1
2
3
4
5
6
7#include <linux/if.h>
8#include <linux/module.h>
9#include <linux/err.h>
10#include <linux/list.h>
11#include <linux/if_ether.h>
12#include <linux/ieee80211.h>
13#include <linux/nl80211.h>
14#include <linux/rtnetlink.h>
15#include <linux/netlink.h>
16#include <linux/etherdevice.h>
17#include <net/net_namespace.h>
18#include <net/genetlink.h>
19#include <net/cfg80211.h>
20#include <net/sock.h>
21#include "core.h"
22#include "nl80211.h"
23#include "reg.h"
24
25
26static struct genl_family nl80211_fam = {
27 .id = GENL_ID_GENERATE,
28 .name = "nl80211",
29 .hdrsize = 0,
30 .version = 1,
31 .maxattr = NL80211_ATTR_MAX,
32 .netnsok = true,
33};
34
35
36static int get_rdev_dev_by_info_ifindex(struct genl_info *info,
37 struct cfg80211_registered_device **rdev,
38 struct net_device **dev)
39{
40 struct nlattr **attrs = info->attrs;
41 int ifindex;
42
43 if (!attrs[NL80211_ATTR_IFINDEX])
44 return -EINVAL;
45
46 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
47 *dev = dev_get_by_index(genl_info_net(info), ifindex);
48 if (!*dev)
49 return -ENODEV;
50
51 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex);
52 if (IS_ERR(*rdev)) {
53 dev_put(*dev);
54 return PTR_ERR(*rdev);
55 }
56
57 return 0;
58}
59
60
61static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
62 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
63 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
64 .len = 20-1 },
65 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
66 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
67 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
68 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
69 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
70 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
71 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
72
73 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
74 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
75 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
76
77 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
78 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN },
79
80 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
81 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
82 .len = WLAN_MAX_KEY_LEN },
83 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
84 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
85 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
86 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
87
88 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
89 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
90 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
91 .len = IEEE80211_MAX_DATA_LEN },
92 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
93 .len = IEEE80211_MAX_DATA_LEN },
94 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
95 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
96 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
97 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
98 .len = NL80211_MAX_SUPP_RATES },
99 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
100 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
101 [NL80211_ATTR_MNTR_FLAGS] = { },
102 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
103 .len = IEEE80211_MAX_MESH_ID_LEN },
104 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
105
106 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
107 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
108
109 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
110 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
111 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
112 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
113 .len = NL80211_MAX_SUPP_RATES },
114
115 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
116
117 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
118 .len = NL80211_HT_CAPABILITY_LEN },
119
120 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
121 [NL80211_ATTR_IE] = { .type = NLA_BINARY,
122 .len = IEEE80211_MAX_DATA_LEN },
123 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
124 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
125
126 [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
127 .len = IEEE80211_MAX_SSID_LEN },
128 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
129 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
130 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
131 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
132 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
133 [NL80211_ATTR_STA_FLAGS2] = {
134 .len = sizeof(struct nl80211_sta_flag_update),
135 },
136 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
137 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
138 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
139 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
140 [NL80211_ATTR_PID] = { .type = NLA_U32 },
141};
142
143
144static struct nla_policy
145nl80211_key_policy[NL80211_KEY_MAX + 1] __read_mostly = {
146 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
147 [NL80211_KEY_IDX] = { .type = NLA_U8 },
148 [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
149 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 },
150 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
151 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
152};
153
154
155static bool is_valid_ie_attr(const struct nlattr *attr)
156{
157 const u8 *pos;
158 int len;
159
160 if (!attr)
161 return true;
162
163 pos = nla_data(attr);
164 len = nla_len(attr);
165
166 while (len) {
167 u8 elemlen;
168
169 if (len < 2)
170 return false;
171 len -= 2;
172
173 elemlen = pos[1];
174 if (elemlen > len)
175 return false;
176
177 len -= elemlen;
178 pos += 2 + elemlen;
179 }
180
181 return true;
182}
183
184
185static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
186 int flags, u8 cmd)
187{
188
189 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
190}
191
192static int nl80211_msg_put_channel(struct sk_buff *msg,
193 struct ieee80211_channel *chan)
194{
195 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
196 chan->center_freq);
197
198 if (chan->flags & IEEE80211_CHAN_DISABLED)
199 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
200 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
201 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
202 if (chan->flags & IEEE80211_CHAN_NO_IBSS)
203 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
204 if (chan->flags & IEEE80211_CHAN_RADAR)
205 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
206
207 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
208 DBM_TO_MBM(chan->max_power));
209
210 return 0;
211
212 nla_put_failure:
213 return -ENOBUFS;
214}
215
216
217
218struct key_parse {
219 struct key_params p;
220 int idx;
221 bool def, defmgmt;
222};
223
224static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
225{
226 struct nlattr *tb[NL80211_KEY_MAX + 1];
227 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
228 nl80211_key_policy);
229 if (err)
230 return err;
231
232 k->def = !!tb[NL80211_KEY_DEFAULT];
233 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];
234
235 if (tb[NL80211_KEY_IDX])
236 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);
237
238 if (tb[NL80211_KEY_DATA]) {
239 k->p.key = nla_data(tb[NL80211_KEY_DATA]);
240 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
241 }
242
243 if (tb[NL80211_KEY_SEQ]) {
244 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
245 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
246 }
247
248 if (tb[NL80211_KEY_CIPHER])
249 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);
250
251 return 0;
252}
253
254static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
255{
256 if (info->attrs[NL80211_ATTR_KEY_DATA]) {
257 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
258 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
259 }
260
261 if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
262 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
263 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
264 }
265
266 if (info->attrs[NL80211_ATTR_KEY_IDX])
267 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
268
269 if (info->attrs[NL80211_ATTR_KEY_CIPHER])
270 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
271
272 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
273 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];
274
275 return 0;
276}
277
278static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
279{
280 int err;
281
282 memset(k, 0, sizeof(*k));
283 k->idx = -1;
284
285 if (info->attrs[NL80211_ATTR_KEY])
286 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
287 else
288 err = nl80211_parse_key_old(info, k);
289
290 if (err)
291 return err;
292
293 if (k->def && k->defmgmt)
294 return -EINVAL;
295
296 if (k->idx != -1) {
297 if (k->defmgmt) {
298 if (k->idx < 4 || k->idx > 5)
299 return -EINVAL;
300 } else if (k->def) {
301 if (k->idx < 0 || k->idx > 3)
302 return -EINVAL;
303 } else {
304 if (k->idx < 0 || k->idx > 5)
305 return -EINVAL;
306 }
307 }
308
309 return 0;
310}
311
312static struct cfg80211_cached_keys *
313nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
314 struct nlattr *keys)
315{
316 struct key_parse parse;
317 struct nlattr *key;
318 struct cfg80211_cached_keys *result;
319 int rem, err, def = 0;
320
321 result = kzalloc(sizeof(*result), GFP_KERNEL);
322 if (!result)
323 return ERR_PTR(-ENOMEM);
324
325 result->def = -1;
326 result->defmgmt = -1;
327
328 nla_for_each_nested(key, keys, rem) {
329 memset(&parse, 0, sizeof(parse));
330 parse.idx = -1;
331
332 err = nl80211_parse_key_new(key, &parse);
333 if (err)
334 goto error;
335 err = -EINVAL;
336 if (!parse.p.key)
337 goto error;
338 if (parse.idx < 0 || parse.idx > 4)
339 goto error;
340 if (parse.def) {
341 if (def)
342 goto error;
343 def = 1;
344 result->def = parse.idx;
345 } else if (parse.defmgmt)
346 goto error;
347 err = cfg80211_validate_key_settings(rdev, &parse.p,
348 parse.idx, NULL);
349 if (err)
350 goto error;
351 result->params[parse.idx].cipher = parse.p.cipher;
352 result->params[parse.idx].key_len = parse.p.key_len;
353 result->params[parse.idx].key = result->data[parse.idx];
354 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
355 }
356
357 return result;
358 error:
359 kfree(result);
360 return ERR_PTR(err);
361}
362
363static int nl80211_key_allowed(struct wireless_dev *wdev)
364{
365 ASSERT_WDEV_LOCK(wdev);
366
367 if (!netif_running(wdev->netdev))
368 return -ENETDOWN;
369
370 switch (wdev->iftype) {
371 case NL80211_IFTYPE_AP:
372 case NL80211_IFTYPE_AP_VLAN:
373 break;
374 case NL80211_IFTYPE_ADHOC:
375 if (!wdev->current_bss)
376 return -ENOLINK;
377 break;
378 case NL80211_IFTYPE_STATION:
379 if (wdev->sme_state != CFG80211_SME_CONNECTED)
380 return -ENOLINK;
381 break;
382 default:
383 return -EINVAL;
384 }
385
386 return 0;
387}
388
389static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
390 struct cfg80211_registered_device *dev)
391{
392 void *hdr;
393 struct nlattr *nl_bands, *nl_band;
394 struct nlattr *nl_freqs, *nl_freq;
395 struct nlattr *nl_rates, *nl_rate;
396 struct nlattr *nl_modes;
397 struct nlattr *nl_cmds;
398 enum ieee80211_band band;
399 struct ieee80211_channel *chan;
400 struct ieee80211_rate *rate;
401 int i;
402 u16 ifmodes = dev->wiphy.interface_modes;
403
404 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
405 if (!hdr)
406 return -1;
407
408 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
409 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
410
411 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
412 cfg80211_rdev_list_generation);
413
414 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
415 dev->wiphy.retry_short);
416 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
417 dev->wiphy.retry_long);
418 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
419 dev->wiphy.frag_threshold);
420 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
421 dev->wiphy.rts_threshold);
422
423 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
424 dev->wiphy.max_scan_ssids);
425 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
426 dev->wiphy.max_scan_ie_len);
427
428 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES,
429 sizeof(u32) * dev->wiphy.n_cipher_suites,
430 dev->wiphy.cipher_suites);
431
432 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
433 if (!nl_modes)
434 goto nla_put_failure;
435
436 i = 0;
437 while (ifmodes) {
438 if (ifmodes & 1)
439 NLA_PUT_FLAG(msg, i);
440 ifmodes >>= 1;
441 i++;
442 }
443
444 nla_nest_end(msg, nl_modes);
445
446 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
447 if (!nl_bands)
448 goto nla_put_failure;
449
450 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
451 if (!dev->wiphy.bands[band])
452 continue;
453
454 nl_band = nla_nest_start(msg, band);
455 if (!nl_band)
456 goto nla_put_failure;
457
458
459 if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
460 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
461 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
462 &dev->wiphy.bands[band]->ht_cap.mcs);
463 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
464 dev->wiphy.bands[band]->ht_cap.cap);
465 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
466 dev->wiphy.bands[band]->ht_cap.ampdu_factor);
467 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
468 dev->wiphy.bands[band]->ht_cap.ampdu_density);
469 }
470
471
472 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
473 if (!nl_freqs)
474 goto nla_put_failure;
475
476 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
477 nl_freq = nla_nest_start(msg, i);
478 if (!nl_freq)
479 goto nla_put_failure;
480
481 chan = &dev->wiphy.bands[band]->channels[i];
482
483 if (nl80211_msg_put_channel(msg, chan))
484 goto nla_put_failure;
485
486 nla_nest_end(msg, nl_freq);
487 }
488
489 nla_nest_end(msg, nl_freqs);
490
491
492 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
493 if (!nl_rates)
494 goto nla_put_failure;
495
496 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
497 nl_rate = nla_nest_start(msg, i);
498 if (!nl_rate)
499 goto nla_put_failure;
500
501 rate = &dev->wiphy.bands[band]->bitrates[i];
502 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
503 rate->bitrate);
504 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
505 NLA_PUT_FLAG(msg,
506 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
507
508 nla_nest_end(msg, nl_rate);
509 }
510
511 nla_nest_end(msg, nl_rates);
512
513 nla_nest_end(msg, nl_band);
514 }
515 nla_nest_end(msg, nl_bands);
516
517 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
518 if (!nl_cmds)
519 goto nla_put_failure;
520
521 i = 0;
522#define CMD(op, n) \
523 do { \
524 if (dev->ops->op) { \
525 i++; \
526 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \
527 } \
528 } while (0)
529
530 CMD(add_virtual_intf, NEW_INTERFACE);
531 CMD(change_virtual_intf, SET_INTERFACE);
532 CMD(add_key, NEW_KEY);
533 CMD(add_beacon, NEW_BEACON);
534 CMD(add_station, NEW_STATION);
535 CMD(add_mpath, NEW_MPATH);
536 CMD(set_mesh_params, SET_MESH_PARAMS);
537 CMD(change_bss, SET_BSS);
538 CMD(auth, AUTHENTICATE);
539 CMD(assoc, ASSOCIATE);
540 CMD(deauth, DEAUTHENTICATE);
541 CMD(disassoc, DISASSOCIATE);
542 CMD(join_ibss, JOIN_IBSS);
543 if (dev->wiphy.netnsok) {
544 i++;
545 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS);
546 }
547
548#undef CMD
549
550 if (dev->ops->connect || dev->ops->auth) {
551 i++;
552 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT);
553 }
554
555 if (dev->ops->disconnect || dev->ops->deauth) {
556 i++;
557 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT);
558 }
559
560 nla_nest_end(msg, nl_cmds);
561
562 return genlmsg_end(msg, hdr);
563
564 nla_put_failure:
565 genlmsg_cancel(msg, hdr);
566 return -EMSGSIZE;
567}
568
