- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -173,6 +173,65 @@
- */
-
- /**
-+ * DOC: WPA/WPA2 EAPOL handshake offload
-+ *
-+ * By setting @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_PSK flag drivers
-+ * can indicate they support offloading EAPOL handshakes for WPA/WPA2
-+ * preshared key authentication. In %NL80211_CMD_CONNECT the preshared
-+ * key should be specified using %NL80211_ATTR_PMK. Drivers supporting
-+ * this offload may reject the %NL80211_CMD_CONNECT when no preshared
-+ * key material is provided, for example when that driver does not
-+ * support setting the temporal keys through %CMD_NEW_KEY.
-+ *
-+ * Similarly @NL80211_EXT_FEATURE_4WAY_HANDSHAKE_STA_1X flag can be
-+ * set by drivers indicating offload support of the PTK/GTK EAPOL
-+ * handshakes during 802.1X authentication. In order to use the offload
-+ * the %NL80211_CMD_CONNECT should have %NL80211_ATTR_WANT_1X_4WAY_HS
-+ * attribute flag. Drivers supporting this offload may reject the
-+ * %NL80211_CMD_CONNECT when the attribute flag is not present.
-+ *
-+ * For 802.1X the PMK or PMK-R0 are set by providing %NL80211_ATTR_PMK
-+ * using %NL80211_CMD_SET_PMK. For offloaded FT support also
-+ * %NL80211_ATTR_PMKR0_NAME must be provided.
-+ */
-+
-+/**
-+ * DOC: FILS shared key authentication offload
-+ *
-+ * FILS shared key authentication offload can be advertized by drivers by
-+ * setting @NL80211_EXT_FEATURE_FILS_SK_OFFLOAD flag. The drivers that support
-+ * FILS shared key authentication offload should be able to construct the
-+ * authentication and association frames for FILS shared key authentication and
-+ * eventually do a key derivation as per IEEE 802.11ai. The below additional
-+ * parameters should be given to driver in %NL80211_CMD_CONNECT.
-+ * %NL80211_ATTR_FILS_ERP_USERNAME - used to construct keyname_nai
-+ * %NL80211_ATTR_FILS_ERP_REALM - used to construct keyname_nai
-+ * %NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM - used to construct erp message
-+ * %NL80211_ATTR_FILS_ERP_RRK - used to generate the rIK and rMSK
-+ * rIK should be used to generate an authentication tag on the ERP message and
-+ * rMSK should be used to derive a PMKSA.
-+ * rIK, rMSK should be generated and keyname_nai, sequence number should be used
-+ * as specified in IETF RFC 6696.
-+ *
-+ * When FILS shared key authentication is completed, driver needs to provide the
-+ * below additional parameters to userspace.
-+ * %NL80211_ATTR_FILS_KEK - used for key renewal
-+ * %NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM - used in further EAP-RP exchanges
-+ * %NL80211_ATTR_PMKID - used to identify the PMKSA used/generated
-+ * %Nl80211_ATTR_PMK - used to update PMKSA cache in userspace
-+ * The PMKSA can be maintained in userspace persistently so that it can be used
-+ * later after reboots or wifi turn off/on also.
-+ *
-+ * %NL80211_ATTR_FILS_CACHE_ID is the cache identifier advertized by a FILS
-+ * capable AP supporting PMK caching. It specifies the scope within which the
-+ * PMKSAs are cached in an ESS. %NL80211_CMD_SET_PMKSA and
-+ * %NL80211_CMD_DEL_PMKSA are enhanced to allow support for PMKSA caching based
-+ * on FILS cache identifier. Additionally %NL80211_ATTR_PMK is used with
-+ * %NL80211_SET_PMKSA to specify the PMK corresponding to a PMKSA for driver to
-+ * use in a FILS shared key connection with PMKSA caching.
