CHROMIUM: mesh: Dynamic MAC ACL management over control interface
Extend support to modify MAC ACL and displayed it through
new control interface
commands:
ACCEPT_ACL <subcmd> [argument]
DENY_ACL <subcmd> [argument]
subcmd: ADD_MAC <addr> |DEL_MAC <addr>|SHOW|CLEAR
BUG=b:168663866
TEST=Brought mesh interface, connected mesh peers and validated the wpa_cli command
Change-Id: I6759997c9e9d1c3b141ab732f563f3767ad91b95
Signed-off-by: Tamizh Chelvam <tamizhr@codeaurora.org>
Signed-off-by: Tamizh Raja <tamizhr@qualcomm.corp-partner.google.com>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/third_party/hostap/+/2336480
Reviewed-by: Julan Hsu <julanhsu@google.com>
Reviewed-by: Srinivasa duvvuri <sduvvuri@google.com>
Commit-Queue: Srinivasa duvvuri <sduvvuri@google.com>
Tested-by: DHEERAJ KANIYALA MELINAPANJA <dmelinapanja@google.com>
diff --git a/wpa_supplicant/ap.c b/wpa_supplicant/ap.c
index 6b479c8..3e756da 100644
--- a/wpa_supplicant/ap.c
+++ b/wpa_supplicant/ap.c
@@ -7,6 +7,8 @@
* See README for more details.
*/
+#include <stdbool.h>
+
#include "utils/includes.h"
#include "utils/common.h"
@@ -1386,6 +1388,72 @@
}
#endif /* NEED_AP_MLME */
+#ifdef CONFIG_MESH
+
+int wpas_ap_acl_del_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept)
+{
+ struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
+
+ if (accept) {
+ if (!hostapd_ctrl_iface_acl_del_mac(&hapd->conf->accept_mac,
+ &hapd->conf->num_accept_mac,
+ buf))
+ if (hostapd_disassoc_accept_mac(hapd))
+ return 1;
+ }
+
+ return hostapd_ctrl_iface_acl_del_mac(&hapd->conf->deny_mac,
+ &hapd->conf->num_deny_mac,
+ buf);
+}
+
+int wpas_ap_acl_add_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept)
+{
+ struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
+
+ if (accept) {
+ return hostapd_ctrl_iface_acl_add_mac(&hapd->conf->accept_mac,
+ &hapd->conf->num_accept_mac,
+ buf);
+ } else {
+ if (!hostapd_ctrl_iface_acl_add_mac(&hapd->conf->deny_mac,
+ &hapd->conf->num_deny_mac, buf)) {
+ if (hostapd_disassoc_deny_mac(hapd))
+ return 1;
+ return 0;
+ }
+ }
+
+ return -1;
+}
+
+int wpas_ap_acl_show_mac(struct wpa_supplicant *wpa_s, char *reply,
+ const int reply_size, bool accept)
+{
+ struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
+
+ if (accept)
+ return hostapd_ctrl_iface_acl_show_mac(
+ hapd->conf->accept_mac,
+ hapd->conf->num_accept_mac,
+ reply, reply_size);
+
+ return hostapd_ctrl_iface_acl_show_mac(
+ hapd->conf->deny_mac,
+ hapd->conf->num_deny_mac,
+ reply, reply_size);
+}
+
+void wpas_ap_deny_acl_clear_list(struct wpa_supplicant *wpa_s)
+{
+ struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
+
+ return hostapd_ctrl_iface_acl_clear_list(&hapd->conf->deny_mac,
+ &hapd->conf->num_deny_mac);
+}
+
+#endif /* CONFIG_MESH */
+
void ap_periodic(struct wpa_supplicant *wpa_s)
{
diff --git a/wpa_supplicant/ap.h b/wpa_supplicant/ap.h
index 2b8a1d4..33cc4ec 100644
--- a/wpa_supplicant/ap.h
+++ b/wpa_supplicant/ap.h
@@ -94,5 +94,10 @@
struct dfs_event *radar);
void ap_periodic(struct wpa_supplicant *wpa_s);
+int wpas_ap_acl_del_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept);
+int wpas_ap_acl_add_mac(struct wpa_supplicant *wpa_s, char *buf, bool accept);
+int wpas_ap_acl_show_mac(struct wpa_supplicant *wpa_s, char *reply,
+ const int reply_size, bool accept);
+void wpas_ap_deny_acl_clear_list(struct wpa_supplicant *wpa_s);
#endif /* AP_H */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index ba9ae0a..265fdee 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -6,6 +6,8 @@
* See README for more details.
