Extend ACL to install allow/deny list to the driver dynamically
Support installing the updated allow/deny list to the driver if it supports ACL offload. Previously, only the not-offloaded cases were updated dynamically. Signed-off-by: Chaoli Zhou <quic_zchaoli@quicinc.com>
This commit is contained in:
parent
077bce96f3
commit
00622fcfef
4 changed files with 41 additions and 14 deletions
|
@ -3491,14 +3491,15 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
|
|||
if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
|
||||
if (hostapd_ctrl_iface_acl_add_mac(
|
||||
&hapd->conf->accept_mac,
|
||||
&hapd->conf->num_accept_mac, buf + 19))
|
||||
&hapd->conf->num_accept_mac, buf + 19) ||
|
||||
hostapd_set_acl(hapd))
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
|
||||
if (!hostapd_ctrl_iface_acl_del_mac(
|
||||
if (hostapd_ctrl_iface_acl_del_mac(
|
||||
&hapd->conf->accept_mac,
|
||||
&hapd->conf->num_accept_mac, buf + 19))
|
||||
hostapd_disassoc_accept_mac(hapd);
|
||||
else
|
||||
&hapd->conf->num_accept_mac, buf + 19) ||
|
||||
hostapd_set_acl(hapd) ||
|
||||
hostapd_disassoc_accept_mac(hapd))
|
||||
reply_len = -1;
|
||||
} else if (os_strcmp(buf + 11, "SHOW") == 0) {
|
||||
reply_len = hostapd_ctrl_iface_acl_show_mac(
|
||||
|
@ -3508,20 +3509,23 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
|
|||
hostapd_ctrl_iface_acl_clear_list(
|
||||
&hapd->conf->accept_mac,
|
||||
&hapd->conf->num_accept_mac);
|
||||
hostapd_disassoc_accept_mac(hapd);
|
||||
if (hostapd_set_acl(hapd) ||
|
||||
hostapd_disassoc_accept_mac(hapd))
|
||||
reply_len = -1;
|
||||
}
|
||||
} else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) {
|
||||
if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) {
|
||||
if (!hostapd_ctrl_iface_acl_add_mac(
|
||||
if (hostapd_ctrl_iface_acl_add_mac(
|
||||
&hapd->conf->deny_mac,
|
||||
&hapd->conf->num_deny_mac, buf + 17))
|
||||
hostapd_disassoc_deny_mac(hapd);
|
||||
else
|
||||
&hapd->conf->num_deny_mac, buf + 17) ||
|
||||
hostapd_set_acl(hapd) ||
|
||||
hostapd_disassoc_deny_mac(hapd))
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
|
||||
if (hostapd_ctrl_iface_acl_del_mac(
|
||||
&hapd->conf->deny_mac,
|
||||
&hapd->conf->num_deny_mac, buf + 17))
|
||||
&hapd->conf->num_deny_mac, buf + 17) ||
|
||||
hostapd_set_acl(hapd))
|
||||
reply_len = -1;
|
||||
} else if (os_strcmp(buf + 9, "SHOW") == 0) {
|
||||
reply_len = hostapd_ctrl_iface_acl_show_mac(
|
||||
|
@ -3531,6 +3535,8 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd,
|
|||
hostapd_ctrl_iface_acl_clear_list(
|
||||
&hapd->conf->deny_mac,
|
||||
&hapd->conf->num_deny_mac);
|
||||
if (hostapd_set_acl(hapd))
|
||||
reply_len = -1;
|
||||
}
|
||||
#ifdef CONFIG_DPP
|
||||
} else if (os_strncmp(buf, "DPP_QR_CODE ", 12) == 0) {
|
||||
|
|
|
@ -1734,6 +1734,19 @@ int ap_ctrl_iface_disassoc_accept_mac(struct wpa_supplicant *wpa_s)
