1 /* 2 * This is the new netlink-based wireless configuration interface. 3 * 4 * Copyright 2006-2010 Johannes Berg <johannes@sipsolutions.net> 5 */ 6 7 #include <linux/if.h> 8 #include <linux/module.h> 9 #include <linux/err.h> 10 #include <linux/slab.h> 11 #include <linux/list.h> 12 #include <linux/if_ether.h> 13 #include <linux/ieee80211.h> 14 #include <linux/nl80211.h> 15 #include <linux/rtnetlink.h> 16 #include <linux/netlink.h> 17 #include <linux/etherdevice.h> 18 #include <net/net_namespace.h> 19 #include <net/genetlink.h> 20 #include <net/cfg80211.h> 21 #include <net/sock.h> 22 #include "core.h" 23 #include "nl80211.h" 24 #include "reg.h" 25 26 /* the netlink family */ 27 static struct genl_family nl80211_fam = { 28 .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */ 29 .name = "nl80211", /* have users key off the name instead */ 30 .hdrsize = 0, /* no private header */ 31 .version = 1, /* no particular meaning now */ 32 .maxattr = NL80211_ATTR_MAX, 33 .netnsok = true, 34 }; 35 36 /* internal helper: get rdev and dev */ 37 static int get_rdev_dev_by_info_ifindex(struct genl_info *info, 38 struct cfg80211_registered_device **rdev, 39 struct net_device **dev) 40 { 41 struct nlattr **attrs = info->attrs; 42 int ifindex; 43 44 if (!attrs[NL80211_ATTR_IFINDEX]) 45 return -EINVAL; 46 47 ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]); 48 *dev = dev_get_by_index(genl_info_net(info), ifindex); 49 if (!*dev) 50 return -ENODEV; 51 52 *rdev = cfg80211_get_dev_from_ifindex(genl_info_net(info), ifindex); 53 if (IS_ERR(*rdev)) { 54 dev_put(*dev); 55 return PTR_ERR(*rdev); 56 } 57 58 return 0; 59 } 60 61 /* policy for the attributes */ 62 static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = { 63 [NL80211_ATTR_WIPHY] = { .type = NLA_U32 }, 64 [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING, 65 .len = 20-1 }, 66 [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED }, 67 [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 }, 68 [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 }, 69 [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 }, 70 [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 }, 71 [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 }, 72 [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 }, 73 [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 }, 74 75 [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 }, 76 [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 }, 77 [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 }, 78 79 [NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN }, 80 [NL80211_ATTR_PREV_BSSID] = { .type = NLA_BINARY, .len = ETH_ALEN }, 81 82 [NL80211_ATTR_KEY] = { .type = NLA_NESTED, }, 83 [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY, 84 .len = WLAN_MAX_KEY_LEN }, 85 [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 }, 86 [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 }, 87 [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG }, 88 [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 89 90 [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 }, 91 [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 }, 92 [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY, 93 .len = IEEE80211_MAX_DATA_LEN }, 94 [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY, 95 .len = IEEE80211_MAX_DATA_LEN }, 96 [NL80211_ATTR_STA_AID] = { .type = NLA_U16 }, 97 [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED }, 98 [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 }, 99 [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY, 100 .len = NL80211_MAX_SUPP_RATES }, 101 [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 }, 102 [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 }, 103 [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ }, 104 [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY, 105 .len = IEEE80211_MAX_MESH_ID_LEN }, 106 [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 }, 107 108 [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 }, 109 [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED }, 110 111 [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 }, 112 [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 }, 113 [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 }, 114 [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY, 115 .len = NL80211_MAX_SUPP_RATES }, 116 117 [NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED }, 118 119 [NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY, 120 .len = NL80211_HT_CAPABILITY_LEN }, 121 122 [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 }, 123 [NL80211_ATTR_IE] = { .type = NLA_BINARY, 124 .len = IEEE80211_MAX_DATA_LEN }, 125 [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED }, 126 [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED }, 127 128 [NL80211_ATTR_SSID] = { .type = NLA_BINARY, 129 .len = IEEE80211_MAX_SSID_LEN }, 130 [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 }, 131 [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 }, 132 [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG }, 133 [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG }, 134 [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 }, 135 [NL80211_ATTR_STA_FLAGS2] = { 136 .len = sizeof(struct nl80211_sta_flag_update), 137 }, 138 [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG }, 139 [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG }, 140 [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 }, 141 [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 }, 142 [NL80211_ATTR_PID] = { .type = NLA_U32 }, 143 [NL80211_ATTR_4ADDR] = { .type = NLA_U8 }, 144 [NL80211_ATTR_PMKID] = { .type = NLA_BINARY, 145 .len = WLAN_PMKID_LEN }, 146 [NL80211_ATTR_DURATION] = { .type = NLA_U32 }, 147 [NL80211_ATTR_COOKIE] = { .type = NLA_U64 }, 148 [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED }, 149 [NL80211_ATTR_FRAME] = { .type = NLA_BINARY, 150 .len = IEEE80211_MAX_DATA_LEN }, 151 [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, }, 152 [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 }, 153 [NL80211_ATTR_CQM] = { .type = NLA_NESTED, }, 154 [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG }, 155 [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 }, 156 }; 157 158 /* policy for the attributes */ 159 static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = { 160 [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN }, 161 [NL80211_KEY_IDX] = { .type = NLA_U8 }, 162 [NL80211_KEY_CIPHER] = { .type = NLA_U32 }, 163 [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 8 }, 164 [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG }, 165 [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG }, 166 }; 167 168 /* ifidx get helper */ 169 static int nl80211_get_ifidx(struct netlink_callback *cb) 170 { 171 int res; 172 173 res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize, 174 nl80211_fam.attrbuf, nl80211_fam.maxattr, 175 nl80211_policy); 176 if (res) 177 return res; 178 179 if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]) 180 return -EINVAL; 181 182 res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]); 183 if (!res) 184 return -EINVAL; 185 return res; 186 } 187 188 /* IE validation */ 189 static bool is_valid_ie_attr(const struct nlattr *attr) 190 { 191 const u8 *pos; 192 int len; 193 194 if (!attr) 195 return true; 196 197 pos = nla_data(attr); 198 len = nla_len(attr); 199 200 while (len) { 201 u8 elemlen; 202 203 if (len < 2) 204 return false; 205 len -= 2; 206 207 elemlen = pos[1]; 208 if (elemlen > len) 209 return false; 210 211 len -= elemlen; 212 pos += 2 + elemlen; 213 } 214 215 return true; 216 } 217 218 /* message building helper */ 219 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq, 220 int flags, u8 cmd) 221 { 222 /* since there is no private header just add the generic one */ 223 return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd); 224 } 225 226 static int nl80211_msg_put_channel(struct sk_buff *msg, 227 struct ieee80211_channel *chan) 228 { 229 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ, 230 chan->center_freq); 231 232 if (chan->flags & IEEE80211_CHAN_DISABLED) 233 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED); 234 if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) 235 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN); 236 if (chan->flags & IEEE80211_CHAN_NO_IBSS) 237 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS); 238 if (chan->flags & IEEE80211_CHAN_RADAR) 239 NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR); 240 241 NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER, 242 DBM_TO_MBM(chan->max_power)); 243 244 return 0; 245 246 nla_put_failure: 247 return -ENOBUFS; 248 } 249 250 /* netlink command implementations */ 251 252 struct key_parse { 253 struct key_params p; 254 int idx; 255 bool def, defmgmt; 256 }; 257 258 static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k) 259 { 260 struct nlattr *tb[NL80211_KEY_MAX + 1]; 261 int err = nla_parse_nested(tb, NL80211_KEY_MAX, key, 262 nl80211_key_policy); 263 if (err) 264 return err; 265 266 k->def = !!tb[NL80211_KEY_DEFAULT]; 267 k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT]; 268 269 if (tb[NL80211_KEY_IDX]) 270 k->idx = nla_get_u8(tb[NL80211_KEY_IDX]); 271 272 if (tb[NL80211_KEY_DATA]) { 273 k->p.key = nla_data(tb[NL80211_KEY_DATA]); 274 k->p.key_len = nla_len(tb[NL80211_KEY_DATA]); 275 } 276 277 if (tb[NL80211_KEY_SEQ]) { 278 k->p.seq = nla_data(tb[NL80211_KEY_SEQ]); 279 k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]); 280 } 281 282 if (tb[NL80211_KEY_CIPHER]) 283 k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]); 284 285 return 0; 286 } 287 288 static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k) 289 { 290 if (info->attrs[NL80211_ATTR_KEY_DATA]) { 291 k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]); 292 k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]); 293 } 294 295 if (info->attrs[NL80211_ATTR_KEY_SEQ]) { 296 k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]); 297 k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]); 298 } 299 300 if (info->attrs[NL80211_ATTR_KEY_IDX]) 301 k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 302 303 if (info->attrs[NL80211_ATTR_KEY_CIPHER]) 304 k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]); 305 306 k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT]; 307 k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]; 308 309 return 0; 310 } 311 312 static int nl80211_parse_key(struct genl_info *info, struct key_parse *k) 313 { 314 int err; 315 316 memset(k, 0, sizeof(*k)); 317 k->idx = -1; 318 319 if (info->attrs[NL80211_ATTR_KEY]) 320 err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k); 321 else 322 err = nl80211_parse_key_old(info, k); 323 324 if (err) 325 return err; 326 327 if (k->def && k->defmgmt) 328 return -EINVAL; 329 330 if (k->idx != -1) { 331 if (k->defmgmt) { 332 if (k->idx < 4 || k->idx > 5) 333 return -EINVAL; 334 } else if (k->def) { 335 if (k->idx < 0 || k->idx > 3) 336 return -EINVAL; 337 } else { 338 if (k->idx < 0 || k->idx > 5) 339 return -EINVAL; 340 } 341 } 342 343 return 0; 344 } 345 346 static struct cfg80211_cached_keys * 347 nl80211_parse_connkeys(struct cfg80211_registered_device *rdev, 348 struct nlattr *keys) 349 { 350 struct key_parse parse; 351 struct nlattr *key; 352 struct cfg80211_cached_keys *result; 353 int rem, err, def = 0; 354 355 result = kzalloc(sizeof(*result), GFP_KERNEL); 356 if (!result) 357 return ERR_PTR(-ENOMEM); 358 359 result->def = -1; 360 result->defmgmt = -1; 361 362 nla_for_each_nested(key, keys, rem) { 363 memset(&parse, 0, sizeof(parse)); 364 parse.idx = -1; 365 366 err = nl80211_parse_key_new(key, &parse); 367 if (err) 368 goto error; 369 err = -EINVAL; 370 if (!parse.p.key) 371 goto error; 372 if (parse.idx < 0 || parse.idx > 4) 373 goto error; 374 if (parse.def) { 375 if (def) 376 goto error; 377 def = 1; 378 result->def = parse.idx; 379 } else if (parse.defmgmt) 380 goto error; 381 err = cfg80211_validate_key_settings(rdev, &parse.p, 382 parse.idx, NULL); 383 if (err) 384 goto error; 385 result->params[parse.idx].cipher = parse.p.cipher; 386 result->params[parse.idx].key_len = parse.p.key_len; 387 result->params[parse.idx].key = result->data[parse.idx]; 388 memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len); 389 } 390 391 return result; 392 error: 393 kfree(result); 394 return ERR_PTR(err); 395 } 396 397 static int nl80211_key_allowed(struct wireless_dev *wdev) 398 { 399 ASSERT_WDEV_LOCK(wdev); 400 401 if (!netif_running(wdev->netdev)) 402 return -ENETDOWN; 403 404 switch (wdev->iftype) { 405 case NL80211_IFTYPE_AP: 406 case NL80211_IFTYPE_AP_VLAN: 407 break; 408 case NL80211_IFTYPE_ADHOC: 409 if (!wdev->current_bss) 410 return -ENOLINK; 411 break; 412 case NL80211_IFTYPE_STATION: 413 if (wdev->sme_state != CFG80211_SME_CONNECTED) 414 return -ENOLINK; 415 break; 416 default: 417 return -EINVAL; 418 } 419 420 return 0; 421 } 422 423 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags, 424 struct cfg80211_registered_device *dev) 425 { 426 void *hdr; 427 struct nlattr *nl_bands, *nl_band; 428 struct nlattr *nl_freqs, *nl_freq; 429 struct nlattr *nl_rates, *nl_rate; 430 struct nlattr *nl_modes; 431 struct nlattr *nl_cmds; 432 enum ieee80211_band band; 433 struct ieee80211_channel *chan; 434 struct ieee80211_rate *rate; 435 int i; 436 u16 ifmodes = dev->wiphy.interface_modes; 437 438 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY); 439 if (!hdr) 440 return -1; 441 442 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx); 443 NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)); 444 445 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 446 cfg80211_rdev_list_generation); 447 448 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT, 449 dev->wiphy.retry_short); 450 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_RETRY_LONG, 451 dev->wiphy.retry_long); 452 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD, 453 dev->wiphy.frag_threshold); 454 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD, 455 dev->wiphy.rts_threshold); 456 NLA_PUT_U8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS, 457 dev->wiphy.coverage_class); 458 459 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS, 460 dev->wiphy.max_scan_ssids); 461 NLA_PUT_U16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN, 462 dev->wiphy.max_scan_ie_len); 463 464 NLA_PUT(msg, NL80211_ATTR_CIPHER_SUITES, 465 sizeof(u32) * dev->wiphy.n_cipher_suites, 466 dev->wiphy.cipher_suites); 467 468 NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_PMKIDS, 469 dev->wiphy.max_num_pmkids); 470 471 nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES); 472 if (!nl_modes) 473 goto nla_put_failure; 474 475 i = 0; 476 while (ifmodes) { 477 if (ifmodes & 1) 478 NLA_PUT_FLAG(msg, i); 479 ifmodes >>= 1; 480 i++; 481 } 482 483 nla_nest_end(msg, nl_modes); 484 485 nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS); 486 if (!nl_bands) 487 goto nla_put_failure; 488 489 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 490 if (!dev->wiphy.bands[band]) 491 continue; 492 493 nl_band = nla_nest_start(msg, band); 494 if (!nl_band) 495 goto nla_put_failure; 496 497 /* add HT info */ 498 if (dev->wiphy.bands[band]->ht_cap.ht_supported) { 499 NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET, 500 sizeof(dev->wiphy.bands[band]->ht_cap.mcs), 501 &dev->wiphy.bands[band]->ht_cap.mcs); 502 NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA, 503 dev->wiphy.bands[band]->ht_cap.cap); 504 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR, 505 dev->wiphy.bands[band]->ht_cap.ampdu_factor); 506 NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY, 507 dev->wiphy.bands[band]->ht_cap.ampdu_density); 508 } 509 510 /* add frequencies */ 511 nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS); 512 if (!nl_freqs) 513 goto nla_put_failure; 514 515 for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) { 516 nl_freq = nla_nest_start(msg, i); 517 if (!nl_freq) 518 goto nla_put_failure; 519 520 chan = &dev->wiphy.bands[band]->channels[i]; 521 522 if (nl80211_msg_put_channel(msg, chan)) 523 goto nla_put_failure; 524 525 nla_nest_end(msg, nl_freq); 526 } 527 528 nla_nest_end(msg, nl_freqs); 529 530 /* add bitrates */ 531 nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES); 532 if (!nl_rates) 533 goto nla_put_failure; 534 535 for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) { 536 nl_rate = nla_nest_start(msg, i); 537 if (!nl_rate) 538 goto nla_put_failure; 539 540 rate = &dev->wiphy.bands[band]->bitrates[i]; 541 NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE, 542 rate->bitrate); 543 if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) 544 NLA_PUT_FLAG(msg, 545 NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE); 546 547 nla_nest_end(msg, nl_rate); 548 } 549 550 nla_nest_end(msg, nl_rates); 551 552 nla_nest_end(msg, nl_band); 553 } 554 nla_nest_end(msg, nl_bands); 555 556 nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS); 557 if (!nl_cmds) 558 goto nla_put_failure; 559 560 i = 0; 561 #define CMD(op, n) \ 562 do { \ 563 if (dev->ops->op) { \ 564 i++; \ 565 NLA_PUT_U32(msg, i, NL80211_CMD_ ## n); \ 566 } \ 567 } while (0) 568 569 CMD(add_virtual_intf, NEW_INTERFACE); 570 CMD(change_virtual_intf, SET_INTERFACE); 571 CMD(add_key, NEW_KEY); 572 CMD(add_beacon, NEW_BEACON); 573 CMD(add_station, NEW_STATION); 574 CMD(add_mpath, NEW_MPATH); 575 CMD(set_mesh_params, SET_MESH_PARAMS); 576 CMD(change_bss, SET_BSS); 577 CMD(auth, AUTHENTICATE); 578 CMD(assoc, ASSOCIATE); 579 CMD(deauth, DEAUTHENTICATE); 580 CMD(disassoc, DISASSOCIATE); 581 CMD(join_ibss, JOIN_IBSS); 582 CMD(set_pmksa, SET_PMKSA); 583 CMD(del_pmksa, DEL_PMKSA); 584 CMD(flush_pmksa, FLUSH_PMKSA); 585 CMD(remain_on_channel, REMAIN_ON_CHANNEL); 586 CMD(set_bitrate_mask, SET_TX_BITRATE_MASK); 587 CMD(action, ACTION); 588 if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) { 589 i++; 590 NLA_PUT_U32(msg, i, NL80211_CMD_SET_WIPHY_NETNS); 591 } 592 CMD(set_channel, SET_CHANNEL); 593 594 #undef CMD 595 596 if (dev->ops->connect || dev->ops->auth) { 597 i++; 598 NLA_PUT_U32(msg, i, NL80211_CMD_CONNECT); 599 } 600 601 if (dev->ops->disconnect || dev->ops->deauth) { 602 i++; 603 NLA_PUT_U32(msg, i, NL80211_CMD_DISCONNECT); 604 } 605 606 nla_nest_end(msg, nl_cmds); 607 608 return genlmsg_end(msg, hdr); 609 610 nla_put_failure: 611 genlmsg_cancel(msg, hdr); 612 return -EMSGSIZE; 613 } 614 615 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb) 616 { 617 int idx = 0; 618 int start = cb->args[0]; 619 struct cfg80211_registered_device *dev; 620 621 mutex_lock(&cfg80211_mutex); 622 list_for_each_entry(dev, &cfg80211_rdev_list, list) { 623 if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk))) 624 continue; 625 if (++idx <= start) 626 continue; 627 if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid, 628 cb->nlh->nlmsg_seq, NLM_F_MULTI, 629 dev) < 0) { 630 idx--; 631 break; 632 } 633 } 634 mutex_unlock(&cfg80211_mutex); 635 636 cb->args[0] = idx; 637 638 return skb->len; 639 } 640 641 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info) 642 { 643 struct sk_buff *msg; 644 struct cfg80211_registered_device *dev; 645 646 dev = cfg80211_get_dev_from_info(info); 647 if (IS_ERR(dev)) 648 return PTR_ERR(dev); 649 650 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 651 if (!msg) 652 goto out_err; 653 654 if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0) 655 goto out_free; 656 657 cfg80211_unlock_rdev(dev); 658 659 return genlmsg_reply(msg, info); 660 661 out_free: 662 nlmsg_free(msg); 663 out_err: 664 cfg80211_unlock_rdev(dev); 665 return -ENOBUFS; 666 } 667 668 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = { 669 [NL80211_TXQ_ATTR_QUEUE] = { .type = NLA_U8 }, 670 [NL80211_TXQ_ATTR_TXOP] = { .type = NLA_U16 }, 671 [NL80211_TXQ_ATTR_CWMIN] = { .type = NLA_U16 }, 672 [NL80211_TXQ_ATTR_CWMAX] = { .type = NLA_U16 }, 673 [NL80211_TXQ_ATTR_AIFS] = { .type = NLA_U8 }, 674 }; 675 676 static int parse_txq_params(struct nlattr *tb[], 677 struct ieee80211_txq_params *txq_params) 678 { 679 if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] || 680 !