From: Sergey Matyukevich <sergey.matyukevich.os@quantenna.com>
To: Kalle Valo <kvalo@codeaurora.org>
Cc: linux-wireless@vger.kernel.org,
Igor Mitsyanko <igor.mitsyanko.os@quantenna.com>,
Avinash Patil <avinashp@quantenna.com>
Subject: Re: [PATCH 10/10] qtnfmac: support MAC address based access control
Date: Tue, 5 Dec 2017 19:00:11 +0300 [thread overview]
Message-ID: <20171205160010.cytra3bqbttwz5db@bars> (raw)
In-Reply-To: <871skalepz.fsf@purkki.adurom.net>
Hello Kalle,
> Sergey Matyukevich <sergey.matyukevich.os@quantenna.com> writes:
>
> > From: Vasily Ulyanov <vulyanov@quantenna.com>
> >
> > This allows a running AP to blacklist STAs by their MAC addresses
> > respecting the configured policy (either accept or deny unless listed).
> > It can be setup on .start_ap or with .set_mac_acl commands.
> >
> > Signed-off-by: Vasily Ulyanov <vulyanov@quantenna.com>
>
> [...]
>
> > @@ -918,6 +933,7 @@ int qtnf_wiphy_register(struct qtnf_hw_info *hw_info, struct qtnf_wmac *mac)
> > wiphy->max_scan_ie_len = QTNF_MAX_VSIE_LEN;
> > wiphy->mgmt_stypes = qtnf_mgmt_stypes;
> > wiphy->max_remain_on_channel_duration = 5000;
> > + wiphy->max_acl_mac_addrs = mac->macinfo.max_acl_mac_addrs;
> >
> > wiphy->iface_combinations = iface_comb;
> > wiphy->n_iface_combinations = 1;
> > @@ -932,6 +948,9 @@ int qtnf_wiphy_register(struct qtnf_hw_info *hw_info, struct qtnf_wmac *mac)
> > WIPHY_FLAG_AP_UAPSD |
> > WIPHY_FLAG_HAS_CHANNEL_SWITCH;
> >
> > + if (wiphy->max_acl_mac_addrs > 0)
> > + wiphy->flags |= WIPHY_FLAG_HAVE_AP_SME;
>
> Conditonally enabling WIPHY_FLAG_HAVE_AP_SME looks somewhat suspicious
> to me and from a quick search I don't see any other driver doing
> something similar. Can you explain why AP_SME is related to MAC ACL?
Wireless core performs several sanity check on wiphy registration: see
wiphy_register implementation in net/wireless/core.c. One of those
checks is as follows: if max_acl_mac_addrs is non-zero, then two
conditions should be fulfilled:
- cfg80211 set_mac_acl callback should be available
- WIPHY_FLAG_HAVE_AP_SME should be set
The first condition is perfectly sane: it should be possible to
set MACs to enable ACL feature. The second condition is that clear
to me, but we have to comply in order to pass wiphy_registration.
I assume that it somehow related to hostapd logic, but I haven't
yet check that myself.
The conditional enablement of WIPHY_FLAG_HAVE_AP_SME is easy to
explain. We enable use firmware/hardware features to implement
MAC-based ACL. So we enable it only if firmware report non-zero
max_acl_mac_addrs value.
Regards,
Sergey
next prev parent reply other threads:[~2017-12-05 16:00 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-13 10:28 [PATCH 0/10] qtnfmac: regular portion of features and fixes Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 01/10] qtnfmac: check that MAC exists in regulatory notifier Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 02/10] qtnfmac: pass complete channel data between driver and firmware Sergey Matyukevich
2017-12-04 14:46 ` Kalle Valo
2017-12-05 16:24 ` Sergey Matyukevich
2018-01-12 11:23 ` Kalle Valo
2018-01-15 9:56 ` Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 03/10] qtnfmac: add support for radar detection and CAC Sergey Matyukevich
2017-12-04 14:49 ` Kalle Valo
2017-12-04 14:52 ` Kalle Valo
2017-12-05 16:27 ` Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 04/10] qtnfmac: change default interface mode from AP to STA Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 05/10] qtnfmac: check for passed channel being NULL in MGMT_TX command Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 06/10] qtnfmac: fix rssi data passed to wireless core Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 07/10] qtnfmac: fill wiphy's extended capabilities Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 08/10] qtnfmac: modify GET_STA_STATS cmd format for back/forward compatibility Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 09/10] qtnfmac: keeping track of "generation" for STA info Sergey Matyukevich
2017-11-13 10:28 ` [PATCH 10/10] qtnfmac: support MAC address based access control Sergey Matyukevich
2017-12-04 15:01 ` Kalle Valo
2017-12-05 16:00 ` Sergey Matyukevich [this message]
2017-12-18 12:43 ` Sergey Matyukevich
2017-12-18 14:01 ` Kalle Valo
2017-12-18 16:18 ` Sergey Matyukevich
2017-12-19 9:38 ` Johannes Berg
2017-12-19 10:29 ` Sergey Matyukevich
2017-12-19 10:35 ` Johannes Berg
2017-12-19 10:42 ` Sergey Matyukevich
2017-12-19 10:59 ` Johannes Berg
2017-12-19 11:19 ` Sergey Matyukevich
2017-12-19 12:37 ` Arend van Spriel
2017-12-19 16:58 ` Johannes Berg
2017-12-19 22:13 ` Arend Van Spriel
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171205160010.cytra3bqbttwz5db@bars \
--to=sergey.matyukevich.os@quantenna.com \
--cc=avinashp@quantenna.com \
--cc=igor.mitsyanko.os@quantenna.com \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).