1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 /* the netlink family */ 27 static struct genl_family nl80211_fam = { 28 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 29 .name = "nl80211", /* have users key off the name instead */ 30 .hdrsize = 0, /* no private header */ 31 .version = 1, /* no particular meaning now */ 32 .maxattr = NL80211_ATTR_MAX, 33 .netnsok = true, 34 }; 35 36 /* internal helper: get rdev and dev */ 37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info, 38 struct cfg80211_registered_device **rdev, 39 struct net_device **dev) 40 { 41 struct nlattr **attrs = info->attrs; 42 int ifindex; 43 44 if (!attrs[NL80211_ATTR_IFINDEX]) 45 return -EINVAL; 46 47 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 48 *dev = dev_get_by_index(genl_info_net(info), ifindex); 49 if (!*dev) 50 return -ENODEV; 51 52 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex); 53 if (IS_ERR(*rdev)) { 54 dev_put(*dev); 55 return PTR_ERR(*rdev); 56 } 57 58 return 0; 59 } 60 61 /* policy for the attributes */ 62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 65 .len = 20-1 }, 66 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 67 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 68 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 69 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 74 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 77 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 78 79 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN }, 80 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN }, 81 82 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 83 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 84 .len = WLAN_MAX_KEY_LEN }, 85 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 86 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 87 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 88 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 89 90 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 91 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 92 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 93 .len = IEEE80211_MAX_DATA_LEN }, 94 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 95 .len = IEEE80211_MAX_DATA_LEN }, 96 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 97 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 98 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 99 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 100 .len = NL80211_MAX_SUPP_RATES }, 101 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 102 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 103 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 104 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 105 .len = IEEE80211_MAX_MESH_ID_LEN }, 106 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 107 108 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 109 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 110 111 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 112 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 113 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 114 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 115 .len = NL80211_MAX_SUPP_RATES }, 116 117 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED }, 118 119 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 120 .len = NL80211_HT_CAPABILITY_LEN }, 121 122 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 123 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 124 .len = IEEE80211_MAX_DATA_LEN }, 125 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 127 128 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 129 .len = IEEE80211_MAX_SSID_LEN }, 130 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 131 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 132 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 134 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 135 [NL80211_ATTR_STA_FLAGS2] = { 136 .len = sizeof(struct nl80211_sta_flag_update), 137 }, 138 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 139 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 145 .len = WLAN_PMKID_LEN }, 146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 150 .len = IEEE80211_MAX_DATA_LEN }, 151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 153 }; 154 155 /* policy for the attributes */ 156 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 157 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 158 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 159 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 160 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 161 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 162 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 163 }; 164 165 /* ifidx get helper */ 166 static int nl80211_get_ifidx(struct netlink_callback *cb) 167 { 168 int res; 169 170 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 171 nl80211_fam.attrbuf, nl80211_fam.maxattr, 172 nl80211_policy); 173 if (res) 174 return res; 175 176 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 177 return -EINVAL; 178 179 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 180 if (!res) 181 return -EINVAL; 182 return res; 183 } 184 185 /* IE validation */ 186 static bool is_valid_ie_attr(const struct nlattr *attr) 187 { 188 const u8 *pos; 189 int len; 190 191 if (!attr) 192 return true; 193 194 pos = nla_data(attr); 195 len = nla_len(attr); 196 197 while (len) { 198 u8 elemlen; 199 200 if (len < 2) 201 return false; 202 len -= 2; 203 204 elemlen = pos[1]; 205 if (elemlen > len) 206 return false; 207 208 len -= elemlen; 209 pos += 2 + elemlen; 210 } 211 212 return true; 213 } 214 215 /* message building helper */ 216 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 217 int flags, u8 cmd) 218 { 219 /* since there is no private header just add the generic one */ 220 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 221 } 222 223 static int nl80211_msg_put_channel(struct sk_buff *msg, 224 struct ieee80211_channel *chan) 225 { 226 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 227 chan->center_freq); 228 229 if (chan->flags & IEEE80211_CHAN_DISABLED) 230 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 231 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 232 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 233 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 234 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 235 if (chan->flags & IEEE80211_CHAN_RADAR) 236 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 237 238 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 239 DBM_TO_MBM(chan->max_power)); 240 241 return 0; 242 243 nla_put_failure: 244 return -ENOBUFS; 245 } 246 247 /* netlink command implementations */ 248 249 struct key_parse { 250 struct key_params p; 251 int idx; 252 bool def, defmgmt; 253 }; 254 255 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 256 { 257 struct nlattr *tb[NL80211_KEY_MAX + 1]; 258 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 259 nl80211_key_policy); 260 if (err) 261 return err; 262 263 k->def = !!tb[NL80211_KEY_DEFAULT]; 264 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 265 266 if (tb[NL80211_KEY_IDX]) 267 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 268 269 if (tb[NL80211_KEY_DATA]) { 270 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 271 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 272 } 273 274 if (tb[NL80211_KEY_SEQ]) { 275 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 276 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 277 } 278 279 if (tb[NL80211_KEY_CIPHER]) 280 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 281 282 return 0; 283 } 284 285 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 286 { 287 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 288 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 289 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 290 } 291 292 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 293 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 294 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 295 } 296 297 if (info->attrs[NL80211_ATTR_KEY_IDX]) 298 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 299 300 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 301 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 302 303 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 304 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 305 306 return 0; 307 } 308 309 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 310 { 311 int err; 312 313 memset(k, 0, sizeof(*k)); 314 k->idx = -1; 315 316 if (info->attrs[NL80211_ATTR_KEY]) 317 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 318 else 319 err = nl80211_parse_key_old(info, k); 320 321 if (err) 322 return err; 323 324 if (k->def && k->defmgmt) 325 return -EINVAL; 326 327 if (k->idx != -1) { 328 if (k->defmgmt) { 329 if (k->idx < 4 || k->idx > 5) 330 return -EINVAL; 331 } else if (k->def) { 332 if (k->idx < 0 || k->idx > 3) 333 return -EINVAL; 334 } else { 335 if (k->idx < 0 || k->idx > 5) 336 return -EINVAL; 337 } 338 } 339 340 return 0; 341 } 342 343 static struct cfg80211_cached_keys * 344 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 345 struct nlattr *keys) 346 { 347 struct key_parse parse; 348 struct nlattr *key; 349 struct cfg80211_cached_keys *result; 350 int rem, err, def = 0; 351 352 result = kzalloc(sizeof(*result), GFP_KERNEL); 353 if (!result) 354 return ERR_PTR(-ENOMEM); 355 356 result->def = -1; 357 result->defmgmt = -1; 358 359 nla_for_each_nested(key, keys, rem) { 360 memset(&parse, 0, sizeof(parse)); 361 parse.idx = -1; 362 363 err = nl80211_parse_key_new(key, &parse); 364 if (err) 365 goto error; 366 err = -EINVAL; 367 if (!parse.p.key) 368 goto error; 369 if (parse.idx < 0 || parse.idx > 4) 370 goto error; 371 if (parse.def) { 372 if (def) 373 goto error; 374 def = 1; 375 result->def = parse.idx; 376 } else if (parse.defmgmt) 377 goto error; 378 err = cfg80211_validate_key_settings(rdev, &parse.p, 379 parse.idx, NULL); 380 if (err) 381 goto error; 382 result->params[parse.idx].cipher = parse.p.cipher; 383 result->params[parse.idx].key_len = parse.p.key_len; 384 result->params[parse.idx].key = result->data[parse.idx]; 385 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 386 } 387 388 return result; 389 error: 390 kfree(result); 391 return ERR_PTR(err); 392 } 393 394 static int nl80211_key_allowed(struct wireless_dev *wdev) 395 { 396 ASSERT_WDEV_LOCK(wdev); 397 398 if (!netif_running(wdev->netdev)) 399 return -ENETDOWN; 400 401 switch (wdev->iftype) { 402 case NL80211_IFTYPE_AP: 403 case NL80211_IFTYPE_AP_VLAN: 404 break; 405 case NL80211_IFTYPE_ADHOC: 406 if (!wdev->current_bss) 407 return -ENOLINK; 408 break; 409 case NL80211_IFTYPE_STATION: 410 if (wdev->sme_state != CFG80211_SME_CONNECTED) 411 return -ENOLINK; 412 break; 413 default: 414 return -EINVAL; 415 } 416 417 return 0; 418 } 419 420 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 421 struct cfg80211_registered_device *dev) 422 { 423 void *hdr; 424 struct nlattr *nl_bands, *nl_band; 425 struct nlattr *nl_freqs, *nl_freq; 426 struct nlattr *nl_rates, *nl_rate; 427 struct nlattr *nl_modes; 428 struct nlattr *nl_cmds; 429 enum ieee80211_band band; 430 struct ieee80211_channel *chan; 431 struct ieee80211_rate *rate; 432 int i; 433 u16 ifmodes = dev->wiphy.interface_modes; 434 435 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 436 if (!hdr) 437 return -1; 438 439 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 440 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 441 442 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 443 cfg80211_rdev_list_generation); 444 445 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 446 dev->wiphy.retry_short); 447 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 448 dev->wiphy.retry_long); 449 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 450 dev->wiphy.frag_threshold); 451 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 452 dev->wiphy.rts_threshold); 453 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 454 dev->wiphy.coverage_class); 455 456 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 457 dev->wiphy.max_scan_ssids); 458 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 459 dev->wiphy.max_scan_ie_len); 460 461 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 462 sizeof(u32) * dev->wiphy.n_cipher_suites, 463 dev->wiphy.cipher_suites); 464 465 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 466 dev->wiphy.max_num_pmkids); 467 468 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 469 if (!nl_modes) 470 goto nla_put_failure; 471 472 i = 0; 473 while (ifmodes) { 474 if (ifmodes & 1) 475 NLA_PUT_FLAG(msg, i); 476 ifmodes >>= 1; 477 i++; 478 } 479 480 nla_nest_end(msg, nl_modes); 481 482 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 483 if (!nl_bands) 484 goto nla_put_failure; 485 486 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 487 if (!dev->wiphy.bands[band]) 488 continue; 489 490 nl_band = nla_nest_start(msg, band); 491 if (!nl_band) 492 goto nla_put_failure; 493 494 /* add HT info */ 495 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 496 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 497 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 498 &dev->wiphy.bands[band]->ht_cap.mcs); 499 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 500 dev->wiphy.bands[band]->ht_cap.cap); 501 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 502 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 503 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 504 dev->wiphy.bands[band]->ht_cap.ampdu_density); 505 } 506 507 /* add frequencies */ 508 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 509 if (!nl_freqs) 510 goto nla_put_failure; 511 512 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 513 nl_freq = nla_nest_start(msg, i); 514 if (!nl_freq) 515 goto nla_put_failure; 516 517 chan = &dev->wiphy.bands[band]->channels[i]; 518 519 if (nl80211_msg_put_channel(msg, chan)) 520 goto nla_put_failure; 521 522 nla_nest_end(msg, nl_freq); 523 } 524 525 nla_nest_end(msg, nl_freqs); 526 527 /* add bitrates */ 528 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 529 if (!nl_rates) 530 goto nla_put_failure; 531 532 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 533 nl_rate = nla_nest_start(msg, i); 534 if (!nl_rate) 535 goto nla_put_failure; 536 537 rate = &dev->wiphy.bands[band]->bitrates[i]; 538 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 539 rate->bitrate); 540 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 541 NLA_PUT_FLAG(msg, 542 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 543 544 nla_nest_end(msg, nl_rate); 545 } 546 547 nla_nest_end(msg, nl_rates); 548 549 nla_nest_end(msg, nl_band); 550 } 551 nla_nest_end(msg, nl_bands); 552 553 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 554 if (!nl_cmds) 555 goto nla_put_failure; 556 557 i = 0; 558 #define CMD(op, n) \ 559 do { \ 560 if (dev->ops->op) { \ 561 i++; \ 562 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 563 } \ 564 } while (0) 565 566 CMD(add_virtual_intf, NEW_INTERFACE); 567 CMD(change_virtual_intf, SET_INTERFACE); 568 CMD(add_key, NEW_KEY); 569 CMD(add_beacon, NEW_BEACON); 570 CMD(add_station, NEW_STATION); 571 CMD(add_mpath, NEW_MPATH); 572 CMD(set_mesh_params, SET_MESH_PARAMS); 573 CMD(change_bss, SET_BSS); 574 CMD(auth, AUTHENTICATE); 575 CMD(assoc, ASSOCIATE); 576 CMD(deauth, DEAUTHENTICATE); 577 CMD(disassoc, DISASSOCIATE); 578 CMD(join_ibss, JOIN_IBSS); 579 CMD(set_pmksa, SET_PMKSA); 580 CMD(del_pmksa, DEL_PMKSA); 581 CMD(flush_pmksa, FLUSH_PMKSA); 582 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 583 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 584 CMD(action, ACTION); 585 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 586 i++; 587 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 588 } 589 590 #undef CMD 591 592 if (dev->ops->connect || dev->ops->auth) { 593 i++; 594 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 595 } 596 597 if (dev->ops->disconnect || dev->ops->deauth) { 598 i++; 599 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 600 } 601 602 nla_nest_end(msg, nl_cmds); 603 604 return genlmsg_end(msg, hdr); 605 606 nla_put_failure: 607 genlmsg_cancel(msg, hdr); 608 return -EMSGSIZE; 609 } 610 611 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 612 { 613 int idx = 0; 614 int start = cb->args[0]; 615 struct cfg80211_registered_device *dev; 616 617 mutex_lock(&cfg80211_mutex); 618 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 619 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 620 continue; 621 if (++idx <= start) 622 continue; 623 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 624 cb->nlh->nlmsg_seq, NLM_F_MULTI, 625 dev) < 0) { 626 idx--; 627 break; 628 } 629 } 630 mutex_unlock(&cfg80211_mutex); 631 632 cb->args[0] = idx; 633 634 return skb->len; 635 } 636 637 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 638 { 639 struct sk_buff *msg; 640 struct cfg80211_registered_device *dev; 641 642 dev = cfg80211_get_dev_from_info(info); 643 if (IS_ERR(dev)) 644 return PTR_ERR(dev); 645 646 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 647 if (!msg) 648 goto out_err; 649 650 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) 651 goto out_free; 652 653 cfg80211_unlock_rdev(dev); 654 655 return genlmsg_reply(msg, info); 656 657 out_free: 658 nlmsg_free(msg); 659 out_err: 660 cfg80211_unlock_rdev(dev); 661 return -ENOBUFS; 662 } 663 664 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 665 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 666 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 667 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 668 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 669 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 670 }; 671 672 static int parse_txq_params(struct nlattr *tb[], 673 struct ieee80211_txq_params *txq_params) 674 { 675 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 676 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 677 !tb[NL80211_TXQ_ATTR_AIFS]) 678 return -EINVAL; 679 680 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 681 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 682 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 683 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 684 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 685 686 return 0; 687 } 688 689 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 690 { 691 struct cfg80211_registered_device *rdev; 692 int result = 0, rem_txq_params = 0; 693 struct nlattr *nl_txq_params; 694 u32 changed; 695 u8 retry_short = 0, retry_long = 0; 696 u32 frag_threshold = 0, rts_threshold = 0; 697 u8 coverage_class = 0; 698 699 rtnl_lock(); 700 701 mutex_lock(&cfg80211_mutex); 702 703 rdev = __cfg80211_rdev_from_info(info); 704 if (IS_ERR(rdev)) { 705 mutex_unlock(&cfg80211_mutex); 706 result = PTR_ERR(rdev); 707 goto unlock; 708 } 709 710 mutex_lock(&rdev->mtx); 711 712 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 713 result = cfg80211_dev_rename( 714 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 715 716 mutex_unlock(&cfg80211_mutex); 717 718 if (result) 719 goto bad_res; 720 721 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 722 struct ieee80211_txq_params txq_params; 723 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 724 725 if (!rdev->ops->set_txq_params) { 726 result = -EOPNOTSUPP; 727 goto bad_res; 728 } 729 730 nla_for_each_nested(nl_txq_params, 731 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 732 rem_txq_params) { 733 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 734 nla_data(nl_txq_params), 735 nla_len(nl_txq_params), 736 txq_params_policy); 737 result = parse_txq_params(tb, &txq_params); 738 if (result) 739 goto bad_res; 740 741 result = rdev->ops->set_txq_params(&rdev->wiphy, 742 &txq_params); 743 if (result) 744 goto bad_res; 745 } 746 } 747 748 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 749 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 750 u32 freq; 751 752 result = -EINVAL; 753 754 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 755 channel_type = nla_get_u32(info->attrs[ 756 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 757 if (channel_type != NL80211_CHAN_NO_HT && 758 channel_type != NL80211_CHAN_HT20 && 759 channel_type != NL80211_CHAN_HT40PLUS && 760 channel_type != NL80211_CHAN_HT40MINUS) 761 goto bad_res; 762 } 763 764 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 765 766 mutex_lock(&rdev->devlist_mtx); 767 result = rdev_set_freq(rdev, NULL, freq, channel_type); 768 mutex_unlock(&rdev->devlist_mtx); 769 if (result) 770 goto bad_res; 771 } 772 773 changed = 0; 774 775 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 776 retry_short = nla_get_u8( 777 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 778 if (retry_short == 0) { 779 result = -EINVAL; 780 goto bad_res; 781 } 782 changed |= WIPHY_PARAM_RETRY_SHORT; 783 } 784 785 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 786 retry_long = nla_get_u8( 787 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 788 if (retry_long == 0) { 789 result = -EINVAL; 790 goto bad_res; 791 } 792 changed |= WIPHY_PARAM_RETRY_LONG; 793 } 794 795 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 796 frag_threshold = nla_get_u32( 797 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 798 if (frag_threshold < 256) { 799 result = -EINVAL; 800 goto bad_res; 801 } 802 if (frag_threshold != (u32) -1) { 803 /* 804 * Fragments (apart from the last one) are required to 805 * have even length. Make the fragmentation code 806 * simpler by stripping LSB should someone try to use 807 * odd threshold value. 