1/* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7#include <linux/if.h> 8#include <linux/module.h> 9#include <linux/err.h> 10#include <linux/slab.h> 11#include <linux/list.h> 12#include <linux/if_ether.h> 13#include <linux/ieee80211.h> 14#include <linux/nl80211.h> 15#include <linux/rtnetlink.h> 16#include <linux/netlink.h> 17#include <linux/etherdevice.h> 18#include <net/net_namespace.h> 19#include <net/genetlink.h> 20#include <net/cfg80211.h> 21#include <net/sock.h> 22#include "core.h" 23#include "nl80211.h" 24#include "reg.h" 25 26/* the netlink family */ 27static struct genl_family nl80211_fam = { 28 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 29 .name = "nl80211", /* have users key off the name instead */ 30 .hdrsize = 0, /* no private header */ 31 .version = 1, /* no particular meaning now */ 32 .maxattr = NL80211_ATTR_MAX, 33 .netnsok = true, 34}; 35 36/* internal helper: get rdev and dev */ 37static int get_rdev_dev_by_info_ifindex(struct genl_info *info, 38 struct cfg80211_registered_device **rdev, 39 struct net_device **dev) 40{ 41 struct nlattr **attrs = info->attrs; 42 int ifindex; 43 44 if (!attrs[NL80211_ATTR_IFINDEX]) 45 return -EINVAL; 46 47 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 48 *dev = dev_get_by_index(genl_info_net(info), ifindex); 49 if (!*dev) 50 return -ENODEV; 51 52 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex); 53 if (IS_ERR(*rdev)) { 54 dev_put(*dev); 55 return PTR_ERR(*rdev); 56 } 57 58 return 0; 59} 60 61/* policy for the attributes */ 62static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 65 .len = 20-1 }, 66 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 67 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 68 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 69 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 74 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 77 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 78 79 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN }, 80 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN }, 81 82 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 83 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 84 .len = WLAN_MAX_KEY_LEN }, 85 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 86 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 87 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 88 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 89 90 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 91 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 92 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 93 .len = IEEE80211_MAX_DATA_LEN }, 94 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 95 .len = IEEE80211_MAX_DATA_LEN }, 96 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 97 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 98 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 99 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 100 .len = NL80211_MAX_SUPP_RATES }, 101 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 102 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 103 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 104 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 105 .len = IEEE80211_MAX_MESH_ID_LEN }, 106 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 107 108 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 109 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 110 111 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 112 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 113 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 114 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 115 .len = NL80211_MAX_SUPP_RATES }, 116 117 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED }, 118 119 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 120 .len = NL80211_HT_CAPABILITY_LEN }, 121 122 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 123 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 124 .len = IEEE80211_MAX_DATA_LEN }, 125 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 127 128 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 129 .len = IEEE80211_MAX_SSID_LEN }, 130 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 131 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 132 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 134 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 135 [NL80211_ATTR_STA_FLAGS2] = { 136 .len = sizeof(struct nl80211_sta_flag_update), 137 }, 138 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 139 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 145 .len = WLAN_PMKID_LEN }, 146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 150 .len = IEEE80211_MAX_DATA_LEN }, 151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 153 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 154 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 156 157 [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 }, 158 [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 }, 159}; 160 161/* policy for the attributes */ 162static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 163 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 164 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 165 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 166 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 167 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 168 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 169}; 170 171/* ifidx get helper */ 172static int nl80211_get_ifidx(struct netlink_callback *cb) 173{ 174 int res; 175 176 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 177 nl80211_fam.attrbuf, nl80211_fam.maxattr, 178 nl80211_policy); 179 if (res) 180 return res; 181 182 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 183 return -EINVAL; 184 185 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 186 if (!res) 187 return -EINVAL; 188 return res; 189} 190 191/* IE validation */ 192static bool is_valid_ie_attr(const struct nlattr *attr) 193{ 194 const u8 *pos; 195 int len; 196 197 if (!attr) 198 return true; 199 200 pos = nla_data(attr); 201 len = nla_len(attr); 202 203 while (len) { 204 u8 elemlen; 205 206 if (len < 2) 207 return false; 208 len -= 2; 209 210 elemlen = pos[1]; 211 if (elemlen > len) 212 return false; 213 214 len -= elemlen; 215 pos += 2 + elemlen; 216 } 217 218 return true; 219} 220 221/* message building helper */ 222static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 223 int flags, u8 cmd) 224{ 225 /* since there is no private header just add the generic one */ 226 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 227} 228 229static int nl80211_msg_put_channel(struct sk_buff *msg, 230 struct ieee80211_channel *chan) 231{ 232 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 233 chan->center_freq); 234 235 if (chan->flags & IEEE80211_CHAN_DISABLED) 236 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 237 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 238 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 239 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 240 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 241 if (chan->flags & IEEE80211_CHAN_RADAR) 242 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 243 244 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 245 DBM_TO_MBM(chan->max_power)); 246 247 return 0; 248 249 nla_put_failure: 250 return -ENOBUFS; 251} 252 253/* netlink command implementations */ 254 255struct key_parse { 256 struct key_params p; 257 int idx; 258 bool def, defmgmt; 259}; 260 261static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 262{ 263 struct nlattr *tb[NL80211_KEY_MAX + 1]; 264 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 265 nl80211_key_policy); 266 if (err) 267 return err; 268 269 k->def = !!tb[NL80211_KEY_DEFAULT]; 270 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 271 272 if (tb[NL80211_KEY_IDX]) 273 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 274 275 if (tb[NL80211_KEY_DATA]) { 276 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 277 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 278 } 279 280 if (tb[NL80211_KEY_SEQ]) { 281 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 282 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 283 } 284 285 if (tb[NL80211_KEY_CIPHER]) 286 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 287 288 return 0; 289} 290 291static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 292{ 293 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 294 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 295 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 296 } 297 298 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 299 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 300 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 301 } 302 303 if (info->attrs[NL80211_ATTR_KEY_IDX]) 304 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 305 306 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 307 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 308 309 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 310 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 311 312 return 0; 313} 314 315static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 316{ 317 int err; 318 319 memset(k, 0, sizeof(*k)); 320 k->idx = -1; 321 322 if (info->attrs[NL80211_ATTR_KEY]) 323 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 324 else 325 err = nl80211_parse_key_old(info, k); 326 327 if (err) 328 return err; 329 330 if (k->def && k->defmgmt) 331 return -EINVAL; 332 333 if (k->idx != -1) { 334 if (k->defmgmt) { 335 if (k->idx < 4 || k->idx > 5) 336 return -EINVAL; 337 } else if (k->def) { 338 if (k->idx < 0 || k->idx > 3) 339 return -EINVAL; 340 } else { 341 if (k->idx < 0 || k->idx > 5) 342 return -EINVAL; 343 } 344 } 345 346 return 0; 347} 348 349static struct cfg80211_cached_keys * 350nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 351 struct nlattr *keys) 352{ 353 struct key_parse parse; 354 struct nlattr *key; 355 struct cfg80211_cached_keys *result; 356 int rem, err, def = 0; 357 358 result = kzalloc(sizeof(*result), GFP_KERNEL); 359 if (!result) 360 return ERR_PTR(-ENOMEM); 361 362 result->def = -1; 363 result->defmgmt = -1; 364 365 nla_for_each_nested(key, keys, rem) { 366 memset(&parse, 0, sizeof(parse)); 367 parse.idx = -1; 368 369 err = nl80211_parse_key_new(key, &parse); 370 if (err) 371 goto error; 372 err = -EINVAL; 373 if (!parse.p.key) 374 goto error; 375 if (parse.idx < 0 || parse.idx > 4) 376 goto error; 377 if (parse.def) { 378 if (def) 379 goto error; 380 def = 1; 381 result->def = parse.idx; 382 } else if (parse.defmgmt) 383 goto error; 384 err = cfg80211_validate_key_settings(rdev, &parse.p, 385 parse.idx, NULL); 386 if (err) 387 goto error; 388 result->params[parse.idx].cipher = parse.p.cipher; 389 result->params[parse.idx].key_len = parse.p.key_len; 390 result->params[parse.idx].key = result->data[parse.idx]; 391 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 392 } 393 394 return result; 395 error: 396 kfree(result); 397 return ERR_PTR(err); 398} 399 400static int nl80211_key_allowed(struct wireless_dev *wdev) 401{ 402 ASSERT_WDEV_LOCK(wdev); 403 404 if (!netif_running(wdev->netdev)) 405 return -ENETDOWN; 406 407 switch (wdev->iftype) { 408 case NL80211_IFTYPE_AP: 409 case NL80211_IFTYPE_AP_VLAN: 410 break; 411 case NL80211_IFTYPE_ADHOC: 412 if (!wdev->current_bss) 413 return -ENOLINK; 414 break; 415 case NL80211_IFTYPE_STATION: 416 if (wdev->sme_state != CFG80211_SME_CONNECTED) 417 return -ENOLINK; 418 break; 419 default: 420 return -EINVAL; 421 } 422 423 return 0; 424} 425 426static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 427 struct cfg80211_registered_device *dev) 428{ 429 void *hdr; 430 struct nlattr *nl_bands, *nl_band; 431 struct nlattr *nl_freqs, *nl_freq; 432 struct nlattr *nl_rates, *nl_rate; 433 struct nlattr *nl_modes; 434 struct nlattr *nl_cmds; 435 enum ieee80211_band band; 436 struct ieee80211_channel *chan; 437 struct ieee80211_rate *rate; 438 int i; 439 u16 ifmodes = dev->wiphy.interface_modes; 440 441 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 442 if (!hdr) 443 return -1; 444 445 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 446 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 447 448 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 449 cfg80211_rdev_list_generation); 450 451 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 452 dev->wiphy.retry_short); 453 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 454 dev->wiphy.retry_long); 455 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 456 dev->wiphy.frag_threshold); 457 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 458 dev->wiphy.rts_threshold); 459 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 460 dev->wiphy.coverage_class); 461 462 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 463 dev->wiphy.max_scan_ssids); 464 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 465 dev->wiphy.max_scan_ie_len); 466 467 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 468 sizeof(u32) * dev->wiphy.n_cipher_suites, 469 dev->wiphy.cipher_suites); 470 471 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 472 dev->wiphy.max_num_pmkids); 473 474 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 475 if (!nl_modes) 476 goto nla_put_failure; 477 478 i = 0; 479 while (ifmodes) { 480 if (ifmodes & 1) 481 NLA_PUT_FLAG(msg, i); 482 ifmodes >>= 1; 483 i++; 484 } 485 486 nla_nest_end(msg, nl_modes); 487 488 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 489 if (!nl_bands) 490 goto nla_put_failure; 491 492 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 493 if (!dev->wiphy.bands[band]) 494 continue; 495 496 nl_band = nla_nest_start(msg, band); 497 if (!nl_band) 498 goto nla_put_failure; 499 500 /* add HT info */ 501 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 502 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 503 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 504 &dev->wiphy.bands[band]->ht_cap.mcs); 505 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 506 dev->wiphy.bands[band]->ht_cap.cap); 507 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 508 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 509 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 510 dev->wiphy.bands[band]->ht_cap.ampdu_density); 511 } 512 513 /* add frequencies */ 514 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 515 if (!nl_freqs) 516 goto nla_put_failure; 517 518 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 519 nl_freq = nla_nest_start(msg, i); 520 if (!nl_freq) 521 goto nla_put_failure; 522 523 chan = &dev->wiphy.bands[band]->channels[i]; 524 525 if (nl80211_msg_put_channel(msg, chan)) 526 goto nla_put_failure; 527 528 nla_nest_end(msg, nl_freq); 529 } 530 531 nla_nest_end(msg, nl_freqs); 532 533 /* add bitrates */ 534 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 535 if (!nl_rates) 536 goto nla_put_failure; 537 538 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 539 nl_rate = nla_nest_start(msg, i); 540 if (!nl_rate) 541 goto nla_put_failure; 542 543 rate = &dev->wiphy.bands[band]->bitrates[i]; 544 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 545 rate->bitrate); 546 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 547 NLA_PUT_FLAG(msg, 548 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 549 550 nla_nest_end(msg, nl_rate); 551 } 552 553 nla_nest_end(msg, nl_rates); 554 555 nla_nest_end(msg, nl_band); 556 } 557 nla_nest_end(msg, nl_bands); 558 559 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 560 if (!nl_cmds) 561 goto nla_put_failure; 562 563 i = 0; 564#define CMD(op, n) \ 565 do { \ 566 if (dev->ops->op) { \ 567 i++; \ 568 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 569 } \ 570 } while (0) 571 572 CMD(add_virtual_intf, NEW_INTERFACE); 573 CMD(change_virtual_intf, SET_INTERFACE); 574 CMD(add_key, NEW_KEY); 575 CMD(add_beacon, NEW_BEACON); 576 CMD(add_station, NEW_STATION); 577 CMD(add_mpath, NEW_MPATH); 578 CMD(set_mesh_params, SET_MESH_PARAMS); 579 CMD(change_bss, SET_BSS); 580 CMD(auth, AUTHENTICATE); 581 CMD(assoc, ASSOCIATE); 582 CMD(deauth, DEAUTHENTICATE); 583 CMD(disassoc, DISASSOCIATE); 584 CMD(join_ibss, JOIN_IBSS); 585 CMD(set_pmksa, SET_PMKSA); 586 CMD(del_pmksa, DEL_PMKSA); 587 CMD(flush_pmksa, FLUSH_PMKSA); 588 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 589 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 590 CMD(action, ACTION); 591 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 592 i++; 593 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 594 } 595 CMD(set_channel, SET_CHANNEL); 596 597#undef CMD 598 599 if (dev->ops->connect || dev->ops->auth) { 600 i++; 601 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 602 } 603 604 if (dev->ops->disconnect || dev->ops->deauth) { 605 i++; 606 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 607 } 608 609 nla_nest_end(msg, nl_cmds); 610 611 return genlmsg_end(msg, hdr); 612 613 nla_put_failure: 614 genlmsg_cancel(msg, hdr); 615 return -EMSGSIZE; 616} 617 618static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 619{ 620 int idx = 0; 621 int start = cb->args[0]; 622 struct cfg80211_registered_device *dev; 623 624 mutex_lock(&cfg80211_mutex); 625 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 626 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 627 continue; 628 if (++idx <= start) 629 continue; 630 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 631 cb->nlh->nlmsg_seq, NLM_F_MULTI, 632 dev) < 0) { 633 idx--; 634 break; 635 } 636 } 637 mutex_unlock(&cfg80211_mutex); 638 639 cb->args[0] = idx; 640 641 return skb->len; 642} 643 644static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 645{ 646 struct sk_buff *msg; 647 struct cfg80211_registered_device *dev; 648 649 dev = cfg80211_get_dev_from_info(info); 650 if (IS_ERR(dev)) 651 return PTR_ERR(dev); 652 653 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 654 if (!msg) 655 goto out_err; 656 657 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) 658 goto out_free; 659 660 cfg80211_unlock_rdev(dev); 661 662 return genlmsg_reply(msg, info); 663 664 out_free: 665 nlmsg_free(msg); 666 out_err: 667 cfg80211_unlock_rdev(dev); 668 return -ENOBUFS; 669} 670 671static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 672 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 673 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 674 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 675 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 676 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 677}; 678 679static int parse_txq_params(struct nlattr *tb[], 680 struct ieee80211_txq_params *txq_params) 681{ 682 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 683 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 684 !tb[NL80211_TXQ_ATTR_AIFS]) 685 return -EINVAL; 686 687 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 688 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 689 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 690 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 691 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 692 693 return 0; 694} 695 696static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 697{ 698 /* 699 * You can only set the channel explicitly for AP, mesh 700 * and WDS type interfaces; all others have their channel 701 * managed via their respective "establish a connection" 702 * command (connect, join, ...) 703 * 704 * Monitors are special as they are normally slaved to 705 * whatever else is going on, so they behave as though 706 * you tried setting the wiphy channel itself. 