Home | History | Annotate | Download | only in p2p
      1 /*
      2  * Wi-Fi Direct - P2P module
      3  * Copyright (c) 2009-2010, Atheros Communications
      4  *
      5  * This program is free software; you can redistribute it and/or modify
      6  * it under the terms of the GNU General Public License version 2 as
      7  * published by the Free Software Foundation.
      8  *
      9  * Alternatively, this software may be distributed under the terms of BSD
     10  * license.
     11  *
     12  * See README and COPYING for more details.
     13  */
     14 
     15 #include "includes.h"
     16 
     17 #include "common.h"
     18 #include "eloop.h"
     19 #include "common/ieee802_11_defs.h"
     20 #include "common/ieee802_11_common.h"
     21 #include "wps/wps_i.h"
     22 #include "p2p_i.h"
     23 #include "p2p.h"
     24 
     25 
     26 static void p2p_state_timeout(void *eloop_ctx, void *timeout_ctx);
     27 static void p2p_device_free(struct p2p_data *p2p, struct p2p_device *dev);
     28 static void p2p_process_presence_req(struct p2p_data *p2p, const u8 *da,
     29 				     const u8 *sa, const u8 *data, size_t len,
     30 				     int rx_freq);
     31 static void p2p_process_presence_resp(struct p2p_data *p2p, const u8 *da,
     32 				      const u8 *sa, const u8 *data,
     33 				      size_t len);
     34 static void p2p_ext_listen_timeout(void *eloop_ctx, void *timeout_ctx);
     35 static void p2p_scan_timeout(void *eloop_ctx, void *timeout_ctx);
     36 
     37 
     38 /*
     39  * p2p_scan recovery timeout
     40  *
     41  * Many drivers are using 30 second timeout on scan results. Allow a bit larger
     42  * timeout for this to avoid hitting P2P timeout unnecessarily.
     43  */
     44 #define P2P_SCAN_TIMEOUT 35
     45 
     46 /**
     47  * P2P_PEER_EXPIRATION_AGE - Number of seconds after which inactive peer
     48  * entries will be removed
     49  */
     50 #define P2P_PEER_EXPIRATION_AGE 300
     51 
     52 #define P2P_PEER_EXPIRATION_INTERVAL (P2P_PEER_EXPIRATION_AGE / 2)
     53 
     54 static void p2p_expire_peers(struct p2p_data *p2p)
     55 {
     56 	struct p2p_device *dev, *n;
     57 	struct os_time now;
     58 
     59 	os_get_time(&now);
     60 	dl_list_for_each_safe(dev, n, &p2p->devices, struct p2p_device, list) {
     61 		if (dev->last_seen.sec + P2P_PEER_EXPIRATION_AGE >= now.sec)
     62 			continue;
     63 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Expiring old peer "
     64 			"entry " MACSTR, MAC2STR(dev->info.p2p_device_addr));
     65 		dl_list_del(&dev->list);
     66 		p2p_device_free(p2p, dev);
     67 	}
     68 }
     69 
     70 
     71 static void p2p_expiration_timeout(void *eloop_ctx, void *timeout_ctx)
     72 {
     73 	struct p2p_data *p2p = eloop_ctx;
     74 	p2p_expire_peers(p2p);
     75 	eloop_register_timeout(P2P_PEER_EXPIRATION_INTERVAL, 0,
     76 			       p2p_expiration_timeout, p2p, NULL);
     77 }
     78 
     79 
     80 static const char * p2p_state_txt(int state)
     81 {
     82 	switch (state) {
     83 	case P2P_IDLE:
     84 		return "IDLE";
     85 	case P2P_SEARCH:
     86 		return "SEARCH";
     87 	case P2P_CONNECT:
     88 		return "CONNECT";
     89 	case P2P_CONNECT_LISTEN:
     90 		return "CONNECT_LISTEN";
     91 	case P2P_GO_NEG:
     92 		return "GO_NEG";
     93 	case P2P_LISTEN_ONLY:
     94 		return "LISTEN_ONLY";
     95 	case P2P_WAIT_PEER_CONNECT:
     96 		return "WAIT_PEER_CONNECT";
     97 	case P2P_WAIT_PEER_IDLE:
     98 		return "WAIT_PEER_IDLE";
     99 	case P2P_SD_DURING_FIND:
    100 		return "SD_DURING_FIND";
    101 	case P2P_PROVISIONING:
    102 		return "PROVISIONING";
    103 	case P2P_PD_DURING_FIND:
    104 		return "PD_DURING_FIND";
    105 	case P2P_INVITE:
    106 		return "INVITE";
    107 	case P2P_INVITE_LISTEN:
    108 		return "INVITE_LISTEN";
    109 	default:
    110 		return "?";
    111 	}
    112 }
    113 
    114 
    115 void p2p_set_state(struct p2p_data *p2p, int new_state)
    116 {
    117 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: State %s -> %s",
    118 		p2p_state_txt(p2p->state), p2p_state_txt(new_state));
    119 	p2p->state = new_state;
    120 }
    121 
    122 
    123 void p2p_set_timeout(struct p2p_data *p2p, unsigned int sec, unsigned int usec)
    124 {
    125 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    126 		"P2P: Set timeout (state=%s): %u.%06u sec",
    127 		p2p_state_txt(p2p->state), sec, usec);
    128 	eloop_cancel_timeout(p2p_state_timeout, p2p, NULL);
    129 	eloop_register_timeout(sec, usec, p2p_state_timeout, p2p, NULL);
    130 }
    131 
    132 
    133 void p2p_clear_timeout(struct p2p_data *p2p)
    134 {
    135 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Clear timeout (state=%s)",
    136 		p2p_state_txt(p2p->state));
    137 	eloop_cancel_timeout(p2p_state_timeout, p2p, NULL);
    138 }
    139 
    140 
    141 void p2p_go_neg_failed(struct p2p_data *p2p, struct p2p_device *peer,
    142 		       int status)
    143 {
    144 	struct p2p_go_neg_results res;
    145 	p2p_clear_timeout(p2p);
    146 	p2p_set_state(p2p, P2P_IDLE);
    147 	p2p->go_neg_peer = NULL;
    148 
    149 	os_memset(&res, 0, sizeof(res));
    150 	res.status = status;
    151 	if (peer) {
    152 		os_memcpy(res.peer_device_addr, peer->info.p2p_device_addr,
    153 			  ETH_ALEN);
    154 		os_memcpy(res.peer_interface_addr, peer->intended_addr,
    155 			  ETH_ALEN);
    156 	}
    157 	p2p->cfg->go_neg_completed(p2p->cfg->cb_ctx, &res);
    158 }
    159 
    160 
    161 static void p2p_listen_in_find(struct p2p_data *p2p)
    162 {
    163 	unsigned int r, tu;
    164 	int freq;
    165 	struct wpabuf *ies;
    166 
    167 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    168 		"P2P: Starting short listen state (state=%s)",
    169 		p2p_state_txt(p2p->state));
    170 
    171 	freq = p2p_channel_to_freq(p2p->cfg->country, p2p->cfg->reg_class,
    172 				   p2p->cfg->channel);
    173 	if (freq < 0) {
    174 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    175 			"P2P: Unknown regulatory class/channel");
    176 		return;
    177 	}
    178 
    179 	os_get_random((u8 *) &r, sizeof(r));
    180 	tu = (r % ((p2p->max_disc_int - p2p->min_disc_int) + 1) +
    181 	      p2p->min_disc_int) * 100;
    182 
    183 	p2p->pending_listen_freq = freq;
    184 	p2p->pending_listen_sec = 0;
    185 	p2p->pending_listen_usec = 1024 * tu;
    186 
    187 	ies = p2p_build_probe_resp_ies(p2p);
    188 	if (ies == NULL)
    189 		return;
    190 
    191 	if (p2p->cfg->start_listen(p2p->cfg->cb_ctx, freq, 1024 * tu / 1000,
    192 		    ies) < 0) {
    193 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    194 			"P2P: Failed to start listen mode");
    195 		p2p->pending_listen_freq = 0;
    196 	}
    197 	wpabuf_free(ies);
    198 }
    199 
    200 
    201 int p2p_listen(struct p2p_data *p2p, unsigned int timeout)
    202 {
    203 	int freq;
    204 	struct wpabuf *ies;
    205 
    206 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    207 		"P2P: Going to listen(only) state");
    208 
    209 	freq = p2p_channel_to_freq(p2p->cfg->country, p2p->cfg->reg_class,
    210 				   p2p->cfg->channel);
    211 	if (freq < 0) {
    212 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    213 			"P2P: Unknown regulatory class/channel");
    214 		return -1;
    215 	}
    216 
    217 	p2p->pending_listen_freq = freq;
    218 	p2p->pending_listen_sec = timeout / 1000;
    219 	p2p->pending_listen_usec = (timeout % 1000) * 1000;
    220 
    221 	if (p2p->p2p_scan_running) {
    222 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    223 			"P2P: p2p_scan running - delay start of listen state");
    224 		p2p->start_after_scan = P2P_AFTER_SCAN_LISTEN;
    225 		return 0;
    226 	}
    227 
    228 	ies = p2p_build_probe_resp_ies(p2p);
    229 	if (ies == NULL)
    230 		return -1;
    231 
    232 	if (p2p->cfg->start_listen(p2p->cfg->cb_ctx, freq, timeout, ies) < 0) {
    233 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    234 			"P2P: Failed to start listen mode");
    235 		p2p->pending_listen_freq = 0;
    236 		wpabuf_free(ies);
    237 		return -1;
    238 	}
    239 	wpabuf_free(ies);
    240 
    241 	p2p_set_state(p2p, P2P_LISTEN_ONLY);
    242 
    243 	return 0;
    244 }
    245 
    246 
    247 static void p2p_device_clear_reported(struct p2p_data *p2p)
    248 {
    249 	struct p2p_device *dev;
    250 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list)
    251 		dev->flags &= ~P2P_DEV_REPORTED;
    252 }
    253 
    254 
    255 /**
    256  * p2p_get_device - Fetch a peer entry
    257  * @p2p: P2P module context from p2p_init()
    258  * @addr: P2P Device Address of the peer
    259  * Returns: Pointer to the device entry or %NULL if not found
    260  */
    261 struct p2p_device * p2p_get_device(struct p2p_data *p2p, const u8 *addr)
    262 {
    263 	struct p2p_device *dev;
    264 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
    265 		if (os_memcmp(dev->info.p2p_device_addr, addr, ETH_ALEN) == 0)
    266 			return dev;
    267 	}
    268 	return NULL;
    269 }
    270 
    271 
    272 /**
    273  * p2p_get_device_interface - Fetch a peer entry based on P2P Interface Address
    274  * @p2p: P2P module context from p2p_init()
    275  * @addr: P2P Interface Address of the peer
    276  * Returns: Pointer to the device entry or %NULL if not found
    277  */
    278 struct p2p_device * p2p_get_device_interface(struct p2p_data *p2p,
    279 					     const u8 *addr)
    280 {
    281 	struct p2p_device *dev;
    282 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
    283 		if (os_memcmp(dev->interface_addr, addr, ETH_ALEN) == 0)
    284 			return dev;
    285 	}
    286 	return NULL;
    287 }
    288 
    289 
    290 /**
    291  * p2p_create_device - Create a peer entry
    292  * @p2p: P2P module context from p2p_init()
    293  * @addr: P2P Device Address of the peer
    294  * Returns: Pointer to the device entry or %NULL on failure
    295  *
    296  * If there is already an entry for the peer, it will be returned instead of
    297  * creating a new one.
    298  */
    299 static struct p2p_device * p2p_create_device(struct p2p_data *p2p,
    300 					     const u8 *addr)
    301 {
    302 	struct p2p_device *dev, *oldest = NULL;
    303 	size_t count = 0;
    304 
    305 	dev = p2p_get_device(p2p, addr);
    306 	if (dev)
    307 		return dev;
    308 
    309 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
    310 		count++;
    311 		if (oldest == NULL ||
    312 		    os_time_before(&dev->last_seen, &oldest->last_seen))
    313 			oldest = dev;
    314 	}
    315 	if (count + 1 > p2p->cfg->max_peers && oldest) {
    316 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    317 			"P2P: Remove oldest peer entry to make room for a new "
    318 			"peer");
    319 		dl_list_del(&oldest->list);
    320 		p2p_device_free(p2p, oldest);
    321 	}
    322 
    323 	dev = os_zalloc(sizeof(*dev));
    324 	if (dev == NULL)
    325 		return NULL;
    326 	dl_list_add(&p2p->devices, &dev->list);
    327 	os_memcpy(dev->info.p2p_device_addr, addr, ETH_ALEN);
    328 
    329 	return dev;
    330 }
    331 
    332 
    333 static void p2p_copy_client_info(struct p2p_device *dev,
    334 				 struct p2p_client_info *cli)
    335 {
    336 	os_memcpy(dev->info.device_name, cli->dev_name, cli->dev_name_len);
    337 	dev->info.device_name[cli->dev_name_len] = '\0';
    338 	dev->info.dev_capab = cli->dev_capab;
    339 	dev->info.config_methods = cli->config_methods;
    340 	os_memcpy(dev->info.pri_dev_type, cli->pri_dev_type, 8);
    341 	dev->info.wps_sec_dev_type_list_len = 8 * cli->num_sec_dev_types;
    342 	os_memcpy(dev->info.wps_sec_dev_type_list, cli->sec_dev_types,
    343 		  dev->info.wps_sec_dev_type_list_len);
    344 }
    345 
    346 
    347 static int p2p_add_group_clients(struct p2p_data *p2p, const u8 *go_dev_addr,
    348 				 const u8 *go_interface_addr, int freq,
    349 				 const u8 *gi, size_t gi_len)
    350 {
    351 	struct p2p_group_info info;
    352 	size_t c;
    353 	struct p2p_device *dev;
    354 
    355 	if (gi == NULL)
    356 		return 0;
    357 
    358 	if (p2p_group_info_parse(gi, gi_len, &info) < 0)
    359 		return -1;
    360 
    361 	/*
    362 	 * Clear old data for this group; if the devices are still in the
    363 	 * group, the information will be restored in the loop following this.
    364 	 */
    365 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
    366 		if (os_memcpy(dev->member_in_go_iface, go_interface_addr,
    367 			      ETH_ALEN) == 0) {
    368 			os_memset(dev->member_in_go_iface, 0, ETH_ALEN);
    369 			os_memset(dev->member_in_go_dev, 0, ETH_ALEN);
    370 		}
    371 	}
    372 
    373 	for (c = 0; c < info.num_clients; c++) {
    374 		struct p2p_client_info *cli = &info.client[c];
    375 		dev = p2p_get_device(p2p, cli->p2p_device_addr);
    376 		if (dev) {
    377 			/*
    378 			 * Update information only if we have not received this
    379 			 * directly from the client.
    380 			 */
    381 			if (dev->flags & (P2P_DEV_GROUP_CLIENT_ONLY |
    382 					  P2P_DEV_PROBE_REQ_ONLY))
    383 				p2p_copy_client_info(dev, cli);
    384 			if (dev->flags & P2P_DEV_PROBE_REQ_ONLY) {
    385 				dev->flags &= ~P2P_DEV_PROBE_REQ_ONLY;
    386 			}
    387 		} else {
    388 			dev = p2p_create_device(p2p, cli->p2p_device_addr);
    389 			if (dev == NULL)
    390 				continue;
    391 			dev->flags |= P2P_DEV_GROUP_CLIENT_ONLY;
    392 			p2p_copy_client_info(dev, cli);
    393 			dev->oper_freq = freq;
    394 			p2p->cfg->dev_found(p2p->cfg->cb_ctx,
    395 					    dev->info.p2p_device_addr,
    396 					    &dev->info, 1);
    397 			dev->flags |= P2P_DEV_REPORTED | P2P_DEV_REPORTED_ONCE;
    398 		}
    399 
    400 		os_memcpy(dev->interface_addr, cli->p2p_interface_addr,
    401 			  ETH_ALEN);
    402 		os_get_time(&dev->last_seen);
    403 		os_memcpy(dev->member_in_go_dev, go_dev_addr, ETH_ALEN);
    404 		os_memcpy(dev->member_in_go_iface, go_interface_addr,
    405 			  ETH_ALEN);
    406 	}
    407 
    408 	return 0;
    409 }
    410 
    411 
    412 static void p2p_copy_wps_info(struct p2p_device *dev, int probe_req,
    413 			      const struct p2p_message *msg)
    414 {
    415 	os_memcpy(dev->info.device_name, msg->device_name,
    416 		  sizeof(dev->info.device_name));
    417 
    418 	if (msg->manufacturer &&
    419 	    msg->manufacturer_len < sizeof(dev->info.manufacturer)) {
    420 		os_memset(dev->info.manufacturer, 0,
    421 			  sizeof(dev->info.manufacturer));
    422 		os_memcpy(dev->info.manufacturer, msg->manufacturer,
    423 			  msg->manufacturer_len);
    424 	}
    425 
    426 	if (msg->model_name &&
    427 	    msg->model_name_len < sizeof(dev->info.model_name)) {
    428 		os_memset(dev->info.model_name, 0,
    429 			  sizeof(dev->info.model_name));
    430 		os_memcpy(dev->info.model_name, msg->model_name,
    431 			  msg->model_name_len);
    432 	}
    433 
    434 	if (msg->model_number &&
    435 	    msg->model_number_len < sizeof(dev->info.model_number)) {
    436 		os_memset(dev->info.model_number, 0,
    437 			  sizeof(dev->info.model_number));
    438 		os_memcpy(dev->info.model_number, msg->model_number,
    439 			  msg->model_number_len);
    440 	}
    441 
    442 	if (msg->serial_number &&
    443 	    msg->serial_number_len < sizeof(dev->info.serial_number)) {
    444 		os_memset(dev->info.serial_number, 0,
    445 			  sizeof(dev->info.serial_number));
    446 		os_memcpy(dev->info.serial_number, msg->serial_number,
    447 			  msg->serial_number_len);
    448 	}
    449 
    450 	if (msg->pri_dev_type)
    451 		os_memcpy(dev->info.pri_dev_type, msg->pri_dev_type,
    452 			  sizeof(dev->info.pri_dev_type));
    453 	else if (msg->wps_pri_dev_type)
    454 		os_memcpy(dev->info.pri_dev_type, msg->wps_pri_dev_type,
    455 			  sizeof(dev->info.pri_dev_type));
    456 
    457 	if (msg->wps_sec_dev_type_list) {
    458 		os_memcpy(dev->info.wps_sec_dev_type_list,
    459 			  msg->wps_sec_dev_type_list,
    460 			  msg->wps_sec_dev_type_list_len);
    461 		dev->info.wps_sec_dev_type_list_len =
    462 			msg->wps_sec_dev_type_list_len;
    463 	}
    464 
    465 	if (msg->capability) {
    466 		dev->info.dev_capab = msg->capability[0];
    467 		dev->info.group_capab = msg->capability[1];
    468 	}
    469 
    470 	if (msg->ext_listen_timing) {
    471 		dev->ext_listen_period = WPA_GET_LE16(msg->ext_listen_timing);
    472 		dev->ext_listen_interval =
    473 			WPA_GET_LE16(msg->ext_listen_timing + 2);
    474 	}
    475 
    476 	if (!probe_req) {
    477 		dev->info.config_methods = msg->config_methods ?