808 */ 809 frag_threshold &= ~0x1; 810 } 811 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 812 } 813 814 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 815 rts_threshold = nla_get_u32( 816 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 817 changed |= WIPHY_PARAM_RTS_THRESHOLD; 818 } 819 820 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 821 coverage_class = nla_get_u8( 822 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 823 changed |= WIPHY_PARAM_COVERAGE_CLASS; 824 } 825 826 if (changed) { 827 u8 old_retry_short, old_retry_long; 828 u32 old_frag_threshold, old_rts_threshold; 829 u8 old_coverage_class; 830 831 if (!rdev->ops->set_wiphy_params) { 832 result = -EOPNOTSUPP; 833 goto bad_res; 834 } 835 836 old_retry_short = rdev->wiphy.retry_short; 837 old_retry_long = rdev->wiphy.retry_long; 838 old_frag_threshold = rdev->wiphy.frag_threshold; 839 old_rts_threshold = rdev->wiphy.rts_threshold; 840 old_coverage_class = rdev->wiphy.coverage_class; 841 842 if (changed & WIPHY_PARAM_RETRY_SHORT) 843 rdev->wiphy.retry_short = retry_short; 844 if (changed & WIPHY_PARAM_RETRY_LONG) 845 rdev->wiphy.retry_long = retry_long; 846 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 847 rdev->wiphy.frag_threshold = frag_threshold; 848 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 849 rdev->wiphy.rts_threshold = rts_threshold; 850 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 851 rdev->wiphy.coverage_class = coverage_class; 852 853 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 854 if (result) { 855 rdev->wiphy.retry_short = old_retry_short; 856 rdev->wiphy.retry_long = old_retry_long; 857 rdev->wiphy.frag_threshold = old_frag_threshold; 858 rdev->wiphy.rts_threshold = old_rts_threshold; 859 rdev->wiphy.coverage_class = old_coverage_class; 860 } 861 } 862 863 bad_res: 864 mutex_unlock(&rdev->mtx); 865 unlock: 866 rtnl_unlock(); 867 return result; 868 } 869 870 871 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 872 struct cfg80211_registered_device *rdev, 873 struct net_device *dev) 874 { 875 void *hdr; 876 877 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 878 if (!hdr) 879 return -1; 880 881 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 882 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 883 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 884 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 885 886 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 887 rdev->devlist_generation ^ 888 (cfg80211_rdev_list_generation << 2)); 889 890 return genlmsg_end(msg, hdr); 891 892 nla_put_failure: 893 genlmsg_cancel(msg, hdr); 894 return -EMSGSIZE; 895 } 896 897 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 898 { 899 int wp_idx = 0; 900 int if_idx = 0; 901 int wp_start = cb->args[0]; 902 int if_start = cb->args[1]; 903 struct cfg80211_registered_device *rdev; 904 struct wireless_dev *wdev; 905 906 mutex_lock(&cfg80211_mutex); 907 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 908 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 909 continue; 910 if (wp_idx < wp_start) { 911 wp_idx++; 912 continue; 913 } 914 if_idx = 0; 915 916 mutex_lock(&rdev->devlist_mtx); 917 list_for_each_entry(wdev, &rdev->netdev_list, list) { 918 if (if_idx < if_start) { 919 if_idx++; 920 continue; 921 } 922 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 923 cb->nlh->nlmsg_seq, NLM_F_MULTI, 924 rdev, wdev->netdev) < 0) { 925 mutex_unlock(&rdev->devlist_mtx); 926 goto out; 927 } 928 if_idx++; 929 } 930 mutex_unlock(&rdev->devlist_mtx); 931 932 wp_idx++; 933 } 934 out: 935 mutex_unlock(&cfg80211_mutex); 936 937 cb->args[0] = wp_idx; 938 cb->args[1] = if_idx; 939 940 return skb->len; 941 } 942 943 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 944 { 945 struct sk_buff *msg; 946 struct cfg80211_registered_device *dev; 947 struct net_device *netdev; 948 int err; 949 950 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev); 951 if (err) 952 return err; 953 954 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 955 if (!msg) 956 goto out_err; 957 958 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 959 dev, netdev) < 0) 960 goto out_free; 961 962 dev_put(netdev); 963 cfg80211_unlock_rdev(dev); 964 965 return genlmsg_reply(msg, info); 966 967 out_free: 968 nlmsg_free(msg); 969 out_err: 970 dev_put(netdev); 971 cfg80211_unlock_rdev(dev); 972 return -ENOBUFS; 973 } 974 975 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 976 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 977 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 978 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 979 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 980 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 981 }; 982 983 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 984 { 985 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 986 int flag; 987 988 *mntrflags = 0; 989 990 if (!nla) 991 return -EINVAL; 992 993 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 994 nla, mntr_flags_policy)) 995 return -EINVAL; 996 997 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 998 if (flags[flag]) 999 *mntrflags |= (1<<flag); 1000 1001 return 0; 1002 } 1003 1004 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1005 struct net_device *netdev, u8 use_4addr, 1006 enum nl80211_iftype iftype) 1007 { 1008 if (!use_4addr) { 1009 if (netdev && netdev->br_port) 1010 return -EBUSY; 1011 return 0; 1012 } 1013 1014 switch (iftype) { 1015 case NL80211_IFTYPE_AP_VLAN: 1016 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1017 return 0; 1018 break; 1019 case NL80211_IFTYPE_STATION: 1020 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1021 return 0; 1022 break; 1023 default: 1024 break; 1025 } 1026 1027 return -EOPNOTSUPP; 1028 } 1029 1030 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1031 { 1032 struct cfg80211_registered_device *rdev; 1033 struct vif_params params; 1034 int err; 1035 enum nl80211_iftype otype, ntype; 1036 struct net_device *dev; 1037 u32 _flags, *flags = NULL; 1038 bool change = false; 1039 1040 memset(¶ms, 0, sizeof(params)); 1041 1042 rtnl_lock(); 1043 1044 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1045 if (err) 1046 goto unlock_rtnl; 1047 1048 otype = ntype = dev->ieee80211_ptr->iftype; 1049 1050 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1051 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1052 if (otype != ntype) 1053 change = true; 1054 if (ntype > NL80211_IFTYPE_MAX) { 1055 err = -EINVAL; 1056 goto unlock; 1057 } 1058 } 1059 1060 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1061 if (ntype != NL80211_IFTYPE_MESH_POINT) { 1062 err = -EINVAL; 1063 goto unlock; 1064 } 1065 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1066 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1067 change = true; 1068 } 1069 1070 if (info->attrs[NL80211_ATTR_4ADDR]) { 1071 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1072 change = true; 1073 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1074 if (err) 1075 goto unlock; 1076 } else { 1077 params.use_4addr = -1; 1078 } 1079 1080 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1081 if (ntype != NL80211_IFTYPE_MONITOR) { 1082 err = -EINVAL; 1083 goto unlock; 1084 } 1085 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1086 &_flags); 1087 if (err) 1088 goto unlock; 1089 1090 flags = &_flags; 1091 change = true; 1092 } 1093 1094 if (change) 1095 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1096 else 1097 err = 0; 1098 1099 if (!err && params.use_4addr != -1) 1100 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1101 1102 unlock: 1103 dev_put(dev); 1104 cfg80211_unlock_rdev(rdev); 1105 unlock_rtnl: 1106 rtnl_unlock(); 1107 return err; 1108 } 1109 1110 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1111 { 1112 struct cfg80211_registered_device *rdev; 1113 struct vif_params params; 1114 int err; 1115 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1116 u32 flags; 1117 1118 memset(¶ms, 0, sizeof(params)); 1119 1120 if (!info->attrs[NL80211_ATTR_IFNAME]) 1121 return -EINVAL; 1122 1123 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1124 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1125 if (type > NL80211_IFTYPE_MAX) 1126 return -EINVAL; 1127 } 1128 1129 rtnl_lock(); 1130 1131 rdev = cfg80211_get_dev_from_info(info); 1132 if (IS_ERR(rdev)) { 1133 err = PTR_ERR(rdev); 1134 goto unlock_rtnl; 1135 } 1136 1137 if (!rdev->ops->add_virtual_intf || 1138 !(rdev->wiphy.interface_modes & (1 << type))) { 1139 err = -EOPNOTSUPP; 1140 goto unlock; 1141 } 1142 1143 if (type == NL80211_IFTYPE_MESH_POINT && 1144 info->attrs[NL80211_ATTR_MESH_ID]) { 1145 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1146 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1147 } 1148 1149 if (info->attrs[NL80211_ATTR_4ADDR]) { 1150 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1151 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1152 if (err) 1153 goto unlock; 1154 } 1155 1156 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1157 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1158 &flags); 1159 err = rdev->ops->add_virtual_intf(&rdev->wiphy, 1160 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1161 type, err ? NULL : &flags, ¶ms); 1162 1163 unlock: 1164 cfg80211_unlock_rdev(rdev); 1165 unlock_rtnl: 1166 rtnl_unlock(); 1167 return err; 1168 } 1169 1170 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1171 { 1172 struct cfg80211_registered_device *rdev; 1173 int err; 1174 struct net_device *dev; 1175 1176 rtnl_lock(); 1177 1178 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1179 if (err) 1180 goto unlock_rtnl; 1181 1182 if (!rdev->ops->del_virtual_intf) { 1183 err = -EOPNOTSUPP; 1184 goto out; 1185 } 1186 1187 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1188 1189 out: 1190 cfg80211_unlock_rdev(rdev); 1191 dev_put(dev); 1192 unlock_rtnl: 1193 rtnl_unlock(); 1194 return err; 1195 } 1196 1197 struct get_key_cookie { 1198 struct sk_buff *msg; 1199 int error; 1200 int idx; 1201 }; 1202 1203 static void get_key_callback(void *c, struct key_params *params) 1204 { 1205 struct nlattr *key; 1206 struct get_key_cookie *cookie = c; 1207 1208 if (params->key) 1209 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1210 params->key_len, params->key); 1211 1212 if (params->seq) 1213 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1214 params->seq_len, params->seq); 1215 1216 if (params->cipher) 1217 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1218 params->cipher); 1219 1220 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1221 if (!key) 1222 goto nla_put_failure; 1223 1224 if (params->key) 1225 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1226 params->key_len, params->key); 1227 1228 if (params->seq) 1229 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1230 params->seq_len, params->seq); 1231 1232 if (params->cipher) 1233 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1234 params->cipher); 1235 1236 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1237 1238 nla_nest_end(cookie->msg, key); 1239 1240 return; 1241 nla_put_failure: 1242 cookie->error = 1; 1243 } 1244 1245 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1246 { 1247 struct cfg80211_registered_device *rdev; 1248 int err; 1249 struct net_device *dev; 1250 u8 key_idx = 0; 1251 u8 *mac_addr = NULL; 1252 struct get_key_cookie cookie = { 1253 .error = 0, 1254 }; 1255 void *hdr; 1256 struct sk_buff *msg; 1257 1258 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1259 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1260 1261 if (key_idx > 5) 1262 return -EINVAL; 1263 1264 if (info->attrs[NL80211_ATTR_MAC]) 1265 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1266 1267 rtnl_lock(); 1268 1269 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1270 if (err) 1271 goto unlock_rtnl; 1272 1273 if (!rdev->ops->get_key) { 1274 err = -EOPNOTSUPP; 1275 goto out; 1276 } 1277 1278 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1279 if (!msg) { 1280 err = -ENOMEM; 1281 goto out; 1282 } 1283 1284 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1285 NL80211_CMD_NEW_KEY); 1286 1287 if (IS_ERR(hdr)) { 1288 err = PTR_ERR(hdr); 1289 goto free_msg; 1290 } 1291 1292 cookie.msg = msg; 1293 cookie.idx = key_idx; 1294 1295 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1296 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1297 if (mac_addr) 1298 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1299 1300 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr, 1301 &cookie, get_key_callback); 1302 1303 if (err) 1304 goto free_msg; 1305 1306 if (cookie.error) 1307 goto nla_put_failure; 1308 1309 genlmsg_end(msg, hdr); 1310 err = genlmsg_reply(msg, info); 1311 goto out; 1312 1313 nla_put_failure: 1314 err = -ENOBUFS; 1315 free_msg: 1316 nlmsg_free(msg); 1317 out: 1318 cfg80211_unlock_rdev(rdev); 1319 dev_put(dev); 1320 unlock_rtnl: 1321 rtnl_unlock(); 1322 1323 return err; 1324 } 1325 1326 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1327 { 1328 struct cfg80211_registered_device *rdev; 1329 struct key_parse key; 1330 int err; 1331 struct net_device *dev; 1332 int (*func)(struct wiphy *wiphy, struct net_device *netdev, 1333 u8 key_index); 1334 1335 err = nl80211_parse_key(info, &key); 1336 if (err) 1337 return err; 1338 1339 if (key.idx < 0) 1340 return -EINVAL; 1341 1342 /* only support setting default key */ 1343 if (!key.def && !key.defmgmt) 1344 return -EINVAL; 1345 1346 rtnl_lock(); 1347 1348 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1349 if (err) 1350 goto unlock_rtnl; 1351 1352 if (key.def) 1353 func = rdev->ops->set_default_key; 1354 else 1355 func = rdev->ops->set_default_mgmt_key; 1356 1357 if (!func) { 1358 err = -EOPNOTSUPP; 1359 goto out; 1360 } 1361 1362 wdev_lock(dev->ieee80211_ptr); 1363 err = nl80211_key_allowed(dev->ieee80211_ptr); 1364 if (!err) 1365 err = func(&rdev->wiphy, dev, key.idx); 1366 1367 #ifdef CONFIG_CFG80211_WEXT 1368 if (!err) { 1369 if (func == rdev->ops->set_default_key) 1370 dev->ieee80211_ptr->wext.default_key = key.idx; 1371 else 1372 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1373 } 1374 #endif 1375 wdev_unlock(dev->ieee80211_ptr); 1376 1377 out: 1378 cfg80211_unlock_rdev(rdev); 1379 dev_put(dev); 1380 1381 unlock_rtnl: 1382 rtnl_unlock(); 1383 1384 return err; 1385 } 1386 1387 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1388 { 1389 struct cfg80211_registered_device *rdev; 1390 int err; 1391 struct net_device *dev; 1392 struct key_parse key; 1393 u8 *mac_addr = NULL; 1394 1395 err = nl80211_parse_key(info, &key); 1396 if (err) 1397 return err; 1398 1399 if (!key.p.key) 1400 return -EINVAL; 1401 1402 if (info->attrs[NL80211_ATTR_MAC]) 1403 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1404 1405 rtnl_lock(); 1406 1407 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1408 if (err) 1409 goto unlock_rtnl; 1410 1411 if (!rdev->ops->add_key) { 1412 err = -EOPNOTSUPP; 1413 goto out; 1414 } 1415 1416 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) { 1417 err = -EINVAL; 1418 goto out; 1419 } 1420 1421 wdev_lock(dev->ieee80211_ptr); 1422 err = nl80211_key_allowed(dev->ieee80211_ptr); 1423 if (!err) 1424 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 1425 mac_addr, &key.p); 1426 wdev_unlock(dev->ieee80211_ptr); 1427 1428 out: 1429 cfg80211_unlock_rdev(rdev); 1430 dev_put(dev); 1431 unlock_rtnl: 1432 rtnl_unlock(); 1433 1434 return err; 1435 } 1436 1437 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 1438 { 1439 struct cfg80211_registered_device *rdev; 1440 int err; 1441 struct net_device *dev; 1442 u8 *mac_addr = NULL; 1443 struct key_parse key; 1444 1445 err = nl80211_parse_key(info, &key); 1446 if (err) 1447 return err; 1448 1449 if (info->attrs[NL80211_ATTR_MAC]) 1450 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1451 1452 rtnl_lock(); 1453 1454 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1455 if (err) 1456 goto unlock_rtnl; 1457 1458 if (!rdev->ops->del_key) { 1459 err = -EOPNOTSUPP; 1460 goto out; 1461 } 1462 1463 wdev_lock(dev->ieee80211_ptr); 1464 err = nl80211_key_allowed(dev->ieee80211_ptr); 1465 if (!err) 1466 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1467 1468 #ifdef CONFIG_CFG80211_WEXT 1469 if (!err) { 1470 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1471 dev->ieee80211_ptr->wext.default_key = -1; 1472 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 1473 