1 /*
2  * WPA Supplicant / Control interface (shared code for all backends)
3  * Copyright (c) 2004-2020, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 #ifdef CONFIG_TESTING_OPTIONS
11 #include <netinet/ip.h>
12 #endif /* CONFIG_TESTING_OPTIONS */
13 
14 #include "utils/common.h"
15 #include "utils/eloop.h"
16 #include "utils/uuid.h"
17 #include "utils/module_tests.h"
18 #include "common/version.h"
19 #include "common/ieee802_11_defs.h"
20 #include "common/ieee802_11_common.h"
21 #include "common/wpa_ctrl.h"
22 #ifdef CONFIG_DPP
23 #include "common/dpp.h"
24 #endif /* CONFIG_DPP */
25 #include "common/ptksa_cache.h"
26 #include "crypto/tls.h"
27 #include "ap/hostapd.h"
28 #include "eap_peer/eap.h"
29 #include "eapol_supp/eapol_supp_sm.h"
30 #include "rsn_supp/wpa.h"
31 #include "rsn_supp/preauth.h"
32 #include "rsn_supp/pmksa_cache.h"
33 #include "l2_packet/l2_packet.h"
34 #include "wps/wps.h"
35 #include "fst/fst.h"
36 #include "fst/fst_ctrl_iface.h"
37 #include "config.h"
38 #include "wpa_supplicant_i.h"
39 #include "driver_i.h"
40 #include "wps_supplicant.h"
41 #include "ibss_rsn.h"
42 #include "wpas_glue.h"
43 #include "ap.h"
44 #include "p2p_supplicant.h"
45 #include "p2p/p2p.h"
46 #include "hs20_supplicant.h"
47 #include "wifi_display.h"
48 #include "notify.h"
49 #include "bss.h"
50 #include "scan.h"
51 #include "ctrl_iface.h"
52 #include "interworking.h"
53 #include "bssid_ignore.h"
54 #include "autoscan.h"
55 #include "wnm_sta.h"
56 #include "offchannel.h"
57 #include "drivers/driver.h"
58 #include "mesh.h"
59 #include "dpp_supplicant.h"
60 #include "sme.h"
61 
62 #ifdef __NetBSD__
63 #include <net/if_ether.h>
64 #elif !defined(__CYGWIN__) && !defined(CONFIG_NATIVE_WINDOWS)
65 #include <net/ethernet.h>
66 #endif
67 
68 static int wpa_supplicant_global_iface_list(struct wpa_global *global,
69 					    char *buf, int len);
70 static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
71 						  const char *input,
72 						  char *buf, int len);
73 static int * freq_range_to_channel_list(struct wpa_supplicant *wpa_s,
74 					char *val);
75 
76 
77 static int set_bssid_filter(struct wpa_supplicant *wpa_s, char *val)
78 {
79 	char *pos;
80 	u8 addr[ETH_ALEN], *filter = NULL, *n;
81 	size_t count = 0;
82 
83 	pos = val;
84 	while (pos) {
85 		if (*pos == '\0')
86 			break;
87 		if (hwaddr_aton(pos, addr)) {
88 			os_free(filter);
89 			return -1;
90 		}
91 		n = os_realloc_array(filter, count + 1, ETH_ALEN);
92 		if (n == NULL) {
93 			os_free(filter);
94 			return -1;
95 		}
96 		filter = n;
97 		os_memcpy(filter + count * ETH_ALEN, addr, ETH_ALEN);
98 		count++;
99 
100 		pos = os_strchr(pos, ' ');
101 		if (pos)
102 			pos++;
103 	}
104 
105 	wpa_hexdump(MSG_DEBUG, "bssid_filter", filter, count * ETH_ALEN);
106 	os_free(wpa_s->bssid_filter);
107 	wpa_s->bssid_filter = filter;
108 	wpa_s->bssid_filter_count = count;
109 
110 	return 0;
111 }
112 
113 
114 static int set_disallow_aps(struct wpa_supplicant *wpa_s, char *val)
115 {
116 	char *pos;
117 	u8 addr[ETH_ALEN], *bssid = NULL, *n;
118 	struct wpa_ssid_value *ssid = NULL, *ns;
119 	size_t count = 0, ssid_count = 0;
120 	struct wpa_ssid *c;
121 
122 	/*
123 	 * disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | ""
124 	 * SSID_SPEC ::= ssid <SSID_HEX>
125 	 * BSSID_SPEC ::= bssid <BSSID_HEX>
126 	 */
127 
128 	pos = val;
129 	while (pos) {
130 		if (*pos == '\0')
131 			break;
132 		if (os_strncmp(pos, "bssid ", 6) == 0) {
133 			int res;
134 			pos += 6;
135 			res = hwaddr_aton2(pos, addr);
136 			if (res < 0) {
137 				os_free(ssid);
138 				os_free(bssid);
139 				wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
140 					   "BSSID value '%s'", pos);
141 				return -1;
142 			}
143 			pos += res;
144 			n = os_realloc_array(bssid, count + 1, ETH_ALEN);
145 			if (n == NULL) {
146 				os_free(ssid);
147 				os_free(bssid);
148 				return -1;
149 			}
150 			bssid = n;
151 			os_memcpy(bssid + count * ETH_ALEN, addr, ETH_ALEN);
152 			count++;
153 		} else if (os_strncmp(pos, "ssid ", 5) == 0) {
154 			char *end;
155 			pos += 5;
156 
157 			end = pos;
158 			while (*end) {
159 				if (*end == '\0' || *end == ' ')
160 					break;
161 				end++;
162 			}
163 
164 			ns = os_realloc_array(ssid, ssid_count + 1,
165 					      sizeof(struct wpa_ssid_value));
166 			if (ns == NULL) {
167 				os_free(ssid);
168 				os_free(bssid);
169 				return -1;
170 			}
171 			ssid = ns;
172 
173 			if ((end - pos) & 0x01 ||
174 			    end - pos > 2 * SSID_MAX_LEN ||
175 			    hexstr2bin(pos, ssid[ssid_count].ssid,
176 				       (end - pos) / 2) < 0) {
177 				os_free(ssid);
178 				os_free(bssid);
179 				wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
180 					   "SSID value '%s'", pos);
181 				return -1;
182 			}
183 			ssid[ssid_count].ssid_len = (end - pos) / 2;
184 			wpa_hexdump_ascii(MSG_DEBUG, "disallow_aps SSID",
185 					  ssid[ssid_count].ssid,
186 					  ssid[ssid_count].ssid_len);
187 			ssid_count++;
188 			pos = end;
189 		} else {
190 			wpa_printf(MSG_DEBUG, "Unexpected disallow_aps value "
191 				   "'%s'", pos);
192 			os_free(ssid);
193 			os_free(bssid);
194 			return -1;
195 		}
196 
197 		pos = os_strchr(pos, ' ');
198 		if (pos)
199 			pos++;
200 	}
201 
202 	wpa_hexdump(MSG_DEBUG, "disallow_aps_bssid", bssid, count * ETH_ALEN);
203 	os_free(wpa_s->disallow_aps_bssid);
204 	wpa_s->disallow_aps_bssid = bssid;
205 	wpa_s->disallow_aps_bssid_count = count;
206 
207 	wpa_printf(MSG_DEBUG, "disallow_aps_ssid_count %d", (int) ssid_count);
208 	os_free(wpa_s->disallow_aps_ssid);
209 	wpa_s->disallow_aps_ssid = ssid;
210 	wpa_s->disallow_aps_ssid_count = ssid_count;
211 
212 	if (!wpa_s->current_ssid || wpa_s->wpa_state < WPA_AUTHENTICATING)
213 		return 0;
214 
215 	c = wpa_s->current_ssid;
216 	if (c->mode != WPAS_MODE_INFRA && c->mode != WPAS_MODE_IBSS)
217 		return 0;
218 
219 	if (!disallowed_bssid(wpa_s, wpa_s->bssid) &&
220 	    !disallowed_ssid(wpa_s, c->ssid, c->ssid_len))
221 		return 0;
222 
223 	wpa_printf(MSG_DEBUG, "Disconnect and try to find another network "
224 		   "because current AP was marked disallowed");
225 
226 #ifdef CONFIG_SME
227 	wpa_s->sme.prev_bssid_set = 0;
228 #endif /* CONFIG_SME */
229 	wpa_s->reassociate = 1;
230 	wpa_s->own_disconnect_req = 1;
231 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
232 	wpa_supplicant_req_scan(wpa_s, 0, 0);
233 
234 	return 0;
235 }
236 
237 
238 #ifndef CONFIG_NO_CONFIG_BLOBS
239 static int wpas_ctrl_set_blob(struct wpa_supplicant *wpa_s, char *pos)
240 {
241 	char *name = pos;
242 	struct wpa_config_blob *blob;
243 	size_t len;
244 
245 	pos = os_strchr(pos, ' ');
246 	if (pos == NULL)
247 		return -1;
248 	*pos++ = '\0';
249 	len = os_strlen(pos);
250 	if (len & 1)
251 		return -1;
252 
253 	wpa_printf(MSG_DEBUG, "CTRL: Set blob '%s'", name);
254 	blob = os_zalloc(sizeof(*blob));
255 	if (blob == NULL)
256 		return -1;
257 	blob->name = os_strdup(name);
258 	blob->data = os_malloc(len / 2);
259 	if (blob->name == NULL || blob->data == NULL) {
260 		wpa_config_free_blob(blob);
261 		return -1;
262 	}
263 
264 	if (hexstr2bin(pos, blob->data, len / 2) < 0) {
265 		wpa_printf(MSG_DEBUG, "CTRL: Invalid blob hex data");
266 		wpa_config_free_blob(blob);
267 		return -1;
268 	}
269 	blob->len = len / 2;
270 
271 	wpa_config_set_blob(wpa_s->conf, blob);
272 
273 	return 0;
274 }
275 #endif /* CONFIG_NO_CONFIG_BLOBS */
276 
277 
278 static int wpas_ctrl_pno(struct wpa_supplicant *wpa_s, char *cmd)
279 {
280 	char *params;
281 	char *pos;
282 	int *freqs = NULL;
283 	int ret;
284 
285 	if (atoi(cmd)) {
286 		params = os_strchr(cmd, ' ');
287 		os_free(wpa_s->manual_sched_scan_freqs);
288 		if (params) {
289 			params++;
290 			pos = os_strstr(params, "freq=");
291 			if (pos)
292 				freqs = freq_range_to_channel_list(wpa_s,
293 								   pos + 5);
294 		}
295 		wpa_s->manual_sched_scan_freqs = freqs;
296 		ret = wpas_start_pno(wpa_s);
297 	} else {
298 		ret = wpas_stop_pno(wpa_s);
299 	}
300 	return ret;
301 }
302 
303 
304 static int wpas_ctrl_set_band(struct wpa_supplicant *wpa_s, char *bands)
305 {
306 	union wpa_event_data event;
307 	u32 setband_mask = WPA_SETBAND_AUTO;
308 
309 	/*
310 	 * For example:
311 	 *  SET setband 2G,6G
312 	 *  SET setband 5G
313 	 *  SET setband AUTO
314 	 */
315 	if (!os_strstr(bands, "AUTO")) {
316 		if (os_strstr(bands, "5G"))
317 			setband_mask |= WPA_SETBAND_5G;
318 		if (os_strstr(bands, "6G"))
319 			setband_mask |= WPA_SETBAND_6G;
320 		if (os_strstr(bands, "2G"))
321 			setband_mask |= WPA_SETBAND_2G;
322 		if (setband_mask == WPA_SETBAND_AUTO)
323 			return -1;
324 	}
325 
326 	wpa_s->setband_mask = setband_mask;
327 	if (wpa_drv_setband(wpa_s, wpa_s->setband_mask) == 0) {
328 		os_memset(&event, 0, sizeof(event));
329 		event.channel_list_changed.initiator = REGDOM_SET_BY_USER;
330 		event.channel_list_changed.type = REGDOM_TYPE_UNKNOWN;
331 		wpa_supplicant_event(wpa_s, EVENT_CHANNEL_LIST_CHANGED, &event);
332 	}
333 
334 	return 0;
335 }
336 
337 
338 static int wpas_ctrl_iface_set_lci(struct wpa_supplicant *wpa_s,
339 				   const char *cmd)
340 {
341 	struct wpabuf *lci;
342 
343 	if (*cmd == '\0' || os_strcmp(cmd, "\"\"") == 0) {
344 		wpabuf_free(wpa_s->lci);
345 		wpa_s->lci = NULL;
346 		return 0;
347 	}
348 
349 	lci = wpabuf_parse_bin(cmd);
350 	if (!lci)
351 		return -1;
352 
353 	if (os_get_reltime(&wpa_s->lci_time)) {
354 		wpabuf_free(lci);
355 		return -1;
356 	}
357 
358 	wpabuf_free(wpa_s->lci);
359 	wpa_s->lci = lci;
360 
361 	return 0;
362 }
363 
364 
365 static int
366 wpas_ctrl_set_relative_rssi(struct wpa_supplicant *wpa_s, const char *cmd)
367 {
368 	int relative_rssi;
369 
370 	if (os_strcmp(cmd, "disable") == 0) {
371 		wpa_s->srp.relative_rssi_set = 0;
372 		return 0;
373 	}
374 
375 	relative_rssi = atoi(cmd);
376 	if (relative_rssi < 0 || relative_rssi > 100)
377 		return -1;
378 	wpa_s->srp.relative_rssi = relative_rssi;
379 	wpa_s->srp.relative_rssi_set = 1;
380 	return 0;
381 }
382 
383 
384 static int wpas_ctrl_set_relative_band_adjust(struct wpa_supplicant *wpa_s,
385 					      const char *cmd)
386 {
387 	char *pos;
388 	int adjust_rssi;
389 
390 	/* <band>:adjust_value */
391 	pos = os_strchr(cmd, ':');
392 	if (!pos)
393 		return -1;
394 	pos++;
395 	adjust_rssi = atoi(pos);
396 	if (adjust_rssi < -100 || adjust_rssi > 100)
397 		return -1;
398 
399 	if (os_strncmp(cmd, "2G", 2) == 0)
400 		wpa_s->srp.relative_adjust_band = WPA_SETBAND_2G;
401 	else if (os_strncmp(cmd, "5G", 2) == 0)
402 		wpa_s->srp.relative_adjust_band = WPA_SETBAND_5G;
403 	else
404 		return -1;
405 
406 	wpa_s->srp.relative_adjust_rssi = adjust_rssi;
407 
408 	return 0;
409 }
410 
411 
412 static int wpas_ctrl_iface_set_ric_ies(struct wpa_supplicant *wpa_s,
413 				   const char *cmd)
414 {
415 	struct wpabuf *ric_ies;
416 
417 	if (*cmd == '\0' || os_strcmp(cmd, "\"\"") == 0) {
418 		wpabuf_free(wpa_s->ric_ies);
419 		wpa_s->ric_ies = NULL;
420 		return 0;
421 	}
422 
423 	ric_ies = wpabuf_parse_bin(cmd);
424 	if (!ric_ies)
425 		return -1;
426 
427 	wpabuf_free(wpa_s->ric_ies);
428 	wpa_s->ric_ies = ric_ies;
429 
430 	return 0;
431 }
432 
433 
434 #ifdef CONFIG_TESTING_OPTIONS
435 static int wpas_ctrl_iface_set_dso(struct wpa_supplicant *wpa_s,
436 				   const char *val)
437 {
438 	u8 bssid[ETH_ALEN];
439 	const char *pos = val;
440 	struct driver_signal_override *dso = NULL, *tmp, parsed;
441 
442 	if (hwaddr_aton(pos, bssid))
443 		return -1;
444 	pos = os_strchr(pos, ' ');
445 
446 	dl_list_for_each(tmp, &wpa_s->drv_signal_override,
447 			 struct driver_signal_override, list) {
448 		if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
449 			dso = tmp;
450 			break;
451 		}
452 	}
453 
454 	if (!pos) {
455 		/* Remove existing entry */
456 		if (dso) {
457 			dl_list_del(&dso->list);
458 			os_free(dso);
459 		}
460 		return 0;
461 	}
462 	pos++;
463 
464 	/* Update an existing entry or add a new one */
465 	os_memset(&parsed, 0, sizeof(parsed));
466 	if (sscanf(pos, "%d %d %d %d %d",
467 		   &parsed.si_current_signal,
468 		   &parsed.si_avg_signal,
469 		   &parsed.si_avg_beacon_signal,
470 		   &parsed.si_current_noise,
471 		   &parsed.scan_level) != 5)
472 		return -1;
473 
474 	if (!dso) {
475 		dso = os_zalloc(sizeof(*dso));
476 		if (!dso)
477 			return -1;
478 		os_memcpy(dso->bssid, bssid, ETH_ALEN);
479 		dl_list_add(&wpa_s->drv_signal_override, &dso->list);
480 	}
481 	dso->si_current_signal = parsed.si_current_signal;
482 	dso->si_avg_signal = parsed.si_avg_signal;
483 	dso->si_avg_beacon_signal = parsed.si_avg_beacon_signal;
484 	dso->si_current_noise = parsed.si_current_noise;
485 	dso->scan_level = parsed.scan_level;
486 
487 	return 0;
488 }
489 #endif /* CONFIG_TESTING_OPTIONS */
490 
491 
492 static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
493 					 char *cmd)
494 {
495 	char *value;
496 	int ret = 0;
497 
498 	value = os_strchr(cmd, ' ');
499 	if (value == NULL)
500 		return -1;
501 	*value++ = '\0';
502 
503 	wpa_printf(MSG_DEBUG, "CTRL_IFACE SET '%s'='%s'", cmd, value);
504 	if (os_strcasecmp(cmd, "EAPOL::heldPeriod") == 0) {
505 		eapol_sm_configure(wpa_s->eapol,
506 				   atoi(value), -1, -1, -1);
507 	} else if (os_strcasecmp(cmd, "EAPOL::authPeriod") == 0) {
508 		eapol_sm_configure(wpa_s->eapol,
509 				   -1, atoi(value), -1, -1);
510 	} else if (os_strcasecmp(cmd, "EAPOL::startPeriod") == 0) {
511 		eapol_sm_configure(wpa_s->eapol,
512 				   -1, -1, atoi(value), -1);
513 	} else if (os_strcasecmp(cmd, "EAPOL::maxStart") == 0) {
514 		eapol_sm_configure(wpa_s->eapol,
515 				   -1, -1, -1, atoi(value));
516 #ifdef CONFIG_TESTING_OPTIONS
517 	} else if (os_strcasecmp(cmd, "EAPOL::portControl") == 0) {
518 		if (os_strcmp(value, "Auto") == 0)
519 			eapol_sm_notify_portControl(wpa_s->eapol, Auto);
520 		else if (os_strcmp(value, "ForceUnauthorized") == 0)
521 			eapol_sm_notify_portControl(wpa_s->eapol,
522 						    ForceUnauthorized);
523 		else if (os_strcmp(value, "ForceAuthorized") == 0)
524 			eapol_sm_notify_portControl(wpa_s->eapol,
525 						    ForceAuthorized);
526 		else
527 			ret = -1;
528 #endif /* CONFIG_TESTING_OPTIONS */
529 	} else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKLifetime") == 0) {
530 		if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
531 				     atoi(value))) {
532 			ret = -1;
533 		} else {
534 			value[-1] = '=';
535 			wpa_config_process_global(wpa_s->conf, cmd, -1);
536 		}
537 	} else if (os_strcasecmp(cmd, "dot11RSNAConfigPMKReauthThreshold") ==
538 		   0) {
539 		if (wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
540 				     atoi(value))) {
541 			ret = -1;
542 		} else {
543 			value[-1] = '=';
544 			wpa_config_process_global(wpa_s->conf, cmd, -1);
545 		}
546 	} else if (os_strcasecmp(cmd, "dot11RSNAConfigSATimeout") == 0) {
547 		if (wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
548 				     atoi(value))) {
549 			ret = -1;
550 		} else {
551 			value[-1] = '=';
552 			wpa_config_process_global(wpa_s->conf, cmd, -1);
553 		}
554 	} else if (os_strcasecmp(cmd, "wps_fragment_size") == 0) {
555 		wpa_s->wps_fragment_size = atoi(value);
556 #ifdef CONFIG_WPS_TESTING
557 	} else if (os_strcasecmp(cmd, "wps_version_number") == 0) {
558 		long int val;
559 		val = strtol(value, NULL, 0);
560 		if (val < 0 || val > 0xff) {
561 			ret = -1;
562 			wpa_printf(MSG_DEBUG, "WPS: Invalid "
563 				   "wps_version_number %ld", val);
564 		} else {
565 			wps_version_number = val;
566 			wpa_printf(MSG_DEBUG, "WPS: Testing - force WPS "
567 				   "version %u.%u",
568 				   (wps_version_number & 0xf0) >> 4,
569 				   wps_version_number & 0x0f);
570 		}
571 	} else if (os_strcasecmp(cmd, "wps_testing_dummy_cred") == 0) {
572 		wps_testing_dummy_cred = atoi(value);
573 		wpa_printf(MSG_DEBUG, "WPS: Testing - dummy_cred=%d",
574 			   wps_testing_dummy_cred);
575 	} else if (os_strcasecmp(cmd, "wps_corrupt_pkhash") == 0) {
576 		wps_corrupt_pkhash = atoi(value);
577 		wpa_printf(MSG_DEBUG, "WPS: Testing - wps_corrupt_pkhash=%d",
578 			   wps_corrupt_pkhash);
579 	} else if (os_strcasecmp(cmd, "wps_force_auth_types") == 0) {
580 		if (value[0] == '\0') {
581 			wps_force_auth_types_in_use = 0;
582 		} else {
583 			wps_force_auth_types = strtol(value, NULL, 0);
584 			wps_force_auth_types_in_use = 1;
585 		}
586 	} else if (os_strcasecmp(cmd, "wps_force_encr_types") == 0) {
587 		if (value[0] == '\0') {
588 			wps_force_encr_types_in_use = 0;
589 		} else {
590 			wps_force_encr_types = strtol(value, NULL, 0);
591 			wps_force_encr_types_in_use = 1;
592 		}
593 #endif /* CONFIG_WPS_TESTING */
594 	} else if (os_strcasecmp(cmd, "ampdu") == 0) {
595 		if (wpa_drv_ampdu(wpa_s, atoi(value)) < 0)
596 			ret = -1;
597 #ifdef CONFIG_TDLS
598 #ifdef CONFIG_TDLS_TESTING
599 	} else if (os_strcasecmp(cmd, "tdls_testing") == 0) {
600 		tdls_testing = strtol(value, NULL, 0);
601 		wpa_printf(MSG_DEBUG, "TDLS: tdls_testing=0x%x", tdls_testing);
602 #endif /* CONFIG_TDLS_TESTING */
603 	} else if (os_strcasecmp(cmd, "tdls_disabled") == 0) {
604 		int disabled = atoi(value);
605 		wpa_printf(MSG_DEBUG, "TDLS: tdls_disabled=%d", disabled);
606 		if (disabled) {
607 			if (wpa_drv_tdls_oper(wpa_s, TDLS_DISABLE, NULL) < 0)
608 				ret = -1;
609 		} else if (wpa_drv_tdls_oper(wpa_s, TDLS_ENABLE, NULL) < 0)
610 			ret = -1;
611 		wpa_tdls_enable(wpa_s->wpa, !disabled);
612 #endif /* CONFIG_TDLS */
613 	} else if (os_strcasecmp(cmd, "pno") == 0) {
614 		ret = wpas_ctrl_pno(wpa_s, value);
615 	} else if (os_strcasecmp(cmd, "radio_disabled") == 0) {
616 		int disabled = atoi(value);
617 		if (wpa_drv_radio_disable(wpa_s, disabled) < 0)
618 			ret = -1;
619 		else if (disabled)
620 			wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
621 	} else if (os_strcasecmp(cmd, "uapsd") == 0) {
622 		if (os_strcmp(value, "disable") == 0)
623 			wpa_s->set_sta_uapsd = 0;
624 		else {
625 			int be, bk, vi, vo;
626 			char *pos;
627 			/* format: BE,BK,VI,VO;max SP Length */
628 			be = atoi(value);
629 			pos = os_strchr(value, ',');
630 			if (pos == NULL)
631 				return -1;
632 			pos++;
633 			bk = atoi(pos);
634 			pos = os_strchr(pos, ',');
635 			if (pos == NULL)
636 				return -1;
637 			pos++;
638 			vi = atoi(pos);
639 			pos = os_strchr(pos, ',');
640 			if (pos == NULL)
641 				return -1;
642 			pos++;
643 			vo = atoi(pos);
644 			/* ignore max SP Length for now */
645 
646 			wpa_s->set_sta_uapsd = 1;
647 			wpa_s->sta_uapsd = 0;
648 			if (be)
649 				wpa_s->sta_uapsd |= BIT(0);
650 			if (bk)
651 				wpa_s->sta_uapsd |= BIT(1);
652 			if (vi)
653 				wpa_s->sta_uapsd |= BIT(2);
654 			if (vo)
655 				wpa_s->sta_uapsd |= BIT(3);
656 		}
657 	} else if (os_strcasecmp(cmd, "ps") == 0) {
658 		ret = wpa_drv_set_p2p_powersave(wpa_s, atoi(value), -1, -1);
659 #ifdef CONFIG_WIFI_DISPLAY
660 	} else if (os_strcasecmp(cmd, "wifi_display") == 0) {
661 		int enabled = !!atoi(value);
662 		if (enabled && !wpa_s->global->p2p)
663 			ret = -1;
664 		else
665 			wifi_display_enable(wpa_s->global, enabled);
666 #endif /* CONFIG_WIFI_DISPLAY */
667 	} else if (os_strcasecmp(cmd, "bssid_filter") == 0) {
668 		ret = set_bssid_filter(wpa_s, value);
669 	} else if (os_strcasecmp(cmd, "disallow_aps") == 0) {
670 		ret = set_disallow_aps(wpa_s, value);
671 	} else if (os_strcasecmp(cmd, "no_keep_alive") == 0) {
672 		wpa_s->no_keep_alive = !!atoi(value);
673 #ifdef CONFIG_DPP
674 	} else if (os_strcasecmp(cmd, "dpp_configurator_params") == 0) {
675 		os_free(wpa_s->dpp_configurator_params);
676 		wpa_s->dpp_configurator_params = os_strdup(value);
677 	} else if (os_strcasecmp(cmd, "dpp_init_max_tries") == 0) {
678 		wpa_s->dpp_init_max_tries = atoi(value);
679 	} else if (os_strcasecmp(cmd, "dpp_init_retry_time") == 0) {
680 		wpa_s->dpp_init_retry_time = atoi(value);
681 	} else if (os_strcasecmp(cmd, "dpp_resp_wait_time") == 0) {
682 		wpa_s->dpp_resp_wait_time = atoi(value);
683 	} else if (os_strcasecmp(cmd, "dpp_resp_max_tries") == 0) {
684 		wpa_s->dpp_resp_max_tries = atoi(value);
685 	} else if (os_strcasecmp(cmd, "dpp_resp_retry_time") == 0) {
686 		wpa_s->dpp_resp_retry_time = atoi(value);
687 #ifdef CONFIG_TESTING_OPTIONS
688 	} else if (os_strcasecmp(cmd, "dpp_pkex_own_mac_override") == 0) {
689 		if (hwaddr_aton(value, dpp_pkex_own_mac_override))
690 			ret = -1;
691 	} else if (os_strcasecmp(cmd, "dpp_pkex_peer_mac_override") == 0) {
692 		if (hwaddr_aton(value, dpp_pkex_peer_mac_override))
693 			ret = -1;
694 	} else if (os_strcasecmp(cmd, "dpp_pkex_ephemeral_key_override") == 0) {
695 		size_t hex_len = os_strlen(value);
696 
697 		if (hex_len >
698 		    2 * sizeof(dpp_pkex_ephemeral_key_override))
699 			ret = -1;
700 		else if (hexstr2bin(value, dpp_pkex_ephemeral_key_override,
701 				    hex_len / 2))
702 			ret = -1;
703 		else
704 			dpp_pkex_ephemeral_key_override_len = hex_len / 2;
705 	} else if (os_strcasecmp(cmd, "dpp_protocol_key_override") == 0) {
706 		size_t hex_len = os_strlen(value);
707 
708 		if (hex_len > 2 * sizeof(dpp_protocol_key_override))
709 			ret = -1;
710 		else if (hexstr2bin(value, dpp_protocol_key_override,
711 				    hex_len / 2))
712 			ret = -1;
713 		else
714 			dpp_protocol_key_override_len = hex_len / 2;
715 	} else if (os_strcasecmp(cmd, "dpp_nonce_override") == 0) {
716 		size_t hex_len = os_strlen(value);
717 
718 		if (hex_len > 2 * sizeof(dpp_nonce_override))
719 			ret = -1;
720 		else if (hexstr2bin(value, dpp_nonce_override, hex_len / 2))
721 			ret = -1;
722 		else
723 			dpp_nonce_override_len = hex_len / 2;
724 	} else if (os_strcasecmp(cmd, "dpp_version_override") == 0) {
725 		dpp_version_override = atoi(value);
726 #endif /* CONFIG_TESTING_OPTIONS */
727 #endif /* CONFIG_DPP */
728 #ifdef CONFIG_TESTING_OPTIONS
729 	} else if (os_strcasecmp(cmd, "ext_mgmt_frame_handling") == 0) {
730 		wpa_s->ext_mgmt_frame_handling = !!atoi(value);
731 	} else if (os_strcasecmp(cmd, "ext_eapol_frame_io") == 0) {
732 		wpa_s->ext_eapol_frame_io = !!atoi(value);
733 #ifdef CONFIG_AP
734 		if (wpa_s->ap_iface) {
735 			wpa_s->ap_iface->bss[0]->ext_eapol_frame_io =
736 				wpa_s->ext_eapol_frame_io;
737 		}
738 #endif /* CONFIG_AP */
739 	} else if (os_strcasecmp(cmd, "extra_roc_dur") == 0) {
740 		wpa_s->extra_roc_dur = atoi(value);
741 	} else if (os_strcasecmp(cmd, "test_failure") == 0) {
742 		wpa_s->test_failure = atoi(value);
743 	} else if (os_strcasecmp(cmd, "p2p_go_csa_on_inv") == 0) {
744 		wpa_s->p2p_go_csa_on_inv = !!atoi(value);
745 	} else if (os_strcasecmp(cmd, "ignore_auth_resp") == 0) {
746 		wpa_s->ignore_auth_resp = !!atoi(value);
747 	} else if (os_strcasecmp(cmd, "ignore_assoc_disallow") == 0) {
748 		wpa_s->ignore_assoc_disallow = !!atoi(value);
749 		wpa_drv_ignore_assoc_disallow(wpa_s,
750 					      wpa_s->ignore_assoc_disallow);
751 	} else if (os_strcasecmp(cmd, "disable_sa_query") == 0) {
752 		wpa_s->disable_sa_query = !!atoi(value);
753 	} else if (os_strcasecmp(cmd, "ignore_sae_h2e_only") == 0) {
754 		wpa_s->ignore_sae_h2e_only = !!atoi(value);
755 	} else if (os_strcasecmp(cmd, "extra_sae_rejected_groups") == 0) {
756 		char *pos;
757 
758 		os_free(wpa_s->extra_sae_rejected_groups);
759 		wpa_s->extra_sae_rejected_groups = NULL;
760 		pos = value;
761 		while (pos && pos[0]) {
762 			int group;
763 
764 			group = atoi(pos);
765 			wpa_printf(MSG_DEBUG,
766 				   "TESTING: Extra rejection of SAE group %d",
767 				   group);
768 			if (group)
769 				int_array_add_unique(
770 					&wpa_s->extra_sae_rejected_groups,
771 					group);
772 			pos = os_strchr(pos, ' ');
773 			if (!pos)
774 				break;
775 			pos++;
776 		}
777 	} else if (os_strcasecmp(cmd, "ft_rsnxe_used") == 0) {
778 		wpa_s->ft_rsnxe_used = atoi(value);
779 	} else if (os_strcasecmp(cmd, "oci_freq_override_eapol") == 0) {
780 		wpa_s->oci_freq_override_eapol = atoi(value);
781 	} else if (os_strcasecmp(cmd, "oci_freq_override_saquery_req") == 0) {
782 		wpa_s->oci_freq_override_saquery_req = atoi(value);
783 	} else if (os_strcasecmp(cmd, "oci_freq_override_saquery_resp") == 0) {
784 		wpa_s->oci_freq_override_saquery_resp = atoi(value);
785 	} else if (os_strcasecmp(cmd, "oci_freq_override_eapol_g2") == 0) {
786 		wpa_s->oci_freq_override_eapol_g2 = atoi(value);
787 		/* Populate value to wpa_sm if already associated. */
788 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
789 				 wpa_s->oci_freq_override_eapol_g2);
790 	} else if (os_strcasecmp(cmd, "oci_freq_override_ft_assoc") == 0) {
791 		wpa_s->oci_freq_override_ft_assoc = atoi(value);
792 		/* Populate value to wpa_sm if already associated. */
793 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
794 				 wpa_s->oci_freq_override_ft_assoc);
795 	} else if (os_strcasecmp(cmd, "oci_freq_override_fils_assoc") == 0) {
796 		wpa_s->oci_freq_override_fils_assoc = atoi(value);
797 	} else if (os_strcasecmp(cmd, "oci_freq_override_wnm_sleep") == 0) {
798 		wpa_s->oci_freq_override_wnm_sleep = atoi(value);
799 	} else if (os_strcasecmp(cmd, "rsne_override_eapol") == 0) {
800 		wpabuf_free(wpa_s->rsne_override_eapol);
801 		if (os_strcmp(value, "NULL") == 0)
802 			wpa_s->rsne_override_eapol = NULL;
803 		else
804 			wpa_s->rsne_override_eapol = wpabuf_parse_bin(value);
805 	} else if (os_strcasecmp(cmd, "rsnxe_override_assoc") == 0) {
806 		wpabuf_free(wpa_s->rsnxe_override_assoc);
807 		if (os_strcmp(value, "NULL") == 0)
808 			wpa_s->rsnxe_override_assoc = NULL;
809 		else
810 			wpa_s->rsnxe_override_assoc = wpabuf_parse_bin(value);
811 	} else if (os_strcasecmp(cmd, "rsnxe_override_eapol") == 0) {
812 		wpabuf_free(wpa_s->rsnxe_override_eapol);
813 		if (os_strcmp(value, "NULL") == 0)
814 			wpa_s->rsnxe_override_eapol = NULL;
815 		else
816 			wpa_s->rsnxe_override_eapol = wpabuf_parse_bin(value);
817 	} else if (os_strcasecmp(cmd, "reject_btm_req_reason") == 0) {
818 		wpa_s->reject_btm_req_reason = atoi(value);
819 	} else if (os_strcasecmp(cmd, "get_pref_freq_list_override") == 0) {
820 		os_free(wpa_s->get_pref_freq_list_override);
821 		if (!value[0])
822 			wpa_s->get_pref_freq_list_override = NULL;
823 		else
824 			wpa_s->get_pref_freq_list_override = os_strdup(value);
825 	} else if (os_strcasecmp(cmd, "sae_commit_override") == 0) {
826 		wpabuf_free(wpa_s->sae_commit_override);
827 		if (value[0] == '\0')
828 			wpa_s->sae_commit_override = NULL;
829 		else
830 			wpa_s->sae_commit_override = wpabuf_parse_bin(value);
831 	} else if (os_strcasecmp(cmd, "driver_signal_override") == 0) {
832 		ret = wpas_ctrl_iface_set_dso(wpa_s, value);
833 #ifdef CONFIG_DPP
834 	} else if (os_strcasecmp(cmd, "dpp_config_obj_override") == 0) {
835 		os_free(wpa_s->dpp_config_obj_override);
836 		if (value[0] == '\0')
837 			wpa_s->dpp_config_obj_override = NULL;
838 		else
839 			wpa_s->dpp_config_obj_override = os_strdup(value);
840 	} else if (os_strcasecmp(cmd, "dpp_discovery_override") == 0) {
841 		os_free(wpa_s->dpp_discovery_override);
842 		if (value[0] == '\0')
843 			wpa_s->dpp_discovery_override = NULL;
844 		else
845 			wpa_s->dpp_discovery_override = os_strdup(value);
846 	} else if (os_strcasecmp(cmd, "dpp_groups_override") == 0) {
847 		os_free(wpa_s->dpp_groups_override);
848 		if (value[0] == '\0')
849 			wpa_s->dpp_groups_override = NULL;
850 		else
851 			wpa_s->dpp_groups_override = os_strdup(value);
852 	} else if (os_strcasecmp(cmd,
853 				 "dpp_ignore_netaccesskey_mismatch") == 0) {
854 		wpa_s->dpp_ignore_netaccesskey_mismatch = atoi(value);
855 	} else if (os_strcasecmp(cmd, "dpp_test") == 0) {
856 		dpp_test = atoi(value);
857 #endif /* CONFIG_DPP */
858 #endif /* CONFIG_TESTING_OPTIONS */
859 #ifdef CONFIG_FILS
860 	} else if (os_strcasecmp(cmd, "disable_fils") == 0) {
861 		wpa_s->disable_fils = !!atoi(value);
862 		wpa_drv_disable_fils(wpa_s, wpa_s->disable_fils);
863 		wpa_supplicant_set_default_scan_ies(wpa_s);
864 #endif /* CONFIG_FILS */
865 #ifndef CONFIG_NO_CONFIG_BLOBS
866 	} else if (os_strcmp(cmd, "blob") == 0) {
867 		ret = wpas_ctrl_set_blob(wpa_s, value);
868 #endif /* CONFIG_NO_CONFIG_BLOBS */
869 	} else if (os_strcasecmp(cmd, "setband") == 0) {
870 		ret = wpas_ctrl_set_band(wpa_s, value);
871 #ifdef CONFIG_MBO
872 	} else if (os_strcasecmp(cmd, "non_pref_chan") == 0) {
873 		ret = wpas_mbo_update_non_pref_chan(wpa_s, value);
874 		if (ret == 0) {
875 			value[-1] = '=';
876 			wpa_config_process_global(wpa_s->conf, cmd, -1);
877 		}
878 	} else if (os_strcasecmp(cmd, "mbo_cell_capa") == 0) {
879 		wpas_mbo_update_cell_capa(wpa_s, atoi(value));
880 	} else if (os_strcasecmp(cmd, "oce") == 0) {
881 		wpa_s->conf->oce = atoi(value);
882 		if (wpa_s->conf->oce) {
883 			if ((wpa_s->conf->oce & OCE_STA) &&
884 			    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
885 				wpa_s->enable_oce = OCE_STA;
886 
887 			if ((wpa_s->conf->oce & OCE_STA_CFON) &&
888 			    (wpa_s->drv_flags &
889 			     WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
890 				/* TODO: Need to add STA-CFON support */
891 				wpa_printf(MSG_ERROR,
892 					   "OCE STA-CFON feature is not yet supported");
893 				return -1;
894 			}
895 		} else {
896 			wpa_s->enable_oce = 0;
897 		}
898 		wpa_supplicant_set_default_scan_ies(wpa_s);
899 #endif /* CONFIG_MBO */
900 	} else if (os_strcasecmp(cmd, "lci") == 0) {
901 		ret = wpas_ctrl_iface_set_lci(wpa_s, value);
902 	} else if (os_strcasecmp(cmd, "tdls_trigger_control") == 0) {
903 		ret = wpa_drv_set_tdls_mode(wpa_s, atoi(value));
904 	} else if (os_strcasecmp(cmd, "relative_rssi") == 0) {
905 		ret = wpas_ctrl_set_relative_rssi(wpa_s, value);
906 	} else if (os_strcasecmp(cmd, "relative_band_adjust") == 0) {
907 		ret = wpas_ctrl_set_relative_band_adjust(wpa_s, value);
908 	} else if (os_strcasecmp(cmd, "ric_ies") == 0) {
909 		ret = wpas_ctrl_iface_set_ric_ies(wpa_s, value);
910 	} else if (os_strcasecmp(cmd, "roaming") == 0) {
911 		ret = wpa_drv_roaming(wpa_s, atoi(value), NULL);
912 #ifdef CONFIG_WNM
913 	} else if (os_strcasecmp(cmd, "coloc_intf_elems") == 0) {
914 		struct wpabuf *elems;
915 
916 		elems = wpabuf_parse_bin(value);
917 		if (!elems)
918 			return -1;
919 		wnm_set_coloc_intf_elems(wpa_s, elems);
920 #endif /* CONFIG_WNM */
921 	} else {
922 		value[-1] = '=';
923 		ret = wpa_config_process_global(wpa_s->conf, cmd, -1);
924 		if (ret == 0)
925 			wpa_supplicant_update_config(wpa_s);
926 		else if (ret == 1)
927 			ret = 0;
928 	}
929 
930 	return ret;
931 }
932 
933 
934 static int wpa_supplicant_ctrl_iface_get(struct wpa_supplicant *wpa_s,
935 					 char *cmd, char *buf, size_t buflen)
936 {
937 	int res = -1;
938 
939 	wpa_printf(MSG_DEBUG, "CTRL_IFACE GET '%s'", cmd);
940 
941 	if (os_strcmp(cmd, "version") == 0) {
942 		res = os_snprintf(buf, buflen, "%s", VERSION_STR);
943 	} else if (os_strcasecmp(cmd, "max_command_len") == 0) {
944 		res = os_snprintf(buf, buflen, "%u", CTRL_IFACE_MAX_LEN);
945 	} else if (os_strcasecmp(cmd, "country") == 0) {
946 		if (wpa_s->conf->country[0] && wpa_s->conf->country[1])
947 			res = os_snprintf(buf, buflen, "%c%c",
948 					  wpa_s->conf->country[0],
949 					  wpa_s->conf->country[1]);
950 #ifdef CONFIG_WIFI_DISPLAY
951 	} else if (os_strcasecmp(cmd, "wifi_display") == 0) {
952 		int enabled;
953 		if (wpa_s->global->p2p == NULL ||
954 		    wpa_s->global->p2p_disabled)
955 			enabled = 0;
956 		else
957 			enabled = wpa_s->global->wifi_display;
958 		res = os_snprintf(buf, buflen, "%d", enabled);
959 #endif /* CONFIG_WIFI_DISPLAY */
960 #ifdef CONFIG_TESTING_GET_GTK
961 	} else if (os_strcmp(cmd, "gtk") == 0) {
962 		if (wpa_s->last_gtk_len == 0)
963 			return -1;
964 		res = wpa_snprintf_hex(buf, buflen, wpa_s->last_gtk,
965 				       wpa_s->last_gtk_len);
966 		return res;
967 #endif /* CONFIG_TESTING_GET_GTK */
968 	} else if (os_strcmp(cmd, "tls_library") == 0) {
969 		res = tls_get_library_version(buf, buflen);
970 #ifdef CONFIG_TESTING_OPTIONS
971 	} else if (os_strcmp(cmd, "anonce") == 0) {
972 		return wpa_snprintf_hex(buf, buflen,
973 					wpa_sm_get_anonce(wpa_s->wpa),
974 					WPA_NONCE_LEN);
975 	} else if (os_strcasecmp(cmd, "last_tk_key_idx") == 0) {
976 		res = os_snprintf(buf, buflen, "%d", wpa_s->last_tk_key_idx);
977 #endif /* CONFIG_TESTING_OPTIONS */
978 	} else {
979 		res = wpa_config_get_value(cmd, wpa_s->conf, buf, buflen);
980 	}
981 
982 	if (os_snprintf_error(buflen, res))
983 		return -1;
984 	return res;
985 }
986 
987 
988 #ifdef IEEE8021X_EAPOL
989 static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
990 					     char *addr)
991 {
992 	u8 bssid[ETH_ALEN];
993 	struct wpa_ssid *ssid = wpa_s->current_ssid;
994 
995 	if (hwaddr_aton(addr, bssid)) {
996 		wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH: invalid address "
997 			   "'%s'", addr);
998 		return -1;
999 	}
1000 
1001 	wpa_printf(MSG_DEBUG, "CTRL_IFACE PREAUTH " MACSTR, MAC2STR(bssid));
1002 	rsn_preauth_deinit(wpa_s->wpa);
1003 	if (rsn_preauth_init(wpa_s->wpa, bssid, ssid ? &ssid->eap : NULL))
1004 		return -1;
1005 
1006 	return 0;
1007 }
1008 #endif /* IEEE8021X_EAPOL */
1009 
1010 
1011 #ifdef CONFIG_TDLS
1012 
1013 static int wpa_supplicant_ctrl_iface_tdls_discover(
1014 	struct wpa_supplicant *wpa_s, char *addr)
1015 {
1016 	u8 peer[ETH_ALEN];
1017 	int ret;
1018 
1019 	if (hwaddr_aton(addr, peer)) {
1020 		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER: invalid "
1021 			   "address '%s'", addr);
1022 		return -1;
1023 	}
1024 
1025 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER " MACSTR,
1026 		   MAC2STR(peer));
1027 
1028 	if (wpa_tdls_is_external_setup(wpa_s->wpa))
1029 		ret = wpa_tdls_send_discovery_request(wpa_s->wpa, peer);
1030 	else
1031 		ret = wpa_drv_tdls_oper(wpa_s, TDLS_DISCOVERY_REQ, peer);
1032 
1033 	return ret;
1034 }
1035 
1036 
1037 static int wpa_supplicant_ctrl_iface_tdls_setup(
1038 	struct wpa_supplicant *wpa_s, char *addr)
1039 {
1040 	u8 peer[ETH_ALEN];
1041 	int ret;
1042 
1043 	if (hwaddr_aton(addr, peer)) {
1044 		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_SETUP: invalid "
1045 			   "address '%s'", addr);
1046 		return -1;
1047 	}
1048 
1049 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_SETUP " MACSTR,
1050 		   MAC2STR(peer));
1051 
1052 	if ((wpa_s->conf->tdls_external_control) &&
1053 	    wpa_tdls_is_external_setup(wpa_s->wpa))
1054 		return wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
1055 
1056 	wpa_tdls_remove(wpa_s->wpa, peer);
1057 
1058 	if (wpa_tdls_is_external_setup(wpa_s->wpa))
1059 		ret = wpa_tdls_start(wpa_s->wpa, peer);
1060 	else
1061 		ret = wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
1062 
1063 	return ret;
1064 }
1065 
1066 
1067 static int wpa_supplicant_ctrl_iface_tdls_teardown(
1068 	struct wpa_supplicant *wpa_s, char *addr)
1069 {
1070 	u8 peer[ETH_ALEN];
1071 	int ret;
1072 
1073 	if (os_strcmp(addr, "*") == 0) {
1074 		/* remove everyone */
1075 		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN *");
1076 		wpa_tdls_teardown_peers(wpa_s->wpa);
1077 		return 0;
1078 	}
1079 
1080 	if (hwaddr_aton(addr, peer)) {
1081 		wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN: invalid "
1082 			   "address '%s'", addr);
1083 		return -1;
1084 	}
1085 
1086 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN " MACSTR,
1087 		   MAC2STR(peer));
1088 
1089 	if ((wpa_s->conf->tdls_external_control) &&
1090 	    wpa_tdls_is_external_setup(wpa_s->wpa))
1091 		return wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
1092 
1093 	if (wpa_tdls_is_external_setup(wpa_s->wpa))
1094 		ret = wpa_tdls_teardown_link(
1095 			wpa_s->wpa, peer,
1096 			WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
1097 	else
1098 		ret = wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
1099 
1100 	return ret;
1101 }
1102 
1103 
1104 static int ctrl_iface_get_capability_tdls(
1105 	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
1106 {
1107 	int ret;
1108 
1109 	ret = os_snprintf(buf, buflen, "%s\n",
1110 			  wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT ?