707 */ 708 return !wdev || 709 wdev->iftype == NL80211_IFTYPE_AP || 710 wdev->iftype == NL80211_IFTYPE_WDS || 711 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 712 wdev->iftype == NL80211_IFTYPE_MONITOR; 713} 714 715static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 716 struct wireless_dev *wdev, 717 struct genl_info *info) 718{ 719 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 720 u32 freq; 721 int result; 722 723 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 724 return -EINVAL; 725 726 if (!nl80211_can_set_dev_channel(wdev)) 727 return -EOPNOTSUPP; 728 729 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 730 channel_type = nla_get_u32(info->attrs[ 731 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 732 if (channel_type != NL80211_CHAN_NO_HT && 733 channel_type != NL80211_CHAN_HT20 && 734 channel_type != NL80211_CHAN_HT40PLUS && 735 channel_type != NL80211_CHAN_HT40MINUS) 736 return -EINVAL; 737 } 738 739 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 740 741 mutex_lock(&rdev->devlist_mtx); 742 if (wdev) { 743 wdev_lock(wdev); 744 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 745 wdev_unlock(wdev); 746 } else { 747 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 748 } 749 mutex_unlock(&rdev->devlist_mtx); 750 751 return result; 752} 753 754static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 755{ 756 struct cfg80211_registered_device *rdev; 757 struct net_device *netdev; 758 int result; 759 760 rtnl_lock(); 761 762 result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev); 763 if (result) 764 goto unlock_rtnl; 765 766 result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 767 768 dev_put(netdev); 769 cfg80211_unlock_rdev(rdev); 770 unlock_rtnl: 771 rtnl_unlock(); 772 773 return result; 774} 775 776static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 777{ 778 struct cfg80211_registered_device *rdev; 779 struct net_device *netdev = NULL; 780 struct wireless_dev *wdev; 781 int result, rem_txq_params = 0; 782 struct nlattr *nl_txq_params; 783 u32 changed; 784 u8 retry_short = 0, retry_long = 0; 785 u32 frag_threshold = 0, rts_threshold = 0; 786 u8 coverage_class = 0; 787 788 rtnl_lock(); 789 790 /* 791 * Try to find the wiphy and netdev. Normally this 792 * function shouldn't need the netdev, but this is 793 * done for backward compatibility -- previously 794 * setting the channel was done per wiphy, but now 795 * it is per netdev. Previous userland like hostapd 796 * also passed a netdev to set_wiphy, so that it is 797 * possible to let that go to the right netdev! 798 */ 799 mutex_lock(&cfg80211_mutex); 800 801 if (info->attrs[NL80211_ATTR_IFINDEX]) { 802 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 803 804 netdev = dev_get_by_index(genl_info_net(info), ifindex); 805 if (netdev && netdev->ieee80211_ptr) { 806 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 807 mutex_lock(&rdev->mtx); 808 } else 809 netdev = NULL; 810 } 811 812 if (!netdev) { 813 rdev = __cfg80211_rdev_from_info(info); 814 if (IS_ERR(rdev)) { 815 mutex_unlock(&cfg80211_mutex); 816 result = PTR_ERR(rdev); 817 goto unlock; 818 } 819 wdev = NULL; 820 netdev = NULL; 821 result = 0; 822 823 mutex_lock(&rdev->mtx); 824 } else if (netif_running(netdev) && 825 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 826 wdev = netdev->ieee80211_ptr; 827 else 828 wdev = NULL; 829 830 831 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 832 result = cfg80211_dev_rename( 833 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 834 835 mutex_unlock(&cfg80211_mutex); 836 837 if (result) 838 goto bad_res; 839 840 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 841 struct ieee80211_txq_params txq_params; 842 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 843 844 if (!rdev->ops->set_txq_params) { 845 result = -EOPNOTSUPP; 846 goto bad_res; 847 } 848 849 nla_for_each_nested(nl_txq_params, 850 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 851 rem_txq_params) { 852 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 853 nla_data(nl_txq_params), 854 nla_len(nl_txq_params), 855 txq_params_policy); 856 result = parse_txq_params(tb, &txq_params); 857 if (result) 858 goto bad_res; 859 860 result = rdev->ops->set_txq_params(&rdev->wiphy, 861 &txq_params); 862 if (result) 863 goto bad_res; 864 } 865 } 866 867 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 868 result = __nl80211_set_channel(rdev, wdev, info); 869 if (result) 870 goto bad_res; 871 } 872 873 if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) { 874 enum nl80211_tx_power_setting type; 875 int idx, mbm = 0; 876 877 if (!rdev->ops->set_tx_power) { 878 result = -EOPNOTSUPP; 879 goto bad_res; 880 } 881 882 idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING; 883 type = nla_get_u32(info->attrs[idx]); 884 885 if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] && 886 (type != NL80211_TX_POWER_AUTOMATIC)) { 887 result = -EINVAL; 888 goto bad_res; 889 } 890 891 if (type != NL80211_TX_POWER_AUTOMATIC) { 892 idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL; 893 mbm = nla_get_u32(info->attrs[idx]); 894 } 895 896 result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm); 897 if (result) 898 goto bad_res; 899 } 900 901 changed = 0; 902 903 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 904 retry_short = nla_get_u8( 905 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 906 if (retry_short == 0) { 907 result = -EINVAL; 908 goto bad_res; 909 } 910 changed |= WIPHY_PARAM_RETRY_SHORT; 911 } 912 913 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 914 retry_long = nla_get_u8( 915 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 916 if (retry_long == 0) { 917 result = -EINVAL; 918 goto bad_res; 919 } 920 changed |= WIPHY_PARAM_RETRY_LONG; 921 } 922 923 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 924 frag_threshold = nla_get_u32( 925 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 926 if (frag_threshold < 256) { 927 result = -EINVAL; 928 goto bad_res; 929 } 930 if (frag_threshold != (u32) -1) { 931 /* 932 * Fragments (apart from the last one) are required to 933 * have even length. Make the fragmentation code 934 * simpler by stripping LSB should someone try to use 935 * odd threshold value. 936 */ 937 frag_threshold &= ~0x1; 938 } 939 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 940 } 941 942 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 943 rts_threshold = nla_get_u32( 944 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 945 changed |= WIPHY_PARAM_RTS_THRESHOLD; 946 } 947 948 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 949 coverage_class = nla_get_u8( 950 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 951 changed |= WIPHY_PARAM_COVERAGE_CLASS; 952 } 953 954 if (changed) { 955 u8 old_retry_short, old_retry_long; 956 u32 old_frag_threshold, old_rts_threshold; 957 u8 old_coverage_class; 958 959 if (!rdev->ops->set_wiphy_params) { 960 result = -EOPNOTSUPP; 961 goto bad_res; 962 } 963 964 old_retry_short = rdev->wiphy.retry_short; 965 old_retry_long = rdev->wiphy.retry_long; 966 old_frag_threshold = rdev->wiphy.frag_threshold; 967 old_rts_threshold = rdev->wiphy.rts_threshold; 968 old_coverage_class = rdev->wiphy.coverage_class; 969 970 if (changed & WIPHY_PARAM_RETRY_SHORT) 971 rdev->wiphy.retry_short = retry_short; 972 if (changed & WIPHY_PARAM_RETRY_LONG) 973 rdev->wiphy.retry_long = retry_long; 974 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 975 rdev->wiphy.frag_threshold = frag_threshold; 976 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 977 rdev->wiphy.rts_threshold = rts_threshold; 978 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 979 rdev->wiphy.coverage_class = coverage_class; 980 981 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 982 if (result) { 983 rdev->wiphy.retry_short = old_retry_short; 984 rdev->wiphy.retry_long = old_retry_long; 985 rdev->wiphy.frag_threshold = old_frag_threshold; 986 rdev->wiphy.rts_threshold = old_rts_threshold; 987 rdev->wiphy.coverage_class = old_coverage_class; 988 } 989 } 990 991 bad_res: 992 mutex_unlock(&rdev->mtx); 993 if (netdev) 994 dev_put(netdev); 995 unlock: 996 rtnl_unlock(); 997 return result; 998} 999 1000 1001static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 1002 struct cfg80211_registered_device *rdev, 1003 struct net_device *dev) 1004{ 1005 void *hdr; 1006 1007 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 1008 if (!hdr) 1009 return -1; 1010 1011 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1012 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 1013 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 1014 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 1015 1016 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 1017 rdev->devlist_generation ^ 1018 (cfg80211_rdev_list_generation << 2)); 1019 1020 return genlmsg_end(msg, hdr); 1021 1022 nla_put_failure: 1023 genlmsg_cancel(msg, hdr); 1024 return -EMSGSIZE; 1025} 1026 1027static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 1028{ 1029 int wp_idx = 0; 1030 int if_idx = 0; 1031 int wp_start = cb->args[0]; 1032 int if_start = cb->args[1]; 1033 struct cfg80211_registered_device *rdev; 1034 struct wireless_dev *wdev; 1035 1036 mutex_lock(&cfg80211_mutex); 1037 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1038 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1039 continue; 1040 if (wp_idx < wp_start) { 1041 wp_idx++; 1042 continue; 1043 } 1044 if_idx = 0; 1045 1046 mutex_lock(&rdev->devlist_mtx); 1047 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1048 if (if_idx < if_start) { 1049 if_idx++; 1050 continue; 1051 } 1052 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1053 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1054 rdev, wdev->netdev) < 0) { 1055 mutex_unlock(&rdev->devlist_mtx); 1056 goto out; 1057 } 1058 if_idx++; 1059 } 1060 mutex_unlock(&rdev->devlist_mtx); 1061 1062 wp_idx++; 1063 } 1064 out: 1065 mutex_unlock(&cfg80211_mutex); 1066 1067 cb->args[0] = wp_idx; 1068 cb->args[1] = if_idx; 1069 1070 return skb->len; 1071} 1072 1073static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1074{ 1075 struct sk_buff *msg; 1076 struct cfg80211_registered_device *dev; 1077 struct net_device *netdev; 1078 int err; 1079 1080 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev); 1081 if (err) 1082 return err; 1083 1084 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1085 if (!msg) 1086 goto out_err; 1087 1088 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1089 dev, netdev) < 0) 1090 goto out_free; 1091 1092 dev_put(netdev); 1093 cfg80211_unlock_rdev(dev); 1094 1095 return genlmsg_reply(msg, info); 1096 1097 out_free: 1098 nlmsg_free(msg); 1099 out_err: 1100 dev_put(netdev); 1101 cfg80211_unlock_rdev(dev); 1102 return -ENOBUFS; 1103} 1104 1105static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1106 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1107 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1108 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1109 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1110 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1111}; 1112 1113static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1114{ 1115 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1116 int flag; 1117 1118 *mntrflags = 0; 1119 1120 if (!nla) 1121 return -EINVAL; 1122 1123 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1124 nla, mntr_flags_policy)) 1125 return -EINVAL; 1126 1127 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1128 if (flags[flag]) 1129 *mntrflags |= (1<<flag); 1130 1131 return 0; 1132} 1133 1134static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1135 struct net_device *netdev, u8 use_4addr, 1136 enum nl80211_iftype iftype) 1137{ 1138 if (!use_4addr) { 1139 if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT)) 1140 return -EBUSY; 1141 return 0; 1142 } 1143 1144 switch (iftype) { 1145 case NL80211_IFTYPE_AP_VLAN: 1146 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1147 return 0; 1148 break; 1149 case NL80211_IFTYPE_STATION: 1150 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1151 return 0; 1152 break; 1153 default: 1154 break; 1155 } 1156 1157 return -EOPNOTSUPP; 1158} 1159 1160static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1161{ 1162 struct cfg80211_registered_device *rdev; 1163 struct vif_params params; 1164 int err; 1165 enum nl80211_iftype otype, ntype; 1166 struct net_device *dev; 1167 u32 _flags, *flags = NULL; 1168 bool change = false; 1169 1170 memset(¶ms, 0, sizeof(params)); 1171 1172 rtnl_lock(); 1173 1174 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1175 if (err) 1176 goto unlock_rtnl; 1177 1178 otype = ntype = dev->ieee80211_ptr->iftype; 1179 1180 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1181 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1182 if (otype != ntype) 1183 change = true; 1184 if (ntype > NL80211_IFTYPE_MAX) { 1185 err = -EINVAL; 1186 goto unlock; 1187 } 1188 } 1189 1190 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1191 if (ntype != NL80211_IFTYPE_MESH_POINT) { 1192 err = -EINVAL; 1193 goto unlock; 1194 } 1195 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1196 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1197 change = true; 1198 } 1199 1200 if (info->attrs[NL80211_ATTR_4ADDR]) { 1201 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1202 change = true; 1203 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1204 if (err) 1205 goto unlock; 1206 } else { 1207 params.use_4addr = -1; 1208 } 1209 1210 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1211 if (ntype != NL80211_IFTYPE_MONITOR) { 1212 err = -EINVAL; 1213 goto unlock; 1214 } 1215 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1216 &_flags); 1217 if (err) 1218 goto unlock; 1219 1220 flags = &_flags; 1221 change = true; 1222 } 1223 1224 if (change) 1225 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1226 else 1227 err = 0; 1228 1229 if (!err && params.use_4addr != -1) 1230 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1231 1232 unlock: 1233 dev_put(dev); 1234 cfg80211_unlock_rdev(rdev); 1235 unlock_rtnl: 1236 rtnl_unlock(); 1237 return err; 1238} 1239 1240static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1241{ 1242 struct cfg80211_registered_device *rdev; 1243 struct vif_params params; 1244 int err; 1245 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1246 u32 flags; 1247 1248 memset(¶ms, 0, sizeof(params)); 1249 1250 if (!info->attrs[NL80211_ATTR_IFNAME]) 1251 return -EINVAL; 1252 1253 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1254 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1255 if (type > NL80211_IFTYPE_MAX) 1256 return -EINVAL; 1257 } 1258 1259 rtnl_lock(); 1260 1261 rdev = cfg80211_get_dev_from_info(info); 1262 if (IS_ERR(rdev)) { 1263 err = PTR_ERR(rdev); 1264 goto unlock_rtnl; 1265 } 1266 1267 if (!rdev->ops->add_virtual_intf || 1268 !(rdev->wiphy.interface_modes & (1 << type))) { 1269 err = -EOPNOTSUPP; 1270 goto unlock; 1271 } 1272 1273 if (type == NL80211_IFTYPE_MESH_POINT && 1274 info->attrs[NL80211_ATTR_MESH_ID]) { 1275 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1276 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1277 } 1278 1279 if (info->attrs[NL80211_ATTR_4ADDR]) { 1280 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1281 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1282 if (err) 1283 goto unlock; 1284 } 1285 1286 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1287 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1288 &flags); 1289 err = rdev->ops->add_virtual_intf(&rdev->wiphy, 1290 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1291 type, err ? NULL : &flags, ¶ms); 1292 1293 unlock: 1294 cfg80211_unlock_rdev(rdev); 1295 unlock_rtnl: 1296 rtnl_unlock(); 1297 return err; 1298} 1299 1300static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1301{ 1302 struct cfg80211_registered_device *rdev; 1303 int err; 1304 struct net_device *dev; 1305 1306 rtnl_lock(); 1307 1308 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1309 if (err) 1310 goto unlock_rtnl; 1311 1312 if (!rdev->ops->del_virtual_intf) { 1313 err = -EOPNOTSUPP; 1314 goto out; 1315 } 1316 1317 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1318 1319 out: 1320 cfg80211_unlock_rdev(rdev); 1321 dev_put(dev); 1322 unlock_rtnl: 1323 rtnl_unlock(); 1324 return err; 1325} 1326 1327struct get_key_cookie { 1328 struct sk_buff *msg; 1329 int error; 1330 int idx; 1331}; 1332 1333static void get_key_callback(void *c, struct key_params *params) 1334{ 1335 struct nlattr *key; 1336 struct get_key_cookie *cookie = c; 1337 1338 if (params->key) 1339 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1340 params->key_len, params->key); 1341 1342 if (params->seq) 1343 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1344 params->seq_len, params->seq); 1345 1346 if (params->cipher) 1347 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1348 params->cipher); 1349 1350 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1351 if (!key) 1352 goto nla_put_failure; 1353 1354 if (params->key) 1355 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1356 params->key_len, params->key); 1357 1358 if (params->seq) 1359 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1360 params->seq_len, params->seq); 1361 1362 if (params->cipher) 1363 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1364 params->cipher); 1365 1366 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1367 1368 nla_nest_end(cookie->msg, key); 1369 1370 return; 1371 nla_put_failure: 1372 cookie->error = 1; 1373} 1374 1375static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1376{ 1377 struct cfg80211_registered_device *rdev; 1378 int err; 1379 struct net_device *dev; 1380 u8 key_idx = 0; 1381 u8 *mac_addr = NULL; 1382 struct get_key_cookie cookie = { 1383 .error = 0, 1384 }; 1385 void *hdr; 1386 struct sk_buff *msg; 1387 1388 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1389 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1390 1391 if (key_idx > 5) 1392 return -EINVAL; 1393 1394 if (info->attrs[NL80211_ATTR_MAC]) 1395 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1396 1397 rtnl_lock(); 1398 1399 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1400 if (err) 1401 goto unlock_rtnl; 1402 1403 if (!rdev->ops->get_key) { 1404 err = -EOPNOTSUPP; 1405 goto out; 1406 } 1407 1408 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1409 if (!msg) { 1410 err = -ENOMEM; 1411 goto out; 1412 } 1413 1414 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1415 NL80211_CMD_NEW_KEY); 1416 1417 if (IS_ERR(hdr)) { 1418 err = PTR_ERR(hdr); 1419 goto free_msg; 1420 } 1421 1422 cookie.msg = msg; 1423 cookie.idx = key_idx; 1424 1425 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1426 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1427 if (mac_addr) 1428 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1429 1430 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr, 1431 &cookie, get_key_callback); 1432 1433 if (err) 1434 goto free_msg; 1435 1436 if (cookie.error) 1437 goto nla_put_failure; 1438 1439 genlmsg_end(msg, hdr); 1440 err = genlmsg_reply(msg, info); 1441 goto out; 1442 1443 nla_put_failure: 1444 err = -ENOBUFS; 1445 free_msg: 1446 nlmsg_free(msg); 1447 out: 1448 cfg80211_unlock_rdev(rdev); 1449 dev_put(dev); 1450 unlock_rtnl: 1451 rtnl_unlock(); 1452 1453 return err; 1454} 1455 1456static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1457{ 1458 struct cfg80211_registered_device *rdev; 1459 struct key_parse key; 1460 int err; 1461 struct net_device *dev; 1462 int (*func)(struct wiphy *wiphy, struct net_device *netdev, 1463 u8 key_index); 1464 1465 err = nl80211_parse_key(info, &key); 1466 if (err) 1467 return err; 1468 1469 if (key.idx < 0) 1470 return -EINVAL; 1471 1472 /* only support setting default key */ 1473 if (!key.def && !key.defmgmt) 1474 return -EINVAL; 1475 1476 rtnl_lock(); 1477 1478 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1479 if (err) 1480 goto unlock_rtnl; 1481 1482 if (key.def) 1483 func = rdev->ops->set_default_key; 1484 else 1485 func = rdev->ops->set_default_mgmt_key; 1486 1487 if (!func) { 1488 err = -EOPNOTSUPP; 1489 goto out; 1490 } 1491 1492 wdev_lock(dev->ieee80211_ptr); 1493 err = nl80211_key_allowed(dev->ieee80211_ptr); 1494 if (!err) 1495 err = func(&rdev->wiphy, dev, key.idx); 1496 1497#ifdef CONFIG_CFG80211_WEXT 1498 if (!err) { 1499 if (func == rdev->ops->set_default_key) 1500 dev->ieee80211_ptr->wext.default_key = key.idx; 1501 else 1502 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1503 } 1504#endif 1505 wdev_unlock(dev->ieee80211_ptr); 1506 1507 out: 1508 cfg80211_unlock_rdev(rdev); 1509 dev_put(dev); 1510 1511 unlock_rtnl: 1512 rtnl_unlock(); 1513 1514 return err; 1515} 1516 1517static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1518{ 