1 /*
2  * Driver interaction with Linux nl80211/cfg80211
3  * Copyright (c) 2002-2015, Jouni Malinen <j@w1.fi>
4  * Copyright (c) 2003-2004, Instant802 Networks, Inc.
5  * Copyright (c) 2005-2006, Devicescape Software, Inc.
6  * Copyright (c) 2007, Johannes Berg <johannes@sipsolutions.net>
7  * Copyright (c) 2009-2010, Atheros Communications
8  *
9  * This software may be distributed under the terms of the BSD license.
10  * See README for more details.
11  */
12 
13 #include "includes.h"
14 #include <sys/types.h>
15 #include <fcntl.h>
16 #include <net/if.h>
17 #include <netlink/genl/genl.h>
18 #include <netlink/genl/ctrl.h>
19 #ifdef CONFIG_LIBNL3_ROUTE
20 #include <netlink/route/neighbour.h>
21 #endif /* CONFIG_LIBNL3_ROUTE */
22 #include <linux/rtnetlink.h>
23 #include <netpacket/packet.h>
24 #include <linux/errqueue.h>
25 
26 #include "common.h"
27 #include "eloop.h"
28 #include "common/qca-vendor.h"
29 #include "common/qca-vendor-attr.h"
30 #include "common/brcm_vendor.h"
31 #include "common/ieee802_11_defs.h"
32 #include "common/ieee802_11_common.h"
33 #include "common/wpa_common.h"
34 #include "netlink.h"
35 #include "linux_defines.h"
36 #include "linux_ioctl.h"
37 #include "radiotap.h"
38 #include "radiotap_iter.h"
39 #include "rfkill.h"
40 #include "driver_nl80211.h"
41 
42 
43 #ifndef NETLINK_CAP_ACK
44 #define NETLINK_CAP_ACK 10
45 #endif /* NETLINK_CAP_ACK */
46 /* support for extack if compilation headers are too old */
47 #ifndef NETLINK_EXT_ACK
48 #define NETLINK_EXT_ACK 11
49 enum nlmsgerr_attrs {
50 	NLMSGERR_ATTR_UNUSED,
51 	NLMSGERR_ATTR_MSG,
52 	NLMSGERR_ATTR_OFFS,
53 	NLMSGERR_ATTR_COOKIE,
54 
55 	__NLMSGERR_ATTR_MAX,
56 	NLMSGERR_ATTR_MAX = __NLMSGERR_ATTR_MAX - 1
57 };
58 #endif
59 #ifndef NLM_F_CAPPED
60 #define NLM_F_CAPPED 0x100
61 #endif
62 #ifndef NLM_F_ACK_TLVS
63 #define NLM_F_ACK_TLVS 0x200
64 #endif
65 #ifndef SOL_NETLINK
66 #define SOL_NETLINK 270
67 #endif
68 
69 
70 #ifdef ANDROID
71 /* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
72 #undef nl_socket_set_nonblocking
73 #define nl_socket_set_nonblocking(h) android_nl_socket_set_nonblocking(h)
74 
75 #endif /* ANDROID */
76 
77 
78 static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg)
79 {
80 	struct nl_sock *handle;
81 
82 	handle = nl_socket_alloc_cb(cb);
83 	if (handle == NULL) {
84 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
85 			   "callbacks (%s)", dbg);
86 		return NULL;
87 	}
88 
89 	if (genl_connect(handle)) {
90 		wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
91 			   "netlink (%s)", dbg);
92 		nl_socket_free(handle);
93 		return NULL;
94 	}
95 
96 	return handle;
97 }
98 
99 
100 static void nl_destroy_handles(struct nl_sock **handle)
101 {
102 	if (*handle == NULL)
103 		return;
104 	nl_socket_free(*handle);
105 	*handle = NULL;
106 }
107 
108 
109 #if __WORDSIZE == 64
110 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x8888888888888889ULL
111 #else
112 #define ELOOP_SOCKET_INVALID	(intptr_t) 0x88888889ULL
113 #endif
114 
115 static void nl80211_register_eloop_read(struct nl_sock **handle,
116 					eloop_sock_handler handler,
117 					void *eloop_data, int persist)
118 {
119 	/*
120 	 * libnl uses a pretty small buffer (32 kB that gets converted to 64 kB)
121 	 * by default. It is possible to hit that limit in some cases where
122 	 * operations are blocked, e.g., with a burst of Deauthentication frames
123 	 * to hostapd and STA entry deletion. Try to increase the buffer to make
124 	 * this less likely to occur.
125 	 */
126 	int err;
127 
128 	err = nl_socket_set_buffer_size(*handle, 262144, 0);
129 	if (err < 0) {
130 		wpa_printf(MSG_DEBUG,
131 			   "nl80211: Could not set nl_socket RX buffer size: %s",
132 			   nl_geterror(err));
133 		/* continue anyway with the default (smaller) buffer */
134 	}
135 
136 	nl_socket_set_nonblocking(*handle);
137 	eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
138 				 eloop_data, *handle);
139 	if (!persist)
140 		*handle = (void *) (((intptr_t) *handle) ^
141 				    ELOOP_SOCKET_INVALID);
142 }
143 
144 
145 static void nl80211_destroy_eloop_handle(struct nl_sock **handle, int persist)
146 {
147 	if (!persist)
148 		*handle = (void *) (((intptr_t) *handle) ^
149 				    ELOOP_SOCKET_INVALID);
150 	eloop_unregister_read_sock(nl_socket_get_fd(*handle));
151 	nl_destroy_handles(handle);
152 }
153 
154 
155 static void nl80211_global_deinit(void *priv);
156 static void nl80211_check_global(struct nl80211_global *global);
157 
158 static void wpa_driver_nl80211_deinit(struct i802_bss *bss);
159 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
160 					    struct hostapd_freq_params *freq);
161 
162 static int
163 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
164 				   const u8 *set_addr, int first,
165 				   const char *driver_params);
166 static int nl80211_send_frame_cmd(struct i802_bss *bss,
167 				  unsigned int freq, unsigned int wait,
168 				  const u8 *buf, size_t buf_len,
169 				  int save_cookie,
170 				  int no_cck, int no_ack, int offchanok,
171 				  const u16 *csa_offs, size_t csa_offs_len);
172 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
173 					       int report);
174 
175 #define IFIDX_ANY -1
176 
177 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
178 		      int ifidx_reason);
179 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
180 		      int ifidx_reason);
181 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
182 		      int ifidx_reason);
183 
184 static int nl80211_set_channel(struct i802_bss *bss,
185 			       struct hostapd_freq_params *freq, int set_chan);
186 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
187 				     int ifindex, int disabled);
188 
189 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
190 			      int reset_mode);
191 
192 static int i802_set_iface_flags(struct i802_bss *bss, int up);
193 static int nl80211_set_param(void *priv, const char *param);
194 #ifdef CONFIG_MESH
195 static int nl80211_put_mesh_config(struct nl_msg *msg,
196 				   struct wpa_driver_mesh_bss_params *params);
197 #endif /* CONFIG_MESH */
198 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
199 			     u16 reason);
200 
201 
202 /* Converts nl80211_chan_width to a common format */
203 enum chan_width convert2width(int width)
204 {
205 	switch (width) {
206 	case NL80211_CHAN_WIDTH_20_NOHT:
207 		return CHAN_WIDTH_20_NOHT;
208 	case NL80211_CHAN_WIDTH_20:
209 		return CHAN_WIDTH_20;
210 	case NL80211_CHAN_WIDTH_40:
211 		return CHAN_WIDTH_40;
212 	case NL80211_CHAN_WIDTH_80:
213 		return CHAN_WIDTH_80;
214 	case NL80211_CHAN_WIDTH_80P80:
215 		return CHAN_WIDTH_80P80;
216 	case NL80211_CHAN_WIDTH_160:
217 		return CHAN_WIDTH_160;
218 	}
219 	return CHAN_WIDTH_UNKNOWN;
220 }
221 
222 
223 int is_ap_interface(enum nl80211_iftype nlmode)
224 {
225 	return nlmode == NL80211_IFTYPE_AP ||
226 		nlmode == NL80211_IFTYPE_P2P_GO;
227 }
228 
229 
230 int is_sta_interface(enum nl80211_iftype nlmode)
231 {
232 	return nlmode == NL80211_IFTYPE_STATION ||
233 		nlmode == NL80211_IFTYPE_P2P_CLIENT;
234 }
235 
236 
237 static int is_p2p_net_interface(enum nl80211_iftype nlmode)
238 {
239 	return nlmode == NL80211_IFTYPE_P2P_CLIENT ||
240 		nlmode == NL80211_IFTYPE_P2P_GO;
241 }
242 
243 
244 struct i802_bss * get_bss_ifindex(struct wpa_driver_nl80211_data *drv,
245 				  int ifindex)
246 {
247 	struct i802_bss *bss;
248 
249 	for (bss = drv->first_bss; bss; bss = bss->next) {
250 		if (bss->ifindex == ifindex)
251 			return bss;
252 	}
253 
254 	return NULL;
255 }
256 
257 
258 static int is_mesh_interface(enum nl80211_iftype nlmode)
259 {
260 	return nlmode == NL80211_IFTYPE_MESH_POINT;
261 }
262 
263 
264 void nl80211_mark_disconnected(struct wpa_driver_nl80211_data *drv)
265 {
266 	if (drv->associated)
267 		os_memcpy(drv->prev_bssid, drv->bssid, ETH_ALEN);
268 	drv->associated = 0;
269 	os_memset(drv->bssid, 0, ETH_ALEN);
270 	drv->first_bss->freq = 0;
271 }
272 
273 
274 /* nl80211 code */
275 static int ack_handler(struct nl_msg *msg, void *arg)
276 {
277 	int *err = arg;
278 	*err = 0;
279 	return NL_STOP;
280 }
281 
282 
283 struct nl80211_ack_ext_arg {
284 	int *err;
285 	void *ext_data;
286 };
287 
288 
289 static int ack_handler_cookie(struct nl_msg *msg, void *arg)
290 {
291 	struct nl80211_ack_ext_arg *ext_arg = arg;
292 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
293 	u64 *cookie = ext_arg->ext_data;
294 	struct nlattr *attrs;
295 	size_t ack_len, attr_len;
296 
297 	*ext_arg->err = 0;
298 	ack_len = sizeof(struct nlmsghdr) + sizeof(int) +
299 		sizeof(struct nlmsghdr);
300 	attrs = (struct nlattr *)
301 		((u8 *) nlmsg_data(nlmsg_hdr(msg)) + sizeof(struct nlmsghdr) +
302 		 sizeof(int));
303 	if (nlmsg_hdr(msg)->nlmsg_len <= ack_len)
304 		return NL_STOP;
305 
306 	attr_len = nlmsg_hdr(msg)->nlmsg_len - ack_len;
307 
308 	if(!(nlmsg_hdr(msg)->nlmsg_flags & NLM_F_ACK_TLVS))
309 		return NL_STOP;
310 
311 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, attr_len, NULL);
312 	if (tb[NLMSGERR_ATTR_COOKIE])
313 		*cookie = nla_get_u64(tb[NLMSGERR_ATTR_COOKIE]);
314 
315 	return NL_STOP;
316 }
317 
318 
319 static int finish_handler(struct nl_msg *msg, void *arg)
320 {
321 	int *ret = arg;
322 	*ret = 0;
323 	return NL_SKIP;
324 }
325 
326 static int error_handler(struct sockaddr_nl *nla, struct nlmsgerr *err,
327 			 void *arg)
328 {
329 	struct nlmsghdr *nlh = (struct nlmsghdr *) err - 1;
330 	int len = nlh->nlmsg_len;
331 	struct nlattr *attrs;
332 	struct nlattr *tb[NLMSGERR_ATTR_MAX + 1];
333 	int *ret = arg;
334 	int ack_len = sizeof(*nlh) + sizeof(int) + sizeof(*nlh);
335 
336 	*ret = err->error;
337 
338 	if (!(nlh->nlmsg_flags & NLM_F_ACK_TLVS))
339 		return NL_SKIP;
340 
341 	if (!(nlh->nlmsg_flags & NLM_F_CAPPED))
342 		ack_len += err->msg.nlmsg_len - sizeof(*nlh);
343 
344 	if (len <= ack_len)
345 		return NL_STOP;
346 
347 	attrs = (void *) ((unsigned char *) nlh + ack_len);
348 	len -= ack_len;
349 
350 	nla_parse(tb, NLMSGERR_ATTR_MAX, attrs, len, NULL);
351 	if (tb[NLMSGERR_ATTR_MSG]) {
352 		len = strnlen((char *) nla_data(tb[NLMSGERR_ATTR_MSG]),
353 			      nla_len(tb[NLMSGERR_ATTR_MSG]));
354 		wpa_printf(MSG_ERROR, "nl80211: kernel reports: %*s",
355 			   len, (char *) nla_data(tb[NLMSGERR_ATTR_MSG]));
356 	}
357 
358 	return NL_SKIP;
359 }
360 
361 
362 static int no_seq_check(struct nl_msg *msg, void *arg)
363 {
364 	return NL_OK;
365 }
366 
367 
368 static void nl80211_nlmsg_clear(struct nl_msg *msg)
369 {
370 	/*
371 	 * Clear nlmsg data, e.g., to make sure key material is not left in
372 	 * heap memory for unnecessarily long time.
373 	 */
374 	if (msg) {
375 		struct nlmsghdr *hdr = nlmsg_hdr(msg);
376 		void *data = nlmsg_data(hdr);
377 		/*
378 		 * This would use nlmsg_datalen() or the older nlmsg_len() if
379 		 * only libnl were to maintain a stable API.. Neither will work
380 		 * with all released versions, so just calculate the length
381 		 * here.
382 		 */
383 		int len = hdr->nlmsg_len - NLMSG_HDRLEN;
384 
385 		os_memset(data, 0, len);
386 	}
387 }
388 
389 
390 static int send_and_recv(struct nl80211_global *global,
391 			 struct nl_sock *nl_handle, struct nl_msg *msg,
392 			 int (*valid_handler)(struct nl_msg *, void *),
393 			 void *valid_data,
394 			 int (*ack_handler_custom)(struct nl_msg *, void *),
395 			 void *ack_data)
396 {
397 	struct nl_cb *cb;
398 	int err = -ENOMEM, opt;
399 
400 	if (!msg)
401 		return -ENOMEM;
402 
403 	cb = nl_cb_clone(global->nl_cb);
404 	if (!cb)
405 		goto out;
406 
407 	/* try to set NETLINK_EXT_ACK to 1, ignoring errors */
408 	opt = 1;
409 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
410 		   NETLINK_EXT_ACK, &opt, sizeof(opt));
411 
412 	/* try to set NETLINK_CAP_ACK to 1, ignoring errors */
413 	opt = 1;
414 	setsockopt(nl_socket_get_fd(nl_handle), SOL_NETLINK,
415 		   NETLINK_CAP_ACK, &opt, sizeof(opt));
416 
417 	err = nl_send_auto_complete(nl_handle, msg);
418 	if (err < 0) {
419 		wpa_printf(MSG_INFO,
420 			   "nl80211: nl_send_auto_complete() failed: %s",
421 			   nl_geterror(err));
422 		/* Need to convert libnl error code to an errno value. For now,
423 		 * just hardcode this to EBADF; the real error reason is shown
424 		 * in that error print above. */
425 		err = -EBADF;
426 		goto out;
427 	}
428 
429 	err = 1;
430 
431 	nl_cb_err(cb, NL_CB_CUSTOM, error_handler, &err);
432 	nl_cb_set(cb, NL_CB_FINISH, NL_CB_CUSTOM, finish_handler, &err);
433 	if (ack_handler_custom) {
434 		struct nl80211_ack_ext_arg *ext_arg = ack_data;
435 
436 		ext_arg->err = &err;
437 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM,
438 			  ack_handler_custom, ack_data);
439 	} else {
440 		nl_cb_set(cb, NL_CB_ACK, NL_CB_CUSTOM, ack_handler, &err);
441 	}
442 
443 	if (valid_handler)
444 		nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM,
445 			  valid_handler, valid_data);
446 
447 	while (err > 0) {
448 		int res = nl_recvmsgs(nl_handle, cb);
449 
450 		if (res == -NLE_DUMP_INTR) {
451 			/* Most likely one of the nl80211 dump routines hit a
452 			 * case where internal results changed while the dump
453 			 * was being sent. The most common known case for this
454 			 * is scan results fetching while associated were every
455 			 * received Beacon frame from the AP may end up
456 			 * incrementing bss_generation. This
457 			 * NL80211_CMD_GET_SCAN case tries again in the caller;
458 			 * other cases (of which there are no known common ones)
459 			 * will stop and return an error. */
460 			wpa_printf(MSG_DEBUG, "nl80211: %s; convert to -EAGAIN",
461 				   nl_geterror(res));
462 			err = -EAGAIN;
463 		} else if (res < 0) {
464 			wpa_printf(MSG_INFO,
465 				   "nl80211: %s->nl_recvmsgs failed: %d (%s)",
466 				   __func__, res, nl_geterror(res));
467 		}
468 	}
469  out:
470 	nl_cb_put(cb);
471 	/* Always clear the message as it can potentially contain keys */
472 	nl80211_nlmsg_clear(msg);
473 	nlmsg_free(msg);
474 	return err;
475 }
476 
477 
478 int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
479 		       struct nl_msg *msg,
480 		       int (*valid_handler)(struct nl_msg *, void *),
481 		       void *valid_data,
482 		       int (*ack_handler_custom)(struct nl_msg *, void *),
483 		       void *ack_data)
484 {
485 	return send_and_recv(drv->global, drv->global->nl, msg,
486 			     valid_handler, valid_data,
487 			     ack_handler_custom, ack_data);
488 }
489 
490 
491 /* Use this method to mark that it is necessary to own the connection/interface
492  * for this operation.
493  * handle may be set to NULL, to get the same behavior as send_and_recv_msgs().
494  * set_owner can be used to mark this socket for receiving control port frames.
495  */
496 static int send_and_recv_msgs_owner(struct wpa_driver_nl80211_data *drv,
497 				    struct nl_msg *msg,
498 				    struct nl_sock *handle, int set_owner,
499 				    int (*valid_handler)(struct nl_msg *,
500 							 void *),
501 				    void *valid_data,
502 				    int (*ack_handler_custom)(struct nl_msg *,
503 							      void *),
504 				    void *ack_data)
505 {
506 	if (!msg)
507 		return -ENOMEM;
508 
509 	/* Control port over nl80211 needs the flags and attributes below.
510 	 *
511 	 * The Linux kernel has initial checks for them (in nl80211.c) like:
512 	 *     validate_pae_over_nl80211(...)
513 	 * or final checks like:
514 	 *     dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid
515 	 *
516 	 * Final operations (e.g., disassociate) don't need to set these
517 	 * attributes, but they have to be performed on the socket, which has
518 	 * the connection owner property set in the kernel.
519 	 */
520 	if ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) &&
521 	    handle && set_owner &&
522 	    (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) ||
523 	     nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) ||
524 	     nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
525 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH)))
526 		return -1;
527 
528 	return send_and_recv(drv->global, handle ? handle : drv->global->nl,
529 			     msg, valid_handler, valid_data,
530 			     ack_handler_custom, ack_data);
531 }
532 
533 
534 static int
535 send_and_recv_msgs_connect_handle(struct wpa_driver_nl80211_data *drv,
536 				  struct nl_msg *msg, struct i802_bss *bss,
537 				  int set_owner)
538 {
539 	struct nl_sock *nl_connect = get_connect_handle(bss);
540 
541 	if (nl_connect)
542 		return send_and_recv_msgs_owner(drv, msg, nl_connect, set_owner,
543 						process_bss_event, bss, NULL,
544 						NULL);
545 	else
546 		return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
547 }
548 
549 
550 struct nl_sock * get_connect_handle(struct i802_bss *bss)
551 {
552 	if ((bss->drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) ||
553 	    bss->use_nl_connect)
554 		return bss->nl_connect;
555 
556 	return NULL;
557 }
558 
559 
560 struct family_data {
561 	const char *group;
562 	int id;
563 };
564 
565 
566 static int family_handler(struct nl_msg *msg, void *arg)
567 {
568 	struct family_data *res = arg;
569 	struct nlattr *tb[CTRL_ATTR_MAX + 1];
570 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
571 	struct nlattr *mcgrp;
572 	int i;
573 
574 	nla_parse(tb, CTRL_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
575 		  genlmsg_attrlen(gnlh, 0), NULL);
576 	if (!tb[CTRL_ATTR_MCAST_GROUPS])
577 		return NL_SKIP;
578 
579 	nla_for_each_nested(mcgrp, tb[CTRL_ATTR_MCAST_GROUPS], i) {
580 		struct nlattr *tb2[CTRL_ATTR_MCAST_GRP_MAX + 1];
581 		nla_parse(tb2, CTRL_ATTR_MCAST_GRP_MAX, nla_data(mcgrp),
582 			  nla_len(mcgrp), NULL);
583 		if (!tb2[CTRL_ATTR_MCAST_GRP_NAME] ||
584 		    !tb2[CTRL_ATTR_MCAST_GRP_ID] ||
585 		    os_strncmp(nla_data(tb2[CTRL_ATTR_MCAST_GRP_NAME]),
586 			       res->group,
587 			       nla_len(tb2[CTRL_ATTR_MCAST_GRP_NAME])) != 0)
588 			continue;
589 		res->id = nla_get_u32(tb2[CTRL_ATTR_MCAST_GRP_ID]);
590 		break;
591 	};
592 
593 	return NL_SKIP;
594 }
595 
596 
597 static int nl_get_multicast_id(struct nl80211_global *global,
598 			       const char *family, const char *group)
599 {
600 	struct nl_msg *msg;
601 	int ret;
602 	struct family_data res = { group, -ENOENT };
603 
604 	msg = nlmsg_alloc();
605 	if (!msg)
606 		return -ENOMEM;
607 	if (!genlmsg_put(msg, 0, 0, genl_ctrl_resolve(global->nl, "nlctrl"),
608 			 0, 0, CTRL_CMD_GETFAMILY, 0) ||
609 	    nla_put_string(msg, CTRL_ATTR_FAMILY_NAME, family)) {
610 		nlmsg_free(msg);
611 		return -1;
612 	}
613 
614 	ret = send_and_recv(global, global->nl, msg, family_handler, &res,
615 			    NULL, NULL);
616 	if (ret == 0)
617 		ret = res.id;
618 	return ret;
619 }
620 
621 
622 void * nl80211_cmd(struct wpa_driver_nl80211_data *drv,
623 		   struct nl_msg *msg, int flags, uint8_t cmd)
624 {
625 	if (TEST_FAIL())
626 		return NULL;
627 	return genlmsg_put(msg, 0, 0, drv->global->nl80211_id,
628 			   0, flags, cmd, 0);
629 }
630 
631 
632 static int nl80211_set_iface_id(struct nl_msg *msg, struct i802_bss *bss)
633 {
634 	if (bss->wdev_id_set)
635 		return nla_put_u64(msg, NL80211_ATTR_WDEV, bss->wdev_id);
636 	return nla_put_u32(msg, NL80211_ATTR_IFINDEX, bss->ifindex);
637 }
638 
639 
640 struct nl_msg * nl80211_cmd_msg(struct i802_bss *bss, int flags, uint8_t cmd)
641 {
642 	struct nl_msg *msg;
643 
644 	msg = nlmsg_alloc();
645 	if (!msg)
646 		return NULL;
647 
648 	if (!nl80211_cmd(bss->drv, msg, flags, cmd) ||
649 	    nl80211_set_iface_id(msg, bss) < 0) {
650 		nlmsg_free(msg);
651 		return NULL;
652 	}
653 
654 	return msg;
655 }
656 
657 
658 static struct nl_msg *
659 nl80211_ifindex_msg_build(struct wpa_driver_nl80211_data *drv,
660 			  struct nl_msg *msg, int ifindex, int flags,
661 			  uint8_t cmd)
662 {
663 	if (!msg)
664 		return NULL;
665 
666 	if (!nl80211_cmd(drv, msg, flags, cmd) ||
667 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, ifindex)) {
668 		nlmsg_free(msg);
669 		return NULL;
670 	}
671 
672 	return msg;
673 }
674 
675 
676 static struct nl_msg *
677 nl80211_ifindex_msg(struct wpa_driver_nl80211_data *drv, int ifindex,
678 		    int flags, uint8_t cmd)
679 {
680 	return nl80211_ifindex_msg_build(drv, nlmsg_alloc(), ifindex, flags,
681 					 cmd);
682 }
683 
684 
685 struct nl_msg * nl80211_drv_msg(struct wpa_driver_nl80211_data *drv, int flags,
686 				uint8_t cmd)
687 {
688 	return nl80211_ifindex_msg(drv, drv->ifindex, flags, cmd);
689 }
690 
691 
692 struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd)
693 {
694 	return nl80211_ifindex_msg(bss->drv, bss->ifindex, flags, cmd);
695 }
696 
697 
698 struct wiphy_idx_data {
699 	int wiphy_idx;
700 	enum nl80211_iftype nlmode;
701 	u8 *macaddr;
702 	u8 use_4addr;
703 };
704 
705 
706 static int netdev_info_handler(struct nl_msg *msg, void *arg)
707 {
708 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
709 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
710 	struct wiphy_idx_data *info = arg;
711 
712 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
713 		  genlmsg_attrlen(gnlh, 0), NULL);
714 
715 	if (tb[NL80211_ATTR_WIPHY])
716 		info->wiphy_idx = nla_get_u32(tb[NL80211_ATTR_WIPHY]);
717 
718 	if (tb[NL80211_ATTR_IFTYPE])
719 		info->nlmode = nla_get_u32(tb[NL80211_ATTR_IFTYPE]);
720 
721 	if (tb[NL80211_ATTR_MAC] && info->macaddr)
722 		os_memcpy(info->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
723 			  ETH_ALEN);
724 
725 	if (tb[NL80211_ATTR_4ADDR])
726 		info->use_4addr = nla_get_u8(tb[NL80211_ATTR_4ADDR]);
727 
728 	return NL_SKIP;
729 }
730 
731 
732 int nl80211_get_wiphy_index(struct i802_bss *bss)
733 {
734 	struct nl_msg *msg;
735 	struct wiphy_idx_data data = {
736 		.wiphy_idx = -1,
737 		.macaddr = NULL,
738 	};
739 
740 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
741 		return -1;
742 
743 	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
744 			       NULL, NULL) == 0)
745 		return data.wiphy_idx;
746 	return -1;
747 }
748 
749 
750 static enum nl80211_iftype nl80211_get_ifmode(struct i802_bss *bss)
751 {
752 	struct nl_msg *msg;
753 	struct wiphy_idx_data data = {
754 		.nlmode = NL80211_IFTYPE_UNSPECIFIED,
755 		.macaddr = NULL,
756 	};
757 
758 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
759 		return NL80211_IFTYPE_UNSPECIFIED;
760 
761 	if (send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
762 			       NULL, NULL) == 0)
763 		return data.nlmode;
764 	return NL80211_IFTYPE_UNSPECIFIED;
765 }
766 
767 
768 static int nl80211_get_macaddr(struct i802_bss *bss)
769 {
770 	struct nl_msg *msg;
771 	struct wiphy_idx_data data = {
772 		.macaddr = bss->addr,
773 	};
774 
775 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)))
776 		return -1;
777 
778 	return send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
779 				  NULL, NULL);
780 }
781 
782 
783 static int nl80211_get_4addr(struct i802_bss *bss)
784 {
785 	struct nl_msg *msg;
786 	struct wiphy_idx_data data = {
787 		.use_4addr = 0,
788 	};
789 
790 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_GET_INTERFACE)) ||
791 	    send_and_recv_msgs(bss->drv, msg, netdev_info_handler, &data,
792 			       NULL, NULL))
793 		return -1;
794 	return data.use_4addr;
795 }
796 
797 
798 static int nl80211_register_beacons(struct wpa_driver_nl80211_data *drv,
799 				    struct nl80211_wiphy_data *w)
800 {
801 	struct nl_msg *msg;
802 	int ret;
803 
804 	msg = nlmsg_alloc();
805 	if (!msg)
806 		return -1;
807 
808 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REGISTER_BEACONS) ||
809 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, w->wiphy_idx)) {
810 		nlmsg_free(msg);
811 		return -1;
812 	}
813 
814 	ret = send_and_recv(drv->global, w->nl_beacons, msg, NULL, NULL,
815 			    NULL, NULL);
816 	if (ret) {
817 		wpa_printf(MSG_DEBUG, "nl80211: Register beacons command "
818 			   "failed: ret=%d (%s)",
819 			   ret, strerror(-ret));
820 	}
821 	return ret;
822 }
823 
824 
825 static void nl80211_recv_beacons(int sock, void *eloop_ctx, void *handle)
826 {
827 	struct nl80211_wiphy_data *w = eloop_ctx;
828 	int res;
829 
830 	wpa_printf(MSG_EXCESSIVE, "nl80211: Beacon event message available");
831 
832 	res = nl_recvmsgs(handle, w->nl_cb);
833 	if (res < 0) {
834 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
835 			   __func__, res);
836 	}
837 }
838 
839 
840 static int process_beacon_event(struct nl_msg *msg, void *arg)
841 {
842 	struct nl80211_wiphy_data *w = arg;
843 	struct wpa_driver_nl80211_data *drv;
844 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
845 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
846 	union wpa_event_data event;
847 
848 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
849 		  genlmsg_attrlen(gnlh, 0), NULL);
850 
851 	if (gnlh->cmd != NL80211_CMD_FRAME) {
852 		wpa_printf(MSG_DEBUG, "nl80211: Unexpected beacon event? (%d)",
853 			   gnlh->cmd);
854 		return NL_SKIP;
855 	}
856 
857 	if (!tb[NL80211_ATTR_FRAME])
858 		return NL_SKIP;
859 
860 	dl_list_for_each(drv, &w->drvs, struct wpa_driver_nl80211_data,
861 			 wiphy_list) {
862 		os_memset(&event, 0, sizeof(event));
863 		event.rx_mgmt.frame = nla_data(tb[NL80211_ATTR_FRAME]);
864 		event.rx_mgmt.frame_len = nla_len(tb[NL80211_ATTR_FRAME]);
865 		wpa_supplicant_event(drv->ctx, EVENT_RX_MGMT, &event);
866 	}
867 
868 	return NL_SKIP;
869 }
870 
871 
872 static struct nl80211_wiphy_data *
873 nl80211_get_wiphy_data_ap(struct i802_bss *bss)
874 {
875 	static DEFINE_DL_LIST(nl80211_wiphys);
876 	struct nl80211_wiphy_data *w;
877 	int wiphy_idx, found = 0;
878 	struct i802_bss *tmp_bss;
879 	u8 channel;
880 
881 	if (bss->wiphy_data != NULL)
882 		return bss->wiphy_data;
883 
884 	wiphy_idx = nl80211_get_wiphy_index(bss);
885 
886 	dl_list_for_each(w, &nl80211_wiphys, struct nl80211_wiphy_data, list) {
887 		if (w->wiphy_idx == wiphy_idx)
888 			goto add;
889 	}
890 
891 	/* alloc new one */
892 	w = os_zalloc(sizeof(*w));
893 	if (w == NULL)
894 		return NULL;
895 	w->wiphy_idx = wiphy_idx;
896 	dl_list_init(&w->bsss);
897 	dl_list_init(&w->drvs);
898 
899 	/* Beacon frames not supported in IEEE 802.11ad */
900 	if (ieee80211_freq_to_chan(bss->freq, &channel) !=
901 	    HOSTAPD_MODE_IEEE80211AD) {
902 		w->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
903 		if (!w->nl_cb) {
904 			os_free(w);
905 			return NULL;
906 		}
907 		nl_cb_set(w->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
908 			  no_seq_check, NULL);
909 		nl_cb_set(w->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
910 			  process_beacon_event, w);
911 
912 		w->nl_beacons = nl_create_handle(bss->drv->global->nl_cb,
913 						 "wiphy beacons");
914 		if (w->nl_beacons == NULL) {
915 			os_free(w);
916 			return NULL;
917 		}
918 
919 		if (nl80211_register_beacons(bss->drv, w)) {
920 			nl_destroy_handles(&w->nl_beacons);
921 			os_free(w);
922 			return NULL;
923 		}
924 
925 		nl80211_register_eloop_read(&w->nl_beacons,
926 					    nl80211_recv_beacons, w, 0);
927 	}
928 
929 	dl_list_add(&nl80211_wiphys, &w->list);
930 
931 add:
932 	/* drv entry for this bss already there? */
933 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
934 		if (tmp_bss->drv == bss->drv) {
935 			found = 1;
936 			break;
937 		}
938 	}
939 	/* if not add it */
940 	if (!found)
941 		dl_list_add(&w->drvs, &bss->drv->wiphy_list);
942 
943 	dl_list_add(&w->bsss, &bss->wiphy_list);
944 	bss->wiphy_data = w;
945 	return w;
946 }
947 
948 
949 static void nl80211_put_wiphy_data_ap(struct i802_bss *bss)
950 {
951 	struct nl80211_wiphy_data *w = bss->wiphy_data;
952 	struct i802_bss *tmp_bss;
953 	int found = 0;
954 
955 	if (w == NULL)
956 		return;
957 	bss->wiphy_data = NULL;
958 	dl_list_del(&bss->wiphy_list);
959 
960 	/* still any for this drv present? */
961 	dl_list_for_each(tmp_bss, &w->bsss, struct i802_bss, wiphy_list) {
962 		if (tmp_bss->drv == bss->drv) {
963 			found = 1;
964 			break;
965 		}
966 	}
967 	/* if not remove it */
968 	if (!found)
969 		dl_list_del(&bss->drv->wiphy_list);
970 
971 	if (!dl_list_empty(&w->bsss))
972 		return;
973 
974 	if (w->nl_beacons)
975 		nl80211_destroy_eloop_handle(&w->nl_beacons, 0);
976 
977 	nl_cb_put(w->nl_cb);
978 	dl_list_del(&w->list);
979 	os_free(w);
980 }
981 
982 
983 static unsigned int nl80211_get_ifindex(void *priv)
984 {
985 	struct i802_bss *bss = priv;
986 	struct wpa_driver_nl80211_data *drv = bss->drv;
987 
988 	return drv->ifindex;
989 }
990 
991 
992 static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
993 {
994 	struct i802_bss *bss = priv;
995 	struct wpa_driver_nl80211_data *drv = bss->drv;
996 	if (!drv->associated)
997 		return -1;
998 	os_memcpy(bssid, drv->bssid, ETH_ALEN);
999 	return 0;
1000 }
1001 
1002 
1003 static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
1004 {
1005 	struct i802_bss *bss = priv;
1006 	struct wpa_driver_nl80211_data *drv = bss->drv;
1007 	if (!drv->associated)
1008 		return -1;
1009 	os_memcpy(ssid, drv->ssid, drv->ssid_len);
1010 	return drv->ssid_len;
1011 }
1012 
1013 
1014 static void wpa_driver_nl80211_event_newlink(
1015 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1016 	int ifindex, const char *ifname)
1017 {
1018 	union wpa_event_data event;
1019 
1020 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1021 		if (if_nametoindex(drv->first_bss->ifname) == 0) {
1022 			wpa_printf(MSG_DEBUG, "nl80211: Interface %s does not exist - ignore RTM_NEWLINK",
1023 				   drv->first_bss->ifname);
1024 			return;
1025 		}
1026 		if (!drv->if_removed)
1027 			return;
1028 		wpa_printf(MSG_DEBUG, "nl80211: Mark if_removed=0 for %s based on RTM_NEWLINK event",
1029 			   drv->first_bss->ifname);
1030 		drv->if_removed = 0;
1031 	}
1032 
1033 	os_memset(&event, 0, sizeof(event));
1034 	event.interface_status.ifindex = ifindex;
1035 	os_strlcpy(event.interface_status.ifname, ifname,
1036 		   sizeof(event.interface_status.ifname));
1037 	event.interface_status.ievent = EVENT_INTERFACE_ADDED;
1038 	if (drv)
1039 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1040 	else
1041 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1042 					    &event);
1043 }
1044 
1045 
1046 static void wpa_driver_nl80211_event_dellink(
1047 	struct nl80211_global *global, struct wpa_driver_nl80211_data *drv,
1048 	int ifindex, const char *ifname)
1049 {
1050 	union wpa_event_data event;
1051 
1052 	if (drv && os_strcmp(drv->first_bss->ifname, ifname) == 0) {
1053 		if (drv->if_removed) {
1054 			wpa_printf(MSG_DEBUG, "nl80211: if_removed already set - ignore RTM_DELLINK event for %s",
1055 				   ifname);
1056 			return;
1057 		}
1058 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed - mark if_removed=1",
1059 			   ifname);
1060 		drv->if_removed = 1;
1061 	} else {
1062 		wpa_printf(MSG_DEBUG, "RTM_DELLINK: Interface '%s' removed",
1063 			   ifname);
1064 	}
1065 
1066 	os_memset(&event, 0, sizeof(event));
1067 	event.interface_status.ifindex = ifindex;
1068 	os_strlcpy(event.interface_status.ifname, ifname,
1069 		   sizeof(event.interface_status.ifname));
1070 	event.interface_status.ievent = EVENT_INTERFACE_REMOVED;
1071 	if (drv)
1072 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_STATUS, &event);
1073 	else
1074 		wpa_supplicant_event_global(global->ctx, EVENT_INTERFACE_STATUS,
1075 					    &event);
1076 }
1077 
1078 
1079 static int wpa_driver_nl80211_own_ifname(struct wpa_driver_nl80211_data *drv,
1080 					 u8 *buf, size_t len)
1081 {
1082 	int attrlen, rta_len;
1083 	struct rtattr *attr;
1084 
1085 	attrlen = len;
1086 	attr = (struct rtattr *) buf;
1087 
1088 	rta_len = RTA_ALIGN(sizeof(struct rtattr));
1089 	while (RTA_OK(attr, attrlen)) {
1090 		if (attr->rta_type == IFLA_IFNAME) {
1091 			if (os_strcmp(((char *) attr) + rta_len,
1092 				      drv->first_bss->ifname) == 0)
1093 				return 1;
1094 			else
1095 				break;
1096 		}
1097 		attr = RTA_NEXT(attr, attrlen);
1098 	}
1099 
1100 	return 0;
1101 }
1102 
1103 
1104 static int wpa_driver_nl80211_own_ifindex(struct wpa_driver_nl80211_data *drv,
1105 					  int ifindex, u8 *buf, size_t len)
1106 {
1107 	if (drv->ifindex == ifindex)
1108 		return 1;
1109 
1110 	if (drv->if_removed && wpa_driver_nl80211_own_ifname(drv, buf, len)) {
1111 		nl80211_check_global(drv->global);
1112 		wpa_printf(MSG_DEBUG, "nl80211: Update ifindex for a removed "
1113 			   "interface");
1114 		if (wpa_driver_nl80211_finish_drv_init(drv, NULL, 0, NULL) < 0)
1115 			return -1;
1116 		return 1;
1117 	}
1118 
1119 	return 0;
1120 }
1121 
1122 
1123 static struct wpa_driver_nl80211_data *
1124 nl80211_find_drv(struct nl80211_global *global, int idx, u8 *buf, size_t len,
1125 		 int *init_failed)
1126 {
1127 	struct wpa_driver_nl80211_data *drv;
1128 	int res;
1129 
1130 	if (init_failed)
1131 		*init_failed = 0;
1132 	dl_list_for_each(drv, &global->interfaces,
1133 			 struct wpa_driver_nl80211_data, list) {
1134 		res = wpa_driver_nl80211_own_ifindex(drv, idx, buf, len);
1135 		if (res < 0) {
1136 			wpa_printf(MSG_DEBUG,
1137 				   "nl80211: Found matching own interface, but failed to complete reinitialization");
1138 			if (init_failed)
1139 				*init_failed = 1;
1140 			return drv;
1141 		}
1142 		if (res > 0 || have_ifidx(drv, idx, IFIDX_ANY))
1143 			return drv;
1144 	}
1145 	return NULL;
1146 }
1147 
1148 
1149 static void nl80211_refresh_mac(struct wpa_driver_nl80211_data *drv,
1150 				int ifindex, int notify)
1151 {
1152 	struct i802_bss *bss;
1153 	u8 addr[ETH_ALEN];
1154 
1155 	bss = get_bss_ifindex(drv, ifindex);
1156 	if (bss &&
1157 	    linux_get_ifhwaddr(drv->global->ioctl_sock,
1158 			       bss->ifname, addr) < 0) {
1159 		wpa_printf(MSG_DEBUG,
1160 			   "nl80211: %s: failed to re-read MAC address",
1161 			   bss->ifname);
1162 	} else if (bss && os_memcmp(addr, bss->addr, ETH_ALEN) != 0) {
1163 		wpa_printf(MSG_DEBUG,
1164 			   "nl80211: Own MAC address on ifindex %d (%s) changed from "
1165 			   MACSTR " to " MACSTR,
1166 			   ifindex, bss->ifname,
1167 			   MAC2STR(bss->addr), MAC2STR(addr));
1168 		os_memcpy(bss->addr, addr, ETH_ALEN);
1169 		if (notify)
1170 			wpa_supplicant_event(drv->ctx,
1171 					     EVENT_INTERFACE_MAC_CHANGED, NULL);
1172 	}
1173 }
1174 
1175 
1176 static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
1177 						 struct ifinfomsg *ifi,
1178 						 u8 *buf, size_t len)
1179 {
1180 	struct nl80211_global *global = ctx;
1181 	struct wpa_driver_nl80211_data *drv;
1182 	int attrlen;
1183 	struct rtattr *attr;
1184 	u32 brid = 0;
1185 	char namebuf[IFNAMSIZ];
1186 	char ifname[IFNAMSIZ + 1];
1187 	char extra[100], *pos, *end;
1188 	int init_failed;
1189 
1190 	extra[0] = '\0';
1191 	pos = extra;
1192 	end = pos + sizeof(extra);
1193 	ifname[0] = '\0';
1194 
1195 	attrlen = len;
1196 	attr = (struct rtattr *) buf;
1197 	while (RTA_OK(attr, attrlen)) {
1198 		switch (attr->rta_type) {
1199 		case IFLA_IFNAME:
1200 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1201 				break;
1202 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1203 			ifname[RTA_PAYLOAD(attr)] = '\0';
1204 			break;
1205 		case IFLA_MASTER:
1206 			brid = nla_get_u32((struct nlattr *) attr);
1207 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1208 			break;
1209 		case IFLA_WIRELESS:
1210 			pos += os_snprintf(pos, end - pos, " wext");
1211 			break;
1212 		case IFLA_OPERSTATE:
1213 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1214 					   nla_get_u32((struct nlattr *) attr));
1215 			break;
1216 		case IFLA_LINKMODE:
1217 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1218 					   nla_get_u32((struct nlattr *) attr));
1219 			break;
1220 		}
1221 		attr = RTA_NEXT(attr, attrlen);
1222 	}
1223 	extra[sizeof(extra) - 1] = '\0';
1224 
1225 	wpa_printf(MSG_DEBUG, "RTM_NEWLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1226 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1227 		   ifi->ifi_flags,
1228 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1229 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1230 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1231 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1232 
1233 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, &init_failed);
1234 	if (!drv)
1235 		goto event_newlink;
1236 	if (init_failed)
1237 		return; /* do not update interface state */
1238 
1239 	if (!drv->if_disabled && !(ifi->ifi_flags & IFF_UP)) {
1240 		namebuf[0] = '\0';
1241 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1242 		    linux_iface_up(drv->global->ioctl_sock, namebuf) > 0) {
1243 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1244 				   "event since interface %s is up", namebuf);
1245 			drv->ignore_if_down_event = 0;
1246 			/* Re-read MAC address as it may have changed */
1247 			nl80211_refresh_mac(drv, ifi->ifi_index, 1);
1248 			return;
1249 		}
1250 		wpa_printf(MSG_DEBUG, "nl80211: Interface down (%s/%s)",
1251 			   namebuf, ifname);
1252 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1253 			wpa_printf(MSG_DEBUG,
1254 				   "nl80211: Not the main interface (%s) - do not indicate interface down",
1255 				   drv->first_bss->ifname);
1256 		} else if (drv->ignore_if_down_event) {
1257 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface down "
1258 				   "event generated by mode change");
1259 			drv->ignore_if_down_event = 0;
1260 		} else {
1261 			drv->if_disabled = 1;
1262 			wpa_supplicant_event(drv->ctx,
1263 					     EVENT_INTERFACE_DISABLED, NULL);
1264 
1265 			/*
1266 			 * Try to get drv again, since it may be removed as
1267 			 * part of the EVENT_INTERFACE_DISABLED handling for
1268 			 * dynamic interfaces
1269 			 */
1270 			drv = nl80211_find_drv(global, ifi->ifi_index,
1271 					       buf, len, NULL);
1272 			if (!drv)
1273 				return;
1274 		}
1275 	}
1276 
1277 	if (drv->if_disabled && (ifi->ifi_flags & IFF_UP)) {
1278 		namebuf[0] = '\0';
1279 		if (if_indextoname(ifi->ifi_index, namebuf) &&
1280 		    linux_iface_up(drv->global->ioctl_sock, namebuf) == 0) {
1281 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1282 				   "event since interface %s is down",
1283 				   namebuf);
1284 			return;
1285 		}
1286 		wpa_printf(MSG_DEBUG, "nl80211: Interface up (%s/%s)",
1287 			   namebuf, ifname);
1288 		if (os_strcmp(drv->first_bss->ifname, ifname) != 0) {
1289 			wpa_printf(MSG_DEBUG,
1290 				   "nl80211: Not the main interface (%s) - do not indicate interface up",
1291 				   drv->first_bss->ifname);
1292 		} else if (if_nametoindex(drv->first_bss->ifname) == 0) {
1293 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1294 				   "event since interface %s does not exist",
1295 				   drv->first_bss->ifname);
1296 		} else if (drv->if_removed) {
1297 			wpa_printf(MSG_DEBUG, "nl80211: Ignore interface up "
1298 				   "event since interface %s is marked "
1299 				   "removed", drv->first_bss->ifname);
1300 		} else {
1301 			/* Re-read MAC address as it may have changed */
1302 			nl80211_refresh_mac(drv, ifi->ifi_index, 0);
1303 
1304 			drv->if_disabled = 0;
1305 			wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED,
1306 					     NULL);
1307 		}
1308 	}
1309 
1310 	/*
1311 	 * Some drivers send the association event before the operup event--in
1312 	 * this case, lifting operstate in wpa_driver_nl80211_set_operstate()
1313 	 * fails. This will hit us when wpa_supplicant does not need to do
1314 	 * IEEE 802.1X authentication
1315 	 */
1316 	if (drv->operstate == 1 &&
1317 	    (ifi->ifi_flags & (IFF_LOWER_UP | IFF_DORMANT)) == IFF_LOWER_UP &&
1318 	    !(ifi->ifi_flags & IFF_RUNNING)) {
1319 		wpa_printf(MSG_DEBUG, "nl80211: Set IF_OPER_UP again based on ifi_flags and expected operstate");
1320 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
1321 				       -1, IF_OPER_UP);
1322 	}
1323 
1324 event_newlink:
1325 	if (ifname[0])
1326 		wpa_driver_nl80211_event_newlink(global, drv, ifi->ifi_index,
1327 						 ifname);
1328 
1329 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1330 		struct i802_bss *bss;
1331 
1332 		/* device has been added to bridge */
1333 		if (!if_indextoname(brid, namebuf)) {
1334 			wpa_printf(MSG_DEBUG,
1335 				   "nl80211: Could not find bridge ifname for ifindex %u",
1336 				   brid);
1337 			return;
1338 		}
1339 		wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
1340 			   brid, namebuf);
1341 		add_ifidx(drv, brid, ifi->ifi_index);
1342 
1343 		for (bss = drv->first_bss; bss; bss = bss->next) {
1344 			if (os_strcmp(ifname, bss->ifname) == 0) {
1345 				os_strlcpy(bss->brname, namebuf, IFNAMSIZ);
1346 				break;
1347 			}
1348 		}
1349 	}
1350 }
1351 
1352 
1353 static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
1354 						 struct ifinfomsg *ifi,
1355 						 u8 *buf, size_t len)
1356 {
1357 	struct nl80211_global *global = ctx;
1358 	struct wpa_driver_nl80211_data *drv;
1359 	int attrlen;
1360 	struct rtattr *attr;
1361 	u32 brid = 0;
1362 	char ifname[IFNAMSIZ + 1];
1363 	char extra[100], *pos, *end;
1364 
1365 	extra[0] = '\0';
1366 	pos = extra;
1367 	end = pos + sizeof(extra);
1368 	ifname[0] = '\0';
1369 
1370 	attrlen = len;
1371 	attr = (struct rtattr *) buf;
1372 	while (RTA_OK(attr, attrlen)) {
1373 		switch (attr->rta_type) {
1374 		case IFLA_IFNAME:
1375 			if (RTA_PAYLOAD(attr) > IFNAMSIZ)
1376 				break;
1377 			os_memcpy(ifname, RTA_DATA(attr), RTA_PAYLOAD(attr));
1378 			ifname[RTA_PAYLOAD(attr)] = '\0';
1379 			break;
1380 		case IFLA_MASTER:
1381 			brid = nla_get_u32((struct nlattr *) attr);
1382 			pos += os_snprintf(pos, end - pos, " master=%u", brid);
1383 			break;
1384 		case IFLA_OPERSTATE:
1385 			pos += os_snprintf(pos, end - pos, " operstate=%u",
1386 					   nla_get_u32((struct nlattr *) attr));
1387 			break;
1388 		case IFLA_LINKMODE:
1389 			pos += os_snprintf(pos, end - pos, " linkmode=%u",
1390 					   nla_get_u32((struct nlattr *) attr));
1391 			break;
1392 		}
1393 		attr = RTA_NEXT(attr, attrlen);
1394 	}
1395 	extra[sizeof(extra) - 1] = '\0';
1396 
1397 	wpa_printf(MSG_DEBUG, "RTM_DELLINK: ifi_index=%d ifname=%s%s ifi_family=%d ifi_flags=0x%x (%s%s%s%s)",
1398 		   ifi->ifi_index, ifname, extra, ifi->ifi_family,
1399 		   ifi->ifi_flags,
1400 		   (ifi->ifi_flags & IFF_UP) ? "[UP]" : "",
1401 		   (ifi->ifi_flags & IFF_RUNNING) ? "[RUNNING]" : "",
1402 		   (ifi->ifi_flags & IFF_LOWER_UP) ? "[LOWER_UP]" : "",
1403 		   (ifi->ifi_flags & IFF_DORMANT) ? "[DORMANT]" : "");
1404 
1405 	drv = nl80211_find_drv(global, ifi->ifi_index, buf, len, NULL);
1406 
1407 	if (ifi->ifi_family == AF_BRIDGE && brid && drv) {
1408 		/* device has been removed from bridge */
1409 		char namebuf[IFNAMSIZ];
1410 
1411 		if (!if_indextoname(brid, namebuf)) {
1412 			wpa_printf(MSG_DEBUG,
1413 				   "nl80211: Could not find bridge ifname for ifindex %u",
1414 				   brid);
1415 		} else {
1416 			wpa_printf(MSG_DEBUG,
1417 				   "nl80211: Remove ifindex %u for bridge %s",
1418 				   brid, namebuf);
1419 		}
1420 		del_ifidx(drv, brid, ifi->ifi_index);
1421 	}
1422 
1423 	if (ifi->ifi_family != AF_BRIDGE || !brid)
1424 		wpa_driver_nl80211_event_dellink(global, drv, ifi->ifi_index,
1425 						 ifname);
1426 }
1427 
1428 
1429 struct nl80211_get_assoc_freq_arg {
1430 	struct wpa_driver_nl80211_data *drv;
1431 	unsigned int assoc_freq;
1432 	unsigned int ibss_freq;
1433 	u8 assoc_bssid[ETH_ALEN];
1434 	u8 assoc_ssid[SSID_MAX_LEN];
1435 	u8 assoc_ssid_len;
1436 };
1437 
1438 static int nl80211_get_assoc_freq_handler(struct nl_msg *msg, void *arg)
1439 {
1440 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1441 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1442 	struct nlattr *bss[NL80211_BSS_MAX + 1];
1443 	static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
1444 		[NL80211_BSS_BSSID] = { .type = NLA_UNSPEC },
1445 		[NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
1446 		[NL80211_BSS_INFORMATION_ELEMENTS] = { .type = NLA_UNSPEC },
1447 		[NL80211_BSS_STATUS] = { .type = NLA_U32 },
1448 	};
1449 	struct nl80211_get_assoc_freq_arg *ctx = arg;
1450 	enum nl80211_bss_status status;
1451 
1452 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1453 		  genlmsg_attrlen(gnlh, 0), NULL);
1454 	if (!tb[NL80211_ATTR_BSS] ||
1455 	    nla_parse_nested(bss, NL80211_BSS_MAX, tb[NL80211_ATTR_BSS],
1456 			     bss_policy) ||
1457 	    !bss[NL80211_BSS_STATUS])
1458 		return NL_SKIP;
1459 
1460 	status = nla_get_u32(bss[NL80211_BSS_STATUS]);
1461 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1462 	    bss[NL80211_BSS_FREQUENCY]) {
1463 		ctx->assoc_freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1464 		wpa_printf(MSG_DEBUG, "nl80211: Associated on %u MHz",
1465 			   ctx->assoc_freq);
1466 	}
1467 	if (status == NL80211_BSS_STATUS_IBSS_JOINED &&
1468 	    bss[NL80211_BSS_FREQUENCY]) {
1469 		ctx->ibss_freq = nla_get_u32(bss[NL80211_BSS_FREQUENCY]);
1470 		wpa_printf(MSG_DEBUG, "nl80211: IBSS-joined on %u MHz",
1471 			   ctx->ibss_freq);
1472 	}
1473 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1474 	    bss[NL80211_BSS_BSSID]) {
1475 		os_memcpy(ctx->assoc_bssid,
1476 			  nla_data(bss[NL80211_BSS_BSSID]), ETH_ALEN);
1477 		wpa_printf(MSG_DEBUG, "nl80211: Associated with "
1478 			   MACSTR, MAC2STR(ctx->assoc_bssid));
1479 	}
1480 
1481 	if (status == NL80211_BSS_STATUS_ASSOCIATED &&
1482 	    bss[NL80211_BSS_INFORMATION_ELEMENTS]) {
1483 		const u8 *ie, *ssid;
1484 		size_t ie_len;
1485 
1486 		ie = nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1487 		ie_len = nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]);
1488 		ssid = get_ie(ie, ie_len, WLAN_EID_SSID);
1489 		if (ssid && ssid[1] > 0 && ssid[1] <= SSID_MAX_LEN) {
1490 			ctx->assoc_ssid_len = ssid[1];
1491 			os_memcpy(ctx->assoc_ssid, ssid + 2, ssid[1]);
1492 		}
1493 	}
1494 
1495 	return NL_SKIP;
1496 }
1497 
1498 
1499 int nl80211_get_assoc_ssid(struct wpa_driver_nl80211_data *drv, u8 *ssid)
1500 {
1501 	struct nl_msg *msg;
1502 	int ret;
1503 	struct nl80211_get_assoc_freq_arg arg;
1504 	int count = 0;
1505 
1506 try_again:
1507 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1508 	os_memset(&arg, 0, sizeof(arg));
1509 	arg.drv = drv;
1510 	ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
1511 				 &arg, NULL, NULL);
1512 	if (ret == -EAGAIN) {
1513 		count++;
1514 		if (count >= 10) {
1515 			wpa_printf(MSG_INFO,
1516 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid");
1517 		} else {
1518 			wpa_printf(MSG_DEBUG,
1519 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid - try again");
1520 			goto try_again;
1521 		}
1522 	}
1523 	if (ret == 0) {
1524 		os_memcpy(ssid, arg.assoc_ssid, arg.assoc_ssid_len);
1525 		return arg.assoc_ssid_len;
1526 	}
1527 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d (%s)",
1528 		   ret, strerror(-ret));
1529 	return ret;
1530 }
1531 
1532 
1533 unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
1534 {
1535 	struct nl_msg *msg;
1536 	int ret;
1537 	struct nl80211_get_assoc_freq_arg arg;
1538 	int count = 0;
1539 
1540 try_again:
1541 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
1542 	os_memset(&arg, 0, sizeof(arg));
1543 	arg.drv = drv;
1544 	ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
1545 				 &arg, NULL, NULL);
1546 	if (ret == -EAGAIN) {
1547 		count++;
1548 		if (count >= 10) {
1549 			wpa_printf(MSG_INFO,
1550 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq");
1551 		} else {
1552 			wpa_printf(MSG_DEBUG,
1553 				   "nl80211: Failed to receive consistent scan result dump for get_assoc_freq - try again");
1554 			goto try_again;
1555 		}
1556 	}
1557 	if (ret == 0) {
1558 		unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
1559 			arg.ibss_freq : arg.assoc_freq;
1560 		wpa_printf(MSG_DEBUG, "nl80211: Operating frequency for the "
1561 			   "associated BSS from scan results: %u MHz", freq);
1562 		if (freq)
1563 			drv->assoc_freq = freq;
1564 		return drv->assoc_freq;
1565 	}
1566 	wpa_printf(MSG_DEBUG, "nl80211: Scan result fetch failed: ret=%d "
1567 		   "(%s)", ret, strerror(-ret));
1568 	return drv->assoc_freq;
1569 }
1570 
1571 
1572 static int get_link_signal(struct nl_msg *msg, void *arg)
1573 {
1574 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1575 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1576 	struct nlattr *sinfo[NL80211_STA_INFO_MAX + 1];
1577 	static struct nla_policy policy[NL80211_STA_INFO_MAX + 1] = {
1578 		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
1579 		[NL80211_STA_INFO_SIGNAL_AVG] = { .type = NLA_U8 },
1580 		[NL80211_STA_INFO_BEACON_SIGNAL_AVG] = { .type = NLA_U8 },
1581 	};
1582 	struct nlattr *rinfo[NL80211_RATE_INFO_MAX + 1];
1583 	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
1584 		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
1585 		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
1586 		[NL80211_RATE_INFO_40_MHZ_WIDTH] = { .type = NLA_FLAG },
1587 		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
1588 	};
1589 	struct wpa_signal_info *sig_change = arg;
1590 
1591 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1592 		  genlmsg_attrlen(gnlh, 0), NULL);
1593 	if (!tb[NL80211_ATTR_STA_INFO] ||
1594 	    nla_parse_nested(sinfo, NL80211_STA_INFO_MAX,
1595 			     tb[NL80211_ATTR_STA_INFO], policy))
1596 		return NL_SKIP;
1597 	if (!sinfo[NL80211_STA_INFO_SIGNAL])
1598 		return NL_SKIP;
1599 
1600 	sig_change->current_signal =
1601 		(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL]);
1602 
1603 	if (sinfo[NL80211_STA_INFO_SIGNAL_AVG])
1604 		sig_change->avg_signal =
1605 			(s8) nla_get_u8(sinfo[NL80211_STA_INFO_SIGNAL_AVG]);
1606 	else
1607 		sig_change->avg_signal = 0;
1608 
1609 	if (sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG])
1610 		sig_change->avg_beacon_signal =
1611 			(s8)
1612 			nla_get_u8(sinfo[NL80211_STA_INFO_BEACON_SIGNAL_AVG]);
1613 	else
1614 		sig_change->avg_beacon_signal = 0;
1615 
1616 	if (sinfo[NL80211_STA_INFO_TX_BITRATE]) {
1617 		if (nla_parse_nested(rinfo, NL80211_RATE_INFO_MAX,
1618 				     sinfo[NL80211_STA_INFO_TX_BITRATE],
1619 				     rate_policy)) {
1620 			sig_change->current_txrate = 0;
1621 		} else {
1622 			if (rinfo[NL80211_RATE_INFO_BITRATE]) {
1623 				sig_change->current_txrate =
1624 					nla_get_u16(rinfo[
1625 					     NL80211_RATE_INFO_BITRATE]) * 100;
1626 			}
1627 		}
1628 	}
1629 
1630 	return NL_SKIP;
1631 }
1632 
1633 
1634 int nl80211_get_link_signal(struct wpa_driver_nl80211_data *drv,
1635 			    struct wpa_signal_info *sig)
1636 {
1637 	struct nl_msg *msg;
1638 
1639 	sig->current_signal = -WPA_INVALID_NOISE;
1640 	sig->current_txrate = 0;
1641 
1642 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_STATION)) ||
1643 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid)) {
1644 		nlmsg_free(msg);
1645 		return -ENOBUFS;
1646 	}
1647 
1648 	return send_and_recv_msgs(drv, msg, get_link_signal, sig, NULL, NULL);
1649 }
1650 
1651 
1652 static int get_link_noise(struct nl_msg *msg, void *arg)
1653 {
1654 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
1655 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1656 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
1657 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
1658 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
1659 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
1660 	};
1661 	struct wpa_signal_info *sig_change = arg;
1662 
1663 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1664 		  genlmsg_attrlen(gnlh, 0), NULL);
1665 
1666 	if (!tb[NL80211_ATTR_SURVEY_INFO]) {
1667 		wpa_printf(MSG_DEBUG, "nl80211: survey data missing!");
1668 		return NL_SKIP;
1669 	}
1670 
1671 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
1672 			     tb[NL80211_ATTR_SURVEY_INFO],
1673 			     survey_policy)) {
1674 		wpa_printf(MSG_DEBUG, "nl80211: failed to parse nested "
1675 			   "attributes!");
1676 		return NL_SKIP;
1677 	}
1678 
1679 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY])
1680 		return NL_SKIP;
1681 
1682 	if (nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]) !=
1683 	    sig_change->frequency)
1684 		return NL_SKIP;
1685 
1686 	if (!sinfo[NL80211_SURVEY_INFO_NOISE])
1687 		return NL_SKIP;
1688 
1689 	sig_change->current_noise =
1690 		(s8) nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
1691 
1692 	return NL_SKIP;
1693 }
1694 
1695 
1696 int nl80211_get_link_noise(struct wpa_driver_nl80211_data *drv,
1697 			   struct wpa_signal_info *sig_change)
1698 {
1699 	struct nl_msg *msg;
1700 
1701 	sig_change->current_noise = WPA_INVALID_NOISE;
1702 	sig_change->frequency = drv->assoc_freq;
1703 
1704 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
1705 	return send_and_recv_msgs(drv, msg, get_link_noise, sig_change,
1706 				  NULL, NULL);
1707 }
1708 
1709 
1710 static int get_channel_info(struct nl_msg *msg, void *arg)
1711 {
1712 	struct nlattr *tb[NL80211_ATTR_MAX + 1] = { 0 };
1713 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1714 	struct wpa_channel_info *chan_info = arg;
1715 
1716 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1717 		  genlmsg_attrlen(gnlh, 0), NULL);
1718 
1719 	os_memset(chan_info, 0, sizeof(struct wpa_channel_info));
1720 	chan_info->chanwidth = CHAN_WIDTH_UNKNOWN;
1721 
1722 	if (tb[NL80211_ATTR_WIPHY_FREQ])
1723 		chan_info->frequency =
1724 			nla_get_u32(tb[NL80211_ATTR_WIPHY_FREQ]);
1725 	if (tb[NL80211_ATTR_CHANNEL_WIDTH])
1726 		chan_info->chanwidth = convert2width(
1727 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
1728 	if (tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
1729 		enum nl80211_channel_type ct =
1730 			nla_get_u32(tb[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
1731 
1732 		switch (ct) {
1733 		case NL80211_CHAN_HT40MINUS:
1734 			chan_info->sec_channel = -1;
1735 			break;
1736 		case NL80211_CHAN_HT40PLUS:
1737 			chan_info->sec_channel = 1;
1738 			break;
1739 		default:
1740 			chan_info->sec_channel = 0;
1741 			break;
1742 		}
1743 	}
1744 	if (tb[NL80211_ATTR_CENTER_FREQ1])
1745 		chan_info->center_frq1 =
1746 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
1747 	if (tb[NL80211_ATTR_CENTER_FREQ2])
1748 		chan_info->center_frq2 =
1749 			nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
1750 
1751 	if (chan_info->center_frq2) {
1752 		u8 seg1_idx = 0;
1753 
1754 		if (ieee80211_freq_to_chan(chan_info->center_frq2, &seg1_idx) !=
1755 		    NUM_HOSTAPD_MODES)
1756 			chan_info->seg1_idx = seg1_idx;
1757 	}
1758 
1759 	return NL_SKIP;
1760 }
1761 
1762 
1763 static int nl80211_channel_info(void *priv, struct wpa_channel_info *ci)
1764 {
1765 	struct i802_bss *bss = priv;
1766 	struct wpa_driver_nl80211_data *drv = bss->drv;
1767 	struct nl_msg *msg;
1768 
1769 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
1770 	return send_and_recv_msgs(drv, msg, get_channel_info, ci, NULL, NULL);
1771 }
1772 
1773 
1774 static void wpa_driver_nl80211_event_receive(int sock, void *eloop_ctx,
1775 					     void *handle)
1776 {
1777 	struct nl_cb *cb = eloop_ctx;
1778 	int res;
1779 
1780 	wpa_printf(MSG_MSGDUMP, "nl80211: Event message available");
1781 
1782 	res = nl_recvmsgs(handle, cb);
1783 	if (res < 0) {
1784 		wpa_printf(MSG_INFO, "nl80211: %s->nl_recvmsgs failed: %d",
1785 			   __func__, res);
1786 	}
1787 }
1788 
1789 
1790 /**
1791  * wpa_driver_nl80211_set_country - ask nl80211 to set the regulatory domain
1792  * @priv: driver_nl80211 private data
1793  * @alpha2_arg: country to which to switch to
1794  * Returns: 0 on success, -1 on failure
1795  *
1796  * This asks nl80211 to set the regulatory domain for given
1797  * country ISO / IEC alpha2.
