 751 return result; 752 } 753 754 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 755 { 756 struct cfg80211_registered_device *rdev; 757 struct net_device *netdev; 758 int result; 759 760 rtnl_lock(); 761 762 result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev); 763 if (result) 764 goto unlock; 765 766 result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 767 768 unlock: 769 rtnl_unlock(); 770 771 return result; 772 } 773 774 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 775 { 776 struct cfg80211_registered_device *rdev; 777 struct net_device *netdev = NULL; 778 struct wireless_dev *wdev; 779 int result, rem_txq_params = 0; 780 struct nlattr *nl_txq_params; 781 u32 changed; 782 u8 retry_short = 0, retry_long = 0; 783 u32 frag_threshold = 0, rts_threshold = 0; 784 u8 coverage_class = 0; 785 786 rtnl_lock(); 787 788 /* 789 * Try to find the wiphy and netdev. Normally this 790 * function shouldn't need the netdev, but this is 791 * done for backward compatibility -- previously 792 * setting the channel was done per wiphy, but now 793 * it is per netdev. Previous userland like hostapd 794 * also passed a netdev to set_wiphy, so that it is 795 * possible to let that go to the right netdev! 796 */ 797 mutex_lock(&cfg80211_mutex); 798 799 if (info->attrs[NL80211_ATTR_IFINDEX]) { 800 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 801 802 netdev = dev_get_by_index(genl_info_net(info), ifindex); 803 if (netdev && netdev->ieee80211_ptr) { 804 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 805 mutex_lock(&rdev->mtx); 806 } else 807 netdev = NULL; 808 } 809 810 if (!netdev) { 811 rdev = __cfg80211_rdev_from_info(info); 812 if (IS_ERR(rdev)) { 813 mutex_unlock(&cfg80211_mutex); 814 result = PTR_ERR(rdev); 815 goto unlock; 816 } 817 wdev = NULL; 818 netdev = NULL; 819 result = 0; 820 821 mutex_lock(&rdev->mtx); 822 } else if (netif_running(netdev) && 823 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 824 wdev = netdev->ieee80211_ptr; 825 else 826 wdev = NULL; 827 828 /* 829 * end workaround code, by now the rdev is available 830 * and locked, and wdev may or may not be NULL. 831 */ 832 833 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 834 result = cfg80211_dev_rename( 835 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 836 837 mutex_unlock(&cfg80211_mutex); 838 839 if (result) 840 goto bad_res; 841 842 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 843 struct ieee80211_txq_params txq_params; 844 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 845 846 if (!rdev->ops->set_txq_params) { 847 result = -EOPNOTSUPP; 848 goto bad_res; 849 } 850 851 nla_for_each_nested(nl_txq_params, 852 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 853 rem_txq_params) { 854 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 855 nla_data(nl_txq_params), 856 nla_len(nl_txq_params), 857 txq_params_policy); 858 result = parse_txq_params(tb, &txq_params); 859 if (result) 860 goto bad_res; 861 862 result = rdev->ops->set_txq_params(&rdev->wiphy, 863 &txq_params); 864 if (result) 865 goto bad_res; 866 } 867 } 868 869 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 870 result = __nl80211_set_channel(rdev, wdev, info); 871 if (result) 872 goto bad_res; 873 } 874 875 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 876 enum nl80211_tx_power_setting type; 877 int idx, mbm = 0; 878 879 if (!rdev->ops->set_tx_power) { 880 result = -EOPNOTSUPP; 881 goto bad_res; 882 } 883 884 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 885 type = nla_get_u32(info->attrs[idx]); 886 887 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 888 (type != NL80211_TX_POWER_AUTOMATIC)) { 889 result = -EINVAL; 890 goto bad_res; 891 } 892 893 if (type != NL80211_TX_POWER_AUTOMATIC) { 894 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 895 mbm = nla_get_u32(info->attrs[idx]); 896 } 897 898 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 899 if (result) 900 goto bad_res; 901 } 902 903 changed = 0; 904 905 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 906 retry_short = nla_get_u8( 907 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 908 if (retry_short == 0) { 909 result = -EINVAL; 910 goto bad_res; 911 } 912 changed |= WIPHY_PARAM_RETRY_SHORT; 913 } 914 915 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 916 retry_long = nla_get_u8( 917 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 918 if (retry_long == 0) { 919 result = -EINVAL; 920 goto bad_res; 921 } 922 changed |= WIPHY_PARAM_RETRY_LONG; 923 } 924 925 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 926 frag_threshold = nla_get_u32( 927 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 928 if (frag_threshold < 256) { 929 result = -EINVAL; 930 goto bad_res; 931 } 932 if (frag_threshold != (u32) -1) { 933 /* 934 * Fragments (apart from the last one) are required to 935 * have even length. Make the fragmentation code 936 * simpler by stripping LSB should someone try to use 937 * odd threshold value. 938 */ 939 frag_threshold &= ~0x1; 940 } 941 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 942 } 943 944 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 945 rts_threshold = nla_get_u32( 946 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 947 changed |= WIPHY_PARAM_RTS_THRESHOLD; 948 } 949 950 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 951 coverage_class = nla_get_u8( 952 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 953 changed |= WIPHY_PARAM_COVERAGE_CLASS; 954 } 955 956 if (changed) { 957 u8 old_retry_short, old_retry_long; 958 u32 old_frag_threshold, old_rts_threshold; 959 u8 old_coverage_class; 960 961 if (!rdev->ops->set_wiphy_params) { 962 result = -EOPNOTSUPP; 963 goto bad_res; 964 } 965 966 old_retry_short = rdev->wiphy.retry_short; 967 old_retry_long = rdev->wiphy.retry_long; 968 old_frag_threshold = rdev->wiphy.frag_threshold; 969 old_rts_threshold = rdev->wiphy.rts_threshold; 970 old_coverage_class = rdev->wiphy.coverage_class; 971 972 if (changed & WIPHY_PARAM_RETRY_SHORT) 973 rdev->wiphy.retry_short = retry_short; 974 if (changed & WIPHY_PARAM_RETRY_LONG) 975 rdev->wiphy.retry_long = retry_long; 976 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 977 rdev->wiphy.frag_threshold = frag_threshold; 978 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 979 rdev->wiphy.rts_threshold = rts_threshold; 980 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 981 rdev->wiphy.coverage_class = coverage_class; 982 983 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 984 if (result) { 985 rdev->wiphy.retry_short = old_retry_short; 986 rdev->wiphy.retry_long = old_retry_long; 987 rdev->wiphy.frag_threshold = old_frag_threshold; 988 rdev->wiphy.rts_threshold = old_rts_threshold; 989 rdev->wiphy.coverage_class = old_coverage_class; 990 } 991 } 992 993 bad_res: 994 mutex_unlock(&rdev->mtx); 995 if (netdev) 996 dev_put(netdev); 997 unlock: 998 rtnl_unlock(); 999 return result; 1000 } 1001 1002 1003 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1004 struct cfg80211_registered_device *rdev, 1005 struct net_device *dev) 1006 { 1007 void *hdr; 1008 1009 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1010 if (!hdr) 1011 return -1; 1012 1013 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1014 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 1015 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 1016 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 1017 1018 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 1019 rdev->devlist_generation ^ 1020 (cfg80211_rdev_list_generation << 2)); 1021 1022 return genlmsg_end(msg, hdr); 1023 1024 nla_put_failure: 1025 genlmsg_cancel(msg, hdr); 1026 return -EMSGSIZE; 1027 } 1028 1029 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1030 { 1031 int wp_idx = 0; 1032 int if_idx = 0; 1033 int wp_start = cb->args[0]; 1034 int if_start = cb->args[1]; 1035 struct cfg80211_registered_device *rdev; 1036 struct wireless_dev *wdev; 1037 1038 mutex_lock(&cfg80211_mutex); 1039 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1040 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1041 continue; 1042 if (wp_idx < wp_start) { 1043 wp_idx++; 1044 continue; 1045 } 1046 if_idx = 0; 1047 1048 mutex_lock(&rdev->devlist_mtx); 1049 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1050 if (if_idx < if_start) { 1051 if_idx++; 1052 continue; 1053 } 1054 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1055 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1056 rdev, wdev->netdev) < 0) { 1057 mutex_unlock(&rdev->devlist_mtx); 1058 goto out; 1059 } 1060 if_idx++; 1061 } 1062 mutex_unlock(&rdev->devlist_mtx); 1063 1064 wp_idx++; 1065 } 1066 out: 1067 mutex_unlock(&cfg80211_mutex); 1068 1069 cb->args[0] = wp_idx; 1070 cb->args[1] = if_idx; 1071 1072 return skb->len; 1073 } 1074 1075 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1076 { 1077 struct sk_buff *msg; 1078 struct cfg80211_registered_device *dev; 1079 struct net_device *netdev; 1080 int err; 1081 1082 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev); 1083 if (err) 1084 return err; 1085 1086 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1087 if (!msg) 1088 goto out_err; 1089 1090 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1091 dev, netdev) < 0) 1092 goto out_free; 1093 1094 dev_put(netdev); 1095 cfg80211_unlock_rdev(dev); 1096 1097 return genlmsg_reply(msg, info); 1098 1099 out_free: 1100 nlmsg_free(msg); 1101 out_err: 1102 dev_put(netdev); 1103 cfg80211_unlock_rdev(dev); 1104 return -ENOBUFS; 1105 } 1106 1107 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1108 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1109 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1110 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1111 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1112 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1113 }; 1114 1115 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1116 { 1117 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1118 int flag; 1119 1120 *mntrflags = 0; 1121 1122 if (!nla) 1123 return -EINVAL; 1124 1125 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1126 nla, mntr_flags_policy)) 1127 return -EINVAL; 1128 1129 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1130 if (flags[flag]) 1131 *mntrflags |= (1<<flag); 1132 1133 return 0; 1134 } 1135 1136 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1137 struct net_device *netdev, u8 use_4addr, 1138 enum nl80211_iftype iftype) 1139 { 1140 if (!use_4addr) { 1141 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1142 return -EBUSY; 1143 return 0; 1144 } 1145 1146 switch (iftype) { 1147 case NL80211_IFTYPE_AP_VLAN: 1148 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1149 return 0; 1150 break; 1151 case NL80211_IFTYPE_STATION: 1152 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1153 return 0; 1154 break; 1155 default: 1156 break; 1157 } 1158 1159 return -EOPNOTSUPP; 1160 } 1161 1162 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1163 { 1164 struct cfg80211_registered_device *rdev; 1165 struct vif_params params; 1166 int err; 1167 enum nl80211_iftype otype, ntype; 1168 struct net_device *dev; 1169 u32 _flags, *flags = NULL; 1170 bool change = false; 1171 1172 memset(¶ms, 0, sizeof(params)); 1173 1174 rtnl_lock(); 1175 1176 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1177 if (err) 1178 goto unlock_rtnl; 1179 1180 otype = ntype = dev->ieee80211_ptr->iftype; 1181 1182 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1183 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1184 if (otype != ntype) 1185 change = true; 1186 if (ntype > NL80211_IFTYPE_MAX) { 1187 err = -EINVAL; 1188 goto unlock; 1189 } 1190 } 1191 1192 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1193 if (ntype != NL80211_IFTYPE_MESH_POINT) { 1194 err = -EINVAL; 1195 goto unlock; 1196 } 1197 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1198 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1199 change = true; 1200 } 1201 1202 if (info->attrs[NL80211_ATTR_4ADDR]) { 1203 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1204 change = true; 1205 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1206 if (err) 1207 goto unlock; 1208 } else { 1209 params.use_4addr = -1; 1210 } 1211 1212 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1213 if (ntype != NL80211_IFTYPE_MONITOR) { 1214 err = -EINVAL; 1215 goto unlock; 1216 } 1217 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1218 &_flags); 1219 if (err) 1220 goto unlock; 1221 1222 flags = &_flags; 1223 change = true; 1224 } 1225 1226 if (change) 1227 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1228 else 1229 err = 0; 1230 1231 if (!err && params.use_4addr != -1) 1232 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1233 1234 unlock: 1235 dev_put(dev); 1236 cfg80211_unlock_rdev(rdev); 1237 unlock_rtnl: 1238 rtnl_unlock(); 1239 return err; 1240 } 1241 1242 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1243 { 1244 struct cfg80211_registered_device *rdev; 1245 struct vif_params params; 1246 int err; 1247 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1248 u32 flags; 1249 1250 memset(¶ms, 0, sizeof(params)); 1251 1252 if (!info->attrs[NL80211_ATTR_IFNAME]) 1253 return -EINVAL; 1254 1255 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1256 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1257 if (type > NL80211_IFTYPE_MAX) 1258 return -EINVAL; 1259 } 1260 1261 rtnl_lock(); 1262 1263 rdev = cfg80211_get_dev_from_info(info); 1264 if (IS_ERR(rdev)) { 1265 err = PTR_ERR(rdev); 1266 goto unlock_rtnl; 1267 } 1268 1269 if (!rdev->ops->add_virtual_intf || 1270 !(rdev->wiphy.interface_modes & (1 << type))) { 1271 err = -EOPNOTSUPP; 1272 goto unlock; 1273 } 1274 1275 if (type == NL80211_IFTYPE_MESH_POINT && 1276 info->attrs[NL80211_ATTR_MESH_ID]) { 1277 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1278 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1279 } 1280 1281 if (info->attrs[NL80211_ATTR_4ADDR]) { 1282 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1283 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1284 if (err) 1285 goto unlock; 1286 } 1287 1288 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1289 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1290 &flags); 1291 err = rdev->ops->add_virtual_intf(&rdev->wiphy, 1292 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1293 type, err ? NULL : &flags, ¶ms); 1294 1295 unlock: 1296 cfg80211_unlock_rdev(rdev); 1297 unlock_rtnl: 1298 rtnl_unlock(); 1299 return err; 1300 } 1301 1302 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1303 { 1304 struct cfg80211_registered_device *rdev; 1305 int err; 1306 struct net_device *dev; 1307 1308 rtnl_lock(); 1309 1310 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1311 if (err) 1312 goto unlock_rtnl; 1313 1314 if (!rdev->ops->del_virtual_intf) { 1315 err = -EOPNOTSUPP; 1316 goto out; 1317 } 1318 1319 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1320 1321 out: 1322 cfg80211_unlock_rdev(rdev); 1323 dev_put(dev); 1324 unlock_rtnl: 1325 rtnl_unlock(); 1326 return err; 1327 } 1328 1329 struct get_key_cookie { 1330 struct sk_buff *msg; 1331 int error; 1332 int idx; 1333 }; 1334 1335 static void get_key_callback(void *c, struct key_params *params) 1336 { 1337 struct nlattr *key; 1338 struct get_key_cookie *cookie = c; 1339 1340 if (params->key) 1341 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1342 params->key_len, params->key); 1343 1344 if (params->seq) 1345 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1346 params->seq_len, params->seq); 1347 1348 if (params->cipher) 1349 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1350 params->cipher); 1351 1352 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1353 if (!key) 1354 goto nla_put_failure; 1355 1356 if (params->key) 1357 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1358 params->key_len, params->key); 1359 1360 if (params->seq) 1361 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1362 params->seq_len, params->seq); 1363 1364 if (params->cipher) 1365 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1366 params->cipher); 1367 1368 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1369 1370 nla_nest_end(cookie->msg, key); 1371 1372 return; 1373 nla_put_failure: 1374 cookie->error = 1; 1375 } 1376 1377 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1378 { 1379 struct cfg80211_registered_device *rdev; 1380 int err; 1381 struct net_device *dev; 1382 u8 key_idx = 0; 1383 u8 *mac_addr = NULL; 1384 struct get_key_cookie cookie = { 1385 .error = 0, 1386 }; 1387 void *hdr; 1388 struct sk_buff *msg; 1389 1390 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1391 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1392 1393 if (key_idx > 5) 1394 return -EINVAL; 1395 1396 if (info->attrs[NL80211_ATTR_MAC]) 1397 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1398 1399 rtnl_lock(); 1400 1401 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1402 if (err) 1403 goto unlock_rtnl; 1404 1405 if (!rdev->ops->get_key) { 1406 err = -EOPNOTSUPP; 1407 goto out; 1408 } 1409 1410 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1411 if (!msg) { 1412 err = -ENOMEM; 1413 goto out; 1414 } 1415 1416 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1417 NL80211_CMD_NEW_KEY); 1418 1419 if (IS_ERR(hdr)) { 1420 err = PTR_ERR(hdr); 1421 goto free_msg; 1422 } 1423 1424 cookie.msg = msg; 1425 cookie.idx = key_idx; 1426 1427 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1428 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1429 if (mac_addr) 1430 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1431 1432 