xref: /openbmc/linux/net/wireless/nl80211.c (revision 78c99ba1) 
1 /*
2  * This is the new netlink-based wireless configuration interface.
3  *
4  * Copyright 2006, 2007	Johannes Berg <johannes@sipsolutions.net>
5  */
6 
7 #include <linux/if.h>
8 #include <linux/module.h>
9 #include <linux/err.h>
10 #include <linux/list.h>
11 #include <linux/if_ether.h>
12 #include <linux/ieee80211.h>
13 #include <linux/nl80211.h>
14 #include <linux/rtnetlink.h>
15 #include <linux/netlink.h>
16 #include <linux/etherdevice.h>
17 #include <net/genetlink.h>
18 #include <net/cfg80211.h>
19 #include "core.h"
20 #include "nl80211.h"
21 #include "reg.h"
22 
23 /* the netlink family */
24 static struct genl_family nl80211_fam = {
25 	.id = GENL_ID_GENERATE,	/* don't bother with a hardcoded ID */
26 	.name = "nl80211",	/* have users key off the name instead */
27 	.hdrsize = 0,		/* no private header */
28 	.version = 1,		/* no particular meaning now */
29 	.maxattr = NL80211_ATTR_MAX,
30 };
31 
32 /* internal helper: get drv and dev */
33 static int get_drv_dev_by_info_ifindex(struct nlattr **attrs,
34 				       struct cfg80211_registered_device **drv,
35 				       struct net_device **dev)
36 {
37 	int ifindex;
38 
39 	if (!attrs[NL80211_ATTR_IFINDEX])
40 		return -EINVAL;
41 
42 	ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
43 	*dev = dev_get_by_index(&init_net, ifindex);
44 	if (!*dev)
45 		return -ENODEV;
46 
47 	*drv = cfg80211_get_dev_from_ifindex(ifindex);
48 	if (IS_ERR(*drv)) {
49 		dev_put(*dev);
50 		return PTR_ERR(*drv);
51 	}
52 
53 	return 0;
54 }
55 
56 /* policy for the attributes */
57 static struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] __read_mostly = {
58 	[NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
59 	[NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
60 				      .len = BUS_ID_SIZE-1 },
61 	[NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
62 	[NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
63 	[NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
64 
65 	[NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
66 	[NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
67 	[NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },
68 
69 	[NL80211_ATTR_MAC] = { .type = NLA_BINARY, .len = ETH_ALEN },
70 
71 	[NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
72 				    .len = WLAN_MAX_KEY_LEN },
73 	[NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
74 	[NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
75 	[NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
76 
77 	[NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
78 	[NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
79 	[NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
80 				       .len = IEEE80211_MAX_DATA_LEN },
81 	[NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
82 				       .len = IEEE80211_MAX_DATA_LEN },
83 	[NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
84 	[NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
85 	[NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
86 	[NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
87 					       .len = NL80211_MAX_SUPP_RATES },
88 	[NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
89 	[NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
90 	[NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
91 	[NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
92 				.len = IEEE80211_MAX_MESH_ID_LEN },
93 	[NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },
94 
95 	[NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
96 	[NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },
97 
98 	[NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
99 	[NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
100 	[NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
101 	[NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
102 					   .len = NL80211_MAX_SUPP_RATES },
103 
104 	[NL80211_ATTR_MESH_PARAMS] = { .type = NLA_NESTED },
105 
106 	[NL80211_ATTR_HT_CAPABILITY] = { .type = NLA_BINARY,
107 					 .len = NL80211_HT_CAPABILITY_LEN },
108 
109 	[NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
110 	[NL80211_ATTR_IE] = { .type = NLA_BINARY,
111 			      .len = IEEE80211_MAX_DATA_LEN },
112 	[NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
113 	[NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },
114 
115 	[NL80211_ATTR_SSID] = { .type = NLA_BINARY,
116 				.len = IEEE80211_MAX_SSID_LEN },
117 	[NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
118 	[NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
119 };
120 
121 /* message building helper */
122 static inline void *nl80211hdr_put(struct sk_buff *skb, u32 pid, u32 seq,
123 				   int flags, u8 cmd)
124 {
125 	/* since there is no private header just add the generic one */
126 	return genlmsg_put(skb, pid, seq, &nl80211_fam, flags, cmd);
127 }
128 
129 /* netlink command implementations */
130 
131 static int nl80211_send_wiphy(struct sk_buff *msg, u32 pid, u32 seq, int flags,
132 			      struct cfg80211_registered_device *dev)
133 {
134 	void *hdr;
135 	struct nlattr *nl_bands, *nl_band;
136 	struct nlattr *nl_freqs, *nl_freq;
137 	struct nlattr *nl_rates, *nl_rate;
138 	struct nlattr *nl_modes;
139 	struct nlattr *nl_cmds;
140 	enum ieee80211_band band;
141 	struct ieee80211_channel *chan;
142 	struct ieee80211_rate *rate;
143 	int i;
144 	u16 ifmodes = dev->wiphy.interface_modes;
145 
146 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_WIPHY);
147 	if (!hdr)
148 		return -1;
149 
150 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx);
151 	NLA_PUT_STRING(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy));
152 	NLA_PUT_U8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
153 		   dev->wiphy.max_scan_ssids);
154 
155 	nl_modes = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_IFTYPES);
156 	if (!nl_modes)
157 		goto nla_put_failure;
158 
159 	i = 0;
160 	while (ifmodes) {
161 		if (ifmodes & 1)
162 			NLA_PUT_FLAG(msg, i);
163 		ifmodes >>= 1;
164 		i++;
165 	}
166 
167 	nla_nest_end(msg, nl_modes);
168 
169 	nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
170 	if (!nl_bands)
171 		goto nla_put_failure;
172 
173 	for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
174 		if (!dev->wiphy.bands[band])
175 			continue;
176 
177 		nl_band = nla_nest_start(msg, band);
178 		if (!nl_band)
179 			goto nla_put_failure;
180 
181 		/* add HT info */
182 		if (dev->wiphy.bands[band]->ht_cap.ht_supported) {
183 			NLA_PUT(msg, NL80211_BAND_ATTR_HT_MCS_SET,
184 				sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
185 				&dev->wiphy.bands[band]->ht_cap.mcs);
186 			NLA_PUT_U16(msg, NL80211_BAND_ATTR_HT_CAPA,
187 				dev->wiphy.bands[band]->ht_cap.cap);
188 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
189 				dev->wiphy.bands[band]->ht_cap.ampdu_factor);
190 			NLA_PUT_U8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
191 				dev->wiphy.bands[band]->ht_cap.ampdu_density);
192 		}
193 
194 		/* add frequencies */
195 		nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
196 		if (!nl_freqs)
197 			goto nla_put_failure;
198 
199 		for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
200 			nl_freq = nla_nest_start(msg, i);
201 			if (!nl_freq)
202 				goto nla_put_failure;
203 
204 			chan = &dev->wiphy.bands[band]->channels[i];
205 			NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_FREQ,
206 				    chan->center_freq);
207 
208 			if (chan->flags & IEEE80211_CHAN_DISABLED)
209 				NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_DISABLED);
210 			if (chan->flags & IEEE80211_CHAN_PASSIVE_SCAN)
211 				NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN);
212 			if (chan->flags & IEEE80211_CHAN_NO_IBSS)
213 				NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_NO_IBSS);
214 			if (chan->flags & IEEE80211_CHAN_RADAR)
215 				NLA_PUT_FLAG(msg, NL80211_FREQUENCY_ATTR_RADAR);
216 
217 			NLA_PUT_U32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
218 				    DBM_TO_MBM(chan->max_power));
219 
220 			nla_nest_end(msg, nl_freq);
221 		}
222 
223 		nla_nest_end(msg, nl_freqs);
224 
225 		/* add bitrates */
226 		nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
227 		if (!nl_rates)
228 			goto nla_put_failure;
229 
230 		for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
231 			nl_rate = nla_nest_start(msg, i);
232 			if (!nl_rate)
233 				goto nla_put_failure;
234 
235 			rate = &dev->wiphy.bands[band]->bitrates[i];
236 			NLA_PUT_U32(msg, NL80211_BITRATE_ATTR_RATE,
237 				    rate->bitrate);
238 			if (rate->flags & IEEE80211_RATE_SHORT_PREAMBLE)
239 				NLA_PUT_FLAG(msg,
240 					NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE);
241 
242 			nla_nest_end(msg, nl_rate);
243 		}
244 
245 		nla_nest_end(msg, nl_rates);
246 
247 		nla_nest_end(msg, nl_band);
248 	}
249 	nla_nest_end(msg, nl_bands);
250 
251 	nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
252 	if (!nl_cmds)
253 		goto nla_put_failure;
254 
255 	i = 0;
256 #define CMD(op, n)						\
257 	 do {							\
258 		if (dev->ops->op) {				\
259 			i++;					\
260 			NLA_PUT_U32(msg, i, NL80211_CMD_ ## n);	\
261 		}						\
262 	} while (0)
263 
264 	CMD(add_virtual_intf, NEW_INTERFACE);
265 	CMD(change_virtual_intf, SET_INTERFACE);
266 	CMD(add_key, NEW_KEY);
267 	CMD(add_beacon, NEW_BEACON);
268 	CMD(add_station, NEW_STATION);
269 	CMD(add_mpath, NEW_MPATH);
270 	CMD(set_mesh_params, SET_MESH_PARAMS);
271 	CMD(change_bss, SET_BSS);
272 	CMD(auth, AUTHENTICATE);
273 	CMD(assoc, ASSOCIATE);
274 	CMD(deauth, DEAUTHENTICATE);
275 	CMD(disassoc, DISASSOCIATE);
276 
277 #undef CMD
278 	nla_nest_end(msg, nl_cmds);
279 
280 	return genlmsg_end(msg, hdr);
281 
282  nla_put_failure:
283 	genlmsg_cancel(msg, hdr);
284 	return -EMSGSIZE;
285 }
286 
287 static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
288 {
289 	int idx = 0;
290 	int start = cb->args[0];
291 	struct cfg80211_registered_device *dev;
292 
293 	mutex_lock(&cfg80211_mutex);
294 	list_for_each_entry(dev, &cfg80211_drv_list, list) {
295 		if (++idx <= start)
296 			continue;
297 		if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).pid,
298 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
299 				       dev) < 0) {
300 			idx--;
301 			break;
302 		}
303 	}
304 	mutex_unlock(&cfg80211_mutex);
305 
306 	cb->args[0] = idx;
307 
308 	return skb->len;
309 }
310 
311 static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
312 {
313 	struct sk_buff *msg;
314 	struct cfg80211_registered_device *dev;
315 
316 	dev = cfg80211_get_dev_from_info(info);
317 	if (IS_ERR(dev))
318 		return PTR_ERR(dev);
319 
320 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
321 	if (!msg)
322 		goto out_err;
323 
324 	if (nl80211_send_wiphy(msg, info->snd_pid, info->snd_seq, 0, dev) < 0)
325 		goto out_free;
326 
327 	cfg80211_put_dev(dev);
328 
329 	return genlmsg_unicast(msg, info->snd_pid);
330 
331  out_free:
332 	nlmsg_free(msg);
333  out_err:
334 	cfg80211_put_dev(dev);
335 	return -ENOBUFS;
336 }
337 
338 static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
339 	[NL80211_TXQ_ATTR_QUEUE]		= { .type = NLA_U8 },
340 	[NL80211_TXQ_ATTR_TXOP]			= { .type = NLA_U16 },
341 	[NL80211_TXQ_ATTR_CWMIN]		= { .type = NLA_U16 },
342 	[NL80211_TXQ_ATTR_CWMAX]		= { .type = NLA_U16 },
343 	[NL80211_TXQ_ATTR_AIFS]			= { .type = NLA_U8 },
344 };
345 
346 static int parse_txq_params(struct nlattr *tb[],
347 			    struct ieee80211_txq_params *txq_params)