1798  */
1799 static int wpa_driver_nl80211_set_country(void *priv, const char *alpha2_arg)
1800 {
1801 	struct i802_bss *bss = priv;
1802 	struct wpa_driver_nl80211_data *drv = bss->drv;
1803 	char alpha2[3];
1804 	struct nl_msg *msg;
1805 
1806 	msg = nlmsg_alloc();
1807 	if (!msg)
1808 		return -ENOMEM;
1809 
1810 	alpha2[0] = alpha2_arg[0];
1811 	alpha2[1] = alpha2_arg[1];
1812 	alpha2[2] = '\0';
1813 
1814 	if (!nl80211_cmd(drv, msg, 0, NL80211_CMD_REQ_SET_REG) ||
1815 	    nla_put_string(msg, NL80211_ATTR_REG_ALPHA2, alpha2)) {
1816 		nlmsg_free(msg);
1817 		return -EINVAL;
1818 	}
1819 	if (send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL))
1820 		return -EINVAL;
1821 	return 0;
1822 }
1823 
1824 
1825 static int nl80211_get_country(struct nl_msg *msg, void *arg)
1826 {
1827 	char *alpha2 = arg;
1828 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
1829 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
1830 
1831 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
1832 		  genlmsg_attrlen(gnlh, 0), NULL);
1833 	if (!tb_msg[NL80211_ATTR_REG_ALPHA2]) {
1834 		wpa_printf(MSG_DEBUG, "nl80211: No country information available");
1835 		return NL_SKIP;
1836 	}
1837 	os_strlcpy(alpha2, nla_data(tb_msg[NL80211_ATTR_REG_ALPHA2]), 3);
1838 	return NL_SKIP;
1839 }
1840 
1841 
1842 static int wpa_driver_nl80211_get_country(void *priv, char *alpha2)
1843 {
1844 	struct i802_bss *bss = priv;
1845 	struct wpa_driver_nl80211_data *drv = bss->drv;
1846 	struct nl_msg *msg;
1847 	int ret;
1848 
1849 	msg = nlmsg_alloc();
1850 	if (!msg)
1851 		return -ENOMEM;
1852 
1853 	nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG);
1854 	alpha2[0] = '\0';
1855 	ret = send_and_recv_msgs(drv, msg, nl80211_get_country, alpha2,
1856 				 NULL, NULL);
1857 	if (!alpha2[0])
1858 		ret = -1;
1859 
1860 	return ret;
1861 }
1862 
1863 
1864 static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
1865 {
1866 	int ret;
1867 
1868 	global->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
1869 	if (global->nl_cb == NULL) {
1870 		wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
1871 			   "callbacks");
1872 		return -1;
1873 	}
1874 
1875 	global->nl = nl_create_handle(global->nl_cb, "nl");
1876 	if (global->nl == NULL)
1877 		goto err;
1878 
1879 	global->nl80211_id = genl_ctrl_resolve(global->nl, "nl80211");
1880 	if (global->nl80211_id < 0) {
1881 		wpa_printf(MSG_ERROR, "nl80211: 'nl80211' generic netlink not "
1882 			   "found");
1883 		goto err;
1884 	}
1885 
1886 	global->nl_event = nl_create_handle(global->nl_cb, "event");
1887 	if (global->nl_event == NULL)
1888 		goto err;
1889 
1890 	ret = nl_get_multicast_id(global, "nl80211", "scan");
1891 	if (ret >= 0)
1892 		ret = nl_socket_add_membership(global->nl_event, ret);
1893 	if (ret < 0) {
1894 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1895 			   "membership for scan events: %d (%s)",
1896 			   ret, nl_geterror(ret));
1897 		goto err;
1898 	}
1899 
1900 	ret = nl_get_multicast_id(global, "nl80211", "mlme");
1901 	if (ret >= 0)
1902 		ret = nl_socket_add_membership(global->nl_event, ret);
1903 	if (ret < 0) {
1904 		wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
1905 			   "membership for mlme events: %d (%s)",
1906 			   ret, nl_geterror(ret));
1907 		goto err;
1908 	}
1909 
1910 	ret = nl_get_multicast_id(global, "nl80211", "regulatory");
1911 	if (ret >= 0)
1912 		ret = nl_socket_add_membership(global->nl_event, ret);
1913 	if (ret < 0) {
1914 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1915 			   "membership for regulatory events: %d (%s)",
1916 			   ret, nl_geterror(ret));
1917 		/* Continue without regulatory events */
1918 	}
1919 
1920 	ret = nl_get_multicast_id(global, "nl80211", "vendor");
1921 	if (ret >= 0)
1922 		ret = nl_socket_add_membership(global->nl_event, ret);
1923 	if (ret < 0) {
1924 		wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
1925 			   "membership for vendor events: %d (%s)",
1926 			   ret, nl_geterror(ret));
1927 		/* Continue without vendor events */
1928 	}
1929 
1930 	nl_cb_set(global->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
1931 		  no_seq_check, NULL);
1932 	nl_cb_set(global->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
1933 		  process_global_event, global);
1934 
1935 	nl80211_register_eloop_read(&global->nl_event,
1936 				    wpa_driver_nl80211_event_receive,
1937 				    global->nl_cb, 0);
1938 
1939 	return 0;
1940 
1941 err:
1942 	nl_destroy_handles(&global->nl_event);
1943 	nl_destroy_handles(&global->nl);
1944 	nl_cb_put(global->nl_cb);
1945 	global->nl_cb = NULL;
1946 	return -1;
1947 }
1948 
1949 
1950 static void nl80211_check_global(struct nl80211_global *global)
1951 {
1952 	struct nl_sock *handle;
1953 	const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
1954 	int ret;
1955 	unsigned int i;
1956 
1957 	/*
1958 	 * Try to re-add memberships to handle case of cfg80211 getting reloaded
1959 	 * and all registration having been cleared.
1960 	 */
1961 	handle = (void *) (((intptr_t) global->nl_event) ^
1962 			   ELOOP_SOCKET_INVALID);
1963 
1964 	for (i = 0; groups[i]; i++) {
1965 		ret = nl_get_multicast_id(global, "nl80211", groups[i]);
1966 		if (ret >= 0)
1967 			ret = nl_socket_add_membership(handle, ret);
1968 		if (ret < 0) {
1969 			wpa_printf(MSG_INFO,
1970 				   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
1971 				   groups[i], ret, nl_geterror(ret));
1972 		}
1973 	}
1974 }
1975 
1976 
1977 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
1978 {
1979 	struct wpa_driver_nl80211_data *drv = ctx;
1980 
1981 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
1982 
1983 	/*
1984 	 * rtnetlink ifdown handler will report interfaces other than the P2P
1985 	 * Device interface as disabled.
1986 	 */
1987 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
1988 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_DISABLED, NULL);
1989 }
1990 
1991 
1992 static void wpa_driver_nl80211_rfkill_unblocked(void *ctx)
1993 {
1994 	struct wpa_driver_nl80211_data *drv = ctx;
1995 	wpa_printf(MSG_DEBUG, "nl80211: RFKILL unblocked");
1996 	if (i802_set_iface_flags(drv->first_bss, 1)) {
1997 		wpa_printf(MSG_DEBUG, "nl80211: Could not set interface UP "
1998 			   "after rfkill unblock");
1999 		return;
2000 	}
2001 
2002 	if (is_p2p_net_interface(drv->nlmode))
2003 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
2004 
2005 	/*
2006 	 * rtnetlink ifup handler will report interfaces other than the P2P
2007 	 * Device interface as enabled.
2008 	 */
2009 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
2010 		wpa_supplicant_event(drv->ctx, EVENT_INTERFACE_ENABLED, NULL);
2011 }
2012 
2013 
2014 static void wpa_driver_nl80211_handle_eapol_tx_status(int sock,
2015 						      void *eloop_ctx,
2016 						      void *handle)
2017 {
2018 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
2019 	u8 data[2048];
2020 	struct msghdr msg;
2021 	struct iovec entry;
2022 	u8 control[512];
2023 	struct cmsghdr *cmsg;
2024 	int res, found_ee = 0, found_wifi = 0, acked = 0;
2025 	union wpa_event_data event;
2026 
2027 	memset(&msg, 0, sizeof(msg));
2028 	msg.msg_iov = &entry;
2029 	msg.msg_iovlen = 1;
2030 	entry.iov_base = data;
2031 	entry.iov_len = sizeof(data);
2032 	msg.msg_control = &control;
2033 	msg.msg_controllen = sizeof(control);
2034 
2035 	res = recvmsg(sock, &msg, MSG_ERRQUEUE);
2036 	/* if error or not fitting 802.3 header, return */
2037 	if (res < 14)
2038 		return;
2039 
2040 	for (cmsg = CMSG_FIRSTHDR(&msg); cmsg; cmsg = CMSG_NXTHDR(&msg, cmsg))
2041 	{
2042 		if (cmsg->cmsg_level == SOL_SOCKET &&
2043 		    cmsg->cmsg_type == SCM_WIFI_STATUS) {
2044 			int *ack;
2045 
2046 			found_wifi = 1;
2047 			ack = (void *)CMSG_DATA(cmsg);
2048 			acked = *ack;
2049 		}
2050 
2051 		if (cmsg->cmsg_level == SOL_PACKET &&
2052 		    cmsg->cmsg_type == PACKET_TX_TIMESTAMP) {
2053 			struct sock_extended_err *err =
2054 				(struct sock_extended_err *)CMSG_DATA(cmsg);
2055 
2056 			if (err->ee_origin == SO_EE_ORIGIN_TXSTATUS)
2057 				found_ee = 1;
2058 		}
2059 	}
2060 
2061 	if (!found_ee || !found_wifi)
2062 		return;
2063 
2064 	memset(&event, 0, sizeof(event));
2065 	event.eapol_tx_status.dst = data;
2066 	event.eapol_tx_status.data = data + 14;
2067 	event.eapol_tx_status.data_len = res - 14;
2068 	event.eapol_tx_status.ack = acked;
2069 	wpa_supplicant_event(drv->ctx, EVENT_EAPOL_TX_STATUS, &event);
2070 }
2071 
2072 
2073 static int nl80211_init_connect_handle(struct i802_bss *bss)
2074 {
2075 	if (bss->nl_connect) {
2076 		wpa_printf(MSG_DEBUG,
2077 			   "nl80211: Connect handle already created (nl_connect=%p)",
2078 			   bss->nl_connect);
2079 		return -1;
2080 	}
2081 
2082 	bss->nl_connect = nl_create_handle(bss->nl_cb, "connect");
2083 	if (!bss->nl_connect)
2084 		return -1;
2085 	nl80211_register_eloop_read(&bss->nl_connect,
2086 				    wpa_driver_nl80211_event_receive,
2087 				    bss->nl_cb, 1);
2088 	return 0;
2089 }
2090 
2091 
2092 static int nl80211_init_bss(struct i802_bss *bss)
2093 {
2094 	bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
2095 	if (!bss->nl_cb)
2096 		return -1;
2097 
2098 	nl_cb_set(bss->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
2099 		  no_seq_check, NULL);
2100 	nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
2101 		  process_bss_event, bss);
2102 
2103 	nl80211_init_connect_handle(bss);
2104 
2105 	return 0;
2106 }
2107 
2108 
2109 static void nl80211_destroy_bss(struct i802_bss *bss)
2110 {
2111 	nl_cb_put(bss->nl_cb);
2112 	bss->nl_cb = NULL;
2113 
2114 	if (bss->nl_connect)
2115 		nl80211_destroy_eloop_handle(&bss->nl_connect, 1);
2116 }
2117 
2118 
2119 static void
2120 wpa_driver_nl80211_drv_init_rfkill(struct wpa_driver_nl80211_data *drv)
2121 {
2122 	struct rfkill_config *rcfg;
2123 
2124 	if (drv->rfkill)
2125 		return;
2126 
2127 	rcfg = os_zalloc(sizeof(*rcfg));
2128 	if (!rcfg)
2129 		return;
2130 
2131 	rcfg->ctx = drv;
2132 
2133 	/* rfkill uses netdev sysfs for initialization. However, P2P Device is
2134 	 * not associated with a netdev, so use the name of some other interface
2135 	 * sharing the same wiphy as the P2P Device interface.
2136 	 *
2137 	 * Note: This is valid, as a P2P Device interface is always dynamically
2138 	 * created and is created only once another wpa_s interface was added.
2139 	 */
2140 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) {
2141 		struct nl80211_global *global = drv->global;
2142 		struct wpa_driver_nl80211_data *tmp1;
2143 
2144 		dl_list_for_each(tmp1, &global->interfaces,
2145 				 struct wpa_driver_nl80211_data, list) {
2146 			if (drv == tmp1 || drv->wiphy_idx != tmp1->wiphy_idx ||
2147 			    !tmp1->rfkill)
2148 				continue;
2149 
2150 			wpa_printf(MSG_DEBUG,
2151 				   "nl80211: Use (%s) to initialize P2P Device rfkill",
2152 				   tmp1->first_bss->ifname);
2153 			os_strlcpy(rcfg->ifname, tmp1->first_bss->ifname,
2154 				   sizeof(rcfg->ifname));
2155 			break;
2156 		}
2157 	} else {
2158 		os_strlcpy(rcfg->ifname, drv->first_bss->ifname,
2159 			   sizeof(rcfg->ifname));
2160 	}
2161 
2162 	rcfg->blocked_cb = wpa_driver_nl80211_rfkill_blocked;
2163 	rcfg->unblocked_cb = wpa_driver_nl80211_rfkill_unblocked;
2164 	drv->rfkill = rfkill_init(rcfg);
2165 	if (!drv->rfkill) {
2166 		wpa_printf(MSG_DEBUG, "nl80211: RFKILL status not available");
2167 		os_free(rcfg);
2168 	}
2169 }
2170 
2171 
2172 static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
2173 					  void *global_priv, int hostapd,
2174 					  const u8 *set_addr,
2175 					  const char *driver_params)
2176 {
2177 	struct wpa_driver_nl80211_data *drv;
2178 	struct i802_bss *bss;
2179 
2180 	if (global_priv == NULL)
2181 		return NULL;
2182 	drv = os_zalloc(sizeof(*drv));
2183 	if (drv == NULL)
2184 		return NULL;
2185 	drv->global = global_priv;
2186 	drv->ctx = ctx;
2187 	drv->hostapd = !!hostapd;
2188 	drv->eapol_sock = -1;
2189 
2190 	/*
2191 	 * There is no driver capability flag for this, so assume it is
2192 	 * supported and disable this on first attempt to use if the driver
2193 	 * rejects the command due to missing support.
2194 	 */
2195 	drv->set_rekey_offload = 1;
2196 
2197 	drv->num_if_indices = ARRAY_SIZE(drv->default_if_indices);
2198 	drv->if_indices = drv->default_if_indices;
2199 
2200 	drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
2201 	if (!drv->first_bss) {
2202 		os_free(drv);
2203 		return NULL;
2204 	}
2205 	bss = drv->first_bss;
2206 	bss->drv = drv;
2207 	bss->ctx = ctx;
2208 
2209 	os_strlcpy(bss->ifname, ifname, sizeof(bss->ifname));
2210 	drv->monitor_ifidx = -1;
2211 	drv->monitor_sock = -1;
2212 	drv->eapol_tx_sock = -1;
2213 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
2214 
2215 	if (nl80211_init_bss(bss))
2216 		goto failed;
2217 
2218 	if (wpa_driver_nl80211_finish_drv_init(drv, set_addr, 1, driver_params))
2219 		goto failed;
2220 
2221 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS) {
2222 		drv->control_port_ap = 1;
2223 		goto skip_wifi_status;
2224 	}
2225 
2226 	drv->eapol_tx_sock = socket(PF_PACKET, SOCK_DGRAM, 0);
2227 	if (drv->eapol_tx_sock < 0)
2228 		goto failed;
2229 
2230 	if (drv->data_tx_status) {
2231 		int enabled = 1;
2232 
2233 		if (setsockopt(drv->eapol_tx_sock, SOL_SOCKET, SO_WIFI_STATUS,
2234 			       &enabled, sizeof(enabled)) < 0) {
2235 			wpa_printf(MSG_DEBUG,
2236 				   "nl80211: wifi status sockopt failed: %s",
2237 				   strerror(errno));
2238 			drv->data_tx_status = 0;
2239 			if (!drv->use_monitor)
2240 				drv->capa.flags &=
2241 					~WPA_DRIVER_FLAGS_EAPOL_TX_STATUS;
2242 		} else {
2243 			eloop_register_read_sock(
2244 				drv->eapol_tx_sock,
2245 				wpa_driver_nl80211_handle_eapol_tx_status,
2246 				drv, NULL);
2247 		}
2248 	}
2249 skip_wifi_status:
2250 
2251 	if (drv->global) {
2252 		nl80211_check_global(drv->global);
2253 		dl_list_add(&drv->global->interfaces, &drv->list);
2254 		drv->in_interface_list = 1;
2255 	}
2256 
2257 	return bss;
2258 
2259 failed:
2260 	wpa_driver_nl80211_deinit(bss);
2261 	return NULL;
2262 }
2263 
2264 
2265 /**
2266  * wpa_driver_nl80211_init - Initialize nl80211 driver interface
2267  * @ctx: context to be used when calling wpa_supplicant functions,
2268  * e.g., wpa_supplicant_event()
2269  * @ifname: interface name, e.g., wlan0
2270  * @global_priv: private driver global data from global_init()
2271  * Returns: Pointer to private data, %NULL on failure
2272  */
2273 static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
2274 				      void *global_priv)
2275 {
2276 	return wpa_driver_nl80211_drv_init(ctx, ifname, global_priv, 0, NULL,
2277 					   NULL);
2278 }
2279 
2280 
2281 static int nl80211_register_frame(struct i802_bss *bss,
2282 				  struct nl_sock *nl_handle,
2283 				  u16 type, const u8 *match, size_t match_len,
2284 				  bool multicast)
2285 {
2286 	struct wpa_driver_nl80211_data *drv = bss->drv;
2287 	struct nl_msg *msg;
2288 	int ret;
2289 	char buf[30];
2290 
2291 	buf[0] = '\0';
2292 	wpa_snprintf_hex(buf, sizeof(buf), match, match_len);
2293 	wpa_printf(MSG_DEBUG,
2294 		   "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s multicast=%d",
2295 		   type, fc2str(type), nl_handle, buf, multicast);
2296 
2297 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_FRAME)) ||
2298 	    (multicast && nla_put_flag(msg, NL80211_ATTR_RECEIVE_MULTICAST)) ||
2299 	    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, type) ||
2300 	    nla_put(msg, NL80211_ATTR_FRAME_MATCH, match_len, match)) {
2301 		nlmsg_free(msg);
2302 		return -1;
2303 	}
2304 
2305 	ret = send_and_recv(drv->global, nl_handle, msg, NULL, NULL,
2306 			    NULL, NULL);
2307 	if (ret) {
2308 		wpa_printf(MSG_DEBUG, "nl80211: Register frame command "
2309 			   "failed (type=%u): ret=%d (%s)",
2310 			   type, ret, strerror(-ret));
2311 		wpa_hexdump(MSG_DEBUG, "nl80211: Register frame match",
2312 			    match, match_len);
2313 	}
2314 	return ret;
2315 }
2316 
2317 
2318 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
2319 {
2320 	if (bss->nl_mgmt) {
2321 		wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
2322 			   "already on! (nl_mgmt=%p)", bss->nl_mgmt);
2323 		return -1;
2324 	}
2325 
2326 	bss->nl_mgmt = nl_create_handle(bss->nl_cb, "mgmt");
2327 	if (bss->nl_mgmt == NULL)
2328 		return -1;
2329 
2330 	return 0;
2331 }
2332 
2333 
2334 static void nl80211_mgmt_handle_register_eloop(struct i802_bss *bss)
2335 {
2336 	nl80211_register_eloop_read(&bss->nl_mgmt,
2337 				    wpa_driver_nl80211_event_receive,
2338 				    bss->nl_cb, 0);
2339 }
2340 
2341 
2342 static int nl80211_register_action_frame(struct i802_bss *bss,
2343 					 const u8 *match, size_t match_len)
2344 {
2345 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
2346 	return nl80211_register_frame(bss, bss->nl_mgmt,
2347 				      type, match, match_len, false);
2348 }
2349 
2350 
2351 static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
2352 {
2353 	struct wpa_driver_nl80211_data *drv = bss->drv;
2354 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2355 	int ret = 0;
2356 
2357 	if (nl80211_alloc_mgmt_handle(bss))
2358 		return -1;
2359 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with non-AP "
2360 		   "handle %p", bss->nl_mgmt);
2361 
2362 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
2363 		/* register for any AUTH message */
2364 		nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0, false);
2365 	} else if ((drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
2366 		   !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
2367 		/* register for SAE Authentication frames */
2368 		nl80211_register_frame(bss, bss->nl_mgmt, type,
2369 				       (u8 *) "\x03\x00", 2, false);
2370 	}
2371 
2372 #ifdef CONFIG_PASN
2373 	/* register for PASN Authentication frames */
2374 	if ((drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
2375 	    nl80211_register_frame(bss, bss->nl_mgmt, type,
2376 				   (u8 *) "\x07\x00", 2, false))
2377 		ret = -1;
2378 #endif /* CONFIG_PASN */
2379 
2380 #ifdef CONFIG_INTERWORKING
2381 	/* QoS Map Configure */
2382 	if (nl80211_register_action_frame(bss, (u8 *) "\x01\x04", 2) < 0)
2383 		ret = -1;
2384 #endif /* CONFIG_INTERWORKING */
2385 #if defined(CONFIG_P2P) || defined(CONFIG_INTERWORKING) || defined(CONFIG_DPP)
2386 	/* GAS Initial Request */
2387 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0a", 2) < 0)
2388 		ret = -1;
2389 	/* GAS Initial Response */
2390 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0b", 2) < 0)
2391 		ret = -1;
2392 	/* GAS Comeback Request */
2393 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0c", 2) < 0)
2394 		ret = -1;
2395 	/* GAS Comeback Response */
2396 	if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0d", 2) < 0)
2397 		ret = -1;
2398 	/* Protected GAS Initial Request */
2399 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0a", 2) < 0)
2400 		ret = -1;
2401 	/* Protected GAS Initial Response */
2402 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0b", 2) < 0)
2403 		ret = -1;
2404 	/* Protected GAS Comeback Request */
2405 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0c", 2) < 0)
2406 		ret = -1;
2407 	/* Protected GAS Comeback Response */
2408 	if (nl80211_register_action_frame(bss, (u8 *) "\x09\x0d", 2) < 0)
2409 		ret = -1;
2410 #endif /* CONFIG_P2P || CONFIG_INTERWORKING || CONFIG_DPP */
2411 #ifdef CONFIG_P2P
2412 	/* P2P Public Action */
2413 	if (nl80211_register_action_frame(bss,
2414 					  (u8 *) "\x04\x09\x50\x6f\x9a\x09",
2415 					  6) < 0)
2416 		ret = -1;
2417 	/* P2P Action */
2418 	if (nl80211_register_action_frame(bss,
2419 					  (u8 *) "\x7f\x50\x6f\x9a\x09",
2420 					  5) < 0)
2421 		ret = -1;
2422 #endif /* CONFIG_P2P */
2423 #ifdef CONFIG_DPP
2424 	/* DPP Public Action */
2425 	if (nl80211_register_action_frame(bss,
2426 					  (u8 *) "\x04\x09\x50\x6f\x9a\x1a",
2427 					  6) < 0)
2428 		ret = -1;
2429 #endif /* CONFIG_DPP */
2430 #ifdef CONFIG_OCV
2431 	/* SA Query Request */
2432 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0)
2433 		ret = -1;
2434 #endif /* CONFIG_OCV */
2435 	/* SA Query Response */
2436 	if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
2437 		ret = -1;
2438 #ifdef CONFIG_TDLS
2439 	if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
2440 		/* TDLS Discovery Response */
2441 		if (nl80211_register_action_frame(bss, (u8 *) "\x04\x0e", 2) <
2442 		    0)
2443 			ret = -1;
2444 	}
2445 #endif /* CONFIG_TDLS */
2446 #ifdef CONFIG_FST
2447 	/* FST Action frames */
2448 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2449 		ret = -1;
2450 #endif /* CONFIG_FST */
2451 
2452 	/* FT Action frames */
2453 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2454 		ret = -1;
2455 	else if (!drv->has_driver_key_mgmt) {
2456 		int i;
2457 
2458 		/* Update supported AKMs only if the driver doesn't advertize
2459 		 * any AKM capabilities. */
2460 		drv->capa.key_mgmt |= WPA_DRIVER_CAPA_KEY_MGMT_FT |
2461 			WPA_DRIVER_CAPA_KEY_MGMT_FT_PSK;
2462 
2463 		/* Update per interface supported AKMs */
2464 		for (i = 0; i < WPA_IF_MAX; i++)
2465 			drv->capa.key_mgmt_iftype[i] = drv->capa.key_mgmt;
2466 	}
2467 
2468 	/* WNM - BSS Transition Management Request */
2469 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x07", 2) < 0)
2470 		ret = -1;
2471 	/* WNM-Sleep Mode Response */
2472 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x11", 2) < 0)
2473 		ret = -1;
2474 #ifdef CONFIG_WNM
2475 	/* WNM - Collocated Interference Request */
2476 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x0b", 2) < 0)
2477 		ret = -1;
2478 #endif /* CONFIG_WNM */
2479 
2480 #ifdef CONFIG_HS20
2481 	/* WNM-Notification */
2482 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a\x1a", 2) < 0)
2483 		ret = -1;
2484 #endif /* CONFIG_HS20 */
2485 
2486 	/* WMM-AC ADDTS Response */
2487 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x01", 2) < 0)
2488 		ret = -1;
2489 
2490 	/* WMM-AC DELTS */
2491 	if (nl80211_register_action_frame(bss, (u8 *) "\x11\x02", 2) < 0)
2492 		ret = -1;
2493 
2494 	/* Radio Measurement - Neighbor Report Response */
2495 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x05", 2) < 0)
2496 		ret = -1;
2497 
2498 	/* Radio Measurement - Radio Measurement Request */
2499 	if  (!drv->no_rrm &&
2500 	     nl80211_register_action_frame(bss, (u8 *) "\x05\x00", 2) < 0)
2501 		ret = -1;
2502 
2503 	/* Radio Measurement - Link Measurement Request */
2504 	if ((drv->capa.rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION) &&
2505 	    (nl80211_register_action_frame(bss, (u8 *) "\x05\x02", 2) < 0))
2506 		ret = -1;
2507 
2508 	/* Robust AV MSCS Response */
2509 	if (nl80211_register_action_frame(bss, (u8 *) "\x13\x05", 2) < 0)
2510 		ret = -1;
2511 
2512 	nl80211_mgmt_handle_register_eloop(bss);
2513 
2514 	return ret;
2515 }
2516 
2517 
2518 static int nl80211_mgmt_subscribe_mesh(struct i802_bss *bss)
2519 {
2520 	int ret = 0;
2521 
2522 	if (nl80211_alloc_mgmt_handle(bss))
2523 		return -1;
2524 
2525 	wpa_printf(MSG_DEBUG,
2526 		   "nl80211: Subscribe to mgmt frames with mesh handle %p",
2527 		   bss->nl_mgmt);
2528 
2529 	/* Auth frames for mesh SAE */
2530 	if (nl80211_register_frame(bss, bss->nl_mgmt,
2531 				   (WLAN_FC_TYPE_MGMT << 2) |
2532 				   (WLAN_FC_STYPE_AUTH << 4),
2533 				   NULL, 0, false) < 0)
2534 		ret = -1;
2535 
2536 	/* Mesh peering open */
2537 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x01", 2) < 0)
2538 		ret = -1;
2539 	/* Mesh peering confirm */
2540 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x02", 2) < 0)
2541 		ret = -1;
2542 	/* Mesh peering close */
2543 	if (nl80211_register_action_frame(bss, (u8 *) "\x0f\x03", 2) < 0)
2544 		ret = -1;
2545 
2546 	nl80211_mgmt_handle_register_eloop(bss);
2547 
2548 	return ret;
2549 }
2550 
2551 
2552 static int nl80211_register_spurious_class3(struct i802_bss *bss)
2553 {
2554 	struct nl_msg *msg;
2555 	int ret;
2556 
2557 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UNEXPECTED_FRAME);
2558 	ret = send_and_recv(bss->drv->global, bss->nl_mgmt, msg, NULL, NULL,
2559 			    NULL, NULL);
2560 	if (ret) {
2561 		wpa_printf(MSG_DEBUG, "nl80211: Register spurious class3 "
2562 			   "failed: ret=%d (%s)",
2563 			   ret, strerror(-ret));
2564 	}
2565 	return ret;
2566 }
2567 
2568 
2569 static int nl80211_action_subscribe_ap(struct i802_bss *bss)
2570 {
2571 	int ret = 0;
2572 
2573 	/* Public Action frames */
2574 	if (nl80211_register_action_frame(bss, (u8 *) "\x04", 1) < 0)
2575 		ret = -1;
2576 	/* RRM Measurement Report */
2577 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x01", 2) < 0)
2578 		ret = -1;
2579 	/* RRM Link Measurement Report */
2580 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x03", 2) < 0)
2581 		ret = -1;
2582 	/* RRM Neighbor Report Request */
2583 	if (nl80211_register_action_frame(bss, (u8 *) "\x05\x04", 2) < 0)
2584 		ret = -1;
2585 	/* FT Action frames */
2586 	if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
2587 		ret = -1;
2588 	/* SA Query */
2589 	if (nl80211_register_action_frame(bss, (u8 *) "\x08", 1) < 0)
2590 		ret = -1;
2591 	/* Protected Dual of Public Action */
2592 	if (nl80211_register_action_frame(bss, (u8 *) "\x09", 1) < 0)
2593 		ret = -1;
2594 	/* WNM */
2595 	if (nl80211_register_action_frame(bss, (u8 *) "\x0a", 1) < 0)
2596 		ret = -1;
2597 	/* WMM */
2598 	if (nl80211_register_action_frame(bss, (u8 *) "\x11", 1) < 0)
2599 		ret = -1;
2600 #ifdef CONFIG_FST
2601 	/* FST Action frames */
2602 	if (nl80211_register_action_frame(bss, (u8 *) "\x12", 1) < 0)
2603 		ret = -1;
2604 #endif /* CONFIG_FST */
2605 	/* Vendor-specific */
2606 	if (nl80211_register_action_frame(bss, (u8 *) "\x7f", 1) < 0)
2607 		ret = -1;
2608 
2609 	return ret;
2610 }
2611 
2612 
2613 static int nl80211_mgmt_subscribe_ap(struct i802_bss *bss)
2614 {
2615 	static const int stypes[] = {
2616 		WLAN_FC_STYPE_AUTH,
2617 		WLAN_FC_STYPE_ASSOC_REQ,
2618 		WLAN_FC_STYPE_REASSOC_REQ,
2619 		WLAN_FC_STYPE_DISASSOC,
2620 		WLAN_FC_STYPE_DEAUTH,
2621 		WLAN_FC_STYPE_PROBE_REQ,
2622 /* Beacon doesn't work as mac80211 doesn't currently allow
2623  * it, but it wouldn't really be the right thing anyway as
2624  * it isn't per interface ... maybe just dump the scan
2625  * results periodically for OLBC?
2626  */
2627 		/* WLAN_FC_STYPE_BEACON, */
2628 	};
2629 	unsigned int i;
2630 
2631 	if (nl80211_alloc_mgmt_handle(bss))
2632 		return -1;
2633 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2634 		   "handle %p", bss->nl_mgmt);
2635 
2636 	for (i = 0; i < ARRAY_SIZE(stypes); i++) {
2637 		if (nl80211_register_frame(bss, bss->nl_mgmt,
2638 					   (WLAN_FC_TYPE_MGMT << 2) |
2639 					   (stypes[i] << 4),
2640 					   NULL, 0, false) < 0) {
2641 			goto out_err;
2642 		}
2643 	}
2644 
2645 	if (nl80211_action_subscribe_ap(bss))
2646 		goto out_err;
2647 
2648 	if (nl80211_register_spurious_class3(bss))
2649 		goto out_err;
2650 
2651 	nl80211_mgmt_handle_register_eloop(bss);
2652 	return 0;
2653 
2654 out_err:
2655 	nl_destroy_handles(&bss->nl_mgmt);
2656 	return -1;
2657 }
2658 
2659 
2660 static int nl80211_mgmt_subscribe_ap_dev_sme(struct i802_bss *bss)
2661 {
2662 	if (nl80211_alloc_mgmt_handle(bss))
2663 		return -1;
2664 	wpa_printf(MSG_DEBUG, "nl80211: Subscribe to mgmt frames with AP "
2665 		   "handle %p (device SME)", bss->nl_mgmt);
2666 
2667 	if (nl80211_action_subscribe_ap(bss))
2668 		goto out_err;
2669 
2670 	if (bss->drv->device_ap_sme) {
2671 		u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_AUTH << 4);
2672 
2673 		/* Register for all Authentication frames */
2674 		if (nl80211_register_frame(bss, bss->nl_mgmt, type, NULL, 0,
2675 					   false) < 0)
2676 			wpa_printf(MSG_DEBUG,
2677 				   "nl80211: Failed to subscribe to handle Authentication frames - SAE offload may not work");
2678 	}
2679 
2680 	nl80211_mgmt_handle_register_eloop(bss);
2681 	return 0;
2682 
2683 out_err:
2684 	nl_destroy_handles(&bss->nl_mgmt);
2685 	return -1;
2686 }
2687 
2688 
2689 static void nl80211_mgmt_unsubscribe(struct i802_bss *bss, const char *reason)
2690 {
2691 	if (bss->nl_mgmt == NULL)
2692 		return;
2693 	wpa_printf(MSG_DEBUG, "nl80211: Unsubscribe mgmt frames handle %p "
2694 		   "(%s)", bss->nl_mgmt, reason);
2695 	nl80211_destroy_eloop_handle(&bss->nl_mgmt, 0);
2696 
2697 	nl80211_put_wiphy_data_ap(bss);
2698 }
2699 
2700 
2701 static void wpa_driver_nl80211_send_rfkill(void *eloop_ctx, void *timeout_ctx)
2702 {
2703 	wpa_supplicant_event(timeout_ctx, EVENT_INTERFACE_DISABLED, NULL);
2704 }
2705 
2706 
2707 static void nl80211_del_p2pdev(struct i802_bss *bss)
2708 {
2709 	struct nl_msg *msg;
2710 	int ret;
2711 
2712 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_INTERFACE);
2713 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
2714 
2715 	wpa_printf(MSG_DEBUG, "nl80211: Delete P2P Device %s (0x%llx): %s",
2716 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2717 		   strerror(-ret));
2718 }
2719 
2720 
2721 static int nl80211_set_p2pdev(struct i802_bss *bss, int start)
2722 {
2723 	struct nl_msg *msg;
2724 	int ret;
2725 
2726 	msg = nl80211_cmd_msg(bss, 0, start ? NL80211_CMD_START_P2P_DEVICE :
2727 			      NL80211_CMD_STOP_P2P_DEVICE);
2728 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
2729 
2730 	wpa_printf(MSG_DEBUG, "nl80211: %s P2P Device %s (0x%llx): %s",
2731 		   start ? "Start" : "Stop",
2732 		   bss->ifname, (long long unsigned int) bss->wdev_id,
2733 		   strerror(-ret));
2734 	return ret;
2735 }
2736 
2737 
2738 static int i802_set_iface_flags(struct i802_bss *bss, int up)
2739 {
2740 	enum nl80211_iftype nlmode;
2741 
2742 	nlmode = nl80211_get_ifmode(bss);
2743 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2744 		return linux_set_iface_flags(bss->drv->global->ioctl_sock,
2745 					     bss->ifname, up);
2746 	}
2747 
2748 	/* P2P Device has start/stop which is equivalent */
2749 	return nl80211_set_p2pdev(bss, up);
2750 }
2751 
2752 
2753 #ifdef CONFIG_TESTING_OPTIONS
2754 static int qca_vendor_test_cmd_handler(struct nl_msg *msg, void *arg)
2755 {
2756 	/* struct wpa_driver_nl80211_data *drv = arg; */
2757 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
2758 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
2759 
2760 
2761 	wpa_printf(MSG_DEBUG,
2762 		   "nl80211: QCA vendor test command response received");
2763 
2764 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
2765 		  genlmsg_attrlen(gnlh, 0), NULL);
2766 	if (!tb[NL80211_ATTR_VENDOR_DATA]) {
2767 		wpa_printf(MSG_DEBUG, "nl80211: No vendor data attribute");
2768 		return NL_SKIP;
2769 	}
2770 
2771 	wpa_hexdump(MSG_DEBUG,
2772 		    "nl80211: Received QCA vendor test command response",
2773 		    nla_data(tb[NL80211_ATTR_VENDOR_DATA]),
2774 		    nla_len(tb[NL80211_ATTR_VENDOR_DATA]));
2775 
2776 	return NL_SKIP;
2777 }
2778 #endif /* CONFIG_TESTING_OPTIONS */
2779 
2780 
2781 static void qca_vendor_test(struct wpa_driver_nl80211_data *drv)
2782 {
2783 #ifdef CONFIG_TESTING_OPTIONS
2784 	struct nl_msg *msg;
2785 	struct nlattr *params;
2786 	int ret;
2787 
2788 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
2789 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
2790 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
2791 			QCA_NL80211_VENDOR_SUBCMD_TEST) ||
2792 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
2793 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TEST, 123)) {
2794 		nlmsg_free(msg);
2795 		return;
2796 	}
2797 	nla_nest_end(msg, params);
2798 
2799 	ret = send_and_recv_msgs(drv, msg, qca_vendor_test_cmd_handler, drv,
2800 				 NULL, NULL);
2801 	wpa_printf(MSG_DEBUG,
2802 		   "nl80211: QCA vendor test command returned %d (%s)",
2803 		   ret, strerror(-ret));
2804 #endif /* CONFIG_TESTING_OPTIONS */
2805 }
2806 
2807 
2808 static int
2809 wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
2810 				   const u8 *set_addr, int first,
2811 				   const char *driver_params)
2812 {
2813 	struct i802_bss *bss = drv->first_bss;
2814 	int send_rfkill_event = 0;
2815 	enum nl80211_iftype nlmode;
2816 
2817 	drv->ifindex = if_nametoindex(bss->ifname);
2818 	bss->ifindex = drv->ifindex;
2819 	bss->wdev_id = drv->global->if_add_wdevid;
2820 	bss->wdev_id_set = drv->global->if_add_wdevid_set;
2821 
2822 	bss->if_dynamic = drv->ifindex == drv->global->if_add_ifindex;
2823 	bss->if_dynamic = bss->if_dynamic || drv->global->if_add_wdevid_set;
2824 	drv->global->if_add_wdevid_set = 0;
2825 
2826 	if (!bss->if_dynamic && nl80211_get_ifmode(bss) == NL80211_IFTYPE_AP)
2827 		bss->static_ap = 1;
2828 
2829 	if (first &&
2830 	    nl80211_get_ifmode(bss) != NL80211_IFTYPE_P2P_DEVICE &&
2831 	    linux_iface_up(drv->global->ioctl_sock, bss->ifname) > 0)
2832 		drv->start_iface_up = 1;
2833 
2834 	if (wpa_driver_nl80211_capa(drv))
2835 		return -1;
2836 
2837 	if (driver_params && nl80211_set_param(bss, driver_params) < 0)
2838 		return -1;
2839 
2840 	wpa_printf(MSG_DEBUG, "nl80211: interface %s in phy %s",
2841 		   bss->ifname, drv->phyname);
2842 
2843 	if (set_addr &&
2844 	    (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) ||
2845 	     linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2846 				set_addr)))
2847 		return -1;
2848 
2849 	if (first && nl80211_get_ifmode(bss) == NL80211_IFTYPE_STATION)
2850 		drv->start_mode_sta = 1;
2851 
2852 	if (drv->hostapd || bss->static_ap)
2853 		nlmode = NL80211_IFTYPE_AP;
2854 	else if (bss->if_dynamic ||
2855 		 nl80211_get_ifmode(bss) == NL80211_IFTYPE_MESH_POINT)
2856 		nlmode = nl80211_get_ifmode(bss);
2857 	else
2858 		nlmode = NL80211_IFTYPE_STATION;
2859 
2860 	if (wpa_driver_nl80211_set_mode(bss, nlmode) < 0) {
2861 		wpa_printf(MSG_ERROR, "nl80211: Could not configure driver mode");
2862 		return -1;
2863 	}
2864 
2865 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2866 		nl80211_get_macaddr(bss);
2867 
2868 	wpa_driver_nl80211_drv_init_rfkill(drv);
2869 
2870 	if (!rfkill_is_blocked(drv->rfkill)) {
2871 		int ret = i802_set_iface_flags(bss, 1);
2872 		if (ret) {
2873 			wpa_printf(MSG_ERROR, "nl80211: Could not set "
2874 				   "interface '%s' UP", bss->ifname);
2875 			return ret;
2876 		}
2877 
2878 		if (is_p2p_net_interface(nlmode))
2879 			nl80211_disable_11b_rates(bss->drv,
2880 						  bss->drv->ifindex, 1);
2881 
2882 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
2883 			return ret;
2884 	} else {
2885 		wpa_printf(MSG_DEBUG, "nl80211: Could not yet enable "
2886 			   "interface '%s' due to rfkill", bss->ifname);
2887 		if (nlmode != NL80211_IFTYPE_P2P_DEVICE)
2888 			drv->if_disabled = 1;
2889 
2890 		send_rfkill_event = 1;
2891 	}
2892 
2893 	if (!drv->hostapd && nlmode != NL80211_IFTYPE_P2P_DEVICE)
2894 		netlink_send_oper_ifla(drv->global->netlink, drv->ifindex,
2895 				       1, IF_OPER_DORMANT);
2896 
2897 	if (nlmode != NL80211_IFTYPE_P2P_DEVICE) {
2898 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
2899 				       bss->addr))
2900 			return -1;
2901 		os_memcpy(drv->perm_addr, bss->addr, ETH_ALEN);
2902 	}
2903 
2904 	if (send_rfkill_event) {
2905 		eloop_register_timeout(0, 0, wpa_driver_nl80211_send_rfkill,
2906 				       drv, drv->ctx);
2907 	}
2908 
2909 	if (drv->vendor_cmd_test_avail)
2910 		qca_vendor_test(drv);
2911 
2912 	return 0;
2913 }
2914 
2915 
2916 static int wpa_driver_nl80211_del_beacon(struct i802_bss *bss)
2917 {
2918 	struct nl_msg *msg;
2919 	struct wpa_driver_nl80211_data *drv = bss->drv;
2920 
2921 	wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
2922 		   drv->ifindex);
2923 	nl80211_put_wiphy_data_ap(bss);
2924 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
2925 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
2926 }
2927 
2928 
2929 /**
2930  * wpa_driver_nl80211_deinit - Deinitialize nl80211 driver interface
2931  * @bss: Pointer to private nl80211 data from wpa_driver_nl80211_init()
2932  *
2933  * Shut down driver interface and processing of driver events. Free
2934  * private data buffer if one was allocated in wpa_driver_nl80211_init().
2935  */
2936 static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
2937 {
2938 	struct wpa_driver_nl80211_data *drv = bss->drv;
2939 	unsigned int i;
2940 
2941 	wpa_printf(MSG_INFO, "nl80211: deinit ifname=%s disabled_11b_rates=%d",
2942 		   bss->ifname, drv->disabled_11b_rates);
2943 
2944 	bss->in_deinit = 1;
2945 	if (drv->data_tx_status)
2946 		eloop_unregister_read_sock(drv->eapol_tx_sock);
2947 	if (drv->eapol_tx_sock >= 0)
2948 		close(drv->eapol_tx_sock);
2949 
2950 	if (bss->nl_preq)
2951 		wpa_driver_nl80211_probe_req_report(bss, 0);
2952 	if (bss->added_if_into_bridge) {
2953 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
2954 				    bss->ifname) < 0)
2955 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2956 				   "interface %s from bridge %s: %s",
2957 				   bss->ifname, bss->brname, strerror(errno));
2958 	}
2959 
2960 	if (drv->rtnl_sk)
2961 		nl_socket_free(drv->rtnl_sk);
2962 
2963 	if (bss->added_bridge) {
2964 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
2965 					  0) < 0)
2966 			wpa_printf(MSG_INFO,
2967 				   "nl80211: Could not set bridge %s down",
2968 				   bss->brname);
2969 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
2970 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
2971 				   "bridge %s: %s",
2972 				   bss->brname, strerror(errno));
2973 	}
2974 
2975 	nl80211_remove_monitor_interface(drv);
2976 
2977 	if (is_ap_interface(drv->nlmode))
2978 		wpa_driver_nl80211_del_beacon(bss);
2979 
2980 	if (drv->eapol_sock >= 0) {
2981 		eloop_unregister_read_sock(drv->eapol_sock);
2982 		close(drv->eapol_sock);
2983 	}
2984 
2985 	if (drv->if_indices != drv->default_if_indices)
2986 		os_free(drv->if_indices);
2987 
2988 	if (drv->disabled_11b_rates)
2989 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
2990 
2991 	netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, 0,
2992 			       IF_OPER_UP);
2993 	eloop_cancel_timeout(wpa_driver_nl80211_send_rfkill, drv, drv->ctx);
2994 	rfkill_deinit(drv->rfkill);
2995 
2996 	eloop_cancel_timeout(wpa_driver_nl80211_scan_timeout, drv, drv->ctx);
2997 
2998 	if (!drv->start_iface_up)
2999 		(void) i802_set_iface_flags(bss, 0);
3000 
3001 	if (drv->addr_changed) {
3002 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
3003 					  0) < 0) {
3004 			wpa_printf(MSG_DEBUG,
3005 				   "nl80211: Could not set interface down to restore permanent MAC address");
3006 		}
3007 		if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
3008 				       drv->perm_addr) < 0) {
3009 			wpa_printf(MSG_DEBUG,
3010 				   "nl80211: Could not restore permanent MAC address");
3011 		}
3012 	}
3013 
3014 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE) {
3015 		if (drv->start_mode_sta)
3016 			wpa_driver_nl80211_set_mode(bss,
3017 						    NL80211_IFTYPE_STATION);
3018 		nl80211_mgmt_unsubscribe(bss, "deinit");
3019 	} else {
3020 		nl80211_mgmt_unsubscribe(bss, "deinit");
3021 		nl80211_del_p2pdev(bss);
3022 	}
3023 
3024 	nl80211_destroy_bss(drv->first_bss);
3025 
3026 	os_free(drv->filter_ssids);
3027 
3028 	os_free(drv->auth_ie);
3029 	os_free(drv->auth_data);
3030 
3031 	if (drv->in_interface_list)
3032 		dl_list_del(&drv->list);
3033 
3034 	os_free(drv->extended_capa);
3035 	os_free(drv->extended_capa_mask);
3036 	for (i = 0; i < drv->num_iface_ext_capa; i++) {
3037 		os_free(drv->iface_ext_capa[i].ext_capa);
3038 		os_free(drv->iface_ext_capa[i].ext_capa_mask);
3039 	}
3040 	os_free(drv->first_bss);
3041 #ifdef CONFIG_DRIVER_NL80211_QCA
3042 	os_free(drv->pending_roam_data);
3043 #endif /* CONFIG_DRIVER_NL80211_QCA */
3044 	os_free(drv);
3045 }
3046 
3047 
3048 static u32 wpa_alg_to_cipher_suite(enum wpa_alg alg, size_t key_len)
3049 {
3050 	switch (alg) {
3051 	case WPA_ALG_WEP:
3052 		if (key_len == 5)
3053 			return RSN_CIPHER_SUITE_WEP40;
3054 		return RSN_CIPHER_SUITE_WEP104;
3055 	case WPA_ALG_TKIP:
3056 		return RSN_CIPHER_SUITE_TKIP;
3057 	case WPA_ALG_CCMP:
3058 		return RSN_CIPHER_SUITE_CCMP;
3059 	case WPA_ALG_GCMP:
3060 		return RSN_CIPHER_SUITE_GCMP;
3061 	case WPA_ALG_CCMP_256:
3062 		return RSN_CIPHER_SUITE_CCMP_256;
3063 	case WPA_ALG_GCMP_256:
3064 		return RSN_CIPHER_SUITE_GCMP_256;
3065 	case WPA_ALG_BIP_CMAC_128:
3066 		return RSN_CIPHER_SUITE_AES_128_CMAC;
3067 	case WPA_ALG_BIP_GMAC_128:
3068 		return RSN_CIPHER_SUITE_BIP_GMAC_128;
3069 	case WPA_ALG_BIP_GMAC_256:
3070 		return RSN_CIPHER_SUITE_BIP_GMAC_256;
3071 	case WPA_ALG_BIP_CMAC_256:
3072 		return RSN_CIPHER_SUITE_BIP_CMAC_256;
3073 	case WPA_ALG_SMS4:
3074 		return RSN_CIPHER_SUITE_SMS4;
3075 	case WPA_ALG_KRK:
3076 		return RSN_CIPHER_SUITE_KRK;
3077 	case WPA_ALG_NONE:
3078 		wpa_printf(MSG_ERROR, "nl80211: Unexpected encryption algorithm %d",
3079 			   alg);
3080 		return 0;
3081 	}
3082 
3083 	wpa_printf(MSG_ERROR, "nl80211: Unsupported encryption algorithm %d",
3084 		   alg);
3085 	return 0;
3086 }
3087 
3088 
3089 static u32 wpa_cipher_to_cipher_suite(unsigned int cipher)
3090 {
3091 	switch (cipher) {
3092 	case WPA_CIPHER_CCMP_256:
3093 		return RSN_CIPHER_SUITE_CCMP_256;
3094 	case WPA_CIPHER_GCMP_256:
3095 		return RSN_CIPHER_SUITE_GCMP_256;
3096 	case WPA_CIPHER_CCMP:
3097 		return RSN_CIPHER_SUITE_CCMP;
3098 	case WPA_CIPHER_GCMP:
3099 		return RSN_CIPHER_SUITE_GCMP;
3100 	case WPA_CIPHER_TKIP:
3101 		return RSN_CIPHER_SUITE_TKIP;
3102 	case WPA_CIPHER_WEP104:
3103 		return RSN_CIPHER_SUITE_WEP104;
3104 	case WPA_CIPHER_WEP40:
3105 		return RSN_CIPHER_SUITE_WEP40;
3106 	case WPA_CIPHER_GTK_NOT_USED:
3107 		return RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED;
3108 	}
3109 
3110 	return 0;
3111 }
3112 
3113 
3114 static int wpa_cipher_to_cipher_suites(unsigned int ciphers, u32 suites[],
3115 				       int max_suites)
3116 {
3117 	int num_suites = 0;
3118 
3119 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP_256)
3120 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP_256;
3121 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP_256)
3122 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP_256;
3123 	if (num_suites < max_suites && ciphers & WPA_CIPHER_CCMP)
3124 		suites[num_suites++] = RSN_CIPHER_SUITE_CCMP;
3125 	if (num_suites < max_suites && ciphers & WPA_CIPHER_GCMP)
3126 		suites[num_suites++] = RSN_CIPHER_SUITE_GCMP;
3127 	if (num_suites < max_suites && ciphers & WPA_CIPHER_TKIP)
3128 		suites[num_suites++] = RSN_CIPHER_SUITE_TKIP;
3129 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP104)
3130 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP104;
3131 	if (num_suites < max_suites && ciphers & WPA_CIPHER_WEP40)
3132 		suites[num_suites++] = RSN_CIPHER_SUITE_WEP40;
3133 
3134 	return num_suites;
3135 }
3136 
3137 
3138 static int wpa_key_mgmt_to_suites(unsigned int key_mgmt_suites, u32 suites[],
3139 				  int max_suites)
3140 {
3141 	int num_suites = 0;
3142 
3143 #define __AKM(a, b) \
3144 	if (num_suites < max_suites && \
3145 	    (key_mgmt_suites & (WPA_KEY_MGMT_ ## a))) \
3146 		suites[num_suites++] = (RSN_AUTH_KEY_MGMT_ ## b)
3147 	__AKM(IEEE8021X, UNSPEC_802_1X);
3148 	__AKM(PSK, PSK_OVER_802_1X);
3149 	__AKM(FT_IEEE8021X, FT_802_1X);
3150 	__AKM(FT_PSK, FT_PSK);
3151 	__AKM(IEEE8021X_SHA256, 802_1X_SHA256);
3152 	__AKM(PSK_SHA256, PSK_SHA256);
3153 	__AKM(SAE, SAE);
3154 	__AKM(FT_SAE, FT_SAE);
3155 	__AKM(CCKM, CCKM);
3156 	__AKM(OSEN, OSEN);
3157 	__AKM(IEEE8021X_SUITE_B, 802_1X_SUITE_B);
3158 	__AKM(IEEE8021X_SUITE_B_192, 802_1X_SUITE_B_192);
3159 	__AKM(FILS_SHA256, FILS_SHA256);
3160 	__AKM(FILS_SHA384, FILS_SHA384);
3161 	__AKM(FT_FILS_SHA256, FT_FILS_SHA256);
3162 	__AKM(FT_FILS_SHA384, FT_FILS_SHA384);
3163 	__AKM(OWE, OWE);
3164 	__AKM(DPP, DPP);
3165 	__AKM(FT_IEEE8021X_SHA384, FT_802_1X_SHA384);
3166 #undef __AKM
3167 
3168 	return num_suites;
3169 }
3170 
3171 
3172 #ifdef CONFIG_DRIVER_NL80211_QCA
3173 static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
3174 				  const u8 *key, size_t key_len)
3175 {
3176 	struct nl_msg *msg;
3177 	int ret;
3178 
3179 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
3180 		return 0;
3181 
3182 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
3183 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
3184 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
3185 			QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY) ||
3186 	    nla_put(msg, NL80211_ATTR_VENDOR_DATA, key_len, key)) {
3187 		nl80211_nlmsg_clear(msg);
3188 		nlmsg_free(msg);
3189 		return -1;
3190 	}
3191 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3192 	if (ret) {
3193 		wpa_printf(MSG_DEBUG,
3194 			   "nl80211: Key management set key failed: ret=%d (%s)",
3195 			   ret, strerror(-ret));
3196 	}
3197 
3198 	return ret;
3199 }
3200 #endif /* CONFIG_DRIVER_NL80211_QCA */
3201 
3202 
3203 static int nl80211_set_pmk(struct wpa_driver_nl80211_data *drv,
3204 			   const u8 *key, size_t key_len,
3205 			   const u8 *addr)
3206 {
3207 	struct nl_msg *msg = NULL;
3208 	int ret;
3209 
3210 	/*
3211 	 * If the authenticator address is not set, assume it is
3212 	 * the current BSSID.
