From 160ccf8917c0d1361ae80967618f2481080b4b71 Mon Sep 17 00:00:00 2001 From: Ian Clowes Date: Mon, 31 Jan 2022 10:50:39 +0000 Subject: [PATCH] ubus/datastorage: cleanup - Remove the linked list of rejected auth / assoc as it was not used for any decision making - Rename auth_req to client_req as it is also used by association requests [cleanup commit message] Signed-off-by: Nick Hainke --- src/include/datastorage.h | 18 ++--- src/include/test_storage.h | 1 - src/include/ubus.h | 12 +--- src/storage/datastorage.c | 134 +------------------------------------ src/test/test_storage.c | 100 +-------------------------- src/utils/ubus.c | 62 ++++------------- 6 files changed, 20 insertions(+), 307 deletions(-) diff --git a/src/include/datastorage.h b/src/include/datastorage.h index 3b0911b..1b2fff4 100644 --- a/src/include/datastorage.h +++ b/src/include/datastorage.h @@ -174,8 +174,8 @@ typedef struct probe_entry_s { // struct probe_entry_s* entry; //}; -typedef struct auth_entry_s { - struct auth_entry_s* next_auth; +typedef struct client_req_entry_s { + // struct client_req_entry_s* next_deny; struct dawn_mac bssid_addr; struct dawn_mac client_addr; struct dawn_mac target_addr; // TODO: Never evaluated? @@ -183,15 +183,13 @@ typedef struct auth_entry_s { uint32_t freq; // TODO: Never evaluated? time_t time; // Never used for removal? int counter; -} auth_entry; +} client_req_entry; typedef struct hostapd_notify_entry_s { struct dawn_mac bssid_addr; struct dawn_mac client_addr; } hostapd_notify_entry; -typedef struct auth_entry_s assoc_entry; - // ---------------- Defines ---------------- #define NEIGHBOR_REPORT_LEN 200 @@ -206,8 +204,6 @@ typedef struct auth_entry_s assoc_entry; #define NR_PHY 24 // ---------------- Global variables ---------------- -extern struct auth_entry_s *denied_req_set; -extern pthread_mutex_t denied_array_mutex; extern struct probe_entry_s *probe_set; extern pthread_mutex_t probe_array_mutex; @@ -299,13 +295,7 @@ void print_probe_entry(int level, probe_entry *entry); int eval_probe_metric(struct probe_entry_s * probe_entry, ap *ap_entry); -void denied_req_array_delete(auth_entry *entry); - -auth_entry *insert_to_denied_req_array(auth_entry*entry, int inc_counter, time_t expiry); - -void remove_old_denied_req_entries(time_t current_time, long long int threshold, int logmac); - -void print_auth_entry(int level, auth_entry *entry); +void print_client_req_entry(int level, client_req_entry *entry); // ---------------- Functions ---------------- diff --git a/src/include/test_storage.h b/src/include/test_storage.h index e2add71..41b2473 100644 --- a/src/include/test_storage.h +++ b/src/include/test_storage.h @@ -11,6 +11,5 @@ void ap_array_insert(ap *entry); int ap_array_delete(ap *entry); -auth_entry** auth_entry_find_first_entry(struct dawn_mac bssid_mac, struct dawn_mac client_mac); #endif diff --git a/src/include/ubus.h b/src/include/ubus.h index 4ad2893..ec6d170 100644 --- a/src/include/ubus.h +++ b/src/include/ubus.h @@ -38,20 +38,12 @@ void start_tcp_con_update(); int ubus_call_umdns(); /** - * Parse to authentication request. + * Parse to client request. * @param msg * @param auth_req * @return */ -int parse_to_auth_req(struct blob_attr *msg, auth_entry *auth_req); - -/** - * Parse to association request. - * @param msg - * @param assoc_req - * @return - */ -int parse_to_assoc_req(struct blob_attr *msg, assoc_entry *assoc_req); +int parse_to_client_req(struct blob_attr *msg, client_req_entry *client_req); /** * Kick client from all hostapd interfaces. diff --git a/src/storage/datastorage.c