drivers/net/wireless/mac80211_hwsim.c at v4.7-rc4

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / net / wireless / mac80211_hwsim.c
at v4.7-rc4 3380 lines 91 kB view raw
wrap content
   1/*
   2 * mac80211_hwsim - software simulator of 802.11 radio(s) for mac80211
   3 * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
   4 * Copyright (c) 2011, Javier Lopez <jlopex@gmail.com>
   5 *
   6 * This program is free software; you can redistribute it and/or modify
   7 * it under the terms of the GNU General Public License version 2 as
   8 * published by the Free Software Foundation.
   9 */
  10
  11/*
  12 * TODO:
  13 * - Add TSF sync and fix IBSS beacon transmission by adding
  14 *   competition for "air time" at TBTT
  15 * - RX filtering based on filter configuration (data->rx_filter)
  16 */
  17
  18#include <linux/list.h>
  19#include <linux/slab.h>
  20#include <linux/spinlock.h>
  21#include <net/dst.h>
  22#include <net/xfrm.h>
  23#include <net/mac80211.h>
  24#include <net/ieee80211_radiotap.h>
  25#include <linux/if_arp.h>
  26#include <linux/rtnetlink.h>
  27#include <linux/etherdevice.h>
  28#include <linux/platform_device.h>
  29#include <linux/debugfs.h>
  30#include <linux/module.h>
  31#include <linux/ktime.h>
  32#include <net/genetlink.h>
  33#include "mac80211_hwsim.h"
  34
  35#define WARN_QUEUE 100
  36#define MAX_QUEUE 200
  37
  38MODULE_AUTHOR("Jouni Malinen");
  39MODULE_DESCRIPTION("Software simulator of 802.11 radio(s) for mac80211");
  40MODULE_LICENSE("GPL");
  41
  42static u32 wmediumd_portid;
  43
  44static int radios = 2;
  45module_param(radios, int, 0444);
  46MODULE_PARM_DESC(radios, "Number of simulated radios");
  47
  48static int channels = 1;
  49module_param(channels, int, 0444);
  50MODULE_PARM_DESC(channels, "Number of concurrent channels");
  51
  52static bool paged_rx = false;
  53module_param(paged_rx, bool, 0644);
  54MODULE_PARM_DESC(paged_rx, "Use paged SKBs for RX instead of linear ones");
  55
  56static bool rctbl = false;
  57module_param(rctbl, bool, 0444);
  58MODULE_PARM_DESC(rctbl, "Handle rate control table");
  59
  60static bool support_p2p_device = true;
  61module_param(support_p2p_device, bool, 0444);
  62MODULE_PARM_DESC(support_p2p_device, "Support P2P-Device interface type");
  63
  64/**
  65 * enum hwsim_regtest - the type of regulatory tests we offer
  66 *
  67 * These are the different values you can use for the regtest
  68 * module parameter. This is useful to help test world roaming
  69 * and the driver regulatory_hint() call and combinations of these.
  70 * If you want to do specific alpha2 regulatory domain tests simply
  71 * use the userspace regulatory request as that will be respected as
  72 * well without the need of this module parameter. This is designed
  73 * only for testing the driver regulatory request, world roaming
  74 * and all possible combinations.
  75 *
  76 * @HWSIM_REGTEST_DISABLED: No regulatory tests are performed,
  77 * 	this is the default value.
  78 * @HWSIM_REGTEST_DRIVER_REG_FOLLOW: Used for testing the driver regulatory
  79 *	hint, only one driver regulatory hint will be sent as such the
  80 * 	secondary radios are expected to follow.
  81 * @HWSIM_REGTEST_DRIVER_REG_ALL: Used for testing the driver regulatory
  82 * 	request with all radios reporting the same regulatory domain.
  83 * @HWSIM_REGTEST_DIFF_COUNTRY: Used for testing the drivers calling
  84 * 	different regulatory domains requests. Expected behaviour is for
  85 * 	an intersection to occur but each device will still use their
  86 * 	respective regulatory requested domains. Subsequent radios will
  87 * 	use the resulting intersection.
  88 * @HWSIM_REGTEST_WORLD_ROAM: Used for testing the world roaming. We accomplish
  89 *	this by using a custom beacon-capable regulatory domain for the first
  90 *	radio. All other device world roam.
  91 * @HWSIM_REGTEST_CUSTOM_WORLD: Used for testing the custom world regulatory
  92 * 	domain requests. All radios will adhere to this custom world regulatory
  93 * 	domain.
  94 * @HWSIM_REGTEST_CUSTOM_WORLD_2: Used for testing 2 custom world regulatory
  95 * 	domain requests. The first radio will adhere to the first custom world
  96 * 	regulatory domain, the second one to the second custom world regulatory
  97 * 	domain. All other devices will world roam.
  98 * @HWSIM_REGTEST_STRICT_FOLLOW_: Used for testing strict regulatory domain
  99 *	settings, only the first radio will send a regulatory domain request
 100 *	and use strict settings. The rest of the radios are expected to follow.
 101 * @HWSIM_REGTEST_STRICT_ALL: Used for testing strict regulatory domain
 102 *	settings. All radios will adhere to this.
 103 * @HWSIM_REGTEST_STRICT_AND_DRIVER_REG: Used for testing strict regulatory
 104 *	domain settings, combined with secondary driver regulatory domain
 105 *	settings. The first radio will get a strict regulatory domain setting
 106 *	using the first driver regulatory request and the second radio will use
 107 *	non-strict settings using the second driver regulatory request. All
 108 *	other devices should follow the intersection created between the
 109 *	first two.
 110 * @HWSIM_REGTEST_ALL: Used for testing every possible mix. You will need
 111 * 	at least 6 radios for a complete test. We will test in this order:
 112 * 	1 - driver custom world regulatory domain
 113 * 	2 - second custom world regulatory domain
 114 * 	3 - first driver regulatory domain request
 115 * 	4 - second driver regulatory domain request
 116 * 	5 - strict regulatory domain settings using the third driver regulatory
 117 * 	    domain request
 118 * 	6 and on - should follow the intersection of the 3rd, 4rth and 5th radio
 119 * 	           regulatory requests.
 120 */
 121enum hwsim_regtest {
 122	HWSIM_REGTEST_DISABLED = 0,
 123	HWSIM_REGTEST_DRIVER_REG_FOLLOW = 1,
 124	HWSIM_REGTEST_DRIVER_REG_ALL = 2,
 125	HWSIM_REGTEST_DIFF_COUNTRY = 3,
 126	HWSIM_REGTEST_WORLD_ROAM = 4,
 127	HWSIM_REGTEST_CUSTOM_WORLD = 5,
 128	HWSIM_REGTEST_CUSTOM_WORLD_2 = 6,
 129	HWSIM_REGTEST_STRICT_FOLLOW = 7,
 130	HWSIM_REGTEST_STRICT_ALL = 8,
 131	HWSIM_REGTEST_STRICT_AND_DRIVER_REG = 9,
 132	HWSIM_REGTEST_ALL = 10,
 133};
 134
 135/* Set to one of the HWSIM_REGTEST_* values above */
 136static int regtest = HWSIM_REGTEST_DISABLED;
 137module_param(regtest, int, 0444);
 138MODULE_PARM_DESC(regtest, "The type of regulatory test we want to run");
 139
 140static const char *hwsim_alpha2s[] = {
 141	"FI",
 142	"AL",
 143	"US",
 144	"DE",
 145	"JP",
 146	"AL",
 147};
 148
 149static const struct ieee80211_regdomain hwsim_world_regdom_custom_01 = {
 150	.n_reg_rules = 4,
 151	.alpha2 =  "99",
 152	.reg_rules = {
 153		REG_RULE(2412-10, 2462+10, 40, 0, 20, 0),
 154		REG_RULE(2484-10, 2484+10, 40, 0, 20, 0),
 155		REG_RULE(5150-10, 5240+10, 40, 0, 30, 0),
 156		REG_RULE(5745-10, 5825+10, 40, 0, 30, 0),
 157	}
 158};
 159
 160static const struct ieee80211_regdomain hwsim_world_regdom_custom_02 = {
 161	.n_reg_rules = 2,
 162	.alpha2 =  "99",
 163	.reg_rules = {
 164		REG_RULE(2412-10, 2462+10, 40, 0, 20, 0),
 165		REG_RULE(5725-10, 5850+10, 40, 0, 30,
 166			 NL80211_RRF_NO_IR),
 167	}
 168};
 169
 170static const struct ieee80211_regdomain *hwsim_world_regdom_custom[] = {
 171	&hwsim_world_regdom_custom_01,
 172	&hwsim_world_regdom_custom_02,
 173};
 174
 175struct hwsim_vif_priv {
 176	u32 magic;
 177	u8 bssid[ETH_ALEN];
 178	bool assoc;
 179	bool bcn_en;
 180	u16 aid;
 181};
 182
 183#define HWSIM_VIF_MAGIC	0x69537748
 184
 185static inline void hwsim_check_magic(struct ieee80211_vif *vif)
 186{
 187	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
 188	WARN(vp->magic != HWSIM_VIF_MAGIC,
 189	     "Invalid VIF (%p) magic %#x, %pM, %d/%d\n",
 190	     vif, vp->magic, vif->addr, vif->type, vif->p2p);
 191}
 192
 193static inline void hwsim_set_magic(struct ieee80211_vif *vif)
 194{
 195	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
 196	vp->magic = HWSIM_VIF_MAGIC;
 197}
 198
 199static inline void hwsim_clear_magic(struct ieee80211_vif *vif)
 200{
 201	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
 202	vp->magic = 0;
 203}
 204
 205struct hwsim_sta_priv {
 206	u32 magic;
 207};
 208
 209#define HWSIM_STA_MAGIC	0x6d537749
 210
 211static inline void hwsim_check_sta_magic(struct ieee80211_sta *sta)
 212{
 213	struct hwsim_sta_priv *sp = (void *)sta->drv_priv;
 214	WARN_ON(sp->magic != HWSIM_STA_MAGIC);
 215}
 216
 217static inline void hwsim_set_sta_magic(struct ieee80211_sta *sta)
 218{
 219	struct hwsim_sta_priv *sp = (void *)sta->drv_priv;
 220	sp->magic = HWSIM_STA_MAGIC;
 221}
 222
 223static inline void hwsim_clear_sta_magic(struct ieee80211_sta *sta)
 224{
 225	struct hwsim_sta_priv *sp = (void *)sta->drv_priv;
 226	sp->magic = 0;
 227}
 228
 229struct hwsim_chanctx_priv {
 230	u32 magic;
 231};
 232
 233#define HWSIM_CHANCTX_MAGIC 0x6d53774a
 234
 235static inline void hwsim_check_chanctx_magic(struct ieee80211_chanctx_conf *c)
 236{
 237	struct hwsim_chanctx_priv *cp = (void *)c->drv_priv;
 238	WARN_ON(cp->magic != HWSIM_CHANCTX_MAGIC);
 239}
 240
 241static inline void hwsim_set_chanctx_magic(struct ieee80211_chanctx_conf *c)
 242{
 243	struct hwsim_chanctx_priv *cp = (void *)c->drv_priv;
 244	cp->magic = HWSIM_CHANCTX_MAGIC;
 245}
 246
 247static inline void hwsim_clear_chanctx_magic(struct ieee80211_chanctx_conf *c)
 248{
 249	struct hwsim_chanctx_priv *cp = (void *)c->drv_priv;
 250	cp->magic = 0;
 251}
 252
 253static struct class *hwsim_class;
 254
 255static struct net_device *hwsim_mon; /* global monitor netdev */
 256
 257#define CHAN2G(_freq)  { \
 258	.band = NL80211_BAND_2GHZ, \
 259	.center_freq = (_freq), \
 260	.hw_value = (_freq), \
 261	.max_power = 20, \
 262}
 263
 264#define CHAN5G(_freq) { \
 265	.band = NL80211_BAND_5GHZ, \
 266	.center_freq = (_freq), \
 267	.hw_value = (_freq), \
 268	.max_power = 20, \
 269}
 270
 271static const struct ieee80211_channel hwsim_channels_2ghz[] = {
 272	CHAN2G(2412), /* Channel 1 */
 273	CHAN2G(2417), /* Channel 2 */
 274	CHAN2G(2422), /* Channel 3 */
 275	CHAN2G(2427), /* Channel 4 */
 276	CHAN2G(2432), /* Channel 5 */
 277	CHAN2G(2437), /* Channel 6 */
 278	CHAN2G(2442), /* Channel 7 */
 279	CHAN2G(2447), /* Channel 8 */
 280	CHAN2G(2452), /* Channel 9 */
 281	CHAN2G(2457), /* Channel 10 */
 282	CHAN2G(2462), /* Channel 11 */
 283	CHAN2G(2467), /* Channel 12 */
 284	CHAN2G(2472), /* Channel 13 */
 285	CHAN2G(2484), /* Channel 14 */
 286};
 287
 288static const struct ieee80211_channel hwsim_channels_5ghz[] = {
 289	CHAN5G(5180), /* Channel 36 */
 290	CHAN5G(5200), /* Channel 40 */
 291	CHAN5G(5220), /* Channel 44 */
 292	CHAN5G(5240), /* Channel 48 */
 293
 294	CHAN5G(5260), /* Channel 52 */
 295	CHAN5G(5280), /* Channel 56 */
 296	CHAN5G(5300), /* Channel 60 */
 297	CHAN5G(5320), /* Channel 64 */
 298
 299	CHAN5G(5500), /* Channel 100 */
 300	CHAN5G(5520), /* Channel 104 */
 301	CHAN5G(5540), /* Channel 108 */
 302	CHAN5G(5560), /* Channel 112 */
 303	CHAN5G(5580), /* Channel 116 */
 304	CHAN5G(5600), /* Channel 120 */
 305	CHAN5G(5620), /* Channel 124 */
 306	CHAN5G(5640), /* Channel 128 */
 307	CHAN5G(5660), /* Channel 132 */
 308	CHAN5G(5680), /* Channel 136 */
 309	CHAN5G(5700), /* Channel 140 */
 310
 311	CHAN5G(5745), /* Channel 149 */
 312	CHAN5G(5765), /* Channel 153 */
 313	CHAN5G(5785), /* Channel 157 */
 314	CHAN5G(5805), /* Channel 161 */
 315	CHAN5G(5825), /* Channel 165 */
 316};
 317
 318static const struct ieee80211_rate hwsim_rates[] = {
 319	{ .bitrate = 10 },
 320	{ .bitrate = 20, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 321	{ .bitrate = 55, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 322	{ .bitrate = 110, .flags = IEEE80211_RATE_SHORT_PREAMBLE },
 323	{ .bitrate = 60 },
 324	{ .bitrate = 90 },
 325	{ .bitrate = 120 },
 326	{ .bitrate = 180 },
 327	{ .bitrate = 240 },
 328	{ .bitrate = 360 },
 329	{ .bitrate = 480 },
 330	{ .bitrate = 540 }
 331};
 332
 333#define OUI_QCA 0x001374
 334#define QCA_NL80211_SUBCMD_TEST 1
 335enum qca_nl80211_vendor_subcmds {
 336	QCA_WLAN_VENDOR_ATTR_TEST = 8,
 337	QCA_WLAN_VENDOR_ATTR_MAX = QCA_WLAN_VENDOR_ATTR_TEST
 338};
 339
 340static const struct nla_policy
 341hwsim_vendor_test_policy[QCA_WLAN_VENDOR_ATTR_MAX + 1] = {
 342	[QCA_WLAN_VENDOR_ATTR_MAX] = { .type = NLA_U32 },
 343};
 344
 345static int mac80211_hwsim_vendor_cmd_test(struct wiphy *wiphy,
 346					  struct wireless_dev *wdev,
 347					  const void *data, int data_len)
 348{
 349	struct sk_buff *skb;
 350	struct nlattr *tb[QCA_WLAN_VENDOR_ATTR_MAX + 1];
 351	int err;
 352	u32 val;
 353
 354	err = nla_parse(tb, QCA_WLAN_VENDOR_ATTR_MAX, data, data_len,
 355			hwsim_vendor_test_policy);
 356	if (err)
 357		return err;
 358	if (!tb[QCA_WLAN_VENDOR_ATTR_TEST])
 359		return -EINVAL;
 360	val = nla_get_u32(tb[QCA_WLAN_VENDOR_ATTR_TEST]);
 361	wiphy_debug(wiphy, "%s: test=%u\n", __func__, val);
 362
 363	/* Send a vendor event as a test. Note that this would not normally be
 364	 * done within a command handler, but rather, based on some other
 365	 * trigger. For simplicity, this command is used to trigger the event
 366	 * here.
 367	 *
 368	 * event_idx = 0 (index in mac80211_hwsim_vendor_commands)
 369	 */
 370	skb = cfg80211_vendor_event_alloc(wiphy, wdev, 100, 0, GFP_KERNEL);
 371	if (skb) {
 372		/* skb_put() or nla_put() will fill up data within
 373		 * NL80211_ATTR_VENDOR_DATA.
