Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net80211/ieee80211_acl.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2004-2005 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * Alternatively, this software may be distributed under the terms of the 17 * GNU General Public License ("GPL") version 2 as published by the Free 18 * Software Foundation. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #ifdef __FreeBSD__ 34 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_acl.c,v 1.4 2005/08/13 17:31:48 sam Exp $"); 35 #endif 36 #ifdef __NetBSD__ 37 __KERNEL_RCSID(0, "$NetBSD: ieee80211_acl.c,v 1.10 2019/11/10 21:16:38 chs Exp $"); 38 #endif 39 40 /* 41 * IEEE 802.11 MAC ACL support. 42 * 43 * When this module is loaded the sender address of each received 44 * frame is passed to the iac_check method and the module indicates 45 * if the frame should be accepted or rejected. If the policy is 46 * set to ACL_POLICY_OPEN then all frames are accepted w/o checking 47 * the address. Otherwise, the address is looked up in the database 48 * and if found the frame is either accepted (ACL_POLICY_ALLOW) 49 * or rejected (ACL_POLICY_DENT). 50 */ 51 #include <sys/param.h> 52 #include <sys/kernel.h> 53 #include <sys/systm.h> 54 #include <sys/mbuf.h> 55 #include <sys/queue.h> 56 57 #include <sys/socket.h> 58 59 #include <net/if.h> 60 #include <net/if_media.h> 61 #include <net/if_ether.h> 62 #include <net/route.h> 63 64 #include <net80211/ieee80211_var.h> 65 66 enum { 67 ACL_POLICY_OPEN = 0, /* open, don't check ACL's */ 68 ACL_POLICY_ALLOW = 1, /* allow traffic from MAC */ 69 ACL_POLICY_DENY = 2, /* deny traffic from MAC */ 70 }; 71 72 #define ACL_HASHSIZE 32 73 74 struct acl { 75 TAILQ_ENTRY(acl) acl_list; 76 LIST_ENTRY(acl) acl_hash; 77 u_int8_t acl_macaddr[IEEE80211_ADDR_LEN]; 78 }; 79 struct aclstate { 80 acl_lock_t as_lock; 81 int as_policy; 82 uint32_t as_nacls; 83 TAILQ_HEAD(, acl) as_list; /* list of all ACL's */ 84 LIST_HEAD(, acl) as_hash[ACL_HASHSIZE]; 85 struct ieee80211com *as_ic; 86 }; 87 88 /* simple hash is enough for variation of macaddr */ 89 #define ACL_HASH(addr) \ 90 (((const u_int8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % ACL_HASHSIZE) 91 92 MALLOC_DEFINE(M_80211_ACL, "acl", "802.11 station acl"); 93 94 static int acl_free_all(struct ieee80211com *); 95 96 static int 97 acl_attach(struct ieee80211com *ic) 98 { 99 struct aclstate *as; 100 101 as = malloc(sizeof(struct aclstate), 102 M_80211_ACL, M_WAITOK | M_ZERO); 103 ACL_LOCK_INIT(as, "acl"); 104 TAILQ_INIT(&as->as_list); 105 as->as_policy = ACL_POLICY_OPEN; 106 as->as_ic = ic; 107 ic->ic_as = as; 108 return 1; 109 } 110 111 static void 112 acl_detach(struct ieee80211com *ic) 113 { 114 struct aclstate *as = ic->ic_as; 115 116 acl_free_all(ic); 117 ic->ic_as = NULL; 118 ACL_LOCK_DESTROY(as); 119 free(as, M_DEVBUF); 120 } 121 122 static __inline struct acl * 123 _find_acl(struct aclstate *as, const u_int8_t *macaddr) 124 { 125 struct acl *acl; 126 int hash; 127 128 hash = ACL_HASH(macaddr); 129 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 130 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, macaddr)) 131 return acl; 132 } 133 return NULL; 134 } 135 136 static void 137 _acl_free(struct aclstate *as, struct acl *acl) 138 { 139 ACL_LOCK_ASSERT(as); 140 141 TAILQ_REMOVE(&as->as_list, acl, acl_list); 142 LIST_REMOVE(acl, acl_hash); 143 free(acl, M_80211_ACL); 144 as->as_nacls--; 145 } 146 147 static int 148 acl_check(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 149 { 150 struct aclstate *as = ic->ic_as; 151 152 switch (as->as_policy) { 153 case ACL_POLICY_OPEN: 154 return 1; 155 case ACL_POLICY_ALLOW: 156 return _find_acl(as, mac) != NULL; 157 case ACL_POLICY_DENY: 158 return _find_acl(as, mac) == NULL; 159 } 160 return 0; /* should not happen */ 161 } 162 163 static int 164 acl_add(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 165 { 166 struct aclstate *as = ic->ic_as; 167 