    478 			msg->config_methods : msg->wps_config_methods;
    479 	}
    480 }
    481 
    482 
    483 /**
    484  * p2p_add_device - Add peer entries based on scan results
    485  * @p2p: P2P module context from p2p_init()
    486  * @addr: Source address of Beacon or Probe Response frame (may be either
    487  *	P2P Device Address or P2P Interface Address)
    488  * @level: Signal level (signal strength of the received frame from the peer)
    489  * @freq: Frequency on which the Beacon or Probe Response frame was received
    490  * @ies: IEs from the Beacon or Probe Response frame
    491  * @ies_len: Length of ies buffer in octets
    492  * Returns: 0 on success, -1 on failure
    493  *
    494  * If the scan result is for a GO, the clients in the group will also be added
    495  * to the peer table. This function can also be used with some other frames
    496  * like Provision Discovery Request that contains P2P Capability and P2P Device
    497  * Info attributes.
    498  */
    499 int p2p_add_device(struct p2p_data *p2p, const u8 *addr, int freq, int level,
    500 		   const u8 *ies, size_t ies_len)
    501 {
    502 	struct p2p_device *dev;
    503 	struct p2p_message msg;
    504 	const u8 *p2p_dev_addr;
    505 	int i;
    506 
    507 	os_memset(&msg, 0, sizeof(msg));
    508 	if (p2p_parse_ies(ies, ies_len, &msg)) {
    509 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    510 			"P2P: Failed to parse P2P IE for a device entry");
    511 		p2p_parse_free(&msg);
    512 		return -1;
    513 	}
    514 
    515 	if (msg.p2p_device_addr)
    516 		p2p_dev_addr = msg.p2p_device_addr;
    517 	else if (msg.device_id)
    518 		p2p_dev_addr = msg.device_id;
    519 	else {
    520 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    521 			"P2P: Ignore scan data without P2P Device Info or "
    522 			"P2P Device Id");
    523 		p2p_parse_free(&msg);
    524 		return -1;
    525 	}
    526 
    527 	if (!is_zero_ether_addr(p2p->peer_filter) &&
    528 	    os_memcmp(p2p_dev_addr, p2p->peer_filter, ETH_ALEN) != 0) {
    529 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Do not add peer "
    530 			"filter for " MACSTR " due to peer filter",
    531 			MAC2STR(p2p_dev_addr));
    532 		return 0;
    533 	}
    534 
    535 	dev = p2p_create_device(p2p, p2p_dev_addr);
    536 	if (dev == NULL) {
    537 		p2p_parse_free(&msg);
    538 		return -1;
    539 	}
    540 	os_get_time(&dev->last_seen);
    541 	dev->flags &= ~(P2P_DEV_PROBE_REQ_ONLY | P2P_DEV_GROUP_CLIENT_ONLY);
    542 
    543 	if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0)
    544 		os_memcpy(dev->interface_addr, addr, ETH_ALEN);
    545 	if (msg.ssid &&
    546 	    (msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
    547 	     os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
    548 	     != 0)) {
    549 		os_memcpy(dev->oper_ssid, msg.ssid + 2, msg.ssid[1]);
    550 		dev->oper_ssid_len = msg.ssid[1];
    551 	}
    552 
    553 	if (freq >= 2412 && freq <= 2484 && msg.ds_params &&
    554 	    *msg.ds_params >= 1 && *msg.ds_params <= 14) {
    555 		int ds_freq;
    556 		if (*msg.ds_params == 14)
    557 			ds_freq = 2484;
    558 		else
    559 			ds_freq = 2407 + *msg.ds_params * 5;
    560 		if (freq != ds_freq) {
    561 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    562 				"P2P: Update Listen frequency based on DS "
    563 				"Parameter Set IE: %d -> %d MHz",
    564 				freq, ds_freq);
    565 			freq = ds_freq;
    566 		}
    567 	}
    568 
    569 	if (dev->listen_freq && dev->listen_freq != freq) {
    570 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    571 			"P2P: Update Listen frequency based on scan "
    572 			"results (" MACSTR " %d -> %d MHz (DS param %d)",
    573 			MAC2STR(dev->info.p2p_device_addr), dev->listen_freq,
    574 			freq, msg.ds_params ? *msg.ds_params : -1);
    575 	}
    576 	dev->listen_freq = freq;
    577 #ifdef ANDROID_BRCM_P2P_PATCH
    578 	if(msg.group_info)
    579 		dev->go_state = REMOTE_GO;
    580 #endif
    581 
    582 	if (msg.group_info)
    583 		dev->oper_freq = freq;
    584 	dev->info.level = level;
    585 
    586 	p2p_copy_wps_info(dev, 0, &msg);
    587 
    588 	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
    589 		wpabuf_free(dev->info.wps_vendor_ext[i]);
    590 		dev->info.wps_vendor_ext[i] = NULL;
    591 	}
    592 
    593 	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
    594 		if (msg.wps_vendor_ext[i] == NULL)
    595 			break;
    596 		dev->info.wps_vendor_ext[i] = wpabuf_alloc_copy(
    597 			msg.wps_vendor_ext[i], msg.wps_vendor_ext_len[i]);
    598 		if (dev->info.wps_vendor_ext[i] == NULL)
    599 			break;
    600 	}
    601 
    602 	p2p_add_group_clients(p2p, p2p_dev_addr, addr, freq, msg.group_info,
    603 			      msg.group_info_len);
    604 
    605 	p2p_parse_free(&msg);
    606 
    607 	if (p2p_pending_sd_req(p2p, dev))
    608 		dev->flags |= P2P_DEV_SD_SCHEDULE;
    609 
    610 	if (dev->flags & P2P_DEV_REPORTED)
    611 		return 0;
    612 
    613 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    614 		"P2P: Peer found with Listen frequency %d MHz", freq);
    615 	if (dev->flags & P2P_DEV_USER_REJECTED) {
    616 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    617 			"P2P: Do not report rejected device");
    618 		return 0;
    619 	}
    620 
    621 	p2p->cfg->dev_found(p2p->cfg->cb_ctx, addr, &dev->info,
    622 			    !(dev->flags & P2P_DEV_REPORTED_ONCE));
    623 	dev->flags |= P2P_DEV_REPORTED | P2P_DEV_REPORTED_ONCE;
    624 
    625 	return 0;
    626 }
    627 
    628 
    629 static void p2p_device_free(struct p2p_data *p2p, struct p2p_device *dev)
    630 {
    631 	int i;
    632 
    633 	if (p2p->go_neg_peer == dev) {
    634 #ifdef ANDROID_BRCM_P2P_PATCH
    635 		p2p_go_neg_failed(p2p, dev, -1);
    636 #endif
    637 		p2p->go_neg_peer = NULL;
    638 	}
    639 	if (p2p->invite_peer == dev)
    640 		p2p->invite_peer = NULL;
    641 	if (p2p->sd_peer == dev)
    642 		p2p->sd_peer = NULL;
    643 	if (p2p->pending_client_disc_go == dev)
    644 		p2p->pending_client_disc_go = NULL;
    645 
    646 	/* dev_lost() device, but only if it was previously dev_found() */
    647 	if (dev->flags & P2P_DEV_REPORTED_ONCE)
    648 		p2p->cfg->dev_lost(p2p->cfg->cb_ctx,
    649 				   dev->info.p2p_device_addr);
    650 
    651 	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
    652 		wpabuf_free(dev->info.wps_vendor_ext[i]);
    653 		dev->info.wps_vendor_ext[i] = NULL;
    654 	}
    655 
    656 	os_free(dev);
    657 }
    658 
    659 
    660 static int p2p_get_next_prog_freq(struct p2p_data *p2p)
    661 {
    662 	struct p2p_channels *c;
    663 	struct p2p_reg_class *cla;
    664 	size_t cl, ch;
    665 	int found = 0;
    666 	u8 reg_class;
    667 	u8 channel;
    668 	int freq;
    669 
    670 	c = &p2p->cfg->channels;
    671 	for (cl = 0; cl < c->reg_classes; cl++) {
    672 		cla = &c->reg_class[cl];
    673 		if (cla->reg_class != p2p->last_prog_scan_class)
    674 			continue;
    675 		for (ch = 0; ch < cla->channels; ch++) {
    676 			if (cla->channel[ch] == p2p->last_prog_scan_chan) {
    677 				found = 1;
    678 				break;
    679 			}
    680 		}
    681 		if (found)
    682 			break;
    683 	}
    684 
    685 	if (!found) {
    686 		/* Start from beginning */
    687 		reg_class = c->reg_class[0].reg_class;
    688 		channel = c->reg_class[0].channel[0];
    689 	} else {
    690 		/* Pick the next channel */
    691 		ch++;
    692 		if (ch == cla->channels) {
    693 			cl++;
    694 			if (cl == c->reg_classes)
    695 				cl = 0;
    696 			ch = 0;
    697 		}
    698 		reg_class = c->reg_class[cl].reg_class;
    699 		channel = c->reg_class[cl].channel[ch];
    700 	}
    701 
    702 	freq = p2p_channel_to_freq(p2p->cfg->country, reg_class, channel);
    703 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Next progressive search "
    704 		"channel: reg_class %u channel %u -> %d MHz",
    705 		reg_class, channel, freq);
    706 	p2p->last_prog_scan_class = reg_class;
    707 	p2p->last_prog_scan_chan = channel;
    708 
    709 	if (freq == 2412 || freq == 2437 || freq == 2462)
    710 		return 0; /* No need to add social channels */
    711 	return freq;
    712 }
    713 
    714 
    715 static void p2p_search(struct p2p_data *p2p)
    716 {
    717 	int freq = 0;
    718 	enum p2p_scan_type type;
    719 
    720 	if (p2p->drv_in_listen) {
    721 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Driver is still "
    722 			"in Listen state - wait for it to end before "
    723 			"continuing");
    724 		return;
    725 	}
    726 	p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
    727 
    728 	if (p2p->go_neg_peer) {
    729 		/*
    730 		 * Only scan the known listen frequency of the peer
    731 		 * during GO Negotiation start.
    732 		 */
    733 		freq = p2p->go_neg_peer->listen_freq;
    734 		if (freq <= 0)
    735 			freq = p2p->go_neg_peer->oper_freq;
    736 		type = P2P_SCAN_SPECIFIC;
    737 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Starting search "
    738 			"for freq %u (GO Neg)", freq);
    739 	} else if (p2p->invite_peer) {
    740 		/*
    741 		 * Only scan the known listen frequency of the peer
    742 		 * during Invite start.
    743 		 */
    744 		freq = p2p->invite_peer->listen_freq;
    745 		if (freq <= 0)
    746 			freq = p2p->invite_peer->oper_freq;
    747 		type = P2P_SCAN_SPECIFIC;
    748 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Starting search "
    749 			"for freq %u (Invite)", freq);
    750 	} else if (p2p->find_type == P2P_FIND_PROGRESSIVE &&
    751 		   (freq = p2p_get_next_prog_freq(p2p)) > 0) {
    752 		type = P2P_SCAN_SOCIAL_PLUS_ONE;
    753 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Starting search "
    754 			"(+ freq %u)", freq);
    755 	} else {
    756 		type = P2P_SCAN_SOCIAL;
    757 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Starting search");
    758 	}
    759 
    760 	if (p2p->cfg->p2p_scan(p2p->cfg->cb_ctx, type, freq,
    761 			       p2p->num_req_dev_types, p2p->req_dev_types) < 0)
    762 	{
    763 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    764 			"P2P: Scan request failed");
    765 		p2p_continue_find(p2p);
    766 	} else {
    767 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Running p2p_scan");
    768 		p2p->p2p_scan_running = 1;
    769 		eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
    770 		eloop_register_timeout(P2P_SCAN_TIMEOUT, 0, p2p_scan_timeout,
    771 				       p2p, NULL);
    772 	}
    773 }
    774 
    775 
    776 static void p2p_find_timeout(void *eloop_ctx, void *timeout_ctx)
    777 {
    778 	struct p2p_data *p2p = eloop_ctx;
    779 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Find timeout -> stop");
    780 	p2p_stop_find(p2p);
    781 }
    782 
    783 
    784 static int p2p_run_after_scan(struct p2p_data *p2p)
    785 {
    786 	struct p2p_device *dev;
    787 	enum p2p_after_scan op;
    788 
    789 	if (p2p->after_scan_tx) {
    790 		int ret;
    791 		/* TODO: schedule p2p_run_after_scan to be called from TX
    792 		 * status callback(?) */
    793 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Send pending "
    794 			"Action frame at p2p_scan completion");
    795 		ret = p2p->cfg->send_action(p2p->cfg->cb_ctx,
    796 					    p2p->after_scan_tx->freq,
    797 					    p2p->after_scan_tx->dst,
    798 					    p2p->after_scan_tx->src,
    799 					    p2p->after_scan_tx->bssid,
    800 					    (u8 *) (p2p->after_scan_tx + 1),
    801 					    p2p->after_scan_tx->len,
    802 					    p2p->after_scan_tx->wait_time);
    803 		os_free(p2p->after_scan_tx);
    804 		p2p->after_scan_tx = NULL;
    805 		return 1;
    806 	}
    807 
    808 	op = p2p->start_after_scan;
    809 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
    810 	switch (op) {
    811 	case P2P_AFTER_SCAN_NOTHING:
    812 		break;
    813 	case P2P_AFTER_SCAN_LISTEN:
    814 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Start previously "
    815 			"requested Listen state");
    816 		p2p_listen(p2p, p2p->pending_listen_sec * 1000 +
    817 			   p2p->pending_listen_usec / 1000);
    818 		return 1;
    819 	case P2P_AFTER_SCAN_CONNECT:
    820 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Start previously "
    821 			"requested connect with " MACSTR,
    822 			MAC2STR(p2p->after_scan_peer));
    823 		dev = p2p_get_device(p2p, p2p->after_scan_peer);
    824 		if (dev == NULL) {
    825 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Peer not "
    826 				"known anymore");
    827 			break;
    828 		}
    829 		p2p_connect_send(p2p, dev);
    830 		return 1;
    831 	}
    832 
    833 	return 0;
    834 }
    835 
    836 
    837 static void p2p_scan_timeout(void *eloop_ctx, void *timeout_ctx)
    838 {
    839 	struct p2p_data *p2p = eloop_ctx;
    840 	int running;
    841 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: p2p_scan timeout "
    842 		"(running=%d)", p2p->p2p_scan_running);
    843 	running = p2p->p2p_scan_running;
    844 	/* Make sure we recover from missed scan results callback */
    845 	p2p->p2p_scan_running = 0;
    846 
    847 	if (running)
    848 		p2p_run_after_scan(p2p);
    849 }
    850 
    851 
    852 static void p2p_free_req_dev_types(struct p2p_data *p2p)
    853 {
    854 	p2p->num_req_dev_types = 0;
    855 	os_free(p2p->req_dev_types);
    856 	p2p->req_dev_types = NULL;
    857 }
    858 
    859 
    860 int p2p_find(struct p2p_data *p2p, unsigned int timeout,
    861 	     enum p2p_discovery_type type,
    862 	     unsigned int num_req_dev_types, const u8 *req_dev_types)
    863 {
    864 	int res;
    865 
    866 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Starting find (type=%d)",
    867 		type);
    868 	if (p2p->p2p_scan_running) {
    869 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: p2p_scan is "
    870 			"already running");
    871 	}
    872 
    873 	p2p_free_req_dev_types(p2p);
    874 	if (req_dev_types && num_req_dev_types) {
    875 		p2p->req_dev_types = os_malloc(num_req_dev_types *
    876 					       WPS_DEV_TYPE_LEN);
    877 		if (p2p->req_dev_types == NULL)
    878 			return -1;
    879 		os_memcpy(p2p->req_dev_types, req_dev_types,
    880 			  num_req_dev_types * WPS_DEV_TYPE_LEN);
    881 		p2p->num_req_dev_types = num_req_dev_types;
    882 	}
    883 
    884 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
    885 	p2p_clear_timeout(p2p);
    886 	p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
    887 	p2p->find_type = type;
    888 	p2p_device_clear_reported(p2p);
    889 	p2p_set_state(p2p, P2P_SEARCH);
    890 	eloop_cancel_timeout(p2p_find_timeout, p2p, NULL);
    891 	if (timeout)
    892 		eloop_register_timeout(timeout, 0, p2p_find_timeout,
    893 				       p2p, NULL);
    894 	switch (type) {
    895 	case P2P_FIND_START_WITH_FULL:
    896 	case P2P_FIND_PROGRESSIVE:
    897 		res = p2p->cfg->p2p_scan(p2p->cfg->cb_ctx, P2P_SCAN_FULL, 0,
    898 					 p2p->num_req_dev_types,
    899 					 p2p->req_dev_types);
    900 		break;
    901 	case P2P_FIND_ONLY_SOCIAL:
    902 		res = p2p->cfg->p2p_scan(p2p->cfg->cb_ctx, P2P_SCAN_SOCIAL, 0,
    903 					 p2p->num_req_dev_types,
    904 					 p2p->req_dev_types);
    905 		break;
    906 	default:
    907 		return -1;
    908 	}
    909 
    910 	if (res == 0) {
    911 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Running p2p_scan");
    912 		p2p->p2p_scan_running = 1;
    913 		eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
    914 		eloop_register_timeout(P2P_SCAN_TIMEOUT, 0, p2p_scan_timeout,
    915 				       p2p, NULL);
    916 	} else {
    917 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Failed to start "
    918 			"p2p_scan");
    919 	}
    920 
    921 	return res;
    922 }
    923 
    924 
    925 void p2p_stop_find_for_freq(struct p2p_data *p2p, int freq)
    926 {
    927 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Stopping find");
    928 	eloop_cancel_timeout(p2p_find_timeout, p2p, NULL);
    929 	p2p_clear_timeout(p2p);
    930 	p2p_set_state(p2p, P2P_IDLE);
    931 	p2p_free_req_dev_types(p2p);
    932 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
    933 	p2p->go_neg_peer = NULL;
    934 	p2p->sd_peer = NULL;
    935 	p2p->invite_peer = NULL;
    936 	if (freq > 0 && p2p->drv_in_listen == freq && p2p->in_listen) {
    937 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Skip stop_listen "
    938 			"since we are on correct channel for response");
    939 		return;
    940 	}
    941 	p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
    942 }
    943 
    944 
    945 void p2p_stop_find(struct p2p_data *p2p)
    946 {
    947 	p2p_stop_find_for_freq(p2p, 0);
    948 }
    949 
    950 
    951 static int p2p_prepare_channel(struct p2p_data *p2p, unsigned int force_freq)
    952 {
    953 	if (force_freq) {
    954 		u8 op_reg_class, op_channel;
    955 		if (p2p_freq_to_channel(p2p->cfg->country, force_freq,
    956 					&op_reg_class, &op_channel) < 0) {
    957 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    958 				"P2P: Unsupported frequency %u MHz",
    959 				force_freq);
    960 			return -1;
    961 		}
    962 		if (!p2p_channels_includes(&p2p->cfg->channels, op_reg_class,
    963 					   op_channel)) {
    964 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    965 				"P2P: Frequency %u MHz (oper_class %u "
    966 				"channel %u) not allowed for P2P",
    967 				force_freq, op_reg_class, op_channel);
    968 			return -1;
    969 		}
    970 		p2p->op_reg_class = op_reg_class;
    971 		p2p->op_channel = op_channel;
    972 		p2p->channels.reg_classes = 1;
    973 		p2p->channels.reg_class[0].channels = 1;
    974 		p2p->channels.reg_class[0].reg_class = p2p->op_reg_class;
    975 		p2p->channels.reg_class[0].channel[0] = p2p->op_channel;
    976 	} else {
    977 		u8 op_reg_class, op_channel;
    978 
    979 		if (!p2p->cfg->cfg_op_channel && p2p->best_freq_overall > 0 &&
    980 		    p2p_supported_freq(p2p, p2p->best_freq_overall) &&
    981 		    p2p_freq_to_channel(p2p->cfg->country,
    982 					p2p->best_freq_overall,
    983 					&op_reg_class, &op_channel) == 0) {
    984 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    985 				"P2P: Select best overall channel as "
    986 				"operating channel preference");
    987 			p2p->op_reg_class = op_reg_class;
    988 			p2p->op_channel = op_channel;
    989 		} else if (!p2p->cfg->cfg_op_channel && p2p->best_freq_5 > 0 &&
    990 			   p2p_supported_freq(p2p, p2p->best_freq_5) &&
    991 			   p2p_freq_to_channel(p2p->cfg->country,
    992 					       p2p->best_freq_5,
    993 					       &op_reg_class, &op_channel) ==
    994 			   0) {
    995 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
    996 				"P2P: Select best 5 GHz channel as "
    997 				"operating channel preference");
    998 			p2p->op_reg_class = op_reg_class;
    999 			p2p->op_channel = op_channel;
   1000 		} else if (!p2p->cfg->cfg_op_channel &&
   1001 			   p2p->best_freq_24 > 0 &&
   1002 			   p2p_supported_freq(p2p, p2p->best_freq_24) &&
   1003 			   p2p_freq_to_channel(p2p->cfg->country,
   1004 					       p2p->best_freq_24,
   1005 					       &op_reg_class, &op_channel) ==
   1006 			   0) {
   1007 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1008 				"P2P: Select best 2.4 GHz channel as "
   1009 				"operating channel preference");
   1010 			p2p->op_reg_class = op_reg_class;
   1011 			p2p->op_channel = op_channel;
   1012 		} else {
   1013 			p2p->op_reg_class = p2p->cfg->op_reg_class;
   1014 			p2p->op_channel = p2p->cfg->op_channel;
   1015 		}
   1016 
   1017 		os_memcpy(&p2p->channels, &p2p->cfg->channels,
   1018 			  sizeof(struct p2p_channels));
   1019 	}
   1020 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1021 		"P2P: Own preference for operation channel: "
   1022 		"Operating Class %u Channel %u%s",
   1023 		p2p->op_reg_class, p2p->op_channel,
   1024 		force_freq ? " (forced)" : "");
   1025 
   1026 	return 0;
   1027 }
   1028 
   1029 
   1030 int p2p_connect(struct p2p_data *p2p, const u8 *peer_addr,
   1031 		enum p2p_wps_method wps_method,
   1032 		int go_intent, const u8 *own_interface_addr,
   1033 		unsigned int force_freq, int persistent_group)
   1034 {
   1035 	struct p2p_device *dev;
   1036 
   1037 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1038 		"P2P: Request to start group negotiation - peer=" MACSTR
   1039 		"  GO Intent=%d  Intended Interface Address=" MACSTR
   1040 		" wps_method=%d persistent_group=%d",
   1041 		MAC2STR(peer_addr), go_intent, MAC2STR(own_interface_addr),
   1042 		wps_method, persistent_group);
   1043 
   1044 	if (p2p_prepare_channel(p2p, force_freq) < 0)
   1045 		return -1;
   1046 
   1047 	dev = p2p_get_device(p2p, peer_addr);
   1048 	if (dev == NULL || (dev->flags & P2P_DEV_PROBE_REQ_ONLY)) {
   1049 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1050 			"P2P: Cannot connect to unknown P2P Device " MACSTR,
   1051 			MAC2STR(peer_addr));
   1052 		return -1;
   1053 	}
   1054 
   1055 	if (dev->flags & P2P_DEV_GROUP_CLIENT_ONLY) {
   1056 		if (!(dev->info.dev_capab &
   1057 		      P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY)) {
   1058 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1059 				"P2P: Cannot connect to P2P Device " MACSTR
   1060 				" that is in a group and is not discoverable",
   1061 				MAC2STR(peer_addr));
   1062 			return -1;
   1063 		}
   1064 		if (dev->oper_freq <= 0) {
   1065 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1066 				"P2P: Cannot connect to P2P Device " MACSTR
   1067 				" with incomplete information",
   1068 				MAC2STR(peer_addr));
   1069 			return -1;
   1070 		}
   1071 
   1072 		/*
   1073 		 * First, try to connect directly. If the peer does not
   1074 		 * acknowledge frames, assume it is sleeping and use device
   1075 		 * discoverability via the GO at that point.
   1076 		 */
   1077 	}
   1078 
   1079 	dev->flags &= ~P2P_DEV_NOT_YET_READY;
   1080 	dev->flags &= ~P2P_DEV_USER_REJECTED;
   1081 	dev->flags &= ~P2P_DEV_WAIT_GO_NEG_RESPONSE;
   1082 	dev->flags &= ~P2P_DEV_WAIT_GO_NEG_CONFIRM;
   1083 	dev->connect_reqs = 0;
   1084 	dev->go_neg_req_sent = 0;
   1085 	dev->go_state = UNKNOWN_GO;
   1086 	if (persistent_group)
   1087 		dev->flags |= P2P_DEV_PREFER_PERSISTENT_GROUP;
   1088 	else
   1089 		dev->flags &= ~P2P_DEV_PREFER_PERSISTENT_GROUP;
   1090 	p2p->go_intent = go_intent;
   1091 	os_memcpy(p2p->intended_addr, own_interface_addr, ETH_ALEN);
   1092 
   1093 	if (p2p->state != P2P_IDLE)
   1094 		p2p_stop_find(p2p);
   1095 
   1096 	if (p2p->after_scan_tx) {
   1097 		/*
   1098 		 * We need to drop the pending frame to avoid issues with the
   1099 		 * new GO Negotiation, e.g., when the pending frame was from a
   1100 		 * previous attempt at starting a GO Negotiation.
   1101 		 */
   1102 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Dropped "
   1103 			"previous pending Action frame TX that was waiting "
   1104 			"for p2p_scan completion");
   1105 		os_free(p2p->after_scan_tx);
   1106 		p2p->after_scan_tx = NULL;
   1107 	}
   1108 
   1109 	dev->wps_method = wps_method;
   1110 	dev->status = P2P_SC_SUCCESS;
   1111 
   1112 	if (force_freq)
   1113 		dev->flags |= P2P_DEV_FORCE_FREQ;
   1114 	else
   1115 		dev->flags &= ~P2P_DEV_FORCE_FREQ;
   1116 
   1117 	if (p2p->p2p_scan_running) {
   1118 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1119 			"P2P: p2p_scan running - delay connect send");
   1120 		p2p->start_after_scan = P2P_AFTER_SCAN_CONNECT;
   1121 		os_memcpy(p2p->after_scan_peer, peer_addr, ETH_ALEN);
   1122 		return 0;
   1123 	}
   1124 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
   1125 
   1126 	return p2p_connect_send(p2p, dev);
   1127 }
   1128 
   1129 
   1130 int p2p_authorize(struct p2p_data *p2p, const u8 *peer_addr,
   1131 		  enum p2p_wps_method wps_method,
   1132 		  int go_intent, const u8 *own_interface_addr,
   1133 		  unsigned int force_freq, int persistent_group)
   1134 {
   1135 	struct p2p_device *dev;
   1136 
   1137 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1138 		"P2P: Request to authorize group negotiation - peer=" MACSTR
   1139 		"  GO Intent=%d  Intended Interface Address=" MACSTR
   1140 		" wps_method=%d  persistent_group=%d",
   1141 		MAC2STR(peer_addr), go_intent, MAC2STR(own_interface_addr),
   1142 		wps_method, persistent_group);
   1143 
   1144 	if (p2p_prepare_channel(p2p, force_freq) < 0)
   1145 		return -1;
   1146 
   1147 	dev = p2p_get_device(p2p, peer_addr);
   1148 	if (dev == NULL) {
   1149 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1150 			"P2P: Cannot authorize unknown P2P Device " MACSTR,
   1151 			MAC2STR(peer_addr));
   1152 		return -1;
   1153 	}
   1154 
   1155 	dev->flags &= ~P2P_DEV_NOT_YET_READY;
   1156 	dev->flags &= ~P2P_DEV_USER_REJECTED;
   1157 	dev->go_neg_req_sent = 0;
   1158 	dev->go_state = UNKNOWN_GO;
   1159 	if (persistent_group)
   1160 		dev->flags |= P2P_DEV_PREFER_PERSISTENT_GROUP;
   1161 	else
   1162 		dev->flags &= ~P2P_DEV_PREFER_PERSISTENT_GROUP;
   1163 	p2p->go_intent = go_intent;
   1164 	os_memcpy(p2p->intended_addr, own_interface_addr, ETH_ALEN);
   1165 
   1166 	dev->wps_method = wps_method;
   1167 	dev->status = P2P_SC_SUCCESS;
   1168 
   1169 	if (force_freq)
   1170 		dev->flags |= P2P_DEV_FORCE_FREQ;
   1171 	else
   1172 		dev->flags &= ~P2P_DEV_FORCE_FREQ;
   1173 
   1174 	return 0;
   1175 }
   1176 
   1177 
   1178 void p2p_add_dev_info(struct p2p_data *p2p, const u8 *addr,
   1179 		      struct p2p_device *dev, struct p2p_message *msg)
   1180 {
   1181 	os_get_time(&dev->last_seen);
   1182 
   1183 	p2p_copy_wps_info(dev, 0, msg);
   1184 
   1185 	if (msg->listen_channel) {
   1186 		int freq;
   1187 		freq = p2p_channel_to_freq((char *) msg->listen_channel,
   1188 					   msg->listen_channel[3],
   1189 					   msg->listen_channel[4]);
   1190 		if (freq < 0) {
   1191 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1192 				"P2P: Unknown peer Listen channel: "
   1193 				"country=%c%c(0x%02x) reg_class=%u channel=%u",
   1194 				msg->listen_channel[0],
   1195 				msg->listen_channel[1],
   1196 				msg->listen_channel[2],
   1197 				msg->listen_channel[3],
   1198 				msg->listen_channel[4]);
   1199 		} else {
   1200 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Update "
   1201 				"peer " MACSTR " Listen channel: %u -> %u MHz",
   1202 				MAC2STR(dev->info.p2p_device_addr),
   1203 				dev->listen_freq, freq);
   1204 			dev->listen_freq = freq;
   1205 		}
   1206 	}
   1207 
   1208 	if (dev->flags & P2P_DEV_PROBE_REQ_ONLY) {
   1209 		dev->flags &= ~P2P_DEV_PROBE_REQ_ONLY;
   1210 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1211 			"P2P: Completed device entry based on data from "
   1212 			"GO Negotiation Request");
   1213 	} else {
   1214 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1215 			"P2P: Created device entry based on GO Neg Req: "
   1216 			MACSTR " dev_capab=0x%x group_capab=0x%x name='%s' "
   1217 			"listen_freq=%d",
   1218 			MAC2STR(dev->info.p2p_device_addr),
   1219 			dev->info.dev_capab, dev->info.group_capab,
   1220 			dev->info.device_name, dev->listen_freq);
   1221 	}
   1222 
   1223 	dev->flags &= ~P2P_DEV_GROUP_CLIENT_ONLY;
   1224 
   1225 	if (dev->flags & P2P_DEV_USER_REJECTED) {
   1226 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1227 			"P2P: Do not report rejected device");
   1228 		return;
   1229 	}
   1230 
   1231 	p2p->cfg->dev_found(p2p->cfg->cb_ctx, addr, &dev->info,
   1232 			    !(dev->flags & P2P_DEV_REPORTED_ONCE));
   1233 	dev->flags |= P2P_DEV_REPORTED | P2P_DEV_REPORTED_ONCE;
   1234 }
   1235 
   1236 
   1237 void p2p_build_ssid(struct p2p_data *p2p, u8 *ssid, size_t *ssid_len)
   1238 {
   1239 	os_memcpy(ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN);
   1240 	p2p_random((char *) &ssid[P2P_WILDCARD_SSID_LEN], 2);
   1241 	os_memcpy(&ssid[P2P_WILDCARD_SSID_LEN + 2],
   1242 		  p2p->cfg->ssid_postfix, p2p->cfg->ssid_postfix_len);
   1243 	*ssid_len = P2P_WILDCARD_SSID_LEN + 2 + p2p->cfg->ssid_postfix_len;
   1244 }
   1245 
   1246 
   1247 int p2p_go_params(struct p2p_data *p2p, struct p2p_go_neg_results *params)
   1248 {
   1249 	p2p_build_ssid(p2p, params->ssid, &params->ssid_len);
   1250 	p2p_random(params->passphrase, 8);
   1251 	return 0;
   1252 }
   1253 
   1254 
   1255 void p2p_go_complete(struct p2p_data *p2p, struct p2p_device *peer)
   1256 {
   1257 	struct p2p_go_neg_results res;
   1258 	int go = peer->go_state == LOCAL_GO;
   1259 	struct p2p_channels intersection;
   1260 	int freqs;
   1261 	size_t i, j;
   1262 
   1263 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1264 		"P2P: GO Negotiation with " MACSTR " completed (%s will be "
   1265 		"GO)", MAC2STR(peer->info.p2p_device_addr),
   1266 		go ? "local end" : "peer");
   1267 
   1268 	os_memset(&res, 0, sizeof(res));
   1269 	res.role_go = go;
   1270 	os_memcpy(res.peer_device_addr, peer->info.p2p_device_addr, ETH_ALEN);
