Now available: The Design and Implementation of the FreeBSD Operating System (Second Edition)
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]
FreeBSD/Linux Kernel Cross Reference
sys/net80211/ieee80211_acl.c
Version:
- FREEBSD - FREEBSD-13-STABLE - FREEBSD-13-0 - FREEBSD-12-STABLE - FREEBSD-12-0 - FREEBSD-11-STABLE - FREEBSD-11-0 - FREEBSD-10-STABLE - FREEBSD-10-0 - FREEBSD-9-STABLE - FREEBSD-9-0 - FREEBSD-8-STABLE - FREEBSD-8-0 - FREEBSD-7-STABLE - FREEBSD-7-0 - FREEBSD-6-STABLE - FREEBSD-6-0 - FREEBSD-5-STABLE - FREEBSD-5-0 - FREEBSD-4-STABLE - FREEBSD-3-STABLE - FREEBSD22 - l41 - OPENBSD - linux-2.6 - MK84 - PLAN9 - xnu-8792
SearchContext: - none - 3 - 10
SearchContext: - none - 3 - 10
1 /*- 2 * Copyright (c) 2004-2005 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. The name of the author may not be used to endorse or promote products 14 * derived from this software without specific prior written permission. 15 * 16 * Alternatively, this software may be distributed under the terms of the 17 * GNU General Public License ("GPL") version 2 as published by the Free 18 * Software Foundation. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 21 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 22 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 23 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 24 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 25 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 29 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include <sys/cdefs.h> 33 #ifdef __FreeBSD__ 34 __FBSDID("$FreeBSD: src/sys/net80211/ieee80211_acl.c,v 1.4 2005/08/13 17:31:48 sam Exp $"); 35 #endif 36 #ifdef __NetBSD__ 37 __KERNEL_RCSID(0, "$NetBSD: ieee80211_acl.c,v 1.7 2006/11/16 01:33:40 christos Exp $"); 38 #endif 39 40 /* 41 * IEEE 802.11 MAC ACL support. 42 * 43 * When this module is loaded the sender address of each received 44 * frame is passed to the iac_check method and the module indicates 45 * if the frame should be accepted or rejected. If the policy is 46 * set to ACL_POLICY_OPEN then all frames are accepted w/o checking 47 * the address. Otherwise, the address is looked up in the database 48 * and if found the frame is either accepted (ACL_POLICY_ALLOW) 49 * or rejected (ACL_POLICY_DENT). 50 */ 51 #include <sys/param.h> 52 #include <sys/kernel.h> 53 #include <sys/systm.h> 54 #include <sys/mbuf.h> 55 #include <sys/queue.h> 56 57 #include <sys/socket.h> 58 59 #include <net/if.h> 60 #include <net/if_media.h> 61 #include <net/if_ether.h> 62 #include <net/route.h> 63 64 #include <net80211/ieee80211_var.h> 65 66 enum { 67 ACL_POLICY_OPEN = 0, /* open, don't check ACL's */ 68 ACL_POLICY_ALLOW = 1, /* allow traffic from MAC */ 69 ACL_POLICY_DENY = 2, /* deny traffic from MAC */ 70 }; 71 72 #define ACL_HASHSIZE 32 73 74 struct acl { 75 TAILQ_ENTRY(acl) acl_list; 76 LIST_ENTRY(acl) acl_hash; 77 u_int8_t acl_macaddr[IEEE80211_ADDR_LEN]; 78 }; 79 struct aclstate { 80 acl_lock_t as_lock; 81 int as_policy; 82 int as_nacls; 83 TAILQ_HEAD(, acl) as_list; /* list of all ACL's */ 84 LIST_HEAD(, acl) as_hash[ACL_HASHSIZE]; 85 