|
|||
return hostapd_disassoc_accept_mac(hapd);
|
||||
}
|
||||
|
||||
|
||||
int ap_ctrl_iface_set_acl(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
struct hostapd_data *hapd;
|
||||
|
||||
if (wpa_s->ap_iface)
|
||||
hapd = wpa_s->ap_iface->bss[0];
|
||||
else
|
||||
return -1;
|
||||
|
||||
return hostapd_set_acl(hapd);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_CTRL_IFACE */
|
||||
|
||||
|
||||
|
|
|
@ -55,6 +55,7 @@ void ap_ctrl_iface_acl_clear_list(struct wpa_supplicant *wpa_s,
|
|||
enum macaddr_acl acl_type);
|
||||
int ap_ctrl_iface_disassoc_deny_mac(struct wpa_supplicant *wpa_s);
|
||||
int ap_ctrl_iface_disassoc_accept_mac(struct wpa_supplicant *wpa_s);
|
||||
int ap_ctrl_iface_set_acl(struct wpa_supplicant *wpa_s);
|
||||
void ap_tx_status(void *ctx, const u8 *addr,
|
||||
const u8 *buf, size_t len, int ack);
|
||||
void ap_eapol_tx_status(void *ctx, const u8 *dst,
|
||||
|
|
|
@ -12026,12 +12026,14 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
|||
if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
|
||||
if (ap_ctrl_iface_acl_add_mac(wpa_s,
|
||||
DENY_UNLESS_ACCEPTED,
|
||||
buf + 19))
|
||||
buf + 19) ||
|
||||
ap_ctrl_iface_set_acl(wpa_s))
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
|
||||
if (ap_ctrl_iface_acl_del_mac(wpa_s,
|
||||
DENY_UNLESS_ACCEPTED,
|
||||
buf + 19) ||
|
||||
ap_ctrl_iface_set_acl(wpa_s) ||
|
||||
ap_ctrl_iface_disassoc_accept_mac(wpa_s))
|
||||
reply_len = -1;
|
||||
} else if (os_strcmp(buf + 11, "SHOW") == 0) {
|
||||
|
@ -12041,7 +12043,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
|||
} else if (os_strcmp(buf + 11, "CLEAR") == 0) {
|
||||
ap_ctrl_iface_acl_clear_list(wpa_s,
|
||||
DENY_UNLESS_ACCEPTED);
|
||||
if (ap_ctrl_iface_disassoc_accept_mac(wpa_s))
|
||||
if (ap_ctrl_iface_set_acl(wpa_s) ||
|
||||
ap_ctrl_iface_disassoc_accept_mac(wpa_s))
|
||||
reply_len = -1;
|
||||
} else {
|
||||
reply_len = -1;
|
||||
|
@ -12051,12 +12054,14 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
|||
if (ap_ctrl_iface_acl_add_mac(wpa_s,
|
||||
ACCEPT_UNLESS_DENIED,
|
||||
buf + 17) ||
|
||||
ap_ctrl_iface_set_acl(wpa_s) ||
|
||||
ap_ctrl_iface_disassoc_deny_mac(wpa_s))
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
|
||||
if (ap_ctrl_iface_acl_del_mac(wpa_s,
|
||||
ACCEPT_UNLESS_DENIED,
|
||||
buf + 17))
|
||||
buf + 17) ||
|
||||
ap_ctrl_iface_set_acl(wpa_s))
|
||||
reply_len = -1;
|
||||
} else if (os_strcmp(buf + 9, "SHOW") == 0) {
|
||||
reply_len = ap_ctrl_iface_acl_show_mac(
|
||||
|
@ -12064,6 +12069,8 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
|||
} else if (os_strcmp(buf + 9, "CLEAR") == 0) {
|
||||
ap_ctrl_iface_acl_clear_list(wpa_s,
|
||||
ACCEPT_UNLESS_DENIED);
|
||||
if (ap_ctrl_iface_set_acl(wpa_s))
|
||||
reply_len = -1;
|
||||
} else {
|
||||
reply_len = -1;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue