Home | History | Annotate | Download | only in wpa_supplicant
      1 /*
      2  * WPA Supplicant
      3  * Copyright (c) 2003-2016, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  *
      8  * This file implements functions for registering and unregistering
      9  * %wpa_supplicant interfaces. In addition, this file contains number of
     10  * functions for managing network connections.
     11  */
     12 
     13 #include "includes.h"
     14 #ifdef CONFIG_MATCH_IFACE
     15 #include <net/if.h>
     16 #include <fnmatch.h>
     17 #endif /* CONFIG_MATCH_IFACE */
     18 
     19 #include "common.h"
     20 #include "crypto/random.h"
     21 #include "crypto/sha1.h"
     22 #include "eapol_supp/eapol_supp_sm.h"
     23 #include "eap_peer/eap.h"
     24 #include "eap_peer/eap_proxy.h"
     25 #include "eap_server/eap_methods.h"
     26 #include "rsn_supp/wpa.h"
     27 #include "eloop.h"
     28 #include "config.h"
     29 #include "utils/ext_password.h"
     30 #include "l2_packet/l2_packet.h"
     31 #include "wpa_supplicant_i.h"
     32 #include "driver_i.h"
     33 #include "ctrl_iface.h"
     34 #include "pcsc_funcs.h"
     35 #include "common/version.h"
     36 #include "rsn_supp/preauth.h"
     37 #include "rsn_supp/pmksa_cache.h"
     38 #include "common/wpa_ctrl.h"
     39 #include "common/ieee802_11_defs.h"
     40 #include "common/hw_features_common.h"
     41 #include "p2p/p2p.h"
     42 #include "fst/fst.h"
     43 #include "blacklist.h"
     44 #include "wpas_glue.h"
     45 #include "wps_supplicant.h"
     46 #include "ibss_rsn.h"
     47 #include "sme.h"
     48 #include "gas_query.h"
     49 #include "ap.h"
     50 #include "p2p_supplicant.h"
     51 #include "wifi_display.h"
     52 #include "notify.h"
     53 #include "bgscan.h"
     54 #include "autoscan.h"
     55 #include "bss.h"
     56 #include "scan.h"
     57 #include "offchannel.h"
     58 #include "hs20_supplicant.h"
     59 #include "wnm_sta.h"
     60 #include "wpas_kay.h"
     61 #include "mesh.h"
     62 
     63 const char *const wpa_supplicant_version =
     64 "wpa_supplicant v" VERSION_STR "\n"
     65 "Copyright (c) 2003-2016, Jouni Malinen <j (at) w1.fi> and contributors";
     66 
     67 const char *const wpa_supplicant_license =
     68 "This software may be distributed under the terms of the BSD license.\n"
     69 "See README for more details.\n"
     70 #ifdef EAP_TLS_OPENSSL
     71 "\nThis product includes software developed by the OpenSSL Project\n"
     72 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
     73 #endif /* EAP_TLS_OPENSSL */
     74 ;
     75 
     76 #ifndef CONFIG_NO_STDOUT_DEBUG
     77 /* Long text divided into parts in order to fit in C89 strings size limits. */
     78 const char *const wpa_supplicant_full_license1 =
     79 "";
     80 const char *const wpa_supplicant_full_license2 =
     81 "This software may be distributed under the terms of the BSD license.\n"
     82 "\n"
     83 "Redistribution and use in source and binary forms, with or without\n"
     84 "modification, are permitted provided that the following conditions are\n"
     85 "met:\n"
     86 "\n";
     87 const char *const wpa_supplicant_full_license3 =
     88 "1. Redistributions of source code must retain the above copyright\n"
     89 "   notice, this list of conditions and the following disclaimer.\n"
     90 "\n"
     91 "2. Redistributions in binary form must reproduce the above copyright\n"
     92 "   notice, this list of conditions and the following disclaimer in the\n"
     93 "   documentation and/or other materials provided with the distribution.\n"
     94 "\n";
     95 const char *const wpa_supplicant_full_license4 =
     96 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
     97 "   names of its contributors may be used to endorse or promote products\n"
     98 "   derived from this software without specific prior written permission.\n"
     99 "\n"
    100 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
    101 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
    102 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
    103 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
    104 const char *const wpa_supplicant_full_license5 =
    105 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
    106 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
    107 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
    108 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
    109 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
    110 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
    111 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
    112 "\n";
    113 #endif /* CONFIG_NO_STDOUT_DEBUG */
    114 
    115 /* Configure default/group WEP keys for static WEP */
    116 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
    117 {
    118 	int i, set = 0;
    119 
    120 	for (i = 0; i < NUM_WEP_KEYS; i++) {
    121 		if (ssid->wep_key_len[i] == 0)
    122 			continue;
    123 
    124 		set = 1;
    125 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
    126 				i, i == ssid->wep_tx_keyidx, NULL, 0,
    127 				ssid->wep_key[i], ssid->wep_key_len[i]);
    128 	}
    129 
    130 	return set;
    131 }
    132 
    133 
    134 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
    135 				    struct wpa_ssid *ssid)
    136 {
    137 	u8 key[32];
    138 	size_t keylen;
    139 	enum wpa_alg alg;
    140 	u8 seq[6] = { 0 };
    141 	int ret;
    142 
    143 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
    144 	 * sending unicast and multicast packets. */
    145 
    146 	if (ssid->mode != WPAS_MODE_IBSS) {
    147 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
    148 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
    149 		return -1;
    150 	}
    151 
    152 	if (!ssid->psk_set) {
    153 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
    154 			"WPA-None");
    155 		return -1;
    156 	}
    157 
    158 	switch (wpa_s->group_cipher) {
    159 	case WPA_CIPHER_CCMP:
    160 		os_memcpy(key, ssid->psk, 16);
    161 		keylen = 16;
    162 		alg = WPA_ALG_CCMP;
    163 		break;
    164 	case WPA_CIPHER_GCMP:
    165 		os_memcpy(key, ssid->psk, 16);
    166 		keylen = 16;
    167 		alg = WPA_ALG_GCMP;
    168 		break;
    169 	case WPA_CIPHER_TKIP:
    170 		/* WPA-None uses the same Michael MIC key for both TX and RX */
    171 		os_memcpy(key, ssid->psk, 16 + 8);
    172 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
    173 		keylen = 32;
    174 		alg = WPA_ALG_TKIP;
    175 		break;
    176 	default:
    177 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
    178 			"WPA-None", wpa_s->group_cipher);
    179 		return -1;
    180 	}
    181 
    182 	/* TODO: should actually remember the previously used seq#, both for TX
    183 	 * and RX from each STA.. */
    184 
    185 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
    186 	os_memset(key, 0, sizeof(key));
    187 	return ret;
    188 }
    189 
    190 
    191 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
    192 {
    193 	struct wpa_supplicant *wpa_s = eloop_ctx;
    194 	const u8 *bssid = wpa_s->bssid;
    195 	if (is_zero_ether_addr(bssid))
    196 		bssid = wpa_s->pending_bssid;
    197 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
    198 		MAC2STR(bssid));
    199 	wpa_blacklist_add(wpa_s, bssid);
    200 	wpa_sm_notify_disassoc(wpa_s->wpa);
    201 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
    202 	wpa_s->reassociate = 1;
    203 
    204 	/*
    205 	 * If we timed out, the AP or the local radio may be busy.
    206 	 * So, wait a second until scanning again.
    207 	 */
    208 	wpa_supplicant_req_scan(wpa_s, 1, 0);
    209 }
    210 
    211 
    212 /**
    213  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
    214  * @wpa_s: Pointer to wpa_supplicant data
    215  * @sec: Number of seconds after which to time out authentication
    216  * @usec: Number of microseconds after which to time out authentication
    217  *
    218  * This function is used to schedule a timeout for the current authentication
    219  * attempt.
    220  */
    221 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
    222 				     int sec, int usec)
    223 {
    224 	if (wpa_s->conf->ap_scan == 0 &&
    225 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
    226 		return;
    227 
    228 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
    229 		"%d usec", sec, usec);
    230 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
    231 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
    232 }
    233 
    234 
    235 /**
    236  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
    237  * @wpa_s: Pointer to wpa_supplicant data
    238  *
    239  * This function is used to cancel authentication timeout scheduled with
    240  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
    241  * been completed.
    242  */
    243 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
    244 {
    245 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
    246 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
    247 	wpa_blacklist_del(wpa_s, wpa_s->bssid);
    248 }
    249 
    250 
    251 /**
    252  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
    253  * @wpa_s: Pointer to wpa_supplicant data
    254  *
    255  * This function is used to configure EAPOL state machine based on the selected
    256  * authentication mode.
    257  */
    258 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
    259 {
    260 #ifdef IEEE8021X_EAPOL
    261 	struct eapol_config eapol_conf;
    262 	struct wpa_ssid *ssid = wpa_s->current_ssid;
    263 
    264 #ifdef CONFIG_IBSS_RSN
    265 	if (ssid->mode == WPAS_MODE_IBSS &&
    266 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
    267 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
    268 		/*
    269 		 * RSN IBSS authentication is per-STA and we can disable the
    270 		 * per-BSSID EAPOL authentication.
    271 		 */
    272 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
    273 		eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
    274 		eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
    275 		return;
    276 	}
    277 #endif /* CONFIG_IBSS_RSN */
    278 
    279 	eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
    280 	eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
    281 
    282 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
    283 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
    284 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
    285 	else
    286 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
    287 
    288 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
    289 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
    290 		eapol_conf.accept_802_1x_keys = 1;
    291 		eapol_conf.required_keys = 0;
    292 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
    293 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
    294 		}
    295 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
    296 			eapol_conf.required_keys |=
    297 				EAPOL_REQUIRE_KEY_BROADCAST;
    298 		}
    299 
    300 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
    301 			eapol_conf.required_keys = 0;
    302 	}
    303 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
    304 	eapol_conf.workaround = ssid->eap_workaround;
    305 	eapol_conf.eap_disabled =
    306 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
    307 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
    308 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
    309 	eapol_conf.external_sim = wpa_s->conf->external_sim;
    310 
    311 #ifdef CONFIG_WPS
    312 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
    313 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
    314 		if (wpa_s->current_bss) {
    315 			struct wpabuf *ie;
    316 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
    317 							 WPS_IE_VENDOR_TYPE);
    318 			if (ie) {
    319 				if (wps_is_20(ie))
    320 					eapol_conf.wps |=
    321 						EAPOL_PEER_IS_WPS20_AP;
    322 				wpabuf_free(ie);
    323 			}
    324 		}
    325 	}
    326 #endif /* CONFIG_WPS */
    327 
    328 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
    329 
    330 	ieee802_1x_alloc_kay_sm(wpa_s, ssid);
    331 #endif /* IEEE8021X_EAPOL */
    332 }
    333 
    334 
    335 /**
    336  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
    337  * @wpa_s: Pointer to wpa_supplicant data
    338  * @ssid: Configuration data for the network
    339  *
    340  * This function is used to configure WPA state machine and related parameters
    341  * to a mode where WPA is not enabled. This is called as part of the
    342  * authentication configuration when the selected network does not use WPA.
    343  */
    344 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
    345 				       struct wpa_ssid *ssid)
    346 {
    347 	int i;
    348 
    349 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
    350 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
    351 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
    352 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
    353 	else
    354 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
    355 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
    356 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
    357 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
    358 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
    359 	wpa_s->group_cipher = WPA_CIPHER_NONE;
    360 	wpa_s->mgmt_group_cipher = 0;
    361 
    362 	for (i = 0; i < NUM_WEP_KEYS; i++) {
    363 		if (ssid->wep_key_len[i] > 5) {
    364 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
    365 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
    366 			break;
    367 		} else if (ssid->wep_key_len[i] > 0) {
    368 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
    369 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
    370 			break;
    371 		}
    372 	}
    373 
    374 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
    375 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
    376 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
    377 			 wpa_s->pairwise_cipher);
    378 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
    379 #ifdef CONFIG_IEEE80211W
    380 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
    381 			 wpa_s->mgmt_group_cipher);
    382 #endif /* CONFIG_IEEE80211W */
    383 
    384 	pmksa_cache_clear_current(wpa_s->wpa);
    385 }
    386 
    387 
    388 void free_hw_features(struct wpa_supplicant *wpa_s)
    389 {
    390 	int i;
    391 	if (wpa_s->hw.modes == NULL)
    392 		return;
    393 
    394 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
    395 		os_free(wpa_s->hw.modes[i].channels);
    396 		os_free(wpa_s->hw.modes[i].rates);
    397 	}
    398 
    399 	os_free(wpa_s->hw.modes);
    400 	wpa_s->hw.modes = NULL;
    401 }
    402 
    403 
    404 static void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
    405 {
    406 	struct wpa_bss_tmp_disallowed *bss, *prev;
    407 
    408 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
    409 			      struct wpa_bss_tmp_disallowed, list) {
    410 		dl_list_del(&bss->list);
    411 		os_free(bss);
    412 	}
    413 }
    414 
    415 
    416 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
    417 {
    418 	int i;
    419 
    420 	bgscan_deinit(wpa_s);
    421 	autoscan_deinit(wpa_s);
    422 	scard_deinit(wpa_s->scard);
    423 	wpa_s->scard = NULL;
    424 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
    425 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
    426 	l2_packet_deinit(wpa_s->l2);
    427 	wpa_s->l2 = NULL;
    428 	if (wpa_s->l2_br) {
    429 		l2_packet_deinit(wpa_s->l2_br);
    430 		wpa_s->l2_br = NULL;
    431 	}
    432 #ifdef CONFIG_TESTING_OPTIONS
    433 	l2_packet_deinit(wpa_s->l2_test);
    434 	wpa_s->l2_test = NULL;
    435 #endif /* CONFIG_TESTING_OPTIONS */
    436 
    437 	if (wpa_s->conf != NULL) {
    438 		struct wpa_ssid *ssid;
    439 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
    440 			wpas_notify_network_removed(wpa_s, ssid);
    441 	}
    442 
    443 	os_free(wpa_s->confname);
    444 	wpa_s->confname = NULL;
    445 
    446 	os_free(wpa_s->confanother);
    447 	wpa_s->confanother = NULL;
    448 
    449 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
    450 	eapol_sm_deinit(wpa_s->eapol);
    451 	wpa_s->eapol = NULL;
    452 
    453 	rsn_preauth_deinit(wpa_s->wpa);
    454 
    455 #ifdef CONFIG_TDLS
    456 	wpa_tdls_deinit(wpa_s->wpa);
    457 #endif /* CONFIG_TDLS */
    458 
    459 	wmm_ac_clear_saved_tspecs(wpa_s);
    460 	pmksa_candidate_free(wpa_s->wpa);
    461 	wpa_sm_deinit(wpa_s->wpa);
    462 	wpa_s->wpa = NULL;
    463 	wpa_blacklist_clear(wpa_s);
    464 
    465 	wpa_bss_deinit(wpa_s);
    466 
    467 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
    468 	wpa_supplicant_cancel_scan(wpa_s);
    469 	wpa_supplicant_cancel_auth_timeout(wpa_s);
    470 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
    471 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
    472 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
    473 			     wpa_s, NULL);
    474 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
    475 
    476 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
    477 
    478 	wpas_wps_deinit(wpa_s);
    479 
    480 	wpabuf_free(wpa_s->pending_eapol_rx);
    481 	wpa_s->pending_eapol_rx = NULL;
    482 
    483 #ifdef CONFIG_IBSS_RSN
    484 	ibss_rsn_deinit(wpa_s->ibss_rsn);
    485 	wpa_s->ibss_rsn = NULL;
    486 #endif /* CONFIG_IBSS_RSN */
    487 
    488 	sme_deinit(wpa_s);
    489 
    490 #ifdef CONFIG_AP
    491 	wpa_supplicant_ap_deinit(wpa_s);
    492 #endif /* CONFIG_AP */
    493 
    494 	wpas_p2p_deinit(wpa_s);
    495 
    496 #ifdef CONFIG_OFFCHANNEL
    497 	offchannel_deinit(wpa_s);
    498 #endif /* CONFIG_OFFCHANNEL */
    499 
    500 	wpa_supplicant_cancel_sched_scan(wpa_s);
    501 
    502 	os_free(wpa_s->next_scan_freqs);
    503 	wpa_s->next_scan_freqs = NULL;
    504 
    505 	os_free(wpa_s->manual_scan_freqs);
    506 	wpa_s->manual_scan_freqs = NULL;
    507 
    508 	os_free(wpa_s->manual_sched_scan_freqs);
    509 	wpa_s->manual_sched_scan_freqs = NULL;
    510 
    511 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
    512 
    513 	/*
    514 	 * Need to remove any pending gas-query radio work before the
    515 	 * gas_query_deinit() call because gas_query::work has not yet been set
    516 	 * for works that have not been started. gas_query_free() will be unable
    517 	 * to cancel such pending radio works and once the pending gas-query
    518 	 * radio work eventually gets removed, the deinit notification call to
    519 	 * gas_query_start_cb() would result in dereferencing freed memory.
    520 	 */
    521 	if (wpa_s->radio)
    522 		radio_remove_works(wpa_s, "gas-query", 0);
    523 	gas_query_deinit(wpa_s->gas);
    524 	wpa_s->gas = NULL;
    525 
    526 	free_hw_features(wpa_s);
    527 
    528 	ieee802_1x_dealloc_kay_sm(wpa_s);
    529 
    530 	os_free(wpa_s->bssid_filter);
    531 	wpa_s->bssid_filter = NULL;
    532 
    533 	os_free(wpa_s->disallow_aps_bssid);
    534 	wpa_s->disallow_aps_bssid = NULL;
    535 	os_free(wpa_s->disallow_aps_ssid);
    536 	wpa_s->disallow_aps_ssid = NULL;
    537 
    538 	wnm_bss_keep_alive_deinit(wpa_s);
    539 #ifdef CONFIG_WNM
    540 	wnm_deallocate_memory(wpa_s);
    541 #endif /* CONFIG_WNM */
    542 
    543 	ext_password_deinit(wpa_s->ext_pw);
    544 	wpa_s->ext_pw = NULL;
    545 
    546 	wpabuf_free(wpa_s->last_gas_resp);
    547 	wpa_s->last_gas_resp = NULL;
    548 	wpabuf_free(wpa_s->prev_gas_resp);
    549 	wpa_s->prev_gas_resp = NULL;
    550 
    551 	os_free(wpa_s->last_scan_res);
    552 	wpa_s->last_scan_res = NULL;
    553 
    554 #ifdef CONFIG_HS20
    555 	hs20_deinit(wpa_s);
    556 #endif /* CONFIG_HS20 */
    557 
    558 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
    559 		wpabuf_free(wpa_s->vendor_elem[i]);
    560 		wpa_s->vendor_elem[i] = NULL;
    561 	}
    562 
    563 	wmm_ac_notify_disassoc(wpa_s);
    564 
    565 	wpa_s->sched_scan_plans_num = 0;
    566 	os_free(wpa_s->sched_scan_plans);
    567 	wpa_s->sched_scan_plans = NULL;
    568 
    569 #ifdef CONFIG_MBO
    570 	wpa_s->non_pref_chan_num = 0;
    571 	os_free(wpa_s->non_pref_chan);
    572 	wpa_s->non_pref_chan = NULL;
    573 #endif /* CONFIG_MBO */
    574 
    575 	free_bss_tmp_disallowed(wpa_s);
    576 }
    577 
    578 
    579 /**
    580  * wpa_clear_keys - Clear keys configured for the driver
    581  * @wpa_s: Pointer to wpa_supplicant data
    582  * @addr: Previously used BSSID or %NULL if not available
    583  *
    584  * This function clears the encryption keys that has been previously configured
    585  * for the driver.
    586  */
    587 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
    588 {
    589 	int i, max;
    590 
    591 #ifdef CONFIG_IEEE80211W
    592 	max = 6;
    593 #else /* CONFIG_IEEE80211W */
    594 	max = 4;
    595 #endif /* CONFIG_IEEE80211W */
    596 
    597 	/* MLME-DELETEKEYS.request */
    598 	for (i = 0; i < max; i++) {
    599 		if (wpa_s->keys_cleared & BIT(i))
    600 			continue;
    601 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
    602 				NULL, 0);
    603 	}
    604 	if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
    605 	    !is_zero_ether_addr(addr)) {
    606 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
    607 				0);
    608 		/* MLME-SETPROTECTION.request(None) */
    609 		wpa_drv_mlme_setprotection(
    610 			wpa_s, addr,
    611 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
    612 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
    613 	}
    614 	wpa_s->keys_cleared = (u32) -1;
    615 }
    616 
    617 
    618 /**
    619  * wpa_supplicant_state_txt - Get the connection state name as a text string
    620  * @state: State (wpa_state; WPA_*)
    621  * Returns: The state name as a printable text string
    622  */
    623 const char * wpa_supplicant_state_txt(enum wpa_states state)
    624 {
    625 	switch (state) {
    626 	case WPA_DISCONNECTED:
    627 		return "DISCONNECTED";
    628 	case WPA_INACTIVE:
    629 		return "INACTIVE";
    630 	case WPA_INTERFACE_DISABLED:
    631 		return "INTERFACE_DISABLED";
    632 	case WPA_SCANNING:
    633 		return "SCANNING";
    634 	case WPA_AUTHENTICATING:
    635 		return "AUTHENTICATING";
    636 	case WPA_ASSOCIATING:
    637 		return "ASSOCIATING";
    638 	case WPA_ASSOCIATED:
    639 		return "ASSOCIATED";
    640 	case WPA_4WAY_HANDSHAKE:
    641 		return "4WAY_HANDSHAKE";
    642 	case WPA_GROUP_HANDSHAKE:
    643 		return "GROUP_HANDSHAKE";
    644 	case WPA_COMPLETED:
    645 		return "COMPLETED";
    646 	default:
    647 		return "UNKNOWN";
    648 	}
    649 }
    650 
    651 
    652 #ifdef CONFIG_BGSCAN
    653 
    654 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
    655 {
    656 	const char *name;
    657 
    658 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
    659 		name = wpa_s->current_ssid->bgscan;
    660 	else
    661 		name = wpa_s->conf->bgscan;
    662 	if (name == NULL || name[0] == '\0')
    663 		return;
    664 	if (wpas_driver_bss_selection(wpa_s))
    665 		return;
    666 	if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
    667 		return;
    668 #ifdef CONFIG_P2P
    669 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
    670 		return;
    671 #endif /* CONFIG_P2P */
    672 
    673 	bgscan_deinit(wpa_s);
    674 	if (wpa_s->current_ssid) {
    675 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
    676 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
    677 				"bgscan");
    678 			/*
    679 			 * Live without bgscan; it is only used as a roaming
    680 			 * optimization, so the initial connection is not
    681 			 * affected.
    682 			 */
    683 		} else {
    684 			struct wpa_scan_results *scan_res;
    685 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
    686 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
    687 								   0);
    688 			if (scan_res) {
    689 				bgscan_notify_scan(wpa_s, scan_res);
    690 				wpa_scan_results_free(scan_res);
    691 			}
    692 		}
    693 	} else
    694 		wpa_s->bgscan_ssid = NULL;
    695 }
    696 
    697 
    698 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
    699 {
    700 	if (wpa_s->bgscan_ssid != NULL) {
    701 		bgscan_deinit(wpa_s);
    702 		wpa_s->bgscan_ssid = NULL;
    703 	}
    704 }
    705 
    706 #endif /* CONFIG_BGSCAN */
    707 
    708 
    709 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
    710 {
    711 	if (autoscan_init(wpa_s, 0))
    712 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
    713 }
    714 
    715 
    716 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
    717 {
    718 	autoscan_deinit(wpa_s);
    719 }
    720 
    721 
    722 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
    723 {
    724 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
    725 	    wpa_s->wpa_state == WPA_SCANNING) {
    726 		autoscan_deinit(wpa_s);
    727 		wpa_supplicant_start_autoscan(wpa_s);
    728 	}
    729 }
    730 
    731 
    732 /**
    733  * wpa_supplicant_set_state - Set current connection state
    734  * @wpa_s: Pointer to wpa_supplicant data
    735  * @state: The new connection state
    736  *
    737  * This function is called whenever the connection state changes, e.g.,
    738  * association is completed for WPA/WPA2 4-Way Handshake is started.
    739  */
    740 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
    741 			      enum wpa_states state)
    742 {
    743 	enum wpa_states old_state = wpa_s->wpa_state;
    744 
    745 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
    746 		wpa_supplicant_state_txt(wpa_s->wpa_state),
    747 		wpa_supplicant_state_txt(state));
    748 
    749 	if (state == WPA_INTERFACE_DISABLED) {
    750 		/* Assure normal scan when interface is restored */
    751 		wpa_s->normal_scans = 0;
    752 	}
    753 
    754 	if (state == WPA_COMPLETED) {
    755 		wpas_connect_work_done(wpa_s);
    756 		/* Reinitialize normal_scan counter */
    757 		wpa_s->normal_scans = 0;
    758 	}
    759 
    760 #ifdef CONFIG_P2P
    761 	/*
    762 	 * P2PS client has to reply to Probe Request frames received on the
    763 	 * group operating channel. Enable Probe Request frame reporting for
    764 	 * P2P connected client in case p2p_cli_probe configuration property is
    765 	 * set to 1.
    766 	 */
    767 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
    768 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
    769 	    wpa_s->current_ssid->p2p_group) {
    770 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
    771 			wpa_dbg(wpa_s, MSG_DEBUG,
    772 				"P2P: Enable CLI Probe Request RX reporting");
    773 			wpa_s->p2p_cli_probe =
    774 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
    775 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
    776 			wpa_dbg(wpa_s, MSG_DEBUG,
    777 				"P2P: Disable CLI Probe Request RX reporting");
    778 			wpa_s->p2p_cli_probe = 0;
    779 			wpa_drv_probe_req_report(wpa_s, 0);
    780 		}
    781 	}
    782 #endif /* CONFIG_P2P */
    783 
    784 	if (state != WPA_SCANNING)
    785 		wpa_supplicant_notify_scanning(wpa_s, 0);
    786 
    787 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
    788 		struct wpa_ssid *ssid = wpa_s->current_ssid;
    789 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
    790 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
    791 			MACSTR " completed [id=%d id_str=%s]",
    792 			MAC2STR(wpa_s->bssid),
    793 			ssid ? ssid->id : -1,
    794 			ssid && ssid->id_str ? ssid->id_str : "");
    795 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
    796 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
    797 		wpa_blacklist_clear(wpa_s);
    798 		wpa_s->extra_blacklist_count = 0;
    799 		wpa_s->new_connection = 0;
    800 		wpa_drv_set_operstate(wpa_s, 1);
    801 #ifndef IEEE8021X_EAPOL
    802 		wpa_drv_set_supp_port(wpa_s, 1);
    803 #endif /* IEEE8021X_EAPOL */
    804 		wpa_s->after_wps = 0;
    805 		wpa_s->known_wps_freq = 0;
    806 		wpas_p2p_completed(wpa_s);
    807 
    808 		sme_sched_obss_scan(wpa_s, 1);
    809 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
    810 		   state == WPA_ASSOCIATED) {
    811 		wpa_s->new_connection = 1;
    812 		wpa_drv_set_operstate(wpa_s, 0);
    813 #ifndef IEEE8021X_EAPOL
    814 		wpa_drv_set_supp_port(wpa_s, 0);
    815 #endif /* IEEE8021X_EAPOL */
    816 		sme_sched_obss_scan(wpa_s, 0);
    817 	}
    818 	wpa_s->wpa_state = state;
    819 
    820 #ifdef CONFIG_BGSCAN
    821 	if (state == WPA_COMPLETED)
    822 		wpa_supplicant_start_bgscan(wpa_s);
    823 	else if (state < WPA_ASSOCIATED)
    824 		wpa_supplicant_stop_bgscan(wpa_s);
    825 #endif /* CONFIG_BGSCAN */
    826 
    827 	if (state == WPA_AUTHENTICATING)
    828 		wpa_supplicant_stop_autoscan(wpa_s);
    829 
    830 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
    831 		wpa_supplicant_start_autoscan(wpa_s);
    832 
    833 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
    834 		wmm_ac_notify_disassoc(wpa_s);
    835 
    836 	if (wpa_s->wpa_state != old_state) {
    837 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
    838 
    839 		/*
    840 		 * Notify the P2P Device interface about a state change in one
    841 		 * of the interfaces.
