projects / mech_eap.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
nl80211: Always register management frames handler
[mech_eap.git] / src / drivers / driver_nl80211.c
diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index b8dd577..096779d 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -161,27 +161,21 @@ static int nl80211_send_frame_cmd(struct i802_bss *bss,
                                  unsigned int freq, unsigned int wait,
                                  const u8 *buf, size_t buf_len, u64 *cookie,
                                  int no_cck, int no_ack, int offchanok);
-static int nl80211_register_frame(struct i802_bss *bss,
-                                 struct nl_handle *hl_handle,
-                                 u16 type, const u8 *match, size_t match_len);
 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
                                               int report);
 
 static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
 static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
 static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx);
-static int wpa_driver_nl80211_if_remove(struct i802_bss *bss,
-                                       enum wpa_driver_if_type type,
-                                       const char *ifname);
 
 static int nl80211_set_channel(struct i802_bss *bss,
                               struct hostapd_freq_params *freq, int set_chan);
 static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
                                     int ifindex, int disabled);
 
-static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv);
+static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
+                             int reset_mode);
 
-static int i802_set_freq(void *priv, struct hostapd_freq_params *freq);
 static int i802_set_iface_flags(struct i802_bss *bss, int up);
 static int nl80211_set_param(void *priv, const char *param);
 
@@ -287,6 +281,22 @@ static int no_seq_check(struct nl_msg *msg, void *arg)
 }
 
 
+static void nl80211_nlmsg_clear(struct nl_msg *msg)
+{
+       /*
+        * Clear nlmsg data, e.g., to make sure key material is not left in
+        * heap memory for unnecessarily long time.
+        */
+       if (msg) {
+               struct nlmsghdr *hdr = nlmsg_hdr(msg);
+               void *data = nlmsg_data(hdr);
+               int len = nlmsg_datalen(hdr);
+
+               os_memset(data, 0, len);
+       }
+}
+
+
 static int send_and_recv(struct nl80211_global *global,
                         struct nl_handle *nl_handle, struct nl_msg *msg,
                         int (*valid_handler)(struct nl_msg *, void *),
@@ -326,21 +336,13 @@ static int send_and_recv(struct nl80211_global *global,
        }
  out:
        nl_cb_put(cb);
+       if (!valid_handler && valid_data == (void *) -1)
+               nl80211_nlmsg_clear(msg);
        nlmsg_free(msg);
        return err;
 }
 
 
-static int send_and_recv_msgs_global(struct nl80211_global *global,
-                                    struct nl_msg *msg,
-                                    int (*valid_handler)(struct nl_msg *, void *),
-                                    void *valid_data)
-{
-       return send_and_recv(global, global->nl, msg, valid_handler,
-                            valid_data);
-}
-
-
 int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv,
                       struct nl_msg *msg,
                       int (*valid_handler)(struct nl_msg *, void *),
@@ -405,7 +407,7 @@ static int nl_get_multicast_id(struct nl80211_global *global,
                return -1;
        }
 
-       ret = send_and_recv_msgs_global(global, msg, family_handler, &res);
+       ret = send_and_recv(global, global->nl, msg, family_handler, &res);
        if (ret == 0)
                ret = res.id;
        return ret;
@@ -756,7 +758,7 @@ static int wpa_driver_nl80211_get_ssid(void *priv, u8 *ssid)
 
 
 static void wpa_driver_nl80211_event_newlink(
-       struct wpa_driver_nl80211_data *drv, char *ifname)
+       struct wpa_driver_nl80211_data *drv, const char *ifname)
 {
        union wpa_event_data event;
 
@@ -782,7 +784,7 @@ static void wpa_driver_nl80211_event_newlink(
 
 
 static void wpa_driver_nl80211_event_dellink(
-       struct wpa_driver_nl80211_data *drv, char *ifname)
+       struct wpa_driver_nl80211_data *drv, const char *ifname)
 {
        union wpa_event_data event;
 
@@ -1024,7 +1026,12 @@ static void wpa_driver_nl80211_event_rtm_newlink(void *ctx,
                struct i802_bss *bss;
 
