1 /*-
2  * SPDX-License-Identifier: BSD-2-Clause
4  * Copyright (c) 2004-2008 Sam Leffler, Errno Consulting
30  * IEEE 802.11 MAC ACL support.
60 	ACL_POLICY_OPEN		= 0,	/* open, don't check ACL's */
61 	ACL_POLICY_ALLOW	= 1,	/* allow traffic from MAC */
62 	ACL_POLICY_DENY		= 2,	/* deny traffic from MAC */
82 	TAILQ_HEAD(, acl)	as_list;	/* list of all ACL's */
89 	(((const uint8_t *)(addr))[IEEE80211_ADDR_LEN - 1] % ACL_HASHSIZE)
108 	TAILQ_INIT(&as->as_list);  in acl_attach()
109 	as->as_policy = ACL_POLICY_OPEN;  in acl_attach()
110 	as->as_vap = vap;  in acl_attach()
111 	vap->iv_as = as;  in acl_attach()
119 	struct aclstate *as = vap->iv_as;  in acl_detach()
122 	nrefs--;			/* NB: we assume caller locking */  in acl_detach()
125 	vap->iv_as = NULL;  in acl_detach()
137 	LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) {  in _find_acl()
138 		if (IEEE80211_ADDR_EQ(acl->acl_macaddr, macaddr))  in _find_acl()
149 	TAILQ_REMOVE(&as->as_list, acl, acl_list);  in _acl_free()
152 	as->as_nacls--;  in _acl_free()
158 	struct aclstate *as = vap->iv_as;  in acl_check()
160 	switch (as->as_policy) {  in acl_check()
165 		return _find_acl(as, wh->i_addr2) != NULL;  in acl_check()
167 		return _find_acl(as, wh->i_addr2) == NULL;  in acl_check()
173 acl_add(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])  in acl_add()
175 	struct aclstate *as = vap->iv_as;  in acl_add()
183 			"ACL: add %s failed, no memory\n", ether_sprintf(mac));  in acl_add()
189 	hash = ACL_HASH(mac);  in acl_add()
190 	LIST_FOREACH(acl, &as->as_hash[hash], acl_hash) {  in acl_add()
191 		if (IEEE80211_ADDR_EQ(acl->acl_macaddr, mac)) {  in acl_add()
195 				"ACL: add %s failed, already present\n",  in acl_add()
196 				ether_sprintf(mac));  in acl_add()
200 	IEEE80211_ADDR_COPY(new->acl_macaddr, mac);  in acl_add()
201 	TAILQ_INSERT_TAIL(&as->as_list, new, acl_list);  in acl_add()
202 	LIST_INSERT_HEAD(&as->as_hash[hash], new, acl_hash);  in acl_add()
203 	as->as_nacls++;  in acl_add()
207 		"ACL: add %s\n", ether_sprintf(mac));  in acl_add()
212 acl_remove(struct ieee80211vap *vap, const uint8_t mac[IEEE80211_ADDR_LEN])  in acl_remove()
214 	struct aclstate *as = vap->iv_as;  in acl_remove()
218 	acl = _find_acl(as, mac);  in acl_remove()
224 		"ACL: remove %s%s\n", ether_sprintf(mac),  in acl_remove()
233 	struct aclstate *as = vap->iv_as;  in acl_free_all()
236 	IEEE80211_DPRINTF(vap, IEEE80211_MSG_ACL, "ACL: %s\n", "free all");  in acl_free_all()
239 	while ((acl = TAILQ_FIRST(&as->as_list)) != NULL)  in acl_free_all()
249 	struct aclstate *as = vap->iv_as;  in acl_setpolicy()
256 		as->as_policy = ACL_POLICY_OPEN;  in acl_setpolicy()
259 		as->as_policy = ACL_POLICY_ALLOW;  in acl_setpolicy()
262 		as->as_policy = ACL_POLICY_DENY;  in acl_setpolicy()
265 		as->as_policy = ACL_POLICY_RADIUS;  in acl_setpolicy()
276 	struct aclstate *as = vap->iv_as;  in acl_getpolicy()
278 	return as->as_policy;  in acl_getpolicy()
291 	struct aclstate *as = vap->iv_as;  in acl_getioctl()
297 	switch (ireq->i_val) {  in acl_getioctl()
299 		ireq->i_val = as->as_policy;  in acl_getioctl()
302 		space = as->as_nacls * IEEE80211_ADDR_LEN;  in acl_getioctl()
303 		if (ireq->i_len == 0) {  in acl_getioctl()
304 			ireq->i_len = space;	/* return required space */  in acl_getioctl()
313 		TAILQ_FOREACH(acl, &as->as_list, acl_list) {  in acl_getioctl()
314 			IEEE80211_ADDR_COPY(ap[i].ml_macaddr, acl->acl_macaddr);  in acl_getioctl()
318 		if (ireq->i_len >= space) {  in acl_getioctl()
319 			error = copyout(ap, ireq->i_data, space);  in acl_getioctl()
320 			ireq->i_len = space;  in acl_getioctl()
322 			error = copyout(ap, ireq->i_data, ireq->i_len);  in acl_getioctl()
329 static const struct ieee80211_aclator mac = {  variable
330 	.iac_name	= "mac",
342 IEEE80211_ACL_MODULE(wlan_acl, mac, 1);