nl80211.c

Go to the documentation of this file.

/*
 * This is the new netlink-based wireless configuration interface.
 *
 * Copyright 2006-2010  Johannes Berg <[email protected]>
 */

#include <linux/if.h>
#include <linux/module.h>
#include <linux/err.h>
#include <linux/slab.h>
#include <linux/list.h>
#include <linux/if_ether.h>
#include <linux/ieee80211.h>
#include <linux/nl80211.h>
#include <linux/rtnetlink.h>
#include <linux/netlink.h>
#include <linux/etherdevice.h>
#include <net/net_namespace.h>
#include <net/genetlink.h>
#include <net/cfg80211.h>
#include <net/sock.h>
#include "core.h"
#include "nl80211.h"
#include "reg.h"

static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type);
static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
                   struct genl_info *info,
                   struct cfg80211_crypto_settings *settings,
                   int cipher_limit);

static int nl80211_pre_doit(struct genl_ops *ops, struct sk_buff *skb,
                struct genl_info *info);
static void nl80211_post_doit(struct genl_ops *ops, struct sk_buff *skb,
                  struct genl_info *info);

/* the netlink family */
static struct genl_family nl80211_fam = {
    .id = GENL_ID_GENERATE, /* don't bother with a hardcoded ID */
    .name = "nl80211",  /* have users key off the name instead */
    .hdrsize = 0,       /* no private header */
    .version = 1,       /* no particular meaning now */
    .maxattr = NL80211_ATTR_MAX,
    .netnsok = true,
    .pre_doit = nl80211_pre_doit,
    .post_doit = nl80211_post_doit,
};

/* returns ERR_PTR values */
static struct wireless_dev *
__cfg80211_wdev_from_attrs(struct net *netns, struct nlattr **attrs)
{
    struct cfg80211_registered_device *rdev;
    struct wireless_dev *result = NULL;
    bool have_ifidx = attrs[NL80211_ATTR_IFINDEX];
    bool have_wdev_id = attrs[NL80211_ATTR_WDEV];
    u64 wdev_id;
    int wiphy_idx = -1;
    int ifidx = -1;

    assert_cfg80211_lock();

    if (!have_ifidx && !have_wdev_id)
        return ERR_PTR(-EINVAL);

    if (have_ifidx)
        ifidx = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
    if (have_wdev_id) {
        wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
        wiphy_idx = wdev_id >> 32;
    }

    list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
        struct wireless_dev *wdev;

        if (wiphy_net(&rdev->wiphy) != netns)
            continue;

        if (have_wdev_id && rdev->wiphy_idx != wiphy_idx)
            continue;

        mutex_lock(&rdev->devlist_mtx);
        list_for_each_entry(wdev, &rdev->wdev_list, list) {
            if (have_ifidx && wdev->netdev &&
                wdev->netdev->ifindex == ifidx) {
                result = wdev;
                break;
            }
            if (have_wdev_id && wdev->identifier == (u32)wdev_id) {
                result = wdev;
                break;
            }
        }
        mutex_unlock(&rdev->devlist_mtx);

        if (result)
            break;
    }

    if (result)
        return result;
    return ERR_PTR(-ENODEV);
}

static struct cfg80211_registered_device *
__cfg80211_rdev_from_attrs(struct net *netns, struct nlattr **attrs)
{
    struct cfg80211_registered_device *rdev = NULL, *tmp;
    struct net_device *netdev;

    assert_cfg80211_lock();

    if (!attrs[NL80211_ATTR_WIPHY] &&
        !attrs[NL80211_ATTR_IFINDEX] &&
        !attrs[NL80211_ATTR_WDEV])
        return ERR_PTR(-EINVAL);

    if (attrs[NL80211_ATTR_WIPHY])
        rdev = cfg80211_rdev_by_wiphy_idx(
                nla_get_u32(attrs[NL80211_ATTR_WIPHY]));

    if (attrs[NL80211_ATTR_WDEV]) {
        u64 wdev_id = nla_get_u64(attrs[NL80211_ATTR_WDEV]);
        struct wireless_dev *wdev;
        bool found = false;

        tmp = cfg80211_rdev_by_wiphy_idx(wdev_id >> 32);
        if (tmp) {
            /* make sure wdev exists */
            mutex_lock(&tmp->devlist_mtx);
            list_for_each_entry(wdev, &tmp->wdev_list, list) {
                if (wdev->identifier != (u32)wdev_id)
                    continue;
                found = true;
                break;
            }
            mutex_unlock(&tmp->devlist_mtx);

            if (!found)
                tmp = NULL;

            if (rdev && tmp != rdev)
                return ERR_PTR(-EINVAL);
            rdev = tmp;
        }
    }

    if (attrs[NL80211_ATTR_IFINDEX]) {
        int ifindex = nla_get_u32(attrs[NL80211_ATTR_IFINDEX]);
        netdev = dev_get_by_index(netns, ifindex);
        if (netdev) {
            if (netdev->ieee80211_ptr)
                tmp = wiphy_to_dev(
                        netdev->ieee80211_ptr->wiphy);
            else
                tmp = NULL;

            dev_put(netdev);

            /* not wireless device -- return error */
            if (!tmp)
                return ERR_PTR(-EINVAL);

            /* mismatch -- return error */
            if (rdev && tmp != rdev)
                return ERR_PTR(-EINVAL);

            rdev = tmp;
        }
    }

    if (!rdev)
        return ERR_PTR(-ENODEV);

    if (netns != wiphy_net(&rdev->wiphy))
        return ERR_PTR(-ENODEV);

    return rdev;
}

/*
 * This function returns a pointer to the driver
 * that the genl_info item that is passed refers to.
 * If successful, it returns non-NULL and also locks
 * the driver's mutex!
 *
 * This means that you need to call cfg80211_unlock_rdev()
 * before being allowed to acquire &cfg80211_mutex!
 *
 * This is necessary because we need to lock the global
 * mutex to get an item off the list safely, and then
 * we lock the rdev mutex so it doesn't go away under us.
 *
 * We don't want to keep cfg80211_mutex locked
 * for all the time in order to allow requests on
 * other interfaces to go through at the same time.
 *
 * The result of this can be a PTR_ERR and hence must
 * be checked with IS_ERR() for errors.
 */
static struct cfg80211_registered_device *
cfg80211_get_dev_from_info(struct net *netns, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev;

    mutex_lock(&cfg80211_mutex);
    rdev = __cfg80211_rdev_from_attrs(netns, info->attrs);

    /* if it is not an error we grab the lock on
     * it to assure it won't be going away while
     * we operate on it */
    if (!IS_ERR(rdev))
        mutex_lock(&rdev->mtx);

    mutex_unlock(&cfg80211_mutex);

    return rdev;
}

/* policy for the attributes */
static const struct nla_policy nl80211_policy[NL80211_ATTR_MAX+1] = {
    [NL80211_ATTR_WIPHY] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_NAME] = { .type = NLA_NUL_STRING,
                      .len = 20-1 },
    [NL80211_ATTR_WIPHY_TXQ_PARAMS] = { .type = NLA_NESTED },
    [NL80211_ATTR_WIPHY_FREQ] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_CHANNEL_TYPE] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_RETRY_SHORT] = { .type = NLA_U8 },
    [NL80211_ATTR_WIPHY_RETRY_LONG] = { .type = NLA_U8 },
    [NL80211_ATTR_WIPHY_FRAG_THRESHOLD] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_RTS_THRESHOLD] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_COVERAGE_CLASS] = { .type = NLA_U8 },

    [NL80211_ATTR_IFTYPE] = { .type = NLA_U32 },
    [NL80211_ATTR_IFINDEX] = { .type = NLA_U32 },
    [NL80211_ATTR_IFNAME] = { .type = NLA_NUL_STRING, .len = IFNAMSIZ-1 },

    [NL80211_ATTR_MAC] = { .len = ETH_ALEN },
    [NL80211_ATTR_PREV_BSSID] = { .len = ETH_ALEN },

    [NL80211_ATTR_KEY] = { .type = NLA_NESTED, },
    [NL80211_ATTR_KEY_DATA] = { .type = NLA_BINARY,
                    .len = WLAN_MAX_KEY_LEN },
    [NL80211_ATTR_KEY_IDX] = { .type = NLA_U8 },
    [NL80211_ATTR_KEY_CIPHER] = { .type = NLA_U32 },
    [NL80211_ATTR_KEY_DEFAULT] = { .type = NLA_FLAG },
    [NL80211_ATTR_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
    [NL80211_ATTR_KEY_TYPE] = { .type = NLA_U32 },

    [NL80211_ATTR_BEACON_INTERVAL] = { .type = NLA_U32 },
    [NL80211_ATTR_DTIM_PERIOD] = { .type = NLA_U32 },
    [NL80211_ATTR_BEACON_HEAD] = { .type = NLA_BINARY,
                       .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_BEACON_TAIL] = { .type = NLA_BINARY,
                       .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_STA_AID] = { .type = NLA_U16 },
    [NL80211_ATTR_STA_FLAGS] = { .type = NLA_NESTED },
    [NL80211_ATTR_STA_LISTEN_INTERVAL] = { .type = NLA_U16 },
    [NL80211_ATTR_STA_SUPPORTED_RATES] = { .type = NLA_BINARY,
                           .len = NL80211_MAX_SUPP_RATES },
    [NL80211_ATTR_STA_PLINK_ACTION] = { .type = NLA_U8 },
    [NL80211_ATTR_STA_VLAN] = { .type = NLA_U32 },
    [NL80211_ATTR_MNTR_FLAGS] = { /* NLA_NESTED can't be empty */ },
    [NL80211_ATTR_MESH_ID] = { .type = NLA_BINARY,
                   .len = IEEE80211_MAX_MESH_ID_LEN },
    [NL80211_ATTR_MPATH_NEXT_HOP] = { .type = NLA_U32 },

    [NL80211_ATTR_REG_ALPHA2] = { .type = NLA_STRING, .len = 2 },
    [NL80211_ATTR_REG_RULES] = { .type = NLA_NESTED },

    [NL80211_ATTR_BSS_CTS_PROT] = { .type = NLA_U8 },
    [NL80211_ATTR_BSS_SHORT_PREAMBLE] = { .type = NLA_U8 },
    [NL80211_ATTR_BSS_SHORT_SLOT_TIME] = { .type = NLA_U8 },
    [NL80211_ATTR_BSS_BASIC_RATES] = { .type = NLA_BINARY,
                       .len = NL80211_MAX_SUPP_RATES },
    [NL80211_ATTR_BSS_HT_OPMODE] = { .type = NLA_U16 },

    [NL80211_ATTR_MESH_CONFIG] = { .type = NLA_NESTED },
    [NL80211_ATTR_SUPPORT_MESH_AUTH] = { .type = NLA_FLAG },

    [NL80211_ATTR_HT_CAPABILITY] = { .len = NL80211_HT_CAPABILITY_LEN },

    [NL80211_ATTR_MGMT_SUBTYPE] = { .type = NLA_U8 },
    [NL80211_ATTR_IE] = { .type = NLA_BINARY,
                  .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_SCAN_FREQUENCIES] = { .type = NLA_NESTED },
    [NL80211_ATTR_SCAN_SSIDS] = { .type = NLA_NESTED },

    [NL80211_ATTR_SSID] = { .type = NLA_BINARY,
                .len = IEEE80211_MAX_SSID_LEN },
    [NL80211_ATTR_AUTH_TYPE] = { .type = NLA_U32 },
    [NL80211_ATTR_REASON_CODE] = { .type = NLA_U16 },
    [NL80211_ATTR_FREQ_FIXED] = { .type = NLA_FLAG },
    [NL80211_ATTR_TIMED_OUT] = { .type = NLA_FLAG },
    [NL80211_ATTR_USE_MFP] = { .type = NLA_U32 },
    [NL80211_ATTR_STA_FLAGS2] = {
        .len = sizeof(struct nl80211_sta_flag_update),
    },
    [NL80211_ATTR_CONTROL_PORT] = { .type = NLA_FLAG },
    [NL80211_ATTR_CONTROL_PORT_ETHERTYPE] = { .type = NLA_U16 },
    [NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT] = { .type = NLA_FLAG },
    [NL80211_ATTR_PRIVACY] = { .type = NLA_FLAG },
    [NL80211_ATTR_CIPHER_SUITE_GROUP] = { .type = NLA_U32 },
    [NL80211_ATTR_WPA_VERSIONS] = { .type = NLA_U32 },
    [NL80211_ATTR_PID] = { .type = NLA_U32 },
    [NL80211_ATTR_4ADDR] = { .type = NLA_U8 },
    [NL80211_ATTR_PMKID] = { .type = NLA_BINARY,
                 .len = WLAN_PMKID_LEN },
    [NL80211_ATTR_DURATION] = { .type = NLA_U32 },
    [NL80211_ATTR_COOKIE] = { .type = NLA_U64 },
    [NL80211_ATTR_TX_RATES] = { .type = NLA_NESTED },
    [NL80211_ATTR_FRAME] = { .type = NLA_BINARY,
                 .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_FRAME_MATCH] = { .type = NLA_BINARY, },
    [NL80211_ATTR_PS_STATE] = { .type = NLA_U32 },
    [NL80211_ATTR_CQM] = { .type = NLA_NESTED, },
    [NL80211_ATTR_LOCAL_STATE_CHANGE] = { .type = NLA_FLAG },
    [NL80211_ATTR_AP_ISOLATE] = { .type = NLA_U8 },
    [NL80211_ATTR_WIPHY_TX_POWER_SETTING] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_TX_POWER_LEVEL] = { .type = NLA_U32 },
    [NL80211_ATTR_FRAME_TYPE] = { .type = NLA_U16 },
    [NL80211_ATTR_WIPHY_ANTENNA_TX] = { .type = NLA_U32 },
    [NL80211_ATTR_WIPHY_ANTENNA_RX] = { .type = NLA_U32 },
    [NL80211_ATTR_MCAST_RATE] = { .type = NLA_U32 },
    [NL80211_ATTR_OFFCHANNEL_TX_OK] = { .type = NLA_FLAG },
    [NL80211_ATTR_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
    [NL80211_ATTR_WOWLAN_TRIGGERS] = { .type = NLA_NESTED },
    [NL80211_ATTR_STA_PLINK_STATE] = { .type = NLA_U8 },
    [NL80211_ATTR_SCHED_SCAN_INTERVAL] = { .type = NLA_U32 },
    [NL80211_ATTR_REKEY_DATA] = { .type = NLA_NESTED },
    [NL80211_ATTR_SCAN_SUPP_RATES] = { .type = NLA_NESTED },
    [NL80211_ATTR_HIDDEN_SSID] = { .type = NLA_U32 },
    [NL80211_ATTR_IE_PROBE_RESP] = { .type = NLA_BINARY,
                     .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_IE_ASSOC_RESP] = { .type = NLA_BINARY,
                     .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_ROAM_SUPPORT] = { .type = NLA_FLAG },
    [NL80211_ATTR_SCHED_SCAN_MATCH] = { .type = NLA_NESTED },
    [NL80211_ATTR_TX_NO_CCK_RATE] = { .type = NLA_FLAG },
    [NL80211_ATTR_TDLS_ACTION] = { .type = NLA_U8 },
    [NL80211_ATTR_TDLS_DIALOG_TOKEN] = { .type = NLA_U8 },
    [NL80211_ATTR_TDLS_OPERATION] = { .type = NLA_U8 },
    [NL80211_ATTR_TDLS_SUPPORT] = { .type = NLA_FLAG },
    [NL80211_ATTR_TDLS_EXTERNAL_SETUP] = { .type = NLA_FLAG },
    [NL80211_ATTR_DONT_WAIT_FOR_ACK] = { .type = NLA_FLAG },
    [NL80211_ATTR_PROBE_RESP] = { .type = NLA_BINARY,
                      .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_ATTR_DFS_REGION] = { .type = NLA_U8 },
    [NL80211_ATTR_DISABLE_HT] = { .type = NLA_FLAG },
    [NL80211_ATTR_HT_CAPABILITY_MASK] = {
        .len = NL80211_HT_CAPABILITY_LEN
    },
    [NL80211_ATTR_NOACK_MAP] = { .type = NLA_U16 },
    [NL80211_ATTR_INACTIVITY_TIMEOUT] = { .type = NLA_U16 },
    [NL80211_ATTR_BG_SCAN_PERIOD] = { .type = NLA_U16 },
    [NL80211_ATTR_WDEV] = { .type = NLA_U64 },
    [NL80211_ATTR_USER_REG_HINT_TYPE] = { .type = NLA_U32 },
};

/* policy for the key attributes */
static const struct nla_policy nl80211_key_policy[NL80211_KEY_MAX + 1] = {
    [NL80211_KEY_DATA] = { .type = NLA_BINARY, .len = WLAN_MAX_KEY_LEN },
    [NL80211_KEY_IDX] = { .type = NLA_U8 },
    [NL80211_KEY_CIPHER] = { .type = NLA_U32 },
    [NL80211_KEY_SEQ] = { .type = NLA_BINARY, .len = 16 },
    [NL80211_KEY_DEFAULT] = { .type = NLA_FLAG },
    [NL80211_KEY_DEFAULT_MGMT] = { .type = NLA_FLAG },
    [NL80211_KEY_TYPE] = { .type = NLA_U32 },
    [NL80211_KEY_DEFAULT_TYPES] = { .type = NLA_NESTED },
};

/* policy for the key default flags */
static const struct nla_policy
nl80211_key_default_policy[NUM_NL80211_KEY_DEFAULT_TYPES] = {
    [NL80211_KEY_DEFAULT_TYPE_UNICAST] = { .type = NLA_FLAG },
    [NL80211_KEY_DEFAULT_TYPE_MULTICAST] = { .type = NLA_FLAG },
};

/* policy for WoWLAN attributes */
static const struct nla_policy
nl80211_wowlan_policy[NUM_NL80211_WOWLAN_TRIG] = {
    [NL80211_WOWLAN_TRIG_ANY] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_DISCONNECT] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_MAGIC_PKT] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_PKT_PATTERN] = { .type = NLA_NESTED },
    [NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE] = { .type = NLA_FLAG },
    [NL80211_WOWLAN_TRIG_RFKILL_RELEASE] = { .type = NLA_FLAG },
};

/* policy for GTK rekey offload attributes */
static const struct nla_policy
nl80211_rekey_policy[NUM_NL80211_REKEY_DATA] = {
    [NL80211_REKEY_DATA_KEK] = { .len = NL80211_KEK_LEN },
    [NL80211_REKEY_DATA_KCK] = { .len = NL80211_KCK_LEN },
    [NL80211_REKEY_DATA_REPLAY_CTR] = { .len = NL80211_REPLAY_CTR_LEN },
};

static const struct nla_policy
nl80211_match_policy[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1] = {
    [NL80211_SCHED_SCAN_MATCH_ATTR_SSID] = { .type = NLA_BINARY,
                         .len = IEEE80211_MAX_SSID_LEN },
    [NL80211_SCHED_SCAN_MATCH_ATTR_RSSI] = { .type = NLA_U32 },
};

/* ifidx get helper */
static int nl80211_get_ifidx(struct netlink_callback *cb)
{
    int res;

    res = nlmsg_parse(cb->nlh, GENL_HDRLEN + nl80211_fam.hdrsize,
              nl80211_fam.attrbuf, nl80211_fam.maxattr,
              nl80211_policy);
    if (res)
        return res;

    if (!nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX])
        return -EINVAL;

    res = nla_get_u32(nl80211_fam.attrbuf[NL80211_ATTR_IFINDEX]);
    if (!res)
        return -EINVAL;
    return res;
}

static int nl80211_prepare_netdev_dump(struct sk_buff *skb,
                       struct netlink_callback *cb,
                       struct cfg80211_registered_device **rdev,
                       struct net_device **dev)
{
    int ifidx = cb->args[0];
    int err;

    if (!ifidx)
        ifidx = nl80211_get_ifidx(cb);
    if (ifidx < 0)
        return ifidx;

    cb->args[0] = ifidx;

    rtnl_lock();

    *dev = __dev_get_by_index(sock_net(skb->sk), ifidx);
    if (!*dev) {
        err = -ENODEV;
        goto out_rtnl;
    }

    *rdev = cfg80211_get_dev_from_ifindex(sock_net(skb->sk), ifidx);
    if (IS_ERR(*rdev)) {
        err = PTR_ERR(*rdev);
        goto out_rtnl;
    }

    return 0;
 out_rtnl:
    rtnl_unlock();
    return err;
}

static void nl80211_finish_netdev_dump(struct cfg80211_registered_device *rdev)
{
    cfg80211_unlock_rdev(rdev);
    rtnl_unlock();
}