569static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
570{
571 int idx = 0;
572 int start = cb->args[0];
573 struct cfg80211_registered_device *dev;
574
575 mutex_lock(&cfg80211_mutex);
576 list_for_each_entry(dev, &cfg80211_rdev_list, list) {
577 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
578 continue;
579 if (++idx <= start)
580 continue;
581 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
582 cb->nlh->nlmsg_seq, NLM_F_MULTI,
583 dev) < 0) {
584 idx--;
585 break;
586 }
587 }
588 mutex_unlock(&cfg80211_mutex);
589
590 cb->args[0] = idx;
591
592 return skb->len;
593}
594
595static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
596{
597 struct sk_buff *msg;
598 struct cfg80211_registered_device *dev;
599
600 dev = cfg80211_get_dev_from_info(info);
601 if (IS_ERR(dev))
602 return PTR_ERR(dev);
603
604 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
605 if (!msg)
606 goto out_err;
607
608 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
609 goto out_free;
610
611 cfg80211_unlock_rdev(dev);
612
613 return genlmsg_reply(msg, info);
614
615 out_free:
616 nlmsg_free(msg);
617 out_err:
618 cfg80211_unlock_rdev(dev);
619 return -ENOBUFS;
620}
621
622static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
623 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 },
624 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 },
625 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 },
626 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 },
627 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 },
628};
629
630static int parse_txq_params(struct nlattr *tb[],
631 struct ieee80211_txq_params *txq_params)
632{
633 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
634 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
635 !tb[NL80211_TXQ_ATTR_AIFS])
636 return -EINVAL;
637
638 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
639 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
640 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
641 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
642 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
643
644 return 0;
645}
646
647static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
648{
649 struct cfg80211_registered_device *rdev;
650 int result = 0, rem_txq_params = 0;
651 struct nlattr *nl_txq_params;
652 u32 changed;
653 u8 retry_short = 0, retry_long = 0;
654 u32 frag_threshold = 0, rts_threshold = 0;
655
656 rtnl_lock();
657
658 mutex_lock(&cfg80211_mutex);
659
660 rdev = __cfg80211_rdev_from_info(info);
661 if (IS_ERR(rdev)) {
662 mutex_unlock(&cfg80211_mutex);
663 result = PTR_ERR(rdev);
664 goto unlock;
665 }
666
667 mutex_lock(&rdev->mtx);
668
669 if (info->attrs[NL80211_ATTR_WIPHY_NAME])
670 result = cfg80211_dev_rename(
671 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
672
673 mutex_unlock(&cfg80211_mutex);
674
675 if (result)
676 goto bad_res;
677
678 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
679 struct ieee80211_txq_params txq_params;
680 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
681
682 if (!rdev->ops->set_txq_params) {
683 result = -EOPNOTSUPP;
684 goto bad_res;
685 }
686
687 nla_for_each_nested(nl_txq_params,
688 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
689 rem_txq_params) {
690 nla_parse(tb, NL80211_TXQ_ATTR_MAX,
691 nla_data(nl_txq_params),
692 nla_len(nl_txq_params),
693 txq_params_policy);
694 result = parse_txq_params(tb, &txq_params);
695 if (result)
696 goto bad_res;
697
698 result = rdev->ops->set_txq_params(&rdev->wiphy,
699 &txq_params);
700 if (result)
701 goto bad_res;
702 }
703 }
704
705 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
706 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
707 u32 freq;
708
709 result = -EINVAL;
710
711 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
712 channel_type = nla_get_u32(info->attrs[
713 NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
714 if (channel_type != NL80211_CHAN_NO_HT &&
715 channel_type != NL80211_CHAN_HT20 &&
716 channel_type != NL80211_CHAN_HT40PLUS &&
717 channel_type != NL80211_CHAN_HT40MINUS)
718 goto bad_res;
719 }
720
721 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
722
723 mutex_lock(&rdev->devlist_mtx);
724 result = rdev_set_freq(rdev, NULL, freq, channel_type);
725 mutex_unlock(&rdev->devlist_mtx);
726 if (result)
727 goto bad_res;
728 }
729
730 changed = 0;
731
732 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
733 retry_short = nla_get_u8(
734 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
735 if (retry_short == 0) {
736 result = -EINVAL;
737 goto bad_res;
738 }
739 changed |= WIPHY_PARAM_RETRY_SHORT;
740 }
741
742 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
743 retry_long = nla_get_u8(
744 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
745 if (retry_long == 0) {
746 result = -EINVAL;
747 goto bad_res;
748 }
749 changed |= WIPHY_PARAM_RETRY_LONG;
750 }
751
752 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
753 frag_threshold = nla_get_u32(
754 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
755 if (frag_threshold < 256) {
756 result = -EINVAL;
757 goto bad_res;
758 }
759 if (frag_threshold != (u32) -1) {
760
761
762
763
764
765
766 frag_threshold &= ~0x1;
767 }
768 changed |= WIPHY_PARAM_FRAG_THRESHOLD;
769 }
770
771 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
772 rts_threshold = nla_get_u32(
773 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
774 changed |= WIPHY_PARAM_RTS_THRESHOLD;
775 }
776
777 if (changed) {
778 u8 old_retry_short, old_retry_long;
779 u32 old_frag_threshold, old_rts_threshold;
780
781 if (!rdev->ops->set_wiphy_params) {
782 result = -EOPNOTSUPP;
783 goto bad_res;
784 }
785
786 old_retry_short = rdev->wiphy.retry_short;
787 old_retry_long = rdev->wiphy.retry_long;
788 old_frag_threshold = rdev->wiphy.frag_threshold;
789 old_rts_threshold = rdev->wiphy.rts_threshold;
790
791 if (changed & WIPHY_PARAM_RETRY_SHORT)
792 rdev->wiphy.retry_short = retry_short;
793 if (changed & WIPHY_PARAM_RETRY_LONG)
794 rdev->wiphy.retry_long = retry_long;
795 if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
796 rdev->wiphy.frag_threshold = frag_threshold;
797 if (changed & WIPHY_PARAM_RTS_THRESHOLD)
798 rdev->wiphy.rts_threshold = rts_threshold;
799
800 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
801 if (result) {
802 rdev->wiphy.retry_short = old_retry_short;
803 rdev->wiphy.retry_long = old_retry_long;
804 rdev->wiphy.frag_threshold = old_frag_threshold;
805 rdev->wiphy.rts_threshold = old_rts_threshold;
806 }
807 }
808
809 bad_res:
810 mutex_unlock(&rdev->mtx);
811 unlock:
812 rtnl_unlock();
813 return result;
814}
815
816
817static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
818 struct cfg80211_registered_device *rdev,
819 struct net_device *dev)
820{
821 void *hdr;
822
823 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
824 if (!hdr)
825 return -1;
826
827 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
828 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
829 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
830 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
831
832 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION,
833 rdev->devlist_generation ^
834 (cfg80211_rdev_list_generation << 2));
835
836 return genlmsg_end(msg, hdr);
837
838 nla_put_failure:
839 genlmsg_cancel(msg, hdr);
840 return -EMSGSIZE;
841}
842
843static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
844{
845 int wp_idx = 0;
846 int if_idx = 0;
847 int wp_start = cb->args[0];
848 int if_start = cb->args[1];
849 struct cfg80211_registered_device *rdev;
850 struct wireless_dev *wdev;
851
852 mutex_lock(&cfg80211_mutex);
853 list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
854 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
855 continue;
856 if (wp_idx < wp_start) {
857 wp_idx++;
858 continue;
859 }
860 if_idx = 0;
861
862 mutex_lock(&rdev->devlist_mtx);
863 list_for_each_entry(wdev, &rdev->netdev_list, list) {
864 if (if_idx < if_start) {
865 if_idx++;
866 continue;
867 }
868 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
869 cb->nlh->nlmsg_seq, NLM_F_MULTI,
870 rdev, wdev->netdev) < 0) {
871 mutex_unlock(&rdev->devlist_mtx);
872 goto out;
873 }
874 if_idx++;
875 }
876 mutex_unlock(&rdev->devlist_mtx);
877
878 wp_idx++;
879 }
880 out:
881 mutex_unlock(&cfg80211_mutex);
882
883 cb->args[0] = wp_idx;
884 cb->args[1] = if_idx;
885
886 return skb->len;
887}
888
889static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
890{
891 struct sk_buff *msg;
892 struct cfg80211_registered_device *dev;
893 struct net_device *netdev;
894 int err;
895
896 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev);
897 if (err)
898 return err;
899
900 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
901 if (!msg)
902 goto out_err;
903
904 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0,
905 dev, netdev) < 0)
906 goto out_free;
907
908 dev_put(netdev);
909 cfg80211_unlock_rdev(dev);
910
911 return genlmsg_reply(msg, info);
912
913 out_free:
914 nlmsg_free(msg);
915 out_err:
916 dev_put(netdev);
917 cfg80211_unlock_rdev(dev);
918 return -ENOBUFS;
919}
920
921static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
922 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
923 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
924 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
925 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
926 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
927};
928
929static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
930{
931 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
932 int flag;
933
934 *mntrflags = 0;
935
936 if (!nla)
937 return -EINVAL;
938
939 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
940 nla, mntr_flags_policy))
941 return -EINVAL;
942
943 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
944 if (flags[flag])
945 *mntrflags |= (1<<flag);
946
947 return 0;
948}
949
950static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
951{
952 struct cfg80211_registered_device *rdev;
953 struct vif_params params;
954 int err;
955 enum nl80211_iftype otype, ntype;
956 struct net_device *dev;
957 u32 _flags, *flags = NULL;
958 bool change = false;
959
960 memset(¶ms, 0, sizeof(params));
961
962 rtnl_lock();
963
964 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
965 if (err)
966 goto unlock_rtnl;
967
968 otype = ntype = dev->ieee80211_ptr->iftype;
969
970 if (info->attrs[NL80211_ATTR_IFTYPE]) {
971 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
972 if (otype != ntype)
973 change = true;
974 if (ntype > NL80211_IFTYPE_MAX) {
975 err = -EINVAL;
976 goto unlock;
977 }
978 }
979
980 if (info->attrs[NL80211_ATTR_MESH_ID]) {
981 if (ntype != NL80211_IFTYPE_MESH_POINT) {
982 err = -EINVAL;
983 goto unlock;
984 }
985 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
986 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
987 change = true;
988 }
989
990 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
991 if (ntype != NL80211_IFTYPE_MONITOR) {
992 err = -EINVAL;
993 goto unlock;
994 }
995 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
996 &_flags);
997 if (err)
998 goto unlock;
999
1000 flags = &_flags;
1001 change = true;
1002 }
1003
1004 if (change)
1005 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms);
1006 else
1007 err = 0;
1008
1009 unlock:
1010 dev_put(dev);
1011 cfg80211_unlock_rdev(rdev);
1012 unlock_rtnl:
1013 rtnl_unlock();
1014 return err;
1015}
1016
1017static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
1018{
1019 struct cfg80211_registered_device *rdev;
1020 struct vif_params params;
1021 int err;
1022 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
1023 u32 flags;
1024
1025 memset(¶ms, 0, sizeof(params));
1026
1027 if (!info->attrs[NL80211_ATTR_IFNAME])
1028 return -EINVAL;
1029
1030 if (info->attrs[NL80211_ATTR_IFTYPE]) {
1031 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
1032 if (type > NL80211_IFTYPE_MAX)
1033 return -EINVAL;
1034 }
1035
1036 rtnl_lock();
1037
1038 rdev = cfg80211_get_dev_from_info(info);
1039 if (IS_ERR(rdev)) {
1040 err = PTR_ERR(rdev);
1041 goto unlock_rtnl;
1042 }
1043
1044 if (!rdev->ops->add_virtual_intf ||
1045 !(rdev->wiphy.interface_modes & (1 << type))) {
1046 err = -EOPNOTSUPP;
1047 goto unlock;
1048 }
1049
1050 if (type == NL80211_IFTYPE_MESH_POINT &&
1051 info->attrs[NL80211_ATTR_MESH_ID]) {
1052 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
1053 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
1054 }
1055
1056 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
1057 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
1058 &flags);
1059 err = rdev->ops->add_virtual_intf(&rdev->wiphy,
1060 nla_data(info->attrs[NL80211_ATTR_IFNAME]),
1061 type, err ? NULL : &flags, ¶ms);
1062
1063 unlock:
1064 cfg80211_unlock_rdev(rdev);
1065 unlock_rtnl:
1066 rtnl_unlock();
1067 return err;
1068}
1069
1070static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
1071{
1072 struct cfg80211_registered_device *rdev;
1073 int err;
1074 struct net_device *dev;
1075
1076 rtnl_lock();
1077
1078 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1079 if (err)
1080 goto unlock_rtnl;
1081
1082 if (!rdev->ops->del_virtual_intf) {
1083 err = -EOPNOTSUPP;
1084 goto out;
1085 }
1086
1087 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev);
1088
1089 out:
1090 cfg80211_unlock_rdev(rdev);
1091 dev_put(dev);
1092 unlock_rtnl:
1093 rtnl_unlock();
1094 return err;
1095}
1096
1097struct get_key_cookie {
1098 struct sk_buff *msg;
1099 int error;
1100 int idx;
1101};
1102
1103static void get_key_callback(void *c, struct key_params *params)
1104{
1105 struct nlattr *key;
1106 struct get_key_cookie *cookie = c;
1107
1108 if (params->key)
1109 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
1110 params->key_len, params->key);
1111
1112 if (params->seq)
1113 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
1114 params->seq_len, params->seq);
1115
1116 if (params->cipher)
1117 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
1118 params->cipher);
1119
1120 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
1121 if (!key)
1122 goto nla_put_failure;
1123
1124 if (params->key)
1125 NLA_PUT(cookie->msg, NL80211_KEY_DATA,
1126 params->key_len, params->key);
1127
1128 if (params->seq)
1129 NLA_PUT(cookie->msg, NL80211_KEY_SEQ,
1130 params->seq_len, params->seq);
1131
1132 if (params->cipher)
1133 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER,
1134 params->cipher);
1135
1136 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx);
1137
1138 nla_nest_end(cookie->msg, key);
1139
1140 return;
1141 nla_put_failure:
1142 cookie->error = 1;
1143}
1144
1145static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
1146{
1147 struct cfg80211_registered_device *rdev;
1148 int err;
1149 struct net_device *dev;
1150 u8 key_idx = 0;
1151 u8 *mac_addr = NULL;
1152 struct get_key_cookie cookie = {
1153 .error = 0,
1154 };
1155 void *hdr;
1156 struct sk_buff *msg;
1157
1158 if (info->attrs[NL80211_ATTR_KEY_IDX])
1159 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1160
1161 if (key_idx > 5)
1162 return -EINVAL;
1163
1164 if (info->attrs[NL80211_ATTR_MAC])
1165 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1166
1167 rtnl_lock();
1168
1169 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1170 if (err)
1171 goto unlock_rtnl;
1172
1173 if (!rdev->ops->get_key) {
1174 err = -EOPNOTSUPP;
1175 goto out;
1176 }
1177
1178 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1179 if (!msg) {
1180 err = -ENOMEM;
1181 goto out;
1182 }
1183
1184 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
1185 NL80211_CMD_NEW_KEY);
1186
1187 if (IS_ERR(hdr)) {
1188 err = PTR_ERR(hdr);
1189 goto free_msg;
1190 }
1191
1192 cookie.msg = msg;
1193 cookie.idx = key_idx;
1194
