Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2226420,
    "url": "http://patchwork.ozlabs.org/api/1.2/patches/2226420/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-77-andrei.otcheretianski@intel.com/",
    "project": {
        "id": 22,
        "url": "http://patchwork.ozlabs.org/api/1.2/projects/22/?format=api",
        "name": "HostAP Development",
        "link_name": "hostap",
        "list_id": "hostap.lists.infradead.org",
        "list_email": "hostap@lists.infradead.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260422122424.43776-77-andrei.otcheretianski@intel.com>",
    "list_archive_url": null,
    "date": "2026-04-22T12:24:07",
    "name": "[76/92] NAN: Support transmission and reception of NAFs in a secure manner",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "f6dc29cc715428772ee759631eecba5ee6a4b390",
    "submitter": {
        "id": 62065,
        "url": "http://patchwork.ozlabs.org/api/1.2/people/62065/?format=api",
        "name": "Andrei Otcheretianski",
        "email": "andrei.otcheretianski@intel.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/hostap/patch/20260422122424.43776-77-andrei.otcheretianski@intel.com/mbox/",
    "series": [
        {
            "id": 501001,
            "url": "http://patchwork.ozlabs.org/api/1.2/series/501001/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/hostap/list/?series=501001",
            "date": "2026-04-22T12:23:05",
            "name": "Add NAN PASN pairing support",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/501001/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2226420/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2226420/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "\n <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>",
        "X-Original-To": "incoming@patchwork.ozlabs.org",
        "Delivered-To": "patchwork-incoming@legolas.ozlabs.org",
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n secure) header.d=lists.infradead.org header.i=@lists.infradead.org\n header.a=rsa-sha256 header.s=bombadil.20210309 header.b=zBiRymza;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n secure) header.d=infradead.org header.i=@infradead.org header.a=rsa-sha256\n header.s=desiato.20200630 header.b=hyDptcD9;\n\tdkim=fail reason=\"signature verification failed\" (2048-bit key;\n unprotected) header.d=intel.com header.i=@intel.com header.a=rsa-sha256\n header.s=Intel header.b=Gy9v27bJ;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=none (no SPF record) smtp.mailfrom=lists.infradead.org\n (client-ip=2607:7c80:54:3::133; helo=bombadil.infradead.org;\n envelope-from=hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org;\n receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from bombadil.infradead.org (bombadil.infradead.org\n [IPv6:2607:7c80:54:3::133])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0z8v3qTfz1y2d\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 22:30:55 +1000 (AEST)",
            "from localhost ([::1] helo=bombadil.infradead.org)\n\tby bombadil.infradead.org with esmtp (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWij-0000000A9y2-32N7;\n\tWed, 22 Apr 2026 12:30:21 +0000",