                /* device has been added to bridge */
-               if_indextoname(brid, namebuf);
+               if (!if_indextoname(brid, namebuf)) {
+                       wpa_printf(MSG_DEBUG,
+                                  "nl80211: Could not find bridge ifname for ifindex %u",
+                                  brid);
+                       return;
+               }
                wpa_printf(MSG_DEBUG, "nl80211: Add ifindex %u for bridge %s",
                           brid, namebuf);
                add_ifidx(drv, brid);
@@ -1104,9 +1111,16 @@ static void wpa_driver_nl80211_event_rtm_dellink(void *ctx,
        if (ifi->ifi_family == AF_BRIDGE && brid) {
                /* device has been removed from bridge */
                char namebuf[IFNAMSIZ];
-               if_indextoname(brid, namebuf);
-               wpa_printf(MSG_DEBUG, "nl80211: Remove ifindex %u for bridge "
-                          "%s", brid, namebuf);
+
+               if (!if_indextoname(brid, namebuf)) {
+                       wpa_printf(MSG_DEBUG,
+                                  "nl80211: Could not find bridge ifname for ifindex %u",
+                                  brid);
+               } else {
+                       wpa_printf(MSG_DEBUG,
+                                  "nl80211: Remove ifindex %u for bridge %s",
+                                  brid, namebuf);
+               }
                del_ifidx(drv, brid);
        }
 }
@@ -1441,23 +1455,6 @@ err:
 }
 
 
-static int wpa_driver_nl80211_init_nl(struct wpa_driver_nl80211_data *drv)
-{
-       drv->nl_cb = nl_cb_alloc(NL_CB_DEFAULT);
-       if (!drv->nl_cb) {
-               wpa_printf(MSG_ERROR, "nl80211: Failed to alloc cb struct");
-               return -1;
-       }
-
-       nl_cb_set(drv->nl_cb, NL_CB_SEQ_CHECK, NL_CB_CUSTOM,
-                 no_seq_check, NULL);
-       nl_cb_set(drv->nl_cb, NL_CB_VALID, NL_CB_CUSTOM,
-                 process_drv_event, drv);
-
-       return 0;
-}
-
-
 static void wpa_driver_nl80211_rfkill_blocked(void *ctx)
 {
        wpa_printf(MSG_DEBUG, "nl80211: RFKILL blocked");
@@ -1598,11 +1595,6 @@ static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
        drv->eapol_tx_sock = -1;
        drv->ap_scan_as_station = NL80211_IFTYPE_UNSPECIFIED;
 
-       if (wpa_driver_nl80211_init_nl(drv)) {
-               os_free(drv);
-               return NULL;
-       }
-
        if (nl80211_init_bss(bss))
                goto failed;
 
@@ -1711,15 +1703,13 @@ static int nl80211_register_frame(struct i802_bss *bss,
 
 static int nl80211_alloc_mgmt_handle(struct i802_bss *bss)
 {
-       struct wpa_driver_nl80211_data *drv = bss->drv;
-
        if (bss->nl_mgmt) {
                wpa_printf(MSG_DEBUG, "nl80211: Mgmt reporting "
                           "already on! (nl_mgmt=%p)", bss->nl_mgmt);
                return -1;
        }
 
-       bss->nl_mgmt = nl_create_handle(drv->nl_cb, "mgmt");
+       bss->nl_mgmt = nl_create_handle(bss->nl_cb, "mgmt");
        if (bss->nl_mgmt == NULL)
                return -1;
 
@@ -1840,11 +1830,11 @@ static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
 
        /* WMM-AC ADDTS Response */
        if (nl80211_register_action_frame(bss, (u8 *) "\x11\x01", 2) < 0)
-               return -1;
+               ret = -1;
 
        /* WMM-AC DELTS */
        if (nl80211_register_action_frame(bss, (u8 *) "\x11\x02", 2) < 0)
-               return -1;
+               ret = -1;
 
        /* Radio Measurement - Neighbor Report Response */
        if (nl80211_register_action_frame(bss, (u8 *) "\x05\x05", 2) < 0)
@@ -2157,6 +2147,9 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
 {
        struct wpa_driver_nl80211_data *drv = bss->drv;
 