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr, 1433 &cookie, get_key_callback); 1434 1435 if (err) 1436 goto free_msg; 1437 1438 if (cookie.error) 1439 goto nla_put_failure; 1440 1441 genlmsg_end(msg, hdr); 1442 err = genlmsg_reply(msg, info); 1443 goto out; 1444 1445 nla_put_failure: 1446 err = -ENOBUFS; 1447 free_msg: 1448 nlmsg_free(msg); 1449 out: 1450 cfg80211_unlock_rdev(rdev); 1451 dev_put(dev); 1452 unlock_rtnl: 1453 rtnl_unlock(); 1454 1455 return err; 1456 } 1457 1458 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1459 { 1460 struct cfg80211_registered_device *rdev; 1461 struct key_parse key; 1462 int err; 1463 struct net_device *dev; 1464 int (*func)(struct wiphy *wiphy, struct net_device *netdev, 1465 u8 key_index); 1466 1467 err = nl80211_parse_key(info, &key); 1468 if (err) 1469 return err; 1470 1471 if (key.idx < 0) 1472 return -EINVAL; 1473 1474 /* only support setting default key */ 1475 if (!key.def && !key.defmgmt) 1476 return -EINVAL; 1477 1478 rtnl_lock(); 1479 1480 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1481 if (err) 1482 goto unlock_rtnl; 1483 1484 if (key.def) 1485 func = rdev->ops->set_default_key; 1486 else 1487 func = rdev->ops->set_default_mgmt_key; 1488 1489 if (!func) { 1490 err = -EOPNOTSUPP; 1491 goto out; 1492 } 1493 1494 wdev_lock(dev->ieee80211_ptr); 1495 err = nl80211_key_allowed(dev->ieee80211_ptr); 1496 if (!err) 1497 err = func(&rdev->wiphy, dev, key.idx); 1498 1499 #ifdef CONFIG_CFG80211_WEXT 1500 if (!err) { 1501 if (func == rdev->ops->set_default_key) 1502 dev->ieee80211_ptr->wext.default_key = key.idx; 1503 else 1504 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1505 } 1506 #endif 1507 wdev_unlock(dev->ieee80211_ptr); 1508 1509 out: 1510 cfg80211_unlock_rdev(rdev); 1511 dev_put(dev); 1512 1513 unlock_rtnl: 1514 rtnl_unlock(); 1515 1516 return err; 1517 } 1518 1519 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1520 { 1521 struct cfg80211_registered_device *rdev; 1522 int err; 1523 struct net_device *dev; 1524 struct key_parse key; 1525 u8 *mac_addr = NULL; 1526 1527 err = nl80211_parse_key(info, &key); 1528 if (err) 1529 return err; 1530 1531 if (!key.p.key) 1532 return -EINVAL; 1533 1534 if (info->attrs[NL80211_ATTR_MAC]) 1535 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1536 1537 rtnl_lock(); 1538 1539 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1540 if (err) 1541 goto unlock_rtnl; 1542 1543 if (!rdev->ops->add_key) { 1544 err = -EOPNOTSUPP; 1545 goto out; 1546 } 1547 1548 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) { 1549 err = -EINVAL; 1550 goto out; 1551 } 1552 1553 wdev_lock(dev->ieee80211_ptr); 1554 err = nl80211_key_allowed(dev->ieee80211_ptr); 1555 if (!err) 1556 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 1557 mac_addr, &key.p); 1558 wdev_unlock(dev->ieee80211_ptr); 1559 1560 out: 1561 cfg80211_unlock_rdev(rdev); 1562 dev_put(dev); 1563 unlock_rtnl: 1564 rtnl_unlock(); 1565 1566 return err; 1567 } 1568 1569 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 1570 { 1571 struct cfg80211_registered_device *rdev; 1572 int err; 1573 struct net_device *dev; 1574 u8 *mac_addr = NULL; 1575 struct key_parse key; 1576 1577 err = nl80211_parse_key(info, &key); 1578 if (err) 1579 return err; 1580 1581 if (info->attrs[NL80211_ATTR_MAC]) 1582 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1583 1584 rtnl_lock(); 1585 1586 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1587 if (err) 1588 goto unlock_rtnl; 1589 1590 if (!rdev->ops->del_key) { 1591 err = -EOPNOTSUPP; 1592 goto out; 1593 } 1594 1595 wdev_lock(dev->ieee80211_ptr); 1596 err = nl80211_key_allowed(dev->ieee80211_ptr); 1597 if (!err) 1598 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1599 1600 #ifdef CONFIG_CFG80211_WEXT 1601 if (!err) { 1602 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1603 dev->ieee80211_ptr->wext.default_key = -1; 1604 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 1605 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 1606 } 1607 #endif 1608 wdev_unlock(dev->ieee80211_ptr); 1609 1610 out: 1611 cfg80211_unlock_rdev(rdev); 1612 dev_put(dev); 1613 1614 unlock_rtnl: 1615 rtnl_unlock(); 1616 1617 return err; 1618 } 1619 1620 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info) 1621 { 1622 int (*call)(struct wiphy *wiphy, struct net_device *dev, 1623 struct beacon_parameters *info); 1624 struct cfg80211_registered_device *rdev; 1625 int err; 1626 struct net_device *dev; 1627 struct beacon_parameters params; 1628 int haveinfo = 0; 1629 1630 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL])) 1631 return -EINVAL; 1632 1633 rtnl_lock(); 1634 1635 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1636 if (err) 1637 goto unlock_rtnl; 1638 1639 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1640 err = -EOPNOTSUPP; 1641 goto out; 1642 } 1643 1644 switch (info->genlhdr->cmd) { 1645 case NL80211_CMD_NEW_BEACON: 1646 /* these are required for NEW_BEACON */ 1647 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 1648 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 1649 !info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1650 err = -EINVAL; 1651 goto out; 1652 } 1653 1654 call = rdev->ops->add_beacon; 1655 break; 1656 case NL80211_CMD_SET_BEACON: 1657 call = rdev->ops->set_beacon; 1658 break; 1659 default: 1660 WARN_ON(1); 1661 err = -EOPNOTSUPP; 1662 goto out; 1663 } 1664 1665 if (!call) { 1666 err = -EOPNOTSUPP; 1667 goto out; 1668 } 1669 1670 memset(¶ms, 0, sizeof(params)); 1671 1672 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 1673 params.interval = 1674 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 1675 haveinfo = 1; 1676 } 1677 1678 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 1679 params.dtim_period = 1680 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 1681 haveinfo = 1; 1682 } 1683 1684 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1685 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1686 params.head_len = 1687 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1688 haveinfo = 1; 1689 } 1690 1691 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 1692 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1693 params.tail_len = 1694 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1695 haveinfo = 1; 1696 } 1697 1698 if (!haveinfo) { 1699 err = -EINVAL; 1700 goto out; 1701 } 1702 1703 err = call(&rdev->wiphy, dev, ¶ms); 1704 1705 out: 1706 cfg80211_unlock_rdev(rdev); 1707 dev_put(dev); 1708 unlock_rtnl: 1709 rtnl_unlock(); 1710 1711 return err; 1712 } 1713 1714 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info) 1715 { 1716 struct cfg80211_registered_device *rdev; 1717 int err; 1718 struct net_device *dev; 1719 1720 rtnl_lock(); 1721 1722 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1723 if (err) 1724 goto unlock_rtnl; 1725 1726 if (!rdev->ops->del_beacon) { 1727 err = -EOPNOTSUPP; 1728 goto out; 1729 } 1730 1731 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1732 err = -EOPNOTSUPP; 1733 goto out; 1734 } 1735 err = rdev->ops->del_beacon(&rdev->wiphy, dev); 1736 1737 out: 1738 cfg80211_unlock_rdev(rdev); 1739 dev_put(dev); 1740 unlock_rtnl: 1741 rtnl_unlock(); 1742 1743 return err; 1744 } 1745 1746 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 1747 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 1748 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1749 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1750 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1751 }; 1752 1753 static int parse_station_flags(struct genl_info *info, 1754 struct station_parameters *params) 1755 { 1756 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 1757 struct nlattr *nla; 1758 int flag; 1759 1760 /* 1761 * Try parsing the new attribute first so userspace 1762 * can specify both for older kernels. 1763 */ 1764 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 1765 if (nla) { 1766 struct nl80211_sta_flag_update *sta_flags; 1767 1768 sta_flags = nla_data(nla); 1769 params->sta_flags_mask = sta_flags->mask; 1770 params->sta_flags_set = sta_flags->set; 1771 if ((params->sta_flags_mask | 1772 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 1773 return -EINVAL; 1774 return 0; 1775 } 1776 1777 /* if present, parse the old attribute */ 1778 1779 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 1780 if (!nla) 1781 return 0; 1782 1783 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 1784 nla, sta_flags_policy)) 1785 return -EINVAL; 1786 1787 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; 1788 params->sta_flags_mask &= ~1; 1789 1790 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 1791 if (flags[flag]) 1792 params->sta_flags_set |= (1<<flag); 1793 1794 return 0; 1795 } 1796 1797 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1798 int flags, struct net_device *dev, 1799 const u8 *mac_addr, struct station_info *sinfo) 1800 { 1801 void *hdr; 1802 struct nlattr *sinfoattr, *txrate; 1803 u16 bitrate; 1804 1805 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 1806 if (!hdr) 1807 return -1; 1808 1809 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1810 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1811 1812 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 1813 1814 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 1815 if (!sinfoattr) 1816 goto nla_put_failure; 1817 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 1818 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 1819 sinfo->inactive_time); 1820 if (sinfo->filled & STATION_INFO_RX_BYTES) 1821 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 1822 sinfo->rx_bytes); 1823 if (sinfo->filled & STATION_INFO_TX_BYTES) 1824 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 1825 sinfo->tx_bytes); 1826 if (sinfo->filled & STATION_INFO_LLID) 1827 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 1828 sinfo->llid); 1829 if (sinfo->filled & STATION_INFO_PLID) 1830 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 1831 sinfo->plid); 1832 if (sinfo->filled & STATION_INFO_PLINK_STATE) 1833 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 1834 sinfo->plink_state); 1835 if (sinfo->filled & STATION_INFO_SIGNAL) 1836 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 1837 sinfo->signal); 1838 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 1839 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE); 1840 if (!txrate) 1841 goto nla_put_failure; 1842 1843 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 1844 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate); 1845 if (bitrate > 0) 1846 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1847 1848 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS) 1849 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, 1850 sinfo->txrate.mcs); 1851 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 1852 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 1853 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI) 1854 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 1855 1856 nla_nest_end(msg, txrate); 1857 } 1858 if (sinfo->filled & STATION_INFO_RX_PACKETS) 1859 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 1860 sinfo->rx_packets); 1861 if (sinfo->filled & STATION_INFO_TX_PACKETS) 1862 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 1863 sinfo->tx_packets); 1864 nla_nest_end(msg, sinfoattr); 1865 1866 return genlmsg_end(msg, hdr); 1867 1868 nla_put_failure: 1869 genlmsg_cancel(msg, hdr); 1870 return -EMSGSIZE; 1871 } 1872 1873 static int nl80211_dump_station(struct sk_buff *skb, 1874 struct netlink_callback *cb) 1875 { 1876 struct station_info sinfo; 1877 struct cfg80211_registered_device *dev; 1878 struct net_device *netdev; 1879 u8 mac_addr[ETH_ALEN]; 1880 int ifidx = cb->args[0]; 1881 int sta_idx = cb->args[1]; 1882 int err; 1883 1884 if (!ifidx) 1885 ifidx = nl80211_get_ifidx(cb); 1886 if (ifidx < 0) 1887 return ifidx; 1888 1889 rtnl_lock(); 1890 1891 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1892 if (!netdev) { 1893 err = -ENODEV; 1894 goto out_rtnl; 1895 } 1896 1897 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 1898 if (IS_ERR(dev)) { 1899 err = PTR_ERR(dev); 1900 goto out_rtnl; 1901 } 1902 1903 if (!dev->ops->dump_station) { 1904 err = -EOPNOTSUPP; 1905 goto out_err; 1906 } 1907 1908 while (1) { 1909 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 1910 mac_addr, &sinfo); 1911 if (err == -ENOENT) 1912 break; 1913 if (err) 1914 goto out_err; 1915 1916 if (nl80211_send_station(skb, 1917 NETLINK_CB(cb->skb).pid, 1918 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1919 netdev, mac_addr, 1920 &sinfo) < 0) 1921 goto out; 1922 1923 sta_idx++; 1924 } 1925 1926 1927 out: 1928 cb->args[1] = sta_idx; 1929 err = skb->len; 1930 out_err: 1931 cfg80211_unlock_rdev(dev); 1932 out_rtnl: 1933 rtnl_unlock(); 1934 1935 return err; 1936 } 1937 1938 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1939 { 1940 struct cfg80211_registered_device *rdev; 1941 int err; 1942 struct net_device *dev; 1943 struct station_info sinfo; 1944 struct sk_buff *msg; 1945 u8 *mac_addr = NULL; 1946 1947 memset(&sinfo, 0, sizeof(sinfo)); 1948 1949 if (!info->attrs[NL80211_ATTR_MAC]) 1950 return -EINVAL; 1951 1952 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1953 1954 rtnl_lock(); 1955 1956 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1957 if (err) 1958 goto out_rtnl; 1959 1960 if (!rdev->ops->get_station) { 1961 err = -EOPNOTSUPP; 1962 goto out; 1963 } 1964 1965 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 1966 if (err) 1967 goto out; 1968 1969 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1970 if (!msg) 1971 goto out; 1972 1973 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 1974 dev, mac_addr, &sinfo) < 0) 1975 goto out_free; 1976 1977 err = genlmsg_reply(msg, info); 1978 goto out; 1979 1980 out_free: 1981 nlmsg_free(msg); 1982 out: 1983 cfg80211_unlock_rdev(rdev); 1984 dev_put(dev); 1985 out_rtnl: 1986 rtnl_unlock(); 1987 1988 return err; 1989 } 1990 1991 /* 1992 * Get vlan interface making sure it is running and on the right wiphy. 1993 */ 1994 static int get_vlan(struct genl_info *info, 1995 struct cfg80211_registered_device *rdev, 1996 struct net_device **vlan) 1997 { 1998 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 1999 *vlan = NULL; 2000 2001 if (vlanattr) { 2002 *vlan = dev_get_by_index(genl_info_net(info), 2003 nla_get_u32(vlanattr)); 2004 if (!*vlan) 2005 return -ENODEV; 2006 if (!(*vlan)->ieee80211_ptr) 2007 return -EINVAL; 2008 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 2009 return -EINVAL; 2010 if (!netif_running(*vlan)) 2011 return -ENETDOWN; 2012 } 2013 return 0; 2014 } 2015 2016 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2017 { 2018 struct cfg80211_registered_device *rdev; 2019 int err; 2020 struct net_device *dev; 2021 struct station_parameters params; 2022 u8 *mac_addr = NULL; 2023 2024 memset(¶ms, 0, sizeof(params)); 2025 2026 params.listen_interval = -1; 2027 2028 if (info->attrs[NL80211_ATTR_STA_AID]) 2029 return -EINVAL; 2030 2031 if (!info->attrs[NL80211_ATTR_MAC]) 2032 return -EINVAL; 2033 2034 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2035 2036 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2037 params.supported_rates = 2038 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2039 params.supported_rates_len = 2040 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2041 } 2042 2043 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2044 params.listen_interval = 2045 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2046 2047 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2048 params.ht_capa = 2049 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2050 2051 if (parse_station_flags(info, ¶ms)) 2052 return -EINVAL; 2053 2054 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2055 params.plink_action = 2056 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2057 2058 rtnl_lock(); 2059 2060 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2061 if (err) 2062 goto out_rtnl; 2063 2064 err = get_vlan(info, rdev, ¶ms.vlan); 2065 if (err) 2066 goto out; 2067 2068 /* validate settings */ 2069 err = 0; 2070 2071 switch (dev->ieee80211_ptr->iftype) { 2072 case NL80211_IFTYPE_AP: 2073 case NL80211_IFTYPE_AP_VLAN: 2074 /* disallow mesh-specific things */ 2075 if (params.plink_action) 2076 err = -EINVAL; 2077 break; 2078 case NL80211_IFTYPE_STATION: 2079 /* disallow everything but AUTHORIZED flag */ 2080 if (params.plink_action) 2081 err = -EINVAL; 2082 if (params.vlan) 2083 err = -EINVAL; 2084 if (params.supported_rates) 2085 err = -EINVAL; 2086 if (params.ht_capa) 2087 err = -EINVAL; 2088 if (params.listen_interval >= 0) 2089 err = -EINVAL; 2090 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2091 err = -EINVAL; 2092 break; 2093 case NL80211_IFTYPE_MESH_POINT: 2094 /* disallow things mesh doesn't support */ 2095 if (params.vlan) 2096 err = -EINVAL; 2097 if (params.ht_capa) 2098 err = -EINVAL; 2099 if (params.listen_interval >= 0) 2100 err = -EINVAL; 2101 if (params.supported_rates) 2102 err = -EINVAL; 2103 if (params.sta_flags_mask) 2104 err = -EINVAL; 2105 break; 2106 default: 2107 err = -EINVAL; 2108 } 2109 2110 if (err) 2111 goto out; 2112 2113 if (!rdev->ops->change_station) { 2114 err = -EOPNOTSUPP; 2115 goto out; 2116 } 2117 2118 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2119 2120 out: 2121 if (params.vlan) 2122 dev_put(params.vlan); 2123 cfg80211_unlock_rdev(rdev); 2124 dev_put(dev); 2125 out_rtnl: 2126 rtnl_unlock(); 2127 2128 return err; 2129 } 2130 2131 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2132 { 2133 struct cfg80211_registered_device *rdev; 2134 int err; 2135 struct net_device *dev; 