/* IE validation */
static bool is_valid_ie_attr(const struct nlattr *attr)
{
    const u8 *pos;
    int len;

    if (!attr)
        return true;

    pos = nla_data(attr);
    len = nla_len(attr);

    while (len) {
        u8 elemlen;

        if (len < 2)
            return false;
        len -= 2;

        elemlen = pos[1];
        if (elemlen > len)
            return false;

        len -= elemlen;
        pos += 2 + elemlen;
    }

    return true;
}

/* message building helper */
static inline void *nl80211hdr_put(struct sk_buff *skb, u32 portid, u32 seq,
                   int flags, u8 cmd)
{
    /* since there is no private header just add the generic one */
    return genlmsg_put(skb, portid, seq, &nl80211_fam, flags, cmd);
}

static int nl80211_msg_put_channel(struct sk_buff *msg,
                   struct ieee80211_channel *chan)
{
    if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_FREQ,
            chan->center_freq))
        goto nla_put_failure;

    if ((chan->flags & IEEE80211_CHAN_DISABLED) &&
        nla_put_flag(msg, NL80211_FREQUENCY_ATTR_DISABLED))
        goto nla_put_failure;
    if ((chan->flags & IEEE80211_CHAN_PASSIVE_SCAN) &&
        nla_put_flag(msg, NL80211_FREQUENCY_ATTR_PASSIVE_SCAN))
        goto nla_put_failure;
    if ((chan->flags & IEEE80211_CHAN_NO_IBSS) &&
        nla_put_flag(msg, NL80211_FREQUENCY_ATTR_NO_IBSS))
        goto nla_put_failure;
    if ((chan->flags & IEEE80211_CHAN_RADAR) &&
        nla_put_flag(msg, NL80211_FREQUENCY_ATTR_RADAR))
        goto nla_put_failure;

    if (nla_put_u32(msg, NL80211_FREQUENCY_ATTR_MAX_TX_POWER,
            DBM_TO_MBM(chan->max_power)))
        goto nla_put_failure;

    return 0;

 nla_put_failure:
    return -ENOBUFS;
}

/* netlink command implementations */

struct key_parse {
    struct key_params p;
    int idx;
    int type;
    bool def, defmgmt;
    bool def_uni, def_multi;
};

static int nl80211_parse_key_new(struct nlattr *key, struct key_parse *k)
{
    struct nlattr *tb[NL80211_KEY_MAX + 1];
    int err = nla_parse_nested(tb, NL80211_KEY_MAX, key,
                   nl80211_key_policy);
    if (err)
        return err;

    k->def = !!tb[NL80211_KEY_DEFAULT];
    k->defmgmt = !!tb[NL80211_KEY_DEFAULT_MGMT];

    if (k->def) {
        k->def_uni = true;
        k->def_multi = true;
    }
    if (k->defmgmt)
        k->def_multi = true;

    if (tb[NL80211_KEY_IDX])
        k->idx = nla_get_u8(tb[NL80211_KEY_IDX]);

    if (tb[NL80211_KEY_DATA]) {
        k->p.key = nla_data(tb[NL80211_KEY_DATA]);
        k->p.key_len = nla_len(tb[NL80211_KEY_DATA]);
    }

    if (tb[NL80211_KEY_SEQ]) {
        k->p.seq = nla_data(tb[NL80211_KEY_SEQ]);
        k->p.seq_len = nla_len(tb[NL80211_KEY_SEQ]);
    }

    if (tb[NL80211_KEY_CIPHER])
        k->p.cipher = nla_get_u32(tb[NL80211_KEY_CIPHER]);

    if (tb[NL80211_KEY_TYPE]) {
        k->type = nla_get_u32(tb[NL80211_KEY_TYPE]);
        if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
            return -EINVAL;
    }

    if (tb[NL80211_KEY_DEFAULT_TYPES]) {
        struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
        err = nla_parse_nested(kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
                       tb[NL80211_KEY_DEFAULT_TYPES],
                       nl80211_key_default_policy);
        if (err)
            return err;

        k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
        k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
    }

    return 0;
}

static int nl80211_parse_key_old(struct genl_info *info, struct key_parse *k)
{
    if (info->attrs[NL80211_ATTR_KEY_DATA]) {
        k->p.key = nla_data(info->attrs[NL80211_ATTR_KEY_DATA]);
        k->p.key_len = nla_len(info->attrs[NL80211_ATTR_KEY_DATA]);
    }

    if (info->attrs[NL80211_ATTR_KEY_SEQ]) {
        k->p.seq = nla_data(info->attrs[NL80211_ATTR_KEY_SEQ]);
        k->p.seq_len = nla_len(info->attrs[NL80211_ATTR_KEY_SEQ]);
    }

    if (info->attrs[NL80211_ATTR_KEY_IDX])
        k->idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);

    if (info->attrs[NL80211_ATTR_KEY_CIPHER])
        k->p.cipher = nla_get_u32(info->attrs[NL80211_ATTR_KEY_CIPHER]);

    k->def = !!info->attrs[NL80211_ATTR_KEY_DEFAULT];
    k->defmgmt = !!info->attrs[NL80211_ATTR_KEY_DEFAULT_MGMT];

    if (k->def) {
        k->def_uni = true;
        k->def_multi = true;
    }
    if (k->defmgmt)
        k->def_multi = true;

    if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
        k->type = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
        if (k->type < 0 || k->type >= NUM_NL80211_KEYTYPES)
            return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES]) {
        struct nlattr *kdt[NUM_NL80211_KEY_DEFAULT_TYPES];
        int err = nla_parse_nested(
                kdt, NUM_NL80211_KEY_DEFAULT_TYPES - 1,
                info->attrs[NL80211_ATTR_KEY_DEFAULT_TYPES],
                nl80211_key_default_policy);
        if (err)
            return err;

        k->def_uni = kdt[NL80211_KEY_DEFAULT_TYPE_UNICAST];
        k->def_multi = kdt[NL80211_KEY_DEFAULT_TYPE_MULTICAST];
    }

    return 0;
}

static int nl80211_parse_key(struct genl_info *info, struct key_parse *k)
{
    int err;

    memset(k, 0, sizeof(*k));
    k->idx = -1;
    k->type = -1;

    if (info->attrs[NL80211_ATTR_KEY])
        err = nl80211_parse_key_new(info->attrs[NL80211_ATTR_KEY], k);
    else
        err = nl80211_parse_key_old(info, k);

    if (err)
        return err;

    if (k->def && k->defmgmt)
        return -EINVAL;

    if (k->defmgmt) {
        if (k->def_uni || !k->def_multi)
            return -EINVAL;
    }

    if (k->idx != -1) {
        if (k->defmgmt) {
            if (k->idx < 4 || k->idx > 5)
                return -EINVAL;
        } else if (k->def) {
            if (k->idx < 0 || k->idx > 3)
                return -EINVAL;
        } else {
            if (k->idx < 0 || k->idx > 5)
                return -EINVAL;
        }
    }

    return 0;
}

static struct cfg80211_cached_keys *
nl80211_parse_connkeys(struct cfg80211_registered_device *rdev,
               struct nlattr *keys)
{
    struct key_parse parse;
    struct nlattr *key;
    struct cfg80211_cached_keys *result;
    int rem, err, def = 0;

    result = kzalloc(sizeof(*result), GFP_KERNEL);
    if (!result)
        return ERR_PTR(-ENOMEM);

    result->def = -1;
    result->defmgmt = -1;

    nla_for_each_nested(key, keys, rem) {
        memset(&parse, 0, sizeof(parse));
        parse.idx = -1;

        err = nl80211_parse_key_new(key, &parse);
        if (err)
            goto error;
        err = -EINVAL;
        if (!parse.p.key)
            goto error;
        if (parse.idx < 0 || parse.idx > 4)
            goto error;
        if (parse.def) {
            if (def)
                goto error;
            def = 1;
            result->def = parse.idx;
            if (!parse.def_uni || !parse.def_multi)
                goto error;
        } else if (parse.defmgmt)
            goto error;
        err = cfg80211_validate_key_settings(rdev, &parse.p,
                             parse.idx, false, NULL);
        if (err)
            goto error;
        result->params[parse.idx].cipher = parse.p.cipher;
        result->params[parse.idx].key_len = parse.p.key_len;
        result->params[parse.idx].key = result->data[parse.idx];
        memcpy(result->data[parse.idx], parse.p.key, parse.p.key_len);
    }

    return result;
 error:
    kfree(result);
    return ERR_PTR(err);
}

static int nl80211_key_allowed(struct wireless_dev *wdev)
{
    ASSERT_WDEV_LOCK(wdev);

    switch (wdev->iftype) {
    case NL80211_IFTYPE_AP:
    case NL80211_IFTYPE_AP_VLAN:
    case NL80211_IFTYPE_P2P_GO:
    case NL80211_IFTYPE_MESH_POINT:
        break;
    case NL80211_IFTYPE_ADHOC:
        if (!wdev->current_bss)
            return -ENOLINK;
        break;
    case NL80211_IFTYPE_STATION:
    case NL80211_IFTYPE_P2P_CLIENT:
        if (wdev->sme_state != CFG80211_SME_CONNECTED)
            return -ENOLINK;
        break;
    default:
        return -EINVAL;
    }

    return 0;
}

static int nl80211_put_iftypes(struct sk_buff *msg, u32 attr, u16 ifmodes)
{
    struct nlattr *nl_modes = nla_nest_start(msg, attr);
    int i;

    if (!nl_modes)
        goto nla_put_failure;

    i = 0;
    while (ifmodes) {
        if ((ifmodes & 1) && nla_put_flag(msg, i))
            goto nla_put_failure;
        ifmodes >>= 1;
        i++;
    }

    nla_nest_end(msg, nl_modes);
    return 0;

nla_put_failure:
    return -ENOBUFS;
}

static int nl80211_put_iface_combinations(struct wiphy *wiphy,
                      struct sk_buff *msg)
{
    struct nlattr *nl_combis;
    int i, j;

    nl_combis = nla_nest_start(msg,
                NL80211_ATTR_INTERFACE_COMBINATIONS);
    if (!nl_combis)
        goto nla_put_failure;

    for (i = 0; i < wiphy->n_iface_combinations; i++) {
        const struct ieee80211_iface_combination *c;
        struct nlattr *nl_combi, *nl_limits;

        c = &wiphy->iface_combinations[i];

        nl_combi = nla_nest_start(msg, i + 1);
        if (!nl_combi)
            goto nla_put_failure;

        nl_limits = nla_nest_start(msg, NL80211_IFACE_COMB_LIMITS);
        if (!nl_limits)
            goto nla_put_failure;

        for (j = 0; j < c->n_limits; j++) {
            struct nlattr *nl_limit;

            nl_limit = nla_nest_start(msg, j + 1);
            if (!nl_limit)
                goto nla_put_failure;
            if (nla_put_u32(msg, NL80211_IFACE_LIMIT_MAX,
                    c->limits[j].max))
                goto nla_put_failure;
            if (nl80211_put_iftypes(msg, NL80211_IFACE_LIMIT_TYPES,
                        c->limits[j].types))
                goto nla_put_failure;
            nla_nest_end(msg, nl_limit);
        }

        nla_nest_end(msg, nl_limits);

        if (c->beacon_int_infra_match &&
            nla_put_flag(msg, NL80211_IFACE_COMB_STA_AP_BI_MATCH))
            goto nla_put_failure;
        if (nla_put_u32(msg, NL80211_IFACE_COMB_NUM_CHANNELS,
                c->num_different_channels) ||
            nla_put_u32(msg, NL80211_IFACE_COMB_MAXNUM,
                c->max_interfaces))
            goto nla_put_failure;

        nla_nest_end(msg, nl_combi);
    }

    nla_nest_end(msg, nl_combis);

    return 0;
nla_put_failure:
    return -ENOBUFS;
}

static int nl80211_send_wiphy(struct sk_buff *msg, u32 portid, u32 seq, int flags,
                  struct cfg80211_registered_device *dev)
{
    void *hdr;
    struct nlattr *nl_bands, *nl_band;
    struct nlattr *nl_freqs, *nl_freq;
    struct nlattr *nl_rates, *nl_rate;
    struct nlattr *nl_cmds;
    enum ieee80211_band band;
    struct ieee80211_channel *chan;
    struct ieee80211_rate *rate;
    int i;
    const struct ieee80211_txrx_stypes *mgmt_stypes =
                dev->wiphy.mgmt_stypes;

    hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_WIPHY);
    if (!hdr)
        return -1;

    if (nla_put_u32(msg, NL80211_ATTR_WIPHY, dev->wiphy_idx) ||
        nla_put_string(msg, NL80211_ATTR_WIPHY_NAME, wiphy_name(&dev->wiphy)) ||
        nla_put_u32(msg, NL80211_ATTR_GENERATION,
            cfg80211_rdev_list_generation) ||
        nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_SHORT,
               dev->wiphy.retry_short) ||
        nla_put_u8(msg, NL80211_ATTR_WIPHY_RETRY_LONG,
               dev->wiphy.retry_long) ||
        nla_put_u32(msg, NL80211_ATTR_WIPHY_FRAG_THRESHOLD,
            dev->wiphy.frag_threshold) ||
        nla_put_u32(msg, NL80211_ATTR_WIPHY_RTS_THRESHOLD,
            dev->wiphy.rts_threshold) ||
        nla_put_u8(msg, NL80211_ATTR_WIPHY_COVERAGE_CLASS,
               dev->wiphy.coverage_class) ||
        nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCAN_SSIDS,
               dev->wiphy.max_scan_ssids) ||
        nla_put_u8(msg, NL80211_ATTR_MAX_NUM_SCHED_SCAN_SSIDS,
               dev->wiphy.max_sched_scan_ssids) ||
        nla_put_u16(msg, NL80211_ATTR_MAX_SCAN_IE_LEN,
            dev->wiphy.max_scan_ie_len) ||
        nla_put_u16(msg, NL80211_ATTR_MAX_SCHED_SCAN_IE_LEN,
            dev->wiphy.max_sched_scan_ie_len) ||
        nla_put_u8(msg, NL80211_ATTR_MAX_MATCH_SETS,
               dev->wiphy.max_match_sets))
        goto nla_put_failure;

    if ((dev->wiphy.flags & WIPHY_FLAG_IBSS_RSN) &&
        nla_put_flag(msg, NL80211_ATTR_SUPPORT_IBSS_RSN))
        goto nla_put_failure;
    if ((dev->wiphy.flags & WIPHY_FLAG_MESH_AUTH) &&
        nla_put_flag(msg, NL80211_ATTR_SUPPORT_MESH_AUTH))
        goto nla_put_failure;
    if ((dev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
        nla_put_flag(msg, NL80211_ATTR_SUPPORT_AP_UAPSD))
        goto nla_put_failure;
    if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_FW_ROAM) &&
        nla_put_flag(msg, NL80211_ATTR_ROAM_SUPPORT))
        goto nla_put_failure;
    if ((dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) &&
        nla_put_flag(msg, NL80211_ATTR_TDLS_SUPPORT))
        goto nla_put_failure;
    if ((dev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP) &&
        nla_put_flag(msg, NL80211_ATTR_TDLS_EXTERNAL_SETUP))
        goto nla_put_failure;

    if (nla_put(msg, NL80211_ATTR_CIPHER_SUITES,
            sizeof(u32) * dev->wiphy.n_cipher_suites,
            dev->wiphy.cipher_suites))
        goto nla_put_failure;

    if (nla_put_u8(msg, NL80211_ATTR_MAX_NUM_PMKIDS,
               dev->wiphy.max_num_pmkids))
        goto nla_put_failure;

    if ((dev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
        nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE))
        goto nla_put_failure;

    if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_TX,
            dev->wiphy.available_antennas_tx) ||
        nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_AVAIL_RX,
            dev->wiphy.available_antennas_rx))
        goto nla_put_failure;

    if ((dev->wiphy.flags & WIPHY_FLAG_AP_PROBE_RESP_OFFLOAD) &&
        nla_put_u32(msg, NL80211_ATTR_PROBE_RESP_OFFLOAD,
            dev->wiphy.probe_resp_offload))
        goto nla_put_failure;

    if ((dev->wiphy.available_antennas_tx ||
         dev->wiphy.available_antennas_rx) && dev->ops->get_antenna) {
        u32 tx_ant = 0, rx_ant = 0;
        int res;
        res = dev->ops->get_antenna(&dev->wiphy, &tx_ant, &rx_ant);
        if (!res) {
            if (nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_TX,
                    tx_ant) ||
                nla_put_u32(msg, NL80211_ATTR_WIPHY_ANTENNA_RX,
                    rx_ant))
                goto nla_put_failure;
        }
    }

    if (nl80211_put_iftypes(msg, NL80211_ATTR_SUPPORTED_IFTYPES,
                dev->wiphy.interface_modes))
        goto nla_put_failure;

    nl_bands = nla_nest_start(msg, NL80211_ATTR_WIPHY_BANDS);
    if (!nl_bands)
        goto nla_put_failure;

    for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
        if (!dev->wiphy.bands[band])
            continue;

        nl_band = nla_nest_start(msg, band);
        if (!nl_band)
            goto nla_put_failure;

        /* add HT info */
        if (dev->wiphy.bands[band]->ht_cap.ht_supported &&
            (nla_put(msg, NL80211_BAND_ATTR_HT_MCS_SET,
                 sizeof(dev->wiphy.bands[band]->ht_cap.mcs),
                 &dev->wiphy.bands[band]->ht_cap.mcs) ||
             nla_put_u16(msg, NL80211_BAND_ATTR_HT_CAPA,
                 dev->wiphy.bands[band]->ht_cap.cap) ||
             nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_FACTOR,
                dev->wiphy.bands[band]->ht_cap.ampdu_factor) ||
             nla_put_u8(msg, NL80211_BAND_ATTR_HT_AMPDU_DENSITY,
                dev->wiphy.bands[band]->ht_cap.ampdu_density)))
            goto nla_put_failure;

        /* add VHT info */
        if (dev->wiphy.bands[band]->vht_cap.vht_supported &&
            (nla_put(msg, NL80211_BAND_ATTR_VHT_MCS_SET,
                 sizeof(dev->wiphy.bands[band]->vht_cap.vht_mcs),
                 &dev->wiphy.bands[band]->vht_cap.vht_mcs) ||
             nla_put_u32(msg, NL80211_BAND_ATTR_VHT_CAPA,
                 dev->wiphy.bands[band]->vht_cap.cap)))
            goto nla_put_failure;

        /* add frequencies */
        nl_freqs = nla_nest_start(msg, NL80211_BAND_ATTR_FREQS);
        if (!nl_freqs)
            goto nla_put_failure;

        for (i = 0; i < dev->wiphy.bands[band]->n_channels; i++) {
            nl_freq = nla_nest_start(msg, i);
            if (!nl_freq)
                goto nla_put_failure;

            chan = &dev->wiphy.bands[band]->channels[i];

            if (nl80211_msg_put_channel(msg, chan))
                goto nla_put_failure;

            nla_nest_end(msg, nl_freq);
        }

        nla_nest_end(msg, nl_freqs);

        /* add bitrates */
        nl_rates = nla_nest_start(msg, NL80211_BAND_ATTR_RATES);
        if (!nl_rates)
            goto nla_put_failure;

        for (i = 0; i < dev->wiphy.bands[band]->n_bitrates; i++) {
            nl_rate = nla_nest_start(msg, i);
            if (!nl_rate)
                goto nla_put_failure;

            rate = &dev->wiphy.bands[band]->bitrates[i];
            if (nla_put_u32(msg, NL80211_BITRATE_ATTR_RATE,
                    rate->bitrate))
                goto nla_put_failure;
            if ((rate->flags & IEEE80211_RATE_SHORT_PREAMBLE) &&
                nla_put_flag(msg,
                     NL80211_BITRATE_ATTR_2GHZ_SHORTPREAMBLE))
                goto nla_put_failure;

            nla_nest_end(msg, nl_rate);
        }

        nla_nest_end(msg, nl_rates);

        nla_nest_end(msg, nl_band);
    }
    nla_nest_end(msg, nl_bands);

    nl_cmds = nla_nest_start(msg, NL80211_ATTR_SUPPORTED_COMMANDS);
    if (!nl_cmds)
        goto nla_put_failure;

    i = 0;
#define CMD(op, n)                      \
     do {                           \
        if (dev->ops->op) {             \
            i++;                    \
            if (nla_put_u32(msg, i, NL80211_CMD_ ## n)) \
                goto nla_put_failure;       \
        }                       \
    } while (0)