+       wpa_printf(MSG_INFO, "nl80211: deinit ifname=%s disabled_11b_rates=%d",
+                  bss->ifname, drv->disabled_11b_rates);
+
        bss->in_deinit = 1;
        if (drv->data_tx_status)
                eloop_unregister_read_sock(drv->eapol_tx_sock);
@@ -2175,6 +2168,11 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
                        nl80211_handle_destroy(drv->rtnl_sk);
        }
        if (bss->added_bridge) {
+               if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
+                                         0) < 0)
+                       wpa_printf(MSG_INFO,
+                                  "nl80211: Could not set bridge %s down",
+                                  bss->brname);
                if (linux_br_del(drv->global->ioctl_sock, bss->brname) < 0)
                        wpa_printf(MSG_INFO, "nl80211: Failed to remove "
                                   "bridge %s: %s",
@@ -2229,7 +2227,6 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
                nl80211_mgmt_unsubscribe(bss, "deinit");
                nl80211_del_p2pdev(bss);
        }
-       nl_cb_put(drv->nl_cb);
 
        nl80211_destroy_bss(drv->first_bss);
 
@@ -2344,7 +2341,7 @@ static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
        struct nl_msg *msg;
        int ret;
 
-       if (!drv->key_mgmt_set_key_vendor_cmd_avail)
+       if (!(drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
                return 0;
 
        if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
@@ -2352,10 +2349,11 @@ static int issue_key_mgmt_set_key(struct wpa_driver_nl80211_data *drv,
            nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
                        QCA_NL80211_VENDOR_SUBCMD_KEY_MGMT_SET_KEY) ||
            nla_put(msg, NL80211_ATTR_VENDOR_DATA, key_len, key)) {
+               nl80211_nlmsg_clear(msg);
                nlmsg_free(msg);
                return -1;
        }
-       ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+       ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1);
        if (ret) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Key management set key failed: ret=%d (%s)",
@@ -2394,7 +2392,8 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
        }
 #endif /* CONFIG_TDLS */
 
-       if (alg == WPA_ALG_PMK && drv->key_mgmt_set_key_vendor_cmd_avail) {
+       if (alg == WPA_ALG_PMK &&
+           (drv->capa.flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) {
                wpa_printf(MSG_DEBUG, "%s: calling issue_key_mgmt_set_key",
                           __func__);
                ret = issue_key_mgmt_set_key(drv, key, key_len);
@@ -2446,7 +2445,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
        if (nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
                goto fail;
 
-       ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+       ret = send_and_recv_msgs(drv, msg, NULL, key ? (void *) -1 : NULL);
        if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
                ret = 0;
        if (ret)
@@ -2497,6 +2496,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
        return ret;
 
 fail:
+       nl80211_nlmsg_clear(msg);
        nlmsg_free(msg);
        return -ENOBUFS;
 }
@@ -2640,7 +2640,7 @@ static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
 
        if (drv->nlmode == NL80211_IFTYPE_ADHOC) {
                nl80211_mark_disconnected(drv);
-               return nl80211_leave_ibss(drv);
+               return nl80211_leave_ibss(drv, 1);
        }
        if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
                return wpa_driver_nl80211_disconnect(drv, reason_code);
@@ -2704,6 +2704,25 @@ static void nl80211_copy_auth_params(struct wpa_driver_nl80211_data *drv,
 }
 
 
+static void nl80211_unmask_11b_rates(struct i802_bss *bss)
+{
+       struct wpa_driver_nl80211_data *drv = bss->drv;
+
+       if (is_p2p_net_interface(drv->nlmode) || !drv->disabled_11b_rates)
+               return;
+
+       /*
+        * Looks like we failed to unmask 11b rates previously. This could
+        * happen, e.g., if the interface was down at the point in time when a
+        * P2P group was terminated.
+        */
+       wpa_printf(MSG_DEBUG,
+                  "nl80211: Interface %s mode is for non-P2P, but 11b rates were disabled - re-enable them",
+                  bss->ifname);
+       nl80211_disable_11b_rates(drv, drv->ifindex, 0);
+}
+
+
 static int wpa_driver_nl80211_authenticate(
        struct i802_bss *bss, struct wpa_driver_auth_params *params)
 {
@@ -2715,6 +2734,8 @@ static int wpa_driver_nl80211_authenticate(
        int count = 0;
        int is_retry;
 
+       nl80211_unmask_11b_rates(bss);
+
        is_retry = drv->retry_auth;
        drv->retry_auth = 0;
        drv->ignore_deauth_event = 0;
@@ -3238,7 +3259,7 @@ static int wpa_driver_nl80211_set_ap(void *priv,
                    suites))
                goto fail;
 
-       if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X &&
+       if (params->key_mgmt_suites & WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
            params->pairwise_ciphers & (WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40) &&
            nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))
                goto fail;
@@ -3882,8 +3903,12 @@ int nl80211_create_iface(struct wpa_driver_nl80211_data *drv,
                                                wds, handler, arg);
        }
 