   1271 	os_memcpy(res.peer_interface_addr, peer->intended_addr, ETH_ALEN);
   1272 	res.wps_method = peer->wps_method;
   1273 	if (peer->flags & P2P_DEV_PREFER_PERSISTENT_GROUP)
   1274 		res.persistent_group = 1;
   1275 
   1276 	if (go) {
   1277 		/* Setup AP mode for WPS provisioning */
   1278 		res.freq = p2p_channel_to_freq(p2p->cfg->country,
   1279 					       p2p->op_reg_class,
   1280 					       p2p->op_channel);
   1281 		os_memcpy(res.ssid, p2p->ssid, p2p->ssid_len);
   1282 		res.ssid_len = p2p->ssid_len;
   1283 		p2p_random(res.passphrase, 8);
   1284 	} else {
   1285 		res.freq = peer->oper_freq;
   1286 		if (p2p->ssid_len) {
   1287 			os_memcpy(res.ssid, p2p->ssid, p2p->ssid_len);
   1288 			res.ssid_len = p2p->ssid_len;
   1289 		}
   1290 	}
   1291 
   1292 	p2p_channels_intersect(&p2p->channels, &peer->channels,
   1293 			       &intersection);
   1294 	freqs = 0;
   1295 	for (i = 0; i < intersection.reg_classes; i++) {
   1296 		struct p2p_reg_class *c = &intersection.reg_class[i];
   1297 		if (freqs + 1 == P2P_MAX_CHANNELS)
   1298 			break;
   1299 		for (j = 0; j < c->channels; j++) {
   1300 			int freq;
   1301 			if (freqs + 1 == P2P_MAX_CHANNELS)
   1302 				break;
   1303 			freq = p2p_channel_to_freq(peer->country, c->reg_class,
   1304 						   c->channel[j]);
   1305 			if (freq < 0)
   1306 				continue;
   1307 			res.freq_list[freqs++] = freq;
   1308 		}
   1309 	}
   1310 
   1311 	res.peer_config_timeout = go ? peer->client_timeout : peer->go_timeout;
   1312 
   1313 	p2p_clear_timeout(p2p);
   1314 	peer->go_neg_req_sent = 0;
   1315 	peer->wps_method = WPS_NOT_READY;
   1316 
   1317 	p2p_set_state(p2p, P2P_PROVISIONING);
   1318 	p2p->cfg->go_neg_completed(p2p->cfg->cb_ctx, &res);
   1319 }
   1320 
   1321 
   1322 static void p2p_rx_p2p_action(struct p2p_data *p2p, const u8 *sa,
   1323 			      const u8 *data, size_t len, int rx_freq)
   1324 {
   1325 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1326 		"P2P: RX P2P Public Action from " MACSTR, MAC2STR(sa));
   1327 	wpa_hexdump(MSG_MSGDUMP, "P2P: P2P Public Action contents", data, len);
   1328 
   1329 	if (len < 1)
   1330 		return;
   1331 
   1332 	switch (data[0]) {
   1333 	case P2P_GO_NEG_REQ:
   1334 		p2p_process_go_neg_req(p2p, sa, data + 1, len - 1, rx_freq);
   1335 		break;
   1336 	case P2P_GO_NEG_RESP:
   1337 		p2p_process_go_neg_resp(p2p, sa, data + 1, len - 1, rx_freq);
   1338 		break;
   1339 	case P2P_GO_NEG_CONF:
   1340 		p2p_process_go_neg_conf(p2p, sa, data + 1, len - 1);
   1341 		break;
   1342 	case P2P_INVITATION_REQ:
   1343 		p2p_process_invitation_req(p2p, sa, data + 1, len - 1,
   1344 					   rx_freq);
   1345 		break;
   1346 	case P2P_INVITATION_RESP:
   1347 		p2p_process_invitation_resp(p2p, sa, data + 1, len - 1);
   1348 		break;
   1349 	case P2P_PROV_DISC_REQ:
   1350 		p2p_process_prov_disc_req(p2p, sa, data + 1, len - 1, rx_freq);
   1351 		break;
   1352 	case P2P_PROV_DISC_RESP:
   1353 		p2p_process_prov_disc_resp(p2p, sa, data + 1, len - 1);
   1354 		break;
   1355 	case P2P_DEV_DISC_REQ:
   1356 		p2p_process_dev_disc_req(p2p, sa, data + 1, len - 1, rx_freq);
   1357 		break;
   1358 	case P2P_DEV_DISC_RESP:
   1359 		p2p_process_dev_disc_resp(p2p, sa, data + 1, len - 1);
   1360 		break;
   1361 	default:
   1362 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1363 			"P2P: Unsupported P2P Public Action frame type %d",
   1364 			data[0]);
   1365 		break;
   1366 	}
   1367 }
   1368 
   1369 
   1370 void p2p_rx_action_public(struct p2p_data *p2p, const u8 *da, const u8 *sa,
   1371 			  const u8 *bssid, const u8 *data, size_t len,
   1372 			  int freq)
   1373 {
   1374 	if (len < 1)
   1375 		return;
   1376 
   1377 	switch (data[0]) {
   1378 	case WLAN_PA_VENDOR_SPECIFIC:
   1379 		data++;
   1380 		len--;
   1381 		if (len < 3)
   1382 			return;
   1383 		if (WPA_GET_BE24(data) != OUI_WFA)
   1384 			return;
   1385 
   1386 		data += 3;
   1387 		len -= 3;
   1388 		if (len < 1)
   1389 			return;
   1390 
   1391 		if (*data != P2P_OUI_TYPE)
   1392 			return;
   1393 
   1394 		p2p_rx_p2p_action(p2p, sa, data + 1, len - 1, freq);
   1395 		break;
   1396 	case WLAN_PA_GAS_INITIAL_REQ:
   1397 		p2p_rx_gas_initial_req(p2p, sa, data + 1, len - 1, freq);
   1398 		break;
   1399 	case WLAN_PA_GAS_INITIAL_RESP:
   1400 		p2p_rx_gas_initial_resp(p2p, sa, data + 1, len - 1, freq);
   1401 		break;
   1402 	case WLAN_PA_GAS_COMEBACK_REQ:
   1403 		p2p_rx_gas_comeback_req(p2p, sa, data + 1, len - 1, freq);
   1404 		break;
   1405 	case WLAN_PA_GAS_COMEBACK_RESP:
   1406 		p2p_rx_gas_comeback_resp(p2p, sa, data + 1, len - 1, freq);
   1407 		break;
   1408 	}
   1409 }
   1410 
   1411 
   1412 void p2p_rx_action(struct p2p_data *p2p, const u8 *da, const u8 *sa,
   1413 		   const u8 *bssid, u8 category,
   1414 		   const u8 *data, size_t len, int freq)
   1415 {
   1416 	if (category == WLAN_ACTION_PUBLIC) {
   1417 		p2p_rx_action_public(p2p, da, sa, bssid, data, len, freq);
   1418 		return;
   1419 	}
   1420 
   1421 	if (category != WLAN_ACTION_VENDOR_SPECIFIC)
   1422 		return;
   1423 
   1424 	if (len < 4)
   1425 		return;
   1426 
   1427 	if (WPA_GET_BE24(data) != OUI_WFA)
   1428 		return;
   1429 	data += 3;
   1430 	len -= 3;
   1431 
   1432 	if (*data != P2P_OUI_TYPE)
   1433 		return;
   1434 	data++;
   1435 	len--;
   1436 
   1437 	/* P2P action frame */
   1438 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1439 		"P2P: RX P2P Action from " MACSTR, MAC2STR(sa));
   1440 	wpa_hexdump(MSG_MSGDUMP, "P2P: P2P Action contents", data, len);
   1441 
   1442 	if (len < 1)
   1443 		return;
   1444 	switch (data[0]) {
   1445 	case P2P_NOA:
   1446 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1447 			"P2P: Received P2P Action - Notice of Absence");
   1448 		/* TODO */
   1449 		break;
   1450 	case P2P_PRESENCE_REQ:
   1451 		p2p_process_presence_req(p2p, da, sa, data + 1, len - 1, freq);
   1452 		break;
   1453 	case P2P_PRESENCE_RESP:
   1454 		p2p_process_presence_resp(p2p, da, sa, data + 1, len - 1);
   1455 		break;
   1456 	case P2P_GO_DISC_REQ:
   1457 		p2p_process_go_disc_req(p2p, da, sa, data + 1, len - 1, freq);
   1458 		break;
   1459 	default:
   1460 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1461 			"P2P: Received P2P Action - unknown type %u", data[0]);
   1462 		break;
   1463 	}
   1464 }
   1465 
   1466 
   1467 static void p2p_go_neg_start(void *eloop_ctx, void *timeout_ctx)
   1468 {
   1469 	struct p2p_data *p2p = eloop_ctx;
   1470 	if (p2p->go_neg_peer == NULL)
   1471 		return;
   1472 	p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
   1473 	p2p->go_neg_peer->status = P2P_SC_SUCCESS;
   1474 	p2p_connect_send(p2p, p2p->go_neg_peer);
   1475 }
   1476 
   1477 
   1478 static void p2p_invite_start(void *eloop_ctx, void *timeout_ctx)
   1479 {
   1480 	struct p2p_data *p2p = eloop_ctx;
   1481 	if (p2p->invite_peer == NULL)
   1482 		return;
   1483 	p2p->cfg->stop_listen(p2p->cfg->cb_ctx);
   1484 	p2p_invite_send(p2p, p2p->invite_peer, p2p->invite_go_dev_addr);
   1485 }
   1486 
   1487 
   1488 static void p2p_add_dev_from_probe_req(struct p2p_data *p2p, const u8 *addr,
   1489 				       const u8 *ie, size_t ie_len)
   1490 {
   1491 	struct p2p_message msg;
   1492 	struct p2p_device *dev;
   1493 
   1494 	os_memset(&msg, 0, sizeof(msg));
   1495 	if (p2p_parse_ies(ie, ie_len, &msg) < 0 || msg.p2p_attributes == NULL)
   1496 	{
   1497 		p2p_parse_free(&msg);
   1498 		return; /* not a P2P probe */
   1499 	}
   1500 
   1501 	if (msg.ssid == NULL || msg.ssid[1] != P2P_WILDCARD_SSID_LEN ||
   1502 	    os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN)
   1503 	    != 0) {
   1504 		/* The Probe Request is not part of P2P Device Discovery. It is
   1505 		 * not known whether the source address of the frame is the P2P
   1506 		 * Device Address or P2P Interface Address. Do not add a new
   1507 		 * peer entry based on this frames.
   1508 		 */
   1509 		p2p_parse_free(&msg);
   1510 		return;
   1511 	}
   1512 
   1513 	dev = p2p_get_device(p2p, addr);
   1514 	if (dev) {
   1515 		if (dev->country[0] == 0 && msg.listen_channel)
   1516 			os_memcpy(dev->country, msg.listen_channel, 3);
   1517 		p2p_parse_free(&msg);
   1518 		return; /* already known */
   1519 	}
   1520 
   1521 	dev = p2p_create_device(p2p, addr);
   1522 	if (dev == NULL) {
   1523 		p2p_parse_free(&msg);
   1524 		return;
   1525 	}
   1526 
   1527 	os_get_time(&dev->last_seen);
   1528 	dev->flags |= P2P_DEV_PROBE_REQ_ONLY;
   1529 
   1530 	if (msg.listen_channel) {
   1531 		os_memcpy(dev->country, msg.listen_channel, 3);
   1532 		dev->listen_freq = p2p_channel_to_freq(dev->country,
   1533 						       msg.listen_channel[3],
   1534 						       msg.listen_channel[4]);
   1535 	}
   1536 
   1537 	p2p_copy_wps_info(dev, 1, &msg);
   1538 
   1539 	p2p_parse_free(&msg);
   1540 
   1541 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1542 		"P2P: Created device entry based on Probe Req: " MACSTR
   1543 		" dev_capab=0x%x group_capab=0x%x name='%s' listen_freq=%d",
   1544 		MAC2STR(dev->info.p2p_device_addr), dev->info.dev_capab,
   1545 		dev->info.group_capab, dev->info.device_name,
   1546 		dev->listen_freq);
   1547 }
   1548 
   1549 
   1550 struct p2p_device * p2p_add_dev_from_go_neg_req(struct p2p_data *p2p,
   1551 						const u8 *addr,
   1552 						struct p2p_message *msg)
   1553 {
   1554 	struct p2p_device *dev;
   1555 
   1556 	dev = p2p_get_device(p2p, addr);
   1557 	if (dev) {
   1558 		os_get_time(&dev->last_seen);
   1559 		return dev; /* already known */
   1560 	}
   1561 
   1562 	dev = p2p_create_device(p2p, addr);
   1563 	if (dev == NULL)
   1564 		return NULL;
   1565 
   1566 	p2p_add_dev_info(p2p, addr, dev, msg);
   1567 
   1568 	return dev;
   1569 }
   1570 
   1571 
   1572 static int dev_type_match(const u8 *dev_type, const u8 *req_dev_type)
   1573 {
   1574 	if (os_memcmp(dev_type, req_dev_type, WPS_DEV_TYPE_LEN) == 0)
   1575 		return 1;
   1576 	if (os_memcmp(dev_type, req_dev_type, 2) == 0 &&
   1577 	    WPA_GET_BE32(&req_dev_type[2]) == 0 &&
   1578 	    WPA_GET_BE16(&req_dev_type[6]) == 0)
   1579 		return 1; /* Category match with wildcard OUI/sub-category */
   1580 	return 0;
   1581 }
   1582 
   1583 
   1584 int dev_type_list_match(const u8 *dev_type, const u8 *req_dev_type[],
   1585 			size_t num_req_dev_type)
   1586 {
   1587 	size_t i;
   1588 	for (i = 0; i < num_req_dev_type; i++) {
   1589 		if (dev_type_match(dev_type, req_dev_type[i]))
   1590 			return 1;
   1591 	}
   1592 	return 0;
   1593 }
   1594 
   1595 
   1596 /**
   1597  * p2p_match_dev_type - Match local device type with requested type
   1598  * @p2p: P2P module context from p2p_init()
   1599  * @wps: WPS TLVs from Probe Request frame (concatenated WPS IEs)
   1600  * Returns: 1 on match, 0 on mismatch
   1601  *
   1602  * This function can be used to match the Requested Device Type attribute in
   1603  * WPS IE with the local device types for deciding whether to reply to a Probe
   1604  * Request frame.
   1605  */
   1606 int p2p_match_dev_type(struct p2p_data *p2p, struct wpabuf *wps)
   1607 {
   1608 	struct wps_parse_attr attr;
   1609 	size_t i;
   1610 
   1611 	if (wps_parse_msg(wps, &attr))
   1612 		return 1; /* assume no Requested Device Type attributes */
   1613 
   1614 	if (attr.num_req_dev_type == 0)
   1615 		return 1; /* no Requested Device Type attributes -> match */
   1616 
   1617 	if (dev_type_list_match(p2p->cfg->pri_dev_type, attr.req_dev_type,
   1618 				attr.num_req_dev_type))
   1619 		return 1; /* Own Primary Device Type matches */
   1620 
   1621 	for (i = 0; i < p2p->cfg->num_sec_dev_types; i++)
   1622 		if (dev_type_list_match(p2p->cfg->sec_dev_type[i],
   1623 					attr.req_dev_type,
   1624 					attr.num_req_dev_type))
   1625 		return 1; /* Own Secondary Device Type matches */
   1626 
   1627 	/* No matching device type found */
   1628 	return 0;
   1629 }
   1630 
   1631 
   1632 struct wpabuf * p2p_build_probe_resp_ies(struct p2p_data *p2p)
   1633 {
   1634 	struct wpabuf *buf;
   1635 	u8 *len;
   1636 
   1637 	buf = wpabuf_alloc(1000);
   1638 	if (buf == NULL)
   1639 		return NULL;
   1640 
   1641 	p2p_build_wps_ie(p2p, buf, DEV_PW_DEFAULT, 1);
   1642 
   1643 	/* P2P IE */
   1644 	len = p2p_buf_add_ie_hdr(buf);
   1645 	p2p_buf_add_capability(buf, p2p->dev_capab, 0);
   1646 	if (p2p->ext_listen_interval)
   1647 		p2p_buf_add_ext_listen_timing(buf, p2p->ext_listen_period,
   1648 					      p2p->ext_listen_interval);
   1649 	p2p_buf_add_device_info(buf, p2p, NULL);
   1650 	p2p_buf_update_ie_hdr(buf, len);
   1651 
   1652 	return buf;
   1653 }
   1654 
   1655 
   1656 static void p2p_reply_probe(struct p2p_data *p2p, const u8 *addr, const u8 *ie,
   1657 			    size_t ie_len)
   1658 {
   1659 	struct ieee802_11_elems elems;
   1660 	struct wpabuf *buf;
   1661 	struct ieee80211_mgmt *resp;
   1662 	struct wpabuf *wps;
   1663 	struct wpabuf *ies;
   1664 
   1665 	if (!p2p->in_listen || !p2p->drv_in_listen) {
   1666 		/* not in Listen state - ignore Probe Request */
   1667 		return;
   1668 	}
   1669 
   1670 	if (ieee802_11_parse_elems((u8 *) ie, ie_len, &elems, 0) ==
   1671 	    ParseFailed) {
   1672 		/* Ignore invalid Probe Request frames */
   1673 		return;
   1674 	}
   1675 
   1676 	if (elems.p2p == NULL) {
   1677 		/* not a P2P probe - ignore it */
   1678 		return;
   1679 	}
   1680 
   1681 	if (elems.ssid == NULL || elems.ssid_len != P2P_WILDCARD_SSID_LEN ||
   1682 	    os_memcmp(elems.ssid, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) !=
   1683 	    0) {
   1684 		/* not using P2P Wildcard SSID - ignore */
   1685 		return;
   1686 	}
   1687 
   1688 	/* Check Requested Device Type match */
   1689 	wps = ieee802_11_vendor_ie_concat(ie, ie_len, WPS_DEV_OUI_WFA);
   1690 	if (wps && !p2p_match_dev_type(p2p, wps)) {
   1691 		wpabuf_free(wps);
   1692 		/* No match with Requested Device Type */
   1693 		return;
   1694 	}
   1695 	wpabuf_free(wps);
   1696 
   1697 	if (!p2p->cfg->send_probe_resp)
   1698 		return; /* Response generated elsewhere */
   1699 
   1700 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1701 		"P2P: Reply to P2P Probe Request in Listen state");
   1702 
   1703 	/*
   1704 	 * We do not really have a specific BSS that this frame is advertising,
   1705 	 * so build a frame that has some information in valid format. This is
   1706 	 * really only used for discovery purposes, not to learn exact BSS
   1707 	 * parameters.