    CMD(add_virtual_intf, NEW_INTERFACE);
    CMD(change_virtual_intf, SET_INTERFACE);
    CMD(add_key, NEW_KEY);
    CMD(start_ap, START_AP);
    CMD(add_station, NEW_STATION);
    CMD(add_mpath, NEW_MPATH);
    CMD(update_mesh_config, SET_MESH_CONFIG);
    CMD(change_bss, SET_BSS);
    CMD(auth, AUTHENTICATE);
    CMD(assoc, ASSOCIATE);
    CMD(deauth, DEAUTHENTICATE);
    CMD(disassoc, DISASSOCIATE);
    CMD(join_ibss, JOIN_IBSS);
    CMD(join_mesh, JOIN_MESH);
    CMD(set_pmksa, SET_PMKSA);
    CMD(del_pmksa, DEL_PMKSA);
    CMD(flush_pmksa, FLUSH_PMKSA);
    if (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL)
        CMD(remain_on_channel, REMAIN_ON_CHANNEL);
    CMD(set_bitrate_mask, SET_TX_BITRATE_MASK);
    CMD(mgmt_tx, FRAME);
    CMD(mgmt_tx_cancel_wait, FRAME_WAIT_CANCEL);
    if (dev->wiphy.flags & WIPHY_FLAG_NETNS_OK) {
        i++;
        if (nla_put_u32(msg, i, NL80211_CMD_SET_WIPHY_NETNS))
            goto nla_put_failure;
    }
    if (dev->ops->set_monitor_channel || dev->ops->start_ap ||
        dev->ops->join_mesh) {
        i++;
        if (nla_put_u32(msg, i, NL80211_CMD_SET_CHANNEL))
            goto nla_put_failure;
    }
    CMD(set_wds_peer, SET_WDS_PEER);
    if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS) {
        CMD(tdls_mgmt, TDLS_MGMT);
        CMD(tdls_oper, TDLS_OPER);
    }
    if (dev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN)
        CMD(sched_scan_start, START_SCHED_SCAN);
    CMD(probe_client, PROBE_CLIENT);
    CMD(set_noack_map, SET_NOACK_MAP);
    if (dev->wiphy.flags & WIPHY_FLAG_REPORTS_OBSS) {
        i++;
        if (nla_put_u32(msg, i, NL80211_CMD_REGISTER_BEACONS))
            goto nla_put_failure;
    }
    CMD(start_p2p_device, START_P2P_DEVICE);

#ifdef CONFIG_NL80211_TESTMODE
    CMD(testmode_cmd, TESTMODE);
#endif

#undef CMD

    if (dev->ops->connect || dev->ops->auth) {
        i++;
        if (nla_put_u32(msg, i, NL80211_CMD_CONNECT))
            goto nla_put_failure;
    }

    if (dev->ops->disconnect || dev->ops->deauth) {
        i++;
        if (nla_put_u32(msg, i, NL80211_CMD_DISCONNECT))
            goto nla_put_failure;
    }

    nla_nest_end(msg, nl_cmds);

    if (dev->ops->remain_on_channel &&
        (dev->wiphy.flags & WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL) &&
        nla_put_u32(msg, NL80211_ATTR_MAX_REMAIN_ON_CHANNEL_DURATION,
            dev->wiphy.max_remain_on_channel_duration))
        goto nla_put_failure;

    if ((dev->wiphy.flags & WIPHY_FLAG_OFFCHAN_TX) &&
        nla_put_flag(msg, NL80211_ATTR_OFFCHANNEL_TX_OK))
        goto nla_put_failure;

    if (mgmt_stypes) {
        u16 stypes;
        struct nlattr *nl_ftypes, *nl_ifs;
        enum nl80211_iftype ift;

        nl_ifs = nla_nest_start(msg, NL80211_ATTR_TX_FRAME_TYPES);
        if (!nl_ifs)
            goto nla_put_failure;

        for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
            nl_ftypes = nla_nest_start(msg, ift);
            if (!nl_ftypes)
                goto nla_put_failure;
            i = 0;
            stypes = mgmt_stypes[ift].tx;
            while (stypes) {
                if ((stypes & 1) &&
                    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
                        (i << 4) | IEEE80211_FTYPE_MGMT))
                    goto nla_put_failure;
                stypes >>= 1;
                i++;
            }
            nla_nest_end(msg, nl_ftypes);
        }

        nla_nest_end(msg, nl_ifs);

        nl_ifs = nla_nest_start(msg, NL80211_ATTR_RX_FRAME_TYPES);
        if (!nl_ifs)
            goto nla_put_failure;

        for (ift = 0; ift < NUM_NL80211_IFTYPES; ift++) {
            nl_ftypes = nla_nest_start(msg, ift);
            if (!nl_ftypes)
                goto nla_put_failure;
            i = 0;
            stypes = mgmt_stypes[ift].rx;
            while (stypes) {
                if ((stypes & 1) &&
                    nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE,
                        (i << 4) | IEEE80211_FTYPE_MGMT))
                    goto nla_put_failure;
                stypes >>= 1;
                i++;
            }
            nla_nest_end(msg, nl_ftypes);
        }
        nla_nest_end(msg, nl_ifs);
    }

#ifdef CONFIG_PM
    if (dev->wiphy.wowlan.flags || dev->wiphy.wowlan.n_patterns) {
        struct nlattr *nl_wowlan;

        nl_wowlan = nla_nest_start(msg,
                NL80211_ATTR_WOWLAN_TRIGGERS_SUPPORTED);
        if (!nl_wowlan)
            goto nla_put_failure;

        if (((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_ANY) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_ANY)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_DISCONNECT) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_DISCONNECT)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_MAGIC_PKT) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_MAGIC_PKT)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_SUPPORTS_GTK_REKEY) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_SUPPORTED)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_GTK_REKEY_FAILURE) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_GTK_REKEY_FAILURE)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_EAP_IDENTITY_REQ) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_EAP_IDENT_REQUEST)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_4WAY_HANDSHAKE) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_4WAY_HANDSHAKE)) ||
            ((dev->wiphy.wowlan.flags & WIPHY_WOWLAN_RFKILL_RELEASE) &&
             nla_put_flag(msg, NL80211_WOWLAN_TRIG_RFKILL_RELEASE)))
            goto nla_put_failure;
        if (dev->wiphy.wowlan.n_patterns) {
            struct nl80211_wowlan_pattern_support pat = {
                .max_patterns = dev->wiphy.wowlan.n_patterns,
                .min_pattern_len =
                    dev->wiphy.wowlan.pattern_min_len,
                .max_pattern_len =
                    dev->wiphy.wowlan.pattern_max_len,
            };
            if (nla_put(msg, NL80211_WOWLAN_TRIG_PKT_PATTERN,
                    sizeof(pat), &pat))
                goto nla_put_failure;
        }

        nla_nest_end(msg, nl_wowlan);
    }
#endif

    if (nl80211_put_iftypes(msg, NL80211_ATTR_SOFTWARE_IFTYPES,
                dev->wiphy.software_iftypes))
        goto nla_put_failure;

    if (nl80211_put_iface_combinations(&dev->wiphy, msg))
        goto nla_put_failure;

    if ((dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME) &&
        nla_put_u32(msg, NL80211_ATTR_DEVICE_AP_SME,
            dev->wiphy.ap_sme_capa))
        goto nla_put_failure;

    if (nla_put_u32(msg, NL80211_ATTR_FEATURE_FLAGS,
            dev->wiphy.features))
        goto nla_put_failure;

    if (dev->wiphy.ht_capa_mod_mask &&
        nla_put(msg, NL80211_ATTR_HT_CAPABILITY_MASK,
            sizeof(*dev->wiphy.ht_capa_mod_mask),
            dev->wiphy.ht_capa_mod_mask))
        goto nla_put_failure;

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_wiphy(struct sk_buff *skb, struct netlink_callback *cb)
{
    int idx = 0;
    int start = cb->args[0];
    struct cfg80211_registered_device *dev;

    mutex_lock(&cfg80211_mutex);
    list_for_each_entry(dev, &cfg80211_rdev_list, list) {
        if (!net_eq(wiphy_net(&dev->wiphy), sock_net(skb->sk)))
            continue;
        if (++idx <= start)
            continue;
        if (nl80211_send_wiphy(skb, NETLINK_CB(cb->skb).portid,
                       cb->nlh->nlmsg_seq, NLM_F_MULTI,
                       dev) < 0) {
            idx--;
            break;
        }
    }
    mutex_unlock(&cfg80211_mutex);

    cb->args[0] = idx;

    return skb->len;
}

static int nl80211_get_wiphy(struct sk_buff *skb, struct genl_info *info)
{
    struct sk_buff *msg;
    struct cfg80211_registered_device *dev = info->user_ptr[0];

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    if (nl80211_send_wiphy(msg, info->snd_portid, info->snd_seq, 0, dev) < 0) {
        nlmsg_free(msg);
        return -ENOBUFS;
    }

    return genlmsg_reply(msg, info);
}

static const struct nla_policy txq_params_policy[NL80211_TXQ_ATTR_MAX + 1] = {
    [NL80211_TXQ_ATTR_QUEUE]        = { .type = NLA_U8 },
    [NL80211_TXQ_ATTR_TXOP]         = { .type = NLA_U16 },
    [NL80211_TXQ_ATTR_CWMIN]        = { .type = NLA_U16 },
    [NL80211_TXQ_ATTR_CWMAX]        = { .type = NLA_U16 },
    [NL80211_TXQ_ATTR_AIFS]         = { .type = NLA_U8 },
};

static int parse_txq_params(struct nlattr *tb[],
                struct ieee80211_txq_params *txq_params)
{
    if (!tb[NL80211_TXQ_ATTR_AC] || !tb[NL80211_TXQ_ATTR_TXOP] ||
        !tb[NL80211_TXQ_ATTR_CWMIN] || !tb[NL80211_TXQ_ATTR_CWMAX] ||
        !tb[NL80211_TXQ_ATTR_AIFS])
        return -EINVAL;

    txq_params->ac = nla_get_u8(tb[NL80211_TXQ_ATTR_AC]);
    txq_params->txop = nla_get_u16(tb[NL80211_TXQ_ATTR_TXOP]);
    txq_params->cwmin = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMIN]);
    txq_params->cwmax = nla_get_u16(tb[NL80211_TXQ_ATTR_CWMAX]);
    txq_params->aifs = nla_get_u8(tb[NL80211_TXQ_ATTR_AIFS]);

    if (txq_params->ac >= NL80211_NUM_ACS)
        return -EINVAL;

    return 0;
}

static bool nl80211_can_set_dev_channel(struct wireless_dev *wdev)
{
    /*
     * You can only set the channel explicitly for WDS interfaces,
     * all others have their channel managed via their respective
     * "establish a connection" command (connect, join, ...)
     *
     * For AP/GO and mesh mode, the channel can be set with the
     * channel userspace API, but is only stored and passed to the
     * low-level driver when the AP starts or the mesh is joined.
     * This is for backward compatibility, userspace can also give
     * the channel in the start-ap or join-mesh commands instead.
     *
     * Monitors are special as they are normally slaved to
     * whatever else is going on, so they have their own special
     * operation to set the monitor channel if possible.
     */
    return !wdev ||
        wdev->iftype == NL80211_IFTYPE_AP ||
        wdev->iftype == NL80211_IFTYPE_MESH_POINT ||
        wdev->iftype == NL80211_IFTYPE_MONITOR ||
        wdev->iftype == NL80211_IFTYPE_P2P_GO;
}

static bool nl80211_valid_channel_type(struct genl_info *info,
                       enum nl80211_channel_type *channel_type)
{
    enum nl80211_channel_type tmp;

    if (!info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE])
        return false;

    tmp = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE]);
    if (tmp != NL80211_CHAN_NO_HT &&
        tmp != NL80211_CHAN_HT20 &&
        tmp != NL80211_CHAN_HT40PLUS &&
        tmp != NL80211_CHAN_HT40MINUS)
        return false;

    if (channel_type)
        *channel_type = tmp;

    return true;
}

static int __nl80211_set_channel(struct cfg80211_registered_device *rdev,
                 struct wireless_dev *wdev,
                 struct genl_info *info)
{
    struct ieee80211_channel *channel;
    enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;
    u32 freq;
    int result;
    enum nl80211_iftype iftype = NL80211_IFTYPE_MONITOR;

    if (wdev)
        iftype = wdev->iftype;

    if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
        return -EINVAL;

    if (!nl80211_can_set_dev_channel(wdev))
        return -EOPNOTSUPP;

    if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
        !nl80211_valid_channel_type(info, &channel_type))
        return -EINVAL;

    freq = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]);

    mutex_lock(&rdev->devlist_mtx);
    switch (iftype) {
    case NL80211_IFTYPE_AP:
    case NL80211_IFTYPE_P2P_GO:
        if (wdev->beacon_interval) {
            result = -EBUSY;
            break;
        }
        channel = rdev_freq_to_chan(rdev, freq, channel_type);
        if (!channel || !cfg80211_can_beacon_sec_chan(&rdev->wiphy,
                                  channel,
                                  channel_type)) {
            result = -EINVAL;
            break;
        }
        wdev->preset_chan = channel;
        wdev->preset_chantype = channel_type;
        result = 0;
        break;
    case NL80211_IFTYPE_MESH_POINT:
        result = cfg80211_set_mesh_freq(rdev, wdev, freq, channel_type);
        break;
    case NL80211_IFTYPE_MONITOR:
        result = cfg80211_set_monitor_channel(rdev, freq, channel_type);
        break;
    default:
        result = -EINVAL;
    }
    mutex_unlock(&rdev->devlist_mtx);

    return result;
}

static int nl80211_set_channel(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *netdev = info->user_ptr[1];

    return __nl80211_set_channel(rdev, netdev->ieee80211_ptr, info);
}

static int nl80211_set_wds_peer(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct wireless_dev *wdev = dev->ieee80211_ptr;
    const u8 *bssid;

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    if (netif_running(dev))
        return -EBUSY;

    if (!rdev->ops->set_wds_peer)
        return -EOPNOTSUPP;

    if (wdev->iftype != NL80211_IFTYPE_WDS)
        return -EOPNOTSUPP;

    bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
    return rdev->ops->set_wds_peer(wdev->wiphy, dev, bssid);
}


static int nl80211_set_wiphy(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev;
    struct net_device *netdev = NULL;
    struct wireless_dev *wdev;
    int result = 0, rem_txq_params = 0;
    struct nlattr *nl_txq_params;
    u32 changed;
    u8 retry_short = 0, retry_long = 0;
    u32 frag_threshold = 0, rts_threshold = 0;
    u8 coverage_class = 0;

    /*
     * Try to find the wiphy and netdev. Normally this
     * function shouldn't need the netdev, but this is
     * done for backward compatibility -- previously
     * setting the channel was done per wiphy, but now
     * it is per netdev. Previous userland like hostapd
     * also passed a netdev to set_wiphy, so that it is
     * possible to let that go to the right netdev!
     */
    mutex_lock(&cfg80211_mutex);

    if (info->attrs[NL80211_ATTR_IFINDEX]) {
        int ifindex = nla_get_u32(info->attrs[NL80211_ATTR_IFINDEX]);

        netdev = dev_get_by_index(genl_info_net(info), ifindex);
        if (netdev && netdev->ieee80211_ptr) {
            rdev = wiphy_to_dev(netdev->ieee80211_ptr->wiphy);
            mutex_lock(&rdev->mtx);
        } else
            netdev = NULL;
    }

    if (!netdev) {
        rdev = __cfg80211_rdev_from_attrs(genl_info_net(info),
                          info->attrs);
        if (IS_ERR(rdev)) {
            mutex_unlock(&cfg80211_mutex);
            return PTR_ERR(rdev);
        }
        wdev = NULL;
        netdev = NULL;
        result = 0;

        mutex_lock(&rdev->mtx);
    } else if (nl80211_can_set_dev_channel(netdev->ieee80211_ptr))
        wdev = netdev->ieee80211_ptr;
    else
        wdev = NULL;

    /*
     * end workaround code, by now the rdev is available
     * and locked, and wdev may or may not be NULL.
     */

    if (info->attrs[NL80211_ATTR_WIPHY_NAME])
        result = cfg80211_dev_rename(
            rdev, nla_data(info->attrs[NL80211_ATTR_WIPHY_NAME]));

    mutex_unlock(&cfg80211_mutex);

    if (result)
        goto bad_res;

    if (info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS]) {
        struct ieee80211_txq_params txq_params;
        struct nlattr *tb[NL80211_TXQ_ATTR_MAX + 1];

        if (!rdev->ops->set_txq_params) {
            result = -EOPNOTSUPP;
            goto bad_res;
        }

        if (!netdev) {
            result = -EINVAL;
            goto bad_res;
        }

        if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
            netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO) {
            result = -EINVAL;
            goto bad_res;
        }

        if (!netif_running(netdev)) {
            result = -ENETDOWN;
            goto bad_res;
        }

        nla_for_each_nested(nl_txq_params,
                    info->attrs[NL80211_ATTR_WIPHY_TXQ_PARAMS],
                    rem_txq_params) {
            nla_parse(tb, NL80211_TXQ_ATTR_MAX,
                  nla_data(nl_txq_params),
                  nla_len(nl_txq_params),
                  txq_params_policy);
            result = parse_txq_params(tb, &txq_params);
            if (result)
                goto bad_res;

            result = rdev->ops->set_txq_params(&rdev->wiphy,
                               netdev,
                               &txq_params);
            if (result)
                goto bad_res;
        }
    }

    if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
        result = __nl80211_set_channel(rdev, wdev, info);
        if (result)
            goto bad_res;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_TX_POWER_SETTING]) {
        enum nl80211_tx_power_setting type;
        int idx, mbm = 0;

        if (!rdev->ops->set_tx_power) {
            result = -EOPNOTSUPP;
            goto bad_res;
        }

        idx = NL80211_ATTR_WIPHY_TX_POWER_SETTING;
        type = nla_get_u32(info->attrs[idx]);

        if (!info->attrs[NL80211_ATTR_WIPHY_TX_POWER_LEVEL] &&
            (type != NL80211_TX_POWER_AUTOMATIC)) {
            result = -EINVAL;
            goto bad_res;
        }

        if (type != NL80211_TX_POWER_AUTOMATIC) {
            idx = NL80211_ATTR_WIPHY_TX_POWER_LEVEL;
            mbm = nla_get_u32(info->attrs[idx]);
        }

        result = rdev->ops->set_tx_power(&rdev->wiphy, type, mbm);
        if (result)
            goto bad_res;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX] &&
        info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]) {
        u32 tx_ant, rx_ant;
        if ((!rdev->wiphy.available_antennas_tx &&
             !rdev->wiphy.available_antennas_rx) ||
            !rdev->ops->set_antenna) {
            result = -EOPNOTSUPP;
            goto bad_res;
        }

        tx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_TX]);
        rx_ant = nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_ANTENNA_RX]);

        /* reject antenna configurations which don't match the
         * available antenna masks, except for the "all" mask */
        if ((~tx_ant && (tx_ant & ~rdev->wiphy.available_antennas_tx)) ||
            (~rx_ant && (rx_ant & ~rdev->wiphy.available_antennas_rx))) {
            result = -EINVAL;
            goto bad_res;
        }

        tx_ant = tx_ant & rdev->wiphy.available_antennas_tx;
        rx_ant = rx_ant & rdev->wiphy.available_antennas_rx;

        result = rdev->ops->set_antenna(&rdev->wiphy, tx_ant, rx_ant);
        if (result)
            goto bad_res;
    }

    changed = 0;

    if (info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]) {
        retry_short = nla_get_u8(
            info->attrs[NL80211_ATTR_WIPHY_RETRY_SHORT]);
        if (retry_short == 0) {
            result = -EINVAL;
            goto bad_res;
        }
        changed |= WIPHY_PARAM_RETRY_SHORT;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]) {
        retry_long = nla_get_u8(
            info->attrs[NL80211_ATTR_WIPHY_RETRY_LONG]);
        if (retry_long == 0) {
            result = -EINVAL;
            goto bad_res;
        }
        changed |= WIPHY_PARAM_RETRY_LONG;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]) {
        frag_threshold = nla_get_u32(
            info->attrs[NL80211_ATTR_WIPHY_FRAG_THRESHOLD]);
        if (frag_threshold < 256) {
            result = -EINVAL;
            goto bad_res;
        }
        if (frag_threshold != (u32) -1) {
            /*
             * Fragments (apart from the last one) are required to
             * have even length. Make the fragmentation code
             * simpler by stripping LSB should someone try to use
             * odd threshold value.
             */
            frag_threshold &= ~0x1;
        }
        changed |= WIPHY_PARAM_FRAG_THRESHOLD;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]) {
        rts_threshold = nla_get_u32(
            info->attrs[NL80211_ATTR_WIPHY_RTS_THRESHOLD]);
        changed |= WIPHY_PARAM_RTS_THRESHOLD;
    }

    if (info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]) {
        coverage_class = nla_get_u8(
            info->attrs[NL80211_ATTR_WIPHY_COVERAGE_CLASS]);
        changed |= WIPHY_PARAM_COVERAGE_CLASS;
    }

    if (changed) {
        u8 old_retry_short, old_retry_long;
        u32 old_frag_threshold, old_rts_threshold;
        u8 old_coverage_class;

        if (!rdev->ops->set_wiphy_params) {
            result = -EOPNOTSUPP;
            goto bad_res;
        }

        old_retry_short = rdev->wiphy.retry_short;
        old_retry_long = rdev->wiphy.retry_long;
        old_frag_threshold = rdev->wiphy.frag_threshold;
        old_rts_threshold = rdev->wiphy.rts_threshold;
        old_coverage_class = rdev->wiphy.coverage_class;

        if (changed & WIPHY_PARAM_RETRY_SHORT)
            rdev->wiphy.retry_short = retry_short;
        if (changed & WIPHY_PARAM_RETRY_LONG)
            rdev->wiphy.retry_long = retry_long;
        if (changed & WIPHY_PARAM_FRAG_THRESHOLD)
            rdev->wiphy.frag_threshold = frag_threshold;
        if (changed & WIPHY_PARAM_RTS_THRESHOLD)
            rdev->wiphy.rts_threshold = rts_threshold;
        if (changed & WIPHY_PARAM_COVERAGE_CLASS)
            rdev->wiphy.coverage_class = coverage_class;

        result = rdev->ops->set_wiphy_params(&rdev->wiphy, changed);
        if (result) {
            rdev->wiphy.retry_short = old_retry_short;
            rdev->wiphy.retry_long = old_retry_long;
            rdev->wiphy.frag_threshold = old_frag_threshold;
            rdev->wiphy.rts_threshold = old_rts_threshold;
            rdev->wiphy.coverage_class = old_coverage_class;
        }
    }

 bad_res:
    mutex_unlock(&rdev->mtx);
    if (netdev)
        dev_put(netdev);
    return result;
}

static inline u64 wdev_id(struct wireless_dev *wdev)
{
    return (u64)wdev->identifier |
           ((u64)wiphy_to_dev(wdev->wiphy)->wiphy_idx << 32);
}

static int nl80211_send_iface(struct sk_buff *msg, u32 portid, u32 seq, int flags,
                  struct cfg80211_registered_device *rdev,
                  struct wireless_dev *wdev)
{
    struct net_device *dev = wdev->netdev;
    void *hdr;

    hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_INTERFACE);
    if (!hdr)
        return -1;

    if (dev &&
        (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
         nla_put_string(msg, NL80211_ATTR_IFNAME, dev->name)))
        goto nla_put_failure;

    if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
        nla_put_u32(msg, NL80211_ATTR_IFTYPE, wdev->iftype) ||
        nla_put_u64(msg, NL80211_ATTR_WDEV, wdev_id(wdev)) ||
        nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, wdev_address(wdev)) ||
        nla_put_u32(msg, NL80211_ATTR_GENERATION,
            rdev->devlist_generation ^
            (cfg80211_rdev_list_generation << 2)))
        goto nla_put_failure;

    if (rdev->ops->get_channel) {
        struct ieee80211_channel *chan;
        enum nl80211_channel_type channel_type;

        chan = rdev->ops->get_channel(&rdev->wiphy, wdev,
                          &channel_type);
        if (chan &&
            (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ,
                 chan->center_freq) ||
             nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE,
                 channel_type)))
            goto nla_put_failure;
    }

