wpa_supplicant: Add 'SCAN TYPE=ONLY' functionality

[android-x86/external-wpa_supplicant_8.git] / wpa_supplicant / ctrl_iface.c
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c

index f35d262..8c186bd 100644 (file)
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -1,15 +1,9 @@
  /*
   * WPA Supplicant / Control interface (shared code for all backends)
- * Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2012, Jouni Malinen <j@w1.fi>
   *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- *
- * Alternatively, this software may be distributed under the terms of BSD
- * license.
- *
- * See README and COPYING for more details.
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
   */
  
  #include "utils/includes.h"
@@ -18,6 +12,7 @@
  #include "utils/eloop.h"
  #include "common/version.h"
  #include "common/ieee802_11_defs.h"
+#include "common/ieee802_11_common.h"
  #include "common/wpa_ctrl.h"
  #include "eap_peer/eap.h"
  #include "eapol_supp/eapol_supp_sm.h"
@@ -34,11 +29,16 @@
  #include "ap.h"
  #include "p2p_supplicant.h"
  #include "p2p/p2p.h"
+#include "hs20_supplicant.h"
+#include "wifi_display.h"
  #include "notify.h"
  #include "bss.h"
  #include "scan.h"
  #include "ctrl_iface.h"
+#include "interworking.h"
  #include "blacklist.h"
+#include "autoscan.h"
+#include "wnm_sta.h"
  
  extern struct wpa_driver_ops *wpa_drivers[];
  
@@ -48,6 +48,249 @@ static int wpa_supplicant_global_iface_interfaces(struct wpa_global *global,
                                                   char *buf, int len);
  
  
+static int pno_start(struct wpa_supplicant *wpa_s)
+{
+       int ret;
+       size_t i, num_ssid;
+       struct wpa_ssid *ssid;
+       struct wpa_driver_scan_params params;
+
+       if (wpa_s->pno)
+               return 0;
+
+       if (wpa_s->wpa_state == WPA_SCANNING) {
+               wpa_supplicant_cancel_sched_scan(wpa_s);
+               wpa_supplicant_cancel_scan(wpa_s);
+       }
+
+       os_memset(&params, 0, sizeof(params));
+
+       num_ssid = 0;
+       ssid = wpa_s->conf->ssid;
+       while (ssid) {
+               if (!wpas_network_disabled(wpa_s, ssid))
+                       num_ssid++;
+               ssid = ssid->next;
+       }
+       if (num_ssid > WPAS_MAX_SCAN_SSIDS) {
+               wpa_printf(MSG_DEBUG, "PNO: Use only the first %u SSIDs from "
+                          "%u", WPAS_MAX_SCAN_SSIDS, (unsigned int) num_ssid);
+               num_ssid = WPAS_MAX_SCAN_SSIDS;
+       }
+
+       if (num_ssid == 0) {
+               wpa_printf(MSG_DEBUG, "PNO: No configured SSIDs");
+               return -1;
+       }
+
+       params.filter_ssids = os_malloc(sizeof(struct wpa_driver_scan_filter) *
+                                       num_ssid);
+       if (params.filter_ssids == NULL)
+               return -1;
+       i = 0;
+       ssid = wpa_s->conf->ssid;
+       while (ssid) {
+               if (!wpas_network_disabled(wpa_s, ssid)) {
+                       params.ssids[i].ssid = ssid->ssid;
+                       params.ssids[i].ssid_len = ssid->ssid_len;
+                       params.num_ssids++;
+                       os_memcpy(params.filter_ssids[i].ssid, ssid->ssid,
+                                 ssid->ssid_len);
+                       params.filter_ssids[i].ssid_len = ssid->ssid_len;
+                       params.num_filter_ssids++;
+                       i++;
+                       if (i == num_ssid)
+                               break;
+               }
+               ssid = ssid->next;
+       }
+
+       if (wpa_s->conf->filter_rssi)
+               params.filter_rssi = wpa_s->conf->filter_rssi;
+
+       ret = wpa_drv_sched_scan(wpa_s, &params, 10 * 1000);
+       os_free(params.filter_ssids);
+       if (ret == 0)
+               wpa_s->pno = 1;
+       return ret;
+}
+
+
+static int pno_stop(struct wpa_supplicant *wpa_s)
+{
+       int ret = 0;
+
+       if (wpa_s->pno) {
+               wpa_s->pno = 0;
+               ret = wpa_drv_stop_sched_scan(wpa_s);
+       }
+
+       if (wpa_s->wpa_state == WPA_SCANNING)
+               wpa_supplicant_req_scan(wpa_s, 0, 0);
+
+       return ret;
+}
+
+
+static int set_bssid_filter(struct wpa_supplicant *wpa_s, char *val)
+{
+       char *pos;
+       u8 addr[ETH_ALEN], *filter = NULL, *n;
+       size_t count = 0;
+
+       pos = val;
+       while (pos) {
+               if (*pos == '\0')
+                       break;
+               if (hwaddr_aton(pos, addr)) {
+                       os_free(filter);
+                       return -1;
+               }
+               n = os_realloc_array(filter, count + 1, ETH_ALEN);
+               if (n == NULL) {
+                       os_free(filter);
+                       return -1;
+               }
+               filter = n;
+               os_memcpy(filter + count * ETH_ALEN, addr, ETH_ALEN);
+               count++;
+
+               pos = os_strchr(pos, ' ');
+               if (pos)
+                       pos++;
+       }
+
+       wpa_hexdump(MSG_DEBUG, "bssid_filter", filter, count * ETH_ALEN);
+       os_free(wpa_s->bssid_filter);
+       wpa_s->bssid_filter = filter;
+       wpa_s->bssid_filter_count = count;
+
+       return 0;
+}
+
+
+static int set_disallow_aps(struct wpa_supplicant *wpa_s, char *val)
+{
+       char *pos;
+       u8 addr[ETH_ALEN], *bssid = NULL, *n;
+       struct wpa_ssid_value *ssid = NULL, *ns;
+       size_t count = 0, ssid_count = 0;
+       struct wpa_ssid *c;
+
+       /*
+        * disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | \93\94
+        * SSID_SPEC ::= ssid <SSID_HEX>
+        * BSSID_SPEC ::= bssid <BSSID_HEX>
+        */
+
+       pos = val;
+       while (pos) {
+               if (*pos == '\0')
+                       break;
+               if (os_strncmp(pos, "bssid ", 6) == 0) {
+                       int res;
+                       pos += 6;
+                       res = hwaddr_aton2(pos, addr);
+                       if (res < 0) {
+                               os_free(ssid);
+                               os_free(bssid);
+                               wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
+                                          "BSSID value '%s'", pos);
+                               return -1;
+                       }
+                       pos += res;
+                       n = os_realloc_array(bssid, count + 1, ETH_ALEN);
+                       if (n == NULL) {
+                               os_free(ssid);
+                               os_free(bssid);
+                               return -1;
+                       }
+                       bssid = n;
+                       os_memcpy(bssid + count * ETH_ALEN, addr, ETH_ALEN);
+                       count++;
+               } else if (os_strncmp(pos, "ssid ", 5) == 0) {
+                       char *end;
+                       pos += 5;
+
+                       end = pos;
+                       while (*end) {
+                               if (*end == '\0' || *end == ' ')
+                                       break;
+                               end++;
+                       }
+
+                       ns = os_realloc_array(ssid, ssid_count + 1,
+                                             sizeof(struct wpa_ssid_value));
+                       if (ns == NULL) {
+                               os_free(ssid);
+                               os_free(bssid);
+                               return -1;
+                       }
+                       ssid = ns;
+
+                       if ((end - pos) & 0x01 || end - pos > 2 * 32 ||
+                           hexstr2bin(pos, ssid[ssid_count].ssid,
+                                      (end - pos) / 2) < 0) {
+                               os_free(ssid);
+                               os_free(bssid);
+                               wpa_printf(MSG_DEBUG, "Invalid disallow_aps "
+                                          "SSID value '%s'", pos);
+                               return -1;
+                       }
+                       ssid[ssid_count].ssid_len = (end - pos) / 2;
+                       wpa_hexdump_ascii(MSG_DEBUG, "disallow_aps SSID",
+                                         ssid[ssid_count].ssid,
+                                         ssid[ssid_count].ssid_len);
+                       ssid_count++;
+                       pos = end;
+               } else {
+                       wpa_printf(MSG_DEBUG, "Unexpected disallow_aps value "
+                                  "'%s'", pos);
+                       os_free(ssid);
+                       os_free(bssid);
+                       return -1;
+               }
+
+               pos = os_strchr(pos, ' ');
+               if (pos)
+                       pos++;
+       }
+
+       wpa_hexdump(MSG_DEBUG, "disallow_aps_bssid", bssid, count * ETH_ALEN);
+       os_free(wpa_s->disallow_aps_bssid);
+       wpa_s->disallow_aps_bssid = bssid;
+       wpa_s->disallow_aps_bssid_count = count;
+
+       wpa_printf(MSG_DEBUG, "disallow_aps_ssid_count %d", (int) ssid_count);
+       os_free(wpa_s->disallow_aps_ssid);
+       wpa_s->disallow_aps_ssid = ssid;
+       wpa_s->disallow_aps_ssid_count = ssid_count;
+
+       if (!wpa_s->current_ssid || wpa_s->wpa_state < WPA_AUTHENTICATING)
+               return 0;
+
+       c = wpa_s->current_ssid;
+       if (c->mode != WPAS_MODE_INFRA && c->mode != WPAS_MODE_IBSS)
+               return 0;
+
+       if (!disallowed_bssid(wpa_s, wpa_s->bssid) &&
+           !disallowed_ssid(wpa_s, c->ssid, c->ssid_len))
+               return 0;
+
+       wpa_printf(MSG_DEBUG, "Disconnect and try to find another network "
+                  "because current AP was marked disallowed");
+
+#ifdef CONFIG_SME
+       wpa_s->sme.prev_bssid_set = 0;
+#endif /* CONFIG_SME */
+       wpa_s->reassociate = 1;
+       wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+       wpa_supplicant_req_scan(wpa_s, 0, 0);
+
+       return 0;
+}
+
+
  static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
                                          char *cmd)
  {
@@ -126,6 +369,65 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
                         ret = -1;
                 wpa_tdls_enable(wpa_s->wpa, !disabled);
  #endif /* CONFIG_TDLS */
+       } else if (os_strcasecmp(cmd, "pno") == 0) {
+               if (atoi(value))
+                       ret = pno_start(wpa_s);
+               else
+                       ret = pno_stop(wpa_s);
+       } else if (os_strcasecmp(cmd, "radio_disabled") == 0) {
+               int disabled = atoi(value);
+               if (wpa_drv_radio_disable(wpa_s, disabled) < 0)
+                       ret = -1;
+               else if (disabled)
+                       wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
+       } else if (os_strcasecmp(cmd, "uapsd") == 0) {
+               if (os_strcmp(value, "disable") == 0)
+                       wpa_s->set_sta_uapsd = 0;
+               else {
+                       int be, bk, vi, vo;
+                       char *pos;
+                       /* format: BE,BK,VI,VO;max SP Length */
+                       be = atoi(value);
+                       pos = os_strchr(value, ',');
+                       if (pos == NULL)
+                               return -1;
+                       pos++;
+                       bk = atoi(pos);
+                       pos = os_strchr(pos, ',');
+                       if (pos == NULL)
+                               return -1;
+                       pos++;
+                       vi = atoi(pos);
+                       pos = os_strchr(pos, ',');
+                       if (pos == NULL)
+                               return -1;
+                       pos++;
+                       vo = atoi(pos);
+                       /* ignore max SP Length for now */
+
+                       wpa_s->set_sta_uapsd = 1;
+                       wpa_s->sta_uapsd = 0;
+                       if (be)
+                               wpa_s->sta_uapsd |= BIT(0);
+                       if (bk)
+                               wpa_s->sta_uapsd |= BIT(1);
+                       if (vi)
+                               wpa_s->sta_uapsd |= BIT(2);
+                       if (vo)
+                               wpa_s->sta_uapsd |= BIT(3);
+               }
+       } else if (os_strcasecmp(cmd, "ps") == 0) {
+               ret = wpa_drv_set_p2p_powersave(wpa_s, atoi(value), -1, -1);
+#ifdef CONFIG_WIFI_DISPLAY
+       } else if (os_strcasecmp(cmd, "wifi_display") == 0) {
+               wifi_display_enable(wpa_s->global, !!atoi(value));
+#endif /* CONFIG_WIFI_DISPLAY */
+       } else if (os_strcasecmp(cmd, "bssid_filter") == 0) {
+               ret = set_bssid_filter(wpa_s, value);
+       } else if (os_strcasecmp(cmd, "disallow_aps") == 0) {
+               ret = set_disallow_aps(wpa_s, value);
+       } else if (os_strcasecmp(cmd, "no_keep_alive") == 0) {
+               wpa_s->no_keep_alive = !!atoi(value);
         } else {
                 value[-1] = '=';
                 ret = wpa_config_process_global(wpa_s->conf, cmd, -1);
@@ -140,18 +442,30 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s,
  static int wpa_supplicant_ctrl_iface_get(struct wpa_supplicant *wpa_s,
                                          char *cmd, char *buf, size_t buflen)
  {
-       int res;
+       int res = -1;
  
         wpa_printf(MSG_DEBUG, "CTRL_IFACE GET '%s'", cmd);
  
         if (os_strcmp(cmd, "version") == 0) {
                 res = os_snprintf(buf, buflen, "%s", VERSION_STR);
+       } else if (os_strcasecmp(cmd, "country") == 0) {
+               if (wpa_s->conf->country[0] && wpa_s->conf->country[1])
+                       res = os_snprintf(buf, buflen, "%c%c",
+                                         wpa_s->conf->country[0],
+                                         wpa_s->conf->country[1]);
+#ifdef CONFIG_WIFI_DISPLAY
+       } else if (os_strcasecmp(cmd, "wifi_display") == 0) {
+               res = os_snprintf(buf, buflen, "%d",
+                                 wpa_s->global->wifi_display);
                 if (res < 0 || (unsigned int) res >= buflen)
                         return -1;
                 return res;
+#endif /* CONFIG_WIFI_DISPLAY */
         }
  
-       return -1;
+       if (res < 0 || (unsigned int) res >= buflen)
+               return -1;
+       return res;
  }
  
  
@@ -205,6 +519,7 @@ static int wpa_supplicant_ctrl_iface_tdls_discover(
         struct wpa_supplicant *wpa_s, char *addr)
  {
         u8 peer[ETH_ALEN];
+       int ret;
  
         if (hwaddr_aton(addr, peer)) {
                 wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER: invalid "
@@ -215,7 +530,12 @@ static int wpa_supplicant_ctrl_iface_tdls_discover(
         wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_DISCOVER " MACSTR,
                    MAC2STR(peer));
  
-       return wpa_drv_tdls_oper(wpa_s, TDLS_DISCOVERY_REQ, peer);
+       if (wpa_tdls_is_external_setup(wpa_s->wpa))
+               ret = wpa_tdls_send_discovery_request(wpa_s->wpa, peer);
+       else
+               ret = wpa_drv_tdls_oper(wpa_s, TDLS_DISCOVERY_REQ, peer);
+
+       return ret;
  }
  
  
@@ -235,8 +555,13 @@ static int wpa_supplicant_ctrl_iface_tdls_setup(
                    MAC2STR(peer));
  
         ret = wpa_tdls_reneg(wpa_s->wpa, peer);
-       if (ret)
-               ret = wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
+       if (ret) {
+               if (wpa_tdls_is_external_setup(wpa_s->wpa))
+                       ret = wpa_tdls_start(wpa_s->wpa, peer);
+               else
+                       ret = wpa_drv_tdls_oper(wpa_s, TDLS_SETUP, peer);
+       }
+
         return ret;
  }
  
@@ -255,7 +580,8 @@ static int wpa_supplicant_ctrl_iface_tdls_teardown(
         wpa_printf(MSG_DEBUG, "CTRL_IFACE TDLS_TEARDOWN " MACSTR,
                    MAC2STR(peer));
  
-       return wpa_drv_tdls_oper(wpa_s, TDLS_TEARDOWN, peer);
+       return wpa_tdls_teardown_link(wpa_s->wpa, peer,
+                                     WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
  }
  
  #endif /* CONFIG_TDLS */
@@ -293,9 +619,14 @@ static int wpa_supplicant_ctrl_iface_wps_pbc(struct wpa_supplicant *wpa_s,
                                              char *cmd)
  {
         u8 bssid[ETH_ALEN], *_bssid = bssid;
-       u8 p2p_dev_addr[ETH_ALEN], *_p2p_dev_addr = NULL;
+#ifdef CONFIG_P2P
+       u8 p2p_dev_addr[ETH_ALEN];
+#endif /* CONFIG_P2P */
+#ifdef CONFIG_AP
+       u8 *_p2p_dev_addr = NULL;
+#endif /* CONFIG_AP */
  