            "from desiato.infradead.org ([2001:8b0:10b:1:d65d:64ff:fe57:4e05])\n\tby bombadil.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWfj-0000000A5mJ-2U4Y\n\tfor hostap@bombadil.infradead.org;\n\tWed, 22 Apr 2026 12:27:15 +0000",
            "from mgamail.intel.com ([192.198.163.17])\n\tby desiato.infradead.org with esmtps (Exim 4.98.2 #2 (Red Hat Linux))\n\tid 1wFWff-0000000BKYa-0c6m\n\tfor hostap@lists.infradead.org;\n\tWed, 22 Apr 2026 12:27:14 +0000",
            "from orviesa010.jf.intel.com ([10.64.159.150])\n  by fmvoesa111.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:38 -0700",
            "from iapp347.iil.intel.com (HELO 87c02287900a.iil.intel.com)\n ([10.167.28.6])\n  by orviesa010-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;\n 22 Apr 2026 05:26:37 -0700"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=lists.infradead.org; s=bombadil.20210309; h=Sender:\n\tContent-Transfer-Encoding:Content-Type:List-Subscribe:List-Help:List-Post:\n\tList-Archive:List-Unsubscribe:List-Id:MIME-Version:References:In-Reply-To:\n\tMessage-ID:Date:Subject:Cc:To:From:Reply-To:Content-ID:Content-Description:\n\tResent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:\n\tList-Owner; bh=BMdGgTn4GGO150tatMQvCbpnxBSIGDdrINPF8bPPG4M=; b=zBiRymzaU6elw2\n\t70frC3EOUL+TBh1rxryWZF8MVmzXw2Lf+x7jXJPqh73LqXAeAJlI5YxWoT6TQmq3MNkjM1+GWmsRQ\n\txtTrvg7wz1XbZLU+Z5RlF6NyTVbAi7q2+dU615BJHEMxXf4iqgO5B7tWgmf/QQ4sS5LsSuGktqQKM\n\trwWlCL1zjZiwPb8l2YvWs75tuboREJ9ADMN6kQ7G3fWXxPP6V/gGEe5ws6XNSEiZg4hw4W6qQwLvm\n\tVAOfDfekxCob7eWDxIG47Q5Nvtu3SYIMCxYxaNe3nS334bPCOP5/w+cMldS0Uj3pZYLswkBC56gN3\n\tJofIsztSjjE9wZBMpwOQ==;",
            "v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;\n\td=infradead.org; s=desiato.20200630; h=Content-Transfer-Encoding:MIME-Version\n\t:References:In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:\n\tContent-Type:Content-ID:Content-Description;\n\tbh=j01KgNsY9fHxA1j9EPBaRK27XljSJPj1iLihlvmsfpc=; b=hyDptcD9Uh+XxvElf4SX1DkWxY\n\t3hMpehLUPwy611WyE93MjICScxeK5/LXRvS9rsyxFA8FqRoFasxgto4c9h2B08z3tqbpIZ4r5or3b\n\tJnum2gPJlmzjhv4+wUMoNDAkVHO+j2Fh8Cc/t5SrQZcXN/dwU8qlLDc2ZzOemG+FMdvqvuKe3Qa47\n\td1gX9OpaCAFDDl8kmjtcIgWmiHd7RMpjKrI9+OX3aW4C3ek2A6FLQrqIjGjPT5VZcAHDuFu9Ncaiq\n\tNOc+f6eHmDa+rDSdFJ1PTkeZ76DSJ7NkAQOogTCUJZJvhIUXLoYVQb8awzYRl5ayKwGt+/rhB3Vxe\n\tY0L3fx9g==;",
            "v=1; a=rsa-sha256; c=relaxed/simple;\n  d=intel.com; i=@intel.com; q=dns/txt; s=Intel;\n  t=1776860831; x=1808396831;\n  h=from:to:cc:subject:date:message-id:in-reply-to:\n   references:mime-version:content-transfer-encoding;\n  bh=XOjDMgrc1MHV+/ztV1uh+RsGzxiXwLmrIZYzrsxuUOk=;\n  b=Gy9v27bJG/0xL3y5CFYEkKzRmy13WxSvK1E161qekzK4yQQaJXsN0deH\n   fsU7Q/3oASn53qmQtVHWpLb6p5vKpOuU6/nFpvxenp3x0SmNF/iI4Vm4e\n   GBtZoSkVQzasqfGdGS35x3tuVWoanxn5Pe9CdlMAJVAZ58JhhgEFrtprI\n   FiRWf7Q4yDjoh1/UPE5yCGuG7RDOJ5tgO39T6kT+d4yuuItKrNZFqazc3\n   Jgw6JHefxqGn/cr945OIouV5ggtx8cS8S20SYSRavKUJ5Nl6vFF6EVHMo\n   j5QPyNsnfILsWID6gbU/gGgx/brYO/MpFtpxVI2rRP/kReb06KgYpVlqm\n   w==;"
        ],
        "X-CSE-ConnectionGUID": [
            "8zO2eM0jQaWd1OkEVSVOUg==",
            "uX20zi9cR6OiE1FTdAt8/w=="
        ],
        "X-CSE-MsgGUID": [
            "AzX+1PIBSuSqLsMTFDSllA==",
            "dGapZylARS2K4NhIcmhE7g=="
        ],
        "X-IronPort-AV": [
            "E=McAfee;i=\"6800,10657,11764\"; a=\"77687555\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"77687555\"",
