Date: Fri, 29 Oct 2004 22:07:34 GMT From: Sam Leffler <sam@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 63955 for review Message-ID: <200410292207.i9TM7YSt001831@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=63955 Change 63955 by sam@sam_ebb on 2004/10/29 22:06:53 bring in MAC ACL support from madwifi; still need the ioctl's Affected files ... .. //depot/projects/wifi/sys/net80211/ieee80211_acl.c#1 add .. //depot/projects/wifi/sys/net80211/ieee80211_freebsd.h#2 edit .. //depot/projects/wifi/sys/net80211/ieee80211_proto.c#3 edit .. //depot/projects/wifi/sys/net80211/ieee80211_proto.h#3 edit .. //depot/projects/wifi/sys/net80211/ieee80211_var.h#3 edit Differences ... ==== //depot/projects/wifi/sys/net80211/ieee80211_freebsd.h#2 (text+ko) ==== @@ -42,6 +42,18 @@ mtx_assert(&(_ic)->ic_nodelock, MA_OWNED) /* + * 802.1x MAC ACL database locking definitions. + */ +typedef struct mtx acl_lock_t; +#define ACL_LOCK_INIT(_as, _name) \ + mtx_init(&(_as)->as_lock, _name, "802.11 ACL", MTX_DEF) +#define ACL_LOCK_DESTROY(_as) mtx_destroy(&(_as)->as_lock) +#define ACL_LOCK(_as) mtx_lock(&(_as)->as_lock) +#define ACL_UNLOCK(_as) mtx_unlock(&(_as)->as_lock) +#define ACL_LOCK_ASSERT(_as) \ + mtx_assert((&(_as)->as_lock), MA_OWNED) + +/* * Node reference counting definitions. * * ieee80211_node_initref initialize the reference count to 1 ==== //depot/projects/wifi/sys/net80211/ieee80211_proto.c#3 (text+ko) ==== @@ -146,13 +146,11 @@ ieee80211_authenticator_unregister(IEEE80211_AUTH_SHARED); ieee80211_authenticator_unregister(IEEE80211_AUTH_AUTO); -#if 0 /* * Detach any ACL'ator. */ if (ic->ic_acl != NULL) ic->ic_acl->iac_detach(ic); -#endif } /* @@ -189,6 +187,35 @@ authenticators[type] = NULL; } +/* + * Very simple-minded ACL module support. + */ +/* XXX just one for now */ +static const struct ieee80211_aclator *acl = NULL; + +void +ieee80211_aclator_register(const struct ieee80211_aclator *iac) +{ + printf("wlan: %s acl policy registered\n", iac->iac_name); + acl = iac; +} + +void +ieee80211_aclator_unregister(const struct ieee80211_aclator *iac) +{ + if (acl == iac) + acl = NULL; + printf("wlan: %s acl policy unregistered\n", iac->iac_name); +} + +const struct ieee80211_aclator * +ieee80211_aclator_get(const char *name) +{ + if (acl == NULL) + linker_load_module("wlan_acl", NULL, NULL, NULL, NULL); + return acl != NULL && strcmp(acl->iac_name, name) == 0 ? acl : NULL; +} + void ieee80211_print_essid(const u_int8_t *essid, int len) { ==== //depot/projects/wifi/sys/net80211/ieee80211_proto.h#3 (text+ko) ==== @@ -125,6 +125,29 @@ extern const struct ieee80211_authenticator * ieee80211_authenticator_get(int auth); +/* + * Template for an MAC ACL policy module. Such modules + * register with the protocol code and are passed the sender's + * address of each received frame for validation. + */ +struct ieee80211_aclator { + const char *iac_name; /* printable name */ + int (*iac_attach)(struct ieee80211com *); + void (*iac_detach)(struct ieee80211com *); + int (*iac_check)(struct ieee80211com *, + const u_int8_t mac[IEEE80211_ADDR_LEN]); + int (*iac_add)(struct ieee80211com *, + const u_int8_t mac[IEEE80211_ADDR_LEN]); + int (*iac_remove)(struct ieee80211com *, + const u_int8_t mac[IEEE80211_ADDR_LEN]); + int (*iac_flush)(struct ieee80211com *); + int (*iac_setpolicy)(struct ieee80211com *, int); + int (*iac_getpolicy)(struct ieee80211com *); +}; +extern void ieee80211_aclator_register(const struct ieee80211_aclator *); +extern void ieee80211_aclator_unregister(const struct ieee80211_aclator *); +extern const struct ieee80211_aclator *ieee80211_aclator_get(const char *name); + /* flags for ieee80211_fix_rate() */ #define IEEE80211_F_DOSORT 0x00000001 /* sort rate list */ #define IEEE80211_F_DOFRATE 0x00000002 /* use fixed rate */ ==== //depot/projects/wifi/sys/net80211/ieee80211_var.h#3 (text+ko) ==== @@ -184,6 +184,8 @@ #define IEEE80211_PS_MAX_QUEUE 50 /* maximum saved packets */ +struct ieee80211_aclator; + struct ieee80211com { SLIST_ENTRY(ieee80211com) ic_next; struct ifnet *ic_ifp; /* associated device */ @@ -278,6 +280,14 @@ */ const struct ieee80211_authenticator *ic_auth; struct eapolcom *ic_ec; + + /* + * Access control glue. When a control agent attaches + * it fills in this section. We assume that when ic_ac + * is setup that the methods are safe to call. + */ + const struct ieee80211_aclator *ic_acl; + void *ic_as; }; #define IEEE80211_ADDR_EQ(a1,a2) (memcmp(a1,a2,IEEE80211_ADDR_LEN) == 0)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410292207.i9TM7YSt001831>