    842 		 */
    843 		wpas_p2p_indicate_state_change(wpa_s);
    844 
    845 		if (wpa_s->wpa_state == WPA_COMPLETED ||
    846 		    old_state == WPA_COMPLETED)
    847 			wpas_notify_auth_changed(wpa_s);
    848 	}
    849 }
    850 
    851 
    852 void wpa_supplicant_terminate_proc(struct wpa_global *global)
    853 {
    854 	int pending = 0;
    855 #ifdef CONFIG_WPS
    856 	struct wpa_supplicant *wpa_s = global->ifaces;
    857 	while (wpa_s) {
    858 		struct wpa_supplicant *next = wpa_s->next;
    859 		if (wpas_wps_terminate_pending(wpa_s) == 1)
    860 			pending = 1;
    861 #ifdef CONFIG_P2P
    862 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
    863 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
    864 			wpas_p2p_disconnect(wpa_s);
    865 #endif /* CONFIG_P2P */
    866 		wpa_s = next;
    867 	}
    868 #endif /* CONFIG_WPS */
    869 	if (pending)
    870 		return;
    871 	eloop_terminate();
    872 }
    873 
    874 
    875 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
    876 {
    877 	struct wpa_global *global = signal_ctx;
    878 	wpa_supplicant_terminate_proc(global);
    879 }
    880 
    881 
    882 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
    883 {
    884 	enum wpa_states old_state = wpa_s->wpa_state;
    885 
    886 	wpa_s->pairwise_cipher = 0;
    887 	wpa_s->group_cipher = 0;
    888 	wpa_s->mgmt_group_cipher = 0;
    889 	wpa_s->key_mgmt = 0;
    890 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
    891 		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
    892 
    893 	if (wpa_s->wpa_state != old_state)
    894 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
    895 }
    896 
    897 
    898 /**
    899  * wpa_supplicant_reload_configuration - Reload configuration data
    900  * @wpa_s: Pointer to wpa_supplicant data
    901  * Returns: 0 on success or -1 if configuration parsing failed
    902  *
    903  * This function can be used to request that the configuration data is reloaded
    904  * (e.g., after configuration file change). This function is reloading
    905  * configuration only for one interface, so this may need to be called multiple
    906  * times if %wpa_supplicant is controlling multiple interfaces and all
    907  * interfaces need reconfiguration.
    908  */
    909 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
    910 {
    911 	struct wpa_config *conf;
    912 	int reconf_ctrl;
    913 	int old_ap_scan;
    914 
    915 	if (wpa_s->confname == NULL)
    916 		return -1;
    917 	conf = wpa_config_read(wpa_s->confname, NULL);
    918 	if (conf == NULL) {
    919 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
    920 			"file '%s' - exiting", wpa_s->confname);
    921 		return -1;
    922 	}
    923 	wpa_config_read(wpa_s->confanother, conf);
    924 
    925 	conf->changed_parameters = (unsigned int) -1;
    926 
    927 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
    928 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
    929 		    os_strcmp(conf->ctrl_interface,
    930 			      wpa_s->conf->ctrl_interface) != 0);
    931 
    932 	if (reconf_ctrl && wpa_s->ctrl_iface) {
    933 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
    934 		wpa_s->ctrl_iface = NULL;
    935 	}
    936 
    937 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
    938 	if (wpa_s->current_ssid) {
    939 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
    940 			wpa_s->own_disconnect_req = 1;
    941 		wpa_supplicant_deauthenticate(wpa_s,
    942 					      WLAN_REASON_DEAUTH_LEAVING);
    943 	}
    944 
    945 	/*
    946 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
    947 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
    948 	 */
    949 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
    950 		/*
    951 		 * Clear forced success to clear EAP state for next
    952 		 * authentication.
    953 		 */
    954 		eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
    955 	}
    956 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
    957 	wpa_sm_set_config(wpa_s->wpa, NULL);
    958 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
    959 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
    960 	rsn_preauth_deinit(wpa_s->wpa);
    961 
    962 	old_ap_scan = wpa_s->conf->ap_scan;
    963 	wpa_config_free(wpa_s->conf);
    964 	wpa_s->conf = conf;
    965 	if (old_ap_scan != wpa_s->conf->ap_scan)
    966 		wpas_notify_ap_scan_changed(wpa_s);
    967 
    968 	if (reconf_ctrl)
    969 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
    970 
    971 	wpa_supplicant_update_config(wpa_s);
    972 
    973 	wpa_supplicant_clear_status(wpa_s);
    974 	if (wpa_supplicant_enabled_networks(wpa_s)) {
    975 		wpa_s->reassociate = 1;
    976 		wpa_supplicant_req_scan(wpa_s, 0, 0);
    977 	}
    978 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
    979 	return 0;
    980 }
    981 
    982 
    983 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
    984 {
    985 	struct wpa_global *global = signal_ctx;
    986 	struct wpa_supplicant *wpa_s;
    987 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
    988 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
    989 			sig);
    990 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
    991 			wpa_supplicant_terminate_proc(global);
    992 		}
    993 	}
    994 
    995 	if (wpa_debug_reopen_file() < 0) {
    996 		/* Ignore errors since we cannot really do much to fix this */
    997 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
    998 	}
    999 }
   1000 
   1001 
   1002 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
   1003 					 struct wpa_ssid *ssid,
   1004 					 struct wpa_ie_data *ie)
   1005 {
   1006 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
   1007 	if (ret) {
   1008 		if (ret == -2) {
   1009 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
   1010 				"from association info");
   1011 		}
   1012 		return -1;
   1013 	}
   1014 
   1015 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
   1016 		"cipher suites");
   1017 	if (!(ie->group_cipher & ssid->group_cipher)) {
   1018 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
   1019 			"cipher 0x%x (mask 0x%x) - reject",
   1020 			ie->group_cipher, ssid->group_cipher);
   1021 		return -1;
   1022 	}
   1023 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
   1024 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
   1025 			"cipher 0x%x (mask 0x%x) - reject",
   1026 			ie->pairwise_cipher, ssid->pairwise_cipher);
   1027 		return -1;
   1028 	}
   1029 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
   1030 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
   1031 			"management 0x%x (mask 0x%x) - reject",
   1032 			ie->key_mgmt, ssid->key_mgmt);
   1033 		return -1;
   1034 	}
   1035 
   1036 #ifdef CONFIG_IEEE80211W
   1037 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
   1038 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
   1039 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
   1040 			"that does not support management frame protection - "
   1041 			"reject");
   1042 		return -1;
   1043 	}
   1044 #endif /* CONFIG_IEEE80211W */
   1045 
   1046 	return 0;
   1047 }
   1048 
   1049 
   1050 /**
   1051  * wpa_supplicant_set_suites - Set authentication and encryption parameters
   1052  * @wpa_s: Pointer to wpa_supplicant data
   1053  * @bss: Scan results for the selected BSS, or %NULL if not available
   1054  * @ssid: Configuration data for the selected network
   1055  * @wpa_ie: Buffer for the WPA/RSN IE
   1056  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
   1057  * used buffer length in case the functions returns success.
   1058  * Returns: 0 on success or -1 on failure
   1059  *
   1060  * This function is used to configure authentication and encryption parameters
   1061  * based on the network configuration and scan result for the selected BSS (if
   1062  * available).
   1063  */
   1064 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
   1065 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
   1066 			      u8 *wpa_ie, size_t *wpa_ie_len)
   1067 {
   1068 	struct wpa_ie_data ie;
   1069 	int sel, proto;
   1070 	const u8 *bss_wpa, *bss_rsn, *bss_osen;
   1071 
   1072 	if (bss) {
   1073 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
   1074 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
   1075 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
   1076 	} else
   1077 		bss_wpa = bss_rsn = bss_osen = NULL;
   1078 
   1079 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
   1080 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
   1081 	    (ie.group_cipher & ssid->group_cipher) &&
   1082 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
   1083 	    (ie.key_mgmt & ssid->key_mgmt)) {
   1084 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
   1085 		proto = WPA_PROTO_RSN;
   1086 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
   1087 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
   1088 		   (ie.group_cipher & ssid->group_cipher) &&
   1089 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
   1090 		   (ie.key_mgmt & ssid->key_mgmt)) {
   1091 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
   1092 		proto = WPA_PROTO_WPA;
   1093 #ifdef CONFIG_HS20
   1094 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN)) {
   1095 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
   1096 		/* TODO: parse OSEN element */
   1097 		os_memset(&ie, 0, sizeof(ie));
   1098 		ie.group_cipher = WPA_CIPHER_CCMP;
   1099 		ie.pairwise_cipher = WPA_CIPHER_CCMP;
   1100 		ie.key_mgmt = WPA_KEY_MGMT_OSEN;
   1101 		proto = WPA_PROTO_OSEN;
   1102 #endif /* CONFIG_HS20 */
   1103 	} else if (bss) {
   1104 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
   1105 		wpa_dbg(wpa_s, MSG_DEBUG,
   1106 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
   1107 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
   1108 			ssid->key_mgmt);
   1109 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
   1110 			MAC2STR(bss->bssid),
   1111 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
   1112 			bss_wpa ? " WPA" : "",
   1113 			bss_rsn ? " RSN" : "",
   1114 			bss_osen ? " OSEN" : "");
   1115 		if (bss_rsn) {
   1116 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
   1117 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
   1118 				wpa_dbg(wpa_s, MSG_DEBUG,
   1119 					"Could not parse RSN element");
   1120 			} else {
   1121 				wpa_dbg(wpa_s, MSG_DEBUG,
   1122 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
   1123 					ie.pairwise_cipher, ie.group_cipher,
   1124 					ie.key_mgmt);
   1125 			}
   1126 		}
   1127 		if (bss_wpa) {
   1128 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
   1129 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
   1130 				wpa_dbg(wpa_s, MSG_DEBUG,
   1131 					"Could not parse WPA element");
   1132 			} else {
   1133 				wpa_dbg(wpa_s, MSG_DEBUG,
   1134 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
   1135 					ie.pairwise_cipher, ie.group_cipher,
   1136 					ie.key_mgmt);
   1137 			}
   1138 		}
   1139 		return -1;
   1140 	} else {
   1141 		if (ssid->proto & WPA_PROTO_OSEN)
   1142 			proto = WPA_PROTO_OSEN;
   1143 		else if (ssid->proto & WPA_PROTO_RSN)
   1144 			proto = WPA_PROTO_RSN;
   1145 		else
   1146 			proto = WPA_PROTO_WPA;
   1147 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
   1148 			os_memset(&ie, 0, sizeof(ie));
   1149 			ie.group_cipher = ssid->group_cipher;
   1150 			ie.pairwise_cipher = ssid->pairwise_cipher;
   1151 			ie.key_mgmt = ssid->key_mgmt;
   1152 #ifdef CONFIG_IEEE80211W
   1153 			ie.mgmt_group_cipher =
   1154 				ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION ?
   1155 				WPA_CIPHER_AES_128_CMAC : 0;
   1156 #endif /* CONFIG_IEEE80211W */
   1157 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
   1158 				"based on configuration");
   1159 		} else
   1160 			proto = ie.proto;
   1161 	}
   1162 
   1163 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
   1164 		"pairwise %d key_mgmt %d proto %d",
   1165 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
   1166 #ifdef CONFIG_IEEE80211W
   1167 	if (ssid->ieee80211w) {
   1168 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
   1169 			ie.mgmt_group_cipher);
   1170 	}
   1171 #endif /* CONFIG_IEEE80211W */
   1172 
   1173 	wpa_s->wpa_proto = proto;
   1174 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
   1175 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
   1176 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
   1177 
   1178 	if (bss || !wpa_s->ap_ies_from_associnfo) {
   1179 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
   1180 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
   1181 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
   1182 					 bss_rsn ? 2 + bss_rsn[1] : 0))
   1183 			return -1;
   1184 	}
   1185 
   1186 #ifdef CONFIG_NO_WPA
   1187 	wpa_s->group_cipher = WPA_CIPHER_NONE;
   1188 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
   1189 #else /* CONFIG_NO_WPA */
   1190 	sel = ie.group_cipher & ssid->group_cipher;
   1191 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
   1192 	if (wpa_s->group_cipher < 0) {
   1193 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
   1194 			"cipher");
   1195 		return -1;
   1196 	}
   1197 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
   1198 		wpa_cipher_txt(wpa_s->group_cipher));
   1199 
   1200 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
   1201 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
   1202 	if (wpa_s->pairwise_cipher < 0) {
   1203 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
   1204 			"cipher");
   1205 		return -1;
   1206 	}
   1207 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
   1208 		wpa_cipher_txt(wpa_s->pairwise_cipher));
   1209 #endif /* CONFIG_NO_WPA */
   1210 
   1211 	sel = ie.key_mgmt & ssid->key_mgmt;
   1212 #ifdef CONFIG_SAE
   1213 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
   1214 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
   1215 #endif /* CONFIG_SAE */
   1216 	if (0) {
   1217 #ifdef CONFIG_SUITEB192
   1218 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
   1219 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
   1220 		wpa_dbg(wpa_s, MSG_DEBUG,
   1221 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
   1222 #endif /* CONFIG_SUITEB192 */
   1223 #ifdef CONFIG_SUITEB
   1224 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
   1225 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
   1226 		wpa_dbg(wpa_s, MSG_DEBUG,
   1227 			"WPA: using KEY_MGMT 802.1X with Suite B");
   1228 #endif /* CONFIG_SUITEB */
   1229 #ifdef CONFIG_IEEE80211R
   1230 	} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
   1231 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
   1232 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
   1233 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
   1234 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
   1235 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
   1236 #endif /* CONFIG_IEEE80211R */
   1237 #ifdef CONFIG_SAE
   1238 	} else if (sel & WPA_KEY_MGMT_SAE) {
   1239 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
   1240 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
   1241 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
   1242 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
   1243 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
   1244 #endif /* CONFIG_SAE */
   1245 #ifdef CONFIG_IEEE80211W
   1246 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
   1247 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
   1248 		wpa_dbg(wpa_s, MSG_DEBUG,
   1249 			"WPA: using KEY_MGMT 802.1X with SHA256");
   1250 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
   1251 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
   1252 		wpa_dbg(wpa_s, MSG_DEBUG,
   1253 			"WPA: using KEY_MGMT PSK with SHA256");
   1254 #endif /* CONFIG_IEEE80211W */
   1255 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
   1256 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
   1257 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
   1258 	} else if (sel & WPA_KEY_MGMT_PSK) {
   1259 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
   1260 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
   1261 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
   1262 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
   1263 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
   1264 #ifdef CONFIG_HS20
   1265 	} else if (sel & WPA_KEY_MGMT_OSEN) {
   1266 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
   1267 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
   1268 #endif /* CONFIG_HS20 */
   1269 	} else {
   1270 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
   1271 			"authenticated key management type");
   1272 		return -1;
   1273 	}
   1274 
   1275 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
   1276 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
   1277 			 wpa_s->pairwise_cipher);
   1278 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
   1279 
   1280 #ifdef CONFIG_IEEE80211W
   1281 	sel = ie.mgmt_group_cipher;
   1282 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
   1283 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
   1284 		sel = 0;
   1285 	if (sel & WPA_CIPHER_AES_128_CMAC) {
   1286 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
   1287 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
   1288 			"AES-128-CMAC");
   1289 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
   1290 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
   1291 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
   1292 			"BIP-GMAC-128");
   1293 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
   1294 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
   1295 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
   1296 			"BIP-GMAC-256");
   1297 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
   1298 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
   1299 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
   1300 			"BIP-CMAC-256");
   1301 	} else {
   1302 		wpa_s->mgmt_group_cipher = 0;
   1303 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
   1304 	}
   1305 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
   1306 			 wpa_s->mgmt_group_cipher);
   1307 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
   1308 			 wpas_get_ssid_pmf(wpa_s, ssid));
   1309 #endif /* CONFIG_IEEE80211W */
   1310 
   1311 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
   1312 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
   1313 		return -1;
   1314 	}
   1315 
   1316 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
   1317 		int psk_set = 0;
   1318 
   1319 		if (ssid->psk_set) {
   1320 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
   1321 				       NULL);
   1322 			psk_set = 1;
   1323 		}
   1324 #ifndef CONFIG_NO_PBKDF2
   1325 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
   1326 		    ssid->passphrase) {
   1327 			u8 psk[PMK_LEN];
   1328 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
   1329 				    4096, psk, PMK_LEN);
   1330 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
   1331 					psk, PMK_LEN);
   1332 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
   1333 			psk_set = 1;
   1334 			os_memset(psk, 0, sizeof(psk));
   1335 		}
   1336 #endif /* CONFIG_NO_PBKDF2 */
   1337 #ifdef CONFIG_EXT_PASSWORD
   1338 		if (ssid->ext_psk) {
   1339 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
   1340 							     ssid->ext_psk);
   1341 			char pw_str[64 + 1];
   1342 			u8 psk[PMK_LEN];
   1343 
   1344 			if (pw == NULL) {
   1345 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
   1346 					"found from external storage");
   1347 				return -1;
   1348 			}
   1349 
   1350 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
   1351 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
   1352 					"PSK length %d in external storage",
   1353 					(int) wpabuf_len(pw));
   1354 				ext_password_free(pw);
   1355 				return -1;
   1356 			}
   1357 
   1358 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
   1359 			pw_str[wpabuf_len(pw)] = '\0';
   1360 
   1361 #ifndef CONFIG_NO_PBKDF2
   1362 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
   1363 			{
   1364 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
   1365 					    4096, psk, PMK_LEN);
   1366 				os_memset(pw_str, 0, sizeof(pw_str));
   1367 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
   1368 						"external passphrase)",
   1369 						psk, PMK_LEN);
   1370 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
   1371 					       NULL);
   1372 				psk_set = 1;
   1373 				os_memset(psk, 0, sizeof(psk));
   1374 			} else
   1375 #endif /* CONFIG_NO_PBKDF2 */
   1376 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
   1377 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
   1378 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
   1379 						"Invalid PSK hex string");
   1380 					os_memset(pw_str, 0, sizeof(pw_str));
   1381 					ext_password_free(pw);
   1382 					return -1;
   1383 				}
   1384 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
   1385 					       NULL);
   1386 				psk_set = 1;
   1387 				os_memset(psk, 0, sizeof(psk));
   1388 			} else {
   1389 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
   1390 					"PSK available");
   1391 				os_memset(pw_str, 0, sizeof(pw_str));
   1392 				ext_password_free(pw);
   1393 				return -1;
   1394 			}
   1395 
   1396 			os_memset(pw_str, 0, sizeof(pw_str));
   1397 			ext_password_free(pw);
   1398 		}
   1399 #endif /* CONFIG_EXT_PASSWORD */
   1400 
   1401 		if (!psk_set) {
   1402 			wpa_msg(wpa_s, MSG_INFO,
   1403 				"No PSK available for association");
   1404 			return -1;
   1405 		}
   1406 	} else
   1407 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
   1408 
   1409 	return 0;
   1410 }
   1411 
   1412 
   1413 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
   1414 {
   1415 	*pos = 0x00;
   1416 
   1417 	switch (idx) {
   1418 	case 0: /* Bits 0-7 */
   1419 		break;
   1420 	case 1: /* Bits 8-15 */
   1421 		break;
   1422 	case 2: /* Bits 16-23 */
   1423 #ifdef CONFIG_WNM
   1424 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
   1425 		*pos |= 0x08; /* Bit 19 - BSS Transition */
   1426 #endif /* CONFIG_WNM */
   1427 		break;
   1428 	case 3: /* Bits 24-31 */
   1429 #ifdef CONFIG_WNM
   1430 		*pos |= 0x02; /* Bit 25 - SSID List */
   1431 #endif /* CONFIG_WNM */
   1432 #ifdef CONFIG_INTERWORKING
   1433 		if (wpa_s->conf->interworking)
   1434 			*pos |= 0x80; /* Bit 31 - Interworking */
   1435 #endif /* CONFIG_INTERWORKING */
   1436 		break;
   1437 	case 4: /* Bits 32-39 */
   1438 #ifdef CONFIG_INTERWORKING
   1439 		if (wpa_s->drv_flags / WPA_DRIVER_FLAGS_QOS_MAPPING)
   1440 			*pos |= 0x01; /* Bit 32 - QoS Map */
   1441 #endif /* CONFIG_INTERWORKING */
   1442 		break;
   1443 	case 5: /* Bits 40-47 */
   1444 #ifdef CONFIG_HS20
   1445 		if (wpa_s->conf->hs20)
   1446 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
   1447 #endif /* CONFIG_HS20 */
   1448 #ifdef CONFIG_MBO
   1449 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
   1450 #endif /* CONFIG_MBO */
   1451 		break;
   1452 	case 6: /* Bits 48-55 */
   1453 		break;
   1454 	}
   1455 }
   1456 
   1457 
   1458 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
   1459 {
   1460 	u8 *pos = buf;
   1461 	u8 len = 6, i;
   1462 
   1463 	if (len < wpa_s->extended_capa_len)
   1464 		len = wpa_s->extended_capa_len;
   1465 	if (buflen < (size_t) len + 2) {
   1466 		wpa_printf(MSG_INFO,
   1467 			   "Not enough room for building extended capabilities element");
   1468 		return -1;
   1469 	}
   1470 
   1471 	*pos++ = WLAN_EID_EXT_CAPAB;
   1472 	*pos++ = len;
   1473 	for (i = 0; i < len; i++, pos++) {
   1474 		wpas_ext_capab_byte(wpa_s, pos, i);
   1475 
   1476 		if (i < wpa_s->extended_capa_len) {
   1477 			*pos &= ~wpa_s->extended_capa_mask[i];
   1478 			*pos |= wpa_s->extended_capa[i];
   1479 		}
   1480 	}
   1481 
   1482 	while (len > 0 && buf[1 + len] == 0) {
   1483 		len--;
   1484 		buf[1] = len;
   1485 	}
   1486 	if (len == 0)
   1487 		return 0;
   1488 
   1489 	return 2 + len;
   1490 }
   1491 
   1492 
   1493 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
   1494 			  struct wpa_bss *test_bss)
   1495 {
   1496 	struct wpa_bss *bss;
   1497 
   1498 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
   1499 		if (bss == test_bss)
   1500 			return 1;
   1501 	}
   1502 
   1503 	return 0;
   1504 }
   1505 
   1506 
   1507 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
   1508 			   struct wpa_ssid *test_ssid)
   1509 {
   1510 	struct wpa_ssid *ssid;
   1511 
   1512 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
   1513 		if (ssid == test_ssid)
   1514 			return 1;
   1515 	}
   1516 
   1517 	return 0;
   1518 }
   1519 
   1520 
   1521 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
   1522 			struct wpa_ssid *test_ssid)
   1523 {
   1524 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
   1525 		return 0;
   1526 
   1527 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
   1528 }
   1529 
   1530 
   1531 void wpas_connect_work_free(struct wpa_connect_work *cwork)
   1532 {
   1533 	if (cwork == NULL)
   1534 		return;
   1535 	os_free(cwork);
   1536 }
   1537 
   1538 
   1539 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
   1540 {
   1541 	struct wpa_connect_work *cwork;
   1542 	struct wpa_radio_work *work = wpa_s->connect_work;
   1543 
   1544 	if (!work)
   1545 		return;
   1546 
   1547 	wpa_s->connect_work = NULL;
   1548 	cwork = work->ctx;
   1549 	work->ctx = NULL;
   1550 	wpas_connect_work_free(cwork);
   1551 	radio_work_done(work);
   1552 }
   1553 
   1554 
   1555 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
   1556 {
   1557 	struct os_reltime now;
   1558 	u8 addr[ETH_ALEN];
   1559 
   1560 	os_get_reltime(&now);
   1561 	if (wpa_s->last_mac_addr_style == style &&
   1562 	    wpa_s->last_mac_addr_change.sec != 0 &&
   1563 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
   1564 				wpa_s->conf->rand_addr_lifetime)) {
   1565 		wpa_msg(wpa_s, MSG_DEBUG,
   1566 			"Previously selected random MAC address has not yet expired");
   1567 		return 0;
   1568 	}
   1569 
   1570 	switch (style) {
   1571 	case 1:
   1572 		if (random_mac_addr(addr) < 0)
   1573 			return -1;
   1574 		break;
   1575 	case 2:
   1576 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
   1577 		if (random_mac_addr_keep_oui(addr) < 0)
   1578 			return -1;
   1579 		break;
   1580 	default:
   1581 		return -1;
   1582 	}
   1583 
   1584 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
   1585 		wpa_msg(wpa_s, MSG_INFO,
   1586 			"Failed to set random MAC address");
   1587 		return -1;
   1588 	}
   1589 
   1590 	os_get_reltime(&wpa_s->last_mac_addr_change);
   1591 	wpa_s->mac_addr_changed = 1;
   1592 	wpa_s->last_mac_addr_style = style;
   1593 
   1594 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
   1595 		wpa_msg(wpa_s, MSG_INFO,
   1596 			"Could not update MAC address information");
   1597 		return -1;
   1598 	}
   1599 
   1600 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
   1601 		MAC2STR(addr));
   1602 
   1603 	return 0;
   1604 }
   1605 
   1606 
   1607 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
   1608 {
   1609 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
   1610 	    !wpa_s->conf->preassoc_mac_addr)
   1611 		return 0;
   1612 
   1613 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
   1614 }
   1615 
   1616 
   1617 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
   1618 
   1619 /**
   1620  * wpa_supplicant_associate - Request association
   1621  * @wpa_s: Pointer to wpa_supplicant data
   1622  * @bss: Scan results for the selected BSS, or %NULL if not available
   1623  * @ssid: Configuration data for the selected network
   1624  *
   1625  * This function is used to request %wpa_supplicant to associate with a BSS.
   1626  */
   1627 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
   1628 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
   1629 {
   1630 	struct wpa_connect_work *cwork;
   1631 	int rand_style;
   1632 
   1633 	wpa_s->own_disconnect_req = 0;
   1634 
   1635 	/*
   1636 	 * If we are starting a new connection, any previously pending EAPOL
   1637 	 * RX cannot be valid anymore.