-       if (cmd == NULL || os_strcmp(cmd, "any") == 0) {
+       if (cmd == NULL || os_strcmp(cmd, "any") == 0 || cmd[0] == '\0') {
                 _bssid = NULL;
  #ifdef CONFIG_P2P
         } else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
@@ -336,16 +667,31 @@ static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
  
         if (os_strcmp(cmd, "any") == 0)
                 _bssid = NULL;
-       else if (hwaddr_aton(cmd, bssid)) {
+       else if (os_strcmp(cmd, "get") == 0) {
+               ret = wps_generate_pin();
+               goto done;
+       } else if (hwaddr_aton(cmd, bssid)) {
                 wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_PIN: invalid BSSID '%s'",
                            cmd);
                 return -1;
         }
  
  #ifdef CONFIG_AP
-       if (wpa_s->ap_iface)
+       if (wpa_s->ap_iface) {
+               int timeout = 0;
+               char *pos;
+
+               if (pin) {
+                       pos = os_strchr(pin, ' ');
+                       if (pos) {
+                               *pos++ = '\0';
+                               timeout = atoi(pos);
+                       }
+               }
+
                 return wpa_supplicant_ap_wps_pin(wpa_s, _bssid, pin,
-                                                buf, buflen);
+                                                buf, buflen, timeout);
+       }
  #endif /* CONFIG_AP */
  
         if (pin) {
@@ -363,6 +709,7 @@ static int wpa_supplicant_ctrl_iface_wps_pin(struct wpa_supplicant *wpa_s,
         if (ret < 0)
                 return -1;
  
+done:
         /* Return the generated PIN */
         ret = os_snprintf(buf, buflen, "%08d", ret);
         if (ret < 0 || (size_t) ret >= buflen)
@@ -416,113 +763,305 @@ static int wpa_supplicant_ctrl_iface_wps_check_pin(
  }
  
  
-#ifdef CONFIG_WPS_OOB
-static int wpa_supplicant_ctrl_iface_wps_oob(struct wpa_supplicant *wpa_s,
+#ifdef CONFIG_WPS_NFC
+
+static int wpa_supplicant_ctrl_iface_wps_nfc(struct wpa_supplicant *wpa_s,
                                              char *cmd)
  {
-       char *path, *method, *name;
+       u8 bssid[ETH_ALEN], *_bssid = bssid;
+
+       if (cmd == NULL || cmd[0] == '\0')
+               _bssid = NULL;
+       else if (hwaddr_aton(cmd, bssid))
+               return -1;
+
+       return wpas_wps_start_nfc(wpa_s, _bssid);
+}
+
+
+static int wpa_supplicant_ctrl_iface_wps_nfc_token(
+       struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
+{
+       int ndef;
+       struct wpabuf *buf;
+       int res;
  
-       path = os_strchr(cmd, ' ');
-       if (path == NULL)
+       if (os_strcmp(cmd, "WPS") == 0)
+               ndef = 0;
+       else if (os_strcmp(cmd, "NDEF") == 0)
+               ndef = 1;
+       else
                 return -1;
-       *path++ = '\0';
  
-       method = os_strchr(path, ' ');
-       if (method == NULL)
+       buf = wpas_wps_nfc_token(wpa_s, ndef);
+       if (buf == NULL)
                 return -1;
-       *method++ = '\0';
  
-       name = os_strchr(method, ' ');
-       if (name != NULL)
-               *name++ = '\0';
+       res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
+                                        wpabuf_len(buf));
+       reply[res++] = '\n';
+       reply[res] = '\0';
+
+       wpabuf_free(buf);
  
-       return wpas_wps_start_oob(wpa_s, cmd, path, method, name);
+       return res;
  }
-#endif /* CONFIG_WPS_OOB */
  
  
-static int wpa_supplicant_ctrl_iface_wps_reg(struct wpa_supplicant *wpa_s,
-                                            char *cmd)
+static int wpa_supplicant_ctrl_iface_wps_nfc_tag_read(
+       struct wpa_supplicant *wpa_s, char *pos)
  {
-       u8 bssid[ETH_ALEN];
-       char *pin;
-       char *new_ssid;
-       char *new_auth;
-       char *new_encr;
-       char *new_key;
-       struct wps_new_ap_settings ap;
+       size_t len;
+       struct wpabuf *buf;
+       int ret;
  
-       pin = os_strchr(cmd, ' ');
-       if (pin == NULL)
+       len = os_strlen(pos);
+       if (len & 0x01)
                 return -1;
-       *pin++ = '\0';
+       len /= 2;
  
-       if (hwaddr_aton(cmd, bssid)) {
-               wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_REG: invalid BSSID '%s'",
-                          cmd);
+       buf = wpabuf_alloc(len);
+       if (buf == NULL)
+               return -1;
+       if (hexstr2bin(pos, wpabuf_put(buf, len), len) < 0) {
+               wpabuf_free(buf);
                 return -1;
         }
  
-       new_ssid = os_strchr(pin, ' ');
-       if (new_ssid == NULL)
-               return wpas_wps_start_reg(wpa_s, bssid, pin, NULL);
-       *new_ssid++ = '\0';
+       ret = wpas_wps_nfc_tag_read(wpa_s, buf);
+       wpabuf_free(buf);
  
-       new_auth = os_strchr(new_ssid, ' ');
-       if (new_auth == NULL)
-               return -1;
-       *new_auth++ = '\0';
+       return ret;
+}
  
-       new_encr = os_strchr(new_auth, ' ');
-       if (new_encr == NULL)
-               return -1;
-       *new_encr++ = '\0';
  
-       new_key = os_strchr(new_encr, ' ');
-       if (new_key == NULL)
+static int wpas_ctrl_nfc_get_handover_req_wps(struct wpa_supplicant *wpa_s,
+                                             char *reply, size_t max_len)
+{
+       struct wpabuf *buf;
+       int res;
+
+       buf = wpas_wps_nfc_handover_req(wpa_s);
+       if (buf == NULL)
                 return -1;
-       *new_key++ = '\0';
  
-       os_memset(&ap, 0, sizeof(ap));
-       ap.ssid_hex = new_ssid;
-       ap.auth = new_auth;
-       ap.encr = new_encr;
-       ap.key_hex = new_key;
-       return wpas_wps_start_reg(wpa_s, bssid, pin, &ap);
+       res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
+                                        wpabuf_len(buf));
+       reply[res++] = '\n';
+       reply[res] = '\0';
+
+       wpabuf_free(buf);
+
+       return res;
  }
  
  
-#ifdef CONFIG_AP
-static int wpa_supplicant_ctrl_iface_wps_ap_pin(struct wpa_supplicant *wpa_s,
-                                               char *cmd, char *buf,
-                                               size_t buflen)
+static int wpas_ctrl_nfc_get_handover_req(struct wpa_supplicant *wpa_s,
+                                         char *cmd, char *reply,
+                                         size_t max_len)
  {
-       int timeout = 300;
         char *pos;
-       const char *pin_txt;
  
-       if (!wpa_s->ap_iface)
+       pos = os_strchr(cmd, ' ');
+       if (pos == NULL)
                 return -1;
+       *pos++ = '\0';
  
-       pos = os_strchr(cmd, ' ');
-       if (pos)
-               *pos++ = '\0';
+       if (os_strcmp(cmd, "NDEF") != 0)
+               return -1;
  
-       if (os_strcmp(cmd, "disable") == 0) {
-               wpas_wps_ap_pin_disable(wpa_s);
-               return os_snprintf(buf, buflen, "OK\n");
+       if (os_strcmp(pos, "WPS") == 0) {
+               return wpas_ctrl_nfc_get_handover_req_wps(wpa_s, reply,
+                                                         max_len);
         }
  
-       if (os_strcmp(cmd, "random") == 0) {
-               if (pos)
-                       timeout = atoi(pos);
-               pin_txt = wpas_wps_ap_pin_random(wpa_s, timeout);
-               if (pin_txt == NULL)
-                       return -1;
-               return os_snprintf(buf, buflen, "%s", pin_txt);
-       }
+       return -1;
+}
  
-       if (os_strcmp(cmd, "get") == 0) {
+
+static int wpas_ctrl_nfc_get_handover_sel_wps(struct wpa_supplicant *wpa_s,
+                                             char *reply, size_t max_len)
+{
+       struct wpabuf *buf;
+       int res;
+
+       buf = wpas_wps_nfc_handover_sel(wpa_s);
+       if (buf == NULL)
+               return -1;
+
+       res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
+                                        wpabuf_len(buf));
+       reply[res++] = '\n';
+       reply[res] = '\0';
+
+       wpabuf_free(buf);
+
+       return res;
+}
+
+
+static int wpas_ctrl_nfc_get_handover_sel(struct wpa_supplicant *wpa_s,
+                                         char *cmd, char *reply,
+                                         size_t max_len)
+{
+       char *pos;
+
+       pos = os_strchr(cmd, ' ');
+       if (pos == NULL)
+               return -1;
+       *pos++ = '\0';
+
+       if (os_strcmp(cmd, "NDEF") != 0)
+               return -1;
+
+       if (os_strcmp(pos, "WPS") == 0) {
+               return wpas_ctrl_nfc_get_handover_sel_wps(wpa_s, reply,
+                                                         max_len);
+       }
+
+       return -1;
+}
+
+
+static int wpas_ctrl_nfc_rx_handover_req(struct wpa_supplicant *wpa_s,
+                                        char *cmd, char *reply,
+                                        size_t max_len)
+{
+       size_t len;
+       struct wpabuf *buf;
+       int ret;
+
+       len = os_strlen(cmd);
+       if (len & 0x01)
+               return -1;
+       len /= 2;
+
+       buf = wpabuf_alloc(len);
+       if (buf == NULL)
+               return -1;
+       if (hexstr2bin(cmd, wpabuf_put(buf, len), len) < 0) {
+               wpabuf_free(buf);
+               return -1;
+       }
+
+       ret = wpas_wps_nfc_rx_handover_req(wpa_s, buf);
+       wpabuf_free(buf);
+
+       return ret;
+}
+
+
+static int wpas_ctrl_nfc_rx_handover_sel(struct wpa_supplicant *wpa_s,
+                                        char *cmd)
+{
+       size_t len;
+       struct wpabuf *buf;
+       int ret;
+
+       len = os_strlen(cmd);
+       if (len & 0x01)
+               return -1;
+       len /= 2;
+
+       buf = wpabuf_alloc(len);
+       if (buf == NULL)
+               return -1;
+       if (hexstr2bin(cmd, wpabuf_put(buf, len), len) < 0) {
+               wpabuf_free(buf);
+               return -1;
+       }
+
+       ret = wpas_wps_nfc_rx_handover_sel(wpa_s, buf);
+       wpabuf_free(buf);
+
+       return ret;
+}
+
+#endif /* CONFIG_WPS_NFC */
+
+
+static int wpa_supplicant_ctrl_iface_wps_reg(struct wpa_supplicant *wpa_s,
+                                            char *cmd)
+{
+       u8 bssid[ETH_ALEN];
+       char *pin;
+       char *new_ssid;
+       char *new_auth;
+       char *new_encr;
+       char *new_key;
+       struct wps_new_ap_settings ap;
+
+       pin = os_strchr(cmd, ' ');
+       if (pin == NULL)
+               return -1;
+       *pin++ = '\0';
+
+       if (hwaddr_aton(cmd, bssid)) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE WPS_REG: invalid BSSID '%s'",
+                          cmd);
+               return -1;
+       }
+
+       new_ssid = os_strchr(pin, ' ');
+       if (new_ssid == NULL)
+               return wpas_wps_start_reg(wpa_s, bssid, pin, NULL);
+       *new_ssid++ = '\0';
+
+       new_auth = os_strchr(new_ssid, ' ');
+       if (new_auth == NULL)
+               return -1;
+       *new_auth++ = '\0';
+
+       new_encr = os_strchr(new_auth, ' ');
+       if (new_encr == NULL)
+               return -1;
+       *new_encr++ = '\0';
+
+       new_key = os_strchr(new_encr, ' ');
+       if (new_key == NULL)
+               return -1;
+       *new_key++ = '\0';
+
+       os_memset(&ap, 0, sizeof(ap));
+       ap.ssid_hex = new_ssid;
+       ap.auth = new_auth;
+       ap.encr = new_encr;
+       ap.key_hex = new_key;
+       return wpas_wps_start_reg(wpa_s, bssid, pin, &ap);
+}
+
+
+#ifdef CONFIG_AP
+static int wpa_supplicant_ctrl_iface_wps_ap_pin(struct wpa_supplicant *wpa_s,
+                                               char *cmd, char *buf,
+                                               size_t buflen)
+{
+       int timeout = 300;
+       char *pos;
+       const char *pin_txt;
+
+       if (!wpa_s->ap_iface)
+               return -1;
+
+       pos = os_strchr(cmd, ' ');
+       if (pos)
+               *pos++ = '\0';
+
+       if (os_strcmp(cmd, "disable") == 0) {
+               wpas_wps_ap_pin_disable(wpa_s);
+               return os_snprintf(buf, buflen, "OK\n");
+       }
+
+       if (os_strcmp(cmd, "random") == 0) {
+               if (pos)
+                       timeout = atoi(pos);
+               pin_txt = wpas_wps_ap_pin_random(wpa_s, timeout);
+               if (pin_txt == NULL)
+                       return -1;
+               return os_snprintf(buf, buflen, "%s", pin_txt);
+       }
+
+       if (os_strcmp(cmd, "get") == 0) {
                 pin_txt = wpas_wps_ap_pin_get(wpa_s);
                 if (pin_txt == NULL)
                         return -1;
@@ -637,6 +1176,43 @@ static int wpa_supplicant_ctrl_iface_wps_er_config(
         ap.key_hex = new_key;
         return wpas_wps_er_config(wpa_s, cmd, pin, &ap);
  }
+
+
+#ifdef CONFIG_WPS_NFC
+static int wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
+       struct wpa_supplicant *wpa_s, char *cmd, char *reply, size_t max_len)
+{
+       int ndef;
+       struct wpabuf *buf;
+       int res;
+       char *uuid;
+
+       uuid = os_strchr(cmd, ' ');
+       if (uuid == NULL)
+               return -1;
+       *uuid++ = '\0';
+
+       if (os_strcmp(cmd, "WPS") == 0)
+               ndef = 0;
+       else if (os_strcmp(cmd, "NDEF") == 0)
+               ndef = 1;
+       else
+               return -1;
+
+       buf = wpas_wps_er_nfc_config_token(wpa_s, ndef, uuid);
+       if (buf == NULL)
+               return -1;
+
+       res = wpa_snprintf_hex_uppercase(reply, max_len, wpabuf_head(buf),
+                                        wpabuf_len(buf));
+       reply[res++] = '\n';
+       reply[res] = '\0';
+
+       wpabuf_free(buf);
+
+       return res;
+}
+#endif /* CONFIG_WPS_NFC */
  #endif /* CONFIG_WPS_ER */
  
  #endif /* CONFIG_WPS */
@@ -669,7 +1245,6 @@ static int wpa_supplicant_ctrl_iface_ctrl_rsp(struct wpa_supplicant *wpa_s,
         char *pos, *id_pos;
         int id;
         struct wpa_ssid *ssid;
-       struct eap_peer_config *eap;
  
         pos = os_strchr(rsp, '-');
         if (pos == NULL)
@@ -691,54 +1266,9 @@ static int wpa_supplicant_ctrl_iface_ctrl_rsp(struct wpa_supplicant *wpa_s,
                            "to update", id);
                 return -1;
         }
-       eap = &ssid->eap;
-
-       if (os_strcmp(rsp, "IDENTITY") == 0) {
-               os_free(eap->identity);
-               eap->identity = (u8 *) os_strdup(pos);
-               eap->identity_len = os_strlen(pos);
-               eap->pending_req_identity = 0;
-               if (ssid == wpa_s->current_ssid)
-                       wpa_s->reassociate = 1;
-       } else if (os_strcmp(rsp, "PASSWORD") == 0) {
-               os_free(eap->password);
-               eap->password = (u8 *) os_strdup(pos);
-               eap->password_len = os_strlen(pos);
-               eap->pending_req_password = 0;
-               if (ssid == wpa_s->current_ssid)
-                       wpa_s->reassociate = 1;
-       } else if (os_strcmp(rsp, "NEW_PASSWORD") == 0) {
-               os_free(eap->new_password);
-               eap->new_password = (u8 *) os_strdup(pos);
-               eap->new_password_len = os_strlen(pos);
-               eap->pending_req_new_password = 0;
-               if (ssid == wpa_s->current_ssid)
-                       wpa_s->reassociate = 1;
-       } else if (os_strcmp(rsp, "PIN") == 0) {
-               os_free(eap->pin);
-               eap->pin = os_strdup(pos);
-               eap->pending_req_pin = 0;
-               if (ssid == wpa_s->current_ssid)
-                       wpa_s->reassociate = 1;
-       } else if (os_strcmp(rsp, "OTP") == 0) {
-               os_free(eap->otp);
-               eap->otp = (u8 *) os_strdup(pos);
-               eap->otp_len = os_strlen(pos);
-               os_free(eap->pending_req_otp);
-               eap->pending_req_otp = NULL;
-               eap->pending_req_otp_len = 0;
-       } else if (os_strcmp(rsp, "PASSPHRASE") == 0) {
-               os_free(eap->private_key_passwd);
-               eap->private_key_passwd = (u8 *) os_strdup(pos);
-               eap->pending_req_passphrase = 0;
-               if (ssid == wpa_s->current_ssid)
-                       wpa_s->reassociate = 1;
-       } else {
-               wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", rsp);
-               return -1;
-       }
  