   1708 	 */
   1709 	ies = p2p_build_probe_resp_ies(p2p);
   1710 	if (ies == NULL)
   1711 		return;
   1712 
   1713 	buf = wpabuf_alloc(200 + wpabuf_len(ies));
   1714 	if (buf == NULL) {
   1715 		wpabuf_free(ies);
   1716 		return;
   1717 	}
   1718 
   1719 	resp = NULL;
   1720 	resp = wpabuf_put(buf, resp->u.probe_resp.variable - (u8 *) resp);
   1721 
   1722 	resp->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
   1723 					   (WLAN_FC_STYPE_PROBE_RESP << 4));
   1724 	os_memcpy(resp->da, addr, ETH_ALEN);
   1725 	os_memcpy(resp->sa, p2p->cfg->dev_addr, ETH_ALEN);
   1726 	os_memcpy(resp->bssid, p2p->cfg->dev_addr, ETH_ALEN);
   1727 	resp->u.probe_resp.beacon_int = host_to_le16(100);
   1728 	/* hardware or low-level driver will setup seq_ctrl and timestamp */
   1729 	resp->u.probe_resp.capab_info =
   1730 		host_to_le16(WLAN_CAPABILITY_SHORT_PREAMBLE |
   1731 			     WLAN_CAPABILITY_PRIVACY |
   1732 			     WLAN_CAPABILITY_SHORT_SLOT_TIME);
   1733 
   1734 	wpabuf_put_u8(buf, WLAN_EID_SSID);
   1735 	wpabuf_put_u8(buf, P2P_WILDCARD_SSID_LEN);
   1736 	wpabuf_put_data(buf, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN);
   1737 
   1738 	wpabuf_put_u8(buf, WLAN_EID_SUPP_RATES);
   1739 	wpabuf_put_u8(buf, 8);
   1740 	wpabuf_put_u8(buf, (60 / 5) | 0x80);
   1741 	wpabuf_put_u8(buf, 90 / 5);
   1742 	wpabuf_put_u8(buf, (120 / 5) | 0x80);
   1743 	wpabuf_put_u8(buf, 180 / 5);
   1744 	wpabuf_put_u8(buf, (240 / 5) | 0x80);
   1745 	wpabuf_put_u8(buf, 360 / 5);
   1746 	wpabuf_put_u8(buf, 480 / 5);
   1747 	wpabuf_put_u8(buf, 540 / 5);
   1748 
   1749 	wpabuf_put_u8(buf, WLAN_EID_DS_PARAMS);
   1750 	wpabuf_put_u8(buf, 1);
   1751 	wpabuf_put_u8(buf, p2p->cfg->channel);
   1752 
   1753 	wpabuf_put_buf(buf, ies);
   1754 	wpabuf_free(ies);
   1755 
   1756 	p2p->cfg->send_probe_resp(p2p->cfg->cb_ctx, buf);
   1757 
   1758 	wpabuf_free(buf);
   1759 }
   1760 
   1761 
   1762 int p2p_probe_req_rx(struct p2p_data *p2p, const u8 *addr, const u8 *ie,
   1763 		     size_t ie_len)
   1764 {
   1765 	p2p_add_dev_from_probe_req(p2p, addr, ie, ie_len);
   1766 
   1767 	p2p_reply_probe(p2p, addr, ie, ie_len);
   1768 
   1769 	if ((p2p->state == P2P_CONNECT || p2p->state == P2P_CONNECT_LISTEN) &&
   1770 	    p2p->go_neg_peer &&
   1771 	    os_memcmp(addr, p2p->go_neg_peer->info.p2p_device_addr, ETH_ALEN)
   1772 	    == 0) {
   1773 		/* Received a Probe Request from GO Negotiation peer */
   1774 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1775 			"P2P: Found GO Negotiation peer - try to start GO "
   1776 			"negotiation from timeout");
   1777 		eloop_register_timeout(0, 0, p2p_go_neg_start, p2p, NULL);
   1778 		return 1;
   1779 	}
   1780 
   1781 	if ((p2p->state == P2P_INVITE || p2p->state == P2P_INVITE_LISTEN) &&
   1782 	    p2p->invite_peer &&
   1783 	    os_memcmp(addr, p2p->invite_peer->info.p2p_device_addr, ETH_ALEN)
   1784 	    == 0) {
   1785 		/* Received a Probe Request from Invite peer */
   1786 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1787 			"P2P: Found Invite peer - try to start Invite from "
   1788 			"timeout");
   1789 		eloop_register_timeout(0, 0, p2p_invite_start, p2p, NULL);
   1790 		return 1;
   1791 	}
   1792 
   1793 	return 0;
   1794 }
   1795 
   1796 
   1797 static int p2p_assoc_req_ie_wlan_ap(struct p2p_data *p2p, const u8 *bssid,
   1798 				    u8 *buf, size_t len, struct wpabuf *p2p_ie)
   1799 {
   1800 	struct wpabuf *tmp;
   1801 	u8 *lpos;
   1802 	size_t tmplen;
   1803 	int res;
   1804 	u8 group_capab;
   1805 
   1806 	if (p2p_ie == NULL)
   1807 		return 0; /* WLAN AP is not a P2P manager */
   1808 
   1809 	/*
   1810 	 * (Re)Association Request - P2P IE
   1811 	 * P2P Capability attribute (shall be present)
   1812 	 * P2P Interface attribute (present if concurrent device and
   1813 	 *	P2P Management is enabled)
   1814 	 */
   1815 	tmp = wpabuf_alloc(200);
   1816 	if (tmp == NULL)
   1817 		return -1;
   1818 
   1819 	lpos = p2p_buf_add_ie_hdr(tmp);
   1820 	group_capab = 0;
   1821 	if (p2p->num_groups > 0) {
   1822 		group_capab |= P2P_GROUP_CAPAB_GROUP_OWNER;
   1823 		if ((p2p->dev_capab & P2P_DEV_CAPAB_CONCURRENT_OPER) &&
   1824 		    (p2p->dev_capab & P2P_DEV_CAPAB_INFRA_MANAGED) &&
   1825 		    p2p->cross_connect)
   1826 			group_capab |= P2P_GROUP_CAPAB_CROSS_CONN;
   1827 	}
   1828 	p2p_buf_add_capability(tmp, p2p->dev_capab, group_capab);
   1829 	if ((p2p->dev_capab & P2P_DEV_CAPAB_CONCURRENT_OPER) &&
   1830 	    (p2p->dev_capab & P2P_DEV_CAPAB_INFRA_MANAGED))
   1831 		p2p_buf_add_p2p_interface(tmp, p2p);
   1832 	p2p_buf_update_ie_hdr(tmp, lpos);
   1833 
   1834 	tmplen = wpabuf_len(tmp);
   1835 	if (tmplen > len)
   1836 		res = -1;
   1837 	else {
   1838 		os_memcpy(buf, wpabuf_head(tmp), tmplen);
   1839 		res = tmplen;
   1840 	}
   1841 	wpabuf_free(tmp);
   1842 
   1843 	return res;
   1844 }
   1845 
   1846 
   1847 int p2p_assoc_req_ie(struct p2p_data *p2p, const u8 *bssid, u8 *buf,
   1848 		     size_t len, int p2p_group, struct wpabuf *p2p_ie)
   1849 {
   1850 	struct wpabuf *tmp;
   1851 	u8 *lpos;
   1852 	struct p2p_device *peer;
   1853 	size_t tmplen;
   1854 	int res;
   1855 
   1856 	if (!p2p_group)
   1857 		return p2p_assoc_req_ie_wlan_ap(p2p, bssid, buf, len, p2p_ie);
   1858 
   1859 	/*
   1860 	 * (Re)Association Request - P2P IE
   1861 	 * P2P Capability attribute (shall be present)
   1862 	 * Extended Listen Timing (may be present)
   1863 	 * P2P Device Info attribute (shall be present)
   1864 	 */
   1865 	tmp = wpabuf_alloc(200);
   1866 	if (tmp == NULL)
   1867 		return -1;
   1868 
   1869 	peer = bssid ? p2p_get_device(p2p, bssid) : NULL;
   1870 
   1871 	lpos = p2p_buf_add_ie_hdr(tmp);
   1872 	p2p_buf_add_capability(tmp, p2p->dev_capab, 0);
   1873 	if (p2p->ext_listen_interval)
   1874 		p2p_buf_add_ext_listen_timing(tmp, p2p->ext_listen_period,
   1875 					      p2p->ext_listen_interval);
   1876 	p2p_buf_add_device_info(tmp, p2p, peer);
   1877 	p2p_buf_update_ie_hdr(tmp, lpos);
   1878 
   1879 	tmplen = wpabuf_len(tmp);
   1880 	if (tmplen > len)
   1881 		res = -1;
   1882 	else {
   1883 		os_memcpy(buf, wpabuf_head(tmp), tmplen);
   1884 		res = tmplen;
   1885 	}
   1886 	wpabuf_free(tmp);
   1887 
   1888 	return res;
   1889 }
   1890 
   1891 
   1892 int p2p_scan_result_text(const u8 *ies, size_t ies_len, char *buf, char *end)
   1893 {
   1894 	struct wpabuf *p2p_ie;
   1895 	int ret;
   1896 
   1897 	p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, P2P_IE_VENDOR_TYPE);
   1898 	if (p2p_ie == NULL)
   1899 		return 0;
   1900 
   1901 	ret = p2p_attr_text(p2p_ie, buf, end);
   1902 	wpabuf_free(p2p_ie);
   1903 	return ret;
   1904 }
   1905 
   1906 
   1907 static void p2p_clear_go_neg(struct p2p_data *p2p)
   1908 {
   1909 	p2p->go_neg_peer = NULL;
   1910 	p2p_clear_timeout(p2p);
   1911 	p2p_set_state(p2p, P2P_IDLE);
   1912 }
   1913 
   1914 
   1915 void p2p_wps_success_cb(struct p2p_data *p2p, const u8 *mac_addr)
   1916 {
   1917 	if (p2p->go_neg_peer == NULL) {
   1918 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1919 			"P2P: No pending Group Formation - "
   1920 			"ignore WPS registration success notification");
   1921 		return; /* No pending Group Formation */
   1922 	}
   1923 
   1924 	if (os_memcmp(mac_addr, p2p->go_neg_peer->intended_addr, ETH_ALEN) !=
   1925 	    0) {
   1926 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1927 			"P2P: Ignore WPS registration success notification "
   1928 			"for " MACSTR " (GO Negotiation peer " MACSTR ")",
   1929 			MAC2STR(mac_addr),
   1930 			MAC2STR(p2p->go_neg_peer->intended_addr));
   1931 		return; /* Ignore unexpected peer address */
   1932 	}
   1933 
   1934 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1935 		"P2P: Group Formation completed successfully with " MACSTR,
   1936 		MAC2STR(mac_addr));
   1937 
   1938 	p2p_clear_go_neg(p2p);
   1939 }
   1940 
   1941 
   1942 void p2p_group_formation_failed(struct p2p_data *p2p)
   1943 {
   1944 	if (p2p->go_neg_peer == NULL) {
   1945 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1946 			"P2P: No pending Group Formation - "
   1947 			"ignore group formation failure notification");
   1948 		return; /* No pending Group Formation */
   1949 	}
   1950 
   1951 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   1952 		"P2P: Group Formation failed with " MACSTR,
   1953 		MAC2STR(p2p->go_neg_peer->intended_addr));
   1954 
   1955 	p2p_clear_go_neg(p2p);
   1956 }
   1957 
   1958 
   1959 struct p2p_data * p2p_init(const struct p2p_config *cfg)
   1960 {
   1961 	struct p2p_data *p2p;
   1962 
   1963 	if (cfg->max_peers < 1)
   1964 		return NULL;
   1965 
   1966 	p2p = os_zalloc(sizeof(*p2p) + sizeof(*cfg));
   1967 	if (p2p == NULL)
   1968 		return NULL;
   1969 	p2p->cfg = (struct p2p_config *) (p2p + 1);
   1970 	os_memcpy(p2p->cfg, cfg, sizeof(*cfg));
   1971 	if (cfg->dev_name)
   1972 		p2p->cfg->dev_name = os_strdup(cfg->dev_name);
   1973 	if (cfg->manufacturer)
   1974 		p2p->cfg->manufacturer = os_strdup(cfg->manufacturer);
   1975 	if (cfg->model_name)
   1976 		p2p->cfg->model_name = os_strdup(cfg->model_name);
   1977 	if (cfg->model_number)
   1978 		p2p->cfg->model_number = os_strdup(cfg->model_number);
   1979 	if (cfg->serial_number)
   1980 		p2p->cfg->serial_number = os_strdup(cfg->serial_number);
   1981 
   1982 	p2p->min_disc_int = 1;
   1983 	p2p->max_disc_int = 3;
   1984 
   1985 	os_get_random(&p2p->next_tie_breaker, 1);
   1986 	p2p->next_tie_breaker &= 0x01;
   1987 	if (cfg->sd_request)
   1988 		p2p->dev_capab |= P2P_DEV_CAPAB_SERVICE_DISCOVERY;
   1989 	p2p->dev_capab |= P2P_DEV_CAPAB_INVITATION_PROCEDURE;
   1990 	if (cfg->concurrent_operations)
   1991 		p2p->dev_capab |= P2P_DEV_CAPAB_CONCURRENT_OPER;
   1992 	p2p->dev_capab |= P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY;
   1993 
   1994 	dl_list_init(&p2p->devices);
   1995 
   1996 	eloop_register_timeout(P2P_PEER_EXPIRATION_INTERVAL, 0,
   1997 			       p2p_expiration_timeout, p2p, NULL);
   1998 
   1999 	return p2p;
   2000 }
   2001 
   2002 
   2003 void p2p_deinit(struct p2p_data *p2p)
   2004 {
   2005 	eloop_cancel_timeout(p2p_expiration_timeout, p2p, NULL);
   2006 	eloop_cancel_timeout(p2p_ext_listen_timeout, p2p, NULL);
   2007 	eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
   2008 	p2p_flush(p2p);
   2009 	p2p_free_req_dev_types(p2p);
   2010 	os_free(p2p->cfg->dev_name);
   2011 	os_free(p2p->cfg->manufacturer);
   2012 	os_free(p2p->cfg->model_name);
   2013 	os_free(p2p->cfg->model_number);
   2014 	os_free(p2p->cfg->serial_number);
   2015 	os_free(p2p->groups);
   2016 	wpabuf_free(p2p->sd_resp);
   2017 	os_free(p2p->after_scan_tx);
   2018 	p2p_remove_wps_vendor_extensions(p2p);
   2019 	os_free(p2p);
   2020 }
   2021 
   2022 
   2023 void p2p_flush(struct p2p_data *p2p)
   2024 {
   2025 	struct p2p_device *dev, *prev;
   2026 	p2p_clear_timeout(p2p);
   2027 	p2p_set_state(p2p, P2P_IDLE);
   2028 	p2p->start_after_scan = P2P_AFTER_SCAN_NOTHING;
   2029 	p2p->go_neg_peer = NULL;
   2030 	eloop_cancel_timeout(p2p_find_timeout, p2p, NULL);
   2031 	dl_list_for_each_safe(dev, prev, &p2p->devices, struct p2p_device,
   2032 			      list) {
   2033 		dl_list_del(&dev->list);
   2034 		p2p_device_free(p2p, dev);
   2035 	}
   2036 	p2p_free_sd_queries(p2p);
   2037 	os_free(p2p->after_scan_tx);
   2038 	p2p->after_scan_tx = NULL;
   2039 }
   2040 
   2041 
   2042 int p2p_unauthorize(struct p2p_data *p2p, const u8 *addr)
   2043 {
   2044 	struct p2p_device *dev;
   2045 
   2046 	dev = p2p_get_device(p2p, addr);
   2047 	if (dev == NULL)
   2048 		return -1;
   2049 
   2050 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Unauthorizing " MACSTR,
   2051 		MAC2STR(addr));
   2052 
   2053 	if (p2p->go_neg_peer == dev)
   2054 		p2p->go_neg_peer = NULL;
   2055 
   2056 	dev->wps_method = WPS_NOT_READY;
   2057 	dev->flags &= ~P2P_DEV_WAIT_GO_NEG_RESPONSE;
   2058 	dev->flags &= ~P2P_DEV_WAIT_GO_NEG_CONFIRM;
   2059 
   2060 	/* Check if after_scan_tx is for this peer. If so free it */
   2061 	if (p2p->after_scan_tx &&
   2062 	    os_memcmp(addr, p2p->after_scan_tx->dst, ETH_ALEN) == 0) {
   2063 		os_free(p2p->after_scan_tx);
   2064 		p2p->after_scan_tx = NULL;
   2065 	}
   2066 
   2067 	return 0;
   2068 }
   2069 
   2070 
   2071 int p2p_set_dev_name(struct p2p_data *p2p, const char *dev_name)
   2072 {
   2073 	os_free(p2p->cfg->dev_name);
   2074 	if (dev_name) {
   2075 		p2p->cfg->dev_name = os_strdup(dev_name);
   2076 		if (p2p->cfg->dev_name == NULL)
   2077 			return -1;
   2078 	} else
   2079 		p2p->cfg->dev_name = NULL;
   2080 	return 0;
   2081 }
   2082 
   2083 
   2084 int p2p_set_manufacturer(struct p2p_data *p2p, const char *manufacturer)
   2085 {
   2086 	os_free(p2p->cfg->manufacturer);
   2087 	p2p->cfg->manufacturer = NULL;
   2088 	if (manufacturer) {
   2089 		p2p->cfg->manufacturer = os_strdup(manufacturer);
   2090 		if (p2p->cfg->manufacturer == NULL)
   2091 			return -1;
   2092 	}
   2093 
   2094 	return 0;
   2095 }
   2096 
   2097 
   2098 int p2p_set_model_name(struct p2p_data *p2p, const char *model_name)
   2099 {
   2100 	os_free(p2p->cfg->model_name);
   2101 	p2p->cfg->model_name = NULL;
   2102 	if (model_name) {
   2103 		p2p->cfg->model_name = os_strdup(model_name);
   2104 		if (p2p->cfg->model_name == NULL)
   2105 			return -1;
   2106 	}
   2107 
   2108 	return 0;
   2109 }
   2110 
   2111 
   2112 int p2p_set_model_number(struct p2p_data *p2p, const char *model_number)
   2113 {
   2114 	os_free(p2p->cfg->model_number);
   2115 	p2p->cfg->model_number = NULL;
   2116 	if (model_number) {
   2117 		p2p->cfg->model_number = os_strdup(model_number);
   2118 		if (p2p->cfg->model_number == NULL)
   2119 			return -1;
   2120 	}
   2121 
   2122 	return 0;
   2123 }
   2124 
   2125 
   2126 int p2p_set_serial_number(struct p2p_data *p2p, const char *serial_number)
   2127 {
   2128 	os_free(p2p->cfg->serial_number);
   2129 	p2p->cfg->serial_number = NULL;
   2130 	if (serial_number) {
   2131 		p2p->cfg->serial_number = os_strdup(serial_number);
   2132 		if (p2p->cfg->serial_number == NULL)
   2133 			return -1;
   2134 	}
   2135 
   2136 	return 0;
   2137 }
   2138 
   2139 
   2140 void p2p_set_config_methods(struct p2p_data *p2p, u16 config_methods)
   2141 {
   2142 	p2p->cfg->config_methods = config_methods;
   2143 }
   2144 
   2145 
   2146 void p2p_set_uuid(struct p2p_data *p2p, const u8 *uuid)
   2147 {
   2148 	os_memcpy(p2p->cfg->uuid, uuid, 16);
   2149 }
   2150 
   2151 
   2152 int p2p_set_pri_dev_type(struct p2p_data *p2p, const u8 *pri_dev_type)
   2153 {
   2154 	os_memcpy(p2p->cfg->pri_dev_type, pri_dev_type, 8);
   2155 	return 0;
   2156 }
   2157 
   2158 
   2159 int p2p_set_sec_dev_types(struct p2p_data *p2p, const u8 dev_types[][8],
   2160 			  size_t num_dev_types)
   2161 {
   2162 	if (num_dev_types > P2P_SEC_DEVICE_TYPES)
   2163 		num_dev_types = P2P_SEC_DEVICE_TYPES;
   2164 	p2p->cfg->num_sec_dev_types = num_dev_types;
   2165 	os_memcpy(p2p->cfg->sec_dev_type, dev_types, num_dev_types * 8);
   2166 	return 0;
   2167 }
   2168 
   2169 
   2170 void p2p_remove_wps_vendor_extensions(struct p2p_data *p2p)
   2171 {
   2172 	int i;
   2173 
   2174 	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
   2175 		wpabuf_free(p2p->wps_vendor_ext[i]);
   2176 		p2p->wps_vendor_ext[i] = NULL;
   2177 	}
   2178 }
   2179 
   2180 
   2181 int p2p_add_wps_vendor_extension(struct p2p_data *p2p,
   2182 				 const struct wpabuf *vendor_ext)
   2183 {
   2184 	int i;
   2185 
   2186 	if (vendor_ext == NULL)
   2187 		return -1;
   2188 
   2189 	for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
   2190 		if (p2p->wps_vendor_ext[i] == NULL)
   2191 			break;
   2192 	}
   2193 	if (i >= P2P_MAX_WPS_VENDOR_EXT)
   2194 		return -1;
   2195 
   2196 	p2p->wps_vendor_ext[i] = wpabuf_dup(vendor_ext);
   2197 	if (p2p->wps_vendor_ext[i] == NULL)
   2198 		return -1;
   2199 
   2200 	return 0;
   2201 }
   2202 
   2203 
   2204 int p2p_set_country(struct p2p_data *p2p, const char *country)
   2205 {
   2206 	os_memcpy(p2p->cfg->country, country, 3);
   2207 	return 0;
   2208 }
   2209 
   2210 
   2211 void p2p_continue_find(struct p2p_data *p2p)
   2212 {
   2213 	struct p2p_device *dev;
   2214 	p2p_set_state(p2p, P2P_SEARCH);
   2215 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
   2216 		if (dev->flags & P2P_DEV_SD_SCHEDULE) {
   2217 			if (p2p_start_sd(p2p, dev) == 0)
   2218 				return;
   2219 			else
   2220 				break;
   2221 		} else if (dev->req_config_methods &&
   2222 			   !(dev->flags & P2P_DEV_PD_FOR_JOIN)) {
   2223 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Send "
   2224 				"pending Provisioning Discovery Request to "
   2225 				MACSTR " (config methods 0x%x)",
   2226 				MAC2STR(dev->info.p2p_device_addr),
   2227 				dev->req_config_methods);
   2228 			if (p2p_send_prov_disc_req(p2p, dev, 0) == 0)
   2229 				return;
   2230 		}
   2231 	}
   2232 
   2233 	p2p_listen_in_find(p2p);
   2234 }
   2235 
   2236 
   2237 static void p2p_sd_cb(struct p2p_data *p2p, int success)
   2238 {
   2239 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2240 		"P2P: Service Discovery Query TX callback: success=%d",
   2241 		success);
   2242 	p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   2243 
   2244 	if (!success) {
   2245 		if (p2p->sd_peer) {
   2246 			p2p->sd_peer->flags &= ~P2P_DEV_SD_SCHEDULE;
   2247 			p2p->sd_peer = NULL;
   2248 		}
   2249 		p2p_continue_find(p2p);
   2250 		return;
   2251 	}
   2252 
   2253 	if (p2p->sd_peer == NULL) {
   2254 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2255 			"P2P: No SD peer entry known");
   2256 		p2p_continue_find(p2p);
   2257 		return;
   2258 	}
   2259 
   2260 	/* Wait for response from the peer */
   2261 	p2p_set_state(p2p, P2P_SD_DURING_FIND);
   2262 	p2p_set_timeout(p2p, 0, 200000);
   2263 }
   2264 
   2265 
   2266 /**
   2267  * p2p_retry_pd - Retry any pending provision disc requests in IDLE state
   2268  * @p2p: P2P module context from p2p_init()
   2269  */
   2270 void p2p_retry_pd(struct p2p_data *p2p)
   2271 {
   2272 	struct p2p_device *dev;
   2273 
   2274 	if (p2p->state != P2P_IDLE)
   2275 		return;
   2276 
   2277 	/*
   2278 	 * Retry the prov disc req attempt only for the peer that the user had
   2279 	 * requested for and provided a join has not been initiated on it
   2280 	 * in the meantime.