3213 	 */
3214 	if (!addr && drv->associated)
3215 		addr = drv->bssid;
3216 	else if (!addr)
3217 		return -1;
3218 
3219 	wpa_printf(MSG_DEBUG, "nl80211: Set PMK to the driver for " MACSTR,
3220 		   MAC2STR(addr));
3221 	wpa_hexdump_key(MSG_DEBUG, "nl80211: PMK", key, key_len);
3222 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_PMK);
3223 	if (!msg ||
3224 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
3225 	    nla_put(msg, NL80211_ATTR_PMK, key_len, key)) {
3226 		nl80211_nlmsg_clear(msg);
3227 		nlmsg_free(msg);
3228 		return -ENOBUFS;
3229 	}
3230 
3231 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3232 	if (ret) {
3233 		wpa_printf(MSG_DEBUG, "nl80211: Set PMK failed: ret=%d (%s)",
3234 			   ret, strerror(-ret));
3235 	}
3236 
3237 	return ret;
3238 }
3239 
3240 
3241 static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
3242 				      struct wpa_driver_set_key_params *params)
3243 {
3244 	struct wpa_driver_nl80211_data *drv = bss->drv;
3245 	int ifindex;
3246 	struct nl_msg *msg;
3247 	struct nl_msg *key_msg;
3248 	int ret;
3249 	int skip_set_key = 1;
3250 	const char *ifname = params->ifname;
3251 	enum wpa_alg alg = params->alg;
3252 	const u8 *addr = params->addr;
3253 	int key_idx = params->key_idx;
3254 	int set_tx = params->set_tx;
3255 	const u8 *seq = params->seq;
3256 	size_t seq_len = params->seq_len;
3257 	const u8 *key = params->key;
3258 	size_t key_len = params->key_len;
3259 	int vlan_id = params->vlan_id;
3260 	enum key_flag key_flag = params->key_flag;
3261 
3262 	/* Ignore for P2P Device */
3263 	if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
3264 		return 0;
3265 
3266 	ifindex = if_nametoindex(ifname);
3267 	wpa_printf(MSG_DEBUG, "%s: ifindex=%d (%s) alg=%d addr=%p key_idx=%d "
3268 		   "set_tx=%d seq_len=%lu key_len=%lu key_flag=0x%x",
3269 		   __func__, ifindex, ifname, alg, addr, key_idx, set_tx,
3270 		   (unsigned long) seq_len, (unsigned long) key_len, key_flag);
3271 
3272 	if (check_key_flag(key_flag)) {
3273 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag", __func__);
3274 		return -EINVAL;
3275 	}
3276 
3277 #ifdef CONFIG_DRIVER_NL80211_QCA
3278 	if ((key_flag & KEY_FLAG_PMK) &&
3279 	    (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
3280 		wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
3281 			   __func__);
3282 		ret = issue_key_mgmt_set_key(drv, key, key_len);
3283 		return ret;
3284 	}
3285 #endif /* CONFIG_DRIVER_NL80211_QCA */
3286 
3287 	if (key_flag & KEY_FLAG_PMK) {
3288 		if (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)
3289 			return nl80211_set_pmk(drv, key, key_len, addr);
3290 		/* The driver does not have any offload mechanism for PMK, so
3291 		 * there is no need to configure this key. */
3292 		return 0;
3293 	}
3294 
3295 	ret = -ENOBUFS;
3296 	key_msg = nlmsg_alloc();
3297 	if (!key_msg)
3298 		return ret;
3299 
3300 	if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3301 	    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3302 		wpa_printf(MSG_DEBUG,
3303 			   "nl80211: SET_KEY (pairwise RX/TX modify)");
3304 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3305 		if (!msg)
3306 			goto fail2;
3307 	} else if (alg == WPA_ALG_NONE && (key_flag & KEY_FLAG_RX_TX)) {
3308 		wpa_printf(MSG_DEBUG, "%s: invalid key_flag to delete key",
3309 			   __func__);
3310 		ret = -EINVAL;
3311 		goto fail2;
3312 	} else if (alg == WPA_ALG_NONE) {
3313 		wpa_printf(MSG_DEBUG, "nl80211: DEL_KEY");
3314 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
3315 		if (!msg)
3316 			goto fail2;
3317 	} else {
3318 		u32 suite;
3319 
3320 		suite = wpa_alg_to_cipher_suite(alg, key_len);
3321 		if (!suite) {
3322 			ret = -EINVAL;
3323 			goto fail2;
3324 		}
3325 		wpa_printf(MSG_DEBUG, "nl80211: NEW_KEY");
3326 		msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
3327 		if (!msg)
3328 			goto fail2;
3329 		if (nla_put(key_msg, NL80211_KEY_DATA, key_len, key) ||
3330 		    nla_put_u32(key_msg, NL80211_KEY_CIPHER, suite))
3331 			goto fail;
3332 		wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
3333 
3334 		if (seq && seq_len) {
3335 			if (nla_put(key_msg, NL80211_KEY_SEQ, seq_len, seq))
3336 				goto fail;
3337 			wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ",
3338 				    seq, seq_len);
3339 		}
3340 	}
3341 
3342 	if (addr && !is_broadcast_ether_addr(addr)) {
3343 		wpa_printf(MSG_DEBUG, "   addr=" MACSTR, MAC2STR(addr));
3344 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
3345 			goto fail;
3346 
3347 		if ((key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3348 		    KEY_FLAG_PAIRWISE_RX ||
3349 		    (key_flag & KEY_FLAG_PAIRWISE_MASK) ==
3350 		    KEY_FLAG_PAIRWISE_RX_TX_MODIFY) {
3351 			if (nla_put_u8(key_msg, NL80211_KEY_MODE,
3352 				       key_flag == KEY_FLAG_PAIRWISE_RX ?
3353 				       NL80211_KEY_NO_TX : NL80211_KEY_SET_TX))
3354 				goto fail;
3355 		} else if ((key_flag & KEY_FLAG_GROUP_MASK) ==
3356 			   KEY_FLAG_GROUP_RX) {
3357 			wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
3358 			if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
3359 					NL80211_KEYTYPE_GROUP))
3360 				goto fail;
3361 		} else if (!(key_flag & KEY_FLAG_PAIRWISE)) {
3362 			wpa_printf(MSG_DEBUG,
3363 				   "   key_flag missing PAIRWISE when setting a pairwise key");
3364 			ret = -EINVAL;
3365 			goto fail;
3366 		} else if (alg == WPA_ALG_WEP &&
3367 			   (key_flag & KEY_FLAG_RX_TX) == KEY_FLAG_RX_TX) {
3368 			wpa_printf(MSG_DEBUG, "   unicast WEP key");
3369 			skip_set_key = 0;
3370 		} else {
3371 			wpa_printf(MSG_DEBUG, "   pairwise key");
3372 		}
3373 	} else if ((key_flag & KEY_FLAG_PAIRWISE) ||
3374 		   !(key_flag & KEY_FLAG_GROUP)) {
3375 		wpa_printf(MSG_DEBUG,
3376 			   "   invalid key_flag for a broadcast key");
3377 		ret = -EINVAL;
3378 		goto fail;
3379 	} else {
3380 		wpa_printf(MSG_DEBUG, "   broadcast key");
3381 		if (key_flag & KEY_FLAG_DEFAULT)
3382 			skip_set_key = 0;
3383 	}
3384 	if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3385 	    nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3386 		goto fail;
3387 	nl80211_nlmsg_clear(key_msg);
3388 	nlmsg_free(key_msg);
3389 	key_msg = NULL;
3390 
3391 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3392 		wpa_printf(MSG_DEBUG, "nl80211: VLAN ID %d", vlan_id);
3393 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3394 			goto fail;
3395 	}
3396 
3397 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3398 	if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
3399 		ret = 0;
3400 	if (ret)
3401 		wpa_printf(MSG_DEBUG, "nl80211: set_key failed; err=%d %s",
3402 			   ret, strerror(-ret));
3403 
3404 	/*
3405 	 * If we failed or don't need to set the key as default (below),
3406 	 * we're done here.
3407 	 */
3408 	if (ret || skip_set_key)
3409 		return ret;
3410 	wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_SET_KEY - default key");
3411 
3412 	ret = -ENOBUFS;
3413 	key_msg = nlmsg_alloc();
3414 	if (!key_msg)
3415 		return ret;
3416 
3417 	msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
3418 	if (!msg)
3419 		goto fail2;
3420 	if (!key_msg ||
3421 	    nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
3422 	    nla_put_flag(key_msg, wpa_alg_bip(alg) ?
3423 			 (key_idx == 6 || key_idx == 7 ?
3424 			  NL80211_KEY_DEFAULT_BEACON :
3425 			  NL80211_KEY_DEFAULT_MGMT) :
3426 			 NL80211_KEY_DEFAULT))
3427 		goto fail;
3428 	if (addr && is_broadcast_ether_addr(addr)) {
3429 		struct nlattr *types;
3430 
3431 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3432 		if (!types ||
3433 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
3434 			goto fail;
3435 		nla_nest_end(key_msg, types);
3436 	} else if (addr) {
3437 		struct nlattr *types;
3438 
3439 		types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
3440 		if (!types ||
3441 		    nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
3442 			goto fail;
3443 		nla_nest_end(key_msg, types);
3444 	}
3445 
3446 	if (nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
3447 		goto fail;
3448 	nl80211_nlmsg_clear(key_msg);
3449 	nlmsg_free(key_msg);
3450 	key_msg = NULL;
3451 
3452 	if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
3453 		wpa_printf(MSG_DEBUG, "nl80211: set_key default - VLAN ID %d",
3454 			   vlan_id);
3455 		if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
3456 			goto fail;
3457 	}
3458 
3459 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3460 	if (ret)
3461 		wpa_printf(MSG_DEBUG,
3462 			   "nl80211: set_key default failed; err=%d %s",
3463 			   ret, strerror(-ret));
3464 	return ret;
3465 
3466 fail:
3467 	nl80211_nlmsg_clear(msg);
3468 	nlmsg_free(msg);
3469 fail2:
3470 	nl80211_nlmsg_clear(key_msg);
3471 	nlmsg_free(key_msg);
3472 	return ret;
3473 }
3474 
3475 
3476 static int nl_add_key(struct nl_msg *msg, enum wpa_alg alg,
3477 		      int key_idx, int defkey,
3478 		      const u8 *seq, size_t seq_len,
3479 		      const u8 *key, size_t key_len)
3480 {
3481 	struct nlattr *key_attr = nla_nest_start(msg, NL80211_ATTR_KEY);
3482 	u32 suite;
3483 
3484 	if (!key_attr)
3485 		return -1;
3486 
3487 	suite = wpa_alg_to_cipher_suite(alg, key_len);
3488 	if (!suite)
3489 		return -1;
3490 
3491 	if (defkey && wpa_alg_bip(alg)) {
3492 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT_MGMT))
3493 			return -1;
3494 	} else if (defkey) {
3495 		if (nla_put_flag(msg, NL80211_KEY_DEFAULT))
3496 			return -1;
3497 	}
3498 
3499 	if (nla_put_u8(msg, NL80211_KEY_IDX, key_idx) ||
3500 	    nla_put_u32(msg, NL80211_KEY_CIPHER, suite) ||
3501 	    (seq && seq_len &&
3502 	     nla_put(msg, NL80211_KEY_SEQ, seq_len, seq)) ||
3503 	    nla_put(msg, NL80211_KEY_DATA, key_len, key))
3504 		return -1;
3505 
3506 	nla_nest_end(msg, key_attr);
3507 
3508 	return 0;
3509 }
3510 
3511 
3512 static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
3513 				 struct nl_msg *msg)
3514 {
3515 	int i, privacy = 0;
3516 	struct nlattr *nl_keys, *nl_key;
3517 
3518 	for (i = 0; i < 4; i++) {
3519 		if (!params->wep_key[i])
3520 			continue;
3521 		privacy = 1;
3522 		break;
3523 	}
3524 	if (params->wps == WPS_MODE_PRIVACY)
3525 		privacy = 1;
3526 	if (params->pairwise_suite &&
3527 	    params->pairwise_suite != WPA_CIPHER_NONE)
3528 		privacy = 1;
3529 
3530 	if (!privacy)
3531 		return 0;
3532 
3533 	if (nla_put_flag(msg, NL80211_ATTR_PRIVACY))
3534 		return -ENOBUFS;
3535 
3536 	nl_keys = nla_nest_start(msg, NL80211_ATTR_KEYS);
3537 	if (!nl_keys)
3538 		return -ENOBUFS;
3539 
3540 	for (i = 0; i < 4; i++) {
3541 		if (!params->wep_key[i])
3542 			continue;
3543 
3544 		nl_key = nla_nest_start(msg, i);
3545 		if (!nl_key ||
3546 		    nla_put(msg, NL80211_KEY_DATA, params->wep_key_len[i],
3547 			    params->wep_key[i]) ||
3548 		    nla_put_u32(msg, NL80211_KEY_CIPHER,
3549 				params->wep_key_len[i] == 5 ?
3550 				RSN_CIPHER_SUITE_WEP40 :
3551 				RSN_CIPHER_SUITE_WEP104) ||
3552 		    nla_put_u8(msg, NL80211_KEY_IDX, i) ||
3553 		    (i == params->wep_tx_keyidx &&
3554 		     nla_put_flag(msg, NL80211_KEY_DEFAULT)))
3555 			return -ENOBUFS;
3556 
3557 		nla_nest_end(msg, nl_key);
3558 	}
3559 	nla_nest_end(msg, nl_keys);
3560 
3561 	return 0;
3562 }
3563 
3564 
3565 int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
3566 			    const u8 *addr, int cmd, u16 reason_code,
3567 			    int local_state_change,
3568 			    struct i802_bss *bss)
3569 {
3570 	int ret;
3571 	struct nl_msg *msg;
3572 	struct nl_sock *nl_connect = get_connect_handle(bss);
3573 
3574 	if (!(msg = nl80211_drv_msg(drv, 0, cmd)) ||
3575 	    nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code) ||
3576 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
3577 	    (local_state_change &&
3578 	     nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))) {
3579 		nlmsg_free(msg);
3580 		return -1;
3581 	}
3582 
3583 	if (nl_connect)
3584 		ret = send_and_recv(drv->global, nl_connect, msg,
3585 				    process_bss_event, bss, NULL, NULL);
3586 	else
3587 		ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3588 	if (ret) {
3589 		wpa_dbg(drv->ctx, MSG_DEBUG,
3590 			"nl80211: MLME command failed: reason=%u ret=%d (%s)",
3591 			reason_code, ret, strerror(-ret));
3592 	}
3593 	return ret;
3594 }
3595 
3596 
3597 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
3598 					 u16 reason_code,
3599 					 struct i802_bss *bss)
3600 {
3601 	int ret;
3602 	int drv_associated = drv->associated;
3603 
3604 	wpa_printf(MSG_DEBUG, "%s(reason_code=%d)", __func__, reason_code);
3605 	nl80211_mark_disconnected(drv);
3606 	/* Disconnect command doesn't need BSSID - it uses cached value */
3607 	ret = wpa_driver_nl80211_mlme(drv, NULL, NL80211_CMD_DISCONNECT,
3608 				      reason_code, 0, bss);
3609 	/*
3610 	 * For locally generated disconnect, supplicant already generates a
3611 	 * DEAUTH event, so ignore the event from NL80211.
3612 	 */
3613 	drv->ignore_next_local_disconnect = drv_associated && (ret == 0);
3614 
3615 	return ret;
3616 }
3617 
3618 
3619 static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
3620 					     const u8 *addr, u16 reason_code)
3621 {
3622 	struct wpa_driver_nl80211_data *drv = bss->drv;
3623 	int ret;
3624 	int drv_associated = drv->associated;
3625 
3626 	if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
3627 		nl80211_mark_disconnected(drv);
3628 		return nl80211_leave_ibss(drv, 1);
3629 	}
3630 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
3631 		return wpa_driver_nl80211_disconnect(drv, reason_code, bss);
3632 	}
3633 	wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)",
3634 		   __func__, MAC2STR(addr), reason_code);
3635 	nl80211_mark_disconnected(drv);
3636 	ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
3637 				      reason_code, 0, bss);
3638 	/*
3639 	 * For locally generated deauthenticate, supplicant already generates a
3640 	 * DEAUTH event, so ignore the event from NL80211.
3641 	 */
3642 	drv->ignore_next_local_deauth = drv_associated && (ret == 0);
3643 
3644 	return ret;
3645 }
3646 
3647 
3648 static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
3649 				     struct wpa_driver_auth_params *params)
3650 {
3651 	int i;
3652 
3653 	drv->auth_freq = params->freq;
3654 	drv->auth_alg = params->auth_alg;
3655 	drv->auth_wep_tx_keyidx = params->wep_tx_keyidx;
3656 	drv->auth_local_state_change = params->local_state_change;
3657 	drv->auth_p2p = params->p2p;
3658 
3659 	if (params->bssid)
3660 		os_memcpy(drv->auth_bssid_, params->bssid, ETH_ALEN);
3661 	else
3662 		os_memset(drv->auth_bssid_, 0, ETH_ALEN);
3663 
3664 	if (params->ssid) {
3665 		os_memcpy(drv->auth_ssid, params->ssid, params->ssid_len);
3666 		drv->auth_ssid_len = params->ssid_len;
3667 	} else
3668 		drv->auth_ssid_len = 0;
3669 
3670 
3671 	os_free(drv->auth_ie);
3672 	drv->auth_ie = NULL;
3673 	drv->auth_ie_len = 0;
3674 	if (params->ie) {
3675 		drv->auth_ie = os_malloc(params->ie_len);
3676 		if (drv->auth_ie) {
3677 			os_memcpy(drv->auth_ie, params->ie, params->ie_len);
3678 			drv->auth_ie_len = params->ie_len;
3679 		}
3680 	}
3681 
3682 	os_free(drv->auth_data);
3683 	drv->auth_data = NULL;
3684 	drv->auth_data_len = 0;
3685 	if (params->auth_data) {
3686 		drv->auth_data = os_memdup(params->auth_data,
3687 					   params->auth_data_len);
3688 		if (drv->auth_data)
3689 			drv->auth_data_len = params->auth_data_len;
3690 	}
3691 
3692 	for (i = 0; i < 4; i++) {
3693 		if (params->wep_key[i] && params->wep_key_len[i] &&
3694 		    params->wep_key_len[i] <= 16) {
3695 			os_memcpy(drv->auth_wep_key[i], params->wep_key[i],
3696 				  params->wep_key_len[i]);
3697 			drv->auth_wep_key_len[i] = params->wep_key_len[i];
3698 		} else
3699 			drv->auth_wep_key_len[i] = 0;
3700 	}
3701 }
3702 
3703 
3704 static void nl80211_unmask_11b_rates(struct i802_bss *bss)
3705 {
3706 	struct wpa_driver_nl80211_data *drv = bss->drv;
3707 
3708 	if (is_p2p_net_interface(drv->nlmode) || !drv->disabled_11b_rates)
3709 		return;
3710 
3711 	/*
3712 	 * Looks like we failed to unmask 11b rates previously. This could
3713 	 * happen, e.g., if the interface was down at the point in time when a
3714 	 * P2P group was terminated.
3715 	 */
3716 	wpa_printf(MSG_DEBUG,
3717 		   "nl80211: Interface %s mode is for non-P2P, but 11b rates were disabled - re-enable them",
3718 		   bss->ifname);
3719 	nl80211_disable_11b_rates(drv, drv->ifindex, 0);
3720 }
3721 
3722 
3723 static enum nl80211_auth_type get_nl_auth_type(int wpa_auth_alg)
3724 {
3725 	if (wpa_auth_alg & WPA_AUTH_ALG_OPEN)
3726 		return NL80211_AUTHTYPE_OPEN_SYSTEM;
3727 	if (wpa_auth_alg & WPA_AUTH_ALG_SHARED)
3728 		return NL80211_AUTHTYPE_SHARED_KEY;
3729 	if (wpa_auth_alg & WPA_AUTH_ALG_LEAP)
3730 		return NL80211_AUTHTYPE_NETWORK_EAP;
3731 	if (wpa_auth_alg & WPA_AUTH_ALG_FT)
3732 		return NL80211_AUTHTYPE_FT;
3733 	if (wpa_auth_alg & WPA_AUTH_ALG_SAE)
3734 		return NL80211_AUTHTYPE_SAE;
3735 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS)
3736 		return NL80211_AUTHTYPE_FILS_SK;
3737 	if (wpa_auth_alg & WPA_AUTH_ALG_FILS_SK_PFS)
3738 		return NL80211_AUTHTYPE_FILS_SK_PFS;
3739 
3740 	return NL80211_AUTHTYPE_MAX;
3741 }
3742 
3743 
3744 static int wpa_driver_nl80211_authenticate(
3745 	struct i802_bss *bss, struct wpa_driver_auth_params *params)
3746 {
3747 	struct wpa_driver_nl80211_data *drv = bss->drv;
3748 	int ret = -1, i;
3749 	struct nl_msg *msg;
3750 	enum nl80211_auth_type type;
3751 	enum nl80211_iftype nlmode;
3752 	int count = 0;
3753 	int is_retry;
3754 	struct wpa_driver_set_key_params p;
3755 
3756 	nl80211_unmask_11b_rates(bss);
3757 
3758 	is_retry = drv->retry_auth;
3759 	drv->retry_auth = 0;
3760 	drv->ignore_deauth_event = 0;
3761 
3762 	nl80211_mark_disconnected(drv);
3763 	os_memset(drv->auth_bssid, 0, ETH_ALEN);
3764 	if (params->bssid)
3765 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
3766 	else
3767 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
3768 	/* FIX: IBSS mode */
3769 	nlmode = params->p2p ?
3770 		NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
3771 	if (drv->nlmode != nlmode &&
3772 	    wpa_driver_nl80211_set_mode(bss, nlmode) < 0)
3773 		return -1;
3774 
3775 retry:
3776 	wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
3777 		   drv->ifindex);
3778 
3779 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_AUTHENTICATE);
3780 	if (!msg)
3781 		goto fail;
3782 
3783 	os_memset(&p, 0, sizeof(p));
3784 	p.ifname = bss->ifname;
3785 	p.alg = WPA_ALG_WEP;
3786 	for (i = 0; i < 4; i++) {
3787 		if (!params->wep_key[i])
3788 			continue;
3789 		p.key_idx = i;
3790 		p.set_tx = i == params->wep_tx_keyidx;
3791 		p.key = params->wep_key[i];
3792 		p.key_len = params->wep_key_len[i];
3793 		p.key_flag = i == params->wep_tx_keyidx ?
3794 			KEY_FLAG_GROUP_RX_TX_DEFAULT :
3795 			KEY_FLAG_GROUP_RX_TX;
3796 		wpa_driver_nl80211_set_key(bss, &p);
3797 		if (params->wep_tx_keyidx != i)
3798 			continue;
3799 		if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
3800 			       params->wep_key[i], params->wep_key_len[i]))
3801 			goto fail;
3802 	}
3803 
3804 	if (params->bssid) {
3805 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
3806 			   MAC2STR(params->bssid));
3807 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
3808 			goto fail;
3809 	}
3810 	if (params->freq) {
3811 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq);
3812 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq))
3813 			goto fail;
3814 	}
3815 	if (params->ssid) {
3816 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
3817 			   wpa_ssid_txt(params->ssid, params->ssid_len));
3818 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
3819 			    params->ssid))
3820 			goto fail;
3821 	}
3822 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->ie, params->ie_len);
3823 	if (params->ie &&
3824 	    nla_put(msg, NL80211_ATTR_IE, params->ie_len, params->ie))
3825 		goto fail;
3826 	if (params->auth_data) {
3827 		wpa_hexdump(MSG_DEBUG, "  * auth_data", params->auth_data,
3828 			    params->auth_data_len);
3829 		if (nla_put(msg, NL80211_ATTR_SAE_DATA, params->auth_data_len,
3830 			    params->auth_data))
3831 			goto fail;
3832 	}
3833 	type = get_nl_auth_type(params->auth_alg);
3834 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
3835 	if (type == NL80211_AUTHTYPE_MAX ||
3836 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
3837 		goto fail;
3838 	if (params->local_state_change) {
3839 		wpa_printf(MSG_DEBUG, "  * Local state change only");
3840 		if (nla_put_flag(msg, NL80211_ATTR_LOCAL_STATE_CHANGE))
3841 			goto fail;
3842 	}
3843 
3844 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
3845 	msg = NULL;
3846 	if (ret) {
3847 		wpa_dbg(drv->ctx, MSG_DEBUG,
3848 			"nl80211: MLME command failed (auth): count=%d ret=%d (%s)",
3849 			count, ret, strerror(-ret));
3850 		count++;
3851 		if ((ret == -EALREADY || ret == -EEXIST) && count == 1 &&
3852 		    params->bssid && !params->local_state_change) {
3853 			/*
3854 			 * mac80211 does not currently accept new
3855 			 * authentication if we are already authenticated. As a
3856 			 * workaround, force deauthentication and try again.
3857 			 */
3858 			wpa_printf(MSG_DEBUG, "nl80211: Retry authentication "
3859 				   "after forced deauthentication");
3860 			drv->ignore_deauth_event = 1;
3861 			wpa_driver_nl80211_deauthenticate(
3862 				bss, params->bssid,
3863 				WLAN_REASON_PREV_AUTH_NOT_VALID);
3864 			nlmsg_free(msg);
3865 			goto retry;
3866 		}
3867 
3868 		if (ret == -ENOENT && params->freq && !is_retry) {
3869 			/*
3870 			 * cfg80211 has likely expired the BSS entry even
3871 			 * though it was previously available in our internal
3872 			 * BSS table. To recover quickly, start a single
3873 			 * channel scan on the specified channel.
3874 			 */
3875 			struct wpa_driver_scan_params scan;
3876 			int freqs[2];
3877 
3878 			os_memset(&scan, 0, sizeof(scan));
3879 			scan.num_ssids = 1;
3880 			if (params->ssid) {
3881 				scan.ssids[0].ssid = params->ssid;
3882 				scan.ssids[0].ssid_len = params->ssid_len;
3883 			}
3884 			freqs[0] = params->freq;
3885 			freqs[1] = 0;
3886 			scan.freqs = freqs;
3887 			wpa_printf(MSG_DEBUG, "nl80211: Trigger single "
3888 				   "channel scan to refresh cfg80211 BSS "
3889 				   "entry");
3890 			ret = wpa_driver_nl80211_scan(bss, &scan);
3891 			if (ret == 0) {
3892 				nl80211_copy_auth_params(drv, params);
3893 				drv->scan_for_auth = 1;
3894 			}
3895 		} else if (is_retry) {
3896 			/*
3897 			 * Need to indicate this with an event since the return
3898 			 * value from the retry is not delivered to core code.
3899 			 */
3900 			union wpa_event_data event;
3901 			wpa_printf(MSG_DEBUG, "nl80211: Authentication retry "
3902 				   "failed");
3903 			os_memset(&event, 0, sizeof(event));
3904 			os_memcpy(event.timeout_event.addr, drv->auth_bssid_,
3905 				  ETH_ALEN);
3906 			wpa_supplicant_event(drv->ctx, EVENT_AUTH_TIMED_OUT,
3907 					     &event);
3908 		}
3909 	} else {
3910 		wpa_printf(MSG_DEBUG,
3911 			   "nl80211: Authentication request send successfully");
3912 	}
3913 
3914 fail:
3915 	nlmsg_free(msg);
3916 	return ret;
3917 }
3918 
3919 
3920 int wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data *drv)
3921 {
3922 	struct wpa_driver_auth_params params;
3923 	struct i802_bss *bss = drv->first_bss;
3924 	int i;
3925 
3926 	wpa_printf(MSG_DEBUG, "nl80211: Try to authenticate again");
3927 
3928 	os_memset(&params, 0, sizeof(params));
3929 	params.freq = drv->auth_freq;
3930 	params.auth_alg = drv->auth_alg;
3931 	params.wep_tx_keyidx = drv->auth_wep_tx_keyidx;
3932 	params.local_state_change = drv->auth_local_state_change;
3933 	params.p2p = drv->auth_p2p;
3934 
3935 	if (!is_zero_ether_addr(drv->auth_bssid_))
3936 		params.bssid = drv->auth_bssid_;
3937 
3938 	if (drv->auth_ssid_len) {
3939 		params.ssid = drv->auth_ssid;
3940 		params.ssid_len = drv->auth_ssid_len;
3941 	}
3942 
3943 	params.ie = drv->auth_ie;
3944 	params.ie_len = drv->auth_ie_len;
3945 	params.auth_data = drv->auth_data;
3946 	params.auth_data_len = drv->auth_data_len;
3947 
3948 	for (i = 0; i < 4; i++) {
3949 		if (drv->auth_wep_key_len[i]) {
3950 			params.wep_key[i] = drv->auth_wep_key[i];
3951 			params.wep_key_len[i] = drv->auth_wep_key_len[i];
3952 		}
3953 	}
3954 
3955 	drv->retry_auth = 1;
3956 	return wpa_driver_nl80211_authenticate(bss, &params);
3957 }
3958 
3959 
3960 static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
3961 					size_t data_len, int noack,
3962 					unsigned int freq, int no_cck,
3963 					int offchanok,
3964 					unsigned int wait_time,
3965 					const u16 *csa_offs,
3966 					size_t csa_offs_len, int no_encrypt)
3967 {
3968 	struct wpa_driver_nl80211_data *drv = bss->drv;
3969 	struct ieee80211_mgmt *mgmt;
3970 	int encrypt = !no_encrypt;
3971 	u16 fc;
3972 	int use_cookie = 1;
3973 	int res;
3974 
3975 	mgmt = (struct ieee80211_mgmt *) data;
3976 	fc = le_to_host16(mgmt->frame_control);
3977 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da=" MACSTR
3978 		   " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u no_encrypt=%d fc=0x%x (%s) nlmode=%d",
3979 		   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
3980 		   no_encrypt, fc, fc2str(fc), drv->nlmode);
3981 
3982 	if ((is_sta_interface(drv->nlmode) ||
3983 	     drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
3984 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
3985 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_PROBE_RESP) {
3986 		/*
3987 		 * The use of last_mgmt_freq is a bit of a hack,
3988 		 * but it works due to the single-threaded nature
3989 		 * of wpa_supplicant.
3990 		 */
3991 		if (freq == 0) {
3992 			wpa_printf(MSG_DEBUG, "nl80211: Use last_mgmt_freq=%d",
3993 				   drv->last_mgmt_freq);
3994 			freq = drv->last_mgmt_freq;
3995 		}
3996 		wait_time = 0;
3997 		use_cookie = 0;
3998 		no_cck = 1;
3999 		offchanok = 1;
4000 		goto send_frame_cmd;
4001 	}
4002 
4003 	if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
4004 		if (freq == 0) {
4005 			wpa_printf(MSG_DEBUG, "nl80211: Use bss->freq=%d",
4006 				   bss->freq);
4007 			freq = bss->freq;
4008 		}
4009 		if ((int) freq == bss->freq)
4010 			wait_time = 0;
4011 		goto send_frame_cmd;
4012 	}
4013 
4014 	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4015 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4016 		/*
4017 		 * Only one of the authentication frame types is encrypted.
4018 		 * In order for static WEP encryption to work properly (i.e.,
4019 		 * to not encrypt the frame), we need to tell mac80211 about
4020 		 * the frames that must not be encrypted.
4021 		 */
4022 		u16 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
4023 		u16 auth_trans = le_to_host16(mgmt->u.auth.auth_transaction);
4024 		if (auth_alg != WLAN_AUTH_SHARED_KEY || auth_trans != 3)
4025 			encrypt = 0;
4026 	}
4027 
4028 	if (is_sta_interface(drv->nlmode) &&
4029 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4030 	    WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
4031 		if (freq == 0 &&
4032 		    (drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
4033 		    !(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
4034 			freq = nl80211_get_assoc_freq(drv);
4035 			wpa_printf(MSG_DEBUG,
4036 				   "nl80211: send_mlme - Use assoc_freq=%u for external auth",
4037 				   freq);
4038 		}
4039 
4040 		/* Allow off channel for PASN authentication */
4041 		if (data_len >= IEEE80211_HDRLEN + 2 &&
4042 		    WPA_GET_LE16(data + IEEE80211_HDRLEN) == WLAN_AUTH_PASN &&
4043 		    !offchanok) {
4044 			wpa_printf(MSG_DEBUG,
4045 				   "nl80211: send_mlme: allow off channel for PASN");
4046 			offchanok = 1;
4047 		}
4048 	}
4049 
4050 #ifdef CONFIG_PASN
4051 	if (is_sta_interface(drv->nlmode) &&
4052 	    WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
4053 	     WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_DEAUTH) {
4054 		wpa_printf(MSG_DEBUG,
4055 			   "nl80211: send_mlme: allow Deauthentication frame for PASN");
4056 
4057 		use_cookie = 0;
4058 		offchanok = 1;
4059 		goto send_frame_cmd;
4060 	}
4061 #endif /* CONFIG_PASN */
4062 
4063 	if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
4064 		freq = nl80211_get_assoc_freq(drv);
4065 		wpa_printf(MSG_DEBUG,
4066 			   "nl80211: send_mlme - Use assoc_freq=%u for IBSS",
4067 			   freq);
4068 	}
4069 	if (freq == 0) {
4070 		wpa_printf(MSG_DEBUG, "nl80211: send_mlme - Use bss->freq=%u",
4071 			   bss->freq);
4072 		freq = bss->freq;
4073 	}
4074 
4075 	if (drv->use_monitor) {
4076 		wpa_printf(MSG_DEBUG,
4077 			   "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
4078 			   freq, bss->freq);
4079 		return nl80211_send_monitor(drv, data, data_len, encrypt,
4080 					    noack);
4081 	}
4082 
4083 	if (noack || WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
4084 	    WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
4085 		use_cookie = 0;
4086 send_frame_cmd:
4087 #ifdef CONFIG_TESTING_OPTIONS
4088 	if (no_encrypt && !encrypt && !drv->use_monitor) {
4089 		wpa_printf(MSG_DEBUG,
4090 			   "nl80211: Request to send an unencrypted frame - use a monitor interface for this");
4091 		if (nl80211_create_monitor_interface(drv) < 0)
4092 			return -1;
4093 		res = nl80211_send_monitor(drv, data, data_len, encrypt,
4094 					   noack);
4095 		nl80211_remove_monitor_interface(drv);
4096 		return res;
4097 	}
4098 #endif /* CONFIG_TESTING_OPTIONS */
4099 
4100 	wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame_cmd");
4101 	res = nl80211_send_frame_cmd(bss, freq, wait_time, data, data_len,
4102 				     use_cookie, no_cck, noack, offchanok,
4103 				     csa_offs, csa_offs_len);
4104 
4105 	return res;
4106 }
4107 
4108 
4109 static int nl80211_put_basic_rates(struct nl_msg *msg, const int *basic_rates)
4110 {
4111 	u8 rates[NL80211_MAX_SUPP_RATES];
4112 	u8 rates_len = 0;
4113 	int i;
4114 
4115 	if (!basic_rates)
4116 		return 0;
4117 
4118 	for (i = 0; i < NL80211_MAX_SUPP_RATES && basic_rates[i] >= 0; i++)
4119 		rates[rates_len++] = basic_rates[i] / 5;
4120 
4121 	return nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, rates_len, rates);
4122 }
4123 
4124 
4125 static int nl80211_set_bss(struct i802_bss *bss, int cts, int preamble,
4126 			   int slot, int ht_opmode, int ap_isolate,
4127 			   const int *basic_rates)
4128 {
4129 	struct wpa_driver_nl80211_data *drv = bss->drv;
4130 	struct nl_msg *msg;
4131 
4132 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_BSS)) ||
4133 	    (cts >= 0 &&
4134 	     nla_put_u8(msg, NL80211_ATTR_BSS_CTS_PROT, cts)) ||
4135 	    (preamble >= 0 &&
4136 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_PREAMBLE, preamble)) ||
4137 	    (slot >= 0 &&
4138 	     nla_put_u8(msg, NL80211_ATTR_BSS_SHORT_SLOT_TIME, slot)) ||
4139 	    (ht_opmode >= 0 &&
4140 	     nla_put_u16(msg, NL80211_ATTR_BSS_HT_OPMODE, ht_opmode)) ||
4141 	    (ap_isolate >= 0 &&
4142 	     nla_put_u8(msg, NL80211_ATTR_AP_ISOLATE, ap_isolate)) ||
4143 	    nl80211_put_basic_rates(msg, basic_rates)) {
4144 		nlmsg_free(msg);
4145 		return -ENOBUFS;
4146 	}
4147 
4148 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4149 }
4150 
4151 
4152 static int wpa_driver_nl80211_set_acl(void *priv,
4153 				      struct hostapd_acl_params *params)
4154 {
4155 	struct i802_bss *bss = priv;
4156 	struct wpa_driver_nl80211_data *drv = bss->drv;
4157 	struct nl_msg *msg;
4158 	struct nl_msg *acl;
4159 	unsigned int i;
4160 	int ret;
4161 	size_t acl_nla_sz, acl_nlmsg_sz, nla_sz, nlmsg_sz;
4162 
4163 	if (!(drv->capa.max_acl_mac_addrs))
4164 		return -ENOTSUP;
4165 
4166 	if (params->num_mac_acl > drv->capa.max_acl_mac_addrs)
4167 		return -ENOTSUP;
4168 
4169 	wpa_printf(MSG_DEBUG, "nl80211: Set %s ACL (num_mac_acl=%u)",
4170 		   params->acl_policy ? "Accept" : "Deny", params->num_mac_acl);
4171 
4172 	acl_nla_sz = nla_total_size(ETH_ALEN) * params->num_mac_acl;
4173 	acl_nlmsg_sz = nlmsg_total_size(acl_nla_sz);
4174 	acl = nlmsg_alloc_size(acl_nlmsg_sz);
4175 	if (!acl)
4176 		return -ENOMEM;
4177 	for (i = 0; i < params->num_mac_acl; i++) {
4178 		if (nla_put(acl, i + 1, ETH_ALEN, params->mac_acl[i].addr)) {
4179 			nlmsg_free(acl);
4180 			return -ENOMEM;
4181 		}
4182 	}
4183 
4184 	/*
4185 	 * genetlink message header (Length of user header is 0) +
4186 	 * u32 attr: NL80211_ATTR_IFINDEX +
4187 	 * u32 attr: NL80211_ATTR_ACL_POLICY +
4188 	 * nested acl attr
4189 	 */
4190 	nla_sz = GENL_HDRLEN +
4191 		nla_total_size(4) * 2 +
4192 		nla_total_size(acl_nla_sz);
4193 	nlmsg_sz = nlmsg_total_size(nla_sz);
4194 	if (!(msg = nl80211_ifindex_msg_build(drv, nlmsg_alloc_size(nlmsg_sz),
4195 					      drv->ifindex, 0,
4196 					      NL80211_CMD_SET_MAC_ACL)) ||
4197 	    nla_put_u32(msg, NL80211_ATTR_ACL_POLICY, params->acl_policy ?
4198 			NL80211_ACL_POLICY_DENY_UNLESS_LISTED :
4199 			NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED) ||
4200 	    nla_put_nested(msg, NL80211_ATTR_MAC_ADDRS, acl)) {
4201 		nlmsg_free(msg);
4202 		nlmsg_free(acl);
4203 		return -ENOMEM;
4204 	}
4205 	nlmsg_free(acl);
4206 
4207 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4208 	if (ret) {
4209 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set MAC ACL: %d (%s)",
4210 			   ret, strerror(-ret));
4211 	}
4212 
4213 	return ret;
4214 }
4215 
4216 
4217 static int nl80211_put_beacon_int(struct nl_msg *msg, int beacon_int)
4218 {
4219 	if (beacon_int > 0) {
4220 		wpa_printf(MSG_DEBUG, "  * beacon_int=%d", beacon_int);
4221 		return nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
4222 				   beacon_int);
4223 	}
4224 
4225 	return 0;
4226 }
4227 
4228 
4229 static int nl80211_put_dtim_period(struct nl_msg *msg, int dtim_period)
4230 {
4231 	if (dtim_period > 0) {
4232 		wpa_printf(MSG_DEBUG, "  * dtim_period=%d", dtim_period);
4233 		return nla_put_u32(msg, NL80211_ATTR_DTIM_PERIOD, dtim_period);
4234 	}
4235 
4236 	return 0;
4237 }
4238 
4239 
4240 #ifdef CONFIG_MESH
4241 static int nl80211_set_mesh_config(void *priv,
4242 				   struct wpa_driver_mesh_bss_params *params)
4243 {
4244 	struct i802_bss *bss = priv;
4245 	struct wpa_driver_nl80211_data *drv = bss->drv;
4246 	struct nl_msg *msg;
4247 	int ret;
4248 
4249 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_MESH_CONFIG);
4250 	if (!msg)
4251 		return -1;
4252 
4253 	ret = nl80211_put_mesh_config(msg, params);
4254 	if (ret < 0) {
4255 		nlmsg_free(msg);
4256 		return ret;
4257 	}
4258 
4259 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4260 	if (ret) {
4261 		wpa_printf(MSG_ERROR,
4262 			   "nl80211: Mesh config set failed: %d (%s)",
4263 			   ret, strerror(-ret));
4264 		return ret;
4265 	}
4266 	return 0;
4267 }
4268 #endif /* CONFIG_MESH */
4269 
4270 
4271 static int nl80211_put_beacon_rate(struct nl_msg *msg, u64 flags, u64 flags2,
4272 				   struct wpa_driver_ap_params *params)
4273 {
4274 	struct nlattr *bands, *band;
4275 	struct nl80211_txrate_vht vht_rate;
4276 	struct nl80211_txrate_he he_rate;
4277 
4278 	if (!params->freq ||
4279 	    (params->beacon_rate == 0 &&
4280 	     params->rate_type == BEACON_RATE_LEGACY))
4281 		return 0;
4282 
4283 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
4284 	if (!bands)
4285 		return -1;
4286 
4287 	switch (params->freq->mode) {
4288 	case HOSTAPD_MODE_IEEE80211B:
4289 	case HOSTAPD_MODE_IEEE80211G:
4290 		band = nla_nest_start(msg, NL80211_BAND_2GHZ);
4291 		break;
4292 	case HOSTAPD_MODE_IEEE80211A:
4293 		if (is_6ghz_freq(params->freq->freq))
4294 			band = nla_nest_start(msg, NL80211_BAND_6GHZ);
4295 		else
4296 			band = nla_nest_start(msg, NL80211_BAND_5GHZ);
4297 		break;
4298 	case HOSTAPD_MODE_IEEE80211AD:
4299 		band = nla_nest_start(msg, NL80211_BAND_60GHZ);
4300 		break;
4301 	default:
4302 		return 0;
4303 	}
4304 
4305 	if (!band)
4306 		return -1;
4307 
4308 	os_memset(&vht_rate, 0, sizeof(vht_rate));
4309 	os_memset(&he_rate, 0, sizeof(he_rate));
4310 
4311 	switch (params->rate_type) {
4312 	case BEACON_RATE_LEGACY:
4313 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_LEGACY)) {
4314 			wpa_printf(MSG_INFO,
4315 				   "nl80211: Driver does not support setting Beacon frame rate (legacy)");
4316 			return -1;
4317 		}
4318 
4319 		if (nla_put_u8(msg, NL80211_TXRATE_LEGACY,
4320 			       (u8) params->beacon_rate / 5) ||
4321 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4322 		    (params->freq->vht_enabled &&
4323 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4324 			     &vht_rate)))
4325 			return -1;
4326 
4327 		wpa_printf(MSG_DEBUG, " * beacon_rate = legacy:%u (* 100 kbps)",
4328 			   params->beacon_rate);
4329 		break;
4330 	case BEACON_RATE_HT:
4331 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_HT)) {
4332 			wpa_printf(MSG_INFO,
4333 				   "nl80211: Driver does not support setting Beacon frame rate (HT)");
4334 			return -1;
4335 		}
4336 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4337 		    nla_put_u8(msg, NL80211_TXRATE_HT, params->beacon_rate) ||
4338 		    (params->freq->vht_enabled &&
4339 		     nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4340 			     &vht_rate)))
4341 			return -1;
4342 		wpa_printf(MSG_DEBUG, " * beacon_rate = HT-MCS %u",
4343 			   params->beacon_rate);
4344 		break;
4345 	case BEACON_RATE_VHT:
4346 		if (!(flags & WPA_DRIVER_FLAGS_BEACON_RATE_VHT)) {
4347 			wpa_printf(MSG_INFO,
4348 				   "nl80211: Driver does not support setting Beacon frame rate (VHT)");
4349 			return -1;
4350 		}
4351 		vht_rate.mcs[0] = BIT(params->beacon_rate);
4352 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL))
4353 			return -1;
4354 		if (nla_put(msg, NL80211_TXRATE_HT, 0, NULL))
4355 			return -1;
4356 		if (nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4357 			    &vht_rate))
4358 			return -1;
4359 		wpa_printf(MSG_DEBUG, " * beacon_rate = VHT-MCS %u",
4360 			   params->beacon_rate);
4361 		break;
4362 	case BEACON_RATE_HE:
4363 		if (!(flags2 & WPA_DRIVER_FLAGS2_BEACON_RATE_HE)) {
4364 			wpa_printf(MSG_INFO,
4365 				   "nl80211: Driver does not support setting Beacon frame rate (HE)");
4366 			return -1;
4367 		}
4368 		he_rate.mcs[0] = BIT(params->beacon_rate);
4369 		if (nla_put(msg, NL80211_TXRATE_LEGACY, 0, NULL) ||
4370 		    nla_put(msg, NL80211_TXRATE_HT, 0, NULL) ||
4371 		    nla_put(msg, NL80211_TXRATE_VHT, sizeof(vht_rate),
4372 			    &vht_rate) ||
4373 		    nla_put(msg, NL80211_TXRATE_HE, sizeof(he_rate), &he_rate))
4374 			return -1;
4375 		wpa_printf(MSG_DEBUG, " * beacon_rate = HE-MCS %u",
4376 			   params->beacon_rate);
4377 		break;
4378 	}
4379 
4380 	nla_nest_end(msg, band);
4381 	nla_nest_end(msg, bands);
4382 
4383 	return 0;
4384 }
4385 
4386 
4387 static int nl80211_set_multicast_to_unicast(struct i802_bss *bss,
4388 					    int multicast_to_unicast)
4389 {
4390 	struct wpa_driver_nl80211_data *drv = bss->drv;
4391 	struct nl_msg *msg;
4392 	int ret;
4393 
4394 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_MULTICAST_TO_UNICAST);
4395 	if (!msg ||
4396 	    (multicast_to_unicast &&
4397 	     nla_put_flag(msg, NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED))) {
4398 		wpa_printf(MSG_ERROR,
4399 			   "nl80211: Failed to build NL80211_CMD_SET_MULTICAST_TO_UNICAST msg for %s",
4400 			   bss->ifname);
4401 		nlmsg_free(msg);
4402 		return -ENOBUFS;
4403 	}
4404 
4405 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4406 
4407 	switch (ret) {
4408 	case 0:
4409 		wpa_printf(MSG_DEBUG,
4410 			   "nl80211: multicast to unicast %s on interface %s",
4411 			   multicast_to_unicast ? "enabled" : "disabled",
4412 			   bss->ifname);
4413 		break;
4414 	case -EOPNOTSUPP:
4415 		if (!multicast_to_unicast)
4416 			break;
4417 		wpa_printf(MSG_INFO,
4418 			   "nl80211: multicast to unicast not supported on interface %s",
4419 			   bss->ifname);
4420 		break;
4421 	default:
4422 		wpa_printf(MSG_ERROR,
4423 			   "nl80211: %s multicast to unicast failed with %d (%s) on interface %s",
4424 			   multicast_to_unicast ? "enabling" : "disabling",
4425 			   ret, strerror(-ret), bss->ifname);
4426 		break;
4427 	}
4428 
4429 	return ret;
4430 }
4431 
4432 
4433 #ifdef CONFIG_SAE
4434 static int nl80211_put_sae_pwe(struct nl_msg *msg, int pwe)
4435 {
4436 	u8 sae_pwe;
4437 
4438 	wpa_printf(MSG_DEBUG, "nl802111: sae_pwe=%d", pwe);
4439 	if (pwe == 0)
4440 		sae_pwe = NL80211_SAE_PWE_HUNT_AND_PECK;
4441 	else if (pwe == 1)
4442 		sae_pwe = NL80211_SAE_PWE_HASH_TO_ELEMENT;
4443 	else if (pwe == 2)
4444 		sae_pwe = NL80211_SAE_PWE_BOTH;
4445 	else if (pwe == 3)
4446 		return 0; /* special test mode */
4447 	else
4448 		return -1;
4449 	if (nla_put_u8(msg, NL80211_ATTR_SAE_PWE, sae_pwe))
4450 		return -1;
4451 
4452 	return 0;
4453 }
4454 #endif /* CONFIG_SAE */
4455 
4456 
4457 #ifdef CONFIG_FILS
4458 static int nl80211_fils_discovery(struct i802_bss *bss, struct nl_msg *msg,
4459 				  struct wpa_driver_ap_params *params)
4460 {
4461 	struct nlattr *attr;
4462 
4463 	if (!bss->drv->fils_discovery) {
4464 		wpa_printf(MSG_ERROR,
4465 			   "nl80211: Driver does not support FILS Discovery frame transmission for %s",
4466 			   bss->ifname);
4467 		return -1;
4468 	}
4469 
4470 	attr = nla_nest_start(msg, NL80211_ATTR_FILS_DISCOVERY);
4471 	if (!attr ||
4472 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MIN,
4473 			params->fd_min_int) ||
4474 	    nla_put_u32(msg, NL80211_FILS_DISCOVERY_ATTR_INT_MAX,
4475 			params->fd_max_int) ||
4476 	    (params->fd_frame_tmpl &&
4477 	     nla_put(msg, NL80211_FILS_DISCOVERY_ATTR_TMPL,
4478 		     params->fd_frame_tmpl_len, params->fd_frame_tmpl)))
4479 		return -1;
4480 
4481 	nla_nest_end(msg, attr);
4482 	return 0;
4483 }
4484 #endif /* CONFIG_FILS */
4485 
4486 
4487 #ifdef CONFIG_IEEE80211AX
4488 static int nl80211_unsol_bcast_probe_resp(struct i802_bss *bss,
4489 					  struct nl_msg *msg,
4490 					  struct wpa_driver_ap_params *params)
4491 {
4492 	struct nlattr *attr;
4493 
4494 	if (!bss->drv->unsol_bcast_probe_resp) {
4495 		wpa_printf(MSG_ERROR,
4496 			   "nl80211: Driver does not support unsolicited broadcast Probe Response frame transmission for %s",
4497 			   bss->ifname);
4498 		return -1;
4499 	}
4500 
4501 	wpa_printf(MSG_DEBUG,
4502 		   "nl80211: Unsolicited broadcast Probe Response frame interval: %u",
4503 		   params->unsol_bcast_probe_resp_interval);
4504 	attr = nla_nest_start(msg, NL80211_ATTR_UNSOL_BCAST_PROBE_RESP);
4505 	if (!attr ||
4506 	    nla_put_u32(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_INT,
4507 			params->unsol_bcast_probe_resp_interval) ||
4508 	    (params->unsol_bcast_probe_resp_tmpl &&
4509 	     nla_put(msg, NL80211_UNSOL_BCAST_PROBE_RESP_ATTR_TMPL,
4510 		     params->unsol_bcast_probe_resp_tmpl_len,
4511 		     params->unsol_bcast_probe_resp_tmpl)))
4512 		return -1;
4513 
4514 	nla_nest_end(msg, attr);
4515 	return 0;
4516 }
4517 #endif /* CONFIG_IEEE80211AX */
4518 
4519 
4520 static int wpa_driver_nl80211_set_ap(void *priv,
4521 				     struct wpa_driver_ap_params *params)
4522 {
4523 	struct i802_bss *bss = priv;
4524 	struct wpa_driver_nl80211_data *drv = bss->drv;
4525 	struct nl_msg *msg;
4526 	u8 cmd = NL80211_CMD_NEW_BEACON;
4527 	int ret = -ENOBUFS;
4528 	int beacon_set;
4529 	int num_suites;
4530 	u32 suites[20], suite;
4531 	u32 ver;
4532 #ifdef CONFIG_MESH
4533 	struct wpa_driver_mesh_bss_params mesh_params;
4534 #endif /* CONFIG_MESH */
4535 
4536 	beacon_set = params->reenable ? 0 : bss->beacon_set;
4537 
4538 	wpa_printf(MSG_DEBUG, "nl80211: Set beacon (beacon_set=%d)",
4539 		   beacon_set);
4540 	if (beacon_set)
4541 		cmd = NL80211_CMD_SET_BEACON;
4542 	else if (!drv->device_ap_sme && !drv->use_monitor &&
4543 		 !nl80211_get_wiphy_data_ap(bss))
4544 		return -ENOBUFS;
4545 
4546 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon head",
4547 		    params->head, params->head_len);
4548 	wpa_hexdump(MSG_DEBUG, "nl80211: Beacon tail",
4549 		    params->tail, params->tail_len);
4550 	wpa_printf(MSG_DEBUG, "nl80211: ifindex=%d", bss->ifindex);
4551 	wpa_printf(MSG_DEBUG, "nl80211: beacon_int=%d", params->beacon_int);
4552 	wpa_printf(MSG_DEBUG, "nl80211: beacon_rate=%u", params->beacon_rate);
4553 	wpa_printf(MSG_DEBUG, "nl80211: rate_type=%d", params->rate_type);
4554 	wpa_printf(MSG_DEBUG, "nl80211: dtim_period=%d", params->dtim_period);
4555 	wpa_printf(MSG_DEBUG, "nl80211: ssid=%s",
4556 		   wpa_ssid_txt(params->ssid, params->ssid_len));
4557 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
4558 	    nla_put(msg, NL80211_ATTR_BEACON_HEAD, params->head_len,
4559 		    params->head) ||
4560 	    nla_put(msg, NL80211_ATTR_BEACON_TAIL, params->tail_len,
4561 		    params->tail) ||
4562 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
4563 	    nl80211_put_beacon_rate(msg, drv->capa.flags, drv->capa.flags2,
4564 				    params) ||
4565 	    nl80211_put_dtim_period(msg, params->dtim_period) ||
4566 	    nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
4567 		goto fail;
4568 	if (params->proberesp && params->proberesp_len) {
4569 		wpa_hexdump(MSG_DEBUG, "nl80211: proberesp (offload)",
4570 			    params->proberesp, params->proberesp_len);
4571 		if (nla_put(msg, NL80211_ATTR_PROBE_RESP, params->proberesp_len,
4572 			    params->proberesp))
4573 			goto fail;
4574 	}
4575 	switch (params->hide_ssid) {
4576 	case NO_SSID_HIDING:
4577 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID not in use");
4578 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4579 				NL80211_HIDDEN_SSID_NOT_IN_USE))
4580 			goto fail;
4581 		break;
4582 	case HIDDEN_SSID_ZERO_LEN:
4583 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero len");
4584 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4585 				NL80211_HIDDEN_SSID_ZERO_LEN))
4586 			goto fail;
4587 		break;
4588 	case HIDDEN_SSID_ZERO_CONTENTS:
4589 		wpa_printf(MSG_DEBUG, "nl80211: hidden SSID zero contents");
4590 		if (nla_put_u32(msg, NL80211_ATTR_HIDDEN_SSID,
4591 				NL80211_HIDDEN_SSID_ZERO_CONTENTS))
4592 			goto fail;
4593 		break;
4594 	}
4595 	wpa_printf(MSG_DEBUG, "nl80211: privacy=%d", params->privacy);
4596 	if (params->privacy &&
4597 	    nla_put_flag(msg, NL80211_ATTR_PRIVACY))
4598 		goto fail;
4599 	wpa_printf(MSG_DEBUG, "nl80211: auth_algs=0x%x", params->auth_algs);
4600 	if ((params->auth_algs & (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) ==
4601 	    (WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED)) {
4602 		/* Leave out the attribute */
4603 	} else if (params->auth_algs & WPA_AUTH_ALG_SHARED) {
4604 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
4605 				NL80211_AUTHTYPE_SHARED_KEY))
4606 			goto fail;
4607 	} else {
4608 		if (nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE,
4609 				NL80211_AUTHTYPE_OPEN_SYSTEM))
4610 			goto fail;
4611 	}
4612 
4613 	wpa_printf(MSG_DEBUG, "nl80211: wpa_version=0x%x", params->wpa_version);
4614 	ver = 0;
4615 	if (params->wpa_version & WPA_PROTO_WPA)
4616 		ver |= NL80211_WPA_VERSION_1;
4617 	if (params->wpa_version & WPA_PROTO_RSN)
4618 		ver |= NL80211_WPA_VERSION_2;
4619 	if (ver &&
4620 	    nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
4621 		goto fail;
4622 
4623 	wpa_printf(MSG_DEBUG, "nl80211: key_mgmt_suites=0x%x",
4624 		   params->key_mgmt_suites);
4625 	num_suites = wpa_key_mgmt_to_suites(params->key_mgmt_suites,
4626 					    suites, ARRAY_SIZE(suites));
4627 	if (num_suites > NL80211_MAX_NR_AKM_SUITES)
4628 		wpa_printf(MSG_DEBUG,
4629 			   "nl80211: Not enough room for all AKM suites (num_suites=%d > NL80211_MAX_NR_AKM_SUITES)",
4630 			   num_suites);
4631 	else if (num_suites &&
4632 		 nla_put(msg, NL80211_ATTR_AKM_SUITES, num_suites * sizeof(u32),
4633 			 suites))
4634 		goto fail;
4635 
4636 	if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
4637 	    (!params->pairwise_ciphers ||
4638 	     params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)) &&
4639 	    (nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
4640 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
4641 		goto fail;
4642 
4643 	if (drv->device_ap_sme &&
4644 	    (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
4645 	    nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
4646 		goto fail;
4647 
4648 	wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
4649 		   params->pairwise_ciphers);
4650 	num_suites = wpa_cipher_to_cipher_suites(params->pairwise_ciphers,
4651 						 suites, ARRAY_SIZE(suites));
4652 	if (num_suites &&
4653 	    nla_put(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
4654 		    num_suites * sizeof(u32), suites))
4655 		goto fail;
4656 
4657 	wpa_printf(MSG_DEBUG, "nl80211: group_cipher=0x%x",
4658 		   params->group_cipher);
4659 	suite = wpa_cipher_to_cipher_suite(params->group_cipher);
4660 	if (suite &&
4661 	    nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
4662 		goto fail;
4663 
4664 	if (params->beacon_ies) {
4665 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
4666 				params->beacon_ies);
4667 		if (nla_put(msg, NL80211_ATTR_IE,
4668 			    wpabuf_len(params->beacon_ies),
4669 			    wpabuf_head(params->beacon_ies)))
4670 			goto fail;
4671 	}
4672 	if (params->proberesp_ies) {
4673 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: proberesp_ies",
4674 				params->proberesp_ies);
4675 		if (nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
4676 			    wpabuf_len(params->proberesp_ies),
4677 			    wpabuf_head(params->proberesp_ies)))
4678 			goto fail;
4679 	}
4680 	if (params->assocresp_ies) {
4681 		wpa_hexdump_buf(MSG_DEBUG, "nl80211: assocresp_ies",
4682 				params->assocresp_ies);
4683 		if (nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
4684 			    wpabuf_len(params->assocresp_ies),
4685 			    wpabuf_head(params->assocresp_ies)))
4686 			goto fail;
4687 	}
4688 
4689 	if (drv->capa.flags & WPA_DRIVER_FLAGS_INACTIVITY_TIMER)  {
4690 		wpa_printf(MSG_DEBUG, "nl80211: ap_max_inactivity=%d",
4691 			   params->ap_max_inactivity);
4692 		if (nla_put_u16(msg, NL80211_ATTR_INACTIVITY_TIMEOUT,
4693 				params->ap_max_inactivity))
4694 			goto fail;
4695 	}
4696 
4697 #ifdef CONFIG_P2P
4698 	if (params->p2p_go_ctwindow > 0) {
4699 		if (drv->p2p_go_ctwindow_supported) {
4700 			wpa_printf(MSG_DEBUG, "nl80211: P2P GO ctwindow=%d",
4701 				   params->p2p_go_ctwindow);
4702 			if (nla_put_u8(msg, NL80211_ATTR_P2P_CTWINDOW,
4703 				       params->p2p_go_ctwindow))
4704 				goto fail;
4705 		} else {
4706 			wpa_printf(MSG_INFO,
4707 				   "nl80211: Driver does not support CTWindow configuration - ignore this parameter");
4708 		}
4709 	}
4710 #endif /* CONFIG_P2P */
4711 
4712 	if (params->pbss) {
4713 		wpa_printf(MSG_DEBUG, "nl80211: PBSS");
4714 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
4715 			goto fail;
4716 	}
4717 
4718 	if (params->ftm_responder) {
4719 		struct nlattr *ftm;
4720 
4721 		if (!(drv->capa.flags & WPA_DRIVER_FLAGS_FTM_RESPONDER)) {
4722 			ret = -ENOTSUP;
4723 			goto fail;
4724 		}
4725 
4726 		ftm = nla_nest_start(msg, NL80211_ATTR_FTM_RESPONDER);
4727 		if (!ftm ||
4728 		    nla_put_flag(msg, NL80211_FTM_RESP_ATTR_ENABLED) ||
4729 		    (params->lci &&
4730 		     nla_put(msg, NL80211_FTM_RESP_ATTR_LCI,
4731 			     wpabuf_len(params->lci),
4732 			     wpabuf_head(params->lci))) ||
4733 		    (params->civic &&
4734 		     nla_put(msg, NL80211_FTM_RESP_ATTR_CIVICLOC,
4735 			     wpabuf_len(params->civic),
4736 			     wpabuf_head(params->civic))))
4737 			goto fail;
4738 		nla_nest_end(msg, ftm);
4739 	}
4740 
4741 #ifdef CONFIG_IEEE80211AX
4742 	if (params->he_spr_ctrl) {
4743 		struct nlattr *spr;
4744 
4745 		spr = nla_nest_start(msg, NL80211_ATTR_HE_OBSS_PD);
4746 		wpa_printf(MSG_DEBUG, "nl80211: he_spr_ctrl=0x%x",
4747 			   params->he_spr_ctrl);
4748 
4749 		if (!spr ||
4750 		    nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_SR_CTRL,
4751 			       params->he_spr_ctrl) ||
4752 		    ((params->he_spr_ctrl &
4753 		      SPATIAL_REUSE_NON_SRG_OFFSET_PRESENT) &&
4754 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_NON_SRG_MAX_OFFSET,
4755 				params->he_spr_non_srg_obss_pd_max_offset)))
4756 			goto fail;
4757 
4758 		if ((params->he_spr_ctrl &
4759 		     SPATIAL_REUSE_SRG_INFORMATION_PRESENT) &&
4760 		    (nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
4761 				params->he_spr_srg_obss_pd_min_offset) ||
4762 		     nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
4763 				params->he_spr_srg_obss_pd_max_offset) ||
4764 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_BSS_COLOR_BITMAP,
4765 			     sizeof(params->he_spr_bss_color_bitmap),
4766 			     params->he_spr_bss_color_bitmap) ||
4767 		     nla_put(msg, NL80211_HE_OBSS_PD_ATTR_PARTIAL_BSSID_BITMAP,
4768 			     sizeof(params->he_spr_partial_bssid_bitmap),
4769 			     params->he_spr_partial_bssid_bitmap)))
4770 			goto fail;
4771 
4772 		nla_nest_end(msg, spr);
4773 	}
4774 
4775 	if (params->freq && params->freq->he_enabled) {
4776 		struct nlattr *bss_color;
4777 
4778 		bss_color = nla_nest_start(msg, NL80211_ATTR_HE_BSS_COLOR);
4779 		if (!bss_color ||
4780 		    (params->he_bss_color_disabled &&
4781 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_DISABLED)) ||
4782 		    (params->he_bss_color_partial &&
4783 		     nla_put_flag(msg, NL80211_HE_BSS_COLOR_ATTR_PARTIAL)) ||
4784 		    nla_put_u8(msg, NL80211_HE_BSS_COLOR_ATTR_COLOR,
4785 			       params->he_bss_color))
4786 			goto fail;
4787 		nla_nest_end(msg, bss_color);
4788 	}
4789 
4790 	if (params->twt_responder) {
4791 		wpa_printf(MSG_DEBUG, "nl80211: twt_responder=%d",
4792 			   params->twt_responder);
4793 		if (nla_put_flag(msg, NL80211_ATTR_TWT_RESPONDER))
4794 			goto fail;
4795 	}
4796 
4797 	if (params->unsol_bcast_probe_resp_interval &&
4798 	    nl80211_unsol_bcast_probe_resp(bss, msg, params) < 0)
4799 		goto fail;
4800 #endif /* CONFIG_IEEE80211AX */
4801 
4802 #ifdef CONFIG_SAE
4803 	if (((params->key_mgmt_suites & WPA_KEY_MGMT_SAE) ||
4804 	     (params->key_mgmt_suites & WPA_KEY_MGMT_FT_SAE)) &&
4805 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
4806 		goto fail;
4807 #endif /* CONFIG_SAE */
4808 
4809 #ifdef CONFIG_FILS
4810 	if (params->fd_max_int && nl80211_fils_discovery(bss, msg, params) < 0)
4811 		goto fail;
4812 #endif /* CONFIG_FILS */
4813 
4814 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
4815 	if (ret) {
4816 		wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
4817 			   ret, strerror(-ret));
4818 	} else {
4819 		bss->beacon_set = 1;
4820 		nl80211_set_bss(bss, params->cts_protect, params->preamble,
4821 				params->short_slot_time, params->ht_opmode,
4822 				params->isolate, params->basic_rates);
4823 		nl80211_set_multicast_to_unicast(bss,
4824 						 params->multicast_to_unicast);
4825 		if (beacon_set && params->freq &&
4826 		    params->freq->bandwidth != bss->bandwidth) {
4827 			wpa_printf(MSG_DEBUG,
4828 				   "nl80211: Update BSS %s bandwidth: %d -> %d",
4829 				   bss->ifname, bss->bandwidth,
4830 				   params->freq->bandwidth);
4831 			ret = nl80211_set_channel(bss, params->freq, 1);
4832 			if (ret) {
4833 				wpa_printf(MSG_DEBUG,
4834 					   "nl80211: Frequency set failed: %d (%s)",
4835 					   ret, strerror(-ret));
4836 			} else {
4837 				wpa_printf(MSG_DEBUG,
4838 					   "nl80211: Frequency set succeeded for ht2040 coex");
4839 				bss->bandwidth = params->freq->bandwidth;
4840 			}
4841 		} else if (!beacon_set && params->freq) {
4842 			/*
4843 			 * cfg80211 updates the driver on frequence change in AP
4844 			 * mode only at the point when beaconing is started, so
4845 			 * set the initial value here.