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_interface(struct sk_buff *skb, struct netlink_callback *cb)
{
    int wp_idx = 0;
    int if_idx = 0;
    int wp_start = cb->args[0];
    int if_start = cb->args[1];
    struct cfg80211_registered_device *rdev;
    struct wireless_dev *wdev;

    mutex_lock(&cfg80211_mutex);
    list_for_each_entry(rdev, &cfg80211_rdev_list, list) {
        if (!net_eq(wiphy_net(&rdev->wiphy), sock_net(skb->sk)))
            continue;
        if (wp_idx < wp_start) {
            wp_idx++;
            continue;
        }
        if_idx = 0;

        mutex_lock(&rdev->devlist_mtx);
        list_for_each_entry(wdev, &rdev->wdev_list, list) {
            if (if_idx < if_start) {
                if_idx++;
                continue;
            }
            if (nl80211_send_iface(skb, NETLINK_CB(cb->skb).portid,
                           cb->nlh->nlmsg_seq, NLM_F_MULTI,
                           rdev, wdev) < 0) {
                mutex_unlock(&rdev->devlist_mtx);
                goto out;
            }
            if_idx++;
        }
        mutex_unlock(&rdev->devlist_mtx);

        wp_idx++;
    }
 out:
    mutex_unlock(&cfg80211_mutex);

    cb->args[0] = wp_idx;
    cb->args[1] = if_idx;

    return skb->len;
}

static int nl80211_get_interface(struct sk_buff *skb, struct genl_info *info)
{
    struct sk_buff *msg;
    struct cfg80211_registered_device *dev = info->user_ptr[0];
    struct wireless_dev *wdev = info->user_ptr[1];

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
                   dev, wdev) < 0) {
        nlmsg_free(msg);
        return -ENOBUFS;
    }

    return genlmsg_reply(msg, info);
}

static const struct nla_policy mntr_flags_policy[NL80211_MNTR_FLAG_MAX + 1] = {
    [NL80211_MNTR_FLAG_FCSFAIL] = { .type = NLA_FLAG },
    [NL80211_MNTR_FLAG_PLCPFAIL] = { .type = NLA_FLAG },
    [NL80211_MNTR_FLAG_CONTROL] = { .type = NLA_FLAG },
    [NL80211_MNTR_FLAG_OTHER_BSS] = { .type = NLA_FLAG },
    [NL80211_MNTR_FLAG_COOK_FRAMES] = { .type = NLA_FLAG },
};

static int parse_monitor_flags(struct nlattr *nla, u32 *mntrflags)
{
    struct nlattr *flags[NL80211_MNTR_FLAG_MAX + 1];
    int flag;

    *mntrflags = 0;

    if (!nla)
        return -EINVAL;

    if (nla_parse_nested(flags, NL80211_MNTR_FLAG_MAX,
                 nla, mntr_flags_policy))
        return -EINVAL;

    for (flag = 1; flag <= NL80211_MNTR_FLAG_MAX; flag++)
        if (flags[flag])
            *mntrflags |= (1<<flag);

    return 0;
}

static int nl80211_valid_4addr(struct cfg80211_registered_device *rdev,
                   struct net_device *netdev, u8 use_4addr,
                   enum nl80211_iftype iftype)
{
    if (!use_4addr) {
        if (netdev && (netdev->priv_flags & IFF_BRIDGE_PORT))
            return -EBUSY;
        return 0;
    }

    switch (iftype) {
    case NL80211_IFTYPE_AP_VLAN:
        if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_AP)
            return 0;
        break;
    case NL80211_IFTYPE_STATION:
        if (rdev->wiphy.flags & WIPHY_FLAG_4ADDR_STATION)
            return 0;
        break;
    default:
        break;
    }

    return -EOPNOTSUPP;
}

static int nl80211_set_interface(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct vif_params params;
    int err;
    enum nl80211_iftype otype, ntype;
    struct net_device *dev = info->user_ptr[1];
    u32 _flags, *flags = NULL;
    bool change = false;

    memset(&params, 0, sizeof(params));

    otype = ntype = dev->ieee80211_ptr->iftype;

    if (info->attrs[NL80211_ATTR_IFTYPE]) {
        ntype = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
        if (otype != ntype)
            change = true;
        if (ntype > NL80211_IFTYPE_MAX)
            return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_MESH_ID]) {
        struct wireless_dev *wdev = dev->ieee80211_ptr;

        if (ntype != NL80211_IFTYPE_MESH_POINT)
            return -EINVAL;
        if (netif_running(dev))
            return -EBUSY;

        wdev_lock(wdev);
        BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
                 IEEE80211_MAX_MESH_ID_LEN);
        wdev->mesh_id_up_len =
            nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
        memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
               wdev->mesh_id_up_len);
        wdev_unlock(wdev);
    }

    if (info->attrs[NL80211_ATTR_4ADDR]) {
        params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
        change = true;
        err = nl80211_valid_4addr(rdev, dev, params.use_4addr, ntype);
        if (err)
            return err;
    } else {
        params.use_4addr = -1;
    }

    if (info->attrs[NL80211_ATTR_MNTR_FLAGS]) {
        if (ntype != NL80211_IFTYPE_MONITOR)
            return -EINVAL;
        err = parse_monitor_flags(info->attrs[NL80211_ATTR_MNTR_FLAGS],
                      &_flags);
        if (err)
            return err;

        flags = &_flags;
        change = true;
    }

    if (change)
        err = cfg80211_change_iface(rdev, dev, ntype, flags, &params);
    else
        err = 0;

    if (!err && params.use_4addr != -1)
        dev->ieee80211_ptr->use_4addr = params.use_4addr;

    return err;
}

static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct vif_params params;
    struct wireless_dev *wdev;
    struct sk_buff *msg;
    int err;
    enum nl80211_iftype type = NL80211_IFTYPE_UNSPECIFIED;
    u32 flags;

    memset(&params, 0, sizeof(params));

    if (!info->attrs[NL80211_ATTR_IFNAME])
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_IFTYPE]) {
        type = nla_get_u32(info->attrs[NL80211_ATTR_IFTYPE]);
        if (type > NL80211_IFTYPE_MAX)
            return -EINVAL;
    }

    if (!rdev->ops->add_virtual_intf ||
        !(rdev->wiphy.interface_modes & (1 << type)))
        return -EOPNOTSUPP;

    if (info->attrs[NL80211_ATTR_4ADDR]) {
        params.use_4addr = !!nla_get_u8(info->attrs[NL80211_ATTR_4ADDR]);
        err = nl80211_valid_4addr(rdev, NULL, params.use_4addr, type);
        if (err)
            return err;
    }

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    err = parse_monitor_flags(type == NL80211_IFTYPE_MONITOR ?
                  info->attrs[NL80211_ATTR_MNTR_FLAGS] : NULL,
                  &flags);
    wdev = rdev->ops->add_virtual_intf(&rdev->wiphy,
        nla_data(info->attrs[NL80211_ATTR_IFNAME]),
        type, err ? NULL : &flags, &params);
    if (IS_ERR(wdev)) {
        nlmsg_free(msg);
        return PTR_ERR(wdev);
    }

    switch (type) {
    case NL80211_IFTYPE_MESH_POINT:
        if (!info->attrs[NL80211_ATTR_MESH_ID])
            break;
        wdev_lock(wdev);
        BUILD_BUG_ON(IEEE80211_MAX_SSID_LEN !=
                 IEEE80211_MAX_MESH_ID_LEN);
        wdev->mesh_id_up_len =
            nla_len(info->attrs[NL80211_ATTR_MESH_ID]);
        memcpy(wdev->ssid, nla_data(info->attrs[NL80211_ATTR_MESH_ID]),
               wdev->mesh_id_up_len);
        wdev_unlock(wdev);
        break;
    case NL80211_IFTYPE_P2P_DEVICE:
        /*
         * P2P Device doesn't have a netdev, so doesn't go
         * through the netdev notifier and must be added here
         */
        mutex_init(&wdev->mtx);
        INIT_LIST_HEAD(&wdev->event_list);
        spin_lock_init(&wdev->event_lock);
        INIT_LIST_HEAD(&wdev->mgmt_registrations);
        spin_lock_init(&wdev->mgmt_registrations_lock);

        mutex_lock(&rdev->devlist_mtx);
        wdev->identifier = ++rdev->wdev_id;
        list_add_rcu(&wdev->list, &rdev->wdev_list);
        rdev->devlist_generation++;
        mutex_unlock(&rdev->devlist_mtx);
        break;
    default:
        break;
    }

    if (nl80211_send_iface(msg, info->snd_portid, info->snd_seq, 0,
                   rdev, wdev) < 0) {
        nlmsg_free(msg);
        return -ENOBUFS;
    }

    return genlmsg_reply(msg, info);
}

static int nl80211_del_interface(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct wireless_dev *wdev = info->user_ptr[1];

    if (!rdev->ops->del_virtual_intf)
        return -EOPNOTSUPP;

    /*
     * If we remove a wireless device without a netdev then clear
     * user_ptr[1] so that nl80211_post_doit won't dereference it
     * to check if it needs to do dev_put(). Otherwise it crashes
     * since the wdev has been freed, unlike with a netdev where
     * we need the dev_put() for the netdev to really be freed.
     */
    if (!wdev->netdev)
        info->user_ptr[1] = NULL;

    return rdev->ops->del_virtual_intf(&rdev->wiphy, wdev);
}

static int nl80211_set_noack_map(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    u16 noack_map;

    if (!info->attrs[NL80211_ATTR_NOACK_MAP])
        return -EINVAL;

    if (!rdev->ops->set_noack_map)
        return -EOPNOTSUPP;

    noack_map = nla_get_u16(info->attrs[NL80211_ATTR_NOACK_MAP]);

    return rdev->ops->set_noack_map(&rdev->wiphy, dev, noack_map);
}

struct get_key_cookie {
    struct sk_buff *msg;
    int error;
    int idx;
};

static void get_key_callback(void *c, struct key_params *params)
{
    struct nlattr *key;
    struct get_key_cookie *cookie = c;

    if ((params->key &&
         nla_put(cookie->msg, NL80211_ATTR_KEY_DATA,
             params->key_len, params->key)) ||
        (params->seq &&
         nla_put(cookie->msg, NL80211_ATTR_KEY_SEQ,
             params->seq_len, params->seq)) ||
        (params->cipher &&
         nla_put_u32(cookie->msg, NL80211_ATTR_KEY_CIPHER,
             params->cipher)))
        goto nla_put_failure;

    key = nla_nest_start(cookie->msg, NL80211_ATTR_KEY);
    if (!key)
        goto nla_put_failure;

    if ((params->key &&
         nla_put(cookie->msg, NL80211_KEY_DATA,
             params->key_len, params->key)) ||
        (params->seq &&
         nla_put(cookie->msg, NL80211_KEY_SEQ,
             params->seq_len, params->seq)) ||
        (params->cipher &&
         nla_put_u32(cookie->msg, NL80211_KEY_CIPHER,
             params->cipher)))
        goto nla_put_failure;

    if (nla_put_u8(cookie->msg, NL80211_ATTR_KEY_IDX, cookie->idx))
        goto nla_put_failure;

    nla_nest_end(cookie->msg, key);

    return;
 nla_put_failure:
    cookie->error = 1;
}

static int nl80211_get_key(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    u8 key_idx = 0;
    const u8 *mac_addr = NULL;
    bool pairwise;
    struct get_key_cookie cookie = {
        .error = 0,
    };
    void *hdr;
    struct sk_buff *msg;

    if (info->attrs[NL80211_ATTR_KEY_IDX])
        key_idx = nla_get_u8(info->attrs[NL80211_ATTR_KEY_IDX]);

    if (key_idx > 5)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_MAC])
        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    pairwise = !!mac_addr;
    if (info->attrs[NL80211_ATTR_KEY_TYPE]) {
        u32 kt = nla_get_u32(info->attrs[NL80211_ATTR_KEY_TYPE]);
        if (kt >= NUM_NL80211_KEYTYPES)
            return -EINVAL;
        if (kt != NL80211_KEYTYPE_GROUP &&
            kt != NL80211_KEYTYPE_PAIRWISE)
            return -EINVAL;
        pairwise = kt == NL80211_KEYTYPE_PAIRWISE;
    }

    if (!rdev->ops->get_key)
        return -EOPNOTSUPP;

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
                 NL80211_CMD_NEW_KEY);
    if (IS_ERR(hdr))
        return PTR_ERR(hdr);

    cookie.msg = msg;
    cookie.idx = key_idx;

    if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
        nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
        goto nla_put_failure;
    if (mac_addr &&
        nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr))
        goto nla_put_failure;

    if (pairwise && mac_addr &&
        !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
        return -ENOENT;

    err = rdev->ops->get_key(&rdev->wiphy, dev, key_idx, pairwise,
                 mac_addr, &cookie, get_key_callback);

    if (err)
        goto free_msg;

    if (cookie.error)
        goto nla_put_failure;

    genlmsg_end(msg, hdr);
    return genlmsg_reply(msg, info);

 nla_put_failure:
    err = -ENOBUFS;
 free_msg:
    nlmsg_free(msg);
    return err;
}

static int nl80211_set_key(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct key_parse key;
    int err;
    struct net_device *dev = info->user_ptr[1];

    err = nl80211_parse_key(info, &key);
    if (err)
        return err;

    if (key.idx < 0)
        return -EINVAL;

    /* only support setting default key */
    if (!key.def && !key.defmgmt)
        return -EINVAL;

    wdev_lock(dev->ieee80211_ptr);

    if (key.def) {
        if (!rdev->ops->set_default_key) {
            err = -EOPNOTSUPP;
            goto out;
        }

        err = nl80211_key_allowed(dev->ieee80211_ptr);
        if (err)
            goto out;

        err = rdev->ops->set_default_key(&rdev->wiphy, dev, key.idx,
                         key.def_uni, key.def_multi);

        if (err)
            goto out;

#ifdef CONFIG_CFG80211_WEXT
        dev->ieee80211_ptr->wext.default_key = key.idx;
#endif
    } else {
        if (key.def_uni || !key.def_multi) {
            err = -EINVAL;
            goto out;
        }

        if (!rdev->ops->set_default_mgmt_key) {
            err = -EOPNOTSUPP;
            goto out;
        }

        err = nl80211_key_allowed(dev->ieee80211_ptr);
        if (err)
            goto out;

        err = rdev->ops->set_default_mgmt_key(&rdev->wiphy,
                              dev, key.idx);
        if (err)
            goto out;

#ifdef CONFIG_CFG80211_WEXT
        dev->ieee80211_ptr->wext.default_mgmt_key = key.idx;
#endif
    }

 out:
    wdev_unlock(dev->ieee80211_ptr);

    return err;
}

static int nl80211_new_key(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    struct key_parse key;
    const u8 *mac_addr = NULL;

    err = nl80211_parse_key(info, &key);
    if (err)
        return err;

    if (!key.p.key)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_MAC])
        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (key.type == -1) {
        if (mac_addr)
            key.type = NL80211_KEYTYPE_PAIRWISE;
        else
            key.type = NL80211_KEYTYPE_GROUP;
    }

    /* for now */
    if (key.type != NL80211_KEYTYPE_PAIRWISE &&
        key.type != NL80211_KEYTYPE_GROUP)
        return -EINVAL;

    if (!rdev->ops->add_key)
        return -EOPNOTSUPP;

    if (cfg80211_validate_key_settings(rdev, &key.p, key.idx,
                       key.type == NL80211_KEYTYPE_PAIRWISE,
                       mac_addr))
        return -EINVAL;

    wdev_lock(dev->ieee80211_ptr);
    err = nl80211_key_allowed(dev->ieee80211_ptr);
    if (!err)
        err = rdev->ops->add_key(&rdev->wiphy, dev, key.idx,
                     key.type == NL80211_KEYTYPE_PAIRWISE,
                     mac_addr, &key.p);
    wdev_unlock(dev->ieee80211_ptr);

    return err;
}

static int nl80211_del_key(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    u8 *mac_addr = NULL;
    struct key_parse key;

    err = nl80211_parse_key(info, &key);
    if (err)
        return err;

    if (info->attrs[NL80211_ATTR_MAC])
        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (key.type == -1) {
        if (mac_addr)
            key.type = NL80211_KEYTYPE_PAIRWISE;
        else
            key.type = NL80211_KEYTYPE_GROUP;
    }

    /* for now */
    if (key.type != NL80211_KEYTYPE_PAIRWISE &&
        key.type != NL80211_KEYTYPE_GROUP)
        return -EINVAL;

    if (!rdev->ops->del_key)
        return -EOPNOTSUPP;

    wdev_lock(dev->ieee80211_ptr);
    err = nl80211_key_allowed(dev->ieee80211_ptr);

    if (key.type == NL80211_KEYTYPE_PAIRWISE && mac_addr &&
        !(rdev->wiphy.flags & WIPHY_FLAG_IBSS_RSN))
        err = -ENOENT;

    if (!err)
        err = rdev->ops->del_key(&rdev->wiphy, dev, key.idx,
                     key.type == NL80211_KEYTYPE_PAIRWISE,
                     mac_addr);