   1638 	 */
   1639 	wpabuf_free(wpa_s->pending_eapol_rx);
   1640 	wpa_s->pending_eapol_rx = NULL;
   1641 
   1642 	if (ssid->mac_addr == -1)
   1643 		rand_style = wpa_s->conf->mac_addr;
   1644 	else
   1645 		rand_style = ssid->mac_addr;
   1646 
   1647 	wmm_ac_clear_saved_tspecs(wpa_s);
   1648 	wpa_s->reassoc_same_bss = 0;
   1649 	wpa_s->reassoc_same_ess = 0;
   1650 
   1651 	if (wpa_s->last_ssid == ssid) {
   1652 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
   1653 		wpa_s->reassoc_same_ess = 1;
   1654 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
   1655 			wmm_ac_save_tspecs(wpa_s);
   1656 			wpa_s->reassoc_same_bss = 1;
   1657 		}
   1658 	} else if (rand_style > 0) {
   1659 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
   1660 			return;
   1661 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
   1662 	} else if (wpa_s->mac_addr_changed) {
   1663 		if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
   1664 			wpa_msg(wpa_s, MSG_INFO,
   1665 				"Could not restore permanent MAC address");
   1666 			return;
   1667 		}
   1668 		wpa_s->mac_addr_changed = 0;
   1669 		if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
   1670 			wpa_msg(wpa_s, MSG_INFO,
   1671 				"Could not update MAC address information");
   1672 			return;
   1673 		}
   1674 		wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
   1675 	}
   1676 	wpa_s->last_ssid = ssid;
   1677 
   1678 #ifdef CONFIG_IBSS_RSN
   1679 	ibss_rsn_deinit(wpa_s->ibss_rsn);
   1680 	wpa_s->ibss_rsn = NULL;
   1681 #endif /* CONFIG_IBSS_RSN */
   1682 
   1683 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
   1684 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
   1685 #ifdef CONFIG_AP
   1686 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
   1687 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
   1688 				"mode");
   1689 			return;
   1690 		}
   1691 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
   1692 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   1693 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
   1694 				wpas_p2p_ap_setup_failed(wpa_s);
   1695 			return;
   1696 		}
   1697 		wpa_s->current_bss = bss;
   1698 #else /* CONFIG_AP */
   1699 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
   1700 			"the build");
   1701 #endif /* CONFIG_AP */
   1702 		return;
   1703 	}
   1704 
   1705 	if (ssid->mode == WPAS_MODE_MESH) {
   1706 #ifdef CONFIG_MESH
   1707 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
   1708 			wpa_msg(wpa_s, MSG_INFO,
   1709 				"Driver does not support mesh mode");
   1710 			return;
   1711 		}
   1712 		if (bss)
   1713 			ssid->frequency = bss->freq;
   1714 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
   1715 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
   1716 			return;
   1717 		}
   1718 		wpa_s->current_bss = bss;
   1719 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
   1720 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
   1721 			ssid->id);
   1722 #else /* CONFIG_MESH */
   1723 		wpa_msg(wpa_s, MSG_ERROR,
   1724 			"mesh mode support not included in the build");
   1725 #endif /* CONFIG_MESH */
   1726 		return;
   1727 	}
   1728 
   1729 #ifdef CONFIG_TDLS
   1730 	if (bss)
   1731 		wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
   1732 				bss->ie_len);
   1733 #endif /* CONFIG_TDLS */
   1734 
   1735 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
   1736 	    ssid->mode == IEEE80211_MODE_INFRA) {
   1737 		sme_authenticate(wpa_s, bss, ssid);
   1738 		return;
   1739 	}
   1740 
   1741 	if (wpa_s->connect_work) {
   1742 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
   1743 		return;
   1744 	}
   1745 
   1746 	if (radio_work_pending(wpa_s, "connect")) {
   1747 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
   1748 		return;
   1749 	}
   1750 
   1751 	wpas_abort_ongoing_scan(wpa_s);
   1752 
   1753 	cwork = os_zalloc(sizeof(*cwork));
   1754 	if (cwork == NULL)
   1755 		return;
   1756 
   1757 	cwork->bss = bss;
   1758 	cwork->ssid = ssid;
   1759 
   1760 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
   1761 			   wpas_start_assoc_cb, cwork) < 0) {
   1762 		os_free(cwork);
   1763 	}
   1764 }
   1765 
   1766 
   1767 static int bss_is_ibss(struct wpa_bss *bss)
   1768 {
   1769 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
   1770 		IEEE80211_CAP_IBSS;
   1771 }
   1772 
   1773 
   1774 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
   1775 			    const struct wpa_ssid *ssid)
   1776 {
   1777 	enum hostapd_hw_mode hw_mode;
   1778 	struct hostapd_hw_modes *mode = NULL;
   1779 	u8 channel;
   1780 	int i;
   1781 
   1782 #ifdef CONFIG_HT_OVERRIDES
   1783 	if (ssid->disable_ht)
   1784 		return 0;
   1785 #endif /* CONFIG_HT_OVERRIDES */
   1786 
   1787 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
   1788 	if (hw_mode == NUM_HOSTAPD_MODES)
   1789 		return 0;
   1790 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
   1791 		if (wpa_s->hw.modes[i].mode == hw_mode) {
   1792 			mode = &wpa_s->hw.modes[i];
   1793 			break;
   1794 		}
   1795 	}
   1796 
   1797 	if (!mode)
   1798 		return 0;
   1799 
   1800 	return mode->vht_capab != 0;
   1801 }
   1802 
   1803 
   1804 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
   1805 			  const struct wpa_ssid *ssid,
   1806 			  struct hostapd_freq_params *freq)
   1807 {
   1808 	enum hostapd_hw_mode hw_mode;
   1809 	struct hostapd_hw_modes *mode = NULL;
   1810 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
   1811 			   184, 192 };
   1812 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
   1813 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
   1814 	u8 channel;
   1815 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
   1816 	unsigned int j, k;
   1817 	struct hostapd_freq_params vht_freq;
   1818 	int chwidth, seg0, seg1;
   1819 	u32 vht_caps = 0;
   1820 
   1821 	freq->freq = ssid->frequency;
   1822 
   1823 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
   1824 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
   1825 
   1826 		if (ssid->mode != WPAS_MODE_IBSS)
   1827 			break;
   1828 
   1829 		/* Don't adjust control freq in case of fixed_freq */
   1830 		if (ssid->fixed_freq)
   1831 			break;
   1832 
   1833 		if (!bss_is_ibss(bss))
   1834 			continue;
   1835 
   1836 		if (ssid->ssid_len == bss->ssid_len &&
   1837 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
   1838 			wpa_printf(MSG_DEBUG,
   1839 				   "IBSS already found in scan results, adjust control freq: %d",
   1840 				   bss->freq);
   1841 			freq->freq = bss->freq;
   1842 			obss_scan = 0;
   1843 			break;
   1844 		}
   1845 	}
   1846 
   1847 	/* For IBSS check HT_IBSS flag */
   1848 	if (ssid->mode == WPAS_MODE_IBSS &&
   1849 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
   1850 		return;
   1851 
   1852 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
   1853 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
   1854 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
   1855 		wpa_printf(MSG_DEBUG,
   1856 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
   1857 		return;
   1858 	}
   1859 
   1860 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
   1861 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
   1862 		if (wpa_s->hw.modes[i].mode == hw_mode) {
   1863 			mode = &wpa_s->hw.modes[i];
   1864 			break;
   1865 		}
   1866 	}
   1867 
   1868 	if (!mode)
   1869 		return;
   1870 
   1871 	freq->ht_enabled = ht_supported(mode);
   1872 	if (!freq->ht_enabled)
   1873 		return;
   1874 
   1875 	/* Setup higher BW only for 5 GHz */
   1876 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
   1877 		return;
   1878 
   1879 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
   1880 		pri_chan = &mode->channels[chan_idx];
   1881 		if (pri_chan->chan == channel)
   1882 			break;
   1883 		pri_chan = NULL;
   1884 	}
   1885 	if (!pri_chan)
   1886 		return;
   1887 
   1888 	/* Check primary channel flags */
   1889 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
   1890 		return;
   1891 
   1892 	/* Check/setup HT40+/HT40- */
   1893 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
   1894 		if (ht40plus[j] == channel) {
   1895 			ht40 = 1;
   1896 			break;
   1897 		}
   1898 	}
   1899 
   1900 	/* Find secondary channel */
   1901 	for (i = 0; i < mode->num_channels; i++) {
   1902 		sec_chan = &mode->channels[i];
   1903 		if (sec_chan->chan == channel + ht40 * 4)
   1904 			break;
   1905 		sec_chan = NULL;
   1906 	}
   1907 	if (!sec_chan)
   1908 		return;
   1909 
   1910 	/* Check secondary channel flags */
   1911 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
   1912 		return;
   1913 
   1914 	freq->channel = pri_chan->chan;
   1915 
   1916 	switch (ht40) {
   1917 	case -1:
   1918 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
   1919 			return;
   1920 		freq->sec_channel_offset = -1;
   1921 		break;
   1922 	case 1:
   1923 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
   1924 			return;
   1925 		freq->sec_channel_offset = 1;
   1926 		break;
   1927 	default:
   1928 		break;
   1929 	}
   1930 
   1931 	if (freq->sec_channel_offset && obss_scan) {
   1932 		struct wpa_scan_results *scan_res;
   1933 
   1934 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
   1935 		if (scan_res == NULL) {
   1936 			/* Back to HT20 */
   1937 			freq->sec_channel_offset = 0;
   1938 			return;
   1939 		}
   1940 
   1941 		res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
   1942 				     sec_chan->chan);
   1943 		switch (res) {
   1944 		case 0:
   1945 			/* Back to HT20 */
   1946 			freq->sec_channel_offset = 0;
   1947 			break;
   1948 		case 1:
   1949 			/* Configuration allowed */
   1950 			break;
   1951 		case 2:
   1952 			/* Switch pri/sec channels */
   1953 			freq->freq = hw_get_freq(mode, sec_chan->chan);
   1954 			freq->sec_channel_offset = -freq->sec_channel_offset;
   1955 			freq->channel = sec_chan->chan;
   1956 			break;
   1957 		default:
   1958 			freq->sec_channel_offset = 0;
   1959 			break;
   1960 		}
   1961 
   1962 		wpa_scan_results_free(scan_res);
   1963 	}
   1964 
   1965 	wpa_printf(MSG_DEBUG,
   1966 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
   1967 		   freq->channel, freq->sec_channel_offset);
   1968 
   1969 	if (!drv_supports_vht(wpa_s, ssid))
   1970 		return;
   1971 
   1972 	/* For IBSS check VHT_IBSS flag */
   1973 	if (ssid->mode == WPAS_MODE_IBSS &&
   1974 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
   1975 		return;
   1976 
   1977 	vht_freq = *freq;
   1978 
   1979 	vht_freq.vht_enabled = vht_supported(mode);
   1980 	if (!vht_freq.vht_enabled)
   1981 		return;
   1982 
   1983 	/* setup center_freq1, bandwidth */
   1984 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
   1985 		if (freq->channel >= vht80[j] &&
   1986 		    freq->channel < vht80[j] + 16)
   1987 			break;
   1988 	}
   1989 
   1990 	if (j == ARRAY_SIZE(vht80))
   1991 		return;
   1992 
   1993 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
   1994 		struct hostapd_channel_data *chan;
   1995 
   1996 		chan = hw_get_channel_chan(mode, i, NULL);
   1997 		if (!chan)
   1998 			return;
   1999 
   2000 		/* Back to HT configuration if channel not usable */
   2001 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
   2002 			return;
   2003 	}
   2004 
   2005 	chwidth = VHT_CHANWIDTH_80MHZ;
   2006 	seg0 = vht80[j] + 6;
   2007 	seg1 = 0;
   2008 
   2009 	if (ssid->max_oper_chwidth == VHT_CHANWIDTH_80P80MHZ) {
   2010 		/* setup center_freq2, bandwidth */
   2011 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
   2012 			/* Only accept 80 MHz segments separated by a gap */
   2013 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
   2014 				continue;
   2015 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
   2016 				struct hostapd_channel_data *chan;
   2017 
   2018 				chan = hw_get_channel_chan(mode, i, NULL);
   2019 				if (!chan)
   2020 					continue;
   2021 
   2022 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
   2023 						  HOSTAPD_CHAN_NO_IR |
   2024 						  HOSTAPD_CHAN_RADAR))
   2025 					continue;
   2026 
   2027 				/* Found a suitable second segment for 80+80 */
   2028 				chwidth = VHT_CHANWIDTH_80P80MHZ;
   2029 				vht_caps |=
   2030 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
   2031 				seg1 = vht80[k] + 6;
   2032 			}
   2033 
   2034 			if (chwidth == VHT_CHANWIDTH_80P80MHZ)
   2035 				break;
   2036 		}
   2037 	}
   2038 
   2039 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
   2040 				    freq->channel, freq->ht_enabled,
   2041 				    vht_freq.vht_enabled,
   2042 				    freq->sec_channel_offset,
   2043 				    chwidth, seg0, seg1, vht_caps) != 0)
   2044 		return;
   2045 
   2046 	*freq = vht_freq;
   2047 
   2048 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
   2049 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
   2050 }
   2051 
   2052 
   2053 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
   2054 {
   2055 	struct wpa_connect_work *cwork = work->ctx;
   2056 	struct wpa_bss *bss = cwork->bss;
   2057 	struct wpa_ssid *ssid = cwork->ssid;
   2058 	struct wpa_supplicant *wpa_s = work->wpa_s;
   2059 	u8 wpa_ie[200];
   2060 	size_t wpa_ie_len;
   2061 	int use_crypt, ret, i, bssid_changed;
   2062 	int algs = WPA_AUTH_ALG_OPEN;
   2063 	unsigned int cipher_pairwise, cipher_group;
   2064 	struct wpa_driver_associate_params params;
   2065 	int wep_keys_set = 0;
   2066 	int assoc_failed = 0;
   2067 	struct wpa_ssid *old_ssid;
   2068 	u8 prev_bssid[ETH_ALEN];
   2069 #ifdef CONFIG_HT_OVERRIDES
   2070 	struct ieee80211_ht_capabilities htcaps;
   2071 	struct ieee80211_ht_capabilities htcaps_mask;
   2072 #endif /* CONFIG_HT_OVERRIDES */
   2073 #ifdef CONFIG_VHT_OVERRIDES
   2074        struct ieee80211_vht_capabilities vhtcaps;
   2075        struct ieee80211_vht_capabilities vhtcaps_mask;
   2076 #endif /* CONFIG_VHT_OVERRIDES */
   2077 #ifdef CONFIG_MBO
   2078 	const u8 *mbo = NULL;
   2079 #endif /* CONFIG_MBO */
   2080 
   2081 	if (deinit) {
   2082 		if (work->started) {
   2083 			wpa_s->connect_work = NULL;
   2084 
   2085 			/* cancel possible auth. timeout */
   2086 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
   2087 					     NULL);
   2088 		}
   2089 		wpas_connect_work_free(cwork);
   2090 		return;
   2091 	}
   2092 
   2093 	wpa_s->connect_work = work;
   2094 
   2095 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
   2096 	    wpas_network_disabled(wpa_s, ssid)) {
   2097 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
   2098 		wpas_connect_work_done(wpa_s);
   2099 		return;
   2100 	}
   2101 
   2102 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
   2103 	os_memset(&params, 0, sizeof(params));
   2104 	wpa_s->reassociate = 0;
   2105 	wpa_s->eap_expected_failure = 0;
   2106 	if (bss &&
   2107 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
   2108 #ifdef CONFIG_IEEE80211R
   2109 		const u8 *ie, *md = NULL;
   2110 #endif /* CONFIG_IEEE80211R */
   2111 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
   2112 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
   2113 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
   2114 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
   2115 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
   2116 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
   2117 		if (bssid_changed)
   2118 			wpas_notify_bssid_changed(wpa_s);
   2119 #ifdef CONFIG_IEEE80211R
   2120 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
   2121 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
   2122 			md = ie + 2;
   2123 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
   2124 		if (md) {
   2125 			/* Prepare for the next transition */
   2126 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
   2127 		}
   2128 #endif /* CONFIG_IEEE80211R */
   2129 #ifdef CONFIG_WPS
   2130 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
   2131 		   wpa_s->conf->ap_scan == 2 &&
   2132 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
   2133 		/* Use ap_scan==1 style network selection to find the network
   2134 		 */
   2135 		wpas_connect_work_done(wpa_s);
   2136 		wpa_s->scan_req = MANUAL_SCAN_REQ;
   2137 		wpa_s->reassociate = 1;
   2138 		wpa_supplicant_req_scan(wpa_s, 0, 0);
   2139 		return;
   2140 #endif /* CONFIG_WPS */
   2141 	} else {
   2142 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
   2143 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
   2144 		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
   2145 	}
   2146 	if (!wpa_s->pno)
   2147 		wpa_supplicant_cancel_sched_scan(wpa_s);
   2148 
   2149 	wpa_supplicant_cancel_scan(wpa_s);
   2150 
   2151 	/* Starting new association, so clear the possibly used WPA IE from the
   2152 	 * previous association. */
   2153 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
   2154 
   2155 #ifdef IEEE8021X_EAPOL
   2156 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   2157 		if (ssid->leap) {
   2158 			if (ssid->non_leap == 0)
   2159 				algs = WPA_AUTH_ALG_LEAP;
   2160 			else
   2161 				algs |= WPA_AUTH_ALG_LEAP;
   2162 		}
   2163 	}
   2164 #endif /* IEEE8021X_EAPOL */
   2165 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
   2166 	if (ssid->auth_alg) {
   2167 		algs = ssid->auth_alg;
   2168 		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
   2169 			"0x%x", algs);
   2170 	}
   2171 
   2172 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
   2173 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
   2174 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
   2175 		int try_opportunistic;
   2176 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
   2177 				     wpa_s->conf->okc :
   2178 				     ssid->proactive_key_caching) &&
   2179 			(ssid->proto & WPA_PROTO_RSN);
   2180 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
   2181 					    ssid, try_opportunistic) == 0)
   2182 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
   2183 		wpa_ie_len = sizeof(wpa_ie);
   2184 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
   2185 					      wpa_ie, &wpa_ie_len)) {
   2186 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
   2187 				"key management and encryption suites");
   2188 			wpas_connect_work_done(wpa_s);
   2189 			return;
   2190 		}
   2191 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
   2192 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
   2193 		/*
   2194 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
   2195 		 * use non-WPA since the scan results did not indicate that the
   2196 		 * AP is using WPA or WPA2.
   2197 		 */
   2198 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   2199 		wpa_ie_len = 0;
   2200 		wpa_s->wpa_proto = 0;
   2201 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
   2202 		wpa_ie_len = sizeof(wpa_ie);
   2203 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
   2204 					      wpa_ie, &wpa_ie_len)) {
   2205 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
   2206 				"key management and encryption suites (no "
   2207 				"scan results)");
   2208 			wpas_connect_work_done(wpa_s);
   2209 			return;
   2210 		}
   2211 #ifdef CONFIG_WPS
   2212 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
   2213 		struct wpabuf *wps_ie;
   2214 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
   2215 		if (wps_ie && wpabuf_len(wps_ie) <= sizeof(wpa_ie)) {
   2216 			wpa_ie_len = wpabuf_len(wps_ie);
   2217 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
   2218 		} else
   2219 			wpa_ie_len = 0;
   2220 		wpabuf_free(wps_ie);
   2221 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   2222 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
   2223 			params.wps = WPS_MODE_PRIVACY;
   2224 		else
   2225 			params.wps = WPS_MODE_OPEN;
   2226 		wpa_s->wpa_proto = 0;
   2227 #endif /* CONFIG_WPS */
   2228 	} else {
   2229 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
   2230 		wpa_ie_len = 0;
   2231 		wpa_s->wpa_proto = 0;
   2232 	}
   2233 
   2234 #ifdef CONFIG_P2P
   2235 	if (wpa_s->global->p2p) {
   2236 		u8 *pos;
   2237 		size_t len;
   2238 		int res;
   2239 		pos = wpa_ie + wpa_ie_len;
   2240 		len = sizeof(wpa_ie) - wpa_ie_len;
   2241 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
   2242 					    ssid->p2p_group);
   2243 		if (res >= 0)
   2244 			wpa_ie_len += res;
   2245 	}
   2246 
   2247 	wpa_s->cross_connect_disallowed = 0;
   2248 	if (bss) {
   2249 		struct wpabuf *p2p;
   2250 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
   2251 		if (p2p) {
   2252 			wpa_s->cross_connect_disallowed =
   2253 				p2p_get_cross_connect_disallowed(p2p);
   2254 			wpabuf_free(p2p);
   2255 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
   2256 				"connection",
   2257 				wpa_s->cross_connect_disallowed ?
   2258 				"disallows" : "allows");
   2259 		}
   2260 	}
   2261 
   2262 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
   2263 #endif /* CONFIG_P2P */
   2264 
   2265 #ifdef CONFIG_MBO
   2266 	if (bss) {
   2267 		mbo = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
   2268 		if (mbo) {
   2269 			int len;
   2270 
   2271 			len = wpas_mbo_supp_op_class_ie(wpa_s, bss->freq,
   2272 							wpa_ie + wpa_ie_len,
   2273 							sizeof(wpa_ie) -
   2274 							wpa_ie_len);
   2275 			if (len > 0)
   2276 				wpa_ie_len += len;
   2277 		}
   2278 	}
   2279 #endif /* CONFIG_MBO */
   2280 
   2281 	/*
   2282 	 * Workaround: Add Extended Capabilities element only if the AP
   2283 	 * included this element in Beacon/Probe Response frames. Some older
   2284 	 * APs seem to have interoperability issues if this element is
   2285 	 * included, so while the standard may require us to include the
   2286 	 * element in all cases, it is justifiable to skip it to avoid
   2287 	 * interoperability issues.
   2288 	 */
   2289 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
   2290 		u8 ext_capab[18];
   2291 		int ext_capab_len;
   2292 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
   2293 						     sizeof(ext_capab));
   2294 		if (ext_capab_len > 0) {
   2295 			u8 *pos = wpa_ie;
   2296 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
   2297 				pos += 2 + pos[1];
   2298 			os_memmove(pos + ext_capab_len, pos,
   2299 				   wpa_ie_len - (pos - wpa_ie));
   2300 			wpa_ie_len += ext_capab_len;
   2301 			os_memcpy(pos, ext_capab, ext_capab_len);
   2302 		}
   2303 	}
   2304 
   2305 #ifdef CONFIG_HS20
   2306 	if (is_hs20_network(wpa_s, ssid, bss)) {
   2307 		struct wpabuf *hs20;
   2308 
   2309 		hs20 = wpabuf_alloc(20);
   2310 		if (hs20) {
   2311 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
   2312 			size_t len;
   2313 
   2314 			wpas_hs20_add_indication(hs20, pps_mo_id);
   2315 			len = sizeof(wpa_ie) - wpa_ie_len;
   2316 			if (wpabuf_len(hs20) <= len) {
   2317 				os_memcpy(wpa_ie + wpa_ie_len,
   2318 					  wpabuf_head(hs20), wpabuf_len(hs20));
   2319 				wpa_ie_len += wpabuf_len(hs20);
   2320 			}
   2321 			wpabuf_free(hs20);
   2322 		}
   2323 	}
   2324 #endif /* CONFIG_HS20 */
   2325 
   2326 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
   2327 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
   2328 		size_t len;
   2329 
   2330 		len = sizeof(wpa_ie) - wpa_ie_len;
   2331 		if (wpabuf_len(buf) <= len) {
   2332 			os_memcpy(wpa_ie + wpa_ie_len,
   2333 				  wpabuf_head(buf), wpabuf_len(buf));
   2334 			wpa_ie_len += wpabuf_len(buf);
   2335 		}
   2336 	}
   2337 
   2338 #ifdef CONFIG_FST
   2339 	if (wpa_s->fst_ies) {
   2340 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
   2341 
   2342 		if (wpa_ie_len + fst_ies_len <= sizeof(wpa_ie)) {
   2343 			os_memcpy(wpa_ie + wpa_ie_len,
   2344 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
   2345 			wpa_ie_len += fst_ies_len;
   2346 		}
   2347 	}
   2348 #endif /* CONFIG_FST */
   2349 
   2350 #ifdef CONFIG_MBO
   2351 	if (mbo) {
   2352 		int len;
   2353 
   2354 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
   2355 				  sizeof(wpa_ie) - wpa_ie_len);
   2356 		if (len >= 0)
   2357 			wpa_ie_len += len;
   2358 	}
   2359 #endif /* CONFIG_MBO */
   2360 
   2361 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
   2362 	use_crypt = 1;
   2363 	cipher_pairwise = wpa_s->pairwise_cipher;
   2364 	cipher_group = wpa_s->group_cipher;
   2365 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
   2366 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   2367 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
   2368 			use_crypt = 0;
   2369 		if (wpa_set_wep_keys(wpa_s, ssid)) {
   2370 			use_crypt = 1;
   2371 			wep_keys_set = 1;
   2372 		}
   2373 	}
   2374 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
   2375 		use_crypt = 0;
   2376 
   2377 #ifdef IEEE8021X_EAPOL
   2378 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   2379 		if ((ssid->eapol_flags &
   2380 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
   2381 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
   2382 		    !wep_keys_set) {
   2383 			use_crypt = 0;
   2384 		} else {
   2385 			/* Assume that dynamic WEP-104 keys will be used and
   2386 			 * set cipher suites in order for drivers to expect
   2387 			 * encryption. */
   2388 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
   2389 		}
   2390 	}
   2391 #endif /* IEEE8021X_EAPOL */
   2392 
   2393 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
   2394 		/* Set the key before (and later after) association */
   2395 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
   2396 	}
   2397 
   2398 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
   2399 	if (bss) {
   2400 		params.ssid = bss->ssid;
   2401 		params.ssid_len = bss->ssid_len;
   2402 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
   2403 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
   2404 				   MACSTR " freq=%u MHz based on scan results "
   2405 				   "(bssid_set=%d)",
   2406 				   MAC2STR(bss->bssid), bss->freq,
   2407 				   ssid->bssid_set);
   2408 			params.bssid = bss->bssid;
   2409 			params.freq.freq = bss->freq;
   2410 		}
   2411 		params.bssid_hint = bss->bssid;
   2412 		params.freq_hint = bss->freq;
   2413 		params.pbss = bss_is_pbss(bss);
   2414 	} else {
   2415 		params.ssid = ssid->ssid;
   2416 		params.ssid_len = ssid->ssid_len;
   2417 		params.pbss = ssid->pbss;
   2418 	}
   2419 
   2420 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
   2421 	    wpa_s->conf->ap_scan == 2) {
   2422 		params.bssid = ssid->bssid;
   2423 		params.fixed_bssid = 1;
   2424 	}
   2425 
   2426 	/* Initial frequency for IBSS/mesh */
   2427 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
   2428 	    ssid->frequency > 0 && params.freq.freq == 0)
   2429 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
   2430 
   2431 	if (ssid->mode == WPAS_MODE_IBSS) {
   2432 		params.fixed_freq = ssid->fixed_freq;
   2433 		if (ssid->beacon_int)
   2434 			params.beacon_int = ssid->beacon_int;
   2435 		else
   2436 			params.beacon_int = wpa_s->conf->beacon_int;
   2437 	}
   2438 
   2439 	params.wpa_ie = wpa_ie;
   2440 	params.wpa_ie_len = wpa_ie_len;
   2441 	params.pairwise_suite = cipher_pairwise;
   2442 	params.group_suite = cipher_group;
   2443 	params.key_mgmt_suite = wpa_s->key_mgmt;
   2444 	params.wpa_proto = wpa_s->wpa_proto;
   2445 	params.auth_alg = algs;
   2446 	params.mode = ssid->mode;
   2447 	params.bg_scan_period = ssid->bg_scan_period;
   2448 	for (i = 0; i < NUM_WEP_KEYS; i++) {
   2449 		if (ssid->wep_key_len[i])
   2450 			params.wep_key[i] = ssid->wep_key[i];
   2451 		params.wep_key_len[i] = ssid->wep_key_len[i];
   2452 	}
   2453 	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
   2454 
   2455 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
   2456 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
   2457 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
   2458 		params.passphrase = ssid->passphrase;
   2459 		if (ssid->psk_set)
   2460 			params.psk = ssid->psk;
   2461 	}
   2462 
   2463 	if (wpa_s->conf->key_mgmt_offload) {
   2464 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
   2465 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
   2466 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
   2467 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
   2468 			params.req_key_mgmt_offload =
   2469 				ssid->proactive_key_caching < 0 ?