348 {
349 	if (!tb[NL80211_TXQ_ATTR_QUEUE] || !tb[NL80211_TXQ_ATTR_TXOP] ||
350 	    !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
351 	    !tb[NL80211_TXQ_ATTR_AIFS])
352 		return -EINVAL;
353 
354 	txq_params->queue = nla_get_u8(tb[NL80211_TXQ_ATTR_QUEUE]);
355 	txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
356 	txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
357 	txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
358 	txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);
359 
360 	return 0;
361 }
362 
363 static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
364 {
365 	struct cfg80211_registered_device *rdev;
366 	int result = 0, rem_txq_params = 0;
367 	struct nlattr *nl_txq_params;
368 
369 	rtnl_lock();
370 
371 	mutex_lock(&cfg80211_mutex);
372 
373 	rdev = __cfg80211_drv_from_info(info);
374 	if (IS_ERR(rdev)) {
375 		result = PTR_ERR(rdev);
376 		goto unlock;
377 	}
378 
379 	mutex_lock(&rdev->mtx);
380 
381 	if (info->attrs[NL80211_ATTR_WIPHY_NAME])
382 		result = cfg80211_dev_rename(
383 			rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));
384 
385 	mutex_unlock(&cfg80211_mutex);
386 
387 	if (result)
388 		goto bad_res;
389 
390 	if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
391 		struct ieee80211_txq_params txq_params;
392 		struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];
393 
394 		if (!rdev->ops->set_txq_params) {
395 			result = -EOPNOTSUPP;
396 			goto bad_res;
397 		}
398 
399 		nla_for_each_nested(nl_txq_params,
400 				    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
401 				    rem_txq_params) {
402 			nla_parse(tb, NL80211_TXQ_ATTR_MAX,
403 				  nla_data(nl_txq_params),
404 				  nla_len(nl_txq_params),
405 				  txq_params_policy);
406 			result = parse_txq_params(tb, &txq_params);
407 			if (result)
408 				goto bad_res;
409 
410 			result = rdev->ops->set_txq_params(&rdev->wiphy,
411 							   &txq_params);
412 			if (result)
413 				goto bad_res;
414 		}
415 	}
416 
417 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
418 		enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
419 		struct ieee80211_channel *chan;
420 		struct ieee80211_sta_ht_cap *ht_cap;
421 		u32 freq, sec_freq;
422 
423 		if (!rdev->ops->set_channel) {
424 			result = -EOPNOTSUPP;
425 			goto bad_res;
426 		}
427 
428 		result = -EINVAL;
429 
430 		if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]) {
431 			channel_type = nla_get_u32(info->attrs[
432 					   NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
433 			if (channel_type != NL80211_CHAN_NO_HT &&
434 			    channel_type != NL80211_CHAN_HT20 &&
435 			    channel_type != NL80211_CHAN_HT40PLUS &&
436 			    channel_type != NL80211_CHAN_HT40MINUS)
437 				goto bad_res;
438 		}
439 
440 		freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);
441 		chan = ieee80211_get_channel(&rdev->wiphy, freq);
442 
443 		/* Primary channel not allowed */
444 		if (!chan || chan->flags & IEEE80211_CHAN_DISABLED)
445 			goto bad_res;
446 
447 		if (channel_type == NL80211_CHAN_HT40MINUS)
448 			sec_freq = freq - 20;
449 		else if (channel_type == NL80211_CHAN_HT40PLUS)
450 			sec_freq = freq + 20;
451 		else
452 			sec_freq = 0;
453 
454 		ht_cap = &rdev->wiphy.bands[chan->band]->ht_cap;
455 
456 		/* no HT capabilities */
457 		if (channel_type != NL80211_CHAN_NO_HT &&
458 		    !ht_cap->ht_supported)
459 			goto bad_res;
460 
461 		if (sec_freq) {
462 			struct ieee80211_channel *schan;
463 
464 			/* no 40 MHz capabilities */
465 			if (!(ht_cap->cap & IEEE80211_HT_CAP_SUP_WIDTH_20_40) ||
466 			    (ht_cap->cap & IEEE80211_HT_CAP_40MHZ_INTOLERANT))
467 				goto bad_res;
468 
469 			schan = ieee80211_get_channel(&rdev->wiphy, sec_freq);
470 
471 			/* Secondary channel not allowed */
472 			if (!schan || schan->flags & IEEE80211_CHAN_DISABLED)
473 				goto bad_res;
474 		}
475 
476 		result = rdev->ops->set_channel(&rdev->wiphy, chan,
477 						channel_type);
478 		if (result)
479 			goto bad_res;
480 	}
481 
482 
483  bad_res:
484 	mutex_unlock(&rdev->mtx);
485  unlock:
486 	rtnl_unlock();
487 	return result;
488 }
489 
490 
491 static int nl80211_send_iface(struct sk_buff *msg, u32 pid, u32 seq, int flags,
492 			      struct net_device *dev)
493 {
494 	void *hdr;
495 
496 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_INTERFACE);
497 	if (!hdr)
498 		return -1;
499 
500 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
501 	NLA_PUT_STRING(msg, NL80211_ATTR_IFNAME, dev->name);
502 	NLA_PUT_U32(msg, NL80211_ATTR_IFTYPE, dev->ieee80211_ptr->iftype);
503 	return genlmsg_end(msg, hdr);
504 
505  nla_put_failure:
506 	genlmsg_cancel(msg, hdr);
507 	return -EMSGSIZE;
508 }
509 
510 static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
511 {
512 	int wp_idx = 0;
513 	int if_idx = 0;
514 	int wp_start = cb->args[0];
515 	int if_start = cb->args[1];
516 	struct cfg80211_registered_device *dev;
517 	struct wireless_dev *wdev;
518 
519 	mutex_lock(&cfg80211_mutex);
520 	list_for_each_entry(dev, &cfg80211_drv_list, list) {
521 		if (wp_idx < wp_start) {
522 			wp_idx++;
523 			continue;
524 		}
525 		if_idx = 0;
526 
527 		mutex_lock(&dev->devlist_mtx);
528 		list_for_each_entry(wdev, &dev->netdev_list, list) {
529 			if (if_idx < if_start) {
530 				if_idx++;
531 				continue;
532 			}
533 			if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).pid,
534 					       cb->nlh->nlmsg_seq, NLM_F_MULTI,
535 					       wdev->netdev) < 0) {
536 				mutex_unlock(&dev->devlist_mtx);
537 				goto out;
538 			}
539 			if_idx++;
540 		}
541 		mutex_unlock(&dev->devlist_mtx);
542 
543 		wp_idx++;
544 	}
545  out:
546 	mutex_unlock(&cfg80211_mutex);
547 
548 	cb->args[0] = wp_idx;
549 	cb->args[1] = if_idx;
550 
551 	return skb->len;
552 }
553 
554 static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
555 {
556 	struct sk_buff *msg;
557 	struct cfg80211_registered_device *dev;
558 	struct net_device *netdev;
559 	int err;
560 
561 	err = get_drv_dev_by_info_ifindex(info->attrs, &dev, &netdev);
562 	if (err)
563 		return err;
564 
565 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
566 	if (!msg)
567 		goto out_err;
568 
569 	if (nl80211_send_iface(msg, info->snd_pid, info->snd_seq, 0, netdev) < 0)
570 		goto out_free;
571 
572 	dev_put(netdev);
573 	cfg80211_put_dev(dev);
574 
575 	return genlmsg_unicast(msg, info->snd_pid);
576 
577  out_free:
578 	nlmsg_free(msg);
579  out_err:
580 	dev_put(netdev);
581 	cfg80211_put_dev(dev);
582 	return -ENOBUFS;
583 }
584 
585 static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
586 	[NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
587 	[NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
588 	[NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
589 	[NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
590 	[NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
591 };
592 
593 static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
594 {
595 	struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
596 	int flag;
597 
598 	*mntrflags = 0;
599 
600 	if (!nla)
601 		return -EINVAL;
602 
603 	if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
604 			     nla, mntr_flags_policy))
605 		return -EINVAL;
606 
607 	for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
608 		if (flags[flag])
609 			*mntrflags |= (1<<flag);
610 
611 	return 0;
612 }
613 
614 static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
615 {
616 	struct cfg80211_registered_device *drv;
617 	struct vif_params params;
618 	int err, ifindex;
619 	enum nl80211_iftype type;
620 	struct net_device *dev;
621 	u32 _flags, *flags = NULL;
622 	bool change = false;
623 
624 	memset(&params, 0, sizeof(params));
625 
626 	rtnl_lock();
627 
628 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
629 	if (err)
630 		goto unlock_rtnl;
631 
632 	ifindex = dev->ifindex;
633 	type = dev->ieee80211_ptr->iftype;
634 	dev_put(dev);
635 
636 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
637 		enum nl80211_iftype ntype;
638 
639 		ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
640 		if (type != ntype)
641 			change = true;
642 		type = ntype;
643 		if (type > NL80211_IFTYPE_MAX) {
644 			err = -EINVAL;
645 			goto unlock;
646 		}
647 	}
648 
649 	if (!drv->ops->change_virtual_intf ||
650 	    !(drv->wiphy.interface_modes & (1 << type))) {
651 		err = -EOPNOTSUPP;
652 		goto unlock;
653 	}
654 
655 	if (info->attrs[NL80211_ATTR_MESH_ID]) {
656 		if (type != NL80211_IFTYPE_MESH_POINT) {
657 			err = -EINVAL;
658 			goto unlock;
659 		}
660 		params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
661 		params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
662 		change = true;
663 	}
664 
665 	if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
666 		if (type != NL80211_IFTYPE_MONITOR) {
667 			err = -EINVAL;
668 			goto unlock;
669 		}
670 		err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
671 					  &_flags);
672 		if (err)
673 			goto unlock;
674 
675 		flags = &_flags;
676 		change = true;
677 	}
678 
679 	if (change)
680 		err = drv->ops->change_virtual_intf(&drv->wiphy, ifindex,
681 						    type, flags, &params);
682 	else
683 		err = 0;
684 
685 	dev = __dev_get_by_index(&init_net, ifindex);
686 	WARN_ON(!dev || (!err && dev->ieee80211_ptr->iftype != type));
687 
688  unlock:
689 	cfg80211_put_dev(drv);
690  unlock_rtnl:
691 	rtnl_unlock();
692 	return err;
693 }
694 
695 static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
696 {
697 	struct cfg80211_registered_device *drv;
698 	struct vif_params params;
699 	int err;
700 	enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
701 	u32 flags;
702 
703 	memset(&params, 0, sizeof(params));
704 
705 	if (!info->attrs[NL80211_ATTR_IFNAME])
706 		return -EINVAL;
707 
708 	if (info->attrs[NL80211_ATTR_IFTYPE]) {
709 		type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
710 		if (type > NL80211_IFTYPE_MAX)
711 			return -EINVAL;
712 	}
713 
714 	rtnl_lock();
715 
716 	drv = cfg80211_get_dev_from_info(info);
717 	if (IS_ERR(drv)) {
718 		err = PTR_ERR(drv);
719 		goto unlock_rtnl;
720 	}
721 
722 	if (!drv->ops->add_virtual_intf ||
723 	    !(drv->wiphy.interface_modes & (1 << type))) {
724 		err = -EOPNOTSUPP;
725 		goto unlock;
726 	}
727 
728 	if (type == NL80211_IFTYPE_MESH_POINT &&
729 	    info->attrs[NL80211_ATTR_MESH_ID]) {
730 		params.mesh_id = nla_data(info->attrs[NL80211_ATTR_MESH_ID]);
731 		params.mesh_id_len = nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
732 	}
733 
734 	err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
735 				  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
736 				  &flags);
737 	err = drv->ops->add_virtual_intf(&drv->wiphy,
738 		nla_data(info->attrs[NL80211_ATTR_IFNAME]),
739 		type, err ? NULL : &flags, &params);
740 
741  unlock:
742 	cfg80211_put_dev(drv);
743  unlock_rtnl:
744 	rtnl_unlock();
745 	return err;
746 }
747 
748 static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
749 {
750 	struct cfg80211_registered_device *drv;
751 	int ifindex, err;
752 	struct net_device *dev;
753 
754 	rtnl_lock();
755 
756 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
757 	if (err)
758 		goto unlock_rtnl;
759 	ifindex = dev->ifindex;
760 	dev_put(dev);
761 
762 	if (!drv->ops->del_virtual_intf) {
763 		err = -EOPNOTSUPP;
764 		goto out;
765 	}
766 
767 	err = drv->ops->del_virtual_intf(&drv->wiphy, ifindex);
768 
769  out:
770 	cfg80211_put_dev(drv);
771  unlock_rtnl:
772 	rtnl_unlock();
773 	return err;
