HT: Remove SMPS in AP mode

[thirdparty/hostap.git] / src / drivers / driver_nl80211.c

diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c
index 21d1398ec92b300ce47ceb89a2dd63395be9addb..6c26e8ba893ae4bd621b1f1a3fddec78dee2bd9e 100644 (file)
--- a/src/drivers/driver_nl80211.c
+++ b/src/drivers/driver_nl80211.c
@@ -66,48 +66,6 @@ enum nlmsgerr_attrs {
 #define SOL_NETLINK 270
 #endif
 
-#ifndef CONFIG_LIBNL20
-/*
- * libnl 1.1 has a bug, it tries to allocate socket numbers densely
- * but when you free a socket again it will mess up its bitmap and
- * and use the wrong number the next time it needs a socket ID.
- * Therefore, we wrap the handle alloc/destroy and add our own pid
- * accounting.
- */
-static uint32_t port_bitmap[32] = { 0 };
-
-static struct nl_handle *nl80211_handle_alloc(void *cb)
-{
-       struct nl_handle *handle;
-       uint32_t pid = getpid() & 0x3FFFFF;
-       int i;
-
-       handle = nl_handle_alloc_cb(cb);
-
-       for (i = 0; i < 1024; i++) {
-               if (port_bitmap[i / 32] & (1 << (i % 32)))
-                       continue;
-               port_bitmap[i / 32] |= 1 << (i % 32);
-               pid += i << 22;
-               break;
-       }
-
-       nl_socket_set_local_port(handle, pid);
-
-       return handle;
-}
-
-static void nl80211_handle_destroy(struct nl_handle *handle)
-{
-       uint32_t port = nl_socket_get_local_port(handle);
-
-       port >>= 22;
-       port_bitmap[port / 32] &= ~(1 << (port % 32));
-
-       nl_handle_destroy(handle);
-}
-#endif /* CONFIG_LIBNL20 */
-
 
 #ifdef ANDROID
 /* system/core/libnl_2 does not include nl_socket_set_nonblocking() */
@@ -117,11 +75,11 @@ static void nl80211_handle_destroy(struct nl_handle *handle)
 #endif /* ANDROID */
 
 
-static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
+static struct nl_sock * nl_create_handle(struct nl_cb *cb, const char *dbg)
 {
-       struct nl_handle *handle;
+       struct nl_sock *handle;
 
-       handle = nl80211_handle_alloc(cb);
+       handle = nl_socket_alloc_cb(cb);
        if (handle == NULL) {
                wpa_printf(MSG_ERROR, "nl80211: Failed to allocate netlink "
                           "callbacks (%s)", dbg);
@@ -131,7 +89,7 @@ static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
        if (genl_connect(handle)) {
                wpa_printf(MSG_ERROR, "nl80211: Failed to connect to generic "
                           "netlink (%s)", dbg);
-               nl80211_handle_destroy(handle);
+               nl_socket_free(handle);
                return NULL;
        }
 
@@ -139,11 +97,11 @@ static struct nl_handle * nl_create_handle(struct nl_cb *cb, const char *dbg)
 }
 
 
-static void nl_destroy_handles(struct nl_handle **handle)
+static void nl_destroy_handles(struct nl_sock **handle)
 {
        if (*handle == NULL)
                return;
-       nl80211_handle_destroy(*handle);
+       nl_socket_free(*handle);
        *handle = NULL;
 }
 
@@ -154,11 +112,10 @@ static void nl_destroy_handles(struct nl_handle **handle)
 #define ELOOP_SOCKET_INVALID   (intptr_t) 0x88888889ULL
 #endif
 
-static void nl80211_register_eloop_read(struct nl_handle **handle,
+static void nl80211_register_eloop_read(struct nl_sock **handle,
                                        eloop_sock_handler handler,
                                        void *eloop_data, int persist)
 {
-#ifdef CONFIG_LIBNL20
        /*
         * libnl uses a pretty small buffer (32 kB that gets converted to 64 kB)
         * by default. It is possible to hit that limit in some cases where
@@ -166,13 +123,15 @@ static void nl80211_register_eloop_read(struct nl_handle **handle,
         * to hostapd and STA entry deletion. Try to increase the buffer to make
         * this less likely to occur.
         */
-       if (nl_socket_set_buffer_size(*handle, 262144, 0) < 0) {
+       int err;
+
+       err = nl_socket_set_buffer_size(*handle, 262144, 0);
+       if (err < 0) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Could not set nl_socket RX buffer size: %s",
-                          strerror(errno));
+                          nl_geterror(err));
                /* continue anyway with the default (smaller) buffer */
        }
-#endif /* CONFIG_LIBNL20 */
 
        nl_socket_set_nonblocking(*handle);
        eloop_register_read_sock(nl_socket_get_fd(*handle), handler,
@@ -183,7 +142,7 @@ static void nl80211_register_eloop_read(struct nl_handle **handle,
 }
 
 
-static void nl80211_destroy_eloop_handle(struct nl_handle **handle, int persist)
+static void nl80211_destroy_eloop_handle(struct nl_sock **handle, int persist)
 {
        if (!persist)
                *handle = (void *) (((intptr_t) *handle) ^
@@ -206,7 +165,8 @@ wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv,
                                   const char *driver_params);
 static int nl80211_send_frame_cmd(struct i802_bss *bss,
                                  unsigned int freq, unsigned int wait,
-                                 const u8 *buf, size_t buf_len, u64 *cookie,
+                                 const u8 *buf, size_t buf_len,
+                                 int save_cookie,
                                  int no_cck, int no_ack, int offchanok,
                                  const u16 *csa_offs, size_t csa_offs_len);
 static int wpa_driver_nl80211_probe_req_report(struct i802_bss *bss,
@@ -236,7 +196,7 @@ static int nl80211_put_mesh_config(struct nl_msg *msg,
                                   struct wpa_driver_mesh_bss_params *params);
 #endif /* CONFIG_MESH */
 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
-                            int reason);
+                            u16 reason);
 
 
 /* Converts nl80211_chan_width to a common format */
@@ -391,7 +351,7 @@ static void nl80211_nlmsg_clear(struct nl_msg *msg)
 
 
 static int send_and_recv(struct nl80211_global *global,
-                        struct nl_handle *nl_handle, struct nl_msg *msg,
+                        struct nl_sock *nl_handle, struct nl_msg *msg,
                         int (*valid_handler)(struct nl_msg *, void *),
                         void *valid_data)
 {
@@ -416,8 +376,16 @@ static int send_and_recv(struct nl80211_global *global,
                   NETLINK_CAP_ACK, &opt, sizeof(opt));
 
        err = nl_send_auto_complete(nl_handle, msg);
-       if (err < 0)
+       if (err < 0) {
+               wpa_printf(MSG_INFO,
+                          "nl80211: nl_send_auto_complete() failed: %s",
+                          nl_geterror(err));
+               /* Need to convert libnl error code to an errno value. For now,
+                * just hardcode this to EBADF; the real error reason is shown
+                * in that error print above. */
+               err = -EBADF;
                goto out;
+       }
 
        err = 1;
 
@@ -431,10 +399,24 @@ static int send_and_recv(struct nl80211_global *global,
 
        while (err > 0) {
                int res = nl_recvmsgs(nl_handle, cb);
-               if (res < 0) {
+
+               if (res == -NLE_DUMP_INTR) {
+                       /* Most likely one of the nl80211 dump routines hit a
+                        * case where internal results changed while the dump
+                        * was being sent. The most common known case for this
+                        * is scan results fetching while associated were every
+                        * received Beacon frame from the AP may end up
+                        * incrementing bss_generation. This
+                        * NL80211_CMD_GET_SCAN case tries again in the caller;
+                        * other cases (of which there are no known common ones)
+                        * will stop and return an error. */
+                       wpa_printf(MSG_DEBUG, "nl80211: %s; convert to -EAGAIN",
+                                  nl_geterror(res));
+                       err = -EAGAIN;
+               } else if (res < 0) {
                        wpa_printf(MSG_INFO,
-                                  "nl80211: %s->nl_recvmsgs failed: %d",
-                                  __func__, res);
+                                  "nl80211: %s->nl_recvmsgs failed: %d (%s)",
+                                  __func__, res, nl_geterror(res));
                }
        }
  out:
@@ -1369,12 +1351,25 @@ int nl80211_get_assoc_ssid(struct wpa_driver_nl80211_data *drv, u8 *ssid)
        struct nl_msg *msg;
        int ret;
        struct nl80211_get_assoc_freq_arg arg;
+       int count = 0;
 
+try_again:
        msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
        os_memset(&arg, 0, sizeof(arg));
        arg.drv = drv;
        ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
                                 &arg);
+       if (ret == -EAGAIN) {
+               count++;
+               if (count >= 10) {
+                       wpa_printf(MSG_INFO,
+                                  "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid");
+               } else {
+                       wpa_printf(MSG_DEBUG,
+                                  "nl80211: Failed to receive consistent scan result dump for get_assoc_ssid - try again");
+                       goto try_again;
+               }
+       }
        if (ret == 0) {
                os_memcpy(ssid, arg.assoc_ssid, arg.assoc_ssid_len);
                return arg.assoc_ssid_len;
@@ -1390,12 +1385,25 @@ unsigned int nl80211_get_assoc_freq(struct wpa_driver_nl80211_data *drv)
        struct nl_msg *msg;
        int ret;
        struct nl80211_get_assoc_freq_arg arg;
+       int count = 0;
 
+try_again:
        msg = nl80211_drv_msg(drv, NLM_F_DUMP, NL80211_CMD_GET_SCAN);
        os_memset(&arg, 0, sizeof(arg));
        arg.drv = drv;
        ret = send_and_recv_msgs(drv, msg, nl80211_get_assoc_freq_handler,
                                 &arg);
+       if (ret == -EAGAIN) {
+               count++;
+               if (count >= 10) {
+                       wpa_printf(MSG_INFO,
+                                  "nl80211: Failed to receive consistent scan result dump for get_assoc_freq");
+               } else {
+                       wpa_printf(MSG_DEBUG,
+                                  "nl80211: Failed to receive consistent scan result dump for get_assoc_freq - try again");
+                       goto try_again;
+               }
+       }
        if (ret == 0) {
                unsigned int freq = drv->nlmode == NL80211_IFTYPE_ADHOC ?
                        arg.ibss_freq : arg.assoc_freq;
@@ -1733,7 +1741,7 @@ static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
        if (ret < 0) {
                wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
                           "membership for scan events: %d (%s)",
-                          ret, strerror(-ret));
+                          ret, nl_geterror(ret));
                goto err;
        }
 