1195 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1196 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
1197 if (mac_addr)
1198 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1199
1200 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr,
1201 &cookie, get_key_callback);
1202
1203 if (err)
1204 goto free_msg;
1205
1206 if (cookie.error)
1207 goto nla_put_failure;
1208
1209 genlmsg_end(msg, hdr);
1210 err = genlmsg_reply(msg, info);
1211 goto out;
1212
1213 nla_put_failure:
1214 err = -ENOBUFS;
1215 free_msg:
1216 nlmsg_free(msg);
1217 out:
1218 cfg80211_unlock_rdev(rdev);
1219 dev_put(dev);
1220 unlock_rtnl:
1221 rtnl_unlock();
1222
1223 return err;
1224}
1225
1226static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
1227{
1228 struct cfg80211_registered_device *rdev;
1229 struct key_parse key;
1230 int err;
1231 struct net_device *dev;
1232 int (*func)(struct wiphy *wiphy, struct net_device *netdev,
1233 u8 key_index);
1234
1235 err = nl80211_parse_key(info, &key);
1236 if (err)
1237 return err;
1238
1239 if (key.idx < 0)
1240 return -EINVAL;
1241
1242
1243 if (!key.def && !key.defmgmt)
1244 return -EINVAL;
1245
1246 rtnl_lock();
1247
1248 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1249 if (err)
1250 goto unlock_rtnl;
1251
1252 if (key.def)
1253 func = rdev->ops->set_default_key;
1254 else
1255 func = rdev->ops->set_default_mgmt_key;
1256
1257 if (!func) {
1258 err = -EOPNOTSUPP;
1259 goto out;
1260 }
1261
1262 wdev_lock(dev->ieee80211_ptr);
1263 err = nl80211_key_allowed(dev->ieee80211_ptr);
1264 if (!err)
1265 err = func(&rdev->wiphy, dev, key.idx);
1266
1267#ifdef CONFIG_WIRELESS_EXT
1268 if (!err) {
1269 if (func == rdev->ops->set_default_key)
1270 dev->ieee80211_ptr->wext.default_key = key.idx;
1271 else
1272 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
1273 }
1274#endif
1275 wdev_unlock(dev->ieee80211_ptr);
1276
1277 out:
1278 cfg80211_unlock_rdev(rdev);
1279 dev_put(dev);
1280
1281 unlock_rtnl:
1282 rtnl_unlock();
1283
1284 return err;
1285}
1286
1287static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
1288{
1289 struct cfg80211_registered_device *rdev;
1290 int err;
1291 struct net_device *dev;
1292 struct key_parse key;
1293 u8 *mac_addr = NULL;
1294
1295 err = nl80211_parse_key(info, &key);
1296 if (err)
1297 return err;
1298
1299 if (!key.p.key)
1300 return -EINVAL;
1301
1302 if (info->attrs[NL80211_ATTR_MAC])
1303 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1304
1305 rtnl_lock();
1306
1307 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1308 if (err)
1309 goto unlock_rtnl;
1310
1311 if (!rdev->ops->add_key) {
1312 err = -EOPNOTSUPP;
1313 goto out;
1314 }
1315
1316 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) {
1317 err = -EINVAL;
1318 goto out;
1319 }
1320
1321 wdev_lock(dev->ieee80211_ptr);
1322 err = nl80211_key_allowed(dev->ieee80211_ptr);
1323 if (!err)
1324 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
1325 mac_addr, &key.p);
1326 wdev_unlock(dev->ieee80211_ptr);
1327
1328 out:
1329 cfg80211_unlock_rdev(rdev);
1330 dev_put(dev);
1331 unlock_rtnl:
1332 rtnl_unlock();
1333
1334 return err;
1335}
1336
1337static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1338{
1339 struct cfg80211_registered_device *rdev;
1340 int err;
1341 struct net_device *dev;
1342 u8 *mac_addr = NULL;
1343 struct key_parse key;
1344
1345 err = nl80211_parse_key(info, &key);
1346 if (err)
1347 return err;
1348
1349 if (info->attrs[NL80211_ATTR_MAC])
1350 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1351
1352 rtnl_lock();
1353
1354 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1355 if (err)
1356 goto unlock_rtnl;
1357
1358 if (!rdev->ops->del_key) {
1359 err = -EOPNOTSUPP;
1360 goto out;
1361 }
1362
1363 wdev_lock(dev->ieee80211_ptr);
1364 err = nl80211_key_allowed(dev->ieee80211_ptr);
1365 if (!err)
1366 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr);
1367
1368#ifdef CONFIG_WIRELESS_EXT
1369 if (!err) {
1370 if (key.idx == dev->ieee80211_ptr->wext.default_key)
1371 dev->ieee80211_ptr->wext.default_key = -1;
1372 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
1373 dev->ieee80211_ptr->wext.default_mgmt_key = -1;
1374 }
1375#endif
1376 wdev_unlock(dev->ieee80211_ptr);
1377
1378 out:
1379 cfg80211_unlock_rdev(rdev);
1380 dev_put(dev);
1381
1382 unlock_rtnl:
1383 rtnl_unlock();
1384
1385 return err;
1386}
1387
1388static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1389{
1390 int (*call)(struct wiphy *wiphy, struct net_device *dev,
1391 struct beacon_parameters *info);
1392 struct cfg80211_registered_device *rdev;
1393 int err;
1394 struct net_device *dev;
1395 struct beacon_parameters params;
1396 int haveinfo = 0;
1397
1398 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]))
1399 return -EINVAL;
1400
1401 rtnl_lock();
1402
1403 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1404 if (err)
1405 goto unlock_rtnl;
1406
1407 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1408 err = -EOPNOTSUPP;
1409 goto out;
1410 }
1411
1412 switch (info->genlhdr->cmd) {
1413 case NL80211_CMD_NEW_BEACON:
1414
1415 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1416 !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1417 !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1418 err = -EINVAL;
1419 goto out;
1420 }
1421
1422 call = rdev->ops->add_beacon;
1423 break;
1424 case NL80211_CMD_SET_BEACON:
1425 call = rdev->ops->set_beacon;
1426 break;
1427 default:
1428 WARN_ON(1);
1429 err = -EOPNOTSUPP;
1430 goto out;
1431 }
1432
1433 if (!call) {
1434 err = -EOPNOTSUPP;
1435 goto out;
1436 }
1437
1438 memset(¶ms, 0, sizeof(params));
1439
1440 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1441 params.interval =
1442 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1443 haveinfo = 1;
1444 }
1445
1446 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1447 params.dtim_period =
1448 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1449 haveinfo = 1;
1450 }
1451
1452 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1453 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1454 params.head_len =
1455 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1456 haveinfo = 1;
1457 }
1458
1459 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1460 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1461 params.tail_len =
1462 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1463 haveinfo = 1;
1464 }
1465
1466 if (!haveinfo) {
1467 err = -EINVAL;
1468 goto out;
1469 }
1470
1471 err = call(&rdev->wiphy, dev, ¶ms);
1472
1473 out:
1474 cfg80211_unlock_rdev(rdev);
1475 dev_put(dev);
1476 unlock_rtnl:
1477 rtnl_unlock();
1478
1479 return err;
1480}
1481
1482static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1483{
1484 struct cfg80211_registered_device *rdev;
1485 int err;
1486 struct net_device *dev;
1487
1488 rtnl_lock();
1489
1490 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1491 if (err)
1492 goto unlock_rtnl;
1493
1494 if (!rdev->ops->del_beacon) {
1495 err = -EOPNOTSUPP;
1496 goto out;
1497 }
1498
1499 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1500 err = -EOPNOTSUPP;
1501 goto out;
1502 }
1503 err = rdev->ops->del_beacon(&rdev->wiphy, dev);
1504
1505 out:
1506 cfg80211_unlock_rdev(rdev);
1507 dev_put(dev);
1508 unlock_rtnl:
1509 rtnl_unlock();
1510
1511 return err;
1512}
1513
1514static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1515 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1516 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1517 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1518 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
1519};
1520
1521static int parse_station_flags(struct genl_info *info,
1522 struct station_parameters *params)
1523{
1524 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1525 struct nlattr *nla;
1526 int flag;
1527
1528
1529
1530
1531
1532 nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
1533 if (nla) {
1534 struct nl80211_sta_flag_update *sta_flags;
1535
1536 sta_flags = nla_data(nla);
1537 params->sta_flags_mask = sta_flags->mask;
1538 params->sta_flags_set = sta_flags->set;
1539 if ((params->sta_flags_mask |
1540 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
1541 return -EINVAL;
1542 return 0;
1543 }
1544
1545
1546
1547 nla = info->attrs[NL80211_ATTR_STA_FLAGS];
1548 if (!nla)
1549 return 0;
1550
1551 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1552 nla, sta_flags_policy))
1553 return -EINVAL;
1554
1555 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1;
1556 params->sta_flags_mask &= ~1;
1557
1558 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1559 if (flags[flag])
1560 params->sta_flags_set |= (1<<flag);
1561
1562 return 0;
1563}
1564
1565static u16 nl80211_calculate_bitrate(struct rate_info *rate)
1566{
1567 int modulation, streams, bitrate;
1568
1569 if (!(rate->flags & RATE_INFO_FLAGS_MCS))
1570 return rate->legacy;
1571
1572
1573 if (rate->mcs >= 32)
1574 return 0;
1575
1576 modulation = rate->mcs & 7;
1577 streams = (rate->mcs >> 3) + 1;
1578
1579 bitrate = (rate->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) ?
1580 13500000 : 6500000;
1581
1582 if (modulation < 4)
1583 bitrate *= (modulation + 1);
1584 else if (modulation == 4)
1585 bitrate *= (modulation + 2);
1586 else
1587 bitrate *= (modulation + 3);
1588
1589 bitrate *= streams;
1590
1591 if (rate->flags & RATE_INFO_FLAGS_SHORT_GI)
1592 bitrate = (bitrate / 9) * 10;
1593
1594
1595 return (bitrate + 50000) / 100000;
1596}
1597
1598static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1599 int flags, struct net_device *dev,
1600 u8 *mac_addr, struct station_info *sinfo)
1601{
1602 void *hdr;
1603 struct nlattr *sinfoattr, *txrate;
1604 u16 bitrate;
1605
1606 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1607 if (!hdr)
1608 return -1;
1609
1610 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1611 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1612
1613 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation);
1614
1615 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1616 if (!sinfoattr)
1617 goto nla_put_failure;
1618 if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1619 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1620 sinfo->inactive_time);
1621 if (sinfo->filled & STATION_INFO_RX_BYTES)
1622 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1623 sinfo->rx_bytes);
1624 if (sinfo->filled & STATION_INFO_TX_BYTES)
1625 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1626 sinfo->tx_bytes);
1627 if (sinfo->filled & STATION_INFO_LLID)
1628 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1629 sinfo->llid);
1630 if (sinfo->filled & STATION_INFO_PLID)
1631 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1632 sinfo->plid);
1633 if (sinfo->filled & STATION_INFO_PLINK_STATE)
1634 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1635 sinfo->plink_state);
1636 if (sinfo->filled & STATION_INFO_SIGNAL)
1637 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1638 sinfo->signal);
1639 if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1640 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1641 if (!txrate)
1642 goto nla_put_failure;
1643
1644
1645 bitrate = nl80211_calculate_bitrate(&sinfo->txrate);
1646 if (bitrate > 0)
1647 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1648
1649 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1650 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1651 sinfo->txrate.mcs);
1652 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1653 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1654 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1655 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1656
1657 nla_nest_end(msg, txrate);
1658 }
1659 if (sinfo->filled & STATION_INFO_RX_PACKETS)
1660 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1661 sinfo->rx_packets);
1662 if (sinfo->filled & STATION_INFO_TX_PACKETS)
1663 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1664 sinfo->tx_packets);
1665 nla_nest_end(msg, sinfoattr);
1666
1667 return genlmsg_end(msg, hdr);
1668
1669 nla_put_failure:
1670 genlmsg_cancel(msg, hdr);
1671 return -EMSGSIZE;
1672}
1673
1674static int nl80211_dump_station(struct sk_buff *skb,
1675 struct netlink_callback *cb)
1676{
1677 struct station_info sinfo;
1678 struct cfg80211_registered_device *dev;
1679 struct net_device *netdev;
1680 u8 mac_addr[ETH_ALEN];
1681 int ifidx = cb->args[0];
1682 int sta_idx = cb->args[1];
1683 int err;
1684
1685 if (!ifidx) {
1686 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1687 nl80211_fam.attrbuf, nl80211_fam.maxattr,
1688 nl80211_policy);
1689 if (err)
1690 return err;
1691
1692 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1693 return -EINVAL;
1694
1695 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1696 if (!ifidx)
1697 return -EINVAL;
1698 }
1699
1700 rtnl_lock();
1701
1702 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
1703 if (!netdev) {
1704 err = -ENODEV;
1705 goto out_rtnl;
1706 }
1707
1708 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
1709 if (IS_ERR(dev)) {
1710 err = PTR_ERR(dev);
1711 goto out_rtnl;
1712 }
1713
1714 if (!dev->ops->dump_station) {
1715 err = -EOPNOTSUPP;
1716 goto out_err;
1717 }
1718
1719 while (1) {
1720 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1721 mac_addr, &sinfo);
1722 if (err == -ENOENT)
1723 break;
1724 if (err)
1725 goto out_err;
1726
1727 if (nl80211_send_station(skb,
1728 NETLINK_CB(cb->skb).pid,
1729 cb->nlh->nlmsg_seq, NLM_F_MULTI,
1730 netdev, mac_addr,
1731 &sinfo) < 0)
1732 goto out;
1733
1734 sta_idx++;
1735 }
1736
1737
1738 out:
1739 cb->args[1] = sta_idx;
1740 err = skb->len;
1741 out_err:
1742 cfg80211_unlock_rdev(dev);
1743 out_rtnl:
1744 rtnl_unlock();
1745
1746 return err;
1747}
1748
1749static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1750{
1751 struct cfg80211_registered_device *rdev;
1752 int err;
1753 struct net_device *dev;
1754 struct station_info sinfo;
1755 struct sk_buff *msg;
1756 u8 *mac_addr = NULL;
1757
1758 memset(&sinfo, 0, sizeof(sinfo));
1759
1760 if (!info->attrs[NL80211_ATTR_MAC])
1761 return -EINVAL;
1762
1763 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1764
1765 rtnl_lock();
1766
1767 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1768 if (err)
1769 goto out_rtnl;
1770
1771 if (!rdev->ops->get_station) {
1772 err = -EOPNOTSUPP;
1773 goto out;
1774 }
1775
1776 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
1777 if (err)
1778 goto out;
1779
1780 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
1781 if (!msg)
1782 goto out;
1783
1784 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
1785 dev, mac_addr, &sinfo) < 0)
1786 goto out_free;
1787
1788 err = genlmsg_reply(msg, info);
1789 goto out;
1790
1791 out_free:
1792 nlmsg_free(msg);
1793 out:
1794 cfg80211_unlock_rdev(rdev);
1795 dev_put(dev);
1796 out_rtnl:
1797 rtnl_unlock();
1798
1799 return err;
1800}
1801
1802
1803
1804
1805static int get_vlan(struct genl_info *info,
1806 struct cfg80211_registered_device *rdev,
1807 struct net_device **vlan)
1808{
1809 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
1810 *vlan = NULL;
1811
1812 if (vlanattr) {
1813 *vlan = dev_get_by_index(genl_info_net(info),
1814 nla_get_u32(vlanattr));
1815 if (!*vlan)
1816 return -ENODEV;
1817 if (!(*vlan)->ieee80211_ptr)
1818 return -EINVAL;
1819 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
1820 return -EINVAL;
1821 }
1822 return 0;
1823}
1824
1825static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1826{
1827 struct cfg80211_registered_device *rdev;
1828 int err;
1829 struct net_device *dev;
1830 struct station_parameters params;
1831 u8 *mac_addr = NULL;
1832
1833 memset(¶ms, 0, sizeof(params));
1834
1835 params.listen_interval = -1;
1836
1837 if (info->attrs[NL80211_ATTR_STA_AID])
1838 return -EINVAL;
1839
1840 if (!info->attrs[NL80211_ATTR_MAC])
1841 return -EINVAL;
1842