2136 struct station_parameters params; 2137 u8 *mac_addr = NULL; 2138 2139 memset(¶ms, 0, sizeof(params)); 2140 2141 if (!info->attrs[NL80211_ATTR_MAC]) 2142 return -EINVAL; 2143 2144 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2145 return -EINVAL; 2146 2147 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2148 return -EINVAL; 2149 2150 if (!info->attrs[NL80211_ATTR_STA_AID]) 2151 return -EINVAL; 2152 2153 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2154 params.supported_rates = 2155 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2156 params.supported_rates_len = 2157 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2158 params.listen_interval = 2159 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2160 2161 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2162 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2163 return -EINVAL; 2164 2165 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2166 params.ht_capa = 2167 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2168 2169 if (parse_station_flags(info, ¶ms)) 2170 return -EINVAL; 2171 2172 rtnl_lock(); 2173 2174 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2175 if (err) 2176 goto out_rtnl; 2177 2178 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2179 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2180 err = -EINVAL; 2181 goto out; 2182 } 2183 2184 err = get_vlan(info, rdev, ¶ms.vlan); 2185 if (err) 2186 goto out; 2187 2188 /* validate settings */ 2189 err = 0; 2190 2191 if (!rdev->ops->add_station) { 2192 err = -EOPNOTSUPP; 2193 goto out; 2194 } 2195 2196 if (!netif_running(dev)) { 2197 err = -ENETDOWN; 2198 goto out; 2199 } 2200 2201 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2202 2203 out: 2204 if (params.vlan) 2205 dev_put(params.vlan); 2206 cfg80211_unlock_rdev(rdev); 2207 dev_put(dev); 2208 out_rtnl: 2209 rtnl_unlock(); 2210 2211 return err; 2212 } 2213 2214 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2215 { 2216 struct cfg80211_registered_device *rdev; 2217 int err; 2218 struct net_device *dev; 2219 u8 *mac_addr = NULL; 2220 2221 if (info->attrs[NL80211_ATTR_MAC]) 2222 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2223 2224 rtnl_lock(); 2225 2226 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2227 if (err) 2228 goto out_rtnl; 2229 2230 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2231 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2232 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2233 err = -EINVAL; 2234 goto out; 2235 } 2236 2237 if (!rdev->ops->del_station) { 2238 err = -EOPNOTSUPP; 2239 goto out; 2240 } 2241 2242 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2243 2244 out: 2245 cfg80211_unlock_rdev(rdev); 2246 dev_put(dev); 2247 out_rtnl: 2248 rtnl_unlock(); 2249 2250 return err; 2251 } 2252 2253 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2254 int flags, struct net_device *dev, 2255 u8 *dst, u8 *next_hop, 2256 struct mpath_info *pinfo) 2257 { 2258 void *hdr; 2259 struct nlattr *pinfoattr; 2260 2261 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2262 if (!hdr) 2263 return -1; 2264 2265 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2266 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2267 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2268 2269 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2270 2271 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2272 if (!pinfoattr) 2273 goto nla_put_failure; 2274 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2275 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2276 pinfo->frame_qlen); 2277 if (pinfo->filled & MPATH_INFO_SN) 2278 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2279 pinfo->sn); 2280 if (pinfo->filled & MPATH_INFO_METRIC) 2281 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2282 pinfo->metric); 2283 if (pinfo->filled & MPATH_INFO_EXPTIME) 2284 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2285 pinfo->exptime); 2286 if (pinfo->filled & MPATH_INFO_FLAGS) 2287 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2288 pinfo->flags); 2289 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2290 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2291 pinfo->discovery_timeout); 2292 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2293 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2294 pinfo->discovery_retries); 2295 2296 nla_nest_end(msg, pinfoattr); 2297 2298 return genlmsg_end(msg, hdr); 2299 2300 nla_put_failure: 2301 genlmsg_cancel(msg, hdr); 2302 return -EMSGSIZE; 2303 } 2304 2305 static int nl80211_dump_mpath(struct sk_buff *skb, 2306 struct netlink_callback *cb) 2307 { 2308 struct mpath_info pinfo; 2309 struct cfg80211_registered_device *dev; 2310 struct net_device *netdev; 2311 u8 dst[ETH_ALEN]; 2312 u8 next_hop[ETH_ALEN]; 2313 int ifidx = cb->args[0]; 2314 int path_idx = cb->args[1]; 2315 int err; 2316 2317 if (!ifidx) 2318 ifidx = nl80211_get_ifidx(cb); 2319 if (ifidx < 0) 2320 return ifidx; 2321 2322 rtnl_lock(); 2323 2324 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2325 if (!netdev) { 2326 err = -ENODEV; 2327 goto out_rtnl; 2328 } 2329 2330 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 2331 if (IS_ERR(dev)) { 2332 err = PTR_ERR(dev); 2333 goto out_rtnl; 2334 } 2335 2336 if (!dev->ops->dump_mpath) { 2337 err = -EOPNOTSUPP; 2338 goto out_err; 2339 } 2340 2341 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2342 err = -EOPNOTSUPP; 2343 goto out_err; 2344 } 2345 2346 while (1) { 2347 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2348 dst, next_hop, &pinfo); 2349 if (err == -ENOENT) 2350 break; 2351 if (err) 2352 goto out_err; 2353 2354 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2355 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2356 netdev, dst, next_hop, 2357 &pinfo) < 0) 2358 goto out; 2359 2360 path_idx++; 2361 } 2362 2363 2364 out: 2365 cb->args[1] = path_idx; 2366 err = skb->len; 2367 out_err: 2368 cfg80211_unlock_rdev(dev); 2369 out_rtnl: 2370 rtnl_unlock(); 2371 2372 return err; 2373 } 2374 2375 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 2376 { 2377 struct cfg80211_registered_device *rdev; 2378 int err; 2379 struct net_device *dev; 2380 struct mpath_info pinfo; 2381 struct sk_buff *msg; 2382 u8 *dst = NULL; 2383 u8 next_hop[ETH_ALEN]; 2384 2385 memset(&pinfo, 0, sizeof(pinfo)); 2386 2387 if (!info->attrs[NL80211_ATTR_MAC]) 2388 return -EINVAL; 2389 2390 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2391 2392 rtnl_lock(); 2393 2394 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2395 if (err) 2396 goto out_rtnl; 2397 2398 if (!rdev->ops->get_mpath) { 2399 err = -EOPNOTSUPP; 2400 goto out; 2401 } 2402 2403 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2404 err = -EOPNOTSUPP; 2405 goto out; 2406 } 2407 2408 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 2409 if (err) 2410 goto out; 2411 2412 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2413 if (!msg) 2414 goto out; 2415 2416 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 2417 dev, dst, next_hop, &pinfo) < 0) 2418 goto out_free; 2419 2420 err = genlmsg_reply(msg, info); 2421 goto out; 2422 2423 out_free: 2424 nlmsg_free(msg); 2425 out: 2426 cfg80211_unlock_rdev(rdev); 2427 dev_put(dev); 2428 out_rtnl: 2429 rtnl_unlock(); 2430 2431 return err; 2432 } 2433 2434 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 2435 { 2436 struct cfg80211_registered_device *rdev; 2437 int err; 2438 struct net_device *dev; 2439 u8 *dst = NULL; 2440 u8 *next_hop = NULL; 2441 2442 if (!info->attrs[NL80211_ATTR_MAC]) 2443 return -EINVAL; 2444 2445 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2446 return -EINVAL; 2447 2448 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2449 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2450 2451 rtnl_lock(); 2452 2453 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2454 if (err) 2455 goto out_rtnl; 2456 2457 if (!rdev->ops->change_mpath) { 2458 err = -EOPNOTSUPP; 2459 goto out; 2460 } 2461 2462 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2463 err = -EOPNOTSUPP; 2464 goto out; 2465 } 2466 2467 if (!netif_running(dev)) { 2468 err = -ENETDOWN; 2469 goto out; 2470 } 2471 2472 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 2473 2474 out: 2475 cfg80211_unlock_rdev(rdev); 2476 dev_put(dev); 2477 out_rtnl: 2478 rtnl_unlock(); 2479 2480 return err; 2481 } 2482 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 2483 { 2484 struct cfg80211_registered_device *rdev; 2485 int err; 2486 struct net_device *dev; 2487 u8 *dst = NULL; 2488 u8 *next_hop = NULL; 2489 2490 if (!info->attrs[NL80211_ATTR_MAC]) 2491 return -EINVAL; 2492 2493 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2494 return -EINVAL; 2495 2496 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2497 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2498 2499 rtnl_lock(); 2500 2501 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2502 if (err) 2503 goto out_rtnl; 2504 2505 if (!rdev->ops->add_mpath) { 2506 err = -EOPNOTSUPP; 2507 goto out; 2508 } 2509 2510 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2511 err = -EOPNOTSUPP; 2512 goto out; 2513 } 2514 2515 if (!netif_running(dev)) { 2516 err = -ENETDOWN; 2517 goto out; 2518 } 2519 2520 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 2521 2522 out: 2523 cfg80211_unlock_rdev(rdev); 2524 dev_put(dev); 2525 out_rtnl: 2526 rtnl_unlock(); 2527 2528 return err; 2529 } 2530 2531 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 2532 { 2533 struct cfg80211_registered_device *rdev; 2534 int err; 2535 struct net_device *dev; 2536 u8 *dst = NULL; 2537 2538 if (info->attrs[NL80211_ATTR_MAC]) 2539 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2540 2541 rtnl_lock(); 2542 2543 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2544 if (err) 2545 goto out_rtnl; 2546 2547 if (!rdev->ops->del_mpath) { 2548 err = -EOPNOTSUPP; 2549 goto out; 2550 } 2551 2552 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 2553 2554 out: 2555 cfg80211_unlock_rdev(rdev); 2556 dev_put(dev); 2557 out_rtnl: 2558 rtnl_unlock(); 2559 2560 return err; 2561 } 2562 2563 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 2564 { 2565 struct cfg80211_registered_device *rdev; 2566 int err; 2567 struct net_device *dev; 2568 struct bss_parameters params; 2569 2570 memset(¶ms, 0, sizeof(params)); 2571 /* default to not changing parameters */ 2572 params.use_cts_prot = -1; 2573 params.use_short_preamble = -1; 2574 params.use_short_slot_time = -1; 2575 params.ap_isolate = -1; 2576 2577 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 2578 params.use_cts_prot = 2579 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 2580 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 2581 params.use_short_preamble = 2582 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 2583 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 2584 params.use_short_slot_time = 2585 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 2586 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 2587 params.basic_rates = 2588 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2589 params.basic_rates_len = 2590 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2591 } 2592 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 2593 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 2594 2595 rtnl_lock(); 2596 2597 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2598 if (err) 2599 goto out_rtnl; 2600 2601 if (!rdev->ops->change_bss) { 2602 err = -EOPNOTSUPP; 2603 goto out; 2604 } 2605 2606 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 2607 err = -EOPNOTSUPP; 2608 goto out; 2609 } 2610 2611 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 2612 2613 out: 2614 cfg80211_unlock_rdev(rdev); 2615 dev_put(dev); 2616 out_rtnl: 2617 rtnl_unlock(); 2618 2619 return err; 2620 } 2621 2622 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 2623 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2624 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2625 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2626 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 2627 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 2628 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 2629 }; 2630 2631 static int parse_reg_rule(struct nlattr *tb[], 2632 struct ieee80211_reg_rule *reg_rule) 2633 { 2634 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 2635 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 2636 2637 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 2638 return -EINVAL; 2639 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 2640 return -EINVAL; 2641 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 2642 return -EINVAL; 2643 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 2644 return -EINVAL; 2645 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 2646 return -EINVAL; 2647 2648 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 2649 2650 freq_range->start_freq_khz = 2651 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 2652 freq_range->end_freq_khz = 2653 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 2654 freq_range->max_bandwidth_khz = 2655 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 2656 2657 power_rule->max_eirp = 2658 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 2659 2660 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 2661 power_rule->max_antenna_gain = 2662 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 2663 2664 return 0; 2665 } 2666 2667 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 2668 { 2669 int r; 2670 char *data = NULL; 2671 2672 /* 2673 * You should only get this when cfg80211 hasn't yet initialized 2674 * completely when built-in to the kernel right between the time 2675 * window between nl80211_init() and regulatory_init(), if that is 2676 * even possible. 2677 */ 2678 mutex_lock(&cfg80211_mutex); 2679 if (unlikely(!cfg80211_regdomain)) { 2680 mutex_unlock(&cfg80211_mutex); 2681 return -EINPROGRESS; 2682 } 2683 mutex_unlock(&cfg80211_mutex); 2684 2685 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2686 return -EINVAL; 2687 2688 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2689 2690 r = regulatory_hint_user(data); 2691 2692 return r; 2693 } 2694 2695 static int nl80211_get_mesh_params(struct sk_buff *skb, 2696 struct genl_info *info) 2697 { 2698 struct cfg80211_registered_device *rdev; 2699 struct mesh_config cur_params; 2700 int err; 2701 struct net_device *dev; 2702 void *hdr; 2703 struct nlattr *pinfoattr; 2704 struct sk_buff *msg; 2705 2706 rtnl_lock(); 2707 2708 /* Look up our device */ 2709 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2710 if (err) 2711 goto out_rtnl; 2712 2713 if (!rdev->ops->get_mesh_params) { 2714 err = -EOPNOTSUPP; 2715 goto out; 2716 } 2717 2718 /* Get the mesh params */ 2719 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params); 2720 if (err) 2721 goto out; 2722 2723 /* Draw up a netlink message to send back */ 2724 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2725 if (!msg) { 2726 err = -ENOBUFS; 2727 goto out; 2728 } 2729 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2730 NL80211_CMD_GET_MESH_PARAMS); 2731 if (!hdr) 2732 goto nla_put_failure; 2733 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS); 2734 if (!pinfoattr) 2735 goto nla_put_failure; 2736 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2737 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 2738 cur_params.dot11MeshRetryTimeout); 2739 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 2740 cur_params.dot11MeshConfirmTimeout); 2741 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 2742 cur_params.dot11MeshHoldingTimeout); 2743 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 2744 cur_params.dot11MeshMaxPeerLinks); 2745 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 2746 cur_params.dot11MeshMaxRetries); 2747 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 2748 cur_params.dot11MeshTTL); 2749 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 2750 cur_params.auto_open_plinks); 2751 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2752 cur_params.dot11MeshHWMPmaxPREQretries); 2753 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 2754 cur_params.path_refresh_time); 2755 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2756 cur_params.min_discovery_timeout); 2757 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2758 cur_params.dot11MeshHWMPactivePathTimeout); 2759 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2760 cur_params.dot11MeshHWMPpreqMinInterval); 2761 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2762 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2763 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 2764 cur_params.dot11MeshHWMPRootMode); 2765 nla_nest_end(msg, pinfoattr); 2766 genlmsg_end(msg, hdr); 2767 err = genlmsg_reply(msg, info); 2768 goto out; 2769 2770 nla_put_failure: 2771 genlmsg_cancel(msg, hdr); 2772 nlmsg_free(msg); 2773 err = -EMSGSIZE; 2774 out: 2775 /* Cleanup */ 2776 cfg80211_unlock_rdev(rdev); 2777 dev_put(dev); 2778 out_rtnl: 2779 rtnl_unlock(); 2780 2781 return err; 2782 } 2783 2784 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 2785 do {\ 2786 if (table[attr_num]) {\ 2787 cfg.param = nla_fn(table[attr_num]); \ 2788 mask |= (1 << (attr_num - 1)); \ 2789 } \ 2790 } while (0);\ 2791 2792 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 2793 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2794 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2795 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2796 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 2797 