linux.git/include/uapi/linux/nl80211.h, branch v5.7-rc2 Linux kernel source tree cfg80211: Configure PMK lifetime and reauth threshold for PMKSA entries 2020-03-20T13:42:20+00:00 Veerendranath Jakkam vjakkam@codeaurora.org 2020-03-12T23:59:03+00:00 7fc82af856d6bc26910902f8f42659b162864955 Drivers that trigger roaming need to know the lifetime of the configured PMKSA for deciding whether to trigger the full or PMKSA cache based authentication. The configured PMKSA is invalid after the PMK lifetime has expired and must not be used after that and the STA needs to disassociate if the PMK expires. Hence the STA is expected to refresh the PMK with a full authentication before this happens (e.g., when reassociating to a new BSS the next time or by performing EAPOL reauthentication depending on the AKM) to avoid unnecessary disconnection. The PMK reauthentication threshold is the percentage of the PMK lifetime value and indicates to the driver to trigger a full authentication roam (without PMKSA caching) after the reauthentication threshold time, but before the PMK timer has expired. Authentication methods like SAE need to be able to generate a new PMKSA entry without having to force a disconnection after this threshold timeout. If no roaming occurs between the reauthentication threshold time and PMK lifetime expiration, disassociation is still forced. The new attributes for providing these values correspond to the dot11 MIB variables dot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold. This type of functionality is already available in cases where user space component is in control of roaming. This commit extends that same capability into cases where parts or all of this functionality is offloaded to the driver. Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org> Signed-off-by: Jouni Malinen <jouni@codeaurora.org> Link: https://lore.kernel.org/r/20200312235903.18462-1-jouni@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Drivers that trigger roaming need to know the lifetime of the configured
PMKSA for deciding whether to trigger the full or PMKSA cache based
authentication. The configured PMKSA is invalid after the PMK lifetime
has expired and must not be used after that and the STA needs to
disassociate if the PMK expires. Hence the STA is expected to refresh
the PMK with a full authentication before this happens (e.g., when
reassociating to a new BSS the next time or by performing EAPOL
reauthentication depending on the AKM) to avoid unnecessary
disconnection.

The PMK reauthentication threshold is the percentage of the PMK lifetime
value and indicates to the driver to trigger a full authentication roam
(without PMKSA caching) after the reauthentication threshold time, but
before the PMK timer has expired. Authentication methods like SAE need
to be able to generate a new PMKSA entry without having to force a
disconnection after this threshold timeout. If no roaming occurs between
the reauthentication threshold time and PMK lifetime expiration,
disassociation is still forced.

The new attributes for providing these values correspond to the dot11
MIB variables dot11RSNAConfigPMKLifetime and
dot11RSNAConfigPMKReauthThreshold.

This type of functionality is already available in cases where user
space component is in control of roaming. This commit extends that same
capability into cases where parts or all of this functionality is
offloaded to the driver.

Signed-off-by: Veerendranath Jakkam <vjakkam@codeaurora.org>
Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Link: https://lore.kernel.org/r/20200312235903.18462-1-jouni@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
cfg80211: Add support for userspace to reset stations in IBSS mode 2020-03-20T13:42:20+00:00 Nicolas Cavallari nicolas.cavallari@green-communications.fr 2020-03-05T13:57:53+00:00 edafcf4259839c5c5315d215a5fc4171abaafc4a Sometimes, userspace is able to detect that a peer silently lost its state (like, if the peer reboots). wpa_supplicant does this for IBSS-RSN by registering for auth/deauth frames, but when it detects this, it is only able to remove the encryption keys of the peer and close its port. However, the kernel also hold other state about the station, such as BA sessions, probe response parameters and the like. They also need to be resetted correctly. This patch adds the NL80211_EXT_FEATURE_DEL_IBSS_STA feature flag indicating the driver accepts deleting stations in IBSS mode, which should send a deauth and reset the state of the station, just like in mesh point mode. Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr> Link: https://lore.kernel.org/r/20200305135754.12094-1-cavallar@lri.fr [preserve -EINVAL return] Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Sometimes, userspace is able to detect that a peer silently lost its
state (like, if the peer reboots). wpa_supplicant does this for IBSS-RSN
by registering for auth/deauth frames, but when it detects this, it is
only able to remove the encryption keys of the peer and close its port.

However, the kernel also hold other state about the station, such as BA
sessions, probe response parameters and the like.  They also need to be
resetted correctly.

This patch adds the NL80211_EXT_FEATURE_DEL_IBSS_STA feature flag
indicating the driver accepts deleting stations in IBSS mode, which
should send a deauth and reset the state of the station, just like in
mesh point mode.

Signed-off-by: Nicolas Cavallari <nicolas.cavallari@green-communications.fr>
Link: https://lore.kernel.org/r/20200305135754.12094-1-cavallar@lri.fr
[preserve -EINVAL return]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: add PROTECTED_TWT nl80211 extended feature 2020-03-20T13:42:20+00:00 Shaul Triebitz shaul.triebitz@intel.com 2020-01-31T11:12:59+00:00 0c138a5c2bcf3afeff722fb71782bf8e798b4a1b Add API for telling whether the driver supports protected TWT. The protected_twt capability in the RSNXE will be based on this. Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/20200131111300.891737-23-luca@coelho.fi Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Add API for telling whether the driver supports protected TWT.
The protected_twt capability in the RSNXE will be based on this.

Signed-off-by: Shaul Triebitz <shaul.triebitz@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20200131111300.891737-23-luca@coelho.fi
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211/cfg80211: add support for non EDCA based ranging measurement 2020-03-20T13:42:19+00:00 Avraham Stern avraham.stern@intel.com 2020-01-31T11:12:38+00:00 efb5520d0e0039537a9da5a420e40afefa9a5dd5 Add support for requesting that the ranging measurement will use the trigger-based / non trigger-based flow instead of the EDCA based flow. Signed-off-by: Avraham Stern <avraham.stern@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Link: https://lore.kernel.org/r/20200131111300.891737-2-luca@coelho.fi Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Add support for requesting that the ranging measurement will use
the trigger-based / non trigger-based flow instead of the EDCA based
flow.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
Link: https://lore.kernel.org/r/20200131111300.891737-2-luca@coelho.fi
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: add no pre-auth attribute and ext. feature flag for ctrl. port 2020-03-20T13:42:19+00:00 Markus Theil markus.theil@tu-ilmenau.de 2020-03-12T09:10:53+00:00 5631d96aa396d75b99bf522750a5a8378337aefc If the nl80211 control port is used before this patch, pre-auth frames (0x88c7) are send to userspace uncoditionally. While this enables userspace to only use nl80211 on the station side, it is not always useful for APs. Furthermore, pre-auth frames are ordinary data frames and not related to the control port. Therefore it should for example be possible for pre-auth frames to be bridged onto a wired network on AP side without touching userspace. For backwards compatibility to code already using pre-auth over nl80211, this patch adds a feature flag to disable this behavior, while it remains enabled by default. An additional ext. feature flag is added to detect this from userspace. Thanks to Jouni for pointing out, that pre-auth frames should be handled as ordinary data frames. Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de> Link: https://lore.kernel.org/r/20200312091055.54257-2-markus.theil@tu-ilmenau.de Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
If the nl80211 control port is used before this patch, pre-auth frames
(0x88c7) are send to userspace uncoditionally. While this enables userspace
to only use nl80211 on the station side, it is not always useful for APs.
Furthermore, pre-auth frames are ordinary data frames and not related to
the control port. Therefore it should for example be possible for pre-auth
frames to be bridged onto a wired network on AP side without touching
userspace.

For backwards compatibility to code already using pre-auth over nl80211,
this patch adds a feature flag to disable this behavior, while it remains
enabled by default. An additional ext. feature flag is added to detect this
from userspace.

Thanks to Jouni for pointing out, that pre-auth frames should be handled as
ordinary data frames.

Signed-off-by: Markus Theil <markus.theil@tu-ilmenau.de>
Link: https://lore.kernel.org/r/20200312091055.54257-2-markus.theil@tu-ilmenau.de
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: Add support to configure TID specific RTSCTS configuration 2020-02-24T12:56:57+00:00 Tamizh chelvam tamizhr@codeaurora.org 2020-01-20T07:51:25+00:00 04f7d142f51c6019a695cfd70c09bb60233472c5 This patch adds support to configure per TID RTSCTS control configuration to enable/disable through the NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL attribute. Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org> Link: https://lore.kernel.org/r/1579506687-18296-5-git-send-email-tamizhr@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
This patch adds support to configure per TID RTSCTS control
configuration to enable/disable through the
NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL attribute.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Link: https://lore.kernel.org/r/1579506687-18296-5-git-send-email-tamizhr@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: Add support to configure TID specific AMPDU configuration 2020-02-24T12:56:49+00:00 Tamizh chelvam tamizhr@codeaurora.org 2020-01-20T07:51:24+00:00 ade274b23e41886091a7e105ab3de71baef112e7 This patch adds support to configure per TID AMPDU control configuration to enable/disable aggregation through the NL80211_TID_CONFIG_ATTR_AMPDU_CTRL attribute. Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org> Link: https://lore.kernel.org/r/1579506687-18296-4-git-send-email-tamizhr@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
This patch adds support to configure per TID AMPDU control
configuration to enable/disable aggregation through the
NL80211_TID_CONFIG_ATTR_AMPDU_CTRL attribute.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Link: https://lore.kernel.org/r/1579506687-18296-4-git-send-email-tamizhr@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: Add support to configure TID specific retry configuration 2020-02-24T12:48:54+00:00 Tamizh chelvam tamizhr@codeaurora.org 2020-01-20T07:51:23+00:00 6a21d16c4db08398c737e0ffd03e4eca7131ac78 This patch adds support to configure per TID retry configuration through the NL80211_TID_CONFIG_ATTR_RETRY_SHORT and NL80211_TID_CONFIG_ATTR_RETRY_LONG attributes. This TID specific retry configuration will have more precedence than phy level configuration. Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org> Link: https://lore.kernel.org/r/1579506687-18296-3-git-send-email-tamizhr@codeaurora.org [rebase completely on top of my previous API changes] Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
This patch adds support to configure per TID retry configuration
through the NL80211_TID_CONFIG_ATTR_RETRY_SHORT and
NL80211_TID_CONFIG_ATTR_RETRY_LONG attributes. This TID specific
retry configuration will have more precedence than phy level
configuration.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Link: https://lore.kernel.org/r/1579506687-18296-3-git-send-email-tamizhr@codeaurora.org
[rebase completely on top of my previous API changes]
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: modify TID-config API 2020-02-24T11:01:10+00:00 Johannes Berg johannes.berg@intel.com 2020-02-24T10:34:25+00:00 3710a8a6284f58a78ba4fe9c4b6672207636a223 Make some changes to the TID-config API: * use u16 in nl80211 (only, and restrict to using 8 bits for now), to avoid issues in the future if we ever want to use higher TIDs. * reject empty TIDs mask (via netlink policy) * change feature advertising to not use extended feature flags but have own mechanism for this, which simplifies the code * fix all variable names from 'tid' to 'tids' since it's a mask * change to cfg80211_ name prefixes, not ieee80211_ * fix some minor docs/spelling things. Change-Id: Ia234d464b3f914cdeab82f540e018855be580dce Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Make some changes to the TID-config API:
 * use u16 in nl80211 (only, and restrict to using 8 bits for now),
   to avoid issues in the future if we ever want to use higher TIDs.
 * reject empty TIDs mask (via netlink policy)
 * change feature advertising to not use extended feature flags but
   have own mechanism for this, which simplifies the code
 * fix all variable names from 'tid' to 'tids' since it's a mask
 * change to cfg80211_ name prefixes, not ieee80211_
 * fix some minor docs/spelling things.

Change-Id: Ia234d464b3f914cdeab82f540e018855be580dce
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
nl80211: Add NL command to support TID speicific configurations 2020-02-24T10:15:25+00:00 Tamizh chelvam tamizhr@codeaurora.org 2020-01-20T07:51:22+00:00 77f576deaa393b54a0f2ca8ab1ab5b2d3c6b971b Add the new NL80211_CMD_SET_TID_CONFIG command to support data TID specific configuration. Per TID configuration is passed in the nested NL80211_ATTR_TID_CONFIG attribute. This patch adds support to configure per TID noack policy through the NL80211_TID_CONFIG_ATTR_NOACK attribute. Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org> Link: https://lore.kernel.org/r/1579506687-18296-2-git-send-email-tamizhr@codeaurora.org Signed-off-by: Johannes Berg <johannes.berg@intel.com> 
Add the new NL80211_CMD_SET_TID_CONFIG command to support
data TID specific configuration. Per TID configuration is
passed in the nested NL80211_ATTR_TID_CONFIG attribute.

This patch adds support to configure per TID noack policy
through the NL80211_TID_CONFIG_ATTR_NOACK attribute.

Signed-off-by: Tamizh chelvam <tamizhr@codeaurora.org>
Link: https://lore.kernel.org/r/1579506687-18296-2-git-send-email-tamizhr@codeaurora.org
Signed-off-by: Johannes Berg <johannes.berg@intel.com>