 374		 */
 375
 376		/* Add vendor data */
 377		nla_put_u32(skb, QCA_WLAN_VENDOR_ATTR_TEST, val + 1);
 378
 379		/* Send the event - this will call nla_nest_end() */
 380		cfg80211_vendor_event(skb, GFP_KERNEL);
 381	}
 382
 383	/* Send a response to the command */
 384	skb = cfg80211_vendor_cmd_alloc_reply_skb(wiphy, 10);
 385	if (!skb)
 386		return -ENOMEM;
 387
 388	/* skb_put() or nla_put() will fill up data within
 389	 * NL80211_ATTR_VENDOR_DATA
 390	 */
 391	nla_put_u32(skb, QCA_WLAN_VENDOR_ATTR_TEST, val + 2);
 392
 393	return cfg80211_vendor_cmd_reply(skb);
 394}
 395
 396static struct wiphy_vendor_command mac80211_hwsim_vendor_commands[] = {
 397	{
 398		.info = { .vendor_id = OUI_QCA,
 399			  .subcmd = QCA_NL80211_SUBCMD_TEST },
 400		.flags = WIPHY_VENDOR_CMD_NEED_NETDEV,
 401		.doit = mac80211_hwsim_vendor_cmd_test,
 402	}
 403};
 404
 405/* Advertise support vendor specific events */
 406static const struct nl80211_vendor_cmd_info mac80211_hwsim_vendor_events[] = {
 407	{ .vendor_id = OUI_QCA, .subcmd = 1 },
 408};
 409
 410static const struct ieee80211_iface_limit hwsim_if_limits[] = {
 411	{ .max = 1, .types = BIT(NL80211_IFTYPE_ADHOC) },
 412	{ .max = 2048,  .types = BIT(NL80211_IFTYPE_STATION) |
 413				 BIT(NL80211_IFTYPE_P2P_CLIENT) |
 414#ifdef CONFIG_MAC80211_MESH
 415				 BIT(NL80211_IFTYPE_MESH_POINT) |
 416#endif
 417				 BIT(NL80211_IFTYPE_AP) |
 418				 BIT(NL80211_IFTYPE_P2P_GO) },
 419	/* must be last, see hwsim_if_comb */
 420	{ .max = 1, .types = BIT(NL80211_IFTYPE_P2P_DEVICE) }
 421};
 422
 423static const struct ieee80211_iface_limit hwsim_if_dfs_limits[] = {
 424	{ .max = 8, .types = BIT(NL80211_IFTYPE_AP) },
 425};
 426
 427static const struct ieee80211_iface_combination hwsim_if_comb[] = {
 428	{
 429		.limits = hwsim_if_limits,
 430		/* remove the last entry which is P2P_DEVICE */
 431		.n_limits = ARRAY_SIZE(hwsim_if_limits) - 1,
 432		.max_interfaces = 2048,
 433		.num_different_channels = 1,
 434	},
 435	{
 436		.limits = hwsim_if_dfs_limits,
 437		.n_limits = ARRAY_SIZE(hwsim_if_dfs_limits),
 438		.max_interfaces = 8,
 439		.num_different_channels = 1,
 440		.radar_detect_widths = BIT(NL80211_CHAN_WIDTH_20_NOHT) |
 441				       BIT(NL80211_CHAN_WIDTH_20) |
 442				       BIT(NL80211_CHAN_WIDTH_40) |
 443				       BIT(NL80211_CHAN_WIDTH_80) |
 444				       BIT(NL80211_CHAN_WIDTH_160),
 445	}
 446};
 447
 448static const struct ieee80211_iface_combination hwsim_if_comb_p2p_dev[] = {
 449	{
 450		.limits = hwsim_if_limits,
 451		.n_limits = ARRAY_SIZE(hwsim_if_limits),
 452		.max_interfaces = 2048,
 453		.num_different_channels = 1,
 454	},
 455	{
 456		.limits = hwsim_if_dfs_limits,
 457		.n_limits = ARRAY_SIZE(hwsim_if_dfs_limits),
 458		.max_interfaces = 8,
 459		.num_different_channels = 1,
 460		.radar_detect_widths = BIT(NL80211_CHAN_WIDTH_20_NOHT) |
 461				       BIT(NL80211_CHAN_WIDTH_20) |
 462				       BIT(NL80211_CHAN_WIDTH_40) |
 463				       BIT(NL80211_CHAN_WIDTH_80) |
 464				       BIT(NL80211_CHAN_WIDTH_160),
 465	}
 466};
 467
 468static spinlock_t hwsim_radio_lock;
 469static struct list_head hwsim_radios;
 470static int hwsim_radio_idx;
 471
 472static struct platform_driver mac80211_hwsim_driver = {
 473	.driver = {
 474		.name = "mac80211_hwsim",
 475	},
 476};
 477
 478struct mac80211_hwsim_data {
 479	struct list_head list;
 480	struct ieee80211_hw *hw;
 481	struct device *dev;
 482	struct ieee80211_supported_band bands[NUM_NL80211_BANDS];
 483	struct ieee80211_channel channels_2ghz[ARRAY_SIZE(hwsim_channels_2ghz)];
 484	struct ieee80211_channel channels_5ghz[ARRAY_SIZE(hwsim_channels_5ghz)];
 485	struct ieee80211_rate rates[ARRAY_SIZE(hwsim_rates)];
 486	struct ieee80211_iface_combination if_combination;
 487
 488	struct mac_address addresses[2];
 489	int channels, idx;
 490	bool use_chanctx;
 491	bool destroy_on_close;
 492	struct work_struct destroy_work;
 493	u32 portid;
 494	char alpha2[2];
 495	const struct ieee80211_regdomain *regd;
 496
 497	struct ieee80211_channel *tmp_chan;
 498	struct ieee80211_channel *roc_chan;
 499	u32 roc_duration;
 500	struct delayed_work roc_start;
 501	struct delayed_work roc_done;
 502	struct delayed_work hw_scan;
 503	struct cfg80211_scan_request *hw_scan_request;
 504	struct ieee80211_vif *hw_scan_vif;
 505	int scan_chan_idx;
 506	u8 scan_addr[ETH_ALEN];
 507
 508	struct ieee80211_channel *channel;
 509	u64 beacon_int	/* beacon interval in us */;
 510	unsigned int rx_filter;
 511	bool started, idle, scanning;
 512	struct mutex mutex;
 513	struct tasklet_hrtimer beacon_timer;
 514	enum ps_mode {
 515		PS_DISABLED, PS_ENABLED, PS_AUTO_POLL, PS_MANUAL_POLL
 516	} ps;
 517	bool ps_poll_pending;
 518	struct dentry *debugfs;
 519
 520	uintptr_t pending_cookie;
 521	struct sk_buff_head pending;	/* packets pending */
 522	/*
 523	 * Only radios in the same group can communicate together (the
 524	 * channel has to match too). Each bit represents a group. A
 525	 * radio can be in more than one group.
 526	 */
 527	u64 group;
 528
 529	int power_level;
 530
 531	/* difference between this hw's clock and the real clock, in usecs */
 532	s64 tsf_offset;
 533	s64 bcn_delta;
 534	/* absolute beacon transmission time. Used to cover up "tx" delay. */
 535	u64 abs_bcn_ts;
 536
 537	/* Stats */
 538	u64 tx_pkts;
 539	u64 rx_pkts;
 540	u64 tx_bytes;
 541	u64 rx_bytes;
 542	u64 tx_dropped;
 543	u64 tx_failed;
 544};
 545
 546
 547struct hwsim_radiotap_hdr {
 548	struct ieee80211_radiotap_header hdr;
 549	__le64 rt_tsft;
 550	u8 rt_flags;
 551	u8 rt_rate;
 552	__le16 rt_channel;
 553	__le16 rt_chbitmask;
 554} __packed;
 555
 556struct hwsim_radiotap_ack_hdr {
 557	struct ieee80211_radiotap_header hdr;
 558	u8 rt_flags;
 559	u8 pad;
 560	__le16 rt_channel;
 561	__le16 rt_chbitmask;
 562} __packed;
 563
 564/* MAC80211_HWSIM netlinf family */
 565static struct genl_family hwsim_genl_family = {
 566	.id = GENL_ID_GENERATE,
 567	.hdrsize = 0,
 568	.name = "MAC80211_HWSIM",
 569	.version = 1,
 570	.maxattr = HWSIM_ATTR_MAX,
 571};
 572
 573enum hwsim_multicast_groups {
 574	HWSIM_MCGRP_CONFIG,
 575};
 576
 577static const struct genl_multicast_group hwsim_mcgrps[] = {
 578	[HWSIM_MCGRP_CONFIG] = { .name = "config", },
 579};
 580
 581/* MAC80211_HWSIM netlink policy */
 582
 583static const struct nla_policy hwsim_genl_policy[HWSIM_ATTR_MAX + 1] = {
 584	[HWSIM_ATTR_ADDR_RECEIVER] = { .type = NLA_UNSPEC, .len = ETH_ALEN },
 585	[HWSIM_ATTR_ADDR_TRANSMITTER] = { .type = NLA_UNSPEC, .len = ETH_ALEN },
 586	[HWSIM_ATTR_FRAME] = { .type = NLA_BINARY,
 587			       .len = IEEE80211_MAX_DATA_LEN },
 588	[HWSIM_ATTR_FLAGS] = { .type = NLA_U32 },
 589	[HWSIM_ATTR_RX_RATE] = { .type = NLA_U32 },
 590	[HWSIM_ATTR_SIGNAL] = { .type = NLA_U32 },
 591	[HWSIM_ATTR_TX_INFO] = { .type = NLA_UNSPEC,
 592				 .len = IEEE80211_TX_MAX_RATES *
 593					sizeof(struct hwsim_tx_rate)},
 594	[HWSIM_ATTR_COOKIE] = { .type = NLA_U64 },
 595	[HWSIM_ATTR_CHANNELS] = { .type = NLA_U32 },
 596	[HWSIM_ATTR_RADIO_ID] = { .type = NLA_U32 },
 597	[HWSIM_ATTR_REG_HINT_ALPHA2] = { .type = NLA_STRING, .len = 2 },
 598	[HWSIM_ATTR_REG_CUSTOM_REG] = { .type = NLA_U32 },
 599	[HWSIM_ATTR_REG_STRICT_REG] = { .type = NLA_FLAG },
 600	[HWSIM_ATTR_SUPPORT_P2P_DEVICE] = { .type = NLA_FLAG },
 601	[HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE] = { .type = NLA_FLAG },
 602	[HWSIM_ATTR_RADIO_NAME] = { .type = NLA_STRING },
 603	[HWSIM_ATTR_NO_VIF] = { .type = NLA_FLAG },
 604	[HWSIM_ATTR_FREQ] = { .type = NLA_U32 },
 605};
 606
 607static void mac80211_hwsim_tx_frame(struct ieee80211_hw *hw,
 608				    struct sk_buff *skb,
 609				    struct ieee80211_channel *chan);
 610
 611/* sysfs attributes */
 612static void hwsim_send_ps_poll(void *dat, u8 *mac, struct ieee80211_vif *vif)
 613{
 614	struct mac80211_hwsim_data *data = dat;
 615	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
 616	struct sk_buff *skb;
 617	struct ieee80211_pspoll *pspoll;
 618
 619	if (!vp->assoc)
 620		return;
 621
 622	wiphy_debug(data->hw->wiphy,
 623		    "%s: send PS-Poll to %pM for aid %d\n",
 624		    __func__, vp->bssid, vp->aid);
 625
 626	skb = dev_alloc_skb(sizeof(*pspoll));
 627	if (!skb)
 628		return;
 629	pspoll = (void *) skb_put(skb, sizeof(*pspoll));
 630	pspoll->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
 631					    IEEE80211_STYPE_PSPOLL |
 632					    IEEE80211_FCTL_PM);
 633	pspoll->aid = cpu_to_le16(0xc000 | vp->aid);
 634	memcpy(pspoll->bssid, vp->bssid, ETH_ALEN);
 635	memcpy(pspoll->ta, mac, ETH_ALEN);
 636
 637	rcu_read_lock();
 638	mac80211_hwsim_tx_frame(data->hw, skb,
 639				rcu_dereference(vif->chanctx_conf)->def.chan);
 640	rcu_read_unlock();
 641}
 642
 643static void hwsim_send_nullfunc(struct mac80211_hwsim_data *data, u8 *mac,
 644				struct ieee80211_vif *vif, int ps)
 645{
 646	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
 647	struct sk_buff *skb;
 648	struct ieee80211_hdr *hdr;
 649
 650	if (!vp->assoc)
 651		return;
 652
 653	wiphy_debug(data->hw->wiphy,
 654		    "%s: send data::nullfunc to %pM ps=%d\n",
 655		    __func__, vp->bssid, ps);
 656
 657	skb = dev_alloc_skb(sizeof(*hdr));
 658	if (!skb)
 659		return;
 660	hdr = (void *) skb_put(skb, sizeof(*hdr) - ETH_ALEN);
 661	hdr->frame_control = cpu_to_le16(IEEE80211_FTYPE_DATA |
 662					 IEEE80211_STYPE_NULLFUNC |
 663					 (ps ? IEEE80211_FCTL_PM : 0));
 664	hdr->duration_id = cpu_to_le16(0);
 665	memcpy(hdr->addr1, vp->bssid, ETH_ALEN);
 666	memcpy(hdr->addr2, mac, ETH_ALEN);
 667	memcpy(hdr->addr3, vp->bssid, ETH_ALEN);
 668
 669	rcu_read_lock();
 670	mac80211_hwsim_tx_frame(data->hw, skb,
 671				rcu_dereference(vif->chanctx_conf)->def.chan);
 672	rcu_read_unlock();
 673}
 674
 675
 676static void hwsim_send_nullfunc_ps(void *dat, u8 *mac,
 677				   struct ieee80211_vif *vif)
 678{
 679	struct mac80211_hwsim_data *data = dat;
 680	hwsim_send_nullfunc(data, mac, vif, 1);
 681}
 682
 683static void hwsim_send_nullfunc_no_ps(void *dat, u8 *mac,
 684				      struct ieee80211_vif *vif)
 685{
 686	struct mac80211_hwsim_data *data = dat;
 687	hwsim_send_nullfunc(data, mac, vif, 0);
 688}
 689
 690static int hwsim_fops_ps_read(void *dat, u64 *val)
 691{
 692	struct mac80211_hwsim_data *data = dat;
 693	*val = data->ps;
 694	return 0;
 695}
 696
 697static int hwsim_fops_ps_write(void *dat, u64 val)
 698{
 699	struct mac80211_hwsim_data *data = dat;
 700	enum ps_mode old_ps;
 701
 702	if (val != PS_DISABLED && val != PS_ENABLED && val != PS_AUTO_POLL &&
 703	    val != PS_MANUAL_POLL)
 704		return -EINVAL;
 705
 706	old_ps = data->ps;
 707	data->ps = val;
 708
 709	local_bh_disable();
 710	if (val == PS_MANUAL_POLL) {
 711		ieee80211_iterate_active_interfaces_atomic(
 712			data->hw, IEEE80211_IFACE_ITER_NORMAL,
 713			hwsim_send_ps_poll, data);
 714		data->ps_poll_pending = true;
 715	} else if (old_ps == PS_DISABLED && val != PS_DISABLED) {
 716		ieee80211_iterate_active_interfaces_atomic(
 717			data->hw, IEEE80211_IFACE_ITER_NORMAL,
 718			hwsim_send_nullfunc_ps, data);
 719	} else if (old_ps != PS_DISABLED && val == PS_DISABLED) {
 720		ieee80211_iterate_active_interfaces_atomic(
 721			data->hw, IEEE80211_IFACE_ITER_NORMAL,
 722			hwsim_send_nullfunc_no_ps, data);
 723	}
 724	local_bh_enable();
 725
 726	return 0;
 727}
 728
 729DEFINE_SIMPLE_ATTRIBUTE(hwsim_fops_ps, hwsim_fops_ps_read, hwsim_fops_ps_write,
 730			"%llu\n");
 731
 732static int hwsim_write_simulate_radar(void *dat, u64 val)
 733{
 734	struct mac80211_hwsim_data *data = dat;
 735
 736	ieee80211_radar_detected(data->hw);
 737
 738	return 0;
 739}
 740
 741DEFINE_SIMPLE_ATTRIBUTE(hwsim_simulate_radar, NULL,
 742			hwsim_write_simulate_radar, "%llu\n");
 743
 744static int hwsim_fops_group_read(void *dat, u64 *val)
 745{
 746	struct mac80211_hwsim_data *data = dat;
 747	*val = data->group;
 748	return 0;
 749}
 750
 751static int hwsim_fops_group_write(void *dat, u64 val)
 752{
 753	struct mac80211_hwsim_data *data = dat;
 754	data->group = val;
 755	return 0;
 756}
 757
 758DEFINE_SIMPLE_ATTRIBUTE(hwsim_fops_group,
 759			hwsim_fops_group_read, hwsim_fops_group_write,
 760			"%llx\n");
 761
 762static netdev_tx_t hwsim_mon_xmit(struct sk_buff *skb,
 763					struct net_device *dev)
 764{
 765	/* TODO: allow packet injection */
 766	dev_kfree_skb(skb);
 767	return NETDEV_TX_OK;
 768}
 769
 770static inline u64 mac80211_hwsim_get_tsf_raw(void)
 771{
 772	return ktime_to_us(ktime_get_real());
 773}
 774
 775static __le64 __mac80211_hwsim_get_tsf(struct mac80211_hwsim_data *data)
 776{
 777	u64 now = mac80211_hwsim_get_tsf_raw();
 778	return cpu_to_le64(now + data->tsf_offset);
 779}
 780
 781static u64 mac80211_hwsim_get_tsf(struct ieee80211_hw *hw,
 782				  struct ieee80211_vif *vif)
 783{
 784	struct mac80211_hwsim_data *data = hw->priv;
 785	return le64_to_cpu(__mac80211_hwsim_get_tsf(data));
 786}
 787
 788static void mac80211_hwsim_set_tsf(struct ieee80211_hw *hw,
 789		struct ieee80211_vif *vif, u64 tsf)
 790{
 791	struct mac80211_hwsim_data *data = hw->priv;
 792	u64 now = mac80211_hwsim_get_tsf(hw, vif);
 793	u32 bcn_int = data->beacon_int;
 794	u64 delta = abs(tsf - now);
 795
 796	/* adjust after beaconing with new timestamp at old TBTT */
 797	if (tsf > now) {
 798		data->tsf_offset += delta;
 799		data->bcn_delta = do_div(delta, bcn_int);
 800	} else {
 801		data->tsf_offset -= delta;
 802		data->bcn_delta = -do_div(delta, bcn_int);
 803	}
 804}
 805
 806static void mac80211_hwsim_monitor_rx(struct ieee80211_hw *hw,
 807				      struct sk_buff *tx_skb,
 808				      struct ieee80211_channel *chan)
 809{
 810	struct mac80211_hwsim_data *data = hw->priv;
 811	struct sk_buff *skb;
 812	struct hwsim_radiotap_hdr *hdr;
 813	u16 flags;
 814	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(tx_skb);
 815	struct ieee80211_rate *txrate = ieee80211_get_tx_rate(hw, info);
 816
 817	if (WARN_ON(!txrate))
 818		return;
 819
 820	if (!netif_running(hwsim_mon))
 821		return;
 822
 823	skb = skb_copy_expand(tx_skb, sizeof(*hdr), 0, GFP_ATOMIC);
 824	if (skb == NULL)
 825		return;
 826
 827	hdr = (struct hwsim_radiotap_hdr *) skb_push(skb, sizeof(*hdr));
 828	hdr->hdr.it_version = PKTHDR_RADIOTAP_VERSION;
 829	hdr->hdr.it_pad = 0;
 830	hdr->hdr.it_len = cpu_to_le16(sizeof(*hdr));
 831	hdr->hdr.it_present = cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
 832					  (1 << IEEE80211_RADIOTAP_RATE) |
 833					  (1 << IEEE80211_RADIOTAP_TSFT) |
 834					  (1 << IEEE80211_RADIOTAP_CHANNEL));
 835	hdr->rt_tsft = __mac80211_hwsim_get_tsf(data);
 836	hdr->rt_flags = 0;
 837	hdr->rt_rate = txrate->bitrate / 5;
 838	hdr->rt_channel = cpu_to_le16(chan->center_freq);
 839	flags = IEEE80211_CHAN_2GHZ;
 840	if (txrate->flags & IEEE80211_RATE_ERP_G)
 841		flags |= IEEE80211_CHAN_OFDM;
 842	else
 843		flags |= IEEE80211_CHAN_CCK;
 844	hdr->rt_chbitmask = cpu_to_le16(flags);
 845
 846	skb->dev = hwsim_mon;
 847	skb_reset_mac_header(skb);
 848	skb->ip_summed = CHECKSUM_UNNECESSARY;
 849	skb->pkt_type = PACKET_OTHERHOST;
 850	skb->protocol = htons(ETH_P_802_2);
 851	memset(skb->cb, 0, sizeof(skb->cb));
 852	netif_rx(skb);
 853}
 854
 855
 856static void mac80211_hwsim_monitor_ack(struct ieee80211_channel *chan,
 857				       const u8 *addr)
 858{
 859	struct sk_buff *skb;
 860	struct hwsim_radiotap_ack_hdr *hdr;
 861	u16 flags;
 862	struct ieee80211_hdr *hdr11;
 863
 864	if (!netif_running(hwsim_mon))
 865		return;
 866
 867	skb = dev_alloc_skb(100);
 868	if (skb == NULL)
 869		return;
 870
 871	hdr = (struct hwsim_radiotap_ack_hdr *) skb_put(skb, sizeof(*hdr));
 872	hdr->hdr.it_version = PKTHDR_RADIOTAP_VERSION;
 873	hdr->hdr.it_pad = 0;
 874	hdr->hdr.it_len = cpu_to_le16(sizeof(*hdr));
 875	hdr->hdr.it_present = cpu_to_le32((1 << IEEE80211_RADIOTAP_FLAGS) |
 876					  (1 << IEEE80211_RADIOTAP_CHANNEL));
 877	hdr->rt_flags = 0;
 878	hdr->pad = 0;
 879	hdr->rt_channel = cpu_to_le16(chan->center_freq);
 880	flags = IEEE80211_CHAN_2GHZ;
 881	hdr->rt_chbitmask = cpu_to_le16(flags);
 882
 883	hdr11 = (struct ieee80211_hdr *) skb_put(skb, 10);
 884	hdr11->frame_control = cpu_to_le16(IEEE80211_FTYPE_CTL |
 885					   IEEE80211_STYPE_ACK);
 886	hdr11->duration_id = cpu_to_le16(0);
 887	memcpy(hdr11->addr1, addr, ETH_ALEN);
 888
 889	skb->dev = hwsim_mon;
 890	skb_reset_mac_header(skb);
 891	skb->ip_summed = CHECKSUM_UNNECESSARY;
 892	skb->pkt_type = PACKET_OTHERHOST;
 893	skb->protocol = htons(ETH_P_802_2);
 894	memset(skb->cb, 0, sizeof(skb->cb));
 895	netif_rx(skb);
 896}
 897
 898struct mac80211_hwsim_addr_match_data {
 899	u8 addr[ETH_ALEN];
 900	bool ret;
 901};
 902
 903static void mac80211_hwsim_addr_iter(void *data, u8 *mac,
 904				     struct ieee80211_vif *vif)
 905{
 906	struct mac80211_hwsim_addr_match_data *md = data;
 907
 908	if (memcmp(mac, md->addr, ETH_ALEN) == 0)
 909		md->ret = true;
 910}
 911
 912static bool mac80211_hwsim_addr_match(struct mac80211_hwsim_data *data,
 913				      const u8 *addr)
 914{
 915	struct mac80211_hwsim_addr_match_data md = {
 916		.ret = false,
 917	};
 918
 919	if (data->scanning && memcmp(addr, data->scan_addr, ETH_ALEN) == 0)
 920		return true;
 921
 922	memcpy(md.addr, addr, ETH_ALEN);
 923
 924	ieee80211_iterate_active_interfaces_atomic(data->hw,
 925						   IEEE80211_IFACE_ITER_NORMAL,
 926						   mac80211_hwsim_addr_iter,
 927						   &md);
 928
 929	return md.ret;
 930}
 931
 932static bool hwsim_ps_rx_ok(struct mac80211_hwsim_data *data,
 933			   struct sk_buff *skb)
 934{
 935	switch (data->ps) {
 936	case PS_DISABLED:
 937		return true;
 938	case PS_ENABLED:
 939		return false;
 940	case PS_AUTO_POLL:
 941		/* TODO: accept (some) Beacons by default and other frames only
 942		 * if pending PS-Poll has been sent */
 943		return true;
 944	case PS_MANUAL_POLL:
 945		/* Allow unicast frames to own address if there is a pending
 946		 * PS-Poll */
 947		if (data->ps_poll_pending &&
 948		    mac80211_hwsim_addr_match(data, skb->data + 4)) {
 949			data->ps_poll_pending = false;
 950			return true;
 951		}
 952		return false;
 953	}
 954
 955	return true;
 956}
 957
 958static void mac80211_hwsim_tx_frame_nl(struct ieee80211_hw *hw,
 959				       struct sk_buff *my_skb,
 960				       int dst_portid)
 961{
 962	struct sk_buff *skb;
 963	struct mac80211_hwsim_data *data = hw->priv;
 964	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) my_skb->data;
 965	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(my_skb);
 966	void *msg_head;
 967	unsigned int hwsim_flags = 0;
 968	int i;
 969	struct hwsim_tx_rate tx_attempts[IEEE80211_TX_MAX_RATES];
 970	uintptr_t cookie;
 971
 972	if (data->ps != PS_DISABLED)
 973		hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
 974	/* If the queue contains MAX_QUEUE skb's drop some */
 975	if (skb_queue_len(&data->pending) >= MAX_QUEUE) {
 976		/* Droping until WARN_QUEUE level */
 977		while (skb_queue_len(&data->pending) >= WARN_QUEUE) {
 978			ieee80211_free_txskb(hw, skb_dequeue(&data->pending));
 979			data->tx_dropped++;
 980		}
 981	}
 982
 983	skb = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_ATOMIC);
 984	if (skb == NULL)
 985		goto nla_put_failure;
 986
 987	msg_head = genlmsg_put(skb, 0, 0, &hwsim_genl_family, 0,
 988			       HWSIM_CMD_FRAME);
 989	if (msg_head == NULL) {
 990		printk(KERN_DEBUG "mac80211_hwsim: problem with msg_head\n");
 991		goto nla_put_failure;
 992	}
 993
 994	if (nla_put(skb, HWSIM_ATTR_ADDR_TRANSMITTER,
 995		    ETH_ALEN, data->addresses[1].addr))
 996		goto nla_put_failure;
 997
 998	/* We get the skb->data */
 999	if (nla_put(skb, HWSIM_ATTR_FRAME, my_skb->len, my_skb->data))
1000		goto nla_put_failure;
1001
1002	/* We get the flags for this transmission, and we translate them to
1003	   wmediumd flags  */
1004
1005	if (info->flags & IEEE80211_TX_CTL_REQ_TX_STATUS)
1006		hwsim_flags |= HWSIM_TX_CTL_REQ_TX_STATUS;
1007
1008	if (info->flags & IEEE80211_TX_CTL_NO_ACK)
1009		hwsim_flags |= HWSIM_TX_CTL_NO_ACK;
1010
1011	if (nla_put_u32(skb, HWSIM_ATTR_FLAGS, hwsim_flags))
1012		goto nla_put_failure;
1013
1014	if (nla_put_u32(skb, HWSIM_ATTR_FREQ, data->channel->center_freq))
1015		goto nla_put_failure;
1016
1017	/* We get the tx control (rate and retries) info*/
1018
1019	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
1020		tx_attempts[i].idx = info->status.rates[i].idx;
1021		tx_attempts[i].count = info->status.rates[i].count;
1022	}
1023
1024	if (nla_put(skb, HWSIM_ATTR_TX_INFO,
1025		    sizeof(struct hwsim_tx_rate)*IEEE80211_TX_MAX_RATES,
1026		    tx_attempts))
1027		goto nla_put_failure;
1028
1029	/* We create a cookie to identify this skb */
1030	data->pending_cookie++;
1031	cookie = data->pending_cookie;
1032	info->rate_driver_data[0] = (void *)cookie;
1033	if (nla_put_u64_64bit(skb, HWSIM_ATTR_COOKIE, cookie, HWSIM_ATTR_PAD))
1034		goto nla_put_failure;
1035
1036	genlmsg_end(skb, msg_head);
1037	if (genlmsg_unicast(&init_net, skb, dst_portid))
1038		goto err_free_txskb;
1039
1040	/* Enqueue the packet */
1041	skb_queue_tail(&data->pending, my_skb);
1042	data->tx_pkts++;
1043	data->tx_bytes += my_skb->len;
1044	return;
1045
1046nla_put_failure:
1047	nlmsg_free(skb);
1048err_free_txskb:
1049	printk(KERN_DEBUG "mac80211_hwsim: error occurred in %s\n", __func__);
1050	ieee80211_free_txskb(hw, my_skb);
1051	data->tx_failed++;
1052}
1053
1054static bool hwsim_chans_compat(struct ieee80211_channel *c1,
1055			       struct ieee80211_channel *c2)
1056{
1057	if (!c1 || !c2)
1058		return false;
1059
1060	return c1->center_freq == c2->center_freq;
1061}
1062
1063struct tx_iter_data {
1064	struct ieee80211_channel *channel;
1065	bool receive;
1066};
1067
1068static void mac80211_hwsim_tx_iter(void *_data, u8 *addr,
1069				   struct ieee80211_vif *vif)
1070{
1071	struct tx_iter_data *data = _data;
1072
1073	if (!vif->chanctx_conf)
1074		return;
1075
1076	if (!hwsim_chans_compat(data->channel,
1077				rcu_dereference(vif->chanctx_conf)->def.chan))
1078		return;
1079
1080	data->receive = true;
1081}
1082
1083static void mac80211_hwsim_add_vendor_rtap(struct sk_buff *skb)
1084{
1085	/*
1086	 * To enable this code, #define the HWSIM_RADIOTAP_OUI,
1087	 * e.g. like this:
1088	 * #define HWSIM_RADIOTAP_OUI "\x02\x00\x00"
1089	 * (but you should use a valid OUI, not that)
1090	 *
1091	 * If anyone wants to 'donate' a radiotap OUI/subns code
1092	 * please send a patch removing this #ifdef and changing
1093	 * the values accordingly.
1094	 */
1095#ifdef HWSIM_RADIOTAP_OUI
1096	struct ieee80211_vendor_radiotap *rtap;
1097
1098	/*
1099	 * Note that this code requires the headroom in the SKB
1100	 * that was allocated earlier.
1101	 */
1102	rtap = (void *)skb_push(skb, sizeof(*rtap) + 8 + 4);
1103	rtap->oui[0] = HWSIM_RADIOTAP_OUI[0];
1104	rtap->oui[1] = HWSIM_RADIOTAP_OUI[1];
1105	rtap->oui[2] = HWSIM_RADIOTAP_OUI[2];
1106	rtap->subns = 127;
1107
1108	/*
1109	 * Radiotap vendor namespaces can (and should) also be
1110	 * split into fields by using the standard radiotap
1111	 * presence bitmap mechanism. Use just BIT(0) here for
1112	 * the presence bitmap.
1113	 */
1114	rtap->present = BIT(0);
1115	/* We have 8 bytes of (dummy) data */
1116	rtap->len = 8;
1117	/* For testing, also require it to be aligned */
1118	rtap->align = 8;
1119	/* And also test that padding works, 4 bytes */
1120	rtap->pad = 4;
1121	/* push the data */
1122	memcpy(rtap->data, "ABCDEFGH", 8);
1123	/* make sure to clear padding, mac80211 doesn't */
1124	memset(rtap->data + 8, 0, 4);
1125
1126	IEEE80211_SKB_RXCB(skb)->flag |= RX_FLAG_RADIOTAP_VENDOR_DATA;
1127#endif
1128}
1129
1130static bool mac80211_hwsim_tx_frame_no_nl(struct ieee80211_hw *hw,
1131					  struct sk_buff *skb,
1132					  struct ieee80211_channel *chan)
1133{
1134	struct mac80211_hwsim_data *data = hw->priv, *data2;
1135	bool ack = false;
1136	struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
1137	struct ieee80211_tx_info *info = IEEE80211_SKB_CB(skb);
1138	struct ieee80211_rx_status rx_status;
1139	u64 now;
1140
1141	memset(&rx_status, 0, sizeof(rx_status));
1142	rx_status.flag |= RX_FLAG_MACTIME_START;
1143	rx_status.freq = chan->center_freq;
1144	rx_status.band = chan->band;
1145	if (info->control.rates[0].flags & IEEE80211_TX_RC_VHT_MCS) {
1146		rx_status.rate_idx =
1147			ieee80211_rate_get_vht_mcs(&info->control.rates[0]);
1148		rx_status.vht_nss =
1149			ieee80211_rate_get_vht_nss(&info->control.rates[0]);
1150		rx_status.flag |= RX_FLAG_VHT;
1151	} else {
1152		rx_status.rate_idx = info->control.rates[0].idx;
1153		if (info->control.rates[0].flags & IEEE80211_TX_RC_MCS)
1154			rx_status.flag |= RX_FLAG_HT;
1155	}
1156	if (info->control.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH)
1157		rx_status.flag |= RX_FLAG_40MHZ;
1158	if (info->control.rates[0].flags & IEEE80211_TX_RC_SHORT_GI)
1159		rx_status.flag |= RX_FLAG_SHORT_GI;
1160	/* TODO: simulate real signal strength (and optional packet loss) */
1161	rx_status.signal = data->power_level - 50;
1162
1163	if (data->ps != PS_DISABLED)
1164		hdr->frame_control |= cpu_to_le16(IEEE80211_FCTL_PM);
1165
1166	/* release the skb's source info */
1167	skb_orphan(skb);
1168	skb_dst_drop(skb);
1169	skb->mark = 0;
1170	secpath_reset(skb);
1171	nf_reset(skb);
1172
1173	/*
1174	 * Get absolute mactime here so all HWs RX at the "same time", and
1175	 * absolute TX time for beacon mactime so the timestamp matches.
1176	 * Giving beacons a different mactime than non-beacons looks messy, but
1177	 * it helps the Toffset be exact and a ~10us mactime discrepancy
1178	 * probably doesn't really matter.
