From 2173e65aa098ab130bfdbc9b9cfe8ac2fc2ae086 Mon Sep 17 00:00:00 2001 From: Nishant Pandey Date: Tue, 22 Sep 2020 14:23:08 +0530 Subject: [PATCH] mesh: Dynamic MAC ACL management over control interface Extend support to modify MAC ACL and displayed it through new control interface commands: ACCEPT_ACL [argument] DENY_ACL [argument] subcmd: ADD_MAC |DEL_MAC |SHOW|CLEAR Signed-off-by: Nishant Pandey --- wpa_supplicant/ap.c | 68 +++++++++++++++++++++++++++++++++++++++++ wpa_supplicant/ap.h | 5 +++ wpa_supplicant/ctrl_iface.c | 45 +++++++++++++++++++++++++++ wpa_supplicant/events.c | 1 + wpa_supplicant/mesh.c | 1 + wpa_supplicant/wpa_cli.c | 19 ++++++++++++ wpa_supplicant/wpa_supplicant.c | 3 +- wpa_supplicant/wps_supplicant.c | 2 ++ 8 files changed, 143 insertions(+), 1 deletion(-) --- a/wpa_supplicant/ap.c +++ b/wpa_supplicant/ap.c @@ -6,6 +6,7 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +#include #include "utils/includes.h" @@ -1708,6 +1709,73 @@ void wpas_ap_pmksa_cache_flush(struct wp hostapd_ctrl_iface_pmksa_flush(wpa_s->ifmsh->bss[0]); } +#ifdef CONFIG_MESH + +int wpas_ap_acl_del_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept) +{ + struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; + + if (accept) { + if (!hostapd_ctrl_iface_acl_del_mac(&hapd->conf->accept_mac, + &hapd->conf->num_accept_mac, + buf)) + if (hostapd_disassoc_accept_mac(hapd)) + return 1; + } + + return hostapd_ctrl_iface_acl_del_mac(&hapd->conf->deny_mac, + &hapd->conf->num_deny_mac, + buf); +} + +int wpas_ap_acl_add_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept) +{ + struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; + + if (accept) { + return hostapd_ctrl_iface_acl_add_mac(&hapd->conf->accept_mac, + &hapd->conf->num_accept_mac, + buf); + } else { + if (!hostapd_ctrl_iface_acl_add_mac(&hapd->conf->deny_mac, + &hapd->conf->num_deny_mac, buf)) { + if (hostapd_disassoc_deny_mac(hapd)) + return 1; + return 0; + } + } + + return -1; +} + +int wpas_ap_acl_show_mac(struct wpa_supplicant *wpa_s, char *reply, + const int reply_size, bool accept) +{ + struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; + + if (accept) + return hostapd_ctrl_iface_acl_show_mac( + hapd->conf->accept_mac, + hapd->conf->num_accept_mac, + reply, reply_size); + + return hostapd_ctrl_iface_acl_show_mac( + hapd->conf->deny_mac, + hapd->conf->num_deny_mac, + reply, reply_size); +} + +void wpas_ap_deny_acl_clear_list(struct wpa_supplicant *wpa_s) +{ + struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; + + + return hostapd_ctrl_iface_acl_clear_list(&hapd->conf->deny_mac, + &hapd->conf->num_deny_mac); +} + +#endif /* CONFIG_MESH */ + #ifdef CONFIG_PMKSA_CACHE_EXTERNAL #ifdef CONFIG_MESH --- a/wpa_supplicant/ap.h +++ b/wpa_supplicant/ap.h @@ -99,6 +99,11 @@ void wpas_ap_event_dfs_cac_aborted(struc struct dfs_event *radar); void wpas_ap_event_dfs_cac_nop_finished(struct wpa_supplicant *wpa_s, struct dfs_event *radar); +int wpas_ap_acl_del_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept); +int wpas_ap_acl_add_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept); +int wpas_ap_acl_show_mac(struct wpa_supplicant *wpa_s, char *reply, + const int reply_size, bool accept); +void wpas_ap_deny_acl_clear_list(struct wpa_supplicant *wpa_s); void ap_periodic(struct wpa_supplicant *wpa_s); --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -5,6 +5,7 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +#include #include "utils/includes.h" #ifdef CONFIG_TESTING_OPTIONS @@ -57,6 +58,7 @@ #include "mesh.h" #include "dpp_supplicant.h" #include "sme.h" +#include "ap/ieee802_11.h" #ifdef __NetBSD__ #include @@ -3282,6 +3284,18 @@ static int wpa_supplicant_ctrl_iface_mes return wpas_mesh_peer_remove(wpa_s, addr); } +static void wpas_ap_accept_acl_clear_list(struct wpa_supplicant *wpa_s) +{ + struct hostapd_data *hapd = wpa_s->ifmsh->bss[0]; + struct mac_acl_entry **acl = &hapd->conf->accept_mac; + int *num = &hapd->conf->num_accept_mac; + + while (*num) { + wpas_mesh_peer_remove(wpa_s, (*acl)[0].addr); + hostapd_remove_acl_mac(acl, num, (*acl)[0].addr); + } +} + static