On Wednesday 12 December 2012 03:44 PM, Antonio Quartulli wrote:
Hello Vasanthakumar,
On Fri, Dec 07, 2012 at 05:16:03PM +0530, Vasanthakumar Thiagarajan wrote:
This patch enables drivers to implement mac address based
access control in AP/P2P GO mode. There is a new flag in
nl80211_ap_sme_features (NL80211_AP_SME_FEATURE_MAC_ACL)
for drivers to advertise this capability. There are two acl
policies, white and black list under which an acl list can
be configured in the driver. Driver has to advertise the
maximum number of mac address entries in acl list through
max_acl_mac_addrs of wiphy.
Driver can enable its ACL either with the initial list passed
through NL80211_CMD_START_AP or a list passed through
NL80211_CMD_SET_MAC_ACL. ACL information passed in these
commands is an array of acl configuration containing acl
policy and list of mac address. With the acl policy as
NL80211_ACL_POLICY_ACCEPT, driver will accept Auth request
from any client matching any one of the mac addresses in the acl list.
When acl policy is NL80211_ACL_POLICY_DENY, driver will reject any
Auth request from the clients having their mac address listed in the
acl list. Driver must make sure to clear it's acl list when doing
stop ap.
I'm curious about this feature: at the moment mac ACL is implemented and working
in hostapd. What would the advantage of implementing this in the driver?
I don't think this can be offloaded on the device, so the advantage is that this
would move the ACL mechanism from the user to the kernel-space? Or am I missing
something else?
This is mainly for the devices which have the AP SME in fw like ath6kl.
So that the auth request will be dropped after checking the acl instead
instead of doing it in hostapd where it could be done only after
the connection with the station goes through successfully.
Vasanth
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
