ieee80211_acl.c (184210) | ieee80211_acl.c (186302) |
---|---|
1/*- 2 * Copyright (c) 2004-2008 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 10 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> | 1/*- 2 * Copyright (c) 2004-2008 Sam Leffler, Errno Consulting 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright --- 10 unchanged lines hidden (view full) --- 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include <sys/cdefs.h> |
27__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_acl.c 184210 2008-10-23 19:57:13Z des $"); | 27__FBSDID("$FreeBSD: head/sys/net80211/ieee80211_acl.c 186302 2008-12-18 23:00:09Z sam $"); |
28 29/* 30 * IEEE 802.11 MAC ACL support. 31 * 32 * When this module is loaded the sender address of each auth mgt 33 * frame is passed to the iac_check method and the module indicates 34 * if the frame should be accepted or rejected. If the policy is 35 * set to ACL_POLICY_OPEN then all frames are accepted w/o checking --- 58 unchanged lines hidden (view full) --- 94/* number of references from net80211 layer */ 95static int nrefs = 0; 96 97static int 98acl_attach(struct ieee80211vap *vap) 99{ 100 struct aclstate *as; 101 | 28 29/* 30 * IEEE 802.11 MAC ACL support. 31 * 32 * When this module is loaded the sender address of each auth mgt 33 * frame is passed to the iac_check method and the module indicates 34 * if the frame should be accepted or rejected. If the policy is 35 * set to ACL_POLICY_OPEN then all frames are accepted w/o checking --- 58 unchanged lines hidden (view full) --- 94/* number of references from net80211 layer */ 95static int nrefs = 0; 96 97static int 98acl_attach(struct ieee80211vap *vap) 99{ 100 struct aclstate *as; 101 |
102 MALLOC(as, struct aclstate *, sizeof(struct aclstate), | 102 as = (struct aclstate *) malloc(sizeof(struct aclstate), |
103 M_80211_ACL, M_NOWAIT | M_ZERO); 104 if (as == NULL) 105 return 0; 106 ACL_LOCK_INIT(as, "acl"); 107 TAILQ_INIT(&as->as_list); 108 as->as_policy = ACL_POLICY_OPEN; 109 as->as_vap = vap; 110 vap->iv_as = as; --- 7 unchanged lines hidden (view full) --- 118 struct aclstate *as = vap->iv_as; 119 120 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 121 nrefs--; /* NB: we assume caller locking */ 122 123 acl_free_all(vap); 124 vap->iv_as = NULL; 125 ACL_LOCK_DESTROY(as); | 103 M_80211_ACL, M_NOWAIT | M_ZERO); 104 if (as == NULL) 105 return 0; 106 ACL_LOCK_INIT(as, "acl"); 107 TAILQ_INIT(&as->as_list); 108 as->as_policy = ACL_POLICY_OPEN; 109 as->as_vap = vap; 110 vap->iv_as = as; --- 7 unchanged lines hidden (view full) --- 118 struct aclstate *as = vap->iv_as; 119 120 KASSERT(nrefs > 0, ("imbalanced attach/detach")); 121 nrefs--; /* NB: we assume caller locking */ 122 123 acl_free_all(vap); 124 vap->iv_as = NULL; 125 ACL_LOCK_DESTROY(as); |
126 FREE(as, M_80211_ACL); | 126 free(as, M_80211_ACL); |
127} 128 129static __inline struct acl * 130_find_acl(struct aclstate *as, const uint8_t *macaddr) 131{ 132 struct acl *acl; 133 int hash; 134 --- 7 unchanged lines hidden (view full) --- 142 143static void 144_acl_free(struct aclstate *as, struct acl *acl) 145{ 146 ACL_LOCK_ASSERT(as); 147 148 TAILQ_REMOVE(&as->as_list, acl, acl_list); 149 LIST_REMOVE(acl, acl_hash); | 127} 128 129static __inline struct acl * 130_find_acl(struct aclstate *as, const uint8_t *macaddr) 131{ 132 struct acl *acl; 133 int hash; 134 --- 7 unchanged lines hidden (view full) --- 142 143static void 144_acl_free(struct aclstate *as, struct acl *acl) 145{ 146 ACL_LOCK_ASSERT(as); 147 148 TAILQ_REMOVE(&as->as_list, acl, acl_list); 149 LIST_REMOVE(acl, acl_hash); |
150 FREE(acl, M_80211_ACL); | 150 free(acl, M_80211_ACL); |
151 as->as_nacls--; 152} 153 154static int 155acl_check(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 156{ 157 struct aclstate *as = vap->iv_as; 158 --- 11 unchanged lines hidden (view full) --- 170 171static int 172acl_add(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 173{ 174 struct aclstate *as = vap->iv_as; 175 struct acl *acl, *new; 176 int hash; 177 | 151 as->as_nacls--; 152} 153 154static int 155acl_check(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 156{ 157 struct aclstate *as = vap->iv_as; 158 --- 11 unchanged lines hidden (view full) --- 170 171static int 172acl_add(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN]) 173{ 174 struct aclstate *as = vap->iv_as; 175 struct acl *acl, *new; 176 int hash; 177 |