4846 			 */
4847 			bss->bandwidth = params->freq->bandwidth;
4848 		}
4849 	}
4850 
4851 #ifdef CONFIG_MESH
4852 	if (is_mesh_interface(drv->nlmode) && params->ht_opmode != -1) {
4853 		os_memset(&mesh_params, 0, sizeof(mesh_params));
4854 		mesh_params.flags |= WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE;
4855 		mesh_params.ht_opmode = params->ht_opmode;
4856 		ret = nl80211_set_mesh_config(priv, &mesh_params);
4857 		if (ret < 0)
4858 			return ret;
4859 	}
4860 #endif /* CONFIG_MESH */
4861 
4862 	return ret;
4863 fail:
4864 	nlmsg_free(msg);
4865 	return ret;
4866 }
4867 
4868 
4869 static int nl80211_put_freq_params(struct nl_msg *msg,
4870 				   const struct hostapd_freq_params *freq)
4871 {
4872 	enum hostapd_hw_mode hw_mode;
4873 	int is_24ghz;
4874 	u8 channel;
4875 
4876 	wpa_printf(MSG_DEBUG, "  * freq=%d", freq->freq);
4877 	if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq))
4878 		return -ENOBUFS;
4879 
4880 	wpa_printf(MSG_DEBUG, "  * he_enabled=%d", freq->he_enabled);
4881 	wpa_printf(MSG_DEBUG, "  * vht_enabled=%d", freq->vht_enabled);
4882 	wpa_printf(MSG_DEBUG, "  * ht_enabled=%d", freq->ht_enabled);
4883 
4884 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
4885 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
4886 		hw_mode == HOSTAPD_MODE_IEEE80211B;
4887 
4888 	if (freq->vht_enabled || (freq->he_enabled && !is_24ghz)) {
4889 		enum nl80211_chan_width cw;
4890 
4891 		wpa_printf(MSG_DEBUG, "  * bandwidth=%d", freq->bandwidth);
4892 		switch (freq->bandwidth) {
4893 		case 20:
4894 			cw = NL80211_CHAN_WIDTH_20;
4895 			break;
4896 		case 40:
4897 			cw = NL80211_CHAN_WIDTH_40;
4898 			break;
4899 		case 80:
4900 			if (freq->center_freq2)
4901 				cw = NL80211_CHAN_WIDTH_80P80;
4902 			else
4903 				cw = NL80211_CHAN_WIDTH_80;
4904 			break;
4905 		case 160:
4906 			cw = NL80211_CHAN_WIDTH_160;
4907 			break;
4908 		default:
4909 			return -EINVAL;
4910 		}
4911 
4912 		wpa_printf(MSG_DEBUG, "  * channel_width=%d", cw);
4913 		wpa_printf(MSG_DEBUG, "  * center_freq1=%d",
4914 			   freq->center_freq1);
4915 		wpa_printf(MSG_DEBUG, "  * center_freq2=%d",
4916 			   freq->center_freq2);
4917 		if (nla_put_u32(msg, NL80211_ATTR_CHANNEL_WIDTH, cw) ||
4918 		    nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ1,
4919 				freq->center_freq1) ||
4920 		    (freq->center_freq2 &&
4921 		     nla_put_u32(msg, NL80211_ATTR_CENTER_FREQ2,
4922 				 freq->center_freq2)))
4923 			return -ENOBUFS;
4924 	} else if (freq->ht_enabled) {
4925 		enum nl80211_channel_type ct;
4926 
4927 		wpa_printf(MSG_DEBUG, "  * sec_channel_offset=%d",
4928 			   freq->sec_channel_offset);
4929 		switch (freq->sec_channel_offset) {
4930 		case -1:
4931 			ct = NL80211_CHAN_HT40MINUS;
4932 			break;
4933 		case 1:
4934 			ct = NL80211_CHAN_HT40PLUS;
4935 			break;
4936 		default:
4937 			ct = NL80211_CHAN_HT20;
4938 			break;
4939 		}
4940 
4941 		wpa_printf(MSG_DEBUG, "  * channel_type=%d", ct);
4942 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ct))
4943 			return -ENOBUFS;
4944 	} else if (freq->edmg.channels && freq->edmg.bw_config) {
4945 		wpa_printf(MSG_DEBUG,
4946 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
4947 			   freq->edmg.channels, freq->edmg.bw_config);
4948 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
4949 			       freq->edmg.channels) ||
4950 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
4951 			       freq->edmg.bw_config))
4952 			return -1;
4953 	} else {
4954 		wpa_printf(MSG_DEBUG, "  * channel_type=%d",
4955 			   NL80211_CHAN_NO_HT);
4956 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
4957 				NL80211_CHAN_NO_HT))
4958 			return -ENOBUFS;
4959 	}
4960 	return 0;
4961 }
4962 
4963 
4964 static int nl80211_set_channel(struct i802_bss *bss,
4965 			       struct hostapd_freq_params *freq, int set_chan)
4966 {
4967 	struct wpa_driver_nl80211_data *drv = bss->drv;
4968 	struct nl_msg *msg;
4969 	int ret;
4970 
4971 	wpa_printf(MSG_DEBUG,
4972 		   "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
4973 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
4974 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
4975 
4976 	msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
4977 			      NL80211_CMD_SET_WIPHY);
4978 	if (!msg || nl80211_put_freq_params(msg, freq) < 0) {
4979 		nlmsg_free(msg);
4980 		return -1;
4981 	}
4982 
4983 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
4984 	if (ret == 0) {
4985 		bss->freq = freq->freq;
4986 		return 0;
4987 	}
4988 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set channel (freq=%d): "
4989 		   "%d (%s)", freq->freq, ret, strerror(-ret));
4990 	return -1;
4991 }
4992 
4993 
4994 static u32 sta_flags_nl80211(int flags)
4995 {
4996 	u32 f = 0;
4997 
4998 	if (flags & WPA_STA_AUTHORIZED)
4999 		f |= BIT(NL80211_STA_FLAG_AUTHORIZED);
5000 	if (flags & WPA_STA_WMM)
5001 		f |= BIT(NL80211_STA_FLAG_WME);
5002 	if (flags & WPA_STA_SHORT_PREAMBLE)
5003 		f |= BIT(NL80211_STA_FLAG_SHORT_PREAMBLE);
5004 	if (flags & WPA_STA_MFP)
5005 		f |= BIT(NL80211_STA_FLAG_MFP);
5006 	if (flags & WPA_STA_TDLS_PEER)
5007 		f |= BIT(NL80211_STA_FLAG_TDLS_PEER);
5008 	if (flags & WPA_STA_AUTHENTICATED)
5009 		f |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5010 	if (flags & WPA_STA_ASSOCIATED)
5011 		f |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5012 
5013 	return f;
5014 }
5015 
5016 
5017 #ifdef CONFIG_MESH
5018 static u32 sta_plink_state_nl80211(enum mesh_plink_state state)
5019 {
5020 	switch (state) {
5021 	case PLINK_IDLE:
5022 		return NL80211_PLINK_LISTEN;
5023 	case PLINK_OPN_SNT:
5024 		return NL80211_PLINK_OPN_SNT;
5025 	case PLINK_OPN_RCVD:
5026 		return NL80211_PLINK_OPN_RCVD;
5027 	case PLINK_CNF_RCVD:
5028 		return NL80211_PLINK_CNF_RCVD;
5029 	case PLINK_ESTAB:
5030 		return NL80211_PLINK_ESTAB;
5031 	case PLINK_HOLDING:
5032 		return NL80211_PLINK_HOLDING;
5033 	case PLINK_BLOCKED:
5034 		return NL80211_PLINK_BLOCKED;
5035 	default:
5036 		wpa_printf(MSG_ERROR, "nl80211: Invalid mesh plink state %d",
5037 			   state);
5038 	}
5039 	return -1;
5040 }
5041 #endif /* CONFIG_MESH */
5042 
5043 
5044 static int wpa_driver_nl80211_sta_add(void *priv,
5045 				      struct hostapd_sta_add_params *params)
5046 {
5047 	struct i802_bss *bss = priv;
5048 	struct wpa_driver_nl80211_data *drv = bss->drv;
5049 	struct nl_msg *msg;
5050 	struct nl80211_sta_flag_update upd;
5051 	int ret = -ENOBUFS;
5052 
5053 	if ((params->flags & WPA_STA_TDLS_PEER) &&
5054 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
5055 		return -EOPNOTSUPP;
5056 
5057 	wpa_printf(MSG_DEBUG, "nl80211: %s STA " MACSTR,
5058 		   params->set ? "Set" : "Add", MAC2STR(params->addr));
5059 	msg = nl80211_bss_msg(bss, 0, params->set ? NL80211_CMD_SET_STATION :
5060 			      NL80211_CMD_NEW_STATION);
5061 	if (!msg || nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->addr))
5062 		goto fail;
5063 
5064 	/*
5065 	 * Set the below properties only in one of the following cases:
5066 	 * 1. New station is added, already associated.
5067 	 * 2. Set WPA_STA_TDLS_PEER station.
5068 	 * 3. Set an already added unassociated station, if driver supports
5069 	 * full AP client state. (Set these properties after station became
5070 	 * associated will be rejected by the driver).
5071 	 */
5072 	if (!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5073 	    (params->set && FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5074 	     (params->flags & WPA_STA_ASSOCIATED))) {
5075 		wpa_hexdump(MSG_DEBUG, "  * supported rates",
5076 			    params->supp_rates, params->supp_rates_len);
5077 		wpa_printf(MSG_DEBUG, "  * capability=0x%x",
5078 			   params->capability);
5079 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_RATES,
5080 			    params->supp_rates_len, params->supp_rates) ||
5081 		    nla_put_u16(msg, NL80211_ATTR_STA_CAPABILITY,
5082 				params->capability))
5083 			goto fail;
5084 
5085 		if (params->ht_capabilities) {
5086 			wpa_hexdump(MSG_DEBUG, "  * ht_capabilities",
5087 				    (u8 *) params->ht_capabilities,
5088 				    sizeof(*params->ht_capabilities));
5089 			if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY,
5090 				    sizeof(*params->ht_capabilities),
5091 				    params->ht_capabilities))
5092 				goto fail;
5093 		}
5094 
5095 		if (params->vht_capabilities) {
5096 			wpa_hexdump(MSG_DEBUG, "  * vht_capabilities",
5097 				    (u8 *) params->vht_capabilities,
5098 				    sizeof(*params->vht_capabilities));
5099 			if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY,
5100 				    sizeof(*params->vht_capabilities),
5101 				    params->vht_capabilities))
5102 				goto fail;
5103 		}
5104 
5105 		if (params->he_capab) {
5106 			wpa_hexdump(MSG_DEBUG, "  * he_capab",
5107 				    params->he_capab, params->he_capab_len);
5108 			if (nla_put(msg, NL80211_ATTR_HE_CAPABILITY,
5109 				    params->he_capab_len, params->he_capab))
5110 				goto fail;
5111 		}
5112 
5113 		if (params->he_6ghz_capab) {
5114 			wpa_hexdump(MSG_DEBUG, "  * he_6ghz_capab",
5115 				    params->he_6ghz_capab,
5116 				    sizeof(*params->he_6ghz_capab));
5117 			if (nla_put(msg, NL80211_ATTR_HE_6GHZ_CAPABILITY,
5118 				    sizeof(*params->he_6ghz_capab),
5119 				    params->he_6ghz_capab))
5120 				goto fail;
5121 		}
5122 
5123 		if (params->ext_capab) {
5124 			wpa_hexdump(MSG_DEBUG, "  * ext_capab",
5125 				    params->ext_capab, params->ext_capab_len);
5126 			if (nla_put(msg, NL80211_ATTR_STA_EXT_CAPABILITY,
5127 				    params->ext_capab_len, params->ext_capab))
5128 				goto fail;
5129 		}
5130 
5131 		if (is_ap_interface(drv->nlmode) &&
5132 		    nla_put_u8(msg, NL80211_ATTR_STA_SUPPORT_P2P_PS,
5133 			       params->support_p2p_ps ?
5134 			       NL80211_P2P_PS_SUPPORTED :
5135 			       NL80211_P2P_PS_UNSUPPORTED))
5136 			goto fail;
5137 	}
5138 	if (!params->set) {
5139 		if (params->aid) {
5140 			wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5141 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid))
5142 				goto fail;
5143 		} else {
5144 			/*
5145 			 * cfg80211 validates that AID is non-zero, so we have
5146 			 * to make this a non-zero value for the TDLS case where
5147 			 * a dummy STA entry is used for now and for a station
5148 			 * that is still not associated.
5149 			 */
5150 			wpa_printf(MSG_DEBUG, "  * aid=1 (%s workaround)",
5151 				   (params->flags & WPA_STA_TDLS_PEER) ?
5152 				   "TDLS" : "UNASSOC_STA");
5153 			if (nla_put_u16(msg, NL80211_ATTR_STA_AID, 1))
5154 				goto fail;
5155 		}
5156 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5157 			   params->listen_interval);
5158 		if (nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5159 				params->listen_interval))
5160 			goto fail;
5161 	} else if (params->aid && (params->flags & WPA_STA_TDLS_PEER)) {
5162 		wpa_printf(MSG_DEBUG, "  * peer_aid=%u", params->aid);
5163 		if (nla_put_u16(msg, NL80211_ATTR_PEER_AID, params->aid))
5164 			goto fail;
5165 	} else if (FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags) &&
5166 		   (params->flags & WPA_STA_ASSOCIATED)) {
5167 		wpa_printf(MSG_DEBUG, "  * aid=%u", params->aid);
5168 		wpa_printf(MSG_DEBUG, "  * listen_interval=%u",
5169 			   params->listen_interval);
5170 		if (nla_put_u16(msg, NL80211_ATTR_STA_AID, params->aid) ||
5171 		    nla_put_u16(msg, NL80211_ATTR_STA_LISTEN_INTERVAL,
5172 				params->listen_interval))
5173 			goto fail;
5174 	}
5175 
5176 	if (params->vht_opmode_enabled) {
5177 		wpa_printf(MSG_DEBUG, "  * opmode=%u", params->vht_opmode);
5178 		if (nla_put_u8(msg, NL80211_ATTR_OPMODE_NOTIF,
5179 			       params->vht_opmode))
5180 			goto fail;
5181 	}
5182 
5183 	if (params->supp_channels) {
5184 		wpa_hexdump(MSG_DEBUG, "  * supported channels",
5185 			    params->supp_channels, params->supp_channels_len);
5186 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_CHANNELS,
5187 			    params->supp_channels_len, params->supp_channels))
5188 			goto fail;
5189 	}
5190 
5191 	if (params->supp_oper_classes) {
5192 		wpa_hexdump(MSG_DEBUG, "  * supported operating classes",
5193 			    params->supp_oper_classes,
5194 			    params->supp_oper_classes_len);
5195 		if (nla_put(msg, NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES,
5196 			    params->supp_oper_classes_len,
5197 			    params->supp_oper_classes))
5198 			goto fail;
5199 	}
5200 
5201 	os_memset(&upd, 0, sizeof(upd));
5202 	upd.set = sta_flags_nl80211(params->flags);
5203 	upd.mask = upd.set | sta_flags_nl80211(params->flags_mask);
5204 
5205 	/*
5206 	 * If the driver doesn't support full AP client state, ignore ASSOC/AUTH
5207 	 * flags, as nl80211 driver moves a new station, by default, into
5208 	 * associated state.
5209 	 *
5210 	 * On the other hand, if the driver supports that feature and the
5211 	 * station is added in unauthenticated state, set the
5212 	 * authenticated/associated bits in the mask to prevent moving this
5213 	 * station to associated state before it is actually associated.
5214 	 *
5215 	 * This is irrelevant for mesh mode where the station is added to the
5216 	 * driver as authenticated already, and ASSOCIATED isn't part of the
5217 	 * nl80211 API.
5218 	 */
5219 	if (!is_mesh_interface(drv->nlmode)) {
5220 		if (!FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) {
5221 			wpa_printf(MSG_DEBUG,
5222 				   "nl80211: Ignore ASSOC/AUTH flags since driver doesn't support full AP client state");
5223 			upd.mask &= ~(BIT(NL80211_STA_FLAG_ASSOCIATED) |
5224 				      BIT(NL80211_STA_FLAG_AUTHENTICATED));
5225 		} else if (!params->set &&
5226 			   !(params->flags & WPA_STA_TDLS_PEER)) {
5227 			if (!(params->flags & WPA_STA_AUTHENTICATED))
5228 				upd.mask |= BIT(NL80211_STA_FLAG_AUTHENTICATED);
5229 			if (!(params->flags & WPA_STA_ASSOCIATED))
5230 				upd.mask |= BIT(NL80211_STA_FLAG_ASSOCIATED);
5231 		}
5232 #ifdef CONFIG_MESH
5233 	} else {
5234 		if (params->plink_state == PLINK_ESTAB && params->peer_aid) {
5235 			ret = nla_put_u16(msg, NL80211_ATTR_MESH_PEER_AID,
5236 					  params->peer_aid);
5237 			if (ret)
5238 				goto fail;
5239 		}
5240 #endif /* CONFIG_MESH */
5241 	}
5242 
5243 	wpa_printf(MSG_DEBUG, "  * flags set=0x%x mask=0x%x",
5244 		   upd.set, upd.mask);
5245 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
5246 		goto fail;
5247 
5248 #ifdef CONFIG_MESH
5249 	if (params->plink_state &&
5250 	    nla_put_u8(msg, NL80211_ATTR_STA_PLINK_STATE,
5251 		       sta_plink_state_nl80211(params->plink_state)))
5252 		goto fail;
5253 #endif /* CONFIG_MESH */
5254 
5255 	if ((!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
5256 	     FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) &&
5257 	     (params->flags & WPA_STA_WMM)) {
5258 		struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
5259 
5260 		wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
5261 		if (!wme ||
5262 		    nla_put_u8(msg, NL80211_STA_WME_UAPSD_QUEUES,
5263 			       params->qosinfo & WMM_QOSINFO_STA_AC_MASK) ||
5264 		    nla_put_u8(msg, NL80211_STA_WME_MAX_SP,
5265 			       (params->qosinfo >> WMM_QOSINFO_STA_SP_SHIFT) &
5266 			       WMM_QOSINFO_STA_SP_MASK))
5267 			goto fail;
5268 		nla_nest_end(msg, wme);
5269 	}
5270 
5271 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
5272 	msg = NULL;
5273 	if (ret)
5274 		wpa_printf(MSG_DEBUG, "nl80211: NL80211_CMD_%s_STATION "
5275 			   "result: %d (%s)", params->set ? "SET" : "NEW", ret,
5276 			   strerror(-ret));
5277 	if (ret == -EEXIST)
5278 		ret = 0;
5279 fail:
5280 	nlmsg_free(msg);
5281 	return ret;
5282 }
5283 
5284 
5285 static void rtnl_neigh_delete_fdb_entry(struct i802_bss *bss, const u8 *addr)
5286 {
5287 #ifdef CONFIG_LIBNL3_ROUTE
5288 	struct wpa_driver_nl80211_data *drv = bss->drv;
5289 	struct rtnl_neigh *rn;
5290 	struct nl_addr *nl_addr;
5291 	int err;
5292 
5293 	rn = rtnl_neigh_alloc();
5294 	if (!rn)
5295 		return;
5296 
5297 	rtnl_neigh_set_family(rn, AF_BRIDGE);
5298 	rtnl_neigh_set_ifindex(rn, bss->ifindex);
5299 	nl_addr = nl_addr_build(AF_BRIDGE, (void *) addr, ETH_ALEN);
5300 	if (!nl_addr) {
5301 		rtnl_neigh_put(rn);
5302 		return;
5303 	}
5304 	rtnl_neigh_set_lladdr(rn, nl_addr);
5305 
5306 	err = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
5307 	if (err < 0) {
5308 		wpa_printf(MSG_DEBUG, "nl80211: bridge FDB entry delete for "
5309 			   MACSTR " ifindex=%d failed: %s", MAC2STR(addr),
5310 			   bss->ifindex, nl_geterror(err));
5311 	} else {
5312 		wpa_printf(MSG_DEBUG, "nl80211: deleted bridge FDB entry for "
5313 			   MACSTR, MAC2STR(addr));
5314 	}
5315 
5316 	nl_addr_put(nl_addr);
5317 	rtnl_neigh_put(rn);
5318 #endif /* CONFIG_LIBNL3_ROUTE */
5319 }
5320 
5321 
5322 static int wpa_driver_nl80211_sta_remove(struct i802_bss *bss, const u8 *addr,
5323 					 int deauth, u16 reason_code)
5324 {
5325 	struct wpa_driver_nl80211_data *drv = bss->drv;
5326 	struct nl_msg *msg;
5327 	int ret;
5328 
5329 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION)) ||
5330 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5331 	    (deauth == 0 &&
5332 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5333 			WLAN_FC_STYPE_DISASSOC)) ||
5334 	    (deauth == 1 &&
5335 	     nla_put_u8(msg, NL80211_ATTR_MGMT_SUBTYPE,
5336 			WLAN_FC_STYPE_DEAUTH)) ||
5337 	    (reason_code &&
5338 	     nla_put_u16(msg, NL80211_ATTR_REASON_CODE, reason_code))) {
5339 		nlmsg_free(msg);
5340 		return -ENOBUFS;
5341 	}
5342 
5343 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
5344 	wpa_printf(MSG_DEBUG, "nl80211: sta_remove -> DEL_STATION %s " MACSTR
5345 		   " --> %d (%s)",
5346 		   bss->ifname, MAC2STR(addr), ret, strerror(-ret));
5347 
5348 	if (drv->rtnl_sk)
5349 		rtnl_neigh_delete_fdb_entry(bss, addr);
5350 
5351 	if (ret == -ENOENT)
5352 		return 0;
5353 	return ret;
5354 }
5355 
5356 
5357 void nl80211_remove_iface(struct wpa_driver_nl80211_data *drv, int ifidx)
5358 {
5359 	struct nl_msg *msg;
5360 	struct wpa_driver_nl80211_data *drv2;
5361 
5362 	wpa_printf(MSG_DEBUG, "nl80211: Remove interface ifindex=%d", ifidx);
5363 
5364 	/* stop listening for EAPOL on this interface */
5365 	dl_list_for_each(drv2, &drv->global->interfaces,
5366 			 struct wpa_driver_nl80211_data, list)
5367 	{
5368 		del_ifidx(drv2, ifidx, IFIDX_ANY);
5369 		/* Remove all bridges learned for this iface */
5370 		del_ifidx(drv2, IFIDX_ANY, ifidx);
5371 	}
5372 
5373 	msg = nl80211_ifindex_msg(drv, ifidx, 0, NL80211_CMD_DEL_INTERFACE);
5374 	if (send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL) == 0)
5375 		return;
5376 	wpa_printf(MSG_ERROR, "Failed to remove interface (ifidx=%d)", ifidx);
5377 }
5378 
5379 
5380 const char * nl80211_iftype_str(enum nl80211_iftype mode)
5381 {
5382 	switch (mode) {
5383 	case NL80211_IFTYPE_ADHOC:
5384 		return "ADHOC";
5385 	case NL80211_IFTYPE_STATION:
5386 		return "STATION";
5387 	case NL80211_IFTYPE_AP:
5388 		return "AP";
5389 	case NL80211_IFTYPE_AP_VLAN:
5390 		return "AP_VLAN";
5391 	case NL80211_IFTYPE_WDS:
5392 		return "WDS";
5393 	case NL80211_IFTYPE_MONITOR:
5394 		return "MONITOR";
5395 	case NL80211_IFTYPE_MESH_POINT:
5396 		return "MESH_POINT";
5397 	case NL80211_IFTYPE_P2P_CLIENT:
5398 		return "P2P_CLIENT";
5399 	case NL80211_IFTYPE_P2P_GO:
5400 		return "P2P_GO";
5401 	case NL80211_IFTYPE_P2P_DEVICE:
5402 		return "P2P_DEVICE";
5403 	case NL80211_IFTYPE_OCB:
5404 		return "OCB";
5405 	case NL80211_IFTYPE_NAN:
5406 		return "NAN";
5407 	default:
5408 		return "unknown";
5409 	}
5410 }
5411 
5412 
5413 static int nl80211_create_iface_once(struct wpa_driver_nl80211_data *drv,
5414 				     const char *ifname,
5415 				     enum nl80211_iftype iftype,
5416 				     const u8 *addr, int wds,
5417 				     int (*handler)(struct nl_msg *, void *),
5418 				     void *arg)
5419 {
5420 	struct nl_msg *msg;
5421 	int ifidx;
5422 	int ret = -ENOBUFS;
5423 
5424 	wpa_printf(MSG_DEBUG, "nl80211: Create interface iftype %d (%s)",
5425 		   iftype, nl80211_iftype_str(iftype));
5426 
5427 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_NEW_INTERFACE);
5428 	if (!msg ||
5429 	    nla_put_string(msg, NL80211_ATTR_IFNAME, ifname) ||
5430 	    nla_put_u32(msg, NL80211_ATTR_IFTYPE, iftype))
5431 		goto fail;
5432 
5433 	if (iftype == NL80211_IFTYPE_MONITOR) {
5434 		struct nlattr *flags;
5435 
5436 		flags = nla_nest_start(msg, NL80211_ATTR_MNTR_FLAGS);
5437 		if (!flags ||
5438 		    nla_put_flag(msg, NL80211_MNTR_FLAG_COOK_FRAMES))
5439 			goto fail;
5440 
5441 		nla_nest_end(msg, flags);
5442 	} else if (wds) {
5443 		if (nla_put_u8(msg, NL80211_ATTR_4ADDR, wds))
5444 			goto fail;
5445 	}
5446 
5447 	/*
5448 	 * Tell cfg80211 that the interface belongs to the socket that created
5449 	 * it, and the interface should be deleted when the socket is closed.
5450 	 */
5451 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
5452 		goto fail;
5453 
5454 	if ((addr && iftype == NL80211_IFTYPE_P2P_DEVICE) &&
5455 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
5456 		goto fail;
5457 
5458 	ret = send_and_recv_msgs(drv, msg, handler, arg, NULL, NULL);
5459 	msg = NULL;
5460 	if (ret) {
5461 	fail:
5462 		nlmsg_free(msg);
5463 		wpa_printf(MSG_ERROR, "Failed to create interface %s: %d (%s)",
5464 			   ifname, ret, strerror(-ret));
5465 		return ret;
5466 	}
5467 
5468 	if (iftype == NL80211_IFTYPE_P2P_DEVICE)
5469 		return 0;
5470 
5471 	ifidx = if_nametoindex(ifname);
5472 	wpa_printf(MSG_DEBUG, "nl80211: New interface %s created: ifindex=%d",
5473 		   ifname, ifidx);
5474 
5475 	if (ifidx <= 0)
5476 		return -1;
5477 
5478 	/*
5479 	 * Some virtual interfaces need to process EAPOL packets and events on
5480 	 * the parent interface. This is used mainly with hostapd.
5481 	 */
5482 	if (drv->hostapd ||
5483 	    iftype == NL80211_IFTYPE_AP_VLAN ||
5484 	    iftype == NL80211_IFTYPE_WDS ||
5485 	    iftype == NL80211_IFTYPE_MONITOR) {
5486 		/* start listening for EAPOL on this interface */
5487 		add_ifidx(drv, ifidx, IFIDX_ANY);
5488 	}
5489 
5490 	if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5491 	    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname, addr)) {
5492 		nl80211_remove_iface(drv, ifidx);
5493 		return -1;
5494 	}
5495 
5496 	return ifidx;
5497 }
5498 
5499 
5500 int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
5501 			 const char *ifname, enum nl80211_iftype iftype,
5502 			 const u8 *addr, int wds,
5503 			 int (*handler)(struct nl_msg *, void *),
5504 			 void *arg, int use_existing)
5505 {
5506 	int ret;
5507 
5508 	ret = nl80211_create_iface_once(drv, ifname, iftype, addr, wds, handler,
5509 					arg);
5510 
5511 	/* if error occurred and interface exists already */
5512 	if (ret == -ENFILE && if_nametoindex(ifname)) {
5513 		if (use_existing) {
5514 			wpa_printf(MSG_DEBUG, "nl80211: Continue using existing interface %s",
5515 				   ifname);
5516 			if (addr && iftype != NL80211_IFTYPE_MONITOR &&
5517 			    linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
5518 					       addr) < 0 &&
5519 			    (linux_set_iface_flags(drv->global->ioctl_sock,
5520 						   ifname, 0) < 0 ||
5521 			     linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
5522 						addr) < 0 ||
5523 			     linux_set_iface_flags(drv->global->ioctl_sock,
5524 						   ifname, 1) < 0))
5525 					return -1;
5526 			return -ENFILE;
5527 		}
5528 		wpa_printf(MSG_INFO, "Try to remove and re-create %s", ifname);
5529 
5530 		/* Try to remove the interface that was already there. */
5531 		nl80211_remove_iface(drv, if_nametoindex(ifname));
5532 
5533 		/* Try to create the interface again */
5534 		ret = nl80211_create_iface_once(drv, ifname, iftype, addr,
5535 						wds, handler, arg);
5536 	}
5537 
5538 	if (ret >= 0 && is_p2p_net_interface(iftype)) {
5539 		wpa_printf(MSG_DEBUG,
5540 			   "nl80211: Interface %s created for P2P - disable 11b rates",
5541 			   ifname);
5542 		nl80211_disable_11b_rates(drv, ret, 1);
5543 	}
5544 
5545 	return ret;
5546 }
5547 
5548 
5549 static int nl80211_setup_ap(struct i802_bss *bss)
5550 {
5551 	struct wpa_driver_nl80211_data *drv = bss->drv;
5552 
5553 	wpa_printf(MSG_DEBUG, "nl80211: Setup AP(%s) - device_ap_sme=%d use_monitor=%d",
5554 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
5555 
5556 	/*
5557 	 * Disable Probe Request reporting unless we need it in this way for
5558 	 * devices that include the AP SME, in the other case (unless using
5559 	 * monitor iface) we'll get it through the nl_mgmt socket instead.
5560 	 */
5561 	if (!drv->device_ap_sme)
5562 		wpa_driver_nl80211_probe_req_report(bss, 0);
5563 
5564 	if (!drv->device_ap_sme && !drv->use_monitor)
5565 		if (nl80211_mgmt_subscribe_ap(bss))
5566 			return -1;
5567 
5568 	if (drv->device_ap_sme && !drv->use_monitor)
5569 		if (nl80211_mgmt_subscribe_ap_dev_sme(bss))
5570 			wpa_printf(MSG_DEBUG,
5571 				   "nl80211: Failed to subscribe for mgmt frames from SME driver - trying to run without it");
5572 
5573 	if (!drv->device_ap_sme && drv->use_monitor &&
5574 	    nl80211_create_monitor_interface(drv) &&
5575 	    !drv->device_ap_sme)
5576 		return -1;
5577 
5578 	if (drv->device_ap_sme &&
5579 	    wpa_driver_nl80211_probe_req_report(bss, 1) < 0) {
5580 		wpa_printf(MSG_DEBUG, "nl80211: Failed to enable "
5581 			   "Probe Request frame reporting in AP mode");
5582 		/* Try to survive without this */
5583 	}
5584 
5585 	return 0;
5586 }
5587 
5588 
5589 static void nl80211_teardown_ap(struct i802_bss *bss)
5590 {
5591 	struct wpa_driver_nl80211_data *drv = bss->drv;
5592 
5593 	wpa_printf(MSG_DEBUG, "nl80211: Teardown AP(%s) - device_ap_sme=%d use_monitor=%d",
5594 		   bss->ifname, drv->device_ap_sme, drv->use_monitor);
5595 	if (drv->device_ap_sme) {
5596 		wpa_driver_nl80211_probe_req_report(bss, 0);
5597 		if (!drv->use_monitor)
5598 			nl80211_mgmt_unsubscribe(bss, "AP teardown (dev SME)");
5599 	} else if (drv->use_monitor)
5600 		nl80211_remove_monitor_interface(drv);
5601 	else
5602 		nl80211_mgmt_unsubscribe(bss, "AP teardown");
5603 
5604 	nl80211_put_wiphy_data_ap(bss);
5605 	bss->beacon_set = 0;
5606 }
5607 
5608 
5609 static int nl80211_tx_control_port(void *priv, const u8 *dest,
5610 				   u16 proto, const u8 *buf, size_t len,
5611 				   int no_encrypt)
5612 {
5613 	struct nl80211_ack_ext_arg ext_arg;
5614 	struct i802_bss *bss = priv;
5615 	struct nl_msg *msg;
5616 	u64 cookie = 0;
5617 	int ret;
5618 
5619 	wpa_printf(MSG_DEBUG,
5620 		   "nl80211: Send over control port dest=" MACSTR
5621 		   " proto=0x%04x len=%u no_encrypt=%d",
5622 		   MAC2STR(dest), proto, (unsigned int) len, no_encrypt);
5623 
5624 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CONTROL_PORT_FRAME);
5625 	if (!msg ||
5626 	    nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
5627 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dest) ||
5628 	    nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
5629 	    (no_encrypt &&
5630 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) {
5631 		nlmsg_free(msg);
5632 		return -ENOBUFS;
5633 	}
5634 
5635 	os_memset(&ext_arg, 0, sizeof(struct nl80211_ack_ext_arg));
5636 	ext_arg.ext_data = &cookie;
5637 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL,
5638 				 ack_handler_cookie, &ext_arg);
5639 	if (ret) {
5640 		wpa_printf(MSG_DEBUG,
5641 			   "nl80211: tx_control_port failed: ret=%d (%s)",
5642 			   ret, strerror(-ret));
5643 	} else {
5644 		struct wpa_driver_nl80211_data *drv = bss->drv;
5645 
5646 		wpa_printf(MSG_DEBUG,
5647 			   "nl80211: tx_control_port cookie=0x%llx",
5648 			   (long long unsigned int) cookie);
5649 		drv->eapol_tx_cookie = cookie;
5650 	}
5651 
5652 	return ret;
5653 }
5654 
5655 
5656 static int nl80211_send_eapol_data(struct i802_bss *bss,
5657 				   const u8 *addr, const u8 *data,
5658 				   size_t data_len)
5659 {
5660 	struct sockaddr_ll ll;
5661 	int ret;
5662 
5663 	if (bss->drv->eapol_tx_sock < 0) {
5664 		wpa_printf(MSG_DEBUG, "nl80211: No socket to send EAPOL");
5665 		return -1;
5666 	}
5667 
5668 	os_memset(&ll, 0, sizeof(ll));
5669 	ll.sll_family = AF_PACKET;
5670 	ll.sll_ifindex = bss->ifindex;
5671 	ll.sll_protocol = htons(ETH_P_PAE);
5672 	ll.sll_halen = ETH_ALEN;
5673 	os_memcpy(ll.sll_addr, addr, ETH_ALEN);
5674 	ret = sendto(bss->drv->eapol_tx_sock, data, data_len, 0,
5675 		     (struct sockaddr *) &ll, sizeof(ll));
5676 	if (ret < 0)
5677 		wpa_printf(MSG_ERROR, "nl80211: EAPOL TX: %s",
5678 			   strerror(errno));
5679 
5680 	return ret;
5681 }
5682 
5683 
5684 static const u8 rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 };
5685 
5686 static int wpa_driver_nl80211_hapd_send_eapol(
5687 	void *priv, const u8 *addr, const u8 *data,
5688 	size_t data_len, int encrypt, const u8 *own_addr, u32 flags)
5689 {
5690 	struct i802_bss *bss = priv;
5691 	struct wpa_driver_nl80211_data *drv = bss->drv;
5692 	struct ieee80211_hdr *hdr;
5693 	size_t len;
5694 	u8 *pos;
5695 	int res;
5696 	int qos = flags & WPA_STA_WMM;
5697 
5698 	/* For now, disable EAPOL TX over control port in AP mode by default
5699 	 * since it does not provide TX status notifications. */
5700 	if (drv->control_port_ap &&
5701 	    (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT))
5702 		return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
5703 					       data, data_len, !encrypt);
5704 
5705 	if (drv->device_ap_sme || !drv->use_monitor)
5706 		return nl80211_send_eapol_data(bss, addr, data, data_len);
5707 
5708 	len = sizeof(*hdr) + (qos ? 2 : 0) + sizeof(rfc1042_header) + 2 +
5709 		data_len;
5710 	hdr = os_zalloc(len);
5711 	if (hdr == NULL) {
5712 		wpa_printf(MSG_INFO, "nl80211: Failed to allocate EAPOL buffer(len=%lu)",
5713 			   (unsigned long) len);
5714 		return -1;
5715 	}
5716 
5717 	hdr->frame_control =
5718 		IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA);
5719 	hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS);
5720 	if (encrypt)
5721 		hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP);
5722 	if (qos) {
5723 		hdr->frame_control |=
5724 			host_to_le16(WLAN_FC_STYPE_QOS_DATA << 4);
5725 	}
5726 
5727 	memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN);
5728 	memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
5729 	memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
5730 	pos = (u8 *) (hdr + 1);
5731 
5732 	if (qos) {
5733 		/* Set highest priority in QoS header */
5734 		pos[0] = 7;
5735 		pos[1] = 0;
5736 		pos += 2;
5737 	}
5738 
5739 	memcpy(pos, rfc1042_header, sizeof(rfc1042_header));
5740 	pos += sizeof(rfc1042_header);
5741 	WPA_PUT_BE16(pos, ETH_P_PAE);
5742 	pos += 2;
5743 	memcpy(pos, data, data_len);
5744 
5745 	res = nl80211_send_monitor(drv, hdr, len, encrypt, 0);
5746 	if (res < 0) {
5747 		wpa_printf(MSG_ERROR,
5748 			   "hapd_send_eapol - packet len: %lu - failed",
5749 			   (unsigned long) len);
5750 	}
5751 	os_free(hdr);
5752 
5753 	return res;
5754 }
5755 
5756 
5757 static int wpa_driver_nl80211_sta_set_flags(void *priv, const u8 *addr,
5758 					    unsigned int total_flags,
5759 					    unsigned int flags_or,
5760 					    unsigned int flags_and)
5761 {
5762 	struct i802_bss *bss = priv;
5763 	struct nl_msg *msg;
5764 	struct nlattr *flags;
5765 	struct nl80211_sta_flag_update upd;
5766 
5767 	wpa_printf(MSG_DEBUG, "nl80211: Set STA flags - ifname=%s addr=" MACSTR
5768 		   " total_flags=0x%x flags_or=0x%x flags_and=0x%x authorized=%d",
5769 		   bss->ifname, MAC2STR(addr), total_flags, flags_or, flags_and,
5770 		   !!(total_flags & WPA_STA_AUTHORIZED));
5771 
5772 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5773 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr))
5774 		goto fail;
5775 
5776 	/*
5777 	 * Backwards compatibility version using NL80211_ATTR_STA_FLAGS. This
5778 	 * can be removed eventually.
5779 	 */
5780 	flags = nla_nest_start(msg, NL80211_ATTR_STA_FLAGS);
5781 	if (!flags ||
5782 	    ((total_flags & WPA_STA_AUTHORIZED) &&
5783 	     nla_put_flag(msg, NL80211_STA_FLAG_AUTHORIZED)) ||
5784 	    ((total_flags & WPA_STA_WMM) &&
5785 	     nla_put_flag(msg, NL80211_STA_FLAG_WME)) ||
5786 	    ((total_flags & WPA_STA_SHORT_PREAMBLE) &&
5787 	     nla_put_flag(msg, NL80211_STA_FLAG_SHORT_PREAMBLE)) ||
5788 	    ((total_flags & WPA_STA_MFP) &&
5789 	     nla_put_flag(msg, NL80211_STA_FLAG_MFP)) ||
5790 	    ((total_flags & WPA_STA_TDLS_PEER) &&
5791 	     nla_put_flag(msg, NL80211_STA_FLAG_TDLS_PEER)))
5792 		goto fail;
5793 
5794 	nla_nest_end(msg, flags);
5795 
5796 	os_memset(&upd, 0, sizeof(upd));
5797 	upd.mask = sta_flags_nl80211(flags_or | ~flags_and);
5798 	upd.set = sta_flags_nl80211(flags_or);
5799 	if (nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd))
5800 		goto fail;
5801 
5802 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
5803 fail:
5804 	nlmsg_free(msg);
5805 	return -ENOBUFS;
5806 }
5807 
5808 
5809 static int driver_nl80211_sta_set_airtime_weight(void *priv, const u8 *addr,
5810 						 unsigned int weight)
5811 {
5812 	struct i802_bss *bss = priv;
5813 	struct nl_msg *msg;
5814 	int ret;
5815 
5816 	wpa_printf(MSG_DEBUG,
5817 		   "nl80211: Set STA airtime weight - ifname=%s addr=" MACSTR
5818 		   " weight=%u", bss->ifname, MAC2STR(addr), weight);
5819 
5820 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
5821 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
5822 	    nla_put_u16(msg, NL80211_ATTR_AIRTIME_WEIGHT, weight))
5823 		goto fail;
5824 
5825 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
5826 	if (ret) {
5827 		wpa_printf(MSG_DEBUG,
5828 			   "nl80211: SET_STATION[AIRTIME_WEIGHT] failed: ret=%d (%s)",
5829 			   ret, strerror(-ret));
5830 	}
5831 	return ret;
5832 fail:
5833 	nlmsg_free(msg);
5834 	return -ENOBUFS;
5835 }
5836 
5837 
5838 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
5839 				 struct wpa_driver_associate_params *params)
5840 {
5841 	enum nl80211_iftype nlmode, old_mode;
5842 
5843 	if (params->p2p) {
5844 		wpa_printf(MSG_DEBUG, "nl80211: Setup AP operations for P2P "
5845 			   "group (GO)");
5846 		nlmode = NL80211_IFTYPE_P2P_GO;
5847 	} else
5848 		nlmode = NL80211_IFTYPE_AP;
5849 
5850 	old_mode = drv->nlmode;
5851 	if (wpa_driver_nl80211_set_mode(drv->first_bss, nlmode)) {
5852 		nl80211_remove_monitor_interface(drv);
5853 		return -1;
5854 	}
5855 
5856 	if (params->freq.freq &&
5857 	    nl80211_set_channel(drv->first_bss, &params->freq, 0)) {
5858 		if (old_mode != nlmode)
5859 			wpa_driver_nl80211_set_mode(drv->first_bss, old_mode);
5860 		nl80211_remove_monitor_interface(drv);
5861 		return -1;
5862 	}
5863 
5864 	return 0;
5865 }
5866 
5867 
5868 static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
5869 			      int reset_mode)
5870 {
5871 	struct nl_msg *msg;
5872 	int ret;
5873 
5874 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS);
5875 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
5876 	if (ret) {
5877 		wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d "
5878 			   "(%s)", ret, strerror(-ret));
5879 	} else {
5880 		wpa_printf(MSG_DEBUG,
5881 			   "nl80211: Leave IBSS request sent successfully");
5882 	}
5883 
5884 	if (reset_mode &&
5885 	    wpa_driver_nl80211_set_mode(drv->first_bss,
5886 					NL80211_IFTYPE_STATION)) {
5887 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
5888 			   "station mode");
5889 	}
5890 
5891 	return ret;
5892 }
5893 
5894 
5895 static int nl80211_ht_vht_overrides(struct nl_msg *msg,
5896 				    struct wpa_driver_associate_params *params)
5897 {
5898 	if (params->disable_ht && nla_put_flag(msg, NL80211_ATTR_DISABLE_HT))
5899 		return -1;
5900 
5901 	if (params->htcaps && params->htcaps_mask) {
5902 		int sz = sizeof(struct ieee80211_ht_capabilities);
5903 		wpa_hexdump(MSG_DEBUG, "  * htcaps", params->htcaps, sz);
5904 		wpa_hexdump(MSG_DEBUG, "  * htcaps_mask",
5905 			    params->htcaps_mask, sz);
5906 		if (nla_put(msg, NL80211_ATTR_HT_CAPABILITY, sz,
5907 			    params->htcaps) ||
5908 		    nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK, sz,
5909 			    params->htcaps_mask))
5910 			return -1;
5911 	}
5912 
5913 #ifdef CONFIG_VHT_OVERRIDES
5914 	if (params->disable_vht) {
5915 		wpa_printf(MSG_DEBUG, "  * VHT disabled");
5916 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_VHT))
5917 			return -1;
5918 	}
5919 
5920 	if (params->vhtcaps && params->vhtcaps_mask) {
5921 		int sz = sizeof(struct ieee80211_vht_capabilities);
5922 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps", params->vhtcaps, sz);
5923 		wpa_hexdump(MSG_DEBUG, "  * vhtcaps_mask",
5924 			    params->vhtcaps_mask, sz);
5925 		if (nla_put(msg, NL80211_ATTR_VHT_CAPABILITY, sz,
5926 			    params->vhtcaps) ||
5927 		    nla_put(msg, NL80211_ATTR_VHT_CAPABILITY_MASK, sz,
5928 			    params->vhtcaps_mask))
5929 			return -1;
5930 	}
5931 #endif /* CONFIG_VHT_OVERRIDES */
5932 
5933 #ifdef CONFIG_HE_OVERRIDES
5934 	if (params->disable_he) {
5935 		wpa_printf(MSG_DEBUG, "  * HE disabled");
5936 		if (nla_put_flag(msg, NL80211_ATTR_DISABLE_HE))
5937 			return -1;
5938 	}
5939 #endif /* CONFIG_HE_OVERRIDES */
5940 
5941 	return 0;
5942 }
5943 
5944 
5945 static int wpa_driver_nl80211_ibss(struct wpa_driver_nl80211_data *drv,
5946 				   struct wpa_driver_associate_params *params)
5947 {
5948 	struct nl_msg *msg;
5949 	int ret = -1;
5950 	int count = 0;
5951 
5952 	wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
5953 
5954 	if (wpa_driver_nl80211_set_mode_ibss(drv->first_bss, &params->freq)) {
5955 		wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
5956 			   "IBSS mode");
5957 		return -1;
5958 	}
5959 
5960 retry:
5961 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_IBSS)) ||
5962 	    params->ssid == NULL || params->ssid_len > sizeof(drv->ssid))
5963 		goto fail;
5964 
5965 	wpa_printf(MSG_DEBUG, "  * SSID=%s",
5966 		   wpa_ssid_txt(params->ssid, params->ssid_len));
5967 	if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid))
5968 		goto fail;
5969 	os_memcpy(drv->ssid, params->ssid, params->ssid_len);
5970 	drv->ssid_len = params->ssid_len;
5971 
5972 	if (nl80211_put_freq_params(msg, &params->freq) < 0 ||
5973 	    nl80211_put_beacon_int(msg, params->beacon_int))
5974 		goto fail;
5975 
5976 	ret = nl80211_set_conn_keys(params, msg);
5977 	if (ret)
5978 		goto fail;
5979 
5980 	if (params->bssid && params->fixed_bssid) {
5981 		wpa_printf(MSG_DEBUG, "  * BSSID=" MACSTR,
5982 			   MAC2STR(params->bssid));
5983 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
5984 			goto fail;
5985 	}
5986 
5987 	if (params->fixed_freq) {
5988 		wpa_printf(MSG_DEBUG, "  * fixed_freq");
5989 		if (nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED))
5990 			goto fail;
5991 	}
5992 
5993 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
5994 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
5995 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
5996 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256) {
5997 		wpa_printf(MSG_DEBUG, "  * control port");
5998 		if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
5999 			goto fail;
6000 	}
6001 
6002 	if (params->wpa_ie) {
6003 		wpa_hexdump(MSG_DEBUG,
6004 			    "  * Extra IEs for Beacon/Probe Response frames",
6005 			    params->wpa_ie, params->wpa_ie_len);
6006 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
6007 			    params->wpa_ie))
6008 			goto fail;
6009 	}
6010 
6011 	ret = nl80211_ht_vht_overrides(msg, params);
6012 	if (ret < 0)
6013 		goto fail;
6014 
6015 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
6016 	msg = NULL;
6017 	if (ret) {
6018 		wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)",
6019 			   ret, strerror(-ret));
6020 		count++;
6021 		if (ret == -EALREADY && count == 1) {
6022 			wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
6023 				   "forced leave");
6024 			nl80211_leave_ibss(drv, 0);
6025 			nlmsg_free(msg);
6026 			goto retry;
6027 		}
6028 	} else {
6029 		wpa_printf(MSG_DEBUG,
6030 			   "nl80211: Join IBSS request sent successfully");
6031 	}
6032 
6033 fail:
6034 	nlmsg_free(msg);
6035 	return ret;
6036 }
6037 
6038 
6039 static int nl80211_put_fils_connect_params(struct wpa_driver_nl80211_data *drv,
6040 					   struct wpa_driver_associate_params *params,
6041 					   struct nl_msg *msg)
6042 {
6043 	if (params->fils_erp_username_len) {
6044 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP EMSKname/username",
6045 				  params->fils_erp_username,
6046 				  params->fils_erp_username_len);
6047 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_USERNAME,
6048 			    params->fils_erp_username_len,
6049 			    params->fils_erp_username))
6050 			return -1;
6051 	}
6052 
6053 	if (params->fils_erp_realm_len) {
6054 		wpa_hexdump_ascii(MSG_DEBUG, "  * FILS ERP Realm",
6055 				  params->fils_erp_realm,
6056 				  params->fils_erp_realm_len);
6057 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_REALM,
6058 			    params->fils_erp_realm_len, params->fils_erp_realm))
6059 			return -1;
6060 	}
6061 
6062 	if (params->fils_erp_rrk_len) {
6063 		wpa_printf(MSG_DEBUG, "  * FILS ERP next seq %u",
6064 			   params->fils_erp_next_seq_num);
6065 		if (nla_put_u16(msg, NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM,
6066 				params->fils_erp_next_seq_num))
6067 			return -1;
6068 
6069 		wpa_printf(MSG_DEBUG, "  * FILS ERP rRK (len=%lu)",
6070 			   (unsigned long) params->fils_erp_rrk_len);
6071 		if (nla_put(msg, NL80211_ATTR_FILS_ERP_RRK,
6072 			    params->fils_erp_rrk_len, params->fils_erp_rrk))
6073 			return -1;
6074 	}
6075 
6076 	return 0;
6077 }
6078 
6079 
6080 static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
6081 				  struct wpa_driver_associate_params *params,
6082 				  struct nl_msg *msg)
6083 {
6084 	if (nla_put_flag(msg, NL80211_ATTR_IFACE_SOCKET_OWNER))
6085 		return -1;
6086 
6087 	if (params->bssid) {
6088 		wpa_printf(MSG_DEBUG, "  * bssid=" MACSTR,
6089 			   MAC2STR(params->bssid));
6090 		if (nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid))
6091 			return -1;
6092 	}
6093 
6094 	if (params->bssid_hint) {
6095 		wpa_printf(MSG_DEBUG, "  * bssid_hint=" MACSTR,
6096 			   MAC2STR(params->bssid_hint));
6097 		if (nla_put(msg, NL80211_ATTR_MAC_HINT, ETH_ALEN,
6098 			    params->bssid_hint))
6099 			return -1;
6100 	}
6101 
6102 	if (params->freq.freq) {
6103 		wpa_printf(MSG_DEBUG, "  * freq=%d", params->freq.freq);
6104 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
6105 				params->freq.freq))
6106 			return -1;
6107 		drv->assoc_freq = params->freq.freq;
6108 	} else
6109 		drv->assoc_freq = 0;
6110 
6111 	if (params->freq_hint) {
6112 		wpa_printf(MSG_DEBUG, "  * freq_hint=%d", params->freq_hint);
6113 		if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ_HINT,
6114 				params->freq_hint))
6115 			return -1;
6116 	}
6117 
6118 	if (params->freq.edmg.channels && params->freq.edmg.bw_config) {
6119 		wpa_printf(MSG_DEBUG,
6120 			   "  * EDMG configuration: channels=0x%x bw_config=%d",
6121 			   params->freq.edmg.channels,
6122 			   params->freq.edmg.bw_config);
6123 		if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
6124 			       params->freq.edmg.channels) ||
6125 		    nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
6126 			       params->freq.edmg.bw_config))
6127 			return -1;
6128 	}
6129 
6130 	if (params->bg_scan_period >= 0) {
6131 		wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
6132 			   params->bg_scan_period);
6133 		if (nla_put_u16(msg, NL80211_ATTR_BG_SCAN_PERIOD,
6134 				params->bg_scan_period))
6135 			return -1;
6136 	}
6137 
6138 	if (params->ssid) {
6139 		wpa_printf(MSG_DEBUG, "  * SSID=%s",
6140 			   wpa_ssid_txt(params->ssid, params->ssid_len));
6141 		if (nla_put(msg, NL80211_ATTR_SSID, params->ssid_len,
6142 			    params->ssid))
6143 			return -1;
6144 		if (params->ssid_len > sizeof(drv->ssid))
6145 			return -1;
6146 		os_memcpy(drv->ssid, params->ssid, params->ssid_len);
6147 		drv->ssid_len = params->ssid_len;
6148 	}
6149 
6150 	wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie, params->wpa_ie_len);
6151 	if (params->wpa_ie &&
6152 	    nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len, params->wpa_ie))
6153 		return -1;
6154 
6155 	if (params->wpa_proto) {
6156 		enum nl80211_wpa_versions ver = 0;
6157 
6158 		if (params->wpa_proto & WPA_PROTO_WPA)
6159 			ver |= NL80211_WPA_VERSION_1;
6160 		if (params->wpa_proto & WPA_PROTO_RSN)
6161 			ver |= NL80211_WPA_VERSION_2;
6162 
6163 		wpa_printf(MSG_DEBUG, "  * WPA Versions 0x%x", ver);
6164 		if (nla_put_u32(msg, NL80211_ATTR_WPA_VERSIONS, ver))
6165 			return -1;
6166 	}
6167 
6168 	if (params->pairwise_suite != WPA_CIPHER_NONE) {
6169 		u32 cipher = wpa_cipher_to_cipher_suite(params->pairwise_suite);
6170 		wpa_printf(MSG_DEBUG, "  * pairwise=0x%x", cipher);
6171 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
6172 				cipher))
6173 			return -1;
6174 	}
6175 
6176 	if (params->group_suite == WPA_CIPHER_GTK_NOT_USED &&
6177 	    !(drv->capa.enc & WPA_DRIVER_CAPA_ENC_GTK_NOT_USED)) {
6178 		/*
6179 		 * This is likely to work even though many drivers do not
6180 		 * advertise support for operations without GTK.