#ifdef CONFIG_CFG80211_WEXT
    if (!err) {
        if (key.idx == dev->ieee80211_ptr->wext.default_key)
            dev->ieee80211_ptr->wext.default_key = -1;
        else if (key.idx == dev->ieee80211_ptr->wext.default_mgmt_key)
            dev->ieee80211_ptr->wext.default_mgmt_key = -1;
    }
#endif
    wdev_unlock(dev->ieee80211_ptr);

    return err;
}

static int nl80211_parse_beacon(struct genl_info *info,
                struct cfg80211_beacon_data *bcn)
{
    bool haveinfo = false;

    if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_BEACON_TAIL]) ||
        !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]) ||
        !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_PROBE_RESP]) ||
        !is_valid_ie_attr(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]))
        return -EINVAL;

    memset(bcn, 0, sizeof(*bcn));

    if (info->attrs[NL80211_ATTR_BEACON_HEAD]) {
        bcn->head = nla_data(info->attrs[NL80211_ATTR_BEACON_HEAD]);
        bcn->head_len = nla_len(info->attrs[NL80211_ATTR_BEACON_HEAD]);
        if (!bcn->head_len)
            return -EINVAL;
        haveinfo = true;
    }

    if (info->attrs[NL80211_ATTR_BEACON_TAIL]) {
        bcn->tail = nla_data(info->attrs[NL80211_ATTR_BEACON_TAIL]);
        bcn->tail_len =
            nla_len(info->attrs[NL80211_ATTR_BEACON_TAIL]);
        haveinfo = true;
    }

    if (!haveinfo)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_IE]) {
        bcn->beacon_ies = nla_data(info->attrs[NL80211_ATTR_IE]);
        bcn->beacon_ies_len = nla_len(info->attrs[NL80211_ATTR_IE]);
    }

    if (info->attrs[NL80211_ATTR_IE_PROBE_RESP]) {
        bcn->proberesp_ies =
            nla_data(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
        bcn->proberesp_ies_len =
            nla_len(info->attrs[NL80211_ATTR_IE_PROBE_RESP]);
    }

    if (info->attrs[NL80211_ATTR_IE_ASSOC_RESP]) {
        bcn->assocresp_ies =
            nla_data(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
        bcn->assocresp_ies_len =
            nla_len(info->attrs[NL80211_ATTR_IE_ASSOC_RESP]);
    }

    if (info->attrs[NL80211_ATTR_PROBE_RESP]) {
        bcn->probe_resp =
            nla_data(info->attrs[NL80211_ATTR_PROBE_RESP]);
        bcn->probe_resp_len =
            nla_len(info->attrs[NL80211_ATTR_PROBE_RESP]);
    }

    return 0;
}

static bool nl80211_get_ap_channel(struct cfg80211_registered_device *rdev,
                   struct cfg80211_ap_settings *params)
{
    struct wireless_dev *wdev;
    bool ret = false;

    mutex_lock(&rdev->devlist_mtx);

    list_for_each_entry(wdev, &rdev->wdev_list, list) {
        if (wdev->iftype != NL80211_IFTYPE_AP &&
            wdev->iftype != NL80211_IFTYPE_P2P_GO)
            continue;

        if (!wdev->preset_chan)
            continue;

        params->channel = wdev->preset_chan;
        params->channel_type = wdev->preset_chantype;
        ret = true;
        break;
    }

    mutex_unlock(&rdev->devlist_mtx);

    return ret;
}

static int nl80211_start_ap(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct wireless_dev *wdev = dev->ieee80211_ptr;
    struct cfg80211_ap_settings params;
    int err;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
        return -EOPNOTSUPP;

    if (!rdev->ops->start_ap)
        return -EOPNOTSUPP;

    if (wdev->beacon_interval)
        return -EALREADY;

    memset(&params, 0, sizeof(params));

    /* these are required for START_AP */
    if (!info->attrs[NL80211_ATTR_BEACON_INTERVAL] ||
        !info->attrs[NL80211_ATTR_DTIM_PERIOD] ||
        !info->attrs[NL80211_ATTR_BEACON_HEAD])
        return -EINVAL;

    err = nl80211_parse_beacon(info, &params.beacon);
    if (err)
        return err;

    params.beacon_interval =
        nla_get_u32(info->attrs[NL80211_ATTR_BEACON_INTERVAL]);
    params.dtim_period =
        nla_get_u32(info->attrs[NL80211_ATTR_DTIM_PERIOD]);

    err = cfg80211_validate_beacon_int(rdev, params.beacon_interval);
    if (err)
        return err;

    /*
     * In theory, some of these attributes should be required here
     * but since they were not used when the command was originally
     * added, keep them optional for old user space programs to let
     * them continue to work with drivers that do not need the
     * additional information -- drivers must check!
     */
    if (info->attrs[NL80211_ATTR_SSID]) {
        params.ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
        params.ssid_len =
            nla_len(info->attrs[NL80211_ATTR_SSID]);
        if (params.ssid_len == 0 ||
            params.ssid_len > IEEE80211_MAX_SSID_LEN)
            return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_HIDDEN_SSID]) {
        params.hidden_ssid = nla_get_u32(
            info->attrs[NL80211_ATTR_HIDDEN_SSID]);
        if (params.hidden_ssid != NL80211_HIDDEN_SSID_NOT_IN_USE &&
            params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_LEN &&
            params.hidden_ssid != NL80211_HIDDEN_SSID_ZERO_CONTENTS)
            return -EINVAL;
    }

    params.privacy = !!info->attrs[NL80211_ATTR_PRIVACY];

    if (info->attrs[NL80211_ATTR_AUTH_TYPE]) {
        params.auth_type = nla_get_u32(
            info->attrs[NL80211_ATTR_AUTH_TYPE]);
        if (!nl80211_valid_auth_type(params.auth_type))
            return -EINVAL;
    } else
        params.auth_type = NL80211_AUTHTYPE_AUTOMATIC;

    err = nl80211_crypto_settings(rdev, info, &params.crypto,
                      NL80211_MAX_NR_CIPHER_SUITES);
    if (err)
        return err;

    if (info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]) {
        if (!(rdev->wiphy.features & NL80211_FEATURE_INACTIVITY_TIMER))
            return -EOPNOTSUPP;
        params.inactivity_timeout = nla_get_u16(
            info->attrs[NL80211_ATTR_INACTIVITY_TIMEOUT]);
    }

    if (info->attrs[NL80211_ATTR_WIPHY_FREQ]) {
        enum nl80211_channel_type channel_type = NL80211_CHAN_NO_HT;

        if (info->attrs[NL80211_ATTR_WIPHY_CHANNEL_TYPE] &&
            !nl80211_valid_channel_type(info, &channel_type))
            return -EINVAL;

        params.channel = rdev_freq_to_chan(rdev,
            nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]),
            channel_type);
        if (!params.channel)
            return -EINVAL;
        params.channel_type = channel_type;
    } else if (wdev->preset_chan) {
        params.channel = wdev->preset_chan;
        params.channel_type = wdev->preset_chantype;
    } else if (!nl80211_get_ap_channel(rdev, &params))
        return -EINVAL;

    if (!cfg80211_can_beacon_sec_chan(&rdev->wiphy, params.channel,
                      params.channel_type))
        return -EINVAL;

    mutex_lock(&rdev->devlist_mtx);
    err = cfg80211_can_use_chan(rdev, wdev, params.channel,
                    CHAN_MODE_SHARED);
    mutex_unlock(&rdev->devlist_mtx);

    if (err)
        return err;

    err = rdev->ops->start_ap(&rdev->wiphy, dev, &params);
    if (!err) {
        wdev->preset_chan = params.channel;
        wdev->preset_chantype = params.channel_type;
        wdev->beacon_interval = params.beacon_interval;
        wdev->channel = params.channel;
    }
    return err;
}

static int nl80211_set_beacon(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct wireless_dev *wdev = dev->ieee80211_ptr;
    struct cfg80211_beacon_data params;
    int err;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
        return -EOPNOTSUPP;

    if (!rdev->ops->change_beacon)
        return -EOPNOTSUPP;

    if (!wdev->beacon_interval)
        return -EINVAL;

    err = nl80211_parse_beacon(info, &params);
    if (err)
        return err;

    return rdev->ops->change_beacon(&rdev->wiphy, dev, &params);
}

static int nl80211_stop_ap(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];

    return cfg80211_stop_ap(rdev, dev);
}

static const struct nla_policy sta_flags_policy[NL80211_STA_FLAG_MAX + 1] = {
    [NL80211_STA_FLAG_AUTHORIZED] = { .type = NLA_FLAG },
    [NL80211_STA_FLAG_SHORT_PREAMBLE] = { .type = NLA_FLAG },
    [NL80211_STA_FLAG_WME] = { .type = NLA_FLAG },
    [NL80211_STA_FLAG_MFP] = { .type = NLA_FLAG },
    [NL80211_STA_FLAG_AUTHENTICATED] = { .type = NLA_FLAG },
    [NL80211_STA_FLAG_TDLS_PEER] = { .type = NLA_FLAG },
};

static int parse_station_flags(struct genl_info *info,
                   enum nl80211_iftype iftype,
                   struct station_parameters *params)
{
    struct nlattr *flags[NL80211_STA_FLAG_MAX + 1];
    struct nlattr *nla;
    int flag;

    /*
     * Try parsing the new attribute first so userspace
     * can specify both for older kernels.
     */
    nla = info->attrs[NL80211_ATTR_STA_FLAGS2];
    if (nla) {
        struct nl80211_sta_flag_update *sta_flags;

        sta_flags = nla_data(nla);
        params->sta_flags_mask = sta_flags->mask;
        params->sta_flags_set = sta_flags->set;
        if ((params->sta_flags_mask |
             params->sta_flags_set) & BIT(__NL80211_STA_FLAG_INVALID))
            return -EINVAL;
        return 0;
    }

    /* if present, parse the old attribute */

    nla = info->attrs[NL80211_ATTR_STA_FLAGS];
    if (!nla)
        return 0;

    if (nla_parse_nested(flags, NL80211_STA_FLAG_MAX,
                 nla, sta_flags_policy))
        return -EINVAL;

    /*
     * Only allow certain flags for interface types so that
     * other attributes are silently ignored. Remember that
     * this is backward compatibility code with old userspace
     * and shouldn't be hit in other cases anyway.
     */
    switch (iftype) {
    case NL80211_IFTYPE_AP:
    case NL80211_IFTYPE_AP_VLAN:
    case NL80211_IFTYPE_P2P_GO:
        params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
                     BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
                     BIT(NL80211_STA_FLAG_WME) |
                     BIT(NL80211_STA_FLAG_MFP);
        break;
    case NL80211_IFTYPE_P2P_CLIENT:
    case NL80211_IFTYPE_STATION:
        params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHORIZED) |
                     BIT(NL80211_STA_FLAG_TDLS_PEER);
        break;
    case NL80211_IFTYPE_MESH_POINT:
        params->sta_flags_mask = BIT(NL80211_STA_FLAG_AUTHENTICATED) |
                     BIT(NL80211_STA_FLAG_MFP) |
                     BIT(NL80211_STA_FLAG_AUTHORIZED);
    default:
        return -EINVAL;
    }

    for (flag = 1; flag <= NL80211_STA_FLAG_MAX; flag++) {
        if (flags[flag]) {
            params->sta_flags_set |= (1<<flag);

            /* no longer support new API additions in old API */
            if (flag > NL80211_STA_FLAG_MAX_OLD_API)
                return -EINVAL;
        }
    }

    return 0;
}

static bool nl80211_put_sta_rate(struct sk_buff *msg, struct rate_info *info,
                 int attr)
{
    struct nlattr *rate;
    u32 bitrate;
    u16 bitrate_compat;

    rate = nla_nest_start(msg, attr);
    if (!rate)
        goto nla_put_failure;

    /* cfg80211_calculate_bitrate will return 0 for mcs >= 32 */
    bitrate = cfg80211_calculate_bitrate(info);
    /* report 16-bit bitrate only if we can */
    bitrate_compat = bitrate < (1UL << 16) ? bitrate : 0;
    if ((bitrate > 0 &&
         nla_put_u32(msg, NL80211_RATE_INFO_BITRATE32, bitrate)) ||
        (bitrate_compat > 0 &&
         nla_put_u16(msg, NL80211_RATE_INFO_BITRATE, bitrate_compat)) ||
        ((info->flags & RATE_INFO_FLAGS_MCS) &&
         nla_put_u8(msg, NL80211_RATE_INFO_MCS, info->mcs)) ||
        ((info->flags & RATE_INFO_FLAGS_40_MHZ_WIDTH) &&
         nla_put_flag(msg, NL80211_RATE_INFO_40_MHZ_WIDTH)) ||
        ((info->flags & RATE_INFO_FLAGS_SHORT_GI) &&
         nla_put_flag(msg, NL80211_RATE_INFO_SHORT_GI)))
        goto nla_put_failure;

    nla_nest_end(msg, rate);
    return true;

nla_put_failure:
    return false;
}

static int nl80211_send_station(struct sk_buff *msg, u32 portid, u32 seq,
                int flags,
                struct cfg80211_registered_device *rdev,
                struct net_device *dev,
                const u8 *mac_addr, struct station_info *sinfo)
{
    void *hdr;
    struct nlattr *sinfoattr, *bss_param;

    hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
    if (!hdr)
        return -1;

    if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
        nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, mac_addr) ||
        nla_put_u32(msg, NL80211_ATTR_GENERATION, sinfo->generation))
        goto nla_put_failure;

    sinfoattr = nla_nest_start(msg, NL80211_ATTR_STA_INFO);
    if (!sinfoattr)
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_CONNECTED_TIME) &&
        nla_put_u32(msg, NL80211_STA_INFO_CONNECTED_TIME,
            sinfo->connected_time))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_INACTIVE_TIME) &&
        nla_put_u32(msg, NL80211_STA_INFO_INACTIVE_TIME,
            sinfo->inactive_time))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_RX_BYTES) &&
        nla_put_u32(msg, NL80211_STA_INFO_RX_BYTES,
            sinfo->rx_bytes))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_TX_BYTES) &&
        nla_put_u32(msg, NL80211_STA_INFO_TX_BYTES,
            sinfo->tx_bytes))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_LLID) &&
        nla_put_u16(msg, NL80211_STA_INFO_LLID, sinfo->llid))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_PLID) &&
        nla_put_u16(msg, NL80211_STA_INFO_PLID, sinfo->plid))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_PLINK_STATE) &&
        nla_put_u8(msg, NL80211_STA_INFO_PLINK_STATE,
               sinfo->plink_state))
        goto nla_put_failure;
    switch (rdev->wiphy.signal_type) {
    case CFG80211_SIGNAL_TYPE_MBM:
        if ((sinfo->filled & STATION_INFO_SIGNAL) &&
            nla_put_u8(msg, NL80211_STA_INFO_SIGNAL,
                   sinfo->signal))
            goto nla_put_failure;
        if ((sinfo->filled & STATION_INFO_SIGNAL_AVG) &&
            nla_put_u8(msg, NL80211_STA_INFO_SIGNAL_AVG,
                   sinfo->signal_avg))
            goto nla_put_failure;
        break;
    default:
        break;
    }
    if (sinfo->filled & STATION_INFO_TX_BITRATE) {
        if (!nl80211_put_sta_rate(msg, &sinfo->txrate,
                      NL80211_STA_INFO_TX_BITRATE))
            goto nla_put_failure;
    }
    if (sinfo->filled & STATION_INFO_RX_BITRATE) {
        if (!nl80211_put_sta_rate(msg, &sinfo->rxrate,
                      NL80211_STA_INFO_RX_BITRATE))
            goto nla_put_failure;
    }
    if ((sinfo->filled & STATION_INFO_RX_PACKETS) &&
        nla_put_u32(msg, NL80211_STA_INFO_RX_PACKETS,
            sinfo->rx_packets))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_TX_PACKETS) &&
        nla_put_u32(msg, NL80211_STA_INFO_TX_PACKETS,
            sinfo->tx_packets))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_TX_RETRIES) &&
        nla_put_u32(msg, NL80211_STA_INFO_TX_RETRIES,
            sinfo->tx_retries))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_TX_FAILED) &&
        nla_put_u32(msg, NL80211_STA_INFO_TX_FAILED,
            sinfo->tx_failed))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_BEACON_LOSS_COUNT) &&
        nla_put_u32(msg, NL80211_STA_INFO_BEACON_LOSS,
            sinfo->beacon_loss_count))
        goto nla_put_failure;
    if (sinfo->filled & STATION_INFO_BSS_PARAM) {
        bss_param = nla_nest_start(msg, NL80211_STA_INFO_BSS_PARAM);
        if (!bss_param)
            goto nla_put_failure;

        if (((sinfo->bss_param.flags & BSS_PARAM_FLAGS_CTS_PROT) &&
             nla_put_flag(msg, NL80211_STA_BSS_PARAM_CTS_PROT)) ||
            ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_PREAMBLE) &&
             nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_PREAMBLE)) ||
            ((sinfo->bss_param.flags & BSS_PARAM_FLAGS_SHORT_SLOT_TIME) &&
             nla_put_flag(msg, NL80211_STA_BSS_PARAM_SHORT_SLOT_TIME)) ||
            nla_put_u8(msg, NL80211_STA_BSS_PARAM_DTIM_PERIOD,
                   sinfo->bss_param.dtim_period) ||
            nla_put_u16(msg, NL80211_STA_BSS_PARAM_BEACON_INTERVAL,
                sinfo->bss_param.beacon_interval))
            goto nla_put_failure;

        nla_nest_end(msg, bss_param);
    }
    if ((sinfo->filled & STATION_INFO_STA_FLAGS) &&
        nla_put(msg, NL80211_STA_INFO_STA_FLAGS,
            sizeof(struct nl80211_sta_flag_update),
            &sinfo->sta_flags))
        goto nla_put_failure;
    if ((sinfo->filled & STATION_INFO_T_OFFSET) &&
        nla_put_u64(msg, NL80211_STA_INFO_T_OFFSET,
                sinfo->t_offset))
        goto nla_put_failure;
    nla_nest_end(msg, sinfoattr);

    if ((sinfo->filled & STATION_INFO_ASSOC_REQ_IES) &&
        nla_put(msg, NL80211_ATTR_IE, sinfo->assoc_req_ies_len,
            sinfo->assoc_req_ies))
        goto nla_put_failure;

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_station(struct sk_buff *skb,
                struct netlink_callback *cb)
{
    struct station_info sinfo;
    struct cfg80211_registered_device *dev;
    struct net_device *netdev;
    u8 mac_addr[ETH_ALEN];
    int sta_idx = cb->args[1];
    int err;

    err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
    if (err)
        return err;

    if (!dev->ops->dump_station) {
        err = -EOPNOTSUPP;
        goto out_err;
    }

    while (1) {
        memset(&sinfo, 0, sizeof(sinfo));
        err = dev->ops->dump_station(&dev->wiphy, netdev, sta_idx,
                         mac_addr, &sinfo);
        if (err == -ENOENT)
            break;
        if (err)
            goto out_err;

        if (nl80211_send_station(skb,
                NETLINK_CB(cb->skb).portid,
                cb->nlh->nlmsg_seq, NLM_F_MULTI,
                dev, netdev, mac_addr,
                &sinfo) < 0)
            goto out;

        sta_idx++;
    }


 out:
    cb->args[1] = sta_idx;
    err = skb->len;
 out_err:
    nl80211_finish_netdev_dump(dev);

    return err;
}

static int nl80211_get_station(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct station_info sinfo;
    struct sk_buff *msg;
    u8 *mac_addr = NULL;
    int err;

    memset(&sinfo, 0, sizeof(sinfo));

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (!rdev->ops->get_station)
        return -EOPNOTSUPP;

    err = rdev->ops->get_station(&rdev->wiphy, dev, mac_addr, &sinfo);
    if (err)
        return err;

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    if (nl80211_send_station(msg, info->snd_portid, info->snd_seq, 0,
                 rdev, dev, mac_addr, &sinfo) < 0) {
        nlmsg_free(msg);
        return -ENOBUFS;
    }

    return genlmsg_reply(msg, info);
}

/*
 * Get vlan interface making sure it is running and on the right wiphy.
 */
static struct net_device *get_vlan(struct genl_info *info,
                   struct cfg80211_registered_device *rdev)
{
    struct nlattr *vlanattr = info->attrs[NL80211_ATTR_STA_VLAN];
    struct net_device *v;
    int ret;

    if (!vlanattr)
        return NULL;

    v = dev_get_by_index(genl_info_net(info), nla_get_u32(vlanattr));
    if (!v)
        return ERR_PTR(-ENODEV);

    if (!v->ieee80211_ptr || v->ieee80211_ptr->wiphy != &rdev->wiphy) {
        ret = -EINVAL;
        goto error;
    }

    if (!netif_running(v)) {
        ret = -ENETDOWN;
        goto error;
    }

    return v;
 error:
    dev_put(v);
    return ERR_PTR(ret);
}

static int nl80211_set_station(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    struct station_parameters params;
    u8 *mac_addr = NULL;

    memset(&params, 0, sizeof(params));

    params.listen_interval = -1;
    params.plink_state = -1;

    if (info->attrs[NL80211_ATTR_STA_AID])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]) {
        params.supported_rates =
            nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
        params.supported_rates_len =
            nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
    }

    if (info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
        params.listen_interval =
            nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);

    if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
        params.ht_capa =
            nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);

    if (!rdev->ops->change_station)
        return -EOPNOTSUPP;

    if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
        params.plink_action =
            nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);

    if (info->attrs[NL80211_ATTR_STA_PLINK_STATE])
        params.plink_state =
            nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_STATE]);

    switch (dev->ieee80211_ptr->iftype) {
    case NL80211_IFTYPE_AP:
    case NL80211_IFTYPE_AP_VLAN:
    case NL80211_IFTYPE_P2P_GO:
        /* disallow mesh-specific things */
        if (params.plink_action)
            return -EINVAL;

        /* TDLS can't be set, ... */
        if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
            return -EINVAL;
        /*
         * ... but don't bother the driver with it. This works around
         * a hostapd/wpa_supplicant issue -- it always includes the
         * TLDS_PEER flag in the mask even for AP mode.
         */
        params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);

        /* accept only the listed bits */
        if (params.sta_flags_mask &
                ~(BIT(NL80211_STA_FLAG_AUTHORIZED) |
                  BIT(NL80211_STA_FLAG_SHORT_PREAMBLE) |
                  BIT(NL80211_STA_FLAG_WME) |
                  BIT(NL80211_STA_FLAG_MFP)))
            return -EINVAL;