-+ */
-+
-+/**
- * enum nl80211_commands - supported nl80211 commands
- *
- * @NL80211_CMD_UNSPEC: unspecified command to catch errors
-@@ -323,7 +382,7 @@
- * @NL80211_CMD_GET_SCAN: get scan results
- * @NL80211_CMD_TRIGGER_SCAN: trigger a new scan with the given parameters
- * %NL80211_ATTR_TX_NO_CCK_RATE is used to decide whether to send the
-- * probe requests at CCK rate or not. %NL80211_ATTR_MAC can be used to
-+ * probe requests at CCK rate or not. %NL80211_ATTR_BSSID can be used to
- * specify a BSSID to scan for; if not included, the wildcard BSSID will
- * be used.
- * @NL80211_CMD_NEW_SCAN_RESULTS: scan notification (as a reply to
-@@ -351,7 +410,9 @@
- * are used. Extra IEs can also be passed from the userspace by
- * using the %NL80211_ATTR_IE attribute. The first cycle of the
- * scheduled scan can be delayed by %NL80211_ATTR_SCHED_SCAN_DELAY
-- * is supplied.
-+ * is supplied. If the device supports multiple concurrent scheduled
-+ * scans, it will allow such when the caller provides the flag attribute
-+ * %NL80211_ATTR_SCHED_SCAN_MULTI to indicate user-space support for it.
- * @NL80211_CMD_STOP_SCHED_SCAN: stop a scheduled scan. Returns -ENOENT if
- * scheduled scan is not running. The caller may assume that as soon
- * as the call returns, it is safe to start a new scheduled scan again.
-@@ -370,10 +431,18 @@
- * @NL80211_CMD_NEW_SURVEY_RESULTS: survey data notification (as a reply to
- * NL80211_CMD_GET_SURVEY and on the "scan" multicast group)
- *
-- * @NL80211_CMD_SET_PMKSA: Add a PMKSA cache entry, using %NL80211_ATTR_MAC
-- * (for the BSSID) and %NL80211_ATTR_PMKID.
-+ * @NL80211_CMD_SET_PMKSA: Add a PMKSA cache entry using %NL80211_ATTR_MAC
-+ * (for the BSSID), %NL80211_ATTR_PMKID, and optionally %NL80211_ATTR_PMK
-+ * (PMK is used for PTKSA derivation in case of FILS shared key offload) or
-+ * using %NL80211_ATTR_SSID, %NL80211_ATTR_FILS_CACHE_ID,
-+ * %NL80211_ATTR_PMKID, and %NL80211_ATTR_PMK in case of FILS
-+ * authentication where %NL80211_ATTR_FILS_CACHE_ID is the identifier
-+ * advertized by a FILS capable AP identifying the scope of PMKSA in an
-+ * ESS.
- * @NL80211_CMD_DEL_PMKSA: Delete a PMKSA cache entry, using %NL80211_ATTR_MAC
-- * (for the BSSID) and %NL80211_ATTR_PMKID.
-+ * (for the BSSID) and %NL80211_ATTR_PMKID or using %NL80211_ATTR_SSID,
-+ * %NL80211_ATTR_FILS_CACHE_ID, and %NL80211_ATTR_PMKID in case of FILS
-+ * authentication.
- * @NL80211_CMD_FLUSH_PMKSA: Flush all PMKSA cache entries.
- *
- * @NL80211_CMD_REG_CHANGE: indicates to userspace the regulatory domain
-@@ -500,8 +569,13 @@
- * authentication/association or not receiving a response from the AP.
- * Non-zero %NL80211_ATTR_STATUS_CODE value is indicated in that case as
- * well to remain backwards compatible.
-- * @NL80211_CMD_ROAM: request that the card roam (currently not implemented),
-- * sent as an event when the card/driver roamed by itself.
-+ * @NL80211_CMD_ROAM: notifcation indicating the card/driver roamed by itself.
