1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 /* the netlink family */ 27 static struct genl_family nl80211_fam = { 28 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 29 .name = "nl80211", /* have users key off the name instead */ 30 .hdrsize = 0, /* no private header */ 31 .version = 1, /* no particular meaning now */ 32 .maxattr = NL80211_ATTR_MAX, 33 .netnsok = true, 34 }; 35 36 /* internal helper: get rdev and dev */ 37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info, 38 struct cfg80211_registered_device **rdev, 39 struct net_device **dev) 40 { 41 struct nlattr **attrs = info->attrs; 42 int ifindex; 43 44 if (!attrs[NL80211_ATTR_IFINDEX]) 45 return -EINVAL; 46 47 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 48 *dev = dev_get_by_index(genl_info_net(info), ifindex); 49 if (!*dev) 50 return -ENODEV; 51 52 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex); 53 if (IS_ERR(*rdev)) { 54 dev_put(*dev); 55 return PTR_ERR(*rdev); 56 } 57 58 return 0; 59 } 60 61 /* policy for the attributes */ 62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 65 .len = 20-1 }, 66 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 67 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 68 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 69 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 74 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 77 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 78 79 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN }, 80 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN }, 81 82 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 83 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 84 .len = WLAN_MAX_KEY_LEN }, 85 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 86 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 87 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 88 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 89 90 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 91 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 92 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 93 .len = IEEE80211_MAX_DATA_LEN }, 94 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 95 .len = IEEE80211_MAX_DATA_LEN }, 96 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 97 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 98 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 99 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 100 .len = NL80211_MAX_SUPP_RATES }, 101 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 102 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 103 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 104 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 105 .len = IEEE80211_MAX_MESH_ID_LEN }, 106 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 107 108 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 109 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 110 111 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 112 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 113 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 114 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 115 .len = NL80211_MAX_SUPP_RATES }, 116 117 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED }, 118 119 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 120 .len = NL80211_HT_CAPABILITY_LEN }, 121 122 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 123 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 124 .len = IEEE80211_MAX_DATA_LEN }, 125 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 127 128 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 129 .len = IEEE80211_MAX_SSID_LEN }, 130 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 131 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 132 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 134 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 135 [NL80211_ATTR_STA_FLAGS2] = { 136 .len = sizeof(struct nl80211_sta_flag_update), 137 }, 138 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 139 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 145 .len = WLAN_PMKID_LEN }, 146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 150 .len = IEEE80211_MAX_DATA_LEN }, 151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 153 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 154 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 156 }; 157 158 /* policy for the attributes */ 159 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 160 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 161 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 162 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 163 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 164 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 165 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 166 }; 167 168 /* ifidx get helper */ 169 static int nl80211_get_ifidx(struct netlink_callback *cb) 170 { 171 int res; 172 173 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 174 nl80211_fam.attrbuf, nl80211_fam.maxattr, 175 nl80211_policy); 176 if (res) 177 return res; 178 179 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 180 return -EINVAL; 181 182 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 183 if (!res) 184 return -EINVAL; 185 return res; 186 } 187 188 /* IE validation */ 189 static bool is_valid_ie_attr(const struct nlattr *attr) 190 { 191 const u8 *pos; 192 int len; 193 194 if (!attr) 195 return true; 196 197 pos = nla_data(attr); 198 len = nla_len(attr); 199 200 while (len) { 201 u8 elemlen; 202 203 if (len < 2) 204 return false; 205 len -= 2; 206 207 elemlen = pos[1]; 208 if (elemlen > len) 209 return false; 210 211 len -= elemlen; 212 pos += 2 + elemlen; 213 } 214 215 return true; 216 } 217 218 /* message building helper */ 219 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 220 int flags, u8 cmd) 221 { 222 /* since there is no private header just add the generic one */ 223 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 224 } 225 226 static int nl80211_msg_put_channel(struct sk_buff *msg, 227 struct ieee80211_channel *chan) 228 { 229 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 230 chan->center_freq); 231 232 if (chan->flags & IEEE80211_CHAN_DISABLED) 233 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 234 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 235 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 236 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 237 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 238 if (chan->flags & IEEE80211_CHAN_RADAR) 239 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 240 241 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 242 DBM_TO_MBM(chan->max_power)); 243 244 return 0; 245 246 nla_put_failure: 247 return -ENOBUFS; 248 } 249 250 /* netlink command implementations */ 251 252 struct key_parse { 253 struct key_params p; 254 int idx; 255 bool def, defmgmt; 256 }; 257 258 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 259 { 260 struct nlattr *tb[NL80211_KEY_MAX + 1]; 261 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 262 nl80211_key_policy); 263 if (err) 264 return err; 265 266 k->def = !!tb[NL80211_KEY_DEFAULT]; 267 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 268 269 if (tb[NL80211_KEY_IDX]) 270 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 271 272 if (tb[NL80211_KEY_DATA]) { 273 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 274 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 275 } 276 277 if (tb[NL80211_KEY_SEQ]) { 278 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 279 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 280 } 281 282 if (tb[NL80211_KEY_CIPHER]) 283 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 284 285 return 0; 286 } 287 288 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 289 { 290 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 291 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 292 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 293 } 294 295 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 296 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 297 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 298 } 299 300 if (info->attrs[NL80211_ATTR_KEY_IDX]) 301 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 302 303 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 304 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 305 306 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 307 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 308 309 return 0; 310 } 311 312 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 313 { 314 int err; 315 316 memset(k, 0, sizeof(*k)); 317 k->idx = -1; 318 319 if (info->attrs[NL80211_ATTR_KEY]) 320 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 321 else 322 err = nl80211_parse_key_old(info, k); 323 324 if (err) 325 return err; 326 327 if (k->def && k->defmgmt) 328 return -EINVAL; 329 330 if (k->idx != -1) { 331 if (k->defmgmt) { 332 if (k->idx < 4 || k->idx > 5) 333 return -EINVAL; 334 } else if (k->def) { 335 if (k->idx < 0 || k->idx > 3) 336 return -EINVAL; 337 } else { 338 if (k->idx < 0 || k->idx > 5) 339 return -EINVAL; 340 } 341 } 342 343 return 0; 344 } 345 346 static struct cfg80211_cached_keys * 347 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 348 struct nlattr *keys) 349 { 350 struct key_parse parse; 351 struct nlattr *key; 352 struct cfg80211_cached_keys *result; 353 int rem, err, def = 0; 354 355 result = kzalloc(sizeof(*result), GFP_KERNEL); 356 if (!result) 357 return ERR_PTR(-ENOMEM); 358 359 result->def = -1; 360 result->defmgmt = -1; 361 362 nla_for_each_nested(key, keys, rem) { 363 memset(&parse, 0, sizeof(parse)); 364 parse.idx = -1; 365 366 err = nl80211_parse_key_new(key, &parse); 367 if (err) 368 goto error; 369 err = -EINVAL; 370 if (!parse.p.key) 371 goto error; 372 if (parse.idx < 0 || parse.idx > 4) 373 goto error; 374 if (parse.def) { 375 if (def) 376 goto error; 377 def = 1; 378 result->def = parse.idx; 379 } else if (parse.defmgmt) 380 goto error; 381 err = cfg80211_validate_key_settings(rdev, &parse.p, 382 parse.idx, NULL); 383 if (err) 384 goto error; 385 result->params[parse.idx].cipher = parse.p.cipher; 386 result->params[parse.idx].key_len = parse.p.key_len; 387 result->params[parse.idx].key = result->data[parse.idx]; 388 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 389 } 390 391 return result; 392 error: 393 kfree(result); 394 return ERR_PTR(err); 395 } 396 397 static int nl80211_key_allowed(struct wireless_dev *wdev) 398 { 399 ASSERT_WDEV_LOCK(wdev); 400 401 if (!netif_running(wdev->netdev)) 402 return -ENETDOWN; 403 404 switch (wdev->iftype) { 405 case NL80211_IFTYPE_AP: 406 case NL80211_IFTYPE_AP_VLAN: 407 break; 408 case NL80211_IFTYPE_ADHOC: 409 if (!wdev->current_bss) 410 return -ENOLINK; 411 break; 412 case NL80211_IFTYPE_STATION: 413 if (wdev->sme_state != CFG80211_SME_CONNECTED) 414 return -ENOLINK; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 return 0; 421 } 422 423 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 424 struct cfg80211_registered_device *dev) 425 { 426 void *hdr; 427 struct nlattr *nl_bands, *nl_band; 428 struct nlattr *nl_freqs, *nl_freq; 429 struct nlattr *nl_rates, *nl_rate; 430 struct nlattr *nl_modes; 431 struct nlattr *nl_cmds; 432 enum ieee80211_band band; 433 struct ieee80211_channel *chan; 434 struct ieee80211_rate *rate; 435 int i; 436 u16 ifmodes = dev->wiphy.interface_modes; 437 438 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 439 if (!hdr) 440 return -1; 441 442 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 443 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 444 445 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 446 cfg80211_rdev_list_generation); 447 448 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 449 dev->wiphy.retry_short); 450 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 451 dev->wiphy.retry_long); 452 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 453 dev->wiphy.frag_threshold); 454 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 455 dev->wiphy.rts_threshold); 456 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 457 dev->wiphy.coverage_class); 458 459 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 460 dev->wiphy.max_scan_ssids); 461 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 462 dev->wiphy.max_scan_ie_len); 463 464 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 465 sizeof(u32) * dev->wiphy.n_cipher_suites, 466 dev->wiphy.cipher_suites); 467 468 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 469 dev->wiphy.max_num_pmkids); 470 471 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 472 if (!nl_modes) 473 goto nla_put_failure; 474 475 i = 0; 476 while (ifmodes) { 477 if (ifmodes & 1) 478 NLA_PUT_FLAG(msg, i); 479 ifmodes >>= 1; 480 i++; 481 } 482 483 nla_nest_end(msg, nl_modes); 484 485 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 486 if (!nl_bands) 487 goto nla_put_failure; 488 489 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 490 if (!dev->wiphy.bands[band]) 491 continue; 492 493 nl_band = nla_nest_start(msg, band); 494 if (!nl_band) 495 goto nla_put_failure; 496 497 /* add HT info */ 498 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 499 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 500 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 501 &dev->wiphy.bands[band]->ht_cap.mcs); 502 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 503 dev->wiphy.bands[band]->ht_cap.cap); 504 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 505 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 506 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 507 dev->wiphy.bands[band]->ht_cap.ampdu_density); 508 } 509 510 /* add frequencies */ 511 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 512 if (!nl_freqs) 513 goto nla_put_failure; 514 515 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 516 nl_freq = nla_nest_start(msg, i); 517 if (!nl_freq) 518 goto nla_put_failure; 519 520 chan = &dev->wiphy.bands[band]->channels[i]; 521 522 if (nl80211_msg_put_channel(msg, chan)) 523 goto nla_put_failure; 524 525 nla_nest_end(msg, nl_freq); 526 } 527 528 nla_nest_end(msg, nl_freqs); 529 530 /* add bitrates */ 531 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 532 if (!nl_rates) 533 goto nla_put_failure; 534 535 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 536 nl_rate = nla_nest_start(msg, i); 537 if (!nl_rate) 538 goto nla_put_failure; 539 540 rate = &dev->wiphy.bands[band]->bitrates[i]; 541 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 542 rate->bitrate); 543 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 544 NLA_PUT_FLAG(msg, 545 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 546 547 nla_nest_end(msg, nl_rate); 548 } 549 550 nla_nest_end(msg, nl_rates); 551 552 nla_nest_end(msg, nl_band); 553 } 554 nla_nest_end(msg, nl_bands); 555 556 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 557 if (!nl_cmds) 558 goto nla_put_failure; 559 560 i = 0; 561 #define CMD(op, n) \ 562 do { \ 563 if (dev->ops->op) { \ 564 i++; \ 565 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 566 } \ 567 } while (0) 568 569 CMD(add_virtual_intf, NEW_INTERFACE); 570 CMD(change_virtual_intf, SET_INTERFACE); 571 CMD(add_key, NEW_KEY); 572 CMD(add_beacon, NEW_BEACON); 573 CMD(add_station, NEW_STATION); 574 CMD(add_mpath, NEW_MPATH); 575 CMD(set_mesh_params, SET_MESH_PARAMS); 576 CMD(change_bss, SET_BSS); 577 CMD(auth, AUTHENTICATE); 578 CMD(assoc, ASSOCIATE); 579 CMD(deauth, DEAUTHENTICATE); 580 CMD(disassoc, DISASSOCIATE); 581 CMD(join_ibss, JOIN_IBSS); 582 CMD(set_pmksa, SET_PMKSA); 583 CMD(del_pmksa, DEL_PMKSA); 584 CMD(flush_pmksa, FLUSH_PMKSA); 585 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 586 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 587 CMD(action, ACTION); 588 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 589 i++; 590 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 591 } 592 CMD(set_channel, SET_CHANNEL); 593 594 #undef CMD 595 596 if (dev->ops->connect || dev->ops->auth) { 597 i++; 598 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 599 } 600 601 if (dev->ops->disconnect || dev->ops->deauth) { 602 i++; 603 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 604 } 605 606 nla_nest_end(msg, nl_cmds); 607 608 return genlmsg_end(msg, hdr); 609 610 nla_put_failure: 611 genlmsg_cancel(msg, hdr); 612 return -EMSGSIZE; 613 } 614 615 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 616 { 617 int idx = 0; 618 int start = cb->args[0]; 619 struct cfg80211_registered_device *dev; 620 621 mutex_lock(&cfg80211_mutex); 622 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 623 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 624 continue; 625 if (++idx <= start) 626 continue; 627 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 628 cb->nlh->nlmsg_seq, NLM_F_MULTI, 629 dev) < 0) { 630 idx--; 631 break; 632 } 633 } 634 mutex_unlock(&cfg80211_mutex); 635 636 cb->args[0] = idx; 637 638 return skb->len; 639 } 640 641 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 642 { 643 struct sk_buff *msg; 644 struct cfg80211_registered_device *dev; 645 646 dev = cfg80211_get_dev_from_info(info); 647 if (IS_ERR(dev)) 648 return PTR_ERR(dev); 649 650 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 651 if (!msg) 652 goto out_err; 653 654 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) 655 goto out_free; 656 657 cfg80211_unlock_rdev(dev); 658 659 return genlmsg_reply(msg, info); 660 661 out_free: 662 nlmsg_free(msg); 663 out_err: 664 cfg80211_unlock_rdev(dev); 665 return -ENOBUFS; 666 } 667 668 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 669 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 670 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 671 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 672 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 673 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 674 }; 675 676 static int parse_txq_params(struct nlattr *tb[], 677 struct ieee80211_txq_params *txq_params) 678 { 679 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 680 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 681 !tb[NL80211_TXQ_ATTR_AIFS]) 682 return -EINVAL; 683 684 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 685 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 686 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 687 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 688 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 689 690 return 0; 691 } 692 693 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 694 { 695 /* 696 * You can only set the channel explicitly for AP, mesh 697 * and WDS type interfaces; all others have their channel 698 * managed via their respective "establish a connection" 699 * command (connect, join, ...) 700 * 701 * Monitors are special as they are normally slaved to 702 * whatever else is going on, so they behave as though 703 * you tried setting the wiphy channel itself. 