1179	 */
1180	if (ieee80211_is_beacon(hdr->frame_control) ||
1181	    ieee80211_is_probe_resp(hdr->frame_control))
1182		now = data->abs_bcn_ts;
1183	else
1184		now = mac80211_hwsim_get_tsf_raw();
1185
1186	/* Copy skb to all enabled radios that are on the current frequency */
1187	spin_lock(&hwsim_radio_lock);
1188	list_for_each_entry(data2, &hwsim_radios, list) {
1189		struct sk_buff *nskb;
1190		struct tx_iter_data tx_iter_data = {
1191			.receive = false,
1192			.channel = chan,
1193		};
1194
1195		if (data == data2)
1196			continue;
1197
1198		if (!data2->started || (data2->idle && !data2->tmp_chan) ||
1199		    !hwsim_ps_rx_ok(data2, skb))
1200			continue;
1201
1202		if (!(data->group & data2->group))
1203			continue;
1204
1205		if (!hwsim_chans_compat(chan, data2->tmp_chan) &&
1206		    !hwsim_chans_compat(chan, data2->channel)) {
1207			ieee80211_iterate_active_interfaces_atomic(
1208				data2->hw, IEEE80211_IFACE_ITER_NORMAL,
1209				mac80211_hwsim_tx_iter, &tx_iter_data);
1210			if (!tx_iter_data.receive)
1211				continue;
1212		}
1213
1214		/*
1215		 * reserve some space for our vendor and the normal
1216		 * radiotap header, since we're copying anyway
1217		 */
1218		if (skb->len < PAGE_SIZE && paged_rx) {
1219			struct page *page = alloc_page(GFP_ATOMIC);
1220
1221			if (!page)
1222				continue;
1223
1224			nskb = dev_alloc_skb(128);
1225			if (!nskb) {
1226				__free_page(page);
1227				continue;
1228			}
1229
1230			memcpy(page_address(page), skb->data, skb->len);
1231			skb_add_rx_frag(nskb, 0, page, 0, skb->len, skb->len);
1232		} else {
1233			nskb = skb_copy(skb, GFP_ATOMIC);
1234			if (!nskb)
1235				continue;
1236		}
1237
1238		if (mac80211_hwsim_addr_match(data2, hdr->addr1))
1239			ack = true;
1240
1241		rx_status.mactime = now + data2->tsf_offset;
1242
1243		memcpy(IEEE80211_SKB_RXCB(nskb), &rx_status, sizeof(rx_status));
1244
1245		mac80211_hwsim_add_vendor_rtap(nskb);
1246
1247		data2->rx_pkts++;
1248		data2->rx_bytes += nskb->len;
1249		ieee80211_rx_irqsafe(data2->hw, nskb);
1250	}
1251	spin_unlock(&hwsim_radio_lock);
1252
1253	return ack;
1254}
1255
1256static void mac80211_hwsim_tx(struct ieee80211_hw *hw,
1257			      struct ieee80211_tx_control *control,
1258			      struct sk_buff *skb)
1259{
1260	struct mac80211_hwsim_data *data = hw->priv;
1261	struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
1262	struct ieee80211_hdr *hdr = (void *)skb->data;
1263	struct ieee80211_chanctx_conf *chanctx_conf;
1264	struct ieee80211_channel *channel;
1265	bool ack;
1266	u32 _portid;
1267
1268	if (WARN_ON(skb->len < 10)) {
1269		/* Should not happen; just a sanity check for addr1 use */
1270		ieee80211_free_txskb(hw, skb);
1271		return;
1272	}
1273
1274	if (!data->use_chanctx) {
1275		channel = data->channel;
1276	} else if (txi->hw_queue == 4) {
1277		channel = data->tmp_chan;
1278	} else {
1279		chanctx_conf = rcu_dereference(txi->control.vif->chanctx_conf);
1280		if (chanctx_conf)
1281			channel = chanctx_conf->def.chan;
1282		else
1283			channel = NULL;
1284	}
1285
1286	if (WARN(!channel, "TX w/o channel - queue = %d\n", txi->hw_queue)) {
1287		ieee80211_free_txskb(hw, skb);
1288		return;
1289	}
1290
1291	if (data->idle && !data->tmp_chan) {
1292		wiphy_debug(hw->wiphy, "Trying to TX when idle - reject\n");
1293		ieee80211_free_txskb(hw, skb);
1294		return;
1295	}
1296
1297	if (txi->control.vif)
1298		hwsim_check_magic(txi->control.vif);
1299	if (control->sta)
1300		hwsim_check_sta_magic(control->sta);
1301
1302	if (ieee80211_hw_check(hw, SUPPORTS_RC_TABLE))
1303		ieee80211_get_tx_rates(txi->control.vif, control->sta, skb,
1304				       txi->control.rates,
1305				       ARRAY_SIZE(txi->control.rates));
1306
1307	txi->rate_driver_data[0] = channel;
1308
1309	if (skb->len >= 24 + 8 &&
1310	    ieee80211_is_probe_resp(hdr->frame_control)) {
1311		/* fake header transmission time */
1312		struct ieee80211_mgmt *mgmt;
1313		struct ieee80211_rate *txrate;
1314		u64 ts;
1315
1316		mgmt = (struct ieee80211_mgmt *)skb->data;
1317		txrate = ieee80211_get_tx_rate(hw, txi);
1318		ts = mac80211_hwsim_get_tsf_raw();
1319		mgmt->u.probe_resp.timestamp =
1320			cpu_to_le64(ts + data->tsf_offset +
1321				    24 * 8 * 10 / txrate->bitrate);
1322	}
1323
1324	mac80211_hwsim_monitor_rx(hw, skb, channel);
1325
1326	/* wmediumd mode check */
1327	_portid = ACCESS_ONCE(wmediumd_portid);
1328
1329	if (_portid)
1330		return mac80211_hwsim_tx_frame_nl(hw, skb, _portid);
1331
1332	/* NO wmediumd detected, perfect medium simulation */
1333	data->tx_pkts++;
1334	data->tx_bytes += skb->len;
1335	ack = mac80211_hwsim_tx_frame_no_nl(hw, skb, channel);
1336
1337	if (ack && skb->len >= 16)
1338		mac80211_hwsim_monitor_ack(channel, hdr->addr2);
1339
1340	ieee80211_tx_info_clear_status(txi);
1341
1342	/* frame was transmitted at most favorable rate at first attempt */
1343	txi->control.rates[0].count = 1;
1344	txi->control.rates[1].idx = -1;
1345
1346	if (!(txi->flags & IEEE80211_TX_CTL_NO_ACK) && ack)
1347		txi->flags |= IEEE80211_TX_STAT_ACK;
1348	ieee80211_tx_status_irqsafe(hw, skb);
1349}
1350
1351
1352static int mac80211_hwsim_start(struct ieee80211_hw *hw)
1353{
1354	struct mac80211_hwsim_data *data = hw->priv;
1355	wiphy_debug(hw->wiphy, "%s\n", __func__);
1356	data->started = true;
1357	return 0;
1358}
1359
1360
1361static void mac80211_hwsim_stop(struct ieee80211_hw *hw)
1362{
1363	struct mac80211_hwsim_data *data = hw->priv;
1364	data->started = false;
1365	tasklet_hrtimer_cancel(&data->beacon_timer);
1366	wiphy_debug(hw->wiphy, "%s\n", __func__);
1367}
1368
1369
1370static int mac80211_hwsim_add_interface(struct ieee80211_hw *hw,
1371					struct ieee80211_vif *vif)
1372{
1373	wiphy_debug(hw->wiphy, "%s (type=%d mac_addr=%pM)\n",
1374		    __func__, ieee80211_vif_type_p2p(vif),
1375		    vif->addr);
1376	hwsim_set_magic(vif);
1377
1378	vif->cab_queue = 0;
1379	vif->hw_queue[IEEE80211_AC_VO] = 0;
1380	vif->hw_queue[IEEE80211_AC_VI] = 1;
1381	vif->hw_queue[IEEE80211_AC_BE] = 2;
1382	vif->hw_queue[IEEE80211_AC_BK] = 3;
1383
1384	return 0;
1385}
1386
1387
1388static int mac80211_hwsim_change_interface(struct ieee80211_hw *hw,
1389					   struct ieee80211_vif *vif,
1390					   enum nl80211_iftype newtype,
1391					   bool newp2p)
1392{
1393	newtype = ieee80211_iftype_p2p(newtype, newp2p);
1394	wiphy_debug(hw->wiphy,
1395		    "%s (old type=%d, new type=%d, mac_addr=%pM)\n",
1396		    __func__, ieee80211_vif_type_p2p(vif),
1397		    newtype, vif->addr);
1398	hwsim_check_magic(vif);
1399
1400	/*
1401	 * interface may change from non-AP to AP in
1402	 * which case this needs to be set up again
1403	 */
1404	vif->cab_queue = 0;
1405
1406	return 0;
1407}
1408
1409static void mac80211_hwsim_remove_interface(
1410	struct ieee80211_hw *hw, struct ieee80211_vif *vif)
1411{
1412	wiphy_debug(hw->wiphy, "%s (type=%d mac_addr=%pM)\n",
1413		    __func__, ieee80211_vif_type_p2p(vif),
1414		    vif->addr);
1415	hwsim_check_magic(vif);
1416	hwsim_clear_magic(vif);
1417}
1418
1419static void mac80211_hwsim_tx_frame(struct ieee80211_hw *hw,
1420				    struct sk_buff *skb,
1421				    struct ieee80211_channel *chan)
1422{
1423	u32 _pid = ACCESS_ONCE(wmediumd_portid);
1424
1425	if (ieee80211_hw_check(hw, SUPPORTS_RC_TABLE)) {
1426		struct ieee80211_tx_info *txi = IEEE80211_SKB_CB(skb);
1427		ieee80211_get_tx_rates(txi->control.vif, NULL, skb,
1428				       txi->control.rates,
1429				       ARRAY_SIZE(txi->control.rates));
1430	}
1431
1432	mac80211_hwsim_monitor_rx(hw, skb, chan);
1433
1434	if (_pid)
1435		return mac80211_hwsim_tx_frame_nl(hw, skb, _pid);
1436
1437	mac80211_hwsim_tx_frame_no_nl(hw, skb, chan);
1438	dev_kfree_skb(skb);
1439}
1440
1441static void mac80211_hwsim_beacon_tx(void *arg, u8 *mac,
1442				     struct ieee80211_vif *vif)
1443{
1444	struct mac80211_hwsim_data *data = arg;
1445	struct ieee80211_hw *hw = data->hw;
1446	struct ieee80211_tx_info *info;
1447	struct ieee80211_rate *txrate;
1448	struct ieee80211_mgmt *mgmt;
1449	struct sk_buff *skb;
1450
1451	hwsim_check_magic(vif);
1452
1453	if (vif->type != NL80211_IFTYPE_AP &&
1454	    vif->type != NL80211_IFTYPE_MESH_POINT &&
1455	    vif->type != NL80211_IFTYPE_ADHOC)
1456		return;
1457
1458	skb = ieee80211_beacon_get(hw, vif);
1459	if (skb == NULL)
1460		return;
1461	info = IEEE80211_SKB_CB(skb);
1462	if (ieee80211_hw_check(hw, SUPPORTS_RC_TABLE))
1463		ieee80211_get_tx_rates(vif, NULL, skb,
1464				       info->control.rates,
1465				       ARRAY_SIZE(info->control.rates));
1466
1467	txrate = ieee80211_get_tx_rate(hw, info);
1468
1469	mgmt = (struct ieee80211_mgmt *) skb->data;
1470	/* fake header transmission time */
1471	data->abs_bcn_ts = mac80211_hwsim_get_tsf_raw();
1472	mgmt->u.beacon.timestamp = cpu_to_le64(data->abs_bcn_ts +
1473					       data->tsf_offset +
1474					       24 * 8 * 10 / txrate->bitrate);
1475
1476	mac80211_hwsim_tx_frame(hw, skb,
1477				rcu_dereference(vif->chanctx_conf)->def.chan);
1478
1479	if (vif->csa_active && ieee80211_csa_is_complete(vif))
1480		ieee80211_csa_finish(vif);
1481}
1482
1483static enum hrtimer_restart
1484mac80211_hwsim_beacon(struct hrtimer *timer)
1485{
1486	struct mac80211_hwsim_data *data =
1487		container_of(timer, struct mac80211_hwsim_data,
1488			     beacon_timer.timer);
1489	struct ieee80211_hw *hw = data->hw;
1490	u64 bcn_int = data->beacon_int;
1491	ktime_t next_bcn;
1492
1493	if (!data->started)
1494		goto out;
1495
1496	ieee80211_iterate_active_interfaces_atomic(
1497		hw, IEEE80211_IFACE_ITER_NORMAL,
1498		mac80211_hwsim_beacon_tx, data);
1499
1500	/* beacon at new TBTT + beacon interval */
1501	if (data->bcn_delta) {
1502		bcn_int -= data->bcn_delta;
1503		data->bcn_delta = 0;
1504	}
1505
1506	next_bcn = ktime_add(hrtimer_get_expires(timer),
1507			     ns_to_ktime(bcn_int * 1000));
1508	tasklet_hrtimer_start(&data->beacon_timer, next_bcn, HRTIMER_MODE_ABS);
1509out:
1510	return HRTIMER_NORESTART;
1511}
1512
1513static const char * const hwsim_chanwidths[] = {
1514	[NL80211_CHAN_WIDTH_20_NOHT] = "noht",
1515	[NL80211_CHAN_WIDTH_20] = "ht20",
1516	[NL80211_CHAN_WIDTH_40] = "ht40",
1517	[NL80211_CHAN_WIDTH_80] = "vht80",
1518	[NL80211_CHAN_WIDTH_80P80] = "vht80p80",
1519	[NL80211_CHAN_WIDTH_160] = "vht160",
1520};
1521
1522static int mac80211_hwsim_config(struct ieee80211_hw *hw, u32 changed)
1523{
1524	struct mac80211_hwsim_data *data = hw->priv;
1525	struct ieee80211_conf *conf = &hw->conf;
1526	static const char *smps_modes[IEEE80211_SMPS_NUM_MODES] = {
1527		[IEEE80211_SMPS_AUTOMATIC] = "auto",
1528		[IEEE80211_SMPS_OFF] = "off",
1529		[IEEE80211_SMPS_STATIC] = "static",
1530		[IEEE80211_SMPS_DYNAMIC] = "dynamic",
1531	};
1532
1533	if (conf->chandef.chan)
1534		wiphy_debug(hw->wiphy,
1535			    "%s (freq=%d(%d - %d)/%s idle=%d ps=%d smps=%s)\n",
1536			    __func__,
1537			    conf->chandef.chan->center_freq,
1538			    conf->chandef.center_freq1,
1539			    conf->chandef.center_freq2,
1540			    hwsim_chanwidths[conf->chandef.width],
1541			    !!(conf->flags & IEEE80211_CONF_IDLE),
1542			    !!(conf->flags & IEEE80211_CONF_PS),
1543			    smps_modes[conf->smps_mode]);
1544	else
1545		wiphy_debug(hw->wiphy,
1546			    "%s (freq=0 idle=%d ps=%d smps=%s)\n",
1547			    __func__,
1548			    !!(conf->flags & IEEE80211_CONF_IDLE),
1549			    !!(conf->flags & IEEE80211_CONF_PS),
1550			    smps_modes[conf->smps_mode]);
1551
1552	data->idle = !!(conf->flags & IEEE80211_CONF_IDLE);
1553
1554	data->channel = conf->chandef.chan;
1555
1556	WARN_ON(data->channel && data->use_chanctx);
1557
1558	data->power_level = conf->power_level;
1559	if (!data->started || !data->beacon_int)
1560		tasklet_hrtimer_cancel(&data->beacon_timer);
1561	else if (!hrtimer_is_queued(&data->beacon_timer.timer)) {
1562		u64 tsf = mac80211_hwsim_get_tsf(hw, NULL);
1563		u32 bcn_int = data->beacon_int;
1564		u64 until_tbtt = bcn_int - do_div(tsf, bcn_int);
1565
1566		tasklet_hrtimer_start(&data->beacon_timer,
1567				      ns_to_ktime(until_tbtt * 1000),
1568				      HRTIMER_MODE_REL);
1569	}
1570
1571	return 0;
1572}
1573
1574
1575static void mac80211_hwsim_configure_filter(struct ieee80211_hw *hw,
1576					    unsigned int changed_flags,
1577					    unsigned int *total_flags,u64 multicast)
1578{
1579	struct mac80211_hwsim_data *data = hw->priv;
1580
1581	wiphy_debug(hw->wiphy, "%s\n", __func__);
1582
1583	data->rx_filter = 0;
1584	if (*total_flags & FIF_ALLMULTI)
1585		data->rx_filter |= FIF_ALLMULTI;
1586
1587	*total_flags = data->rx_filter;
1588}
1589
1590static void mac80211_hwsim_bcn_en_iter(void *data, u8 *mac,
1591				       struct ieee80211_vif *vif)
1592{
1593	unsigned int *count = data;
1594	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
1595
1596	if (vp->bcn_en)
1597		(*count)++;
1598}
1599
1600static void mac80211_hwsim_bss_info_changed(struct ieee80211_hw *hw,
1601					    struct ieee80211_vif *vif,
1602					    struct ieee80211_bss_conf *info,
1603					    u32 changed)
1604{
1605	struct hwsim_vif_priv *vp = (void *)vif->drv_priv;
1606	struct mac80211_hwsim_data *data = hw->priv;
1607
1608	hwsim_check_magic(vif);
1609
1610	wiphy_debug(hw->wiphy, "%s(changed=0x%x vif->addr=%pM)\n",
1611		    __func__, changed, vif->addr);
1612
1613	if (changed & BSS_CHANGED_BSSID) {
1614		wiphy_debug(hw->wiphy, "%s: BSSID changed: %pM\n",
1615			    __func__, info->bssid);
1616		memcpy(vp->bssid, info->bssid, ETH_ALEN);
1617	}
1618
1619	if (changed & BSS_CHANGED_ASSOC) {
1620		wiphy_debug(hw->wiphy, "  ASSOC: assoc=%d aid=%d\n",
1621			    info->assoc, info->aid);
1622		vp->assoc = info->assoc;
1623		vp->aid = info->aid;
1624	}
1625
1626	if (changed & BSS_CHANGED_BEACON_ENABLED) {
1627		wiphy_debug(hw->wiphy, "  BCN EN: %d (BI=%u)\n",
1628			    info->enable_beacon, info->beacon_int);
1629		vp->bcn_en = info->enable_beacon;
1630		if (data->started &&
1631		    !hrtimer_is_queued(&data->beacon_timer.timer) &&
1632		    info->enable_beacon) {
1633			u64 tsf, until_tbtt;
1634			u32 bcn_int;
1635			data->beacon_int = info->beacon_int * 1024;
1636			tsf = mac80211_hwsim_get_tsf(hw, vif);
1637			bcn_int = data->beacon_int;
1638			until_tbtt = bcn_int - do_div(tsf, bcn_int);
1639			tasklet_hrtimer_start(&data->beacon_timer,
1640					      ns_to_ktime(until_tbtt * 1000),
1641					      HRTIMER_MODE_REL);
1642		} else if (!info->enable_beacon) {
1643			unsigned int count = 0;
1644			ieee80211_iterate_active_interfaces_atomic(
1645				data->hw, IEEE80211_IFACE_ITER_NORMAL,
1646				mac80211_hwsim_bcn_en_iter, &count);
1647			wiphy_debug(hw->wiphy, "  beaconing vifs remaining: %u",
1648				    count);
1649			if (count == 0) {
1650				tasklet_hrtimer_cancel(&data->beacon_timer);
1651				data->beacon_int = 0;
1652			}
1653		}
1654	}
1655
1656	if (changed & BSS_CHANGED_ERP_CTS_PROT) {
1657		wiphy_debug(hw->wiphy, "  ERP_CTS_PROT: %d\n",
1658			    info->use_cts_prot);
1659	}
1660
1661	if (changed & BSS_CHANGED_ERP_PREAMBLE) {
1662		wiphy_debug(hw->wiphy, "  ERP_PREAMBLE: %d\n",
1663			    info->use_short_preamble);
1664	}
1665
1666	if (changed & BSS_CHANGED_ERP_SLOT) {
1667		wiphy_debug(hw->wiphy, "  ERP_SLOT: %d\n", info->use_short_slot);
1668	}
1669
1670	if (changed & BSS_CHANGED_HT) {
1671		wiphy_debug(hw->wiphy, "  HT: op_mode=0x%x\n",
1672			    info->ht_operation_mode);
1673	}
1674
1675	if (changed & BSS_CHANGED_BASIC_RATES) {
1676		wiphy_debug(hw->wiphy, "  BASIC_RATES: 0x%llx\n",
1677			    (unsigned long long) info->basic_rates);
1678	}
1679
1680	if (changed & BSS_CHANGED_TXPOWER)
1681		wiphy_debug(hw->wiphy, "  TX Power: %d dBm\n", info->txpower);
1682}
1683
1684static int mac80211_hwsim_sta_add(struct ieee80211_hw *hw,
1685				  struct ieee80211_vif *vif,
1686				  struct ieee80211_sta *sta)
1687{
1688	hwsim_check_magic(vif);
1689	hwsim_set_sta_magic(sta);
1690
1691	return 0;
1692}
1693
1694static int mac80211_hwsim_sta_remove(struct ieee80211_hw *hw,
1695				     struct ieee80211_vif *vif,
1696				     struct ieee80211_sta *sta)
1697{
1698	hwsim_check_magic(vif);
1699	hwsim_clear_sta_magic(sta);
1700
1701	return 0;
1702}
1703
1704static void mac80211_hwsim_sta_notify(struct ieee80211_hw *hw,
1705				      struct ieee80211_vif *vif,
1706				      enum sta_notify_cmd cmd,
1707				      struct ieee80211_sta *sta)
1708{
1709	hwsim_check_magic(vif);
1710
1711	switch (cmd) {
1712	case STA_NOTIFY_SLEEP:
1713	case STA_NOTIFY_AWAKE:
1714		/* TODO: make good use of these flags */
1715		break;
1716	default:
1717		WARN(1, "Invalid sta notify: %d\n", cmd);
1718		break;
1719	}
1720}
1721
1722static int mac80211_hwsim_set_tim(struct ieee80211_hw *hw,
1723				  struct ieee80211_sta *sta,
1724				  bool set)
1725{
1726	hwsim_check_sta_magic(sta);
1727	return 0;
1728}
1729
1730static int mac80211_hwsim_conf_tx(
1731	struct ieee80211_hw *hw,
1732	struct ieee80211_vif *vif, u16 queue,
1733	const struct ieee80211_tx_queue_params *params)
1734{
1735	wiphy_debug(hw->wiphy,
1736		    "%s (queue=%d txop=%d cw_min=%d cw_max=%d aifs=%d)\n",
1737		    __func__, queue,
1738		    params->txop, params->cw_min,
1739		    params->cw_max, params->aifs);
1740	return 0;
1741}
1742
1743static int mac80211_hwsim_get_survey(
1744	struct ieee80211_hw *hw, int idx,
1745	struct survey_info *survey)
1746{
1747	struct ieee80211_conf *conf = &hw->conf;
1748
1749	wiphy_debug(hw->wiphy, "%s (idx=%d)\n", __func__, idx);
1750
1751	if (idx != 0)
1752		return -ENOENT;
1753
1754	/* Current channel */
1755	survey->channel = conf->chandef.chan;
1756
1757	/*
1758	 * Magically conjured noise level --- this is only ok for simulated hardware.
