PERFORCE change 63955 for review

Sam Leffler sam at FreeBSD.org
Fri Oct 29 15:07:36 PDT 2004 

http://perforce.freebsd.org/chv.cgi?CH=63955

Change 63955 by sam at sam_ebb on 2004/10/29 22:06:53

	bring in MAC ACL support from madwifi; still need the ioctl's

Affected files ...

.. //depot/projects/wifi/sys/net80211/ieee80211_acl.c#1 add
.. //depot/projects/wifi/sys/net80211/ieee80211_freebsd.h#2 edit
.. //depot/projects/wifi/sys/net80211/ieee80211_proto.c#3 edit
.. //depot/projects/wifi/sys/net80211/ieee80211_proto.h#3 edit
.. //depot/projects/wifi/sys/net80211/ieee80211_var.h#3 edit

Differences ...

==== //depot/projects/wifi/sys/net80211/ieee80211_freebsd.h#2 (text+ko) ====

@@ -42,6 +42,18 @@
 	mtx_assert(&(_ic)->ic_nodelock, MA_OWNED)
 
 /*
+ * 802.1x MAC ACL database locking definitions.
+ */
+typedef struct mtx acl_lock_t;
+#define	ACL_LOCK_INIT(_as, _name) \
+	mtx_init(&(_as)->as_lock, _name, "802.11 ACL", MTX_DEF)
+#define	ACL_LOCK_DESTROY(_as)		mtx_destroy(&(_as)->as_lock)
+#define	ACL_LOCK(_as)			mtx_lock(&(_as)->as_lock)
+#define	ACL_UNLOCK(_as)			mtx_unlock(&(_as)->as_lock)
+#define	ACL_LOCK_ASSERT(_as) \
+	mtx_assert((&(_as)->as_lock), MA_OWNED)
+
+/*
  * Node reference counting definitions.
  *
  * ieee80211_node_initref	initialize the reference count to 1

==== //depot/projects/wifi/sys/net80211/ieee80211_proto.c#3 (text+ko) ====

@@ -146,13 +146,11 @@
 	ieee80211_authenticator_unregister(IEEE80211_AUTH_SHARED);
 	ieee80211_authenticator_unregister(IEEE80211_AUTH_AUTO);
 
-#if 0
 	/*
 	 * Detach any ACL'ator.
 	 */
 	if (ic->ic_acl != NULL)
 		ic->ic_acl->iac_detach(ic);
-#endif
 }
 
 /*
@@ -189,6 +187,35 @@
 	authenticators[type] = NULL;
 }
 
+/*
+ * Very simple-minded ACL module support.
+ */
+/* XXX just one for now */
+static	const struct ieee80211_aclator *acl = NULL;
+
+void
+ieee80211_aclator_register(const struct ieee80211_aclator *iac)
+{
+	printf("wlan: %s acl policy registered\n", iac->iac_name);
+	acl = iac;
+}
+
+void
+ieee80211_aclator_unregister(const struct ieee80211_aclator *iac)
+{
+	if (acl == iac)
+		acl = NULL;
+	printf("wlan: %s acl policy unregistered\n", iac->iac_name);
+}
+
+const struct ieee80211_aclator *
+ieee80211_aclator_get(const char *name)
+{
+	if (acl == NULL)
+		linker_load_module("wlan_acl", NULL, NULL, NULL, NULL);
+	return acl != NULL && strcmp(acl->iac_name, name) == 0 ? acl : NULL;
+}
+
 void
 ieee80211_print_essid(const u_int8_t *essid, int len)
 {

==== //depot/projects/wifi/sys/net80211/ieee80211_proto.h#3 (text+ko) ====

@@ -125,6 +125,29 @@
 extern	const struct ieee80211_authenticator *
 		ieee80211_authenticator_get(int auth);
 
+/*
+ * Template for an MAC ACL policy module.  Such modules
+ * register with the protocol code and are passed the sender's
+ * address of each received frame for validation.
+ */
+struct ieee80211_aclator {
+	const char *iac_name;		/* printable name */
+	int	(*iac_attach)(struct ieee80211com *);
+	void	(*iac_detach)(struct ieee80211com *);
+	int	(*iac_check)(struct ieee80211com *,
+			const u_int8_t mac[IEEE80211_ADDR_LEN]);
+	int	(*iac_add)(struct ieee80211com *,
+			const u_int8_t mac[IEEE80211_ADDR_LEN]);
+	int	(*iac_remove)(struct ieee80211com *,
+			const u_int8_t mac[IEEE80211_ADDR_LEN]);
+	int	(*iac_flush)(struct ieee80211com *);
+	int	(*iac_setpolicy)(struct ieee80211com *, int);
+	int	(*iac_getpolicy)(struct ieee80211com *);
+};
+extern	void ieee80211_aclator_register(const struct ieee80211_aclator *);
+extern	void ieee80211_aclator_unregister(const struct ieee80211_aclator *);
+extern	const struct ieee80211_aclator *ieee80211_aclator_get(const char *name);
+
 /* flags for ieee80211_fix_rate() */
 #define	IEEE80211_F_DOSORT	0x00000001	/* sort rate list */
 #define	IEEE80211_F_DOFRATE	0x00000002	/* use fixed rate */

==== //depot/projects/wifi/sys/net80211/ieee80211_var.h#3 (text+ko) ====

@@ -184,6 +184,8 @@
 
 #define	IEEE80211_PS_MAX_QUEUE	50	/* maximum saved packets */
 
+struct ieee80211_aclator;
+
 struct ieee80211com {
 	SLIST_ENTRY(ieee80211com) ic_next;
 	struct ifnet		*ic_ifp;	/* associated device */
@@ -278,6 +280,14 @@
 	 */
 	const struct ieee80211_authenticator *ic_auth;
 	struct eapolcom		*ic_ec;	
+
+	/*
+	 * Access control glue.  When a control agent attaches
+	 * it fills in this section.  We assume that when ic_ac
+	 * is setup that the methods are safe to call.
+	 */
+	const struct ieee80211_aclator *ic_acl;
+	void			*ic_as;
 };
 
 #define	IEEE80211_ADDR_EQ(a1,a2)	(memcmp(a1,a2,IEEE80211_ADDR_LEN) == 0)

More information about the p4-projects mailing list