1843 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1844
1845 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
1846 params.supported_rates =
1847 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1848 params.supported_rates_len =
1849 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1850 }
1851
1852 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1853 params.listen_interval =
1854 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1855
1856 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1857 params.ht_capa =
1858 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1859
1860 if (parse_station_flags(info, ¶ms))
1861 return -EINVAL;
1862
1863 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
1864 params.plink_action =
1865 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1866
1867 rtnl_lock();
1868
1869 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1870 if (err)
1871 goto out_rtnl;
1872
1873 err = get_vlan(info, rdev, ¶ms.vlan);
1874 if (err)
1875 goto out;
1876
1877
1878 err = 0;
1879
1880 switch (dev->ieee80211_ptr->iftype) {
1881 case NL80211_IFTYPE_AP:
1882 case NL80211_IFTYPE_AP_VLAN:
1883
1884 if (params.plink_action)
1885 err = -EINVAL;
1886 break;
1887 case NL80211_IFTYPE_STATION:
1888
1889 if (params.plink_action)
1890 err = -EINVAL;
1891 if (params.vlan)
1892 err = -EINVAL;
1893 if (params.supported_rates)
1894 err = -EINVAL;
1895 if (params.ht_capa)
1896 err = -EINVAL;
1897 if (params.listen_interval >= 0)
1898 err = -EINVAL;
1899 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
1900 err = -EINVAL;
1901 break;
1902 case NL80211_IFTYPE_MESH_POINT:
1903
1904 if (params.vlan)
1905 err = -EINVAL;
1906 if (params.ht_capa)
1907 err = -EINVAL;
1908 if (params.listen_interval >= 0)
1909 err = -EINVAL;
1910 if (params.supported_rates)
1911 err = -EINVAL;
1912 if (params.sta_flags_mask)
1913 err = -EINVAL;
1914 break;
1915 default:
1916 err = -EINVAL;
1917 }
1918
1919 if (err)
1920 goto out;
1921
1922 if (!rdev->ops->change_station) {
1923 err = -EOPNOTSUPP;
1924 goto out;
1925 }
1926
1927 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms);
1928
1929 out:
1930 if (params.vlan)
1931 dev_put(params.vlan);
1932 cfg80211_unlock_rdev(rdev);
1933 dev_put(dev);
1934 out_rtnl:
1935 rtnl_unlock();
1936
1937 return err;
1938}
1939
1940static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1941{
1942 struct cfg80211_registered_device *rdev;
1943 int err;
1944 struct net_device *dev;
1945 struct station_parameters params;
1946 u8 *mac_addr = NULL;
1947
1948 memset(¶ms, 0, sizeof(params));
1949
1950 if (!info->attrs[NL80211_ATTR_MAC])
1951 return -EINVAL;
1952
1953 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1954 return -EINVAL;
1955
1956 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
1957 return -EINVAL;
1958
1959 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1960 params.supported_rates =
1961 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1962 params.supported_rates_len =
1963 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1964 params.listen_interval =
1965 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1966
1967 if (info->attrs[NL80211_ATTR_STA_AID]) {
1968 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
1969 if (!params.aid || params.aid > IEEE80211_MAX_AID)
1970 return -EINVAL;
1971 }
1972
1973 if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1974 params.ht_capa =
1975 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1976
1977 if (parse_station_flags(info, ¶ms))
1978 return -EINVAL;
1979
1980 rtnl_lock();
1981
1982 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
1983 if (err)
1984 goto out_rtnl;
1985
1986 err = get_vlan(info, rdev, ¶ms.vlan);
1987 if (err)
1988 goto out;
1989
1990
1991 err = 0;
1992
1993 switch (dev->ieee80211_ptr->iftype) {
1994 case NL80211_IFTYPE_AP:
1995 case NL80211_IFTYPE_AP_VLAN:
1996
1997 if (!params.aid)
1998 err = -EINVAL;
1999 break;
2000 case NL80211_IFTYPE_MESH_POINT:
2001
2002 if (params.vlan)
2003 err = -EINVAL;
2004 if (params.aid)
2005 err = -EINVAL;
2006 if (params.ht_capa)
2007 err = -EINVAL;
2008 if (params.listen_interval >= 0)
2009 err = -EINVAL;
2010 if (params.supported_rates)
2011 err = -EINVAL;
2012 if (params.sta_flags_mask)
2013 err = -EINVAL;
2014 break;
2015 default:
2016 err = -EINVAL;
2017 }
2018
2019 if (err)
2020 goto out;
2021
2022 if (!rdev->ops->add_station) {
2023 err = -EOPNOTSUPP;
2024 goto out;
2025 }
2026
2027 if (!netif_running(dev)) {
2028 err = -ENETDOWN;
2029 goto out;
2030 }
2031
2032 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms);
2033
2034 out:
2035 if (params.vlan)
2036 dev_put(params.vlan);
2037 cfg80211_unlock_rdev(rdev);
2038 dev_put(dev);
2039 out_rtnl:
2040 rtnl_unlock();
2041
2042 return err;
2043}
2044
2045static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
2046{
2047 struct cfg80211_registered_device *rdev;
2048 int err;
2049 struct net_device *dev;
2050 u8 *mac_addr = NULL;
2051
2052 if (info->attrs[NL80211_ATTR_MAC])
2053 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2054
2055 rtnl_lock();
2056
2057 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2058 if (err)
2059 goto out_rtnl;
2060
2061 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
2062 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
2063 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2064 err = -EINVAL;
2065 goto out;
2066 }
2067
2068 if (!rdev->ops->del_station) {
2069 err = -EOPNOTSUPP;
2070 goto out;
2071 }
2072
2073 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
2074
2075 out:
2076 cfg80211_unlock_rdev(rdev);
2077 dev_put(dev);
2078 out_rtnl:
2079 rtnl_unlock();
2080
2081 return err;
2082}
2083
2084static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
2085 int flags, struct net_device *dev,
2086 u8 *dst, u8 *next_hop,
2087 struct mpath_info *pinfo)
2088{
2089 void *hdr;
2090 struct nlattr *pinfoattr;
2091
2092 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
2093 if (!hdr)
2094 return -1;
2095
2096 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2097 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
2098 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
2099
2100 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation);
2101
2102 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
2103 if (!pinfoattr)
2104 goto nla_put_failure;
2105 if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
2106 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
2107 pinfo->frame_qlen);
2108 if (pinfo->filled & MPATH_INFO_DSN)
2109 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DSN,
2110 pinfo->dsn);
2111 if (pinfo->filled & MPATH_INFO_METRIC)
2112 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
2113 pinfo->metric);
2114 if (pinfo->filled & MPATH_INFO_EXPTIME)
2115 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
2116 pinfo->exptime);
2117 if (pinfo->filled & MPATH_INFO_FLAGS)
2118 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
2119 pinfo->flags);
2120 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
2121 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
2122 pinfo->discovery_timeout);
2123 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
2124 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
2125 pinfo->discovery_retries);
2126
2127 nla_nest_end(msg, pinfoattr);
2128
2129 return genlmsg_end(msg, hdr);
2130
2131 nla_put_failure:
2132 genlmsg_cancel(msg, hdr);
2133 return -EMSGSIZE;
2134}
2135
2136static int nl80211_dump_mpath(struct sk_buff *skb,
2137 struct netlink_callback *cb)
2138{
2139 struct mpath_info pinfo;
2140 struct cfg80211_registered_device *dev;
2141 struct net_device *netdev;
2142 u8 dst[ETH_ALEN];
2143 u8 next_hop[ETH_ALEN];
2144 int ifidx = cb->args[0];
2145 int path_idx = cb->args[1];
2146 int err;
2147
2148 if (!ifidx) {
2149 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
2150 nl80211_fam.attrbuf, nl80211_fam.maxattr,
2151 nl80211_policy);
2152 if (err)
2153 return err;
2154
2155 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
2156 return -EINVAL;
2157
2158 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
2159 if (!ifidx)
2160 return -EINVAL;
2161 }
2162
2163 rtnl_lock();
2164
2165 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx);
2166 if (!netdev) {
2167 err = -ENODEV;
2168 goto out_rtnl;
2169 }
2170
2171 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
2172 if (IS_ERR(dev)) {
2173 err = PTR_ERR(dev);
2174 goto out_rtnl;
2175 }
2176
2177 if (!dev->ops->dump_mpath) {
2178 err = -EOPNOTSUPP;
2179 goto out_err;
2180 }
2181
2182 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2183 err = -EOPNOTSUPP;
2184 goto out_err;
2185 }
2186
2187 while (1) {
2188 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
2189 dst, next_hop, &pinfo);
2190 if (err == -ENOENT)
2191 break;
2192 if (err)
2193 goto out_err;
2194
2195 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
2196 cb->nlh->nlmsg_seq, NLM_F_MULTI,
2197 netdev, dst, next_hop,
2198 &pinfo) < 0)
2199 goto out;
2200
2201 path_idx++;
2202 }
2203
2204
2205 out:
2206 cb->args[1] = path_idx;
2207 err = skb->len;
2208 out_err:
2209 cfg80211_unlock_rdev(dev);
2210 out_rtnl:
2211 rtnl_unlock();
2212
2213 return err;
2214}
2215
2216static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
2217{
2218 struct cfg80211_registered_device *rdev;
2219 int err;
2220 struct net_device *dev;
2221 struct mpath_info pinfo;
2222 struct sk_buff *msg;
2223 u8 *dst = NULL;
2224 u8 next_hop[ETH_ALEN];
2225
2226 memset(&pinfo, 0, sizeof(pinfo));
2227
2228 if (!info->attrs[NL80211_ATTR_MAC])
2229 return -EINVAL;
2230
2231 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2232
2233 rtnl_lock();
2234
2235 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2236 if (err)
2237 goto out_rtnl;
2238
2239 if (!rdev->ops->get_mpath) {
2240 err = -EOPNOTSUPP;
2241 goto out;
2242 }
2243
2244 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2245 err = -EOPNOTSUPP;
2246 goto out;
2247 }
2248
2249 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
2250 if (err)
2251 goto out;
2252
2253 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2254 if (!msg)
2255 goto out;
2256
2257 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
2258 dev, dst, next_hop, &pinfo) < 0)
2259 goto out_free;
2260
2261 err = genlmsg_reply(msg, info);
2262 goto out;
2263
2264 out_free:
2265 nlmsg_free(msg);
2266 out:
2267 cfg80211_unlock_rdev(rdev);
2268 dev_put(dev);
2269 out_rtnl:
2270 rtnl_unlock();
2271
2272 return err;
2273}
2274
2275static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
2276{
2277 struct cfg80211_registered_device *rdev;
2278 int err;
2279 struct net_device *dev;
2280 u8 *dst = NULL;
2281 u8 *next_hop = NULL;
2282
2283 if (!info->attrs[NL80211_ATTR_MAC])
2284 return -EINVAL;
2285
2286 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2287 return -EINVAL;
2288
2289 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2290 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2291
2292 rtnl_lock();
2293
2294 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2295 if (err)
2296 goto out_rtnl;
2297
2298 if (!rdev->ops->change_mpath) {
2299 err = -EOPNOTSUPP;
2300 goto out;
2301 }
2302
2303 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2304 err = -EOPNOTSUPP;
2305 goto out;
2306 }
2307
2308 if (!netif_running(dev)) {
2309 err = -ENETDOWN;
2310 goto out;
2311 }
2312
2313 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
2314
2315 out:
2316 cfg80211_unlock_rdev(rdev);
2317 dev_put(dev);
2318 out_rtnl:
2319 rtnl_unlock();
2320
2321 return err;
2322}
2323static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
2324{
2325 struct cfg80211_registered_device *rdev;
2326 int err;
2327 struct net_device *dev;
2328 u8 *dst = NULL;
2329 u8 *next_hop = NULL;
2330
2331 if (!info->attrs[NL80211_ATTR_MAC])
2332 return -EINVAL;
2333
2334 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
2335 return -EINVAL;
2336
2337 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2338 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
2339
2340 rtnl_lock();
2341
2342 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2343 if (err)
2344 goto out_rtnl;
2345
2346 if (!rdev->ops->add_mpath) {
2347 err = -EOPNOTSUPP;
2348 goto out;
2349 }
2350
2351 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
2352 err = -EOPNOTSUPP;
2353 goto out;
2354 }
2355
2356 if (!netif_running(dev)) {
2357 err = -ENETDOWN;
2358 goto out;
2359 }
2360
2361 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
2362
2363 out:
2364 cfg80211_unlock_rdev(rdev);
2365 dev_put(dev);
2366 out_rtnl:
2367 rtnl_unlock();
2368
2369 return err;
2370}
2371
2372static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
2373{
2374 struct cfg80211_registered_device *rdev;
2375 int err;
2376 struct net_device *dev;
2377 u8 *dst = NULL;
2378
2379 if (info->attrs[NL80211_ATTR_MAC])
2380 dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
2381
2382 rtnl_lock();
2383
2384 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2385 if (err)
2386 goto out_rtnl;
2387
2388 if (!rdev->ops->del_mpath) {
2389 err = -EOPNOTSUPP;
2390 goto out;
2391 }
2392
2393 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
2394
2395 out:
2396 cfg80211_unlock_rdev(rdev);
2397 dev_put(dev);
2398 out_rtnl:
2399 rtnl_unlock();
2400
2401 return err;
2402}
2403
2404static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
2405{
2406 struct cfg80211_registered_device *rdev;
2407 int err;
2408 struct net_device *dev;
2409 struct bss_parameters params;
2410
2411 memset(¶ms, 0, sizeof(params));
2412
2413 params.use_cts_prot = -1;
2414 params.use_short_preamble = -1;
2415 params.use_short_slot_time = -1;
2416
2417 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
2418 params.use_cts_prot =
2419 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
2420 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
2421 params.use_short_preamble =
2422 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
2423 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
2424 params.use_short_slot_time =
2425 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
2426 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
2427 params.basic_rates =
2428 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2429 params.basic_rates_len =
2430 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
2431 }
2432
2433 rtnl_lock();
2434
2435 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2436 if (err)
2437 goto out_rtnl;
2438
2439 if (!rdev->ops->change_bss) {
2440 err = -EOPNOTSUPP;
2441 goto out;
2442 }
2443
2444 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
2445 err = -EOPNOTSUPP;
2446 goto out;
2447 }
2448
2449 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms);
2450
2451 out:
2452 cfg80211_unlock_rdev(rdev);
2453 dev_put(dev);
2454 out_rtnl:
2455 rtnl_unlock();
2456
2457 return err;
2458}
2459
2460static const struct nla_policy
2461 reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2462 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 },
2463 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 },
2464 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 },
2465 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 },
2466 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 },
2467 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 },
2468};
2469
2470static int parse_reg_rule(struct nlattr *tb[],
2471 struct ieee80211_reg_rule *reg_rule)
2472{
2473 struct ieee80211_freq_range *freq_range = ®_rule->freq_range;
2474 struct ieee80211_power_rule *power_rule = ®_rule->power_rule;
2475
2476 if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2477 return -EINVAL;
2478 if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2479 return -EINVAL;
2480 if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2481 return -EINVAL;
2482 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2483 return -EINVAL;