            "E=Sophos;i=\"6.23,192,1770624000\";\n   d=\"scan'208\";a=\"231445275\""
        ],
        "X-ExtLoop1": "1",
        "From": "Andrei Otcheretianski <andrei.otcheretianski@intel.com>",
        "To": "hostap@lists.infradead.org",
        "Cc": "vamsin@qti.qualcomm.com,\n\tmaheshkkv@google.com,\n\tIlan Peer <ilan.peer@intel.com>",
        "Subject": "[PATCH 76/92] NAN: Support transmission and reception of NAFs in a\n secure manner",
        "Date": "Wed, 22 Apr 2026 15:24:07 +0300",
        "Message-ID": "<20260422122424.43776-77-andrei.otcheretianski@intel.com>",
        "X-Mailer": "git-send-email 2.53.0",
        "In-Reply-To": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "References": "<20260422122424.43776-1-andrei.otcheretianski@intel.com>",
        "MIME-Version": "1.0",
        "X-CRM114-Version": "20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 ",
        "X-CRM114-CacheID": "sfid-20260422_132711_565171_81EB94CE ",
        "X-CRM114-Status": "GOOD (  25.56  )",
        "X-Spam-Score": "-2.5 (--)",
        "X-Spam-Report": "Spam detection software,\n running on the system \"desiato.infradead.org\",\n has NOT identified this incoming email as spam.  The original\n message has been attached to this so you can view it or label\n similar future email.  If you have any questions, see\n the administrator of that system for details.\n Content preview:  From: Ilan Peer <ilan.peer@intel.com> When a secure NDP is\n    established between two non paired devices, all NAN Action Frames (NAFs)\n   must be transmitted in a secure manner on the secure channel established\n between\n    the peers. Thus, add supp [...]\n Content analysis details:   (-2.5 points, 5.0 required)\n  pts rule name              description\n ---- ----------------------\n --------------------------------------------------\n -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,\n                             medium trust\n                             [192.198.163.17 listed in list.dnswl.org]\n -0.0 SPF_PASS               SPF: sender matches SPF record\n  0.0 SPF_HELO_NONE          SPF: HELO does not publish an SPF Record\n -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from\n author's\n                             domain\n -0.1 DKIM_VALID             Message has at least one valid DKIM or DK\n signature\n  0.1 DKIM_SIGNED            Message has a DKIM or DK signature,\n not necessarily valid\n -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from\n                             envelope-from domain\n -0.0 DKIMWL_WL_HIGH         DKIMwl.org - High trust sender",
        "X-BeenThere": "hostap@lists.infradead.org",
        "X-Mailman-Version": "2.1.34",
        "Precedence": "list",
        "List-Id": "<hostap.lists.infradead.org>",
        "List-Unsubscribe": "<http://lists.infradead.org/mailman/options/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.infradead.org/pipermail/hostap/>",
        "List-Post": "<mailto:hostap@lists.infradead.org>",
        "List-Help": "<mailto:hostap-request@lists.infradead.org?subject=help>",
        "List-Subscribe": "<http://lists.infradead.org/mailman/listinfo/hostap>,\n <mailto:hostap-request@lists.infradead.org?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Sender": "\"Hostap\" <hostap-bounces@lists.infradead.org>",