-+ * When the driver roamed in a network that requires 802.1X authentication,
-+ * %NL80211_ATTR_PORT_AUTHORIZED should be set if the 802.1X authentication
-+ * was done by the driver or if roaming was done using Fast Transition
-+ * protocol (in which case 802.1X authentication is not needed). If
-+ * %NL80211_ATTR_PORT_AUTHORIZED is not set, user space is responsible for
-+ * the 802.1X authentication.
- * @NL80211_CMD_DISCONNECT: drop a given connection; also used to notify
- * userspace that a connection was dropped by the AP or due to other
- * reasons, for this the %NL80211_ATTR_DISCONNECTED_BY_AP and
-@@ -600,6 +674,20 @@
- *
- * @NL80211_CMD_SET_WDS_PEER: Set the MAC address of the peer on a WDS interface.
- *
-+ * @NL80211_CMD_SET_MULTICAST_TO_UNICAST: Configure if this AP should perform
-+ * multicast to unicast conversion. When enabled, all multicast packets
-+ * with ethertype ARP, IPv4 or IPv6 (possibly within an 802.1Q header)
-+ * will be sent out to each station once with the destination (multicast)
-+ * MAC address replaced by the station's MAC address. Note that this may
-+ * break certain expectations of the receiver, e.g. the ability to drop
-+ * unicast IP packets encapsulated in multicast L2 frames, or the ability
-+ * to not send destination unreachable messages in such cases.
-+ * This can only be toggled per BSS. Configure this on an interface of
-+ * type %NL80211_IFTYPE_AP. It applies to all its VLAN interfaces
-+ * (%NL80211_IFTYPE_AP_VLAN), except for those in 4addr (WDS) mode.
-+ * If %NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED is not present with this
-+ * command, the feature is disabled.
-+ *
- * @NL80211_CMD_JOIN_MESH: Join a mesh. The mesh ID must be given, and initial
- * mesh config parameters may be given.
- * @NL80211_CMD_LEAVE_MESH: Leave the mesh network -- no special arguments, the
-@@ -840,12 +928,15 @@
- * cfg80211_scan_done().
- *
- * @NL80211_CMD_START_NAN: Start NAN operation, identified by its
-- * %NL80211_ATTR_WDEV interface. This interface must have been previously
-- * created with %NL80211_CMD_NEW_INTERFACE. After it has been started, the
-- * NAN interface will create or join a cluster. This command must have a
-- * valid %NL80211_ATTR_NAN_MASTER_PREF attribute and optional
-- * %NL80211_ATTR_NAN_DUAL attributes.
-- * After this command NAN functions can be added.
-+ * %NL80211_ATTR_WDEV interface. This interface must have been
-+ * previously created with %NL80211_CMD_NEW_INTERFACE. After it
-+ * has been started, the NAN interface will create or join a
-+ * cluster. This command must have a valid
-+ * %NL80211_ATTR_NAN_MASTER_PREF attribute and optional
-+ * %NL80211_ATTR_BANDS attributes. If %NL80211_ATTR_BANDS is
-+ * omitted or set to 0, it means don't-care and the device will
-+ * decide what to use. After this command NAN functions can be
-+ * added.
- * @NL80211_CMD_STOP_NAN: Stop the NAN operation, identified by
- * its %NL80211_ATTR_WDEV interface.
- * @NL80211_CMD_ADD_NAN_FUNCTION: Add a NAN function. The function is defined
-@@ -866,14 +957,32 @@
- * This command is also used as a notification sent when a NAN function is
- * terminated. This will contain a %NL80211_ATTR_NAN_FUNC_INST_ID
- * and %NL80211_ATTR_COOKIE attributes.
-- * @NL80211_CMD_CHANGE_NAN_CONFIG: Change current NAN configuration. NAN
-- * must be operational (%NL80211_CMD_START_NAN was executed).
-- * It must contain at least one of the following attributes:
-- * %NL80211_ATTR_NAN_MASTER_PREF, %NL80211_ATTR_NAN_DUAL.