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] || 681 !tb[NL80211_TXQ_ATTR_AIFS]) 682 return -EINVAL; 683 684 txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]); 685 txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]); 686 txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]); 687 txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]); 688 txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]); 689 690 return 0; 691 } 692 693 static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev) 694 { 695 /* 696 * You can only set the channel explicitly for AP, mesh 697 * and WDS type interfaces; all others have their channel 698 * managed via their respective "establish a connection" 699 * command (connect, join, ...) 700 * 701 * Monitors are special as they are normally slaved to 702 * whatever else is going on, so they behave as though 703 * you tried setting the wiphy channel itself. 704 */ 705 return !wdev || 706 wdev->iftype == NL80211_IFTYPE_AP || 707 wdev->iftype == NL80211_IFTYPE_WDS || 708 wdev->iftype == NL80211_IFTYPE_MESH_POINT || 709 wdev->iftype == NL80211_IFTYPE_MONITOR; 710 } 711 712 static int __nl80211_set_channel(struct cfg80211_registered_device *rdev, 713 struct wireless_dev *wdev, 714 struct genl_info *info) 715 { 716 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 717 u32 freq; 718 int result; 719 720 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 721 return -EINVAL; 722 723 if (!nl80211_can_set_dev_channel(wdev)) 724 return -EOPNOTSUPP; 725 726 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 727 channel_type = nla_get_u32(info->attrs[ 728 NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 729 if (channel_type != NL80211_CHAN_NO_HT && 730 channel_type != NL80211_CHAN_HT20 && 731 channel_type != NL80211_CHAN_HT40PLUS && 732 channel_type != NL80211_CHAN_HT40MINUS) 733 return -EINVAL; 734 } 735 736 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 737 738 mutex_lock(&rdev->devlist_mtx); 739 if (wdev) { 740 wdev_lock(wdev); 741 result = cfg80211_set_freq(rdev, wdev, freq, channel_type); 742 wdev_unlock(wdev); 743 } else { 744 result = cfg80211_set_freq(rdev, NULL, freq, channel_type); 745 } 746 mutex_unlock(&rdev->devlist_mtx); 747 748 return result; 749 } 750 751 static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info) 752 { 753 struct cfg80211_registered_device *rdev; 754 struct net_device *netdev; 755 int result; 756 757 rtnl_lock(); 758 759 result = get_rdev_dev_by_info_ifindex(info, &rdev, &netdev); 760 if (result) 761 goto unlock; 762 763 result = __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info); 764 765 unlock: 766 rtnl_unlock(); 767 768 return result; 769 } 770 771 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info) 772 { 773 struct cfg80211_registered_device *rdev; 774 struct net_device *netdev = NULL; 775 struct wireless_dev *wdev; 776 int result, rem_txq_params = 0; 777 struct nlattr *nl_txq_params; 778 u32 changed; 779 u8 retry_short = 0, retry_long = 0; 780 u32 frag_threshold = 0, rts_threshold = 0; 781 u8 coverage_class = 0; 782 783 rtnl_lock(); 784 785 /* 786 * Try to find the wiphy and netdev. Normally this 787 * function shouldn't need the netdev, but this is 788 * done for backward compatibility -- previously 789 * setting the channel was done per wiphy, but now 790 * it is per netdev. Previous userland like hostapd 791 * also passed a netdev to set_wiphy, so that it is 792 * possible to let that go to the right netdev! 793 */ 794 mutex_lock(&cfg80211_mutex); 795 796 if (info->attrs[NL80211_ATTR_IFINDEX]) { 797 int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]); 798 799 netdev = dev_get_by_index(genl_info_net(info), ifindex); 800 if (netdev && netdev->ieee80211_ptr) { 801 rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy); 802 mutex_lock(&rdev->mtx); 803 } else 804 netdev = NULL; 805 } 806 807 if (!netdev) { 808 rdev = __cfg80211_rdev_from_info(info); 809 if (IS_ERR(rdev)) { 810 mutex_unlock(&cfg80211_mutex); 811 result = PTR_ERR(rdev); 812 goto unlock; 813 } 814 wdev = NULL; 815 netdev = NULL; 816 result = 0; 817 818 mutex_lock(&rdev->mtx); 819 } else if (netif_running(netdev) && 820 nl80211_can_set_dev_channel(netdev->ieee80211_ptr)) 821 wdev = netdev->ieee80211_ptr; 822 else 823 wdev = NULL; 824 825 /* 826 * end workaround code, by now the rdev is available 827 * and locked, and wdev may or may not be NULL. 828 */ 829 830 if (info->attrs[NL80211_ATTR_WIPHY_NAME]) 831 result = cfg80211_dev_rename( 832 rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME])); 833 834 mutex_unlock(&cfg80211_mutex); 835 836 if (result) 837 goto bad_res; 838 839 if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) { 840 struct ieee80211_txq_params txq_params; 841 struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1]; 842 843 if (!rdev->ops->set_txq_params) { 844 result = -EOPNOTSUPP; 845 goto bad_res; 846 } 847 848 nla_for_each_nested(nl_txq_params, 849 info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS], 850 rem_txq_params) { 851 nla_parse(tb, NL80211_TXQ_ATTR_MAX, 852 nla_data(nl_txq_params), 853 nla_len(nl_txq_params), 854 txq_params_policy); 855 result = parse_txq_params(tb, &txq_params); 856 if (result) 857 goto bad_res; 858 859 result = rdev->ops->set_txq_params(&rdev->wiphy, 860 &txq_params); 861 if (result) 862 goto bad_res; 863 } 864 } 865 866 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 867 result = __nl80211_set_channel(rdev, wdev, info); 868 if (result) 869 goto bad_res; 870 } 871 872 changed = 0; 873 874 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) { 875 retry_short = nla_get_u8( 876 info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]); 877 if (retry_short == 0) { 878 result = -EINVAL; 879 goto bad_res; 880 } 881 changed |= WIPHY_PARAM_RETRY_SHORT; 882 } 883 884 if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) { 885 retry_long = nla_get_u8( 886 info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]); 887 if (retry_long == 0) { 888 result = -EINVAL; 889 goto bad_res; 890 } 891 changed |= WIPHY_PARAM_RETRY_LONG; 892 } 893 894 if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) { 895 frag_threshold = nla_get_u32( 896 info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]); 897 if (frag_threshold < 256) { 898 result = -EINVAL; 899 goto bad_res; 900 } 901 if (frag_threshold != (u32) -1) { 902 /* 903 * Fragments (apart from the last one) are required to 904 * have even length. Make the fragmentation code 905 * simpler by stripping LSB should someone try to use 906 * odd threshold value. 907 */ 908 frag_threshold &= ~0x1; 909 } 910 changed |= WIPHY_PARAM_FRAG_THRESHOLD; 911 } 912 913 if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) { 914 rts_threshold = nla_get_u32( 915 info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]); 916 changed |= WIPHY_PARAM_RTS_THRESHOLD; 917 } 918 919 if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) { 920 coverage_class = nla_get_u8( 921 info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]); 922 changed |= WIPHY_PARAM_COVERAGE_CLASS; 923 } 924 925 if (changed) { 926 u8 old_retry_short, old_retry_long; 927 u32 old_frag_threshold, old_rts_threshold; 928 u8 old_coverage_class; 929 930 if (!rdev->ops->set_wiphy_params) { 931 result = -EOPNOTSUPP; 932 goto bad_res; 933 } 934 935 old_retry_short = rdev->wiphy.retry_short; 936 old_retry_long = rdev->wiphy.retry_long; 937 old_frag_threshold = rdev->wiphy.frag_threshold; 938 old_rts_threshold = rdev->wiphy.rts_threshold; 939 old_coverage_class = rdev->wiphy.coverage_class; 940 941 if (changed & WIPHY_PARAM_RETRY_SHORT) 942 rdev->wiphy.retry_short = retry_short; 943 if (changed & WIPHY_PARAM_RETRY_LONG) 944 rdev->wiphy.retry_long = retry_long; 945 if (changed & WIPHY_PARAM_FRAG_THRESHOLD) 946 rdev->wiphy.frag_threshold = frag_threshold; 947 if (changed & WIPHY_PARAM_RTS_THRESHOLD) 948 rdev->wiphy.rts_threshold = rts_threshold; 949 if (changed & WIPHY_PARAM_COVERAGE_CLASS) 950 rdev->wiphy.coverage_class = coverage_class; 951 952 result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed); 953 if (result) { 954 rdev->wiphy.retry_short = old_retry_short; 955 rdev->wiphy.retry_long = old_retry_long; 956 rdev->wiphy.frag_threshold = old_frag_threshold; 957 rdev->wiphy.rts_threshold = old_rts_threshold; 958 rdev->wiphy.coverage_class = old_coverage_class; 959 } 960 } 961 962 bad_res: 963 mutex_unlock(&rdev->mtx); 964 if (netdev) 965 dev_put(netdev); 966 unlock: 967 rtnl_unlock(); 968 return result; 969 } 970 971 972 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags, 973 struct cfg80211_registered_device *rdev, 974 struct net_device *dev) 975 { 976 void *hdr; 977 978 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE); 979 if (!hdr) 980 return -1; 981 982 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 983 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 984 NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name); 985 NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype); 986 987 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, 988 rdev->devlist_generation ^ 989 (cfg80211_rdev_list_generation << 2)); 990 991 return genlmsg_end(msg, hdr); 992 993 nla_put_failure: 994 genlmsg_cancel(msg, hdr); 995 return -EMSGSIZE; 996 } 997 998 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb) 999 { 1000 int wp_idx = 0; 1001 int if_idx = 0; 1002 int wp_start = cb->args[0]; 1003 int if_start = cb->args[1]; 1004 struct cfg80211_registered_device *rdev; 1005 struct wireless_dev *wdev; 1006 1007 mutex_lock(&cfg80211_mutex); 1008 list_for_each_entry(rdev, &cfg80211_rdev_list, list) { 1009 if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk))) 1010 continue; 1011 if (wp_idx < wp_start) { 1012 wp_idx++; 1013 continue; 1014 } 1015 if_idx = 0; 1016 1017 mutex_lock(&rdev->devlist_mtx); 1018 list_for_each_entry(wdev, &rdev->netdev_list, list) { 1019 if (if_idx < if_start) { 1020 if_idx++; 1021 continue; 1022 } 1023 if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid, 1024 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1025 rdev, wdev->netdev) < 0) { 1026 mutex_unlock(&rdev->devlist_mtx); 1027 goto out; 1028 } 1029 if_idx++; 1030 } 1031 mutex_unlock(&rdev->devlist_mtx); 1032 1033 wp_idx++; 1034 } 1035 out: 1036 mutex_unlock(&cfg80211_mutex); 1037 1038 cb->args[0] = wp_idx; 1039 cb->args[1] = if_idx; 1040 1041 return skb->len; 1042 } 1043 1044 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info) 1045 { 1046 struct sk_buff *msg; 1047 struct cfg80211_registered_device *dev; 1048 struct net_device *netdev; 1049 int err; 1050 1051 err = get_rdev_dev_by_info_ifindex(info, &dev, &netdev); 1052 if (err) 1053 return err; 1054 1055 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1056 if (!msg) 1057 goto out_err; 1058 1059 if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, 1060 dev, netdev) < 0) 1061 goto out_free; 1062 1063 dev_put(netdev); 1064 cfg80211_unlock_rdev(dev); 1065 1066 return genlmsg_reply(msg, info); 1067 1068 out_free: 1069 nlmsg_free(msg); 1070 out_err: 1071 dev_put(netdev); 1072 cfg80211_unlock_rdev(dev); 1073 return -ENOBUFS; 1074 } 1075 1076 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = { 1077 [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG }, 1078 [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG }, 1079 [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG }, 1080 [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG }, 1081 [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG }, 1082 }; 1083 1084 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags) 1085 { 1086 struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1]; 1087 int flag; 1088 1089 *mntrflags = 0; 1090 1091 if (!nla) 1092 return -EINVAL; 1093 1094 if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX, 1095 nla, mntr_flags_policy)) 1096 return -EINVAL; 1097 1098 for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++) 1099 if (flags[flag]) 1100 *mntrflags |= (1<<flag); 1101 1102 return 0; 1103 } 1104 1105 static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev, 1106 struct net_device *netdev, u8 use_4addr, 1107 enum nl80211_iftype iftype) 1108 { 1109 if (!use_4addr) { 1110 if (netdev && netdev->br_port) 1111 return -EBUSY; 1112 return 0; 1113 } 1114 1115 switch (iftype) { 1116 case NL80211_IFTYPE_AP_VLAN: 1117 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP) 1118 return 0; 1119 break; 1120 case NL80211_IFTYPE_STATION: 1121 if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION) 1122 return 0; 1123 break; 1124 default: 1125 break; 1126 } 1127 1128 return -EOPNOTSUPP; 1129 } 1130 1131 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info) 1132 { 1133 struct cfg80211_registered_device *rdev; 1134 struct vif_params params; 1135 int err; 1136 enum nl80211_iftype otype, ntype; 1137 struct net_device *dev; 1138 u32 _flags, *flags = NULL; 1139 bool change = false; 1140 1141 memset(¶ms, 0, sizeof(params)); 1142 1143 rtnl_lock(); 1144 1145 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1146 if (err) 1147 goto unlock_rtnl; 1148 1149 otype = ntype = dev->ieee80211_ptr->iftype; 1150 1151 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1152 ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1153 if (otype != ntype) 1154 change = true; 1155 if (ntype > NL80211_IFTYPE_MAX) { 1156 err = -EINVAL; 1157 goto unlock; 1158 } 1159 } 1160 1161 if (info->attrs[NL80211_ATTR_MESH_ID]) { 1162 if (ntype != NL80211_IFTYPE_MESH_POINT) { 1163 err = -EINVAL; 1164 goto unlock; 1165 } 1166 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1167 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1168 change = true; 1169 } 1170 1171 if (info->attrs[NL80211_ATTR_4ADDR]) { 1172 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1173 change = true; 1174 err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype); 1175 if (err) 1176 goto unlock; 1177 } else { 1178 params.use_4addr = -1; 1179 } 1180 1181 if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) { 1182 if (ntype != NL80211_IFTYPE_MONITOR) { 1183 err = -EINVAL; 1184 goto unlock; 1185 } 1186 err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS], 1187 &_flags); 1188 if (err) 1189 goto unlock; 1190 1191 flags = &_flags; 1192 change = true; 1193 } 1194 1195 if (change) 1196 err = cfg80211_change_iface(rdev, dev, ntype, flags, ¶ms); 1197 else 1198 err = 0; 1199 1200 if (!err && params.use_4addr != -1) 1201 dev->ieee80211_ptr->use_4addr = params.use_4addr; 1202 1203 unlock: 1204 dev_put(dev); 1205 cfg80211_unlock_rdev(rdev); 1206 unlock_rtnl: 1207 rtnl_unlock(); 1208 return err; 1209 } 1210 1211 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) 1212 { 1213 struct cfg80211_registered_device *rdev; 1214 struct vif_params params; 1215 int err; 1216 enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED; 1217 u32 flags; 1218 1219 memset(¶ms, 0, sizeof(params)); 1220 1221 if (!info->attrs[NL80211_ATTR_IFNAME]) 1222 return -EINVAL; 1223 1224 if (info->attrs[NL80211_ATTR_IFTYPE]) { 1225 type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]); 1226 if (type > NL80211_IFTYPE_MAX) 1227 return -EINVAL; 1228 } 1229 1230 rtnl_lock(); 1231 1232 rdev = cfg80211_get_dev_from_info(info); 1233 if (IS_ERR(rdev)) { 1234 err = PTR_ERR(rdev); 1235 goto unlock_rtnl; 1236 } 1237 1238 if (!rdev->ops->add_virtual_intf || 1239 !(rdev->wiphy.interface_modes & (1 << type))) { 1240 err = -EOPNOTSUPP; 1241 goto unlock; 1242 } 1243 1244 if (type == NL80211_IFTYPE_MESH_POINT && 1245 info->attrs[NL80211_ATTR_MESH_ID]) { 1246 params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]); 1247 params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]); 1248 } 1249 1250 if (info->attrs[NL80211_ATTR_4ADDR]) { 1251 params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]); 1252 err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type); 1253 if (err) 1254 goto unlock; 1255 } 1256 1257 err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ? 1258 info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL, 1259 &flags); 1260 err = rdev->ops->add_virtual_intf(&rdev->wiphy, 1261 nla_data(info->attrs[NL80211_ATTR_IFNAME]), 1262 type, err ? NULL : &flags, ¶ms); 1263 1264 unlock: 1265 cfg80211_unlock_rdev(rdev); 1266 unlock_rtnl: 1267 rtnl_unlock(); 1268 return err; 1269 } 1270 1271 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info) 1272 { 1273 struct cfg80211_registered_device *rdev; 1274 int err; 1275 struct net_device *dev; 1276 1277 rtnl_lock(); 1278 1279 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1280 if (err) 1281 goto unlock_rtnl; 1282 1283 if (!rdev->ops->del_virtual_intf) { 1284 err = -EOPNOTSUPP; 1285 goto out; 1286 } 1287 1288 err = rdev->ops->del_virtual_intf(&rdev->wiphy, dev); 1289 1290 out: 1291 cfg80211_unlock_rdev(rdev); 1292 dev_put(dev); 1293 unlock_rtnl: 1294 rtnl_unlock(); 1295 return err; 1296 } 1297 1298 struct get_key_cookie { 1299 struct sk_buff *msg; 1300 int error; 1301 int idx; 1302 }; 1303 1304 static void get_key_callback(void *c, struct key_params *params) 1305 { 1306 struct nlattr *key; 1307 struct get_key_cookie *cookie = c; 1308 1309 if (params->key) 1310 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA, 1311 params->key_len, params->key); 1312 1313 if (params->seq) 1314 NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ, 1315 params->seq_len, params->seq); 1316 1317 if (params->cipher) 1318 NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER, 1319 params->cipher); 1320 1321 key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY); 1322 if (!key) 1323 goto nla_put_failure; 1324 1325 if (params->key) 1326 NLA_PUT(cookie->msg, NL80211_KEY_DATA, 1327 params->key_len, params->key); 1328 1329 if (params->seq) 1330 NLA_PUT(cookie->msg, NL80211_KEY_SEQ, 1331 params->seq_len, params->seq); 1332 1333 if (params->cipher) 1334 NLA_PUT_U32(cookie->msg, NL80211_KEY_CIPHER, 1335 params->cipher); 1336 1337 NLA_PUT_U8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx); 1338 1339 nla_nest_end(cookie->msg, key); 1340 1341 return; 1342 nla_put_failure: 1343 cookie->error = 1; 1344 } 1345 1346 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info) 1347 { 1348 struct cfg80211_registered_device *rdev; 1349 int err; 1350 struct net_device *dev; 1351 u8 key_idx = 0; 1352 u8 *mac_addr = NULL; 1353 struct get_key_cookie cookie = { 1354 .error = 0, 1355 }; 1356 void *hdr; 1357 struct sk_buff *msg; 1358 1359 if (info->attrs[NL80211_ATTR_KEY_IDX]) 1360 key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]); 1361 1362 if (key_idx > 5) 1363 return -EINVAL; 1364 1365 if (info->attrs[NL80211_ATTR_MAC]) 1366 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1367 1368 rtnl_lock(); 1369 1370 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1371 if (err) 1372 goto unlock_rtnl; 1373 1374 if (!rdev->ops->get_key) { 1375 err = -EOPNOTSUPP; 1376 goto out; 1377 } 1378 1379 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1380 if (!msg) { 1381 err = -ENOMEM; 1382 goto out; 1383 } 1384 1385 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 1386 NL80211_CMD_NEW_KEY); 1387 1388 if (IS_ERR(hdr)) { 1389 err = PTR_ERR(hdr); 1390 goto free_msg; 1391 } 1392 1393 cookie.msg = msg; 1394 cookie.idx = key_idx; 1395 1396 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1397 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx); 1398 if (mac_addr) 1399 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1400 1401 err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, mac_addr, 1402 &cookie, get_key_callback); 1403 1404 if (err) 1405 goto free_msg; 1406 1407 if (cookie.error) 1408 goto nla_put_failure; 1409 1410 genlmsg_end(msg, hdr); 1411 err = genlmsg_reply(msg, info); 1412 goto out; 1413 1414 nla_put_failure: 1415 err = -ENOBUFS; 1416 free_msg: 1417 nlmsg_free(msg); 1418 out: 1419 cfg80211_unlock_rdev(rdev); 1420 dev_put(dev); 1421 unlock_rtnl: 1422 rtnl_unlock(); 1423 1424 return err; 1425 } 1426 1427 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info) 1428 { 1429 struct cfg80211_registered_device *rdev; 1430 struct key_parse key; 1431 int err; 1432 struct net_device *dev; 1433 int (*func)(struct wiphy *wiphy, struct net_device *netdev, 1434 u8 key_index); 1435 1436 err = nl80211_parse_key(info, &key); 1437 if (err) 1438 return err; 1439 1440 if (key.idx < 0) 1441 return -EINVAL; 1442 1443 /* only support setting default key */ 1444 if (!key.def && !key.defmgmt) 1445 return -EINVAL; 1446 1447 rtnl_lock(); 1448 1449 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1450 if (err) 1451 goto unlock_rtnl; 1452 1453 if (key.def) 1454 func = rdev->ops->set_default_key; 1455 else 1456 func = rdev->ops->set_default_mgmt_key; 1457 1458 if (!func) { 1459 err = -EOPNOTSUPP; 1460 goto out; 1461 } 1462 1463 wdev_lock(dev->ieee80211_ptr); 1464 err = nl80211_key_allowed(dev->ieee80211_ptr); 1465 if (!err) 1466 