Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Arend Van Spriel
On Tue, Dec 19, 2017 at 5:58 PM, Johannes Berg wrote: > On Tue, 2017-12-19 at 13:37 +0100, Arend van Spriel wrote: >> On 12/19/2017 12:19 PM, Sergey Matyukevich wrote: >> > > > Not yet. At the moment enum nl80211_ap_sme_features in >> > > > uapi/linux/nl80211.h >> > >

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Johannes Berg
On Tue, 2017-12-19 at 13:37 +0100, Arend van Spriel wrote: > On 12/19/2017 12:19 PM, Sergey Matyukevich wrote: > > > > Not yet. At the moment enum nl80211_ap_sme_features in > > > > uapi/linux/nl80211.h > > > > is commented out. For MAC-based ACL the following things are being > > > > checked >

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Arend van Spriel
On 12/19/2017 12:19 PM, Sergey Matyukevich wrote: Not yet. At the moment enum nl80211_ap_sme_features in uapi/linux/nl80211.h is commented out. For MAC-based ACL the following things are being checked on wiphy registration: complete flag WIPHY_FLAG_HAVE_AP_SME, non-zero max_acl_mac_addrs, and

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Sergey Matyukevich
> > Not yet. At the moment enum nl80211_ap_sme_features in uapi/linux/nl80211.h > > is commented out. For MAC-based ACL the following things are being checked > > on wiphy registration: complete flag WIPHY_FLAG_HAVE_AP_SME, non-zero > > max_acl_mac_addrs, and set_mac_acl cfg80211 callback. > > I

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Johannes Berg
On Tue, 2017-12-19 at 13:42 +0300, Sergey Matyukevich wrote: > Not yet. At the moment enum nl80211_ap_sme_features in uapi/linux/nl80211.h > is commented out. For MAC-based ACL the following things are being checked > on wiphy registration: complete flag WIPHY_FLAG_HAVE_AP_SME, non-zero >

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Sergey Matyukevich
Hello Johannes, > > I guess it should be possible to do some kind of source address filtering > > in hardware. But it looks like your question is whether it makes sense > > or not. Probably not, I have no idea. > > Either way, I see no reason to support it if nobody has a driver for it > :) > >

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Johannes Berg
Hi, > I guess it should be possible to do some kind of source address filtering > in hardware. But it looks like your question is whether it makes sense > or not. Probably not, I have no idea. Either way, I see no reason to support it if nobody has a driver for it :) > By the way, what do you

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Sergey Matyukevich
Hello Johannes, > > Meanwhile now it is not yet clear to me what should be done for driver which > > supports MAC-based ACL, but not full-fledged AP SME. > > Are you sure that such a device can even exist? It'd have to drop the > auth frames, so they can't be handled by the host? Is there much

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-19 Thread Johannes Berg
On Mon, 2017-12-18 at 19:18 +0300, Sergey Matyukevich wrote: > Meanwhile now it is not yet clear to me what should be done for driver which > supports MAC-based ACL, but not full-fledged AP SME. Are you sure that such a device can even exist? It'd have to drop the auth frames, so they can't be

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-18 Thread Sergey Matyukevich
Hello Kalle, > >> > This allows a running AP to blacklist STAs by their MAC addresses > >> > respecting the configured policy (either accept or deny unless listed). > >> > It can be setup on .start_ap or with .set_mac_acl commands. > >> > > >> > Signed-off-by: Vasily Ulyanov

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-18 Thread Kalle Valo
Sergey Matyukevich writes: > Hello Kalle, > >> Sergey Matyukevich writes: >> >> > From: Vasily Ulyanov >> > >> > This allows a running AP to blacklist STAs by their MAC addresses >> > respecting

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-18 Thread Sergey Matyukevich
Hello Kalle, > > > This allows a running AP to blacklist STAs by their MAC addresses > > > respecting the configured policy (either accept or deny unless listed). > > > It can be setup on .start_ap or with .set_mac_acl commands. > > > > > > Signed-off-by: Vasily Ulyanov >

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-05 Thread Sergey Matyukevich
Hello Kalle, > Sergey Matyukevich writes: > > > From: Vasily Ulyanov > > > > This allows a running AP to blacklist STAs by their MAC addresses > > respecting the configured policy (either accept or deny unless listed). > > It can be

Re: [PATCH 10/10] qtnfmac: support MAC address based access control

2017-12-04 Thread Kalle Valo
Sergey Matyukevich writes: > From: Vasily Ulyanov > > This allows a running AP to blacklist STAs by their MAC addresses > respecting the configured policy (either accept or deny unless listed). > It can be setup on .start_ap or with

[PATCH 10/10] qtnfmac: support MAC address based access control

2017-11-13 Thread Sergey Matyukevich
From: Vasily Ulyanov This allows a running AP to blacklist STAs by their MAC addresses respecting the configured policy (either accept or deny unless listed). It can be setup on .start_ap or with .set_mac_acl commands. Signed-off-by: Vasily Ulyanov