   2281 	 */
   2282 
   2283 	dl_list_for_each(dev, &p2p->devices, struct p2p_device, list) {
   2284 		if (os_memcmp(p2p->pending_pd_devaddr,
   2285 			      dev->info.p2p_device_addr, ETH_ALEN) != 0)
   2286 			continue;
   2287 		if (!dev->req_config_methods)
   2288 			continue;
   2289 		if (dev->flags & P2P_DEV_PD_FOR_JOIN)
   2290 			continue;
   2291 
   2292 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Send "
   2293 			"pending Provisioning Discovery Request to "
   2294 			MACSTR " (config methods 0x%x)",
   2295 			MAC2STR(dev->info.p2p_device_addr),
   2296 			dev->req_config_methods);
   2297 		p2p_send_prov_disc_req(p2p, dev, 0);
   2298 		return;
   2299 	}
   2300 }
   2301 
   2302 
   2303 static void p2p_prov_disc_cb(struct p2p_data *p2p, int success)
   2304 {
   2305 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2306 		"P2P: Provision Discovery Request TX callback: success=%d",
   2307 		success);
   2308 
   2309 	/*
   2310 	 * Postpone resetting the pending action state till after we actually
   2311 	 * time out. This allows us to take some action like notifying any
   2312 	 * interested parties about no response to the request.
   2313 	 *
   2314 	 * When the timer (below) goes off we check in IDLE, SEARCH, or
   2315 	 * LISTEN_ONLY state, which are the only allowed states to issue a PD
   2316 	 * requests in, if this was still pending and then raise notification.
   2317 	 */
   2318 
   2319 	if (!success) {
   2320 		p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   2321 
   2322 		if (p2p->state != P2P_IDLE)
   2323 			p2p_continue_find(p2p);
   2324 		else if (p2p->user_initiated_pd) {
   2325 			p2p->pending_action_state = P2P_PENDING_PD;
   2326 			p2p_set_timeout(p2p, 0, 300000);
   2327 		}
   2328 		return;
   2329 	}
   2330 
   2331 	/*
   2332 	 * This postponing, of resetting pending_action_state, needs to be
   2333 	 * done only for user initiated PD requests and not internal ones.
   2334 	 */
   2335 	if (p2p->user_initiated_pd)
   2336 		p2p->pending_action_state = P2P_PENDING_PD;
   2337 	else
   2338 		p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   2339 
   2340 	/* Wait for response from the peer */
   2341 	if (p2p->state == P2P_SEARCH)
   2342 		p2p_set_state(p2p, P2P_PD_DURING_FIND);
   2343 	p2p_set_timeout(p2p, 0, 200000);
   2344 }
   2345 
   2346 
   2347 int p2p_scan_res_handler(struct p2p_data *p2p, const u8 *bssid, int freq,
   2348 			 int level, const u8 *ies, size_t ies_len)
   2349 {
   2350 	p2p_add_device(p2p, bssid, freq, level, ies, ies_len);
   2351 
   2352 	if (p2p->go_neg_peer && p2p->state == P2P_SEARCH &&
   2353 	    os_memcmp(p2p->go_neg_peer->info.p2p_device_addr, bssid, ETH_ALEN)
   2354 	    == 0) {
   2355 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2356 			"P2P: Found GO Negotiation peer - try to start GO "
   2357 			"negotiation");
   2358 		p2p_connect_send(p2p, p2p->go_neg_peer);
   2359 		return 1;
   2360 	}
   2361 
   2362 	return 0;
   2363 }
   2364 
   2365 
   2366 void p2p_scan_res_handled(struct p2p_data *p2p)
   2367 {
   2368 	if (!p2p->p2p_scan_running) {
   2369 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: p2p_scan was not "
   2370 			"running, but scan results received");
   2371 	}
   2372 	p2p->p2p_scan_running = 0;
   2373 	eloop_cancel_timeout(p2p_scan_timeout, p2p, NULL);
   2374 
   2375 	if (p2p_run_after_scan(p2p))
   2376 		return;
   2377 	if (p2p->state == P2P_SEARCH)
   2378 		p2p_continue_find(p2p);
   2379 }
   2380 
   2381 
   2382 void p2p_scan_ie(struct p2p_data *p2p, struct wpabuf *ies)
   2383 {
   2384 	u8 *len = p2p_buf_add_ie_hdr(ies);
   2385 	p2p_buf_add_capability(ies, p2p->dev_capab, 0);
   2386 	if (p2p->cfg->reg_class && p2p->cfg->channel)
   2387 		p2p_buf_add_listen_channel(ies, p2p->cfg->country,
   2388 					   p2p->cfg->reg_class,
   2389 					   p2p->cfg->channel);
   2390 	if (p2p->ext_listen_interval)
   2391 		p2p_buf_add_ext_listen_timing(ies, p2p->ext_listen_period,
   2392 					      p2p->ext_listen_interval);
   2393 	/* TODO: p2p_buf_add_operating_channel() if GO */
   2394 	p2p_buf_update_ie_hdr(ies, len);
   2395 }
   2396 
   2397 
   2398 int p2p_ie_text(struct wpabuf *p2p_ie, char *buf, char *end)
   2399 {
   2400 	return p2p_attr_text(p2p_ie, buf, end);
   2401 }
   2402 
   2403 
   2404 static void p2p_go_neg_req_cb(struct p2p_data *p2p, int success)
   2405 {
   2406 	struct p2p_device *dev = p2p->go_neg_peer;
   2407 
   2408 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2409 		"P2P: GO Negotiation Request TX callback: success=%d",
   2410 		success);
   2411 
   2412 	if (dev == NULL) {
   2413 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2414 			"P2P: No pending GO Negotiation");
   2415 		return;
   2416 	}
   2417 
   2418 	if (success) {
   2419 		dev->go_neg_req_sent++;
   2420 		if (dev->flags & P2P_DEV_USER_REJECTED) {
   2421 			p2p_set_state(p2p, P2P_IDLE);
   2422 			return;
   2423 		}
   2424 	}
   2425 
   2426 	if (!success &&
   2427 	    (dev->info.dev_capab & P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY) &&
   2428 	    !is_zero_ether_addr(dev->member_in_go_dev)) {
   2429 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2430 			"P2P: Peer " MACSTR " did not acknowledge request - "
   2431 			"try to use device discoverability through its GO",
   2432 			MAC2STR(dev->info.p2p_device_addr));
   2433 		p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2434 		p2p_send_dev_disc_req(p2p, dev);
   2435 		return;
   2436 	}
   2437 
   2438 	/*
   2439 	 * Use P2P find, if needed, to find the other device from its listen
   2440 	 * channel.
   2441 	 */
   2442 	p2p_set_state(p2p, P2P_CONNECT);
   2443 	p2p_set_timeout(p2p, 0, 100000);
   2444 }
   2445 
   2446 
   2447 static void p2p_go_neg_resp_cb(struct p2p_data *p2p, int success)
   2448 {
   2449 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2450 		"P2P: GO Negotiation Response TX callback: success=%d",
   2451 		success);
   2452 	if (!p2p->go_neg_peer && p2p->state == P2P_PROVISIONING) {
   2453 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2454 			"P2P: Ignore TX callback event - GO Negotiation is "
   2455 			"not running anymore");
   2456 		return;
   2457 	}
   2458 	p2p_set_state(p2p, P2P_CONNECT);
   2459 	p2p_set_timeout(p2p, 0, 100000);
   2460 }
   2461 
   2462 
   2463 static void p2p_go_neg_resp_failure_cb(struct p2p_data *p2p, int success)
   2464 {
   2465 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2466 		"P2P: GO Negotiation Response (failure) TX callback: "
   2467 		"success=%d", success);
   2468 	if (p2p->go_neg_peer && p2p->go_neg_peer->status != P2P_SC_SUCCESS) {
   2469 		p2p_go_neg_failed(p2p, p2p->go_neg_peer,
   2470 				  p2p->go_neg_peer->status);
   2471 	}
   2472 }
   2473 
   2474 
   2475 static void p2p_go_neg_conf_cb(struct p2p_data *p2p,
   2476 			       enum p2p_send_action_result result)
   2477 {
   2478 	struct p2p_device *dev;
   2479 
   2480 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2481 		"P2P: GO Negotiation Confirm TX callback: result=%d",
   2482 		result);
   2483 	p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2484 	if (result == P2P_SEND_ACTION_FAILED) {
   2485 		p2p_go_neg_failed(p2p, p2p->go_neg_peer, -1);
   2486 		return;
   2487 	}
   2488 	if (result == P2P_SEND_ACTION_NO_ACK) {
   2489 		/*
   2490 		 * It looks like the TX status for GO Negotiation Confirm is
   2491 		 * often showing failure even when the peer has actually
   2492 		 * received the frame. Since the peer may change channels
   2493 		 * immediately after having received the frame, we may not see
   2494 		 * an Ack for retries, so just dropping a single frame may
   2495 		 * trigger this. To allow the group formation to succeed if the
   2496 		 * peer did indeed receive the frame, continue regardless of
   2497 		 * the TX status.
   2498 		 */
   2499 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2500 			"P2P: Assume GO Negotiation Confirm TX was actually "
   2501 			"received by the peer even though Ack was not "
   2502 			"reported");
   2503 	}
   2504 
   2505 	dev = p2p->go_neg_peer;
   2506 	if (dev == NULL)
   2507 		return;
   2508 
   2509 	p2p_go_complete(p2p, dev);
   2510 }
   2511 
   2512 
   2513 void p2p_send_action_cb(struct p2p_data *p2p, unsigned int freq, const u8 *dst,
   2514 			const u8 *src, const u8 *bssid,
   2515 			enum p2p_send_action_result result)
   2516 {
   2517 	enum p2p_pending_action_state state;
   2518 	int success;
   2519 
   2520 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2521 		"P2P: Action frame TX callback (state=%d freq=%u dst=" MACSTR
   2522 		" src=" MACSTR " bssid=" MACSTR " result=%d",
   2523 		p2p->pending_action_state, freq, MAC2STR(dst), MAC2STR(src),
   2524 		MAC2STR(bssid), result);
   2525 	success = result == P2P_SEND_ACTION_SUCCESS;
   2526 	state = p2p->pending_action_state;
   2527 	p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   2528 	switch (state) {
   2529 	case P2P_NO_PENDING_ACTION:
   2530 		break;
   2531 	case P2P_PENDING_GO_NEG_REQUEST:
   2532 		p2p_go_neg_req_cb(p2p, success);
   2533 		break;
   2534 	case P2P_PENDING_GO_NEG_RESPONSE:
   2535 		p2p_go_neg_resp_cb(p2p, success);
   2536 		break;
   2537 	case P2P_PENDING_GO_NEG_RESPONSE_FAILURE:
   2538 		p2p_go_neg_resp_failure_cb(p2p, success);
   2539 		break;
   2540 	case P2P_PENDING_GO_NEG_CONFIRM:
   2541 		p2p_go_neg_conf_cb(p2p, result);
   2542 		break;
   2543 	case P2P_PENDING_SD:
   2544 		p2p_sd_cb(p2p, success);
   2545 		break;
   2546 	case P2P_PENDING_PD:
   2547 		p2p_prov_disc_cb(p2p, success);
   2548 		break;
   2549 	case P2P_PENDING_INVITATION_REQUEST:
   2550 		p2p_invitation_req_cb(p2p, success);
   2551 		break;
   2552 	case P2P_PENDING_INVITATION_RESPONSE:
   2553 		p2p_invitation_resp_cb(p2p, success);
   2554 		break;
   2555 	case P2P_PENDING_DEV_DISC_REQUEST:
   2556 		p2p_dev_disc_req_cb(p2p, success);
   2557 		break;
   2558 	case P2P_PENDING_DEV_DISC_RESPONSE:
   2559 		p2p_dev_disc_resp_cb(p2p, success);
   2560 		break;
   2561 	case P2P_PENDING_GO_DISC_REQ:
   2562 		p2p_go_disc_req_cb(p2p, success);
   2563 		break;
   2564 	}
   2565 }
   2566 
   2567 
   2568 void p2p_listen_cb(struct p2p_data *p2p, unsigned int freq,
   2569 		   unsigned int duration)
   2570 {
   2571 	if (freq == p2p->pending_client_disc_freq) {
   2572 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2573 			"P2P: Client discoverability remain-awake completed");
   2574 		p2p->pending_client_disc_freq = 0;
   2575 		return;
   2576 	}
   2577 
   2578 	if (freq != p2p->pending_listen_freq) {
   2579 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2580 			"P2P: Unexpected listen callback for freq=%u "
   2581 			"duration=%u (pending_listen_freq=%u)",
   2582 			freq, duration, p2p->pending_listen_freq);
   2583 		return;
   2584 	}
   2585 
   2586 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2587 		"P2P: Starting Listen timeout(%u,%u) on freq=%u based on "
   2588 		"callback",
   2589 		p2p->pending_listen_sec, p2p->pending_listen_usec,
   2590 		p2p->pending_listen_freq);
   2591 	p2p->in_listen = 1;
   2592 	p2p->drv_in_listen = freq;
   2593 	if (p2p->pending_listen_sec || p2p->pending_listen_usec) {
   2594 		/*
   2595 		 * Add 20 msec extra wait to avoid race condition with driver
   2596 		 * remain-on-channel end event, i.e., give driver more time to
   2597 		 * complete the operation before our timeout expires.
   2598 		 */
   2599 		p2p_set_timeout(p2p, p2p->pending_listen_sec,
   2600 				p2p->pending_listen_usec + 20000);
   2601 	}
   2602 
   2603 	p2p->pending_listen_freq = 0;
   2604 }
   2605 
   2606 
   2607 int p2p_listen_end(struct p2p_data *p2p, unsigned int freq)
   2608 {
   2609 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Driver ended Listen "
   2610 		"state (freq=%u)", freq);
   2611 	p2p->drv_in_listen = 0;
   2612 	if (p2p->in_listen)
   2613 		return 0; /* Internal timeout will trigger the next step */
   2614 
   2615 	if (p2p->state == P2P_CONNECT_LISTEN && p2p->go_neg_peer) {
   2616 		if (p2p->go_neg_peer->connect_reqs >= 120) {
   2617 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2618 				"P2P: Timeout on sending GO Negotiation "
   2619 				"Request without getting response");
   2620 			p2p_go_neg_failed(p2p, p2p->go_neg_peer, -1);
   2621 			return 0;
   2622 		}
   2623 
   2624 		p2p_set_state(p2p, P2P_CONNECT);
   2625 		p2p_connect_send(p2p, p2p->go_neg_peer);
   2626 		return 1;
   2627 	} else if (p2p->state == P2P_SEARCH) {
   2628 		p2p_search(p2p);
   2629 		return 1;
   2630 	}
   2631 
   2632 	return 0;
   2633 }
   2634 
   2635 
   2636 static void p2p_timeout_connect(struct p2p_data *p2p)
   2637 {
   2638 	p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2639 	p2p_set_state(p2p, P2P_CONNECT_LISTEN);
   2640 	p2p_listen_in_find(p2p);
   2641 }
   2642 
   2643 
   2644 static void p2p_timeout_connect_listen(struct p2p_data *p2p)
   2645 {
   2646 	if (p2p->go_neg_peer) {
   2647 		if (p2p->drv_in_listen) {
   2648 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Driver is "
   2649 				"still in Listen state; wait for it to "
   2650 				"complete");
   2651 			return;
   2652 		}
   2653 
   2654 		if (p2p->go_neg_peer->connect_reqs >= 120) {
   2655 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2656 				"P2P: Timeout on sending GO Negotiation "
   2657 				"Request without getting response");
   2658 			p2p_go_neg_failed(p2p, p2p->go_neg_peer, -1);
   2659 			return;
   2660 		}
   2661 
   2662 		p2p_set_state(p2p, P2P_CONNECT);
   2663 		p2p_connect_send(p2p, p2p->go_neg_peer);
   2664 	} else
   2665 		p2p_set_state(p2p, P2P_IDLE);
   2666 }
   2667 
   2668 
   2669 static void p2p_timeout_wait_peer_connect(struct p2p_data *p2p)
   2670 {
   2671 	/*
   2672 	 * TODO: could remain constantly in Listen state for some time if there
   2673 	 * are no other concurrent uses for the radio. For now, go to listen
   2674 	 * state once per second to give other uses a chance to use the radio.