6181 		 */
6182 		wpa_printf(MSG_DEBUG, "  * skip group cipher configuration for GTK_NOT_USED due to missing driver support advertisement");
6183 	} else if (params->group_suite != WPA_CIPHER_NONE) {
6184 		u32 cipher = wpa_cipher_to_cipher_suite(params->group_suite);
6185 		wpa_printf(MSG_DEBUG, "  * group=0x%x", cipher);
6186 		if (nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, cipher))
6187 			return -1;
6188 	}
6189 
6190 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
6191 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6192 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X ||
6193 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK ||
6194 	    params->key_mgmt_suite == WPA_KEY_MGMT_CCKM ||
6195 	    params->key_mgmt_suite == WPA_KEY_MGMT_OSEN ||
6196 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
6197 	    params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6198 	    params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6199 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE ||
6200 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
6201 	    params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192 ||
6202 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_IEEE8021X_SHA384 ||
6203 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA256 ||
6204 	    params->key_mgmt_suite == WPA_KEY_MGMT_FILS_SHA384 ||
6205 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA256 ||
6206 	    params->key_mgmt_suite == WPA_KEY_MGMT_FT_FILS_SHA384 ||
6207 	    params->key_mgmt_suite == WPA_KEY_MGMT_OWE ||
6208 	    params->key_mgmt_suite == WPA_KEY_MGMT_DPP) {
6209 		int mgmt = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6210 
6211 		switch (params->key_mgmt_suite) {
6212 		case WPA_KEY_MGMT_CCKM:
6213 			mgmt = RSN_AUTH_KEY_MGMT_CCKM;
6214 			break;
6215 		case WPA_KEY_MGMT_IEEE8021X:
6216 			mgmt = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
6217 			break;
6218 		case WPA_KEY_MGMT_FT_IEEE8021X:
6219 			mgmt = RSN_AUTH_KEY_MGMT_FT_802_1X;
6220 			break;
6221 		case WPA_KEY_MGMT_FT_PSK:
6222 			mgmt = RSN_AUTH_KEY_MGMT_FT_PSK;
6223 			break;
6224 		case WPA_KEY_MGMT_IEEE8021X_SHA256:
6225 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
6226 			break;
6227 		case WPA_KEY_MGMT_PSK_SHA256:
6228 			mgmt = RSN_AUTH_KEY_MGMT_PSK_SHA256;
6229 			break;
6230 		case WPA_KEY_MGMT_OSEN:
6231 			mgmt = RSN_AUTH_KEY_MGMT_OSEN;
6232 			break;
6233 		case WPA_KEY_MGMT_SAE:
6234 			mgmt = RSN_AUTH_KEY_MGMT_SAE;
6235 			break;
6236 		case WPA_KEY_MGMT_FT_SAE:
6237 			mgmt = RSN_AUTH_KEY_MGMT_FT_SAE;
6238 			break;
6239 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B:
6240 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
6241 			break;
6242 		case WPA_KEY_MGMT_IEEE8021X_SUITE_B_192:
6243 			mgmt = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
6244 			break;
6245 		case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
6246 			mgmt = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
6247 			break;
6248 		case WPA_KEY_MGMT_FILS_SHA256:
6249 			mgmt = RSN_AUTH_KEY_MGMT_FILS_SHA256;
6250 			break;
6251 		case WPA_KEY_MGMT_FILS_SHA384:
6252 			mgmt = RSN_AUTH_KEY_MGMT_FILS_SHA384;
6253 			break;
6254 		case WPA_KEY_MGMT_FT_FILS_SHA256:
6255 			mgmt = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
6256 			break;
6257 		case WPA_KEY_MGMT_FT_FILS_SHA384:
6258 			mgmt = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
6259 			break;
6260 		case WPA_KEY_MGMT_OWE:
6261 			mgmt = RSN_AUTH_KEY_MGMT_OWE;
6262 			break;
6263 		case WPA_KEY_MGMT_DPP:
6264 			mgmt = RSN_AUTH_KEY_MGMT_DPP;
6265 			break;
6266 		case WPA_KEY_MGMT_PSK:
6267 		default:
6268 			mgmt = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
6269 			break;
6270 		}
6271 		wpa_printf(MSG_DEBUG, "  * akm=0x%x", mgmt);
6272 		if (nla_put_u32(msg, NL80211_ATTR_AKM_SUITES, mgmt))
6273 			return -1;
6274 	}
6275 
6276 	if (params->req_handshake_offload &&
6277 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) {
6278 		    wpa_printf(MSG_DEBUG, "  * WANT_1X_4WAY_HS");
6279 		    if (nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
6280 			    return -1;
6281 	    }
6282 
6283 	/* Add PSK in case of 4-way handshake offload */
6284 	if (params->psk &&
6285 	    (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK)) {
6286 		wpa_hexdump_key(MSG_DEBUG, "  * PSK", params->psk, 32);
6287 		if (nla_put(msg, NL80211_ATTR_PMK, 32, params->psk))
6288 			return -1;
6289 	}
6290 
6291 	if (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT))
6292 		return -1;
6293 
6294 	if (params->key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
6295 	    (params->pairwise_suite == WPA_CIPHER_NONE ||
6296 	     params->pairwise_suite == WPA_CIPHER_WEP104 ||
6297 	     params->pairwise_suite == WPA_CIPHER_WEP40) &&
6298 	    (nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) ||
6299 	     nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
6300 		return -1;
6301 
6302 	if (params->rrm_used) {
6303 		u32 drv_rrm_flags = drv->capa.rrm_flags;
6304 		if ((!((drv_rrm_flags &
6305 			WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
6306 		       (drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
6307 		     !(drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) ||
6308 		    nla_put_flag(msg, NL80211_ATTR_USE_RRM))
6309 			return -1;
6310 	}
6311 
6312 	if (nl80211_ht_vht_overrides(msg, params) < 0)
6313 		return -1;
6314 
6315 	if (params->p2p)
6316 		wpa_printf(MSG_DEBUG, "  * P2P group");
6317 
6318 	if (params->pbss) {
6319 		wpa_printf(MSG_DEBUG, "  * PBSS");
6320 		if (nla_put_flag(msg, NL80211_ATTR_PBSS))
6321 			return -1;
6322 	}
6323 
6324 	drv->connect_reassoc = 0;
6325 	if (params->prev_bssid) {
6326 		wpa_printf(MSG_DEBUG, "  * prev_bssid=" MACSTR,
6327 			   MAC2STR(params->prev_bssid));
6328 		if (nla_put(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
6329 			    params->prev_bssid))
6330 			return -1;
6331 		drv->connect_reassoc = 1;
6332 	}
6333 
6334 	if ((params->auth_alg & WPA_AUTH_ALG_FILS) &&
6335 	    nl80211_put_fils_connect_params(drv, params, msg) != 0)
6336 		return -1;
6337 
6338 	if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6339 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
6340 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
6341 	    nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
6342 		return -1;
6343 
6344 	return 0;
6345 }
6346 
6347 
6348 static int wpa_driver_nl80211_try_connect(
6349 	struct wpa_driver_nl80211_data *drv,
6350 	struct wpa_driver_associate_params *params,
6351 	struct i802_bss *bss)
6352 {
6353 	struct nl_msg *msg;
6354 	enum nl80211_auth_type type;
6355 	int ret;
6356 	int algs;
6357 
6358 #ifdef CONFIG_DRIVER_NL80211_QCA
6359 	if (params->req_key_mgmt_offload && params->psk &&
6360 	    (params->key_mgmt_suite == WPA_KEY_MGMT_PSK ||
6361 	     params->key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
6362 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
6363 		wpa_printf(MSG_DEBUG, "nl80211: Key management set PSK");
6364 		ret = issue_key_mgmt_set_key(drv, params->psk, 32);
6365 		if (ret)
6366 			return ret;
6367 	}
6368 #endif /* CONFIG_DRIVER_NL80211_QCA */
6369 
6370 	wpa_printf(MSG_DEBUG, "nl80211: Connect (ifindex=%d)", drv->ifindex);
6371 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_CONNECT);
6372 	if (!msg)
6373 		return -1;
6374 
6375 	ret = nl80211_connect_common(drv, params, msg);
6376 	if (ret)
6377 		goto fail;
6378 
6379 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
6380 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
6381 		goto fail;
6382 
6383 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_OPTIONAL &&
6384 	    (drv->capa.flags & WPA_DRIVER_FLAGS_MFP_OPTIONAL) &&
6385 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_OPTIONAL))
6386 		goto fail;
6387 
6388 #ifdef CONFIG_SAE
6389 	if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6390 	     params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
6391 	    nl80211_put_sae_pwe(msg, params->sae_pwe) < 0)
6392 		goto fail;
6393 #endif /* CONFIG_SAE */
6394 
6395 	algs = 0;
6396 	if (params->auth_alg & WPA_AUTH_ALG_OPEN)
6397 		algs++;
6398 	if (params->auth_alg & WPA_AUTH_ALG_SHARED)
6399 		algs++;
6400 	if (params->auth_alg & WPA_AUTH_ALG_LEAP)
6401 		algs++;
6402 	if (params->auth_alg & WPA_AUTH_ALG_FILS)
6403 		algs++;
6404 	if (params->auth_alg & WPA_AUTH_ALG_FT)
6405 		algs++;
6406 	if (algs > 1) {
6407 		wpa_printf(MSG_DEBUG, "  * Leave out Auth Type for automatic "
6408 			   "selection");
6409 		goto skip_auth_type;
6410 	}
6411 
6412 	type = get_nl_auth_type(params->auth_alg);
6413 	wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
6414 	if (type == NL80211_AUTHTYPE_MAX ||
6415 	    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
6416 		goto fail;
6417 
6418 skip_auth_type:
6419 	ret = nl80211_set_conn_keys(params, msg);
6420 	if (ret)
6421 		goto fail;
6422 
6423 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
6424 	msg = NULL;
6425 	if (ret) {
6426 		wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d "
6427 			   "(%s)", ret, strerror(-ret));
6428 	} else {
6429 #ifdef CONFIG_DRIVER_NL80211_QCA
6430 		drv->roam_indication_done = false;
6431 #endif /* CONFIG_DRIVER_NL80211_QCA */
6432 		wpa_printf(MSG_DEBUG,
6433 			   "nl80211: Connect request send successfully");
6434 	}
6435 
6436 fail:
6437 	nl80211_nlmsg_clear(msg);
6438 	nlmsg_free(msg);
6439 	return ret;
6440 
6441 }
6442 
6443 
6444 static int wpa_driver_nl80211_connect(
6445 	struct wpa_driver_nl80211_data *drv,
6446 	struct wpa_driver_associate_params *params,
6447 	struct i802_bss *bss)
6448 {
6449 	int ret;
6450 
6451 	/* Store the connection attempted bssid for future use */
6452 	if (params->bssid)
6453 		os_memcpy(drv->auth_attempt_bssid, params->bssid, ETH_ALEN);
6454 	else
6455 		os_memset(drv->auth_attempt_bssid, 0, ETH_ALEN);
6456 
6457 	ret = wpa_driver_nl80211_try_connect(drv, params, bss);
6458 	if (ret == -EALREADY) {
6459 		/*
6460 		 * cfg80211 does not currently accept new connections if
6461 		 * we are already connected. As a workaround, force
6462 		 * disconnection and try again.
6463 		 */
6464 		wpa_printf(MSG_DEBUG, "nl80211: Explicitly "
6465 			   "disconnecting before reassociation "
6466 			   "attempt");
6467 		if (wpa_driver_nl80211_disconnect(
6468 			    drv, WLAN_REASON_PREV_AUTH_NOT_VALID, bss))
6469 			return -1;
6470 		ret = wpa_driver_nl80211_try_connect(drv, params, bss);
6471 	}
6472 	return ret;
6473 }
6474 
6475 
6476 static int wpa_driver_nl80211_associate(
6477 	void *priv, struct wpa_driver_associate_params *params)
6478 {
6479 	struct i802_bss *bss = priv;
6480 	struct wpa_driver_nl80211_data *drv = bss->drv;
6481 	int ret = -1;
6482 	struct nl_msg *msg;
6483 
6484 	nl80211_unmask_11b_rates(bss);
6485 
6486 	if (params->mode == IEEE80211_MODE_AP)
6487 		return wpa_driver_nl80211_ap(drv, params);
6488 
6489 	if (params->mode == IEEE80211_MODE_IBSS)
6490 		return wpa_driver_nl80211_ibss(drv, params);
6491 
6492 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
6493 		enum nl80211_iftype nlmode = params->p2p ?
6494 			NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
6495 
6496 		if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
6497 			return -1;
6498 		if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
6499 		    params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE)
6500 			bss->use_nl_connect = 1;
6501 		else
6502 			bss->use_nl_connect = 0;
6503 
6504 		return wpa_driver_nl80211_connect(drv, params, bss);
6505 	}
6506 
6507 	nl80211_mark_disconnected(drv);
6508 
6509 	wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
6510 		   drv->ifindex);
6511 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_ASSOCIATE);
6512 	if (!msg)
6513 		return -1;
6514 
6515 	ret = nl80211_connect_common(drv, params, msg);
6516 	if (ret)
6517 		goto fail;
6518 
6519 	if (params->mgmt_frame_protection == MGMT_FRAME_PROTECTION_REQUIRED &&
6520 	    nla_put_u32(msg, NL80211_ATTR_USE_MFP, NL80211_MFP_REQUIRED))
6521 		goto fail;
6522 
6523 	if (params->fils_kek) {
6524 		wpa_printf(MSG_DEBUG, "  * FILS KEK (len=%u)",
6525 			   (unsigned int) params->fils_kek_len);
6526 		if (nla_put(msg, NL80211_ATTR_FILS_KEK, params->fils_kek_len,
6527 			    params->fils_kek))
6528 			goto fail;
6529 	}
6530 	if (params->fils_nonces) {
6531 		wpa_hexdump(MSG_DEBUG, "  * FILS nonces (for AAD)",
6532 			    params->fils_nonces,
6533 			    params->fils_nonces_len);
6534 		if (nla_put(msg, NL80211_ATTR_FILS_NONCES,
6535 			    params->fils_nonces_len, params->fils_nonces))
6536 			goto fail;
6537 	}
6538 
6539 	ret = send_and_recv_msgs_connect_handle(drv, msg, drv->first_bss, 1);
6540 	msg = NULL;
6541 	if (ret) {
6542 		wpa_dbg(drv->ctx, MSG_DEBUG,
6543 			"nl80211: MLME command failed (assoc): ret=%d (%s)",
6544 			ret, strerror(-ret));
6545 		nl80211_dump_scan(drv);
6546 	} else {
6547 		wpa_printf(MSG_DEBUG,
6548 			   "nl80211: Association request send successfully");
6549 	}
6550 
6551 fail:
6552 	nlmsg_free(msg);
6553 	return ret;
6554 }
6555 
6556 
6557 static int nl80211_set_mode(struct wpa_driver_nl80211_data *drv,
6558 			    int ifindex, enum nl80211_iftype mode)
6559 {
6560 	struct nl_msg *msg;
6561 	int ret = -ENOBUFS;
6562 
6563 	wpa_printf(MSG_DEBUG, "nl80211: Set mode ifindex %d iftype %d (%s)",
6564 		   ifindex, mode, nl80211_iftype_str(mode));
6565 
6566 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
6567 	if (!msg || nla_put_u32(msg, NL80211_ATTR_IFTYPE, mode))
6568 		goto fail;
6569 
6570 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6571 	msg = NULL;
6572 	if (!ret)
6573 		return 0;
6574 fail:
6575 	nlmsg_free(msg);
6576 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface %d to mode %d:"
6577 		   " %d (%s)", ifindex, mode, ret, strerror(-ret));
6578 	return ret;
6579 }
6580 
6581 
6582 static int wpa_driver_nl80211_set_mode_impl(
6583 		struct i802_bss *bss,
6584 		enum nl80211_iftype nlmode,
6585 		struct hostapd_freq_params *desired_freq_params)
6586 {
6587 	struct wpa_driver_nl80211_data *drv = bss->drv;
6588 	int ret = -1;
6589 	int i;
6590 	int was_ap = is_ap_interface(drv->nlmode);
6591 	int res;
6592 	int mode_switch_res;
6593 
6594 	if (TEST_FAIL())
6595 		return -1;
6596 
6597 	mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
6598 	if (mode_switch_res && nlmode == nl80211_get_ifmode(bss))
6599 		mode_switch_res = 0;
6600 
6601 	if (mode_switch_res == 0) {
6602 		drv->nlmode = nlmode;
6603 		ret = 0;
6604 		goto done;
6605 	}
6606 
6607 	if (mode_switch_res == -ENODEV)
6608 		return -1;
6609 
6610 	if (nlmode == drv->nlmode) {
6611 		wpa_printf(MSG_DEBUG, "nl80211: Interface already in "
6612 			   "requested mode - ignore error");
6613 		ret = 0;
6614 		goto done; /* Already in the requested mode */
6615 	}
6616 
6617 	/* mac80211 doesn't allow mode changes while the device is up, so
6618 	 * take the device down, try to set the mode again, and bring the
6619 	 * device back up.
6620 	 */
6621 	wpa_printf(MSG_DEBUG, "nl80211: Try mode change after setting "
6622 		   "interface down");
6623 	for (i = 0; i < 10; i++) {
6624 		res = i802_set_iface_flags(bss, 0);
6625 		if (res == -EACCES || res == -ENODEV)
6626 			break;
6627 		if (res != 0) {
6628 			wpa_printf(MSG_DEBUG, "nl80211: Failed to set "
6629 				   "interface down");
6630 			os_sleep(0, 100000);
6631 			continue;
6632 		}
6633 
6634 		/*
6635 		 * Setting the mode will fail for some drivers if the phy is
6636 		 * on a frequency that the mode is disallowed in.
6637 		 */
6638 		if (desired_freq_params) {
6639 			res = nl80211_set_channel(bss, desired_freq_params, 0);
6640 			if (res) {
6641 				wpa_printf(MSG_DEBUG,
6642 					   "nl80211: Failed to set frequency on interface");
6643 			}
6644 		}
6645 
6646 		if (i == 0 && was_ap && !is_ap_interface(nlmode) &&
6647 		    bss->brname[0] &&
6648 		    (bss->added_if_into_bridge || bss->already_in_bridge)) {
6649 			wpa_printf(MSG_DEBUG,
6650 				   "nl80211: Remove AP interface %s temporarily from the bridge %s to allow its mode to be set to STATION",
6651 				   bss->ifname, bss->brname);
6652 			if (linux_br_del_if(drv->global->ioctl_sock,
6653 					    bss->brname, bss->ifname) < 0)
6654 				wpa_printf(MSG_INFO,
6655 					   "nl80211: Failed to remove interface %s from bridge %s: %s",
6656 					   bss->ifname, bss->brname,
6657 					   strerror(errno));
6658 		}
6659 
6660 		/* Try to set the mode again while the interface is down */
6661 		mode_switch_res = nl80211_set_mode(drv, drv->ifindex, nlmode);
6662 		if (mode_switch_res == -EBUSY) {
6663 			wpa_printf(MSG_DEBUG,
6664 				   "nl80211: Delaying mode set while interface going down");
6665 			os_sleep(0, 100000);
6666 			continue;
6667 		}
6668 		ret = mode_switch_res;
6669 		break;
6670 	}
6671 
6672 	if (!ret) {
6673 		wpa_printf(MSG_DEBUG, "nl80211: Mode change succeeded while "
6674 			   "interface is down");
6675 		drv->nlmode = nlmode;
6676 		drv->ignore_if_down_event = 1;
6677 	}
6678 
6679 	/* Bring the interface back up */
6680 	res = linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1);
6681 	if (res != 0) {
6682 		wpa_printf(MSG_DEBUG,
6683 			   "nl80211: Failed to set interface up after switching mode");
6684 		ret = -1;
6685 	}
6686 
6687 done:
6688 	if (ret) {
6689 		wpa_printf(MSG_DEBUG, "nl80211: Interface mode change to %d "
6690 			   "from %d failed", nlmode, drv->nlmode);
6691 		return ret;
6692 	}
6693 
6694 	if (is_p2p_net_interface(nlmode)) {
6695 		wpa_printf(MSG_DEBUG,
6696 			   "nl80211: Interface %s mode change to P2P - disable 11b rates",
6697 			   bss->ifname);
6698 		nl80211_disable_11b_rates(drv, drv->ifindex, 1);
6699 	} else if (drv->disabled_11b_rates) {
6700 		wpa_printf(MSG_DEBUG,
6701 			   "nl80211: Interface %s mode changed to non-P2P - re-enable 11b rates",
6702 			   bss->ifname);
6703 		nl80211_disable_11b_rates(drv, drv->ifindex, 0);
6704 	}
6705 
6706 	if (is_ap_interface(nlmode)) {
6707 		nl80211_mgmt_unsubscribe(bss, "start AP");
6708 		/* Setup additional AP mode functionality if needed */
6709 		if (nl80211_setup_ap(bss))
6710 			return -1;
6711 	} else if (was_ap) {
6712 		/* Remove additional AP mode functionality */
6713 		nl80211_teardown_ap(bss);
6714 	} else {
6715 		nl80211_mgmt_unsubscribe(bss, "mode change");
6716 	}
6717 
6718 	if (is_mesh_interface(nlmode) &&
6719 	    nl80211_mgmt_subscribe_mesh(bss))
6720 		return -1;
6721 
6722 	if (!bss->in_deinit && !is_ap_interface(nlmode) &&
6723 	    !is_mesh_interface(nlmode) &&
6724 	    nl80211_mgmt_subscribe_non_ap(bss) < 0)
6725 		wpa_printf(MSG_DEBUG, "nl80211: Failed to register Action "
6726 			   "frame processing - ignore for now");
6727 
6728 	return 0;
6729 }
6730 
6731 
6732 void nl80211_restore_ap_mode(struct i802_bss *bss)
6733 {
6734 	struct wpa_driver_nl80211_data *drv = bss->drv;
6735 	int was_ap = is_ap_interface(drv->nlmode);
6736 
6737 	wpa_driver_nl80211_set_mode(bss, drv->ap_scan_as_station);
6738 	if (!was_ap && is_ap_interface(drv->ap_scan_as_station) &&
6739 	    bss->brname[0] &&
6740 	    (bss->added_if_into_bridge || bss->already_in_bridge)) {
6741 		wpa_printf(MSG_DEBUG,
6742 			   "nl80211: Add AP interface %s back into the bridge %s",
6743 			   bss->ifname, bss->brname);
6744 		if (linux_br_add_if(drv->global->ioctl_sock, bss->brname,
6745 				    bss->ifname) < 0) {
6746 			wpa_printf(MSG_WARNING,
6747 				   "nl80211: Failed to add interface %s into bridge %s: %s",
6748 				   bss->ifname, bss->brname, strerror(errno));
6749 		}
6750 	}
6751 	drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
6752 }
6753 
6754 
6755 int wpa_driver_nl80211_set_mode(struct i802_bss *bss,
6756 				enum nl80211_iftype nlmode)
6757 {
6758 	return wpa_driver_nl80211_set_mode_impl(bss, nlmode, NULL);
6759 }
6760 
6761 
6762 static int wpa_driver_nl80211_set_mode_ibss(struct i802_bss *bss,
6763 					    struct hostapd_freq_params *freq)
6764 {
6765 	return wpa_driver_nl80211_set_mode_impl(bss, NL80211_IFTYPE_ADHOC,
6766 						freq);
6767 }
6768 
6769 
6770 static int wpa_driver_nl80211_get_capa(void *priv,
6771 				       struct wpa_driver_capa *capa)
6772 {
6773 	struct i802_bss *bss = priv;
6774 	struct wpa_driver_nl80211_data *drv = bss->drv;
6775 
6776 	if (!drv->has_capability)
6777 		return -1;
6778 	os_memcpy(capa, &drv->capa, sizeof(*capa));
6779 	if (drv->extended_capa && drv->extended_capa_mask) {
6780 		capa->extended_capa = drv->extended_capa;
6781 		capa->extended_capa_mask = drv->extended_capa_mask;
6782 		capa->extended_capa_len = drv->extended_capa_len;
6783 	}
6784 
6785 	return 0;
6786 }
6787 
6788 
6789 static int wpa_driver_nl80211_set_operstate(void *priv, int state)
6790 {
6791 	struct i802_bss *bss = priv;
6792 	struct wpa_driver_nl80211_data *drv = bss->drv;
6793 
6794 	wpa_printf(MSG_DEBUG, "nl80211: Set %s operstate %d->%d (%s)",
6795 		   bss->ifname, drv->operstate, state,
6796 		   state ? "UP" : "DORMANT");
6797 	drv->operstate = state;
6798 	return netlink_send_oper_ifla(drv->global->netlink, drv->ifindex, -1,
6799 				      state ? IF_OPER_UP : IF_OPER_DORMANT);
6800 }
6801 
6802 
6803 static int wpa_driver_nl80211_set_supp_port(void *priv, int authorized)
6804 {
6805 	struct i802_bss *bss = priv;
6806 	struct wpa_driver_nl80211_data *drv = bss->drv;
6807 	struct nl_msg *msg;
6808 	struct nl80211_sta_flag_update upd;
6809 	int ret;
6810 
6811 	if (!drv->associated && is_zero_ether_addr(drv->bssid) && !authorized) {
6812 		wpa_printf(MSG_DEBUG, "nl80211: Skip set_supp_port(unauthorized) while not associated");
6813 		return 0;
6814 	}
6815 
6816 	wpa_printf(MSG_DEBUG, "nl80211: Set supplicant port %sauthorized for "
6817 		   MACSTR, authorized ? "" : "un", MAC2STR(drv->bssid));
6818 
6819 	os_memset(&upd, 0, sizeof(upd));
6820 	upd.mask = BIT(NL80211_STA_FLAG_AUTHORIZED);
6821 	if (authorized)
6822 		upd.set = BIT(NL80211_STA_FLAG_AUTHORIZED);
6823 
6824 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
6825 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, drv->bssid) ||
6826 	    nla_put(msg, NL80211_ATTR_STA_FLAGS2, sizeof(upd), &upd)) {
6827 		nlmsg_free(msg);
6828 		return -ENOBUFS;
6829 	}
6830 
6831 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6832 	if (!ret)
6833 		return 0;
6834 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set STA flag: %d (%s)",
6835 		   ret, strerror(-ret));
6836 	return ret;
6837 }
6838 
6839 
6840 /* Set kernel driver on given frequency (MHz) */
6841 static int i802_set_freq(void *priv, struct hostapd_freq_params *freq)
6842 {
6843 	struct i802_bss *bss = priv;
6844 	return nl80211_set_channel(bss, freq, 0);
6845 }
6846 
6847 
6848 static inline int min_int(int a, int b)
6849 {
6850 	if (a < b)
6851 		return a;
6852 	return b;
6853 }
6854 
6855 
6856 static int get_key_handler(struct nl_msg *msg, void *arg)
6857 {
6858 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
6859 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
6860 
6861 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
6862 		  genlmsg_attrlen(gnlh, 0), NULL);
6863 
6864 	/*
6865 	 * TODO: validate the key index and mac address!
6866 	 * Otherwise, there's a race condition as soon as
6867 	 * the kernel starts sending key notifications.
6868 	 */
6869 
6870 	if (tb[NL80211_ATTR_KEY_SEQ])
6871 		memcpy(arg, nla_data(tb[NL80211_ATTR_KEY_SEQ]),
6872 		       min_int(nla_len(tb[NL80211_ATTR_KEY_SEQ]), 6));
6873 	nl80211_nlmsg_clear(msg);
6874 	return NL_SKIP;
6875 }
6876 
6877 
6878 static int i802_get_seqnum(const char *iface, void *priv, const u8 *addr,
6879 			   int idx, u8 *seq)
6880 {
6881 	struct i802_bss *bss = priv;
6882 	struct wpa_driver_nl80211_data *drv = bss->drv;
6883 	struct nl_msg *msg;
6884 
6885 	msg = nl80211_ifindex_msg(drv, if_nametoindex(iface), 0,
6886 				  NL80211_CMD_GET_KEY);
6887 	if (!msg ||
6888 	    (addr && nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) ||
6889 	    nla_put_u8(msg, NL80211_ATTR_KEY_IDX, idx)) {
6890 		nlmsg_free(msg);
6891 		return -ENOBUFS;
6892 	}
6893 
6894 	memset(seq, 0, 6);
6895 
6896 	return send_and_recv_msgs(drv, msg, get_key_handler, seq, NULL, NULL);
6897 }
6898 
6899 
6900 static int i802_set_rts(void *priv, int rts)
6901 {
6902 	struct i802_bss *bss = priv;
6903 	struct wpa_driver_nl80211_data *drv = bss->drv;
6904 	struct nl_msg *msg;
6905 	int ret;
6906 	u32 val;
6907 
6908 	if (rts >= 2347 || rts == -1)
6909 		val = (u32) -1;
6910 	else
6911 		val = rts;
6912 
6913 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
6914 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, val)) {
6915 		nlmsg_free(msg);
6916 		return -ENOBUFS;
6917 	}
6918 
6919 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6920 	if (!ret)
6921 		return 0;
6922 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set RTS threshold %d: "
6923 		   "%d (%s)", rts, ret, strerror(-ret));
6924 	return ret;
6925 }
6926 
6927 
6928 static int i802_set_frag(void *priv, int frag)
6929 {
6930 	struct i802_bss *bss = priv;
6931 	struct wpa_driver_nl80211_data *drv = bss->drv;
6932 	struct nl_msg *msg;
6933 	int ret;
6934 	u32 val;
6935 
6936 	if (frag >= 2346 || frag == -1)
6937 		val = (u32) -1;
6938 	else
6939 		val = frag;
6940 
6941 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_WIPHY)) ||
6942 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, val)) {
6943 		nlmsg_free(msg);
6944 		return -ENOBUFS;
6945 	}
6946 
6947 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
6948 	if (!ret)
6949 		return 0;
6950 	wpa_printf(MSG_DEBUG, "nl80211: Failed to set fragmentation threshold "
6951 		   "%d: %d (%s)", frag, ret, strerror(-ret));
6952 	return ret;
6953 }
6954 
6955 
6956 static int i802_flush(void *priv)
6957 {
6958 	struct i802_bss *bss = priv;
6959 	struct nl_msg *msg;
6960 	int res;
6961 
6962 	wpa_printf(MSG_DEBUG, "nl80211: flush -> DEL_STATION %s (all)",
6963 		   bss->ifname);
6964 
6965 	/*
6966 	 * XXX: FIX! this needs to flush all VLANs too
6967 	 */
6968 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_STATION);
6969 	res = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
6970 	if (res) {
6971 		wpa_printf(MSG_DEBUG, "nl80211: Station flush failed: ret=%d "
6972 			   "(%s)", res, strerror(-res));
6973 	}
6974 	return res;
6975 }
6976 
6977 
6978 static void get_sta_tid_stats(struct hostap_sta_driver_data *data,
6979 			      struct nlattr *attr)
6980 {
6981 	struct nlattr *tid_stats[NL80211_TID_STATS_MAX + 1], *tidattr;
6982 	struct nlattr *txq_stats[NL80211_TXQ_STATS_MAX + 1];
6983 	static struct nla_policy txq_stats_policy[NL80211_TXQ_STATS_MAX + 1] = {
6984 		[NL80211_TXQ_STATS_BACKLOG_BYTES] = { .type = NLA_U32 },
6985 		[NL80211_TXQ_STATS_BACKLOG_PACKETS] = { .type = NLA_U32 },
6986 	};
6987 	int rem;
6988 
6989 	nla_for_each_nested(tidattr, attr, rem) {
6990 		if (nla_parse_nested(tid_stats, NL80211_TID_STATS_MAX,
6991 				     tidattr, NULL) != 0 ||
6992 		    !tid_stats[NL80211_TID_STATS_TXQ_STATS] ||
6993 		    nla_parse_nested(txq_stats, NL80211_TXQ_STATS_MAX,
6994 				     tid_stats[NL80211_TID_STATS_TXQ_STATS],
6995 				     txq_stats_policy) != 0)
6996 			continue;
6997 		/* sum the backlogs over all TIDs for station */
6998 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES])
6999 			data->backlog_bytes += nla_get_u32(
7000 				txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES]);
7001 		if (txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS])
7002 			data->backlog_bytes += nla_get_u32(
7003 				txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS]);
7004 	}
7005 }
7006 
7007 
7008 static int get_sta_handler(struct nl_msg *msg, void *arg)
7009 {
7010 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7011 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7012 	struct hostap_sta_driver_data *data = arg;
7013 	struct nlattr *stats[NL80211_STA_INFO_MAX + 1];
7014 	static struct nla_policy stats_policy[NL80211_STA_INFO_MAX + 1] = {
7015 		[NL80211_STA_INFO_INACTIVE_TIME] = { .type = NLA_U32 },
7016 		[NL80211_STA_INFO_RX_BYTES] = { .type = NLA_U32 },
7017 		[NL80211_STA_INFO_TX_BYTES] = { .type = NLA_U32 },
7018 		[NL80211_STA_INFO_RX_PACKETS] = { .type = NLA_U32 },
7019 		[NL80211_STA_INFO_TX_PACKETS] = { .type = NLA_U32 },
7020 		[NL80211_STA_INFO_TX_FAILED] = { .type = NLA_U32 },
7021 		[NL80211_STA_INFO_RX_BYTES64] = { .type = NLA_U64 },
7022 		[NL80211_STA_INFO_TX_BYTES64] = { .type = NLA_U64 },
7023 		[NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
7024 		[NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 },
7025 		[NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 },
7026 		[NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 },
7027 	};
7028 	struct nlattr *rate[NL80211_RATE_INFO_MAX + 1];
7029 	static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
7030 		[NL80211_RATE_INFO_BITRATE] = { .type = NLA_U16 },
7031 		[NL80211_RATE_INFO_BITRATE32] = { .type = NLA_U32 },
7032 		[NL80211_RATE_INFO_MCS] = { .type = NLA_U8 },
7033 		[NL80211_RATE_INFO_VHT_MCS] = { .type = NLA_U8 },
7034 		[NL80211_RATE_INFO_SHORT_GI] = { .type = NLA_FLAG },
7035 		[NL80211_RATE_INFO_VHT_NSS] = { .type = NLA_U8 },
7036 	};
7037 
7038 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7039 		  genlmsg_attrlen(gnlh, 0), NULL);
7040 
7041 	/*
7042 	 * TODO: validate the interface and mac address!
7043 	 * Otherwise, there's a race condition as soon as
7044 	 * the kernel starts sending station notifications.
7045 	 */
7046 
7047 	if (!tb[NL80211_ATTR_STA_INFO]) {
7048 		wpa_printf(MSG_DEBUG, "sta stats missing!");
7049 		return NL_SKIP;
7050 	}
7051 	if (nla_parse_nested(stats, NL80211_STA_INFO_MAX,
7052 			     tb[NL80211_ATTR_STA_INFO],
7053 			     stats_policy)) {
7054 		wpa_printf(MSG_DEBUG, "failed to parse nested attributes!");
7055 		return NL_SKIP;
7056 	}
7057 
7058 	if (stats[NL80211_STA_INFO_INACTIVE_TIME])
7059 		data->inactive_msec =
7060 			nla_get_u32(stats[NL80211_STA_INFO_INACTIVE_TIME]);
7061 	/* For backwards compatibility, fetch the 32-bit counters first. */
7062 	if (stats[NL80211_STA_INFO_RX_BYTES])
7063 		data->rx_bytes = nla_get_u32(stats[NL80211_STA_INFO_RX_BYTES]);
7064 	if (stats[NL80211_STA_INFO_TX_BYTES])
7065 		data->tx_bytes = nla_get_u32(stats[NL80211_STA_INFO_TX_BYTES]);
7066 	if (stats[NL80211_STA_INFO_RX_BYTES64] &&
7067 	    stats[NL80211_STA_INFO_TX_BYTES64]) {
7068 		/*
7069 		 * The driver supports 64-bit counters, so use them to override
7070 		 * the 32-bit values.
7071 		 */
7072 		data->rx_bytes =
7073 			nla_get_u64(stats[NL80211_STA_INFO_RX_BYTES64]);
7074 		data->tx_bytes =
7075 			nla_get_u64(stats[NL80211_STA_INFO_TX_BYTES64]);
7076 		data->bytes_64bit = 1;
7077 	}
7078 	if (stats[NL80211_STA_INFO_RX_PACKETS])
7079 		data->rx_packets =
7080 			nla_get_u32(stats[NL80211_STA_INFO_RX_PACKETS]);
7081 	if (stats[NL80211_STA_INFO_TX_PACKETS])
7082 		data->tx_packets =
7083 			nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
7084 	if (stats[NL80211_STA_INFO_RX_DURATION])
7085 		data->rx_airtime =
7086 			nla_get_u64(stats[NL80211_STA_INFO_RX_DURATION]);
7087 	if (stats[NL80211_STA_INFO_TX_DURATION])
7088 		data->tx_airtime =
7089 			nla_get_u64(stats[NL80211_STA_INFO_TX_DURATION]);
7090 	if (stats[NL80211_STA_INFO_TX_FAILED])
7091 		data->tx_retry_failed =
7092 			nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
7093 	if (stats[NL80211_STA_INFO_SIGNAL])
7094 		data->signal = nla_get_u8(stats[NL80211_STA_INFO_SIGNAL]);
7095 	if (stats[NL80211_STA_INFO_ACK_SIGNAL]) {
7096 		data->last_ack_rssi =
7097 			nla_get_u8(stats[NL80211_STA_INFO_ACK_SIGNAL]);
7098 		data->flags |= STA_DRV_DATA_LAST_ACK_RSSI;
7099 	}
7100 
7101 	if (stats[NL80211_STA_INFO_TX_BITRATE] &&
7102 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
7103 			     stats[NL80211_STA_INFO_TX_BITRATE],
7104 			     rate_policy) == 0) {
7105 		if (rate[NL80211_RATE_INFO_BITRATE32])
7106 			data->current_tx_rate =
7107 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
7108 		else if (rate[NL80211_RATE_INFO_BITRATE])
7109 			data->current_tx_rate =
7110 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
7111 
7112 		if (rate[NL80211_RATE_INFO_MCS]) {
7113 			data->tx_mcs = nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
7114 			data->flags |= STA_DRV_DATA_TX_MCS;
7115 		}
7116 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
7117 			data->tx_vhtmcs =
7118 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
7119 			data->flags |= STA_DRV_DATA_TX_VHT_MCS;
7120 		}
7121 		if (rate[NL80211_RATE_INFO_SHORT_GI])
7122 			data->flags |= STA_DRV_DATA_TX_SHORT_GI;
7123 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
7124 			data->tx_vht_nss =
7125 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
7126 			data->flags |= STA_DRV_DATA_TX_VHT_NSS;
7127 		}
7128 	}
7129 
7130 	if (stats[NL80211_STA_INFO_RX_BITRATE] &&
7131 	    nla_parse_nested(rate, NL80211_RATE_INFO_MAX,
7132 			     stats[NL80211_STA_INFO_RX_BITRATE],
7133 			     rate_policy) == 0) {
7134 		if (rate[NL80211_RATE_INFO_BITRATE32])
7135 			data->current_rx_rate =
7136 				nla_get_u32(rate[NL80211_RATE_INFO_BITRATE32]);
7137 		else if (rate[NL80211_RATE_INFO_BITRATE])
7138 			data->current_rx_rate =
7139 				nla_get_u16(rate[NL80211_RATE_INFO_BITRATE]);
7140 
7141 		if (rate[NL80211_RATE_INFO_MCS]) {
7142 			data->rx_mcs =
7143 				nla_get_u8(rate[NL80211_RATE_INFO_MCS]);
7144 			data->flags |= STA_DRV_DATA_RX_MCS;
7145 		}
7146 		if (rate[NL80211_RATE_INFO_VHT_MCS]) {
7147 			data->rx_vhtmcs =
7148 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_MCS]);
7149 			data->flags |= STA_DRV_DATA_RX_VHT_MCS;
7150 		}
7151 		if (rate[NL80211_RATE_INFO_SHORT_GI])
7152 			data->flags |= STA_DRV_DATA_RX_SHORT_GI;
7153 		if (rate[NL80211_RATE_INFO_VHT_NSS]) {
7154 			data->rx_vht_nss =
7155 				nla_get_u8(rate[NL80211_RATE_INFO_VHT_NSS]);
7156 			data->flags |= STA_DRV_DATA_RX_VHT_NSS;
7157 		}
7158 	}
7159 
7160 	if (stats[NL80211_STA_INFO_TID_STATS])
7161 		get_sta_tid_stats(data, stats[NL80211_STA_INFO_TID_STATS]);
7162 
7163 	return NL_SKIP;
7164 }
7165 
7166 static int i802_read_sta_data(struct i802_bss *bss,
7167 			      struct hostap_sta_driver_data *data,
7168 			      const u8 *addr)
7169 {
7170 	struct nl_msg *msg;
7171 
7172 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_GET_STATION)) ||
7173 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
7174 		nlmsg_free(msg);
7175 		return -ENOBUFS;
7176 	}
7177 
7178 	return send_and_recv_msgs(bss->drv, msg, get_sta_handler, data,
7179 				  NULL, NULL);
7180 }
7181 
7182 
7183 static int i802_set_tx_queue_params(void *priv, int queue, int aifs,
7184 				    int cw_min, int cw_max, int burst_time)
7185 {
7186 	struct i802_bss *bss = priv;
7187 	struct wpa_driver_nl80211_data *drv = bss->drv;
7188 	struct nl_msg *msg;
7189 	struct nlattr *txq, *params;
7190 	int res;
7191 
7192 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_WIPHY);
7193 	if (!msg)
7194 		return -1;
7195 
7196 	txq = nla_nest_start(msg, NL80211_ATTR_WIPHY_TXQ_PARAMS);
7197 	if (!txq)
7198 		goto fail;
7199 
7200 	/* We are only sending parameters for a single TXQ at a time */
7201 	params = nla_nest_start(msg, 1);
7202 	if (!params)
7203 		goto fail;
7204 
7205 	switch (queue) {
7206 	case 0:
7207 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VO))
7208 			goto fail;
7209 		break;
7210 	case 1:
7211 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_VI))
7212 			goto fail;
7213 		break;
7214 	case 2:
7215 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BE))
7216 			goto fail;
7217 		break;
7218 	case 3:
7219 		if (nla_put_u8(msg, NL80211_TXQ_ATTR_QUEUE, NL80211_TXQ_Q_BK))
7220 			goto fail;
7221 		break;
7222 	}
7223 	/* Burst time is configured in units of 0.1 msec and TXOP parameter in
7224 	 * 32 usec, so need to convert the value here. */
7225 	if (nla_put_u16(msg, NL80211_TXQ_ATTR_TXOP,
7226 			(burst_time * 100 + 16) / 32) ||
7227 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMIN, cw_min) ||
7228 	    nla_put_u16(msg, NL80211_TXQ_ATTR_CWMAX, cw_max) ||
7229 	    nla_put_u8(msg, NL80211_TXQ_ATTR_AIFS, aifs))
7230 		goto fail;
7231 
7232 	nla_nest_end(msg, params);
7233 
7234 	nla_nest_end(msg, txq);
7235 
7236 	res = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
7237 	wpa_printf(MSG_DEBUG,
7238 		   "nl80211: TX queue param set: queue=%d aifs=%d cw_min=%d cw_max=%d burst_time=%d --> res=%d",
7239 		   queue, aifs, cw_min, cw_max, burst_time, res);
7240 	if (res == 0)
7241 		return 0;
7242 	msg = NULL;
7243 fail:
7244 	nlmsg_free(msg);
7245 	return -1;
7246 }
7247 
7248 
7249 static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
7250 			     const char *ifname, int vlan_id)
7251 {
7252 	struct wpa_driver_nl80211_data *drv = bss->drv;
7253 	struct nl_msg *msg;
7254 	int ret;
7255 
7256 	wpa_printf(MSG_DEBUG, "nl80211: %s[%d]: set_sta_vlan(" MACSTR
7257 		   ", ifname=%s[%d], vlan_id=%d)",
7258 		   bss->ifname, if_nametoindex(bss->ifname),
7259 		   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
7260 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
7261 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
7262 	    (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD) &&
7263 	     nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id)) ||
7264 	    nla_put_u32(msg, NL80211_ATTR_STA_VLAN, if_nametoindex(ifname))) {
7265 		nlmsg_free(msg);
7266 		return -ENOBUFS;
7267 	}
7268 
7269 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
7270 	if (ret < 0) {
7271 		wpa_printf(MSG_ERROR, "nl80211: NL80211_ATTR_STA_VLAN (addr="
7272 			   MACSTR " ifname=%s vlan_id=%d) failed: %d (%s)",
7273 			   MAC2STR(addr), ifname, vlan_id, ret,
7274 			   strerror(-ret));
7275 	}
7276 	return ret;
7277 }
7278 
7279 
7280 static int i802_get_inact_sec(void *priv, const u8 *addr)
7281 {
7282 	struct hostap_sta_driver_data data;
7283 	int ret;
7284 
7285 	os_memset(&data, 0, sizeof(data));
7286 	data.inactive_msec = (unsigned long) -1;
7287 	ret = i802_read_sta_data(priv, &data, addr);
7288 	if (ret == -ENOENT)
7289 		return -ENOENT;
7290 	if (ret || data.inactive_msec == (unsigned long) -1)
7291 		return -1;
7292 	return data.inactive_msec / 1000;
7293 }
7294 
7295 
7296 static int i802_sta_clear_stats(void *priv, const u8 *addr)
7297 {
7298 #if 0
7299 	/* TODO */
7300 #endif
7301 	return 0;
7302 }
7303 
7304 
7305 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
7306 			   u16 reason)
7307 {
7308 	struct i802_bss *bss = priv;
7309 	struct wpa_driver_nl80211_data *drv = bss->drv;
7310 	struct ieee80211_mgmt mgmt;
7311 	u8 channel;
7312 
7313 	if (ieee80211_freq_to_chan(bss->freq, &channel) ==
7314 	    HOSTAPD_MODE_IEEE80211AD) {
7315 		/* Deauthentication is not used in DMG/IEEE 802.11ad;
7316 		 * disassociate the STA instead. */
7317 		return i802_sta_disassoc(priv, own_addr, addr, reason);
7318 	}
7319 
7320 	if (is_mesh_interface(drv->nlmode))
7321 		return -1;
7322 
7323 	if (drv->device_ap_sme)
7324 		return wpa_driver_nl80211_sta_remove(bss, addr, 1, reason);
7325 
7326 	memset(&mgmt, 0, sizeof(mgmt));
7327 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7328 					  WLAN_FC_STYPE_DEAUTH);
7329 	memcpy(mgmt.da, addr, ETH_ALEN);
7330 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
7331 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7332 	mgmt.u.deauth.reason_code = host_to_le16(reason);
7333 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7334 					    IEEE80211_HDRLEN +
7335 					    sizeof(mgmt.u.deauth), 0, 0, 0, 0,
7336 					    0, NULL, 0, 0);
7337 }
7338 
7339 
7340 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
7341 			     u16 reason)
7342 {
7343 	struct i802_bss *bss = priv;
7344 	struct wpa_driver_nl80211_data *drv = bss->drv;
7345 	struct ieee80211_mgmt mgmt;
7346 
7347 	if (is_mesh_interface(drv->nlmode))
7348 		return -1;
7349 
7350 	if (drv->device_ap_sme)
7351 		return wpa_driver_nl80211_sta_remove(bss, addr, 0, reason);
7352 
7353 	memset(&mgmt, 0, sizeof(mgmt));
7354 	mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
7355 					  WLAN_FC_STYPE_DISASSOC);
7356 	memcpy(mgmt.da, addr, ETH_ALEN);
7357 	memcpy(mgmt.sa, own_addr, ETH_ALEN);
7358 	memcpy(mgmt.bssid, own_addr, ETH_ALEN);
7359 	mgmt.u.disassoc.reason_code = host_to_le16(reason);
7360 	return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
7361 					    IEEE80211_HDRLEN +
7362 					    sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
7363 					    0, NULL, 0, 0);
7364 }
7365 
7366 
7367 static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
7368 {
7369 	char buf[200], *pos, *end;
7370 	int i, res;
7371 
7372 	pos = buf;
7373 	end = pos + sizeof(buf);
7374 
7375 	for (i = 0; i < drv->num_if_indices; i++) {
7376 		if (!drv->if_indices[i].ifindex)
7377 			continue;
7378 		res = os_snprintf(pos, end - pos, " %d(%d)",
7379 				  drv->if_indices[i].ifindex,
7380 				  drv->if_indices[i].reason);
7381 		if (os_snprintf_error(end - pos, res))
7382 			break;
7383 		pos += res;
7384 	}
7385 	*pos = '\0';
7386 
7387 	wpa_printf(MSG_DEBUG, "nl80211: if_indices[%d]:%s",
7388 		   drv->num_if_indices, buf);
7389 }
7390 
7391 
7392 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7393 		      int ifidx_reason)
7394 {
7395 	int i;
7396 	struct drv_nl80211_if_info *old;
7397 
7398 	wpa_printf(MSG_DEBUG,
7399 		   "nl80211: Add own interface ifindex %d (ifidx_reason %d)",
7400 		   ifidx, ifidx_reason);
7401 	if (have_ifidx(drv, ifidx, ifidx_reason)) {
7402 		wpa_printf(MSG_DEBUG, "nl80211: ifindex %d already in the list",
7403 			   ifidx);
7404 		return;
7405 	}
7406 	for (i = 0; i < drv->num_if_indices; i++) {
7407 		if (drv->if_indices[i].ifindex == 0) {
7408 			drv->if_indices[i].ifindex = ifidx;
7409 			drv->if_indices[i].reason = ifidx_reason;
7410 			dump_ifidx(drv);
7411 			return;
7412 		}
7413 	}
7414 
7415 	if (drv->if_indices != drv->default_if_indices)
7416 		old = drv->if_indices;
7417 	else
7418 		old = NULL;
7419 
7420 	drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
7421 					   sizeof(*old));
7422 	if (!drv->if_indices) {
7423 		if (!old)
7424 			drv->if_indices = drv->default_if_indices;
7425 		else
7426 			drv->if_indices = old;
7427 		wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
7428 			   "interfaces");
7429 		wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
7430 		return;
7431 	}
7432 	if (!old)
7433 		os_memcpy(drv->if_indices, drv->default_if_indices,
7434 			  sizeof(drv->default_if_indices));
7435 	drv->if_indices[drv->num_if_indices].ifindex = ifidx;
7436 	drv->if_indices[drv->num_if_indices].reason = ifidx_reason;
7437 	drv->num_if_indices++;
7438 	dump_ifidx(drv);
7439 }
7440 
7441 
7442 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7443 		      int ifidx_reason)
7444 {
7445 	int i;
7446 
7447 	for (i = 0; i < drv->num_if_indices; i++) {
7448 		if ((drv->if_indices[i].ifindex == ifidx ||
7449 		     ifidx == IFIDX_ANY) &&
7450 		    (drv->if_indices[i].reason == ifidx_reason ||
7451 		     ifidx_reason == IFIDX_ANY)) {
7452 			drv->if_indices[i].ifindex = 0;
7453 			drv->if_indices[i].reason = 0;
7454 			break;
7455 		}
7456 	}
7457 	dump_ifidx(drv);
7458 }
7459 
7460 
7461 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
7462 		      int ifidx_reason)
7463 {
7464 	int i;
7465 
7466 	for (i = 0; i < drv->num_if_indices; i++)
7467 		if (drv->if_indices[i].ifindex == ifidx &&
7468 		    (drv->if_indices[i].reason == ifidx_reason ||
7469 		     ifidx_reason == IFIDX_ANY))
7470 			return 1;
7471 
7472 	return 0;
7473 }
7474 
7475 
7476 static int i802_set_wds_sta(void *priv, const u8 *addr, int aid, int val,
7477 			    const char *bridge_ifname, char *ifname_wds)
7478 {
7479 	struct i802_bss *bss = priv;
7480 	struct wpa_driver_nl80211_data *drv = bss->drv;
7481 	char name[IFNAMSIZ + 1];
7482 	union wpa_event_data event;
7483 	int ret;
7484 
7485 	ret = os_snprintf(name, sizeof(name), "%s.sta%d", bss->ifname, aid);
7486 	if (ret >= (int) sizeof(name))
7487 		wpa_printf(MSG_WARNING,
7488 			   "nl80211: WDS interface name was truncated");
7489 	else if (ret < 0)
7490 		return ret;
7491 
7492 	if (ifname_wds)
7493 		os_strlcpy(ifname_wds, name, IFNAMSIZ + 1);
7494 
7495 	wpa_printf(MSG_DEBUG, "nl80211: Set WDS STA addr=" MACSTR
7496 		   " aid=%d val=%d name=%s", MAC2STR(addr), aid, val, name);
7497 	if (val) {
7498 		if (!if_nametoindex(name)) {
7499 			if (nl80211_create_iface(drv, name,
7500 						 NL80211_IFTYPE_AP_VLAN,
7501 						 bss->addr, 1, NULL, NULL, 0) <
7502 			    0)
7503 				return -1;
7504 			if (bridge_ifname &&
7505 			    linux_br_add_if(drv->global->ioctl_sock,
7506 					    bridge_ifname, name) < 0)
7507 				return -1;
7508 
7509 			os_memset(&event, 0, sizeof(event));
7510 			event.wds_sta_interface.sta_addr = addr;
7511 			event.wds_sta_interface.ifname = name;
7512 			event.wds_sta_interface.istatus = INTERFACE_ADDED;
7513 			wpa_supplicant_event(bss->ctx,
7514 					     EVENT_WDS_STA_INTERFACE_STATUS,
7515 					     &event);
7516 		}
7517 		if (linux_set_iface_flags(drv->global->ioctl_sock, name, 1)) {
7518 			wpa_printf(MSG_ERROR, "nl80211: Failed to set WDS STA "
7519 				   "interface %s up", name);
7520 		}
7521 		return i802_set_sta_vlan(priv, addr, name, 0);
7522 	} else {
7523 		if (bridge_ifname &&
7524 		    linux_br_del_if(drv->global->ioctl_sock, bridge_ifname,
7525 				    name) < 0)
7526 			wpa_printf(MSG_INFO,
7527 				   "nl80211: Failed to remove interface %s from bridge %s: %s",
7528 				   name, bridge_ifname, strerror(errno));
7529 
7530 		i802_set_sta_vlan(priv, addr, bss->ifname, 0);
7531 		nl80211_remove_iface(drv, if_nametoindex(name));
7532 		os_memset(&event, 0, sizeof(event));
7533 		event.wds_sta_interface.sta_addr = addr;
7534 		event.wds_sta_interface.ifname = name;
7535 		event.wds_sta_interface.istatus = INTERFACE_REMOVED;
7536 		wpa_supplicant_event(bss->ctx, EVENT_WDS_STA_INTERFACE_STATUS,
7537 				     &event);
7538 		return 0;
7539 	}
7540 }
7541 
7542 
7543 static void handle_eapol(int sock, void *eloop_ctx, void *sock_ctx)
7544 {
7545 	struct wpa_driver_nl80211_data *drv = eloop_ctx;
7546 	struct sockaddr_ll lladdr;
7547 	unsigned char buf[3000];
7548 	int len;
7549 	socklen_t fromlen = sizeof(lladdr);
7550 
7551 	len = recvfrom(sock, buf, sizeof(buf), 0,
7552 		       (struct sockaddr *)&lladdr, &fromlen);
7553 	if (len < 0) {
7554 		wpa_printf(MSG_ERROR, "nl80211: EAPOL recv failed: %s",
7555 			   strerror(errno));
7556 		return;
7557 	}
7558 
7559 	if (have_ifidx(drv, lladdr.sll_ifindex, IFIDX_ANY))
7560 		drv_event_eapol_rx(drv->ctx, lladdr.sll_addr, buf, len);
7561 }
7562 
7563 
7564 static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
7565 			     struct i802_bss *bss,
7566 			     const char *brname, const char *ifname)
7567 {
7568 	int br_ifindex;
7569 	char in_br[IFNAMSIZ];
7570 
7571 	os_strlcpy(bss->brname, brname, IFNAMSIZ);
7572 	br_ifindex = if_nametoindex(brname);
7573 	if (br_ifindex == 0) {
7574 		/*
7575 		 * Bridge was configured, but the bridge device does
7576 		 * not exist. Try to add it now.