1111 			  (wpa_s->drv_flags &
1112 			   WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP ?
1113 			   "EXTERNAL" : "INTERNAL") : "UNSUPPORTED");
1114 	if (os_snprintf_error(buflen, ret))
1115 		return -1;
1116 	return ret;
1117 }
1118 
1119 
1120 static int wpa_supplicant_ctrl_iface_tdls_chan_switch(
1121 	struct wpa_supplicant *wpa_s, char *cmd)
1122 {
1123 	u8 peer[ETH_ALEN];
1124 	struct hostapd_freq_params freq_params;
1125 	u8 oper_class;
1126 	char *pos, *end;
1127 
1128 	if (!wpa_tdls_is_external_setup(wpa_s->wpa)) {
1129 		wpa_printf(MSG_INFO,
1130 			   "tdls_chanswitch: Only supported with external setup");
1131 		return -1;
1132 	}
1133 
1134 	os_memset(&freq_params, 0, sizeof(freq_params));
1135 
1136 	pos = os_strchr(cmd, ' ');
1137 	if (pos == NULL)
1138 		return -1;
1139 	*pos++ = '\0';
1140 
1141 	oper_class = strtol(pos, &end, 10);
1142 	if (pos == end) {
1143 		wpa_printf(MSG_INFO,
1144 			   "tdls_chanswitch: Invalid op class provided");
1145 		return -1;
1146 	}
1147 
1148 	pos = end;
1149 	freq_params.freq = atoi(pos);
1150 	if (freq_params.freq == 0) {
1151 		wpa_printf(MSG_INFO, "tdls_chanswitch: Invalid freq provided");
1152 		return -1;
1153 	}
1154 
1155 #define SET_FREQ_SETTING(str) \
1156 	do { \
1157 		const char *pos2 = os_strstr(pos, " " #str "="); \
1158 		if (pos2) { \
1159 			pos2 += sizeof(" " #str "=") - 1; \
1160 			freq_params.str = atoi(pos2); \
1161 		} \
1162 	} while (0)
1163 
1164 	SET_FREQ_SETTING(center_freq1);
1165 	SET_FREQ_SETTING(center_freq2);
1166 	SET_FREQ_SETTING(bandwidth);
1167 	SET_FREQ_SETTING(sec_channel_offset);
1168 #undef SET_FREQ_SETTING
1169 
1170 	freq_params.ht_enabled = !!os_strstr(pos, " ht");
1171 	freq_params.vht_enabled = !!os_strstr(pos, " vht");
1172 
1173 	if (hwaddr_aton(cmd, peer)) {
1174 		wpa_printf(MSG_DEBUG,
1175 			   "CTRL_IFACE TDLS_CHAN_SWITCH: Invalid address '%s'",
1176 			   cmd);
1177 		return -1;
1178 	}
1179 
1180 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_CHAN_SWITCH " MACSTR
1181 		   " OP CLASS %d FREQ %d CENTER1 %d CENTER2 %d BW %d SEC_OFFSET %d%s%s",
1182 		   MAC2STR(peer), oper_class, freq_params.freq,
1183 		   freq_params.center_freq1, freq_params.center_freq2,
1184 		   freq_params.bandwidth, freq_params.sec_channel_offset,
1185 		   freq_params.ht_enabled ? " HT" : "",
1186 		   freq_params.vht_enabled ? " VHT" : "");
1187 
1188 	return wpa_tdls_enable_chan_switch(wpa_s->wpa, peer, oper_class,
1189 					   &freq_params);
1190 }
1191 
1192 
1193 static int wpa_supplicant_ctrl_iface_tdls_cancel_chan_switch(
1194 	struct wpa_supplicant *wpa_s, char *cmd)
1195 {
1196 	u8 peer[ETH_ALEN];
1197 
1198 	if (!wpa_tdls_is_external_setup(wpa_s->wpa)) {
1199 		wpa_printf(MSG_INFO,
1200 			   "tdls_chanswitch: Only supported with external setup");
1201 		return -1;
1202 	}
1203 
1204 	if (hwaddr_aton(cmd, peer)) {
1205 		wpa_printf(MSG_DEBUG,
1206 			   "CTRL_IFACE TDLS_CANCEL_CHAN_SWITCH: Invalid address '%s'",
1207 			   cmd);
1208 		return -1;
1209 	}
1210 
1211 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_CANCEL_CHAN_SWITCH " MACSTR,
1212 		   MAC2STR(peer));
1213 
1214 	return wpa_tdls_disable_chan_switch(wpa_s->wpa, peer);
1215 }
1216 
1217 
1218 static int wpa_supplicant_ctrl_iface_tdls_link_status(
1219 	struct wpa_supplicant *wpa_s, const char *addr,
1220 	char *buf, size_t buflen)
1221 {
1222 	u8 peer[ETH_ALEN];
1223 	const char *tdls_status;
1224 	int ret;
1225 
1226 	if (hwaddr_aton(addr, peer)) {
1227 		wpa_printf(MSG_DEBUG,
1228 			   "CTRL_IFACE TDLS_LINK_STATUS: Invalid address '%s'",
1229 			   addr);
1230 		return -1;
1231 	}
1232 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS " MACSTR,
1233 		   MAC2STR(peer));
1234 
1235 	tdls_status = wpa_tdls_get_link_status(wpa_s->wpa, peer);
1236 	wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_LINK_STATUS: %s", tdls_status);
1237 	ret = os_snprintf(buf, buflen, "TDLS link status: %s\n", tdls_status);
1238 	if (os_snprintf_error(buflen, ret))
1239 		return -1;
1240 
1241 	return ret;
1242 }
1243 
1244 #endif /* CONFIG_TDLS */
1245 
1246 
1247 static int wmm_ac_ctrl_addts(struct wpa_supplicant *wpa_s, char *cmd)
1248 {
1249 	char *token, *context = NULL;
1250 	struct wmm_ac_ts_setup_params params = {
1251 		.tsid = 0xff,
1252 		.direction = 0xff,
1253 	};
1254 
1255 	while ((token = str_token(cmd, " ", &context))) {
1256 		if (sscanf(token, "tsid=%i", &params.tsid) == 1 ||
1257 		    sscanf(token, "up=%i", &params.user_priority) == 1 ||
1258 		    sscanf(token, "nominal_msdu_size=%i",
1259 			   &params.nominal_msdu_size) == 1 ||
1260 		    sscanf(token, "mean_data_rate=%i",
1261 			   &params.mean_data_rate) == 1 ||
1262 		    sscanf(token, "min_phy_rate=%i",
1263 			   &params.minimum_phy_rate) == 1 ||
1264 		    sscanf(token, "sba=%i",
1265 			   &params.surplus_bandwidth_allowance) == 1)
1266 			continue;
1267 
1268 		if (os_strcasecmp(token, "downlink") == 0) {
1269 			params.direction = WMM_TSPEC_DIRECTION_DOWNLINK;
1270 		} else if (os_strcasecmp(token, "uplink") == 0) {
1271 			params.direction = WMM_TSPEC_DIRECTION_UPLINK;
1272 		} else if (os_strcasecmp(token, "bidi") == 0) {
1273 			params.direction = WMM_TSPEC_DIRECTION_BI_DIRECTIONAL;
1274 		} else if (os_strcasecmp(token, "fixed_nominal_msdu") == 0) {
1275 			params.fixed_nominal_msdu = 1;
1276 		} else {
1277 			wpa_printf(MSG_DEBUG,
1278 				   "CTRL: Invalid WMM_AC_ADDTS parameter: '%s'",
1279 				   token);
1280 			return -1;
1281 		}
1282 
1283 	}
1284 
1285 	return wpas_wmm_ac_addts(wpa_s, &params);
1286 }
1287 
1288 
1289 static int wmm_ac_ctrl_delts(struct wpa_supplicant *wpa_s, char *cmd)
1290 {
1291 	u8 tsid = atoi(cmd);
1292 
1293 	return wpas_wmm_ac_delts(wpa_s, tsid);
1294 }
1295 
1296 
1297 #ifdef CONFIG_IEEE80211R
1298 static int wpa_supplicant_ctrl_iface_ft_ds(
1299 	struct wpa_supplicant *wpa_s, char *addr)
1300 {
1301 	u8 target_ap[ETH_ALEN];
1302 	struct wpa_bss *bss;
1303 	const u8 *mdie;
1304 
1305 	if (hwaddr_aton(addr, target_ap)) {
1306 		wpa_printf(MSG_DEBUG, "CTRL_IFACE FT_DS: invalid "
1307 			   "address '%s'", addr);
1308 		return -1;
1309 	}
1310 
1311 	wpa_printf(MSG_DEBUG, "CTRL_IFACE FT_DS " MACSTR, MAC2STR(target_ap));
1312 
1313 	bss = wpa_bss_get_bssid(wpa_s, target_ap);
1314 	if (bss)
1315 		mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
1316 	else
1317 		mdie = NULL;
1318 
1319 	return wpa_ft_start_over_ds(wpa_s->wpa, target_ap, mdie);
1320 }
1321 #endif /* CONFIG_IEEE80211R */
1322 
1323 
1324 #ifdef CONFIG_WPS
1325 static int wpa_supplicant_ctrl_iface_wps_pbc(struct wpa_supplicant *wpa_s,
1326 					     char *cmd)
1327 {
1328 	u8 bssid[ETH_ALEN], *_bssid = bssid;
1329 #ifdef CONFIG_P2P
1330 	u8 p2p_dev_addr[ETH_ALEN];
1331 #endif /* CONFIG_P2P */
1332 #ifdef CONFIG_AP
1333 	u8 *_p2p_dev_addr = NULL;
1334 #endif /* CONFIG_AP */
1335 	char *pos;
1336 	int multi_ap = 0;
1337 
1338 	if (!cmd || os_strcmp(cmd, "any") == 0 ||
1339 	    os_strncmp(cmd, "any ", 4) == 0) {
1340 		_bssid = NULL;
1341 #ifdef CONFIG_P2P
1342 	} else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
1343 		if (hwaddr_aton(cmd + 13, p2p_dev_addr)) {
1344 			wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PBC: invalid "
1345 				   "P2P Device Address '%s'",
1346 				   cmd + 13);
1347 			return -1;
1348 		}
1349 		_p2p_dev_addr = p2p_dev_addr;
1350 #endif /* CONFIG_P2P */
1351 	} else if (os_strncmp(cmd, "multi_ap=", 9) == 0) {
1352 		_bssid = NULL;
1353 		multi_ap = atoi(cmd + 9);
1354 	} else if (hwaddr_aton(cmd, bssid)) {
1355 		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PBC: invalid BSSID '%s'",
1356 			   cmd);
1357 		return -1;
1358 	}
1359 
1360 	if (cmd) {
1361 		pos = os_strstr(cmd, " multi_ap=");
1362 		if (pos) {
1363 			pos += 10;
1364 			multi_ap = atoi(pos);
1365 		}
1366 	}
1367 
1368 #ifdef CONFIG_AP
1369 	if (wpa_s->ap_iface)
1370 		return wpa_supplicant_ap_wps_pbc(wpa_s, _bssid, _p2p_dev_addr);
1371 #endif /* CONFIG_AP */
1372 
1373 	return wpas_wps_start_pbc(wpa_s, _bssid, 0, multi_ap);
1374 }
1375 
1376 
1377 static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
1378 					     char *cmd, char *buf,
1379 					     size_t buflen)
1380 {
1381 	u8 bssid[ETH_ALEN], *_bssid = bssid;
1382 	char *pin;
1383 	int ret;
1384 
1385 	pin = os_strchr(cmd, ' ');
1386 	if (pin)
1387 		*pin++ = '\0';
1388 
1389 	if (os_strcmp(cmd, "any") == 0)
1390 		_bssid = NULL;
1391 	else if (os_strcmp(cmd, "get") == 0) {
1392 		if (wps_generate_pin((unsigned int *) &ret) < 0)
1393 			return -1;
1394 		goto done;
1395 	} else if (hwaddr_aton(cmd, bssid)) {
1396 		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PIN: invalid BSSID '%s'",
1397 			   cmd);
1398 		return -1;
1399 	}
1400 
1401 #ifdef CONFIG_AP
1402 	if (wpa_s->ap_iface) {
1403 		int timeout = 0;
1404 		char *pos;
1405 
1406 		if (pin) {
1407 			pos = os_strchr(pin, ' ');
1408 			if (pos) {
1409 				*pos++ = '\0';
1410 				timeout = atoi(pos);
1411 			}
1412 		}
1413 
1414 		return wpa_supplicant_ap_wps_pin(wpa_s, _bssid, pin,
1415 						 buf, buflen, timeout);
1416 	}
1417 #endif /* CONFIG_AP */
1418 
1419 	if (pin) {
1420 		ret = wpas_wps_start_pin(wpa_s, _bssid, pin, 0,
1421 					 DEV_PW_DEFAULT);
1422 		if (ret < 0)
1423 			return -1;
1424 		ret = os_snprintf(buf, buflen, "%s", pin);
1425 		if (os_snprintf_error(buflen, ret))
1426 			return -1;
1427 		return ret;
1428 	}
1429 
1430 	ret = wpas_wps_start_pin(wpa_s, _bssid, NULL, 0, DEV_PW_DEFAULT);
1431 	if (ret < 0)
1432 		return -1;
1433 
1434 done:
1435 	/* Return the generated PIN */
1436 	ret = os_snprintf(buf, buflen, "%08d", ret);
1437 	if (os_snprintf_error(buflen, ret))
1438 		return -1;
1439 	return ret;
1440 }
1441 
1442 
1443 static int wpa_supplicant_ctrl_iface_wps_check_pin(
1444 	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
1445 {
1446 	char pin[9];
1447 	size_t len;
1448 	char *pos;
1449 	int ret;
1450 
1451 	wpa_hexdump_ascii_key(MSG_DEBUG, "WPS_CHECK_PIN",
1452 			      (u8 *) cmd, os_strlen(cmd));
1453 	for (pos = cmd, len = 0; *pos != '\0'; pos++) {
1454 		if (*pos < '0' || *pos > '9')
1455 			continue;
1456 		pin[len++] = *pos;
1457 		if (len == 9) {
1458 			wpa_printf(MSG_DEBUG, "WPS: Too long PIN");
1459 			return -1;
1460 		}
1461 	}
1462 	if (len != 4 && len != 8) {
1463 		wpa_printf(MSG_DEBUG, "WPS: Invalid PIN length %d", (int) len);
1464 		return -1;
1465 	}
1466 	pin[len] = '\0';
1467 
1468 	if (len == 8) {
1469 		unsigned int pin_val;
1470 		pin_val = atoi(pin);
1471 		if (!wps_pin_valid(pin_val)) {
1472 			wpa_printf(MSG_DEBUG, "WPS: Invalid checksum digit");
1473 			ret = os_snprintf(buf, buflen, "FAIL-CHECKSUM\n");
1474 			if (os_snprintf_error(buflen, ret))
1475 				return -1;
1476 			return ret;
1477 		}
1478 	}
1479 
1480 	ret = os_snprintf(buf, buflen, "%s", pin);
1481 	if (os_snprintf_error(buflen, ret))
1482 		return -1;
1483 
1484 	return ret;
1485 }
1486 
1487 
1488 #ifdef CONFIG_WPS_NFC
1489 
1490 static int wpa_supplicant_ctrl_iface_wps_nfc(struct wpa_supplicant *wpa_s,
1491 					     char *cmd)
1492 {
1493 	u8 bssid[ETH_ALEN], *_bssid = bssid;
1494 
1495 	if (cmd == NULL || cmd[0] == '\0')
1496 		_bssid = NULL;
1497 	else if (hwaddr_aton(cmd, bssid))
1498 		return -1;
1499 
1500 	return wpas_wps_start_nfc(wpa_s, NULL, _bssid, NULL, 0, 0, NULL, NULL,
1501 				  0, 0);
1502 }
1503 
1504 
1505 static int wpa_supplicant_ctrl_iface_wps_nfc_config_token(
1506 	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
1507 {
1508 	int ndef;
1509 	struct wpabuf *buf;
1510 	int res;
1511 	char *pos;
1512 
1513 	pos = os_strchr(cmd, ' ');
1514 	if (pos)
1515 		*pos++ = '\0';
1516 	if (os_strcmp(cmd, "WPS") == 0)
1517 		ndef = 0;
1518 	else if (os_strcmp(cmd, "NDEF") == 0)
1519 		ndef = 1;
1520 	else
1521 		return -1;
1522 
1523 	buf = wpas_wps_nfc_config_token(wpa_s, ndef, pos);
1524 	if (buf == NULL)
1525 		return -1;
1526 
1527 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1528 					 wpabuf_len(buf));
1529 	reply[res++] = '\n';
1530 	reply[res] = '\0';
1531 
1532 	wpabuf_free(buf);
1533 
1534 	return res;
1535 }
1536 
1537 
1538 static int wpa_supplicant_ctrl_iface_wps_nfc_token(
1539 	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
1540 {
1541 	int ndef;
1542 	struct wpabuf *buf;
1543 	int res;
1544 
1545 	if (os_strcmp(cmd, "WPS") == 0)
1546 		ndef = 0;
1547 	else if (os_strcmp(cmd, "NDEF") == 0)
1548 		ndef = 1;
1549 	else
1550 		return -1;
1551 
1552 	buf = wpas_wps_nfc_token(wpa_s, ndef);
1553 	if (buf == NULL)
1554 		return -1;
1555 
1556 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1557 					 wpabuf_len(buf));
1558 	reply[res++] = '\n';
1559 	reply[res] = '\0';
1560 
1561 	wpabuf_free(buf);
1562 
1563 	return res;
1564 }
1565 
1566 
1567 static int wpa_supplicant_ctrl_iface_wps_nfc_tag_read(
1568 	struct wpa_supplicant *wpa_s, char *pos)
1569 {
1570 	size_t len;
1571 	struct wpabuf *buf;
1572 	int ret;
1573 	char *freq;
1574 	int forced_freq = 0;
1575 
1576 	freq = strstr(pos, " freq=");
1577 	if (freq) {
1578 		*freq = '\0';
1579 		freq += 6;
1580 		forced_freq = atoi(freq);
1581 	}
1582 
1583 	len = os_strlen(pos);
1584 	if (len & 0x01)
1585 		return -1;
1586 	len /= 2;
1587 
1588 	buf = wpabuf_alloc(len);
1589 	if (buf == NULL)
1590 		return -1;
1591 	if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
1592 		wpabuf_free(buf);
1593 		return -1;
1594 	}
1595 
1596 	ret = wpas_wps_nfc_tag_read(wpa_s, buf, forced_freq);
1597 	wpabuf_free(buf);
1598 
1599 	return ret;
1600 }
1601 
1602 
1603 static int wpas_ctrl_nfc_get_handover_req_wps(struct wpa_supplicant *wpa_s,
1604 					      char *reply, size_t max_len,
1605 					      int ndef)
1606 {
1607 	struct wpabuf *buf;
1608 	int res;
1609 
1610 	buf = wpas_wps_nfc_handover_req(wpa_s, ndef);
1611 	if (buf == NULL)
1612 		return -1;
1613 
1614 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1615 					 wpabuf_len(buf));
1616 	reply[res++] = '\n';
1617 	reply[res] = '\0';
1618 
1619 	wpabuf_free(buf);
1620 
1621 	return res;
1622 }
1623 
1624 
1625 #ifdef CONFIG_P2P
1626 static int wpas_ctrl_nfc_get_handover_req_p2p(struct wpa_supplicant *wpa_s,
1627 					      char *reply, size_t max_len,
1628 					      int ndef)
1629 {
1630 	struct wpabuf *buf;
1631 	int res;
1632 
1633 	buf = wpas_p2p_nfc_handover_req(wpa_s, ndef);
1634 	if (buf == NULL) {
1635 		wpa_printf(MSG_DEBUG, "P2P: Could not generate NFC handover request");
1636 		return -1;
1637 	}
1638 
1639 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1640 					 wpabuf_len(buf));
1641 	reply[res++] = '\n';
1642 	reply[res] = '\0';
1643 
1644 	wpabuf_free(buf);
1645 
1646 	return res;
1647 }
1648 #endif /* CONFIG_P2P */
1649 
1650 
1651 static int wpas_ctrl_nfc_get_handover_req(struct wpa_supplicant *wpa_s,
1652 					  char *cmd, char *reply,
1653 					  size_t max_len)
1654 {
1655 	char *pos;
1656 	int ndef;
1657 
1658 	pos = os_strchr(cmd, ' ');
1659 	if (pos == NULL)
1660 		return -1;
1661 	*pos++ = '\0';
1662 
1663 	if (os_strcmp(cmd, "WPS") == 0)
1664 		ndef = 0;
1665 	else if (os_strcmp(cmd, "NDEF") == 0)
1666 		ndef = 1;
1667 	else
1668 		return -1;
1669 
1670 	if (os_strcmp(pos, "WPS") == 0 || os_strcmp(pos, "WPS-CR") == 0) {
1671 		if (!ndef)
1672 			return -1;
1673 		return wpas_ctrl_nfc_get_handover_req_wps(
1674 			wpa_s, reply, max_len, ndef);
1675 	}
1676 
1677 #ifdef CONFIG_P2P
1678 	if (os_strcmp(pos, "P2P-CR") == 0) {
1679 		return wpas_ctrl_nfc_get_handover_req_p2p(
1680 			wpa_s, reply, max_len, ndef);
1681 	}
1682 #endif /* CONFIG_P2P */
1683 
1684 	return -1;
1685 }
1686 
1687 
1688 static int wpas_ctrl_nfc_get_handover_sel_wps(struct wpa_supplicant *wpa_s,
1689 					      char *reply, size_t max_len,
1690 					      int ndef, int cr, char *uuid)
1691 {
1692 	struct wpabuf *buf;
1693 	int res;
1694 
1695 	buf = wpas_wps_nfc_handover_sel(wpa_s, ndef, cr, uuid);
1696 	if (buf == NULL)
1697 		return -1;
1698 
1699 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1700 					 wpabuf_len(buf));
1701 	reply[res++] = '\n';
1702 	reply[res] = '\0';
1703 
1704 	wpabuf_free(buf);
1705 
1706 	return res;
1707 }
1708 
1709 
1710 #ifdef CONFIG_P2P
1711 static int wpas_ctrl_nfc_get_handover_sel_p2p(struct wpa_supplicant *wpa_s,
1712 					      char *reply, size_t max_len,
1713 					      int ndef, int tag)
1714 {
1715 	struct wpabuf *buf;
1716 	int res;
1717 
1718 	buf = wpas_p2p_nfc_handover_sel(wpa_s, ndef, tag);
1719 	if (buf == NULL)
1720 		return -1;
1721 
1722 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
1723 					 wpabuf_len(buf));
1724 	reply[res++] = '\n';
1725 	reply[res] = '\0';
1726 
1727 	wpabuf_free(buf);
1728 
1729 	return res;
1730 }
1731 #endif /* CONFIG_P2P */
1732 
1733 
1734 static int wpas_ctrl_nfc_get_handover_sel(struct wpa_supplicant *wpa_s,
1735 					  char *cmd, char *reply,
1736 					  size_t max_len)
1737 {
1738 	char *pos, *pos2;
1739 	int ndef;
1740 
1741 	pos = os_strchr(cmd, ' ');
1742 	if (pos == NULL)
1743 		return -1;
1744 	*pos++ = '\0';
1745 
1746 	if (os_strcmp(cmd, "WPS") == 0)
1747 		ndef = 0;
1748 	else if (os_strcmp(cmd, "NDEF") == 0)
1749 		ndef = 1;
1750 	else
1751 		return -1;
1752 
1753 	pos2 = os_strchr(pos, ' ');
1754 	if (pos2)
1755 		*pos2++ = '\0';
1756 	if (os_strcmp(pos, "WPS") == 0 || os_strcmp(pos, "WPS-CR") == 0) {
1757 		if (!ndef)
1758 			return -1;
1759 		return wpas_ctrl_nfc_get_handover_sel_wps(
1760 			wpa_s, reply, max_len, ndef,
1761 			os_strcmp(pos, "WPS-CR") == 0, pos2);
1762 	}
1763 
1764 #ifdef CONFIG_P2P
1765 	if (os_strcmp(pos, "P2P-CR") == 0) {
1766 		return wpas_ctrl_nfc_get_handover_sel_p2p(
1767 			wpa_s, reply, max_len, ndef, 0);
1768 	}
1769 
1770 	if (os_strcmp(pos, "P2P-CR-TAG") == 0) {
1771 		return wpas_ctrl_nfc_get_handover_sel_p2p(
1772 			wpa_s, reply, max_len, ndef, 1);
1773 	}
1774 #endif /* CONFIG_P2P */
1775 
1776 	return -1;
1777 }
1778 
1779 
1780 static int wpas_ctrl_nfc_report_handover(struct wpa_supplicant *wpa_s,
1781 					 char *cmd)
1782 {
1783 	size_t len;
1784 	struct wpabuf *req, *sel;
1785 	int ret;
1786 	char *pos, *role, *type, *pos2;
1787 #ifdef CONFIG_P2P
1788 	char *freq;
1789 	int forced_freq = 0;
1790 
1791 	freq = strstr(cmd, " freq=");
1792 	if (freq) {
1793 		*freq = '\0';
1794 		freq += 6;
1795 		forced_freq = atoi(freq);
1796 	}
1797 #endif /* CONFIG_P2P */
1798 
1799 	role = cmd;
1800 	pos = os_strchr(role, ' ');
1801 	if (pos == NULL) {
1802 		wpa_printf(MSG_DEBUG, "NFC: Missing type in handover report");
1803 		return -1;
1804 	}
1805 	*pos++ = '\0';
1806 
1807 	type = pos;
1808 	pos = os_strchr(type, ' ');
1809 	if (pos == NULL) {
1810 		wpa_printf(MSG_DEBUG, "NFC: Missing request message in handover report");
1811 		return -1;
1812 	}
1813 	*pos++ = '\0';
1814 
1815 	pos2 = os_strchr(pos, ' ');
1816 	if (pos2 == NULL) {
1817 		wpa_printf(MSG_DEBUG, "NFC: Missing select message in handover report");
1818 		return -1;
1819 	}
1820 	*pos2++ = '\0';
1821 
1822 	len = os_strlen(pos);
1823 	if (len & 0x01) {
1824 		wpa_printf(MSG_DEBUG, "NFC: Invalid request message length in handover report");
1825 		return -1;
1826 	}
1827 	len /= 2;
1828 
1829 	req = wpabuf_alloc(len);
1830 	if (req == NULL) {
1831 		wpa_printf(MSG_DEBUG, "NFC: Failed to allocate memory for request message");
1832 		return -1;
1833 	}
1834 	if (hexstr2bin(pos, wpabuf_put(req, len), len) < 0) {
1835 		wpa_printf(MSG_DEBUG, "NFC: Invalid request message hexdump in handover report");
1836 		wpabuf_free(req);
1837 		return -1;
1838 	}
1839 
1840 	len = os_strlen(pos2);
1841 	if (len & 0x01) {
1842 		wpa_printf(MSG_DEBUG, "NFC: Invalid select message length in handover report");
1843 		wpabuf_free(req);
1844 		return -1;
1845 	}
1846 	len /= 2;
1847 
1848 	sel = wpabuf_alloc(len);
1849 	if (sel == NULL) {
1850 		wpa_printf(MSG_DEBUG, "NFC: Failed to allocate memory for select message");
1851 		wpabuf_free(req);
1852 		return -1;
1853 	}
1854 	if (hexstr2bin(pos2, wpabuf_put(sel, len), len) < 0) {
1855 		wpa_printf(MSG_DEBUG, "NFC: Invalid select message hexdump in handover report");
1856 		wpabuf_free(req);
1857 		wpabuf_free(sel);
1858 		return -1;
1859 	}
1860 
1861 	wpa_printf(MSG_DEBUG, "NFC: Connection handover reported - role=%s type=%s req_len=%d sel_len=%d",
1862 		   role, type, (int) wpabuf_len(req), (int) wpabuf_len(sel));
1863 
1864 	if (os_strcmp(role, "INIT") == 0 && os_strcmp(type, "WPS") == 0) {
1865 		ret = wpas_wps_nfc_report_handover(wpa_s, req, sel);
1866 #ifdef CONFIG_AP
1867 	} else if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "WPS") == 0)
1868 	{
1869 		ret = wpas_ap_wps_nfc_report_handover(wpa_s, req, sel);
1870 		if (ret < 0)
1871 			ret = wpas_er_wps_nfc_report_handover(wpa_s, req, sel);
1872 #endif /* CONFIG_AP */
1873 #ifdef CONFIG_P2P
1874 	} else if (os_strcmp(role, "INIT") == 0 && os_strcmp(type, "P2P") == 0)
1875 	{
1876 		ret = wpas_p2p_nfc_report_handover(wpa_s, 1, req, sel, 0);
1877 	} else if (os_strcmp(role, "RESP") == 0 && os_strcmp(type, "P2P") == 0)
1878 	{
1879 		ret = wpas_p2p_nfc_report_handover(wpa_s, 0, req, sel,
1880 						   forced_freq);
1881 #endif /* CONFIG_P2P */
1882 	} else {
1883 		wpa_printf(MSG_DEBUG, "NFC: Unsupported connection handover "
1884 			   "reported: role=%s type=%s", role, type);
1885 		ret = -1;
1886 	}
1887 	wpabuf_free(req);
1888 	wpabuf_free(sel);
1889 
1890 	if (ret)
1891 		wpa_printf(MSG_DEBUG, "NFC: Failed to process reported handover messages");
1892 
1893 	return ret;
1894 }
1895 
1896 #endif /* CONFIG_WPS_NFC */
1897 
1898 
1899 static int wpa_supplicant_ctrl_iface_wps_reg(struct wpa_supplicant *wpa_s,
1900 					     char *cmd)
1901 {
1902 	u8 bssid[ETH_ALEN];
1903 	char *pin;
1904 	char *new_ssid;
1905 	char *new_auth;
1906 	char *new_encr;
1907 	char *new_key;
1908 	struct wps_new_ap_settings ap;
1909 
1910 	pin = os_strchr(cmd, ' ');
1911 	if (pin == NULL)
1912 		return -1;
1913 	*pin++ = '\0';
1914 
1915 	if (hwaddr_aton(cmd, bssid)) {
1916 		wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_REG: invalid BSSID '%s'",
1917 			   cmd);
1918 		return -1;
1919 	}
1920 
1921 	new_ssid = os_strchr(pin, ' ');
1922 	if (new_ssid == NULL)
1923 		return wpas_wps_start_reg(wpa_s, bssid, pin, NULL);
1924 	*new_ssid++ = '\0';
1925 
1926 	new_auth = os_strchr(new_ssid, ' ');
1927 	if (new_auth == NULL)
1928 		return -1;
1929 	*new_auth++ = '\0';
1930 
1931 	new_encr = os_strchr(new_auth, ' ');
1932 	if (new_encr == NULL)
1933 		return -1;
1934 	*new_encr++ = '\0';
1935 
1936 	new_key = os_strchr(new_encr, ' ');
1937 	if (new_key == NULL)
1938 		return -1;
1939 	*new_key++ = '\0';
1940 
1941 	os_memset(&ap, 0, sizeof(ap));
1942 	ap.ssid_hex = new_ssid;
1943 	ap.auth = new_auth;
1944 	ap.encr = new_encr;
1945 	ap.key_hex = new_key;
1946 	return wpas_wps_start_reg(wpa_s, bssid, pin, &ap);
1947 }
1948 
1949 
1950 #ifdef CONFIG_AP
1951 static int wpa_supplicant_ctrl_iface_wps_ap_pin(struct wpa_supplicant *wpa_s,
1952 						char *cmd, char *buf,
1953 						size_t buflen)
1954 {
1955 	int timeout = 300;
1956 	char *pos;
1957 	const char *pin_txt;
1958 
1959 	if (!wpa_s->ap_iface)
1960 		return -1;
1961 
1962 	pos = os_strchr(cmd, ' ');
1963 	if (pos)
1964 		*pos++ = '\0';
1965 
1966 	if (os_strcmp(cmd, "disable") == 0) {
1967 		wpas_wps_ap_pin_disable(wpa_s);
1968 		return os_snprintf(buf, buflen, "OK\n");
1969 	}
1970 
1971 	if (os_strcmp(cmd, "random") == 0) {
1972 		if (pos)
1973 			timeout = atoi(pos);
1974 		pin_txt = wpas_wps_ap_pin_random(wpa_s, timeout);
1975 		if (pin_txt == NULL)
1976 			return -1;
1977 		return os_snprintf(buf, buflen, "%s", pin_txt);
1978 	}
1979 
1980 	if (os_strcmp(cmd, "get") == 0) {
1981 		pin_txt = wpas_wps_ap_pin_get(wpa_s);
1982 		if (pin_txt == NULL)
1983 			return -1;
1984 		return os_snprintf(buf, buflen, "%s", pin_txt);
1985 	}
1986 
1987 	if (os_strcmp(cmd, "set") == 0) {
1988 		char *pin;
1989 		if (pos == NULL)
1990 			return -1;
1991 		pin = pos;
1992 		pos = os_strchr(pos, ' ');
1993 		if (pos) {
1994 			*pos++ = '\0';
1995 			timeout = atoi(pos);
1996 		}
1997 		if (os_strlen(pin) > buflen)
1998 			return -1;
1999 		if (wpas_wps_ap_pin_set(wpa_s, pin, timeout) < 0)
2000 			return -1;
2001 		return os_snprintf(buf, buflen, "%s", pin);
2002 	}
2003 
2004 	return -1;
2005 }
2006 #endif /* CONFIG_AP */
2007 
2008 
2009 #ifdef CONFIG_WPS_ER
2010 static int wpa_supplicant_ctrl_iface_wps_er_pin(struct wpa_supplicant *wpa_s,
2011 						char *cmd)
2012 {
2013 	char *uuid = cmd, *pin, *pos;
2014 	u8 addr_buf[ETH_ALEN], *addr = NULL;
2015 	pin = os_strchr(uuid, ' ');
2016 	if (pin == NULL)
2017 		return -1;
2018 	*pin++ = '\0';
2019 	pos = os_strchr(pin, ' ');
2020 	if (pos) {
2021 		*pos++ = '\0';
2022 		if (hwaddr_aton(pos, addr_buf) == 0)
2023 			addr = addr_buf;
2024 	}
2025 	return wpas_wps_er_add_pin(wpa_s, addr, uuid, pin);
2026 }
2027 
2028 
2029 static int wpa_supplicant_ctrl_iface_wps_er_learn(struct wpa_supplicant *wpa_s,
2030 						  char *cmd)
2031 {
2032 	char *uuid = cmd, *pin;
2033 	pin = os_strchr(uuid, ' ');
2034 	if (pin == NULL)
2035 		return -1;
2036 	*pin++ = '\0';
2037 	return wpas_wps_er_learn(wpa_s, uuid, pin);
2038 }
2039 
2040 
2041 static int wpa_supplicant_ctrl_iface_wps_er_set_config(
2042 	struct wpa_supplicant *wpa_s, char *cmd)
2043 {
2044 	char *uuid = cmd, *id;
2045 	id = os_strchr(uuid, ' ');
2046 	if (id == NULL)
2047 		return -1;
2048 	*id++ = '\0';
2049 	return wpas_wps_er_set_config(wpa_s, uuid, atoi(id));
2050 }
2051 
2052 
2053 static int wpa_supplicant_ctrl_iface_wps_er_config(
2054 	struct wpa_supplicant *wpa_s, char *cmd)
2055 {
2056 	char *pin;
2057 	char *new_ssid;
2058 	char *new_auth;
2059 	char *new_encr;
2060 	char *new_key;
2061 	struct wps_new_ap_settings ap;
2062 
2063 	pin = os_strchr(cmd, ' ');
2064 	if (pin == NULL)
2065 		return -1;
2066 	*pin++ = '\0';
2067 
2068 	new_ssid = os_strchr(pin, ' ');
2069 	if (new_ssid == NULL)
2070 		return -1;
2071 	*new_ssid++ = '\0';
2072 
2073 	new_auth = os_strchr(new_ssid, ' ');
2074 	if (new_auth == NULL)
2075 		return -1;
2076 	*new_auth++ = '\0';
2077 
2078 	new_encr = os_strchr(new_auth, ' ');
2079 	if (new_encr == NULL)
2080 		return -1;
2081 	*new_encr++ = '\0';
2082 
2083 	new_key = os_strchr(new_encr, ' ');
2084 	if (new_key == NULL)
2085 		return -1;
2086 	*new_key++ = '\0';
2087 
2088 	os_memset(&ap, 0, sizeof(ap));
2089 	ap.ssid_hex = new_ssid;
2090 	ap.auth = new_auth;
2091 	ap.encr = new_encr;
2092 	ap.key_hex = new_key;
2093 	return wpas_wps_er_config(wpa_s, cmd, pin, &ap);
2094 }
2095 
2096 
2097 #ifdef CONFIG_WPS_NFC
2098 static int wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
2099 	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
2100 {
2101 	int ndef;
2102 	struct wpabuf *buf;
2103 	int res;
2104 	char *uuid;
2105 
2106 	uuid = os_strchr(cmd, ' ');
2107 	if (uuid == NULL)
2108 		return -1;
2109 	*uuid++ = '\0';
2110 
2111 	if (os_strcmp(cmd, "WPS") == 0)
2112 		ndef = 0;
2113 	else if (os_strcmp(cmd, "NDEF") == 0)
2114 		ndef = 1;
2115 	else
2116 		return -1;
2117 
2118 	buf = wpas_wps_er_nfc_config_token(wpa_s, ndef, uuid);
2119 	if (buf == NULL)
2120 		return -1;
2121 
2122 	res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
2123 					 wpabuf_len(buf));
2124 	reply[res++] = '\n';
2125 	reply[res] = '\0';
2126 
2127 	wpabuf_free(buf);
2128 
2129 	return res;
2130 }
2131 #endif /* CONFIG_WPS_NFC */
2132 #endif /* CONFIG_WPS_ER */
2133 
2134 #endif /* CONFIG_WPS */
2135 
2136 
2137 #ifdef CONFIG_IBSS_RSN
2138 static int wpa_supplicant_ctrl_iface_ibss_rsn(
2139 	struct wpa_supplicant *wpa_s, char *addr)
2140 {
2141 	u8 peer[ETH_ALEN];
2142 
2143 	if (hwaddr_aton(addr, peer)) {
2144 		wpa_printf(MSG_DEBUG, "CTRL_IFACE IBSS_RSN: invalid "
2145 			   "address '%s'", addr);
2146 		return -1;
2147 	}
2148 
2149 	wpa_printf(MSG_DEBUG, "CTRL_IFACE IBSS_RSN " MACSTR,
2150 		   MAC2STR(peer));
2151 
2152 	return ibss_rsn_start(wpa_s->ibss_rsn, peer);
2153 }
2154 #endif /* CONFIG_IBSS_RSN */
2155 
2156 
2157 static int wpa_supplicant_ctrl_iface_ctrl_rsp(struct wpa_supplicant *wpa_s,
2158 					      char *rsp)
2159 {
2160 #ifdef IEEE8021X_EAPOL
2161 	char *pos, *id_pos;
2162 	int id;
2163 	struct wpa_ssid *ssid;
2164 
2165 	pos = os_strchr(rsp, '-');
2166 	if (pos == NULL)
2167 		return -1;
2168 	*pos++ = '\0';
2169 	id_pos = pos;
2170 	pos = os_strchr(pos, ':');
2171 	if (pos == NULL)
2172 		return -1;
2173 	*pos++ = '\0';
2174 	id = atoi(id_pos);
2175 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: field=%s id=%d", rsp, id);
2176 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
2177 			      (u8 *) pos, os_strlen(pos));
2178 
2179 	ssid = wpa_config_get_network(wpa_s->conf, id);
2180 	if (ssid == NULL) {
2181 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
2182 			   "to update", id);
2183 		return -1;
2184 	}
2185 
2186 	return wpa_supplicant_ctrl_iface_ctrl_rsp_handle(wpa_s, ssid, rsp,
2187 							 pos);
2188 #else /* IEEE8021X_EAPOL */
2189 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: 802.1X not included");
2190 	return -1;
2191 #endif /* IEEE8021X_EAPOL */
2192 }
2193 
2194 
2195 static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
2196 					    const char *params,
2197 					    char *buf, size_t buflen)
2198 {
2199 	char *pos, *end, tmp[30];
2200 	int res, verbose, wps, ret;
2201 #ifdef CONFIG_HS20
2202 	const u8 *hs20;
2203 #endif /* CONFIG_HS20 */
2204 	const u8 *sess_id;
2205 	size_t sess_id_len;
2206 
2207 	if (os_strcmp(params, "-DRIVER") == 0)
2208 		return wpa_drv_status(wpa_s, buf, buflen);
2209 	verbose = os_strcmp(params, "-VERBOSE") == 0;
2210 	wps = os_strcmp(params, "-WPS") == 0;
2211 	pos = buf;
2212 	end = buf + buflen;
2213 	if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
2214 		struct wpa_ssid *ssid = wpa_s->current_ssid;
2215 		ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
2216 				  MAC2STR(wpa_s->bssid));
2217 		if (os_snprintf_error(end - pos, ret))
2218 			return pos - buf;
2219 		pos += ret;
2220 		ret = os_snprintf(pos, end - pos, "freq=%u\n",
2221 				  wpa_s->assoc_freq);
2222 		if (os_snprintf_error(end - pos, ret))
2223 			return pos - buf;
2224 		pos += ret;
2225 		if (ssid) {
2226 			u8 *_ssid = ssid->ssid;
2227 			size_t ssid_len = ssid->ssid_len;
2228 			u8 ssid_buf[SSID_MAX_LEN];
2229 			if (ssid_len == 0) {
2230 				int _res = wpa_drv_get_ssid(wpa_s, ssid_buf);
2231 				if (_res < 0)
2232 					ssid_len = 0;
2233 				else
2234 					ssid_len = _res;
2235 				_ssid = ssid_buf;
2236 			}
2237 			ret = os_snprintf(pos, end - pos, "ssid=%s\nid=%d\n",
2238 					  wpa_ssid_txt(_ssid, ssid_len),
2239 					  ssid->id);
2240 			if (os_snprintf_error(end - pos, ret))
2241 				return pos - buf;
2242 			pos += ret;
2243 
2244 			if (wps && ssid->passphrase &&
2245 			    wpa_key_mgmt_wpa_psk(ssid->key_mgmt) &&
2246 			    (ssid->mode == WPAS_MODE_AP ||
2247 			     ssid->mode == WPAS_MODE_P2P_GO)) {
2248 				ret = os_snprintf(pos, end - pos,
2249 						  "passphrase=%s\n",
2250 						  ssid->passphrase);
2251 				if (os_snprintf_error(end - pos, ret))
2252 					return pos - buf;
2253 				pos += ret;
2254 			}
2255 			if (ssid->id_str) {
2256 				ret = os_snprintf(pos, end - pos,
2257 						  "id_str=%s\n",
2258 						  ssid->id_str);
2259 				if (os_snprintf_error(end - pos, ret))
2260 					return pos - buf;
2261 				pos += ret;
2262 			}
2263 
2264 			switch (ssid->mode) {
2265 			case WPAS_MODE_INFRA:
2266 				ret = os_snprintf(pos, end - pos,
2267 						  "mode=station\n");
2268 				break;
2269 			case WPAS_MODE_IBSS:
2270 				ret = os_snprintf(pos, end - pos,
2271 						  "mode=IBSS\n");
2272 				break;
2273 			case WPAS_MODE_AP:
2274 				ret = os_snprintf(pos, end - pos,
2275 						  "mode=AP\n");
2276 				break;
2277 			case WPAS_MODE_P2P_GO:
2278 				ret = os_snprintf(pos, end - pos,
2279 						  "mode=P2P GO\n");
2280 				break;
2281 			case WPAS_MODE_P2P_GROUP_FORMATION:
2282 				ret = os_snprintf(pos, end - pos,
2283 						  "mode=P2P GO - group "
2284 						  "formation\n");
2285 				break;
2286 			case WPAS_MODE_MESH:
2287 				ret = os_snprintf(pos, end - pos,
2288 						  "mode=mesh\n");
2289 				break;
2290 			default:
2291 				ret = 0;
2292 				break;
2293 			}
2294 			if (os_snprintf_error(end - pos, ret))
2295 				return pos - buf;
2296 			pos += ret;
2297 		}
2298 
2299 		if (wpa_s->connection_set &&
2300 		    (wpa_s->connection_ht || wpa_s->connection_vht ||
2301 		     wpa_s->connection_he)) {
2302 			ret = os_snprintf(pos, end - pos,
2303 					  "wifi_generation=%u\n",
2304 					  wpa_s->connection_he ? 6 :
2305 					  (wpa_s->connection_vht ? 5 : 4));
2306 			if (os_snprintf_error(end - pos, ret))
2307 				return pos - buf;
2308 			pos += ret;
2309 		}
2310 
2311 #ifdef CONFIG_AP
2312 		if (wpa_s->ap_iface) {
2313 			pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
2314 							    end - pos,
2315 							    verbose);
2316 		} else
2317 #endif /* CONFIG_AP */
2318 		pos += wpa_sm_get_status(wpa_s->wpa, pos, end - pos, verbose);
2319 	}
2320 #ifdef CONFIG_SME
2321 #ifdef CONFIG_SAE
2322 	if (wpa_s->wpa_state >= WPA_ASSOCIATED &&
2323 #ifdef CONFIG_AP
2324 	    !wpa_s->ap_iface &&
2325 #endif /* CONFIG_AP */
2326 	    wpa_s->sme.sae.state == SAE_ACCEPTED) {
2327 		ret = os_snprintf(pos, end - pos, "sae_group=%d\n"
2328 				  "sae_h2e=%d\n"
2329 				  "sae_pk=%d\n",
2330 				  wpa_s->sme.sae.group,
2331 				  wpa_s->sme.sae.h2e,
2332 				  wpa_s->sme.sae.pk);
2333 		if (os_snprintf_error(end - pos, ret))
2334 			return pos - buf;
2335 		pos += ret;
2336 	}
2337 #endif /* CONFIG_SAE */
2338 #endif /* CONFIG_SME */
2339 	ret = os_snprintf(pos, end - pos, "wpa_state=%s\n",
2340 			  wpa_supplicant_state_txt(wpa_s->wpa_state));
2341 	if (os_snprintf_error(end - pos, ret))
2342 		return pos - buf;
2343 	pos += ret;
2344 
2345 	if (wpa_s->l2 &&
2346 	    l2_packet_get_ip_addr(wpa_s->l2, tmp, sizeof(tmp)) >= 0) {
2347 		ret = os_snprintf(pos, end - pos, "ip_address=%s\n", tmp);
2348 		if (os_snprintf_error(end - pos, ret))
2349 			return pos - buf;
2350 		pos += ret;
2351 	}
2352 
2353 #ifdef CONFIG_P2P
2354 	if (wpa_s->global->p2p) {
2355 		ret = os_snprintf(pos, end - pos, "p2p_device_address=" MACSTR
2356 				  "\n", MAC2STR(wpa_s->global->p2p_dev_addr));
2357 		if (os_snprintf_error(end - pos, ret))
2358 			return pos - buf;
2359 		pos += ret;
2360 	}
2361 #endif /* CONFIG_P2P */
2362 
2363 	ret = os_snprintf(pos, end - pos, "address=" MACSTR "\n",
2364 			  MAC2STR(wpa_s->own_addr));
2365 	if (os_snprintf_error(end - pos, ret))
2366 		return pos - buf;
2367 	pos += ret;
2368 
2369 #ifdef CONFIG_HS20
2370 	if (wpa_s->current_bss &&
2371 	    (hs20 = wpa_bss_get_vendor_ie(wpa_s->current_bss,
2372 					  HS20_IE_VENDOR_TYPE)) &&
2373 	    wpa_s->wpa_proto == WPA_PROTO_RSN &&
2374 	    wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
2375 		int release = 1;
2376 		if (hs20[1] >= 5) {
2377 			u8 rel_num = (hs20[6] & 0xf0) >> 4;
2378 			release = rel_num + 1;
2379 		}
2380 		ret = os_snprintf(pos, end - pos, "hs20=%d\n", release);
2381 		if (os_snprintf_error(end - pos, ret))
2382 			return pos - buf;
2383 		pos += ret;
2384 	}
2385 
2386 	if (wpa_s->current_ssid) {
2387 		struct wpa_cred *cred;
2388 		char *type;
2389 
2390 		for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
2391 			size_t i;
2392 
2393 			if (wpa_s->current_ssid->parent_cred != cred)
2394 				continue;
2395 
2396 			if (cred->provisioning_sp) {
2397 				ret = os_snprintf(pos, end - pos,
2398 						  "provisioning_sp=%s\n",
2399 						  cred->provisioning_sp);
2400 				if (os_snprintf_error(end - pos, ret))
2401 					return pos - buf;
2402 				pos += ret;
2403 			}
2404 
2405 			if (!cred->domain)
2406 				goto no_domain;
2407 
2408 			i = 0;
2409 			if (wpa_s->current_bss && wpa_s->current_bss->anqp) {
2410 				struct wpabuf *names =
2411 					wpa_s->current_bss->anqp->domain_name;
2412 				for (i = 0; names && i < cred->num_domain; i++)
2413 				{
2414 					if (domain_name_list_contains(
2415 						    names, cred->domain[i], 1))
2416 						break;
2417 				}
2418 				if (i == cred->num_domain)
2419 					i = 0; /* show first entry by default */
2420 			}
2421 			ret = os_snprintf(pos, end - pos, "home_sp=%s\n",
2422 					  cred->domain[i]);
2423 			if (os_snprintf_error(end - pos, ret))
2424 				return pos - buf;
2425 			pos += ret;
2426 
2427 		no_domain:
2428 			if (wpa_s->current_bss == NULL ||
2429 			    wpa_s->current_bss->anqp == NULL)
2430 				res = -1;
2431 			else
2432 				res = interworking_home_sp_cred(
2433 					wpa_s, cred,
2434 					wpa_s->current_bss->anqp->domain_name);
2435 			if (res > 0)
2436 				type = "home";
2437 			else if (res == 0)
2438 				type = "roaming";
2439 			else
2440 				type = "unknown";
2441 
2442 			ret = os_snprintf(pos, end - pos, "sp_type=%s\n", type);
2443 			if (os_snprintf_error(end - pos, ret))
2444 				return pos - buf;
2445 			pos += ret;
2446 
2447 			break;
2448 		}
2449 	}
2450 #endif /* CONFIG_HS20 */
2451 
2452 	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
2453 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2454 		res = eapol_sm_get_status(wpa_s->eapol, pos, end - pos,
2455 					  verbose);
2456 		if (res >= 0)
2457 			pos += res;
2458 	}
2459 
2460 #ifdef CONFIG_MACSEC
2461 	res = ieee802_1x_kay_get_status(wpa_s->kay, pos, end - pos);
2462 	if (res > 0)
2463 		pos += res;
2464 #endif /* CONFIG_MACSEC */
2465 
2466 	sess_id = eapol_sm_get_session_id(wpa_s->eapol, &sess_id_len);
2467 	if (sess_id) {
2468 		char *start = pos;
2469 
2470 		ret = os_snprintf(pos, end - pos, "eap_session_id=");
2471 		if (os_snprintf_error(end - pos, ret))
2472 			return start - buf;
2473 		pos += ret;
2474 		ret = wpa_snprintf_hex(pos, end - pos, sess_id, sess_id_len);
2475 		if (ret <= 0)
2476 			return start - buf;
2477 		pos += ret;
2478 		ret = os_snprintf(pos, end - pos, "\n");
2479 		if (os_snprintf_error(end - pos, ret))
2480 			return start - buf;
2481 		pos += ret;
2482 	}
2483 
2484 	res = rsn_preauth_get_status(wpa_s->wpa, pos, end - pos, verbose);
2485 	if (res >= 0)
2486 		pos += res;
2487 
2488 #ifdef CONFIG_WPS
2489 	{
2490 		char uuid_str[100];
2491 		uuid_bin2str(wpa_s->wps->uuid, uuid_str, sizeof(uuid_str));
2492 		ret = os_snprintf(pos, end - pos, "uuid=%s\n", uuid_str);
2493 		if (os_snprintf_error(end - pos, ret))
2494 			return pos - buf;
2495 		pos += ret;
2496 	}
2497 #endif /* CONFIG_WPS */
2498 
2499 	if (wpa_s->ieee80211ac) {
2500 		ret = os_snprintf(pos, end - pos, "ieee80211ac=1\n");
2501 		if (os_snprintf_error(end - pos, ret))
2502 			return pos - buf;
2503 		pos += ret;
2504 	}
2505 
2506 #ifdef ANDROID
2507 	/*
2508 	 * Allow using the STATUS command with default behavior, say for debug,
2509 	 * i.e., don't generate a "fake" CONNECTION and SUPPLICANT_STATE_CHANGE
2510 	 * events with STATUS-NO_EVENTS.
2511 	 */
2512 	if (os_strcmp(params, "-NO_EVENTS")) {
2513 		wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_STATE_CHANGE
2514 			     "id=%d state=%d BSSID=" MACSTR " SSID=%s",
2515 			     wpa_s->current_ssid ? wpa_s->current_ssid->id : -1,
2516 			     wpa_s->wpa_state,
2517 			     MAC2STR(wpa_s->bssid),
2518 			     wpa_s->current_ssid && wpa_s->current_ssid->ssid ?
2519 			     wpa_ssid_txt(wpa_s->current_ssid->ssid,
2520 					  wpa_s->current_ssid->ssid_len) : "");
2521 		if (wpa_s->wpa_state == WPA_COMPLETED) {
2522 			struct wpa_ssid *ssid = wpa_s->current_ssid;
2523 			wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED
2524 				     "- connection to " MACSTR
2525 				     " completed %s [id=%d id_str=%s]",
2526 				     MAC2STR(wpa_s->bssid), "(auth)",
2527 				     ssid ? ssid->id : -1,
2528 				     ssid && ssid->id_str ? ssid->id_str : "");
2529 		}
2530 	}
2531 #endif /* ANDROID */
2532 
2533 	return pos - buf;
2534 }
2535 
2536 
2537 static int wpa_supplicant_ctrl_iface_bssid(struct wpa_supplicant *wpa_s,
2538 					   char *cmd)
2539 {
2540 	char *pos;
2541 	int id;
2542 	struct wpa_ssid *ssid;
2543 	u8 bssid[ETH_ALEN];
2544 
2545 	/* cmd: "<network id> <BSSID>" */
2546 	pos = os_strchr(cmd, ' ');
2547 	if (pos == NULL)
2548 		return -1;
2549 	*pos++ = '\0';
2550 	id = atoi(cmd);
2551 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: id=%d bssid='%s'", id, pos);
2552 	if (hwaddr_aton(pos, bssid)) {
2553 		wpa_printf(MSG_DEBUG ,"CTRL_IFACE: invalid BSSID '%s'", pos);
2554 		return -1;
2555 	}
2556 
2557 	ssid = wpa_config_get_network(wpa_s->conf, id);
2558 	if (ssid == NULL) {
2559 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
2560 			   "to update", id);
2561 		return -1;
2562 	}
2563 
2564 	os_memcpy(ssid->bssid, bssid, ETH_ALEN);
2565 	ssid->bssid_set = !is_zero_ether_addr(bssid);
2566 
2567 	return 0;
2568 }
2569 
2570 
2571 static int wpa_supplicant_ctrl_iface_bssid_ignore(struct wpa_supplicant *wpa_s,
2572 						  char *cmd, char *buf,
2573 						  size_t buflen)
2574 {
2575 	u8 bssid[ETH_ALEN];
2576 	struct wpa_bssid_ignore *e;
2577 	char *pos, *end;
2578 	int ret;
2579 
2580 	/* cmd: "BSSID_IGNORE [<BSSID>]" */
2581 	if (*cmd == '\0') {
2582 		pos = buf;
2583 		end = buf + buflen;
2584 		e = wpa_s->bssid_ignore;
2585 		while (e) {
2586 			ret = os_snprintf(pos, end - pos, MACSTR "\n",
2587 					  MAC2STR(e->bssid));
2588 			if (os_snprintf_error(end - pos, ret))
2589 				return pos - buf;
2590 			pos += ret;
2591 			e = e->next;
2592 		}
2593 		return pos - buf;
2594 	}
2595 
2596 	cmd++;
2597 	if (os_strncmp(cmd, "clear", 5) == 0) {
2598 		wpa_bssid_ignore_clear(wpa_s);
2599 		os_memcpy(buf, "OK\n", 3);
2600 		return 3;
2601 	}
2602 
2603 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: BSSID_IGNORE bssid='%s'", cmd);
2604 	if (hwaddr_aton(cmd, bssid)) {
2605 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: invalid BSSID '%s'", cmd);
2606 		return -1;
2607 	}
2608 
2609 	/*
2610 	 * Add the BSSID twice, so its count will be 2, causing it to be
2611 	 * skipped when processing scan results.
2612 	 */
2613 	ret = wpa_bssid_ignore_add(wpa_s, bssid);
2614 	if (ret < 0)
2615 		return -1;
2616 	ret = wpa_bssid_ignore_add(wpa_s, bssid);
2617 	if (ret < 0)
2618 		return -1;
2619 	os_memcpy(buf, "OK\n", 3);
2620 	return 3;
2621 }
2622 
2623 
2624 static int wpa_supplicant_ctrl_iface_log_level(struct wpa_supplicant *wpa_s,
2625 					       char *cmd, char *buf,
2626 					       size_t buflen)
2627 {
2628 	char *pos, *end, *stamp;
2629 	int ret;
2630 
2631 	/* cmd: "LOG_LEVEL [<level>]" */
2632 	if (*cmd == '\0') {
2633 		pos = buf;
2634 		end = buf + buflen;
2635 		ret = os_snprintf(pos, end - pos, "Current level: %s\n"
2636 				  "Timestamp: %d\n",
2637 				  debug_level_str(wpa_debug_level),
2638 				  wpa_debug_timestamp);
2639 		if (os_snprintf_error(end - pos, ret))
2640 			ret = 0;
2641 
2642 		return ret;
2643 	}
2644 
2645 	while (*cmd == ' ')
2646 		cmd++;
2647 
2648 	stamp = os_strchr(cmd, ' ');
2649 	if (stamp) {
2650 		*stamp++ = '\0';
2651 		while (*stamp == ' ') {
2652 			stamp++;
2653 		}
2654 	}
2655 
2656 	if (os_strlen(cmd)) {
2657 		int level = str_to_debug_level(cmd);
2658 		if (level < 0)
2659 			return -1;
2660 		wpa_debug_level = level;
2661 	}
2662 
2663 	if (stamp && os_strlen(stamp))
2664 		wpa_debug_timestamp = atoi(stamp);
2665 
2666 	os_memcpy(buf, "OK\n", 3);
2667 	return 3;
2668 }
2669 
2670 
2671 static int wpa_supplicant_ctrl_iface_list_networks(
2672 	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
2673 {
2674 	char *pos, *end, *prev;
2675 	struct wpa_ssid *ssid;
2676 	int ret;
2677 
2678 	pos = buf;
2679 	end = buf + buflen;
2680 	ret = os_snprintf(pos, end - pos,
2681 			  "network id / ssid / bssid / flags\n");
2682 	if (os_snprintf_error(end - pos, ret))
2683 		return pos - buf;
2684 	pos += ret;
2685 
2686 	ssid = wpa_s->conf->ssid;
2687 
2688 	/* skip over ssids until we find next one */
2689 	if (cmd != NULL && os_strncmp(cmd, "LAST_ID=", 8) == 0) {
2690 		int last_id = atoi(cmd + 8);
2691 		if (last_id != -1) {
2692 			while (ssid != NULL && ssid->id <= last_id) {
2693 				ssid = ssid->next;
2694 			}
2695 		}
2696 	}
2697 
2698 	while (ssid) {
2699 		prev = pos;
2700 		ret = os_snprintf(pos, end - pos, "%d\t%s",
2701 				  ssid->id,
2702 				  wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
2703 		if (os_snprintf_error(end - pos, ret))
2704 			return prev - buf;
2705 		pos += ret;
2706 		if (ssid->bssid_set) {
2707 			ret = os_snprintf(pos, end - pos, "\t" MACSTR,
2708 					  MAC2STR(ssid->bssid));
2709 		} else {
2710 			ret = os_snprintf(pos, end - pos, "\tany");
2711 		}
2712 		if (os_snprintf_error(end - pos, ret))
2713 			return prev - buf;
2714 		pos += ret;
2715 		ret = os_snprintf(pos, end - pos, "\t%s%s%s%s",
2716 				  ssid == wpa_s->current_ssid ?
2717 				  "[CURRENT]" : "",
2718 				  ssid->disabled ? "[DISABLED]" : "",
2719 				  ssid->disabled_until.sec ?
2720 				  "[TEMP-DISABLED]" : "",
2721 				  ssid->disabled == 2 ? "[P2P-PERSISTENT]" :
2722 				  "");
2723 		if (os_snprintf_error(end - pos, ret))
2724 			return prev - buf;
2725 		pos += ret;
2726 		ret = os_snprintf(pos, end - pos, "\n");
2727 		if (os_snprintf_error(end - pos, ret))
2728 			return prev - buf;
2729 		pos += ret;
2730 
2731 		ssid = ssid->next;
2732 	}
2733 
2734 	return pos - buf;
2735 }
2736 
2737 
2738 static char * wpa_supplicant_cipher_txt(char *pos, char *end, int cipher)
2739 {
2740 	int ret;
2741 	ret = os_snprintf(pos, end - pos, "-");
2742 	if (os_snprintf_error(end - pos, ret))
2743 		return pos;
2744 	pos += ret;
2745 	ret = wpa_write_ciphers(pos, end, cipher, "+");
2746 	if (ret < 0)
2747 		return pos;
2748 	pos += ret;
2749 	return pos;
2750 }
2751 
2752 
2753 static char * wpa_supplicant_ie_txt(char *pos, char *end, const char *proto,
2754 				    const u8 *ie, size_t ie_len)
2755 {
2756 	struct wpa_ie_data data;
2757 	char *start;
2758 	int ret;
2759 
2760 	ret = os_snprintf(pos, end - pos, "[%s-", proto);
2761 	if (os_snprintf_error(end - pos, ret))
2762 		return pos;
2763 	pos += ret;
2764 
2765 	if (wpa_parse_wpa_ie(ie, ie_len, &data) < 0) {
2766 		ret = os_snprintf(pos, end - pos, "?]");
2767 		if (os_snprintf_error(end - pos, ret))
2768 			return pos;
2769 		pos += ret;
2770 		return pos;
2771 	}
2772 
2773 	start = pos;
2774 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
2775 		ret = os_snprintf(pos, end - pos, "%sEAP",
2776 				  pos == start ? "" : "+");
2777 		if (os_snprintf_error(end - pos, ret))
2778 			return pos;
2779 		pos += ret;
2780 	}
2781 	if (data.key_mgmt & WPA_KEY_MGMT_PSK) {
2782 		ret = os_snprintf(pos, end - pos, "%sPSK",
2783 				  pos == start ? "" : "+");
2784 		if (os_snprintf_error(end - pos, ret))
2785 			return pos;
2786 		pos += ret;
2787 	}
2788 	if (data.key_mgmt & WPA_KEY_MGMT_WPA_NONE) {
2789 		ret = os_snprintf(pos, end - pos, "%sNone",
2790 				  pos == start ? "" : "+");
2791 		if (os_snprintf_error(end - pos, ret))
2792 			return pos;
2793 		pos += ret;
2794 	}
2795 	if (data.key_mgmt & WPA_KEY_MGMT_SAE) {
2796 		ret = os_snprintf(pos, end - pos, "%sSAE",
2797 				  pos == start ? "" : "+");
2798 		if (os_snprintf_error(end - pos, ret))
2799 			return pos;
2800 		pos += ret;
2801 	}
2802 #ifdef CONFIG_IEEE80211R
2803 	if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
2804 		ret = os_snprintf(pos, end - pos, "%sFT/EAP",
2805 				  pos == start ? "" : "+");
2806 		if (os_snprintf_error(end - pos, ret))
2807 			return pos;
2808 		pos += ret;
2809 	}
2810 	if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK) {
2811 		ret = os_snprintf(pos, end - pos, "%sFT/PSK",
2812 				  pos == start ? "" : "+");
2813 		if (os_snprintf_error(end - pos, ret))
2814 			return pos;
2815 		pos += ret;
2816 	}
2817 	if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE) {
2818 		ret = os_snprintf(pos, end - pos, "%sFT/SAE",
2819 				  pos == start ? "" : "+");
2820 		if (os_snprintf_error(end - pos, ret))
2821 			return pos;
2822 		pos += ret;
2823 	}
2824 #endif /* CONFIG_IEEE80211R */
2825 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
2826 		ret = os_snprintf(pos, end - pos, "%sEAP-SHA256",
2827 				  pos == start ? "" : "+");
2828 		if (os_snprintf_error(end - pos, ret))
2829 			return pos;
2830 		pos += ret;
2831 	}
2832 	if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
2833 		ret = os_snprintf(pos, end - pos, "%sPSK-SHA256",
2834 				  pos == start ? "" : "+");
2835 		if (os_snprintf_error(end - pos, ret))
2836 			return pos;
2837 		pos += ret;
2838 	}
2839 
2840 #ifdef CONFIG_SUITEB
2841 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
2842 		ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B",
2843 				  pos == start ? "" : "+");
2844 		if (os_snprintf_error(end - pos, ret))
2845 			return pos;
2846 		pos += ret;
2847 	}
2848 #endif /* CONFIG_SUITEB */
2849 
2850 #ifdef CONFIG_SUITEB192
2851 	if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
2852 		ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B-192",
2853 				  pos == start ? "" : "+");
2854 		if (os_snprintf_error(end - pos, ret))
2855 			return pos;
2856 		pos += ret;
2857 	}
2858 #endif /* CONFIG_SUITEB192 */
2859 
2860 #ifdef CONFIG_FILS
2861 	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
2862 		ret = os_snprintf(pos, end - pos, "%sFILS-SHA256",
2863 				  pos == start ? "" : "+");
2864 		if (os_snprintf_error(end - pos, ret))
2865 			return pos;
2866 		pos += ret;
2867 	}
2868 	if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
2869 		ret = os_snprintf(pos, end - pos, "%sFILS-SHA384",
2870 				  pos == start ? "" : "+");
2871 		if (os_snprintf_error(end - pos, ret))
2872 			return pos;
2873 		pos += ret;
2874 	}
2875 #ifdef CONFIG_IEEE80211R
2876 	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
2877 		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA256",
2878 				  pos == start ? "" : "+");
2879 		if (os_snprintf_error(end - pos, ret))
2880 			return pos;
2881 		pos += ret;
2882 	}
2883 	if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
2884 		ret = os_snprintf(pos, end - pos, "%sFT-FILS-SHA384",
2885 				  pos == start ? "" : "+");
2886 		if (os_snprintf_error(end - pos, ret))
2887 			return pos;
2888 		pos += ret;
2889 	}
2890 #endif /* CONFIG_IEEE80211R */
2891 #endif /* CONFIG_FILS */
2892 
2893 #ifdef CONFIG_OWE
2894 	if (data.key_mgmt & WPA_KEY_MGMT_OWE) {
2895 		ret = os_snprintf(pos, end - pos, "%sOWE",
2896 				  pos == start ? "" : "+");
2897 		if (os_snprintf_error(end - pos, ret))
2898 			return pos;
2899 		pos += ret;
2900 	}
2901 #endif /* CONFIG_OWE */
2902 
2903 #ifdef CONFIG_DPP
2904 	if (data.key_mgmt & WPA_KEY_MGMT_DPP) {
2905 		ret = os_snprintf(pos, end - pos, "%sDPP",
2906 				  pos == start ? "" : "+");
2907 		if (os_snprintf_error(end - pos, ret))
2908 			return pos;
2909 		pos += ret;
2910 	}
2911 #endif /* CONFIG_DPP */
2912 
2913 	if (data.key_mgmt & WPA_KEY_MGMT_OSEN) {
2914 		ret = os_snprintf(pos, end - pos, "%sOSEN",
2915 				  pos == start ? "" : "+");
2916 		if (os_snprintf_error(end - pos, ret))
2917 			return pos;
2918 		pos += ret;
2919 	}
2920 
2921 	pos = wpa_supplicant_cipher_txt(pos, end, data.pairwise_cipher);
2922 
2923 	if (data.capabilities & WPA_CAPABILITY_PREAUTH) {
2924 		ret = os_snprintf(pos, end - pos, "-preauth");
2925 		if (os_snprintf_error(end - pos, ret))
2926 			return pos;
2927 		pos += ret;
2928 	}
2929 
2930 	ret = os_snprintf(pos, end - pos, "]");
2931 	if (os_snprintf_error(end - pos, ret))
2932 		return pos;
2933 	pos += ret;
2934 
2935 	return pos;
2936 }
2937 
2938 
2939 #ifdef CONFIG_WPS
2940 static char * wpa_supplicant_wps_ie_txt_buf(struct wpa_supplicant *wpa_s,
2941 					    char *pos, char *end,
2942 					    struct wpabuf *wps_ie)
2943 {
2944 	int ret;
2945 	const char *txt;
2946 
2947 	if (wps_ie == NULL)
2948 		return pos;
2949 	if (wps_is_selected_pbc_registrar(wps_ie))
2950 		txt = "[WPS-PBC]";
2951 	else if (wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 0))
2952 		txt = "[WPS-AUTH]";
2953 	else if (wps_is_selected_pin_registrar(wps_ie))
2954 		txt = "[WPS-PIN]";
2955 	else
2956 		txt = "[WPS]";
2957 
2958 	ret = os_snprintf(pos, end - pos, "%s", txt);
2959 	if (!os_snprintf_error(end - pos, ret))
2960 		pos += ret;
2961 	wpabuf_free(wps_ie);
2962 	return pos;
2963 }
2964 #endif /* CONFIG_WPS */
2965 
2966 
2967 static char * wpa_supplicant_wps_ie_txt(struct wpa_supplicant *wpa_s,
2968 					char *pos, char *end,
2969 					const struct wpa_bss *bss)
2970 {
2971 #ifdef CONFIG_WPS
2972 	struct wpabuf *wps_ie;
2973 	wps_ie = wpa_bss_get_vendor_ie_multi(bss, WPS_IE_VENDOR_TYPE);
2974 	return wpa_supplicant_wps_ie_txt_buf(wpa_s, pos, end, wps_ie);
2975 #else /* CONFIG_WPS */
2976 	return pos;
2977 #endif /* CONFIG_WPS */
2978 }
2979 
2980 
2981 /* Format one result on one text line into a buffer. */
2982 static int wpa_supplicant_ctrl_iface_scan_result(
2983 	struct wpa_supplicant *wpa_s,
2984 	const struct wpa_bss *bss, char *buf, size_t buflen)
2985 {
2986 	char *pos, *end;
2987 	int ret;
2988 	const u8 *ie, *ie2, *osen_ie, *p2p, *mesh, *owe, *rsnxe;
2989 
2990 	mesh = wpa_bss_get_ie(bss, WLAN_EID_MESH_ID);
2991 	p2p = wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE);
2992 	if (!p2p)
2993 		p2p = wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE);
2994 	if (p2p && bss->ssid_len == P2P_WILDCARD_SSID_LEN &&
2995 	    os_memcmp(bss->ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) ==
2996 	    0)
2997 		return 0; /* Do not show P2P listen discovery results here */
2998 
2999 	pos = buf;
3000 	end = buf + buflen;
3001 
3002 	ret = os_snprintf(pos, end - pos, MACSTR "\t%d\t%d\t",
3003 			  MAC2STR(bss->bssid), bss->freq, bss->level);
3004 	if (os_snprintf_error(end - pos, ret))
3005 		return -1;
3006 	pos += ret;
3007 	ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
3008 	if (ie)
3009 		pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie, 2 + ie[1]);
3010 	ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3011 	if (ie2) {
3012 		pos = wpa_supplicant_ie_txt(pos, end, mesh ? "RSN" : "WPA2",
3013 					    ie2, 2 + ie2[1]);
3014 	}
3015 	rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
3016 	if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_H2E)) {
3017 		ret = os_snprintf(pos, end - pos, "[SAE-H2E]");
3018 		if (os_snprintf_error(end - pos, ret))
3019 			return -1;
3020 		pos += ret;
3021 	}
3022 	if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_PK)) {
3023 		ret = os_snprintf(pos, end - pos, "[SAE-PK]");
3024 		if (os_snprintf_error(end - pos, ret))
3025 			return -1;
3026 		pos += ret;
3027 	}
3028 	osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
3029 	if (osen_ie)
3030 		pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
3031 					    osen_ie, 2 + osen_ie[1]);
3032 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
3033 	if (owe) {
3034 		ret = os_snprintf(pos, end - pos,
3035 				  ie2 ? "[OWE-TRANS]" : "[OWE-TRANS-OPEN]");
3036 		if (os_snprintf_error(end - pos, ret))
3037 			return -1;
3038 		pos += ret;
3039 	}
3040 	pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
3041 	if (!ie && !ie2 && !osen_ie && (bss->caps & IEEE80211_CAP_PRIVACY)) {
3042 		ret = os_snprintf(pos, end - pos, "[WEP]");
3043 		if (os_snprintf_error(end - pos, ret))
3044 			return -1;
3045 		pos += ret;
3046 	}
3047 	if (mesh) {
3048 		ret = os_snprintf(pos, end - pos, "[MESH]");
3049 		if (os_snprintf_error(end - pos, ret))
3050 			return -1;
3051 		pos += ret;
3052 	}
3053 	if (bss_is_dmg(bss)) {
3054 		const char *s;
3055 
3056 		if (wpa_bss_get_ie_ext(bss, WLAN_EID_EXT_EDMG_OPERATION)) {
3057 			ret = os_snprintf(pos, end - pos, "[EDMG]");
3058 			if (os_snprintf_error(end - pos, ret))
3059 				return -1;
3060 			pos += ret;
3061 		}
3062 
3063 		ret = os_snprintf(pos, end - pos, "[DMG]");
3064 		if (os_snprintf_error(end - pos, ret))
3065 			return -1;
3066 		pos += ret;
3067 		switch (bss->caps & IEEE80211_CAP_DMG_MASK) {
3068 		case IEEE80211_CAP_DMG_IBSS:
3069 			s = "[IBSS]";
3070 			break;
3071 		case IEEE80211_CAP_DMG_AP:
3072 			s = "[ESS]";
3073 			break;
3074 		case IEEE80211_CAP_DMG_PBSS:
3075 			s = "[PBSS]";
3076 			break;
3077 		default:
3078 			s = "";
3079 			break;
3080 		}
3081 		ret = os_snprintf(pos, end - pos, "%s", s);
3082 		if (os_snprintf_error(end - pos, ret))
3083 			return -1;
3084 		pos += ret;
3085 	} else {
3086 		if (bss->caps & IEEE80211_CAP_IBSS) {
3087 			ret = os_snprintf(pos, end - pos, "[IBSS]");
3088 			if (os_snprintf_error(end - pos, ret))
3089 				return -1;
3090 			pos += ret;
3091 		}
3092 		if (bss->caps & IEEE80211_CAP_ESS) {
3093 			ret = os_snprintf(pos, end - pos, "[ESS]");
3094 			if (os_snprintf_error(end - pos, ret))
3095 				return -1;
3096 			pos += ret;
3097 		}
3098 	}
3099 	if (p2p) {
3100 		ret = os_snprintf(pos, end - pos, "[P2P]");
3101 		if (os_snprintf_error(end - pos, ret))
3102 			return -1;
3103 		pos += ret;
3104 	}
3105 #ifdef CONFIG_HS20
3106 	if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE) && ie2) {
3107 		ret = os_snprintf(pos, end - pos, "[HS20]");
3108 		if (os_snprintf_error(end - pos, ret))
3109 			return -1;
3110 		pos += ret;
3111 	}
3112 #endif /* CONFIG_HS20 */
3113 #ifdef CONFIG_FILS
3114 	if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
3115 		ret = os_snprintf(pos, end - pos, "[FILS]");
3116 		if (os_snprintf_error(end - pos, ret))
3117 			return -1;
3118 		pos += ret;
3119 	}
3120 #endif /* CONFIG_FILS */
3121 #ifdef CONFIG_FST
3122 	if (wpa_bss_get_ie(bss, WLAN_EID_MULTI_BAND)) {
3123 		ret = os_snprintf(pos, end - pos, "[FST]");
3124 		if (os_snprintf_error(end - pos, ret))
3125 			return -1;
3126 		pos += ret;
3127 	}
3128 #endif /* CONFIG_FST */
3129 	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_UTF_8_SSID)) {
3130 		ret = os_snprintf(pos, end - pos, "[UTF-8]");
3131 		if (os_snprintf_error(end - pos, ret))
3132 			return -1;
3133 		pos += ret;
3134 	}
3135 
3136 	ret = os_snprintf(pos, end - pos, "\t%s",
3137 			  wpa_ssid_txt(bss->ssid, bss->ssid_len));
3138 	if (os_snprintf_error(end - pos, ret))
3139 		return -1;
3140 	pos += ret;
3141 
3142 	ret = os_snprintf(pos, end - pos, "\n");
3143 	if (os_snprintf_error(end - pos, ret))
3144 		return -1;
3145 	pos += ret;
3146 
3147 	return pos - buf;
3148 }
3149 
3150 
3151 static int wpa_supplicant_ctrl_iface_scan_results(
3152 	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
3153 {
3154 	char *pos, *end;
3155 	struct wpa_bss *bss;
3156 	int ret;
3157 
3158 	pos = buf;
3159 	end = buf + buflen;
3160 	ret = os_snprintf(pos, end - pos, "bssid / frequency / signal level / "
3161 			  "flags / ssid\n");
3162 	if (os_snprintf_error(end - pos, ret))
3163 		return pos - buf;
3164 	pos += ret;
3165 
3166 	dl_list_for_each(bss, &wpa_s->bss_id, struct wpa_bss, list_id) {
3167 		ret = wpa_supplicant_ctrl_iface_scan_result(wpa_s, bss, pos,
3168 							    end - pos);
3169 		if (ret < 0 || ret >= end - pos)
3170 			return pos - buf;
3171 		pos += ret;
3172 	}
3173 
3174 	return pos - buf;
3175 }
3176 
3177 
3178 #ifdef CONFIG_MESH
3179 
3180 static int wpa_supplicant_ctrl_iface_mesh_interface_add(
3181 	struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
3182 {
3183 	char *pos, ifname[IFNAMSIZ + 1];
3184 
3185 	ifname[0] = '\0';
3186 
3187 	pos = os_strstr(cmd, "ifname=");
3188 	if (pos) {
3189 		pos += 7;
3190 		os_strlcpy(ifname, pos, sizeof(ifname));
3191 	}
3192 
3193 	if (wpas_mesh_add_interface(wpa_s, ifname, sizeof(ifname)) < 0)
3194 		return -1;
3195 
3196 	os_strlcpy(reply, ifname, max_len);
3197 	return os_strlen(ifname);
3198 }
3199 
3200 
3201 static int wpa_supplicant_ctrl_iface_mesh_group_add(
3202 	struct wpa_supplicant *wpa_s, char *cmd)
3203 {
3204 	int id;
3205 	struct wpa_ssid *ssid;
3206 
3207 	id = atoi(cmd);
3208 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: MESH_GROUP_ADD id=%d", id);
3209 
3210 	ssid = wpa_config_get_network(wpa_s->conf, id);
3211 	if (ssid == NULL) {
3212 		wpa_printf(MSG_DEBUG,
3213 			   "CTRL_IFACE: Could not find network id=%d", id);
3214 		return -1;
3215 	}
3216 	if (ssid->mode != WPAS_MODE_MESH) {
3217 		wpa_printf(MSG_DEBUG,
3218 			   "CTRL_IFACE: Cannot use MESH_GROUP_ADD on a non mesh network");
3219 		return -1;
3220 	}
3221 	if (ssid->key_mgmt != WPA_KEY_MGMT_NONE &&
3222 	    ssid->key_mgmt != WPA_KEY_MGMT_SAE) {
3223 		wpa_printf(MSG_ERROR,
3224 			   "CTRL_IFACE: key_mgmt for mesh network should be open or SAE");
3225 		return -1;
3226 	}
3227 
3228 	/*
3229 	 * TODO: If necessary write our own group_add function,
3230 	 * for now we can reuse select_network
3231 	 */
3232 	wpa_supplicant_select_network(wpa_s, ssid);
3233 
3234 	return 0;
3235 }
3236 
3237 
3238 static int wpa_supplicant_ctrl_iface_mesh_group_remove(
3239 	struct wpa_supplicant *wpa_s, char *cmd)
3240 {
3241 	struct wpa_supplicant *orig;
3242 	struct wpa_global *global;
3243 	int found = 0;
3244 
3245 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: MESH_GROUP_REMOVE ifname=%s", cmd);
3246 
3247 	global = wpa_s->global;
3248 	orig = wpa_s;
3249 
3250 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
3251 		if (os_strcmp(wpa_s->ifname, cmd) == 0) {
3252 			found = 1;
3253 			break;
3254 		}
3255 	}
3256 	if (!found) {
3257 		wpa_printf(MSG_ERROR,
3258 			   "CTRL_IFACE: MESH_GROUP_REMOVE ifname=%s not found",
3259 			   cmd);
3260 		return -1;
3261 	}
3262 	if (wpa_s->mesh_if_created && wpa_s == orig) {
3263 		wpa_printf(MSG_ERROR,
3264 			   "CTRL_IFACE: MESH_GROUP_REMOVE can't remove itself");
3265 		return -1;
3266 	}
3267 
3268 	wpa_s->reassociate = 0;
3269 	wpa_s->disconnected = 1;
3270 	wpa_supplicant_cancel_sched_scan(wpa_s);
3271 	wpa_supplicant_cancel_scan(wpa_s);
3272 
3273 	/*
3274 	 * TODO: If necessary write our own group_remove function,
3275 	 * for now we can reuse deauthenticate
3276 	 */
3277 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
3278 
3279 	if (wpa_s->mesh_if_created)
3280 		wpa_supplicant_remove_iface(global, wpa_s, 0);
3281 
3282 	return 0;
3283 }
3284 
3285 
3286 static int wpa_supplicant_ctrl_iface_mesh_peer_remove(
3287 	struct wpa_supplicant *wpa_s, char *cmd)
3288 {
3289 	u8 addr[ETH_ALEN];
3290 
3291 	if (hwaddr_aton(cmd, addr) < 0)
3292 		return -1;
3293 
3294 	return wpas_mesh_peer_remove(wpa_s, addr);
3295 }
3296 
3297 
3298 static int wpa_supplicant_ctrl_iface_mesh_peer_add(
3299 	struct wpa_supplicant *wpa_s, char *cmd)
3300 {
3301 	u8 addr[ETH_ALEN];
3302 	int duration;
3303 	char *pos;
3304 
3305 	pos = os_strstr(cmd, " duration=");
3306 	if (pos) {
3307 		*pos = '\0';
3308 		duration = atoi(pos + 10);
3309 	} else {
3310 		duration = -1;
3311 	}
3312 
3313 	if (hwaddr_aton(cmd, addr))
3314 		return -1;
3315 
3316 	return wpas_mesh_peer_add(wpa_s, addr, duration);
3317 }
3318 
3319 
3320 static int wpa_supplicant_ctrl_iface_mesh_link_probe(
3321 	struct wpa_supplicant *wpa_s, char *cmd)
3322 {
3323 	struct ether_header *eth;
3324 	u8 addr[ETH_ALEN];
3325 	u8 *buf;
3326 	char *pos;
3327 	size_t payload_len = 0, len;
3328 	int ret = -1;
3329 
3330 	if (hwaddr_aton(cmd, addr))
3331 		return -1;
3332 
3333 	pos = os_strstr(cmd, " payload=");
3334 	if (pos) {
3335 		pos = pos + 9;
3336 		payload_len = os_strlen(pos);
3337 		if (payload_len & 1)
3338 			return -1;
3339 
3340 		payload_len /= 2;
3341 	}
3342 
3343 	len = ETH_HLEN + payload_len;
3344 	buf = os_malloc(len);
3345 	if (!buf)
3346 		return -1;
3347 
3348 	eth = (struct ether_header *) buf;
3349 	os_memcpy(eth->ether_dhost, addr, ETH_ALEN);
3350 	os_memcpy(eth->ether_shost, wpa_s->own_addr, ETH_ALEN);
3351 	eth->ether_type = htons(ETH_P_802_3);
3352 
3353 	if (payload_len && hexstr2bin(pos, buf + ETH_HLEN, payload_len) < 0)
3354 		goto fail;
3355 
3356 	ret = wpa_drv_mesh_link_probe(wpa_s, addr, buf, len);
3357 fail:
3358 	os_free(buf);
3359 	return -ret;
3360 }
3361 
3362 #endif /* CONFIG_MESH */
3363 
3364 
3365 static int wpa_supplicant_ctrl_iface_select_network(
3366 	struct wpa_supplicant *wpa_s, char *cmd)
3367 {
3368 	int id;
3369 	struct wpa_ssid *ssid;
3370 	char *pos;
3371 
3372 	/* cmd: "<network id>" or "any" */
3373 	if (os_strncmp(cmd, "any", 3) == 0) {
3374 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK any");
3375 		ssid = NULL;
3376 	} else {
3377 		id = atoi(cmd);
3378 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SELECT_NETWORK id=%d", id);
3379 
3380 		ssid = wpa_config_get_network(wpa_s->conf, id);
3381 		if (ssid == NULL) {
3382 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
3383 				   "network id=%d", id);
3384 			return -1;
3385 		}
3386 		if (ssid->disabled == 2) {
3387 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
3388 				   "SELECT_NETWORK with persistent P2P group");
3389 			return -1;
3390 		}
3391 	}
3392 
3393 	pos = os_strstr(cmd, " freq=");
3394 	if (pos) {
3395 		int *freqs = freq_range_to_channel_list(wpa_s, pos + 6);
3396 		if (freqs) {
3397 			os_free(wpa_s->select_network_scan_freqs);
3398 			wpa_s->select_network_scan_freqs = freqs;
3399 		}
3400 	}
3401 
3402 	wpa_s->scan_min_time.sec = 0;
3403 	wpa_s->scan_min_time.usec = 0;
3404 	wpa_supplicant_select_network(wpa_s, ssid);
3405 
3406 	return 0;
3407 }
3408 
3409 
3410 static int wpa_supplicant_ctrl_iface_enable_network(
3411 	struct wpa_supplicant *wpa_s, char *cmd)
3412 {
3413 	int id;
3414 	struct wpa_ssid *ssid;
3415 
3416 	/* cmd: "<network id>" or "all" */
3417 	if (os_strcmp(cmd, "all") == 0) {
3418 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: ENABLE_NETWORK all");
3419 		ssid = NULL;
3420 	} else {
3421 		id = atoi(cmd);
3422 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: ENABLE_NETWORK id=%d", id);
3423 
3424 		ssid = wpa_config_get_network(wpa_s->conf, id);
3425 		if (ssid == NULL) {
3426 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
3427 				   "network id=%d", id);
3428 			return -1;
3429 		}
3430 		if (ssid->disabled == 2) {
3431 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
3432 				   "ENABLE_NETWORK with persistent P2P group");
3433 			return -1;
3434 		}
3435 
3436 		if (os_strstr(cmd, " no-connect")) {
3437 			ssid->disabled = 0;
3438 			return 0;
3439 		}
3440 	}
3441 	wpa_s->scan_min_time.sec = 0;
3442 	wpa_s->scan_min_time.usec = 0;
3443 	wpa_supplicant_enable_network(wpa_s, ssid);
3444 
3445 	return 0;
3446 }
3447 
3448 
3449 static int wpa_supplicant_ctrl_iface_disable_network(
3450 	struct wpa_supplicant *wpa_s, char *cmd)
3451 {
3452 	int id;
3453 	struct wpa_ssid *ssid;
3454 
3455 	/* cmd: "<network id>" or "all" */
3456 	if (os_strcmp(cmd, "all") == 0) {
3457 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: DISABLE_NETWORK all");
3458 		ssid = NULL;
3459 	} else {
3460 		id = atoi(cmd);
3461 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: DISABLE_NETWORK id=%d", id);
3462 
3463 		ssid = wpa_config_get_network(wpa_s->conf, id);
3464 		if (ssid == NULL) {
3465 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
3466 				   "network id=%d", id);
3467 			return -1;
3468 		}
3469 		if (ssid->disabled == 2) {
3470 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Cannot use "
3471 				   "DISABLE_NETWORK with persistent P2P "
3472 				   "group");
3473 			return -1;
3474 		}
3475 	}
3476 	wpa_supplicant_disable_network(wpa_s, ssid);
3477 
3478 	return 0;
3479 }
3480 
3481 
3482 static int wpa_supplicant_ctrl_iface_add_network(
3483 	struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
3484 {
3485 	struct wpa_ssid *ssid;
3486 	int ret;
3487 
3488 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_NETWORK");
3489 
3490 	ssid = wpa_supplicant_add_network(wpa_s);
3491 	if (ssid == NULL)
3492 		return -1;
3493 
3494 	ret = os_snprintf(buf, buflen, "%d\n", ssid->id);
3495 	if (os_snprintf_error(buflen, ret))
3496 		return -1;
3497 	return ret;
3498 }
3499 
3500 
3501 static int wpa_supplicant_ctrl_iface_remove_network(
3502 	struct wpa_supplicant *wpa_s, char *cmd)
3503 {
3504 	int id;
3505 	int result;
3506 
3507 	/* cmd: "<network id>" or "all" */
3508 	if (os_strcmp(cmd, "all") == 0) {
3509 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK all");
3510 		return wpa_supplicant_remove_all_networks(wpa_s);
3511 	}
3512 
3513 	id = atoi(cmd);
3514 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK id=%d", id);
3515 
3516 	result = wpa_supplicant_remove_network(wpa_s, id);
3517 	if (result == -1) {
3518 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
3519 			   "id=%d", id);
3520 		return -1;
3521 	}
3522 	if (result == -2) {
3523 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the "
3524 			   "network id=%d", id);
3525 		return -1;
3526 	}
3527 	return 0;
3528 }
3529 
3530 
3531 static int wpa_supplicant_ctrl_iface_update_network(
3532 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
3533 	char *name, char *value)
3534 {
3535 	int ret;
3536 
3537 	ret = wpa_config_set(ssid, name, value, 0);
3538 	if (ret < 0) {
3539 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set network "
3540 			   "variable '%s'", name);
3541 		return -1;
3542 	}
3543 	if (ret == 1)
3544 		return 0; /* No change to the previously configured value */
3545 
3546 #ifdef CONFIG_BGSCAN
3547 	if (os_strcmp(name, "bgscan") == 0) {
3548 		/*
3549 		 * Reset the bgscan parameters for the current network and
3550 		 * return. There's no need to flush caches for bgscan parameter
3551 		 * changes.