704 */ 705 return !wdev || 706 wdev->iftype == NL80211_IFTYPE_AP || 707 wdev->iftype == NL80211_IFTYPE_WDS || 708 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 709 wdev->iftype == NL80211_IFTYPE_MONITOR; 710 } 711 712 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 713 struct wireless_dev *wdev, 714 struct genl_info *info) 715 { 716 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 717 u32 freq; 718 int result; 719 720 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 721 return -EINVAL; 722 723 if (!nl80211_can_set_dev_channel(wdev)) 724 return -EOPNOTSUPP; 725 726 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 727 channel_type = nla_get_u32(info->attrs[ 728 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 729 if (channel_type != NL80211_CHAN_NO_HT && 730 channel_type != NL80211_CHAN_HT20 && 731 channel_type != NL80211_CHAN_HT40PLUS && 732 channel_type != NL80211_CHAN_HT40MINUS) 733 return -EINVAL; 734 } 735 736 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 737 738 mutex_lock(&rdev->devlist_mtx); 739 if (wdev) { 740 wdev_lock(wdev); 741 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 742 wdev_unlock(wdev); 743 } else { 744 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 745 } 746 mutex_unlock(&rdev->devlist_mtx); 747 748 return result; 749 } 750 751 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 752 { 753 struct cfg80211_registered_device *rdev; 754 struct net_device *netdev; 755 int result; 756 757 rtnl_lock(); 758 759 result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev); 760 if (result) 761 goto unlock; 762 763 result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 764 765 unlock: 766 rtnl_unlock(); 767 768 return result; 769 } 770 771 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 772 { 773 struct cfg80211_registered_device *rdev; 774 struct net_device *netdev = NULL; 775 struct wireless_dev *wdev; 776 int result, rem_txq_params = 0; 777 struct nlattr *nl_txq_params; 778 u32 changed; 779 u8 retry_short = 0, retry_long = 0; 780 u32 frag_threshold = 0, rts_threshold = 0; 781 u8 coverage_class = 0; 782 783 rtnl_lock(); 784 785 /* 786 * Try to find the wiphy and netdev. Normally this 787 * function shouldn't need the netdev, but this is 788 * done for backward compatibility -- previously 789 * setting the channel was done per wiphy, but now 790 * it is per netdev. Previous userland like hostapd 791 * also passed a netdev to set_wiphy, so that it is 792 * possible to let that go to the right netdev! 793 */ 794 mutex_lock(&cfg80211_mutex); 795 796 if (info->attrs[NL80211_ATTR_IFINDEX]) { 797 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 798 799 netdev = dev_get_by_index(genl_info_net(info), ifindex); 800 if (netdev && netdev->ieee80211_ptr) { 801 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 802 mutex_lock(&rdev->mtx); 803 } else 804 netdev = NULL; 805 } 806 807 if (!netdev) { 808 rdev = __cfg80211_rdev_from_info(info); 809 if (IS_ERR(rdev)) { 810 mutex_unlock(&cfg80211_mutex); 811 result = PTR_ERR(rdev); 812 goto unlock; 813 } 814 wdev = NULL; 815 netdev = NULL; 816 result = 0; 817 818 mutex_lock(&rdev->mtx); 819 } else if (netif_running(netdev) && 820 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 821 wdev = netdev->ieee80211_ptr; 822 else 823 wdev = NULL; 824 825 /* 826 * end workaround code, by now the rdev is available 827 * and locked, and wdev may or may not be NULL. 828 */ 829 830 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 831 result = cfg80211_dev_rename( 832 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 833 834 mutex_unlock(&cfg80211_mutex); 835 836 if (result) 837 goto bad_res; 838 839 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 840 struct ieee80211_txq_params txq_params; 841 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 842 843 if (!rdev->ops->set_txq_params) { 844 result = -EOPNOTSUPP; 845 goto bad_res; 846 } 847 848 nla_for_each_nested(nl_txq_params, 849 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 850 rem_txq_params) { 851 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 852 nla_data(nl_txq_params), 853 nla_len(nl_txq_params), 854 txq_params_policy); 855 result = parse_txq_params(tb, &txq_params); 856 if (result) 857 goto bad_res; 858 859 result = rdev->ops->set_txq_params(&rdev->wiphy, 860 &txq_params); 861 if (result) 862 goto bad_res; 863 } 864 } 865 866 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 867 result = __nl80211_set_channel(rdev, wdev, info); 868 if (result) 869 goto bad_res; 870 } 871 872 changed = 0; 873 874 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 875 retry_short = nla_get_u8( 876 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 877 if (retry_short == 0) { 878 result = -EINVAL; 879 goto bad_res; 880 } 881 changed |= WIPHY_PARAM_RETRY_SHORT; 882 } 883 884 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 885 retry_long = nla_get_u8( 886 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 887 if (retry_long == 0) { 888 result = -EINVAL; 889 goto bad_res; 890 } 891 changed |= WIPHY_PARAM_RETRY_LONG; 892 } 893 894 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 895 frag_threshold = nla_get_u32( 896 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 897 if (frag_threshold < 256) { 898 result = -EINVAL; 899 goto bad_res; 900 } 901 if (frag_threshold != (u32) -1) { 902 /* 903 * Fragments (apart from the last one) are required to 904 * have even length. Make the fragmentation code 905 * simpler by stripping LSB should someone try to use 906 * odd threshold value. 907 */ 908 frag_threshold &= ~0x1; 909 } 910 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 911 } 912 913 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 914 rts_threshold = nla_get_u32( 915 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 916 changed |= WIPHY_PARAM_RTS_THRESHOLD; 917 } 918 919 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 920 coverage_class = nla_get_u8( 921 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 922 changed |= WIPHY_PARAM_COVERAGE_CLASS; 923 } 924 925 if (changed) { 926 u8 old_retry_short, old_retry_long; 927 u32 old_frag_threshold, old_rts_threshold; 928 u8 old_coverage_class; 929 930 if (!rdev->ops->set_wiphy_params) { 931 result = -EOPNOTSUPP; 932 goto bad_res; 933 } 934 935 old_retry_short = rdev->wiphy.retry_short; 936 old_retry_long = rdev->wiphy.retry_long; 937 old_frag_threshold = rdev->wiphy.frag_threshold; 938 old_rts_threshold = rdev->wiphy.rts_threshold; 939 old_coverage_class = rdev->wiphy.coverage_class; 940 941 if (changed & WIPHY_PARAM_RETRY_SHORT) 942 rdev->wiphy.retry_short = retry_short; 943 if (changed & WIPHY_PARAM_RETRY_LONG) 944 rdev->wiphy.retry_long = retry_long; 945 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 946 rdev->wiphy.frag_threshold = frag_threshold; 947 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 948 rdev->wiphy.rts_threshold = rts_threshold; 949 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 950 rdev->wiphy.coverage_class = coverage_class; 951 952 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 953 if (result) { 954 rdev->wiphy.retry_short = old_retry_short; 955 rdev->wiphy.retry_long = old_retry_long; 956 rdev->wiphy.frag_threshold = old_frag_threshold; 957 rdev->wiphy.rts_threshold = old_rts_threshold; 958 rdev->wiphy.coverage_class = old_coverage_class; 959 } 960 } 961 962 bad_res: 963 mutex_unlock(&rdev->mtx); 964 if (netdev) 965 dev_put(netdev); 966 unlock: 967 rtnl_unlock(); 968 return result; 969 } 970 971 972 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 973 struct cfg80211_registered_device *rdev, 974 struct net_device *dev) 975 { 976 void *hdr; 977 978 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 979 if (!hdr) 980 return -1; 981 982 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 983 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 984 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 985 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 986 987 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 988 rdev->devlist_generation ^ 989 (cfg80211_rdev_list_generation << 2)); 990 991 return genlmsg_end(msg, hdr); 992 993 nla_put_failure: 994 genlmsg_cancel(msg, hdr); 995 return -EMSGSIZE; 996 } 997 998 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 999 { 1000 int wp_idx = 0; 1001 int if_idx = 0; 1002 int wp_start = cb->args[0]; 1003 int if_start = cb->args[1]; 1004 struct cfg80211_registered_device *rdev; 1005 struct wireless_dev *wdev; 1006 1007 mutex_lock(&cfg80211_mutex); 1008 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1009 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1010 continue; 1011 if (wp_idx < wp_start) { 1012 wp_idx++; 1013 continue; 1014 } 1015 if_idx = 0; 1016 1017 mutex_lock(&rdev->devlist_mtx); 1018 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1019 if (if_idx < if_start) { 1020 if_idx++; 1021 continue; 1022 } 1023 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1024 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1025 rdev, wdev->netdev) < 0) { 1026 mutex_unlock(&rdev->devlist_mtx); 1027 goto out; 1028 } 1029 if_idx++; 1030 } 1031 mutex_unlock(&rdev->devlist_mtx); 1032 1033 wp_idx++; 1034 } 1035 out: 1036 mutex_unlock(&cfg80211_mutex); 1037 1038 cb->args[0] = wp_idx; 1039 cb->args[1] = if_idx; 1040 1041 return skb->len; 1042 } 1043 1044 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1045 { 1046 struct sk_buff *msg; 1047 struct cfg80211_registered_device *dev; 1048 struct net_device *netdev; 1049 int err; 1050 1051 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev); 1052 if (err) 1053 return err; 1054 1055 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1056 if (!msg) 1057 goto out_err; 1058 1059 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1060 dev, netdev) < 0) 1061 goto out_free; 1062 1063 dev_put(netdev); 1064 cfg80211_unlock_rdev(dev); 1065 1066 return genlmsg_reply(msg, info); 1067 1068 out_free: 1069 nlmsg_free(msg); 1070 out_err: 1071 dev_put(netdev); 1072 cfg80211_unlock_rdev(dev); 1073 return -ENOBUFS; 1074 } 1075 1076 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1077 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1078 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1079 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1080 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1081 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1082 }; 1083 1084 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1085 { 1086 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1087 int flag; 1088 1089 *mntrflags = 0; 1090 1091 if (!nla) 1092 return -EINVAL; 1093 1094 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1095 nla, mntr_flags_policy)) 1096 return -EINVAL; 1097 1098 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1099 if (flags[flag]) 1100 *mntrflags |= (1<<flag); 1101 1102 return 0; 1103 } 1104 1105 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1106 struct net_device *netdev, u8 use_4addr, 1107 enum nl80211_iftype iftype) 1108 { 1109 if (!use_4addr) { 1110 if (netdev && netdev->br_port) 1111 return -EBUSY; 1112 return 0; 1113 } 1114 1115 switch (iftype) { 1116 case NL80211_IFTYPE_AP_VLAN: 1117 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1118 return 0; 1119 break; 1120 case NL80211_IFTYPE_STATION: 1121 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1122 return 0; 1123 break; 1124 default: 1125 break; 1126 } 1127 1128 return -EOPNOTSUPP; 1129 } 1130 1131 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1132 { 1133 struct cfg80211_registered_device *rdev; 1134 struct vif_params params; 1135 int err; 1136 enum nl80211_iftype otype, ntype; 1137 struct net_device *dev; 1138 u32 _flags, *flags = NULL; 1139 bool change = false; 1140 1141 memset(¶ms, 0, sizeof(params)); 1142 1143 rtnl_lock(); 1144 1145 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1146 if (err) 1147 goto unlock_rtnl; 1148 1149 otype = ntype = dev->ieee80211_ptr->iftype; 1150 1151 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1152 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1153 if (otype != ntype) 1154 change = true; 1155 if (ntype > NL80211_IFTYPE_MAX) { 1156 err = -EINVAL; 1157 goto unlock; 1158 } 1159 } 1160 1161 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1162 if (ntype != NL80211_IFTYPE_MESH_POINT) { 1163 err = -EINVAL; 1164 goto unlock; 1165 } 1166 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1167 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1168 change = true; 1169 } 1170 1171 if (info->attrs[NL80211_ATTR_4ADDR]) { 1172 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1173 change = true; 1174 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1175 if (err) 1176 goto unlock; 1177 } else { 1178 params.use_4addr = -1; 1179 } 1180 1181 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1182 if (ntype != NL80211_IFTYPE_MONITOR) { 1183 err = -EINVAL; 1184 goto unlock; 1185 } 1186 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1187 &_flags); 1188 if (err) 1189 goto unlock; 1190 1191 flags = &_flags; 1192 change = true; 1193 } 1194 1195 if (change) 1196 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1197 else 1198 err = 0; 1199 1200 if (!err && params.use_4addr != -1) 1201 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1202 1203 unlock: 1204 dev_put(dev); 1205 cfg80211_unlock_rdev(rdev); 1206 unlock_rtnl: 1207 rtnl_unlock(); 1208 return err; 1209 } 1210 1211 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1212 { 1213 struct cfg80211_registered_device *rdev; 1214 struct vif_params params; 1215 int err; 1216 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1217 u32 flags; 1218 1219 memset(¶ms, 0, sizeof(params)); 1220 1221 if (!info->attrs[NL80211_ATTR_IFNAME]) 1222 return -EINVAL; 1223 1224 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1225 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1226 if (type > NL80211_IFTYPE_MAX) 1227 return -EINVAL; 1228 } 1229 1230 rtnl_lock(); 1231 1232 rdev = cfg80211_get_dev_from_info(info); 1233 if (IS_ERR(rdev)) { 1234 err = PTR_ERR(rdev); 1235 goto unlock_rtnl; 1236 } 1237 1238 if (!rdev->ops->add_virtual_intf || 1239 !(rdev->wiphy.interface_modes & (1 << type))) { 1240 err = -EOPNOTSUPP; 1241 goto unlock; 1242 } 1243 1244 if (type == NL80211_IFTYPE_MESH_POINT && 1245 info->attrs[NL80211_ATTR_MESH_ID]) { 1246 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1247 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1248 } 1249 1250 if (info->attrs[NL80211_ATTR_4ADDR]) { 1251 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1252 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1253 if (err) 1254 goto unlock; 1255 } 1256 1257 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1258 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1259 &flags); 1260 err = rdev->ops->add_virtual_intf(&rdev->wiphy, 1261 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1262 type, err ? NULL : &flags, ¶ms); 1263 1264 unlock: 1265 cfg80211_unlock_rdev(rdev); 1266 unlock_rtnl: 1267 rtnl_unlock(); 1268 return err; 1269 } 1270 1271 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1272 { 1273 struct cfg80211_registered_device *rdev; 1274 int err; 1275 struct net_device *dev; 1276 1277 rtnl_lock(); 1278 1279 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1280 if (err) 1281 goto unlock_rtnl; 1282 1283 if (!rdev->ops->del_virtual_intf) { 1284 err = -EOPNOTSUPP; 1285 goto out; 1286 } 1287 1288 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1289 1290 out: 1291 cfg80211_unlock_rdev(rdev); 1292 dev_put(dev); 1293 unlock_rtnl: 1294 rtnl_unlock(); 1295 return err; 1296 } 1297 1298 struct get_key_cookie { 1299 struct sk_buff *msg; 1300 int error; 1301 int idx; 1302 }; 1303 1304 static void get_key_callback(void *c, struct key_params *params) 1305 { 1306 struct nlattr *key; 1307 struct get_key_cookie *cookie = c; 1308 1309 if (params->key) 1310 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1311 params->key_len, params->key); 1312 1313 if (params->seq) 1314 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1315 params->seq_len, params->seq); 1316 1317 if (params->cipher) 1318 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1319 params->cipher); 1320 1321 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1322 if (!key) 1323 goto nla_put_failure; 1324 1325 if (params->key) 1326 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1327 params->key_len, params->key); 1328 1329 if (params->seq) 1330 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1331 params->seq_len, params->seq); 1332 1333 if (params->cipher) 1334 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1335 params->cipher); 1336 1337 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1338 1339 nla_nest_end(cookie->msg, key); 1340 1341 return; 1342 nla_put_failure: 1343 cookie->error = 1; 1344 } 1345 1346 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1347 { 1348 struct cfg80211_registered_device *rdev; 1349 int err; 1350 struct net_device *dev; 1351 u8 key_idx = 0; 1352 u8 *mac_addr = NULL; 1353 struct get_key_cookie cookie = { 1354 .error = 0, 1355 }; 1356 void *hdr; 1357 struct sk_buff *msg; 1358 1359 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1360 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1361 1362 if (key_idx > 5) 1363 return -EINVAL; 1364 1365 if (info->attrs[NL80211_ATTR_MAC]) 1366 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1367 1368 rtnl_lock(); 1369 1370 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1371 if (err) 1372 goto unlock_rtnl; 1373 1374 if (!rdev->ops->get_key) { 1375 err = -EOPNOTSUPP; 1376 goto out; 1377 } 1378 1379 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1380 if (!msg) { 1381 err = -ENOMEM; 1382 goto out; 1383 } 1384 1385 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1386 NL80211_CMD_NEW_KEY); 1387 1388 if (IS_ERR(hdr)) { 1389 err = PTR_ERR(hdr); 1390 goto free_msg; 1391 } 1392 1393 cookie.msg = msg; 1394 cookie.idx = key_idx; 1395 1396 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1397 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1398 if (mac_addr) 1399 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1400 1401 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr, 1402 &cookie, get_key_callback); 1403 1404 if (err) 1405 goto free_msg; 1406 1407 if (cookie.error) 1408 goto nla_put_failure; 1409 1410 genlmsg_end(msg, hdr); 1411 err = genlmsg_reply(msg, info); 1412 goto out; 1413 1414 nla_put_failure: 1415 err = -ENOBUFS; 1416 free_msg: 1417 nlmsg_free(msg); 1418 out: 1419 cfg80211_unlock_rdev(rdev); 1420 dev_put(dev); 1421 unlock_rtnl: 1422 rtnl_unlock(); 1423 1424 return err; 1425 } 1426 1427 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1428 { 1429 struct cfg80211_registered_device *rdev; 1430 struct key_parse key; 1431 int err; 1432 struct net_device *dev; 1433 int (*func)(struct wiphy *wiphy, struct net_device *netdev, 1434 u8 key_index); 1435 1436 err = nl80211_parse_key(info, &key); 1437 if (err) 1438 return err; 1439 1440 if (key.idx < 0) 1441 return -EINVAL; 1442 1443 /* only support setting default key */ 1444 if (!key.def && !key.defmgmt) 1445 return -EINVAL; 1446 1447 rtnl_lock(); 1448 1449 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1450 if (err) 1451 goto unlock_rtnl; 1452 1453 if (key.def) 1454 func = rdev->ops->set_default_key; 1455 else 1456 func = rdev->ops->set_default_mgmt_key; 1457 1458 if (!func) { 1459 err = -EOPNOTSUPP; 1460 goto out; 1461 } 1462 1463 wdev_lock(dev->ieee80211_ptr); 1464 err = nl80211_key_allowed(dev->ieee80211_ptr); 1465 if (!err) 1466 err = func(&rdev->wiphy, dev, key.idx); 1467 1468 #ifdef CONFIG_CFG80211_WEXT 1469 if (!err) { 1470 if (func == rdev->ops->set_default_key) 1471 dev->ieee80211_ptr->wext.default_key = key.idx; 1472 else 1473 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1474 } 1475 #endif 1476 wdev_unlock(dev->ieee80211_ptr); 1477 1478 out: 1479 cfg80211_unlock_rdev(rdev); 1480 dev_put(dev); 1481 1482 unlock_rtnl: 1483 rtnl_unlock(); 1484 1485 return err; 1486 } 1487 1488 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1489 { 1490 struct cfg80211_registered_device *rdev; 1491 int err; 1492 struct net_device *dev; 1493 struct key_parse key; 1494 u8 *mac_addr = NULL; 1495 1496 err = nl80211_parse_key(info, &key); 1497 if (err) 1498 return err; 1499 1500 if (!key.p.key) 1501 return -EINVAL; 1502 1503 if (info->attrs[NL80211_ATTR_MAC]) 1504 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1505 1506 rtnl_lock(); 1507 1508 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1509 if (err) 1510 goto unlock_rtnl; 1511 1512 if (!rdev->ops->add_key) { 1513 err = -EOPNOTSUPP; 1514 goto out; 1515 } 1516 1517 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) { 1518 err = -EINVAL; 1519 goto out; 1520 } 1521 1522 wdev_lock(dev->ieee80211_ptr); 1523 err = nl80211_key_allowed(dev->ieee80211_ptr); 1524 if (!err) 1525 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 1526 mac_addr, &key.p); 1527 wdev_unlock(dev->ieee80211_ptr); 1528 1529 out: 1530 cfg80211_unlock_rdev(rdev); 1531 dev_put(dev); 1532 unlock_rtnl: 1533 rtnl_unlock(); 1534 1535 return err; 1536 } 1537 1538 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 1539 { 1540 struct cfg80211_registered_device *rdev; 1541 int err; 1542 struct net_device *dev; 1543 u8 *mac_addr = NULL; 1544 struct key_parse key; 1545 1546 err = nl80211_parse_key(info, &key); 1547 if (err) 1548 return err; 1549 1550 if (info->attrs[NL80211_ATTR_MAC]) 1551 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1552 1553 rtnl_lock(); 1554 1555 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1556 if (err) 1557 goto unlock_rtnl; 1558 1559 if (!rdev->ops->del_key) { 1560 err = -EOPNOTSUPP; 1561 goto out; 1562 } 1563 1564 wdev_lock(dev->ieee80211_ptr); 1565 err = nl80211_key_allowed(dev->ieee80211_ptr); 1566 if (!err) 1567 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1568 1569 #ifdef CONFIG_CFG80211_WEXT 1570 if (!err) { 1571 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1572 dev->ieee80211_ptr->wext.default_key = -1; 1573 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 1574 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 1575 } 1576 #endif 1577 wdev_unlock(dev->ieee80211_ptr); 1578 1579 out: 1580 cfg80211_unlock_rdev(rdev); 1581 dev_put(dev); 1582 1583 unlock_rtnl: 1584 rtnl_unlock(); 1585 1586 return err; 1587 } 1588 1589 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info) 1590 { 1591 int (*call)(struct wiphy *wiphy, struct net_device *dev, 1592 struct beacon_parameters *info); 1593 struct cfg80211_registered_device *rdev; 1594 int err; 1595 struct net_device *dev; 1596 struct beacon_parameters params; 1597 int haveinfo = 0; 1598 1599 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL])) 1600 return -EINVAL; 1601 1602 rtnl_lock(); 1603 1604 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1605 if (err) 1606 goto unlock_rtnl; 1607 1608 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1609 err = -EOPNOTSUPP; 1610 goto out; 1611 } 1612 1613 switch (info->genlhdr->cmd) { 1614 case NL80211_CMD_NEW_BEACON: 1615 /* these are required for NEW_BEACON */ 1616 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 1617 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 1618 !info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1619 err = -EINVAL; 1620 goto out; 1621 } 1622 1623 call = rdev->ops->add_beacon; 1624 break; 1625 case NL80211_CMD_SET_BEACON: 1626 call = rdev->ops->set_beacon; 1627 break; 1628 default: 1629 WARN_ON(1); 1630 err = -EOPNOTSUPP; 1631 goto out; 1632 } 1633 1634 if (!call) { 1635 err = -EOPNOTSUPP; 1636 goto out; 1637 } 1638 1639 memset(¶ms, 0, sizeof(params)); 1640 1641 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 1642 params.interval = 1643 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 1644 haveinfo = 1; 1645 } 1646 1647 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 1648 params.dtim_period = 1649 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 1650 haveinfo = 1; 1651 } 1652 1653 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1654 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1655 params.head_len = 1656 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1657 haveinfo = 1; 1658 } 1659 1660 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 1661 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1662 params.tail_len = 1663 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1664 haveinfo = 1; 1665 } 1666 1667 if (!haveinfo) { 1668 err = -EINVAL; 1669 goto out; 1670 } 1671 1672 err = call(&rdev->wiphy, dev, ¶ms); 1673 1674 out: 1675 cfg80211_unlock_rdev(rdev); 1676 dev_put(dev); 1677 unlock_rtnl: 1678 rtnl_unlock(); 1679 1680 return err; 1681 } 1682 1683 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info) 1684 { 1685 struct cfg80211_registered_device *rdev; 1686 int err; 1687 struct net_device *dev; 1688 1689 rtnl_lock(); 1690 1691 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1692 if (err) 1693 goto unlock_rtnl; 1694 1695 if (!rdev->ops->del_beacon) { 1696 err = -EOPNOTSUPP; 1697 goto out; 1698 } 1699 1700 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1701 err = -EOPNOTSUPP; 1702 goto out; 1703 } 1704 err = rdev->ops->del_beacon(&rdev->wiphy, dev); 1705 1706 out: 1707 cfg80211_unlock_rdev(rdev); 1708 dev_put(dev); 1709 unlock_rtnl: 1710 rtnl_unlock(); 1711 1712 return err; 1713 } 1714 1715 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 1716 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 1717 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1718 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1719 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1720 }; 1721 1722 static int parse_station_flags(struct genl_info *info, 1723 struct station_parameters *params) 1724 { 1725 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 1726 struct nlattr *nla; 1727 int flag; 1728 1729 /* 1730 * Try parsing the new attribute first so userspace 1731 * can specify both for older kernels. 1732 */ 1733 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 1734 if (nla) { 1735 struct nl80211_sta_flag_update *sta_flags; 1736 1737 sta_flags = nla_data(nla); 1738 params->sta_flags_mask = sta_flags->mask; 1739 params->sta_flags_set = sta_flags->set; 1740 if ((params->sta_flags_mask | 1741 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 1742 return -EINVAL; 1743 return 0; 1744 } 1745 1746 /* if present, parse the old attribute */ 1747 1748 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 1749 if (!nla) 1750 return 0; 1751 1752 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 1753 nla, sta_flags_policy)) 1754 return -EINVAL; 1755 1756 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; 1757 params->sta_flags_mask &= ~1; 1758 1759 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 1760 if (flags[flag]) 1761 params->sta_flags_set |= (1<<flag); 1762 1763 return 0; 1764 } 1765 1766 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1767 int flags, struct net_device *dev, 1768 const u8 *mac_addr, struct station_info *sinfo) 1769 { 1770 void *hdr; 1771 struct nlattr *sinfoattr, *txrate; 1772 u16 bitrate; 1773 1774 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 1775 if (!hdr) 1776 return -1; 1777 1778 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1779 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1780 1781 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 1782 1783 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 1784 if (!sinfoattr) 1785 goto nla_put_failure; 1786 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 1787 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 1788 sinfo->inactive_time); 1789 if (sinfo->filled & STATION_INFO_RX_BYTES) 1790 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 1791 sinfo->rx_bytes); 1792 if (sinfo->filled & STATION_INFO_TX_BYTES) 1793 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 1794 sinfo->tx_bytes); 1795 if (sinfo->filled & STATION_INFO_LLID) 1796 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 1797 sinfo->llid); 1798 if (sinfo->filled & STATION_INFO_PLID) 1799 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 1800 sinfo->plid); 1801 if (sinfo->filled & STATION_INFO_PLINK_STATE) 1802 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 1803 sinfo->plink_state); 1804 if (sinfo->filled & STATION_INFO_SIGNAL) 1805 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 1806 sinfo->signal); 1807 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 1808 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE); 1809 if (!txrate) 1810 goto nla_put_failure; 1811 1812 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 1813 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate); 1814 if (bitrate > 0) 1815 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1816 1817 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS) 1818 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, 1819 sinfo->txrate.mcs); 1820 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 1821 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 1822 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI) 1823 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 1824 1825 nla_nest_end(msg, txrate); 1826 } 1827 if (sinfo->filled & STATION_INFO_RX_PACKETS) 1828 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 1829 sinfo->rx_packets); 1830 if (sinfo->filled & STATION_INFO_TX_PACKETS) 1831 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 1832 sinfo->tx_packets); 1833 nla_nest_end(msg, sinfoattr); 1834 1835 return genlmsg_end(msg, hdr); 1836 1837 nla_put_failure: 1838 genlmsg_cancel(msg, hdr); 1839 return -EMSGSIZE; 1840 } 1841 1842 static int nl80211_dump_station(struct sk_buff *skb, 1843 struct netlink_callback *cb) 1844 { 1845 struct station_info sinfo; 1846 struct cfg80211_registered_device *dev; 1847 struct net_device *netdev; 1848 u8 mac_addr[ETH_ALEN]; 1849 int ifidx = cb->args[0]; 1850 int sta_idx = cb->args[1]; 1851 int err; 1852 1853 if (!ifidx) 1854 ifidx = nl80211_get_ifidx(cb); 1855 if (ifidx < 0) 1856 return ifidx; 1857 1858 rtnl_lock(); 1859 1860 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1861 if (!netdev) { 1862 err = -ENODEV; 1863 goto out_rtnl; 1864 } 1865 1866 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 1867 if (IS_ERR(dev)) { 1868 err = PTR_ERR(dev); 1869 goto out_rtnl; 1870 } 1871 1872 if (!dev->ops->dump_station) { 1873 err = -EOPNOTSUPP; 1874 goto out_err; 1875 } 1876 1877 while (1) { 1878 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 1879 mac_addr, &sinfo); 1880 if (err == -ENOENT) 1881 break; 1882 if (err) 1883 goto out_err; 1884 1885 if (nl80211_send_station(skb, 1886 NETLINK_CB(cb->skb).pid, 1887 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1888 netdev, mac_addr, 1889 &sinfo) < 0) 1890 goto out; 1891 1892 sta_idx++; 1893 } 1894 1895 1896 out: 1897 cb->args[1] = sta_idx; 1898 err = skb->len; 1899 out_err: 1900 cfg80211_unlock_rdev(dev); 1901 out_rtnl: 1902 rtnl_unlock(); 1903 1904 return err; 1905 } 1906 1907 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1908 { 1909 struct cfg80211_registered_device *rdev; 1910 int err; 1911 struct net_device *dev; 1912 struct station_info sinfo; 1913 struct sk_buff *msg; 1914 u8 *mac_addr = NULL; 1915 1916 memset(&sinfo, 0, sizeof(sinfo)); 1917 1918 if (!info->attrs[NL80211_ATTR_MAC]) 1919 return -EINVAL; 1920 1921 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1922 1923 rtnl_lock(); 1924 1925 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1926 if (err) 1927 goto out_rtnl; 1928 1929 if (!rdev->ops->get_station) { 1930 err = -EOPNOTSUPP; 1931 goto out; 1932 } 1933 1934 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 1935 if (err) 1936 goto out; 1937 1938 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1939 if (!msg) 1940 goto out; 1941 1942 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 1943 dev, mac_addr, &sinfo) < 0) 1944 goto out_free; 1945 1946 err = genlmsg_reply(msg, info); 1947 goto out; 1948 1949 out_free: 1950 nlmsg_free(msg); 1951 out: 1952 cfg80211_unlock_rdev(rdev); 1953 dev_put(dev); 1954 out_rtnl: 1955 rtnl_unlock(); 1956 1957 return err; 1958 } 1959 1960 /* 1961 * Get vlan interface making sure it is running and on the right wiphy. 1962 */ 1963 static int get_vlan(struct genl_info *info, 1964 struct cfg80211_registered_device *rdev, 1965 struct net_device **vlan) 1966 { 1967 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 1968 *vlan = NULL; 1969 1970 if (vlanattr) { 1971 *vlan = dev_get_by_index(genl_info_net(info), 1972 nla_get_u32(vlanattr)); 1973 if (!*vlan) 1974 return -ENODEV; 1975 if (!(*vlan)->ieee80211_ptr) 1976 return -EINVAL; 1977 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 1978 return -EINVAL; 1979 if (!netif_running(*vlan)) 1980 return -ENETDOWN; 1981 } 1982 return 0; 1983 } 1984 1985 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 1986 { 1987 struct cfg80211_registered_device *rdev; 1988 int err; 1989 struct net_device *dev; 1990 struct station_parameters params; 1991 u8 *mac_addr = NULL; 1992 1993 memset(¶ms, 0, sizeof(params)); 1994 1995 params.listen_interval = -1; 1996 1997 if (info->attrs[NL80211_ATTR_STA_AID]) 1998 return -EINVAL; 1999 2000 if (!info->attrs[NL80211_ATTR_MAC]) 2001 return -EINVAL; 2002 2003 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2004 2005 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2006 params.supported_rates = 2007 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2008 params.supported_rates_len = 2009 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2010 } 2011 2012 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2013 params.listen_interval = 2014 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2015 2016 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2017 params.ht_capa = 2018 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2019 2020 if (parse_station_flags(info, ¶ms)) 2021 return -EINVAL; 2022 2023 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2024 params.plink_action = 2025 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2026 2027 rtnl_lock(); 2028 2029 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2030 if (err) 2031 goto out_rtnl; 2032 2033 err = get_vlan(info, rdev, ¶ms.vlan); 2034 if (err) 2035 goto out; 2036 2037 /* validate settings */ 2038 err = 0; 2039 2040 switch (dev->ieee80211_ptr->iftype) { 2041 case NL80211_IFTYPE_AP: 2042 case NL80211_IFTYPE_AP_VLAN: 2043 /* disallow mesh-specific things */ 2044 if (params.plink_action) 2045 err = -EINVAL; 2046 break; 2047 case NL80211_IFTYPE_STATION: 2048 /* disallow everything but AUTHORIZED flag */ 2049 if (params.plink_action) 2050 err = -EINVAL; 2051 if (params.vlan) 2052 err = -EINVAL; 2053 if (params.supported_rates) 2054 err = -EINVAL; 2055 if (params.ht_capa) 2056 err = -EINVAL; 2057 if (params.listen_interval >= 0) 2058 err = -EINVAL; 2059 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2060 err = -EINVAL; 2061 break; 2062 case NL80211_IFTYPE_MESH_POINT: 2063 /* disallow things mesh doesn't support */ 2064 if (params.vlan) 2065 err = -EINVAL; 2066 if (params.ht_capa) 2067 err = -EINVAL; 2068 if (params.listen_interval >= 0) 2069 err = -EINVAL; 2070 if (params.supported_rates) 2071 err = -EINVAL; 2072 if (params.sta_flags_mask) 2073 err = -EINVAL; 2074 break; 2075 default: 2076 err = -EINVAL; 2077 } 2078 2079 if (err) 2080 goto out; 2081 2082 if (!rdev->ops->change_station) { 2083 err = -EOPNOTSUPP; 2084 goto out; 2085 } 2086 2087 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2088 2089 out: 2090 if (params.vlan) 2091 dev_put(params.vlan); 2092 cfg80211_unlock_rdev(rdev); 2093 dev_put(dev); 2094 out_rtnl: 2095 rtnl_unlock(); 2096 2097 return err; 2098 } 2099 2100 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2101 { 2102 struct cfg80211_registered_device *rdev; 2103 int err; 2104 struct net_device *dev; 2105 struct station_parameters params; 2106 u8 *mac_addr = NULL; 2107 2108 memset(¶ms, 0, sizeof(params)); 2109 2110 if (!info->attrs[NL80211_ATTR_MAC]) 2111 return -EINVAL; 2112 2113 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2114 return -EINVAL; 2115 2116 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2117 return -EINVAL; 2118 2119 if (!info->attrs[NL80211_ATTR_STA_AID]) 2120 return -EINVAL; 2121 2122 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2123 params.supported_rates = 2124 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2125 params.supported_rates_len = 2126 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2127 params.listen_interval = 2128 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2129 2130 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2131 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2132 return -EINVAL; 2133 2134 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2135 params.ht_capa = 2136 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2137 2138 if (parse_station_flags(info, ¶ms)) 2139 return -EINVAL; 2140 2141 rtnl_lock(); 2142 2143 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2144 if (err) 2145 goto out_rtnl; 2146 2147 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2148 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2149 err = -EINVAL; 2150 goto out; 2151 } 2152 2153 err = get_vlan(info, rdev, ¶ms.vlan); 2154 if (err) 2155 goto out; 2156 2157 /* validate settings */ 2158 err = 0; 2159 2160 if (!rdev->ops->add_station) { 2161 err = -EOPNOTSUPP; 2162 goto out; 2163 } 2164 2165 if (!netif_running(dev)) { 2166 err = -ENETDOWN; 2167 goto out; 2168 } 2169 2170 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2171 2172 out: 2173 if (params.vlan) 2174 dev_put(params.vlan); 2175 cfg80211_unlock_rdev(rdev); 2176 dev_put(dev); 2177 out_rtnl: 2178 rtnl_unlock(); 2179 2180 return err; 2181 } 2182 2183 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2184 { 2185 struct cfg80211_registered_device *rdev; 2186 int err; 2187 struct net_device *dev; 2188 u8 *mac_addr = NULL; 2189 2190 if (info->attrs[NL80211_ATTR_MAC]) 2191 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2192 2193 rtnl_lock(); 2194 2195 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2196 if (err) 2197 goto out_rtnl; 2198 2199 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2200 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2201 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2202 err = -EINVAL; 2203 goto out; 2204 } 2205 2206 if (!rdev->ops->del_station) { 2207 err = -EOPNOTSUPP; 2208 goto out; 2209 } 2210 2211 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2212 2213 out: 2214 cfg80211_unlock_rdev(rdev); 2215 dev_put(dev); 2216 out_rtnl: 2217 rtnl_unlock(); 2218 2219 return err; 2220 } 2221 2222 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2223 int flags, struct net_device *dev, 2224 u8 *dst, u8 *next_hop, 2225 struct mpath_info *pinfo) 2226 { 2227 void *hdr; 2228 struct nlattr *pinfoattr; 2229 2230 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2231 if (!hdr) 2232 return -1; 2233 2234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2236 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2237 2238 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2239 2240 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2241 if (!pinfoattr) 2242 goto nla_put_failure; 2243 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2244 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2245 pinfo->frame_qlen); 2246 if (pinfo->filled & MPATH_INFO_SN) 2247 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2248 pinfo->sn); 2249 if (pinfo->filled & MPATH_INFO_METRIC) 2250 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2251 pinfo->metric); 2252 if (pinfo->filled & MPATH_INFO_EXPTIME) 2253 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2254 pinfo->exptime); 2255 if (pinfo->filled & MPATH_INFO_FLAGS) 2256 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2257 pinfo->flags); 2258 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2259 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2260 pinfo->discovery_timeout); 2261 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2262 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2263 pinfo->discovery_retries); 2264 2265 nla_nest_end(msg, pinfoattr); 2266 2267 return genlmsg_end(msg, hdr); 2268 2269 nla_put_failure: 2270 genlmsg_cancel(msg, hdr); 2271 return -EMSGSIZE; 2272 } 2273 2274 static int nl80211_dump_mpath(struct sk_buff *skb, 2275 struct netlink_callback *cb) 2276 { 2277 struct mpath_info pinfo; 2278 struct cfg80211_registered_device *dev; 2279 struct net_device *netdev; 2280 u8 dst[ETH_ALEN]; 2281 u8 next_hop[ETH_ALEN]; 2282 int ifidx = cb->args[0]; 2283 int path_idx = cb->args[1]; 2284 int