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 1474 } 1475 #endif 1476 wdev_unlock(dev->ieee80211_ptr); 1477 1478 out: 1479 cfg80211_unlock_rdev(rdev); 1480 dev_put(dev); 1481 1482 unlock_rtnl: 1483 rtnl_unlock(); 1484 1485 return err; 1486 } 1487 1488 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info) 1489 { 1490 int (*call)(struct wiphy *wiphy, struct net_device *dev, 1491 struct beacon_parameters *info); 1492 struct cfg80211_registered_device *rdev; 1493 int err; 1494 struct net_device *dev; 1495 struct beacon_parameters params; 1496 int haveinfo = 0; 1497 1498 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL])) 1499 return -EINVAL; 1500 1501 rtnl_lock(); 1502 1503 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1504 if (err) 1505 goto unlock_rtnl; 1506 1507 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1508 err = -EOPNOTSUPP; 1509 goto out; 1510 } 1511 1512 switch (info->genlhdr->cmd) { 1513 case NL80211_CMD_NEW_BEACON: 1514 /* these are required for NEW_BEACON */ 1515 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 1516 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 1517 !info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1518 err = -EINVAL; 1519 goto out; 1520 } 1521 1522 call = rdev->ops->add_beacon; 1523 break; 1524 case NL80211_CMD_SET_BEACON: 1525 call = rdev->ops->set_beacon; 1526 break; 1527 default: 1528 WARN_ON(1); 1529 err = -EOPNOTSUPP; 1530 goto out; 1531 } 1532 1533 if (!call) { 1534 err = -EOPNOTSUPP; 1535 goto out; 1536 } 1537 1538 memset(¶ms, 0, sizeof(params)); 1539 1540 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 1541 params.interval = 1542 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 1543 haveinfo = 1; 1544 } 1545 1546 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 1547 params.dtim_period = 1548 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 1549 haveinfo = 1; 1550 } 1551 1552 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1553 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1554 params.head_len = 1555 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1556 haveinfo = 1; 1557 } 1558 1559 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 1560 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1561 params.tail_len = 1562 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1563 haveinfo = 1; 1564 } 1565 1566 if (!haveinfo) { 1567 err = -EINVAL; 1568 goto out; 1569 } 1570 1571 err = call(&rdev->wiphy, dev, ¶ms); 1572 1573 out: 1574 cfg80211_unlock_rdev(rdev); 1575 dev_put(dev); 1576 unlock_rtnl: 1577 rtnl_unlock(); 1578 1579 return err; 1580 } 1581 1582 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info) 1583 { 1584 struct cfg80211_registered_device *rdev; 1585 int err; 1586 struct net_device *dev; 1587 1588 rtnl_lock(); 1589 1590 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1591 if (err) 1592 goto unlock_rtnl; 1593 1594 if (!rdev->ops->del_beacon) { 1595 err = -EOPNOTSUPP; 1596 goto out; 1597 } 1598 1599 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1600 err = -EOPNOTSUPP; 1601 goto out; 1602 } 1603 err = rdev->ops->del_beacon(&rdev->wiphy, dev); 1604 1605 out: 1606 cfg80211_unlock_rdev(rdev); 1607 dev_put(dev); 1608 unlock_rtnl: 1609 rtnl_unlock(); 1610 1611 return err; 1612 } 1613 1614 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 1615 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 1616 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1617 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1618 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1619 }; 1620 1621 static int parse_station_flags(struct genl_info *info, 1622 struct station_parameters *params) 1623 { 1624 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 1625 struct nlattr *nla; 1626 int flag; 1627 1628 /* 1629 * Try parsing the new attribute first so userspace 1630 * can specify both for older kernels. 1631 */ 1632 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 1633 if (nla) { 1634 struct nl80211_sta_flag_update *sta_flags; 1635 1636 sta_flags = nla_data(nla); 1637 params->sta_flags_mask = sta_flags->mask; 1638 params->sta_flags_set = sta_flags->set; 1639 if ((params->sta_flags_mask | 1640 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 1641 return -EINVAL; 1642 return 0; 1643 } 1644 1645 /* if present, parse the old attribute */ 1646 1647 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 1648 if (!nla) 1649 return 0; 1650 1651 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 1652 nla, sta_flags_policy)) 1653 return -EINVAL; 1654 1655 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; 1656 params->sta_flags_mask &= ~1; 1657 1658 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 1659 if (flags[flag]) 1660 params->sta_flags_set |= (1<<flag); 1661 1662 return 0; 1663 } 1664 1665 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1666 int flags, struct net_device *dev, 1667 const u8 *mac_addr, struct station_info *sinfo) 1668 { 1669 void *hdr; 1670 struct nlattr *sinfoattr, *txrate; 1671 u16 bitrate; 1672 1673 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 1674 if (!hdr) 1675 return -1; 1676 1677 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1678 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1679 1680 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 1681 1682 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 1683 if (!sinfoattr) 1684 goto nla_put_failure; 1685 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 1686 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 1687 sinfo->inactive_time); 1688 if (sinfo->filled & STATION_INFO_RX_BYTES) 1689 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 1690 sinfo->rx_bytes); 1691 if (sinfo->filled & STATION_INFO_TX_BYTES) 1692 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 1693 sinfo->tx_bytes); 1694 if (sinfo->filled & STATION_INFO_LLID) 1695 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 1696 sinfo->llid); 1697 if (sinfo->filled & STATION_INFO_PLID) 1698 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 1699 sinfo->plid); 1700 if (sinfo->filled & STATION_INFO_PLINK_STATE) 1701 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 1702 sinfo->plink_state); 1703 if (sinfo->filled & STATION_INFO_SIGNAL) 1704 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 1705 sinfo->signal); 1706 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 1707 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE); 1708 if (!txrate) 1709 goto nla_put_failure; 1710 1711 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 1712 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate); 1713 if (bitrate > 0) 1714 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1715 1716 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS) 1717 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, 1718 sinfo->txrate.mcs); 1719 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 1720 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 1721 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI) 1722 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 1723 1724 nla_nest_end(msg, txrate); 1725 } 1726 if (sinfo->filled & STATION_INFO_RX_PACKETS) 1727 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 1728 sinfo->rx_packets); 1729 if (sinfo->filled & STATION_INFO_TX_PACKETS) 1730 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 1731 sinfo->tx_packets); 1732 nla_nest_end(msg, sinfoattr); 1733 1734 return genlmsg_end(msg, hdr); 1735 1736 nla_put_failure: 1737 genlmsg_cancel(msg, hdr); 1738 return -EMSGSIZE; 1739 } 1740 1741 static int nl80211_dump_station(struct sk_buff *skb, 1742 struct netlink_callback *cb) 1743 { 1744 struct station_info sinfo; 1745 struct cfg80211_registered_device *dev; 1746 struct net_device *netdev; 1747 u8 mac_addr[ETH_ALEN]; 1748 int ifidx = cb->args[0]; 1749 int sta_idx = cb->args[1]; 1750 int err; 1751 1752 if (!ifidx) 1753 ifidx = nl80211_get_ifidx(cb); 1754 if (ifidx < 0) 1755 return ifidx; 1756 1757 rtnl_lock(); 1758 1759 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1760 if (!netdev) { 1761 err = -ENODEV; 1762 goto out_rtnl; 1763 } 1764 1765 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 1766 if (IS_ERR(dev)) { 1767 err = PTR_ERR(dev); 1768 goto out_rtnl; 1769 } 1770 1771 if (!dev->ops->dump_station) { 1772 err = -EOPNOTSUPP; 1773 goto out_err; 1774 } 1775 1776 while (1) { 1777 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 1778 mac_addr, &sinfo); 1779 if (err == -ENOENT) 1780 break; 1781 if (err) 1782 goto out_err; 1783 1784 if (nl80211_send_station(skb, 1785 NETLINK_CB(cb->skb).pid, 1786 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1787 netdev, mac_addr, 1788 &sinfo) < 0) 1789 goto out; 1790 1791 sta_idx++; 1792 } 1793 1794 1795 out: 1796 cb->args[1] = sta_idx; 1797 err = skb->len; 1798 out_err: 1799 cfg80211_unlock_rdev(dev); 1800 out_rtnl: 1801 rtnl_unlock(); 1802 1803 return err; 1804 } 1805 1806 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1807 { 1808 struct cfg80211_registered_device *rdev; 1809 int err; 1810 struct net_device *dev; 1811 struct station_info sinfo; 1812 struct sk_buff *msg; 1813 u8 *mac_addr = NULL; 1814 1815 memset(&sinfo, 0, sizeof(sinfo)); 1816 1817 if (!info->attrs[NL80211_ATTR_MAC]) 1818 return -EINVAL; 1819 1820 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1821 1822 rtnl_lock(); 1823 1824 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1825 if (err) 1826 goto out_rtnl; 1827 1828 if (!rdev->ops->get_station) { 1829 err = -EOPNOTSUPP; 1830 goto out; 1831 } 1832 1833 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 1834 if (err) 1835 goto out; 1836 1837 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1838 if (!msg) 1839 goto out; 1840 1841 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 1842 dev, mac_addr, &sinfo) < 0) 1843 goto out_free; 1844 1845 err = genlmsg_reply(msg, info); 1846 goto out; 1847 1848 out_free: 1849 nlmsg_free(msg); 1850 out: 1851 cfg80211_unlock_rdev(rdev); 1852 dev_put(dev); 1853 out_rtnl: 1854 rtnl_unlock(); 1855 1856 return err; 1857 } 1858 1859 /* 1860 * Get vlan interface making sure it is running and on the right wiphy. 1861 */ 1862 static int get_vlan(struct genl_info *info, 1863 struct cfg80211_registered_device *rdev, 1864 struct net_device **vlan) 1865 { 1866 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 1867 *vlan = NULL; 1868 1869 if (vlanattr) { 1870 *vlan = dev_get_by_index(genl_info_net(info), 1871 nla_get_u32(vlanattr)); 1872 if (!*vlan) 1873 return -ENODEV; 1874 if (!(*vlan)->ieee80211_ptr) 1875 return -EINVAL; 1876 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 1877 return -EINVAL; 1878 if (!netif_running(*vlan)) 1879 return -ENETDOWN; 1880 } 1881 return 0; 1882 } 1883 1884 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 1885 { 1886 struct cfg80211_registered_device *rdev; 1887 int err; 1888 struct net_device *dev; 1889 struct station_parameters params; 1890 u8 *mac_addr = NULL; 1891 1892 memset(¶ms, 0, sizeof(params)); 1893 1894 params.listen_interval = -1; 1895 1896 if (info->attrs[NL80211_ATTR_STA_AID]) 1897 return -EINVAL; 1898 1899 if (!info->attrs[NL80211_ATTR_MAC]) 1900 return -EINVAL; 1901 1902 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1903 1904 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 1905 params.supported_rates = 1906 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 1907 params.supported_rates_len = 1908 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 1909 } 1910 1911 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 1912 params.listen_interval = 1913 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 1914 1915 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 1916 params.ht_capa = 1917 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 1918 1919 if (parse_station_flags(info, ¶ms)) 1920 return -EINVAL; 1921 1922 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 1923 params.plink_action = 1924 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 1925 1926 rtnl_lock(); 1927 1928 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1929 if (err) 1930 goto out_rtnl; 1931 1932 err = get_vlan(info, rdev, ¶ms.vlan); 1933 if (err) 1934 goto out; 1935 1936 /* validate settings */ 1937 err = 0; 1938 1939 switch (dev->ieee80211_ptr->iftype) { 1940 case NL80211_IFTYPE_AP: 1941 case NL80211_IFTYPE_AP_VLAN: 1942 /* disallow mesh-specific things */ 1943 if (params.plink_action) 1944 err = -EINVAL; 1945 break; 1946 case NL80211_IFTYPE_STATION: 1947 /* disallow everything but AUTHORIZED flag */ 1948 if (params.plink_action) 1949 err = -EINVAL; 1950 if (params.vlan) 1951 err = -EINVAL; 1952 if (params.supported_rates) 1953 err = -EINVAL; 1954 if (params.ht_capa) 1955 err = -EINVAL; 1956 if (params.listen_interval >= 0) 1957 err = -EINVAL; 1958 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 1959 err = -EINVAL; 1960 break; 1961 case NL80211_IFTYPE_MESH_POINT: 1962 /* disallow things mesh doesn't support */ 1963 if (params.vlan) 1964 err = -EINVAL; 1965 if (params.ht_capa) 1966 err = -EINVAL; 1967 if (params.listen_interval >= 0) 1968 err = -EINVAL; 1969 if (params.supported_rates) 1970 err = -EINVAL; 1971 if (params.sta_flags_mask) 1972 err = -EINVAL; 1973 break; 1974 default: 1975 err = -EINVAL; 1976 } 1977 1978 if (err) 1979 goto out; 1980 1981 if (!rdev->ops->change_station) { 1982 err = -EOPNOTSUPP; 1983 goto out; 1984 } 1985 1986 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 1987 1988 out: 1989 if (params.vlan) 1990 dev_put(params.vlan); 1991 cfg80211_unlock_rdev(rdev); 1992 dev_put(dev); 1993 out_rtnl: 1994 rtnl_unlock(); 1995 1996 return err; 1997 } 1998 1999 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2000 { 2001 struct cfg80211_registered_device *rdev; 2002 int err; 2003 struct net_device *dev; 2004 struct station_parameters params; 2005 u8 *mac_addr = NULL; 2006 2007 memset(¶ms, 0, sizeof(params)); 2008 2009 if (!info->attrs[NL80211_ATTR_MAC]) 2010 return -EINVAL; 2011 2012 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2013 return -EINVAL; 2014 2015 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2016 return -EINVAL; 2017 2018 if (!info->attrs[NL80211_ATTR_STA_AID]) 2019 return -EINVAL; 2020 2021 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2022 params.supported_rates = 2023 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2024 params.supported_rates_len = 2025 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2026 params.listen_interval = 2027 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2028 2029 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2030 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2031 return -EINVAL; 2032 2033 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2034 params.ht_capa = 2035 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2036 2037 if (parse_station_flags(info, ¶ms)) 2038 return -EINVAL; 2039 2040 rtnl_lock(); 2041 2042 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2043 if (err) 2044 goto out_rtnl; 2045 2046 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2047 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2048 err = -EINVAL; 2049 goto out; 2050 } 2051 2052 err = get_vlan(info, rdev, ¶ms.vlan); 2053 if (err) 2054 goto out; 2055 2056 /* validate settings */ 2057 err = 0; 2058 2059 if (!rdev->ops->add_station) { 2060 err = -EOPNOTSUPP; 2061 goto out; 2062 } 2063 2064 if (!netif_running(dev)) { 2065 err = -ENETDOWN; 2066 goto out; 2067 } 2068 2069 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2070 2071 out: 2072 if (params.vlan) 2073 dev_put(params.vlan); 2074 cfg80211_unlock_rdev(rdev); 2075 dev_put(dev); 2076 out_rtnl: 2077 rtnl_unlock(); 2078 2079 return err; 2080 } 2081 2082 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2083 { 2084 struct cfg80211_registered_device *rdev; 2085 int err; 2086 struct net_device *dev; 2087 u8 *mac_addr = NULL; 2088 2089 if (info->attrs[NL80211_ATTR_MAC]) 2090 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2091 2092 rtnl_lock(); 2093 2094 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2095 if (err) 2096 goto out_rtnl; 2097 2098 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2099 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2100 err = -EINVAL; 2101 goto out; 2102 } 2103 2104 if (!rdev->ops->del_station) { 2105 err = -EOPNOTSUPP; 2106 goto out; 2107 } 2108 2109 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2110 2111 out: 2112 cfg80211_unlock_rdev(rdev); 2113 dev_put(dev); 2114 out_rtnl: 2115 rtnl_unlock(); 2116 2117 return err; 2118 } 2119 2120 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2121 int flags, struct net_device *dev, 2122 u8 *dst, u8 *next_hop, 2123 struct mpath_info *pinfo) 2124 { 2125 void *hdr; 2126 struct nlattr *pinfoattr; 2127 2128 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2129 if (!hdr) 2130 return -1; 2131 2132 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2133 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2134 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2135 2136 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2137 2138 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2139 if (!pinfoattr) 2140 goto nla_put_failure; 2141 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2142 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2143 pinfo->frame_qlen); 2144 if (pinfo->filled & MPATH_INFO_SN) 2145 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2146 pinfo->sn); 2147 if (pinfo->filled & MPATH_INFO_METRIC) 2148 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2149 pinfo->metric); 2150 if (pinfo->filled & MPATH_INFO_EXPTIME) 2151 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2152 pinfo->exptime); 2153 if (pinfo->filled & MPATH_INFO_FLAGS) 2154 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2155 pinfo->flags); 2156 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2157 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2158 pinfo->discovery_timeout); 2159 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2160 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2161 pinfo->discovery_retries); 2162 2163 nla_nest_end(msg, pinfoattr); 2164 2165 return genlmsg_end(msg, hdr); 2166 2167 nla_put_failure: 2168 genlmsg_cancel(msg, hdr); 2169 return -EMSGSIZE; 2170 } 2171 2172 static int nl80211_dump_mpath(struct sk_buff *skb, 2173 struct netlink_callback *cb) 2174 { 2175 struct mpath_info pinfo; 2176 struct cfg80211_registered_device *dev; 2177 struct net_device *netdev; 2178 u8 dst[ETH_ALEN]; 2179 u8 next_hop[ETH_ALEN]; 2180 int ifidx = cb->args[0]; 2181 int path_idx = cb->args[1]; 2182 int err; 2183 2184 if (!ifidx) 2185 ifidx = nl80211_get_ifidx(cb); 2186 if (ifidx < 0) 2187 return ifidx; 2188 2189 rtnl_lock(); 2190 2191 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2192 if (!netdev) { 2193 err = -ENODEV; 2194 goto out_rtnl; 2195 } 2196 2197 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 2198 if (IS_ERR(dev)) { 2199 err = PTR_ERR(dev); 2200 goto out_rtnl; 2201 } 2202 2203 if (!dev->ops->dump_mpath) { 2204 err = -EOPNOTSUPP; 2205 goto out_err; 2206 } 2207 2208 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2209 err = -EOPNOTSUPP; 2210 goto out_err; 2211 } 2212 2213 while (1) { 2214 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2215 dst, next_hop, &pinfo); 2216 if (err == -ENOENT) 2217 break; 2218 if (err) 2219 goto out_err; 2220 2221 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2222 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2223 netdev, dst, next_hop, 2224 &pinfo) < 0) 2225 goto out; 2226 2227 path_idx++; 2228 } 2229 2230 2231 out: 2232 cb->args[1] = path_idx; 2233 err = skb->len; 2234 out_err: 2235 cfg80211_unlock_rdev(dev); 2236 out_rtnl: 2237 rtnl_unlock(); 2238 2239 return err; 2240 } 2241 2242 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 2243 { 2244 struct cfg80211_registered_device *rdev; 2245 int err; 2246 struct net_device *dev; 2247 struct mpath_info pinfo; 2248 struct sk_buff *msg; 2249 u8 *dst = NULL; 2250 u8 next_hop[ETH_ALEN]; 2251 2252 memset(&pinfo, 0, sizeof(pinfo)); 2253 2254 if (!info->attrs[NL80211_ATTR_MAC]) 2255 return -EINVAL; 2256 2257 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2258 2259 rtnl_lock(); 2260 2261 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2262 if (err) 2263 goto out_rtnl; 2264 2265 if (!rdev->ops->get_mpath) { 2266 err = -EOPNOTSUPP; 2267 goto out; 2268 } 2269 2270 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2271 err = -EOPNOTSUPP; 2272 goto out; 2273 } 2274 2275 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 2276 if (err) 2277 goto out; 2278 2279 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2280 if (!msg) 2281 goto out; 2282 2283 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 2284 dev, dst, next_hop, &pinfo) < 0) 2285 goto out_free; 2286 2287 err = genlmsg_reply(msg, info); 2288 goto out; 2289 2290 out_free: 2291 nlmsg_free(msg); 2292 out: 2293 cfg80211_unlock_rdev(rdev); 2294 dev_put(dev); 2295 out_rtnl: 2296 rtnl_unlock(); 2297 2298 return err; 2299 } 2300 2301 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 2302 { 2303 struct cfg80211_registered_device *rdev; 2304 int err; 2305 struct net_device *dev; 2306 u8 *dst = NULL; 2307 u8 *next_hop = NULL; 2308 2309 if (!info->attrs[NL80211_ATTR_MAC]) 2310 return -EINVAL; 2311 2312 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2313 return -EINVAL; 2314 2315 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2316 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2317 2318 rtnl_lock(); 2319 2320 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2321 if (err) 2322 goto out_rtnl; 2323 2324 if (!rdev->ops->change_mpath) { 2325 err = -EOPNOTSUPP; 2326 goto out; 2327 } 2328 2329 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2330 err = -EOPNOTSUPP; 2331 goto out; 2332 } 2333 2334 if (!netif_running(dev)) { 2335 err = -ENETDOWN; 2336 goto out; 2337 } 2338 2339 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 2340 2341 out: 2342 cfg80211_unlock_rdev(rdev); 2343 dev_put(dev); 2344 out_rtnl: 2345 rtnl_unlock(); 2346 2347 return err; 2348 } 2349 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 2350 { 2351 struct cfg80211_registered_device *rdev; 2352 int err; 2353 struct net_device *dev; 2354 u8 *dst = NULL; 2355 u8 *next_hop = NULL; 2356 2357 if (!info->attrs[NL80211_ATTR_MAC]) 2358 return -EINVAL; 2359 2360 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2361 return -EINVAL; 2362 2363 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2364 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2365 2366 rtnl_lock(); 2367 2368 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2369 if (err) 2370 goto out_rtnl; 2371 2372 if (!rdev->ops->add_mpath) { 2373 err = -EOPNOTSUPP; 2374 goto out; 2375 } 2376 2377 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2378 err = -EOPNOTSUPP; 2379 goto out; 2380 } 2381 2382 if (!netif_running(dev)) { 2383 err = -ENETDOWN; 2384 goto out; 2385 } 2386 2387 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 2388 2389 out: 2390 cfg80211_unlock_rdev(rdev); 2391 dev_put(dev); 2392 out_rtnl: 2393 rtnl_unlock(); 2394 2395 return err; 2396 } 2397 2398 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 2399 { 2400 struct cfg80211_registered_device *rdev; 2401 int err; 2402 struct net_device *dev; 2403 u8 *dst = NULL; 2404 2405 if (info->attrs[NL80211_ATTR_MAC]) 2406 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2407 2408 rtnl_lock(); 2409 2410 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2411 if (err) 2412 goto out_rtnl; 2413 2414 if (!rdev->ops->del_mpath) { 2415 err = -EOPNOTSUPP; 2416 goto out; 2417 } 2418 2419 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 2420 2421 out: 2422 cfg80211_unlock_rdev(rdev); 2423 dev_put(dev); 2424 out_rtnl: 2425 rtnl_unlock(); 2426 2427 return err; 2428 } 2429 2430 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 2431 { 2432 struct cfg80211_registered_device *rdev; 2433 int err; 2434 struct net_device *dev; 2435 struct bss_parameters params; 2436 2437 memset(¶ms, 0, sizeof(params)); 2438 /* default to not changing parameters */ 2439 params.use_cts_prot = -1; 2440 params.use_short_preamble = -1; 2441 params.use_short_slot_time = -1; 2442 2443 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 2444 params.use_cts_prot = 2445 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 2446 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 2447 params.use_short_preamble = 2448 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 2449 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 2450 params.use_short_slot_time = 2451 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 2452 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 2453 params.basic_rates = 2454 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2455 params.basic_rates_len = 2456 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2457 } 2458 2459 rtnl_lock(); 2460 2461 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2462 if (err) 2463 goto out_rtnl; 2464 2465 if (!rdev->ops->change_bss) { 2466 err = -EOPNOTSUPP; 2467 goto out; 2468 } 2469 2470 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 2471 err = -EOPNOTSUPP; 2472 goto out; 2473 } 2474 2475 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 2476 2477 out: 2478 cfg80211_unlock_rdev(rdev); 2479 dev_put(dev); 2480 out_rtnl: 2481 rtnl_unlock(); 2482 2483 return err; 2484 } 2485 2486 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 2487 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2488 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2489 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2490 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 2491 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 2492 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 2493 }; 2494 2495 static int parse_reg_rule(struct nlattr *tb[], 2496 struct ieee80211_reg_rule *reg_rule) 2497 { 2498 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 2499 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 2500 2501 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 2502 return -EINVAL; 2503 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 2504 return -EINVAL; 2505 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 2506 return -EINVAL; 2507 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 2508 return -EINVAL; 2509 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 2510 return -EINVAL; 2511 2512 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 2513 2514 freq_range->start_freq_khz = 2515 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 2516 freq_range->end_freq_khz = 2517 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 2518 freq_range->max_bandwidth_khz = 2519 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 2520 2521 power_rule->max_eirp = 2522 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 2523 2524 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 2525 power_rule->max_antenna_gain = 2526 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 2527 2528 return 0; 2529 } 2530 2531 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 2532 { 2533 int r; 2534 char *data = NULL; 2535 2536 /* 2537 * You should only get this when cfg80211 hasn't yet initialized 2538 * completely when built-in to the kernel right between the time 2539 * window between nl80211_init() and regulatory_init(), if that is 2540 * even possible. 2541 */ 2542 mutex_lock(&cfg80211_mutex); 2543 if (unlikely(!cfg80211_regdomain)) { 2544 mutex_unlock(&cfg80211_mutex); 2545 return -EINPROGRESS; 2546 } 2547 mutex_unlock(&cfg80211_mutex); 2548 2549 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2550 return -EINVAL; 2551 2552 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2553 2554 r = regulatory_hint_user(data); 2555 2556 return r; 2557 } 2558 2559 static int nl80211_get_mesh_params(struct sk_buff *skb, 2560 struct genl_info *info) 2561 { 2562 struct cfg80211_registered_device *rdev; 2563 struct mesh_config cur_params; 2564 int err; 2565 struct net_device *dev; 2566 void *hdr; 2567 struct nlattr *pinfoattr; 2568 struct sk_buff *msg; 2569 2570 rtnl_lock(); 2571 2572 /* Look up our device */ 2573 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2574 if (err) 2575 goto out_rtnl; 2576 2577 if (!rdev->ops->get_mesh_params) { 2578 err = -EOPNOTSUPP; 2579 goto out; 2580 } 2581 2582 /* Get the mesh params */ 2583 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params); 2584 if (err) 2585 goto out; 2586 2587 /* Draw up a netlink message to send back */ 2588 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2589 if (!msg) { 2590 err = -ENOBUFS; 2591 goto out; 2592 } 2593 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2594 NL80211_CMD_GET_MESH_PARAMS); 2595 if (!hdr) 2596 goto nla_put_failure; 2597 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS); 2598 if (!pinfoattr) 2599 goto nla_put_failure; 2600 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2601 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 2602 cur_params.dot11MeshRetryTimeout); 2603 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 2604 cur_params.dot11MeshConfirmTimeout); 2605 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 2606 cur_params.dot11MeshHoldingTimeout); 2607 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 2608 cur_params.dot11MeshMaxPeerLinks); 2609 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 2610 cur_params.dot11MeshMaxRetries); 2611 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 2612 cur_params.dot11MeshTTL); 2613 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 2614 cur_params.auto_open_plinks); 2615 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2616 cur_params.dot11MeshHWMPmaxPREQretries); 2617 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 2618 cur_params.path_refresh_time); 2619 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2620 cur_params.min_discovery_timeout); 2621 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2622 cur_params.dot11MeshHWMPactivePathTimeout); 2623 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2624 cur_params.dot11MeshHWMPpreqMinInterval); 2625 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2626 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2627 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 2628 cur_params.dot11MeshHWMPRootMode); 2629 nla_nest_end(msg, pinfoattr); 2630 genlmsg_end(msg, hdr); 2631 err = genlmsg_reply(msg, info); 2632 goto out; 2633 2634 nla_put_failure: 2635 genlmsg_cancel(msg, hdr); 2636 err = -EMSGSIZE; 2637 out: 2638 /* Cleanup */ 2639 cfg80211_unlock_rdev(rdev); 2640 dev_put(dev); 2641 out_rtnl: 2642 rtnl_unlock(); 2643 2644 return err; 2645 } 2646 2647 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 2648 do {\ 2649 if (table[attr_num]) {\ 2650 cfg.param = nla_fn(table[attr_num]); \ 2651 mask |= (1 << (attr_num - 1)); \ 2652 } \ 2653 } while (0);\ 2654 2655 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 2656 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2657 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2658 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2659 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 2660 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 2661 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 2662 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 2663 2664 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 2665 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 2666 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 2667 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 2668 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 2669 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 2670 }; 2671 2672 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info) 2673 { 2674 int err; 2675 u32 mask; 2676 struct cfg80211_registered_device *rdev; 2677 struct net_device *dev; 2678 struct mesh_config cfg; 2679 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 2680 struct nlattr *parent_attr; 2681 2682 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS]; 2683 if (!parent_attr) 2684 return -EINVAL; 2685 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 2686 parent_attr, nl80211_meshconf_params_policy)) 2687 return -EINVAL; 2688 2689 rtnl_lock(); 2690 2691 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2692 if (err) 2693 goto out_rtnl; 2694 2695 if (!rdev->ops->set_mesh_params) { 2696 err = -EOPNOTSUPP; 2697 goto out; 2698 } 2699 2700 /* This makes sure that there aren't more than 32 mesh config 2701 * parameters (otherwise our bitfield scheme would not work.) */ 2702 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2703 2704 /* Fill in the params struct */ 2705 mask = 0; 2706 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 2707 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 2708 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 2709 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 2710 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 2711 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 2712 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 2713 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 2714 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 2715 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 2716 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 2717 mask, NL80211_MESHCONF_TTL, nla_get_u8); 2718 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 2719 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 2720 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 2721 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2722 nla_get_u8); 2723 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 2724 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 2725 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 2726 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2727 nla_get_u16); 2728 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 2729 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2730 nla_get_u32); 2731 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 2732 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2733 nla_get_u16); 2734 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2735 dot11MeshHWMPnetDiameterTraversalTime, 2736 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2737 nla_get_u16); 2738 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2739 dot11MeshHWMPRootMode, mask, 2740 NL80211_MESHCONF_HWMP_ROOTMODE, 2741 nla_get_u8); 2742 2743 /* Apply changes */ 2744 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2745 2746 out: 2747 /* cleanup */ 2748 cfg80211_unlock_rdev(rdev); 2749 dev_put(dev); 2750 out_rtnl: 2751 rtnl_unlock(); 2752 2753 return err; 2754 } 2755 2756 #undef FILL_IN_MESH_PARAM_IF_SET 2757 2758 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 2759 { 2760 struct sk_buff *msg; 2761 void *hdr = NULL; 2762 struct nlattr *nl_reg_rules; 2763 unsigned int i; 2764 int err = -EINVAL; 2765 2766 mutex_lock(&cfg80211_mutex); 2767 2768 if (!cfg80211_regdomain) 2769 goto out; 2770 2771 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2772 if (!msg) { 2773 err = -ENOBUFS; 2774 goto out; 2775 } 2776 2777 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2778 NL80211_CMD_GET_REG); 2779 if (!hdr) 2780 goto nla_put_failure; 2781 2782 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 2783 cfg80211_regdomain->alpha2); 2784 2785 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 2786 if (!nl_reg_rules) 2787 goto nla_put_failure; 2788 2789 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 2790 struct nlattr *nl_reg_rule; 2791 const struct ieee80211_reg_rule *reg_rule; 2792 const struct ieee80211_freq_range *freq_range; 2793 const struct ieee80211_power_rule *power_rule; 2794 2795 reg_rule = &cfg80211_regdomain->reg_rules[i]; 2796 freq_range = ®_rule->freq_range; 2797 power_rule = ®_rule->power_rule; 2798 2799 nl_reg_rule = nla_nest_start(msg, i); 2800 if (!nl_reg_rule) 2801 goto nla_put_failure; 2802 2803 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 2804 reg_rule->flags); 2805 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 2806 freq_range->start_freq_khz); 2807 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 2808 freq_range->end_freq_khz); 2809 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 2810 freq_range->max_bandwidth_khz); 2811 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 2812 power_rule->max_antenna_gain); 2813 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 2814 power_rule->max_eirp); 2815 2816 nla_nest_end(msg, nl_reg_rule); 2817 } 2818 2819 nla_nest_end(msg, nl_reg_rules); 2820 2821 genlmsg_end(msg, hdr); 2822 err = genlmsg_reply(msg, info); 2823 goto out; 2824 2825 nla_put_failure: 2826 genlmsg_cancel(msg, hdr); 2827 err = -EMSGSIZE; 2828 out: 2829 mutex_unlock(&cfg80211_mutex); 2830 return err; 2831 } 2832 2833 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 2834 { 2835 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 2836 struct nlattr *nl_reg_rule; 2837 char *alpha2 = NULL; 2838 int rem_reg_rules = 0, r = 0; 2839 u32 num_rules = 0, rule_idx = 0, size_of_regd; 2840 struct ieee80211_regdomain *rd = NULL; 2841 2842 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2843 return -EINVAL; 2844 2845 if (!info->attrs[NL80211_ATTR_REG_RULES]) 2846 return -EINVAL; 2847 2848 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2849 2850 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2851 rem_reg_rules) { 2852 num_rules++; 2853 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 2854 return -EINVAL; 2855 } 2856 2857 mutex_lock(&cfg80211_mutex); 2858 2859 if (!reg_is_valid_request(alpha2)) { 2860 r = -EINVAL; 2861 goto bad_reg; 2862 } 2863 2864 size_of_regd = sizeof(struct ieee80211_regdomain) + 2865 (num_rules * sizeof(struct ieee80211_reg_rule)); 2866 2867 rd = kzalloc(size_of_regd, GFP_KERNEL); 2868 if (!rd) { 2869 r = -ENOMEM; 2870 goto bad_reg; 2871 } 2872 2873 rd->n_reg_rules = num_rules; 2874 rd->alpha2[0] = alpha2[0]; 2875 rd->alpha2[1] = alpha2[1]; 2876 2877 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2878 rem_reg_rules) { 2879 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 2880 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 