1759	 *
1760	 * A real driver which cannot determine the real channel noise MUST NOT
1761	 * report any noise, especially not a magically conjured one :-)
1762	 */
1763	survey->filled = SURVEY_INFO_NOISE_DBM;
1764	survey->noise = -92;
1765
1766	return 0;
1767}
1768
1769#ifdef CONFIG_NL80211_TESTMODE
1770/*
1771 * This section contains example code for using netlink
1772 * attributes with the testmode command in nl80211.
1773 */
1774
1775/* These enums need to be kept in sync with userspace */
1776enum hwsim_testmode_attr {
1777	__HWSIM_TM_ATTR_INVALID	= 0,
1778	HWSIM_TM_ATTR_CMD	= 1,
1779	HWSIM_TM_ATTR_PS	= 2,
1780
1781	/* keep last */
1782	__HWSIM_TM_ATTR_AFTER_LAST,
1783	HWSIM_TM_ATTR_MAX	= __HWSIM_TM_ATTR_AFTER_LAST - 1
1784};
1785
1786enum hwsim_testmode_cmd {
1787	HWSIM_TM_CMD_SET_PS		= 0,
1788	HWSIM_TM_CMD_GET_PS		= 1,
1789	HWSIM_TM_CMD_STOP_QUEUES	= 2,
1790	HWSIM_TM_CMD_WAKE_QUEUES	= 3,
1791};
1792
1793static const struct nla_policy hwsim_testmode_policy[HWSIM_TM_ATTR_MAX + 1] = {
1794	[HWSIM_TM_ATTR_CMD] = { .type = NLA_U32 },
1795	[HWSIM_TM_ATTR_PS] = { .type = NLA_U32 },
1796};
1797
1798static int mac80211_hwsim_testmode_cmd(struct ieee80211_hw *hw,
1799				       struct ieee80211_vif *vif,
1800				       void *data, int len)
1801{
1802	struct mac80211_hwsim_data *hwsim = hw->priv;
1803	struct nlattr *tb[HWSIM_TM_ATTR_MAX + 1];
1804	struct sk_buff *skb;
1805	int err, ps;
1806
1807	err = nla_parse(tb, HWSIM_TM_ATTR_MAX, data, len,
1808			hwsim_testmode_policy);
1809	if (err)
1810		return err;
1811
1812	if (!tb[HWSIM_TM_ATTR_CMD])
1813		return -EINVAL;
1814
1815	switch (nla_get_u32(tb[HWSIM_TM_ATTR_CMD])) {
1816	case HWSIM_TM_CMD_SET_PS:
1817		if (!tb[HWSIM_TM_ATTR_PS])
1818			return -EINVAL;
1819		ps = nla_get_u32(tb[HWSIM_TM_ATTR_PS]);
1820		return hwsim_fops_ps_write(hwsim, ps);
1821	case HWSIM_TM_CMD_GET_PS:
1822		skb = cfg80211_testmode_alloc_reply_skb(hw->wiphy,
1823						nla_total_size(sizeof(u32)));
1824		if (!skb)
1825			return -ENOMEM;
1826		if (nla_put_u32(skb, HWSIM_TM_ATTR_PS, hwsim->ps))
1827			goto nla_put_failure;
1828		return cfg80211_testmode_reply(skb);
1829	case HWSIM_TM_CMD_STOP_QUEUES:
1830		ieee80211_stop_queues(hw);
1831		return 0;
1832	case HWSIM_TM_CMD_WAKE_QUEUES:
1833		ieee80211_wake_queues(hw);
1834		return 0;
1835	default:
1836		return -EOPNOTSUPP;
1837	}
1838
1839 nla_put_failure:
1840	kfree_skb(skb);
1841	return -ENOBUFS;
1842}
1843#endif
1844
1845static int mac80211_hwsim_ampdu_action(struct ieee80211_hw *hw,
1846				       struct ieee80211_vif *vif,
1847				       struct ieee80211_ampdu_params *params)
1848{
1849	struct ieee80211_sta *sta = params->sta;
1850	enum ieee80211_ampdu_mlme_action action = params->action;
1851	u16 tid = params->tid;
1852
1853	switch (action) {
1854	case IEEE80211_AMPDU_TX_START:
1855		ieee80211_start_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1856		break;
1857	case IEEE80211_AMPDU_TX_STOP_CONT:
1858	case IEEE80211_AMPDU_TX_STOP_FLUSH:
1859	case IEEE80211_AMPDU_TX_STOP_FLUSH_CONT:
1860		ieee80211_stop_tx_ba_cb_irqsafe(vif, sta->addr, tid);
1861		break;
1862	case IEEE80211_AMPDU_TX_OPERATIONAL:
1863		break;
1864	case IEEE80211_AMPDU_RX_START:
1865	case IEEE80211_AMPDU_RX_STOP:
1866		break;
1867	default:
1868		return -EOPNOTSUPP;
1869	}
1870
1871	return 0;
1872}
1873
1874static void mac80211_hwsim_flush(struct ieee80211_hw *hw,
1875				 struct ieee80211_vif *vif,
1876				 u32 queues, bool drop)
1877{
1878	/* Not implemented, queues only on kernel side */
1879}
1880
1881static void hw_scan_work(struct work_struct *work)
1882{
1883	struct mac80211_hwsim_data *hwsim =
1884		container_of(work, struct mac80211_hwsim_data, hw_scan.work);
1885	struct cfg80211_scan_request *req = hwsim->hw_scan_request;
1886	int dwell, i;
1887
1888	mutex_lock(&hwsim->mutex);
1889	if (hwsim->scan_chan_idx >= req->n_channels) {
1890		wiphy_debug(hwsim->hw->wiphy, "hw scan complete\n");
1891		ieee80211_scan_completed(hwsim->hw, false);
1892		hwsim->hw_scan_request = NULL;
1893		hwsim->hw_scan_vif = NULL;
1894		hwsim->tmp_chan = NULL;
1895		mutex_unlock(&hwsim->mutex);
1896		return;
1897	}
1898
1899	wiphy_debug(hwsim->hw->wiphy, "hw scan %d MHz\n",
1900		    req->channels[hwsim->scan_chan_idx]->center_freq);
1901
1902	hwsim->tmp_chan = req->channels[hwsim->scan_chan_idx];
1903	if (hwsim->tmp_chan->flags & (IEEE80211_CHAN_NO_IR |
1904				      IEEE80211_CHAN_RADAR) ||
1905	    !req->n_ssids) {
1906		dwell = 120;
1907	} else {
1908		dwell = 30;
1909		/* send probes */
1910		for (i = 0; i < req->n_ssids; i++) {
1911			struct sk_buff *probe;
1912			struct ieee80211_mgmt *mgmt;
1913
1914			probe = ieee80211_probereq_get(hwsim->hw,
1915						       hwsim->scan_addr,
1916						       req->ssids[i].ssid,
1917						       req->ssids[i].ssid_len,
1918						       req->ie_len);
1919			if (!probe)
1920				continue;
1921
1922			mgmt = (struct ieee80211_mgmt *) probe->data;
1923			memcpy(mgmt->da, req->bssid, ETH_ALEN);
1924			memcpy(mgmt->bssid, req->bssid, ETH_ALEN);
1925
1926			if (req->ie_len)
1927				memcpy(skb_put(probe, req->ie_len), req->ie,
1928				       req->ie_len);
1929
1930			local_bh_disable();
1931			mac80211_hwsim_tx_frame(hwsim->hw, probe,
1932						hwsim->tmp_chan);
1933			local_bh_enable();
1934		}
1935	}
1936	ieee80211_queue_delayed_work(hwsim->hw, &hwsim->hw_scan,
1937				     msecs_to_jiffies(dwell));
1938	hwsim->scan_chan_idx++;
1939	mutex_unlock(&hwsim->mutex);
1940}
1941
1942static int mac80211_hwsim_hw_scan(struct ieee80211_hw *hw,
1943				  struct ieee80211_vif *vif,
1944				  struct ieee80211_scan_request *hw_req)
1945{
1946	struct mac80211_hwsim_data *hwsim = hw->priv;
1947	struct cfg80211_scan_request *req = &hw_req->req;
1948
1949	mutex_lock(&hwsim->mutex);
1950	if (WARN_ON(hwsim->tmp_chan || hwsim->hw_scan_request)) {
1951		mutex_unlock(&hwsim->mutex);
1952		return -EBUSY;
1953	}
1954	hwsim->hw_scan_request = req;
1955	hwsim->hw_scan_vif = vif;
1956	hwsim->scan_chan_idx = 0;
1957	if (req->flags & NL80211_SCAN_FLAG_RANDOM_ADDR)
1958		get_random_mask_addr(hwsim->scan_addr,
1959				     hw_req->req.mac_addr,
1960				     hw_req->req.mac_addr_mask);
1961	else
1962		memcpy(hwsim->scan_addr, vif->addr, ETH_ALEN);
1963	mutex_unlock(&hwsim->mutex);
1964
1965	wiphy_debug(hw->wiphy, "hwsim hw_scan request\n");
1966
1967	ieee80211_queue_delayed_work(hwsim->hw, &hwsim->hw_scan, 0);
1968
1969	return 0;
1970}
1971
1972static void mac80211_hwsim_cancel_hw_scan(struct ieee80211_hw *hw,
1973					  struct ieee80211_vif *vif)
1974{
1975	struct mac80211_hwsim_data *hwsim = hw->priv;
1976
1977	wiphy_debug(hw->wiphy, "hwsim cancel_hw_scan\n");
1978
1979	cancel_delayed_work_sync(&hwsim->hw_scan);
1980
1981	mutex_lock(&hwsim->mutex);
1982	ieee80211_scan_completed(hwsim->hw, true);
1983	hwsim->tmp_chan = NULL;
1984	hwsim->hw_scan_request = NULL;
1985	hwsim->hw_scan_vif = NULL;
1986	mutex_unlock(&hwsim->mutex);
1987}
1988
1989static void mac80211_hwsim_sw_scan(struct ieee80211_hw *hw,
1990				   struct ieee80211_vif *vif,
1991				   const u8 *mac_addr)
1992{
1993	struct mac80211_hwsim_data *hwsim = hw->priv;
1994
1995	mutex_lock(&hwsim->mutex);
1996
1997	if (hwsim->scanning) {
1998		printk(KERN_DEBUG "two hwsim sw_scans detected!\n");
1999		goto out;
2000	}
2001
2002	printk(KERN_DEBUG "hwsim sw_scan request, prepping stuff\n");
2003
2004	memcpy(hwsim->scan_addr, mac_addr, ETH_ALEN);
2005	hwsim->scanning = true;
2006
2007out:
2008	mutex_unlock(&hwsim->mutex);
2009}
2010
2011static void mac80211_hwsim_sw_scan_complete(struct ieee80211_hw *hw,
2012					    struct ieee80211_vif *vif)
2013{
2014	struct mac80211_hwsim_data *hwsim = hw->priv;
2015
2016	mutex_lock(&hwsim->mutex);
2017
2018	printk(KERN_DEBUG "hwsim sw_scan_complete\n");
2019	hwsim->scanning = false;
2020	eth_zero_addr(hwsim->scan_addr);
2021
2022	mutex_unlock(&hwsim->mutex);
2023}
2024
2025static void hw_roc_start(struct work_struct *work)
2026{
2027	struct mac80211_hwsim_data *hwsim =
2028		container_of(work, struct mac80211_hwsim_data, roc_start.work);
2029
2030	mutex_lock(&hwsim->mutex);
2031
2032	wiphy_debug(hwsim->hw->wiphy, "hwsim ROC begins\n");
2033	hwsim->tmp_chan = hwsim->roc_chan;
2034	ieee80211_ready_on_channel(hwsim->hw);
2035
2036	ieee80211_queue_delayed_work(hwsim->hw, &hwsim->roc_done,
2037				     msecs_to_jiffies(hwsim->roc_duration));
2038
2039	mutex_unlock(&hwsim->mutex);
2040}
2041
2042static void hw_roc_done(struct work_struct *work)
2043{
2044	struct mac80211_hwsim_data *hwsim =
2045		container_of(work, struct mac80211_hwsim_data, roc_done.work);
2046
2047	mutex_lock(&hwsim->mutex);
2048	ieee80211_remain_on_channel_expired(hwsim->hw);
2049	hwsim->tmp_chan = NULL;
2050	mutex_unlock(&hwsim->mutex);
2051
2052	wiphy_debug(hwsim->hw->wiphy, "hwsim ROC expired\n");
2053}
2054
2055static int mac80211_hwsim_roc(struct ieee80211_hw *hw,
2056			      struct ieee80211_vif *vif,
2057			      struct ieee80211_channel *chan,
2058			      int duration,
2059			      enum ieee80211_roc_type type)
2060{
2061	struct mac80211_hwsim_data *hwsim = hw->priv;
2062
2063	mutex_lock(&hwsim->mutex);
2064	if (WARN_ON(hwsim->tmp_chan || hwsim->hw_scan_request)) {
2065		mutex_unlock(&hwsim->mutex);
2066		return -EBUSY;
2067	}
2068
2069	hwsim->roc_chan = chan;
2070	hwsim->roc_duration = duration;
2071	mutex_unlock(&hwsim->mutex);
2072
2073	wiphy_debug(hw->wiphy, "hwsim ROC (%d MHz, %d ms)\n",
2074		    chan->center_freq, duration);
2075	ieee80211_queue_delayed_work(hw, &hwsim->roc_start, HZ/50);
2076
2077	return 0;
2078}
2079
2080static int mac80211_hwsim_croc(struct ieee80211_hw *hw)
2081{
2082	struct mac80211_hwsim_data *hwsim = hw->priv;
2083
2084	cancel_delayed_work_sync(&hwsim->roc_start);
2085	cancel_delayed_work_sync(&hwsim->roc_done);
2086
2087	mutex_lock(&hwsim->mutex);
2088	hwsim->tmp_chan = NULL;
2089	mutex_unlock(&hwsim->mutex);
2090
2091	wiphy_debug(hw->wiphy, "hwsim ROC canceled\n");
2092
2093	return 0;
2094}
2095
2096static int mac80211_hwsim_add_chanctx(struct ieee80211_hw *hw,
2097				      struct ieee80211_chanctx_conf *ctx)
2098{
2099	hwsim_set_chanctx_magic(ctx);
2100	wiphy_debug(hw->wiphy,
2101		    "add channel context control: %d MHz/width: %d/cfreqs:%d/%d MHz\n",
2102		    ctx->def.chan->center_freq, ctx->def.width,
2103		    ctx->def.center_freq1, ctx->def.center_freq2);
2104	return 0;
2105}
2106
2107static void mac80211_hwsim_remove_chanctx(struct ieee80211_hw *hw,
2108					  struct ieee80211_chanctx_conf *ctx)
2109{
2110	wiphy_debug(hw->wiphy,
2111		    "remove channel context control: %d MHz/width: %d/cfreqs:%d/%d MHz\n",
2112		    ctx->def.chan->center_freq, ctx->def.width,
2113		    ctx->def.center_freq1, ctx->def.center_freq2);
2114	hwsim_check_chanctx_magic(ctx);
2115	hwsim_clear_chanctx_magic(ctx);
2116}
2117
2118static void mac80211_hwsim_change_chanctx(struct ieee80211_hw *hw,
2119					  struct ieee80211_chanctx_conf *ctx,
2120					  u32 changed)
2121{
2122	hwsim_check_chanctx_magic(ctx);
2123	wiphy_debug(hw->wiphy,
2124		    "change channel context control: %d MHz/width: %d/cfreqs:%d/%d MHz\n",
2125		    ctx->def.chan->center_freq, ctx->def.width,
2126		    ctx->def.center_freq1, ctx->def.center_freq2);
2127}
2128
2129static int mac80211_hwsim_assign_vif_chanctx(struct ieee80211_hw *hw,
2130					     struct ieee80211_vif *vif,
2131					     struct ieee80211_chanctx_conf *ctx)
2132{
2133	hwsim_check_magic(vif);
2134	hwsim_check_chanctx_magic(ctx);
2135
2136	return 0;
2137}
2138
2139static void mac80211_hwsim_unassign_vif_chanctx(struct ieee80211_hw *hw,
2140						struct ieee80211_vif *vif,
2141						struct ieee80211_chanctx_conf *ctx)
2142{
2143	hwsim_check_magic(vif);
2144	hwsim_check_chanctx_magic(ctx);
2145}
2146
2147static const char mac80211_hwsim_gstrings_stats[][ETH_GSTRING_LEN] = {
2148	"tx_pkts_nic",
2149	"tx_bytes_nic",
2150	"rx_pkts_nic",
2151	"rx_bytes_nic",
2152	"d_tx_dropped",
2153	"d_tx_failed",
2154	"d_ps_mode",
2155	"d_group",
2156	"d_tx_power",
2157};
2158
2159#define MAC80211_HWSIM_SSTATS_LEN ARRAY_SIZE(mac80211_hwsim_gstrings_stats)
2160
2161static void mac80211_hwsim_get_et_strings(struct ieee80211_hw *hw,
2162					  struct ieee80211_vif *vif,
2163					  u32 sset, u8 *data)
2164{
2165	if (sset == ETH_SS_STATS)
2166		memcpy(data, *mac80211_hwsim_gstrings_stats,