-       return 0;
+       return wpa_supplicant_ctrl_iface_ctrl_rsp_handle(wpa_s, ssid, rsp,
+                                                        pos);
  #else /* IEEE8021X_EAPOL */
         wpa_printf(MSG_DEBUG, "CTRL_IFACE: 802.1X not included");
         return -1;
@@ -751,9 +1281,10 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
                                             char *buf, size_t buflen)
  {
         char *pos, *end, tmp[30];
-       int res, verbose, ret;
+       int res, verbose, wps, ret;
  
         verbose = os_strcmp(params, "-VERBOSE") == 0;
+       wps = os_strcmp(params, "-WPS") == 0;
         pos = buf;
         end = buf + buflen;
         if (wpa_s->wpa_state >= WPA_ASSOCIATED) {
@@ -782,6 +1313,17 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
                                 return pos - buf;
                         pos += ret;
  
+                       if (wps && ssid->passphrase &&
+                           wpa_key_mgmt_wpa_psk(ssid->key_mgmt) &&
+                           (ssid->mode == WPAS_MODE_AP ||
+                            ssid->mode == WPAS_MODE_P2P_GO)) {
+                               ret = os_snprintf(pos, end - pos,
+                                                 "passphrase=%s\n",
+                                                 ssid->passphrase);
+                               if (ret < 0 || ret >= end - pos)
+                                       return pos - buf;
+                               pos += ret;
+                       }
                         if (ssid->id_str) {
                                 ret = os_snprintf(pos, end - pos,
                                                   "id_str=%s\n",
@@ -831,6 +1373,16 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
  #endif /* CONFIG_AP */
                 pos += wpa_sm_get_status(wpa_s->wpa, pos, end - pos, verbose);
         }
+#ifdef CONFIG_SAE
+       if (wpa_s->wpa_state >= WPA_ASSOCIATED &&
+           wpa_s->sme.sae.state == SAE_ACCEPTED && !wpa_s->ap_iface) {
+               ret = os_snprintf(pos, end - pos, "sae_group=%d\n",
+                                 wpa_s->sme.sae.group);
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+       }
+#endif /* CONFIG_SAE */
         ret = os_snprintf(pos, end - pos, "wpa_state=%s\n",
                           wpa_supplicant_state_txt(wpa_s->wpa_state));
         if (ret < 0 || ret >= end - pos)
@@ -861,6 +1413,57 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
                 return pos - buf;
         pos += ret;
  
+#ifdef CONFIG_HS20
+       if (wpa_s->current_bss &&
+           wpa_bss_get_vendor_ie(wpa_s->current_bss, HS20_IE_VENDOR_TYPE) &&
+           wpa_s->wpa_proto == WPA_PROTO_RSN &&
+           wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
+               ret = os_snprintf(pos, end - pos, "hs20=1\n");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+       }
+
+       if (wpa_s->current_ssid) {
+               struct wpa_cred *cred;
+               char *type;
+
+               for (cred = wpa_s->conf->cred; cred; cred = cred->next) {
+                       if (wpa_s->current_ssid->parent_cred != cred)
+                               continue;
+                       if (!cred->domain)
+                               continue;
+
+                       ret = os_snprintf(pos, end - pos, "home_sp=%s\n",
+                                         cred->domain);
+                       if (ret < 0 || ret >= end - pos)
+                               return pos - buf;
+                       pos += ret;
+
+                       if (wpa_s->current_bss == NULL ||
+                           wpa_s->current_bss->anqp == NULL)
+                               res = -1;
+                       else
+                               res = interworking_home_sp_cred(
+                                       wpa_s, cred,
+                                       wpa_s->current_bss->anqp->domain_name);
+                       if (res > 0)
+                               type = "home";
+                       else if (res == 0)
+                               type = "roaming";
+                       else
+                               type = "unknown";
+
+                       ret = os_snprintf(pos, end - pos, "sp_type=%s\n", type);
+                       if (ret < 0 || ret >= end - pos)
+                               return pos - buf;
+                       pos += ret;
+
+                       break;
+               }
+       }
+#endif /* CONFIG_HS20 */
+
         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
             wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
                 res = eapol_sm_get_status(wpa_s->eapol, pos, end - pos,
@@ -873,6 +1476,25 @@ static int wpa_supplicant_ctrl_iface_status(struct wpa_supplicant *wpa_s,
         if (res >= 0)
                 pos += res;
  
+#ifdef ANDROID
+       wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_STATE_CHANGE
+                    "id=%d state=%d BSSID=" MACSTR " SSID=%s",
+                    wpa_s->current_ssid ? wpa_s->current_ssid->id : -1,
+                    wpa_s->wpa_state,
+                    MAC2STR(wpa_s->bssid),
+                    wpa_s->current_ssid && wpa_s->current_ssid->ssid ?
+                    wpa_ssid_txt(wpa_s->current_ssid->ssid,
+                    wpa_s->current_ssid->ssid_len) : "");
+       if (wpa_s->wpa_state == WPA_COMPLETED) {
+               struct wpa_ssid *ssid = wpa_s->current_ssid;
+               wpa_msg_ctrl(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- connection to "
+                       MACSTR " completed %s [id=%d id_str=%s]",
+                       MAC2STR(wpa_s->bssid), "(auth)",
+                       ssid ? ssid->id : -1,
+                       ssid && ssid->id_str ? ssid->id_str : "");
+       }
+#endif /* ANDROID */
+
         return pos - buf;
  }
  
@@ -911,50 +1533,9 @@ static int wpa_supplicant_ctrl_iface_bssid(struct wpa_supplicant *wpa_s,
  }
  
  
-extern int wpa_debug_level;
-extern int wpa_debug_timestamp;
-
-static int wpa_supplicant_ctrl_iface_log_level(struct wpa_supplicant *wpa_s,
-                                       char *cmd, char *buf, size_t buflen)
-{
-       char *pos, *end, *stamp;
-       int ret;
-
-       if (cmd == NULL)
-               return -1;
-       /* cmd: "LOG_LEVEL [<level>]" */
-       if (*cmd == '\0') {
-               pos = buf;
-               end = buf + buflen;
-               ret = os_snprintf(pos, end-pos, "Current level: %d\n"
-                       "{0-EXCESSIVE, 1-MSGDUMP, 2-DEBUG, 3-INFO, 4-WARNING, 5-ERROR}\n"
-                       "Timestamp: %d\n", wpa_debug_level, wpa_debug_timestamp);
-               if ((ret < 0) || (ret >= end - pos))
-                       ret = 0;
-               return ret;
-       }
-
-       cmd++;
-       stamp = os_strchr(cmd, ' ');
-       if (stamp) {
-               *stamp++ = '\0';
-               while (*stamp == ' ')
-                       stamp++;
-       }
-
-       if (cmd && os_strlen(cmd))
-               wpa_debug_level = atoi(cmd);
-
-       if (stamp && os_strlen(stamp))
-               wpa_debug_timestamp = atoi(stamp);
-
-       os_memcpy(buf, "OK\n", 3);
-       return 3;
-}
-
-
  static int wpa_supplicant_ctrl_iface_blacklist(struct wpa_supplicant *wpa_s,
-                                       char *cmd, char *buf, size_t buflen)
+                                              char *cmd, char *buf,
+                                              size_t buflen)
  {
         u8 bssid[ETH_ALEN];
         struct wpa_blacklist *e;
@@ -967,8 +1548,9 @@ static int wpa_supplicant_ctrl_iface_blacklist(struct wpa_supplicant *wpa_s,
                 end = buf + buflen;
                 e = wpa_s->blacklist;
                 while (e) {
-                       ret = os_snprintf(pos, end-pos, MACSTR"\n", MAC2STR(e->bssid));
-                       if ((ret < 0) || (ret >= end - pos))
+                       ret = os_snprintf(pos, end - pos, MACSTR "\n",
+                                         MAC2STR(e->bssid));
+                       if (ret < 0 || ret >= end - pos)
                                 return pos - buf;
                         pos += ret;
                         e = e->next;
@@ -985,39 +1567,134 @@ static int wpa_supplicant_ctrl_iface_blacklist(struct wpa_supplicant *wpa_s,
  
         wpa_printf(MSG_DEBUG, "CTRL_IFACE: BLACKLIST bssid='%s'", cmd);
         if (hwaddr_aton(cmd, bssid)) {
-               wpa_printf(MSG_DEBUG ,"CTRL_IFACE: invalid BSSID '%s'", cmd);
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: invalid BSSID '%s'", cmd);
                 return -1;
         }
  
-       /* Add the BSSID twice, so its count will be 2, causing it to be
-          skipped when processing scan results. */
+       /*
+        * Add the BSSID twice, so its count will be 2, causing it to be
+        * skipped when processing scan results.
+        */
         ret = wpa_blacklist_add(wpa_s, bssid);
-       if (ret < 0)
+       if (ret != 0)
                 return -1;
         ret = wpa_blacklist_add(wpa_s, bssid);
-       if (ret < 0)
+       if (ret != 0)
                 return -1;
         os_memcpy(buf, "OK\n", 3);
         return 3;
  }
  
  
-static int wpa_supplicant_ctrl_iface_list_networks(
-       struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
+extern int wpa_debug_level;
+extern int wpa_debug_timestamp;
+
+static const char * debug_level_str(int level)
  {
-       char *pos, *end;
-       struct wpa_ssid *ssid;
-       int ret;
+       switch (level) {
+       case MSG_EXCESSIVE:
+               return "EXCESSIVE";
+       case MSG_MSGDUMP:
+               return "MSGDUMP";
+       case MSG_DEBUG:
+               return "DEBUG";
+       case MSG_INFO:
+               return "INFO";
+       case MSG_WARNING:
+               return "WARNING";
+       case MSG_ERROR:
+               return "ERROR";
+       default:
+               return "?";
+       }
+}
  
-       pos = buf;
-       end = buf + buflen;
-       ret = os_snprintf(pos, end - pos,
-                         "network id / ssid / bssid / flags\n");
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
  
-       ssid = wpa_s->conf->ssid;
+static int str_to_debug_level(const char *s)
+{
+       if (os_strcasecmp(s, "EXCESSIVE") == 0)
+               return MSG_EXCESSIVE;
+       if (os_strcasecmp(s, "MSGDUMP") == 0)
+               return MSG_MSGDUMP;
+       if (os_strcasecmp(s, "DEBUG") == 0)
+               return MSG_DEBUG;
+       if (os_strcasecmp(s, "INFO") == 0)
+               return MSG_INFO;
+       if (os_strcasecmp(s, "WARNING") == 0)
+               return MSG_WARNING;
+       if (os_strcasecmp(s, "ERROR") == 0)
+               return MSG_ERROR;
+       return -1;
+}
+
+
+static int wpa_supplicant_ctrl_iface_log_level(struct wpa_supplicant *wpa_s,
+                                              char *cmd, char *buf,
+                                              size_t buflen)
+{
+       char *pos, *end, *stamp;
+       int ret;
+
+       if (cmd == NULL) {
+               return -1;
+       }
+
+       /* cmd: "LOG_LEVEL [<level>]" */
+       if (*cmd == '\0') {
+               pos = buf;
+               end = buf + buflen;
+               ret = os_snprintf(pos, end - pos, "Current level: %s\n"
+                                 "Timestamp: %d\n",
+                                 debug_level_str(wpa_debug_level),
+                                 wpa_debug_timestamp);
+               if (ret < 0 || ret >= end - pos)
+                       ret = 0;
+
+               return ret;
+       }
+
+       while (*cmd == ' ')
+               cmd++;
+
+       stamp = os_strchr(cmd, ' ');
+       if (stamp) {
+               *stamp++ = '\0';
+               while (*stamp == ' ') {
+                       stamp++;
+               }
+       }
+
+       if (cmd && os_strlen(cmd)) {
+               int level = str_to_debug_level(cmd);
+               if (level < 0)
+                       return -1;
+               wpa_debug_level = level;
+       }
+
+       if (stamp && os_strlen(stamp))
+               wpa_debug_timestamp = atoi(stamp);
+
+       os_memcpy(buf, "OK\n", 3);
+       return 3;
+}
+
+
+static int wpa_supplicant_ctrl_iface_list_networks(
+       struct wpa_supplicant *wpa_s, char *buf, size_t buflen)
+{
+       char *pos, *end;
+       struct wpa_ssid *ssid;
+       int ret;
+
+       pos = buf;
+       end = buf + buflen;
+       ret = os_snprintf(pos, end - pos,
+                         "network id / ssid / bssid / flags\n");
+       if (ret < 0 || ret >= end - pos)
+               return pos - buf;
+       pos += ret;
+
+       ssid = wpa_s->conf->ssid;
         while (ssid) {
                 ret = os_snprintf(pos, end - pos, "%d\t%s",
                                   ssid->id,
@@ -1034,10 +1711,12 @@ static int wpa_supplicant_ctrl_iface_list_networks(
                 if (ret < 0 || ret >= end - pos)
                         return pos - buf;
                 pos += ret;
-               ret = os_snprintf(pos, end - pos, "\t%s%s%s",
+               ret = os_snprintf(pos, end - pos, "\t%s%s%s%s",
                                   ssid == wpa_s->current_ssid ?
                                   "[CURRENT]" : "",
                                   ssid->disabled ? "[DISABLED]" : "",
+                                 ssid->disabled_until.sec ?
+                                 "[TEMP-DISABLED]" : "",
                                   ssid->disabled == 2 ? "[P2P-PERSISTENT]" :
                                   "");
                 if (ret < 0 || ret >= end - pos)
@@ -1057,47 +1736,15 @@ static int wpa_supplicant_ctrl_iface_list_networks(
  
  static char * wpa_supplicant_cipher_txt(char *pos, char *end, int cipher)
  {
-       int first = 1, ret;
+       int ret;
         ret = os_snprintf(pos, end - pos, "-");
         if (ret < 0 || ret >= end - pos)
                 return pos;
         pos += ret;
-       if (cipher & WPA_CIPHER_NONE) {
-               ret = os_snprintf(pos, end - pos, "%sNONE", first ? "" : "+");
-               if (ret < 0 || ret >= end - pos)
-                       return pos;
-               pos += ret;
-               first = 0;
-       }
-       if (cipher & WPA_CIPHER_WEP40) {
-               ret = os_snprintf(pos, end - pos, "%sWEP40", first ? "" : "+");
-               if (ret < 0 || ret >= end - pos)
-                       return pos;
-               pos += ret;
-               first = 0;
-       }
-       if (cipher & WPA_CIPHER_WEP104) {
-               ret = os_snprintf(pos, end - pos, "%sWEP104",
-                                 first ? "" : "+");
-               if (ret < 0 || ret >= end - pos)
-                       return pos;
-               pos += ret;
-               first = 0;
-       }
-       if (cipher & WPA_CIPHER_TKIP) {
-               ret = os_snprintf(pos, end - pos, "%sTKIP", first ? "" : "+");
-               if (ret < 0 || ret >= end - pos)
-                       return pos;
-               pos += ret;
-               first = 0;
-       }
-       if (cipher & WPA_CIPHER_CCMP) {
-               ret = os_snprintf(pos, end - pos, "%sCCMP", first ? "" : "+");
-               if (ret < 0 || ret >= end - pos)
-                       return pos;
-               pos += ret;
-               first = 0;
-       }
+       ret = wpa_write_ciphers(pos, end, cipher, "+");
+       if (ret < 0)
+               return pos;
+       pos += ret;
         return pos;
  }
  