3552 		 */
3553 		if (wpa_s->current_ssid == ssid &&
3554 		    wpa_s->wpa_state == WPA_COMPLETED)
3555 			wpa_supplicant_reset_bgscan(wpa_s);
3556 		return 0;
3557 	}
3558 #endif /* CONFIG_BGSCAN */
3559 
3560 	if (os_strcmp(name, "bssid") != 0 &&
3561 	    os_strcmp(name, "bssid_hint") != 0 &&
3562 	    os_strcmp(name, "priority") != 0) {
3563 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
3564 
3565 		if (wpa_s->current_ssid == ssid ||
3566 		    wpa_s->current_ssid == NULL) {
3567 			/*
3568 			 * Invalidate the EAP session cache if anything in the
3569 			 * current or previously used configuration changes.
3570 			 */
3571 			eapol_sm_invalidate_cached_session(wpa_s->eapol);
3572 		}
3573 	}
3574 
3575 	if ((os_strcmp(name, "psk") == 0 &&
3576 	     value[0] == '"' && ssid->ssid_len) ||
3577 	    (os_strcmp(name, "ssid") == 0 && ssid->passphrase))
3578 		wpa_config_update_psk(ssid);
3579 	else if (os_strcmp(name, "priority") == 0)
3580 		wpa_config_update_prio_list(wpa_s->conf);
3581 
3582 	return 0;
3583 }
3584 
3585 
3586 static int wpa_supplicant_ctrl_iface_set_network(
3587 	struct wpa_supplicant *wpa_s, char *cmd)
3588 {
3589 	int id, ret, prev_bssid_set, prev_disabled;
3590 	struct wpa_ssid *ssid;
3591 	char *name, *value;
3592 	u8 prev_bssid[ETH_ALEN];
3593 
3594 	/* cmd: "<network id> <variable name> <value>" */
3595 	name = os_strchr(cmd, ' ');
3596 	if (name == NULL)
3597 		return -1;
3598 	*name++ = '\0';
3599 
3600 	value = os_strchr(name, ' ');
3601 	if (value == NULL)
3602 		return -1;
3603 	*value++ = '\0';
3604 
3605 	id = atoi(cmd);
3606 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_NETWORK id=%d name='%s'",
3607 		   id, name);
3608 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
3609 			      (u8 *) value, os_strlen(value));
3610 
3611 	ssid = wpa_config_get_network(wpa_s->conf, id);
3612 	if (ssid == NULL) {
3613 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
3614 			   "id=%d", id);
3615 		return -1;
3616 	}
3617 
3618 	prev_bssid_set = ssid->bssid_set;
3619 	prev_disabled = ssid->disabled;
3620 	os_memcpy(prev_bssid, ssid->bssid, ETH_ALEN);
3621 	ret = wpa_supplicant_ctrl_iface_update_network(wpa_s, ssid, name,
3622 						       value);
3623 	if (ret == 0 &&
3624 	    (ssid->bssid_set != prev_bssid_set ||
3625 	     os_memcmp(ssid->bssid, prev_bssid, ETH_ALEN) != 0))
3626 		wpas_notify_network_bssid_set_changed(wpa_s, ssid);
3627 
3628 	if (prev_disabled != ssid->disabled &&
3629 	    (prev_disabled == 2 || ssid->disabled == 2))
3630 		wpas_notify_network_type_changed(wpa_s, ssid);
3631 
3632 	return ret;
3633 }
3634 
3635 
3636 static int wpa_supplicant_ctrl_iface_get_network(
3637 	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
3638 {
3639 	int id;
3640 	size_t res;
3641 	struct wpa_ssid *ssid;
3642 	char *name, *value;
3643 
3644 	/* cmd: "<network id> <variable name>" */
3645 	name = os_strchr(cmd, ' ');
3646 	if (name == NULL || buflen == 0)
3647 		return -1;
3648 	*name++ = '\0';
3649 
3650 	id = atoi(cmd);
3651 	wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: GET_NETWORK id=%d name='%s'",
3652 		   id, name);
3653 
3654 	ssid = wpa_config_get_network(wpa_s->conf, id);
3655 	if (ssid == NULL) {
3656 		wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: Could not find network "
3657 			   "id=%d", id);
3658 		return -1;
3659 	}
3660 
3661 	value = wpa_config_get_no_key(ssid, name);
3662 	if (value == NULL) {
3663 		wpa_printf(MSG_EXCESSIVE, "CTRL_IFACE: Failed to get network "
3664 			   "variable '%s'", name);
3665 		return -1;
3666 	}
3667 
3668 	res = os_strlcpy(buf, value, buflen);
3669 	if (res >= buflen) {
3670 		os_free(value);
3671 		return -1;
3672 	}
3673 
3674 	os_free(value);
3675 
3676 	return res;
3677 }
3678 
3679 
3680 static int wpa_supplicant_ctrl_iface_dup_network(
3681 	struct wpa_supplicant *wpa_s, char *cmd,
3682 	struct wpa_supplicant *dst_wpa_s)
3683 {
3684 	struct wpa_ssid *ssid_s, *ssid_d;
3685 	char *name, *id, *value;
3686 	int id_s, id_d, ret;
3687 
3688 	/* cmd: "<src network id> <dst network id> <variable name>" */
3689 	id = os_strchr(cmd, ' ');
3690 	if (id == NULL)
3691 		return -1;
3692 	*id++ = '\0';
3693 
3694 	name = os_strchr(id, ' ');
3695 	if (name == NULL)
3696 		return -1;
3697 	*name++ = '\0';
3698 
3699 	id_s = atoi(cmd);
3700 	id_d = atoi(id);
3701 
3702 	wpa_printf(MSG_DEBUG,
3703 		   "CTRL_IFACE: DUP_NETWORK ifname=%s->%s id=%d->%d name='%s'",
3704 		   wpa_s->ifname, dst_wpa_s->ifname, id_s, id_d, name);
3705 
3706 	ssid_s = wpa_config_get_network(wpa_s->conf, id_s);
3707 	if (ssid_s == NULL) {
3708 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
3709 			   "network id=%d", id_s);
3710 		return -1;
3711 	}
3712 
3713 	ssid_d = wpa_config_get_network(dst_wpa_s->conf, id_d);
3714 	if (ssid_d == NULL) {
3715 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
3716 			   "network id=%d", id_d);
3717 		return -1;
3718 	}
3719 
3720 	value = wpa_config_get(ssid_s, name);
3721 	if (value == NULL) {
3722 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to get network "
3723 			   "variable '%s'", name);
3724 		return -1;
3725 	}
3726 
3727 	ret = wpa_supplicant_ctrl_iface_update_network(dst_wpa_s, ssid_d, name,
3728 						       value);
3729 
3730 	os_free(value);
3731 
3732 	return ret;
3733 }
3734 
3735 
3736 static int wpa_supplicant_ctrl_iface_list_creds(struct wpa_supplicant *wpa_s,
3737 						char *buf, size_t buflen)
3738 {
3739 	char *pos, *end;
3740 	struct wpa_cred *cred;
3741 	int ret;
3742 
3743 	pos = buf;
3744 	end = buf + buflen;
3745 	ret = os_snprintf(pos, end - pos,
3746 			  "cred id / realm / username / domain / imsi\n");
3747 	if (os_snprintf_error(end - pos, ret))
3748 		return pos - buf;
3749 	pos += ret;
3750 
3751 	cred = wpa_s->conf->cred;
3752 	while (cred) {
3753 		ret = os_snprintf(pos, end - pos, "%d\t%s\t%s\t%s\t%s\n",
3754 				  cred->id, cred->realm ? cred->realm : "",
3755 				  cred->username ? cred->username : "",
3756 				  cred->domain ? cred->domain[0] : "",
3757 				  cred->imsi ? cred->imsi : "");
3758 		if (os_snprintf_error(end - pos, ret))
3759 			return pos - buf;
3760 		pos += ret;
3761 
3762 		cred = cred->next;
3763 	}
3764 
3765 	return pos - buf;
3766 }
3767 
3768 
3769 static int wpa_supplicant_ctrl_iface_add_cred(struct wpa_supplicant *wpa_s,
3770 					      char *buf, size_t buflen)
3771 {
3772 	struct wpa_cred *cred;
3773 	int ret;
3774 
3775 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_CRED");
3776 
3777 	cred = wpa_config_add_cred(wpa_s->conf);
3778 	if (cred == NULL)
3779 		return -1;
3780 
3781 	wpa_msg(wpa_s, MSG_INFO, CRED_ADDED "%d", cred->id);
3782 
3783 	ret = os_snprintf(buf, buflen, "%d\n", cred->id);
3784 	if (os_snprintf_error(buflen, ret))
3785 		return -1;
3786 	return ret;
3787 }
3788 
3789 
3790 static int wpas_ctrl_remove_cred(struct wpa_supplicant *wpa_s,
3791 				 struct wpa_cred *cred)
3792 {
3793 	struct wpa_ssid *ssid;
3794 	char str[20];
3795 	int id;
3796 
3797 	if (cred == NULL) {
3798 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred");
3799 		return -1;
3800 	}
3801 
3802 	id = cred->id;
3803 	if (wpa_config_remove_cred(wpa_s->conf, id) < 0) {
3804 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred");
3805 		return -1;
3806 	}
3807 
3808 	wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id);
3809 
3810 	/* Remove any network entry created based on the removed credential */
3811 	ssid = wpa_s->conf->ssid;
3812 	while (ssid) {
3813 		if (ssid->parent_cred == cred) {
3814 			int res;
3815 
3816 			wpa_printf(MSG_DEBUG, "Remove network id %d since it "
3817 				   "used the removed credential", ssid->id);
3818 			res = os_snprintf(str, sizeof(str), "%d", ssid->id);
3819 			if (os_snprintf_error(sizeof(str), res))
3820 				str[sizeof(str) - 1] = '\0';
3821 			ssid = ssid->next;
3822 			wpa_supplicant_ctrl_iface_remove_network(wpa_s, str);
3823 		} else
3824 			ssid = ssid->next;
3825 	}
3826 
3827 	return 0;
3828 }
3829 
3830 
3831 static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s,
3832 						 char *cmd)
3833 {
3834 	int id;
3835 	struct wpa_cred *cred, *prev;
3836 
3837 	/* cmd: "<cred id>", "all", "sp_fqdn=<FQDN>", or
3838 	 * "provisioning_sp=<FQDN> */
3839 	if (os_strcmp(cmd, "all") == 0) {
3840 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED all");
3841 		cred = wpa_s->conf->cred;
3842 		while (cred) {
3843 			prev = cred;
3844 			cred = cred->next;
3845 			wpas_ctrl_remove_cred(wpa_s, prev);
3846 		}
3847 		return 0;
3848 	}
3849 
3850 	if (os_strncmp(cmd, "sp_fqdn=", 8) == 0) {
3851 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED SP FQDN '%s'",
3852 			   cmd + 8);
3853 		cred = wpa_s->conf->cred;
3854 		while (cred) {
3855 			prev = cred;
3856 			cred = cred->next;
3857 			if (prev->domain) {
3858 				size_t i;
3859 				for (i = 0; i < prev->num_domain; i++) {
3860 					if (os_strcmp(prev->domain[i], cmd + 8)
3861 					    != 0)
3862 						continue;
3863 					wpas_ctrl_remove_cred(wpa_s, prev);
3864 					break;
3865 				}
3866 			}
3867 		}
3868 		return 0;
3869 	}
3870 
3871 	if (os_strncmp(cmd, "provisioning_sp=", 16) == 0) {
3872 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED provisioning SP FQDN '%s'",
3873 			   cmd + 16);
3874 		cred = wpa_s->conf->cred;
3875 		while (cred) {
3876 			prev = cred;
3877 			cred = cred->next;
3878 			if (prev->provisioning_sp &&
3879 			    os_strcmp(prev->provisioning_sp, cmd + 16) == 0)
3880 				wpas_ctrl_remove_cred(wpa_s, prev);
3881 		}
3882 		return 0;
3883 	}
3884 
3885 	id = atoi(cmd);
3886 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED id=%d", id);
3887 
3888 	cred = wpa_config_get_cred(wpa_s->conf, id);
3889 	return wpas_ctrl_remove_cred(wpa_s, cred);
3890 }
3891 
3892 
3893 static int wpa_supplicant_ctrl_iface_set_cred(struct wpa_supplicant *wpa_s,
3894 					      char *cmd)
3895 {
3896 	int id;
3897 	struct wpa_cred *cred;
3898 	char *name, *value;
3899 
3900 	/* cmd: "<cred id> <variable name> <value>" */
3901 	name = os_strchr(cmd, ' ');
3902 	if (name == NULL)
3903 		return -1;
3904 	*name++ = '\0';
3905 
3906 	value = os_strchr(name, ' ');
3907 	if (value == NULL)
3908 		return -1;
3909 	*value++ = '\0';
3910 
3911 	id = atoi(cmd);
3912 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_CRED id=%d name='%s'",
3913 		   id, name);
3914 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
3915 			      (u8 *) value, os_strlen(value));
3916 
3917 	cred = wpa_config_get_cred(wpa_s->conf, id);
3918 	if (cred == NULL) {
3919 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred id=%d",
3920 			   id);
3921 		return -1;
3922 	}
3923 
3924 	if (wpa_config_set_cred(cred, name, value, 0) < 0) {
3925 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set cred "
3926 			   "variable '%s'", name);
3927 		return -1;
3928 	}
3929 
3930 	wpa_msg(wpa_s, MSG_INFO, CRED_MODIFIED "%d %s", cred->id, name);
3931 
3932 	return 0;
3933 }
3934 
3935 
3936 static int wpa_supplicant_ctrl_iface_get_cred(struct wpa_supplicant *wpa_s,
3937 					      char *cmd, char *buf,
3938 					      size_t buflen)
3939 {
3940 	int id;
3941 	size_t res;
3942 	struct wpa_cred *cred;
3943 	char *name, *value;
3944 
3945 	/* cmd: "<cred id> <variable name>" */
3946 	name = os_strchr(cmd, ' ');
3947 	if (name == NULL)
3948 		return -1;
3949 	*name++ = '\0';
3950 
3951 	id = atoi(cmd);
3952 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CRED id=%d name='%s'",
3953 		   id, name);
3954 
3955 	cred = wpa_config_get_cred(wpa_s->conf, id);
3956 	if (cred == NULL) {
3957 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred id=%d",
3958 			   id);
3959 		return -1;
3960 	}
3961 
3962 	value = wpa_config_get_cred_no_key(cred, name);
3963 	if (value == NULL) {
3964 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to get cred variable '%s'",
3965 			   name);
3966 		return -1;
3967 	}
3968 
3969 	res = os_strlcpy(buf, value, buflen);
3970 	if (res >= buflen) {
3971 		os_free(value);
3972 		return -1;
3973 	}
3974 
3975 	os_free(value);
3976 
3977 	return res;
3978 }
3979 
3980 
3981 #ifndef CONFIG_NO_CONFIG_WRITE
3982 static int wpa_supplicant_ctrl_iface_save_config(struct wpa_supplicant *wpa_s)
3983 {
3984 	int ret;
3985 
3986 	if (!wpa_s->conf->update_config) {
3987 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Not allowed "
3988 			   "to update configuration (update_config=0)");
3989 		return -1;
3990 	}
3991 
3992 	ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
3993 	if (ret) {
3994 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Failed to "
3995 			   "update configuration");
3996 	} else {
3997 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Configuration"
3998 			   " updated");
3999 	}
4000 
4001 	return ret;
4002 }
4003 #endif /* CONFIG_NO_CONFIG_WRITE */
4004 
4005 
4006 struct cipher_info {
4007 	unsigned int capa;
4008 	const char *name;
4009 	int group_only;
4010 };
4011 
4012 static const struct cipher_info ciphers[] = {
4013 	{ WPA_DRIVER_CAPA_ENC_CCMP_256, "CCMP-256", 0 },
4014 	{ WPA_DRIVER_CAPA_ENC_GCMP_256, "GCMP-256", 0 },
4015 	{ WPA_DRIVER_CAPA_ENC_CCMP, "CCMP", 0 },
4016 	{ WPA_DRIVER_CAPA_ENC_GCMP, "GCMP", 0 },
4017 #ifndef CONFIG_NO_TKIP
4018 	{ WPA_DRIVER_CAPA_ENC_TKIP, "TKIP", 0 },
4019 #endif /* CONFIG_NO_TKIP */
4020 	{ WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE, "NONE", 0 },
4021 #ifdef CONFIG_WEP
4022 	{ WPA_DRIVER_CAPA_ENC_WEP104, "WEP104", 1 },
4023 	{ WPA_DRIVER_CAPA_ENC_WEP40, "WEP40", 1 }
4024 #endif /* CONFIG_WEP */
4025 };
4026 
4027 static const struct cipher_info ciphers_group_mgmt[] = {
4028 	{ WPA_DRIVER_CAPA_ENC_BIP, "AES-128-CMAC", 1 },
4029 	{ WPA_DRIVER_CAPA_ENC_BIP_GMAC_128, "BIP-GMAC-128", 1 },
4030 	{ WPA_DRIVER_CAPA_ENC_BIP_GMAC_256, "BIP-GMAC-256", 1 },
4031 	{ WPA_DRIVER_CAPA_ENC_BIP_CMAC_256, "BIP-CMAC-256", 1 },
4032 };
4033 
4034 
4035 static int ctrl_iface_get_capability_pairwise(int res, bool strict,
4036 					      struct wpa_driver_capa *capa,
4037 					      char *buf, size_t buflen)
4038 {
4039 	int ret;
4040 	char *pos, *end;
4041 	size_t len;
4042 	unsigned int i;
4043 
4044 	pos = buf;
4045 	end = pos + buflen;
4046 
4047 	if (res < 0) {
4048 		if (strict)
4049 			return 0;
4050 #ifdef CONFIG_NO_TKIP
4051 		len = os_strlcpy(buf, "CCMP NONE", buflen);
4052 #else /* CONFIG_NO_TKIP */
4053 		len = os_strlcpy(buf, "CCMP TKIP NONE", buflen);
4054 #endif /* CONFIG_NO_TKIP */
4055 		if (len >= buflen)
4056 			return -1;
4057 		return len;
4058 	}
4059 
4060 	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
4061 		if (!ciphers[i].group_only && capa->enc & ciphers[i].capa) {
4062 			ret = os_snprintf(pos, end - pos, "%s%s",
4063 					  pos == buf ? "" : " ",
4064 					  ciphers[i].name);
4065 			if (os_snprintf_error(end - pos, ret))
4066 				return pos - buf;
4067 			pos += ret;
4068 		}
4069 	}
4070 
4071 	return pos - buf;
4072 }
4073 
4074 
4075 static int ctrl_iface_get_capability_group(int res, bool strict,
4076 					   struct wpa_driver_capa *capa,
4077 					   char *buf, size_t buflen)
4078 {
4079 	int ret;
4080 	char *pos, *end;
4081 	size_t len;
4082 	unsigned int i;
4083 
4084 	pos = buf;
4085 	end = pos + buflen;
4086 
4087 	if (res < 0) {
4088 		if (strict)
4089 			return 0;
4090 #ifdef CONFIG_WEP
4091 #ifdef CONFIG_NO_TKIP
4092 		len = os_strlcpy(buf, "CCMP WEP104 WEP40", buflen);
4093 #else /* CONFIG_NO_TKIP */
4094 		len = os_strlcpy(buf, "CCMP TKIP WEP104 WEP40", buflen);
4095 #endif /* CONFIG_NO_TKIP */
4096 #else /* CONFIG_WEP */
4097 #ifdef CONFIG_NO_TKIP
4098 		len = os_strlcpy(buf, "CCMP", buflen);
4099 #else /* CONFIG_NO_TKIP */
4100 		len = os_strlcpy(buf, "CCMP TKIP", buflen);
4101 #endif /* CONFIG_NO_TKIP */
4102 #endif /* CONFIG_WEP */
4103 		if (len >= buflen)
4104 			return -1;
4105 		return len;
4106 	}
4107 
4108 	for (i = 0; i < ARRAY_SIZE(ciphers); i++) {
4109 		if (capa->enc & ciphers[i].capa) {
4110 			ret = os_snprintf(pos, end - pos, "%s%s",
4111 					  pos == buf ? "" : " ",
4112 					  ciphers[i].name);
4113 			if (os_snprintf_error(end - pos, ret))
4114 				return pos - buf;
4115 			pos += ret;
4116 		}
4117 	}
4118 
4119 	return pos - buf;
4120 }
4121 
4122 
4123 static int ctrl_iface_get_capability_group_mgmt(int res, bool strict,
4124 						struct wpa_driver_capa *capa,
4125 						char *buf, size_t buflen)
4126 {
4127 	int ret;
4128 	char *pos, *end;
4129 	unsigned int i;
4130 
4131 	pos = buf;
4132 	end = pos + buflen;
4133 
4134 	if (res < 0)
4135 		return 0;
4136 
4137 	for (i = 0; i < ARRAY_SIZE(ciphers_group_mgmt); i++) {
4138 		if (capa->enc & ciphers_group_mgmt[i].capa) {
4139 			ret = os_snprintf(pos, end - pos, "%s%s",
4140 					  pos == buf ? "" : " ",
4141 					  ciphers_group_mgmt[i].name);
4142 			if (os_snprintf_error(end - pos, ret))
4143 				return pos - buf;
4144 			pos += ret;
4145 		}
4146 	}
4147 
4148 	return pos - buf;
4149 }
4150 
4151 
4152 static int iftype_str_to_index(const char *iftype_str)
4153 {
4154 	if (!iftype_str)
4155 		return WPA_IF_MAX;
4156 
4157 	if (os_strcmp(iftype_str, "STATION") == 0)
4158 		return WPA_IF_STATION;
4159 
4160 	if (os_strcmp(iftype_str, "AP_VLAN") == 0)
4161 		return WPA_IF_AP_VLAN;
4162 
4163 	if (os_strcmp(iftype_str, "AP") == 0)
4164 		return WPA_IF_AP_BSS;
4165 
4166 	if (os_strcmp(iftype_str, "P2P_GO") == 0)
4167 		return WPA_IF_P2P_GO;
4168 
4169 	if (os_strcmp(iftype_str, "P2P_CLIENT") == 0)
4170 		return WPA_IF_P2P_CLIENT;
4171 
4172 	if (os_strcmp(iftype_str, "P2P_DEVICE") == 0)
4173 		return WPA_IF_P2P_DEVICE;
4174 
4175 	if (os_strcmp(iftype_str, "MESH") == 0)
4176 		return WPA_IF_MESH;
4177 
4178 	if (os_strcmp(iftype_str, "IBSS") == 0)
4179 		return WPA_IF_IBSS;
4180 
4181 	if (os_strcmp(iftype_str, "NAN") == 0)
4182 		return WPA_IF_NAN;
4183 
4184 	return WPA_IF_MAX;
4185 }
4186 
4187 
4188 static int ctrl_iface_get_capability_key_mgmt(int res, bool strict,
4189 					      struct wpa_driver_capa *capa,
4190 					      const char *iftype_str,
4191 					      char *buf, size_t buflen)
4192 {
4193 	int ret;
4194 	unsigned int key_mgmt;
4195 	char *pos, *end;
4196 	size_t len;
4197 
4198 	pos = buf;
4199 	end = pos + buflen;
4200 
4201 	if (res < 0) {
4202 		if (strict)
4203 			return 0;
4204 		len = os_strlcpy(buf, "WPA-PSK WPA-EAP IEEE8021X WPA-NONE "
4205 				 "NONE", buflen);
4206 		if (len >= buflen)
4207 			return -1;
4208 		return len;
4209 	}
4210 
4211 	if (iftype_str) {
4212 		enum wpa_driver_if_type iftype;
4213 
4214 		iftype = iftype_str_to_index(iftype_str);
4215 		if (iftype == WPA_IF_MAX)
4216 			return -1;
4217 		key_mgmt = capa->key_mgmt_iftype[iftype];
4218 	} else {
4219 		key_mgmt = capa->key_mgmt;
4220 	}
4221 
4222 	ret = os_snprintf(pos, end - pos, "NONE IEEE8021X");
4223 	if (os_snprintf_error(end - pos, ret))
4224 		return pos - buf;
4225 	pos += ret;
4226 
4227 	if (key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
4228 			WPA_DRIVER_CAPA_KEY_MGMT_WPA2)) {
4229 		ret = os_snprintf(pos, end - pos, " WPA-EAP");
4230 		if (os_snprintf_error(end - pos, ret))
4231 			return pos - buf;
4232 		pos += ret;
4233 	}
4234 
4235 	if (key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK |
4236 			WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
4237 		ret = os_snprintf(pos, end - pos, " WPA-PSK");
4238 		if (os_snprintf_error(end - pos, ret))
4239 			return pos - buf;
4240 		pos += ret;
4241 	}
4242 
4243 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) {
4244 		ret = os_snprintf(pos, end - pos, " WPA-NONE");
4245 		if (os_snprintf_error(end - pos, ret))
4246 			return pos - buf;
4247 		pos += ret;
4248 	}
4249 
4250 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WAPI_PSK) {
4251 		ret = os_snprintf(pos, end - pos, " WAPI-PSK");
4252 		if (os_snprintf_error(end - pos, ret))
4253 			return pos - buf;
4254 		pos += ret;
4255 	}
4256 
4257 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_TPK_HANDSHAKE) {
4258 		ret = os_snprintf(pos, end - pos, " TPK-HANDSHAKE");
4259 		if (os_snprintf_error(end - pos, ret))
4260 			return pos - buf;
4261 		pos += ret;
4262 	}
4263 
4264 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_CCKM) {
4265 		ret = os_snprintf(pos, end - pos, " CCKM");
4266 		if (os_snprintf_error(end - pos, ret))
4267 			return pos - buf;
4268 		pos += ret;
4269 	}
4270 
4271 #ifdef CONFIG_SUITEB
4272 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B) {
4273 		ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B");
4274 		if (os_snprintf_error(end - pos, ret))
4275 			return pos - buf;
4276 		pos += ret;
4277 	}
4278 #endif /* CONFIG_SUITEB */
4279 #ifdef CONFIG_SUITEB192
4280 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192) {
4281 		ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B-192");
4282 		if (os_snprintf_error(end - pos, ret))
4283 			return pos - buf;
4284 		pos += ret;
4285 	}
4286 #endif /* CONFIG_SUITEB192 */
4287 #ifdef CONFIG_OWE
4288 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OWE) {
4289 		ret = os_snprintf(pos, end - pos, " OWE");
4290 		if (os_snprintf_error(end - pos, ret))
4291 			return pos - buf;
4292 		pos += ret;
4293 	}
4294 #endif /* CONFIG_OWE */
4295 #ifdef CONFIG_DPP
4296 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_DPP) {
4297 		ret = os_snprintf(pos, end - pos, " DPP");
4298 		if (os_snprintf_error(end - pos, ret))
4299 			return pos - buf;
4300 		pos += ret;
4301 	}
4302 #endif /* CONFIG_DPP */
4303 #ifdef CONFIG_FILS
4304 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA256) {
4305 		ret = os_snprintf(pos, end - pos, " FILS-SHA256");
4306 		if (os_snprintf_error(end - pos, ret))
4307 			return pos - buf;
4308 		pos += ret;
4309 	}
4310 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FILS_SHA384) {
4311 		ret = os_snprintf(pos, end - pos, " FILS-SHA384");
4312 		if (os_snprintf_error(end - pos, ret))
4313 			return pos - buf;
4314 		pos += ret;
4315 	}
4316 #ifdef CONFIG_IEEE80211R
4317 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA256) {
4318 		ret = os_snprintf(pos, end - pos, " FT-FILS-SHA256");
4319 		if (os_snprintf_error(end - pos, ret))
4320 			return pos - buf;
4321 		pos += ret;
4322 	}
4323 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_FILS_SHA384) {
4324 		ret = os_snprintf(pos, end - pos, " FT-FILS-SHA384");
4325 		if (os_snprintf_error(end - pos, ret))
4326 			return pos - buf;
4327 		pos += ret;
4328 	}
4329 #endif /* CONFIG_IEEE80211R */
4330 #endif /* CONFIG_FILS */
4331 #ifdef CONFIG_IEEE80211R
4332 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK) {
4333 		ret = os_snprintf(pos, end - pos, " FT-PSK");
4334 		if (os_snprintf_error(end - pos, ret))
4335 			return pos - buf;
4336 		pos += ret;
4337 	}
4338 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT) {
4339 		ret = os_snprintf(pos, end - pos, " FT-EAP");
4340 		if (os_snprintf_error(end - pos, ret))
4341 			return pos - buf;
4342 		pos += ret;
4343 	}
4344 #ifdef CONFIG_SAE
4345 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_SAE) {
4346 		ret = os_snprintf(pos, end - pos, " FT-SAE");
4347 		if (os_snprintf_error(end - pos, ret))
4348 			return pos - buf;
4349 		pos += ret;
4350 	}
4351 #endif /* CONFIG_SAE */
4352 #ifdef CONFIG_SHA384
4353 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_FT_802_1X_SHA384) {
4354 		ret = os_snprintf(pos, end - pos, " FT-EAP-SHA384");
4355 		if (os_snprintf_error(end - pos, ret))
4356 			return pos - buf;
4357 		pos += ret;
4358 	}
4359 #endif /* CONFIG_SHA384 */
4360 #endif /* CONFIG_IEEE80211R */
4361 #ifdef CONFIG_SAE
4362 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SAE) {
4363 		ret = os_snprintf(pos, end - pos, " SAE");
4364 		if (os_snprintf_error(end - pos, ret))
4365 			return pos - buf;
4366 		pos += ret;
4367 	}
4368 #endif /* CONFIG_SAE */
4369 #ifdef CONFIG_SHA256
4370 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_802_1X_SHA256) {
4371 		ret = os_snprintf(pos, end - pos, " WPA-EAP-SHA256");
4372 		if (os_snprintf_error(end - pos, ret))
4373 			return pos - buf;
4374 		pos += ret;
4375 	}
4376 
4377 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_PSK_SHA256) {
4378 		ret = os_snprintf(pos, end - pos, " WPA-PSK-SHA256");
4379 		if (os_snprintf_error(end - pos, ret))
4380 			return pos - buf;
4381 		pos += ret;
4382 	}
4383 #endif /* CONFIG_SHA256 */
4384 #ifdef CONFIG_HS20
4385 	if (key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_OSEN) {
4386 		ret = os_snprintf(pos, end - pos, " OSEN");
4387 		if (os_snprintf_error(end - pos, ret))
4388 			return pos - buf;
4389 		pos += ret;
4390 	}
4391 #endif /* CONFIG_HS20 */
4392 
4393 	return pos - buf;
4394 }
4395 
4396 
4397 static int ctrl_iface_get_capability_proto(int res, bool strict,
4398 					   struct wpa_driver_capa *capa,
4399 					   char *buf, size_t buflen)
4400 {
4401 	int ret;
4402 	char *pos, *end;
4403 	size_t len;
4404 
4405 	pos = buf;
4406 	end = pos + buflen;
4407 
4408 	if (res < 0) {
4409 		if (strict)
4410 			return 0;
4411 		len = os_strlcpy(buf, "RSN WPA", buflen);
4412 		if (len >= buflen)
4413 			return -1;
4414 		return len;
4415 	}
4416 
4417 	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA2 |
4418 			      WPA_DRIVER_CAPA_KEY_MGMT_WPA2_PSK)) {
4419 		ret = os_snprintf(pos, end - pos, "%sRSN",
4420 				  pos == buf ? "" : " ");
4421 		if (os_snprintf_error(end - pos, ret))
4422 			return pos - buf;
4423 		pos += ret;
4424 	}
4425 
4426 	if (capa->key_mgmt & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
4427 			      WPA_DRIVER_CAPA_KEY_MGMT_WPA_PSK)) {
4428 		ret = os_snprintf(pos, end - pos, "%sWPA",
4429 				  pos == buf ? "" : " ");
4430 		if (os_snprintf_error(end - pos, ret))
4431 			return pos - buf;
4432 		pos += ret;
4433 	}
4434 
4435 	return pos - buf;
4436 }
4437 
4438 
4439 static int ctrl_iface_get_capability_auth_alg(struct wpa_supplicant *wpa_s,
4440 					      int res, bool strict,
4441 					      struct wpa_driver_capa *capa,
4442 					      char *buf, size_t buflen)
4443 {
4444 	int ret;
4445 	char *pos, *end;
4446 	size_t len;
4447 
4448 	pos = buf;
4449 	end = pos + buflen;
4450 
4451 	if (res < 0) {
4452 		if (strict)
4453 			return 0;
4454 		len = os_strlcpy(buf, "OPEN SHARED LEAP", buflen);
4455 		if (len >= buflen)
4456 			return -1;
4457 		return len;
4458 	}
4459 
4460 	if (capa->auth & (WPA_DRIVER_AUTH_OPEN)) {
4461 		ret = os_snprintf(pos, end - pos, "%sOPEN",
4462 				  pos == buf ? "" : " ");
4463 		if (os_snprintf_error(end - pos, ret))
4464 			return pos - buf;
4465 		pos += ret;
4466 	}
4467 
4468 	if (capa->auth & (WPA_DRIVER_AUTH_SHARED)) {
4469 		ret = os_snprintf(pos, end - pos, "%sSHARED",
4470 				  pos == buf ? "" : " ");
4471 		if (os_snprintf_error(end - pos, ret))
4472 			return pos - buf;
4473 		pos += ret;
4474 	}
4475 
4476 	if (capa->auth & (WPA_DRIVER_AUTH_LEAP)) {
4477 		ret = os_snprintf(pos, end - pos, "%sLEAP",
4478 				  pos == buf ? "" : " ");
4479 		if (os_snprintf_error(end - pos, ret))
4480 			return pos - buf;
4481 		pos += ret;
4482 	}
4483 
4484 #ifdef CONFIG_SAE
4485 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) {
4486 		ret = os_snprintf(pos, end - pos, "%sSAE",
4487 				  pos == buf ? "" : " ");
4488 		if (os_snprintf_error(end - pos, ret))
4489 			return pos - buf;
4490 		pos += ret;
4491 	}
4492 #endif /* CONFIG_SAE */
4493 
4494 #ifdef CONFIG_FILS
4495 	if (wpa_is_fils_supported(wpa_s)) {
4496 		ret = os_snprintf(pos, end - pos, "%sFILS_SK_WITHOUT_PFS",
4497 				  pos == buf ? "" : " ");
4498 		if (os_snprintf_error(end - pos, ret))
4499 			return pos - buf;
4500 		pos += ret;
4501 	}
4502 
4503 #ifdef CONFIG_FILS_SK_PFS
4504 	if (wpa_is_fils_sk_pfs_supported(wpa_s)) {
4505 		ret = os_snprintf(pos, end - pos, "%sFILS_SK_WITH_PFS",
4506 				  pos == buf ? "" : " ");
4507 		if (os_snprintf_error(end - pos, ret))
4508 			return pos - buf;
4509 		pos += ret;
4510 	}
4511 #endif /* CONFIG_FILS_SK_PFS */
4512 #endif /* CONFIG_FILS */
4513 
4514 #ifdef CONFIG_PASN
4515 	ret = os_snprintf(pos, end - pos, "%sPASN",
4516 			  pos == buf ? "" : " ");
4517 	if (os_snprintf_error(end - pos, ret))
4518 		return pos - buf;
4519 	pos += ret;
4520 
4521 #endif /* CONFIG_PASN */
4522 
4523 	return pos - buf;
4524 }
4525 
4526 
4527 static int ctrl_iface_get_capability_modes(int res, bool strict,
4528 					   struct wpa_driver_capa *capa,
4529 					   char *buf, size_t buflen)
4530 {
4531 	int ret;
4532 	char *pos, *end;
4533 	size_t len;
4534 
4535 	pos = buf;
4536 	end = pos + buflen;
4537 
4538 	if (res < 0) {
4539 		if (strict)
4540 			return 0;
4541 		len = os_strlcpy(buf, "IBSS AP", buflen);
4542 		if (len >= buflen)
4543 			return -1;
4544 		return len;
4545 	}
4546 
4547 	if (capa->flags & WPA_DRIVER_FLAGS_IBSS) {
4548 		ret = os_snprintf(pos, end - pos, "%sIBSS",
4549 				  pos == buf ? "" : " ");
4550 		if (os_snprintf_error(end - pos, ret))
4551 			return pos - buf;
4552 		pos += ret;
4553 	}
4554 
4555 	if (capa->flags & WPA_DRIVER_FLAGS_AP) {
4556 		ret = os_snprintf(pos, end - pos, "%sAP",
4557 				  pos == buf ? "" : " ");
4558 		if (os_snprintf_error(end - pos, ret))
4559 			return pos - buf;
4560 		pos += ret;
4561 	}
4562 
4563 #ifdef CONFIG_MESH
4564 	if (capa->flags & WPA_DRIVER_FLAGS_MESH) {
4565 		ret = os_snprintf(pos, end - pos, "%sMESH",
4566 				  pos == buf ? "" : " ");
4567 		if (os_snprintf_error(end - pos, ret))
4568 			return pos - buf;
4569 		pos += ret;
4570 	}
4571 #endif /* CONFIG_MESH */
4572 
4573 	return pos - buf;
4574 }
4575 
4576 
4577 static int ctrl_iface_get_capability_channels(struct wpa_supplicant *wpa_s,
4578 					      char *buf, size_t buflen)
4579 {
4580 	struct hostapd_channel_data *chnl;
4581 	int ret, i, j;
4582 	char *pos, *end, *hmode;
4583 
4584 	pos = buf;
4585 	end = pos + buflen;
4586 
4587 	for (j = 0; j < wpa_s->hw.num_modes; j++) {
4588 		switch (wpa_s->hw.modes[j].mode) {
4589 		case HOSTAPD_MODE_IEEE80211B:
4590 			hmode = "B";
4591 			break;
4592 		case HOSTAPD_MODE_IEEE80211G:
4593 			hmode = "G";
4594 			break;
4595 		case HOSTAPD_MODE_IEEE80211A:
4596 			hmode = "A";
4597 			break;
4598 		case HOSTAPD_MODE_IEEE80211AD:
4599 			hmode = "AD";
4600 			break;
4601 		default:
4602 			continue;
4603 		}
4604 		ret = os_snprintf(pos, end - pos, "Mode[%s] Channels:", hmode);
4605 		if (os_snprintf_error(end - pos, ret))
4606 			return pos - buf;
4607 		pos += ret;
4608 		chnl = wpa_s->hw.modes[j].channels;
4609 		for (i = 0; i < wpa_s->hw.modes[j].num_channels; i++) {
4610 			if (chnl[i].flag & HOSTAPD_CHAN_DISABLED)
4611 				continue;
4612 			ret = os_snprintf(pos, end - pos, " %d", chnl[i].chan);
4613 			if (os_snprintf_error(end - pos, ret))
4614 				return pos - buf;
4615 			pos += ret;
4616 		}
4617 		ret = os_snprintf(pos, end - pos, "\n");
4618 		if (os_snprintf_error(end - pos, ret))
4619 			return pos - buf;
4620 		pos += ret;
4621 	}
4622 
4623 	return pos - buf;
4624 }
4625 
4626 
4627 static int ctrl_iface_get_capability_freq(struct wpa_supplicant *wpa_s,
4628 					  char *buf, size_t buflen)
4629 {
4630 	struct hostapd_channel_data *chnl;
4631 	int ret, i, j;
4632 	char *pos, *end, *hmode;
4633 
4634 	pos = buf;
4635 	end = pos + buflen;
4636 
4637 	for (j = 0; j < wpa_s->hw.num_modes; j++) {
4638 		switch (wpa_s->hw.modes[j].mode) {
4639 		case HOSTAPD_MODE_IEEE80211B:
4640 			hmode = "B";
4641 			break;
4642 		case HOSTAPD_MODE_IEEE80211G:
4643 			hmode = "G";
4644 			break;
4645 		case HOSTAPD_MODE_IEEE80211A:
4646 			hmode = "A";
4647 			break;
4648 		case HOSTAPD_MODE_IEEE80211AD:
4649 			hmode = "AD";
4650 			break;
4651 		default:
4652 			continue;
4653 		}
4654 		ret = os_snprintf(pos, end - pos, "Mode[%s] Channels:\n",
4655 				  hmode);
4656 		if (os_snprintf_error(end - pos, ret))
4657 			return pos - buf;
4658 		pos += ret;
4659 		chnl = wpa_s->hw.modes[j].channels;
4660 		for (i = 0; i < wpa_s->hw.modes[j].num_channels; i++) {
4661 			if (chnl[i].flag & HOSTAPD_CHAN_DISABLED)
4662 				continue;
4663 			ret = os_snprintf(pos, end - pos, " %d = %d MHz%s%s\n",
4664 					  chnl[i].chan, chnl[i].freq,
4665 					  chnl[i].flag & HOSTAPD_CHAN_NO_IR ?
4666 					  " (NO_IR)" : "",
4667 					  chnl[i].flag & HOSTAPD_CHAN_RADAR ?