774 }
775 
776 struct get_key_cookie {
777 	struct sk_buff *msg;
778 	int error;
779 };
780 
781 static void get_key_callback(void *c, struct key_params *params)
782 {
783 	struct get_key_cookie *cookie = c;
784 
785 	if (params->key)
786 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_DATA,
787 			params->key_len, params->key);
788 
789 	if (params->seq)
790 		NLA_PUT(cookie->msg, NL80211_ATTR_KEY_SEQ,
791 			params->seq_len, params->seq);
792 
793 	if (params->cipher)
794 		NLA_PUT_U32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
795 			    params->cipher);
796 
797 	return;
798  nla_put_failure:
799 	cookie->error = 1;
800 }
801 
802 static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
803 {
804 	struct cfg80211_registered_device *drv;
805 	int err;
806 	struct net_device *dev;
807 	u8 key_idx = 0;
808 	u8 *mac_addr = NULL;
809 	struct get_key_cookie cookie = {
810 		.error = 0,
811 	};
812 	void *hdr;
813 	struct sk_buff *msg;
814 
815 	if (info->attrs[NL80211_ATTR_KEY_IDX])
816 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
817 
818 	if (key_idx > 5)
819 		return -EINVAL;
820 
821 	if (info->attrs[NL80211_ATTR_MAC])
822 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
823 
824 	rtnl_lock();
825 
826 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
827 	if (err)
828 		goto unlock_rtnl;
829 
830 	if (!drv->ops->get_key) {
831 		err = -EOPNOTSUPP;
832 		goto out;
833 	}
834 
835 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
836 	if (!msg) {
837 		err = -ENOMEM;
838 		goto out;
839 	}
840 
841 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
842 			     NL80211_CMD_NEW_KEY);
843 
844 	if (IS_ERR(hdr)) {
845 		err = PTR_ERR(hdr);
846 		goto out;
847 	}
848 
849 	cookie.msg = msg;
850 
851 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
852 	NLA_PUT_U8(msg, NL80211_ATTR_KEY_IDX, key_idx);
853 	if (mac_addr)
854 		NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
855 
856 	err = drv->ops->get_key(&drv->wiphy, dev, key_idx, mac_addr,
857 				&cookie, get_key_callback);
858 
859 	if (err)
860 		goto out;
861 
862 	if (cookie.error)
863 		goto nla_put_failure;
864 
865 	genlmsg_end(msg, hdr);
866 	err = genlmsg_unicast(msg, info->snd_pid);
867 	goto out;
868 
869  nla_put_failure:
870 	err = -ENOBUFS;
871 	nlmsg_free(msg);
872  out:
873 	cfg80211_put_dev(drv);
874 	dev_put(dev);
875  unlock_rtnl:
876 	rtnl_unlock();
877 
878 	return err;
879 }
880 
881 static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
882 {
883 	struct cfg80211_registered_device *drv;
884 	int err;
885 	struct net_device *dev;
886 	u8 key_idx;
887 	int (*func)(struct wiphy *wiphy, struct net_device *netdev,
888 		    u8 key_index);
889 
890 	if (!info->attrs[NL80211_ATTR_KEY_IDX])
891 		return -EINVAL;
892 
893 	key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
894 
895 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT]) {
896 		if (key_idx < 4 || key_idx > 5)
897 			return -EINVAL;
898 	} else if (key_idx > 3)
899 		return -EINVAL;
900 
901 	/* currently only support setting default key */
902 	if (!info->attrs[NL80211_ATTR_KEY_DEFAULT] &&
903 	    !info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT])
904 		return -EINVAL;
905 
906 	rtnl_lock();
907 
908 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
909 	if (err)
910 		goto unlock_rtnl;
911 
912 	if (info->attrs[NL80211_ATTR_KEY_DEFAULT])
913 		func = drv->ops->set_default_key;
914 	else
915 		func = drv->ops->set_default_mgmt_key;
916 
917 	if (!func) {
918 		err = -EOPNOTSUPP;
919 		goto out;
920 	}
921 
922 	err = func(&drv->wiphy, dev, key_idx);
923 
924  out:
925 	cfg80211_put_dev(drv);
926 	dev_put(dev);
927 
928  unlock_rtnl:
929 	rtnl_unlock();
930 
931 	return err;
932 }
933 
934 static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
935 {
936 	struct cfg80211_registered_device *drv;
937 	int err;
938 	struct net_device *dev;
939 	struct key_params params;
940 	u8 key_idx = 0;
941 	u8 *mac_addr = NULL;
942 
943 	memset(&params, 0, sizeof(params));
944 
945 	if (!info->attrs[NL80211_ATTR_KEY_CIPHER])
946 		return -EINVAL;
947 
948 	if (info->attrs[NL80211_ATTR_KEY_DATA]) {
949 		params.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
950 		params.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
951 	}
952 
953 	if (info->attrs[NL80211_ATTR_KEY_IDX])
954 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
955 
956 	params.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);
957 
958 	if (info->attrs[NL80211_ATTR_MAC])
959 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
960 
961 	if (key_idx > 5)
962 		return -EINVAL;
963 
964 	/*
965 	 * Disallow pairwise keys with non-zero index unless it's WEP
966 	 * (because current deployments use pairwise WEP keys with
967 	 * non-zero indizes but 802.11i clearly specifies to use zero)
968 	 */
969 	if (mac_addr && key_idx &&
970 	    params.cipher != WLAN_CIPHER_SUITE_WEP40 &&
971 	    params.cipher != WLAN_CIPHER_SUITE_WEP104)
972 		return -EINVAL;
973 
974 	/* TODO: add definitions for the lengths to linux/ieee80211.h */
975 	switch (params.cipher) {
976 	case WLAN_CIPHER_SUITE_WEP40:
977 		if (params.key_len != 5)
978 			return -EINVAL;
979 		break;
980 	case WLAN_CIPHER_SUITE_TKIP:
981 		if (params.key_len != 32)
982 			return -EINVAL;
983 		break;
984 	case WLAN_CIPHER_SUITE_CCMP:
985 		if (params.key_len != 16)
986 			return -EINVAL;
987 		break;
988 	case WLAN_CIPHER_SUITE_WEP104:
989 		if (params.key_len != 13)
990 			return -EINVAL;
991 		break;
992 	case WLAN_CIPHER_SUITE_AES_CMAC:
993 		if (params.key_len != 16)
994 			return -EINVAL;
995 		break;
996 	default:
997 		return -EINVAL;
998 	}
999 
1000 	rtnl_lock();
1001 
1002 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1003 	if (err)
1004 		goto unlock_rtnl;
1005 
1006 	if (!drv->ops->add_key) {
1007 		err = -EOPNOTSUPP;
1008 		goto out;
1009 	}
1010 
1011 	err = drv->ops->add_key(&drv->wiphy, dev, key_idx, mac_addr, &params);
1012 
1013  out:
1014 	cfg80211_put_dev(drv);
1015 	dev_put(dev);
1016  unlock_rtnl:
1017 	rtnl_unlock();
1018 
1019 	return err;
1020 }
1021 
1022 static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
1023 {
1024 	struct cfg80211_registered_device *drv;
1025 	int err;
1026 	struct net_device *dev;
1027 	u8 key_idx = 0;
1028 	u8 *mac_addr = NULL;
1029 
1030 	if (info->attrs[NL80211_ATTR_KEY_IDX])
1031 		key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);
1032 
1033 	if (key_idx > 5)
1034 		return -EINVAL;
1035 
1036 	if (info->attrs[NL80211_ATTR_MAC])
1037 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1038 
1039 	rtnl_lock();
1040 
1041 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1042 	if (err)
1043 		goto unlock_rtnl;
1044 
1045 	if (!drv->ops->del_key) {
1046 		err = -EOPNOTSUPP;
1047 		goto out;
1048 	}
1049 
1050 	err = drv->ops->del_key(&drv->wiphy, dev, key_idx, mac_addr);
1051 
1052  out:
1053 	cfg80211_put_dev(drv);
1054 	dev_put(dev);
1055 
1056  unlock_rtnl:
1057 	rtnl_unlock();
1058 
1059 	return err;
1060 }
1061 
1062 static int nl80211_addset_beacon(struct sk_buff *skb, struct genl_info *info)
1063 {
1064         int (*call)(struct wiphy *wiphy, struct net_device *dev,
1065 		    struct beacon_parameters *info);
1066 	struct cfg80211_registered_device *drv;
1067 	int err;
1068 	struct net_device *dev;
1069 	struct beacon_parameters params;
1070 	int haveinfo = 0;
1071 
1072 	rtnl_lock();
1073 
1074 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1075 	if (err)
1076 		goto unlock_rtnl;
1077 
1078 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1079 		err = -EOPNOTSUPP;
1080 		goto out;
1081 	}
1082 
1083 	switch (info->genlhdr->cmd) {
1084 	case NL80211_CMD_NEW_BEACON:
1085 		/* these are required for NEW_BEACON */
1086 		if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
1087 		    !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
1088 		    !info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1089 			err = -EINVAL;
1090 			goto out;
1091 		}
1092 
1093 		call = drv->ops->add_beacon;
1094 		break;
1095 	case NL80211_CMD_SET_BEACON:
1096 		call = drv->ops->set_beacon;
1097 		break;
1098 	default:
1099 		WARN_ON(1);
1100 		err = -EOPNOTSUPP;
1101 		goto out;
1102 	}
1103 
1104 	if (!call) {
1105 		err = -EOPNOTSUPP;
1106 		goto out;
1107 	}
1108 
1109 	memset(&params, 0, sizeof(params));
1110 
1111 	if (info->attrs[NL80211_ATTR_BEACON_INTERVAL]) {
1112 		params.interval =
1113 		    nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
1114 		haveinfo = 1;
1115 	}
1116 
1117 	if (info->attrs[NL80211_ATTR_DTIM_PERIOD]) {
1118 		params.dtim_period =
1119 		    nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);
1120 		haveinfo = 1;
1121 	}
1122 
1123 	if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
1124 		params.head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1125 		params.head_len =
1126 		    nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
1127 		haveinfo = 1;
1128 	}
1129 
1130 	if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
1131 		params.tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1132 		params.tail_len =
1133 		    nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
1134 		haveinfo = 1;
1135 	}
1136 
1137 	if (!haveinfo) {
1138 		err = -EINVAL;
1139 		goto out;
1140 	}
1141 
1142 	err = call(&drv->wiphy, dev, &params);
1143 
1144  out:
1145 	cfg80211_put_dev(drv);
1146 	dev_put(dev);
1147  unlock_rtnl:
1148 	rtnl_unlock();
1149 
1150 	return err;
1151 }
1152 
1153 static int nl80211_del_beacon(struct sk_buff *skb, struct genl_info *info)
1154 {
1155 	struct cfg80211_registered_device *drv;
1156 	int err;
1157 	struct net_device *dev;
1158 
1159 	rtnl_lock();
1160 
1161 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1162 	if (err)
1163 		goto unlock_rtnl;
1164 
1165 	if (!drv->ops->del_beacon) {
1166 		err = -EOPNOTSUPP;
1167 		goto out;
1168 	}
1169 
1170 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
1171 		err = -EOPNOTSUPP;
1172 		goto out;
1173 	}
1174 	err = drv->ops->del_beacon(&drv->wiphy, dev);
1175 
1176  out:
1177 	cfg80211_put_dev(drv);
1178 	dev_put(dev);
1179  unlock_rtnl:
1180 	rtnl_unlock();
1181 
1182 	return err;
1183 }
1184 
1185 static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
1186 	[NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
1187 	[NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
1188 	[NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
1189 };
1190 
1191 static int parse_station_flags(struct nlattr *nla, u32 *staflags)
1192 {
1193 	struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
1194 	int flag;
1195 
1196 	*staflags = 0;
1197 
1198 	if (!nla)
1199 		return 0;
1200 
1201 	if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
1202 			     nla, sta_flags_policy))
1203 		return -EINVAL;
1204 
1205 	*staflags = STATION_FLAG_CHANGED;
1206 
1207 	for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++)
1208 		if (flags[flag])
1209 			*staflags |= (1<<flag);
1210 
1211 	return 0;
1212 }
1213 
1214 static u16 nl80211_calculate_bitrate(struct rate_info *rate)
1215 {
1216 	int modulation, streams, bitrate;
1217 
1218 	if (!(rate->flags & RATE_INFO_FLAGS_MCS))
1219 		return rate->legacy;
1220 
1221 	/* the formula below does only work for MCS values smaller than 32 */
1222 	if (rate->mcs >= 32)
1223 		return 0;
1224 
1225 	modulation = rate->mcs & 7;
1226 	streams = (rate->mcs >> 3) + 1;
1227 
1228 	bitrate = (rate->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) ?
