The Design and Implementation of the FreeBSD Operating System, Second Edition
Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]

FreeBSD/Linux Kernel Cross Reference
sys/net80211/ieee80211_acl.c

Version: -  FREEBSD  -  FREEBSD-13-STABLE  -  FREEBSD-13-0  -  FREEBSD-12-STABLE  -  FREEBSD-12-0  -  FREEBSD-11-STABLE  -  FREEBSD-11-0  -  FREEBSD-10-STABLE  -  FREEBSD-10-0  -  FREEBSD-9-STABLE  -  FREEBSD-9-0  -  FREEBSD-8-STABLE  -  FREEBSD-8-0  -  FREEBSD-7-STABLE  -  FREEBSD-7-0  -  FREEBSD-6-STABLE  -  FREEBSD-6-0  -  FREEBSD-5-STABLE  -  FREEBSD-5-0  -  FREEBSD-4-STABLE  -  FREEBSD-3-STABLE  -  FREEBSD22  -  l41  -  OPENBSD  -  linux-2.6  -  MK84  -  PLAN9  -  xnu-8792 
SearchContext: -  none  -  3  -  10 

    1 /*-
    2  * Copyright (c) 2004-2005 Sam Leffler, Errno Consulting
    3  * All rights reserved.
    4  *
    5  * Redistribution and use in source and binary forms, with or without
    6  * modification, are permitted provided that the following conditions
    7  * are met:
    8  * 1. Redistributions of source code must retain the above copyright
    9  *    notice, this list of conditions and the following disclaimer.
   10  * 2. Redistributions in binary form must reproduce the above copyright
   11  *    notice, this list of conditions and the following disclaimer in the
   12  *    documentation and/or other materials provided with the distribution.
   13  * 3. The name of the author may not be used to endorse or promote products
   14  *    derived from this software without specific prior written permission.
   15  *
   16  * Alternatively, this software may be distributed under the terms of the
   17  * GNU General Public License ("GPL") version 2 as published by the Free
   18  * Software Foundation.
   19  *
   20  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
   21  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
   22  * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
   23  * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
   24  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
   25  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
   26  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
   27  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
   28  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
   29  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
   30  */
   31 
   32 #include <sys/cdefs.h>
   33 __FBSDID("$FreeBSD: releng/6.3/sys/net80211/ieee80211_acl.c 149772 2005-09-03 22:40:02Z sam $");
   34 
   35 /*
   36  * IEEE 802.11 MAC ACL support.
   37  *
   38  * When this module is loaded the sender address of each received
   39  * frame is passed to the iac_check method and the module indicates
   40  * if the frame should be accepted or rejected.  If the policy is
   41  * set to ACL_POLICY_OPEN then all frames are accepted w/o checking
   42  * the address.  Otherwise, the address is looked up in the database
   43  * and if found the frame is either accepted (ACL_POLICY_ALLOW)
   44  * or rejected (ACL_POLICY_DENT).
   45  */
   46 #include <sys/param.h>
   47 #include <sys/kernel.h>
   48 #include <sys/systm.h> 
   49 #include <sys/mbuf.h>   
   50 #include <sys/module.h>
   51 #include <sys/queue.h>
   52 
   53 #include <sys/socket.h>
   54 
   55 #include <net/if.h>
   56 #include <net/if_media.h>
   57 #include <net/ethernet.h>
   58 #include <net/route.h>
   59 
   60 #include <net80211/ieee80211_var.h>
   61 
   62 enum {
   63         ACL_POLICY_OPEN         = 0,    /* open, don't check ACL's */
   64         ACL_POLICY_ALLOW        = 1,    /* allow traffic from MAC */
   65         ACL_POLICY_DENY         = 2,    /* deny traffic from MAC */
   66 };
   67 
   68 #define ACL_HASHSIZE    32
   69 
   70 struct acl {
   71         TAILQ_ENTRY(acl)        acl_list;
   72         LIST_ENTRY(acl)         acl_hash;
   73         u_int8_t                acl_macaddr[IEEE80211_ADDR_LEN];
   74 };
   75 struct aclstate {
   76         acl_lock_t              as_lock;
   77         int                     as_policy;
   78         int                     as_nacls;
   79         TAILQ_HEAD(, acl)       as_list;        /* list of all ACL's */
   80         LIST_HEAD(, acl)        as_hash[ACL_HASHSIZE];
   81         struct ieee80211com     *as_ic;
   82 };
   83 
   84 /* simple hash is enough for variation of macaddr */
   85 #define ACL_HASH(addr)  \
   86         (((const u_int8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % ACL_HASHSIZE)
   87 
   88 MALLOC_DEFINE(M_80211_ACL, "acl", "802.11 station acl");
   89 
   90 static  int acl_free_all(struct ieee80211com *);
   91 
   92 static int