2167		       sizeof(mac80211_hwsim_gstrings_stats));
2168}
2169
2170static int mac80211_hwsim_get_et_sset_count(struct ieee80211_hw *hw,
2171					    struct ieee80211_vif *vif, int sset)
2172{
2173	if (sset == ETH_SS_STATS)
2174		return MAC80211_HWSIM_SSTATS_LEN;
2175	return 0;
2176}
2177
2178static void mac80211_hwsim_get_et_stats(struct ieee80211_hw *hw,
2179					struct ieee80211_vif *vif,
2180					struct ethtool_stats *stats, u64 *data)
2181{
2182	struct mac80211_hwsim_data *ar = hw->priv;
2183	int i = 0;
2184
2185	data[i++] = ar->tx_pkts;
2186	data[i++] = ar->tx_bytes;
2187	data[i++] = ar->rx_pkts;
2188	data[i++] = ar->rx_bytes;
2189	data[i++] = ar->tx_dropped;
2190	data[i++] = ar->tx_failed;
2191	data[i++] = ar->ps;
2192	data[i++] = ar->group;
2193	data[i++] = ar->power_level;
2194
2195	WARN_ON(i != MAC80211_HWSIM_SSTATS_LEN);
2196}
2197
2198static const struct ieee80211_ops mac80211_hwsim_ops = {
2199	.tx = mac80211_hwsim_tx,
2200	.start = mac80211_hwsim_start,
2201	.stop = mac80211_hwsim_stop,
2202	.add_interface = mac80211_hwsim_add_interface,
2203	.change_interface = mac80211_hwsim_change_interface,
2204	.remove_interface = mac80211_hwsim_remove_interface,
2205	.config = mac80211_hwsim_config,
2206	.configure_filter = mac80211_hwsim_configure_filter,
2207	.bss_info_changed = mac80211_hwsim_bss_info_changed,
2208	.sta_add = mac80211_hwsim_sta_add,
2209	.sta_remove = mac80211_hwsim_sta_remove,
2210	.sta_notify = mac80211_hwsim_sta_notify,
2211	.set_tim = mac80211_hwsim_set_tim,
2212	.conf_tx = mac80211_hwsim_conf_tx,
2213	.get_survey = mac80211_hwsim_get_survey,
2214	CFG80211_TESTMODE_CMD(mac80211_hwsim_testmode_cmd)
2215	.ampdu_action = mac80211_hwsim_ampdu_action,
2216	.sw_scan_start = mac80211_hwsim_sw_scan,
2217	.sw_scan_complete = mac80211_hwsim_sw_scan_complete,
2218	.flush = mac80211_hwsim_flush,
2219	.get_tsf = mac80211_hwsim_get_tsf,
2220	.set_tsf = mac80211_hwsim_set_tsf,
2221	.get_et_sset_count = mac80211_hwsim_get_et_sset_count,
2222	.get_et_stats = mac80211_hwsim_get_et_stats,
2223	.get_et_strings = mac80211_hwsim_get_et_strings,
2224};
2225
2226static struct ieee80211_ops mac80211_hwsim_mchan_ops;
2227
2228struct hwsim_new_radio_params {
2229	unsigned int channels;
2230	const char *reg_alpha2;
2231	const struct ieee80211_regdomain *regd;
2232	bool reg_strict;
2233	bool p2p_device;
2234	bool use_chanctx;
2235	bool destroy_on_close;
2236	const char *hwname;
2237	bool no_vif;
2238};
2239
2240static void hwsim_mcast_config_msg(struct sk_buff *mcast_skb,
2241				   struct genl_info *info)
2242{
2243	if (info)
2244		genl_notify(&hwsim_genl_family, mcast_skb, info,
2245			    HWSIM_MCGRP_CONFIG, GFP_KERNEL);
2246	else
2247		genlmsg_multicast(&hwsim_genl_family, mcast_skb, 0,
2248				  HWSIM_MCGRP_CONFIG, GFP_KERNEL);
2249}
2250
2251static int append_radio_msg(struct sk_buff *skb, int id,
2252			    struct hwsim_new_radio_params *param)
2253{
2254	int ret;
2255
2256	ret = nla_put_u32(skb, HWSIM_ATTR_RADIO_ID, id);
2257	if (ret < 0)
2258		return ret;
2259
2260	if (param->channels) {
2261		ret = nla_put_u32(skb, HWSIM_ATTR_CHANNELS, param->channels);
2262		if (ret < 0)
2263			return ret;
2264	}
2265
2266	if (param->reg_alpha2) {
2267		ret = nla_put(skb, HWSIM_ATTR_REG_HINT_ALPHA2, 2,
2268			      param->reg_alpha2);
2269		if (ret < 0)
2270			return ret;
2271	}
2272
2273	if (param->regd) {
2274		int i;
2275
2276		for (i = 0; i < ARRAY_SIZE(hwsim_world_regdom_custom); i++) {
2277			if (hwsim_world_regdom_custom[i] != param->regd)
2278				continue;
2279
2280			ret = nla_put_u32(skb, HWSIM_ATTR_REG_CUSTOM_REG, i);
2281			if (ret < 0)
2282				return ret;
2283			break;
2284		}
2285	}
2286
2287	if (param->reg_strict) {
2288		ret = nla_put_flag(skb, HWSIM_ATTR_REG_STRICT_REG);
2289		if (ret < 0)
2290			return ret;
2291	}
2292
2293	if (param->p2p_device) {
2294		ret = nla_put_flag(skb, HWSIM_ATTR_SUPPORT_P2P_DEVICE);
2295		if (ret < 0)
2296			return ret;
2297	}
2298
2299	if (param->use_chanctx) {
2300		ret = nla_put_flag(skb, HWSIM_ATTR_USE_CHANCTX);
2301		if (ret < 0)
2302			return ret;
2303	}
2304
2305	if (param->hwname) {
2306		ret = nla_put(skb, HWSIM_ATTR_RADIO_NAME,
2307			      strlen(param->hwname), param->hwname);
2308		if (ret < 0)
2309			return ret;
2310	}
2311
2312	return 0;
2313}
2314
2315static void hwsim_mcast_new_radio(int id, struct genl_info *info,
2316				  struct hwsim_new_radio_params *param)
2317{
2318	struct sk_buff *mcast_skb;
2319	void *data;
2320
2321	mcast_skb = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
2322	if (!mcast_skb)
2323		return;
2324
2325	data = genlmsg_put(mcast_skb, 0, 0, &hwsim_genl_family, 0,
2326			   HWSIM_CMD_NEW_RADIO);
2327	if (!data)
2328		goto out_err;
2329
2330	if (append_radio_msg(mcast_skb, id, param) < 0)
2331		goto out_err;
2332
2333	genlmsg_end(mcast_skb, data);
2334
2335	hwsim_mcast_config_msg(mcast_skb, info);
2336	return;
2337
2338out_err:
2339	genlmsg_cancel(mcast_skb, data);
2340	nlmsg_free(mcast_skb);
2341}
2342
2343static int mac80211_hwsim_new_radio(struct genl_info *info,
2344				    struct hwsim_new_radio_params *param)
2345{
2346	int err;
2347	u8 addr[ETH_ALEN];
2348	struct mac80211_hwsim_data *data;
2349	struct ieee80211_hw *hw;
2350	enum nl80211_band band;
2351	const struct ieee80211_ops *ops = &mac80211_hwsim_ops;
2352	int idx;
2353
2354	if (WARN_ON(param->channels > 1 && !param->use_chanctx))
2355		return -EINVAL;
2356
2357	spin_lock_bh(&hwsim_radio_lock);
2358	idx = hwsim_radio_idx++;
2359	spin_unlock_bh(&hwsim_radio_lock);
2360
2361	if (param->use_chanctx)
2362		ops = &mac80211_hwsim_mchan_ops;
2363	hw = ieee80211_alloc_hw_nm(sizeof(*data), ops, param->hwname);
2364	if (!hw) {
2365		printk(KERN_DEBUG "mac80211_hwsim: ieee80211_alloc_hw failed\n");
2366		err = -ENOMEM;
2367		goto failed;
2368	}
2369	data = hw->priv;
2370	data->hw = hw;
2371
2372	data->dev = device_create(hwsim_class, NULL, 0, hw, "hwsim%d", idx);
2373	if (IS_ERR(data->dev)) {
2374		printk(KERN_DEBUG
2375		       "mac80211_hwsim: device_create failed (%ld)\n",
2376		       PTR_ERR(data->dev));
2377		err = -ENOMEM;
2378		goto failed_drvdata;
2379	}
2380	data->dev->driver = &mac80211_hwsim_driver.driver;
2381	err = device_bind_driver(data->dev);
2382	if (err != 0) {
2383		printk(KERN_DEBUG "mac80211_hwsim: device_bind_driver failed (%d)\n",
2384		       err);
2385		goto failed_bind;
2386	}
2387
2388	skb_queue_head_init(&data->pending);
2389
2390	SET_IEEE80211_DEV(hw, data->dev);
2391	eth_zero_addr(addr);
2392	addr[0] = 0x02;
2393	addr[3] = idx >> 8;
2394	addr[4] = idx;
2395	memcpy(data->addresses[0].addr, addr, ETH_ALEN);
2396	memcpy(data->addresses[1].addr, addr, ETH_ALEN);
2397	data->addresses[1].addr[0] |= 0x40;
2398	hw->wiphy->n_addresses = 2;
2399	hw->wiphy->addresses = data->addresses;
2400
2401	data->channels = param->channels;
2402	data->use_chanctx = param->use_chanctx;
2403	data->idx = idx;
2404	data->destroy_on_close = param->destroy_on_close;
2405	if (info)
2406		data->portid = info->snd_portid;
2407
2408	if (data->use_chanctx) {
2409		hw->wiphy->max_scan_ssids = 255;
2410		hw->wiphy->max_scan_ie_len = IEEE80211_MAX_DATA_LEN;
2411		hw->wiphy->max_remain_on_channel_duration = 1000;
2412		/* For channels > 1 DFS is not allowed */
2413		hw->wiphy->n_iface_combinations = 1;
2414		hw->wiphy->iface_combinations = &data->if_combination;
2415		if (param->p2p_device)
2416			data->if_combination = hwsim_if_comb_p2p_dev[0];
2417		else
2418			data->if_combination = hwsim_if_comb[0];
2419		data->if_combination.num_different_channels = data->channels;
2420	} else if (param->p2p_device) {
2421		hw->wiphy->iface_combinations = hwsim_if_comb_p2p_dev;
2422		hw->wiphy->n_iface_combinations =
2423			ARRAY_SIZE(hwsim_if_comb_p2p_dev);
2424	} else {
2425		hw->wiphy->iface_combinations = hwsim_if_comb;
2426		hw->wiphy->n_iface_combinations = ARRAY_SIZE(hwsim_if_comb);
2427	}
2428
2429	INIT_DELAYED_WORK(&data->roc_start, hw_roc_start);
2430	INIT_DELAYED_WORK(&data->roc_done, hw_roc_done);
2431	INIT_DELAYED_WORK(&data->hw_scan, hw_scan_work);
2432
2433	hw->queues = 5;
2434	hw->offchannel_tx_hw_queue = 4;
2435	hw->wiphy->interface_modes = BIT(NL80211_IFTYPE_STATION) |
2436				     BIT(NL80211_IFTYPE_AP) |
2437				     BIT(NL80211_IFTYPE_P2P_CLIENT) |
2438				     BIT(NL80211_IFTYPE_P2P_GO) |
2439				     BIT(NL80211_IFTYPE_ADHOC) |
2440				     BIT(NL80211_IFTYPE_MESH_POINT);
2441
2442	if (param->p2p_device)
2443		hw->wiphy->interface_modes |= BIT(NL80211_IFTYPE_P2P_DEVICE);
2444
2445	ieee80211_hw_set(hw, SUPPORT_FAST_XMIT);
2446	ieee80211_hw_set(hw, CHANCTX_STA_CSA);
2447	ieee80211_hw_set(hw, SUPPORTS_HT_CCK_RATES);
2448	ieee80211_hw_set(hw, QUEUE_CONTROL);
2449	ieee80211_hw_set(hw, WANT_MONITOR_VIF);
2450	ieee80211_hw_set(hw, AMPDU_AGGREGATION);
2451	ieee80211_hw_set(hw, MFP_CAPABLE);
2452	ieee80211_hw_set(hw, SIGNAL_DBM);
2453	ieee80211_hw_set(hw, TDLS_WIDER_BW);
2454	if (rctbl)
2455		ieee80211_hw_set(hw, SUPPORTS_RC_TABLE);
2456
2457	hw->wiphy->flags |= WIPHY_FLAG_SUPPORTS_TDLS |
2458			    WIPHY_FLAG_HAS_REMAIN_ON_CHANNEL |
2459			    WIPHY_FLAG_AP_UAPSD |
2460			    WIPHY_FLAG_HAS_CHANNEL_SWITCH;
2461	hw->wiphy->features |= NL80211_FEATURE_ACTIVE_MONITOR |
2462			       NL80211_FEATURE_AP_MODE_CHAN_WIDTH_CHANGE |
2463			       NL80211_FEATURE_STATIC_SMPS |
2464			       NL80211_FEATURE_DYNAMIC_SMPS |
2465			       NL80211_FEATURE_SCAN_RANDOM_MAC_ADDR;
2466	wiphy_ext_feature_set(hw->wiphy, NL80211_EXT_FEATURE_VHT_IBSS);
2467
2468	/* ask mac80211 to reserve space for magic */
2469	hw->vif_data_size = sizeof(struct hwsim_vif_priv);
2470	hw->sta_data_size = sizeof(struct hwsim_sta_priv);
2471	hw->chanctx_data_size = sizeof(struct hwsim_chanctx_priv);
2472
2473	memcpy(data->channels_2ghz, hwsim_channels_2ghz,
2474		sizeof(hwsim_channels_2ghz));
2475	memcpy(data->channels_5ghz, hwsim_channels_5ghz,
2476		sizeof(hwsim_channels_5ghz));
2477	memcpy(data->rates, hwsim_rates, sizeof(hwsim_rates));
2478
2479	for (band = NL80211_BAND_2GHZ; band < NUM_NL80211_BANDS; band++) {
2480		struct ieee80211_supported_band *sband = &data->bands[band];
2481		switch (band) {
2482		case NL80211_BAND_2GHZ:
2483			sband->channels = data->channels_2ghz;
2484			sband->n_channels = ARRAY_SIZE(hwsim_channels_2ghz);
2485			sband->bitrates = data->rates;
2486			sband->n_bitrates = ARRAY_SIZE(hwsim_rates);
2487			break;
2488		case NL80211_BAND_5GHZ:
2489			sband->channels = data->channels_5ghz;
2490			sband->n_channels = ARRAY_SIZE(hwsim_channels_5ghz);
2491			sband->bitrates = data->rates + 4;
2492			sband->n_bitrates = ARRAY_SIZE(hwsim_rates) - 4;
2493
2494			sband->vht_cap.vht_supported = true;
2495			sband->vht_cap.cap =
2496				IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454 |
2497				IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ |
2498				IEEE80211_VHT_CAP_RXLDPC |
2499				IEEE80211_VHT_CAP_SHORT_GI_80 |
2500				IEEE80211_VHT_CAP_SHORT_GI_160 |
2501				IEEE80211_VHT_CAP_TXSTBC |
2502				IEEE80211_VHT_CAP_RXSTBC_1 |
2503				IEEE80211_VHT_CAP_RXSTBC_2 |
2504				IEEE80211_VHT_CAP_RXSTBC_3 |
2505				IEEE80211_VHT_CAP_RXSTBC_4 |
2506				IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK;
2507			sband->vht_cap.vht_mcs.rx_mcs_map =
2508				cpu_to_le16(IEEE80211_VHT_MCS_SUPPORT_0_9 << 0 |
2509					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 2 |
2510					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 4 |
2511					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 6 |
2512					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 8 |
2513					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 10 |
2514					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 12 |
2515					    IEEE80211_VHT_MCS_SUPPORT_0_9 << 14);
2516			sband->vht_cap.vht_mcs.tx_mcs_map =
2517				sband->vht_cap.vht_mcs.rx_mcs_map;
2518			break;
2519		default:
2520			continue;
2521		}
2522
2523		sband->ht_cap.ht_supported = true;
2524		sband->ht_cap.cap = IEEE80211_HT_CAP_SUP_WIDTH_20_40 |
2525				    IEEE80211_HT_CAP_GRN_FLD |
2526				    IEEE80211_HT_CAP_SGI_20 |
2527				    IEEE80211_HT_CAP_SGI_40 |
2528				    IEEE80211_HT_CAP_DSSSCCK40;
2529		sband->ht_cap.ampdu_factor = 0x3;
2530		sband->ht_cap.ampdu_density = 0x6;
2531		memset(&sband->ht_cap.mcs, 0,