-       if (ret >= 0 && is_p2p_net_interface(iftype))
+       if (ret >= 0 && is_p2p_net_interface(iftype)) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: Interface %s created for P2P - disable 11b rates",
+                          ifname);
                nl80211_disable_11b_rates(drv, ret, 1);
+       }
 
        return ret;
 }
@@ -4122,7 +4147,8 @@ static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
 }
 
 
-static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
+static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv,
+                             int reset_mode)
 {
        struct nl_msg *msg;
        int ret;
@@ -4137,7 +4163,8 @@ static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv)
                           "nl80211: Leave IBSS request sent successfully");
        }
 
-       if (wpa_driver_nl80211_set_mode(drv->first_bss,
+       if (reset_mode &&
+           wpa_driver_nl80211_set_mode(drv->first_bss,
                                        NL80211_IFTYPE_STATION)) {
                wpa_printf(MSG_INFO, "nl80211: Failed to set interface into "
                           "station mode");
@@ -4230,7 +4257,7 @@ retry:
                if (ret == -EALREADY && count == 1) {
                        wpa_printf(MSG_DEBUG, "nl80211: Retry IBSS join after "
                                   "forced leave");
-                       nl80211_leave_ibss(drv);
+                       nl80211_leave_ibss(drv, 0);
                        nlmsg_free(msg);
                        goto retry;
                }
@@ -4561,6 +4588,8 @@ static int wpa_driver_nl80211_associate(
        int ret = -1;
        struct nl_msg *msg;
 
+       nl80211_unmask_11b_rates(bss);
+
        if (params->mode == IEEE80211_MODE_AP)
                return wpa_driver_nl80211_ap(drv, params);
 
@@ -4693,7 +4722,7 @@ static int wpa_driver_nl80211_set_mode_impl(
                 * on a frequency that the mode is disallowed in.
                 */
                if (desired_freq_params) {
-                       res = i802_set_freq(bss, desired_freq_params);
+                       res = nl80211_set_channel(bss, desired_freq_params, 0);
                        if (res) {
                                wpa_printf(MSG_DEBUG,
                                           "nl80211: Failed to set frequency on interface");
@@ -4734,10 +4763,17 @@ done:
                return ret;
        }
 
-       if (is_p2p_net_interface(nlmode))
+       if (is_p2p_net_interface(nlmode)) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: Interface %s mode change to P2P - disable 11b rates",
+                          bss->ifname);
                nl80211_disable_11b_rates(drv, drv->ifindex, 1);
-       else if (drv->disabled_11b_rates)
+       } else if (drv->disabled_11b_rates) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: Interface %s mode changed to non-P2P - re-enable 11b rates",
+                          bss->ifname);
                nl80211_disable_11b_rates(drv, drv->ifindex, 0);
+       }
 
        if (is_ap_interface(nlmode)) {
                nl80211_mgmt_unsubscribe(bss, "start AP");
@@ -5238,7 +5274,7 @@ static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
                if (!drv->if_indices[i])
                        continue;
                res = os_snprintf(pos, end - pos, " %d", drv->if_indices[i]);
-               if (res < 0 || res >= end - pos)
+               if (os_snprintf_error(end - pos, res))
                        break;
                pos += res;
        }
@@ -5477,16 +5513,21 @@ static void *i802_init(struct hostapd_data *hapd,
                                br_added = 1;
                }
        }
-       if (!br_added && br_ifindex &&
-           (params->num_bridge == 0 || !params->bridge[0]))
-               add_ifidx(drv, br_ifindex);
 
        /* start listening for EAPOL on the default AP interface */
        add_ifidx(drv, drv->ifindex);
 
-       if (params->num_bridge && params->bridge[0] &&
-           i802_check_bridge(drv, bss, params->bridge[0], params->ifname) < 0)
-               goto failed;
+       if (params->num_bridge && params->bridge[0]) {
+               if (i802_check_bridge(drv, bss, params->bridge[0],
+                                     params->ifname) < 0)
+                       goto failed;
+               if (os_strcmp(params->bridge[0], brname) != 0)
+                       br_added = 1;
+       }
+
+       if (!br_added && br_ifindex &&
+           (params->num_bridge == 0 || !params->bridge[0]))
+               add_ifidx(drv, br_ifindex);
 
