From patchwork Sat Sep 24 21:08:08 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: michael-dev <michael-dev@fami-braun.de>
X-Patchwork-Id: 674360
Return-Path: 
 <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from bombadil.infradead.org (bombadil.infradead.org
	[IPv6:2001:1868:205::9])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 3shNCS3Kfqz9s4x
	for <incoming@patchwork.ozlabs.org>;
	Sun, 25 Sep 2016 07:09:40 +1000 (AEST)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=fami-braun.de header.i=@fami-braun.de
	header.b=UNLSzsW3; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org)
	by bombadil.infradead.org with esmtp (Exim 4.85_2 #1 (Red Hat Linux))
	id 1bnuBp-0000Vp-Qu; Sat, 24 Sep 2016 21:08:53 +0000
Received: from casper.infradead.org ([2001:770:15f::2])
	by bombadil.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat
	Linux)) id 1bnuBj-0000RM-6l
	for hostap@bombadil.infradead.org; Sat, 24 Sep 2016 21:08:47 +0000
Received: from mo6-p00-ob.smtp.rzone.de ([2a01:238:20a:202:5300::8])
	by casper.infradead.org with esmtps (Exim 4.85_2 #1 (Red Hat Linux))
	id 1bnuBe-0003k0-Mr
	for hostap@lists.infradead.org; Sat, 24 Sep 2016 21:08:45 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1474751300; l=4736;
	s=domk; d=fami-braun.de;
	h=References:In-Reply-To:Date:Subject:To:From;
	bh=4eL3zzi343RHxXQkcni0MKKueIvaWlYogHARwrxaSJc=;
	b=UNLSzsW3ewVURSHuY8ytzA6Xhl/c5CFXX7DcJgexdcChAPvBBaBCXpezbRnaBXfLa2p
	2O1l5KFoEmDx65MGemY41cp3+Hqe1gbhML8j0CgkBR3f/OxBhBWlvgEQ7OkC6VnLWiOX7
	IrSZQAn3AlRqgNv1dEB2/kssOaveH89finY=
X-RZG-AUTH: 
 :P20JeEWkefDI1ODZs1HHtgV3eF0OpFsRaGIBBWYxhJvJPtnXtogBWn6YvUkYzDKvBT07wx/0LJ4BNA==
X-RZG-CLASS-ID: mo00
Received: from dynamic.fami-braun.de ([2a01:198:45f::254])
	by smtp.strato.de (RZmta 39.3 AUTH) with ESMTPSA id e0b474s8OL8KX3I
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (curve
	secp521r1 with 521 ECDH bits, eq. 15360 bits RSA))
	(Client did not present a certificate)
	for <hostap@lists.infradead.org>;
	Sat, 24 Sep 2016 23:08:20 +0200 (CEST)
Received: from dynamic.fami-braun.de (localhost [127.0.0.1])
	by dynamic.fami-braun.de (fami-braun.de) with ESMTP id 4D4CD154385
	for <hostap@lists.infradead.org>;
	Sat, 24 Sep 2016 23:08:20 +0200 (CEST)
Received: by dynamic.fami-braun.de (fami-braun.de, from userid 1001)
	id 3A5EA15829D; Sat, 24 Sep 2016 23:08:20 +0200 (CEST)
From: "M. Braun" <michael-dev@fami-braun.de>
To: hostap@lists.infradead.org
Subject: [PATCH v2 24/33] Prepare 802.11i pre-authentication for full dynamic
	vlan.
Date: Sat, 24 Sep 2016 23:08:08 +0200
Message-Id: <1474751297-7277-25-git-send-email-michael-dev@fami-braun.de>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1474751297-7277-1-git-send-email-michael-dev@fami-braun.de>
References: <1474751297-7277-1-git-send-email-michael-dev@fami-braun.de>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20160924_220842_884806_38F7C5B1 
X-CRM114-Status: GOOD (  18.75  )
X-Spam-Score: -2.7 (--)
X-Spam-Report: SpamAssassin version 3.4.1 on casper.infradead.org summary:
	Content analysis details:   (-2.7 points, 5.0 required)
	pts rule name              description
	---- ----------------------
	--------------------------------------------------
	-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/,
	low
	trust [2a01:238:20a:202:5300:0:0:8 listed in] [list.dnswl.org]
	-1.9 BAYES_00               BODY: Bayes spam probability is 0 to 1%
	[score: 0.0000]
	-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
	-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
	author's domain
	0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
	not necessarily valid
X-BeenThere: hostap@lists.infradead.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: <hostap.lists.infradead.org>
List-Unsubscribe: <http://lists.infradead.org/mailman/options/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=unsubscribe>
List-Archive: <http://lists.infradead.org/pipermail/hostap/>
List-Post: <mailto:hostap@lists.infradead.org>
List-Help: <mailto:hostap-request@lists.infradead.org?subject=help>
List-Subscribe: <http://lists.infradead.org/mailman/listinfo/hostap>,
	<mailto:hostap-request@lists.infradead.org?subject=subscribe>
MIME-Version: 1.0
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

From: Michael Braun <michael-dev@fami-braun.de>

To receive pre-authentication packets on a non-wifi-client-data bridge,
the bssid needs to appear as local mac.