@@ -1743,7 +1751,7 @@ static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
        if (ret < 0) {
                wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
                           "membership for mlme events: %d (%s)",
-                          ret, strerror(-ret));
+                          ret, nl_geterror(ret));
                goto err;
        }
 
@@ -1753,7 +1761,7 @@ static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
        if (ret < 0) {
                wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
                           "membership for regulatory events: %d (%s)",
-                          ret, strerror(-ret));
+                          ret, nl_geterror(ret));
                /* Continue without regulatory events */
        }
 
@@ -1763,7 +1771,7 @@ static int wpa_driver_nl80211_init_nl_global(struct nl80211_global *global)
        if (ret < 0) {
                wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
                           "membership for vendor events: %d (%s)",
-                          ret, strerror(-ret));
+                          ret, nl_geterror(ret));
                /* Continue without vendor events */
        }
 
@@ -1789,7 +1797,7 @@ err:
 
 static void nl80211_check_global(struct nl80211_global *global)
 {
-       struct nl_handle *handle;
+       struct nl_sock *handle;
        const char *groups[] = { "scan", "mlme", "regulatory", "vendor", NULL };
        int ret;
        unsigned int i;
@@ -1808,7 +1816,7 @@ static void nl80211_check_global(struct nl80211_global *global)
                if (ret < 0) {
                        wpa_printf(MSG_INFO,
                                   "nl80211: Could not re-add multicast membership for %s events: %d (%s)",
-                                  groups[i], ret, strerror(-ret));
+                                  groups[i], ret, nl_geterror(ret));
                }
        }
 }
@@ -2010,9 +2018,8 @@ static void * wpa_driver_nl80211_drv_init(void *ctx, const char *ifname,
         */
        drv->set_rekey_offload = 1;
 
-       drv->num_if_indices = sizeof(drv->default_if_indices) / sizeof(int);
+       drv->num_if_indices = ARRAY_SIZE(drv->default_if_indices);
        drv->if_indices = drv->default_if_indices;
-       drv->if_indices_reason = drv->default_if_indices_reason;
 
        drv->first_bss = os_zalloc(sizeof(*drv->first_bss));
        if (!drv->first_bss) {
@@ -2088,7 +2095,7 @@ static void * wpa_driver_nl80211_init(void *ctx, const char *ifname,
 
 
 static int nl80211_register_frame(struct i802_bss *bss,
-                                 struct nl_handle *nl_handle,
+                                 struct nl_sock *nl_handle,
                                  u16 type, const u8 *match, size_t match_len)
 {
        struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -2101,7 +2108,7 @@ static int nl80211_register_frame(struct i802_bss *bss,
        wpa_printf(MSG_DEBUG, "nl80211: Register frame type=0x%x (%s) nl_handle=%p match=%s",
                   type, fc2str(type), nl_handle, buf);
 
-       if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_ACTION)) ||
+       if (!(msg = nl80211_cmd_msg(bss, 0, NL80211_CMD_REGISTER_FRAME)) ||
            nla_put_u16(msg, NL80211_ATTR_FRAME_TYPE, type) ||
            nla_put(msg, NL80211_ATTR_FRAME_MATCH, match_len, match)) {
                nlmsg_free(msg);
@@ -2241,7 +2248,6 @@ static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
                                          6) < 0)
                ret = -1;
 #endif /* CONFIG_DPP */
-#ifdef CONFIG_IEEE80211W
 #ifdef CONFIG_OCV
        /* SA Query Request */
        if (nl80211_register_action_frame(bss, (u8 *) "\x08\x00", 2) < 0)
@@ -2250,7 +2256,6 @@ static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss)
        /* SA Query Response */
        if (nl80211_register_action_frame(bss, (u8 *) "\x08\x01", 2) < 0)
                ret = -1;
-#endif /* CONFIG_IEEE80211W */
 #ifdef CONFIG_TDLS
        if ((drv->capa.flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)) {
                /* TDLS Discovery Response */
@@ -2386,11 +2391,9 @@ static int nl80211_action_subscribe_ap(struct i802_bss *bss)
        /* FT Action frames */
        if (nl80211_register_action_frame(bss, (u8 *) "\x06", 1) < 0)
                ret = -1;
-#ifdef CONFIG_IEEE80211W
        /* SA Query */
        if (nl80211_register_action_frame(bss, (u8 *) "\x08", 1) < 0)
                ret = -1;
-#endif /* CONFIG_IEEE80211W */
        /* Protected Dual of Public Action */
        if (nl80211_register_action_frame(bss, (u8 *) "\x09", 1) < 0)
                ret = -1;
@@ -2762,7 +2765,7 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
        }
 
        if (drv->rtnl_sk)
-               nl80211_handle_destroy(drv->rtnl_sk);
+               nl_socket_free(drv->rtnl_sk);
 
        if (bss->added_bridge) {
                if (linux_set_iface_flags(drv->global->ioctl_sock, bss->brname,
@@ -2789,9 +2792,6 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss)
        if (drv->if_indices != drv->default_if_indices)
                os_free(drv->if_indices);
 
-       if (drv->if_indices_reason != drv->default_if_indices_reason)
-               os_free(drv->if_indices_reason);
-
        if (drv->disabled_11b_rates)
                nl80211_disable_11b_rates(drv, drv->ifindex, 0);
 
@@ -3011,17 +3011,25 @@ static int nl80211_set_pmk(struct wpa_driver_nl80211_data *drv,
 }
 
 
-static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
-                                     enum wpa_alg alg, const u8 *addr,
-                                     int key_idx, int set_tx,
-                                     const u8 *seq, size_t seq_len,
-                                     const u8 *key, size_t key_len)
+static int wpa_driver_nl80211_set_key(struct i802_bss *bss,
+                                     struct wpa_driver_set_key_params *params)
 {
        struct wpa_driver_nl80211_data *drv = bss->drv;
        int ifindex;
-       struct nl_msg *msg = NULL;
+       struct nl_msg *msg;
+       struct nl_msg *key_msg;
        int ret;
        int tdls = 0;
+       const char *ifname = params->ifname;
+       enum wpa_alg alg = params->alg;
+       const u8 *addr = params->addr;
+       int key_idx = params->key_idx;
+       int set_tx = params->set_tx;
+       const u8 *seq = params->seq;
+       size_t seq_len = params->seq_len;
+       const u8 *key = params->key;
+       size_t key_len = params->key_len;
+       int vlan_id = params->vlan_id;
 
        /* Ignore for P2P Device */
        if (drv->nlmode == NL80211_IFTYPE_P2P_DEVICE)
@@ -3053,26 +3061,31 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
            (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X))
                return nl80211_set_pmk(drv, key, key_len, addr);
 
+       key_msg = nlmsg_alloc();
+       if (!key_msg)
+               return -ENOBUFS;
+
        if (alg == WPA_ALG_NONE) {
                msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_DEL_KEY);
                if (!msg)
-                       return -ENOBUFS;
+                       goto fail2;
        } else {
                u32 suite;
 
                suite = wpa_alg_to_cipher_suite(alg, key_len);
                if (!suite)
-                       goto fail;
+                       goto fail2;
                msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_NEW_KEY);
-               if (!msg ||
-                   nla_put(msg, NL80211_ATTR_KEY_DATA, key_len, key) ||
-                   nla_put_u32(msg, NL80211_ATTR_KEY_CIPHER, suite))
+               if (!msg)
+                       goto fail2;
+               if (nla_put(key_msg, NL80211_KEY_DATA, key_len, key) ||
+                   nla_put_u32(key_msg, NL80211_KEY_CIPHER, suite))
                        goto fail;
                wpa_hexdump_key(MSG_DEBUG, "nl80211: KEY_DATA", key, key_len);
        }
 
        if (seq && seq_len) {
-               if (nla_put(msg, NL80211_ATTR_KEY_SEQ, seq_len, seq))
+               if (nla_put(key_msg, NL80211_KEY_SEQ, seq_len, seq))
                        goto fail;
                wpa_hexdump(MSG_DEBUG, "nl80211: KEY_SEQ", seq, seq_len);
        }
@@ -3084,7 +3097,7 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 
                if (alg != WPA_ALG_WEP && key_idx && !set_tx) {
                        wpa_printf(MSG_DEBUG, "   RSN IBSS RX GTK");
-                       if (nla_put_u32(msg, NL80211_ATTR_KEY_TYPE,
+                       if (nla_put_u32(key_msg, NL80211_KEY_TYPE,
                                        NL80211_KEYTYPE_GROUP))
                                goto fail;
                }
@@ -3093,14 +3106,24 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 
                wpa_printf(MSG_DEBUG, "   broadcast key");
 
-               types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
+               types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
                if (!types ||
-                   nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
+                   nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
                        goto fail;
-               nla_nest_end(msg, types);
+               nla_nest_end(key_msg, types);
        }
-       if (nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx))
+       if (nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
+           nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
                goto fail;
+       nl80211_nlmsg_clear(key_msg);
+       nlmsg_free(key_msg);
+       key_msg = NULL;
+
+       if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
+               wpa_printf(MSG_DEBUG, "nl80211: VLAN ID %d", vlan_id);
+               if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
+                       goto fail;
+       }
 
        ret = send_and_recv_msgs(drv, msg, NULL, key ? (void *) -1 : NULL);
        if ((ret == -ENOENT || ret == -ENOLINK) && alg == WPA_ALG_NONE)
@@ -3119,32 +3142,51 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
            !is_broadcast_ether_addr(addr))
                return ret;
 
+       key_msg = nlmsg_alloc();
+       if (!key_msg)
+               return -ENOBUFS;
+
        msg = nl80211_ifindex_msg(drv, ifindex, 0, NL80211_CMD_SET_KEY);
-       if (!msg ||
-           nla_put_u8(msg, NL80211_ATTR_KEY_IDX, key_idx) ||
-           nla_put_flag(msg, (alg == WPA_ALG_IGTK ||
-                              alg == WPA_ALG_BIP_GMAC_128 ||
-                              alg == WPA_ALG_BIP_GMAC_256 ||
-                              alg == WPA_ALG_BIP_CMAC_256) ?
-                        NL80211_ATTR_KEY_DEFAULT_MGMT :
-                        NL80211_ATTR_KEY_DEFAULT))
+       if (!msg)
+               goto fail2;
+       if (!key_msg ||
+           nla_put_u8(key_msg, NL80211_KEY_IDX, key_idx) ||
+           nla_put_flag(key_msg, (alg == WPA_ALG_IGTK ||
+                                  alg == WPA_ALG_BIP_GMAC_128 ||
+                                  alg == WPA_ALG_BIP_GMAC_256 ||
+                                  alg == WPA_ALG_BIP_CMAC_256) ?
+                                  NL80211_KEY_DEFAULT_MGMT :
+                                  NL80211_KEY_DEFAULT))
                goto fail;
        if (addr && is_broadcast_ether_addr(addr)) {
                struct nlattr *types;
 