   2470 				wpa_s->conf->okc : ssid->proactive_key_caching;
   2471 		else
   2472 			params.req_key_mgmt_offload = 1;
   2473 
   2474 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
   2475 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
   2476 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
   2477 		    ssid->psk_set)
   2478 			params.psk = ssid->psk;
   2479 	}
   2480 
   2481 	params.drop_unencrypted = use_crypt;
   2482 
   2483 #ifdef CONFIG_IEEE80211W
   2484 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
   2485 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
   2486 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
   2487 		struct wpa_ie_data ie;
   2488 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
   2489 		    ie.capabilities &
   2490 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
   2491 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
   2492 				"MFP: require MFP");
   2493 			params.mgmt_frame_protection =
   2494 				MGMT_FRAME_PROTECTION_REQUIRED;
   2495 		}
   2496 	}
   2497 #endif /* CONFIG_IEEE80211W */
   2498 
   2499 	params.p2p = ssid->p2p_group;
   2500 
   2501 	if (wpa_s->p2pdev->set_sta_uapsd)
   2502 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
   2503 	else
   2504 		params.uapsd = -1;
   2505 
   2506 #ifdef CONFIG_HT_OVERRIDES
   2507 	os_memset(&htcaps, 0, sizeof(htcaps));
   2508 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
   2509 	params.htcaps = (u8 *) &htcaps;
   2510 	params.htcaps_mask = (u8 *) &htcaps_mask;
   2511 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
   2512 #endif /* CONFIG_HT_OVERRIDES */
   2513 #ifdef CONFIG_VHT_OVERRIDES
   2514 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
   2515 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
   2516 	params.vhtcaps = &vhtcaps;
   2517 	params.vhtcaps_mask = &vhtcaps_mask;
   2518 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
   2519 #endif /* CONFIG_VHT_OVERRIDES */
   2520 
   2521 #ifdef CONFIG_P2P
   2522 	/*
   2523 	 * If multi-channel concurrency is not supported, check for any
   2524 	 * frequency conflict. In case of any frequency conflict, remove the
   2525 	 * least prioritized connection.
   2526 	 */
   2527 	if (wpa_s->num_multichan_concurrent < 2) {
   2528 		int freq, num;
   2529 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
   2530 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
   2531 			wpa_printf(MSG_DEBUG,
   2532 				   "Assoc conflicting freq found (%d != %d)",
   2533 				   freq, params.freq.freq);
   2534 			if (wpas_p2p_handle_frequency_conflicts(
   2535 				    wpa_s, params.freq.freq, ssid) < 0) {
   2536 				wpas_connect_work_done(wpa_s);
   2537 				return;
   2538 			}
   2539 		}
   2540 	}
   2541 #endif /* CONFIG_P2P */
   2542 
   2543 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
   2544 	    wpa_s->current_ssid)
   2545 		params.prev_bssid = prev_bssid;
   2546 
   2547 	ret = wpa_drv_associate(wpa_s, &params);
   2548 	if (ret < 0) {
   2549 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
   2550 			"failed");
   2551 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
   2552 			/*
   2553 			 * The driver is known to mean what is saying, so we
   2554 			 * can stop right here; the association will not
   2555 			 * succeed.
   2556 			 */
   2557 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
   2558 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   2559 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
   2560 			return;
   2561 		}
   2562 		/* try to continue anyway; new association will be tried again
   2563 		 * after timeout */
   2564 		assoc_failed = 1;
   2565 	}
   2566 
   2567 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
   2568 		/* Set the key after the association just in case association
   2569 		 * cleared the previously configured key. */
   2570 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
   2571 		/* No need to timeout authentication since there is no key
   2572 		 * management. */
   2573 		wpa_supplicant_cancel_auth_timeout(wpa_s);
   2574 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
   2575 #ifdef CONFIG_IBSS_RSN
   2576 	} else if (ssid->mode == WPAS_MODE_IBSS &&
   2577 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
   2578 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
   2579 		/*
   2580 		 * RSN IBSS authentication is per-STA and we can disable the
   2581 		 * per-BSSID authentication.
   2582 		 */
   2583 		wpa_supplicant_cancel_auth_timeout(wpa_s);
   2584 #endif /* CONFIG_IBSS_RSN */
   2585 	} else {
   2586 		/* Timeout for IEEE 802.11 authentication and association */
   2587 		int timeout = 60;
   2588 
   2589 		if (assoc_failed) {
   2590 			/* give IBSS a bit more time */
   2591 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
   2592 		} else if (wpa_s->conf->ap_scan == 1) {
   2593 			/* give IBSS a bit more time */
   2594 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
   2595 		}
   2596 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
   2597 	}
   2598 
   2599 	if (wep_keys_set &&
   2600 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
   2601 		/* Set static WEP keys again */
   2602 		wpa_set_wep_keys(wpa_s, ssid);
   2603 	}
   2604 
   2605 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
   2606 		/*
   2607 		 * Do not allow EAP session resumption between different
   2608 		 * network configurations.
   2609 		 */
   2610 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
   2611 	}
   2612 	old_ssid = wpa_s->current_ssid;
   2613 	wpa_s->current_ssid = ssid;
   2614 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set)
   2615 		wpa_s->current_bss = bss;
   2616 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
   2617 	wpa_supplicant_initiate_eapol(wpa_s);
   2618 	if (old_ssid != wpa_s->current_ssid)
   2619 		wpas_notify_network_changed(wpa_s);
   2620 }
   2621 
   2622 
   2623 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
   2624 					    const u8 *addr)
   2625 {
   2626 	struct wpa_ssid *old_ssid;
   2627 
   2628 	wpas_connect_work_done(wpa_s);
   2629 	wpa_clear_keys(wpa_s, addr);
   2630 	old_ssid = wpa_s->current_ssid;
   2631 	wpa_supplicant_mark_disassoc(wpa_s);
   2632 	wpa_sm_set_config(wpa_s->wpa, NULL);
   2633 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
   2634 	if (old_ssid != wpa_s->current_ssid)
   2635 		wpas_notify_network_changed(wpa_s);
   2636 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
   2637 }
   2638 
   2639 
   2640 /**
   2641  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
   2642  * @wpa_s: Pointer to wpa_supplicant data
   2643  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
   2644  *
   2645  * This function is used to request %wpa_supplicant to deauthenticate from the
   2646  * current AP.
   2647  */
   2648 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
   2649 				   int reason_code)
   2650 {
   2651 	u8 *addr = NULL;
   2652 	union wpa_event_data event;
   2653 	int zero_addr = 0;
   2654 
   2655 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
   2656 		" pending_bssid=" MACSTR " reason=%d state=%s",
   2657 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
   2658 		reason_code, wpa_supplicant_state_txt(wpa_s->wpa_state));
   2659 
   2660 	if (!is_zero_ether_addr(wpa_s->bssid))
   2661 		addr = wpa_s->bssid;
   2662 	else if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
   2663 		 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
   2664 		  wpa_s->wpa_state == WPA_ASSOCIATING))
   2665 		addr = wpa_s->pending_bssid;
   2666 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
   2667 		/*
   2668 		 * When using driver-based BSS selection, we may not know the
   2669 		 * BSSID with which we are currently trying to associate. We
   2670 		 * need to notify the driver of this disconnection even in such
   2671 		 * a case, so use the all zeros address here.
   2672 		 */
   2673 		addr = wpa_s->bssid;
   2674 		zero_addr = 1;
   2675 	}
   2676 
   2677 #ifdef CONFIG_TDLS
   2678 	wpa_tdls_teardown_peers(wpa_s->wpa);
   2679 #endif /* CONFIG_TDLS */
   2680 
   2681 #ifdef CONFIG_MESH
   2682 	if (wpa_s->ifmsh) {
   2683 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
   2684 			wpa_s->ifname);
   2685 		wpa_supplicant_leave_mesh(wpa_s);
   2686 	}
   2687 #endif /* CONFIG_MESH */
   2688 
   2689 	if (addr) {
   2690 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
   2691 		os_memset(&event, 0, sizeof(event));
   2692 		event.deauth_info.reason_code = (u16) reason_code;
   2693 		event.deauth_info.locally_generated = 1;
   2694 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
   2695 		if (zero_addr)
   2696 			addr = NULL;
   2697 	}
   2698 
   2699 	wpa_supplicant_clear_connection(wpa_s, addr);
   2700 }
   2701 
   2702 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
   2703 					      struct wpa_ssid *ssid)
   2704 {
   2705 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
   2706 		return;
   2707 
   2708 	ssid->disabled = 0;
   2709 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
   2710 	wpas_notify_network_enabled_changed(wpa_s, ssid);
   2711 
   2712 	/*
   2713 	 * Try to reassociate since there is no current configuration and a new
   2714 	 * network was made available.
   2715 	 */
   2716 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
   2717 		wpa_s->reassociate = 1;
   2718 }
   2719 
   2720 
   2721 /**
   2722  * wpa_supplicant_enable_network - Mark a configured network as enabled
   2723  * @wpa_s: wpa_supplicant structure for a network interface
   2724  * @ssid: wpa_ssid structure for a configured network or %NULL
   2725  *
   2726  * Enables the specified network or all networks if no network specified.
   2727  */
   2728 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
   2729 				   struct wpa_ssid *ssid)
   2730 {
   2731 	if (ssid == NULL) {
   2732 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
   2733 			wpa_supplicant_enable_one_network(wpa_s, ssid);
   2734 	} else
   2735 		wpa_supplicant_enable_one_network(wpa_s, ssid);
   2736 
   2737 	if (wpa_s->reassociate && !wpa_s->disconnected &&
   2738 	    (!wpa_s->current_ssid ||
   2739 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
   2740 	     wpa_s->wpa_state == WPA_SCANNING)) {
   2741 		if (wpa_s->sched_scanning) {
   2742 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
   2743 				   "new network to scan filters");
   2744 			wpa_supplicant_cancel_sched_scan(wpa_s);
   2745 		}
   2746 
   2747 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
   2748 			wpa_s->scan_req = NORMAL_SCAN_REQ;
   2749 			wpa_supplicant_req_scan(wpa_s, 0, 0);
   2750 		}
   2751 	}
   2752 }
   2753 
   2754 
   2755 /**
   2756  * wpa_supplicant_disable_network - Mark a configured network as disabled
   2757  * @wpa_s: wpa_supplicant structure for a network interface
   2758  * @ssid: wpa_ssid structure for a configured network or %NULL
   2759  *
   2760  * Disables the specified network or all networks if no network specified.
   2761  */
   2762 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
   2763 				    struct wpa_ssid *ssid)
   2764 {
   2765 	struct wpa_ssid *other_ssid;
   2766 	int was_disabled;
   2767 
   2768 	if (ssid == NULL) {
   2769 		if (wpa_s->sched_scanning)
   2770 			wpa_supplicant_cancel_sched_scan(wpa_s);
   2771 
   2772 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
   2773 		     other_ssid = other_ssid->next) {
   2774 			was_disabled = other_ssid->disabled;
   2775 			if (was_disabled == 2)
   2776 				continue; /* do not change persistent P2P group
   2777 					   * data */
   2778 
   2779 			other_ssid->disabled = 1;
   2780 
   2781 			if (was_disabled != other_ssid->disabled)
   2782 				wpas_notify_network_enabled_changed(
   2783 					wpa_s, other_ssid);
   2784 		}
   2785 		if (wpa_s->current_ssid)
   2786 			wpa_supplicant_deauthenticate(
   2787 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   2788 	} else if (ssid->disabled != 2) {
   2789 		if (ssid == wpa_s->current_ssid)
   2790 			wpa_supplicant_deauthenticate(
   2791 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   2792 
   2793 		was_disabled = ssid->disabled;
   2794 
   2795 		ssid->disabled = 1;
   2796 
   2797 		if (was_disabled != ssid->disabled) {
   2798 			wpas_notify_network_enabled_changed(wpa_s, ssid);
   2799 			if (wpa_s->sched_scanning) {
   2800 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
   2801 					   "to remove network from filters");
   2802 				wpa_supplicant_cancel_sched_scan(wpa_s);
   2803 				wpa_supplicant_req_scan(wpa_s, 0, 0);
   2804 			}
   2805 		}
   2806 	}
   2807 }
   2808 
   2809 
   2810 /**
   2811  * wpa_supplicant_select_network - Attempt association with a network
   2812  * @wpa_s: wpa_supplicant structure for a network interface
   2813  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
   2814  */
   2815 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
   2816 				   struct wpa_ssid *ssid)
   2817 {
   2818 
   2819 	struct wpa_ssid *other_ssid;
   2820 	int disconnected = 0;
   2821 
   2822 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
   2823 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
   2824 			wpa_s->own_disconnect_req = 1;
   2825 		wpa_supplicant_deauthenticate(
   2826 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
   2827 		disconnected = 1;
   2828 	}
   2829 
   2830 	if (ssid)
   2831 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
   2832 
   2833 	/*
   2834 	 * Mark all other networks disabled or mark all networks enabled if no
   2835 	 * network specified.
   2836 	 */
   2837 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
   2838 	     other_ssid = other_ssid->next) {
   2839 		int was_disabled = other_ssid->disabled;
   2840 		if (was_disabled == 2)
   2841 			continue; /* do not change persistent P2P group data */
   2842 
   2843 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
   2844 		if (was_disabled && !other_ssid->disabled)
   2845 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
   2846 
   2847 		if (was_disabled != other_ssid->disabled)
   2848 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
   2849 	}
   2850 
   2851 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
   2852 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
   2853 		/* We are already associated with the selected network */
   2854 		wpa_printf(MSG_DEBUG, "Already associated with the "
   2855 			   "selected network - do nothing");
   2856 		return;
   2857 	}
   2858 
   2859 	if (ssid) {
   2860 		wpa_s->current_ssid = ssid;
   2861 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
   2862 		wpa_s->connect_without_scan =
   2863 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
   2864 
   2865 		/*
   2866 		 * Don't optimize next scan freqs since a new ESS has been
   2867 		 * selected.
   2868 		 */
   2869 		os_free(wpa_s->next_scan_freqs);
   2870 		wpa_s->next_scan_freqs = NULL;
   2871 	} else {
   2872 		wpa_s->connect_without_scan = NULL;
   2873 	}
   2874 
   2875 	wpa_s->disconnected = 0;
   2876 	wpa_s->reassociate = 1;
   2877 
   2878 	if (wpa_s->connect_without_scan ||
   2879 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
   2880 		wpa_s->scan_req = NORMAL_SCAN_REQ;
   2881 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
   2882 	}
   2883 
   2884 	if (ssid)
   2885 		wpas_notify_network_selected(wpa_s, ssid);
   2886 }
   2887 
   2888 
   2889 /**
   2890  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
   2891  * @wpa_s: wpa_supplicant structure for a network interface
   2892  * @pkcs11_engine_path: PKCS #11 engine path or NULL
   2893  * @pkcs11_module_path: PKCS #11 module path or NULL
   2894  * Returns: 0 on success; -1 on failure
   2895  *
   2896  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
   2897  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
   2898  * module path fails the paths will be reset to the default value (NULL).
   2899  */
   2900 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
   2901 					   const char *pkcs11_engine_path,
   2902 					   const char *pkcs11_module_path)
   2903 {
   2904 	char *pkcs11_engine_path_copy = NULL;
   2905 	char *pkcs11_module_path_copy = NULL;
   2906 
   2907 	if (pkcs11_engine_path != NULL) {
   2908 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
   2909 		if (pkcs11_engine_path_copy == NULL)
   2910 			return -1;
   2911 	}
   2912 	if (pkcs11_module_path != NULL) {
   2913 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
   2914 		if (pkcs11_module_path_copy == NULL) {
   2915 			os_free(pkcs11_engine_path_copy);
   2916 			return -1;
   2917 		}
   2918 	}
   2919 
   2920 	os_free(wpa_s->conf->pkcs11_engine_path);
   2921 	os_free(wpa_s->conf->pkcs11_module_path);
   2922 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
   2923 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
   2924 
   2925 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
   2926 	eapol_sm_deinit(wpa_s->eapol);
   2927 	wpa_s->eapol = NULL;
   2928 	if (wpa_supplicant_init_eapol(wpa_s)) {
   2929 		/* Error -> Reset paths to the default value (NULL) once. */
   2930 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
   2931 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
   2932 							       NULL);
   2933 
   2934 		return -1;
   2935 	}
   2936 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
   2937 
   2938 	return 0;
   2939 }
   2940 
   2941 
   2942 /**
   2943  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
   2944  * @wpa_s: wpa_supplicant structure for a network interface
   2945  * @ap_scan: AP scan mode
   2946  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
   2947  *
   2948  */
   2949 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
   2950 {
   2951 
   2952 	int old_ap_scan;
   2953 
   2954 	if (ap_scan < 0 || ap_scan > 2)
   2955 		return -1;
   2956 
   2957 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
   2958 		wpa_printf(MSG_INFO,
   2959 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
   2960 	}
   2961 
   2962 #ifdef ANDROID
   2963 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
   2964 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
   2965 	    wpa_s->wpa_state < WPA_COMPLETED) {
   2966 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
   2967 			   "associating", wpa_s->conf->ap_scan, ap_scan);
   2968 		return 0;
   2969 	}
   2970 #endif /* ANDROID */
   2971 
   2972 	old_ap_scan = wpa_s->conf->ap_scan;
   2973 	wpa_s->conf->ap_scan = ap_scan;
   2974 
   2975 	if (old_ap_scan != wpa_s->conf->ap_scan)
   2976 		wpas_notify_ap_scan_changed(wpa_s);
   2977 
   2978 	return 0;
   2979 }
   2980 
   2981 
   2982 /**
   2983  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
   2984  * @wpa_s: wpa_supplicant structure for a network interface
   2985  * @expire_age: Expiration age in seconds
   2986  * Returns: 0 if succeed or -1 if expire_age has an invalid value
   2987  *
   2988  */
   2989 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
   2990 					  unsigned int bss_expire_age)
   2991 {
   2992 	if (bss_expire_age < 10) {
   2993 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
   2994 			bss_expire_age);
   2995 		return -1;
   2996 	}
   2997 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
   2998 		bss_expire_age);
   2999 	wpa_s->conf->bss_expiration_age = bss_expire_age;
   3000 
   3001 	return 0;
   3002 }
   3003 
   3004 
   3005 /**
   3006  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
   3007  * @wpa_s: wpa_supplicant structure for a network interface
   3008  * @expire_count: number of scans after which an unseen BSS is reclaimed
   3009  * Returns: 0 if succeed or -1 if expire_count has an invalid value
   3010  *
   3011  */
   3012 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
   3013 					    unsigned int bss_expire_count)
   3014 {
   3015 	if (bss_expire_count < 1) {
   3016 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
   3017 			bss_expire_count);
   3018 		return -1;
   3019 	}
   3020 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
   3021 		bss_expire_count);
   3022 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
   3023 
   3024 	return 0;
   3025 }
   3026 
   3027 
   3028 /**
   3029  * wpa_supplicant_set_scan_interval - Set scan interval
   3030  * @wpa_s: wpa_supplicant structure for a network interface
   3031  * @scan_interval: scan interval in seconds
   3032  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
   3033  *
   3034  */
   3035 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
   3036 				     int scan_interval)
   3037 {
   3038 	if (scan_interval < 0) {
   3039 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
   3040 			scan_interval);
   3041 		return -1;
   3042 	}
   3043 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
   3044 		scan_interval);
   3045 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
   3046 
   3047 	return 0;
   3048 }
   3049 
   3050 
   3051 /**
   3052  * wpa_supplicant_set_debug_params - Set global debug params
   3053  * @global: wpa_global structure
   3054  * @debug_level: debug level
   3055  * @debug_timestamp: determines if show timestamp in debug data
   3056  * @debug_show_keys: determines if show keys in debug data
   3057  * Returns: 0 if succeed or -1 if debug_level has wrong value
   3058  */
   3059 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
   3060 				    int debug_timestamp, int debug_show_keys)
   3061 {
   3062 
   3063 	int old_level, old_timestamp, old_show_keys;
   3064 
   3065 	/* check for allowed debuglevels */
   3066 	if (debug_level != MSG_EXCESSIVE &&
   3067 	    debug_level != MSG_MSGDUMP &&
   3068 	    debug_level != MSG_DEBUG &&
   3069 	    debug_level != MSG_INFO &&
   3070 	    debug_level != MSG_WARNING &&
   3071 	    debug_level != MSG_ERROR)
   3072 		return -1;
   3073 
   3074 	old_level = wpa_debug_level;
   3075 	old_timestamp = wpa_debug_timestamp;
   3076 	old_show_keys = wpa_debug_show_keys;
   3077 
   3078 	wpa_debug_level = debug_level;
   3079 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
   3080 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
   3081 
   3082 	if (wpa_debug_level != old_level)
   3083 		wpas_notify_debug_level_changed(global);
   3084 	if (wpa_debug_timestamp != old_timestamp)
   3085 		wpas_notify_debug_timestamp_changed(global);
   3086 	if (wpa_debug_show_keys != old_show_keys)
   3087 		wpas_notify_debug_show_keys_changed(global);
   3088 
   3089 	return 0;
   3090 }
   3091 
   3092 
   3093 /**
   3094  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
   3095  * @wpa_s: Pointer to wpa_supplicant data
   3096  * Returns: A pointer to the current network structure or %NULL on failure
   3097  */
   3098 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
   3099 {
   3100 	struct wpa_ssid *entry;
   3101 	u8 ssid[SSID_MAX_LEN];
   3102 	int res;
   3103 	size_t ssid_len;
   3104 	u8 bssid[ETH_ALEN];
   3105 	int wired;
   3106 
   3107 	res = wpa_drv_get_ssid(wpa_s, ssid);
   3108 	if (res < 0) {
   3109 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
   3110 			"driver");
   3111 		return NULL;
   3112 	}
   3113 	ssid_len = res;
   3114 
   3115 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
   3116 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
   3117 			"driver");
   3118 		return NULL;
   3119 	}
   3120 
   3121 	wired = wpa_s->conf->ap_scan == 0 &&
   3122 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
   3123 
   3124 	entry = wpa_s->conf->ssid;
   3125 	while (entry) {
   3126 		if (!wpas_network_disabled(wpa_s, entry) &&
   3127 		    ((ssid_len == entry->ssid_len &&
   3128 		      os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
   3129 		    (!entry->bssid_set ||
   3130 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
   3131 			return entry;
   3132 #ifdef CONFIG_WPS
   3133 		if (!wpas_network_disabled(wpa_s, entry) &&
   3134 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
   3135 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
   3136 		    (!entry->bssid_set ||
   3137 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
   3138 			return entry;
   3139 #endif /* CONFIG_WPS */
   3140 
   3141 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
   3142 		    entry->ssid_len == 0 &&
   3143 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
   3144 			return entry;
   3145 
   3146 		entry = entry->next;
   3147 	}
   3148 
   3149 	return NULL;
   3150 }
   3151 
   3152 
   3153 static int select_driver(struct wpa_supplicant *wpa_s, int i)
   3154 {
   3155 	struct wpa_global *global = wpa_s->global;
   3156 
   3157 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
   3158 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
   3159 		if (global->drv_priv[i] == NULL) {
   3160 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
   3161 				   "'%s'", wpa_drivers[i]->name);
   3162 			return -1;
   3163 		}
   3164 	}
   3165 
   3166 	wpa_s->driver = wpa_drivers[i];
   3167 	wpa_s->global_drv_priv = global->drv_priv[i];
   3168 
   3169 	return 0;
   3170 }
   3171 
   3172 
   3173 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
   3174 				     const char *name)
   3175 {
   3176 	int i;
   3177 	size_t len;
   3178 	const char *pos, *driver = name;
   3179 
   3180 	if (wpa_s == NULL)
   3181 		return -1;
   3182 
   3183 	if (wpa_drivers[0] == NULL) {
   3184 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
   3185 			"wpa_supplicant");
   3186 		return -1;
   3187 	}
   3188 
   3189 	if (name == NULL) {
   3190 		/* default to first driver in the list */
   3191 		return select_driver(wpa_s, 0);
   3192 	}
   3193 
   3194 	do {
   3195 		pos = os_strchr(driver, ',');
   3196 		if (pos)
   3197 			len = pos - driver;
   3198 		else
   3199 			len = os_strlen(driver);
   3200 
   3201 		for (i = 0; wpa_drivers[i]; i++) {
   3202 			if (os_strlen(wpa_drivers[i]->name) == len &&
   3203 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
   3204 			    0) {
   3205 				/* First driver that succeeds wins */
   3206 				if (select_driver(wpa_s, i) == 0)
   3207 					return 0;
   3208 			}
   3209 		}
   3210 
   3211 		driver = pos + 1;
   3212 	} while (pos);
   3213 
   3214 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
   3215 	return -1;
   3216 }
   3217 
   3218 
   3219 /**
   3220  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
   3221  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
   3222  *	with struct wpa_driver_ops::init()
   3223  * @src_addr: Source address of the EAPOL frame
   3224  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
   3225  * @len: Length of the EAPOL data
   3226  *
   3227  * This function is called for each received EAPOL frame. Most driver
   3228  * interfaces rely on more generic OS mechanism for receiving frames through
   3229  * l2_packet, but if such a mechanism is not available, the driver wrapper may
   3230  * take care of received EAPOL frames and deliver them to the core supplicant
   3231  * code by calling this function.
   3232  */
   3233 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
   3234 			     const u8 *buf, size_t len)
   3235 {
   3236 	struct wpa_supplicant *wpa_s = ctx;
   3237 
   3238 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
   3239 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
   3240 
   3241 #ifdef CONFIG_PEERKEY
   3242 	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
   3243 	    wpa_s->current_ssid->peerkey &&
   3244 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
   3245 	    wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
   3246 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
   3247 		return;
   3248 	}
   3249 #endif /* CONFIG_PEERKEY */
   3250 
   3251 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
   3252 	    (wpa_s->last_eapol_matches_bssid &&
   3253 #ifdef CONFIG_AP
   3254 	     !wpa_s->ap_iface &&
   3255 #endif /* CONFIG_AP */
   3256 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
   3257 		/*
   3258 		 * There is possible race condition between receiving the
   3259 		 * association event and the EAPOL frame since they are coming
   3260 		 * through different paths from the driver. In order to avoid
   3261 		 * issues in trying to process the EAPOL frame before receiving
   3262 		 * association information, lets queue it for processing until
   3263 		 * the association event is received. This may also be needed in
   3264 		 * driver-based roaming case, so also use src_addr != BSSID as a
   3265 		 * trigger if we have previously confirmed that the
   3266 		 * Authenticator uses BSSID as the src_addr (which is not the
   3267 		 * case with wired IEEE 802.1X).
