summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorReyk Floeter <reyk@cvs.openbsd.org>2005-11-23 20:40:39 +0000
committerReyk Floeter <reyk@cvs.openbsd.org>2005-11-23 20:40:39 +0000
commitb089df2bdf03fb1961826192211dd1326197a66c (patch)
treea9af344b71fef0f4825b0fef10123d5809edd062
parentbdf2273a7b1402d809927a70ce5fa275033f8c59 (diff)
add optional interface rule for event rules
-rw-r--r--usr.sbin/hostapd/handle.c13
-rw-r--r--usr.sbin/hostapd/hostapd.conf.531
-rw-r--r--usr.sbin/hostapd/hostapd.h6
-rw-r--r--usr.sbin/hostapd/parse.y23
4 files changed, 63 insertions, 10 deletions
diff --git a/usr.sbin/hostapd/handle.c b/usr.sbin/hostapd/handle.c
index 8a1f71197de..656b3beeffb 100644
--- a/usr.sbin/hostapd/handle.c
+++ b/usr.sbin/hostapd/handle.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: handle.c,v 1.5 2005/11/20 12:02:04 reyk Exp $ */
+/* $OpenBSD: handle.c,v 1.6 2005/11/23 20:40:38 reyk Exp $ */
/*
* Copyright (c) 2005 Reyk Floeter <reyk@vantronix.net>
@@ -148,6 +148,17 @@ hostapd_handle_frame(struct hostapd_apme *apme, struct hostapd_frame *frame,
return (0);
}
+ if (flags & HOSTAPD_FRAME_F_APME_M) {
+ if (frame->f_apme == NULL)
+ return (0);
+ /* Match hostap interface */
+ if ((flags & HOSTAPD_FRAME_F_APME &&
+ apme == frame->f_apme) ||
+ (flags & HOSTAPD_FRAME_F_APME_N &&
+ apme != frame->f_apme))
+ flags &= ~HOSTAPD_FRAME_F_APME_M;
+ }
+
if (flags & HOSTAPD_FRAME_F_TYPE) {
/* type $type */
if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
diff --git a/usr.sbin/hostapd/hostapd.conf.5 b/usr.sbin/hostapd/hostapd.conf.5
index 76b1c9fd7d6..8505e11521c 100644
--- a/usr.sbin/hostapd/hostapd.conf.5
+++ b/usr.sbin/hostapd/hostapd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: hostapd.conf.5,v 1.20 2005/11/20 12:02:04 reyk Exp $
+.\" $OpenBSD: hostapd.conf.5,v 1.21 2005/11/23 20:40:38 reyk Exp $
.\"
.\" Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
.\"
@@ -168,17 +168,25 @@ All
event rules are single line statements beginning with
the mandatory
.Ic hostap handle
-keywords and optional rule options, frame matching,
+keywords and optional rule options, interface, frame matching,
a specified action, a limit, and a minimal rate:
.Bd -filled -offset indent
.Ic hostap handle
.Op Ar option
+.Op Ar interface
.Op Ar frame
.Op Ar action
.Op Ar limit
.Op Ar rate
.Ed
.Pp
+Some rule statements support the optional keyword
+.Ic not ,
+also represented by the
+.Ic !\&
+operator,
+for inverse matching.
+.Pp
The optional parts are defined below.
.Ss Rule Option
The rule
@@ -198,6 +206,21 @@ The keyword
.Ic skip
additionally skips any further IAPP processing of the frame,
which is normally done after handling the event rules.
+.Ss Rule Interface
+The rule
+.Ar interface
+specifies the hostap interface the rule is matched on.
+The available interface list is specified by the global
+.Ic set hostap interface
+configuration setting.
+.Bd -filled -offset indent
+.Ic on
+.Op Ic not
+.Ar interface
+.Ed
+.Pp
+If not given,
+the event rule is matched on all available hostap interfaces.
