cfg80211/nl80211: add API for MAC address ACLs

	u8 addr[ETH_ALEN];

};

/**

 * struct cfg80211_acl_data - Access control list data

 *

 * @acl_policy: ACL policy to be applied on the station's

	entry specified by mac_addr

 * @n_acl_entries: Number of MAC address entries passed

 * @mac_addrs: List of MAC addresses of stations to be used for ACL

 */

struct cfg80211_acl_data {

	enum nl80211_acl_policy acl_policy;

	int n_acl_entries;

	/* Keep it last */

	struct mac_address mac_addrs[];

};

/**

 * struct cfg80211_ap_settings - AP configuration

 *

 * @inactivity_timeout: time in seconds to determine station's inactivity.

 * @p2p_ctwindow: P2P CT Window

 * @p2p_opp_ps: P2P opportunistic PS

 * @acl: ACL configuration used by the drivers which has support for

 *	MAC address based access control

 */

struct cfg80211_ap_settings {

	struct cfg80211_chan_def chandef;

	int inactivity_timeout;

	u8 p2p_ctwindow;

	bool p2p_opp_ps;

	const struct cfg80211_acl_data *acl;

};

/**

 *

 * @start_p2p_device: Start the given P2P device.

 * @stop_p2p_device: Stop the given P2P device.

 *

 * @set_mac_acl: Sets MAC address control list in AP and P2P GO mode.

 *	Parameters include ACL policy, an array of MAC address of stations

 *	and the number of MAC addresses. If there is already a list in driver

 *	this new list replaces the existing one. Driver has to clear its ACL

 *	when number of MAC addresses entries is passed as 0. Drivers which

 *	advertise the support for MAC based ACL have to implement this callback.

 */

struct cfg80211_ops {

	int	(*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);

				    struct wireless_dev *wdev);

	void	(*stop_p2p_device)(struct wiphy *wiphy,

				   struct wireless_dev *wdev);

	int	(*set_mac_acl)(struct wiphy *wiphy, struct net_device *dev,

			       const struct cfg80211_acl_data *params);

};

/*

 * @ap_sme_capa: AP SME capabilities, flags from &enum nl80211_ap_sme_features.

 * @ht_capa_mod_mask:  Specify what ht_cap values can be over-ridden.

 *	If null, then none can be over-ridden.

 *

 * @max_acl_mac_addrs: Maximum number of MAC addresses that the device

 *	supports for ACL.

 */

struct wiphy {

	/* assign these fields before you register the wiphy */

	/* Supported interface modes, OR together BIT(NL80211_IFTYPE_...) */

	u16 interface_modes;

	u16 max_acl_mac_addrs;

	u32 flags, features;

	u32 ap_sme_capa;

 *	%NL80211_ATTR_HIDDEN_SSID, %NL80211_ATTR_CIPHERS_PAIRWISE,

 *	%NL80211_ATTR_CIPHER_GROUP, %NL80211_ATTR_WPA_VERSIONS,

 *	%NL80211_ATTR_AKM_SUITES, %NL80211_ATTR_PRIVACY,

 *	%NL80211_ATTR_AUTH_TYPE and %NL80211_ATTR_INACTIVITY_TIMEOUT.

 *	%NL80211_ATTR_AUTH_TYPE, %NL80211_ATTR_INACTIVITY_TIMEOUT,

 *	%NL80211_ATTR_ACL_POLICY and %NL80211_ATTR_MAC_ADDRS.

 *	The channel to use can be set on the interface or be given using the

 *	%NL80211_ATTR_WIPHY_FREQ and the attributes determining channel width.

 * @NL80211_CMD_NEW_BEACON: old alias for %NL80211_CMD_START_AP

 * @NL80211_CMD_SET_MCAST_RATE: Change the rate used to send multicast frames

 *	for IBSS or MESH vif.

 *

 * @NL80211_CMD_SET_MAC_ACL: sets ACL for MAC address based access control.

 *	This is to be used with the drivers advertising the support of MAC

 *	address based access control. List of MAC addresses is passed in

 *	%NL80211_ATTR_MAC_ADDRS and ACL policy is passed in

 *	%NL80211_ATTR_ACL_POLICY. Driver will enable ACL with this list, if it

 *	is not already done. The new list will replace any existing list. Driver

 *	will clear its ACL when the list of MAC addresses passed is empty. This

 *	command is used in AP/P2P GO mode. Driver has to make sure to clear its

 *	ACL list during %NL80211_CMD_STOP_AP.