        /* must be last in here for error handling */
        params.vlan = get_vlan(info, rdev);
        if (IS_ERR(params.vlan))
            return PTR_ERR(params.vlan);
        break;
    case NL80211_IFTYPE_P2P_CLIENT:
    case NL80211_IFTYPE_STATION:
        /*
         * Don't allow userspace to change the TDLS_PEER flag,
         * but silently ignore attempts to change it since we
         * don't have state here to verify that it doesn't try
         * to change the flag.
         */
        params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);
        /* fall through */
    case NL80211_IFTYPE_ADHOC:
        /* disallow things sta doesn't support */
        if (params.plink_action)
            return -EINVAL;
        if (params.ht_capa)
            return -EINVAL;
        if (params.listen_interval >= 0)
            return -EINVAL;
        /* reject any changes other than AUTHORIZED */
        if (params.sta_flags_mask & ~BIT(NL80211_STA_FLAG_AUTHORIZED))
            return -EINVAL;
        break;
    case NL80211_IFTYPE_MESH_POINT:
        /* disallow things mesh doesn't support */
        if (params.vlan)
            return -EINVAL;
        if (params.ht_capa)
            return -EINVAL;
        if (params.listen_interval >= 0)
            return -EINVAL;
        /*
         * No special handling for TDLS here -- the userspace
         * mesh code doesn't have this bug.
         */
        if (params.sta_flags_mask &
                ~(BIT(NL80211_STA_FLAG_AUTHENTICATED) |
                  BIT(NL80211_STA_FLAG_MFP) |
                  BIT(NL80211_STA_FLAG_AUTHORIZED)))
            return -EINVAL;
        break;
    default:
        return -EOPNOTSUPP;
    }

    /* be aware of params.vlan when changing code here */

    err = rdev->ops->change_station(&rdev->wiphy, dev, mac_addr, &params);

    if (params.vlan)
        dev_put(params.vlan);

    return err;
}

static struct nla_policy
nl80211_sta_wme_policy[NL80211_STA_WME_MAX + 1] __read_mostly = {
    [NL80211_STA_WME_UAPSD_QUEUES] = { .type = NLA_U8 },
    [NL80211_STA_WME_MAX_SP] = { .type = NLA_U8 },
};

static int nl80211_new_station(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    struct station_parameters params;
    u8 *mac_addr = NULL;

    memset(&params, 0, sizeof(params));

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_STA_AID])
        return -EINVAL;

    mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);
    params.supported_rates =
        nla_data(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
    params.supported_rates_len =
        nla_len(info->attrs[NL80211_ATTR_STA_SUPPORTED_RATES]);
    params.listen_interval =
        nla_get_u16(info->attrs[NL80211_ATTR_STA_LISTEN_INTERVAL]);

    params.aid = nla_get_u16(info->attrs[NL80211_ATTR_STA_AID]);
    if (!params.aid || params.aid > IEEE80211_MAX_AID)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_HT_CAPABILITY])
        params.ht_capa =
            nla_data(info->attrs[NL80211_ATTR_HT_CAPABILITY]);

    if (info->attrs[NL80211_ATTR_STA_PLINK_ACTION])
        params.plink_action =
            nla_get_u8(info->attrs[NL80211_ATTR_STA_PLINK_ACTION]);

    if (!rdev->ops->add_station)
        return -EOPNOTSUPP;

    if (parse_station_flags(info, dev->ieee80211_ptr->iftype, &params))
        return -EINVAL;

    switch (dev->ieee80211_ptr->iftype) {
    case NL80211_IFTYPE_AP:
    case NL80211_IFTYPE_AP_VLAN:
    case NL80211_IFTYPE_P2P_GO:
        /* parse WME attributes if sta is WME capable */
        if ((rdev->wiphy.flags & WIPHY_FLAG_AP_UAPSD) &&
            (params.sta_flags_set & BIT(NL80211_STA_FLAG_WME)) &&
            info->attrs[NL80211_ATTR_STA_WME]) {
            struct nlattr *tb[NL80211_STA_WME_MAX + 1];
            struct nlattr *nla;

            nla = info->attrs[NL80211_ATTR_STA_WME];
            err = nla_parse_nested(tb, NL80211_STA_WME_MAX, nla,
                           nl80211_sta_wme_policy);
            if (err)
                return err;

            if (tb[NL80211_STA_WME_UAPSD_QUEUES])
                params.uapsd_queues =
                     nla_get_u8(tb[NL80211_STA_WME_UAPSD_QUEUES]);
            if (params.uapsd_queues &
                    ~IEEE80211_WMM_IE_STA_QOSINFO_AC_MASK)
                return -EINVAL;

            if (tb[NL80211_STA_WME_MAX_SP])
                params.max_sp =
                     nla_get_u8(tb[NL80211_STA_WME_MAX_SP]);

            if (params.max_sp &
                    ~IEEE80211_WMM_IE_STA_QOSINFO_SP_MASK)
                return -EINVAL;

            params.sta_modify_mask |= STATION_PARAM_APPLY_UAPSD;
        }
        /* TDLS peers cannot be added */
        if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
            return -EINVAL;
        /* but don't bother the driver with it */
        params.sta_flags_mask &= ~BIT(NL80211_STA_FLAG_TDLS_PEER);

        /* must be last in here for error handling */
        params.vlan = get_vlan(info, rdev);
        if (IS_ERR(params.vlan))
            return PTR_ERR(params.vlan);
        break;
    case NL80211_IFTYPE_MESH_POINT:
        /* TDLS peers cannot be added */
        if (params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER))
            return -EINVAL;
        break;
    case NL80211_IFTYPE_STATION:
        /* Only TDLS peers can be added */
        if (!(params.sta_flags_set & BIT(NL80211_STA_FLAG_TDLS_PEER)))
            return -EINVAL;
        /* Can only add if TDLS ... */
        if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_TDLS))
            return -EOPNOTSUPP;
        /* ... with external setup is supported */
        if (!(rdev->wiphy.flags & WIPHY_FLAG_TDLS_EXTERNAL_SETUP))
            return -EOPNOTSUPP;
        break;
    default:
        return -EOPNOTSUPP;
    }

    /* be aware of params.vlan when changing code here */

    err = rdev->ops->add_station(&rdev->wiphy, dev, mac_addr, &params);

    if (params.vlan)
        dev_put(params.vlan);
    return err;
}

static int nl80211_del_station(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    u8 *mac_addr = NULL;

    if (info->attrs[NL80211_ATTR_MAC])
        mac_addr = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP_VLAN &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
        return -EINVAL;

    if (!rdev->ops->del_station)
        return -EOPNOTSUPP;

    return rdev->ops->del_station(&rdev->wiphy, dev, mac_addr);
}

static int nl80211_send_mpath(struct sk_buff *msg, u32 portid, u32 seq,
                int flags, struct net_device *dev,
                u8 *dst, u8 *next_hop,
                struct mpath_info *pinfo)
{
    void *hdr;
    struct nlattr *pinfoattr;

    hdr = nl80211hdr_put(msg, portid, seq, flags, NL80211_CMD_NEW_STATION);
    if (!hdr)
        return -1;

    if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
        nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dst) ||
        nla_put(msg, NL80211_ATTR_MPATH_NEXT_HOP, ETH_ALEN, next_hop) ||
        nla_put_u32(msg, NL80211_ATTR_GENERATION, pinfo->generation))
        goto nla_put_failure;

    pinfoattr = nla_nest_start(msg, NL80211_ATTR_MPATH_INFO);
    if (!pinfoattr)
        goto nla_put_failure;
    if ((pinfo->filled & MPATH_INFO_FRAME_QLEN) &&
        nla_put_u32(msg, NL80211_MPATH_INFO_FRAME_QLEN,
            pinfo->frame_qlen))
        goto nla_put_failure;
    if (((pinfo->filled & MPATH_INFO_SN) &&
         nla_put_u32(msg, NL80211_MPATH_INFO_SN, pinfo->sn)) ||
        ((pinfo->filled & MPATH_INFO_METRIC) &&
         nla_put_u32(msg, NL80211_MPATH_INFO_METRIC,
             pinfo->metric)) ||
        ((pinfo->filled & MPATH_INFO_EXPTIME) &&
         nla_put_u32(msg, NL80211_MPATH_INFO_EXPTIME,
             pinfo->exptime)) ||
        ((pinfo->filled & MPATH_INFO_FLAGS) &&
         nla_put_u8(msg, NL80211_MPATH_INFO_FLAGS,
            pinfo->flags)) ||
        ((pinfo->filled & MPATH_INFO_DISCOVERY_TIMEOUT) &&
         nla_put_u32(msg, NL80211_MPATH_INFO_DISCOVERY_TIMEOUT,
             pinfo->discovery_timeout)) ||
        ((pinfo->filled & MPATH_INFO_DISCOVERY_RETRIES) &&
         nla_put_u8(msg, NL80211_MPATH_INFO_DISCOVERY_RETRIES,
            pinfo->discovery_retries)))
        goto nla_put_failure;

    nla_nest_end(msg, pinfoattr);

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_mpath(struct sk_buff *skb,
                  struct netlink_callback *cb)
{
    struct mpath_info pinfo;
    struct cfg80211_registered_device *dev;
    struct net_device *netdev;
    u8 dst[ETH_ALEN];
    u8 next_hop[ETH_ALEN];
    int path_idx = cb->args[1];
    int err;

    err = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
    if (err)
        return err;

    if (!dev->ops->dump_mpath) {
        err = -EOPNOTSUPP;
        goto out_err;
    }

    if (netdev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT) {
        err = -EOPNOTSUPP;
        goto out_err;
    }

    while (1) {
        err = dev->ops->dump_mpath(&dev->wiphy, netdev, path_idx,
                       dst, next_hop, &pinfo);
        if (err == -ENOENT)
            break;
        if (err)
            goto out_err;

        if (nl80211_send_mpath(skb, NETLINK_CB(cb->skb).portid,
                       cb->nlh->nlmsg_seq, NLM_F_MULTI,
                       netdev, dst, next_hop,
                       &pinfo) < 0)
            goto out;

        path_idx++;
    }


 out:
    cb->args[1] = path_idx;
    err = skb->len;
 out_err:
    nl80211_finish_netdev_dump(dev);
    return err;
}

static int nl80211_get_mpath(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;
    struct net_device *dev = info->user_ptr[1];
    struct mpath_info pinfo;
    struct sk_buff *msg;
    u8 *dst = NULL;
    u8 next_hop[ETH_ALEN];

    memset(&pinfo, 0, sizeof(pinfo));

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    dst = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (!rdev->ops->get_mpath)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
        return -EOPNOTSUPP;

    err = rdev->ops->get_mpath(&rdev->wiphy, dev, dst, next_hop, &pinfo);
    if (err)
        return err;

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;

    if (nl80211_send_mpath(msg, info->snd_portid, info->snd_seq, 0,
                 dev, dst, next_hop, &pinfo) < 0) {
        nlmsg_free(msg);
        return -ENOBUFS;
    }

    return genlmsg_reply(msg, info);
}

static int nl80211_set_mpath(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    u8 *dst = NULL;
    u8 *next_hop = NULL;

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
        return -EINVAL;

    dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
    next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);

    if (!rdev->ops->change_mpath)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
        return -EOPNOTSUPP;

    return rdev->ops->change_mpath(&rdev->wiphy, dev, dst, next_hop);
}

static int nl80211_new_mpath(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    u8 *dst = NULL;
    u8 *next_hop = NULL;

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_MPATH_NEXT_HOP])
        return -EINVAL;

    dst = nla_data(info->attrs[NL80211_ATTR_MAC]);
    next_hop = nla_data(info->attrs[NL80211_ATTR_MPATH_NEXT_HOP]);

    if (!rdev->ops->add_mpath)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_MESH_POINT)
        return -EOPNOTSUPP;

    return rdev->ops->add_mpath(&rdev->wiphy, dev, dst, next_hop);
}

static int nl80211_del_mpath(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    u8 *dst = NULL;

    if (info->attrs[NL80211_ATTR_MAC])
        dst = nla_data(info->attrs[NL80211_ATTR_MAC]);

    if (!rdev->ops->del_mpath)
        return -EOPNOTSUPP;

    return rdev->ops->del_mpath(&rdev->wiphy, dev, dst);
}

static int nl80211_set_bss(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct bss_parameters params;

    memset(&params, 0, sizeof(params));
    /* default to not changing parameters */
    params.use_cts_prot = -1;
    params.use_short_preamble = -1;
    params.use_short_slot_time = -1;
    params.ap_isolate = -1;
    params.ht_opmode = -1;

    if (info->attrs[NL80211_ATTR_BSS_CTS_PROT])
        params.use_cts_prot =
            nla_get_u8(info->attrs[NL80211_ATTR_BSS_CTS_PROT]);
    if (info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE])
        params.use_short_preamble =
            nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_PREAMBLE]);
    if (info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME])
        params.use_short_slot_time =
            nla_get_u8(info->attrs[NL80211_ATTR_BSS_SHORT_SLOT_TIME]);
    if (info->attrs[NL80211_ATTR_BSS_BASIC_RATES]) {
        params.basic_rates =
            nla_data(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
        params.basic_rates_len =
            nla_len(info->attrs[NL80211_ATTR_BSS_BASIC_RATES]);
    }
    if (info->attrs[NL80211_ATTR_AP_ISOLATE])
        params.ap_isolate = !!nla_get_u8(info->attrs[NL80211_ATTR_AP_ISOLATE]);
    if (info->attrs[NL80211_ATTR_BSS_HT_OPMODE])
        params.ht_opmode =
            nla_get_u16(info->attrs[NL80211_ATTR_BSS_HT_OPMODE]);

    if (!rdev->ops->change_bss)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)
        return -EOPNOTSUPP;

    return rdev->ops->change_bss(&rdev->wiphy, dev, &params);
}

static const struct nla_policy reg_rule_policy[NL80211_REG_RULE_ATTR_MAX + 1] = {
    [NL80211_ATTR_REG_RULE_FLAGS]       = { .type = NLA_U32 },
    [NL80211_ATTR_FREQ_RANGE_START]     = { .type = NLA_U32 },
    [NL80211_ATTR_FREQ_RANGE_END]       = { .type = NLA_U32 },
    [NL80211_ATTR_FREQ_RANGE_MAX_BW]    = { .type = NLA_U32 },
    [NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]  = { .type = NLA_U32 },
    [NL80211_ATTR_POWER_RULE_MAX_EIRP]  = { .type = NLA_U32 },
};

static int parse_reg_rule(struct nlattr *tb[],
    struct ieee80211_reg_rule *reg_rule)
{
    struct ieee80211_freq_range *freq_range = &reg_rule->freq_range;
    struct ieee80211_power_rule *power_rule = &reg_rule->power_rule;

    if (!tb[NL80211_ATTR_REG_RULE_FLAGS])
        return -EINVAL;
    if (!tb[NL80211_ATTR_FREQ_RANGE_START])
        return -EINVAL;
    if (!tb[NL80211_ATTR_FREQ_RANGE_END])
        return -EINVAL;
    if (!tb[NL80211_ATTR_FREQ_RANGE_MAX_BW])
        return -EINVAL;
    if (!tb[NL80211_ATTR_POWER_RULE_MAX_EIRP])
        return -EINVAL;

    reg_rule->flags = nla_get_u32(tb[NL80211_ATTR_REG_RULE_FLAGS]);

    freq_range->start_freq_khz =
        nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_START]);
    freq_range->end_freq_khz =
        nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_END]);
    freq_range->max_bandwidth_khz =
        nla_get_u32(tb[NL80211_ATTR_FREQ_RANGE_MAX_BW]);

    power_rule->max_eirp =
        nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_EIRP]);

    if (tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN])
        power_rule->max_antenna_gain =
            nla_get_u32(tb[NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN]);

    return 0;
}

static int nl80211_req_set_reg(struct sk_buff *skb, struct genl_info *info)
{
    int r;
    char *data = NULL;
    enum nl80211_user_reg_hint_type user_reg_hint_type;

    /*
     * You should only get this when cfg80211 hasn't yet initialized
     * completely when built-in to the kernel right between the time
     * window between nl80211_init() and regulatory_init(), if that is
     * even possible.
     */
    mutex_lock(&cfg80211_mutex);
    if (unlikely(!cfg80211_regdomain)) {
        mutex_unlock(&cfg80211_mutex);
        return -EINPROGRESS;
    }
    mutex_unlock(&cfg80211_mutex);

    if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
        return -EINVAL;

    data = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);

    if (info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE])
        user_reg_hint_type =
          nla_get_u32(info->attrs[NL80211_ATTR_USER_REG_HINT_TYPE]);
    else
        user_reg_hint_type = NL80211_USER_REG_HINT_USER;

    switch (user_reg_hint_type) {
    case NL80211_USER_REG_HINT_USER:
    case NL80211_USER_REG_HINT_CELL_BASE:
        break;
    default:
        return -EINVAL;
    }

    r = regulatory_hint_user(data, user_reg_hint_type);

    return r;
}

static int nl80211_get_mesh_config(struct sk_buff *skb,
                   struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct wireless_dev *wdev = dev->ieee80211_ptr;
    struct mesh_config cur_params;
    int err = 0;
    void *hdr;
    struct nlattr *pinfoattr;
    struct sk_buff *msg;

    if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
        return -EOPNOTSUPP;

    if (!rdev->ops->get_mesh_config)
        return -EOPNOTSUPP;

    wdev_lock(wdev);
    /* If not connected, get default parameters */
    if (!wdev->mesh_id_len)
        memcpy(&cur_params, &default_mesh_config, sizeof(cur_params));
    else
        err = rdev->ops->get_mesh_config(&rdev->wiphy, dev,
                         &cur_params);
    wdev_unlock(wdev);

    if (err)
        return err;

    /* Draw up a netlink message to send back */
    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg)
        return -ENOMEM;
    hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
                 NL80211_CMD_GET_MESH_CONFIG);
    if (!hdr)
        goto out;
    pinfoattr = nla_nest_start(msg, NL80211_ATTR_MESH_CONFIG);
    if (!pinfoattr)
        goto nla_put_failure;
    if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex) ||
        nla_put_u16(msg, NL80211_MESHCONF_RETRY_TIMEOUT,
            cur_params.dot11MeshRetryTimeout) ||
        nla_put_u16(msg, NL80211_MESHCONF_CONFIRM_TIMEOUT,
            cur_params.dot11MeshConfirmTimeout) ||
        nla_put_u16(msg, NL80211_MESHCONF_HOLDING_TIMEOUT,
            cur_params.dot11MeshHoldingTimeout) ||
        nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
            cur_params.dot11MeshMaxPeerLinks) ||
        nla_put_u8(msg, NL80211_MESHCONF_MAX_RETRIES,
               cur_params.dot11MeshMaxRetries) ||
        nla_put_u8(msg, NL80211_MESHCONF_TTL,
               cur_params.dot11MeshTTL) ||
        nla_put_u8(msg, NL80211_MESHCONF_ELEMENT_TTL,
               cur_params.element_ttl) ||
        nla_put_u8(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
               cur_params.auto_open_plinks) ||
        nla_put_u32(msg, NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
            cur_params.dot11MeshNbrOffsetMaxNeighbor) ||
        nla_put_u8(msg, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
               cur_params.dot11MeshHWMPmaxPREQretries) ||
        nla_put_u32(msg, NL80211_MESHCONF_PATH_REFRESH_TIME,
            cur_params.path_refresh_time) ||
        nla_put_u16(msg, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
            cur_params.min_discovery_timeout) ||
        nla_put_u32(msg, NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
            cur_params.dot11MeshHWMPactivePathTimeout) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
            cur_params.dot11MeshHWMPpreqMinInterval) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
            cur_params.dot11MeshHWMPperrMinInterval) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
            cur_params.dot11MeshHWMPnetDiameterTraversalTime) ||
        nla_put_u8(msg, NL80211_MESHCONF_HWMP_ROOTMODE,
               cur_params.dot11MeshHWMPRootMode) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_RANN_INTERVAL,
            cur_params.dot11MeshHWMPRannInterval) ||
        nla_put_u8(msg, NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
               cur_params.dot11MeshGateAnnouncementProtocol) ||
        nla_put_u8(msg, NL80211_MESHCONF_FORWARDING,
               cur_params.dot11MeshForwarding) ||
        nla_put_u32(msg, NL80211_MESHCONF_RSSI_THRESHOLD,
            cur_params.rssi_threshold) ||
        nla_put_u32(msg, NL80211_MESHCONF_HT_OPMODE,
            cur_params.ht_opmode) ||
        nla_put_u32(msg, NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
            cur_params.dot11MeshHWMPactivePathToRootTimeout) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
            cur_params.dot11MeshHWMProotInterval) ||
        nla_put_u16(msg, NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
            cur_params.dot11MeshHWMPconfirmationInterval))
        goto nla_put_failure;
    nla_nest_end(msg, pinfoattr);
    genlmsg_end(msg, hdr);
    return genlmsg_reply(msg, info);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
 out:
    nlmsg_free(msg);
    return -ENOBUFS;
}

static const struct nla_policy nl80211_meshconf_params_policy[NL80211_MESHCONF_ATTR_MAX+1] = {
    [NL80211_MESHCONF_RETRY_TIMEOUT] = { .type = NLA_U16 },
    [NL80211_MESHCONF_CONFIRM_TIMEOUT] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HOLDING_TIMEOUT] = { .type = NLA_U16 },
    [NL80211_MESHCONF_MAX_PEER_LINKS] = { .type = NLA_U16 },
    [NL80211_MESHCONF_MAX_RETRIES] = { .type = NLA_U8 },
    [NL80211_MESHCONF_TTL] = { .type = NLA_U8 },
    [NL80211_MESHCONF_ELEMENT_TTL] = { .type = NLA_U8 },
    [NL80211_MESHCONF_AUTO_OPEN_PLINKS] = { .type = NLA_U8 },
    [NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR] = { .type = NLA_U32 },
    [NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES] = { .type = NLA_U8 },
    [NL80211_MESHCONF_PATH_REFRESH_TIME] = { .type = NLA_U32 },
    [NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT] = { .type = NLA_U32 },
    [NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_ROOTMODE] = { .type = NLA_U8 },
    [NL80211_MESHCONF_HWMP_RANN_INTERVAL] = { .type = NLA_U16 },
    [NL80211_MESHCONF_GATE_ANNOUNCEMENTS] = { .type = NLA_U8 },
    [NL80211_MESHCONF_FORWARDING] = { .type = NLA_U8 },
    [NL80211_MESHCONF_RSSI_THRESHOLD] = { .type = NLA_U32 },
    [NL80211_MESHCONF_HT_OPMODE] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT] = { .type = NLA_U32 },
    [NL80211_MESHCONF_HWMP_ROOT_INTERVAL] = { .type = NLA_U16 },
    [NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL] = { .type = NLA_U16 },
};

static const struct nla_policy
    nl80211_mesh_setup_params_policy[NL80211_MESH_SETUP_ATTR_MAX+1] = {
    [NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC] = { .type = NLA_U8 },
    [NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL] = { .type = NLA_U8 },
    [NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC] = { .type = NLA_U8 },
    [NL80211_MESH_SETUP_USERSPACE_AUTH] = { .type = NLA_FLAG },
    [NL80211_MESH_SETUP_IE] = { .type = NLA_BINARY,
                    .len = IEEE80211_MAX_DATA_LEN },
    [NL80211_MESH_SETUP_USERSPACE_AMPE] = { .type = NLA_FLAG },
};

static int nl80211_parse_mesh_config(struct genl_info *info,
                     struct mesh_config *cfg,
                     u32 *mask_out)
{
    struct nlattr *tb[NL80211_MESHCONF_ATTR_MAX + 1];
    u32 mask = 0;