-+ * @NL80211_CMD_CHANGE_NAN_CONFIG: Change current NAN
-+ * configuration. NAN must be operational (%NL80211_CMD_START_NAN
-+ * was executed). It must contain at least one of the following
-+ * attributes: %NL80211_ATTR_NAN_MASTER_PREF,
-+ * %NL80211_ATTR_BANDS. If %NL80211_ATTR_BANDS is omitted, the
-+ * current configuration is not changed. If it is present but
-+ * set to zero, the configuration is changed to don't-care
-+ * (i.e. the device can decide what to do).
- * @NL80211_CMD_NAN_FUNC_MATCH: Notification sent when a match is reported.
- * This will contain a %NL80211_ATTR_NAN_MATCH nested attribute and
- * %NL80211_ATTR_COOKIE.
- *
-+ * @NL80211_CMD_UPDATE_CONNECT_PARAMS: Update one or more connect parameters
-+ * for subsequent roaming cases if the driver or firmware uses internal
-+ * BSS selection. This command can be issued only while connected and it
-+ * does not result in a change for the current association. Currently,
-+ * only the %NL80211_ATTR_IE data is used and updated with this command.
-+ *
-+ * @NL80211_CMD_SET_PMK: For offloaded 4-Way handshake, set the PMK or PMK-R0
-+ * for the given authenticator address (specified with &NL80211_ATTR_MAC).
-+ * When &NL80211_ATTR_PMKR0_NAME is set, &NL80211_ATTR_PMK specifies the
-+ * PMK-R0, otherwise it specifies the PMK.
-+ * @NL80211_CMD_DEL_PMK: For offloaded 4-Way handshake, delete the previously
-+ * configured PMK for the authenticator address identified by
-+ * &NL80211_ATTR_MAC.
-+ *
- * @NL80211_CMD_MAX: highest used command number
- * @__NL80211_CMD_AFTER_LAST: internal use
- */
-@@ -1069,6 +1178,13 @@ enum nl80211_commands {
- NL80211_CMD_CHANGE_NAN_CONFIG,
- NL80211_CMD_NAN_MATCH,
-
-+ NL80211_CMD_SET_MULTICAST_TO_UNICAST,
-+
-+ NL80211_CMD_UPDATE_CONNECT_PARAMS,
-+
-+ NL80211_CMD_SET_PMK,
-+ NL80211_CMD_DEL_PMK,
-+
- /* add new commands above here */
-
- /* used to define NL80211_CMD_MAX below */
-@@ -1638,8 +1754,16 @@ enum nl80211_commands {
- * the connection request from a station. nl80211_connect_failed_reason
- * enum has different reasons of connection failure.
- *
-- * @NL80211_ATTR_SAE_DATA: SAE elements in Authentication frames. This starts
-- * with the Authentication transaction sequence number field.
-+ * @NL80211_ATTR_AUTH_DATA: Fields and elements in Authentication frames.
-+ * This contains the authentication frame body (non-IE and IE data),
-+ * excluding the Authentication algorithm number, i.e., starting at the
-+ * Authentication transaction sequence number field. It is used with
-+ * authentication algorithms that need special fields to be added into
-+ * the frames (SAE and FILS). Currently, only the SAE cases use the
-+ * initial two fields (Authentication transaction sequence number and
-+ * Status code). However, those fields are included in the attribute data
-+ * for all authentication algorithms to keep the attribute definition
-+ * consistent.
- *
- * @NL80211_ATTR_VHT_CAPABILITY: VHT Capability information element (from
- * association request when used with NL80211_CMD_NEW_STATION)
-@@ -1740,7 +1864,9 @@ enum nl80211_commands {
- *
- * @NL80211_ATTR_OPMODE_NOTIF: Operating mode field from Operating Mode
- * Notification Element based on association request when used with
-- * %NL80211_CMD_NEW_STATION; u8 attribute.
-+ * %NL80211_CMD_NEW_STATION or %NL80211_CMD_SET_STATION (only when
-+ * %NL80211_FEATURE_FULL_AP_CLIENT_STATE is supported, or with TDLS);
-+ * u8 attribute.
- *
- * @NL80211_ATTR_VENDOR_ID: The vendor ID, either a 24-bit OUI or, if
- * %NL80211_VENDOR_ID_IS_LINUX is set, a special Linux ID (not used yet)
-@@ -1783,11 +1909,12 @@ enum nl80211_commands {
- * that configured the indoor setting, and the indoor operation would be
- * cleared when the socket is closed.
- * If set during NAN interface creation, the interface will be destroyed
-- * if the socket is closed just like any other interface. Moreover, only
-- * the netlink socket that created the interface will be allowed to add
-- * and remove functions. NAN notifications will be sent in unicast to that
-- * socket. Without this attribute, any socket can add functions and the
-- * notifications will be sent to the %NL80211_MCGRP_NAN multicast group.
-+ * if the socket is closed just like any other interface. Moreover, NAN
-+ * notifications will be sent in unicast to that socket. Without this
-+ * attribute, the notifications will be sent to the %NL80211_MCGRP_NAN
-+ * multicast group.
-+ * If set during %NL80211_CMD_ASSOCIATE or %NL80211_CMD_CONNECT the
-+ * station will deauthenticate when the socket is closed.
- *
- * @NL80211_ATTR_TDLS_INITIATOR: flag attribute indicating the current end is
- * the TDLS link initiator.
-@@ -1927,15 +2054,93 @@ enum nl80211_commands {
- * %NL80211_CMD_CHANGE_NAN_CONFIG. Its type is u8 and it can't be 0.
- * Also, values 1 and 255 are reserved for certification purposes and
- * should not be used during a normal device operation.
-- * @NL80211_ATTR_NAN_DUAL: NAN dual band operation config (see
-- * &enum nl80211_nan_dual_band_conf). This attribute is used with
-- * %NL80211_CMD_START_NAN and optionally with
-- * %NL80211_CMD_CHANGE_NAN_CONFIG.
-+ * @NL80211_ATTR_BANDS: operating bands configuration. This is a u32
-+ * bitmask of BIT(NL80211_BAND_*) as described in %enum
-+ * nl80211_band. For instance, for NL80211_BAND_2GHZ, bit 0
-+ * would be set. This attribute is used with
-+ * %NL80211_CMD_START_NAN and %NL80211_CMD_CHANGE_NAN_CONFIG, and
-+ * it is optional. If no bands are set, it means don't-care and
-+ * the device will decide what to use.
- * @NL80211_ATTR_NAN_FUNC: a function that can be added to NAN. See
- * &enum nl80211_nan_func_attributes for description of this nested
- * attribute.
- * @NL80211_ATTR_NAN_MATCH: used to report a match. This is a nested attribute.
- * See &enum nl80211_nan_match_attributes.
-+ * @NL80211_ATTR_FILS_KEK: KEK for FILS (Re)Association Request/Response frame
-+ * protection.
-+ * @NL80211_ATTR_FILS_NONCES: Nonces (part of AAD) for FILS (Re)Association
-+ * Request/Response frame protection. This attribute contains the 16 octet
-+ * STA Nonce followed by 16 octets of AP Nonce.
-+ *
-+ * @NL80211_ATTR_MULTICAST_TO_UNICAST_ENABLED: Indicates whether or not multicast
-+ * packets should be send out as unicast to all stations (flag attribute).
-+ *
-+ * @NL80211_ATTR_BSSID: The BSSID of the AP. Note that %NL80211_ATTR_MAC is also
-+ * used in various commands/events for specifying the BSSID.
-+ *
-+ * @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI: Relative RSSI threshold by which
-+ * other BSSs has to be better or slightly worse than the current
-+ * connected BSS so that they get reported to user space.
-+ * This will give an opportunity to userspace to consider connecting to
-+ * other matching BSSs which have better or slightly worse RSSI than
-+ * the current connected BSS by using an offloaded operation to avoid
-+ * unnecessary wakeups.
-+ *
-+ * @NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST: When present the RSSI level for BSSs in
-+ * the specified band is to be adjusted before doing
-+ * %NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI based comparision to figure out
-+ * better BSSs. The attribute value is a packed structure
-+ * value as specified by &struct nl80211_bss_select_rssi_adjust.
-+ *
-+ * @NL80211_ATTR_TIMEOUT_REASON: The reason for which an operation timed out.
-+ * u32 attribute with an &enum nl80211_timeout_reason value. This is used,
-+ * e.g., with %NL80211_CMD_CONNECT event.
-+ *
-+ * @NL80211_ATTR_FILS_ERP_USERNAME: EAP Re-authentication Protocol (ERP)
-+ * username part of NAI used to refer keys rRK and rIK. This is used with
-+ * %NL80211_CMD_CONNECT.
-+ *
-+ * @NL80211_ATTR_FILS_ERP_REALM: EAP Re-authentication Protocol (ERP) realm part
-+ * of NAI specifying the domain name of the ER server. This is used with
-+ * %NL80211_CMD_CONNECT.
-+ *
-+ * @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM: Unsigned 16-bit ERP next sequence number
-+ * to use in ERP messages. This is used in generating the FILS wrapped data
-+ * for FILS authentication and is used with %NL80211_CMD_CONNECT.
-+ *
-+ * @NL80211_ATTR_FILS_ERP_RRK: ERP re-authentication Root Key (rRK) for the
-+ * NAI specified by %NL80211_ATTR_FILS_ERP_USERNAME and
-+ * %NL80211_ATTR_FILS_ERP_REALM. This is used for generating rIK and rMSK
-+ * from successful FILS authentication and is used with
-+ * %NL80211_CMD_CONNECT.
-+ *
-+ * @NL80211_ATTR_FILS_CACHE_ID: A 2-octet identifier advertized by a FILS AP
-+ * identifying the scope of PMKSAs. This is used with
-+ * @NL80211_CMD_SET_PMKSA and @NL80211_CMD_DEL_PMKSA.
-+ *
-+ * @NL80211_ATTR_PMK: attribute for passing PMK key material. Used with
-+ * %NL80211_CMD_SET_PMKSA for the PMKSA identified by %NL80211_ATTR_PMKID.
-+ * For %NL80211_CMD_CONNECT it is used to provide PSK for offloading 4-way
-+ * handshake for WPA/WPA2-PSK networks. For 802.1X authentication it is
-+ * used with %NL80211_CMD_SET_PMK. For offloaded FT support this attribute
-+ * specifies the PMK-R0 if NL80211_ATTR_PMKR0_NAME is included as well.
-+ *
-+ * @NL80211_ATTR_SCHED_SCAN_MULTI: flag attribute which user-space shall use to
-+ * indicate that it supports multiple active scheduled scan requests.
-+ * @NL80211_ATTR_SCHED_SCAN_MAX_REQS: indicates maximum number of scheduled
-+ * scan request that may be active for the device (u32).
-+ *
-+ * @NL80211_ATTR_WANT_1X_4WAY_HS: flag attribute which user-space can include
-+ * in %NL80211_CMD_CONNECT to indicate that for 802.1X authentication it
-+ * wants to use the supported offload of the 4-way handshake.
-+ * @NL80211_ATTR_PMKR0_NAME: PMK-R0 Name for offloaded FT.
-+ * @NL80211_ATTR_PORT_AUTHORIZED: flag attribute used in %NL80211_CMD_ROAMED
-+ * notification indicating that that 802.1X authentication was done by
-+ * the driver or is not needed (because roaming used the Fast Transition
-+ * protocol).
-+ *