 *

 * @NL80211_CMD_MAX: highest used command number

 * @__NL80211_CMD_AFTER_LAST: internal use

 */

	NL80211_CMD_SET_MCAST_RATE,

	NL80211_CMD_SET_MAC_ACL,

	/* add new commands above here */

	/* used to define NL80211_CMD_MAX below */

 * @NL80211_ATTR_LOCAL_MESH_POWER_MODE: local mesh STA link-specific power mode

 *	defined in &enum nl80211_mesh_power_mode.

 *

 * @NL80211_ATTR_ACL_POLICY: ACL policy, see &enum nl80211_acl_policy,

 *	carried in a u32 attribute

 *

 * @NL80211_ATTR_MAC_ADDRS: Array of nested MAC addresses, used for

 *	MAC ACL.

 *

 * @NL80211_ATTR_MAC_ACL_MAX: u32 attribute to advertise the maximum

 *	number of MAC addresses that a device can support for MAC

 *	ACL.

 *

 * @NL80211_ATTR_MAX: highest attribute number currently defined

 * @__NL80211_ATTR_AFTER_LAST: internal use

 */

	NL80211_ATTR_LOCAL_MESH_POWER_MODE,

	NL80211_ATTR_ACL_POLICY,

	NL80211_ATTR_MAC_ADDRS,

	NL80211_ATTR_MAC_ACL_MAX,

	/* add attributes here, update the policy in nl80211.c */

	__NL80211_ATTR_AFTER_LAST,

 * enum nl80211_connect_failed_reason - connection request failed reasons

 * @NL80211_CONN_FAIL_MAX_CLIENTS: Maximum number of clients that can be

 *	handled by the AP is reached.

 * @NL80211_CONN_FAIL_BLOCKED_CLIENT: Client's MAC is in the AP's blocklist.

 * @NL80211_CONN_FAIL_BLOCKED_CLIENT: Connection request is rejected due to ACL.

 */

enum nl80211_connect_failed_reason {

	NL80211_CONN_FAIL_MAX_CLIENTS,

	NL80211_SCAN_FLAG_AP				= 1<<2,

};

/**

 * enum nl80211_acl_policy - access control policy

 *

 * Access control policy is applied on a MAC list set by

 * %NL80211_CMD_START_AP and %NL80211_CMD_SET_MAC_ACL, to

 * be used with %NL80211_ATTR_ACL_POLICY.

 *

 * @NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED: Deny stations which are

 *	listed in ACL, i.e. allow all the stations which are not listed

 *	in ACL to authenticate.

 * @NL80211_ACL_POLICY_DENY_UNLESS_LISTED: Allow the stations which are listed

 *	in ACL, i.e. deny all the stations which are not listed in ACL.

 */

enum nl80211_acl_policy {

	NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED,

	NL80211_ACL_POLICY_DENY_UNLESS_LISTED,

};

#endif /* __LINUX_NL80211_H */

			   ETH_ALEN)))

		return -EINVAL;

	if (WARN_ON(wiphy->max_acl_mac_addrs &&

		    (!(wiphy->flags & WIPHY_FLAG_HAVE_AP_SME) ||

		     !rdev->ops->set_mac_acl)))

		return -EINVAL;

	if (wiphy->addresses)

		memcpy(wiphy->perm_addr, wiphy->addresses[0].addr, ETH_ALEN);

	[NL80211_ATTR_SCAN_FLAGS] = { .type = NLA_U32 },

	[NL80211_ATTR_P2P_CTWINDOW] = { .type = NLA_U8 },

	[NL80211_ATTR_P2P_OPPPS] = { .type = NLA_U8 },

	[NL80211_ATTR_ACL_POLICY] = {. type = NLA_U32 },

	[NL80211_ATTR_MAC_ADDRS] = { .type = NLA_NESTED },

};

/* policy for the key attributes */

		    dev->wiphy.ht_capa_mod_mask))

		goto nla_put_failure;

	if (dev->wiphy.flags & WIPHY_FLAG_HAVE_AP_SME &&

	    dev->wiphy.max_acl_mac_addrs &&

	    nla_put_u32(msg, NL80211_ATTR_MAC_ACL_MAX,

			dev->wiphy.max_acl_mac_addrs))

		goto nla_put_failure;

	return genlmsg_end(msg, hdr);

 nla_put_failure:

	return err;

}

/* This function returns an error or the number of nested attributes */

static int validate_acl_mac_addrs(struct nlattr *nl_attr)

{

	struct nlattr *attr;

	int n_entries = 0, tmp;

	nla_for_each_nested(attr, nl_attr, tmp) {

		if (nla_len(attr) != ETH_ALEN)

			return -EINVAL;

		n_entries++;

	}

	return n_entries;

}

/*

 * This function parses ACL information and allocates memory for ACL data.