2532		       sizeof(sband->ht_cap.mcs));
2533		sband->ht_cap.mcs.rx_mask[0] = 0xff;
2534		sband->ht_cap.mcs.rx_mask[1] = 0xff;
2535		sband->ht_cap.mcs.tx_params = IEEE80211_HT_MCS_TX_DEFINED;
2536
2537		hw->wiphy->bands[band] = sband;
2538	}
2539
2540	/* By default all radios belong to the first group */
2541	data->group = 1;
2542	mutex_init(&data->mutex);
2543
2544	/* Enable frame retransmissions for lossy channels */
2545	hw->max_rates = 4;
2546	hw->max_rate_tries = 11;
2547
2548	hw->wiphy->vendor_commands = mac80211_hwsim_vendor_commands;
2549	hw->wiphy->n_vendor_commands =
2550		ARRAY_SIZE(mac80211_hwsim_vendor_commands);
2551	hw->wiphy->vendor_events = mac80211_hwsim_vendor_events;
2552	hw->wiphy->n_vendor_events = ARRAY_SIZE(mac80211_hwsim_vendor_events);
2553
2554	if (param->reg_strict)
2555		hw->wiphy->regulatory_flags |= REGULATORY_STRICT_REG;
2556	if (param->regd) {
2557		data->regd = param->regd;
2558		hw->wiphy->regulatory_flags |= REGULATORY_CUSTOM_REG;
2559		wiphy_apply_custom_regulatory(hw->wiphy, param->regd);
2560		/* give the regulatory workqueue a chance to run */
2561		schedule_timeout_interruptible(1);
2562	}
2563
2564	if (param->no_vif)
2565		ieee80211_hw_set(hw, NO_AUTO_VIF);
2566
2567	err = ieee80211_register_hw(hw);
2568	if (err < 0) {
2569		printk(KERN_DEBUG "mac80211_hwsim: ieee80211_register_hw failed (%d)\n",
2570		       err);
2571		goto failed_hw;
2572	}
2573
2574	wiphy_debug(hw->wiphy, "hwaddr %pM registered\n", hw->wiphy->perm_addr);
2575
2576	if (param->reg_alpha2) {
2577		data->alpha2[0] = param->reg_alpha2[0];
2578		data->alpha2[1] = param->reg_alpha2[1];
2579		regulatory_hint(hw->wiphy, param->reg_alpha2);
2580	}
2581
2582	data->debugfs = debugfs_create_dir("hwsim", hw->wiphy->debugfsdir);
2583	debugfs_create_file("ps", 0666, data->debugfs, data, &hwsim_fops_ps);
2584	debugfs_create_file("group", 0666, data->debugfs, data,
2585			    &hwsim_fops_group);
2586	if (!data->use_chanctx)
2587		debugfs_create_file("dfs_simulate_radar", 0222,
2588				    data->debugfs,
2589				    data, &hwsim_simulate_radar);
2590
2591	tasklet_hrtimer_init(&data->beacon_timer,
2592			     mac80211_hwsim_beacon,
2593			     CLOCK_MONOTONIC_RAW, HRTIMER_MODE_ABS);
2594
2595	spin_lock_bh(&hwsim_radio_lock);
2596	list_add_tail(&data->list, &hwsim_radios);
2597	spin_unlock_bh(&hwsim_radio_lock);
2598
2599	if (idx > 0)
2600		hwsim_mcast_new_radio(idx, info, param);
2601
2602	return idx;
2603
2604failed_hw:
2605	device_release_driver(data->dev);
2606failed_bind:
2607	device_unregister(data->dev);
2608failed_drvdata:
2609	ieee80211_free_hw(hw);
2610failed:
2611	return err;
2612}
2613
2614static void hwsim_mcast_del_radio(int id, const char *hwname,
2615				  struct genl_info *info)
2616{
2617	struct sk_buff *skb;
2618	void *data;
2619	int ret;
2620
2621	skb = genlmsg_new(GENLMSG_DEFAULT_SIZE, GFP_KERNEL);
2622	if (!skb)
2623		return;
2624
2625	data = genlmsg_put(skb, 0, 0, &hwsim_genl_family, 0,
2626			   HWSIM_CMD_DEL_RADIO);
2627	if (!data)
2628		goto error;
2629
2630	ret = nla_put_u32(skb, HWSIM_ATTR_RADIO_ID, id);
2631	if (ret < 0)
2632		goto error;
2633
2634	ret = nla_put(skb, HWSIM_ATTR_RADIO_NAME, strlen(hwname),
2635		      hwname);
2636	if (ret < 0)
2637		goto error;
2638
2639	genlmsg_end(skb, data);
2640
2641	hwsim_mcast_config_msg(skb, info);
2642
2643	return;
2644
2645error:
2646	nlmsg_free(skb);
2647}
2648
2649static void mac80211_hwsim_del_radio(struct mac80211_hwsim_data *data,
2650				     const char *hwname,
2651				     struct genl_info *info)
2652{
2653	hwsim_mcast_del_radio(data->idx, hwname, info);
2654	debugfs_remove_recursive(data->debugfs);
2655	ieee80211_unregister_hw(data->hw);
2656	device_release_driver(data->dev);
2657	device_unregister(data->dev);
2658	ieee80211_free_hw(data->hw);
2659}
2660
2661static int mac80211_hwsim_get_radio(struct sk_buff *skb,
2662				    struct mac80211_hwsim_data *data,
2663				    u32 portid, u32 seq,
2664				    struct netlink_callback *cb, int flags)
2665{
2666	void *hdr;
2667	struct hwsim_new_radio_params param = { };
2668	int res = -EMSGSIZE;
2669
2670	hdr = genlmsg_put(skb, portid, seq, &hwsim_genl_family, flags,
2671			  HWSIM_CMD_GET_RADIO);
2672	if (!hdr)
2673		return -EMSGSIZE;
2674
2675	if (cb)
2676		genl_dump_check_consistent(cb, hdr, &hwsim_genl_family);
2677
2678	if (data->alpha2[0] && data->alpha2[1])
2679		param.reg_alpha2 = data->alpha2;
2680
2681	param.reg_strict = !!(data->hw->wiphy->regulatory_flags &
2682					REGULATORY_STRICT_REG);
2683	param.p2p_device = !!(data->hw->wiphy->interface_modes &
2684					BIT(NL80211_IFTYPE_P2P_DEVICE));
2685	param.use_chanctx = data->use_chanctx;
2686	param.regd = data->regd;
2687	param.channels = data->channels;
2688	param.hwname = wiphy_name(data->hw->wiphy);
2689
2690	res = append_radio_msg(skb, data->idx, &param);
2691	if (res < 0)
2692		goto out_err;
2693
2694	genlmsg_end(skb, hdr);
2695	return 0;
2696
2697out_err:
2698	genlmsg_cancel(skb, hdr);
2699	return res;
2700}
2701
2702static void mac80211_hwsim_free(void)
2703{
2704	struct mac80211_hwsim_data *data;
2705
2706	spin_lock_bh(&hwsim_radio_lock);
2707	while ((data = list_first_entry_or_null(&hwsim_radios,
2708						struct mac80211_hwsim_data,
2709						list))) {
2710		list_del(&data->list);
2711		spin_unlock_bh(&hwsim_radio_lock);
2712		mac80211_hwsim_del_radio(data, wiphy_name(data->hw->wiphy),
2713					 NULL);
2714		spin_lock_bh(&hwsim_radio_lock);
2715	}
2716	spin_unlock_bh(&hwsim_radio_lock);
2717	class_destroy(hwsim_class);
2718}
2719
2720static const struct net_device_ops hwsim_netdev_ops = {
2721	.ndo_start_xmit 	= hwsim_mon_xmit,
2722	.ndo_change_mtu		= eth_change_mtu,
2723	.ndo_set_mac_address 	= eth_mac_addr,
2724	.ndo_validate_addr	= eth_validate_addr,
2725};
2726
2727static void hwsim_mon_setup(struct net_device *dev)
2728{
2729	dev->netdev_ops = &hwsim_netdev_ops;
2730	dev->destructor = free_netdev;
2731	ether_setup(dev);
2732	dev->priv_flags |= IFF_NO_QUEUE;
2733	dev->type = ARPHRD_IEEE80211_RADIOTAP;
2734	eth_zero_addr(dev->dev_addr);
2735	dev->dev_addr[0] = 0x12;
2736}
2737
2738static struct mac80211_hwsim_data *get_hwsim_data_ref_from_addr(const u8 *addr)
2739{
2740	struct mac80211_hwsim_data *data;
2741	bool _found = false;
2742
2743	spin_lock_bh(&hwsim_radio_lock);
2744	list_for_each_entry(data, &hwsim_radios, list) {
2745		if (memcmp(data->addresses[1].addr, addr, ETH_ALEN) == 0) {
2746			_found = true;
2747			break;
2748		}
2749	}
2750	spin_unlock_bh(&hwsim_radio_lock);
2751
2752	if (!_found)
2753		return NULL;
2754
2755	return data;
2756}
2757
2758static int hwsim_tx_info_frame_received_nl(struct sk_buff *skb_2,
2759					   struct genl_info *info)
2760{
2761
2762	struct ieee80211_hdr *hdr;
2763	struct mac80211_hwsim_data *data2;
2764	struct ieee80211_tx_info *txi;
2765	struct hwsim_tx_rate *tx_attempts;
2766	u64 ret_skb_cookie;
2767	struct sk_buff *skb, *tmp;
2768	const u8 *src;
2769	unsigned int hwsim_flags;
2770	int i;
2771	bool found = false;
2772
2773	if (info->snd_portid != wmediumd_portid)
2774		return -EINVAL;
2775
2776	if (!info->attrs[HWSIM_ATTR_ADDR_TRANSMITTER] ||
2777	    !info->attrs[HWSIM_ATTR_FLAGS] ||
2778	    !info->attrs[HWSIM_ATTR_COOKIE] ||
2779	    !info->attrs[HWSIM_ATTR_SIGNAL] ||
2780	    !info->attrs[HWSIM_ATTR_TX_INFO])
2781		goto out;
2782
2783	src = (void *)nla_data(info->attrs[HWSIM_ATTR_ADDR_TRANSMITTER]);
2784	hwsim_flags = nla_get_u32(info->attrs[HWSIM_ATTR_FLAGS]);
2785	ret_skb_cookie = nla_get_u64(info->attrs[HWSIM_ATTR_COOKIE]);
2786
2787	data2 = get_hwsim_data_ref_from_addr(src);
2788	if (!data2)
2789		goto out;
2790
2791	/* look for the skb matching the cookie passed back from user */
2792	skb_queue_walk_safe(&data2->pending, skb, tmp) {
2793		u64 skb_cookie;
2794
2795		txi = IEEE80211_SKB_CB(skb);
2796		skb_cookie = (u64)(uintptr_t)txi->rate_driver_data[0];
2797
2798		if (skb_cookie == ret_skb_cookie) {
2799			skb_unlink(skb, &data2->pending);
2800			found = true;
2801			break;
2802		}
2803	}
2804
2805	/* not found */
2806	if (!found)
2807		goto out;
2808
2809	/* Tx info received because the frame was broadcasted on user space,
2810	 so we get all the necessary info: tx attempts and skb control buff */
2811
2812	tx_attempts = (struct hwsim_tx_rate *)nla_data(
2813		       info->attrs[HWSIM_ATTR_TX_INFO]);
2814
2815	/* now send back TX status */
2816	txi = IEEE80211_SKB_CB(skb);
2817
2818	ieee80211_tx_info_clear_status(txi);
2819
2820	for (i = 0; i < IEEE80211_TX_MAX_RATES; i++) {
2821		txi->status.rates[i].idx = tx_attempts[i].idx;
2822		txi->status.rates[i].count = tx_attempts[i].count;
2823		/*txi->status.rates[i].flags = 0;*/
2824	}
2825
2826	txi->status.ack_signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
2827
2828	if (!(hwsim_flags & HWSIM_TX_CTL_NO_ACK) &&
2829	   (hwsim_flags & HWSIM_TX_STAT_ACK)) {
2830		if (skb->len >= 16) {
2831			hdr = (struct ieee80211_hdr *) skb->data;
2832			mac80211_hwsim_monitor_ack(data2->channel,
2833						   hdr->addr2);
2834		}
2835		txi->flags |= IEEE80211_TX_STAT_ACK;
2836	}
2837	ieee80211_tx_status_irqsafe(data2->hw, skb);
2838	return 0;
2839out:
2840	return -EINVAL;
2841
2842}
2843
2844static int hwsim_cloned_frame_received_nl(struct sk_buff *skb_2,
2845					  struct genl_info *info)
2846{
2847	struct mac80211_hwsim_data *data2;
2848	struct ieee80211_rx_status rx_status;
2849	const u8 *dst;
2850	int frame_data_len;
2851	void *frame_data;
2852	struct sk_buff *skb = NULL;
2853
2854	if (info->snd_portid != wmediumd_portid)
2855		return -EINVAL;
2856
2857	if (!info->attrs[HWSIM_ATTR_ADDR_RECEIVER] ||
2858	    !info->attrs[HWSIM_ATTR_FRAME] ||
2859	    !info->attrs[HWSIM_ATTR_RX_RATE] ||
2860	    !info->attrs[HWSIM_ATTR_SIGNAL])
2861		goto out;
2862
2863	dst = (void *)nla_data(info->attrs[HWSIM_ATTR_ADDR_RECEIVER]);
2864	frame_data_len = nla_len(info->attrs[HWSIM_ATTR_FRAME]);
2865	frame_data = (void *)nla_data(info->attrs[HWSIM_ATTR_FRAME]);
2866
2867	/* Allocate new skb here */
2868	skb = alloc_skb(frame_data_len, GFP_KERNEL);
2869	if (skb == NULL)
2870		goto err;
2871
2872	if (frame_data_len > IEEE80211_MAX_DATA_LEN)
2873		goto err;
2874
2875	/* Copy the data */
2876	memcpy(skb_put(skb, frame_data_len), frame_data, frame_data_len);
2877
2878	data2 = get_hwsim_data_ref_from_addr(dst);
2879	if (!data2)
2880		goto out;
2881
2882	/* check if radio is configured properly */
2883
2884	if (data2->idle || !data2->started)
2885		goto out;
2886
2887	/* A frame is received from user space */
2888	memset(&rx_status, 0, sizeof(rx_status));
2889	if (info->attrs[HWSIM_ATTR_FREQ]) {
2890		/* throw away off-channel packets, but allow both the temporary
2891		 * ("hw" scan/remain-on-channel) and regular channel, since the
2892		 * internal datapath also allows this
2893		 */
2894		mutex_lock(&data2->mutex);
2895		rx_status.freq = nla_get_u32(info->attrs[HWSIM_ATTR_FREQ]);
2896
2897		if (rx_status.freq != data2->channel->center_freq &&
2898		    (!data2->tmp_chan ||
2899		     rx_status.freq != data2->tmp_chan->center_freq)) {
2900			mutex_unlock(&data2->mutex);
2901			goto out;
2902		}
2903		mutex_unlock(&data2->mutex);
2904	} else {
2905		rx_status.freq = data2->channel->center_freq;
2906	}
2907
2908	rx_status.band = data2->channel->band;
2909	rx_status.rate_idx = nla_get_u32(info->attrs[HWSIM_ATTR_RX_RATE]);
2910	rx_status.signal = nla_get_u32(info->attrs[HWSIM_ATTR_SIGNAL]);
2911
2912	memcpy(IEEE80211_SKB_RXCB(skb), &rx_status, sizeof(rx_status));
2913	data2->rx_pkts++;
2914	data2->rx_bytes += skb->len;
2915	ieee80211_rx_irqsafe(data2->hw, skb);
2916
2917	return 0;
2918err:
2919	printk(KERN_DEBUG "mac80211_hwsim: error occurred in %s\n", __func__);
2920out:
2921	dev_kfree_skb(skb);
2922	return -EINVAL;
2923}
2924
2925static int hwsim_register_received_nl(struct sk_buff *skb_2,
2926				      struct genl_info *info)
2927{
2928	struct mac80211_hwsim_data *data;
2929	int chans = 1;
2930
2931	spin_lock_bh(&hwsim_radio_lock);
2932	list_for_each_entry(data, &hwsim_radios, list)
2933		chans = max(chans, data->channels);
2934	spin_unlock_bh(&hwsim_radio_lock);
2935
2936	/* In the future we should revise the userspace API and allow it
2937	 * to set a flag that it does support multi-channel, then we can
2938	 * let this pass conditionally on the flag.