1519 struct cfg80211_registered_device *rdev; 1520 int err; 1521 struct net_device *dev; 1522 struct key_parse key; 1523 u8 *mac_addr = NULL; 1524 1525 err = nl80211_parse_key(info, &key); 1526 if (err) 1527 return err; 1528 1529 if (!key.p.key) 1530 return -EINVAL; 1531 1532 if (info->attrs[NL80211_ATTR_MAC]) 1533 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1534 1535 rtnl_lock(); 1536 1537 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1538 if (err) 1539 goto unlock_rtnl; 1540 1541 if (!rdev->ops->add_key) { 1542 err = -EOPNOTSUPP; 1543 goto out; 1544 } 1545 1546 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) { 1547 err = -EINVAL; 1548 goto out; 1549 } 1550 1551 wdev_lock(dev->ieee80211_ptr); 1552 err = nl80211_key_allowed(dev->ieee80211_ptr); 1553 if (!err) 1554 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 1555 mac_addr, &key.p); 1556 wdev_unlock(dev->ieee80211_ptr); 1557 1558 out: 1559 cfg80211_unlock_rdev(rdev); 1560 dev_put(dev); 1561 unlock_rtnl: 1562 rtnl_unlock(); 1563 1564 return err; 1565} 1566 1567static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 1568{ 1569 struct cfg80211_registered_device *rdev; 1570 int err; 1571 struct net_device *dev; 1572 u8 *mac_addr = NULL; 1573 struct key_parse key; 1574 1575 err = nl80211_parse_key(info, &key); 1576 if (err) 1577 return err; 1578 1579 if (info->attrs[NL80211_ATTR_MAC]) 1580 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1581 1582 rtnl_lock(); 1583 1584 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1585 if (err) 1586 goto unlock_rtnl; 1587 1588 if (!rdev->ops->del_key) { 1589 err = -EOPNOTSUPP; 1590 goto out; 1591 } 1592 1593 wdev_lock(dev->ieee80211_ptr); 1594 err = nl80211_key_allowed(dev->ieee80211_ptr); 1595 if (!err) 1596 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1597 1598#ifdef CONFIG_CFG80211_WEXT 1599 if (!err) { 1600 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1601 dev->ieee80211_ptr->wext.default_key = -1; 1602 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 1603 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 1604 } 1605#endif 1606 wdev_unlock(dev->ieee80211_ptr); 1607 1608 out: 1609 cfg80211_unlock_rdev(rdev); 1610 dev_put(dev); 1611 1612 unlock_rtnl: 1613 rtnl_unlock(); 1614 1615 return err; 1616} 1617 1618static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info) 1619{ 1620 int (*call)(struct wiphy *wiphy, struct net_device *dev, 1621 struct beacon_parameters *info); 1622 struct cfg80211_registered_device *rdev; 1623 int err; 1624 struct net_device *dev; 1625 struct beacon_parameters params; 1626 int haveinfo = 0; 1627 1628 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL])) 1629 return -EINVAL; 1630 1631 rtnl_lock(); 1632 1633 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1634 if (err) 1635 goto unlock_rtnl; 1636 1637 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1638 err = -EOPNOTSUPP; 1639 goto out; 1640 } 1641 1642 switch (info->genlhdr->cmd) { 1643 case NL80211_CMD_NEW_BEACON: 1644 /* these are required for NEW_BEACON */ 1645 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 1646 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 1647 !info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1648 err = -EINVAL; 1649 goto out; 1650 } 1651 1652 call = rdev->ops->add_beacon; 1653 break; 1654 case NL80211_CMD_SET_BEACON: 1655 call = rdev->ops->set_beacon; 1656 break; 1657 default: 1658 WARN_ON(1); 1659 err = -EOPNOTSUPP; 1660 goto out; 1661 } 1662 1663 if (!call) { 1664 err = -EOPNOTSUPP; 1665 goto out; 1666 } 1667 1668 memset(¶ms, 0, sizeof(params)); 1669 1670 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 1671 params.interval = 1672 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 1673 haveinfo = 1; 1674 } 1675 1676 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 1677 params.dtim_period = 1678 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 1679 haveinfo = 1; 1680 } 1681 1682 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1683 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1684 params.head_len = 1685 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1686 haveinfo = 1; 1687 } 1688 1689 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 1690 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1691 params.tail_len = 1692 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1693 haveinfo = 1; 1694 } 1695 1696 if (!haveinfo) { 1697 err = -EINVAL; 1698 goto out; 1699 } 1700 1701 err = call(&rdev->wiphy, dev, ¶ms); 1702 1703 out: 1704 cfg80211_unlock_rdev(rdev); 1705 dev_put(dev); 1706 unlock_rtnl: 1707 rtnl_unlock(); 1708 1709 return err; 1710} 1711 1712static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info) 1713{ 1714 struct cfg80211_registered_device *rdev; 1715 int err; 1716 struct net_device *dev; 1717 1718 rtnl_lock(); 1719 1720 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1721 if (err) 1722 goto unlock_rtnl; 1723 1724 if (!rdev->ops->del_beacon) { 1725 err = -EOPNOTSUPP; 1726 goto out; 1727 } 1728 1729 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1730 err = -EOPNOTSUPP; 1731 goto out; 1732 } 1733 err = rdev->ops->del_beacon(&rdev->wiphy, dev); 1734 1735 out: 1736 cfg80211_unlock_rdev(rdev); 1737 dev_put(dev); 1738 unlock_rtnl: 1739 rtnl_unlock(); 1740 1741 return err; 1742} 1743 1744static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 1745 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 1746 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1747 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1748 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1749}; 1750 1751static int parse_station_flags(struct genl_info *info, 1752 struct station_parameters *params) 1753{ 1754 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 1755 struct nlattr *nla; 1756 int flag; 1757 1758 /* 1759 * Try parsing the new attribute first so userspace 1760 * can specify both for older kernels. 1761 */ 1762 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 1763 if (nla) { 1764 struct nl80211_sta_flag_update *sta_flags; 1765 1766 sta_flags = nla_data(nla); 1767 params->sta_flags_mask = sta_flags->mask; 1768 params->sta_flags_set = sta_flags->set; 1769 if ((params->sta_flags_mask | 1770 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 1771 return -EINVAL; 1772 return 0; 1773 } 1774 1775 /* if present, parse the old attribute */ 1776 1777 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 1778 if (!nla) 1779 return 0; 1780 1781 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 1782 nla, sta_flags_policy)) 1783 return -EINVAL; 1784 1785 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; 1786 params->sta_flags_mask &= ~1; 1787 1788 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 1789 if (flags[flag]) 1790 params->sta_flags_set |= (1<<flag); 1791 1792 return 0; 1793} 1794 1795static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1796 int flags, struct net_device *dev, 1797 const u8 *mac_addr, struct station_info *sinfo) 1798{ 1799 void *hdr; 1800 struct nlattr *sinfoattr, *txrate; 1801 u16 bitrate; 1802 1803 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 1804 if (!hdr) 1805 return -1; 1806 1807 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1808 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1809 1810 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 1811 1812 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 1813 if (!sinfoattr) 1814 goto nla_put_failure; 1815 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 1816 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 1817 sinfo->inactive_time); 1818 if (sinfo->filled & STATION_INFO_RX_BYTES) 1819 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 1820 sinfo->rx_bytes); 1821 if (sinfo->filled & STATION_INFO_TX_BYTES) 1822 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 1823 sinfo->tx_bytes); 1824 if (sinfo->filled & STATION_INFO_LLID) 1825 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 1826 sinfo->llid); 1827 if (sinfo->filled & STATION_INFO_PLID) 1828 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 1829 sinfo->plid); 1830 if (sinfo->filled & STATION_INFO_PLINK_STATE) 1831 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 1832 sinfo->plink_state); 1833 if (sinfo->filled & STATION_INFO_SIGNAL) 1834 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 1835 sinfo->signal); 1836 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 1837 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE); 1838 if (!txrate) 1839 goto nla_put_failure; 1840 1841 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 1842 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate); 1843 if (bitrate > 0) 1844 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1845 1846 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS) 1847 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, 1848 sinfo->txrate.mcs); 1849 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 1850 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 1851 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI) 1852 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 1853 1854 nla_nest_end(msg, txrate); 1855 } 1856 if (sinfo->filled & STATION_INFO_RX_PACKETS) 1857 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 1858 sinfo->rx_packets); 1859 if (sinfo->filled & STATION_INFO_TX_PACKETS) 1860 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 1861 sinfo->tx_packets); 1862 nla_nest_end(msg, sinfoattr); 1863 1864 return genlmsg_end(msg, hdr); 1865 1866 nla_put_failure: 1867 genlmsg_cancel(msg, hdr); 1868 return -EMSGSIZE; 1869} 1870 1871static int nl80211_dump_station(struct sk_buff *skb, 1872 struct netlink_callback *cb) 1873{ 1874 struct station_info sinfo; 1875 struct cfg80211_registered_device *dev; 1876 struct net_device *netdev; 1877 u8 mac_addr[ETH_ALEN]; 1878 int ifidx = cb->args[0]; 1879 int sta_idx = cb->args[1]; 1880 int err; 1881 1882 if (!ifidx) 1883 ifidx = nl80211_get_ifidx(cb); 1884 if (ifidx < 0) 1885 return ifidx; 1886 1887 rtnl_lock(); 1888 1889 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1890 if (!netdev) { 1891 err = -ENODEV; 1892 goto out_rtnl; 1893 } 1894 1895 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 1896 if (IS_ERR(dev)) { 1897 err = PTR_ERR(dev); 1898 goto out_rtnl; 1899 } 1900 1901 if (!dev->ops->dump_station) { 1902 err = -EOPNOTSUPP; 1903 goto out_err; 1904 } 1905 1906 while (1) { 1907 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 1908 mac_addr, &sinfo); 1909 if (err == -ENOENT) 1910 break; 1911 if (err) 1912 goto out_err; 1913 1914 if (nl80211_send_station(skb, 1915 NETLINK_CB(cb->skb).pid, 1916 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1917 netdev, mac_addr, 1918 &sinfo) < 0) 1919 goto out; 1920 1921 sta_idx++; 1922 } 1923 1924 1925 out: 1926 cb->args[1] = sta_idx; 1927 err = skb->len; 1928 out_err: 1929 cfg80211_unlock_rdev(dev); 1930 out_rtnl: 1931 rtnl_unlock(); 1932 1933 return err; 1934} 1935 1936static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1937{ 1938 struct cfg80211_registered_device *rdev; 1939 int err; 1940 struct net_device *dev; 1941 struct station_info sinfo; 1942 struct sk_buff *msg; 1943 u8 *mac_addr = NULL; 1944 1945 memset(&sinfo, 0, sizeof(sinfo)); 1946 1947 if (!info->attrs[NL80211_ATTR_MAC]) 1948 return -EINVAL; 1949 1950 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1951 1952 rtnl_lock(); 1953 1954 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1955 if (err) 1956 goto out_rtnl; 1957 1958 if (!rdev->ops->get_station) { 1959 err = -EOPNOTSUPP; 1960 goto out; 1961 } 1962 1963 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 1964 if (err) 1965 goto out; 1966 1967 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1968 if (!msg) 1969 goto out; 1970 1971 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 1972 dev, mac_addr, &sinfo) < 0) 1973 goto out_free; 1974 1975 err = genlmsg_reply(msg, info); 1976 goto out; 1977 1978 out_free: 1979 nlmsg_free(msg); 1980 out: 1981 cfg80211_unlock_rdev(rdev); 1982 dev_put(dev); 1983 out_rtnl: 1984 rtnl_unlock(); 1985 1986 return err; 1987} 1988 1989/* 1990 * Get vlan interface making sure it is running and on the right wiphy. 1991 */ 1992static int get_vlan(struct genl_info *info, 1993 struct cfg80211_registered_device *rdev, 1994 struct net_device **vlan) 1995{ 1996 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 1997 *vlan = NULL; 1998 1999 if (vlanattr) { 2000 *vlan = dev_get_by_index(genl_info_net(info), 2001 nla_get_u32(vlanattr)); 2002 if (!*vlan) 2003 return -ENODEV; 2004 if (!(*vlan)->ieee80211_ptr) 2005 return -EINVAL; 2006 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 2007 return -EINVAL; 2008 if (!netif_running(*vlan)) 2009 return -ENETDOWN; 2010 } 2011 return 0; 2012} 2013 2014static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 2015{ 2016 struct cfg80211_registered_device *rdev; 2017 int err; 2018 struct net_device *dev; 2019 struct station_parameters params; 2020 u8 *mac_addr = NULL; 2021 2022 memset(¶ms, 0, sizeof(params)); 2023 2024 params.listen_interval = -1; 2025 2026 if (info->attrs[NL80211_ATTR_STA_AID]) 2027 return -EINVAL; 2028 2029 if (!info->attrs[NL80211_ATTR_MAC]) 2030 return -EINVAL; 2031 2032 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2033 2034 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2035 params.supported_rates = 2036 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2037 params.supported_rates_len = 2038 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2039 } 2040 2041 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2042 params.listen_interval = 2043 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2044 2045 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2046 params.ht_capa = 2047 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2048 2049 if (parse_station_flags(info, ¶ms)) 2050 return -EINVAL; 2051 2052 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2053 params.plink_action = 2054 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2055 2056 rtnl_lock(); 2057 2058 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2059 if (err) 2060 goto out_rtnl; 2061 2062 err = get_vlan(info, rdev, ¶ms.vlan); 2063 if (err) 2064 goto out; 2065 2066 /* validate settings */ 2067 err = 0; 2068 2069 switch (dev->ieee80211_ptr->iftype) { 2070 case NL80211_IFTYPE_AP: 2071 case NL80211_IFTYPE_AP_VLAN: 2072 /* disallow mesh-specific things */ 2073 if (params.plink_action) 2074 err = -EINVAL; 2075 break; 2076 case NL80211_IFTYPE_STATION: 2077 /* disallow everything but AUTHORIZED flag */ 2078 if (params.plink_action) 2079 err = -EINVAL; 2080 if (params.vlan) 2081 err = -EINVAL; 2082 if (params.supported_rates) 2083 err = -EINVAL; 2084 if (params.ht_capa) 2085 err = -EINVAL; 2086 if (params.listen_interval >= 0) 2087 err = -EINVAL; 2088 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2089 err = -EINVAL; 2090 break; 2091 case NL80211_IFTYPE_MESH_POINT: 2092 /* disallow things mesh doesn't support */ 2093 if (params.vlan) 2094 err = -EINVAL; 2095 if (params.ht_capa) 2096 err = -EINVAL; 2097 if (params.listen_interval >= 0) 2098 err = -EINVAL; 2099 if (params.supported_rates) 2100 err = -EINVAL; 2101 if (params.sta_flags_mask) 2102 err = -EINVAL; 2103 break; 2104 default: 2105 err = -EINVAL; 2106 } 2107 2108 if (err) 2109 goto out; 2110 2111 if (!rdev->ops->change_station) { 2112 err = -EOPNOTSUPP; 2113 goto out; 2114 } 2115 2116 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2117 2118 out: 2119 if (params.vlan) 2120 dev_put(params.vlan); 2121 cfg80211_unlock_rdev(rdev); 2122 dev_put(dev); 2123 out_rtnl: 2124 rtnl_unlock(); 2125 2126 return err; 2127} 2128 2129static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2130{ 2131 struct cfg80211_registered_device *rdev; 2132 int err; 2133 struct net_device *dev; 2134 struct station_parameters params; 2135 u8 *mac_addr = NULL; 2136 2137 memset(¶ms, 0, sizeof(params)); 2138 2139 if (!info->attrs[NL80211_ATTR_MAC]) 2140 return -EINVAL; 2141 2142 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2143 return -EINVAL; 2144 2145 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2146 return -EINVAL; 2147 2148 if (!info->attrs[NL80211_ATTR_STA_AID]) 2149 return -EINVAL; 2150 2151 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2152 params.supported_rates = 2153 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2154 params.supported_rates_len = 2155 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2156 params.listen_interval = 2157 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2158 2159 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2160 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2161 return -EINVAL; 2162 2163 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2164 params.ht_capa = 2165 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2166 2167 if (parse_station_flags(info, ¶ms)) 2168 return -EINVAL; 2169 2170 rtnl_lock(); 2171 2172 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2173 if (err) 2174 goto out_rtnl; 2175 2176 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2177 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2178 err = -EINVAL; 2179 goto out; 2180 } 2181 2182 err = get_vlan(info, rdev, ¶ms.vlan); 2183 if (err) 2184 goto out; 2185 2186 /* validate settings */ 2187 err = 0; 2188 2189 if (!rdev->ops->add_station) { 2190 err = -EOPNOTSUPP; 2191 goto out; 2192 } 2193 2194 if (!netif_running(dev)) { 2195 err = -ENETDOWN; 2196 goto out; 2197 } 2198 2199 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2200 2201 out: 2202 if (params.vlan) 2203 dev_put(params.vlan); 2204 cfg80211_unlock_rdev(rdev); 2205 dev_put(dev); 2206 out_rtnl: 2207 rtnl_unlock(); 2208 2209 return err; 2210} 2211 2212static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2213{ 2214 struct cfg80211_registered_device *rdev; 2215 int err; 2216 struct net_device *dev; 2217 u8 *mac_addr = NULL; 2218 2219 if (info->attrs[NL80211_ATTR_MAC]) 2220 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2221 2222 rtnl_lock(); 2223 2224 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2225 if (err) 2226 goto out_rtnl; 2227 2228 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2229 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2230 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2231 err = -EINVAL; 2232 goto out; 2233 } 2234 2235 if (!rdev->ops->del_station) { 2236 err = -EOPNOTSUPP; 2237 goto out; 2238 } 2239 2240 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2241 2242 out: 2243 cfg80211_unlock_rdev(rdev); 2244 dev_put(dev); 2245 out_rtnl: 2246 rtnl_unlock(); 2247 2248 return err; 2249} 2250 2251static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2252 int flags, struct net_device *dev, 2253 u8 *dst, u8 *next_hop, 2254 struct mpath_info *pinfo) 2255{ 2256 void *hdr; 2257 struct nlattr *pinfoattr; 2258 2259 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2260 if (!hdr) 2261 return -1; 2262 2263 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2264 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2265 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2266 2267 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2268 2269 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2270 if (!pinfoattr) 2271 goto nla_put_failure; 2272 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2273 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2274 pinfo->frame_qlen); 2275 if (pinfo->filled & MPATH_INFO_SN) 2276 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2277 pinfo->sn); 2278 if (pinfo->filled & MPATH_INFO_METRIC) 2279 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2280 pinfo->metric); 2281 if (pinfo->filled & MPATH_INFO_EXPTIME) 2282 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2283 pinfo->exptime); 2284 if (pinfo->filled & MPATH_INFO_FLAGS) 2285 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2286 pinfo->flags); 2287 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2288 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2289 pinfo->discovery_timeout); 2290 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2291 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2292 pinfo->discovery_retries); 2293 2294 nla_nest_end(msg, pinfoattr); 2295 2296 return genlmsg_end(msg, hdr); 2297 2298 nla_put_failure: 2299 genlmsg_cancel(msg, hdr); 2300 return -EMSGSIZE; 2301} 2302 2303static int nl80211_dump_mpath(struct sk_buff *skb, 2304 struct netlink_callback *cb) 2305{ 2306 struct mpath_info pinfo; 2307 struct cfg80211_registered_device *dev; 2308 struct net_device *netdev; 2309 u8 dst[ETH_ALEN]; 2310 u8 next_hop[ETH_ALEN]; 2311 int ifidx = cb->args[0]; 2312 int path_idx = cb->args[1]; 2313 int err; 2314 2315 if (!ifidx) 2316 ifidx = nl80211_get_ifidx(cb); 2317 if (ifidx < 0) 2318 return ifidx; 2319 2320 rtnl_lock(); 2321 2322 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2323 if (!netdev) { 2324 err = -ENODEV; 2325 goto out_rtnl; 2326 } 2327 2328 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 2329 if (IS_ERR(dev)) { 2330 err = PTR_ERR(dev); 2331 goto out_rtnl; 2332 } 2333 2334 if (!dev->ops->dump_mpath) { 2335 err = -EOPNOTSUPP; 2336 goto out_err; 2337 } 2338 2339 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2340 err = -EOPNOTSUPP; 2341 goto out_err; 2342 } 2343 2344 while (1) { 2345 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2346 dst, next_hop, &pinfo); 2347 if (err == -ENOENT) 2348 break; 2349 if (err) 2350 goto out_err; 2351 2352 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2353 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2354 netdev, dst, next_hop, 2355 &pinfo) < 0) 2356 goto out; 2357 2358 path_idx++; 2359 } 2360 2361 2362 out: 2363 cb->args[1] = path_idx; 2364 err = skb->len; 2365 out_err: 2366 cfg80211_unlock_rdev(dev); 2367 out_rtnl: 2368 rtnl_unlock(); 2369 2370 return err; 2371} 2372 2373static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 2374{ 2375 struct cfg80211_registered_device *rdev; 2376 int err; 2377 struct net_device *dev; 2378 struct mpath_info pinfo; 2379 struct sk_buff *msg; 2380 u8 *dst = NULL; 2381 u8 next_hop[ETH_ALEN]; 2382 2383 memset(&pinfo, 0, sizeof(pinfo)); 2384 2385 if (!info->attrs[NL80211_ATTR_MAC]) 2386 return -EINVAL; 2387 2388 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2389 2390 rtnl_lock(); 2391 2392 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2393 if (err) 2394 goto out_rtnl; 2395 2396 if (!rdev->ops->get_mpath) { 2397 err = -EOPNOTSUPP; 2398 goto out; 2399 } 2400 2401 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2402 err = -EOPNOTSUPP; 2403 goto out; 2404 } 2405 2406 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 2407 if (err) 2408 goto out; 2409 2410 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2411 if (!msg) 2412 goto out; 2413 2414 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 2415 dev, dst, next_hop, &pinfo) < 0) 2416 goto out_free; 2417 2418 err = genlmsg_reply(msg, info); 2419 goto out; 2420 2421 out_free: 2422 nlmsg_free(msg); 2423 out: 2424 cfg80211_unlock_rdev(rdev); 2425 dev_put(dev); 2426 out_rtnl: 2427 rtnl_unlock(); 2428 2429 return err; 2430} 2431 2432static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 2433{ 2434 struct cfg80211_registered_device *rdev; 2435 int err; 2436 struct net_device *dev; 2437 u8 *dst = NULL; 2438 u8 *next_hop = NULL; 2439 2440 if (!info->attrs[NL80211_ATTR_MAC]) 2441 return -EINVAL; 2442 2443 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2444 return -EINVAL; 2445 2446 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2447 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2448 2449 rtnl_lock(); 2450 2451 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2452 if (err) 2453 goto out_rtnl; 2454 2455 if (!rdev->ops->change_mpath) { 2456 err = -EOPNOTSUPP; 2457 goto out; 2458 } 2459 2460 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2461 err = -EOPNOTSUPP; 2462 goto out; 2463 } 2464 2465 if (!netif_running(dev)) { 2466 err = -ENETDOWN; 2467 goto out; 2468 } 2469 2470 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 2471 2472 out: 2473 cfg80211_unlock_rdev(rdev); 2474 dev_put(dev); 2475 out_rtnl: 2476 rtnl_unlock(); 2477 2478 return err; 2479} 2480static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 2481{ 2482 struct cfg80211_registered_device *rdev; 2483 int err; 2484 struct net_device *dev; 2485 u8 *dst = NULL; 2486 u8 *next_hop = NULL; 2487 2488 if (!info->attrs[NL80211_ATTR_MAC]) 2489 return -EINVAL; 2490 2491 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2492 return -EINVAL; 2493 2494 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2495 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2496 2497 rtnl_lock(); 2498 2499 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2500 if (err) 2501 goto out_rtnl; 2502 2503 if (!rdev->ops->add_mpath) { 2504 err = -EOPNOTSUPP; 2505 goto out; 2506 } 2507 2508 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2509 err = -EOPNOTSUPP; 2510 goto out; 2511 } 2512 2513 if (!netif_running(dev)) { 2514 err = -ENETDOWN; 2515 goto out; 2516 } 2517 2518 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 2519 2520 out: 2521 cfg80211_unlock_rdev(rdev); 2522 dev_put(dev); 2523 out_rtnl: 2524 rtnl_unlock(); 2525 2526 return err; 2527} 2528 2529static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 2530{ 2531 struct cfg80211_registered_device *rdev; 2532 int err; 2533 struct net_device *dev; 2534 u8 *dst = NULL; 2535 2536 if (info->attrs[NL80211_ATTR_MAC]) 2537 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2538 2539 rtnl_lock(); 2540 2541 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2542 if (err) 2543 goto out_rtnl; 2544 2545 if (!rdev->ops->del_mpath) { 2546 err = -EOPNOTSUPP; 2547 goto out; 2548 } 2549 2550 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 2551 2552 out: 2553 cfg80211_unlock_rdev(rdev); 2554 dev_put(dev); 2555 out_rtnl: 2556 rtnl_unlock(); 2557 2558 return err; 2559} 2560 2561static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 2562{ 2563 struct cfg80211_registered_device *rdev; 2564 int err; 2565 struct net_device *dev; 2566 struct bss_parameters params; 2567 2568 memset(¶ms, 0, sizeof(params)); 2569 /* default to not changing parameters */ 2570 params.use_cts_prot = -1; 2571 params.use_short_preamble = -1; 2572 params.use_short_slot_time = -1; 2573 params.ap_isolate = -1; 2574 2575 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 2576 params.use_cts_prot = 2577 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 2578 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 2579 params.use_short_preamble = 2580 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 2581 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 2582 params.use_short_slot_time = 2583 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 2584 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 2585 params.basic_rates = 2586 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2587 params.basic_rates_len = 2588 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2589 } 2590 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 2591 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 2592 2593 rtnl_lock(); 2594 2595 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2596 if (err) 2597 goto out_rtnl; 2598 2599 if (!rdev->ops->change_bss) { 2600 err = -EOPNOTSUPP; 2601 goto out; 2602 } 2603 2604 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 2605 err = -EOPNOTSUPP; 2606 goto out; 2607 } 2608 2609 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 2610 2611 out: 2612 cfg80211_unlock_rdev(rdev); 2613 dev_put(dev); 2614 out_rtnl: 2615 rtnl_unlock(); 2616 2617 return err; 2618} 2619 2620static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 2621 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2622 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2623 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2624 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 2625 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 2626 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 2627}; 2628 2629static int parse_reg_rule(struct nlattr *tb[], 2630 struct ieee80211_reg_rule *reg_rule) 2631{ 2632 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 2633 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 2634 2635 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 2636 return -EINVAL; 2637 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 2638 return -EINVAL; 2639 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 2640 return -EINVAL; 2641 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 2642 return -EINVAL; 2643 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 2644 return -EINVAL; 2645 2646 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 2647 2648 freq_range->start_freq_khz = 2649 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 2650 freq_range->end_freq_khz = 2651 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 2652 freq_range->max_bandwidth_khz = 2653 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 2654 2655 power_rule->max_eirp = 2656 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 2657 2658 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 2659 power_rule->max_antenna_gain = 2660 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 2661 2662 return 0; 2663} 2664 2665static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 2666{ 2667 int r; 2668 char *data = NULL; 2669 2670 /* 2671 * You should only get this when cfg80211 hasn't yet initialized 2672 * completely when built-in to the kernel right between the time 2673 * window between nl80211_init() and regulatory_init(), if that is 2674 * even possible. 2675 */ 2676 mutex_lock(&cfg80211_mutex); 2677 if (unlikely(!cfg80211_regdomain)) { 2678 mutex_unlock(&cfg80211_mutex); 2679 return -EINPROGRESS; 2680 } 2681 mutex_unlock(&cfg80211_mutex); 2682 2683 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2684 return -EINVAL; 2685 2686 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2687 2688 r = regulatory_hint_user(data); 2689 2690 return r; 2691} 2692 2693static int nl80211_get_mesh_params(struct sk_buff *skb, 2694 struct genl_info *info) 2695{ 2696 struct cfg80211_registered_device *rdev; 2697 struct mesh_config cur_params; 2698 int err; 2699 struct net_device *dev; 2700 void *hdr; 2701 struct nlattr *pinfoattr; 2702 struct sk_buff *msg; 2703 2704 rtnl_lock(); 2705 2706 /* Look up our device */ 2707 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2708 if (err) 2709 goto out_rtnl; 2710 2711 if (!rdev->ops->get_mesh_params) { 2712 err = -EOPNOTSUPP; 2713 goto out; 2714 } 2715 2716 /* Get the mesh params */ 2717 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params); 2718 if (err) 2719 goto out; 2720 2721 /* Draw up a netlink message to send back */ 2722 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2723 if (!msg) { 2724 err = -ENOBUFS; 2725 goto out; 2726 } 2727 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2728 NL80211_CMD_GET_MESH_PARAMS); 2729 if (!hdr) 2730 goto nla_put_failure; 2731 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS); 2732 if (!pinfoattr) 2733 goto nla_put_failure; 2734 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2735 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 2736 cur_params.dot11MeshRetryTimeout); 2737 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 2738 cur_params.dot11MeshConfirmTimeout); 2739 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 2740 cur_params.dot11MeshHoldingTimeout); 2741 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 2742 cur_params.dot11MeshMaxPeerLinks); 2743 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 2744 cur_params.dot11MeshMaxRetries); 2745 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 2746 cur_params.dot11MeshTTL); 2747 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 2748 cur_params.auto_open_plinks); 2749 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2750 cur_params.dot11MeshHWMPmaxPREQretries); 2751 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 2752 cur_params.path_refresh_time); 2753 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2754 cur_params.min_discovery_timeout); 2755 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2756 cur_params.dot11MeshHWMPactivePathTimeout); 2757 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2758 cur_params.dot11MeshHWMPpreqMinInterval); 2759 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2760 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2761 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 2762 cur_params.dot11MeshHWMPRootMode); 2763 nla_nest_end(msg, pinfoattr); 2764 genlmsg_end(msg, hdr); 2765 err = genlmsg_reply(msg, info); 2766 goto out; 2767 2768 nla_put_failure: 2769 genlmsg_cancel(msg, hdr); 2770 nlmsg_free(msg); 2771 err = -EMSGSIZE; 2772 out: 2773 /* Cleanup */ 2774 cfg80211_unlock_rdev(rdev); 2775 dev_put(dev); 2776 out_rtnl: 2777 rtnl_unlock(); 2778 2779 return err; 2780} 2781 2782#define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 2783do {\ 2784 if (table[attr_num]) {\ 2785 cfg.param = nla_fn(table[attr_num]); \ 2786 mask |= (1 << (attr_num - 1)); \ 2787 } \ 2788} while (0);\ 2789 2790static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 2791 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2792 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2793 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2794 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 2795 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 2796 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 2797 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 2798 2799 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 2800 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 2801 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 2802 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 2803 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 2804 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 2805}; 2806 2807static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info) 2808{ 2809 int err; 2810 u32 mask; 2811 struct cfg80211_registered_device *rdev; 2812 struct net_device *dev; 2813 struct mesh_config cfg; 2814 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 2815 struct nlattr *parent_attr; 2816 2817 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS]; 2818 if (!parent_attr) 2819 return -EINVAL; 2820 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 2821 parent_attr, nl80211_meshconf_params_policy)) 2822 return -EINVAL; 2823 2824 rtnl_lock(); 2825 2826 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2827 if (err) 2828 goto out_rtnl; 2829 2830 if (!rdev->ops->set_mesh_params) { 2831 err = -EOPNOTSUPP; 2832 goto out; 2833 } 2834 2835 /* This makes sure that there aren't more than 32 mesh config 2836 * parameters (otherwise our bitfield scheme would not work.) */ 2837 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2838 2839 /* Fill in the params struct */ 2840 mask = 0; 2841 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 2842 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 2843 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 2844 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 2845 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 2846 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 2847 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 2848 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 2849 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 2850 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 2851 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 2852 mask, NL80211_MESHCONF_TTL, nla_get_u8); 2853 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 2854 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 2855 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 2856 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2857 nla_get_u8); 2858 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 2859 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 2860 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 2861 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2862 nla_get_u16); 2863 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 2864 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2865 nla_get_u32); 2866 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 2867 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2868 nla_get_u16); 2869 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2870 dot11MeshHWMPnetDiameterTraversalTime, 2871 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2872 nla_get_u16); 2873 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2874 dot11MeshHWMPRootMode, mask, 2875 NL80211_MESHCONF_HWMP_ROOTMODE, 2876 nla_get_u8); 2877 2878 /* Apply changes */ 2879 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2880 2881 out: 2882 /* cleanup */ 2883 cfg80211_unlock_rdev(rdev); 2884 dev_put(dev); 2885 out_rtnl: 2886 rtnl_unlock(); 2887 2888 return err; 2889} 2890 2891#undef FILL_IN_MESH_PARAM_IF_SET 2892 2893static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 2894{ 2895 struct sk_buff *msg; 2896 void *hdr = NULL; 2897 struct nlattr *nl_reg_rules; 2898 unsigned int i; 2899 int err = -EINVAL; 2900 2901 mutex_lock(&cfg80211_mutex); 2902 2903 if (!cfg80211_regdomain) 2904 goto out; 2905 2906 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2907 if (!msg) { 2908 err = -ENOBUFS; 2909 goto out; 2910 } 2911 2912 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2913 NL80211_CMD_GET_REG); 2914 if (!hdr) 2915 goto nla_put_failure; 2916 2917 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 2918 cfg80211_regdomain->alpha2); 2919 2920 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 2921 if (!nl_reg_rules) 2922 goto nla_put_failure; 2923 2924 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 2925 struct nlattr *nl_reg_rule; 2926 const struct ieee80211_reg_rule *reg_rule; 2927 const struct ieee80211_freq_range *freq_range; 2928 const struct ieee80211_power_rule *power_rule; 2929 2930 reg_rule = &cfg80211_regdomain->reg_rules[i]; 2931 freq_range = ®_rule->freq_range; 2932 power_rule = ®_rule->power_rule; 2933 2934 nl_reg_rule = nla_nest_start(msg, i); 2935 if (!nl_reg_rule) 2936 goto nla_put_failure; 2937 2938 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 2939 reg_rule->flags); 2940 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 2941 freq_range->start_freq_khz); 2942 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 2943 freq_range->end_freq_khz); 2944 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 2945 freq_range->max_bandwidth_khz); 2946 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 2947 power_rule->max_antenna_gain); 2948 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 2949 power_rule->max_eirp); 2950 2951 nla_nest_end(msg, nl_reg_rule); 2952 } 2953 2954 nla_nest_end(msg, nl_reg_rules); 2955 2956 genlmsg_end(msg, hdr); 2957 err = genlmsg_reply(msg, info); 2958 goto out; 2959 2960nla_put_failure: 2961 genlmsg_cancel(msg, hdr); 2962 nlmsg_free(msg); 2963 err = -EMSGSIZE; 2964out: 2965 mutex_unlock(&cfg80211_mutex); 2966 return err; 2967} 2968 2969static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 2970{ 2971 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 2972 struct nlattr *nl_reg_rule; 2973 char *alpha2 = NULL; 2974 int rem_reg_rules = 0, r = 0; 2975 u32 num_rules = 0, rule_idx = 0, size_of_regd; 2976 struct ieee80211_regdomain *rd = NULL; 2977 2978 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2979 return -EINVAL; 2980 2981 if (!info->attrs[NL80211_ATTR_REG_RULES]) 2982 return -EINVAL; 2983 2984 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2985 2986 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2987 rem_reg_rules) { 2988 num_rules++; 2989 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 2990 return -EINVAL; 2991 } 2992 2993 mutex_lock(&cfg80211_mutex); 2994 2995 if (!reg_is_valid_request(alpha2)) { 2996 r = -EINVAL; 2997 goto bad_reg; 2998 } 2999 3000 size_of_regd = sizeof(struct ieee80211_regdomain) + 3001 (num_rules * sizeof(struct ieee80211_reg_rule)); 3002 3003 rd = kzalloc(size_of_regd, GFP_KERNEL); 3004 if (!rd) { 3005 r = -ENOMEM; 3006 goto bad_reg; 3007 } 3008 3009 rd->n_reg_rules = num_rules; 3010 rd->alpha2[0] = alpha2[0]; 3011 rd->alpha2[1] = alpha2[1]; 3012 3013 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 3014 rem_reg_rules) { 3015 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 3016 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 3017 reg_rule_policy); 3018 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 