2881 reg_rule_policy); 2882 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 2883 if (r) 2884 goto bad_reg; 2885 2886 rule_idx++; 2887 2888 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 2889 r = -EINVAL; 2890 goto bad_reg; 2891 } 2892 } 2893 2894 BUG_ON(rule_idx != num_rules); 2895 2896 r = set_regdom(rd); 2897 2898 mutex_unlock(&cfg80211_mutex); 2899 2900 return r; 2901 2902 bad_reg: 2903 mutex_unlock(&cfg80211_mutex); 2904 kfree(rd); 2905 return r; 2906 } 2907 2908 static int validate_scan_freqs(struct nlattr *freqs) 2909 { 2910 struct nlattr *attr1, *attr2; 2911 int n_channels = 0, tmp1, tmp2; 2912 2913 nla_for_each_nested(attr1, freqs, tmp1) { 2914 n_channels++; 2915 /* 2916 * Some hardware has a limited channel list for 2917 * scanning, and it is pretty much nonsensical 2918 * to scan for a channel twice, so disallow that 2919 * and don't require drivers to check that the 2920 * channel list they get isn't longer than what 2921 * they can scan, as long as they can scan all 2922 * the channels they registered at once. 2923 */ 2924 nla_for_each_nested(attr2, freqs, tmp2) 2925 if (attr1 != attr2 && 2926 nla_get_u32(attr1) == nla_get_u32(attr2)) 2927 return 0; 2928 } 2929 2930 return n_channels; 2931 } 2932 2933 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 2934 { 2935 struct cfg80211_registered_device *rdev; 2936 struct net_device *dev; 2937 struct cfg80211_scan_request *request; 2938 struct cfg80211_ssid *ssid; 2939 struct ieee80211_channel *channel; 2940 struct nlattr *attr; 2941 struct wiphy *wiphy; 2942 int err, tmp, n_ssids = 0, n_channels, i; 2943 enum ieee80211_band band; 2944 size_t ie_len; 2945 2946 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 2947 return -EINVAL; 2948 2949 rtnl_lock(); 2950 2951 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2952 if (err) 2953 goto out_rtnl; 2954 2955 wiphy = &rdev->wiphy; 2956 2957 if (!rdev->ops->scan) { 2958 err = -EOPNOTSUPP; 2959 goto out; 2960 } 2961 2962 if (!netif_running(dev)) { 2963 err = -ENETDOWN; 2964 goto out; 2965 } 2966 2967 if (rdev->scan_req) { 2968 err = -EBUSY; 2969 goto out; 2970 } 2971 2972 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 2973 n_channels = validate_scan_freqs( 2974 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 2975 if (!n_channels) { 2976 err = -EINVAL; 2977 goto out; 2978 } 2979 } else { 2980 n_channels = 0; 2981 2982 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 2983 if (wiphy->bands[band]) 2984 n_channels += wiphy->bands[band]->n_channels; 2985 } 2986 2987 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 2988 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 2989 n_ssids++; 2990 2991 if (n_ssids > wiphy->max_scan_ssids) { 2992 err = -EINVAL; 2993 goto out; 2994 } 2995 2996 if (info->attrs[NL80211_ATTR_IE]) 2997 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 2998 else 2999 ie_len = 0; 3000 3001 if (ie_len > wiphy->max_scan_ie_len) { 3002 err = -EINVAL; 3003 goto out; 3004 } 3005 3006 request = kzalloc(sizeof(*request) 3007 + sizeof(*ssid) * n_ssids 3008 + sizeof(channel) * n_channels 3009 + ie_len, GFP_KERNEL); 3010 if (!request) { 3011 err = -ENOMEM; 3012 goto out; 3013 } 3014 3015 if (n_ssids) 3016 request->ssids = (void *)&request->channels[n_channels]; 3017 request->n_ssids = n_ssids; 3018 if (ie_len) { 3019 if (request->ssids) 3020 request->ie = (void *)(request->ssids + n_ssids); 3021 else 3022 request->ie = (void *)(request->channels + n_channels); 3023 } 3024 3025 i = 0; 3026 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3027 /* user specified, bail out if channel not found */ 3028 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3029 struct ieee80211_channel *chan; 3030 3031 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3032 3033 if (!chan) { 3034 err = -EINVAL; 3035 goto out_free; 3036 } 3037 3038 /* ignore disabled channels */ 3039 if (chan->flags & IEEE80211_CHAN_DISABLED) 3040 continue; 3041 3042 request->channels[i] = chan; 3043 i++; 3044 } 3045 } else { 3046 /* all channels */ 3047 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3048 int j; 3049 if (!wiphy->bands[band]) 3050 continue; 3051 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3052 struct ieee80211_channel *chan; 3053 3054 chan = &wiphy->bands[band]->channels[j]; 3055 3056 if (chan->flags & IEEE80211_CHAN_DISABLED) 3057 continue; 3058 3059 request->channels[i] = chan; 3060 i++; 3061 } 3062 } 3063 } 3064 3065 if (!i) { 3066 err = -EINVAL; 3067 goto out_free; 3068 } 3069 3070 request->n_channels = i; 3071 3072 i = 0; 3073 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3074 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3075 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3076 err = -EINVAL; 3077 goto out_free; 3078 } 3079 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3080 request->ssids[i].ssid_len = nla_len(attr); 3081 i++; 3082 } 3083 } 3084 3085 if (info->attrs[NL80211_ATTR_IE]) { 3086 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3087 memcpy((void *)request->ie, 3088 nla_data(info->attrs[NL80211_ATTR_IE]), 3089 request->ie_len); 3090 } 3091 3092 request->dev = dev; 3093 request->wiphy = &rdev->wiphy; 3094 3095 rdev->scan_req = request; 3096 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3097 3098 if (!err) { 3099 nl80211_send_scan_start(rdev, dev); 3100 dev_hold(dev); 3101 } 3102 3103 out_free: 3104 if (err) { 3105 rdev->scan_req = NULL; 3106 kfree(request); 3107 } 3108 out: 3109 cfg80211_unlock_rdev(rdev); 3110 dev_put(dev); 3111 out_rtnl: 3112 rtnl_unlock(); 3113 3114 return err; 3115 } 3116 3117 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, 3118 struct cfg80211_registered_device *rdev, 3119 struct wireless_dev *wdev, 3120 struct cfg80211_internal_bss *intbss) 3121 { 3122 struct cfg80211_bss *res = &intbss->pub; 3123 void *hdr; 3124 struct nlattr *bss; 3125 int i; 3126 3127 ASSERT_WDEV_LOCK(wdev); 3128 3129 hdr = nl80211hdr_put(msg, pid, seq, flags, 3130 NL80211_CMD_NEW_SCAN_RESULTS); 3131 if (!hdr) 3132 return -1; 3133 3134 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 3135 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 3136 3137 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 3138 if (!bss) 3139 goto nla_put_failure; 3140 if (!is_zero_ether_addr(res->bssid)) 3141 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 3142 if (res->information_elements && res->len_information_elements) 3143 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3144 res->len_information_elements, 3145 res->information_elements); 3146 if (res->beacon_ies && res->len_beacon_ies && 3147 res->beacon_ies != res->information_elements) 3148 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 3149 res->len_beacon_ies, res->beacon_ies); 3150 if (res->tsf) 3151 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3152 if (res->beacon_interval) 3153 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3154 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3155 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3156 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 3157 jiffies_to_msecs(jiffies - intbss->ts)); 3158 3159 switch (rdev->wiphy.signal_type) { 3160 case CFG80211_SIGNAL_TYPE_MBM: 3161 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 3162 break; 3163 case CFG80211_SIGNAL_TYPE_UNSPEC: 3164 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 3165 break; 3166 default: 3167 break; 3168 } 3169 3170 switch (wdev->iftype) { 3171 case NL80211_IFTYPE_STATION: 3172 if (intbss == wdev->current_bss) 3173 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3174 NL80211_BSS_STATUS_ASSOCIATED); 3175 else for (i = 0; i < MAX_AUTH_BSSES; i++) { 3176 if (intbss != wdev->auth_bsses[i]) 3177 continue; 3178 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3179 NL80211_BSS_STATUS_AUTHENTICATED); 3180 break; 3181 } 3182 break; 3183 case NL80211_IFTYPE_ADHOC: 3184 if (intbss == wdev->current_bss) 3185 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3186 NL80211_BSS_STATUS_IBSS_JOINED); 3187 break; 3188 default: 3189 break; 3190 } 3191 3192 nla_nest_end(msg, bss); 3193 3194 return genlmsg_end(msg, hdr); 3195 3196 nla_put_failure: 3197 genlmsg_cancel(msg, hdr); 3198 return -EMSGSIZE; 3199 } 3200 3201 static int nl80211_dump_scan(struct sk_buff *skb, 3202 struct netlink_callback *cb) 3203 { 3204 struct cfg80211_registered_device *rdev; 3205 struct net_device *dev; 3206 struct cfg80211_internal_bss *scan; 3207 struct wireless_dev *wdev; 3208 int ifidx = cb->args[0]; 3209 int start = cb->args[1], idx = 0; 3210 int err; 3211 3212 if (!ifidx) 3213 ifidx = nl80211_get_ifidx(cb); 3214 if (ifidx < 0) 3215 return ifidx; 3216 cb->args[0] = ifidx; 3217 3218 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3219 if (!dev) 3220 return -ENODEV; 3221 3222 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3223 if (IS_ERR(rdev)) { 3224 err = PTR_ERR(rdev); 3225 goto out_put_netdev; 3226 } 3227 3228 wdev = dev->ieee80211_ptr; 3229 3230 wdev_lock(wdev); 3231 spin_lock_bh(&rdev->bss_lock); 3232 cfg80211_bss_expire(rdev); 3233 3234 list_for_each_entry(scan, &rdev->bss_list, list) { 3235 if (++idx <= start) 3236 continue; 3237 if (nl80211_send_bss(skb, 3238 NETLINK_CB(cb->skb).pid, 3239 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3240 rdev, wdev, scan) < 0) { 3241 idx--; 3242 goto out; 3243 } 3244 } 3245 3246 out: 3247 spin_unlock_bh(&rdev->bss_lock); 3248 wdev_unlock(wdev); 3249 3250 cb->args[1] = idx; 3251 err = skb->len; 3252 cfg80211_unlock_rdev(rdev); 3253 out_put_netdev: 3254 dev_put(dev); 3255 3256 return err; 3257 } 3258 3259 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 3260 int flags, struct net_device *dev, 3261 struct survey_info *survey) 3262 { 3263 void *hdr; 3264 struct nlattr *infoattr; 3265 3266 /* Survey without a channel doesn't make sense */ 3267 if (!survey->channel) 3268 return -EINVAL; 3269 3270 hdr = nl80211hdr_put(msg, pid, seq, flags, 3271 NL80211_CMD_NEW_SURVEY_RESULTS); 3272 if (!hdr) 3273 return -ENOMEM; 3274 3275 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3276 3277 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 3278 if (!infoattr) 3279 goto nla_put_failure; 3280 3281 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 3282 survey->channel->center_freq); 3283 if (survey->filled & SURVEY_INFO_NOISE_DBM) 3284 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 3285 survey->noise); 3286 3287 nla_nest_end(msg, infoattr); 3288 3289 return genlmsg_end(msg, hdr); 3290 3291 nla_put_failure: 3292 genlmsg_cancel(msg, hdr); 3293 return -EMSGSIZE; 3294 } 3295 3296 static int nl80211_dump_survey(struct sk_buff *skb, 3297 struct netlink_callback *cb) 3298 { 3299 struct survey_info survey; 3300 struct cfg80211_registered_device *dev; 3301 struct net_device *netdev; 3302 int ifidx = cb->args[0]; 3303 int survey_idx = cb->args[1]; 3304 int res; 3305 3306 if (!ifidx) 3307 ifidx = nl80211_get_ifidx(cb); 3308 if (ifidx < 0) 3309 return ifidx; 3310 cb->args[0] = ifidx; 3311 3312 rtnl_lock(); 3313 3314 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3315 if (!netdev) { 3316 res = -ENODEV; 3317 goto out_rtnl; 3318 } 3319 3320 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3321 if (IS_ERR(dev)) { 3322 res = PTR_ERR(dev); 3323 goto out_rtnl; 3324 } 3325 3326 if (!dev->ops->dump_survey) { 3327 res = -EOPNOTSUPP; 3328 goto out_err; 3329 } 3330 3331 while (1) { 3332 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 3333 &survey); 3334 if (res == -ENOENT) 3335 break; 3336 if (res) 3337 goto out_err; 3338 3339 if (nl80211_send_survey(skb, 3340 NETLINK_CB(cb->skb).pid, 3341 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3342 netdev, 3343 &survey) < 0) 3344 goto out; 3345 survey_idx++; 3346 } 3347 3348 out: 3349 cb->args[1] = survey_idx; 3350 res = skb->len; 3351 out_err: 3352 cfg80211_unlock_rdev(dev); 3353 out_rtnl: 3354 rtnl_unlock(); 3355 3356 return res; 3357 } 3358 3359 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3360 { 3361 return auth_type <= NL80211_AUTHTYPE_MAX; 3362 } 3363 3364 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 3365 { 3366 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 3367 NL80211_WPA_VERSION_2)); 3368 } 3369 3370 static bool nl80211_valid_akm_suite(u32 akm) 3371 { 3372 return akm == WLAN_AKM_SUITE_8021X || 3373 akm == WLAN_AKM_SUITE_PSK; 3374 } 3375 3376 static bool nl80211_valid_cipher_suite(u32 cipher) 3377 { 3378 return cipher == WLAN_CIPHER_SUITE_WEP40 || 3379 cipher == WLAN_CIPHER_SUITE_WEP104 || 3380 cipher == WLAN_CIPHER_SUITE_TKIP || 3381 cipher == WLAN_CIPHER_SUITE_CCMP || 3382 cipher == WLAN_CIPHER_SUITE_AES_CMAC; 3383 } 3384 3385 3386 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 3387 { 3388 struct cfg80211_registered_device *rdev; 3389 struct net_device *dev; 3390 struct ieee80211_channel *chan; 3391 const u8 *bssid, *ssid, *ie = NULL; 3392 int err, ssid_len, ie_len = 0; 3393 enum nl80211_auth_type auth_type; 3394 struct key_parse key; 3395 3396 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3397 return -EINVAL; 3398 3399 if (!info->attrs[NL80211_ATTR_MAC]) 3400 return -EINVAL; 3401 3402 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 3403 return -EINVAL; 3404 3405 if (!info->attrs[NL80211_ATTR_SSID]) 3406 return -EINVAL; 3407 3408 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3409 return -EINVAL; 3410 3411 err = nl80211_parse_key(info, &key); 3412 if (err) 3413 return err; 3414 3415 if (key.idx >= 0) { 3416 if (!key.p.key || !key.p.key_len) 3417 return -EINVAL; 3418 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 3419 key.p.key_len != WLAN_KEY_LEN_WEP40) && 3420 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 3421 key.p.key_len != WLAN_KEY_LEN_WEP104)) 3422 return -EINVAL; 3423 if (key.idx > 4) 3424 return -EINVAL; 3425 } else { 3426 key.p.key_len = 0; 3427 key.p.key = NULL; 3428 } 3429 3430 rtnl_lock(); 3431 3432 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3433 if (err) 3434 goto unlock_rtnl; 3435 3436 if (!rdev->ops->auth) { 3437 err = -EOPNOTSUPP; 3438 goto out; 3439 } 3440 3441 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3442 err = -EOPNOTSUPP; 3443 goto out; 3444 } 3445 3446 if (!netif_running(dev)) { 3447 err = -ENETDOWN; 3448 goto out; 3449 } 3450 3451 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3452 chan = ieee80211_get_channel(&rdev->wiphy, 3453 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3454 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3455 err = -EINVAL; 3456 goto out; 3457 } 3458 3459 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3460 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3461 3462 if (info->attrs[NL80211_ATTR_IE]) { 3463 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3464 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3465 } 3466 3467 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 3468 if (!nl80211_valid_auth_type(auth_type)) { 3469 err = -EINVAL; 3470 goto out; 3471 } 3472 3473 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 3474 ssid, ssid_len, ie, ie_len, 3475 key.p.key, key.p.key_len, key.idx); 3476 3477 out: 3478 cfg80211_unlock_rdev(rdev); 3479 dev_put(dev); 3480 unlock_rtnl: 3481 rtnl_unlock(); 3482 return err; 3483 } 3484 3485 static int nl80211_crypto_settings(struct genl_info *info, 3486 struct cfg80211_crypto_settings *settings, 3487 int cipher_limit) 3488 { 3489 memset(settings, 0, sizeof(*settings)); 3490 3491 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 3492 3493 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 3494 void *data; 3495 int len, i; 3496 3497 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3498 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3499 settings->n_ciphers_pairwise = len / sizeof(u32); 3500 3501 if (len % sizeof(u32)) 3502 return -EINVAL; 3503 3504 if (settings->n_ciphers_pairwise > cipher_limit) 3505 return -EINVAL; 3506 3507 memcpy(settings->ciphers_pairwise, data, len); 3508 3509 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3510 if (!nl80211_valid_cipher_suite( 3511 settings->ciphers_pairwise[i])) 3512 return -EINVAL; 3513 } 3514 3515 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 3516 settings->cipher_group = 3517 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 3518 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 3519 return -EINVAL; 3520 } 3521 3522 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 3523 settings->wpa_versions = 3524 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 3525 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 3526 return -EINVAL; 3527 } 3528 3529 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 3530 void *data; 3531 int len, i; 3532 3533 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 3534 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 3535 settings->n_akm_suites = len / sizeof(u32); 3536 3537 if (len % sizeof(u32)) 3538 return -EINVAL; 3539 3540 memcpy(settings->akm_suites, data, len); 3541 3542 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3543 if (!nl80211_valid_akm_suite(settings->akm_suites[i])) 3544 return -EINVAL; 3545 } 3546 3547 return 0; 3548 } 3549 3550 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 3551 { 3552 struct cfg80211_registered_device *rdev; 3553 struct net_device *dev; 3554 struct wireless_dev *wdev; 3555 struct cfg80211_crypto_settings crypto; 3556 struct ieee80211_channel *chan, *fixedchan; 3557 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3558 int err, ssid_len, ie_len = 0; 3559 bool use_mfp = false; 3560 3561 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3562 return -EINVAL; 3563 3564 if (!info->attrs[NL80211_ATTR_MAC] || 3565 !info->attrs[NL80211_ATTR_SSID] || 3566 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3567 return -EINVAL; 3568 3569 rtnl_lock(); 3570 3571 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3572 if (err) 3573 goto unlock_rtnl; 3574 3575 if (!rdev->ops->assoc) { 3576 err = -EOPNOTSUPP; 3577 goto out; 3578 } 3579 3580 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3581 err = -EOPNOTSUPP; 3582 goto out; 3583 } 3584 3585 if (!netif_running(dev)) { 3586 err = -ENETDOWN; 3587 goto out; 3588 } 3589 3590 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3591 3592 chan = ieee80211_get_channel(&rdev->wiphy, 3593 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3594 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3595 err = -EINVAL; 3596 goto out; 3597 } 3598 3599 mutex_lock(&rdev->devlist_mtx); 3600 wdev = dev->ieee80211_ptr; 3601 fixedchan = rdev_fixed_channel(rdev, wdev); 3602 if (fixedchan && chan != fixedchan) { 3603 err = -EBUSY; 3604 mutex_unlock(&rdev->devlist_mtx); 3605 goto out; 3606 } 3607 mutex_unlock(&rdev->devlist_mtx); 3608 3609 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3610 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3611 3612 if (info->attrs[NL80211_ATTR_IE]) { 3613 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3614 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3615 } 3616 3617 if (info->attrs[NL80211_ATTR_USE_MFP]) { 3618 enum nl80211_mfp mfp = 3619 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 3620 if (mfp == NL80211_MFP_REQUIRED) 3621 