@@ -1296,6 +1943,14 @@ static int wpa_supplicant_ctrl_iface_scan_result(
                         return -1;
                 pos += ret;
         }
+#ifdef CONFIG_HS20
+       if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE) && ie2) {
+               ret = os_snprintf(pos, end - pos, "[HS20]");
+               if (ret < 0 || ret >= end - pos)
+                       return -1;
+               pos += ret;
+       }
+#endif /* CONFIG_HS20 */
  
         ret = os_snprintf(pos, end - pos, "\t%s",
                           wpa_ssid_txt(bss->ssid, bss->ssid_len));
@@ -1397,6 +2052,11 @@ static int wpa_supplicant_ctrl_iface_enable_network(
                                    "ENABLE_NETWORK with persistent P2P group");
                         return -1;
                 }
+
+               if (os_strstr(cmd, " no-connect")) {
+                       ssid->disabled = 0;
+                       return 0;
+               }
         }
         wpa_supplicant_enable_network(wpa_s, ssid);
  
@@ -1478,10 +2138,15 @@ static int wpa_supplicant_ctrl_iface_remove_network(
                         wpas_notify_network_removed(wpa_s, remove_ssid);
                         wpa_config_remove_network(wpa_s->conf, id);
                 }
+               eapol_sm_invalidate_cached_session(wpa_s->eapol);
                 if (wpa_s->current_ssid) {
-                       eapol_sm_invalidate_cached_session(wpa_s->eapol);
-                       wpa_supplicant_disassociate(wpa_s,
-                                                   WLAN_REASON_DEAUTH_LEAVING);
+#ifdef CONFIG_SME
+                       wpa_s->sme.prev_bssid_set = 0;
+#endif /* CONFIG_SME */
+                       wpa_sm_set_config(wpa_s->wpa, NULL);
+                       eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
+                       wpa_supplicant_deauthenticate(
+                               wpa_s, WLAN_REASON_DEAUTH_LEAVING);
                 }
                 return 0;
         }
@@ -1490,21 +2155,37 @@ static int wpa_supplicant_ctrl_iface_remove_network(
         wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_NETWORK id=%d", id);
  
         ssid = wpa_config_get_network(wpa_s->conf, id);
-       if (ssid == NULL ||
-           wpa_config_remove_network(wpa_s->conf, id) < 0) {
+       if (ssid)
+               wpas_notify_network_removed(wpa_s, ssid);
+       if (ssid == NULL) {
                 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find network "
                            "id=%d", id);
                 return -1;
         }
  
-       if (ssid == wpa_s->current_ssid) {
+       if (ssid == wpa_s->current_ssid || wpa_s->current_ssid == NULL) {
+#ifdef CONFIG_SME
+               wpa_s->sme.prev_bssid_set = 0;
+#endif /* CONFIG_SME */
                 /*
-                * Invalidate the EAP session cache if the current network is
-                * removed.
+                * Invalidate the EAP session cache if the current or
+                * previously used network is removed.
                  */
                 eapol_sm_invalidate_cached_session(wpa_s->eapol);
+       }
+
+       if (ssid == wpa_s->current_ssid) {
+               wpa_sm_set_config(wpa_s->wpa, NULL);
+               eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
  
-               wpa_supplicant_disassociate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
+               wpa_supplicant_deauthenticate(wpa_s,
+                                             WLAN_REASON_DEAUTH_LEAVING);
+       }
+
+       if (wpa_config_remove_network(wpa_s->conf, id) < 0) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: Not able to remove the "
+                          "network id=%d", id);
+               return -1;
         }
  
         return 0;
@@ -1548,10 +2229,14 @@ static int wpa_supplicant_ctrl_iface_set_network(
                 return -1;
         }
  
-       if (wpa_s->current_ssid == ssid) {
+       if (os_strcmp(name, "bssid") != 0 &&
+           os_strcmp(name, "priority") != 0)
+               wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
+
+       if (wpa_s->current_ssid == ssid || wpa_s->current_ssid == NULL) {
                 /*
                  * Invalidate the EAP session cache if anything in the current
-                * configuration changes.
+                * or previously used configuration changes.
                  */
                 eapol_sm_invalidate_cached_session(wpa_s->eapol);
         }
@@ -1611,6 +2296,167 @@ static int wpa_supplicant_ctrl_iface_get_network(
  }
  
  
+static int wpa_supplicant_ctrl_iface_list_creds(struct wpa_supplicant *wpa_s,
+                                               char *buf, size_t buflen)
+{
+       char *pos, *end;
+       struct wpa_cred *cred;
+       int ret;
+
+       pos = buf;
+       end = buf + buflen;
+       ret = os_snprintf(pos, end - pos,
+                         "cred id / realm / username / domain / imsi\n");
+       if (ret < 0 || ret >= end - pos)
+               return pos - buf;
+       pos += ret;
+
+       cred = wpa_s->conf->cred;
+       while (cred) {
+               ret = os_snprintf(pos, end - pos, "%d\t%s\t%s\t%s\t%s\n",
+                                 cred->id, cred->realm ? cred->realm : "",
+                                 cred->username ? cred->username : "",
+                                 cred->domain ? cred->domain : "",
+                                 cred->imsi ? cred->imsi : "");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+
+               cred = cred->next;
+       }
+
+       return pos - buf;
+}
+
+
+static int wpa_supplicant_ctrl_iface_add_cred(struct wpa_supplicant *wpa_s,
+                                             char *buf, size_t buflen)
+{
+       struct wpa_cred *cred;
+       int ret;
+
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE: ADD_CRED");
+
+       cred = wpa_config_add_cred(wpa_s->conf);
+       if (cred == NULL)
+               return -1;
+
+       ret = os_snprintf(buf, buflen, "%d\n", cred->id);
+       if (ret < 0 || (size_t) ret >= buflen)
+               return -1;
+       return ret;
+}
+
+
+static int wpas_ctrl_remove_cred(struct wpa_supplicant *wpa_s,
+                                struct wpa_cred *cred)
+{
+       struct wpa_ssid *ssid;
+       char str[20];
+
+       if (cred == NULL || wpa_config_remove_cred(wpa_s->conf, cred->id) < 0) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred");
+               return -1;
+       }
+
+       /* Remove any network entry created based on the removed credential */
+       ssid = wpa_s->conf->ssid;
+       while (ssid) {
+               if (ssid->parent_cred == cred) {
+                       wpa_printf(MSG_DEBUG, "Remove network id %d since it "
+                                  "used the removed credential", ssid->id);
+                       os_snprintf(str, sizeof(str), "%d", ssid->id);
+                       ssid = ssid->next;
+                       wpa_supplicant_ctrl_iface_remove_network(wpa_s, str);
+               } else
+                       ssid = ssid->next;
+       }
+
+       return 0;
+}
+
+
+static int wpa_supplicant_ctrl_iface_remove_cred(struct wpa_supplicant *wpa_s,
+                                                char *cmd)
+{
+       int id;
+       struct wpa_cred *cred, *prev;
+
+       /* cmd: "<cred id>", "all", or "sp_fqdn=<FQDN>" */
+       if (os_strcmp(cmd, "all") == 0) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED all");
+               cred = wpa_s->conf->cred;
+               while (cred) {
+                       prev = cred;
+                       cred = cred->next;
+                       wpas_ctrl_remove_cred(wpa_s, prev);
+               }
+               return 0;
+       }
+
+       if (os_strncmp(cmd, "sp_fqdn=", 8) == 0) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED SP FQDN '%s'",
+                          cmd + 8);
+               cred = wpa_s->conf->cred;
+               while (cred) {
+                       prev = cred;
+                       cred = cred->next;
+                       if (prev->domain &&
+                           os_strcmp(prev->domain, cmd + 8) == 0)
+                               wpas_ctrl_remove_cred(wpa_s, prev);
+               }
+               return 0;
+       }
+
+       id = atoi(cmd);
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE: REMOVE_CRED id=%d", id);
+
+       cred = wpa_config_get_cred(wpa_s->conf, id);
+       return wpas_ctrl_remove_cred(wpa_s, cred);
+}
+
+
+static int wpa_supplicant_ctrl_iface_set_cred(struct wpa_supplicant *wpa_s,
+                                             char *cmd)
+{
+       int id;
+       struct wpa_cred *cred;
+       char *name, *value;
+
+       /* cmd: "<cred id> <variable name> <value>" */
+       name = os_strchr(cmd, ' ');
+       if (name == NULL)
+               return -1;
+       *name++ = '\0';
+
+       value = os_strchr(name, ' ');
+       if (value == NULL)
+               return -1;
+       *value++ = '\0';
+
+       id = atoi(cmd);
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE: SET_CRED id=%d name='%s'",
+                  id, name);
+       wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: value",
+                             (u8 *) value, os_strlen(value));
+
+       cred = wpa_config_get_cred(wpa_s->conf, id);
+       if (cred == NULL) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find cred id=%d",
+                          id);
+               return -1;
+       }
+
+       if (wpa_config_set_cred(cred, name, value, 0) < 0) {
+               wpa_printf(MSG_DEBUG, "CTRL_IFACE: Failed to set cred "
+                          "variable '%s'", name);
+               return -1;
+       }
+
+       return 0;
+}
+
+
  #ifndef CONFIG_NO_CONFIG_WRITE
  static int wpa_supplicant_ctrl_iface_save_config(struct wpa_supplicant *wpa_s)
  {
@@ -1664,6 +2510,14 @@ static int ctrl_iface_get_capability_pairwise(int res, char *strict,
                 first = 0;
         }
  
+       if (capa->enc & WPA_DRIVER_CAPA_ENC_GCMP) {
+               ret = os_snprintf(pos, end - pos, "%sGCMP", first ? "" : " ");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               first = 0;
+       }
+
         if (capa->enc & WPA_DRIVER_CAPA_ENC_TKIP) {
                 ret = os_snprintf(pos, end - pos, "%sTKIP", first ? "" : " ");
                 if (ret < 0 || ret >= end - pos)
@@ -1712,6 +2566,14 @@ static int ctrl_iface_get_capability_group(int res, char *strict,
                 first = 0;
         }
  
+       if (capa->enc & WPA_DRIVER_CAPA_ENC_GCMP) {
+               ret = os_snprintf(pos, end - pos, "%sGCMP", first ? "" : " ");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               first = 0;
+       }
+
         if (capa->enc & WPA_DRIVER_CAPA_ENC_TKIP) {
                 ret = os_snprintf(pos, end - pos, "%sTKIP", first ? "" : " ");
                 if (ret < 0 || ret >= end - pos)
@@ -1850,95 +2712,437 @@ static int ctrl_iface_get_capability_auth_alg(int res, char *strict,
         if (res < 0) {
                 if (strict)
                         return 0;
-               len = os_strlcpy(buf, "OPEN SHARED LEAP", buflen);
-               if (len >= buflen)
-                       return -1;
-               return len;
+               len = os_strlcpy(buf, "OPEN SHARED LEAP", buflen);
+               if (len >= buflen)
+                       return -1;
+               return len;
+       }
+
+       if (capa->auth & (WPA_DRIVER_AUTH_OPEN)) {
+               ret = os_snprintf(pos, end - pos, "%sOPEN", first ? "" : " ");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               first = 0;
+       }
+
+       if (capa->auth & (WPA_DRIVER_AUTH_SHARED)) {
+               ret = os_snprintf(pos, end - pos, "%sSHARED",
+                                 first ? "" : " ");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               first = 0;
+       }
+
+       if (capa->auth & (WPA_DRIVER_AUTH_LEAP)) {
+               ret = os_snprintf(pos, end - pos, "%sLEAP", first ? "" : " ");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               first = 0;
+       }
+
+       return pos - buf;
+}
+
+
+static int ctrl_iface_get_capability_channels(struct wpa_supplicant *wpa_s,
+                                             char *buf, size_t buflen)
+{
+       struct hostapd_channel_data *chnl;
+       int ret, i, j;
+       char *pos, *end, *hmode;
+
+       pos = buf;
+       end = pos + buflen;
+
+       for (j = 0; j < wpa_s->hw.num_modes; j++) {
+               switch (wpa_s->hw.modes[j].mode) {
+               case HOSTAPD_MODE_IEEE80211B:
+                       hmode = "B";
+                       break;
+               case HOSTAPD_MODE_IEEE80211G:
+                       hmode = "G";
+                       break;
+               case HOSTAPD_MODE_IEEE80211A:
+                       hmode = "A";
+                       break;
+               case HOSTAPD_MODE_IEEE80211AD:
+                       hmode = "AD";
+                       break;
+               default:
+                       continue;
+               }
+               ret = os_snprintf(pos, end - pos, "Mode[%s] Channels:", hmode);
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+               chnl = wpa_s->hw.modes[j].channels;
+               for (i = 0; i < wpa_s->hw.modes[j].num_channels; i++) {
+                       if (chnl[i].flag & HOSTAPD_CHAN_DISABLED)
+                               continue;
+                       ret = os_snprintf(pos, end - pos, " %d", chnl[i].chan);
+                       if (ret < 0 || ret >= end - pos)
+                               return pos - buf;
+                       pos += ret;
+               }
+               ret = os_snprintf(pos, end - pos, "\n");
+               if (ret < 0 || ret >= end - pos)
+                       return pos - buf;
+               pos += ret;
+       }
+
+       return pos - buf;
+}
+
+
+static int wpa_supplicant_ctrl_iface_get_capability(
+       struct wpa_supplicant *wpa_s, const char *_field, char *buf,
+       size_t buflen)
+{
+       struct wpa_driver_capa capa;
+       int res;
+       char *strict;
+       char field[30];
+       size_t len;
+
+       /* Determine whether or not strict checking was requested */
+       len = os_strlcpy(field, _field, sizeof(field));
+       if (len >= sizeof(field))
+               return -1;
+       strict = os_strchr(field, ' ');
+       if (strict != NULL) {
+               *strict++ = '\0';
+               if (os_strcmp(strict, "strict") != 0)
+                       return -1;
+       }
+
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s' %s",
+               field, strict ? strict : "");
+
+       if (os_strcmp(field, "eap") == 0) {
+               return eap_get_names(buf, buflen);
+       }
+
+       res = wpa_drv_get_capa(wpa_s, &capa);
+
+       if (os_strcmp(field, "pairwise") == 0)
+               return ctrl_iface_get_capability_pairwise(res, strict, &capa,
+                                                         buf, buflen);
+
+       if (os_strcmp(field, "group") == 0)
+               return ctrl_iface_get_capability_group(res, strict, &capa,
+                                                      buf, buflen);
+
+       if (os_strcmp(field, "key_mgmt") == 0)
+               return ctrl_iface_get_capability_key_mgmt(res, strict, &capa,
+                                                         buf, buflen);
+
+       if (os_strcmp(field, "proto") == 0)
+               return ctrl_iface_get_capability_proto(res, strict, &capa,
+                                                      buf, buflen);
+
+       if (os_strcmp(field, "auth_alg") == 0)
+               return ctrl_iface_get_capability_auth_alg(res, strict, &capa,
+                                                         buf, buflen);
+
+       if (os_strcmp(field, "channels") == 0)
+               return ctrl_iface_get_capability_channels(wpa_s, buf, buflen);
+
+       wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
+                  field);
+
+       return -1;
+}
+
+
+#ifdef CONFIG_INTERWORKING
+static char * anqp_add_hex(char *pos, char *end, const char *title,
+                          struct wpabuf *data)
+{
+       char *start = pos;
+       size_t i;
+       int ret;
+       const u8 *d;
+
+       if (data == NULL)
+               return start;
+
+       ret = os_snprintf(pos, end - pos, "%s=", title);
+       if (ret < 0 || ret >= end - pos)
+               return start;
+       pos += ret;
+
+       d = wpabuf_head_u8(data);
+       for (i = 0; i < wpabuf_len(data); i++) {
+               ret = os_snprintf(pos, end - pos, "%02x", *d++);
+               if (ret < 0 || ret >= end - pos)
+                       return start;
+               pos += ret;
+       }
+
+       ret = os_snprintf(pos, end - pos, "\n");
+       if (ret < 0 || ret >= end - pos)
+               return start;
+       pos += ret;
+
+       return pos;
+}
+#endif /* CONFIG_INTERWORKING */
+
+
+static int print_bss_info(struct wpa_supplicant *wpa_s, struct wpa_bss *bss,
+                         unsigned long mask, char *buf, size_t buflen)
+{
+       size_t i;
+       int ret;
+       char *pos, *end;
+       const u8 *ie, *ie2;
+
+       pos = buf;
+       end = buf + buflen;
+
+       if (mask & WPA_BSS_MASK_ID) {
+               ret = os_snprintf(pos, end - pos, "id=%u\n", bss->id);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_BSSID) {
+               ret = os_snprintf(pos, end - pos, "bssid=" MACSTR "\n",
+                                 MAC2STR(bss->bssid));
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_FREQ) {
+               ret = os_snprintf(pos, end - pos, "freq=%d\n", bss->freq);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_BEACON_INT) {
+               ret = os_snprintf(pos, end - pos, "beacon_int=%d\n",
+                                 bss->beacon_int);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_CAPABILITIES) {
+               ret = os_snprintf(pos, end - pos, "capabilities=0x%04x\n",
+                                 bss->caps);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_QUAL) {
+               ret = os_snprintf(pos, end - pos, "qual=%d\n", bss->qual);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_NOISE) {
+               ret = os_snprintf(pos, end - pos, "noise=%d\n", bss->noise);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_LEVEL) {
+               ret = os_snprintf(pos, end - pos, "level=%d\n", bss->level);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_TSF) {
+               ret = os_snprintf(pos, end - pos, "tsf=%016llu\n",
+                                 (unsigned long long) bss->tsf);
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_AGE) {
+               struct os_time now;
+
+               os_get_time(&now);
+               ret = os_snprintf(pos, end - pos, "age=%d\n",
+                                 (int) (now.sec - bss->last_update.sec));
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_IE) {
+               ret = os_snprintf(pos, end - pos, "ie=");
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+
+               ie = (const u8 *) (bss + 1);
+               for (i = 0; i < bss->ie_len; i++) {
+                       ret = os_snprintf(pos, end - pos, "%02x", *ie++);
+                       if (ret < 0 || ret >= end - pos)
+                               return 0;
+                       pos += ret;
+               }
+
+               ret = os_snprintf(pos, end - pos, "\n");
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+       }
+
+       if (mask & WPA_BSS_MASK_FLAGS) {
+               ret = os_snprintf(pos, end - pos, "flags=");
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
+
+               ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
+               if (ie)
+                       pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie,
+                                                   2 + ie[1]);
+               ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
+               if (ie2)
+                       pos = wpa_supplicant_ie_txt(pos, end, "WPA2", ie2,
+                                                   2 + ie2[1]);
+               pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
+               if (!ie && !ie2 && bss->caps & IEEE80211_CAP_PRIVACY) {
+                       ret = os_snprintf(pos, end - pos, "[WEP]");
+                       if (ret < 0 || ret >= end - pos)
+                               return 0;
+                       pos += ret;
+               }
+               if (bss->caps & IEEE80211_CAP_IBSS) {
+                       ret = os_snprintf(pos, end - pos, "[IBSS]");
+                       if (ret < 0 || ret >= end - pos)
+                               return 0;
+                       pos += ret;
+               }
+               if (bss->caps & IEEE80211_CAP_ESS) {
+                       ret = os_snprintf(pos, end - pos, "[ESS]");
+                       if (ret < 0 || ret >= end - pos)
+                               return 0;
+                       pos += ret;
+               }
+               if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE)) {
+                       ret = os_snprintf(pos, end - pos, "[P2P]");
+                       if (ret < 0 || ret >= end - pos)
+                               return 0;
+                       pos += ret;
+               }
+#ifdef CONFIG_HS20
+               if (wpa_bss_get_vendor_ie(bss, HS20_IE_VENDOR_TYPE)) {
+                       ret = os_snprintf(pos, end - pos, "[HS20]");
+                       if (ret < 0 || ret >= end - pos)
+                               return -1;
+                       pos += ret;
+               }
+#endif /* CONFIG_HS20 */
+
+               ret = os_snprintf(pos, end - pos, "\n");
+               if (ret < 0 || ret >= end - pos)
+                       return 0;
+               pos += ret;
         }
  
-       if (capa->auth & (WPA_DRIVER_AUTH_OPEN)) {
-               ret = os_snprintf(pos, end - pos, "%sOPEN", first ? "" : " ");
+       if (mask & WPA_BSS_MASK_SSID) {
+               ret = os_snprintf(pos, end - pos, "ssid=%s\n",
+                                 wpa_ssid_txt(bss->ssid, bss->ssid_len));
                 if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
+                       return 0;
                 pos += ret;
-               first = 0;
         }
  
-       if (capa->auth & (WPA_DRIVER_AUTH_SHARED)) {
-               ret = os_snprintf(pos, end - pos, "%sSHARED",
-                                 first ? "" : " ");
+#ifdef CONFIG_WPS
+       if (mask & WPA_BSS_MASK_WPS_SCAN) {
+               ie = (const u8 *) (bss + 1);
+               ret = wpas_wps_scan_result_text(ie, bss->ie_len, pos, end);
                 if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
+                       return 0;
                 pos += ret;
-               first = 0;
         }
+#endif /* CONFIG_WPS */
  
-       if (capa->auth & (WPA_DRIVER_AUTH_LEAP)) {
-               ret = os_snprintf(pos, end - pos, "%sLEAP", first ? "" : " ");
+#ifdef CONFIG_P2P
+       if (mask & WPA_BSS_MASK_P2P_SCAN) {
+               ie = (const u8 *) (bss + 1);
+               ret = wpas_p2p_scan_result_text(ie, bss->ie_len, pos, end);
                 if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
+                       return 0;
                 pos += ret;
-               first = 0;
         }
+#endif /* CONFIG_P2P */
  
-       return pos - buf;
-}
-
-
-static int wpa_supplicant_ctrl_iface_get_capability(
-       struct wpa_supplicant *wpa_s, const char *_field, char *buf,
-       size_t buflen)
-{
-       struct wpa_driver_capa capa;
-       int res;
-       char *strict;
-       char field[30];
-       size_t len;
-
-       /* Determine whether or not strict checking was requested */
-       len = os_strlcpy(field, _field, sizeof(field));
-       if (len >= sizeof(field))
-               return -1;
-       strict = os_strchr(field, ' ');
-       if (strict != NULL) {
-               *strict++ = '\0';
-               if (os_strcmp(strict, "strict") != 0)
-                       return -1;
-       }
+#ifdef CONFIG_WIFI_DISPLAY
+       if (mask & WPA_BSS_MASK_WIFI_DISPLAY) {
+               struct wpabuf *wfd;
+               ie = (const u8 *) (bss + 1);
+               wfd = ieee802_11_vendor_ie_concat(ie, bss->ie_len,
+                                                 WFD_IE_VENDOR_TYPE);
+               if (wfd) {
+                       ret = os_snprintf(pos, end - pos, "wfd_subelems=");
+                       if (ret < 0 || ret >= end - pos)
+                               return pos - buf;
+                       pos += ret;
  
-       wpa_printf(MSG_DEBUG, "CTRL_IFACE: GET_CAPABILITY '%s' %s",
-               field, strict ? strict : "");
+                       pos += wpa_snprintf_hex(pos, end - pos,
+                                               wpabuf_head(wfd),
+                                               wpabuf_len(wfd));
+                       wpabuf_free(wfd);
  
-       if (os_strcmp(field, "eap") == 0) {
-               return eap_get_names(buf, buflen);
+                       ret = os_snprintf(pos, end - pos, "\n");
+                       if (ret < 0 || ret >= end - pos)
+                               return pos - buf;
+                       pos += ret;
+               }
         }
+#endif /* CONFIG_WIFI_DISPLAY */
+
+#ifdef CONFIG_INTERWORKING
+       if ((mask & WPA_BSS_MASK_INTERNETW) && bss->anqp) {
+               struct wpa_bss_anqp *anqp = bss->anqp;
+               pos = anqp_add_hex(pos, end, "anqp_venue_name",
+                                  anqp->venue_name);
+               pos = anqp_add_hex(pos, end, "anqp_network_auth_type",
+                                  anqp->network_auth_type);
+               pos = anqp_add_hex(pos, end, "anqp_roaming_consortium",
+                                  anqp->roaming_consortium);
+               pos = anqp_add_hex(pos, end, "anqp_ip_addr_type_availability",
+                                  anqp->ip_addr_type_availability);
+               pos = anqp_add_hex(pos, end, "anqp_nai_realm",
+                                  anqp->nai_realm);
+               pos = anqp_add_hex(pos, end, "anqp_3gpp", anqp->anqp_3gpp);
+               pos = anqp_add_hex(pos, end, "anqp_domain_name",
+                                  anqp->domain_name);
+#ifdef CONFIG_HS20
+               pos = anqp_add_hex(pos, end, "hs20_operator_friendly_name",
+                                  anqp->hs20_operator_friendly_name);
+               pos = anqp_add_hex(pos, end, "hs20_wan_metrics",
+                                  anqp->hs20_wan_metrics);
+               pos = anqp_add_hex(pos, end, "hs20_connection_capability",
+                                  anqp->hs20_connection_capability);
+#endif /* CONFIG_HS20 */
+       }
+#endif /* CONFIG_INTERWORKING */
+
+#ifdef ANDROID
+       ret = os_snprintf(pos, end - pos, "====\n");
+       if (ret < 0 || ret >= end - pos)
+               return 0;
+       pos += ret;
+#endif
  
-       res = wpa_drv_get_capa(wpa_s, &capa);
-
-       if (os_strcmp(field, "pairwise") == 0)
-               return ctrl_iface_get_capability_pairwise(res, strict, &capa,
-                                                         buf, buflen);
-
-       if (os_strcmp(field, "group") == 0)
-               return ctrl_iface_get_capability_group(res, strict, &capa,
-                                                      buf, buflen);
-
-       if (os_strcmp(field, "key_mgmt") == 0)
-               return ctrl_iface_get_capability_key_mgmt(res, strict, &capa,
-                                                         buf, buflen);
-
-       if (os_strcmp(field, "proto") == 0)
-               return ctrl_iface_get_capability_proto(res, strict, &capa,
-                                                      buf, buflen);
-
-       if (os_strcmp(field, "auth_alg") == 0)
-               return ctrl_iface_get_capability_auth_alg(res, strict, &capa,
-                                                         buf, buflen);
-
-       wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown GET_CAPABILITY field '%s'",
-                  field);
-
-       return -1;
+       return pos - buf;
  }
  
  
@@ -1949,12 +3153,55 @@ static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
         u8 bssid[ETH_ALEN];
         size_t i;
         struct wpa_bss *bss;
-       int ret;
-       char *pos, *end;
-       const u8 *ie, *ie2;
+       struct wpa_bss *bsslast = NULL;
+       struct dl_list *next;
+       int ret = 0;
+       int len;
+       char *ctmp;
+       unsigned long mask = WPA_BSS_MASK_ALL;
+
+       if (os_strncmp(cmd, "RANGE=", 6) == 0) {
+               if (os_strncmp(cmd + 6, "ALL", 3) == 0) {
+                       bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss,
+                                           list_id);
+                       bsslast = dl_list_last(&wpa_s->bss_id, struct wpa_bss,
+                                              list_id);
+               } else { /* N1-N2 */
+                       unsigned int id1, id2;
+
+                       if ((ctmp = os_strchr(cmd + 6, '-')) == NULL) {
+                               wpa_printf(MSG_INFO, "Wrong BSS range "
+                                          "format");
+                               return 0;
+                       }
  
-       if (os_strcmp(cmd, "FIRST") == 0)
-               bss = dl_list_first(&wpa_s->bss, struct wpa_bss, list);
+                       id1 = atoi(cmd + 6);
+                       bss = wpa_bss_get_id(wpa_s, id1);
+                       id2 = atoi(ctmp + 1);
+                       if (id2 == 0)
+                               bsslast = dl_list_last(&wpa_s->bss_id,
+                                                      struct wpa_bss,
+                                                      list_id);
+                       else {
+                               bsslast = wpa_bss_get_id(wpa_s, id2);
+                               if (bsslast == NULL && bss && id2 > id1) {
+                                       struct wpa_bss *tmp = bss;
+                                       for (;;) {
+                                               next = tmp->list_id.next;
+                                               if (next == &wpa_s->bss_id)
+                                                       break;
+                                               tmp = dl_list_entry(
+                                                       next, struct wpa_bss,
+                                                       list_id);
+                                               if (tmp->id > id2)
+                                                       break;
+                                               bsslast = tmp;
+                                       }
+                               }
+                       }
+               }
+       } else if (os_strcmp(cmd, "FIRST") == 0)
+               bss = dl_list_first(&wpa_s->bss_id, struct wpa_bss, list_id);
         else if (os_strncmp(cmd, "ID-", 3) == 0) {
                 i = atoi(cmd + 3);
                 bss = wpa_bss_get_id(wpa_s, i);
@@ -1962,13 +3209,20 @@ static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
                 i = atoi(cmd + 5);
                 bss = wpa_bss_get_id(wpa_s, i);
                 if (bss) {
-                       struct dl_list *next = bss->list_id.next;
+                       next = bss->list_id.next;
                         if (next == &wpa_s->bss_id)
                                 bss = NULL;
                         else
                                 bss = dl_list_entry(next, struct wpa_bss,
                                                     list_id);
                 }
+#ifdef CONFIG_P2P
+       } else if (os_strncmp(cmd, "p2p_dev_addr=", 13) == 0) {
+               if (hwaddr_aton(cmd + 13, bssid) == 0)
+                       bss = wpa_bss_get_p2p_dev_addr(wpa_s, bssid);
+               else
+                       bss = NULL;
+#endif /* CONFIG_P2P */
         } else if (hwaddr_aton(cmd, bssid) == 0)
                 bss = wpa_bss_get_bssid(wpa_s, bssid);
         else {
@@ -1984,108 +3238,31 @@ static int wpa_supplicant_ctrl_iface_bss(struct wpa_supplicant *wpa_s,
                 }
         }
  
-       if (bss == NULL)
-               return 0;
-
-       pos = buf;
-       end = buf + buflen;
-       ret = os_snprintf(pos, end - pos,
-                         "id=%u\n"
-                         "bssid=" MACSTR "\n"
-                         "freq=%d\n"
-                         "beacon_int=%d\n"
-                         "capabilities=0x%04x\n"
-                         "qual=%d\n"
-                         "noise=%d\n"
-                         "level=%d\n"
-                         "tsf=%016llu\n"
-                         "ie=",
-                         bss->id,
-                         MAC2STR(bss->bssid), bss->freq, bss->beacon_int,
-                         bss->caps, bss->qual, bss->noise, bss->level,
-                         (unsigned long long) bss->tsf);
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-
-       ie = (const u8 *) (bss + 1);
-       for (i = 0; i < bss->ie_len; i++) {
-               ret = os_snprintf(pos, end - pos, "%02x", *ie++);
-               if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
-               pos += ret;
-       }
-       if (wpa_bss_get_vendor_ie(bss, P2P_IE_VENDOR_TYPE)) {
-               ret = os_snprintf(pos, end - pos, "[P2P]");
-               if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
-               pos += ret;
-       }
-
-       ret = os_snprintf(pos, end - pos, "\n");
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-
-       ret = os_snprintf(pos, end - pos, "flags=");
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-
-       ie = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
-       if (ie)
-               pos = wpa_supplicant_ie_txt(pos, end, "WPA", ie, 2 + ie[1]);
-       ie2 = wpa_bss_get_ie(bss, WLAN_EID_RSN);
-       if (ie2)
-               pos = wpa_supplicant_ie_txt(pos, end, "WPA2", ie2, 2 + ie2[1]);
-       pos = wpa_supplicant_wps_ie_txt(wpa_s, pos, end, bss);
-       if (!ie && !ie2 && bss->caps & IEEE80211_CAP_PRIVACY) {
-               ret = os_snprintf(pos, end - pos, "[WEP]");
-               if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
-               pos += ret;
+       if ((ctmp = os_strstr(cmd, "MASK=")) != NULL) {
+               mask = strtoul(ctmp + 5, NULL, 0x10);
+               if (mask == 0)
+                       mask = WPA_BSS_MASK_ALL;
         }
-       if (bss->caps & IEEE80211_CAP_IBSS) {
-               ret = os_snprintf(pos, end - pos, "[IBSS]");
-               if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
-               pos += ret;
-       }
-       if (bss->caps & IEEE80211_CAP_ESS) {
-               ret = os_snprintf(pos, end - pos, "[ESS]");
-               if (ret < 0 || ret >= end - pos)
-                       return pos - buf;
-               pos += ret;
-       }
-
-       ret = os_snprintf(pos, end - pos, "\n");
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-
-       ret = os_snprintf(pos, end - pos, "ssid=%s\n",
-                         wpa_ssid_txt(bss->ssid, bss->ssid_len));
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
  
-#ifdef CONFIG_WPS
-       ie = (const u8 *) (bss + 1);
-       ret = wpas_wps_scan_result_text(ie, bss->ie_len, pos, end);
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-#endif /* CONFIG_WPS */
+       if (bss == NULL)
+               return 0;
  
-#ifdef CONFIG_P2P
-       ie = (const u8 *) (bss + 1);
-       ret = wpas_p2p_scan_result_text(ie, bss->ie_len, pos, end);
-       if (ret < 0 || ret >= end - pos)
-               return pos - buf;
-       pos += ret;
-#endif /* CONFIG_P2P */
+       if (bsslast == NULL)
+               bsslast = bss;
+       do {
+               len = print_bss_info(wpa_s, bss, mask, buf, buflen);
+               ret += len;
+               buf += len;
+               buflen -= len;
+               if (bss == bsslast)
+                       break;
+               next = bss->list_id.next;
+               if (next == &wpa_s->bss_id)
+                       break;
+               bss = dl_list_entry(next, struct wpa_bss, list_id);
+       } while (bss && len);
  