#define FILL_IN_MESH_PARAM_IF_SET(table, cfg, param, mask, attr_num, nla_fn) \
do {\
    if (table[attr_num]) {\
        cfg->param = nla_fn(table[attr_num]); \
        mask |= (1 << (attr_num - 1)); \
    } \
} while (0);\


    if (!info->attrs[NL80211_ATTR_MESH_CONFIG])
        return -EINVAL;
    if (nla_parse_nested(tb, NL80211_MESHCONF_ATTR_MAX,
                 info->attrs[NL80211_ATTR_MESH_CONFIG],
                 nl80211_meshconf_params_policy))
        return -EINVAL;

    /* This makes sure that there aren't more than 32 mesh config
     * parameters (otherwise our bitfield scheme would not work.) */
    BUILD_BUG_ON(NL80211_MESHCONF_ATTR_MAX > 32);

    /* Fill in the params struct */
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshRetryTimeout,
                  mask, NL80211_MESHCONF_RETRY_TIMEOUT,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshConfirmTimeout,
                  mask, NL80211_MESHCONF_CONFIRM_TIMEOUT,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHoldingTimeout,
                  mask, NL80211_MESHCONF_HOLDING_TIMEOUT,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxPeerLinks,
                  mask, NL80211_MESHCONF_MAX_PEER_LINKS,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshMaxRetries,
                  mask, NL80211_MESHCONF_MAX_RETRIES,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshTTL,
                  mask, NL80211_MESHCONF_TTL, nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, element_ttl,
                  mask, NL80211_MESHCONF_ELEMENT_TTL,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, auto_open_plinks,
                  mask, NL80211_MESHCONF_AUTO_OPEN_PLINKS,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshNbrOffsetMaxNeighbor, mask,
                  NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR,
                  nla_get_u32);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPmaxPREQretries,
                  mask, NL80211_MESHCONF_HWMP_MAX_PREQ_RETRIES,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, path_refresh_time,
                  mask, NL80211_MESHCONF_PATH_REFRESH_TIME,
                  nla_get_u32);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, min_discovery_timeout,
                  mask, NL80211_MESHCONF_MIN_DISCOVERY_TIMEOUT,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathTimeout, mask,
                  NL80211_MESHCONF_HWMP_ACTIVE_PATH_TIMEOUT,
                  nla_get_u32);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPpreqMinInterval,
                  mask, NL80211_MESHCONF_HWMP_PREQ_MIN_INTERVAL,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPperrMinInterval,
                  mask, NL80211_MESHCONF_HWMP_PERR_MIN_INTERVAL,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
                  dot11MeshHWMPnetDiameterTraversalTime, mask,
                  NL80211_MESHCONF_HWMP_NET_DIAM_TRVS_TIME,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRootMode, mask,
                  NL80211_MESHCONF_HWMP_ROOTMODE, nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPRannInterval, mask,
                  NL80211_MESHCONF_HWMP_RANN_INTERVAL,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
                  dot11MeshGateAnnouncementProtocol, mask,
                  NL80211_MESHCONF_GATE_ANNOUNCEMENTS,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshForwarding,
                  mask, NL80211_MESHCONF_FORWARDING,
                  nla_get_u8);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, rssi_threshold,
                  mask, NL80211_MESHCONF_RSSI_THRESHOLD,
                  nla_get_u32);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, ht_opmode,
                  mask, NL80211_MESHCONF_HT_OPMODE,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMPactivePathToRootTimeout,
                  mask,
                  NL80211_MESHCONF_HWMP_PATH_TO_ROOT_TIMEOUT,
                  nla_get_u32);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg, dot11MeshHWMProotInterval,
                  mask, NL80211_MESHCONF_HWMP_ROOT_INTERVAL,
                  nla_get_u16);
    FILL_IN_MESH_PARAM_IF_SET(tb, cfg,
                  dot11MeshHWMPconfirmationInterval, mask,
                  NL80211_MESHCONF_HWMP_CONFIRMATION_INTERVAL,
                  nla_get_u16);
    if (mask_out)
        *mask_out = mask;

    return 0;

#undef FILL_IN_MESH_PARAM_IF_SET
}

static int nl80211_parse_mesh_setup(struct genl_info *info,
                     struct mesh_setup *setup)
{
    struct nlattr *tb[NL80211_MESH_SETUP_ATTR_MAX + 1];

    if (!info->attrs[NL80211_ATTR_MESH_SETUP])
        return -EINVAL;
    if (nla_parse_nested(tb, NL80211_MESH_SETUP_ATTR_MAX,
                 info->attrs[NL80211_ATTR_MESH_SETUP],
                 nl80211_mesh_setup_params_policy))
        return -EINVAL;

    if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])
        setup->sync_method =
        (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_SYNC])) ?
         IEEE80211_SYNC_METHOD_VENDOR :
         IEEE80211_SYNC_METHOD_NEIGHBOR_OFFSET;

    if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])
        setup->path_sel_proto =
        (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_PATH_SEL])) ?
         IEEE80211_PATH_PROTOCOL_VENDOR :
         IEEE80211_PATH_PROTOCOL_HWMP;

    if (tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])
        setup->path_metric =
        (nla_get_u8(tb[NL80211_MESH_SETUP_ENABLE_VENDOR_METRIC])) ?
         IEEE80211_PATH_METRIC_VENDOR :
         IEEE80211_PATH_METRIC_AIRTIME;


    if (tb[NL80211_MESH_SETUP_IE]) {
        struct nlattr *ieattr =
            tb[NL80211_MESH_SETUP_IE];
        if (!is_valid_ie_attr(ieattr))
            return -EINVAL;
        setup->ie = nla_data(ieattr);
        setup->ie_len = nla_len(ieattr);
    }
    setup->is_authenticated = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AUTH]);
    setup->is_secure = nla_get_flag(tb[NL80211_MESH_SETUP_USERSPACE_AMPE]);

    return 0;
}

static int nl80211_update_mesh_config(struct sk_buff *skb,
                      struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct wireless_dev *wdev = dev->ieee80211_ptr;
    struct mesh_config cfg;
    u32 mask;
    int err;

    if (wdev->iftype != NL80211_IFTYPE_MESH_POINT)
        return -EOPNOTSUPP;

    if (!rdev->ops->update_mesh_config)
        return -EOPNOTSUPP;

    err = nl80211_parse_mesh_config(info, &cfg, &mask);
    if (err)
        return err;

    wdev_lock(wdev);
    if (!wdev->mesh_id_len)
        err = -ENOLINK;

    if (!err)
        err = rdev->ops->update_mesh_config(&rdev->wiphy, dev,
                            mask, &cfg);

    wdev_unlock(wdev);

    return err;
}

static int nl80211_get_reg(struct sk_buff *skb, struct genl_info *info)
{
    struct sk_buff *msg;
    void *hdr = NULL;
    struct nlattr *nl_reg_rules;
    unsigned int i;
    int err = -EINVAL;

    mutex_lock(&cfg80211_mutex);

    if (!cfg80211_regdomain)
        goto out;

    msg = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
    if (!msg) {
        err = -ENOBUFS;
        goto out;
    }

    hdr = nl80211hdr_put(msg, info->snd_portid, info->snd_seq, 0,
                 NL80211_CMD_GET_REG);
    if (!hdr)
        goto put_failure;

    if (nla_put_string(msg, NL80211_ATTR_REG_ALPHA2,
               cfg80211_regdomain->alpha2) ||
        (cfg80211_regdomain->dfs_region &&
         nla_put_u8(msg, NL80211_ATTR_DFS_REGION,
            cfg80211_regdomain->dfs_region)))
        goto nla_put_failure;

    if (reg_last_request_cell_base() &&
        nla_put_u32(msg, NL80211_ATTR_USER_REG_HINT_TYPE,
            NL80211_USER_REG_HINT_CELL_BASE))
        goto nla_put_failure;

    nl_reg_rules = nla_nest_start(msg, NL80211_ATTR_REG_RULES);
    if (!nl_reg_rules)
        goto nla_put_failure;

    for (i = 0; i < cfg80211_regdomain->n_reg_rules; i++) {
        struct nlattr *nl_reg_rule;
        const struct ieee80211_reg_rule *reg_rule;
        const struct ieee80211_freq_range *freq_range;
        const struct ieee80211_power_rule *power_rule;

        reg_rule = &cfg80211_regdomain->reg_rules[i];
        freq_range = &reg_rule->freq_range;
        power_rule = &reg_rule->power_rule;

        nl_reg_rule = nla_nest_start(msg, i);
        if (!nl_reg_rule)
            goto nla_put_failure;

        if (nla_put_u32(msg, NL80211_ATTR_REG_RULE_FLAGS,
                reg_rule->flags) ||
            nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_START,
                freq_range->start_freq_khz) ||
            nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_END,
                freq_range->end_freq_khz) ||
            nla_put_u32(msg, NL80211_ATTR_FREQ_RANGE_MAX_BW,
                freq_range->max_bandwidth_khz) ||
            nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_ANT_GAIN,
                power_rule->max_antenna_gain) ||
            nla_put_u32(msg, NL80211_ATTR_POWER_RULE_MAX_EIRP,
                power_rule->max_eirp))
            goto nla_put_failure;

        nla_nest_end(msg, nl_reg_rule);
    }

    nla_nest_end(msg, nl_reg_rules);

    genlmsg_end(msg, hdr);
    err = genlmsg_reply(msg, info);
    goto out;

nla_put_failure:
    genlmsg_cancel(msg, hdr);
put_failure:
    nlmsg_free(msg);
    err = -EMSGSIZE;
out:
    mutex_unlock(&cfg80211_mutex);
    return err;
}

static int nl80211_set_reg(struct sk_buff *skb, struct genl_info *info)
{
    struct nlattr *tb[NL80211_REG_RULE_ATTR_MAX + 1];
    struct nlattr *nl_reg_rule;
    char *alpha2 = NULL;
    int rem_reg_rules = 0, r = 0;
    u32 num_rules = 0, rule_idx = 0, size_of_regd;
    u8 dfs_region = 0;
    struct ieee80211_regdomain *rd = NULL;

    if (!info->attrs[NL80211_ATTR_REG_ALPHA2])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_REG_RULES])
        return -EINVAL;

    alpha2 = nla_data(info->attrs[NL80211_ATTR_REG_ALPHA2]);

    if (info->attrs[NL80211_ATTR_DFS_REGION])
        dfs_region = nla_get_u8(info->attrs[NL80211_ATTR_DFS_REGION]);

    nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
            rem_reg_rules) {
        num_rules++;
        if (num_rules > NL80211_MAX_SUPP_REG_RULES)
            return -EINVAL;
    }

    mutex_lock(&cfg80211_mutex);

    if (!reg_is_valid_request(alpha2)) {
        r = -EINVAL;
        goto bad_reg;
    }

    size_of_regd = sizeof(struct ieee80211_regdomain) +
        (num_rules * sizeof(struct ieee80211_reg_rule));

    rd = kzalloc(size_of_regd, GFP_KERNEL);
    if (!rd) {
        r = -ENOMEM;
        goto bad_reg;
    }

    rd->n_reg_rules = num_rules;
    rd->alpha2[0] = alpha2[0];
    rd->alpha2[1] = alpha2[1];

    /*
     * Disable DFS master mode if the DFS region was
     * not supported or known on this kernel.
     */
    if (reg_supported_dfs_region(dfs_region))
        rd->dfs_region = dfs_region;

    nla_for_each_nested(nl_reg_rule, info->attrs[NL80211_ATTR_REG_RULES],
            rem_reg_rules) {
        nla_parse(tb, NL80211_REG_RULE_ATTR_MAX,
            nla_data(nl_reg_rule), nla_len(nl_reg_rule),
            reg_rule_policy);
        r = parse_reg_rule(tb, &rd->reg_rules[rule_idx]);
        if (r)
            goto bad_reg;

        rule_idx++;

        if (rule_idx > NL80211_MAX_SUPP_REG_RULES) {
            r = -EINVAL;
            goto bad_reg;
        }
    }

    BUG_ON(rule_idx != num_rules);

    r = set_regdom(rd);

    mutex_unlock(&cfg80211_mutex);

    return r;

 bad_reg:
    mutex_unlock(&cfg80211_mutex);
    kfree(rd);
    return r;
}

static int validate_scan_freqs(struct nlattr *freqs)
{
    struct nlattr *attr1, *attr2;
    int n_channels = 0, tmp1, tmp2;

    nla_for_each_nested(attr1, freqs, tmp1) {
        n_channels++;
        /*
         * Some hardware has a limited channel list for
         * scanning, and it is pretty much nonsensical
         * to scan for a channel twice, so disallow that
         * and don't require drivers to check that the
         * channel list they get isn't longer than what
         * they can scan, as long as they can scan all
         * the channels they registered at once.
         */
        nla_for_each_nested(attr2, freqs, tmp2)
            if (attr1 != attr2 &&
                nla_get_u32(attr1) == nla_get_u32(attr2))
                return 0;
    }

    return n_channels;
}

static int nl80211_trigger_scan(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct wireless_dev *wdev = info->user_ptr[1];
    struct cfg80211_scan_request *request;
    struct nlattr *attr;
    struct wiphy *wiphy;
    int err, tmp, n_ssids = 0, n_channels, i;
    size_t ie_len;

    if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
        return -EINVAL;

    wiphy = &rdev->wiphy;

    if (!rdev->ops->scan)
        return -EOPNOTSUPP;

    if (rdev->scan_req)
        return -EBUSY;

    if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
        n_channels = validate_scan_freqs(
                info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
        if (!n_channels)
            return -EINVAL;
    } else {
        enum ieee80211_band band;
        n_channels = 0;

        for (band = 0; band < IEEE80211_NUM_BANDS; band++)
            if (wiphy->bands[band])
                n_channels += wiphy->bands[band]->n_channels;
    }

    if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
        nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp)
            n_ssids++;

    if (n_ssids > wiphy->max_scan_ssids)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_IE])
        ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
    else
        ie_len = 0;

    if (ie_len > wiphy->max_scan_ie_len)
        return -EINVAL;

    request = kzalloc(sizeof(*request)
            + sizeof(*request->ssids) * n_ssids
            + sizeof(*request->channels) * n_channels
            + ie_len, GFP_KERNEL);
    if (!request)
        return -ENOMEM;

    if (n_ssids)
        request->ssids = (void *)&request->channels[n_channels];
    request->n_ssids = n_ssids;
    if (ie_len) {
        if (request->ssids)
            request->ie = (void *)(request->ssids + n_ssids);
        else
            request->ie = (void *)(request->channels + n_channels);
    }

    i = 0;
    if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
        /* user specified, bail out if channel not found */
        nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_FREQUENCIES], tmp) {
            struct ieee80211_channel *chan;

            chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));

            if (!chan) {
                err = -EINVAL;
                goto out_free;
            }

            /* ignore disabled channels */
            if (chan->flags & IEEE80211_CHAN_DISABLED)
                continue;

            request->channels[i] = chan;
            i++;
        }
    } else {
        enum ieee80211_band band;

        /* all channels */
        for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
            int j;
            if (!wiphy->bands[band])
                continue;
            for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
                struct ieee80211_channel *chan;

                chan = &wiphy->bands[band]->channels[j];

                if (chan->flags & IEEE80211_CHAN_DISABLED)
                    continue;

                request->channels[i] = chan;
                i++;
            }
        }
    }

    if (!i) {
        err = -EINVAL;
        goto out_free;
    }

    request->n_channels = i;

    i = 0;
    if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
        nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS], tmp) {
            if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
                err = -EINVAL;
                goto out_free;
            }
            request->ssids[i].ssid_len = nla_len(attr);
            memcpy(request->ssids[i].ssid, nla_data(attr), nla_len(attr));
            i++;
        }
    }

    if (info->attrs[NL80211_ATTR_IE]) {
        request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
        memcpy((void *)request->ie,
               nla_data(info->attrs[NL80211_ATTR_IE]),
               request->ie_len);
    }

    for (i = 0; i < IEEE80211_NUM_BANDS; i++)
        if (wiphy->bands[i])
            request->rates[i] =
                (1 << wiphy->bands[i]->n_bitrates) - 1;

    if (info->attrs[NL80211_ATTR_SCAN_SUPP_RATES]) {
        nla_for_each_nested(attr,
                    info->attrs[NL80211_ATTR_SCAN_SUPP_RATES],
                    tmp) {
            enum ieee80211_band band = nla_type(attr);

            if (band < 0 || band >= IEEE80211_NUM_BANDS) {
                err = -EINVAL;
                goto out_free;
            }
            err = ieee80211_get_ratemask(wiphy->bands[band],
                             nla_data(attr),
                             nla_len(attr),
                             &request->rates[band]);
            if (err)
                goto out_free;
        }
    }

    request->no_cck =
        nla_get_flag(info->attrs[NL80211_ATTR_TX_NO_CCK_RATE]);

    request->wdev = wdev;
    request->wiphy = &rdev->wiphy;

    rdev->scan_req = request;
    err = rdev->ops->scan(&rdev->wiphy, request);

    if (!err) {
        nl80211_send_scan_start(rdev, wdev);
        if (wdev->netdev)
            dev_hold(wdev->netdev);
    } else {
 out_free:
        rdev->scan_req = NULL;
        kfree(request);
    }

    return err;
}

static int nl80211_start_sched_scan(struct sk_buff *skb,
                    struct genl_info *info)
{
    struct cfg80211_sched_scan_request *request;
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct nlattr *attr;
    struct wiphy *wiphy;
    int err, tmp, n_ssids = 0, n_match_sets = 0, n_channels, i;
    u32 interval;
    enum ieee80211_band band;
    size_t ie_len;
    struct nlattr *tb[NL80211_SCHED_SCAN_MATCH_ATTR_MAX + 1];

    if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
        !rdev->ops->sched_scan_start)
        return -EOPNOTSUPP;

    if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL])
        return -EINVAL;

    interval = nla_get_u32(info->attrs[NL80211_ATTR_SCHED_SCAN_INTERVAL]);
    if (interval == 0)
        return -EINVAL;

    wiphy = &rdev->wiphy;

    if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
        n_channels = validate_scan_freqs(
                info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]);
        if (!n_channels)
            return -EINVAL;
    } else {
        n_channels = 0;

        for (band = 0; band < IEEE80211_NUM_BANDS; band++)
            if (wiphy->bands[band])
                n_channels += wiphy->bands[band]->n_channels;
    }

    if (info->attrs[NL80211_ATTR_SCAN_SSIDS])
        nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
                    tmp)
            n_ssids++;

    if (n_ssids > wiphy->max_sched_scan_ssids)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH])
        nla_for_each_nested(attr,
                    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
                    tmp)
            n_match_sets++;

    if (n_match_sets > wiphy->max_match_sets)
        return -EINVAL;

    if (info->attrs[NL80211_ATTR_IE])
        ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
    else
        ie_len = 0;

    if (ie_len > wiphy->max_sched_scan_ie_len)
        return -EINVAL;

    mutex_lock(&rdev->sched_scan_mtx);

    if (rdev->sched_scan_req) {
        err = -EINPROGRESS;
        goto out;
    }

    request = kzalloc(sizeof(*request)
            + sizeof(*request->ssids) * n_ssids
            + sizeof(*request->match_sets) * n_match_sets
            + sizeof(*request->channels) * n_channels
            + ie_len, GFP_KERNEL);
    if (!request) {
        err = -ENOMEM;
        goto out;
    }

    if (n_ssids)
        request->ssids = (void *)&request->channels[n_channels];
    request->n_ssids = n_ssids;
    if (ie_len) {
        if (request->ssids)
            request->ie = (void *)(request->ssids + n_ssids);
        else
            request->ie = (void *)(request->channels + n_channels);
    }

    if (n_match_sets) {
        if (request->ie)
            request->match_sets = (void *)(request->ie + ie_len);
        else if (request->ssids)
            request->match_sets =
                (void *)(request->ssids + n_ssids);
        else
            request->match_sets =
                (void *)(request->channels + n_channels);
    }
    request->n_match_sets = n_match_sets;

    i = 0;
    if (info->attrs[NL80211_ATTR_SCAN_FREQUENCIES]) {
        /* user specified, bail out if channel not found */
        nla_for_each_nested(attr,
                    info->attrs[NL80211_ATTR_SCAN_FREQUENCIES],
                    tmp) {
            struct ieee80211_channel *chan;

            chan = ieee80211_get_channel(wiphy, nla_get_u32(attr));

            if (!chan) {
                err = -EINVAL;
                goto out_free;
            }