err = func(&rdev->wiphy, dev, key.idx); 1467 1468 #ifdef CONFIG_CFG80211_WEXT 1469 if (!err) { 1470 if (func == rdev->ops->set_default_key) 1471 dev->ieee80211_ptr->wext.default_key = key.idx; 1472 else 1473 dev->ieee80211_ptr->wext.default_mgmt_key = key.idx; 1474 } 1475 #endif 1476 wdev_unlock(dev->ieee80211_ptr); 1477 1478 out: 1479 cfg80211_unlock_rdev(rdev); 1480 dev_put(dev); 1481 1482 unlock_rtnl: 1483 rtnl_unlock(); 1484 1485 return err; 1486 } 1487 1488 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info) 1489 { 1490 struct cfg80211_registered_device *rdev; 1491 int err; 1492 struct net_device *dev; 1493 struct key_parse key; 1494 u8 *mac_addr = NULL; 1495 1496 err = nl80211_parse_key(info, &key); 1497 if (err) 1498 return err; 1499 1500 if (!key.p.key) 1501 return -EINVAL; 1502 1503 if (info->attrs[NL80211_ATTR_MAC]) 1504 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1505 1506 rtnl_lock(); 1507 1508 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1509 if (err) 1510 goto unlock_rtnl; 1511 1512 if (!rdev->ops->add_key) { 1513 err = -EOPNOTSUPP; 1514 goto out; 1515 } 1516 1517 if (cfg80211_validate_key_settings(rdev, &key.p, key.idx, mac_addr)) { 1518 err = -EINVAL; 1519 goto out; 1520 } 1521 1522 wdev_lock(dev->ieee80211_ptr); 1523 err = nl80211_key_allowed(dev->ieee80211_ptr); 1524 if (!err) 1525 err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx, 1526 mac_addr, &key.p); 1527 wdev_unlock(dev->ieee80211_ptr); 1528 1529 out: 1530 cfg80211_unlock_rdev(rdev); 1531 dev_put(dev); 1532 unlock_rtnl: 1533 rtnl_unlock(); 1534 1535 return err; 1536 } 1537 1538 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info) 1539 { 1540 struct cfg80211_registered_device *rdev; 1541 int err; 1542 struct net_device *dev; 1543 u8 *mac_addr = NULL; 1544 struct key_parse key; 1545 1546 err = nl80211_parse_key(info, &key); 1547 if (err) 1548 return err; 1549 1550 if (info->attrs[NL80211_ATTR_MAC]) 1551 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1552 1553 rtnl_lock(); 1554 1555 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1556 if (err) 1557 goto unlock_rtnl; 1558 1559 if (!rdev->ops->del_key) { 1560 err = -EOPNOTSUPP; 1561 goto out; 1562 } 1563 1564 wdev_lock(dev->ieee80211_ptr); 1565 err = nl80211_key_allowed(dev->ieee80211_ptr); 1566 if (!err) 1567 err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx, mac_addr); 1568 1569 #ifdef CONFIG_CFG80211_WEXT 1570 if (!err) { 1571 if (key.idx == dev->ieee80211_ptr->wext.default_key) 1572 dev->ieee80211_ptr->wext.default_key = -1; 1573 else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key) 1574 dev->ieee80211_ptr->wext.default_mgmt_key = -1; 1575 } 1576 #endif 1577 wdev_unlock(dev->ieee80211_ptr); 1578 1579 out: 1580 cfg80211_unlock_rdev(rdev); 1581 dev_put(dev); 1582 1583 unlock_rtnl: 1584 rtnl_unlock(); 1585 1586 return err; 1587 } 1588 1589 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info) 1590 { 1591 int (*call)(struct wiphy *wiphy, struct net_device *dev, 1592 struct beacon_parameters *info); 1593 struct cfg80211_registered_device *rdev; 1594 int err; 1595 struct net_device *dev; 1596 struct beacon_parameters params; 1597 int haveinfo = 0; 1598 1599 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL])) 1600 return -EINVAL; 1601 1602 rtnl_lock(); 1603 1604 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1605 if (err) 1606 goto unlock_rtnl; 1607 1608 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1609 err = -EOPNOTSUPP; 1610 goto out; 1611 } 1612 1613 switch (info->genlhdr->cmd) { 1614 case NL80211_CMD_NEW_BEACON: 1615 /* these are required for NEW_BEACON */ 1616 if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] || 1617 !info->attrs[NL80211_ATTR_DTIM_PERIOD] || 1618 !info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1619 err = -EINVAL; 1620 goto out; 1621 } 1622 1623 call = rdev->ops->add_beacon; 1624 break; 1625 case NL80211_CMD_SET_BEACON: 1626 call = rdev->ops->set_beacon; 1627 break; 1628 default: 1629 WARN_ON(1); 1630 err = -EOPNOTSUPP; 1631 goto out; 1632 } 1633 1634 if (!call) { 1635 err = -EOPNOTSUPP; 1636 goto out; 1637 } 1638 1639 memset(¶ms, 0, sizeof(params)); 1640 1641 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 1642 params.interval = 1643 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 1644 haveinfo = 1; 1645 } 1646 1647 if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) { 1648 params.dtim_period = 1649 nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]); 1650 haveinfo = 1; 1651 } 1652 1653 if (info->attrs[NL80211_ATTR_BEACON_HEAD]) { 1654 params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1655 params.head_len = 1656 nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]); 1657 haveinfo = 1; 1658 } 1659 1660 if (info->attrs[NL80211_ATTR_BEACON_TAIL]) { 1661 params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1662 params.tail_len = 1663 nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]); 1664 haveinfo = 1; 1665 } 1666 1667 if (!haveinfo) { 1668 err = -EINVAL; 1669 goto out; 1670 } 1671 1672 err = call(&rdev->wiphy, dev, ¶ms); 1673 1674 out: 1675 cfg80211_unlock_rdev(rdev); 1676 dev_put(dev); 1677 unlock_rtnl: 1678 rtnl_unlock(); 1679 1680 return err; 1681 } 1682 1683 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info) 1684 { 1685 struct cfg80211_registered_device *rdev; 1686 int err; 1687 struct net_device *dev; 1688 1689 rtnl_lock(); 1690 1691 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1692 if (err) 1693 goto unlock_rtnl; 1694 1695 if (!rdev->ops->del_beacon) { 1696 err = -EOPNOTSUPP; 1697 goto out; 1698 } 1699 1700 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 1701 err = -EOPNOTSUPP; 1702 goto out; 1703 } 1704 err = rdev->ops->del_beacon(&rdev->wiphy, dev); 1705 1706 out: 1707 cfg80211_unlock_rdev(rdev); 1708 dev_put(dev); 1709 unlock_rtnl: 1710 rtnl_unlock(); 1711 1712 return err; 1713 } 1714 1715 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = { 1716 [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG }, 1717 [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG }, 1718 [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG }, 1719 [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG }, 1720 }; 1721 1722 static int parse_station_flags(struct genl_info *info, 1723 struct station_parameters *params) 1724 { 1725 struct nlattr *flags[NL80211_STA_FLAG_MAX + 1]; 1726 struct nlattr *nla; 1727 int flag; 1728 1729 /* 1730 * Try parsing the new attribute first so userspace 1731 * can specify both for older kernels. 1732 */ 1733 nla = info->attrs[NL80211_ATTR_STA_FLAGS2]; 1734 if (nla) { 1735 struct nl80211_sta_flag_update *sta_flags; 1736 1737 sta_flags = nla_data(nla); 1738 params->sta_flags_mask = sta_flags->mask; 1739 params->sta_flags_set = sta_flags->set; 1740 if ((params->sta_flags_mask | 1741 params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID)) 1742 return -EINVAL; 1743 return 0; 1744 } 1745 1746 /* if present, parse the old attribute */ 1747 1748 nla = info->attrs[NL80211_ATTR_STA_FLAGS]; 1749 if (!nla) 1750 return 0; 1751 1752 if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX, 1753 nla, sta_flags_policy)) 1754 return -EINVAL; 1755 1756 params->sta_flags_mask = (1 << __NL80211_STA_FLAG_AFTER_LAST) - 1; 1757 params->sta_flags_mask &= ~1; 1758 1759 for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) 1760 if (flags[flag]) 1761 params->sta_flags_set |= (1<<flag); 1762 1763 return 0; 1764 } 1765 1766 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq, 1767 int flags, struct net_device *dev, 1768 const u8 *mac_addr, struct station_info *sinfo) 1769 { 1770 void *hdr; 1771 struct nlattr *sinfoattr, *txrate; 1772 u16 bitrate; 1773 1774 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 1775 if (!hdr) 1776 return -1; 1777 1778 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 1779 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr); 1780 1781 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, sinfo->generation); 1782 1783 sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO); 1784 if (!sinfoattr) 1785 goto nla_put_failure; 1786 if (sinfo->filled & STATION_INFO_INACTIVE_TIME) 1787 NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME, 1788 sinfo->inactive_time); 1789 if (sinfo->filled & STATION_INFO_RX_BYTES) 1790 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES, 1791 sinfo->rx_bytes); 1792 if (sinfo->filled & STATION_INFO_TX_BYTES) 1793 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES, 1794 sinfo->tx_bytes); 1795 if (sinfo->filled & STATION_INFO_LLID) 1796 NLA_PUT_U16(msg, NL80211_STA_INFO_LLID, 1797 sinfo->llid); 1798 if (sinfo->filled & STATION_INFO_PLID) 1799 NLA_PUT_U16(msg, NL80211_STA_INFO_PLID, 1800 sinfo->plid); 1801 if (sinfo->filled & STATION_INFO_PLINK_STATE) 1802 NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE, 1803 sinfo->plink_state); 1804 if (sinfo->filled & STATION_INFO_SIGNAL) 1805 NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL, 1806 sinfo->signal); 1807 if (sinfo->filled & STATION_INFO_TX_BITRATE) { 1808 txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE); 1809 if (!txrate) 1810 goto nla_put_failure; 1811 1812 /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */ 1813 bitrate = cfg80211_calculate_bitrate(&sinfo->txrate); 1814 if (bitrate > 0) 1815 NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate); 1816 1817 if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS) 1818 NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS, 1819 sinfo->txrate.mcs); 1820 if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) 1821 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH); 1822 if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI) 1823 NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI); 1824 1825 nla_nest_end(msg, txrate); 1826 } 1827 if (sinfo->filled & STATION_INFO_RX_PACKETS) 1828 NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS, 1829 sinfo->rx_packets); 1830 if (sinfo->filled & STATION_INFO_TX_PACKETS) 1831 NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS, 1832 sinfo->tx_packets); 1833 nla_nest_end(msg, sinfoattr); 1834 1835 return genlmsg_end(msg, hdr); 1836 1837 nla_put_failure: 1838 genlmsg_cancel(msg, hdr); 1839 return -EMSGSIZE; 1840 } 1841 1842 static int nl80211_dump_station(struct sk_buff *skb, 1843 struct netlink_callback *cb) 1844 { 1845 struct station_info sinfo; 1846 struct cfg80211_registered_device *dev; 1847 struct net_device *netdev; 1848 u8 mac_addr[ETH_ALEN]; 1849 int ifidx = cb->args[0]; 1850 int sta_idx = cb->args[1]; 1851 int err; 1852 1853 if (!ifidx) 1854 ifidx = nl80211_get_ifidx(cb); 1855 if (ifidx < 0) 1856 return ifidx; 1857 1858 rtnl_lock(); 1859 1860 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 1861 if (!netdev) { 1862 err = -ENODEV; 1863 goto out_rtnl; 1864 } 1865 1866 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 1867 if (IS_ERR(dev)) { 1868 err = PTR_ERR(dev); 1869 goto out_rtnl; 1870 } 1871 1872 if (!dev->ops->dump_station) { 1873 err = -EOPNOTSUPP; 1874 goto out_err; 1875 } 1876 1877 while (1) { 1878 err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx, 1879 mac_addr, &sinfo); 1880 if (err == -ENOENT) 1881 break; 1882 if (err) 1883 goto out_err; 1884 1885 if (nl80211_send_station(skb, 1886 NETLINK_CB(cb->skb).pid, 1887 cb->nlh->nlmsg_seq, NLM_F_MULTI, 1888 netdev, mac_addr, 1889 &sinfo) < 0) 1890 goto out; 1891 1892 sta_idx++; 1893 } 1894 1895 1896 out: 1897 cb->args[1] = sta_idx; 1898 err = skb->len; 1899 out_err: 1900 cfg80211_unlock_rdev(dev); 1901 out_rtnl: 1902 rtnl_unlock(); 1903 1904 return err; 1905 } 1906 1907 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info) 1908 { 1909 struct cfg80211_registered_device *rdev; 1910 int err; 1911 struct net_device *dev; 1912 struct station_info sinfo; 1913 struct sk_buff *msg; 1914 u8 *mac_addr = NULL; 1915 1916 memset(&sinfo, 0, sizeof(sinfo)); 1917 1918 if (!info->attrs[NL80211_ATTR_MAC]) 1919 return -EINVAL; 1920 1921 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 1922 1923 rtnl_lock(); 1924 1925 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 1926 if (err) 1927 goto out_rtnl; 1928 1929 if (!rdev->ops->get_station) { 1930 err = -EOPNOTSUPP; 1931 goto out; 1932 } 1933 1934 err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo); 1935 if (err) 1936 goto out; 1937 1938 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 1939 if (!msg) 1940 goto out; 1941 1942 if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0, 1943 dev, mac_addr, &sinfo) < 0) 1944 goto out_free; 1945 1946 err = genlmsg_reply(msg, info); 1947 goto out; 1948 1949 out_free: 1950 nlmsg_free(msg); 1951 out: 1952 cfg80211_unlock_rdev(rdev); 1953 dev_put(dev); 1954 out_rtnl: 1955 rtnl_unlock(); 1956 1957 return err; 1958 } 1959 1960 /* 1961 * Get vlan interface making sure it is running and on the right wiphy. 1962 */ 1963 static int get_vlan(struct genl_info *info, 1964 struct cfg80211_registered_device *rdev, 1965 struct net_device **vlan) 1966 { 1967 struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN]; 1968 *vlan = NULL; 1969 1970 if (vlanattr) { 1971 *vlan = dev_get_by_index(genl_info_net(info), 1972 nla_get_u32(vlanattr)); 1973 if (!*vlan) 1974 return -ENODEV; 1975 if (!(*vlan)->ieee80211_ptr) 1976 return -EINVAL; 1977 if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy) 1978 return -EINVAL; 1979 if (!netif_running(*vlan)) 1980 return -ENETDOWN; 1981 } 1982 return 0; 1983 } 1984 1985 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info) 1986 { 1987 struct cfg80211_registered_device *rdev; 1988 int err; 1989 struct net_device *dev; 1990 struct station_parameters params; 1991 u8 *mac_addr = NULL; 1992 1993 memset(¶ms, 0, sizeof(params)); 1994 1995 params.listen_interval = -1; 1996 1997 if (info->attrs[NL80211_ATTR_STA_AID]) 1998 return -EINVAL; 1999 2000 if (!info->attrs[NL80211_ATTR_MAC]) 2001 return -EINVAL; 2002 2003 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2004 2005 if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) { 2006 params.supported_rates = 2007 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2008 params.supported_rates_len = 2009 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2010 } 2011 2012 if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2013 params.listen_interval = 2014 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2015 2016 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2017 params.ht_capa = 2018 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2019 2020 if (parse_station_flags(info, ¶ms)) 2021 return -EINVAL; 2022 2023 if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION]) 2024 params.plink_action = 2025 nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]); 2026 2027 rtnl_lock(); 2028 2029 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2030 if (err) 2031 goto out_rtnl; 2032 2033 err = get_vlan(info, rdev, ¶ms.vlan); 2034 if (err) 2035 goto out; 2036 2037 /* validate settings */ 2038 err = 0; 2039 2040 switch (dev->ieee80211_ptr->iftype) { 2041 case NL80211_IFTYPE_AP: 2042 case NL80211_IFTYPE_AP_VLAN: 2043 /* disallow mesh-specific things */ 2044 if (params.plink_action) 2045 err = -EINVAL; 2046 break; 2047 case NL80211_IFTYPE_STATION: 2048 /* disallow everything but AUTHORIZED flag */ 2049 if (params.plink_action) 2050 err = -EINVAL; 2051 if (params.vlan) 2052 err = -EINVAL; 2053 if (params.supported_rates) 2054 err = -EINVAL; 2055 if (params.ht_capa) 2056 err = -EINVAL; 2057 if (params.listen_interval >= 0) 2058 err = -EINVAL; 2059 if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED)) 2060 err = -EINVAL; 2061 break; 2062 case NL80211_IFTYPE_MESH_POINT: 2063 /* disallow things mesh doesn't support */ 2064 if (params.vlan) 2065 err = -EINVAL; 2066 if (params.ht_capa) 2067 err = -EINVAL; 2068 if (params.listen_interval >= 0) 2069 err = -EINVAL; 2070 if (params.supported_rates) 2071 err = -EINVAL; 2072 if (params.sta_flags_mask) 2073 err = -EINVAL; 2074 break; 2075 default: 2076 err = -EINVAL; 2077 } 2078 2079 if (err) 2080 goto out; 2081 2082 if (!rdev->ops->change_station) { 2083 err = -EOPNOTSUPP; 2084 goto out; 2085 } 2086 2087 err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2088 2089 out: 2090 if (params.vlan) 2091 dev_put(params.vlan); 2092 cfg80211_unlock_rdev(rdev); 2093 dev_put(dev); 2094 out_rtnl: 2095 rtnl_unlock(); 2096 2097 return err; 2098 } 2099 2100 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info) 2101 { 2102 struct cfg80211_registered_device *rdev; 2103 int err; 2104 struct net_device *dev; 2105 struct station_parameters params; 2106 u8 *mac_addr = NULL; 2107 2108 memset(¶ms, 0, sizeof(params)); 2109 2110 if (!info->attrs[NL80211_ATTR_MAC]) 2111 return -EINVAL; 2112 2113 if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]) 2114 return -EINVAL; 2115 2116 if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) 2117 return -EINVAL; 2118 2119 if (!info->attrs[NL80211_ATTR_STA_AID]) 2120 return -EINVAL; 2121 2122 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2123 params.supported_rates = 2124 nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2125 params.supported_rates_len = 2126 nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]); 2127 params.listen_interval = 2128 nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]); 2129 2130 params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]); 2131 if (!params.aid || params.aid > IEEE80211_MAX_AID) 2132 return -EINVAL; 2133 2134 if (info->attrs[NL80211_ATTR_HT_CAPABILITY]) 2135 params.ht_capa = 2136 nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]); 2137 2138 if (parse_station_flags(info, ¶ms)) 2139 return -EINVAL; 2140 2141 rtnl_lock(); 2142 2143 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2144 if (err) 2145 goto out_rtnl; 2146 2147 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2148 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN) { 2149 err = -EINVAL; 2150 goto out; 2151 } 2152 2153 err = get_vlan(info, rdev, ¶ms.vlan); 2154 if (err) 2155 goto out; 2156 2157 /* validate settings */ 2158 err = 0; 2159 2160 if (!rdev->ops->add_station) { 2161 err = -EOPNOTSUPP; 2162 goto out; 2163 } 2164 2165 if (!netif_running(dev)) { 2166 err = -ENETDOWN; 2167 goto out; 2168 } 2169 2170 err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, ¶ms); 2171 2172 out: 2173 if (params.vlan) 2174 dev_put(params.vlan); 2175 cfg80211_unlock_rdev(rdev); 2176 dev_put(dev); 2177 out_rtnl: 2178 rtnl_unlock(); 2179 2180 return err; 2181 } 2182 2183 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info) 2184 { 2185 struct cfg80211_registered_device *rdev; 2186 int err; 2187 struct net_device *dev; 2188 u8 *mac_addr = NULL; 2189 2190 if (info->attrs[NL80211_ATTR_MAC]) 2191 mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]); 2192 2193 rtnl_lock(); 2194 2195 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2196 if (err) 2197 goto out_rtnl; 2198 2199 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP && 2200 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN && 2201 dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2202 err = -EINVAL; 2203 goto out; 2204 } 2205 2206 if (!rdev->ops->del_station) { 2207 err = -EOPNOTSUPP; 2208 goto out; 2209 } 2210 2211 err = rdev->ops->del_station(&rdev->wiphy, dev, mac_addr); 2212 2213 out: 2214 cfg80211_unlock_rdev(rdev); 2215 dev_put(dev); 2216 out_rtnl: 2217 rtnl_unlock(); 2218 2219 return err; 2220 } 2221 2222 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq, 2223 int flags, struct net_device *dev, 2224 u8 *dst, u8 *next_hop, 2225 struct mpath_info *pinfo) 2226 { 2227 void *hdr; 2228 struct nlattr *pinfoattr; 2229 2230 hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION); 2231 if (!hdr) 2232 return -1; 2233 2234 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2235 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst); 2236 NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop); 2237 2238 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, pinfo->generation); 2239 2240 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO); 2241 if (!pinfoattr) 2242 goto nla_put_failure; 2243 if (pinfo->filled & MPATH_INFO_FRAME_QLEN) 2244 NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN, 2245 pinfo->frame_qlen); 2246 if (pinfo->filled & MPATH_INFO_SN) 2247 NLA_PUT_U32(msg, NL80211_MPATH_INFO_SN, 2248 pinfo->sn); 2249 if (pinfo->filled & MPATH_INFO_METRIC) 2250 NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC, 2251 pinfo->metric); 2252 if (pinfo->filled & MPATH_INFO_EXPTIME) 2253 NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME, 2254 pinfo->exptime); 2255 if (pinfo->filled & MPATH_INFO_FLAGS) 2256 NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS, 2257 pinfo->flags); 2258 if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) 2259 NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT, 2260 pinfo->discovery_timeout); 2261 if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) 2262 NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES, 2263 pinfo->discovery_retries); 2264 2265 nla_nest_end(msg, pinfoattr); 2266 2267 return genlmsg_end(msg, hdr); 2268 2269 nla_put_failure: 2270 genlmsg_cancel(msg, hdr); 2271 return -EMSGSIZE; 2272 } 2273 2274 static int nl80211_dump_mpath(struct sk_buff *skb, 2275 struct netlink_callback *cb) 2276 { 2277 struct mpath_info pinfo; 2278 struct cfg80211_registered_device *dev; 2279 struct net_device *netdev; 2280 u8 dst[ETH_ALEN]; 2281 u8 next_hop[ETH_ALEN]; 2282 int ifidx = cb->args[0]; 2283 int path_idx = cb->args[1]; 2284 int err; 2285 2286 if (!ifidx) 2287 ifidx = nl80211_get_ifidx(cb); 2288 if (ifidx < 0) 2289 return ifidx; 2290 2291 rtnl_lock(); 2292 2293 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 2294 if (!netdev) { 2295 err = -ENODEV; 2296 goto out_rtnl; 2297 } 2298 2299 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 2300 if (IS_ERR(dev)) { 2301 err = PTR_ERR(dev); 2302 goto out_rtnl; 2303 } 2304 2305 if (!dev->ops->dump_mpath) { 2306 err = -EOPNOTSUPP; 2307 goto out_err; 2308 } 2309 2310 if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2311 err = -EOPNOTSUPP; 2312 goto out_err; 2313 } 2314 2315 while (1) { 2316 err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx, 2317 dst, next_hop, &pinfo); 2318 if (err == -ENOENT) 2319 break; 2320 if (err) 2321 goto out_err; 2322 2323 if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid, 2324 cb->nlh->nlmsg_seq, NLM_F_MULTI, 2325 netdev, dst, next_hop, 2326 &pinfo) < 0) 2327 goto out; 2328 2329 path_idx++; 2330 } 2331 2332 2333 out: 2334 cb->args[1] = path_idx; 2335 err = skb->len; 2336 out_err: 2337 cfg80211_unlock_rdev(dev); 2338 out_rtnl: 2339 rtnl_unlock(); 2340 2341 return err; 2342 } 2343 2344 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info) 2345 { 2346 struct cfg80211_registered_device *rdev; 2347 int err; 2348 struct net_device *dev; 2349 struct mpath_info pinfo; 2350 struct sk_buff *msg; 2351 u8 *dst = NULL; 2352 u8 next_hop[ETH_ALEN]; 2353 2354 memset(&pinfo, 0, sizeof(pinfo)); 2355 2356 if (!info->attrs[NL80211_ATTR_MAC]) 2357 return -EINVAL; 2358 2359 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2360 2361 rtnl_lock(); 2362 2363 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2364 if (err) 2365 goto out_rtnl; 2366 2367 if (!rdev->ops->get_mpath) { 2368 err = -EOPNOTSUPP; 2369 goto out; 2370 } 2371 2372 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2373 err = -EOPNOTSUPP; 2374 goto out; 2375 } 2376 2377 err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo); 2378 if (err) 2379 goto out; 2380 2381 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2382 if (!msg) 2383 goto out; 2384 2385 if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0, 2386 dev, dst, next_hop, &pinfo) < 0) 2387 goto out_free; 2388 2389 err = genlmsg_reply(msg, info); 2390 goto out; 2391 2392 out_free: 2393 nlmsg_free(msg); 2394 out: 2395 cfg80211_unlock_rdev(rdev); 2396 dev_put(dev); 2397 out_rtnl: 2398 rtnl_unlock(); 2399 2400 return err; 2401 } 2402 2403 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info) 2404 { 2405 struct cfg80211_registered_device *rdev; 2406 int err; 2407 struct net_device *dev; 2408 u8 *dst = NULL; 2409 u8 *next_hop = NULL; 2410 2411 if (!info->attrs[NL80211_ATTR_MAC]) 2412 return -EINVAL; 2413 2414 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2415 return -EINVAL; 2416 2417 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2418 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2419 2420 rtnl_lock(); 2421 2422 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2423 if (err) 2424 goto out_rtnl; 2425 2426 if (!rdev->ops->change_mpath) { 2427 err = -EOPNOTSUPP; 2428 goto out; 2429 } 2430 2431 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2432 err = -EOPNOTSUPP; 2433 goto out; 2434 } 2435 2436 if (!netif_running(dev)) { 2437 err = -ENETDOWN; 2438 goto out; 2439 } 2440 2441 err = rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop); 2442 2443 out: 2444 cfg80211_unlock_rdev(rdev); 2445 dev_put(dev); 2446 out_rtnl: 2447 rtnl_unlock(); 2448 2449 return err; 2450 } 2451 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info) 2452 { 2453 struct cfg80211_registered_device *rdev; 2454 int err; 2455 struct net_device *dev; 2456 u8 *dst = NULL; 2457 u8 *next_hop = NULL; 2458 2459 if (!info->attrs[NL80211_ATTR_MAC]) 2460 return -EINVAL; 2461 2462 if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]) 2463 return -EINVAL; 2464 2465 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2466 next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]); 2467 2468 rtnl_lock(); 2469 2470 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2471 if (err) 2472 goto out_rtnl; 2473 2474 if (!rdev->ops->add_mpath) { 2475 err = -EOPNOTSUPP; 2476 goto out; 2477 } 2478 2479 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) { 2480 err = -EOPNOTSUPP; 2481 goto out; 2482 } 2483 2484 if (!netif_running(dev)) { 2485 err = -ENETDOWN; 2486 goto out; 2487 } 2488 2489 err = rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop); 2490 2491 out: 2492 cfg80211_unlock_rdev(rdev); 2493 dev_put(dev); 2494 out_rtnl: 2495 rtnl_unlock(); 2496 2497 return err; 2498 } 2499 2500 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info) 2501 { 2502 struct cfg80211_registered_device *rdev; 2503 int err; 2504 struct net_device *dev; 2505 u8 *dst = NULL; 2506 2507 if (info->attrs[NL80211_ATTR_MAC]) 2508 dst = nla_data(info->attrs[NL80211_ATTR_MAC]); 2509 2510 rtnl_lock(); 2511 2512 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2513 if (err) 2514 goto out_rtnl; 2515 2516 if (!rdev->ops->del_mpath) { 2517 err = -EOPNOTSUPP; 2518 goto out; 2519 } 2520 2521 err = rdev->ops->del_mpath(&rdev->wiphy, dev, dst); 2522 2523 out: 2524 cfg80211_unlock_rdev(rdev); 2525 dev_put(dev); 2526 out_rtnl: 2527 rtnl_unlock(); 2528 2529 return err; 2530 } 2531 2532 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info) 2533 { 2534 struct cfg80211_registered_device *rdev; 2535 int err; 2536 struct net_device *dev; 2537 struct bss_parameters params; 2538 2539 memset(¶ms, 0, sizeof(params)); 2540 /* default to not changing parameters */ 2541 params.use_cts_prot = -1; 2542 params.use_short_preamble = -1; 2543 params.use_short_slot_time = -1; 2544 params.ap_isolate = -1; 2545 2546 if (info->attrs[NL80211_ATTR_BSS_CTS_PROT]) 2547 params.use_cts_prot = 2548 nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]); 2549 if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]) 2550 params.use_short_preamble = 2551 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]); 2552 if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]) 2553 params.use_short_slot_time = 2554 nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]); 2555 if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) { 2556 params.basic_rates = 2557 nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2558 params.basic_rates_len = 2559 nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]); 2560 } 2561 if (info->attrs[NL80211_ATTR_AP_ISOLATE]) 2562 params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]); 2563 2564 rtnl_lock(); 2565 2566 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2567 if (err) 2568 goto out_rtnl; 2569 2570 if (!rdev->ops->change_bss) { 2571 err = -EOPNOTSUPP; 2572 goto out; 2573 } 2574 2575 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) { 2576 err = -EOPNOTSUPP; 2577 goto out; 2578 } 2579 2580 err = rdev->ops->change_bss(&rdev->wiphy, dev, ¶ms); 2581 2582 out: 2583 cfg80211_unlock_rdev(rdev); 2584 dev_put(dev); 2585 out_rtnl: 2586 rtnl_unlock(); 2587 2588 return err; 2589 } 2590 2591 static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = { 2592 [NL80211_ATTR_REG_RULE_FLAGS] = { .type = NLA_U32 }, 2593 [NL80211_ATTR_FREQ_RANGE_START] = { .type = NLA_U32 }, 2594 [NL80211_ATTR_FREQ_RANGE_END] = { .type = NLA_U32 }, 2595 [NL80211_ATTR_FREQ_RANGE_MAX_BW] = { .type = NLA_U32 }, 2596 [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN] = { .type = NLA_U32 }, 2597 [NL80211_ATTR_POWER_RULE_MAX_EIRP] = { .type = NLA_U32 }, 2598 }; 2599 2600 static int parse_reg_rule(struct nlattr *tb[], 2601 struct ieee80211_reg_rule *reg_rule) 2602 { 2603 struct ieee80211_freq_range *freq_range = ®_rule->freq_range; 2604 struct ieee80211_power_rule *power_rule = ®_rule->power_rule; 2605 2606 if (!tb[NL80211_ATTR_REG_RULE_FLAGS]) 2607 return -EINVAL; 2608 if (!tb[NL80211_ATTR_FREQ_RANGE_START]) 2609 return -EINVAL; 2610 if (!tb[NL80211_ATTR_FREQ_RANGE_END]) 2611 return -EINVAL; 2612 if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]) 2613 return -EINVAL; 2614 if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]) 2615 return -EINVAL; 2616 2617 reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]); 2618 2619 freq_range->start_freq_khz = 2620 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]); 2621 freq_range->end_freq_khz = 2622 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]); 2623 freq_range->max_bandwidth_khz = 2624 nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]); 2625 2626 power_rule->max_eirp = 2627 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]); 2628 2629 if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]) 2630 power_rule->max_antenna_gain = 2631 nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]); 2632 2633 return 0; 2634 } 2635 2636 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info) 2637 { 2638 int r; 2639 char *data = NULL; 2640 2641 /* 2642 * You should only get this when cfg80211 hasn't yet initialized 2643 * completely when built-in to the kernel right between the time 2644 * window between nl80211_init() and regulatory_init(), if that is 2645 * even possible. 2646 */ 2647 mutex_lock(&cfg80211_mutex); 2648 if (unlikely(!cfg80211_regdomain)) { 2649 mutex_unlock(&cfg80211_mutex); 2650 return -EINPROGRESS; 2651 } 2652 mutex_unlock(&cfg80211_mutex); 2653 2654 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2655 return -EINVAL; 2656 2657 data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2658 2659 r = regulatory_hint_user(data); 2660 2661 return r; 2662 } 2663 2664 static int nl80211_get_mesh_params(struct sk_buff *skb, 2665 struct genl_info *info) 2666 { 2667 struct cfg80211_registered_device *rdev; 2668 struct mesh_config cur_params; 2669 int err; 2670 struct net_device *dev; 2671 void *hdr; 2672 struct nlattr *pinfoattr; 2673 struct sk_buff *msg; 2674 2675 rtnl_lock(); 2676 2677 /* Look up our device */ 2678 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2679 if (err) 2680 goto out_rtnl; 2681 2682 if (!rdev->ops->get_mesh_params) { 2683 err = -EOPNOTSUPP; 2684 goto out; 2685 } 2686 2687 /* Get the mesh params */ 2688 err = rdev->ops->get_mesh_params(&rdev->wiphy, dev, &cur_params); 2689 if (err) 2690 goto out; 2691 2692 /* Draw up a netlink message to send back */ 2693 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2694 if (!msg) { 2695 err = -ENOBUFS; 2696 goto out; 2697 } 2698 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2699 NL80211_CMD_GET_MESH_PARAMS); 2700 if (!hdr) 2701 goto nla_put_failure; 2702 pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS); 2703 if (!pinfoattr) 2704 goto nla_put_failure; 2705 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 2706 NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT, 2707 cur_params.dot11MeshRetryTimeout); 2708 NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT, 2709 cur_params.dot11MeshConfirmTimeout); 2710 NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT, 2711 cur_params.dot11MeshHoldingTimeout); 2712 NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS, 2713 cur_params.dot11MeshMaxPeerLinks); 2714 NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES, 2715 cur_params.dot11MeshMaxRetries); 2716 NLA_PUT_U8(msg, NL80211_MESHCONF_TTL, 2717 cur_params.dot11MeshTTL); 2718 NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 2719 cur_params.auto_open_plinks); 2720 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2721 cur_params.dot11MeshHWMPmaxPREQretries); 2722 NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME, 2723 cur_params.path_refresh_time); 2724 NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2725 cur_params.min_discovery_timeout); 2726 NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2727 cur_params.dot11MeshHWMPactivePathTimeout); 2728 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2729 cur_params.dot11MeshHWMPpreqMinInterval); 2730 NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2731 cur_params.dot11MeshHWMPnetDiameterTraversalTime); 2732 NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_ROOTMODE, 2733 cur_params.dot11MeshHWMPRootMode); 2734 nla_nest_end(msg, pinfoattr); 2735 genlmsg_end(msg, hdr); 2736 err = genlmsg_reply(msg, info); 2737 goto out; 2738 2739 nla_put_failure: 2740 genlmsg_cancel(msg, hdr); 2741 err = -EMSGSIZE; 2742 out: 2743 /* Cleanup */ 2744 cfg80211_unlock_rdev(rdev); 2745 dev_put(dev); 2746 out_rtnl: 2747 rtnl_unlock(); 2748 2749 return err; 2750 } 2751 2752 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \ 2753 do {\ 2754 if (table[attr_num]) {\ 2755 cfg.param = nla_fn(table[attr_num]); \ 2756 mask |= (1 << (attr_num - 1)); \ 2757 } \ 2758 } while (0);\ 2759 2760 static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = { 2761 [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 }, 2762 [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 }, 2763 [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 }, 2764 [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 }, 2765 [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 }, 2766 [NL80211_MESHCONF_TTL] = { .type = NLA_U8 }, 2767 [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 }, 2768 2769 [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 }, 2770 [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 }, 2771 [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 }, 2772 [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 }, 2773 [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 }, 2774 [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 }, 2775 }; 2776 2777 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info) 2778 { 2779 int err; 2780 u32 mask; 2781 struct cfg80211_registered_device *rdev; 2782 struct net_device *dev; 2783 struct mesh_config cfg; 2784 struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1]; 2785 struct nlattr *parent_attr; 2786 2787 parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS]; 2788 if (!parent_attr) 2789 return -EINVAL; 2790 if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX, 2791 parent_attr, nl80211_meshconf_params_policy)) 2792 return -EINVAL; 2793 2794 rtnl_lock(); 2795 2796 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 2797 if (err) 2798 goto out_rtnl; 2799 2800 if (!rdev->ops->set_mesh_params) { 2801 err = -EOPNOTSUPP; 2802 goto out; 2803 } 2804 2805 /* This makes sure that there aren't more than 32 mesh config 2806 * parameters (otherwise our bitfield scheme would not work.) */ 2807 BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32); 2808 2809 /* Fill in the params struct */ 2810 mask = 0; 2811 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout, 2812 mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16); 2813 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout, 2814 mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16); 2815 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout, 2816 mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16); 2817 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks, 2818 mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16); 2819 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries, 2820 mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8); 2821 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL, 2822 mask, NL80211_MESHCONF_TTL, nla_get_u8); 2823 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks, 2824 mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8); 2825 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries, 2826 mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES, 2827 nla_get_u8); 2828 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time, 2829 mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32); 2830 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout, 2831 mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT, 2832 nla_get_u16); 2833 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, 2834 mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT, 2835 nla_get_u32); 2836 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval, 2837 mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL, 2838 nla_get_u16); 2839 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2840 dot11MeshHWMPnetDiameterTraversalTime, 2841 mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME, 2842 nla_get_u16); 2843 FILL_IN_MESH_PARAM_IF_SET(tb, cfg, 2844 dot11MeshHWMPRootMode, mask, 2845 NL80211_MESHCONF_HWMP_ROOTMODE, 2846 nla_get_u8); 2847 2848 /* Apply changes */ 2849 err = rdev->ops->set_mesh_params(&rdev->wiphy, dev, &cfg, mask); 2850 2851 out: 2852 /* cleanup */ 2853 cfg80211_unlock_rdev(rdev); 2854 dev_put(dev); 2855 out_rtnl: 2856 rtnl_unlock(); 2857 2858 return err; 2859 } 2860 2861 #undef FILL_IN_MESH_PARAM_IF_SET 2862 2863 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info) 2864 { 2865 struct sk_buff *msg; 2866 void *hdr = NULL; 2867 struct nlattr *nl_reg_rules; 2868 unsigned int i; 2869 int err = -EINVAL; 2870 2871 mutex_lock(&cfg80211_mutex); 2872 2873 if (!cfg80211_regdomain) 2874 goto out; 2875 2876 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 2877 if (!msg) { 2878 err = -ENOBUFS; 2879 goto out; 2880 } 2881 2882 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 2883 NL80211_CMD_GET_REG); 2884 if (!hdr) 2885 goto nla_put_failure; 2886 2887 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, 2888 cfg80211_regdomain->alpha2); 2889 2890 nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES); 2891 if (!nl_reg_rules) 2892 goto nla_put_failure; 2893 2894 for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) { 2895 struct nlattr *nl_reg_rule; 2896 const struct ieee80211_reg_rule *reg_rule; 2897 const struct ieee80211_freq_range *freq_range; 2898 const struct ieee80211_power_rule *power_rule; 2899 2900 reg_rule = &cfg80211_regdomain->reg_rules[i]; 2901 freq_range = ®_rule->freq_range; 2902 power_rule = ®_rule->power_rule; 2903 2904 nl_reg_rule = nla_nest_start(msg, i); 2905 if (!nl_reg_rule) 2906 goto nla_put_failure; 2907 2908 NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS, 2909 reg_rule->flags); 2910 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START, 2911 freq_range->start_freq_khz); 2912 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END, 2913 freq_range->end_freq_khz); 2914 NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW, 2915 freq_range->max_bandwidth_khz); 2916 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN, 2917 power_rule->max_antenna_gain); 2918 NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP, 2919 power_rule->max_eirp); 2920 2921 nla_nest_end(msg, nl_reg_rule); 2922 } 2923 2924 nla_nest_end(msg, nl_reg_rules); 2925 2926 genlmsg_end(msg, hdr); 2927 err = genlmsg_reply(msg, info); 2928 goto out; 2929 2930 nla_put_failure: 2931 genlmsg_cancel(msg, hdr); 2932 err = -EMSGSIZE; 2933 out: 2934 mutex_unlock(&cfg80211_mutex); 2935 return err; 2936 } 2937 2938 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info) 2939 { 2940 struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1]; 2941 struct nlattr *nl_reg_rule; 2942 char *alpha2 = NULL; 2943 int rem_reg_rules = 0, r = 0; 2944 u32 num_rules = 0, rule_idx = 0, size_of_regd; 2945 struct ieee80211_regdomain *rd = NULL; 2946 2947 if (!info->attrs[NL80211_ATTR_REG_ALPHA2]) 2948 return -EINVAL; 2949 2950 if (!info->attrs[NL80211_ATTR_REG_RULES]) 2951 return -EINVAL; 2952 2953 alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]); 2954 2955 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2956 rem_reg_rules) { 2957 num_rules++; 2958 if (num_rules > NL80211_MAX_SUPP_REG_RULES) 2959 return -EINVAL; 2960 } 2961 2962 mutex_lock(&cfg80211_mutex); 2963 2964 if (!reg_is_valid_request(alpha2)) { 2965 r = -EINVAL; 2966 goto bad_reg; 2967 } 2968 2969 size_of_regd = sizeof(struct ieee80211_regdomain) + 2970 (num_rules * sizeof(struct ieee80211_reg_rule)); 2971 2972 rd = kzalloc(size_of_regd, GFP_KERNEL); 2973 if (!rd) { 2974 r = -ENOMEM; 2975 goto bad_reg; 2976 } 2977 2978 rd->n_reg_rules = num_rules; 2979 rd->alpha2[0] = alpha2[0]; 2980 rd->alpha2[1] = alpha2[1]; 2981 2982 nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES], 2983 rem_reg_rules) { 2984 nla_parse(tb, NL80211_REG_RULE_ATTR_MAX, 2985 nla_data(nl_reg_rule), nla_len(nl_reg_rule), 2986 reg_rule_policy); 2987 r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]); 2988 if (r) 2989 goto bad_reg; 2990 2991 rule_idx++; 2992 2993 if (rule_idx > NL80211_MAX_SUPP_REG_RULES) { 2994 r = -EINVAL; 2995 goto bad_reg; 2996 } 2997 } 2998 2999 BUG_ON(rule_idx != num_rules); 3000 3001 r = set_regdom(rd); 3002 3003 mutex_unlock(&cfg80211_mutex); 3004 3005 return r; 3006 3007 bad_reg: 3008 mutex_unlock(&cfg80211_mutex); 3009 kfree(rd); 3010 return r; 3011 } 3012 3013 static int validate_scan_freqs(struct nlattr *freqs) 3014 { 3015 struct nlattr *attr1, *attr2; 3016 int n_channels = 0, tmp1, tmp2; 3017 3018 nla_for_each_nested(attr1, freqs, tmp1) { 3019 n_channels++; 3020 /* 3021 * Some hardware has a limited channel list for 3022 * scanning, and it is pretty much nonsensical 3023 * to scan for a channel twice, so disallow that 3024 * and don't require drivers to check that the 3025 * channel list they get isn't longer than what 3026 * they can scan, as long as they can scan all 3027 * the channels they registered at once. 3028 */ 3029 nla_for_each_nested(attr2, freqs, tmp2) 3030 if (attr1 != attr2 && 3031 nla_get_u32(attr1) == nla_get_u32(attr2)) 3032 return 0; 3033 } 3034 3035 return n_channels; 3036 } 3037 3038 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info) 3039 { 3040 struct cfg80211_registered_device *rdev; 3041 struct net_device *dev; 3042 struct cfg80211_scan_request *request; 3043 struct cfg80211_ssid *ssid; 3044 struct ieee80211_channel *channel; 3045 struct nlattr *attr; 3046 struct wiphy *wiphy; 3047 int err, tmp, n_ssids = 0, n_channels, i; 3048 enum ieee80211_band band; 3049 size_t ie_len; 3050 3051 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3052 return -EINVAL; 3053 3054 rtnl_lock(); 3055 3056 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3057 if (err) 3058 goto out_rtnl; 3059 3060 wiphy = &rdev->wiphy; 3061 3062 if (!rdev->ops->scan) { 3063 err = -EOPNOTSUPP; 3064 goto out; 3065 } 3066 3067 if (!netif_running(dev)) { 3068 err = -ENETDOWN; 3069 goto out; 3070 } 3071 3072 if (rdev->scan_req) { 3073 err = -EBUSY; 3074 goto out; 3075 } 3076 3077 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3078 n_channels = validate_scan_freqs( 3079 info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]); 3080 if (!n_channels) { 3081 err = -EINVAL; 3082 goto out; 3083 } 3084 } else { 3085 n_channels = 0; 3086 3087 for (band = 0; band < IEEE80211_NUM_BANDS; band++) 3088 if (wiphy->bands[band]) 3089 n_channels += wiphy->bands[band]->n_channels; 3090 } 3091 3092 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) 3093 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) 3094 n_ssids++; 3095 3096 if (n_ssids > wiphy->max_scan_ssids) { 3097 err = -EINVAL; 3098 goto out; 3099 } 3100 3101 if (info->attrs[NL80211_ATTR_IE]) 3102 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3103 else 3104 ie_len = 0; 3105 3106 if (ie_len > wiphy->max_scan_ie_len) { 3107 err = -EINVAL; 3108 goto out; 3109 } 3110 3111 request = kzalloc(sizeof(*request) 3112 + sizeof(*ssid) * n_ssids 3113 + sizeof(channel) * n_channels 3114 + ie_len, GFP_KERNEL); 3115 if (!request) { 3116 err = -ENOMEM; 3117 goto out; 3118 } 3119 3120 if (n_ssids) 3121 request->ssids = (void *)&request->channels[n_channels]; 3122 request->n_ssids = n_ssids; 3123 if (ie_len) { 3124 if (request->ssids) 3125 request->ie = (void *)(request->ssids + n_ssids); 3126 else 3127 request->ie = (void *)(request->channels + n_channels); 3128 } 3129 3130 i = 0; 3131 if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) { 3132 /* user specified, bail out if channel not found */ 3133 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) { 3134 struct ieee80211_channel *chan; 3135 3136 chan = ieee80211_get_channel(wiphy, nla_get_u32(attr)); 3137 3138 if (!chan) { 3139 err = -EINVAL; 3140 goto out_free; 3141 } 3142 3143 /* ignore disabled channels */ 3144 if (chan->flags & IEEE80211_CHAN_DISABLED) 3145 continue; 3146 3147 request->channels[i] = chan; 3148 i++; 3149 } 3150 } else { 3151 /* all channels */ 3152 for (band = 0; band < IEEE80211_NUM_BANDS; band++) { 3153 int j; 3154 if (!wiphy->bands[band]) 3155 continue; 3156 for (j = 0; j < wiphy->bands[band]->n_channels; j++) { 3157 struct ieee80211_channel *chan; 3158 3159 chan = &wiphy->bands[band]->channels[j]; 3160 3161 if (chan->flags & IEEE80211_CHAN_DISABLED) 3162 continue; 3163 3164 request->channels[i] = chan; 3165 i++; 3166 } 3167 } 3168 } 3169 3170 if (!i) { 3171 err = -EINVAL; 3172 goto out_free; 3173 } 3174 3175 request->n_channels = i; 3176 3177 i = 0; 3178 if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) { 3179 nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) { 3180 if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) { 3181 err = -EINVAL; 3182 goto out_free; 3183 } 3184 memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr)); 3185 request->ssids[i].ssid_len = nla_len(attr); 3186 i++; 3187 } 3188 } 3189 3190 if (info->attrs[NL80211_ATTR_IE]) { 3191 request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3192 memcpy((void *)request->ie, 3193 nla_data(info->attrs[NL80211_ATTR_IE]), 3194 request->ie_len); 3195 } 3196 3197 request->dev = dev; 3198 request->wiphy = &rdev->wiphy; 3199 3200 rdev->scan_req = request; 3201 err = rdev->ops->scan(&rdev->wiphy, dev, request); 3202 3203 if (!err) { 3204 nl80211_send_scan_start(rdev, dev); 3205 dev_hold(dev); 3206 } 3207 3208 out_free: 3209 if (err) { 3210 rdev->scan_req = NULL; 3211 kfree(request); 3212 } 3213 out: 3214 cfg80211_unlock_rdev(rdev); 3215 dev_put(dev); 3216 out_rtnl: 3217 rtnl_unlock(); 3218 3219 return err; 3220 } 3221 3222 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags, 3223 struct cfg80211_registered_device *rdev, 3224 struct wireless_dev *wdev, 3225 struct cfg80211_internal_bss *intbss) 3226 { 3227 struct cfg80211_bss *res = &intbss->pub; 3228 void *hdr; 3229 struct nlattr *bss; 3230 int i; 3231 3232 ASSERT_WDEV_LOCK(wdev); 3233 3234 hdr = nl80211hdr_put(msg, pid, seq, flags, 3235 NL80211_CMD_NEW_SCAN_RESULTS); 3236 if (!hdr) 3237 return -1; 3238 3239 NLA_PUT_U32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation); 3240 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex); 3241 3242 bss = nla_nest_start(msg, NL80211_ATTR_BSS); 3243 if (!bss) 3244 goto nla_put_failure; 3245 if (!is_zero_ether_addr(res->bssid)) 3246 NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid); 3247 if (res->information_elements && res->len_information_elements) 3248 NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS, 3249 res->len_information_elements, 3250 res->information_elements); 3251 if (res->beacon_ies && res->len_beacon_ies && 3252 res->beacon_ies != res->information_elements) 3253 NLA_PUT(msg, NL80211_BSS_BEACON_IES, 3254 res->len_beacon_ies, res->beacon_ies); 3255 if (res->tsf) 3256 NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf); 3257 if (res->beacon_interval) 3258 NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval); 3259 NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability); 3260 NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq); 3261 NLA_PUT_U32(msg, NL80211_BSS_SEEN_MS_AGO, 3262 jiffies_to_msecs(jiffies - intbss->ts)); 3263 3264 switch (rdev->wiphy.signal_type) { 3265 case CFG80211_SIGNAL_TYPE_MBM: 3266 NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal); 3267 break; 3268 case CFG80211_SIGNAL_TYPE_UNSPEC: 3269 NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal); 3270 break; 3271 default: 3272 break; 3273 } 3274 3275 switch (wdev->iftype) { 3276 case NL80211_IFTYPE_STATION: 3277 if (intbss == wdev->current_bss) 3278 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3279 NL80211_BSS_STATUS_ASSOCIATED); 3280 else for (i = 0; i < MAX_AUTH_BSSES; i++) { 3281 if (intbss != wdev->auth_bsses[i]) 3282 continue; 3283 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3284 NL80211_BSS_STATUS_AUTHENTICATED); 3285 break; 3286 } 3287 break; 3288 case NL80211_IFTYPE_ADHOC: 3289 if (intbss == wdev->current_bss) 3290 NLA_PUT_U32(msg, NL80211_BSS_STATUS, 3291 NL80211_BSS_STATUS_IBSS_JOINED); 3292 break; 3293 default: 3294 break; 3295 } 3296 3297 nla_nest_end(msg, bss); 3298 3299 return genlmsg_end(msg, hdr); 3300 3301 nla_put_failure: 3302 genlmsg_cancel(msg, hdr); 3303 return -EMSGSIZE; 3304 } 3305 3306 static int nl80211_dump_scan(struct sk_buff *skb, 3307 struct netlink_callback *cb) 3308 { 3309 struct cfg80211_registered_device *rdev; 3310 struct net_device *dev; 3311 struct cfg80211_internal_bss *scan; 3312 struct wireless_dev *wdev; 3313 int ifidx = cb->args[0]; 3314 int start = cb->args[1], idx = 0; 3315 int err; 3316 3317 if (!ifidx) 3318 ifidx = nl80211_get_ifidx(cb); 3319 if (ifidx < 0) 3320 return ifidx; 3321 cb->args[0] = ifidx; 3322 3323 dev = dev_get_by_index(sock_net(skb->sk), ifidx); 3324 if (!dev) 3325 return -ENODEV; 3326 3327 rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3328 if (IS_ERR(rdev)) { 3329 err = PTR_ERR(rdev); 3330 goto out_put_netdev; 3331 } 3332 3333 wdev = dev->ieee80211_ptr; 3334 3335 wdev_lock(wdev); 3336 spin_lock_bh(&rdev->bss_lock); 3337 cfg80211_bss_expire(rdev); 3338 3339 list_for_each_entry(scan, &rdev->bss_list, list) { 3340 if (++idx <= start) 3341 continue; 3342 if (nl80211_send_bss(skb, 3343 NETLINK_CB(cb->skb).pid, 3344 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3345 rdev, wdev, scan) < 0) { 3346 idx--; 3347 goto out; 3348 } 3349 } 3350 3351 out: 3352 spin_unlock_bh(&rdev->bss_lock); 3353 wdev_unlock(wdev); 3354 3355 cb->args[1] = idx; 3356 err = skb->len; 3357 cfg80211_unlock_rdev(rdev); 3358 out_put_netdev: 3359 dev_put(dev); 3360 3361 return err; 3362 } 3363 3364 static int nl80211_send_survey(struct sk_buff *msg, u32 pid, u32 seq, 3365 int flags, struct net_device *dev, 3366 struct survey_info *survey) 3367 { 3368 void *hdr; 3369 struct nlattr *infoattr; 3370 3371 /* Survey without a channel doesn't make sense */ 3372 if (!survey->channel) 3373 return -EINVAL; 3374 3375 hdr = nl80211hdr_put(msg, pid, seq, flags, 3376 NL80211_CMD_NEW_SURVEY_RESULTS); 3377 if (!hdr) 3378 return -ENOMEM; 3379 3380 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex); 3381 3382 infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO); 3383 if (!infoattr) 3384 goto nla_put_failure; 3385 3386 NLA_PUT_U32(msg, NL80211_SURVEY_INFO_FREQUENCY, 3387 survey->channel->center_freq); 3388 if (survey->filled & SURVEY_INFO_NOISE_DBM) 3389 NLA_PUT_U8(msg, NL80211_SURVEY_INFO_NOISE, 3390 survey->noise); 3391 3392 nla_nest_end(msg, infoattr); 3393 3394 return genlmsg_end(msg, hdr); 3395 3396 nla_put_failure: 3397 genlmsg_cancel(msg, hdr); 3398 return -EMSGSIZE; 3399 } 3400 3401 static int nl80211_dump_survey(struct sk_buff *skb, 3402 struct netlink_callback *cb) 3403 { 3404 struct survey_info survey; 3405 struct cfg80211_registered_device *dev; 3406 struct net_device *netdev; 3407 int ifidx = cb->args[0]; 3408 int survey_idx = cb->args[1]; 3409 int res; 3410 3411 if (!ifidx) 3412 ifidx = nl80211_get_ifidx(cb); 3413 if (ifidx < 0) 3414 return ifidx; 3415 cb->args[0] = ifidx; 3416 3417 rtnl_lock(); 3418 3419 netdev = __dev_get_by_index(sock_net(skb->sk), ifidx); 3420 if (!netdev) { 3421 res = -ENODEV; 3422 goto out_rtnl; 3423 } 3424 3425 dev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx); 3426 if (IS_ERR(dev)) { 3427 res = PTR_ERR(dev); 3428 goto out_rtnl; 3429 } 3430 3431 if (!dev->ops->dump_survey) { 3432 res = -EOPNOTSUPP; 3433 goto out_err; 3434 } 3435 3436 while (1) { 3437 res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx, 3438 &survey); 3439 if (res == -ENOENT) 3440 break; 3441 if (res) 3442 goto out_err; 3443 3444 if (nl80211_send_survey(skb, 3445 NETLINK_CB(cb->skb).pid, 3446 cb->nlh->nlmsg_seq, NLM_F_MULTI, 3447 netdev, 3448 &survey) < 0) 3449 goto out; 3450 survey_idx++; 3451 } 3452 3453 out: 3454 cb->args[1] = survey_idx; 3455 res = skb->len; 3456 out_err: 3457 cfg80211_unlock_rdev(dev); 3458 out_rtnl: 3459 rtnl_unlock(); 3460 3461 return res; 3462 } 3463 3464 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type) 3465 { 3466 return auth_type <= NL80211_AUTHTYPE_MAX; 3467 } 3468 3469 static bool nl80211_valid_wpa_versions(u32 wpa_versions) 3470 { 3471 return !(wpa_versions & ~(NL80211_WPA_VERSION_1 | 3472 NL80211_WPA_VERSION_2)); 3473 } 3474 3475 static bool nl80211_valid_akm_suite(u32 akm) 3476 { 3477 return akm == WLAN_AKM_SUITE_8021X || 3478 akm == WLAN_AKM_SUITE_PSK; 3479 } 3480 3481 static bool nl80211_valid_cipher_suite(u32 cipher) 3482 { 3483 return cipher == WLAN_CIPHER_SUITE_WEP40 || 3484 cipher == WLAN_CIPHER_SUITE_WEP104 || 3485 cipher == WLAN_CIPHER_SUITE_TKIP || 3486 cipher == WLAN_CIPHER_SUITE_CCMP || 3487 cipher == WLAN_CIPHER_SUITE_AES_CMAC; 3488 } 3489 3490 3491 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info) 3492 { 3493 struct cfg80211_registered_device *rdev; 3494 struct net_device *dev; 3495 struct ieee80211_channel *chan; 3496 const u8 *bssid, *ssid, *ie = NULL; 3497 int err, ssid_len, ie_len = 0; 3498 enum nl80211_auth_type auth_type; 3499 struct key_parse key; 3500 bool local_state_change; 3501 3502 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3503 return -EINVAL; 3504 3505 if (!info->attrs[NL80211_ATTR_MAC]) 3506 return -EINVAL; 3507 3508 if (!info->attrs[NL80211_ATTR_AUTH_TYPE]) 3509 return -EINVAL; 3510 3511 if (!info->attrs[NL80211_ATTR_SSID]) 3512 return -EINVAL; 3513 3514 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3515 return -EINVAL; 3516 3517 err = nl80211_parse_key(info, &key); 3518 if (err) 3519 return err; 3520 3521 if (key.idx >= 0) { 3522 if (!key.p.key || !key.p.key_len) 3523 return -EINVAL; 3524 if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 || 3525 key.p.key_len != WLAN_KEY_LEN_WEP40) && 3526 (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 || 3527 key.p.key_len != WLAN_KEY_LEN_WEP104)) 3528 return -EINVAL; 3529 if (key.idx > 4) 3530 return -EINVAL; 3531 } else { 3532 key.p.key_len = 0; 3533 key.p.key = NULL; 3534 } 3535 3536 rtnl_lock(); 3537 3538 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3539 if (err) 3540 goto unlock_rtnl; 3541 3542 if (!rdev->ops->auth) { 3543 err = -EOPNOTSUPP; 3544 goto out; 3545 } 3546 3547 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3548 err = -EOPNOTSUPP; 3549 goto out; 3550 } 3551 3552 if (!netif_running(dev)) { 3553 err = -ENETDOWN; 3554 goto out; 3555 } 3556 3557 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3558 chan = ieee80211_get_channel(&rdev->wiphy, 3559 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3560 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3561 err = -EINVAL; 3562 goto out; 3563 } 3564 3565 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3566 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3567 3568 if (info->attrs[NL80211_ATTR_IE]) { 3569 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3570 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3571 } 3572 3573 auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 3574 if (!nl80211_valid_auth_type(auth_type)) { 3575 err = -EINVAL; 3576 goto out; 3577 } 3578 3579 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3580 3581 err = cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid, 3582 ssid, ssid_len, ie, ie_len, 3583 key.p.key, key.p.key_len, key.idx, 3584 local_state_change); 3585 3586 out: 3587 cfg80211_unlock_rdev(rdev); 3588 dev_put(dev); 3589 unlock_rtnl: 3590 rtnl_unlock(); 3591 return err; 3592 } 3593 3594 static int nl80211_crypto_settings(struct genl_info *info, 3595 struct cfg80211_crypto_settings *settings, 3596 int cipher_limit) 3597 { 3598 memset(settings, 0, sizeof(*settings)); 3599 3600 settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT]; 3601 3602 if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) { 3603 void *data; 3604 int len, i; 3605 3606 data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3607 len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]); 3608 settings->n_ciphers_pairwise = len / sizeof(u32); 3609 3610 if (len % sizeof(u32)) 3611 return -EINVAL; 3612 3613 if (settings->n_ciphers_pairwise > cipher_limit) 3614 return -EINVAL; 3615 3616 memcpy(settings->ciphers_pairwise, data, len); 3617 3618 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3619 if (!nl80211_valid_cipher_suite( 3620 settings->ciphers_pairwise[i])) 3621 return -EINVAL; 3622 } 3623 3624 if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) { 3625 settings->cipher_group = 3626 nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]); 3627 if (!nl80211_valid_cipher_suite(settings->cipher_group)) 3628 return -EINVAL; 3629 } 3630 3631 if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) { 3632 settings->wpa_versions = 3633 nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]); 3634 if (!nl80211_valid_wpa_versions(settings->wpa_versions)) 3635 return -EINVAL; 3636 } 3637 3638 if (info->attrs[NL80211_ATTR_AKM_SUITES]) { 3639 void *data; 3640 int len, i; 3641 3642 data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]); 3643 len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]); 3644 settings->n_akm_suites = len / sizeof(u32); 3645 3646 if (len % sizeof(u32)) 3647 return -EINVAL; 3648 3649 memcpy(settings->akm_suites, data, len); 3650 3651 for (i = 0; i < settings->n_ciphers_pairwise; i++) 3652 if (!nl80211_valid_akm_suite(settings->akm_suites[i])) 3653 return -EINVAL; 3654 } 3655 3656 return 0; 3657 } 3658 3659 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info) 3660 { 3661 struct cfg80211_registered_device *rdev; 3662 struct net_device *dev; 3663 struct cfg80211_crypto_settings crypto; 3664 struct ieee80211_channel *chan; 3665 const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL; 3666 int err, ssid_len, ie_len = 0; 3667 bool use_mfp = false; 3668 3669 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3670 return -EINVAL; 3671 3672 if (!info->attrs[NL80211_ATTR_MAC] || 3673 !info->attrs[NL80211_ATTR_SSID] || 3674 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 3675 return -EINVAL; 3676 3677 rtnl_lock(); 3678 3679 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3680 if (err) 3681 goto unlock_rtnl; 3682 3683 if (!rdev->ops->assoc) { 3684 err = -EOPNOTSUPP; 3685 goto out; 3686 } 3687 3688 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3689 err = -EOPNOTSUPP; 3690 goto out; 3691 } 3692 3693 if (!netif_running(dev)) { 3694 err = -ENETDOWN; 3695 goto out; 3696 } 3697 3698 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3699 3700 chan = ieee80211_get_channel(&rdev->wiphy, 3701 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3702 if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED)) { 3703 err = -EINVAL; 3704 goto out; 3705 } 3706 3707 ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3708 ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3709 3710 if (info->attrs[NL80211_ATTR_IE]) { 3711 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3712 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3713 } 3714 3715 if (info->attrs[NL80211_ATTR_USE_MFP]) { 3716 enum nl80211_mfp mfp = 3717 nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]); 3718 if (mfp == NL80211_MFP_REQUIRED) 3719 use_mfp = true; 3720 else if (mfp != NL80211_MFP_NO) { 3721 err = -EINVAL; 3722 goto out; 3723 } 3724 } 3725 3726 if (info->attrs[NL80211_ATTR_PREV_BSSID]) 3727 prev_bssid = nla_data(info->attrs[NL80211_ATTR_PREV_BSSID]); 3728 3729 err = nl80211_crypto_settings(info, &crypto, 1); 3730 if (!err) 3731 err = cfg80211_mlme_assoc(rdev, dev, chan, bssid, prev_bssid, 3732 ssid, ssid_len, ie, ie_len, use_mfp, 3733 &crypto); 3734 3735 out: 3736 cfg80211_unlock_rdev(rdev); 3737 dev_put(dev); 3738 unlock_rtnl: 3739 rtnl_unlock(); 3740 return err; 3741 } 3742 3743 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info) 3744 { 3745 struct cfg80211_registered_device *rdev; 3746 struct net_device *dev; 3747 const u8 *ie = NULL, *bssid; 3748 