-       return pos - buf;
+       return ret;
  }
  
  
@@ -2101,10 +3278,7 @@ static int wpa_supplicant_ctrl_iface_scan_interval(
         struct wpa_supplicant *wpa_s, char *cmd)
  {
         int scan_int = atoi(cmd);
-       if (scan_int < 0)
-               return -1;
-       wpa_s->scan_interval = scan_int;
-       return 0;
+       return wpa_supplicant_set_scan_interval(wpa_s, scan_int);
  }
  
  
@@ -2124,6 +3298,19 @@ static int wpa_supplicant_ctrl_iface_bss_expire_count(
  }
  
  
+static int wpa_supplicant_ctrl_iface_bss_flush(
+       struct wpa_supplicant *wpa_s, char *cmd)
+{
+       int flush_age = atoi(cmd);
+
+       if (flush_age == 0)
+               wpa_bss_flush(wpa_s);
+       else
+               wpa_bss_flush_by_age(wpa_s, flush_age);
+       return 0;
+}
+
+
  static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
  {
         wpa_printf(MSG_DEBUG, "Dropping SA without deauthentication");
@@ -2150,6 +3337,9 @@ static void wpa_supplicant_ctrl_iface_drop_sa(struct wpa_supplicant *wpa_s)
  static int wpa_supplicant_ctrl_iface_roam(struct wpa_supplicant *wpa_s,
                                           char *addr)
  {
+#ifdef CONFIG_NO_SCAN_PROCESSING
+       return -1;
+#else /* CONFIG_NO_SCAN_PROCESSING */
         u8 bssid[ETH_ALEN];
         struct wpa_bss *bss;
         struct wpa_ssid *ssid = wpa_s->current_ssid;
@@ -2184,6 +3374,7 @@ static int wpa_supplicant_ctrl_iface_roam(struct wpa_supplicant *wpa_s,
         wpa_supplicant_connect(wpa_s, bss, ssid);
  
         return 0;
+#endif /* CONFIG_NO_SCAN_PROCESSING */
  }
  
  
@@ -2192,13 +3383,32 @@ static int p2p_ctrl_find(struct wpa_supplicant *wpa_s, char *cmd)
  {
         unsigned int timeout = atoi(cmd);
         enum p2p_discovery_type type = P2P_FIND_START_WITH_FULL;
+       u8 dev_id[ETH_ALEN], *_dev_id = NULL;
+       char *pos;
+       unsigned int search_delay;
  
         if (os_strstr(cmd, "type=social"))
                 type = P2P_FIND_ONLY_SOCIAL;
         else if (os_strstr(cmd, "type=progressive"))
                 type = P2P_FIND_PROGRESSIVE;
  
-       return wpas_p2p_find(wpa_s, timeout, type, 0, NULL);
+       pos = os_strstr(cmd, "dev_id=");
+       if (pos) {
+               pos += 7;
+               if (hwaddr_aton(pos, dev_id))
+                       return -1;
+               _dev_id = dev_id;
+       }
+
+       pos = os_strstr(cmd, "delay=");
+       if (pos) {
+               pos += 6;
+               search_delay = atoi(pos);
+       } else
+               search_delay = wpas_p2p_search_delay(wpa_s);
+
+       return wpas_p2p_find(wpa_s, timeout, type, 0, NULL, _dev_id,
+                            search_delay);
  }
  
  
@@ -2211,14 +3421,19 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd,
         enum p2p_wps_method wps_method;
         int new_pin;
         int ret;
-       int persistent_group;
+       int persistent_group, persistent_id = -1;
         int join;
         int auth;
+       int automatic;
         int go_intent = -1;
         int freq = 0;
+       int pd;
+       int ht40;
  
-       /* <addr> <"pbc" | "pin" | PIN> [label|display|keypad] [persistent]
-        * [join] [auth] [go_intent=<0..15>] [freq=<in MHz>] */
+       /* <addr> <"pbc" | "pin" | PIN> [label|display|keypad]
+        * [persistent|persistent=<network id>]
+        * [join] [auth] [go_intent=<0..15>] [freq=<in MHz>] [provdisc]
+        * [ht40] */
  
         if (hwaddr_aton(cmd, addr))
                 return -1;
@@ -2229,8 +3444,24 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd,
         pos++;
  
         persistent_group = os_strstr(pos, " persistent") != NULL;
+       pos2 = os_strstr(pos, " persistent=");
+       if (pos2) {
+               struct wpa_ssid *ssid;
+               persistent_id = atoi(pos2 + 12);
+               ssid = wpa_config_get_network(wpa_s->conf, persistent_id);
+               if (ssid == NULL || ssid->disabled != 2 ||
+                   ssid->mode != WPAS_MODE_P2P_GO) {
+                       wpa_printf(MSG_DEBUG, "CTRL_IFACE: Could not find "
+                                  "SSID id=%d for persistent P2P group (GO)",
+                                  persistent_id);
+                       return -1;
+               }
+       }
         join = os_strstr(pos, " join") != NULL;
         auth = os_strstr(pos, " auth") != NULL;
+       automatic = os_strstr(pos, " auto") != NULL;
+       pd = os_strstr(pos, " provdisc") != NULL;
+       ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40;
  
         pos2 = os_strstr(pos, " go_intent=");
         if (pos2) {
@@ -2259,16 +3490,19 @@ static int p2p_ctrl_connect(struct wpa_supplicant *wpa_s, char *cmd,
                 wps_method = WPS_PIN_KEYPAD;
                 if (pos) {
                         *pos++ = '\0';
-                       if (os_strncmp(pos, "label", 5) == 0)
-                               wps_method = WPS_PIN_LABEL;
-                       else if (os_strncmp(pos, "display", 7) == 0)
+                       if (os_strncmp(pos, "display", 7) == 0)
                                 wps_method = WPS_PIN_DISPLAY;
                 }
+               if (!wps_pin_str_valid(pin)) {
+                       os_memcpy(buf, "FAIL-INVALID-PIN\n", 17);
+                       return 17;
+               }
         }
  
         new_pin = wpas_p2p_connect(wpa_s, addr, pin, wps_method,
-                                  persistent_group, join, auth, go_intent,
-                                  freq);
+                                  persistent_group, automatic, join,
+                                  auth, go_intent, freq, persistent_id, pd,
+                                  ht40);
         if (new_pin == -2) {
                 os_memcpy(buf, "FAIL-CHANNEL-UNAVAILABLE\n", 25);
                 return 25;
@@ -2302,8 +3536,9 @@ static int p2p_ctrl_prov_disc(struct wpa_supplicant *wpa_s, char *cmd)
  {
         u8 addr[ETH_ALEN];
         char *pos;
+       enum wpas_p2p_prov_disc_use use = WPAS_P2P_PD_FOR_GO_NEG;
  
-       /* <addr> <config method> */
+       /* <addr> <config method> [join|auto] */
  
         if (hwaddr_aton(cmd, addr))
                 return -1;
@@ -2313,7 +3548,12 @@ static int p2p_ctrl_prov_disc(struct wpa_supplicant *wpa_s, char *cmd)
                 return -1;
         pos++;
  
-       return wpas_p2p_prov_disc(wpa_s, addr, pos);
+       if (os_strstr(pos, " join") != NULL)
+               use = WPAS_P2P_PD_FOR_JOIN;
+       else if (os_strstr(pos, " auto") != NULL)
+               use = WPAS_P2P_PD_AUTO;
+
+       return wpas_p2p_prov_disc(wpa_s, addr, pos, use);
  }
  
  
@@ -2361,8 +3601,11 @@ static int p2p_ctrl_serv_disc_req(struct wpa_supplicant *wpa_s, char *cmd,
                 if (*pos != ' ')
                         return -1;
                 pos++;
-               ref = (unsigned long) wpas_p2p_sd_request_upnp(wpa_s, dst,
-                                                              version, pos);
+               ref = wpas_p2p_sd_request_upnp(wpa_s, dst, version, pos);
+#ifdef CONFIG_WIFI_DISPLAY
+       } else if (os_strncmp(pos, "wifi-display ", 13) == 0) {
+               ref = wpas_p2p_sd_request_wifi_display(wpa_s, dst, pos + 13);
+#endif /* CONFIG_WIFI_DISPLAY */
         } else {
                 len = os_strlen(pos);
                 if (len & 1)
@@ -2376,9 +3619,11 @@ static int p2p_ctrl_serv_disc_req(struct wpa_supplicant *wpa_s, char *cmd,
                         return -1;
                 }
  
-               ref = (unsigned long) wpas_p2p_sd_request(wpa_s, dst, tlvs);
+               ref = wpas_p2p_sd_request(wpa_s, dst, tlvs);
                 wpabuf_free(tlvs);
         }
+       if (ref == 0)
+               return -1;
         res = os_snprintf(buf, buflen, "%llx", (long long unsigned) ref);
         if (res < 0 || (unsigned) res >= buflen)
                 return -1;
@@ -2394,7 +3639,7 @@ static int p2p_ctrl_serv_disc_cancel_req(struct wpa_supplicant *wpa_s,
         if (sscanf(cmd, "%llx", &val) != 1)
                 return -1;
         req = val;
-       return wpas_p2p_sd_cancel_request(wpa_s, (void *) (unsigned long) req);
+       return wpas_p2p_sd_cancel_request(wpa_s, req);
  }
  
  
@@ -2449,6 +3694,8 @@ static int p2p_ctrl_serv_disc_resp(struct wpa_supplicant *wpa_s, char *cmd)
  static int p2p_ctrl_serv_disc_external(struct wpa_supplicant *wpa_s,
                                        char *cmd)
  {
+       if (os_strcmp(cmd, "0") && os_strcmp(cmd, "1"))
+               return -1;
         wpa_s->p2p_sd_over_ctrl_iface = atoi(cmd);
         return 0;
  }
@@ -2617,7 +3864,9 @@ static int p2p_ctrl_invite_persistent(struct wpa_supplicant *wpa_s, char *cmd)
         char *pos;
         int id;
         struct wpa_ssid *ssid;
-       u8 peer[ETH_ALEN];
+       u8 *_peer = NULL, peer[ETH_ALEN];
+       int freq = 0;
+       int ht40;
  
         id = atoi(cmd);
         pos = os_strstr(cmd, " peer=");
@@ -2625,6 +3874,7 @@ static int p2p_ctrl_invite_persistent(struct wpa_supplicant *wpa_s, char *cmd)
                 pos += 6;
                 if (hwaddr_aton(pos, peer))
                         return -1;
+               _peer = peer;
         }
         ssid = wpa_config_get_network(wpa_s->conf, id);
         if (ssid == NULL || ssid->disabled != 2) {
@@ -2634,7 +3884,17 @@ static int p2p_ctrl_invite_persistent(struct wpa_supplicant *wpa_s, char *cmd)
                 return -1;
         }
  
-       return wpas_p2p_invite(wpa_s, pos ? peer : NULL, ssid, NULL);
+       pos = os_strstr(cmd, " freq=");
+       if (pos) {
+               pos += 6;
+               freq = atoi(pos);
+               if (freq <= 0)
+                       return -1;
+       }
+
+       ht40 = (os_strstr(cmd, " ht40") != NULL) || wpa_s->conf->p2p_go_ht40;
+
+       return wpas_p2p_invite(wpa_s, _peer, ssid, NULL, freq, ht40);
  }
  
  
@@ -2681,7 +3941,7 @@ static int p2p_ctrl_invite(struct wpa_supplicant *wpa_s, char *cmd)
  
  
  static int p2p_ctrl_group_add_persistent(struct wpa_supplicant *wpa_s,
-                                        char *cmd, int freq)
+                                        char *cmd, int freq, int ht40)
  {
         int id;
         struct wpa_ssid *ssid;
@@ -2695,26 +3955,31 @@ static int p2p_ctrl_group_add_persistent(struct wpa_supplicant *wpa_s,
                 return -1;
         }
  
-       return wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq);
+       return wpas_p2p_group_add_persistent(wpa_s, ssid, 0, freq, ht40);
  }
  
  
  static int p2p_ctrl_group_add(struct wpa_supplicant *wpa_s, char *cmd)
  {
-       int freq = 0;
+       int freq = 0, ht40;
         char *pos;
  
         pos = os_strstr(cmd, "freq=");
         if (pos)
                 freq = atoi(pos + 5);
  
+       ht40 = (os_strstr(cmd, "ht40") != NULL) || wpa_s->conf->p2p_go_ht40;
+
         if (os_strncmp(cmd, "persistent=", 11) == 0)
-               return p2p_ctrl_group_add_persistent(wpa_s, cmd + 11, freq);
+               return p2p_ctrl_group_add_persistent(wpa_s, cmd + 11, freq,
+                                                    ht40);
         if (os_strcmp(cmd, "persistent") == 0 ||
             os_strncmp(cmd, "persistent ", 11) == 0)
-               return wpas_p2p_group_add(wpa_s, 1, freq);
+               return wpas_p2p_group_add(wpa_s, 1, freq, ht40);
         if (os_strncmp(cmd, "freq=", 5) == 0)
-               return wpas_p2p_group_add(wpa_s, 0, freq);
+               return wpas_p2p_group_add(wpa_s, 0, freq, ht40);
+       if (ht40)
+               return wpas_p2p_group_add(wpa_s, 0, freq, ht40);
  
         wpa_printf(MSG_DEBUG, "CTRL: Invalid P2P_GROUP_ADD parameters '%s'",
                    cmd);
@@ -2726,7 +3991,12 @@ static int p2p_ctrl_peer(struct wpa_supplicant *wpa_s, char *cmd,
                          char *buf, size_t buflen)
  {
         u8 addr[ETH_ALEN], *addr_ptr;
-       int next;
+       int next, res;
+       const struct p2p_peer_info *info;
+       char *pos, *end;
+       char devtype[WPS_DEV_TYPE_BUFSIZE];
+       struct wpa_ssid *ssid;
+       size_t i;
  
         if (!wpa_s->global->p2p)
                 return -1;
@@ -2742,12 +4012,120 @@ static int p2p_ctrl_peer(struct wpa_supplicant *wpa_s, char *cmd,
         } else {
                 if (hwaddr_aton(cmd, addr) < 0)
                         return -1;
-               addr_ptr = addr;
-               next = 0;
+               addr_ptr = addr;
+               next = 0;
+       }
+
+       info = p2p_get_peer_info(wpa_s->global->p2p, addr_ptr, next);
+       if (info == NULL)
+               return -1;
+
+       pos = buf;
+       end = buf + buflen;
+
+       res = os_snprintf(pos, end - pos, MACSTR "\n"
+                         "pri_dev_type=%s\n"
+                         "device_name=%s\n"
+                         "manufacturer=%s\n"
+                         "model_name=%s\n"
+                         "model_number=%s\n"
+                         "serial_number=%s\n"
+                         "config_methods=0x%x\n"
+                         "dev_capab=0x%x\n"
+                         "group_capab=0x%x\n"
+                         "level=%d\n",
+                         MAC2STR(info->p2p_device_addr),
+                         wps_dev_type_bin2str(info->pri_dev_type,
+                                              devtype, sizeof(devtype)),
+                         info->device_name,
+                         info->manufacturer,
+                         info->model_name,
+                         info->model_number,
+                         info->serial_number,
+                         info->config_methods,
+                         info->dev_capab,
+                         info->group_capab,
+                         info->level);
+       if (res < 0 || res >= end - pos)
+               return pos - buf;
+       pos += res;
+
+       for (i = 0; i < info->wps_sec_dev_type_list_len / WPS_DEV_TYPE_LEN; i++)
+       {
+               const u8 *t;
+               t = &info->wps_sec_dev_type_list[i * WPS_DEV_TYPE_LEN];
+               res = os_snprintf(pos, end - pos, "sec_dev_type=%s\n",
+                                 wps_dev_type_bin2str(t, devtype,
+                                                      sizeof(devtype)));
+               if (res < 0 || res >= end - pos)
+                       return pos - buf;
+               pos += res;
+       }
+
+       ssid = wpas_p2p_get_persistent(wpa_s, info->p2p_device_addr, NULL, 0);
+       if (ssid) {
+               res = os_snprintf(pos, end - pos, "persistent=%d\n", ssid->id);
+               if (res < 0 || res >= end - pos)
+                       return pos - buf;
+               pos += res;
+       }
+
+       res = p2p_get_peer_info_txt(info, pos, end - pos);
+       if (res < 0)
+               return pos - buf;
+       pos += res;
+
+       return pos - buf;
+}
+
+
+static int p2p_ctrl_disallow_freq(struct wpa_supplicant *wpa_s,
+                                 const char *param)
+{
+       struct wpa_freq_range *freq = NULL, *n;
+       unsigned int count = 0, i;
+       const char *pos, *pos2, *pos3;
+
+       if (wpa_s->global->p2p == NULL)
+               return -1;
+
+       /*
+        * param includes comma separated frequency range.
+        * For example: 2412-2432,2462,5000-6000
+        */
+       pos = param;
+       while (pos && pos[0]) {
+               n = os_realloc_array(freq, count + 1,
+                                    sizeof(struct wpa_freq_range));
+               if (n == NULL) {
+                       os_free(freq);
+                       return -1;
+               }
+               freq = n;
+               freq[count].min = atoi(pos);
+               pos2 = os_strchr(pos, '-');
+               pos3 = os_strchr(pos, ',');
+               if (pos2 && (!pos3 || pos2 < pos3)) {
+                       pos2++;
+                       freq[count].max = atoi(pos2);
+               } else
+                       freq[count].max = freq[count].min;
+               pos = pos3;
+               if (pos)
+                       pos++;
+               count++;
+       }
+
+       for (i = 0; i < count; i++) {
+               wpa_printf(MSG_DEBUG, "P2P: Disallowed frequency range %u-%u",
+                          freq[i].min, freq[i].max);
         }
  