1229 			13500000 : 6500000;
1230 
1231 	if (modulation < 4)
1232 		bitrate *= (modulation + 1);
1233 	else if (modulation == 4)
1234 		bitrate *= (modulation + 2);
1235 	else
1236 		bitrate *= (modulation + 3);
1237 
1238 	bitrate *= streams;
1239 
1240 	if (rate->flags & RATE_INFO_FLAGS_SHORT_GI)
1241 		bitrate = (bitrate / 9) * 10;
1242 
1243 	/* do NOT round down here */
1244 	return (bitrate + 50000) / 100000;
1245 }
1246 
1247 static int nl80211_send_station(struct sk_buff *msg, u32 pid, u32 seq,
1248 				int flags, struct net_device *dev,
1249 				u8 *mac_addr, struct station_info *sinfo)
1250 {
1251 	void *hdr;
1252 	struct nlattr *sinfoattr, *txrate;
1253 	u16 bitrate;
1254 
1255 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1256 	if (!hdr)
1257 		return -1;
1258 
1259 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1260 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr);
1261 
1262 	sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
1263 	if (!sinfoattr)
1264 		goto nla_put_failure;
1265 	if (sinfo->filled & STATION_INFO_INACTIVE_TIME)
1266 		NLA_PUT_U32(msg, NL80211_STA_INFO_INACTIVE_TIME,
1267 			    sinfo->inactive_time);
1268 	if (sinfo->filled & STATION_INFO_RX_BYTES)
1269 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_BYTES,
1270 			    sinfo->rx_bytes);
1271 	if (sinfo->filled & STATION_INFO_TX_BYTES)
1272 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_BYTES,
1273 			    sinfo->tx_bytes);
1274 	if (sinfo->filled & STATION_INFO_LLID)
1275 		NLA_PUT_U16(msg, NL80211_STA_INFO_LLID,
1276 			    sinfo->llid);
1277 	if (sinfo->filled & STATION_INFO_PLID)
1278 		NLA_PUT_U16(msg, NL80211_STA_INFO_PLID,
1279 			    sinfo->plid);
1280 	if (sinfo->filled & STATION_INFO_PLINK_STATE)
1281 		NLA_PUT_U8(msg, NL80211_STA_INFO_PLINK_STATE,
1282 			    sinfo->plink_state);
1283 	if (sinfo->filled & STATION_INFO_SIGNAL)
1284 		NLA_PUT_U8(msg, NL80211_STA_INFO_SIGNAL,
1285 			   sinfo->signal);
1286 	if (sinfo->filled & STATION_INFO_TX_BITRATE) {
1287 		txrate = nla_nest_start(msg, NL80211_STA_INFO_TX_BITRATE);
1288 		if (!txrate)
1289 			goto nla_put_failure;
1290 
1291 		/* nl80211_calculate_bitrate will return 0 for mcs >= 32 */
1292 		bitrate = nl80211_calculate_bitrate(&sinfo->txrate);
1293 		if (bitrate > 0)
1294 			NLA_PUT_U16(msg, NL80211_RATE_INFO_BITRATE, bitrate);
1295 
1296 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_MCS)
1297 			NLA_PUT_U8(msg, NL80211_RATE_INFO_MCS,
1298 				    sinfo->txrate.mcs);
1299 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_40_MHZ_WIDTH)
1300 			NLA_PUT_FLAG(msg, NL80211_RATE_INFO_40_MHZ_WIDTH);
1301 		if (sinfo->txrate.flags & RATE_INFO_FLAGS_SHORT_GI)
1302 			NLA_PUT_FLAG(msg, NL80211_RATE_INFO_SHORT_GI);
1303 
1304 		nla_nest_end(msg, txrate);
1305 	}
1306 	if (sinfo->filled & STATION_INFO_RX_PACKETS)
1307 		NLA_PUT_U32(msg, NL80211_STA_INFO_RX_PACKETS,
1308 			    sinfo->rx_packets);
1309 	if (sinfo->filled & STATION_INFO_TX_PACKETS)
1310 		NLA_PUT_U32(msg, NL80211_STA_INFO_TX_PACKETS,
1311 			    sinfo->tx_packets);
1312 	nla_nest_end(msg, sinfoattr);
1313 
1314 	return genlmsg_end(msg, hdr);
1315 
1316  nla_put_failure:
1317 	genlmsg_cancel(msg, hdr);
1318 	return -EMSGSIZE;
1319 }
1320 
1321 static int nl80211_dump_station(struct sk_buff *skb,
1322 				struct netlink_callback *cb)
1323 {
1324 	struct station_info sinfo;
1325 	struct cfg80211_registered_device *dev;
1326 	struct net_device *netdev;
1327 	u8 mac_addr[ETH_ALEN];
1328 	int ifidx = cb->args[0];
1329 	int sta_idx = cb->args[1];
1330 	int err;
1331 
1332 	if (!ifidx) {
1333 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1334 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
1335 				  nl80211_policy);
1336 		if (err)
1337 			return err;
1338 
1339 		if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1340 			return -EINVAL;
1341 
1342 		ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1343 		if (!ifidx)
1344 			return -EINVAL;
1345 	}
1346 
1347 	rtnl_lock();
1348 
1349 	netdev = __dev_get_by_index(&init_net, ifidx);
1350 	if (!netdev) {
1351 		err = -ENODEV;
1352 		goto out_rtnl;
1353 	}
1354 
1355 	dev = cfg80211_get_dev_from_ifindex(ifidx);
1356 	if (IS_ERR(dev)) {
1357 		err = PTR_ERR(dev);
1358 		goto out_rtnl;
1359 	}
1360 
1361 	if (!dev->ops->dump_station) {
1362 		err = -EOPNOTSUPP;
1363 		goto out_err;
1364 	}
1365 
1366 	while (1) {
1367 		err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
1368 					     mac_addr, &sinfo);
1369 		if (err == -ENOENT)
1370 			break;
1371 		if (err)
1372 			goto out_err;
1373 
1374 		if (nl80211_send_station(skb,
1375 				NETLINK_CB(cb->skb).pid,
1376 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
1377 				netdev, mac_addr,
1378 				&sinfo) < 0)
1379 			goto out;
1380 
1381 		sta_idx++;
1382 	}
1383 
1384 
1385  out:
1386 	cb->args[1] = sta_idx;
1387 	err = skb->len;
1388  out_err:
1389 	cfg80211_put_dev(dev);
1390  out_rtnl:
1391 	rtnl_unlock();
1392 
1393 	return err;
1394 }
1395 
1396 static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
1397 {
1398 	struct cfg80211_registered_device *drv;
1399 	int err;
1400 	struct net_device *dev;
1401 	struct station_info sinfo;
1402 	struct sk_buff *msg;
1403 	u8 *mac_addr = NULL;
1404 
1405 	memset(&sinfo, 0, sizeof(sinfo));
1406 
1407 	if (!info->attrs[NL80211_ATTR_MAC])
1408 		return -EINVAL;
1409 
1410 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1411 
1412 	rtnl_lock();
1413 
1414 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1415 	if (err)
1416 		goto out_rtnl;
1417 
1418 	if (!drv->ops->get_station) {
1419 		err = -EOPNOTSUPP;
1420 		goto out;
1421 	}
1422 
1423 	err = drv->ops->get_station(&drv->wiphy, dev, mac_addr, &sinfo);
1424 	if (err)
1425 		goto out;
1426 
1427 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
1428 	if (!msg)
1429 		goto out;
1430 
1431 	if (nl80211_send_station(msg, info->snd_pid, info->snd_seq, 0,
1432 				 dev, mac_addr, &sinfo) < 0)
1433 		goto out_free;
1434 
1435 	err = genlmsg_unicast(msg, info->snd_pid);
1436 	goto out;
1437 
1438  out_free:
1439 	nlmsg_free(msg);
1440  out:
1441 	cfg80211_put_dev(drv);
1442 	dev_put(dev);
1443  out_rtnl:
1444 	rtnl_unlock();
1445 
1446 	return err;
1447 }
1448 
1449 /*
1450  * Get vlan interface making sure it is on the right wiphy.
1451  */
1452 static int get_vlan(struct nlattr *vlanattr,
1453 		    struct cfg80211_registered_device *rdev,
1454 		    struct net_device **vlan)
1455 {
1456 	*vlan = NULL;
1457 
1458 	if (vlanattr) {
1459 		*vlan = dev_get_by_index(&init_net, nla_get_u32(vlanattr));
1460 		if (!*vlan)
1461 			return -ENODEV;
1462 		if (!(*vlan)->ieee80211_ptr)
1463 			return -EINVAL;
1464 		if ((*vlan)->ieee80211_ptr->wiphy != &rdev->wiphy)
1465 			return -EINVAL;
1466 	}
1467 	return 0;
1468 }
1469 
1470 static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
1471 {
1472 	struct cfg80211_registered_device *drv;
1473 	int err;
1474 	struct net_device *dev;
1475 	struct station_parameters params;
1476 	u8 *mac_addr = NULL;
1477 
1478 	memset(&params, 0, sizeof(params));
1479 
1480 	params.listen_interval = -1;
1481 
1482 	if (info->attrs[NL80211_ATTR_STA_AID])
1483 		return -EINVAL;
1484 
1485 	if (!info->attrs[NL80211_ATTR_MAC])
1486 		return -EINVAL;
1487 
1488 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1489 
1490 	if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
1491 		params.supported_rates =
1492 			nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1493 		params.supported_rates_len =
1494 			nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1495 	}
1496 
1497 	if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1498 		params.listen_interval =
1499 		    nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1500 
1501 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1502 		params.ht_capa =
1503 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1504 
1505 	if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
1506 				&params.station_flags))
1507 		return -EINVAL;
1508 
1509 	if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
1510 		params.plink_action =
1511 		    nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);
1512 
1513 	rtnl_lock();
1514 
1515 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1516 	if (err)
1517 		goto out_rtnl;
1518 
1519 	err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1520 	if (err)
1521 		goto out;
1522 
1523 	if (!drv->ops->change_station) {
1524 		err = -EOPNOTSUPP;
1525 		goto out;
1526 	}
1527 
1528 	err = drv->ops->change_station(&drv->wiphy, dev, mac_addr, &params);
1529 
1530  out:
1531 	if (params.vlan)
1532 		dev_put(params.vlan);
1533 	cfg80211_put_dev(drv);
1534 	dev_put(dev);
1535  out_rtnl:
1536 	rtnl_unlock();
1537 
1538 	return err;
1539 }
1540 
1541 static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
1542 {
1543 	struct cfg80211_registered_device *drv;
1544 	int err;
1545 	struct net_device *dev;
1546 	struct station_parameters params;
1547 	u8 *mac_addr = NULL;
1548 
1549 	memset(&params, 0, sizeof(params));
1550 
1551 	if (!info->attrs[NL80211_ATTR_MAC])
1552 		return -EINVAL;
1553 
1554 	if (!info->attrs[NL80211_ATTR_STA_AID])
1555 		return -EINVAL;
1556 
1557 	if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
1558 		return -EINVAL;
1559 
1560 	if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
1561 		return -EINVAL;
1562 
1563 	mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1564 	params.supported_rates =
1565 		nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1566 	params.supported_rates_len =
1567 		nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
1568 	params.listen_interval =
1569 		nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);
1570 	params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
1571 	if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
1572 		params.ht_capa =
1573 			nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);
1574 
1575 	if (parse_station_flags(info->attrs[NL80211_ATTR_STA_FLAGS],
1576 				&params.station_flags))
1577 		return -EINVAL;
1578 
1579 	rtnl_lock();
1580 
1581 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1582 	if (err)
1583 		goto out_rtnl;
1584 
1585 	err = get_vlan(info->attrs[NL80211_ATTR_STA_VLAN], drv, &params.vlan);
1586 	if (err)
1587 		goto out;
1588 
1589 	if (!drv->ops->add_station) {
1590 		err = -EOPNOTSUPP;
1591 		goto out;
1592 	}
1593 
1594 	if (!netif_running(dev)) {
1595 		err = -ENETDOWN;
1596 		goto out;
1597 	}
1598 
1599 	err = drv->ops->add_station(&drv->wiphy, dev, mac_addr, &params);
1600 
1601  out:
1602 	if (params.vlan)
1603 		dev_put(params.vlan);
1604 	cfg80211_put_dev(drv);
1605 	dev_put(dev);
1606  out_rtnl:
1607 	rtnl_unlock();
1608 
1609 	return err;
1610 }
1611 
1612 static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
1613 {
1614 	struct cfg80211_registered_device *drv;
1615 	int err;
1616 	struct net_device *dev;
1617 	u8 *mac_addr = NULL;
1618 
1619 	if (info->attrs[NL80211_ATTR_MAC])
1620 		mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
1621 
1622 	rtnl_lock();
1623 
1624 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1625 	if (err)
1626 		goto out_rtnl;
1627 
1628 	if (!drv->ops->del_station) {
1629 		err = -EOPNOTSUPP;
1630 		goto out;
1631 	}
1632 
1633 	err = drv->ops->del_station(&drv->wiphy, dev, mac_addr);
1634 
1635  out:
1636 	cfg80211_put_dev(drv);
1637 	dev_put(dev);
1638  out_rtnl:
1639 	rtnl_unlock();
1640 
1641 	return err;
1642 }
1643 
1644 static int nl80211_send_mpath(struct sk_buff *msg, u32 pid, u32 seq,
1645 				int flags, struct net_device *dev,
1646 				u8 *dst, u8 *next_hop,
1647 				struct mpath_info *pinfo)
1648 {
1649 	void *hdr;
1650 	struct nlattr *pinfoattr;
1651 
1652 	hdr = nl80211hdr_put(msg, pid, seq, flags, NL80211_CMD_NEW_STATION);
1653 	if (!hdr)
1654 		return -1;
1655 
1656 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
1657 	NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, dst);
1658 	NLA_PUT(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop);
1659 
1660 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
1661 	if (!pinfoattr)
1662 		goto nla_put_failure;
1663 	if (pinfo->filled & MPATH_INFO_FRAME_QLEN)
1664 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
1665 			    pinfo->frame_qlen);
1666 	if (pinfo->filled & MPATH_INFO_DSN)
1667 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_DSN,
1668 			    pinfo->dsn);
1669 	if (pinfo->filled & MPATH_INFO_METRIC)
1670 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_METRIC,