err; 2285 2286 if (!ifidx) 2287 ifidx = nl80211_get_ifidx(cb); 2288 if (ifidx < 0) 2289 return ifidx; 2290 2291 rtnl_lock(); 2292 2293 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2294 if (!netdev) { 2295 err = -ENODEV; 2296 goto out_rtnl; 2297 } 2298 2299 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 2300 if (IS_ERR(dev)) { 2301 err = PTR_ERR(dev); 2302 goto out_rtnl; 2303 } 2304 2305 if (!dev->ops->dump_mpath) { 2306 err = -EOPNOTSUPP; 2307 goto out_err; 2308 } 2309 2310 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2311 err = -EOPNOTSUPP; 2312 goto out_err; 2313 } 2314 2315 while (1) { 2316 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2317 dst, next_hop, &pinfo); 2318 if (err == -ENOENT) 2319 break; 2320 if (err) 2321 goto out_err; 2322 2323 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2324 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2325 netdev, dst, next_hop, 2326 &pinfo) < 0) 2327 goto out; 2328 2329 path_idx++; 2330 } 2331 2332 2333 out: 2334 cb->args[1] = path_idx; 2335 err = skb->len; 2336 out_err: 2337 cfg80211_unlock_rdev(dev); 2338 out_rtnl: 2339 rtnl_unlock(); 2340 2341 return err; 2342 } 2343 2344 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 2345 { 2346 struct cfg80211_registered_device *rdev; 2347 int err; 2348 struct net_device *dev; 2349 struct mpath_info pinfo; 2350 struct sk_buff *msg; 2351 u8 *dst = NULL; 2352 u8 next_hop[ETH_ALEN]; 2353 2354 memset(&pinfo, 0, sizeof(pinfo)); 2355 2356 if (!info->attrs[NL80211_ATTR_MAC]) 2357 return -EINVAL; 2358 2359 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2360 2361 rtnl_lock(); 2362 2363 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2364 if (err) 2365 goto out_rtnl; 2366 2367 if (!rdev->ops->get_mpath) { 2368 err = -EOPNOTSUPP; 2369 goto out; 2370 } 2371 2372 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2373 err = -EOPNOTSUPP; 2374 goto out; 2375 } 2376 2377 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 2378 if (err) 2379 goto out; 2380 2381 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2382 if (!msg) 2383 goto out; 2384 2385 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 2386 dev, dst, next_hop, &pinfo) < 0) 2387 goto out_free; 2388 2389 err = genlmsg_reply(msg, info); 2390 goto out; 2391 2392 out_free: 2393 nlmsg_free(msg); 2394 out: 2395 cfg80211_unlock_rdev(rdev); 2396 dev_put(dev); 2397 out_rtnl: 2398 rtnl_unlock(); 2399 2400 return err; 2401 } 2402 2403 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 2404 { 2405 struct cfg80211_registered_device *rdev; 2406 int err; 2407 struct net_device *dev; 2408 u8 *dst = NULL; 2409 u8 *next_hop = NULL; 2410 2411 if (!info->attrs[NL80211_ATTR_MAC]) 2412 return -EINVAL; 2413 2414 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2415 return -EINVAL; 2416 2417 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2418 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2419 2420 rtnl_lock(); 2421 2422 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2423 if (err) 2424 goto out_rtnl; 2425 2426 if (!rdev->ops->change_mpath) { 2427 err = -EOPNOTSUPP; 2428 goto out; 2429 } 2430 2431 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2432 err = -EOPNOTSUPP; 2433 goto out; 2434 } 2435 2436 if (!netif_running(dev)) { 2437 err = -ENETDOWN; 2438 goto out; 2439 } 2440 2441 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 2442 2443 out: 2444 cfg80211_unlock_rdev(rdev); 2445 dev_put(dev); 2446 out_rtnl: 2447 rtnl_unlock(); 2448 2449 return err; 2450 } 2451 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 2452 { 2453 struct cfg80211_registered_device *rdev; 2454 int err; 2455 struct net_device *dev; 2456 u8 *dst = NULL; 2457 u8 *next_hop = NULL; 2458 2459 if (!info->attrs[NL80211_ATTR_MAC]) 2460 return -EINVAL; 2461 2462 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2463 return -EINVAL; 2464 2465 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2466 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2467 2468 rtnl_lock(); 2469 2470 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2471 if (err) 2472 goto out_rtnl; 2473 2474 if (!rdev->ops->add_mpath) { 2475 err = -EOPNOTSUPP; 2476 goto out; 2477 } 2478 2479 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2480 err = -EOPNOTSUPP; 2481 goto out; 2482 } 2483 2484 if (!netif_running(dev)) { 2485 err = -ENETDOWN; 2486 goto out; 2487 } 2488 2489 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 2490 2491 out: 2492 cfg80211_unlock_rdev(rdev); 2493 dev_put(dev); 2494 out_rtnl: 2495 rtnl_unlock(); 2496 2497 return err; 2498 } 2499 2500 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 2501 { 2502 struct cfg80211_registered_device *rdev; 2503 int err; 2504 struct net_device *dev; 2505 u8 *dst = NULL; 2506 2507 if (info->attrs[NL80211_ATTR_MAC]) 2508 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2509 2510 rtnl_lock(); 2511 2512 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2513 if (err) 2514 goto out_rtnl; 2515 2516 if (!rdev->ops->del_mpath) { 2517 err = -EOPNOTSUPP; 2518 goto out; 2519 } 2520 2521 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 2522 2523 out: 2524 cfg80211_unlock_rdev(rdev); 2525 dev_put(dev); 2526 out_rtnl: 2527 rtnl_unlock(); 2528 2529 return err; 2530 } 2531 2532 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 2533 { 2534 struct cfg80211_registered_device *rdev; 2535 int err; 2536 struct net_device *dev; 2537 struct bss_parameters params; 2538 2539 memset(¶ms, 0, sizeof(params)); 2540 /* default to not changing parameters */ 2541 params.use_cts_prot = -1; 2542 params.use_short_preamble = -1; 2543 params.use_short_slot_time = -1; 2544 params.ap_isolate = -1; 2545 2546 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 2547 params.use_cts_prot = 2548 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 2549 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 2550 params.use_short_preamble = 2551 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 2552 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 2553 params.use_short_slot_time = 2554 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 2555 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 2556 params.basic_rates = 2557 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2558 params.basic_rates_len = 2559 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2560 } 2561 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 2562 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 2563 2564 rtnl_lock(); 2565 2566 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2567 if (err) 2568 goto out_rtnl; 2569 2570 if (!rdev->ops->change_bss) { 2571 err = -EOPNOTSUPP; 2572 goto out; 2573 } 2574 2575 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 2576 err = -EOPNOTSUPP; 2577 goto out; 2578 } 2579 2580 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 2581 2582 out: 2583 cfg80211_unlock_rdev(rdev); 2584 dev_put(dev); 2585 out_rtnl: 2586 rtnl_unlock(); 2587 2588 return err; 2589 } 2590 2591 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 2592 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2593 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2594 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2595 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 2596 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 2597 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 2598 }; 2599 2600 static int parse_reg_rule(struct nlattr *tb[], 2601 struct ieee80211_reg_rule *reg_rule) 2602 { 2603 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 2604 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 2605 2606 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 2607 return -EINVAL; 2608 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 2609 return -EINVAL; 2610 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 2611 return -EINVAL; 2612 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 2613 return -EINVAL; 2614 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 2615 return -EINVAL; 2616 2617 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 2618 2619 freq_range->start_freq_khz = 2620 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 2621 freq_range->end_freq_khz = 2622 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 2623 freq_range->max_bandwidth_khz = 2624 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 2625 2626 power_rule->max_eirp = 2627 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 2628 2629 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 2630 power_rule->max_antenna_gain = 2631 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 2632 2633 return 0; 2634 } 2635 2636 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 2637 { 2638 int r; 2639 char *data = NULL; 2640 2641 /* 2642 * You should only get this when cfg80211 hasn't yet initialized 2643 * completely when built-in to the kernel right between the time 2644 * window between nl80211_init() and regulatory_init(), if that is 2645 * even possible. 2646 */ 2647 mutex_lock(&cfg80211_mutex); 2648 if (unlikely(!cfg80211_regdomain)) { 2649 mutex_unlock(&cfg80211_mutex); 2650 return -EINPROGRESS; 2651 } 2652 mutex_unlock(&cfg80211_mutex); 2653 2654 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2655 return -EINVAL; 2656 2657 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2658 2659 r = regulatory_hint_user(data); 2660 2661 return r; 2662 } 2663 2664 static int nl80211_get_mesh_params(struct sk_buff *skb, 2665 struct genl_info *info) 2666 { 2667 struct cfg80211_registered_device *rdev; 2668 struct mesh_config cur_params; 2669 int err; 2670 struct net_device *dev; 2671 void *hdr; 2672 struct nlattr *pinfoattr; 2673 struct sk_buff *msg; 2674 2675 rtnl_lock(); 2676 2677 /* Look up our device */ 2678 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2679 if (err) 2680 goto out_rtnl; 2681 2682 if (!rdev->ops->get_mesh_params) { 2683 err = -EOPNOTSUPP; 2684 goto out; 2685 } 2686 2687 /* Get the mesh params */ 2688 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params); 2689 if (err) 2690 goto out; 2691 2692 /* Draw up a netlink message to send back */ 2693 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2694 if (!msg) { 2695 err = -ENOBUFS; 2696 goto out; 2697 } 2698 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2699 NL80211_CMD_GET_MESH_PARAMS); 2700 if (!hdr) 2701 goto nla_put_failure; 2702 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS); 2703 if (!pinfoattr) 2704 goto nla_put_failure; 2705 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2706 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 2707 cur_params.dot11MeshRetryTimeout); 2708 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 2709 cur_params.dot11MeshConfirmTimeout); 2710 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 2711 cur_params.dot11MeshHoldingTimeout); 2712 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 2713 cur_params.dot11MeshMaxPeerLinks); 2714 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 2715 cur_params.dot11MeshMaxRetries); 2716 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 2717 cur_params.dot11MeshTTL); 2718 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 2719 cur_params.auto_open_plinks); 2720 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2721 cur_params.dot11MeshHWMPmaxPREQretries); 2722 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 2723 cur_params.path_refresh_time); 2724 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2725 cur_params.min_discovery_timeout); 2726 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2727 cur_params.dot11MeshHWMPactivePathTimeout); 2728 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2729 cur_params.dot11MeshHWMPpreqMinInterval); 2730 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2731 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2732 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 2733 cur_params.dot11MeshHWMPRootMode); 2734 nla_nest_end(msg, pinfoattr); 2735 genlmsg_end(msg, hdr); 2736 err = genlmsg_reply(msg, info); 2737 goto out; 2738 2739 nla_put_failure: 2740 genlmsg_cancel(msg, hdr); 2741 err = -EMSGSIZE; 2742 out: 2743 /* Cleanup */ 2744 cfg80211_unlock_rdev(rdev); 2745 dev_put(dev); 2746 out_rtnl: 2747 rtnl_unlock(); 2748 2749 return err; 2750 } 2751 2752 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 2753 do {\ 2754 if (table[attr_num]) {\ 2755 cfg.param = nla_fn(table[attr_num]); \ 2756 mask |= (1 << (attr_num - 1)); \ 2757 } \ 2758 } while (0);\ 2759 2760 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 2761 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2762 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2763 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2764 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 2765 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 2766 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 2767 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 2768 2769 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 2770 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 2771 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 2772 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 2773 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 2774 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 2775 }; 2776 2777 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info) 2778 { 2779 int err; 2780 u32 mask; 2781 struct cfg80211_registered_device *rdev; 2782 struct net_device *dev; 2783 struct mesh_config cfg; 2784 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 2785 struct nlattr *parent_attr; 2786 2787 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS]; 2788 if (!parent_attr) 2789 return -EINVAL; 2790 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 2791 parent_attr, nl80211_meshconf_params_policy)) 2792 return -EINVAL; 2793 2794 rtnl_lock(); 2795 2796 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2797 if (err) 2798 goto out_rtnl; 2799 2800 if (!rdev->ops->set_mesh_params) { 2801 err = -EOPNOTSUPP; 2802 goto out; 2803 } 2804 2805 /* This makes sure that there aren't more than 32 mesh config 2806 * parameters (otherwise our bitfield scheme would not work.) */ 2807 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2808 2809 /* Fill in the params struct */ 2810 mask = 0; 2811 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 2812 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 2813 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 2814 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 2815 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 2816 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 2817 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 2818 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 2819 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 2820 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 2821 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 2822 mask, NL80211_MESHCONF_TTL, nla_get_u8); 2823 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 2824 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 2825 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 2826 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2827 nla_get_u8); 2828 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 2829 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 2830 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 2831 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2832 nla_get_u16); 2833 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 2834 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2835 nla_get_u32); 2836 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 2837 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2838 nla_get_u16); 2839 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2840 dot11MeshHWMPnetDiameterTraversalTime, 2841 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2842 nla_get_u16); 2843 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2844 dot11MeshHWMPRootMode, mask, 2845 NL80211_MESHCONF_HWMP_ROOTMODE, 2846 nla_get_u8); 2847 2848 /* Apply changes */ 2849 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2850 2851 out: 2852 /* cleanup */ 2853 cfg80211_unlock_rdev(rdev); 2854 dev_put(dev); 2855 out_rtnl: 2856 rtnl_unlock(); 2857 2858 return err; 2859 } 2860 2861 #undef FILL_IN_MESH_PARAM_IF_SET 2862 2863 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 2864 { 2865 struct sk_buff *msg; 2866 void *hdr = NULL; 2867 struct nlattr *nl_reg_rules; 2868 unsigned int i; 2869 int err = -EINVAL; 2870 2871 mutex_lock(&cfg80211_mutex); 2872 2873 if (!cfg80211_regdomain) 2874 goto out; 2875 2876 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2877 if (!msg) { 2878 err = -ENOBUFS; 2879 goto out; 2880 } 2881 2882 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2883 NL80211_CMD_GET_REG); 2884 if (!hdr) 2885 goto nla_put_failure; 2886 2887 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 2888 cfg80211_regdomain->alpha2); 2889 2890 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 2891 if (!nl_reg_rules) 2892 goto nla_put_failure; 2893 2894 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 2895 struct nlattr *nl_reg_rule; 2896 const struct ieee80211_reg_rule *reg_rule; 2897 const struct ieee80211_freq_range *freq_range; 2898 const struct ieee80211_power_rule *power_rule; 2899 2900 reg_rule = &cfg80211_regdomain->reg_rules[i]; 2901 freq_range = ®_rule->freq_range; 2902 power_rule = ®_rule->power_rule; 2903 2904 nl_reg_rule = nla_nest_start(msg, i); 2905 if (!nl_reg_rule) 2906 goto nla_put_failure; 2907 2908 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 2909 reg_rule->flags); 2910 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 2911 freq_range->start_freq_khz); 2912 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 2913 freq_range->end_freq_khz); 2914 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 2915 freq_range->max_bandwidth_khz); 2916 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 2917 power_rule->max_antenna_gain); 2918 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 2919 power_rule->max_eirp); 2920 2921 nla_nest_end(msg, nl_reg_rule); 2922 } 2923 2924 nla_nest_end(msg, nl_reg_rules); 2925 2926 genlmsg_end(msg, hdr); 2927 err = genlmsg_reply(msg, info); 2928 goto out; 2929 2930 nla_put_failure: 2931 genlmsg_cancel(msg, hdr); 2932 err = -EMSGSIZE; 2933 out: 2934 mutex_unlock(&cfg80211_mutex); 2935 return err; 2936 } 2937 2938 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 2939 { 2940 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 2941 struct nlattr *nl_reg_rule; 2942 char *alpha2 = NULL; 2943 int rem_reg_rules = 0, r = 0; 2944 u32 num_rules = 0, rule_idx = 0, size_of_regd; 2945 struct ieee80211_regdomain *rd = NULL; 2946 2947 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2948 return -EINVAL; 2949 2950 if (!info->attrs[NL80211_ATTR_REG_RULES]) 2951 return -EINVAL; 2952 2953 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2954 2955 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2956 rem_reg_rules) { 2957 num_rules++; 2958 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 2959 return -EINVAL; 2960 } 2961 2962 mutex_lock(&cfg80211_mutex); 2963 2964 if (!reg_is_valid_request(alpha2)) { 2965 r = -EINVAL; 2966 goto bad_reg; 2967 } 2968 2969 size_of_regd = sizeof(struct ieee80211_regdomain) + 2970 (num_rules * sizeof(struct ieee80211_reg_rule)); 2971 2972 rd = kzalloc(size_of_regd, GFP_KERNEL); 2973 if (!rd) { 2974 r = -ENOMEM; 2975 goto bad_reg; 2976 } 2977 2978 rd->n_reg_rules = num_rules; 2979 rd->alpha2[0] = alpha2[0]; 2980 rd->alpha2[1] = alpha2[1]; 2981 2982 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2983 rem_reg_rules) { 2984 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 2985 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 2986 reg_rule_policy); 2987 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 2988 if (r) 2989 