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 2798 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 2799 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 2800 2801 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 2802 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 2803 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 2804 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 2805 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 2806 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 2807 }; 2808 2809 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info) 2810 { 2811 int err; 2812 u32 mask; 2813 struct cfg80211_registered_device *rdev; 2814 struct net_device *dev; 2815 struct mesh_config cfg; 2816 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 2817 struct nlattr *parent_attr; 2818 2819 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS]; 2820 if (!parent_attr) 2821 return -EINVAL; 2822 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 2823 parent_attr, nl80211_meshconf_params_policy)) 2824 return -EINVAL; 2825 2826 rtnl_lock(); 2827 2828 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2829 if (err) 2830 goto out_rtnl; 2831 2832 if (!rdev->ops->set_mesh_params) { 2833 err = -EOPNOTSUPP; 2834 goto out; 2835 } 2836 2837 /* This makes sure that there aren't more than 32 mesh config 2838 * parameters (otherwise our bitfield scheme would not work.) */ 2839 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2840 2841 /* Fill in the params struct */ 2842 mask = 0; 2843 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 2844 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 2845 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 2846 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 2847 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 2848 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 2849 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 2850 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 2851 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 2852 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 2853 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 2854 mask, NL80211_MESHCONF_TTL, nla_get_u8); 2855 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 2856 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 2857 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 2858 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2859 nla_get_u8); 2860 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 2861 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 2862 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 2863 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2864 nla_get_u16); 2865 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 2866 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2867 nla_get_u32); 2868 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 2869 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2870 nla_get_u16); 2871 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2872 dot11MeshHWMPnetDiameterTraversalTime, 2873 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2874 nla_get_u16); 2875 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2876 dot11MeshHWMPRootMode, mask, 2877 NL80211_MESHCONF_HWMP_ROOTMODE, 2878 nla_get_u8); 2879 2880 /* Apply changes */ 2881 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2882 2883 out: 2884 /* cleanup */ 2885 cfg80211_unlock_rdev(rdev); 2886 dev_put(dev); 2887 out_rtnl: 2888 rtnl_unlock(); 2889 2890 return err; 2891 } 2892 2893 #undef FILL_IN_MESH_PARAM_IF_SET 2894 2895 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 2896 { 2897 struct sk_buff *msg; 2898 void *hdr = NULL; 2899 struct nlattr *nl_reg_rules; 2900 unsigned int i; 2901 int err = -EINVAL; 2902 2903 mutex_lock(&cfg80211_mutex); 2904 2905 if (!cfg80211_regdomain) 2906 goto out; 2907 2908 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2909 if (!msg) { 2910 err = -ENOBUFS; 2911 goto out; 2912 } 2913 2914 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2915 NL80211_CMD_GET_REG); 2916 if (!hdr) 2917 goto nla_put_failure; 2918 2919 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 2920 cfg80211_regdomain->alpha2); 2921 2922 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 2923 if (!nl_reg_rules) 2924 goto nla_put_failure; 2925 2926 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 2927 struct nlattr *nl_reg_rule; 2928 const struct ieee80211_reg_rule *reg_rule; 2929 const struct ieee80211_freq_range *freq_range; 2930 const struct ieee80211_power_rule *power_rule; 2931 2932 reg_rule = &cfg80211_regdomain->reg_rules[i]; 2933 freq_range = ®_rule->freq_range; 2934 power_rule = ®_rule->power_rule; 2935 2936 nl_reg_rule = nla_nest_start(msg, i); 2937 if (!nl_reg_rule) 2938 goto nla_put_failure; 2939 2940 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 2941 reg_rule->flags); 2942 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 2943 freq_range->start_freq_khz); 2944 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 2945 freq_range->end_freq_khz); 2946 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 2947 freq_range->max_bandwidth_khz); 2948 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 2949 power_rule->max_antenna_gain); 2950 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 2951 power_rule->max_eirp); 2952 2953 nla_nest_end(msg, nl_reg_rule); 2954 } 2955 2956 nla_nest_end(msg, nl_reg_rules); 2957 2958 genlmsg_end(msg, hdr); 2959 err = genlmsg_reply(msg, info); 2960 goto out; 2961 2962 nla_put_failure: 2963 genlmsg_cancel(msg, hdr); 2964 nlmsg_free(msg); 2965 err = -EMSGSIZE; 2966 out: 2967 mutex_unlock(&cfg80211_mutex); 2968 return err; 2969 } 2970 2971 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 2972 { 2973 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 2974 struct nlattr *nl_reg_rule; 2975 char *alpha2 = NULL; 2976 int rem_reg_rules = 0, r = 0; 2977 u32 num_rules = 0, rule_idx = 0, size_of_regd; 2978 struct ieee80211_regdomain *rd = NULL; 2979 2980 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2981 return -EINVAL; 2982 2983 if (!info->attrs[NL80211_ATTR_REG_RULES]) 2984 return -EINVAL; 2985 2986 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2987 2988 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2989 rem_reg_rules) { 2990 num_rules++; 2991 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 2992 return -EINVAL; 2993 } 2994 2995 mutex_lock(&cfg80211_mutex); 2996 2997 if (!reg_is_valid_request(alpha2)) { 2998 r = -EINVAL; 2999 goto bad_reg; 3000 } 3001 3002 size_of_regd = sizeof(struct ieee80211_regdomain) + 3003 (num_rules * sizeof(struct ieee80211_reg_rule)); 3004 3005 rd = kzalloc(size_of_regd, GFP_KERNEL); 3006 if (!rd) { 3007 r = -ENOMEM; 3008 goto bad_reg; 3009 } 3010 3011 rd->n_reg_rules = num_rules; 3012 rd->alpha2[0] = alpha2[0]; 3013 rd->alpha2[1] = alpha2[1]; 3014 3015 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3016 rem_reg_rules) { 3017 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3018 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3019 reg_rule_policy); 3020 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3021 if (r) 3022 goto bad_reg; 3023 3024 rule_idx++; 3025 3026 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3027 r = -EINVAL; 3028 goto bad_reg; 3029 } 3030 } 3031 3032 BUG_ON(rule_idx != num_rules); 3033 3034 r = set_regdom(rd); 3035 3036 mutex_unlock(&cfg80211_mutex); 3037 3038 return r; 3039 3040 bad_reg: 3041 mutex_unlock(&cfg80211_mutex); 3042 kfree(rd); 3043 return r; 3044 } 3045 3046 static int validate_scan_freqs(struct nlattr *freqs) 3047 { 3048 struct nlattr *attr1, *attr2; 3049 int n_channels = 0, tmp1, tmp2; 3050 3051 nla_for_each_nested(attr1, freqs, tmp1) { 3052 n_channels++; 3053 /* 3054 * Some hardware has a limited channel list for 3055 * scanning, and it is pretty much nonsensical 3056 * to scan for a channel twice, so disallow that 3057 * and don't require drivers to check that the 3058 * channel list they get isn't longer than what 3059 * they can scan, as long as they can scan all 3060 * the channels they registered at once. 3061 */ 3062 nla_for_each_nested(attr2, freqs, tmp2) 3063 if (attr1 != attr2 && 3064 nla_get_u32(attr1) == nla_get_u32(attr2)) 3065 return 0; 3066 } 3067 3068 return n_channels; 3069 } 3070 3071 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3072 { 3073 struct cfg80211_registered_device *rdev; 3074 struct net_device *dev; 3075 struct cfg80211_scan_request *request; 3076 struct cfg80211_ssid *ssid; 3077 struct ieee80211_channel *channel; 3078 struct nlattr *attr; 3079 struct wiphy *wiphy; 3080 int err, tmp, n_ssids = 0, n_channels, i; 3081 enum ieee80211_band band; 3082 size_t ie_len; 3083 3084 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3085 return -EINVAL; 3086 3087 rtnl_lock(); 3088 3089 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3090 if (err) 3091 goto out_rtnl; 3092 3093 wiphy = &rdev->wiphy; 3094 3095 if (!rdev->ops->scan) { 3096 err = -EOPNOTSUPP; 3097 goto out; 3098 } 3099 3100 if (!netif_running(dev)) { 3101 err = -ENETDOWN; 3102 goto out; 3103 } 3104 3105 if (rdev->scan_req) { 3106 err = -EBUSY; 3107 goto out; 3108 } 3109 3110 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3111 n_channels = validate_scan_freqs( 3112 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3113 if (!n_channels) { 3114 err = -EINVAL; 3115 goto out; 3116 } 3117 } else { 3118 n_channels = 0; 3119 3120 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3121 if (wiphy->bands[band]) 3122 n_channels += wiphy->bands[band]->n_channels; 3123 } 3124 3125 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3126 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3127 n_ssids++; 3128 3129 if (n_ssids > wiphy->max_scan_ssids) { 3130 err = -EINVAL; 3131 goto out; 3132 } 3133 3134 if (info->attrs[NL80211_ATTR_IE]) 3135 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3136 else 3137 ie_len = 0; 3138 3139 if (ie_len > wiphy->max_scan_ie_len) { 3140 err = -EINVAL; 3141 goto out; 3142 } 3143 3144 request = kzalloc(sizeof(*request) 3145 + sizeof(*ssid) * n_ssids 3146 + sizeof(channel) * n_channels 3147 + ie_len, GFP_KERNEL); 3148 if (!request) { 3149 err = -ENOMEM; 3150 goto out; 3151 } 3152 3153 if (n_ssids) 3154 request->ssids = (void *)&request->channels[n_channels]; 3155 request->n_ssids = n_ssids; 3156 if (ie_len) { 3157 if (request->ssids) 3158 request->ie = (void *)(request->ssids + n_ssids); 3159 else 3160 request->ie = (void *)(request->channels + n_channels); 3161 } 3162 3163 i = 0; 3164 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3165 /* user specified, bail out if channel not found */ 3166 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3167 struct ieee80211_channel *chan; 3168 3169 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3170 3171 if (!chan) { 3172 err = -EINVAL; 3173 goto out_free; 3174 } 3175 3176 /* ignore disabled channels */ 3177 if (chan->flags & IEEE80211_CHAN_DISABLED) 3178 continue; 3179 3180 request->channels[i] = chan; 3181 i++; 3182 } 3183 } else { 3184 /* all channels */ 3185 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3186 int j; 3187 if (!wiphy->bands[band]) 3188 continue; 3189 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3190 struct ieee80211_channel *chan; 3191 3192 chan = &wiphy->bands[band]->channels[j]; 3193 3194 if (chan->flags & IEEE80211_CHAN_DISABLED) 3195 continue; 3196 3197 request->channels[i] = chan; 3198 i++; 3199 } 3200 } 3201 } 3202 3203 if (!i) { 3204 err = -EINVAL; 3205 goto out_free; 3206 } 3207 3208 request->n_channels = i; 3209 3210 i = 0; 3211 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3212 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3213 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3214 err = -EINVAL; 3215 goto out_free; 3216 } 3217 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3218 request->ssids[i].ssid_len = nla_len(attr); 3219 i++; 3220 } 3221 } 3222 3223 if (info->attrs[NL80211_ATTR_IE]) { 3224 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3225 memcpy((void *)request->ie, 3226 nla_data(info->attrs[NL80211_ATTR_IE]), 3227 request->ie_len); 3228 } 3229 3230 request->dev = dev; 3231 request->wiphy = &rdev->wiphy; 3232 3233 rdev->scan_req = request; 3234 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3235 3236 if (!err) { 3237 nl80211_send_scan_start(rdev, dev); 3238 dev_hold(dev); 3239 } 3240 3241 out_free: 3242 if (err) { 3243 rdev->scan_req = NULL; 3244 kfree(request); 3245 } 3246 out: 3247 cfg80211_unlock_rdev(rdev); 3248 dev_put(dev); 3249 out_rtnl: 3250 rtnl_unlock(); 3251 3252 return err; 3253 } 3254 3255 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, 3256 struct cfg80211_registered_device *rdev, 3257 struct wireless_dev *wdev, 3258 struct cfg80211_internal_bss *intbss) 3259 { 3260 struct cfg80211_bss *res = &intbss->pub; 3261 void *hdr; 3262 struct nlattr *bss; 3263 int i; 3264 3265 ASSERT_WDEV_LOCK(wdev); 3266 3267 hdr = nl80211hdr_put(msg, pid, seq, flags, 3268 NL80211_CMD_NEW_SCAN_RESULTS); 3269 if (!hdr) 3270 return -1; 3271 3272 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 3273 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 3274 3275 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 3276 if (!bss) 3277 goto nla_put_failure; 3278 if (!is_zero_ether_addr(res->bssid)) 3279 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 3280 if (res->information_elements && res->len_information_elements) 3281 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3282 res->len_information_elements, 3283 res->information_elements); 3284 if (res->beacon_ies && res->len_beacon_ies && 3285 res->beacon_ies != res->information_elements) 3286 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 3287 res->len_beacon_ies, res->beacon_ies); 3288 if (res->tsf) 3289 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3290 if (res->beacon_interval) 3291 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3292 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3293 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3294 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 3295 jiffies_to_msecs(jiffies - intbss->ts)); 3296 3297 switch (rdev->wiphy.signal_type) { 3298 case CFG80211_SIGNAL_TYPE_MBM: 3299 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 3300 break; 3301 case CFG80211_SIGNAL_TYPE_UNSPEC: 3302 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 3303 break; 3304 default: 3305 break; 3306 } 3307 3308 switch (wdev->iftype) { 3309 case NL80211_IFTYPE_STATION: 3310 if (intbss == wdev->current_bss) 3311 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3312 NL80211_BSS_STATUS_ASSOCIATED); 3313 else for (i = 0; i < MAX_AUTH_BSSES; i++) { 3314 if (intbss != wdev->auth_bsses[i]) 3315 continue; 3316 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3317 NL80211_BSS_STATUS_AUTHENTICATED); 3318 break; 3319 } 3320 break; 3321 case NL80211_IFTYPE_ADHOC: 3322 if (intbss == wdev->current_bss) 3323 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3324 NL80211_BSS_STATUS_IBSS_JOINED); 3325 break; 3326 default: 3327 break; 3328 } 3329 3330 nla_nest_end(msg, bss); 3331 3332 return genlmsg_end(msg, hdr); 3333 3334 nla_put_failure: 3335 genlmsg_cancel(msg, hdr); 3336 return -EMSGSIZE; 3337 } 3338 3339 static int nl80211_dump_scan(struct sk_buff *skb, 3340 struct netlink_callback *cb) 3341 { 3342 struct cfg80211_registered_device *rdev; 3343 struct net_device *dev; 3344 struct cfg80211_internal_bss *scan; 3345 struct wireless_dev *wdev; 3346 int ifidx = cb->args[0]; 3347 int start = cb->args[1], idx = 0; 3348 int err; 3349 3350 if (!ifidx) 3351 ifidx = nl80211_get_ifidx(cb); 3352 if (ifidx < 0) 3353 return ifidx; 3354 cb->args[0] = ifidx; 3355 3356 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3357 if (!dev) 3358 return -ENODEV; 3359 3360 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3361 if (IS_ERR(rdev)) { 3362 err = PTR_ERR(rdev); 3363 goto out_put_netdev; 3364 } 3365 3366 wdev = dev->ieee80211_ptr; 3367 3368 wdev_lock(wdev); 3369 spin_lock_bh(&rdev->bss_lock); 3370 cfg80211_bss_expire(rdev); 3371 3372 list_for_each_entry(scan, &rdev->bss_list, list) { 3373 if (++idx <= start) 3374 continue; 3375 if (nl80211_send_bss(skb, 3376 NETLINK_CB(cb->skb).pid, 3377 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3378 rdev, wdev, scan) < 0) { 3379 idx--; 3380 goto out; 3381 } 3382 } 3383 3384 out: 3385 spin_unlock_bh(&rdev->bss_lock); 3386 wdev_unlock(wdev); 3387 3388 cb->args[1] = idx; 3389 err = skb->len; 3390 cfg80211_unlock_rdev(rdev); 3391 out_put_netdev: 3392 dev_put(dev); 3393 3394 return err; 3395 } 3396 3397 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 3398 int flags, struct net_device *dev, 3399 struct survey_info *survey) 3400 { 3401 void *hdr; 3402 struct nlattr *infoattr; 3403 3404 /* Survey without a channel doesn't make sense */ 3405 if (!survey->channel) 3406 return -EINVAL; 3407 3408 hdr = nl80211hdr_put(msg, pid, seq, flags, 3409 NL80211_CMD_NEW_SURVEY_RESULTS); 3410 if (!hdr) 3411 return -ENOMEM; 3412 3413 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3414 3415 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 3416 if (!infoattr) 3417 goto nla_put_failure; 3418 3419 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 3420 survey->channel->center_freq); 3421 if (survey->filled & SURVEY_INFO_NOISE_DBM) 3422 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 3423 survey->noise); 3424 3425 nla_nest_end(msg, infoattr); 3426 3427 return genlmsg_end(msg, hdr); 3428 3429 nla_put_failure: 3430 genlmsg_cancel(msg, hdr); 3431 return -EMSGSIZE; 3432 } 3433 3434 static int nl80211_dump_survey(struct sk_buff *skb, 3435 struct netlink_callback *cb) 3436 { 3437 struct survey_info survey; 3438 struct cfg80211_registered_device *dev; 3439 struct net_device *netdev; 3440 int ifidx = cb->args[0]; 3441 int survey_idx = cb->args[1]; 3442 int res; 3443 3444 if (!ifidx) 3445 ifidx = nl80211_get_ifidx(cb); 3446 if (ifidx < 0) 3447 return ifidx; 3448 cb->args[0] = ifidx; 3449 3450 rtnl_lock(); 3451 3452 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3453 if (!netdev) { 3454 res = -ENODEV; 3455 goto out_rtnl; 3456 } 3457 3458 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3459 if (IS_ERR(dev)) { 3460 res = PTR_ERR(dev); 3461 goto out_rtnl; 3462 } 3463 3464 if (!dev->ops->dump_survey) { 3465 res = -EOPNOTSUPP; 3466 goto out_err; 3467 } 3468 3469 while (1) { 3470 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 3471 &survey); 3472 if (res == -ENOENT) 3473 break; 3474 if (res) 3475 goto out_err; 3476 3477 if (nl80211_send_survey(skb, 3478 NETLINK_CB(cb->skb).pid, 3479 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3480 netdev, 3481 &survey) < 0) 3482 goto out; 3483 survey_idx++; 3484 } 3485 3486 out: 3487 cb->args[1] = survey_idx; 3488 res = skb->len; 3489 out_err: 3490 cfg80211_unlock_rdev(dev); 3491 out_rtnl: 3492 rtnl_unlock(); 3493 3494 return res; 3495 } 3496 3497 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3498 { 3499 return auth_type <= NL80211_AUTHTYPE_MAX; 3500 } 3501 3502 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 3503 { 3504 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 3505 NL80211_WPA_VERSION_2)); 3506 } 3507 3508 static bool nl80211_valid_akm_suite(u32 akm) 3509 { 3510 return akm == WLAN_AKM_SUITE_8021X || 3511 akm == WLAN_AKM_SUITE_PSK; 3512 } 3513 3514 static bool nl80211_valid_cipher_suite(u32 cipher) 3515 { 3516 return cipher == WLAN_CIPHER_SUITE_WEP40 || 3517 cipher == WLAN_CIPHER_SUITE_WEP104 || 3518 cipher == WLAN_CIPHER_SUITE_TKIP || 3519 cipher == WLAN_CIPHER_SUITE_CCMP || 3520 cipher == WLAN_CIPHER_SUITE_AES_CMAC; 3521 } 3522 3523 3524 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 3525 { 3526 struct cfg80211_registered_device *rdev; 3527 struct net_device *dev; 3528 struct ieee80211_channel *chan; 3529 const u8 *bssid, *ssid, *ie = NULL; 3530 int err, ssid_len, ie_len = 0; 3531 enum nl80211_auth_type auth_type; 3532 struct key_parse key; 3533 bool local_state_change; 3534 3535 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3536 return -EINVAL; 3537 3538 if (!info->attrs[NL80211_ATTR_MAC]) 3539 return -EINVAL; 3540 3541 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 3542 return -EINVAL; 3543 3544 if (!info->attrs[NL80211_ATTR_SSID]) 3545 return -EINVAL; 3546 3547 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3548 return -EINVAL; 3549 3550 err = nl80211_parse_key(info, &key); 3551 if (err) 3552 return err; 3553 3554 if (key.idx >= 0) { 3555 if (!key.p.key || !key.p.key_len) 3556 return -EINVAL; 3557 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 3558 key.p.key_len != WLAN_KEY_LEN_WEP40) && 3559 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 3560 key.p.key_len != WLAN_KEY_LEN_WEP104)) 3561 return -EINVAL; 3562 if (key.idx > 4) 3563 return -EINVAL; 3564 } else { 3565 key.p.key_len = 0; 3566 key.p.key = NULL; 3567 } 3568 3569 rtnl_lock(); 3570 3571 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3572 if (err) 3573 goto unlock_rtnl; 3574 3575 if (!rdev->ops->auth) { 3576 err = -EOPNOTSUPP; 3577 goto out; 3578 } 3579 3580 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3581 err = -EOPNOTSUPP; 3582 goto out; 3583 } 3584 3585 if (!netif_running(dev)) { 3586 err = -ENETDOWN; 3587 goto out; 3588 } 3589 3590 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3591 chan = ieee80211_get_channel(&rdev->wiphy, 3592 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3593 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3594 err = -EINVAL; 3595 goto out; 3596 } 3597 3598 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3599 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3600 3601 if (info->attrs[NL80211_ATTR_IE]) { 3602 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3603 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3604 } 3605 3606 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 3607 if (!nl80211_valid_auth_type(auth_type)) { 3608 err = -EINVAL; 3609 goto out; 3610 } 3611 3612 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3613 3614 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 3615 ssid, ssid_len, ie, ie_len, 3616 key.p.key, key.p.key_len, key.idx, 3617 local_state_change); 3618 3619 out: 3620 cfg80211_unlock_rdev(rdev); 3621 dev_put(dev); 3622 unlock_rtnl: 3623 rtnl_unlock(); 3624 return err; 3625 } 3626 3627 static int nl80211_crypto_settings(struct genl_info *info, 3628 struct cfg80211_crypto_settings *settings, 3629 int cipher_limit) 3630 { 3631 memset(settings, 0, sizeof(*settings)); 3632 3633 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 3634 3635 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 3636 void *data; 3637 int len, i; 3638 3639 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3640 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3641 settings->n_ciphers_pairwise = len / sizeof(u32); 3642 3643 if (len % sizeof(u32)) 3644 return -EINVAL; 3645 3646 if (settings->n_ciphers_pairwise > cipher_limit) 3647 return -EINVAL; 3648 3649 memcpy(settings->ciphers_pairwise, data, len); 3650 3651 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3652 if (!nl80211_valid_cipher_suite( 3653 settings->ciphers_pairwise[i])) 3654 return -EINVAL; 3655 } 3656 3657 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 3658 settings->cipher_group = 3659 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 3660 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 3661 return -EINVAL; 3662 } 3663 3664 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 3665 settings->wpa_versions = 3666 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 3667 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 3668 return -EINVAL; 3669 } 3670 3671 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 3672 void *data; 3673 int len, i; 3674 3675 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 3676 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 3677 settings->n_akm_suites = len / sizeof(u32); 3678 3679 if (len % sizeof(u32)) 3680 return -EINVAL; 3681 3682 memcpy(settings->akm_suites, data, len); 3683 3684 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3685 if (!nl80211_valid_akm_suite(settings->akm_suites[i])) 3686 return -EINVAL; 3687 } 3688 3689 return 0; 3690 } 3691 3692 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 3693 { 3694 struct cfg80211_registered_device *rdev; 3695 struct net_device *dev; 3696 struct cfg80211_crypto_settings crypto; 3697 struct ieee80211_channel *chan; 3698 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3699 int err, ssid_len, ie_len = 0; 3700 bool use_mfp = false; 3701 3702 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3703 return -EINVAL; 3704 3705 if (!info->attrs[NL80211_ATTR_MAC] || 3706 !info->attrs[NL80211_ATTR_SSID] || 3707 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3708 return -EINVAL; 3709 3710 rtnl_lock(); 3711 3712 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3713 if (err) 3714 goto unlock_rtnl; 3715 3716 if (!rdev->ops->assoc) { 3717 err = -EOPNOTSUPP; 3718 goto out; 3719 } 3720 3721 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3722 err = -EOPNOTSUPP; 3723 goto out; 3724 } 3725 3726 if (!netif_running(dev)) { 3727 err = -ENETDOWN; 3728 goto out; 3729 } 3730 3731 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3732 3733 chan = ieee80211_get_channel(&rdev->wiphy, 3734 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3735 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3736 err = -EINVAL; 3737 goto out; 3738 } 3739 3740 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3741 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3742 3743 if (info->attrs[NL80211_ATTR_IE]) { 3744 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3745 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3746 } 3747 3748 if (info->attrs[NL80211_ATTR_USE_MFP]) { 3749 enum nl80211_mfp mfp = 3750 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 3751 if (mfp == NL80211_MFP_REQUIRED) 3752 use_mfp = true; 3753 else if (mfp != NL80211_MFP_NO) { 3754 err = -EINVAL; 3755 goto out; 3756 } 3757 } 3758 3759 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 3760 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 3761 3762 err = nl80211_crypto_settings(info, &crypto, 1); 3763 if (!err) 3764 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 3765 ssid, ssid_len, ie, ie_len, use_mfp, 3766 &crypto); 3767 3768 out: 3769 cfg80211_unlock_rdev(rdev); 3770 dev_put(dev); 3771 unlock_rtnl: 3772 rtnl_unlock(); 3773 return err; 3774 } 3775 3776 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 3777 { 3778 struct cfg80211_registered_device *rdev; 3779 struct net_device *dev; 3780 const u8 *ie = NULL, *bssid; 3781 int err, ie_len = 0; 3782 u16 reason_code; 3783 bool local_state_change; 3784 3785 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3786 return -EINVAL; 3787 3788 if (!info->attrs[NL80211_ATTR_MAC]) 3789 return -EINVAL; 3790 3791 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3792 return -EINVAL; 3793 3794 rtnl_lock(); 3795 3796 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3797 if (err) 3798 goto unlock_rtnl; 3799 3800 if (!rdev->ops->deauth) { 3801 err = -EOPNOTSUPP; 3802 goto out; 3803 } 3804 3805 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3806 err = -EOPNOTSUPP; 3807 goto out; 3808 } 3809 3810 if (!netif_running(dev)) { 3811 err = -ENETDOWN; 3812 goto out; 3813 } 3814 3815 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3816 3817 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3818 if (reason_code == 0) { 3819 /* Reason Code 0 is reserved */ 3820 err = -EINVAL; 3821 goto out; 3822 } 3823 3824 if (info->attrs[NL80211_ATTR_IE]) { 3825 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3826 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3827 } 3828 3829 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3830 3831 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 3832 local_state_change); 3833 3834 out: 3835 cfg80211_unlock_rdev(rdev); 3836 dev_put(dev); 3837 unlock_rtnl: 3838 rtnl_unlock(); 3839 return err; 3840 } 3841 3842 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 3843 { 3844 struct cfg80211_registered_device *rdev; 3845 struct net_device *dev; 3846 const u8 *ie = NULL, *bssid; 3847 int err, ie_len = 0; 3848 u16 reason_code; 3849 bool local_state_change; 3850 3851 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3852 return -EINVAL; 3853 3854 if (!info->attrs[NL80211_ATTR_MAC]) 3855 return -EINVAL; 3856 3857 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3858 return -EINVAL; 3859 3860 rtnl_lock(); 3861 3862 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3863 if (err) 3864 goto unlock_rtnl; 3865 3866 if (!rdev->ops->disassoc) { 3867 err = -EOPNOTSUPP; 3868 goto out; 3869 } 3870 3871 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3872 err = -EOPNOTSUPP; 3873 goto out; 3874 } 3875 3876 if (!netif_running(dev)) { 3877 err = -ENETDOWN; 3878 goto out; 3879 } 3880 3881 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3882 3883 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3884 if (reason_code == 0) { 3885 /* Reason Code 0 is reserved */ 3886 err = -EINVAL; 3887 goto out; 3888 } 3889 3890 if (info->attrs[NL80211_ATTR_IE]) { 3891 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3892 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3893 } 3894 3895 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3896 3897 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 3898 local_state_change); 3899 3900 out: 3901 cfg80211_unlock_rdev(rdev); 3902 dev_put(dev); 3903 unlock_rtnl: 3904 rtnl_unlock(); 3905 return err; 3906 } 3907 3908 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 3909 { 3910 struct cfg80211_registered_device *rdev; 3911 struct net_device *dev; 3912 struct cfg80211_ibss_params ibss; 3913 struct wiphy *wiphy; 3914 struct cfg80211_cached_keys *connkeys = NULL; 3915 int err; 3916 3917 memset(&ibss, 0, sizeof(ibss)); 3918 3919 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3920 return -EINVAL; 3921 3922 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 3923 !info->attrs[NL80211_ATTR_SSID] || 3924 !nla_len(info->attrs[NL80211_ATTR_SSID])) 3925 return -EINVAL; 3926 3927 ibss.beacon_interval = 100; 3928 3929 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 3930 ibss.beacon_interval = 3931 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3932 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 3933 return -EINVAL; 3934 } 3935 3936 rtnl_lock(); 3937 3938 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3939 if (err) 3940 goto unlock_rtnl; 3941 3942 if (!rdev->ops->join_ibss) { 3943 err = -EOPNOTSUPP; 3944 goto out; 3945 } 3946 3947 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3948 err = -EOPNOTSUPP; 3949 goto out; 3950 } 3951 3952 if (!netif_running(dev)) { 3953 err = -ENETDOWN; 3954 goto out; 3955 } 3956 3957 wiphy = &rdev->wiphy; 3958 3959 if (info->attrs[NL80211_ATTR_MAC]) 3960 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3961 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3962 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3963 3964 if (info->attrs[NL80211_ATTR_IE]) { 3965 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3966 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3967 } 3968 3969 ibss.channel = ieee80211_get_channel(wiphy, 3970 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3971 if (!ibss.channel || 3972 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 3973 ibss.channel->flags & IEEE80211_CHAN_DISABLED) { 3974 err = -EINVAL; 3975 goto out; 3976 } 3977 3978 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 3979 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3980 3981 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 3982 connkeys = nl80211_parse_connkeys(rdev, 3983 info->attrs[NL80211_ATTR_KEYS]); 3984 if (IS_ERR(connkeys)) { 3985 err = PTR_ERR(connkeys); 3986 connkeys = NULL; 3987 goto out; 3988 } 3989 } 3990 3991 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3992 u8 *rates = 3993 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3994 int n_rates = 3995 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3996 struct ieee80211_supported_band *sband = 3997 wiphy->bands[ibss.channel->band]; 3998 int i, j; 3999 4000 if (n_rates == 0) { 4001 err = -EINVAL; 4002 goto out; 4003 } 4004 4005 for (i = 0; i < n_rates; i++) { 4006 int rate = (rates[i] & 0x7f) * 5; 4007 bool found = false; 4008 4009 for (j = 0; j < sband->n_bitrates; j++) { 4010 if (sband->bitrates[j].bitrate == rate) { 4011 found = true; 4012 ibss.basic_rates |= BIT(j); 4013 break; 4014 } 4015 } 4016 if (!found) { 4017 err = -EINVAL; 4018 goto out; 4019 } 4020 } 4021 } else { 4022 /* 4023 * If no rates were explicitly configured, 4024 * use the mandatory rate set for 11b or 4025 * 11a for maximum compatibility. 4026 */ 4027 struct ieee80211_supported_band *sband = 4028 wiphy->bands[ibss.channel->band]; 4029 int j; 4030 u32 flag = ibss.channel->band == IEEE80211_BAND_5GHZ ? 