diff options
author | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-11-23 20:40:39 +0000 |
---|---|---|
committer | Reyk Floeter <reyk@cvs.openbsd.org> | 2005-11-23 20:40:39 +0000 |
commit | b089df2bdf03fb1961826192211dd1326197a66c (patch) | |
tree | a9af344b71fef0f4825b0fef10123d5809edd062 | |
parent | bdf2273a7b1402d809927a70ce5fa275033f8c59 (diff) |
add optional interface rule for event rules
-rw-r--r-- | usr.sbin/hostapd/handle.c | 13 | ||||
-rw-r--r-- | usr.sbin/hostapd/hostapd.conf.5 | 31 | ||||
-rw-r--r-- | usr.sbin/hostapd/hostapd.h | 6 | ||||
-rw-r--r-- | usr.sbin/hostapd/parse.y | 23 |
4 files changed, 63 insertions, 10 deletions
diff --git a/usr.sbin/hostapd/handle.c b/usr.sbin/hostapd/handle.c index 8a1f71197de..656b3beeffb 100644 --- a/usr.sbin/hostapd/handle.c +++ b/usr.sbin/hostapd/handle.c @@ -1,4 +1,4 @@ -/* $OpenBSD: handle.c,v 1.5 2005/11/20 12:02:04 reyk Exp $ */ +/* $OpenBSD: handle.c,v 1.6 2005/11/23 20:40:38 reyk Exp $ */ /* * Copyright (c) 2005 Reyk Floeter <reyk@vantronix.net> @@ -148,6 +148,17 @@ hostapd_handle_frame(struct hostapd_apme *apme, struct hostapd_frame *frame, return (0); } + if (flags & HOSTAPD_FRAME_F_APME_M) { + if (frame->f_apme == NULL) + return (0); + /* Match hostap interface */ + if ((flags & HOSTAPD_FRAME_F_APME && + apme == frame->f_apme) || + (flags & HOSTAPD_FRAME_F_APME_N && + apme != frame->f_apme)) + flags &= ~HOSTAPD_FRAME_F_APME_M; + } + if (flags & HOSTAPD_FRAME_F_TYPE) { /* type $type */ if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) == diff --git a/usr.sbin/hostapd/hostapd.conf.5 b/usr.sbin/hostapd/hostapd.conf.5 index 76b1c9fd7d6..8505e11521c 100644 --- a/usr.sbin/hostapd/hostapd.conf.5 +++ b/usr.sbin/hostapd/hostapd.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: hostapd.conf.5,v 1.20 2005/11/20 12:02:04 reyk Exp $ +.\" $OpenBSD: hostapd.conf.5,v 1.21 2005/11/23 20:40:38 reyk Exp $ .\" .\" Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net> .\" @@ -168,17 +168,25 @@ All event rules are single line statements beginning with the mandatory .Ic hostap handle -keywords and optional rule options, frame matching, +keywords and optional rule options, interface, frame matching, a specified action, a limit, and a minimal rate: .Bd -filled -offset indent .Ic hostap handle .Op Ar option +.Op Ar interface .Op Ar frame .Op Ar action .Op Ar limit .Op Ar rate .Ed .Pp +Some rule statements support the optional keyword +.Ic not , +also represented by the +.Ic !\& +operator, +for inverse matching. +.Pp The optional parts are defined below. .Ss Rule Option The rule @@ -198,6 +206,21 @@ The keyword .Ic skip additionally skips any further IAPP processing of the frame, which is normally done after handling the event rules. +.Ss Rule Interface +The rule +.Ar interface +specifies the hostap interface the rule is matched on. +The available interface list is specified by the global +.Ic set hostap interface +configuration setting. +.Bd -filled -offset indent +.Ic on +.Op Ic not +.Ar interface +.Ed +.Pp +If not given, +the event rule is matched on all available hostap interfaces. .Ss Rule Frame The .Ar frame @@ -569,8 +592,8 @@ hostap handle skip type management subtype beacon bssid <pentest> \e with frame type management subtype auth \e from random to &bssid bssid &bssid -# Re-inject a received IEEE 802.11 frame -hostap handle type management subtype auth with resend +# Re-inject a received IEEE 802.11 frame on the interface ath0 +hostap handle on ath0 type management subtype auth with resend # Remove a blacklisted node from the kernel node tree hostap handle type management subtype auth from <blacklist> \e diff --git a/usr.sbin/hostapd/hostapd.h b/usr.sbin/hostapd/hostapd.h index 57a2ac800f0..00d8b7967ca 100644 --- a/usr.sbin/hostapd/hostapd.h +++ b/usr.sbin/hostapd/hostapd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: hostapd.h,v 1.9 2005/11/20 12:02:04 reyk Exp $ */ +/* $OpenBSD: hostapd.h,v 1.10 2005/11/23 20:40:38 reyk Exp $ */ /* * Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net> @@ -196,6 +196,9 @@ struct hostapd_frame { #define HOSTAPD_FRAME_F_BSSID_N 0x00002000 #define HOSTAPD_FRAME_F_BSSID_TABLE 0x00004000 #define HOSTAPD_FRAME_F_BSSID_M 0x00007000 +#define HOSTAPD_FRAME_F_APME 0x00008000 +#define HOSTAPD_FRAME_F_APME_N 0x00010000 +#define HOSTAPD_FRAME_F_APME_M 0x00018000 #define HOSTAPD_FRAME_F_M 0x0fffffff #define HOSTAPD_FRAME_F_RET_OK 0x00000000 #define HOSTAPD_FRAME_F_RET_QUICK 0x10000000 @@ -210,6 +213,7 @@ struct hostapd_frame { (HOSTAPD_FRAME_F_FROM_N | HOSTAPD_FRAME_F_TO_N | \ HOSTAPD_FRAME_F_BSSID_N) + struct hostapd_apme *f_apme; struct hostapd_table *f_from, *f_to, *f_bssid; struct timeval f_limit, f_then, f_last; long f_rate, f_rate_intval; diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y index 19a1e941afa..9ef593f411e 100644 --- a/usr.sbin/hostapd/parse.y +++ b/usr.sbin/hostapd/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.13 2005/11/20 12:02:04 reyk Exp $ */ +/* $OpenBSD: parse.y,v 1.14 2005/11/23 20:40:38 reyk Exp $ */ /* * Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net> @@ -123,7 +123,7 @@ u_int negative; %token ERROR CONST TABLE NODE DELETE ADD LOG VERBOSE LIMIT QUICK SKIP %token REASON UNSPECIFIED EXPIRE LEAVE ASSOC TOOMANY NOT AUTHED ASSOCED %token RESERVED RSN REQUIRED INCONSISTENT IE INVALID MIC FAILURE OPEN -%token ADDRESS PORT +%token ADDRESS PORT ON %token <v.string> STRING %token <v.val> VALUE %type <v.val> number @@ -223,12 +223,27 @@ hostapiface : STRING } ; +hostapmatch : /* empty */ + | ON STRING + { + if ((frame.f_apme = + hostapd_apme_lookup(&hostapd_cfg, $2)) == NULL) { + yyerror("undefined hostap interface"); + free($2); + YYERROR; + } + free($2); + + HOSTAPD_MATCH(APME); + } + ; + event : HOSTAP HANDLE { bzero(&frame, sizeof(struct hostapd_frame)); /* IEEE 802.11 frame to match */ frame_ieee80211 = &frame.f_frame; - } eventopt frmmatch { + } eventopt hostapmatch frmmatch { /* IEEE 802.11 raw frame to send as an action */ frame_ieee80211 = &frame.f_action_data.a_frame; } action limit rate { @@ -947,6 +962,7 @@ lookup(char *token) { "node", NODE }, { "not", NOT }, { "nwid", NWID }, + { "on", ON }, { "open", OPEN }, { "passive", PASSIVE }, { "pcap", PCAP }, @@ -1314,4 +1330,3 @@ yyerror(const char *fmt, ...) return (0); } - |