use_mfp = true; 3622 else if (mfp != NL80211_MFP_NO) { 3623 err = -EINVAL; 3624 goto out; 3625 } 3626 } 3627 3628 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 3629 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 3630 3631 err = nl80211_crypto_settings(info, &crypto, 1); 3632 if (!err) 3633 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 3634 ssid, ssid_len, ie, ie_len, use_mfp, 3635 &crypto); 3636 3637 out: 3638 cfg80211_unlock_rdev(rdev); 3639 dev_put(dev); 3640 unlock_rtnl: 3641 rtnl_unlock(); 3642 return err; 3643 } 3644 3645 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 3646 { 3647 struct cfg80211_registered_device *rdev; 3648 struct net_device *dev; 3649 const u8 *ie = NULL, *bssid; 3650 int err, ie_len = 0; 3651 u16 reason_code; 3652 3653 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3654 return -EINVAL; 3655 3656 if (!info->attrs[NL80211_ATTR_MAC]) 3657 return -EINVAL; 3658 3659 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3660 return -EINVAL; 3661 3662 rtnl_lock(); 3663 3664 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3665 if (err) 3666 goto unlock_rtnl; 3667 3668 if (!rdev->ops->deauth) { 3669 err = -EOPNOTSUPP; 3670 goto out; 3671 } 3672 3673 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3674 err = -EOPNOTSUPP; 3675 goto out; 3676 } 3677 3678 if (!netif_running(dev)) { 3679 err = -ENETDOWN; 3680 goto out; 3681 } 3682 3683 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3684 3685 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3686 if (reason_code == 0) { 3687 /* Reason Code 0 is reserved */ 3688 err = -EINVAL; 3689 goto out; 3690 } 3691 3692 if (info->attrs[NL80211_ATTR_IE]) { 3693 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3694 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3695 } 3696 3697 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code); 3698 3699 out: 3700 cfg80211_unlock_rdev(rdev); 3701 dev_put(dev); 3702 unlock_rtnl: 3703 rtnl_unlock(); 3704 return err; 3705 } 3706 3707 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 3708 { 3709 struct cfg80211_registered_device *rdev; 3710 struct net_device *dev; 3711 const u8 *ie = NULL, *bssid; 3712 int err, ie_len = 0; 3713 u16 reason_code; 3714 3715 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3716 return -EINVAL; 3717 3718 if (!info->attrs[NL80211_ATTR_MAC]) 3719 return -EINVAL; 3720 3721 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3722 return -EINVAL; 3723 3724 rtnl_lock(); 3725 3726 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3727 if (err) 3728 goto unlock_rtnl; 3729 3730 if (!rdev->ops->disassoc) { 3731 err = -EOPNOTSUPP; 3732 goto out; 3733 } 3734 3735 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3736 err = -EOPNOTSUPP; 3737 goto out; 3738 } 3739 3740 if (!netif_running(dev)) { 3741 err = -ENETDOWN; 3742 goto out; 3743 } 3744 3745 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3746 3747 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3748 if (reason_code == 0) { 3749 /* Reason Code 0 is reserved */ 3750 err = -EINVAL; 3751 goto out; 3752 } 3753 3754 if (info->attrs[NL80211_ATTR_IE]) { 3755 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3756 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3757 } 3758 3759 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code); 3760 3761 out: 3762 cfg80211_unlock_rdev(rdev); 3763 dev_put(dev); 3764 unlock_rtnl: 3765 rtnl_unlock(); 3766 return err; 3767 } 3768 3769 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 3770 { 3771 struct cfg80211_registered_device *rdev; 3772 struct net_device *dev; 3773 struct cfg80211_ibss_params ibss; 3774 struct wiphy *wiphy; 3775 struct cfg80211_cached_keys *connkeys = NULL; 3776 int err; 3777 3778 memset(&ibss, 0, sizeof(ibss)); 3779 3780 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3781 return -EINVAL; 3782 3783 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 3784 !info->attrs[NL80211_ATTR_SSID] || 3785 !nla_len(info->attrs[NL80211_ATTR_SSID])) 3786 return -EINVAL; 3787 3788 ibss.beacon_interval = 100; 3789 3790 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 3791 ibss.beacon_interval = 3792 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3793 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 3794 return -EINVAL; 3795 } 3796 3797 rtnl_lock(); 3798 3799 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3800 if (err) 3801 goto unlock_rtnl; 3802 3803 if (!rdev->ops->join_ibss) { 3804 err = -EOPNOTSUPP; 3805 goto out; 3806 } 3807 3808 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3809 err = -EOPNOTSUPP; 3810 goto out; 3811 } 3812 3813 if (!netif_running(dev)) { 3814 err = -ENETDOWN; 3815 goto out; 3816 } 3817 3818 wiphy = &rdev->wiphy; 3819 3820 if (info->attrs[NL80211_ATTR_MAC]) 3821 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3822 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3823 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3824 3825 if (info->attrs[NL80211_ATTR_IE]) { 3826 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3827 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3828 } 3829 3830 ibss.channel = ieee80211_get_channel(wiphy, 3831 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3832 if (!ibss.channel || 3833 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 3834 ibss.channel->flags & IEEE80211_CHAN_DISABLED) { 3835 err = -EINVAL; 3836 goto out; 3837 } 3838 3839 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 3840 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3841 3842 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 3843 connkeys = nl80211_parse_connkeys(rdev, 3844 info->attrs[NL80211_ATTR_KEYS]); 3845 if (IS_ERR(connkeys)) { 3846 err = PTR_ERR(connkeys); 3847 connkeys = NULL; 3848 goto out; 3849 } 3850 } 3851 3852 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 3853 3854 out: 3855 cfg80211_unlock_rdev(rdev); 3856 dev_put(dev); 3857 unlock_rtnl: 3858 if (err) 3859 kfree(connkeys); 3860 rtnl_unlock(); 3861 return err; 3862 } 3863 3864 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 3865 { 3866 struct cfg80211_registered_device *rdev; 3867 struct net_device *dev; 3868 int err; 3869 3870 rtnl_lock(); 3871 3872 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3873 if (err) 3874 goto unlock_rtnl; 3875 3876 if (!rdev->ops->leave_ibss) { 3877 err = -EOPNOTSUPP; 3878 goto out; 3879 } 3880 3881 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3882 err = -EOPNOTSUPP; 3883 goto out; 3884 } 3885 3886 if (!netif_running(dev)) { 3887 err = -ENETDOWN; 3888 goto out; 3889 } 3890 3891 err = cfg80211_leave_ibss(rdev, dev, false); 3892 3893 out: 3894 cfg80211_unlock_rdev(rdev); 3895 dev_put(dev); 3896 unlock_rtnl: 3897 rtnl_unlock(); 3898 return err; 3899 } 3900 3901 #ifdef CONFIG_NL80211_TESTMODE 3902 static struct genl_multicast_group nl80211_testmode_mcgrp = { 3903 .name = "testmode", 3904 }; 3905 3906 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 3907 { 3908 struct cfg80211_registered_device *rdev; 3909 int err; 3910 3911 if (!info->attrs[NL80211_ATTR_TESTDATA]) 3912 return -EINVAL; 3913 3914 rtnl_lock(); 3915 3916 rdev = cfg80211_get_dev_from_info(info); 3917 if (IS_ERR(rdev)) { 3918 err = PTR_ERR(rdev); 3919 goto unlock_rtnl; 3920 } 3921 3922 err = -EOPNOTSUPP; 3923 if (rdev->ops->testmode_cmd) { 3924 rdev->testmode_info = info; 3925 err = rdev->ops->testmode_cmd(&rdev->wiphy, 3926 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 3927 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 3928 rdev->testmode_info = NULL; 3929 } 3930 3931 cfg80211_unlock_rdev(rdev); 3932 3933 unlock_rtnl: 3934 rtnl_unlock(); 3935 return err; 3936 } 3937 3938 static struct sk_buff * 3939 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 3940 int approxlen, u32 pid, u32 seq, gfp_t gfp) 3941 { 3942 struct sk_buff *skb; 3943 void *hdr; 3944 struct nlattr *data; 3945 3946 skb = nlmsg_new(approxlen + 100, gfp); 3947 if (!skb) 3948 return NULL; 3949 3950 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 3951 if (!hdr) { 3952 kfree_skb(skb); 3953 return NULL; 3954 } 3955 3956 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 3957 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 3958 3959 ((void **)skb->cb)[0] = rdev; 3960 ((void **)skb->cb)[1] = hdr; 3961 ((void **)skb->cb)[2] = data; 3962 3963 return skb; 3964 3965 nla_put_failure: 3966 kfree_skb(skb); 3967 return NULL; 3968 } 3969 3970 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 3971 int approxlen) 3972 { 3973 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 3974 3975 if (WARN_ON(!rdev->testmode_info)) 3976 return NULL; 3977 3978 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 3979 rdev->testmode_info->snd_pid, 3980 rdev->testmode_info->snd_seq, 3981 GFP_KERNEL); 3982 } 3983 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 3984 3985 int cfg80211_testmode_reply(struct sk_buff *skb) 3986 { 3987 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 3988 void *hdr = ((void **)skb->cb)[1]; 3989 struct nlattr *data = ((void **)skb->cb)[2]; 3990 3991 if (WARN_ON(!rdev->testmode_info)) { 3992 kfree_skb(skb); 3993 return -EINVAL; 3994 } 3995 3996 nla_nest_end(skb, data); 3997 genlmsg_end(skb, hdr); 3998 return genlmsg_reply(skb, rdev->testmode_info); 3999 } 4000 EXPORT_SYMBOL(cfg80211_testmode_reply); 4001 4002 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 4003 int approxlen, gfp_t gfp) 4004 { 4005 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4006 4007 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 4008 } 4009 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 4010 4011 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 4012 { 4013 void *hdr = ((void **)skb->cb)[1]; 4014 struct nlattr *data = ((void **)skb->cb)[2]; 4015 4016 nla_nest_end(skb, data); 4017 genlmsg_end(skb, hdr); 4018 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 4019 } 4020 EXPORT_SYMBOL(cfg80211_testmode_event); 4021 #endif 4022 4023 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 4024 { 4025 struct cfg80211_registered_device *rdev; 4026 struct net_device *dev; 4027 struct cfg80211_connect_params connect; 4028 struct wiphy *wiphy; 4029 struct cfg80211_cached_keys *connkeys = NULL; 4030 int err; 4031 4032 memset(&connect, 0, sizeof(connect)); 4033 4034 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4035 return -EINVAL; 4036 4037 if (!info->attrs[NL80211_ATTR_SSID] || 4038 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4039 return -EINVAL; 4040 4041 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4042 connect.auth_type = 4043 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4044 if (!nl80211_valid_auth_type(connect.auth_type)) 4045 return -EINVAL; 4046 } else 4047 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4048 4049 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 4050 4051 err = nl80211_crypto_settings(info, &connect.crypto, 4052 NL80211_MAX_NR_CIPHER_SUITES); 4053 if (err) 4054 return err; 4055 rtnl_lock(); 4056 4057 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4058 if (err) 4059 goto unlock_rtnl; 4060 4061 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4062 err = -EOPNOTSUPP; 4063 goto out; 4064 } 4065 4066 if (!netif_running(dev)) { 4067 err = -ENETDOWN; 4068 goto out; 4069 } 4070 4071 wiphy = &rdev->wiphy; 4072 4073 if (info->attrs[NL80211_ATTR_MAC]) 4074 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4075 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4076 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4077 4078 if (info->attrs[NL80211_ATTR_IE]) { 4079 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4080 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4081 } 4082 4083 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4084 connect.channel = 4085 ieee80211_get_channel(wiphy, 4086 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4087 if (!connect.channel || 4088 connect.channel->flags & IEEE80211_CHAN_DISABLED) { 4089 err = -EINVAL; 4090 goto out; 4091 } 4092 } 4093 4094 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4095 connkeys = nl80211_parse_connkeys(rdev, 4096 info->attrs[NL80211_ATTR_KEYS]); 4097 if (IS_ERR(connkeys)) { 4098 err = PTR_ERR(connkeys); 4099 connkeys = NULL; 4100 goto out; 4101 } 4102 } 4103 4104 err = cfg80211_connect(rdev, dev, &connect, connkeys); 4105 4106 out: 4107 cfg80211_unlock_rdev(rdev); 4108 dev_put(dev); 4109 unlock_rtnl: 4110 if (err) 4111 kfree(connkeys); 4112 rtnl_unlock(); 4113 return err; 4114 } 4115 4116 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 4117 { 4118 struct cfg80211_registered_device *rdev; 4119 struct net_device *dev; 4120 int err; 4121 u16 reason; 4122 4123 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4124 reason = WLAN_REASON_DEAUTH_LEAVING; 4125 else 4126 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4127 4128 if (reason == 0) 4129 return -EINVAL; 4130 4131 rtnl_lock(); 4132 4133 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4134 if (err) 4135 goto unlock_rtnl; 4136 4137 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4138 err = -EOPNOTSUPP; 4139 goto out; 4140 } 4141 4142 if (!netif_running(dev)) { 4143 err = -ENETDOWN; 4144 goto out; 4145 } 4146 4147 err = cfg80211_disconnect(rdev, dev, reason, true); 4148 4149 out: 4150 cfg80211_unlock_rdev(rdev); 4151 dev_put(dev); 4152 unlock_rtnl: 4153 rtnl_unlock(); 4154 return err; 4155 } 4156 4157 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 4158 { 4159 struct cfg80211_registered_device *rdev; 4160 struct net *net; 4161 int err; 4162 u32 pid; 4163 4164 if (!info->attrs[NL80211_ATTR_PID]) 4165 return -EINVAL; 4166 4167 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 4168 4169 rtnl_lock(); 4170 4171 rdev = cfg80211_get_dev_from_info(info); 4172 if (IS_ERR(rdev)) { 4173 err = PTR_ERR(rdev); 4174 goto out_rtnl; 4175 } 4176 4177 net = get_net_ns_by_pid(pid); 4178 if (IS_ERR(net)) { 4179 err = PTR_ERR(net); 4180 goto out; 4181 } 4182 4183 err = 0; 4184 4185 /* check if anything to do */ 4186 if (net_eq(wiphy_net(&rdev->wiphy), net)) 4187 goto out_put_net; 4188 4189 err = cfg80211_switch_netns(rdev, net); 4190 out_put_net: 4191 put_net(net); 4192 out: 4193 cfg80211_unlock_rdev(rdev); 4194 out_rtnl: 4195 rtnl_unlock(); 4196 return err; 4197 } 4198 4199 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 4200 { 4201 struct cfg80211_registered_device *rdev; 4202 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 4203 struct cfg80211_pmksa *pmksa) = NULL; 4204 int err; 4205 struct net_device *dev; 4206 struct cfg80211_pmksa pmksa; 4207 4208 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 4209 4210 if (!info->attrs[NL80211_ATTR_MAC]) 4211 return -EINVAL; 4212 4213 if (!info->attrs[NL80211_ATTR_PMKID]) 4214 return -EINVAL; 4215 4216 rtnl_lock(); 4217 4218 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4219 if (err) 4220 goto out_rtnl; 4221 4222 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 4223 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4224 4225 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4226 err = -EOPNOTSUPP; 4227 goto out; 4228 } 4229 4230 switch (info->genlhdr->cmd) { 4231 case NL80211_CMD_SET_PMKSA: 4232 rdev_ops = rdev->ops->set_pmksa; 4233 break; 4234 case NL80211_CMD_DEL_PMKSA: 4235 rdev_ops = rdev->ops->del_pmksa; 4236 break; 4237 default: 4238 WARN_ON(1); 4239 break; 4240 } 4241 4242 if (!rdev_ops) { 4243 err = -EOPNOTSUPP; 4244 goto out; 4245 } 4246 4247 err = rdev_ops(&rdev->wiphy, dev, &pmksa); 4248 4249 out: 4250 cfg80211_unlock_rdev(rdev); 4251 dev_put(dev); 4252 out_rtnl: 4253 rtnl_unlock(); 4254 4255 return err; 4256 } 4257 4258 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 4259 { 4260 struct cfg80211_registered_device *rdev; 4261 int err; 4262 struct net_device *dev; 4263 4264 rtnl_lock(); 4265 4266 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4267 if (err) 4268 goto out_rtnl; 4269 4270 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4271 err = -EOPNOTSUPP; 4272 goto out; 4273 } 4274 4275 if (!rdev->ops->flush_pmksa) { 4276 err = -EOPNOTSUPP; 4277 goto out; 4278 } 4279 4280 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev); 4281 4282 out: 4283 cfg80211_unlock_rdev(rdev); 4284 dev_put(dev); 4285 out_rtnl: 4286 rtnl_unlock(); 4287 4288 return err; 4289 4290 } 4291 4292 static int nl80211_remain_on_channel(struct sk_buff *skb, 4293 struct genl_info *info) 4294 { 4295 struct cfg80211_registered_device *rdev; 4296 struct net_device *dev; 4297 struct ieee80211_channel *chan; 4298 struct sk_buff *msg; 4299 void *hdr; 4300 u64 cookie; 4301 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4302 u32 freq, duration; 4303 int err; 4304 4305 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4306 !info->attrs[NL80211_ATTR_DURATION]) 4307 return -EINVAL; 4308 4309 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 4310 4311 /* 4312 * We should be on that channel for at least one jiffie, 4313 * and more than 5 seconds seems excessive. 4314 */ 4315 if (!duration || !msecs_to_jiffies(duration) || duration > 5000) 4316 return -EINVAL; 4317 4318 rtnl_lock(); 4319 4320 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4321 if (err) 4322 goto unlock_rtnl; 4323 4324 if (!rdev->ops->remain_on_channel) { 4325 err = -EOPNOTSUPP; 4326 goto out; 4327 } 4328 4329 if (!netif_running(dev)) { 4330 err = -ENETDOWN; 4331 goto out; 4332 } 4333 4334 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4335 channel_type = nla_get_u32( 4336 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4337 if (channel_type != NL80211_CHAN_NO_HT && 4338 channel_type != NL80211_CHAN_HT20 && 4339 channel_type != NL80211_CHAN_HT40PLUS && 4340 channel_type != NL80211_CHAN_HT40MINUS) 4341 err = -EINVAL; 4342 goto out; 4343 } 4344 4345 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4346 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4347 if (chan == NULL) { 4348 err = -EINVAL; 4349 goto out; 4350 } 4351 4352 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4353 if (!msg) { 4354 err = -ENOMEM; 4355 goto out; 4356 } 4357 4358 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4359 NL80211_CMD_REMAIN_ON_CHANNEL); 4360 4361 if (IS_ERR(hdr)) { 4362 err = PTR_ERR(hdr); 4363 goto free_msg; 4364 } 4365 4366 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 4367 channel_type, duration, &cookie); 4368 4369 if (err) 4370 goto free_msg; 4371 4372 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4373 4374 genlmsg_end(msg, hdr); 4375 err = genlmsg_reply(msg, info); 4376 goto out; 4377 4378 nla_put_failure: 4379 err = -ENOBUFS; 4380 free_msg: 4381 nlmsg_free(msg); 4382 out: 4383 cfg80211_unlock_rdev(rdev); 4384 dev_put(dev); 4385 unlock_rtnl: 4386 rtnl_unlock(); 4387 return err; 4388 } 4389 4390 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 4391 struct genl_info *info) 4392 { 4393 struct cfg80211_registered_device *rdev; 4394 struct net_device *dev; 4395 u64 cookie; 4396 int err; 4397 4398 if (!info->attrs[NL80211_ATTR_COOKIE]) 4399 return -EINVAL; 4400 4401 rtnl_lock(); 4402 4403 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4404 if (err) 4405 goto unlock_rtnl; 4406 4407 if (!rdev->ops->cancel_remain_on_channel) { 4408 err = -EOPNOTSUPP; 4409 goto out; 4410 } 4411 4412 if (!netif_running(dev)) { 4413 err = -ENETDOWN; 4414 goto out; 4415 } 4416 4417 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 4418 4419 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 4420 4421 out: 4422 cfg80211_unlock_rdev(rdev); 4423 dev_put(dev); 4424 unlock_rtnl: 4425 rtnl_unlock(); 4426 return err; 4427 } 4428 4429 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4430 u8 *rates, u8 rates_len) 4431 { 4432 u8 i; 4433 u32 mask = 0; 4434 4435 for (i = 0; i < rates_len; i++) { 4436 int rate = (rates[i] & 0x7f) * 5; 4437 int ridx; 4438 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4439 struct ieee80211_rate *srate = 4440 &sband->bitrates[ridx]; 4441 if (rate == srate->bitrate) { 4442 mask |= 1 << ridx; 4443 break; 4444 } 4445 } 4446 if (ridx == sband->n_bitrates) 4447 return 0; /* rate not found */ 4448 } 4449 4450 return mask; 4451 } 4452 4453 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 4454 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 4455 .len = NL80211_MAX_SUPP_RATES }, 4456 }; 4457 4458 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 4459 struct genl_info *info) 4460 { 4461 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4462 struct cfg80211_registered_device *rdev; 4463 struct cfg80211_bitrate_mask mask; 4464 int err, rem, i; 4465 struct net_device *dev; 4466 struct nlattr *tx_rates; 4467 struct ieee80211_supported_band *sband; 4468 4469 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 4470 return -EINVAL; 4471 4472 rtnl_lock(); 4473 4474 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4475 if (err) 4476 goto unlock_rtnl; 4477 4478 if (!rdev->ops->set_bitrate_mask) { 4479 err = -EOPNOTSUPP; 4480 goto unlock; 4481 } 4482 4483 memset(&mask, 0, sizeof(mask)); 4484 /* Default to all rates enabled */ 4485 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 4486 sband = rdev->wiphy.bands[i]; 4487 mask.control[i].legacy = 4488 sband ? (1 << sband->n_bitrates) - 1 : 0; 4489 } 4490 4491 /* 4492 * The nested attribute uses enum nl80211_band as the index. This maps 4493 * directly to the enum ieee80211_band values used in cfg80211. 