struct ieee80211com *as_ic; 86 }; 87 88 /* simple hash is enough for variation of macaddr */ 89 #define ACL_HASH(addr) \ 90 (((const u_int8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % ACL_HASHSIZE) 91 92 MALLOC_DEFINE(M_80211_ACL, "acl", "802.11 station acl"); 93 94 static int acl_free_all(struct ieee80211com *); 95 96 static int 97 acl_attach(struct ieee80211com *ic) 98 { 99 struct aclstate *as; 100 101 MALLOC(as, struct aclstate *, sizeof(struct aclstate), 102 M_80211_ACL, M_NOWAIT | M_ZERO); 103 if (as == NULL) 104 return 0; 105 ACL_LOCK_INIT(as, "acl"); 106 TAILQ_INIT(&as->as_list); 107 as->as_policy = ACL_POLICY_OPEN; 108 as->as_ic = ic; 109 ic->ic_as = as; 110 return 1; 111 } 112 113 static void 114 acl_detach(struct ieee80211com *ic) 115 { 116 struct aclstate *as = ic->ic_as; 117 118 acl_free_all(ic); 119 ic->ic_as = NULL; 120 ACL_LOCK_DESTROY(as); 121 FREE(as, M_DEVBUF); 122 } 123 124 static __inline struct acl * 125 _find_acl(struct aclstate *as, const u_int8_t *macaddr) 126 { 127 struct acl *acl; 128 int hash; 129 130 hash = ACL_HASH(macaddr); 131 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 132 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, macaddr)) 133 return acl; 134 } 135 return NULL; 136 } 137 138 static void 139 _acl_free(struct aclstate *as, struct acl *acl) 140 { 141 ACL_LOCK_ASSERT(as); 142 143 TAILQ_REMOVE(&as->as_list, acl, acl_list); 144 LIST_REMOVE(acl, acl_hash); 145 FREE(acl, M_80211_ACL); 146 as->as_nacls--; 147 } 148 149 static int 150 acl_check(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 151 { 152 struct aclstate *as = ic->ic_as; 153 154 switch (as->as_policy) { 155 case ACL_POLICY_OPEN: 156 return 1; 157 case ACL_POLICY_ALLOW: 158 return _find_acl(as, mac) != NULL; 159 case ACL_POLICY_DENY: 160 return _find_acl(as, mac) == NULL; 161 } 162 return 0; /* should not happen */ 163 } 164 165 static int 166 acl_add(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 167 { 168 struct aclstate *as = ic->ic_as; 169 struct acl *acl, *new; 170 int hash; 171 172 MALLOC(new, struct acl *, sizeof(struct acl), M_80211_ACL, M_NOWAIT | M_ZERO); 173 if (new == NULL) { 174 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 175 "ACL: add %s failed, no memory\n", ether_sprintf(mac)); 176 /* XXX statistic */ 177 return ENOMEM; 178 } 179 180 ACL_LOCK(as); 181 hash = ACL_HASH(mac); 182 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 183 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) { 184 ACL_UNLOCK(as); 185 FREE(new, M_80211_ACL); 186 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 187 "ACL: add %s failed, already present\n", 188 ether_sprintf(mac)); 189 return EEXIST; 190 } 191 } 192 IEEE80211_ADDR_COPY(new->acl_macaddr, mac); 193 TAILQ_INSERT_TAIL(&as->as_list, new, acl_list); 194 LIST_INSERT_HEAD(&as->as_hash[hash], new, acl_hash); 195 as->as_nacls++; 196 ACL_UNLOCK(as); 197 198 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 199 "ACL: add %s\n", ether_sprintf(mac)); 200 return 0; 201 } 202 203 static int 204 acl_remove(struct ieee80211com *ic, const u_int8_t mac[IEEE80211_ADDR_LEN]) 