 * On successful return, the calling function is responsible to free the

 * ACL buffer returned by this function.

 */

static struct cfg80211_acl_data *parse_acl_data(struct wiphy *wiphy,

						struct genl_info *info)

{

	enum nl80211_acl_policy acl_policy;

	struct nlattr *attr;

	struct cfg80211_acl_data *acl;

	int i = 0, n_entries, tmp;

	if (!wiphy->max_acl_mac_addrs)

		return ERR_PTR(-EOPNOTSUPP);

	if (!info->attrs[NL80211_ATTR_ACL_POLICY])

		return ERR_PTR(-EINVAL);

	acl_policy = nla_get_u32(info->attrs[NL80211_ATTR_ACL_POLICY]);

	if (acl_policy != NL80211_ACL_POLICY_ACCEPT_UNLESS_LISTED &&

	    acl_policy != NL80211_ACL_POLICY_DENY_UNLESS_LISTED)

		return ERR_PTR(-EINVAL);

	if (!info->attrs[NL80211_ATTR_MAC_ADDRS])

		return ERR_PTR(-EINVAL);

	n_entries = validate_acl_mac_addrs(info->attrs[NL80211_ATTR_MAC_ADDRS]);

	if (n_entries < 0)

		return ERR_PTR(n_entries);

	if (n_entries > wiphy->max_acl_mac_addrs)

		return ERR_PTR(-ENOTSUPP);

	acl = kzalloc(sizeof(*acl) + (sizeof(struct mac_address) * n_entries),

		      GFP_KERNEL);

	if (!acl)

		return ERR_PTR(-ENOMEM);

	nla_for_each_nested(attr, info->attrs[NL80211_ATTR_MAC_ADDRS], tmp) {

		memcpy(acl->mac_addrs[i].addr, nla_data(attr), ETH_ALEN);

		i++;

	}

	acl->n_acl_entries = n_entries;

	acl->acl_policy = acl_policy;

	return acl;

}

static int nl80211_set_mac_acl(struct sk_buff *skb, struct genl_info *info)

{

	struct cfg80211_registered_device *rdev = info->user_ptr[0];

	struct net_device *dev = info->user_ptr[1];

	struct cfg80211_acl_data *acl;

	int err;

	if (dev->ieee80211_ptr->iftype != NL80211_IFTYPE_AP &&

	    dev->ieee80211_ptr->iftype != NL80211_IFTYPE_P2P_GO)

		return -EOPNOTSUPP;

	if (!dev->ieee80211_ptr->beacon_interval)

		return -EINVAL;

	acl = parse_acl_data(&rdev->wiphy, info);

	if (IS_ERR(acl))

		return PTR_ERR(acl);

	err = rdev_set_mac_acl(rdev, dev, acl);

	kfree(acl);

	return err;

}

static int nl80211_parse_beacon(struct genl_info *info,

				struct cfg80211_beacon_data *bcn)

{

	if (err)

		return err;

	if (info->attrs[NL80211_ATTR_ACL_POLICY]) {

		params.acl = parse_acl_data(&rdev->wiphy, info);

		if (IS_ERR(params.acl))

			return PTR_ERR(params.acl);

	}

	err = rdev_start_ap(rdev, dev, &params);

	if (!err) {

		wdev->preset_chandef = params.chandef;

		wdev->ssid_len = params.ssid_len;

		memcpy(wdev->ssid, params.ssid, wdev->ssid_len);

	}

	kfree(params.acl);

	return err;

}

		.internal_flags = NL80211_FLAG_NEED_NETDEV |

				  NL80211_FLAG_NEED_RTNL,

	},

	{

		.cmd = NL80211_CMD_SET_MAC_ACL,

		.doit = nl80211_set_mac_acl,

		.policy = nl80211_policy,

		.flags = GENL_ADMIN_PERM,

		.internal_flags = NL80211_FLAG_NEED_NETDEV |

				  NL80211_FLAG_NEED_RTNL,

	},

};

static struct genl_multicast_group nl80211_mlme_mcgrp = {

	rdev->ops->stop_p2p_device(&rdev->wiphy, wdev);

	trace_rdev_return_void(&rdev->wiphy);

}					

static inline int rdev_set_mac_acl(struct cfg80211_registered_device *rdev,

				   struct net_device *dev,

				   struct cfg80211_acl_data *params)

{

	int ret;

	trace_rdev_set_mac_acl(&rdev->wiphy, dev, params);

	ret = rdev->ops->set_mac_acl(&rdev->wiphy, dev, params);

	trace_rdev_return_int(&rdev->wiphy, ret);

	return ret;

}

#endif /* __CFG80211_RDEV_OPS */