7577 		 */
7578 		if (linux_br_add(drv->global->ioctl_sock, brname) < 0) {
7579 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the "
7580 				   "bridge interface %s: %s",
7581 				   brname, strerror(errno));
7582 			return -1;
7583 		}
7584 		bss->added_bridge = 1;
7585 		br_ifindex = if_nametoindex(brname);
7586 		add_ifidx(drv, br_ifindex, drv->ifindex);
7587 	}
7588 	bss->br_ifindex = br_ifindex;
7589 
7590 	if (linux_br_get(in_br, ifname) == 0) {
7591 		if (os_strcmp(in_br, brname) == 0) {
7592 			bss->already_in_bridge = 1;
7593 			return 0; /* already in the bridge */
7594 		}
7595 
7596 		wpa_printf(MSG_DEBUG, "nl80211: Removing interface %s from "
7597 			   "bridge %s", ifname, in_br);
7598 		if (linux_br_del_if(drv->global->ioctl_sock, in_br, ifname) <
7599 		    0) {
7600 			wpa_printf(MSG_ERROR, "nl80211: Failed to "
7601 				   "remove interface %s from bridge "
7602 				   "%s: %s",
7603 				   ifname, in_br, strerror(errno));
7604 			return -1;
7605 		}
7606 	}
7607 
7608 	wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
7609 		   ifname, brname);
7610 	if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
7611 		wpa_printf(MSG_WARNING,
7612 			   "nl80211: Failed to add interface %s into bridge %s: %s",
7613 			   ifname, brname, strerror(errno));
7614 		/* Try to continue without the interface being in a bridge. This
7615 		 * may be needed for some cases, e.g., with Open vSwitch, where
7616 		 * an external component will need to handle bridge
7617 		 * configuration. */
7618 		return 0;
7619 	}
7620 	bss->added_if_into_bridge = 1;
7621 
7622 	return 0;
7623 }
7624 
7625 
7626 static void *i802_init(struct hostapd_data *hapd,
7627 		       struct wpa_init_params *params)
7628 {
7629 	struct wpa_driver_nl80211_data *drv;
7630 	struct i802_bss *bss;
7631 	size_t i;
7632 	char master_ifname[IFNAMSIZ];
7633 	int ifindex, br_ifindex = 0;
7634 	int br_added = 0;
7635 
7636 	bss = wpa_driver_nl80211_drv_init(hapd, params->ifname,
7637 					  params->global_priv, 1,
7638 					  params->bssid, params->driver_params);
7639 	if (bss == NULL)
7640 		return NULL;
7641 
7642 	drv = bss->drv;
7643 
7644 	if (linux_br_get(master_ifname, params->ifname) == 0) {
7645 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in bridge %s",
7646 			   params->ifname, master_ifname);
7647 		br_ifindex = if_nametoindex(master_ifname);
7648 		os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
7649 	} else if ((params->num_bridge == 0 || !params->bridge[0]) &&
7650 		   linux_master_get(master_ifname, params->ifname) == 0) {
7651 		wpa_printf(MSG_DEBUG, "nl80211: Interface %s is in master %s",
7652 			params->ifname, master_ifname);
7653 		/* start listening for EAPOL on the master interface */
7654 		add_ifidx(drv, if_nametoindex(master_ifname), drv->ifindex);
7655 
7656 		/* check if master itself is under bridge */
7657 		if (linux_br_get(master_ifname, master_ifname) == 0) {
7658 			wpa_printf(MSG_DEBUG, "nl80211: which is in bridge %s",
7659 				   master_ifname);
7660 			br_ifindex = if_nametoindex(master_ifname);
7661 			os_strlcpy(bss->brname, master_ifname, IFNAMSIZ);
7662 		}
7663 	} else {
7664 		master_ifname[0] = '\0';
7665 	}
7666 
7667 	bss->br_ifindex = br_ifindex;
7668 
7669 	for (i = 0; i < params->num_bridge; i++) {
7670 		if (params->bridge[i]) {
7671 			ifindex = if_nametoindex(params->bridge[i]);
7672 			if (ifindex)
7673 				add_ifidx(drv, ifindex, drv->ifindex);
7674 			if (ifindex == br_ifindex)
7675 				br_added = 1;
7676 		}
7677 	}
7678 
7679 	/* start listening for EAPOL on the default AP interface */
7680 	add_ifidx(drv, drv->ifindex, IFIDX_ANY);
7681 
7682 	if (params->num_bridge && params->bridge[0]) {
7683 		if (i802_check_bridge(drv, bss, params->bridge[0],
7684 				      params->ifname) < 0)
7685 			goto failed;
7686 		if (os_strcmp(params->bridge[0], master_ifname) != 0)
7687 			br_added = 1;
7688 	}
7689 
7690 	if (!br_added && br_ifindex &&
7691 	    (params->num_bridge == 0 || !params->bridge[0]))
7692 		add_ifidx(drv, br_ifindex, drv->ifindex);
7693 
7694 #ifdef CONFIG_LIBNL3_ROUTE
7695 	if (bss->added_if_into_bridge || bss->already_in_bridge) {
7696 		int err;
7697 
7698 		drv->rtnl_sk = nl_socket_alloc();
7699 		if (drv->rtnl_sk == NULL) {
7700 			wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
7701 			goto failed;
7702 		}
7703 
7704 		err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
7705 		if (err) {
7706 			wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
7707 				   nl_geterror(err));
7708 			goto failed;
7709 		}
7710 	}
7711 #endif /* CONFIG_LIBNL3_ROUTE */
7712 
7713 	if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) {
7714 		wpa_printf(MSG_DEBUG,
7715 			   "nl80211: Do not open EAPOL RX socket - using control port for RX");
7716 		goto skip_eapol_sock;
7717 	}
7718 
7719 	drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE));
7720 	if (drv->eapol_sock < 0) {
7721 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s",
7722 			   strerror(errno));
7723 		goto failed;
7724 	}
7725 
7726 	if (eloop_register_read_sock(drv->eapol_sock, handle_eapol, drv, NULL))
7727 	{
7728 		wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol");
7729 		goto failed;
7730 	}
7731 skip_eapol_sock:
7732 
7733 	if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname,
7734 			       params->own_addr))
7735 		goto failed;
7736 	os_memcpy(drv->perm_addr, params->own_addr, ETH_ALEN);
7737 
7738 	memcpy(bss->addr, params->own_addr, ETH_ALEN);
7739 
7740 	return bss;
7741 
7742 failed:
7743 	wpa_driver_nl80211_deinit(bss);
7744 	return NULL;
7745 }
7746 
7747 
7748 static void i802_deinit(void *priv)
7749 {
7750 	struct i802_bss *bss = priv;
7751 	wpa_driver_nl80211_deinit(bss);
7752 }
7753 
7754 
7755 static enum nl80211_iftype wpa_driver_nl80211_if_type(
7756 	enum wpa_driver_if_type type)
7757 {
7758 	switch (type) {
7759 	case WPA_IF_STATION:
7760 		return NL80211_IFTYPE_STATION;
7761 	case WPA_IF_P2P_CLIENT:
7762 	case WPA_IF_P2P_GROUP:
7763 		return NL80211_IFTYPE_P2P_CLIENT;
7764 	case WPA_IF_AP_VLAN:
7765 		return NL80211_IFTYPE_AP_VLAN;
7766 	case WPA_IF_AP_BSS:
7767 		return NL80211_IFTYPE_AP;
7768 	case WPA_IF_P2P_GO:
7769 		return NL80211_IFTYPE_P2P_GO;
7770 	case WPA_IF_P2P_DEVICE:
7771 		return NL80211_IFTYPE_P2P_DEVICE;
7772 	case WPA_IF_MESH:
7773 		return NL80211_IFTYPE_MESH_POINT;
7774 	default:
7775 		return -1;
7776 	}
7777 }
7778 
7779 
7780 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
7781 {
7782 	struct wpa_driver_nl80211_data *drv;
7783 	dl_list_for_each(drv, &global->interfaces,
7784 			 struct wpa_driver_nl80211_data, list) {
7785 		if (os_memcmp(addr, drv->first_bss->addr, ETH_ALEN) == 0)
7786 			return 1;
7787 	}
7788 	return 0;
7789 }
7790 
7791 
7792 static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr)
7793 {
7794 	unsigned int idx;
7795 
7796 	if (!drv->global)
7797 		return -1;
7798 
7799 	os_memcpy(new_addr, drv->first_bss->addr, ETH_ALEN);
7800 	for (idx = 0; idx < 64; idx++) {
7801 		new_addr[0] = drv->first_bss->addr[0] | 0x02;
7802 		new_addr[0] ^= idx << 2;
7803 		if (!nl80211_addr_in_use(drv->global, new_addr))
7804 			break;
7805 	}
7806 	if (idx == 64)
7807 		return -1;
7808 
7809 	wpa_printf(MSG_DEBUG, "nl80211: Assigned new virtual interface address "
7810 		   MACSTR, MAC2STR(new_addr));
7811 
7812 	return 0;
7813 }
7814 
7815 
7816 struct wdev_info {
7817 	u64 wdev_id;
7818 	int wdev_id_set;
7819 	u8 macaddr[ETH_ALEN];
7820 };
7821 
7822 static int nl80211_wdev_handler(struct nl_msg *msg, void *arg)
7823 {
7824 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
7825 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
7826 	struct wdev_info *wi = arg;
7827 
7828 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
7829 		  genlmsg_attrlen(gnlh, 0), NULL);
7830 	if (tb[NL80211_ATTR_WDEV]) {
7831 		wi->wdev_id = nla_get_u64(tb[NL80211_ATTR_WDEV]);
7832 		wi->wdev_id_set = 1;
7833 	}
7834 
7835 	if (tb[NL80211_ATTR_MAC])
7836 		os_memcpy(wi->macaddr, nla_data(tb[NL80211_ATTR_MAC]),
7837 			  ETH_ALEN);
7838 
7839 	return NL_SKIP;
7840 }
7841 
7842 
7843 static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
7844 				     const char *ifname, const u8 *addr,
7845 				     void *bss_ctx, void **drv_priv,
7846 				     char *force_ifname, u8 *if_addr,
7847 				     const char *bridge, int use_existing,
7848 				     int setup_ap)
7849 {
7850 	enum nl80211_iftype nlmode;
7851 	struct i802_bss *bss = priv;
7852 	struct wpa_driver_nl80211_data *drv = bss->drv;
7853 	int ifidx;
7854 	int added = 1;
7855 
7856 	if (addr)
7857 		os_memcpy(if_addr, addr, ETH_ALEN);
7858 	nlmode = wpa_driver_nl80211_if_type(type);
7859 	if (nlmode == NL80211_IFTYPE_P2P_DEVICE) {
7860 		struct wdev_info p2pdev_info;
7861 
7862 		os_memset(&p2pdev_info, 0, sizeof(p2pdev_info));
7863 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
7864 					     0, nl80211_wdev_handler,
7865 					     &p2pdev_info, use_existing);
7866 		if (!p2pdev_info.wdev_id_set || ifidx != 0) {
7867 			wpa_printf(MSG_ERROR, "nl80211: Failed to create a P2P Device interface %s",
7868 				   ifname);
7869 			return -1;
7870 		}
7871 
7872 		drv->global->if_add_wdevid = p2pdev_info.wdev_id;
7873 		drv->global->if_add_wdevid_set = p2pdev_info.wdev_id_set;
7874 		if (!is_zero_ether_addr(p2pdev_info.macaddr))
7875 			os_memcpy(if_addr, p2pdev_info.macaddr, ETH_ALEN);
7876 		wpa_printf(MSG_DEBUG, "nl80211: New P2P Device interface %s (0x%llx) created",
7877 			   ifname,
7878 			   (long long unsigned int) p2pdev_info.wdev_id);
7879 	} else {
7880 		ifidx = nl80211_create_iface(drv, ifname, nlmode, addr,
7881 					     0, NULL, NULL, use_existing);
7882 		if (use_existing && ifidx == -ENFILE) {
7883 			added = 0;
7884 			ifidx = if_nametoindex(ifname);
7885 		} else if (ifidx < 0) {
7886 			return -1;
7887 		}
7888 	}
7889 
7890 	if (!addr) {
7891 		if (nlmode == NL80211_IFTYPE_P2P_DEVICE)
7892 			os_memcpy(if_addr, bss->addr, ETH_ALEN);
7893 		else if (linux_get_ifhwaddr(drv->global->ioctl_sock,
7894 					    ifname, if_addr) < 0) {
7895 			if (added)
7896 				nl80211_remove_iface(drv, ifidx);
7897 			return -1;
7898 		}
7899 	}
7900 
7901 	if (!addr &&
7902 	    (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
7903 	     type == WPA_IF_P2P_GO || type == WPA_IF_MESH ||
7904 	     type == WPA_IF_STATION)) {
7905 		/* Enforce unique address */
7906 		u8 new_addr[ETH_ALEN];
7907 
7908 		if (linux_get_ifhwaddr(drv->global->ioctl_sock, ifname,
7909 				       new_addr) < 0) {
7910 			if (added)
7911 				nl80211_remove_iface(drv, ifidx);
7912 			return -1;
7913 		}
7914 		if (nl80211_addr_in_use(drv->global, new_addr)) {
7915 			wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
7916 				   "for interface %s type %d", ifname, type);
7917 			if (nl80211_vif_addr(drv, new_addr) < 0) {
7918 				if (added)
7919 					nl80211_remove_iface(drv, ifidx);
7920 				return -1;
7921 			}
7922 			if (linux_set_ifhwaddr(drv->global->ioctl_sock, ifname,
7923 					       new_addr) < 0) {
7924 				if (added)
7925 					nl80211_remove_iface(drv, ifidx);
7926 				return -1;
7927 			}
7928 		}
7929 		os_memcpy(if_addr, new_addr, ETH_ALEN);
7930 	}
7931 
7932 	if (type == WPA_IF_AP_BSS && setup_ap) {
7933 		struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
7934 		if (new_bss == NULL) {
7935 			if (added)
7936 				nl80211_remove_iface(drv, ifidx);
7937 			return -1;
7938 		}
7939 
7940 		if (bridge &&
7941 		    i802_check_bridge(drv, new_bss, bridge, ifname) < 0) {
7942 			wpa_printf(MSG_ERROR, "nl80211: Failed to add the new "
7943 				   "interface %s to a bridge %s",
7944 				   ifname, bridge);
7945 			if (added)
7946 				nl80211_remove_iface(drv, ifidx);
7947 			os_free(new_bss);
7948 			return -1;
7949 		}
7950 
7951 		if (linux_set_iface_flags(drv->global->ioctl_sock, ifname, 1))
7952 		{
7953 			if (added)
7954 				nl80211_remove_iface(drv, ifidx);
7955 			os_free(new_bss);
7956 			return -1;
7957 		}
7958 		os_strlcpy(new_bss->ifname, ifname, IFNAMSIZ);
7959 		os_memcpy(new_bss->addr, if_addr, ETH_ALEN);
7960 		new_bss->ifindex = ifidx;
7961 		new_bss->drv = drv;
7962 		new_bss->next = drv->first_bss->next;
7963 		new_bss->freq = drv->first_bss->freq;
7964 		new_bss->ctx = bss_ctx;
7965 		new_bss->added_if = added;
7966 		drv->first_bss->next = new_bss;
7967 		if (drv_priv)
7968 			*drv_priv = new_bss;
7969 		nl80211_init_bss(new_bss);
7970 
7971 		/* Subscribe management frames for this WPA_IF_AP_BSS */
7972 		if (nl80211_setup_ap(new_bss))
7973 			return -1;
7974 	}
7975 
7976 	if (drv->global)
7977 		drv->global->if_add_ifindex = ifidx;
7978 
7979 	/*
7980 	 * Some virtual interfaces need to process EAPOL packets and events on
7981 	 * the parent interface. This is used mainly with hostapd.
7982 	 */
7983 	if (ifidx > 0 &&
7984 	    (drv->hostapd ||
7985 	     nlmode == NL80211_IFTYPE_AP_VLAN ||
7986 	     nlmode == NL80211_IFTYPE_WDS ||
7987 	     nlmode == NL80211_IFTYPE_MONITOR))
7988 		add_ifidx(drv, ifidx, IFIDX_ANY);
7989 
7990 	return 0;
7991 }
7992 
7993 
7994 static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
7995 					enum wpa_driver_if_type type,
7996 					const char *ifname)
7997 {
7998 	struct wpa_driver_nl80211_data *drv = bss->drv;
7999 	int ifindex = if_nametoindex(ifname);
8000 
8001 	wpa_printf(MSG_DEBUG, "nl80211: %s(type=%d ifname=%s) ifindex=%d added_if=%d",
8002 		   __func__, type, ifname, ifindex, bss->added_if);
8003 	if (ifindex > 0 && (bss->added_if || bss->ifindex != ifindex))
8004 		nl80211_remove_iface(drv, ifindex);
8005 	else if (ifindex > 0 && !bss->added_if) {
8006 		struct wpa_driver_nl80211_data *drv2;
8007 		dl_list_for_each(drv2, &drv->global->interfaces,
8008 				 struct wpa_driver_nl80211_data, list) {
8009 			del_ifidx(drv2, ifindex, IFIDX_ANY);
8010 			del_ifidx(drv2, IFIDX_ANY, ifindex);
8011 		}
8012 	}
8013 
8014 	if (type != WPA_IF_AP_BSS)
8015 		return 0;
8016 
8017 	if (bss->added_if_into_bridge) {
8018 		if (linux_br_del_if(drv->global->ioctl_sock, bss->brname,
8019 				    bss->ifname) < 0)
8020 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8021 				   "interface %s from bridge %s: %s",
8022 				   bss->ifname, bss->brname, strerror(errno));
8023 	}
8024 	if (bss->added_bridge) {
8025 		if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
8026 			wpa_printf(MSG_INFO, "nl80211: Failed to remove "
8027 				   "bridge %s: %s",
8028 				   bss->brname, strerror(errno));
8029 	}
8030 
8031 	if (bss != drv->first_bss) {
8032 		struct i802_bss *tbss;
8033 
8034 		wpa_printf(MSG_DEBUG, "nl80211: Not the first BSS - remove it");
8035 		for (tbss = drv->first_bss; tbss; tbss = tbss->next) {
8036 			if (tbss->next == bss) {
8037 				tbss->next = bss->next;
8038 				/* Unsubscribe management frames */
8039 				nl80211_teardown_ap(bss);
8040 				nl80211_destroy_bss(bss);
8041 				if (!bss->added_if)
8042 					i802_set_iface_flags(bss, 0);
8043 				os_free(bss);
8044 				bss = NULL;
8045 				break;
8046 			}
8047 		}
8048 		if (bss)
8049 			wpa_printf(MSG_INFO, "nl80211: %s - could not find "
8050 				   "BSS %p in the list", __func__, bss);
8051 	} else {
8052 		wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
8053 		nl80211_teardown_ap(bss);
8054 		if (!bss->added_if && !drv->first_bss->next)
8055 			wpa_driver_nl80211_del_beacon(bss);
8056 		nl80211_destroy_bss(bss);
8057 		if (!bss->added_if)
8058 			i802_set_iface_flags(bss, 0);
8059 		if (drv->first_bss->next) {
8060 			drv->first_bss = drv->first_bss->next;
8061 			drv->ctx = drv->first_bss->ctx;
8062 			os_free(bss);
8063 		} else {
8064 			wpa_printf(MSG_DEBUG, "nl80211: No second BSS to reassign context to");
8065 		}
8066 	}
8067 
8068 	return 0;
8069 }
8070 
8071 
8072 static int cookie_handler(struct nl_msg *msg, void *arg)
8073 {
8074 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8075 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8076 	u64 *cookie = arg;
8077 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8078 		  genlmsg_attrlen(gnlh, 0), NULL);
8079 	if (tb[NL80211_ATTR_COOKIE])
8080 		*cookie = nla_get_u64(tb[NL80211_ATTR_COOKIE]);
8081 	return NL_SKIP;
8082 }
8083 
8084 
8085 static int nl80211_send_frame_cmd(struct i802_bss *bss,
8086 				  unsigned int freq, unsigned int wait,
8087 				  const u8 *buf, size_t buf_len,
8088 				  int save_cookie, int no_cck, int no_ack,
8089 				  int offchanok, const u16 *csa_offs,
8090 				  size_t csa_offs_len)
8091 {
8092 	struct wpa_driver_nl80211_data *drv = bss->drv;
8093 	struct nl_msg *msg;
8094 	u64 cookie;
8095 	int ret = -1;
8096 
8097 	wpa_printf(MSG_MSGDUMP, "nl80211: CMD_FRAME freq=%u wait=%u no_cck=%d "
8098 		   "no_ack=%d offchanok=%d",
8099 		   freq, wait, no_cck, no_ack, offchanok);
8100 	wpa_hexdump(MSG_MSGDUMP, "CMD_FRAME", buf, buf_len);
8101 
8102 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME)) ||
8103 	    (freq && nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq)) ||
8104 	    (wait && nla_put_u32(msg, NL80211_ATTR_DURATION, wait)) ||
8105 	    (offchanok && ((drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
8106 			   drv->test_use_roc_tx) &&
8107 	     nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK)) ||
8108 	    (no_cck && nla_put_flag(msg, NL80211_ATTR_TX_NO_CCK_RATE)) ||
8109 	    (no_ack && nla_put_flag(msg, NL80211_ATTR_DONT_WAIT_FOR_ACK)) ||
8110 	    (csa_offs && nla_put(msg, NL80211_ATTR_CSA_C_OFFSETS_TX,
8111 				 csa_offs_len * sizeof(u16), csa_offs)) ||
8112 	    nla_put(msg, NL80211_ATTR_FRAME, buf_len, buf))
8113 		goto fail;
8114 
8115 	cookie = 0;
8116 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
8117 	msg = NULL;
8118 	if (ret) {
8119 		wpa_printf(MSG_DEBUG, "nl80211: Frame command failed: ret=%d "
8120 			   "(%s) (freq=%u wait=%u)", ret, strerror(-ret),
8121 			   freq, wait);
8122 	} else {
8123 		wpa_printf(MSG_MSGDUMP, "nl80211: Frame TX command accepted%s; "
8124 			   "cookie 0x%llx", no_ack ? " (no ACK)" : "",
8125 			   (long long unsigned int) cookie);
8126 
8127 		if (save_cookie)
8128 			drv->send_frame_cookie = no_ack ? (u64) -1 : cookie;
8129 
8130 		if (drv->num_send_frame_cookies == MAX_SEND_FRAME_COOKIES) {
8131 			wpa_printf(MSG_DEBUG,
8132 				   "nl80211: Drop oldest pending send frame cookie 0x%llx",
8133 				   (long long unsigned int)
8134 				   drv->send_frame_cookies[0]);
8135 			os_memmove(&drv->send_frame_cookies[0],
8136 				   &drv->send_frame_cookies[1],
8137 				   (MAX_SEND_FRAME_COOKIES - 1) *
8138 				   sizeof(u64));
8139 			drv->num_send_frame_cookies--;
8140 		}
8141 		drv->send_frame_cookies[drv->num_send_frame_cookies] = cookie;
8142 		drv->num_send_frame_cookies++;
8143 	}
8144 
8145 fail:
8146 	nlmsg_free(msg);
8147 	return ret;
8148 }
8149 
8150 
8151 static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
8152 					  unsigned int freq,
8153 					  unsigned int wait_time,
8154 					  const u8 *dst, const u8 *src,
8155 					  const u8 *bssid,
8156 					  const u8 *data, size_t data_len,
8157 					  int no_cck)
8158 {
8159 	struct wpa_driver_nl80211_data *drv = bss->drv;
8160 	int ret = -1;
8161 	u8 *buf;
8162 	struct ieee80211_hdr *hdr;
8163 	int offchanok = 1;
8164 
8165 	if (is_ap_interface(drv->nlmode) && (int) freq == bss->freq &&
8166 	    bss->beacon_set)
8167 		offchanok = 0;
8168 
8169 	wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
8170 		   "freq=%u MHz wait=%d ms no_cck=%d offchanok=%d)",
8171 		   drv->ifindex, freq, wait_time, no_cck, offchanok);
8172 
8173 	buf = os_zalloc(24 + data_len);
8174 	if (buf == NULL)
8175 		return ret;
8176 	os_memcpy(buf + 24, data, data_len);
8177 	hdr = (struct ieee80211_hdr *) buf;
8178 	hdr->frame_control =
8179 		IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_ACTION);
8180 	os_memcpy(hdr->addr1, dst, ETH_ALEN);
8181 	os_memcpy(hdr->addr2, src, ETH_ALEN);
8182 	os_memcpy(hdr->addr3, bssid, ETH_ALEN);
8183 
8184 	if (os_memcmp(bss->addr, src, ETH_ALEN) != 0) {
8185 		wpa_printf(MSG_DEBUG, "nl80211: Use random TA " MACSTR,
8186 			   MAC2STR(src));
8187 		os_memcpy(bss->rand_addr, src, ETH_ALEN);
8188 	} else {
8189 		os_memset(bss->rand_addr, 0, ETH_ALEN);
8190 	}
8191 
8192 #ifdef CONFIG_MESH
8193 	if (is_mesh_interface(drv->nlmode)) {
8194 		struct hostapd_hw_modes *modes;
8195 		u16 num_modes, flags;
8196 		u8 dfs_domain;
8197 		int i;
8198 
8199 		modes = nl80211_get_hw_feature_data(bss, &num_modes,
8200 						    &flags, &dfs_domain);
8201 		if (dfs_domain != HOSTAPD_DFS_REGION_ETSI &&
8202 		    ieee80211_is_dfs(bss->freq, modes, num_modes))
8203 			offchanok = 0;
8204 		if (modes) {
8205 			for (i = 0; i < num_modes; i++) {
8206 				os_free(modes[i].channels);
8207 				os_free(modes[i].rates);
8208 			}
8209 			os_free(modes);
8210 		}
8211 	}
8212 #endif /* CONFIG_MESH */
8213 
8214 	if (is_ap_interface(drv->nlmode) &&
8215 	    (!(drv->capa.flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX) ||
8216 	     (int) freq == bss->freq || drv->device_ap_sme ||
8217 	     !drv->use_monitor))
8218 		ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
8219 						   0, freq, no_cck, offchanok,
8220 						   wait_time, NULL, 0, 0);
8221 	else
8222 		ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
8223 					     24 + data_len,
8224 					     1, no_cck, 0, offchanok, NULL, 0);
8225 
8226 	os_free(buf);
8227 	return ret;
8228 }
8229 
8230 
8231 static void nl80211_frame_wait_cancel(struct i802_bss *bss, u64 cookie)
8232 {
8233 	struct wpa_driver_nl80211_data *drv = bss->drv;
8234 	struct nl_msg *msg;
8235 	int ret;
8236 
8237 	wpa_printf(MSG_DEBUG, "nl80211: Cancel TX frame wait: cookie=0x%llx",
8238 		   (long long unsigned int) cookie);
8239 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_FRAME_WAIT_CANCEL)) ||
8240 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, cookie)) {
8241 		nlmsg_free(msg);
8242 		return;
8243 	}
8244 
8245 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8246 	if (ret)
8247 		wpa_printf(MSG_DEBUG, "nl80211: wait cancel failed: ret=%d "
8248 			   "(%s)", ret, strerror(-ret));
8249 }
8250 
8251 
8252 static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
8253 {
8254 	struct i802_bss *bss = priv;
8255 	struct wpa_driver_nl80211_data *drv = bss->drv;
8256 	unsigned int i;
8257 	u64 cookie;
8258 
8259 	/* Cancel the last pending TX cookie */
8260 	nl80211_frame_wait_cancel(bss, drv->send_frame_cookie);
8261 
8262 	/*
8263 	 * Cancel the other pending TX cookies, if any. This is needed since
8264 	 * the driver may keep a list of all pending offchannel TX operations
8265 	 * and free up the radio only once they have expired or cancelled.
8266 	 */
8267 	for (i = drv->num_send_frame_cookies; i > 0; i--) {
8268 		cookie = drv->send_frame_cookies[i - 1];
8269 		if (cookie != drv->send_frame_cookie)
8270 			nl80211_frame_wait_cancel(bss, cookie);
8271 	}
8272 	drv->num_send_frame_cookies = 0;
8273 }
8274 
8275 
8276 static int wpa_driver_nl80211_remain_on_channel(void *priv, unsigned int freq,
8277 						unsigned int duration)
8278 {
8279 	struct i802_bss *bss = priv;
8280 	struct wpa_driver_nl80211_data *drv = bss->drv;
8281 	struct nl_msg *msg;
8282 	int ret;
8283 	u64 cookie;
8284 
8285 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REMAIN_ON_CHANNEL)) ||
8286 	    nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq) ||
8287 	    nla_put_u32(msg, NL80211_ATTR_DURATION, duration)) {
8288 		nlmsg_free(msg);
8289 		return -1;
8290 	}
8291 
8292 	cookie = 0;
8293 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
8294 	if (ret == 0) {
8295 		wpa_printf(MSG_DEBUG, "nl80211: Remain-on-channel cookie "
8296 			   "0x%llx for freq=%u MHz duration=%u",
8297 			   (long long unsigned int) cookie, freq, duration);
8298 		drv->remain_on_chan_cookie = cookie;
8299 		drv->pending_remain_on_chan = 1;
8300 		return 0;
8301 	}
8302 	wpa_printf(MSG_DEBUG, "nl80211: Failed to request remain-on-channel "
8303 		   "(freq=%d duration=%u): %d (%s)",
8304 		   freq, duration, ret, strerror(-ret));
8305 	return -1;
8306 }
8307 
8308 
8309 static int wpa_driver_nl80211_cancel_remain_on_channel(void *priv)
8310 {
8311 	struct i802_bss *bss = priv;
8312 	struct wpa_driver_nl80211_data *drv = bss->drv;
8313 	struct nl_msg *msg;
8314 	int ret;
8315 
8316 	if (!drv->pending_remain_on_chan) {
8317 		wpa_printf(MSG_DEBUG, "nl80211: No pending remain-on-channel "
8318 			   "to cancel");
8319 		return -1;
8320 	}
8321 
8322 	wpa_printf(MSG_DEBUG, "nl80211: Cancel remain-on-channel with cookie "
8323 		   "0x%llx",
8324 		   (long long unsigned int) drv->remain_on_chan_cookie);
8325 
8326 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL);
8327 	if (!msg ||
8328 	    nla_put_u64(msg, NL80211_ATTR_COOKIE, drv->remain_on_chan_cookie)) {
8329 		nlmsg_free(msg);
8330 		return -1;
8331 	}
8332 
8333 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8334 	if (ret == 0)
8335 		return 0;
8336 	wpa_printf(MSG_DEBUG, "nl80211: Failed to cancel remain-on-channel: "
8337 		   "%d (%s)", ret, strerror(-ret));
8338 	return -1;
8339 }
8340 
8341 
8342 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss, int report)
8343 {
8344 	struct wpa_driver_nl80211_data *drv = bss->drv;
8345 
8346 	if (!report) {
8347 		if (bss->nl_preq && drv->device_ap_sme &&
8348 		    is_ap_interface(drv->nlmode) && !bss->in_deinit &&
8349 		    !bss->static_ap) {
8350 			/*
8351 			 * Do not disable Probe Request reporting that was
8352 			 * enabled in nl80211_setup_ap().
8353 			 */
8354 			wpa_printf(MSG_DEBUG, "nl80211: Skip disabling of "
8355 				   "Probe Request reporting nl_preq=%p while "
8356 				   "in AP mode", bss->nl_preq);
8357 		} else if (bss->nl_preq) {
8358 			wpa_printf(MSG_DEBUG, "nl80211: Disable Probe Request "
8359 				   "reporting nl_preq=%p", bss->nl_preq);
8360 			nl80211_destroy_eloop_handle(&bss->nl_preq, 0);
8361 		}
8362 		return 0;
8363 	}
8364 
8365 	if (bss->nl_preq) {
8366 		wpa_printf(MSG_DEBUG, "nl80211: Probe Request reporting "
8367 			   "already on! nl_preq=%p", bss->nl_preq);
8368 		return 0;
8369 	}
8370 
8371 	bss->nl_preq = nl_create_handle(drv->global->nl_cb, "preq");
8372 	if (bss->nl_preq == NULL)
8373 		return -1;
8374 	wpa_printf(MSG_DEBUG, "nl80211: Enable Probe Request "
8375 		   "reporting nl_preq=%p", bss->nl_preq);
8376 
8377 	if (nl80211_register_frame(bss, bss->nl_preq,
8378 				   (WLAN_FC_TYPE_MGMT << 2) |
8379 				   (WLAN_FC_STYPE_PROBE_REQ << 4),
8380 				   NULL, 0, false) < 0)
8381 		goto out_err;
8382 
8383 	nl80211_register_eloop_read(&bss->nl_preq,
8384 				    wpa_driver_nl80211_event_receive,
8385 				    bss->nl_cb, 0);
8386 
8387 	return 0;
8388 
8389  out_err:
8390 	nl_destroy_handles(&bss->nl_preq);
8391 	return -1;
8392 }
8393 
8394 
8395 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
8396 				     int ifindex, int disabled)
8397 {
8398 	struct nl_msg *msg;
8399 	struct nlattr *bands, *band;
8400 	int ret;
8401 
8402 	wpa_printf(MSG_DEBUG,
8403 		   "nl80211: NL80211_CMD_SET_TX_BITRATE_MASK (ifindex=%d %s)",
8404 		   ifindex, disabled ? "NL80211_TXRATE_LEGACY=OFDM-only" :
8405 		   "no NL80211_TXRATE_LEGACY constraint");
8406 
8407 	msg = nl80211_ifindex_msg(drv, ifindex, 0,
8408 				  NL80211_CMD_SET_TX_BITRATE_MASK);
8409 	if (!msg)
8410 		return -1;
8411 
8412 	bands = nla_nest_start(msg, NL80211_ATTR_TX_RATES);
8413 	if (!bands)
8414 		goto fail;
8415 
8416 	/*
8417 	 * Disable 2 GHz rates 1, 2, 5.5, 11 Mbps by masking out everything
8418 	 * else apart from 6, 9, 12, 18, 24, 36, 48, 54 Mbps from non-MCS
8419 	 * rates. All 5 GHz rates are left enabled.
8420 	 */
8421 	band = nla_nest_start(msg, NL80211_BAND_2GHZ);
8422 	if (!band ||
8423 	    (disabled && nla_put(msg, NL80211_TXRATE_LEGACY, 8,
8424 				 "\x0c\x12\x18\x24\x30\x48\x60\x6c")))
8425 		goto fail;
8426 	nla_nest_end(msg, band);
8427 
8428 	nla_nest_end(msg, bands);
8429 
8430 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8431 	if (ret) {
8432 		wpa_printf(MSG_DEBUG, "nl80211: Set TX rates failed: ret=%d "
8433 			   "(%s)", ret, strerror(-ret));
8434 	} else
8435 		drv->disabled_11b_rates = disabled;
8436 
8437 	return ret;
8438 
8439 fail:
8440 	nlmsg_free(msg);
8441 	return -1;
8442 }
8443 
8444 
8445 static int wpa_driver_nl80211_deinit_ap(void *priv)
8446 {
8447 	struct i802_bss *bss = priv;
8448 	struct wpa_driver_nl80211_data *drv = bss->drv;
8449 	if (!is_ap_interface(drv->nlmode))
8450 		return -1;
8451 	wpa_driver_nl80211_del_beacon(bss);
8452 	bss->beacon_set = 0;
8453 
8454 	/*
8455 	 * If the P2P GO interface was dynamically added, then it is
8456 	 * possible that the interface change to station is not possible.
8457 	 */
8458 	if (drv->nlmode == NL80211_IFTYPE_P2P_GO && bss->if_dynamic)
8459 		return 0;
8460 
8461 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
8462 }
8463 
8464 
8465 static int wpa_driver_nl80211_stop_ap(void *priv)
8466 {
8467 	struct i802_bss *bss = priv;
8468 	struct wpa_driver_nl80211_data *drv = bss->drv;
8469 	if (!is_ap_interface(drv->nlmode))
8470 		return -1;
8471 	wpa_driver_nl80211_del_beacon(bss);
8472 	bss->beacon_set = 0;
8473 	return 0;
8474 }
8475 
8476 
8477 static int wpa_driver_nl80211_deinit_p2p_cli(void *priv)
8478 {
8479 	struct i802_bss *bss = priv;
8480 	struct wpa_driver_nl80211_data *drv = bss->drv;
8481 	if (drv->nlmode != NL80211_IFTYPE_P2P_CLIENT)
8482 		return -1;
8483 
8484 	/*
8485 	 * If the P2P Client interface was dynamically added, then it is
8486 	 * possible that the interface change to station is not possible.
8487 	 */
8488 	if (bss->if_dynamic)
8489 		return 0;
8490 
8491 	return wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_STATION);
8492 }
8493 
8494 
8495 static void wpa_driver_nl80211_resume(void *priv)
8496 {
8497 	struct i802_bss *bss = priv;
8498 	enum nl80211_iftype nlmode = nl80211_get_ifmode(bss);
8499 
8500 	if (i802_set_iface_flags(bss, 1))
8501 		wpa_printf(MSG_DEBUG, "nl80211: Failed to set interface up on resume event");
8502 
8503 	if (is_p2p_net_interface(nlmode))
8504 		nl80211_disable_11b_rates(bss->drv, bss->drv->ifindex, 1);
8505 }
8506 
8507 
8508 static int nl80211_signal_monitor(void *priv, int threshold, int hysteresis)
8509 {
8510 	struct i802_bss *bss = priv;
8511 	struct wpa_driver_nl80211_data *drv = bss->drv;
8512 	struct nl_msg *msg;
8513 	struct nlattr *cqm;
8514 
8515 	wpa_printf(MSG_DEBUG, "nl80211: Signal monitor threshold=%d "
8516 		   "hysteresis=%d", threshold, hysteresis);
8517 
8518 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_CQM)) ||
8519 	    !(cqm = nla_nest_start(msg, NL80211_ATTR_CQM)) ||
8520 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_THOLD, threshold) ||
8521 	    nla_put_u32(msg, NL80211_ATTR_CQM_RSSI_HYST, hysteresis)) {
8522 		nlmsg_free(msg);
8523 		return -1;
8524 	}
8525 	nla_nest_end(msg, cqm);
8526 
8527 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
8528 }
8529 
8530 
8531 static int get_channel_width(struct nl_msg *msg, void *arg)
8532 {
8533 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8534 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8535 	struct wpa_signal_info *sig_change = arg;
8536 
8537 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8538 		  genlmsg_attrlen(gnlh, 0), NULL);
8539 
8540 	sig_change->center_frq1 = -1;
8541 	sig_change->center_frq2 = -1;
8542 	sig_change->chanwidth = CHAN_WIDTH_UNKNOWN;
8543 
8544 	if (tb[NL80211_ATTR_CHANNEL_WIDTH]) {
8545 		sig_change->chanwidth = convert2width(
8546 			nla_get_u32(tb[NL80211_ATTR_CHANNEL_WIDTH]));
8547 		if (tb[NL80211_ATTR_CENTER_FREQ1])
8548 			sig_change->center_frq1 =
8549 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ1]);
8550 		if (tb[NL80211_ATTR_CENTER_FREQ2])
8551 			sig_change->center_frq2 =
8552 				nla_get_u32(tb[NL80211_ATTR_CENTER_FREQ2]);
8553 	}
8554 
8555 	return NL_SKIP;
8556 }
8557 
8558 
8559 static int nl80211_get_channel_width(struct wpa_driver_nl80211_data *drv,
8560 				     struct wpa_signal_info *sig)
8561 {
8562 	struct nl_msg *msg;
8563 
8564 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_INTERFACE);
8565 	return send_and_recv_msgs(drv, msg, get_channel_width, sig, NULL, NULL);
8566 }
8567 
8568 
8569 static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
8570 {
8571 	struct i802_bss *bss = priv;
8572 	struct wpa_driver_nl80211_data *drv = bss->drv;
8573 	int res;
8574 
8575 	os_memset(si, 0, sizeof(*si));
8576 	res = nl80211_get_link_signal(drv, si);
8577 	if (res) {
8578 		if (drv->nlmode != NL80211_IFTYPE_ADHOC &&
8579 		    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
8580 			return res;
8581 		si->current_signal = 0;
8582 	}
8583 
8584 	res = nl80211_get_channel_width(drv, si);
8585 	if (res != 0)
8586 		return res;
8587 
8588 	return nl80211_get_link_noise(drv, si);
8589 }
8590 
8591 
8592 static int nl80211_set_param(void *priv, const char *param)
8593 {
8594 	struct i802_bss *bss = priv;
8595 	struct wpa_driver_nl80211_data *drv = bss->drv;
8596 
8597 	if (param == NULL)
8598 		return 0;
8599 	wpa_printf(MSG_DEBUG, "nl80211: driver param='%s'", param);
8600 
8601 #ifdef CONFIG_P2P
8602 	if (os_strstr(param, "use_p2p_group_interface=1")) {
8603 		wpa_printf(MSG_DEBUG, "nl80211: Use separate P2P group "
8604 			   "interface");
8605 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_CONCURRENT;
8606 		drv->capa.flags |= WPA_DRIVER_FLAGS_P2P_MGMT_AND_NON_P2P;
8607 	}
8608 #endif /* CONFIG_P2P */
8609 
8610 	if (os_strstr(param, "use_monitor=1"))
8611 		drv->use_monitor = 1;
8612 
8613 	if (os_strstr(param, "force_connect_cmd=1")) {
8614 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_SME;
8615 		drv->force_connect_cmd = 1;
8616 	}
8617 
8618 	if (os_strstr(param, "force_bss_selection=1"))
8619 		drv->capa.flags |= WPA_DRIVER_FLAGS_BSS_SELECTION;
8620 
8621 	if (os_strstr(param, "no_offchannel_tx=1")) {
8622 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_OFFCHANNEL_TX;
8623 		drv->test_use_roc_tx = 1;
8624 	}
8625 
8626 	if (os_strstr(param, "control_port=0")) {
8627 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
8628 		drv->capa.flags2 &= ~(WPA_DRIVER_FLAGS2_CONTROL_PORT_RX |
8629 				      WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS);
8630 		drv->control_port_ap = 0;
8631 	}
8632 
8633 	if (os_strstr(param, "control_port_ap=1"))
8634 		drv->control_port_ap = 1;
8635 
8636 	if (os_strstr(param, "control_port_ap=0")) {
8637 		drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_TX_STATUS;
8638 		drv->control_port_ap = 0;
8639 	}
8640 
8641 	if (os_strstr(param, "full_ap_client_state=0"))
8642 		drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE;
8643 
8644 	if (os_strstr(param, "no_rrm=1")) {
8645 		drv->no_rrm = 1;
8646 
8647 		if (!bss->in_deinit && !is_ap_interface(drv->nlmode) &&
8648 		    !is_mesh_interface(drv->nlmode)) {
8649 			nl80211_mgmt_unsubscribe(bss, "no_rrm=1");
8650 			if (nl80211_mgmt_subscribe_non_ap(bss) < 0)
8651 				wpa_printf(MSG_DEBUG,
8652 					   "nl80211: Failed to re-register Action frame processing - ignore for now");
8653 		}
8654 	}
8655 
8656 	return 0;
8657 }
8658 
8659 
8660 static void * nl80211_global_init(void *ctx)
8661 {
8662 	struct nl80211_global *global;
8663 	struct netlink_config *cfg;
8664 
8665 	global = os_zalloc(sizeof(*global));
8666 	if (global == NULL)
8667 		return NULL;
8668 	global->ctx = ctx;
8669 	global->ioctl_sock = -1;
8670 	dl_list_init(&global->interfaces);
8671 	global->if_add_ifindex = -1;
8672 
8673 	cfg = os_zalloc(sizeof(*cfg));
8674 	if (cfg == NULL)
8675 		goto err;
8676 
8677 	cfg->ctx = global;
8678 	cfg->newlink_cb = wpa_driver_nl80211_event_rtm_newlink;
8679 	cfg->dellink_cb = wpa_driver_nl80211_event_rtm_dellink;
8680 	global->netlink = netlink_init(cfg);
8681 	if (global->netlink == NULL) {
8682 		os_free(cfg);
8683 		goto err;
8684 	}
8685 
8686 	if (wpa_driver_nl80211_init_nl_global(global) < 0)
8687 		goto err;
8688 
8689 	global->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0);
8690 	if (global->ioctl_sock < 0) {
8691 		wpa_printf(MSG_ERROR, "nl80211: socket(PF_INET,SOCK_DGRAM) failed: %s",
8692 			   strerror(errno));
8693 		goto err;
8694 	}
8695 
8696 	return global;
8697 
8698 err:
8699 	nl80211_global_deinit(global);
8700 	return NULL;
8701 }
8702 
8703 
8704 static void nl80211_global_deinit(void *priv)
8705 {
8706 	struct nl80211_global *global = priv;
8707 	if (global == NULL)
8708 		return;
8709 	if (!dl_list_empty(&global->interfaces)) {
8710 		wpa_printf(MSG_ERROR, "nl80211: %u interface(s) remain at "
8711 			   "nl80211_global_deinit",
8712 			   dl_list_len(&global->interfaces));
8713 	}
8714 
8715 	if (global->netlink)
8716 		netlink_deinit(global->netlink);
8717 
8718 	nl_destroy_handles(&global->nl);
8719 
8720 	if (global->nl_event)
8721 		nl80211_destroy_eloop_handle(&global->nl_event, 0);
8722 
8723 	nl_cb_put(global->nl_cb);
8724 
8725 	if (global->ioctl_sock >= 0)
8726 		close(global->ioctl_sock);
8727 
8728 	os_free(global);
8729 }
8730 
8731 
8732 static const char * nl80211_get_radio_name(void *priv)
8733 {
8734 	struct i802_bss *bss = priv;
8735 	struct wpa_driver_nl80211_data *drv = bss->drv;
8736 	return drv->phyname;
8737 }
8738 
8739 
8740 static int nl80211_pmkid(struct i802_bss *bss, int cmd,
8741 			 struct wpa_pmkid_params *params)
8742 {
8743 	struct nl_msg *msg;
8744 	const size_t PMK_MAX_LEN = 48; /* current cfg80211 limit */
8745 
8746 	if (!(msg = nl80211_bss_msg(bss, 0, cmd)) ||
8747 	    (params->pmkid &&
8748 	     nla_put(msg, NL80211_ATTR_PMKID, 16, params->pmkid)) ||
8749 	    (params->bssid &&
8750 	     nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid)) ||
8751 	    (params->ssid_len &&
8752 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
8753 	    (params->fils_cache_id &&
8754 	     nla_put(msg, NL80211_ATTR_FILS_CACHE_ID, 2,
8755 		     params->fils_cache_id)) ||
8756 	    (params->pmk_lifetime &&
8757 	     nla_put_u32(msg, NL80211_ATTR_PMK_LIFETIME,
8758 			 params->pmk_lifetime)) ||
8759 	    (params->pmk_reauth_threshold &&
8760 	     nla_put_u8(msg, NL80211_ATTR_PMK_REAUTH_THRESHOLD,
8761 			params->pmk_reauth_threshold)) ||
8762 	    (cmd != NL80211_CMD_DEL_PMKSA &&
8763 	     params->pmk_len && params->pmk_len <= PMK_MAX_LEN &&
8764 	     nla_put(msg, NL80211_ATTR_PMK, params->pmk_len, params->pmk))) {
8765 		nl80211_nlmsg_clear(msg);
8766 		nlmsg_free(msg);
8767 		return -ENOBUFS;
8768 	}
8769 
8770 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
8771 }
8772 
8773 
8774 static int nl80211_add_pmkid(void *priv, struct wpa_pmkid_params *params)
8775 {
8776 	struct i802_bss *bss = priv;
8777 	int ret;
8778 
8779 	if (params->bssid)
8780 		wpa_printf(MSG_DEBUG, "nl80211: Add PMKID for " MACSTR,
8781 			   MAC2STR(params->bssid));
8782 	else if (params->fils_cache_id && params->ssid_len) {
8783 		wpa_printf(MSG_DEBUG,
8784 			   "nl80211: Add PMKSA for cache id %02x%02x SSID %s",
8785 			   params->fils_cache_id[0], params->fils_cache_id[1],
8786 			   wpa_ssid_txt(params->ssid, params->ssid_len));
8787 	}
8788 
8789 	ret = nl80211_pmkid(bss, NL80211_CMD_SET_PMKSA, params);
8790 	if (ret < 0) {
8791 		wpa_printf(MSG_DEBUG,
8792 			   "nl80211: NL80211_CMD_SET_PMKSA failed: %d (%s)",
8793 			   ret, strerror(-ret));
8794 	}
8795 
8796 	return ret;
8797 }
8798 
8799 
8800 static int nl80211_remove_pmkid(void *priv, struct wpa_pmkid_params *params)
8801 {
8802 	struct i802_bss *bss = priv;
8803 	int ret;
8804 
8805 	if (params->bssid)
8806 		wpa_printf(MSG_DEBUG, "nl80211: Delete PMKID for " MACSTR,
8807 			   MAC2STR(params->bssid));
8808 	else if (params->fils_cache_id && params->ssid_len) {
8809 		wpa_printf(MSG_DEBUG,
8810 			   "nl80211: Delete PMKSA for cache id %02x%02x SSID %s",
8811 			   params->fils_cache_id[0], params->fils_cache_id[1],
8812 			   wpa_ssid_txt(params->ssid, params->ssid_len));
8813 	}
8814 
8815 	ret = nl80211_pmkid(bss, NL80211_CMD_DEL_PMKSA, params);
8816 	if (ret < 0) {
8817 		wpa_printf(MSG_DEBUG,
8818 			   "nl80211: NL80211_CMD_DEL_PMKSA failed: %d (%s)",
8819 			   ret, strerror(-ret));
8820 	}
8821 
8822 	return ret;
8823 }
8824 
8825 
8826 static int nl80211_flush_pmkid(void *priv)
8827 {
8828 	struct i802_bss *bss = priv;
8829 	struct nl_msg *msg;
8830 
8831 	wpa_printf(MSG_DEBUG, "nl80211: Flush PMKIDs");
8832 	msg = nl80211_bss_msg(bss, 0, NL80211_CMD_FLUSH_PMKSA);
8833 	if (!msg)
8834 		return -ENOBUFS;
8835 	return send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
8836 }
8837 
8838 
8839 static void clean_survey_results(struct survey_results *survey_results)
8840 {
8841 	struct freq_survey *survey, *tmp;
8842 
8843 	if (dl_list_empty(&survey_results->survey_list))
8844 		return;
8845 
8846 	dl_list_for_each_safe(survey, tmp, &survey_results->survey_list,
8847 			      struct freq_survey, list) {
8848 		dl_list_del(&survey->list);
8849 		os_free(survey);
8850 	}
8851 }
8852 
8853 
8854 static void add_survey(struct nlattr **sinfo, u32 ifidx,
8855 		       struct dl_list *survey_list)
8856 {
8857 	struct freq_survey *survey;
8858 
8859 	survey = os_zalloc(sizeof(struct freq_survey));
8860 	if  (!survey)
8861 		return;
8862 
8863 	survey->ifidx = ifidx;
8864 	survey->freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
8865 	survey->filled = 0;
8866 
8867 	if (sinfo[NL80211_SURVEY_INFO_NOISE]) {
8868 		survey->nf = (int8_t)
8869 			nla_get_u8(sinfo[NL80211_SURVEY_INFO_NOISE]);
8870 		survey->filled |= SURVEY_HAS_NF;
8871 	}
8872 
8873 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]) {
8874 		survey->channel_time =
8875 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME]);
8876 		survey->filled |= SURVEY_HAS_CHAN_TIME;
8877 	}
8878 
8879 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]) {
8880 		survey->channel_time_busy =
8881 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY]);
8882 		survey->filled |= SURVEY_HAS_CHAN_TIME_BUSY;
8883 	}
8884 
8885 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]) {
8886 		survey->channel_time_rx =
8887 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_RX]);
8888 		survey->filled |= SURVEY_HAS_CHAN_TIME_RX;
8889 	}
8890 
8891 	if (sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]) {
8892 		survey->channel_time_tx =
8893 			nla_get_u64(sinfo[NL80211_SURVEY_INFO_CHANNEL_TIME_TX]);
8894 		survey->filled |= SURVEY_HAS_CHAN_TIME_TX;
8895 	}
8896 
8897 	wpa_printf(MSG_DEBUG, "nl80211: Freq survey dump event (freq=%d MHz noise=%d channel_time=%ld busy_time=%ld tx_time=%ld rx_time=%ld filled=%04x)",
8898 		   survey->freq,
8899 		   survey->nf,
8900 		   (unsigned long int) survey->channel_time,
8901 		   (unsigned long int) survey->channel_time_busy,
8902 		   (unsigned long int) survey->channel_time_tx,
8903 		   (unsigned long int) survey->channel_time_rx,
8904 		   survey->filled);
8905 
8906 	dl_list_add_tail(survey_list, &survey->list);
8907 }
8908 
8909 
8910 static int check_survey_ok(struct nlattr **sinfo, u32 surveyed_freq,
8911 			   unsigned int freq_filter)
8912 {
8913 	if (!freq_filter)
8914 		return 1;
8915 
8916 	return freq_filter == surveyed_freq;
8917 }
8918 
8919 
8920 static int survey_handler(struct nl_msg *msg, void *arg)
8921 {
8922 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
8923 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
8924 	struct nlattr *sinfo[NL80211_SURVEY_INFO_MAX + 1];
8925 	struct survey_results *survey_results;
8926 	u32 surveyed_freq = 0;
8927 	u32 ifidx;
8928 
8929 	static struct nla_policy survey_policy[NL80211_SURVEY_INFO_MAX + 1] = {
8930 		[NL80211_SURVEY_INFO_FREQUENCY] = { .type = NLA_U32 },
8931 		[NL80211_SURVEY_INFO_NOISE] = { .type = NLA_U8 },
8932 	};
8933 
8934 	survey_results = (struct survey_results *) arg;
8935 
8936 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
8937 		  genlmsg_attrlen(gnlh, 0), NULL);
8938 
8939 	if (!tb[NL80211_ATTR_IFINDEX])
8940 		return NL_SKIP;
8941 
8942 	ifidx = nla_get_u32(tb[NL80211_ATTR_IFINDEX]);
8943 
8944 	if (!tb[NL80211_ATTR_SURVEY_INFO])
8945 		return NL_SKIP;
8946 
8947 	if (nla_parse_nested(sinfo, NL80211_SURVEY_INFO_MAX,
8948 			     tb[NL80211_ATTR_SURVEY_INFO],
8949 			     survey_policy))
8950 		return NL_SKIP;
8951 
8952 	if (!sinfo[NL80211_SURVEY_INFO_FREQUENCY]) {
8953 		wpa_printf(MSG_ERROR, "nl80211: Invalid survey data");
8954 		return NL_SKIP;
8955 	}
8956 
8957 	surveyed_freq = nla_get_u32(sinfo[NL80211_SURVEY_INFO_FREQUENCY]);
8958 
8959 	if (!check_survey_ok(sinfo, surveyed_freq,
8960 			     survey_results->freq_filter))
8961 		return NL_SKIP;
8962 
8963 	if (survey_results->freq_filter &&
8964 	    survey_results->freq_filter != surveyed_freq) {
8965 		wpa_printf(MSG_EXCESSIVE, "nl80211: Ignoring survey data for freq %d MHz",
8966 			   surveyed_freq);
8967 		return NL_SKIP;
8968 	}
8969 
8970 	add_survey(sinfo, ifidx, &survey_results->survey_list);
8971 
8972 	return NL_SKIP;
8973 }
8974 
8975 
8976 static int wpa_driver_nl80211_get_survey(void *priv, unsigned int freq)
8977 {
8978 	struct i802_bss *bss = priv;
8979 	struct wpa_driver_nl80211_data *drv = bss->drv;
8980 	struct nl_msg *msg;
8981 	int err;
8982 	union wpa_event_data data;
8983 	struct survey_results *survey_results;
8984 
8985 	os_memset(&data, 0, sizeof(data));
8986 	survey_results = &data.survey_results;
8987 
8988 	dl_list_init(&survey_results->survey_list);
8989 
8990 	msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SURVEY);
8991 	if (!msg)
8992 		return -ENOBUFS;
8993 
8994 	if (freq)
8995 		data.survey_results.freq_filter = freq;
8996 
8997 	do {
8998 		wpa_printf(MSG_DEBUG, "nl80211: Fetch survey data");
8999 		err = send_and_recv_msgs(drv, msg, survey_handler,
9000 					 survey_results, NULL, NULL);
9001 	} while (err > 0);
9002 
9003 	if (err)
9004 		wpa_printf(MSG_ERROR, "nl80211: Failed to process survey data");
9005 	else
9006 		wpa_supplicant_event(drv->ctx, EVENT_SURVEY, &data);
9007 
9008 	clean_survey_results(survey_results);
9009 	return err;
9010 }
9011 
9012 
9013 static void nl80211_set_rekey_info(void *priv, const u8 *kek, size_t kek_len,
9014 				   const u8 *kck, size_t kck_len,
9015 				   const u8 *replay_ctr)
9016 {
9017 	struct i802_bss *bss = priv;
9018 	struct wpa_driver_nl80211_data *drv = bss->drv;
9019 	struct nlattr *replay_nested;
9020 	struct nl_msg *msg;
9021 	int ret;
9022 
9023 	if (!drv->set_rekey_offload)
9024 		return;
9025 
9026 	wpa_printf(MSG_DEBUG, "nl80211: Set rekey offload");
9027 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_REKEY_OFFLOAD)) ||
9028 	    !(replay_nested = nla_nest_start(msg, NL80211_ATTR_REKEY_DATA)) ||
9029 	    nla_put(msg, NL80211_REKEY_DATA_KEK, kek_len, kek) ||
9030 	    (kck_len && nla_put(msg, NL80211_REKEY_DATA_KCK, kck_len, kck)) ||
9031 	    nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
9032 		    replay_ctr)) {
9033 		nl80211_nlmsg_clear(msg);
9034 		nlmsg_free(msg);
9035 		return;
9036 	}
9037 
9038 	nla_nest_end(msg, replay_nested);
9039 
9040 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9041 	if (ret == -EOPNOTSUPP) {
9042 		wpa_printf(MSG_DEBUG,
9043 			   "nl80211: Driver does not support rekey offload");
9044 		drv->set_rekey_offload = 0;
9045 	}
9046 }
9047 
9048 
9049 static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
9050 				    const u8 *addr, int qos)
9051 {
9052 	/* send data frame to poll STA and check whether
9053 	 * this frame is ACKed */
9054 	struct {
9055 		struct ieee80211_hdr hdr;
9056 		u16 qos_ctl;
9057 	} STRUCT_PACKED nulldata;
9058 	size_t size;
9059 
9060 	/* Send data frame to poll STA and check whether this frame is ACKed */
9061 
9062 	os_memset(&nulldata, 0, sizeof(nulldata));
9063 
9064 	if (qos) {
9065 		nulldata.hdr.frame_control =
9066 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
9067 				     WLAN_FC_STYPE_QOS_NULL);
9068 		size = sizeof(nulldata);
9069 	} else {
9070 		nulldata.hdr.frame_control =
9071 			IEEE80211_FC(WLAN_FC_TYPE_DATA,
9072 				     WLAN_FC_STYPE_NULLFUNC);
9073 		size = sizeof(struct ieee80211_hdr);
9074 	}
9075 
9076 	nulldata.hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS);
9077 	os_memcpy(nulldata.hdr.IEEE80211_DA_FROMDS, addr, ETH_ALEN);
9078 	os_memcpy(nulldata.hdr.IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN);
9079 	os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
9080 
9081 	if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
9082 					 0, 0, NULL, 0, 0) < 0)
9083 		wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
9084 			   "send poll frame");
9085 }
9086 
9087 static void nl80211_poll_client(void *priv, const u8 *own_addr, const u8 *addr,
9088 				int qos)
9089 {
9090 	struct i802_bss *bss = priv;
9091 	struct wpa_driver_nl80211_data *drv = bss->drv;
9092 	struct nl_msg *msg;
9093 	u64 cookie;
9094 	int ret;
9095 
9096 	if (!drv->poll_command_supported) {
9097 		nl80211_send_null_frame(bss, own_addr, addr, qos);
9098 		return;
9099 	}
9100 
9101 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_PROBE_CLIENT)) ||
9102 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9103 		nlmsg_free(msg);
9104 		return;
9105 	}
9106 
9107 	ret = send_and_recv_msgs(drv, msg, cookie_handler, &cookie, NULL, NULL);
9108 	if (ret < 0) {
9109 		wpa_printf(MSG_DEBUG, "nl80211: Client probe request for "
9110 			   MACSTR " failed: ret=%d (%s)",
9111 			   MAC2STR(addr), ret, strerror(-ret));
9112 	} else {
9113 		wpa_printf(MSG_DEBUG,
9114 			   "nl80211: Client probe request addr=" MACSTR
9115 			   " cookie=%llu", MAC2STR(addr),
9116 			   (long long unsigned int) cookie);
9117 	}
9118 }
9119 
9120 
9121 static int nl80211_set_power_save(struct i802_bss *bss, int enabled)
9122 {
9123 	struct nl_msg *msg;
9124 	int ret;
9125 
9126 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_POWER_SAVE)) ||
9127 	    nla_put_u32(msg, NL80211_ATTR_PS_STATE,
9128 			enabled ? NL80211_PS_ENABLED : NL80211_PS_DISABLED)) {
9129 		nlmsg_free(msg);
9130 		return -ENOBUFS;
9131 	}
9132 
9133 	ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL, NULL, NULL);
9134 	if (ret < 0) {
9135 		wpa_printf(MSG_DEBUG,
9136 			   "nl80211: Setting PS state %s failed: %d (%s)",
9137 			   enabled ? "enabled" : "disabled",
9138 			   ret, strerror(-ret));
9139 	}
9140 	return ret;
9141 }
9142 
9143 
9144 static int nl80211_set_p2p_powersave(void *priv, int legacy_ps, int opp_ps,
9145 				     int ctwindow)
9146 {
9147 	struct i802_bss *bss = priv;
9148 
9149 	wpa_printf(MSG_DEBUG, "nl80211: set_p2p_powersave (legacy_ps=%d "
9150 		   "opp_ps=%d ctwindow=%d)", legacy_ps, opp_ps, ctwindow);
9151 
9152 	if (opp_ps != -1 || ctwindow != -1) {
9153 #ifdef ANDROID_P2P
9154 		wpa_driver_set_p2p_ps(priv, legacy_ps, opp_ps, ctwindow);
9155 #else /* ANDROID_P2P */
9156 		return -1; /* Not yet supported */
9157 #endif /* ANDROID_P2P */
9158 	}
9159 
9160 	if (legacy_ps == -1)
9161 		return 0;
9162 	if (legacy_ps != 0 && legacy_ps != 1)
9163 		return -1; /* Not yet supported */
9164 
9165 	return nl80211_set_power_save(bss, legacy_ps);
9166 }
9167 
9168 
9169 static int nl80211_start_radar_detection(void *priv,
9170 					 struct hostapd_freq_params *freq)
9171 {
9172 	struct i802_bss *bss = priv;
9173 	struct wpa_driver_nl80211_data *drv = bss->drv;
9174 	struct nl_msg *msg;
9175 	int ret;
9176 
9177 	wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
9178 		   freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
9179 		   freq->bandwidth, freq->center_freq1, freq->center_freq2);
9180 
9181 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
9182 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support radar "
9183 			   "detection");
9184 		return -1;
9185 	}
9186 
9187 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_RADAR_DETECT)) ||
9188 	    nl80211_put_freq_params(msg, freq) < 0) {
9189 		nlmsg_free(msg);
9190 		return -1;
9191 	}
9192 
9193 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9194 	if (ret == 0)
9195 		return 0;
9196 	wpa_printf(MSG_DEBUG, "nl80211: Failed to start radar detection: "
9197 		   "%d (%s)", ret, strerror(-ret));
9198 	return -1;
9199 }
9200 
9201 #ifdef CONFIG_TDLS
9202 
9203 static int nl80211_add_peer_capab(struct nl_msg *msg,
9204 				  enum tdls_peer_capability capa)
9205 {
9206 	u32 peer_capab = 0;
9207 
9208 	if (!capa)
9209 		return 0;
9210 
9211 	if (capa & TDLS_PEER_HT)
9212 		peer_capab |= NL80211_TDLS_PEER_HT;
9213 	if (capa & TDLS_PEER_VHT)
9214 		peer_capab |= NL80211_TDLS_PEER_VHT;
9215 	if (capa & TDLS_PEER_WMM)
9216 		peer_capab |= NL80211_TDLS_PEER_WMM;
9217 	if (capa & TDLS_PEER_HE)
9218 		peer_capab |= NL80211_TDLS_PEER_HE;
9219 
9220 	return nla_put_u32(msg, NL80211_ATTR_TDLS_PEER_CAPABILITY,
9221 			   peer_capab);
9222 }
9223 
9224 
9225 static int nl80211_send_tdls_mgmt(void *priv, const u8 *dst, u8 action_code,
9226 				  u8 dialog_token, u16 status_code,
9227 				  u32 peer_capab, int initiator, const u8 *buf,
9228 				  size_t len)
9229 {
9230 	struct i802_bss *bss = priv;
9231 	struct wpa_driver_nl80211_data *drv = bss->drv;
9232 	struct nl_msg *msg;
9233 
9234 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
9235 		return -EOPNOTSUPP;
9236 
9237 	if (!dst)
9238 		return -EINVAL;
9239 
9240 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_MGMT)) ||
9241 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
9242 	    nla_put_u8(msg, NL80211_ATTR_TDLS_ACTION, action_code) ||
9243 	    nla_put_u8(msg, NL80211_ATTR_TDLS_DIALOG_TOKEN, dialog_token) ||
9244 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, status_code) ||
9245 	    nl80211_add_peer_capab(msg, peer_capab) ||
9246 	    (initiator && nla_put_flag(msg, NL80211_ATTR_TDLS_INITIATOR)) ||
9247 	    nla_put(msg, NL80211_ATTR_IE, len, buf))
9248 		goto fail;
9249 
9250 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9251 
9252 fail:
9253 	nlmsg_free(msg);
9254 	return -ENOBUFS;
9255 }
9256 
9257 
9258 static int nl80211_tdls_oper(void *priv, enum tdls_oper oper, const u8 *peer)
9259 {
9260 	struct i802_bss *bss = priv;
9261 	struct wpa_driver_nl80211_data *drv = bss->drv;
9262 	struct nl_msg *msg;
9263 	enum nl80211_tdls_operation nl80211_oper;
9264 	int res;
9265 
9266 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT))
9267 		return -EOPNOTSUPP;
9268 
9269 	switch (oper) {
9270 	case TDLS_DISCOVERY_REQ:
9271 		nl80211_oper = NL80211_TDLS_DISCOVERY_REQ;
9272 		break;
9273 	case TDLS_SETUP:
9274 		nl80211_oper = NL80211_TDLS_SETUP;
9275 		break;
9276 	case TDLS_TEARDOWN:
9277 		nl80211_oper = NL80211_TDLS_TEARDOWN;
9278 		break;
9279 	case TDLS_ENABLE_LINK:
9280 		nl80211_oper = NL80211_TDLS_ENABLE_LINK;
9281 		break;
9282 	case TDLS_DISABLE_LINK:
9283 		nl80211_oper = NL80211_TDLS_DISABLE_LINK;
9284 		break;
9285 	case TDLS_ENABLE:
9286 		return 0;
9287 	case TDLS_DISABLE:
9288 		return 0;
9289 	default:
9290 		return -EINVAL;
9291 	}
9292 
9293 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_TDLS_OPER)) ||
9294 	    nla_put_u8(msg, NL80211_ATTR_TDLS_OPERATION, nl80211_oper) ||
9295 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer)) {
9296 		nlmsg_free(msg);
9297 		return -ENOBUFS;
9298 	}
9299 
9300 	res = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9301 	wpa_printf(MSG_DEBUG, "nl80211: TDLS_OPER: oper=%d mac=" MACSTR
9302 		   " --> res=%d (%s)", nl80211_oper, MAC2STR(peer), res,
9303 		   strerror(-res));
9304 	return res;
9305 }
9306 
9307 
9308 static int
9309 nl80211_tdls_enable_channel_switch(void *priv, const u8 *addr, u8 oper_class,
9310 				   const struct hostapd_freq_params *params)
9311 {
9312 	struct i802_bss *bss = priv;
9313 	struct wpa_driver_nl80211_data *drv = bss->drv;
9314 	struct nl_msg *msg;
9315 	int ret = -ENOBUFS;
9316 
9317 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
9318 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
9319 		return -EOPNOTSUPP;
9320 
9321 	wpa_printf(MSG_DEBUG, "nl80211: Enable TDLS channel switch " MACSTR
9322 		   " oper_class=%u freq=%u",
9323 		   MAC2STR(addr), oper_class, params->freq);
9324 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CHANNEL_SWITCH);
9325 	if (!msg ||
9326 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9327 	    nla_put_u8(msg, NL80211_ATTR_OPER_CLASS, oper_class) ||
9328 	    (ret = nl80211_put_freq_params(msg, params))) {
9329 		nlmsg_free(msg);
9330 		wpa_printf(MSG_DEBUG, "nl80211: Could not build TDLS chan switch");
9331 		return ret;
9332 	}
9333 
9334 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9335 }
9336 
9337 
9338 static int
9339 nl80211_tdls_disable_channel_switch(void *priv, const u8 *addr)
9340 {
9341 	struct i802_bss *bss = priv;
9342 	struct wpa_driver_nl80211_data *drv = bss->drv;
9343 	struct nl_msg *msg;
9344 
9345 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) ||
9346 	    !(drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH))
9347 		return -EOPNOTSUPP;
9348 
9349 	wpa_printf(MSG_DEBUG, "nl80211: Disable TDLS channel switch " MACSTR,
9350 		   MAC2STR(addr));
9351 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH);
9352 	if (!msg ||
9353 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9354 		nlmsg_free(msg);
9355 		wpa_printf(MSG_DEBUG,
9356 			   "nl80211: Could not build TDLS cancel chan switch");
9357 		return -ENOBUFS;
9358 	}
9359 
9360 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9361 }
9362 
9363 #endif /* CONFIG TDLS */
9364 
9365 
9366 static int driver_nl80211_set_key(void *priv,
9367 				  struct wpa_driver_set_key_params *params)
9368 {
9369 	struct i802_bss *bss = priv;
9370 
9371 	return wpa_driver_nl80211_set_key(bss, params);
9372 }
9373 
9374 
9375 static int driver_nl80211_scan2(void *priv,
9376 				struct wpa_driver_scan_params *params)
9377 {
9378 	struct i802_bss *bss = priv;
9379 #ifdef CONFIG_DRIVER_NL80211_QCA
9380 	struct wpa_driver_nl80211_data *drv = bss->drv;
9381 
9382 	/*
9383 	 * Do a vendor specific scan if possible. If only_new_results is
9384 	 * set, do a normal scan since a kernel (cfg80211) BSS cache flush
9385 	 * cannot be achieved through a vendor scan. The below condition may
9386 	 * need to be modified if new scan flags are added in the future whose
9387 	 * functionality can only be achieved through a normal scan.