-               types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
+               types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
                if (!types ||
-                   nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
+                   nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_MULTICAST))
                        goto fail;
-               nla_nest_end(msg, types);
+               nla_nest_end(key_msg, types);
        } else if (addr) {
                struct nlattr *types;
 
-               types = nla_nest_start(msg, NL80211_ATTR_KEY_DEFAULT_TYPES);
+               types = nla_nest_start(key_msg, NL80211_KEY_DEFAULT_TYPES);
                if (!types ||
-                   nla_put_flag(msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
+                   nla_put_flag(key_msg, NL80211_KEY_DEFAULT_TYPE_UNICAST))
+                       goto fail;
+               nla_nest_end(key_msg, types);
+       }
+
+       if (nla_put_nested(msg, NL80211_ATTR_KEY, key_msg))
+               goto fail;
+       nl80211_nlmsg_clear(key_msg);
+       nlmsg_free(key_msg);
+       key_msg = NULL;
+
+       if (vlan_id && (drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
+               wpa_printf(MSG_DEBUG, "nl80211: set_key default - VLAN ID %d",
+                          vlan_id);
+               if (nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id))
                        goto fail;
-               nla_nest_end(msg, types);
        }
 
        ret = send_and_recv_msgs(drv, msg, NULL, NULL);
@@ -3158,6 +3200,9 @@ static int wpa_driver_nl80211_set_key(const char *ifname, struct i802_bss *bss,
 fail:
        nl80211_nlmsg_clear(msg);
        nlmsg_free(msg);
+fail2:
+       nl80211_nlmsg_clear(key_msg);
+       nlmsg_free(key_msg);
        return -ENOBUFS;
 }
 
@@ -3254,7 +3299,7 @@ static int nl80211_set_conn_keys(struct wpa_driver_associate_params *params,
 int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
                            const u8 *addr, int cmd, u16 reason_code,
                            int local_state_change,
-                           struct nl_handle *nl_connect)
+                           struct nl_sock *nl_connect)
 {
        int ret;
        struct nl_msg *msg;
@@ -3282,8 +3327,8 @@ int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
 
 
 static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
-                                        int reason_code,
-                                        struct nl_handle *nl_connect)
+                                        u16 reason_code,
+                                        struct nl_sock *nl_connect)
 {
        int ret;
        int drv_associated = drv->associated;
@@ -3304,7 +3349,7 @@ static int wpa_driver_nl80211_disconnect(struct wpa_driver_nl80211_data *drv,
 
 
 static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
-                                            const u8 *addr, int reason_code)
+                                            const u8 *addr, u16 reason_code)
 {
        struct wpa_driver_nl80211_data *drv = bss->drv;
        int ret;
@@ -3315,7 +3360,7 @@ static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss,
                return nl80211_leave_ibss(drv, 1);
        }
        if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
-               struct nl_handle *nl_connect = NULL;
+               struct nl_sock *nl_connect = NULL;
 
                if (bss->use_nl_connect)
                        nl_connect = bss->nl_connect;
@@ -3433,6 +3478,7 @@ static int wpa_driver_nl80211_authenticate(
        enum nl80211_iftype nlmode;
        int count = 0;
        int is_retry;
+       struct wpa_driver_set_key_params p;
 
        nl80211_unmask_11b_rates(bss);
 
@@ -3461,14 +3507,17 @@ retry:
        if (!msg)
                goto fail;
 
+       os_memset(&p, 0, sizeof(p));
+       p.ifname = bss->ifname;
+       p.alg = WPA_ALG_WEP;
        for (i = 0; i < 4; i++) {
                if (!params->wep_key[i])
                        continue;
-               wpa_driver_nl80211_set_key(bss->ifname, bss, WPA_ALG_WEP,
-                                          NULL, i,
-                                          i == params->wep_tx_keyidx, NULL, 0,
-                                          params->wep_key[i],
-                                          params->wep_key_len[i]);
+               p.key_idx = i;
+               p.set_tx = i == params->wep_tx_keyidx;
+               p.key = params->wep_key[i];
+               p.key_len = params->wep_key_len[i];
+               wpa_driver_nl80211_set_key(bss, &p);
                if (params->wep_tx_keyidx != i)
                        continue;
                if (nl_add_key(msg, WPA_ALG_WEP, i, 1, NULL, 0,
@@ -3630,80 +3679,27 @@ int wpa_driver_nl80211_authenticate_retry(struct wpa_driver_nl80211_data *drv)
 }
 
 
-static int wpa_driver_nl80211_send_frame(struct i802_bss *bss,
-                                        const void *data, size_t len,
-                                        int encrypt, int noack,
-                                        unsigned int freq, int no_cck,
-                                        int offchanok, unsigned int wait_time,
-                                        const u16 *csa_offs,
-                                        size_t csa_offs_len)
-{
-       struct wpa_driver_nl80211_data *drv = bss->drv;
-       u64 cookie;
-       int res;
-
-       if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
-               freq = nl80211_get_assoc_freq(drv);
-               wpa_printf(MSG_DEBUG,
-                          "nl80211: send_frame - Use assoc_freq=%u for IBSS",
-                          freq);
-       }
-       if (freq == 0) {
-               wpa_printf(MSG_DEBUG, "nl80211: send_frame - Use bss->freq=%u",
-                          bss->freq);
-               freq = bss->freq;
-       }
-
-       if (drv->use_monitor) {
-               wpa_printf(MSG_DEBUG, "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
-                          freq, bss->freq);
-               return nl80211_send_monitor(drv, data, len, encrypt, noack);
-       }
-
-       wpa_printf(MSG_DEBUG, "nl80211: send_frame -> send_frame_cmd");
-       res = nl80211_send_frame_cmd(bss, freq, wait_time, data, len,
-                                    &cookie, no_cck, noack, offchanok,
-                                    csa_offs, csa_offs_len);
-       if (res == 0 && !noack) {
-               const struct ieee80211_mgmt *mgmt;
-               u16 fc;
-
-               mgmt = (const struct ieee80211_mgmt *) data;
-               fc = le_to_host16(mgmt->frame_control);
-               if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
-                   WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_ACTION) {
-                       wpa_printf(MSG_MSGDUMP,
-                                  "nl80211: Update send_action_cookie from 0x%llx to 0x%llx",
-                                  (long long unsigned int)
-                                  drv->send_action_cookie,
-                                  (long long unsigned int) cookie);
-                       drv->send_action_cookie = cookie;
-               }
-       }
-
-       return res;
-}
-
-
 static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
                                        size_t data_len, int noack,
                                        unsigned int freq, int no_cck,
                                        int offchanok,
                                        unsigned int wait_time,
                                        const u16 *csa_offs,
-                                       size_t csa_offs_len)
+                                       size_t csa_offs_len, int no_encrypt)
 {
        struct wpa_driver_nl80211_data *drv = bss->drv;
        struct ieee80211_mgmt *mgmt;
-       int encrypt = 1;
+       int encrypt = !no_encrypt;
        u16 fc;
+       int use_cookie = 1;
+       int res;
 
        mgmt = (struct ieee80211_mgmt *) data;
        fc = le_to_host16(mgmt->frame_control);
        wpa_printf(MSG_DEBUG, "nl80211: send_mlme - da= " MACSTR
-                  " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u fc=0x%x (%s) nlmode=%d",
+                  " noack=%d freq=%u no_cck=%d offchanok=%d wait_time=%u no_encrypt=%d fc=0x%x (%s) nlmode=%d",
                   MAC2STR(mgmt->da), noack, freq, no_cck, offchanok, wait_time,
-                  fc, fc2str(fc), drv->nlmode);
+                  no_encrypt, fc, fc2str(fc), drv->nlmode);
 
        if ((is_sta_interface(drv->nlmode) ||
             drv->nlmode == NL80211_IFTYPE_P2P_DEVICE) &&
@@ -3719,9 +3715,11 @@ static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
                                   drv->last_mgmt_freq);
                        freq = drv->last_mgmt_freq;
                }
-               return nl80211_send_frame_cmd(bss, freq, 0,
-                                             data, data_len, NULL, 1, noack,
-                                             1, csa_offs, csa_offs_len);
+               wait_time = 0;
+               use_cookie = 0;
+               no_cck = 1;
+               offchanok = 1;
+               goto send_frame_cmd;
        }
 
        if (drv->device_ap_sme && is_ap_interface(drv->nlmode)) {
@@ -3730,13 +3728,9 @@ static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
                                   bss->freq);
                        freq = bss->freq;
                }
-               return nl80211_send_frame_cmd(bss, freq,
-                                             (int) freq == bss->freq ? 0 :
-                                             wait_time,
-                                             data, data_len,
-                                             &drv->send_action_cookie,
-                                             no_cck, noack, offchanok,
-                                             csa_offs, csa_offs_len);
+               if ((int) freq == bss->freq)
+                       wait_time = 0;
+               goto send_frame_cmd;
        }
 
        if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
@@ -3753,11 +3747,60 @@ static int wpa_driver_nl80211_send_mlme(struct i802_bss *bss, const u8 *data,
                        encrypt = 0;
        }
 