2484 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2485 return -EINVAL;
2486
2487 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2488
2489 freq_range->start_freq_khz =
2490 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2491 freq_range->end_freq_khz =
2492 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2493 freq_range->max_bandwidth_khz =
2494 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2495
2496 power_rule->max_eirp =
2497 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2498
2499 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2500 power_rule->max_antenna_gain =
2501 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2502
2503 return 0;
2504}
2505
2506static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2507{
2508 int r;
2509 char *data = NULL;
2510
2511
2512
2513
2514
2515
2516
2517 mutex_lock(&cfg80211_mutex);
2518 if (unlikely(!cfg80211_regdomain)) {
2519 mutex_unlock(&cfg80211_mutex);
2520 return -EINPROGRESS;
2521 }
2522 mutex_unlock(&cfg80211_mutex);
2523
2524 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2525 return -EINVAL;
2526
2527 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2528
2529#ifdef CONFIG_WIRELESS_OLD_REGULATORY
2530
2531 if (is_world_regdom(data))
2532 return -EINVAL;
2533#endif
2534
2535 r = regulatory_hint_user(data);
2536
2537 return r;
2538}
2539
2540static int nl80211_get_mesh_params(struct sk_buff *skb,
2541 struct genl_info *info)
2542{
2543 struct cfg80211_registered_device *rdev;
2544 struct mesh_config cur_params;
2545 int err;
2546 struct net_device *dev;
2547 void *hdr;
2548 struct nlattr *pinfoattr;
2549 struct sk_buff *msg;
2550
2551 rtnl_lock();
2552
2553
2554 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2555 if (err)
2556 goto out_rtnl;
2557
2558 if (!rdev->ops->get_mesh_params) {
2559 err = -EOPNOTSUPP;
2560 goto out;
2561 }
2562
2563
2564 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params);
2565 if (err)
2566 goto out;
2567
2568
2569 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2570 if (!msg) {
2571 err = -ENOBUFS;
2572 goto out;
2573 }
2574 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2575 NL80211_CMD_GET_MESH_PARAMS);
2576 if (!hdr)
2577 goto nla_put_failure;
2578 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2579 if (!pinfoattr)
2580 goto nla_put_failure;
2581 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2582 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2583 cur_params.dot11MeshRetryTimeout);
2584 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2585 cur_params.dot11MeshConfirmTimeout);
2586 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2587 cur_params.dot11MeshHoldingTimeout);
2588 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2589 cur_params.dot11MeshMaxPeerLinks);
2590 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2591 cur_params.dot11MeshMaxRetries);
2592 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2593 cur_params.dot11MeshTTL);
2594 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2595 cur_params.auto_open_plinks);
2596 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2597 cur_params.dot11MeshHWMPmaxPREQretries);
2598 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2599 cur_params.path_refresh_time);
2600 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2601 cur_params.min_discovery_timeout);
2602 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2603 cur_params.dot11MeshHWMPactivePathTimeout);
2604 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2605 cur_params.dot11MeshHWMPpreqMinInterval);
2606 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2607 cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2608 nla_nest_end(msg, pinfoattr);
2609 genlmsg_end(msg, hdr);
2610 err = genlmsg_reply(msg, info);
2611 goto out;
2612
2613 nla_put_failure:
2614 genlmsg_cancel(msg, hdr);
2615 err = -EMSGSIZE;
2616 out:
2617
2618 cfg80211_unlock_rdev(rdev);
2619 dev_put(dev);
2620 out_rtnl:
2621 rtnl_unlock();
2622
2623 return err;
2624}
2625
2626#define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2627do {\
2628 if (table[attr_num]) {\
2629 cfg.param = nla_fn(table[attr_num]); \
2630 mask |= (1 << (attr_num - 1)); \
2631 } \
2632} while (0);\
2633
2634static struct nla_policy
2635nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] __read_mostly = {
2636 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2637 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2638 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2639 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2640 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2641 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2642 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2643
2644 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2645 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2646 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2647 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2648 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2649 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2650};
2651
2652static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2653{
2654 int err;
2655 u32 mask;
2656 struct cfg80211_registered_device *rdev;
2657 struct net_device *dev;
2658 struct mesh_config cfg;
2659 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2660 struct nlattr *parent_attr;
2661
2662 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2663 if (!parent_attr)
2664 return -EINVAL;
2665 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2666 parent_attr, nl80211_meshconf_params_policy))
2667 return -EINVAL;
2668
2669 rtnl_lock();
2670
2671 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2672 if (err)
2673 goto out_rtnl;
2674
2675 if (!rdev->ops->set_mesh_params) {
2676 err = -EOPNOTSUPP;
2677 goto out;
2678 }
2679
2680
2681
2682 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2683
2684
2685 mask = 0;
2686 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2687 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2688 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2689 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2690 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2691 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2692 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2693 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2694 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2695 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2696 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2697 mask, NL80211_MESHCONF_TTL, nla_get_u8);
2698 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2699 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2700 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2701 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2702 nla_get_u8);
2703 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2704 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2705 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2706 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2707 nla_get_u16);
2708 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2709 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2710 nla_get_u32);
2711 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2712 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2713 nla_get_u16);
2714 FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2715 dot11MeshHWMPnetDiameterTraversalTime,
2716 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2717 nla_get_u16);
2718
2719
2720 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask);
2721
2722 out:
2723
2724 cfg80211_unlock_rdev(rdev);
2725 dev_put(dev);
2726 out_rtnl:
2727 rtnl_unlock();
2728
2729 return err;
2730}
2731
2732#undef FILL_IN_MESH_PARAM_IF_SET
2733
2734static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2735{
2736 struct sk_buff *msg;
2737 void *hdr = NULL;
2738 struct nlattr *nl_reg_rules;
2739 unsigned int i;
2740 int err = -EINVAL;
2741
2742 mutex_lock(&cfg80211_mutex);
2743
2744 if (!cfg80211_regdomain)
2745 goto out;
2746
2747 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
2748 if (!msg) {
2749 err = -ENOBUFS;
2750 goto out;
2751 }
2752
2753 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2754 NL80211_CMD_GET_REG);
2755 if (!hdr)
2756 goto nla_put_failure;
2757
2758 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2759 cfg80211_regdomain->alpha2);
2760
2761 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2762 if (!nl_reg_rules)
2763 goto nla_put_failure;
2764
2765 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2766 struct nlattr *nl_reg_rule;
2767 const struct ieee80211_reg_rule *reg_rule;
2768 const struct ieee80211_freq_range *freq_range;
2769 const struct ieee80211_power_rule *power_rule;
2770
2771 reg_rule = &cfg80211_regdomain->reg_rules[i];
2772 freq_range = ®_rule->freq_range;
2773 power_rule = ®_rule->power_rule;
2774
2775 nl_reg_rule = nla_nest_start(msg, i);
2776 if (!nl_reg_rule)
2777 goto nla_put_failure;
2778
2779 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
2780 reg_rule->flags);
2781 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
2782 freq_range->start_freq_khz);
2783 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
2784 freq_range->end_freq_khz);
2785 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
2786 freq_range->max_bandwidth_khz);
2787 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
2788 power_rule->max_antenna_gain);
2789 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
2790 power_rule->max_eirp);
2791
2792 nla_nest_end(msg, nl_reg_rule);
2793 }
2794
2795 nla_nest_end(msg, nl_reg_rules);
2796
2797 genlmsg_end(msg, hdr);
2798 err = genlmsg_reply(msg, info);
2799 goto out;
2800
2801nla_put_failure:
2802 genlmsg_cancel(msg, hdr);
2803 err = -EMSGSIZE;
2804out:
2805 mutex_unlock(&cfg80211_mutex);
2806 return err;
2807}
2808
2809static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2810{
2811 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
2812 struct nlattr *nl_reg_rule;
2813 char *alpha2 = NULL;
2814 int rem_reg_rules = 0, r = 0;
2815 u32 num_rules = 0, rule_idx = 0, size_of_regd;
2816 struct ieee80211_regdomain *rd = NULL;
2817
2818 if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2819 return -EINVAL;
2820
2821 if (!info->attrs[NL80211_ATTR_REG_RULES])
2822 return -EINVAL;
2823
2824 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2825
2826 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2827 rem_reg_rules) {
2828 num_rules++;
2829 if (num_rules > NL80211_MAX_SUPP_REG_RULES)
2830 return -EINVAL;
2831 }
2832
2833 mutex_lock(&cfg80211_mutex);
2834
2835 if (!reg_is_valid_request(alpha2)) {
2836 r = -EINVAL;
2837 goto bad_reg;
2838 }
2839
2840 size_of_regd = sizeof(struct ieee80211_regdomain) +
2841 (num_rules * sizeof(struct ieee80211_reg_rule));
2842
2843 rd = kzalloc(size_of_regd, GFP_KERNEL);
2844 if (!rd) {
2845 r = -ENOMEM;
2846 goto bad_reg;
2847 }
2848
2849 rd->n_reg_rules = num_rules;
2850 rd->alpha2[0] = alpha2[0];
2851 rd->alpha2[1] = alpha2[1];
2852
2853 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2854 rem_reg_rules) {
2855 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2856 nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2857 reg_rule_policy);
2858 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
2859 if (r)
2860 goto bad_reg;
2861
2862 rule_idx++;
2863
2864 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
2865 r = -EINVAL;
2866 goto bad_reg;
2867 }
2868 }
2869
2870 BUG_ON(rule_idx != num_rules);
2871
2872 r = set_regdom(rd);
2873
2874 mutex_unlock(&cfg80211_mutex);
2875
2876 return r;
2877
2878 bad_reg:
2879 mutex_unlock(&cfg80211_mutex);
2880 kfree(rd);
2881 return r;
2882}
2883
2884static int validate_scan_freqs(struct nlattr *freqs)
2885{
2886 struct nlattr *attr1, *attr2;
2887 int n_channels = 0, tmp1, tmp2;
2888
2889 nla_for_each_nested(attr1, freqs, tmp1) {
2890 n_channels++;
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900 nla_for_each_nested(attr2, freqs, tmp2)
2901 if (attr1 != attr2 &&
2902 nla_get_u32(attr1) == nla_get_u32(attr2))
2903 return 0;
2904 }
2905
2906 return n_channels;
2907}
2908
2909static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2910{
2911 struct cfg80211_registered_device *rdev;
2912 struct net_device *dev;
2913 struct cfg80211_scan_request *request;
2914 struct cfg80211_ssid *ssid;
2915 struct ieee80211_channel *channel;
2916 struct nlattr *attr;
2917 struct wiphy *wiphy;
2918 int err, tmp, n_ssids = 0, n_channels, i;
2919 enum ieee80211_band band;
2920 size_t ie_len;
2921
2922 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
2923 return -EINVAL;
2924
2925 rtnl_lock();
2926
2927 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
2928 if (err)
2929 goto out_rtnl;
2930
2931 wiphy = &rdev->wiphy;
2932
2933 if (!rdev->ops->scan) {
2934 err = -EOPNOTSUPP;
2935 goto out;
2936 }
2937
2938 if (!netif_running(dev)) {
2939 err = -ENETDOWN;
2940 goto out;
2941 }
2942
2943 if (rdev->scan_req) {
2944 err = -EBUSY;
2945 goto out;
2946 }
2947
2948 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
2949 n_channels = validate_scan_freqs(
2950 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
2951 if (!n_channels) {
2952 err = -EINVAL;
2953 goto out;
2954 }
2955 } else {
2956 n_channels = 0;
2957
2958 for (band = 0; band < IEEE80211_NUM_BANDS; band++)
2959 if (wiphy->bands[band])
2960 n_channels += wiphy->bands[band]->n_channels;
2961 }
2962
2963 if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
2964 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
2965 n_ssids++;
2966
2967 if (n_ssids > wiphy->max_scan_ssids) {
2968 err = -EINVAL;
2969 goto out;
2970 }
2971
2972 if (info->attrs[NL80211_ATTR_IE])
2973 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2974 else
2975 ie_len = 0;
2976
2977 if (ie_len > wiphy->max_scan_ie_len) {
2978 err = -EINVAL;
2979 goto out;
2980 }
2981
2982 request = kzalloc(sizeof(*request)
2983 + sizeof(*ssid) * n_ssids
2984 + sizeof(channel) * n_channels
2985 + ie_len, GFP_KERNEL);
2986 if (!request) {
2987 err = -ENOMEM;
2988 goto out;
2989 }
2990
2991 request->n_channels = n_channels;
2992 if (n_ssids)
2993 request->ssids = (void *)&request->channels[n_channels];
2994 request->n_ssids = n_ssids;
2995 if (ie_len) {
2996 if (request->ssids)
2997 request->ie = (void *)(request->ssids + n_ssids);
2998 else
2999 request->ie = (void *)(request->channels + n_channels);
3000 }
3001
3002 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
3003
3004 request->n_channels = n_channels;
3005 i = 0;
3006 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
3007 request->channels[i] = ieee80211_get_channel(wiphy, nla_get_u32(attr));
3008 if (!request->channels[i]) {
3009 err = -EINVAL;
3010 goto out_free;
3011 }
3012 i++;
3013 }
3014 } else {
3015
3016 i = 0;
3017 for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
3018 int j;
3019 if (!wiphy->bands[band])
3020 continue;
3021 for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
3022 request->channels[i] = &wiphy->bands[band]->channels[j];
3023 i++;
3024 }
3025 }
3026 }
3027
3028 i = 0;
3029 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
3030 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
3031 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
3032 err = -EINVAL;
3033 goto out_free;
3034 }
3035 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
3036 request->ssids[i].ssid_len = nla_len(attr);
3037 i++;
3038 }
3039 }
3040
3041 if (info->attrs[NL80211_ATTR_IE]) {
3042 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3043 memcpy((void *)request->ie,
3044 nla_data(info->attrs[NL80211_ATTR_IE]),
3045 request->ie_len);
3046 }
3047
3048 request->dev = dev;
3049 request->wiphy = &rdev->wiphy;
3050
3051 rdev->scan_req = request;
3052 err = rdev->ops->scan(&rdev->wiphy, dev, request);
3053
3054 if (!err) {