int err, ie_len = 0; 3749 u16 reason_code; 3750 bool local_state_change; 3751 3752 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3753 return -EINVAL; 3754 3755 if (!info->attrs[NL80211_ATTR_MAC]) 3756 return -EINVAL; 3757 3758 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3759 return -EINVAL; 3760 3761 rtnl_lock(); 3762 3763 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3764 if (err) 3765 goto unlock_rtnl; 3766 3767 if (!rdev->ops->deauth) { 3768 err = -EOPNOTSUPP; 3769 goto out; 3770 } 3771 3772 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3773 err = -EOPNOTSUPP; 3774 goto out; 3775 } 3776 3777 if (!netif_running(dev)) { 3778 err = -ENETDOWN; 3779 goto out; 3780 } 3781 3782 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3783 3784 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3785 if (reason_code == 0) { 3786 /* Reason Code 0 is reserved */ 3787 err = -EINVAL; 3788 goto out; 3789 } 3790 3791 if (info->attrs[NL80211_ATTR_IE]) { 3792 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3793 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3794 } 3795 3796 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3797 3798 err = cfg80211_mlme_deauth(rdev, dev, bssid, ie, ie_len, reason_code, 3799 local_state_change); 3800 3801 out: 3802 cfg80211_unlock_rdev(rdev); 3803 dev_put(dev); 3804 unlock_rtnl: 3805 rtnl_unlock(); 3806 return err; 3807 } 3808 3809 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info) 3810 { 3811 struct cfg80211_registered_device *rdev; 3812 struct net_device *dev; 3813 const u8 *ie = NULL, *bssid; 3814 int err, ie_len = 0; 3815 u16 reason_code; 3816 bool local_state_change; 3817 3818 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3819 return -EINVAL; 3820 3821 if (!info->attrs[NL80211_ATTR_MAC]) 3822 return -EINVAL; 3823 3824 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 3825 return -EINVAL; 3826 3827 rtnl_lock(); 3828 3829 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3830 if (err) 3831 goto unlock_rtnl; 3832 3833 if (!rdev->ops->disassoc) { 3834 err = -EOPNOTSUPP; 3835 goto out; 3836 } 3837 3838 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 3839 err = -EOPNOTSUPP; 3840 goto out; 3841 } 3842 3843 if (!netif_running(dev)) { 3844 err = -ENETDOWN; 3845 goto out; 3846 } 3847 3848 bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3849 3850 reason_code = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 3851 if (reason_code == 0) { 3852 /* Reason Code 0 is reserved */ 3853 err = -EINVAL; 3854 goto out; 3855 } 3856 3857 if (info->attrs[NL80211_ATTR_IE]) { 3858 ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3859 ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3860 } 3861 3862 local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE]; 3863 3864 err = cfg80211_mlme_disassoc(rdev, dev, bssid, ie, ie_len, reason_code, 3865 local_state_change); 3866 3867 out: 3868 cfg80211_unlock_rdev(rdev); 3869 dev_put(dev); 3870 unlock_rtnl: 3871 rtnl_unlock(); 3872 return err; 3873 } 3874 3875 static int nl80211_join_ibss(struct sk_buff *skb, struct genl_info *info) 3876 { 3877 struct cfg80211_registered_device *rdev; 3878 struct net_device *dev; 3879 struct cfg80211_ibss_params ibss; 3880 struct wiphy *wiphy; 3881 struct cfg80211_cached_keys *connkeys = NULL; 3882 int err; 3883 3884 memset(&ibss, 0, sizeof(ibss)); 3885 3886 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 3887 return -EINVAL; 3888 3889 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 3890 !info->attrs[NL80211_ATTR_SSID] || 3891 !nla_len(info->attrs[NL80211_ATTR_SSID])) 3892 return -EINVAL; 3893 3894 ibss.beacon_interval = 100; 3895 3896 if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) { 3897 ibss.beacon_interval = 3898 nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]); 3899 if (ibss.beacon_interval < 1 || ibss.beacon_interval > 10000) 3900 return -EINVAL; 3901 } 3902 3903 rtnl_lock(); 3904 3905 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3906 if (err) 3907 goto unlock_rtnl; 3908 3909 if (!rdev->ops->join_ibss) { 3910 err = -EOPNOTSUPP; 3911 goto out; 3912 } 3913 3914 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3915 err = -EOPNOTSUPP; 3916 goto out; 3917 } 3918 3919 if (!netif_running(dev)) { 3920 err = -ENETDOWN; 3921 goto out; 3922 } 3923 3924 wiphy = &rdev->wiphy; 3925 3926 if (info->attrs[NL80211_ATTR_MAC]) 3927 ibss.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 3928 ibss.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 3929 ibss.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 3930 3931 if (info->attrs[NL80211_ATTR_IE]) { 3932 ibss.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 3933 ibss.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 3934 } 3935 3936 ibss.channel = ieee80211_get_channel(wiphy, 3937 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 3938 if (!ibss.channel || 3939 ibss.channel->flags & IEEE80211_CHAN_NO_IBSS || 3940 ibss.channel->flags & IEEE80211_CHAN_DISABLED) { 3941 err = -EINVAL; 3942 goto out; 3943 } 3944 3945 ibss.channel_fixed = !!info->attrs[NL80211_ATTR_FREQ_FIXED]; 3946 ibss.privacy = !!info->attrs[NL80211_ATTR_PRIVACY]; 3947 3948 if (ibss.privacy && info->attrs[NL80211_ATTR_KEYS]) { 3949 connkeys = nl80211_parse_connkeys(rdev, 3950 info->attrs[NL80211_ATTR_KEYS]); 3951 if (IS_ERR(connkeys)) { 3952 err = PTR_ERR(connkeys); 3953 connkeys = NULL; 3954 goto out; 3955 } 3956 } 3957 3958 err = cfg80211_join_ibss(rdev, dev, &ibss, connkeys); 3959 3960 out: 3961 cfg80211_unlock_rdev(rdev); 3962 dev_put(dev); 3963 unlock_rtnl: 3964 if (err) 3965 kfree(connkeys); 3966 rtnl_unlock(); 3967 return err; 3968 } 3969 3970 static int nl80211_leave_ibss(struct sk_buff *skb, struct genl_info *info) 3971 { 3972 struct cfg80211_registered_device *rdev; 3973 struct net_device *dev; 3974 int err; 3975 3976 rtnl_lock(); 3977 3978 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 3979 if (err) 3980 goto unlock_rtnl; 3981 3982 if (!rdev->ops->leave_ibss) { 3983 err = -EOPNOTSUPP; 3984 goto out; 3985 } 3986 3987 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_ADHOC) { 3988 err = -EOPNOTSUPP; 3989 goto out; 3990 } 3991 3992 if (!netif_running(dev)) { 3993 err = -ENETDOWN; 3994 goto out; 3995 } 3996 3997 err = cfg80211_leave_ibss(rdev, dev, false); 3998 3999 out: 4000 cfg80211_unlock_rdev(rdev); 4001 dev_put(dev); 4002 unlock_rtnl: 4003 rtnl_unlock(); 4004 return err; 4005 } 4006 4007 #ifdef CONFIG_NL80211_TESTMODE 4008 static struct genl_multicast_group nl80211_testmode_mcgrp = { 4009 .name = "testmode", 4010 }; 4011 4012 static int nl80211_testmode_do(struct sk_buff *skb, struct genl_info *info) 4013 { 4014 struct cfg80211_registered_device *rdev; 4015 int err; 4016 4017 if (!info->attrs[NL80211_ATTR_TESTDATA]) 4018 return -EINVAL; 4019 4020 rtnl_lock(); 4021 4022 rdev = cfg80211_get_dev_from_info(info); 4023 if (IS_ERR(rdev)) { 4024 err = PTR_ERR(rdev); 4025 goto unlock_rtnl; 4026 } 4027 4028 err = -EOPNOTSUPP; 4029 if (rdev->ops->testmode_cmd) { 4030 rdev->testmode_info = info; 4031 err = rdev->ops->testmode_cmd(&rdev->wiphy, 4032 nla_data(info->attrs[NL80211_ATTR_TESTDATA]), 4033 nla_len(info->attrs[NL80211_ATTR_TESTDATA])); 4034 rdev->testmode_info = NULL; 4035 } 4036 4037 cfg80211_unlock_rdev(rdev); 4038 4039 unlock_rtnl: 4040 rtnl_unlock(); 4041 return err; 4042 } 4043 4044 static struct sk_buff * 4045 __cfg80211_testmode_alloc_skb(struct cfg80211_registered_device *rdev, 4046 int approxlen, u32 pid, u32 seq, gfp_t gfp) 4047 { 4048 struct sk_buff *skb; 4049 void *hdr; 4050 struct nlattr *data; 4051 4052 skb = nlmsg_new(approxlen + 100, gfp); 4053 if (!skb) 4054 return NULL; 4055 4056 hdr = nl80211hdr_put(skb, pid, seq, 0, NL80211_CMD_TESTMODE); 4057 if (!hdr) { 4058 kfree_skb(skb); 4059 return NULL; 4060 } 4061 4062 NLA_PUT_U32(skb, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 4063 data = nla_nest_start(skb, NL80211_ATTR_TESTDATA); 4064 4065 ((void **)skb->cb)[0] = rdev; 4066 ((void **)skb->cb)[1] = hdr; 4067 ((void **)skb->cb)[2] = data; 4068 4069 return skb; 4070 4071 nla_put_failure: 4072 kfree_skb(skb); 4073 return NULL; 4074 } 4075 4076 struct sk_buff *cfg80211_testmode_alloc_reply_skb(struct wiphy *wiphy, 4077 int approxlen) 4078 { 4079 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4080 4081 if (WARN_ON(!rdev->testmode_info)) 4082 return NULL; 4083 4084 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 4085 rdev->testmode_info->snd_pid, 4086 rdev->testmode_info->snd_seq, 4087 GFP_KERNEL); 4088 } 4089 EXPORT_SYMBOL(cfg80211_testmode_alloc_reply_skb); 4090 4091 int cfg80211_testmode_reply(struct sk_buff *skb) 4092 { 4093 struct cfg80211_registered_device *rdev = ((void **)skb->cb)[0]; 4094 void *hdr = ((void **)skb->cb)[1]; 4095 struct nlattr *data = ((void **)skb->cb)[2]; 4096 4097 if (WARN_ON(!rdev->testmode_info)) { 4098 kfree_skb(skb); 4099 return -EINVAL; 4100 } 4101 4102 nla_nest_end(skb, data); 4103 genlmsg_end(skb, hdr); 4104 return genlmsg_reply(skb, rdev->testmode_info); 4105 } 4106 EXPORT_SYMBOL(cfg80211_testmode_reply); 4107 4108 struct sk_buff *cfg80211_testmode_alloc_event_skb(struct wiphy *wiphy, 4109 int approxlen, gfp_t gfp) 4110 { 4111 struct cfg80211_registered_device *rdev = wiphy_to_dev(wiphy); 4112 4113 return __cfg80211_testmode_alloc_skb(rdev, approxlen, 0, 0, gfp); 4114 } 4115 EXPORT_SYMBOL(cfg80211_testmode_alloc_event_skb); 4116 4117 void cfg80211_testmode_event(struct sk_buff *skb, gfp_t gfp) 4118 { 4119 void *hdr = ((void **)skb->cb)[1]; 4120 struct nlattr *data = ((void **)skb->cb)[2]; 4121 4122 nla_nest_end(skb, data); 4123 genlmsg_end(skb, hdr); 4124 genlmsg_multicast(skb, 0, nl80211_testmode_mcgrp.id, gfp); 4125 } 4126 EXPORT_SYMBOL(cfg80211_testmode_event); 4127 #endif 4128 4129 static int nl80211_connect(struct sk_buff *skb, struct genl_info *info) 4130 { 4131 struct cfg80211_registered_device *rdev; 4132 struct net_device *dev; 4133 struct cfg80211_connect_params connect; 4134 struct wiphy *wiphy; 4135 struct cfg80211_cached_keys *connkeys = NULL; 4136 int err; 4137 4138 memset(&connect, 0, sizeof(connect)); 4139 4140 if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE])) 4141 return -EINVAL; 4142 4143 if (!info->attrs[NL80211_ATTR_SSID] || 4144 !nla_len(info->attrs[NL80211_ATTR_SSID])) 4145 return -EINVAL; 4146 4147 if (info->attrs[NL80211_ATTR_AUTH_TYPE]) { 4148 connect.auth_type = 4149 nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]); 4150 if (!nl80211_valid_auth_type(connect.auth_type)) 4151 return -EINVAL; 4152 } else 4153 connect.auth_type = NL80211_AUTHTYPE_AUTOMATIC; 4154 4155 connect.privacy = info->attrs[NL80211_ATTR_PRIVACY]; 4156 4157 err = nl80211_crypto_settings(info, &connect.crypto, 4158 NL80211_MAX_NR_CIPHER_SUITES); 4159 if (err) 4160 return err; 4161 rtnl_lock(); 4162 4163 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4164 if (err) 4165 goto unlock_rtnl; 4166 4167 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4168 err = -EOPNOTSUPP; 4169 goto out; 4170 } 4171 4172 if (!netif_running(dev)) { 4173 err = -ENETDOWN; 4174 goto out; 4175 } 4176 4177 wiphy = &rdev->wiphy; 4178 4179 if (info->attrs[NL80211_ATTR_MAC]) 4180 connect.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4181 connect.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]); 4182 connect.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]); 4183 4184 if (info->attrs[NL80211_ATTR_IE]) { 4185 connect.ie = nla_data(info->attrs[NL80211_ATTR_IE]); 4186 connect.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]); 4187 } 4188 4189 if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) { 4190 connect.channel = 4191 ieee80211_get_channel(wiphy, 4192 nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ])); 4193 if (!connect.channel || 4194 connect.channel->flags & IEEE80211_CHAN_DISABLED) { 4195 err = -EINVAL; 4196 goto out; 4197 } 4198 } 4199 4200 if (connect.privacy && info->attrs[NL80211_ATTR_KEYS]) { 4201 connkeys = nl80211_parse_connkeys(rdev, 4202 info->attrs[NL80211_ATTR_KEYS]); 4203 if (IS_ERR(connkeys)) { 4204 err = PTR_ERR(connkeys); 4205 connkeys = NULL; 4206 goto out; 4207 } 4208 } 4209 4210 err = cfg80211_connect(rdev, dev, &connect, connkeys); 4211 4212 out: 4213 cfg80211_unlock_rdev(rdev); 4214 dev_put(dev); 4215 unlock_rtnl: 4216 if (err) 4217 kfree(connkeys); 4218 rtnl_unlock(); 4219 return err; 4220 } 4221 4222 static int nl80211_disconnect(struct sk_buff *skb, struct genl_info *info) 4223 { 4224 struct cfg80211_registered_device *rdev; 4225 struct net_device *dev; 4226 int err; 4227 u16 reason; 4228 4229 if (!info->attrs[NL80211_ATTR_REASON_CODE]) 4230 reason = WLAN_REASON_DEAUTH_LEAVING; 4231 else 4232 reason = nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]); 4233 4234 if (reason == 0) 4235 return -EINVAL; 4236 4237 rtnl_lock(); 4238 4239 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4240 if (err) 4241 goto unlock_rtnl; 4242 4243 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4244 err = -EOPNOTSUPP; 4245 goto out; 4246 } 4247 4248 if (!netif_running(dev)) { 4249 err = -ENETDOWN; 4250 goto out; 4251 } 4252 4253 err = cfg80211_disconnect(rdev, dev, reason, true); 4254 4255 out: 4256 cfg80211_unlock_rdev(rdev); 4257 dev_put(dev); 4258 unlock_rtnl: 4259 rtnl_unlock(); 4260 return err; 4261 } 4262 4263 static int nl80211_wiphy_netns(struct sk_buff *skb, struct genl_info *info) 4264 { 4265 struct cfg80211_registered_device *rdev; 4266 struct net *net; 4267 int err; 4268 u32 pid; 4269 4270 if (!info->attrs[NL80211_ATTR_PID]) 4271 return -EINVAL; 4272 4273 pid = nla_get_u32(info->attrs[NL80211_ATTR_PID]); 4274 4275 rtnl_lock(); 4276 4277 rdev = cfg80211_get_dev_from_info(info); 4278 if (IS_ERR(rdev)) { 4279 err = PTR_ERR(rdev); 4280 goto out_rtnl; 4281 } 4282 4283 net = get_net_ns_by_pid(pid); 4284 if (IS_ERR(net)) { 4285 err = PTR_ERR(net); 4286 goto out; 4287 } 4288 4289 err = 0; 4290 4291 /* check if anything to do */ 4292 if (net_eq(wiphy_net(&rdev->wiphy), net)) 4293 goto out_put_net; 4294 4295 err = cfg80211_switch_netns(rdev, net); 4296 out_put_net: 4297 put_net(net); 4298 out: 4299 cfg80211_unlock_rdev(rdev); 4300 out_rtnl: 4301 rtnl_unlock(); 4302 return err; 4303 } 4304 4305 static int nl80211_setdel_pmksa(struct sk_buff *skb, struct genl_info *info) 4306 { 4307 struct cfg80211_registered_device *rdev; 4308 int (*rdev_ops)(struct wiphy *wiphy, struct net_device *dev, 4309 struct cfg80211_pmksa *pmksa) = NULL; 4310 int err; 4311 struct net_device *dev; 4312 struct cfg80211_pmksa pmksa; 4313 4314 memset(&pmksa, 0, sizeof(struct cfg80211_pmksa)); 4315 4316 if (!info->attrs[NL80211_ATTR_MAC]) 4317 return -EINVAL; 4318 4319 if (!info->attrs[NL80211_ATTR_PMKID]) 4320 return -EINVAL; 4321 4322 rtnl_lock(); 4323 4324 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4325 if (err) 4326 goto out_rtnl; 4327 4328 pmksa.pmkid = nla_data(info->attrs[NL80211_ATTR_PMKID]); 4329 pmksa.bssid = nla_data(info->attrs[NL80211_ATTR_MAC]); 4330 4331 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4332 err = -EOPNOTSUPP; 4333 goto out; 4334 } 4335 4336 switch (info->genlhdr->cmd) { 4337 case NL80211_CMD_SET_PMKSA: 4338 rdev_ops = rdev->ops->set_pmksa; 4339 break; 4340 case NL80211_CMD_DEL_PMKSA: 4341 rdev_ops = rdev->ops->del_pmksa; 4342 break; 4343 default: 4344 WARN_ON(1); 4345 break; 4346 } 4347 4348 if (!rdev_ops) { 4349 err = -EOPNOTSUPP; 4350 goto out; 4351 } 4352 4353 err = rdev_ops(&rdev->wiphy, dev, &pmksa); 4354 4355 out: 4356 cfg80211_unlock_rdev(rdev); 4357 dev_put(dev); 4358 out_rtnl: 4359 rtnl_unlock(); 4360 4361 return err; 4362 } 4363 4364 static int nl80211_flush_pmksa(struct sk_buff *skb, struct genl_info *info) 4365 { 4366 struct cfg80211_registered_device *rdev; 4367 int err; 4368 struct net_device *dev; 4369 4370 rtnl_lock(); 4371 4372 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4373 if (err) 4374 goto out_rtnl; 4375 4376 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4377 err = -EOPNOTSUPP; 4378 goto out; 4379 } 4380 4381 if (!rdev->ops->flush_pmksa) { 4382 err = -EOPNOTSUPP; 4383 goto out; 4384 } 4385 4386 err = rdev->ops->flush_pmksa(&rdev->wiphy, dev); 4387 4388 out: 4389 cfg80211_unlock_rdev(rdev); 4390 dev_put(dev); 4391 out_rtnl: 4392 rtnl_unlock(); 4393 4394 return err; 4395 4396 } 4397 4398 static int nl80211_remain_on_channel(struct sk_buff *skb, 4399 struct genl_info *info) 4400 { 4401 struct cfg80211_registered_device *rdev; 4402 struct net_device *dev; 4403 struct ieee80211_channel *chan; 4404 struct sk_buff *msg; 4405 void *hdr; 4406 u64 cookie; 4407 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4408 u32 freq, duration; 4409 int err; 4410 4411 if (!info->attrs[NL80211_ATTR_WIPHY_FREQ] || 4412 !info->attrs[NL80211_ATTR_DURATION]) 4413 return -EINVAL; 4414 4415 duration = nla_get_u32(info->attrs[NL80211_ATTR_DURATION]); 4416 4417 /* 4418 * We should be on that channel for at least one jiffie, 4419 * and more than 5 seconds seems excessive. 4420 */ 4421 if (!duration || !msecs_to_jiffies(duration) || duration > 5000) 4422 return -EINVAL; 4423 4424 rtnl_lock(); 4425 4426 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4427 if (err) 4428 goto unlock_rtnl; 4429 4430 if (!rdev->ops->remain_on_channel) { 4431 err = -EOPNOTSUPP; 4432 goto out; 4433 } 4434 4435 if (!netif_running(dev)) { 4436 err = -ENETDOWN; 4437 goto out; 4438 } 4439 4440 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4441 channel_type = nla_get_u32( 4442 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4443 if (channel_type != NL80211_CHAN_NO_HT && 4444 channel_type != NL80211_CHAN_HT20 && 4445 channel_type != NL80211_CHAN_HT40PLUS && 4446 channel_type != NL80211_CHAN_HT40MINUS) { 4447 err = -EINVAL; 4448 goto out; 4449 } 4450 } 4451 4452 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4453 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4454 if (chan == NULL) { 4455 err = -EINVAL; 4456 goto out; 4457 } 4458 4459 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4460 if (!msg) { 4461 err = -ENOMEM; 4462 goto out; 4463 } 4464 4465 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4466 NL80211_CMD_REMAIN_ON_CHANNEL); 4467 4468 if (IS_ERR(hdr)) { 4469 err = PTR_ERR(hdr); 4470 goto free_msg; 4471 } 4472 4473 err = rdev->ops->remain_on_channel(&rdev->wiphy, dev, chan, 4474 channel_type, duration, &cookie); 4475 4476 if (err) 4477 goto free_msg; 4478 4479 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4480 4481 genlmsg_end(msg, hdr); 4482 err = genlmsg_reply(msg, info); 4483 goto out; 4484 4485 nla_put_failure: 4486 err = -ENOBUFS; 4487 free_msg: 4488 nlmsg_free(msg); 4489 out: 4490 cfg80211_unlock_rdev(rdev); 4491 dev_put(dev); 4492 unlock_rtnl: 4493 rtnl_unlock(); 4494 return err; 4495 } 4496 4497 static int nl80211_cancel_remain_on_channel(struct sk_buff *skb, 4498 struct genl_info *info) 4499 { 4500 struct cfg80211_registered_device *rdev; 4501 struct net_device *dev; 4502 u64 cookie; 4503 int err; 4504 4505 if (!info->attrs[NL80211_ATTR_COOKIE]) 4506 return -EINVAL; 4507 4508 rtnl_lock(); 4509 4510 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4511 if (err) 4512 goto unlock_rtnl; 4513 4514 if (!rdev->ops->cancel_remain_on_channel) { 4515 err = -EOPNOTSUPP; 4516 goto out; 4517 } 4518 4519 if (!netif_running(dev)) { 4520 err = -ENETDOWN; 4521 goto out; 4522 } 4523 4524 cookie = nla_get_u64(info->attrs[NL80211_ATTR_COOKIE]); 4525 4526 err = rdev->ops->cancel_remain_on_channel(&rdev->wiphy, dev, cookie); 4527 4528 out: 4529 cfg80211_unlock_rdev(rdev); 4530 dev_put(dev); 4531 unlock_rtnl: 4532 rtnl_unlock(); 4533 return err; 4534 } 4535 4536 static u32 rateset_to_mask(struct ieee80211_supported_band *sband, 4537 u8 *rates, u8 rates_len) 4538 { 4539 u8 i; 4540 u32 mask = 0; 4541 4542 for (i = 0; i < rates_len; i++) { 4543 int rate = (rates[i] & 0x7f) * 5; 4544 int ridx; 4545 for (ridx = 0; ridx < sband->n_bitrates; ridx++) { 4546 struct ieee80211_rate *srate = 4547 &sband->bitrates[ridx]; 4548 if (rate == srate->bitrate) { 4549 mask |= 1 << ridx; 4550 break; 4551 } 4552 } 4553 if (ridx == sband->n_bitrates) 4554 return 0; /* rate not found */ 4555 } 4556 4557 return mask; 4558 } 4559 4560 static const struct nla_policy nl80211_txattr_policy[NL80211_TXRATE_MAX + 1] = { 4561 [NL80211_TXRATE_LEGACY] = { .type = NLA_BINARY, 4562 .len = NL80211_MAX_SUPP_RATES }, 4563 }; 4564 4565 static int nl80211_set_tx_bitrate_mask(struct sk_buff *skb, 4566 struct genl_info *info) 4567 { 4568 struct nlattr *tb[NL80211_TXRATE_MAX + 1]; 4569 struct cfg80211_registered_device *rdev; 4570 struct cfg80211_bitrate_mask mask; 4571 int err, rem, i; 4572 struct net_device *dev; 4573 struct nlattr *tx_rates; 4574 struct ieee80211_supported_band *sband; 4575 4576 if (info->attrs[NL80211_ATTR_TX_RATES] == NULL) 4577 return -EINVAL; 4578 4579 rtnl_lock(); 4580 4581 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4582 if (err) 4583 goto unlock_rtnl; 4584 4585 if (!rdev->ops->set_bitrate_mask) { 4586 err = -EOPNOTSUPP; 4587 goto unlock; 4588 } 4589 4590 memset(&mask, 0, sizeof(mask)); 4591 /* Default to all rates enabled */ 4592 for (i = 0; i < IEEE80211_NUM_BANDS; i++) { 4593 sband = rdev->wiphy.bands[i]; 4594 mask.control[i].legacy = 4595 sband ? (1 << sband->n_bitrates) - 1 : 0; 4596 } 4597 4598 /* 4599 * The nested attribute uses enum nl80211_band as the index. This maps 4600 * directly to the enum ieee80211_band values used in cfg80211. 