-       wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame");
-       return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt,
-                                            noack, freq, no_cck, offchanok,
-                                            wait_time, csa_offs,
-                                            csa_offs_len);
+       if (freq == 0 && drv->nlmode == NL80211_IFTYPE_STATION &&
+           (drv->capa.flags & WPA_DRIVER_FLAGS_SAE) &&
+           !(drv->capa.flags & WPA_DRIVER_FLAGS_SME) &&
+           WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT &&
+           WLAN_FC_GET_STYPE(fc) == WLAN_FC_STYPE_AUTH) {
+               freq = nl80211_get_assoc_freq(drv);
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: send_mlme - Use assoc_freq=%u for external auth",
+                          freq);
+       }
+
+       if (freq == 0 && drv->nlmode == NL80211_IFTYPE_ADHOC) {
+               freq = nl80211_get_assoc_freq(drv);
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: send_mlme - Use assoc_freq=%u for IBSS",
+                          freq);
+       }
+       if (freq == 0) {
+               wpa_printf(MSG_DEBUG, "nl80211: send_mlme - Use bss->freq=%u",
+                          bss->freq);
+               freq = bss->freq;
+       }
+
+       if (drv->use_monitor) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: send_frame(freq=%u bss->freq=%u) -> send_monitor",
+                          freq, bss->freq);
+               return nl80211_send_monitor(drv, data, data_len, encrypt,
+                                           noack);
+       }
+
+       if (noack || WLAN_FC_GET_TYPE(fc) != WLAN_FC_TYPE_MGMT ||
+           WLAN_FC_GET_STYPE(fc) != WLAN_FC_STYPE_ACTION)
+               use_cookie = 0;
+send_frame_cmd:
+#ifdef CONFIG_TESTING_OPTIONS
+       if (no_encrypt && !encrypt && !drv->use_monitor) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: Request to send an unencrypted frame - use a monitor interface for this");
+               if (nl80211_create_monitor_interface(drv) < 0)
+                       return -1;
+               res = nl80211_send_monitor(drv, data, data_len, encrypt,
+                                          noack);
+               nl80211_remove_monitor_interface(drv);
+               return res;
+       }
+#endif /* CONFIG_TESTING_OPTIONS */
+
+       wpa_printf(MSG_DEBUG, "nl80211: send_mlme -> send_frame_cmd");
+       res = nl80211_send_frame_cmd(bss, freq, wait_time, data, data_len,
+                                    use_cookie, no_cck, noack, offchanok,
+                                    csa_offs, csa_offs_len);
+
+       return res;
 }
 
 
@@ -4059,7 +4102,6 @@ static int wpa_driver_nl80211_set_ap(void *priv,
        int ret = -ENOBUFS;
        int beacon_set;
        int num_suites;
-       int smps_mode;
        u32 suites[10], suite;
        u32 ver;
 #ifdef CONFIG_MESH
@@ -4171,8 +4213,10 @@ static int wpa_driver_nl80211_set_ap(void *priv,
             nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT)))
                goto fail;
 
-       if (drv->device_ap_sme && (params->key_mgmt_suites & WPA_KEY_MGMT_SAE))
-            nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT);
+       if (drv->device_ap_sme &&
+           (params->key_mgmt_suites & WPA_KEY_MGMT_SAE) &&
+           nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
+               goto fail;
 
        wpa_printf(MSG_DEBUG, "nl80211: pairwise_ciphers=0x%x",
                   params->pairwise_ciphers);
@@ -4190,27 +4234,6 @@ static int wpa_driver_nl80211_set_ap(void *priv,
            nla_put_u32(msg, NL80211_ATTR_CIPHER_SUITE_GROUP, suite))
                goto fail;
 
-       if (params->ht_opmode != -1) {
-               switch (params->smps_mode) {
-               case HT_CAP_INFO_SMPS_DYNAMIC:
-                       wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - dynamic");
-                       smps_mode = NL80211_SMPS_DYNAMIC;
-                       break;
-               case HT_CAP_INFO_SMPS_STATIC:
-                       wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - static");
-                       smps_mode = NL80211_SMPS_STATIC;
-                       break;
-               default:
-                       /* invalid - fallback to smps off */
-               case HT_CAP_INFO_SMPS_DISABLED:
-                       wpa_printf(MSG_DEBUG, "nl80211: SMPS mode - off");
-                       smps_mode = NL80211_SMPS_OFF;
-                       break;
-               }
-               if (nla_put_u8(msg, NL80211_ATTR_SMPS_MODE, smps_mode))
-                       goto fail;
-       }
-
        if (params->beacon_ies) {
                wpa_hexdump_buf(MSG_DEBUG, "nl80211: beacon_ies",
                                params->beacon_ies);
@@ -4288,6 +4311,30 @@ static int wpa_driver_nl80211_set_ap(void *priv,
                nla_nest_end(msg, ftm);
        }
 
+#ifdef CONFIG_IEEE80211AX
+       if (params->he_spr) {
+               struct nlattr *spr;
+
+               spr = nla_nest_start(msg, NL80211_ATTR_HE_OBSS_PD);
+               wpa_printf(MSG_DEBUG, "nl80211: he_spr=%d", params->he_spr);
+
+               if (nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MIN_OFFSET,
+                              params->he_spr_srg_obss_pd_min_offset) ||
+                   nla_put_u8(msg, NL80211_HE_OBSS_PD_ATTR_MAX_OFFSET,
+                              params->he_spr_srg_obss_pd_max_offset))
+                       goto fail;
+
+               nla_nest_end(msg, spr);
+       }
+
+       if (params->twt_responder) {
+               wpa_printf(MSG_DEBUG, "nl80211: twt_responder=%d",
+                          params->twt_responder);
+               if (nla_put_flag(msg, NL80211_ATTR_TWT_RESPONDER))
+                       goto fail;
+       }
+#endif /* CONFIG_IEEE80211AX */
+
        ret = send_and_recv_msgs(drv, msg, NULL, NULL);
        if (ret) {
                wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)",
@@ -4346,14 +4393,23 @@ fail:
 static int nl80211_put_freq_params(struct nl_msg *msg,
                                   const struct hostapd_freq_params *freq)
 {
+       enum hostapd_hw_mode hw_mode;
+       int is_24ghz;
+       u8 channel;
+
        wpa_printf(MSG_DEBUG, "  * freq=%d", freq->freq);
        if (nla_put_u32(msg, NL80211_ATTR_WIPHY_FREQ, freq->freq))
                return -ENOBUFS;
 
+       wpa_printf(MSG_DEBUG, "  * he_enabled=%d", freq->he_enabled);
        wpa_printf(MSG_DEBUG, "  * vht_enabled=%d", freq->vht_enabled);
        wpa_printf(MSG_DEBUG, "  * ht_enabled=%d", freq->ht_enabled);
 
-       if (freq->vht_enabled) {
+       hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
+       is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
+               hw_mode == HOSTAPD_MODE_IEEE80211B;
+
+       if (freq->vht_enabled || (freq->he_enabled && !is_24ghz)) {
                enum nl80211_chan_width cw;
 
                wpa_printf(MSG_DEBUG, "  * bandwidth=%d", freq->bandwidth);
@@ -4409,6 +4465,15 @@ static int nl80211_put_freq_params(struct nl_msg *msg,
                wpa_printf(MSG_DEBUG, "  * channel_type=%d", ct);
                if (nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ct))
                        return -ENOBUFS;
+       } else if (freq->edmg.channels && freq->edmg.bw_config) {
+               wpa_printf(MSG_DEBUG,
+                          "  * EDMG configuration: channels=0x%x bw_config=%d",
+                          freq->edmg.channels, freq->edmg.bw_config);
+               if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
+                              freq->edmg.channels) ||
+                   nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
+                              freq->edmg.bw_config))
+                       return -1;
        } else {
                wpa_printf(MSG_DEBUG, "  * channel_type=%d",
                           NL80211_CHAN_NO_HT);
@@ -4428,8 +4493,8 @@ static int nl80211_set_channel(struct i802_bss *bss,
        int ret;
 
        wpa_printf(MSG_DEBUG,
-                  "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
-                  freq->freq, freq->ht_enabled, freq->vht_enabled,
+                  "nl80211: Set freq %d (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
+                  freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
                   freq->bandwidth, freq->center_freq1, freq->center_freq2);
 
        msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL :
@@ -4561,6 +4626,14 @@ static int wpa_driver_nl80211_sta_add(void *priv,
                                goto fail;
                }
 
+               if (params->he_capab) {
+                       wpa_hexdump(MSG_DEBUG, "  * he_capab",
+                                   params->he_capab, params->he_capab_len);
+                       if (nla_put(msg, NL80211_ATTR_HE_CAPABILITY,
+                                   params->he_capab_len, params->he_capab))
+                               goto fail;
+               }
+
                if (params->ext_capab) {
                        wpa_hexdump(MSG_DEBUG, "  * ext_capab",
                                    params->ext_capab, params->ext_capab_len);
@@ -4693,8 +4766,9 @@ static int wpa_driver_nl80211_sta_add(void *priv,
                goto fail;
 #endif /* CONFIG_MESH */
 
-       if ((!params->set || FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) &&
-           (params->flags & WPA_STA_WMM)) {
+       if ((!params->set || (params->flags & WPA_STA_TDLS_PEER) ||
+            FULL_AP_CLIENT_STATE_SUPP(drv->capa.flags)) &&
+            (params->flags & WPA_STA_WMM)) {
                struct nlattr *wme = nla_nest_start(msg, NL80211_ATTR_STA_WME);
 
                wpa_printf(MSG_DEBUG, "  * qosinfo=0x%x", params->qosinfo);
@@ -5038,6 +5112,40 @@ static void nl80211_teardown_ap(struct i802_bss *bss)
 }
 
 
+static int nl80211_tx_control_port(void *priv, const u8 *dest,
+                                  u16 proto, const u8 *buf, size_t len,
+                                  int no_encrypt)
+{
+       struct i802_bss *bss = priv;
+       struct nl_msg *msg;
+       int ret;
+
+       wpa_printf(MSG_DEBUG,
+                  "nl80211: Send over control port dest=" MACSTR
+                  " proto=0x%04x len=%u no_encrypt=%d",
+                  MAC2STR(dest), proto, (unsigned int) len, no_encrypt);
+
+       msg = nl80211_bss_msg(bss, 0, NL80211_CMD_CONTROL_PORT_FRAME);
+       if (!msg ||
+           nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, proto) ||
+           nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, dest) ||
+           nla_put(msg, NL80211_ATTR_FRAME, len, buf) ||
+           (no_encrypt &&
+            nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT))) {
+               nlmsg_free(msg);
+               return -ENOBUFS;
+       }
+
+       ret = send_and_recv_msgs(bss->drv, msg, NULL, NULL);
+       if (ret)
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: tx_control_port failed: ret=%d (%s)",
+                          ret, strerror(ret));
+
+       return ret;
+}
+
+
 static int nl80211_send_eapol_data(struct i802_bss *bss,
                                   const u8 *addr, const u8 *data,
                                   size_t data_len)
@@ -5080,6 +5188,10 @@ static int wpa_driver_nl80211_hapd_send_eapol(
        int res;
        int qos = flags & WPA_STA_WMM;
 