.Ss Rule Frame
The
.Ar frame
@@ -569,8 +592,8 @@ hostap handle skip type management subtype beacon bssid <pentest> \e
with frame type management subtype auth \e
from random to &bssid bssid &bssid
-# Re-inject a received IEEE 802.11 frame
-hostap handle type management subtype auth with resend
+# Re-inject a received IEEE 802.11 frame on the interface ath0
+hostap handle on ath0 type management subtype auth with resend
# Remove a blacklisted node from the kernel node tree
hostap handle type management subtype auth from <blacklist> \e
diff --git a/usr.sbin/hostapd/hostapd.h b/usr.sbin/hostapd/hostapd.h
index 57a2ac800f0..00d8b7967ca 100644
--- a/usr.sbin/hostapd/hostapd.h
+++ b/usr.sbin/hostapd/hostapd.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: hostapd.h,v 1.9 2005/11/20 12:02:04 reyk Exp $ */
+/* $OpenBSD: hostapd.h,v 1.10 2005/11/23 20:40:38 reyk Exp $ */
/*
* Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
@@ -196,6 +196,9 @@ struct hostapd_frame {
#define HOSTAPD_FRAME_F_BSSID_N 0x00002000
#define HOSTAPD_FRAME_F_BSSID_TABLE 0x00004000
#define HOSTAPD_FRAME_F_BSSID_M 0x00007000
+#define HOSTAPD_FRAME_F_APME 0x00008000
+#define HOSTAPD_FRAME_F_APME_N 0x00010000
+#define HOSTAPD_FRAME_F_APME_M 0x00018000
#define HOSTAPD_FRAME_F_M 0x0fffffff
#define HOSTAPD_FRAME_F_RET_OK 0x00000000
#define HOSTAPD_FRAME_F_RET_QUICK 0x10000000
@@ -210,6 +213,7 @@ struct hostapd_frame {
(HOSTAPD_FRAME_F_FROM_N | HOSTAPD_FRAME_F_TO_N | \
HOSTAPD_FRAME_F_BSSID_N)
+ struct hostapd_apme *f_apme;
struct hostapd_table *f_from, *f_to, *f_bssid;
struct timeval f_limit, f_then, f_last;
long f_rate, f_rate_intval;
diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y
index 19a1e941afa..9ef593f411e 100644
--- a/usr.sbin/hostapd/parse.y
+++ b/usr.sbin/hostapd/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.13 2005/11/20 12:02:04 reyk Exp $ */
+/* $OpenBSD: parse.y,v 1.14 2005/11/23 20:40:38 reyk Exp $ */
/*
* Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
@@ -123,7 +123,7 @@ u_int negative;
%token ERROR CONST TABLE NODE DELETE ADD LOG VERBOSE LIMIT QUICK SKIP
%token REASON UNSPECIFIED EXPIRE LEAVE ASSOC TOOMANY NOT AUTHED ASSOCED
%token RESERVED RSN REQUIRED INCONSISTENT IE INVALID MIC FAILURE OPEN
-%token ADDRESS PORT
+%token ADDRESS PORT ON
%token <v.string> STRING
%token <v.val> VALUE
%type <v.val> number
@@ -223,12 +223,27 @@ hostapiface : STRING
}
;
+hostapmatch : /* empty */
+ | ON STRING
+ {
+ if ((frame.f_apme =
+ hostapd_apme_lookup(&hostapd_cfg, $2)) == NULL) {
+ yyerror("undefined hostap interface");
+ free($2);
+ YYERROR;
+ }
+ free($2);
+
+ HOSTAPD_MATCH(APME);
+ }
+ ;
+
event : HOSTAP HANDLE
{
bzero(&frame, sizeof(struct hostapd_frame));
/* IEEE 802.11 frame to match */
frame_ieee80211 = &frame.f_frame;
- } eventopt frmmatch {
+ } eventopt hostapmatch frmmatch {
/* IEEE 802.11 raw frame to send as an action */
frame_ieee80211 = &frame.f_action_data.a_frame;
} action limit rate {
@@ -947,6 +962,7 @@ lookup(char *token)
{ "node", NODE },
{ "not", NOT },
{ "nwid", NWID },
+ { "on", ON },
{ "open", OPEN },
{ "passive", PASSIVE },
{ "pcap", PCAP },
@@ -1314,4 +1330,3 @@ yyerror(const char *fmt, ...)
return (0);
}
-