goto bad_reg; 2990 2991 rule_idx++; 2992 2993 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 2994 r = -EINVAL; 2995 goto bad_reg; 2996 } 2997 } 2998 2999 BUG_ON(rule_idx != num_rules); 3000 3001 r = set_regdom(rd); 3002 3003 mutex_unlock(&cfg80211_mutex); 3004 3005 return r; 3006 3007 bad_reg: 3008 mutex_unlock(&cfg80211_mutex); 3009 kfree(rd); 3010 return r; 3011 } 3012 3013 static int validate_scan_freqs(struct nlattr *freqs) 3014 { 3015 struct nlattr *attr1, *attr2; 3016 int n_channels = 0, tmp1, tmp2; 3017 3018 nla_for_each_nested(attr1, freqs, tmp1) { 3019 n_channels++; 3020 /* 3021 * Some hardware has a limited channel list for 3022 * scanning, and it is pretty much nonsensical 3023 * to scan for a channel twice, so disallow that 3024 * and don't require drivers to check that the 3025 * channel list they get isn't longer than what 3026 * they can scan, as long as they can scan all 3027 * the channels they registered at once. 3028 */ 3029 nla_for_each_nested(attr2, freqs, tmp2) 3030 if (attr1 != attr2 && 3031 nla_get_u32(attr1) == nla_get_u32(attr2)) 3032 return 0; 3033 } 3034 3035 return n_channels; 3036 } 3037 3038 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3039 { 3040 struct cfg80211_registered_device *rdev; 3041 struct net_device *dev; 3042 struct cfg80211_scan_request *request; 3043 struct cfg80211_ssid *ssid; 3044 struct ieee80211_channel *channel; 3045 struct nlattr *attr; 3046 struct wiphy *wiphy; 3047 int err, tmp, n_ssids = 0, n_channels, i; 3048 enum ieee80211_band band; 3049 size_t ie_len; 3050 3051 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3052 return -EINVAL; 3053 3054 rtnl_lock(); 3055 3056 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3057 if (err) 3058 goto out_rtnl; 3059 3060 wiphy = &rdev->wiphy; 3061 3062 if (!rdev->ops->scan) { 3063 err = -EOPNOTSUPP; 3064 goto out; 3065 } 3066 3067 if (!netif_running(dev)) { 3068 err = -ENETDOWN; 3069 goto out; 3070 } 3071 3072 if (rdev->scan_req) { 3073 err = -EBUSY; 3074 goto out; 3075 } 3076 3077 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3078 n_channels = validate_scan_freqs( 3079 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3080 if (!n_channels) { 3081 err = -EINVAL; 3082 goto out; 3083 } 3084 } else { 3085 n_channels = 0; 3086 3087 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3088 if (wiphy->bands[band]) 3089 n_channels += wiphy->bands[band]->n_channels; 3090 } 3091 3092 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3093 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3094 n_ssids++; 3095 3096 if (n_ssids > wiphy->max_scan_ssids) { 3097 err = -EINVAL; 3098 goto out; 3099 } 3100 3101 if (info->attrs[NL80211_ATTR_IE]) 3102 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3103 else 3104 ie_len = 0; 3105 3106 if (ie_len > wiphy->max_scan_ie_len) { 3107 err = -EINVAL; 3108 goto out; 3109 } 3110 3111 request = kzalloc(sizeof(*request) 3112 + sizeof(*ssid) * n_ssids 3113 + sizeof(channel) * n_channels 3114 + ie_len, GFP_KERNEL); 3115 if (!request) { 3116 err = -ENOMEM; 3117 goto out; 3118 } 3119 3120 if (n_ssids) 3121 request->ssids = (void *)&request->channels[n_channels]; 3122 request->n_ssids = n_ssids; 3123 if (ie_len) { 3124 if (request->ssids) 3125 request->ie = (void *)(request->ssids + n_ssids); 3126 else 3127 request->ie = (void *)(request->channels + n_channels); 3128 } 3129 3130 i = 0; 3131 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3132 /* user specified, bail out if channel not found */ 3133 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3134 struct ieee80211_channel *chan; 3135 3136 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3137 3138 if (!chan) { 3139 err = -EINVAL; 3140 goto out_free; 3141 } 3142 3143 /* ignore disabled channels */ 3144 if (chan->flags & IEEE80211_CHAN_DISABLED) 3145 continue; 3146 3147 request->channels[i] = chan; 3148 i++; 3149 } 3150 } else { 3151 /* all channels */ 3152 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3153 int j; 3154 if (!wiphy->bands[band]) 3155 continue; 3156 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3157 struct ieee80211_channel *chan; 3158 3159 chan = &wiphy->bands[band]->channels[j]; 3160 3161 if (chan->flags & IEEE80211_CHAN_DISABLED) 3162 continue; 3163 3164 request->channels[i] = chan; 3165 i++; 3166 } 3167 } 3168 } 3169 3170 if (!i) { 3171 err = -EINVAL; 3172 goto out_free; 3173 } 3174 3175 request->n_channels = i; 3176 3177 i = 0; 3178 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3179 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3180 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3181 err = -EINVAL; 3182 goto out_free; 3183 } 3184 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3185 request->ssids[i].ssid_len = nla_len(attr); 3186 i++; 3187 } 3188 } 3189 3190 if (info->attrs[NL80211_ATTR_IE]) { 3191 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3192 memcpy((void *)request->ie, 3193 nla_data(info->attrs[NL80211_ATTR_IE]), 3194 request->ie_len); 3195 } 3196 3197 request->dev = dev; 3198 request->wiphy = &rdev->wiphy; 3199 3200 rdev->scan_req = request; 3201 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3202 3203 if (!err) { 3204 nl80211_send_scan_start(rdev, dev); 3205 dev_hold(dev); 3206 } 3207 3208 out_free: 3209 if (err) { 3210 rdev->scan_req = NULL; 3211 kfree(request); 3212 } 3213 out: 3214 cfg80211_unlock_rdev(rdev); 3215 dev_put(dev); 3216 out_rtnl: 3217 rtnl_unlock(); 3218 3219 return err; 3220 } 3221 3222 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, 3223 struct cfg80211_registered_device *rdev, 3224 struct wireless_dev *wdev, 3225 struct cfg80211_internal_bss *intbss) 3226 { 3227 struct cfg80211_bss *res = &intbss->pub; 3228 void *hdr; 3229 struct nlattr *bss; 3230 int i; 3231 3232 ASSERT_WDEV_LOCK(wdev); 3233 3234 hdr = nl80211hdr_put(msg, pid, seq, flags, 3235 NL80211_CMD_NEW_SCAN_RESULTS); 3236 if (!hdr) 3237 return -1; 3238 3239 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 3240 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 3241 3242 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 3243 if (!bss) 3244 goto nla_put_failure; 3245 if (!is_zero_ether_addr(res->bssid)) 3246 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 3247 if (res->information_elements && res->len_information_elements) 3248 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3249 res->len_information_elements, 3250 res->information_elements); 3251 if (res->beacon_ies && res->len_beacon_ies && 3252 res->beacon_ies != res->information_elements) 3253 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 3254 res->len_beacon_ies, res->beacon_ies); 3255 if (res->tsf) 3256 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3257 if (res->beacon_interval) 3258 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3259 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3260 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3261 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 3262 jiffies_to_msecs(jiffies - intbss->ts)); 3263 3264 switch (rdev->wiphy.signal_type) { 3265 case CFG80211_SIGNAL_TYPE_MBM: 3266 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 3267 break; 3268 case CFG80211_SIGNAL_TYPE_UNSPEC: 3269 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 3270 break; 3271 default: 3272 break; 3273 } 3274 3275 switch (wdev->iftype) { 3276 case NL80211_IFTYPE_STATION: 3277 if (intbss == wdev->current_bss) 3278 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3279 NL80211_BSS_STATUS_ASSOCIATED); 3280 else for (i = 0; i < MAX_AUTH_BSSES; i++) { 3281 if (intbss != wdev->auth_bsses[i]) 3282 continue; 3283 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3284 NL80211_BSS_STATUS_AUTHENTICATED); 3285 break; 3286 } 3287 break; 3288 case NL80211_IFTYPE_ADHOC: 3289 if (intbss == wdev->current_bss) 3290 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3291 NL80211_BSS_STATUS_IBSS_JOINED); 3292 break; 3293 default: 3294 break; 3295 } 3296 3297 nla_nest_end(msg, bss); 3298 3299 return genlmsg_end(msg, hdr); 3300 3301 nla_put_failure: 3302 genlmsg_cancel(msg, hdr); 3303 return -EMSGSIZE; 3304 } 3305 3306 static int nl80211_dump_scan(struct sk_buff *skb, 3307 struct netlink_callback *cb) 3308 { 3309 struct cfg80211_registered_device *rdev; 3310 struct net_device *dev; 3311 struct cfg80211_internal_bss *scan; 3312 struct wireless_dev *wdev; 3313 int ifidx = cb->args[0]; 3314 int start = cb->args[1], idx = 0; 3315 int err; 3316 3317 if (!ifidx) 3318 ifidx = nl80211_get_ifidx(cb); 3319 if (ifidx < 0) 3320 return ifidx; 3321 cb->args[0] = ifidx; 3322 3323 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3324 if (!dev) 3325 return -ENODEV; 3326 3327 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3328 if (IS_ERR(rdev)) { 3329 err = PTR_ERR(rdev); 3330 goto out_put_netdev; 3331 } 3332 3333 wdev = dev->ieee80211_ptr; 3334 3335 wdev_lock(wdev); 3336 spin_lock_bh(&rdev->bss_lock); 3337 cfg80211_bss_expire(rdev); 3338 3339 list_for_each_entry(scan, &rdev->bss_list, list) { 3340 if (++idx <= start) 3341 continue; 3342 if (nl80211_send_bss(skb, 3343 NETLINK_CB(cb->skb).pid, 3344 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3345 rdev, wdev, scan) < 0) { 3346 idx--; 3347 goto out; 3348 } 3349 } 3350 3351 out: 3352 spin_unlock_bh(&rdev->bss_lock); 3353 wdev_unlock(wdev); 3354 3355 cb->args[1] = idx; 3356 err = skb->len; 3357 cfg80211_unlock_rdev(rdev); 3358 out_put_netdev: 3359 dev_put(dev); 3360 3361 return err; 3362 } 3363 3364 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 3365 int flags, struct net_device *dev, 3366 struct survey_info *survey) 3367 { 3368 void *hdr; 3369 struct nlattr *infoattr; 3370 3371 /* Survey without a channel doesn't make sense */ 3372 if (!survey->channel) 3373 return -EINVAL; 3374 3375 hdr = nl80211hdr_put(msg, pid, seq, flags, 3376 NL80211_CMD_NEW_SURVEY_RESULTS); 3377 if (!hdr) 3378 return -ENOMEM; 3379 3380 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3381 3382 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 3383 if (!infoattr) 3384 goto nla_put_failure; 3385 3386 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 3387 survey->channel->center_freq); 3388 if (survey->filled & SURVEY_INFO_NOISE_DBM) 3389 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 3390 survey->noise); 3391 3392 nla_nest_end(msg, infoattr); 3393 3394 return genlmsg_end(msg, hdr); 3395 3396 nla_put_failure: 3397 genlmsg_cancel(msg, hdr); 3398 return -EMSGSIZE; 3399 } 3400 3401 static int nl80211_dump_survey(struct sk_buff *skb, 3402 struct netlink_callback *cb) 3403 { 3404 struct survey_info survey; 3405 struct cfg80211_registered_device *dev; 3406 struct net_device *netdev; 3407 int ifidx = cb->args[0]; 3408 int survey_idx = cb->args[1]; 3409 int res; 3410 3411 if (!ifidx) 3412 ifidx = nl80211_get_ifidx(cb); 3413 if (ifidx < 0) 3414 return ifidx; 3415 cb->args[0] = ifidx; 3416 3417 rtnl_lock(); 3418 3419 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3420 if (!netdev) { 3421 res = -ENODEV; 3422 goto out_rtnl; 3423 } 3424 3425 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3426 if (IS_ERR(dev)) { 3427 res = PTR_ERR(dev); 3428 goto out_rtnl; 3429 } 3430 3431 if (!dev->ops->dump_survey) { 3432 res = -EOPNOTSUPP; 3433 goto out_err; 3434 } 3435 3436 while (1) { 3437 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 3438 &survey); 3439 if (res == -ENOENT) 3440 break; 3441 if (res) 3442 goto out_err; 3443 3444 if (nl80211_send_survey(skb, 3445 NETLINK_CB(cb->skb).pid, 3446 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3447 netdev, 3448 &survey) < 0) 3449 goto out; 3450 survey_idx++; 3451 } 3452 3453 out: 3454 cb->args[1] = survey_idx; 3455 res = skb->len; 3456 out_err: 3457 cfg80211_unlock_rdev(dev); 3458 out_rtnl: 3459 rtnl_unlock(); 3460 3461 return res; 3462 } 3463 3464 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3465 { 3466 return auth_type <= NL80211_AUTHTYPE_MAX; 3467 } 3468 3469 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 3470 { 3471 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 3472 NL80211_WPA_VERSION_2)); 3473 } 3474 3475 static bool nl80211_valid_akm_suite(u32 akm) 3476 { 3477 return akm == WLAN_AKM_SUITE_8021X || 3478 akm == WLAN_AKM_SUITE_PSK; 3479 } 3480 3481 static bool nl80211_valid_cipher_suite(u32 cipher) 3482 { 3483 return cipher == WLAN_CIPHER_SUITE_WEP40 || 3484 cipher == WLAN_CIPHER_SUITE_WEP104 || 3485 cipher == WLAN_CIPHER_SUITE_TKIP || 3486 cipher == WLAN_CIPHER_SUITE_CCMP || 3487 cipher == WLAN_CIPHER_SUITE_AES_CMAC; 3488 } 3489 3490 3491 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 3492 { 3493 struct cfg80211_registered_device *rdev; 3494 struct net_device *dev; 3495 struct ieee80211_channel *chan; 3496 const u8 *bssid, *ssid, *ie = NULL; 3497 int err, ssid_len, ie_len = 0; 3498 enum nl80211_auth_type auth_type; 3499 struct key_parse key; 3500 bool local_state_change; 3501 3502 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3503 return -EINVAL; 3504 3505 if (!info->attrs[NL80211_ATTR_MAC]) 3506 return -EINVAL; 3507 3508 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 3509 return -EINVAL; 3510 3511 if (!info->attrs[NL80211_ATTR_SSID]) 3512 return -EINVAL; 3513 3514 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3515 return -EINVAL; 3516 3517 err = nl80211_parse_key(info, &key); 3518 if (err) 3519 return err; 3520 3521 if (key.idx >= 0) { 3522 if (!key.p.key || !key.p.key_len) 3523 return -EINVAL; 3524 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 3525 key.p.key_len != WLAN_KEY_LEN_WEP40) && 3526 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 3527 key.p.key_len != WLAN_KEY_LEN_WEP104)) 3528 return -EINVAL; 3529 if (key.idx > 4) 3530 return -EINVAL; 3531 } else { 3532 key.p.key_len = 0; 3533 key.p.key = NULL; 3534 } 3535 3536 rtnl_lock(); 3537 3538 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3539 if (err) 3540 goto unlock_rtnl; 3541 3542 if (!rdev->ops->auth) { 3543 err = -EOPNOTSUPP; 3544 goto out; 3545 } 3546 3547 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3548 err = -EOPNOTSUPP; 3549 goto out; 3550 } 3551 3552 if (!netif_running(dev)) { 3553 err = -ENETDOWN; 3554 goto out; 3555 } 3556 3557 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3558 chan = ieee80211_get_channel(&rdev->wiphy, 3559 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3560 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3561 err = -EINVAL; 3562 goto out; 3563 } 3564 3565 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3566 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3567 3568 if (info->attrs[NL80211_ATTR_IE]) { 3569 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3570 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3571 } 3572 3573 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 3574 if (!nl80211_valid_auth_type(auth_type)) { 3575 err = -EINVAL; 3576 goto out; 3577 } 3578 3579 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3580 3581 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 3582 ssid, ssid_len, ie, ie_len, 3583 key.p.key, key.p.key_len, key.idx, 3584 local_state_change); 3585 3586 out: 3587 cfg80211_unlock_rdev(rdev); 3588 dev_put(dev); 3589 unlock_rtnl: 3590 rtnl_unlock(); 3591 return err; 3592 } 3593 3594 static int nl80211_crypto_settings(struct genl_info *info, 3595 struct cfg80211_crypto_settings *settings, 3596 int cipher_limit) 3597 { 3598 memset(settings, 0, sizeof(*settings)); 3599 3600 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 3601 3602 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 3603 void *data; 3604 int len, i; 3605 3606 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3607 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3608 settings->n_ciphers_pairwise = len / sizeof(u32); 3609 3610 if (len % sizeof(u32)) 3611 return -EINVAL; 3612 3613 if (settings->n_ciphers_pairwise > cipher_limit) 3614 return -EINVAL; 3615 3616 memcpy(settings->ciphers_pairwise, data, len); 3617 3618 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3619 if (!nl80211_valid_cipher_suite( 3620 settings->ciphers_pairwise[i])) 3621 return -EINVAL; 3622 } 3623 3624 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 3625 settings->cipher_group = 3626 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 3627 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 3628 return -EINVAL; 3629 } 3630 3631 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 3632 settings->wpa_versions = 3633 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 3634 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 3635 return -EINVAL; 3636 } 3637 3638 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 3639 void *data; 3640 int len, i; 3641 3642 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 3643 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 3644 settings->n_akm_suites = len / sizeof(u32); 3645 3646 if (len % sizeof(u32)) 3647 return -EINVAL; 3648 3649 memcpy(settings->akm_suites, data, len); 3650 3651 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3652 if (!nl80211_valid_akm_suite(settings->akm_suites[i])) 3653 return -EINVAL; 3654 } 3655 3656 return 0; 3657 } 3658 3659 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 3660 { 3661 struct cfg80211_registered_device *rdev; 3662 struct net_device *dev; 3663 struct cfg80211_crypto_settings crypto; 3664 struct ieee80211_channel *chan; 3665 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3666 int err, ssid_len, ie_len = 0; 3667 bool use_mfp = false; 3668 3669 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3670 return -EINVAL; 3671 3672 if (!info->attrs[NL80211_ATTR_MAC] || 3673 !info->attrs[NL80211_ATTR_SSID] || 3674 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3675 return -EINVAL; 3676 3677 rtnl_lock(); 3678 3679 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3680 if (err) 3681 goto unlock_rtnl; 3682 3683 if (!rdev->ops->assoc) { 3684 err = -EOPNOTSUPP; 3685 goto out; 3686 } 3687 3688 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3689 err = -EOPNOTSUPP; 3690 goto out; 3691 } 3692 3693 if (!netif_running(dev)) { 3694 err = -ENETDOWN; 3695 goto out; 3696 } 3697 3698 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3699 3700 chan = ieee80211_get_channel(&rdev->wiphy, 3701 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3702 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3703 err = -EINVAL; 3704 goto out; 3705 } 3706 3707 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3708 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3709 3710 if (info->attrs[NL80211_ATTR_IE]) { 3711 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3712 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3713 } 3714 3715 if (info->attrs[NL80211_ATTR_USE_MFP]) { 3716 enum nl80211_mfp mfp = 3717 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 3718 if (mfp == NL80211_MFP_REQUIRED) 3719 use_mfp = true; 3720 else if (mfp != NL80211_MFP_NO) { 3721 err = -EINVAL; 3722 goto out; 3723 } 3724 } 3725 3726 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 3727 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 3728 3729 err = nl80211_crypto_settings(info, &crypto, 1); 3730 if (!err) 3731 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 3732 ssid, ssid_len, ie, ie_len, use_mfp, 3733 &crypto); 3734 3735 out: 3736 cfg80211_unlock_rdev(rdev); 3737 dev_put(dev); 3738 unlock_rtnl: 3739 rtnl_unlock(); 3740 return err; 3741 } 3742 3743 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 3744 { 3745 struct cfg80211_registered_device *rdev; 3746 struct net_device *dev; 3747 const u8 *ie = NULL, *bssid; 3748 int err, ie_len = 0; 3749 u16 reason_code; 3750 bool local_state_change; 3751 3752 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3753 return -EINVAL; 3754 3755 if (!info->attrs[NL80211_ATTR_MAC]) 3756 return -EINVAL; 3757 3758 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3759 return -EINVAL; 3760 3761 rtnl_lock(); 3762 3763 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3764 if (err) 3765 goto