205 { 206 struct aclstate *as = ic->ic_as; 207 struct acl *acl; 208 209 ACL_LOCK(as); 210 acl = _find_acl(as, mac); 211 if (acl != NULL) 212 _acl_free(as, acl); 213 ACL_UNLOCK(as); 214 215 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 216 "ACL: remove %s%s\n", ether_sprintf(mac), 217 acl == NULL ? ", not present" : ""); 218 219 return (acl == NULL ? ENOENT : 0); 220 } 221 222 static int 223 acl_free_all(struct ieee80211com *ic) 224 { 225 struct aclstate *as = ic->ic_as; 226 struct acl *acl; 227 228 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, "ACL: %s\n", "free all"); 229 230 ACL_LOCK(as); 231 while ((acl = TAILQ_FIRST(&as->as_list)) != NULL) 232 _acl_free(as, acl); 233 ACL_UNLOCK(as); 234 235 return 0; 236 } 237 238 static int 239 acl_setpolicy(struct ieee80211com *ic, int policy) 240 { 241 struct aclstate *as = ic->ic_as; 242 243 IEEE80211_DPRINTF(ic, IEEE80211_MSG_ACL, 244 "ACL: set policy to %u\n", policy); 245 246 switch (policy) { 247 case IEEE80211_MACCMD_POLICY_OPEN: 248 as->as_policy = ACL_POLICY_OPEN; 249 break; 250 case IEEE80211_MACCMD_POLICY_ALLOW: 251 as->as_policy = ACL_POLICY_ALLOW; 252 break; 253 case IEEE80211_MACCMD_POLICY_DENY: 254 as->as_policy = ACL_POLICY_DENY; 255 break; 256 default: 257 return EINVAL; 258 } 259 return 0; 260 } 261 262 static int 263 acl_getpolicy(struct ieee80211com *ic) 264 { 265 struct aclstate *as = ic->ic_as; 266 267 return as->as_policy; 268 } 269 270 static int 271 acl_setioctl(struct ieee80211com *ic, 272 struct ieee80211req *ireq) 273 { 274 275 return EINVAL; 276 } 277 278 static int 279 acl_getioctl(struct ieee80211com *ic, struct ieee80211req *ireq) 280 { 281 struct aclstate *as = ic->ic_as; 282 struct acl *acl; 283 struct ieee80211req_maclist *ap; 284 int error, space, i; 285 286 switch (ireq->i_val) { 287 case IEEE80211_MACCMD_POLICY: 288 ireq->i_val = as->as_policy; 289 return 0; 290 case IEEE80211_MACCMD_LIST: 291 space = as->as_nacls * IEEE80211_ADDR_LEN; 292 if (ireq->i_len == 0) { 293 ireq->i_len = space; /* return required space */ 294 return 0; /* NB: must not error */ 295 } 296 ap = malloc(space, M_TEMP, M_NOWAIT); 297 if (ap == NULL) 298 return ENOMEM; 299 i = 0; 300 ACL_LOCK(as); 301 TAILQ_FOREACH(acl, &as->as_list, acl_list) { 302 IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr); 303 i++; 304 } 305 ACL_UNLOCK(as); 306 if (ireq->i_len >= space) { 307 error = copyout(ap, ireq->i_data, space); 308 ireq->i_len = space; 309 } else 310 error = copyout(ap, ireq->i_data, ireq->i_len); 311 FREE(ap, M_TEMP); 312 return error; 313 } 314 return EINVAL; 315 } 316 317 static const struct ieee80211_aclator mac = { 318 .iac_name = "mac", 319 .iac_attach = acl_attach, 320 .iac_detach = acl_detach, 321 .iac_check = acl_check, 322 .iac_add = acl_add, 323 .iac_remove = acl_remove, 324 .iac_flush = acl_free_all, 325 .iac_setpolicy = acl_setpolicy, 326 .iac_getpolicy = acl_getpolicy, 327 .iac_setioctl = acl_setioctl, 328 .iac_getioctl = acl_getioctl, 329 };
Cache object: 364f8c8e6414c4b7b943e235038dac45
[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ] [ list types ] [ track identifier ]