+       if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)
+               return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL,
+                                              data, data_len, !encrypt);
+
        if (drv->device_ap_sme || !drv->use_monitor)
                return nl80211_send_eapol_data(bss, addr, data, data_len);
 
@@ -5120,12 +5232,11 @@ static int wpa_driver_nl80211_hapd_send_eapol(
        pos += 2;
        memcpy(pos, data, data_len);
 
-       res = wpa_driver_nl80211_send_frame(bss, (u8 *) hdr, len, encrypt, 0,
-                                           0, 0, 0, 0, NULL, 0);
+       res = nl80211_send_monitor(drv, hdr, len, encrypt, 0);
        if (res < 0) {
                wpa_printf(MSG_ERROR, "i802_send_eapol - packet len: %lu - "
                           "failed: %d (%s)",
-                          (unsigned long) len, errno, strerror(errno));
+                          (unsigned long) len, res, strerror(res));
        }
        os_free(hdr);
 
@@ -5185,6 +5296,28 @@ fail:
 }
 
 
+static int driver_nl80211_sta_set_airtime_weight(void *priv, const u8 *addr,
+                                                unsigned int weight)
+{
+       struct i802_bss *bss = priv;
+       struct nl_msg *msg;
+
+       wpa_printf(MSG_DEBUG,
+                  "nl80211: Set STA airtime weight - ifname=%s addr=" MACSTR
+                  " weight=%u", bss->ifname, MAC2STR(addr), weight);
+
+       if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
+           nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
+           nla_put_u16(msg, NL80211_ATTR_AIRTIME_WEIGHT, weight))
+               goto fail;
+
+       return send_and_recv_msgs(bss->drv, msg, NULL, NULL);
+fail:
+       nlmsg_free(msg);
+       return -ENOBUFS;
+}
+
+
 static int wpa_driver_nl80211_ap(struct wpa_driver_nl80211_data *drv,
                                 struct wpa_driver_associate_params *params)
 {
@@ -5457,6 +5590,18 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
                        return -1;
        }
 
+       if (params->freq.edmg.channels && params->freq.edmg.bw_config) {
+               wpa_printf(MSG_DEBUG,
+                          "  * EDMG configuration: channels=0x%x bw_config=%d",
+                          params->freq.edmg.channels,
+                          params->freq.edmg.bw_config);
+               if (nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_CHANNELS,
+                              params->freq.edmg.channels) ||
+                   nla_put_u8(msg, NL80211_ATTR_WIPHY_EDMG_BW_CONFIG,
+                              params->freq.edmg.bw_config))
+                       return -1;
+       }
+
        if (params->bg_scan_period >= 0) {
                wpa_printf(MSG_DEBUG, "  * bg scan period=%d",
                           params->bg_scan_period);
@@ -5603,7 +5748,7 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
                        return -1;
        }
 
-       if (params->req_key_mgmt_offload &&
+       if (params->req_handshake_offload &&
            (drv->capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) {
                    wpa_printf(MSG_DEBUG, "  * WANT_1X_4WAY_HS");
                    if (nla_put_flag(msg, NL80211_ATTR_WANT_1X_4WAY_HS))
@@ -5665,7 +5810,8 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
            nl80211_put_fils_connect_params(drv, params, msg) != 0)
                return -1;
 
-       if ((params->auth_alg & WPA_AUTH_ALG_SAE) &&
+       if ((params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
+            params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) &&
            (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) &&
            nla_put_flag(msg, NL80211_ATTR_EXTERNAL_AUTH_SUPPORT))
                return -1;
@@ -5677,7 +5823,7 @@ static int nl80211_connect_common(struct wpa_driver_nl80211_data *drv,
 static int wpa_driver_nl80211_try_connect(
        struct wpa_driver_nl80211_data *drv,
        struct wpa_driver_associate_params *params,
-       struct nl_handle *nl_connect)
+       struct nl_sock *nl_connect)
 {
        struct nl_msg *msg;
        enum nl80211_auth_type type;
@@ -5768,7 +5914,7 @@ fail:
 static int wpa_driver_nl80211_connect(
        struct wpa_driver_nl80211_data *drv,
        struct wpa_driver_associate_params *params,
-       struct nl_handle *nl_connect)
+       struct nl_sock *nl_connect)
 {
        int ret;
 
@@ -5816,11 +5962,12 @@ static int wpa_driver_nl80211_associate(
        if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
                enum nl80211_iftype nlmode = params->p2p ?
                        NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION;
-               struct nl_handle *nl_connect = NULL;
+               struct nl_sock *nl_connect = NULL;
 
                if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0)
                        return -1;
-               if (params->auth_alg & WPA_AUTH_ALG_SAE) {
+               if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE ||
+                   params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) {
                        nl_connect = bss->nl_connect;
                        bss->use_nl_connect = 1;
                } else {
@@ -6264,6 +6411,36 @@ static int i802_flush(void *priv)
 }
 
 
+static void get_sta_tid_stats(struct hostap_sta_driver_data *data,
+                             struct nlattr *attr)
+{
+       struct nlattr *tid_stats[NL80211_TID_STATS_MAX + 1], *tidattr;
+       struct nlattr *txq_stats[NL80211_TXQ_STATS_MAX + 1];
+       static struct nla_policy txq_stats_policy[NL80211_TXQ_STATS_MAX + 1] = {
+               [NL80211_TXQ_STATS_BACKLOG_BYTES] = { .type = NLA_U32 },
+               [NL80211_TXQ_STATS_BACKLOG_PACKETS] = { .type = NLA_U32 },
+       };
+       int rem;
+
+       nla_for_each_nested(tidattr, attr, rem) {
+               if (nla_parse_nested(tid_stats, NL80211_TID_STATS_MAX,
+                                    tidattr, NULL) != 0 ||
+                   !tid_stats[NL80211_TID_STATS_TXQ_STATS] ||
+                   nla_parse_nested(txq_stats, NL80211_TXQ_STATS_MAX,
+                                    tid_stats[NL80211_TID_STATS_TXQ_STATS],
+                                    txq_stats_policy) != 0)
+                       continue;
+               /* sum the backlogs over all TIDs for station */
+               if (txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES])
+                       data->backlog_bytes += nla_get_u32(
+                               txq_stats[NL80211_TXQ_STATS_BACKLOG_BYTES]);
+               if (txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS])
+                       data->backlog_bytes += nla_get_u32(
+                               txq_stats[NL80211_TXQ_STATS_BACKLOG_PACKETS]);
+       }
+}
+
+
 static int get_sta_handler(struct nl_msg *msg, void *arg)
 {
        struct nlattr *tb[NL80211_ATTR_MAX + 1];
@@ -6281,6 +6458,8 @@ static int get_sta_handler(struct nl_msg *msg, void *arg)
                [NL80211_STA_INFO_TX_BYTES64] = { .type = NLA_U64 },
                [NL80211_STA_INFO_SIGNAL] = { .type = NLA_U8 },
                [NL80211_STA_INFO_ACK_SIGNAL] = { .type = NLA_U8 },
+               [NL80211_STA_INFO_RX_DURATION] = { .type = NLA_U64 },
+               [NL80211_STA_INFO_TX_DURATION] = { .type = NLA_U64 },
        };
        struct nlattr *rate[NL80211_RATE_INFO_MAX + 1];
        static struct nla_policy rate_policy[NL80211_RATE_INFO_MAX + 1] = {
@@ -6338,6 +6517,12 @@ static int get_sta_handler(struct nl_msg *msg, void *arg)
        if (stats[NL80211_STA_INFO_TX_PACKETS])
                data->tx_packets =
                        nla_get_u32(stats[NL80211_STA_INFO_TX_PACKETS]);
+       if (stats[NL80211_STA_INFO_RX_DURATION])
+               data->rx_airtime =
+                       nla_get_u64(stats[NL80211_STA_INFO_RX_DURATION]);
+       if (stats[NL80211_STA_INFO_TX_DURATION])
+               data->tx_airtime =
+                       nla_get_u64(stats[NL80211_STA_INFO_TX_DURATION]);
        if (stats[NL80211_STA_INFO_TX_FAILED])
                data->tx_retry_failed =
                        nla_get_u32(stats[NL80211_STA_INFO_TX_FAILED]);
@@ -6408,6 +6593,9 @@ static int get_sta_handler(struct nl_msg *msg, void *arg)
                }
        }
 
+       if (stats[NL80211_STA_INFO_TID_STATS])
+               get_sta_tid_stats(data, stats[NL80211_STA_INFO_TID_STATS]);
+
        return NL_SKIP;
 }
 
@@ -6506,6 +6694,8 @@ static int i802_set_sta_vlan(struct i802_bss *bss, const u8 *addr,
                   MAC2STR(addr), ifname, if_nametoindex(ifname), vlan_id);
        if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_SET_STATION)) ||
            nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
+           ((drv->capa.flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD) &&
+            nla_put_u16(msg, NL80211_ATTR_VLAN_ID, vlan_id)) ||
            nla_put_u32(msg, NL80211_ATTR_STA_VLAN, if_nametoindex(ifname))) {
                nlmsg_free(msg);
                return -ENOBUFS;
@@ -6548,7 +6738,7 @@ static int i802_sta_clear_stats(void *priv, const u8 *addr)
 
 
 static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
-                          int reason)
+                          u16 reason)
 {
        struct i802_bss *bss = priv;
        struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -6578,12 +6768,12 @@ static int i802_sta_deauth(void *priv, const u8 *own_addr, const u8 *addr,
        return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
                                            IEEE80211_HDRLEN +
                                            sizeof(mgmt.u.deauth), 0, 0, 0, 0,
-                                           0, NULL, 0);
+                                           0, NULL, 0, 0);
 }
 
 
 static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
-                            int reason)
+                            u16 reason)
 {
        struct i802_bss *bss = priv;
        struct wpa_driver_nl80211_data *drv = bss->drv;
@@ -6605,7 +6795,7 @@ static int i802_sta_disassoc(void *priv, const u8 *own_addr, const u8 *addr,
        return wpa_driver_nl80211_send_mlme(bss, (u8 *) &mgmt,
                                            IEEE80211_HDRLEN +
                                            sizeof(mgmt.u.disassoc), 0, 0, 0, 0,
-                                           0, NULL, 0);
+                                           0, NULL, 0, 0);
 }
 