 #ifdef CONFIG_LIBNL3_ROUTE
        if (bss->added_if_into_bridge) {
@@ -5556,12 +5597,14 @@ static enum nl80211_iftype wpa_driver_nl80211_if_type(
                return NL80211_IFTYPE_P2P_GO;
        case WPA_IF_P2P_DEVICE:
                return NL80211_IFTYPE_P2P_DEVICE;
+       case WPA_IF_MESH:
+               return NL80211_IFTYPE_MESH_POINT;
        }
        return -1;
 }
 
 
-#ifdef CONFIG_P2P
+#if defined(CONFIG_P2P) || defined(CONFIG_MESH)
 
 static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
 {
@@ -5575,8 +5618,7 @@ static int nl80211_addr_in_use(struct nl80211_global *global, const u8 *addr)
 }
 
 
-static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
-                                     u8 *new_addr)
+static int nl80211_vif_addr(struct wpa_driver_nl80211_data *drv, u8 *new_addr)
 {
        unsigned int idx;
 
@@ -5593,13 +5635,13 @@ static int nl80211_p2p_interface_addr(struct wpa_driver_nl80211_data *drv,
        if (idx == 64)
                return -1;
 
-       wpa_printf(MSG_DEBUG, "nl80211: Assigned new P2P Interface Address "
+       wpa_printf(MSG_DEBUG, "nl80211: Assigned new virtual interface address "
                   MACSTR, MAC2STR(new_addr));
 
        return 0;
 }
 
-#endif /* CONFIG_P2P */
+#endif /* CONFIG_P2P || CONFIG_MESH */
 
 
 struct wdev_info {
@@ -5686,10 +5728,10 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
                }
        }
 
-#ifdef CONFIG_P2P
+#if defined(CONFIG_P2P) || defined(CONFIG_MESH)
        if (!addr &&
            (type == WPA_IF_P2P_CLIENT || type == WPA_IF_P2P_GROUP ||
-            type == WPA_IF_P2P_GO)) {
+            type == WPA_IF_P2P_GO || type == WPA_IF_MESH)) {
                /* Enforce unique P2P Interface Address */
                u8 new_addr[ETH_ALEN];
 
@@ -5701,8 +5743,9 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
                }
                if (nl80211_addr_in_use(drv->global, new_addr)) {
                        wpa_printf(MSG_DEBUG, "nl80211: Allocate new address "
-                                  "for P2P group interface");
-                       if (nl80211_p2p_interface_addr(drv, new_addr) < 0) {
+                                  "for %s interface", type == WPA_IF_MESH ?
+                                  "mesh" : "P2P group");
+                       if (nl80211_vif_addr(drv, new_addr) < 0) {
                                if (added)
                                        nl80211_remove_iface(drv, ifidx);
                                return -1;
@@ -5716,7 +5759,7 @@ static int wpa_driver_nl80211_if_add(void *priv, enum wpa_driver_if_type type,
                }
                os_memcpy(if_addr, new_addr, ETH_ALEN);
        }
-#endif /* CONFIG_P2P */
+#endif /* CONFIG_P2P || CONFIG_MESH */
 
        if (type == WPA_IF_AP_BSS) {
                struct i802_bss *new_bss = os_zalloc(sizeof(*new_bss));
@@ -6112,6 +6155,11 @@ static int nl80211_disable_11b_rates(struct wpa_driver_nl80211_data *drv,
        struct nlattr *bands, *band;
        int ret;
 
+       wpa_printf(MSG_DEBUG,
+                  "nl80211: NL80211_CMD_SET_TX_BITRATE_MASK (ifindex=%d %s)",
+                  ifindex, disabled ? "NL80211_TXRATE_LEGACY=OFDM-only" :
+                  "no NL80211_TXRATE_LEGACY constraint");
+
        msg = nl80211_ifindex_msg(drv, ifindex, 0,
                                  NL80211_CMD_SET_TX_BITRATE_MASK);
        if (!msg)
@@ -6689,13 +6737,14 @@ static void nl80211_set_rekey_info(void *priv, const u8 *kek, const u8 *kck,
            nla_put(msg, NL80211_REKEY_DATA_KCK, NL80211_KCK_LEN, kck) ||
            nla_put(msg, NL80211_REKEY_DATA_REPLAY_CTR, NL80211_REPLAY_CTR_LEN,
                    replay_ctr)) {
+               nl80211_nlmsg_clear(msg);
                nlmsg_free(msg);
                return;
        }
 
        nla_nest_end(msg, replay_nested);
 
-       send_and_recv_msgs(drv, msg, NULL, NULL);
+       send_and_recv_msgs(drv, msg, NULL, (void *) -1);
 }
 
 
@@ -7120,14 +7169,14 @@ static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
                          bss->added_bridge ? "added_bridge=1\n" : "",
                          bss->in_deinit ? "in_deinit=1\n" : "",
                          bss->if_dynamic ? "if_dynamic=1\n" : "");
-       if (res < 0 || res >= end - pos)
+       if (os_snprintf_error(end - pos, res))
                return pos - buf;
        pos += res;
 
        if (bss->wdev_id_set) {
                res = os_snprintf(pos, end - pos, "wdev_id=%llu\n",
                                  (unsigned long long) bss->wdev_id);
-               if (res < 0 || res >= end - pos)
+               if (os_snprintf_error(end - pos, res))
                        return pos - buf;
                pos += res;
        }
@@ -7186,7 +7235,7 @@ static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
                          "ignore_next_local_disconnect=1\n" : "",
                          drv->ignore_next_local_deauth ?
                          "ignore_next_local_deauth=1\n" : "");
-       if (res < 0 || res >= end - pos)
+       if (os_snprintf_error(end - pos, res))
                return pos - buf;
        pos += res;
 
@@ -7196,6 +7245,7 @@ static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
                                  "capa.enc=0x%x\n"
                                  "capa.auth=0x%x\n"
                                  "capa.flags=0x%llx\n"
+                                 "capa.rrm_flags=0x%x\n"
                                  "capa.max_scan_ssids=%d\n"
                                  "capa.max_sched_scan_ssids=%d\n"
                                  "capa.sched_scan_supported=%d\n"
@@ -7209,6 +7259,7 @@ static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
                                  drv->capa.enc,
                                  drv->capa.auth,
                                  (unsigned long long) drv->capa.flags,
+                                 drv->capa.rrm_flags,
                                  drv->capa.max_scan_ssids,
                                  drv->capa.max_sched_scan_ssids,
                                  drv->capa.sched_scan_supported,
@@ -7218,7 +7269,7 @@ static int wpa_driver_nl80211_status(void *priv, char *buf, size_t buflen)
                                  drv->capa.probe_resp_offloads,
                                  drv->capa.max_acl_mac_addrs,
                                  drv->capa.num_multichan_concurrent);
-               if (res < 0 || res >= end - pos)
+               if (os_snprintf_error(end - pos, res))
                        return pos - buf;
                pos += res;
        }
@@ -7722,6 +7773,13 @@ wpa_driver_nl80211_join_mesh(void *priv,
                        goto fail;
        }
 
+       if (params->beacon_int > 0) {
+               wpa_printf(MSG_DEBUG, "  * beacon_int=%d", params->beacon_int);
+               if (nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL,
+                               params->beacon_int))
+                       goto fail;
+       }
+
        wpa_printf(MSG_DEBUG, "  * flags=%08X", params->flags);
 
        container = nla_nest_start(msg, NL80211_ATTR_MESH_SETUP);
@@ -7755,6 +7813,10 @@ wpa_driver_nl80211_join_mesh(void *priv,
        if (!(params->conf.flags & WPA_DRIVER_MESH_CONF_FLAG_AUTO_PLINKS) &&
            nla_put_u32(msg, NL80211_MESHCONF_AUTO_OPEN_PLINKS, 0))
                goto fail;
+       if ((params->conf.flags & WPA_DRIVER_MESH_FLAG_DRIVER_MPM) &&
+           nla_put_u16(msg, NL80211_MESHCONF_MAX_PEER_LINKS,
+                       params->max_peer_links))
+               goto fail;
        nla_nest_end(msg, container);
 
        ret = send_and_recv_msgs(drv, msg, NULL, NULL);
@@ -7972,7 +8034,7 @@ static int linux_write_system_file(const char *path, unsigned int val)
        int fd, len;
 
        len = os_snprintf(buf, sizeof(buf), "%u\n", val);
-       if (len < 0)
+       if (os_snprintf_error(sizeof(buf), len))
                return -1;
 
        fd = open(path, O_WRONLY);
Moonshot GSS-API mechanism