   93 acl_attach(struct ieee80211com *ic)
   94 {
   95         struct aclstate *as;
   96 
   97         MALLOC(as, struct aclstate *, sizeof(struct aclstate),
   98                 M_80211_ACL, M_NOWAIT | M_ZERO);
   99         if (as == NULL)
  100                 return 0;
  101         ACL_LOCK_INIT(as, "acl");
  102         TAILQ_INIT(&as->as_list);
  103         as->as_policy = ACL_POLICY_OPEN;
  104         as->as_ic = ic;
  105         ic->ic_as = as;
  106         return 1;
  107 }
  108 
  109 static void
  110 acl_detach(struct ieee80211com *ic)
  111 {
  112         struct aclstate *as = ic->ic_as;
  113 
  114         acl_free_all(ic);
  115         ic->ic_as = NULL;
  116         ACL_LOCK_DESTROY(as);
  117         FREE(as, M_DEVBUF);
  118 }
  119 
  120 static __inline struct acl *
  121 _find_acl(struct aclstate *as, const u_int8_t *macaddr)
  122 {
  123         struct acl *acl;
  124         int hash;
  125 
  126         hash = ACL_HASH(macaddr);
  127         LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) {
  128                 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, macaddr))
  129                         return acl;
  130         }
  131         return NULL;
  132 }
  133 
  134 static void
  135 _acl_free(struct aclstate *as, struct acl *acl)
  136 {
  137         ACL_LOCK_ASSERT(as);
  138 
  139         TAILQ_REMOVE(&as->as_list, acl, acl_list);
  140         LIST_REMOVE(acl, acl_hash);
  141         FREE(acl, M_80211_ACL);
  142         as->as_nacls--;
  143 }
  144 
  145 static int
  146 acl_check(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN])
  147 {
  148         struct aclstate *as = ic->ic_as;
  149 
  150         switch (as->as_policy) {
  151         case ACL_POLICY_OPEN:
  152                 return 1;
  153         case ACL_POLICY_ALLOW:
  154                 return _find_acl(as, mac) != NULL;
  155         case ACL_POLICY_DENY:
  156                 return _find_acl(as, mac) == NULL;
  157         }
  158         return 0;               /* should not happen */
  159 }
  160 
  161 static int
  162 acl_add(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN])
  163 {
  164         struct aclstate *as = ic->ic_as;
  165         struct acl *acl, *new;
  166         int hash;
  167 
  168         MALLOC(new, struct acl *, sizeof(struct acl), M_80211_ACL, M_NOWAIT | M_ZERO);
  169         if (new == NULL) {
  170                 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL,
  171                         "ACL: add %s failed, no memory\n", ether_sprintf(mac));
  172                 /* XXX statistic */
  173                 return ENOMEM;
  174         }
  175 
  176         ACL_LOCK(as);
  177         hash = ACL_HASH(mac);
  178         LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) {
  179                 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) {
  180                         ACL_UNLOCK(as);
  181                         FREE(new, M_80211_ACL);
  182                         IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL,
  183                                 "ACL: add %s failed, already present\n",
  184                                 ether_sprintf(mac));
  185                         return EEXIST;
  186                 }
  187         }
  188         IEEE80211_ADDR_COPY(new->acl_macaddr, mac);
  189         TAILQ_INSERT_TAIL(&as->as_list, new, acl_list);
  190         LIST_INSERT_HEAD(&as->as_hash[hash], new, acl_hash);
  191         as->as_nacls++;
  192         ACL_UNLOCK(as);
  193 
  194         IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL,
  195                 "ACL: add %s\n", ether_sprintf(mac));
  196         return 0;
  197 }
  198 
  199 static int
  200 acl_remove(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN])
  201 {
  202         struct aclstate *as = ic->ic_as;
  203         struct acl *acl;
  204 
  205         ACL_LOCK(as);
  206         acl = _find_acl(as, mac);
  207         if (acl != NULL)
  208                 _acl_free(as, acl);
  209         ACL_UNLOCK(as);
  210 
  211         IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL,
  212                 "ACL: remove %s%s\n", ether_sprintf(mac),
  213                 acl == NULL ? ", not present" : "");
  214 
  215         return (acl == NULL ? ENOENT : 0);
  216 }
  217 
  218 static int
  219 acl_free_all(struct ieee80211com *ic)
  220 {
  221         struct aclstate *as = ic->ic_as;
  222         struct acl *acl;
  223 
  224         IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, "ACL: %s\n", "free all");
  225 
  226         ACL_LOCK(as);