            /* ignore disabled channels */
            if (chan->flags & IEEE80211_CHAN_DISABLED)
                continue;

            request->channels[i] = chan;
            i++;
        }
    } else {
        /* all channels */
        for (band = 0; band < IEEE80211_NUM_BANDS; band++) {
            int j;
            if (!wiphy->bands[band])
                continue;
            for (j = 0; j < wiphy->bands[band]->n_channels; j++) {
                struct ieee80211_channel *chan;

                chan = &wiphy->bands[band]->channels[j];

                if (chan->flags & IEEE80211_CHAN_DISABLED)
                    continue;

                request->channels[i] = chan;
                i++;
            }
        }
    }

    if (!i) {
        err = -EINVAL;
        goto out_free;
    }

    request->n_channels = i;

    i = 0;
    if (info->attrs[NL80211_ATTR_SCAN_SSIDS]) {
        nla_for_each_nested(attr, info->attrs[NL80211_ATTR_SCAN_SSIDS],
                    tmp) {
            if (nla_len(attr) > IEEE80211_MAX_SSID_LEN) {
                err = -EINVAL;
                goto out_free;
            }
            request->ssids[i].ssid_len = nla_len(attr);
            memcpy(request->ssids[i].ssid, nla_data(attr),
                   nla_len(attr));
            i++;
        }
    }

    i = 0;
    if (info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH]) {
        nla_for_each_nested(attr,
                    info->attrs[NL80211_ATTR_SCHED_SCAN_MATCH],
                    tmp) {
            struct nlattr *ssid, *rssi;

            nla_parse(tb, NL80211_SCHED_SCAN_MATCH_ATTR_MAX,
                  nla_data(attr), nla_len(attr),
                  nl80211_match_policy);
            ssid = tb[NL80211_SCHED_SCAN_MATCH_ATTR_SSID];
            if (ssid) {
                if (nla_len(ssid) > IEEE80211_MAX_SSID_LEN) {
                    err = -EINVAL;
                    goto out_free;
                }
                memcpy(request->match_sets[i].ssid.ssid,
                       nla_data(ssid), nla_len(ssid));
                request->match_sets[i].ssid.ssid_len =
                    nla_len(ssid);
            }
            rssi = tb[NL80211_SCHED_SCAN_MATCH_ATTR_RSSI];
            if (rssi)
                request->rssi_thold = nla_get_u32(rssi);
            else
                request->rssi_thold =
                           NL80211_SCAN_RSSI_THOLD_OFF;
            i++;
        }
    }

    if (info->attrs[NL80211_ATTR_IE]) {
        request->ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
        memcpy((void *)request->ie,
               nla_data(info->attrs[NL80211_ATTR_IE]),
               request->ie_len);
    }

    request->dev = dev;
    request->wiphy = &rdev->wiphy;
    request->interval = interval;

    err = rdev->ops->sched_scan_start(&rdev->wiphy, dev, request);
    if (!err) {
        rdev->sched_scan_req = request;
        nl80211_send_sched_scan(rdev, dev,
                    NL80211_CMD_START_SCHED_SCAN);
        goto out;
    }

out_free:
    kfree(request);
out:
    mutex_unlock(&rdev->sched_scan_mtx);
    return err;
}

static int nl80211_stop_sched_scan(struct sk_buff *skb,
                   struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    int err;

    if (!(rdev->wiphy.flags & WIPHY_FLAG_SUPPORTS_SCHED_SCAN) ||
        !rdev->ops->sched_scan_stop)
        return -EOPNOTSUPP;

    mutex_lock(&rdev->sched_scan_mtx);
    err = __cfg80211_stop_sched_scan(rdev, false);
    mutex_unlock(&rdev->sched_scan_mtx);

    return err;
}

static int nl80211_send_bss(struct sk_buff *msg, struct netlink_callback *cb,
                u32 seq, int flags,
                struct cfg80211_registered_device *rdev,
                struct wireless_dev *wdev,
                struct cfg80211_internal_bss *intbss)
{
    struct cfg80211_bss *res = &intbss->pub;
    void *hdr;
    struct nlattr *bss;

    ASSERT_WDEV_LOCK(wdev);

    hdr = nl80211hdr_put(msg, NETLINK_CB(cb->skb).portid, seq, flags,
                 NL80211_CMD_NEW_SCAN_RESULTS);
    if (!hdr)
        return -1;

    genl_dump_check_consistent(cb, hdr, &nl80211_fam);

    if (nla_put_u32(msg, NL80211_ATTR_GENERATION, rdev->bss_generation) ||
        nla_put_u32(msg, NL80211_ATTR_IFINDEX, wdev->netdev->ifindex))
        goto nla_put_failure;

    bss = nla_nest_start(msg, NL80211_ATTR_BSS);
    if (!bss)
        goto nla_put_failure;
    if ((!is_zero_ether_addr(res->bssid) &&
         nla_put(msg, NL80211_BSS_BSSID, ETH_ALEN, res->bssid)) ||
        (res->information_elements && res->len_information_elements &&
         nla_put(msg, NL80211_BSS_INFORMATION_ELEMENTS,
             res->len_information_elements,
             res->information_elements)) ||
        (res->beacon_ies && res->len_beacon_ies &&
         res->beacon_ies != res->information_elements &&
         nla_put(msg, NL80211_BSS_BEACON_IES,
             res->len_beacon_ies, res->beacon_ies)))
        goto nla_put_failure;
    if (res->tsf &&
        nla_put_u64(msg, NL80211_BSS_TSF, res->tsf))
        goto nla_put_failure;
    if (res->beacon_interval &&
        nla_put_u16(msg, NL80211_BSS_BEACON_INTERVAL, res->beacon_interval))
        goto nla_put_failure;
    if (nla_put_u16(msg, NL80211_BSS_CAPABILITY, res->capability) ||
        nla_put_u32(msg, NL80211_BSS_FREQUENCY, res->channel->center_freq) ||
        nla_put_u32(msg, NL80211_BSS_SEEN_MS_AGO,
            jiffies_to_msecs(jiffies - intbss->ts)))
        goto nla_put_failure;

    switch (rdev->wiphy.signal_type) {
    case CFG80211_SIGNAL_TYPE_MBM:
        if (nla_put_u32(msg, NL80211_BSS_SIGNAL_MBM, res->signal))
            goto nla_put_failure;
        break;
    case CFG80211_SIGNAL_TYPE_UNSPEC:
        if (nla_put_u8(msg, NL80211_BSS_SIGNAL_UNSPEC, res->signal))
            goto nla_put_failure;
        break;
    default:
        break;
    }

    switch (wdev->iftype) {
    case NL80211_IFTYPE_P2P_CLIENT:
    case NL80211_IFTYPE_STATION:
        if (intbss == wdev->current_bss &&
            nla_put_u32(msg, NL80211_BSS_STATUS,
                NL80211_BSS_STATUS_ASSOCIATED))
            goto nla_put_failure;
        break;
    case NL80211_IFTYPE_ADHOC:
        if (intbss == wdev->current_bss &&
            nla_put_u32(msg, NL80211_BSS_STATUS,
                NL80211_BSS_STATUS_IBSS_JOINED))
            goto nla_put_failure;
        break;
    default:
        break;
    }

    nla_nest_end(msg, bss);

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_scan(struct sk_buff *skb,
                 struct netlink_callback *cb)
{
    struct cfg80211_registered_device *rdev;
    struct net_device *dev;
    struct cfg80211_internal_bss *scan;
    struct wireless_dev *wdev;
    int start = cb->args[1], idx = 0;
    int err;

    err = nl80211_prepare_netdev_dump(skb, cb, &rdev, &dev);
    if (err)
        return err;

    wdev = dev->ieee80211_ptr;

    wdev_lock(wdev);
    spin_lock_bh(&rdev->bss_lock);
    cfg80211_bss_expire(rdev);

    cb->seq = rdev->bss_generation;

    list_for_each_entry(scan, &rdev->bss_list, list) {
        if (++idx <= start)
            continue;
        if (nl80211_send_bss(skb, cb,
                cb->nlh->nlmsg_seq, NLM_F_MULTI,
                rdev, wdev, scan) < 0) {
            idx--;
            break;
        }
    }

    spin_unlock_bh(&rdev->bss_lock);
    wdev_unlock(wdev);

    cb->args[1] = idx;
    nl80211_finish_netdev_dump(rdev);

    return skb->len;
}

static int nl80211_send_survey(struct sk_buff *msg, u32 portid, u32 seq,
                int flags, struct net_device *dev,
                struct survey_info *survey)
{
    void *hdr;
    struct nlattr *infoattr;

    hdr = nl80211hdr_put(msg, portid, seq, flags,
                 NL80211_CMD_NEW_SURVEY_RESULTS);
    if (!hdr)
        return -ENOMEM;

    if (nla_put_u32(msg, NL80211_ATTR_IFINDEX, dev->ifindex))
        goto nla_put_failure;

    infoattr = nla_nest_start(msg, NL80211_ATTR_SURVEY_INFO);
    if (!infoattr)
        goto nla_put_failure;

    if (nla_put_u32(msg, NL80211_SURVEY_INFO_FREQUENCY,
            survey->channel->center_freq))
        goto nla_put_failure;

    if ((survey->filled & SURVEY_INFO_NOISE_DBM) &&
        nla_put_u8(msg, NL80211_SURVEY_INFO_NOISE, survey->noise))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_IN_USE) &&
        nla_put_flag(msg, NL80211_SURVEY_INFO_IN_USE))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_CHANNEL_TIME) &&
        nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME,
            survey->channel_time))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_BUSY) &&
        nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_BUSY,
            survey->channel_time_busy))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_EXT_BUSY) &&
        nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_EXT_BUSY,
            survey->channel_time_ext_busy))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_RX) &&
        nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_RX,
            survey->channel_time_rx))
        goto nla_put_failure;
    if ((survey->filled & SURVEY_INFO_CHANNEL_TIME_TX) &&
        nla_put_u64(msg, NL80211_SURVEY_INFO_CHANNEL_TIME_TX,
            survey->channel_time_tx))
        goto nla_put_failure;

    nla_nest_end(msg, infoattr);

    return genlmsg_end(msg, hdr);

 nla_put_failure:
    genlmsg_cancel(msg, hdr);
    return -EMSGSIZE;
}

static int nl80211_dump_survey(struct sk_buff *skb,
            struct netlink_callback *cb)
{
    struct survey_info survey;
    struct cfg80211_registered_device *dev;
    struct net_device *netdev;
    int survey_idx = cb->args[1];
    int res;

    res = nl80211_prepare_netdev_dump(skb, cb, &dev, &netdev);
    if (res)
        return res;

    if (!dev->ops->dump_survey) {
        res = -EOPNOTSUPP;
        goto out_err;
    }

    while (1) {
        struct ieee80211_channel *chan;

        res = dev->ops->dump_survey(&dev->wiphy, netdev, survey_idx,
                        &survey);
        if (res == -ENOENT)
            break;
        if (res)
            goto out_err;

        /* Survey without a channel doesn't make sense */
        if (!survey.channel) {
            res = -EINVAL;
            goto out;
        }

        chan = ieee80211_get_channel(&dev->wiphy,
                         survey.channel->center_freq);
        if (!chan || chan->flags & IEEE80211_CHAN_DISABLED) {
            survey_idx++;
            continue;
        }

        if (nl80211_send_survey(skb,
                NETLINK_CB(cb->skb).portid,
                cb->nlh->nlmsg_seq, NLM_F_MULTI,
                netdev,
                &survey) < 0)
            goto out;
        survey_idx++;
    }

 out:
    cb->args[1] = survey_idx;
    res = skb->len;
 out_err:
    nl80211_finish_netdev_dump(dev);
    return res;
}

static bool nl80211_valid_auth_type(enum nl80211_auth_type auth_type)
{
    return auth_type <= NL80211_AUTHTYPE_MAX;
}

static bool nl80211_valid_wpa_versions(u32 wpa_versions)
{
    return !(wpa_versions & ~(NL80211_WPA_VERSION_1 |
                  NL80211_WPA_VERSION_2));
}

static int nl80211_authenticate(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct ieee80211_channel *chan;
    const u8 *bssid, *ssid, *ie = NULL;
    int err, ssid_len, ie_len = 0;
    enum nl80211_auth_type auth_type;
    struct key_parse key;
    bool local_state_change;

    if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_MAC])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_AUTH_TYPE])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_SSID])
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_WIPHY_FREQ])
        return -EINVAL;

    err = nl80211_parse_key(info, &key);
    if (err)
        return err;

    if (key.idx >= 0) {
        if (key.type != -1 && key.type != NL80211_KEYTYPE_GROUP)
            return -EINVAL;
        if (!key.p.key || !key.p.key_len)
            return -EINVAL;
        if ((key.p.cipher != WLAN_CIPHER_SUITE_WEP40 ||
             key.p.key_len != WLAN_KEY_LEN_WEP40) &&
            (key.p.cipher != WLAN_CIPHER_SUITE_WEP104 ||
             key.p.key_len != WLAN_KEY_LEN_WEP104))
            return -EINVAL;
        if (key.idx > 4)
            return -EINVAL;
    } else {
        key.p.key_len = 0;
        key.p.key = NULL;
    }

    if (key.idx >= 0) {
        int i;
        bool ok = false;
        for (i = 0; i < rdev->wiphy.n_cipher_suites; i++) {
            if (key.p.cipher == rdev->wiphy.cipher_suites[i]) {
                ok = true;
                break;
            }
        }
        if (!ok)
            return -EINVAL;
    }

    if (!rdev->ops->auth)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
        return -EOPNOTSUPP;

    bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);
    chan = ieee80211_get_channel(&rdev->wiphy,
        nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
    if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
        return -EINVAL;

    ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
    ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);

    if (info->attrs[NL80211_ATTR_IE]) {
        ie = nla_data(info->attrs[NL80211_ATTR_IE]);
        ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
    }

    auth_type = nla_get_u32(info->attrs[NL80211_ATTR_AUTH_TYPE]);
    if (!nl80211_valid_auth_type(auth_type))
        return -EINVAL;

    local_state_change = !!info->attrs[NL80211_ATTR_LOCAL_STATE_CHANGE];

    /*
     * Since we no longer track auth state, ignore
     * requests to only change local state.
     */
    if (local_state_change)
        return 0;

    return cfg80211_mlme_auth(rdev, dev, chan, auth_type, bssid,
                  ssid, ssid_len, ie, ie_len,
                  key.p.key, key.p.key_len, key.idx);
}

static int nl80211_crypto_settings(struct cfg80211_registered_device *rdev,
                   struct genl_info *info,
                   struct cfg80211_crypto_settings *settings,
                   int cipher_limit)
{
    memset(settings, 0, sizeof(*settings));

    settings->control_port = info->attrs[NL80211_ATTR_CONTROL_PORT];

    if (info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) {
        u16 proto;
        proto = nla_get_u16(
            info->attrs[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]);
        settings->control_port_ethertype = cpu_to_be16(proto);
        if (!(rdev->wiphy.flags & WIPHY_FLAG_CONTROL_PORT_PROTOCOL) &&
            proto != ETH_P_PAE)
            return -EINVAL;
        if (info->attrs[NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT])
            settings->control_port_no_encrypt = true;
    } else
        settings->control_port_ethertype = cpu_to_be16(ETH_P_PAE);

    if (info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]) {
        void *data;
        int len, i;

        data = nla_data(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
        len = nla_len(info->attrs[NL80211_ATTR_CIPHER_SUITES_PAIRWISE]);
        settings->n_ciphers_pairwise = len / sizeof(u32);

        if (len % sizeof(u32))
            return -EINVAL;

        if (settings->n_ciphers_pairwise > cipher_limit)
            return -EINVAL;

        memcpy(settings->ciphers_pairwise, data, len);

        for (i = 0; i < settings->n_ciphers_pairwise; i++)
            if (!cfg80211_supported_cipher_suite(
                    &rdev->wiphy,
                    settings->ciphers_pairwise[i]))
                return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]) {
        settings->cipher_group =
            nla_get_u32(info->attrs[NL80211_ATTR_CIPHER_SUITE_GROUP]);
        if (!cfg80211_supported_cipher_suite(&rdev->wiphy,
                             settings->cipher_group))
            return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_WPA_VERSIONS]) {
        settings->wpa_versions =
            nla_get_u32(info->attrs[NL80211_ATTR_WPA_VERSIONS]);
        if (!nl80211_valid_wpa_versions(settings->wpa_versions))
            return -EINVAL;
    }

    if (info->attrs[NL80211_ATTR_AKM_SUITES]) {
        void *data;
        int len;

        data = nla_data(info->attrs[NL80211_ATTR_AKM_SUITES]);
        len = nla_len(info->attrs[NL80211_ATTR_AKM_SUITES]);
        settings->n_akm_suites = len / sizeof(u32);

        if (len % sizeof(u32))
            return -EINVAL;

        if (settings->n_akm_suites > NL80211_MAX_NR_AKM_SUITES)
            return -EINVAL;

        memcpy(settings->akm_suites, data, len);
    }

    return 0;
}

static int nl80211_associate(struct sk_buff *skb, struct genl_info *info)
{
    struct cfg80211_registered_device *rdev = info->user_ptr[0];
    struct net_device *dev = info->user_ptr[1];
    struct cfg80211_crypto_settings crypto;
    struct ieee80211_channel *chan;
    const u8 *bssid, *ssid, *ie = NULL, *prev_bssid = NULL;
    int err, ssid_len, ie_len = 0;
    bool use_mfp = false;
    u32 flags = 0;
    struct ieee80211_ht_cap *ht_capa = NULL;
    struct ieee80211_ht_cap *ht_capa_mask = NULL;

    if (!is_valid_ie_attr(info->attrs[NL80211_ATTR_IE]))
        return -EINVAL;

    if (!info->attrs[NL80211_ATTR_MAC] ||
        !info->attrs[NL80211_ATTR_SSID] ||
        !info->attrs[NL80211_ATTR_WIPHY_FREQ])
        return -EINVAL;

    if (!rdev->ops->assoc)
        return -EOPNOTSUPP;

    if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_STATION &&
        dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_CLIENT)
        return -EOPNOTSUPP;

    bssid = nla_data(info->attrs[NL80211_ATTR_MAC]);

    chan = ieee80211_get_channel(&rdev->wiphy,
        nla_get_u32(info->attrs[NL80211_ATTR_WIPHY_FREQ]));
    if (!chan || (chan->flags & IEEE80211_CHAN_DISABLED))
        return -EINVAL;

    ssid = nla_data(info->attrs[NL80211_ATTR_SSID]);
    ssid_len = nla_len(info->attrs[NL80211_ATTR_SSID]);

    if (info->attrs[NL80211_ATTR_IE]) {
        ie = nla_data(info->attrs[NL80211_ATTR_IE]);
        ie_len = nla_len(info->attrs[NL80211_ATTR_IE]);
    }

    if (info->attrs[NL80211_ATTR_USE_MFP]) {
        enum nl80211_mfp mfp =
            nla_get_u32(info->attrs[NL80211_ATTR_USE_MFP]);
        if (mfp == NL80211_MFP_REQUIRED)
            use_mfp = true;
        else if (mfp != NL80211_MFP_NO)
            return -EINVAL;
    }

    if (info->attrs[