4031 IEEE80211_RATE_MANDATORY_A : 4032 IEEE80211_RATE_MANDATORY_B; 4033 4034 for (j = 0; j < sband->n_bitrates; j++) { 4035 if (sband->bitrates[j].flags & flag) 4036 ibss.basic_rates |= BIT(j); 4037 } 4038 } 4039 4040 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4041 4042 out: 4043 cfg80211_unlock_rdev(rdev); 4044 dev_put(dev); 4045 unlock_rtnl: 4046 if (err) 4047 kfree(connkeys); 4048 rtnl_unlock(); 4049 return err; 4050 } 4051 4052 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 4053 { 4054 struct cfg80211_registered_device *rdev; 4055 struct net_device *dev; 4056 int err; 4057 4058 rtnl_lock(); 4059 4060 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4061 if (err) 4062 goto unlock_rtnl; 4063 4064 if (!rdev->ops->leave_ibss) { 4065 err = -EOPNOTSUPP; 4066 goto out; 4067 } 4068 4069 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4070 err = -EOPNOTSUPP; 4071 goto out; 4072 } 4073 4074 if (!netif_running(dev)) { 4075 err = -ENETDOWN; 4076 goto out; 4077 } 4078 4079 err = cfg80211_leave_ibss(rdev, dev, false); 4080 4081 out: 4082 cfg80211_unlock_rdev(rdev); 4083 dev_put(dev); 4084 unlock_rtnl: 4085 rtnl_unlock(); 4086 return err; 4087 } 4088 4089 #ifdef CONFIG_NL80211_TESTMODE 4090 static struct genl_multicast_group nl80211_testmode_mcgrp = { 4091 .name = "testmode", 4092 }; 4093 4094 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4095 { 4096 struct cfg80211_registered_device *rdev; 4097 int err; 4098 4099 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4100 return -EINVAL; 4101 4102 rtnl_lock(); 4103 4104 rdev = cfg80211_get_dev_from_info(info); 4105 if (IS_ERR(rdev)) { 4106 err = PTR_ERR(rdev); 4107 goto unlock_rtnl; 4108 } 4109 4110 err = -EOPNOTSUPP; 4111 if (rdev->ops->testmode_cmd) { 4112 rdev->testmode_info = info; 4113 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4114 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4115 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4116 rdev->testmode_info = NULL; 4117 } 4118 4119 cfg80211_unlock_rdev(rdev); 4120 4121 unlock_rtnl: 4122 rtnl_unlock(); 4123 return err; 4124 } 4125 4126 static struct sk_buff * 4127 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 4128 int approxlen, u32 pid, u32 seq, gfp_t gfp) 4129 { 4130 struct sk_buff *skb; 4131 void *hdr; 4132 struct nlattr *data; 4133 4134 skb = nlmsg_new(approxlen + 100, gfp); 4135 if (!skb) 4136 return NULL; 4137 4138 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 4139 if (!hdr) { 4140 kfree_skb(skb); 4141 return NULL; 4142 } 4143 4144 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 4145 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4146 4147 ((void **)skb->cb)[0] = rdev; 4148 ((void **)skb->cb)[1] = hdr; 4149 ((void **)skb->cb)[2] = data; 4150 4151 return skb; 4152 4153 nla_put_failure: 4154 kfree_skb(skb); 4155 return NULL; 4156 } 4157 4158 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 4159 int approxlen) 4160 { 4161 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4162 4163 if (WARN_ON(!rdev->testmode_info)) 4164 return NULL; 4165 4166 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 4167 rdev->testmode_info->snd_pid, 4168 rdev->testmode_info->snd_seq, 4169 GFP_KERNEL); 4170 } 4171 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 4172 4173 int cfg80211_testmode_reply(struct sk_buff *skb) 4174 { 4175 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 4176 void *hdr = ((void **)skb->cb)[1]; 4177 struct nlattr *data = ((void **)skb->cb)[2]; 4178 4179 if (WARN_ON(!rdev->testmode_info)) { 4180 kfree_skb(skb); 4181 return -EINVAL; 4182 } 4183 4184 nla_nest_end(skb, data); 4185 genlmsg_end(skb, hdr); 4186 return genlmsg_reply(skb, rdev->testmode_info); 4187 } 4188 EXPORT_SYMBOL(cfg80211_testmode_reply); 4189 4190 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 4191 int approxlen, gfp_t gfp) 4192 { 4193 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4194 4195 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 4196 } 4197 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 4198 4199 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 4200 { 4201 void *hdr = ((void **)skb->cb)[1]; 4202 struct nlattr *data = ((void **)skb->cb)[2]; 4203 4204 nla_nest_end(skb, data); 4205 genlmsg_end(skb, hdr); 4206 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 4207 } 4208 EXPORT_SYMBOL(cfg80211_testmode_event); 4209 #endif 4210 4211 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 4212 { 4213 struct cfg80211_registered_device *rdev; 4214 struct net_device *dev; 4215 struct cfg80211_connect_params connect; 4216 struct wiphy *wiphy; 4217 struct cfg80211_cached_keys *connkeys = NULL; 4218 int err; 4219 4220 memset(&connect, 0, sizeof(connect)); 4221 4222 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4223 return -EINVAL; 4224 4225 if (!info->attrs[NL80211_ATTR_SSID] || 4226 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4227 return -EINVAL; 4228 4229 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4230 connect.auth_type = 4231 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4232 if (!nl80211_valid_auth_type(connect.auth_type)) 4233 return -EINVAL; 4234 } else 4235 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4236 4237 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 4238 4239 err = nl80211_crypto_settings(info, &connect.crypto, 4240 NL80211_MAX_NR_CIPHER_SUITES); 4241 if (err) 4242 return err; 4243 rtnl_lock(); 4244 4245 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4246 if (err) 4247 goto unlock_rtnl; 4248 4249 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4250 err = -EOPNOTSUPP; 4251 goto out; 4252 } 4253 4254 if (!netif_running(dev)) { 4255 err = -ENETDOWN; 4256 goto out; 4257 } 4258 4259 wiphy = &rdev->wiphy; 4260 4261 if (info->attrs[NL80211_ATTR_MAC]) 4262 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4263 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4264 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4265 4266 if (info->attrs[NL80211_ATTR_IE]) { 4267 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4268 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4269 } 4270 4271 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4272 connect.channel = 4273 ieee80211_get_channel(wiphy, 4274 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4275 if (!connect.channel || 4276 connect.channel->flags & IEEE80211_CHAN_DISABLED) { 4277 err = -EINVAL; 4278 goto out; 4279 } 4280 } 4281 4282 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4283 connkeys = nl80211_parse_connkeys(rdev, 4284 info->attrs[NL80211_ATTR_KEYS]); 4285 if (IS_ERR(connkeys)) { 4286 err = PTR_ERR(connkeys); 4287 connkeys = NULL; 4288 goto out; 4289 } 4290 } 4291 4292 err = cfg80211_connect(rdev, dev, &connect, connkeys); 4293 4294 out: 4295 cfg80211_unlock_rdev(rdev); 4296 dev_put(dev); 4297 unlock_rtnl: 4298 if (err) 4299 kfree(connkeys); 4300 rtnl_unlock(); 4301 return err; 4302 } 4303 4304 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 4305 { 4306 struct cfg80211_registered_device *rdev; 4307 struct net_device *dev; 4308 int err; 4309 u16 reason; 4310 4311 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4312 reason = WLAN_REASON_DEAUTH_LEAVING; 4313 else 4314 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4315 4316 if (reason == 0) 4317 return -EINVAL; 4318 4319 rtnl_lock(); 4320 4321 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4322 if (err) 4323 goto unlock_rtnl; 4324 4325 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4326 err = -EOPNOTSUPP; 4327 goto out; 4328 } 4329 4330 if (!netif_running(dev)) { 4331 err = -ENETDOWN; 4332 goto out; 4333 } 4334 4335 err = cfg80211_disconnect(rdev, dev, reason, true); 4336 4337 out: 4338 cfg80211_unlock_rdev(rdev); 4339 dev_put(dev); 4340 unlock_rtnl: 4341 rtnl_unlock(); 4342 return err; 4343 } 4344 4345 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 4346 { 4347 struct cfg80211_registered_device *rdev; 4348 struct net *net; 4349 int err; 4350 u32 pid; 4351 4352 if (!info->attrs[NL80211_ATTR_PID]) 4353 return -EINVAL; 4354 4355 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 4356 4357 rtnl_lock(); 4358 4359 rdev = cfg80211_get_dev_from_info(info); 4360 if (IS_ERR(rdev)) { 4361 err = PTR_ERR(rdev); 4362 goto out_rtnl; 4363 } 4364 4365 net = get_net_ns_by_pid(pid); 4366 if (IS_ERR(net)) { 4367 err = PTR_ERR(net); 4368 goto out; 4369 } 4370 4371 err = 0; 4372 4373 /* check if anything to do */ 4374 if (net_eq(wiphy_net(&rdev->wiphy), net)) 4375 goto out_put_net; 4376 4377 err = cfg80211_switch_netns(rdev, net); 4378 out_put_net: 4379 put_net(net); 4380 out: 4381 cfg80211_unlock_rdev(rdev); 4382 out_rtnl: 4383 rtnl_unlock(); 4384 return err; 4385 } 4386 4387 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 4388 { 4389 struct cfg80211_registered_device *rdev; 4390 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 4391 struct cfg80211_pmksa *pmksa) = NULL; 4392 int err; 4393 struct net_device *dev; 4394 struct cfg80211_pmksa pmksa; 4395 4396 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 4397 4398 if (!info->attrs[NL80211_ATTR_MAC]) 4399 return -EINVAL; 4400 4401 if (!info->attrs[NL80211_ATTR_PMKID]) 4402 return -EINVAL; 4403 4404 rtnl_lock(); 4405 4406 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4407 if (err) 4408 goto out_rtnl; 4409 4410 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 4411 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4412 4413 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4414 err = -EOPNOTSUPP; 4415 goto out; 4416 } 4417 4418 switch (info->genlhdr->cmd) { 4419 case NL80211_CMD_SET_PMKSA: 4420 rdev_ops = rdev->ops->set_pmksa; 4421 break; 4422 case NL80211_CMD_DEL_PMKSA: 4423 rdev_ops = rdev->ops->del_pmksa; 4424 break; 4425 default: 4426 WARN_ON(1); 4427 break; 4428 } 4429 4430 if (!rdev_ops) { 4431 err = -EOPNOTSUPP; 4432 goto out; 4433 } 4434 4435 err = rdev_ops(&rdev->wiphy, dev, &pmksa); 4436 4437 out: 4438 cfg80211_unlock_rdev(rdev); 4439 dev_put(dev); 4440 out_rtnl: 4441 rtnl_unlock(); 4442 4443 return err; 4444 } 4445 4446 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 4447 { 4448 struct cfg80211_registered_device *rdev; 4449 int err; 4450 struct net_device *dev; 4451 4452 rtnl_lock(); 4453 4454 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4455 if (err) 4456 goto out_rtnl; 4457 4458 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4459 err = -EOPNOTSUPP; 4460 goto out; 4461 } 4462 4463 if (!rdev->ops->flush_pmksa) { 4464 err = -EOPNOTSUPP; 4465 goto out; 4466 } 4467 4468 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev); 4469 4470 out: 4471 cfg80211_unlock_rdev(rdev); 4472 dev_put(dev); 4473 out_rtnl: 4474 rtnl_unlock(); 4475 4476 return err; 4477 4478 } 4479 4480 static int nl80211_remain_on_channel(struct sk_buff *skb, 4481 struct genl_info *info) 4482 { 4483 struct cfg80211_registered_device *rdev; 4484 struct net_device *dev; 4485 struct ieee80211_channel *chan; 4486 struct sk_buff *msg; 4487 void *hdr; 4488 u64 cookie; 4489 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4490 u32 freq, duration; 4491 int err; 4492 4493 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4494 !info->attrs[NL80211_ATTR_DURATION]) 4495 return -EINVAL; 4496 4497 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 4498 4499 /* 4500 * We should be on that channel for at least one jiffie, 4501 * and more than 5 seconds seems excessive. 4502 */ 4503 if (!duration || !msecs_to_jiffies(duration) || duration > 5000) 4504 return -EINVAL; 4505 4506 rtnl_lock(); 4507 4508 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4509 if (err) 4510 goto unlock_rtnl; 4511 4512 if (!rdev->ops->remain_on_channel) { 4513 err = -EOPNOTSUPP; 4514 goto out; 4515 } 4516 4517 if (!netif_running(dev)) { 4518 err = -ENETDOWN; 4519 goto out; 4520 } 4521 4522 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4523 channel_type = nla_get_u32( 4524 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4525 if (channel_type != NL80211_CHAN_NO_HT && 4526 channel_type != NL80211_CHAN_HT20 && 4527 channel_type != NL80211_CHAN_HT40PLUS && 4528 channel_type != NL80211_CHAN_HT40MINUS) { 4529 err = -EINVAL; 4530 goto out; 4531 } 4532 } 4533 4534 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4535 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4536 if (chan == NULL) { 4537 err = -EINVAL; 4538 goto out; 4539 } 4540 4541 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4542 if (!msg) { 4543 err = -ENOMEM; 4544 goto out; 4545 } 4546 4547 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4548 NL80211_CMD_REMAIN_ON_CHANNEL); 4549 4550 if (IS_ERR(hdr)) { 4551 err = PTR_ERR(hdr); 4552 goto free_msg; 4553 } 4554 4555 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 4556 channel_type, duration, &cookie); 4557 4558 if (err) 4559 goto free_msg; 4560 4561 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4562 4563 genlmsg_end(msg, hdr); 4564 err = genlmsg_reply(msg, info); 4565 goto out; 4566 4567 nla_put_failure: 4568 err = -ENOBUFS; 4569 free_msg: 4570 nlmsg_free(msg); 4571 out: 4572 cfg80211_unlock_rdev(rdev); 4573 dev_put(dev); 4574 unlock_rtnl: 4575 rtnl_unlock(); 4576 return err; 4577 } 4578 4579 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 4580 struct genl_info *info) 4581 { 4582 struct cfg80211_registered_device *rdev; 4583 struct net_device *dev; 4584 u64 cookie; 4585 int err; 4586 4587 if (!info->attrs[NL80211_ATTR_COOKIE]) 4588 return -EINVAL; 4589 4590 rtnl_lock(); 4591 4592 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4593 if (err) 4594 goto unlock_rtnl; 4595 4596 if (!rdev->ops->cancel_remain_on_channel) { 4597 err = -EOPNOTSUPP; 4598 goto out; 4599 } 4600 4601 if (!netif_running(dev)) { 4602 err = -ENETDOWN; 4603 goto out; 4604 } 4605 4606 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 4607 4608 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 4609 4610 out: 4611 cfg80211_unlock_rdev(rdev); 4612 dev_put(dev); 4613 unlock_rtnl: 4614 rtnl_unlock(); 4615 return err; 4616 } 4617 4618 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4619 u8 *rates, u8 rates_len) 4620 { 4621 u8 i; 4622 u32 mask = 0; 4623 4624 for (i = 0; i < rates_len; i++) { 4625 int rate = (rates[i] & 0x7f) * 5; 4626 int ridx; 4627 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4628 struct ieee80211_rate *srate = 4629 &sband->bitrates[ridx]; 4630 if (rate == srate->bitrate) { 4631 mask |= 1 << ridx; 4632 break; 4633 } 4634 } 4635 if (ridx == sband->n_bitrates) 4636 return 0; /* rate not found */ 4637 } 4638 4639 return mask; 4640 } 4641 4642 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 4643 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 4644 .len = NL80211_MAX_SUPP_RATES }, 4645 }; 4646 4647 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 4648 struct genl_info *info) 4649 { 4650 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4651 struct cfg80211_registered_device *rdev; 4652 struct cfg80211_bitrate_mask mask; 4653 int err, rem, i; 4654 struct net_device *dev; 4655 struct nlattr *tx_rates; 4656 struct ieee80211_supported_band *sband; 4657 4658 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 4659 return -EINVAL; 4660 4661 rtnl_lock(); 4662 4663 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4664 if (err) 4665 goto unlock_rtnl; 4666 4667 if (!rdev->ops->set_bitrate_mask) { 4668 err = -EOPNOTSUPP; 4669 goto unlock; 4670 } 4671 4672 memset(&mask, 0, sizeof(mask)); 4673 /* Default to all rates enabled */ 4674 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 4675 sband = rdev->wiphy.bands[i]; 4676 mask.control[i].legacy = 4677 sband ? (1 << sband->n_bitrates) - 1 : 0; 4678 } 4679 4680 /* 4681 * The nested attribute uses enum nl80211_band as the index. This maps 4682 * directly to the enum ieee80211_band values used in cfg80211. 4683 */ 4684 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 4685 { 4686 enum ieee80211_band band = nla_type(tx_rates); 4687 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4688 err = -EINVAL; 4689 goto unlock; 4690 } 4691 sband = rdev->wiphy.bands[band]; 4692 if (sband == NULL) { 4693 err = -EINVAL; 4694 goto unlock; 4695 } 4696 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 4697 nla_len(tx_rates), nl80211_txattr_policy); 4698 if (tb[NL80211_TXRATE_LEGACY]) { 4699 mask.control[band].legacy = rateset_to_mask( 4700 sband, 4701 nla_data(tb[NL80211_TXRATE_LEGACY]), 4702 nla_len(tb[NL80211_TXRATE_LEGACY])); 4703 if (mask.control[band].legacy == 0) { 4704 err = -EINVAL; 4705 goto unlock; 4706 } 4707 } 4708 } 4709 4710 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 4711 4712 unlock: 4713 dev_put(dev); 4714 cfg80211_unlock_rdev(rdev); 4715 unlock_rtnl: 4716 rtnl_unlock(); 4717 return err; 4718 } 4719 4720 static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info) 4721 { 4722 struct cfg80211_registered_device *rdev; 4723 struct net_device *dev; 4724 int err; 4725 4726 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 4727 return -EINVAL; 4728 4729 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1) 4730 return -EINVAL; 4731 4732 rtnl_lock(); 4733 4734 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4735 if (err) 4736 goto unlock_rtnl; 4737 4738 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4739 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4740 err = -EOPNOTSUPP; 4741 goto out; 4742 } 4743 4744 /* not much point in registering if we can't reply */ 4745 if (!rdev->ops->action) { 4746 err = -EOPNOTSUPP; 4747 goto out; 4748 } 4749 4750 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid, 4751 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 4752 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 4753 out: 4754 cfg80211_unlock_rdev(rdev); 4755 dev_put(dev); 4756 unlock_rtnl: 4757 rtnl_unlock(); 4758 return err; 4759 } 4760 4761 static int nl80211_action(struct sk_buff *skb, struct genl_info *info) 4762 { 4763 struct cfg80211_registered_device *rdev; 4764 struct net_device *dev; 4765 struct ieee80211_channel *chan; 4766 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4767 bool channel_type_valid = false; 4768 u32 freq; 4769 int err; 4770 void *hdr; 4771 u64 cookie; 4772 struct sk_buff *msg; 4773 4774 if (!info->attrs[NL80211_ATTR_FRAME] || 4775 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4776 return -EINVAL; 4777 4778 rtnl_lock(); 4779 4780 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4781 if (err) 4782 goto unlock_rtnl; 4783 4784 if (!rdev->ops->action) { 4785 err = -EOPNOTSUPP; 4786 goto out; 4787 } 4788 4789 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4790 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4791 err = -EOPNOTSUPP; 4792 goto out; 4793 } 4794 4795 if (!netif_running(dev)) { 4796 err = -ENETDOWN; 4797 goto out; 4798 } 4799 4800 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4801 channel_type = nla_get_u32( 4802 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4803 if (channel_type != NL80211_CHAN_NO_HT && 4804 channel_type != NL80211_CHAN_HT20 && 4805 channel_type != NL80211_CHAN_HT40PLUS && 4806 channel_type != NL80211_CHAN_HT40MINUS) { 4807 err = -EINVAL; 4808 goto out; 4809 } 4810 channel_type_valid = true; 4811 } 4812 4813 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4814 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4815 if (chan == NULL) { 4816 err = -EINVAL; 4817 goto out; 4818 } 4819 4820 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4821 if (!msg) { 4822 err = -ENOMEM; 4823 goto out; 4824 } 4825 4826 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4827 NL80211_CMD_ACTION); 4828 4829 if (IS_ERR(hdr)) { 4830 err = PTR_ERR(hdr); 4831 goto free_msg; 4832 } 4833 err = cfg80211_mlme_action(rdev, dev, chan, channel_type, 4834 channel_type_valid, 4835 nla_data(info->attrs[NL80211_ATTR_FRAME]), 4836 nla_len(info->attrs[NL80211_ATTR_FRAME]), 4837 &cookie); 4838 if (err) 4839 goto free_msg; 4840 4841 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4842 4843 genlmsg_end(msg, hdr); 4844 err = genlmsg_reply(msg, info); 4845 goto out; 4846 4847 nla_put_failure: 4848 err = -ENOBUFS; 4849 