   2675 	 */
   2676 	p2p_set_state(p2p, P2P_WAIT_PEER_IDLE);
   2677 #ifdef ANDROID_BRCM_P2P_PATCH
   2678 	/*
   2679 	 * We need to be back in Listen state soon enough so that we don't miss
   2680 	 * the GO Nego req from the peer.
   2681 	*/
   2682 	p2p_set_timeout(p2p, 0, 0);
   2683 #else
   2684 	p2p_set_timeout(p2p, 1, 0);
   2685 #endif
   2686 }
   2687 
   2688 
   2689 static void p2p_timeout_wait_peer_idle(struct p2p_data *p2p)
   2690 {
   2691 	struct p2p_device *dev = p2p->go_neg_peer;
   2692 
   2693 	if (dev == NULL) {
   2694 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2695 			"P2P: Unknown GO Neg peer - stop GO Neg wait");
   2696 		return;
   2697 	}
   2698 
   2699 	dev->wait_count++;
   2700 	if (dev->wait_count >= 120) {
   2701 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2702 			"P2P: Timeout on waiting peer to become ready for GO "
   2703 			"Negotiation");
   2704 		p2p_go_neg_failed(p2p, dev, -1);
   2705 		return;
   2706 	}
   2707 
   2708 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2709 		"P2P: Go to Listen state while waiting for the peer to become "
   2710 		"ready for GO Negotiation");
   2711 	p2p_set_state(p2p, P2P_WAIT_PEER_CONNECT);
   2712 	p2p_listen_in_find(p2p);
   2713 }
   2714 
   2715 
   2716 static void p2p_timeout_sd_during_find(struct p2p_data *p2p)
   2717 {
   2718 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2719 		"P2P: Service Discovery Query timeout");
   2720 	if (p2p->sd_peer) {
   2721 		p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2722 		p2p->sd_peer->flags &= ~P2P_DEV_SD_SCHEDULE;
   2723 		p2p->sd_peer = NULL;
   2724 	}
   2725 	p2p_continue_find(p2p);
   2726 }
   2727 
   2728 
   2729 static void p2p_timeout_prov_disc_during_find(struct p2p_data *p2p)
   2730 {
   2731 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2732 		"P2P: Provision Discovery Request timeout");
   2733 	p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2734 	p2p_continue_find(p2p);
   2735 }
   2736 
   2737 
   2738 static void p2p_timeout_prov_disc_req(struct p2p_data *p2p)
   2739 {
   2740 	p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   2741 
   2742 	/*
   2743 	 * For user initiated PD requests that we have not gotten any responses
   2744 	 * for while in IDLE state, we retry them a couple of times before
   2745 	 * giving up.
   2746 	 */
   2747 	if (!p2p->user_initiated_pd)
   2748 		return;
   2749 
   2750 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2751 		"P2P: User initiated Provision Discovery Request timeout");
   2752 
   2753 	if (p2p->pd_retries) {
   2754 		p2p->pd_retries--;
   2755 		p2p_retry_pd(p2p);
   2756 	} else {
   2757 		if (p2p->cfg->prov_disc_fail)
   2758 			p2p->cfg->prov_disc_fail(p2p->cfg->cb_ctx,
   2759 						 p2p->pending_pd_devaddr,
   2760 						 P2P_PROV_DISC_TIMEOUT);
   2761 		p2p_reset_pending_pd(p2p);
   2762 	}
   2763 }
   2764 
   2765 
   2766 static void p2p_timeout_invite(struct p2p_data *p2p)
   2767 {
   2768 	p2p->cfg->send_action_done(p2p->cfg->cb_ctx);
   2769 	p2p_set_state(p2p, P2P_INVITE_LISTEN);
   2770 	if (p2p->inv_role == P2P_INVITE_ROLE_ACTIVE_GO) {
   2771 		/*
   2772 		 * Better remain on operating channel instead of listen channel
   2773 		 * when running a group.
   2774 		 */
   2775 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Inviting in "
   2776 			"active GO role - wait on operating channel");
   2777 		p2p_set_timeout(p2p, 0, 100000);
   2778 		return;
   2779 	}
   2780 	p2p_listen_in_find(p2p);
   2781 }
   2782 
   2783 
   2784 static void p2p_timeout_invite_listen(struct p2p_data *p2p)
   2785 {
   2786 	if (p2p->invite_peer && p2p->invite_peer->invitation_reqs < 100) {
   2787 		p2p_set_state(p2p, P2P_INVITE);
   2788 		p2p_invite_send(p2p, p2p->invite_peer,
   2789 				p2p->invite_go_dev_addr);
   2790 	} else {
   2791 		if (p2p->invite_peer) {
   2792 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2793 				"P2P: Invitation Request retry limit reached");
   2794 			if (p2p->cfg->invitation_result)
   2795 				p2p->cfg->invitation_result(
   2796 					p2p->cfg->cb_ctx, -1, NULL);
   2797 		}
   2798 		p2p_set_state(p2p, P2P_IDLE);
   2799 	}
   2800 }
   2801 
   2802 
   2803 static void p2p_state_timeout(void *eloop_ctx, void *timeout_ctx)
   2804 {
   2805 	struct p2p_data *p2p = eloop_ctx;
   2806 
   2807 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Timeout (state=%s)",
   2808 		p2p_state_txt(p2p->state));
   2809 
   2810 	p2p->in_listen = 0;
   2811 
   2812 	switch (p2p->state) {
   2813 	case P2P_IDLE:
   2814 		/* Check if we timed out waiting for PD req */
   2815 		if (p2p->pending_action_state == P2P_PENDING_PD)
   2816 			p2p_timeout_prov_disc_req(p2p);
   2817 		break;
   2818 	case P2P_SEARCH:
   2819 		/* Check if we timed out waiting for PD req */
   2820 		if (p2p->pending_action_state == P2P_PENDING_PD)
   2821 			p2p_timeout_prov_disc_req(p2p);
   2822 		p2p_search(p2p);
   2823 		break;
   2824 	case P2P_CONNECT:
   2825 		p2p_timeout_connect(p2p);
   2826 		break;
   2827 	case P2P_CONNECT_LISTEN:
   2828 		p2p_timeout_connect_listen(p2p);
   2829 		break;
   2830 	case P2P_GO_NEG:
   2831 		break;
   2832 	case P2P_LISTEN_ONLY:
   2833 		/* Check if we timed out waiting for PD req */
   2834 		if (p2p->pending_action_state == P2P_PENDING_PD)
   2835 			p2p_timeout_prov_disc_req(p2p);
   2836 
   2837 		if (p2p->ext_listen_only) {
   2838 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   2839 				"P2P: Extended Listen Timing - Listen State "
   2840 				"completed");
   2841 			p2p->ext_listen_only = 0;
   2842 			p2p_set_state(p2p, P2P_IDLE);
   2843 		}
   2844 		break;
   2845 	case P2P_WAIT_PEER_CONNECT:
   2846 		p2p_timeout_wait_peer_connect(p2p);
   2847 		break;
   2848 	case P2P_WAIT_PEER_IDLE:
   2849 		p2p_timeout_wait_peer_idle(p2p);
   2850 		break;
   2851 	case P2P_SD_DURING_FIND:
   2852 		p2p_timeout_sd_during_find(p2p);
   2853 		break;
   2854 	case P2P_PROVISIONING:
   2855 		break;
   2856 	case P2P_PD_DURING_FIND:
   2857 		p2p_timeout_prov_disc_during_find(p2p);
   2858 		break;
   2859 	case P2P_INVITE:
   2860 		p2p_timeout_invite(p2p);
   2861 		break;
   2862 	case P2P_INVITE_LISTEN:
   2863 		p2p_timeout_invite_listen(p2p);
   2864 		break;
   2865 	}
   2866 }
   2867 
   2868 
   2869 int p2p_reject(struct p2p_data *p2p, const u8 *peer_addr)
   2870 {
   2871 	struct p2p_device *dev;
   2872 
   2873 	dev = p2p_get_device(p2p, peer_addr);
   2874 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Local request to reject "
   2875 		"connection attempts by peer " MACSTR, MAC2STR(peer_addr));
   2876 	if (dev == NULL) {
   2877 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Peer " MACSTR
   2878 			" unknown", MAC2STR(peer_addr));
   2879 		return -1;
   2880 	}
   2881 	dev->status = P2P_SC_FAIL_REJECTED_BY_USER;
   2882 	dev->flags |= P2P_DEV_USER_REJECTED;
   2883 	return 0;
   2884 }
   2885 
   2886 
   2887 static const char * p2p_wps_method_text(enum p2p_wps_method method)
   2888 {
   2889 	switch (method) {
   2890 	case WPS_NOT_READY:
   2891 		return "not-ready";
   2892 	case WPS_PIN_LABEL:
   2893 		return "Label";
   2894 	case WPS_PIN_DISPLAY:
   2895 		return "Display";
   2896 	case WPS_PIN_KEYPAD:
   2897 		return "Keypad";
   2898 	case WPS_PBC:
   2899 		return "PBC";
   2900 	}
   2901 
   2902 	return "??";
   2903 }
   2904 
   2905 
   2906 static const char * p2p_go_state_text(enum p2p_go_state go_state)
   2907 {
   2908 	switch (go_state) {
   2909 	case UNKNOWN_GO:
   2910 		return "unknown";
   2911 	case LOCAL_GO:
   2912 		return "local";
   2913 	case  REMOTE_GO:
   2914 		return "remote";
   2915 	}
   2916 
   2917 	return "??";
   2918 }
   2919 
   2920 
   2921 int p2p_get_peer_info(struct p2p_data *p2p, const u8 *addr, int next,
   2922 		      char *buf, size_t buflen)
   2923 {
   2924 	struct p2p_device *dev;
   2925 	int res;
   2926 	char *pos, *end;
   2927 	struct os_time now;
   2928 	char devtype[WPS_DEV_TYPE_BUFSIZE];
   2929 
   2930 	if (addr)
   2931 		dev = p2p_get_device(p2p, addr);
   2932 	else
   2933 		dev = dl_list_first(&p2p->devices, struct p2p_device, list);
   2934 
   2935 	if (dev && next) {
   2936 		dev = dl_list_first(&dev->list, struct p2p_device, list);
   2937 		if (&dev->list == &p2p->devices)
   2938 			dev = NULL;
   2939 	}
   2940 
   2941 	if (dev == NULL)
   2942 		return -1;
   2943 
   2944 	pos = buf;
   2945 	end = buf + buflen;
   2946 
   2947 	res = os_snprintf(pos, end - pos, MACSTR "\n",
   2948 			  MAC2STR(dev->info.p2p_device_addr));
   2949 	if (res < 0 || res >= end - pos)
   2950 		return pos - buf;
   2951 	pos += res;
   2952 
   2953 	os_get_time(&now);
   2954 	res = os_snprintf(pos, end - pos,
   2955 			  "age=%d\n"
   2956 			  "listen_freq=%d\n"
   2957 			  "level=%d\n"
   2958 			  "wps_method=%s\n"
   2959 			  "interface_addr=" MACSTR "\n"
   2960 			  "member_in_go_dev=" MACSTR "\n"
   2961 			  "member_in_go_iface=" MACSTR "\n"
   2962 			  "pri_dev_type=%s\n"
   2963 			  "device_name=%s\n"
   2964 			  "manufacturer=%s\n"
   2965 			  "model_name=%s\n"
   2966 			  "model_number=%s\n"
   2967 			  "serial_number=%s\n"
   2968 			  "config_methods=0x%x\n"
   2969 			  "dev_capab=0x%x\n"
   2970 			  "group_capab=0x%x\n"
   2971 			  "go_neg_req_sent=%d\n"
   2972 			  "go_state=%s\n"
   2973 			  "dialog_token=%u\n"
   2974 			  "intended_addr=" MACSTR "\n"
   2975 			  "country=%c%c\n"
   2976 			  "oper_freq=%d\n"
   2977 			  "req_config_methods=0x%x\n"
   2978 			  "flags=%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s\n"
   2979 			  "status=%d\n"
   2980 			  "wait_count=%u\n"
   2981 			  "invitation_reqs=%u\n",
   2982 			  (int) (now.sec - dev->last_seen.sec),
   2983 			  dev->listen_freq,
   2984 			  dev->info.level,
   2985 			  p2p_wps_method_text(dev->wps_method),
   2986 			  MAC2STR(dev->interface_addr),
   2987 			  MAC2STR(dev->member_in_go_dev),
   2988 			  MAC2STR(dev->member_in_go_iface),
   2989 			  wps_dev_type_bin2str(dev->info.pri_dev_type,
   2990 					       devtype, sizeof(devtype)),
   2991 			  dev->info.device_name,
   2992 			  dev->info.manufacturer,
   2993 			  dev->info.model_name,
   2994 			  dev->info.model_number,
   2995 			  dev->info.serial_number,
   2996 			  dev->info.config_methods,
   2997 			  dev->info.dev_capab,
   2998 			  dev->info.group_capab,
   2999 			  dev->go_neg_req_sent,
   3000 			  p2p_go_state_text(dev->go_state),
   3001 			  dev->dialog_token,
   3002 			  MAC2STR(dev->intended_addr),
   3003 			  dev->country[0] ? dev->country[0] : '_',
   3004 			  dev->country[1] ? dev->country[1] : '_',
   3005 			  dev->oper_freq,
   3006 			  dev->req_config_methods,
   3007 			  dev->flags & P2P_DEV_PROBE_REQ_ONLY ?
   3008 			  "[PROBE_REQ_ONLY]" : "",
   3009 			  dev->flags & P2P_DEV_REPORTED ? "[REPORTED]" : "",
   3010 			  dev->flags & P2P_DEV_NOT_YET_READY ?
   3011 			  "[NOT_YET_READY]" : "",
   3012 			  dev->flags & P2P_DEV_SD_INFO ? "[SD_INFO]" : "",
   3013 			  dev->flags & P2P_DEV_SD_SCHEDULE ? "[SD_SCHEDULE]" :
   3014 			  "",
   3015 			  dev->flags & P2P_DEV_PD_PEER_DISPLAY ?
   3016 			  "[PD_PEER_DISPLAY]" : "",
   3017 			  dev->flags & P2P_DEV_PD_PEER_KEYPAD ?
   3018 			  "[PD_PEER_KEYPAD]" : "",
   3019 			  dev->flags & P2P_DEV_USER_REJECTED ?
   3020 			  "[USER_REJECTED]" : "",
   3021 			  dev->flags & P2P_DEV_PEER_WAITING_RESPONSE ?
   3022 			  "[PEER_WAITING_RESPONSE]" : "",
   3023 			  dev->flags & P2P_DEV_PREFER_PERSISTENT_GROUP ?
   3024 			  "[PREFER_PERSISTENT_GROUP]" : "",
   3025 			  dev->flags & P2P_DEV_WAIT_GO_NEG_RESPONSE ?
   3026 			  "[WAIT_GO_NEG_RESPONSE]" : "",
   3027 			  dev->flags & P2P_DEV_WAIT_GO_NEG_CONFIRM ?
   3028 			  "[WAIT_GO_NEG_CONFIRM]" : "",
   3029 			  dev->flags & P2P_DEV_GROUP_CLIENT_ONLY ?
   3030 			  "[GROUP_CLIENT_ONLY]" : "",
   3031 			  dev->flags & P2P_DEV_FORCE_FREQ ?
   3032 			  "[FORCE_FREQ]" : "",
   3033 			  dev->flags & P2P_DEV_PD_FOR_JOIN ?