4668 					  " (DFS)" : "");
4669 
4670 			if (os_snprintf_error(end - pos, ret))
4671 				return pos - buf;
4672 			pos += ret;
4673 		}
4674 		ret = os_snprintf(pos, end - pos, "\n");
4675 		if (os_snprintf_error(end - pos, ret))
4676 			return pos - buf;
4677 		pos += ret;
4678 	}
4679 
4680 	return pos - buf;
4681 }
4682 
4683 
4684 static int wpa_supplicant_ctrl_iface_get_capability(
4685 	struct wpa_supplicant *wpa_s, const char *_field, char *buf,
4686 	size_t buflen)
4687 {
4688 	struct wpa_driver_capa capa;
4689 	int res;
4690 	char *next_param, *curr_param, *iftype = NULL;
4691 	bool strict = false;
4692 	char field[50];
4693 	size_t len;
4694 
4695 	/* Determine whether or not strict checking was requested */
4696 	len = os_strlcpy(field, _field, sizeof(field));
4697 	if (len >= sizeof(field))
4698 		return -1;
4699 
4700 	next_param = os_strchr(field, ' ');
4701 	while (next_param) {
4702 		*next_param++ = '\0';
4703 		curr_param = next_param;
4704 		next_param = os_strchr(next_param, ' ');
4705 
4706 		if (next_param)
4707 			*next_param = '\0';
4708 
4709 		if (os_strcmp(curr_param, "strict") == 0)
4710 			strict = true;
4711 		else if (os_strncmp(curr_param, "iftype=", 7) == 0)
4712 			iftype = curr_param + 7;
4713 		else
4714 			return -1;
4715 	}
4716 
4717 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s'%s%s%s",
4718 		   field, iftype ? " iftype=" : "", iftype ? iftype : "",
4719 		   strict ? " strict" : "");
4720 
4721 	if (os_strcmp(field, "eap") == 0) {
4722 		return eap_get_names(buf, buflen);
4723 	}
4724 
4725 	res = wpa_drv_get_capa(wpa_s, &capa);
4726 
4727 	if (os_strcmp(field, "pairwise") == 0)
4728 		return ctrl_iface_get_capability_pairwise(res, strict, &capa,
4729 							  buf, buflen);
4730 
4731 	if (os_strcmp(field, "group") == 0)
4732 		return ctrl_iface_get_capability_group(res, strict, &capa,
4733 						       buf, buflen);
4734 
4735 	if (os_strcmp(field, "group_mgmt") == 0)
4736 		return ctrl_iface_get_capability_group_mgmt(res, strict, &capa,
4737 							    buf, buflen);
4738 
4739 	if (os_strcmp(field, "key_mgmt") == 0)
4740 		return ctrl_iface_get_capability_key_mgmt(res, strict, &capa,
4741 							  iftype, buf, buflen);
4742 
4743 	if (os_strcmp(field, "proto") == 0)
4744 		return ctrl_iface_get_capability_proto(res, strict, &capa,
4745 						       buf, buflen);
4746 
4747 	if (os_strcmp(field, "auth_alg") == 0)
4748 		return ctrl_iface_get_capability_auth_alg(wpa_s, res, strict,
4749 							  &capa, buf, buflen);
4750 
4751 	if (os_strcmp(field, "modes") == 0)
4752 		return ctrl_iface_get_capability_modes(res, strict, &capa,
4753 						       buf, buflen);
4754 
4755 	if (os_strcmp(field, "channels") == 0)
4756 		return ctrl_iface_get_capability_channels(wpa_s, buf, buflen);
4757 
4758 	if (os_strcmp(field, "freq") == 0)
4759 		return ctrl_iface_get_capability_freq(wpa_s, buf, buflen);
4760 
4761 #ifdef CONFIG_TDLS
4762 	if (os_strcmp(field, "tdls") == 0)
4763 		return ctrl_iface_get_capability_tdls(wpa_s, buf, buflen);
4764 #endif /* CONFIG_TDLS */
4765 
4766 #ifdef CONFIG_ERP
4767 	if (os_strcmp(field, "erp") == 0) {
4768 		res = os_snprintf(buf, buflen, "ERP");
4769 		if (os_snprintf_error(buflen, res))
4770 			return -1;
4771 		return res;
4772 	}
4773 #endif /* CONFIG_EPR */
4774 
4775 #ifdef CONFIG_FIPS
4776 	if (os_strcmp(field, "fips") == 0) {
4777 		res = os_snprintf(buf, buflen, "FIPS");
4778 		if (os_snprintf_error(buflen, res))
4779 			return -1;
4780 		return res;
4781 	}
4782 #endif /* CONFIG_FIPS */
4783 
4784 #ifdef CONFIG_ACS
4785 	if (os_strcmp(field, "acs") == 0) {
4786 		res = os_snprintf(buf, buflen, "ACS");
4787 		if (os_snprintf_error(buflen, res))
4788 			return -1;
4789 		return res;
4790 	}
4791 #endif /* CONFIG_ACS */
4792 
4793 #ifdef CONFIG_FILS
4794 	if (os_strcmp(field, "fils") == 0) {
4795 #ifdef CONFIG_FILS_SK_PFS
4796 		if (wpa_is_fils_supported(wpa_s) &&
4797 		    wpa_is_fils_sk_pfs_supported(wpa_s)) {
4798 			res = os_snprintf(buf, buflen, "FILS FILS-SK-PFS");
4799 			if (os_snprintf_error(buflen, res))
4800 				return -1;
4801 			return res;
4802 		}
4803 #endif /* CONFIG_FILS_SK_PFS */
4804 
4805 		if (wpa_is_fils_supported(wpa_s)) {
4806 			res = os_snprintf(buf, buflen, "FILS");
4807 			if (os_snprintf_error(buflen, res))
4808 				return -1;
4809 			return res;
4810 		}
4811 	}
4812 #endif /* CONFIG_FILS */
4813 
4814 	if (os_strcmp(field, "multibss") == 0 && wpa_s->multi_bss_support) {
4815 		res = os_snprintf(buf, buflen, "MULTIBSS-STA");
4816 		if (os_snprintf_error(buflen, res))
4817 			return -1;
4818 		return res;
4819 	}
4820 
4821 #ifdef CONFIG_DPP
4822 	if (os_strcmp(field, "dpp") == 0) {
4823 #ifdef CONFIG_DPP2
4824 		res = os_snprintf(buf, buflen, "DPP=2");
4825 #else /* CONFIG_DPP2 */
4826 		res = os_snprintf(buf, buflen, "DPP=1");
4827 #endif /* CONFIG_DPP2 */
4828 		if (os_snprintf_error(buflen, res))
4829 			return -1;
4830 		return res;
4831 	}
4832 #endif /* CONFIG_DPP */
4833 
4834 #ifdef CONFIG_SAE
4835 	if (os_strcmp(field, "sae") == 0 &&
4836 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE)) {
4837 #ifdef CONFIG_SAE_PK
4838 		res = os_snprintf(buf, buflen, "H2E PK");
4839 #else /* CONFIG_SAE_PK */
4840 		res = os_snprintf(buf, buflen, "H2E");
4841 #endif /* CONFIG_SAE_PK */
4842 		if (os_snprintf_error(buflen, res))
4843 			return -1;
4844 		return res;
4845 	}
4846 #endif /* CONFIG_SAE */
4847 
4848 #ifdef CONFIG_OCV
4849 	if (os_strcmp(field, "ocv") == 0) {
4850 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
4851 		    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
4852 			res = os_snprintf(buf, buflen, "supported");
4853 		else
4854 			res = os_snprintf(buf, buflen, "not supported");
4855 		if (os_snprintf_error(buflen, res))
4856 			return -1;
4857 		return res;
4858 	}
4859 #endif /* CONFIG_OCV */
4860 
4861 	if (os_strcmp(field, "beacon_prot") == 0) {
4862 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) ||
4863 		    (wpa_s->drv_flags2 &
4864 		     WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT))
4865 			res = os_snprintf(buf, buflen, "supported");
4866 		else
4867 			res = os_snprintf(buf, buflen, "not supported");
4868 		if (os_snprintf_error(buflen, res))
4869 			return -1;
4870 		return res;
4871 	}
4872 
4873 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
4874 		   field);
4875 
4876 	return -1;
4877 }
4878 
4879 
4880 #ifdef CONFIG_INTERWORKING
4881 static char * anqp_add_hex(char *pos, char *end, const char *title,
4882 			   struct wpabuf *data)
4883 {
4884 	char *start = pos;
4885 	size_t i;
4886 	int ret;
4887 	const u8 *d;
4888 
4889 	if (data == NULL)
4890 		return start;
4891 
4892 	ret = os_snprintf(pos, end - pos, "%s=", title);
4893 	if (os_snprintf_error(end - pos, ret))
4894 		return start;
4895 	pos += ret;
4896 
4897 	d = wpabuf_head_u8(data);
4898 	for (i = 0; i < wpabuf_len(data); i++) {
4899 		ret = os_snprintf(pos, end - pos, "%02x", *d++);
4900 		if (os_snprintf_error(end - pos, ret))
4901 			return start;
4902 		pos += ret;
4903 	}
4904 
4905 	ret = os_snprintf(pos, end - pos, "\n");
4906 	if (os_snprintf_error(end - pos, ret))
4907 		return start;
4908 	pos += ret;
4909 
4910 	return pos;
4911 }
4912 #endif /* CONFIG_INTERWORKING */
4913 
4914 
4915 #ifdef CONFIG_FILS
4916 static int print_fils_indication(struct wpa_bss *bss, char *pos, char *end)
4917 {
4918 	char *start = pos;
4919 	const u8 *ie, *ie_end;
4920 	u16 info, realms;
4921 	int ret;
4922 
4923 	ie = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
4924 	if (!ie)
4925 		return 0;
4926 	ie_end = ie + 2 + ie[1];
4927 	ie += 2;
4928 	if (ie_end - ie < 2)
4929 		return -1;
4930 
4931 	info = WPA_GET_LE16(ie);
4932 	ie += 2;
4933 	ret = os_snprintf(pos, end - pos, "fils_info=%04x\n", info);
4934 	if (os_snprintf_error(end - pos, ret))
4935 		return 0;
4936 	pos += ret;
4937 
4938 	if (info & BIT(7)) {
4939 		/* Cache Identifier Included */
4940 		if (ie_end - ie < 2)
4941 			return -1;
4942 		ret = os_snprintf(pos, end - pos, "fils_cache_id=%02x%02x\n",
4943 				  ie[0], ie[1]);
4944 		if (os_snprintf_error(end - pos, ret))
4945 			return 0;
4946 		pos += ret;
4947 		ie += 2;
4948 	}
4949 
4950 	if (info & BIT(8)) {
4951 		/* HESSID Included */
4952 		if (ie_end - ie < ETH_ALEN)
4953 			return -1;
4954 		ret = os_snprintf(pos, end - pos, "fils_hessid=" MACSTR "\n",
4955 				  MAC2STR(ie));
4956 		if (os_snprintf_error(end - pos, ret))
4957 			return 0;
4958 		pos += ret;
4959 		ie += ETH_ALEN;
4960 	}
4961 
4962 	realms = (info & (BIT(3) | BIT(4) | BIT(5))) >> 3;
4963 	if (realms) {
4964 		if (ie_end - ie < realms * 2)
4965 			return -1;
4966 		ret = os_snprintf(pos, end - pos, "fils_realms=");
4967 		if (os_snprintf_error(end - pos, ret))
4968 			return 0;
4969 		pos += ret;
4970 
4971 		ret = wpa_snprintf_hex(pos, end - pos, ie, realms * 2);
4972 		if (ret <= 0)
4973 			return 0;
4974 		pos += ret;
4975 		ie += realms * 2;
4976 		ret = os_snprintf(pos, end - pos, "\n");
4977 		if (os_snprintf_error(end - pos, ret))
4978 			return 0;
4979 		pos += ret;
4980 	}
4981 
4982 	return pos - start;
4983 }
4984 #endif /* CONFIG_FILS */
4985 
4986 
4987 static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
4988 			  unsigned long mask, char *buf, size_t buflen)
4989 {
4990 	size_t i;
4991 	int ret;
4992 	char *pos, *end;
4993 	const u8 *ie, *ie2, *osen_ie, *mesh, *owe, *rsnxe;
4994 
4995 	pos = buf;
4996 	end = buf + buflen;
4997 
4998 	if (mask & WPA_BSS_MASK_ID) {
4999 		ret = os_snprintf(pos, end - pos, "id=%u\n", bss->id);
5000 		if (os_snprintf_error(end - pos, ret))
5001 			return 0;
5002 		pos += ret;
5003 	}
5004 
5005 	if (mask & WPA_BSS_MASK_BSSID) {
5006 		ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
5007 				  MAC2STR(bss->bssid));
5008 		if (os_snprintf_error(end - pos, ret))
5009 			return 0;
5010 		pos += ret;
5011 	}
5012 
5013 	if (mask & WPA_BSS_MASK_FREQ) {
5014 		ret = os_snprintf(pos, end - pos, "freq=%d\n", bss->freq);
5015 		if (os_snprintf_error(end - pos, ret))
5016 			return 0;
5017 		pos += ret;
5018 	}
5019 
5020 	if (mask & WPA_BSS_MASK_BEACON_INT) {
5021 		ret = os_snprintf(pos, end - pos, "beacon_int=%d\n",
5022 				  bss->beacon_int);
5023 		if (os_snprintf_error(end - pos, ret))
5024 			return 0;
5025 		pos += ret;
5026 	}
5027 
5028 	if (mask & WPA_BSS_MASK_CAPABILITIES) {
5029 		ret = os_snprintf(pos, end - pos, "capabilities=0x%04x\n",
5030 				  bss->caps);
5031 		if (os_snprintf_error(end - pos, ret))
5032 			return 0;
5033 		pos += ret;
5034 	}
5035 
5036 	if (mask & WPA_BSS_MASK_QUAL) {
5037 		ret = os_snprintf(pos, end - pos, "qual=%d\n", bss->qual);
5038 		if (os_snprintf_error(end - pos, ret))
5039 			return 0;
5040 		pos += ret;
5041 	}
5042 
5043 	if (mask & WPA_BSS_MASK_NOISE) {
5044 		ret = os_snprintf(pos, end - pos, "noise=%d\n", bss->noise);
5045 		if (os_snprintf_error(end - pos, ret))
5046 			return 0;
5047 		pos += ret;
5048 	}
5049 
5050 	if (mask & WPA_BSS_MASK_LEVEL) {
5051 		ret = os_snprintf(pos, end - pos, "level=%d\n", bss->level);
5052 		if (os_snprintf_error(end - pos, ret))
5053 			return 0;
5054 		pos += ret;
5055 	}
5056 
5057 	if (mask & WPA_BSS_MASK_TSF) {
5058 		ret = os_snprintf(pos, end - pos, "tsf=%016llu\n",
5059 				  (unsigned long long) bss->tsf);
5060 		if (os_snprintf_error(end - pos, ret))
5061 			return 0;
5062 		pos += ret;
5063 	}
5064 
5065 	if (mask & WPA_BSS_MASK_AGE) {
5066 		struct os_reltime now;
5067 
5068 		os_get_reltime(&now);
5069 		ret = os_snprintf(pos, end - pos, "age=%d\n",
5070 				  (int) (now.sec - bss->last_update.sec));
5071 		if (os_snprintf_error(end - pos, ret))
5072 			return 0;
5073 		pos += ret;
5074 	}
5075 
5076 	if (mask & WPA_BSS_MASK_IE) {
5077 		ret = os_snprintf(pos, end - pos, "ie=");
5078 		if (os_snprintf_error(end - pos, ret))
5079 			return 0;
5080 		pos += ret;
5081 
5082 		ie = wpa_bss_ie_ptr(bss);
5083 		for (i = 0; i < bss->ie_len; i++) {
5084 			ret = os_snprintf(pos, end - pos, "%02x", *ie++);
5085 			if (os_snprintf_error(end - pos, ret))
5086 				return 0;
5087 			pos += ret;
5088 		}
5089 
5090 		ret = os_snprintf(pos, end - pos, "\n");
5091 		if (os_snprintf_error(end - pos, ret))
5092 			return 0;
5093 		pos += ret;
5094 	}
5095 
5096 	if (mask & WPA_BSS_MASK_FLAGS) {
5097 		ret = os_snprintf(pos, end - pos, "flags=");
5098 		if (os_snprintf_error(end - pos, ret))
5099 			return 0;
5100 		pos += ret;
5101 
5102 		mesh = wpa_bss_get_ie(bss, WLAN_EID_MESH_ID);
5103 
5104 		ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
5105 		if (ie)
5106 			pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie,
5107 						    2 + ie[1]);
5108 		ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
5109 		if (ie2)
5110 			pos = wpa_supplicant_ie_txt(pos, end,
5111 						    mesh ? "RSN" : "WPA2", ie2,
5112 						    2 + ie2[1]);
5113 		rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
5114 		if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_H2E)) {
5115 			ret = os_snprintf(pos, end - pos, "[SAE-H2E]");
5116 			if (os_snprintf_error(end - pos, ret))
5117 				return -1;
5118 			pos += ret;
5119 		}
5120 		if (ieee802_11_rsnx_capab(rsnxe, WLAN_RSNX_CAPAB_SAE_PK)) {
5121 			ret = os_snprintf(pos, end - pos, "[SAE-PK]");
5122 			if (os_snprintf_error(end - pos, ret))
5123 				return -1;
5124 			pos += ret;
5125 		}
5126 		osen_ie = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
5127 		if (osen_ie)
5128 			pos = wpa_supplicant_ie_txt(pos, end, "OSEN",
5129 						    osen_ie, 2 + osen_ie[1]);
5130 		owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
5131 		if (owe) {
5132 			ret = os_snprintf(
5133 				pos, end - pos,
5134 				ie2 ? "[OWE-TRANS]" : "[OWE-TRANS-OPEN]");
5135 			if (os_snprintf_error(end - pos, ret))
5136 				return 0;
5137 			pos += ret;
5138 		}
5139 		pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
5140 		if (!ie && !ie2 && !osen_ie &&
5141 		    (bss->caps & IEEE80211_CAP_PRIVACY)) {
5142 			ret = os_snprintf(pos, end - pos, "[WEP]");
5143 			if (os_snprintf_error(end - pos, ret))
5144 				return 0;
5145 			pos += ret;
5146 		}
5147 
5148 		if (mesh) {
5149 			ret = os_snprintf(pos, end - pos, "[MESH]");
5150 			if (os_snprintf_error(end - pos, ret))
5151 				return 0;
5152 			pos += ret;
5153 		}
5154 
5155 		if (bss_is_dmg(bss)) {
5156 			const char *s;
5157 			ret = os_snprintf(pos, end - pos, "[DMG]");
5158 			if (os_snprintf_error(end - pos, ret))
5159 				return 0;
5160 			pos += ret;
5161 			switch (bss->caps & IEEE80211_CAP_DMG_MASK) {
5162 			case IEEE80211_CAP_DMG_IBSS:
5163 				s = "[IBSS]";
5164 				break;
5165 			case IEEE80211_CAP_DMG_AP:
5166 				s = "[ESS]";
5167 				break;
5168 			case IEEE80211_CAP_DMG_PBSS:
5169 				s = "[PBSS]";
5170 				break;
5171 			default:
5172 				s = "";
5173 				break;
5174 			}
5175 			ret = os_snprintf(pos, end - pos, "%s", s);
5176 			if (os_snprintf_error(end - pos, ret))
5177 				return 0;
5178 			pos += ret;
5179 		} else {
5180 			if (bss->caps & IEEE80211_CAP_IBSS) {
5181 				ret = os_snprintf(pos, end - pos, "[IBSS]");
5182 				if (os_snprintf_error(end - pos, ret))
5183 					return 0;
5184 				pos += ret;
5185 			}
5186 			if (bss->caps & IEEE80211_CAP_ESS) {
5187 				ret = os_snprintf(pos, end - pos, "[ESS]");
5188 				if (os_snprintf_error(end - pos, ret))
5189 					return 0;
5190 				pos += ret;
5191 			}
5192 		}
5193 		if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE) ||
5194 		    wpa_bss_get_vendor_ie_beacon(bss, P2P_IE_VENDOR_TYPE)) {
5195 			ret = os_snprintf(pos, end - pos, "[P2P]");
5196 			if (os_snprintf_error(end - pos, ret))
5197 				return 0;
5198 			pos += ret;
5199 		}
5200 #ifdef CONFIG_HS20
5201 		if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
5202 			ret = os_snprintf(pos, end - pos, "[HS20]");
5203 			if (os_snprintf_error(end - pos, ret))
5204 				return 0;
5205 			pos += ret;
5206 		}
5207 #endif /* CONFIG_HS20 */
5208 #ifdef CONFIG_FILS
5209 		if (wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION)) {
5210 			ret = os_snprintf(pos, end - pos, "[FILS]");
5211 			if (os_snprintf_error(end - pos, ret))
5212 				return 0;
5213 			pos += ret;
5214 		}
5215 #endif /* CONFIG_FILS */
5216 #ifdef CONFIG_FST
5217 		if (wpa_bss_get_ie(bss, WLAN_EID_MULTI_BAND)) {
5218 			ret = os_snprintf(pos, end - pos, "[FST]");
5219 			if (os_snprintf_error(end - pos, ret))
5220 				return 0;
5221 			pos += ret;
5222 		}
5223 #endif /* CONFIG_FST */
5224 		if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_UTF_8_SSID)) {
5225 			ret = os_snprintf(pos, end - pos, "[UTF-8]");
5226 			if (os_snprintf_error(end - pos, ret))
5227 				return 0;
5228 			pos += ret;
5229 		}
5230 
5231 		ret = os_snprintf(pos, end - pos, "\n");
5232 		if (os_snprintf_error(end - pos, ret))
5233 			return 0;
5234 		pos += ret;
5235 	}
5236 
5237 	if (mask & WPA_BSS_MASK_SSID) {
5238 		ret = os_snprintf(pos, end - pos, "ssid=%s\n",
5239 				  wpa_ssid_txt(bss->ssid, bss->ssid_len));
5240 		if (os_snprintf_error(end - pos, ret))
5241 			return 0;
5242 		pos += ret;
5243 	}
5244 
5245 #ifdef CONFIG_WPS
5246 	if (mask & WPA_BSS_MASK_WPS_SCAN) {
5247 		ie = wpa_bss_ie_ptr(bss);
5248 		ret = wpas_wps_scan_result_text(ie, bss->ie_len, pos, end);
5249 		if (ret >= end - pos)
5250 			return 0;
5251 		if (ret > 0)
5252 			pos += ret;
5253 	}
5254 #endif /* CONFIG_WPS */
5255 
5256 #ifdef CONFIG_P2P
5257 	if (mask & WPA_BSS_MASK_P2P_SCAN) {
5258 		ie = wpa_bss_ie_ptr(bss);
5259 		ret = wpas_p2p_scan_result_text(ie, bss->ie_len, pos, end);
5260 		if (ret >= end - pos)
5261 			return 0;
5262 		if (ret > 0)
5263 			pos += ret;
5264 	}
5265 #endif /* CONFIG_P2P */
5266 
5267 #ifdef CONFIG_WIFI_DISPLAY
5268 	if (mask & WPA_BSS_MASK_WIFI_DISPLAY) {
5269 		struct wpabuf *wfd;
5270 
5271 		ie = wpa_bss_ie_ptr(bss);
5272 		wfd = ieee802_11_vendor_ie_concat(ie, bss->ie_len,
5273 						  WFD_IE_VENDOR_TYPE);
5274 		if (wfd) {
5275 			ret = os_snprintf(pos, end - pos, "wfd_subelems=");
5276 			if (os_snprintf_error(end - pos, ret)) {
5277 				wpabuf_free(wfd);
5278 				return 0;
5279 			}
5280 			pos += ret;
5281 
5282 			pos += wpa_snprintf_hex(pos, end - pos,
5283 						wpabuf_head(wfd),
5284 						wpabuf_len(wfd));
5285 			wpabuf_free(wfd);
5286 
5287 			ret = os_snprintf(pos, end - pos, "\n");
5288 			if (os_snprintf_error(end - pos, ret))
5289 				return 0;
5290 			pos += ret;
5291 		}
5292 	}
5293 #endif /* CONFIG_WIFI_DISPLAY */
5294 
5295 #ifdef CONFIG_INTERWORKING
5296 	if ((mask & WPA_BSS_MASK_INTERNETW) && bss->anqp) {
5297 		struct wpa_bss_anqp *anqp = bss->anqp;
5298 		struct wpa_bss_anqp_elem *elem;
5299 
5300 		pos = anqp_add_hex(pos, end, "anqp_capability_list",
5301 				   anqp->capability_list);
5302 		pos = anqp_add_hex(pos, end, "anqp_venue_name",
5303 				   anqp->venue_name);
5304 		pos = anqp_add_hex(pos, end, "anqp_network_auth_type",
5305 				   anqp->network_auth_type);
5306 		pos = anqp_add_hex(pos, end, "anqp_roaming_consortium",
5307 				   anqp->roaming_consortium);
5308 		pos = anqp_add_hex(pos, end, "anqp_ip_addr_type_availability",
5309 				   anqp->ip_addr_type_availability);
5310 		pos = anqp_add_hex(pos, end, "anqp_nai_realm",
5311 				   anqp->nai_realm);
5312 		pos = anqp_add_hex(pos, end, "anqp_3gpp", anqp->anqp_3gpp);
5313 		pos = anqp_add_hex(pos, end, "anqp_domain_name",
5314 				   anqp->domain_name);
5315 		pos = anqp_add_hex(pos, end, "anqp_fils_realm_info",
5316 				   anqp->fils_realm_info);
5317 #ifdef CONFIG_HS20
5318 		pos = anqp_add_hex(pos, end, "hs20_capability_list",
5319 				   anqp->hs20_capability_list);
5320 		pos = anqp_add_hex(pos, end, "hs20_operator_friendly_name",
5321 				   anqp->hs20_operator_friendly_name);
5322 		pos = anqp_add_hex(pos, end, "hs20_wan_metrics",
5323 				   anqp->hs20_wan_metrics);
5324 		pos = anqp_add_hex(pos, end, "hs20_connection_capability",
5325 				   anqp->hs20_connection_capability);
5326 		pos = anqp_add_hex(pos, end, "hs20_operating_class",
5327 				   anqp->hs20_operating_class);
5328 		pos = anqp_add_hex(pos, end, "hs20_osu_providers_list",
5329 				   anqp->hs20_osu_providers_list);
5330 		pos = anqp_add_hex(pos, end, "hs20_operator_icon_metadata",
5331 				   anqp->hs20_operator_icon_metadata);
5332 		pos = anqp_add_hex(pos, end, "hs20_osu_providers_nai_list",
5333 				   anqp->hs20_osu_providers_nai_list);
5334 #endif /* CONFIG_HS20 */
5335 
5336 		dl_list_for_each(elem, &anqp->anqp_elems,
5337 				 struct wpa_bss_anqp_elem, list) {
5338 			char title[20];
5339 
5340 			os_snprintf(title, sizeof(title), "anqp[%u]",
5341 				    elem->infoid);
5342 			pos = anqp_add_hex(pos, end, title, elem->payload);
5343 			if (elem->protected_response) {
5344 				ret = os_snprintf(pos, end - pos,
5345 						  "protected-anqp-info[%u]=1\n",
5346 						  elem->infoid);
5347 				if (os_snprintf_error(end - pos, ret))
5348 					return 0;
5349 				pos += ret;
5350 			}
5351 		}
5352 	}
5353 #endif /* CONFIG_INTERWORKING */
5354 
5355 #ifdef CONFIG_MESH
5356 	if (mask & WPA_BSS_MASK_MESH_SCAN) {
5357 		ie = wpa_bss_ie_ptr(bss);
5358 		ret = wpas_mesh_scan_result_text(ie, bss->ie_len, pos, end);
5359 		if (ret >= end - pos)
5360 			return 0;
5361 		if (ret > 0)
5362 			pos += ret;
5363 	}
5364 #endif /* CONFIG_MESH */
5365 
5366 	if (mask & WPA_BSS_MASK_SNR) {
5367 		ret = os_snprintf(pos, end - pos, "snr=%d\n", bss->snr);
5368 		if (os_snprintf_error(end - pos, ret))
5369 			return 0;
5370 		pos += ret;
5371 	}
5372 
5373 	if (mask & WPA_BSS_MASK_EST_THROUGHPUT) {
5374 		ret = os_snprintf(pos, end - pos, "est_throughput=%d\n",
5375 				  bss->est_throughput);
5376 		if (os_snprintf_error(end - pos, ret))
5377 			return 0;
5378 		pos += ret;
5379 	}
5380 
5381 #ifdef CONFIG_FST
5382 	if (mask & WPA_BSS_MASK_FST) {
5383 		ret = fst_ctrl_iface_mb_info(bss->bssid, pos, end - pos);
5384 		if (ret < 0 || ret >= end - pos)
5385 			return 0;
5386 		pos += ret;
5387 	}
5388 #endif /* CONFIG_FST */
5389 
5390 	if (mask & WPA_BSS_MASK_UPDATE_IDX) {
5391 		ret = os_snprintf(pos, end - pos, "update_idx=%u\n",
5392 				  bss->last_update_idx);
5393 		if (os_snprintf_error(end - pos, ret))
5394 			return 0;
5395 		pos += ret;
5396 	}
5397 
5398 	if ((mask & WPA_BSS_MASK_BEACON_IE) && bss->beacon_ie_len) {
5399 		ret = os_snprintf(pos, end - pos, "beacon_ie=");
5400 		if (os_snprintf_error(end - pos, ret))
5401 			return 0;
5402 		pos += ret;
5403 
5404 		ie = wpa_bss_ie_ptr(bss);
5405 		ie += bss->ie_len;
5406 		for (i = 0; i < bss->beacon_ie_len; i++) {
5407 			ret = os_snprintf(pos, end - pos, "%02x", *ie++);
5408 			if (os_snprintf_error(end - pos, ret))
5409 				return 0;
5410 			pos += ret;
5411 		}
5412 
5413 		ret = os_snprintf(pos, end - pos, "\n");
5414 		if (os_snprintf_error(end - pos, ret))
5415 			return 0;
5416 		pos += ret;
5417 	}
5418 
5419 #ifdef CONFIG_FILS
5420 	if (mask & WPA_BSS_MASK_FILS_INDICATION) {
5421 		ret = print_fils_indication(bss, pos, end);
5422 		if (ret < 0)
5423 			return 0;
5424 		pos += ret;
5425 	}
5426 #endif /* CONFIG_FILS */
5427 
5428 	if (mask & WPA_BSS_MASK_DELIM) {
5429 		ret = os_snprintf(pos, end - pos, "====\n");
5430 		if (os_snprintf_error(end - pos, ret))
5431 			return 0;
5432 		pos += ret;
5433 	}
5434 
5435 	return pos - buf;
5436 }
5437 
5438 
5439 static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
5440 					 const char *cmd, char *buf,
5441 					 size_t buflen)
5442 {
5443 	u8 bssid[ETH_ALEN];
5444 	size_t i;
5445 	struct wpa_bss *bss;
5446 	struct wpa_bss *bsslast = NULL;
5447 	struct dl_list *next;
5448 	int ret = 0;
5449 	int len;
5450 	char *ctmp, *end = buf + buflen;
5451 	unsigned long mask = WPA_BSS_MASK_ALL;
5452 
5453 	if (os_strncmp(cmd, "RANGE=", 6) == 0) {
5454 		if (os_strncmp(cmd + 6, "ALL", 3) == 0) {
5455 			bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss,
5456 					    list_id);
5457 			bsslast = dl_list_last(&wpa_s->bss_id, struct wpa_bss,
5458 					       list_id);
5459 		} else { /* N1-N2 */
5460 			unsigned int id1, id2;
5461 
5462 			if ((ctmp = os_strchr(cmd + 6, '-')) == NULL) {
5463 				wpa_printf(MSG_INFO, "Wrong BSS range "
5464 					   "format");
5465 				return 0;
5466 			}
5467 
5468 			if (*(cmd + 6) == '-')
5469 				id1 = 0;
5470 			else
5471 				id1 = atoi(cmd + 6);
5472 			ctmp++;
5473 			if (*ctmp >= '0' && *ctmp <= '9')
5474 				id2 = atoi(ctmp);
5475 			else
5476 				id2 = (unsigned int) -1;
5477 			bss = wpa_bss_get_id_range(wpa_s, id1, id2);
5478 			if (id2 == (unsigned int) -1)
5479 				bsslast = dl_list_last(&wpa_s->bss_id,
5480 						       struct wpa_bss,
5481 						       list_id);
5482 			else {
5483 				bsslast = wpa_bss_get_id(wpa_s, id2);
5484 				if (bsslast == NULL && bss && id2 > id1) {
5485 					struct wpa_bss *tmp = bss;
5486 					for (;;) {
5487 						next = tmp->list_id.next;
5488 						if (next == &wpa_s->bss_id)
5489 							break;
5490 						tmp = dl_list_entry(
5491 							next, struct wpa_bss,
5492 							list_id);
5493 						if (tmp->id > id2)
5494 							break;
5495 						bsslast = tmp;
5496 					}
5497 				}
5498 			}
5499 		}
5500 	} else if (os_strncmp(cmd, "FIRST", 5) == 0)
5501 		bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss, list_id);
5502 	else if (os_strncmp(cmd, "LAST", 4) == 0)
5503 		bss = dl_list_last(&wpa_s->bss_id, struct wpa_bss, list_id);
5504 	else if (os_strncmp(cmd, "ID-", 3) == 0) {
5505 		i = atoi(cmd + 3);
5506 		bss = wpa_bss_get_id(wpa_s, i);
5507 	} else if (os_strncmp(cmd, "NEXT-", 5) == 0) {
5508 		i = atoi(cmd + 5);
5509 		bss = wpa_bss_get_id(wpa_s, i);
5510 		if (bss) {
5511 			next = bss->list_id.next;
5512 			if (next == &wpa_s->bss_id)
5513 				bss = NULL;
5514 			else
5515 				bss = dl_list_entry(next, struct wpa_bss,
5516 						    list_id);
5517 		}
5518 	} else if (os_strncmp(cmd, "CURRENT", 7) == 0) {
5519 		bss = wpa_s->current_bss;
5520 #ifdef CONFIG_P2P
5521 	} else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
5522 		if (hwaddr_aton(cmd + 13, bssid) == 0)
5523 			bss = wpa_bss_get_p2p_dev_addr(wpa_s, bssid);
5524 		else
5525 			bss = NULL;
5526 #endif /* CONFIG_P2P */
5527 	} else if (hwaddr_aton(cmd, bssid) == 0)
5528 		bss = wpa_bss_get_bssid(wpa_s, bssid);
5529 	else {
5530 		struct wpa_bss *tmp;
5531 		i = atoi(cmd);
5532 		bss = NULL;
5533 		dl_list_for_each(tmp, &wpa_s->bss_id, struct wpa_bss, list_id)
5534 		{
5535 			if (i == 0) {
5536 				bss = tmp;
5537 				break;
5538 			}
5539 			i--;
5540 		}
5541 	}
5542 
5543 	if ((ctmp = os_strstr(cmd, "MASK=")) != NULL) {
5544 		mask = strtoul(ctmp + 5, NULL, 0x10);
5545 		if (mask == 0)
5546 			mask = WPA_BSS_MASK_ALL;
5547 	}
5548 
5549 	if (bss == NULL)
5550 		return 0;
5551 
5552 	if (bsslast == NULL)
5553 		bsslast = bss;
5554 	do {
5555 		len = print_bss_info(wpa_s, bss, mask, buf, buflen);
5556 		ret += len;
5557 		buf += len;
5558 		buflen -= len;
5559 		if (bss == bsslast) {
5560 			if ((mask & WPA_BSS_MASK_DELIM) && len &&
5561 			    (bss == dl_list_last(&wpa_s->bss_id,
5562 						 struct wpa_bss, list_id))) {
5563 				int res;
5564 
5565 				res = os_snprintf(buf - 5, end - buf + 5,
5566 						  "####\n");
5567 				if (os_snprintf_error(end - buf + 5, res)) {
5568 					wpa_printf(MSG_DEBUG,
5569 						   "Could not add end delim");
5570 				}
5571 			}
5572 			break;
5573 		}
5574 		next = bss->list_id.next;
5575 		if (next == &wpa_s->bss_id)
5576 			break;
5577 		bss = dl_list_entry(next, struct wpa_bss, list_id);
5578 	} while (bss && len);
5579 
5580 	return ret;
5581 }
5582 
5583 
5584 static int wpa_supplicant_ctrl_iface_ap_scan(
5585 	struct wpa_supplicant *wpa_s, char *cmd)
5586 {
5587 	int ap_scan = atoi(cmd);
5588 	return wpa_supplicant_set_ap_scan(wpa_s, ap_scan);
5589 }
5590 
5591 
5592 static int wpa_supplicant_ctrl_iface_scan_interval(
5593 	struct wpa_supplicant *wpa_s, char *cmd)
5594 {
5595 	int scan_int = atoi(cmd);
5596 	return wpa_supplicant_set_scan_interval(wpa_s, scan_int);
5597 }
5598 
5599 
5600 static int wpa_supplicant_ctrl_iface_bss_expire_age(
5601 	struct wpa_supplicant *wpa_s, char *cmd)
5602 {
5603 	int expire_age = atoi(cmd);
5604 	return wpa_supplicant_set_bss_expiration_age(wpa_s, expire_age);
5605 }
5606 
5607 
5608 static int wpa_supplicant_ctrl_iface_bss_expire_count(
5609 	struct wpa_supplicant *wpa_s, char *cmd)
5610 {
5611 	int expire_count = atoi(cmd);
5612 	return wpa_supplicant_set_bss_expiration_count(wpa_s, expire_count);
5613 }
5614 
5615 
5616 static void wpa_supplicant_ctrl_iface_bss_flush(
5617 	struct wpa_supplicant *wpa_s, char *cmd)
5618 {
5619 	int flush_age = atoi(cmd);
5620 
5621 	if (flush_age == 0)
5622 		wpa_bss_flush(wpa_s);
5623 	else
5624 		wpa_bss_flush_by_age(wpa_s, flush_age);
5625 }
5626 
5627 
5628 #ifdef CONFIG_TESTING_OPTIONS
5629 static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
5630 {
5631 	wpa_printf(MSG_DEBUG, "Dropping SA without deauthentication");
5632 	/* MLME-DELETEKEYS.request */
5633 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 0, 0, NULL, 0, NULL,
5634 			0, KEY_FLAG_GROUP);
5635 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 1, 0, NULL, 0, NULL,
5636 			0, KEY_FLAG_GROUP);
5637 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 2, 0, NULL, 0, NULL,
5638 			0, KEY_FLAG_GROUP);
5639 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 3, 0, NULL, 0, NULL,
5640 			0, KEY_FLAG_GROUP);
5641 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 4, 0, NULL, 0, NULL,
5642 			0, KEY_FLAG_GROUP);
5643 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, 5, 0, NULL, 0, NULL,
5644 			0, KEY_FLAG_GROUP);
5645 
5646 	wpa_drv_set_key(wpa_s, WPA_ALG_NONE, wpa_s->bssid, 0, 0, NULL, 0, NULL,
5647 			0, KEY_FLAG_PAIRWISE);
5648 	if (wpa_sm_ext_key_id(wpa_s->wpa))
5649 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, wpa_s->bssid, 1, 0,
5650 				NULL, 0, NULL, 0, KEY_FLAG_PAIRWISE);
5651 	/* MLME-SETPROTECTION.request(None) */
5652 	wpa_drv_mlme_setprotection(wpa_s, wpa_s->bssid,
5653 				   MLME_SETPROTECTION_PROTECT_TYPE_NONE,
5654 				   MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
5655 	wpa_sm_drop_sa(wpa_s->wpa);
5656 }
5657 #endif /* CONFIG_TESTING_OPTIONS */
5658 
5659 
5660 static int wpa_supplicant_ctrl_iface_roam(struct wpa_supplicant *wpa_s,
5661 					  char *addr)
5662 {
5663 #ifdef CONFIG_NO_SCAN_PROCESSING
5664 	return -1;
5665 #else /* CONFIG_NO_SCAN_PROCESSING */
5666 	u8 bssid[ETH_ALEN];
5667 	struct wpa_bss *bss;
5668 	struct wpa_ssid *ssid = wpa_s->current_ssid;
5669 	struct wpa_radio_work *already_connecting;
5670 
5671 	if (hwaddr_aton(addr, bssid)) {
5672 		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: invalid "
5673 			   "address '%s'", addr);
5674 		return -1;
5675 	}
5676 
5677 	wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM " MACSTR, MAC2STR(bssid));
5678 
5679 	if (!ssid) {
5680 		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: No network "
5681 			   "configuration known for the target AP");
5682 		return -1;
5683 	}
5684 
5685 	bss = wpa_bss_get(wpa_s, bssid, ssid->ssid, ssid->ssid_len);
5686 	if (!bss) {
5687 		wpa_printf(MSG_DEBUG, "CTRL_IFACE ROAM: Target AP not found "
5688 			   "from BSS table");
5689 		return -1;
5690 	}
5691 
5692 	/*
5693 	 * TODO: Find best network configuration block from configuration to
5694 	 * allow roaming to other networks
5695 	 */
5696 
5697 	already_connecting = radio_work_pending(wpa_s, "sme-connect");
5698 	wpa_s->reassociate = 1;
5699 	wpa_supplicant_connect(wpa_s, bss, ssid);
5700 
5701 	/*
5702 	 * Indicate that an explicitly requested roam is in progress so scan
5703 	 * results that come in before the 'sme-connect' radio work gets
5704 	 * executed do not override the original connection attempt.
5705 	 */
5706 	if (!already_connecting && radio_work_pending(wpa_s, "sme-connect"))
5707 		wpa_s->roam_in_progress = true;
5708 
5709 	return 0;
5710 #endif /* CONFIG_NO_SCAN_PROCESSING */
5711 }
5712 
5713 
5714 #ifdef CONFIG_P2P
5715 static int p2p_ctrl_find(struct wpa_supplicant *wpa_s, char *cmd)
5716 {
5717 	unsigned int timeout = atoi(cmd);
5718 	enum p2p_discovery_type type = P2P_FIND_START_WITH_FULL;
5719 	u8 dev_id[ETH_ALEN], *_dev_id = NULL;
5720 	u8 dev_type[WPS_DEV_TYPE_LEN], *_dev_type = NULL;
5721 	char *pos;
5722 	unsigned int search_delay;
5723 	const char *_seek[P2P_MAX_QUERY_HASH + 1], **seek = NULL;
5724 	u8 seek_count = 0;
5725 	int freq = 0;
5726 	bool include_6ghz = false;
5727 
5728 	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
5729 		wpa_dbg(wpa_s, MSG_INFO,
5730 			"Reject P2P_FIND since interface is disabled");
5731 		return -1;
5732 	}
5733 
5734 	if (os_strstr(cmd, " include_6ghz"))
5735 		include_6ghz = true;
5736 	if (os_strstr(cmd, "type=social"))
5737 		type = P2P_FIND_ONLY_SOCIAL;
5738 	else if (os_strstr(cmd, "type=progressive"))
5739 		type = P2P_FIND_PROGRESSIVE;
5740 
5741 	pos = os_strstr(cmd, "dev_id=");
5742 	if (pos) {
5743 		pos += 7;
5744 		if (hwaddr_aton(pos, dev_id))
5745 			return -1;
5746 		_dev_id = dev_id;
5747 	}
5748 
5749 	pos = os_strstr(cmd, "dev_type=");
5750 	if (pos) {
5751 		pos += 9;
5752 		if (wps_dev_type_str2bin(pos, dev_type) < 0)
5753 			return -1;
5754 		_dev_type = dev_type;
5755 	}
5756 
5757 	pos = os_strstr(cmd, "delay=");
5758 	if (pos) {
5759 		pos += 6;
5760 		search_delay = atoi(pos);
5761 	} else
5762 		search_delay = wpas_p2p_search_delay(wpa_s);
5763 
5764 	pos = os_strstr(cmd, "freq=");
5765 	if (pos) {
5766 		pos += 5;
5767 		freq = atoi(pos);
5768 		if (freq <= 0)
5769 			return -1;
5770 	}
5771 
5772 	/* Must be searched for last, because it adds nul termination */
5773 	pos = os_strstr(cmd, " seek=");
5774 	if (pos)
5775 		pos += 6;
5776 	while (pos && seek_count < P2P_MAX_QUERY_HASH + 1) {
5777 		char *term;
5778 
5779 		_seek[seek_count++] = pos;
5780 		seek = _seek;
5781 		term = os_strchr(pos, ' ');
5782 		if (!term)
5783 			break;
5784 		*term = '\0';
5785 		pos = os_strstr(term + 1, "seek=");
5786 		if (pos)
5787 			pos += 5;
5788 	}
5789 	if (seek_count > P2P_MAX_QUERY_HASH) {
5790 		seek[0] = NULL;
5791 		seek_count = 1;
5792 	}
5793 
5794 	return wpas_p2p_find(wpa_s, timeout, type, _dev_type != NULL, _dev_type,
5795 			     _dev_id, search_delay, seek_count, seek, freq,
5796 			     include_6ghz);
5797 }
5798 
5799 
5800 static int p2ps_ctrl_parse_cpt_priority(const char *pos, u8 *cpt)
5801 {
5802 	const char *last = NULL;
5803 	const char *token;
5804 	long int token_len;
5805 	unsigned int i;
5806 
5807 	/* Expected predefined CPT names delimited by ':' */
5808 	for (i = 0; (token = cstr_token(pos, ": \t", &last)); i++) {
5809 		if (i >= P2PS_FEATURE_CAPAB_CPT_MAX) {
5810 			wpa_printf(MSG_ERROR,
5811 				   "P2PS: CPT name list is too long, expected up to %d names",
5812 				   P2PS_FEATURE_CAPAB_CPT_MAX);
5813 			cpt[0] = 0;
5814 			return -1;
5815 		}
5816 
5817 		token_len = last - token;
5818 
5819 		if (token_len  == 3 &&
5820 		    os_memcmp(token, "UDP", token_len) == 0) {
5821 			cpt[i] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
5822 		} else if (token_len == 3 &&
5823 			   os_memcmp(token, "MAC", token_len) == 0) {
5824 			cpt[i] = P2PS_FEATURE_CAPAB_MAC_TRANSPORT;
5825 		} else {
5826 			wpa_printf(MSG_ERROR,
5827 				   "P2PS: Unsupported CPT name '%s'", token);
5828 			cpt[0] = 0;
5829 			return -1;
5830 		}
5831 
5832 		if (isblank((unsigned char) *last)) {
5833 			i++;
5834 			break;
5835 		}
5836 	}
5837 	cpt[i] = 0;
5838 	return 0;
5839 }
5840 
5841 
5842 static struct p2ps_provision * p2p_parse_asp_provision_cmd(const char *cmd)
5843 {
5844 	struct p2ps_provision *p2ps_prov;
5845 	char *pos;
5846 	size_t info_len = 0;
5847 	char *info = NULL;
5848 	u8 role = P2PS_SETUP_NONE;
5849 	long long unsigned val;
5850 	int i;
5851 
5852 	pos = os_strstr(cmd, "info=");
5853 	if (pos) {
5854 		pos += 5;
5855 		info_len = os_strlen(pos);
5856 
5857 		if (info_len) {
5858 			info = os_malloc(info_len + 1);
5859 			if (info) {
5860 				info_len = utf8_unescape(pos, info_len,
5861 							 info, info_len + 1);
5862 			} else
5863 				info_len = 0;
5864 		}
5865 	}
5866 
5867 	p2ps_prov = os_zalloc(sizeof(struct p2ps_provision) + info_len + 1);
5868 	if (p2ps_prov == NULL) {
5869 		os_free(info);
5870 		return NULL;
5871 	}
5872 
5873 	if (info) {
5874 		os_memcpy(p2ps_prov->info, info, info_len);
5875 		p2ps_prov->info[info_len] = '\0';
5876 		os_free(info);
5877 	}
5878 
5879 	pos = os_strstr(cmd, "status=");
5880 	if (pos)
5881 		p2ps_prov->status = atoi(pos + 7);
5882 	else
5883 		p2ps_prov->status = -1;
5884 
5885 	pos = os_strstr(cmd, "adv_id=");
5886 	if (!pos || sscanf(pos + 7, "%llx", &val) != 1 || val > 0xffffffffULL)
5887 		goto invalid_args;
5888 	p2ps_prov->adv_id = val;
5889 
5890 	pos = os_strstr(cmd, "method=");
5891 	if (pos)
5892 		p2ps_prov->method = strtol(pos + 7, NULL, 16);
5893 	else
5894 		p2ps_prov->method = 0;
5895 
5896 	pos = os_strstr(cmd, "session=");
5897 	if (!pos || sscanf(pos + 8, "%llx", &val) != 1 || val > 0xffffffffULL)
5898 		goto invalid_args;
5899 	p2ps_prov->session_id = val;
5900 
5901 	pos = os_strstr(cmd, "adv_mac=");
5902 	if (!pos || hwaddr_aton(pos + 8, p2ps_prov->adv_mac))
5903 		goto invalid_args;
5904 
5905 	pos = os_strstr(cmd, "session_mac=");
5906 	if (!pos || hwaddr_aton(pos + 12, p2ps_prov->session_mac))
5907 		goto invalid_args;
5908 
5909 	pos = os_strstr(cmd, "cpt=");
5910 	if (pos) {
5911 		if (p2ps_ctrl_parse_cpt_priority(pos + 4,
5912 						 p2ps_prov->cpt_priority))
5913 			goto invalid_args;
5914 	} else {
5915 		p2ps_prov->cpt_priority[0] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
5916 	}
5917 
5918 	for (i = 0; p2ps_prov->cpt_priority[i]; i++)
5919 		p2ps_prov->cpt_mask |= p2ps_prov->cpt_priority[i];
5920 
5921 	/* force conncap with tstCap (no sanity checks) */
5922 	pos = os_strstr(cmd, "tstCap=");
5923 	if (pos) {
5924 		role = strtol(pos + 7, NULL, 16);
5925 	} else {
5926 		pos = os_strstr(cmd, "role=");
5927 		if (pos) {
5928 			role = strtol(pos + 5, NULL, 16);
5929 			if (role != P2PS_SETUP_CLIENT &&
5930 			    role != P2PS_SETUP_GROUP_OWNER)
5931 				role = P2PS_SETUP_NONE;
5932 		}
5933 	}
5934 	p2ps_prov->role = role;
5935 
5936 	return p2ps_prov;
5937 
5938 invalid_args:
5939 	os_free(p2ps_prov);
5940 	return NULL;
5941 }
5942 
5943 
5944 static int p2p_ctrl_asp_provision_resp(struct wpa_supplicant *wpa_s, char *cmd)
5945 {
5946 	u8 addr[ETH_ALEN];
5947 	struct p2ps_provision *p2ps_prov;
5948 	char *pos;
5949 
5950 	/* <addr> id=<adv_id> [role=<conncap>] [info=<infodata>] */
5951 
5952 	wpa_printf(MSG_DEBUG, "%s: %s", __func__, cmd);
5953 
5954 	if (hwaddr_aton(cmd, addr))
5955 		return -1;
5956 
5957 	pos = cmd + 17;
5958 	if (*pos != ' ')
5959 		return -1;
5960 
5961 	p2ps_prov = p2p_parse_asp_provision_cmd(pos);
5962 	if (!p2ps_prov)
5963 		return -1;
5964 
5965 	if (p2ps_prov->status < 0) {
5966 		os_free(p2ps_prov);
5967 		return -1;
5968 	}
5969 
5970 	return wpas_p2p_prov_disc(wpa_s, addr, NULL, WPAS_P2P_PD_FOR_ASP,
5971 				  p2ps_prov);
5972 }
5973 
5974 
5975 static int p2p_ctrl_asp_provision(struct wpa_supplicant *wpa_s, char *cmd)
5976 {
5977 	u8 addr[ETH_ALEN];
5978 	struct p2ps_provision *p2ps_prov;
5979 	char *pos;
5980 
5981 	/* <addr> id=<adv_id> adv_mac=<adv_mac> conncap=<conncap>
5982 	 *        session=<ses_id> mac=<ses_mac> [info=<infodata>]
5983 	 */
5984 
5985 	wpa_printf(MSG_DEBUG, "%s: %s", __func__, cmd);
5986 	if (hwaddr_aton(cmd, addr))
5987 		return -1;
5988 
5989 	pos = cmd + 17;
5990 	if (*pos != ' ')
5991 		return -1;
5992 
5993 	p2ps_prov = p2p_parse_asp_provision_cmd(pos);
5994 	if (!p2ps_prov)
5995 		return -1;
5996 
5997 	p2ps_prov->pd_seeker = 1;
5998 
5999 	return wpas_p2p_prov_disc(wpa_s, addr, NULL, WPAS_P2P_PD_FOR_ASP,
6000 				  p2ps_prov);
6001 }
6002 
6003 
6004 static int parse_freq(int chwidth, int freq2)
6005 {
6006 	if (freq2 < 0)
6007 		return -1;
6008 	if (freq2)
6009 		return CHANWIDTH_80P80MHZ;
6010 
6011 	switch (chwidth) {
6012 	case 0:
6013 	case 20:
6014 	case 40:
6015 		return CHANWIDTH_USE_HT;
6016 	case 80:
6017 		return CHANWIDTH_80MHZ;
6018 	case 160:
6019 		return CHANWIDTH_160MHZ;
6020 	default:
6021 		wpa_printf(MSG_DEBUG, "Unknown max oper bandwidth: %d",
6022 			   chwidth);
6023 		return -1;
6024 	}
6025 }
6026 
6027 
6028 static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd,
6029 			    char *buf, size_t buflen)
6030 {
6031 	u8 addr[ETH_ALEN];
6032 	char *pos, *pos2;
6033 	char *pin = NULL;
6034 	enum p2p_wps_method wps_method;
6035 	int new_pin;
6036 	int ret;
6037 	int persistent_group, persistent_id = -1;
6038 	int join;
6039 	int auth;
6040 	int automatic;
6041 	int go_intent = -1;
6042 	int freq = 0;
6043 	int pd;
6044 	int ht40, vht, max_oper_chwidth, chwidth = 0, freq2 = 0;
6045 	int edmg;
6046 	u8 _group_ssid[SSID_MAX_LEN], *group_ssid = NULL;
6047 	size_t group_ssid_len = 0;
6048 	int he;
6049 	bool allow_6ghz;
6050 
6051 	if (!wpa_s->global->p2p_init_wpa_s)
6052 		return -1;
6053 	if (wpa_s->global->p2p_init_wpa_s != wpa_s) {
6054 		wpa_dbg(wpa_s, MSG_DEBUG, "Direct P2P_CONNECT command to %s",
6055 			wpa_s->global->p2p_init_wpa_s->ifname);
6056 		wpa_s = wpa_s->global->p2p_init_wpa_s;
6057 	}
6058 
6059 	/* <addr> <"pbc" | "pin" | PIN> [label|display|keypad|p2ps]
6060 	 * [persistent|persistent=<network id>]
6061 	 * [join] [auth] [go_intent=<0..15>] [freq=<in MHz>] [provdisc]
6062 	 * [ht40] [vht] [he] [edmg] [auto] [ssid=<hexdump>] */
6063 
6064 	if (hwaddr_aton(cmd, addr))
6065 		return -1;
6066 
6067 	pos = cmd + 17;
6068 	if (*pos != ' ')
6069 		return -1;
6070 	pos++;
6071 
6072 	persistent_group = os_strstr(pos, " persistent") != NULL;
6073 	pos2 = os_strstr(pos, " persistent=");
6074 	if (pos2) {
6075 		struct wpa_ssid *ssid;
6076 		persistent_id = atoi(pos2 + 12);
6077 		ssid = wpa_config_get_network(wpa_s->conf, persistent_id);
6078 		if (ssid == NULL || ssid->disabled != 2 ||
6079 		    ssid->mode != WPAS_MODE_P2P_GO) {
6080 			wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
6081 				   "SSID id=%d for persistent P2P group (GO)",
6082 				   persistent_id);
6083 			return -1;
6084 		}
6085 	}
6086 	join = os_strstr(pos, " join") != NULL;
6087 	allow_6ghz = os_strstr(pos, " allow_6ghz") != NULL;
6088 	auth = os_strstr(pos, " auth") != NULL;
6089 	automatic = os_strstr(pos, " auto") != NULL;
6090 	pd = os_strstr(pos, " provdisc") != NULL;
6091 	vht = (os_strstr(cmd, " vht") != NULL) || wpa_s->conf->p2p_go_vht;
6092 	ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40 ||
6093 		vht;
6094 	he = (os_strstr(cmd, " he") != NULL) || wpa_s->conf->p2p_go_he;
6095 	edmg = (os_strstr(cmd, " edmg") != NULL) || wpa_s->conf->p2p_go_edmg;
6096 
6097 	pos2 = os_strstr(pos, " go_intent=");
6098 	if (pos2) {
6099 		pos2 += 11;
6100 		go_intent = atoi(pos2);
6101 		if (go_intent < 0 || go_intent > 15)
6102 			return -1;
6103 	}
6104 
6105 	pos2 = os_strstr(pos, " freq=");
6106 	if (pos2) {
6107 		pos2 += 6;
6108 		freq = atoi(pos2);
6109 		if (freq <= 0)
6110 			return -1;
6111 	}
6112 
6113 	pos2 = os_strstr(pos, " freq2=");
6114 	if (pos2)
6115 		freq2 = atoi(pos2 + 7);
6116 
6117 	pos2 = os_strstr(pos, " max_oper_chwidth=");
6118 	if (pos2)
6119 		chwidth = atoi(pos2 + 18);
6120 
6121 	max_oper_chwidth = parse_freq(chwidth, freq2);
6122 	if (max_oper_chwidth < 0)
6123 		return -1;
6124 
6125 	pos2 = os_strstr(pos, " ssid=");
6126 	if (pos2) {
6127 		char *end;
6128 
6129 		pos2 += 6;
6130 		end = os_strchr(pos2, ' ');
6131 		if (!end)
6132 			group_ssid_len = os_strlen(pos2) / 2;
6133 		else
6134 			group_ssid_len = (end - pos2) / 2;
6135 		if (group_ssid_len == 0 || group_ssid_len > SSID_MAX_LEN ||
6136 		    hexstr2bin(pos2, _group_ssid, group_ssid_len) < 0)
6137 			return -1;
6138 		group_ssid = _group_ssid;
6139 	}
6140 
6141 	if (os_strncmp(pos, "pin", 3) == 0) {
6142 		/* Request random PIN (to be displayed) and enable the PIN */
6143 		wps_method = WPS_PIN_DISPLAY;
6144 	} else if (os_strncmp(pos, "pbc", 3) == 0) {
6145 		wps_method = WPS_PBC;
6146 	} else if (os_strstr(pos, "p2ps") != NULL) {
6147 		wps_method = WPS_P2PS;
6148 	} else {
6149 		pin = pos;
6150 		pos = os_strchr(pin, ' ');
6151 		wps_method = WPS_PIN_KEYPAD;
6152 		if (pos) {
6153 			*pos++ = '\0';
6154 			if (os_strncmp(pos, "display", 7) == 0)
6155 				wps_method = WPS_PIN_DISPLAY;
6156 		}
6157 		if (!wps_pin_str_valid(pin)) {
6158 			os_memcpy(buf, "FAIL-INVALID-PIN\n", 17);
6159 			return 17;
6160 		}
6161 	}
6162 
6163 	new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
6164 				   persistent_group, automatic, join,
6165 				   auth, go_intent, freq, freq2, persistent_id,
6166 				   pd, ht40, vht, max_oper_chwidth, he, edmg,
6167 				   group_ssid, group_ssid_len, allow_6ghz);
6168 	if (new_pin == -2) {
6169 		os_memcpy(buf, "FAIL-CHANNEL-UNAVAILABLE\n", 25);
6170 		return 25;
6171 	}
6172 	if (new_pin == -3) {
6173 		os_memcpy(buf, "FAIL-CHANNEL-UNSUPPORTED\n", 25);
6174 		return 25;
6175 	}
6176 	if (new_pin < 0)
6177 		return -1;
6178 	if (wps_method == WPS_PIN_DISPLAY && pin == NULL) {
6179 		ret = os_snprintf(buf, buflen, "%08d", new_pin);
6180 		if (os_snprintf_error(buflen, ret))
6181 			return -1;
6182 		return ret;
6183 	}
6184 
6185 	os_memcpy(buf, "OK\n", 3);
6186 	return 3;
6187 }
6188 
6189 
6190 static int p2p_ctrl_listen(struct wpa_supplicant *wpa_s, char *cmd)
6191 {
6192 	unsigned int timeout = atoi(cmd);
6193 	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
6194 		wpa_dbg(wpa_s, MSG_INFO,
6195 			"Reject P2P_LISTEN since interface is disabled");
6196 		return -1;
6197 	}
6198 	return wpas_p2p_listen(wpa_s, timeout);
6199 }
6200 
6201 
6202 static int p2p_ctrl_prov_disc(struct wpa_supplicant *wpa_s, char *cmd)
6203 {
6204 	u8 addr[ETH_ALEN];
6205 	char *pos;
6206 	enum wpas_p2p_prov_disc_use use = WPAS_P2P_PD_FOR_GO_NEG;
6207 
6208 	/* <addr> <config method> [join|auto] */
6209 
6210 	if (hwaddr_aton(cmd, addr))
6211 		return -1;
6212 
6213 	pos = cmd + 17;
6214 	if (*pos != ' ')
6215 		return -1;
6216 	pos++;
6217 
6218 	if (os_strstr(pos, " join") != NULL)
6219 		use = WPAS_P2P_PD_FOR_JOIN;
6220 	else if (os_strstr(pos, " auto") != NULL)
6221 		use = WPAS_P2P_PD_AUTO;
6222 
6223 	return wpas_p2p_prov_disc(wpa_s, addr, pos, use, NULL);
6224 }
6225 
6226 
6227 static int p2p_get_passphrase(struct wpa_supplicant *wpa_s, char *buf,
6228 			      size_t buflen)
6229 {
6230 	struct wpa_ssid *ssid = wpa_s->current_ssid;
6231 
6232 	if (ssid == NULL || ssid->mode != WPAS_MODE_P2P_GO ||
6233 	    ssid->passphrase == NULL)
6234 		return -1;
6235 
6236 	os_strlcpy(buf, ssid->passphrase, buflen);
6237 	return os_strlen(buf);
6238 }
6239 
6240 
6241 static int p2p_ctrl_serv_disc_req(struct wpa_supplicant *wpa_s, char *cmd,
6242 				  char *buf, size_t buflen)
6243 {
6244 	u64 ref;
6245 	int res;
6246 	u8 dst_buf[ETH_ALEN], *dst;
6247 	struct wpabuf *tlvs;
6248 	char *pos;
6249 	size_t len;
6250 
6251 	if (hwaddr_aton(cmd, dst_buf))
6252 		return -1;
6253 	dst = dst_buf;
6254 	if (dst[0] == 0 && dst[1] == 0 && dst[2] == 0 &&
6255 	    dst[3] == 0 && dst[4] == 0 && dst[5] == 0)
6256 		dst = NULL;
6257 	pos = cmd + 17;
6258 	if (*pos != ' ')
6259 		return -1;
6260 	pos++;
6261 
6262 	if (os_strncmp(pos, "upnp ", 5) == 0) {
6263 		u8 version;
6264 		pos += 5;
6265 		if (hexstr2bin(pos, &version, 1) < 0)
6266 			return -1;
6267 		pos += 2;
6268 		if (*pos != ' ')
6269 			return -1;
6270 		pos++;
6271 		ref = wpas_p2p_sd_request_upnp(wpa_s, dst, version, pos);
6272 #ifdef CONFIG_WIFI_DISPLAY
6273 	} else if (os_strncmp(pos, "wifi-display ", 13) == 0) {
6274 		ref = wpas_p2p_sd_request_wifi_display(wpa_s, dst, pos + 13);
6275 #endif /* CONFIG_WIFI_DISPLAY */
6276 	} else if (os_strncmp(pos, "asp ", 4) == 0) {
6277 		char *svc_str;
6278 		char *svc_info = NULL;
6279 		u32 id;
6280 
6281 		pos += 4;
6282 		if (sscanf(pos, "%x", &id) != 1 || id > 0xff)
6283 			return -1;
6284 
6285 		pos = os_strchr(pos, ' ');
6286 		if (pos == NULL || pos[1] == '\0' || pos[1] == ' ')
6287 			return -1;
6288 
6289 		svc_str = pos + 1;
6290 
6291 		pos = os_strchr(svc_str, ' ');
6292 
6293 		if (pos)
6294 			*pos++ = '\0';
6295 
6296 		/* All remaining data is the svc_info string */
6297 		if (pos && pos[0] && pos[0] != ' ') {
6298 			len = os_strlen(pos);
6299 
6300 			/* Unescape in place */
6301 			len = utf8_unescape(pos, len, pos, len);
6302 			if (len > 0xff)
6303 				return -1;
6304 
6305 			svc_info = pos;
6306 		}
6307 
6308 		ref = wpas_p2p_sd_request_asp(wpa_s, dst, (u8) id,
6309 					      svc_str, svc_info);
6310 	} else {
6311 		len = os_strlen(pos);
6312 		if (len & 1)
6313 			return -1;
6314 		len /= 2;
6315 		tlvs = wpabuf_alloc(len);
6316 		if (tlvs == NULL)
6317 			return -1;
6318 		if (hexstr2bin(pos, wpabuf_put(tlvs, len), len) < 0) {
6319 			wpabuf_free(tlvs);
6320 			return -1;
6321 		}
6322 
6323 		ref = wpas_p2p_sd_request(wpa_s, dst, tlvs);
6324 		wpabuf_free(tlvs);
6325 	}
6326 	if (ref == 0)
6327 		return -1;
6328 	res = os_snprintf(buf, buflen, "%llx", (long long unsigned) ref);
6329 	if (os_snprintf_error(buflen, res))
6330 		return -1;
6331 	return res;
6332 }
6333 
6334 
6335 static int p2p_ctrl_serv_disc_cancel_req(struct wpa_supplicant *wpa_s,
6336 					 char *cmd)
6337 {
6338 	long long unsigned val;
6339 	u64 req;
6340 	if (sscanf(cmd, "%llx", &val) != 1)
6341 		return -1;
6342 	req = val;
6343 	return wpas_p2p_sd_cancel_request(wpa_s, req);
6344 }
6345 
6346 
6347 static int p2p_ctrl_serv_disc_resp(struct wpa_supplicant *wpa_s, char *cmd)
6348 {
6349 	int freq;
6350 	u8 dst[ETH_ALEN];
6351 	u8 dialog_token;
6352 	struct wpabuf *resp_tlvs;
6353 	char *pos, *pos2;
6354 	size_t len;
6355 
6356 	pos = os_strchr(cmd, ' ');
6357 	if (pos == NULL)
6358 		return -1;
6359 	*pos++ = '\0';
6360 	freq = atoi(cmd);
6361 	if (freq == 0)
6362 		return -1;
6363 
6364 	if (hwaddr_aton(pos, dst))
6365 		return -1;
6366 	pos += 17;
6367 	if (*pos != ' ')
6368 		return -1;
6369 	pos++;
6370 
6371 	pos2 = os_strchr(pos, ' ');
6372 	if (pos2 == NULL)
6373 		return -1;
6374 	*pos2++ = '\0';
6375 	dialog_token = atoi(pos);
6376 
6377 	len = os_strlen(pos2);
6378 	if (len & 1)
6379 		return -1;
6380 	len /= 2;
6381 	resp_tlvs = wpabuf_alloc(len);
6382 	if (resp_tlvs == NULL)
6383 		return -1;
6384 	if (hexstr2bin(pos2, wpabuf_put(resp_tlvs, len), len) < 0) {
6385 		wpabuf_free(resp_tlvs);
6386 		return -1;
6387 	}
6388 
6389 	wpas_p2p_sd_response(wpa_s, freq, dst, dialog_token, resp_tlvs);
6390 	wpabuf_free(resp_tlvs);
6391 	return 0;
6392 }
6393 
6394 
6395 static int p2p_ctrl_serv_disc_external(struct wpa_supplicant *wpa_s,
6396 				       char *cmd)
6397 {
6398 	if (os_strcmp(cmd, "0") && os_strcmp(cmd, "1"))
6399 		return -1;
6400 	wpa_s->p2p_sd_over_ctrl_iface = atoi(cmd);
6401 	return 0;
6402 }
6403 
6404 
6405 static int p2p_ctrl_service_add_bonjour(struct wpa_supplicant *wpa_s,
6406 					char *cmd)
6407 {
6408 	char *pos;
6409 	size_t len;
6410 	struct wpabuf *query, *resp;
6411 
6412 	pos = os_strchr(cmd, ' ');
6413 	if (pos == NULL)
6414 		return -1;
6415 	*pos++ = '\0';
6416 
6417 	len = os_strlen(cmd);
6418 	if (len & 1)
6419 		return -1;
6420 	len /= 2;
6421 	query = wpabuf_alloc(len);
6422 	if (query == NULL)
6423 		return -1;
6424 	if (hexstr2bin(cmd, wpabuf_put(query, len), len) < 0) {
6425 		wpabuf_free(query);
6426 		return -1;
6427 	}
6428 
6429 	len = os_strlen(pos);
6430 	if (len & 1) {
6431 		wpabuf_free(query);
6432 		return -1;
6433 	}
6434 	len /= 2;
6435 	resp = wpabuf_alloc(len);
6436 	if (resp == NULL) {
6437 		wpabuf_free(query);
6438 		return -1;
6439 	}
6440 	if (hexstr2bin(pos, wpabuf_put(resp, len), len) < 0) {
6441 		wpabuf_free(query);
6442 		wpabuf_free(resp);
6443 		return -1;
6444 	}
6445 
6446 	if (wpas_p2p_service_add_bonjour(wpa_s, query, resp) < 0) {
6447 		wpabuf_free(query);
6448 		wpabuf_free(resp);
6449 		return -1;
6450 	}
6451 	return 0;
6452 }
6453 
6454 
6455 static int p2p_ctrl_service_add_upnp(struct wpa_supplicant *wpa_s, char *cmd)
6456 {
6457 	char *pos;
6458 	u8 version;
6459 