 
@@ -6618,11 +6808,11 @@ static void dump_ifidx(struct wpa_driver_nl80211_data *drv)
        end = pos + sizeof(buf);
 
        for (i = 0; i < drv->num_if_indices; i++) {
-               if (!drv->if_indices[i])
+               if (!drv->if_indices[i].ifindex)
                        continue;
                res = os_snprintf(pos, end - pos, " %d(%d)",
-                                 drv->if_indices[i],
-                                 drv->if_indices_reason[i]);
+                                 drv->if_indices[i].ifindex,
+                                 drv->if_indices[i].reason);
                if (os_snprintf_error(end - pos, res))
                        break;
                pos += res;
@@ -6638,7 +6828,7 @@ static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
                      int ifidx_reason)
 {
        int i;
-       int *old, *old_reason;
+       struct drv_nl80211_if_info *old;
 
        wpa_printf(MSG_DEBUG,
                   "nl80211: Add own interface ifindex %d (ifidx_reason %d)",
@@ -6649,9 +6839,9 @@ static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
                return;
        }
        for (i = 0; i < drv->num_if_indices; i++) {
-               if (drv->if_indices[i] == 0) {
-                       drv->if_indices[i] = ifidx;
-                       drv->if_indices_reason[i] = ifidx_reason;
+               if (drv->if_indices[i].ifindex == 0) {
+                       drv->if_indices[i].ifindex = ifidx;
+                       drv->if_indices[i].reason = ifidx_reason;
                        dump_ifidx(drv);
                        return;
                }
@@ -6662,29 +6852,13 @@ static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
        else
                old = NULL;
 
-       if (drv->if_indices_reason != drv->default_if_indices_reason)
-               old_reason = drv->if_indices_reason;
-       else
-               old_reason = NULL;
-
        drv->if_indices = os_realloc_array(old, drv->num_if_indices + 1,
-                                          sizeof(int));
-       drv->if_indices_reason = os_realloc_array(old_reason,
-                                                 drv->num_if_indices + 1,
-                                                 sizeof(int));
+                                          sizeof(*old));
        if (!drv->if_indices) {
                if (!old)
                        drv->if_indices = drv->default_if_indices;
                else
                        drv->if_indices = old;
-       }
-       if (!drv->if_indices_reason) {
-               if (!old_reason)
-                       drv->if_indices_reason = drv->default_if_indices_reason;
-               else
-                       drv->if_indices_reason = old_reason;
-       }
-       if (!drv->if_indices || !drv->if_indices_reason) {
                wpa_printf(MSG_ERROR, "Failed to reallocate memory for "
                           "interfaces");
                wpa_printf(MSG_ERROR, "Ignoring EAPOL on interface %d", ifidx);
@@ -6693,12 +6867,8 @@ static void add_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
        if (!old)
                os_memcpy(drv->if_indices, drv->default_if_indices,
                          sizeof(drv->default_if_indices));
-       if (!old_reason)
-               os_memcpy(drv->if_indices_reason,
-                         drv->default_if_indices_reason,
-                         sizeof(drv->default_if_indices_reason));
-       drv->if_indices[drv->num_if_indices] = ifidx;
-       drv->if_indices_reason[drv->num_if_indices] = ifidx_reason;
+       drv->if_indices[drv->num_if_indices].ifindex = ifidx;
+       drv->if_indices[drv->num_if_indices].reason = ifidx_reason;
        drv->num_if_indices++;
        dump_ifidx(drv);
 }
@@ -6710,10 +6880,12 @@ static void del_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
        int i;
 
        for (i = 0; i < drv->num_if_indices; i++) {
-               if ((drv->if_indices[i] == ifidx || ifidx == IFIDX_ANY) &&
-                   (drv->if_indices_reason[i] == ifidx_reason ||
+               if ((drv->if_indices[i].ifindex == ifidx ||
+                    ifidx == IFIDX_ANY) &&
+                   (drv->if_indices[i].reason == ifidx_reason ||
                     ifidx_reason == IFIDX_ANY)) {
-                       drv->if_indices[i] = 0;
+                       drv->if_indices[i].ifindex = 0;
+                       drv->if_indices[i].reason = 0;
                        break;
                }
        }
@@ -6727,8 +6899,8 @@ static int have_ifidx(struct wpa_driver_nl80211_data *drv, int ifidx,
        int i;
 
        for (i = 0; i < drv->num_if_indices; i++)
-               if (drv->if_indices[i] == ifidx &&
-                   (drv->if_indices_reason[i] == ifidx_reason ||
+               if (drv->if_indices[i].ifindex == ifidx &&
+                   (drv->if_indices[i].reason == ifidx_reason ||
                     ifidx_reason == IFIDX_ANY))
                        return 1;
 
@@ -6871,10 +7043,14 @@ static int i802_check_bridge(struct wpa_driver_nl80211_data *drv,
        wpa_printf(MSG_DEBUG, "nl80211: Adding interface %s into bridge %s",
                   ifname, brname);
        if (linux_br_add_if(drv->global->ioctl_sock, brname, ifname) < 0) {
-               wpa_printf(MSG_ERROR, "nl80211: Failed to add interface %s "
-                          "into bridge %s: %s",
+               wpa_printf(MSG_WARNING,
+                          "nl80211: Failed to add interface %s into bridge %s: %s",
                           ifname, brname, strerror(errno));
-               return -1;
+               /* Try to continue without the interface being in a bridge. This
+                * may be needed for some cases, e.g., with Open vSwitch, where
+                * an external component will need to handle bridge
+                * configuration. */
+               return 0;
        }
        bss->added_if_into_bridge = 1;
 
@@ -6952,15 +7128,18 @@ static void *i802_init(struct hostapd_data *hapd,
 
 #ifdef CONFIG_LIBNL3_ROUTE
        if (bss->added_if_into_bridge || bss->already_in_bridge) {
+               int err;
+
                drv->rtnl_sk = nl_socket_alloc();
                if (drv->rtnl_sk == NULL) {
                        wpa_printf(MSG_ERROR, "nl80211: Failed to allocate nl_sock");
                        goto failed;
                }
 
-               if (nl_connect(drv->rtnl_sk, NETLINK_ROUTE)) {
+               err = nl_connect(drv->rtnl_sk, NETLINK_ROUTE);
+               if (err) {
                        wpa_printf(MSG_ERROR, "nl80211: Failed to connect nl_sock to NETLINK_ROUTE: %s",
-                                  strerror(errno));
+                                  nl_geterror(err));
                        goto failed;
                }
        }
@@ -7334,7 +7513,7 @@ static int cookie_handler(struct nl_msg *msg, void *arg)
 static int nl80211_send_frame_cmd(struct i802_bss *bss,
                                  unsigned int freq, unsigned int wait,
                                  const u8 *buf, size_t buf_len,
-                                 u64 *cookie_out, int no_cck, int no_ack,
+                                 int save_cookie, int no_cck, int no_ack,
                                  int offchanok, const u16 *csa_offs,
                                  size_t csa_offs_len)
 {
@@ -7373,22 +7552,22 @@ static int nl80211_send_frame_cmd(struct i802_bss *bss,
                           "cookie 0x%llx", no_ack ? " (no ACK)" : "",
                           (long long unsigned int) cookie);
 
-               if (cookie_out)
-                       *cookie_out = no_ack ? (u64) -1 : cookie;
+               if (save_cookie)
+                       drv->send_frame_cookie = no_ack ? (u64) -1 : cookie;
 
-               if (drv->num_send_action_cookies == MAX_SEND_ACTION_COOKIES) {
+               if (drv->num_send_frame_cookies == MAX_SEND_FRAME_COOKIES) {
                        wpa_printf(MSG_DEBUG,
-                                  "nl80211: Drop oldest pending send action cookie 0x%llx",
+                                  "nl80211: Drop oldest pending send frame cookie 0x%llx",
                                   (long long unsigned int)
-                                  drv->send_action_cookies[0]);
-                       os_memmove(&drv->send_action_cookies[0],
-                                  &drv->send_action_cookies[1],
-                                  (MAX_SEND_ACTION_COOKIES - 1) *
+                                  drv->send_frame_cookies[0]);
+                       os_memmove(&drv->send_frame_cookies[0],
+                                  &drv->send_frame_cookies[1],
+                                  (MAX_SEND_FRAME_COOKIES - 1) *
                                   sizeof(u64));
-                       drv->num_send_action_cookies--;
+                       drv->num_send_frame_cookies--;
                }
-               drv->send_action_cookies[drv->num_send_action_cookies] = cookie;
-               drv->num_send_action_cookies++;
+               drv->send_frame_cookies[drv->num_send_frame_cookies] = cookie;
+               drv->num_send_frame_cookies++;
        }
 
 fail:
@@ -7409,10 +7588,14 @@ static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
        int ret = -1;
        u8 *buf;
        struct ieee80211_hdr *hdr;
+       int offchanok = 1;
+
+       if (is_ap_interface(drv->nlmode) && (int) freq == bss->freq)
+               offchanok = 0;
 
        wpa_printf(MSG_DEBUG, "nl80211: Send Action frame (ifindex=%d, "
-                  "freq=%u MHz wait=%d ms no_cck=%d)",
-                  drv->ifindex, freq, wait_time, no_cck);
+                  "freq=%u MHz wait=%d ms no_cck=%d offchanok=%d)",
+                  drv->ifindex, freq, wait_time, no_cck, offchanok);
 
        buf = os_zalloc(24 + data_len);
        if (buf == NULL)
@@ -7438,13 +7621,12 @@ static int wpa_driver_nl80211_send_action(struct i802_bss *bss,
             (int) freq == bss->freq || drv->device_ap_sme ||
             !drv->use_monitor))
                ret = wpa_driver_nl80211_send_mlme(bss, buf, 24 + data_len,
-                                                  0, freq, no_cck, 1,
-                                                  wait_time, NULL, 0);
+                                                  0, freq, no_cck, offchanok,
+                                                  wait_time, NULL, 0, 0);
        else
                ret = nl80211_send_frame_cmd(bss, freq, wait_time, buf,
                                             24 + data_len,
-                                            &drv->send_action_cookie,
-                                            no_cck, 0, 1, NULL, 0);
+                                            1, no_cck, 0, offchanok, NULL, 0);
 
        os_free(buf);
        return ret;
@@ -7480,19 +7662,19 @@ static void wpa_driver_nl80211_send_action_cancel_wait(void *priv)
        u64 cookie;
 
        /* Cancel the last pending TX cookie */
-       nl80211_frame_wait_cancel(bss, drv->send_action_cookie);
+       nl80211_frame_wait_cancel(bss, drv->send_frame_cookie);
 
