Cumulative patch from commit ed0a4ddc22526361a138c6b145561fcaac24e2a5

ed0a4dd nl80211: Update drv->ssid on connect/associate event based on BSS data
9f346fa nl80211: Fix scan_state update in no pending scan state
34f7c69 Add multicast to unicast support
5f2c0a2 Sync with mac80211-next.git include/uapi/linux/nl80211.h
08032c7 Remove inactivity timeout for wired interfaces
57f93d6 Defer scans while PNO is in progress instead of skipping them
a1fce39 nl80211: Optimize memory use in nl80211_get_assoc_freq()
da2c284 nl80211: Reduce nl80211_dump_scan() memory need
b72a01b nl80211: Split bss_info_handler() into a separate parser function
cfadab2 nl80211: Move duplicate scan result removal to bss.c
2a1cf26 nl80211: Add more debug details to duplicate scan entry removal
865081c privsep: Support frequency list for scan requests
da818ee privsep: Support multiple scan SSIDs
002b504 privsep: Coding style cleanup for struct definitions
d3c43e5 privsep: Fix scan result fetching with Beacon frame IEs
0771e91 wpa_priv: Document reduced functionality
6d97561 wpa_priv: Handler driver global_deinit() on termination path
ce0f899 wpa_priv: Explicitly clear padding in message structures
e064177 wpa_priv: Use fromlen instead sizeof(struct sockaddr_un)
128d3c6 wpa_priv: Add support for multiple l2_packet connections
c8fef78 nl80211: Split nl80211_check_bss_status() into a separate function
e35e137 nl80211: Separate channel noise fetch from scan result processing
cb2b666 Fix 4addr reassociation-without-deauthentication on AP
8c0ed37 wired: Mark some common helper functions static
ba5ea11 mka: Remove references to macsec_qca from wpa_supplicant.conf
f014d9d macsec_linux: Add a driver for macsec on Linux kernels
8618313 drivers: Move driver_wired_get_ssid() to a common file
d27c42b drivers: Move driver_wired_get_bssid() to a common file
9281e5c drivers: Move driver_wired_get_capa() to a common file
ec9cfb9 drivers: Move driver_wired_deinit_common() to a common file
ed5ae61 drivers: Move driver_wired_init_common() to a common file
5a55ec3 drivers: Move driver_wired_get_ifstatus() to a common file
d718a5d drivers: Move driver_wired_set_ifflags() to a common file
567b7d4 drivers: Move driver_wired_get_ifflags() to a common file
693124a drivers: Move driver_wired_multi() to a common file
b0906ef drivers: Move wired_multicast_membership() to a common file
0abc8d1 drivers: Move common definitions for wired drivers out
bf88401 Add support to abort vendor scan
eeb34a4 nl80211: Enhance abort scan to also abort the vendor scan
1a793f5 Define a QCA vendor command to abort vendor scan
47d74bf Add MGMT_RX_PROCESS test command for hostapd
2ab0965 AP: Do not drop STA entry if PMF is used with full AP client state
209dad0 FT: Explicitly check for MDE not present in non-FT association
d4f3003 nl80211: Configure Beacon frame TX rate if driver advertises support
29483a5 Add support for user configurable Beacon frame data rate for AP mode
346b333 Use random MAC address for scanning only in non-connected state
18f1611 D-Bus: Send P2P IP address assignment info with GroupStarted event
046fa6f D-Bus: Add getter and setter for P2P IP address config parameters
d503eee FT: Complete CONFIG_IEEE80211R_AP renaming for hostapd
e0d9fd3 wpa_supplicant: Allow configuring the MACsec port for MKA
1d3d066 mka: Add enable_encrypt op and call it from CP state machine
7b4d546 wpa_supplicant: Add macsec_integ_only setting for MKA
008e224 mka: Disable peer detection timeout for PSK mode
ad51731 wpa_supplicant: Allow pre-shared (CAK,CKN) pair for MKA
5acbf22 Fix hostapd usage entry style for -T
611d67a Add doxygen ref to eap_method structure
88f93c3 Android: Remove BoringSSL guard
7824bf7 nl80211: Fix get_inact_sec() returning -1 on failure
088d53d mka: Fix getting capabilities from the driver
5e785a6 Reserve QCA vendor specific nl80211 command 144
4051dd8 GAS: Add Capability List ANQP-element support for Info ID 270, 280..299
d50f518 Fix libap.a build
e65a87b Debug print scan results matching the currently selected network
8d1e693 Use estimated throughput to avoid signal based roaming decision

Test: Wifi Suite

Change-Id: Ic470ffe9004d28d34916e50221d631ac99d4163f
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

1 files changed, 23 insertions, 6 deletions

diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 047ca900..edb230d9 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -98,9 +98,7 @@ eapol_version=1
 #    parameters (e.g., WPA IE generation); this mode can also be used with
 #    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
 #    APs (i.e., external program needs to control association). This mode must
-#    also be used when using wired Ethernet drivers.
-#    Note: macsec_qca driver is one type of Ethernet driver which implements
-#    macsec feature.
+#    also be used when using wired Ethernet drivers (including MACsec).
 # 2: like 0, but associate with APs using security policy and SSID (but not
 #    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
 #    enable operation with hidden SSIDs and optimized roaming; in this mode,
@@ -881,17 +879,36 @@ fast_reauth=1
 # bit0 (1): require dynamically generated unicast WEP key
 # bit1 (2): require dynamically generated broadcast WEP key
 # 	(3 = require both keys; default)
-# Note: When using wired authentication (including macsec_qca driver),
+# Note: When using wired authentication (including MACsec drivers),
 # eapol_flags must be set to 0 for the authentication to be completed
 # successfully.
 #
 # macsec_policy: IEEE 802.1X/MACsec options
-# This determines how sessions are secured with MACsec. It is currently
-# applicable only when using the macsec_qca driver interface.
+# This determines how sessions are secured with MACsec (only for MACsec
+# drivers).
 # 0: MACsec not in use (default)
 # 1: MACsec enabled - Should secure, accept key server's advice to
 #    determine whether to use a secure session or not.
 #
+# macsec_integ_only: IEEE 802.1X/MACsec transmit mode
+# This setting applies only when MACsec is in use, i.e.,
+#  - macsec_policy is enabled
+#  - the key server has decided to enable MACsec
+# 0: Encrypt traffic (default)
+# 1: Integrity only
+#
+# macsec_port: IEEE 802.1X/MACsec port
+# Port component of the SCI
+# Range: 1-65534 (default: 1)
+#
+# mka_cak and mka_ckn: IEEE 802.1X/MACsec pre-shared authentication mode
+# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
+# In this mode, instances of wpa_supplicant can act as peers, one of
+# which will become the key server and start distributing SAKs.
+# mka_cak (CAK = Secure Connectivity Association Key) takes a 16-bytes (128 bit)
+# hex-string (32 hex-digits)
+# mka_ckn (CKN = CAK Name) takes a 32-bytes (256 bit) hex-string (64 hex-digits)
+#
 # mixed_cell: This option can be used to configure whether so called mixed
 # cells, i.e., networks that use both plaintext and encryption in the same
 # SSID, are allowed when selecting a BSS from scan results.