        "Errors-To": "hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org"
    },
    "content": "From: Ilan Peer <ilan.peer@intel.com>\n\nWhen a secure NDP is established between two non paired devices,\nall NAN Action Frames (NAFs) must be transmitted in a secure manner\non the secure channel established between the peers. Thus, add\nsupport for transmitting and receiving NAFs over NAN Data\ninterfaces:\n\n- When sending a NAF, set the category to 'Protected Dual of Public',\n  set the source and destination addresses to those of the NDIs\n  for which a secure NDP was established, and use the corresponding\n  NAN Data interface for the Tx.\n- When receiving NAF over a NAN Data interface, tunnel it to the NAN\n  management interface for processing.\n\nSigned-off-by: Ilan Peer <ilan.peer@intel.com>\n---\n src/nan/nan.c                   | 155 +++++++++++++++++++++++++++++++-\n wpa_supplicant/nan_supplicant.c |  39 ++++++++\n 2 files changed, 190 insertions(+), 4 deletions(-)",
    "diff": "diff --git a/src/nan/nan.c b/src/nan/nan.c\nindex b4f16bfc6b..e8556f3638 100644\n--- a/src/nan/nan.c\n+++ b/src/nan/nan.c\n@@ -1158,7 +1158,8 @@ static void nan_action_build_header(struct nan_data *nan, struct nan_peer *peer,\n {\n \tu8 category = WLAN_ACTION_PUBLIC;\n \n-\tif (nan_pairing_is_peer_paired(nan, peer->nmi_addr))\n+\tif (nan_pairing_is_peer_paired(nan, peer->nmi_addr) ||\n+\t    !dl_list_empty(&peer->info.sec))\n \t\tcategory = WLAN_ACTION_PROTECTED_DUAL;\n \n \twpabuf_put_u8(buf, category);\n@@ -1217,6 +1218,8 @@ static int nan_action_send(struct nan_data *nan, struct nan_peer *peer,\n \t\t\t   enum nan_subtype subtype)\n {\n \tstruct wpabuf *buf;\n+\tstruct nan_peer_sec_info_entry *cur, *next;\n+\tconst u8 *src, *dst;\n \tint ret;\n \n \tbuf = wpabuf_alloc(NAN_MAX_NAF_LEN);\n@@ -1233,9 +1236,27 @@ static int nan_action_send(struct nan_data *nan, struct nan_peer *peer,\n \n \tif (!nan->cfg->send_naf)\n \t\tgoto out;\n-\tret = nan->cfg->send_naf(nan->cfg->cb_ctx, peer->nmi_addr, NULL,\n-\t\t\t\t nan->cluster_id, buf);\n \n+\t/*\n+\t * By default, the NAN management interface is used for the NAF\n+\t * transmission. However, when pairing was not established with the peer\n+\t * and there is a secure NDP with the peer, need to use the NDIs so that\n+\t * the NAF would be sent in a secure manner\n+\t */\n+\tsrc = NULL;\n+\tdst = peer->nmi_addr;\n+\n+\tif (!(peer->pairing.flags & NAN_PAIRING_FLAG_PAIRED)) {\n+\t\tdl_list_for_each_safe(cur, next, &peer->info.sec,\n+\t\t\t\t      struct nan_peer_sec_info_entry, list) {\n+\t\t\tsrc = cur->local_ndi;\n+\t\t\tdst = cur->peer_ndi;\n+\t\t\tbreak;\n+\t\t}\n+\t}\n+\n+\tret = nan->cfg->send_naf(nan->cfg->cb_ctx, dst, src,\n+\t\t\t\t nan->cluster_id, buf);\n out:\n \twpa_printf(MSG_DEBUG, \"NAN: send_naf: ret=%d\", ret);\n \twpabuf_free(buf);\n@@ -1601,6 +1622,67 @@ static int nan_action_rx_ndp(struct nan_data *nan, struct nan_peer *peer,\n }\n \n \n+/*\n+ * nan_action_substitute_src - Substitute the source address in the NAF if\n+ * it matches an NDI of an existing NDP\n+ *\n+ * @nan: NAN module context from nan_init()\n+ * @mgmt: Pointer to the IEEE 802.11 management frame\n+ * @len: Length of the management frame in octets\n+ *\n+ * NAFs can be sent and received on NDIs. In such cases, the source address\n+ * in the 802.11 header would be the NDI address. This function checks if\n+ * the source address matches any known NDI address and if so, substitutes\n+ * it with the NMI address of the corresponding peer.