3019 if (r) 3020 goto bad_reg; 3021 3022 rule_idx++; 3023 3024 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 3025 r = -EINVAL; 3026 goto bad_reg; 3027 } 3028 } 3029 3030 BUG_ON(rule_idx != num_rules); 3031 3032 r = set_regdom(rd); 3033 3034 mutex_unlock(&cfg80211_mutex); 3035 3036 return r; 3037 3038 bad_reg: 3039 mutex_unlock(&cfg80211_mutex); 3040 kfree(rd); 3041 return r; 3042} 3043 3044static int validate_scan_freqs(struct nlattr *freqs) 3045{ 3046 struct nlattr *attr1, *attr2; 3047 int n_channels = 0, tmp1, tmp2; 3048 3049 nla_for_each_nested(attr1, freqs, tmp1) { 3050 n_channels++; 3051 /* 3052 * Some hardware has a limited channel list for 3053 * scanning, and it is pretty much nonsensical 3054 * to scan for a channel twice, so disallow that 3055 * and don't require drivers to check that the 3056 * channel list they get isn't longer than what 3057 * they can scan, as long as they can scan all 3058 * the channels they registered at once. 3059 */ 3060 nla_for_each_nested(attr2, freqs, tmp2) 3061 if (attr1 != attr2 && 3062 nla_get_u32(attr1) == nla_get_u32(attr2)) 3063 return 0; 3064 } 3065 3066 return n_channels; 3067} 3068 3069static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3070{ 3071 struct cfg80211_registered_device *rdev; 3072 struct net_device *dev; 3073 struct cfg80211_scan_request *request; 3074 struct cfg80211_ssid *ssid; 3075 struct ieee80211_channel *channel; 3076 struct nlattr *attr; 3077 struct wiphy *wiphy; 3078 int err, tmp, n_ssids = 0, n_channels, i; 3079 enum ieee80211_band band; 3080 size_t ie_len; 3081 3082 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3083 return -EINVAL; 3084 3085 rtnl_lock(); 3086 3087 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3088 if (err) 3089 goto out_rtnl; 3090 3091 wiphy = &rdev->wiphy; 3092 3093 if (!rdev->ops->scan) { 3094 err = -EOPNOTSUPP; 3095 goto out; 3096 } 3097 3098 if (!netif_running(dev)) { 3099 err = -ENETDOWN; 3100 goto out; 3101 } 3102 3103 if (rdev->scan_req) { 3104 err = -EBUSY; 3105 goto out; 3106 } 3107 3108 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3109 n_channels = validate_scan_freqs( 3110 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3111 if (!n_channels) { 3112 err = -EINVAL; 3113 goto out; 3114 } 3115 } else { 3116 n_channels = 0; 3117 3118 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3119 if (wiphy->bands[band]) 3120 n_channels += wiphy->bands[band]->n_channels; 3121 } 3122 3123 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3124 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3125 n_ssids++; 3126 3127 if (n_ssids > wiphy->max_scan_ssids) { 3128 err = -EINVAL; 3129 goto out; 3130 } 3131 3132 if (info->attrs[NL80211_ATTR_IE]) 3133 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3134 else 3135 ie_len = 0; 3136 3137 if (ie_len > wiphy->max_scan_ie_len) { 3138 err = -EINVAL; 3139 goto out; 3140 } 3141 3142 request = kzalloc(sizeof(*request) 3143 + sizeof(*ssid) * n_ssids 3144 + sizeof(channel) * n_channels 3145 + ie_len, GFP_KERNEL); 3146 if (!request) { 3147 err = -ENOMEM; 3148 goto out; 3149 } 3150 3151 if (n_ssids) 3152 request->ssids = (void *)&request->channels[n_channels]; 3153 request->n_ssids = n_ssids; 3154 if (ie_len) { 3155 if (request->ssids) 3156 request->ie = (void *)(request->ssids + n_ssids); 3157 else 3158 request->ie = (void *)(request->channels + n_channels); 3159 } 3160 3161 i = 0; 3162 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3163 /* user specified, bail out if channel not found */ 3164 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3165 struct ieee80211_channel *chan; 3166 3167 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3168 3169 if (!chan) { 3170 err = -EINVAL; 3171 goto out_free; 3172 } 3173 3174 /* ignore disabled channels */ 3175 if (chan->flags & IEEE80211_CHAN_DISABLED) 3176 continue; 3177 3178 request->channels[i] = chan; 3179 i++; 3180 } 3181 } else { 3182 /* all channels */ 3183 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3184 int j; 3185 if (!wiphy->bands[band]) 3186 continue; 3187 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3188 struct ieee80211_channel *chan; 3189 3190 chan = &wiphy->bands[band]->channels[j]; 3191 3192 if (chan->flags & IEEE80211_CHAN_DISABLED) 3193 continue; 3194 3195 request->channels[i] = chan; 3196 i++; 3197 } 3198 } 3199 } 3200 3201 if (!i) { 3202 err = -EINVAL; 3203 goto out_free; 3204 } 3205 3206 request->n_channels = i; 3207 3208 i = 0; 3209 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3210 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3211 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3212 err = -EINVAL; 3213 goto out_free; 3214 } 3215 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3216 request->ssids[i].ssid_len = nla_len(attr); 3217 i++; 3218 } 3219 } 3220 3221 if (info->attrs[NL80211_ATTR_IE]) { 3222 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3223 memcpy((void *)request->ie, 3224 nla_data(info->attrs[NL80211_ATTR_IE]), 3225 request->ie_len); 3226 } 3227 3228 request->dev = dev; 3229 request->wiphy = &rdev->wiphy; 3230 3231 rdev->scan_req = request; 3232 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3233 3234 if (!err) { 3235 nl80211_send_scan_start(rdev, dev); 3236 dev_hold(dev); 3237 } 3238 3239 out_free: 3240 if (err) { 3241 rdev->scan_req = NULL; 3242 kfree(request); 3243 } 3244 out: 3245 cfg80211_unlock_rdev(rdev); 3246 dev_put(dev); 3247 out_rtnl: 3248 rtnl_unlock(); 3249 3250 return err; 3251} 3252 3253static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, 3254 struct cfg80211_registered_device *rdev, 3255 struct wireless_dev *wdev, 3256 struct cfg80211_internal_bss *intbss) 3257{ 3258 struct cfg80211_bss *res = &intbss->pub; 3259 void *hdr; 3260 struct nlattr *bss; 3261 int i; 3262 3263 ASSERT_WDEV_LOCK(wdev); 3264 3265 hdr = nl80211hdr_put(msg, pid, seq, flags, 3266 NL80211_CMD_NEW_SCAN_RESULTS); 3267 if (!hdr) 3268 return -1; 3269 3270 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 3271 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 3272 3273 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 3274 if (!bss) 3275 goto nla_put_failure; 3276 if (!is_zero_ether_addr(res->bssid)) 3277 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 3278 if (res->information_elements && res->len_information_elements) 3279 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3280 res->len_information_elements, 3281 res->information_elements); 3282 if (res->beacon_ies && res->len_beacon_ies && 3283 res->beacon_ies != res->information_elements) 3284 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 3285 res->len_beacon_ies, res->beacon_ies); 3286 if (res->tsf) 3287 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3288 if (res->beacon_interval) 3289 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3290 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3291 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3292 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 3293 jiffies_to_msecs(jiffies - intbss->ts)); 3294 3295 switch (rdev->wiphy.signal_type) { 3296 case CFG80211_SIGNAL_TYPE_MBM: 3297 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 3298 break; 3299 case CFG80211_SIGNAL_TYPE_UNSPEC: 3300 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 3301 break; 3302 default: 3303 break; 3304 } 3305 3306 switch (wdev->iftype) { 3307 case NL80211_IFTYPE_STATION: 3308 if (intbss == wdev->current_bss) 3309 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3310 NL80211_BSS_STATUS_ASSOCIATED); 3311 else for (i = 0; i < MAX_AUTH_BSSES; i++) { 3312 if (intbss != wdev->auth_bsses[i]) 3313 continue; 3314 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3315 NL80211_BSS_STATUS_AUTHENTICATED); 3316 break; 3317 } 3318 break; 3319 case NL80211_IFTYPE_ADHOC: 3320 if (intbss == wdev->current_bss) 3321 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3322 NL80211_BSS_STATUS_IBSS_JOINED); 3323 break; 3324 default: 3325 break; 3326 } 3327 3328 nla_nest_end(msg, bss); 3329 3330 return genlmsg_end(msg, hdr); 3331 3332 nla_put_failure: 3333 genlmsg_cancel(msg, hdr); 3334 return -EMSGSIZE; 3335} 3336 3337static int nl80211_dump_scan(struct sk_buff *skb, 3338 struct netlink_callback *cb) 3339{ 3340 struct cfg80211_registered_device *rdev; 3341 struct net_device *dev; 3342 struct cfg80211_internal_bss *scan; 3343 struct wireless_dev *wdev; 3344 int ifidx = cb->args[0]; 3345 int start = cb->args[1], idx = 0; 3346 int err; 3347 3348 if (!ifidx) 3349 ifidx = nl80211_get_ifidx(cb); 3350 if (ifidx < 0) 3351 return ifidx; 3352 cb->args[0] = ifidx; 3353 3354 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3355 if (!dev) 3356 return -ENODEV; 3357 3358 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3359 if (IS_ERR(rdev)) { 3360 err = PTR_ERR(rdev); 3361 goto out_put_netdev; 3362 } 3363 3364 wdev = dev->ieee80211_ptr; 3365 3366 wdev_lock(wdev); 3367 spin_lock_bh(&rdev->bss_lock); 3368 cfg80211_bss_expire(rdev); 3369 3370 list_for_each_entry(scan, &rdev->bss_list, list) { 3371 if (++idx <= start) 3372 continue; 3373 if (nl80211_send_bss(skb, 3374 NETLINK_CB(cb->skb).pid, 3375 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3376 rdev, wdev, scan) < 0) { 3377 idx--; 3378 goto out; 3379 } 3380 } 3381 3382 out: 3383 spin_unlock_bh(&rdev->bss_lock); 3384 wdev_unlock(wdev); 3385 3386 cb->args[1] = idx; 3387 err = skb->len; 3388 cfg80211_unlock_rdev(rdev); 3389 out_put_netdev: 3390 dev_put(dev); 3391 3392 return err; 3393} 3394 3395static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 3396 int flags, struct net_device *dev, 3397 struct survey_info *survey) 3398{ 3399 void *hdr; 3400 struct nlattr *infoattr; 3401 3402 /* Survey without a channel doesn't make sense */ 3403 if (!survey->channel) 3404 return -EINVAL; 3405 3406 hdr = nl80211hdr_put(msg, pid, seq, flags, 3407 NL80211_CMD_NEW_SURVEY_RESULTS); 3408 if (!hdr) 3409 return -ENOMEM; 3410 3411 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3412 3413 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 3414 if (!infoattr) 3415 goto nla_put_failure; 3416 3417 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 3418 survey->channel->center_freq); 3419 if (survey->filled & SURVEY_INFO_NOISE_DBM) 3420 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 3421 survey->noise); 3422 3423 nla_nest_end(msg, infoattr); 3424 3425 return genlmsg_end(msg, hdr); 3426 3427 nla_put_failure: 3428 genlmsg_cancel(msg, hdr); 3429 return -EMSGSIZE; 3430} 3431 3432static int nl80211_dump_survey(struct sk_buff *skb, 3433 struct netlink_callback *cb) 3434{ 3435 struct survey_info survey; 3436 struct cfg80211_registered_device *dev; 3437 struct net_device *netdev; 3438 int ifidx = cb->args[0]; 3439 int survey_idx = cb->args[1]; 3440 int res; 3441 3442 if (!ifidx) 3443 ifidx = nl80211_get_ifidx(cb); 3444 if (ifidx < 0) 3445 return ifidx; 3446 cb->args[0] = ifidx; 3447 3448 rtnl_lock(); 3449 3450 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3451 if (!netdev) { 3452 res = -ENODEV; 3453 goto out_rtnl; 3454 } 3455 3456 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3457 if (IS_ERR(dev)) { 3458 res = PTR_ERR(dev); 3459 goto out_rtnl; 3460 } 3461 3462 if (!dev->ops->dump_survey) { 3463 res = -EOPNOTSUPP; 3464 goto out_err; 3465 } 3466 3467 while (1) { 3468 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 3469 &survey); 3470 if (res == -ENOENT) 3471 break; 3472 if (res) 3473 goto out_err; 3474 3475 if (nl80211_send_survey(skb, 3476 NETLINK_CB(cb->skb).pid, 3477 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3478 netdev, 3479 &survey) < 0) 3480 goto out; 3481 survey_idx++; 3482 } 3483 3484 out: 3485 cb->args[1] = survey_idx; 3486 res = skb->len; 3487 out_err: 3488 cfg80211_unlock_rdev(dev); 3489 out_rtnl: 3490 rtnl_unlock(); 3491 3492 return res; 3493} 3494 3495static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3496{ 3497 return auth_type <= NL80211_AUTHTYPE_MAX; 3498} 3499 3500static bool nl80211_valid_wpa_versions(u32 wpa_versions) 3501{ 3502 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 3503 NL80211_WPA_VERSION_2)); 3504} 3505 3506static bool nl80211_valid_akm_suite(u32 akm) 3507{ 3508 return akm == WLAN_AKM_SUITE_8021X || 3509 akm == WLAN_AKM_SUITE_PSK; 3510} 3511 3512static bool nl80211_valid_cipher_suite(u32 cipher) 3513{ 3514 return cipher == WLAN_CIPHER_SUITE_WEP40 || 3515 cipher == WLAN_CIPHER_SUITE_WEP104 || 3516 cipher == WLAN_CIPHER_SUITE_TKIP || 3517 cipher == WLAN_CIPHER_SUITE_CCMP || 3518 cipher == WLAN_CIPHER_SUITE_AES_CMAC; 3519} 3520 3521 3522static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 3523{ 3524 struct cfg80211_registered_device *rdev; 3525 struct net_device *dev; 3526 struct ieee80211_channel *chan; 3527 const u8 *bssid, *ssid, *ie = NULL; 3528 int err, ssid_len, ie_len = 0; 3529 enum nl80211_auth_type auth_type; 3530 struct key_parse key; 3531 bool local_state_change; 3532 3533 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3534 return -EINVAL; 3535 3536 if (!info->attrs[NL80211_ATTR_MAC]) 3537 return -EINVAL; 3538 3539 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 3540 return -EINVAL; 3541 3542 if (!info->attrs[NL80211_ATTR_SSID]) 3543 return -EINVAL; 3544 3545 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3546 return -EINVAL; 3547 3548 err = nl80211_parse_key(info, &key); 3549 if (err) 3550 return err; 3551 3552 if (key.idx >= 0) { 3553 if (!key.p.key || !key.p.key_len) 3554 return -EINVAL; 3555 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 3556 key.p.key_len != WLAN_KEY_LEN_WEP40) && 3557 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 3558 key.p.key_len != WLAN_KEY_LEN_WEP104)) 3559 return -EINVAL; 3560 if (key.idx > 4) 3561 return -EINVAL; 3562 } else { 3563 key.p.key_len = 0; 3564 key.p.key = NULL; 3565 } 3566 3567 rtnl_lock(); 3568 3569 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3570 if (err) 3571 goto unlock_rtnl; 3572 3573 if (!rdev->ops->auth) { 3574 err = -EOPNOTSUPP; 3575 goto out; 3576 } 3577 3578 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3579 err = -EOPNOTSUPP; 3580 goto out; 3581 } 3582 3583 if (!netif_running(dev)) { 3584 err = -ENETDOWN; 3585 goto out; 3586 } 3587 3588 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3589 chan = ieee80211_get_channel(&rdev->wiphy, 3590 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3591 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3592 err = -EINVAL; 3593 goto out; 3594 } 3595 3596 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3597 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3598 3599 if (info->attrs[NL80211_ATTR_IE]) { 3600 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3601 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3602 } 3603 3604 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 3605 if (!nl80211_valid_auth_type(auth_type)) { 3606 err = -EINVAL; 3607 goto out; 3608 } 3609 3610 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3611 3612 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 3613 ssid, ssid_len, ie, ie_len, 3614 key.p.key, key.p.key_len, key.idx, 3615 local_state_change); 3616 3617out: 3618 cfg80211_unlock_rdev(rdev); 3619 dev_put(dev); 3620unlock_rtnl: 3621 rtnl_unlock(); 3622 return err; 3623} 3624 3625static int nl80211_crypto_settings(struct genl_info *info, 3626 struct cfg80211_crypto_settings *settings, 3627 int cipher_limit) 3628{ 3629 memset(settings, 0, sizeof(*settings)); 3630 3631 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 3632 3633 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 3634 void *data; 3635 int len, i; 3636 3637 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3638 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3639 settings->n_ciphers_pairwise = len / sizeof(u32); 3640 3641 if (len % sizeof(u32)) 3642 return -EINVAL; 3643 3644 if (settings->n_ciphers_pairwise > cipher_limit) 3645 return -EINVAL; 3646 3647 memcpy(settings->ciphers_pairwise, data, len); 3648 3649 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3650 if (!nl80211_valid_cipher_suite( 3651 settings->ciphers_pairwise[i])) 3652 return -EINVAL; 3653 } 3654 3655 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 3656 settings->cipher_group = 3657 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 3658 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 3659 return -EINVAL; 3660 } 3661 3662 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 3663 settings->wpa_versions = 3664 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 3665 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 3666 return -EINVAL; 3667 } 3668 3669 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 3670 void *data; 3671 int len, i; 3672 3673 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 3674 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 3675 settings->n_akm_suites = len / sizeof(u32); 3676 3677 if (len % sizeof(u32)) 3678 return -EINVAL; 3679 3680 memcpy(settings->akm_suites, data, len); 3681 3682 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3683 if (!nl80211_valid_akm_suite(settings->akm_suites[i])) 3684 return -EINVAL; 3685 } 3686 3687 return 0; 3688} 3689 3690static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 3691{ 3692 struct cfg80211_registered_device *rdev; 3693 struct net_device *dev; 3694 struct cfg80211_crypto_settings crypto; 3695 struct ieee80211_channel *chan; 3696 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3697 int err, ssid_len, ie_len = 0; 3698 bool use_mfp = false; 3699 3700 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3701 return -EINVAL; 3702 3703 if (!info->attrs[NL80211_ATTR_MAC] || 3704 !info->attrs[NL80211_ATTR_SSID] || 3705 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3706 return -EINVAL; 3707 3708 rtnl_lock(); 3709 3710 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3711 if (err) 3712 goto unlock_rtnl; 3713 3714 if (!rdev->ops->assoc) { 3715 err = -EOPNOTSUPP; 3716 goto out; 3717 } 3718 3719 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3720 err = -EOPNOTSUPP; 3721 goto out; 3722 } 3723 3724 if (!netif_running(dev)) { 3725 err = -ENETDOWN; 3726 goto out; 3727 } 3728 3729 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3730 3731 chan = ieee80211_get_channel(&rdev->wiphy, 3732 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3733 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3734 err = -EINVAL; 3735 goto out; 3736 } 3737 3738 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3739 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3740 3741 if (info->attrs[NL80211_ATTR_IE]) { 3742 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3743 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3744 } 3745 3746 if (info->attrs[NL80211_ATTR_USE_MFP]) { 3747 enum nl80211_mfp mfp = 3748 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 3749 if (mfp == NL80211_MFP_REQUIRED) 3750 use_mfp = true; 3751 else if (mfp != NL80211_MFP_NO) { 3752 err = -EINVAL; 3753 goto out; 3754 } 3755 } 3756 3757 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 3758 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 3759 3760 err = nl80211_crypto_settings(info, &crypto, 1); 3761 if (!err) 3762 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 3763 ssid, ssid_len, ie, ie_len, use_mfp, 3764 &crypto); 3765 3766out: 3767 cfg80211_unlock_rdev(rdev); 3768 dev_put(dev); 3769unlock_rtnl: 3770 rtnl_unlock(); 3771 return err; 3772} 3773 3774static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 3775{ 3776 struct cfg80211_registered_device *rdev; 3777 struct net_device *dev; 3778 const u8 *ie = NULL, *bssid; 3779 int err, ie_len = 0; 3780 u16 reason_code; 3781 bool local_state_change; 3782 3783 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3784 return -EINVAL; 3785 3786 if (!info->attrs[NL80211_ATTR_MAC]) 3787 return -EINVAL; 3788 3789 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3790 return -EINVAL; 3791 3792 rtnl_lock(); 3793 3794 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3795 if (err) 3796 goto unlock_rtnl; 3797 3798 if (!rdev->ops->deauth) { 3799 err = -EOPNOTSUPP; 3800 goto out; 3801 } 3802 3803 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3804 err = -EOPNOTSUPP; 3805 goto out; 3806 } 3807 3808 if (!netif_running(dev)) { 3809 err = -ENETDOWN; 3810 goto out; 3811 } 3812 3813 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3814 3815 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3816 if (reason_code == 0) { 3817 /* Reason Code 0 is reserved */ 3818 err = -EINVAL; 3819 goto out; 3820 } 3821 3822 if (info->attrs[NL80211_ATTR_IE]) { 3823 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3824 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3825 } 3826 3827 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3828 3829 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 3830 local_state_change); 3831 3832out: 3833 cfg80211_unlock_rdev(rdev); 3834 dev_put(dev); 3835unlock_rtnl: 3836 rtnl_unlock(); 3837 return err; 3838} 3839 3840static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 3841{ 3842 struct cfg80211_registered_device *rdev; 3843 struct net_device *dev; 3844 const u8 *ie = NULL, *bssid; 3845 int err, ie_len = 0; 3846 u16 reason_code; 3847 bool local_state_change; 3848 3849 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3850 return -EINVAL; 3851 3852 if (!info->attrs[NL80211_ATTR_MAC]) 3853 return -EINVAL; 3854 3855 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3856 return -EINVAL; 3857 3858 rtnl_lock(); 3859 3860 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3861 if (err) 3862 goto unlock_rtnl; 3863 3864 if (!rdev->ops->disassoc) { 3865 err = -EOPNOTSUPP; 3866 goto out; 3867 } 3868 3869 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3870 err = -EOPNOTSUPP; 3871 goto out; 3872 } 3873 3874 if (!netif_running(dev)) { 3875 err = -ENETDOWN; 3876 goto out; 3877 } 3878 3879 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3880 3881 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3882 if (reason_code == 0) { 3883 /* Reason Code 0 is reserved */ 3884 err = -EINVAL; 3885 goto out; 3886 } 3887 3888 if (info->attrs[NL80211_ATTR_IE]) { 3889 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3890 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3891 } 3892 3893 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3894 3895 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 3896 local_state_change); 3897 3898out: 3899 cfg80211_unlock_rdev(rdev); 3900 dev_put(dev); 3901unlock_rtnl: 3902 rtnl_unlock(); 3903 return err; 3904} 3905 3906static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 3907{ 3908 struct cfg80211_registered_device *rdev; 3909 struct net_device *dev; 3910 struct cfg80211_ibss_params ibss; 3911 struct wiphy *wiphy; 3912 struct cfg80211_cached_keys *connkeys = NULL; 3913 int err; 3914 3915 memset(&ibss, 0, sizeof(ibss)); 3916 3917 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3918 return -EINVAL; 3919 3920 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 3921 !info->attrs[NL80211_ATTR_SSID] || 3922 !nla_len(info->attrs[NL80211_ATTR_SSID])) 3923 return -EINVAL; 3924 3925 ibss.beacon_interval = 100; 3926 3927 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 3928 ibss.beacon_interval = 3929 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3930 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 3931 return -EINVAL; 3932 } 3933 3934 rtnl_lock(); 3935 3936 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3937 if (err) 3938 goto unlock_rtnl; 3939 3940 if (!rdev->ops->join_ibss) { 3941 err = -EOPNOTSUPP; 3942 goto out; 3943 } 3944 3945 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3946 err = -EOPNOTSUPP; 3947 goto out; 3948 } 3949 3950 if (!netif_running(dev)) { 3951 err = -ENETDOWN; 3952 goto out; 3953 } 3954 3955 wiphy = &rdev->wiphy; 3956 3957 if (info->attrs[NL80211_ATTR_MAC]) 3958 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3959 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3960 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3961 3962 if (info->attrs[NL80211_ATTR_IE]) { 3963 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3964 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3965 } 3966 3967 ibss.channel = ieee80211_get_channel(wiphy, 3968 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3969 if (!ibss.channel || 3970 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 3971 ibss.channel->flags & IEEE80211_CHAN_DISABLED) { 3972 err = -EINVAL; 3973 goto out; 3974 } 3975 3976 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 3977 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3978 3979 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 3980 connkeys = nl80211_parse_connkeys(rdev, 3981 info->attrs[NL80211_ATTR_KEYS]); 3982 if (IS_ERR(connkeys)) { 3983 err = PTR_ERR(connkeys); 3984 connkeys = NULL; 3985 goto out; 3986 } 3987 } 3988 3989 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 3990 u8 *rates = 3991 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3992 int n_rates = 3993 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 3994 struct ieee80211_supported_band *sband = 3995 wiphy->bands[ibss.channel->band]; 3996 int i, j; 3997 3998 if (n_rates == 0) { 3999 err = -EINVAL; 4000 goto out; 4001 } 4002 4003 for (i = 0; i < n_rates; i++) { 4004 int rate = (rates[i] & 0x7f) * 5; 4005 bool found = false; 4006 4007 for (j = 0; j < sband->n_bitrates; j++) { 4008 if (sband->bitrates[j].bitrate == rate) { 4009 found = true; 4010 ibss.basic_rates |= BIT(j); 4011 break; 4012 } 4013 } 4014 if (!found) { 4015 err = -EINVAL; 4016 goto out; 4017 } 4018 } 4019 } else { 4020 /* 4021 * If no rates were explicitly configured, 4022 * use the mandatory rate set for 11b or 4023 * 11a for maximum compatibility. 4024 */ 4025 struct ieee80211_supported_band *sband = 4026 wiphy->bands[ibss.channel->band]; 4027 int j; 4028 u32 flag = ibss.channel->band == IEEE80211_BAND_5GHZ ? 4029 IEEE80211_RATE_MANDATORY_A : 4030 IEEE80211_RATE_MANDATORY_B; 4031 4032 for (j = 0; j < sband->n_bitrates; j++) { 4033 if (sband->bitrates[j].flags & flag) 4034 ibss.basic_rates |= BIT(j); 4035 } 4036 } 4037 4038 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 4039 4040out: 4041 cfg80211_unlock_rdev(rdev); 4042 dev_put(dev); 4043unlock_rtnl: 4044 if (err) 4045 kfree(connkeys); 4046 rtnl_unlock(); 4047 return err; 4048} 4049 4050static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 4051{ 4052 struct cfg80211_registered_device *rdev; 4053 struct net_device *dev; 4054 int err; 4055 4056 rtnl_lock(); 4057 4058 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4059 if (err) 4060 goto unlock_rtnl; 4061 4062 if (!rdev->ops->leave_ibss) { 4063 err = -EOPNOTSUPP; 4064 goto out; 4065 } 4066 4067 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4068 err = -EOPNOTSUPP; 4069 goto out; 4070 } 4071 4072 if (!netif_running(dev)) { 4073 err = -ENETDOWN; 4074 goto out; 4075 } 4076 4077 err = cfg80211_leave_ibss(rdev, dev, false); 4078 4079out: 4080 cfg80211_unlock_rdev(rdev); 4081 dev_put(dev); 4082unlock_rtnl: 4083 rtnl_unlock(); 4084 return err; 4085} 4086 4087#ifdef CONFIG_NL80211_TESTMODE 4088static struct genl_multicast_group nl80211_testmode_mcgrp = { 4089 .name = "testmode", 4090}; 4091 4092static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4093{ 4094 struct cfg80211_registered_device *rdev; 4095 int err; 4096 4097 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4098 return -EINVAL; 4099 4100 rtnl_lock(); 4101 4102 rdev = cfg80211_get_dev_from_info(info); 4103 if (IS_ERR(rdev)) { 4104 err = PTR_ERR(rdev); 4105 goto unlock_rtnl; 4106 } 4107 4108 err = -EOPNOTSUPP; 4109 if (rdev->ops->testmode_cmd) { 4110 rdev->testmode_info = info; 4111 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4112 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4113 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4114 rdev->testmode_info = NULL; 4115 } 4116 4117 cfg80211_unlock_rdev(rdev); 4118 4119 unlock_rtnl: 4120 rtnl_unlock(); 4121 return err; 4122} 4123 4124static struct sk_buff * 4125__cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 4126 int approxlen, u32 pid, u32 seq, gfp_t gfp) 4127{ 4128 struct sk_buff *skb; 4129 void *hdr; 4130 struct nlattr *data; 4131 4132 skb = nlmsg_new(approxlen + 100, gfp); 4133 if (!skb) 4134 return NULL; 4135 4136 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 4137 if (!hdr) { 4138 kfree_skb(skb); 4139 return NULL; 4140 } 4141 4142 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 4143 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4144 4145 ((void **)skb->cb)[0] = rdev; 4146 ((void **)skb->cb)[1] = hdr; 4147 ((void **)skb->cb)[2] = data; 4148 4149 return skb; 4150 4151 nla_put_failure: 4152 kfree_skb(skb); 4153 return NULL; 4154} 4155 4156struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 4157 int approxlen) 4158{ 4159 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4160 4161 if (WARN_ON(!rdev->testmode_info)) 4162 return NULL; 4163 4164 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 4165 rdev->testmode_info->snd_pid, 4166 rdev->testmode_info->snd_seq, 4167 GFP_KERNEL); 4168} 4169EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 4170 4171int cfg80211_testmode_reply(struct sk_buff *skb) 4172{ 4173 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 4174 void *hdr = ((void **)skb->cb)[1]; 4175 struct nlattr *data = ((void **)skb->cb)[2]; 4176 4177 if (WARN_ON(!rdev->testmode_info)) { 4178 kfree_skb(skb); 4179 return -EINVAL; 4180 } 4181 4182 nla_nest_end(skb, data); 4183 genlmsg_end(skb, hdr); 4184 return genlmsg_reply(skb, rdev->testmode_info); 4185} 4186EXPORT_SYMBOL(cfg80211_testmode_reply); 4187 4188struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 4189 int approxlen, gfp_t gfp) 4190{ 4191 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4192 4193 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 4194} 4195EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 4196 4197void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 4198{ 4199 void *hdr = ((void **)skb->cb)[1]; 4200 struct nlattr *data = ((void **)skb->cb)[2]; 4201 4202 nla_nest_end(skb, data); 4203 genlmsg_end(skb, hdr); 4204 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 4205} 4206EXPORT_SYMBOL(cfg80211_testmode_event); 4207#endif 4208 4209static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 4210{ 4211 struct cfg80211_registered_device *rdev; 4212 struct net_device *dev; 4213 struct cfg80211_connect_params connect; 4214 struct wiphy *wiphy; 4215 struct cfg80211_cached_keys *connkeys = NULL; 4216 int err; 4217 4218 memset(&connect, 0, sizeof(connect)); 4219 4220 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4221 return -EINVAL; 4222 4223 if (!info->attrs[NL80211_ATTR_SSID] || 4224 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4225 return -EINVAL; 4226 4227 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4228 connect.auth_type = 4229 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4230 if (!nl80211_valid_auth_type(connect.auth_type)) 4231 return -EINVAL; 4232 } else 4233 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4234 4235 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 4236 4237 err = nl80211_crypto_settings(info, &connect.crypto, 4238 NL80211_MAX_NR_CIPHER_SUITES); 4239 if (err) 4240 return err; 4241 rtnl_lock(); 4242 4243 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4244 if (err) 4245 goto unlock_rtnl; 4246 4247 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4248 err = -EOPNOTSUPP; 4249 goto out; 4250 } 4251 4252 if (!netif_running(dev)) { 4253 err = -ENETDOWN; 4254 goto out; 4255 } 4256 4257 wiphy = &rdev->wiphy; 4258 4259 if (info->attrs[NL80211_ATTR_MAC]) 4260 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4261 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4262 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4263 4264 if (info->attrs[NL80211_ATTR_IE]) { 4265 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4266 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4267 } 4268 4269 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4270 connect.channel = 4271 ieee80211_get_channel(wiphy, 4272 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4273 if (!connect.channel || 4274 connect.channel->flags & IEEE80211_CHAN_DISABLED) { 4275 err = -EINVAL; 4276 goto out; 4277 } 4278 } 4279 4280 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4281 connkeys = nl80211_parse_connkeys(rdev, 4282 info->attrs[NL80211_ATTR_KEYS]); 4283 if (IS_ERR(connkeys)) { 4284 err = PTR_ERR(connkeys); 4285 connkeys = NULL; 4286 goto out; 4287 } 4288 } 4289 4290 err = cfg80211_connect(rdev, dev, &connect, connkeys); 4291 4292out: 4293 cfg80211_unlock_rdev(rdev); 4294 dev_put(dev); 4295unlock_rtnl: 4296 if (err) 4297 kfree(connkeys); 4298 rtnl_unlock(); 4299 return err; 4300} 4301 4302static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 4303{ 4304 struct cfg80211_registered_device *rdev; 4305 struct net_device *dev; 4306 int err; 4307 u16 reason; 4308 4309 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4310 reason = WLAN_REASON_DEAUTH_LEAVING; 4311 else 4312 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4313 4314 if (reason == 0) 4315 return -EINVAL; 4316 4317 rtnl_lock(); 4318 4319 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4320 if (err) 4321 goto unlock_rtnl; 4322 4323 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4324 err = -EOPNOTSUPP; 4325 goto out; 4326 } 4327 4328 if (!netif_running(dev)) { 4329 err = -ENETDOWN; 4330 goto out; 4331 } 4332 4333 err = cfg80211_disconnect(rdev, dev, reason, true); 4334 4335out: 4336 cfg80211_unlock_rdev(rdev); 4337 dev_put(dev); 4338unlock_rtnl: 4339 rtnl_unlock(); 4340 return err; 4341} 4342 4343static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 4344{ 4345 struct cfg80211_registered_device *rdev; 4346 struct net *net; 4347 int err; 4348 u32 pid; 4349 4350 if (!info->attrs[NL80211_ATTR_PID]) 4351 return -EINVAL; 4352 4353 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 4354 4355 rtnl_lock(); 4356 4357 rdev = cfg80211_get_dev_from_info(info); 4358 if (IS_ERR(rdev)) { 4359 err = PTR_ERR(rdev); 4360 goto out_rtnl; 4361 } 4362 4363 net = get_net_ns_by_pid(pid); 4364 if (IS_ERR(net)) { 4365 err = PTR_ERR(net); 4366 goto out; 4367 } 4368 4369 err = 0; 4370 4371 /* check if anything to do */ 4372 if (net_eq(wiphy_net(&rdev->wiphy), net)) 4373 goto out_put_net; 4374 4375 err = cfg80211_switch_netns(rdev, net); 4376 out_put_net: 4377 put_net(net); 4378 out: 4379 cfg80211_unlock_rdev(rdev); 4380 out_rtnl: 4381 rtnl_unlock(); 4382 return err; 4383} 4384 4385static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 4386{ 4387 struct cfg80211_registered_device *rdev; 4388 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 4389 struct cfg80211_pmksa *pmksa) = NULL; 4390 int err; 4391 struct net_device *dev; 4392 struct cfg80211_pmksa pmksa; 4393 4394 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 4395 4396 if (!info->attrs[NL80211_ATTR_MAC]) 4397 return -EINVAL; 4398 4399 if (!info->attrs[NL80211_ATTR_PMKID]) 4400 return -EINVAL; 4401 4402 rtnl_lock(); 4403 4404 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4405 if (err) 4406 goto out_rtnl; 4407 4408 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 4409 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4410 4411 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4412 err = -EOPNOTSUPP; 4413 goto out; 4414 } 4415 4416 switch (info->genlhdr->cmd) { 4417 case NL80211_CMD_SET_PMKSA: 4418 rdev_ops = rdev->ops->set_pmksa; 4419 break; 4420 case NL80211_CMD_DEL_PMKSA: 4421 rdev_ops = rdev->ops->del_pmksa; 4422 break; 4423 default: 4424 WARN_ON(1); 4425 break; 4426 } 4427 4428 if (!rdev_ops) { 4429 err = -EOPNOTSUPP; 4430 goto out; 4431 } 4432 4433 err = rdev_ops(&rdev->wiphy, dev, &pmksa); 4434 4435 out: 4436 cfg80211_unlock_rdev(rdev); 4437 dev_put(dev); 4438 out_rtnl: 4439 rtnl_unlock(); 4440 4441 return err; 4442} 4443 4444static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 4445{ 4446 struct cfg80211_registered_device *rdev; 4447 int err; 4448 struct net_device *dev; 4449 4450 rtnl_lock(); 4451 4452 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4453 if (err) 4454 goto out_rtnl; 4455 4456 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4457 err = -EOPNOTSUPP; 4458 goto out; 4459 } 4460 4461 if (!rdev->ops->flush_pmksa) { 4462 err = -EOPNOTSUPP; 4463 goto out; 4464 } 4465 4466 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev); 4467 4468 out: 4469 cfg80211_unlock_rdev(rdev); 4470 dev_put(dev); 4471 out_rtnl: 4472 rtnl_unlock(); 4473 4474 return err; 4475 4476} 4477 4478static int nl80211_remain_on_channel(struct sk_buff *skb, 4479 struct genl_info *info) 4480{ 4481 struct cfg80211_registered_device *rdev; 4482 struct net_device *dev; 4483 struct ieee80211_channel *chan; 4484 struct sk_buff *msg; 4485 void *hdr; 4486 u64 cookie; 4487 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4488 u32 freq, duration; 4489 int err; 4490 4491 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4492 !info->attrs[NL80211_ATTR_DURATION]) 4493 return -EINVAL; 4494 4495 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 4496 4497 /* 4498 * We should be on that channel for at least one jiffie, 4499 * and more than 5 seconds seems excessive. 4500 */ 4501 if (!duration || !msecs_to_jiffies(duration) || duration > 5000) 4502 return -EINVAL; 4503 4504 rtnl_lock(); 4505 4506 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4507 if (err) 4508 goto unlock_rtnl; 4509 4510 if (!rdev->ops->remain_on_channel) { 4511 err = -EOPNOTSUPP; 4512 goto out; 4513 } 4514 4515 if (!netif_running(dev)) { 4516 err = -ENETDOWN; 4517 goto out; 4518 } 4519 4520 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4521 channel_type = nla_get_u32( 4522 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4523 if (channel_type != NL80211_CHAN_NO_HT && 4524 channel_type != NL80211_CHAN_HT20 && 4525 channel_type != NL80211_CHAN_HT40PLUS && 4526 channel_type != NL80211_CHAN_HT40MINUS) { 4527 err = -EINVAL; 4528 goto out; 4529 } 4530 } 4531 4532 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4533 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4534 if (chan == NULL) { 4535 err = -EINVAL; 4536 goto out; 4537 } 4538 4539 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4540 if (!msg) { 4541 err = -ENOMEM; 4542 goto out; 4543 } 4544 4545 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4546 NL80211_CMD_REMAIN_ON_CHANNEL); 4547 4548 if (IS_ERR(hdr)) { 4549 err = PTR_ERR(hdr); 4550 goto free_msg; 4551 } 4552 4553 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 4554 channel_type, duration, &cookie); 4555 4556 if (err) 4557 goto free_msg; 4558 4559 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4560 4561 genlmsg_end(msg, hdr); 4562 err = genlmsg_reply(msg, info); 4563 goto out; 4564 4565 nla_put_failure: 4566 err = -ENOBUFS; 4567 free_msg: 4568 nlmsg_free(msg); 4569 out: 4570 cfg80211_unlock_rdev(rdev); 4571 dev_put(dev); 4572 unlock_rtnl: 4573 rtnl_unlock(); 4574 return err; 4575} 4576 4577static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 4578 struct genl_info *info) 4579{ 4580 struct cfg80211_registered_device *rdev; 4581 struct net_device *dev; 4582 u64 cookie; 4583 int err; 4584 4585 if (!info->attrs[NL80211_ATTR_COOKIE]) 4586 return -EINVAL; 4587 4588 rtnl_lock(); 4589 4590 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4591 if (err) 4592 goto unlock_rtnl; 4593 4594 if (!rdev->ops->cancel_remain_on_channel) { 4595 err = -EOPNOTSUPP; 4596 goto out; 4597 } 4598 4599 if (!netif_running(dev)) { 4600 err = -ENETDOWN; 4601 goto out; 4602 } 4603 4604 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 4605 4606 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 4607 4608 out: 4609 cfg80211_unlock_rdev(rdev); 4610 dev_put(dev); 4611 unlock_rtnl: 4612 rtnl_unlock(); 4613 return err; 4614} 4615 4616static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4617 u8 *rates, u8 rates_len) 4618{ 4619 u8 i; 4620 u32 mask = 0; 4621 4622 for (i = 0; i < rates_len; i++) { 4623 int rate = (rates[i] & 0x7f) * 5; 4624 int ridx; 4625 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4626 struct ieee80211_rate *srate = 4627 &sband->bitrates[ridx]; 4628 if (rate == srate->bitrate) { 4629 mask |= 1 << ridx; 4630 break; 4631 } 4632 } 4633 if (ridx == sband->n_bitrates) 4634 return 0; /* rate not found */ 4635 } 4636 4637 return mask; 4638} 4639 4640static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 4641 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 4642 .len = NL80211_MAX_SUPP_RATES }, 4643}; 4644 4645static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 4646 struct genl_info *info) 4647{ 4648 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4649 struct cfg80211_registered_device *rdev; 4650 struct cfg80211_bitrate_mask mask; 4651 int err, rem, i; 4652 struct net_device *dev; 4653 struct nlattr *tx_rates; 4654 struct ieee80211_supported_band *sband; 4655 4656 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 4657 return -EINVAL; 4658 4659 rtnl_lock(); 4660 4661 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4662 if (err) 4663 goto unlock_rtnl; 4664 4665 if (!rdev->ops->set_bitrate_mask) { 4666 err = -EOPNOTSUPP; 4667 goto unlock; 4668 } 4669 4670 memset(&mask, 0, sizeof(mask)); 4671 /* Default to all rates enabled */ 4672 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 4673 sband = rdev->wiphy.bands[i]; 4674 mask.control[i].legacy = 4675 sband ? (1 << sband->n_bitrates) - 1 : 0; 4676 } 4677 4678 /* 4679 * The nested attribute uses enum nl80211_band as the index. This maps 4680 * directly to the enum ieee80211_band values used in cfg80211. 