add optional interface rule for event rules

4 files changed, 63 insertions, 10 deletions

diff --git a/usr.sbin/hostapd/handle.c b/usr.sbin/hostapd/handle.c
index 8a1f71197de..656b3beeffb 100644
--- a/usr.sbin/hostapd/handle.c
+++ b/usr.sbin/hostapd/handle.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: handle.c,v 1.5 2005/11/20 12:02:04 reyk Exp $	*/
+/*	$OpenBSD: handle.c,v 1.6 2005/11/23 20:40:38 reyk Exp $	*/
 
 /*
  * Copyright (c) 2005 Reyk Floeter <reyk@vantronix.net>
@@ -148,6 +148,17 @@ hostapd_handle_frame(struct hostapd_apme *apme, struct hostapd_frame *frame,
 		return (0);
 	}
 
+	if (flags & HOSTAPD_FRAME_F_APME_M) {
+		if (frame->f_apme == NULL)
+			return (0);
+		/* Match hostap interface */
+		if ((flags & HOSTAPD_FRAME_F_APME &&
+		    apme == frame->f_apme) ||
+		    (flags & HOSTAPD_FRAME_F_APME_N &&
+		    apme != frame->f_apme))
+			flags &= ~HOSTAPD_FRAME_F_APME_M;
+	}
+
 	if (flags & HOSTAPD_FRAME_F_TYPE) {
 		/* type $type */
 		if ((wh->i_fc[0] & IEEE80211_FC0_TYPE_MASK) ==
diff --git a/usr.sbin/hostapd/hostapd.conf.5 b/usr.sbin/hostapd/hostapd.conf.5
index 76b1c9fd7d6..8505e11521c 100644
--- a/usr.sbin/hostapd/hostapd.conf.5
+++ b/usr.sbin/hostapd/hostapd.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: hostapd.conf.5,v 1.20 2005/11/20 12:02:04 reyk Exp $
+.\" $OpenBSD: hostapd.conf.5,v 1.21 2005/11/23 20:40:38 reyk Exp $
 .\"
 .\" Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
 .\"
@@ -168,17 +168,25 @@ All
 event rules are single line statements beginning with
 the mandatory
 .Ic hostap handle
-keywords and optional rule options, frame matching,
+keywords and optional rule options, interface, frame matching,
 a specified action, a limit, and a minimal rate:
 .Bd -filled -offset indent
 .Ic hostap handle
 .Op Ar option
+.Op Ar interface
 .Op Ar frame
 .Op Ar action
 .Op Ar limit
 .Op Ar rate
 .Ed
 .Pp
+Some rule statements support the optional keyword
+.Ic not ,
+also represented by the
+.Ic !\&
+operator,
+for inverse matching.
+.Pp
 The optional parts are defined below.
 .Ss Rule Option
 The rule
@@ -198,6 +206,21 @@ The keyword
 .Ic skip
 additionally skips any further IAPP processing of the frame,
 which is normally done after handling the event rules.
+.Ss Rule Interface
+The rule
+.Ar interface
+specifies the hostap interface the rule is matched on.
+The available interface list is specified by the global
+.Ic set hostap interface
+configuration setting.
+.Bd -filled -offset indent
+.Ic on
+.Op Ic not
+.Ar interface
+.Ed
+.Pp
+If not given,
+the event rule is matched on all available hostap interfaces.
 .Ss Rule Frame
 The
 .Ar frame
@@ -569,8 +592,8 @@ hostap handle skip type management subtype beacon bssid <pentest> \e
     with frame type management subtype auth \e
     from random to &bssid bssid &bssid
 
-# Re-inject a received IEEE 802.11 frame
-hostap handle type management subtype auth with resend
+# Re-inject a received IEEE 802.11 frame on the interface ath0
+hostap handle on ath0 type management subtype auth with resend
 
 # Remove a blacklisted node from the kernel node tree
 hostap handle type management subtype auth from <blacklist> \e
diff --git a/usr.sbin/hostapd/hostapd.h b/usr.sbin/hostapd/hostapd.h
index 57a2ac800f0..00d8b7967ca 100644
--- a/usr.sbin/hostapd/hostapd.h
+++ b/usr.sbin/hostapd/hostapd.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: hostapd.h,v 1.9 2005/11/20 12:02:04 reyk Exp $	*/
+/*	$OpenBSD: hostapd.h,v 1.10 2005/11/23 20:40:38 reyk Exp $	*/
 
 /*
  * Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
@@ -196,6 +196,9 @@ struct hostapd_frame {
 #define HOSTAPD_FRAME_F_BSSID_N		0x00002000
 #define HOSTAPD_FRAME_F_BSSID_TABLE	0x00004000
 #define HOSTAPD_FRAME_F_BSSID_M		0x00007000
+#define HOSTAPD_FRAME_F_APME		0x00008000
+#define HOSTAPD_FRAME_F_APME_N		0x00010000
+#define HOSTAPD_FRAME_F_APME_M		0x00018000
 #define HOSTAPD_FRAME_F_M		0x0fffffff
 #define HOSTAPD_FRAME_F_RET_OK		0x00000000
 #define HOSTAPD_FRAME_F_RET_QUICK	0x10000000
@@ -210,6 +213,7 @@ struct hostapd_frame {
 	(HOSTAPD_FRAME_F_FROM_N | HOSTAPD_FRAME_F_TO_N |		\
 	HOSTAPD_FRAME_F_BSSID_N)
 
+	struct hostapd_apme		*f_apme;
 	struct hostapd_table		*f_from, *f_to, *f_bssid;
 	struct timeval			f_limit, f_then, f_last;
 	long				f_rate, f_rate_intval;
diff --git a/usr.sbin/hostapd/parse.y b/usr.sbin/hostapd/parse.y
index 19a1e941afa..9ef593f411e 100644
--- a/usr.sbin/hostapd/parse.y
+++ b/usr.sbin/hostapd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.13 2005/11/20 12:02:04 reyk Exp $	*/
+/*	$OpenBSD: parse.y,v 1.14 2005/11/23 20:40:38 reyk Exp $	*/
 
 /*
  * Copyright (c) 2004, 2005 Reyk Floeter <reyk@vantronix.net>
@@ -123,7 +123,7 @@ u_int negative;
 %token	ERROR CONST TABLE NODE DELETE ADD LOG VERBOSE LIMIT QUICK SKIP
 %token	REASON UNSPECIFIED EXPIRE LEAVE ASSOC TOOMANY NOT AUTHED ASSOCED
 %token	RESERVED RSN REQUIRED INCONSISTENT IE INVALID MIC FAILURE OPEN
-%token	ADDRESS PORT
+%token	ADDRESS PORT ON
 %token	<v.string>	STRING
 %token	<v.val>		VALUE
 %type	<v.val>		number
@@ -223,12 +223,27 @@ hostapiface	: STRING
 		}
 		;
 
+hostapmatch	: /* empty */
+		| ON STRING
+		{
+			if ((frame.f_apme =
+			    hostapd_apme_lookup(&hostapd_cfg, $2)) == NULL) {
+				yyerror("undefined hostap interface");
+				free($2);
+				YYERROR;
+			}
+			free($2);
+
+			HOSTAPD_MATCH(APME);
+		}
+		;
+
 event		: HOSTAP HANDLE
 		{
 			bzero(&frame, sizeof(struct hostapd_frame));
 			/* IEEE 802.11 frame to match */
 			frame_ieee80211 = &frame.f_frame;
-		} eventopt frmmatch {
+		} eventopt hostapmatch frmmatch {
 			/* IEEE 802.11 raw frame to send as an action */
 			frame_ieee80211 = &frame.f_action_data.a_frame;
 		} action limit rate {
@@ -947,6 +962,7 @@ lookup(char *token)
 		{ "node",		NODE },
 		{ "not",		NOT },
 		{ "nwid",		NWID },
+		{ "on",			ON },
 		{ "open",		OPEN },
 		{ "passive",		PASSIVE },
 		{ "pcap",		PCAP },
@@ -1314,4 +1330,3 @@ yyerror(const char *fmt, ...)
 
 	return (0);
 }
-