Date: Thu, 15 Dec 2011 00:52:30 +0000 (UTC) From: Adrian Chadd <adrian@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r228514 - head/sys/net80211 Message-ID: <201112150052.pBF0qUA5022051@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: adrian Date: Thu Dec 15 00:52:30 2011 New Revision: 228514 URL: http://svn.freebsd.org/changeset/base/228514 Log: Modify the ACL code slightly to support a few nifty things: * Call it before sending probe responses, so the ACL code has the chance to reject sending them. * Pass the whole frame to the ACL code now, rather than just the destination MAC - that way the ACL module can look at the frame contents to determine what the response should be. This is part of some uncommitted work to support band steering. Sponsored by: Hobnob, Inc. Modified: head/sys/net80211/ieee80211_acl.c head/sys/net80211/ieee80211_hostap.c head/sys/net80211/ieee80211_mesh.c head/sys/net80211/ieee80211_proto.h Modified: head/sys/net80211/ieee80211_acl.c ============================================================================== --- head/sys/net80211/ieee80211_acl.c Wed Dec 14 23:57:47 2011 (r228513) +++ head/sys/net80211/ieee80211_acl.c Thu Dec 15 00:52:30 2011 (r228514) @@ -152,7 +152,8 @@ _acl_free(struct aclstate *as, struct ac } static int -acl_check(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) +acl_check(struct ieee80211vap *vap, const struct ieee80211_frame *wh, + const uint8_t mac[IEEE80211_ADDR_LEN]) { struct aclstate *as = vap->iv_as; Modified: head/sys/net80211/ieee80211_hostap.c ============================================================================== --- head/sys/net80211/ieee80211_hostap.c Wed Dec 14 23:57:47 2011 (r228513) +++ head/sys/net80211/ieee80211_hostap.c Thu Dec 15 00:52:30 2011 (r228514) @@ -1795,6 +1795,16 @@ hostap_recv_mgmt(struct ieee80211_node * return; } /* + * Consult the ACL policy module if setup. + */ + if (vap->iv_acl != NULL && + !vap->iv_acl->iac_check(vap, wh, wh->i_addr2)) { + IEEE80211_DISCARD(vap, IEEE80211_MSG_ACL, + wh, NULL, "%s", "disallowed by ACL"); + vap->iv_stats.is_rx_acl++; + return; + } + /* * prreq frame format * [tlv] ssid * [tlv] supported rates @@ -1874,7 +1884,7 @@ hostap_recv_mgmt(struct ieee80211_node * * Consult the ACL policy module if setup. */ if (vap->iv_acl != NULL && - !vap->iv_acl->iac_check(vap, wh->i_addr2)) { + !vap->iv_acl->iac_check(vap, wh, wh->i_addr2)) { IEEE80211_DISCARD(vap, IEEE80211_MSG_ACL, wh, NULL, "%s", "disallowed by ACL"); vap->iv_stats.is_rx_acl++; Modified: head/sys/net80211/ieee80211_mesh.c ============================================================================== --- head/sys/net80211/ieee80211_mesh.c Wed Dec 14 23:57:47 2011 (r228513) +++ head/sys/net80211/ieee80211_mesh.c Thu Dec 15 00:52:30 2011 (r228514) @@ -1120,7 +1120,8 @@ mesh_input(struct ieee80211_node *ni, st * * NB: this check is also done upon peering link initiation. */ - if (vap->iv_acl != NULL && !vap->iv_acl->iac_check(vap, wh->i_addr2)) { + if (vap->iv_acl != NULL && + !vap->iv_acl->iac_check(vap, wh, wh->i_addr2)) { IEEE80211_DISCARD(vap, IEEE80211_MSG_ACL, wh, NULL, "%s", "disallowed by ACL"); vap->iv_stats.is_rx_acl++; @@ -1379,7 +1380,7 @@ mesh_recv_mgmt(struct ieee80211_node *ni * Peer only based on the current ACL policy. */ if (vap->iv_acl != NULL && - !vap->iv_acl->iac_check(vap, wh->i_addr2)) { + !vap->iv_acl->iac_check(vap, wh, wh->i_addr2)) { IEEE80211_DISCARD(vap, IEEE80211_MSG_ACL, wh, NULL, "%s", "disallowed by ACL"); vap->iv_stats.is_rx_acl++; Modified: head/sys/net80211/ieee80211_proto.h ============================================================================== --- head/sys/net80211/ieee80211_proto.h Wed Dec 14 23:57:47 2011 (r228513) +++ head/sys/net80211/ieee80211_proto.h Thu Dec 15 00:52:30 2011 (r228514) @@ -215,6 +215,7 @@ struct ieee80211_aclator { int (*iac_attach)(struct ieee80211vap *); void (*iac_detach)(struct ieee80211vap *); int (*iac_check)(struct ieee80211vap *, + const struct ieee80211_frame *wh, const uint8_t mac[IEEE80211_ADDR_LEN]); int (*iac_add)(struct ieee80211vap *, const uint8_t mac[IEEE80211_ADDR_LEN]);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201112150052.pBF0qUA5022051>