   3268 		 */
   3269 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
   3270 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
   3271 			wpa_supplicant_state_txt(wpa_s->wpa_state),
   3272 			MAC2STR(wpa_s->bssid));
   3273 		wpabuf_free(wpa_s->pending_eapol_rx);
   3274 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
   3275 		if (wpa_s->pending_eapol_rx) {
   3276 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
   3277 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
   3278 				  ETH_ALEN);
   3279 		}
   3280 		return;
   3281 	}
   3282 
   3283 	wpa_s->last_eapol_matches_bssid =
   3284 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
   3285 
   3286 #ifdef CONFIG_AP
   3287 	if (wpa_s->ap_iface) {
   3288 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
   3289 		return;
   3290 	}
   3291 #endif /* CONFIG_AP */
   3292 
   3293 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
   3294 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
   3295 			"no key management is configured");
   3296 		return;
   3297 	}
   3298 
   3299 	if (wpa_s->eapol_received == 0 &&
   3300 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
   3301 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
   3302 	     wpa_s->wpa_state != WPA_COMPLETED) &&
   3303 	    (wpa_s->current_ssid == NULL ||
   3304 	     wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
   3305 		/* Timeout for completing IEEE 802.1X and WPA authentication */
   3306 		int timeout = 10;
   3307 
   3308 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
   3309 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
   3310 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
   3311 			/* Use longer timeout for IEEE 802.1X/EAP */
   3312 			timeout = 70;
   3313 		}
   3314 
   3315 #ifdef CONFIG_WPS
   3316 		if (wpa_s->current_ssid && wpa_s->current_bss &&
   3317 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
   3318 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
   3319 			/*
   3320 			 * Use shorter timeout if going through WPS AP iteration
   3321 			 * for PIN config method with an AP that does not
   3322 			 * advertise Selected Registrar.
   3323 			 */
   3324 			struct wpabuf *wps_ie;
   3325 
   3326 			wps_ie = wpa_bss_get_vendor_ie_multi(
   3327 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
   3328 			if (wps_ie &&
   3329 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
   3330 				timeout = 10;
   3331 			wpabuf_free(wps_ie);
   3332 		}
   3333 #endif /* CONFIG_WPS */
   3334 
   3335 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
   3336 	}
   3337 	wpa_s->eapol_received++;
   3338 
   3339 	if (wpa_s->countermeasures) {
   3340 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
   3341 			"EAPOL packet");
   3342 		return;
   3343 	}
   3344 
   3345 #ifdef CONFIG_IBSS_RSN
   3346 	if (wpa_s->current_ssid &&
   3347 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
   3348 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
   3349 		return;
   3350 	}
   3351 #endif /* CONFIG_IBSS_RSN */
   3352 
   3353 	/* Source address of the incoming EAPOL frame could be compared to the
   3354 	 * current BSSID. However, it is possible that a centralized
   3355 	 * Authenticator could be using another MAC address than the BSSID of
   3356 	 * an AP, so just allow any address to be used for now. The replies are
   3357 	 * still sent to the current BSSID (if available), though. */
   3358 
   3359 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
   3360 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
   3361 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
   3362 		return;
   3363 	wpa_drv_poll(wpa_s);
   3364 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
   3365 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
   3366 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
   3367 		/*
   3368 		 * Set portValid = TRUE here since we are going to skip 4-way
   3369 		 * handshake processing which would normally set portValid. We
   3370 		 * need this to allow the EAPOL state machines to be completed
   3371 		 * without going through EAPOL-Key handshake.
   3372 		 */
   3373 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
   3374 	}
   3375 }
   3376 
   3377 
   3378 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
   3379 {
   3380 	if ((!wpa_s->p2p_mgmt ||
   3381 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
   3382 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
   3383 		l2_packet_deinit(wpa_s->l2);
   3384 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
   3385 					   wpa_drv_get_mac_addr(wpa_s),
   3386 					   ETH_P_EAPOL,
   3387 					   wpa_supplicant_rx_eapol, wpa_s, 0);
   3388 		if (wpa_s->l2 == NULL)
   3389 			return -1;
   3390 	} else {
   3391 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
   3392 		if (addr)
   3393 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
   3394 	}
   3395 
   3396 	if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
   3397 		wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
   3398 		return -1;
   3399 	}
   3400 
   3401 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
   3402 
   3403 	return 0;
   3404 }
   3405 
   3406 
   3407 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
   3408 					   const u8 *buf, size_t len)
   3409 {
   3410 	struct wpa_supplicant *wpa_s = ctx;
   3411 	const struct l2_ethhdr *eth;
   3412 
   3413 	if (len < sizeof(*eth))
   3414 		return;
   3415 	eth = (const struct l2_ethhdr *) buf;
   3416 
   3417 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
   3418 	    !(eth->h_dest[0] & 0x01)) {
   3419 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
   3420 			" (bridge - not for this interface - ignore)",
   3421 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
   3422 		return;
   3423 	}
   3424 
   3425 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
   3426 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
   3427 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
   3428 				len - sizeof(*eth));
   3429 }
   3430 
   3431 
   3432 /**
   3433  * wpa_supplicant_driver_init - Initialize driver interface parameters
   3434  * @wpa_s: Pointer to wpa_supplicant data
   3435  * Returns: 0 on success, -1 on failure
   3436  *
   3437  * This function is called to initialize driver interface parameters.
   3438  * wpa_drv_init() must have been called before this function to initialize the
   3439  * driver interface.
   3440  */
   3441 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
   3442 {
   3443 	static int interface_count = 0;
   3444 
   3445 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
   3446 		return -1;
   3447 
   3448 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
   3449 		MAC2STR(wpa_s->own_addr));
   3450 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
   3451 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
   3452 
   3453 	if (wpa_s->bridge_ifname[0]) {
   3454 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
   3455 			"interface '%s'", wpa_s->bridge_ifname);
   3456 		wpa_s->l2_br = l2_packet_init_bridge(
   3457 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
   3458 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
   3459 		if (wpa_s->l2_br == NULL) {
   3460 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
   3461 				"connection for the bridge interface '%s'",
   3462 				wpa_s->bridge_ifname);
   3463 			return -1;
   3464 		}
   3465 	}
   3466 
   3467 	if (wpa_s->conf->ap_scan == 2 &&
   3468 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
   3469 		wpa_printf(MSG_INFO,
   3470 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
   3471 	}
   3472 
   3473 	wpa_clear_keys(wpa_s, NULL);
   3474 
   3475 	/* Make sure that TKIP countermeasures are not left enabled (could
   3476 	 * happen if wpa_supplicant is killed during countermeasures. */
   3477 	wpa_drv_set_countermeasures(wpa_s, 0);
   3478 
   3479 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
   3480 	wpa_drv_flush_pmkid(wpa_s);
   3481 
   3482 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
   3483 	wpa_s->prev_scan_wildcard = 0;
   3484 
   3485 	if (wpa_supplicant_enabled_networks(wpa_s)) {
   3486 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
   3487 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   3488 			interface_count = 0;
   3489 		}
   3490 #ifndef ANDROID
   3491 		if (!wpa_s->p2p_mgmt &&
   3492 		    wpa_supplicant_delayed_sched_scan(wpa_s,
   3493 						      interface_count % 3,
   3494 						      100000))
   3495 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
   3496 						100000);
   3497 #endif /* ANDROID */
   3498 		interface_count++;
   3499 	} else
   3500 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
   3501 
   3502 	return 0;
   3503 }
   3504 
   3505 
   3506 static int wpa_supplicant_daemon(const char *pid_file)
   3507 {
   3508 	wpa_printf(MSG_DEBUG, "Daemonize..");
   3509 	return os_daemonize(pid_file);
   3510 }
   3511 
   3512 
   3513 static struct wpa_supplicant *
   3514 wpa_supplicant_alloc(struct wpa_supplicant *parent)
   3515 {
   3516 	struct wpa_supplicant *wpa_s;
   3517 
   3518 	wpa_s = os_zalloc(sizeof(*wpa_s));
   3519 	if (wpa_s == NULL)
   3520 		return NULL;
   3521 	wpa_s->scan_req = INITIAL_SCAN_REQ;
   3522 	wpa_s->scan_interval = 5;
   3523 	wpa_s->new_connection = 1;
   3524 	wpa_s->parent = parent ? parent : wpa_s;
   3525 	wpa_s->p2pdev = wpa_s->parent;
   3526 	wpa_s->sched_scanning = 0;
   3527 
   3528 	dl_list_init(&wpa_s->bss_tmp_disallowed);
   3529 
   3530 	return wpa_s;
   3531 }
   3532 
   3533 
   3534 #ifdef CONFIG_HT_OVERRIDES
   3535 
   3536 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
   3537 			     struct ieee80211_ht_capabilities *htcaps,
   3538 			     struct ieee80211_ht_capabilities *htcaps_mask,
   3539 			     const char *ht_mcs)
   3540 {
   3541 	/* parse ht_mcs into hex array */
   3542 	int i;
   3543 	const char *tmp = ht_mcs;
   3544 	char *end = NULL;
   3545 
   3546 	/* If ht_mcs is null, do not set anything */
   3547 	if (!ht_mcs)
   3548 		return 0;
   3549 
   3550 	/* This is what we are setting in the kernel */
   3551 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
   3552 
   3553 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
   3554 
   3555 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
   3556 		errno = 0;
   3557 		long v = strtol(tmp, &end, 16);
   3558 		if (errno == 0) {
   3559 			wpa_msg(wpa_s, MSG_DEBUG,
   3560 				"htcap value[%i]: %ld end: %p  tmp: %p",
   3561 				i, v, end, tmp);
   3562 			if (end == tmp)
   3563 				break;
   3564 
   3565 			htcaps->supported_mcs_set[i] = v;
   3566 			tmp = end;
   3567 		} else {
   3568 			wpa_msg(wpa_s, MSG_ERROR,
   3569 				"Failed to parse ht-mcs: %s, error: %s\n",
   3570 				ht_mcs, strerror(errno));
   3571 			return -1;
   3572 		}
   3573 	}
   3574 
   3575 	/*
   3576 	 * If we were able to parse any values, then set mask for the MCS set.
   3577 	 */
   3578 	if (i) {
   3579 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
   3580 			  IEEE80211_HT_MCS_MASK_LEN - 1);
   3581 		/* skip the 3 reserved bits */
   3582 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
   3583 			0x1f;
   3584 	}
   3585 
   3586 	return 0;
   3587 }
   3588 
   3589 
   3590 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
   3591 				 struct ieee80211_ht_capabilities *htcaps,
   3592 				 struct ieee80211_ht_capabilities *htcaps_mask,
   3593 				 int disabled)
   3594 {
   3595 	le16 msk;
   3596 
   3597 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
   3598 
   3599 	if (disabled == -1)
   3600 		return 0;
   3601 
   3602 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
   3603 	htcaps_mask->ht_capabilities_info |= msk;
   3604 	if (disabled)
   3605 		htcaps->ht_capabilities_info &= msk;
   3606 	else
   3607 		htcaps->ht_capabilities_info |= msk;
   3608 
   3609 	return 0;
   3610 }
   3611 
   3612 
   3613 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
   3614 				struct ieee80211_ht_capabilities *htcaps,
   3615 				struct ieee80211_ht_capabilities *htcaps_mask,
   3616 				int factor)
   3617 {
   3618 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
   3619 
   3620 	if (factor == -1)
   3621 		return 0;
   3622 
   3623 	if (factor < 0 || factor > 3) {
   3624 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
   3625 			"Must be 0-3 or -1", factor);
   3626 		return -EINVAL;
   3627 	}
   3628 
   3629 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
   3630 	htcaps->a_mpdu_params &= ~0x3;
   3631 	htcaps->a_mpdu_params |= factor & 0x3;
   3632 
   3633 	return 0;
   3634 }
   3635 
   3636 
   3637 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
   3638 				 struct ieee80211_ht_capabilities *htcaps,
   3639 				 struct ieee80211_ht_capabilities *htcaps_mask,
   3640 				 int density)
   3641 {
   3642 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
   3643 
   3644 	if (density == -1)
   3645 		return 0;
   3646 
   3647 	if (density < 0 || density > 7) {
   3648 		wpa_msg(wpa_s, MSG_ERROR,
   3649 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
   3650 			density);
   3651 		return -EINVAL;
   3652 	}
   3653 
   3654 	htcaps_mask->a_mpdu_params |= 0x1C;
   3655 	htcaps->a_mpdu_params &= ~(0x1C);
   3656 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
   3657 
   3658 	return 0;
   3659 }
   3660 
   3661 
   3662 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
   3663 				struct ieee80211_ht_capabilities *htcaps,
   3664 				struct ieee80211_ht_capabilities *htcaps_mask,
   3665 				int disabled)
   3666 {
   3667 	/* Masking these out disables HT40 */
   3668 	le16 msk = host_to_le16(HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET |
   3669 				HT_CAP_INFO_SHORT_GI40MHZ);
   3670 
   3671 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
   3672 
   3673 	if (disabled)
   3674 		htcaps->ht_capabilities_info &= ~msk;
   3675 	else
   3676 		htcaps->ht_capabilities_info |= msk;
   3677 
   3678 	htcaps_mask->ht_capabilities_info |= msk;
   3679 
   3680 	return 0;
   3681 }
   3682 
   3683 
   3684 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
   3685 			       struct ieee80211_ht_capabilities *htcaps,
   3686 			       struct ieee80211_ht_capabilities *htcaps_mask,
   3687 			       int disabled)
   3688 {
   3689 	/* Masking these out disables SGI */
   3690 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
   3691 				HT_CAP_INFO_SHORT_GI40MHZ);
   3692 
   3693 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
   3694 
   3695 	if (disabled)
   3696 		htcaps->ht_capabilities_info &= ~msk;
   3697 	else
   3698 		htcaps->ht_capabilities_info |= msk;
   3699 
   3700 	htcaps_mask->ht_capabilities_info |= msk;
   3701 
   3702 	return 0;
   3703 }
   3704 
   3705 
   3706 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
   3707 			       struct ieee80211_ht_capabilities *htcaps,
   3708 			       struct ieee80211_ht_capabilities *htcaps_mask,
   3709 			       int disabled)
   3710 {
   3711 	/* Masking these out disables LDPC */
   3712 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
   3713 
   3714 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
   3715 
   3716 	if (disabled)
   3717 		htcaps->ht_capabilities_info &= ~msk;
   3718 	else
   3719 		htcaps->ht_capabilities_info |= msk;
   3720 
   3721 	htcaps_mask->ht_capabilities_info |= msk;
   3722 
   3723 	return 0;
   3724 }
   3725 
   3726 
   3727 void wpa_supplicant_apply_ht_overrides(
   3728 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
   3729 	struct wpa_driver_associate_params *params)
   3730 {
   3731 	struct ieee80211_ht_capabilities *htcaps;
   3732 	struct ieee80211_ht_capabilities *htcaps_mask;
   3733 
   3734 	if (!ssid)
   3735 		return;
   3736 
   3737 	params->disable_ht = ssid->disable_ht;
   3738 	if (!params->htcaps || !params->htcaps_mask)
   3739 		return;
   3740 
   3741 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
   3742 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
   3743 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
   3744 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
   3745 			      ssid->disable_max_amsdu);
   3746 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
   3747 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
   3748 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
   3749 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
   3750 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
   3751 
   3752 	if (ssid->ht40_intolerant) {
   3753 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
   3754 		htcaps->ht_capabilities_info |= bit;
   3755 		htcaps_mask->ht_capabilities_info |= bit;
   3756 	}
   3757 }
   3758 
   3759 #endif /* CONFIG_HT_OVERRIDES */
   3760 
   3761 
   3762 #ifdef CONFIG_VHT_OVERRIDES
   3763 void wpa_supplicant_apply_vht_overrides(
   3764 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
   3765 	struct wpa_driver_associate_params *params)
   3766 {
   3767 	struct ieee80211_vht_capabilities *vhtcaps;
   3768 	struct ieee80211_vht_capabilities *vhtcaps_mask;
   3769 
   3770 	if (!ssid)
   3771 		return;
   3772 
   3773 	params->disable_vht = ssid->disable_vht;
   3774 
   3775 	vhtcaps = (void *) params->vhtcaps;
   3776 	vhtcaps_mask = (void *) params->vhtcaps_mask;
   3777 
   3778 	if (!vhtcaps || !vhtcaps_mask)
   3779 		return;
   3780 
   3781 	vhtcaps->vht_capabilities_info = ssid->vht_capa;
   3782 	vhtcaps_mask->vht_capabilities_info = ssid->vht_capa_mask;
   3783 
   3784 #ifdef CONFIG_HT_OVERRIDES
   3785 	/* if max ampdu is <= 3, we have to make the HT cap the same */
   3786 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
   3787 		int max_ampdu;
   3788 
   3789 		max_ampdu = (ssid->vht_capa &
   3790 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
   3791 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
   3792 
   3793 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
   3794 		wpa_set_ampdu_factor(wpa_s,
   3795 				     (void *) params->htcaps,
   3796 				     (void *) params->htcaps_mask,
   3797 				     max_ampdu);
   3798 	}
   3799 #endif /* CONFIG_HT_OVERRIDES */
   3800 
   3801 #define OVERRIDE_MCS(i)							\
   3802 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
   3803 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
   3804 			3 << 2 * (i - 1);				\
   3805 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
   3806 			ssid->vht_tx_mcs_nss_ ##i << 2 * (i - 1);	\
   3807 	}								\
   3808 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
   3809 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
   3810 			3 << 2 * (i - 1);				\
   3811 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
   3812 			ssid->vht_rx_mcs_nss_ ##i << 2 * (i - 1);	\
   3813 	}
   3814 
   3815 	OVERRIDE_MCS(1);
   3816 	OVERRIDE_MCS(2);
   3817 	OVERRIDE_MCS(3);
   3818 	OVERRIDE_MCS(4);
   3819 	OVERRIDE_MCS(5);
   3820 	OVERRIDE_MCS(6);
   3821 	OVERRIDE_MCS(7);
   3822 	OVERRIDE_MCS(8);
   3823 }
   3824 #endif /* CONFIG_VHT_OVERRIDES */
   3825 
   3826 
   3827 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
   3828 {
   3829 #ifdef PCSC_FUNCS
   3830 	size_t len;
   3831 
   3832 	if (!wpa_s->conf->pcsc_reader)
   3833 		return 0;
   3834 
   3835 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
   3836 	if (!wpa_s->scard)
   3837 		return 1;
   3838 
   3839 	if (wpa_s->conf->pcsc_pin &&
   3840 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
   3841 		scard_deinit(wpa_s->scard);
   3842 		wpa_s->scard = NULL;
   3843 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
   3844 		return -1;
   3845 	}
   3846 
   3847 	len = sizeof(wpa_s->imsi) - 1;
   3848 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
   3849 		scard_deinit(wpa_s->scard);
   3850 		wpa_s->scard = NULL;
   3851 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
   3852 		return -1;
   3853 	}
   3854 	wpa_s->imsi[len] = '\0';
   3855 
   3856 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
   3857 
   3858 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
   3859 		   wpa_s->imsi, wpa_s->mnc_len);
   3860 
   3861 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
   3862 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
   3863 #endif /* PCSC_FUNCS */
   3864 
   3865 	return 0;
   3866 }
   3867 
   3868 
   3869 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
   3870 {
   3871 	char *val, *pos;
   3872 
   3873 	ext_password_deinit(wpa_s->ext_pw);
   3874 	wpa_s->ext_pw = NULL;
   3875 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
   3876 
   3877 	if (!wpa_s->conf->ext_password_backend)
   3878 		return 0;
   3879 
   3880 	val = os_strdup(wpa_s->conf->ext_password_backend);
   3881 	if (val == NULL)
   3882 		return -1;
   3883 	pos = os_strchr(val, ':');
   3884 	if (pos)
   3885 		*pos++ = '\0';
   3886 
   3887 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
   3888 
   3889 	wpa_s->ext_pw = ext_password_init(val, pos);
   3890 	os_free(val);
   3891 	if (wpa_s->ext_pw == NULL) {
   3892 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
   3893 		return -1;
   3894 	}
   3895 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
   3896 
   3897 	return 0;
   3898 }
   3899 
   3900 
   3901 #ifdef CONFIG_FST
   3902 
   3903 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
   3904 {
   3905 	struct wpa_supplicant *wpa_s = ctx;
   3906 
   3907 	return (is_zero_ether_addr(wpa_s->bssid) ||
   3908 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
   3909 }
   3910 
   3911 
   3912 static void wpas_fst_get_channel_info_cb(void *ctx,
   3913 					 enum hostapd_hw_mode *hw_mode,
   3914 					 u8 *channel)
   3915 {
   3916 	struct wpa_supplicant *wpa_s = ctx;
   3917 
   3918 	if (wpa_s->current_bss) {
   3919 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
   3920 						  channel);
   3921 	} else if (wpa_s->hw.num_modes) {
   3922 		*hw_mode = wpa_s->hw.modes[0].mode;
   3923 	} else {
   3924 		WPA_ASSERT(0);
   3925 		*hw_mode = 0;
   3926 	}
   3927 }
   3928 
   3929 
   3930 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
   3931 {
   3932 	struct wpa_supplicant *wpa_s = ctx;
   3933 
   3934 	*modes = wpa_s->hw.modes;
   3935 	return wpa_s->hw.num_modes;
   3936 }
   3937 
   3938 
   3939 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
   3940 {
   3941 	struct wpa_supplicant *wpa_s = ctx;
   3942 
   3943 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
   3944 	wpa_s->fst_ies = fst_ies;
   3945 }
   3946 
   3947 
   3948 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
   3949 {
   3950 	struct wpa_supplicant *wpa_s = ctx;
   3951 
   3952 	WPA_ASSERT(os_memcmp(wpa_s->bssid, da, ETH_ALEN) == 0);
   3953 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
   3954 					  wpa_s->own_addr, wpa_s->bssid,
   3955 					  wpabuf_head(data), wpabuf_len(data),
   3956 				   0);
   3957 }
   3958 
   3959 
   3960 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
   3961 {
   3962 	struct wpa_supplicant *wpa_s = ctx;
   3963 
   3964 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
   3965 	return wpa_s->received_mb_ies;
   3966 }
   3967 
   3968 
   3969 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
   3970 				     const u8 *buf, size_t size)
   3971 {
   3972 	struct wpa_supplicant *wpa_s = ctx;
   3973 	struct mb_ies_info info;
   3974 
   3975 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
   3976 
   3977 	if (!mb_ies_info_by_ies(&info, buf, size)) {
   3978 		wpabuf_free(wpa_s->received_mb_ies);
   3979 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
   3980 	}
   3981 }
   3982 
   3983 
   3984 const u8 * wpas_fst_get_peer_first(void *ctx, struct fst_get_peer_ctx **get_ctx,
   3985 				   Boolean mb_only)
   3986 {
   3987 	struct wpa_supplicant *wpa_s = ctx;
   3988 
   3989 	*get_ctx = NULL;
   3990 	if (!is_zero_ether_addr(wpa_s->bssid))
   3991 		return (wpa_s->received_mb_ies || !mb_only) ?
   3992 			wpa_s->bssid : NULL;
   3993 	return NULL;
   3994 }
   3995 
   3996 
   3997 const u8 * wpas_fst_get_peer_next(void *ctx, struct fst_get_peer_ctx **get_ctx,
   3998 				  Boolean mb_only)
   3999 {
   4000 	return NULL;
   4001 }
   4002 
   4003 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
   4004 				       struct fst_wpa_obj *iface_obj)
   4005 {
   4006 	iface_obj->ctx              = wpa_s;
   4007 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
   4008 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
   4009 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
   4010 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
   4011 	iface_obj->send_action      = wpas_fst_send_action_cb;
   4012 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
   4013 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
   4014 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
   4015 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
   4016 }
   4017 #endif /* CONFIG_FST */
   4018 
   4019 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
   4020 				    const struct wpa_driver_capa *capa)
   4021 {
   4022 	struct wowlan_triggers *triggers;
   4023 	int ret = 0;
   4024 
   4025 	if (!wpa_s->conf->wowlan_triggers)
   4026 		return 0;
   4027 
   4028 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
   4029 	if (triggers) {
   4030 		ret = wpa_drv_wowlan(wpa_s, triggers);
   4031 		os_free(triggers);
   4032 	}
   4033 	return ret;
   4034 }
   4035 
   4036 
   4037 enum wpa_radio_work_band wpas_freq_to_band(int freq)
   4038 {
   4039 	if (freq < 3000)
   4040 		return BAND_2_4_GHZ;
   4041 	if (freq > 50000)
   4042 		return BAND_60_GHZ;
   4043 	return BAND_5_GHZ;
   4044 }
   4045 
   4046 
   4047 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
   4048 {
   4049 	int i;
   4050 	unsigned int band = 0;
   4051 
   4052 	if (freqs) {
   4053 		/* freqs are specified for the radio work */
   4054 		for (i = 0; freqs[i]; i++)
   4055 			band |= wpas_freq_to_band(freqs[i]);
   4056 	} else {
   4057 		/*
   4058 		 * freqs are not specified, implies all
   4059 		 * the supported freqs by HW
   4060 		 */
   4061 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
   4062 			if (wpa_s->hw.modes[i].num_channels != 0) {
   4063 				if (wpa_s->hw.modes[i].mode ==
   4064 				    HOSTAPD_MODE_IEEE80211B ||
   4065 				    wpa_s->hw.modes[i].mode ==
   4066 				    HOSTAPD_MODE_IEEE80211G)
   4067 					band |= BAND_2_4_GHZ;
   4068 				else if (wpa_s->hw.modes[i].mode ==
   4069 					 HOSTAPD_MODE_IEEE80211A)
   4070 					band |= BAND_5_GHZ;
   4071 				else if (wpa_s->hw.modes[i].mode ==
   4072 					 HOSTAPD_MODE_IEEE80211AD)
   4073 					band |= BAND_60_GHZ;
   4074 				else if (wpa_s->hw.modes[i].mode ==
   4075 					 HOSTAPD_MODE_IEEE80211ANY)
   4076 					band = BAND_2_4_GHZ | BAND_5_GHZ |
   4077 						BAND_60_GHZ;
   4078 			}
   4079 		}
   4080 	}
   4081 
   4082 	return band;
   4083 }
   4084 
   4085 
   4086 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
   4087 					      const char *rn)
   4088 {
   4089 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
   4090 	struct wpa_radio *radio;
   4091 
   4092 	while (rn && iface) {
   4093 		radio = iface->radio;
   4094 		if (radio && os_strcmp(rn, radio->name) == 0) {
   4095 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
   4096 				   wpa_s->ifname, rn);
   4097 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
   4098 			return radio;
   4099 		}
   4100 
   4101 		iface = iface->next;
   4102 	}
   4103 
   4104 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
   4105 		   wpa_s->ifname, rn ? rn : "N/A");
   4106 	radio = os_zalloc(sizeof(*radio));
   4107 	if (radio == NULL)
   4108 		return NULL;
   4109 
   4110 	if (rn)
   4111 		os_strlcpy(radio->name, rn, sizeof(radio->name));
   4112 	dl_list_init(&radio->ifaces);
   4113 	dl_list_init(&radio->work);
   4114 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
   4115 
   4116 	return radio;
   4117 }
   4118 
   4119 
   4120 static void radio_work_free(struct wpa_radio_work *work)
   4121 {
   4122 	if (work->wpa_s->scan_work == work) {
   4123 		/* This should not really happen. */
   4124 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
   4125 			work->type, work, work->started);
   4126 		work->wpa_s->scan_work = NULL;
   4127 	}
   4128 
   4129 #ifdef CONFIG_P2P
   4130 	if (work->wpa_s->p2p_scan_work == work) {
   4131 		/* This should not really happen. */
   4132 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
   4133 			work->type, work, work->started);
   4134 		work->wpa_s->p2p_scan_work = NULL;
   4135 	}
   4136 #endif /* CONFIG_P2P */
   4137 
   4138 	if (work->started) {
   4139 		work->wpa_s->radio->num_active_works--;
   4140 		wpa_dbg(work->wpa_s, MSG_DEBUG,
   4141 			"radio_work_free('%s'@%p: num_active_works --> %u",
   4142 			work->type, work,
   4143 			work->wpa_s->radio->num_active_works);
   4144 	}
   4145 
   4146 	dl_list_del(&work->list);
   4147 	os_free(work);
   4148 }
   4149 
   4150 
   4151 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
   4152 {
   4153 	struct wpa_radio_work *active_work = NULL;
   4154 	struct wpa_radio_work *tmp;
   4155 
   4156 	/* Get the active work to know the type and band. */
   4157 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
   4158 		if (tmp->started) {
   4159 			active_work = tmp;
   4160 			break;
   4161 		}
   4162 	}
   4163 
   4164 	if (!active_work) {
   4165 		/* No active work, start one */
   4166 		radio->num_active_works = 0;
   4167 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
   4168 				 list) {
   4169 			if (os_strcmp(tmp->type, "scan") == 0 &&
   4170 			    radio->external_scan_running &&
   4171 			    (((struct wpa_driver_scan_params *)
   4172 			      tmp->ctx)->only_new_results ||
   4173 			     tmp->wpa_s->clear_driver_scan_cache))
   4174 				continue;
   4175 			return tmp;
   4176 		}
   4177 		return NULL;
   4178 	}
   4179 
   4180 	if (os_strcmp(active_work->type, "sme-connect") == 0 ||
   4181 	    os_strcmp(active_work->type, "connect") == 0) {
   4182 		/*
   4183 		 * If the active work is either connect or sme-connect,
   4184 		 * do not parallelize them with other radio works.