free_msg: 4850 nlmsg_free(msg); 4851 out: 4852 cfg80211_unlock_rdev(rdev); 4853 dev_put(dev); 4854 unlock_rtnl: 4855 rtnl_unlock(); 4856 return err; 4857 } 4858 4859 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 4860 { 4861 struct cfg80211_registered_device *rdev; 4862 struct wireless_dev *wdev; 4863 struct net_device *dev; 4864 u8 ps_state; 4865 bool state; 4866 int err; 4867 4868 if (!info->attrs[NL80211_ATTR_PS_STATE]) { 4869 err = -EINVAL; 4870 goto out; 4871 } 4872 4873 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 4874 4875 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) { 4876 err = -EINVAL; 4877 goto out; 4878 } 4879 4880 rtnl_lock(); 4881 4882 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4883 if (err) 4884 goto unlock_rdev; 4885 4886 wdev = dev->ieee80211_ptr; 4887 4888 if (!rdev->ops->set_power_mgmt) { 4889 err = -EOPNOTSUPP; 4890 goto unlock_rdev; 4891 } 4892 4893 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 4894 4895 if (state == wdev->ps) 4896 goto unlock_rdev; 4897 4898 wdev->ps = state; 4899 4900 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps, 4901 wdev->ps_timeout)) 4902 /* assume this means it's off */ 4903 wdev->ps = false; 4904 4905 unlock_rdev: 4906 cfg80211_unlock_rdev(rdev); 4907 dev_put(dev); 4908 rtnl_unlock(); 4909 4910 out: 4911 return err; 4912 } 4913 4914 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 4915 { 4916 struct cfg80211_registered_device *rdev; 4917 enum nl80211_ps_state ps_state; 4918 struct wireless_dev *wdev; 4919 struct net_device *dev; 4920 struct sk_buff *msg; 4921 void *hdr; 4922 int err; 4923 4924 rtnl_lock(); 4925 4926 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4927 if (err) 4928 goto unlock_rtnl; 4929 4930 wdev = dev->ieee80211_ptr; 4931 4932 if (!rdev->ops->set_power_mgmt) { 4933 err = -EOPNOTSUPP; 4934 goto out; 4935 } 4936 4937 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4938 if (!msg) { 4939 err = -ENOMEM; 4940 goto out; 4941 } 4942 4943 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4944 NL80211_CMD_GET_POWER_SAVE); 4945 if (!hdr) { 4946 err = -ENOMEM; 4947 goto free_msg; 4948 } 4949 4950 if (wdev->ps) 4951 ps_state = NL80211_PS_ENABLED; 4952 else 4953 ps_state = NL80211_PS_DISABLED; 4954 4955 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 4956 4957 genlmsg_end(msg, hdr); 4958 err = genlmsg_reply(msg, info); 4959 goto out; 4960 4961 nla_put_failure: 4962 err = -ENOBUFS; 4963 4964 free_msg: 4965 nlmsg_free(msg); 4966 4967 out: 4968 cfg80211_unlock_rdev(rdev); 4969 dev_put(dev); 4970 4971 unlock_rtnl: 4972 rtnl_unlock(); 4973 4974 return err; 4975 } 4976 4977 static struct nla_policy 4978 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 4979 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 4980 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 4981 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 4982 }; 4983 4984 static int nl80211_set_cqm_rssi(struct genl_info *info, 4985 s32 threshold, u32 hysteresis) 4986 { 4987 struct cfg80211_registered_device *rdev; 4988 struct wireless_dev *wdev; 4989 struct net_device *dev; 4990 int err; 4991 4992 if (threshold > 0) 4993 return -EINVAL; 4994 4995 rtnl_lock(); 4996 4997 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4998 if (err) 4999 goto unlock_rdev; 5000 5001 wdev = dev->ieee80211_ptr; 5002 5003 if (!rdev->ops->set_cqm_rssi_config) { 5004 err = -EOPNOTSUPP; 5005 goto unlock_rdev; 5006 } 5007 5008 if (wdev->iftype != NL80211_IFTYPE_STATION) { 5009 err = -EOPNOTSUPP; 5010 goto unlock_rdev; 5011 } 5012 5013 err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5014 threshold, hysteresis); 5015 5016 unlock_rdev: 5017 cfg80211_unlock_rdev(rdev); 5018 dev_put(dev); 5019 rtnl_unlock(); 5020 5021 return err; 5022 } 5023 5024 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5025 { 5026 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5027 struct nlattr *cqm; 5028 int err; 5029 5030 cqm = info->attrs[NL80211_ATTR_CQM]; 5031 if (!cqm) { 5032 err = -EINVAL; 5033 goto out; 5034 } 5035 5036 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5037 nl80211_attr_cqm_policy); 5038 if (err) 5039 goto out; 5040 5041 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5042 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5043 s32 threshold; 5044 u32 hysteresis; 5045 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5046 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5047 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5048 } else 5049 err = -EINVAL; 5050 5051 out: 5052 return err; 5053 } 5054 5055 static struct genl_ops nl80211_ops[] = { 5056 { 5057 .cmd = NL80211_CMD_GET_WIPHY, 5058 .doit = nl80211_get_wiphy, 5059 .dumpit = nl80211_dump_wiphy, 5060 .policy = nl80211_policy, 5061 /* can be retrieved by unprivileged users */ 5062 }, 5063 { 5064 .cmd = NL80211_CMD_SET_WIPHY, 5065 .doit = nl80211_set_wiphy, 5066 .policy = nl80211_policy, 5067 .flags = GENL_ADMIN_PERM, 5068 }, 5069 { 5070 .cmd = NL80211_CMD_GET_INTERFACE, 5071 .doit = nl80211_get_interface, 5072 .dumpit = nl80211_dump_interface, 5073 .policy = nl80211_policy, 5074 /* can be retrieved by unprivileged users */ 5075 }, 5076 { 5077 .cmd = NL80211_CMD_SET_INTERFACE, 5078 .doit = nl80211_set_interface, 5079 .policy = nl80211_policy, 5080 .flags = GENL_ADMIN_PERM, 5081 }, 5082 { 5083 .cmd = NL80211_CMD_NEW_INTERFACE, 5084 .doit = nl80211_new_interface, 5085 .policy = nl80211_policy, 5086 .flags = GENL_ADMIN_PERM, 5087 }, 5088 { 5089 .cmd = NL80211_CMD_DEL_INTERFACE, 5090 .doit = nl80211_del_interface, 5091 .policy = nl80211_policy, 5092 .flags = GENL_ADMIN_PERM, 5093 }, 5094 { 5095 .cmd = NL80211_CMD_GET_KEY, 5096 .doit = nl80211_get_key, 5097 .policy = nl80211_policy, 5098 .flags = GENL_ADMIN_PERM, 5099 }, 5100 { 5101 .cmd = NL80211_CMD_SET_KEY, 5102 .doit = nl80211_set_key, 5103 .policy = nl80211_policy, 5104 .flags = GENL_ADMIN_PERM, 5105 }, 5106 { 5107 .cmd = NL80211_CMD_NEW_KEY, 5108 .doit = nl80211_new_key, 5109 .policy = nl80211_policy, 5110 .flags = GENL_ADMIN_PERM, 5111 }, 5112 { 5113 .cmd = NL80211_CMD_DEL_KEY, 5114 .doit = nl80211_del_key, 5115 .policy = nl80211_policy, 5116 .flags = GENL_ADMIN_PERM, 5117 }, 5118 { 5119 .cmd = NL80211_CMD_SET_BEACON, 5120 .policy = nl80211_policy, 5121 .flags = GENL_ADMIN_PERM, 5122 .doit = nl80211_addset_beacon, 5123 }, 5124 { 5125 .cmd = NL80211_CMD_NEW_BEACON, 5126 .policy = nl80211_policy, 5127 .flags = GENL_ADMIN_PERM, 5128 .doit = nl80211_addset_beacon, 5129 }, 5130 { 5131 .cmd = NL80211_CMD_DEL_BEACON, 5132 .policy = nl80211_policy, 5133 .flags = GENL_ADMIN_PERM, 5134 .doit = nl80211_del_beacon, 5135 }, 5136 { 5137 .cmd = NL80211_CMD_GET_STATION, 5138 .doit = nl80211_get_station, 5139 .dumpit = nl80211_dump_station, 5140 .policy = nl80211_policy, 5141 }, 5142 { 5143 .cmd = NL80211_CMD_SET_STATION, 5144 .doit = nl80211_set_station, 5145 .policy = nl80211_policy, 5146 .flags = GENL_ADMIN_PERM, 5147 }, 5148 { 5149 .cmd = NL80211_CMD_NEW_STATION, 5150 .doit = nl80211_new_station, 5151 .policy = nl80211_policy, 5152 .flags = GENL_ADMIN_PERM, 5153 }, 5154 { 5155 .cmd = NL80211_CMD_DEL_STATION, 5156 .doit = nl80211_del_station, 5157 .policy = nl80211_policy, 5158 .flags = GENL_ADMIN_PERM, 5159 }, 5160 { 5161 .cmd = NL80211_CMD_GET_MPATH, 5162 .doit = nl80211_get_mpath, 5163 .dumpit = nl80211_dump_mpath, 5164 .policy = nl80211_policy, 5165 .flags = GENL_ADMIN_PERM, 5166 }, 5167 { 5168 .cmd = NL80211_CMD_SET_MPATH, 5169 .doit = nl80211_set_mpath, 5170 .policy = nl80211_policy, 5171 .flags = GENL_ADMIN_PERM, 5172 }, 5173 { 5174 .cmd = NL80211_CMD_NEW_MPATH, 5175 .doit = nl80211_new_mpath, 5176 .policy = nl80211_policy, 5177 .flags = GENL_ADMIN_PERM, 5178 }, 5179 { 5180 .cmd = NL80211_CMD_DEL_MPATH, 5181 .doit = nl80211_del_mpath, 5182 .policy = nl80211_policy, 5183 .flags = GENL_ADMIN_PERM, 5184 }, 5185 { 5186 .cmd = NL80211_CMD_SET_BSS, 5187 .doit = nl80211_set_bss, 5188 .policy = nl80211_policy, 5189 .flags = GENL_ADMIN_PERM, 5190 }, 5191 { 5192 .cmd = NL80211_CMD_GET_REG, 5193 .doit = nl80211_get_reg, 5194 .policy = nl80211_policy, 5195 /* can be retrieved by unprivileged users */ 5196 }, 5197 { 5198 .cmd = NL80211_CMD_SET_REG, 5199 .doit = nl80211_set_reg, 5200 .policy = nl80211_policy, 5201 .flags = GENL_ADMIN_PERM, 5202 }, 5203 { 5204 .cmd = NL80211_CMD_REQ_SET_REG, 5205 .doit = nl80211_req_set_reg, 5206 .policy = nl80211_policy, 5207 .flags = GENL_ADMIN_PERM, 5208 }, 5209 { 5210 .cmd = NL80211_CMD_GET_MESH_PARAMS, 5211 .doit = nl80211_get_mesh_params, 5212 .policy = nl80211_policy, 5213 /* can be retrieved by unprivileged users */ 5214 }, 5215 { 5216 .cmd = NL80211_CMD_SET_MESH_PARAMS, 5217 .doit = nl80211_set_mesh_params, 5218 .policy = nl80211_policy, 5219 .flags = GENL_ADMIN_PERM, 5220 }, 5221 { 5222 .cmd = NL80211_CMD_TRIGGER_SCAN, 5223 .doit = nl80211_trigger_scan, 5224 .policy = nl80211_policy, 5225 .flags = GENL_ADMIN_PERM, 5226 }, 5227 { 5228 .cmd = NL80211_CMD_GET_SCAN, 5229 .policy = nl80211_policy, 5230 .dumpit = nl80211_dump_scan, 5231 }, 5232 { 5233 .cmd = NL80211_CMD_AUTHENTICATE, 5234 .doit = nl80211_authenticate, 5235 .policy = nl80211_policy, 5236 .flags = GENL_ADMIN_PERM, 5237 }, 5238 { 5239 .cmd = NL80211_CMD_ASSOCIATE, 5240 .doit = nl80211_associate, 5241 .policy = nl80211_policy, 5242 .flags = GENL_ADMIN_PERM, 5243 }, 5244 { 5245 .cmd = NL80211_CMD_DEAUTHENTICATE, 5246 .doit = nl80211_deauthenticate, 5247 .policy = nl80211_policy, 5248 .flags = GENL_ADMIN_PERM, 5249 }, 5250 { 5251 .cmd = NL80211_CMD_DISASSOCIATE, 5252 .doit = nl80211_disassociate, 5253 .policy = nl80211_policy, 5254 .flags = GENL_ADMIN_PERM, 5255 }, 5256 { 5257 .cmd = NL80211_CMD_JOIN_IBSS, 5258 .doit = nl80211_join_ibss, 5259 .policy = nl80211_policy, 5260 .flags = GENL_ADMIN_PERM, 5261 }, 5262 { 5263 .cmd = NL80211_CMD_LEAVE_IBSS, 5264 .doit = nl80211_leave_ibss, 5265 .policy = nl80211_policy, 5266 .flags = GENL_ADMIN_PERM, 5267 }, 5268 #ifdef CONFIG_NL80211_TESTMODE 5269 { 5270 .cmd = NL80211_CMD_TESTMODE, 5271 .doit = nl80211_testmode_do, 5272 .policy = nl80211_policy, 5273 .flags = GENL_ADMIN_PERM, 5274 }, 5275 #endif 5276 { 5277 .cmd = NL80211_CMD_CONNECT, 5278 .doit = nl80211_connect, 5279 .policy = nl80211_policy, 5280 .flags = GENL_ADMIN_PERM, 5281 }, 5282 { 5283 .cmd = NL80211_CMD_DISCONNECT, 5284 .doit = nl80211_disconnect, 5285 .policy = nl80211_policy, 5286 .flags = GENL_ADMIN_PERM, 5287 }, 5288 { 5289 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 5290 .doit = nl80211_wiphy_netns, 5291 .policy = nl80211_policy, 5292 .flags = GENL_ADMIN_PERM, 5293 }, 5294 { 5295 .cmd = NL80211_CMD_GET_SURVEY, 5296 .policy = nl80211_policy, 5297 .dumpit = nl80211_dump_survey, 5298 }, 5299 { 5300 .cmd = NL80211_CMD_SET_PMKSA, 5301 .doit = nl80211_setdel_pmksa, 5302 .policy = nl80211_policy, 5303 .flags = GENL_ADMIN_PERM, 5304 }, 5305 { 5306 .cmd = NL80211_CMD_DEL_PMKSA, 5307 .doit = nl80211_setdel_pmksa, 5308 .policy = nl80211_policy, 5309 .flags = GENL_ADMIN_PERM, 5310 }, 5311 { 5312 .cmd = NL80211_CMD_FLUSH_PMKSA, 5313 .doit = nl80211_flush_pmksa, 5314 .policy = nl80211_policy, 5315 .flags = GENL_ADMIN_PERM, 5316 }, 5317 { 5318 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 5319 .doit = nl80211_remain_on_channel, 5320 .policy = nl80211_policy, 5321 .flags = GENL_ADMIN_PERM, 5322 }, 5323 { 5324 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5325 .doit = nl80211_cancel_remain_on_channel, 5326 .policy = nl80211_policy, 5327 .flags = GENL_ADMIN_PERM, 5328 }, 5329 { 5330 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 5331 .doit = nl80211_set_tx_bitrate_mask, 5332 .policy = nl80211_policy, 5333 .flags = GENL_ADMIN_PERM, 5334 }, 5335 { 5336 .cmd = NL80211_CMD_REGISTER_ACTION, 5337 .doit = nl80211_register_action, 5338 .policy = nl80211_policy, 5339 .flags = GENL_ADMIN_PERM, 5340 }, 5341 { 5342 .cmd = NL80211_CMD_ACTION, 5343 .doit = nl80211_action, 5344 .policy = nl80211_policy, 5345 .flags = GENL_ADMIN_PERM, 5346 }, 5347 { 5348 .cmd = NL80211_CMD_SET_POWER_SAVE, 5349 .doit = nl80211_set_power_save, 5350 .policy = nl80211_policy, 5351 .flags = GENL_ADMIN_PERM, 5352 }, 5353 { 5354 .cmd = NL80211_CMD_GET_POWER_SAVE, 5355 .doit = nl80211_get_power_save, 5356 .policy = nl80211_policy, 5357 /* can be retrieved by unprivileged users */ 5358 }, 5359 { 5360 .cmd = NL80211_CMD_SET_CQM, 5361 .doit = nl80211_set_cqm, 5362 .policy = nl80211_policy, 5363 .flags = GENL_ADMIN_PERM, 5364 }, 5365 { 5366 .cmd = NL80211_CMD_SET_CHANNEL, 5367 .doit = nl80211_set_channel, 5368 .policy = nl80211_policy, 5369 .flags = GENL_ADMIN_PERM, 5370 }, 5371 }; 5372 5373 static struct genl_multicast_group nl80211_mlme_mcgrp = { 5374 .name = "mlme", 5375 }; 5376 5377 /* multicast groups */ 5378 static struct genl_multicast_group nl80211_config_mcgrp = { 5379 .name = "config", 5380 }; 5381 static struct genl_multicast_group nl80211_scan_mcgrp = { 5382 .name = "scan", 5383 }; 5384 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 5385 .name = "regulatory", 5386 }; 5387 5388 /* notification functions */ 5389 5390 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 5391 { 5392 struct sk_buff *msg; 5393 5394 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5395 if (!msg) 5396 return; 5397 5398 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 5399 nlmsg_free(msg); 5400 return; 5401 } 5402 5403 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5404 nl80211_config_mcgrp.id, GFP_KERNEL); 5405 } 5406 5407 static int nl80211_add_scan_req(struct sk_buff *msg, 5408 struct cfg80211_registered_device *rdev) 5409 { 5410 struct cfg80211_scan_request *req = rdev->scan_req; 5411 struct nlattr *nest; 5412 int i; 5413 5414 ASSERT_RDEV_LOCK(rdev); 5415 5416 if (WARN_ON(!req)) 5417 return 0; 5418 5419 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 5420 if (!nest) 5421 goto nla_put_failure; 5422 for (i = 0; i < req->n_ssids; i++) 5423 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 5424 nla_nest_end(msg, nest); 5425 5426 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5427 if (!nest) 5428 goto nla_put_failure; 5429 for (i = 0; i < req->n_channels; i++) 5430 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 5431 nla_nest_end(msg, nest); 5432 5433 if (req->ie) 5434 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 5435 5436 return 0; 5437 nla_put_failure: 5438 return -ENOBUFS; 5439 } 5440 5441 static int nl80211_send_scan_msg(struct sk_buff *msg, 5442 struct cfg80211_registered_device *rdev, 5443 struct net_device *netdev, 5444 u32 pid, u32 seq, int flags, 5445 u32 cmd) 5446 { 5447 void *hdr; 5448 5449 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 5450 if (!hdr) 5451 return -1; 5452 5453 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5454 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5455 5456 /* ignore errors and send incomplete event anyway */ 5457 nl80211_add_scan_req(msg, rdev); 5458 5459 return genlmsg_end(msg, hdr); 5460 5461 nla_put_failure: 5462 genlmsg_cancel(msg, hdr); 5463 return -EMSGSIZE; 5464 } 5465 5466 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 5467 struct net_device *netdev) 5468 { 5469 struct sk_buff *msg; 5470 5471 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5472 if (!msg) 5473 return; 5474 5475 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5476 NL80211_CMD_TRIGGER_SCAN) < 0) { 5477 nlmsg_free(msg); 5478 return; 5479 } 5480 5481 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5482 nl80211_scan_mcgrp.id, GFP_KERNEL); 5483 } 5484 5485 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 5486 struct net_device *netdev) 5487 { 5488 struct sk_buff *msg; 5489 5490 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5491 if (!msg) 5492 return; 5493 5494 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5495 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 5496 nlmsg_free(msg); 5497 return; 5498 } 5499 5500 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5501 nl80211_scan_mcgrp.id, GFP_KERNEL); 5502 } 5503 5504 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 5505 struct net_device *netdev) 5506 { 5507 struct sk_buff *msg; 5508 5509 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5510 if (!msg) 5511 return; 5512 5513 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5514 NL80211_CMD_SCAN_ABORTED) < 0) { 5515 nlmsg_free(msg); 5516 return; 5517 } 5518 5519 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5520 nl80211_scan_mcgrp.id, GFP_KERNEL); 5521 } 5522 5523 /* 5524 * This can happen on global regulatory changes or device specific settings 5525 * based on custom world regulatory domains. 