  227         while ((acl = TAILQ_FIRST(&as->as_list)) != NULL)
  228                 _acl_free(as, acl);
  229         ACL_UNLOCK(as);
  230 
  231         return 0;
  232 }
  233 
  234 static int
  235 acl_setpolicy(struct ieee80211com *ic, int policy)
  236 {
  237         struct aclstate *as = ic->ic_as;
  238 
  239         IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL,
  240                 "ACL: set policy to %u\n", policy);
  241 
  242         switch (policy) {
  243         case IEEE80211_MACCMD_POLICY_OPEN:
  244                 as->as_policy = ACL_POLICY_OPEN;
  245                 break;
  246         case IEEE80211_MACCMD_POLICY_ALLOW:
  247                 as->as_policy = ACL_POLICY_ALLOW;
  248                 break;
  249         case IEEE80211_MACCMD_POLICY_DENY:
  250                 as->as_policy = ACL_POLICY_DENY;
  251                 break;
  252         default:
  253                 return EINVAL;
  254         }
  255         return 0;
  256 }
  257 
  258 static int
  259 acl_getpolicy(struct ieee80211com *ic)
  260 {
  261         struct aclstate *as = ic->ic_as;
  262 
  263         return as->as_policy;
  264 }
  265 
  266 static int
  267 acl_setioctl(struct ieee80211com *ic, struct ieee80211req *ireq)
  268 {
  269 
  270         return EINVAL;
  271 }
  272 
  273 static int
  274 acl_getioctl(struct ieee80211com *ic, struct ieee80211req *ireq)
  275 {
  276         struct aclstate *as = ic->ic_as;
  277         struct acl *acl;
  278         struct ieee80211req_maclist *ap;
  279         int error, space, i;
  280 
  281         switch (ireq->i_val) {
  282         case IEEE80211_MACCMD_POLICY:
  283                 ireq->i_val = as->as_policy;
  284                 return 0;
  285         case IEEE80211_MACCMD_LIST:
  286                 space = as->as_nacls * IEEE80211_ADDR_LEN;
  287                 if (ireq->i_len == 0) {
  288                         ireq->i_len = space;    /* return required space */
  289                         return 0;               /* NB: must not error */
  290                 }
  291                 MALLOC(ap, struct ieee80211req_maclist *, space,
  292                         M_TEMP, M_NOWAIT);
  293                 if (ap == NULL)
  294                         return ENOMEM;
  295                 i = 0;
  296                 ACL_LOCK(as);
  297                 TAILQ_FOREACH(acl, &as->as_list, acl_list) {
  298                         IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr);
  299                         i++;
  300                 }
  301                 ACL_UNLOCK(as);
  302                 if (ireq->i_len >= space) {
  303                         error = copyout(ap, ireq->i_data, space);
  304                         ireq->i_len = space;
  305                 } else
  306                         error = copyout(ap, ireq->i_data, ireq->i_len);
  307                 FREE(ap, M_TEMP);
  308                 return error;
  309         }
  310         return EINVAL;
  311 }
  312 
  313 static const struct ieee80211_aclator mac = {
  314         .iac_name       = "mac",
  315         .iac_attach     = acl_attach,
  316         .iac_detach     = acl_detach,
  317         .iac_check      = acl_check,
  318         .iac_add        = acl_add,
  319         .iac_remove     = acl_remove,
  320         .iac_flush      = acl_free_all,
  321         .iac_setpolicy  = acl_setpolicy,
  322         .iac_getpolicy  = acl_getpolicy,
  323         .iac_setioctl   = acl_setioctl,
  324         .iac_getioctl   = acl_getioctl,
  325 };
  326 
  327 /*
  328  * Module glue.
  329  */
  330 static int
  331 wlan_acl_modevent(module_t mod, int type, void *unused)
  332 {
  333         switch (type) {
  334         case MOD_LOAD:
  335                 if (bootverbose)
  336                         printf("wlan: <802.11 MAC ACL support>\n");
  337                 ieee80211_aclator_register(&mac);
  338                 return 0;
  339         case MOD_UNLOAD:
  340                 ieee80211_aclator_unregister(&mac);
  341                 return 0;
  342         }
  343         return EINVAL;
  344 }
  345 
  346 static moduledata_t wlan_acl_mod = {
  347         "wlan_acl",
  348         wlan_acl_modevent,
  349         0
  350 };
  351 DECLARE_MODULE(wlan_acl, wlan_acl_mod, SI_SUB_DRIVERS, SI_ORDER_FIRST);
  352 MODULE_VERSION(wlan_acl, 1);
  353 MODULE_DEPEND(wlan_acl, wlan, 1, 1, 1);

Cache object: 38c829c914462be81c9883a5a6c0fd1c


[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]


This page is part of the FreeBSD/Linux Linux Kernel Cross-Reference, and was automatically generated using a modified version of the LXR engine.