Please note: This project is no longer active. The website is kept online for historic purposes only.
If you´re looking for a Linux driver for your Atheros WLAN device, you should continue here .

Ticket #631 (reopened enhancement)

Opened 14 years ago

Last modified 13 years ago

possibility to list/view ACL of MAC adresses either in proc entry or by some iwpriv command

Reported by: strasak@bubakov.net Assigned to:
Priority: minor Milestone: version 0.9.x - progressive release candidate phase
Component: madwifi: other Version: trunk
Keywords: ACL, MAC authorizaction , feature Cc:
Patch is attached: 0 Pending:

Description

I am thinking about adding this feature - to be able to see, which MAC adresses are actually allowed/disallowed to connect to madwifi based AP - into madwifi driver.

This could be done in at least two ways. First way is to make it as similar as possible to way, in which hostap driver show this information. Hostap create /proc entry in /proc/net/ entry for each prism card - similar to madwifi create /proc entries for each underlying device and also for each vap in various parts of /proc tree - and under this directory entry it creates file called ap_control , in which present access control policy is shown and also blacklist/whitelist of MAC adresses. Also, it has imo more pretty interface to statistics - every connected station has it's own file , where all stats about are aggregated , which is good for usage with tools like wewimo and stuff, but it is probably matter for some other ticket / enhancement proposal.The second way this could be implemented is to use iwpriv command - introduce some new maccmd value , aka for examle iwpriv ath0 maccmd 6 would show internal ACL on demand , or create some brand new iwpriv command , aka iwpriv ath0 listmac or something like that.

I would like to know your opinions about this, suggestions and other comments before i will start to work on this for real. It is far from critical issue, but could become handy in some cases, and also it should not broke something or interfere with something - SHOULD not , but my experiments on this resulted only into complete lock of systems . Also, if someone more capable in coding would like to take this as his task, i will appreciate it, because i am currently pretty busy and last but not least , not yet skilled enough to make it to work without big pain in brain .... thx for all comments on advance - btw i intentionaly haven't written any technical details of implementation, because i would like to hear general suggestions of more experienced and capable ppl first and especially would like to know, if there is anyone else who would like this in madwifi

Attachments

acl_proc_entry_patch_1705_v1.1.diff (5.4 kB) - added by strasak@bubakov.net on 08/30/06 11:12:07.
first try - patch for displaying allowed/disallowed MACs in /proc entry
acl_proc_entry_patch_2364_v1.2.diff (5.3 kB) - added by strasak@bubakov.net on 05/22/07 12:00:52.
patch for displaying allowed/disallowed MACs in /proc entry

Change History

08/30/06 11:12:07 changed by strasak@bubakov.net

  • attachment acl_proc_entry_patch_1705_v1.1.diff added.

first try - patch for displaying allowed/disallowed MACs in /proc entry

08/30/06 11:17:58 changed by strasak@bubakov.net

This patch does what is announced above, by creating /proc/net/madwifi/athX/ap_control entry, where it on open operation write:
1. active policy - open, allow, deny
2. number of entries in ACL
3. finally, all MAC addresses in ACL

patch is far not done optimaly, that is for sure, i am C and generally coding beginner and also pretty busy, but it works ok, and is relatively heavilly tested in real-life conditions, with no problem so far, but every feedback is appreciated, and even more some suggestions, how to make it in more proper way

Signed-off-by: Pavel Novák <strasak@bubakov.net>

08/30/06 15:02:11 changed by strasak@bubakov.net

uh i forgot - please send commnets or suggestions preferably by email, because i will ask developers to close ticket soon, because it's purpose is fulfilled - how well, that is another question :) and also i have to give credit to kelmo, on whom rate stats patch this one is based

09/08/06 19:44:44 changed by p0g0

  • status changed from new to closed.
  • resolution set to fixed.

09/09/06 10:24:20 changed by strasak@bubakov.net

  • status changed from closed to reopened.
  • resolution deleted.

thx to p0g0 for closing, but after talk on IRC i am reopening it as otaku suggested
sorry for chaos guys
ignuss

11/02/06 21:17:26 changed by joel@waveteq.com

Can't take over the coding, but can tell you its definately going to be useful for me.

11/03/06 06:42:36 changed by mrenzmann

What do you mean by "can't take over the coding"?

11/03/06 09:10:18 changed by mrenzmann

Quoting the reply to my question that went to madwifi-users:

The original author had stated that he would like someone to take the project on for him as he was new to C and didn't have a lot of time to contribute.

He had also asked if people thought having the ability to display the status of ACL was important.

I was attempting to let him know that though I thought his contribution was very useful and I was thankful of it, I was in no position to help with the C programming as I myself am not an expert.

05/22/07 11:59:31 changed by strasak@bubakov.net

New version of patch called acl_proc_entry_patch_2364_v1.2.diff made against latest trunk, cleaned a bit, tested a lot on live network on devices in AP mode - in other modes it doesn't have much sense.

Signed-off-by: Pavel Novák <strasak@bubakov.net>

05/22/07 12:00:52 changed by strasak@bubakov.net

  • attachment acl_proc_entry_patch_2364_v1.2.diff added.

patch for displaying allowed/disallowed MACs in /proc entry