\n+ */\n+static void nan_action_substitute_src(struct nan_data *nan,\n+\t\t\t\t      const struct ieee80211_mgmt *mgmt,\n+\t\t\t\t      size_t len)\n+{\n+\tstruct nan_peer *peer;\n+\n+\t/* If the peer is known, nothing needs to be changed */\n+\tpeer = nan_get_peer(nan, mgmt->sa);\n+\tif (peer)\n+\t\treturn;\n+\n+\t/*\n+\t * Find a peer with which we have an NDI that matches the source address\n+\t * in the frame, and if found, substitute the frames source address with\n+\t * the peer NMI\n+\t */\n+\tdl_list_for_each(peer, &nan->peer_list, struct nan_peer, list) {\n+\t\tstruct nan_ndp *pndp;\n+\n+\t\t/* When a peer is paired, NAFs are not allowed on NDIs */\n+\t\tif (peer->pairing.flags & NAN_PAIRING_FLAG_PAIRED)\n+\t\t\tcontinue;\n+\n+\t\tdl_list_for_each(pndp, &peer->ndps, struct nan_ndp, list) {\n+\t\t\tconst u8 *addr;\n+\n+\t\t\tif (pndp->initiator)\n+\t\t\t\taddr = pndp->resp_ndi;\n+\t\t\telse\n+\t\t\t\taddr = pndp->init_ndi;\n+\n+\t\t\tif (os_memcmp(addr, mgmt->sa, ETH_ALEN))\n+\t\t\t\tcontinue;\n+\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: NAF from=\" MACSTR \" Received on NDI=\" MACSTR,\n+\t\t\t\t   MAC2STR(peer->nmi_addr), MAC2STR(mgmt->sa));\n+\n+\t\t\tos_memcpy((void *)mgmt->sa, peer->nmi_addr, ETH_ALEN);\n+\t\t}\n+\t}\n+\n+\twpa_printf(MSG_DEBUG,\n+\t\t   \"NAN: NAF from unknown peer=\" MACSTR,\n+\t\t   MAC2STR(mgmt->sa));\n+}\n+\n+\n /*\n  * nan_action_rx - Process a received NAN Action Frame\n  * @nan: NAN module context from nan_init()\n@@ -1619,7 +1701,10 @@ int nan_action_rx(struct nan_data *nan, const struct ieee80211_mgmt *mgmt,\n \tif (!nan_ndp_supported(nan))\n \t\treturn -1;\n \n+\tnan_action_substitute_src(nan, mgmt, len);\n+\n \t/* Parse the NAF and validate its general structure */\n+\n \tret = nan_parse_naf(nan, mgmt, len, &msg);\n \tif (ret)\n \t\treturn ret;\n@@ -1706,6 +1791,68 @@ void nan_set_cluster_id(struct nan_data *nan, const u8 *cluster_id)\n }\n \n \n+/*\n+ * nan_tx_status_get_peer - Get the peer for a transmitted NAF\n+ *\n+ * @nan: NAN module context from nan_init()\n+ * @dst: Destination address of the transmitted frame\n+ * Return: Pointer to the peer or NULL if not found\n+ */\n+static struct nan_peer *nan_tx_status_get_peer(struct nan_data *nan,\n+\t\t\t\t\t       const u8 *dst)\n+{\n+\tstruct nan_peer *peer;\n+\n+\tpeer = nan_get_peer(nan, dst);\n+\tif (peer)\n+\t\treturn peer;\n+\n+\t/*\n+\t * It is possible that the NAF was transmitted over an NDI, e.g.,\n+\t * in case that a secure NDP was established with the peer\n+\t */\n+\tdl_list_for_each(peer, &nan->peer_list, struct nan_peer, list) {\n+\t\tstruct nan_ndp *pndp;\n+\t\tconst u8 *paddr;\n+\n+\t\t/* When a peer is paired, NAFs are not allowed on NDIs */\n+\t\tif (peer->pairing.flags & NAN_PAIRING_FLAG_PAIRED)\n+\t\t\tcontinue;\n+\n+\t\t/*\n+\t\t * When an NDP termination is initiated locally, the NDP is\n+\t\t * removed from the list and is set to the 'ndp_setup' object\n+\t\t * so need to also check that one.