   3034 			  "[PD_FOR_JOIN]" : "",
   3035 			  dev->status,
   3036 			  dev->wait_count,
   3037 			  dev->invitation_reqs);
   3038 	if (res < 0 || res >= end - pos)
   3039 		return pos - buf;
   3040 	pos += res;
   3041 
   3042 	if (dev->ext_listen_period) {
   3043 		res = os_snprintf(pos, end - pos,
   3044 				  "ext_listen_period=%u\n"
   3045 				  "ext_listen_interval=%u\n",
   3046 				  dev->ext_listen_period,
   3047 				  dev->ext_listen_interval);
   3048 		if (res < 0 || res >= end - pos)
   3049 			return pos - buf;
   3050 		pos += res;
   3051 	}
   3052 
   3053 	if (dev->oper_ssid_len) {
   3054 		res = os_snprintf(pos, end - pos,
   3055 				  "oper_ssid=%s\n",
   3056 				  wpa_ssid_txt(dev->oper_ssid,
   3057 					       dev->oper_ssid_len));
   3058 		if (res < 0 || res >= end - pos)
   3059 			return pos - buf;
   3060 		pos += res;
   3061 	}
   3062 
   3063 	return pos - buf;
   3064 }
   3065 
   3066 
   3067 void p2p_set_client_discoverability(struct p2p_data *p2p, int enabled)
   3068 {
   3069 	if (enabled) {
   3070 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Client "
   3071 			"discoverability enabled");
   3072 		p2p->dev_capab |= P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY;
   3073 	} else {
   3074 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Client "
   3075 			"discoverability disabled");
   3076 		p2p->dev_capab &= ~P2P_DEV_CAPAB_CLIENT_DISCOVERABILITY;
   3077 	}
   3078 }
   3079 
   3080 
   3081 static struct wpabuf * p2p_build_presence_req(u32 duration1, u32 interval1,
   3082 					      u32 duration2, u32 interval2)
   3083 {
   3084 	struct wpabuf *req;
   3085 	struct p2p_noa_desc desc1, desc2, *ptr1 = NULL, *ptr2 = NULL;
   3086 	u8 *len;
   3087 
   3088 	req = wpabuf_alloc(100);
   3089 	if (req == NULL)
   3090 		return NULL;
   3091 
   3092 	if (duration1 || interval1) {
   3093 		os_memset(&desc1, 0, sizeof(desc1));
   3094 		desc1.count_type = 1;
   3095 		desc1.duration = duration1;
   3096 		desc1.interval = interval1;
   3097 		ptr1 = &desc1;
   3098 
   3099 		if (duration2 || interval2) {
   3100 			os_memset(&desc2, 0, sizeof(desc2));
   3101 			desc2.count_type = 2;
   3102 			desc2.duration = duration2;
   3103 			desc2.interval = interval2;
   3104 			ptr2 = &desc2;
   3105 		}
   3106 	}
   3107 
   3108 	p2p_buf_add_action_hdr(req, P2P_PRESENCE_REQ, 1);
   3109 	len = p2p_buf_add_ie_hdr(req);
   3110 	p2p_buf_add_noa(req, 0, 0, 0, ptr1, ptr2);
   3111 	p2p_buf_update_ie_hdr(req, len);
   3112 
   3113 	return req;
   3114 }
   3115 
   3116 
   3117 int p2p_presence_req(struct p2p_data *p2p, const u8 *go_interface_addr,
   3118 		     const u8 *own_interface_addr, unsigned int freq,
   3119 		     u32 duration1, u32 interval1, u32 duration2,
   3120 		     u32 interval2)
   3121 {
   3122 	struct wpabuf *req;
   3123 
   3124 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Send Presence Request to "
   3125 		"GO " MACSTR " (own interface " MACSTR ") freq=%u dur1=%u "
   3126 		"int1=%u dur2=%u int2=%u",
   3127 		MAC2STR(go_interface_addr), MAC2STR(own_interface_addr),
   3128 		freq, duration1, interval1, duration2, interval2);
   3129 
   3130 	req = p2p_build_presence_req(duration1, interval1, duration2,
   3131 				     interval2);
   3132 	if (req == NULL)
   3133 		return -1;
   3134 
   3135 	p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   3136 	if (p2p_send_action(p2p, freq, go_interface_addr, own_interface_addr,
   3137 			    go_interface_addr,
   3138 			    wpabuf_head(req), wpabuf_len(req), 200) < 0) {
   3139 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3140 			"P2P: Failed to send Action frame");
   3141 	}
   3142 	wpabuf_free(req);
   3143 
   3144 	return 0;
   3145 }
   3146 
   3147 
   3148 static struct wpabuf * p2p_build_presence_resp(u8 status, const u8 *noa,
   3149 					       size_t noa_len, u8 dialog_token)
   3150 {
   3151 	struct wpabuf *resp;
   3152 	u8 *len;
   3153 
   3154 	resp = wpabuf_alloc(100 + noa_len);
   3155 	if (resp == NULL)
   3156 		return NULL;
   3157 
   3158 	p2p_buf_add_action_hdr(resp, P2P_PRESENCE_RESP, dialog_token);
   3159 	len = p2p_buf_add_ie_hdr(resp);
   3160 	p2p_buf_add_status(resp, status);
   3161 	if (noa) {
   3162 		wpabuf_put_u8(resp, P2P_ATTR_NOTICE_OF_ABSENCE);
   3163 		wpabuf_put_le16(resp, noa_len);
   3164 		wpabuf_put_data(resp, noa, noa_len);
   3165 	} else
   3166 		p2p_buf_add_noa(resp, 0, 0, 0, NULL, NULL);
   3167 	p2p_buf_update_ie_hdr(resp, len);
   3168 
   3169 	return resp;
   3170 }
   3171 
   3172 
   3173 static void p2p_process_presence_req(struct p2p_data *p2p, const u8 *da,
   3174 				     const u8 *sa, const u8 *data, size_t len,
   3175 				     int rx_freq)
   3176 {
   3177 	struct p2p_message msg;
   3178 	u8 status;
   3179 	struct wpabuf *resp;
   3180 	size_t g;
   3181 	struct p2p_group *group = NULL;
   3182 	int parsed = 0;
   3183 	u8 noa[50];
   3184 	int noa_len;
   3185 
   3186 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3187 		"P2P: Received P2P Action - P2P Presence Request");
   3188 
   3189 	for (g = 0; g < p2p->num_groups; g++) {
   3190 		if (os_memcmp(da, p2p_group_get_interface_addr(p2p->groups[g]),
   3191 			      ETH_ALEN) == 0) {
   3192 			group = p2p->groups[g];
   3193 			break;
   3194 		}
   3195 	}
   3196 	if (group == NULL) {
   3197 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3198 			"P2P: Ignore P2P Presence Request for unknown group "
   3199 			MACSTR, MAC2STR(da));
   3200 		return;
   3201 	}
   3202 
   3203 	if (p2p_parse(data, len, &msg) < 0) {
   3204 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3205 			"P2P: Failed to parse P2P Presence Request");
   3206 		status = P2P_SC_FAIL_INVALID_PARAMS;
   3207 		goto fail;
   3208 	}
   3209 	parsed = 1;
   3210 
   3211 	if (msg.noa == NULL) {
   3212 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3213 			"P2P: No NoA attribute in P2P Presence Request");
   3214 		status = P2P_SC_FAIL_INVALID_PARAMS;
   3215 		goto fail;
   3216 	}
   3217 
   3218 	status = p2p_group_presence_req(group, sa, msg.noa, msg.noa_len);
   3219 
   3220 fail:
   3221 	if (p2p->cfg->get_noa)
   3222 		noa_len = p2p->cfg->get_noa(p2p->cfg->cb_ctx, da, noa,
   3223 					    sizeof(noa));
   3224 	else
   3225 		noa_len = -1;
   3226 	resp = p2p_build_presence_resp(status, noa_len > 0 ? noa : NULL,
   3227 				       noa_len > 0 ? noa_len : 0,
   3228 				       msg.dialog_token);
   3229 	if (parsed)
   3230 		p2p_parse_free(&msg);
   3231 	if (resp == NULL)
   3232 		return;
   3233 
   3234 	p2p->pending_action_state = P2P_NO_PENDING_ACTION;
   3235 	if (p2p_send_action(p2p, rx_freq, sa, da, da,
   3236 			    wpabuf_head(resp), wpabuf_len(resp), 200) < 0) {
   3237 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3238 			"P2P: Failed to send Action frame");
   3239 	}
   3240 	wpabuf_free(resp);
   3241 }
   3242 
   3243 
   3244 static void p2p_process_presence_resp(struct p2p_data *p2p, const u8 *da,
   3245 				      const u8 *sa, const u8 *data, size_t len)
   3246 {
   3247 	struct p2p_message msg;
   3248 
   3249 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3250 		"P2P: Received P2P Action - P2P Presence Response");
   3251 
   3252 	if (p2p_parse(data, len, &msg) < 0) {
   3253 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3254 			"P2P: Failed to parse P2P Presence Response");
   3255 		return;
   3256 	}
   3257 
   3258 	if (msg.status == NULL || msg.noa == NULL) {
   3259 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3260 			"P2P: No Status or NoA attribute in P2P Presence "
   3261 			"Response");
   3262 		p2p_parse_free(&msg);
   3263 		return;
   3264 	}
   3265 
   3266 	if (*msg.status) {
   3267 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3268 			"P2P: P2P Presence Request was rejected: status %u",
   3269 			*msg.status);
   3270 		p2p_parse_free(&msg);
   3271 		return;
   3272 	}
   3273 
   3274 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3275 		"P2P: P2P Presence Request was accepted");
   3276 	wpa_hexdump(MSG_DEBUG, "P2P: P2P Presence Response - NoA",
   3277 		    msg.noa, msg.noa_len);
   3278 	/* TODO: process NoA */
   3279 	p2p_parse_free(&msg);
   3280 }
   3281 
   3282 
   3283 static void p2p_ext_listen_timeout(void *eloop_ctx, void *timeout_ctx)
   3284 {
   3285 	struct p2p_data *p2p = eloop_ctx;
   3286 
   3287 	if (p2p->ext_listen_interval) {
   3288 		/* Schedule next extended listen timeout */
   3289 		eloop_register_timeout(p2p->ext_listen_interval_sec,
   3290 				       p2p->ext_listen_interval_usec,
   3291 				       p2p_ext_listen_timeout, p2p, NULL);
   3292 	}
   3293 
   3294 	if (p2p->state == P2P_LISTEN_ONLY && p2p->ext_listen_only) {
   3295 		/*
   3296 		 * This should not really happen, but it looks like the Listen
   3297 		 * command may fail is something else (e.g., a scan) was
   3298 		 * running at an inconvenient time. As a workaround, allow new
   3299 		 * Extended Listen operation to be started.
   3300 		 */
   3301 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Previous "
   3302 			"Extended Listen operation had not been completed - "
   3303 			"try again");
   3304 		p2p->ext_listen_only = 0;
   3305 		p2p_set_state(p2p, P2P_IDLE);
   3306 	}
   3307 
   3308 	if (p2p->state != P2P_IDLE) {
   3309 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Skip Extended "
   3310 			"Listen timeout in active state (%s)",
   3311 			p2p_state_txt(p2p->state));
   3312 		return;
   3313 	}
   3314 
   3315 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Extended Listen timeout");
   3316 	p2p->ext_listen_only = 1;
   3317 	if (p2p_listen(p2p, p2p->ext_listen_period) < 0) {
   3318 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Failed to start "
   3319 			"Listen state for Extended Listen Timing");
   3320 		p2p->ext_listen_only = 0;
   3321 	}
   3322 }
   3323 
   3324 
   3325 int p2p_ext_listen(struct p2p_data *p2p, unsigned int period,
   3326 		   unsigned int interval)
   3327 {
   3328 	if (period > 65535 || interval > 65535 || period > interval ||
   3329 	    (period == 0 && interval > 0) || (period > 0 && interval == 0)) {
   3330 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3331 			"P2P: Invalid Extended Listen Timing request: "
   3332 			"period=%u interval=%u", period, interval);
   3333 		return -1;
   3334 	}
   3335 
   3336 	eloop_cancel_timeout(p2p_ext_listen_timeout, p2p, NULL);
   3337 
   3338 	if (interval == 0) {
   3339 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3340 			"P2P: Disabling Extended Listen Timing");
   3341 		p2p->ext_listen_period = 0;
   3342 		p2p->ext_listen_interval = 0;
   3343 		return 0;
   3344 	}
   3345 
   3346 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG,
   3347 		"P2P: Enabling Extended Listen Timing: period %u msec, "
   3348 		"interval %u msec", period, interval);
   3349 	p2p->ext_listen_period = period;
   3350 	p2p->ext_listen_interval = interval;
   3351 	p2p->ext_listen_interval_sec = interval / 1000;
   3352 	p2p->ext_listen_interval_usec = (interval % 1000) * 1000;
   3353 
   3354 	eloop_register_timeout(p2p->ext_listen_interval_sec,
   3355 			       p2p->ext_listen_interval_usec,
   3356 			       p2p_ext_listen_timeout, p2p, NULL);
   3357 
   3358 	return 0;
   3359 }
   3360 
   3361 
   3362 void p2p_deauth_notif(struct p2p_data *p2p, const u8 *bssid, u16 reason_code,
   3363 		      const u8 *ie, size_t ie_len)
   3364 {
   3365 	struct p2p_message msg;
   3366 
   3367 	if (bssid == NULL || ie == NULL)
   3368 		return;
   3369 
   3370 	os_memset(&msg, 0, sizeof(msg));
   3371 	if (p2p_parse_ies(ie, ie_len, &msg))
   3372 		return;
   3373 	if (msg.minor_reason_code == NULL)
   3374 		return;
   3375 
   3376 	wpa_msg(p2p->cfg->msg_ctx, MSG_INFO,
   3377 		"P2P: Deauthentication notification BSSID " MACSTR
   3378 		" reason_code=%u minor_reason_code=%u",
   3379 		MAC2STR(bssid), reason_code, *msg.minor_reason_code);
   3380 
   3381 	p2p_parse_free(&msg);
   3382 }
   3383 
   3384 
   3385 void p2p_disassoc_notif(struct p2p_data *p2p, const u8 *bssid, u16 reason_code,
   3386 			const u8 *ie, size_t ie_len)
   3387 {
   3388 	struct p2p_message msg;
   3389 
   3390 	if (bssid == NULL || ie == NULL)
   3391 		return;
   3392 
   3393 	os_memset(&msg, 0, sizeof(msg));
   3394 	if (p2p_parse_ies(ie, ie_len, &msg))
   3395 		return;
   3396 	if (msg.minor_reason_code == NULL)
   3397 		return;
   3398 
   3399 	wpa_msg(p2p->cfg->msg_ctx, MSG_INFO,
   3400 		"P2P: Disassociation notification BSSID " MACSTR
   3401 		" reason_code=%u minor_reason_code=%u",
   3402 		MAC2STR(bssid), reason_code, *msg.minor_reason_code);
   3403 
   3404 	p2p_parse_free(&msg);
   3405 }
   3406 
   3407 
   3408 void p2p_set_managed_oper(struct p2p_data *p2p, int enabled)
   3409 {
   3410 	if (enabled) {
   3411 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Managed P2P "
   3412 			"Device operations enabled");
   3413 		p2p->dev_capab |= P2P_DEV_CAPAB_INFRA_MANAGED;
   3414 	} else {
   3415 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Managed P2P "
   3416 			"Device operations disabled");
   3417 		p2p->dev_capab &= ~P2P_DEV_CAPAB_INFRA_MANAGED;
   3418 	}
   3419 }
   3420 
   3421 
   3422 int p2p_set_listen_channel(struct p2p_data *p2p, u8 reg_class, u8 channel)
   3423 {
   3424 	if (p2p_channel_to_freq(p2p->cfg->country, reg_class, channel) < 0)
   3425 		return -1;
   3426 
   3427 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Set Listen channel: "
   3428 		"reg_class %u channel %u", reg_class, channel);
   3429 	p2p->cfg->reg_class = reg_class;
   3430 	p2p->cfg->channel = channel;
   3431 
   3432 	return 0;
   3433 }
   3434 
   3435 
   3436 int p2p_set_ssid_postfix(struct p2p_data *p2p, const u8 *postfix, size_t len)
   3437 {
   3438 	wpa_hexdump_ascii(MSG_DEBUG, "P2P: New SSID postfix", postfix, len);
   3439 	if (postfix == NULL) {
   3440 		p2p->cfg->ssid_postfix_len = 0;
   3441 		return 0;
   3442 	}
   3443 	if (len > sizeof(p2p->cfg->ssid_postfix))
   3444 		return -1;
   3445 	os_memcpy(p2p->cfg->ssid_postfix, postfix, len);
   3446 	p2p->cfg->ssid_postfix_len = len;
   3447 	return 0;
   3448 }
   3449 
   3450 
   3451 int p2p_set_oper_channel(struct p2p_data *p2p, u8 op_reg_class, u8 op_channel,
   3452 			 int cfg_op_channel)
   3453 {
   3454 	if (p2p_channel_to_freq(p2p->cfg->country, op_reg_class, op_channel)
   3455 	    < 0)
   3456 		return -1;
   3457 
   3458 	wpa_msg(p2p->cfg->msg_ctx, MSG_INFO, "P2P: Set Operating channel: "
   3459 		"reg_class %u channel %u", op_reg_class, op_channel);
   3460 	p2p->cfg->op_reg_class = op_reg_class;
   3461 	p2p->cfg->op_channel = op_channel;
   3462 	p2p->cfg->cfg_op_channel = cfg_op_channel;
   3463 	return 0;
   3464 }
   3465 
   3466 
   3467 int p2p_get_interface_addr(struct p2p_data *p2p, const u8 *dev_addr,
   3468 			   u8 *iface_addr)
   3469 {
   3470 	struct p2p_device *dev = p2p_get_device(p2p, dev_addr);
   3471 	if (dev == NULL || is_zero_ether_addr(dev->interface_addr))
   3472 		return -1;
   3473 	os_memcpy(iface_addr, dev->interface_addr, ETH_ALEN);
   3474 	return 0;
   3475 }
   3476 
   3477 
   3478 int p2p_get_dev_addr(struct p2p_data *p2p, const u8 *iface_addr,
   3479 			   u8 *dev_addr)
   3480 {
   3481 	struct p2p_device *dev = p2p_get_device_interface(p2p, iface_addr);
   3482 	if (dev == NULL)
   3483 		return -1;
   3484 	os_memcpy(dev_addr, dev->info.p2p_device_addr, ETH_ALEN);
   3485 	return 0;
   3486 }
   3487 
   3488 
   3489 void p2p_set_peer_filter(struct p2p_data *p2p, const u8 *addr)
   3490 {
   3491 	os_memcpy(p2p->peer_filter, addr, ETH_ALEN);
   3492 	if (is_zero_ether_addr(p2p->peer_filter))
   3493 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Disable peer "
   3494 			"filter");
   3495 	else
   3496 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Enable peer "
   3497 			"filter for " MACSTR, MAC2STR(p2p->peer_filter));
   3498 }
   3499 
   3500 
   3501 void p2p_set_cross_connect(struct p2p_data *p2p, int enabled)
   3502 {
   3503 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Cross connection %s",
   3504 		enabled ? "enabled" : "disabled");
   3505 	if (p2p->cross_connect == enabled)
   3506 		return;
   3507 	p2p->cross_connect = enabled;
   3508 	/* TODO: may need to tear down any action group where we are GO(?) */
   3509 }
   3510 
   3511 
   3512 int p2p_get_oper_freq(struct p2p_data *p2p, const u8 *iface_addr)
   3513 {
   3514 	struct p2p_device *dev = p2p_get_device_interface(p2p, iface_addr);
   3515 	if (dev == NULL)
   3516 		return -1;
   3517 	if (dev->oper_freq <= 0)
   3518 		return -1;
   3519 	return dev->oper_freq;
   3520 }
   3521 
   3522 
   3523 void p2p_set_intra_bss_dist(struct p2p_data *p2p, int enabled)
   3524 {
   3525 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Intra BSS distribution %s",
   3526 		enabled ? "enabled" : "disabled");
   3527 	p2p->cfg->p2p_intra_bss = enabled;
   3528 }
   3529 
   3530 
   3531 void p2p_update_channel_list(struct p2p_data *p2p, struct p2p_channels *chan)
   3532 {
   3533 	wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Update channel list");
   3534 	os_memcpy(&p2p->cfg->channels, chan, sizeof(struct p2p_channels));
   3535 }
   3536 
   3537 
   3538 int p2p_send_action(struct p2p_data *p2p, unsigned int freq, const u8 *dst,
   3539 		    const u8 *src, const u8 *bssid, const u8 *buf,
   3540 		    size_t len, unsigned int wait_time)
   3541 {
   3542 	if (p2p->p2p_scan_running) {
   3543 		wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Delay Action "
   3544 			"frame TX until p2p_scan completes");
   3545 		if (p2p->after_scan_tx) {
   3546 			wpa_msg(p2p->cfg->msg_ctx, MSG_DEBUG, "P2P: Dropped "
   3547 				"previous pending Action frame TX");
   3548 			os_free(p2p->after_scan_tx);
   3549 		}
   3550 		p2p->after_scan_tx = os_malloc(sizeof(*p2p->after_scan_tx) +
   3551 					       len);
   3552 		if (p2p->after_scan_tx == NULL)
   3553 			return -1;
   3554 		p2p->after_scan_tx->freq = freq;
   3555 		os_memcpy(p2p->after_scan_tx->dst, dst, ETH_ALEN);
   3556 		os_memcpy(p2p->after_scan_tx->src, src, ETH_ALEN);
   3557 		os_memcpy(p2p->after_scan_tx->bssid, bssid, ETH_ALEN);
   3558 		p2p->