178 MALLOC(new, struct acl *, sizeof(struct acl), M_80211_ACL, M_NOWAIT | M_ZERO); | 178 new = (struct acl *) malloc(sizeof(struct acl), M_80211_ACL, M_NOWAIT | M_ZERO); |
179 if (new == NULL) { 180 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ACL, 181 "ACL: add %s failed, no memory\n", ether_sprintf(mac)); 182 /* XXX statistic */ 183 return ENOMEM; 184 } 185 186 ACL_LOCK(as); 187 hash = ACL_HASH(mac); 188 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 189 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) { 190 ACL_UNLOCK(as); | 179 if (new == NULL) { 180 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ACL, 181 "ACL: add %s failed, no memory\n", ether_sprintf(mac)); 182 /* XXX statistic */ 183 return ENOMEM; 184 } 185 186 ACL_LOCK(as); 187 hash = ACL_HASH(mac); 188 LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) { 189 if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) { 190 ACL_UNLOCK(as); |
191 FREE(new, M_80211_ACL); | 191 free(new, M_80211_ACL); |
192 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ACL, 193 "ACL: add %s failed, already present\n", 194 ether_sprintf(mac)); 195 return EEXIST; 196 } 197 } 198 IEEE80211_ADDR_COPY(new->acl_macaddr, mac); 199 TAILQ_INSERT_TAIL(&as->as_list, new, acl_list); --- 96 unchanged lines hidden (view full) --- 296 ireq->i_val = as->as_policy; 297 return 0; 298 case IEEE80211_MACCMD_LIST: 299 space = as->as_nacls * IEEE80211_ADDR_LEN; 300 if (ireq->i_len == 0) { 301 ireq->i_len = space; /* return required space */ 302 return 0; /* NB: must not error */ 303 } | 192 IEEE80211_DPRINTF(vap, IEEE80211_MSG_ACL, 193 "ACL: add %s failed, already present\n", 194 ether_sprintf(mac)); 195 return EEXIST; 196 } 197 } 198 IEEE80211_ADDR_COPY(new->acl_macaddr, mac); 199 TAILQ_INSERT_TAIL(&as->as_list, new, acl_list); --- 96 unchanged lines hidden (view full) --- 296 ireq->i_val = as->as_policy; 297 return 0; 298 case IEEE80211_MACCMD_LIST: 299 space = as->as_nacls * IEEE80211_ADDR_LEN; 300 if (ireq->i_len == 0) { 301 ireq->i_len = space; /* return required space */ 302 return 0; /* NB: must not error */ 303 } |
304 MALLOC(ap, struct ieee80211req_maclist *, space, | 304 ap = (struct ieee80211req_maclist *) malloc(space, |
305 M_TEMP, M_NOWAIT); 306 if (ap == NULL) 307 return ENOMEM; 308 i = 0; 309 ACL_LOCK(as); 310 TAILQ_FOREACH(acl, &as->as_list, acl_list) { 311 IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr); 312 i++; 313 } 314 ACL_UNLOCK(as); 315 if (ireq->i_len >= space) { 316 error = copyout(ap, ireq->i_data, space); 317 ireq->i_len = space; 318 } else 319 error = copyout(ap, ireq->i_data, ireq->i_len); | 305 M_TEMP, M_NOWAIT); 306 if (ap == NULL) 307 return ENOMEM; 308 i = 0; 309 ACL_LOCK(as); 310 TAILQ_FOREACH(acl, &as->as_list, acl_list) { 311 IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr); 312 i++; 313 } 314 ACL_UNLOCK(as); 315 if (ireq->i_len >= space) { 316 error = copyout(ap, ireq->i_data, space); 317 ireq->i_len = space; 318 } else 319 error = copyout(ap, ireq->i_data, ireq->i_len); |
320 FREE(ap, M_TEMP); | 320 free(ap, M_TEMP); |
321 return error; 322 } 323 return EINVAL; 324} 325 326static const struct ieee80211_aclator mac = { 327 .iac_name = "mac", 328 .iac_attach = acl_attach, 329 .iac_detach = acl_detach, 330 .iac_check = acl_check, 331 .iac_add = acl_add, 332 .iac_remove = acl_remove, 333 .iac_flush = acl_free_all, 334 .iac_setpolicy = acl_setpolicy, 335 .iac_getpolicy = acl_getpolicy, 336 .iac_setioctl = acl_setioctl, 337 .iac_getioctl = acl_getioctl, 338}; 339IEEE80211_ACL_MODULE(wlan_acl, mac, 1); | 321 return error; 322 } 323 return EINVAL; 324} 325 326static const struct ieee80211_aclator mac = { 327 .iac_name = "mac", 328 .iac_attach = acl_attach, 329 .iac_detach = acl_detach, 330 .iac_check = acl_check, 331 .iac_add = acl_add, 332 .iac_remove = acl_remove, 333 .iac_flush = acl_free_all, 334 .iac_setpolicy = acl_setpolicy, 335 .iac_getpolicy = acl_getpolicy, 336 .iac_setioctl = acl_setioctl, 337 .iac_getioctl = acl_getioctl, 338}; 339IEEE80211_ACL_MODULE(wlan_acl, mac, 1); |