   4185 		 */
   4186 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
   4187 			"Do not parallelize radio work with %s",
   4188 			active_work->type);
   4189 		return NULL;
   4190 	}
   4191 
   4192 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
   4193 		if (tmp->started)
   4194 			continue;
   4195 
   4196 		/*
   4197 		 * If connect or sme-connect are enqueued, parallelize only
   4198 		 * those operations ahead of them in the queue.
   4199 		 */
   4200 		if (os_strcmp(tmp->type, "connect") == 0 ||
   4201 		    os_strcmp(tmp->type, "sme-connect") == 0)
   4202 			break;
   4203 
   4204 		/*
   4205 		 * Check that the radio works are distinct and
   4206 		 * on different bands.
   4207 		 */
   4208 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
   4209 		    (active_work->bands != tmp->bands)) {
   4210 			/*
   4211 			 * If a scan has to be scheduled through nl80211 scan
   4212 			 * interface and if an external scan is already running,
   4213 			 * do not schedule the scan since it is likely to get
   4214 			 * rejected by kernel.
   4215 			 */
   4216 			if (os_strcmp(tmp->type, "scan") == 0 &&
   4217 			    radio->external_scan_running &&
   4218 			    (((struct wpa_driver_scan_params *)
   4219 			      tmp->ctx)->only_new_results ||
   4220 			     tmp->wpa_s->clear_driver_scan_cache))
   4221 				continue;
   4222 
   4223 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
   4224 				"active_work:%s new_work:%s",
   4225 				active_work->type, tmp->type);
   4226 			return tmp;
   4227 		}
   4228 	}
   4229 
   4230 	/* Did not find a radio work to schedule in parallel. */
   4231 	return NULL;
   4232 }
   4233 
   4234 
   4235 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
   4236 {
   4237 	struct wpa_radio *radio = eloop_ctx;
   4238 	struct wpa_radio_work *work;
   4239 	struct os_reltime now, diff;
   4240 	struct wpa_supplicant *wpa_s;
   4241 
   4242 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
   4243 	if (work == NULL) {
   4244 		radio->num_active_works = 0;
   4245 		return;
   4246 	}
   4247 
   4248 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
   4249 			      radio_list);
   4250 
   4251 	if (!(wpa_s &&
   4252 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
   4253 		if (work->started)
   4254 			return; /* already started and still in progress */
   4255 
   4256 		if (wpa_s && wpa_s->radio->external_scan_running) {
   4257 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
   4258 			return;
   4259 		}
   4260 	} else {
   4261 		work = NULL;
   4262 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
   4263 			/* get the work to schedule next */
   4264 			work = radio_work_get_next_work(radio);
   4265 		}
   4266 		if (!work)
   4267 			return;
   4268 	}
   4269 
   4270 	wpa_s = work->wpa_s;
   4271 	os_get_reltime(&now);
   4272 	os_reltime_sub(&now, &work->time, &diff);
   4273 	wpa_dbg(wpa_s, MSG_DEBUG,
   4274 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
   4275 		work->type, work, diff.sec, diff.usec);
   4276 	work->started = 1;
   4277 	work->time = now;
   4278 	radio->num_active_works++;
   4279 
   4280 	work->cb(work, 0);
   4281 
   4282 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
   4283 	    radio->num_active_works < MAX_ACTIVE_WORKS)
   4284 		radio_work_check_next(wpa_s);
   4285 }
   4286 
   4287 
   4288 /*
   4289  * This function removes both started and pending radio works running on
   4290  * the provided interface's radio.
   4291  * Prior to the removal of the radio work, its callback (cb) is called with
   4292  * deinit set to be 1. Each work's callback is responsible for clearing its
   4293  * internal data and restoring to a correct state.
   4294  * @wpa_s: wpa_supplicant data
   4295  * @type: type of works to be removed
   4296  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
   4297  * this interface's works.
   4298  */
   4299 void radio_remove_works(struct wpa_supplicant *wpa_s,
   4300 			const char *type, int remove_all)
   4301 {
   4302 	struct wpa_radio_work *work, *tmp;
   4303 	struct wpa_radio *radio = wpa_s->radio;
   4304 
   4305 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
   4306 			      list) {
   4307 		if (type && os_strcmp(type, work->type) != 0)
   4308 			continue;
   4309 
   4310 		/* skip other ifaces' works */
   4311 		if (!remove_all && work->wpa_s != wpa_s)
   4312 			continue;
   4313 
   4314 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
   4315 			work->type, work, work->started ? " (started)" : "");
   4316 		work->cb(work, 1);
   4317 		radio_work_free(work);
   4318 	}
   4319 
   4320 	/* in case we removed the started work */
   4321 	radio_work_check_next(wpa_s);
   4322 }
   4323 
   4324 
   4325 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
   4326 {
   4327 	struct wpa_radio *radio = wpa_s->radio;
   4328 
   4329 	if (!radio)
   4330 		return;
   4331 
   4332 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
   4333 		   wpa_s->ifname, radio->name);
   4334 	dl_list_del(&wpa_s->radio_list);
   4335 	radio_remove_works(wpa_s, NULL, 0);
   4336 	wpa_s->radio = NULL;
   4337 	if (!dl_list_empty(&radio->ifaces))
   4338 		return; /* Interfaces remain for this radio */
   4339 
   4340 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
   4341 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
   4342 	os_free(radio);
   4343 }
   4344 
   4345 
   4346 void radio_work_check_next(struct wpa_supplicant *wpa_s)
   4347 {
   4348 	struct wpa_radio *radio = wpa_s->radio;
   4349 
   4350 	if (dl_list_empty(&radio->work))
   4351 		return;
   4352 	if (wpa_s->ext_work_in_progress) {
   4353 		wpa_printf(MSG_DEBUG,
   4354 			   "External radio work in progress - delay start of pending item");
   4355 		return;
   4356 	}
   4357 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
   4358 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
   4359 }
   4360 
   4361 
   4362 /**
   4363  * radio_add_work - Add a radio work item
   4364  * @wpa_s: Pointer to wpa_supplicant data
   4365  * @freq: Frequency of the offchannel operation in MHz or 0
   4366  * @type: Unique identifier for each type of work
   4367  * @next: Force as the next work to be executed
   4368  * @cb: Callback function for indicating when radio is available
   4369  * @ctx: Context pointer for the work (work->ctx in cb())
   4370  * Returns: 0 on success, -1 on failure
   4371  *
   4372  * This function is used to request time for an operation that requires
   4373  * exclusive radio control. Once the radio is available, the registered callback
   4374  * function will be called. radio_work_done() must be called once the exclusive
   4375  * radio operation has been completed, so that the radio is freed for other
   4376  * operations. The special case of deinit=1 is used to free the context data
   4377  * during interface removal. That does not allow the callback function to start
   4378  * the radio operation, i.e., it must free any resources allocated for the radio
   4379  * work and return.
   4380  *
   4381  * The @freq parameter can be used to indicate a single channel on which the
   4382  * offchannel operation will occur. This may allow multiple radio work
   4383  * operations to be performed in parallel if they apply for the same channel.
   4384  * Setting this to 0 indicates that the work item may use multiple channels or
   4385  * requires exclusive control of the radio.
   4386  */
   4387 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
   4388 		   const char *type, int next,
   4389 		   void (*cb)(struct wpa_radio_work *work, int deinit),
   4390 		   void *ctx)
   4391 {
   4392 	struct wpa_radio *radio = wpa_s->radio;
   4393 	struct wpa_radio_work *work;
   4394 	int was_empty;
   4395 
   4396 	work = os_zalloc(sizeof(*work));
   4397 	if (work == NULL)
   4398 		return -1;
   4399 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
   4400 	os_get_reltime(&work->time);
   4401 	work->freq = freq;
   4402 	work->type = type;
   4403 	work->wpa_s = wpa_s;
   4404 	work->cb = cb;
   4405 	work->ctx = ctx;
   4406 
   4407 	if (freq)
   4408 		work->bands = wpas_freq_to_band(freq);
   4409 	else if (os_strcmp(type, "scan") == 0 ||
   4410 		 os_strcmp(type, "p2p-scan") == 0)
   4411 		work->bands = wpas_get_bands(wpa_s,
   4412 					     ((struct wpa_driver_scan_params *)
   4413 					      ctx)->freqs);
   4414 	else
   4415 		work->bands = wpas_get_bands(wpa_s, NULL);
   4416 
   4417 	was_empty = dl_list_empty(&wpa_s->radio->work);
   4418 	if (next)
   4419 		dl_list_add(&wpa_s->radio->work, &work->list);
   4420 	else
   4421 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
   4422 	if (was_empty) {
   4423 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
   4424 		radio_work_check_next(wpa_s);
   4425 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
   4426 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
   4427 		wpa_dbg(wpa_s, MSG_DEBUG,
   4428 			"Try to schedule a radio work (num_active_works=%u)",
   4429 			radio->num_active_works);
   4430 		radio_work_check_next(wpa_s);
   4431 	}
   4432 
   4433 	return 0;
   4434 }
   4435 
   4436 
   4437 /**
   4438  * radio_work_done - Indicate that a radio work item has been completed
   4439  * @work: Completed work
   4440  *
   4441  * This function is called once the callback function registered with
   4442  * radio_add_work() has completed its work.
   4443  */
   4444 void radio_work_done(struct wpa_radio_work *work)
   4445 {
   4446 	struct wpa_supplicant *wpa_s = work->wpa_s;
   4447 	struct os_reltime now, diff;
   4448 	unsigned int started = work->started;
   4449 
   4450 	os_get_reltime(&now);
   4451 	os_reltime_sub(&now, &work->time, &diff);
   4452 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
   4453 		work->type, work, started ? "done" : "canceled",
   4454 		diff.sec, diff.usec);
   4455 	radio_work_free(work);
   4456 	if (started)
   4457 		radio_work_check_next(wpa_s);
   4458 }
   4459 
   4460 
   4461 struct wpa_radio_work *
   4462 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
   4463 {
   4464 	struct wpa_radio_work *work;
   4465 	struct wpa_radio *radio = wpa_s->radio;
   4466 
   4467 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
   4468 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
   4469 			return work;
   4470 	}
   4471 
   4472 	return NULL;
   4473 }
   4474 
   4475 
   4476 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
   4477 			    struct wpa_interface *iface)
   4478 {
   4479 	const char *ifname, *driver, *rn;
   4480 
   4481 	driver = iface->driver;
   4482 next_driver:
   4483 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
   4484 		return -1;
   4485 
   4486 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
   4487 	if (wpa_s->drv_priv == NULL) {
   4488 		const char *pos;
   4489 		pos = driver ? os_strchr(driver, ',') : NULL;
   4490 		if (pos) {
   4491 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
   4492 				"driver interface - try next driver wrapper");
   4493 			driver = pos + 1;
   4494 			goto next_driver;
   4495 		}
   4496 		wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
   4497 			"interface");
   4498 		return -1;
   4499 	}
   4500 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
   4501 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
   4502 			"driver_param '%s'", wpa_s->conf->driver_param);
   4503 		return -1;
   4504 	}
   4505 
   4506 	ifname = wpa_drv_get_ifname(wpa_s);
   4507 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
   4508 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
   4509 			"interface name with '%s'", ifname);
   4510 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
   4511 	}
   4512 
   4513 	rn = wpa_driver_get_radio_name(wpa_s);
   4514 	if (rn && rn[0] == '\0')
   4515 		rn = NULL;
   4516 
   4517 	wpa_s->radio = radio_add_interface(wpa_s, rn);
   4518 	if (wpa_s->radio == NULL)
   4519 		return -1;
   4520 
   4521 	return 0;
   4522 }
   4523 
   4524 
   4525 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
   4526 				     struct wpa_interface *iface)
   4527 {
   4528 	struct wpa_driver_capa capa;
   4529 	int capa_res;
   4530 
   4531 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
   4532 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
   4533 		   iface->confname ? iface->confname : "N/A",
   4534 		   iface->driver ? iface->driver : "default",
   4535 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
   4536 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
   4537 
   4538 	if (iface->confname) {
   4539 #ifdef CONFIG_BACKEND_FILE
   4540 		wpa_s->confname = os_rel2abs_path(iface->confname);
   4541 		if (wpa_s->confname == NULL) {
   4542 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
   4543 				   "for configuration file '%s'.",
   4544 				   iface->confname);
   4545 			return -1;
   4546 		}
   4547 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
   4548 			   iface->confname, wpa_s->confname);
   4549 #else /* CONFIG_BACKEND_FILE */
   4550 		wpa_s->confname = os_strdup(iface->confname);
   4551 #endif /* CONFIG_BACKEND_FILE */
   4552 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
   4553 		if (wpa_s->conf == NULL) {
   4554 			wpa_printf(MSG_ERROR, "Failed to read or parse "
   4555 				   "configuration '%s'.", wpa_s->confname);
   4556 			return -1;
   4557 		}
   4558 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
   4559 		wpa_config_read(wpa_s->confanother, wpa_s->conf);
   4560 
   4561 		/*
   4562 		 * Override ctrl_interface and driver_param if set on command
   4563 		 * line.
   4564 		 */
   4565 		if (iface->ctrl_interface) {
   4566 			os_free(wpa_s->conf->ctrl_interface);
   4567 			wpa_s->conf->ctrl_interface =
   4568 				os_strdup(iface->ctrl_interface);
   4569 		}
   4570 
   4571 		if (iface->driver_param) {
   4572 			os_free(wpa_s->conf->driver_param);
   4573 			wpa_s->conf->driver_param =
   4574 				os_strdup(iface->driver_param);
   4575 		}
   4576 
   4577 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
   4578 			os_free(wpa_s->conf->ctrl_interface);
   4579 			wpa_s->conf->ctrl_interface = NULL;
   4580 		}
   4581 	} else
   4582 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
   4583 						     iface->driver_param);
   4584 
   4585 	if (wpa_s->conf == NULL) {
   4586 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
   4587 		return -1;
   4588 	}
   4589 
   4590 	if (iface->ifname == NULL) {
   4591 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
   4592 		return -1;
   4593 	}
   4594 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
   4595 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
   4596 			   iface->ifname);
   4597 		return -1;
   4598 	}
   4599 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
   4600 
   4601 	if (iface->bridge_ifname) {
   4602 		if (os_strlen(iface->bridge_ifname) >=
   4603 		    sizeof(wpa_s->bridge_ifname)) {
   4604 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
   4605 				   "name '%s'.", iface->bridge_ifname);
   4606 			return -1;
   4607 		}
   4608 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
   4609 			   sizeof(wpa_s->bridge_ifname));
   4610 	}
   4611 
   4612 	/* RSNA Supplicant Key Management - INITIALIZE */
   4613 	eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
   4614 	eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
   4615 
   4616 	/* Initialize driver interface and register driver event handler before
   4617 	 * L2 receive handler so that association events are processed before
   4618 	 * EAPOL-Key packets if both become available for the same select()
   4619 	 * call. */
   4620 	if (wpas_init_driver(wpa_s, iface) < 0)
   4621 		return -1;
   4622 
   4623 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
   4624 		return -1;
   4625 
   4626 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
   4627 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
   4628 			  NULL);
   4629 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
   4630 
   4631 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
   4632 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
   4633 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
   4634 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   4635 			"dot11RSNAConfigPMKLifetime");
   4636 		return -1;
   4637 	}
   4638 
   4639 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
   4640 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
   4641 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
   4642 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   4643 			"dot11RSNAConfigPMKReauthThreshold");
   4644 		return -1;
   4645 	}
   4646 
   4647 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
   4648 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
   4649 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
   4650 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
   4651 			"dot11RSNAConfigSATimeout");
   4652 		return -1;
   4653 	}
   4654 
   4655 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
   4656 						      &wpa_s->hw.num_modes,
   4657 						      &wpa_s->hw.flags);
   4658 	if (wpa_s->hw.modes) {
   4659 		u16 i;
   4660 
   4661 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
   4662 			if (wpa_s->hw.modes[i].vht_capab) {
   4663 				wpa_s->hw_capab = CAPAB_VHT;
   4664 				break;
   4665 			}
   4666 
   4667 			if (wpa_s->hw.modes[i].ht_capab &
   4668 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
   4669 				wpa_s->hw_capab = CAPAB_HT40;
   4670 			else if (wpa_s->hw.modes[i].ht_capab &&
   4671 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
   4672 				wpa_s->hw_capab = CAPAB_HT;
   4673 		}
   4674 	}
   4675 
   4676 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
   4677 	if (capa_res == 0) {
   4678 		wpa_s->drv_capa_known = 1;
   4679 		wpa_s->drv_flags = capa.flags;
   4680 		wpa_s->drv_enc = capa.enc;
   4681 		wpa_s->drv_smps_modes = capa.smps_modes;
   4682 		wpa_s->drv_rrm_flags = capa.rrm_flags;
   4683 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
   4684 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
   4685 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
   4686 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
   4687 		wpa_s->max_sched_scan_plan_interval =
   4688 			capa.max_sched_scan_plan_interval;
   4689 		wpa_s->max_sched_scan_plan_iterations =
   4690 			capa.max_sched_scan_plan_iterations;
   4691 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
   4692 		wpa_s->max_match_sets = capa.max_match_sets;
   4693 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
   4694 		wpa_s->max_stations = capa.max_stations;
   4695 		wpa_s->extended_capa = capa.extended_capa;
   4696 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
   4697 		wpa_s->extended_capa_len = capa.extended_capa_len;
   4698 		wpa_s->num_multichan_concurrent =
   4699 			capa.num_multichan_concurrent;
   4700 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
   4701 
   4702 		if (capa.mac_addr_rand_scan_supported)
   4703 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
   4704 		if (wpa_s->sched_scan_supported &&
   4705 		    capa.mac_addr_rand_sched_scan_supported)
   4706 			wpa_s->mac_addr_rand_supported |=
   4707 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
   4708 	}
   4709 	if (wpa_s->max_remain_on_chan == 0)
   4710 		wpa_s->max_remain_on_chan = 1000;
   4711 
   4712 	/*
   4713 	 * Only take p2p_mgmt parameters when P2P Device is supported.
   4714 	 * Doing it here as it determines whether l2_packet_init() will be done
   4715 	 * during wpa_supplicant_driver_init().
   4716 	 */
   4717 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
   4718 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
   4719 	else
   4720 		iface->p2p_mgmt = 1;
   4721 
   4722 	if (wpa_s->num_multichan_concurrent == 0)
   4723 		wpa_s->num_multichan_concurrent = 1;
   4724 
   4725 	if (wpa_supplicant_driver_init(wpa_s) < 0)
   4726 		return -1;
   4727 
   4728 #ifdef CONFIG_TDLS
   4729 	if ((!iface->p2p_mgmt ||
   4730 	     !(wpa_s->drv_flags &
   4731 	       WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
   4732 	    wpa_tdls_init(wpa_s->wpa))
   4733 		return -1;
   4734 #endif /* CONFIG_TDLS */
   4735 
   4736 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
   4737 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
   4738 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
   4739 		return -1;
   4740 	}
   4741 
   4742 #ifdef CONFIG_FST
   4743 	if (wpa_s->conf->fst_group_id) {
   4744 		struct fst_iface_cfg cfg;
   4745 		struct fst_wpa_obj iface_obj;
   4746 
   4747 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
   4748 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
   4749 			   sizeof(cfg.group_id));
   4750 		cfg.priority = wpa_s->conf->fst_priority;
   4751 		cfg.llt = wpa_s->conf->fst_llt;
   4752 
   4753 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
   4754 					&iface_obj, &cfg);
   4755 		if (!wpa_s->fst) {
   4756 			wpa_msg(wpa_s, MSG_ERROR,
   4757 				"FST: Cannot attach iface %s to group %s",
   4758 				wpa_s->ifname, cfg.group_id);
   4759 			return -1;
   4760 		}
   4761 	}
   4762 #endif /* CONFIG_FST */
   4763 
   4764 	if (wpas_wps_init(wpa_s))
   4765 		return -1;
   4766 
   4767 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
   4768 		return -1;
   4769 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
   4770 
   4771 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
   4772 	if (wpa_s->ctrl_iface == NULL) {
   4773 		wpa_printf(MSG_ERROR,
   4774 			   "Failed to initialize control interface '%s'.\n"
   4775 			   "You may have another wpa_supplicant process "
   4776 			   "already running or the file was\n"
   4777 			   "left by an unclean termination of wpa_supplicant "
   4778 			   "in which case you will need\n"
   4779 			   "to manually remove this file before starting "
   4780 			   "wpa_supplicant again.\n",
   4781 			   wpa_s->conf->ctrl_interface);
   4782 		return -1;
   4783 	}
   4784 
   4785 	wpa_s->gas = gas_query_init(wpa_s);
   4786 	if (wpa_s->gas == NULL) {
   4787 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
   4788 		return -1;
   4789 	}
   4790 
   4791 	if (iface->p2p_mgmt && wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
   4792 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
   4793 		return -1;
   4794 	}
   4795 
   4796 	if (wpa_bss_init(wpa_s) < 0)
   4797 		return -1;
   4798 
   4799 	/*
   4800 	 * Set Wake-on-WLAN triggers, if configured.
   4801 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
   4802 	 * have effect anyway when the interface is down).
   4803 	 */
   4804 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
   4805 		return -1;
   4806 
   4807 #ifdef CONFIG_EAP_PROXY
   4808 {
   4809 	size_t len;
   4810 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, wpa_s->imsi,
   4811 						     &len);
   4812 	if (wpa_s->mnc_len > 0) {
   4813 		wpa_s->imsi[len] = '\0';
   4814 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
   4815 			   wpa_s->imsi, wpa_s->mnc_len);
   4816 	} else {
   4817 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
   4818 	}
   4819 }
   4820 #endif /* CONFIG_EAP_PROXY */
   4821 
   4822 	if (pcsc_reader_init(wpa_s) < 0)
   4823 		return -1;
   4824 
   4825 	if (wpas_init_ext_pw(wpa_s) < 0)
   4826 		return -1;
   4827 
   4828 	wpas_rrm_reset(wpa_s);
   4829 
   4830 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
   4831 
   4832 #ifdef CONFIG_HS20
   4833 	hs20_init(wpa_s);
   4834 #endif /* CONFIG_HS20 */
   4835 #ifdef CONFIG_MBO
   4836 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
   4837 #endif /* CONFIG_MBO */
   4838 
   4839 	return 0;
   4840 }
   4841 
   4842 
   4843 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
   4844 					int notify, int terminate)
   4845 {
   4846 	struct wpa_global *global = wpa_s->global;
   4847 	struct wpa_supplicant *iface, *prev;
   4848 
   4849 	if (wpa_s == wpa_s->parent)
   4850 		wpas_p2p_group_remove(wpa_s, "*");
   4851 
   4852 	iface = global->ifaces;
   4853 	while (iface) {
   4854 		if (iface->p2pdev == wpa_s)
   4855 			iface->p2pdev = iface->parent;
   4856 		if (iface == wpa_s || iface->parent != wpa_s) {
   4857 			iface = iface->next;
   4858 			continue;
   4859 		}
   4860 		wpa_printf(MSG_DEBUG,
   4861 			   "Remove remaining child interface %s from parent %s",
   4862 			   iface->ifname, wpa_s->ifname);
   4863 		prev = iface;
   4864 		iface = iface->next;
   4865 		wpa_supplicant_remove_iface(global, prev, terminate);
   4866 	}
   4867 
   4868 	wpa_s->disconnected = 1;
   4869 	if (wpa_s->drv_priv) {
   4870 		wpa_supplicant_deauthenticate(wpa_s,
   4871 					      WLAN_REASON_DEAUTH_LEAVING);
   4872 
   4873 		wpa_drv_set_countermeasures(wpa_s, 0);
   4874 		wpa_clear_keys(wpa_s, NULL);
   4875 	}
   4876 
   4877 	wpa_supplicant_cleanup(wpa_s);
   4878 	wpas_p2p_deinit_iface(wpa_s);
   4879 
   4880 	wpas_ctrl_radio_work_flush(wpa_s);
   4881 	radio_remove_interface(wpa_s);
   4882 
   4883 #ifdef CONFIG_FST
   4884 	if (wpa_s->fst) {
   4885 		fst_detach(wpa_s->fst);
   4886 		wpa_s->fst = NULL;
   4887 	}
   4888 	if (wpa_s->received_mb_ies) {
   4889 		wpabuf_free(wpa_s->received_mb_ies);
   4890 		wpa_s->received_mb_ies = NULL;
   4891 	}
   4892 #endif /* CONFIG_FST */
   4893 
   4894 	if (wpa_s->drv_priv)
   4895 		wpa_drv_deinit(wpa_s);
   4896 
   4897 	if (notify)
   4898 		wpas_notify_iface_removed(wpa_s);
   4899 
   4900 	if (terminate)
   4901 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
   4902 
   4903 	if (wpa_s->ctrl_iface) {
   4904 		wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
   4905 		wpa_s->ctrl_iface = NULL;
   4906 	}
   4907 
   4908 #ifdef CONFIG_MESH
   4909 	if (wpa_s->ifmsh) {
   4910 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
   4911 		wpa_s->ifmsh = NULL;
   4912 	}
   4913 #endif /* CONFIG_MESH */
   4914 
   4915 	if (wpa_s->conf != NULL) {
   4916 		wpa_config_free(wpa_s->conf);
   4917 		wpa_s->conf = NULL;
   4918 	}
   4919 
   4920 	os_free(wpa_s->ssids_from_scan_req);
   4921 
   4922 	os_free(wpa_s);
   4923 }
   4924 
   4925 
   4926 #ifdef CONFIG_MATCH_IFACE
   4927 
   4928 /**
   4929  * wpa_supplicant_match_iface - Match an interface description to a name
   4930  * @global: Pointer to global data from wpa_supplicant_init()
   4931  * @ifname: Name of the interface to match
   4932  * Returns: Pointer to the created interface description or %NULL on failure
   4933  */
   4934 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
   4935 						  const char *ifname)
   4936 {
   4937 	int i;
   4938 	struct wpa_interface *iface, *miface;
   4939 
   4940 	for (i = 0; i < global->params.match_iface_count; i++) {
   4941 		miface = &global->params.match_ifaces[i];
   4942 		if (!miface->ifname ||
   4943 		    fnmatch(miface->ifname, ifname, 0) == 0) {
   4944 			iface = os_zalloc(sizeof(*iface));
   4945 			if (!iface)
   4946 				return NULL;
   4947 			*iface = *miface;
   4948 			iface->ifname = ifname;
   4949 			return iface;
   4950 		}
   4951 	}
   4952 
   4953 	return NULL;
   4954 }
   4955 
   4956 
   4957 /**
   4958  * wpa_supplicant_match_existing - Match existing interfaces
   4959  * @global: Pointer to global data from wpa_supplicant_init()
   4960  * Returns: 0 on success, -1 on failure
   4961  */
   4962 static int wpa_supplicant_match_existing(struct wpa_global *global)
   4963 {
   4964 	struct if_nameindex *ifi, *ifp;
   4965 	struct wpa_supplicant *wpa_s;
   4966 	struct wpa_interface *iface;
   4967 
   4968 	ifp = if_nameindex();
   4969 	if (!ifp) {
   4970 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
   4971 		return -1;
   4972 	}
   4973 
   4974 	for (ifi = ifp; ifi->if_name; ifi++) {
   4975 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
   4976 		if (wpa_s)
   4977 			continue;
   4978 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
   4979 		if (iface) {
   4980 			wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
   4981 			os_free(iface);
   4982 			if (wpa_s)
   4983 				wpa_s->matched = 1;
   4984 		}
   4985 	}
   4986 
   4987 	if_freenameindex(ifp);
   4988 	return 0;
   4989 }
   4990 
   4991 #endif /* CONFIG_MATCH_IFACE */
   4992 
   4993 
   4994 /**
   4995  * wpa_supplicant_add_iface - Add a new network interface
   4996  * @global: Pointer to global data from wpa_supplicant_init()
   4997  * @iface: Interface configuration options
   4998  * @parent: Parent interface or %NULL to assign new interface as parent
   4999  * Returns: Pointer to the created interface or %NULL on failure
   5000  *
   5001  * This function is used to add new network interfaces for %wpa_supplicant.
