cfg80211/nl80211: add API for MAC address ACLs
Add API to enable drivers to implement MAC address based access control in AP/P2P GO mode. Capable drivers advertise this capability by setting the maximum number of MAC addresses in such a list in wiphy->max_acl_mac_addrs. An initial ACL may be given to the NL80211_CMD_START_AP command and/or changed later with NL80211_CMD_SET_MAC_ACL. Black- and whitelists are supported, but not simultaneously. Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> [rewrite commit log, many cleanups] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Vasanthakumar Thiagarajan
committed by
Johannes Berg
Johannes Berg
parent
6d45a74b1f
commit
77765eaf5c
@@ -170,7 +170,8 @@
|
||||
* %NL80211_ATTR_HIDDEN_SSID, %NL80211_ATTR_CIPHERS_PAIRWISE,
|
||||
* %NL80211_ATTR_CIPHER_GROUP, %NL80211_ATTR_WPA_VERSIONS,
|
||||
* %NL80211_ATTR_AKM_SUITES, %NL80211_ATTR_PRIVACY,
|
||||
* %NL80211_ATTR_AUTH_TYPE and %NL80211_ATTR_INACTIVITY_TIMEOUT.
|
||||
* %NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_INACTIVITY_TIMEOUT,
|
||||
* %NL80211_ATTR_ACL_POLICY and %NL80211_ATTR_MAC_ADDRS.
|
||||
* The channel to use can be set on the interface or be given using the
|
||||
* %NL80211_ATTR_WIPHY_FREQ and the attributes determining channel width.
|
||||
* @NL80211_CMD_NEW_BEACON: old alias for %NL80211_CMD_START_AP
|
||||
@@ -586,6 +587,16 @@
|
||||
* @NL80211_CMD_SET_MCAST_RATE: Change the rate used to send multicast frames
|
||||
* for IBSS or MESH vif.
|
||||
*
|
||||
* @NL80211_CMD_SET_MAC_ACL: sets ACL for MAC address based access control.
|
||||
* This is to be used with the drivers advertising the support of MAC
|
||||
* address based access control. List of MAC addresses is passed in
|
||||
* %NL80211_ATTR_MAC_ADDRS and ACL policy is passed in
|
||||
* %NL80211_ATTR_ACL_POLICY. Driver will enable ACL with this list, if it
|
||||
* is not already done. The new list will replace any existing list. Driver
|
||||
* will clear its ACL when the list of MAC addresses passed is empty. This
|
||||
* command is used in AP/P2P GO mode. Driver has to make sure to clear its
|
||||
* ACL list during %NL80211_CMD_STOP_AP.
|
||||
*
|
||||
* @NL80211_CMD_MAX: highest used command number
|
||||
* @__NL80211_CMD_AFTER_LAST: internal use
|
||||
*/
|
||||
@@ -736,6 +747,8 @@ enum nl80211_commands {
|
||||
|
||||
NL80211_CMD_SET_MCAST_RATE,
|
||||
|
||||
NL80211_CMD_SET_MAC_ACL,
|
||||
|
||||
/* add new commands above here */
|
||||
|
||||
/* used to define NL80211_CMD_MAX below */
|
||||
@@ -1313,6 +1326,16 @@ enum nl80211_commands {
|
||||
* @NL80211_ATTR_LOCAL_MESH_POWER_MODE: local mesh STA link-specific power mode
|
||||
* defined in &enum nl80211_mesh_power_mode.
|
||||
*
|
||||
* @NL80211_ATTR_ACL_POLICY: ACL policy, see &enum nl80211_acl_policy,
|
||||
* carried in a u32 attribute
|
||||
*
|
||||
* @NL80211_ATTR_MAC_ADDRS: Array of nested MAC addresses, used for
|
||||
* MAC ACL.
|
||||
*
|
||||
* @NL80211_ATTR_MAC_ACL_MAX: u32 attribute to advertise the maximum
|
||||
* number of MAC addresses that a device can support for MAC
|
||||
* ACL.
|
||||
*
|
||||
* @NL80211_ATTR_MAX: highest attribute number currently defined
|
||||
* @__NL80211_ATTR_AFTER_LAST: internal use
|
||||
*/
|
||||
@@ -1585,6 +1608,12 @@ enum nl80211_attrs {
|
||||
|
||||
NL80211_ATTR_LOCAL_MESH_POWER_MODE,
|
||||
|
||||
NL80211_ATTR_ACL_POLICY,
|
||||
|
||||
NL80211_ATTR_MAC_ADDRS,
|
||||
|
||||
NL80211_ATTR_MAC_ACL_MAX,
|
||||
|
||||
/* add attributes here, update the policy in nl80211.c */
|
||||
|
||||
__NL80211_ATTR_AFTER_LAST,
|
||||
@@ -3248,7 +3277,7 @@ enum nl80211_probe_resp_offload_support_attr {
|
||||
* enum nl80211_connect_failed_reason - connection request failed reasons
|
||||
* @NL80211_CONN_FAIL_MAX_CLIENTS: Maximum number of clients that can be
|
||||
* handled by the AP is reached.
|
||||
* @NL80211_CONN_FAIL_BLOCKED_CLIENT: Client's MAC is in the AP's blocklist.
|
||||
* @NL80211_CONN_FAIL_BLOCKED_CLIENT: Connection request is rejected due to ACL.
|
||||
*/
|
||||
enum nl80211_connect_failed_reason {
|
||||
NL80211_CONN_FAIL_MAX_CLIENTS,
|
||||
@@ -3276,4 +3305,22 @@ enum nl80211_scan_flags {
|
||||
NL80211_SCAN_FLAG_AP = 1<<2,
|
||||
};
|
||||
|
||||
/**
|
||||
* enum nl80211_acl_policy - access control policy
|
||||
*
|
||||
* Access control policy is applied on a MAC list set by
|
||||
* %NL80211_CMD_START_AP and %NL80211_CMD_SET_MAC_ACL, to
|
||||
* be used with %NL80211_ATTR_ACL_POLICY.
|
||||
*
|
||||
* @NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED: Deny stations which are
|
||||
* listed in ACL, i.e. allow all the stations which are not listed
|
||||
* in ACL to authenticate.
|
||||
* @NL80211_ACL_POLICY_DENY_UNLESS_LISTED: Allow the stations which are listed
|
||||
* in ACL, i.e. deny all the stations which are not listed in ACL.
|
||||
*/
|
||||
enum nl80211_acl_policy {
|
||||
NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED,
|
||||
NL80211_ACL_POLICY_DENY_UNLESS_LISTED,
|
||||
};
|
||||
|
||||
#endif /* __LINUX_NL80211_H */
|
||||
|
||||
Reference in New Issue
Block a user