1671 			    pinfo->metric);
1672 	if (pinfo->filled & MPATH_INFO_EXPTIME)
1673 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_EXPTIME,
1674 			    pinfo->exptime);
1675 	if (pinfo->filled & MPATH_INFO_FLAGS)
1676 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_FLAGS,
1677 			    pinfo->flags);
1678 	if (pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT)
1679 		NLA_PUT_U32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
1680 			    pinfo->discovery_timeout);
1681 	if (pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES)
1682 		NLA_PUT_U8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
1683 			    pinfo->discovery_retries);
1684 
1685 	nla_nest_end(msg, pinfoattr);
1686 
1687 	return genlmsg_end(msg, hdr);
1688 
1689  nla_put_failure:
1690 	genlmsg_cancel(msg, hdr);
1691 	return -EMSGSIZE;
1692 }
1693 
1694 static int nl80211_dump_mpath(struct sk_buff *skb,
1695 			      struct netlink_callback *cb)
1696 {
1697 	struct mpath_info pinfo;
1698 	struct cfg80211_registered_device *dev;
1699 	struct net_device *netdev;
1700 	u8 dst[ETH_ALEN];
1701 	u8 next_hop[ETH_ALEN];
1702 	int ifidx = cb->args[0];
1703 	int path_idx = cb->args[1];
1704 	int err;
1705 
1706 	if (!ifidx) {
1707 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
1708 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
1709 				  nl80211_policy);
1710 		if (err)
1711 			return err;
1712 
1713 		if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
1714 			return -EINVAL;
1715 
1716 		ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
1717 		if (!ifidx)
1718 			return -EINVAL;
1719 	}
1720 
1721 	rtnl_lock();
1722 
1723 	netdev = __dev_get_by_index(&init_net, ifidx);
1724 	if (!netdev) {
1725 		err = -ENODEV;
1726 		goto out_rtnl;
1727 	}
1728 
1729 	dev = cfg80211_get_dev_from_ifindex(ifidx);
1730 	if (IS_ERR(dev)) {
1731 		err = PTR_ERR(dev);
1732 		goto out_rtnl;
1733 	}
1734 
1735 	if (!dev->ops->dump_mpath) {
1736 		err = -EOPNOTSUPP;
1737 		goto out_err;
1738 	}
1739 
1740 	if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
1741 		err = -EOPNOTSUPP;
1742 		goto out;
1743 	}
1744 
1745 	while (1) {
1746 		err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
1747 					   dst, next_hop, &pinfo);
1748 		if (err == -ENOENT)
1749 			break;
1750 		if (err)
1751 			goto out_err;
1752 
1753 		if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).pid,
1754 				       cb->nlh->nlmsg_seq, NLM_F_MULTI,
1755 				       netdev, dst, next_hop,
1756 				       &pinfo) < 0)
1757 			goto out;
1758 
1759 		path_idx++;
1760 	}
1761 
1762 
1763  out:
1764 	cb->args[1] = path_idx;
1765 	err = skb->len;
1766  out_err:
1767 	cfg80211_put_dev(dev);
1768  out_rtnl:
1769 	rtnl_unlock();
1770 
1771 	return err;
1772 }
1773 
1774 static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
1775 {
1776 	struct cfg80211_registered_device *drv;
1777 	int err;
1778 	struct net_device *dev;
1779 	struct mpath_info pinfo;
1780 	struct sk_buff *msg;
1781 	u8 *dst = NULL;
1782 	u8 next_hop[ETH_ALEN];
1783 
1784 	memset(&pinfo, 0, sizeof(pinfo));
1785 
1786 	if (!info->attrs[NL80211_ATTR_MAC])
1787 		return -EINVAL;
1788 
1789 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1790 
1791 	rtnl_lock();
1792 
1793 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1794 	if (err)
1795 		goto out_rtnl;
1796 
1797 	if (!drv->ops->get_mpath) {
1798 		err = -EOPNOTSUPP;
1799 		goto out;
1800 	}
1801 
1802 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
1803 		err = -EOPNOTSUPP;
1804 		goto out;
1805 	}
1806 
1807 	err = drv->ops->get_mpath(&drv->wiphy, dev, dst, next_hop, &pinfo);
1808 	if (err)
1809 		goto out;
1810 
1811 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
1812 	if (!msg)
1813 		goto out;
1814 
1815 	if (nl80211_send_mpath(msg, info->snd_pid, info->snd_seq, 0,
1816 				 dev, dst, next_hop, &pinfo) < 0)
1817 		goto out_free;
1818 
1819 	err = genlmsg_unicast(msg, info->snd_pid);
1820 	goto out;
1821 
1822  out_free:
1823 	nlmsg_free(msg);
1824  out:
1825 	cfg80211_put_dev(drv);
1826 	dev_put(dev);
1827  out_rtnl:
1828 	rtnl_unlock();
1829 
1830 	return err;
1831 }
1832 
1833 static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
1834 {
1835 	struct cfg80211_registered_device *drv;
1836 	int err;
1837 	struct net_device *dev;
1838 	u8 *dst = NULL;
1839 	u8 *next_hop = NULL;
1840 
1841 	if (!info->attrs[NL80211_ATTR_MAC])
1842 		return -EINVAL;
1843 
1844 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
1845 		return -EINVAL;
1846 
1847 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1848 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1849 
1850 	rtnl_lock();
1851 
1852 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1853 	if (err)
1854 		goto out_rtnl;
1855 
1856 	if (!drv->ops->change_mpath) {
1857 		err = -EOPNOTSUPP;
1858 		goto out;
1859 	}
1860 
1861 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
1862 		err = -EOPNOTSUPP;
1863 		goto out;
1864 	}
1865 
1866 	if (!netif_running(dev)) {
1867 		err = -ENETDOWN;
1868 		goto out;
1869 	}
1870 
1871 	err = drv->ops->change_mpath(&drv->wiphy, dev, dst, next_hop);
1872 
1873  out:
1874 	cfg80211_put_dev(drv);
1875 	dev_put(dev);
1876  out_rtnl:
1877 	rtnl_unlock();
1878 
1879 	return err;
1880 }
1881 static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
1882 {
1883 	struct cfg80211_registered_device *drv;
1884 	int err;
1885 	struct net_device *dev;
1886 	u8 *dst = NULL;
1887 	u8 *next_hop = NULL;
1888 
1889 	if (!info->attrs[NL80211_ATTR_MAC])
1890 		return -EINVAL;
1891 
1892 	if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
1893 		return -EINVAL;
1894 
1895 	dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1896 	next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);
1897 
1898 	rtnl_lock();
1899 
1900 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1901 	if (err)
1902 		goto out_rtnl;
1903 
1904 	if (!drv->ops->add_mpath) {
1905 		err = -EOPNOTSUPP;
1906 		goto out;
1907 	}
1908 
1909 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
1910 		err = -EOPNOTSUPP;
1911 		goto out;
1912 	}
1913 
1914 	if (!netif_running(dev)) {
1915 		err = -ENETDOWN;
1916 		goto out;
1917 	}
1918 
1919 	err = drv->ops->add_mpath(&drv->wiphy, dev, dst, next_hop);
1920 
1921  out:
1922 	cfg80211_put_dev(drv);
1923 	dev_put(dev);
1924  out_rtnl:
1925 	rtnl_unlock();
1926 
1927 	return err;
1928 }
1929 
1930 static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
1931 {
1932 	struct cfg80211_registered_device *drv;
1933 	int err;
1934 	struct net_device *dev;
1935 	u8 *dst = NULL;
1936 
1937 	if (info->attrs[NL80211_ATTR_MAC])
1938 		dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
1939 
1940 	rtnl_lock();
1941 
1942 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1943 	if (err)
1944 		goto out_rtnl;
1945 
1946 	if (!drv->ops->del_mpath) {
1947 		err = -EOPNOTSUPP;
1948 		goto out;
1949 	}
1950 
1951 	err = drv->ops->del_mpath(&drv->wiphy, dev, dst);
1952 
1953  out:
1954 	cfg80211_put_dev(drv);
1955 	dev_put(dev);
1956  out_rtnl:
1957 	rtnl_unlock();
1958 
1959 	return err;
1960 }
1961 
1962 static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
1963 {
1964 	struct cfg80211_registered_device *drv;
1965 	int err;
1966 	struct net_device *dev;
1967 	struct bss_parameters params;
1968 
1969 	memset(&params, 0, sizeof(params));
1970 	/* default to not changing parameters */
1971 	params.use_cts_prot = -1;
1972 	params.use_short_preamble = -1;
1973 	params.use_short_slot_time = -1;
1974 
1975 	if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
1976 		params.use_cts_prot =
1977 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
1978 	if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
1979 		params.use_short_preamble =
1980 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
1981 	if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
1982 		params.use_short_slot_time =
1983 		    nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
1984 	if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
1985 		params.basic_rates =
1986 			nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
1987 		params.basic_rates_len =
1988 			nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
1989 	}
1990 
1991 	rtnl_lock();
1992 
1993 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
1994 	if (err)
1995 		goto out_rtnl;
1996 
1997 	if (!drv->ops->change_bss) {
1998 		err = -EOPNOTSUPP;
1999 		goto out;
2000 	}
2001 
2002 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP) {
2003 		err = -EOPNOTSUPP;
2004 		goto out;
2005 	}
2006 
2007 	err = drv->ops->change_bss(&drv->wiphy, dev, &params);
2008 
2009  out:
2010 	cfg80211_put_dev(drv);
2011 	dev_put(dev);
2012  out_rtnl:
2013 	rtnl_unlock();
2014 
2015 	return err;
2016 }
2017 
2018 static const struct nla_policy
2019 	reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
2020 	[NL80211_ATTR_REG_RULE_FLAGS]		= { .type = NLA_U32 },
2021 	[NL80211_ATTR_FREQ_RANGE_START]		= { .type = NLA_U32 },
2022 	[NL80211_ATTR_FREQ_RANGE_END]		= { .type = NLA_U32 },
2023 	[NL80211_ATTR_FREQ_RANGE_MAX_BW]	= { .type = NLA_U32 },
2024 	[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]	= { .type = NLA_U32 },
2025 	[NL80211_ATTR_POWER_RULE_MAX_EIRP]	= { .type = NLA_U32 },
2026 };
2027 
2028 static int parse_reg_rule(struct nlattr *tb[],
2029 	struct ieee80211_reg_rule *reg_rule)
2030 {
2031 	struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
2032 	struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;
2033 
2034 	if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
2035 		return -EINVAL;
2036 	if (!tb[NL80211_ATTR_FREQ_RANGE_START])
2037 		return -EINVAL;
2038 	if (!tb[NL80211_ATTR_FREQ_RANGE_END])
2039 		return -EINVAL;
2040 	if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
2041 		return -EINVAL;
2042 	if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
2043 		return -EINVAL;
2044 
2045 	reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);
2046 
2047 	freq_range->start_freq_khz =
2048 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
2049 	freq_range->end_freq_khz =
2050 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
2051 	freq_range->max_bandwidth_khz =
2052 		nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);
2053 
2054 	power_rule->max_eirp =
2055 		nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);
2056 
2057 	if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
2058 		power_rule->max_antenna_gain =
2059 			nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);
2060 
2061 	return 0;
2062 }
2063 
2064 static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
2065 {
2066 	int r;
2067 	char *data = NULL;
2068 
2069 	/*
2070 	 * You should only get this when cfg80211 hasn't yet initialized
2071 	 * completely when built-in to the kernel right between the time
2072 	 * window between nl80211_init() and regulatory_init(), if that is
2073 	 * even possible.
2074 	 */
2075 	mutex_lock(&cfg80211_mutex);
2076 	if (unlikely(!cfg80211_regdomain)) {
2077 		mutex_unlock(&cfg80211_mutex);
2078 		return -EINPROGRESS;
2079 	}
2080 	mutex_unlock(&cfg80211_mutex);
2081 
2082 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2083 		return -EINVAL;
2084 
2085 	data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2086 
2087 #ifdef CONFIG_WIRELESS_OLD_REGULATORY
2088 	/* We ignore world regdom requests with the old regdom setup */
2089 	if (is_world_regdom(data))
2090 		return -EINVAL;
2091 #endif
2092 
2093 	r = regulatory_hint_user(data);
2094 
2095 	return r;
2096 }
2097 
2098 static int nl80211_get_mesh_params(struct sk_buff *skb,
2099 	struct genl_info *info)
2100 {
2101 	struct cfg80211_registered_device *drv;
2102 	struct mesh_config cur_params;
2103 	int err;
2104 	struct net_device *dev;
2105 	void *hdr;
2106 	struct nlattr *pinfoattr;
2107 	struct sk_buff *msg;
2108 
2109 	rtnl_lock();
2110 
2111 	/* Look up our device */
2112 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2113 	if (err)
2114 		goto out_rtnl;
2115 
2116 	if (!drv->ops->get_mesh_params) {
2117 		err = -EOPNOTSUPP;
2118 		goto out;
2119 	}
2120 
2121 	/* Get the mesh params */
2122 	err = drv->ops->get_mesh_params(&drv->wiphy, dev, &cur_params);
2123 	if (err)
2124 		goto out;
2125 
2126 	/* Draw up a netlink message to send back */
2127 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
2128 	if (!msg) {
2129 		err = -ENOBUFS;
2130 		goto out;
2131 	}
2132 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2133 			     NL80211_CMD_GET_MESH_PARAMS);