3055 nl80211_send_scan_start(rdev, dev);
3056 dev_hold(dev);
3057 }
3058
3059 out_free:
3060 if (err) {
3061 rdev->scan_req = NULL;
3062 kfree(request);
3063 }
3064 out:
3065 cfg80211_unlock_rdev(rdev);
3066 dev_put(dev);
3067 out_rtnl:
3068 rtnl_unlock();
3069
3070 return err;
3071}
3072
3073static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
3074 struct cfg80211_registered_device *rdev,
3075 struct wireless_dev *wdev,
3076 struct cfg80211_internal_bss *intbss)
3077{
3078 struct cfg80211_bss *res = &intbss->pub;
3079 void *hdr;
3080 struct nlattr *bss;
3081 int i;
3082
3083 ASSERT_WDEV_LOCK(wdev);
3084
3085 hdr = nl80211hdr_put(msg, pid, seq, flags,
3086 NL80211_CMD_NEW_SCAN_RESULTS);
3087 if (!hdr)
3088 return -1;
3089
3090 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation);
3091 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex);
3092
3093 bss = nla_nest_start(msg, NL80211_ATTR_BSS);
3094 if (!bss)
3095 goto nla_put_failure;
3096 if (!is_zero_ether_addr(res->bssid))
3097 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
3098 if (res->information_elements && res->len_information_elements)
3099 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
3100 res->len_information_elements,
3101 res->information_elements);
3102 if (res->tsf)
3103 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
3104 if (res->beacon_interval)
3105 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
3106 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
3107 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
3108
3109 switch (rdev->wiphy.signal_type) {
3110 case CFG80211_SIGNAL_TYPE_MBM:
3111 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
3112 break;
3113 case CFG80211_SIGNAL_TYPE_UNSPEC:
3114 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
3115 break;
3116 default:
3117 break;
3118 }
3119
3120 switch (wdev->iftype) {
3121 case NL80211_IFTYPE_STATION:
3122 if (intbss == wdev->current_bss)
3123 NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3124 NL80211_BSS_STATUS_ASSOCIATED);
3125 else for (i = 0; i < MAX_AUTH_BSSES; i++) {
3126 if (intbss != wdev->auth_bsses[i])
3127 continue;
3128 NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3129 NL80211_BSS_STATUS_AUTHENTICATED);
3130 break;
3131 }
3132 break;
3133 case NL80211_IFTYPE_ADHOC:
3134 if (intbss == wdev->current_bss)
3135 NLA_PUT_U32(msg, NL80211_BSS_STATUS,
3136 NL80211_BSS_STATUS_IBSS_JOINED);
3137 break;
3138 default:
3139 break;
3140 }
3141
3142 nla_nest_end(msg, bss);
3143
3144 return genlmsg_end(msg, hdr);
3145
3146 nla_put_failure:
3147 genlmsg_cancel(msg, hdr);
3148 return -EMSGSIZE;
3149}
3150
3151static int nl80211_dump_scan(struct sk_buff *skb,
3152 struct netlink_callback *cb)
3153{
3154 struct cfg80211_registered_device *rdev;
3155 struct net_device *dev;
3156 struct cfg80211_internal_bss *scan;
3157 struct wireless_dev *wdev;
3158 int ifidx = cb->args[0];
3159 int start = cb->args[1], idx = 0;
3160 int err;
3161
3162 if (!ifidx) {
3163 err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
3164 nl80211_fam.attrbuf, nl80211_fam.maxattr,
3165 nl80211_policy);
3166 if (err)
3167 return err;
3168
3169 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
3170 return -EINVAL;
3171
3172 ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
3173 if (!ifidx)
3174 return -EINVAL;
3175 cb->args[0] = ifidx;
3176 }
3177
3178 dev = dev_get_by_index(sock_net(skb->sk), ifidx);
3179 if (!dev)
3180 return -ENODEV;
3181
3182 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
3183 if (IS_ERR(rdev)) {
3184 err = PTR_ERR(rdev);
3185 goto out_put_netdev;
3186 }
3187
3188 wdev = dev->ieee80211_ptr;
3189
3190 wdev_lock(wdev);
3191 spin_lock_bh(&rdev->bss_lock);
3192 cfg80211_bss_expire(rdev);
3193
3194 list_for_each_entry(scan, &rdev->bss_list, list) {
3195 if (++idx <= start)
3196 continue;
3197 if (nl80211_send_bss(skb,
3198 NETLINK_CB(cb->skb).pid,
3199 cb->nlh->nlmsg_seq, NLM_F_MULTI,
3200 rdev, wdev, scan) < 0) {
3201 idx--;
3202 goto out;
3203 }
3204 }
3205
3206 out:
3207 spin_unlock_bh(&rdev->bss_lock);
3208 wdev_unlock(wdev);
3209
3210 cb->args[1] = idx;
3211 err = skb->len;
3212 cfg80211_unlock_rdev(rdev);
3213 out_put_netdev:
3214 dev_put(dev);
3215
3216 return err;
3217}
3218
3219static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
3220{
3221 return auth_type <= NL80211_AUTHTYPE_MAX;
3222}
3223
3224static bool nl80211_valid_wpa_versions(u32 wpa_versions)
3225{
3226 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
3227 NL80211_WPA_VERSION_2));
3228}
3229
3230static bool nl80211_valid_akm_suite(u32 akm)
3231{
3232 return akm == WLAN_AKM_SUITE_8021X ||
3233 akm == WLAN_AKM_SUITE_PSK;
3234}
3235
3236static bool nl80211_valid_cipher_suite(u32 cipher)
3237{
3238 return cipher == WLAN_CIPHER_SUITE_WEP40 ||
3239 cipher == WLAN_CIPHER_SUITE_WEP104 ||
3240 cipher == WLAN_CIPHER_SUITE_TKIP ||
3241 cipher == WLAN_CIPHER_SUITE_CCMP ||
3242 cipher == WLAN_CIPHER_SUITE_AES_CMAC;
3243}
3244
3245
3246static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
3247{
3248 struct cfg80211_registered_device *rdev;
3249 struct net_device *dev;
3250 struct ieee80211_channel *chan;
3251 const u8 *bssid, *ssid, *ie = NULL;
3252 int err, ssid_len, ie_len = 0;
3253 enum nl80211_auth_type auth_type;
3254 struct key_parse key;
3255
3256 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3257 return -EINVAL;
3258
3259 if (!info->attrs[NL80211_ATTR_MAC])
3260 return -EINVAL;
3261
3262 if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
3263 return -EINVAL;
3264
3265 if (!info->attrs[NL80211_ATTR_SSID])
3266 return -EINVAL;
3267
3268 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
3269 return -EINVAL;
3270
3271 err = nl80211_parse_key(info, &key);
3272 if (err)
3273 return err;
3274
3275 if (key.idx >= 0) {
3276 if (!key.p.key || !key.p.key_len)
3277 return -EINVAL;
3278 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
3279 key.p.key_len != WLAN_KEY_LEN_WEP40) &&
3280 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
3281 key.p.key_len != WLAN_KEY_LEN_WEP104))
3282 return -EINVAL;
3283 if (key.idx > 4)
3284 return -EINVAL;
3285 } else {
3286 key.p.key_len = 0;
3287 key.p.key = NULL;
3288 }
3289
3290 rtnl_lock();
3291
3292 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3293 if (err)
3294 goto unlock_rtnl;
3295
3296 if (!rdev->ops->auth) {
3297 err = -EOPNOTSUPP;
3298 goto out;
3299 }
3300
3301 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3302 err = -EOPNOTSUPP;
3303 goto out;
3304 }
3305
3306 if (!netif_running(dev)) {
3307 err = -ENETDOWN;
3308 goto out;
3309 }
3310
3311 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3312 chan = ieee80211_get_channel(&rdev->wiphy,
3313 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3314 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3315 err = -EINVAL;
3316 goto out;
3317 }
3318
3319 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3320 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3321
3322 if (info->attrs[NL80211_ATTR_IE]) {
3323 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3324 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3325 }
3326
3327 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3328 if (!nl80211_valid_auth_type(auth_type)) {
3329 err = -EINVAL;
3330 goto out;
3331 }
3332
3333 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
3334 ssid, ssid_len, ie, ie_len,
3335 key.p.key, key.p.key_len, key.idx);
3336
3337out:
3338 cfg80211_unlock_rdev(rdev);
3339 dev_put(dev);
3340unlock_rtnl:
3341 rtnl_unlock();
3342 return err;
3343}
3344
3345static int nl80211_crypto_settings(struct genl_info *info,
3346 struct cfg80211_crypto_settings *settings,
3347 int cipher_limit)
3348{
3349 memset(settings, 0, sizeof(*settings));
3350
3351 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];
3352
3353 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
3354 void *data;
3355 int len, i;
3356
3357 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3358 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
3359 settings->n_ciphers_pairwise = len / sizeof(u32);
3360
3361 if (len % sizeof(u32))
3362 return -EINVAL;
3363
3364 if (settings->n_ciphers_pairwise > cipher_limit)
3365 return -EINVAL;
3366
3367 memcpy(settings->ciphers_pairwise, data, len);
3368
3369 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3370 if (!nl80211_valid_cipher_suite(
3371 settings->ciphers_pairwise[i]))
3372 return -EINVAL;
3373 }
3374
3375 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
3376 settings->cipher_group =
3377 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
3378 if (!nl80211_valid_cipher_suite(settings->cipher_group))
3379 return -EINVAL;
3380 }
3381
3382 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
3383 settings->wpa_versions =
3384 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
3385 if (!nl80211_valid_wpa_versions(settings->wpa_versions))
3386 return -EINVAL;
3387 }
3388
3389 if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
3390 void *data;
3391 int len, i;
3392
3393 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
3394 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
3395 settings->n_akm_suites = len / sizeof(u32);
3396
3397 if (len % sizeof(u32))
3398 return -EINVAL;
3399
3400 memcpy(settings->akm_suites, data, len);
3401
3402 for (i = 0; i < settings->n_ciphers_pairwise; i++)
3403 if (!nl80211_valid_akm_suite(settings->akm_suites[i]))
3404 return -EINVAL;
3405 }
3406
3407 return 0;
3408}
3409
3410static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
3411{
3412 struct cfg80211_registered_device *rdev;
3413 struct net_device *dev;
3414 struct cfg80211_crypto_settings crypto;
3415 struct ieee80211_channel *chan, *fixedchan;
3416 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
3417 int err, ssid_len, ie_len = 0;
3418 bool use_mfp = false;
3419
3420 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3421 return -EINVAL;
3422
3423 if (!info->attrs[NL80211_ATTR_MAC] ||
3424 !info->attrs[NL80211_ATTR_SSID] ||
3425 !info->attrs[NL80211_ATTR_WIPHY_FREQ])
3426 return -EINVAL;
3427
3428 rtnl_lock();
3429
3430 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3431 if (err)
3432 goto unlock_rtnl;
3433
3434 if (!rdev->ops->assoc) {
3435 err = -EOPNOTSUPP;
3436 goto out;
3437 }
3438
3439 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3440 err = -EOPNOTSUPP;
3441 goto out;
3442 }
3443
3444 if (!netif_running(dev)) {
3445 err = -ENETDOWN;
3446 goto out;
3447 }
3448
3449 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3450
3451 chan = ieee80211_get_channel(&rdev->wiphy,
3452 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3453 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) {
3454 err = -EINVAL;
3455 goto out;
3456 }
3457
3458 mutex_lock(&rdev->devlist_mtx);
3459 fixedchan = rdev_fixed_channel(rdev, NULL);
3460 if (fixedchan && chan != fixedchan) {
3461 err = -EBUSY;
3462 mutex_unlock(&rdev->devlist_mtx);
3463 goto out;
3464 }
3465 mutex_unlock(&rdev->devlist_mtx);
3466
3467 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3468 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3469
3470 if (info->attrs[NL80211_ATTR_IE]) {
3471 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3472 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3473 }
3474
3475 if (info->attrs[NL80211_ATTR_USE_MFP]) {
3476 enum nl80211_mfp mfp =
3477 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
3478 if (mfp == NL80211_MFP_REQUIRED)
3479 use_mfp = true;
3480 else if (mfp != NL80211_MFP_NO) {
3481 err = -EINVAL;
3482 goto out;
3483 }
3484 }
3485
3486 if (info->attrs[NL80211_ATTR_PREV_BSSID])
3487 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]);
3488
3489 err = nl80211_crypto_settings(info, &crypto, 1);
3490 if (!err)
3491 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid,
3492 ssid, ssid_len, ie, ie_len, use_mfp,
3493 &crypto);
3494
3495out:
3496 cfg80211_unlock_rdev(rdev);
3497 dev_put(dev);
3498unlock_rtnl:
3499 rtnl_unlock();
3500 return err;
3501}
3502
3503static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
3504{
3505 struct cfg80211_registered_device *rdev;
3506 struct net_device *dev;
3507 const u8 *ie = NULL, *bssid;
3508 int err, ie_len = 0;
3509 u16 reason_code;
3510
3511 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3512 return -EINVAL;
3513
3514 if (!info->attrs[NL80211_ATTR_MAC])
3515 return -EINVAL;
3516
3517 if (!info->attrs[NL80211_ATTR_REASON_CODE])
3518 return -EINVAL;
3519
3520 rtnl_lock();
3521
3522 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3523 if (err)
3524 goto unlock_rtnl;
3525
3526 if (!rdev->ops->deauth) {
3527 err = -EOPNOTSUPP;
3528 goto out;
3529 }
3530
3531 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3532 err = -EOPNOTSUPP;
3533 goto out;
3534 }
3535
3536 if (!netif_running(dev)) {
3537 err = -ENETDOWN;
3538 goto out;
3539 }
3540
3541 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3542
3543 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3544 if (reason_code == 0) {
3545
3546 err = -EINVAL;
3547 goto out;
3548 }
3549
3550 if (info->attrs[NL80211_ATTR_IE]) {
3551 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3552 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3553 }
3554
3555 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code);
3556
3557out:
3558 cfg80211_unlock_rdev(rdev);
3559 dev_put(dev);
3560unlock_rtnl:
3561 rtnl_unlock();
3562 return err;
3563}
3564
3565static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
3566{
3567 struct cfg80211_registered_device *rdev;
3568 struct net_device *dev;
3569 const u8 *ie = NULL, *bssid;
3570 int err, ie_len = 0;
3571 u16 reason_code;
3572
3573 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3574 return -EINVAL;
3575
3576 if (!info->attrs[NL80211_ATTR_MAC])
3577 return -EINVAL;
3578
3579 if (!info->attrs[NL80211_ATTR_REASON_CODE])
3580 return -EINVAL;
3581
3582 rtnl_lock();
3583
3584 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3585 if (err)
3586 goto unlock_rtnl;
3587
3588 if (!rdev->ops->disassoc) {
3589 err = -EOPNOTSUPP;
3590 goto out;
3591 }
3592
3593 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3594 err = -EOPNOTSUPP;
3595 goto out;
3596 }
3597
3598 if (!netif_running(dev)) {
3599 err = -ENETDOWN;
3600 goto out;
3601 }
3602
3603 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3604
3605 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3606 if (reason_code == 0) {
3607
3608 err = -EINVAL;
3609 goto out;
3610 }
3611
3612 if (info->attrs[NL80211_ATTR_IE]) {
3613 ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3614 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3615 }
3616
3617 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code);
3618
3619out:
3620 cfg80211_unlock_rdev(rdev);
3621 dev_put(dev);
3622unlock_rtnl:
3623 rtnl_unlock();
3624 return err;
3625}
3626
3627static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info)
3628{
3629 struct cfg80211_registered_device *rdev;
3630 struct net_device *dev;
3631 struct cfg80211_ibss_params ibss;
3632 struct wiphy *wiphy;
3633 struct cfg80211_cached_keys *connkeys = NULL;
3634 int err;
3635
3636 memset(&ibss, 0, sizeof(ibss));
3637
3638 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3639 return -EINVAL;
3640
3641 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] ||
3642 !info->attrs[NL80211_ATTR_SSID] ||
3643 !nla_len(info->attrs[NL80211_ATTR_SSID]))
3644 return -EINVAL;
3645
3646 ibss.beacon_interval = 100;
3647
3648 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
3649 ibss.beacon_interval =
3650 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
3651 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000)
3652 return -EINVAL;
3653 }
3654
3655 rtnl_lock();
3656
3657 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3658 if (err)
3659 goto unlock_rtnl;
3660
3661 if (!rdev->ops->join_ibss) {
3662 err = -EOPNOTSUPP;
3663 goto out;
3664 }
3665