*/
+#include <stdbool.h>
+
#include "utils/includes.h"
#ifdef CONFIG_TESTING_OPTIONS
#include <net/ethernet.h>
@@ -2715,6 +2717,18 @@
return wpas_mesh_peer_remove(wpa_s, addr);
}
+static void wpas_ap_accept_acl_clear_list(struct wpa_supplicant *wpa_s)
+{
+ struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
+ struct mac_acl_entry **acl = &hapd->conf->accept_mac;
+ int *num = &hapd->conf->num_accept_mac;
+
+ while (*num) {
+ wpas_mesh_peer_remove(wpa_s, (*acl)[0].addr);
+ hostapd_remove_acl_mac(acl, num, (*acl)[0].addr);
+ }
+}
+
#endif /* CONFIG_MESH */
@@ -8302,6 +8316,38 @@
reply_len = -1;
#endif /* CONFIG_IBSS_RSN */
#ifdef CONFIG_MESH
+ } else if (os_strncmp(buf, "ACCEPT_ACL ", 11) == 0) {
+ if (os_strncmp(buf + 11, "ADD_MAC ", 8) == 0) {
+ wpas_ap_acl_add_mac(wpa_s, buf + 19, 1);
+ } else if (os_strncmp((buf + 11), "DEL_MAC ", 8) == 0) {
+ reply_len = wpas_ap_acl_del_mac(wpa_s, buf + 19, 1);
+ if (reply_len == 1)
+ wpa_supplicant_ctrl_iface_mesh_peer_remove(
+ wpa_s, buf + 19);
+ else if (reply_len)
+ reply_len = -1;
+ } else if (os_strcmp(buf + 11, "SHOW") == 0) {
+ reply_len = wpas_ap_acl_show_mac(wpa_s, reply,
+ reply_size, 1);
+ } else if (os_strcmp(buf + 11, "CLEAR") == 0) {
+ wpas_ap_accept_acl_clear_list(wpa_s);
+ }
+ } else if (os_strncmp(buf, "DENY_ACL ", 9) == 0) {
+ if (os_strncmp(buf + 9, "ADD_MAC ", 8) == 0) {
+ reply_len = wpas_ap_acl_add_mac(wpa_s, buf + 17, 0);
+ if (reply_len == 1)
+ wpa_supplicant_ctrl_iface_mesh_peer_remove(
+ wpa_s, buf + 17);
+ else if (reply_len)
+ reply_len = -1;
+ } else if (os_strncmp(buf + 9, "DEL_MAC ", 8) == 0) {
+ wpas_ap_acl_del_mac(wpa_s, buf + 17, 0);
+ } else if (os_strcmp(buf + 9, "SHOW") == 0) {
+ reply_len = wpas_ap_acl_show_mac(wpa_s, reply,
+ reply_size, 0);
+ } else if (os_strcmp(buf + 9, "CLEAR") == 0) {
+ wpas_ap_deny_acl_clear_list(wpa_s);
+ }
} else if (os_strncmp(buf, "MESH_INTERFACE_ADD ", 19) == 0) {
reply_len = wpa_supplicant_ctrl_iface_mesh_interface_add(
wpa_s, buf + 19, reply, reply_size);
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index ec83d1c..d7e7693 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -6,6 +6,8 @@
* See README for more details.
*/
+#include <stdbool.h>
+
#include "includes.h"
#include "common.h"
diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c
index 677ae39..ad89631 100644
--- a/wpa_supplicant/mesh.c
+++ b/wpa_supplicant/mesh.c
@@ -6,6 +6,8 @@
* See README for more details.
*/
+#include <stdbool.h>
+
#include "utils/includes.h"
#include "utils/common.h"
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index a31517e..7a4366b 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -2029,6 +2029,19 @@
return wpa_cli_cmd(ctrl, "MESH_PEER_REMOVE", 1, argc, argv);
}
+static int wpa_cli_cmd_accept_macacl(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "ACCEPT_ACL", 1, argc, argv);
+}
+
+
+static int wpa_cli_cmd_deny_macacl(struct wpa_ctrl *ctrl, int argc,
+ char *argv[])
+{
+ return wpa_cli_cmd(ctrl, "DENY_ACL", 1, argc, argv);
+}
+
#endif /* CONFIG_MESH */
@@ -3167,6 +3180,12 @@
{ "mesh_peer_remove", wpa_cli_cmd_mesh_peer_remove, NULL,
cli_cmd_flag_none,
"<addr> = Remove a mesh peer" },
+ { "accept_acl", wpa_cli_cmd_accept_macacl, NULL,
+ cli_cmd_flag_none,
+ "=Add/Delete/Show/Clear accept MAC ACL" },
+ { "deny_acl", wpa_cli_cmd_deny_macacl, NULL,
+ cli_cmd_flag_none,
+ "=Add/Delete/Show/Clear deny MAC ACL" },
#endif /* CONFIG_MESH */
#ifdef CONFIG_P2P
{ "p2p_find", wpa_cli_cmd_p2p_find, wpa_cli_complete_p2p_find,
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 3862e16..767a13b 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -10,6 +10,8 @@
* functions for managing network connections.
*/
+#include <stdbool.h>
+
#include "includes.h"
#include "common.h"
@@ -43,7 +45,6 @@
#include "ibss_rsn.h"
#include "sme.h"
#include "gas_query.h"
-#include "ap.h"
#include "p2p_supplicant.h"
#include "wifi_display.h"
#include "notify.h"
@@ -56,6 +57,7 @@
#include "wnm_sta.h"
#include "wpas_kay.h"
#include "mesh.h"
+#include "ap.h"
const char *const wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c
index 60f761c..88129a2 100644
--- a/wpa_supplicant/wps_supplicant.c
+++ b/wpa_supplicant/wps_supplicant.c
@@ -6,6 +6,8 @@
* See README for more details.
*/
+#include <stdbool.h>
+
#include "includes.h"
#include "common.h"
@@ -21,6 +23,7 @@
#include "eap_peer/eap.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "rsn_supp/wpa.h"
+#include "ap/hostapd.h"
#include "wps/wps_attr_parse.h"
#include "config.h"
#include "wpa_supplicant_i.h"