   5002  * This can be called before wpa_supplicant_run() to add interfaces before the
   5003  * main event loop has been started. In addition, new interfaces can be added
   5004  * dynamically while %wpa_supplicant is already running. This could happen,
   5005  * e.g., when a hotplug network adapter is inserted.
   5006  */
   5007 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
   5008 						 struct wpa_interface *iface,
   5009 						 struct wpa_supplicant *parent)
   5010 {
   5011 	struct wpa_supplicant *wpa_s;
   5012 	struct wpa_interface t_iface;
   5013 	struct wpa_ssid *ssid;
   5014 
   5015 	if (global == NULL || iface == NULL)
   5016 		return NULL;
   5017 
   5018 	wpa_s = wpa_supplicant_alloc(parent);
   5019 	if (wpa_s == NULL)
   5020 		return NULL;
   5021 
   5022 	wpa_s->global = global;
   5023 
   5024 	t_iface = *iface;
   5025 	if (global->params.override_driver) {
   5026 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
   5027 			   "('%s' -> '%s')",
   5028 			   iface->driver, global->params.override_driver);
   5029 		t_iface.driver = global->params.override_driver;
   5030 	}
   5031 	if (global->params.override_ctrl_interface) {
   5032 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
   5033 			   "ctrl_interface ('%s' -> '%s')",
   5034 			   iface->ctrl_interface,
   5035 			   global->params.override_ctrl_interface);
   5036 		t_iface.ctrl_interface =
   5037 			global->params.override_ctrl_interface;
   5038 	}
   5039 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
   5040 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
   5041 			   iface->ifname);
   5042 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
   5043 		return NULL;
   5044 	}
   5045 
   5046 	if (iface->p2p_mgmt == 0) {
   5047 		/* Notify the control interfaces about new iface */
   5048 		if (wpas_notify_iface_added(wpa_s)) {
   5049 			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
   5050 			return NULL;
   5051 		}
   5052 
   5053 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
   5054 			wpas_notify_network_added(wpa_s, ssid);
   5055 	}
   5056 
   5057 	wpa_s->next = global->ifaces;
   5058 	global->ifaces = wpa_s;
   5059 
   5060 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
   5061 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
   5062 
   5063 #ifdef CONFIG_P2P
   5064 	if (wpa_s->global->p2p == NULL &&
   5065 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
   5066 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
   5067 	    wpas_p2p_add_p2pdev_interface(
   5068 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
   5069 		wpa_printf(MSG_INFO,
   5070 			   "P2P: Failed to enable P2P Device interface");
   5071 		/* Try to continue without. P2P will be disabled. */
   5072 	}
   5073 #endif /* CONFIG_P2P */
   5074 
   5075 	return wpa_s;
   5076 }
   5077 
   5078 
   5079 /**
   5080  * wpa_supplicant_remove_iface - Remove a network interface
   5081  * @global: Pointer to global data from wpa_supplicant_init()
   5082  * @wpa_s: Pointer to the network interface to be removed
   5083  * Returns: 0 if interface was removed, -1 if interface was not found
   5084  *
   5085  * This function can be used to dynamically remove network interfaces from
   5086  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
   5087  * addition, this function is used to remove all remaining interfaces when
   5088  * %wpa_supplicant is terminated.
   5089  */
   5090 int wpa_supplicant_remove_iface(struct wpa_global *global,
   5091 				struct wpa_supplicant *wpa_s,
   5092 				int terminate)
   5093 {
   5094 	struct wpa_supplicant *prev;
   5095 #ifdef CONFIG_MESH
   5096 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
   5097 	char *ifname = NULL;
   5098 #endif /* CONFIG_MESH */
   5099 
   5100 	/* Remove interface from the global list of interfaces */
   5101 	prev = global->ifaces;
   5102 	if (prev == wpa_s) {
   5103 		global->ifaces = wpa_s->next;
   5104 	} else {
   5105 		while (prev && prev->next != wpa_s)
   5106 			prev = prev->next;
   5107 		if (prev == NULL)
   5108 			return -1;
   5109 		prev->next = wpa_s->next;
   5110 	}
   5111 
   5112 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
   5113 
   5114 #ifdef CONFIG_MESH
   5115 	if (mesh_if_created) {
   5116 		ifname = os_strdup(wpa_s->ifname);
   5117 		if (ifname == NULL) {
   5118 			wpa_dbg(wpa_s, MSG_ERROR,
   5119 				"mesh: Failed to malloc ifname");
   5120 			return -1;
   5121 		}
   5122 	}
   5123 #endif /* CONFIG_MESH */
   5124 
   5125 	if (global->p2p_group_formation == wpa_s)
   5126 		global->p2p_group_formation = NULL;
   5127 	if (global->p2p_invite_group == wpa_s)
   5128 		global->p2p_invite_group = NULL;
   5129 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
   5130 
   5131 #ifdef CONFIG_MESH
   5132 	if (mesh_if_created) {
   5133 		wpa_drv_if_remove(global->ifaces, WPA_IF_MESH, ifname);
   5134 		os_free(ifname);
   5135 	}
   5136 #endif /* CONFIG_MESH */
   5137 
   5138 	return 0;
   5139 }
   5140 
   5141 
   5142 /**
   5143  * wpa_supplicant_get_eap_mode - Get the current EAP mode
   5144  * @wpa_s: Pointer to the network interface
   5145  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
   5146  */
   5147 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
   5148 {
   5149 	const char *eapol_method;
   5150 
   5151         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
   5152             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
   5153 		return "NO-EAP";
   5154 	}
   5155 
   5156 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
   5157 	if (eapol_method == NULL)
   5158 		return "UNKNOWN-EAP";
   5159 
   5160 	return eapol_method;
   5161 }
   5162 
   5163 
   5164 /**
   5165  * wpa_supplicant_get_iface - Get a new network interface
   5166  * @global: Pointer to global data from wpa_supplicant_init()
   5167  * @ifname: Interface name
   5168  * Returns: Pointer to the interface or %NULL if not found
   5169  */
   5170 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
   5171 						 const char *ifname)
   5172 {
   5173 	struct wpa_supplicant *wpa_s;
   5174 
   5175 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
   5176 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
   5177 			return wpa_s;
   5178 	}
   5179 	return NULL;
   5180 }
   5181 
   5182 
   5183 #ifndef CONFIG_NO_WPA_MSG
   5184 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
   5185 {
   5186 	struct wpa_supplicant *wpa_s = ctx;
   5187 	if (wpa_s == NULL)
   5188 		return NULL;
   5189 	return wpa_s->ifname;
   5190 }
   5191 #endif /* CONFIG_NO_WPA_MSG */
   5192 
   5193 
   5194 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
   5195 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
   5196 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
   5197 
   5198 /* Periodic cleanup tasks */
   5199 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
   5200 {
   5201 	struct wpa_global *global = eloop_ctx;
   5202 	struct wpa_supplicant *wpa_s;
   5203 
   5204 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
   5205 			       wpas_periodic, global, NULL);
   5206 
   5207 #ifdef CONFIG_P2P
   5208 	if (global->p2p)
   5209 		p2p_expire_peers(global->p2p);
   5210 #endif /* CONFIG_P2P */
   5211 
   5212 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
   5213 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
   5214 #ifdef CONFIG_AP
   5215 		ap_periodic(wpa_s);
   5216 #endif /* CONFIG_AP */
   5217 	}
   5218 }
   5219 
   5220 
   5221 /**
   5222  * wpa_supplicant_init - Initialize %wpa_supplicant
   5223  * @params: Parameters for %wpa_supplicant
   5224  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
   5225  *
   5226  * This function is used to initialize %wpa_supplicant. After successful
   5227  * initialization, the returned data pointer can be used to add and remove
   5228  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
   5229  */
   5230 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
   5231 {
   5232 	struct wpa_global *global;
   5233 	int ret, i;
   5234 
   5235 	if (params == NULL)
   5236 		return NULL;
   5237 
   5238 #ifdef CONFIG_DRIVER_NDIS
   5239 	{
   5240 		void driver_ndis_init_ops(void);
   5241 		driver_ndis_init_ops();
   5242 	}
   5243 #endif /* CONFIG_DRIVER_NDIS */
   5244 
   5245 #ifndef CONFIG_NO_WPA_MSG
   5246 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
   5247 #endif /* CONFIG_NO_WPA_MSG */
   5248 
   5249 	if (params->wpa_debug_file_path)
   5250 		wpa_debug_open_file(params->wpa_debug_file_path);
   5251 	else
   5252 		wpa_debug_setup_stdout();
   5253 	if (params->wpa_debug_syslog)
   5254 		wpa_debug_open_syslog();
   5255 	if (params->wpa_debug_tracing) {
   5256 		ret = wpa_debug_open_linux_tracing();
   5257 		if (ret) {
   5258 			wpa_printf(MSG_ERROR,
   5259 				   "Failed to enable trace logging");
   5260 			return NULL;
   5261 		}
   5262 	}
   5263 
   5264 	ret = eap_register_methods();
   5265 	if (ret) {
   5266 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
   5267 		if (ret == -2)
   5268 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
   5269 				   "the same EAP type.");
   5270 		return NULL;
   5271 	}
   5272 
   5273 	global = os_zalloc(sizeof(*global));
   5274 	if (global == NULL)
   5275 		return NULL;
   5276 	dl_list_init(&global->p2p_srv_bonjour);
   5277 	dl_list_init(&global->p2p_srv_upnp);
   5278 	global->params.daemonize = params->daemonize;
   5279 	global->params.wait_for_monitor = params->wait_for_monitor;
   5280 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
   5281 	if (params->pid_file)
   5282 		global->params.pid_file = os_strdup(params->pid_file);
   5283 	if (params->ctrl_interface)
   5284 		global->params.ctrl_interface =
   5285 			os_strdup(params->ctrl_interface);
   5286 	if (params->ctrl_interface_group)
   5287 		global->params.ctrl_interface_group =
   5288 			os_strdup(params->ctrl_interface_group);
   5289 	if (params->override_driver)
   5290 		global->params.override_driver =
   5291 			os_strdup(params->override_driver);
   5292 	if (params->override_ctrl_interface)
   5293 		global->params.override_ctrl_interface =
   5294 			os_strdup(params->override_ctrl_interface);
   5295 #ifdef CONFIG_MATCH_IFACE
   5296 	global->params.match_iface_count = params->match_iface_count;
   5297 	if (params->match_iface_count) {
   5298 		global->params.match_ifaces =
   5299 			os_calloc(params->match_iface_count,
   5300 				  sizeof(struct wpa_interface));
   5301 		os_memcpy(global->params.match_ifaces,
   5302 			  params->match_ifaces,
   5303 			  params->match_iface_count *
   5304 			  sizeof(struct wpa_interface));
   5305 	}
   5306 #endif /* CONFIG_MATCH_IFACE */
   5307 #ifdef CONFIG_P2P
   5308 	if (params->conf_p2p_dev)
   5309 		global->params.conf_p2p_dev =
   5310 			os_strdup(params->conf_p2p_dev);
   5311 #endif /* CONFIG_P2P */
   5312 	wpa_debug_level = global->params.wpa_debug_level =
   5313 		params->wpa_debug_level;
   5314 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
   5315 		params->wpa_debug_show_keys;
   5316 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
   5317 		params->wpa_debug_timestamp;
   5318 
   5319 	wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
   5320 
   5321 	if (eloop_init()) {
   5322 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
   5323 		wpa_supplicant_deinit(global);
   5324 		return NULL;
   5325 	}
   5326 
   5327 	random_init(params->entropy_file);
   5328 
   5329 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
   5330 	if (global->ctrl_iface == NULL) {
   5331 		wpa_supplicant_deinit(global);
   5332 		return NULL;
   5333 	}
   5334 
   5335 	if (wpas_notify_supplicant_initialized(global)) {
   5336 		wpa_supplicant_deinit(global);
   5337 		return NULL;
   5338 	}
   5339 
   5340 	for (i = 0; wpa_drivers[i]; i++)
   5341 		global->drv_count++;
   5342 	if (global->drv_count == 0) {
   5343 		wpa_printf(MSG_ERROR, "No drivers enabled");
   5344 		wpa_supplicant_deinit(global);
   5345 		return NULL;
   5346 	}
   5347 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
   5348 	if (global->drv_priv == NULL) {
   5349 		wpa_supplicant_deinit(global);
   5350 		return NULL;
   5351 	}
   5352 
   5353 #ifdef CONFIG_WIFI_DISPLAY
   5354 	if (wifi_display_init(global) < 0) {
   5355 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
   5356 		wpa_supplicant_deinit(global);
   5357 		return NULL;
   5358 	}
   5359 #endif /* CONFIG_WIFI_DISPLAY */
   5360 
   5361 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
   5362 			       wpas_periodic, global, NULL);
   5363 
   5364 	return global;
   5365 }
   5366 
   5367 
   5368 /**
   5369  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
   5370  * @global: Pointer to global data from wpa_supplicant_init()
   5371  * Returns: 0 after successful event loop run, -1 on failure
   5372  *
   5373  * This function starts the main event loop and continues running as long as
   5374  * there are any remaining events. In most cases, this function is running as
   5375  * long as the %wpa_supplicant process in still in use.
   5376  */
   5377 int wpa_supplicant_run(struct wpa_global *global)
   5378 {
   5379 	struct wpa_supplicant *wpa_s;
   5380 
   5381 	if (global->params.daemonize &&
   5382 	    (wpa_supplicant_daemon(global->params.pid_file) ||
   5383 	     eloop_sock_requeue()))
   5384 		return -1;
   5385 
   5386 #ifdef CONFIG_MATCH_IFACE
   5387 	if (wpa_supplicant_match_existing(global))
   5388 		return -1;
   5389 #endif
   5390 
   5391 	if (global->params.wait_for_monitor) {
   5392 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
   5393 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
   5394 				wpa_supplicant_ctrl_iface_wait(
   5395 					wpa_s->ctrl_iface);
   5396 	}
   5397 
   5398 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
   5399 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
   5400 
   5401 	eloop_run();
   5402 
   5403 	return 0;
   5404 }
   5405 
   5406 
   5407 /**
   5408  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
   5409  * @global: Pointer to global data from wpa_supplicant_init()
   5410  *
   5411  * This function is called to deinitialize %wpa_supplicant and to free all
   5412  * allocated resources. Remaining network interfaces will also be removed.
   5413  */
   5414 void wpa_supplicant_deinit(struct wpa_global *global)
   5415 {
   5416 	int i;
   5417 
   5418 	if (global == NULL)
   5419 		return;
   5420 
   5421 	eloop_cancel_timeout(wpas_periodic, global, NULL);
   5422 
   5423 #ifdef CONFIG_WIFI_DISPLAY
   5424 	wifi_display_deinit(global);
   5425 #endif /* CONFIG_WIFI_DISPLAY */
   5426 
   5427 	while (global->ifaces)
   5428 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
   5429 
   5430 	if (global->ctrl_iface)
   5431 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
   5432 
   5433 	wpas_notify_supplicant_deinitialized(global);
   5434 
   5435 	eap_peer_unregister_methods();
   5436 #ifdef CONFIG_AP
   5437 	eap_server_unregister_methods();
   5438 #endif /* CONFIG_AP */
   5439 
   5440 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
   5441 		if (!global->drv_priv[i])
   5442 			continue;
   5443 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
   5444 	}
   5445 	os_free(global->drv_priv);
   5446 
   5447 	random_deinit();
   5448 
   5449 	eloop_destroy();
   5450 
   5451 	if (global->params.pid_file) {
   5452 		os_daemonize_terminate(global->params.pid_file);
   5453 		os_free(global->params.pid_file);
   5454 	}
   5455 	os_free(global->params.ctrl_interface);
   5456 	os_free(global->params.ctrl_interface_group);
   5457 	os_free(global->params.override_driver);
   5458 	os_free(global->params.override_ctrl_interface);
   5459 #ifdef CONFIG_MATCH_IFACE
   5460 	os_free(global->params.match_ifaces);
   5461 #endif /* CONFIG_MATCH_IFACE */
   5462 #ifdef CONFIG_P2P
   5463 	os_free(global->params.conf_p2p_dev);
   5464 #endif /* CONFIG_P2P */
   5465 
   5466 	os_free(global->p2p_disallow_freq.range);
   5467 	os_free(global->p2p_go_avoid_freq.range);
   5468 	os_free(global->add_psk);
   5469 
   5470 	os_free(global);
   5471 	wpa_debug_close_syslog();
   5472 	wpa_debug_close_file();
   5473 	wpa_debug_close_linux_tracing();
   5474 }
   5475 
   5476 
   5477 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
   5478 {
   5479 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
   5480 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
   5481 		char country[3];
   5482 		country[0] = wpa_s->conf->country[0];
   5483 		country[1] = wpa_s->conf->country[1];
   5484 		country[2] = '\0';
   5485 		if (wpa_drv_set_country(wpa_s, country) < 0) {
   5486 			wpa_printf(MSG_ERROR, "Failed to set country code "
   5487 				   "'%s'", country);
   5488 		}
   5489 	}
   5490 
   5491 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
   5492 		wpas_init_ext_pw(wpa_s);
   5493 
   5494 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
   5495 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
   5496 
   5497 #ifdef CONFIG_WPS
   5498 	wpas_wps_update_config(wpa_s);
   5499 #endif /* CONFIG_WPS */
   5500 	wpas_p2p_update_config(wpa_s);
   5501 	wpa_s->conf->changed_parameters = 0;
   5502 }
   5503 
   5504 
   5505 void add_freq(int *freqs, int *num_freqs, int freq)
   5506 {
   5507 	int i;
   5508 
   5509 	for (i = 0; i < *num_freqs; i++) {
   5510 		if (freqs[i] == freq)
   5511 			return;
   5512 	}
   5513 
   5514 	freqs[*num_freqs] = freq;
   5515 	(*num_freqs)++;
   5516 }
   5517 
   5518 
   5519 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
   5520 {
   5521 	struct wpa_bss *bss, *cbss;
   5522 	const int max_freqs = 10;
   5523 	int *freqs;
   5524 	int num_freqs = 0;
   5525 
   5526 	freqs = os_calloc(max_freqs + 1, sizeof(int));
   5527 	if (freqs == NULL)
   5528 		return NULL;
   5529 
   5530 	cbss = wpa_s->current_bss;
   5531 
   5532 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
   5533 		if (bss == cbss)
   5534 			continue;
   5535 		if (bss->ssid_len == cbss->ssid_len &&
   5536 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
   5537 		    wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
   5538 			add_freq(freqs, &num_freqs, bss->freq);
   5539 			if (num_freqs == max_freqs)
   5540 				break;
   5541 		}
   5542 	}
   5543 
   5544 	if (num_freqs == 0) {
   5545 		os_free(freqs);
   5546 		freqs = NULL;
   5547 	}
   5548 
   5549 	return freqs;
   5550 }
   5551 
   5552 
   5553 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
   5554 {
   5555 	int timeout;
   5556 	int count;
   5557 	int *freqs = NULL;
   5558 
   5559 	wpas_connect_work_done(wpa_s);
   5560 
   5561 	/*
   5562 	 * Remove possible authentication timeout since the connection failed.
   5563 	 */
   5564 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
   5565 
   5566 	/*
   5567 	 * There is no point in blacklisting the AP if this event is
   5568 	 * generated based on local request to disconnect.
   5569 	 */
   5570 	if (wpa_s->own_disconnect_req) {
   5571 		wpa_s->own_disconnect_req = 0;
   5572 		wpa_dbg(wpa_s, MSG_DEBUG,
   5573 			"Ignore connection failure due to local request to disconnect");
   5574 		return;
   5575 	}
   5576 	if (wpa_s->disconnected) {
   5577 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
   5578 			"indication since interface has been put into "
   5579 			"disconnected state");
   5580 		return;
   5581 	}
   5582 
   5583 	/*
   5584 	 * Add the failed BSSID into the blacklist and speed up next scan
   5585 	 * attempt if there could be other APs that could accept association.
   5586 	 * The current blacklist count indicates how many times we have tried
   5587 	 * connecting to this AP and multiple attempts mean that other APs are
   5588 	 * either not available or has already been tried, so that we can start
   5589 	 * increasing the delay here to avoid constant scanning.
   5590 	 */
   5591 	count = wpa_blacklist_add(wpa_s, bssid);
   5592 	if (count == 1 && wpa_s->current_bss) {
   5593 		/*
   5594 		 * This BSS was not in the blacklist before. If there is
   5595 		 * another BSS available for the same ESS, we should try that
   5596 		 * next. Otherwise, we may as well try this one once more
   5597 		 * before allowing other, likely worse, ESSes to be considered.
   5598 		 */
   5599 		freqs = get_bss_freqs_in_ess(wpa_s);
   5600 		if (freqs) {
   5601 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
   5602 				"has been seen; try it next");
   5603 			wpa_blacklist_add(wpa_s, bssid);
   5604 			/*
   5605 			 * On the next scan, go through only the known channels
   5606 			 * used in this ESS based on previous scans to speed up
   5607 			 * common load balancing use case.
   5608 			 */
   5609 			os_free(wpa_s->next_scan_freqs);
   5610 			wpa_s->next_scan_freqs = freqs;
   5611 		}
   5612 	}
   5613 
   5614 	/*
   5615 	 * Add previous failure count in case the temporary blacklist was
   5616 	 * cleared due to no other BSSes being available.
   5617 	 */
   5618 	count += wpa_s->extra_blacklist_count;
   5619 
   5620 	if (count > 3 && wpa_s->current_ssid) {
   5621 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
   5622 			   "consider temporary network disabling");
   5623 		wpas_auth_failed(wpa_s, "CONN_FAILED");
   5624 	}
   5625 
   5626 	switch (count) {
   5627 	case 1:
   5628 		timeout = 100;
   5629 		break;
   5630 	case 2:
   5631 		timeout = 500;
   5632 		break;
   5633 	case 3:
   5634 		timeout = 1000;
   5635 		break;
   5636 	case 4:
   5637 		timeout = 5000;
   5638 		break;
   5639 	default:
   5640 		timeout = 10000;
   5641 		break;
   5642 	}
   5643 
   5644 	wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
   5645 		"ms", count, timeout);
   5646 
   5647 	/*
   5648 	 * TODO: if more than one possible AP is available in scan results,
   5649 	 * could try the other ones before requesting a new scan.
   5650 	 */
   5651 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
   5652 				1000 * (timeout % 1000));
   5653 }
   5654 
   5655 
   5656 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
   5657 {
   5658 	return wpa_s->conf->ap_scan == 2 ||
   5659 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
   5660 }
   5661 
   5662 
   5663 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
   5664 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
   5665 					      struct wpa_ssid *ssid,
   5666 					      const char *field,
   5667 					      const char *value)
   5668 {
   5669 #ifdef IEEE8021X_EAPOL
   5670 	struct eap_peer_config *eap = &ssid->eap;
   5671 
   5672 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
   5673 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
   5674 			      (const u8 *) value, os_strlen(value));
   5675 
   5676 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
   5677 	case WPA_CTRL_REQ_EAP_IDENTITY:
   5678 		os_free(eap->identity);
   5679 		eap->identity = (u8 *) os_strdup(value);
   5680 		eap->identity_len = os_strlen(value);
   5681 		eap->pending_req_identity = 0;
   5682 		if (ssid == wpa_s->current_ssid)
   5683 			wpa_s->reassociate = 1;
   5684 		break;
   5685 	case WPA_CTRL_REQ_EAP_PASSWORD:
   5686 		bin_clear_free(eap->password, eap->password_len);
   5687 		eap->password = (u8 *) os_strdup(value);
   5688 		eap->password_len = os_strlen(value);
   5689 		eap->pending_req_password = 0;
   5690 		if (ssid == wpa_s->current_ssid)
   5691 			wpa_s->reassociate = 1;
   5692 		break;
   5693 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
   5694 		bin_clear_free(eap->new_password, eap->new_password_len);
   5695 		eap->new_password = (u8 *) os_strdup(value);
   5696 		eap->new_password_len = os_strlen(value);
   5697 		eap->pending_req_new_password = 0;
   5698 		if (ssid == wpa_s->current_ssid)
   5699 			wpa_s->reassociate = 1;
   5700 		break;
   5701 	case WPA_CTRL_REQ_EAP_PIN:
   5702 		str_clear_free(eap->pin);
   5703 		eap->pin = os_strdup(value);
   5704 		eap->pending_req_pin = 0;
   5705 		if (ssid == wpa_s->current_ssid)
   5706 			wpa_s->reassociate = 1;
   5707 		break;
   5708 	case WPA_CTRL_REQ_EAP_OTP:
   5709 		bin_clear_free(eap->otp, eap->otp_len);
   5710 		eap->otp = (u8 *) os_strdup(value);
   5711 		eap->otp_len = os_strlen(value);
   5712 		os_free(eap->pending_req_otp);
   5713 		eap->pending_req_otp = NULL;
   5714 		eap->pending_req_otp_len = 0;
   5715 		break;
   5716 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
   5717 		str_clear_free(eap->private_key_passwd);
   5718 		eap->private_key_passwd = os_strdup(value);
   5719 		eap->pending_req_passphrase = 0;
   5720 		if (ssid == wpa_s->current_ssid)
   5721 			wpa_s->reassociate = 1;
   5722 		break;
   5723 	case WPA_CTRL_REQ_SIM:
   5724 		str_clear_free(eap->external_sim_resp);
   5725 		eap->external_sim_resp = os_strdup(value);
   5726 		break;
   5727 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
   5728 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
   5729 			return -1;
   5730 		ssid->mem_only_psk = 1;
   5731 		if (ssid->passphrase)
   5732 			wpa_config_update_psk(ssid);
   5733 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
   5734 			wpa_supplicant_req_scan(wpa_s, 0, 0);
   5735 		break;
   5736 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
   5737 		if (eap->pending_ext_cert_check != PENDING_CHECK)
   5738 			return -1;
   5739 		if (os_strcmp(value, "good") == 0)
   5740 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
   5741 		else if (os_strcmp(value, "bad") == 0)
   5742 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
   5743 		else
   5744 			return -1;
   5745 		break;
   5746 	default:
   5747 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
   5748 		return -1;
   5749 	}
   5750 
   5751 	return 0;
   5752 #else /* IEEE8021X_EAPOL */
   5753 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
   5754 	return -1;
   5755 #endif /* IEEE8021X_EAPOL */
   5756 }
   5757 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
   5758 
   5759 
   5760 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
   5761 {
   5762 	int i;
   5763 	unsigned int drv_enc;
   5764 
   5765 	if (wpa_s->p2p_mgmt)
   5766 		return 1; /* no normal network profiles on p2p_mgmt interface */
   5767 
   5768 	if (ssid == NULL)
   5769 		return 1;
   5770 
   5771 	if (ssid->disabled)
   5772 		return 1;
   5773 
   5774 	if (wpa_s->drv_capa_known)
   5775 		drv_enc = wpa_s->drv_enc;
   5776 	else
   5777 		drv_enc = (unsigned int) -1;
   5778 
   5779 	for (i = 0; i < NUM_WEP_KEYS; i++) {
   5780 		size_t len = ssid->wep_key_len[i];
   5781 		if (len == 0)
   5782 			continue;
   5783 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
   5784 			continue;
   5785 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
   5786 			continue;
   5787 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
   5788 			continue;
   5789 		return 1; /* invalid WEP key */
   5790 	}
   5791 
   5792 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
   5793 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
   5794 	    !ssid->mem_only_psk)
   5795 		return 1;
   5796 
   5797 	return 0;
   5798 }
   5799 
   5800 
   5801 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
   5802 {
   5803 #ifdef CONFIG_IEEE80211W
   5804 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
   5805 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
   5806 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
   5807 			/*
   5808 			 * Driver does not support BIP -- ignore pmf=1 default
   5809 			 * since the connection with PMF would fail and the
   5810 			 * configuration does not require PMF to be enabled.