4494 */ 4495 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 4496 { 4497 enum ieee80211_band band = nla_type(tx_rates); 4498 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4499 err = -EINVAL; 4500 goto unlock; 4501 } 4502 sband = rdev->wiphy.bands[band]; 4503 if (sband == NULL) { 4504 err = -EINVAL; 4505 goto unlock; 4506 } 4507 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 4508 nla_len(tx_rates), nl80211_txattr_policy); 4509 if (tb[NL80211_TXRATE_LEGACY]) { 4510 mask.control[band].legacy = rateset_to_mask( 4511 sband, 4512 nla_data(tb[NL80211_TXRATE_LEGACY]), 4513 nla_len(tb[NL80211_TXRATE_LEGACY])); 4514 if (mask.control[band].legacy == 0) { 4515 err = -EINVAL; 4516 goto unlock; 4517 } 4518 } 4519 } 4520 4521 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 4522 4523 unlock: 4524 dev_put(dev); 4525 cfg80211_unlock_rdev(rdev); 4526 unlock_rtnl: 4527 rtnl_unlock(); 4528 return err; 4529 } 4530 4531 static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info) 4532 { 4533 struct cfg80211_registered_device *rdev; 4534 struct net_device *dev; 4535 int err; 4536 4537 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 4538 return -EINVAL; 4539 4540 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1) 4541 return -EINVAL; 4542 4543 rtnl_lock(); 4544 4545 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4546 if (err) 4547 goto unlock_rtnl; 4548 4549 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4550 err = -EOPNOTSUPP; 4551 goto out; 4552 } 4553 4554 /* not much point in registering if we can't reply */ 4555 if (!rdev->ops->action) { 4556 err = -EOPNOTSUPP; 4557 goto out; 4558 } 4559 4560 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid, 4561 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 4562 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 4563 out: 4564 cfg80211_unlock_rdev(rdev); 4565 dev_put(dev); 4566 unlock_rtnl: 4567 rtnl_unlock(); 4568 return err; 4569 } 4570 4571 static int nl80211_action(struct sk_buff *skb, struct genl_info *info) 4572 { 4573 struct cfg80211_registered_device *rdev; 4574 struct net_device *dev; 4575 struct ieee80211_channel *chan; 4576 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4577 u32 freq; 4578 int err; 4579 void *hdr; 4580 u64 cookie; 4581 struct sk_buff *msg; 4582 4583 if (!info->attrs[NL80211_ATTR_FRAME] || 4584 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4585 return -EINVAL; 4586 4587 rtnl_lock(); 4588 4589 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4590 if (err) 4591 goto unlock_rtnl; 4592 4593 if (!rdev->ops->action) { 4594 err = -EOPNOTSUPP; 4595 goto out; 4596 } 4597 4598 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4599 err = -EOPNOTSUPP; 4600 goto out; 4601 } 4602 4603 if (!netif_running(dev)) { 4604 err = -ENETDOWN; 4605 goto out; 4606 } 4607 4608 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4609 channel_type = nla_get_u32( 4610 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4611 if (channel_type != NL80211_CHAN_NO_HT && 4612 channel_type != NL80211_CHAN_HT20 && 4613 channel_type != NL80211_CHAN_HT40PLUS && 4614 channel_type != NL80211_CHAN_HT40MINUS) 4615 err = -EINVAL; 4616 goto out; 4617 } 4618 4619 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4620 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4621 if (chan == NULL) { 4622 err = -EINVAL; 4623 goto out; 4624 } 4625 4626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4627 if (!msg) { 4628 err = -ENOMEM; 4629 goto out; 4630 } 4631 4632 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4633 NL80211_CMD_ACTION); 4634 4635 if (IS_ERR(hdr)) { 4636 err = PTR_ERR(hdr); 4637 goto free_msg; 4638 } 4639 err = cfg80211_mlme_action(rdev, dev, chan, channel_type, 4640 nla_data(info->attrs[NL80211_ATTR_FRAME]), 4641 nla_len(info->attrs[NL80211_ATTR_FRAME]), 4642 &cookie); 4643 if (err) 4644 goto free_msg; 4645 4646 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4647 4648 genlmsg_end(msg, hdr); 4649 err = genlmsg_reply(msg, info); 4650 goto out; 4651 4652 nla_put_failure: 4653 err = -ENOBUFS; 4654 free_msg: 4655 nlmsg_free(msg); 4656 out: 4657 cfg80211_unlock_rdev(rdev); 4658 dev_put(dev); 4659 unlock_rtnl: 4660 rtnl_unlock(); 4661 return err; 4662 } 4663 4664 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 4665 { 4666 struct cfg80211_registered_device *rdev; 4667 struct wireless_dev *wdev; 4668 struct net_device *dev; 4669 u8 ps_state; 4670 bool state; 4671 int err; 4672 4673 if (!info->attrs[NL80211_ATTR_PS_STATE]) { 4674 err = -EINVAL; 4675 goto out; 4676 } 4677 4678 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 4679 4680 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) { 4681 err = -EINVAL; 4682 goto out; 4683 } 4684 4685 rtnl_lock(); 4686 4687 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4688 if (err) 4689 goto unlock_rdev; 4690 4691 wdev = dev->ieee80211_ptr; 4692 4693 if (!rdev->ops->set_power_mgmt) { 4694 err = -EOPNOTSUPP; 4695 goto unlock_rdev; 4696 } 4697 4698 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 4699 4700 if (state == wdev->ps) 4701 goto unlock_rdev; 4702 4703 wdev->ps = state; 4704 4705 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps, 4706 wdev->ps_timeout)) 4707 /* assume this means it's off */ 4708 wdev->ps = false; 4709 4710 unlock_rdev: 4711 cfg80211_unlock_rdev(rdev); 4712 dev_put(dev); 4713 rtnl_unlock(); 4714 4715 out: 4716 return err; 4717 } 4718 4719 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 4720 { 4721 struct cfg80211_registered_device *rdev; 4722 enum nl80211_ps_state ps_state; 4723 struct wireless_dev *wdev; 4724 struct net_device *dev; 4725 struct sk_buff *msg; 4726 void *hdr; 4727 int err; 4728 4729 rtnl_lock(); 4730 4731 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4732 if (err) 4733 goto unlock_rtnl; 4734 4735 wdev = dev->ieee80211_ptr; 4736 4737 if (!rdev->ops->set_power_mgmt) { 4738 err = -EOPNOTSUPP; 4739 goto out; 4740 } 4741 4742 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4743 if (!msg) { 4744 err = -ENOMEM; 4745 goto out; 4746 } 4747 4748 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4749 NL80211_CMD_GET_POWER_SAVE); 4750 if (!hdr) { 4751 err = -ENOMEM; 4752 goto free_msg; 4753 } 4754 4755 if (wdev->ps) 4756 ps_state = NL80211_PS_ENABLED; 4757 else 4758 ps_state = NL80211_PS_DISABLED; 4759 4760 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 4761 4762 genlmsg_end(msg, hdr); 4763 err = genlmsg_reply(msg, info); 4764 goto out; 4765 4766 nla_put_failure: 4767 err = -ENOBUFS; 4768 4769 free_msg: 4770 nlmsg_free(msg); 4771 4772 out: 4773 cfg80211_unlock_rdev(rdev); 4774 dev_put(dev); 4775 4776 unlock_rtnl: 4777 rtnl_unlock(); 4778 4779 return err; 4780 } 4781 4782 static struct genl_ops nl80211_ops[] = { 4783 { 4784 .cmd = NL80211_CMD_GET_WIPHY, 4785 .doit = nl80211_get_wiphy, 4786 .dumpit = nl80211_dump_wiphy, 4787 .policy = nl80211_policy, 4788 /* can be retrieved by unprivileged users */ 4789 }, 4790 { 4791 .cmd = NL80211_CMD_SET_WIPHY, 4792 .doit = nl80211_set_wiphy, 4793 .policy = nl80211_policy, 4794 .flags = GENL_ADMIN_PERM, 4795 }, 4796 { 4797 .cmd = NL80211_CMD_GET_INTERFACE, 4798 .doit = nl80211_get_interface, 4799 .dumpit = nl80211_dump_interface, 4800 .policy = nl80211_policy, 4801 /* can be retrieved by unprivileged users */ 4802 }, 4803 { 4804 .cmd = NL80211_CMD_SET_INTERFACE, 4805 .doit = nl80211_set_interface, 4806 .policy = nl80211_policy, 4807 .flags = GENL_ADMIN_PERM, 4808 }, 4809 { 4810 .cmd = NL80211_CMD_NEW_INTERFACE, 4811 .doit = nl80211_new_interface, 4812 .policy = nl80211_policy, 4813 .flags = GENL_ADMIN_PERM, 4814 }, 4815 { 4816 .cmd = NL80211_CMD_DEL_INTERFACE, 4817 .doit = nl80211_del_interface, 4818 .policy = nl80211_policy, 4819 .flags = GENL_ADMIN_PERM, 4820 }, 4821 { 4822 .cmd = NL80211_CMD_GET_KEY, 4823 .doit = nl80211_get_key, 4824 .policy = nl80211_policy, 4825 .flags = GENL_ADMIN_PERM, 4826 }, 4827 { 4828 .cmd = NL80211_CMD_SET_KEY, 4829 .doit = nl80211_set_key, 4830 .policy = nl80211_policy, 4831 .flags = GENL_ADMIN_PERM, 4832 }, 4833 { 4834 .cmd = NL80211_CMD_NEW_KEY, 4835 .doit = nl80211_new_key, 4836 .policy = nl80211_policy, 4837 .flags = GENL_ADMIN_PERM, 4838 }, 4839 { 4840 .cmd = NL80211_CMD_DEL_KEY, 4841 .doit = nl80211_del_key, 4842 .policy = nl80211_policy, 4843 .flags = GENL_ADMIN_PERM, 4844 }, 4845 { 4846 .cmd = NL80211_CMD_SET_BEACON, 4847 .policy = nl80211_policy, 4848 .flags = GENL_ADMIN_PERM, 4849 .doit = nl80211_addset_beacon, 4850 }, 4851 { 4852 .cmd = NL80211_CMD_NEW_BEACON, 4853 .policy = nl80211_policy, 4854 .flags = GENL_ADMIN_PERM, 4855 .doit = nl80211_addset_beacon, 4856 }, 4857 { 4858 .cmd = NL80211_CMD_DEL_BEACON, 4859 .policy = nl80211_policy, 4860 .flags = GENL_ADMIN_PERM, 4861 .doit = nl80211_del_beacon, 4862 }, 4863 { 4864 .cmd = NL80211_CMD_GET_STATION, 4865 .doit = nl80211_get_station, 4866 .dumpit = nl80211_dump_station, 4867 .policy = nl80211_policy, 4868 }, 4869 { 4870 .cmd = NL80211_CMD_SET_STATION, 4871 .doit = nl80211_set_station, 4872 .policy = nl80211_policy, 4873 .flags = GENL_ADMIN_PERM, 4874 }, 4875 { 4876 .cmd = NL80211_CMD_NEW_STATION, 4877 .doit = nl80211_new_station, 4878 .policy = nl80211_policy, 4879 .flags = GENL_ADMIN_PERM, 4880 }, 4881 { 4882 .cmd = NL80211_CMD_DEL_STATION, 4883 .doit = nl80211_del_station, 4884 .policy = nl80211_policy, 4885 .flags = GENL_ADMIN_PERM, 4886 }, 4887 { 4888 .cmd = NL80211_CMD_GET_MPATH, 4889 .doit = nl80211_get_mpath, 4890 .dumpit = nl80211_dump_mpath, 4891 .policy = nl80211_policy, 4892 .flags = GENL_ADMIN_PERM, 4893 }, 4894 { 4895 .cmd = NL80211_CMD_SET_MPATH, 4896 .doit = nl80211_set_mpath, 4897 .policy = nl80211_policy, 4898 .flags = GENL_ADMIN_PERM, 4899 }, 4900 { 4901 .cmd = NL80211_CMD_NEW_MPATH, 4902 .doit = nl80211_new_mpath, 4903 .policy = nl80211_policy, 4904 .flags = GENL_ADMIN_PERM, 4905 }, 4906 { 4907 .cmd = NL80211_CMD_DEL_MPATH, 4908 .doit = nl80211_del_mpath, 4909 .policy = nl80211_policy, 4910 .flags = GENL_ADMIN_PERM, 4911 }, 4912 { 4913 .cmd = NL80211_CMD_SET_BSS, 4914 .doit = nl80211_set_bss, 4915 .policy = nl80211_policy, 4916 .flags = GENL_ADMIN_PERM, 4917 }, 4918 { 4919 .cmd = NL80211_CMD_GET_REG, 4920 .doit = nl80211_get_reg, 4921 .policy = nl80211_policy, 4922 /* can be retrieved by unprivileged users */ 4923 }, 4924 { 4925 .cmd = NL80211_CMD_SET_REG, 4926 .doit = nl80211_set_reg, 4927 .policy = nl80211_policy, 4928 .flags = GENL_ADMIN_PERM, 4929 }, 4930 { 4931 .cmd = NL80211_CMD_REQ_SET_REG, 4932 .doit = nl80211_req_set_reg, 4933 .policy = nl80211_policy, 4934 .flags = GENL_ADMIN_PERM, 4935 }, 4936 { 4937 .cmd = NL80211_CMD_GET_MESH_PARAMS, 4938 .doit = nl80211_get_mesh_params, 4939 .policy = nl80211_policy, 4940 /* can be retrieved by unprivileged users */ 4941 }, 4942 { 4943 .cmd = NL80211_CMD_SET_MESH_PARAMS, 4944 .doit = nl80211_set_mesh_params, 4945 .policy = nl80211_policy, 4946 .flags = GENL_ADMIN_PERM, 4947 }, 4948 { 4949 .cmd = NL80211_CMD_TRIGGER_SCAN, 4950 .doit = nl80211_trigger_scan, 4951 .policy = nl80211_policy, 4952 .flags = GENL_ADMIN_PERM, 4953 }, 4954 { 4955 .cmd = NL80211_CMD_GET_SCAN, 4956 .policy = nl80211_policy, 4957 .dumpit = nl80211_dump_scan, 4958 }, 4959 { 4960 .cmd = NL80211_CMD_AUTHENTICATE, 4961 .doit = nl80211_authenticate, 4962 .policy = nl80211_policy, 4963 .flags = GENL_ADMIN_PERM, 4964 }, 4965 { 4966 .cmd = NL80211_CMD_ASSOCIATE, 4967 .doit = nl80211_associate, 4968 .policy = nl80211_policy, 4969 .flags = GENL_ADMIN_PERM, 4970 }, 4971 { 4972 .cmd = NL80211_CMD_DEAUTHENTICATE, 4973 .doit = nl80211_deauthenticate, 4974 .policy = nl80211_policy, 4975 .flags = GENL_ADMIN_PERM, 4976 }, 4977 { 4978 .cmd = NL80211_CMD_DISASSOCIATE, 4979 .doit = nl80211_disassociate, 4980 .policy = nl80211_policy, 4981 .flags = GENL_ADMIN_PERM, 4982 }, 4983 { 4984 .cmd = NL80211_CMD_JOIN_IBSS, 4985 .doit = nl80211_join_ibss, 4986 .policy = nl80211_policy, 4987 .flags = GENL_ADMIN_PERM, 4988 }, 4989 { 4990 .cmd = NL80211_CMD_LEAVE_IBSS, 4991 .doit = nl80211_leave_ibss, 4992 .policy = nl80211_policy, 4993 .flags = GENL_ADMIN_PERM, 4994 }, 4995 #ifdef CONFIG_NL80211_TESTMODE 4996 { 4997 .cmd = NL80211_CMD_TESTMODE, 4998 .doit = nl80211_testmode_do, 4999 .policy = nl80211_policy, 5000 .flags = GENL_ADMIN_PERM, 5001 }, 5002 #endif 5003 { 5004 .cmd = NL80211_CMD_CONNECT, 5005 .doit = nl80211_connect, 5006 .policy = nl80211_policy, 5007 .flags = GENL_ADMIN_PERM, 5008 }, 5009 { 5010 .cmd = NL80211_CMD_DISCONNECT, 5011 .doit = nl80211_disconnect, 5012 .policy = nl80211_policy, 5013 .flags = GENL_ADMIN_PERM, 5014 }, 5015 { 5016 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 5017 .doit = nl80211_wiphy_netns, 5018 .policy = nl80211_policy, 5019 .flags = GENL_ADMIN_PERM, 5020 }, 5021 { 5022 .cmd = NL80211_CMD_GET_SURVEY, 5023 .policy = nl80211_policy, 5024 .dumpit = nl80211_dump_survey, 5025 }, 5026 { 5027 .cmd = NL80211_CMD_SET_PMKSA, 5028 .doit = nl80211_setdel_pmksa, 5029 .policy = nl80211_policy, 5030 .flags = GENL_ADMIN_PERM, 5031 }, 5032 { 5033 .cmd = NL80211_CMD_DEL_PMKSA, 5034 .doit = nl80211_setdel_pmksa, 5035 .policy = nl80211_policy, 5036 .flags = GENL_ADMIN_PERM, 5037 }, 5038 { 5039 .cmd = NL80211_CMD_FLUSH_PMKSA, 5040 .doit = nl80211_flush_pmksa, 5041 .policy = nl80211_policy, 5042 .flags = GENL_ADMIN_PERM, 5043 }, 5044 { 5045 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 5046 .doit = nl80211_remain_on_channel, 5047 .policy = nl80211_policy, 5048 .flags = GENL_ADMIN_PERM, 5049 }, 5050 { 5051 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5052 .doit = nl80211_cancel_remain_on_channel, 5053 .policy = nl80211_policy, 5054 .flags = GENL_ADMIN_PERM, 5055 }, 5056 { 5057 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 5058 .doit = nl80211_set_tx_bitrate_mask, 5059 .policy = nl80211_policy, 5060 .flags = GENL_ADMIN_PERM, 5061 }, 5062 { 5063 .cmd = NL80211_CMD_REGISTER_ACTION, 5064 .doit = nl80211_register_action, 5065 .policy = nl80211_policy, 5066 .flags = GENL_ADMIN_PERM, 5067 }, 5068 { 5069 .cmd = NL80211_CMD_ACTION, 5070 .doit = nl80211_action, 5071 .policy = nl80211_policy, 5072 .flags = GENL_ADMIN_PERM, 5073 }, 5074 { 5075 .cmd = NL80211_CMD_SET_POWER_SAVE, 5076 .doit = nl80211_set_power_save, 5077 .policy = nl80211_policy, 5078 .flags = GENL_ADMIN_PERM, 5079 }, 5080 { 5081 .cmd = NL80211_CMD_GET_POWER_SAVE, 5082 .doit = nl80211_get_power_save, 5083 .policy = nl80211_policy, 5084 /* can be retrieved by unprivileged users */ 5085 }, 5086 }; 5087 5088 static struct genl_multicast_group nl80211_mlme_mcgrp = { 5089 .name = "mlme", 5090 }; 5091 5092 /* multicast groups */ 5093 static struct genl_multicast_group nl80211_config_mcgrp = { 5094 .name = "config", 5095 }; 5096 static struct genl_multicast_group nl80211_scan_mcgrp = { 5097 .name = "scan", 5098 }; 5099 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 5100 .name = "regulatory", 5101 }; 5102 5103 /* notification functions */ 5104 5105 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 5106 { 5107 struct sk_buff *msg; 5108 5109 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5110 if (!msg) 5111 return; 5112 5113 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 5114 nlmsg_free(msg); 5115 return; 5116 } 5117 5118 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5119 nl80211_config_mcgrp.id, GFP_KERNEL); 5120 } 5121 5122 static int nl80211_add_scan_req(struct sk_buff *msg, 5123 struct cfg80211_registered_device *rdev) 5124 { 5125 struct cfg80211_scan_request *req = rdev->scan_req; 5126 struct nlattr *nest; 5127 int i; 5128 5129 ASSERT_RDEV_LOCK(rdev); 5130 5131 if (WARN_ON(!req)) 5132 return 0; 5133 5134 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 5135 if (!nest) 5136 goto nla_put_failure; 5137 for (i = 0; i < req->n_ssids; i++) 5138 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 5139 nla_nest_end(msg, nest); 5140 5141 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5142 if (!nest) 5143 goto nla_put_failure; 5144 for (i = 0; i < req->n_channels; i++) 5145 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 5146 nla_nest_end(msg, nest); 5147 5148 if (req->ie) 5149 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 5150 5151 return 0; 5152 nla_put_failure: 5153 return -ENOBUFS; 5154 } 5155 5156 static int nl80211_send_scan_msg(struct sk_buff *msg, 5157 struct cfg80211_registered_device *rdev, 5158 struct net_device *netdev, 5159 u32 pid, u32 seq, int flags, 5160 u32 cmd) 5161 { 5162 void *hdr; 5163 5164 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 5165 if (!hdr) 5166 return -1; 5167 5168 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5169 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5170 5171 /* ignore errors and send incomplete event anyway */ 5172 nl80211_add_scan_req(msg, rdev); 5173 5174 return genlmsg_end(msg, hdr); 5175 5176 nla_put_failure: 5177 genlmsg_cancel(msg, hdr); 5178 return -EMSGSIZE; 5179 } 5180 5181 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 5182 struct net_device *netdev) 5183 { 5184 struct sk_buff *msg; 5185 5186 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5187 if (!msg) 5188 return; 5189 5190 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5191 NL80211_CMD_TRIGGER_SCAN) < 0) { 5192 nlmsg_free(msg); 5193 return; 5194 } 5195 5196 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5197 nl80211_scan_mcgrp.id, GFP_KERNEL); 5198 } 5199 5200 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 5201 struct net_device *netdev) 5202 { 5203 struct sk_buff *msg; 5204 5205 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5206 if (!msg) 5207 return; 5208 5209 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5210 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 5211 nlmsg_free(msg); 5212 return; 5213 } 5214 5215 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5216 nl80211_scan_mcgrp.id, GFP_KERNEL); 5217 } 5218 5219 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 5220 struct net_device *netdev) 5221 { 5222 struct sk_buff *msg; 5223 5224 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5225 if (!msg) 5226 return; 5227 5228 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5229 NL80211_CMD_SCAN_ABORTED) < 0) { 5230 nlmsg_free(msg); 5231 return; 5232 } 5233 5234 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5235 nl80211_scan_mcgrp.id, GFP_KERNEL); 5236 } 5237 5238 /* 5239 * This can happen on global regulatory changes or device specific settings 5240 * based on custom world regulatory domains. 