4681 */ 4682 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 4683 { 4684 enum ieee80211_band band = nla_type(tx_rates); 4685 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4686 err = -EINVAL; 4687 goto unlock; 4688 } 4689 sband = rdev->wiphy.bands[band]; 4690 if (sband == NULL) { 4691 err = -EINVAL; 4692 goto unlock; 4693 } 4694 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 4695 nla_len(tx_rates), nl80211_txattr_policy); 4696 if (tb[NL80211_TXRATE_LEGACY]) { 4697 mask.control[band].legacy = rateset_to_mask( 4698 sband, 4699 nla_data(tb[NL80211_TXRATE_LEGACY]), 4700 nla_len(tb[NL80211_TXRATE_LEGACY])); 4701 if (mask.control[band].legacy == 0) { 4702 err = -EINVAL; 4703 goto unlock; 4704 } 4705 } 4706 } 4707 4708 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 4709 4710 unlock: 4711 dev_put(dev); 4712 cfg80211_unlock_rdev(rdev); 4713 unlock_rtnl: 4714 rtnl_unlock(); 4715 return err; 4716} 4717 4718static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info) 4719{ 4720 struct cfg80211_registered_device *rdev; 4721 struct net_device *dev; 4722 int err; 4723 4724 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 4725 return -EINVAL; 4726 4727 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1) 4728 return -EINVAL; 4729 4730 rtnl_lock(); 4731 4732 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4733 if (err) 4734 goto unlock_rtnl; 4735 4736 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4737 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4738 err = -EOPNOTSUPP; 4739 goto out; 4740 } 4741 4742 /* not much point in registering if we can't reply */ 4743 if (!rdev->ops->action) { 4744 err = -EOPNOTSUPP; 4745 goto out; 4746 } 4747 4748 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid, 4749 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 4750 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 4751 out: 4752 cfg80211_unlock_rdev(rdev); 4753 dev_put(dev); 4754 unlock_rtnl: 4755 rtnl_unlock(); 4756 return err; 4757} 4758 4759static int nl80211_action(struct sk_buff *skb, struct genl_info *info) 4760{ 4761 struct cfg80211_registered_device *rdev; 4762 struct net_device *dev; 4763 struct ieee80211_channel *chan; 4764 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4765 bool channel_type_valid = false; 4766 u32 freq; 4767 int err; 4768 void *hdr; 4769 u64 cookie; 4770 struct sk_buff *msg; 4771 4772 if (!info->attrs[NL80211_ATTR_FRAME] || 4773 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4774 return -EINVAL; 4775 4776 rtnl_lock(); 4777 4778 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4779 if (err) 4780 goto unlock_rtnl; 4781 4782 if (!rdev->ops->action) { 4783 err = -EOPNOTSUPP; 4784 goto out; 4785 } 4786 4787 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION && 4788 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 4789 err = -EOPNOTSUPP; 4790 goto out; 4791 } 4792 4793 if (!netif_running(dev)) { 4794 err = -ENETDOWN; 4795 goto out; 4796 } 4797 4798 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4799 channel_type = nla_get_u32( 4800 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4801 if (channel_type != NL80211_CHAN_NO_HT && 4802 channel_type != NL80211_CHAN_HT20 && 4803 channel_type != NL80211_CHAN_HT40PLUS && 4804 channel_type != NL80211_CHAN_HT40MINUS) { 4805 err = -EINVAL; 4806 goto out; 4807 } 4808 channel_type_valid = true; 4809 } 4810 4811 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4812 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4813 if (chan == NULL) { 4814 err = -EINVAL; 4815 goto out; 4816 } 4817 4818 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4819 if (!msg) { 4820 err = -ENOMEM; 4821 goto out; 4822 } 4823 4824 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4825 NL80211_CMD_ACTION); 4826 4827 if (IS_ERR(hdr)) { 4828 err = PTR_ERR(hdr); 4829 goto free_msg; 4830 } 4831 err = cfg80211_mlme_action(rdev, dev, chan, channel_type, 4832 channel_type_valid, 4833 nla_data(info->attrs[NL80211_ATTR_FRAME]), 4834 nla_len(info->attrs[NL80211_ATTR_FRAME]), 4835 &cookie); 4836 if (err) 4837 goto free_msg; 4838 4839 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4840 4841 genlmsg_end(msg, hdr); 4842 err = genlmsg_reply(msg, info); 4843 goto out; 4844 4845 nla_put_failure: 4846 err = -ENOBUFS; 4847 free_msg: 4848 nlmsg_free(msg); 4849 out: 4850 cfg80211_unlock_rdev(rdev); 4851 dev_put(dev); 4852unlock_rtnl: 4853 rtnl_unlock(); 4854 return err; 4855} 4856 4857static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 4858{ 4859 struct cfg80211_registered_device *rdev; 4860 struct wireless_dev *wdev; 4861 struct net_device *dev; 4862 u8 ps_state; 4863 bool state; 4864 int err; 4865 4866 if (!info->attrs[NL80211_ATTR_PS_STATE]) { 4867 err = -EINVAL; 4868 goto out; 4869 } 4870 4871 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 4872 4873 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) { 4874 err = -EINVAL; 4875 goto out; 4876 } 4877 4878 rtnl_lock(); 4879 4880 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4881 if (err) 4882 goto unlock_rdev; 4883 4884 wdev = dev->ieee80211_ptr; 4885 4886 if (!rdev->ops->set_power_mgmt) { 4887 err = -EOPNOTSUPP; 4888 goto unlock_rdev; 4889 } 4890 4891 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 4892 4893 if (state == wdev->ps) 4894 goto unlock_rdev; 4895 4896 wdev->ps = state; 4897 4898 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps, 4899 wdev->ps_timeout)) 4900 /* assume this means it's off */ 4901 wdev->ps = false; 4902 4903unlock_rdev: 4904 cfg80211_unlock_rdev(rdev); 4905 dev_put(dev); 4906 rtnl_unlock(); 4907 4908out: 4909 return err; 4910} 4911 4912static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 4913{ 4914 struct cfg80211_registered_device *rdev; 4915 enum nl80211_ps_state ps_state; 4916 struct wireless_dev *wdev; 4917 struct net_device *dev; 4918 struct sk_buff *msg; 4919 void *hdr; 4920 int err; 4921 4922 rtnl_lock(); 4923 4924 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4925 if (err) 4926 goto unlock_rtnl; 4927 4928 wdev = dev->ieee80211_ptr; 4929 4930 if (!rdev->ops->set_power_mgmt) { 4931 err = -EOPNOTSUPP; 4932 goto out; 4933 } 4934 4935 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4936 if (!msg) { 4937 err = -ENOMEM; 4938 goto out; 4939 } 4940 4941 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4942 NL80211_CMD_GET_POWER_SAVE); 4943 if (!hdr) { 4944 err = -ENOMEM; 4945 goto free_msg; 4946 } 4947 4948 if (wdev->ps) 4949 ps_state = NL80211_PS_ENABLED; 4950 else 4951 ps_state = NL80211_PS_DISABLED; 4952 4953 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 4954 4955 genlmsg_end(msg, hdr); 4956 err = genlmsg_reply(msg, info); 4957 goto out; 4958 4959nla_put_failure: 4960 err = -ENOBUFS; 4961 4962free_msg: 4963 nlmsg_free(msg); 4964 4965out: 4966 cfg80211_unlock_rdev(rdev); 4967 dev_put(dev); 4968 4969unlock_rtnl: 4970 rtnl_unlock(); 4971 4972 return err; 4973} 4974 4975static struct nla_policy 4976nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 4977 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 4978 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 4979 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 4980}; 4981 4982static int nl80211_set_cqm_rssi(struct genl_info *info, 4983 s32 threshold, u32 hysteresis) 4984{ 4985 struct cfg80211_registered_device *rdev; 4986 struct wireless_dev *wdev; 4987 struct net_device *dev; 4988 int err; 4989 4990 if (threshold > 0) 4991 return -EINVAL; 4992 4993 rtnl_lock(); 4994 4995 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4996 if (err) 4997 goto unlock_rtnl; 4998 4999 wdev = dev->ieee80211_ptr; 5000 5001 if (!rdev->ops->set_cqm_rssi_config) { 5002 err = -EOPNOTSUPP; 5003 goto unlock_rdev; 5004 } 5005 5006 if (wdev->iftype != NL80211_IFTYPE_STATION) { 5007 err = -EOPNOTSUPP; 5008 goto unlock_rdev; 5009 } 5010 5011 err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 5012 threshold, hysteresis); 5013 5014 unlock_rdev: 5015 cfg80211_unlock_rdev(rdev); 5016 dev_put(dev); 5017 unlock_rtnl: 5018 rtnl_unlock(); 5019 5020 return err; 5021} 5022 5023static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 5024{ 5025 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 5026 struct nlattr *cqm; 5027 int err; 5028 5029 cqm = info->attrs[NL80211_ATTR_CQM]; 5030 if (!cqm) { 5031 err = -EINVAL; 5032 goto out; 5033 } 5034 5035 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 5036 nl80211_attr_cqm_policy); 5037 if (err) 5038 goto out; 5039 5040 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 5041 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 5042 s32 threshold; 5043 u32 hysteresis; 5044 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 5045 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 5046 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 5047 } else 5048 err = -EINVAL; 5049 5050out: 5051 return err; 5052} 5053 5054static struct genl_ops nl80211_ops[] = { 5055 { 5056 .cmd = NL80211_CMD_GET_WIPHY, 5057 .doit = nl80211_get_wiphy, 5058 .dumpit = nl80211_dump_wiphy, 5059 .policy = nl80211_policy, 5060 /* can be retrieved by unprivileged users */ 5061 }, 5062 { 5063 .cmd = NL80211_CMD_SET_WIPHY, 5064 .doit = nl80211_set_wiphy, 5065 .policy = nl80211_policy, 5066 .flags = GENL_ADMIN_PERM, 5067 }, 5068 { 5069 .cmd = NL80211_CMD_GET_INTERFACE, 5070 .doit = nl80211_get_interface, 5071 .dumpit = nl80211_dump_interface, 5072 .policy = nl80211_policy, 5073 /* can be retrieved by unprivileged users */ 5074 }, 5075 { 5076 .cmd = NL80211_CMD_SET_INTERFACE, 5077 .doit = nl80211_set_interface, 5078 .policy = nl80211_policy, 5079 .flags = GENL_ADMIN_PERM, 5080 }, 5081 { 5082 .cmd = NL80211_CMD_NEW_INTERFACE, 5083 .doit = nl80211_new_interface, 5084 .policy = nl80211_policy, 5085 .flags = GENL_ADMIN_PERM, 5086 }, 5087 { 5088 .cmd = NL80211_CMD_DEL_INTERFACE, 5089 .doit = nl80211_del_interface, 5090 .policy = nl80211_policy, 5091 .flags = GENL_ADMIN_PERM, 5092 }, 5093 { 5094 .cmd = NL80211_CMD_GET_KEY, 5095 .doit = nl80211_get_key, 5096 .policy = nl80211_policy, 5097 .flags = GENL_ADMIN_PERM, 5098 }, 5099 { 5100 .cmd = NL80211_CMD_SET_KEY, 5101 .doit = nl80211_set_key, 5102 .policy = nl80211_policy, 5103 .flags = GENL_ADMIN_PERM, 5104 }, 5105 { 5106 .cmd = NL80211_CMD_NEW_KEY, 5107 .doit = nl80211_new_key, 5108 .policy = nl80211_policy, 5109 .flags = GENL_ADMIN_PERM, 5110 }, 5111 { 5112 .cmd = NL80211_CMD_DEL_KEY, 5113 .doit = nl80211_del_key, 5114 .policy = nl80211_policy, 5115 .flags = GENL_ADMIN_PERM, 5116 }, 5117 { 5118 .cmd = NL80211_CMD_SET_BEACON, 5119 .policy = nl80211_policy, 5120 .flags = GENL_ADMIN_PERM, 5121 .doit = nl80211_addset_beacon, 5122 }, 5123 { 5124 .cmd = NL80211_CMD_NEW_BEACON, 5125 .policy = nl80211_policy, 5126 .flags = GENL_ADMIN_PERM, 5127 .doit = nl80211_addset_beacon, 5128 }, 5129 { 5130 .cmd = NL80211_CMD_DEL_BEACON, 5131 .policy = nl80211_policy, 5132 .flags = GENL_ADMIN_PERM, 5133 .doit = nl80211_del_beacon, 5134 }, 5135 { 5136 .cmd = NL80211_CMD_GET_STATION, 5137 .doit = nl80211_get_station, 5138 .dumpit = nl80211_dump_station, 5139 .policy = nl80211_policy, 5140 }, 5141 { 5142 .cmd = NL80211_CMD_SET_STATION, 5143 .doit = nl80211_set_station, 5144 .policy = nl80211_policy, 5145 .flags = GENL_ADMIN_PERM, 5146 }, 5147 { 5148 .cmd = NL80211_CMD_NEW_STATION, 5149 .doit = nl80211_new_station, 5150 .policy = nl80211_policy, 5151 .flags = GENL_ADMIN_PERM, 5152 }, 5153 { 5154 .cmd = NL80211_CMD_DEL_STATION, 5155 .doit = nl80211_del_station, 5156 .policy = nl80211_policy, 5157 .flags = GENL_ADMIN_PERM, 5158 }, 5159 { 5160 .cmd = NL80211_CMD_GET_MPATH, 5161 .doit = nl80211_get_mpath, 5162 .dumpit = nl80211_dump_mpath, 5163 .policy = nl80211_policy, 5164 .flags = GENL_ADMIN_PERM, 5165 }, 5166 { 5167 .cmd = NL80211_CMD_SET_MPATH, 5168 .doit = nl80211_set_mpath, 5169 .policy = nl80211_policy, 5170 .flags = GENL_ADMIN_PERM, 5171 }, 5172 { 5173 .cmd = NL80211_CMD_NEW_MPATH, 5174 .doit = nl80211_new_mpath, 5175 .policy = nl80211_policy, 5176 .flags = GENL_ADMIN_PERM, 5177 }, 5178 { 5179 .cmd = NL80211_CMD_DEL_MPATH, 5180 .doit = nl80211_del_mpath, 5181 .policy = nl80211_policy, 5182 .flags = GENL_ADMIN_PERM, 5183 }, 5184 { 5185 .cmd = NL80211_CMD_SET_BSS, 5186 .doit = nl80211_set_bss, 5187 .policy = nl80211_policy, 5188 .flags = GENL_ADMIN_PERM, 5189 }, 5190 { 5191 .cmd = NL80211_CMD_GET_REG, 5192 .doit = nl80211_get_reg, 5193 .policy = nl80211_policy, 5194 /* can be retrieved by unprivileged users */ 5195 }, 5196 { 5197 .cmd = NL80211_CMD_SET_REG, 5198 .doit = nl80211_set_reg, 5199 .policy = nl80211_policy, 5200 .flags = GENL_ADMIN_PERM, 5201 }, 5202 { 5203 .cmd = NL80211_CMD_REQ_SET_REG, 5204 .doit = nl80211_req_set_reg, 5205 .policy = nl80211_policy, 5206 .flags = GENL_ADMIN_PERM, 5207 }, 5208 { 5209 .cmd = NL80211_CMD_GET_MESH_PARAMS, 5210 .doit = nl80211_get_mesh_params, 5211 .policy = nl80211_policy, 5212 /* can be retrieved by unprivileged users */ 5213 }, 5214 { 5215 .cmd = NL80211_CMD_SET_MESH_PARAMS, 5216 .doit = nl80211_set_mesh_params, 5217 .policy = nl80211_policy, 5218 .flags = GENL_ADMIN_PERM, 5219 }, 5220 { 5221 .cmd = NL80211_CMD_TRIGGER_SCAN, 5222 .doit = nl80211_trigger_scan, 5223 .policy = nl80211_policy, 5224 .flags = GENL_ADMIN_PERM, 5225 }, 5226 { 5227 .cmd = NL80211_CMD_GET_SCAN, 5228 .policy = nl80211_policy, 5229 .dumpit = nl80211_dump_scan, 5230 }, 5231 { 5232 .cmd = NL80211_CMD_AUTHENTICATE, 5233 .doit = nl80211_authenticate, 5234 .policy = nl80211_policy, 5235 .flags = GENL_ADMIN_PERM, 5236 }, 5237 { 5238 .cmd = NL80211_CMD_ASSOCIATE, 5239 .doit = nl80211_associate, 5240 .policy = nl80211_policy, 5241 .flags = GENL_ADMIN_PERM, 5242 }, 5243 { 5244 .cmd = NL80211_CMD_DEAUTHENTICATE, 5245 .doit = nl80211_deauthenticate, 5246 .policy = nl80211_policy, 5247 .flags = GENL_ADMIN_PERM, 5248 }, 5249 { 5250 .cmd = NL80211_CMD_DISASSOCIATE, 5251 .doit = nl80211_disassociate, 5252 .policy = nl80211_policy, 5253 .flags = GENL_ADMIN_PERM, 5254 }, 5255 { 5256 .cmd = NL80211_CMD_JOIN_IBSS, 5257 .doit = nl80211_join_ibss, 5258 .policy = nl80211_policy, 5259 .flags = GENL_ADMIN_PERM, 5260 }, 5261 { 5262 .cmd = NL80211_CMD_LEAVE_IBSS, 5263 .doit = nl80211_leave_ibss, 5264 .policy = nl80211_policy, 5265 .flags = GENL_ADMIN_PERM, 5266 }, 5267#ifdef CONFIG_NL80211_TESTMODE 5268 { 5269 .cmd = NL80211_CMD_TESTMODE, 5270 .doit = nl80211_testmode_do, 5271 .policy = nl80211_policy, 5272 .flags = GENL_ADMIN_PERM, 5273 }, 5274#endif 5275 { 5276 .cmd = NL80211_CMD_CONNECT, 5277 .doit = nl80211_connect, 5278 .policy = nl80211_policy, 5279 .flags = GENL_ADMIN_PERM, 5280 }, 5281 { 5282 .cmd = NL80211_CMD_DISCONNECT, 5283 .doit = nl80211_disconnect, 5284 .policy = nl80211_policy, 5285 .flags = GENL_ADMIN_PERM, 5286 }, 5287 { 5288 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 5289 .doit = nl80211_wiphy_netns, 5290 .policy = nl80211_policy, 5291 .flags = GENL_ADMIN_PERM, 5292 }, 5293 { 5294 .cmd = NL80211_CMD_GET_SURVEY, 5295 .policy = nl80211_policy, 5296 .dumpit = nl80211_dump_survey, 5297 }, 5298 { 5299 .cmd = NL80211_CMD_SET_PMKSA, 5300 .doit = nl80211_setdel_pmksa, 5301 .policy = nl80211_policy, 5302 .flags = GENL_ADMIN_PERM, 5303 }, 5304 { 5305 .cmd = NL80211_CMD_DEL_PMKSA, 5306 .doit = nl80211_setdel_pmksa, 5307 .policy = nl80211_policy, 5308 .flags = GENL_ADMIN_PERM, 5309 }, 5310 { 5311 .cmd = NL80211_CMD_FLUSH_PMKSA, 5312 .doit = nl80211_flush_pmksa, 5313 .policy = nl80211_policy, 5314 .flags = GENL_ADMIN_PERM, 5315 }, 5316 { 5317 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 5318 .doit = nl80211_remain_on_channel, 5319 .policy = nl80211_policy, 5320 .flags = GENL_ADMIN_PERM, 5321 }, 5322 { 5323 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5324 .doit = nl80211_cancel_remain_on_channel, 5325 .policy = nl80211_policy, 5326 .flags = GENL_ADMIN_PERM, 5327 }, 5328 { 5329 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 5330 .doit = nl80211_set_tx_bitrate_mask, 5331 .policy = nl80211_policy, 5332 .flags = GENL_ADMIN_PERM, 5333 }, 5334 { 5335 .cmd = NL80211_CMD_REGISTER_ACTION, 5336 .doit = nl80211_register_action, 5337 .policy = nl80211_policy, 5338 .flags = GENL_ADMIN_PERM, 5339 }, 5340 { 5341 .cmd = NL80211_CMD_ACTION, 5342 .doit = nl80211_action, 5343 .policy = nl80211_policy, 5344 .flags = GENL_ADMIN_PERM, 5345 }, 5346 { 5347 .cmd = NL80211_CMD_SET_POWER_SAVE, 5348 .doit = nl80211_set_power_save, 5349 .policy = nl80211_policy, 5350 .flags = GENL_ADMIN_PERM, 5351 }, 5352 { 5353 .cmd = NL80211_CMD_GET_POWER_SAVE, 5354 .doit = nl80211_get_power_save, 5355 .policy = nl80211_policy, 5356 /* can be retrieved by unprivileged users */ 5357 }, 5358 { 5359 .cmd = NL80211_CMD_SET_CQM, 5360 .doit = nl80211_set_cqm, 5361 .policy = nl80211_policy, 5362 .flags = GENL_ADMIN_PERM, 5363 }, 5364 { 5365 .cmd = NL80211_CMD_SET_CHANNEL, 5366 .doit = nl80211_set_channel, 5367 .policy = nl80211_policy, 5368 .flags = GENL_ADMIN_PERM, 5369 }, 5370}; 5371 5372static struct genl_multicast_group nl80211_mlme_mcgrp = { 5373 .name = "mlme", 5374}; 5375 5376/* multicast groups */ 5377static struct genl_multicast_group nl80211_config_mcgrp = { 5378 .name = "config", 5379}; 5380static struct genl_multicast_group nl80211_scan_mcgrp = { 5381 .name = "scan", 5382}; 5383static struct genl_multicast_group nl80211_regulatory_mcgrp = { 5384 .name = "regulatory", 5385}; 5386 5387/* notification functions */ 5388 5389void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 5390{ 5391 struct sk_buff *msg; 5392 5393 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5394 if (!msg) 5395 return; 5396 5397 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 5398 nlmsg_free(msg); 5399 return; 5400 } 5401 5402 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5403 nl80211_config_mcgrp.id, GFP_KERNEL); 5404} 5405 5406static int nl80211_add_scan_req(struct sk_buff *msg, 5407 struct cfg80211_registered_device *rdev) 5408{ 5409 struct cfg80211_scan_request *req = rdev->scan_req; 5410 struct nlattr *nest; 5411 int i; 5412 5413 ASSERT_RDEV_LOCK(rdev); 5414 5415 if (WARN_ON(!req)) 5416 return 0; 5417 5418 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 5419 if (!nest) 5420 goto nla_put_failure; 5421 for (i = 0; i < req->n_ssids; i++) 5422 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 5423 nla_nest_end(msg, nest); 5424 5425 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5426 if (!nest) 5427 goto nla_put_failure; 5428 for (i = 0; i < req->n_channels; i++) 5429 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 5430 nla_nest_end(msg, nest); 5431 5432 if (req->ie) 5433 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 5434 5435 return 0; 5436 nla_put_failure: 5437 return -ENOBUFS; 5438} 5439 5440static int nl80211_send_scan_msg(struct sk_buff *msg, 5441 struct cfg80211_registered_device *rdev, 5442 struct net_device *netdev, 5443 u32 pid, u32 seq, int flags, 5444 u32 cmd) 5445{ 5446 void *hdr; 5447 5448 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 5449 if (!hdr) 5450 return -1; 5451 5452 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5453 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5454 5455 /* ignore errors and send incomplete event anyway */ 5456 nl80211_add_scan_req(msg, rdev); 5457 5458 return genlmsg_end(msg, hdr); 5459 5460 nla_put_failure: 5461 genlmsg_cancel(msg, hdr); 5462 return -EMSGSIZE; 5463} 5464 5465void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 5466 struct net_device *netdev) 5467{ 5468 struct sk_buff *msg; 5469 5470 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5471 if (!msg) 5472 return; 5473 5474 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5475 NL80211_CMD_TRIGGER_SCAN) < 0) { 5476 nlmsg_free(msg); 5477 return; 5478 } 5479 5480 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5481 nl80211_scan_mcgrp.id, GFP_KERNEL); 5482} 5483 5484void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 5485 struct net_device *netdev) 5486{ 5487 struct sk_buff *msg; 5488 5489 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5490 if (!msg) 5491 return; 5492 5493 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5494 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 5495 nlmsg_free(msg); 5496 return; 5497 } 5498 5499 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5500 nl80211_scan_mcgrp.id, GFP_KERNEL); 5501} 5502 5503void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 5504 struct net_device *netdev) 5505{ 5506 struct sk_buff *msg; 5507 5508 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5509 if (!msg) 5510 return; 5511 5512 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5513 NL80211_CMD_SCAN_ABORTED) < 0) { 5514 nlmsg_free(msg); 5515 return; 5516 } 5517 5518 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5519 nl80211_scan_mcgrp.id, GFP_KERNEL); 5520} 5521 5522/* 5523 * This can happen on global regulatory changes or device specific settings 5524 * based on custom world regulatory domains. 