   5811 			 */
   5812 			return NO_MGMT_FRAME_PROTECTION;
   5813 		}
   5814 
   5815 		return wpa_s->conf->pmf;
   5816 	}
   5817 
   5818 	return ssid->ieee80211w;
   5819 #else /* CONFIG_IEEE80211W */
   5820 	return NO_MGMT_FRAME_PROTECTION;
   5821 #endif /* CONFIG_IEEE80211W */
   5822 }
   5823 
   5824 
   5825 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
   5826 {
   5827 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
   5828 		return 1;
   5829 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
   5830 		return 0;
   5831 	return -1;
   5832 }
   5833 
   5834 
   5835 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
   5836 {
   5837 	struct wpa_ssid *ssid = wpa_s->current_ssid;
   5838 	int dur;
   5839 	struct os_reltime now;
   5840 
   5841 	if (ssid == NULL) {
   5842 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
   5843 			   "SSID block");
   5844 		return;
   5845 	}
   5846 
   5847 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
   5848 		return;
   5849 
   5850 	ssid->auth_failures++;
   5851 
   5852 #ifdef CONFIG_P2P
   5853 	if (ssid->p2p_group &&
   5854 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
   5855 		/*
   5856 		 * Skip the wait time since there is a short timeout on the
   5857 		 * connection to a P2P group.
   5858 		 */
   5859 		return;
   5860 	}
   5861 #endif /* CONFIG_P2P */
   5862 
   5863 	if (ssid->auth_failures > 50)
   5864 		dur = 300;
   5865 	else if (ssid->auth_failures > 10)
   5866 		dur = 120;
   5867 	else if (ssid->auth_failures > 5)
   5868 		dur = 90;
   5869 	else if (ssid->auth_failures > 3)
   5870 		dur = 60;
   5871 	else if (ssid->auth_failures > 2)
   5872 		dur = 30;
   5873 	else if (ssid->auth_failures > 1)
   5874 		dur = 20;
   5875 	else
   5876 		dur = 10;
   5877 
   5878 	if (ssid->auth_failures > 1 &&
   5879 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
   5880 		dur += os_random() % (ssid->auth_failures * 10);
   5881 
   5882 	os_get_reltime(&now);
   5883 	if (now.sec + dur <= ssid->disabled_until.sec)
   5884 		return;
   5885 
   5886 	ssid->disabled_until.sec = now.sec + dur;
   5887 
   5888 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
   5889 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
   5890 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
   5891 		ssid->auth_failures, dur, reason);
   5892 }
   5893 
   5894 
   5895 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
   5896 			      struct wpa_ssid *ssid, int clear_failures)
   5897 {
   5898 	if (ssid == NULL)
   5899 		return;
   5900 
   5901 	if (ssid->disabled_until.sec) {
   5902 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
   5903 			"id=%d ssid=\"%s\"",
   5904 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
   5905 	}
   5906 	ssid->disabled_until.sec = 0;
   5907 	ssid->disabled_until.usec = 0;
   5908 	if (clear_failures)
   5909 		ssid->auth_failures = 0;
   5910 }
   5911 
   5912 
   5913 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
   5914 {
   5915 	size_t i;
   5916 
   5917 	if (wpa_s->disallow_aps_bssid == NULL)
   5918 		return 0;
   5919 
   5920 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
   5921 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
   5922 			      bssid, ETH_ALEN) == 0)
   5923 			return 1;
   5924 	}
   5925 
   5926 	return 0;
   5927 }
   5928 
   5929 
   5930 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
   5931 		    size_t ssid_len)
   5932 {
   5933 	size_t i;
   5934 
   5935 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
   5936 		return 0;
   5937 
   5938 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
   5939 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
   5940 		if (ssid_len == s->ssid_len &&
   5941 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
   5942 			return 1;
   5943 	}
   5944 
   5945 	return 0;
   5946 }
   5947 
   5948 
   5949 /**
   5950  * wpas_request_connection - Request a new connection
   5951  * @wpa_s: Pointer to the network interface
   5952  *
   5953  * This function is used to request a new connection to be found. It will mark
   5954  * the interface to allow reassociation and request a new scan to find a
   5955  * suitable network to connect to.
   5956  */
   5957 void wpas_request_connection(struct wpa_supplicant *wpa_s)
   5958 {
   5959 	wpa_s->normal_scans = 0;
   5960 	wpa_s->scan_req = NORMAL_SCAN_REQ;
   5961 	wpa_supplicant_reinit_autoscan(wpa_s);
   5962 	wpa_s->extra_blacklist_count = 0;
   5963 	wpa_s->disconnected = 0;
   5964 	wpa_s->reassociate = 1;
   5965 
   5966 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
   5967 		wpa_supplicant_req_scan(wpa_s, 0, 0);
   5968 	else
   5969 		wpa_s->reattach = 0;
   5970 }
   5971 
   5972 
   5973 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
   5974 		    struct wpa_used_freq_data *freqs_data,
   5975 		    unsigned int len)
   5976 {
   5977 	unsigned int i;
   5978 
   5979 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
   5980 		len, title);
   5981 	for (i = 0; i < len; i++) {
   5982 		struct wpa_used_freq_data *cur = &freqs_data[i];
   5983 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
   5984 			i, cur->freq, cur->flags);
   5985 	}
   5986 }
   5987 
   5988 
   5989 /*
   5990  * Find the operating frequencies of any of the virtual interfaces that
   5991  * are using the same radio as the current interface, and in addition, get
   5992  * information about the interface types that are using the frequency.
   5993  */
   5994 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
   5995 				struct wpa_used_freq_data *freqs_data,
   5996 				unsigned int len)
   5997 {
   5998 	struct wpa_supplicant *ifs;
   5999 	u8 bssid[ETH_ALEN];
   6000 	int freq;
   6001 	unsigned int idx = 0, i;
   6002 
   6003 	wpa_dbg(wpa_s, MSG_DEBUG,
   6004 		"Determining shared radio frequencies (max len %u)", len);
   6005 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
   6006 
   6007 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
   6008 			 radio_list) {
   6009 		if (idx == len)
   6010 			break;
   6011 
   6012 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
   6013 			continue;
   6014 
   6015 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
   6016 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
   6017 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
   6018 			freq = ifs->current_ssid->frequency;
   6019 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
   6020 			freq = ifs->assoc_freq;
   6021 		else
   6022 			continue;
   6023 
   6024 		/* Hold only distinct freqs */
   6025 		for (i = 0; i < idx; i++)
   6026 			if (freqs_data[i].freq == freq)
   6027 				break;
   6028 
   6029 		if (i == idx)
   6030 			freqs_data[idx++].freq = freq;
   6031 
   6032 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
   6033 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
   6034 				WPA_FREQ_USED_BY_P2P_CLIENT :
   6035 				WPA_FREQ_USED_BY_INFRA_STATION;
   6036 		}
   6037 	}
   6038 
   6039 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
   6040 	return idx;
   6041 }
   6042 
   6043 
   6044 /*
   6045  * Find the operating frequencies of any of the virtual interfaces that
   6046  * are using the same radio as the current interface.
   6047  */
   6048 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
   6049 			   int *freq_array, unsigned int len)
   6050 {
   6051 	struct wpa_used_freq_data *freqs_data;
   6052 	int num, i;
   6053 
   6054 	os_memset(freq_array, 0, sizeof(int) * len);
   6055 
   6056 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
   6057 	if (!freqs_data)
   6058 		return -1;
   6059 
   6060 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
   6061 	for (i = 0; i < num; i++)
   6062 		freq_array[i] = freqs_data[i].freq;
   6063 
   6064 	os_free(freqs_data);
   6065 
   6066 	return num;
   6067 }
   6068 
   6069 
   6070 static void wpas_rrm_neighbor_rep_timeout_handler(void *data, void *user_ctx)
   6071 {
   6072 	struct rrm_data *rrm = data;
   6073 
   6074 	if (!rrm->notify_neighbor_rep) {
   6075 		wpa_printf(MSG_ERROR,
   6076 			   "RRM: Unexpected neighbor report timeout");
   6077 		return;
   6078 	}
   6079 
   6080 	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report - NONE");
   6081 	rrm->notify_neighbor_rep(rrm->neighbor_rep_cb_ctx, NULL);
   6082 
   6083 	rrm->notify_neighbor_rep = NULL;
   6084 	rrm->neighbor_rep_cb_ctx = NULL;
   6085 }
   6086 
   6087 
   6088 /*
   6089  * wpas_rrm_reset - Clear and reset all RRM data in wpa_supplicant
   6090  * @wpa_s: Pointer to wpa_supplicant
   6091  */
   6092 void wpas_rrm_reset(struct wpa_supplicant *wpa_s)
   6093 {
   6094 	wpa_s->rrm.rrm_used = 0;
   6095 
   6096 	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
   6097 			     NULL);
   6098 	if (wpa_s->rrm.notify_neighbor_rep)
   6099 		wpas_rrm_neighbor_rep_timeout_handler(&wpa_s->rrm, NULL);
   6100 	wpa_s->rrm.next_neighbor_rep_token = 1;
   6101 }
   6102 
   6103 
   6104 /*
   6105  * wpas_rrm_process_neighbor_rep - Handle incoming neighbor report
   6106  * @wpa_s: Pointer to wpa_supplicant
   6107  * @report: Neighbor report buffer, prefixed by a 1-byte dialog token
   6108  * @report_len: Length of neighbor report buffer
   6109  */
   6110 void wpas_rrm_process_neighbor_rep(struct wpa_supplicant *wpa_s,
   6111 				   const u8 *report, size_t report_len)
   6112 {
   6113 	struct wpabuf *neighbor_rep;
   6114 
   6115 	wpa_hexdump(MSG_DEBUG, "RRM: New Neighbor Report", report, report_len);
   6116 	if (report_len < 1)
   6117 		return;
   6118 
   6119 	if (report[0] != wpa_s->rrm.next_neighbor_rep_token - 1) {
   6120 		wpa_printf(MSG_DEBUG,
   6121 			   "RRM: Discarding neighbor report with token %d (expected %d)",
   6122 			   report[0], wpa_s->rrm.next_neighbor_rep_token - 1);
   6123 		return;
   6124 	}
   6125 
   6126 	eloop_cancel_timeout(wpas_rrm_neighbor_rep_timeout_handler, &wpa_s->rrm,
   6127 			     NULL);
   6128 
   6129 	if (!wpa_s->rrm.notify_neighbor_rep) {
   6130 		wpa_printf(MSG_ERROR, "RRM: Unexpected neighbor report");
   6131 		return;
   6132 	}
   6133 
   6134 	/* skipping the first byte, which is only an id (dialog token) */
   6135 	neighbor_rep = wpabuf_alloc(report_len - 1);
   6136 	if (neighbor_rep == NULL)
   6137 		return;
   6138 	wpabuf_put_data(neighbor_rep, report + 1, report_len - 1);
   6139 	wpa_printf(MSG_DEBUG, "RRM: Notifying neighbor report (token = %d)",
   6140 		   report[0]);
   6141 	wpa_s->rrm.notify_neighbor_rep(wpa_s->rrm.neighbor_rep_cb_ctx,
   6142 				       neighbor_rep);
   6143 	wpa_s->rrm.notify_neighbor_rep = NULL;
   6144 	wpa_s->rrm.neighbor_rep_cb_ctx = NULL;
   6145 }
   6146 
   6147 
   6148 #if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS)
   6149 /* Workaround different, undefined for Windows, error codes used here */
   6150 #define ENOTCONN -1
   6151 #define EOPNOTSUPP -1
   6152 #define ECANCELED -1
   6153 #endif
   6154 
   6155 /**
   6156  * wpas_rrm_send_neighbor_rep_request - Request a neighbor report from our AP
   6157  * @wpa_s: Pointer to wpa_supplicant
   6158  * @ssid: if not null, this is sent in the request. Otherwise, no SSID IE
   6159  *	  is sent in the request.
   6160  * @cb: Callback function to be called once the requested report arrives, or
   6161  *	timed out after RRM_NEIGHBOR_REPORT_TIMEOUT seconds.
   6162  *	In the former case, 'neighbor_rep' is a newly allocated wpabuf, and it's
   6163  *	the requester's responsibility to free it.
   6164  *	In the latter case NULL will be sent in 'neighbor_rep'.
   6165  * @cb_ctx: Context value to send the callback function
   6166  * Returns: 0 in case of success, negative error code otherwise
   6167  *
   6168  * In case there is a previous request which has not been answered yet, the
   6169  * new request fails. The caller may retry after RRM_NEIGHBOR_REPORT_TIMEOUT.
   6170  * Request must contain a callback function.
   6171  */
   6172 int wpas_rrm_send_neighbor_rep_request(struct wpa_supplicant *wpa_s,
   6173 				       const struct wpa_ssid *ssid,
   6174 				       void (*cb)(void *ctx,
   6175 						  struct wpabuf *neighbor_rep),
   6176 				       void *cb_ctx)
   6177 {
   6178 	struct wpabuf *buf;
   6179 	const u8 *rrm_ie;
   6180 
   6181 	if (wpa_s->wpa_state != WPA_COMPLETED || wpa_s->current_ssid == NULL) {
   6182 		wpa_printf(MSG_DEBUG, "RRM: No connection, no RRM.");
   6183 		return -ENOTCONN;
   6184 	}
   6185 
   6186 	if (!wpa_s->rrm.rrm_used) {
   6187 		wpa_printf(MSG_DEBUG, "RRM: No RRM in current connection.");
   6188 		return -EOPNOTSUPP;
   6189 	}
   6190 
   6191 	rrm_ie = wpa_bss_get_ie(wpa_s->current_bss,
   6192 				WLAN_EID_RRM_ENABLED_CAPABILITIES);
   6193 	if (!rrm_ie || !(wpa_s->current_bss->caps & IEEE80211_CAP_RRM) ||
   6194 	    !(rrm_ie[2] & WLAN_RRM_CAPS_NEIGHBOR_REPORT)) {
   6195 		wpa_printf(MSG_DEBUG,
   6196 			   "RRM: No network support for Neighbor Report.");
   6197 		return -EOPNOTSUPP;
   6198 	}
   6199 
   6200 	if (!cb) {
   6201 		wpa_printf(MSG_DEBUG,
   6202 			   "RRM: Neighbor Report request must provide a callback.");
   6203 		return -EINVAL;
   6204 	}
   6205 
   6206 	/* Refuse if there's a live request */
   6207 	if (wpa_s->rrm.notify_neighbor_rep) {
   6208 		wpa_printf(MSG_DEBUG,
   6209 			   "RRM: Currently handling previous Neighbor Report.");
   6210 		return -EBUSY;
   6211 	}
   6212 
   6213 	/* 3 = action category + action code + dialog token */
   6214 	buf = wpabuf_alloc(3 + (ssid ? 2 + ssid->ssid_len : 0));
   6215 	if (buf == NULL) {
   6216 		wpa_printf(MSG_DEBUG,
   6217 			   "RRM: Failed to allocate Neighbor Report Request");
   6218 		return -ENOMEM;
   6219 	}
   6220 
   6221 	wpa_printf(MSG_DEBUG, "RRM: Neighbor report request (for %s), token=%d",
   6222 		   (ssid ? wpa_ssid_txt(ssid->ssid, ssid->ssid_len) : ""),
   6223 		   wpa_s->rrm.next_neighbor_rep_token);
   6224 
   6225 	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
   6226 	wpabuf_put_u8(buf, WLAN_RRM_NEIGHBOR_REPORT_REQUEST);
   6227 	wpabuf_put_u8(buf, wpa_s->rrm.next_neighbor_rep_token);
   6228 	if (ssid) {
   6229 		wpabuf_put_u8(buf, WLAN_EID_SSID);
   6230 		wpabuf_put_u8(buf, ssid->ssid_len);
   6231 		wpabuf_put_data(buf, ssid->ssid, ssid->ssid_len);
   6232 	}
   6233 
   6234 	wpa_s->rrm.next_neighbor_rep_token++;
   6235 
   6236 	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
   6237 				wpa_s->own_addr, wpa_s->bssid,
   6238 				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
   6239 		wpa_printf(MSG_DEBUG,
   6240 			   "RRM: Failed to send Neighbor Report Request");
   6241 		wpabuf_free(buf);
   6242 		return -ECANCELED;
   6243 	}
   6244 
   6245 	wpa_s->rrm.neighbor_rep_cb_ctx = cb_ctx;
   6246 	wpa_s->rrm.notify_neighbor_rep = cb;
   6247 	eloop_register_timeout(RRM_NEIGHBOR_REPORT_TIMEOUT, 0,
   6248 			       wpas_rrm_neighbor_rep_timeout_handler,
   6249 			       &wpa_s->rrm, NULL);
   6250 
   6251 	wpabuf_free(buf);
   6252 	return 0;
   6253 }
   6254 
   6255 
   6256 void wpas_rrm_handle_link_measurement_request(struct wpa_supplicant *wpa_s,
   6257 					      const u8 *src,
   6258 					      const u8 *frame, size_t len,
   6259 					      int rssi)
   6260 {
   6261 	struct wpabuf *buf;
   6262 	const struct rrm_link_measurement_request *req;
   6263 	struct rrm_link_measurement_report report;
   6264 
   6265 	if (wpa_s->wpa_state != WPA_COMPLETED) {
   6266 		wpa_printf(MSG_INFO,
   6267 			   "RRM: Ignoring link measurement request. Not associated");
   6268 		return;
   6269 	}
   6270 
   6271 	if (!wpa_s->rrm.rrm_used) {
   6272 		wpa_printf(MSG_INFO,
   6273 			   "RRM: Ignoring link measurement request. Not RRM network");
   6274 		return;
   6275 	}
   6276 
   6277 	if (!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)) {
   6278 		wpa_printf(MSG_INFO,
   6279 			   "RRM: Measurement report failed. TX power insertion not supported");
   6280 		return;
   6281 	}
   6282 
   6283 	req = (const struct rrm_link_measurement_request *) frame;
   6284 	if (len < sizeof(*req)) {
   6285 		wpa_printf(MSG_INFO,
   6286 			   "RRM: Link measurement report failed. Request too short");
   6287 		return;
   6288 	}
   6289 
   6290 	os_memset(&report, 0, sizeof(report));
   6291 	report.tpc.eid = WLAN_EID_TPC_REPORT;
   6292 	report.tpc.len = 2;
   6293 	report.rsni = 255; /* 255 indicates that RSNI is not available */
   6294 	report.dialog_token = req->dialog_token;
   6295 
   6296 	/*
   6297 	 * It's possible to estimate RCPI based on RSSI in dBm. This
   6298 	 * calculation will not reflect the correct value for high rates,
   6299 	 * but it's good enough for Action frames which are transmitted
   6300 	 * with up to 24 Mbps rates.
   6301 	 */
   6302 	if (!rssi)
   6303 		report.rcpi = 255; /* not available */
   6304 	else if (rssi < -110)
   6305 		report.rcpi = 0;
   6306 	else if (rssi > 0)
   6307 		report.rcpi = 220;
   6308 	else
   6309 		report.rcpi = (rssi + 110) * 2;
   6310 
   6311 	/* action_category + action_code */
   6312 	buf = wpabuf_alloc(2 + sizeof(report));
   6313 	if (buf == NULL) {
   6314 		wpa_printf(MSG_ERROR,
   6315 			   "RRM: Link measurement report failed. Buffer allocation failed");
   6316 		return;
   6317 	}
   6318 
   6319 	wpabuf_put_u8(buf, WLAN_ACTION_RADIO_MEASUREMENT);
   6320 	wpabuf_put_u8(buf, WLAN_RRM_LINK_MEASUREMENT_REPORT);
   6321 	wpabuf_put_data(buf, &report, sizeof(report));
   6322 	wpa_hexdump(MSG_DEBUG, "RRM: Link measurement report:",
   6323 		    wpabuf_head(buf), wpabuf_len(buf));
   6324 
   6325 	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, src,
   6326 				wpa_s->own_addr, wpa_s->bssid,
   6327 				wpabuf_head(buf), wpabuf_len(buf), 0)) {
   6328 		wpa_printf(MSG_ERROR,
   6329 			   "RRM: Link measurement report failed. Send action failed");
   6330 	}
   6331 	wpabuf_free(buf);
   6332 }
   6333 
   6334 
   6335 struct wpa_supplicant *
   6336 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
   6337 {
   6338 	switch (frame) {
   6339 #ifdef CONFIG_P2P
   6340 	case VENDOR_ELEM_PROBE_REQ_P2P:
   6341 	case VENDOR_ELEM_PROBE_RESP_P2P:
   6342 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
   6343 	case VENDOR_ELEM_BEACON_P2P_GO:
   6344 	case VENDOR_ELEM_P2P_PD_REQ:
   6345 	case VENDOR_ELEM_P2P_PD_RESP:
   6346 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
   6347 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
   6348 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
   6349 	case VENDOR_ELEM_P2P_INV_REQ:
   6350 	case VENDOR_ELEM_P2P_INV_RESP:
   6351 	case VENDOR_ELEM_P2P_ASSOC_REQ:
   6352 	case VENDOR_ELEM_P2P_ASSOC_RESP:
   6353 		return wpa_s->p2pdev;
   6354 #endif /* CONFIG_P2P */
   6355 	default:
   6356 		return wpa_s;
   6357 	}
   6358 }
   6359 
   6360 
   6361 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
   6362 {
   6363 	unsigned int i;
   6364 	char buf[30];
   6365 
   6366 	wpa_printf(MSG_DEBUG, "Update vendor elements");
   6367 
   6368 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
   6369 		if (wpa_s->vendor_elem[i]) {
   6370 			int res;
   6371 
   6372 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
   6373 			if (!os_snprintf_error(sizeof(buf), res)) {
   6374 				wpa_hexdump_buf(MSG_DEBUG, buf,
   6375 						wpa_s->vendor_elem[i]);
   6376 			}
   6377 		}
   6378 	}
   6379 
   6380 #ifdef CONFIG_P2P
   6381 	if (wpa_s->parent == wpa_s &&
   6382 	    wpa_s->global->p2p &&
   6383 	    !wpa_s->global->p2p_disabled)
   6384 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
   6385 #endif /* CONFIG_P2P */
   6386 }
   6387 
   6388 
   6389 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
   6390 			    const u8 *elem, size_t len)
   6391 {
   6392 	u8 *ie, *end;
   6393 
   6394 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
   6395 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
   6396 
   6397 	for (; ie + 1 < end; ie += 2 + ie[1]) {
   6398 		if (ie + len > end)
   6399 			break;
   6400 		if (os_memcmp(ie, elem, len) != 0)
   6401 			continue;
   6402 
   6403 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
   6404 			wpabuf_free(wpa_s->vendor_elem[frame]);
   6405 			wpa_s->vendor_elem[frame] = NULL;
   6406 		} else {
   6407 			os_memmove(ie, ie + len, end - (ie + len));
   6408 			wpa_s->vendor_elem[frame]->used -= len;
   6409 		}
   6410 		wpas_vendor_elem_update(wpa_s);
   6411 		return 0;
   6412 	}
   6413 
   6414 	return -1;
   6415 }
   6416 
   6417 
   6418 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
   6419 				   u16 num_modes, enum hostapd_hw_mode mode)
   6420 {
   6421 	u16 i;
   6422 
   6423 	for (i = 0; i < num_modes; i++) {
   6424 		if (modes[i].mode == mode)
   6425 			return &modes[i];
   6426 	}
   6427 
   6428 	return NULL;
   6429 }
   6430 
   6431 
   6432 static struct
   6433 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
   6434 						 const u8 *bssid)
   6435 {
   6436 	struct wpa_bss_tmp_disallowed *bss;
   6437 
   6438 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
   6439 			 struct wpa_bss_tmp_disallowed, list) {
   6440 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
   6441 			return bss;
   6442 	}
   6443 
   6444 	return NULL;
   6445 }
   6446 
   6447 
   6448 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
   6449 			  unsigned int sec)
   6450 {
   6451 	struct wpa_bss_tmp_disallowed *bss;
   6452 	struct os_reltime until;
   6453 
   6454 	os_get_reltime(&until);
   6455 	until.sec += sec;
   6456 
   6457 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
   6458 	if (bss) {
   6459 		bss->disallowed_until = until;
   6460 		return;
   6461 	}
   6462 
   6463 	bss = os_malloc(sizeof(*bss));
   6464 	if (!bss) {
   6465 		wpa_printf(MSG_DEBUG,
   6466 			   "Failed to allocate memory for temp disallow BSS");
   6467 		return;
   6468 	}
   6469 
   6470 	bss->disallowed_until = until;
   6471 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
   6472 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
   6473 }
   6474 
   6475 
   6476 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s, const u8 *bssid)
   6477 {
   6478 	struct wpa_bss_tmp_disallowed *bss = NULL, *tmp, *prev;
   6479 	struct os_reltime now, age;
   6480 
   6481 	os_get_reltime(&now);
   6482 
   6483 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
   6484 			 struct wpa_bss_tmp_disallowed, list) {
   6485 		if (!os_reltime_before(&now, &tmp->disallowed_until)) {
   6486 			/* This BSS is not disallowed anymore */
   6487 			dl_list_del(&tmp->list);
   6488 			os_free(tmp);
   6489 			continue;
   6490 		}
   6491 		if (os_memcmp(bssid, tmp->bssid, ETH_ALEN) == 0) {
   6492 			bss = tmp;
   6493 			break;
   6494 		}
   6495 	}
   6496 	if (!bss)
   6497 		return 0;
   6498 
   6499 	os_reltime_sub(&bss->disallowed_until, &now, &age);
   6500 	wpa_printf(MSG_DEBUG,
   6501 		   "BSS " MACSTR " disabled for %ld.%0ld seconds",
   6502 		   MAC2STR(bss->bssid), age.sec, age.usec);
   6503 	return 1;
   6504 }
   6505