6460 	pos = os_strchr(cmd, ' ');
6461 	if (pos == NULL)
6462 		return -1;
6463 	*pos++ = '\0';
6464 
6465 	if (hexstr2bin(cmd, &version, 1) < 0)
6466 		return -1;
6467 
6468 	return wpas_p2p_service_add_upnp(wpa_s, version, pos);
6469 }
6470 
6471 
6472 static int p2p_ctrl_service_add_asp(struct wpa_supplicant *wpa_s,
6473 				    u8 replace, char *cmd)
6474 {
6475 	char *pos;
6476 	char *adv_str;
6477 	u32 auto_accept, adv_id, svc_state, config_methods;
6478 	char *svc_info = NULL;
6479 	char *cpt_prio_str;
6480 	u8 cpt_prio[P2PS_FEATURE_CAPAB_CPT_MAX + 1];
6481 
6482 	pos = os_strchr(cmd, ' ');
6483 	if (pos == NULL)
6484 		return -1;
6485 	*pos++ = '\0';
6486 
6487 	/* Auto-Accept value is mandatory, and must be one of the
6488 	 * single values (0, 1, 2, 4) */
6489 	auto_accept = atoi(cmd);
6490 	switch (auto_accept) {
6491 	case P2PS_SETUP_NONE: /* No auto-accept */
6492 	case P2PS_SETUP_NEW:
6493 	case P2PS_SETUP_CLIENT:
6494 	case P2PS_SETUP_GROUP_OWNER:
6495 		break;
6496 	default:
6497 		return -1;
6498 	}
6499 
6500 	/* Advertisement ID is mandatory */
6501 	cmd = pos;
6502 	pos = os_strchr(cmd, ' ');
6503 	if (pos == NULL)
6504 		return -1;
6505 	*pos++ = '\0';
6506 
6507 	/* Handle Adv_ID == 0 (wildcard "org.wi-fi.wfds") internally. */
6508 	if (sscanf(cmd, "%x", &adv_id) != 1 || adv_id == 0)
6509 		return -1;
6510 
6511 	/* Only allow replacements if exist, and adds if not */
6512 	if (wpas_p2p_service_p2ps_id_exists(wpa_s, adv_id)) {
6513 		if (!replace)
6514 			return -1;
6515 	} else {
6516 		if (replace)
6517 			return -1;
6518 	}
6519 
6520 	/* svc_state between 0 - 0xff is mandatory */
6521 	if (sscanf(pos, "%x", &svc_state) != 1 || svc_state > 0xff)
6522 		return -1;
6523 
6524 	pos = os_strchr(pos, ' ');
6525 	if (pos == NULL)
6526 		return -1;
6527 
6528 	/* config_methods is mandatory */
6529 	pos++;
6530 	if (sscanf(pos, "%x", &config_methods) != 1)
6531 		return -1;
6532 
6533 	if (!(config_methods &
6534 	      (WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD | WPS_CONFIG_P2PS)))
6535 		return -1;
6536 
6537 	pos = os_strchr(pos, ' ');
6538 	if (pos == NULL)
6539 		return -1;
6540 
6541 	pos++;
6542 	adv_str = pos;
6543 
6544 	/* Advertisement string is mandatory */
6545 	if (!pos[0] || pos[0] == ' ')
6546 		return -1;
6547 
6548 	/* Terminate svc string */
6549 	pos = os_strchr(pos, ' ');
6550 	if (pos != NULL)
6551 		*pos++ = '\0';
6552 
6553 	cpt_prio_str = (pos && pos[0]) ? os_strstr(pos, "cpt=") : NULL;
6554 	if (cpt_prio_str) {
6555 		pos = os_strchr(pos, ' ');
6556 		if (pos != NULL)
6557 			*pos++ = '\0';
6558 
6559 		if (p2ps_ctrl_parse_cpt_priority(cpt_prio_str + 4, cpt_prio))
6560 			return -1;
6561 	} else {
6562 		cpt_prio[0] = P2PS_FEATURE_CAPAB_UDP_TRANSPORT;
6563 		cpt_prio[1] = 0;
6564 	}
6565 
6566 	/* Service and Response Information are optional */
6567 	if (pos && pos[0]) {
6568 		size_t len;
6569 
6570 		/* Note the bare ' included, which cannot exist legally
6571 		 * in unescaped string. */
6572 		svc_info = os_strstr(pos, "svc_info='");
6573 
6574 		if (svc_info) {
6575 			svc_info += 9;
6576 			len = os_strlen(svc_info);
6577 			utf8_unescape(svc_info, len, svc_info, len);
6578 		}
6579 	}
6580 
6581 	return wpas_p2p_service_add_asp(wpa_s, auto_accept, adv_id, adv_str,
6582 					(u8) svc_state, (u16) config_methods,
6583 					svc_info, cpt_prio);
6584 }
6585 
6586 
6587 static int p2p_ctrl_service_add(struct wpa_supplicant *wpa_s, char *cmd)
6588 {
6589 	char *pos;
6590 
6591 	pos = os_strchr(cmd, ' ');
6592 	if (pos == NULL)
6593 		return -1;
6594 	*pos++ = '\0';
6595 
6596 	if (os_strcmp(cmd, "bonjour") == 0)
6597 		return p2p_ctrl_service_add_bonjour(wpa_s, pos);
6598 	if (os_strcmp(cmd, "upnp") == 0)
6599 		return p2p_ctrl_service_add_upnp(wpa_s, pos);
6600 	if (os_strcmp(cmd, "asp") == 0)
6601 		return p2p_ctrl_service_add_asp(wpa_s, 0, pos);
6602 	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
6603 	return -1;
6604 }
6605 
6606 
6607 static int p2p_ctrl_service_del_bonjour(struct wpa_supplicant *wpa_s,
6608 					char *cmd)
6609 {
6610 	size_t len;
6611 	struct wpabuf *query;
6612 	int ret;
6613 
6614 	len = os_strlen(cmd);
6615 	if (len & 1)
6616 		return -1;
6617 	len /= 2;
6618 	query = wpabuf_alloc(len);
6619 	if (query == NULL)
6620 		return -1;
6621 	if (hexstr2bin(cmd, wpabuf_put(query, len), len) < 0) {
6622 		wpabuf_free(query);
6623 		return -1;
6624 	}
6625 
6626 	ret = wpas_p2p_service_del_bonjour(wpa_s, query);
6627 	wpabuf_free(query);
6628 	return ret;
6629 }
6630 
6631 
6632 static int p2p_ctrl_service_del_upnp(struct wpa_supplicant *wpa_s, char *cmd)
6633 {
6634 	char *pos;
6635 	u8 version;
6636 
6637 	pos = os_strchr(cmd, ' ');
6638 	if (pos == NULL)
6639 		return -1;
6640 	*pos++ = '\0';
6641 
6642 	if (hexstr2bin(cmd, &version, 1) < 0)
6643 		return -1;
6644 
6645 	return wpas_p2p_service_del_upnp(wpa_s, version, pos);
6646 }
6647 
6648 
6649 static int p2p_ctrl_service_del_asp(struct wpa_supplicant *wpa_s, char *cmd)
6650 {
6651 	u32 adv_id;
6652 
6653 	if (os_strcmp(cmd, "all") == 0) {
6654 		wpas_p2p_service_flush_asp(wpa_s);
6655 		return 0;
6656 	}
6657 
6658 	if (sscanf(cmd, "%x", &adv_id) != 1)
6659 		return -1;
6660 
6661 	return wpas_p2p_service_del_asp(wpa_s, adv_id);
6662 }
6663 
6664 
6665 static int p2p_ctrl_service_del(struct wpa_supplicant *wpa_s, char *cmd)
6666 {
6667 	char *pos;
6668 
6669 	pos = os_strchr(cmd, ' ');
6670 	if (pos == NULL)
6671 		return -1;
6672 	*pos++ = '\0';
6673 
6674 	if (os_strcmp(cmd, "bonjour") == 0)
6675 		return p2p_ctrl_service_del_bonjour(wpa_s, pos);
6676 	if (os_strcmp(cmd, "upnp") == 0)
6677 		return p2p_ctrl_service_del_upnp(wpa_s, pos);
6678 	if (os_strcmp(cmd, "asp") == 0)
6679 		return p2p_ctrl_service_del_asp(wpa_s, pos);
6680 	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
6681 	return -1;
6682 }
6683 
6684 
6685 static int p2p_ctrl_service_replace(struct wpa_supplicant *wpa_s, char *cmd)
6686 {
6687 	char *pos;
6688 
6689 	pos = os_strchr(cmd, ' ');
6690 	if (pos == NULL)
6691 		return -1;
6692 	*pos++ = '\0';
6693 
6694 	if (os_strcmp(cmd, "asp") == 0)
6695 		return p2p_ctrl_service_add_asp(wpa_s, 1, pos);
6696 
6697 	wpa_printf(MSG_DEBUG, "Unknown service '%s'", cmd);
6698 	return -1;
6699 }
6700 
6701 
6702 static int p2p_ctrl_reject(struct wpa_supplicant *wpa_s, char *cmd)
6703 {
6704 	u8 addr[ETH_ALEN];
6705 
6706 	/* <addr> */
6707 
6708 	if (hwaddr_aton(cmd, addr))
6709 		return -1;
6710 
6711 	return wpas_p2p_reject(wpa_s, addr);
6712 }
6713 
6714 
6715 static int p2p_ctrl_invite_persistent(struct wpa_supplicant *wpa_s, char *cmd)
6716 {
6717 	char *pos;
6718 	int id;
6719 	struct wpa_ssid *ssid;
6720 	u8 *_peer = NULL, peer[ETH_ALEN];
6721 	int freq = 0, pref_freq = 0;
6722 	int ht40, vht, he, max_oper_chwidth, chwidth = 0, freq2 = 0;
6723 	int edmg;
6724 	bool allow_6ghz;
6725 
6726 	id = atoi(cmd);
6727 	pos = os_strstr(cmd, " peer=");
6728 	if (pos) {
6729 		pos += 6;
6730 		if (hwaddr_aton(pos, peer))
6731 			return -1;
6732 		_peer = peer;
6733 	}
6734 	ssid = wpa_config_get_network(wpa_s->conf, id);
6735 	if (ssid == NULL || ssid->disabled != 2) {
6736 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
6737 			   "for persistent P2P group",
6738 			   id);
6739 		return -1;
6740 	}
6741 
6742 	pos = os_strstr(cmd, " freq=");
6743 	if (pos) {
6744 		pos += 6;
6745 		freq = atoi(pos);
6746 		if (freq <= 0)
6747 			return -1;
6748 	}
6749 
6750 	pos = os_strstr(cmd, " pref=");
6751 	if (pos) {
6752 		pos += 6;
6753 		pref_freq = atoi(pos);
6754 		if (pref_freq <= 0)
6755 			return -1;
6756 	}
6757 
6758 	vht = (os_strstr(cmd, " vht") != NULL) || wpa_s->conf->p2p_go_vht;
6759 	ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40 ||
6760 		vht;
6761 	he = (os_strstr(cmd, " he") != NULL) || wpa_s->conf->p2p_go_he;
6762 	edmg = (os_strstr(cmd, " edmg") != NULL) || wpa_s->conf->p2p_go_edmg;
6763 
6764 	pos = os_strstr(cmd, "freq2=");
6765 	if (pos)
6766 		freq2 = atoi(pos + 6);
6767 
6768 	pos = os_strstr(cmd, " max_oper_chwidth=");
6769 	if (pos)
6770 		chwidth = atoi(pos + 18);
6771 
6772 	max_oper_chwidth = parse_freq(chwidth, freq2);
6773 	if (max_oper_chwidth < 0)
6774 		return -1;
6775 
6776 	allow_6ghz = os_strstr(cmd, " allow_6ghz") != NULL;
6777 
6778 	return wpas_p2p_invite(wpa_s, _peer, ssid, NULL, freq, freq2, ht40, vht,
6779 			       max_oper_chwidth, pref_freq, he, edmg,
6780 			       allow_6ghz);
6781 }
6782 
6783 
6784 static int p2p_ctrl_invite_group(struct wpa_supplicant *wpa_s, char *cmd)
6785 {
6786 	char *pos;
6787 	u8 peer[ETH_ALEN], go_dev_addr[ETH_ALEN], *go_dev = NULL;
6788 	bool allow_6ghz;
6789 
6790 	pos = os_strstr(cmd, " peer=");
6791 	if (!pos)
6792 		return -1;
6793 
6794 	*pos = '\0';
6795 	pos += 6;
6796 	if (hwaddr_aton(pos, peer)) {
6797 		wpa_printf(MSG_DEBUG, "P2P: Invalid MAC address '%s'", pos);
6798 		return -1;
6799 	}
6800 
6801 	allow_6ghz = os_strstr(pos, " allow_6ghz") != NULL;
6802 
6803 	pos = os_strstr(pos, " go_dev_addr=");
6804 	if (pos) {
6805 		pos += 13;
6806 		if (hwaddr_aton(pos, go_dev_addr)) {
6807 			wpa_printf(MSG_DEBUG, "P2P: Invalid MAC address '%s'",
6808 				   pos);
6809 			return -1;
6810 		}
6811 		go_dev = go_dev_addr;
6812 	}
6813 
6814 	return wpas_p2p_invite_group(wpa_s, cmd, peer, go_dev, allow_6ghz);
6815 }
6816 
6817 
6818 static int p2p_ctrl_invite(struct wpa_supplicant *wpa_s, char *cmd)
6819 {
6820 	if (os_strncmp(cmd, "persistent=", 11) == 0)
6821 		return p2p_ctrl_invite_persistent(wpa_s, cmd + 11);
6822 	if (os_strncmp(cmd, "group=", 6) == 0)
6823 		return p2p_ctrl_invite_group(wpa_s, cmd + 6);
6824 
6825 	return -1;
6826 }
6827 
6828 
6829 static int p2p_ctrl_group_add_persistent(struct wpa_supplicant *wpa_s,
6830 					 int id, int freq, int vht_center_freq2,
6831 					 int ht40, int vht, int vht_chwidth,
6832 					 int he, int edmg, bool allow_6ghz)
6833 {
6834 	struct wpa_ssid *ssid;
6835 
6836 	ssid = wpa_config_get_network(wpa_s->conf, id);
6837 	if (ssid == NULL || ssid->disabled != 2) {
6838 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find SSID id=%d "
6839 			   "for persistent P2P group",
6840 			   id);
6841 		return -1;
6842 	}
6843 
6844 	return wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq,
6845 					     vht_center_freq2, 0, ht40, vht,
6846 					     vht_chwidth, he, edmg,
6847 					     NULL, 0, 0, allow_6ghz);
6848 }
6849 
6850 
6851 static int p2p_ctrl_group_add(struct wpa_supplicant *wpa_s, char *cmd)
6852 {
6853 	int freq = 0, persistent = 0, group_id = -1;
6854 	bool allow_6ghz = false;
6855 	int vht = wpa_s->conf->p2p_go_vht;
6856 	int ht40 = wpa_s->conf->p2p_go_ht40 || vht;
6857 	int he = wpa_s->conf->p2p_go_he;
6858 	int edmg = wpa_s->conf->p2p_go_edmg;
6859 	int max_oper_chwidth, chwidth = 0, freq2 = 0;
6860 	char *token, *context = NULL;
6861 #ifdef CONFIG_ACS
6862 	int acs = 0;
6863 #endif /* CONFIG_ACS */
6864 
6865 	while ((token = str_token(cmd, " ", &context))) {
6866 		if (sscanf(token, "freq2=%d", &freq2) == 1 ||
6867 		    sscanf(token, "persistent=%d", &group_id) == 1 ||
6868 		    sscanf(token, "max_oper_chwidth=%d", &chwidth) == 1) {
6869 			continue;
6870 #ifdef CONFIG_ACS
6871 		} else if (os_strcmp(token, "freq=acs") == 0) {
6872 			acs = 1;
6873 #endif /* CONFIG_ACS */
6874 		} else if (sscanf(token, "freq=%d", &freq) == 1) {
6875 			continue;
6876 		} else if (os_strcmp(token, "ht40") == 0) {
6877 			ht40 = 1;
6878 		} else if (os_strcmp(token, "vht") == 0) {
6879 			vht = 1;
6880 			ht40 = 1;
6881 		} else if (os_strcmp(token, "he") == 0) {
6882 			he = 1;
6883 		} else if (os_strcmp(token, "edmg") == 0) {
6884 			edmg = 1;
6885 		} else if (os_strcmp(token, "persistent") == 0) {
6886 			persistent = 1;
6887 		} else if (os_strcmp(token, "allow_6ghz") == 0) {
6888 			allow_6ghz = true;
6889 		} else {
6890 			wpa_printf(MSG_DEBUG,
6891 				   "CTRL: Invalid P2P_GROUP_ADD parameter: '%s'",
6892 				   token);
6893 			return -1;
6894 		}
6895 	}
6896 
6897 #ifdef CONFIG_ACS
6898 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_ACS_OFFLOAD) &&
6899 	    (acs || freq == 2 || freq == 5)) {
6900 		if (freq == 2 && wpa_s->best_24_freq <= 0) {
6901 			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211G;
6902 			wpa_s->p2p_go_do_acs = 1;
6903 			freq = 0;
6904 		} else if (freq == 5 && wpa_s->best_5_freq <= 0) {
6905 			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211A;
6906 			wpa_s->p2p_go_do_acs = 1;
6907 			freq = 0;
6908 		} else {
6909 			wpa_s->p2p_go_acs_band = HOSTAPD_MODE_IEEE80211ANY;
6910 			wpa_s->p2p_go_do_acs = 1;
6911 		}
6912 	} else {
6913 		wpa_s->p2p_go_do_acs = 0;
6914 	}
6915 #endif /* CONFIG_ACS */
6916 
6917 	max_oper_chwidth = parse_freq(chwidth, freq2);
6918 	if (max_oper_chwidth < 0)
6919 		return -1;
6920 
6921 	if (group_id >= 0)
6922 		return p2p_ctrl_group_add_persistent(wpa_s, group_id,
6923 						     freq, freq2, ht40, vht,
6924 						     max_oper_chwidth, he,
6925 						     edmg, allow_6ghz);
6926 
6927 	return wpas_p2p_group_add(wpa_s, persistent, freq, freq2, ht40, vht,
6928 				  max_oper_chwidth, he, edmg, allow_6ghz);
6929 }
6930 
6931 
6932 static int p2p_ctrl_group_member(struct wpa_supplicant *wpa_s, const char *cmd,
6933 				 char *buf, size_t buflen)
6934 {
6935 	u8 dev_addr[ETH_ALEN];
6936 	struct wpa_ssid *ssid;
6937 	int res;
6938 	const u8 *iaddr;
6939 
6940 	ssid = wpa_s->current_ssid;
6941 	if (!wpa_s->global->p2p || !ssid || ssid->mode != WPAS_MODE_P2P_GO ||
6942 	    hwaddr_aton(cmd, dev_addr))
6943 		return -1;
6944 
6945 	iaddr = p2p_group_get_client_interface_addr(wpa_s->p2p_group, dev_addr);
6946 	if (!iaddr)
6947 		return -1;
6948 	res = os_snprintf(buf, buflen, MACSTR, MAC2STR(iaddr));
6949 	if (os_snprintf_error(buflen, res))
6950 		return -1;
6951 	return res;
6952 }
6953 
6954 
6955 static int wpas_find_p2p_dev_addr_bss(struct wpa_global *global,
6956 				      const u8 *p2p_dev_addr)
6957 {
6958 	struct wpa_supplicant *wpa_s;
6959 
6960 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6961 		if (wpa_bss_get_p2p_dev_addr(wpa_s, p2p_dev_addr))
6962 			return 1;
6963 	}
6964 
6965 	return 0;
6966 }
6967 
6968 
6969 static int p2p_ctrl_peer(struct wpa_supplicant *wpa_s, char *cmd,
6970 			 char *buf, size_t buflen)
6971 {
6972 	u8 addr[ETH_ALEN], *addr_ptr, group_capab;
6973 	int next, res;
6974 	const struct p2p_peer_info *info;
6975 	char *pos, *end;
6976 	char devtype[WPS_DEV_TYPE_BUFSIZE];
6977 	struct wpa_ssid *ssid;
6978 	size_t i;
6979 
6980 	if (!wpa_s->global->p2p)
6981 		return -1;
6982 
6983 	if (os_strcmp(cmd, "FIRST") == 0) {
6984 		addr_ptr = NULL;
6985 		next = 0;
6986 	} else if (os_strncmp(cmd, "NEXT-", 5) == 0) {
6987 		if (hwaddr_aton(cmd + 5, addr) < 0)
6988 			return -1;
6989 		addr_ptr = addr;
6990 		next = 1;
6991 	} else {
6992 		if (hwaddr_aton(cmd, addr) < 0)
6993 			return -1;
6994 		addr_ptr = addr;
6995 		next = 0;
6996 	}
6997 
6998 	info = p2p_get_peer_info(wpa_s->global->p2p, addr_ptr, next);
6999 	if (info == NULL)
7000 		return -1;
7001 	group_capab = info->group_capab;
7002 
7003 	if (group_capab &&
7004 	    !wpas_find_p2p_dev_addr_bss(wpa_s->global, info->p2p_device_addr)) {
7005 		wpa_printf(MSG_DEBUG,
7006 			   "P2P: Could not find any BSS with p2p_dev_addr "
7007 			   MACSTR ", hence override group_capab from 0x%x to 0",
7008 			   MAC2STR(info->p2p_device_addr), group_capab);
7009 		group_capab = 0;
7010 	}
7011 
7012 	pos = buf;
7013 	end = buf + buflen;
7014 
7015 	res = os_snprintf(pos, end - pos, MACSTR "\n"
7016 			  "pri_dev_type=%s\n"
7017 			  "device_name=%s\n"
7018 			  "manufacturer=%s\n"
7019 			  "model_name=%s\n"
7020 			  "model_number=%s\n"
7021 			  "serial_number=%s\n"
7022 			  "config_methods=0x%x\n"
7023 			  "dev_capab=0x%x\n"
7024 			  "group_capab=0x%x\n"
7025 			  "level=%d\n",
7026 			  MAC2STR(info->p2p_device_addr),
7027 			  wps_dev_type_bin2str(info->pri_dev_type,
7028 					       devtype, sizeof(devtype)),
7029 			  info->device_name,
7030 			  info->manufacturer,
7031 			  info->model_name,
7032 			  info->model_number,
7033 			  info->serial_number,
7034 			  info->config_methods,
7035 			  info->dev_capab,
7036 			  group_capab,
7037 			  info->level);
7038 	if (os_snprintf_error(end - pos, res))
7039 		return pos - buf;
7040 	pos += res;
7041 
7042 	for (i = 0; i < info->wps_sec_dev_type_list_len / WPS_DEV_TYPE_LEN; i++)
7043 	{
7044 		const u8 *t;
7045 		t = &info->wps_sec_dev_type_list[i * WPS_DEV_TYPE_LEN];
7046 		res = os_snprintf(pos, end - pos, "sec_dev_type=%s\n",
7047 				  wps_dev_type_bin2str(t, devtype,
7048 						       sizeof(devtype)));
7049 		if (os_snprintf_error(end - pos, res))
7050 			return pos - buf;
7051 		pos += res;
7052 	}
7053 
7054 	ssid = wpas_p2p_get_persistent(wpa_s, info->p2p_device_addr, NULL, 0);
7055 	if (ssid) {
7056 		res = os_snprintf(pos, end - pos, "persistent=%d\n", ssid->id);
7057 		if (os_snprintf_error(end - pos, res))
7058 			return pos - buf;
7059 		pos += res;
7060 	}
7061 
7062 	res = p2p_get_peer_info_txt(info, pos, end - pos);
7063 	if (res < 0)
7064 		return pos - buf;
7065 	pos += res;
7066 
7067 	if (info->vendor_elems) {
7068 		res = os_snprintf(pos, end - pos, "vendor_elems=");
7069 		if (os_snprintf_error(end - pos, res))
7070 			return pos - buf;
7071 		pos += res;
7072 
7073 		pos += wpa_snprintf_hex(pos, end - pos,
7074 					wpabuf_head(info->vendor_elems),
7075 					wpabuf_len(info->vendor_elems));
7076 
7077 		res = os_snprintf(pos, end - pos, "\n");
7078 		if (os_snprintf_error(end - pos, res))
7079 			return pos - buf;
7080 		pos += res;
7081 	}
7082 
7083 	return pos - buf;
7084 }
7085 
7086 
7087 static int p2p_ctrl_disallow_freq(struct wpa_supplicant *wpa_s,
7088 				  const char *param)
7089 {
7090 	unsigned int i;
7091 
7092 	if (wpa_s->global->p2p == NULL)
7093 		return -1;
7094 
7095 	if (freq_range_list_parse(&wpa_s->global->p2p_disallow_freq, param) < 0)
7096 		return -1;
7097 
7098 	for (i = 0; i < wpa_s->global->p2p_disallow_freq.num; i++) {
7099 		struct wpa_freq_range *freq;
7100 		freq = &wpa_s->global->p2p_disallow_freq.range[i];
7101 		wpa_printf(MSG_DEBUG, "P2P: Disallowed frequency range %u-%u",
7102 			   freq->min, freq->max);
7103 	}
7104 
7105 	wpas_p2p_update_channel_list(wpa_s, WPAS_P2P_CHANNEL_UPDATE_DISALLOW);
7106 	return 0;
7107 }
7108 
7109 
7110 static int p2p_ctrl_set(struct wpa_supplicant *wpa_s, char *cmd)
7111 {
7112 	char *param;
7113 
7114 	if (wpa_s->global->p2p == NULL)
7115 		return -1;
7116 
7117 	param = os_strchr(cmd, ' ');
7118 	if (param == NULL)
7119 		return -1;
7120 	*param++ = '\0';
7121 
7122 	if (os_strcmp(cmd, "discoverability") == 0) {
7123 		p2p_set_client_discoverability(wpa_s->global->p2p,
7124 					       atoi(param));
7125 		return 0;
7126 	}
7127 
7128 	if (os_strcmp(cmd, "managed") == 0) {
7129 		p2p_set_managed_oper(wpa_s->global->p2p, atoi(param));
7130 		return 0;
7131 	}
7132 
7133 	if (os_strcmp(cmd, "listen_channel") == 0) {
7134 		char *pos;
7135 		u8 channel, op_class;
7136 
7137 		channel = atoi(param);
7138 		pos = os_strchr(param, ' ');
7139 		op_class = pos ? atoi(pos) : 81;
7140 
7141 		return p2p_set_listen_channel(wpa_s->global->p2p, op_class,
7142 					      channel, 1);
7143 	}
7144 
7145 	if (os_strcmp(cmd, "ssid_postfix") == 0) {
7146 		return p2p_set_ssid_postfix(wpa_s->global->p2p, (u8 *) param,
7147 					    os_strlen(param));
7148 	}
7149 
7150 	if (os_strcmp(cmd, "noa") == 0) {
7151 		char *pos;
7152 		int count, start, duration;
7153 		/* GO NoA parameters: count,start_offset(ms),duration(ms) */
7154 		count = atoi(param);
7155 		pos = os_strchr(param, ',');
7156 		if (pos == NULL)
7157 			return -1;
7158 		pos++;
7159 		start = atoi(pos);
7160 		pos = os_strchr(pos, ',');
7161 		if (pos == NULL)
7162 			return -1;
7163 		pos++;
7164 		duration = atoi(pos);
7165 		if (count < 0 || count > 255 || start < 0 || duration < 0)
7166 			return -1;
7167 		if (count == 0 && duration > 0)
7168 			return -1;
7169 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: P2P_SET GO NoA: count=%d "
7170 			   "start=%d duration=%d", count, start, duration);
7171 		return wpas_p2p_set_noa(wpa_s, count, start, duration);
7172 	}
7173 
7174 	if (os_strcmp(cmd, "ps") == 0)
7175 		return wpa_drv_set_p2p_powersave(wpa_s, atoi(param), -1, -1);
7176 
7177 	if (os_strcmp(cmd, "oppps") == 0)
7178 		return wpa_drv_set_p2p_powersave(wpa_s, -1, atoi(param), -1);
7179 
7180 	if (os_strcmp(cmd, "ctwindow") == 0)
7181 		return wpa_drv_set_p2p_powersave(wpa_s, -1, -1, atoi(param));
7182 
7183 	if (os_strcmp(cmd, "disabled") == 0) {
7184 		wpa_s->global->p2p_disabled = atoi(param);
7185 		wpa_printf(MSG_DEBUG, "P2P functionality %s",
7186 			   wpa_s->global->p2p_disabled ?
7187 			   "disabled" : "enabled");
7188 		if (wpa_s->global->p2p_disabled) {
7189 			wpas_p2p_stop_find(wpa_s);
7190 			os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
7191 			p2p_flush(wpa_s->global->p2p);
7192 		}
7193 		return 0;
7194 	}
7195 
7196 	if (os_strcmp(cmd, "conc_pref") == 0) {
7197 		if (os_strcmp(param, "sta") == 0)
7198 			wpa_s->global->conc_pref = WPA_CONC_PREF_STA;
7199 		else if (os_strcmp(param, "p2p") == 0)
7200 			wpa_s->global->conc_pref = WPA_CONC_PREF_P2P;
7201 		else {
7202 			wpa_printf(MSG_INFO, "Invalid conc_pref value");
7203 			return -1;
7204 		}
7205 		wpa_printf(MSG_DEBUG, "Single channel concurrency preference: "
7206 			   "%s", param);
7207 		return 0;
7208 	}
7209 
7210 	if (os_strcmp(cmd, "force_long_sd") == 0) {
7211 		wpa_s->force_long_sd = atoi(param);
7212 		return 0;
7213 	}
7214 
7215 	if (os_strcmp(cmd, "peer_filter") == 0) {
7216 		u8 addr[ETH_ALEN];
7217 		if (hwaddr_aton(param, addr))
7218 			return -1;
7219 		p2p_set_peer_filter(wpa_s->global->p2p, addr);
7220 		return 0;
7221 	}
7222 
7223 	if (os_strcmp(cmd, "cross_connect") == 0)
7224 		return wpas_p2p_set_cross_connect(wpa_s, atoi(param));
7225 
7226 	if (os_strcmp(cmd, "go_apsd") == 0) {
7227 		if (os_strcmp(param, "disable") == 0)
7228 			wpa_s->set_ap_uapsd = 0;
7229 		else {
7230 			wpa_s->set_ap_uapsd = 1;
7231 			wpa_s->ap_uapsd = atoi(param);
7232 		}
7233 		return 0;
7234 	}
7235 
7236 	if (os_strcmp(cmd, "client_apsd") == 0) {
7237 		if (os_strcmp(param, "disable") == 0)
7238 			wpa_s->set_sta_uapsd = 0;
7239 		else {
7240 			int be, bk, vi, vo;
7241 			char *pos;
7242 			/* format: BE,BK,VI,VO;max SP Length */
7243 			be = atoi(param);
7244 			pos = os_strchr(param, ',');
7245 			if (pos == NULL)
7246 				return -1;
7247 			pos++;
7248 			bk = atoi(pos);
7249 			pos = os_strchr(pos, ',');
7250 			if (pos == NULL)
7251 				return -1;
7252 			pos++;
7253 			vi = atoi(pos);
7254 			pos = os_strchr(pos, ',');
7255 			if (pos == NULL)
7256 				return -1;
7257 			pos++;
7258 			vo = atoi(pos);
7259 			/* ignore max SP Length for now */
7260 
7261 			wpa_s->set_sta_uapsd = 1;
7262 			wpa_s->sta_uapsd = 0;
7263 			if (be)
7264 				wpa_s->sta_uapsd |= BIT(0);
7265 			if (bk)
7266 				wpa_s->sta_uapsd |= BIT(1);
7267 			if (vi)
7268 				wpa_s->sta_uapsd |= BIT(2);
7269 			if (vo)
7270 				wpa_s->sta_uapsd |= BIT(3);
7271 		}
7272 		return 0;
7273 	}
7274 
7275 	if (os_strcmp(cmd, "disallow_freq") == 0)
7276 		return p2p_ctrl_disallow_freq(wpa_s, param);
7277 
7278 	if (os_strcmp(cmd, "disc_int") == 0) {
7279 		int min_disc_int, max_disc_int, max_disc_tu;
7280 		char *pos;
7281 
7282 		pos = param;
7283 
7284 		min_disc_int = atoi(pos);
7285 		pos = os_strchr(pos, ' ');
7286 		if (pos == NULL)
7287 			return -1;
7288 		*pos++ = '\0';
7289 
7290 		max_disc_int = atoi(pos);
7291 		pos = os_strchr(pos, ' ');
7292 		if (pos == NULL)
7293 			return -1;
7294 		*pos++ = '\0';
7295 
7296 		max_disc_tu = atoi(pos);
7297 
7298 		return p2p_set_disc_int(wpa_s->global->p2p, min_disc_int,
7299 					max_disc_int, max_disc_tu);
7300 	}
7301 
7302 	if (os_strcmp(cmd, "per_sta_psk") == 0) {
7303 		wpa_s->global->p2p_per_sta_psk = !!atoi(param);
7304 		return 0;
7305 	}
7306 
7307 #ifdef CONFIG_WPS_NFC
7308 	if (os_strcmp(cmd, "nfc_tag") == 0)
7309 		return wpas_p2p_nfc_tag_enabled(wpa_s, !!atoi(param));
7310 #endif /* CONFIG_WPS_NFC */
7311 
7312 	if (os_strcmp(cmd, "disable_ip_addr_req") == 0) {
7313 		wpa_s->p2p_disable_ip_addr_req = !!atoi(param);
7314 		return 0;
7315 	}
7316 
7317 	if (os_strcmp(cmd, "override_pref_op_chan") == 0) {
7318 		int op_class, chan;
7319 
7320 		op_class = atoi(param);
7321 		param = os_strchr(param, ':');
7322 		if (!param)
7323 			return -1;
7324 		param++;
7325 		chan = atoi(param);
7326 		p2p_set_override_pref_op_chan(wpa_s->global->p2p, op_class,
7327 					      chan);
7328 		return 0;
7329 	}
7330 
7331 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown P2P_SET field value '%s'",
7332 		   cmd);
7333 
7334 	return -1;
7335 }
7336 
7337 
7338 static void p2p_ctrl_flush(struct wpa_supplicant *wpa_s)
7339 {
7340 	os_memset(wpa_s->p2p_auth_invite, 0, ETH_ALEN);
7341 	wpa_s->force_long_sd = 0;
7342 
7343 #ifdef CONFIG_TESTING_OPTIONS
7344 	os_free(wpa_s->get_pref_freq_list_override);
7345 	wpa_s->get_pref_freq_list_override = NULL;
7346 #endif /* CONFIG_TESTING_OPTIONS */
7347 
7348 	wpas_p2p_stop_find(wpa_s);
7349 	wpa_s->parent->p2ps_method_config_any = 0;
7350 	if (wpa_s->global->p2p)
7351 		p2p_flush(wpa_s->global->p2p);
7352 }
7353 
7354 
7355 static int p2p_ctrl_presence_req(struct wpa_supplicant *wpa_s, char *cmd)
7356 {
7357 	char *pos, *pos2;
7358 	unsigned int dur1 = 0, int1 = 0, dur2 = 0, int2 = 0;
7359 
7360 	if (cmd[0]) {
7361 		pos = os_strchr(cmd, ' ');
7362 		if (pos == NULL)
7363 			return -1;
7364 		*pos++ = '\0';
7365 		dur1 = atoi(cmd);
7366 
7367 		pos2 = os_strchr(pos, ' ');
7368 		if (pos2)
7369 			*pos2++ = '\0';
7370 		int1 = atoi(pos);
7371 	} else
7372 		pos2 = NULL;
7373 
7374 	if (pos2) {
7375 		pos = os_strchr(pos2, ' ');
7376 		if (pos == NULL)
7377 			return -1;
7378 		*pos++ = '\0';
7379 		dur2 = atoi(pos2);
7380 		int2 = atoi(pos);
7381 	}
7382 
7383 	return wpas_p2p_presence_req(wpa_s, dur1, int1, dur2, int2);
7384 }
7385 
7386 
7387 static int p2p_ctrl_ext_listen(struct wpa_supplicant *wpa_s, char *cmd)
7388 {
7389 	char *pos;
7390 	unsigned int period = 0, interval = 0;
7391 
7392 	if (cmd[0]) {
7393 		pos = os_strchr(cmd, ' ');
7394 		if (pos == NULL)
7395 			return -1;
7396 		*pos++ = '\0';
7397 		period = atoi(cmd);
7398 		interval = atoi(pos);
7399 	}
7400 
7401 	return wpas_p2p_ext_listen(wpa_s, period, interval);
7402 }
7403 
7404 
7405 static int p2p_ctrl_remove_client(struct wpa_supplicant *wpa_s, const char *cmd)
7406 {
7407 	const char *pos;
7408 	u8 peer[ETH_ALEN];
7409 	int iface_addr = 0;
7410 
7411 	pos = cmd;
7412 	if (os_strncmp(pos, "iface=", 6) == 0) {
7413 		iface_addr = 1;
7414 		pos += 6;
7415 	}
7416 	if (hwaddr_aton(pos, peer))
7417 		return -1;
7418 
7419 	wpas_p2p_remove_client(wpa_s, peer, iface_addr);
7420 	return 0;
7421 }
7422 
7423 
7424 static int p2p_ctrl_iface_p2p_lo_start(struct wpa_supplicant *wpa_s, char *cmd)
7425 {
7426 	int freq = 0, period = 0, interval = 0, count = 0;
7427 
7428 	if (sscanf(cmd, "%d %d %d %d", &freq, &period, &interval, &count) != 4)
7429 	{
7430 		wpa_printf(MSG_DEBUG,
7431 			   "CTRL: Invalid P2P LO Start parameter: '%s'", cmd);
7432 		return -1;
7433 	}
7434 
7435 	return wpas_p2p_lo_start(wpa_s, freq, period, interval, count);
7436 }
7437 
7438 #endif /* CONFIG_P2P */
7439 
7440 
7441 static int * freq_range_to_channel_list(struct wpa_supplicant *wpa_s, char *val)
7442 {
7443 	struct wpa_freq_range_list ranges;
7444 	int *freqs = NULL;
7445 	struct hostapd_hw_modes *mode;
7446 	u16 i;
7447 
7448 	if (wpa_s->hw.modes == NULL)
7449 		return NULL;
7450 
7451 	os_memset(&ranges, 0, sizeof(ranges));
7452 	if (freq_range_list_parse(&ranges, val) < 0)
7453 		return NULL;
7454 
7455 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
7456 		int j;
7457 
7458 		mode = &wpa_s->hw.modes[i];
7459 		for (j = 0; j < mode->num_channels; j++) {
7460 			unsigned int freq;
7461 
7462 			if (mode->channels[j].flag & HOSTAPD_CHAN_DISABLED)
7463 				continue;
7464 
7465 			freq = mode->channels[j].freq;
7466 			if (!freq_range_list_includes(&ranges, freq))
7467 				continue;
7468 
7469 			int_array_add_unique(&freqs, freq);
7470 		}
7471 	}
7472 
7473 	os_free(ranges.range);
7474 	return freqs;
7475 }
7476 
7477 
7478 #ifdef CONFIG_INTERWORKING
7479 
7480 static int ctrl_interworking_select(struct wpa_supplicant *wpa_s, char *param)
7481 {
7482 	int auto_sel = 0;
7483 	int *freqs = NULL;
7484 
7485 	if (param) {
7486 		char *pos;
7487 
7488 		auto_sel = os_strstr(param, "auto") != NULL;
7489 
7490 		pos = os_strstr(param, "freq=");
7491 		if (pos) {
7492 			freqs = freq_range_to_channel_list(wpa_s, pos + 5);
7493 			if (freqs == NULL)
7494 				return -1;
7495 		}
7496 
7497 	}
7498 
7499 	return interworking_select(wpa_s, auto_sel, freqs);
7500 }
7501 
7502 
7503 static int ctrl_interworking_connect(struct wpa_supplicant *wpa_s, char *dst,
7504 				     int only_add)
7505 {
7506 	u8 bssid[ETH_ALEN];
7507 	struct wpa_bss *bss;
7508 
7509 	if (hwaddr_aton(dst, bssid)) {
7510 		wpa_printf(MSG_DEBUG, "Invalid BSSID '%s'", dst);
7511 		return -1;
7512 	}
7513 
7514 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
7515 	if (bss == NULL) {
7516 		wpa_printf(MSG_DEBUG, "Could not find BSS " MACSTR,
7517 			   MAC2STR(bssid));
7518 		return -1;
7519 	}
7520 
7521 	if (bss->ssid_len == 0) {
7522 		int found = 0;
7523 
7524 		wpa_printf(MSG_DEBUG, "Selected BSS entry for " MACSTR
7525 			   " does not have SSID information", MAC2STR(bssid));
7526 
7527 		dl_list_for_each_reverse(bss, &wpa_s->bss, struct wpa_bss,
7528 					 list) {
7529 			if (os_memcmp(bss->bssid, bssid, ETH_ALEN) == 0 &&
7530 			    bss->ssid_len > 0) {
7531 				found = 1;
7532 				break;
7533 			}
7534 		}
7535 
7536 		if (!found)
7537 			return -1;
7538 		wpa_printf(MSG_DEBUG,
7539 			   "Found another matching BSS entry with SSID");
7540 	}
7541 
7542 	return interworking_connect(wpa_s, bss, only_add);
7543 }
7544 
7545 
7546 static int get_anqp(struct wpa_supplicant *wpa_s, char *dst)
7547 {
7548 	u8 dst_addr[ETH_ALEN];
7549 	int used, freq = 0;
7550 	char *pos;
7551 #define MAX_ANQP_INFO_ID 100
7552 	u16 id[MAX_ANQP_INFO_ID];
7553 	size_t num_id = 0;
7554 	u32 subtypes = 0;
7555 	u32 mbo_subtypes = 0;
7556 
7557 	used = hwaddr_aton2(dst, dst_addr);
7558 	if (used < 0)
7559 		return -1;
7560 	pos = dst + used;
7561 	if (*pos == ' ')
7562 		pos++;
7563 
7564 	if (os_strncmp(pos, "freq=", 5) == 0) {
7565 		freq = atoi(pos + 5);
7566 		pos = os_strchr(pos, ' ');
7567 		if (!pos)
7568 			return -1;
7569 		pos++;
7570 	}
7571 
7572 	while (num_id < MAX_ANQP_INFO_ID) {
7573 		if (os_strncmp(pos, "hs20:", 5) == 0) {
7574 #ifdef CONFIG_HS20
7575 			int num = atoi(pos + 5);
7576 			if (num <= 0 || num > 31)
7577 				return -1;
7578 			subtypes |= BIT(num);
7579 #else /* CONFIG_HS20 */
7580 			return -1;
7581 #endif /* CONFIG_HS20 */
7582 		} else if (os_strncmp(pos, "mbo:", 4) == 0) {
7583 #ifdef CONFIG_MBO
7584 			int num = atoi(pos + 4);
7585 
7586 			if (num <= 0 || num > MAX_MBO_ANQP_SUBTYPE)
7587 				return -1;
7588 			mbo_subtypes |= BIT(num);
7589 #else /* CONFIG_MBO */
7590 			return -1;
7591 #endif /* CONFIG_MBO */
7592 		} else {
7593 			id[num_id] = atoi(pos);
7594 			if (id[num_id])
7595 				num_id++;
7596 		}
7597 		pos = os_strchr(pos + 1, ',');
7598 		if (pos == NULL)
7599 			break;
7600 		pos++;
7601 	}
7602 
7603 	if (num_id == 0 && !subtypes && !mbo_subtypes)
7604 		return -1;
7605 
7606 	return anqp_send_req(wpa_s, dst_addr, freq, id, num_id, subtypes,
7607 			     mbo_subtypes);
7608 }
7609 
7610 
7611 static int gas_request(struct wpa_supplicant *wpa_s, char *cmd)
7612 {
7613 	u8 dst_addr[ETH_ALEN];
7614 	struct wpabuf *advproto, *query = NULL;
7615 	int used, ret = -1;
7616 	char *pos, *end;
7617 	size_t len;
7618 
7619 	used = hwaddr_aton2(cmd, dst_addr);
7620 	if (used < 0)
7621 		return -1;
7622 
7623 	pos = cmd + used;
7624 	while (*pos == ' ')
7625 		pos++;
7626 
7627 	/* Advertisement Protocol ID */
7628 	end = os_strchr(pos, ' ');
7629 	if (end)
7630 		len = end - pos;
7631 	else
7632 		len = os_strlen(pos);
7633 	if (len & 0x01)
7634 		return -1;
7635 	len /= 2;
7636 	if (len == 0)
7637 		return -1;
7638 	advproto = wpabuf_alloc(len);
7639 	if (advproto == NULL)
7640 		return -1;
7641 	if (hexstr2bin(pos, wpabuf_put(advproto, len), len) < 0)
7642 		goto fail;
7643 
7644 	if (end) {
7645 		/* Optional Query Request */
7646 		pos = end + 1;
7647 		while (*pos == ' ')
7648 			pos++;
7649 
7650 		len = os_strlen(pos);
7651 		if (len) {
7652 			if (len & 0x01)
7653 				goto fail;
7654 			len /= 2;
7655 			if (len == 0)
7656 				goto fail;
7657 			query = wpabuf_alloc(len);
7658 			if (query == NULL)
7659 				goto fail;
7660 			if (hexstr2bin(pos, wpabuf_put(query, len), len) < 0)
7661 				goto fail;
7662 		}
7663 	}
7664 
7665 	ret = gas_send_request(wpa_s, dst_addr, advproto, query);
7666 
7667 fail:
7668 	wpabuf_free(advproto);
7669 	wpabuf_free(query);
7670 
7671 	return ret;
7672 }
7673 
7674 
7675 static int gas_response_get(struct wpa_supplicant *wpa_s, char *cmd, char *buf,
7676 			    size_t buflen)
7677 {
7678 	u8 addr[ETH_ALEN];
7679 	int dialog_token;
7680 	int used;
7681 	char *pos;
7682 	size_t resp_len, start, requested_len;
7683 	struct wpabuf *resp;
7684 	int ret;
7685 
7686 	used = hwaddr_aton2(cmd, addr);
7687 	if (used < 0)
7688 		return -1;
7689 
7690 	pos = cmd + used;
7691 	while (*pos == ' ')
7692 		pos++;
7693 	dialog_token = atoi(pos);
7694 
7695 	if (wpa_s->last_gas_resp &&
7696 	    os_memcmp(addr, wpa_s->last_gas_addr, ETH_ALEN) == 0 &&
7697 	    dialog_token == wpa_s->last_gas_dialog_token)
7698 		resp = wpa_s->last_gas_resp;
7699 	else if (wpa_s->prev_gas_resp &&
7700 		 os_memcmp(addr, wpa_s->prev_gas_addr, ETH_ALEN) == 0 &&
7701 		 dialog_token == wpa_s->prev_gas_dialog_token)
7702 		resp = wpa_s->prev_gas_resp;
7703 	else
7704 		return -1;
7705 
7706 	resp_len = wpabuf_len(resp);
7707 	start = 0;
7708 	requested_len = resp_len;
7709 
7710 	pos = os_strchr(pos, ' ');
7711 	if (pos) {
7712 		start = atoi(pos);
7713 		if (start > resp_len)
7714 			return os_snprintf(buf, buflen, "FAIL-Invalid range");
7715 		pos = os_strchr(pos, ',');
7716 		if (pos == NULL)
7717 			return -1;
7718 		pos++;
7719 		requested_len = atoi(pos);
7720 		if (start + requested_len > resp_len)
7721 			return os_snprintf(buf, buflen, "FAIL-Invalid range");
7722 	}
7723 
7724 	if (requested_len * 2 + 1 > buflen)
7725 		return os_snprintf(buf, buflen, "FAIL-Too long response");
7726 
7727 	ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(resp) + start,
7728 			       requested_len);
7729 
7730 	if (start + requested_len == resp_len) {
7731 		/*
7732 		 * Free memory by dropping the response after it has been
7733 		 * fetched.
7734 		 */
7735 		if (resp == wpa_s->prev_gas_resp) {
7736 			wpabuf_free(wpa_s->prev_gas_resp);
7737 			wpa_s->prev_gas_resp = NULL;
7738 		} else {
7739 			wpabuf_free(wpa_s->last_gas_resp);
7740 			wpa_s->last_gas_resp = NULL;
7741 		}
7742 	}
7743 
7744 	return ret;
7745 }
7746 #endif /* CONFIG_INTERWORKING */
7747 
7748 
7749 #ifdef CONFIG_HS20
7750 
7751 static int get_hs20_anqp(struct wpa_supplicant *wpa_s, char *dst)
7752 {
7753 	u8 dst_addr[ETH_ALEN];
7754 	int used;
7755 	char *pos;
7756 	u32 subtypes = 0;
7757 
7758 	used = hwaddr_aton2(dst, dst_addr);
7759 	if (used < 0)
7760 		return -1;
7761 	pos = dst + used;
7762 	if (*pos == ' ')
7763 		pos++;
7764 	for (;;) {
7765 		int num = atoi(pos);
7766 		if (num <= 0 || num > 31)
7767 			return -1;
7768 		subtypes |= BIT(num);
7769 		pos = os_strchr(pos + 1, ',');
7770 		if (pos == NULL)
7771 			break;
7772 		pos++;
7773 	}
7774 
7775 	if (subtypes == 0)
7776 		return -1;
7777 
7778 	return hs20_anqp_send_req(wpa_s, dst_addr, subtypes, NULL, 0, 0);
7779 }
7780 
7781 
7782 static int hs20_nai_home_realm_list(struct wpa_supplicant *wpa_s,
7783 				    const u8 *addr, const char *realm)
7784 {
7785 	u8 *buf;
7786 	size_t rlen, len;
7787 	int ret;
7788 
7789 	rlen = os_strlen(realm);
7790 	len = 3 + rlen;
7791 	buf = os_malloc(len);
7792 	if (buf == NULL)
7793 		return -1;
7794 	buf[0] = 1; /* NAI Home Realm Count */
7795 	buf[1] = 0; /* Formatted in accordance with RFC 4282 */
7796 	buf[2] = rlen;
7797 	os_memcpy(buf + 3, realm, rlen);
7798 
7799 	ret = hs20_anqp_send_req(wpa_s, addr,
7800 				 BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
7801 				 buf, len, 0);
7802 
7803 	os_free(buf);
7804 
7805 	return ret;
7806 }
7807 
7808 
7809 static int hs20_get_nai_home_realm_list(struct wpa_supplicant *wpa_s,
7810 					char *dst)
7811 {
7812 	struct wpa_cred *cred = wpa_s->conf->cred;
7813 	u8 dst_addr[ETH_ALEN];
7814 	int used;
7815 	u8 *buf;
7816 	size_t len;
7817 	int ret;
7818 
7819 	used = hwaddr_aton2(dst, dst_addr);
7820 	if (used < 0)
7821 		return -1;
7822 
7823 	while (dst[used] == ' ')
7824 		used++;
7825 	if (os_strncmp(dst + used, "realm=", 6) == 0)
7826 		return hs20_nai_home_realm_list(wpa_s, dst_addr,
7827 						dst + used + 6);
7828 
7829 	len = os_strlen(dst + used);
7830 
7831 	if (len == 0 && cred && cred->realm)
7832 		return hs20_nai_home_realm_list(wpa_s, dst_addr, cred->realm);
7833 
7834 	if (len & 1)
7835 		return -1;
7836 	len /= 2;
7837 	buf = os_malloc(len);
7838 	if (buf == NULL)
7839 		return -1;
7840 	if (hexstr2bin(dst + used, buf, len) < 0) {
7841 		os_free(buf);
7842 		return -1;
7843 	}
7844 
7845 	ret = hs20_anqp_send_req(wpa_s, dst_addr,
7846 				 BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
7847 				 buf, len, 0);
7848 	os_free(buf);
7849 
7850 	return ret;
7851 }
7852 
7853 
7854 static int get_hs20_icon(struct wpa_supplicant *wpa_s, char *cmd, char *reply,
7855 			 int buflen)
7856 {
7857 	u8 dst_addr[ETH_ALEN];
7858 	int used;
7859 	char *ctx = NULL, *icon, *poffset, *psize;
7860 
7861 	used = hwaddr_aton2(cmd, dst_addr);
7862 	if (used < 0)
7863 		return -1;
7864 	cmd += used;
7865 
7866 	icon = str_token(cmd, " ", &ctx);
7867 	poffset = str_token(cmd, " ", &ctx);
7868 	psize = str_token(cmd, " ", &ctx);
7869 	if (!icon || !poffset || !psize)
7870 		return -1;
7871 
7872 	wpa_s->fetch_osu_icon_in_progress = 0;
7873 	return hs20_get_icon(wpa_s, dst_addr, icon, atoi(poffset), atoi(psize),
7874 			     reply, buflen);
7875 }
7876 
7877 
7878 static int del_hs20_icon(struct wpa_supplicant *wpa_s, char *cmd)
7879 {
7880 	u8 dst_addr[ETH_ALEN];
7881 	int used;
7882 	char *icon;
7883 
7884 	if (!cmd[0])
7885 		return hs20_del_icon(wpa_s, NULL, NULL);
7886 
7887 	used = hwaddr_aton2(cmd, dst_addr);
7888 	if (used < 0)
7889 		return -1;
7890 
7891 	while (cmd[used] == ' ')
7892 		used++;
7893 	icon = cmd[used] ? &cmd[used] : NULL;
7894 
7895 	return hs20_del_icon(wpa_s, dst_addr, icon);
7896 }
7897 
7898 
7899 static int hs20_icon_request(struct wpa_supplicant *wpa_s, char *cmd, int inmem)
7900 {
7901 	u8 dst_addr[ETH_ALEN];
7902 	int used;
7903 	char *icon;
7904 
7905 	used = hwaddr_aton2(cmd, dst_addr);
7906 	if (used < 0)
7907 		return -1;
7908 
7909 	while (cmd[used] == ' ')
7910 		used++;
7911 	icon = &cmd[used];
7912 
7913 	wpa_s->fetch_osu_icon_in_progress = 0;
7914 	return hs20_anqp_send_req(wpa_s, dst_addr, BIT(HS20_STYPE_ICON_REQUEST),
7915 				  (u8 *) icon, os_strlen(icon), inmem);
7916 }
7917 
7918 #endif /* CONFIG_HS20 */
7919 
7920 
7921 #ifdef CONFIG_AUTOSCAN
7922 
7923 static int wpa_supplicant_ctrl_iface_autoscan(struct wpa_supplicant *wpa_s,
7924 					      char *cmd)
7925 {
7926 	enum wpa_states state = wpa_s->wpa_state;
7927 	char *new_params = NULL;
7928 
7929 	if (os_strlen(cmd) > 0) {
7930 		new_params = os_strdup(cmd);
7931 		if (new_params == NULL)
7932 			return -1;
7933 	}
7934 
7935 	os_free(wpa_s->conf->autoscan);
7936 	wpa_s->conf->autoscan = new_params;
7937 
7938 	if (wpa_s->conf->autoscan == NULL)
7939 		autoscan_deinit(wpa_s);
7940 	else if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
7941 		autoscan_init(wpa_s, 1);
7942 	else if (state == WPA_SCANNING)
7943 		wpa_supplicant_reinit_autoscan(wpa_s);
7944 	else
7945 		wpa_printf(MSG_DEBUG, "No autoscan update in state %s",
7946 			   wpa_supplicant_state_txt(state));
7947 
7948 	return 0;
7949 }
7950 
7951 #endif /* CONFIG_AUTOSCAN */
7952 
7953 
7954 #ifdef CONFIG_WNM
7955 
7956 static int wpas_ctrl_iface_wnm_sleep(struct wpa_supplicant *wpa_s, char *cmd)
7957 {
7958 	int enter;
7959 	int intval = 0;
7960 	char *pos;
7961 	int ret;
7962 	struct wpabuf *tfs_req = NULL;
7963 
7964 	if (os_strncmp(cmd, "enter", 5) == 0)
7965 		enter = 1;
7966 	else if (os_strncmp(cmd, "exit", 4) == 0)
7967 		enter = 0;
7968 	else
7969 		return -1;
7970 
7971 	pos = os_strstr(cmd, " interval=");
7972 	if (pos)
7973 		intval = atoi(pos + 10);
7974 
7975 	pos = os_strstr(cmd, " tfs_req=");
7976 	if (pos) {
7977 		char *end;
7978 		size_t len;
7979 		pos += 9;
7980 		end = os_strchr(pos, ' ');
7981 		if (end)
7982 			len = end - pos;
7983 		else
7984 			len = os_strlen(pos);
7985 		if (len & 1)
7986 			return -1;
7987 		len /= 2;
7988 		tfs_req = wpabuf_alloc(len);
7989 		if (tfs_req == NULL)
7990 			return -1;
7991 		if (hexstr2bin(pos, wpabuf_put(tfs_req, len), len) < 0) {
7992 			wpabuf_free(tfs_req);
7993 			return -1;
7994 		}
7995 	}
7996 
7997 	ret = ieee802_11_send_wnmsleep_req(wpa_s, enter ? WNM_SLEEP_MODE_ENTER :
7998 					   WNM_SLEEP_MODE_EXIT, intval,
7999 					   tfs_req);
8000 	wpabuf_free(tfs_req);
8001 
8002 	return ret;
8003 }
8004 
8005 
8006 static int wpas_ctrl_iface_wnm_bss_query(struct wpa_supplicant *wpa_s, char *cmd)
8007 {
8008 	int query_reason, list = 0;
8009 	char *btm_candidates = NULL;
8010 
8011 	query_reason = atoi(cmd);
8012 
8013 	cmd = os_strchr(cmd, ' ');
8014 	if (cmd) {
8015 		if (os_strncmp(cmd, " list", 5) == 0)
8016 			list = 1;
8017 		else
8018 			btm_candidates = cmd;
8019 	}
8020 
8021 	wpa_printf(MSG_DEBUG,
8022 		   "CTRL_IFACE: WNM_BSS_QUERY query_reason=%d%s",
8023 		   query_reason, list ? " candidate list" : "");
8024 
8025 	return wnm_send_bss_transition_mgmt_query(wpa_s, query_reason,
8026 						  btm_candidates,
8027 						  list);
8028 }
8029 
8030 
8031 static int wpas_ctrl_iface_coloc_intf_report(struct wpa_supplicant *wpa_s,
8032 					     char *cmd)
8033 {
8034 	struct wpabuf *elems;
8035 	int ret;
8036 
8037 	elems = wpabuf_parse_bin(cmd);
8038 	if (!elems)
8039 		return -1;
8040 
8041 	ret = wnm_send_coloc_intf_report(wpa_s, 0, elems);
8042 	wpabuf_free(elems);
8043 	return ret;
8044 }
8045 
8046 #endif /* CONFIG_WNM */
8047 
8048 
8049 static int wpa_supplicant_signal_poll(struct wpa_supplicant *wpa_s, char *buf,
8050 				      size_t buflen)
8051 {
8052 	struct wpa_signal_info si;
8053 	int ret;
8054 	char *pos, *end;
8055 
8056 	ret = wpa_drv_signal_poll(wpa_s, &si);
8057 	if (ret)
8058 		return -1;
8059 
8060 	pos = buf;
8061 	end = buf + buflen;
8062 
8063 	ret = os_snprintf(pos, end - pos, "RSSI=%d\nLINKSPEED=%d\n"
8064 			  "NOISE=%d\nFREQUENCY=%u\n",
8065 			  si.current_signal, si.current_txrate / 1000,
8066 			  si.current_noise, si.frequency);
8067 	if (os_snprintf_error(end - pos, ret))
8068 		return -1;
8069 	pos += ret;
8070 
8071 	if (si.chanwidth != CHAN_WIDTH_UNKNOWN) {
8072 		ret = os_snprintf(pos, end - pos, "WIDTH=%s\n",
8073 				  channel_width_to_string(si.chanwidth));
8074 		if (os_snprintf_error(end - pos, ret))
8075 			return -1;
8076 		pos += ret;
8077 	}
8078 
8079 	if (si.center_frq1 > 0) {
8080 		ret = os_snprintf(pos, end - pos, "CENTER_FRQ1=%d\n",
8081 				  si.center_frq1);
8082 		if (os_snprintf_error(end - pos, ret))
8083 			return -1;
8084 		pos += ret;
8085 	}
8086 
8087 	if (si.center_frq2 > 0) {
8088 		ret = os_snprintf(pos, end - pos, "CENTER_FRQ2=%d\n",
8089 				  si.center_frq2);
8090 		if (os_snprintf_error(end - pos, ret))
8091 			return -1;
8092 		pos += ret;
8093 	}
8094 
8095 	if (si.avg_signal) {
8096 		ret = os_snprintf(pos, end - pos,
8097 				  "AVG_RSSI=%d\n", si.avg_signal);
8098 		if (os_snprintf_error(end - pos, ret))
8099 			return -1;
8100 		pos += ret;
8101 	}
8102 
8103 	if (si.avg_beacon_signal) {
8104 		ret = os_snprintf(pos, end - pos,
8105 				  "AVG_BEACON_RSSI=%d\n", si.avg_beacon_signal);
8106 		if (os_snprintf_error(end - pos, ret))
8107 			return -1;
8108 		pos += ret;
8109 	}
8110 
8111 	return pos - buf;
8112 }
8113 
8114 
8115 static int wpas_ctrl_iface_signal_monitor(struct wpa_supplicant *wpa_s,
8116 					  const char *cmd)
8117 {
8118 	const char *pos;
8119 	int threshold = 0;
8120 	int hysteresis = 0;
8121 
8122 	if (wpa_s->bgscan && wpa_s->bgscan_priv) {
8123 		wpa_printf(MSG_DEBUG,
8124 			   "Reject SIGNAL_MONITOR command - bgscan is active");
8125 		return -1;
8126 	}
8127 	pos = os_strstr(cmd, "THRESHOLD=");
8128 	if (pos)
8129 		threshold = atoi(pos + 10);
8130 	pos = os_strstr(cmd, "HYSTERESIS=");
8131 	if (pos)
8132 		hysteresis = atoi(pos + 11);
8133 	return wpa_drv_signal_monitor(wpa_s, threshold, hysteresis);
8134 }
8135 
8136 
8137 #ifdef CONFIG_TESTING_OPTIONS
8138 int wpas_ctrl_iface_get_pref_freq_list_override(struct wpa_supplicant *wpa_s,
8139 						enum wpa_driver_if_type if_type,
8140 						unsigned int *num,
8141 						unsigned int *freq_list)
8142 {
8143 	char *pos = wpa_s->get_pref_freq_list_override;
8144 	char *end;
8145 	unsigned int count = 0;
8146 
8147 	/* Override string format:
8148 	 *  <if_type1>:<freq1>,<freq2>,... <if_type2>:... */
8149 
8150 	while (pos) {
8151 		if (atoi(pos) == (int) if_type)
8152 			break;
8153 		pos = os_strchr(pos, ' ');
8154 		if (pos)
8155 			pos++;
8156 	}
8157 	if (!pos)
8158 		return -1;
8159 	pos = os_strchr(pos, ':');
8160 	if (!pos)
8161 		return -1;
8162 	pos++;
8163 	end = os_strchr(pos, ' ');
8164 	while (pos && (!end || pos < end) && count < *num) {
8165 		freq_list[count++] = atoi(pos);
8166 		pos = os_strchr(pos, ',');
8167 		if (pos)
8168 			pos++;
8169 	}
8170 
8171 	*num = count;
8172 	return 0;
8173 }
8174 #endif /* CONFIG_TESTING_OPTIONS */
8175 
8176 
8177 static int wpas_ctrl_iface_get_pref_freq_list(
8178 	struct wpa_supplicant *wpa_s, char *cmd, char *buf, size_t buflen)
8179 {
8180 	unsigned int freq_list[100], num = 100, i;
8181 	int ret;
8182 	enum wpa_driver_if_type iface_type;
8183 	char *pos, *end;
8184 
8185 	pos = buf;
8186 	end = buf + buflen;
8187 
8188 	/* buf: "<interface_type>" */
8189 	if (os_strcmp(cmd, "STATION") == 0)
8190 		iface_type = WPA_IF_STATION;
8191 	else if (os_strcmp(cmd, "AP") == 0)
8192 		iface_type = WPA_IF_AP_BSS;
8193 	else if (os_strcmp(cmd, "P2P_GO") == 0)
8194 		iface_type = WPA_IF_P2P_GO;
8195 	else if (os_strcmp(cmd, "P2P_CLIENT") == 0)
8196 		iface_type = WPA_IF_P2P_CLIENT;
8197 	else if (os_strcmp(cmd, "IBSS") == 0)
8198 		iface_type = WPA_IF_IBSS;
8199 	else if (os_strcmp(cmd, "TDLS") == 0)
8200 		iface_type = WPA_IF_TDLS;
8201 	else
8202 		return -1;
8203 
8204 	wpa_printf(MSG_DEBUG,
8205 		   "CTRL_IFACE: GET_PREF_FREQ_LIST iface_type=%d (%s)",
8206 		   iface_type, cmd);
8207 
8208 	ret = wpa_drv_get_pref_freq_list(wpa_s, iface_type, &num, freq_list);
8209 	if (ret)
8210 		return -1;
8211 
8212 	for (i = 0; i < num; i++) {
8213 		ret = os_snprintf(pos, end - pos, "%s%u",
8214 				  i > 0 ? "," : "", freq_list[i]);
8215 		if (os_snprintf_error(end - pos, ret))
8216 			return -1;
8217 		pos += ret;
8218 	}
8219 
8220 	return pos - buf;
8221 }
8222 
8223 
8224 static int wpas_ctrl_iface_driver_flags(struct wpa_supplicant *wpa_s,
8225 					char *buf, size_t buflen)
8226 {
8227 	int ret, i;
8228 	char *pos, *end;
8229 
8230 	ret = os_snprintf(buf, buflen, "%016llX:\n",
8231 			  (long long unsigned) wpa_s->drv_flags);
8232 	if (os_snprintf_error(buflen, ret))
8233 		return -1;
8234 
8235 	pos = buf + ret;
8236 	end = buf + buflen;
8237 
8238 	for (i = 0; i < 64; i++) {
8239 		if (wpa_s->drv_flags & (1LLU << i)) {
8240 			ret = os_snprintf(pos, end - pos, "%s\n",
8241 					  driver_flag_to_string(1LLU << i));
8242 			if (os_snprintf_error(end - pos, ret))
8243 				return -1;
8244 			pos += ret;
8245 		}
8246 	}
8247 
8248 	return pos - buf;
8249 }
8250 
8251 
8252 static int wpas_ctrl_iface_driver_flags2(struct wpa_supplicant *wpa_s,
8253 					 char *buf, size_t buflen)
8254 {
8255 	int ret, i;
8256 	char *pos, *end;
8257 
8258 	ret = os_snprintf(buf, buflen, "%016llX:\n",
8259 			  (long long unsigned) wpa_s->drv_flags2);
8260 	if (os_snprintf_error(buflen, ret))
8261 		return -1;
8262 
8263 	pos = buf + ret;
8264 	end = buf + buflen;
8265 
8266 	for (i = 0; i < 64; i++) {
8267 		if (wpa_s->drv_flags2 & (1LLU << i)) {
8268 			ret = os_snprintf(pos, end - pos, "%s\n",
8269 					  driver_flag2_to_string(1LLU << i));
8270 			if (os_snprintf_error(end - pos, ret))
8271 				return -1;
8272 			pos += ret;
8273 		}
8274 	}
8275 
8276 	return pos - buf;
8277 }
8278 
8279 
8280 static int wpa_supplicant_pktcnt_poll(struct wpa_supplicant *wpa_s, char *buf,
8281 				      size_t buflen)
8282 {
8283 	struct hostap_sta_driver_data sta;
8284 	int ret;
8285 
8286 	ret = wpa_drv_pktcnt_poll(wpa_s, &sta);
8287 	if (ret)
8288 		return -1;
8289 
8290 	ret = os_snprintf(buf, buflen, "TXGOOD=%lu\nTXBAD=%lu\nRXGOOD=%lu\n",
8291 			  sta.tx_packets, sta.tx_retry_failed, sta.rx_packets);
8292 	if (os_snprintf_error(buflen, ret))
8293 		return -1;
8294 	return ret;
8295 }
8296 
8297 
8298 #ifdef ANDROID
8299 static int wpa_supplicant_driver_cmd(struct wpa_supplicant *wpa_s, char *cmd,
8300 				     char *buf, size_t buflen)
8301 {
8302 	int ret;
8303 
8304 	ret = wpa_drv_driver_cmd(wpa_s, cmd, buf, buflen);
8305 	if (ret == 0) {
8306 		if (os_strncasecmp(cmd, "COUNTRY", 7) == 0) {
8307 			struct p2p_data *p2p = wpa_s->global->p2p;
8308 			if (p2p) {
8309 				char country[3];
8310 				country[0] = cmd[8];
8311 				country[1] = cmd[9];
8312 				country[2] = 0x04;
8313 				p2p_set_country(p2p, country);
8314 			}
8315 		}
8316 		ret = os_snprintf(buf, buflen, "%s\n", "OK");
8317 		if (os_snprintf_error(buflen, ret))
8318 			ret = -1;
8319 	}
8320 	return ret;
8321 }
8322 #endif /* ANDROID */
8323 
8324 
8325 static int wpa_supplicant_vendor_cmd(struct wpa_supplicant *wpa_s, char *cmd,
8326 				     char *buf, size_t buflen)
8327 {
8328 	int ret;
8329 	char *pos, *temp = NULL;
8330 	u8 *data = NULL;
8331 	unsigned int vendor_id, subcmd;
8332 	enum nested_attr nested_attr_flag = NESTED_ATTR_UNSPECIFIED;
8333 	struct wpabuf *reply;
8334 	size_t data_len = 0;
8335 
8336 	/**
8337 	 * cmd: <vendor id> <subcommand id> [<hex formatted data>]
8338 	 * [nested=<0|1>]
8339 	 */
8340 	vendor_id = strtoul(cmd, &pos, 16);
8341 	if (!isblank((unsigned char) *pos))
8342 		return -EINVAL;
8343 
8344 	subcmd = strtoul(pos, &pos, 10);
8345 
8346 	if (*pos != '\0') {
8347 		if (!isblank((unsigned char) *pos++))
8348 			return -EINVAL;
8349 
8350 		temp = os_strchr(pos, ' ');
8351 		data_len = temp ? (size_t) (temp - pos) : os_strlen(pos);
8352 	}
8353 
8354 	if (data_len) {
8355 		data_len /= 2;
8356 		data = os_malloc(data_len);
8357 		if (!data)
8358 			return -1;
8359 
8360 		if (hexstr2bin(pos, data, data_len)) {
8361 			wpa_printf(MSG_DEBUG,
8362 				   "Vendor command: wrong parameter format");
8363 			os_free(data);
8364 			return -EINVAL;
8365 		}
8366 	}
8367 
8368 	pos = os_strstr(cmd, "nested=");
8369 	if (pos)
8370 		nested_attr_flag = atoi(pos + 7) ? NESTED_ATTR_USED :
8371 			NESTED_ATTR_NOT_USED;
8372 
8373 	reply = wpabuf_alloc((buflen - 1) / 2);
8374 	if (!reply) {
8375 		os_free(data);
8376 		return -1;
8377 	}
8378 
8379 	ret = wpa_drv_vendor_cmd(wpa_s, vendor_id, subcmd, data, data_len,
8380 				 nested_attr_flag, reply);
8381 
8382 	if (ret == 0)
8383 		ret = wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(reply),
8384 				       wpabuf_len(reply));
8385 
8386 	wpabuf_free(reply);
8387 	os_free(data);
8388 
8389 	return ret;
8390 }
8391 
8392 
8393 static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s)
8394 {
8395 #ifdef CONFIG_P2P
8396 	struct wpa_supplicant *p2p_wpa_s = wpa_s->global->p2p_init_wpa_s ?