4601 */ 4602 nla_for_each_nested(tx_rates, info->attrs[NL80211_ATTR_TX_RATES], rem) 4603 { 4604 enum ieee80211_band band = nla_type(tx_rates); 4605 if (band < 0 || band >= IEEE80211_NUM_BANDS) { 4606 err = -EINVAL; 4607 goto unlock; 4608 } 4609 sband = rdev->wiphy.bands[band]; 4610 if (sband == NULL) { 4611 err = -EINVAL; 4612 goto unlock; 4613 } 4614 nla_parse(tb, NL80211_TXRATE_MAX, nla_data(tx_rates), 4615 nla_len(tx_rates), nl80211_txattr_policy); 4616 if (tb[NL80211_TXRATE_LEGACY]) { 4617 mask.control[band].legacy = rateset_to_mask( 4618 sband, 4619 nla_data(tb[NL80211_TXRATE_LEGACY]), 4620 nla_len(tb[NL80211_TXRATE_LEGACY])); 4621 if (mask.control[band].legacy == 0) { 4622 err = -EINVAL; 4623 goto unlock; 4624 } 4625 } 4626 } 4627 4628 err = rdev->ops->set_bitrate_mask(&rdev->wiphy, dev, NULL, &mask); 4629 4630 unlock: 4631 dev_put(dev); 4632 cfg80211_unlock_rdev(rdev); 4633 unlock_rtnl: 4634 rtnl_unlock(); 4635 return err; 4636 } 4637 4638 static int nl80211_register_action(struct sk_buff *skb, struct genl_info *info) 4639 { 4640 struct cfg80211_registered_device *rdev; 4641 struct net_device *dev; 4642 int err; 4643 4644 if (!info->attrs[NL80211_ATTR_FRAME_MATCH]) 4645 return -EINVAL; 4646 4647 if (nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH]) < 1) 4648 return -EINVAL; 4649 4650 rtnl_lock(); 4651 4652 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4653 if (err) 4654 goto unlock_rtnl; 4655 4656 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4657 err = -EOPNOTSUPP; 4658 goto out; 4659 } 4660 4661 /* not much point in registering if we can't reply */ 4662 if (!rdev->ops->action) { 4663 err = -EOPNOTSUPP; 4664 goto out; 4665 } 4666 4667 err = cfg80211_mlme_register_action(dev->ieee80211_ptr, info->snd_pid, 4668 nla_data(info->attrs[NL80211_ATTR_FRAME_MATCH]), 4669 nla_len(info->attrs[NL80211_ATTR_FRAME_MATCH])); 4670 out: 4671 cfg80211_unlock_rdev(rdev); 4672 dev_put(dev); 4673 unlock_rtnl: 4674 rtnl_unlock(); 4675 return err; 4676 } 4677 4678 static int nl80211_action(struct sk_buff *skb, struct genl_info *info) 4679 { 4680 struct cfg80211_registered_device *rdev; 4681 struct net_device *dev; 4682 struct ieee80211_channel *chan; 4683 enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT; 4684 u32 freq; 4685 int err; 4686 void *hdr; 4687 u64 cookie; 4688 struct sk_buff *msg; 4689 4690 if (!info->attrs[NL80211_ATTR_FRAME] || 4691 !info->attrs[NL80211_ATTR_WIPHY_FREQ]) 4692 return -EINVAL; 4693 4694 rtnl_lock(); 4695 4696 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4697 if (err) 4698 goto unlock_rtnl; 4699 4700 if (!rdev->ops->action) { 4701 err = -EOPNOTSUPP; 4702 goto out; 4703 } 4704 4705 if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) { 4706 err = -EOPNOTSUPP; 4707 goto out; 4708 } 4709 4710 if (!netif_running(dev)) { 4711 err = -ENETDOWN; 4712 goto out; 4713 } 4714 4715 if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) { 4716 channel_type = nla_get_u32( 4717 info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]); 4718 if (channel_type != NL80211_CHAN_NO_HT && 4719 channel_type != NL80211_CHAN_HT20 && 4720 channel_type != NL80211_CHAN_HT40PLUS && 4721 channel_type != NL80211_CHAN_HT40MINUS) { 4722 err = -EINVAL; 4723 goto out; 4724 } 4725 } 4726 4727 freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]); 4728 chan = rdev_freq_to_chan(rdev, freq, channel_type); 4729 if (chan == NULL) { 4730 err = -EINVAL; 4731 goto out; 4732 } 4733 4734 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4735 if (!msg) { 4736 err = -ENOMEM; 4737 goto out; 4738 } 4739 4740 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4741 NL80211_CMD_ACTION); 4742 4743 if (IS_ERR(hdr)) { 4744 err = PTR_ERR(hdr); 4745 goto free_msg; 4746 } 4747 err = cfg80211_mlme_action(rdev, dev, chan, channel_type, 4748 nla_data(info->attrs[NL80211_ATTR_FRAME]), 4749 nla_len(info->attrs[NL80211_ATTR_FRAME]), 4750 &cookie); 4751 if (err) 4752 goto free_msg; 4753 4754 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 4755 4756 genlmsg_end(msg, hdr); 4757 err = genlmsg_reply(msg, info); 4758 goto out; 4759 4760 nla_put_failure: 4761 err = -ENOBUFS; 4762 free_msg: 4763 nlmsg_free(msg); 4764 out: 4765 cfg80211_unlock_rdev(rdev); 4766 dev_put(dev); 4767 unlock_rtnl: 4768 rtnl_unlock(); 4769 return err; 4770 } 4771 4772 static int nl80211_set_power_save(struct sk_buff *skb, struct genl_info *info) 4773 { 4774 struct cfg80211_registered_device *rdev; 4775 struct wireless_dev *wdev; 4776 struct net_device *dev; 4777 u8 ps_state; 4778 bool state; 4779 int err; 4780 4781 if (!info->attrs[NL80211_ATTR_PS_STATE]) { 4782 err = -EINVAL; 4783 goto out; 4784 } 4785 4786 ps_state = nla_get_u32(info->attrs[NL80211_ATTR_PS_STATE]); 4787 4788 if (ps_state != NL80211_PS_DISABLED && ps_state != NL80211_PS_ENABLED) { 4789 err = -EINVAL; 4790 goto out; 4791 } 4792 4793 rtnl_lock(); 4794 4795 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4796 if (err) 4797 goto unlock_rdev; 4798 4799 wdev = dev->ieee80211_ptr; 4800 4801 if (!rdev->ops->set_power_mgmt) { 4802 err = -EOPNOTSUPP; 4803 goto unlock_rdev; 4804 } 4805 4806 state = (ps_state == NL80211_PS_ENABLED) ? true : false; 4807 4808 if (state == wdev->ps) 4809 goto unlock_rdev; 4810 4811 wdev->ps = state; 4812 4813 if (rdev->ops->set_power_mgmt(wdev->wiphy, dev, wdev->ps, 4814 wdev->ps_timeout)) 4815 /* assume this means it's off */ 4816 wdev->ps = false; 4817 4818 unlock_rdev: 4819 cfg80211_unlock_rdev(rdev); 4820 dev_put(dev); 4821 rtnl_unlock(); 4822 4823 out: 4824 return err; 4825 } 4826 4827 static int nl80211_get_power_save(struct sk_buff *skb, struct genl_info *info) 4828 { 4829 struct cfg80211_registered_device *rdev; 4830 enum nl80211_ps_state ps_state; 4831 struct wireless_dev *wdev; 4832 struct net_device *dev; 4833 struct sk_buff *msg; 4834 void *hdr; 4835 int err; 4836 4837 rtnl_lock(); 4838 4839 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4840 if (err) 4841 goto unlock_rtnl; 4842 4843 wdev = dev->ieee80211_ptr; 4844 4845 if (!rdev->ops->set_power_mgmt) { 4846 err = -EOPNOTSUPP; 4847 goto out; 4848 } 4849 4850 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 4851 if (!msg) { 4852 err = -ENOMEM; 4853 goto out; 4854 } 4855 4856 hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0, 4857 NL80211_CMD_GET_POWER_SAVE); 4858 if (!hdr) { 4859 err = -ENOMEM; 4860 goto free_msg; 4861 } 4862 4863 if (wdev->ps) 4864 ps_state = NL80211_PS_ENABLED; 4865 else 4866 ps_state = NL80211_PS_DISABLED; 4867 4868 NLA_PUT_U32(msg, NL80211_ATTR_PS_STATE, ps_state); 4869 4870 genlmsg_end(msg, hdr); 4871 err = genlmsg_reply(msg, info); 4872 goto out; 4873 4874 nla_put_failure: 4875 err = -ENOBUFS; 4876 4877 free_msg: 4878 nlmsg_free(msg); 4879 4880 out: 4881 cfg80211_unlock_rdev(rdev); 4882 dev_put(dev); 4883 4884 unlock_rtnl: 4885 rtnl_unlock(); 4886 4887 return err; 4888 } 4889 4890 static struct nla_policy 4891 nl80211_attr_cqm_policy[NL80211_ATTR_CQM_MAX + 1] __read_mostly = { 4892 [NL80211_ATTR_CQM_RSSI_THOLD] = { .type = NLA_U32 }, 4893 [NL80211_ATTR_CQM_RSSI_HYST] = { .type = NLA_U32 }, 4894 [NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT] = { .type = NLA_U32 }, 4895 }; 4896 4897 static int nl80211_set_cqm_rssi(struct genl_info *info, 4898 s32 threshold, u32 hysteresis) 4899 { 4900 struct cfg80211_registered_device *rdev; 4901 struct wireless_dev *wdev; 4902 struct net_device *dev; 4903 int err; 4904 4905 if (threshold > 0) 4906 return -EINVAL; 4907 4908 rtnl_lock(); 4909 4910 err = get_rdev_dev_by_info_ifindex(info, &rdev, &dev); 4911 if (err) 4912 goto unlock_rdev; 4913 4914 wdev = dev->ieee80211_ptr; 4915 4916 if (!rdev->ops->set_cqm_rssi_config) { 4917 err = -EOPNOTSUPP; 4918 goto unlock_rdev; 4919 } 4920 4921 if (wdev->iftype != NL80211_IFTYPE_STATION) { 4922 err = -EOPNOTSUPP; 4923 goto unlock_rdev; 4924 } 4925 4926 err = rdev->ops->set_cqm_rssi_config(wdev->wiphy, dev, 4927 threshold, hysteresis); 4928 4929 unlock_rdev: 4930 cfg80211_unlock_rdev(rdev); 4931 dev_put(dev); 4932 rtnl_unlock(); 4933 4934 return err; 4935 } 4936 4937 static int nl80211_set_cqm(struct sk_buff *skb, struct genl_info *info) 4938 { 4939 struct nlattr *attrs[NL80211_ATTR_CQM_MAX + 1]; 4940 struct nlattr *cqm; 4941 int err; 4942 4943 cqm = info->attrs[NL80211_ATTR_CQM]; 4944 if (!cqm) { 4945 err = -EINVAL; 4946 goto out; 4947 } 4948 4949 err = nla_parse_nested(attrs, NL80211_ATTR_CQM_MAX, cqm, 4950 nl80211_attr_cqm_policy); 4951 if (err) 4952 goto out; 4953 4954 if (attrs[NL80211_ATTR_CQM_RSSI_THOLD] && 4955 attrs[NL80211_ATTR_CQM_RSSI_HYST]) { 4956 s32 threshold; 4957 u32 hysteresis; 4958 threshold = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_THOLD]); 4959 hysteresis = nla_get_u32(attrs[NL80211_ATTR_CQM_RSSI_HYST]); 4960 err = nl80211_set_cqm_rssi(info, threshold, hysteresis); 4961 } else 4962 err = -EINVAL; 4963 4964 out: 4965 return err; 4966 } 4967 4968 static struct genl_ops nl80211_ops[] = { 4969 { 4970 .cmd = NL80211_CMD_GET_WIPHY, 4971 .doit = nl80211_get_wiphy, 4972 .dumpit = nl80211_dump_wiphy, 4973 .policy = nl80211_policy, 4974 /* can be retrieved by unprivileged users */ 4975 }, 4976 { 4977 .cmd = NL80211_CMD_SET_WIPHY, 4978 .doit = nl80211_set_wiphy, 4979 .policy = nl80211_policy, 4980 .flags = GENL_ADMIN_PERM, 4981 }, 4982 { 4983 .cmd = NL80211_CMD_GET_INTERFACE, 4984 .doit = nl80211_get_interface, 4985 .dumpit = nl80211_dump_interface, 4986 .policy = nl80211_policy, 4987 /* can be retrieved by unprivileged users */ 4988 }, 4989 { 4990 .cmd = NL80211_CMD_SET_INTERFACE, 4991 .doit = nl80211_set_interface, 4992 .policy = nl80211_policy, 4993 .flags = GENL_ADMIN_PERM, 4994 }, 4995 { 4996 .cmd = NL80211_CMD_NEW_INTERFACE, 4997 .doit = nl80211_new_interface, 4998 .policy = nl80211_policy, 4999 .flags = GENL_ADMIN_PERM, 5000 }, 5001 { 5002 .cmd = NL80211_CMD_DEL_INTERFACE, 5003 .doit = nl80211_del_interface, 5004 .policy = nl80211_policy, 5005 .flags = GENL_ADMIN_PERM, 5006 }, 5007 { 5008 .cmd = NL80211_CMD_GET_KEY, 5009 .doit = nl80211_get_key, 5010 .policy = nl80211_policy, 5011 .flags = GENL_ADMIN_PERM, 5012 }, 5013 { 5014 .cmd = NL80211_CMD_SET_KEY, 5015 .doit = nl80211_set_key, 5016 .policy = nl80211_policy, 5017 .flags = GENL_ADMIN_PERM, 5018 }, 5019 { 5020 .cmd = NL80211_CMD_NEW_KEY, 5021 .doit = nl80211_new_key, 5022 .policy = nl80211_policy, 5023 .flags = GENL_ADMIN_PERM, 5024 }, 5025 { 5026 .cmd = NL80211_CMD_DEL_KEY, 5027 .doit = nl80211_del_key, 5028 .policy = nl80211_policy, 5029 .flags = GENL_ADMIN_PERM, 5030 }, 5031 { 5032 .cmd = NL80211_CMD_SET_BEACON, 5033 .policy = nl80211_policy, 5034 .flags = GENL_ADMIN_PERM, 5035 .doit = nl80211_addset_beacon, 5036 }, 5037 { 5038 .cmd = NL80211_CMD_NEW_BEACON, 5039 .policy = nl80211_policy, 5040 .flags = GENL_ADMIN_PERM, 5041 .doit = nl80211_addset_beacon, 5042 }, 5043 { 5044 .cmd = NL80211_CMD_DEL_BEACON, 5045 .policy = nl80211_policy, 5046 .flags = GENL_ADMIN_PERM, 5047 .doit = nl80211_del_beacon, 5048 }, 5049 { 5050 .cmd = NL80211_CMD_GET_STATION, 5051 .doit = nl80211_get_station, 5052 .dumpit = nl80211_dump_station, 5053 .policy = nl80211_policy, 5054 }, 5055 { 5056 .cmd = NL80211_CMD_SET_STATION, 5057 .doit = nl80211_set_station, 5058 .policy = nl80211_policy, 5059 .flags = GENL_ADMIN_PERM, 5060 }, 5061 { 5062 .cmd = NL80211_CMD_NEW_STATION, 5063 .doit = nl80211_new_station, 5064 .policy = nl80211_policy, 5065 .flags = GENL_ADMIN_PERM, 5066 }, 5067 { 5068 .cmd = NL80211_CMD_DEL_STATION, 5069 .doit = nl80211_del_station, 5070 .policy = nl80211_policy, 5071 .flags = GENL_ADMIN_PERM, 5072 }, 5073 { 5074 .cmd = NL80211_CMD_GET_MPATH, 5075 .doit = nl80211_get_mpath, 5076 .dumpit = nl80211_dump_mpath, 5077 .policy = nl80211_policy, 5078 .flags = GENL_ADMIN_PERM, 5079 }, 5080 { 5081 .cmd = NL80211_CMD_SET_MPATH, 5082 .doit = nl80211_set_mpath, 5083 .policy = nl80211_policy, 5084 .flags = GENL_ADMIN_PERM, 5085 }, 5086 { 5087 .cmd = NL80211_CMD_NEW_MPATH, 5088 .doit = nl80211_new_mpath, 5089 .policy = nl80211_policy, 5090 .flags = GENL_ADMIN_PERM, 5091 }, 5092 { 5093 .cmd = NL80211_CMD_DEL_MPATH, 5094 .doit = nl80211_del_mpath, 5095 .policy = nl80211_policy, 5096 .flags = GENL_ADMIN_PERM, 5097 }, 5098 { 5099 .cmd = NL80211_CMD_SET_BSS, 5100 .doit = nl80211_set_bss, 5101 .policy = nl80211_policy, 5102 .flags = GENL_ADMIN_PERM, 5103 }, 5104 { 5105 .cmd = NL80211_CMD_GET_REG, 5106 .doit = nl80211_get_reg, 5107 .policy = nl80211_policy, 5108 /* can be retrieved by unprivileged users */ 5109 }, 5110 { 5111 .cmd = NL80211_CMD_SET_REG, 5112 .doit = nl80211_set_reg, 5113 .policy = nl80211_policy, 5114 .flags = GENL_ADMIN_PERM, 5115 }, 5116 { 5117 .cmd = NL80211_CMD_REQ_SET_REG, 5118 .doit = nl80211_req_set_reg, 5119 .policy = nl80211_policy, 5120 .flags = GENL_ADMIN_PERM, 5121 }, 5122 { 5123 .cmd = NL80211_CMD_GET_MESH_PARAMS, 5124 .doit = nl80211_get_mesh_params, 5125 .policy = nl80211_policy, 5126 /* can be retrieved by unprivileged users */ 5127 }, 5128 { 5129 .cmd = NL80211_CMD_SET_MESH_PARAMS, 5130 .doit = nl80211_set_mesh_params, 5131 .policy = nl80211_policy, 5132 .flags = GENL_ADMIN_PERM, 5133 }, 5134 { 5135 .cmd = NL80211_CMD_TRIGGER_SCAN, 5136 .doit = nl80211_trigger_scan, 5137 .policy = nl80211_policy, 5138 .flags = GENL_ADMIN_PERM, 5139 }, 5140 { 5141 .cmd = NL80211_CMD_GET_SCAN, 5142 .policy = nl80211_policy, 5143 .dumpit = nl80211_dump_scan, 5144 }, 5145 { 5146 .cmd = NL80211_CMD_AUTHENTICATE, 5147 .doit = nl80211_authenticate, 5148 .policy = nl80211_policy, 5149 .flags = GENL_ADMIN_PERM, 5150 }, 5151 { 5152 .cmd = NL80211_CMD_ASSOCIATE, 5153 .doit = nl80211_associate, 5154 .policy = nl80211_policy, 5155 .flags = GENL_ADMIN_PERM, 5156 }, 5157 { 5158 .cmd = NL80211_CMD_DEAUTHENTICATE, 5159 .doit = nl80211_deauthenticate, 5160 .policy = nl80211_policy, 5161 .flags = GENL_ADMIN_PERM, 5162 }, 5163 { 5164 .cmd = NL80211_CMD_DISASSOCIATE, 5165 .doit = nl80211_disassociate, 5166 .policy = nl80211_policy, 5167 .flags = GENL_ADMIN_PERM, 5168 }, 5169 { 5170 .cmd = NL80211_CMD_JOIN_IBSS, 5171 .doit = nl80211_join_ibss, 5172 .policy = nl80211_policy, 5173 .flags = GENL_ADMIN_PERM, 5174 }, 5175 { 5176 .cmd = NL80211_CMD_LEAVE_IBSS, 5177 .doit = nl80211_leave_ibss, 5178 .policy = nl80211_policy, 5179 .flags = GENL_ADMIN_PERM, 5180 }, 5181 #ifdef CONFIG_NL80211_TESTMODE 5182 { 5183 .cmd = NL80211_CMD_TESTMODE, 5184 .doit = nl80211_testmode_do, 5185 .policy = nl80211_policy, 5186 .flags = GENL_ADMIN_PERM, 5187 }, 5188 #endif 5189 { 5190 .cmd = NL80211_CMD_CONNECT, 5191 .doit = nl80211_connect, 5192 .policy = nl80211_policy, 5193 .flags = GENL_ADMIN_PERM, 5194 }, 5195 { 5196 .cmd = NL80211_CMD_DISCONNECT, 5197 .doit = nl80211_disconnect, 5198 .policy = nl80211_policy, 5199 .flags = GENL_ADMIN_PERM, 5200 }, 5201 { 5202 .cmd = NL80211_CMD_SET_WIPHY_NETNS, 5203 .doit = nl80211_wiphy_netns, 5204 .policy = nl80211_policy, 5205 .flags = GENL_ADMIN_PERM, 5206 }, 5207 { 5208 .cmd = NL80211_CMD_GET_SURVEY, 5209 .policy = nl80211_policy, 5210 .dumpit = nl80211_dump_survey, 5211 }, 5212 { 5213 .cmd = NL80211_CMD_SET_PMKSA, 5214 .doit = nl80211_setdel_pmksa, 5215 .policy = nl80211_policy, 5216 .flags = GENL_ADMIN_PERM, 5217 }, 5218 { 5219 .cmd = NL80211_CMD_DEL_PMKSA, 5220 .doit = nl80211_setdel_pmksa, 5221 .policy = nl80211_policy, 5222 .flags = GENL_ADMIN_PERM, 5223 }, 5224 { 5225 .cmd = NL80211_CMD_FLUSH_PMKSA, 5226 .doit = nl80211_flush_pmksa, 5227 .policy = nl80211_policy, 5228 .flags = GENL_ADMIN_PERM, 5229 }, 5230 { 5231 .cmd = NL80211_CMD_REMAIN_ON_CHANNEL, 5232 .doit = nl80211_remain_on_channel, 5233 .policy = nl80211_policy, 5234 .flags = GENL_ADMIN_PERM, 5235 }, 5236 { 5237 .cmd = NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5238 .doit = nl80211_cancel_remain_on_channel, 5239 .policy = nl80211_policy, 5240 .flags = GENL_ADMIN_PERM, 5241 }, 5242 { 5243 .cmd = NL80211_CMD_SET_TX_BITRATE_MASK, 5244 .doit = nl80211_set_tx_bitrate_mask, 5245 .policy = nl80211_policy, 5246 .flags = GENL_ADMIN_PERM, 5247 }, 5248 { 5249 .cmd = NL80211_CMD_REGISTER_ACTION, 5250 .doit = nl80211_register_action, 5251 .policy = nl80211_policy, 5252 .flags = GENL_ADMIN_PERM, 5253 }, 5254 { 5255 .cmd = NL80211_CMD_ACTION, 5256 .doit = nl80211_action, 5257 .policy = nl80211_policy, 5258 .flags = GENL_ADMIN_PERM, 5259 }, 5260 { 5261 .cmd = NL80211_CMD_SET_POWER_SAVE, 5262 .doit = nl80211_set_power_save, 5263 .policy = nl80211_policy, 5264 .flags = GENL_ADMIN_PERM, 5265 }, 5266 { 5267 .cmd = NL80211_CMD_GET_POWER_SAVE, 5268 .doit = nl80211_get_power_save, 5269 .policy = nl80211_policy, 5270 /* can be retrieved by unprivileged users */ 5271 }, 5272 { 5273 .cmd = NL80211_CMD_SET_CQM, 5274 .doit = nl80211_set_cqm, 5275 .policy = nl80211_policy, 5276 .flags = GENL_ADMIN_PERM, 5277 }, 5278 { 5279 .cmd = NL80211_CMD_SET_CHANNEL, 5280 .doit = nl80211_set_channel, 5281 .policy = nl80211_policy, 5282 .flags = GENL_ADMIN_PERM, 5283 }, 5284 }; 5285 5286 static struct genl_multicast_group nl80211_mlme_mcgrp = { 5287 .name = "mlme", 5288 }; 5289 5290 /* multicast groups */ 5291 static struct genl_multicast_group nl80211_config_mcgrp = { 5292 .name = "config", 5293 }; 5294 static struct genl_multicast_group nl80211_scan_mcgrp = { 5295 .name = "scan", 5296 }; 5297 static struct genl_multicast_group nl80211_regulatory_mcgrp = { 5298 .name = "regulatory", 5299 }; 5300 5301 /* notification functions */ 5302 5303 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev) 5304 { 5305 struct sk_buff *msg; 5306 5307 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5308 if (!msg) 5309 return; 5310 5311 if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) { 5312 nlmsg_free(msg); 5313 return; 5314 } 5315 5316 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5317 nl80211_config_mcgrp.id, GFP_KERNEL); 5318 } 5319 5320 static int nl80211_add_scan_req(struct sk_buff *msg, 5321 struct cfg80211_registered_device *rdev) 5322 { 5323 struct cfg80211_scan_request *req = rdev->scan_req; 5324 struct nlattr *nest; 5325 int i; 5326 5327 ASSERT_RDEV_LOCK(rdev); 5328 5329 if (WARN_ON(!req)) 5330 return 0; 5331 5332 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_SSIDS); 5333 if (!nest) 5334 goto nla_put_failure; 5335 for (i = 0; i < req->n_ssids; i++) 5336 NLA_PUT(msg, i, req->ssids[i].ssid_len, req->ssids[i].ssid); 5337 nla_nest_end(msg, nest); 5338 5339 nest = nla_nest_start(msg, NL80211_ATTR_SCAN_FREQUENCIES); 5340 if (!nest) 5341 goto nla_put_failure; 5342 for (i = 0; i < req->n_channels; i++) 5343 NLA_PUT_U32(msg, i, req->channels[i]->center_freq); 5344 nla_nest_end(msg, nest); 5345 5346 if (req->ie) 5347 NLA_PUT(msg, NL80211_ATTR_IE, req->ie_len, req->ie); 5348 5349 return 0; 5350 nla_put_failure: 5351 return -ENOBUFS; 5352 } 5353 5354 static int nl80211_send_scan_msg(struct sk_buff *msg, 5355 struct cfg80211_registered_device *rdev, 5356 struct net_device *netdev, 5357 u32 pid, u32 seq, int flags, 5358 u32 cmd) 5359 { 5360 void *hdr; 5361 5362 hdr = nl80211hdr_put(msg, pid, seq, flags, cmd); 5363 if (!hdr) 5364 return -1; 5365 5366 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5367 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5368 5369 /* ignore errors and send incomplete event anyway */ 5370 nl80211_add_scan_req(msg, rdev); 5371 5372 return genlmsg_end(msg, hdr); 5373 5374 nla_put_failure: 5375 genlmsg_cancel(msg, hdr); 5376 return -EMSGSIZE; 5377 } 5378 5379 void nl80211_send_scan_start(struct cfg80211_registered_device *rdev, 5380 struct net_device *netdev) 5381 { 5382 struct sk_buff *msg; 5383 5384 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5385 if (!msg) 5386 return; 5387 5388 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5389 NL80211_CMD_TRIGGER_SCAN) < 0) { 5390 nlmsg_free(msg); 5391 return; 5392 } 5393 5394 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5395 nl80211_scan_mcgrp.id, GFP_KERNEL); 5396 } 5397 5398 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev, 5399 struct net_device *netdev) 5400 { 5401 struct sk_buff *msg; 5402 5403 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5404 if (!msg) 5405 return; 5406 5407 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5408 NL80211_CMD_NEW_SCAN_RESULTS) < 0) { 5409 nlmsg_free(msg); 5410 return; 5411 } 5412 5413 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5414 nl80211_scan_mcgrp.id, GFP_KERNEL); 5415 } 5416 5417 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev, 5418 struct net_device *netdev) 5419 { 5420 struct sk_buff *msg; 5421 5422 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5423 if (!msg) 5424 return; 5425 5426 if (nl80211_send_scan_msg(msg, rdev, netdev, 0, 0, 0, 5427 NL80211_CMD_SCAN_ABORTED) < 0) { 5428 nlmsg_free(msg); 5429 return; 5430 } 5431 5432 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5433 nl80211_scan_mcgrp.id, GFP_KERNEL); 5434 } 5435 5436 /* 5437 * This can happen on global regulatory changes or device specific settings 5438 * based on custom world regulatory domains. 