struct acl *acl, *new; 168 int hash; 169 170 new = malloc(sizeof(struct acl), M_80211_ACL, M_WAITOK | M_ZERO); 171 172 ACL_LOCK(as); 173 hash = ACL_HASH(mac); 174 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 175 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) { 176 ACL_UNLOCK(as); 177 free(new, M_80211_ACL); 178 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 179 "ACL: add %s failed, already present\n", 180 ether_sprintf(mac)); 181 return EEXIST; 182 } 183 } 184 IEEE80211_ADDR_COPY(new->acl_macaddr, mac); 185 TAILQ_INSERT_TAIL(&as->as_list, new, acl_list); 186 LIST_INSERT_HEAD(&as->as_hash[hash], new, acl_hash); 187 as->as_nacls++; 188 ACL_UNLOCK(as); 189 190 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 191 "ACL: add %s\n", ether_sprintf(mac)); 192 return 0; 193 } 194 195 static int 196 acl_remove(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 197 { 198 struct aclstate *as = ic->ic_as; 199 struct acl *acl; 200 201 ACL_LOCK(as); 202 acl = _find_acl(as, mac); 203 if (acl != NULL) 204 _acl_free(as, acl); 205 ACL_UNLOCK(as); 206 207 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 208 "ACL: remove %s%s\n", ether_sprintf(mac), 209 acl == NULL ? ", not present" : ""); 210 211 return (acl == NULL ? ENOENT : 0); 212 } 213 214 static int 215 acl_free_all(struct ieee80211com *ic) 216 { 217 struct aclstate *as = ic->ic_as; 218 struct acl *acl; 219 220 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, "ACL: %s\n", "free all"); 221 222 ACL_LOCK(as); 223 while ((acl = TAILQ_FIRST(&as->as_list)) != NULL) 224 _acl_free(as, acl); 225 ACL_UNLOCK(as); 226 227 return 0; 228 } 229 230 static int 231 acl_setpolicy(struct ieee80211com *ic, int policy) 232 { 233 struct aclstate *as = ic->ic_as; 234 235 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 236 "ACL: set policy to %u\n", policy); 237 238 switch (policy) { 239 case IEEE80211_MACCMD_POLICY_OPEN: 240 as->as_policy = ACL_POLICY_OPEN; 241 break; 242 case IEEE80211_MACCMD_POLICY_ALLOW: 243 as->as_policy = ACL_POLICY_ALLOW; 244 break; 245 case IEEE80211_MACCMD_POLICY_DENY: 246 as->as_policy = ACL_POLICY_DENY; 247 break; 248 default: 249 return EINVAL; 250 } 251 return 0; 252 } 253 254 static int 255 acl_getpolicy(struct ieee80211com *ic) 256 { 257 struct aclstate *as = ic->ic_as; 258 259 return as->as_policy; 260 } 261 262 static int 263 acl_setioctl(struct ieee80211com *ic, 264 struct ieee80211req *ireq) 265 { 266 267 return EINVAL; 268 } 269 270 static int 271 acl_getioctl(struct ieee80211com *ic, struct ieee80211req *ireq) 272 { 273 struct aclstate *as = ic->ic_as; 274 struct acl *acl; 275 struct ieee80211req_maclist *ap; 276 int error; 277 uint32_t i, space; 278 279 switch (ireq->i_val) { 280 case IEEE80211_MACCMD_POLICY: 281 ireq->i_val = as->as_policy; 282 return 0; 283 case IEEE80211_MACCMD_LIST: 284 space = as->as_nacls * IEEE80211_ADDR_LEN; 285 if (ireq->i_len == 0) { 286 ireq->i_len = space; /* return required space */ 287 return 0; /* NB: must not error */ 288 } 289 ap = malloc(space, M_TEMP, M_WAITOK); 290 i = 0; 291 ACL_LOCK(as); 292 TAILQ_FOREACH(acl, &as->as_list, acl_list) { 293 IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr); 294 i++; 295 } 296 ACL_UNLOCK(as); 297 if (ireq->i_len >= space) { 298 error = copyout(ap, ireq->i_data, space); 299 ireq->i_len = space; 300 } else 301 error = copyout(ap, ireq->i_data, ireq->i_len); 302 free(ap, M_TEMP); 303 return error; 304 } 305 return EINVAL; 306 } 307 308 static const struct ieee80211_aclator mac = { 309 .iac_name = "mac", 310 .iac_attach = acl_attach, 311 .iac_detach = acl_detach, 312 .iac_check = acl_check, 313 .iac_add = acl_add, 314 .iac_remove = acl_remove, 315 .iac_flush = acl_free_all, 316 .iac_setpolicy = acl_setpolicy, 317 .iac_getpolicy = acl_getpolicy, 318 .iac_setioctl = acl_setioctl, 319 .iac_getioctl = acl_getioctl, 320 };
Cache object: ab8095163f4dbad18f4f82d6e8e00503
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]