From owner-svn-src-head@FreeBSD.ORG Thu Dec 15 10:16:02 2011 Return-Path: Delivered-To: svn-src-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8E8B51065673; Thu, 15 Dec 2011 10:16:02 +0000 (UTC) (envelope-from bschmidt@techwires.net) Received: from mail-lpp01m010-f54.google.com (mail-lpp01m010-f54.google.com [209.85.215.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7BC2D8FC0C; Thu, 15 Dec 2011 10:16:00 +0000 (UTC) Received: by lahl5 with SMTP id l5so1196407lah.13 for ; Thu, 15 Dec 2011 02:16:00 -0800 (PST) MIME-Version: 1.0 Received: by 10.152.105.84 with SMTP id gk20mr2031544lab.10.1323944159938; Thu, 15 Dec 2011 02:15:59 -0800 (PST) Sender: bschmidt@techwires.net Received: by 10.152.136.75 with HTTP; Thu, 15 Dec 2011 02:15:59 -0800 (PST) X-Originating-IP: [79.140.39.245] In-Reply-To: References: <201112150052.pBF0qUA5022051@svn.freebsd.org> Date: Thu, 15 Dec 2011 11:15:59 +0100 X-Google-Sender-Auth: AmZBlmGIeQt5xKcAySr4s7C2rnU Message-ID: From: Bernhard Schmidt To: Adrian Chadd Content-Type: text/plain; charset=ISO-8859-1 Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r228514 - head/sys/net80211 X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 15 Dec 2011 10:16:02 -0000 On Thu, Dec 15, 2011 at 10:35, Adrian Chadd wrote: > On 15 December 2011 00:02, Bernhard Schmidt wrote: > >> Why didn't you remove the mac argument? It is assign from wh->i_addr2 >> anyways, seems rather too redundant to me. > > Because the semantics for that right now are "check that MAC", so it's > the callers responsibility to determine which MAC in the header is the > relevant one to check against. > > They're all addr2 though, and I haven't yet thought of a reason it > could be addr1 or addr3 (or addr4, for that matter); I just decided to > leave it this way so the semantics of "the caller dictates which MAC > in the frame is the relevant one to check against" as-is. And no one else has found a reason to do so in the last 7 years that code exists :) > If you think that's me being a bit overly anal about it, then sure, > please go ahead and turf it. :) > > Personally, I'd like to add an enum field (and then remove the MAC) - > the enum field would indicate to acl_check() _which_ ACL is being > checked - ie, probe request, association request, and any other frame > check request. That way it's precisely clear what the ACL check is > for. But again, that's just me being overly picky. :) Well, no. The ACL stuff was designed to have one module for each usage and not one for everything. Following your example you would have one for assoc frames/probe frames (whatever the desired behavior is), .. and the already existing one for macs. Well, just this piece isn't that optimal yet: /* XXX just one for now */ static const struct ieee80211_aclator *acl = NULL; So, my point is, I'd like to keep the functionality of the wlan_acl(4) module as it is, matching wh->i_addr2 with the list of given macs only. If you (or someone) else have some different functionality in mind, add a new acl module which replaces the current one using ieee80211_aclator_register() and do whatever you want in there. > So in short: if you're happy removing it, remove it. :) I agree on passing the frame as an argument to iac_check() and obtain the mac from there, that definitely is required for more advanced ACLs. Passing both tough, is imho not required and redundant, so, yes I think I'm going to remove it. -- Bernhard