unlock_rtnl; 3766 3767 if (!rdev->ops->deauth) { 3768 err = -EOPNOTSUPP; 3769 goto out; 3770 } 3771 3772 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3773 err = -EOPNOTSUPP; 3774 goto out; 3775 } 3776 3777 if (!netif_running(dev)) { 3778 err = -ENETDOWN; 3779 goto out; 3780 } 3781 3782 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3783 3784 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3785 if (reason_code == 0) { 3786 /* Reason Code 0 is reserved */ 3787 err = -EINVAL; 3788 goto out; 3789 } 3790 3791 if (info->attrs[NL80211_ATTR_IE]) { 3792 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3793 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3794 } 3795 3796 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3797 3798 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 3799 local_state_change); 3800 3801 out: 3802 cfg80211_unlock_rdev(rdev); 3803 dev_put(dev); 3804 unlock_rtnl: 3805 rtnl_unlock(); 3806 return err; 3807 } 3808 3809 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 3810 { 3811 struct cfg80211_registered_device *rdev; 3812 struct net_device *dev; 3813 const u8 *ie = NULL, *bssid; 3814 int err, ie_len = 0; 3815 u16 reason_code; 3816 bool local_state_change; 3817 3818 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3819 return -EINVAL; 3820 3821 if (!info->attrs[NL80211_ATTR_MAC]) 3822 return -EINVAL; 3823 3824 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3825 return -EINVAL; 3826 3827 rtnl_lock(); 3828 3829 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3830 if (err) 3831 goto unlock_rtnl; 3832 3833 if (!rdev->ops->disassoc) { 3834 err = -EOPNOTSUPP; 3835 goto out; 3836 } 3837 3838 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3839 err = -EOPNOTSUPP; 3840 goto out; 3841 } 3842 3843 if (!netif_running(dev)) { 3844 err = -ENETDOWN; 3845 goto out; 3846 } 3847 3848 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3849 3850 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3851 if (reason_code == 0) { 3852 /* Reason Code 0 is reserved */ 3853 err = -EINVAL; 3854 goto out; 3855 } 3856 3857 if (info->attrs[NL80211_ATTR_IE]) { 3858 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3859 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3860 } 3861 3862 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3863 3864 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 3865 local_state_change); 3866 3867 out: 3868 cfg80211_unlock_rdev(rdev); 3869 dev_put(dev); 3870 unlock_rtnl: 3871 rtnl_unlock(); 3872 return err; 3873 } 3874 3875 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 3876 { 3877 struct cfg80211_registered_device *rdev; 3878 struct net_device *dev; 3879 struct cfg80211_ibss_params ibss; 3880 struct wiphy *wiphy; 3881 struct cfg80211_cached_keys *connkeys = NULL; 3882 int err; 3883 3884 memset(&ibss, 0, sizeof(ibss)); 3885 3886 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3887 return -EINVAL; 3888 3889 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 3890 !info->attrs[NL80211_ATTR_SSID] || 3891 !nla_len(info->attrs[NL80211_ATTR_SSID])) 3892 return -EINVAL; 3893 3894 ibss.beacon_interval = 100; 3895 3896 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 3897 ibss.beacon_interval = 3898 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3899 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 3900 return -EINVAL; 3901 } 3902 3903 rtnl_lock(); 3904 3905 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3906 if (err) 3907 goto unlock_rtnl; 3908 3909 if (!rdev->ops->join_ibss) { 3910 err = -EOPNOTSUPP; 3911 goto out; 3912 } 3913 3914 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3915 err = -EOPNOTSUPP; 3916 goto out; 3917 } 3918 3919 if (!netif_running(dev)) { 3920 err = -ENETDOWN; 3921 goto out; 3922 } 3923 3924 wiphy = &rdev->wiphy; 3925 3926 if (info->attrs[NL80211_ATTR_MAC]) 3927 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3928 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3929 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3930 3931 if (info->attrs[NL80211_ATTR_IE]) { 3932 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3933 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3934 } 3935 3936 ibss.channel = ieee80211_get_channel(wiphy, 3937 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3938 if (!ibss.channel || 3939 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 3940 ibss.channel->flags & IEEE80211_CHAN_DISABLED) { 3941 err = -EINVAL; 3942 goto out; 3943 } 3944 3945 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 3946 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3947 3948 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 3949 connkeys = nl80211_parse_connkeys(rdev, 3950 info->attrs[NL80211_ATTR_KEYS]); 3951 if (IS_ERR(connkeys)) { 3952 err = PTR_ERR(connkeys); 3953 connkeys = NULL; 3954 goto out; 3955 } 3956 } 3957 3958 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 3959 3960 out: 3961 cfg80211_unlock_rdev(rdev); 3962 dev_put(dev); 3963 unlock_rtnl: 3964 if (err) 3965 kfree(connkeys); 3966 rtnl_unlock(); 3967 return err; 3968 } 3969 3970 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 3971 { 3972 struct cfg80211_registered_device *rdev; 3973 struct net_device *dev; 3974 int err; 3975 3976 rtnl_lock(); 3977 3978 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3979 if (err) 3980 goto unlock_rtnl; 3981 3982 if (!rdev->ops->leave_ibss) { 3983 err = -EOPNOTSUPP; 3984 goto out; 3985 } 3986 3987 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3988 err = -EOPNOTSUPP; 3989 goto out; 3990 } 3991 3992 if (!netif_running(dev)) { 3993 err = -ENETDOWN; 3994 goto out; 3995 } 3996 3997 err = cfg80211_leave_ibss(rdev, dev, false); 3998 3999 out: 4000 cfg80211_unlock_rdev(rdev); 4001 dev_put(dev); 4002 unlock_rtnl: 4003 rtnl_unlock(); 4004 return err; 4005 } 4006 4007 #ifdef CONFIG_NL80211_TESTMODE 4008 static struct genl_multicast_group nl80211_testmode_mcgrp = { 4009 .name = "testmode", 4010 }; 4011 4012 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4013 { 4014 struct cfg80211_registered_device *rdev; 4015 int err; 4016 4017 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4018 return -EINVAL; 4019 4020 rtnl_lock(); 4021 4022 rdev = cfg80211_get_dev_from_info(info); 4023 if (IS_ERR(rdev)) { 4024 err = PTR_ERR(rdev); 4025 goto unlock_rtnl; 4026 } 4027 4028 err = -EOPNOTSUPP; 4029 if (rdev->ops->testmode_cmd) { 4030 rdev->testmode_info = info; 4031 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4032 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4033 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4034 rdev->testmode_info = NULL; 4035 } 4036 4037 cfg80211_unlock_rdev(rdev); 4038 4039 unlock_rtnl: 4040 rtnl_unlock(); 4041 return err; 4042 } 4043 4044 static struct sk_buff * 4045 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 4046 int approxlen, u32 pid, u32 seq, gfp_t gfp) 4047 { 4048 struct sk_buff *skb; 4049 void *hdr; 4050 struct nlattr *data; 4051 4052 skb = nlmsg_new(approxlen + 100, gfp); 4053 if (!skb) 4054 return NULL; 4055 4056 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 4057 if (!hdr) { 4058 kfree_skb(skb); 4059 return NULL; 4060 } 4061 4062 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 4063 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4064 4065 ((void **)skb->cb)[0] = rdev; 4066 ((void **)skb->cb)[1] = hdr; 4067 ((void **)skb->cb)[2] = data; 4068 4069 return skb; 4070 4071 nla_put_failure: 4072 kfree_skb(skb); 4073 return NULL; 4074 } 4075 4076 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 4077 int approxlen) 4078 { 4079 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4080 4081 if (WARN_ON(!rdev->testmode_info)) 4082 return NULL; 4083 4084 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 4085 rdev->testmode_info->snd_pid, 4086 rdev->testmode_info->snd_seq, 4087 GFP_KERNEL); 4088 } 4089 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 4090 4091 int cfg80211_testmode_reply(struct sk_buff *skb) 4092 { 4093 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 4094 void *hdr = ((void **)skb->cb)[1]; 4095 struct nlattr *data = ((void **)skb->cb)[2]; 4096 4097 if (WARN_ON(!rdev->testmode_info)) { 4098 kfree_skb(skb); 4099 return -EINVAL; 4100 } 4101 4102 nla_nest_end(skb, data); 4103 genlmsg_end(skb, hdr); 4104 return genlmsg_reply(skb, rdev->testmode_info); 4105 } 4106 EXPORT_SYMBOL(cfg80211_testmode_reply); 4107 4108 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 4109 int approxlen, gfp_t gfp) 4110 { 4111 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4112 4113 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 4114 } 4115 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 4116 4117 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 4118 { 4119 void *hdr = ((void **)skb->cb)[1]; 4120 struct nlattr *data = ((void **)skb->cb)[2]; 4121 4122 nla_nest_end(skb, data); 4123 genlmsg_end(skb, hdr); 4124 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 4125 } 4126 EXPORT_SYMBOL(cfg80211_testmode_event); 4127 #endif 4128 4129 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 4130 { 4131 struct cfg80211_registered_device *rdev; 4132 struct net_device *dev; 4133 struct cfg80211_connect_params connect; 4134 struct wiphy *wiphy; 4135 struct cfg80211_cached_keys *connkeys = NULL; 4136 int err; 4137 4138 memset(&connect, 0, sizeof(connect)); 4139 4140 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4141 return -EINVAL; 4142 4143 if (!info->attrs[NL80211_ATTR_SSID] || 4144 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4145 return -EINVAL; 4146 4147 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4148 connect.auth_type = 4149 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4150 if (!nl80211_valid_auth_type(connect.auth_type)) 4151 return -EINVAL; 4152 } else 4153 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4154 4155 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 4156 4157 err = nl80211_crypto_settings(info, &connect.crypto, 4158 NL80211_MAX_NR_CIPHER_SUITES); 4159 if (err) 4160 return err; 4161 rtnl_lock(); 4162 4163 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4164 if (err) 4165 goto unlock_rtnl; 4166 4167 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4168 err = -EOPNOTSUPP; 4169 goto out; 4170 } 4171 4172 if (!netif_running(dev)) { 4173 err = -ENETDOWN; 4174 goto out; 4175 } 4176 4177 wiphy = &rdev->wiphy; 4178 4179 if (info->attrs[NL80211_ATTR_MAC]) 4180 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4181 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4182 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4183 4184 if (info->attrs[NL80211_ATTR_IE]) { 4185 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4186 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4187 } 4188 4189 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4190 connect.channel = 4191 ieee80211_get_channel(wiphy, 4192 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4193 if (!connect.channel || 4194 connect.channel->flags & IEEE80211_CHAN_DISABLED) { 4195 err = -EINVAL; 4196 goto out; 4197 } 4198 } 4199 4200 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4201 connkeys = nl80211_parse_connkeys(rdev, 4202 info->attrs[NL80211_ATTR_KEYS]); 4203 if (IS_ERR(connkeys)) { 4204 err = PTR_ERR(connkeys); 4205 connkeys = NULL; 4206 goto out; 4207 } 4208 } 4209 4210 err = cfg80211_connect(rdev, dev, &connect, connkeys); 4211 4212 out: 4213 cfg80211_unlock_rdev(rdev); 4214 dev_put(dev); 4215 unlock_rtnl: 4216 if (err) 4217 kfree(connkeys); 4218 rtnl_unlock(); 4219 return err; 4220 } 4221 4222 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 4223 { 4224 struct cfg80211_registered_device *rdev; 4225 struct net_device *dev; 4226 int err; 4227 u16 reason; 4228 4229 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4230 reason = WLAN_REASON_DEAUTH_LEAVING; 4231 else 4232 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4233 4234 if (reason == 0) 4235 return -EINVAL; 4236 4237 rtnl_lock(); 4238 4239 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4240 if (err) 4241 goto unlock_rtnl; 4242 4243 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4244 err = -EOPNOTSUPP; 4245 goto out; 4246 } 4247 4248 if (!netif_running(dev)) { 4249 err = -ENETDOWN; 4250 goto out; 4251 } 4252 4253 err = cfg80211_disconnect(rdev, dev, reason, true); 4254 4255 out: 4256 cfg80211_unlock_rdev(rdev); 4257 dev_put(dev); 4258 unlock_rtnl: 4259 rtnl_unlock(); 4260 return err; 4261 } 4262 4263 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 4264 { 4265 struct cfg80211_registered_device *rdev; 4266 struct net *net; 4267 int err; 4268 u32 pid; 4269 4270 if (!info->attrs[NL80211_ATTR_PID]) 4271 return -EINVAL; 4272 4273 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 4274 4275 rtnl_lock(); 4276 4277 rdev = cfg80211_get_dev_from_info(info); 4278 if (IS_ERR(rdev)) { 4279 err = PTR_ERR(rdev); 4280 goto out_rtnl; 4281 } 4282 4283 net = get_net_ns_by_pid(pid); 4284 if (IS_ERR(net)) { 4285 err = PTR_ERR(net); 4286 goto out; 4287 } 4288 4289 err = 0; 4290 4291 /* check if anything to do */ 4292 if (net_eq(wiphy_net(&rdev->wiphy), net)) 4293 goto out_put_net; 4294 4295 err = cfg80211_switch_netns(rdev, net); 4296 out_put_net: 4297 put_net(net); 4298 out: 4299 cfg80211_unlock_rdev(rdev); 4300 out_rtnl: 4301 rtnl_unlock(); 4302 return err; 4303 } 4304 4305 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 4306 { 4307 struct cfg80211_registered_device *rdev; 4308 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 4309 struct cfg80211_pmksa *pmksa) = NULL; 4310 int err; 4311 struct net_device *dev; 4312 struct cfg80211_pmksa pmksa; 4313 4314 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 4315 4316 if (!info->attrs[NL80211_ATTR_MAC]) 4317 return -EINVAL; 4318 4319 if (!info->attrs[NL80211_ATTR_PMKID]) 4320 return -EINVAL; 4321 4322 rtnl_lock(); 4323 4324 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4325 if (err) 4326 goto out_rtnl; 4327 4328 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 4329 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4330 4331 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4332 err = -EOPNOTSUPP; 4333 goto out; 4334 } 4335 4336 switch (info->genlhdr->cmd) { 4337 case NL80211_CMD_SET_PMKSA: 4338 rdev_ops = rdev->ops->set_pmksa; 4339 break; 4340 case NL80211_CMD_DEL_PMKSA: 4341 rdev_ops = rdev->ops->del_pmksa; 4342 break; 4343 default: 4344 WARN_ON(1); 4345 break; 4346 } 4347 4348 if (!rdev_ops) { 4349 err = -EOPNOTSUPP; 4350 goto out; 4351 } 4352 4353 err = rdev_ops(&rdev->wiphy, dev, &pmksa); 4354 4355 out: 4356 cfg80211_unlock_rdev(rdev); 4357 dev_put(dev); 4358 out_rtnl: 4359 rtnl_unlock(); 4360 4361 return err; 4362 } 4363 4364 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 4365 { 4366 struct cfg80211_registered_device *rdev; 4367 int err; 4368 struct net_device *dev; 4369 4370 rtnl_lock(); 4371 4372 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4373 if (err) 4374 goto out_rtnl; 4375 4376 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4377 err = -EOPNOTSUPP; 4378 goto out; 4379 } 4380 4381 if (!rdev->ops->flush_pmksa) { 4382 err = -EOPNOTSUPP; 4383 goto out; 4384 } 4385 4386 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev); 4387 4388 out: 4389 cfg80211_unlock_rdev(rdev); 4390 dev_put(dev); 4391 out_rtnl: 4392 rtnl_unlock(); 4393 4394 return err; 4395 4396 } 4397 4398 static int nl80211_remain_on_channel(struct sk_buff *skb, 4399 struct genl_info *info) 4400 { 4401 struct cfg80211_registered_device *rdev; 4402 struct net_device *dev; 4403 struct ieee80211_channel *chan; 4404 struct sk_buff *msg; 4405 void *hdr; 4406 u64 cookie; 4407 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4408 u32 freq, duration; 4409 int err; 4410 4411 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4412 !info->attrs[NL80211_ATTR_DURATION]) 4413 return -EINVAL; 4414 4415 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 4416 4417 /* 4418 * We should be on that channel for at least one jiffie, 4419 * and more than 5 seconds seems excessive. 4420 */ 4421 if (!duration || !msecs_to_jiffies(duration) || duration > 5000) 4422 return -EINVAL; 4423 4424 rtnl_lock(); 4425 4426 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4427 if (err) 4428 goto unlock_rtnl; 4429 4430 if (!rdev->ops->remain_on_channel) { 4431 err = -EOPNOTSUPP; 4432 goto out; 4433 } 4434 4435 if (!netif_running(dev)) { 4436 err = -ENETDOWN; 4437 goto out; 4438 } 4439 4440 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4441 channel_type = nla_get_u32( 4442 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4443 if (channel_type != NL80211_CHAN_NO_HT && 4444 channel_type != NL80211_CHAN_HT20 && 4445 channel_type != NL80211_CHAN_HT40PLUS && 4446 channel_type != NL80211_CHAN_HT40MINUS) 4447 err = -EINVAL; 4448 goto out; 4449 } 4450 4451 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4452 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4453 if (chan == NULL) { 4454 err = -EINVAL; 4455 goto out; 4456 } 4457 4458 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4459 if (!msg) { 4460 err = -ENOMEM; 4461 goto out; 4462 } 4463 4464 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4465 NL80211_CMD_REMAIN_ON_CHANNEL); 4466 4467 if (IS_ERR(hdr)) { 4468 err = PTR_ERR(hdr); 4469 goto free_msg; 4470 } 4471 4472 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 4473 channel_type, duration, &cookie); 4474 4475 if (err) 4476 goto free_msg; 4477 4478 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4479 4480 genlmsg_end(msg, hdr); 4481 err = genlmsg_reply(msg, info); 4482 goto out; 4483 4484 nla_put_failure: 4485 err = -ENOBUFS; 4486 free_msg: 4487 nlmsg_free(msg); 4488 out: 4489 cfg80211_unlock_rdev(rdev); 4490 dev_put(dev); 4491 unlock_rtnl: 4492 rtnl_unlock(); 4493 return err; 4494 } 4495 4496 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 4497 struct genl_info *info) 4498 { 4499 struct cfg80211_registered_device *rdev; 4500 struct net_device *dev; 4501 u64 cookie; 4502 int err; 4503 4504 if (!info->attrs[NL80211_ATTR_COOKIE]) 4505 return -EINVAL; 4506 4507 rtnl_lock(); 4508 4509 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4510 if (err) 4511 goto unlock_rtnl; 4512 4513 if (!rdev->ops->cancel_remain_on_channel) { 4514 err = -EOPNOTSUPP; 4515 goto out; 4516 } 4517 4518 if (!netif_running(dev)) { 4519 err = -ENETDOWN; 4520 goto out; 4521 } 4522 4523 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 4524 4525 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 4526 4527 out: 4528 cfg80211_unlock_rdev(rdev); 4529 dev_put(dev); 4530 unlock_rtnl: 4531 rtnl_unlock(); 4532 return err; 4533 } 4534 4535 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4536 u8 *rates, u8 rates_len) 4537 { 4538 u8 i; 4539 u32 mask = 0; 4540 4541 for (i = 0; i < rates_len; i++) { 4542 int rate = (rates[i] & 0x7f) * 5; 4543 int ridx; 4544 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4545 struct ieee80211_rate *srate = 4546 &sband->bitrates[ridx]; 4547 if (rate == srate->bitrate) { 4548 mask |= 1 << ridx; 4549 break; 4550 } 4551 } 4552 if (ridx == sband->n_bitrates) 4553 return 0; /* rate not found */ 4554 } 4555 4556 return mask; 4557 } 4558 4559 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 4560 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 4561 .len = NL80211_MAX_SUPP_RATES }, 4562 }; 4563 4564 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 4565 struct genl_info *info) 4566 { 4567 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4568 struct cfg80211_registered_device *rdev; 4569 struct cfg80211_bitrate_mask mask; 4570 int err, rem, i; 4571 struct net_device *dev; 4572 struct nlattr *tx_rates; 4573 struct ieee80211_supported_band *sband; 4574 4575 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 4576 return -EINVAL; 4577 4578 rtnl_lock(); 4579 4580 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4581 if (err) 4582 goto unlock_rtnl; 4583 4584 if (!rdev->ops->set_bitrate_mask) { 4585 err = -EOPNOTSUPP; 4586 goto unlock; 4587 } 4588 4589 memset(&mask, 0, sizeof(mask)); 4590 /* Default to all rates enabled */ 4591 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 4592 sband = rdev->wiphy.bands[i]; 4593 mask.control[i].legacy = 4594 sband ? (1 << sband->n_bitrates) - 1 : 0; 4595 } 4596 4597 /* 4598 * The nested attribute uses enum nl80211_band as the index. This maps 4599 * directly to the enum ieee80211_band values used in cfg80211. 