5439 */ 5440 void nl80211_send_reg_change_event(struct regulatory_request *request) 5441 { 5442 struct sk_buff *msg; 5443 void *hdr; 5444 5445 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL); 5446 if (!msg) 5447 return; 5448 5449 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE); 5450 if (!hdr) { 5451 nlmsg_free(msg); 5452 return; 5453 } 5454 5455 /* Userspace can always count this one always being set */ 5456 NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator); 5457 5458 if (request->alpha2[0] == '0' && request->alpha2[1] == '0') 5459 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5460 NL80211_REGDOM_TYPE_WORLD); 5461 else if (request->alpha2[0] == '9' && request->alpha2[1] == '9') 5462 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5463 NL80211_REGDOM_TYPE_CUSTOM_WORLD); 5464 else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') || 5465 request->intersect) 5466 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5467 NL80211_REGDOM_TYPE_INTERSECTION); 5468 else { 5469 NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE, 5470 NL80211_REGDOM_TYPE_COUNTRY); 5471 NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2); 5472 } 5473 5474 if (wiphy_idx_valid(request->wiphy_idx)) 5475 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx); 5476 5477 if (genlmsg_end(msg, hdr) < 0) { 5478 nlmsg_free(msg); 5479 return; 5480 } 5481 5482 rcu_read_lock(); 5483 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5484 GFP_ATOMIC); 5485 rcu_read_unlock(); 5486 5487 return; 5488 5489 nla_put_failure: 5490 genlmsg_cancel(msg, hdr); 5491 nlmsg_free(msg); 5492 } 5493 5494 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev, 5495 struct net_device *netdev, 5496 const u8 *buf, size_t len, 5497 enum nl80211_commands cmd, gfp_t gfp) 5498 { 5499 struct sk_buff *msg; 5500 void *hdr; 5501 5502 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5503 if (!msg) 5504 return; 5505 5506 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5507 if (!hdr) { 5508 nlmsg_free(msg); 5509 return; 5510 } 5511 5512 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5513 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5514 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5515 5516 if (genlmsg_end(msg, hdr) < 0) { 5517 nlmsg_free(msg); 5518 return; 5519 } 5520 5521 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5522 nl80211_mlme_mcgrp.id, gfp); 5523 return; 5524 5525 nla_put_failure: 5526 genlmsg_cancel(msg, hdr); 5527 nlmsg_free(msg); 5528 } 5529 5530 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev, 5531 struct net_device *netdev, const u8 *buf, 5532 size_t len, gfp_t gfp) 5533 { 5534 nl80211_send_mlme_event(rdev, netdev, buf, len, 5535 NL80211_CMD_AUTHENTICATE, gfp); 5536 } 5537 5538 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev, 5539 struct net_device *netdev, const u8 *buf, 5540 size_t len, gfp_t gfp) 5541 { 5542 nl80211_send_mlme_event(rdev, netdev, buf, len, 5543 NL80211_CMD_ASSOCIATE, gfp); 5544 } 5545 5546 void nl80211_send_deauth(struct cfg80211_registered_device *rdev, 5547 struct net_device *netdev, const u8 *buf, 5548 size_t len, gfp_t gfp) 5549 { 5550 nl80211_send_mlme_event(rdev, netdev, buf, len, 5551 NL80211_CMD_DEAUTHENTICATE, gfp); 5552 } 5553 5554 void nl80211_send_disassoc(struct cfg80211_registered_device *rdev, 5555 struct net_device *netdev, const u8 *buf, 5556 size_t len, gfp_t gfp) 5557 { 5558 nl80211_send_mlme_event(rdev, netdev, buf, len, 5559 NL80211_CMD_DISASSOCIATE, gfp); 5560 } 5561 5562 static void nl80211_send_mlme_timeout(struct cfg80211_registered_device *rdev, 5563 struct net_device *netdev, int cmd, 5564 const u8 *addr, gfp_t gfp) 5565 { 5566 struct sk_buff *msg; 5567 void *hdr; 5568 5569 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5570 if (!msg) 5571 return; 5572 5573 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5574 if (!hdr) { 5575 nlmsg_free(msg); 5576 return; 5577 } 5578 5579 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5580 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5581 NLA_PUT_FLAG(msg, NL80211_ATTR_TIMED_OUT); 5582 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5583 5584 if (genlmsg_end(msg, hdr) < 0) { 5585 nlmsg_free(msg); 5586 return; 5587 } 5588 5589 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5590 nl80211_mlme_mcgrp.id, gfp); 5591 return; 5592 5593 nla_put_failure: 5594 genlmsg_cancel(msg, hdr); 5595 nlmsg_free(msg); 5596 } 5597 5598 void nl80211_send_auth_timeout(struct cfg80211_registered_device *rdev, 5599 struct net_device *netdev, const u8 *addr, 5600 gfp_t gfp) 5601 { 5602 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_AUTHENTICATE, 5603 addr, gfp); 5604 } 5605 5606 void nl80211_send_assoc_timeout(struct cfg80211_registered_device *rdev, 5607 struct net_device *netdev, const u8 *addr, 5608 gfp_t gfp) 5609 { 5610 nl80211_send_mlme_timeout(rdev, netdev, NL80211_CMD_ASSOCIATE, 5611 addr, gfp); 5612 } 5613 5614 void nl80211_send_connect_result(struct cfg80211_registered_device *rdev, 5615 struct net_device *netdev, const u8 *bssid, 5616 const u8 *req_ie, size_t req_ie_len, 5617 const u8 *resp_ie, size_t resp_ie_len, 5618 u16 status, gfp_t gfp) 5619 { 5620 struct sk_buff *msg; 5621 void *hdr; 5622 5623 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5624 if (!msg) 5625 return; 5626 5627 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_CONNECT); 5628 if (!hdr) { 5629 nlmsg_free(msg); 5630 return; 5631 } 5632 5633 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5634 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5635 if (bssid) 5636 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5637 NLA_PUT_U16(msg, NL80211_ATTR_STATUS_CODE, status); 5638 if (req_ie) 5639 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5640 if (resp_ie) 5641 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5642 5643 if (genlmsg_end(msg, hdr) < 0) { 5644 nlmsg_free(msg); 5645 return; 5646 } 5647 5648 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5649 nl80211_mlme_mcgrp.id, gfp); 5650 return; 5651 5652 nla_put_failure: 5653 genlmsg_cancel(msg, hdr); 5654 nlmsg_free(msg); 5655 5656 } 5657 5658 void nl80211_send_roamed(struct cfg80211_registered_device *rdev, 5659 struct net_device *netdev, const u8 *bssid, 5660 const u8 *req_ie, size_t req_ie_len, 5661 const u8 *resp_ie, size_t resp_ie_len, gfp_t gfp) 5662 { 5663 struct sk_buff *msg; 5664 void *hdr; 5665 5666 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5667 if (!msg) 5668 return; 5669 5670 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ROAM); 5671 if (!hdr) { 5672 nlmsg_free(msg); 5673 return; 5674 } 5675 5676 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5677 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5678 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5679 if (req_ie) 5680 NLA_PUT(msg, NL80211_ATTR_REQ_IE, req_ie_len, req_ie); 5681 if (resp_ie) 5682 NLA_PUT(msg, NL80211_ATTR_RESP_IE, resp_ie_len, resp_ie); 5683 5684 if (genlmsg_end(msg, hdr) < 0) { 5685 nlmsg_free(msg); 5686 return; 5687 } 5688 5689 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5690 nl80211_mlme_mcgrp.id, gfp); 5691 return; 5692 5693 nla_put_failure: 5694 genlmsg_cancel(msg, hdr); 5695 nlmsg_free(msg); 5696 5697 } 5698 5699 void nl80211_send_disconnected(struct cfg80211_registered_device *rdev, 5700 struct net_device *netdev, u16 reason, 5701 const u8 *ie, size_t ie_len, bool from_ap) 5702 { 5703 struct sk_buff *msg; 5704 void *hdr; 5705 5706 msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 5707 if (!msg) 5708 return; 5709 5710 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_DISCONNECT); 5711 if (!hdr) { 5712 nlmsg_free(msg); 5713 return; 5714 } 5715 5716 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5717 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5718 if (from_ap && reason) 5719 NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason); 5720 if (from_ap) 5721 NLA_PUT_FLAG(msg, NL80211_ATTR_DISCONNECTED_BY_AP); 5722 if (ie) 5723 NLA_PUT(msg, NL80211_ATTR_IE, ie_len, ie); 5724 5725 if (genlmsg_end(msg, hdr) < 0) { 5726 nlmsg_free(msg); 5727 return; 5728 } 5729 5730 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5731 nl80211_mlme_mcgrp.id, GFP_KERNEL); 5732 return; 5733 5734 nla_put_failure: 5735 genlmsg_cancel(msg, hdr); 5736 nlmsg_free(msg); 5737 5738 } 5739 5740 void nl80211_send_ibss_bssid(struct cfg80211_registered_device *rdev, 5741 struct net_device *netdev, const u8 *bssid, 5742 gfp_t gfp) 5743 { 5744 struct sk_buff *msg; 5745 void *hdr; 5746 5747 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5748 if (!msg) 5749 return; 5750 5751 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_JOIN_IBSS); 5752 if (!hdr) { 5753 nlmsg_free(msg); 5754 return; 5755 } 5756 5757 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5758 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5759 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, bssid); 5760 5761 if (genlmsg_end(msg, hdr) < 0) { 5762 nlmsg_free(msg); 5763 return; 5764 } 5765 5766 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5767 nl80211_mlme_mcgrp.id, gfp); 5768 return; 5769 5770 nla_put_failure: 5771 genlmsg_cancel(msg, hdr); 5772 nlmsg_free(msg); 5773 } 5774 5775 void nl80211_michael_mic_failure(struct cfg80211_registered_device *rdev, 5776 struct net_device *netdev, const u8 *addr, 5777 enum nl80211_key_type key_type, int key_id, 5778 const u8 *tsc, gfp_t gfp) 5779 { 5780 struct sk_buff *msg; 5781 void *hdr; 5782 5783 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5784 if (!msg) 5785 return; 5786 5787 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_MICHAEL_MIC_FAILURE); 5788 if (!hdr) { 5789 nlmsg_free(msg); 5790 return; 5791 } 5792 5793 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5794 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5795 if (addr) 5796 NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr); 5797 NLA_PUT_U32(msg, NL80211_ATTR_KEY_TYPE, key_type); 5798 NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_id); 5799 if (tsc) 5800 NLA_PUT(msg, NL80211_ATTR_KEY_SEQ, 6, tsc); 5801 5802 if (genlmsg_end(msg, hdr) < 0) { 5803 nlmsg_free(msg); 5804 return; 5805 } 5806 5807 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5808 nl80211_mlme_mcgrp.id, gfp); 5809 return; 5810 5811 nla_put_failure: 5812 genlmsg_cancel(msg, hdr); 5813 nlmsg_free(msg); 5814 } 5815 5816 void nl80211_send_beacon_hint_event(struct wiphy *wiphy, 5817 struct ieee80211_channel *channel_before, 5818 struct ieee80211_channel *channel_after) 5819 { 5820 struct sk_buff *msg; 5821 void *hdr; 5822 struct nlattr *nl_freq; 5823 5824 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_ATOMIC); 5825 if (!msg) 5826 return; 5827 5828 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_BEACON_HINT); 5829 if (!hdr) { 5830 nlmsg_free(msg); 5831 return; 5832 } 5833 5834 /* 5835 * Since we are applying the beacon hint to a wiphy we know its 5836 * wiphy_idx is valid 5837 */ 5838 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, get_wiphy_idx(wiphy)); 5839 5840 /* Before */ 5841 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_BEFORE); 5842 if (!nl_freq) 5843 goto nla_put_failure; 5844 if (nl80211_msg_put_channel(msg, channel_before)) 5845 goto nla_put_failure; 5846 nla_nest_end(msg, nl_freq); 5847 5848 /* After */ 5849 nl_freq = nla_nest_start(msg, NL80211_ATTR_FREQ_AFTER); 5850 if (!nl_freq) 5851 goto nla_put_failure; 5852 if (nl80211_msg_put_channel(msg, channel_after)) 5853 goto nla_put_failure; 5854 nla_nest_end(msg, nl_freq); 5855 5856 if (genlmsg_end(msg, hdr) < 0) { 5857 nlmsg_free(msg); 5858 return; 5859 } 5860 5861 rcu_read_lock(); 5862 genlmsg_multicast_allns(msg, 0, nl80211_regulatory_mcgrp.id, 5863 GFP_ATOMIC); 5864 rcu_read_unlock(); 5865 5866 return; 5867 5868 nla_put_failure: 5869 genlmsg_cancel(msg, hdr); 5870 nlmsg_free(msg); 5871 } 5872 5873 static void nl80211_send_remain_on_chan_event( 5874 int cmd, struct cfg80211_registered_device *rdev, 5875 struct net_device *netdev, u64 cookie, 5876 struct ieee80211_channel *chan, 5877 enum nl80211_channel_type channel_type, 5878 unsigned int duration, gfp_t gfp) 5879 { 5880 struct sk_buff *msg; 5881 void *hdr; 5882 5883 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5884 if (!msg) 5885 return; 5886 5887 hdr = nl80211hdr_put(msg, 0, 0, 0, cmd); 5888 if (!hdr) { 5889 nlmsg_free(msg); 5890 return; 5891 } 5892 5893 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5894 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5895 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, chan->center_freq); 5896 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, channel_type); 5897 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 5898 5899 if (cmd == NL80211_CMD_REMAIN_ON_CHANNEL) 5900 NLA_PUT_U32(msg, NL80211_ATTR_DURATION, duration); 5901 5902 if (genlmsg_end(msg, hdr) < 0) { 5903 nlmsg_free(msg); 5904 return; 5905 } 5906 5907 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5908 nl80211_mlme_mcgrp.id, gfp); 5909 return; 5910 5911 nla_put_failure: 5912 genlmsg_cancel(msg, hdr); 5913 nlmsg_free(msg); 5914 } 5915 5916 void nl80211_send_remain_on_channel(struct cfg80211_registered_device *rdev, 5917 struct net_device *netdev, u64 cookie, 5918 struct ieee80211_channel *chan, 5919 enum nl80211_channel_type channel_type, 5920 unsigned int duration, gfp_t gfp) 5921 { 5922 nl80211_send_remain_on_chan_event(NL80211_CMD_REMAIN_ON_CHANNEL, 5923 rdev, netdev, cookie, chan, 5924 channel_type, duration, gfp); 5925 } 5926 5927 void nl80211_send_remain_on_channel_cancel( 5928 struct cfg80211_registered_device *rdev, struct net_device *netdev, 5929 u64 cookie, struct ieee80211_channel *chan, 5930 enum nl80211_channel_type channel_type, gfp_t gfp) 5931 { 5932 nl80211_send_remain_on_chan_event(NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL, 5933 rdev, netdev, cookie, chan, 5934 channel_type, 0, gfp); 5935 } 5936 5937 void nl80211_send_sta_event(struct cfg80211_registered_device *rdev, 5938 struct net_device *dev, const u8 *mac_addr, 5939 struct station_info *sinfo, gfp_t gfp) 5940 { 5941 struct sk_buff *msg; 5942 5943 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 5944 if (!msg) 5945 return; 5946 5947 if (nl80211_send_station(msg, 0, 0, 0, dev, mac_addr, sinfo) < 0) { 5948 nlmsg_free(msg); 5949 return; 5950 } 5951 5952 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 5953 nl80211_mlme_mcgrp.id, gfp); 5954 } 5955 5956 int nl80211_send_action(struct cfg80211_registered_device *rdev, 5957 struct net_device *netdev, u32 nlpid, 5958 int freq, const u8 *buf, size_t len, gfp_t gfp) 5959 { 5960 struct sk_buff *msg; 5961 void *hdr; 5962 int err; 5963 5964 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 5965 if (!msg) 5966 return -ENOMEM; 5967 5968 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION); 5969 if (!hdr) { 5970 nlmsg_free(msg); 5971 return -ENOMEM; 5972 } 5973 5974 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 5975 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 5976 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, freq); 5977 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 5978 5979 err = genlmsg_end(msg, hdr); 5980 if (err < 0) { 5981 nlmsg_free(msg); 5982 return err; 5983 } 5984 5985 err = genlmsg_unicast(wiphy_net(&rdev->wiphy), msg, nlpid); 5986 if (err < 0) 5987 return err; 5988 return 0; 5989 5990 nla_put_failure: 5991 genlmsg_cancel(msg, hdr); 5992 nlmsg_free(msg); 5993 return -ENOBUFS; 5994 } 5995 5996 void nl80211_send_action_tx_status(struct cfg80211_registered_device *rdev, 5997 struct net_device *netdev, u64 cookie, 5998 const u8 *buf, size_t len, bool ack, 5999 gfp_t gfp) 6000 { 6001 struct sk_buff *msg; 6002 void *hdr; 6003 6004 msg = nlmsg_new(NLMSG_DEFAULT_SIZE, gfp); 6005 if (!msg) 6006 return; 6007 6008 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_ACTION_TX_STATUS); 6009 if (!hdr) { 6010 nlmsg_free(msg); 6011 return; 6012 } 6013 6014 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6015 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6016 NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf); 6017 NLA_PUT_U64(msg, NL80211_ATTR_COOKIE, cookie); 6018 if (ack) 6019 NLA_PUT_FLAG(msg, NL80211_ATTR_ACK); 6020 6021 if (genlmsg_end(msg, hdr) < 0) { 6022 nlmsg_free(msg); 6023 return; 6024 } 6025 6026 genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, gfp); 6027 return; 6028 6029 nla_put_failure: 6030 genlmsg_cancel(msg, hdr); 6031 nlmsg_free(msg); 6032 } 6033 6034 void 6035 nl80211_send_cqm_rssi_notify(struct cfg80211_registered_device *rdev, 6036 struct net_device *netdev, 6037 enum nl80211_cqm_rssi_threshold_event rssi_event, 6038 gfp_t gfp) 6039 { 6040 struct sk_buff *msg; 6041 struct nlattr *pinfoattr; 6042 void *hdr; 6043 6044 msg = nlmsg_new(NLMSG_GOODSIZE, gfp); 6045 if (!msg) 6046 return; 6047 6048 hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_NOTIFY_CQM); 6049 if (!hdr) { 6050 nlmsg_free(msg); 6051 return; 6052 } 6053 6054 NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx); 6055 NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex); 6056 6057 pinfoattr = nla_nest_start(msg, NL80211_ATTR_CQM); 6058 if (!pinfoattr) 6059 goto nla_put_failure; 6060 6061 NLA_PUT_U32(msg, NL80211_ATTR_CQM_RSSI_THRESHOLD_EVENT, 6062 rssi_event); 6063 6064 nla_nest_end(msg, pinfoattr); 6065 6066 if (genlmsg_end(msg, hdr) < 0) { 6067 nlmsg_free(msg); 6068 return; 6069 } 6070 6071 genlmsg_multicast_netns(wiphy_net(&rdev->wiphy), msg, 0, 6072 nl80211_mlme_mcgrp.id, gfp); 6073 return; 6074 6075 nla_put_failure: 6076 genlmsg_cancel(msg, hdr); 6077 nlmsg_free(msg); 6078 } 6079 6080 static int nl80211_netlink_notify(struct notifier_block * nb, 6081 unsigned long state, 6082 void *_notify) 6083 { 6084 struct netlink_notify *notify = _notify; 6085 struct cfg80211_registered_device *rdev; 6086 struct wireless_dev *wdev; 6087 6088 if (state != NETLINK_URELEASE) 6089 return NOTIFY_DONE; 6090 6091 rcu_read_lock(); 6092 6093 list_for_each_entry_rcu(rdev, &cfg80211_rdev_list, list) 6094 list_for_each_entry_rcu(wdev, &rdev->netdev_list, list) 6095 cfg80211_mlme_unregister_actions(wdev, notify->pid); 6096 6097 rcu_read_unlock(); 6098 6099 return NOTIFY_DONE; 6100 } 6101 6102 static struct notifier_block nl80211_netlink_notifier = { 6103 .notifier_call = nl80211_netlink_notify, 6104 }; 6105 6106 /* initialisation/exit functions */ 6107 6108 int nl80211_init(void) 6109 { 6110 int err; 6111 6112 err = genl_register_family_with_ops(&nl80211_fam, 6113 nl80211_ops, ARRAY_SIZE(nl80211_ops)); 6114 if (err) 6115 return err; 6116 6117 err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp); 6118 if (err) 6119 goto err_out; 6120 6121 err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp); 6122 if (err) 6123 goto err_out; 6124 6125 err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp); 6126 if (err) 6127 goto err_out; 6128 6129 err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp); 6130 if (err) 6131 goto err_out; 6132 6133 #ifdef CONFIG_NL80211_TESTMODE 6134 err = genl_register_mc_group(&nl80211_fam, &nl80211_testmode_mcgrp); 6135 if (err) 6136 goto err_out; 6137 #endif 6138 6139 err = netlink_register_notifier(&nl80211_netlink_notifier); 6140 if (err) 6141 goto err_out; 6142 6143 return 0; 6144 err_out: 6145 genl_unregister_family(&nl80211_fam); 6146 return err; 6147 } 6148 6149 void nl80211_exit(void) 6150 { 6151 netlink_unregister_notifier(&nl80211_netlink_notifier); 6152 genl_unregister_family(&nl80211_fam); 6153 } 6154