3666 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3667 err = -EOPNOTSUPP;
3668 goto out;
3669 }
3670
3671 if (!netif_running(dev)) {
3672 err = -ENETDOWN;
3673 goto out;
3674 }
3675
3676 wiphy = &rdev->wiphy;
3677
3678 if (info->attrs[NL80211_ATTR_MAC])
3679 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3680 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3681 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3682
3683 if (info->attrs[NL80211_ATTR_IE]) {
3684 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3685 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3686 }
3687
3688 ibss.channel = ieee80211_get_channel(wiphy,
3689 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3690 if (!ibss.channel ||
3691 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS ||
3692 ibss.channel->flags & IEEE80211_CHAN_DISABLED) {
3693 err = -EINVAL;
3694 goto out;
3695 }
3696
3697 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED];
3698 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];
3699
3700 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) {
3701 connkeys = nl80211_parse_connkeys(rdev,
3702 info->attrs[NL80211_ATTR_KEYS]);
3703 if (IS_ERR(connkeys)) {
3704 err = PTR_ERR(connkeys);
3705 connkeys = NULL;
3706 goto out;
3707 }
3708 }
3709
3710 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys);
3711
3712out:
3713 cfg80211_unlock_rdev(rdev);
3714 dev_put(dev);
3715unlock_rtnl:
3716 if (err)
3717 kfree(connkeys);
3718 rtnl_unlock();
3719 return err;
3720}
3721
3722static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info)
3723{
3724 struct cfg80211_registered_device *rdev;
3725 struct net_device *dev;
3726 int err;
3727
3728 rtnl_lock();
3729
3730 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3731 if (err)
3732 goto unlock_rtnl;
3733
3734 if (!rdev->ops->leave_ibss) {
3735 err = -EOPNOTSUPP;
3736 goto out;
3737 }
3738
3739 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) {
3740 err = -EOPNOTSUPP;
3741 goto out;
3742 }
3743
3744 if (!netif_running(dev)) {
3745 err = -ENETDOWN;
3746 goto out;
3747 }
3748
3749 err = cfg80211_leave_ibss(rdev, dev, false);
3750
3751out:
3752 cfg80211_unlock_rdev(rdev);
3753 dev_put(dev);
3754unlock_rtnl:
3755 rtnl_unlock();
3756 return err;
3757}
3758
3759#ifdef CONFIG_NL80211_TESTMODE
3760static struct genl_multicast_group nl80211_testmode_mcgrp = {
3761 .name = "testmode",
3762};
3763
3764static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info)
3765{
3766 struct cfg80211_registered_device *rdev;
3767 int err;
3768
3769 if (!info->attrs[NL80211_ATTR_TESTDATA])
3770 return -EINVAL;
3771
3772 rtnl_lock();
3773
3774 rdev = cfg80211_get_dev_from_info(info);
3775 if (IS_ERR(rdev)) {
3776 err = PTR_ERR(rdev);
3777 goto unlock_rtnl;
3778 }
3779
3780 err = -EOPNOTSUPP;
3781 if (rdev->ops->testmode_cmd) {
3782 rdev->testmode_info = info;
3783 err = rdev->ops->testmode_cmd(&rdev->wiphy,
3784 nla_data(info->attrs[NL80211_ATTR_TESTDATA]),
3785 nla_len(info->attrs[NL80211_ATTR_TESTDATA]));
3786 rdev->testmode_info = NULL;
3787 }
3788
3789 cfg80211_unlock_rdev(rdev);
3790
3791 unlock_rtnl:
3792 rtnl_unlock();
3793 return err;
3794}
3795
3796static struct sk_buff *
3797__cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev,
3798 int approxlen, u32 pid, u32 seq, gfp_t gfp)
3799{
3800 struct sk_buff *skb;
3801 void *hdr;
3802 struct nlattr *data;
3803
3804 skb = nlmsg_new(approxlen + 100, gfp);
3805 if (!skb)
3806 return NULL;
3807
3808 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE);
3809 if (!hdr) {
3810 kfree_skb(skb);
3811 return NULL;
3812 }
3813
3814 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
3815 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA);
3816
3817 ((void **)skb->cb)[0] = rdev;
3818 ((void **)skb->cb)[1] = hdr;
3819 ((void **)skb->cb)[2] = data;
3820
3821 return skb;
3822
3823 nla_put_failure:
3824 kfree_skb(skb);
3825 return NULL;
3826}
3827
3828struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy,
3829 int approxlen)
3830{
3831 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
3832
3833 if (WARN_ON(!rdev->testmode_info))
3834 return NULL;
3835
3836 return __cfg80211_testmode_alloc_skb(rdev, approxlen,
3837 rdev->testmode_info->snd_pid,
3838 rdev->testmode_info->snd_seq,
3839 GFP_KERNEL);
3840}
3841EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb);
3842
3843int cfg80211_testmode_reply(struct sk_buff *skb)
3844{
3845 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0];
3846 void *hdr = ((void **)skb->cb)[1];
3847 struct nlattr *data = ((void **)skb->cb)[2];
3848
3849 if (WARN_ON(!rdev->testmode_info)) {
3850 kfree_skb(skb);
3851 return -EINVAL;
3852 }
3853
3854 nla_nest_end(skb, data);
3855 genlmsg_end(skb, hdr);
3856 return genlmsg_reply(skb, rdev->testmode_info);
3857}
3858EXPORT_SYMBOL(cfg80211_testmode_reply);
3859
3860struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy,
3861 int approxlen, gfp_t gfp)
3862{
3863 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy);
3864
3865 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp);
3866}
3867EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb);
3868
3869void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp)
3870{
3871 void *hdr = ((void **)skb->cb)[1];
3872 struct nlattr *data = ((void **)skb->cb)[2];
3873
3874 nla_nest_end(skb, data);
3875 genlmsg_end(skb, hdr);
3876 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp);
3877}
3878EXPORT_SYMBOL(cfg80211_testmode_event);
3879#endif
3880
3881static int nl80211_connect(struct sk_buff *skb, struct genl_info *info)
3882{
3883 struct cfg80211_registered_device *rdev;
3884 struct net_device *dev;
3885 struct cfg80211_connect_params connect;
3886 struct wiphy *wiphy;
3887 struct cfg80211_cached_keys *connkeys = NULL;
3888 int err;
3889
3890 memset(&connect, 0, sizeof(connect));
3891
3892 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
3893 return -EINVAL;
3894
3895 if (!info->attrs[NL80211_ATTR_SSID] ||
3896 !nla_len(info->attrs[NL80211_ATTR_SSID]))
3897 return -EINVAL;
3898
3899 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
3900 connect.auth_type =
3901 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
3902 if (!nl80211_valid_auth_type(connect.auth_type))
3903 return -EINVAL;
3904 } else
3905 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC;
3906
3907 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY];
3908
3909 err = nl80211_crypto_settings(info, &connect.crypto,
3910 NL80211_MAX_NR_CIPHER_SUITES);
3911 if (err)
3912 return err;
3913 rtnl_lock();
3914
3915 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3916 if (err)
3917 goto unlock_rtnl;
3918
3919 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3920 err = -EOPNOTSUPP;
3921 goto out;
3922 }
3923
3924 if (!netif_running(dev)) {
3925 err = -ENETDOWN;
3926 goto out;
3927 }
3928
3929 wiphy = &rdev->wiphy;
3930
3931 if (info->attrs[NL80211_ATTR_MAC])
3932 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
3933 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
3934 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
3935
3936 if (info->attrs[NL80211_ATTR_IE]) {
3937 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
3938 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
3939 }
3940
3941 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
3942 connect.channel =
3943 ieee80211_get_channel(wiphy,
3944 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
3945 if (!connect.channel ||
3946 connect.channel->flags & IEEE80211_CHAN_DISABLED) {
3947 err = -EINVAL;
3948 goto out;
3949 }
3950 }
3951
3952 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) {
3953 connkeys = nl80211_parse_connkeys(rdev,
3954 info->attrs[NL80211_ATTR_KEYS]);
3955 if (IS_ERR(connkeys)) {
3956 err = PTR_ERR(connkeys);
3957 connkeys = NULL;
3958 goto out;
3959 }
3960 }
3961
3962 err = cfg80211_connect(rdev, dev, &connect, connkeys);
3963
3964out:
3965 cfg80211_unlock_rdev(rdev);
3966 dev_put(dev);
3967unlock_rtnl:
3968 if (err)
3969 kfree(connkeys);
3970 rtnl_unlock();
3971 return err;
3972}
3973
3974static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info)
3975{
3976 struct cfg80211_registered_device *rdev;
3977 struct net_device *dev;
3978 int err;
3979 u16 reason;
3980
3981 if (!info->attrs[NL80211_ATTR_REASON_CODE])
3982 reason = WLAN_REASON_DEAUTH_LEAVING;
3983 else
3984 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
3985
3986 if (reason == 0)
3987 return -EINVAL;
3988
3989 rtnl_lock();
3990
3991 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev);
3992 if (err)
3993 goto unlock_rtnl;
3994
3995 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
3996 err = -EOPNOTSUPP;
3997 goto out;
3998 }
3999
4000 if (!netif_running(dev)) {
4001 err = -ENETDOWN;
4002 goto out;
4003 }
4004
4005 err = cfg80211_disconnect(rdev, dev, reason, true);
4006
4007out:
4008 cfg80211_unlock_rdev(rdev);
4009 dev_put(dev);
4010unlock_rtnl:
4011 rtnl_unlock();
4012 return err;
4013}
4014
4015static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info)
4016{
4017 struct cfg80211_registered_device *rdev;
4018 struct net *net;
4019 int err;
4020 u32 pid;
4021
4022 if (!info->attrs[NL80211_ATTR_PID])
4023 return -EINVAL;
4024
4025 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]);
4026
4027 rtnl_lock();
4028
4029 rdev = cfg80211_get_dev_from_info(info);
4030 if (IS_ERR(rdev)) {
4031 err = PTR_ERR(rdev);
4032 goto out_rtnl;
4033 }
4034
4035 net = get_net_ns_by_pid(pid);
4036 if (IS_ERR(net)) {
4037 err = PTR_ERR(net);
4038 goto out;
4039 }
4040
4041 err = 0;
4042
4043
4044 if (net_eq(wiphy_net(&rdev->wiphy), net))
4045 goto out_put_net;
4046
4047 err = cfg80211_switch_netns(rdev, net);
4048 out_put_net:
4049 put_net(net);
4050 out:
4051 cfg80211_unlock_rdev(rdev);
4052 out_rtnl:
4053 rtnl_unlock();
4054 return err;
4055}
4056
4057static struct genl_ops nl80211_ops[] = {
4058 {
4059 .cmd = NL80211_CMD_GET_WIPHY,
4060 .doit = nl80211_get_wiphy,
4061 .dumpit = nl80211_dump_wiphy,
4062 .policy = nl80211_policy,
4063
4064 },
4065 {
4066 .cmd = NL80211_CMD_SET_WIPHY,
4067 .doit = nl80211_set_wiphy,
4068 .policy = nl80211_policy,
4069 .flags = GENL_ADMIN_PERM,
4070 },
4071 {
4072 .cmd = NL80211_CMD_GET_INTERFACE,
4073 .doit = nl80211_get_interface,
4074 .dumpit = nl80211_dump_interface,
4075 .policy = nl80211_policy,
4076
4077 },
4078 {
4079 .cmd = NL80211_CMD_SET_INTERFACE,
4080 .doit = nl80211_set_interface,
4081 .policy = nl80211_policy,
4082 .flags = GENL_ADMIN_PERM,
4083 },
4084 {
4085 .cmd = NL80211_CMD_NEW_INTERFACE,
4086 .doit = nl80211_new_interface,
4087 .policy = nl80211_policy,
4088 .flags = GENL_ADMIN_PERM,
4089 },
4090 {
4091 .cmd = NL80211_CMD_DEL_INTERFACE,
4092 .doit = nl80211_del_interface,
4093 .policy = nl80211_policy,
4094 .flags = GENL_ADMIN_PERM,
4095 },
4096 {
4097 .cmd = NL80211_CMD_GET_KEY,
4098 .doit = nl80211_get_key,
4099 .policy = nl80211_policy,
4100 .flags = GENL_ADMIN_PERM,
4101 },
4102 {
4103 .cmd = NL80211_CMD_SET_KEY,
4104 .doit = nl80211_set_key,
4105 .policy = nl80211_policy,
4106 .flags = GENL_ADMIN_PERM,
4107 },
4108 {
4109 .cmd = NL80211_CMD_NEW_KEY,
4110 .doit = nl80211_new_key,
4111 .policy = nl80211_policy,
4112 .flags = GENL_ADMIN_PERM,
4113 },
4114 {
4115 .cmd = NL80211_CMD_DEL_KEY,
4116 .doit = nl80211_del_key,
4117 .policy = nl80211_policy,
4118 .flags = GENL_ADMIN_PERM,
4119 },
4120 {
4121 .cmd = NL80211_CMD_SET_BEACON,
4122 .policy = nl80211_policy,
4123 .flags = GENL_ADMIN_PERM,
4124 .doit = nl80211_addset_beacon,
4125 },
4126 {
4127 .cmd = NL80211_CMD_NEW_BEACON,
4128 .policy = nl80211_policy,
4129 .flags = GENL_ADMIN_PERM,
4130 .doit = nl80211_addset_beacon,
4131 },
4132 {
4133 .cmd = NL80211_CMD_DEL_BEACON,
4134 .policy = nl80211_policy,
4135 .flags = GENL_ADMIN_PERM,
4136 .doit = nl80211_del_beacon,
4137 },
4138 {
4139 .cmd = NL80211_CMD_GET_STATION,
4140 .doit = nl80211_get_station,
4141 .dumpit = nl80211_dump_station,
4142 .policy = nl80211_policy,
4143 },
4144 {
4145 .cmd = NL80211_CMD_SET_STATION,
4146 .doit = nl80211_set_station,
4147 .policy = nl80211_policy,
4148 .flags = GENL_ADMIN_PERM,
4149 },
4150 {
4151 .cmd = NL80211_CMD_NEW_STATION,
4152 .doit = nl80211_new_station,
4153 .policy = nl80211_policy,
4154 .flags = GENL_ADMIN_PERM,
4155 },
4156 {
4157 .cmd = NL80211_CMD_DEL_STATION,
4158 .doit = nl80211_del_station,
4159 .policy = nl80211_policy,
4160 .flags = GENL_ADMIN_PERM,
4161 },
4162 {
4163 .cmd = NL80211_CMD_GET_MPATH,
4164 .doit = nl80211_get_mpath,
4165 .dumpit = nl80211_dump_mpath,
4166 .policy = nl80211_policy,
4167 .flags = GENL_ADMIN_PERM,
4168 },
4169 {
4170 .cmd = NL80211_CMD_SET_MPATH,
4171 .doit = nl80211_set_mpath,
4172 .policy = nl80211_policy,
4173 .flags = GENL_ADMIN_PERM,
4174 },
4175 {
4176 .cmd = NL80211_CMD_NEW_MPATH,
4177 .doit = nl80211_new_mpath,
4178 .policy = nl80211_policy,
4179 .flags = GENL_ADMIN_PERM,
4180 },
4181 {
4182 .cmd = NL80211_CMD_DEL_MPATH,
4183 .doit = nl80211_del_mpath,
4184 .policy = nl80211_policy,
4185 .flags = GENL_ADMIN_PERM,
4186 },
4187 {
4188 .cmd = NL80211_CMD_SET_BSS,
4189 .doit = nl80211_set_bss,
4190 .policy = nl80211_policy,
4191 .flags = GENL_ADMIN_PERM,
4192 },
4193 {
4194 .cmd = NL80211_CMD_GET_REG,
4195 .doit = nl80211_get_reg,
4196 .policy = nl80211_policy,
4197
4198 },
4199 {
4200 .cmd = NL80211_CMD_SET_REG,
4201 .doit = nl80211_set_reg,
4202 .policy = nl80211_policy,
4203 .flags = GENL_ADMIN_PERM,
4204 },
4205 {
4206 .cmd = NL80211_CMD_REQ_SET_REG,
4207 .doit = nl80211_req_set_reg,
4208 .policy = nl80211_policy,
4209 .flags = GENL_ADMIN_PERM,
4210 },
4211 {
4212 .cmd = NL80211_CMD_GET_MESH_PARAMS,
4213 .doit = nl80211_get_mesh_params,
4214 .policy = nl80211_policy,
4215
4216 },
4217 {
4218 .cmd = NL80211_CMD_SET_MESH_PARAMS,
4219 .doit = nl80211_set_mesh_params,
4220 .policy = nl80211_policy,
4221 .flags = GENL_ADMIN_PERM,
4222 },
4223 {
4224 .cmd = NL80211_CMD_TRIGGER_SCAN,
4225 .doit = nl80211_trigger_scan,
4226 .policy = nl80211_policy,
4227 .flags = GENL_ADMIN_PERM,
4228 },
4229 {
4230 .cmd = NL80211_CMD_GET_SCAN,
4231 .policy = nl80211_policy,
4232 .dumpit = nl80211_dump_scan,
4233 },
4234 {
4235 .cmd = NL80211_CMD_AUTHENTICATE,
4236 .doit = nl80211_authenticate,
4237 .policy = nl80211_policy,
4238 .flags = GENL_ADMIN_PERM,
4239 },
4240 {
4241 .cmd = NL80211_CMD_ASSOCIATE,
4242 .doit = nl80211_associate,
4243 .policy = nl80211_policy,
4244 .flags = GENL_ADMIN_PERM,
4245 },
4246 {
4247 .cmd = NL80211_CMD_DEAUTHENTICATE,
4248 .doit = nl80211_deauthenticate,
4249 .policy = nl80211_policy,
4250 .flags = GENL_ADMIN_PERM,
4251 },
4252 {
4253 .cmd = NL80211_CMD_DISASSOCIATE,
4254 .doit = nl80211_disassociate,
4255 .policy = nl80211_policy,
4256 .flags = GENL_ADMIN_PERM,
4257 },
4258 {
4259 .cmd = NL80211_CMD_JOIN_IBSS,
4260 .doit = nl80211_join_ibss,
4261 .policy = nl80211_policy,
4262 .flags = GENL_ADMIN_PERM,
4263 },
4264 {
4265 .cmd = NL80211_CMD_LEAVE_IBSS,
4266 .doit = nl80211_leave_ibss,
4267 .policy = nl80211_policy,
4268 .flags = GENL_ADMIN_PERM,
4269 },
4270#ifdef CONFIG_NL80211_TESTMODE
4271 {
4272 .cmd = NL80211_CMD_TESTMODE,
4273 .doit = nl80211_testmode_do,
4274 .policy = nl80211_policy,
4275 .flags = GENL_ADMIN_PERM,
4276 },
4277#endif
4278 {
4279 .cmd = NL80211_CMD_CONNECT,
4280 .doit = nl80211_connect,
4281 .policy = nl80211_policy,
4282 .flags = GENL_ADMIN_PERM,
4283 },
4284 {
4285 .cmd = NL80211_CMD_DISCONNECT,
4286 .doit = nl80211_disconnect,
4287 .policy = nl80211_policy,
4288 .flags = GENL_ADMIN_PERM,
4289 },
4290 {
4291 .cmd = NL80211_CMD_SET_WIPHY_NETNS,
4292 .doit = nl80211_wiphy_netns,
4293 .policy = nl80211_policy,
4294 .flags = GENL_ADMIN_PERM,
4295 },
4296};
4297static struct genl_multicast_group nl80211_mlme_mcgrp = {
4298 .name = "mlme",
4299};
4300
4301
4302static struct genl_multicast_group nl80211_config_mcgrp = {
4303 .name = "config",
4304};
4305static struct genl_multicast_group nl80211_scan_mcgrp = {
4306 .name = "scan",
4307};
4308static struct genl_multicast_group nl80211_regulatory_mcgrp = {