5241 */ 5242 void nl80211_send_reg_change_event(struct regulatory_request *request) 5243 { 5244 struct sk_buff *msg; 5245 void *hdr; 5246 5247 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5248 if (!msg) 5249 return; 5250 5251 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 5252 if (!hdr) { 5253 nlmsg_free(msg); 5254 return; 5255 } 5256 5257 /* Userspace can always count this one always being set */ 5258 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 5259 5260 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 5261 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5262 NL80211_REGDOM_TYPE_WORLD); 5263 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 5264 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5265 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 5266 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 5267 request->intersect) 5268 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5269 NL80211_REGDOM_TYPE_INTERSECTION); 5270 else { 5271 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5272 NL80211_REGDOM_TYPE_COUNTRY); 5273 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 5274 } 5275 5276 if (wiphy_idx_valid(request->wiphy_idx)) 5277 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 5278 5279 if (genlmsg_end(msg, hdr) < 0) { 5280 nlmsg_free(msg); 5281 return; 5282 } 5283 5284 rcu_read_lock(); 5285 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5286 GFP_ATOMIC); 5287 rcu_read_unlock(); 5288 5289 return; 5290 5291 nla_put_failure: 5292 genlmsg_cancel(msg, hdr); 5293 nlmsg_free(msg); 5294 } 5295 5296 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 5297 struct net_device *netdev, 5298 const u8 *buf, size_t len, 5299 enum nl80211_commands cmd, gfp_t gfp) 5300 { 5301 struct sk_buff *msg; 5302 void *hdr; 5303 5304 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5305 if (!msg) 5306 return; 5307 5308 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5309 if (!hdr) { 5310 nlmsg_free(msg); 5311 return; 5312 } 5313 5314 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5315 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5316 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5317 5318 if (genlmsg_end(msg, hdr) < 0) { 5319 nlmsg_free(msg); 5320 return; 5321 } 5322 5323 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5324 nl80211_mlme_mcgrp.id, gfp); 5325 return; 5326 5327 nla_put_failure: 5328 genlmsg_cancel(msg, hdr); 5329 nlmsg_free(msg); 5330 } 5331 5332 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 5333 struct net_device *netdev, const u8 *buf, 5334 size_t len, gfp_t gfp) 5335 { 5336 nl80211_send_mlme_event(rdev, netdev, buf, len, 5337 NL80211_CMD_AUTHENTICATE, gfp); 5338 } 5339 5340 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 5341 struct net_device *netdev, const u8 *buf, 5342 size_t len, gfp_t gfp) 5343 { 5344 nl80211_send_mlme_event(rdev, netdev, buf, len, 5345 NL80211_CMD_ASSOCIATE, gfp); 5346 } 5347 5348 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 5349 struct net_device *netdev, const u8 *buf, 5350 size_t len, gfp_t gfp) 5351 { 5352 nl80211_send_mlme_event(rdev, netdev, buf, len, 5353 NL80211_CMD_DEAUTHENTICATE, gfp); 5354 } 5355 5356 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 5357 struct net_device *netdev, const u8 *buf, 5358 size_t len, gfp_t gfp) 5359 { 5360 nl80211_send_mlme_event(rdev, netdev, buf, len, 5361 NL80211_CMD_DISASSOCIATE, gfp); 5362 } 5363 5364 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 5365 struct net_device *netdev, int cmd, 5366 const u8 *addr, gfp_t gfp) 5367 { 5368 struct sk_buff *msg; 5369 void *hdr; 5370 5371 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5372 if (!msg) 5373 return; 5374 5375 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5376 if (!hdr) { 5377 nlmsg_free(msg); 5378 return; 5379 } 5380 5381 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5382 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5383 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 5384 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5385 5386 if (genlmsg_end(msg, hdr) < 0) { 5387 nlmsg_free(msg); 5388 return; 5389 } 5390 5391 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5392 nl80211_mlme_mcgrp.id, gfp); 5393 return; 5394 5395 nla_put_failure: 5396 genlmsg_cancel(msg, hdr); 5397 nlmsg_free(msg); 5398 } 5399 5400 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 5401 struct net_device *netdev, const u8 *addr, 5402 gfp_t gfp) 5403 { 5404 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 5405 addr, gfp); 5406 } 5407 5408 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 5409 struct net_device *netdev, const u8 *addr, 5410 gfp_t gfp) 5411 { 5412 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 5413 addr, gfp); 5414 } 5415 5416 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 5417 struct net_device *netdev, const u8 *bssid, 5418 const u8 *req_ie, size_t req_ie_len, 5419 const u8 *resp_ie, size_t resp_ie_len, 5420 u16 status, gfp_t gfp) 5421 { 5422 struct sk_buff *msg; 5423 void *hdr; 5424 5425 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5426 if (!msg) 5427 return; 5428 5429 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 5430 if (!hdr) { 5431 nlmsg_free(msg); 5432 return; 5433 } 5434 5435 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5436 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5437 if (bssid) 5438 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5439 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 5440 if (req_ie) 5441 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5442 if (resp_ie) 5443 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5444 5445 if (genlmsg_end(msg, hdr) < 0) { 5446 nlmsg_free(msg); 5447 return; 5448 } 5449 5450 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5451 nl80211_mlme_mcgrp.id, gfp); 5452 return; 5453 5454 nla_put_failure: 5455 genlmsg_cancel(msg, hdr); 5456 nlmsg_free(msg); 5457 5458 } 5459 5460 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 5461 struct net_device *netdev, const u8 *bssid, 5462 const u8 *req_ie, size_t req_ie_len, 5463 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 5464 { 5465 struct sk_buff *msg; 5466 void *hdr; 5467 5468 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5469 if (!msg) 5470 return; 5471 5472 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 5473 if (!hdr) { 5474 nlmsg_free(msg); 5475 return; 5476 } 5477 5478 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5479 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5480 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5481 if (req_ie) 5482 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5483 if (resp_ie) 5484 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5485 5486 if (genlmsg_end(msg, hdr) < 0) { 5487 nlmsg_free(msg); 5488 return; 5489 } 5490 5491 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5492 nl80211_mlme_mcgrp.id, gfp); 5493 return; 5494 5495 nla_put_failure: 5496 genlmsg_cancel(msg, hdr); 5497 nlmsg_free(msg); 5498 5499 } 5500 5501 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 5502 struct net_device *netdev, u16 reason, 5503 const u8 *ie, size_t ie_len, bool from_ap) 5504 { 5505 struct sk_buff *msg; 5506 void *hdr; 5507 5508 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5509 if (!msg) 5510 return; 5511 5512 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 5513 if (!hdr) { 5514 nlmsg_free(msg); 5515 return; 5516 } 5517 5518 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5519 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5520 if (from_ap && reason) 5521 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 5522 if (from_ap) 5523 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 5524 if (ie) 5525 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 5526 5527 if (genlmsg_end(msg, hdr) < 0) { 5528 nlmsg_free(msg); 5529 return; 5530 } 5531 5532 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5533 nl80211_mlme_mcgrp.id, GFP_KERNEL); 5534 return; 5535 5536 nla_put_failure: 5537 genlmsg_cancel(msg, hdr); 5538 nlmsg_free(msg); 5539 5540 } 5541 5542 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 5543 struct net_device *netdev, const u8 *bssid, 5544 gfp_t gfp) 5545 { 5546 struct sk_buff *msg; 5547 void *hdr; 5548 5549 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5550 if (!msg) 5551 return; 5552 5553 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 5554 if (!hdr) { 5555 nlmsg_free(msg); 5556 return; 5557 } 5558 5559 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5560 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5561 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5562 5563 if (genlmsg_end(msg, hdr) < 0) { 5564 nlmsg_free(msg); 5565 return; 5566 } 5567 5568 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5569 nl80211_mlme_mcgrp.id, gfp); 5570 return; 5571 5572 nla_put_failure: 5573 genlmsg_cancel(msg, hdr); 5574 nlmsg_free(msg); 5575 } 5576 5577 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5578 struct net_device *netdev, const u8 *addr, 5579 enum nl80211_key_type key_type, int key_id, 5580 const u8 *tsc, gfp_t gfp) 5581 { 5582 struct sk_buff *msg; 5583 void *hdr; 5584 5585 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5586 if (!msg) 5587 return; 5588 5589 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 5590 if (!hdr) { 5591 nlmsg_free(msg); 5592 return; 5593 } 5594 5595 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5596 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5597 if (addr) 5598 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5599 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 5600 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 5601 if (tsc) 5602 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 5603 5604 if (genlmsg_end(msg, hdr) < 0) { 5605 nlmsg_free(msg); 5606 return; 5607 } 5608 5609 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5610 nl80211_mlme_mcgrp.id, gfp); 5611 return; 5612 5613 nla_put_failure: 5614 genlmsg_cancel(msg, hdr); 5615 nlmsg_free(msg); 5616 } 5617 5618 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 5619 struct ieee80211_channel *channel_before, 5620 struct ieee80211_channel *channel_after) 5621 { 5622 struct sk_buff *msg; 5623 void *hdr; 5624 struct nlattr *nl_freq; 5625 5626 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 5627 if (!msg) 5628 return; 5629 5630 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 5631 if (!hdr) { 5632 nlmsg_free(msg); 5633 return; 5634 } 5635 5636 /* 5637 * Since we are applying the beacon hint to a wiphy we know its 5638 * wiphy_idx is valid 5639 */ 5640 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 5641 5642 /* Before */ 5643 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 5644 if (!nl_freq) 5645 goto nla_put_failure; 5646 if (nl80211_msg_put_channel(msg, channel_before)) 5647 goto nla_put_failure; 5648 nla_nest_end(msg, nl_freq); 5649 5650 /* After */ 5651 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 5652 if (!nl_freq) 5653 goto nla_put_failure; 5654 if (nl80211_msg_put_channel(msg, channel_after)) 5655 goto nla_put_failure; 5656 nla_nest_end(msg, nl_freq); 5657 5658 if (genlmsg_end(msg, hdr) < 0) { 5659 nlmsg_free(msg); 5660 return; 5661 } 5662 5663 rcu_read_lock(); 5664 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5665 GFP_ATOMIC); 5666 rcu_read_unlock(); 5667 5668 return; 5669 5670 nla_put_failure: 5671 genlmsg_cancel(msg, hdr); 5672 nlmsg_free(msg); 5673 } 5674 5675 static void nl80211_send_remain_on_chan_event( 5676 int cmd, struct cfg80211_registered_device *rdev, 5677 struct net_device *netdev, u64 cookie, 5678 struct ieee80211_channel *chan, 5679 enum nl80211_channel_type channel_type, 5680 unsigned int duration, gfp_t gfp) 5681 { 5682 struct sk_buff *msg; 5683 void *hdr; 5684 5685 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5686 if (!msg) 5687 return; 5688 5689 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5690 if (!hdr) { 5691 nlmsg_free(msg); 5692 return; 5693 } 5694 5695 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5696 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5697 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 5698 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 5699 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5700 5701 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 5702 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5703 5704 if (genlmsg_end(msg, hdr) < 0) { 5705 nlmsg_free(msg); 5706 return; 5707 } 5708 5709 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5710 nl80211_mlme_mcgrp.id, gfp); 5711 return; 5712 5713 nla_put_failure: 5714 genlmsg_cancel(msg, hdr); 5715 nlmsg_free(msg); 5716 } 5717 5718 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 5719 struct net_device *netdev, u64 cookie, 5720 struct ieee80211_channel *chan, 5721 enum nl80211_channel_type channel_type, 5722 unsigned int duration, gfp_t gfp) 5723 { 5724 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 5725 rdev, netdev, cookie, chan, 5726 channel_type, duration, gfp); 5727 } 5728 5729 void nl80211_send_remain_on_channel_cancel( 5730 struct cfg80211_registered_device *rdev, struct net_device *netdev, 5731 u64 cookie, struct ieee80211_channel *chan, 5732 enum nl80211_channel_type channel_type, gfp_t gfp) 5733 { 5734 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5735 rdev, netdev, cookie, chan, 5736 channel_type, 0, gfp); 5737 } 5738 5739 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 5740 struct net_device *dev, const u8 *mac_addr, 5741 struct station_info *sinfo, gfp_t gfp) 5742 { 5743 struct sk_buff *msg; 5744 5745 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5746 if (!msg) 5747 return; 5748 5749 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) { 5750 nlmsg_free(msg); 5751 return; 5752 } 5753 5754 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5755 nl80211_mlme_mcgrp.id, gfp); 5756 } 5757 5758 int nl80211_send_action(struct cfg80211_registered_device *rdev, 5759 struct net_device *netdev, u32 nlpid, 5760 int freq, const u8 *buf, size_t len, gfp_t gfp) 5761 { 5762 struct sk_buff *msg; 5763 void *hdr; 5764 int err; 5765 5766 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5767 if (!msg) 5768 return -ENOMEM; 5769 5770 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION); 5771 if (!hdr) { 5772 nlmsg_free(msg); 5773 return -ENOMEM; 5774 } 5775 5776 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5777 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5778 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5779 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5780 5781 err = genlmsg_end(msg, hdr); 5782 if (err < 0) { 5783 nlmsg_free(msg); 5784 return err; 5785 } 5786 5787 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 5788 if (err < 0) 5789 return err; 5790 return 0; 5791 5792 nla_put_failure: 5793 genlmsg_cancel(msg, hdr); 5794 nlmsg_free(msg); 5795 return -ENOBUFS; 5796 } 5797 5798 void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev, 5799 struct net_device *netdev, u64 cookie, 5800 const u8 *buf, size_t len, bool ack, 5801 gfp_t gfp) 5802 { 5803 struct sk_buff *msg; 5804 void *hdr; 5805 5806 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5807 if (!msg) 5808 return; 5809 5810 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS); 5811 if (!hdr) { 5812 nlmsg_free(msg); 5813 return; 5814 } 5815 5816 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5817 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5818 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5819 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5820 if (ack) 5821 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 5822 5823 if (genlmsg_end(msg, hdr) < 0) { 5824 nlmsg_free(msg); 5825 return; 5826 } 5827 5828 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 5829 return; 5830 5831 nla_put_failure: 5832 genlmsg_cancel(msg, hdr); 5833 nlmsg_free(msg); 5834 } 5835 5836 static int nl80211_netlink_notify(struct notifier_block * nb, 5837 unsigned long state, 5838 void *_notify) 5839 { 5840 struct netlink_notify *notify = _notify; 5841 struct cfg80211_registered_device *rdev; 5842 struct wireless_dev *wdev; 5843 5844 if (state != NETLINK_URELEASE) 5845 return NOTIFY_DONE; 5846 5847 rcu_read_lock(); 5848 5849 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) 5850 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 5851 cfg80211_mlme_unregister_actions(wdev, notify->pid); 5852 5853 rcu_read_unlock(); 5854 5855 return NOTIFY_DONE; 5856 } 5857 5858 static struct notifier_block nl80211_netlink_notifier = { 5859 .notifier_call = nl80211_netlink_notify, 5860 }; 5861 5862 /* initialisation/exit functions */ 5863 5864 int nl80211_init(void) 5865 { 5866 int err; 5867 5868 err = genl_register_family_with_ops(&nl80211_fam, 5869 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 5870 if (err) 5871 return err; 5872 5873 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 5874 if (err) 5875 goto err_out; 5876 5877 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 5878 if (err) 5879 goto err_out; 5880 5881 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 5882 if (err) 5883 goto err_out; 5884 5885 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 5886 if (err) 5887 goto err_out; 5888 5889 #ifdef CONFIG_NL80211_TESTMODE 5890 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 5891 if (err) 5892 goto err_out; 5893 #endif 5894 5895 err = netlink_register_notifier(&nl80211_netlink_notifier); 5896 if (err) 5897 goto err_out; 5898 5899 return 0; 5900 err_out: 5901 genl_unregister_family(&nl80211_fam); 5902 return err; 5903 } 5904 5905 void nl80211_exit(void) 5906 { 5907 netlink_unregister_notifier(&nl80211_netlink_notifier); 5908 genl_unregister_family(&nl80211_fam); 5909 } 5910