-       return p2p_get_peer_info(wpa_s->global->p2p, addr_ptr, next,
-                                buf, buflen);
+       os_free(wpa_s->global->p2p_disallow_freq);
+       wpa_s->global->p2p_disallow_freq = freq;
+       wpa_s->global->num_p2p_disallow_freq = count;
+       wpas_p2p_update_channel_list(wpa_s);
+       return 0;
  }
  
  
@@ -2830,6 +4208,20 @@ static int p2p_ctrl_set(struct wpa_supplicant *wpa_s, char *cmd)
                 return 0;
         }
  
+       if (os_strcmp(cmd, "conc_pref") == 0) {
+               if (os_strcmp(param, "sta") == 0)
+                       wpa_s->global->conc_pref = WPA_CONC_PREF_STA;
+               else if (os_strcmp(param, "p2p") == 0)
+                       wpa_s->global->conc_pref = WPA_CONC_PREF_P2P;
+               else {
+                       wpa_printf(MSG_INFO, "Invalid conc_pref value");
+                       return -1;
+               }
+               wpa_printf(MSG_DEBUG, "Single channel concurrency preference: "
+                          "%s", param);
+               return 0;
+       }
+
         if (os_strcmp(cmd, "force_long_sd") == 0) {
                 wpa_s->force_long_sd = atoi(param);
                 return 0;
@@ -2895,6 +4287,33 @@ static int p2p_ctrl_set(struct wpa_supplicant *wpa_s, char *cmd)
                 return 0;
         }
  
+       if (os_strcmp(cmd, "disallow_freq") == 0)
+               return p2p_ctrl_disallow_freq(wpa_s, param);
+
+       if (os_strcmp(cmd, "disc_int") == 0) {
+               int min_disc_int, max_disc_int, max_disc_tu;
+               char *pos;
+
+               pos = param;
+
+               min_disc_int = atoi(pos);
+               pos = os_strchr(pos, ' ');
+               if (pos == NULL)
+                       return -1;
+               *pos++ = '\0';
+
+               max_disc_int = atoi(pos);
+               pos = os_strchr(pos, ' ');
+               if (pos == NULL)
+                       return -1;
+               *pos++ = '\0';
+
+               max_disc_tu = atoi(pos);
+
+               return p2p_set_disc_int(wpa_s->global->p2p, min_disc_int,
+                                       max_disc_int, max_disc_tu);
+       }
+
         wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown P2P_SET field value '%s'",
                    cmd);
  
@@ -2954,6 +4373,280 @@ static int p2p_ctrl_ext_listen(struct wpa_supplicant *wpa_s, char *cmd)
  #endif /* CONFIG_P2P */
  
  
+#ifdef CONFIG_INTERWORKING
+static int ctrl_interworking_connect(struct wpa_supplicant *wpa_s, char *dst)
+{
+       u8 bssid[ETH_ALEN];
+       struct wpa_bss *bss;
+
+       if (hwaddr_aton(dst, bssid)) {
+               wpa_printf(MSG_DEBUG, "Invalid BSSID '%s'", dst);
+               return -1;
+       }
+
+       bss = wpa_bss_get_bssid(wpa_s, bssid);
+       if (bss == NULL) {
+               wpa_printf(MSG_DEBUG, "Could not find BSS " MACSTR,
+                          MAC2STR(bssid));
+               return -1;
+       }
+
+       return interworking_connect(wpa_s, bss);
+}
+
+
+static int get_anqp(struct wpa_supplicant *wpa_s, char *dst)
+{
+       u8 dst_addr[ETH_ALEN];
+       int used;
+       char *pos;
+#define MAX_ANQP_INFO_ID 100
+       u16 id[MAX_ANQP_INFO_ID];
+       size_t num_id = 0;
+
+       used = hwaddr_aton2(dst, dst_addr);
+       if (used < 0)
+               return -1;
+       pos = dst + used;
+       while (num_id < MAX_ANQP_INFO_ID) {
+               id[num_id] = atoi(pos);
+               if (id[num_id])
+                       num_id++;
+               pos = os_strchr(pos + 1, ',');
+               if (pos == NULL)
+                       break;
+               pos++;
+       }
+
+       if (num_id == 0)
+               return -1;
+
+       return anqp_send_req(wpa_s, dst_addr, id, num_id);
+}
+
+
+static int gas_request(struct wpa_supplicant *wpa_s, char *cmd)
+{
+       u8 dst_addr[ETH_ALEN];
+       struct wpabuf *advproto, *query = NULL;
+       int used, ret = -1;
+       char *pos, *end;
+       size_t len;
+
+       used = hwaddr_aton2(cmd, dst_addr);
+       if (used < 0)
+               return -1;
+
+       pos = cmd + used;
+       while (*pos == ' ')
+               pos++;
+
+       /* Advertisement Protocol ID */
+       end = os_strchr(pos, ' ');
+       if (end)
+               len = end - pos;
+       else
+               len = os_strlen(pos);
+       if (len & 0x01)
+               return -1;
+       len /= 2;
+       if (len == 0)
+               return -1;
+       advproto = wpabuf_alloc(len);
+       if (advproto == NULL)
+               return -1;
+       if (hexstr2bin(pos, wpabuf_put(advproto, len), len) < 0)
+               goto fail;
+
+       if (end) {
+               /* Optional Query Request */
+               pos = end + 1;
+               while (*pos == ' ')
+                       pos++;
+
+               len = os_strlen(pos);
+               if (len) {
+                       if (len & 0x01)
+                               goto fail;
+                       len /= 2;
+                       if (len == 0)
+                               goto fail;
+                       query = wpabuf_alloc(len);
+                       if (query == NULL)
+                               goto fail;
+                       if (hexstr2bin(pos, wpabuf_put(query, len), len) < 0)
+                               goto fail;
+               }
+       }
+
+       ret = gas_send_request(wpa_s, dst_addr, advproto, query);
+
+fail:
+       wpabuf_free(advproto);
+       wpabuf_free(query);
+
+       return ret;
+}
+
+
+static int gas_response_get(struct wpa_supplicant *wpa_s, char *cmd, char *buf,
+                           size_t buflen)
+{
+       u8 addr[ETH_ALEN];
+       int dialog_token;
+       int used;
+       char *pos;
+       size_t resp_len, start, requested_len;
+
+       if (!wpa_s->last_gas_resp)
+               return -1;
+
+       used = hwaddr_aton2(cmd, addr);
+       if (used < 0)
+               return -1;
+
+       pos = cmd + used;
+       while (*pos == ' ')
+               pos++;
+       dialog_token = atoi(pos);
+
+       if (os_memcmp(addr, wpa_s->last_gas_addr, ETH_ALEN) != 0 ||
+           dialog_token != wpa_s->last_gas_dialog_token)
+               return -1;
+
+       resp_len = wpabuf_len(wpa_s->last_gas_resp);
+       start = 0;
+       requested_len = resp_len;
+
+       pos = os_strchr(pos, ' ');
+       if (pos) {
+               start = atoi(pos);
+               if (start > resp_len)
+                       return os_snprintf(buf, buflen, "FAIL-Invalid range");
+               pos = os_strchr(pos, ',');
+               if (pos == NULL)
+                       return -1;
+               pos++;
+               requested_len = atoi(pos);
+               if (start + requested_len > resp_len)
+                       return os_snprintf(buf, buflen, "FAIL-Invalid range");
+       }
+
+       if (requested_len * 2 + 1 > buflen)
+               return os_snprintf(buf, buflen, "FAIL-Too long response");
+
+       return wpa_snprintf_hex(buf, buflen,
+                               wpabuf_head_u8(wpa_s->last_gas_resp) + start,
+                               requested_len);
+}
+#endif /* CONFIG_INTERWORKING */
+
+
+#ifdef CONFIG_HS20
+
+static int get_hs20_anqp(struct wpa_supplicant *wpa_s, char *dst)
+{
+       u8 dst_addr[ETH_ALEN];
+       int used;
+       char *pos;
+       u32 subtypes = 0;
+
+       used = hwaddr_aton2(dst, dst_addr);
+       if (used < 0)
+               return -1;
+       pos = dst + used;
+       for (;;) {
+               int num = atoi(pos);
+               if (num <= 0 || num > 31)
+                       return -1;
+               subtypes |= BIT(num);
+               pos = os_strchr(pos + 1, ',');
+               if (pos == NULL)
+                       break;
+               pos++;
+       }
+
+       if (subtypes == 0)
+               return -1;
+
+       return hs20_anqp_send_req(wpa_s, dst_addr, subtypes, NULL, 0);
+}
+
+
+static int hs20_nai_home_realm_list(struct wpa_supplicant *wpa_s,
+                                   const u8 *addr, const char *realm)
+{
+       u8 *buf;
+       size_t rlen, len;
+       int ret;
+
+       rlen = os_strlen(realm);
+       len = 3 + rlen;
+       buf = os_malloc(len);
+       if (buf == NULL)
+               return -1;
+       buf[0] = 1; /* NAI Home Realm Count */
+       buf[1] = 0; /* Formatted in accordance with RFC 4282 */
+       buf[2] = rlen;
+       os_memcpy(buf + 3, realm, rlen);
+
+       ret = hs20_anqp_send_req(wpa_s, addr,
+                                BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
+                                buf, len);
+
+       os_free(buf);
+
+       return ret;
+}
+
+
+static int hs20_get_nai_home_realm_list(struct wpa_supplicant *wpa_s,
+                                       char *dst)
+{
+       struct wpa_cred *cred = wpa_s->conf->cred;
+       u8 dst_addr[ETH_ALEN];
+       int used;
+       u8 *buf;
+       size_t len;
+       int ret;
+
+       used = hwaddr_aton2(dst, dst_addr);
+       if (used < 0)
+               return -1;
+
+       while (dst[used] == ' ')
+               used++;
+       if (os_strncmp(dst + used, "realm=", 6) == 0)
+               return hs20_nai_home_realm_list(wpa_s, dst_addr,
+                                               dst + used + 6);
+
+       len = os_strlen(dst + used);
+
+       if (len == 0 && cred && cred->realm)
+               return hs20_nai_home_realm_list(wpa_s, dst_addr, cred->realm);
+
+       if (len % 1)
+               return -1;
+       len /= 2;
+       buf = os_malloc(len);
+       if (buf == NULL)
+               return -1;
+       if (hexstr2bin(dst + used, buf, len) < 0) {
+               os_free(buf);
+               return -1;
+       }
+
+       ret = hs20_anqp_send_req(wpa_s, dst_addr,
+                                BIT(HS20_STYPE_NAI_HOME_REALM_QUERY),
+                                buf, len);
+       os_free(buf);
+
+       return ret;
+}
+
+#endif /* CONFIG_HS20 */
+
+
  static int wpa_supplicant_ctrl_iface_sta_autoconnect(
         struct wpa_supplicant *wpa_s, char *cmd)
  {
@@ -2962,6 +4655,90 @@ static int wpa_supplicant_ctrl_iface_sta_autoconnect(
  }
  
  
+#ifdef CONFIG_AUTOSCAN
+
+static int wpa_supplicant_ctrl_iface_autoscan(struct wpa_supplicant *wpa_s,
+                                             char *cmd)
+{
+       enum wpa_states state = wpa_s->wpa_state;
+       char *new_params = NULL;
+
+       if (os_strlen(cmd) > 0) {
+               new_params = os_strdup(cmd);
+               if (new_params == NULL)
+                       return -1;
+       }
+
+       os_free(wpa_s->conf->autoscan);
+       wpa_s->conf->autoscan = new_params;
+
+       if (wpa_s->conf->autoscan == NULL)
+               autoscan_deinit(wpa_s);
+       else if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
+               autoscan_init(wpa_s, 1);
+       else if (state == WPA_SCANNING)
+               wpa_supplicant_reinit_autoscan(wpa_s);
+
+       return 0;
+}
+
+#endif /* CONFIG_AUTOSCAN */
+
+
+#ifdef CONFIG_WNM
+
+static int wpas_ctrl_iface_wnm_sleep(struct wpa_supplicant *wpa_s, char *cmd)
+{
+       int enter;
+       int intval = 0;
+       char *pos;
+       int ret;
+       struct wpabuf *tfs_req = NULL;
+
+       if (os_strncmp(cmd, "enter", 5) == 0)
+               enter = 1;
+       else if (os_strncmp(cmd, "exit", 4) == 0)
+               enter = 0;
+       else
+               return -1;
+
+       pos = os_strstr(cmd, " interval=");
+       if (pos)
+               intval = atoi(pos + 10);
+
+       pos = os_strstr(cmd, " tfs_req=");
+       if (pos) {
+               char *end;
+               size_t len;
+               pos += 9;
+               end = os_strchr(pos, ' ');
+               if (end)
+                       len = end - pos;
+               else
+                       len = os_strlen(pos);
+               if (len & 1)
+                       return -1;
+               len /= 2;
+               tfs_req = wpabuf_alloc(len);
+               if (tfs_req == NULL)
+                       return -1;
+               if (hexstr2bin(pos, wpabuf_put(tfs_req, len), len) < 0) {
+                       wpabuf_free(tfs_req);
+                       return -1;
+               }
+       }
+
+       ret = ieee802_11_send_wnmsleep_req(wpa_s, enter ? WNM_SLEEP_MODE_ENTER :
+                                          WNM_SLEEP_MODE_EXIT, intval,
+                                          tfs_req);
+       wpabuf_free(tfs_req);
+
+       return ret;
+}
+
+#endif /* CONFIG_WNM */
+
+
  static int wpa_supplicant_signal_poll(struct wpa_supplicant *wpa_s, char *buf,
                                       size_t buflen)
  {
@@ -2982,6 +4759,38 @@ static int wpa_supplicant_signal_poll(struct wpa_supplicant *wpa_s, char *buf,
  }
  