9388 	 */
9389 	if (drv->scan_vendor_cmd_avail && !params->only_new_results)
9390 		return wpa_driver_nl80211_vendor_scan(bss, params);
9391 #endif /* CONFIG_DRIVER_NL80211_QCA */
9392 	return wpa_driver_nl80211_scan(bss, params);
9393 }
9394 
9395 
9396 static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
9397 					 u16 reason_code)
9398 {
9399 	struct i802_bss *bss = priv;
9400 	return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
9401 }
9402 
9403 
9404 static int driver_nl80211_authenticate(void *priv,
9405 				       struct wpa_driver_auth_params *params)
9406 {
9407 	struct i802_bss *bss = priv;
9408 	return wpa_driver_nl80211_authenticate(bss, params);
9409 }
9410 
9411 
9412 static void driver_nl80211_deinit(void *priv)
9413 {
9414 	struct i802_bss *bss = priv;
9415 	wpa_driver_nl80211_deinit(bss);
9416 }
9417 
9418 
9419 static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
9420 				    const char *ifname)
9421 {
9422 	struct i802_bss *bss = priv;
9423 	return wpa_driver_nl80211_if_remove(bss, type, ifname);
9424 }
9425 
9426 
9427 static int driver_nl80211_send_mlme(void *priv, const u8 *data,
9428 				    size_t data_len, int noack,
9429 				    unsigned int freq,
9430 				    const u16 *csa_offs, size_t csa_offs_len,
9431 				    int no_encrypt, unsigned int wait)
9432 {
9433 	struct i802_bss *bss = priv;
9434 	return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
9435 					    freq, 0, 0, wait, csa_offs,
9436 					    csa_offs_len, no_encrypt);
9437 }
9438 
9439 
9440 static int driver_nl80211_sta_remove(void *priv, const u8 *addr)
9441 {
9442 	struct i802_bss *bss = priv;
9443 	return wpa_driver_nl80211_sta_remove(bss, addr, -1, 0);
9444 }
9445 
9446 
9447 static int driver_nl80211_set_sta_vlan(void *priv, const u8 *addr,
9448 				       const char *ifname, int vlan_id)
9449 {
9450 	struct i802_bss *bss = priv;
9451 	return i802_set_sta_vlan(bss, addr, ifname, vlan_id);
9452 }
9453 
9454 
9455 static int driver_nl80211_read_sta_data(void *priv,
9456 					struct hostap_sta_driver_data *data,
9457 					const u8 *addr)
9458 {
9459 	struct i802_bss *bss = priv;
9460 
9461 	os_memset(data, 0, sizeof(*data));
9462 	return i802_read_sta_data(bss, data, addr);
9463 }
9464 
9465 
9466 static int driver_nl80211_send_action(void *priv, unsigned int freq,
9467 				      unsigned int wait_time,
9468 				      const u8 *dst, const u8 *src,
9469 				      const u8 *bssid,
9470 				      const u8 *data, size_t data_len,
9471 				      int no_cck)
9472 {
9473 	struct i802_bss *bss = priv;
9474 	return wpa_driver_nl80211_send_action(bss, freq, wait_time, dst, src,
9475 					      bssid, data, data_len, no_cck);
9476 }
9477 
9478 
9479 static int driver_nl80211_probe_req_report(void *priv, int report)
9480 {
9481 	struct i802_bss *bss = priv;
9482 	return wpa_driver_nl80211_probe_req_report(bss, report);
9483 }
9484 
9485 
9486 static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
9487 					    const u8 *ies, size_t ies_len)
9488 {
9489 	int ret;
9490 	struct nl_msg *msg;
9491 	struct i802_bss *bss = priv;
9492 	struct wpa_driver_nl80211_data *drv = bss->drv;
9493 	u16 mdid = WPA_GET_LE16(md);
9494 
9495 	wpa_printf(MSG_DEBUG, "nl80211: Updating FT IEs");
9496 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_FT_IES)) ||
9497 	    nla_put(msg, NL80211_ATTR_IE, ies_len, ies) ||
9498 	    nla_put_u16(msg, NL80211_ATTR_MDID, mdid)) {
9499 		nlmsg_free(msg);
9500 		return -ENOBUFS;
9501 	}
9502 
9503 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9504 	if (ret) {
9505 		wpa_printf(MSG_DEBUG, "nl80211: update_ft_ies failed "
9506 			   "err=%d (%s)", ret, strerror(-ret));
9507 	}
9508 
9509 	return ret;
9510 }
9511 
9512 
9513 static int nl80211_update_dh_ie(void *priv, const u8 *peer_mac,
9514 				u16 reason_code, const u8 *ie, size_t ie_len)
9515 {
9516 	int ret;
9517 	struct nl_msg *msg;
9518 	struct i802_bss *bss = priv;
9519 	struct wpa_driver_nl80211_data *drv = bss->drv;
9520 
9521 	wpa_printf(MSG_DEBUG, "nl80211: Updating DH IE peer: " MACSTR
9522 		   " reason %u", MAC2STR(peer_mac), reason_code);
9523 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UPDATE_OWE_INFO)) ||
9524 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_mac) ||
9525 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, reason_code) ||
9526 	    (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) {
9527 		nlmsg_free(msg);
9528 		return -ENOBUFS;
9529 	}
9530 
9531 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9532 	if (ret) {
9533 		wpa_printf(MSG_DEBUG,
9534 			   "nl80211: update_dh_ie failed err=%d (%s)",
9535 			   ret, strerror(-ret));
9536 	}
9537 
9538 	return ret;
9539 }
9540 
9541 
9542 static const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
9543 {
9544 	struct i802_bss *bss = priv;
9545 	struct wpa_driver_nl80211_data *drv = bss->drv;
9546 
9547 	if (drv->nlmode != NL80211_IFTYPE_P2P_DEVICE)
9548 		return NULL;
9549 
9550 	return bss->addr;
9551 }
9552 
9553 
9554 static const char * scan_state_str(enum scan_states scan_state)
9555 {
9556 	switch (scan_state) {
9557 	case NO_SCAN:
9558 		return "NO_SCAN";
9559 	case SCAN_REQUESTED:
9560 		return "SCAN_REQUESTED";
9561 	case SCAN_STARTED:
9562 		return "SCAN_STARTED";
9563 	case SCAN_COMPLETED:
9564 		return "SCAN_COMPLETED";
9565 	case SCAN_ABORTED:
9566 		return "SCAN_ABORTED";
9567 	case SCHED_SCAN_STARTED:
9568 		return "SCHED_SCAN_STARTED";
9569 	case SCHED_SCAN_STOPPED:
9570 		return "SCHED_SCAN_STOPPED";
9571 	case SCHED_SCAN_RESULTS:
9572 		return "SCHED_SCAN_RESULTS";
9573 	}
9574 
9575 	return "??";
9576 }
9577 
9578 
9579 static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
9580 {
9581 	struct i802_bss *bss = priv;
9582 	struct wpa_driver_nl80211_data *drv = bss->drv;
9583 	int res;
9584 	char *pos, *end;
9585 	struct nl_msg *msg;
9586 	char alpha2[3] = { 0, 0, 0 };
9587 
9588 	pos = buf;
9589 	end = buf + buflen;
9590 
9591 	res = os_snprintf(pos, end - pos,
9592 			  "ifindex=%d\n"
9593 			  "ifname=%s\n"
9594 			  "brname=%s\n"
9595 			  "addr=" MACSTR "\n"
9596 			  "freq=%d\n"
9597 			  "%s%s%s%s%s%s",
9598 			  bss->ifindex,
9599 			  bss->ifname,
9600 			  bss->brname,
9601 			  MAC2STR(bss->addr),
9602 			  bss->freq,
9603 			  bss->beacon_set ? "beacon_set=1\n" : "",
9604 			  bss->added_if_into_bridge ?
9605 			  "added_if_into_bridge=1\n" : "",
9606 			  bss->already_in_bridge ? "already_in_bridge=1\n" : "",
9607 			  bss->added_bridge ? "added_bridge=1\n" : "",
9608 			  bss->in_deinit ? "in_deinit=1\n" : "",
9609 			  bss->if_dynamic ? "if_dynamic=1\n" : "");
9610 	if (os_snprintf_error(end - pos, res))
9611 		return pos - buf;
9612 	pos += res;
9613 
9614 	if (bss->wdev_id_set) {
9615 		res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
9616 				  (unsigned long long) bss->wdev_id);
9617 		if (os_snprintf_error(end - pos, res))
9618 			return pos - buf;
9619 		pos += res;
9620 	}
9621 
9622 	res = os_snprintf(pos, end - pos,
9623 			  "phyname=%s\n"
9624 			  "perm_addr=" MACSTR "\n"
9625 			  "drv_ifindex=%d\n"
9626 			  "operstate=%d\n"
9627 			  "scan_state=%s\n"
9628 			  "auth_bssid=" MACSTR "\n"
9629 			  "auth_attempt_bssid=" MACSTR "\n"
9630 			  "bssid=" MACSTR "\n"
9631 			  "prev_bssid=" MACSTR "\n"
9632 			  "associated=%d\n"
9633 			  "assoc_freq=%u\n"
9634 			  "monitor_sock=%d\n"
9635 			  "monitor_ifidx=%d\n"
9636 			  "monitor_refcount=%d\n"
9637 			  "last_mgmt_freq=%u\n"
9638 			  "eapol_tx_sock=%d\n"
9639 			  "%s%s%s%s%s%s%s%s%s%s%s%s%s",
9640 			  drv->phyname,
9641 			  MAC2STR(drv->perm_addr),
9642 			  drv->ifindex,
9643 			  drv->operstate,
9644 			  scan_state_str(drv->scan_state),
9645 			  MAC2STR(drv->auth_bssid),
9646 			  MAC2STR(drv->auth_attempt_bssid),
9647 			  MAC2STR(drv->bssid),
9648 			  MAC2STR(drv->prev_bssid),
9649 			  drv->associated,
9650 			  drv->assoc_freq,
9651 			  drv->monitor_sock,
9652 			  drv->monitor_ifidx,
9653 			  drv->monitor_refcount,
9654 			  drv->last_mgmt_freq,
9655 			  drv->eapol_tx_sock,
9656 			  drv->ignore_if_down_event ?
9657 			  "ignore_if_down_event=1\n" : "",
9658 			  drv->scan_complete_events ?
9659 			  "scan_complete_events=1\n" : "",
9660 			  drv->disabled_11b_rates ?
9661 			  "disabled_11b_rates=1\n" : "",
9662 			  drv->pending_remain_on_chan ?
9663 			  "pending_remain_on_chan=1\n" : "",
9664 			  drv->in_interface_list ? "in_interface_list=1\n" : "",
9665 			  drv->device_ap_sme ? "device_ap_sme=1\n" : "",
9666 			  drv->poll_command_supported ?
9667 			  "poll_command_supported=1\n" : "",
9668 			  drv->data_tx_status ? "data_tx_status=1\n" : "",
9669 			  drv->scan_for_auth ? "scan_for_auth=1\n" : "",
9670 			  drv->retry_auth ? "retry_auth=1\n" : "",
9671 			  drv->use_monitor ? "use_monitor=1\n" : "",
9672 			  drv->ignore_next_local_disconnect ?
9673 			  "ignore_next_local_disconnect=1\n" : "",
9674 			  drv->ignore_next_local_deauth ?
9675 			  "ignore_next_local_deauth=1\n" : "");
9676 	if (os_snprintf_error(end - pos, res))
9677 		return pos - buf;
9678 	pos += res;
9679 
9680 	if (drv->has_capability) {
9681 		res = os_snprintf(pos, end - pos,
9682 				  "capa.key_mgmt=0x%x\n"
9683 				  "capa.enc=0x%x\n"
9684 				  "capa.auth=0x%x\n"
9685 				  "capa.flags=0x%llx\n"
9686 				  "capa.rrm_flags=0x%x\n"
9687 				  "capa.max_scan_ssids=%d\n"
9688 				  "capa.max_sched_scan_ssids=%d\n"
9689 				  "capa.sched_scan_supported=%d\n"
9690 				  "capa.max_match_sets=%d\n"
9691 				  "capa.max_remain_on_chan=%u\n"
9692 				  "capa.max_stations=%u\n"
9693 				  "capa.probe_resp_offloads=0x%x\n"
9694 				  "capa.max_acl_mac_addrs=%u\n"
9695 				  "capa.num_multichan_concurrent=%u\n"
9696 				  "capa.mac_addr_rand_sched_scan_supported=%d\n"
9697 				  "capa.mac_addr_rand_scan_supported=%d\n"
9698 				  "capa.conc_capab=%u\n"
9699 				  "capa.max_conc_chan_2_4=%u\n"
9700 				  "capa.max_conc_chan_5_0=%u\n"
9701 				  "capa.max_sched_scan_plans=%u\n"
9702 				  "capa.max_sched_scan_plan_interval=%u\n"
9703 				  "capa.max_sched_scan_plan_iterations=%u\n",
9704 				  drv->capa.key_mgmt,
9705 				  drv->capa.enc,
9706 				  drv->capa.auth,
9707 				  (unsigned long long) drv->capa.flags,
9708 				  drv->capa.rrm_flags,
9709 				  drv->capa.max_scan_ssids,
9710 				  drv->capa.max_sched_scan_ssids,
9711 				  drv->capa.sched_scan_supported,
9712 				  drv->capa.max_match_sets,
9713 				  drv->capa.max_remain_on_chan,
9714 				  drv->capa.max_stations,
9715 				  drv->capa.probe_resp_offloads,
9716 				  drv->capa.max_acl_mac_addrs,
9717 				  drv->capa.num_multichan_concurrent,
9718 				  drv->capa.mac_addr_rand_sched_scan_supported,
9719 				  drv->capa.mac_addr_rand_scan_supported,
9720 				  drv->capa.conc_capab,
9721 				  drv->capa.max_conc_chan_2_4,
9722 				  drv->capa.max_conc_chan_5_0,
9723 				  drv->capa.max_sched_scan_plans,
9724 				  drv->capa.max_sched_scan_plan_interval,
9725 				  drv->capa.max_sched_scan_plan_iterations);
9726 		if (os_snprintf_error(end - pos, res))
9727 			return pos - buf;
9728 		pos += res;
9729 	}
9730 
9731 	msg = nlmsg_alloc();
9732 	if (msg &&
9733 	    nl80211_cmd(drv, msg, 0, NL80211_CMD_GET_REG) &&
9734 	    nla_put_u32(msg, NL80211_ATTR_WIPHY, drv->wiphy_idx) == 0) {
9735 		if (send_and_recv_msgs(drv, msg, nl80211_get_country,
9736 				       alpha2, NULL, NULL) == 0 &&
9737 		    alpha2[0]) {
9738 			res = os_snprintf(pos, end - pos, "country=%s\n",
9739 					  alpha2);
9740 			if (os_snprintf_error(end - pos, res))
9741 				return pos - buf;
9742 			pos += res;
9743 		}
9744 	} else {
9745 		nlmsg_free(msg);
9746 	}
9747 
9748 	return pos - buf;
9749 }
9750 
9751 
9752 static int set_beacon_data(struct nl_msg *msg, struct beacon_data *settings)
9753 {
9754 	if ((settings->head &&
9755 	     nla_put(msg, NL80211_ATTR_BEACON_HEAD,
9756 		     settings->head_len, settings->head)) ||
9757 	    (settings->tail &&
9758 	     nla_put(msg, NL80211_ATTR_BEACON_TAIL,
9759 		     settings->tail_len, settings->tail)) ||
9760 	    (settings->beacon_ies &&
9761 	     nla_put(msg, NL80211_ATTR_IE,
9762 		     settings->beacon_ies_len, settings->beacon_ies)) ||
9763 	    (settings->proberesp_ies &&
9764 	     nla_put(msg, NL80211_ATTR_IE_PROBE_RESP,
9765 		     settings->proberesp_ies_len, settings->proberesp_ies)) ||
9766 	    (settings->assocresp_ies &&
9767 	     nla_put(msg, NL80211_ATTR_IE_ASSOC_RESP,
9768 		     settings->assocresp_ies_len, settings->assocresp_ies)) ||
9769 	    (settings->probe_resp &&
9770 	     nla_put(msg, NL80211_ATTR_PROBE_RESP,
9771 		     settings->probe_resp_len, settings->probe_resp)))
9772 		return -ENOBUFS;
9773 
9774 	return 0;
9775 }
9776 
9777 
9778 static int nl80211_switch_channel(void *priv, struct csa_settings *settings)
9779 {
9780 	struct nl_msg *msg;
9781 	struct i802_bss *bss = priv;
9782 	struct wpa_driver_nl80211_data *drv = bss->drv;
9783 	struct nlattr *beacon_csa;
9784 	int ret = -ENOBUFS;
9785 	int csa_off_len = 0;
9786 	int i;
9787 
9788 	wpa_printf(MSG_DEBUG,
9789 		   "nl80211: Channel switch request (cs_count=%u block_tx=%u freq=%d channel=%d sec_channel_offset=%d width=%d cf1=%d cf2=%d%s%s%s)",
9790 		   settings->cs_count, settings->block_tx,
9791 		   settings->freq_params.freq,
9792 		   settings->freq_params.channel,
9793 		   settings->freq_params.sec_channel_offset,
9794 		   settings->freq_params.bandwidth,
9795 		   settings->freq_params.center_freq1,
9796 		   settings->freq_params.center_freq2,
9797 		   settings->freq_params.ht_enabled ? " ht" : "",
9798 		   settings->freq_params.vht_enabled ? " vht" : "",
9799 		   settings->freq_params.he_enabled ? " he" : "");
9800 
9801 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_AP_CSA)) {
9802 		wpa_printf(MSG_DEBUG, "nl80211: Driver does not support channel switch command");
9803 		return -EOPNOTSUPP;
9804 	}
9805 
9806 	if (drv->nlmode != NL80211_IFTYPE_AP &&
9807 	    drv->nlmode != NL80211_IFTYPE_P2P_GO &&
9808 	    drv->nlmode != NL80211_IFTYPE_MESH_POINT)
9809 		return -EOPNOTSUPP;
9810 
9811 	/*
9812 	 * Remove empty counters, assuming Probe Response and Beacon frame
9813 	 * counters match. This implementation assumes that there are only two
9814 	 * counters.
9815 	 */
9816 	if (settings->counter_offset_beacon[0] &&
9817 	    !settings->counter_offset_beacon[1]) {
9818 		csa_off_len = 1;
9819 	} else if (settings->counter_offset_beacon[1] &&
9820 		   !settings->counter_offset_beacon[0]) {
9821 		csa_off_len = 1;
9822 		settings->counter_offset_beacon[0] =
9823 			settings->counter_offset_beacon[1];
9824 		settings->counter_offset_presp[0] =
9825 			settings->counter_offset_presp[1];
9826 	} else if (settings->counter_offset_beacon[1] &&
9827 		   settings->counter_offset_beacon[0]) {
9828 		csa_off_len = 2;
9829 	} else {
9830 		wpa_printf(MSG_ERROR, "nl80211: No CSA counters provided");
9831 		return -EINVAL;
9832 	}
9833 
9834 	/* Check CSA counters validity */
9835 	if (drv->capa.max_csa_counters &&
9836 	    csa_off_len > drv->capa.max_csa_counters) {
9837 		wpa_printf(MSG_ERROR,
9838 			   "nl80211: Too many CSA counters provided");
9839 		return -EINVAL;
9840 	}
9841 
9842 	if (!settings->beacon_csa.tail)
9843 		return -EINVAL;
9844 
9845 	for (i = 0; i < csa_off_len; i++) {
9846 		u16 csa_c_off_bcn = settings->counter_offset_beacon[i];
9847 		u16 csa_c_off_presp = settings->counter_offset_presp[i];
9848 
9849 		if ((settings->beacon_csa.tail_len <= csa_c_off_bcn) ||
9850 		    (settings->beacon_csa.tail[csa_c_off_bcn] !=
9851 		     settings->cs_count))
9852 			return -EINVAL;
9853 
9854 		if (settings->beacon_csa.probe_resp &&
9855 		    ((settings->beacon_csa.probe_resp_len <=
9856 		      csa_c_off_presp) ||
9857 		     (settings->beacon_csa.probe_resp[csa_c_off_presp] !=
9858 		      settings->cs_count)))
9859 			return -EINVAL;
9860 	}
9861 
9862 	if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CHANNEL_SWITCH)) ||
9863 	    nla_put_u32(msg, NL80211_ATTR_CH_SWITCH_COUNT,
9864 			settings->cs_count) ||
9865 	    (ret = nl80211_put_freq_params(msg, &settings->freq_params)) ||
9866 	    (settings->block_tx &&
9867 	     nla_put_flag(msg, NL80211_ATTR_CH_SWITCH_BLOCK_TX)))
9868 		goto error;
9869 
9870 	/* beacon_after params */
9871 	ret = set_beacon_data(msg, &settings->beacon_after);
9872 	if (ret)
9873 		goto error;
9874 
9875 	/* beacon_csa params */
9876 	beacon_csa = nla_nest_start(msg, NL80211_ATTR_CSA_IES);
9877 	if (!beacon_csa)
9878 		goto fail;
9879 
9880 	ret = set_beacon_data(msg, &settings->beacon_csa);
9881 	if (ret)
9882 		goto error;
9883 
9884 	if (nla_put(msg, NL80211_ATTR_CSA_C_OFF_BEACON,
9885 		    csa_off_len * sizeof(u16),
9886 		    settings->counter_offset_beacon) ||
9887 	    (settings->beacon_csa.probe_resp &&
9888 	     nla_put(msg, NL80211_ATTR_CSA_C_OFF_PRESP,
9889 		     csa_off_len * sizeof(u16),
9890 		     settings->counter_offset_presp)))
9891 		goto fail;
9892 
9893 	nla_nest_end(msg, beacon_csa);
9894 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9895 	if (ret) {
9896 		wpa_printf(MSG_DEBUG, "nl80211: switch_channel failed err=%d (%s)",
9897 			   ret, strerror(-ret));
9898 	}
9899 	return ret;
9900 
9901 fail:
9902 	ret = -ENOBUFS;
9903 error:
9904 	nlmsg_free(msg);
9905 	wpa_printf(MSG_DEBUG, "nl80211: Could not build channel switch request");
9906 	return ret;
9907 }
9908 
9909 
9910 static int nl80211_add_ts(void *priv, u8 tsid, const u8 *addr,
9911 			  u8 user_priority, u16 admitted_time)
9912 {
9913 	struct i802_bss *bss = priv;
9914 	struct wpa_driver_nl80211_data *drv = bss->drv;
9915 	struct nl_msg *msg;
9916 	int ret;
9917 
9918 	wpa_printf(MSG_DEBUG,
9919 		   "nl80211: add_ts request: tsid=%u admitted_time=%u up=%d",
9920 		   tsid, admitted_time, user_priority);
9921 
9922 	if (!is_sta_interface(drv->nlmode))
9923 		return -ENOTSUP;
9924 
9925 	msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_ADD_TX_TS);
9926 	if (!msg ||
9927 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
9928 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
9929 	    nla_put_u8(msg, NL80211_ATTR_USER_PRIO, user_priority) ||
9930 	    nla_put_u16(msg, NL80211_ATTR_ADMITTED_TIME, admitted_time)) {
9931 		nlmsg_free(msg);
9932 		return -ENOBUFS;
9933 	}
9934 
9935 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9936 	if (ret)
9937 		wpa_printf(MSG_DEBUG, "nl80211: add_ts failed err=%d (%s)",
9938 			   ret, strerror(-ret));
9939 	return ret;
9940 }
9941 
9942 
9943 static int nl80211_del_ts(void *priv, u8 tsid, const u8 *addr)
9944 {
9945 	struct i802_bss *bss = priv;
9946 	struct wpa_driver_nl80211_data *drv = bss->drv;
9947 	struct nl_msg *msg;
9948 	int ret;
9949 
9950 	wpa_printf(MSG_DEBUG, "nl80211: del_ts request: tsid=%u", tsid);
9951 
9952 	if (!is_sta_interface(drv->nlmode))
9953 		return -ENOTSUP;
9954 
9955 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_DEL_TX_TS)) ||
9956 	    nla_put_u8(msg, NL80211_ATTR_TSID, tsid) ||
9957 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr)) {
9958 		nlmsg_free(msg);
9959 		return -ENOBUFS;
9960 	}
9961 
9962 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
9963 	if (ret)
9964 		wpa_printf(MSG_DEBUG, "nl80211: del_ts failed err=%d (%s)",
9965 			   ret, strerror(-ret));
9966 	return ret;
9967 }
9968 
9969 
9970 #ifdef CONFIG_TESTING_OPTIONS
9971 static int cmd_reply_handler(struct nl_msg *msg, void *arg)
9972 {
9973 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9974 	struct wpabuf *buf = arg;
9975 
9976 	if (!buf)
9977 		return NL_SKIP;
9978 
9979 	if ((size_t) genlmsg_attrlen(gnlh, 0) > wpabuf_tailroom(buf)) {
9980 		wpa_printf(MSG_INFO, "nl80211: insufficient buffer space for reply");
9981 		return NL_SKIP;
9982 	}
9983 
9984 	wpabuf_put_data(buf, genlmsg_attrdata(gnlh, 0),
9985 			genlmsg_attrlen(gnlh, 0));
9986 
9987 	return NL_SKIP;
9988 }
9989 #endif /* CONFIG_TESTING_OPTIONS */
9990 
9991 
9992 static int vendor_reply_handler(struct nl_msg *msg, void *arg)
9993 {
9994 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
9995 	struct nlattr *nl_vendor_reply, *nl;
9996 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
9997 	struct wpabuf *buf = arg;
9998 	int rem;
9999 
10000 	if (!buf)
10001 		return NL_SKIP;
10002 
10003 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10004 		  genlmsg_attrlen(gnlh, 0), NULL);
10005 	nl_vendor_reply = tb[NL80211_ATTR_VENDOR_DATA];
10006 
10007 	if (!nl_vendor_reply)
10008 		return NL_SKIP;
10009 
10010 	if ((size_t) nla_len(nl_vendor_reply) > wpabuf_tailroom(buf)) {
10011 		wpa_printf(MSG_INFO, "nl80211: Vendor command: insufficient buffer space for reply");
10012 		return NL_SKIP;
10013 	}
10014 
10015 	nla_for_each_nested(nl, nl_vendor_reply, rem) {
10016 		wpabuf_put_data(buf, nla_data(nl), nla_len(nl));
10017 	}
10018 
10019 	return NL_SKIP;
10020 }
10021 
10022 
10023 static bool is_cmd_with_nested_attrs(unsigned int vendor_id,
10024 				     unsigned int subcmd)
10025 {
10026 	if (vendor_id != OUI_QCA)
10027 		return true;
10028 
10029 	switch (subcmd) {
10030 	case QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY:
10031 	case QCA_NL80211_VENDOR_SUBCMD_STATS_EXT:
10032 	case QCA_NL80211_VENDOR_SUBCMD_SCANNING_MAC_OUI:
10033 	case QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY:
10034 	case QCA_NL80211_VENDOR_SUBCMD_SPECTRAL_SCAN_GET_STATUS:
10035 	case QCA_NL80211_VENDOR_SUBCMD_NAN:
10036 		return false;
10037 	default:
10038 		return true;
10039 	}
10040 }
10041 
10042 
10043 static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id,
10044 			      unsigned int subcmd, const u8 *data,
10045 			      size_t data_len, enum nested_attr nested_attr,
10046 			      struct wpabuf *buf)
10047 {
10048 	struct i802_bss *bss = priv;
10049 	struct wpa_driver_nl80211_data *drv = bss->drv;
10050 	struct nl_msg *msg;
10051 	int ret, nla_flag;
10052 
10053 #ifdef CONFIG_TESTING_OPTIONS
10054 	if (vendor_id == 0xffffffff) {
10055 		msg = nlmsg_alloc();
10056 		if (!msg)
10057 			return -ENOMEM;
10058 
10059 		nl80211_cmd(drv, msg, 0, subcmd);
10060 		if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) <
10061 		    0)
10062 			goto fail;
10063 		/* This test vendor_cmd can be used with nl80211 commands that
10064 		 * need the connect nl_sock, so use the owner-setting variant
10065 		 * of send_and_recv_msgs(). */
10066 		ret = send_and_recv_msgs_owner(drv, msg,
10067 					       get_connect_handle(bss), 0,
10068 					       cmd_reply_handler, buf,
10069 					       NULL, NULL);
10070 		if (ret)
10071 			wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d",
10072 				   ret);
10073 		return ret;
10074 	}
10075 #endif /* CONFIG_TESTING_OPTIONS */
10076 
10077 	if (nested_attr == NESTED_ATTR_USED)
10078 		nla_flag = NLA_F_NESTED;
10079 	else if (nested_attr == NESTED_ATTR_UNSPECIFIED &&
10080 		 is_cmd_with_nested_attrs(vendor_id, subcmd))
10081 		nla_flag = NLA_F_NESTED;
10082 	else
10083 		nla_flag = 0;
10084 
10085 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_VENDOR)) ||
10086 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, vendor_id) ||
10087 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD, subcmd) ||
10088 	    (data &&
10089 	     nla_put(msg, nla_flag | NL80211_ATTR_VENDOR_DATA,
10090 		     data_len, data)))
10091 		goto fail;
10092 
10093 	ret = send_and_recv_msgs(drv, msg, vendor_reply_handler, buf,
10094 				 NULL, NULL);
10095 	if (ret)
10096 		wpa_printf(MSG_DEBUG, "nl80211: vendor command failed err=%d",
10097 			   ret);
10098 	return ret;
10099 
10100 fail:
10101 	nlmsg_free(msg);
10102 	return -ENOBUFS;
10103 }
10104 
10105 
10106 static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
10107 			       u8 qos_map_set_len)
10108 {
10109 	struct i802_bss *bss = priv;
10110 	struct wpa_driver_nl80211_data *drv = bss->drv;
10111 	struct nl_msg *msg;
10112 	int ret;
10113 
10114 	wpa_hexdump(MSG_DEBUG, "nl80211: Setting QoS Map",
10115 		    qos_map_set, qos_map_set_len);
10116 
10117 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_SET_QOS_MAP)) ||
10118 	    nla_put(msg, NL80211_ATTR_QOS_MAP, qos_map_set_len, qos_map_set)) {
10119 		nlmsg_free(msg);
10120 		return -ENOBUFS;
10121 	}
10122 
10123 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10124 	if (ret)
10125 		wpa_printf(MSG_DEBUG, "nl80211: Setting QoS Map failed");
10126 
10127 	return ret;
10128 }
10129 
10130 
10131 static int get_wowlan_handler(struct nl_msg *msg, void *arg)
10132 {
10133 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
10134 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
10135 	int *wowlan_enabled = arg;
10136 
10137 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
10138 		  genlmsg_attrlen(gnlh, 0), NULL);
10139 
10140 	*wowlan_enabled = !!tb[NL80211_ATTR_WOWLAN_TRIGGERS];
10141 
10142 	return NL_SKIP;
10143 }
10144 
10145 
10146 static int nl80211_get_wowlan(void *priv)
10147 {
10148 	struct i802_bss *bss = priv;
10149 	struct wpa_driver_nl80211_data *drv = bss->drv;
10150 	struct nl_msg *msg;
10151 	int wowlan_enabled;
10152 	int ret;
10153 
10154 	wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status");
10155 
10156 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_WOWLAN);
10157 
10158 	ret = send_and_recv_msgs(drv, msg, get_wowlan_handler, &wowlan_enabled,
10159 				 NULL, NULL);
10160 	if (ret) {
10161 		wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status failed");
10162 		return 0;
10163 	}
10164 
10165 	wpa_printf(MSG_DEBUG, "nl80211: wowlan is %s",
10166 		   wowlan_enabled ? "enabled" : "disabled");
10167 
10168 	return wowlan_enabled;
10169 }
10170 
10171 
10172 static int nl80211_set_wowlan(void *priv,
10173 			      const struct wowlan_triggers *triggers)
10174 {
10175 	struct i802_bss *bss = priv;
10176 	struct wpa_driver_nl80211_data *drv = bss->drv;
10177 	struct nl_msg *msg;
10178 	struct nlattr *wowlan_triggers;
10179 	int ret;
10180 
10181 	wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan");
10182 
10183 	if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_SET_WOWLAN)) ||
10184 	    !(wowlan_triggers = nla_nest_start(msg,
10185 					       NL80211_ATTR_WOWLAN_TRIGGERS)) ||
10186 	    (triggers->any &&
10187 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
10188 	    (triggers->disconnect &&
10189 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
10190 	    (triggers->magic_pkt &&
10191 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
10192 	    (triggers->gtk_rekey_failure &&
10193 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
10194 	    (triggers->eap_identity_req &&
10195 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
10196 	    (triggers->four_way_handshake &&
10197 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
10198 	    (triggers->rfkill_release &&
10199 	     nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE))) {
10200 		nlmsg_free(msg);
10201 		return -ENOBUFS;
10202 	}
10203 
10204 	nla_nest_end(msg, wowlan_triggers);
10205 
10206 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10207 	if (ret)
10208 		wpa_printf(MSG_DEBUG, "nl80211: Setting wowlan failed");
10209 
10210 	return ret;
10211 }
10212 
10213 
10214 #ifdef CONFIG_DRIVER_NL80211_QCA
10215 static int nl80211_roaming(void *priv, int allowed, const u8 *bssid)
10216 {
10217 	struct i802_bss *bss = priv;
10218 	struct wpa_driver_nl80211_data *drv = bss->drv;
10219 	struct nl_msg *msg;
10220 	struct nlattr *params;
10221 
10222 	wpa_printf(MSG_DEBUG, "nl80211: Roaming policy: allowed=%d", allowed);
10223 
10224 	if (!drv->roaming_vendor_cmd_avail) {
10225 		wpa_printf(MSG_DEBUG,
10226 			   "nl80211: Ignore roaming policy change since driver does not provide command for setting it");
10227 		return -1;
10228 	}
10229 
10230 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10231 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10232 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10233 			QCA_NL80211_VENDOR_SUBCMD_ROAMING) ||
10234 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10235 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_POLICY,
10236 			allowed ? QCA_ROAMING_ALLOWED_WITHIN_ESS :
10237 			QCA_ROAMING_NOT_ALLOWED) ||
10238 	    (bssid &&
10239 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_MAC_ADDR, ETH_ALEN, bssid))) {
10240 		nlmsg_free(msg);
10241 		return -1;
10242 	}
10243 	nla_nest_end(msg, params);
10244 
10245 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10246 }
10247 
10248 
10249 static int nl80211_disable_fils(void *priv, int disable)
10250 {
10251 	struct i802_bss *bss = priv;
10252 	struct wpa_driver_nl80211_data *drv = bss->drv;
10253 	struct nl_msg *msg;
10254 	struct nlattr *params;
10255 
10256 	wpa_printf(MSG_DEBUG, "nl80211: Disable FILS=%d", disable);
10257 
10258 	if (!drv->set_wifi_conf_vendor_cmd_avail)
10259 		return -1;
10260 
10261 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10262 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10263 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10264 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION) ||
10265 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10266 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_DISABLE_FILS,
10267 		       disable)) {
10268 		nlmsg_free(msg);
10269 		return -1;
10270 	}
10271 	nla_nest_end(msg, params);
10272 
10273 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10274 }
10275 
10276 
10277 /* Reserved QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID value for wpa_supplicant */
10278 #define WPA_SUPPLICANT_CLIENT_ID 1
10279 
10280 static int nl80211_set_bssid_tmp_disallow(void *priv, unsigned int num_bssid,
10281 					  const u8 *bssid)
10282 {
10283 	struct i802_bss *bss = priv;
10284 	struct wpa_driver_nl80211_data *drv = bss->drv;
10285 	struct nl_msg *msg;
10286 	struct nlattr *params, *nlbssids, *attr;
10287 	unsigned int i;
10288 
10289 	wpa_printf(MSG_DEBUG,
10290 		   "nl80211: Set temporarily disallowed BSSIDs (num=%u)",
10291 		   num_bssid);
10292 
10293 	if (!drv->roam_vendor_cmd_avail)
10294 		return -1;
10295 
10296 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10297 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10298 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10299 			QCA_NL80211_VENDOR_SUBCMD_ROAM) ||
10300 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10301 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD,
10302 			QCA_WLAN_VENDOR_ROAMING_SUBCMD_SET_BLACKLIST_BSSID) ||
10303 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID,
10304 			WPA_SUPPLICANT_CLIENT_ID) ||
10305 	    nla_put_u32(msg,
10306 			QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_NUM_BSSID,
10307 			num_bssid))
10308 		goto fail;
10309 
10310 	nlbssids = nla_nest_start(
10311 		msg, QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS);
10312 	if (!nlbssids)
10313 		goto fail;
10314 
10315 	for (i = 0; i < num_bssid; i++) {
10316 		attr = nla_nest_start(msg, i);
10317 		if (!attr)
10318 			goto fail;
10319 		if (nla_put(msg,
10320 			    QCA_WLAN_VENDOR_ATTR_ROAMING_PARAM_SET_BSSID_PARAMS_BSSID,
10321 			    ETH_ALEN, &bssid[i * ETH_ALEN]))
10322 			goto fail;
10323 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%u]: " MACSTR, i,
10324 			   MAC2STR(&bssid[i * ETH_ALEN]));
10325 		nla_nest_end(msg, attr);
10326 	}
10327 	nla_nest_end(msg, nlbssids);
10328 	nla_nest_end(msg, params);
10329 
10330 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10331 
10332 fail:
10333 	nlmsg_free(msg);
10334 	return -1;
10335 }
10336 
10337 
10338 static int nl80211_add_sta_node(void *priv, const u8 *addr, u16 auth_alg)
10339 {
10340 	struct i802_bss *bss = priv;
10341 	struct wpa_driver_nl80211_data *drv = bss->drv;
10342 	struct nl_msg *msg;
10343 	struct nlattr *params;
10344 
10345 	if (!drv->add_sta_node_vendor_cmd_avail)
10346 		return -EOPNOTSUPP;
10347 
10348 	wpa_printf(MSG_DEBUG, "nl80211: Add STA node");
10349 
10350 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
10351 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
10352 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
10353 			QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE) ||
10354 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
10355 	    (addr &&
10356 	     nla_put(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_MAC_ADDR, ETH_ALEN,
10357 		     addr)) ||
10358 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_AUTH_ALGO,
10359 			auth_alg)) {
10360 		nlmsg_free(msg);
10361 		wpa_printf(MSG_ERROR,
10362 			   "%s: err in adding vendor_cmd and vendor_data",
10363 			   __func__);
10364 		return -1;
10365 	}
10366 	nla_nest_end(msg, params);
10367 
10368 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10369 }
10370 
10371 #endif /* CONFIG_DRIVER_NL80211_QCA */
10372 
10373 
10374 static int nl80211_set_mac_addr(void *priv, const u8 *addr)
10375 {
10376 	struct i802_bss *bss = priv;
10377 	struct wpa_driver_nl80211_data *drv = bss->drv;
10378 	int new_addr = addr != NULL;
10379 
10380 	if (TEST_FAIL())
10381 		return -1;
10382 
10383 	if (!addr)
10384 		addr = drv->perm_addr;
10385 
10386 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 0) < 0)
10387 		return -1;
10388 
10389 	if (linux_set_ifhwaddr(drv->global->ioctl_sock, bss->ifname, addr) < 0)
10390 	{
10391 		wpa_printf(MSG_DEBUG,
10392 			   "nl80211: failed to set_mac_addr for %s to " MACSTR,
10393 			   bss->ifname, MAC2STR(addr));
10394 		if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname,
10395 					  1) < 0) {
10396 			wpa_printf(MSG_DEBUG,
10397 				   "nl80211: Could not restore interface UP after failed set_mac_addr");
10398 		}
10399 		return -1;
10400 	}
10401 
10402 	wpa_printf(MSG_DEBUG, "nl80211: set_mac_addr for %s to " MACSTR,
10403 		   bss->ifname, MAC2STR(addr));
10404 	drv->addr_changed = new_addr;
10405 	os_memcpy(bss->addr, addr, ETH_ALEN);
10406 
10407 	if (linux_set_iface_flags(drv->global->ioctl_sock, bss->ifname, 1) < 0)
10408 	{
10409 		wpa_printf(MSG_DEBUG,
10410 			   "nl80211: Could not restore interface UP after set_mac_addr");
10411 	}
10412 
10413 	return 0;
10414 }
10415 
10416 
10417 #ifdef CONFIG_MESH
10418 
10419 static int wpa_driver_nl80211_init_mesh(void *priv)
10420 {
10421 	if (wpa_driver_nl80211_set_mode(priv, NL80211_IFTYPE_MESH_POINT)) {
10422 		wpa_printf(MSG_INFO,
10423 			   "nl80211: Failed to set interface into mesh mode");
10424 		return -1;
10425 	}
10426 	return 0;
10427 }
10428 
10429 
10430 static int nl80211_put_mesh_id(struct nl_msg *msg, const u8 *mesh_id,
10431 			       size_t mesh_id_len)
10432 {
10433 	if (mesh_id) {
10434 		wpa_printf(MSG_DEBUG, "  * Mesh ID (SSID)=%s",
10435 			   wpa_ssid_txt(mesh_id, mesh_id_len));
10436 		return nla_put(msg, NL80211_ATTR_MESH_ID, mesh_id_len, mesh_id);
10437 	}
10438 
10439 	return 0;
10440 }
10441 
10442 
10443 static int nl80211_put_mesh_config(struct nl_msg *msg,
10444 				   struct wpa_driver_mesh_bss_params *params)
10445 {
10446 	struct nlattr *container;
10447 
10448 	container = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
10449 	if (!container)
10450 		return -1;
10451 
10452 	if (((params->flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
10453 	     nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
10454 			params->auto_plinks)) ||
10455 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS) &&
10456 	     nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
10457 			 params->max_peer_links)) ||
10458 	    ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_RSSI_THRESHOLD) &&
10459 	     nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
10460 			 params->rssi_threshold)))
10461 		return -1;
10462 
10463 	/*
10464 	 * Set NL80211_MESHCONF_PLINK_TIMEOUT even if user mpm is used because
10465 	 * the timer could disconnect stations even in that case.
10466 	 */
10467 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT) &&
10468 	    nla_put_u32(msg, NL80211_MESHCONF_PLINK_TIMEOUT,
10469 			params->peer_link_timeout)) {
10470 		wpa_printf(MSG_ERROR, "nl80211: Failed to set PLINK_TIMEOUT");
10471 		return -1;
10472 	}
10473 
10474 	if ((params->flags & WPA_DRIVER_MESH_CONF_FLAG_HT_OP_MODE) &&
10475 	    nla_put_u16(msg, NL80211_MESHCONF_HT_OPMODE, params->ht_opmode)) {
10476 		wpa_printf(MSG_ERROR, "nl80211: Failed to set HT_OP_MODE");
10477 		return -1;
10478 	}
10479 
10480 	nla_nest_end(msg, container);
10481 
10482 	return 0;
10483 }
10484 
10485 
10486 static int nl80211_join_mesh(struct i802_bss *bss,
10487 			     struct wpa_driver_mesh_join_params *params)
10488 {
10489 	struct wpa_driver_nl80211_data *drv = bss->drv;
10490 	struct nl_msg *msg;
10491 	struct nlattr *container;
10492 	int ret = -1;
10493 
10494 	wpa_printf(MSG_DEBUG, "nl80211: mesh join (ifindex=%d)", drv->ifindex);
10495 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_JOIN_MESH);
10496 	if (!msg ||
10497 	    nl80211_put_freq_params(msg, &params->freq) ||
10498 	    nl80211_put_basic_rates(msg, params->basic_rates) ||
10499 	    nl80211_put_mesh_id(msg, params->meshid, params->meshid_len) ||
10500 	    nl80211_put_beacon_int(msg, params->beacon_int) ||
10501 	    nl80211_put_dtim_period(msg, params->dtim_period))
10502 		goto fail;
10503 
10504 	wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
10505 
10506 	if (params->handle_dfs && nla_put_flag(msg, NL80211_ATTR_HANDLE_DFS))
10507 		goto fail;
10508 
10509 	container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
10510 	if (!container)
10511 		goto fail;
10512 
10513 	if (params->ies) {
10514 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->ies, params->ie_len);
10515 		if (nla_put(msg, NL80211_MESH_SETUP_IE, params->ie_len,
10516 			    params->ies))
10517 			goto fail;
10518 	}
10519 	/* WPA_DRIVER_MESH_FLAG_OPEN_AUTH is treated as default by nl80211 */
10520 	if (params->flags & WPA_DRIVER_MESH_FLAG_SAE_AUTH) {
10521 		if (nla_put_u8(msg, NL80211_MESH_SETUP_AUTH_PROTOCOL, 0x1) ||
10522 		    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AUTH))
10523 			goto fail;
10524 	}
10525 	if ((params->flags & WPA_DRIVER_MESH_FLAG_AMPE) &&
10526 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_AMPE))
10527 		goto fail;
10528 	if ((params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM) &&
10529 	    nla_put_flag(msg, NL80211_MESH_SETUP_USERSPACE_MPM))
10530 		goto fail;
10531 	nla_nest_end(msg, container);
10532 
10533 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS;
10534 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_PEER_LINK_TIMEOUT;
10535 	params->conf.flags |= WPA_DRIVER_MESH_CONF_FLAG_MAX_PEER_LINKS;
10536 	if (nl80211_put_mesh_config(msg, &params->conf) < 0)
10537 		goto fail;
10538 
10539 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 1);
10540 	msg = NULL;
10541 	if (ret) {
10542 		wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)",
10543 			   ret, strerror(-ret));
10544 		goto fail;
10545 	}
10546 	ret = 0;
10547 	drv->assoc_freq = bss->freq = params->freq.freq;
10548 	wpa_printf(MSG_DEBUG, "nl80211: mesh join request send successfully");
10549 
10550 fail:
10551 	nlmsg_free(msg);
10552 	return ret;
10553 }
10554 
10555 
10556 static int
10557 wpa_driver_nl80211_join_mesh(void *priv,
10558 			     struct wpa_driver_mesh_join_params *params)
10559 {
10560 	struct i802_bss *bss = priv;
10561 	int ret, timeout;
10562 
10563 	timeout = params->conf.peer_link_timeout;
10564 
10565 	/* Disable kernel inactivity timer */
10566 	if (params->flags & WPA_DRIVER_MESH_FLAG_USER_MPM)
10567 		params->conf.peer_link_timeout = 0;
10568 
10569 	ret = nl80211_join_mesh(bss, params);
10570 	if (ret == -EINVAL && params->conf.peer_link_timeout == 0) {
10571 		wpa_printf(MSG_DEBUG,
10572 			   "nl80211: Mesh join retry for peer_link_timeout");
10573 		/*
10574 		 * Old kernel does not support setting
10575 		 * NL80211_MESHCONF_PLINK_TIMEOUT to zero, so set 60 seconds
10576 		 * into future from peer_link_timeout.