b/src/storage/datastorage.c index 92c0f73..b632bb5 100644 --- a/src/storage/datastorage.c +++ b/src/storage/datastorage.c @@ -27,10 +27,6 @@ static int compare_station_count(ap* ap_entry_own, ap* ap_entry_to_compare, stru // ---------------- Global variables ---------------- -struct auth_entry_s *denied_req_set = NULL; -int denied_req_last = 0; -pthread_mutex_t denied_array_mutex; - // config section name const char *band_config_name[__DAWN_BAND_MAX] = { "802_11g", @@ -329,45 +325,6 @@ static client** client_find_first_c_entry(struct dawn_mac client_mac) } #endif -auth_entry** auth_entry_find_first_entry(struct dawn_mac bssid_mac, struct dawn_mac client_mac) -{ - int lo = 0; - auth_entry** lo_ptr = &denied_req_set; - int hi = denied_req_last; - - dawnlog_debug_func("Entering..."); - - while (lo < hi) { - auth_entry** i = lo_ptr; - int scan_pos = lo; - - // m is next test position of binary search - int m = (lo + hi) / 2; - - // find entry with ordinal position m - while (scan_pos++ < m) - { - i = &((*i)->next_auth); - } - - int this_cmp = mac_compare_bb((*i)->bssid_addr, bssid_mac); - - if (this_cmp == 0) - this_cmp = mac_compare_bb((*i)->client_addr, client_mac); - - if (this_cmp < 0) - { - lo = m + 1; - lo_ptr = &((*i)->next_auth); - } - else - { - hi = m; - } - } - - return lo_ptr; -} static struct mac_entry_s** mac_find_first_entry(struct dawn_mac mac) { @@ -1386,38 +1343,6 @@ void remove_old_ap_entries(time_t current_time, long long int threshold) { } } -void remove_old_denied_req_entries(time_t current_time, long long int threshold, int logmac) { - dawnlog_debug_func("Entering..."); - - auth_entry** i = &denied_req_set; - while (*i != NULL) { - // check counter - - //check timer - if ((*i)->time < (current_time - threshold)) { - - // client is not connected for a given time threshold! - if (logmac && !is_connected_somehwere((*i)->client_addr)) { - dawnlog_warning("Client has probably a bad driver!\n"); - - // problem that somehow station will land into this list - // maybe delete again? - if (insert_to_maclist((*i)->client_addr) == 0) { - send_add_mac((*i)->client_addr); - // TODO: File can grow arbitarily large. Resource consumption risk. - // TODO: Consolidate use of file across source: shared resource for name, single point of access? - write_mac_to_file("/tmp/dawn_mac_list", (*i)->client_addr); - } - } - // TODO: Add unlink function to save rescan to find element - denied_req_array_delete(*i); - } - else - { - i = &((*i)->next_auth); - } - } -} client *insert_client_to_array(client *entry, time_t expiry) { client * ret = NULL; @@ -1563,58 +1488,6 @@ struct mac_entry_s** i = mac_find_first_entry(mac); return ret; } -auth_entry* insert_to_denied_req_array(auth_entry* entry, int inc_counter, time_t expiry) { - dawnlog_debug_func("Entering..."); - - pthread_mutex_lock(&denied_array_mutex); - - auth_entry** i = auth_entry_find_first_entry(entry->bssid_addr, entry->client_addr); - - if ((*i) != NULL && mac_is_equal_bb(entry->bssid_addr, (*i)->bssid_addr) && mac_is_equal_bb(entry->client_addr, (*i)->client_addr)) { - - entry = *i; - - entry->time = expiry; - if (inc_counter) { - entry->counter++; - } - } - else - { - entry->time = expiry; - if (inc_counter) - entry->counter++; - else - entry->counter = 0; - - entry->next_auth = *i; - *i = entry; - denied_req_last++; - } - - pthread_mutex_unlock(&denied_array_mutex); - - return entry; -} - -void denied_req_array_delete(auth_entry* entry) { - - auth_entry** i; - - dawnlog_debug_func("Entering..."); - - for (i = &denied_req_set; *i != NULL; i = &((*i)->next_auth)) { - if (*i == entry) { - *i = entry->next_auth; - denied_req_last--; - dawn_free(entry); - entry = NULL; - break; - } - } - - return; -} struct mac_entry_s* insert_to_mac_array(struct mac_entry_s* entry, struct mac_entry_s** insert_pos) { dawnlog_debug_func("Entering...");; @@ -1659,7 +1532,7 @@ void print_probe_entry(int level, probe_entry *entry) { } } -void print_auth_entry(int level, auth_entry *entry) { +void print_client_req_entry(int level, client_req_entry *entry) { if (dawnlog_showing(DAWNLOG_INFO)) { dawnlog_info( @@ -1718,7 +1591,6 @@ void destroy_mutex() { pthread_mutex_destroy(&probe_array_mutex); pthread_mutex_destroy(&client_array_mutex); pthread_mutex_destroy(&ap_array_mutex); - pthread_mutex_destroy(&denied_array_mutex); return; } @@ -1740,9 +1612,5 @@ int init_mutex() { return 1; } - if (pthread_mutex_init(&denied_array_mutex, NULL) != 0) { - dawnlog_error("Mutex init failed!\n"); - return 1; - } return 0; } diff --git a/src/test/test_storage.c b/src/test/test_storage.c index 09bda61..fecc9f5 100644 --- a/src/test/test_storage.c +++ b/src/test/test_storage.c @@ -237,32 +237,8 @@ static int array_auto_helper(int action, int i0, int i1) } } break; - case HELPER_AUTH_ENTRY: - ; // Empty statement to allow label before declaration - if ((action & HELPER_ACTION_MASK) == HELPER_ACTION_ADD) - { - auth_entry* auth_entry0 = dawn_malloc(sizeof(struct auth_entry_s)); - auth_entry0->bssid_addr = this_mac; - auth_entry0->client_addr = this_mac; - insert_to_denied_req_array(auth_entry0, true, 0); // TODO: Check bool flags - } - else if ((action & HELPER_ACTION_MASK) == HELPER_ACTION_STRESS) { - auth_entry* auth_entry0 = dawn_malloc(sizeof(struct auth_entry_s)); - set_random_mac(auth_entry0->bssid_addr.u8); - set_random_mac(auth_entry0->client_addr.u8); - insert_to_denied_req_array(auth_entry0, true, faketime); - remove_old_denied_req_entries(faketime, 10, false); - time_moves_on(); - } - else - { - auth_entry* auth_entry0 = *auth_entry_find_first_entry(this_mac, this_mac); - if (auth_entry0 != NULL && mac_is_equal_bb(this_mac, auth_entry0->bssid_addr) && mac_is_equal_bb(this_mac, auth_entry0->client_addr)) - denied_req_array_delete(auth_entry0); - } - break; default: printf("HELPER error - which entity?\n"); ret = -1; @@ -474,16 +450,6 @@ static int consume_actions(int argc, char* argv[], int harness_verbosity) print_client_array(); } - else if (strcmp(*argv, "auth_entry_show") == 0) - { - args_required = 1; - - dawnlog_info("--------APs------\n"); - for (auth_entry *i = denied_req_set; i != NULL; i = i->next_auth) { - print_auth_entry(DAWNLOG_INFO, i); - } - dawnlog_info("------------------\n"); - } else if (strcmp(*argv, "ap_add_auto") == 0) { args_required = 3; @@ -556,31 +522,7 @@ static int consume_actions(int argc, char* argv[], int harness_verbosity) ret = array_auto_helper(HELPER_CLIENT | HELPER_ACTION_STRESS, 1, atoi(*(argv + 1))); } } - else if (strcmp(*argv, "auth_entry_add_auto") == 0) - { - args_required = 3; - if (curr_arg + args_required <= argc) - { - ret = array_auto_helper(HELPER_AUTH_ENTRY | HELPER_ACTION_ADD, atoi(*(argv + 1)), atoi(*(argv + 2))); - } - } - else if (strcmp(*argv, "auth_entry_del_auto") == 0) - { - args_required = 3; - if (curr_arg + args_required <= argc) - { - ret = array_auto_helper(HELPER_AUTH_ENTRY | HELPER_ACTION_DEL, atoi(*(argv + 1)), atoi(*(argv + 2))); - } - } - else if (strcmp(*argv, "auth_entry_stress") == 0) - { - args_required = 2; - if (curr_arg + args_required <= argc) - { - ret = array_auto_helper(HELPER_AUTH_ENTRY | HELPER_ACTION_STRESS, 