4309 .name = "regulatory",
4310};
4311
4312
4313
4314void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
4315{
4316 struct sk_buff *msg;
4317
4318 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4319 if (!msg)
4320 return;
4321
4322 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
4323 nlmsg_free(msg);
4324 return;
4325 }
4326
4327 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4328 nl80211_config_mcgrp.id, GFP_KERNEL);
4329}
4330
4331static int nl80211_add_scan_req(struct sk_buff *msg,
4332 struct cfg80211_registered_device *rdev)
4333{
4334 struct cfg80211_scan_request *req = rdev->scan_req;
4335 struct nlattr *nest;
4336 int i;
4337
4338 ASSERT_RDEV_LOCK(rdev);
4339
4340 if (WARN_ON(!req))
4341 return 0;
4342
4343 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS);
4344 if (!nest)
4345 goto nla_put_failure;
4346 for (i = 0; i < req->n_ssids; i++)
4347 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid);
4348 nla_nest_end(msg, nest);
4349
4350 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES);
4351 if (!nest)
4352 goto nla_put_failure;
4353 for (i = 0; i < req->n_channels; i++)
4354 NLA_PUT_U32(msg, i, req->channels[i]->center_freq);
4355 nla_nest_end(msg, nest);
4356
4357 if (req->ie)
4358 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie);
4359
4360 return 0;
4361 nla_put_failure:
4362 return -ENOBUFS;
4363}
4364
4365static int nl80211_send_scan_msg(struct sk_buff *msg,
4366 struct cfg80211_registered_device *rdev,
4367 struct net_device *netdev,
4368 u32 pid, u32 seq, int flags,
4369 u32 cmd)
4370{
4371 void *hdr;
4372
4373 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
4374 if (!hdr)
4375 return -1;
4376
4377 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4378 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4379
4380
4381 nl80211_add_scan_req(msg, rdev);
4382
4383 return genlmsg_end(msg, hdr);
4384
4385 nla_put_failure:
4386 genlmsg_cancel(msg, hdr);
4387 return -EMSGSIZE;
4388}
4389
4390void nl80211_send_scan_start(struct cfg80211_registered_device *rdev,
4391 struct net_device *netdev)
4392{
4393 struct sk_buff *msg;
4394
4395 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
4396 if (!msg)
4397 return;
4398
4399 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4400 NL80211_CMD_TRIGGER_SCAN) < 0) {
4401 nlmsg_free(msg);
4402 return;
4403 }
4404
4405 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4406 nl80211_scan_mcgrp.id, GFP_KERNEL);
4407}
4408
4409void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
4410 struct net_device *netdev)
4411{
4412 struct sk_buff *msg;
4413
4414 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4415 if (!msg)
4416 return;
4417
4418 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4419 NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
4420 nlmsg_free(msg);
4421 return;
4422 }
4423
4424 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4425 nl80211_scan_mcgrp.id, GFP_KERNEL);
4426}
4427
4428void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
4429 struct net_device *netdev)
4430{
4431 struct sk_buff *msg;
4432
4433 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4434 if (!msg)
4435 return;
4436
4437 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0,
4438 NL80211_CMD_SCAN_ABORTED) < 0) {
4439 nlmsg_free(msg);
4440 return;
4441 }
4442
4443 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4444 nl80211_scan_mcgrp.id, GFP_KERNEL);
4445}
4446
4447
4448
4449
4450
4451void nl80211_send_reg_change_event(struct regulatory_request *request)
4452{
4453 struct sk_buff *msg;
4454 void *hdr;
4455
4456 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
4457 if (!msg)
4458 return;
4459
4460 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
4461 if (!hdr) {
4462 nlmsg_free(msg);
4463 return;
4464 }
4465
4466
4467 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
4468
4469 if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
4470 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4471 NL80211_REGDOM_TYPE_WORLD);
4472 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
4473 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4474 NL80211_REGDOM_TYPE_CUSTOM_WORLD);
4475 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
4476 request->intersect)
4477 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4478 NL80211_REGDOM_TYPE_INTERSECTION);
4479 else {
4480 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
4481 NL80211_REGDOM_TYPE_COUNTRY);
4482 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
4483 }
4484
4485 if (wiphy_idx_valid(request->wiphy_idx))
4486 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
4487
4488 if (genlmsg_end(msg, hdr) < 0) {
4489 nlmsg_free(msg);
4490 return;
4491 }
4492
4493 rcu_read_lock();
4494 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
4495 GFP_ATOMIC);
4496 rcu_read_unlock();
4497
4498 return;
4499
4500nla_put_failure:
4501 genlmsg_cancel(msg, hdr);
4502 nlmsg_free(msg);
4503}
4504
4505static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
4506 struct net_device *netdev,
4507 const u8 *buf, size_t len,
4508 enum nl80211_commands cmd, gfp_t gfp)
4509{
4510 struct sk_buff *msg;
4511 void *hdr;
4512
4513 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4514 if (!msg)
4515 return;
4516
4517 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
4518 if (!hdr) {
4519 nlmsg_free(msg);
4520 return;
4521 }
4522
4523 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4524 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4525 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
4526
4527 if (genlmsg_end(msg, hdr) < 0) {
4528 nlmsg_free(msg);
4529 return;
4530 }
4531
4532 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4533 nl80211_mlme_mcgrp.id, gfp);
4534 return;
4535
4536 nla_put_failure:
4537 genlmsg_cancel(msg, hdr);
4538 nlmsg_free(msg);
4539}
4540
4541void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
4542 struct net_device *netdev, const u8 *buf,
4543 size_t len, gfp_t gfp)
4544{
4545 nl80211_send_mlme_event(rdev, netdev, buf, len,
4546 NL80211_CMD_AUTHENTICATE, gfp);
4547}
4548
4549void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
4550 struct net_device *netdev, const u8 *buf,
4551 size_t len, gfp_t gfp)
4552{
4553 nl80211_send_mlme_event(rdev, netdev, buf, len,
4554 NL80211_CMD_ASSOCIATE, gfp);
4555}
4556
4557void nl80211_send_deauth(struct cfg80211_registered_device *rdev,
4558 struct net_device *netdev, const u8 *buf,
4559 size_t len, gfp_t gfp)
4560{
4561 nl80211_send_mlme_event(rdev, netdev, buf, len,
4562 NL80211_CMD_DEAUTHENTICATE, gfp);
4563}
4564
4565void nl80211_send_disassoc(struct cfg80211_registered_device *rdev,
4566 struct net_device *netdev, const u8 *buf,
4567 size_t len, gfp_t gfp)
4568{
4569 nl80211_send_mlme_event(rdev, netdev, buf, len,
4570 NL80211_CMD_DISASSOCIATE, gfp);
4571}
4572
4573static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev,
4574 struct net_device *netdev, int cmd,
4575 const u8 *addr, gfp_t gfp)
4576{
4577 struct sk_buff *msg;
4578 void *hdr;
4579
4580 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4581 if (!msg)
4582 return;
4583
4584 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
4585 if (!hdr) {
4586 nlmsg_free(msg);
4587 return;
4588 }
4589
4590 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4591 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4592 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT);
4593 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4594
4595 if (genlmsg_end(msg, hdr) < 0) {
4596 nlmsg_free(msg);
4597 return;
4598 }
4599
4600 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4601 nl80211_mlme_mcgrp.id, gfp);
4602 return;
4603
4604 nla_put_failure:
4605 genlmsg_cancel(msg, hdr);
4606 nlmsg_free(msg);
4607}
4608
4609void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev,
4610 struct net_device *netdev, const u8 *addr,
4611 gfp_t gfp)
4612{
4613 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE,
4614 addr, gfp);
4615}
4616
4617void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev,
4618 struct net_device *netdev, const u8 *addr,
4619 gfp_t gfp)
4620{
4621 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE,
4622 addr, gfp);
4623}
4624
4625void nl80211_send_connect_result(struct cfg80211_registered_device *rdev,
4626 struct net_device *netdev, const u8 *bssid,
4627 const u8 *req_ie, size_t req_ie_len,
4628 const u8 *resp_ie, size_t resp_ie_len,
4629 u16 status, gfp_t gfp)
4630{
4631 struct sk_buff *msg;
4632 void *hdr;
4633
4634 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
4635 if (!msg)
4636 return;
4637
4638 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT);
4639 if (!hdr) {
4640 nlmsg_free(msg);
4641 return;
4642 }
4643
4644 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4645 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4646 if (bssid)
4647 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
4648 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status);
4649 if (req_ie)
4650 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
4651 if (resp_ie)
4652 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
4653
4654 if (genlmsg_end(msg, hdr) < 0) {
4655 nlmsg_free(msg);
4656 return;
4657 }
4658
4659 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4660 nl80211_mlme_mcgrp.id, gfp);
4661 return;
4662
4663 nla_put_failure:
4664 genlmsg_cancel(msg, hdr);
4665 nlmsg_free(msg);
4666
4667}
4668
4669void nl80211_send_roamed(struct cfg80211_registered_device *rdev,
4670 struct net_device *netdev, const u8 *bssid,
4671 const u8 *req_ie, size_t req_ie_len,
4672 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp)
4673{
4674 struct sk_buff *msg;
4675 void *hdr;
4676
4677 msg = nlmsg_new(NLMSG_GOODSIZE, gfp);
4678 if (!msg)
4679 return;
4680
4681 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM);
4682 if (!hdr) {
4683 nlmsg_free(msg);
4684 return;
4685 }
4686
4687 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4688 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4689 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
4690 if (req_ie)
4691 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie);
4692 if (resp_ie)
4693 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie);
4694
4695 if (genlmsg_end(msg, hdr) < 0) {
4696 nlmsg_free(msg);
4697 return;
4698 }
4699
4700 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4701 nl80211_mlme_mcgrp.id, gfp);
4702 return;
4703
4704 nla_put_failure:
4705 genlmsg_cancel(msg, hdr);
4706 nlmsg_free(msg);
4707
4708}
4709
4710void nl80211_send_disconnected(struct cfg80211_registered_device *rdev,
4711 struct net_device *netdev, u16 reason,
4712 const u8 *ie, size_t ie_len, bool from_ap)
4713{
4714 struct sk_buff *msg;
4715 void *hdr;
4716
4717 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
4718 if (!msg)
4719 return;
4720
4721 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT);
4722 if (!hdr) {
4723 nlmsg_free(msg);
4724 return;
4725 }
4726
4727 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4728 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4729 if (from_ap && reason)
4730 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason);
4731 if (from_ap)
4732 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP);
4733 if (ie)
4734 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie);
4735
4736 if (genlmsg_end(msg, hdr) < 0) {
4737 nlmsg_free(msg);
4738 return;
4739 }
4740
4741 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4742 nl80211_mlme_mcgrp.id, GFP_KERNEL);
4743 return;
4744
4745 nla_put_failure:
4746 genlmsg_cancel(msg, hdr);
4747 nlmsg_free(msg);
4748
4749}
4750
4751void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev,
4752 struct net_device *netdev, const u8 *bssid,
4753 gfp_t gfp)
4754{
4755 struct sk_buff *msg;
4756 void *hdr;
4757
4758 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4759 if (!msg)
4760 return;
4761
4762 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS);
4763 if (!hdr) {
4764 nlmsg_free(msg);
4765 return;
4766 }
4767
4768 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4769 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4770 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid);
4771
4772 if (genlmsg_end(msg, hdr) < 0) {
4773 nlmsg_free(msg);
4774 return;
4775 }
4776
4777 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4778 nl80211_mlme_mcgrp.id, gfp);
4779 return;
4780
4781 nla_put_failure:
4782 genlmsg_cancel(msg, hdr);
4783 nlmsg_free(msg);
4784}
4785
4786void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev,
4787 struct net_device *netdev, const u8 *addr,
4788 enum nl80211_key_type key_type, int key_id,
4789 const u8 *tsc, gfp_t gfp)
4790{
4791 struct sk_buff *msg;
4792 void *hdr;
4793
4794 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp);
4795 if (!msg)
4796 return;
4797
4798 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE);
4799 if (!hdr) {
4800 nlmsg_free(msg);
4801 return;
4802 }
4803
4804 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
4805 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
4806 if (addr)
4807 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
4808 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type);
4809 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id);
4810 if (tsc)
4811 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc);
4812
4813 if (genlmsg_end(msg, hdr) < 0) {
4814 nlmsg_free(msg);
4815 return;
4816 }
4817
4818 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0,
4819 nl80211_mlme_mcgrp.id, gfp);
4820 return;
4821
4822 nla_put_failure:
4823 genlmsg_cancel(msg, hdr);
4824 nlmsg_free(msg);
4825}
4826
4827void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
4828 struct ieee80211_channel *channel_before,
4829 struct ieee80211_channel *channel_after)
4830{
4831 struct sk_buff *msg;
4832 void *hdr;
4833 struct nlattr *nl_freq;
4834
4835 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC);
4836 if (!msg)
4837 return;
4838
4839 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT);
4840 if (!hdr) {
4841 nlmsg_free(msg);
4842 return;
4843 }
4844
4845
4846
4847
4848
4849 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy));
4850
4851
4852 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE);
4853 if (!nl_freq)
4854 goto nla_put_failure;
4855 if (nl80211_msg_put_channel(msg, channel_before))
4856 goto nla_put_failure;
4857 nla_nest_end(msg, nl_freq);
4858
4859
4860 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER);
4861 if (!nl_freq)
4862 goto nla_put_failure;
4863 if (nl80211_msg_put_channel(msg, channel_after))
4864 goto nla_put_failure;
4865 nla_nest_end(msg, nl_freq);
4866
4867 if (genlmsg_end(msg, hdr) < 0) {
4868 nlmsg_free(msg);
4869 return;
4870 }
4871
4872 rcu_read_lock();
4873 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id,
4874 GFP_ATOMIC);
4875 rcu_read_unlock();
4876
4877 return;
4878
4879nla_put_failure:
4880 genlmsg_cancel(msg, hdr);
4881 nlmsg_free(msg);
4882}
4883
4884
4885
4886int nl80211_init(void)
4887{
4888 int err;
4889
4890 err = genl_register_family_with_ops(&nl80211_fam,
4891 nl80211_ops, ARRAY_SIZE(nl80211_ops));
4892 if (err)
4893 return err;
4894
4895 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
4896 if (err)
4897 goto err_out;
4898
4899 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
4900 if (err)
4901 goto err_out;
4902
4903 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
4904 if (err)
4905 goto err_out;
4906
4907 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
4908 if (err)
4909 goto err_out;
4910
4911#ifdef CONFIG_NL80211_TESTMODE
4912 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp);
4913 if (err)
4914 goto err_out;
4915#endif
4916
4917 return 0;
4918 err_out:
4919 genl_unregister_family(&nl80211_fam);
4920 return err;
4921}
4922
4923void nl80211_exit(void)
4924{
4925 genl_unregister_family(&nl80211_fam);
4926}
4927