2134 	if (!hdr)
2135 		goto nla_put_failure;
2136 	pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_PARAMS);
2137 	if (!pinfoattr)
2138 		goto nla_put_failure;
2139 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2140 	NLA_PUT_U16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
2141 			cur_params.dot11MeshRetryTimeout);
2142 	NLA_PUT_U16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
2143 			cur_params.dot11MeshConfirmTimeout);
2144 	NLA_PUT_U16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
2145 			cur_params.dot11MeshHoldingTimeout);
2146 	NLA_PUT_U16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
2147 			cur_params.dot11MeshMaxPeerLinks);
2148 	NLA_PUT_U8(msg, NL80211_MESHCONF_MAX_RETRIES,
2149 			cur_params.dot11MeshMaxRetries);
2150 	NLA_PUT_U8(msg, NL80211_MESHCONF_TTL,
2151 			cur_params.dot11MeshTTL);
2152 	NLA_PUT_U8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
2153 			cur_params.auto_open_plinks);
2154 	NLA_PUT_U8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2155 			cur_params.dot11MeshHWMPmaxPREQretries);
2156 	NLA_PUT_U32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
2157 			cur_params.path_refresh_time);
2158 	NLA_PUT_U16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2159 			cur_params.min_discovery_timeout);
2160 	NLA_PUT_U32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2161 			cur_params.dot11MeshHWMPactivePathTimeout);
2162 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2163 			cur_params.dot11MeshHWMPpreqMinInterval);
2164 	NLA_PUT_U16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2165 			cur_params.dot11MeshHWMPnetDiameterTraversalTime);
2166 	nla_nest_end(msg, pinfoattr);
2167 	genlmsg_end(msg, hdr);
2168 	err = genlmsg_unicast(msg, info->snd_pid);
2169 	goto out;
2170 
2171  nla_put_failure:
2172 	genlmsg_cancel(msg, hdr);
2173 	err = -EMSGSIZE;
2174  out:
2175 	/* Cleanup */
2176 	cfg80211_put_dev(drv);
2177 	dev_put(dev);
2178  out_rtnl:
2179 	rtnl_unlock();
2180 
2181 	return err;
2182 }
2183 
2184 #define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
2185 do {\
2186 	if (table[attr_num]) {\
2187 		cfg.param = nla_fn(table[attr_num]); \
2188 		mask |= (1 << (attr_num - 1)); \
2189 	} \
2190 } while (0);\
2191 
2192 static struct nla_policy
2193 nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] __read_mostly = {
2194 	[NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
2195 	[NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
2196 	[NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
2197 	[NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
2198 	[NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
2199 	[NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
2200 	[NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
2201 
2202 	[NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
2203 	[NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
2204 	[NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
2205 	[NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
2206 	[NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
2207 	[NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
2208 };
2209 
2210 static int nl80211_set_mesh_params(struct sk_buff *skb, struct genl_info *info)
2211 {
2212 	int err;
2213 	u32 mask;
2214 	struct cfg80211_registered_device *drv;
2215 	struct net_device *dev;
2216 	struct mesh_config cfg;
2217 	struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
2218 	struct nlattr *parent_attr;
2219 
2220 	parent_attr = info->attrs[NL80211_ATTR_MESH_PARAMS];
2221 	if (!parent_attr)
2222 		return -EINVAL;
2223 	if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
2224 			parent_attr, nl80211_meshconf_params_policy))
2225 		return -EINVAL;
2226 
2227 	rtnl_lock();
2228 
2229 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2230 	if (err)
2231 		goto out_rtnl;
2232 
2233 	if (!drv->ops->set_mesh_params) {
2234 		err = -EOPNOTSUPP;
2235 		goto out;
2236 	}
2237 
2238 	/* This makes sure that there aren't more than 32 mesh config
2239 	 * parameters (otherwise our bitfield scheme would not work.) */
2240 	BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);
2241 
2242 	/* Fill in the params struct */
2243 	mask = 0;
2244 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
2245 			mask, NL80211_MESHCONF_RETRY_TIMEOUT, nla_get_u16);
2246 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
2247 			mask, NL80211_MESHCONF_CONFIRM_TIMEOUT, nla_get_u16);
2248 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
2249 			mask, NL80211_MESHCONF_HOLDING_TIMEOUT, nla_get_u16);
2250 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
2251 			mask, NL80211_MESHCONF_MAX_PEER_LINKS, nla_get_u16);
2252 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
2253 			mask, NL80211_MESHCONF_MAX_RETRIES, nla_get_u8);
2254 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
2255 			mask, NL80211_MESHCONF_TTL, nla_get_u8);
2256 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
2257 			mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS, nla_get_u8);
2258 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
2259 			mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
2260 			nla_get_u8);
2261 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
2262 			mask, NL80211_MESHCONF_PATH_REFRESH_TIME, nla_get_u32);
2263 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
2264 			mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
2265 			nla_get_u16);
2266 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout,
2267 			mask, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
2268 			nla_get_u32);
2269 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
2270 			mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
2271 			nla_get_u16);
2272 	FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
2273 			dot11MeshHWMPnetDiameterTraversalTime,
2274 			mask, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
2275 			nla_get_u16);
2276 
2277 	/* Apply changes */
2278 	err = drv->ops->set_mesh_params(&drv->wiphy, dev, &cfg, mask);
2279 
2280  out:
2281 	/* cleanup */
2282 	cfg80211_put_dev(drv);
2283 	dev_put(dev);
2284  out_rtnl:
2285 	rtnl_unlock();
2286 
2287 	return err;
2288 }
2289 
2290 #undef FILL_IN_MESH_PARAM_IF_SET
2291 
2292 static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
2293 {
2294 	struct sk_buff *msg;
2295 	void *hdr = NULL;
2296 	struct nlattr *nl_reg_rules;
2297 	unsigned int i;
2298 	int err = -EINVAL;
2299 
2300 	mutex_lock(&cfg80211_mutex);
2301 
2302 	if (!cfg80211_regdomain)
2303 		goto out;
2304 
2305 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
2306 	if (!msg) {
2307 		err = -ENOBUFS;
2308 		goto out;
2309 	}
2310 
2311 	hdr = nl80211hdr_put(msg, info->snd_pid, info->snd_seq, 0,
2312 			     NL80211_CMD_GET_REG);
2313 	if (!hdr)
2314 		goto nla_put_failure;
2315 
2316 	NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2,
2317 		cfg80211_regdomain->alpha2);
2318 
2319 	nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
2320 	if (!nl_reg_rules)
2321 		goto nla_put_failure;
2322 
2323 	for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
2324 		struct nlattr *nl_reg_rule;
2325 		const struct ieee80211_reg_rule *reg_rule;
2326 		const struct ieee80211_freq_range *freq_range;
2327 		const struct ieee80211_power_rule *power_rule;
2328 
2329 		reg_rule = &cfg80211_regdomain->reg_rules[i];
2330 		freq_range = &reg_rule->freq_range;
2331 		power_rule = &reg_rule->power_rule;
2332 
2333 		nl_reg_rule = nla_nest_start(msg, i);
2334 		if (!nl_reg_rule)
2335 			goto nla_put_failure;
2336 
2337 		NLA_PUT_U32(msg, NL80211_ATTR_REG_RULE_FLAGS,
2338 			reg_rule->flags);
2339 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_START,
2340 			freq_range->start_freq_khz);
2341 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_END,
2342 			freq_range->end_freq_khz);
2343 		NLA_PUT_U32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
2344 			freq_range->max_bandwidth_khz);
2345 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
2346 			power_rule->max_antenna_gain);
2347 		NLA_PUT_U32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
2348 			power_rule->max_eirp);
2349 
2350 		nla_nest_end(msg, nl_reg_rule);
2351 	}
2352 
2353 	nla_nest_end(msg, nl_reg_rules);
2354 
2355 	genlmsg_end(msg, hdr);
2356 	err = genlmsg_unicast(msg, info->snd_pid);
2357 	goto out;
2358 
2359 nla_put_failure:
2360 	genlmsg_cancel(msg, hdr);
2361 	err = -EMSGSIZE;
2362 out:
2363 	mutex_unlock(&cfg80211_mutex);
2364 	return err;
2365 }
2366 
2367 static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
2368 {
2369 	struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
2370 	struct nlattr *nl_reg_rule;
2371 	char *alpha2 = NULL;
2372 	int rem_reg_rules = 0, r = 0;
2373 	u32 num_rules = 0, rule_idx = 0, size_of_regd;
2374 	struct ieee80211_regdomain *rd = NULL;
2375 
2376 	if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
2377 		return -EINVAL;
2378 
2379 	if (!info->attrs[NL80211_ATTR_REG_RULES])
2380 		return -EINVAL;
2381 
2382 	alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);
2383 
2384 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2385 			rem_reg_rules) {
2386 		num_rules++;
2387 		if (num_rules > NL80211_MAX_SUPP_REG_RULES)
2388 			goto bad_reg;
2389 	}
2390 
2391 	if (!reg_is_valid_request(alpha2))
2392 		return -EINVAL;
2393 
2394 	size_of_regd = sizeof(struct ieee80211_regdomain) +
2395 		(num_rules * sizeof(struct ieee80211_reg_rule));
2396 
2397 	rd = kzalloc(size_of_regd, GFP_KERNEL);
2398 	if (!rd)
2399 		return -ENOMEM;
2400 
2401 	rd->n_reg_rules = num_rules;
2402 	rd->alpha2[0] = alpha2[0];
2403 	rd->alpha2[1] = alpha2[1];
2404 
2405 	nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
2406 			rem_reg_rules) {
2407 		nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
2408 			nla_data(nl_reg_rule), nla_len(nl_reg_rule),
2409 			reg_rule_policy);
2410 		r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
2411 		if (r)
2412 			goto bad_reg;
2413 
2414 		rule_idx++;
2415 
2416 		if (rule_idx > NL80211_MAX_SUPP_REG_RULES)
2417 			goto bad_reg;
2418 	}
2419 
2420 	BUG_ON(rule_idx != num_rules);
2421 
2422 	mutex_lock(&cfg80211_mutex);
2423 	r = set_regdom(rd);
2424 	mutex_unlock(&cfg80211_mutex);
2425 	return r;
2426 
2427  bad_reg:
2428 	kfree(rd);
2429 	return -EINVAL;
2430 }
2431 
2432 static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
2433 {
2434 	struct cfg80211_registered_device *drv;
2435 	struct net_device *dev;
2436 	struct cfg80211_scan_request *request;
2437 	struct cfg80211_ssid *ssid;
2438 	struct ieee80211_channel *channel;
2439 	struct nlattr *attr;
2440 	struct wiphy *wiphy;
2441 	int err, tmp, n_ssids = 0, n_channels = 0, i;
2442 	enum ieee80211_band band;
2443 	size_t ie_len;
2444 
2445 	rtnl_lock();
2446 
2447 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2448 	if (err)
2449 		goto out_rtnl;
2450 
2451 	wiphy = &drv->wiphy;
2452 
2453 	if (!drv->ops->scan) {
2454 		err = -EOPNOTSUPP;
2455 		goto out;
2456 	}
2457 
2458 	if (!netif_running(dev)) {
2459 		err = -ENETDOWN;
2460 		goto out;
2461 	}
2462 
2463 	if (drv->scan_req) {
2464 		err = -EBUSY;
2465 		goto out;
2466 	}
2467 
2468 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
2469 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp)
2470 			n_channels++;
2471 		if (!n_channels) {
2472 			err = -EINVAL;
2473 			goto out;
2474 		}
2475 	} else {
2476 		for (band = 0; band < IEEE80211_NUM_BANDS; band++)
2477 			if (wiphy->bands[band])
2478 				n_channels += wiphy->bands[band]->n_channels;
2479 	}
2480 
2481 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
2482 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
2483 			n_ssids++;
2484 
2485 	if (n_ssids > wiphy->max_scan_ssids) {
2486 		err = -EINVAL;
2487 		goto out;
2488 	}
2489 
2490 	if (info->attrs[NL80211_ATTR_IE])
2491 		ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2492 	else
2493 		ie_len = 0;
2494 
2495 	request = kzalloc(sizeof(*request)
2496 			+ sizeof(*ssid) * n_ssids
2497 			+ sizeof(channel) * n_channels
2498 			+ ie_len, GFP_KERNEL);
2499 	if (!request) {
2500 		err = -ENOMEM;
2501 		goto out;
2502 	}
2503 
2504 	request->channels = (void *)((char *)request + sizeof(*request));
2505 	request->n_channels = n_channels;
2506 	if (n_ssids)
2507 		request->ssids = (void *)(request->channels + n_channels);
2508 	request->n_ssids = n_ssids;
2509 	if (ie_len) {
2510 		if (request->ssids)
2511 			request->ie = (void *)(request->ssids + n_ssids);