1, atoi(*(argv + 1))); - } - } - else if (strcmp(*argv, "remove_old_ap_entries") == 0) + else if (strcmp(*argv, "remove_old_ap_entries") == 0) { args_required = 2; if (curr_arg + args_required <= argc) @@ -921,46 +863,6 @@ static int consume_actions(int argc, char* argv[], int harness_verbosity) args_required++; } } - else if (strcmp(*argv, "auth_entry") == 0) - { - auth_entry *au0 = dawn_malloc(sizeof(struct auth_entry_s)); - - memset(au0->bssid_addr.u8, 0, ETH_ALEN); - memset(au0->client_addr.u8, 0, ETH_ALEN); - memset(au0->target_addr.u8, 0, ETH_ALEN); - au0->signal = 0; - au0->freq = 0; - au0->time = faketime; - au0->counter = 0; - - args_required = 1; - while (ret == 0 && curr_arg + args_required < argc) - { - char* fn = *(argv + args_required); - - //TODO: Somewhat hacky parsing of value strings to get us going... - if (false); // Hack to allow easy paste of generated code - else if (!strncmp(fn, "bssid=", 6)) hwaddr_aton(fn + 6, au0->bssid_addr.u8); - else if (!strncmp(fn, "client=", 7)) hwaddr_aton(fn + 7, au0->client_addr.u8); - else if (!strncmp(fn, "target=", 7)) hwaddr_aton(fn + 7, au0->target_addr.u8); - else if (!strncmp(fn, "signal=", 7)) load_u32(&au0->signal, fn + 7); - else if (!strncmp(fn, "freq=", 5)) load_u32(&au0->freq, fn + 5); - else if (!strncmp(fn, "time=", 5)) load_time(&au0->time, fn + 5); - else if (!strncmp(fn, "counter=", 8)) load_int(&au0->counter, fn + 8); - else { - printf("ERROR: Loading AUTH, but don't recognise assignment \"%s\"\n", fn); - ret = 1; - } - - if (ret == 0) - args_required++; - } - - if (ret == 0) - { - insert_to_denied_req_array(au0, true, au0->time); - } - } else if (strcmp(*argv, "kick") == 0) // Perform kicking evaluation { args_required = 3; diff --git a/src/utils/ubus.c b/src/utils/ubus.c index cc89f59..ab13c59 100644 --- a/src/utils/ubus.c +++ b/src/utils/ubus.c @@ -44,8 +44,6 @@ struct uloop_timeout channel_utilization_timer = { void remove_ap_array_cb(struct uloop_timeout* t); -void denied_req_array_cb(struct uloop_timeout* t); - void remove_client_array_cb(struct uloop_timeout* t); void remove_probe_array_cb(struct uloop_timeout* t); @@ -62,10 +60,6 @@ struct uloop_timeout ap_timeout = { .cb = remove_ap_array_cb }; -struct uloop_timeout denied_req_timeout = { - .cb = denied_req_array_cb -}; - // TODO: Never scheduled? struct uloop_timeout usock_timer = { .cb = run_server_update @@ -243,39 +237,33 @@ void blobmsg_add_macaddr(struct blob_buf *buf, const char *name, const struct da blobmsg_add_string_buffer(buf); } -int parse_to_auth_req(struct blob_attr *msg, auth_entry *auth_req) { +int parse_to_client_req(struct blob_attr *msg, client_req_entry *client_req) { struct blob_attr *tb[__AUTH_MAX]; dawnlog_debug_func("Entering..."); blobmsg_parse(auth_policy, __AUTH_MAX, tb, blob_data(msg), blob_len(msg)); - if (hwaddr_aton(blobmsg_data(tb[AUTH_BSSID_ADDR]), auth_req->bssid_addr.u8)) + if (hwaddr_aton(blobmsg_data(tb[AUTH_BSSID_ADDR]), client_req->bssid_addr.u8)) return UBUS_STATUS_INVALID_ARGUMENT; - if (hwaddr_aton(blobmsg_data(tb[AUTH_CLIENT_ADDR]), auth_req->client_addr.u8)) + if (hwaddr_aton(blobmsg_data(tb[AUTH_CLIENT_ADDR]), client_req->client_addr.u8)) return UBUS_STATUS_INVALID_ARGUMENT; - if (hwaddr_aton(blobmsg_data(tb[AUTH_TARGET_ADDR]), auth_req->target_addr.u8)) + if (hwaddr_aton(blobmsg_data(tb[AUTH_TARGET_ADDR]), client_req->target_addr.u8)) return UBUS_STATUS_INVALID_ARGUMENT; if (tb[AUTH_SIGNAL]) { - auth_req->signal = blobmsg_get_u32(tb[AUTH_SIGNAL]); + client_req->signal = blobmsg_get_u32(tb[AUTH_SIGNAL]); } if (tb[AUTH_FREQ]) { - auth_req->freq = blobmsg_get_u32(tb[AUTH_FREQ]); + client_req->freq = blobmsg_get_u32(tb[AUTH_FREQ]); } return 0; } -int parse_to_assoc_req(struct blob_attr *msg, assoc_entry *assoc_req) { - dawnlog_debug_func("Entering..."); - - return (parse_to_auth_req(msg, assoc_req)); -} - int parse_to_beacon_rep(struct blob_attr *msg) { struct blob_attr *tb[__BEACON_REP_MAX]; struct dawn_mac msg_bssid; @@ -365,17 +353,17 @@ bool discard_entry = true; dawnlog_debug_func("Entering..."); - auth_entry *auth_req = dawn_malloc(sizeof(struct auth_entry_s)); + client_req_entry *auth_req = dawn_malloc(sizeof(struct client_req_entry_s)); if (auth_req == NULL) { dawnlog_error("Memory allocation of auth req failed!"); return ret; // Allow if we can't evalute a reason to deny } - parse_to_auth_req(msg, auth_req); + parse_to_client_req(msg, auth_req); dawnlog_debug("Auth entry: "); - print_auth_entry(DAWNLOG_DEBUG, auth_req); + print_client_req_entry(DAWNLOG_DEBUG, auth_req); if (dawn_metric.eval_auth_req <= 0) { dawnlog_trace("Allow authentication due to not evaluating requests"); @@ -426,10 +414,6 @@ bool discard_entry = true; /*** End of decide_function() rework ***/ if (deny_request) { - if (dawn_metric.use_driver_recog) { - if (auth_req == insert_to_denied_req_array(auth_req, 1, time(0))) - discard_entry = false; - } ret = dawn_metric.deny_auth_reason; } } @@ -449,16 +433,16 @@ int discard_entry = true; dawnlog_debug_func("Entering..."); - auth_entry* assoc_req = dawn_malloc(sizeof(struct auth_entry_s)); + client_req_entry* assoc_req = dawn_malloc(sizeof(struct client_req_entry_s)); if (assoc_req == NULL) { dawnlog_error("Memory allocation of assoc req failed!"); return ret; // Allow if we can't evalute a reason to deny } - parse_to_assoc_req(msg, assoc_req); + parse_to_client_req(msg, assoc_req); dawnlog_debug("Association entry: "); - print_auth_entry(DAWNLOG_DEBUG, assoc_req); + print_client_req_entry(DAWNLOG_DEBUG, assoc_req); if (dawn_metric.eval_assoc_req <= 0) { dawnlog_trace("Allow association due to not evaluating requests"); @@ -510,10 +494,6 @@ int discard_entry = true; if (tmp != NULL) print_probe_entry(DAWNLOG_DEBUG, tmp); - if (dawn_metric.use_driver_recog) { - if (assoc_req == insert_to_denied_req_array(assoc_req, 1, time(0))) - discard_entry = false; - } ret = dawn_metric.deny_assoc_reason; } } @@ -1976,10 +1956,6 @@ void uloop_add_data_cbs() { uloop_timeout_add(&probe_timeout); // callback = remove_probe_array_cb uloop_timeout_add(&client_timeout); // callback = remove_client_array_cb uloop_timeout_add(&ap_timeout); // callback = remove_ap_array_cb - - if (dawn_metric.use_driver_recog) { - uloop_timeout_add(&denied_req_timeout); // callback = denied_req_array_cb - } } // TODO: Move mutex handling to remove_??? function to make test harness simpler? @@ -2019,20 +1995,6 @@ void remove_ap_array_cb(struct uloop_timeout* t) { uloop_timeout_set(&ap_timeout, timeout_config.remove_ap * 1000); } -// TODO: Move mutex handling to (new) remove_??? function to make test harness simpler? -// Or not needed as test harness not threaded? -void denied_req_array_cb(struct uloop_timeout* t) { - dawnlog_debug_func("Entering..."); - - pthread_mutex_lock(&denied_array_mutex); - dawnlog_debug("[ULOOP] : Processing denied authentication!\n"); - - remove_old_denied_req_entries(time(0), timeout_config.denied_req_threshold, true); - - pthread_mutex_unlock(&denied_array_mutex); - uloop_timeout_set(&denied_req_timeout, timeout_config.denied_req_threshold * 1000); -} - int send_add_mac(struct dawn_mac client_addr) { struct blob_buf b = {0};