diff options
| author | Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com> | 2013-01-18 00:48:45 -0500 |
|---|---|---|
| committer | Johannes Berg <johannes.berg@intel.com> | 2013-01-25 12:36:44 -0500 |
| commit | 77765eaf5cfb6b8dd98ec8b54b411d74ff6095f1 (patch) | |
| tree | 2b32fca883ee0c5a149290b3df3d97b21cb85549 /include/uapi | |
| parent | 6d45a74b1f2e42e41c9931bfb35cdb789d0bb3ea (diff) | |
cfg80211/nl80211: add API for MAC address ACLs
Add API to enable drivers to implement MAC address based
access control in AP/P2P GO mode. Capable drivers advertise
this capability by setting the maximum number of MAC
addresses in such a list in wiphy->max_acl_mac_addrs.
An initial ACL may be given to the NL80211_CMD_START_AP
command and/or changed later with NL80211_CMD_SET_MAC_ACL.
Black- and whitelists are supported, but not simultaneously.
Signed-off-by: Vasanthakumar Thiagarajan <vthiagar@qca.qualcomm.com>
[rewrite commit log, many cleanups]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/nl80211.h | 51 |
1 files changed, 49 insertions, 2 deletions
diff --git a/include/uapi/linux/nl80211.h b/include/uapi/linux/nl80211.h index e6eeb4ba5dc5..5b7dbc1ea966 100644 --- a/include/uapi/linux/nl80211.h +++ b/include/uapi/linux/nl80211.h | |||
| @@ -170,7 +170,8 @@ | |||
| 170 | * %NL80211_ATTR_HIDDEN_SSID, %NL80211_ATTR_CIPHERS_PAIRWISE, | 170 | * %NL80211_ATTR_HIDDEN_SSID, %NL80211_ATTR_CIPHERS_PAIRWISE, |
| 171 | * %NL80211_ATTR_CIPHER_GROUP, %NL80211_ATTR_WPA_VERSIONS, | 171 | * %NL80211_ATTR_CIPHER_GROUP, %NL80211_ATTR_WPA_VERSIONS, |
| 172 | * %NL80211_ATTR_AKM_SUITES, %NL80211_ATTR_PRIVACY, | 172 | * %NL80211_ATTR_AKM_SUITES, %NL80211_ATTR_PRIVACY, |
| 173 | * %NL80211_ATTR_AUTH_TYPE and %NL80211_ATTR_INACTIVITY_TIMEOUT. | 173 | * %NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_INACTIVITY_TIMEOUT, |
| 174 | * %NL80211_ATTR_ACL_POLICY and %NL80211_ATTR_MAC_ADDRS. | ||
| 174 | * The channel to use can be set on the interface or be given using the | 175 | * The channel to use can be set on the interface or be given using the |
| 175 | * %NL80211_ATTR_WIPHY_FREQ and the attributes determining channel width. | 176 | * %NL80211_ATTR_WIPHY_FREQ and the attributes determining channel width. |
| 176 | * @NL80211_CMD_NEW_BEACON: old alias for %NL80211_CMD_START_AP | 177 | * @NL80211_CMD_NEW_BEACON: old alias for %NL80211_CMD_START_AP |
| @@ -586,6 +587,16 @@ | |||
| 586 | * @NL80211_CMD_SET_MCAST_RATE: Change the rate used to send multicast frames | 587 | * @NL80211_CMD_SET_MCAST_RATE: Change the rate used to send multicast frames |
| 587 | * for IBSS or MESH vif. | 588 | * for IBSS or MESH vif. |
| 588 | * | 589 | * |
| 590 | * @NL80211_CMD_SET_MAC_ACL: sets ACL for MAC address based access control. | ||
| 591 | * This is to be used with the drivers advertising the support of MAC | ||
| 592 | * address based access control. List of MAC addresses is passed in | ||
| 593 | * %NL80211_ATTR_MAC_ADDRS and ACL policy is passed in | ||
| 594 | * %NL80211_ATTR_ACL_POLICY. Driver will enable ACL with this list, if it | ||
| 595 | * is not already done. The new list will replace any existing list. Driver | ||
| 596 | * will clear its ACL when the list of MAC addresses passed is empty. This | ||
| 597 | * command is used in AP/P2P GO mode. Driver has to make sure to clear its | ||
| 598 | * ACL list during %NL80211_CMD_STOP_AP. | ||
| 599 | * | ||
| 589 | * @NL80211_CMD_MAX: highest used command number | 600 | * @NL80211_CMD_MAX: highest used command number |
| 590 | * @__NL80211_CMD_AFTER_LAST: internal use | 601 | * @__NL80211_CMD_AFTER_LAST: internal use |
| 591 | */ | 602 | */ |
| @@ -736,6 +747,8 @@ enum nl80211_commands { | |||
| 736 | 747 | ||
| 737 | NL80211_CMD_SET_MCAST_RATE, | 748 | NL80211_CMD_SET_MCAST_RATE, |
| 738 | 749 | ||
| 750 | NL80211_CMD_SET_MAC_ACL, | ||
| 751 | |||
