WPS ER: Allow AP filtering based on IP address
wps_er_start command now takes an optional parameter that can be used to configure a filter to only allow UPnP SSDP messages from the specified IP address. In practice, this limits the WPS ER operations to a single AP and filters out all other devices in the network.
This commit is contained in:
Jouni Malinen
Jouni Malinen
parent
826fe5fec3
commit
0848668513
8 changed files with 30 additions and 8 deletions
|
|
@ -718,7 +718,8 @@ int wps_process_oob(struct wps_context *wps, struct oob_device_data *oob_dev,
|
|||
int registrar);
|
||||
int wps_attr_text(struct wpabuf *data, char *buf, char *end);
|
||||
|
||||
struct wps_er * wps_er_init(struct wps_context *wps, const char *ifname);
|
||||
struct wps_er * wps_er_init(struct wps_context *wps, const char *ifname,
|
||||
const char *filter);
|
||||
void wps_er_refresh(struct wps_er *er);
|
||||
void wps_er_deinit(struct wps_er *er, void (*cb)(void *ctx), void *ctx);
|
||||
void wps_er_set_sel_reg(struct wps_er *er, int sel_reg, u16 dev_passwd_id,
|
||||
|
|
|
|||
|
|
@ -1151,7 +1151,7 @@ static void wps_er_http_req(void *ctx, struct http_request *req)
|
|||
|
||||
|
||||
struct wps_er *
|
||||
wps_er_init(struct wps_context *wps, const char *ifname)
|
||||
wps_er_init(struct wps_context *wps, const char *ifname, const char *filter)
|
||||
{
|
||||
struct wps_er *er;
|
||||
struct in_addr addr;
|
||||
|
|
@ -1173,6 +1173,16 @@ wps_er_init(struct wps_context *wps, const char *ifname)
|
|||
return NULL;
|
||||
}
|
||||
|
||||
if (filter) {
|
||||
if (inet_aton(filter, &er->filter_addr) == 0) {
|
||||
wpa_printf(MSG_INFO, "WPS UPnP: Invalid filter "
|
||||
"address %s", filter);
|
||||
wps_er_deinit(er, NULL, NULL);
|
||||
return NULL;
|
||||
}
|
||||
wpa_printf(MSG_DEBUG, "WPS UPnP: Only accepting connections "
|
||||
"with %s", filter);
|
||||
}
|
||||
if (get_netif_info(ifname, &er->ip_addr, &er->ip_addr_text,
|
||||
er->mac_addr)) {
|
||||
wpa_printf(MSG_INFO, "WPS UPnP: Could not get IP/MAC address "
|
||||
|
|
|
|||
|
|
@ -90,6 +90,7 @@ struct wps_er {
|
|||
int deinitializing;
|
||||
void (*deinit_done_cb)(void *ctx);
|
||||
void *deinit_done_ctx;
|
||||
struct in_addr filter_addr;
|
||||
};
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -41,6 +41,9 @@ static void wps_er_ssdp_rx(int sd, void *eloop_ctx, void *sock_ctx)
|
|||
if (nread <= 0)
|
||||
return;
|
||||
buf[nread] = '\0';
|
||||
if (er->filter_addr.s_addr &&
|
||||
er->filter_addr.s_addr != addr.sin_addr.s_addr)
|
||||
return;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "WPS ER: Received SSDP from %s",
|
||||
inet_ntoa(addr.sin_addr));
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue