wifi: brcmfmac: support AP isolation to restrict reachability between stations

hostapd & wpa_supplicant userspace daemons exposes an AP mode specific
config file parameter "ap_isolate" to the user, which is used to control
low-level bridging of frames between the stations associated in the BSS.

In driver, handle this user setting in the newly defined cfg80211_ops
function brcmf_cfg80211_change_bss() by enabling "ap_isolate" IOVAR in
the firmware.

In AP mode, the "ap_isolate" value from the cfg80211 layer represents,
 0 = allow low-level bridging of frames between associated stations
 1 = restrict low-level bridging of frames to isolate associated stations
-1 = do not change existing setting

Signed-off-by: Wright Feng <wright.feng@cypress.com>
Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: Gokul Sivakumar <gokulkumar.sivakumar@infineon.com>
[arend: indicate ap_isolate support in struct wiphy::bss_param_support]
Signed-off-by: Arend van Spriel <arend.vanspriel@broadcom.com>
Link: https://patch.msgid.link/20250817190435.1495094-5-arend.vanspriel@broadcom.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
index 8af402555b5ee3d757c5a1ab7d9c220113de7389..8afaffe31031924efb08fd9d1b5deea586f71445 100644 (file)
--- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
+++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c
@@ -5958,6 +5958,26 @@ static int brcmf_cfg80211_del_pmk(struct wiphy *wiphy, struct net_device *dev,
        return brcmf_set_pmk(ifp, NULL, 0);
 }
 
+static int brcmf_cfg80211_change_bss(struct wiphy *wiphy, struct net_device *dev,
+                                    struct bss_parameters *params)
+{
+       struct brcmf_if *ifp = netdev_priv(dev);
+       int ret = 0;
+
+       /* In AP mode, the "ap_isolate" value represents
+        *  0 = allow low-level bridging of frames between associated stations
+        *  1 = restrict low-level bridging of frames to isolate associated stations
+        * -1 = do not change existing setting
+        */
+       if (params->ap_isolate >= 0) {
+               ret = brcmf_fil_iovar_int_set(ifp, "ap_isolate", params->ap_isolate);
+               if (ret < 0)
+                       brcmf_err("ap_isolate iovar failed: ret=%d\n", ret);
+       }
+
+       return ret;
+}
+
 static struct cfg80211_ops brcmf_cfg80211_ops = {
        .add_virtual_intf = brcmf_cfg80211_add_iface,
        .del_virtual_intf = brcmf_cfg80211_del_iface,
@@ -6005,6 +6025,7 @@ static struct cfg80211_ops brcmf_cfg80211_ops = {
        .update_connect_params = brcmf_cfg80211_update_conn_params,
        .set_pmk = brcmf_cfg80211_set_pmk,
        .del_pmk = brcmf_cfg80211_del_pmk,
+       .change_bss = brcmf_cfg80211_change_bss,
 };
 
 struct cfg80211_ops *brcmf_cfg80211_get_ops(struct brcmf_mp_device *settings)
@@ -7659,6 +7680,8 @@ static int brcmf_setup_wiphy(struct wiphy *wiphy, struct brcmf_if *ifp)
                                    BIT(NL80211_BSS_SELECT_ATTR_BAND_PREF) |
                                    BIT(NL80211_BSS_SELECT_ATTR_RSSI_ADJUST);
 
+       wiphy->bss_param_support = WIPHY_BSS_PARAM_AP_ISOLATE;
+
        wiphy->flags |= WIPHY_FLAG_NETNS_OK |
                        WIPHY_FLAG_PS_ON_BY_DEFAULT |
                        WIPHY_FLAG_HAVE_AP_SME |