5526 */ 5527 void nl80211_send_reg_change_event(struct regulatory_request *request) 5528 { 5529 struct sk_buff *msg; 5530 void *hdr; 5531 5532 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5533 if (!msg) 5534 return; 5535 5536 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 5537 if (!hdr) { 5538 nlmsg_free(msg); 5539 return; 5540 } 5541 5542 /* Userspace can always count this one always being set */ 5543 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 5544 5545 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 5546 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5547 NL80211_REGDOM_TYPE_WORLD); 5548 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 5549 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5550 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 5551 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 5552 request->intersect) 5553 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5554 NL80211_REGDOM_TYPE_INTERSECTION); 5555 else { 5556 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5557 NL80211_REGDOM_TYPE_COUNTRY); 5558 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 5559 } 5560 5561 if (wiphy_idx_valid(request->wiphy_idx)) 5562 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 5563 5564 if (genlmsg_end(msg, hdr) < 0) { 5565 nlmsg_free(msg); 5566 return; 5567 } 5568 5569 rcu_read_lock(); 5570 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5571 GFP_ATOMIC); 5572 rcu_read_unlock(); 5573 5574 return; 5575 5576 nla_put_failure: 5577 genlmsg_cancel(msg, hdr); 5578 nlmsg_free(msg); 5579 } 5580 5581 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 5582 struct net_device *netdev, 5583 const u8 *buf, size_t len, 5584 enum nl80211_commands cmd, gfp_t gfp) 5585 { 5586 struct sk_buff *msg; 5587 void *hdr; 5588 5589 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5590 if (!msg) 5591 return; 5592 5593 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5594 if (!hdr) { 5595 nlmsg_free(msg); 5596 return; 5597 } 5598 5599 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5600 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5601 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5602 5603 if (genlmsg_end(msg, hdr) < 0) { 5604 nlmsg_free(msg); 5605 return; 5606 } 5607 5608 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5609 nl80211_mlme_mcgrp.id, gfp); 5610 return; 5611 5612 nla_put_failure: 5613 genlmsg_cancel(msg, hdr); 5614 nlmsg_free(msg); 5615 } 5616 5617 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 5618 struct net_device *netdev, const u8 *buf, 5619 size_t len, gfp_t gfp) 5620 { 5621 nl80211_send_mlme_event(rdev, netdev, buf, len, 5622 NL80211_CMD_AUTHENTICATE, gfp); 5623 } 5624 5625 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 5626 struct net_device *netdev, const u8 *buf, 5627 size_t len, gfp_t gfp) 5628 { 5629 nl80211_send_mlme_event(rdev, netdev, buf, len, 5630 NL80211_CMD_ASSOCIATE, gfp); 5631 } 5632 5633 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 5634 struct net_device *netdev, const u8 *buf, 5635 size_t len, gfp_t gfp) 5636 { 5637 nl80211_send_mlme_event(rdev, netdev, buf, len, 5638 NL80211_CMD_DEAUTHENTICATE, gfp); 5639 } 5640 5641 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 5642 struct net_device *netdev, const u8 *buf, 5643 size_t len, gfp_t gfp) 5644 { 5645 nl80211_send_mlme_event(rdev, netdev, buf, len, 5646 NL80211_CMD_DISASSOCIATE, gfp); 5647 } 5648 5649 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 5650 struct net_device *netdev, int cmd, 5651 const u8 *addr, gfp_t gfp) 5652 { 5653 struct sk_buff *msg; 5654 void *hdr; 5655 5656 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5657 if (!msg) 5658 return; 5659 5660 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5661 if (!hdr) { 5662 nlmsg_free(msg); 5663 return; 5664 } 5665 5666 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5667 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5668 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 5669 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5670 5671 if (genlmsg_end(msg, hdr) < 0) { 5672 nlmsg_free(msg); 5673 return; 5674 } 5675 5676 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5677 nl80211_mlme_mcgrp.id, gfp); 5678 return; 5679 5680 nla_put_failure: 5681 genlmsg_cancel(msg, hdr); 5682 nlmsg_free(msg); 5683 } 5684 5685 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 5686 struct net_device *netdev, const u8 *addr, 5687 gfp_t gfp) 5688 { 5689 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 5690 addr, gfp); 5691 } 5692 5693 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 5694 struct net_device *netdev, const u8 *addr, 5695 gfp_t gfp) 5696 { 5697 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 5698 addr, gfp); 5699 } 5700 5701 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 5702 struct net_device *netdev, const u8 *bssid, 5703 const u8 *req_ie, size_t req_ie_len, 5704 const u8 *resp_ie, size_t resp_ie_len, 5705 u16 status, gfp_t gfp) 5706 { 5707 struct sk_buff *msg; 5708 void *hdr; 5709 5710 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5711 if (!msg) 5712 return; 5713 5714 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 5715 if (!hdr) { 5716 nlmsg_free(msg); 5717 return; 5718 } 5719 5720 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5721 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5722 if (bssid) 5723 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5724 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 5725 if (req_ie) 5726 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5727 if (resp_ie) 5728 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5729 5730 if (genlmsg_end(msg, hdr) < 0) { 5731 nlmsg_free(msg); 5732 return; 5733 } 5734 5735 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5736 nl80211_mlme_mcgrp.id, gfp); 5737 return; 5738 5739 nla_put_failure: 5740 genlmsg_cancel(msg, hdr); 5741 nlmsg_free(msg); 5742 5743 } 5744 5745 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 5746 struct net_device *netdev, const u8 *bssid, 5747 const u8 *req_ie, size_t req_ie_len, 5748 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 5749 { 5750 struct sk_buff *msg; 5751 void *hdr; 5752 5753 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5754 if (!msg) 5755 return; 5756 5757 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 5758 if (!hdr) { 5759 nlmsg_free(msg); 5760 return; 5761 } 5762 5763 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5764 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5765 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5766 if (req_ie) 5767 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5768 if (resp_ie) 5769 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5770 5771 if (genlmsg_end(msg, hdr) < 0) { 5772 nlmsg_free(msg); 5773 return; 5774 } 5775 5776 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5777 nl80211_mlme_mcgrp.id, gfp); 5778 return; 5779 5780 nla_put_failure: 5781 genlmsg_cancel(msg, hdr); 5782 nlmsg_free(msg); 5783 5784 } 5785 5786 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 5787 struct net_device *netdev, u16 reason, 5788 const u8 *ie, size_t ie_len, bool from_ap) 5789 { 5790 struct sk_buff *msg; 5791 void *hdr; 5792 5793 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5794 if (!msg) 5795 return; 5796 5797 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 5798 if (!hdr) { 5799 nlmsg_free(msg); 5800 return; 5801 } 5802 5803 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5804 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5805 if (from_ap && reason) 5806 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 5807 if (from_ap) 5808 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 5809 if (ie) 5810 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 5811 5812 if (genlmsg_end(msg, hdr) < 0) { 5813 nlmsg_free(msg); 5814 return; 5815 } 5816 5817 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5818 nl80211_mlme_mcgrp.id, GFP_KERNEL); 5819 return; 5820 5821 nla_put_failure: 5822 genlmsg_cancel(msg, hdr); 5823 nlmsg_free(msg); 5824 5825 } 5826 5827 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 5828 struct net_device *netdev, const u8 *bssid, 5829 gfp_t gfp) 5830 { 5831 struct sk_buff *msg; 5832 void *hdr; 5833 5834 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5835 if (!msg) 5836 return; 5837 5838 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 5839 if (!hdr) { 5840 nlmsg_free(msg); 5841 return; 5842 } 5843 5844 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5845 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5846 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5847 5848 if (genlmsg_end(msg, hdr) < 0) { 5849 nlmsg_free(msg); 5850 return; 5851 } 5852 5853 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5854 nl80211_mlme_mcgrp.id, gfp); 5855 return; 5856 5857 nla_put_failure: 5858 genlmsg_cancel(msg, hdr); 5859 nlmsg_free(msg); 5860 } 5861 5862 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5863 struct net_device *netdev, const u8 *addr, 5864 enum nl80211_key_type key_type, int key_id, 5865 const u8 *tsc, gfp_t gfp) 5866 { 5867 struct sk_buff *msg; 5868 void *hdr; 5869 5870 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5871 if (!msg) 5872 return; 5873 5874 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 5875 if (!hdr) { 5876 nlmsg_free(msg); 5877 return; 5878 } 5879 5880 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5881 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5882 if (addr) 5883 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5884 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 5885 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 5886 if (tsc) 5887 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 5888 5889 if (genlmsg_end(msg, hdr) < 0) { 5890 nlmsg_free(msg); 5891 return; 5892 } 5893 5894 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5895 nl80211_mlme_mcgrp.id, gfp); 5896 return; 5897 5898 nla_put_failure: 5899 genlmsg_cancel(msg, hdr); 5900 nlmsg_free(msg); 5901 } 5902 5903 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 5904 struct ieee80211_channel *channel_before, 5905 struct ieee80211_channel *channel_after) 5906 { 5907 struct sk_buff *msg; 5908 void *hdr; 5909 struct nlattr *nl_freq; 5910 5911 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 5912 if (!msg) 5913 return; 5914 5915 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 5916 if (!hdr) { 5917 nlmsg_free(msg); 5918 return; 5919 } 5920 5921 /* 5922 * Since we are applying the beacon hint to a wiphy we know its 5923 * wiphy_idx is valid 5924 */ 5925 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 5926 5927 /* Before */ 5928 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 5929 if (!nl_freq) 5930 goto nla_put_failure; 5931 if (nl80211_msg_put_channel(msg, channel_before)) 5932 goto nla_put_failure; 5933 nla_nest_end(msg, nl_freq); 5934 5935 /* After */ 5936 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 5937 if (!nl_freq) 5938 goto nla_put_failure; 5939 if (nl80211_msg_put_channel(msg, channel_after)) 5940 goto nla_put_failure; 5941 nla_nest_end(msg, nl_freq); 5942 5943 if (genlmsg_end(msg, hdr) < 0) { 5944 nlmsg_free(msg); 5945 return; 5946 } 5947 5948 rcu_read_lock(); 5949 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5950 GFP_ATOMIC); 5951 rcu_read_unlock(); 5952 5953 return; 5954 5955 nla_put_failure: 5956 genlmsg_cancel(msg, hdr); 5957 nlmsg_free(msg); 5958 } 5959 5960 static void nl80211_send_remain_on_chan_event( 5961 int cmd, struct cfg80211_registered_device *rdev, 5962 struct net_device *netdev, u64 cookie, 5963 struct ieee80211_channel *chan, 5964 enum nl80211_channel_type channel_type, 5965 unsigned int duration, gfp_t gfp) 5966 { 5967 struct sk_buff *msg; 5968 void *hdr; 5969 5970 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5971 if (!msg) 5972 return; 5973 5974 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5975 if (!hdr) { 5976 nlmsg_free(msg); 5977 return; 5978 } 5979 5980 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5981 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5982 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 5983 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 5984 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5985 5986 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 5987 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5988 5989 if (genlmsg_end(msg, hdr) < 0) { 5990 nlmsg_free(msg); 5991 return; 5992 } 5993 5994 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5995 nl80211_mlme_mcgrp.id, gfp); 5996 return; 5997 5998 nla_put_failure: 5999 genlmsg_cancel(msg, hdr); 6000 nlmsg_free(msg); 6001 } 6002 6003 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 6004 struct net_device *netdev, u64 cookie, 6005 struct ieee80211_channel *chan, 6006 enum nl80211_channel_type channel_type, 6007 unsigned int duration, gfp_t gfp) 6008 { 6009 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 6010 rdev, netdev, cookie, chan, 6011 channel_type, duration, gfp); 6012 } 6013 6014 void nl80211_send_remain_on_channel_cancel( 6015 struct cfg80211_registered_device *rdev, struct net_device *netdev, 6016 u64 cookie, struct ieee80211_channel *chan, 6017 enum nl80211_channel_type channel_type, gfp_t gfp) 6018 { 6019 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6020 rdev, netdev, cookie, chan, 6021 channel_type, 0, gfp); 6022 } 6023 6024 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 6025 struct net_device *dev, const u8 *mac_addr, 6026 struct station_info *sinfo, gfp_t gfp) 6027 { 6028 struct sk_buff *msg; 6029 6030 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6031 if (!msg) 6032 return; 6033 6034 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) { 6035 nlmsg_free(msg); 6036 return; 6037 } 6038 6039 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6040 nl80211_mlme_mcgrp.id, gfp); 6041 } 6042 6043 int nl80211_send_action(struct cfg80211_registered_device *rdev, 6044 struct net_device *netdev, u32 nlpid, 6045 int freq, const u8 *buf, size_t len, gfp_t gfp) 6046 { 6047 struct sk_buff *msg; 6048 void *hdr; 6049 int err; 6050 6051 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6052 if (!msg) 6053 return -ENOMEM; 6054 6055 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION); 6056 if (!hdr) { 6057 nlmsg_free(msg); 6058 return -ENOMEM; 6059 } 6060 6061 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6062 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6063 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6064 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6065 6066 err = genlmsg_end(msg, hdr); 6067 if (err < 0) { 6068 nlmsg_free(msg); 6069 return err; 6070 } 6071 6072 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 6073 if (err < 0) 6074 return err; 6075 return 0; 6076 6077 nla_put_failure: 6078 genlmsg_cancel(msg, hdr); 6079 nlmsg_free(msg); 6080 return -ENOBUFS; 6081 } 6082 6083 void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev, 6084 struct net_device *netdev, u64 cookie, 6085 const u8 *buf, size_t len, bool ack, 6086 gfp_t gfp) 6087 { 6088 struct sk_buff *msg; 6089 void *hdr; 6090 6091 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6092 if (!msg) 6093 return; 6094 6095 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS); 6096 if (!hdr) { 6097 nlmsg_free(msg); 6098 return; 6099 } 6100 6101 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6102 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6103 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6104 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6105 if (ack) 6106 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 6107 6108 if (genlmsg_end(msg, hdr) < 0) { 6109 nlmsg_free(msg); 6110 return; 6111 } 6112 6113 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 6114 return; 6115 6116 nla_put_failure: 6117 genlmsg_cancel(msg, hdr); 6118 nlmsg_free(msg); 6119 } 6120 6121 void 6122 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 6123 struct net_device *netdev, 6124 enum nl80211_cqm_rssi_threshold_event rssi_event, 6125 gfp_t gfp) 6126 { 6127 struct sk_buff *msg; 6128 struct nlattr *pinfoattr; 6129 void *hdr; 6130 6131 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6132 if (!msg) 6133 return; 6134 6135 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 6136 if (!hdr) { 6137 nlmsg_free(msg); 6138 return; 6139 } 6140 6141 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6142 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6143 6144 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 6145 if (!pinfoattr) 6146 goto nla_put_failure; 6147 6148 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 6149 rssi_event); 6150 6151 nla_nest_end(msg, pinfoattr); 6152 6153 if (genlmsg_end(msg, hdr) < 0) { 6154 nlmsg_free(msg); 6155 return; 6156 } 6157 6158 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6159 nl80211_mlme_mcgrp.id, gfp); 6160 return; 6161 6162 nla_put_failure: 6163 genlmsg_cancel(msg, hdr); 6164 nlmsg_free(msg); 6165 } 6166 6167 static int nl80211_netlink_notify(struct notifier_block * nb, 6168 unsigned long state, 6169 void *_notify) 6170 { 6171 struct netlink_notify *notify = _notify; 6172 struct cfg80211_registered_device *rdev; 6173 struct wireless_dev *wdev; 6174 6175 if (state != NETLINK_URELEASE) 6176 return NOTIFY_DONE; 6177 6178 rcu_read_lock(); 6179 6180 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) 6181 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 6182 cfg80211_mlme_unregister_actions(wdev, notify->pid); 6183 6184 rcu_read_unlock(); 6185 6186 return NOTIFY_DONE; 6187 } 6188 6189 static struct notifier_block nl80211_netlink_notifier = { 6190 .notifier_call = nl80211_netlink_notify, 6191 }; 6192 6193 /* initialisation/exit functions */ 6194 6195 int nl80211_init(void) 6196 { 6197 int err; 6198 6199 err = genl_register_family_with_ops(&nl80211_fam, 6200 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 6201 if (err) 6202 return err; 6203 6204 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 6205 if (err) 6206 goto err_out; 6207 6208 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 6209 if (err) 6210 goto err_out; 6211 6212 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 6213 if (err) 6214 goto err_out; 6215 6216 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 6217 if (err) 6218 goto err_out; 6219 6220 #ifdef CONFIG_NL80211_TESTMODE 6221 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 6222 if (err) 6223 goto err_out; 6224 #endif 6225 6226 err = netlink_register_notifier(&nl80211_netlink_notifier); 6227 if (err) 6228 goto err_out; 6229 6230 return 0; 6231 err_out: 6232 genl_unregister_family(&nl80211_fam); 6233 return err; 6234 } 6235 6236 void nl80211_exit(void) 6237 { 6238 netlink_unregister_notifier(&nl80211_netlink_notifier); 6239 genl_unregister_family(&nl80211_fam); 6240 } 6241