2512 		else
2513 			request->ie = (void *)(request->channels + n_channels);
2514 	}
2515 
2516 	if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
2517 		/* user specified, bail out if channel not found */
2518 		request->n_channels = n_channels;
2519 		i = 0;
2520 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
2521 			request->channels[i] = ieee80211_get_channel(wiphy, nla_get_u32(attr));
2522 			if (!request->channels[i]) {
2523 				err = -EINVAL;
2524 				goto out_free;
2525 			}
2526 			i++;
2527 		}
2528 	} else {
2529 		/* all channels */
2530 		i = 0;
2531 		for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
2532 			int j;
2533 			if (!wiphy->bands[band])
2534 				continue;
2535 			for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
2536 				request->channels[i] = &wiphy->bands[band]->channels[j];
2537 				i++;
2538 			}
2539 		}
2540 	}
2541 
2542 	i = 0;
2543 	if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
2544 		nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
2545 			if (request->ssids[i].ssid_len > IEEE80211_MAX_SSID_LEN) {
2546 				err = -EINVAL;
2547 				goto out_free;
2548 			}
2549 			memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
2550 			request->ssids[i].ssid_len = nla_len(attr);
2551 			i++;
2552 		}
2553 	}
2554 
2555 	if (info->attrs[NL80211_ATTR_IE]) {
2556 		request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2557 		memcpy(request->ie, nla_data(info->attrs[NL80211_ATTR_IE]),
2558 		       request->ie_len);
2559 	}
2560 
2561 	request->ifidx = dev->ifindex;
2562 	request->wiphy = &drv->wiphy;
2563 
2564 	drv->scan_req = request;
2565 	err = drv->ops->scan(&drv->wiphy, dev, request);
2566 
2567  out_free:
2568 	if (err) {
2569 		drv->scan_req = NULL;
2570 		kfree(request);
2571 	}
2572  out:
2573 	cfg80211_put_dev(drv);
2574 	dev_put(dev);
2575  out_rtnl:
2576 	rtnl_unlock();
2577 
2578 	return err;
2579 }
2580 
2581 static int nl80211_send_bss(struct sk_buff *msg, u32 pid, u32 seq, int flags,
2582 			    struct cfg80211_registered_device *rdev,
2583 			    struct net_device *dev,
2584 			    struct cfg80211_bss *res)
2585 {
2586 	void *hdr;
2587 	struct nlattr *bss;
2588 
2589 	hdr = nl80211hdr_put(msg, pid, seq, flags,
2590 			     NL80211_CMD_NEW_SCAN_RESULTS);
2591 	if (!hdr)
2592 		return -1;
2593 
2594 	NLA_PUT_U32(msg, NL80211_ATTR_SCAN_GENERATION,
2595 		    rdev->bss_generation);
2596 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, dev->ifindex);
2597 
2598 	bss = nla_nest_start(msg, NL80211_ATTR_BSS);
2599 	if (!bss)
2600 		goto nla_put_failure;
2601 	if (!is_zero_ether_addr(res->bssid))
2602 		NLA_PUT(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid);
2603 	if (res->information_elements && res->len_information_elements)
2604 		NLA_PUT(msg, NL80211_BSS_INFORMATION_ELEMENTS,
2605 			res->len_information_elements,
2606 			res->information_elements);
2607 	if (res->tsf)
2608 		NLA_PUT_U64(msg, NL80211_BSS_TSF, res->tsf);
2609 	if (res->beacon_interval)
2610 		NLA_PUT_U16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval);
2611 	NLA_PUT_U16(msg, NL80211_BSS_CAPABILITY, res->capability);
2612 	NLA_PUT_U32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq);
2613 
2614 	switch (rdev->wiphy.signal_type) {
2615 	case CFG80211_SIGNAL_TYPE_MBM:
2616 		NLA_PUT_U32(msg, NL80211_BSS_SIGNAL_MBM, res->signal);
2617 		break;
2618 	case CFG80211_SIGNAL_TYPE_UNSPEC:
2619 		NLA_PUT_U8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal);
2620 		break;
2621 	default:
2622 		break;
2623 	}
2624 
2625 	nla_nest_end(msg, bss);
2626 
2627 	return genlmsg_end(msg, hdr);
2628 
2629  nla_put_failure:
2630 	genlmsg_cancel(msg, hdr);
2631 	return -EMSGSIZE;
2632 }
2633 
2634 static int nl80211_dump_scan(struct sk_buff *skb,
2635 			     struct netlink_callback *cb)
2636 {
2637 	struct cfg80211_registered_device *dev;
2638 	struct net_device *netdev;
2639 	struct cfg80211_internal_bss *scan;
2640 	int ifidx = cb->args[0];
2641 	int start = cb->args[1], idx = 0;
2642 	int err;
2643 
2644 	if (!ifidx) {
2645 		err = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
2646 				  nl80211_fam.attrbuf, nl80211_fam.maxattr,
2647 				  nl80211_policy);
2648 		if (err)
2649 			return err;
2650 
2651 		if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
2652 			return -EINVAL;
2653 
2654 		ifidx = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
2655 		if (!ifidx)
2656 			return -EINVAL;
2657 		cb->args[0] = ifidx;
2658 	}
2659 
2660 	netdev = dev_get_by_index(&init_net, ifidx);
2661 	if (!netdev)
2662 		return -ENODEV;
2663 
2664 	dev = cfg80211_get_dev_from_ifindex(ifidx);
2665 	if (IS_ERR(dev)) {
2666 		err = PTR_ERR(dev);
2667 		goto out_put_netdev;
2668 	}
2669 
2670 	spin_lock_bh(&dev->bss_lock);
2671 	cfg80211_bss_expire(dev);
2672 
2673 	list_for_each_entry(scan, &dev->bss_list, list) {
2674 		if (++idx <= start)
2675 			continue;
2676 		if (nl80211_send_bss(skb,
2677 				NETLINK_CB(cb->skb).pid,
2678 				cb->nlh->nlmsg_seq, NLM_F_MULTI,
2679 				dev, netdev, &scan->pub) < 0) {
2680 			idx--;
2681 			goto out;
2682 		}
2683 	}
2684 
2685  out:
2686 	spin_unlock_bh(&dev->bss_lock);
2687 
2688 	cb->args[1] = idx;
2689 	err = skb->len;
2690 	cfg80211_put_dev(dev);
2691  out_put_netdev:
2692 	dev_put(netdev);
2693 
2694 	return err;
2695 }
2696 
2697 static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
2698 {
2699 	return auth_type == NL80211_AUTHTYPE_OPEN_SYSTEM ||
2700 		auth_type == NL80211_AUTHTYPE_SHARED_KEY ||
2701 		auth_type == NL80211_AUTHTYPE_FT ||
2702 		auth_type == NL80211_AUTHTYPE_NETWORK_EAP;
2703 }
2704 
2705 static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
2706 {
2707 	struct cfg80211_registered_device *drv;
2708 	struct net_device *dev;
2709 	struct cfg80211_auth_request req;
2710 	struct wiphy *wiphy;
2711 	int err;
2712 
2713 	rtnl_lock();
2714 
2715 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2716 	if (err)
2717 		goto unlock_rtnl;
2718 
2719 	if (!drv->ops->auth) {
2720 		err = -EOPNOTSUPP;
2721 		goto out;
2722 	}
2723 
2724 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
2725 		err = -EOPNOTSUPP;
2726 		goto out;
2727 	}
2728 
2729 	if (!netif_running(dev)) {
2730 		err = -ENETDOWN;
2731 		goto out;
2732 	}
2733 
2734 	if (!info->attrs[NL80211_ATTR_MAC]) {
2735 		err = -EINVAL;
2736 		goto out;
2737 	}
2738 
2739 	wiphy = &drv->wiphy;
2740 	memset(&req, 0, sizeof(req));
2741 
2742 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2743 
2744 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2745 		req.chan = ieee80211_get_channel(
2746 			wiphy,
2747 			nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
2748 		if (!req.chan) {
2749 			err = -EINVAL;
2750 			goto out;
2751 		}
2752 	}
2753 
2754 	if (info->attrs[NL80211_ATTR_SSID]) {
2755 		req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2756 		req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
2757 	}
2758 
2759 	if (info->attrs[NL80211_ATTR_IE]) {
2760 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
2761 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2762 	}
2763 
2764 	if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
2765 		req.auth_type =
2766 			nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
2767 		if (!nl80211_valid_auth_type(req.auth_type)) {
2768 			err = -EINVAL;
2769 			goto out;
2770 		}
2771 	}
2772 
2773 	err = drv->ops->auth(&drv->wiphy, dev, &req);
2774 
2775 out:
2776 	cfg80211_put_dev(drv);
2777 	dev_put(dev);
2778 unlock_rtnl:
2779 	rtnl_unlock();
2780 	return err;
2781 }
2782 
2783 static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
2784 {
2785 	struct cfg80211_registered_device *drv;
2786 	struct net_device *dev;
2787 	struct cfg80211_assoc_request req;
2788 	struct wiphy *wiphy;
2789 	int err;
2790 
2791 	rtnl_lock();
2792 
2793 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2794 	if (err)
2795 		goto unlock_rtnl;
2796 
2797 	if (!drv->ops->assoc) {
2798 		err = -EOPNOTSUPP;
2799 		goto out;
2800 	}
2801 
2802 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
2803 		err = -EOPNOTSUPP;
2804 		goto out;
2805 	}
2806 
2807 	if (!netif_running(dev)) {
2808 		err = -ENETDOWN;
2809 		goto out;
2810 	}
2811 
2812 	if (!info->attrs[NL80211_ATTR_MAC] ||
2813 	    !info->attrs[NL80211_ATTR_SSID]) {
2814 		err = -EINVAL;
2815 		goto out;
2816 	}
2817 
2818 	wiphy = &drv->wiphy;
2819 	memset(&req, 0, sizeof(req));
2820 
2821 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2822 
2823 	if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
2824 		req.chan = ieee80211_get_channel(
2825 			wiphy,
2826 			nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
2827 		if (!req.chan) {
2828 			err = -EINVAL;
2829 			goto out;
2830 		}
2831 	}
2832 
2833 	req.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
2834 	req.ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);
2835 
2836 	if (info->attrs[NL80211_ATTR_IE]) {
2837 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
2838 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2839 	}
2840 
2841 	err = drv->ops->assoc(&drv->wiphy, dev, &req);
2842 
2843 out:
2844 	cfg80211_put_dev(drv);
2845 	dev_put(dev);
2846 unlock_rtnl:
2847 	rtnl_unlock();
2848 	return err;
2849 }
2850 
2851 static int nl80211_deauthenticate(struct sk_buff *skb, struct genl_info *info)
2852 {
2853 	struct cfg80211_registered_device *drv;
2854 	struct net_device *dev;
2855 	struct cfg80211_deauth_request req;
2856 	struct wiphy *wiphy;
2857 	int err;
2858 
2859 	rtnl_lock();
2860 
2861 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2862 	if (err)
2863 		goto unlock_rtnl;
2864 
2865 	if (!drv->ops->deauth) {
2866 		err = -EOPNOTSUPP;
2867 		goto out;
2868 	}
2869 
2870 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
2871 		err = -EOPNOTSUPP;
2872 		goto out;
2873 	}
2874 
2875 	if (!netif_running(dev)) {
2876 		err = -ENETDOWN;
2877 		goto out;
2878 	}
2879 
2880 	if (!info->attrs[NL80211_ATTR_MAC]) {
2881 		err = -EINVAL;
2882 		goto out;
2883 	}
2884 
2885 	wiphy = &drv->wiphy;
2886 	memset(&req, 0, sizeof(req));
2887 
2888 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2889 
2890 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
2891 		req.reason_code =
2892 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
2893 		if (req.reason_code == 0) {
2894 			/* Reason Code 0 is reserved */
2895 			err = -EINVAL;
2896 			goto out;
2897 		}
2898 	}
2899 
2900 	if (info->attrs[NL80211_ATTR_IE]) {
2901 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
2902 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2903 	}
2904 
2905 	err = drv->ops->deauth(&drv->wiphy, dev, &req);
2906 
2907 out:
2908 	cfg80211_put_dev(drv);
2909 	dev_put(dev);
2910 unlock_rtnl:
2911 	rtnl_unlock();
2912 	return err;
2913 }
2914 
2915 static int nl80211_disassociate(struct sk_buff *skb, struct genl_info *info)
2916 {
2917 	struct cfg80211_registered_device *drv;
2918 	struct net_device *dev;
2919 	struct cfg80211_disassoc_request req;
2920 	struct wiphy *wiphy;
2921 	int err;
2922 
2923 	rtnl_lock();
2924 
2925 	err = get_drv_dev_by_info_ifindex(info->attrs, &drv, &dev);
2926 	if (err)
2927 		goto unlock_rtnl;
2928 
2929 	if (!drv->ops->disassoc) {
2930 		err = -EOPNOTSUPP;
2931 		goto out;
2932 	}
2933 
2934 	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION) {
2935 		err = -EOPNOTSUPP;
2936 		goto out;
2937 	}
2938 
2939 	if (!netif_running(dev)) {
2940 		err = -ENETDOWN;
2941 		goto out;
2942 	}
2943 
2944 	if (!info->attrs[NL80211_ATTR_MAC]) {
2945 		err = -EINVAL;
2946 		goto out;
2947 	}
2948 
2949 	wiphy = &drv->wiphy;
2950 	memset(&req, 0, sizeof(req));
2951 
2952 	req.peer_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
2953 
2954 	if (info->attrs[NL80211_ATTR_REASON_CODE]) {
2955 		req.reason_code =
2956 			nla_get_u16(info->attrs[NL80211_ATTR_REASON_CODE]);
2957 		if (req.reason_code == 0) {
2958 			/* Reason Code 0 is reserved */
2959 			err = -EINVAL;
2960 			goto out;
2961 		}
2962 	}
2963 
2964 	if (info->attrs[NL80211_ATTR_IE]) {
2965 		req.ie = nla_data(info->attrs[NL80211_ATTR_IE]);
2966 		req.ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
2967 	}
2968 
2969 	err = drv->ops->disassoc(&drv->wiphy, dev, &req);
2970 
2971 out:
2972 	cfg80211_put_dev(drv);
2973 	dev_put(dev);
2974 unlock_rtnl:
2975 	rtnl_unlock();
2976 	return err;
2977 }
2978 
2979 static struct genl_ops nl80211_ops[] = {
2980 	{
2981 		.cmd = NL80211_CMD_GET_WIPHY,
2982 		.doit = nl80211_get_wiphy,
2983 		.dumpit = nl80211_dump_wiphy,
