Extend ACL to install allow/deny list to the driver dynamically

Support installing the updated allow/deny list to the driver if it
supports ACL offload. Previously, only the not-offloaded cases were
updated dynamically.

Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
This commit is contained in:
Chaoli Zhou 2022-03-24 15:19:25 +08:00 committed by Jouni Malinen
parent 077bce96f3
commit 00622fcfef
4 changed files with 41 additions and 14 deletions

View file

@ -3491,14 +3491,15 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
if (hostapd_ctrl_iface_acl_add_mac(
&hapd->conf->accept_mac,
&hapd->conf->num_accept_mac, buf + 19))
&hapd->conf->num_accept_mac, buf + 19) ||
hostapd_set_acl(hapd))
reply_len = -1;
} else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
if (!hostapd_ctrl_iface_acl_del_mac(
if (hostapd_ctrl_iface_acl_del_mac(
&hapd->conf->accept_mac,
&hapd->conf->num_accept_mac, buf + 19))
hostapd_disassoc_accept_mac(hapd);
else
&hapd->conf->num_accept_mac, buf + 19) ||
hostapd_set_acl(hapd) ||
hostapd_disassoc_accept_mac(hapd))
reply_len = -1;
} else if (os_strcmp(buf + 11, "SHOW") == 0) {
reply_len = hostapd_ctrl_iface_acl_show_mac(
@ -3508,20 +3509,23 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
hostapd_ctrl_iface_acl_clear_list(
&hapd->conf->accept_mac,
&hapd->conf->num_accept_mac);
hostapd_disassoc_accept_mac(hapd);
if (hostapd_set_acl(hapd) ||
hostapd_disassoc_accept_mac(hapd))
reply_len = -1;
}
} else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) {
if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) {
if (!hostapd_ctrl_iface_acl_add_mac(
if (hostapd_ctrl_iface_acl_add_mac(
&hapd->conf->deny_mac,
&hapd->conf->num_deny_mac, buf + 17))
hostapd_disassoc_deny_mac(hapd);
else
&hapd->conf->num_deny_mac, buf + 17) ||
hostapd_set_acl(hapd) ||
hostapd_disassoc_deny_mac(hapd))
reply_len = -1;
} else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
if (hostapd_ctrl_iface_acl_del_mac(
&hapd->conf->deny_mac,
&hapd->conf->num_deny_mac, buf + 17))
&hapd->conf->num_deny_mac, buf + 17) ||
hostapd_set_acl(hapd))
reply_len = -1;
} else if (os_strcmp(buf + 9, "SHOW") == 0) {
reply_len = hostapd_ctrl_iface_acl_show_mac(
@ -3531,6 +3535,8 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
hostapd_ctrl_iface_acl_clear_list(
&hapd->conf->deny_mac,
&hapd->conf->num_deny_mac);
if (hostapd_set_acl(hapd))
reply_len = -1;
}
#ifdef CONFIG_DPP
} else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {

View file

@ -1734,6 +1734,19 @@ int ap_ctrl_iface_disassoc_accept_mac(struct wpa_supplicant *wpa_s)
return hostapd_disassoc_accept_mac(hapd);
}
int ap_ctrl_iface_set_acl(struct wpa_supplicant *wpa_s)
{
struct hostapd_data *hapd;
if (wpa_s->ap_iface)
hapd = wpa_s->ap_iface->bss[0];
else
return -1;
return hostapd_set_acl(hapd);
}
#endif /* CONFIG_CTRL_IFACE */

View file

@ -55,6 +55,7 @@ void ap_ctrl_iface_acl_clear_list(struct wpa_supplicant *wpa_s,
enum macaddr_acl acl_type);
int ap_ctrl_iface_disassoc_deny_mac(struct wpa_supplicant *wpa_s);
int ap_ctrl_iface_disassoc_accept_mac(struct wpa_supplicant *wpa_s);
int ap_ctrl_iface_set_acl(struct wpa_supplicant *wpa_s);
void ap_tx_status(void *ctx, const u8 *addr,
const u8 *buf, size_t len, int ack);
void ap_eapol_tx_status(void *ctx, const u8 *dst,

View file

@ -12026,12 +12026,14 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
if (ap_ctrl_iface_acl_add_mac(wpa_s,
DENY_UNLESS_ACCEPTED,
buf + 19))
buf + 19) ||
ap_ctrl_iface_set_acl(wpa_s))
reply_len = -1;
} else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
if (ap_ctrl_iface_acl_del_mac(wpa_s,
DENY_UNLESS_ACCEPTED,
buf + 19) ||
ap_ctrl_iface_set_acl(wpa_s) ||
ap_ctrl_iface_disassoc_accept_mac(wpa_s))
reply_len = -1;
} else if (os_strcmp(buf + 11, "SHOW") == 0) {
@ -12041,7 +12043,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
} else if (os_strcmp(buf + 11, "CLEAR") == 0) {
ap_ctrl_iface_acl_clear_list(wpa_s,
DENY_UNLESS_ACCEPTED);
if (ap_ctrl_iface_disassoc_accept_mac(wpa_s))
if (ap_ctrl_iface_set_acl(wpa_s) ||
ap_ctrl_iface_disassoc_accept_mac(wpa_s))
reply_len = -1;
} else {
reply_len = -1;
@ -12051,12 +12054,14 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
if (ap_ctrl_iface_acl_add_mac(wpa_s,
ACCEPT_UNLESS_DENIED,
buf + 17) ||
ap_ctrl_iface_set_acl(wpa_s) ||
ap_ctrl_iface_disassoc_deny_mac(wpa_s))
reply_len = -1;
} else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
if (ap_ctrl_iface_acl_del_mac(wpa_s,
ACCEPT_UNLESS_DENIED,
buf + 17))
buf + 17) ||
ap_ctrl_iface_set_acl(wpa_s))
reply_len = -1;
} else if (os_strcmp(buf + 9, "SHOW") == 0) {
reply_len = ap_ctrl_iface_acl_show_mac(
@ -12064,6 +12069,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
} else if (os_strcmp(buf + 9, "CLEAR") == 0) {
ap_ctrl_iface_acl_clear_list(wpa_s,
ACCEPT_UNLESS_DENIED);
if (ap_ctrl_iface_set_acl(wpa_s))
reply_len = -1;
} else {
reply_len = -1;
}