8397 		wpa_s->global->p2p_init_wpa_s : wpa_s;
8398 #endif /* CONFIG_P2P */
8399 
8400 	wpa_dbg(wpa_s, MSG_DEBUG, "Flush all wpa_supplicant state");
8401 
8402 	if (wpas_abort_ongoing_scan(wpa_s) == 0)
8403 		wpa_s->ignore_post_flush_scan_res = 1;
8404 
8405 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING) {
8406 		/*
8407 		 * Avoid possible auto connect re-connection on getting
8408 		 * disconnected due to state flush.
8409 		 */
8410 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
8411 	}
8412 
8413 #ifdef CONFIG_P2P
8414 	wpas_p2p_group_remove(p2p_wpa_s, "*");
8415 	wpas_p2p_cancel(p2p_wpa_s);
8416 	p2p_ctrl_flush(p2p_wpa_s);
8417 	wpas_p2p_service_flush(p2p_wpa_s);
8418 	p2p_wpa_s->global->p2p_disabled = 0;
8419 	p2p_wpa_s->global->p2p_per_sta_psk = 0;
8420 	p2p_wpa_s->conf->num_sec_device_types = 0;
8421 	p2p_wpa_s->p2p_disable_ip_addr_req = 0;
8422 	os_free(p2p_wpa_s->global->p2p_go_avoid_freq.range);
8423 	p2p_wpa_s->global->p2p_go_avoid_freq.range = NULL;
8424 	p2p_wpa_s->global->p2p_go_avoid_freq.num = 0;
8425 	p2p_wpa_s->global->pending_p2ps_group = 0;
8426 	p2p_wpa_s->global->pending_p2ps_group_freq = 0;
8427 #endif /* CONFIG_P2P */
8428 
8429 #ifdef CONFIG_WPS_TESTING
8430 	wps_version_number = 0x20;
8431 	wps_testing_dummy_cred = 0;
8432 	wps_corrupt_pkhash = 0;
8433 	wps_force_auth_types_in_use = 0;
8434 	wps_force_encr_types_in_use = 0;
8435 #endif /* CONFIG_WPS_TESTING */
8436 #ifdef CONFIG_WPS
8437 	wpa_s->wps_fragment_size = 0;
8438 	wpas_wps_cancel(wpa_s);
8439 	wps_registrar_flush(wpa_s->wps->registrar);
8440 #endif /* CONFIG_WPS */
8441 	wpa_s->after_wps = 0;
8442 	wpa_s->known_wps_freq = 0;
8443 
8444 #ifdef CONFIG_DPP
8445 	wpas_dpp_deinit(wpa_s);
8446 	wpa_s->dpp_init_max_tries = 0;
8447 	wpa_s->dpp_init_retry_time = 0;
8448 	wpa_s->dpp_resp_wait_time = 0;
8449 	wpa_s->dpp_resp_max_tries = 0;
8450 	wpa_s->dpp_resp_retry_time = 0;
8451 #ifdef CONFIG_DPP2
8452 	wpas_dpp_chirp_stop(wpa_s);
8453 	wpa_s->dpp_pfs_fallback = 0;
8454 #endif /* CONFIG_DPP2 */
8455 #ifdef CONFIG_TESTING_OPTIONS
8456 	os_memset(dpp_pkex_own_mac_override, 0, ETH_ALEN);
8457 	os_memset(dpp_pkex_peer_mac_override, 0, ETH_ALEN);
8458 	dpp_pkex_ephemeral_key_override_len = 0;
8459 	dpp_protocol_key_override_len = 0;
8460 	dpp_nonce_override_len = 0;
8461 #ifdef CONFIG_DPP2
8462 	dpp_version_override = 2;
8463 #else /* CONFIG_DPP2 */
8464 	dpp_version_override = 1;
8465 #endif /* CONFIG_DPP2 */
8466 #endif /* CONFIG_TESTING_OPTIONS */
8467 #endif /* CONFIG_DPP */
8468 
8469 #ifdef CONFIG_TDLS
8470 #ifdef CONFIG_TDLS_TESTING
8471 	tdls_testing = 0;
8472 #endif /* CONFIG_TDLS_TESTING */
8473 	wpa_drv_tdls_oper(wpa_s, TDLS_ENABLE, NULL);
8474 	wpa_tdls_enable(wpa_s->wpa, 1);
8475 #endif /* CONFIG_TDLS */
8476 
8477 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
8478 	wpa_supplicant_stop_countermeasures(wpa_s, NULL);
8479 	wpa_s->last_michael_mic_error.sec = 0;
8480 
8481 	wpa_s->no_keep_alive = 0;
8482 	wpa_s->own_disconnect_req = 0;
8483 	wpa_s->own_reconnect_req = 0;
8484 	wpa_s->deny_ptk0_rekey = 0;
8485 
8486 	os_free(wpa_s->disallow_aps_bssid);
8487 	wpa_s->disallow_aps_bssid = NULL;
8488 	wpa_s->disallow_aps_bssid_count = 0;
8489 	os_free(wpa_s->disallow_aps_ssid);
8490 	wpa_s->disallow_aps_ssid = NULL;
8491 	wpa_s->disallow_aps_ssid_count = 0;
8492 
8493 	wpa_s->set_sta_uapsd = 0;
8494 	wpa_s->sta_uapsd = 0;
8495 
8496 	wpa_s->consecutive_conn_failures = 0;
8497 
8498 	wpa_drv_radio_disable(wpa_s, 0);
8499 	wpa_bssid_ignore_clear(wpa_s);
8500 	wpa_supplicant_ctrl_iface_remove_network(wpa_s, "all");
8501 	wpa_supplicant_ctrl_iface_remove_cred(wpa_s, "all");
8502 	wpa_config_flush_blobs(wpa_s->conf);
8503 	wpa_s->conf->auto_interworking = 0;
8504 	wpa_s->conf->okc = 0;
8505 
8506 	ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE);
8507 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
8508 	rsn_preauth_deinit(wpa_s->wpa);
8509 
8510 	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME, 43200);
8511 	wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD, 70);
8512 	wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT, 60);
8513 	eapol_sm_notify_logoff(wpa_s->eapol, false);
8514 
8515 	radio_remove_works(wpa_s, NULL, 1);
8516 	wpa_s->ext_work_in_progress = 0;
8517 
8518 	wpa_s->next_ssid = NULL;
8519 
8520 #ifdef CONFIG_INTERWORKING
8521 #ifdef CONFIG_HS20
8522 	hs20_cancel_fetch_osu(wpa_s);
8523 	hs20_del_icon(wpa_s, NULL, NULL);
8524 #endif /* CONFIG_HS20 */
8525 #endif /* CONFIG_INTERWORKING */
8526 
8527 	wpa_s->ext_mgmt_frame_handling = 0;
8528 	wpa_s->ext_eapol_frame_io = 0;
8529 #ifdef CONFIG_TESTING_OPTIONS
8530 	wpa_s->extra_roc_dur = 0;
8531 	wpa_s->test_failure = WPAS_TEST_FAILURE_NONE;
8532 	wpa_s->p2p_go_csa_on_inv = 0;
8533 	wpa_s->ignore_auth_resp = 0;
8534 	wpa_s->ignore_assoc_disallow = 0;
8535 	wpa_s->disable_sa_query = 0;
8536 	wpa_s->testing_resend_assoc = 0;
8537 	wpa_s->ignore_sae_h2e_only = 0;
8538 	wpa_s->ft_rsnxe_used = 0;
8539 	wpa_s->reject_btm_req_reason = 0;
8540 	wpa_sm_set_test_assoc_ie(wpa_s->wpa, NULL);
8541 	os_free(wpa_s->get_pref_freq_list_override);
8542 	wpa_s->get_pref_freq_list_override = NULL;
8543 	wpabuf_free(wpa_s->sae_commit_override);
8544 	wpa_s->sae_commit_override = NULL;
8545 	os_free(wpa_s->extra_sae_rejected_groups);
8546 	wpa_s->extra_sae_rejected_groups = NULL;
8547 	wpabuf_free(wpa_s->rsne_override_eapol);
8548 	wpa_s->rsne_override_eapol = NULL;
8549 	wpabuf_free(wpa_s->rsnxe_override_assoc);
8550 	wpa_s->rsnxe_override_assoc = NULL;
8551 	wpabuf_free(wpa_s->rsnxe_override_eapol);
8552 	wpa_s->rsnxe_override_eapol = NULL;
8553 	wpas_clear_driver_signal_override(wpa_s);
8554 	wpa_s->oci_freq_override_eapol = 0;
8555 	wpa_s->oci_freq_override_saquery_req = 0;
8556 	wpa_s->oci_freq_override_saquery_resp = 0;
8557 	wpa_s->oci_freq_override_eapol_g2 = 0;
8558 	wpa_s->oci_freq_override_ft_assoc = 0;
8559 	wpa_s->oci_freq_override_fils_assoc = 0;
8560 	wpa_s->oci_freq_override_wnm_sleep = 0;
8561 #ifdef CONFIG_DPP
8562 	os_free(wpa_s->dpp_config_obj_override);
8563 	wpa_s->dpp_config_obj_override = NULL;
8564 	os_free(wpa_s->dpp_discovery_override);
8565 	wpa_s->dpp_discovery_override = NULL;
8566 	os_free(wpa_s->dpp_groups_override);
8567 	wpa_s->dpp_groups_override = NULL;
8568 	dpp_test = DPP_TEST_DISABLED;
8569 #endif /* CONFIG_DPP */
8570 #endif /* CONFIG_TESTING_OPTIONS */
8571 
8572 	wpa_s->disconnected = 0;
8573 	os_free(wpa_s->next_scan_freqs);
8574 	wpa_s->next_scan_freqs = NULL;
8575 	os_memset(wpa_s->next_scan_bssid, 0, ETH_ALEN);
8576 	wpa_s->next_scan_bssid_wildcard_ssid = 0;
8577 	os_free(wpa_s->select_network_scan_freqs);
8578 	wpa_s->select_network_scan_freqs = NULL;
8579 	os_memset(&wpa_s->robust_av, 0, sizeof(struct robust_av_data));
8580 
8581 	wpa_bss_flush(wpa_s);
8582 	if (!dl_list_empty(&wpa_s->bss)) {
8583 		wpa_printf(MSG_DEBUG,
8584 			   "BSS table not empty after flush: %u entries, current_bss=%p bssid="
8585 			   MACSTR " pending_bssid=" MACSTR,
8586 			   dl_list_len(&wpa_s->bss), wpa_s->current_bss,
8587 			   MAC2STR(wpa_s->bssid),
8588 			   MAC2STR(wpa_s->pending_bssid));
8589 	}
8590 
8591 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
8592 	wpa_s->wnmsleep_used = 0;
8593 
8594 #ifdef CONFIG_SME
8595 	wpa_s->sme.last_unprot_disconnect.sec = 0;
8596 	wpa_s->sme.auth_alg = 0;
8597 #endif /* CONFIG_SME */
8598 
8599 	wpabuf_free(wpa_s->ric_ies);
8600 	wpa_s->ric_ies = NULL;
8601 
8602 	wpa_supplicant_update_channel_list(wpa_s, NULL);
8603 
8604 	free_bss_tmp_disallowed(wpa_s);
8605 
8606 	os_memset(&wpa_s->robust_av, 0, sizeof(struct robust_av_data));
8607 
8608 #ifdef CONFIG_PASN
8609 	wpas_pasn_auth_stop(wpa_s);
8610 #endif /* CONFIG_PASN */
8611 
8612 	if (wpa_s->mac_addr_changed && wpa_s->conf->mac_addr == 0)
8613 		wpas_restore_permanent_mac_addr(wpa_s);
8614 }
8615 
8616 
8617 static int wpas_ctrl_radio_work_show(struct wpa_supplicant *wpa_s,
8618 				     char *buf, size_t buflen)
8619 {
8620 	struct wpa_radio_work *work;
8621 	char *pos, *end;
8622 	struct os_reltime now, diff;
8623 
8624 	pos = buf;
8625 	end = buf + buflen;
8626 
8627 	os_get_reltime(&now);
8628 
8629 	dl_list_for_each(work, &wpa_s->radio->work, struct wpa_radio_work, list)
8630 	{
8631 		int ret;
8632 
8633 		os_reltime_sub(&now, &work->time, &diff);
8634 		ret = os_snprintf(pos, end - pos, "%s@%s:%u:%u:%ld.%06ld\n",
8635 				  work->type, work->wpa_s->ifname, work->freq,
8636 				  work->started, diff.sec, diff.usec);
8637 		if (os_snprintf_error(end - pos, ret))
8638 			break;
8639 		pos += ret;
8640 	}
8641 
8642 	return pos - buf;
8643 }
8644 
8645 
8646 static void wpas_ctrl_radio_work_timeout(void *eloop_ctx, void *timeout_ctx)
8647 {
8648 	struct wpa_radio_work *work = eloop_ctx;
8649 	struct wpa_external_work *ework = work->ctx;
8650 
8651 	wpa_dbg(work->wpa_s, MSG_DEBUG,
8652 		"Timing out external radio work %u (%s)",
8653 		ework->id, work->type);
8654 	wpa_msg(work->wpa_s, MSG_INFO, EXT_RADIO_WORK_TIMEOUT "%u", ework->id);
8655 	work->wpa_s->ext_work_in_progress = 0;
8656 	radio_work_done(work);
8657 	os_free(ework);
8658 }
8659 
8660 
8661 static void wpas_ctrl_radio_work_cb(struct wpa_radio_work *work, int deinit)
8662 {
8663 	struct wpa_external_work *ework = work->ctx;
8664 
8665 	if (deinit) {
8666 		if (work->started)
8667 			eloop_cancel_timeout(wpas_ctrl_radio_work_timeout,
8668 					     work, NULL);
8669 
8670 		/*
8671 		 * work->type points to a buffer in ework, so need to replace
8672 		 * that here with a fixed string to avoid use of freed memory
8673 		 * in debug prints.
8674 		 */
8675 		work->type = "freed-ext-work";
8676 		work->ctx = NULL;
8677 		os_free(ework);
8678 		return;
8679 	}
8680 
8681 	wpa_dbg(work->wpa_s, MSG_DEBUG, "Starting external radio work %u (%s)",
8682 		ework->id, ework->type);
8683 	wpa_msg(work->wpa_s, MSG_INFO, EXT_RADIO_WORK_START "%u", ework->id);
8684 	work->wpa_s->ext_work_in_progress = 1;
8685 	if (!ework->timeout)
8686 		ework->timeout = 10;
8687 	eloop_register_timeout(ework->timeout, 0, wpas_ctrl_radio_work_timeout,
8688 			       work, NULL);
8689 }
8690 
8691 
8692 static int wpas_ctrl_radio_work_add(struct wpa_supplicant *wpa_s, char *cmd,
8693 				    char *buf, size_t buflen)
8694 {
8695 	struct wpa_external_work *ework;
8696 	char *pos, *pos2;
8697 	size_t type_len;
8698 	int ret;
8699 	unsigned int freq = 0;
8700 
8701 	/* format: <name> [freq=<MHz>] [timeout=<seconds>] */
8702 
8703 	ework = os_zalloc(sizeof(*ework));
8704 	if (ework == NULL)
8705 		return -1;
8706 
8707 	pos = os_strchr(cmd, ' ');
8708 	if (pos) {
8709 		type_len = pos - cmd;
8710 		pos++;
8711 
8712 		pos2 = os_strstr(pos, "freq=");
8713 		if (pos2)
8714 			freq = atoi(pos2 + 5);
8715 
8716 		pos2 = os_strstr(pos, "timeout=");
8717 		if (pos2)
8718 			ework->timeout = atoi(pos2 + 8);
8719 	} else {
8720 		type_len = os_strlen(cmd);
8721 	}
8722 	if (4 + type_len >= sizeof(ework->type))
8723 		type_len = sizeof(ework->type) - 4 - 1;
8724 	os_strlcpy(ework->type, "ext:", sizeof(ework->type));
8725 	os_memcpy(ework->type + 4, cmd, type_len);
8726 	ework->type[4 + type_len] = '\0';
8727 
8728 	wpa_s->ext_work_id++;
8729 	if (wpa_s->ext_work_id == 0)
8730 		wpa_s->ext_work_id++;
8731 	ework->id = wpa_s->ext_work_id;
8732 
8733 	if (radio_add_work(wpa_s, freq, ework->type, 0, wpas_ctrl_radio_work_cb,
8734 			   ework) < 0) {
8735 		os_free(ework);
8736 		return -1;
8737 	}
8738 
8739 	ret = os_snprintf(buf, buflen, "%u", ework->id);
8740 	if (os_snprintf_error(buflen, ret))
8741 		return -1;
8742 	return ret;
8743 }
8744 
8745 
8746 static int wpas_ctrl_radio_work_done(struct wpa_supplicant *wpa_s, char *cmd)
8747 {
8748 	struct wpa_radio_work *work;
8749 	unsigned int id = atoi(cmd);
8750 
8751 	dl_list_for_each(work, &wpa_s->radio->work, struct wpa_radio_work, list)
8752 	{
8753 		struct wpa_external_work *ework;
8754 
8755 		if (os_strncmp(work->type, "ext:", 4) != 0)
8756 			continue;
8757 		ework = work->ctx;
8758 		if (id && ework->id != id)
8759 			continue;
8760 		wpa_dbg(wpa_s, MSG_DEBUG,
8761 			"Completed external radio work %u (%s)",
8762 			ework->id, ework->type);
8763 		eloop_cancel_timeout(wpas_ctrl_radio_work_timeout, work, NULL);
8764 		wpa_s->ext_work_in_progress = 0;
8765 		radio_work_done(work);
8766 		os_free(ework);
8767 		return 3; /* "OK\n" */
8768 	}
8769 
8770 	return -1;
8771 }
8772 
8773 
8774 static int wpas_ctrl_radio_work(struct wpa_supplicant *wpa_s, char *cmd,
8775 				char *buf, size_t buflen)
8776 {
8777 	if (os_strcmp(cmd, "show") == 0)
8778 		return wpas_ctrl_radio_work_show(wpa_s, buf, buflen);
8779 	if (os_strncmp(cmd, "add ", 4) == 0)
8780 		return wpas_ctrl_radio_work_add(wpa_s, cmd + 4, buf, buflen);
8781 	if (os_strncmp(cmd, "done ", 5) == 0)
8782 		return wpas_ctrl_radio_work_done(wpa_s, cmd + 4);
8783 	return -1;
8784 }
8785 
8786 
8787 void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
8788 {
8789 	struct wpa_radio_work *work, *tmp;
8790 
8791 	if (!wpa_s || !wpa_s->radio)
8792 		return;
8793 
8794 	dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
8795 			      struct wpa_radio_work, list) {
8796 		struct wpa_external_work *ework;
8797 
8798 		if (os_strncmp(work->type, "ext:", 4) != 0)
8799 			continue;
8800 		ework = work->ctx;
8801 		wpa_dbg(wpa_s, MSG_DEBUG,
8802 			"Flushing%s external radio work %u (%s)",
8803 			work->started ? " started" : "", ework->id,
8804 			ework->type);
8805 		if (work->started)
8806 			eloop_cancel_timeout(wpas_ctrl_radio_work_timeout,
8807 					     work, NULL);
8808 		radio_work_done(work);
8809 		os_free(ework);
8810 	}
8811 }
8812 
8813 
8814 static void wpas_ctrl_eapol_response(void *eloop_ctx, void *timeout_ctx)
8815 {
8816 	struct wpa_supplicant *wpa_s = eloop_ctx;
8817 	eapol_sm_notify_ctrl_response(wpa_s->eapol);
8818 }
8819 
8820 
8821 static int scan_id_list_parse(struct wpa_supplicant *wpa_s, const char *value,
8822 			      unsigned int *scan_id_count, int scan_id[])
8823 {
8824 	const char *pos = value;
8825 
8826 	while (pos) {
8827 		if (*pos == ' ' || *pos == '\0')
8828 			break;
8829 		if (*scan_id_count == MAX_SCAN_ID)
8830 			return -1;
8831 		scan_id[(*scan_id_count)++] = atoi(pos);
8832 		pos = os_strchr(pos, ',');
8833 		if (pos)
8834 			pos++;
8835 	}
8836 
8837 	return 0;
8838 }
8839 
8840 
8841 static void wpas_ctrl_scan(struct wpa_supplicant *wpa_s, char *params,
8842 			   char *reply, int reply_size, int *reply_len)
8843 {
8844 	char *pos;
8845 	unsigned int manual_scan_passive = 0;
8846 	unsigned int manual_scan_use_id = 0;
8847 	unsigned int manual_scan_only_new = 0;
8848 	unsigned int scan_only = 0;
8849 	unsigned int scan_id_count = 0;
8850 	int scan_id[MAX_SCAN_ID];
8851 	void (*scan_res_handler)(struct wpa_supplicant *wpa_s,
8852 				 struct wpa_scan_results *scan_res);
8853 	int *manual_scan_freqs = NULL;
8854 	struct wpa_ssid_value *ssid = NULL, *ns;
8855 	unsigned int ssid_count = 0;
8856 
8857 	if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
8858 		*reply_len = -1;
8859 		return;
8860 	}
8861 
8862 	if (radio_work_pending(wpa_s, "scan")) {
8863 		wpa_printf(MSG_DEBUG,
8864 			   "Pending scan scheduled - reject new request");
8865 		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
8866 		return;
8867 	}
8868 
8869 #ifdef CONFIG_INTERWORKING
8870 	if (wpa_s->fetch_anqp_in_progress || wpa_s->network_select) {
8871 		wpa_printf(MSG_DEBUG,
8872 			   "Interworking select in progress - reject new scan");
8873 		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
8874 		return;
8875 	}
8876 #endif /* CONFIG_INTERWORKING */
8877 
8878 	if (params) {
8879 		if (os_strncasecmp(params, "TYPE=ONLY", 9) == 0)
8880 			scan_only = 1;
8881 
8882 		pos = os_strstr(params, "freq=");
8883 		if (pos) {
8884 			manual_scan_freqs = freq_range_to_channel_list(wpa_s,
8885 								       pos + 5);
8886 			if (manual_scan_freqs == NULL) {
8887 				*reply_len = -1;
8888 				goto done;
8889 			}
8890 		}
8891 
8892 		pos = os_strstr(params, "passive=");
8893 		if (pos)
8894 			manual_scan_passive = !!atoi(pos + 8);
8895 
8896 		pos = os_strstr(params, "use_id=");
8897 		if (pos)
8898 			manual_scan_use_id = atoi(pos + 7);
8899 
8900 		pos = os_strstr(params, "only_new=1");
8901 		if (pos)
8902 			manual_scan_only_new = 1;
8903 
8904 		pos = os_strstr(params, "scan_id=");
8905 		if (pos && scan_id_list_parse(wpa_s, pos + 8, &scan_id_count,
8906 					      scan_id) < 0) {
8907 			*reply_len = -1;
8908 			goto done;
8909 		}
8910 
8911 		pos = os_strstr(params, "bssid=");
8912 		if (pos) {
8913 			u8 bssid[ETH_ALEN];
8914 
8915 			pos += 6;
8916 			if (hwaddr_aton(pos, bssid)) {
8917 				wpa_printf(MSG_ERROR, "Invalid BSSID %s", pos);
8918 				*reply_len = -1;
8919 				goto done;
8920 			}
8921 			os_memcpy(wpa_s->next_scan_bssid, bssid, ETH_ALEN);
8922 
8923 			wpa_s->next_scan_bssid_wildcard_ssid =
8924 				os_strstr(params, "wildcard_ssid=1") != NULL;
8925 		}
8926 
8927 		pos = params;
8928 		while (pos && *pos != '\0') {
8929 			if (os_strncmp(pos, "ssid ", 5) == 0) {
8930 				char *end;
8931 
8932 				pos += 5;
8933 				end = pos;
8934 				while (*end) {
8935 					if (*end == '\0' || *end == ' ')
8936 						break;
8937 					end++;
8938 				}
8939 
8940 				ns = os_realloc_array(
8941 					ssid, ssid_count + 1,
8942 					sizeof(struct wpa_ssid_value));
8943 				if (ns == NULL) {
8944 					*reply_len = -1;
8945 					goto done;
8946 				}
8947 				ssid = ns;
8948 
8949 				if ((end - pos) & 0x01 ||
8950 				    end - pos > 2 * SSID_MAX_LEN ||
8951 				    hexstr2bin(pos, ssid[ssid_count].ssid,
8952 					       (end - pos) / 2) < 0) {
8953 					wpa_printf(MSG_DEBUG,
8954 						   "Invalid SSID value '%s'",
8955 						   pos);
8956 					*reply_len = -1;
8957 					goto done;
8958 				}
8959 				ssid[ssid_count].ssid_len = (end - pos) / 2;
8960 				wpa_hexdump_ascii(MSG_DEBUG, "scan SSID",
8961 						  ssid[ssid_count].ssid,
8962 						  ssid[ssid_count].ssid_len);
8963 				ssid_count++;
8964 				pos = end;
8965 			}
8966 
8967 			pos = os_strchr(pos, ' ');
8968 			if (pos)
8969 				pos++;
8970 		}
8971 	}
8972 
8973 	wpa_s->num_ssids_from_scan_req = ssid_count;
8974 	os_free(wpa_s->ssids_from_scan_req);
8975 	if (ssid_count) {
8976 		wpa_s->ssids_from_scan_req = ssid;
8977 		ssid = NULL;
8978 	} else {
8979 		wpa_s->ssids_from_scan_req = NULL;
8980 	}
8981 
8982 	if (scan_only)
8983 		scan_res_handler = scan_only_handler;
8984 	else if (wpa_s->scan_res_handler == scan_only_handler)
8985 		scan_res_handler = NULL;
8986 	else
8987 		scan_res_handler = wpa_s->scan_res_handler;
8988 
8989 	if (!wpa_s->sched_scanning && !wpa_s->scanning &&
8990 	    ((wpa_s->wpa_state <= WPA_SCANNING) ||
8991 	     (wpa_s->wpa_state == WPA_COMPLETED))) {
8992 		wpa_s->manual_scan_passive = manual_scan_passive;
8993 		wpa_s->manual_scan_use_id = manual_scan_use_id;
8994 		wpa_s->manual_scan_only_new = manual_scan_only_new;
8995 		wpa_s->scan_id_count = scan_id_count;
8996 		os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
8997 		wpa_s->scan_res_handler = scan_res_handler;
8998 		os_free(wpa_s->manual_scan_freqs);
8999 		wpa_s->manual_scan_freqs = manual_scan_freqs;
9000 		manual_scan_freqs = NULL;
9001 
9002 		wpa_s->normal_scans = 0;
9003 		wpa_s->scan_req = MANUAL_SCAN_REQ;
9004 		wpa_s->after_wps = 0;
9005 		wpa_s->known_wps_freq = 0;
9006 		wpa_supplicant_req_scan(wpa_s, 0, 0);
9007 		if (wpa_s->manual_scan_use_id) {
9008 			wpa_s->manual_scan_id++;
9009 			wpa_dbg(wpa_s, MSG_DEBUG, "Assigned scan id %u",
9010 				wpa_s->manual_scan_id);
9011 			*reply_len = os_snprintf(reply, reply_size, "%u\n",
9012 						 wpa_s->manual_scan_id);
9013 		}
9014 	} else if (wpa_s->sched_scanning) {
9015 		wpa_s->manual_scan_passive = manual_scan_passive;
9016 		wpa_s->manual_scan_use_id = manual_scan_use_id;
9017 		wpa_s->manual_scan_only_new = manual_scan_only_new;
9018 		wpa_s->scan_id_count = scan_id_count;
9019 		os_memcpy(wpa_s->scan_id, scan_id, scan_id_count * sizeof(int));
9020 		wpa_s->scan_res_handler = scan_res_handler;
9021 		os_free(wpa_s->manual_scan_freqs);
9022 		wpa_s->manual_scan_freqs = manual_scan_freqs;
9023 		manual_scan_freqs = NULL;
9024 
9025 		wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to allow requested full scan to proceed");
9026 		wpa_supplicant_cancel_sched_scan(wpa_s);
9027 		wpa_s->scan_req = MANUAL_SCAN_REQ;
9028 		wpa_supplicant_req_scan(wpa_s, 0, 0);
9029 		if (wpa_s->manual_scan_use_id) {
9030 			wpa_s->manual_scan_id++;
9031 			*reply_len = os_snprintf(reply, reply_size, "%u\n",
9032 						 wpa_s->manual_scan_id);
9033 			wpa_dbg(wpa_s, MSG_DEBUG, "Assigned scan id %u",
9034 				wpa_s->manual_scan_id);
9035 		}
9036 	} else {
9037 		wpa_printf(MSG_DEBUG, "Ongoing scan action - reject new request");
9038 		*reply_len = os_snprintf(reply, reply_size, "FAIL-BUSY\n");
9039 	}
9040 
9041 done:
9042 	os_free(manual_scan_freqs);
9043 	os_free(ssid);
9044 }
9045 
9046 
9047 #ifdef CONFIG_TESTING_OPTIONS
9048 
9049 static void wpas_ctrl_iface_mgmt_tx_cb(struct wpa_supplicant *wpa_s,
9050 				       unsigned int freq, const u8 *dst,
9051 				       const u8 *src, const u8 *bssid,
9052 				       const u8 *data, size_t data_len,
9053 				       enum offchannel_send_action_result
9054 				       result)
9055 {
9056 	wpa_msg(wpa_s, MSG_INFO, "MGMT-TX-STATUS freq=%u dst=" MACSTR
9057 		" src=" MACSTR " bssid=" MACSTR " result=%s",
9058 		freq, MAC2STR(dst), MAC2STR(src), MAC2STR(bssid),
9059 		result == OFFCHANNEL_SEND_ACTION_SUCCESS ?
9060 		"SUCCESS" : (result == OFFCHANNEL_SEND_ACTION_NO_ACK ?
9061 			     "NO_ACK" : "FAILED"));
9062 }
9063 
9064 
9065 static int wpas_ctrl_iface_mgmt_tx(struct wpa_supplicant *wpa_s, char *cmd)
9066 {
9067 	char *pos, *param;
9068 	size_t len;
9069 	u8 *buf, da[ETH_ALEN], bssid[ETH_ALEN];
9070 	int res, used;
9071 	int freq = 0, no_cck = 0, wait_time = 0;
9072 
9073 	/* <DA> <BSSID> [freq=<MHz>] [wait_time=<ms>] [no_cck=1]
9074 	 *    <action=Action frame payload> */
9075 
9076 	wpa_printf(MSG_DEBUG, "External MGMT TX: %s", cmd);
9077 
9078 	pos = cmd;
9079 	used = hwaddr_aton2(pos, da);
9080 	if (used < 0)
9081 		return -1;
9082 	pos += used;
9083 	while (*pos == ' ')
9084 		pos++;
9085 	used = hwaddr_aton2(pos, bssid);
9086 	if (used < 0)
9087 		return -1;
9088 	pos += used;
9089 
9090 	param = os_strstr(pos, " freq=");
9091 	if (param) {
9092 		param += 6;
9093 		freq = atoi(param);
9094 	}
9095 
9096 	param = os_strstr(pos, " no_cck=");
9097 	if (param) {
9098 		param += 8;
9099 		no_cck = atoi(param);
9100 	}
9101 
9102 	param = os_strstr(pos, " wait_time=");
9103 	if (param) {
9104 		param += 11;
9105 		wait_time = atoi(param);
9106 	}
9107 
9108 	param = os_strstr(pos, " action=");
9109 	if (param == NULL)
9110 		return -1;
9111 	param += 8;
9112 
9113 	len = os_strlen(param);
9114 	if (len & 1)
9115 		return -1;
9116 	len /= 2;
9117 
9118 	buf = os_malloc(len);
9119 	if (buf == NULL)
9120 		return -1;
9121 
9122 	if (hexstr2bin(param, buf, len) < 0) {
9123 		os_free(buf);
9124 		return -1;
9125 	}
9126 
9127 	res = offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, bssid,
9128 				     buf, len, wait_time,
9129 				     wpas_ctrl_iface_mgmt_tx_cb, no_cck);
9130 	os_free(buf);
9131 	return res;
9132 }
9133 
9134 
9135 static void wpas_ctrl_iface_mgmt_tx_done(struct wpa_supplicant *wpa_s)
9136 {
9137 	wpa_printf(MSG_DEBUG, "External MGMT TX - done waiting");
9138 	offchannel_send_action_done(wpa_s);
9139 }
9140 
9141 
9142 static int wpas_ctrl_iface_mgmt_rx_process(struct wpa_supplicant *wpa_s,
9143 					   char *cmd)
9144 {
9145 	char *pos, *param;
9146 	size_t len;
9147 	u8 *buf;
9148 	int freq = 0, datarate = 0, ssi_signal = 0;
9149 	union wpa_event_data event;
9150 
9151 	if (!wpa_s->ext_mgmt_frame_handling)
9152 		return -1;
9153 
9154 	/* freq=<MHz> datarate=<val> ssi_signal=<val> frame=<frame hexdump> */
9155 
9156 	wpa_printf(MSG_DEBUG, "External MGMT RX process: %s", cmd);
9157 
9158 	pos = cmd;
9159 	param = os_strstr(pos, "freq=");
9160 	if (param) {
9161 		param += 5;
9162 		freq = atoi(param);
9163 	}
9164 
9165 	param = os_strstr(pos, " datarate=");
9166 	if (param) {
9167 		param += 10;
9168 		datarate = atoi(param);
9169 	}
9170 
9171 	param = os_strstr(pos, " ssi_signal=");
9172 	if (param) {
9173 		param += 12;
9174 		ssi_signal = atoi(param);
9175 	}
9176 
9177 	param = os_strstr(pos, " frame=");
9178 	if (param == NULL)
9179 		return -1;
9180 	param += 7;
9181 
9182 	len = os_strlen(param);
9183 	if (len & 1)
9184 		return -1;
9185 	len /= 2;
9186 
9187 	buf = os_malloc(len);
9188 	if (buf == NULL)
9189 		return -1;
9190 
9191 	if (hexstr2bin(param, buf, len) < 0) {
9192 		os_free(buf);
9193 		return -1;
9194 	}
9195 
9196 	os_memset(&event, 0, sizeof(event));
9197 	event.rx_mgmt.freq = freq;
9198 	event.rx_mgmt.frame = buf;
9199 	event.rx_mgmt.frame_len = len;
9200 	event.rx_mgmt.ssi_signal = ssi_signal;
9201 	event.rx_mgmt.datarate = datarate;
9202 	wpa_s->ext_mgmt_frame_handling = 0;
9203 	wpa_supplicant_event(wpa_s, EVENT_RX_MGMT, &event);
9204 	wpa_s->ext_mgmt_frame_handling = 1;
9205 
9206 	os_free(buf);
9207 
9208 	return 0;
9209 }
9210 
9211 
9212 static int wpas_ctrl_iface_driver_scan_res(struct wpa_supplicant *wpa_s,
9213 					   char *param)
9214 {
9215 	struct wpa_scan_res *res;
9216 	struct os_reltime now;
9217 	char *pos, *end;
9218 	int ret = -1;
9219 
9220 	if (!param)
9221 		return -1;
9222 
9223 	if (os_strcmp(param, "START") == 0) {
9224 		wpa_bss_update_start(wpa_s);
9225 		return 0;
9226 	}
9227 
9228 	if (os_strcmp(param, "END") == 0) {
9229 		wpa_bss_update_end(wpa_s, NULL, 1);
9230 		return 0;
9231 	}
9232 
9233 	if (os_strncmp(param, "BSS ", 4) != 0)
9234 		return -1;
9235 	param += 3;
9236 
9237 	res = os_zalloc(sizeof(*res) + os_strlen(param) / 2);
9238 	if (!res)
9239 		return -1;
9240 
9241 	pos = os_strstr(param, " flags=");
9242 	if (pos)
9243 		res->flags = strtol(pos + 7, NULL, 16);
9244 
9245 	pos = os_strstr(param, " bssid=");
9246 	if (pos && hwaddr_aton(pos + 7, res->bssid))
9247 		goto fail;
9248 
9249 	pos = os_strstr(param, " freq=");
9250 	if (pos)
9251 		res->freq = atoi(pos + 6);
9252 
9253 	pos = os_strstr(param, " beacon_int=");
9254 	if (pos)
9255 		res->beacon_int = atoi(pos + 12);
9256 
9257 	pos = os_strstr(param, " caps=");
9258 	if (pos)
9259 		res->caps = strtol(pos + 6, NULL, 16);
9260 
9261 	pos = os_strstr(param, " qual=");
9262 	if (pos)
9263 		res->qual = atoi(pos + 6);
9264 
9265 	pos = os_strstr(param, " noise=");
9266 	if (pos)
9267 		res->noise = atoi(pos + 7);
9268 
9269 	pos = os_strstr(param, " level=");
9270 	if (pos)
9271 		res->level = atoi(pos + 7);
9272 
9273 	pos = os_strstr(param, " tsf=");
9274 	if (pos)
9275 		res->tsf = strtoll(pos + 5, NULL, 16);
9276 
9277 	pos = os_strstr(param, " age=");
9278 	if (pos)
9279 		res->age = atoi(pos + 5);
9280 
9281 	pos = os_strstr(param, " est_throughput=");
9282 	if (pos)
9283 		res->est_throughput = atoi(pos + 16);
9284 
9285 	pos = os_strstr(param, " snr=");
9286 	if (pos)
9287 		res->snr = atoi(pos + 5);
9288 
9289 	pos = os_strstr(param, " parent_tsf=");
9290 	if (pos)
9291 		res->parent_tsf = strtoll(pos + 7, NULL, 16);
9292 
9293 	pos = os_strstr(param, " tsf_bssid=");
9294 	if (pos && hwaddr_aton(pos + 11, res->tsf_bssid))
9295 		goto fail;
9296 
9297 	pos = os_strstr(param, " ie=");
9298 	if (pos) {
9299 		pos += 4;
9300 		end = os_strchr(pos, ' ');
9301 		if (!end)
9302 			end = pos + os_strlen(pos);
9303 		res->ie_len = (end - pos) / 2;
9304 		if (hexstr2bin(pos, (u8 *) (res + 1), res->ie_len))
9305 			goto fail;
9306 	}
9307 
9308 	pos = os_strstr(param, " beacon_ie=");
9309 	if (pos) {
9310 		pos += 11;
9311 		end = os_strchr(pos, ' ');
9312 		if (!end)
9313 			end = pos + os_strlen(pos);
9314 		res->beacon_ie_len = (end - pos) / 2;
9315 		if (hexstr2bin(pos, ((u8 *) (res + 1)) + res->ie_len,
9316 			       res->beacon_ie_len))
9317 			goto fail;
9318 	}
9319 
9320 	os_get_reltime(&now);
9321 	wpa_bss_update_scan_res(wpa_s, res, &now);
9322 	ret = 0;
9323 fail:
9324 	os_free(res);
9325 
9326 	return ret;
9327 }
9328 
9329 
9330 static int wpas_ctrl_iface_driver_event_assoc(struct wpa_supplicant *wpa_s,
9331 					      char *param)
9332 {
9333 	union wpa_event_data event;
9334 	struct assoc_info *ai;
9335 	char *ctx = NULL;
9336 	int ret = -1;
9337 	struct wpabuf *req_ies = NULL;
9338 	struct wpabuf *resp_ies = NULL;
9339 	struct wpabuf *resp_frame = NULL;
9340 	struct wpabuf *beacon_ies = NULL;
9341 	struct wpabuf *key_replay_ctr = NULL;
9342 	struct wpabuf *ptk_kck = NULL;
9343 	struct wpabuf *ptk_kek = NULL;
9344 	struct wpabuf *fils_pmk = NULL;
9345 	char *str, *pos;
9346 	u8 addr[ETH_ALEN];
9347 	u8 fils_pmkid[PMKID_LEN];
9348 
9349 	os_memset(&event, 0, sizeof(event));
9350 	ai = &event.assoc_info;
9351 
9352 	while ((str = str_token(param, " ", &ctx))) {
9353 		pos = os_strchr(str, '=');
9354 		if (!pos)
9355 			goto fail;
9356 		*pos++ = '\0';
9357 
9358 		if (os_strcmp(str, "reassoc") == 0) {
9359 			ai->reassoc = atoi(pos);
9360 		} else if (os_strcmp(str, "req_ies") == 0) {
9361 			wpabuf_free(req_ies);
9362 			req_ies = wpabuf_parse_bin(pos);
9363 			if (!req_ies)
9364 				goto fail;
9365 			ai->req_ies = wpabuf_head(req_ies);
9366 			ai->req_ies_len = wpabuf_len(req_ies);
9367 		} else if (os_strcmp(str, "resp_ies") == 0) {
9368 			wpabuf_free(resp_ies);
9369 			resp_ies = wpabuf_parse_bin(pos);
9370 			if (!resp_ies)
9371 				goto fail;
9372 			ai->resp_ies = wpabuf_head(resp_ies);
9373 			ai->resp_ies_len = wpabuf_len(resp_ies);
9374 		} else if (os_strcmp(str, "resp_frame") == 0) {
9375 			wpabuf_free(resp_frame);
9376 			resp_frame = wpabuf_parse_bin(pos);
9377 			if (!resp_frame)
9378 				goto fail;
9379 			ai->resp_frame = wpabuf_head(resp_frame);
9380 			ai->resp_frame_len = wpabuf_len(resp_frame);
9381 		} else if (os_strcmp(str, "beacon_ies") == 0) {
9382 			wpabuf_free(beacon_ies);
9383 			beacon_ies = wpabuf_parse_bin(pos);
9384 			if (!beacon_ies)
9385 				goto fail;
9386 			ai->beacon_ies = wpabuf_head(beacon_ies);
9387 			ai->beacon_ies_len = wpabuf_len(beacon_ies);
9388 		} else if (os_strcmp(str, "freq") == 0) {
9389 			ai->freq = atoi(pos);
9390 		} else if (os_strcmp(str, "wmm::info_bitmap") == 0) {
9391 			ai->wmm_params.info_bitmap = atoi(pos);
9392 		} else if (os_strcmp(str, "wmm::uapsd_queues") == 0) {
9393 			ai->wmm_params.uapsd_queues = atoi(pos);
9394 		} else if (os_strcmp(str, "addr") == 0) {
9395 			if (hwaddr_aton(pos, addr))
9396 				goto fail;
9397 			ai->addr = addr;
9398 		} else if (os_strcmp(str, "authorized") == 0) {
9399 			ai->authorized = atoi(pos);
9400 		} else if (os_strcmp(str, "key_replay_ctr") == 0) {
9401 			wpabuf_free(key_replay_ctr);
9402 			key_replay_ctr = wpabuf_parse_bin(pos);
9403 			if (!key_replay_ctr)
9404 				goto fail;
9405 			ai->key_replay_ctr = wpabuf_head(key_replay_ctr);
9406 			ai->key_replay_ctr_len = wpabuf_len(key_replay_ctr);
9407 		} else if (os_strcmp(str, "ptk_kck") == 0) {
9408 			wpabuf_free(ptk_kck);
9409 			ptk_kck = wpabuf_parse_bin(pos);
9410 			if (!ptk_kck)
9411 				goto fail;
9412 			ai->ptk_kck = wpabuf_head(ptk_kck);
9413 			ai->ptk_kck_len = wpabuf_len(ptk_kck);
9414 		} else if (os_strcmp(str, "ptk_kek") == 0) {
9415 			wpabuf_free(ptk_kek);
9416 			ptk_kek = wpabuf_parse_bin(pos);
9417 			if (!ptk_kek)
9418 				goto fail;
9419 			ai->ptk_kek = wpabuf_head(ptk_kek);
9420 			ai->ptk_kek_len = wpabuf_len(ptk_kek);
9421 		} else if (os_strcmp(str, "subnet_status") == 0) {
9422 			ai->subnet_status = atoi(pos);
9423 		} else if (os_strcmp(str, "fils_erp_next_seq_num") == 0) {
9424 			ai->fils_erp_next_seq_num = atoi(pos);
9425 		} else if (os_strcmp(str, "fils_pmk") == 0) {
9426 			wpabuf_free(fils_pmk);
9427 			fils_pmk = wpabuf_parse_bin(pos);
9428 			if (!fils_pmk)
9429 				goto fail;
9430 			ai->fils_pmk = wpabuf_head(fils_pmk);
9431 			ai->fils_pmk_len = wpabuf_len(fils_pmk);
9432 		} else if (os_strcmp(str, "fils_pmkid") == 0) {
9433 			if (hexstr2bin(pos, fils_pmkid, PMKID_LEN) < 0)
9434 				goto fail;
9435 			ai->fils_pmkid = fils_pmkid;
9436 		} else {
9437 			goto fail;
9438 		}
9439 	}
9440 
9441 	wpa_supplicant_event(wpa_s, EVENT_ASSOC, &event);
9442 	ret = 0;
9443 fail:
9444 	wpabuf_free(req_ies);
9445 	wpabuf_free(resp_ies);
9446 	wpabuf_free(resp_frame);
9447 	wpabuf_free(beacon_ies);
9448 	wpabuf_free(key_replay_ctr);
9449 	wpabuf_free(ptk_kck);
9450 	wpabuf_free(ptk_kek);
9451 	wpabuf_free(fils_pmk);
9452 	return ret;
9453 }
9454 
9455 
9456 static int wpas_ctrl_iface_driver_event(struct wpa_supplicant *wpa_s, char *cmd)
9457 {
9458 	char *pos, *param;
9459 	union wpa_event_data event;
9460 	enum wpa_event_type ev;
9461 
9462 	/* <event name> [parameters..] */
9463 
9464 	wpa_dbg(wpa_s, MSG_DEBUG, "Testing - external driver event: %s", cmd);
9465 
9466 	pos = cmd;
9467 	param = os_strchr(pos, ' ');
9468 	if (param)
9469 		*param++ = '\0';
9470 
9471 	os_memset(&event, 0, sizeof(event));
9472 
9473 	if (os_strcmp(cmd, "INTERFACE_ENABLED") == 0) {
9474 		ev = EVENT_INTERFACE_ENABLED;
9475 	} else if (os_strcmp(cmd, "INTERFACE_DISABLED") == 0) {
9476 		ev = EVENT_INTERFACE_DISABLED;
9477 	} else if (os_strcmp(cmd, "AVOID_FREQUENCIES") == 0) {
9478 		ev = EVENT_AVOID_FREQUENCIES;
9479 		if (param == NULL)
9480 			param = "";
9481 		if (freq_range_list_parse(&event.freq_range, param) < 0)
9482 			return -1;
9483 		wpa_supplicant_event(wpa_s, ev, &event);
9484 		os_free(event.freq_range.range);
9485 		return 0;
9486 	} else if (os_strcmp(cmd, "SCAN_RES") == 0) {
9487 		return wpas_ctrl_iface_driver_scan_res(wpa_s, param);
9488 	} else if (os_strcmp(cmd, "ASSOC") == 0) {
9489 		return wpas_ctrl_iface_driver_event_assoc(wpa_s, param);
9490 	} else {
9491 		wpa_dbg(wpa_s, MSG_DEBUG, "Testing - unknown driver event: %s",
9492 			cmd);
9493 		return -1;
9494 	}
9495 
9496 	wpa_supplicant_event(wpa_s, ev, &event);
9497 
9498 	return 0;
9499 }
9500 
9501 
9502 static int wpas_ctrl_iface_eapol_rx(struct wpa_supplicant *wpa_s, char *cmd)
9503 {
9504 	char *pos;
9505 	u8 src[ETH_ALEN], *buf;
9506 	int used;
9507 	size_t len;
9508 
9509 	wpa_printf(MSG_DEBUG, "External EAPOL RX: %s", cmd);
9510 
9511 	pos = cmd;
9512 	used = hwaddr_aton2(pos, src);
9513 	if (used < 0)
9514 		return -1;
9515 	pos += used;
9516 	while (*pos == ' ')
9517 		pos++;
9518 
9519 	len = os_strlen(pos);
9520 	if (len & 1)
9521 		return -1;
9522 	len /= 2;
9523 
9524 	buf = os_malloc(len);
9525 	if (buf == NULL)
9526 		return -1;
9527 
9528 	if (hexstr2bin(pos, buf, len) < 0) {
9529 		os_free(buf);
9530 		return -1;
9531 	}
9532 
9533 	wpa_supplicant_rx_eapol(wpa_s, src, buf, len);
9534 	os_free(buf);
9535 
9536 	return 0;
9537 }
9538 
9539 
9540 static int wpas_ctrl_iface_eapol_tx(struct wpa_supplicant *wpa_s, char *cmd)
9541 {
9542 	char *pos;
9543 	u8 dst[ETH_ALEN], *buf;
9544 	int used, ret;
9545 	size_t len;
9546 	unsigned int prev;
9547 
9548 	wpa_printf(MSG_DEBUG, "External EAPOL TX: %s", cmd);
9549 
9550 	pos = cmd;
9551 	used = hwaddr_aton2(pos, dst);
9552 	if (used < 0)
9553 		return -1;
9554 	pos += used;
9555 	while (*pos == ' ')
9556 		pos++;
9557 
9558 	len = os_strlen(pos);
9559 	if (len & 1)
9560 		return -1;
9561 	len /= 2;
9562 
9563 	buf = os_malloc(len);
9564 	if (!buf || hexstr2bin(pos, buf, len) < 0) {
9565 		os_free(buf);
9566 		return -1;
9567 	}
9568 
9569 	prev = wpa_s->ext_eapol_frame_io;
9570 	wpa_s->ext_eapol_frame_io = 0;
9571 	ret = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, buf, len);
9572 	wpa_s->ext_eapol_frame_io = prev;
9573 	os_free(buf);
9574 
9575 	return ret;
9576 }
9577 
9578 
9579 static u16 ipv4_hdr_checksum(const void *buf, size_t len)
9580 {
9581 	size_t i;
9582 	u32 sum = 0;
9583 	const u16 *pos = buf;
9584 
9585 	for (i = 0; i < len / 2; i++)
9586 		sum += *pos++;
9587 
9588 	while (sum >> 16)
9589 		sum = (sum & 0xffff) + (sum >> 16);
9590 
9591 	return sum ^ 0xffff;
9592 }
9593 
9594 
9595 #define HWSIM_PACKETLEN 1500
9596 #define HWSIM_IP_LEN (HWSIM_PACKETLEN - sizeof(struct ether_header))
9597 
9598 static void wpas_data_test_rx(void *ctx, const u8 *src_addr, const u8 *buf,
9599 			      size_t len)
9600 {
9601 	struct wpa_supplicant *wpa_s = ctx;
9602 	const struct ether_header *eth;
9603 	struct ip ip;
9604 	const u8 *pos;
9605 	unsigned int i;
9606 	char extra[30];
9607 
9608 	if (len < sizeof(*eth) + sizeof(ip) || len > HWSIM_PACKETLEN) {
9609 		wpa_printf(MSG_DEBUG,
9610 			   "test data: RX - ignore unexpected length %d",
9611 			   (int) len);
9612 		return;
9613 	}
9614 
9615 	eth = (const struct ether_header *) buf;
9616 	os_memcpy(&ip, eth + 1, sizeof(ip));
9617 	pos = &buf[sizeof(*eth) + sizeof(ip)];
9618 
9619 	if (ip.ip_hl != 5 || ip.ip_v != 4 || ntohs(ip.ip_len) > HWSIM_IP_LEN) {
9620 		wpa_printf(MSG_DEBUG,
9621 			   "test data: RX - ignore unexpected IP header");
9622 		return;
9623 	}
9624 
9625 	for (i = 0; i < ntohs(ip.ip_len) - sizeof(ip); i++) {
9626 		if (*pos != (u8) i) {
9627 			wpa_printf(MSG_DEBUG,
9628 				   "test data: RX - ignore mismatching payload");
9629 			return;
9630 		}
9631 		pos++;
9632 	}
9633 	extra[0] = '\0';
9634 	if (ntohs(ip.ip_len) != HWSIM_IP_LEN)
9635 		os_snprintf(extra, sizeof(extra), " len=%d", ntohs(ip.ip_len));
9636 	wpa_msg(wpa_s, MSG_INFO, "DATA-TEST-RX " MACSTR " " MACSTR "%s",
9637 		MAC2STR(eth->ether_dhost), MAC2STR(eth->ether_shost), extra);
9638 }
9639 
9640 
9641 static int wpas_ctrl_iface_data_test_config(struct wpa_supplicant *wpa_s,
9642 					    char *cmd)
9643 {
9644 	int enabled = atoi(cmd);
9645 	char *pos;
9646 	const char *ifname;
9647 
9648 	if (!enabled) {
9649 		if (wpa_s->l2_test) {
9650 			l2_packet_deinit(wpa_s->l2_test);
9651 			wpa_s->l2_test = NULL;
9652 			wpa_dbg(wpa_s, MSG_DEBUG, "test data: Disabled");
9653 		}
9654 		return 0;
9655 	}
9656 
9657 	if (wpa_s->l2_test)
9658 		return 0;
9659 
9660 	pos = os_strstr(cmd, " ifname=");
9661 	if (pos)
9662 		ifname = pos + 8;
9663 	else
9664 		ifname = wpa_s->ifname;
9665 
9666 	wpa_s->l2_test = l2_packet_init(ifname, wpa_s->own_addr,
9667 					ETHERTYPE_IP, wpas_data_test_rx,
9668 					wpa_s, 1);
9669 	if (wpa_s->l2_test == NULL)
9670 		return -1;
9671 
9672 	wpa_dbg(wpa_s, MSG_DEBUG, "test data: Enabled");
9673 
9674 	return 0;
9675 }
9676 
9677 
9678 static int wpas_ctrl_iface_data_test_tx(struct wpa_supplicant *wpa_s, char *cmd)
9679 {
9680 	u8 dst[ETH_ALEN], src[ETH_ALEN];
9681 	char *pos, *pos2;
9682 	int used;
9683 	long int val;
9684 	u8 tos;
9685 	u8 buf[2 + HWSIM_PACKETLEN];
9686 	struct ether_header *eth;
9687 	struct ip *ip;
9688 	u8 *dpos;
9689 	unsigned int i;
9690 	size_t send_len = HWSIM_IP_LEN;
9691 
9692 	if (wpa_s->l2_test == NULL)
9693 		return -1;
9694 
9695 	/* format: <dst> <src> <tos> [len=<length>] */
9696 
9697 	pos = cmd;
9698 	used = hwaddr_aton2(pos, dst);
9699 	if (used < 0)
9700 		return -1;
9701 	pos += used;
9702 	while (*pos == ' ')
9703 		pos++;
9704 	used = hwaddr_aton2(pos, src);
9705 	if (used < 0)
9706 		return -1;
9707 	pos += used;
9708 
9709 	val = strtol(pos, &pos2, 0);
9710 	if (val < 0 || val > 0xff)
9711 		return -1;
9712 	tos = val;
9713 
9714 	pos = os_strstr(pos2, " len=");
9715 	if (pos) {
9716 		i = atoi(pos + 5);
9717 		if (i < sizeof(*ip) || i > HWSIM_IP_LEN)
9718 			return -1;
9719 		send_len = i;
9720 	}
9721 
9722 	eth = (struct ether_header *) &buf[2];
9723 	os_memcpy(eth->ether_dhost, dst, ETH_ALEN);
9724 	os_memcpy(eth->ether_shost, src, ETH_ALEN);
9725 	eth->ether_type = htons(ETHERTYPE_IP);
9726 	ip = (struct ip *) (eth + 1);
9727 	os_memset(ip, 0, sizeof(*ip));
9728 	ip->ip_hl = 5;
9729 	ip->ip_v = 4;
9730 	ip->ip_ttl = 64;
9731 	ip->ip_tos = tos;
9732 	ip->ip_len = htons(send_len);
9733 	ip->ip_p = 1;
9734 	ip->ip_src.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 1);
9735 	ip->ip_dst.s_addr = htonl(192U << 24 | 168 << 16 | 1 << 8 | 2);
9736 	ip->ip_sum = ipv4_hdr_checksum(ip, sizeof(*ip));
9737 	dpos = (u8 *) (ip + 1);
9738 	for (i = 0; i < send_len - sizeof(*ip); i++)
9739 		*dpos++ = i;
9740 
9741 	if (l2_packet_send(wpa_s->l2_test, dst, ETHERTYPE_IP, &buf[2],
9742 			   sizeof(struct ether_header) + send_len) < 0)
9743 		return -1;
9744 
9745 	wpa_dbg(wpa_s, MSG_DEBUG, "test data: TX dst=" MACSTR " src=" MACSTR
9746 		" tos=0x%x", MAC2STR(dst), MAC2STR(src), tos);
9747 
9748 	return 0;
9749 }
9750 
9751 
9752 static int wpas_ctrl_iface_data_test_frame(struct wpa_supplicant *wpa_s,
9753 					   char *cmd)
9754 {
9755 	u8 *buf;
9756 	struct ether_header *eth;
9757 	struct l2_packet_data *l2 = NULL;
9758 	size_t len;
9759 	u16 ethertype;
9760 	int res = -1;
9761 
9762 	len = os_strlen(cmd);
9763 	if (len & 1 || len < ETH_HLEN * 2)
9764 		return -1;
9765 	len /= 2;
9766 
9767 	buf = os_malloc(len);
9768 	if (buf == NULL)
9769 		return -1;
9770 
9771 	if (hexstr2bin(cmd, buf, len) < 0)
9772 		goto done;
9773 
9774 	eth = (struct ether_header *) buf;
9775 	ethertype = ntohs(eth->ether_type);
9776 
9777 	l2 = l2_packet_init(wpa_s->ifname, wpa_s->own_addr, ethertype,
9778 			    wpas_data_test_rx, wpa_s, 1);
9779 	if (l2 == NULL)
9780 		goto done;
9781 
9782 	res = l2_packet_send(l2, eth->ether_dhost, ethertype, buf, len);
9783 	wpa_dbg(wpa_s, MSG_DEBUG, "test data: TX frame res=%d", res);
9784 done:
9785 	if (l2)
9786 		l2_packet_deinit(l2);
9787 	os_free(buf);
9788 
9789 	return res < 0 ? -1 : 0;
9790 }
9791 
9792 
9793 static int wpas_ctrl_test_alloc_fail(struct wpa_supplicant *wpa_s, char *cmd)
9794 {
9795 #ifdef WPA_TRACE_BFD
9796 	char *pos;
9797 
9798 	wpa_trace_fail_after = atoi(cmd);
9799 	pos = os_strchr(cmd, ':');
9800 	if (pos) {
9801 		pos++;
9802 		os_strlcpy(wpa_trace_fail_func, pos,
9803 			   sizeof(wpa_trace_fail_func));
9804 	} else {
9805 		wpa_trace_fail_after = 0;
9806 	}
9807 	return 0;
9808 #else /* WPA_TRACE_BFD */
9809 	return -1;
9810 #endif /* WPA_TRACE_BFD */
9811 }
9812 
9813 
9814 static int wpas_ctrl_get_alloc_fail(struct wpa_supplicant *wpa_s,
9815 				    char *buf, size_t buflen)
9816 {
9817 #ifdef WPA_TRACE_BFD
9818 	return os_snprintf(buf, buflen, "%u:%s", wpa_trace_fail_after,
9819 			   wpa_trace_fail_func);
9820 #else /* WPA_TRACE_BFD */
9821 	return -1;
9822 #endif /* WPA_TRACE_BFD */
9823 }
9824 
9825 
9826 static int wpas_ctrl_test_fail(struct wpa_supplicant *wpa_s, char *cmd)
9827 {
9828 #ifdef WPA_TRACE_BFD
9829 	char *pos;
9830 
9831 	wpa_trace_test_fail_after = atoi(cmd);
9832 	pos = os_strchr(cmd, ':');
9833 	if (pos) {
9834 		pos++;
9835 		os_strlcpy(wpa_trace_test_fail_func, pos,
9836 			   sizeof(wpa_trace_test_fail_func));
9837 	} else {
9838 		wpa_trace_test_fail_after = 0;
9839 	}
9840 	return 0;
9841 #else /* WPA_TRACE_BFD */
9842 	return -1;
9843 #endif /* WPA_TRACE_BFD */
9844 }
9845 
9846 
9847 static int wpas_ctrl_get_fail(struct wpa_supplicant *wpa_s,
9848 				    char *buf, size_t buflen)
9849 {
9850 #ifdef WPA_TRACE_BFD
9851 	return os_snprintf(buf, buflen, "%u:%s", wpa_trace_test_fail_after,
9852 			   wpa_trace_test_fail_func);
9853 #else /* WPA_TRACE_BFD */
9854 	return -1;
9855 #endif /* WPA_TRACE_BFD */
9856 }
9857 
9858 
9859 static void wpas_ctrl_event_test_cb(void *eloop_ctx, void *timeout_ctx)
9860 {
9861 	struct wpa_supplicant *wpa_s = eloop_ctx;
9862 	int i, count = (intptr_t) timeout_ctx;
9863 
9864 	wpa_printf(MSG_DEBUG, "TEST: Send %d control interface event messages",
9865 		   count);
9866 	for (i = 0; i < count; i++) {
9867 		wpa_msg_ctrl(wpa_s, MSG_INFO, "TEST-EVENT-MESSAGE %d/%d",
9868 			     i + 1, count);
9869 	}
9870 }
9871 
9872 
9873 static int wpas_ctrl_event_test(struct wpa_supplicant *wpa_s, const char *cmd)
9874 {
9875 	int count;
9876 
9877 	count = atoi(cmd);
9878 	if (count <= 0)
9879 		return -1;
9880 
9881 	return eloop_register_timeout(0, 0, wpas_ctrl_event_test_cb, wpa_s,
9882 				      (void *) (intptr_t) count);
9883 }
9884 
9885 
9886 static int wpas_ctrl_test_assoc_ie(struct wpa_supplicant *wpa_s,
9887 				   const char *cmd)
9888 {
9889 	struct wpabuf *buf;
9890 	size_t len;
9891 
9892 	len = os_strlen(cmd);
9893 	if (len & 1)
9894 		return -1;
9895 	len /= 2;
9896 
9897 	if (len == 0) {
9898 		buf = NULL;
9899 	} else {
9900 		buf = wpabuf_alloc(len);
9901 		if (buf == NULL)
9902 			return -1;
9903 
9904 		if (hexstr2bin(cmd, wpabuf_put(buf, len), len) < 0) {
9905 			wpabuf_free(buf);
9906 			return -1;
9907 		}
9908 	}
9909 
9910 	wpa_sm_set_test_assoc_ie(wpa_s->wpa, buf);
9911 	return 0;
9912 }
9913 
9914 
9915 static int wpas_ctrl_reset_pn(struct wpa_supplicant *wpa_s)
9916 {
9917 	u8 zero[WPA_TK_MAX_LEN];
9918 
9919 	if (wpa_s->last_tk_alg == WPA_ALG_NONE)
9920 		return -1;
9921 
9922 	wpa_printf(MSG_INFO, "TESTING: Reset PN");
9923 	os_memset(zero, 0, sizeof(zero));
9924 
9925 	/* First, use a zero key to avoid any possible duplicate key avoidance
9926 	 * in the driver. */
9927 	if (wpa_drv_set_key(wpa_s, wpa_s->last_tk_alg, wpa_s->last_tk_addr,
9928 			    wpa_s->last_tk_key_idx, 1, zero, 6,
9929 			    zero, wpa_s->last_tk_len,
9930 			    KEY_FLAG_PAIRWISE_RX_TX) < 0)
9931 		return -1;
9932 
9933 	/* Set the previously configured key to reset its TSC/RSC */
9934 	return wpa_drv_set_key(wpa_s, wpa_s->last_tk_alg, wpa_s->last_tk_addr,
9935 			       wpa_s->last_tk_key_idx, 1, zero, 6,
9936 			       wpa_s->last_tk, wpa_s->last_tk_len,
9937 			       KEY_FLAG_PAIRWISE_RX_TX);
9938 }
9939 
9940 
9941 static int wpas_ctrl_key_request(struct wpa_supplicant *wpa_s, const char *cmd)
9942 {
9943 	const char *pos = cmd;
9944 	int error, pairwise;
9945 
9946 	error = atoi(pos);
9947 	pos = os_strchr(pos, ' ');
9948 	if (!pos)
9949 		return -1;
9950 	pairwise = atoi(pos);
9951 	wpa_sm_key_request(wpa_s->wpa, error, pairwise);
9952 	return 0;
9953 }
9954 
9955 
9956 static int wpas_ctrl_resend_assoc(struct wpa_supplicant *wpa_s)
9957 {
9958 #ifdef CONFIG_SME
9959 	struct wpa_driver_associate_params params;
9960 	int ret;
9961 
9962 	os_memset(&params, 0, sizeof(params));
9963 	params.bssid = wpa_s->bssid;
9964 	params.ssid = wpa_s->sme.ssid;
9965 	params.ssid_len = wpa_s->sme.ssid_len;
9966 	params.freq.freq = wpa_s->sme.freq;
9967 	if (wpa_s->last_assoc_req_wpa_ie) {
9968 		params.wpa_ie = wpabuf_head(wpa_s->last_assoc_req_wpa_ie);
9969 		params.wpa_ie_len = wpabuf_len(wpa_s->last_assoc_req_wpa_ie);
9970 	}
9971 	params.pairwise_suite = wpa_s->pairwise_cipher;
9972 	params.group_suite = wpa_s->group_cipher;
9973 	params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
9974 	params.key_mgmt_suite = wpa_s->key_mgmt;