        /*
         * Cancel the other pending TX cookies, if any. This is needed since
         * the driver may keep a list of all pending offchannel TX operations
         * and free up the radio only once they have expired or cancelled.
         */
-       for (i = drv->num_send_action_cookies; i > 0; i--) {
-               cookie = drv->send_action_cookies[i - 1];
-               if (cookie != drv->send_action_cookie)
+       for (i = drv->num_send_frame_cookies; i > 0; i--) {
+               cookie = drv->send_frame_cookies[i - 1];
+               if (cookie != drv->send_frame_cookie)
                        nl80211_frame_wait_cancel(bss, cookie);
        }
-       drv->num_send_action_cookies = 0;
+       drv->num_send_frame_cookies = 0;
 }
 
 
@@ -7812,15 +7994,6 @@ static int nl80211_signal_poll(void *priv, struct wpa_signal_info *si)
 }
 
 
-static int nl80211_send_frame(void *priv, const u8 *data, size_t data_len,
-                             int encrypt)
-{
-       struct i802_bss *bss = priv;
-       return wpa_driver_nl80211_send_frame(bss, data, data_len, encrypt, 0,
-                                            0, 0, 0, 0, NULL, 0);
-}
-
-
 static int nl80211_set_param(void *priv, const char *param)
 {
        struct i802_bss *bss = priv;
@@ -7855,6 +8028,9 @@ static int nl80211_set_param(void *priv, const char *param)
                drv->test_use_roc_tx = 1;
        }
 
+       if (os_strstr(param, "control_port=0"))
+               drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT;
+
        return 0;
 }
 
@@ -8275,7 +8451,7 @@ static void nl80211_send_null_frame(struct i802_bss *bss, const u8 *own_addr,
        os_memcpy(nulldata.hdr.IEEE80211_SA_FROMDS, own_addr, ETH_ALEN);
 
        if (wpa_driver_nl80211_send_mlme(bss, (u8 *) &nulldata, size, 0, 0, 0,
-                                        0, 0, NULL, 0) < 0)
+                                        0, 0, NULL, 0, 0) < 0)
                wpa_printf(MSG_DEBUG, "nl80211_send_null_frame: Failed to "
                           "send poll frame");
 }
@@ -8370,8 +8546,8 @@ static int nl80211_start_radar_detection(void *priv,
        struct nl_msg *msg;
        int ret;
 
-       wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
-                  freq->freq, freq->ht_enabled, freq->vht_enabled,
+       wpa_printf(MSG_DEBUG, "nl80211: Start radar detection (CAC) %d MHz (ht_enabled=%d, vht_enabled=%d, he_enabled=%d, bandwidth=%d MHz, cf1=%d MHz, cf2=%d MHz)",
+                  freq->freq, freq->ht_enabled, freq->vht_enabled, freq->he_enabled,
                   freq->bandwidth, freq->center_freq1, freq->center_freq2);
 
        if (!(drv->capa.flags & WPA_DRIVER_FLAGS_RADAR)) {
@@ -8549,15 +8725,12 @@ nl80211_tdls_disable_channel_switch(void *priv, const u8 *addr)
 #endif /* CONFIG TDLS */
 
 
-static int driver_nl80211_set_key(const char *ifname, void *priv,
-                                 enum wpa_alg alg, const u8 *addr,
-                                 int key_idx, int set_tx,
-                                 const u8 *seq, size_t seq_len,
-                                 const u8 *key, size_t key_len)
+static int driver_nl80211_set_key(void *priv,
+                                 struct wpa_driver_set_key_params *params)
 {
        struct i802_bss *bss = priv;
-       return wpa_driver_nl80211_set_key(ifname, bss, alg, addr, key_idx,
-                                         set_tx, seq, seq_len, key, key_len);
+
+       return wpa_driver_nl80211_set_key(bss, params);
 }
 
 
@@ -8583,7 +8756,7 @@ static int driver_nl80211_scan2(void *priv,
 
 
 static int driver_nl80211_deauthenticate(void *priv, const u8 *addr,
-                                        int reason_code)
+                                        u16 reason_code)
 {
        struct i802_bss *bss = priv;
        return wpa_driver_nl80211_deauthenticate(bss, addr, reason_code);
@@ -8616,12 +8789,13 @@ static int driver_nl80211_if_remove(void *priv, enum wpa_driver_if_type type,
 static int driver_nl80211_send_mlme(void *priv, const u8 *data,
                                    size_t data_len, int noack,
                                    unsigned int freq,
-                                   const u16 *csa_offs, size_t csa_offs_len)
+                                   const u16 *csa_offs, size_t csa_offs_len,
+                                   int no_encrypt)
 {
        struct i802_bss *bss = priv;
        return wpa_driver_nl80211_send_mlme(bss, data, data_len, noack,
                                            freq, 0, 0, 0, csa_offs,
-                                           csa_offs_len);
+                                           csa_offs_len, no_encrypt);
 }
 
 
@@ -8698,6 +8872,35 @@ static int wpa_driver_nl80211_update_ft_ies(void *priv, const u8 *md,
 }
 
 
+static int nl80211_update_dh_ie(void *priv, const u8 *peer_mac,
+                               u16 reason_code, const u8 *ie, size_t ie_len)
+{
+       int ret;
+       struct nl_msg *msg;
+       struct i802_bss *bss = priv;
+       struct wpa_driver_nl80211_data *drv = bss->drv;
+
+       wpa_printf(MSG_DEBUG, "nl80211: Updating DH IE peer: " MACSTR
+                  " reason %u", MAC2STR(peer_mac), reason_code);
+       if (!(msg = nl80211_bss_msg(bss, 0, NL80211_CMD_UPDATE_OWE_INFO)) ||
+           nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, peer_mac) ||
+           nla_put_u16(msg, NL80211_ATTR_STATUS_CODE, reason_code) ||
+           (ie && nla_put(msg, NL80211_ATTR_IE, ie_len, ie))) {
+               nlmsg_free(msg);
+               return -ENOBUFS;
+       }
+
+       ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+       if (ret) {
+               wpa_printf(MSG_DEBUG,
+                          "nl80211: update_dh_ie failed err=%d (%s)",
+                          ret, strerror(-ret));
+       }
+
+       return ret;
+}
+
+
 static const u8 * wpa_driver_nl80211_get_macaddr(void *priv)
 {
        struct i802_bss *bss = priv;
@@ -9243,6 +9446,46 @@ static int nl80211_set_qos_map(void *priv, const u8 *qos_map_set,
 }
 
 
+static int get_wowlan_handler(struct nl_msg *msg, void *arg)
+{
+       struct nlattr *tb[NL80211_ATTR_MAX + 1];
+       struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
+       int *wowlan_enabled = arg;
+
+       nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
+                 genlmsg_attrlen(gnlh, 0), NULL);
+
+       *wowlan_enabled = !!tb[NL80211_ATTR_WOWLAN_TRIGGERS];
+
+       return NL_SKIP;
+}
+
+
+static int nl80211_get_wowlan(void *priv)
+{
+       struct i802_bss *bss = priv;
+       struct wpa_driver_nl80211_data *drv = bss->drv;
+       struct nl_msg *msg;
+       int wowlan_enabled;
+       int ret;
+
+       wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status");
+
+       msg = nl80211_drv_msg(drv, 0, NL80211_CMD_GET_WOWLAN);
+
+       ret = send_and_recv_msgs(drv, msg, get_wowlan_handler, &wowlan_enabled);
+       if (ret) {
+               wpa_printf(MSG_DEBUG, "nl80211: Getting wowlan status failed");
+               return 0;
+       }
+
+       wpa_printf(MSG_DEBUG, "nl80211: wowlan is %s",
+                  wowlan_enabled ? "enabled" : "disabled");
+
+       return wowlan_enabled;
+}
+
+
 static int nl80211_set_wowlan(void *priv,
                              const struct wowlan_triggers *triggers)
 {
@@ -9372,7 +9615,7 @@ static int nl80211_set_bssid_blacklist(void *priv, unsigned int num_bssid,
                        QCA_NL80211_VENDOR_SUBCMD_ROAM) ||
            !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
            nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_SUBCMD,
-                       QCA_WLAN_VENDOR_ATTR_ROAM_SUBCMD_SET_BLACKLIST_BSSID) ||
+                       QCA_WLAN_VENDOR_ROAMING_SUBCMD_SET_BLACKLIST_BSSID) ||
            nla_put_u32(msg, QCA_WLAN_VENDOR_ATTR_ROAMING_REQ_ID,
                        WPA_SUPPLICANT_CLIENT_ID) ||
            nla_put_u32(msg,
@@ -9407,6 +9650,40 @@ fail:
        return -1;
 }
 
+
+static int nl80211_add_sta_node(void *priv, const u8 *addr, u16 auth_alg)
+{
+       struct i802_bss *bss = priv;
+       struct wpa_driver_nl80211_data *drv = bss->drv;
+       struct nl_msg *msg;
+       struct nlattr *params;
+
+       if (!drv->add_sta_node_vendor_cmd_avail)
+               return -EOPNOTSUPP;
+
+       wpa_printf(MSG_DEBUG, "nl80211: Add STA node");
+
+       if (!(msg = nl80211_drv_msg(drv, 0, NL80211_CMD_VENDOR)) ||
+           nla_put_u32(msg, NL80211_ATTR_VENDOR_ID, OUI_QCA) ||
+           nla_put_u32(msg, NL80211_ATTR_VENDOR_SUBCMD,
+                       QCA_NL80211_VENDOR_SUBCMD_ADD_STA_NODE) ||
+           !(params = nla_nest_start(msg, NL80211_ATTR_VENDOR_DATA)) ||
+           (addr &&
+            nla_put(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_MAC_ADDR, ETH_ALEN,
+                    addr)) ||
+           nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ADD_STA_NODE_AUTH_ALGO,
+                       auth_alg)) {
+               nlmsg_free(msg);
+               wpa_printf(MSG_ERROR,
+                          "%s: err in adding vendor_cmd and vendor_data",
+                          __func__);
+               return -1;
+       }
+       nla_nest_end(msg, params);
+
+       return send_and_recv_msgs(drv, msg, NULL, NULL);
+}
+
 #endif /* CONFIG_DRIVER_NL80211_QCA */
 
 
@@ -9646,6 +9923,36 @@ static int wpa_driver_nl80211_leave_mesh(void *priv)
        return ret;
 }
 