int wpa_supplicant_ctrl_iface_mesh_peer_add( struct wpa_supplicant *wpa_s, char *cmd) @@ -10788,6 +10802,38 @@ char * wpa_supplicant_ctrl_iface_process reply_len = -1; #endif /* CONFIG_IBSS_RSN */ #ifdef CONFIG_MESH + } else if (os_strncmp(buf, "ACCEPT_ACL ", 11) == 0) { + if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) { + wpas_ap_acl_add_mac(wpa_s, buf + 19, 1); + } else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) { + reply_len = wpas_ap_acl_del_mac(wpa_s, buf + 19, 1); + if (reply_len == 1) + wpa_supplicant_ctrl_iface_mesh_peer_remove( + wpa_s, buf + 19); + else if (reply_len) + reply_len = -1; + } else if (os_strcmp(buf + 11, "SHOW") == 0) { + reply_len = wpas_ap_acl_show_mac(wpa_s, reply, + reply_size, 1); + } else if (os_strcmp(buf + 11, "CLEAR") == 0) { + wpas_ap_accept_acl_clear_list(wpa_s); + } + } else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) { + if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) { + reply_len = wpas_ap_acl_add_mac(wpa_s, buf + 17, 0); + if (reply_len == 1) + wpa_supplicant_ctrl_iface_mesh_peer_remove( + wpa_s, buf + 17); + else if (reply_len) + reply_len = -1; + } else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) { + wpas_ap_acl_del_mac(wpa_s, buf + 17, 0); + } else if (os_strcmp(buf + 9, "SHOW") == 0) { + reply_len = wpas_ap_acl_show_mac(wpa_s, reply, + reply_size, 0); + } else if (os_strcmp(buf + 9, "CLEAR") == 0) { + wpas_ap_deny_acl_clear_list(wpa_s); + } } else if (os_strncmp(buf, "MESH_INTERFACE_ADD ", 19) == 0) { reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add( wpa_s, buf + 19, reply, reply_size); --- a/wpa_supplicant/events.c +++ b/wpa_supplicant/events.c @@ -5,6 +5,7 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +#include #include "includes.h" --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -5,6 +5,7 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +#include #include "utils/includes.h" --- a/wpa_supplicant/wpa_cli.c +++ b/wpa_supplicant/wpa_cli.c @@ -2118,6 +2118,19 @@ static int wpa_cli_cmd_mesh_link_probe(s return wpa_cli_cmd(ctrl, "MESH_LINK_PROBE", 1, argc, argv); } +static int wpa_cli_cmd_accept_macacl(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + return wpa_cli_cmd(ctrl, "ACCEPT_ACL", 1, argc, argv); +} + + +static int wpa_cli_cmd_deny_macacl(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + return wpa_cli_cmd(ctrl, "DENY_ACL", 1, argc, argv); +} + #endif /* CONFIG_MESH */ @@ -3582,6 +3595,12 @@ static const struct wpa_cli_cmd wpa_cli_ { "mesh_link_probe", wpa_cli_cmd_mesh_link_probe, NULL, cli_cmd_flag_none, " [payload=] = Probe a mesh link for a given peer by injecting a frame." }, + { "accept_acl", wpa_cli_cmd_accept_macacl, NULL, + cli_cmd_flag_none, + "=Add/Delete/Show/Clear accept MAC ACL" }, + { "deny_acl", wpa_cli_cmd_deny_macacl, NULL, + cli_cmd_flag_none, + "=Add/Delete/Show/Clear deny MAC ACL" }, #endif /* CONFIG_MESH */ #ifdef CONFIG_P2P { "p2p_find", wpa_cli_cmd_p2p_find, wpa_cli_complete_p2p_find, --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -9,6 +9,7 @@ * %wpa_supplicant interfaces. In addition, this file contains number of * functions for managing network connections. */ +#include #include "includes.h" #ifdef CONFIG_MATCH_IFACE @@ -50,7 +51,6 @@ #include "ibss_rsn.h" #include "sme.h" #include "gas_query.h" -#include "ap.h" #include "p2p_supplicant.h" #include "wifi_display.h" #include "notify.h" @@ -68,6 +68,7 @@ #include "ap/ap_config.h" #include "ap/hostapd.h" #endif /* CONFIG_MESH */ +#include "ap.h" const char *const wpa_supplicant_version = "wpa_supplicant v" VERSION_STR "\n" --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -5,6 +5,7 @@ * This software may be distributed under the terms of the BSD license. * See README for more details. */ +#include #include "includes.h" @@ -21,6 +22,7 @@ #include "eap_peer/eap.h" #include "eapol_supp/eapol_supp_sm.h" #include "rsn_supp/wpa.h" +#include "ap/hostapd.h" #include "wps/wps_attr_parse.h" #include "config.h" #include "wpa_supplicant_i.h"