9975 	params.wpa_proto = wpa_s->wpa_proto;
9976 	params.mgmt_frame_protection = wpa_s->sme.mfp;
9977 	params.rrm_used = wpa_s->rrm.rrm_used;
9978 	if (wpa_s->sme.prev_bssid_set)
9979 		params.prev_bssid = wpa_s->sme.prev_bssid;
9980 	wpa_printf(MSG_INFO, "TESTING: Resend association request");
9981 	ret = wpa_drv_associate(wpa_s, &params);
9982 	wpa_s->testing_resend_assoc = 1;
9983 	return ret;
9984 #else /* CONFIG_SME */
9985 	return -1;
9986 #endif /* CONFIG_SME */
9987 }
9988 
9989 
9990 static int wpas_ctrl_iface_send_twt_setup(struct wpa_supplicant *wpa_s,
9991 					  const char *cmd)
9992 {
9993 	u8 dtok = 1;
9994 	int exponent = 10;
9995 	int mantissa = 8192;
9996 	u8 min_twt = 255;
9997 	unsigned long long twt = 0;
9998 	bool requestor = true;
9999 	int setup_cmd = 0;
10000 	bool trigger = true;
10001 	bool implicit = true;
10002 	bool flow_type = true;
10003 	int flow_id = 0;
10004 	bool protection = false;
10005 	u8 twt_channel = 0;
10006 	u8 control = BIT(4); /* Control field (IEEE P802.11ax/D8.0 Figure
10007 			      * 9-687): B4 = TWT Information Frame Disabled */
10008 	const char *tok_s;
10009 
10010 	tok_s = os_strstr(cmd, " dialog=");
10011 	if (tok_s)
10012 		dtok = atoi(tok_s + os_strlen(" dialog="));
10013 
10014 	tok_s = os_strstr(cmd, " exponent=");
10015 	if (tok_s)
10016 		exponent = atoi(tok_s + os_strlen(" exponent="));
10017 
10018 	tok_s = os_strstr(cmd, " mantissa=");
10019 	if (tok_s)
10020 		mantissa = atoi(tok_s + os_strlen(" mantissa="));
10021 
10022 	tok_s = os_strstr(cmd, " min_twt=");
10023 	if (tok_s)
10024 		min_twt = atoi(tok_s + os_strlen(" min_twt="));
10025 
10026 	tok_s = os_strstr(cmd, " setup_cmd=");
10027 	if (tok_s)
10028 		setup_cmd = atoi(tok_s + os_strlen(" setup_cmd="));
10029 
10030 	tok_s = os_strstr(cmd, " twt=");
10031 	if (tok_s)
10032 		sscanf(tok_s + os_strlen(" twt="), "%llu", &twt);
10033 
10034 	tok_s = os_strstr(cmd, " requestor=");
10035 	if (tok_s)
10036 		requestor = atoi(tok_s + os_strlen(" requestor="));
10037 
10038 	tok_s = os_strstr(cmd, " trigger=");
10039 	if (tok_s)
10040 		trigger = atoi(tok_s + os_strlen(" trigger="));
10041 
10042 	tok_s = os_strstr(cmd, " implicit=");
10043 	if (tok_s)
10044 		implicit = atoi(tok_s + os_strlen(" implicit="));
10045 
10046 	tok_s = os_strstr(cmd, " flow_type=");
10047 	if (tok_s)
10048 		flow_type = atoi(tok_s + os_strlen(" flow_type="));
10049 
10050 	tok_s = os_strstr(cmd, " flow_id=");
10051 	if (tok_s)
10052 		flow_id = atoi(tok_s + os_strlen(" flow_id="));
10053 
10054 	tok_s = os_strstr(cmd, " protection=");
10055 	if (tok_s)
10056 		protection = atoi(tok_s + os_strlen(" protection="));
10057 
10058 	tok_s = os_strstr(cmd, " twt_channel=");
10059 	if (tok_s)
10060 		twt_channel = atoi(tok_s + os_strlen(" twt_channel="));
10061 
10062 	tok_s = os_strstr(cmd, " control=");
10063 	if (tok_s)
10064 		control = atoi(tok_s + os_strlen(" control="));
10065 
10066 	return wpas_twt_send_setup(wpa_s, dtok, exponent, mantissa, min_twt,
10067 				   setup_cmd, twt, requestor, trigger, implicit,
10068 				   flow_type, flow_id, protection, twt_channel,
10069 				   control);
10070 }
10071 
10072 
10073 static int wpas_ctrl_iface_send_twt_teardown(struct wpa_supplicant *wpa_s,
10074 					     const char *cmd)
10075 {
10076 	u8 flags = 0x1;
10077 	const char *tok_s;
10078 
10079 	tok_s = os_strstr(cmd, " flags=");
10080 	if (tok_s)
10081 		flags = atoi(tok_s + os_strlen(" flags="));
10082 
10083 	return wpas_twt_send_teardown(wpa_s, flags);
10084 }
10085 
10086 #endif /* CONFIG_TESTING_OPTIONS */
10087 
10088 
10089 static int wpas_ctrl_vendor_elem_add(struct wpa_supplicant *wpa_s, char *cmd)
10090 {
10091 	char *pos = cmd;
10092 	int frame;
10093 	size_t len;
10094 	struct wpabuf *buf;
10095 	struct ieee802_11_elems elems;
10096 
10097 	frame = atoi(pos);
10098 	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
10099 		return -1;
10100 	wpa_s = wpas_vendor_elem(wpa_s, frame);
10101 
10102 	pos = os_strchr(pos, ' ');
10103 	if (pos == NULL)
10104 		return -1;
10105 	pos++;
10106 
10107 	len = os_strlen(pos);
10108 	if (len == 0)
10109 		return 0;
10110 	if (len & 1)
10111 		return -1;
10112 	len /= 2;
10113 
10114 	buf = wpabuf_alloc(len);
10115 	if (buf == NULL)
10116 		return -1;
10117 
10118 	if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
10119 		wpabuf_free(buf);
10120 		return -1;
10121 	}
10122 
10123 	if (ieee802_11_parse_elems(wpabuf_head_u8(buf), len, &elems, 0) ==
10124 	    ParseFailed) {
10125 		wpabuf_free(buf);
10126 		return -1;
10127 	}
10128 
10129 	if (wpa_s->vendor_elem[frame] == NULL) {
10130 		wpa_s->vendor_elem[frame] = buf;
10131 		goto update_ies;
10132 	}
10133 
10134 	if (wpabuf_resize(&wpa_s->vendor_elem[frame], len) < 0) {
10135 		wpabuf_free(buf);
10136 		return -1;
10137 	}
10138 
10139 	wpabuf_put_buf(wpa_s->vendor_elem[frame], buf);
10140 	wpabuf_free(buf);
10141 
10142 update_ies:
10143 	wpas_vendor_elem_update(wpa_s);
10144 
10145 	if (frame == VENDOR_ELEM_PROBE_REQ ||
10146 	    frame == VENDOR_ELEM_PROBE_REQ_P2P)
10147 		wpa_supplicant_set_default_scan_ies(wpa_s);
10148 
10149 	return 0;
10150 }
10151 
10152 
10153 static int wpas_ctrl_vendor_elem_get(struct wpa_supplicant *wpa_s, char *cmd,
10154 				     char *buf, size_t buflen)
10155 {
10156 	int frame = atoi(cmd);
10157 
10158 	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
10159 		return -1;
10160 	wpa_s = wpas_vendor_elem(wpa_s, frame);
10161 
10162 	if (wpa_s->vendor_elem[frame] == NULL)
10163 		return 0;
10164 
10165 	return wpa_snprintf_hex(buf, buflen,
10166 				wpabuf_head_u8(wpa_s->vendor_elem[frame]),
10167 				wpabuf_len(wpa_s->vendor_elem[frame]));
10168 }
10169 
10170 
10171 static int wpas_ctrl_vendor_elem_remove(struct wpa_supplicant *wpa_s, char *cmd)
10172 {
10173 	char *pos = cmd;
10174 	int frame;
10175 	size_t len;
10176 	u8 *buf;
10177 	struct ieee802_11_elems elems;
10178 	int res;
10179 
10180 	frame = atoi(pos);
10181 	if (frame < 0 || frame >= NUM_VENDOR_ELEM_FRAMES)
10182 		return -1;
10183 	wpa_s = wpas_vendor_elem(wpa_s, frame);
10184 
10185 	pos = os_strchr(pos, ' ');
10186 	if (pos == NULL)
10187 		return -1;
10188 	pos++;
10189 
10190 	if (*pos == '*') {
10191 		wpabuf_free(wpa_s->vendor_elem[frame]);
10192 		wpa_s->vendor_elem[frame] = NULL;
10193 		wpas_vendor_elem_update(wpa_s);
10194 		return 0;
10195 	}
10196 
10197 	if (wpa_s->vendor_elem[frame] == NULL)
10198 		return -1;
10199 
10200 	len = os_strlen(pos);
10201 	if (len == 0)
10202 		return 0;
10203 	if (len & 1)
10204 		return -1;
10205 	len /= 2;
10206 
10207 	buf = os_malloc(len);
10208 	if (buf == NULL)
10209 		return -1;
10210 
10211 	if (hexstr2bin(pos, buf, len) < 0) {
10212 		os_free(buf);
10213 		return -1;
10214 	}
10215 
10216 	if (ieee802_11_parse_elems(buf, len, &elems, 0) == ParseFailed) {
10217 		os_free(buf);
10218 		return -1;
10219 	}
10220 
10221 	res = wpas_vendor_elem_remove(wpa_s, frame, buf, len);
10222 	os_free(buf);
10223 	return res;
10224 }
10225 
10226 
10227 static void wpas_ctrl_neighbor_rep_cb(void *ctx, struct wpabuf *neighbor_rep)
10228 {
10229 	struct wpa_supplicant *wpa_s = ctx;
10230 	size_t len;
10231 	const u8 *data;
10232 
10233 	/*
10234 	 * Neighbor Report element (IEEE P802.11-REVmc/D5.0)
10235 	 * BSSID[6]
10236 	 * BSSID Information[4]
10237 	 * Operating Class[1]
10238 	 * Channel Number[1]
10239 	 * PHY Type[1]
10240 	 * Optional Subelements[variable]
10241 	 */
10242 #define NR_IE_MIN_LEN (ETH_ALEN + 4 + 1 + 1 + 1)
10243 
10244 	if (!neighbor_rep || wpabuf_len(neighbor_rep) == 0) {
10245 		wpa_msg_ctrl(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_FAILED);
10246 		goto out;
10247 	}
10248 
10249 	data = wpabuf_head_u8(neighbor_rep);
10250 	len = wpabuf_len(neighbor_rep);
10251 
10252 	while (len >= 2 + NR_IE_MIN_LEN) {
10253 		const u8 *nr;
10254 		char lci[256 * 2 + 1];
10255 		char civic[256 * 2 + 1];
10256 		u8 nr_len = data[1];
10257 		const u8 *pos = data, *end;
10258 
10259 		if (pos[0] != WLAN_EID_NEIGHBOR_REPORT ||
10260 		    nr_len < NR_IE_MIN_LEN) {
10261 			wpa_dbg(wpa_s, MSG_DEBUG,
10262 				"CTRL: Invalid Neighbor Report element: id=%u len=%u",
10263 				data[0], nr_len);
10264 			goto out;
10265 		}
10266 
10267 		if (2U + nr_len > len) {
10268 			wpa_dbg(wpa_s, MSG_DEBUG,
10269 				"CTRL: Invalid Neighbor Report element: id=%u len=%zu nr_len=%u",
10270 				data[0], len, nr_len);
10271 			goto out;
10272 		}
10273 		pos += 2;
10274 		end = pos + nr_len;
10275 
10276 		nr = pos;
10277 		pos += NR_IE_MIN_LEN;
10278 
10279 		lci[0] = '\0';
10280 		civic[0] = '\0';
10281 		while (end - pos > 2) {
10282 			u8 s_id, s_len;
10283 
10284 			s_id = *pos++;
10285 			s_len = *pos++;
10286 			if (s_len > end - pos)
10287 				goto out;
10288 			if (s_id == WLAN_EID_MEASURE_REPORT && s_len > 3) {
10289 				/* Measurement Token[1] */
10290 				/* Measurement Report Mode[1] */
10291 				/* Measurement Type[1] */
10292 				/* Measurement Report[variable] */
10293 				switch (pos[2]) {
10294 				case MEASURE_TYPE_LCI:
10295 					if (lci[0])
10296 						break;
10297 					wpa_snprintf_hex(lci, sizeof(lci),
10298 							 pos, s_len);
10299 					break;
10300 				case MEASURE_TYPE_LOCATION_CIVIC:
10301 					if (civic[0])
10302 						break;
10303 					wpa_snprintf_hex(civic, sizeof(civic),
10304 							 pos, s_len);
10305 					break;
10306 				}
10307 			}
10308 
10309 			pos += s_len;
10310 		}
10311 
10312 		wpa_msg(wpa_s, MSG_INFO, RRM_EVENT_NEIGHBOR_REP_RXED
10313 			"bssid=" MACSTR
10314 			" info=0x%x op_class=%u chan=%u phy_type=%u%s%s%s%s",
10315 			MAC2STR(nr), WPA_GET_LE32(nr + ETH_ALEN),
10316 			nr[ETH_ALEN + 4], nr[ETH_ALEN + 5],
10317 			nr[ETH_ALEN + 6],
10318 			lci[0] ? " lci=" : "", lci,
10319 			civic[0] ? " civic=" : "", civic);
10320 
10321 		data = end;
10322 		len -= 2 + nr_len;
10323 	}
10324 
10325 out:
10326 	wpabuf_free(neighbor_rep);
10327 }
10328 
10329 
10330 static int wpas_ctrl_iface_send_neighbor_rep(struct wpa_supplicant *wpa_s,
10331 					     char *cmd)
10332 {
10333 	struct wpa_ssid_value ssid, *ssid_p = NULL;
10334 	int ret, lci = 0, civic = 0;
10335 	char *ssid_s;
10336 
10337 	ssid_s = os_strstr(cmd, "ssid=");
10338 	if (ssid_s) {
10339 		if (ssid_parse(ssid_s + 5, &ssid)) {
10340 			wpa_msg(wpa_s, MSG_INFO,
10341 				"CTRL: Send Neighbor Report: bad SSID");
10342 			return -1;
10343 		}
10344 
10345 		ssid_p = &ssid;
10346 
10347 		/*
10348 		 * Move cmd after the SSID text that may include "lci" or
10349 		 * "civic".
10350 		 */
10351 		cmd = os_strchr(ssid_s + 6, ssid_s[5] == '"' ? '"' : ' ');
10352 		if (cmd)
10353 			cmd++;
10354 
10355 	}
10356 
10357 	if (cmd && os_strstr(cmd, "lci"))
10358 		lci = 1;
10359 
10360 	if (cmd && os_strstr(cmd, "civic"))
10361 		civic = 1;
10362 
10363 	ret = wpas_rrm_send_neighbor_rep_request(wpa_s, ssid_p, lci, civic,
10364 						 wpas_ctrl_neighbor_rep_cb,
10365 						 wpa_s);
10366 
10367 	return ret;
10368 }
10369 
10370 
10371 static int wpas_ctrl_iface_erp_flush(struct wpa_supplicant *wpa_s)
10372 {
10373 	eapol_sm_erp_flush(wpa_s->eapol);
10374 	return 0;
10375 }
10376 
10377 
10378 static int wpas_ctrl_iface_mac_rand_scan(struct wpa_supplicant *wpa_s,
10379 					 char *cmd)
10380 {
10381 	char *token, *context = NULL;
10382 	unsigned int enable = ~0, type = 0;
10383 	u8 _addr[ETH_ALEN], _mask[ETH_ALEN];
10384 	u8 *addr = NULL, *mask = NULL;
10385 
10386 	while ((token = str_token(cmd, " ", &context))) {
10387 		if (os_strcasecmp(token, "scan") == 0) {
10388 			type |= MAC_ADDR_RAND_SCAN;
10389 		} else if (os_strcasecmp(token, "sched") == 0) {
10390 			type |= MAC_ADDR_RAND_SCHED_SCAN;
10391 		} else if (os_strcasecmp(token, "pno") == 0) {
10392 			type |= MAC_ADDR_RAND_PNO;
10393 		} else if (os_strcasecmp(token, "all") == 0) {
10394 			type = wpa_s->mac_addr_rand_supported;
10395 		} else if (os_strncasecmp(token, "enable=", 7) == 0) {
10396 			enable = atoi(token + 7);
10397 		} else if (os_strncasecmp(token, "addr=", 5) == 0) {
10398 			addr = _addr;
10399 			if (hwaddr_aton(token + 5, addr)) {
10400 				wpa_printf(MSG_INFO,
10401 					   "CTRL: Invalid MAC address: %s",
10402 					   token);
10403 				return -1;
10404 			}
10405 		} else if (os_strncasecmp(token, "mask=", 5) == 0) {
10406 			mask = _mask;
10407 			if (hwaddr_aton(token + 5, mask)) {
10408 				wpa_printf(MSG_INFO,
10409 					   "CTRL: Invalid MAC address mask: %s",
10410 					   token);
10411 				return -1;
10412 			}
10413 		} else {
10414 			wpa_printf(MSG_INFO,
10415 				   "CTRL: Invalid MAC_RAND_SCAN parameter: %s",
10416 				   token);
10417 			return -1;
10418 		}
10419 	}
10420 
10421 	if (!type) {
10422 		wpa_printf(MSG_INFO, "CTRL: MAC_RAND_SCAN no type specified");
10423 		return -1;
10424 	}
10425 
10426 	if (enable > 1) {
10427 		wpa_printf(MSG_INFO,
10428 			   "CTRL: MAC_RAND_SCAN enable=<0/1> not specified");
10429 		return -1;
10430 	}
10431 
10432 	if (!enable)
10433 		return wpas_disable_mac_addr_randomization(wpa_s, type);
10434 
10435 	return wpas_enable_mac_addr_randomization(wpa_s, type, addr, mask);
10436 }
10437 
10438 
10439 static int wpas_ctrl_iface_pmksa(struct wpa_supplicant *wpa_s,
10440 				 char *buf, size_t buflen)
10441 {
10442 	size_t reply_len;
10443 
10444 	reply_len = wpa_sm_pmksa_cache_list(wpa_s->wpa, buf, buflen);
10445 #ifdef CONFIG_AP
10446 	reply_len += wpas_ap_pmksa_cache_list(wpa_s, &buf[reply_len],
10447 					      buflen - reply_len);
10448 #endif /* CONFIG_AP */
10449 	return reply_len;
10450 }
10451 
10452 
10453 static void wpas_ctrl_iface_pmksa_flush(struct wpa_supplicant *wpa_s)
10454 {
10455 	ptksa_cache_flush(wpa_s->ptksa, NULL, WPA_CIPHER_NONE);
10456 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
10457 #ifdef CONFIG_AP
10458 	wpas_ap_pmksa_cache_flush(wpa_s);
10459 #endif /* CONFIG_AP */
10460 }
10461 
10462 
10463 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
10464 
10465 static int wpas_ctrl_iface_pmksa_get(struct wpa_supplicant *wpa_s,
10466 				     const char *cmd, char *buf, size_t buflen)
10467 {
10468 	struct rsn_pmksa_cache_entry *entry;
10469 	struct wpa_ssid *ssid;
10470 	char *pos, *pos2, *end;
10471 	int ret;
10472 	struct os_reltime now;
10473 
10474 	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
10475 	if (!ssid)
10476 		return -1;
10477 
10478 	pos = buf;
10479 	end = buf + buflen;
10480 
10481 	os_get_reltime(&now);
10482 
10483 	/*
10484 	 * Entry format:
10485 	 * <BSSID> <PMKID> <PMK> <reauth_time in seconds>
10486 	 * <expiration in seconds> <akmp> <opportunistic>
10487 	 * [FILS Cache Identifier]
10488 	 */
10489 
10490 	for (entry = wpa_sm_pmksa_cache_head(wpa_s->wpa); entry;
10491 	     entry = entry->next) {
10492 		if (entry->network_ctx != ssid)
10493 			continue;
10494 
10495 		pos2 = pos;
10496 		ret = os_snprintf(pos2, end - pos2, MACSTR " ",
10497 				  MAC2STR(entry->aa));
10498 		if (os_snprintf_error(end - pos2, ret))
10499 			break;
10500 		pos2 += ret;
10501 
10502 		pos2 += wpa_snprintf_hex(pos2, end - pos2, entry->pmkid,
10503 					 PMKID_LEN);
10504 
10505 		ret = os_snprintf(pos2, end - pos2, " ");
10506 		if (os_snprintf_error(end - pos2, ret))
10507 			break;
10508 		pos2 += ret;
10509 
10510 		pos2 += wpa_snprintf_hex(pos2, end - pos2, entry->pmk,
10511 					 entry->pmk_len);
10512 
10513 		ret = os_snprintf(pos2, end - pos2, " %d %d %d %d",
10514 				  (int) (entry->reauth_time - now.sec),
10515 				  (int) (entry->expiration - now.sec),
10516 				  entry->akmp,
10517 				  entry->opportunistic);
10518 		if (os_snprintf_error(end - pos2, ret))
10519 			break;
10520 		pos2 += ret;
10521 
10522 		if (entry->fils_cache_id_set) {
10523 			ret = os_snprintf(pos2, end - pos2, " %02x%02x",
10524 					  entry->fils_cache_id[0],
10525 					  entry->fils_cache_id[1]);
10526 			if (os_snprintf_error(end - pos2, ret))
10527 				break;
10528 			pos2 += ret;
10529 		}
10530 
10531 		ret = os_snprintf(pos2, end - pos2, "\n");
10532 		if (os_snprintf_error(end - pos2, ret))
10533 			break;
10534 		pos2 += ret;
10535 
10536 		pos = pos2;
10537 	}
10538 
10539 	return pos - buf;
10540 }
10541 
10542 
10543 static int wpas_ctrl_iface_pmksa_add(struct wpa_supplicant *wpa_s,
10544 				     char *cmd)
10545 {
10546 	struct rsn_pmksa_cache_entry *entry;
10547 	struct wpa_ssid *ssid;
10548 	char *pos, *pos2;
10549 	int ret = -1;
10550 	struct os_reltime now;
10551 	int reauth_time = 0, expiration = 0, i;
10552 
10553 	/*
10554 	 * Entry format:
10555 	 * <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds>
10556 	 * <expiration in seconds> <akmp> <opportunistic>
10557 	 * [FILS Cache Identifier]
10558 	 */
10559 
10560 	ssid = wpa_config_get_network(wpa_s->conf, atoi(cmd));
10561 	if (!ssid)
10562 		return -1;
10563 
10564 	pos = os_strchr(cmd, ' ');
10565 	if (!pos)
10566 		return -1;
10567 	pos++;
10568 
10569 	entry = os_zalloc(sizeof(*entry));
10570 	if (!entry)
10571 		return -1;
10572 
10573 	if (hwaddr_aton(pos, entry->aa))
10574 		goto fail;
10575 
10576 	pos = os_strchr(pos, ' ');
10577 	if (!pos)
10578 		goto fail;
10579 	pos++;
10580 
10581 	if (hexstr2bin(pos, entry->pmkid, PMKID_LEN) < 0)
10582 		goto fail;
10583 
10584 	pos = os_strchr(pos, ' ');
10585 	if (!pos)
10586 		goto fail;
10587 	pos++;
10588 
10589 	pos2 = os_strchr(pos, ' ');
10590 	if (!pos2)
10591 		goto fail;
10592 	entry->pmk_len = (pos2 - pos) / 2;
10593 	if (entry->pmk_len < PMK_LEN || entry->pmk_len > PMK_LEN_MAX ||
10594 	    hexstr2bin(pos, entry->pmk, entry->pmk_len) < 0)
10595 		goto fail;
10596 
10597 	pos = os_strchr(pos, ' ');
10598 	if (!pos)
10599 		goto fail;
10600 	pos++;
10601 
10602 	if (sscanf(pos, "%d %d %d %d", &reauth_time, &expiration,
10603 		   &entry->akmp, &entry->opportunistic) != 4)
10604 		goto fail;
10605 	for (i = 0; i < 4; i++) {
10606 		pos = os_strchr(pos, ' ');
10607 		if (!pos) {
10608 			if (i < 3)
10609 				goto fail;
10610 			break;
10611 		}
10612 		pos++;
10613 	}
10614 	if (pos) {
10615 		if (hexstr2bin(pos, entry->fils_cache_id,
10616 			       FILS_CACHE_ID_LEN) < 0)
10617 			goto fail;
10618 		entry->fils_cache_id_set = 1;
10619 	}
10620 	os_get_reltime(&now);
10621 	entry->expiration = now.sec + expiration;
10622 	entry->reauth_time = now.sec + reauth_time;
10623 
10624 	entry->network_ctx = ssid;
10625 
10626 	entry->external = true;
10627 
10628 	wpa_sm_pmksa_cache_add_entry(wpa_s->wpa, entry);
10629 	entry = NULL;
10630 	ret = 0;
10631 fail:
10632 	os_free(entry);
10633 	return ret;
10634 }
10635 
10636 
10637 #ifdef CONFIG_MESH
10638 
10639 static int wpas_ctrl_iface_mesh_pmksa_get(struct wpa_supplicant *wpa_s,
10640 					  const char *cmd, char *buf,
10641 					  size_t buflen)
10642 {
10643 	u8 spa[ETH_ALEN];
10644 
10645 	if (!wpa_s->ifmsh)
10646 		return -1;
10647 
10648 	if (os_strcasecmp(cmd, "any") == 0)
10649 		return wpas_ap_pmksa_cache_list_mesh(wpa_s, NULL, buf, buflen);
10650 
10651 	if (hwaddr_aton(cmd, spa))
10652 		return -1;
10653 
10654 	return wpas_ap_pmksa_cache_list_mesh(wpa_s, spa, buf, buflen);
10655 }
10656 
10657 
10658 static int wpas_ctrl_iface_mesh_pmksa_add(struct wpa_supplicant *wpa_s,
10659 					  char *cmd)
10660 {
10661 	/*
10662 	 * We do not check mesh interface existence because PMKSA should be
10663 	 * stored before wpa_s->ifmsh creation to suppress commit message
10664 	 * creation.
10665 	 */
10666 	return wpas_ap_pmksa_cache_add_external(wpa_s, cmd);
10667 }
10668 
10669 #endif /* CONFIG_MESH */
10670 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
10671 
10672 
10673 #ifdef CONFIG_FILS
10674 static int wpas_ctrl_iface_fils_hlp_req_add(struct wpa_supplicant *wpa_s,
10675 					    const char *cmd)
10676 {
10677 	struct fils_hlp_req *req;
10678 	const char *pos;
10679 
10680 	/* format: <dst> <packet starting from ethertype> */
10681 
10682 	req = os_zalloc(sizeof(*req));
10683 	if (!req)
10684 		return -1;
10685 
10686 	if (hwaddr_aton(cmd, req->dst))
10687 		goto fail;
10688 
10689 	pos = os_strchr(cmd, ' ');
10690 	if (!pos)
10691 		goto fail;
10692 	pos++;
10693 	req->pkt = wpabuf_parse_bin(pos);
10694 	if (!req->pkt)
10695 		goto fail;
10696 
10697 	dl_list_add_tail(&wpa_s->fils_hlp_req, &req->list);
10698 	return 0;
10699 fail:
10700 	wpabuf_free(req->pkt);
10701 	os_free(req);
10702 	return -1;
10703 }
10704 #endif /* CONFIG_FILS */
10705 
10706 
10707 static int wpas_ctrl_cmd_debug_level(const char *cmd)
10708 {
10709 	if (os_strcmp(cmd, "PING") == 0 ||
10710 	    os_strncmp(cmd, "BSS ", 4) == 0 ||
10711 	    os_strncmp(cmd, "GET_NETWORK ", 12) == 0 ||
10712 	    os_strncmp(cmd, "STATUS", 6) == 0 ||
10713 	    os_strncmp(cmd, "STA ", 4) == 0 ||
10714 	    os_strncmp(cmd, "STA-", 4) == 0)
10715 		return MSG_EXCESSIVE;
10716 	return MSG_DEBUG;
10717 }
10718 
10719 
10720 static int wpas_ctrl_iface_configure_mscs(struct wpa_supplicant *wpa_s,
10721 					  const char *cmd)
10722 {
10723 	size_t frame_classifier_len;
10724 	const char *pos, *end;
10725 	struct robust_av_data *robust_av = &wpa_s->robust_av;
10726 	int val;
10727 
10728 	/*
10729 	 * format:
10730 	 * <add|remove|change> [up_bitmap=<hex byte>] [up_limit=<integer>]
10731 	 * [stream_timeout=<in TUs>] [frame_classifier=<hex bytes>]
10732 	 */
10733 	os_memset(robust_av, 0, sizeof(struct robust_av_data));
10734 	if (os_strncmp(cmd, "add ", 4) == 0) {
10735 		robust_av->request_type = SCS_REQ_ADD;
10736 	} else if (os_strcmp(cmd, "remove") == 0) {
10737 		robust_av->request_type = SCS_REQ_REMOVE;
10738 		robust_av->valid_config = false;
10739 		return wpas_send_mscs_req(wpa_s);
10740 	} else if (os_strncmp(cmd, "change ", 7) == 0) {
10741 		robust_av->request_type = SCS_REQ_CHANGE;
10742 	} else {
10743 		return -1;
10744 	}
10745 
10746 	pos = os_strstr(cmd, "up_bitmap=");
10747 	if (!pos)
10748 		return -1;
10749 
10750 	val = hex2byte(pos + 10);
10751 	if (val < 0)
10752 		return -1;
10753 	robust_av->up_bitmap = val;
10754 
10755 	pos = os_strstr(cmd, "up_limit=");
10756 	if (!pos)
10757 		return -1;
10758 
10759 	robust_av->up_limit = atoi(pos + 9);
10760 
10761 	pos = os_strstr(cmd, "stream_timeout=");
10762 	if (!pos)
10763 		return -1;
10764 
10765 	robust_av->stream_timeout = atoi(pos + 15);
10766 	if (robust_av->stream_timeout == 0)
10767 		return -1;
10768 
10769 	pos = os_strstr(cmd, "frame_classifier=");
10770 	if (!pos)
10771 		return -1;
10772 
10773 	pos += 17;
10774 	end = os_strchr(pos, ' ');
10775 	if (!end)
10776 		end = pos + os_strlen(pos);
10777 
10778 	frame_classifier_len = (end - pos) / 2;
10779 	if (frame_classifier_len > sizeof(robust_av->frame_classifier) ||
10780 	    hexstr2bin(pos, robust_av->frame_classifier, frame_classifier_len))
10781 		return -1;
10782 
10783 	robust_av->frame_classifier_len = frame_classifier_len;
10784 	robust_av->valid_config = true;
10785 
10786 	return wpas_send_mscs_req(wpa_s);
10787 }
10788 
10789 
10790 #ifdef CONFIG_PASN
10791 static int wpas_ctrl_iface_pasn_start(struct wpa_supplicant *wpa_s, char *cmd)
10792 {
10793 	char *token, *context = NULL;
10794 	u8 bssid[ETH_ALEN];
10795 	int akmp = -1, cipher = -1, got_bssid = 0;
10796 	u16 group = 0xFFFF;
10797 	u8 *comeback = NULL;
10798 	size_t comeback_len = 0;
10799 	int id = 0, ret = -1;
10800 
10801 	/*
10802 	 * Entry format: bssid=<BSSID> akmp=<AKMP> cipher=<CIPHER> group=<group>
10803 	 *    [comeback=<hexdump>]
10804 	 */
10805 	while ((token = str_token(cmd, " ", &context))) {
10806 		if (os_strncmp(token, "bssid=", 6) == 0) {
10807 			if (hwaddr_aton(token + 6, bssid))
10808 				goto out;
10809 			got_bssid = 1;
10810 		} else if (os_strcmp(token, "akmp=PASN") == 0) {
10811 			akmp = WPA_KEY_MGMT_PASN;
10812 #ifdef CONFIG_IEEE80211R
10813 		} else if (os_strcmp(token, "akmp=FT-PSK") == 0) {
10814 			akmp = WPA_KEY_MGMT_FT_PSK;
10815 		} else if (os_strcmp(token, "akmp=FT-EAP-SHA384") == 0) {
10816 			akmp = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
10817 		} else if (os_strcmp(token, "akmp=FT-EAP") == 0) {
10818 			akmp = WPA_KEY_MGMT_FT_IEEE8021X;
10819 #endif /* CONFIG_IEEE80211R */
10820 #ifdef CONFIG_SAE
10821 		} else if (os_strcmp(token, "akmp=SAE") == 0) {
10822 			akmp = WPA_KEY_MGMT_SAE;
10823 #endif /* CONFIG_SAE */
10824 #ifdef CONFIG_FILS
10825 		} else if (os_strcmp(token, "akmp=FILS-SHA256") == 0) {
10826 			akmp = WPA_KEY_MGMT_FILS_SHA256;
10827 		} else if (os_strcmp(token, "akmp=FILS-SHA384") == 0) {
10828 			akmp = WPA_KEY_MGMT_FILS_SHA384;
10829 #endif /* CONFIG_FILS */
10830 		} else if (os_strcmp(token, "cipher=CCMP-256") == 0) {
10831 			cipher = WPA_CIPHER_CCMP_256;
10832 		} else if (os_strcmp(token, "cipher=GCMP-256") == 0) {
10833 			cipher = WPA_CIPHER_GCMP_256;
10834 		} else if (os_strcmp(token, "cipher=CCMP") == 0) {
10835 			cipher = WPA_CIPHER_CCMP;
10836 		} else if (os_strcmp(token, "cipher=GCMP") == 0) {
10837 			cipher = WPA_CIPHER_GCMP;
10838 		} else if (os_strncmp(token, "group=", 6) == 0) {
10839 			group = atoi(token + 6);
10840 		} else if (os_strncmp(token, "nid=", 4) == 0) {
10841 			id = atoi(token + 4);
10842 		} else if (os_strncmp(token, "comeback=", 9) == 0) {
10843 			comeback_len = os_strlen(token + 9);
10844 			if (comeback || !comeback_len || comeback_len % 2)
10845 				goto out;
10846 
10847 			comeback_len /= 2;
10848 			comeback = os_malloc(comeback_len);
10849 			if (!comeback ||
10850 			    hexstr2bin(token + 9, comeback, comeback_len))
10851 				goto out;
10852 		} else {
10853 			wpa_printf(MSG_DEBUG,
10854 				   "CTRL: PASN Invalid parameter: '%s'",
10855 				   token);
10856 			goto out;
10857 		}
10858 	}
10859 
10860 	if (!got_bssid || akmp == -1 || cipher == -1 || group == 0xFFFF) {
10861 		wpa_printf(MSG_DEBUG,"CTRL: PASN missing parameter");
10862 		goto out;
10863 	}
10864 
10865 	ret = wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group, id,
10866 				   comeback, comeback_len);
10867 out:
10868 	os_free(comeback);
10869 	return ret;
10870 }
10871 
10872 
10873 static int wpas_ctrl_iface_pasn_deauthenticate(struct wpa_supplicant *wpa_s,
10874 					       const char *cmd)
10875 {
10876 	u8 bssid[ETH_ALEN];
10877 
10878 	if (os_strncmp(cmd, "bssid=", 6) != 0 || hwaddr_aton(cmd + 6, bssid)) {
10879 		wpa_printf(MSG_DEBUG,
10880 			   "CTRL: PASN_DEAUTH without valid BSSID");
10881 		return -1;
10882 	}
10883 
10884 	return wpas_pasn_deauthenticate(wpa_s, bssid);
10885 }
10886 
10887 #endif /* CONFIG_PASN */
10888 
10889 
10890 char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
10891 					 char *buf, size_t *resp_len)
10892 {
10893 	char *reply;
10894 	const int reply_size = 4096;
10895 	int reply_len;
10896 
10897 	if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
10898 	    os_strncmp(buf, "SET_NETWORK ", 12) == 0 ||
10899 	    os_strncmp(buf, "PMKSA_ADD ", 10) == 0 ||
10900 	    os_strncmp(buf, "MESH_PMKSA_ADD ", 15) == 0) {
10901 		if (wpa_debug_show_keys)
10902 			wpa_dbg(wpa_s, MSG_DEBUG,
10903 				"Control interface command '%s'", buf);
10904 		else
10905 			wpa_dbg(wpa_s, MSG_DEBUG,
10906 				"Control interface command '%s [REMOVED]'",
10907 				os_strncmp(buf, WPA_CTRL_RSP,
10908 					   os_strlen(WPA_CTRL_RSP)) == 0 ?
10909 				WPA_CTRL_RSP :
10910 				(os_strncmp(buf, "SET_NETWORK ", 12) == 0 ?
10911 				 "SET_NETWORK" : "key-add"));
10912 	} else if (os_strncmp(buf, "WPS_NFC_TAG_READ", 16) == 0 ||
10913 		   os_strncmp(buf, "NFC_REPORT_HANDOVER", 19) == 0) {
10914 		wpa_hexdump_ascii_key(MSG_DEBUG, "RX ctrl_iface",
10915 				      (const u8 *) buf, os_strlen(buf));
10916 	} else {
10917 		int level = wpas_ctrl_cmd_debug_level(buf);
10918 		wpa_dbg(wpa_s, level, "Control interface command '%s'", buf);
10919 	}
10920 
10921 	reply = os_malloc(reply_size);
10922 	if (reply == NULL) {
10923 		*resp_len = 1;
10924 		return NULL;
10925 	}
10926 
10927 	os_memcpy(reply, "OK\n", 3);
10928 	reply_len = 3;
10929 
10930 	if (os_strcmp(buf, "PING") == 0) {
10931 		os_memcpy(reply, "PONG\n", 5);
10932 		reply_len = 5;
10933 	} else if (os_strcmp(buf, "IFNAME") == 0) {
10934 		reply_len = os_strlen(wpa_s->ifname);
10935 		os_memcpy(reply, wpa_s->ifname, reply_len);
10936 	} else if (os_strncmp(buf, "RELOG", 5) == 0) {
10937 		if (wpa_debug_reopen_file() < 0)
10938 			reply_len = -1;
10939 	} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
10940 		wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
10941 	} else if (os_strcmp(buf, "MIB") == 0) {
10942 		reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
10943 		if (reply_len >= 0) {
10944 			reply_len += eapol_sm_get_mib(wpa_s->eapol,
10945 						      reply + reply_len,
10946 						      reply_size - reply_len);
10947 #ifdef CONFIG_MACSEC
10948 			reply_len += ieee802_1x_kay_get_mib(
10949 				wpa_s->kay, reply + reply_len,
10950 				reply_size - reply_len);
10951 #endif /* CONFIG_MACSEC */
10952 		}
10953 	} else if (os_strncmp(buf, "STATUS", 6) == 0) {
10954 		reply_len = wpa_supplicant_ctrl_iface_status(
10955 			wpa_s, buf + 6, reply, reply_size);
10956 	} else if (os_strcmp(buf, "PMKSA") == 0) {
10957 		reply_len = wpas_ctrl_iface_pmksa(wpa_s, reply, reply_size);
10958 	} else if (os_strcmp(buf, "PMKSA_FLUSH") == 0) {
10959 		wpas_ctrl_iface_pmksa_flush(wpa_s);
10960 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
10961 	} else if (os_strncmp(buf, "PMKSA_GET ", 10) == 0) {
10962 		reply_len = wpas_ctrl_iface_pmksa_get(wpa_s, buf + 10,
10963 						      reply, reply_size);
10964 	} else if (os_strncmp(buf, "PMKSA_ADD ", 10) == 0) {
10965 		if (wpas_ctrl_iface_pmksa_add(wpa_s, buf + 10) < 0)
10966 			reply_len = -1;
10967 #ifdef CONFIG_MESH
10968 	} else if (os_strncmp(buf, "MESH_PMKSA_GET ", 15) == 0) {
10969 		reply_len = wpas_ctrl_iface_mesh_pmksa_get(wpa_s, buf + 15,
10970 							   reply, reply_size);
10971 	} else if (os_strncmp(buf, "MESH_PMKSA_ADD ", 15) == 0) {
10972 		if (wpas_ctrl_iface_mesh_pmksa_add(wpa_s, buf + 15) < 0)
10973 			reply_len = -1;
10974 #endif /* CONFIG_MESH */
10975 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
10976 	} else if (os_strncmp(buf, "SET ", 4) == 0) {
10977 		if (wpa_supplicant_ctrl_iface_set(wpa_s, buf + 4))
10978 			reply_len = -1;
10979 	} else if (os_strncmp(buf, "DUMP", 4) == 0) {
10980 		reply_len = wpa_config_dump_values(wpa_s->conf,
10981 						   reply, reply_size);
10982 	} else if (os_strncmp(buf, "GET ", 4) == 0) {
10983 		reply_len = wpa_supplicant_ctrl_iface_get(wpa_s, buf + 4,
10984 							  reply, reply_size);
10985 	} else if (os_strcmp(buf, "LOGON") == 0) {
10986 		eapol_sm_notify_logoff(wpa_s->eapol, false);
10987 	} else if (os_strcmp(buf, "LOGOFF") == 0) {
10988 		eapol_sm_notify_logoff(wpa_s->eapol, true);
10989 	} else if (os_strcmp(buf, "REASSOCIATE") == 0) {
10990 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
10991 			reply_len = -1;
10992 		else
10993 			wpas_request_connection(wpa_s);
10994 	} else if (os_strcmp(buf, "REATTACH") == 0) {
10995 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED ||
10996 		    !wpa_s->current_ssid)
10997 			reply_len = -1;
10998 		else {
10999 			wpa_s->reattach = 1;
11000 			wpas_request_connection(wpa_s);
11001 		}
11002 	} else if (os_strcmp(buf, "RECONNECT") == 0) {
11003 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
11004 			reply_len = -1;
11005 		else if (wpa_s->disconnected)
11006 			wpas_request_connection(wpa_s);
11007 #ifdef IEEE8021X_EAPOL
11008 	} else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
11009 		if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
11010 			reply_len = -1;
11011 #endif /* IEEE8021X_EAPOL */
11012 #ifdef CONFIG_IEEE80211R
11013 	} else if (os_strncmp(buf, "FT_DS ", 6) == 0) {
11014 		if (wpa_supplicant_ctrl_iface_ft_ds(wpa_s, buf + 6))
11015 			reply_len = -1;
11016 #endif /* CONFIG_IEEE80211R */
11017 #ifdef CONFIG_WPS
11018 	} else if (os_strcmp(buf, "WPS_PBC") == 0) {
11019 		int res = wpa_supplicant_ctrl_iface_wps_pbc(wpa_s, NULL);
11020 		if (res == -2) {
11021 			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
11022 			reply_len = 17;
11023 		} else if (res)
11024 			reply_len = -1;
11025 	} else if (os_strncmp(buf, "WPS_PBC ", 8) == 0) {
11026 		int res = wpa_supplicant_ctrl_iface_wps_pbc(wpa_s, buf + 8);
11027 		if (res == -2) {
11028 			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
11029 			reply_len = 17;
11030 		} else if (res)
11031 			reply_len = -1;
11032 	} else if (os_strncmp(buf, "WPS_PIN ", 8) == 0) {
11033 		reply_len = wpa_supplicant_ctrl_iface_wps_pin(wpa_s, buf + 8,
11034 							      reply,
11035 							      reply_size);
11036 	} else if (os_strncmp(buf, "WPS_CHECK_PIN ", 14) == 0) {
11037 		reply_len = wpa_supplicant_ctrl_iface_wps_check_pin(
11038 			wpa_s, buf + 14, reply, reply_size);
11039 	} else if (os_strcmp(buf, "WPS_CANCEL") == 0) {
11040 		if (wpas_wps_cancel(wpa_s))
11041 			reply_len = -1;
11042 #ifdef CONFIG_WPS_NFC
11043 	} else if (os_strcmp(buf, "WPS_NFC") == 0) {
11044 		if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, NULL))
11045 			reply_len = -1;
11046 	} else if (os_strncmp(buf, "WPS_NFC ", 8) == 0) {
11047 		if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, buf + 8))
11048 			reply_len = -1;
11049 	} else if (os_strncmp(buf, "WPS_NFC_CONFIG_TOKEN ", 21) == 0) {
11050 		reply_len = wpa_supplicant_ctrl_iface_wps_nfc_config_token(
11051 			wpa_s, buf + 21, reply, reply_size);
11052 	} else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) {
11053 		reply_len = wpa_supplicant_ctrl_iface_wps_nfc_token(
11054 			wpa_s, buf + 14, reply, reply_size);
11055 	} else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) {
11056 		if (wpa_supplicant_ctrl_iface_wps_nfc_tag_read(wpa_s,
11057 							       buf + 17))
11058 			reply_len = -1;
11059 	} else if (os_strncmp(buf, "NFC_GET_HANDOVER_REQ ", 21) == 0) {
11060 		reply_len = wpas_ctrl_nfc_get_handover_req(
11061 			wpa_s, buf + 21, reply, reply_size);
11062 	} else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) {
11063 		reply_len = wpas_ctrl_nfc_get_handover_sel(
11064 			wpa_s, buf + 21, reply, reply_size);
11065 	} else if (os_strncmp(buf, "NFC_REPORT_HANDOVER ", 20) == 0) {
11066 		if (wpas_ctrl_nfc_report_handover(wpa_s, buf + 20))
11067 			reply_len = -1;
11068 #endif /* CONFIG_WPS_NFC */
11069 	} else if (os_strncmp(buf, "WPS_REG ", 8) == 0) {
11070 		if (wpa_supplicant_ctrl_iface_wps_reg(wpa_s, buf + 8))
11071 			reply_len = -1;
11072 #ifdef CONFIG_AP
11073 	} else if (os_strncmp(buf, "WPS_AP_PIN ", 11) == 0) {
11074 		reply_len = wpa_supplicant_ctrl_iface_wps_ap_pin(
11075 			wpa_s, buf + 11, reply, reply_size);
11076 #endif /* CONFIG_AP */
11077 #ifdef CONFIG_WPS_ER
11078 	} else if (os_strcmp(buf, "WPS_ER_START") == 0) {
11079 		if (wpas_wps_er_start(wpa_s, NULL))
11080 			reply_len = -1;
11081 	} else if (os_strncmp(buf, "WPS_ER_START ", 13) == 0) {
11082 		if (wpas_wps_er_start(wpa_s, buf + 13))
11083 			reply_len = -1;
11084 	} else if (os_strcmp(buf, "WPS_ER_STOP") == 0) {
11085 		wpas_wps_er_stop(wpa_s);
11086 	} else if (os_strncmp(buf, "WPS_ER_PIN ", 11) == 0) {
11087 		if (wpa_supplicant_ctrl_iface_wps_er_pin(wpa_s, buf + 11))
11088 			reply_len = -1;
11089 	} else if (os_strncmp(buf, "WPS_ER_PBC ", 11) == 0) {
11090 		int ret = wpas_wps_er_pbc(wpa_s, buf + 11);
11091 		if (ret == -2) {
11092 			os_memcpy(reply, "FAIL-PBC-OVERLAP\n", 17);
11093 			reply_len = 17;
11094 		} else if (ret == -3) {
11095 			os_memcpy(reply, "FAIL-UNKNOWN-UUID\n", 18);
11096 			reply_len = 18;
11097 		} else if (ret == -4) {
11098 			os_memcpy(reply, "FAIL-NO-AP-SETTINGS\n", 20);
11099 			reply_len = 20;
11100 		} else if (ret)
11101 			reply_len = -1;
11102 	} else if (os_strncmp(buf, "WPS_ER_LEARN ", 13) == 0) {
11103 		if (wpa_supplicant_ctrl_iface_wps_er_learn(wpa_s, buf + 13))
11104 			reply_len = -1;
11105 	} else if (os_strncmp(buf, "WPS_ER_SET_CONFIG ", 18) == 0) {
11106 		if (wpa_supplicant_ctrl_iface_wps_er_set_config(wpa_s,
11107 								buf + 18))
11108 			reply_len = -1;
11109 	} else if (os_strncmp(buf, "WPS_ER_CONFIG ", 14) == 0) {
11110 		if (wpa_supplicant_ctrl_iface_wps_er_config(wpa_s, buf + 14))
11111 			reply_len = -1;
11112 #ifdef CONFIG_WPS_NFC
11113 	} else if (os_strncmp(buf, "WPS_ER_NFC_CONFIG_TOKEN ", 24) == 0) {
11114 		reply_len = wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
11115 			wpa_s, buf + 24, reply, reply_size);
11116 #endif /* CONFIG_WPS_NFC */
11117 #endif /* CONFIG_WPS_ER */
11118 #endif /* CONFIG_WPS */
11119 #ifdef CONFIG_IBSS_RSN
11120 	} else if (os_strncmp(buf, "IBSS_RSN ", 9) == 0) {
11121 		if (wpa_supplicant_ctrl_iface_ibss_rsn(wpa_s, buf + 9))
11122 			reply_len = -1;
11123 #endif /* CONFIG_IBSS_RSN */
11124 #ifdef CONFIG_MESH
11125 	} else if (os_strncmp(buf, "MESH_INTERFACE_ADD ", 19) == 0) {
11126 		reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add(
11127 			wpa_s, buf + 19, reply, reply_size);
11128 	} else if (os_strcmp(buf, "MESH_INTERFACE_ADD") == 0) {
11129 		reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add(
11130 			wpa_s, "", reply, reply_size);
11131 	} else if (os_strncmp(buf, "MESH_GROUP_ADD ", 15) == 0) {
11132 		if (wpa_supplicant_ctrl_iface_mesh_group_add(wpa_s, buf + 15))
11133 			reply_len = -1;
11134 	} else if (os_strncmp(buf, "MESH_GROUP_REMOVE ", 18) == 0) {
11135 		if (wpa_supplicant_ctrl_iface_mesh_group_remove(wpa_s,
11136 								buf + 18))
11137 			reply_len = -1;
11138 	} else if (os_strncmp(buf, "MESH_PEER_REMOVE ", 17) == 0) {
11139 		if (wpa_supplicant_ctrl_iface_mesh_peer_remove(wpa_s, buf + 17))
11140 			reply_len = -1;
11141 	} else if (os_strncmp(buf, "MESH_PEER_ADD ", 14) == 0) {
11142 		if (wpa_supplicant_ctrl_iface_mesh_peer_add(wpa_s, buf + 14))
11143 			reply_len = -1;
11144 	} else if (os_strncmp(buf, "MESH_LINK_PROBE ", 16) == 0) {
11145 		if (wpa_supplicant_ctrl_iface_mesh_link_probe(wpa_s, buf + 16))
11146 			reply_len = -1;
11147 #endif /* CONFIG_MESH */
11148 #ifdef CONFIG_P2P
11149 	} else if (os_strncmp(buf, "P2P_FIND ", 9) == 0) {
11150 		if (p2p_ctrl_find(wpa_s, buf + 8))
11151 			reply_len = -1;
11152 	} else if (os_strcmp(buf, "P2P_FIND") == 0) {
11153 		if (p2p_ctrl_find(wpa_s, ""))
11154 			reply_len = -1;
11155 	} else if (os_strcmp(buf, "P2P_STOP_FIND") == 0) {
11156 		wpas_p2p_stop_find(wpa_s);
11157 	} else if (os_strncmp(buf, "P2P_ASP_PROVISION ", 18) == 0) {
11158 		if (p2p_ctrl_asp_provision(wpa_s, buf + 18))
11159 			reply_len = -1;
11160 	} else if (os_strncmp(buf, "P2P_ASP_PROVISION_RESP ", 23) == 0) {
11161 		if (p2p_ctrl_asp_provision_resp(wpa_s, buf + 23))
11162 			reply_len = -1;
11163 	} else if (os_strncmp(buf, "P2P_CONNECT ", 12) == 0) {
11164 		reply_len = p2p_ctrl_connect(wpa_s, buf + 12, reply,
11165 					     reply_size);
11166 	} else if (os_strncmp(buf, "P2P_LISTEN ", 11) == 0) {
11167 		if (p2p_ctrl_listen(wpa_s, buf + 11))
11168 			reply_len = -1;
11169 	} else if (os_strcmp(buf, "P2P_LISTEN") == 0) {
11170 		if (p2p_ctrl_listen(wpa_s, ""))
11171 			reply_len = -1;
11172 	} else if (os_strncmp(buf, "P2P_GROUP_REMOVE ", 17) == 0) {
11173 		if (wpas_p2p_group_remove(wpa_s, buf + 17))
11174 			reply_len = -1;
11175 	} else if (os_strcmp(buf, "P2P_GROUP_ADD") == 0) {
11176 		if (p2p_ctrl_group_add(wpa_s, ""))
11177 			reply_len = -1;
11178 	} else if (os_strncmp(buf, "P2P_GROUP_ADD ", 14) == 0) {
11179 		if (p2p_ctrl_group_add(wpa_s, buf + 14))
11180 			reply_len = -1;
11181 	} else if (os_strncmp(buf, "P2P_GROUP_MEMBER ", 17) == 0) {
11182 		reply_len = p2p_ctrl_group_member(wpa_s, buf + 17, reply,
11183 						  reply_size);
11184 	} else if (os_strncmp(buf, "P2P_PROV_DISC ", 14) == 0) {
11185 		if (p2p_ctrl_prov_disc(wpa_s, buf + 14))
11186 			reply_len = -1;
11187 	} else if (os_strcmp(buf, "P2P_GET_PASSPHRASE") == 0) {
11188 		reply_len = p2p_get_passphrase(wpa_s, reply, reply_size);
11189 	} else if (os_strncmp(buf, "P2P_SERV_DISC_REQ ", 18) == 0) {
11190 		reply_len = p2p_ctrl_serv_disc_req(wpa_s, buf + 18, reply,
11191 						   reply_size);
11192 	} else if (os_strncmp(buf, "P2P_SERV_DISC_CANCEL_REQ ", 25) == 0) {
11193 		if (p2p_ctrl_serv_disc_cancel_req(wpa_s, buf + 25) < 0)
11194 			reply_len = -1;
11195 	} else if (os_strncmp(buf, "P2P_SERV_DISC_RESP ", 19) == 0) {
11196 		if (p2p_ctrl_serv_disc_resp(wpa_s, buf + 19) < 0)
11197 			reply_len = -1;
11198 	} else if (os_strcmp(buf, "P2P_SERVICE_UPDATE") == 0) {
11199 		wpas_p2p_sd_service_update(wpa_s);
11200 	} else if (os_strncmp(buf, "P2P_SERV_DISC_EXTERNAL ", 23) == 0) {
11201 		if (p2p_ctrl_serv_disc_external(wpa_s, buf + 23) < 0)
11202 			reply_len = -1;
11203 	} else if (os_strcmp(buf, "P2P_SERVICE_FLUSH") == 0) {
11204 		wpas_p2p_service_flush(wpa_s);
11205 	} else if (os_strncmp(buf, "P2P_SERVICE_ADD ", 16) == 0) {
11206 		if (p2p_ctrl_service_add(wpa_s, buf + 16) < 0)
11207 			reply_len = -1;
11208 	} else if (os_strncmp(buf, "P2P_SERVICE_DEL ", 16) == 0) {
11209 		if (p2p_ctrl_service_del(wpa_s, buf + 16) < 0)
11210 			reply_len = -1;
11211 	} else if (os_strncmp(buf, "P2P_SERVICE_REP ", 16) == 0) {
11212 		if (p2p_ctrl_service_replace(wpa_s, buf + 16) < 0)
11213 			reply_len = -1;
11214 	} else if (os_strncmp(buf, "P2P_REJECT ", 11) == 0) {
11215 		if (p2p_ctrl_reject(wpa_s, buf + 11) < 0)
11216 			reply_len = -1;
11217 	} else if (os_strncmp(buf, "P2P_INVITE ", 11) == 0) {
11218 		if (p2p_ctrl_invite(wpa_s, buf + 11) < 0)
11219 			reply_len = -1;
11220 	} else if (os_strncmp(buf, "P2P_PEER ", 9) == 0) {
11221 		reply_len = p2p_ctrl_peer(wpa_s, buf + 9, reply,
11222 					      reply_size);
11223 	} else if (os_strncmp(buf, "P2P_SET ", 8) == 0) {
11224 		if (p2p_ctrl_set(wpa_s, buf + 8) < 0)
11225 			reply_len = -1;
11226 	} else if (os_strcmp(buf, "P2P_FLUSH") == 0) {
11227 		p2p_ctrl_flush(wpa_s);
11228 	} else if (os_strncmp(buf, "P2P_UNAUTHORIZE ", 16) == 0) {
11229 		if (wpas_p2p_unauthorize(wpa_s, buf + 16) < 0)
11230 			reply_len = -1;
11231 	} else if (os_strcmp(buf, "P2P_CANCEL") == 0) {
11232 		if (wpas_p2p_cancel(wpa_s))
11233 			reply_len = -1;
11234 	} else if (os_strncmp(buf, "P2P_PRESENCE_REQ ", 17) == 0) {
11235 		if (p2p_ctrl_presence_req(wpa_s, buf + 17) < 0)
11236 			reply_len = -1;
11237 	} else if (os_strcmp(buf, "P2P_PRESENCE_REQ") == 0) {
11238 		if (p2p_ctrl_presence_req(wpa_s, "") < 0)
11239 			reply_len = -1;
11240 	} else if (os_strncmp(buf, "P2P_EXT_LISTEN ", 15) == 0) {
11241 		if (p2p_ctrl_ext_listen(wpa_s, buf + 15) < 0)
11242 			reply_len = -1;
11243 	} else if (os_strcmp(buf, "P2P_EXT_LISTEN") == 0) {
11244 		if (p2p_ctrl_ext_listen(wpa_s, "") < 0)
11245 			reply_len = -1;
11246 	} else if (os_strncmp(buf, "P2P_REMOVE_CLIENT ", 18) == 0) {
11247 		if (p2p_ctrl_remove_client(wpa_s, buf + 18) < 0)
11248 			reply_len = -1;
11249 	} else if (os_strncmp(buf, "P2P_LO_START ", 13) == 0) {
11250 		if (p2p_ctrl_iface_p2p_lo_start(wpa_s, buf + 13))
11251 			reply_len = -1;
11252 	} else if (os_strcmp(buf, "P2P_LO_STOP") == 0) {
11253 		if (wpas_p2p_lo_stop(wpa_s))
11254 			reply_len = -1;
11255 #endif /* CONFIG_P2P */
11256 #ifdef CONFIG_WIFI_DISPLAY
11257 	} else if (os_strncmp(buf, "WFD_SUBELEM_SET ", 16) == 0) {
11258 		if (wifi_display_subelem_set(wpa_s->global, buf + 16) < 0)
11259 			reply_len = -1;
11260 	} else if (os_strncmp(buf, "WFD_SUBELEM_GET ", 16) == 0) {
11261 		reply_len = wifi_display_subelem_get(wpa_s->global, buf + 16,
11262 						     reply, reply_size);
11263 #endif /* CONFIG_WIFI_DISPLAY */
11264 #ifdef CONFIG_INTERWORKING
11265 	} else if (os_strcmp(buf, "FETCH_ANQP") == 0) {
11266 		if (interworking_fetch_anqp(wpa_s) < 0)
11267 			reply_len = -1;
11268 	} else if (os_strcmp(buf, "STOP_FETCH_ANQP") == 0) {
11269 		interworking_stop_fetch_anqp(wpa_s);
11270 	} else if (os_strcmp(buf, "INTERWORKING_SELECT") == 0) {
11271 		if (ctrl_interworking_select(wpa_s, NULL) < 0)
11272 			reply_len = -1;
11273 	} else if (os_strncmp(buf, "INTERWORKING_SELECT ", 20) == 0) {
11274 		if (ctrl_interworking_select(wpa_s, buf + 20) < 0)
11275 			reply_len = -1;
11276 	} else if (os_strncmp(buf, "INTERWORKING_CONNECT ", 21) == 0) {
11277 		if (ctrl_interworking_connect(wpa_s, buf + 21, 0) < 0)
11278 			reply_len = -1;
11279 	} else if (os_strncmp(buf, "INTERWORKING_ADD_NETWORK ", 25) == 0) {
11280 		int id;
11281 
11282 		id = ctrl_interworking_connect(wpa_s, buf + 25, 1);
11283 		if (id < 0)
11284 			reply_len = -1;
11285 		else {
11286 			reply_len = os_snprintf(reply, reply_size, "%d\n", id);
11287 			if (os_snprintf_error(reply_size, reply_len))
11288 				reply_len = -1;
11289 		}
11290 	} else if (os_strncmp(buf, "ANQP_GET ", 9) == 0) {
11291 		if (get_anqp(wpa_s, buf + 9) < 0)
11292 			reply_len = -1;
11293 	} else if (os_strncmp(buf, "GAS_REQUEST ", 12) == 0) {
11294 		if (gas_request(wpa_s, buf + 12) < 0)
11295 			reply_len = -1;
11296 	} else if (os_strncmp(buf, "GAS_RESPONSE_GET ", 17) == 0) {
11297 		reply_len = gas_response_get(wpa_s, buf + 17, reply,
11298 					     reply_size);
11299 #endif /* CONFIG_INTERWORKING */
11300 #ifdef CONFIG_HS20
11301 	} else if (os_strncmp(buf, "HS20_ANQP_GET ", 14) == 0) {
11302 		if (get_hs20_anqp(wpa_s, buf + 14) < 0)
11303 			reply_len = -1;
11304 	} else if (os_strncmp(buf, "HS20_GET_NAI_HOME_REALM_LIST ", 29) == 0) {
11305 		if (hs20_get_nai_home_realm_list(wpa_s, buf + 29) < 0)
11306 			reply_len = -1;
11307 	} else if (os_strncmp(buf, "HS20_ICON_REQUEST ", 18) == 0) {
11308 		if (hs20_icon_request(wpa_s, buf + 18, 0) < 0)
11309 			reply_len = -1;
11310 	} else if (os_strncmp(buf, "REQ_HS20_ICON ", 14) == 0) {
11311 		if (hs20_icon_request(wpa_s, buf + 14, 1) < 0)
11312 			reply_len = -1;
11313 	} else if (os_strncmp(buf, "GET_HS20_ICON ", 14) == 0) {
11314 		reply_len = get_hs20_icon(wpa_s, buf + 14, reply, reply_size);
11315 	} else if (os_strncmp(buf, "DEL_HS20_ICON ", 14) == 0) {
11316 		if (del_hs20_icon(wpa_s, buf + 14) < 0)
11317 			reply_len = -1;
11318 	} else if (os_strcmp(buf, "FETCH_OSU") == 0) {
11319 		if (hs20_fetch_osu(wpa_s, 0) < 0)
11320 			reply_len = -1;
11321 	} else if (os_strcmp(buf, "FETCH_OSU no-scan") == 0) {
11322 		if (hs20_fetch_osu(wpa_s, 1) < 0)
11323 			reply_len = -1;
11324 	} else if (os_strcmp(buf, "CANCEL_FETCH_OSU") == 0) {
11325 		hs20_cancel_fetch_osu(wpa_s);
11326 #endif /* CONFIG_HS20 */
11327 	} else if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0)
11328 	{
11329 		if (wpa_supplicant_ctrl_iface_ctrl_rsp(
11330 			    wpa_s, buf + os_strlen(WPA_CTRL_RSP)))
11331 			reply_len = -1;
11332 		else {
11333 			/*
11334 			 * Notify response from timeout to allow the control
11335 			 * interface response to be sent first.