+
+static int nl80211_probe_mesh_link(void *priv, const u8 *addr, const u8 *eth,
+                                  size_t len)
+{
+       struct i802_bss *bss = priv;
+       struct wpa_driver_nl80211_data *drv = bss->drv;
+       struct nl_msg *msg;
+       int ret;
+
+       msg = nl80211_drv_msg(drv, 0, NL80211_CMD_PROBE_MESH_LINK);
+       if (!msg ||
+           nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, addr) ||
+           nla_put(msg, NL80211_ATTR_FRAME, len, eth)) {
+               nlmsg_free(msg);
+               return -ENOBUFS;
+       }
+
+       ret = send_and_recv_msgs(drv, msg, NULL, NULL);
+       if (ret) {
+               wpa_printf(MSG_DEBUG, "nl80211: mesh link probe to " MACSTR
+                          " failed: ret=%d (%s)",
+                          MAC2STR(addr), ret, strerror(-ret));
+       } else {
+               wpa_printf(MSG_DEBUG, "nl80211: Mesh link to " MACSTR
+                          " probed successfully", MAC2STR(addr));
+       }
+
+       return ret;
+}
+
 #endif /* CONFIG_MESH */
 
 
@@ -9722,7 +10029,7 @@ static int wpa_driver_br_add_ip_neigh(void *priv, u8 version,
        if (res) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Adding bridge ip neigh failed: %s",
-                          strerror(errno));
+                          nl_geterror(res));
        }
 errout:
        if (nl_lladdr)
@@ -9798,7 +10105,7 @@ static int wpa_driver_br_delete_ip_neigh(void *priv, u8 version,
        if (res) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Deleting bridge ip neigh failed: %s",
-                          strerror(errno));
+                          nl_geterror(res));
        }
 errout:
        if (nl_ipaddr)
@@ -9942,6 +10249,48 @@ static int hw_mode_to_qca_acs(enum hostapd_hw_mode hw_mode)
 }
 
 
+static int add_acs_ch_list(struct nl_msg *msg, const int *freq_list)
+{
+       int num_channels = 0, num_freqs;
+       u8 *ch_list;
+       enum hostapd_hw_mode hw_mode;
+       int ret = 0;
+       int i;
+
+       if (!freq_list)
+               return 0;
+
+       num_freqs = int_array_len(freq_list);
+       ch_list = os_malloc(sizeof(u8) * num_freqs);
+       if (!ch_list)
+               return -1;
+
+       for (i = 0; i < num_freqs; i++) {
+               const int freq = freq_list[i];
+
+               if (freq == 0)
+                       break;
+               /* Send 2.4 GHz and 5 GHz channels with
+                * QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST to maintain backwards
+                * compatibility.
+                */
+               if (!(freq >= 2412 && freq <= 2484) &&
+                   !(freq >= 5180 && freq <= 5900))
+                       continue;
+               hw_mode = ieee80211_freq_to_chan(freq, &ch_list[num_channels]);
+               if (hw_mode != NUM_HOSTAPD_MODES)
+                       num_channels++;
+       }
+
+       if (num_channels)
+               ret = nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST,
+                             num_channels, ch_list);
+
+       os_free(ch_list);
+       return ret;
+}
+
+
 static int add_acs_freq_list(struct nl_msg *msg, const int *freq_list)
 {
        int i, len, ret;
@@ -9989,9 +10338,7 @@ static int wpa_driver_do_acs(void *priv, struct drv_acs_params *params)
             nla_put_flag(msg, QCA_WLAN_VENDOR_ATTR_ACS_VHT_ENABLED)) ||
            nla_put_u16(msg, QCA_WLAN_VENDOR_ATTR_ACS_CHWIDTH,
                        params->ch_width) ||
-           (params->ch_list_len &&
-            nla_put(msg, QCA_WLAN_VENDOR_ATTR_ACS_CH_LIST, params->ch_list_len,
-                    params->ch_list)) ||
+           add_acs_ch_list(msg, params->freq_list) ||
            add_acs_freq_list(msg, params->freq_list)) {
                nlmsg_free(msg);
                return -ENOBUFS;
@@ -9999,15 +10346,15 @@ static int wpa_driver_do_acs(void *priv, struct drv_acs_params *params)
        nla_nest_end(msg, data);
 
        wpa_printf(MSG_DEBUG,
-                  "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d CH_LIST_LEN: %u",
+                  "nl80211: ACS Params: HW_MODE: %d HT: %d HT40: %d VHT: %d BW: %d",
                   params->hw_mode, params->ht_enabled, params->ht40_enabled,
-                  params->vht_enabled, params->ch_width, params->ch_list_len);
+                  params->vht_enabled, params->ch_width);
 
        ret = send_and_recv_msgs(drv, msg, NULL, NULL);
        if (ret) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Failed to invoke driver ACS function: %s",
-                          strerror(errno));
+                          strerror(-ret));
        }
        return ret;
 }
@@ -10054,7 +10401,7 @@ static int nl80211_set_band(void *priv, enum set_band band)
        if (ret) {
                wpa_printf(MSG_DEBUG,
                           "nl80211: Driver setband function failed: %s",
-                          strerror(errno));
+                          strerror(-ret));
        }
        return ret;
 }
@@ -10634,22 +10981,37 @@ static int nl80211_write_to_file(const char *name, unsigned int val)
 {
        int fd, len;
        char tmp[128];
+       int ret = 0;
 
        fd = open(name, O_RDWR);
        if (fd < 0) {
-               wpa_printf(MSG_ERROR, "nl80211: Failed to open %s: %s",
+               int level;
+               /*
+                * Flags may not exist on older kernels, or while we're tearing
+                * down a disappearing device.
+                */
+               if (errno == ENOENT) {
+                       ret = 0;
+                       level = MSG_DEBUG;
+               } else {
+                       ret = -1;
+                       level = MSG_ERROR;
+               }
+               wpa_printf(level, "nl80211: Failed to open %s: %s",
                           name, strerror(errno));
-               return fd;
+               return ret;
        }
 
        len = os_snprintf(tmp, sizeof(tmp), "%u\n", val);
        len = write(fd, tmp, len);
-       if (len < 0)
+       if (len < 0) {
+               ret = -1;
                wpa_printf(MSG_ERROR, "nl80211: Failed to write to %s: %s",
                           name, strerror(errno));
+       }
        close(fd);
 
-       return 0;
+       return ret;
 }
 
 
@@ -10764,6 +11126,14 @@ static int nl80211_update_connection_params(
        int ret = -1;
        enum nl80211_auth_type type;
 
+       /* Update Connection Params is intended for drivers that implement
+        * internal SME and expect these updated connection params from
+        * wpa_supplicant. Do not send this request for the drivers using
+        * SME from wpa_supplicant.
+        */
+       if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
+               return 0;
+
        msg = nl80211_drv_msg(drv, 0, NL80211_CMD_UPDATE_CONNECT_PARAMS);
        if (!msg)
                goto fail;
@@ -10813,11 +11183,11 @@ static int nl80211_send_external_auth_status(void *priv,
        int ret = -1;
 
        /* External auth command/status is intended for drivers that implement
-        * intenral SME but want to offload authentication processing (e.g.,
-        * SAE) to hostapd/wpa_supplicant. Do nott send the status to drivers
+        * internal SME but want to offload authentication processing (e.g.,
+        * SAE) to hostapd/wpa_supplicant. Do not send the status to drivers
         * which do not support AP SME or use wpa_supplicant/hostapd SME.
         */
-       if (!bss->drv->device_ap_sme ||
+       if ((is_ap_interface(drv->nlmode) && !bss->drv->device_ap_sme) ||
            (drv->capa.flags & WPA_DRIVER_FLAGS_SME))
                return -1;
 
@@ -10922,8 +11292,10 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
        .get_hw_feature_data = nl80211_get_hw_feature_data,
        .sta_add = wpa_driver_nl80211_sta_add,
        .sta_remove = driver_nl80211_sta_remove,
+       .tx_control_port = nl80211_tx_control_port,
        .hapd_send_eapol = wpa_driver_nl80211_hapd_send_eapol,
        .sta_set_flags = wpa_driver_nl80211_sta_set_flags,
+       .sta_set_airtime_weight = driver_nl80211_sta_set_airtime_weight,
        .hapd_init = i802_init,
        .hapd_deinit = i802_deinit,
        .set_wds_sta = i802_set_wds_sta,
@@ -10951,7 +11323,6 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
        .signal_monitor = nl80211_signal_monitor,
        .signal_poll = nl80211_signal_poll,
        .channel_info = nl80211_channel_info,
-       .send_frame = nl80211_send_frame,
        .set_param = nl80211_set_param,
        .get_radio_name = nl80211_get_radio_name,
        .add_pmkid = nl80211_add_pmkid,
@@ -10969,6 +11340,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
        .tdls_disable_channel_switch = nl80211_tdls_disable_channel_switch,
 #endif /* CONFIG_TDLS */
        .update_ft_ies = wpa_driver_nl80211_update_ft_ies,
+       .update_dh_ie = nl80211_update_dh_ie,
        .get_mac_addr = wpa_driver_nl80211_get_macaddr,
        .get_survey = wpa_driver_nl80211_get_survey,
        .status = wpa_driver_nl80211_status,
@@ -10985,12 +11357,14 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
 #endif /* ANDROID */
        .vendor_cmd = nl80211_vendor_cmd,
        .set_qos_map = nl80211_set_qos_map,
+       .get_wowlan = nl80211_get_wowlan,
        .set_wowlan = nl80211_set_wowlan,
        .set_mac_addr = nl80211_set_mac_addr,
 #ifdef CONFIG_MESH
        .init_mesh = wpa_driver_nl80211_init_mesh,
        .join_mesh = wpa_driver_nl80211_join_mesh,
        .leave_mesh = wpa_driver_nl80211_leave_mesh,
+       .probe_mesh_link = nl80211_probe_mesh_link,
 #endif /* CONFIG_MESH */
        .br_add_ip_neigh = wpa_driver_br_add_ip_neigh,
        .br_delete_ip_neigh = wpa_driver_br_delete_ip_neigh,
@@ -11015,6 +11389,7 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
        .ignore_assoc_disallow = nl80211_ignore_assoc_disallow,
 #endif /* CONFIG_MBO */
        .set_bssid_blacklist = nl80211_set_bssid_blacklist,
+       .add_sta_node = nl80211_add_sta_node,
 #endif /* CONFIG_DRIVER_NL80211_QCA */
        .configure_data_frame_filters = nl80211_configure_data_frame_filters,
        .get_ext_capab = nl80211_get_ext_capab,