diff options
author | sam <sam@FreeBSD.org> | 2005-08-13 17:38:09 +0000 |
---|---|---|
committer | sam <sam@FreeBSD.org> | 2005-08-13 17:38:09 +0000 |
commit | 4cfaf1334b5988174125ec9aa3e33c2562a805df (patch) | |
tree | e914446395beb4f97736a0daaa33c6a63cf36ca9 /sbin | |
parent | 8449b25a22300e0bf7d5c95bb9d238ebbeb2996f (diff) | |
download | FreeBSD-src-4cfaf1334b5988174125ec9aa3e33c2562a805df.zip FreeBSD-src-4cfaf1334b5988174125ec9aa3e33c2562a805df.tar.gz |
add list mac and mac:kick support
Submitted by: Michal Mertl (original version)
MFC after: 2 weeks
Diffstat (limited to 'sbin')
-rw-r--r-- | sbin/ifconfig/ifconfig.8 | 23 | ||||
-rw-r--r-- | sbin/ifconfig/ifieee80211.c | 85 |
2 files changed, 98 insertions, 10 deletions
diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index 045e2f1..7ff7d0f 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -728,9 +728,17 @@ modes supported. Display the list of channels available for use. .Dq Li list freq is another way of requesting this information. -.\" not yet implemented -.\".It Cm list Cm mac -.\"Display the current MAC Access Control List state. +.It Cm list Cm mac +Display the current MAC Access Control List state. +Each address is prefixed with a character that indicates the +current policy applied to it: +.Dq Li + +indicates the address is allowed access, +.Dq Li - +indicates the address is denied access, +.Dq Li * +indicates the address is present but the current policy open +(so the acl is not consulted). .It Cm list Cm scan Display the access points and/or ad-hoc neighbors located in the vicinity. @@ -1038,11 +1046,10 @@ Delete the specified MAC address from the database. .It Cm mac:deny Set the ACL policy to deny association only by stations registered in the database. -.\" XXX not yet implemented -.\".It Cm mac:kick -.\"Force the specified station to be deauthenticated. -.\"This typically is done to block a station after updating the -.\"address database. +.It Cm mac:kick +Force the specified station to be deauthenticated. +This typically is done to block a station after updating the +address database. .It Cm mac:open Set the ACL policy to allow all stations to associate. .It Cm mac:flush diff --git a/sbin/ifconfig/ifieee80211.c b/sbin/ifconfig/ifieee80211.c index a66fdd5..8430fa1 100644 --- a/sbin/ifconfig/ifieee80211.c +++ b/sbin/ifconfig/ifieee80211.c @@ -624,6 +624,30 @@ DECL_CMD_FUNC(set80211delmac, val, d) } static +DECL_CMD_FUNC(set80211kickmac, val, d) +{ + char *temp; + struct sockaddr_dl sdl; + struct ieee80211req_mlme mlme; + + temp = malloc(strlen(val) + 1); + if (temp == NULL) + errx(1, "malloc failed"); + temp[0] = ':'; + strcpy(temp + 1, val); + sdl.sdl_len = sizeof(sdl); + link_addr(temp, &sdl); + free(temp); + if (sdl.sdl_alen != IEEE80211_ADDR_LEN) + errx(1, "malformed link-level address"); + memset(&mlme, 0, sizeof(mlme)); + mlme.im_op = IEEE80211_MLME_DEAUTH; + mlme.im_reason = IEEE80211_REASON_AUTH_EXPIRE; + memcpy(mlme.im_macaddr, LLADDR(&sdl), IEEE80211_ADDR_LEN); + set80211(s, IEEE80211_IOC_MLME, 0, sizeof(mlme), (u_int8_t *) &mlme); +} + +static DECL_CMD_FUNC(set80211maccmd, val, d) { set80211(s, IEEE80211_IOC_MACCMD, d, 0, NULL); @@ -1110,6 +1134,63 @@ again: } } +static void +list_mac(int s) +{ + struct ieee80211req ireq; + struct ieee80211req_maclist *acllist; + int i, nacls, policy; + char c; + + (void) memset(&ireq, 0, sizeof(ireq)); + (void) strncpy(ireq.i_name, name, sizeof(ireq.i_name)); /* XXX ?? */ + ireq.i_type = IEEE80211_IOC_MACCMD; + ireq.i_val = IEEE80211_MACCMD_POLICY; + if (ioctl(s, SIOCG80211, &ireq) < 0) { + if (errno == EINVAL) { + printf("No acl policy loaded\n"); + return; + } + err(1, "unable to get mac policy"); + } + policy = ireq.i_val; + + ireq.i_val = IEEE80211_MACCMD_LIST; + ireq.i_len = 0; + if (ioctl(s, SIOCG80211, &ireq) < 0) + err(1, "unable to get mac acl list size"); + if (ireq.i_len == 0) /* NB: no acls */ + return; + + ireq.i_data = malloc(ireq.i_len); + if (ireq.i_data == NULL) + err(1, "out of memory for acl list"); + + if (ioctl(s, SIOCG80211, &ireq) < 0) + err(1, "unable to get mac acl list"); + if (policy == IEEE80211_MACCMD_POLICY_OPEN) { + if (verbose) + printf("policy: open\n"); + c = '*'; + } else if (policy == IEEE80211_MACCMD_POLICY_ALLOW) { + if (verbose) + printf("policy: allow\n"); + c = '+'; + } else if (policy == IEEE80211_MACCMD_POLICY_DENY) { + if (verbose) + printf("policy: deny\n"); + c = '-'; + } else { + printf("policy: unknown (%u)\n", policy); + c = '?'; + } + nacls = ireq.i_len / sizeof(*acllist); + acllist = (struct ieee80211req_maclist *) ireq.i_data; + for (i = 0; i < nacls; i++) + printf("%c%s\n", c, ether_ntoa( + (const struct ether_addr *) acllist[i].ml_macaddr)); +} + static DECL_CMD_FUNC(set80211list, arg, d) { @@ -1129,6 +1210,8 @@ DECL_CMD_FUNC(set80211list, arg, d) list_capabilities(s); else if (iseq(arg, "wme")) list_wme(s); + else if (iseq(arg, "mac")) + list_mac(s); else errx(1, "Don't know how to list %s for %s", arg, name); #undef iseq @@ -1824,9 +1907,7 @@ static struct cmd ieee80211_cmds[] = { DEF_CMD("mac:detach", IEEE80211_MACCMD_DETACH, set80211maccmd), DEF_CMD_ARG("mac:add", set80211addmac), DEF_CMD_ARG("mac:del", set80211delmac), -#if 0 DEF_CMD_ARG("mac:kick", set80211kickmac), -#endif DEF_CMD("pureg", 1, set80211pureg), DEF_CMD("-pureg", 0, set80211pureg), DEF_CMD_ARG("fragthreshold", set80211fragthreshold), |