4600 */ 4601 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 4602 { 4603 enum ieee80211_band band = nla_type(tx_rates); 4604 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4605 err = -EINVAL; 4606 goto unlock; 4607 } 4608 sband = rdev->wiphy.bands[band]; 4609 if (sband == NULL) { 4610 err = -EINVAL; 4611 goto unlock; 4612 } 4613 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 4614 nla_len(tx_rates), nl80211_txattr_policy); 4615 if (tb[NL80211_TXRATE_LEGACY]) { 4616 mask.control[band].legacy = rateset_to_mask( 4617 sband, 4618 nla_data(tb[NL80211_TXRATE_LEGACY]), 4619 nla_len(tb[NL80211_TXRATE_LEGACY])); 4620 if (mask.control[band].legacy == 0) { 4621 err = -EINVAL; 4622 goto unlock; 4623 } 4624 } 4625 } 4626 4627 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 4628 4629 unlock: 4630 dev_put(dev); 4631 cfg80211_unlock_rdev(rdev); 4632 unlock_rtnl: 4633 rtnl_unlock(); 4634 return err; 4635 } 4636 4637 static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info) 4638 { 4639 struct cfg80211_registered_device *rdev; 4640 struct net_device *dev; 4641 int err; 4642 4643 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 4644 return -EINVAL; 4645 4646 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1) 4647 return -EINVAL; 4648 4649 rtnl_lock(); 4650 4651 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4652 if (err) 4653 goto unlock_rtnl; 4654 4655 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4656 err = -EOPNOTSUPP; 4657 goto out; 4658 } 4659 4660 /* not much point in registering if we can't reply */ 4661 if (!rdev->ops->action) { 4662 err = -EOPNOTSUPP; 4663 goto out; 4664 } 4665 4666 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid, 4667 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 4668 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 4669 out: 4670 cfg80211_unlock_rdev(rdev); 4671 dev_put(dev); 4672 unlock_rtnl: 4673 rtnl_unlock(); 4674 return err; 4675 } 4676 4677 static int nl80211_action(struct sk_buff *skb, struct genl_info *info) 4678 { 4679 struct cfg80211_registered_device *rdev; 4680 struct net_device *dev; 4681 struct ieee80211_channel *chan; 4682 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4683 u32 freq; 4684 int err; 4685 void *hdr; 4686 u64 cookie; 4687 struct sk_buff *msg; 4688 4689 if (!info->attrs[NL80211_ATTR_FRAME] || 4690 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4691 return -EINVAL; 4692 4693 rtnl_lock(); 4694 4695 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4696 if (err) 4697 goto unlock_rtnl; 4698 4699 if (!rdev->ops->action) { 4700 err = -EOPNOTSUPP; 4701 goto out; 4702 } 4703 4704 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4705 err = -EOPNOTSUPP; 4706 goto out; 4707 } 4708 4709 if (!netif_running(dev)) { 4710 err = -ENETDOWN; 4711 goto out; 4712 } 4713 4714 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4715 channel_type = nla_get_u32( 4716 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4717 if (channel_type != NL80211_CHAN_NO_HT && 4718 channel_type != NL80211_CHAN_HT20 && 4719 channel_type != NL80211_CHAN_HT40PLUS && 4720 channel_type != NL80211_CHAN_HT40MINUS) 4721 err = -EINVAL; 4722 goto out; 4723 } 4724 4725 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4726 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4727 if (chan == NULL) { 4728 err = -EINVAL; 4729 goto out; 4730 } 4731 4732 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4733 if (!msg) { 4734 err = -ENOMEM; 4735 goto out; 4736 } 4737 4738 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4739 NL80211_CMD_ACTION); 4740 4741 if (IS_ERR(hdr)) { 4742 err = PTR_ERR(hdr); 4743 goto free_msg; 4744 } 4745 err = cfg80211_mlme_action(rdev, dev, chan, channel_type, 4746 nla_data(info->attrs[NL80211_ATTR_FRAME]), 4747 nla_len(info->attrs[NL80211_ATTR_FRAME]), 4748 &cookie); 4749 if (err) 4750 goto free_msg; 4751 4752 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4753 4754 genlmsg_end(msg, hdr); 4755 err = genlmsg_reply(msg, info); 4756 goto out; 4757 4758 nla_put_failure: 4759 err = -ENOBUFS; 4760 free_msg: 4761 nlmsg_free(msg); 4762 out: 4763 cfg80211_unlock_rdev(rdev); 4764 dev_put(dev); 4765 unlock_rtnl: 4766 rtnl_unlock(); 4767 return err; 4768 } 4769 4770 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 4771 { 4772 struct cfg80211_registered_device *rdev; 4773 struct wireless_dev *wdev; 4774 struct net_device *dev; 4775 u8 ps_state; 4776 bool state; 4777 int err; 4778 4779 if (!info->attrs[NL80211_ATTR_PS_STATE]) { 4780 err = -EINVAL; 4781 goto out; 4782 } 4783 4784 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 4785 4786 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) { 4787 err = -EINVAL; 4788 goto out; 4789 } 4790 4791 rtnl_lock(); 4792 4793 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4794 if (err) 4795 goto unlock_rdev; 4796 4797 wdev = dev->ieee80211_ptr; 4798 4799 if (!rdev->ops->set_power_mgmt) { 4800 err = -EOPNOTSUPP; 4801 goto unlock_rdev; 4802 } 4803 4804 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 4805 4806 if (state == wdev->ps) 4807 goto unlock_rdev; 4808 4809 wdev->ps = state; 4810 4811 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps, 4812 wdev->ps_timeout)) 4813 /* assume this means it's off */ 4814 wdev->ps = false; 4815 4816 unlock_rdev: 4817 cfg80211_unlock_rdev(rdev); 4818 dev_put(dev); 4819 rtnl_unlock(); 4820 4821 out: 4822 return err; 4823 } 4824 4825 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 4826 { 4827 struct cfg80211_registered_device *rdev; 4828 enum nl80211_ps_state ps_state; 4829 struct wireless_dev *wdev; 4830 struct net_device *dev; 4831 struct sk_buff *msg; 4832 void *hdr; 4833 int err; 4834 4835 rtnl_lock(); 4836 4837 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4838 if (err) 4839 goto unlock_rtnl; 4840 4841 wdev = dev->ieee80211_ptr; 4842 4843 if (!rdev->ops->set_power_mgmt) { 4844 err = -EOPNOTSUPP; 4845 goto out; 4846 } 4847 4848 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4849 if (!msg) { 4850 err = -ENOMEM; 4851 goto out; 4852 } 4853 4854 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4855 NL80211_CMD_GET_POWER_SAVE); 4856 if (!hdr) { 4857 err = -ENOMEM; 4858 goto free_msg; 4859 } 4860 4861 if (wdev->ps) 4862 ps_state = NL80211_PS_ENABLED; 4863 else 4864 ps_state = NL80211_PS_DISABLED; 4865 4866 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 4867 4868 genlmsg_end(msg, hdr); 4869 err = genlmsg_reply(msg, info); 4870 goto out; 4871 4872 nla_put_failure: 4873 err = -ENOBUFS; 4874 4875 free_msg: 4876 nlmsg_free(msg); 4877 4878 out: 4879 cfg80211_unlock_rdev(rdev); 4880 dev_put(dev); 4881 4882 unlock_rtnl: 4883 rtnl_unlock(); 4884 4885 return err; 4886 } 4887 4888 static struct nla_policy 4889 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 4890 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 4891 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 4892 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 4893 }; 4894 4895 static int nl80211_set_cqm_rssi(struct genl_info *info, 4896 s32 threshold, u32 hysteresis) 4897 { 4898 struct cfg80211_registered_device *rdev; 4899 struct wireless_dev *wdev; 4900 struct net_device *dev; 4901 int err; 4902 4903 if (threshold > 0) 4904 return -EINVAL; 4905 4906 rtnl_lock(); 4907 4908 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4909 if (err) 4910 goto unlock_rdev; 4911 4912 wdev = dev->ieee80211_ptr; 4913 4914 if (!rdev->ops->set_cqm_rssi_config) { 4915 err = -EOPNOTSUPP; 4916 goto unlock_rdev; 4917 } 4918 4919 if (wdev->iftype != NL80211_IFTYPE_STATION) { 4920 err = -EOPNOTSUPP; 4921 goto unlock_rdev; 4922 } 4923 4924 err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 4925 threshold, hysteresis); 4926 4927 unlock_rdev: 4928 cfg80211_unlock_rdev(rdev); 4929 dev_put(dev); 4930 rtnl_unlock(); 4931 4932 return err; 4933 } 4934 4935 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 4936 { 4937 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 4938 struct nlattr *cqm; 4939 int err; 4940 4941 cqm = info->attrs[NL80211_ATTR_CQM]; 4942 if (!cqm) { 4943 err = -EINVAL; 4944 goto out; 4945 } 4946 4947 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 4948 nl80211_attr_cqm_policy); 4949 if (err) 4950 goto out; 4951 4952 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 4953 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 4954 s32 threshold; 4955 u32 hysteresis; 4956 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 4957 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 4958 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 4959 } else 4960 err = -EINVAL; 4961 4962 out: 4963 return err; 4964 } 4965 4966 static struct genl_ops nl80211_ops[] = { 4967 { 4968 .cmd = NL80211_CMD_GET_WIPHY, 4969 .doit = nl80211_get_wiphy, 4970 .dumpit = nl80211_dump_wiphy, 4971 .policy = nl80211_policy, 4972 /* can be retrieved by unprivileged users */ 4973 }, 4974 { 4975 .cmd = NL80211_CMD_SET_WIPHY, 4976 .doit = nl80211_set_wiphy, 4977 .policy = nl80211_policy, 4978 .flags = GENL_ADMIN_PERM, 4979 }, 4980 { 4981 .cmd = NL80211_CMD_GET_INTERFACE, 4982 .doit = nl80211_get_interface, 4983 .dumpit = nl80211_dump_interface, 4984 .policy = nl80211_policy, 4985 /* can be retrieved by unprivileged users */ 4986 }, 4987 { 4988 .cmd = NL80211_CMD_SET_INTERFACE, 4989 .doit = nl80211_set_interface, 4990 .policy = nl80211_policy, 4991 .flags = GENL_ADMIN_PERM, 4992 }, 4993 { 4994 .cmd = NL80211_CMD_NEW_INTERFACE, 4995 .doit = nl80211_new_interface, 4996 .policy = nl80211_policy, 4997 .flags = GENL_ADMIN_PERM, 4998 }, 4999 { 5000 .cmd = NL80211_CMD_DEL_INTERFACE, 5001 .doit = nl80211_del_interface, 5002 .policy = nl80211_policy, 5003 .flags = GENL_ADMIN_PERM, 5004 }, 5005 { 5006 .cmd = NL80211_CMD_GET_KEY, 5007 .doit = nl80211_get_key, 5008 .policy = nl80211_policy, 5009 .flags = GENL_ADMIN_PERM, 5010 }, 5011 { 5012 .cmd = NL80211_CMD_SET_KEY, 5013 .doit = nl80211_set_key, 5014 .policy = nl80211_policy, 5015 .flags = GENL_ADMIN_PERM, 5016 }, 5017 { 5018 .cmd = NL80211_CMD_NEW_KEY, 5019 .doit = nl80211_new_key, 5020 .policy = nl80211_policy, 5021 .flags = GENL_ADMIN_PERM, 5022 }, 5023 { 5024 .cmd = NL80211_CMD_DEL_KEY, 5025 .doit = nl80211_del_key, 5026 .policy = nl80211_policy, 5027 .flags = GENL_ADMIN_PERM, 5028 }, 5029 { 5030 .cmd = NL80211_CMD_SET_BEACON, 5031 .policy = nl80211_policy, 5032 .flags = GENL_ADMIN_PERM, 5033 .doit = nl80211_addset_beacon, 5034 }, 5035 { 5036 .cmd = NL80211_CMD_NEW_BEACON, 5037 .policy = nl80211_policy, 5038 .flags = GENL_ADMIN_PERM, 5039 .doit = nl80211_addset_beacon, 5040 }, 5041 { 5042 .cmd = NL80211_CMD_DEL_BEACON, 5043 .policy = nl80211_policy, 5044 .flags = GENL_ADMIN_PERM, 5045 .doit = nl80211_del_beacon, 5046 }, 5047 { 5048 .cmd = NL80211_CMD_GET_STATION, 5049 .doit = nl80211_get_station, 5050 .dumpit = nl80211_dump_station, 5051 .policy = nl80211_policy, 5052 }, 5053 { 5054 .cmd = NL80211_CMD_SET_STATION, 5055 .doit = nl80211_set_station, 5056 .policy = nl80211_policy, 5057 .flags = GENL_ADMIN_PERM, 5058 }, 5059 { 5060 .cmd = NL80211_CMD_NEW_STATION, 5061 .doit = nl80211_new_station, 5062 .policy = nl80211_policy, 5063 .flags = GENL_ADMIN_PERM, 5064 }, 5065 { 5066 .cmd = NL80211_CMD_DEL_STATION, 5067 .doit = nl80211_del_station, 5068 .policy = nl80211_policy, 5069 .flags = GENL_ADMIN_PERM, 5070 }, 5071 { 5072 .cmd = NL80211_CMD_GET_MPATH, 5073 .doit = nl80211_get_mpath, 5074 .dumpit = nl80211_dump_mpath, 5075 .policy = nl80211_policy, 5076 .flags = GENL_ADMIN_PERM, 5077 }, 5078 { 5079 .cmd = NL80211_CMD_SET_MPATH, 5080 .doit = nl80211_set_mpath, 5081 .policy = nl80211_policy, 5082 .flags = GENL_ADMIN_PERM, 5083 }, 5084 { 5085 .cmd = NL80211_CMD_NEW_MPATH, 5086 .doit = nl80211_new_mpath, 5087 .policy = nl80211_policy, 5088 .flags = GENL_ADMIN_PERM, 5089 }, 5090 { 5091 .cmd = NL80211_CMD_DEL_MPATH, 5092 .doit = nl80211_del_mpath, 5093 .policy = nl80211_policy, 5094 .flags = GENL_ADMIN_PERM, 5095 }, 5096 { 5097 .cmd = NL80211_CMD_SET_BSS, 5098 .doit = nl80211_set_bss, 5099 .policy = nl80211_policy, 5100 .flags = GENL_ADMIN_PERM, 5101 }, 5102 { 5103 .cmd = NL80211_CMD_GET_REG, 5104 .doit = nl80211_get_reg, 5105 .policy = nl80211_policy, 5106 /* can be retrieved by unprivileged users */ 5107 }, 5108 { 5109 .cmd = NL80211_CMD_SET_REG, 5110 .doit = nl80211_set_reg, 5111 .policy = nl80211_policy, 5112 .flags = GENL_ADMIN_PERM, 5113 }, 5114 { 5115 .cmd = NL80211_CMD_REQ_SET_REG, 5116 .doit = nl80211_req_set_reg, 5117 .policy = nl80211_policy, 5118 .flags = GENL_ADMIN_PERM, 5119 }, 5120 { 5121 .cmd = NL80211_CMD_GET_MESH_PARAMS, 5122 .doit = nl80211_get_mesh_params, 5123 .policy = nl80211_policy, 5124 /* can be retrieved by unprivileged users */ 5125 }, 5126 { 5127 .cmd = NL80211_CMD_SET_MESH_PARAMS, 5128 .doit = nl80211_set_mesh_params, 5129 .policy = nl80211_policy, 5130 .flags = GENL_ADMIN_PERM, 5131 }, 5132 { 5133 .cmd = NL80211_CMD_TRIGGER_SCAN, 5134 .doit = nl80211_trigger_scan, 5135 .policy = nl80211_policy, 5136 .flags = GENL_ADMIN_PERM, 5137 }, 5138 { 5139 .cmd = NL80211_CMD_GET_SCAN, 5140 .policy = nl80211_policy, 5141 .dumpit = nl80211_dump_scan, 5142 }, 5143 { 5144 .cmd = NL80211_CMD_AUTHENTICATE, 5145 .doit = nl80211_authenticate, 5146 .policy = nl80211_policy, 5147 .flags = GENL_ADMIN_PERM, 5148 }, 5149 { 5150 .cmd = NL80211_CMD_ASSOCIATE, 5151 .doit = nl80211_associate, 5152 .policy = nl80211_policy, 5153 .flags = GENL_ADMIN_PERM, 5154 }, 5155 { 5156 .cmd = NL80211_CMD_DEAUTHENTICATE, 5157 .doit = nl80211_deauthenticate, 5158 .policy = nl80211_policy, 5159 .flags = GENL_ADMIN_PERM, 5160 }, 5161 { 5162 .cmd = NL80211_CMD_DISASSOCIATE, 5163 .doit = nl80211_disassociate, 5164 .policy = nl80211_policy, 5165 .flags = GENL_ADMIN_PERM, 5166 }, 5167 { 5168 .cmd = NL80211_CMD_JOIN_IBSS, 5169 .doit = nl80211_join_ibss, 5170 .policy = nl80211_policy, 5171 .flags = GENL_ADMIN_PERM, 5172 }, 5173 { 5174 .cmd = NL80211_CMD_LEAVE_IBSS, 5175 .doit = nl80211_leave_ibss, 5176 .policy = nl80211_policy, 5177 .flags = GENL_ADMIN_PERM, 5178 }, 5179 #ifdef CONFIG_NL80211_TESTMODE 5180 { 5181 .cmd = NL80211_CMD_TESTMODE, 5182 .doit = nl80211_testmode_do, 5183 .policy = nl80211_policy, 5184 .flags = GENL_ADMIN_PERM, 5185 }, 5186 #endif 5187 { 5188 .cmd = NL80211_CMD_CONNECT, 5189 .doit = nl80211_connect, 5190 .policy = nl80211_policy, 5191 .flags = GENL_ADMIN_PERM, 5192 }, 5193 { 5194 .cmd = NL80211_CMD_DISCONNECT, 5195 .doit = nl80211_disconnect, 5196 .policy = nl80211_policy, 5197 .flags = GENL_ADMIN_PERM, 5198 }, 5199 { 5200 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 5201 .doit = nl80211_wiphy_netns, 5202 .policy = nl80211_policy, 5203 .flags = GENL_ADMIN_PERM, 5204 }, 5205 { 5206 .cmd = NL80211_CMD_GET_SURVEY, 5207 .policy = nl80211_policy, 5208 .dumpit = nl80211_dump_survey, 5209 }, 5210 { 5211 .cmd = NL80211_CMD_SET_PMKSA, 5212 .doit = nl80211_setdel_pmksa, 5213 .policy = nl80211_policy, 5214 .flags = GENL_ADMIN_PERM, 5215 }, 5216 { 5217 .cmd = NL80211_CMD_DEL_PMKSA, 5218 .doit = nl80211_setdel_pmksa, 5219 .policy = nl80211_policy, 5220 .flags = GENL_ADMIN_PERM, 5221 }, 5222 { 5223 .cmd = NL80211_CMD_FLUSH_PMKSA, 5224 .doit = nl80211_flush_pmksa, 5225 .policy = nl80211_policy, 5226 .flags = GENL_ADMIN_PERM, 5227 }, 5228 { 5229 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 5230 .doit = nl80211_remain_on_channel, 5231 .policy = nl80211_policy, 5232 .flags = GENL_ADMIN_PERM, 5233 }, 5234 { 5235 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5236 .doit = nl80211_cancel_remain_on_channel, 5237 .policy = nl80211_policy, 5238 .flags = GENL_ADMIN_PERM, 5239 }, 5240 { 5241 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 5242 .doit = nl80211_set_tx_bitrate_mask, 5243 .policy = nl80211_policy, 5244 .flags = GENL_ADMIN_PERM, 5245 }, 5246 { 5247 .cmd = NL80211_CMD_REGISTER_ACTION, 5248 .doit = nl80211_register_action, 5249 .policy = nl80211_policy, 5250 .flags = GENL_ADMIN_PERM, 5251 }, 5252 { 5253 .cmd = NL80211_CMD_ACTION, 5254 .doit = nl80211_action, 5255 .policy = nl80211_policy, 5256 .flags = GENL_ADMIN_PERM, 5257 }, 5258 { 5259 .cmd = NL80211_CMD_SET_POWER_SAVE, 5260 .doit = nl80211_set_power_save, 5261 .policy = nl80211_policy, 5262 .flags = GENL_ADMIN_PERM, 5263 }, 5264 { 5265 .cmd = NL80211_CMD_GET_POWER_SAVE, 5266 .doit = nl80211_get_power_save, 5267 .policy = nl80211_policy, 5268 /* can be retrieved by unprivileged users */ 5269 }, 5270 { 5271 .cmd = NL80211_CMD_SET_CQM, 5272 .doit = nl80211_set_cqm, 5273 .policy = nl80211_policy, 5274 .flags = GENL_ADMIN_PERM, 5275 }, 5276 { 5277 .cmd = NL80211_CMD_SET_CHANNEL, 5278 .doit = nl80211_set_channel, 5279 .policy = nl80211_policy, 5280 .flags = GENL_ADMIN_PERM, 5281 }, 5282 }; 5283 5284 static struct genl_multicast_group nl80211_mlme_mcgrp = { 5285 .name = "mlme", 5286 }; 5287 5288 /* multicast groups */ 5289 static struct genl_multicast_group nl80211_config_mcgrp = { 5290 .name = "config", 5291 }; 5292 static struct genl_multicast_group nl80211_scan_mcgrp = { 5293 .name = "scan", 5294 }; 5295 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 5296 .name = "regulatory", 5297 }; 5298 5299 /* notification functions */ 5300 5301 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 5302 { 5303 struct sk_buff *msg; 5304 5305 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5306 if (!msg) 5307 return; 5308 5309 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 5310 nlmsg_free(msg); 5311 return; 5312 } 5313 5314 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5315 nl80211_config_mcgrp.id, GFP_KERNEL); 5316 } 5317 5318 static int nl80211_add_scan_req(struct sk_buff *msg, 5319 struct cfg80211_registered_device *rdev) 5320 { 5321 struct cfg80211_scan_request *req = rdev->scan_req; 5322 struct nlattr *nest; 5323 int i; 5324 5325 ASSERT_RDEV_LOCK(rdev); 5326 5327 if (WARN_ON(!req)) 5328 return 0; 5329 5330 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 5331 if (!nest) 5332 goto nla_put_failure; 5333 for (i = 0; i < req->n_ssids; i++) 5334 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 5335 nla_nest_end(msg, nest); 5336 5337 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5338 if (!nest) 5339 goto nla_put_failure; 5340 for (i = 0; i < req->n_channels; i++) 5341 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 5342 nla_nest_end(msg, nest); 5343 5344 if (req->ie) 5345 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 5346 5347 return 0; 5348 nla_put_failure: 5349 return -ENOBUFS; 5350 } 5351 5352 static int nl80211_send_scan_msg(struct sk_buff *msg, 5353 struct cfg80211_registered_device *rdev, 5354 struct net_device *netdev, 5355 u32 pid, u32 seq, int flags, 5356 u32 cmd) 5357 { 5358 void *hdr; 5359 5360 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 5361 if (!hdr) 5362 return -1; 5363 5364 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5365 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5366 5367 /* ignore errors and send incomplete event anyway */ 5368 nl80211_add_scan_req(msg, rdev); 5369 5370 return genlmsg_end(msg, hdr); 5371 5372 nla_put_failure: 5373 genlmsg_cancel(msg, hdr); 5374 return -EMSGSIZE; 5375 } 5376 5377 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 5378 struct net_device *netdev) 5379 { 5380 struct sk_buff *msg; 5381 5382 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5383 if (!msg) 5384 return; 5385 5386 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5387 NL80211_CMD_TRIGGER_SCAN) < 0) { 5388 nlmsg_free(msg); 5389 return; 5390 } 5391 5392 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5393 nl80211_scan_mcgrp.id, GFP_KERNEL); 5394 } 5395 5396 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 5397 struct net_device *netdev) 5398 { 5399 struct sk_buff *msg; 5400 5401 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5402 if (!msg) 5403 return; 5404 5405 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5406 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 5407 nlmsg_free(msg); 5408 return; 5409 } 5410 5411 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5412 nl80211_scan_mcgrp.id, GFP_KERNEL); 5413 } 5414 5415 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 5416 struct net_device *netdev) 5417 { 5418 struct sk_buff *msg; 5419 5420 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5421 if (!msg) 5422 return; 5423 5424 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5425 NL80211_CMD_SCAN_ABORTED) < 0) { 5426 nlmsg_free(msg); 5427 return; 5428 } 5429 5430 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5431 nl80211_scan_mcgrp.id, GFP_KERNEL); 5432 } 5433 5434 /* 5435 * This can happen on global regulatory changes or device specific settings 5436 * based on custom world regulatory domains. 5437 */ 5438 void nl80211_send_reg_change_event(struct regulatory_request *request) 5439 { 5440 struct sk_buff *msg; 5441 void *hdr; 5442 5443 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5444 if (!msg) 5445 return; 5446 5447 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 5448 if (!hdr) { 5449 nlmsg_free(msg); 5450 return; 5451 } 5452 5453 /* Userspace can always count this one always being set */ 5454 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 5455 5456 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 5457 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5458 NL80211_REGDOM_TYPE_WORLD); 5459 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 5460 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5461 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 5462 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 5463 request->intersect) 5464 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5465 NL80211_REGDOM_TYPE_INTERSECTION); 5466 else { 5467 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5468 NL80211_REGDOM_TYPE_COUNTRY); 5469 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 5470 } 5471 5472 if (wiphy_idx_valid(request->wiphy_idx)) 5473 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 5474 5475 if (genlmsg_end(msg, hdr) < 0) { 5476 nlmsg_free(msg); 5477 return; 5478 } 5479 5480 rcu_read_lock(); 5481 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5482 GFP_ATOMIC); 5483 rcu_read_unlock(); 5484 5485 return; 5486 5487 nla_put_failure: 5488 genlmsg_cancel(msg, hdr); 5489 nlmsg_free(msg); 5490 } 5491 5492 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 5493 struct net_device *netdev, 5494 const u8 *buf, size_t len, 5495 enum nl80211_commands cmd, gfp_t gfp) 5496 { 5497 struct sk_buff *msg; 5498 void *hdr; 5499 5500 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5501 if (!msg) 5502 return; 5503 5504 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5505 if (!hdr) { 5506 nlmsg_free(msg); 5507 return; 5508 } 5509 5510 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5511 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5512 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5513 5514 if (genlmsg_end(msg, hdr) < 0) { 5515 nlmsg_free(msg); 5516 return; 5517 } 5518 5519 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5520 nl80211_mlme_mcgrp.id, gfp); 5521 return; 5522 5523 nla_put_failure: 5524 genlmsg_cancel(msg, hdr); 5525 nlmsg_free(msg); 5526 } 5527 5528 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 5529 struct net_device *netdev, const u8 *buf, 5530 size_t len, gfp_t gfp) 5531 { 5532 nl80211_send_mlme_event(rdev, netdev, buf, len, 5533 NL80211_CMD_AUTHENTICATE, gfp); 5534 } 5535 5536 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 5537 struct net_device *netdev, const u8 *buf, 5538 size_t len, gfp_t gfp) 5539 { 5540 nl80211_send_mlme_event(rdev, netdev, buf, len, 5541 NL80211_CMD_ASSOCIATE, gfp); 5542 } 5543 5544 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 5545 struct net_device *netdev, const u8 *buf, 5546 size_t len, gfp_t gfp) 5547 { 5548 nl80211_send_mlme_event(rdev, netdev, buf, len, 5549 NL80211_CMD_DEAUTHENTICATE, gfp); 5550 } 5551 5552 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 5553 struct net_device *netdev, const u8 *buf, 5554 size_t len, gfp_t gfp) 5555 { 5556 nl80211_send_mlme_event(rdev, netdev, buf, len, 5557 NL80211_CMD_DISASSOCIATE, gfp); 5558 } 5559 5560 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 5561 struct net_device *netdev, int cmd, 5562 const u8 *addr, gfp_t gfp) 5563 { 5564 struct sk_buff *msg; 5565 void *hdr; 5566 5567 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5568 if (!msg) 5569 return; 5570 5571 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5572 if (!hdr) { 5573 nlmsg_free(msg); 5574 return; 5575 } 5576 5577 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5578 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5579 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 5580 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5581 5582 if (genlmsg_end(msg, hdr) < 0) { 5583 nlmsg_free(msg); 5584 return; 5585 } 5586 5587 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5588 nl80211_mlme_mcgrp.id, gfp); 5589 return; 5590 5591 nla_put_failure: 5592 genlmsg_cancel(msg, hdr); 5593 nlmsg_free(msg); 5594 } 5595 5596 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 5597 struct net_device *netdev, const u8 *addr, 5598 gfp_t gfp) 5599 { 5600 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 5601 addr, gfp); 5602 } 5603 5604 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 5605 struct net_device *netdev, const u8 *addr, 5606 gfp_t gfp) 5607 { 5608 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 5609 addr, gfp); 5610 } 5611 5612 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 5613 struct net_device *netdev, const u8 *bssid, 5614 const u8 *req_ie, size_t req_ie_len, 5615 const u8 *resp_ie, size_t resp_ie_len, 5616 u16 status, gfp_t gfp) 5617 { 5618 struct sk_buff *msg; 5619 void *hdr; 5620 5621 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5622 if (!msg) 5623 return; 5624 5625 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 5626 if (!hdr) { 5627 nlmsg_free(msg); 5628 return; 5629 } 5630 5631 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5632 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5633 if (bssid) 5634 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5635 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 5636 if (req_ie) 5637 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5638 if (resp_ie) 5639 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5640 5641 if (genlmsg_end(msg, hdr) < 0) { 5642 nlmsg_free(msg); 5643 return; 5644 } 5645 5646 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5647 nl80211_mlme_mcgrp.id, gfp); 5648 return; 5649 5650 nla_put_failure: 5651 genlmsg_cancel(msg, hdr); 5652 nlmsg_free(msg); 5653 5654 } 5655 5656 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 5657 struct net_device *netdev, const u8 *bssid, 5658 const u8 *req_ie, size_t req_ie_len, 5659 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 5660 { 5661 struct sk_buff *msg; 5662 void *hdr; 5663 5664 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5665 if (!msg) 5666 return; 5667 5668 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 5669 if (!hdr) { 5670 nlmsg_free(msg); 5671 return; 5672 } 5673 5674 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5675 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5676 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5677 if (req_ie) 5678 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5679 if (resp_ie) 5680 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5681 5682 if (genlmsg_end(msg, hdr) < 0) { 5683 nlmsg_free(msg); 5684 return; 5685 } 5686 5687 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5688 nl80211_mlme_mcgrp.id, gfp); 5689 return; 5690 5691 nla_put_failure: 5692 genlmsg_cancel(msg, hdr); 5693 nlmsg_free(msg); 5694 5695 } 5696 5697 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 5698 struct net_device *netdev, u16 reason, 5699 const u8 *ie, size_t ie_len, bool from_ap) 5700 { 5701 struct sk_buff *msg; 5702 void *hdr; 5703 5704 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5705 if (!msg) 5706 return; 5707 5708 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 5709 if (!hdr) { 5710 nlmsg_free(msg); 5711 return; 5712 } 5713 5714 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5715 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5716 if (from_ap && reason) 5717 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 5718 if (from_ap) 5719 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 5720 if (ie) 5721 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 5722 5723 if (genlmsg_end(msg, hdr) < 0) { 5724 nlmsg_free(msg); 5725 return; 5726 } 5727 5728 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5729 nl80211_mlme_mcgrp.id, GFP_KERNEL); 5730 return; 5731 5732 nla_put_failure: 5733 genlmsg_cancel(msg, hdr); 5734 nlmsg_free(msg); 5735 5736 } 5737 5738 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 5739 struct net_device *netdev, const u8 *bssid, 5740 gfp_t gfp) 5741 { 5742 struct sk_buff *msg; 5743 void *hdr; 5744 5745 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5746 if (!msg) 5747 return; 5748 5749 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 5750 if (!hdr) { 5751 nlmsg_free(msg); 5752 return; 5753 } 5754 5755 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5756 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5757 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5758 5759 if (genlmsg_end(msg, hdr) < 0) { 5760 nlmsg_free(msg); 5761 return; 5762 } 5763 5764 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5765 nl80211_mlme_mcgrp.id, gfp); 5766 return; 5767 5768 nla_put_failure: 5769 genlmsg_cancel(msg, hdr); 5770 nlmsg_free(msg); 5771 } 5772 5773 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5774 struct net_device *netdev, const u8 *addr, 5775 enum nl80211_key_type key_type, int key_id, 5776 const u8 *tsc, gfp_t gfp) 5777 { 5778 struct sk_buff *msg; 5779 void *hdr; 5780 5781 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5782 if (!msg) 5783 return; 5784 5785 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 5786 if (!hdr) { 5787 nlmsg_free(msg); 5788 return; 5789 } 5790 5791 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5792 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5793 if (addr) 5794 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5795 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 5796 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 5797 if (tsc) 5798 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 5799 5800 if (genlmsg_end(msg, hdr) < 0) { 5801 nlmsg_free(msg); 5802 return; 5803 } 5804 5805 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5806 nl80211_mlme_mcgrp.id, gfp); 5807 return; 5808 5809 nla_put_failure: 5810 genlmsg_cancel(msg, hdr); 5811 nlmsg_free(msg); 5812 } 5813 5814 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 5815 struct ieee80211_channel *channel_before, 5816 struct ieee80211_channel *channel_after) 5817 { 5818 struct sk_buff *msg; 5819 void *hdr; 5820 struct nlattr *nl_freq; 5821 5822 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 5823 if (!msg) 5824 return; 5825 5826 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 5827 if (!hdr) { 5828 nlmsg_free(msg); 5829 return; 5830 } 5831 5832 /* 5833 * Since we are applying the beacon hint to a wiphy we know its 5834 * wiphy_idx is valid 5835 */ 5836 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 5837 5838 /* Before */ 5839 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 5840 if (!nl_freq) 5841 goto nla_put_failure; 5842 if (nl80211_msg_put_channel(msg, channel_before)) 5843 goto nla_put_failure; 5844 nla_nest_end(msg, nl_freq); 5845 5846 /* After */ 5847 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 5848 if (!nl_freq) 5849 goto nla_put_failure; 5850 if (nl80211_msg_put_channel(msg, channel_after)) 5851 goto nla_put_failure; 5852 nla_nest_end(msg, nl_freq); 5853 5854 if (genlmsg_end(msg, hdr) < 0) { 5855 nlmsg_free(msg); 5856 return; 5857 } 5858 5859 rcu_read_lock(); 5860 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5861 GFP_ATOMIC); 5862 rcu_read_unlock(); 5863 5864 return; 5865 5866 nla_put_failure: 5867 genlmsg_cancel(msg, hdr); 5868 nlmsg_free(msg); 5869 } 5870 5871 static void nl80211_send_remain_on_chan_event( 5872 int cmd, struct cfg80211_registered_device *rdev, 5873 struct net_device *netdev, u64 cookie, 5874 struct ieee80211_channel *chan, 5875 enum nl80211_channel_type channel_type, 5876 unsigned int duration, gfp_t gfp) 5877 { 5878 struct sk_buff *msg; 5879 void *hdr; 5880 5881 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5882 if (!msg) 5883 return; 5884 5885 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5886 if (!hdr) { 5887 nlmsg_free(msg); 5888 return; 5889 } 5890 5891 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5892 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5893 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 5894 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 5895 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5896 5897 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 5898 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5899 5900 if (genlmsg_end(msg, hdr) < 0) { 5901 nlmsg_free(msg); 5902 return; 5903 } 5904 5905 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5906 nl80211_mlme_mcgrp.id, gfp); 5907 return; 5908 5909 nla_put_failure: 5910 genlmsg_cancel(msg, hdr); 5911 nlmsg_free(msg); 5912 } 5913 5914 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 5915 struct net_device *netdev, u64 cookie, 5916 struct ieee80211_channel *chan, 5917 enum nl80211_channel_type channel_type, 5918 unsigned int duration, gfp_t gfp) 5919 { 5920 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 5921 rdev, netdev, cookie, chan, 5922 channel_type, duration, gfp); 5923 } 5924 5925 void nl80211_send_remain_on_channel_cancel( 5926 struct cfg80211_registered_device *rdev, struct net_device *netdev, 5927 u64 cookie, struct ieee80211_channel *chan, 5928 enum nl80211_channel_type channel_type, gfp_t gfp) 5929 { 5930 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5931 rdev, netdev, cookie, chan, 5932 channel_type, 0, gfp); 5933 } 5934 5935 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 5936 struct net_device *dev, const u8 *mac_addr, 5937 struct station_info *sinfo, gfp_t gfp) 5938 { 5939 struct sk_buff *msg; 5940 5941 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5942 if (!msg) 5943 return; 5944 5945 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) { 5946 nlmsg_free(msg); 5947 return; 5948 } 5949 5950 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5951 nl80211_mlme_mcgrp.id, gfp); 5952 } 5953 5954 int nl80211_send_action(struct cfg80211_registered_device *rdev, 5955 struct net_device *netdev, u32 nlpid, 5956 int freq, const u8 *buf, size_t len, gfp_t gfp) 5957 { 5958 struct sk_buff *msg; 5959 void *hdr; 5960 int err; 5961 5962 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5963 if (!msg) 5964 return -ENOMEM; 5965 5966 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION); 5967 if (!hdr) { 5968 nlmsg_free(msg); 5969 return -ENOMEM; 5970 } 5971 5972 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5973 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5974 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5975 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5976 5977 err = genlmsg_end(msg, hdr); 5978 if (err < 0) { 5979 nlmsg_free(msg); 5980 return err; 5981 } 5982 5983 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 5984 if (err < 0) 5985 return err; 5986 return 0; 5987 5988 nla_put_failure: 5989 genlmsg_cancel(msg, hdr); 5990 nlmsg_free(msg); 5991 return -ENOBUFS; 5992 } 5993 5994 void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev, 5995 struct net_device *netdev, u64 cookie, 5996 const u8 *buf, size_t len, bool ack, 5997 gfp_t gfp) 5998 { 5999 struct sk_buff *msg; 6000 void *hdr; 6001 6002 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6003 if (!msg) 6004 return; 6005 6006 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS); 6007 if (!hdr) { 6008 nlmsg_free(msg); 6009 return; 6010 } 6011 6012 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6013 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6014 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6015 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6016 if (ack) 6017 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 6018 6019 if (genlmsg_end(msg, hdr) < 0) { 6020 nlmsg_free(msg); 6021 return; 6022 } 6023 6024 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 6025 return; 6026 6027 nla_put_failure: 6028 genlmsg_cancel(msg, hdr); 6029 nlmsg_free(msg); 6030 } 6031 6032 void 6033 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 6034 struct net_device *netdev, 6035 enum nl80211_cqm_rssi_threshold_event rssi_event, 6036 gfp_t gfp) 6037 { 6038 struct sk_buff *msg; 6039 struct nlattr *pinfoattr; 6040 void *hdr; 6041 6042 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6043 if (!msg) 6044 return; 6045 6046 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 6047 if (!hdr) { 6048 nlmsg_free(msg); 6049 return; 6050 } 6051 6052 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6053 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6054 6055 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 6056 if (!pinfoattr) 6057 goto nla_put_failure; 6058 6059 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 6060 rssi_event); 6061 6062 nla_nest_end(msg, pinfoattr); 6063 6064 if (genlmsg_end(msg, hdr) < 0) { 6065 nlmsg_free(msg); 6066 return; 6067 } 6068 6069 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6070 nl80211_mlme_mcgrp.id, gfp); 6071 return; 6072 6073 nla_put_failure: 6074 genlmsg_cancel(msg, hdr); 6075 nlmsg_free(msg); 6076 } 6077 6078 static int nl80211_netlink_notify(struct notifier_block * nb, 6079 unsigned long state, 6080 void *_notify) 6081 { 6082 struct netlink_notify *notify = _notify; 6083 struct cfg80211_registered_device *rdev; 6084 struct wireless_dev *wdev; 6085 6086 if (state != NETLINK_URELEASE) 6087 return NOTIFY_DONE; 6088 6089 rcu_read_lock(); 6090 6091 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) 6092 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 6093 cfg80211_mlme_unregister_actions(wdev, notify->pid); 6094 6095 rcu_read_unlock(); 6096 6097 return NOTIFY_DONE; 6098 } 6099 6100 static struct notifier_block nl80211_netlink_notifier = { 6101 .notifier_call = nl80211_netlink_notify, 6102 }; 6103 6104 /* initialisation/exit functions */ 6105 6106 int nl80211_init(void) 6107 { 6108 int err; 6109 6110 err = genl_register_family_with_ops(&nl80211_fam, 6111 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 6112 if (err) 6113 return err; 6114 6115 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 6116 if (err) 6117 goto err_out; 6118 6119 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 6120 if (err) 6121 goto err_out; 6122 6123 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 6124 if (err) 6125 goto err_out; 6126 6127 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 6128 if (err) 6129 goto err_out; 6130 6131 #ifdef CONFIG_NL80211_TESTMODE 6132 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 6133 if (err) 6134 goto err_out; 6135 #endif 6136 6137 err = netlink_register_notifier(&nl80211_netlink_notifier); 6138 if (err) 6139 goto err_out; 6140 6141 return 0; 6142 err_out: 6143 genl_unregister_family(&nl80211_fam); 6144 return err; 6145 } 6146 6147 void nl80211_exit(void) 6148 { 6149 netlink_unregister_notifier(&nl80211_netlink_notifier); 6150 genl_unregister_family(&nl80211_fam); 6151 } 6152