From: Benedikt 'Hunz' Heinz (hunz_at_hunz.org)
Date: 2002-02-11 21:19:57 UTC
Hi everyone!
I hacked a MAC-access list in the driver - there are 3 policies -
open,allow,deny
open - which is default - ignores the list - everyone can auth at the AP
allow - only MACs in the list may auth at the AP
deny - everyone but the MACs from the list may auth at the AP
also ist is possible to kick associated STAs from the AP - but this isn't tested very well and no mgmt-msg are yet sent to the STA before removing the STA
i dunno wether there's a better answer on the auth if the MAC ist rejected - i currently send a WLAN_STATUS_UNSPECIFIED_FAILURE
the code is quite dirty but it works at least here with my lucent-card as client
i use a chardev to control the list via ioctls (devfs not yet
supported):
crw-r--r-- 1 root root 42, 0 Feb 11 17:26 /dev/ap0
(mknod /dev/ap0 c 42 0)
and a procdev (/proc/net/prism2/wlanX/ap_control) to view the policy and
MAC-list
there's a tool in the package called ap_ctrl to control the accesslist
maybe it's possible to add it in the original HostAP package with some modifications and cleanups (yes i DO know it's an absolute dirty hack!)
the package can be found here:
http://hunz2.dyndns.org/prism2_ap-ctrl.tar.bz2
feedback, bugfixes, comments & suggestions welcome
another suggestion: the AP-driver logs quite a lot via syslog - maybe it's better to build a event-device (/dev/ap0?) which transfers the events to userspace to a daemon which handles the events? (seems to be better than polling the files in /proc in my eyes)
for example to detect sp00fing in data-packets if addr2 in 802.11b header differs from the src-mac in the ethernet-header - the daemon can get a event then and add the MAC to the deny-list or remove it from the allow-list
-- Benedikt 'Hunz' Heinz <hunz_at_hunz.org> http://hunz.org ICQ #9138850