10577 		 */
10578 		params->conf.peer_link_timeout = timeout + 60;
10579 		ret = nl80211_join_mesh(priv, params);
10580 	}
10581 
10582 	params->conf.peer_link_timeout = timeout;
10583 	return ret;
10584 }
10585 
10586 
10587 static int wpa_driver_nl80211_leave_mesh(void *priv)
10588 {
10589 	struct i802_bss *bss = priv;
10590 	struct wpa_driver_nl80211_data *drv = bss->drv;
10591 	struct nl_msg *msg;
10592 	int ret;
10593 
10594 	wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex);
10595 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH);
10596 	ret = send_and_recv_msgs_connect_handle(drv, msg, bss, 0);
10597 	if (ret) {
10598 		wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)",
10599 			   ret, strerror(-ret));
10600 	} else {
10601 		wpa_printf(MSG_DEBUG,
10602 			   "nl80211: mesh leave request send successfully");
10603 	}
10604 
10605 	if (drv->start_mode_sta &&
10606 	    wpa_driver_nl80211_set_mode(drv->first_bss,
10607 					NL80211_IFTYPE_STATION)) {
10608 		wpa_printf(MSG_INFO,
10609 			   "nl80211: Failed to set interface into station mode");
10610 	}
10611 	return ret;
10612 }
10613 
10614 
10615 static int nl80211_probe_mesh_link(void *priv, const u8 *addr, const u8 *eth,
10616 				   size_t len)
10617 {
10618 	struct i802_bss *bss = priv;
10619 	struct wpa_driver_nl80211_data *drv = bss->drv;
10620 	struct nl_msg *msg;
10621 	int ret;
10622 
10623 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_PROBE_MESH_LINK);
10624 	if (!msg ||
10625 	    nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
10626 	    nla_put(msg, NL80211_ATTR_FRAME, len, eth)) {
10627 		nlmsg_free(msg);
10628 		return -ENOBUFS;
10629 	}
10630 
10631 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
10632 	if (ret) {
10633 		wpa_printf(MSG_DEBUG, "nl80211: mesh link probe to " MACSTR
10634 			   " failed: ret=%d (%s)",
10635 			   MAC2STR(addr), ret, strerror(-ret));
10636 	} else {
10637 		wpa_printf(MSG_DEBUG, "nl80211: Mesh link to " MACSTR
10638 			   " probed successfully", MAC2STR(addr));
10639 	}
10640 
10641 	return ret;
10642 }
10643 
10644 #endif /* CONFIG_MESH */
10645 
10646 
10647 static int wpa_driver_br_add_ip_neigh(void *priv, u8 version,
10648 				      const u8 *ipaddr, int prefixlen,
10649 				      const u8 *addr)
10650 {
10651 #ifdef CONFIG_LIBNL3_ROUTE
10652 	struct i802_bss *bss = priv;
10653 	struct wpa_driver_nl80211_data *drv = bss->drv;
10654 	struct rtnl_neigh *rn;
10655 	struct nl_addr *nl_ipaddr = NULL;
10656 	struct nl_addr *nl_lladdr = NULL;
10657 	int family, addrsize;
10658 	int res;
10659 
10660 	if (!ipaddr || prefixlen == 0 || !addr)
10661 		return -EINVAL;
10662 
10663 	if (bss->br_ifindex == 0) {
10664 		wpa_printf(MSG_DEBUG,
10665 			   "nl80211: bridge must be set before adding an ip neigh to it");
10666 		return -1;
10667 	}
10668 
10669 	if (!drv->rtnl_sk) {
10670 		wpa_printf(MSG_DEBUG,
10671 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
10672 		return -1;
10673 	}
10674 
10675 	if (version == 4) {
10676 		family = AF_INET;
10677 		addrsize = 4;
10678 	} else if (version == 6) {
10679 		family = AF_INET6;
10680 		addrsize = 16;
10681 	} else {
10682 		return -EINVAL;
10683 	}
10684 
10685 	rn = rtnl_neigh_alloc();
10686 	if (rn == NULL)
10687 		return -ENOMEM;
10688 
10689 	/* set the destination ip address for neigh */
10690 	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
10691 	if (nl_ipaddr == NULL) {
10692 		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
10693 		res = -ENOMEM;
10694 		goto errout;
10695 	}
10696 	nl_addr_set_prefixlen(nl_ipaddr, prefixlen);
10697 	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
10698 	if (res) {
10699 		wpa_printf(MSG_DEBUG,
10700 			   "nl80211: neigh set destination addr failed");
10701 		goto errout;
10702 	}
10703 
10704 	/* set the corresponding lladdr for neigh */
10705 	nl_lladdr = nl_addr_build(AF_BRIDGE, (u8 *) addr, ETH_ALEN);
10706 	if (nl_lladdr == NULL) {
10707 		wpa_printf(MSG_DEBUG, "nl80211: neigh set lladdr failed");
10708 		res = -ENOMEM;
10709 		goto errout;
10710 	}
10711 	rtnl_neigh_set_lladdr(rn, nl_lladdr);
10712 
10713 	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
10714 	rtnl_neigh_set_state(rn, NUD_PERMANENT);
10715 
10716 	res = rtnl_neigh_add(drv->rtnl_sk, rn, NLM_F_CREATE);
10717 	if (res) {
10718 		wpa_printf(MSG_DEBUG,
10719 			   "nl80211: Adding bridge ip neigh failed: %s",
10720 			   nl_geterror(res));
10721 	}
10722 errout:
10723 	if (nl_lladdr)
10724 		nl_addr_put(nl_lladdr);
10725 	if (nl_ipaddr)
10726 		nl_addr_put(nl_ipaddr);
10727 	if (rn)
10728 		rtnl_neigh_put(rn);
10729 	return res;
10730 #else /* CONFIG_LIBNL3_ROUTE */
10731 	return -1;
10732 #endif /* CONFIG_LIBNL3_ROUTE */
10733 }
10734 
10735 
10736 static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
10737 					 const u8 *ipaddr)
10738 {
10739 #ifdef CONFIG_LIBNL3_ROUTE
10740 	struct i802_bss *bss = priv;
10741 	struct wpa_driver_nl80211_data *drv = bss->drv;
10742 	struct rtnl_neigh *rn;
10743 	struct nl_addr *nl_ipaddr;
10744 	int family, addrsize;
10745 	int res;
10746 
10747 	if (!ipaddr)
10748 		return -EINVAL;
10749 
10750 	if (version == 4) {
10751 		family = AF_INET;
10752 		addrsize = 4;
10753 	} else if (version == 6) {
10754 		family = AF_INET6;
10755 		addrsize = 16;
10756 	} else {
10757 		return -EINVAL;
10758 	}
10759 
10760 	if (bss->br_ifindex == 0) {
10761 		wpa_printf(MSG_DEBUG,
10762 			   "nl80211: bridge must be set to delete an ip neigh");
10763 		return -1;
10764 	}
10765 
10766 	if (!drv->rtnl_sk) {
10767 		wpa_printf(MSG_DEBUG,
10768 			   "nl80211: nl_sock for NETLINK_ROUTE is not initialized");
10769 		return -1;
10770 	}
10771 
10772 	rn = rtnl_neigh_alloc();
10773 	if (rn == NULL)
10774 		return -ENOMEM;
10775 
10776 	/* set the destination ip address for neigh */
10777 	nl_ipaddr = nl_addr_build(family, (void *) ipaddr, addrsize);
10778 	if (nl_ipaddr == NULL) {
10779 		wpa_printf(MSG_DEBUG, "nl80211: nl_ipaddr build failed");
10780 		res = -ENOMEM;
10781 		goto errout;
10782 	}
10783 	res = rtnl_neigh_set_dst(rn, nl_ipaddr);
10784 	if (res) {
10785 		wpa_printf(MSG_DEBUG,
10786 			   "nl80211: neigh set destination addr failed");
10787 		goto errout;
10788 	}
10789 
10790 	rtnl_neigh_set_ifindex(rn, bss->br_ifindex);
10791 
10792 	res = rtnl_neigh_delete(drv->rtnl_sk, rn, 0);
10793 	if (res) {
10794 		wpa_printf(MSG_DEBUG,
10795 			   "nl80211: Deleting bridge ip neigh failed: %s",
10796 			   nl_geterror(res));
10797 	}
10798 errout:
10799 	if (nl_ipaddr)
10800 		nl_addr_put(nl_ipaddr);
10801 	if (rn)
10802 		rtnl_neigh_put(rn);
10803 	return res;
10804 #else /* CONFIG_LIBNL3_ROUTE */
10805 	return -1;
10806 #endif /* CONFIG_LIBNL3_ROUTE */
10807 }
10808 
10809 
10810 static int linux_write_system_file(const char *path, unsigned int val)
10811 {
10812 	char buf[50];
10813 	int fd, len;
10814 
10815 	len = os_snprintf(buf, sizeof(buf), "%u\n", val);
10816 	if (os_snprintf_error(sizeof(buf), len))
10817 		return -1;
10818 
10819 	fd = open(path, O_WRONLY);
10820 	if (fd < 0)
10821 		return -1;
10822 
10823 	if (write(fd, buf, len) < 0) {
10824 		wpa_printf(MSG_DEBUG,
10825 			   "nl80211: Failed to write Linux system file: %s with the value of %d",
10826 			   path, val);
10827 		close(fd);
10828 		return -1;
10829 	}
10830 	close(fd);
10831 
10832 	return 0;
10833 }
10834 
10835 
10836 static const char * drv_br_port_attr_str(enum drv_br_port_attr attr)
10837 {
10838 	switch (attr) {
10839 	case DRV_BR_PORT_ATTR_PROXYARP:
10840 		return "proxyarp_wifi";
10841 	case DRV_BR_PORT_ATTR_HAIRPIN_MODE:
10842 		return "hairpin_mode";
10843 	}
10844 
10845 	return NULL;
10846 }
10847 
10848 
10849 static int wpa_driver_br_port_set_attr(void *priv, enum drv_br_port_attr attr,
10850 				       unsigned int val)
10851 {
10852 	struct i802_bss *bss = priv;
10853 	char path[128];
10854 	const char *attr_txt;
10855 
10856 	attr_txt = drv_br_port_attr_str(attr);
10857 	if (attr_txt == NULL)
10858 		return -EINVAL;
10859 
10860 	os_snprintf(path, sizeof(path), "/sys/class/net/%s/brport/%s",
10861 		    bss->ifname, attr_txt);
10862 
10863 	if (linux_write_system_file(path, val))
10864 		return -1;
10865 
10866 	return 0;
10867 }
10868 
10869 
10870 static const char * drv_br_net_param_str(enum drv_br_net_param param)
10871 {
10872 	switch (param) {
10873 	case DRV_BR_NET_PARAM_GARP_ACCEPT:
10874 		return "arp_accept";
10875 	default:
10876 		return NULL;
10877 	}
10878 }
10879 
10880 
10881 static int wpa_driver_br_set_net_param(void *priv, enum drv_br_net_param param,
10882 				       unsigned int val)
10883 {
10884 	struct i802_bss *bss = priv;
10885 	char path[128];
10886 	const char *param_txt;
10887 	int ip_version = 4;
10888 
10889 	if (param == DRV_BR_MULTICAST_SNOOPING) {
10890 		os_snprintf(path, sizeof(path),
10891 			    "/sys/devices/virtual/net/%s/bridge/multicast_snooping",
10892 			    bss->brname);
10893 		goto set_val;
10894 	}
10895 
10896 	param_txt = drv_br_net_param_str(param);
10897 	if (param_txt == NULL)
10898 		return -EINVAL;
10899 
10900 	switch (param) {
10901 		case DRV_BR_NET_PARAM_GARP_ACCEPT:
10902 			ip_version = 4;
10903 			break;
10904 		default:
10905 			return -EINVAL;
10906 	}
10907 
10908 	os_snprintf(path, sizeof(path), "/proc/sys/net/ipv%d/conf/%s/%s",
10909 		    ip_version, bss->brname, param_txt);
10910 
10911 set_val:
10912 	if (linux_write_system_file(path, val))
10913 		return -1;
10914 
10915 	return 0;
10916 }
10917 
10918 
10919 #ifdef CONFIG_DRIVER_NL80211_QCA
10920 
10921 static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
10922 {
10923 	switch (hw_mode) {
10924 	case HOSTAPD_MODE_IEEE80211B:
10925 		return QCA_ACS_MODE_IEEE80211B;
10926 	case HOSTAPD_MODE_IEEE80211G:
10927 		return QCA_ACS_MODE_IEEE80211G;
10928 	case HOSTAPD_MODE_IEEE80211A:
10929 		return QCA_ACS_MODE_IEEE80211A;
10930 	case HOSTAPD_MODE_IEEE80211AD:
10931 		return QCA_ACS_MODE_IEEE80211AD;
10932 	case HOSTAPD_MODE_IEEE80211ANY:
10933 		return QCA_ACS_MODE_IEEE80211ANY;
10934 	default:
10935 		return -1;
10936 	}
10937 }
10938 
10939 
10940 static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
10941 {
10942 	int num_channels = 0, num_freqs;
10943 	u8 *ch_list;
10944 	enum hostapd_hw_mode hw_mode;
10945 	int ret = 0;
10946 	int i;
10947 
10948 	if (!freq_list)
10949 		return 0;
10950 
10951 	num_freqs = int_array_len(freq_list);
10952 	ch_list = os_malloc(sizeof(u8) * num_freqs);
10953 	if (!ch_list)
10954 		return -1;
10955 
10956 	for (i = 0; i < num_freqs; i++) {
10957 		const int freq = freq_list[i];
10958 
10959 		if (freq == 0)
10960 			break;
10961 		/* Send 2.4 GHz and 5 GHz channels with
10962 		 * QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to maintain backwards
10963 		 * compatibility.
10964 		 */
10965 		if (!(freq >= 2412 && freq <= 2484) &&
10966 		    !(freq >= 5180 && freq <= 5900) &&
10967 		    !(freq >= 5945 && freq <= 7115))
10968 			continue;
10969 		hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]);
10970 		if (hw_mode != NUM_HOSTAPD_MODES)
10971 			num_channels++;
10972 	}
10973 
10974 	if (num_channels)
10975 		ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST,
10976 			      num_channels, ch_list);
10977 
10978 	os_free(ch_list);
10979 	return ret;
10980 }
10981 
10982 
10983 static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
10984 {
10985 	int i, len, ret;
10986 	u32 *freqs;
10987 
10988 	if (!freq_list)
10989 		return 0;
10990 	len = int_array_len(freq_list);
10991 	freqs = os_malloc(sizeof(u32) * len);
10992 	if (!freqs)
10993 		return -1;
10994 	for (i = 0; i < len; i++)
10995 		freqs[i] = freq_list[i];
10996 	ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_FREQ_LIST,
10997 		      sizeof(u32) * len, freqs);
10998 	os_free(freqs);
10999 	return ret;
11000 }
11001 
11002 
11003 static int nl80211_qca_do_acs(struct wpa_driver_nl80211_data *drv,
11004 			      struct drv_acs_params *params)
11005 {
11006 	struct nl_msg *msg;
11007 	struct nlattr *data;
11008 	int ret;
11009 	int mode;
11010 
11011 	mode = hw_mode_to_qca_acs(params->hw_mode);
11012 	if (mode < 0)
11013 		return -1;
11014 
11015 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11016 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11017 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11018 			QCA_NL80211_VENDOR_SUBCMD_DO_ACS) ||
11019 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11020 	    nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_ACS_HW_MODE, mode) ||
11021 	    (params->ht_enabled &&
11022 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT_ENABLED)) ||
11023 	    (params->ht40_enabled &&
11024 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_HT40_ENABLED)) ||
11025 	    (params->vht_enabled &&
11026 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED)) ||
11027 	    nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
11028 			params->ch_width) ||
11029 	    add_acs_ch_list(msg, params->freq_list) ||
11030 	    add_acs_freq_list(msg, params->freq_list) ||
11031 	    (params->edmg_enabled &&
11032 	     nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_EDMG_ENABLED))) {
11033 		nlmsg_free(msg);
11034 		return -ENOBUFS;
11035 	}
11036 	nla_nest_end(msg, data);
11037 
11038 	wpa_printf(MSG_DEBUG,
11039 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d EDMG: %d",
11040 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
11041 		   params->vht_enabled, params->ch_width, params->edmg_enabled);
11042 
11043 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11044 	if (ret) {
11045 		wpa_printf(MSG_DEBUG,
11046 			   "nl80211: Failed to invoke driver ACS function: %s",
11047 			   strerror(-ret));
11048 	}
11049 	return ret;
11050 }
11051 
11052 
11053 static int nl80211_set_band(void *priv, u32 band_mask)
11054 {
11055 	struct i802_bss *bss = priv;
11056 	struct wpa_driver_nl80211_data *drv = bss->drv;
11057 	struct nl_msg *msg;
11058 	struct nlattr *data;
11059 	int ret;
11060 	enum qca_set_band qca_band_value;
11061 	u32 qca_band_mask = QCA_SETBAND_AUTO;
11062 
11063 	if (!drv->setband_vendor_cmd_avail ||
11064 	    (band_mask > (WPA_SETBAND_2G | WPA_SETBAND_5G | WPA_SETBAND_6G)))
11065 		return -1;
11066 
11067 	if (band_mask & WPA_SETBAND_5G)
11068 		qca_band_mask |= QCA_SETBAND_5G;
11069 	if (band_mask & WPA_SETBAND_2G)
11070 		qca_band_mask |= QCA_SETBAND_2G;
11071 	if (band_mask & WPA_SETBAND_6G)
11072 		qca_band_mask |= QCA_SETBAND_6G;
11073 
11074 	/*
11075 	 * QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE is a legacy interface hence make
11076 	 * it suite to its values (AUTO/5G/2G) for backwards compatibility.
11077 	 */
11078 	qca_band_value = ((qca_band_mask & QCA_SETBAND_5G) &&
11079 			  (qca_band_mask & QCA_SETBAND_2G)) ?
11080 				QCA_SETBAND_AUTO :
11081 				qca_band_mask & ~QCA_SETBAND_6G;
11082 
11083 	wpa_printf(MSG_DEBUG,
11084 		   "nl80211: QCA_BAND_MASK = 0x%x, QCA_BAND_VALUE = %d",
11085 		   qca_band_mask, qca_band_value);
11086 
11087 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11088 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11089 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11090 			QCA_NL80211_VENDOR_SUBCMD_SETBAND) ||
11091 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11092 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_VALUE,
11093 			qca_band_value) ||
11094 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_SETBAND_MASK,
11095 			qca_band_mask)) {
11096 		nlmsg_free(msg);
11097 		return -ENOBUFS;
11098 	}
11099 	nla_nest_end(msg, data);
11100 
11101 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11102 	if (ret) {
11103 		wpa_printf(MSG_DEBUG,
11104 			   "nl80211: Driver setband function failed: %s",
11105 			   strerror(-ret));
11106 	}
11107 	return ret;
11108 }
11109 
11110 
11111 struct nl80211_pcl {
11112 	unsigned int num;
11113 	unsigned int *freq_list;
11114 };
11115 
11116 static int preferred_freq_info_handler(struct nl_msg *msg, void *arg)
11117 {
11118 	struct nlattr *tb[NL80211_ATTR_MAX + 1];
11119 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11120 	struct nl80211_pcl *param = arg;
11121 	struct nlattr *nl_vend, *attr;
11122 	enum qca_iface_type iface_type;
11123 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
11124 	unsigned int num, max_num;
11125 	u32 *freqs;
11126 
11127 	nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11128 		  genlmsg_attrlen(gnlh, 0), NULL);
11129 
11130 	nl_vend = tb[NL80211_ATTR_VENDOR_DATA];
11131 	if (!nl_vend)
11132 		return NL_SKIP;
11133 
11134 	nla_parse(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
11135 		  nla_data(nl_vend), nla_len(nl_vend), NULL);
11136 
11137 	attr = tb_vendor[
11138 		QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE];
11139 	if (!attr) {
11140 		wpa_printf(MSG_ERROR, "nl80211: iface_type couldn't be found");
11141 		param->num = 0;
11142 		return NL_SKIP;
11143 	}
11144 
11145 	iface_type = (enum qca_iface_type) nla_get_u32(attr);
11146 	wpa_printf(MSG_DEBUG, "nl80211: Driver returned iface_type=%d",
11147 		   iface_type);
11148 
11149 	attr = tb_vendor[QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST];
11150 	if (!attr) {
11151 		wpa_printf(MSG_ERROR,
11152 			   "nl80211: preferred_freq_list couldn't be found");
11153 		param->num = 0;
11154 		return NL_SKIP;
11155 	}
11156 
11157 	/*
11158 	 * param->num has the maximum number of entries for which there
11159 	 * is room in the freq_list provided by the caller.
11160 	 */
11161 	freqs = nla_data(attr);
11162 	max_num = nla_len(attr) / sizeof(u32);
11163 	if (max_num > param->num)
11164 		max_num = param->num;
11165 	for (num = 0; num < max_num; num++)
11166 		param->freq_list[num] = freqs[num];
11167 	param->num = num;
11168 
11169 	return NL_SKIP;
11170 }
11171 
11172 
11173 static int nl80211_get_pref_freq_list(void *priv,
11174 				      enum wpa_driver_if_type if_type,
11175 				      unsigned int *num,
11176 				      unsigned int *freq_list)
11177 {
11178 	struct i802_bss *bss = priv;
11179 	struct wpa_driver_nl80211_data *drv = bss->drv;
11180 	struct nl_msg *msg;
11181 	int ret;
11182 	unsigned int i;
11183 	struct nlattr *params;
11184 	struct nl80211_pcl param;
11185 	enum qca_iface_type iface_type;
11186 
11187 	if (!drv->get_pref_freq_list)
11188 		return -1;
11189 
11190 	switch (if_type) {
11191 	case WPA_IF_STATION:
11192 		iface_type = QCA_IFACE_TYPE_STA;
11193 		break;
11194 	case WPA_IF_AP_BSS:
11195 		iface_type = QCA_IFACE_TYPE_AP;
11196 		break;
11197 	case WPA_IF_P2P_GO:
11198 		iface_type = QCA_IFACE_TYPE_P2P_GO;
11199 		break;
11200 	case WPA_IF_P2P_CLIENT:
11201 		iface_type = QCA_IFACE_TYPE_P2P_CLIENT;
11202 		break;
11203 	case WPA_IF_IBSS:
11204 		iface_type = QCA_IFACE_TYPE_IBSS;
11205 		break;
11206 	case WPA_IF_TDLS:
11207 		iface_type = QCA_IFACE_TYPE_TDLS;
11208 		break;
11209 	default:
11210 		return -1;
11211 	}
11212 
11213 	param.num = *num;
11214 	param.freq_list = freq_list;
11215 
11216 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11217 	    nla_put_u32(msg, NL80211_ATTR_IFINDEX, drv->ifindex) ||
11218 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11219 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11220 			QCA_NL80211_VENDOR_SUBCMD_GET_PREFERRED_FREQ_LIST) ||
11221 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11222 	    nla_put_u32(msg,
11223 			QCA_WLAN_VENDOR_ATTR_GET_PREFERRED_FREQ_LIST_IFACE_TYPE,
11224 			iface_type)) {
11225 		wpa_printf(MSG_ERROR,
11226 			   "%s: err in adding vendor_cmd and vendor_data",
11227 			   __func__);
11228 		nlmsg_free(msg);
11229 		return -1;
11230 	}
11231 	nla_nest_end(msg, params);
11232 
11233 	os_memset(freq_list, 0, *num * sizeof(freq_list[0]));
11234 	ret = send_and_recv_msgs(drv, msg, preferred_freq_info_handler, &param,
11235 				 NULL, NULL);
11236 	if (ret) {
11237 		wpa_printf(MSG_ERROR,
11238 			   "%s: err in send_and_recv_msgs", __func__);
11239 		return ret;
11240 	}
11241 
11242 	*num = param.num;
11243 
11244 	for (i = 0; i < *num; i++) {
11245 		wpa_printf(MSG_DEBUG, "nl80211: preferred_channel_list[%d]=%d",
11246 			   i, freq_list[i]);
11247 	}
11248 
11249 	return 0;
11250 }
11251 
11252 
11253 static int nl80211_set_prob_oper_freq(void *priv, unsigned int freq)
11254 {
11255 	struct i802_bss *bss = priv;
11256 	struct wpa_driver_nl80211_data *drv = bss->drv;
11257 	struct nl_msg *msg;
11258 	int ret;
11259 	struct nlattr *params;
11260 
11261 	if (!drv->set_prob_oper_freq)
11262 		return -1;
11263 
11264 	wpa_printf(MSG_DEBUG,
11265 		   "nl80211: Set P2P probable operating freq %u for ifindex %d",
11266 		   freq, bss->ifindex);
11267 
11268 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11269 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11270 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11271 			QCA_NL80211_VENDOR_SUBCMD_SET_PROBABLE_OPER_CHANNEL) ||
11272 	    !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11273 	    nla_put_u32(msg,
11274 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_IFACE_TYPE,
11275 			QCA_IFACE_TYPE_P2P_CLIENT) ||
11276 	    nla_put_u32(msg,
11277 			QCA_WLAN_VENDOR_ATTR_PROBABLE_OPER_CHANNEL_FREQ,
11278 			freq)) {
11279 		wpa_printf(MSG_ERROR,
11280 			   "%s: err in adding vendor_cmd and vendor_data",
11281 			   __func__);
11282 		nlmsg_free(msg);
11283 		return -1;
11284 	}
11285 	nla_nest_end(msg, params);
11286 
11287 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11288 	msg = NULL;
11289 	if (ret) {
11290 		wpa_printf(MSG_ERROR, "%s: err in send_and_recv_msgs",
11291 			   __func__);
11292 		return ret;
11293 	}
11294 	nlmsg_free(msg);
11295 	return 0;
11296 }
11297 
11298 
11299 static int nl80211_p2p_lo_start(void *priv, unsigned int freq,
11300 				unsigned int period, unsigned int interval,
11301 				unsigned int count, const u8 *device_types,
11302 				size_t dev_types_len,
11303 				const u8 *ies, size_t ies_len)
11304 {
11305 	struct i802_bss *bss = priv;
11306 	struct wpa_driver_nl80211_data *drv = bss->drv;
11307 	struct nl_msg *msg;
11308 	struct nlattr *container;
11309 	int ret;
11310 
11311 	wpa_printf(MSG_DEBUG,
11312 		   "nl80211: Start P2P Listen offload: freq=%u, period=%u, interval=%u, count=%u",
11313 		   freq, period, interval, count);
11314 
11315 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
11316 		return -1;
11317 
11318 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11319 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11320 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11321 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_START))
11322 		goto fail;
11323 
11324 	container = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11325 	if (!container)
11326 		goto fail;
11327 
11328 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_CHANNEL,
11329 			freq) ||
11330 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_PERIOD,
11331 			period) ||
11332 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_INTERVAL,
11333 			interval) ||
11334 	    nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_COUNT,
11335 			count) ||
11336 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_DEVICE_TYPES,
11337 		    dev_types_len, device_types) ||
11338 	    nla_put(msg, QCA_WLAN_VENDOR_ATTR_P2P_LISTEN_OFFLOAD_VENDOR_IE,
11339 		    ies_len, ies))
11340 		goto fail;
11341 
11342 	nla_nest_end(msg, container);
11343 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11344 	msg = NULL;
11345 	if (ret) {
11346 		wpa_printf(MSG_DEBUG,
11347 			   "nl80211: Failed to send P2P Listen offload vendor command");
11348 		goto fail;
11349 	}
11350 
11351 	return 0;
11352 
11353 fail:
11354 	nlmsg_free(msg);
11355 	return -1;
11356 }
11357 
11358 
11359 static int nl80211_p2p_lo_stop(void *priv)
11360 {
11361 	struct i802_bss *bss = priv;
11362 	struct wpa_driver_nl80211_data *drv = bss->drv;
11363 	struct nl_msg *msg;
11364 
11365 	wpa_printf(MSG_DEBUG, "nl80211: Stop P2P Listen offload");
11366 
11367 	if (!(drv->capa.flags & WPA_DRIVER_FLAGS_P2P_LISTEN_OFFLOAD))
11368 		return -1;
11369 
11370 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11371 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11372 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11373 			QCA_NL80211_VENDOR_SUBCMD_P2P_LISTEN_OFFLOAD_STOP)) {
11374 		nlmsg_free(msg);
11375 		return -1;
11376 	}
11377 
11378 	return send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11379 }
11380 
11381 
11382 static int nl80211_set_tdls_mode(void *priv, int tdls_external_control)
11383 {
11384 	struct i802_bss *bss = priv;
11385 	struct wpa_driver_nl80211_data *drv = bss->drv;
11386 	struct nl_msg *msg;
11387 	struct nlattr *params;
11388 	int ret;
11389 	u32 tdls_mode;
11390 
11391 	wpa_printf(MSG_DEBUG,
11392 		   "nl80211: Set TDKS mode: tdls_external_control=%d",
11393 		   tdls_external_control);
11394 
11395 	if (tdls_external_control == 1)
11396 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_IMPLICIT |
11397 			QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXTERNAL;
11398 	else
11399 		tdls_mode = QCA_WLAN_VENDOR_TDLS_TRIGGER_MODE_EXPLICIT;
11400 
11401 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11402 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11403 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11404 			QCA_NL80211_VENDOR_SUBCMD_CONFIGURE_TDLS))
11405 		goto fail;
11406 
11407 	params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11408 	if (!params)
11409 		goto fail;
11410 
11411 	if (nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_TDLS_CONFIG_TRIGGER_MODE,
11412 			tdls_mode))
11413 		goto fail;
11414 
11415 	nla_nest_end(msg, params);
11416 
11417 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11418 	msg = NULL;
11419 	if (ret) {
11420 		wpa_printf(MSG_ERROR,
11421 			   "nl80211: Set TDLS mode failed: ret=%d (%s)",
11422 			   ret, strerror(-ret));
11423 		goto fail;
11424 	}
11425 	return 0;
11426 fail:
11427 	nlmsg_free(msg);
11428 	return -1;
11429 }
11430 
11431 
11432 #ifdef CONFIG_MBO
11433 
11434 static enum mbo_transition_reject_reason
11435 nl80211_mbo_reject_reason_mapping(enum qca_wlan_btm_candidate_status status)
11436 {
11437 	switch (status) {
11438 	case QCA_STATUS_REJECT_EXCESSIVE_FRAME_LOSS_EXPECTED:
11439 		return MBO_TRANSITION_REJECT_REASON_FRAME_LOSS;
11440 	case QCA_STATUS_REJECT_EXCESSIVE_DELAY_EXPECTED:
11441 		return MBO_TRANSITION_REJECT_REASON_DELAY;
11442 	case QCA_STATUS_REJECT_INSUFFICIENT_QOS_CAPACITY:
11443 		return MBO_TRANSITION_REJECT_REASON_QOS_CAPACITY;
11444 	case QCA_STATUS_REJECT_LOW_RSSI:
11445 		return MBO_TRANSITION_REJECT_REASON_RSSI;
11446 	case QCA_STATUS_REJECT_HIGH_INTERFERENCE:
11447 		return MBO_TRANSITION_REJECT_REASON_INTERFERENCE;
11448 	case QCA_STATUS_REJECT_UNKNOWN:
11449 	default:
11450 		return MBO_TRANSITION_REJECT_REASON_UNSPECIFIED;
11451 	}
11452 }
11453 
11454 
11455 static void nl80211_parse_btm_candidate_info(struct candidate_list *candidate,
11456 					     struct nlattr *tb[], int num)
11457 {
11458 	enum qca_wlan_btm_candidate_status status;
11459 	char buf[50];
11460 
11461 	os_memcpy(candidate->bssid,
11462 		  nla_data(tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID]),
11463 		  ETH_ALEN);
11464 
11465 	status = nla_get_u32(
11466 		tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS]);
11467 	candidate->is_accept = status == QCA_STATUS_ACCEPT;
11468 	candidate->reject_reason = nl80211_mbo_reject_reason_mapping(status);
11469 
11470 	if (candidate->is_accept)
11471 		os_snprintf(buf, sizeof(buf), "Accepted");
11472 	else
11473 		os_snprintf(buf, sizeof(buf),
11474 			    "Rejected, Reject_reason: %d",
11475 			    candidate->reject_reason);
11476 	wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR " %s",
11477 		   num, MAC2STR(candidate->bssid), buf);
11478 }
11479 
11480 
11481 static int
11482 nl80211_get_bss_transition_status_handler(struct nl_msg *msg, void *arg)
11483 {
11484 	struct wpa_bss_candidate_info *info = arg;
11485 	struct candidate_list *candidate = info->candidates;
11486 	struct nlattr *tb_msg[NL80211_ATTR_MAX + 1];
11487 	struct nlattr *tb_vendor[QCA_WLAN_VENDOR_ATTR_MAX + 1];
11488 	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1];
11489 	static struct nla_policy policy[
11490 		QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX + 1] = {
11491 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] = {
11492 			.minlen = ETH_ALEN
11493 		},
11494 		[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS] = {
11495 			.type = NLA_U32,
11496 		},
11497 	};
11498 	struct nlattr *attr;
11499 	int rem;
11500 	struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
11501 	u8 num;
11502 
11503 	num = info->num; /* number of candidates sent to driver */
11504 	info->num = 0;
11505 	nla_parse(tb_msg, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
11506 		  genlmsg_attrlen(gnlh, 0), NULL);
11507 
11508 	if (!tb_msg[NL80211_ATTR_VENDOR_DATA] ||
11509 	    nla_parse_nested(tb_vendor, QCA_WLAN_VENDOR_ATTR_MAX,
11510 			     tb_msg[NL80211_ATTR_VENDOR_DATA], NULL) ||
11511 	    !tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO])
11512 		return NL_SKIP;
11513 
11514 	wpa_printf(MSG_DEBUG,
11515 		   "nl80211: WNM Candidate list received from driver");
11516 	nla_for_each_nested(attr,
11517 			    tb_vendor[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO],
11518 			    rem) {
11519 		if (info->num >= num ||
11520 		    nla_parse_nested(
11521 			    tb, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_MAX,
11522 			    attr, policy) ||
11523 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID] ||
11524 		    !tb[QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_STATUS])
11525 			break;
11526 
11527 		nl80211_parse_btm_candidate_info(candidate, tb, info->num);
11528 
11529 		candidate++;
11530 		info->num++;
11531 	}
11532 
11533 	return NL_SKIP;
11534 }
11535 
11536 
11537 static struct wpa_bss_candidate_info *
11538 nl80211_get_bss_transition_status(void *priv, struct wpa_bss_trans_info *params)
11539 {
11540 	struct i802_bss *bss = priv;
11541 	struct wpa_driver_nl80211_data *drv = bss->drv;
11542 	struct nl_msg *msg;
11543 	struct nlattr *attr, *attr1, *attr2;
11544 	struct wpa_bss_candidate_info *info;
11545 	u8 i;
11546 	int ret;
11547 	u8 *pos;
11548 
11549 	if (!drv->fetch_bss_trans_status)
11550 		return NULL;
11551 
11552 	info = os_zalloc(sizeof(*info));
11553 	if (!info)
11554 		return NULL;
11555 	/* Allocate memory for number of candidates sent to driver */
11556 	info->candidates = os_calloc(params->n_candidates,
11557 				     sizeof(*info->candidates));
11558 	if (!info->candidates) {
11559 		os_free(info);
11560 		return NULL;
11561 	}
11562 
11563 	/* Copy the number of candidates being sent to driver. This is used in
11564 	 * nl80211_get_bss_transition_status_handler() to limit the number of
11565 	 * candidates that can be populated in info->candidates and will be
11566 	 * later overwritten with the actual number of candidates received from
11567 	 * the driver.
11568 	 */
11569 	info->num = params->n_candidates;
11570 
11571 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11572 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11573 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11574 			QCA_NL80211_VENDOR_SUBCMD_FETCH_BSS_TRANSITION_STATUS))
11575 		goto fail;
11576 
11577 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11578 	if (!attr)
11579 		goto fail;
11580 
11581 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_BTM_MBO_TRANSITION_REASON,
11582 		       params->mbo_transition_reason))
11583 		goto fail;
11584 
11585 	attr1 = nla_nest_start(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO);
11586 	if (!attr1)
11587 		goto fail;
11588 
11589 	wpa_printf(MSG_DEBUG,
11590 		   "nl80211: WNM Candidate list info sending to driver: mbo_transition_reason: %d n_candidates: %d",
11591 		   params->mbo_transition_reason, params->n_candidates);
11592 	pos = params->bssid;
11593 	for (i = 0; i < params->n_candidates; i++) {
11594 		wpa_printf(MSG_DEBUG, "nl80211:   BSSID[%d]: " MACSTR, i,
11595 			   MAC2STR(pos));
11596 		attr2 = nla_nest_start(msg, i);
11597 		if (!attr2 ||
11598 		    nla_put(msg, QCA_WLAN_VENDOR_ATTR_BTM_CANDIDATE_INFO_BSSID,
11599 			    ETH_ALEN, pos))
11600 			goto fail;
11601 		pos += ETH_ALEN;
11602 		nla_nest_end(msg, attr2);
11603 	}
11604 
11605 	nla_nest_end(msg, attr1);
11606 	nla_nest_end(msg, attr);
11607 
11608 	ret = send_and_recv_msgs(drv, msg,
11609 				 nl80211_get_bss_transition_status_handler,
11610 				 info, NULL, NULL);
11611 	msg = NULL;
11612 	if (ret) {
11613 		wpa_printf(MSG_ERROR,
11614 			   "nl80211: WNM Get BSS transition status failed: ret=%d (%s)",
11615 			   ret, strerror(-ret));
11616 		goto fail;
11617 	}
11618 	return info;
11619 
11620 fail:
11621 	nlmsg_free(msg);
11622 	os_free(info->candidates);
11623 	os_free(info);
11624 	return NULL;
11625 }
11626 
11627 
11628 /**
11629  * nl80211_ignore_assoc_disallow - Configure driver to ignore assoc_disallow
11630  * @priv: Pointer to private driver data from wpa_driver_nl80211_init()
11631  * @ignore_assoc_disallow: 0 to not ignore, 1 to ignore
11632  * Returns: 0 on success, -1 on failure
11633  */
11634 static int nl80211_ignore_assoc_disallow(void *priv, int ignore_disallow)
11635 {
11636 	struct i802_bss *bss = priv;
11637 	struct wpa_driver_nl80211_data *drv = bss->drv;
11638 	struct nl_msg *msg;
11639 	struct nlattr *attr;
11640 	int ret = -1;
11641 
11642 	if (!drv->set_wifi_conf_vendor_cmd_avail)
11643 		return -1;
11644 
11645 	if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
11646 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
11647 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11648 			QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION))
11649 		goto fail;
11650 
11651 	attr = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA);
11652 	if (!attr)
11653 		goto fail;
11654 
11655 	wpa_printf(MSG_DEBUG, "nl80211: Set ignore_assoc_disallow %d",
11656 		   ignore_disallow);
11657 	if (nla_put_u8(msg, QCA_WLAN_VENDOR_ATTR_CONFIG_IGNORE_ASSOC_DISALLOWED,
11658 		       ignore_disallow))
11659 		goto fail;
11660 
11661 	nla_nest_end(msg, attr);
11662 
11663 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11664 	msg = NULL;
11665 	if (ret) {
11666 		wpa_printf(MSG_ERROR,
11667 			   "nl80211: Set ignore_assoc_disallow failed: ret=%d (%s)",
11668 			   ret, strerror(-ret));
11669 		goto fail;
11670 	}
11671 
11672 fail:
11673 	nlmsg_free(msg);
11674 	return ret;
11675 }
11676 
11677 #endif /* CONFIG_MBO */
11678 
11679 #endif /* CONFIG_DRIVER_NL80211_QCA */
11680 
11681 
11682 #ifdef CONFIG_DRIVER_NL80211_BRCM
11683 static int wpa_driver_do_broadcom_acs(struct wpa_driver_nl80211_data *drv,
11684 				      struct drv_acs_params *params)
11685 {
11686 	struct nl_msg *msg;
11687 	struct nlattr *data;
11688 	int freq_list_len;
11689 	int ret = -1;
11690 
11691 	freq_list_len = int_array_len(params->freq_list);
11692 	wpa_printf(MSG_DEBUG, "%s: freq_list_len=%d",
11693 		   __func__, freq_list_len);
11694 
11695 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR);
11696 	if (!msg ||
11697 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_BRCM) ||
11698 	    nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
11699 			BRCM_VENDOR_SCMD_ACS) ||
11700 	    !(data = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
11701 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HW_MODE, params->hw_mode) ||
11702 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT_ENABLED,
11703 		       params->ht_enabled) ||
11704 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_HT40_ENABLED,
11705 		       params->ht40_enabled) ||
11706 	    nla_put_u8(msg, BRCM_VENDOR_ATTR_ACS_VHT_ENABLED,
11707 		       params->vht_enabled) ||
11708 	    nla_put_u16(msg, BRCM_VENDOR_ATTR_ACS_CHWIDTH, params->ch_width) ||
11709 	    (freq_list_len > 0 &&
11710 	     nla_put(msg, BRCM_VENDOR_ATTR_ACS_FREQ_LIST,
11711 		     sizeof(int) * freq_list_len, params->freq_list)))
11712 		goto fail;
11713 	nla_nest_end(msg, data);
11714 
11715 	wpa_printf(MSG_DEBUG,
11716 		   "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d",
11717 		   params->hw_mode, params->ht_enabled, params->ht40_enabled,
11718 		   params->vht_enabled, params->ch_width);
11719 
11720 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11721 	if (ret) {
11722 		wpa_printf(MSG_ERROR,
11723 			   "nl80211: BRCM Failed to invoke driver ACS function: %s",
11724 			   strerror(errno));
11725 	}
11726 
11727 	msg = NULL;
11728 fail:
11729 	nlmsg_free(msg);
11730 	return ret;
11731 }
11732 #endif /* CONFIG_DRIVER_NL80211_BRCM */
11733 
11734 
11735 static int nl80211_do_acs(void *priv, struct drv_acs_params *params)
11736 {
11737 #if defined(CONFIG_DRIVER_NL80211_QCA) || defined(CONFIG_DRIVER_NL80211_BRCM)
11738 	struct i802_bss *bss = priv;
11739 	struct wpa_driver_nl80211_data *drv = bss->drv;
11740 #endif /* CONFIG_DRIVER_NL80211_QCA || CONFIG_DRIVER_NL80211_BRCM */
11741 
11742 #ifdef CONFIG_DRIVER_NL80211_QCA
11743 	if (drv->qca_do_acs)
11744 		return nl80211_qca_do_acs(drv, params);
11745 #endif /* CONFIG_DRIVER_NL80211_QCA */
11746 
11747 #ifdef CONFIG_DRIVER_NL80211_BRCM
11748 	if (drv->brcm_do_acs)
11749 		return wpa_driver_do_broadcom_acs(drv, params);
11750 #endif /* CONFIG_DRIVER_NL80211_BRCM */
11751 
11752 	return -1;
11753 }
11754 
11755 
11756 static int nl80211_write_to_file(const char *name, unsigned int val)
11757 {
11758 	int fd, len;
11759 	char tmp[128];
11760 	int ret = 0;
11761 
11762 	fd = open(name, O_RDWR);
11763 	if (fd < 0) {
11764 		int level;
11765 		/*
11766 		 * Flags may not exist on older kernels, or while we're tearing
11767 		 * down a disappearing device.
11768 		 */
11769 		if (errno == ENOENT) {
11770 			ret = 0;
11771 			level = MSG_DEBUG;
11772 		} else {
11773 			ret = -1;
11774 			level = MSG_ERROR;
11775 		}
11776 		wpa_printf(level, "nl80211: Failed to open %s: %s",
11777 			   name, strerror(errno));
11778 		return ret;
11779 	}
11780 
11781 	len = os_snprintf(tmp, sizeof(tmp), "%u\n", val);
11782 	len = write(fd, tmp, len);
11783 	if (len < 0) {
11784 		ret = -1;
11785 		wpa_printf(MSG_ERROR, "nl80211: Failed to write to %s: %s",
11786 			   name, strerror(errno));
11787 	}
11788 	close(fd);
11789 
11790 	return ret;
11791 }
11792 
11793 
11794 static int nl80211_configure_data_frame_filters(void *priv, u32 filter_flags)
11795 {
11796 	struct i802_bss *bss = priv;
11797 	char path[128];
11798 	int ret;
11799 
11800 	/* P2P-Device has no netdev that can (or should) be configured here */
11801 	if (nl80211_get_ifmode(bss) == NL80211_IFTYPE_P2P_DEVICE)
11802 		return 0;
11803 
11804 	wpa_printf(MSG_DEBUG, "nl80211: Data frame filter flags=0x%x",
11805 		   filter_flags);
11806 
11807 	/* Configure filtering of unicast frame encrypted using GTK */
11808 	ret = os_snprintf(path, sizeof(path),
11809 			  "/proc/sys/net/ipv4/conf/%s/drop_unicast_in_l2_multicast",
11810 			  bss->ifname);
11811 	if (os_snprintf_error(sizeof(path), ret))
11812 		return -1;
11813 
11814 	ret = nl80211_write_to_file(path,
11815 				    !!(filter_flags &
11816 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
11817 	if (ret) {
11818 		wpa_printf(MSG_ERROR,
11819 			   "nl80211: Failed to set IPv4 unicast in multicast filter");
11820 		return ret;
11821 	}
11822 
11823 	os_snprintf(path, sizeof(path),
11824 		    "/proc/sys/net/ipv6/conf/%s/drop_unicast_in_l2_multicast",
11825 		    bss->ifname);
11826 	ret = nl80211_write_to_file(path,
11827 				    !!(filter_flags &
11828 				       WPA_DATA_FRAME_FILTER_FLAG_GTK));
11829 
11830 	if (ret) {
11831 		wpa_printf(MSG_ERROR,
11832 			   "nl80211: Failed to set IPv6 unicast in multicast filter");
11833 		return ret;
11834 	}
11835 
11836 	/* Configure filtering of unicast frame encrypted using GTK */
11837 	os_snprintf(path, sizeof(path),
11838 		    "/proc/sys/net/ipv4/conf/%s/drop_gratuitous_arp",
11839 		    bss->ifname);
11840 	ret = nl80211_write_to_file(path,
11841 				    !!(filter_flags &
11842 				       WPA_DATA_FRAME_FILTER_FLAG_ARP));
11843 	if (ret) {
11844 		wpa_printf(MSG_ERROR,
11845 			   "nl80211: Failed set gratuitous ARP filter");
11846 		return ret;
11847 	}
11848 
11849 	/* Configure filtering of IPv6 NA frames */
11850 	os_snprintf(path, sizeof(path),
11851 		    "/proc/sys/net/ipv6/conf/%s/drop_unsolicited_na",
11852 		    bss->ifname);
11853 	ret = nl80211_write_to_file(path,
11854 				    !!(filter_flags &
11855 				       WPA_DATA_FRAME_FILTER_FLAG_NA));
11856 	if (ret) {
11857 		wpa_printf(MSG_ERROR,
11858 			   "nl80211: Failed to set unsolicited NA filter");
11859 		return ret;
11860 	}
11861 
11862 	return 0;
11863 }
11864 
11865 
11866 static int nl80211_get_ext_capab(void *priv, enum wpa_driver_if_type type,
11867 				 const u8 **ext_capa, const u8 **ext_capa_mask,
11868 				 unsigned int *ext_capa_len)
11869 {
11870 	struct i802_bss *bss = priv;
11871 	struct wpa_driver_nl80211_data *drv = bss->drv;
11872 	enum nl80211_iftype nlmode;
11873 	unsigned int i;
11874 
11875 	if (!ext_capa || !ext_capa_mask || !ext_capa_len)
11876 		return -1;
11877 
11878 	nlmode = wpa_driver_nl80211_if_type(type);
11879 
11880 	/* By default, use the per-radio values */
11881 	*ext_capa = drv->extended_capa;
11882 	*ext_capa_mask = drv->extended_capa_mask;
11883 	*ext_capa_len = drv->extended_capa_len;
11884 
11885 	/* Replace the default value if a per-interface type value exists */
11886 	for (i = 0; i < drv->num_iface_ext_capa; i++) {
11887 		if (nlmode == drv->iface_ext_capa[i].iftype) {
11888 			*ext_capa = drv->iface_ext_capa[i].ext_capa;
11889 			*ext_capa_mask = drv->iface_ext_capa[i].ext_capa_mask;
11890 			*ext_capa_len = drv->iface_ext_capa[i].ext_capa_len;
11891 			break;
11892 		}
11893 	}
11894 
11895 	return 0;
11896 }
11897 
11898 
11899 static int nl80211_update_connection_params(
11900 	void *priv, struct wpa_driver_associate_params *params,
11901 	enum wpa_drv_update_connect_params_mask mask)
11902 {
11903 	struct i802_bss *bss = priv;
11904 	struct wpa_driver_nl80211_data *drv = bss->drv;
11905 	struct nl_msg *msg;
11906 	int ret = -1;
11907 	enum nl80211_auth_type type;
11908 
11909 	/* Update Connection Params is intended for drivers that implement
11910 	 * internal SME and expect these updated connection params from
11911 	 * wpa_supplicant. Do not send this request for the drivers using
11912 	 * SME from wpa_supplicant.
11913 	 */
11914 	if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
11915 		return 0;
11916 
11917 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_CONNECT_PARAMS);
11918 	if (!msg)
11919 		goto fail;
11920 
11921 	wpa_printf(MSG_DEBUG, "nl80211: Update connection params (ifindex=%d)",
11922 		   drv->ifindex);
11923 
11924 	if ((mask & WPA_DRV_UPDATE_ASSOC_IES) && params->wpa_ie) {
11925 		if (nla_put(msg, NL80211_ATTR_IE, params->wpa_ie_len,
11926 			    params->wpa_ie))
11927 			goto fail;
11928 		wpa_hexdump(MSG_DEBUG, "  * IEs", params->wpa_ie,
11929 			    params->wpa_ie_len);
11930 	}
11931 
11932 	if (mask & WPA_DRV_UPDATE_AUTH_TYPE) {
11933 		type = get_nl_auth_type(params->auth_alg);
11934 		if (type == NL80211_AUTHTYPE_MAX ||
11935 		    nla_put_u32(msg, NL80211_ATTR_AUTH_TYPE, type))
11936 			goto fail;
11937 		wpa_printf(MSG_DEBUG, "  * Auth Type %d", type);
11938 	}
11939 
11940 	if ((mask & WPA_DRV_UPDATE_FILS_ERP_INFO) &&
11941 	    nl80211_put_fils_connect_params(drv, params, msg))
11942 		goto fail;
11943 
11944 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11945 	msg = NULL;
11946 	if (ret)
11947 		wpa_dbg(drv->ctx, MSG_DEBUG,
11948 			"nl80211: Update connect params command failed: ret=%d (%s)",
11949 			ret, strerror(-ret));
11950 
11951 fail:
11952 	nlmsg_free(msg);
11953 	return ret;
11954 }
11955 
11956 
11957 static int nl80211_send_external_auth_status(void *priv,
11958 					     struct external_auth *params)
11959 {
11960 	struct i802_bss *bss = priv;
11961 	struct wpa_driver_nl80211_data *drv = bss->drv;
11962 	struct nl_msg *msg = NULL;
11963 	int ret = -1;
11964 
11965 	/* External auth command/status is intended for drivers that implement
11966 	 * internal SME but want to offload authentication processing (e.g.,
11967 	 * SAE) to hostapd/wpa_supplicant. Do not send the status to drivers
11968 	 * which do not support AP SME or use wpa_supplicant/hostapd SME.
11969 	 */
11970 	if ((is_ap_interface(drv->nlmode) && !bss->drv->device_ap_sme) ||
11971 	    (drv->capa.flags & WPA_DRIVER_FLAGS_SME))
11972 		return -1;
11973 
11974 	wpa_dbg(drv->ctx, MSG_DEBUG,
11975 		"nl80211: External auth status: %u", params->status);
11976 
11977 	msg = nl80211_drv_msg(drv, 0, NL80211_CMD_EXTERNAL_AUTH);
11978 	if (!msg ||
11979 	    nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, params->status) ||
11980 	    (params->ssid && params->ssid_len &&
11981 	     nla_put(msg, NL80211_ATTR_SSID, params->ssid_len, params->ssid)) ||
11982 	    (params->pmkid &&
11983 	     nla_put(msg, NL80211_ATTR_PMKID, PMKID_LEN, params->pmkid)) ||
11984 	    (params->bssid &&
11985 	     nla_put(msg, NL80211_ATTR_BSSID, ETH_ALEN, params->bssid)))
11986 		goto fail;
11987 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
11988 	msg = NULL;
11989 	if (ret) {
11990 		wpa_printf(MSG_DEBUG,
11991 			   "nl80211: External Auth status update failed: ret=%d (%s)",
11992 			   ret, strerror(-ret));
11993 		goto fail;
11994 	}
11995 fail:
11996 	nlmsg_free(msg);
11997 	return ret;
11998 }
11999 
12000 
12001 static int nl80211_set_4addr_mode(void *priv, const char *bridge_ifname,
12002 				  int val)
12003 {
12004 	struct i802_bss *bss = priv;
12005 	struct wpa_driver_nl80211_data *drv = bss->drv;
12006 	struct nl_msg *msg;
12007 	int ret = -ENOBUFS;
12008 
12009 	wpa_printf(MSG_DEBUG, "nl80211: %s 4addr mode (bridge_ifname: %s)",
12010 		   val ? "Enable" : "Disable", bridge_ifname);
12011 
12012 	msg = nl80211_cmd_msg(drv->first_bss, 0, NL80211_CMD_SET_INTERFACE);
12013 	if (!msg || nla_put_u8(msg, NL80211_ATTR_4ADDR, val))
12014 		goto fail;
12015 
12016 	if (bridge_ifname[0] && bss->added_if_into_bridge && !val) {
12017 		if (linux_br_del_if(drv->global->ioctl_sock,
12018 				    bridge_ifname, bss->ifname)) {
12019 			wpa_printf(MSG_ERROR,
12020 				   "nl80211: Failed to remove interface %s from bridge %s",
12021 				   bss->ifname, bridge_ifname);
12022 			return -1;
12023 		}
12024 		bss->added_if_into_bridge = 0;
12025 	}
12026 
12027 	ret = send_and_recv_msgs(drv, msg, NULL, NULL, NULL, NULL);
12028 	msg = NULL;
12029 	if (ret && val && nl80211_get_4addr(bss) == 1) {
12030 		wpa_printf(MSG_DEBUG,
12031 			   "nl80211: 4addr mode was already enabled");
12032 		ret = 0;
12033 	}
12034 	if (!ret) {
12035 		if (bridge_ifname[0] && val &&
12036 		    i802_check_bridge(drv, bss, bridge_ifname, bss->ifname) < 0)
12037 			return -1;
12038 		return 0;
12039 	}
12040 
12041 fail:
12042 	nlmsg_free(msg);
12043 	wpa_printf(MSG_ERROR, "nl80211: Failed to enable/disable 4addr");
12044 
12045 	return ret;
12046 }
12047 
12048 
12049 #ifdef CONFIG_DPP
12050 static int nl80211_dpp_listen(void *priv, bool enable)
12051 {
12052 	struct i802_bss *bss = priv;
12053 	struct wpa_driver_nl80211_data *drv = bss->drv;
12054 	u16 type = (WLAN_FC_TYPE_MGMT << 2) | (WLAN_FC_STYPE_ACTION << 4);
12055 	struct nl_sock *handle;
12056 
12057 	if (!drv->multicast_registrations || !bss->nl_mgmt)
12058 		return 0; /* cannot do more than hope broadcast RX works */
12059 
12060 	wpa_printf(MSG_DEBUG,
12061 		   "nl80211: Update DPP Public Action frame registration (%s multicast RX)",
12062 		   enable ? "enable" : "disable");
12063 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
12064 	return nl80211_register_frame(bss, handle, type,
12065 				      (u8 *) "\x04\x09\x50\x6f\x9a\x1a", 6,
12066 				      enable);
12067 }
12068 #endif /* CONFIG_DPP */
12069 
12070 
12071 #ifdef CONFIG_TESTING_OPTIONS
12072 static int testing_nl80211_register_frame(void *priv, u16 type,
12073 					  const u8 *match, size_t match_len,
12074 					  bool multicast)
12075 {
12076 	struct i802_bss *bss = priv;
12077 	struct nl_sock *handle;
12078 
12079 	if (!bss->nl_mgmt)
12080 		return -1;
12081 	handle = (void *) (((intptr_t) bss->nl_mgmt) ^ ELOOP_SOCKET_INVALID);
12082 	return nl80211_register_frame(bss, handle, type, match, match_len,
12083 				      multicast);
12084 }
12085 #endif /* CONFIG_TESTING_OPTIONS */
12086 
12087 
12088 const struct wpa_driver_ops wpa_driver_nl80211_ops = {
12089 	.name = "nl80211",
12090 	.desc = "Linux nl80211/cfg80211",
12091 	.get_bssid = wpa_driver_nl80211_get_bssid,
12092 	.get_ssid = wpa_driver_nl80211_get_ssid,
12093 	.set_key = driver_nl80211_set_key,
12094 	.scan2 = driver_nl80211_scan2,
12095 	.sched_scan = wpa_driver_nl80211_sched_scan,
12096 	.stop_sched_scan = wpa_driver_nl80211_stop_sched_scan,
12097 	.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
12098 	.abort_scan = wpa_driver_nl80211_abort_scan,
12099 	.deauthenticate = driver_nl80211_deauthenticate,
12100 	.authenticate = driver_nl80211_authenticate,
12101 	.associate = wpa_driver_nl80211_associate,
12102 	.global_init = nl80211_global_init,
12103 	.global_deinit = nl80211_global_deinit,
12104 	.init2 = wpa_driver_nl80211_init,
12105 	.deinit = driver_nl80211_deinit,
12106 	.get_capa = wpa_driver_nl80211_get_capa,
12107 	.set_operstate = wpa_driver_nl80211_set_operstate,
12108 	.set_supp_port = wpa_driver_nl80211_set_supp_port,
12109 	.set_country = wpa_driver_nl80211_set_country,
12110 	.get_country = wpa_driver_nl80211_get_country,
12111 	.set_ap = wpa_driver_nl80211_set_ap,
12112 	.set_acl = wpa_driver_nl80211_set_acl,
12113 	.if_add = wpa_driver_nl80211_if_add,
12114 	.if_remove = driver_nl80211_if_remove,
12115 	.send_mlme = driver_nl80211_send_mlme,
12116 	.get_hw_feature_data = nl80211_get_hw_feature_data,
12117 	.sta_add = wpa_driver_nl80211_sta_add,
12118 	.sta_remove = driver_nl80211_sta_remove,
12119 	.tx_control_port = nl80211_tx_control_port,
12120 	.hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
12121 	.sta_set_flags = wpa_driver_nl80211_sta_set_flags,
12122 	.sta_set_airtime_weight = driver_nl80211_sta_set_airtime_weight,
12123 	.hapd_init = i802_init,
12124 	.hapd_deinit = i802_deinit,
12125 	.set_wds_sta = i802_set_wds_sta,
12126 	.get_seqnum = i802_get_seqnum,
12127 	.flush = i802_flush,
12128 	.get_inact_sec = i802_get_inact_sec,
12129 	.sta_clear_stats = i802_sta_clear_stats,
12130 	.set_rts = i802_set_rts,
12131 	.set_frag = i802_set_frag,
12132 	.set_tx_queue_params = i802_set_tx_queue_params,
12133 	.set_sta_vlan = driver_nl80211_set_sta_vlan,
12134 	.sta_deauth = i802_sta_deauth,
12135 	.sta_disassoc = i802_sta_disassoc,
12136 	.read_sta_data = driver_nl80211_read_sta_data,
12137 	.set_freq = i802_set_freq,
12138 	.send_action = driver_nl80211_send_action,
12139 	.send_action_cancel_wait = wpa_driver_nl80211_send_action_cancel_wait,
12140 	.remain_on_channel = wpa_driver_nl80211_remain_on_channel,
12141 	.cancel_remain_on_channel =
12142 	wpa_driver_nl80211_cancel_remain_on_channel,
12143 	.probe_req_report = driver_nl80211_probe_req_report,
12144 	.deinit_ap = wpa_driver_nl80211_deinit_ap,
12145 	.deinit_p2p_cli = wpa_driver_nl80211_deinit_p2p_cli,
12146 	.resume = wpa_driver_nl80211_resume,
12147 	.signal_monitor = nl80211_signal_monitor,
12148 	.signal_poll = nl80211_signal_poll,
12149 	.channel_info = nl80211_channel_info,
12150 	.set_param = nl80211_set_param,
12151 	.get_radio_name = nl80211_get_radio_name,
12152 	.add_pmkid = nl80211_add_pmkid,
12153 	.remove_pmkid = nl80211_remove_pmkid,
12154 	.flush_pmkid = nl80211_flush_pmkid,
12155 	.set_rekey_info = nl80211_set_rekey_info,
12156 	.poll_client = nl80211_poll_client,
12157 	.set_p2p_powersave = nl80211_set_p2p_powersave,
12158 	.start_dfs_cac = nl80211_start_radar_detection,
12159 	.stop_ap = wpa_driver_nl80211_stop_ap,
12160 #ifdef CONFIG_TDLS
12161 	.send_tdls_mgmt = nl80211_send_tdls_mgmt,
12162 	.tdls_oper = nl80211_tdls_oper,
12163 	.tdls_enable_channel_switch = nl80211_tdls_enable_channel_switch,
12164 	.tdls_disable_channel_switch = nl80211_tdls_disable_channel_switch,
12165 #endif /* CONFIG_TDLS */
12166 	.update_ft_ies = wpa_driver_nl80211_update_ft_ies,
12167 	.update_dh_ie = nl80211_update_dh_ie,
12168 	.get_mac_addr = wpa_driver_nl80211_get_macaddr,
12169 	.get_survey = wpa_driver_nl80211_get_survey,
12170 	.status = wpa_driver_nl80211_status,
12171 	.switch_channel = nl80211_switch_channel,
12172 #ifdef ANDROID_P2P
12173 	.set_noa = wpa_driver_set_p2p_noa,
12174 	.get_noa = wpa_driver_get_p2p_noa,
12175 	.set_ap_wps_ie = wpa_driver_set_ap_wps_p2p_ie,
12176 #endif /* ANDROID_P2P */
12177 #ifdef ANDROID
12178 #ifndef ANDROID_LIB_STUB
12179 	.driver_cmd = wpa_driver_nl80211_driver_cmd,
12180 #endif /* !ANDROID_LIB_STUB */
12181 #endif /* ANDROID */
12182 	.vendor_cmd = nl80211_vendor_cmd,
12183 	.set_qos_map = nl80211_set_qos_map,
12184 	.get_wowlan = nl80211_get_wowlan,
12185 	.set_wowlan = nl80211_set_wowlan,
12186 	.set_mac_addr = nl80211_set_mac_addr,
12187 #ifdef CONFIG_MESH
12188 	.init_mesh = wpa_driver_nl80211_init_mesh,
12189 	.join_mesh = wpa_driver_nl80211_join_mesh,
12190 	.leave_mesh = wpa_driver_nl80211_leave_mesh,
12191 	.probe_mesh_link = nl80211_probe_mesh_link,
12192 #endif /* CONFIG_MESH */
12193 	.br_add_ip_neigh = wpa_driver_br_add_ip_neigh,
12194 	.br_delete_ip_neigh = wpa_driver_br_delete_ip_neigh,
12195 	.br_port_set_attr = wpa_driver_br_port_set_attr,
12196 	.br_set_net_param = wpa_driver_br_set_net_param,
12197 	.add_tx_ts = nl80211_add_ts,
12198 	.del_tx_ts = nl80211_del_ts,
12199 	.get_ifindex = nl80211_get_ifindex,
12200 #ifdef CONFIG_DRIVER_NL80211_QCA
12201 	.roaming = nl80211_roaming,
12202 	.disable_fils = nl80211_disable_fils,
12203 	.set_band = nl80211_set_band,
12204 	.get_pref_freq_list = nl80211_get_pref_freq_list,
12205 	.set_prob_oper_freq = nl80211_set_prob_oper_freq,
12206 	.p2p_lo_start = nl80211_p2p_lo_start,
12207 	.p2p_lo_stop = nl80211_p2p_lo_stop,
12208 	.set_default_scan_ies = nl80211_set_default_scan_ies,
12209 	.set_tdls_mode = nl80211_set_tdls_mode,
12210 #ifdef CONFIG_MBO
12211 	.get_bss_transition_status = nl80211_get_bss_transition_status,
12212 	.ignore_assoc_disallow = nl80211_ignore_assoc_disallow,
12213 #endif /* CONFIG_MBO */
12214 	.set_bssid_tmp_disallow = nl80211_set_bssid_tmp_disallow,
12215 	.add_sta_node = nl80211_add_sta_node,
12216 #endif /* CONFIG_DRIVER_NL80211_QCA */
12217 	.do_acs = nl80211_do_acs,
12218 	.configure_data_frame_filters = nl80211_configure_data_frame_filters,
12219 	.get_ext_capab = nl80211_get_ext_capab,
12220 	.update_connect_params = nl80211_update_connection_params,
12221 	.send_external_auth_status = nl80211_send_external_auth_status,
12222 	.set_4addr_mode = nl80211_set_4addr_mode,
12223 #ifdef CONFIG_DPP
12224 	.dpp_listen = nl80211_dpp_listen,
12225 #endif /* CONFIG_DPP */
12226 #ifdef CONFIG_TESTING_OPTIONS
12227 	.register_frame = testing_nl80211_register_frame,
12228 #endif /* CONFIG_TESTING_OPTIONS */
12229 };
12230