5525 */ 5526void nl80211_send_reg_change_event(struct regulatory_request *request) 5527{ 5528 struct sk_buff *msg; 5529 void *hdr; 5530 5531 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5532 if (!msg) 5533 return; 5534 5535 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 5536 if (!hdr) { 5537 nlmsg_free(msg); 5538 return; 5539 } 5540 5541 /* Userspace can always count this one always being set */ 5542 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 5543 5544 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 5545 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5546 NL80211_REGDOM_TYPE_WORLD); 5547 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 5548 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5549 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 5550 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 5551 request->intersect) 5552 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5553 NL80211_REGDOM_TYPE_INTERSECTION); 5554 else { 5555 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5556 NL80211_REGDOM_TYPE_COUNTRY); 5557 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 5558 } 5559 5560 if (wiphy_idx_valid(request->wiphy_idx)) 5561 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 5562 5563 if (genlmsg_end(msg, hdr) < 0) { 5564 nlmsg_free(msg); 5565 return; 5566 } 5567 5568 rcu_read_lock(); 5569 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5570 GFP_ATOMIC); 5571 rcu_read_unlock(); 5572 5573 return; 5574 5575nla_put_failure: 5576 genlmsg_cancel(msg, hdr); 5577 nlmsg_free(msg); 5578} 5579 5580static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 5581 struct net_device *netdev, 5582 const u8 *buf, size_t len, 5583 enum nl80211_commands cmd, gfp_t gfp) 5584{ 5585 struct sk_buff *msg; 5586 void *hdr; 5587 5588 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5589 if (!msg) 5590 return; 5591 5592 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5593 if (!hdr) { 5594 nlmsg_free(msg); 5595 return; 5596 } 5597 5598 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5599 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5600 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5601 5602 if (genlmsg_end(msg, hdr) < 0) { 5603 nlmsg_free(msg); 5604 return; 5605 } 5606 5607 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5608 nl80211_mlme_mcgrp.id, gfp); 5609 return; 5610 5611 nla_put_failure: 5612 genlmsg_cancel(msg, hdr); 5613 nlmsg_free(msg); 5614} 5615 5616void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 5617 struct net_device *netdev, const u8 *buf, 5618 size_t len, gfp_t gfp) 5619{ 5620 nl80211_send_mlme_event(rdev, netdev, buf, len, 5621 NL80211_CMD_AUTHENTICATE, gfp); 5622} 5623 5624void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 5625 struct net_device *netdev, const u8 *buf, 5626 size_t len, gfp_t gfp) 5627{ 5628 nl80211_send_mlme_event(rdev, netdev, buf, len, 5629 NL80211_CMD_ASSOCIATE, gfp); 5630} 5631 5632void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 5633 struct net_device *netdev, const u8 *buf, 5634 size_t len, gfp_t gfp) 5635{ 5636 nl80211_send_mlme_event(rdev, netdev, buf, len, 5637 NL80211_CMD_DEAUTHENTICATE, gfp); 5638} 5639 5640void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 5641 struct net_device *netdev, const u8 *buf, 5642 size_t len, gfp_t gfp) 5643{ 5644 nl80211_send_mlme_event(rdev, netdev, buf, len, 5645 NL80211_CMD_DISASSOCIATE, gfp); 5646} 5647 5648static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 5649 struct net_device *netdev, int cmd, 5650 const u8 *addr, gfp_t gfp) 5651{ 5652 struct sk_buff *msg; 5653 void *hdr; 5654 5655 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5656 if (!msg) 5657 return; 5658 5659 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5660 if (!hdr) { 5661 nlmsg_free(msg); 5662 return; 5663 } 5664 5665 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5666 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5667 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 5668 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5669 5670 if (genlmsg_end(msg, hdr) < 0) { 5671 nlmsg_free(msg); 5672 return; 5673 } 5674 5675 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5676 nl80211_mlme_mcgrp.id, gfp); 5677 return; 5678 5679 nla_put_failure: 5680 genlmsg_cancel(msg, hdr); 5681 nlmsg_free(msg); 5682} 5683 5684void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 5685 struct net_device *netdev, const u8 *addr, 5686 gfp_t gfp) 5687{ 5688 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 5689 addr, gfp); 5690} 5691 5692void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 5693 struct net_device *netdev, const u8 *addr, 5694 gfp_t gfp) 5695{ 5696 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 5697 addr, gfp); 5698} 5699 5700void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 5701 struct net_device *netdev, const u8 *bssid, 5702 const u8 *req_ie, size_t req_ie_len, 5703 const u8 *resp_ie, size_t resp_ie_len, 5704 u16 status, gfp_t gfp) 5705{ 5706 struct sk_buff *msg; 5707 void *hdr; 5708 5709 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5710 if (!msg) 5711 return; 5712 5713 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 5714 if (!hdr) { 5715 nlmsg_free(msg); 5716 return; 5717 } 5718 5719 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5720 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5721 if (bssid) 5722 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5723 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 5724 if (req_ie) 5725 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5726 if (resp_ie) 5727 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5728 5729 if (genlmsg_end(msg, hdr) < 0) { 5730 nlmsg_free(msg); 5731 return; 5732 } 5733 5734 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5735 nl80211_mlme_mcgrp.id, gfp); 5736 return; 5737 5738 nla_put_failure: 5739 genlmsg_cancel(msg, hdr); 5740 nlmsg_free(msg); 5741 5742} 5743 5744void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 5745 struct net_device *netdev, const u8 *bssid, 5746 const u8 *req_ie, size_t req_ie_len, 5747 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 5748{ 5749 struct sk_buff *msg; 5750 void *hdr; 5751 5752 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5753 if (!msg) 5754 return; 5755 5756 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 5757 if (!hdr) { 5758 nlmsg_free(msg); 5759 return; 5760 } 5761 5762 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5763 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5764 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5765 if (req_ie) 5766 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5767 if (resp_ie) 5768 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5769 5770 if (genlmsg_end(msg, hdr) < 0) { 5771 nlmsg_free(msg); 5772 return; 5773 } 5774 5775 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5776 nl80211_mlme_mcgrp.id, gfp); 5777 return; 5778 5779 nla_put_failure: 5780 genlmsg_cancel(msg, hdr); 5781 nlmsg_free(msg); 5782 5783} 5784 5785void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 5786 struct net_device *netdev, u16 reason, 5787 const u8 *ie, size_t ie_len, bool from_ap) 5788{ 5789 struct sk_buff *msg; 5790 void *hdr; 5791 5792 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5793 if (!msg) 5794 return; 5795 5796 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 5797 if (!hdr) { 5798 nlmsg_free(msg); 5799 return; 5800 } 5801 5802 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5803 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5804 if (from_ap && reason) 5805 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 5806 if (from_ap) 5807 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 5808 if (ie) 5809 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 5810 5811 if (genlmsg_end(msg, hdr) < 0) { 5812 nlmsg_free(msg); 5813 return; 5814 } 5815 5816 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5817 nl80211_mlme_mcgrp.id, GFP_KERNEL); 5818 return; 5819 5820 nla_put_failure: 5821 genlmsg_cancel(msg, hdr); 5822 nlmsg_free(msg); 5823 5824} 5825 5826void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 5827 struct net_device *netdev, const u8 *bssid, 5828 gfp_t gfp) 5829{ 5830 struct sk_buff *msg; 5831 void *hdr; 5832 5833 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5834 if (!msg) 5835 return; 5836 5837 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 5838 if (!hdr) { 5839 nlmsg_free(msg); 5840 return; 5841 } 5842 5843 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5844 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5845 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5846 5847 if (genlmsg_end(msg, hdr) < 0) { 5848 nlmsg_free(msg); 5849 return; 5850 } 5851 5852 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5853 nl80211_mlme_mcgrp.id, gfp); 5854 return; 5855 5856 nla_put_failure: 5857 genlmsg_cancel(msg, hdr); 5858 nlmsg_free(msg); 5859} 5860 5861void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5862 struct net_device *netdev, const u8 *addr, 5863 enum nl80211_key_type key_type, int key_id, 5864 const u8 *tsc, gfp_t gfp) 5865{ 5866 struct sk_buff *msg; 5867 void *hdr; 5868 5869 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5870 if (!msg) 5871 return; 5872 5873 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 5874 if (!hdr) { 5875 nlmsg_free(msg); 5876 return; 5877 } 5878 5879 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5880 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5881 if (addr) 5882 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5883 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 5884 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 5885 if (tsc) 5886 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 5887 5888 if (genlmsg_end(msg, hdr) < 0) { 5889 nlmsg_free(msg); 5890 return; 5891 } 5892 5893 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5894 nl80211_mlme_mcgrp.id, gfp); 5895 return; 5896 5897 nla_put_failure: 5898 genlmsg_cancel(msg, hdr); 5899 nlmsg_free(msg); 5900} 5901 5902void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 5903 struct ieee80211_channel *channel_before, 5904 struct ieee80211_channel *channel_after) 5905{ 5906 struct sk_buff *msg; 5907 void *hdr; 5908 struct nlattr *nl_freq; 5909 5910 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 5911 if (!msg) 5912 return; 5913 5914 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 5915 if (!hdr) { 5916 nlmsg_free(msg); 5917 return; 5918 } 5919 5920 /* 5921 * Since we are applying the beacon hint to a wiphy we know its 5922 * wiphy_idx is valid 5923 */ 5924 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 5925 5926 /* Before */ 5927 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 5928 if (!nl_freq) 5929 goto nla_put_failure; 5930 if (nl80211_msg_put_channel(msg, channel_before)) 5931 goto nla_put_failure; 5932 nla_nest_end(msg, nl_freq); 5933 5934 /* After */ 5935 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 5936 if (!nl_freq) 5937 goto nla_put_failure; 5938 if (nl80211_msg_put_channel(msg, channel_after)) 5939 goto nla_put_failure; 5940 nla_nest_end(msg, nl_freq); 5941 5942 if (genlmsg_end(msg, hdr) < 0) { 5943 nlmsg_free(msg); 5944 return; 5945 } 5946 5947 rcu_read_lock(); 5948 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5949 GFP_ATOMIC); 5950 rcu_read_unlock(); 5951 5952 return; 5953 5954nla_put_failure: 5955 genlmsg_cancel(msg, hdr); 5956 nlmsg_free(msg); 5957} 5958 5959static void nl80211_send_remain_on_chan_event( 5960 int cmd, struct cfg80211_registered_device *rdev, 5961 struct net_device *netdev, u64 cookie, 5962 struct ieee80211_channel *chan, 5963 enum nl80211_channel_type channel_type, 5964 unsigned int duration, gfp_t gfp) 5965{ 5966 struct sk_buff *msg; 5967 void *hdr; 5968 5969 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5970 if (!msg) 5971 return; 5972 5973 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5974 if (!hdr) { 5975 nlmsg_free(msg); 5976 return; 5977 } 5978 5979 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5980 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5981 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 5982 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 5983 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5984 5985 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 5986 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5987 5988 if (genlmsg_end(msg, hdr) < 0) { 5989 nlmsg_free(msg); 5990 return; 5991 } 5992 5993 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5994 nl80211_mlme_mcgrp.id, gfp); 5995 return; 5996 5997 nla_put_failure: 5998 genlmsg_cancel(msg, hdr); 5999 nlmsg_free(msg); 6000} 6001 6002void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 6003 struct net_device *netdev, u64 cookie, 6004 struct ieee80211_channel *chan, 6005 enum nl80211_channel_type channel_type, 6006 unsigned int duration, gfp_t gfp) 6007{ 6008 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 6009 rdev, netdev, cookie, chan, 6010 channel_type, duration, gfp); 6011} 6012 6013void nl80211_send_remain_on_channel_cancel( 6014 struct cfg80211_registered_device *rdev, struct net_device *netdev, 6015 u64 cookie, struct ieee80211_channel *chan, 6016 enum nl80211_channel_type channel_type, gfp_t gfp) 6017{ 6018 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 6019 rdev, netdev, cookie, chan, 6020 channel_type, 0, gfp); 6021} 6022 6023void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 6024 struct net_device *dev, const u8 *mac_addr, 6025 struct station_info *sinfo, gfp_t gfp) 6026{ 6027 struct sk_buff *msg; 6028 6029 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6030 if (!msg) 6031 return; 6032 6033 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) { 6034 nlmsg_free(msg); 6035 return; 6036 } 6037 6038 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6039 nl80211_mlme_mcgrp.id, gfp); 6040} 6041 6042int nl80211_send_action(struct cfg80211_registered_device *rdev, 6043 struct net_device *netdev, u32 nlpid, 6044 int freq, const u8 *buf, size_t len, gfp_t gfp) 6045{ 6046 struct sk_buff *msg; 6047 void *hdr; 6048 int err; 6049 6050 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6051 if (!msg) 6052 return -ENOMEM; 6053 6054 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION); 6055 if (!hdr) { 6056 nlmsg_free(msg); 6057 return -ENOMEM; 6058 } 6059 6060 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6061 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6062 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 6063 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6064 6065 err = genlmsg_end(msg, hdr); 6066 if (err < 0) { 6067 nlmsg_free(msg); 6068 return err; 6069 } 6070 6071 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 6072 if (err < 0) 6073 return err; 6074 return 0; 6075 6076 nla_put_failure: 6077 genlmsg_cancel(msg, hdr); 6078 nlmsg_free(msg); 6079 return -ENOBUFS; 6080} 6081 6082void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev, 6083 struct net_device *netdev, u64 cookie, 6084 const u8 *buf, size_t len, bool ack, 6085 gfp_t gfp) 6086{ 6087 struct sk_buff *msg; 6088 void *hdr; 6089 6090 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6091 if (!msg) 6092 return; 6093 6094 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS); 6095 if (!hdr) { 6096 nlmsg_free(msg); 6097 return; 6098 } 6099 6100 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6101 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6102 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6103 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6104 if (ack) 6105 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 6106 6107 if (genlmsg_end(msg, hdr) < 0) { 6108 nlmsg_free(msg); 6109 return; 6110 } 6111 6112 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 6113 return; 6114 6115 nla_put_failure: 6116 genlmsg_cancel(msg, hdr); 6117 nlmsg_free(msg); 6118} 6119 6120void 6121nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 6122 struct net_device *netdev, 6123 enum nl80211_cqm_rssi_threshold_event rssi_event, 6124 gfp_t gfp) 6125{ 6126 struct sk_buff *msg; 6127 struct nlattr *pinfoattr; 6128 void *hdr; 6129 6130 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6131 if (!msg) 6132 return; 6133 6134 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 6135 if (!hdr) { 6136 nlmsg_free(msg); 6137 return; 6138 } 6139 6140 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6141 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6142 6143 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 6144 if (!pinfoattr) 6145 goto nla_put_failure; 6146 6147 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 6148 rssi_event); 6149 6150 nla_nest_end(msg, pinfoattr); 6151 6152 if (genlmsg_end(msg, hdr) < 0) { 6153 nlmsg_free(msg); 6154 return; 6155 } 6156 6157 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6158 nl80211_mlme_mcgrp.id, gfp); 6159 return; 6160 6161 nla_put_failure: 6162 genlmsg_cancel(msg, hdr); 6163 nlmsg_free(msg); 6164} 6165 6166static int nl80211_netlink_notify(struct notifier_block * nb, 6167 unsigned long state, 6168 void *_notify) 6169{ 6170 struct netlink_notify *notify = _notify; 6171 struct cfg80211_registered_device *rdev; 6172 struct wireless_dev *wdev; 6173 6174 if (state != NETLINK_URELEASE) 6175 return NOTIFY_DONE; 6176 6177 rcu_read_lock(); 6178 6179 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) 6180 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 6181 cfg80211_mlme_unregister_actions(wdev, notify->pid); 6182 6183 rcu_read_unlock(); 6184 6185 return NOTIFY_DONE; 6186} 6187 6188static struct notifier_block nl80211_netlink_notifier = { 6189 .notifier_call = nl80211_netlink_notify, 6190}; 6191 6192/* initialisation/exit functions */ 6193 6194int nl80211_init(void) 6195{ 6196 int err; 6197 6198 err = genl_register_family_with_ops(&nl80211_fam, 6199 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 6200 if (err) 6201 return err; 6202 6203 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 6204 if (err) 6205 goto err_out; 6206 6207 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 6208 if (err) 6209 goto err_out; 6210 6211 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 6212 if (err) 6213 goto err_out; 6214 6215 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 6216 if (err) 6217 goto err_out; 6218 6219#ifdef CONFIG_NL80211_TESTMODE 6220 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 6221 if (err) 6222 goto err_out; 6223#endif 6224 6225 err = netlink_register_notifier(&nl80211_netlink_notifier); 6226 if (err) 6227 goto err_out; 6228 6229 return 0; 6230 err_out: 6231 genl_unregister_family(&nl80211_fam); 6232 return err; 6233} 6234 6235void nl80211_exit(void) 6236{ 6237 netlink_unregister_notifier(&nl80211_netlink_notifier); 6238 genl_unregister_family(&nl80211_fam); 6239} 6240