2984 		.policy = nl80211_policy,
2985 		/* can be retrieved by unprivileged users */
2986 	},
2987 	{
2988 		.cmd = NL80211_CMD_SET_WIPHY,
2989 		.doit = nl80211_set_wiphy,
2990 		.policy = nl80211_policy,
2991 		.flags = GENL_ADMIN_PERM,
2992 	},
2993 	{
2994 		.cmd = NL80211_CMD_GET_INTERFACE,
2995 		.doit = nl80211_get_interface,
2996 		.dumpit = nl80211_dump_interface,
2997 		.policy = nl80211_policy,
2998 		/* can be retrieved by unprivileged users */
2999 	},
3000 	{
3001 		.cmd = NL80211_CMD_SET_INTERFACE,
3002 		.doit = nl80211_set_interface,
3003 		.policy = nl80211_policy,
3004 		.flags = GENL_ADMIN_PERM,
3005 	},
3006 	{
3007 		.cmd = NL80211_CMD_NEW_INTERFACE,
3008 		.doit = nl80211_new_interface,
3009 		.policy = nl80211_policy,
3010 		.flags = GENL_ADMIN_PERM,
3011 	},
3012 	{
3013 		.cmd = NL80211_CMD_DEL_INTERFACE,
3014 		.doit = nl80211_del_interface,
3015 		.policy = nl80211_policy,
3016 		.flags = GENL_ADMIN_PERM,
3017 	},
3018 	{
3019 		.cmd = NL80211_CMD_GET_KEY,
3020 		.doit = nl80211_get_key,
3021 		.policy = nl80211_policy,
3022 		.flags = GENL_ADMIN_PERM,
3023 	},
3024 	{
3025 		.cmd = NL80211_CMD_SET_KEY,
3026 		.doit = nl80211_set_key,
3027 		.policy = nl80211_policy,
3028 		.flags = GENL_ADMIN_PERM,
3029 	},
3030 	{
3031 		.cmd = NL80211_CMD_NEW_KEY,
3032 		.doit = nl80211_new_key,
3033 		.policy = nl80211_policy,
3034 		.flags = GENL_ADMIN_PERM,
3035 	},
3036 	{
3037 		.cmd = NL80211_CMD_DEL_KEY,
3038 		.doit = nl80211_del_key,
3039 		.policy = nl80211_policy,
3040 		.flags = GENL_ADMIN_PERM,
3041 	},
3042 	{
3043 		.cmd = NL80211_CMD_SET_BEACON,
3044 		.policy = nl80211_policy,
3045 		.flags = GENL_ADMIN_PERM,
3046 		.doit = nl80211_addset_beacon,
3047 	},
3048 	{
3049 		.cmd = NL80211_CMD_NEW_BEACON,
3050 		.policy = nl80211_policy,
3051 		.flags = GENL_ADMIN_PERM,
3052 		.doit = nl80211_addset_beacon,
3053 	},
3054 	{
3055 		.cmd = NL80211_CMD_DEL_BEACON,
3056 		.policy = nl80211_policy,
3057 		.flags = GENL_ADMIN_PERM,
3058 		.doit = nl80211_del_beacon,
3059 	},
3060 	{
3061 		.cmd = NL80211_CMD_GET_STATION,
3062 		.doit = nl80211_get_station,
3063 		.dumpit = nl80211_dump_station,
3064 		.policy = nl80211_policy,
3065 	},
3066 	{
3067 		.cmd = NL80211_CMD_SET_STATION,
3068 		.doit = nl80211_set_station,
3069 		.policy = nl80211_policy,
3070 		.flags = GENL_ADMIN_PERM,
3071 	},
3072 	{
3073 		.cmd = NL80211_CMD_NEW_STATION,
3074 		.doit = nl80211_new_station,
3075 		.policy = nl80211_policy,
3076 		.flags = GENL_ADMIN_PERM,
3077 	},
3078 	{
3079 		.cmd = NL80211_CMD_DEL_STATION,
3080 		.doit = nl80211_del_station,
3081 		.policy = nl80211_policy,
3082 		.flags = GENL_ADMIN_PERM,
3083 	},
3084 	{
3085 		.cmd = NL80211_CMD_GET_MPATH,
3086 		.doit = nl80211_get_mpath,
3087 		.dumpit = nl80211_dump_mpath,
3088 		.policy = nl80211_policy,
3089 		.flags = GENL_ADMIN_PERM,
3090 	},
3091 	{
3092 		.cmd = NL80211_CMD_SET_MPATH,
3093 		.doit = nl80211_set_mpath,
3094 		.policy = nl80211_policy,
3095 		.flags = GENL_ADMIN_PERM,
3096 	},
3097 	{
3098 		.cmd = NL80211_CMD_NEW_MPATH,
3099 		.doit = nl80211_new_mpath,
3100 		.policy = nl80211_policy,
3101 		.flags = GENL_ADMIN_PERM,
3102 	},
3103 	{
3104 		.cmd = NL80211_CMD_DEL_MPATH,
3105 		.doit = nl80211_del_mpath,
3106 		.policy = nl80211_policy,
3107 		.flags = GENL_ADMIN_PERM,
3108 	},
3109 	{
3110 		.cmd = NL80211_CMD_SET_BSS,
3111 		.doit = nl80211_set_bss,
3112 		.policy = nl80211_policy,
3113 		.flags = GENL_ADMIN_PERM,
3114 	},
3115 	{
3116 		.cmd = NL80211_CMD_GET_REG,
3117 		.doit = nl80211_get_reg,
3118 		.policy = nl80211_policy,
3119 		/* can be retrieved by unprivileged users */
3120 	},
3121 	{
3122 		.cmd = NL80211_CMD_SET_REG,
3123 		.doit = nl80211_set_reg,
3124 		.policy = nl80211_policy,
3125 		.flags = GENL_ADMIN_PERM,
3126 	},
3127 	{
3128 		.cmd = NL80211_CMD_REQ_SET_REG,
3129 		.doit = nl80211_req_set_reg,
3130 		.policy = nl80211_policy,
3131 		.flags = GENL_ADMIN_PERM,
3132 	},
3133 	{
3134 		.cmd = NL80211_CMD_GET_MESH_PARAMS,
3135 		.doit = nl80211_get_mesh_params,
3136 		.policy = nl80211_policy,
3137 		/* can be retrieved by unprivileged users */
3138 	},
3139 	{
3140 		.cmd = NL80211_CMD_SET_MESH_PARAMS,
3141 		.doit = nl80211_set_mesh_params,
3142 		.policy = nl80211_policy,
3143 		.flags = GENL_ADMIN_PERM,
3144 	},
3145 	{
3146 		.cmd = NL80211_CMD_TRIGGER_SCAN,
3147 		.doit = nl80211_trigger_scan,
3148 		.policy = nl80211_policy,
3149 		.flags = GENL_ADMIN_PERM,
3150 	},
3151 	{
3152 		.cmd = NL80211_CMD_GET_SCAN,
3153 		.policy = nl80211_policy,
3154 		.dumpit = nl80211_dump_scan,
3155 	},
3156 	{
3157 		.cmd = NL80211_CMD_AUTHENTICATE,
3158 		.doit = nl80211_authenticate,
3159 		.policy = nl80211_policy,
3160 		.flags = GENL_ADMIN_PERM,
3161 	},
3162 	{
3163 		.cmd = NL80211_CMD_ASSOCIATE,
3164 		.doit = nl80211_associate,
3165 		.policy = nl80211_policy,
3166 		.flags = GENL_ADMIN_PERM,
3167 	},
3168 	{
3169 		.cmd = NL80211_CMD_DEAUTHENTICATE,
3170 		.doit = nl80211_deauthenticate,
3171 		.policy = nl80211_policy,
3172 		.flags = GENL_ADMIN_PERM,
3173 	},
3174 	{
3175 		.cmd = NL80211_CMD_DISASSOCIATE,
3176 		.doit = nl80211_disassociate,
3177 		.policy = nl80211_policy,
3178 		.flags = GENL_ADMIN_PERM,
3179 	},
3180 };
3181 static struct genl_multicast_group nl80211_mlme_mcgrp = {
3182 	.name = "mlme",
3183 };
3184 
3185 /* multicast groups */
3186 static struct genl_multicast_group nl80211_config_mcgrp = {
3187 	.name = "config",
3188 };
3189 static struct genl_multicast_group nl80211_scan_mcgrp = {
3190 	.name = "scan",
3191 };
3192 static struct genl_multicast_group nl80211_regulatory_mcgrp = {
3193 	.name = "regulatory",
3194 };
3195 
3196 /* notification functions */
3197 
3198 void nl80211_notify_dev_rename(struct cfg80211_registered_device *rdev)
3199 {
3200 	struct sk_buff *msg;
3201 
3202 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3203 	if (!msg)
3204 		return;
3205 
3206 	if (nl80211_send_wiphy(msg, 0, 0, 0, rdev) < 0) {
3207 		nlmsg_free(msg);
3208 		return;
3209 	}
3210 
3211 	genlmsg_multicast(msg, 0, nl80211_config_mcgrp.id, GFP_KERNEL);
3212 }
3213 
3214 static int nl80211_send_scan_donemsg(struct sk_buff *msg,
3215 				    struct cfg80211_registered_device *rdev,
3216 				    struct net_device *netdev,
3217 				    u32 pid, u32 seq, int flags,
3218 				    u32 cmd)
3219 {
3220 	void *hdr;
3221 
3222 	hdr = nl80211hdr_put(msg, pid, seq, flags, cmd);
3223 	if (!hdr)
3224 		return -1;
3225 
3226 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
3227 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
3228 
3229 	/* XXX: we should probably bounce back the request? */
3230 
3231 	return genlmsg_end(msg, hdr);
3232 
3233  nla_put_failure:
3234 	genlmsg_cancel(msg, hdr);
3235 	return -EMSGSIZE;
3236 }
3237 
3238 void nl80211_send_scan_done(struct cfg80211_registered_device *rdev,
3239 			    struct net_device *netdev)
3240 {
3241 	struct sk_buff *msg;
3242 
3243 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3244 	if (!msg)
3245 		return;
3246 
3247 	if (nl80211_send_scan_donemsg(msg, rdev, netdev, 0, 0, 0,
3248 				      NL80211_CMD_NEW_SCAN_RESULTS) < 0) {
3249 		nlmsg_free(msg);
3250 		return;
3251 	}
3252 
3253 	genlmsg_multicast(msg, 0, nl80211_scan_mcgrp.id, GFP_KERNEL);
3254 }
3255 
3256 void nl80211_send_scan_aborted(struct cfg80211_registered_device *rdev,
3257 			       struct net_device *netdev)
3258 {
3259 	struct sk_buff *msg;
3260 
3261 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3262 	if (!msg)
3263 		return;
3264 
3265 	if (nl80211_send_scan_donemsg(msg, rdev, netdev, 0, 0, 0,
3266 				      NL80211_CMD_SCAN_ABORTED) < 0) {
3267 		nlmsg_free(msg);
3268 		return;
3269 	}
3270 
3271 	genlmsg_multicast(msg, 0, nl80211_scan_mcgrp.id, GFP_KERNEL);
3272 }
3273 
3274 /*
3275  * This can happen on global regulatory changes or device specific settings
3276  * based on custom world regulatory domains.
3277  */
3278 void nl80211_send_reg_change_event(struct regulatory_request *request)
3279 {
3280 	struct sk_buff *msg;
3281 	void *hdr;
3282 
3283 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3284 	if (!msg)
3285 		return;
3286 
3287 	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_REG_CHANGE);
3288 	if (!hdr) {
3289 		nlmsg_free(msg);
3290 		return;
3291 	}
3292 
3293 	/* Userspace can always count this one always being set */
3294 	NLA_PUT_U8(msg, NL80211_ATTR_REG_INITIATOR, request->initiator);
3295 
3296 	if (request->alpha2[0] == '0' && request->alpha2[1] == '0')
3297 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
3298 			   NL80211_REGDOM_TYPE_WORLD);
3299 	else if (request->alpha2[0] == '9' && request->alpha2[1] == '9')
3300 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
3301 			   NL80211_REGDOM_TYPE_CUSTOM_WORLD);
3302 	else if ((request->alpha2[0] == '9' && request->alpha2[1] == '8') ||
3303 		 request->intersect)
3304 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
3305 			   NL80211_REGDOM_TYPE_INTERSECTION);
3306 	else {
3307 		NLA_PUT_U8(msg, NL80211_ATTR_REG_TYPE,
3308 			   NL80211_REGDOM_TYPE_COUNTRY);
3309 		NLA_PUT_STRING(msg, NL80211_ATTR_REG_ALPHA2, request->alpha2);
3310 	}
3311 
3312 	if (wiphy_idx_valid(request->wiphy_idx))
3313 		NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, request->wiphy_idx);
3314 
3315 	if (genlmsg_end(msg, hdr) < 0) {
3316 		nlmsg_free(msg);
3317 		return;
3318 	}
3319 
3320 	genlmsg_multicast(msg, 0, nl80211_regulatory_mcgrp.id, GFP_KERNEL);
3321 
3322 	return;
3323 
3324 nla_put_failure:
3325 	genlmsg_cancel(msg, hdr);
3326 	nlmsg_free(msg);
3327 }
3328 
3329 static void nl80211_send_mlme_event(struct cfg80211_registered_device *rdev,
3330 				    struct net_device *netdev,
3331 				    const u8 *buf, size_t len,
3332 				    enum nl80211_commands cmd)
3333 {
3334 	struct sk_buff *msg;
3335 	void *hdr;
3336 
3337 	msg = nlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
3338 	if (!msg)
3339 		return;
3340 
3341 	hdr = nl80211hdr_put(msg, 0, 0, 0, cmd);
3342 	if (!hdr) {
3343 		nlmsg_free(msg);
3344 		return;
3345 	}
3346 
3347 	NLA_PUT_U32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
3348 	NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
3349 	NLA_PUT(msg, NL80211_ATTR_FRAME, len, buf);
3350 
3351 	if (genlmsg_end(msg, hdr) < 0) {
3352 		nlmsg_free(msg);
3353 		return;
3354 	}
3355 
3356 	genlmsg_multicast(msg, 0, nl80211_mlme_mcgrp.id, GFP_ATOMIC);
3357 	return;
3358 
3359  nla_put_failure:
3360 	genlmsg_cancel(msg, hdr);
3361 	nlmsg_free(msg);
3362 }
3363 
3364 void nl80211_send_rx_auth(struct cfg80211_registered_device *rdev,
3365 			  struct net_device *netdev, const u8 *buf, size_t len)
3366 {
3367 	nl80211_send_mlme_event(rdev, netdev, buf, len,
3368 				NL80211_CMD_AUTHENTICATE);
3369 }
3370 
3371 void nl80211_send_rx_assoc(struct cfg80211_registered_device *rdev,
3372 			   struct net_device *netdev, const u8 *buf,
3373 			   size_t len)
3374 {
3375 	nl80211_send_mlme_event(rdev, netdev, buf, len, NL80211_CMD_ASSOCIATE);
3376 }
3377 
3378 void nl80211_send_rx_deauth(struct cfg80211_registered_device *rdev,
3379 			    struct net_device *netdev, const u8 *buf,
3380 			    size_t len)
3381 {
3382 	nl80211_send_mlme_event(rdev, netdev, buf, len,
3383 				NL80211_CMD_DEAUTHENTICATE);
3384 }
3385 
3386 void nl80211_send_rx_disassoc(struct cfg80211_registered_device *rdev,
3387 			      struct net_device *netdev, const u8 *buf,
3388 			      size_t len)
3389 {
3390 	nl80211_send_mlme_event(rdev, netdev, buf, len,
3391 				NL80211_CMD_DISASSOCIATE);
3392 }
3393 
3394 /* initialisation/exit functions */
3395 
3396 int nl80211_init(void)
3397 {
3398 	int err, i;
3399 
3400 	err = genl_register_family(&nl80211_fam);
3401 	if (err)
3402 		return err;
3403 
3404 	for (i = 0; i < ARRAY_SIZE(nl80211_ops); i++) {
3405 		err = genl_register_ops(&nl80211_fam, &nl80211_ops[i]);
3406 		if (err)
3407 			goto err_out;
3408 	}
3409 
3410 	err = genl_register_mc_group(&nl80211_fam, &nl80211_config_mcgrp);
3411 	if (err)
3412 		goto err_out;
3413 
3414 	err = genl_register_mc_group(&nl80211_fam, &nl80211_scan_mcgrp);
3415 	if (err)
3416 		goto err_out;
3417 
3418 	err = genl_register_mc_group(&nl80211_fam, &nl80211_regulatory_mcgrp);
3419 	if (err)
3420 		goto err_out;
3421 
3422 	err = genl_register_mc_group(&nl80211_fam, &nl80211_mlme_mcgrp);
3423 	if (err)
3424 		goto err_out;
3425 
3426 	return 0;
3427  err_out:
3428 	genl_unregister_family(&nl80211_fam);
3429 	return err;
3430 }
3431 
3432 void nl80211_exit(void)
3433 {
3434 	genl_unregister_family(&nl80211_fam);
3435 }
3436