\n+\t\t */\n+\t\tif (peer->ndp_setup.ndp) {\n+\t\t\tpndp = peer->ndp_setup.ndp;\n+\n+\t\t\tif (pndp->initiator)\n+\t\t\t\tpaddr = pndp->resp_ndi;\n+\t\t\telse\n+\t\t\t\tpaddr = pndp->init_ndi;\n+\n+\t\t\tif (!os_memcmp(dst, paddr, ETH_ALEN))\n+\t\t\t\treturn peer;\n+\t\t}\n+\n+\t\tdl_list_for_each(pndp, &peer->ndps, struct nan_ndp, list) {\n+\t\t\tif (pndp->initiator)\n+\t\t\t\tpaddr = pndp->resp_ndi;\n+\t\t\telse\n+\t\t\t\tpaddr = pndp->init_ndi;\n+\n+\t\t\tif (os_memcmp(dst, paddr, ETH_ALEN))\n+\t\t\t\tcontinue;\n+\n+\t\t\treturn peer;\n+\t\t}\n+\t}\n+\n+\treturn NULL;\n+}\n+\n+\n /*\n  * nan_tx_status - Notification of the result of a transmitted NAN Action frame\n  * @nan: NAN module context from nan_init()\n@@ -1729,7 +1876,7 @@ int nan_tx_status(struct nan_data *nan, const u8 *dst, const u8 *data,\n \twpa_printf(MSG_DEBUG, \"NAN: TX status: peer=\" MACSTR \", acked=%u\",\n \t\t   MAC2STR(dst), acked);\n \n-\tpeer = nan_get_peer(nan, dst);\n+\tpeer = nan_tx_status_get_peer(nan, dst);\n \tif (!peer) {\n \t\twpa_printf(MSG_DEBUG, \"NAN: TX status: peer not found\");\n \t\treturn 0;\ndiff --git a/wpa_supplicant/nan_supplicant.c b/wpa_supplicant/nan_supplicant.c\nindex 404e28e74d..af1a21ce63 100644\n--- a/wpa_supplicant/nan_supplicant.c\n+++ b/wpa_supplicant/nan_supplicant.c\n@@ -653,6 +653,18 @@ static int wpas_nan_send_naf_cb(void *ctx, const u8 *dst, const u8 *src,\n \n \ta2 = src ? src : wpa_s->own_addr;\n \n+\tif (src && src != wpa_s->own_addr) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Use NDI iface for sending NAF\");\n+\n+\t\twpa_s = wpas_nan_get_ndi_iface(wpa_s, src);\n+\t\tif (!wpa_s) {\n+\t\t\twpa_printf(MSG_DEBUG,\n+\t\t\t\t   \"NAN: No NDI interface found for addr \"\n+\t\t\t\t   MACSTR, MAC2STR(src));\n+\t\t\twpa_s = ctx;\n+\t\t}\n+\t}\n+\n \twpa_printf(MSG_DEBUG, \"NAN: Send NAF - dst=\" MACSTR \" src=\" MACSTR\n \t\t   \" cluster_id=\" MACSTR, MAC2STR(dst), MAC2STR(a2),\n \t\t   MAC2STR(cluster_id));\n@@ -3848,6 +3860,22 @@ void wpas_nan_usd_state_change_notif(struct wpa_supplicant *wpa_s)\n }\n \n \n+static struct wpa_supplicant *\n+wpas_nan_get_mgmt_iface(struct wpa_supplicant *wpa_s)\n+{\n+\tstruct wpa_supplicant *nmi_wpa_s;\n+\n+\tfor (nmi_wpa_s = wpa_s->global->ifaces; nmi_wpa_s;\n+\t     nmi_wpa_s = nmi_wpa_s->next) {\n+\t\tif (!nmi_wpa_s->nan_mgmt)\n+\t\t\tcontinue;\n+\t\treturn nmi_wpa_s;\n+\t}\n+\n+\treturn wpa_s;\n+}\n+\n+\n int wpas_nan_tx_status(struct wpa_supplicant *wpa_s,\n \t\t\tconst u8 *data, size_t data_len, int acked)\n {\n@@ -3855,6 +3883,7 @@ int wpas_nan_tx_status(struct wpa_supplicant *wpa_s,\n \tconst struct ieee80211_mgmt *mgmt =\n \t\t(const struct ieee80211_mgmt *) data;\n \n+\twpa_s = wpas_nan_get_mgmt_iface(wpa_s);\n \tif (!wpas_nan_ndp_allowed(wpa_s))\n \t\treturn -1;\n \n@@ -3875,6 +3904,16 @@ int wpas_nan_tx_status(struct wpa_supplicant *wpa_s,\n void wpas_nan_rx_naf(struct wpa_supplicant *wpa_s,\n \t\t     const struct ieee80211_mgmt *mgmt, size_t len)\n {\n+\tif (mgmt->u.action.category == WLAN_ACTION_PROTECTED_DUAL) {\n+\t\twpa_printf(MSG_DEBUG, \"NAN: RX NAF: ifname=%s: DUAL protected\",\n+\t\t\t   wpa_s->ifname);\n+\n+\t\twpa_s = wpas_nan_get_mgmt_iface(wpa_s);\n+\n+\t\twpa_printf(MSG_DEBUG, \"NAN: Rx NAF: continue processing on %s\",\n+\t\t\t   wpa_s->ifname);\n+\t}\n+\n \tif (!wpas_nan_ndp_allowed(wpa_s))\n \t\treturn;\n \n",
    "prefixes": [
        "76/92"
    ]
}