| 739 | /* add new commands above here */ | 752 | /* add new commands above here */ |
| 740 | 753 | ||
| 741 | /* used to define NL80211_CMD_MAX below */ | 754 | /* used to define NL80211_CMD_MAX below */ |
| @@ -1313,6 +1326,16 @@ enum nl80211_commands { | |||
| 1313 | * @NL80211_ATTR_LOCAL_MESH_POWER_MODE: local mesh STA link-specific power mode | 1326 | * @NL80211_ATTR_LOCAL_MESH_POWER_MODE: local mesh STA link-specific power mode |
| 1314 | * defined in &enum nl80211_mesh_power_mode. | 1327 | * defined in &enum nl80211_mesh_power_mode. |
| 1315 | * | 1328 | * |
| 1329 | * @NL80211_ATTR_ACL_POLICY: ACL policy, see &enum nl80211_acl_policy, | ||
| 1330 | * carried in a u32 attribute | ||
| 1331 | * | ||
| 1332 | * @NL80211_ATTR_MAC_ADDRS: Array of nested MAC addresses, used for | ||
| 1333 | * MAC ACL. | ||
| 1334 | * | ||
| 1335 | * @NL80211_ATTR_MAC_ACL_MAX: u32 attribute to advertise the maximum | ||
| 1336 | * number of MAC addresses that a device can support for MAC | ||
| 1337 | * ACL. | ||
| 1338 | * | ||
| 1316 | * @NL80211_ATTR_MAX: highest attribute number currently defined | 1339 | * @NL80211_ATTR_MAX: highest attribute number currently defined |
| 1317 | * @__NL80211_ATTR_AFTER_LAST: internal use | 1340 | * @__NL80211_ATTR_AFTER_LAST: internal use |
| 1318 | */ | 1341 | */ |
| @@ -1585,6 +1608,12 @@ enum nl80211_attrs { | |||
| 1585 | 1608 | ||
| 1586 | NL80211_ATTR_LOCAL_MESH_POWER_MODE, | 1609 | NL80211_ATTR_LOCAL_MESH_POWER_MODE, |
| 1587 | 1610 | ||
| 1611 | NL80211_ATTR_ACL_POLICY, | ||
| 1612 | |||
| 1613 | NL80211_ATTR_MAC_ADDRS, | ||
| 1614 | |||
| 1615 | NL80211_ATTR_MAC_ACL_MAX, | ||
| 1616 | |||
| 1588 | /* add attributes here, update the policy in nl80211.c */ | 1617 | /* add attributes here, update the policy in nl80211.c */ |
| 1589 | 1618 | ||
| 1590 | __NL80211_ATTR_AFTER_LAST, | 1619 | __NL80211_ATTR_AFTER_LAST, |
| @@ -3248,7 +3277,7 @@ enum nl80211_probe_resp_offload_support_attr { | |||
| 3248 | * enum nl80211_connect_failed_reason - connection request failed reasons | 3277 | * enum nl80211_connect_failed_reason - connection request failed reasons |
| 3249 | * @NL80211_CONN_FAIL_MAX_CLIENTS: Maximum number of clients that can be | 3278 | * @NL80211_CONN_FAIL_MAX_CLIENTS: Maximum number of clients that can be |
| 3250 | * handled by the AP is reached. | 3279 | * handled by the AP is reached. |
| 3251 | * @NL80211_CONN_FAIL_BLOCKED_CLIENT: Client's MAC is in the AP's blocklist. | 3280 | * @NL80211_CONN_FAIL_BLOCKED_CLIENT: Connection request is rejected due to ACL. |
| 3252 | */ | 3281 | */ |
| 3253 | enum nl80211_connect_failed_reason { | 3282 | enum nl80211_connect_failed_reason { |
| 3254 | NL80211_CONN_FAIL_MAX_CLIENTS, | 3283 | NL80211_CONN_FAIL_MAX_CLIENTS, |
| @@ -3276,4 +3305,22 @@ enum nl80211_scan_flags { | |||
| 3276 | NL80211_SCAN_FLAG_AP = 1<<2, | 3305 | NL80211_SCAN_FLAG_AP = 1<<2, |
| 3277 | }; | 3306 | }; |
| 3278 | 3307 | ||
| 3308 | /** | ||
| 3309 | * enum nl80211_acl_policy - access control policy | ||
| 3310 | * | ||
| 3311 | * Access control policy is applied on a MAC list set by | ||
| 3312 | * %NL80211_CMD_START_AP and %NL80211_CMD_SET_MAC_ACL, to | ||
| 3313 | * be used with %NL80211_ATTR_ACL_POLICY. | ||
| 3314 | * | ||
| 3315 | * @NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED: Deny stations which are | ||
| 3316 | * listed in ACL, i.e. allow all the stations which are not listed | ||
| 3317 | * in ACL to authenticate. | ||
| 3318 | * @NL80211_ACL_POLICY_DENY_UNLESS_LISTED: Allow the stations which are listed | ||
| 3319 | * in ACL, i.e. deny all the stations which are not listed in ACL. | ||
| 3320 | */ | ||
| 3321 | enum nl80211_acl_policy { | ||
| 3322 | NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED, | ||
| 3323 | NL80211_ACL_POLICY_DENY_UNLESS_LISTED, | ||
| 3324 | }; | ||
| 3325 | |||
| 3279 | #endif /* __LINUX_NL80211_H */ | 3326 | #endif /* __LINUX_NL80211_H */ |