2939	 * For current userspace, prohibit it since it won't work right.
2940	 */
2941	if (chans > 1)
2942		return -EOPNOTSUPP;
2943
2944	if (wmediumd_portid)
2945		return -EBUSY;
2946
2947	wmediumd_portid = info->snd_portid;
2948
2949	printk(KERN_DEBUG "mac80211_hwsim: received a REGISTER, "
2950	       "switching to wmediumd mode with pid %d\n", info->snd_portid);
2951
2952	return 0;
2953}
2954
2955static int hwsim_new_radio_nl(struct sk_buff *msg, struct genl_info *info)
2956{
2957	struct hwsim_new_radio_params param = { 0 };
2958
2959	param.reg_strict = info->attrs[HWSIM_ATTR_REG_STRICT_REG];
2960	param.p2p_device = info->attrs[HWSIM_ATTR_SUPPORT_P2P_DEVICE];
2961	param.channels = channels;
2962	param.destroy_on_close =
2963		info->attrs[HWSIM_ATTR_DESTROY_RADIO_ON_CLOSE];
2964
2965	if (info->attrs[HWSIM_ATTR_CHANNELS])
2966		param.channels = nla_get_u32(info->attrs[HWSIM_ATTR_CHANNELS]);
2967
2968	if (info->attrs[HWSIM_ATTR_NO_VIF])
2969		param.no_vif = true;
2970
2971	if (info->attrs[HWSIM_ATTR_RADIO_NAME])
2972		param.hwname = nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]);
2973
2974	if (info->attrs[HWSIM_ATTR_USE_CHANCTX])
2975		param.use_chanctx = true;
2976	else
2977		param.use_chanctx = (param.channels > 1);
2978
2979	if (info->attrs[HWSIM_ATTR_REG_HINT_ALPHA2])
2980		param.reg_alpha2 =
2981			nla_data(info->attrs[HWSIM_ATTR_REG_HINT_ALPHA2]);
2982
2983	if (info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]) {
2984		u32 idx = nla_get_u32(info->attrs[HWSIM_ATTR_REG_CUSTOM_REG]);
2985
2986		if (idx >= ARRAY_SIZE(hwsim_world_regdom_custom))
2987			return -EINVAL;
2988		param.regd = hwsim_world_regdom_custom[idx];
2989	}
2990
2991	return mac80211_hwsim_new_radio(info, &param);
2992}
2993
2994static int hwsim_del_radio_nl(struct sk_buff *msg, struct genl_info *info)
2995{
2996	struct mac80211_hwsim_data *data;
2997	s64 idx = -1;
2998	const char *hwname = NULL;
2999
3000	if (info->attrs[HWSIM_ATTR_RADIO_ID])
3001		idx = nla_get_u32(info->attrs[HWSIM_ATTR_RADIO_ID]);
3002	else if (info->attrs[HWSIM_ATTR_RADIO_NAME])
3003		hwname = (void *)nla_data(info->attrs[HWSIM_ATTR_RADIO_NAME]);
3004	else
3005		return -EINVAL;
3006
3007	spin_lock_bh(&hwsim_radio_lock);
3008	list_for_each_entry(data, &hwsim_radios, list) {
3009		if (idx >= 0) {
3010			if (data->idx != idx)
3011				continue;
3012		} else {
3013			if (strcmp(hwname, wiphy_name(data->hw->wiphy)))
3014				continue;
3015		}
3016
3017		list_del(&data->list);
3018		spin_unlock_bh(&hwsim_radio_lock);
3019		mac80211_hwsim_del_radio(data, wiphy_name(data->hw->wiphy),
3020					 info);
3021		return 0;
3022	}
3023	spin_unlock_bh(&hwsim_radio_lock);
3024
3025	return -ENODEV;
3026}
3027
3028static int hwsim_get_radio_nl(struct sk_buff *msg, struct genl_info *info)
3029{
3030	struct mac80211_hwsim_data *data;
3031	struct sk_buff *skb;
3032	int idx, res = -ENODEV;
3033
3034	if (!info->attrs[HWSIM_ATTR_RADIO_ID])
3035		return -EINVAL;
3036	idx = nla_get_u32(info->attrs[HWSIM_ATTR_RADIO_ID]);
3037
3038	spin_lock_bh(&hwsim_radio_lock);
3039	list_for_each_entry(data, &hwsim_radios, list) {
3040		if (data->idx != idx)
3041			continue;
3042
3043		skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
3044		if (!skb) {
3045			res = -ENOMEM;
3046			goto out_err;
3047		}
3048
3049		res = mac80211_hwsim_get_radio(skb, data, info->snd_portid,
3050					       info->snd_seq, NULL, 0);
3051		if (res < 0) {
3052			nlmsg_free(skb);
3053			goto out_err;
3054		}
3055
3056		genlmsg_reply(skb, info);
3057		break;
3058	}
3059
3060out_err:
3061	spin_unlock_bh(&hwsim_radio_lock);
3062
3063	return res;
3064}
3065
3066static int hwsim_dump_radio_nl(struct sk_buff *skb,
3067			       struct netlink_callback *cb)
3068{
3069	int idx = cb->args[0];
3070	struct mac80211_hwsim_data *data = NULL;
3071	int res;
3072
3073	spin_lock_bh(&hwsim_radio_lock);
3074
3075	if (idx == hwsim_radio_idx)
3076		goto done;
3077
3078	list_for_each_entry(data, &hwsim_radios, list) {
3079		if (data->idx < idx)
3080			continue;
3081
3082		res = mac80211_hwsim_get_radio(skb, data,
3083					       NETLINK_CB(cb->skb).portid,
3084					       cb->nlh->nlmsg_seq, cb,
3085					       NLM_F_MULTI);
3086		if (res < 0)
3087			break;
3088
3089		idx = data->idx + 1;
3090	}
3091
3092	cb->args[0] = idx;
3093
3094done:
3095	spin_unlock_bh(&hwsim_radio_lock);
3096	return skb->len;
3097}
3098
3099/* Generic Netlink operations array */
3100static const struct genl_ops hwsim_ops[] = {
3101	{
3102		.cmd = HWSIM_CMD_REGISTER,
3103		.policy = hwsim_genl_policy,
3104		.doit = hwsim_register_received_nl,
3105		.flags = GENL_ADMIN_PERM,
3106	},
3107	{
3108		.cmd = HWSIM_CMD_FRAME,
3109		.policy = hwsim_genl_policy,
3110		.doit = hwsim_cloned_frame_received_nl,
3111	},
3112	{
3113		.cmd = HWSIM_CMD_TX_INFO_FRAME,
3114		.policy = hwsim_genl_policy,
3115		.doit = hwsim_tx_info_frame_received_nl,
3116	},
3117	{
3118		.cmd = HWSIM_CMD_NEW_RADIO,
3119		.policy = hwsim_genl_policy,
3120		.doit = hwsim_new_radio_nl,
3121		.flags = GENL_ADMIN_PERM,
3122	},
3123	{
3124		.cmd = HWSIM_CMD_DEL_RADIO,
3125		.policy = hwsim_genl_policy,
3126		.doit = hwsim_del_radio_nl,
3127		.flags = GENL_ADMIN_PERM,
3128	},
3129	{
3130		.cmd = HWSIM_CMD_GET_RADIO,
3131		.policy = hwsim_genl_policy,
3132		.doit = hwsim_get_radio_nl,
3133		.dumpit = hwsim_dump_radio_nl,
3134	},
3135};
3136
3137static void destroy_radio(struct work_struct *work)
3138{
3139	struct mac80211_hwsim_data *data =
3140		container_of(work, struct mac80211_hwsim_data, destroy_work);
3141
3142	mac80211_hwsim_del_radio(data, wiphy_name(data->hw->wiphy), NULL);
3143}
3144
3145static void remove_user_radios(u32 portid)
3146{
3147	struct mac80211_hwsim_data *entry, *tmp;
3148
3149	spin_lock_bh(&hwsim_radio_lock);
3150	list_for_each_entry_safe(entry, tmp, &hwsim_radios, list) {
3151		if (entry->destroy_on_close && entry->portid == portid) {
3152			list_del(&entry->list);
3153			INIT_WORK(&entry->destroy_work, destroy_radio);
3154			schedule_work(&entry->destroy_work);
3155		}
3156	}
3157	spin_unlock_bh(&hwsim_radio_lock);
3158}
3159
3160static int mac80211_hwsim_netlink_notify(struct notifier_block *nb,
3161					 unsigned long state,
3162					 void *_notify)
3163{
3164	struct netlink_notify *notify = _notify;
3165
3166	if (state != NETLINK_URELEASE)
3167		return NOTIFY_DONE;
3168
3169	remove_user_radios(notify->portid);
3170
3171	if (notify->portid == wmediumd_portid) {
3172		printk(KERN_INFO "mac80211_hwsim: wmediumd released netlink"
3173		       " socket, switching to perfect channel medium\n");
3174		wmediumd_portid = 0;
3175	}
3176	return NOTIFY_DONE;
3177
3178}
3179
3180static struct notifier_block hwsim_netlink_notifier = {
3181	.notifier_call = mac80211_hwsim_netlink_notify,
3182};
3183
3184static int hwsim_init_netlink(void)
3185{
3186	int rc;
3187
3188	printk(KERN_INFO "mac80211_hwsim: initializing netlink\n");
3189
3190	rc = genl_register_family_with_ops_groups(&hwsim_genl_family,
3191						  hwsim_ops,
3192						  hwsim_mcgrps);
3193	if (rc)
3194		goto failure;
3195
3196	rc = netlink_register_notifier(&hwsim_netlink_notifier);
3197	if (rc) {
3198		genl_unregister_family(&hwsim_genl_family);
3199		goto failure;
3200	}
3201
3202	return 0;
3203
3204failure:
3205	printk(KERN_DEBUG "mac80211_hwsim: error occurred in %s\n", __func__);
3206	return -EINVAL;
3207}
3208
3209static void hwsim_exit_netlink(void)
3210{
3211	/* unregister the notifier */
3212	netlink_unregister_notifier(&hwsim_netlink_notifier);
3213	/* unregister the family */
3214	genl_unregister_family(&hwsim_genl_family);
3215}
3216
3217static int __init init_mac80211_hwsim(void)
3218{
3219	int i, err;
3220
3221	if (radios < 0 || radios > 100)
3222		return -EINVAL;
3223
3224	if (channels < 1)
3225		return -EINVAL;
3226
3227	mac80211_hwsim_mchan_ops = mac80211_hwsim_ops;
3228	mac80211_hwsim_mchan_ops.hw_scan = mac80211_hwsim_hw_scan;
3229	mac80211_hwsim_mchan_ops.cancel_hw_scan = mac80211_hwsim_cancel_hw_scan;
3230	mac80211_hwsim_mchan_ops.sw_scan_start = NULL;
3231	mac80211_hwsim_mchan_ops.sw_scan_complete = NULL;
3232	mac80211_hwsim_mchan_ops.remain_on_channel = mac80211_hwsim_roc;
3233	mac80211_hwsim_mchan_ops.cancel_remain_on_channel = mac80211_hwsim_croc;
3234	mac80211_hwsim_mchan_ops.add_chanctx = mac80211_hwsim_add_chanctx;
3235	mac80211_hwsim_mchan_ops.remove_chanctx = mac80211_hwsim_remove_chanctx;
3236	mac80211_hwsim_mchan_ops.change_chanctx = mac80211_hwsim_change_chanctx;
3237	mac80211_hwsim_mchan_ops.assign_vif_chanctx =
3238		mac80211_hwsim_assign_vif_chanctx;
3239	mac80211_hwsim_mchan_ops.unassign_vif_chanctx =
3240		mac80211_hwsim_unassign_vif_chanctx;
3241
3242	spin_lock_init(&hwsim_radio_lock);
3243	INIT_LIST_HEAD(&hwsim_radios);
3244
3245	err = platform_driver_register(&mac80211_hwsim_driver);
3246	if (err)
3247		return err;
3248
3249	hwsim_class = class_create(THIS_MODULE, "mac80211_hwsim");
3250	if (IS_ERR(hwsim_class)) {
3251		err = PTR_ERR(hwsim_class);
3252		goto out_unregister_driver;
3253	}
3254
3255	err = hwsim_init_netlink();
3256	if (err < 0)
3257		goto out_unregister_driver;
3258
3259	for (i = 0; i < radios; i++) {
3260		struct hwsim_new_radio_params param = { 0 };
3261
3262		param.channels = channels;
3263
3264		switch (regtest) {
3265		case HWSIM_REGTEST_DIFF_COUNTRY:
3266			if (i < ARRAY_SIZE(hwsim_alpha2s))
3267				param.reg_alpha2 = hwsim_alpha2s[i];
3268			break;
3269		case HWSIM_REGTEST_DRIVER_REG_FOLLOW:
3270			if (!i)
3271				param.reg_alpha2 = hwsim_alpha2s[0];
3272			break;
3273		case HWSIM_REGTEST_STRICT_ALL:
3274			param.reg_strict = true;
3275		case HWSIM_REGTEST_DRIVER_REG_ALL:
3276			param.reg_alpha2 = hwsim_alpha2s[0];
3277			break;
3278		case HWSIM_REGTEST_WORLD_ROAM:
3279			if (i == 0)
3280				param.regd = &hwsim_world_regdom_custom_01;
3281			break;
3282		case HWSIM_REGTEST_CUSTOM_WORLD:
3283			param.regd = &hwsim_world_regdom_custom_01;
3284			break;
3285		case HWSIM_REGTEST_CUSTOM_WORLD_2:
3286			if (i == 0)
3287				param.regd = &hwsim_world_regdom_custom_01;
3288			else if (i == 1)
3289				param.regd = &hwsim_world_regdom_custom_02;
3290			break;
3291		case HWSIM_REGTEST_STRICT_FOLLOW:
3292			if (i == 0) {
3293				param.reg_strict = true;
3294				param.reg_alpha2 = hwsim_alpha2s[0];
3295			}
3296			break;
3297		case HWSIM_REGTEST_STRICT_AND_DRIVER_REG:
3298			if (i == 0) {
3299				param.reg_strict = true;
3300				param.reg_alpha2 = hwsim_alpha2s[0];
3301			} else if (i == 1) {
3302				param.reg_alpha2 = hwsim_alpha2s[1];
3303			}
3304			break;
3305		case HWSIM_REGTEST_ALL:
3306			switch (i) {
3307			case 0:
3308				param.regd = &hwsim_world_regdom_custom_01;
3309				break;
3310			case 1:
3311				param.regd = &hwsim_world_regdom_custom_02;
3312				break;
3313			case 2:
3314				param.reg_alpha2 = hwsim_alpha2s[0];
3315				break;
3316			case 3:
3317				param.reg_alpha2 = hwsim_alpha2s[1];
3318				break;
3319			case 4:
3320				param.reg_strict = true;
3321				param.reg_alpha2 = hwsim_alpha2s[2];
3322				break;
3323			}
3324			break;
3325		default:
3326			break;
3327		}
3328
3329		param.p2p_device = support_p2p_device;
3330		param.use_chanctx = channels > 1;
3331
3332		err = mac80211_hwsim_new_radio(NULL, &param);
3333		if (err < 0)
3334			goto out_free_radios;
3335	}
3336
3337	hwsim_mon = alloc_netdev(0, "hwsim%d", NET_NAME_UNKNOWN,
3338				 hwsim_mon_setup);
3339	if (hwsim_mon == NULL) {
3340		err = -ENOMEM;
3341		goto out_free_radios;
3342	}
3343
3344	rtnl_lock();
3345	err = dev_alloc_name(hwsim_mon, hwsim_mon->name);
3346	if (err < 0) {
3347		rtnl_unlock();
3348		goto out_free_radios;
3349	}
3350
3351	err = register_netdevice(hwsim_mon);
3352	if (err < 0) {
3353		rtnl_unlock();
3354		goto out_free_mon;
3355	}
3356	rtnl_unlock();
3357
3358	return 0;
3359
3360out_free_mon:
3361	free_netdev(hwsim_mon);
3362out_free_radios:
3363	mac80211_hwsim_free();
3364out_unregister_driver:
3365	platform_driver_unregister(&mac80211_hwsim_driver);
3366	return err;
3367}
3368module_init(init_mac80211_hwsim);
3369
3370static void __exit exit_mac80211_hwsim(void)
3371{
3372	printk(KERN_DEBUG "mac80211_hwsim: unregister radios\n");
3373
3374	hwsim_exit_netlink();
3375
3376	mac80211_hwsim_free();
3377	unregister_netdev(hwsim_mon);
3378	platform_driver_unregister(&mac80211_hwsim_driver);
3379}
3380module_exit(exit_mac80211_hwsim);
Configure Feed

Configure Feed