11336 			 */
11337 			eloop_register_timeout(0, 0, wpas_ctrl_eapol_response,
11338 					       wpa_s, NULL);
11339 		}
11340 	} else if (os_strcmp(buf, "RECONFIGURE") == 0) {
11341 		if (wpa_supplicant_reload_configuration(wpa_s))
11342 			reply_len = -1;
11343 	} else if (os_strcmp(buf, "TERMINATE") == 0) {
11344 		wpa_supplicant_terminate_proc(wpa_s->global);
11345 	} else if (os_strncmp(buf, "BSSID ", 6) == 0) {
11346 		if (wpa_supplicant_ctrl_iface_bssid(wpa_s, buf + 6))
11347 			reply_len = -1;
11348 	} else if (os_strncmp(buf, "BSSID_IGNORE", 12) == 0) {
11349 		reply_len = wpa_supplicant_ctrl_iface_bssid_ignore(
11350 			wpa_s, buf + 12, reply, reply_size);
11351 	} else if (os_strncmp(buf, "BLACKLIST", 9) == 0) {
11352 		/* deprecated backwards compatibility alias for BSSID_IGNORE */
11353 		reply_len = wpa_supplicant_ctrl_iface_bssid_ignore(
11354 			wpa_s, buf + 9, reply, reply_size);
11355 	} else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
11356 		reply_len = wpa_supplicant_ctrl_iface_log_level(
11357 			wpa_s, buf + 9, reply, reply_size);
11358 	} else if (os_strncmp(buf, "LIST_NETWORKS ", 14) == 0) {
11359 		reply_len = wpa_supplicant_ctrl_iface_list_networks(
11360 			wpa_s, buf + 14, reply, reply_size);
11361 	} else if (os_strcmp(buf, "LIST_NETWORKS") == 0) {
11362 		reply_len = wpa_supplicant_ctrl_iface_list_networks(
11363 			wpa_s, NULL, reply, reply_size);
11364 	} else if (os_strcmp(buf, "DISCONNECT") == 0) {
11365 		wpas_request_disconnection(wpa_s);
11366 	} else if (os_strcmp(buf, "SCAN") == 0) {
11367 		wpas_ctrl_scan(wpa_s, NULL, reply, reply_size, &reply_len);
11368 	} else if (os_strncmp(buf, "SCAN ", 5) == 0) {
11369 		wpas_ctrl_scan(wpa_s, buf + 5, reply, reply_size, &reply_len);
11370 	} else if (os_strcmp(buf, "SCAN_RESULTS") == 0) {
11371 		reply_len = wpa_supplicant_ctrl_iface_scan_results(
11372 			wpa_s, reply, reply_size);
11373 	} else if (os_strcmp(buf, "ABORT_SCAN") == 0) {
11374 		if (wpas_abort_ongoing_scan(wpa_s) < 0)
11375 			reply_len = -1;
11376 	} else if (os_strncmp(buf, "SELECT_NETWORK ", 15) == 0) {
11377 		if (wpa_supplicant_ctrl_iface_select_network(wpa_s, buf + 15))
11378 			reply_len = -1;
11379 	} else if (os_strncmp(buf, "ENABLE_NETWORK ", 15) == 0) {
11380 		if (wpa_supplicant_ctrl_iface_enable_network(wpa_s, buf + 15))
11381 			reply_len = -1;
11382 	} else if (os_strncmp(buf, "DISABLE_NETWORK ", 16) == 0) {
11383 		if (wpa_supplicant_ctrl_iface_disable_network(wpa_s, buf + 16))
11384 			reply_len = -1;
11385 	} else if (os_strcmp(buf, "ADD_NETWORK") == 0) {
11386 		reply_len = wpa_supplicant_ctrl_iface_add_network(
11387 			wpa_s, reply, reply_size);
11388 	} else if (os_strncmp(buf, "REMOVE_NETWORK ", 15) == 0) {
11389 		if (wpa_supplicant_ctrl_iface_remove_network(wpa_s, buf + 15))
11390 			reply_len = -1;
11391 	} else if (os_strncmp(buf, "SET_NETWORK ", 12) == 0) {
11392 		if (wpa_supplicant_ctrl_iface_set_network(wpa_s, buf + 12))
11393 			reply_len = -1;
11394 	} else if (os_strncmp(buf, "GET_NETWORK ", 12) == 0) {
11395 		reply_len = wpa_supplicant_ctrl_iface_get_network(
11396 			wpa_s, buf + 12, reply, reply_size);
11397 	} else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) {
11398 		if (wpa_supplicant_ctrl_iface_dup_network(wpa_s, buf + 12,
11399 							  wpa_s))
11400 			reply_len = -1;
11401 	} else if (os_strcmp(buf, "LIST_CREDS") == 0) {
11402 		reply_len = wpa_supplicant_ctrl_iface_list_creds(
11403 			wpa_s, reply, reply_size);
11404 	} else if (os_strcmp(buf, "ADD_CRED") == 0) {
11405 		reply_len = wpa_supplicant_ctrl_iface_add_cred(
11406 			wpa_s, reply, reply_size);
11407 	} else if (os_strncmp(buf, "REMOVE_CRED ", 12) == 0) {
11408 		if (wpa_supplicant_ctrl_iface_remove_cred(wpa_s, buf + 12))
11409 			reply_len = -1;
11410 	} else if (os_strncmp(buf, "SET_CRED ", 9) == 0) {
11411 		if (wpa_supplicant_ctrl_iface_set_cred(wpa_s, buf + 9))
11412 			reply_len = -1;
11413 	} else if (os_strncmp(buf, "GET_CRED ", 9) == 0) {
11414 		reply_len = wpa_supplicant_ctrl_iface_get_cred(wpa_s, buf + 9,
11415 							       reply,
11416 							       reply_size);
11417 #ifndef CONFIG_NO_CONFIG_WRITE
11418 	} else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
11419 		if (wpa_supplicant_ctrl_iface_save_config(wpa_s))
11420 			reply_len = -1;
11421 #endif /* CONFIG_NO_CONFIG_WRITE */
11422 	} else if (os_strncmp(buf, "GET_CAPABILITY ", 15) == 0) {
11423 		reply_len = wpa_supplicant_ctrl_iface_get_capability(
11424 			wpa_s, buf + 15, reply, reply_size);
11425 	} else if (os_strncmp(buf, "AP_SCAN ", 8) == 0) {
11426 		if (wpa_supplicant_ctrl_iface_ap_scan(wpa_s, buf + 8))
11427 			reply_len = -1;
11428 	} else if (os_strncmp(buf, "SCAN_INTERVAL ", 14) == 0) {
11429 		if (wpa_supplicant_ctrl_iface_scan_interval(wpa_s, buf + 14))
11430 			reply_len = -1;
11431 	} else if (os_strcmp(buf, "INTERFACE_LIST") == 0) {
11432 		reply_len = wpa_supplicant_global_iface_list(
11433 			wpa_s->global, reply, reply_size);
11434 	} else if (os_strncmp(buf, "INTERFACES", 10) == 0) {
11435 		reply_len = wpa_supplicant_global_iface_interfaces(
11436 			wpa_s->global, buf + 10, reply, reply_size);
11437 	} else if (os_strncmp(buf, "BSS ", 4) == 0) {
11438 		reply_len = wpa_supplicant_ctrl_iface_bss(
11439 			wpa_s, buf + 4, reply, reply_size);
11440 #ifdef CONFIG_AP
11441 	} else if (os_strcmp(buf, "STA-FIRST") == 0) {
11442 		reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
11443 	} else if (os_strncmp(buf, "STA ", 4) == 0) {
11444 		reply_len = ap_ctrl_iface_sta(wpa_s, buf + 4, reply,
11445 					      reply_size);
11446 	} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
11447 		reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
11448 						   reply_size);
11449 	} else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
11450 		if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
11451 			reply_len = -1;
11452 	} else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
11453 		if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
11454 			reply_len = -1;
11455 	} else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) {
11456 		if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12))
11457 			reply_len = -1;
11458 	} else if (os_strcmp(buf, "STOP_AP") == 0) {
11459 		if (wpas_ap_stop_ap(wpa_s))
11460 			reply_len = -1;
11461 #endif /* CONFIG_AP */
11462 	} else if (os_strcmp(buf, "SUSPEND") == 0) {
11463 		wpas_notify_suspend(wpa_s->global);
11464 	} else if (os_strcmp(buf, "RESUME") == 0) {
11465 		wpas_notify_resume(wpa_s->global);
11466 #ifdef CONFIG_TESTING_OPTIONS
11467 	} else if (os_strcmp(buf, "DROP_SA") == 0) {
11468 		wpa_supplicant_ctrl_iface_drop_sa(wpa_s);
11469 #endif /* CONFIG_TESTING_OPTIONS */
11470 	} else if (os_strncmp(buf, "ROAM ", 5) == 0) {
11471 		if (wpa_supplicant_ctrl_iface_roam(wpa_s, buf + 5))
11472 			reply_len = -1;
11473 	} else if (os_strncmp(buf, "STA_AUTOCONNECT ", 16) == 0) {
11474 		wpa_s->auto_reconnect_disabled = atoi(buf + 16) == 0;
11475 	} else if (os_strncmp(buf, "BSS_EXPIRE_AGE ", 15) == 0) {
11476 		if (wpa_supplicant_ctrl_iface_bss_expire_age(wpa_s, buf + 15))
11477 			reply_len = -1;
11478 	} else if (os_strncmp(buf, "BSS_EXPIRE_COUNT ", 17) == 0) {
11479 		if (wpa_supplicant_ctrl_iface_bss_expire_count(wpa_s,
11480 							       buf + 17))
11481 			reply_len = -1;
11482 	} else if (os_strncmp(buf, "BSS_FLUSH ", 10) == 0) {
11483 		wpa_supplicant_ctrl_iface_bss_flush(wpa_s, buf + 10);
11484 #ifdef CONFIG_TDLS
11485 	} else if (os_strncmp(buf, "TDLS_DISCOVER ", 14) == 0) {
11486 		if (wpa_supplicant_ctrl_iface_tdls_discover(wpa_s, buf + 14))
11487 			reply_len = -1;
11488 	} else if (os_strncmp(buf, "TDLS_SETUP ", 11) == 0) {
11489 		if (wpa_supplicant_ctrl_iface_tdls_setup(wpa_s, buf + 11))
11490 			reply_len = -1;
11491 	} else if (os_strncmp(buf, "TDLS_TEARDOWN ", 14) == 0) {
11492 		if (wpa_supplicant_ctrl_iface_tdls_teardown(wpa_s, buf + 14))
11493 			reply_len = -1;
11494 	} else if (os_strncmp(buf, "TDLS_CHAN_SWITCH ", 17) == 0) {
11495 		if (wpa_supplicant_ctrl_iface_tdls_chan_switch(wpa_s,
11496 							       buf + 17))
11497 			reply_len = -1;
11498 	} else if (os_strncmp(buf, "TDLS_CANCEL_CHAN_SWITCH ", 24) == 0) {
11499 		if (wpa_supplicant_ctrl_iface_tdls_cancel_chan_switch(wpa_s,
11500 								      buf + 24))
11501 			reply_len = -1;
11502 	} else if (os_strncmp(buf, "TDLS_LINK_STATUS ", 17) == 0) {
11503 		reply_len = wpa_supplicant_ctrl_iface_tdls_link_status(
11504 			wpa_s, buf + 17, reply, reply_size);
11505 #endif /* CONFIG_TDLS */
11506 	} else if (os_strcmp(buf, "WMM_AC_STATUS") == 0) {
11507 		reply_len = wpas_wmm_ac_status(wpa_s, reply, reply_size);
11508 	} else if (os_strncmp(buf, "WMM_AC_ADDTS ", 13) == 0) {
11509 		if (wmm_ac_ctrl_addts(wpa_s, buf + 13))
11510 			reply_len = -1;
11511 	} else if (os_strncmp(buf, "WMM_AC_DELTS ", 13) == 0) {
11512 		if (wmm_ac_ctrl_delts(wpa_s, buf + 13))
11513 			reply_len = -1;
11514 	} else if (os_strncmp(buf, "SIGNAL_POLL", 11) == 0) {
11515 		reply_len = wpa_supplicant_signal_poll(wpa_s, reply,
11516 						       reply_size);
11517 	} else if (os_strncmp(buf, "SIGNAL_MONITOR", 14) == 0) {
11518 		if (wpas_ctrl_iface_signal_monitor(wpa_s, buf + 14))
11519 			reply_len = -1;
11520 	} else if (os_strncmp(buf, "PKTCNT_POLL", 11) == 0) {
11521 		reply_len = wpa_supplicant_pktcnt_poll(wpa_s, reply,
11522 						       reply_size);
11523 #ifdef CONFIG_AUTOSCAN
11524 	} else if (os_strncmp(buf, "AUTOSCAN ", 9) == 0) {
11525 		if (wpa_supplicant_ctrl_iface_autoscan(wpa_s, buf + 9))
11526 			reply_len = -1;
11527 #endif /* CONFIG_AUTOSCAN */
11528 	} else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) {
11529 		reply_len = wpas_ctrl_iface_driver_flags(wpa_s, reply,
11530 							 reply_size);
11531 	} else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) {
11532 		reply_len = wpas_ctrl_iface_driver_flags2(wpa_s, reply,
11533 							  reply_size);
11534 #ifdef ANDROID
11535 	} else if (os_strncmp(buf, "DRIVER ", 7) == 0) {
11536 		reply_len = wpa_supplicant_driver_cmd(wpa_s, buf + 7, reply,
11537 						      reply_size);
11538 #endif /* ANDROID */
11539 	} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
11540 		reply_len = wpa_supplicant_vendor_cmd(wpa_s, buf + 7, reply,
11541 						      reply_size);
11542 	} else if (os_strcmp(buf, "REAUTHENTICATE") == 0) {
11543 		pmksa_cache_clear_current(wpa_s->wpa);
11544 		eapol_sm_request_reauth(wpa_s->eapol);
11545 #ifdef CONFIG_WNM
11546 	} else if (os_strncmp(buf, "WNM_SLEEP ", 10) == 0) {
11547 		if (wpas_ctrl_iface_wnm_sleep(wpa_s, buf + 10))
11548 			reply_len = -1;
11549 	} else if (os_strncmp(buf, "WNM_BSS_QUERY ", 14) == 0) {
11550 		if (wpas_ctrl_iface_wnm_bss_query(wpa_s, buf + 14))
11551 				reply_len = -1;
11552 	} else if (os_strncmp(buf, "COLOC_INTF_REPORT ", 18) == 0) {
11553 		if (wpas_ctrl_iface_coloc_intf_report(wpa_s, buf + 18))
11554 			reply_len = -1;
11555 #endif /* CONFIG_WNM */
11556 	} else if (os_strcmp(buf, "FLUSH") == 0) {
11557 		wpa_supplicant_ctrl_iface_flush(wpa_s);
11558 	} else if (os_strncmp(buf, "RADIO_WORK ", 11) == 0) {
11559 		reply_len = wpas_ctrl_radio_work(wpa_s, buf + 11, reply,
11560 						 reply_size);
11561 #ifdef CONFIG_TESTING_OPTIONS
11562 	} else if (os_strncmp(buf, "MGMT_TX ", 8) == 0) {
11563 		if (wpas_ctrl_iface_mgmt_tx(wpa_s, buf + 8) < 0)
11564 			reply_len = -1;
11565 	} else if (os_strcmp(buf, "MGMT_TX_DONE") == 0) {
11566 		wpas_ctrl_iface_mgmt_tx_done(wpa_s);
11567 	} else if (os_strncmp(buf, "MGMT_RX_PROCESS ", 16) == 0) {
11568 		if (wpas_ctrl_iface_mgmt_rx_process(wpa_s, buf + 16) < 0)
11569 			reply_len = -1;
11570 	} else if (os_strncmp(buf, "DRIVER_EVENT ", 13) == 0) {
11571 		if (wpas_ctrl_iface_driver_event(wpa_s, buf + 13) < 0)
11572 			reply_len = -1;
11573 	} else if (os_strncmp(buf, "EAPOL_RX ", 9) == 0) {
11574 		if (wpas_ctrl_iface_eapol_rx(wpa_s, buf + 9) < 0)
11575 			reply_len = -1;
11576 	} else if (os_strncmp(buf, "EAPOL_TX ", 9) == 0) {
11577 		if (wpas_ctrl_iface_eapol_tx(wpa_s, buf + 9) < 0)
11578 			reply_len = -1;
11579 	} else if (os_strncmp(buf, "DATA_TEST_CONFIG ", 17) == 0) {
11580 		if (wpas_ctrl_iface_data_test_config(wpa_s, buf + 17) < 0)
11581 			reply_len = -1;
11582 	} else if (os_strncmp(buf, "DATA_TEST_TX ", 13) == 0) {
11583 		if (wpas_ctrl_iface_data_test_tx(wpa_s, buf + 13) < 0)
11584 			reply_len = -1;
11585 	} else if (os_strncmp(buf, "DATA_TEST_FRAME ", 16) == 0) {
11586 		if (wpas_ctrl_iface_data_test_frame(wpa_s, buf + 16) < 0)
11587 			reply_len = -1;
11588 	} else if (os_strncmp(buf, "TEST_ALLOC_FAIL ", 16) == 0) {
11589 		if (wpas_ctrl_test_alloc_fail(wpa_s, buf + 16) < 0)
11590 			reply_len = -1;
11591 	} else if (os_strcmp(buf, "GET_ALLOC_FAIL") == 0) {
11592 		reply_len = wpas_ctrl_get_alloc_fail(wpa_s, reply, reply_size);
11593 	} else if (os_strncmp(buf, "TEST_FAIL ", 10) == 0) {
11594 		if (wpas_ctrl_test_fail(wpa_s, buf + 10) < 0)
11595 			reply_len = -1;
11596 	} else if (os_strcmp(buf, "GET_FAIL") == 0) {
11597 		reply_len = wpas_ctrl_get_fail(wpa_s, reply, reply_size);
11598 	} else if (os_strncmp(buf, "EVENT_TEST ", 11) == 0) {
11599 		if (wpas_ctrl_event_test(wpa_s, buf + 11) < 0)
11600 			reply_len = -1;
11601 	} else if (os_strncmp(buf, "TEST_ASSOC_IE ", 14) == 0) {
11602 		if (wpas_ctrl_test_assoc_ie(wpa_s, buf + 14) < 0)
11603 			reply_len = -1;
11604 	} else if (os_strcmp(buf, "RESET_PN") == 0) {
11605 		if (wpas_ctrl_reset_pn(wpa_s) < 0)
11606 			reply_len = -1;
11607 	} else if (os_strncmp(buf, "KEY_REQUEST ", 12) == 0) {
11608 		if (wpas_ctrl_key_request(wpa_s, buf + 12) < 0)
11609 			reply_len = -1;
11610 	} else if (os_strcmp(buf, "RESEND_ASSOC") == 0) {
11611 		if (wpas_ctrl_resend_assoc(wpa_s) < 0)
11612 			reply_len = -1;
11613 	} else if (os_strcmp(buf, "UNPROT_DEAUTH") == 0) {
11614 		sme_event_unprot_disconnect(
11615 			wpa_s, wpa_s->bssid, NULL,
11616 			WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
11617 	} else if (os_strncmp(buf, "TWT_SETUP ", 10) == 0) {
11618 		if (wpas_ctrl_iface_send_twt_setup(wpa_s, buf + 9))
11619 			reply_len = -1;
11620 	} else if (os_strcmp(buf, "TWT_SETUP") == 0) {
11621 		if (wpas_ctrl_iface_send_twt_setup(wpa_s, ""))
11622 			reply_len = -1;
11623 	} else if (os_strncmp(buf, "TWT_TEARDOWN ", 13) == 0) {
11624 		if (wpas_ctrl_iface_send_twt_teardown(wpa_s, buf + 12))
11625 			reply_len = -1;
11626 	} else if (os_strcmp(buf, "TWT_TEARDOWN") == 0) {
11627 		if (wpas_ctrl_iface_send_twt_teardown(wpa_s, ""))
11628 			reply_len = -1;
11629 #endif /* CONFIG_TESTING_OPTIONS */
11630 	} else if (os_strncmp(buf, "VENDOR_ELEM_ADD ", 16) == 0) {
11631 		if (wpas_ctrl_vendor_elem_add(wpa_s, buf + 16) < 0)
11632 			reply_len = -1;
11633 	} else if (os_strncmp(buf, "VENDOR_ELEM_GET ", 16) == 0) {
11634 		reply_len = wpas_ctrl_vendor_elem_get(wpa_s, buf + 16, reply,
11635 						      reply_size);
11636 	} else if (os_strncmp(buf, "VENDOR_ELEM_REMOVE ", 19) == 0) {
11637 		if (wpas_ctrl_vendor_elem_remove(wpa_s, buf + 19) < 0)
11638 			reply_len = -1;
11639 	} else if (os_strncmp(buf, "NEIGHBOR_REP_REQUEST", 20) == 0) {
11640 		if (wpas_ctrl_iface_send_neighbor_rep(wpa_s, buf + 20))
11641 			reply_len = -1;
11642 	} else if (os_strcmp(buf, "ERP_FLUSH") == 0) {
11643 		wpas_ctrl_iface_erp_flush(wpa_s);
11644 	} else if (os_strncmp(buf, "MAC_RAND_SCAN ", 14) == 0) {
11645 		if (wpas_ctrl_iface_mac_rand_scan(wpa_s, buf + 14))
11646 			reply_len = -1;
11647 	} else if (os_strncmp(buf, "GET_PREF_FREQ_LIST ", 19) == 0) {
11648 		reply_len = wpas_ctrl_iface_get_pref_freq_list(
11649 			wpa_s, buf + 19, reply, reply_size);
11650 #ifdef CONFIG_FILS
11651 	} else if (os_strncmp(buf, "FILS_HLP_REQ_ADD ", 17) == 0) {
11652 		if (wpas_ctrl_iface_fils_hlp_req_add(wpa_s, buf + 17))
11653 			reply_len = -1;
11654 	} else if (os_strcmp(buf, "FILS_HLP_REQ_FLUSH") == 0) {
11655 		wpas_flush_fils_hlp_req(wpa_s);
11656 #endif /* CONFIG_FILS */
11657 #ifdef CONFIG_DPP
11658 	} else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {
11659 		int res;
11660 
11661 		res = wpas_dpp_qr_code(wpa_s, buf + 12);
11662 		if (res < 0) {
11663 			reply_len = -1;
11664 		} else {
11665 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11666 			if (os_snprintf_error(reply_size, reply_len))
11667 				reply_len = -1;
11668 		}
11669 	} else if (os_strncmp(buf, "DPP_NFC_URI ", 12) == 0) {
11670 		int res;
11671 
11672 		res = wpas_dpp_nfc_uri(wpa_s, buf + 12);
11673 		if (res < 0) {
11674 			reply_len = -1;
11675 		} else {
11676 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11677 			if (os_snprintf_error(reply_size, reply_len))
11678 				reply_len = -1;
11679 		}
11680 	} else if (os_strncmp(buf, "DPP_NFC_HANDOVER_REQ ", 21) == 0) {
11681 		int res;
11682 
11683 		res = wpas_dpp_nfc_handover_req(wpa_s, buf + 20);
11684 		if (res < 0) {
11685 			reply_len = -1;
11686 		} else {
11687 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11688 			if (os_snprintf_error(reply_size, reply_len))
11689 				reply_len = -1;
11690 		}
11691 	} else if (os_strncmp(buf, "DPP_NFC_HANDOVER_SEL ", 21) == 0) {
11692 		int res;
11693 
11694 		res = wpas_dpp_nfc_handover_sel(wpa_s, buf + 20);
11695 		if (res < 0) {
11696 			reply_len = -1;
11697 		} else {
11698 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11699 			if (os_snprintf_error(reply_size, reply_len))
11700 				reply_len = -1;
11701 		}
11702 	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_GEN ", 18) == 0) {
11703 		int res;
11704 
11705 		res = dpp_bootstrap_gen(wpa_s->dpp, buf + 18);
11706 		if (res < 0) {
11707 			reply_len = -1;
11708 		} else {
11709 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11710 			if (os_snprintf_error(reply_size, reply_len))
11711 				reply_len = -1;
11712 		}
11713 	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_REMOVE ", 21) == 0) {
11714 		if (dpp_bootstrap_remove(wpa_s->dpp, buf + 21) < 0)
11715 			reply_len = -1;
11716 	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_GET_URI ", 22) == 0) {
11717 		const char *uri;
11718 
11719 		uri = dpp_bootstrap_get_uri(wpa_s->dpp, atoi(buf + 22));
11720 		if (!uri) {
11721 			reply_len = -1;
11722 		} else {
11723 			reply_len = os_snprintf(reply, reply_size, "%s", uri);
11724 			if (os_snprintf_error(reply_size, reply_len))
11725 				reply_len = -1;
11726 		}
11727 	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_INFO ", 19) == 0) {
11728 		reply_len = dpp_bootstrap_info(wpa_s->dpp, atoi(buf + 19),
11729 					       reply, reply_size);
11730 	} else if (os_strncmp(buf, "DPP_BOOTSTRAP_SET ", 18) == 0) {
11731 		if (dpp_bootstrap_set(wpa_s->dpp, atoi(buf + 18),
11732 				      os_strchr(buf + 18, ' ')) < 0)
11733 			reply_len = -1;
11734 	} else if (os_strncmp(buf, "DPP_AUTH_INIT ", 14) == 0) {
11735 		if (wpas_dpp_auth_init(wpa_s, buf + 13) < 0)
11736 			reply_len = -1;
11737 	} else if (os_strncmp(buf, "DPP_LISTEN ", 11) == 0) {
11738 		if (wpas_dpp_listen(wpa_s, buf + 11) < 0)
11739 			reply_len = -1;
11740 	} else if (os_strcmp(buf, "DPP_STOP_LISTEN") == 0) {
11741 		wpas_dpp_stop(wpa_s);
11742 		wpas_dpp_listen_stop(wpa_s);
11743 	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_ADD", 20) == 0) {
11744 		int res;
11745 
11746 		res = dpp_configurator_add(wpa_s->dpp, buf + 20);
11747 		if (res < 0) {
11748 			reply_len = -1;
11749 		} else {
11750 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11751 			if (os_snprintf_error(reply_size, reply_len))
11752 				reply_len = -1;
11753 		}
11754 	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_REMOVE ", 24) == 0) {
11755 		if (dpp_configurator_remove(wpa_s->dpp, buf + 24) < 0)
11756 			reply_len = -1;
11757 	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_SIGN ", 22) == 0) {
11758 		if (wpas_dpp_configurator_sign(wpa_s, buf + 21) < 0)
11759 			reply_len = -1;
11760 	} else if (os_strncmp(buf, "DPP_CONFIGURATOR_GET_KEY ", 25) == 0) {
11761 		reply_len = dpp_configurator_get_key_id(wpa_s->dpp,
11762 							atoi(buf + 25),
11763 							reply, reply_size);
11764 	} else if (os_strncmp(buf, "DPP_PKEX_ADD ", 13) == 0) {
11765 		int res;
11766 
11767 		res = wpas_dpp_pkex_add(wpa_s, buf + 12);
11768 		if (res < 0) {
11769 			reply_len = -1;
11770 		} else {
11771 			reply_len = os_snprintf(reply, reply_size, "%d", res);
11772 			if (os_snprintf_error(reply_size, reply_len))
11773 				reply_len = -1;
11774 		}
11775 	} else if (os_strncmp(buf, "DPP_PKEX_REMOVE ", 16) == 0) {
11776 		if (wpas_dpp_pkex_remove(wpa_s, buf + 16) < 0)
11777 			reply_len = -1;
11778 #ifdef CONFIG_DPP2
11779 	} else if (os_strncmp(buf, "DPP_CONTROLLER_START ", 21) == 0) {
11780 		if (wpas_dpp_controller_start(wpa_s, buf + 20) < 0)
11781 			reply_len = -1;
11782 	} else if (os_strcmp(buf, "DPP_CONTROLLER_START") == 0) {
11783 		if (wpas_dpp_controller_start(wpa_s, NULL) < 0)
11784 			reply_len = -1;
11785 	} else if (os_strcmp(buf, "DPP_CONTROLLER_STOP") == 0) {
11786 		dpp_controller_stop(wpa_s->dpp);
11787 	} else if (os_strncmp(buf, "DPP_CHIRP ", 10) == 0) {
11788 		if (wpas_dpp_chirp(wpa_s, buf + 9) < 0)
11789 			reply_len = -1;
11790 	} else if (os_strcmp(buf, "DPP_STOP_CHIRP") == 0) {
11791 		wpas_dpp_chirp_stop(wpa_s);
11792 	} else if (os_strncmp(buf, "DPP_RECONFIG ", 13) == 0) {
11793 		if (wpas_dpp_reconfig(wpa_s, buf + 13) < 0)
11794 			reply_len = -1;
11795 	} else if (os_strncmp(buf, "DPP_CA_SET ", 11) == 0) {
11796 		if (wpas_dpp_ca_set(wpa_s, buf + 10) < 0)
11797 			reply_len = -1;
11798 #endif /* CONFIG_DPP2 */
11799 #endif /* CONFIG_DPP */
11800 	} else if (os_strncmp(buf, "MSCS ", 5) == 0) {
11801 		if (wpas_ctrl_iface_configure_mscs(wpa_s, buf + 5))
11802 			reply_len = -1;
11803 #ifdef CONFIG_PASN
11804 	} else if (os_strncmp(buf, "PASN_START ", 11) == 0) {
11805 		if (wpas_ctrl_iface_pasn_start(wpa_s, buf + 11) < 0)
11806 			reply_len = -1;
11807 	} else if (os_strcmp(buf, "PASN_STOP") == 0) {
11808 		wpas_pasn_auth_stop(wpa_s);
11809 	} else if (os_strcmp(buf, "PTKSA_CACHE_LIST") == 0) {
11810 		reply_len = ptksa_cache_list(wpa_s->ptksa, reply, reply_size);
11811 	} else if (os_strncmp(buf, "PASN_DEAUTH ", 12) == 0) {
11812 		if (wpas_ctrl_iface_pasn_deauthenticate(wpa_s, buf + 12) < 0)
11813 			reply_len = -1;
11814 #endif /* CONFIG_PASN */
11815 	} else {
11816 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
11817 		reply_len = 16;
11818 	}
11819 
11820 	if (reply_len < 0) {
11821 		os_memcpy(reply, "FAIL\n", 5);
11822 		reply_len = 5;
11823 	}
11824 
11825 	*resp_len = reply_len;
11826 	return reply;
11827 }
11828 
11829 
11830 static int wpa_supplicant_global_iface_add(struct wpa_global *global,
11831 					   char *cmd)
11832 {
11833 	struct wpa_interface iface;
11834 	char *pos, *extra;
11835 	struct wpa_supplicant *wpa_s;
11836 	unsigned int create_iface = 0;
11837 	u8 mac_addr[ETH_ALEN];
11838 	enum wpa_driver_if_type type = WPA_IF_STATION;
11839 
11840 	/*
11841 	 * <ifname>TAB<confname>TAB<driver>TAB<ctrl_interface>TAB<driver_param>
11842 	 * TAB<bridge_ifname>[TAB<create>[TAB<interface_type>]]
11843 	 */
11844 	wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_ADD '%s'", cmd);
11845 
11846 	os_memset(&iface, 0, sizeof(iface));
11847 
11848 	do {
11849 		iface.ifname = pos = cmd;
11850 		pos = os_strchr(pos, '\t');
11851 		if (pos)
11852 			*pos++ = '\0';
11853 		if (iface.ifname[0] == '\0')
11854 			return -1;
11855 		if (pos == NULL)
11856 			break;
11857 
11858 		iface.confname = pos;
11859 		pos = os_strchr(pos, '\t');
11860 		if (pos)
11861 			*pos++ = '\0';
11862 		if (iface.confname[0] == '\0')
11863 			iface.confname = NULL;
11864 		if (pos == NULL)
11865 			break;
11866 
11867 		iface.driver = pos;
11868 		pos = os_strchr(pos, '\t');
11869 		if (pos)
11870 			*pos++ = '\0';
11871 		if (iface.driver[0] == '\0')
11872 			iface.driver = NULL;
11873 		if (pos == NULL)
11874 			break;
11875 
11876 		iface.ctrl_interface = pos;
11877 		pos = os_strchr(pos, '\t');
11878 		if (pos)
11879 			*pos++ = '\0';
11880 		if (iface.ctrl_interface[0] == '\0')
11881 			iface.ctrl_interface = NULL;
11882 		if (pos == NULL)
11883 			break;
11884 
11885 		iface.driver_param = pos;
11886 		pos = os_strchr(pos, '\t');
11887 		if (pos)
11888 			*pos++ = '\0';
11889 		if (iface.driver_param[0] == '\0')
11890 			iface.driver_param = NULL;
11891 		if (pos == NULL)
11892 			break;
11893 
11894 		iface.bridge_ifname = pos;
11895 		pos = os_strchr(pos, '\t');
11896 		if (pos)
11897 			*pos++ = '\0';
11898 		if (iface.bridge_ifname[0] == '\0')
11899 			iface.bridge_ifname = NULL;
11900 		if (pos == NULL)
11901 			break;
11902 
11903 		extra = pos;
11904 		pos = os_strchr(pos, '\t');
11905 		if (pos)
11906 			*pos++ = '\0';
11907 		if (!extra[0])
11908 			break;
11909 
11910 		if (os_strcmp(extra, "create") == 0) {
11911 			create_iface = 1;
11912 			if (!pos)
11913 				break;
11914 
11915 			if (os_strcmp(pos, "sta") == 0) {
11916 				type = WPA_IF_STATION;
11917 			} else if (os_strcmp(pos, "ap") == 0) {
11918 				type = WPA_IF_AP_BSS;
11919 			} else {
11920 				wpa_printf(MSG_DEBUG,
11921 					   "INTERFACE_ADD unsupported interface type: '%s'",
11922 					   pos);
11923 				return -1;
11924 			}
11925 		} else {
11926 			wpa_printf(MSG_DEBUG,
11927 				   "INTERFACE_ADD unsupported extra parameter: '%s'",
11928 				   extra);
11929 			return -1;
11930 		}
11931 	} while (0);
11932 
11933 	if (create_iface) {
11934 		wpa_printf(MSG_DEBUG, "CTRL_IFACE creating interface '%s'",
11935 			   iface.ifname);
11936 		if (!global->ifaces)
11937 			return -1;
11938 		if (wpa_drv_if_add(global->ifaces, type, iface.ifname,
11939 				   NULL, NULL, NULL, mac_addr, NULL) < 0) {
11940 			wpa_printf(MSG_ERROR,
11941 				   "CTRL_IFACE interface creation failed");
11942 			return -1;
11943 		}
11944 
11945 		wpa_printf(MSG_DEBUG,
11946 			   "CTRL_IFACE interface '%s' created with MAC addr: "
11947 			   MACSTR, iface.ifname, MAC2STR(mac_addr));
11948 	}
11949 
11950 	if (wpa_supplicant_get_iface(global, iface.ifname))
11951 		goto fail;
11952 
11953 	wpa_s = wpa_supplicant_add_iface(global, &iface, NULL);
11954 	if (!wpa_s)
11955 		goto fail;
11956 	wpa_s->added_vif = create_iface;
11957 	return 0;
11958 
11959 fail:
11960 	if (create_iface)
11961 		wpa_drv_if_remove(global->ifaces, WPA_IF_STATION, iface.ifname);
11962 	return -1;
11963 }
11964 
11965 
11966 static int wpa_supplicant_global_iface_remove(struct wpa_global *global,
11967 					      char *cmd)
11968 {
11969 	struct wpa_supplicant *wpa_s;
11970 	int ret;
11971 	unsigned int delete_iface;
11972 
11973 	wpa_printf(MSG_DEBUG, "CTRL_IFACE GLOBAL INTERFACE_REMOVE '%s'", cmd);
11974 
11975 	wpa_s = wpa_supplicant_get_iface(global, cmd);
11976 	if (wpa_s == NULL)
11977 		return -1;
11978 	delete_iface = wpa_s->added_vif;
11979 	ret = wpa_supplicant_remove_iface(global, wpa_s, 0);
11980 	if (!ret && delete_iface) {
11981 		wpa_printf(MSG_DEBUG, "CTRL_IFACE deleting the interface '%s'",
11982 			   cmd);
11983 		ret = wpa_drv_if_remove(global->ifaces, WPA_IF_STATION, cmd);
11984 	}
11985 	return ret;
11986 }
11987 
11988 
11989 static void wpa_free_iface_info(struct wpa_interface_info *iface)
11990 {
11991 	struct wpa_interface_info *prev;
11992 
11993 	while (iface) {
11994 		prev = iface;
11995 		iface = iface->next;
11996 
11997 		os_free(prev->ifname);
11998 		os_free(prev->desc);
11999 		os_free(prev);
12000 	}
12001 }
12002 
12003 
12004 static int wpa_supplicant_global_iface_list(struct wpa_global *global,
12005 					    char *buf, int len)
12006 {
12007 	int i, res;
12008 	struct wpa_interface_info *iface = NULL, *last = NULL, *tmp;
12009 	char *pos, *end;
12010 
12011 	for (i = 0; wpa_drivers[i]; i++) {
12012 		const struct wpa_driver_ops *drv = wpa_drivers[i];
12013 		if (drv->get_interfaces == NULL)
12014 			continue;
12015 		tmp = drv->get_interfaces(global->drv_priv[i]);
12016 		if (tmp == NULL)
12017 			continue;
12018 
12019 		if (last == NULL)
12020 			iface = last = tmp;
12021 		else
12022 			last->next = tmp;
12023 		while (last->next)
12024 			last = last->next;
12025 	}
12026 
12027 	pos = buf;
12028 	end = buf + len;
12029 	for (tmp = iface; tmp; tmp = tmp->next) {
12030 		res = os_snprintf(pos, end - pos, "%s\t%s\t%s\n",
12031 				  tmp->drv_name, tmp->ifname,
12032 				  tmp->desc ? tmp->desc : "");
12033 		if (os_snprintf_error(end - pos, res)) {
12034 			*pos = '\0';
12035 			break;
12036 		}
12037 		pos += res;
12038 	}
12039 
12040 	wpa_free_iface_info(iface);
12041 
12042 	return pos - buf;
12043 }
12044 
12045 
12046 static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
12047 						  const char *input,
12048 						  char *buf, int len)
12049 {
12050 	int res;
12051 	char *pos, *end;
12052 	struct wpa_supplicant *wpa_s;
12053 	int show_ctrl = 0;
12054 
12055 	if (input)
12056 		show_ctrl = !!os_strstr(input, "ctrl");
12057 
12058 	wpa_s = global->ifaces;
12059 	pos = buf;
12060 	end = buf + len;
12061 
12062 	while (wpa_s) {
12063 		if (show_ctrl)
12064 			res = os_snprintf(pos, end - pos, "%s ctrl_iface=%s\n",
12065 					  wpa_s->ifname,
12066 					  wpa_s->conf->ctrl_interface ?
12067 					  wpa_s->conf->ctrl_interface : "N/A");
12068 		else
12069 			res = os_snprintf(pos, end - pos, "%s\n",
12070 					  wpa_s->ifname);
12071 
12072 		if (os_snprintf_error(end - pos, res)) {
12073 			*pos = '\0';
12074 			break;
12075 		}
12076 		pos += res;
12077 		wpa_s = wpa_s->next;
12078 	}
12079 	return pos - buf;
12080 }
12081 
12082 
12083 static char * wpas_global_ctrl_iface_ifname(struct wpa_global *global,
12084 					    const char *ifname,
12085 					    char *cmd, size_t *resp_len)
12086 {
12087 	struct wpa_supplicant *wpa_s;
12088 
12089 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
12090 		if (os_strcmp(ifname, wpa_s->ifname) == 0)
12091 			break;
12092 	}
12093 
12094 	if (wpa_s == NULL) {
12095 		char *resp = os_strdup("FAIL-NO-IFNAME-MATCH\n");
12096 		if (resp)
12097 			*resp_len = os_strlen(resp);
12098 		else
12099 			*resp_len = 1;
12100 		return resp;
12101 	}
12102 
12103 	return wpa_supplicant_ctrl_iface_process(wpa_s, cmd, resp_len);
12104 }
12105 
12106 
12107 static char * wpas_global_ctrl_iface_redir_p2p(struct wpa_global *global,
12108 					       char *buf, size_t *resp_len)
12109 {
12110 #ifdef CONFIG_P2P
12111 	static const char * cmd[] = {
12112 		"LIST_NETWORKS",
12113 		"P2P_FIND",
12114 		"P2P_STOP_FIND",
12115 		"P2P_LISTEN",
12116 		"P2P_GROUP_ADD",
12117 		"P2P_GET_PASSPHRASE",
12118 		"P2P_SERVICE_UPDATE",
12119 		"P2P_SERVICE_FLUSH",
12120 		"P2P_FLUSH",
12121 		"P2P_CANCEL",
12122 		"P2P_PRESENCE_REQ",
12123 		"P2P_EXT_LISTEN",
12124 #ifdef CONFIG_AP
12125 		"STA-FIRST",
12126 #endif /* CONFIG_AP */
12127 		NULL
12128 	};
12129 	static const char * prefix[] = {
12130 #ifdef ANDROID
12131 		"DRIVER ",
12132 #endif /* ANDROID */
12133 		"GET_CAPABILITY ",
12134 		"GET_NETWORK ",
12135 		"REMOVE_NETWORK ",
12136 		"P2P_FIND ",
12137 		"P2P_CONNECT ",
12138 		"P2P_LISTEN ",
12139 		"P2P_GROUP_REMOVE ",
12140 		"P2P_GROUP_ADD ",
12141 		"P2P_GROUP_MEMBER ",
12142 		"P2P_PROV_DISC ",
12143 		"P2P_SERV_DISC_REQ ",
12144 		"P2P_SERV_DISC_CANCEL_REQ ",
12145 		"P2P_SERV_DISC_RESP ",
12146 		"P2P_SERV_DISC_EXTERNAL ",
12147 		"P2P_SERVICE_ADD ",
12148 		"P2P_SERVICE_DEL ",
12149 		"P2P_SERVICE_REP ",
12150 		"P2P_REJECT ",
12151 		"P2P_INVITE ",
12152 		"P2P_PEER ",
12153 		"P2P_SET ",
12154 		"P2P_UNAUTHORIZE ",
12155 		"P2P_PRESENCE_REQ ",
12156 		"P2P_EXT_LISTEN ",
12157 		"P2P_REMOVE_CLIENT ",
12158 		"WPS_NFC_TOKEN ",
12159 		"WPS_NFC_TAG_READ ",
12160 		"NFC_GET_HANDOVER_SEL ",
12161 		"NFC_GET_HANDOVER_REQ ",
12162 		"NFC_REPORT_HANDOVER ",
12163 		"P2P_ASP_PROVISION ",
12164 		"P2P_ASP_PROVISION_RESP ",
12165 #ifdef CONFIG_AP
12166 		"STA ",
12167 		"STA-NEXT ",
12168 #endif /* CONFIG_AP */
12169 		NULL
12170 	};
12171 	int found = 0;
12172 	int i;
12173 
12174 	if (global->p2p_init_wpa_s == NULL)
12175 		return NULL;
12176 
12177 	for (i = 0; !found && cmd[i]; i++) {
12178 		if (os_strcmp(buf, cmd[i]) == 0)
12179 			found = 1;
12180 	}
12181 
12182 	for (i = 0; !found && prefix[i]; i++) {
12183 		if (os_strncmp(buf, prefix[i], os_strlen(prefix[i])) == 0)
12184 			found = 1;
12185 	}
12186 
12187 	if (found)
12188 		return wpa_supplicant_ctrl_iface_process(global->p2p_init_wpa_s,
12189 							 buf, resp_len);
12190 #endif /* CONFIG_P2P */
12191 	return NULL;
12192 }
12193 
12194 
12195 static char * wpas_global_ctrl_iface_redir_wfd(struct wpa_global *global,
12196 					       char *buf, size_t *resp_len)
12197 {
12198 #ifdef CONFIG_WIFI_DISPLAY
12199 	if (global->p2p_init_wpa_s == NULL)
12200 		return NULL;
12201 	if (os_strncmp(buf, "WFD_SUBELEM_SET ", 16) == 0 ||
12202 	    os_strncmp(buf, "WFD_SUBELEM_GET ", 16) == 0)
12203 		return wpa_supplicant_ctrl_iface_process(global->p2p_init_wpa_s,
12204 							 buf, resp_len);
12205 #endif /* CONFIG_WIFI_DISPLAY */
12206 	return NULL;
12207 }
12208 
12209 
12210 static char * wpas_global_ctrl_iface_redir(struct wpa_global *global,
12211 					   char *buf, size_t *resp_len)
12212 {
12213 	char *ret;
12214 
12215 	ret = wpas_global_ctrl_iface_redir_p2p(global, buf, resp_len);
12216 	if (ret)
12217 		return ret;
12218 
12219 	ret = wpas_global_ctrl_iface_redir_wfd(global, buf, resp_len);
12220 	if (ret)
12221 		return ret;
12222 
12223 	return NULL;
12224 }
12225 
12226 
12227 static int wpas_global_ctrl_iface_set(struct wpa_global *global, char *cmd)
12228 {
12229 	char *value;
12230 
12231 	value = os_strchr(cmd, ' ');
12232 	if (value == NULL)
12233 		return -1;
12234 	*value++ = '\0';
12235 
12236 	wpa_printf(MSG_DEBUG, "GLOBAL_CTRL_IFACE SET '%s'='%s'", cmd, value);
12237 
12238 #ifdef CONFIG_WIFI_DISPLAY
12239 	if (os_strcasecmp(cmd, "wifi_display") == 0) {
12240 		wifi_display_enable(global, !!atoi(value));
12241 		return 0;
12242 	}
12243 #endif /* CONFIG_WIFI_DISPLAY */
12244 
12245 	/* Restore cmd to its original value to allow redirection */
12246 	value[-1] = ' ';
12247 
12248 	return -1;
12249 }
12250 
12251 
12252 static int wpas_global_ctrl_iface_dup_network(struct wpa_global *global,
12253 					      char *cmd)
12254 {
12255 	struct wpa_supplicant *wpa_s[2]; /* src, dst */
12256 	char *p;
12257 	unsigned int i;
12258 
12259 	/* cmd: "<src ifname> <dst ifname> <src network id> <dst network id>
12260 	 * <variable name> */
12261 
12262 	for (i = 0; i < ARRAY_SIZE(wpa_s) ; i++) {
12263 		p = os_strchr(cmd, ' ');
12264 		if (p == NULL)
12265 			return -1;
12266 		*p = '\0';
12267 
12268 		wpa_s[i] = global->ifaces;
12269 		for (; wpa_s[i]; wpa_s[i] = wpa_s[i]->next) {
12270 			if (os_strcmp(cmd, wpa_s[i]->ifname) == 0)
12271 				break;
12272 		}
12273 
12274 		if (!wpa_s[i]) {
12275 			wpa_printf(MSG_DEBUG,
12276 				   "CTRL_IFACE: Could not find iface=%s", cmd);
12277 			return -1;
12278 		}
12279 
12280 		cmd = p + 1;
12281 	}
12282 
12283 	return wpa_supplicant_ctrl_iface_dup_network(wpa_s[0], cmd, wpa_s[1]);
12284 }
12285 
12286 
12287 #ifndef CONFIG_NO_CONFIG_WRITE
12288 static int wpas_global_ctrl_iface_save_config(struct wpa_global *global)
12289 {
12290 	int ret = 0, saved = 0;
12291 	struct wpa_supplicant *wpa_s;
12292 
12293 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
12294 		if (!wpa_s->conf->update_config) {
12295 			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Not allowed to update configuration (update_config=0)");
12296 			continue;
12297 		}
12298 
12299 		if (wpa_config_write(wpa_s->confname, wpa_s->conf)) {
12300 			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Failed to update configuration");
12301 			ret = 1;
12302 		} else {
12303 			wpa_dbg(wpa_s, MSG_DEBUG, "CTRL_IFACE: SAVE_CONFIG - Configuration updated");
12304 			saved++;
12305 		}
12306 	}
12307 
12308 	if (!saved && !ret) {
12309 		wpa_dbg(wpa_s, MSG_DEBUG,
12310 			"CTRL_IFACE: SAVE_CONFIG - No configuration files could be updated");
12311 		ret = 1;
12312 	}
12313 
12314 	return ret;
12315 }
12316 #endif /* CONFIG_NO_CONFIG_WRITE */
12317 
12318 
12319 static int wpas_global_ctrl_iface_status(struct wpa_global *global,
12320 					 char *buf, size_t buflen)
12321 {
12322 	char *pos, *end;
12323 	int ret;
12324 	struct wpa_supplicant *wpa_s;
12325 
12326 	pos = buf;
12327 	end = buf + buflen;
12328 
12329 #ifdef CONFIG_P2P
12330 	if (global->p2p && !global->p2p_disabled) {
12331 		ret = os_snprintf(pos, end - pos, "p2p_device_address=" MACSTR
12332 				  "\n"
12333 				  "p2p_state=%s\n",
12334 				  MAC2STR(global->p2p_dev_addr),
12335 				  p2p_get_state_txt(global->p2p));
12336 		if (os_snprintf_error(end - pos, ret))
12337 			return pos - buf;
12338 		pos += ret;
12339 	} else if (global->p2p) {
12340 		ret = os_snprintf(pos, end - pos, "p2p_state=DISABLED\n");
12341 		if (os_snprintf_error(end - pos, ret))
12342 			return pos - buf;
12343 		pos += ret;
12344 	}
12345 #endif /* CONFIG_P2P */
12346 
12347 #ifdef CONFIG_WIFI_DISPLAY
12348 	ret = os_snprintf(pos, end - pos, "wifi_display=%d\n",
12349 			  !!global->wifi_display);
12350 	if (os_snprintf_error(end - pos, ret))
12351 		return pos - buf;
12352 	pos += ret;
12353 #endif /* CONFIG_WIFI_DISPLAY */
12354 
12355 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
12356 		ret = os_snprintf(pos, end - pos, "ifname=%s\n"
12357 				  "address=" MACSTR "\n",
12358 				  wpa_s->ifname, MAC2STR(wpa_s->own_addr));
12359 		if (os_snprintf_error(end - pos, ret))
12360 			return pos - buf;
12361 		pos += ret;
12362 	}
12363 
12364 	return pos - buf;
12365 }
12366 
12367 
12368 #ifdef CONFIG_FST
12369 
12370 static int wpas_global_ctrl_iface_fst_attach(struct wpa_global *global,
12371 					     char *cmd, char *buf,
12372 					     size_t reply_size)
12373 {
12374 	char ifname[IFNAMSIZ + 1];
12375 	struct fst_iface_cfg cfg;
12376 	struct wpa_supplicant *wpa_s;
12377 	struct fst_wpa_obj iface_obj;
12378 
12379 	if (!fst_parse_attach_command(cmd, ifname, sizeof(ifname), &cfg)) {
12380 		wpa_s = wpa_supplicant_get_iface(global, ifname);
12381 		if (wpa_s) {
12382 			if (wpa_s->fst) {
12383 				wpa_printf(MSG_INFO, "FST: Already attached");
12384 				return -1;
12385 			}
12386 			fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
12387 			wpa_s->fst = fst_attach(ifname, wpa_s->own_addr,
12388 						&iface_obj, &cfg);
12389 			if (wpa_s->fst)
12390 				return os_snprintf(buf, reply_size, "OK\n");
12391 		}
12392 	}
12393 
12394 	return -1;
12395 }
12396 
12397 
12398 static int wpas_global_ctrl_iface_fst_detach(struct wpa_global *global,
12399 					     char *cmd, char *buf,
12400 					     size_t reply_size)
12401 {
12402 	char ifname[IFNAMSIZ + 1];
12403 	struct wpa_supplicant *wpa_s;
12404 
12405 	if (!fst_parse_detach_command(cmd, ifname, sizeof(ifname))) {
12406 		wpa_s = wpa_supplicant_get_iface(global, ifname);
12407 		if (wpa_s) {
12408 			if (!fst_iface_detach(ifname)) {
12409 				wpa_s->fst = NULL;
12410 				return os_snprintf(buf, reply_size, "OK\n");
12411 			}
12412 		}
12413 	}
12414 
12415 	return -1;
12416 }
12417 
12418 #endif /* CONFIG_FST */
12419 
12420 
12421 char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
12422 						char *buf, size_t *resp_len)
12423 {
12424 	char *reply;
12425 	const int reply_size = 2048;
12426 	int reply_len;
12427 	int level = MSG_DEBUG;
12428 
12429 	if (os_strncmp(buf, "IFNAME=", 7) == 0) {
12430 		char *pos = os_strchr(buf + 7, ' ');
12431 		if (pos) {
12432 			*pos++ = '\0';
12433 			return wpas_global_ctrl_iface_ifname(global,
12434 							     buf + 7, pos,
12435 							     resp_len);
12436 		}
12437 	}
12438 
12439 	reply = wpas_global_ctrl_iface_redir(global, buf, resp_len);
12440 	if (reply)
12441 		return reply;
12442 
12443 	if (os_strcmp(buf, "PING") == 0)
12444 		level = MSG_EXCESSIVE;
12445 	wpa_hexdump_ascii(level, "RX global ctrl_iface",
12446 			  (const u8 *) buf, os_strlen(buf));
12447 
12448 	reply = os_malloc(reply_size);
12449 	if (reply == NULL) {
12450 		*resp_len = 1;
12451 		return NULL;
12452 	}
12453 
12454 	os_memcpy(reply, "OK\n", 3);
12455 	reply_len = 3;
12456 
12457 	if (os_strcmp(buf, "PING") == 0) {
12458 		os_memcpy(reply, "PONG\n", 5);
12459 		reply_len = 5;
12460 	} else if (os_strncmp(buf, "INTERFACE_ADD ", 14) == 0) {
12461 		if (wpa_supplicant_global_iface_add(global, buf + 14))
12462 			reply_len = -1;
12463 	} else if (os_strncmp(buf, "INTERFACE_REMOVE ", 17) == 0) {
12464 		if (wpa_supplicant_global_iface_remove(global, buf + 17))
12465 			reply_len = -1;
12466 	} else if (os_strcmp(buf, "INTERFACE_LIST") == 0) {
12467 		reply_len = wpa_supplicant_global_iface_list(
12468 			global, reply, reply_size);
12469 	} else if (os_strncmp(buf, "INTERFACES", 10) == 0) {
12470 		reply_len = wpa_supplicant_global_iface_interfaces(
12471 			global, buf + 10, reply, reply_size);
12472 #ifdef CONFIG_FST
12473 	} else if (os_strncmp(buf, "FST-ATTACH ", 11) == 0) {
12474 		reply_len = wpas_global_ctrl_iface_fst_attach(global, buf + 11,
12475 							      reply,
12476 							      reply_size);
12477 	} else if (os_strncmp(buf, "FST-DETACH ", 11) == 0) {
12478 		reply_len = wpas_global_ctrl_iface_fst_detach(global, buf + 11,
12479 							      reply,
12480 							      reply_size);
12481 	} else if (os_strncmp(buf, "FST-MANAGER ", 12) == 0) {
12482 		reply_len = fst_ctrl_iface_receive(buf + 12, reply, reply_size);
12483 #endif /* CONFIG_FST */
12484 	} else if (os_strcmp(buf, "TERMINATE") == 0) {
12485 		wpa_supplicant_terminate_proc(global);
12486 	} else if (os_strcmp(buf, "SUSPEND") == 0) {
12487 		wpas_notify_suspend(global);
12488 	} else if (os_strcmp(buf, "RESUME") == 0) {
12489 		wpas_notify_resume(global);
12490 	} else if (os_strncmp(buf, "SET ", 4) == 0) {
12491 		if (wpas_global_ctrl_iface_set(global, buf + 4)) {
12492 #ifdef CONFIG_P2P
12493 			if (global->p2p_init_wpa_s) {
12494 				os_free(reply);
12495 				/* Check if P2P redirection would work for this
12496 				 * command. */
12497 				return wpa_supplicant_ctrl_iface_process(
12498 					global->p2p_init_wpa_s,
12499 					buf, resp_len);
12500 			}
12501 #endif /* CONFIG_P2P */
12502 			reply_len = -1;
12503 		}
12504 	} else if (os_strncmp(buf, "DUP_NETWORK ", 12) == 0) {
12505 		if (wpas_global_ctrl_iface_dup_network(global, buf + 12))
12506 			reply_len = -1;
12507 #ifndef CONFIG_NO_CONFIG_WRITE
12508 	} else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
12509 		if (wpas_global_ctrl_iface_save_config(global))
12510 			reply_len = -1;
12511 #endif /* CONFIG_NO_CONFIG_WRITE */
12512 	} else if (os_strcmp(buf, "STATUS") == 0) {
12513 		reply_len = wpas_global_ctrl_iface_status(global, reply,
12514 							  reply_size);
12515 #ifdef CONFIG_MODULE_TESTS
12516 	} else if (os_strcmp(buf, "MODULE_TESTS") == 0) {
12517 		if (wpas_module_tests() < 0)
12518 			reply_len = -1;
12519 #endif /* CONFIG_MODULE_TESTS */
12520 	} else if (os_strncmp(buf, "RELOG", 5) == 0) {
12521 		if (wpa_debug_reopen_file() < 0)
12522 			reply_len = -1;
12523 	} else {
12524 		os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
12525 		reply_len = 16;
12526 	}
12527 
12528 	if (reply_len < 0) {
12529 		os_memcpy(reply, "FAIL\n", 5);
12530 		reply_len = 5;
12531 	}
12532 
12533 	*resp_len = reply_len;
12534 	return reply;
12535 }
12536