This is implemented by creating an interface of type "macvlan" with the
mac address configured as bssid.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
---
 hostapd/Makefile      |  4 ++++
 hostapd/defconfig     |  3 +++
 hostapd/hostapd.conf  |  4 ++++
 src/ap/preauth_auth.c | 35 +++++++++++++++++++++++++++++++++--
 4 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/hostapd/Makefile b/hostapd/Makefile
index 47ba052..1d6872b 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -260,6 +260,10 @@ endif
 ifdef CONFIG_RSN_PREAUTH
 CFLAGS += -DCONFIG_RSN_PREAUTH
 CONFIG_L2_PACKET=y
+ifdef CONFIG_RSN_PREAUTH_MACVLAN
+CFLAGS += -DCONFIG_RSN_PREAUTH_MACVLAN
+NEED_MACVLAN=y
+endif
 endif
 
 ifdef CONFIG_PEERKEY
diff --git a/hostapd/defconfig b/hostapd/defconfig
index db35e0b..193546f 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -52,6 +52,9 @@ CONFIG_IAPP=y
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
+# see hostapd.conf
+# CONFIG_RSN_PREAUTH_MACVLAN=y
+
 # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
 CONFIG_PEERKEY=y
 
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 62bac5a..da0fb42 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1209,6 +1209,10 @@ own_ip_addr=127.0.0.1
 # associated stations (e.g., wlan0) should not be added, since
 # pre-authentication is only used with APs other than the currently associated
 # one.
+# Packets addressed to the local bssid need to appear as "local" to
+# rsn_preauth_interfaces in order to be received.
+# If hostapd is build with CONFIG_RSN_PREAUTH_MACVLAN, hostapd will add an
+# macvlan type interface using the bssid as mac.
 #rsn_preauth_interfaces=eth0
 
 # peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
diff --git a/src/ap/preauth_auth.c b/src/ap/preauth_auth.c
index 3e0c800..d83b5f3 100644
--- a/src/ap/preauth_auth.c
+++ b/src/ap/preauth_auth.c
@@ -22,6 +22,10 @@
 #include "sta_info.h"
 #include "wpa_auth.h"
 #include "preauth_auth.h"
+#if CONFIG_RSN_PREAUTH_MACVLAN
+#include "macvlan.h"
+#include "vlan_ifconfig.h"
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 
 #ifndef ETH_P_PREAUTH
 #define ETH_P_PREAUTH 0x88C7 /* IEEE 802.11i pre-authentication */
@@ -35,6 +39,9 @@ struct rsn_preauth_interface {
 	struct l2_packet_data *l2;
 	char *ifname;
 	int ifindex;
+#if CONFIG_RSN_PREAUTH_MACVLAN
+	int is_macvlan;
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 };
 
 
@@ -94,9 +101,13 @@ static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
 }
 
 
-static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
+static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname,
+				 int idx)
 {
 	struct rsn_preauth_interface *piface;
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+	char macvlan_iface[IFNAMSIZ+1];
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 
 	wpa_printf(MSG_DEBUG, "RSN pre-auth interface '%s'", ifname);
 
@@ -105,6 +116,19 @@ static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
 		return -1;
 	piface->hapd = hapd;
 
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+	snprintf(macvlan_iface, sizeof(macvlan_iface), "pre%d%s",
+		 idx, hapd->conf->iface);
+	if (macvlan_add(macvlan_iface, hapd->own_addr, ifname) < 0 ||
+	    ifconfig_up(macvlan_iface) < 0) {
+		wpa_printf(MSG_ERROR, "Failed to add bssid to "
+			   "rsn_preauth_interface %s", ifname);
+	} else {
+		piface->is_macvlan = 1;
+		ifname = macvlan_iface;
+	}
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
+
 	piface->ifname = os_strdup(ifname);
 	if (piface->ifname == NULL) {
 		goto fail1;
@@ -139,6 +163,12 @@ void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
 	while (piface) {
 		prev = piface;
 		piface = piface->next;
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+		if (prev->is_macvlan) {
+			ifconfig_down(prev->ifname);
+			macvlan_del(prev->ifname);
+		}
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 		l2_packet_deinit(prev->l2);
 		os_free(prev->ifname);
 		os_free(prev);
@@ -149,6 +179,7 @@ void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
 int rsn_preauth_iface_init(struct hostapd_data *hapd)
 {
 	char *tmp, *start, *end;
+	int i = 0;
 
 	if (hapd->conf->rsn_preauth_interfaces == NULL)
 		return 0;
@@ -166,7 +197,7 @@ int rsn_preauth_iface_init(struct hostapd_data *hapd)
 		if (end)
 			*end = '\0';
 
-		if (rsn_preauth_iface_add(hapd, start)) {
+		if (rsn_preauth_iface_add(hapd, start, i++)) {
 			rsn_preauth_iface_deinit(hapd);
 			os_free(tmp);
 			return -1;