  
+static int wpa_supplicant_pktcnt_poll(struct wpa_supplicant *wpa_s, char *buf,
+                                     size_t buflen)
+{
+       struct hostap_sta_driver_data sta;
+       int ret;
+
+       ret = wpa_drv_pktcnt_poll(wpa_s, &sta);
+       if (ret)
+               return -1;
+
+       ret = os_snprintf(buf, buflen, "TXGOOD=%lu\nTXBAD=%lu\nRXGOOD=%lu\n",
+                         sta.tx_packets, sta.tx_retry_failed, sta.rx_packets);
+       if (ret < 0 || (size_t) ret > buflen)
+               return -1;
+       return ret;
+}
+
+
+#ifdef ANDROID
+static int wpa_supplicant_driver_cmd(struct wpa_supplicant *wpa_s, char *cmd,
+                                    char *buf, size_t buflen)
+{
+       int ret;
+
+       ret = wpa_drv_driver_cmd(wpa_s, cmd, buf, buflen);
+       if (ret == 0)
+               ret = sprintf(buf, "%s\n", "OK");
+       return ret;
+}
+#endif
+
+
  char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                                          char *buf, size_t *resp_len)
  {
@@ -2991,7 +4800,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         int reply_len;
  
         if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0 ||
-           os_strncmp(buf, "SET_NETWORK ", 12) == 0) {
+           os_strncmp(buf, "SET_NETWORK ", 12) == 0 ||
+           os_strncmp(buf, "WPS_NFC_TAG_READ", 16) == 0 ||
+           os_strncmp(buf, "NFC_RX_HANDOVER_SEL", 19) == 0) {
                 wpa_hexdump_ascii_key(MSG_DEBUG, "RX ctrl_iface",
                                       (const u8 *) buf, os_strlen(buf));
         } else {
@@ -3000,6 +4811,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                         level = MSG_EXCESSIVE;
                 wpa_hexdump_ascii(level, "RX ctrl_iface",
                                   (const u8 *) buf, os_strlen(buf));
+               wpa_dbg(wpa_s, level, "Control interface command '%s'", buf);
         }
  
         reply = os_malloc(reply_size);
@@ -3014,6 +4826,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         if (os_strcmp(buf, "PING") == 0) {
                 os_memcpy(reply, "PONG\n", 5);
                 reply_len = 5;
+       } else if (os_strcmp(buf, "IFNAME") == 0) {
+               reply_len = os_strlen(wpa_s->ifname);
+               os_memcpy(reply, wpa_s->ifname, reply_len);
         } else if (os_strncmp(buf, "RELOG", 5) == 0) {
                 if (wpa_debug_reopen_file() < 0)
                         reply_len = -1;
@@ -3049,19 +4864,13 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strcmp(buf, "REASSOCIATE") == 0) {
                 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
                         reply_len = -1;
-               else {
-                       wpa_s->disconnected = 0;
-                       wpa_s->reassociate = 1;
-                       wpa_supplicant_req_scan(wpa_s, 0, 0);
-               }
+               else
+                       wpas_request_connection(wpa_s);
         } else if (os_strcmp(buf, "RECONNECT") == 0) {
                 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
                         reply_len = -1;
-               else if (wpa_s->disconnected) {
-                       wpa_s->disconnected = 0;
-                       wpa_s->reassociate = 1;
-                       wpa_supplicant_req_scan(wpa_s, 0, 0);
-               }
+               else if (wpa_s->disconnected)
+                       wpas_request_connection(wpa_s);
  #ifdef IEEE8021X_EAPOL
         } else if (os_strncmp(buf, "PREAUTH ", 8) == 0) {
                 if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
@@ -3102,11 +4911,33 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strcmp(buf, "WPS_CANCEL") == 0) {
                 if (wpas_wps_cancel(wpa_s))
                         reply_len = -1;
-#ifdef CONFIG_WPS_OOB
-       } else if (os_strncmp(buf, "WPS_OOB ", 8) == 0) {
-               if (wpa_supplicant_ctrl_iface_wps_oob(wpa_s, buf + 8))
+#ifdef CONFIG_WPS_NFC
+       } else if (os_strcmp(buf, "WPS_NFC") == 0) {
+               if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, NULL))
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "WPS_NFC ", 8) == 0) {
+               if (wpa_supplicant_ctrl_iface_wps_nfc(wpa_s, buf + 8))
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "WPS_NFC_TOKEN ", 14) == 0) {
+               reply_len = wpa_supplicant_ctrl_iface_wps_nfc_token(
+                       wpa_s, buf + 14, reply, reply_size);
+       } else if (os_strncmp(buf, "WPS_NFC_TAG_READ ", 17) == 0) {
+               if (wpa_supplicant_ctrl_iface_wps_nfc_tag_read(wpa_s,
+                                                              buf + 17))
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "NFC_GET_HANDOVER_REQ ", 21) == 0) {
+               reply_len = wpas_ctrl_nfc_get_handover_req(
+                       wpa_s, buf + 21, reply, reply_size);
+       } else if (os_strncmp(buf, "NFC_GET_HANDOVER_SEL ", 21) == 0) {
+               reply_len = wpas_ctrl_nfc_get_handover_sel(
+                       wpa_s, buf + 21, reply, reply_size);
+       } else if (os_strncmp(buf, "NFC_RX_HANDOVER_REQ ", 20) == 0) {
+               reply_len = wpas_ctrl_nfc_rx_handover_req(
+                       wpa_s, buf + 20, reply, reply_size);
+       } else if (os_strncmp(buf, "NFC_RX_HANDOVER_SEL ", 20) == 0) {
+               if (wpas_ctrl_nfc_rx_handover_sel(wpa_s, buf + 20))
                         reply_len = -1;
-#endif /* CONFIG_WPS_OOB */
+#endif /* CONFIG_WPS_NFC */
         } else if (os_strncmp(buf, "WPS_REG ", 8) == 0) {
                 if (wpa_supplicant_ctrl_iface_wps_reg(wpa_s, buf + 8))
                         reply_len = -1;
@@ -3151,6 +4982,11 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strncmp(buf, "WPS_ER_CONFIG ", 14) == 0) {
                 if (wpa_supplicant_ctrl_iface_wps_er_config(wpa_s, buf + 14))
                         reply_len = -1;
+#ifdef CONFIG_WPS_NFC
+       } else if (os_strncmp(buf, "WPS_ER_NFC_CONFIG_TOKEN ", 24) == 0) {
+               reply_len = wpa_supplicant_ctrl_iface_wps_er_nfc_config_token(
+                       wpa_s, buf + 24, reply, reply_size);
+#endif /* CONFIG_WPS_NFC */
  #endif /* CONFIG_WPS_ER */
  #endif /* CONFIG_WPS */
  #ifdef CONFIG_IBSS_RSN
@@ -3180,7 +5016,7 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                 if (wpas_p2p_group_remove(wpa_s, buf + 17))
                         reply_len = -1;
         } else if (os_strcmp(buf, "P2P_GROUP_ADD") == 0) {
-               if (wpas_p2p_group_add(wpa_s, 0, 0))
+               if (wpas_p2p_group_add(wpa_s, 0, 0, 0))
                         reply_len = -1;
         } else if (os_strncmp(buf, "P2P_GROUP_ADD ", 14) == 0) {
                 if (p2p_ctrl_group_add(wpa_s, buf + 14))
@@ -3200,7 +5036,11 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                 if (p2p_ctrl_serv_disc_resp(wpa_s, buf + 19) < 0)
                         reply_len = -1;
         } else if (os_strcmp(buf, "P2P_SERVICE_UPDATE") == 0) {
+#ifdef ANDROID_P2P
+               wpas_p2p_sd_service_update(wpa_s, SRV_UPDATE);
+#else
                 wpas_p2p_sd_service_update(wpa_s);
+#endif
         } else if (os_strncmp(buf, "P2P_SERV_DISC_EXTERNAL ", 23) == 0) {
                 if (p2p_ctrl_serv_disc_external(wpa_s, buf + 23) < 0)
                         reply_len = -1;
@@ -3248,6 +5088,45 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                 if (p2p_ctrl_ext_listen(wpa_s, "") < 0)
                         reply_len = -1;
  #endif /* CONFIG_P2P */
+#ifdef CONFIG_WIFI_DISPLAY
+       } else if (os_strncmp(buf, "WFD_SUBELEM_SET ", 16) == 0) {
+               if (wifi_display_subelem_set(wpa_s->global, buf + 16) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "WFD_SUBELEM_GET ", 16) == 0) {
+               reply_len = wifi_display_subelem_get(wpa_s->global, buf + 16,
+                                                    reply, reply_size);
+#endif /* CONFIG_WIFI_DISPLAY */
+#ifdef CONFIG_INTERWORKING
+       } else if (os_strcmp(buf, "FETCH_ANQP") == 0) {
+               if (interworking_fetch_anqp(wpa_s) < 0)
+                       reply_len = -1;
+       } else if (os_strcmp(buf, "STOP_FETCH_ANQP") == 0) {
+               interworking_stop_fetch_anqp(wpa_s);
+       } else if (os_strncmp(buf, "INTERWORKING_SELECT", 19) == 0) {
+               if (interworking_select(wpa_s, os_strstr(buf + 19, "auto") !=
+                                       NULL) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "INTERWORKING_CONNECT ", 21) == 0) {
+               if (ctrl_interworking_connect(wpa_s, buf + 21) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "ANQP_GET ", 9) == 0) {
+               if (get_anqp(wpa_s, buf + 9) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "GAS_REQUEST ", 12) == 0) {
+               if (gas_request(wpa_s, buf + 12) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "GAS_RESPONSE_GET ", 17) == 0) {
+               reply_len = gas_response_get(wpa_s, buf + 17, reply,
+                                            reply_size);
+#endif /* CONFIG_INTERWORKING */
+#ifdef CONFIG_HS20
+       } else if (os_strncmp(buf, "HS20_ANQP_GET ", 14) == 0) {
+               if (get_hs20_anqp(wpa_s, buf + 14) < 0)
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "HS20_GET_NAI_HOME_REALM_LIST ", 29) == 0) {
+               if (hs20_get_nai_home_realm_list(wpa_s, buf + 29) < 0)
+                       reply_len = -1;
+#endif /* CONFIG_HS20 */
         } else if (os_strncmp(buf, WPA_CTRL_RSP, os_strlen(WPA_CTRL_RSP)) == 0)
         {
                 if (wpa_supplicant_ctrl_iface_ctrl_rsp(
@@ -3263,28 +5142,45 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strncmp(buf, "BSSID ", 6) == 0) {
                 if (wpa_supplicant_ctrl_iface_bssid(wpa_s, buf + 6))
                         reply_len = -1;
-       } else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
-               reply_len = wpa_supplicant_ctrl_iface_log_level(wpa_s, buf + 9,
-                                                       reply, reply_size);
         } else if (os_strncmp(buf, "BLACKLIST", 9) == 0) {
-               reply_len = wpa_supplicant_ctrl_iface_blacklist(wpa_s, buf + 9,
-                                                       reply, reply_size);
+               reply_len = wpa_supplicant_ctrl_iface_blacklist(
+                       wpa_s, buf + 9, reply, reply_size);
+       } else if (os_strncmp(buf, "LOG_LEVEL", 9) == 0) {
+               reply_len = wpa_supplicant_ctrl_iface_log_level(
+                       wpa_s, buf + 9, reply, reply_size);
         } else if (os_strcmp(buf, "LIST_NETWORKS") == 0) {
                 reply_len = wpa_supplicant_ctrl_iface_list_networks(
                         wpa_s, reply, reply_size);
         } else if (os_strcmp(buf, "DISCONNECT") == 0) {
+#ifdef CONFIG_SME
+               wpa_s->sme.prev_bssid_set = 0;
+#endif /* CONFIG_SME */
                 wpa_s->reassociate = 0;
                 wpa_s->disconnected = 1;
+               wpa_supplicant_cancel_sched_scan(wpa_s);
+               wpa_supplicant_cancel_scan(wpa_s);
                 wpa_supplicant_deauthenticate(wpa_s,
                                               WLAN_REASON_DEAUTH_LEAVING);
-       } else if (os_strcmp(buf, "SCAN") == 0) {
+       } else if ((os_strcmp(buf, "SCAN") == 0) ||
+                  (os_strncmp(buf, "SCAN ", 5) == 0)) {
                 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED)
                         reply_len = -1;
                 else {
-                       if (!wpa_s->scanning &&
+                       if ((os_strlen(buf) > 4) &&
+                           (os_strncasecmp(buf + 5, "TYPE=ONLY", 9) == 0))
+                               wpa_s->scan_res_handler = scan_only_handler;
+                       if (!wpa_s->sched_scanning && !wpa_s->scanning &&
                             ((wpa_s->wpa_state <= WPA_SCANNING) ||
                              (wpa_s->wpa_state == WPA_COMPLETED))) {
-                               wpa_s->scan_req = 2;
+                               wpa_s->normal_scans = 0;
+                               wpa_s->scan_req = MANUAL_SCAN_REQ;
+                               wpa_supplicant_req_scan(wpa_s, 0, 0);
+                       } else if (wpa_s->sched_scanning) {
+                               wpa_printf(MSG_DEBUG, "Stop ongoing "
+                                          "sched_scan to allow requested "
+                                          "full scan to proceed");
+                               wpa_supplicant_cancel_sched_scan(wpa_s);
+                               wpa_s->scan_req = MANUAL_SCAN_REQ;
                                 wpa_supplicant_req_scan(wpa_s, 0, 0);
                         } else {
                                 wpa_printf(MSG_DEBUG, "Ongoing scan action - "
@@ -3317,6 +5213,18 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strncmp(buf, "GET_NETWORK ", 12) == 0) {
                 reply_len = wpa_supplicant_ctrl_iface_get_network(
                         wpa_s, buf + 12, reply, reply_size);
+       } else if (os_strcmp(buf, "LIST_CREDS") == 0) {
+               reply_len = wpa_supplicant_ctrl_iface_list_creds(
+                       wpa_s, reply, reply_size);
+       } else if (os_strcmp(buf, "ADD_CRED") == 0) {
+               reply_len = wpa_supplicant_ctrl_iface_add_cred(
+                       wpa_s, reply, reply_size);
+       } else if (os_strncmp(buf, "REMOVE_CRED ", 12) == 0) {
+               if (wpa_supplicant_ctrl_iface_remove_cred(wpa_s, buf + 12))
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "SET_CRED ", 9) == 0) {
+               if (wpa_supplicant_ctrl_iface_set_cred(wpa_s, buf + 9))
+                       reply_len = -1;
  #ifndef CONFIG_NO_CONFIG_WRITE
         } else if (os_strcmp(buf, "SAVE_CONFIG") == 0) {
                 if (wpa_supplicant_ctrl_iface_save_config(wpa_s))
@@ -3349,6 +5257,12 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
                 reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
                                                    reply_size);
+       } else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) {
+               if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15))
+                       reply_len = -1;
+       } else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) {
+               if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13))
+                       reply_len = -1;
  #endif /* CONFIG_AP */
         } else if (os_strcmp(buf, "SUSPEND") == 0) {
                 wpas_notify_suspend(wpa_s->global);
@@ -3369,6 +5283,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
                 if (wpa_supplicant_ctrl_iface_bss_expire_count(wpa_s,
                                                                buf + 17))
                         reply_len = -1;
+       } else if (os_strncmp(buf, "BSS_FLUSH ", 10) == 0) {
+               if (wpa_supplicant_ctrl_iface_bss_flush(wpa_s, buf + 10))
+                       reply_len = -1;
  #ifdef CONFIG_TDLS
         } else if (os_strncmp(buf, "TDLS_DISCOVER ", 14) == 0) {
                 if (wpa_supplicant_ctrl_iface_tdls_discover(wpa_s, buf + 14))
@@ -3383,6 +5300,27 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
         } else if (os_strncmp(buf, "SIGNAL_POLL", 11) == 0) {
                 reply_len = wpa_supplicant_signal_poll(wpa_s, reply,
                                                        reply_size);
+       } else if (os_strncmp(buf, "PKTCNT_POLL", 11) == 0) {
+               reply_len = wpa_supplicant_pktcnt_poll(wpa_s, reply,
+                                                      reply_size);
+#ifdef CONFIG_AUTOSCAN
+       } else if (os_strncmp(buf, "AUTOSCAN ", 9) == 0) {
+               if (wpa_supplicant_ctrl_iface_autoscan(wpa_s, buf + 9))
+                       reply_len = -1;
+#endif /* CONFIG_AUTOSCAN */
+#ifdef ANDROID
+       } else if (os_strncmp(buf, "DRIVER ", 7) == 0) {
+               reply_len = wpa_supplicant_driver_cmd(wpa_s, buf + 7, reply,
+                                                     reply_size);
+#endif
+       } else if (os_strcmp(buf, "REAUTHENTICATE") == 0) {
+               pmksa_cache_clear_current(wpa_s->wpa);
+               eapol_sm_request_reauth(wpa_s->eapol);
+#ifdef CONFIG_WNM
+       } else if (os_strncmp(buf, "WNM_SLEEP ", 10) == 0) {
+               if (wpas_ctrl_iface_wnm_sleep(wpa_s, buf + 10))
+                       reply_len = -1;
+#endif /* CONFIG_WNM */
         } else {
                 os_memcpy(reply, "UNKNOWN COMMAND\n", 16);
                 reply_len = 16;
@@ -3488,7 +5426,7 @@ static int wpa_supplicant_global_iface_remove(struct wpa_global *global,
         wpa_s = wpa_supplicant_get_iface(global, cmd);
         if (wpa_s == NULL)
                 return -1;
-       return wpa_supplicant_remove_iface(global, wpa_s);
+       return wpa_supplicant_remove_iface(global, wpa_s, 0);
  }
  
  
@@ -3579,8 +5517,11 @@ char * wpa_supplicant_global_ctrl_iface_process(struct wpa_global *global,
         char *reply;
         const int reply_size = 2048;
         int reply_len;
+       int level = MSG_DEBUG;
  
-       wpa_hexdump_ascii(MSG_DEBUG, "RX global ctrl_iface",
+       if (os_strcmp(buf, "PING") == 0)
+               level = MSG_EXCESSIVE;
+       wpa_hexdump_ascii(level, "RX global ctrl_iface",
                           (const u8 *) buf, os_strlen(buf));
  
         reply = os_malloc(reply_size);