add a denied auths array

files/dawn.config

@@ -14,6 +14,7 @@ config hostapd
 
 config times
     option update_client        '10'
+    option denied_req_threshold '15'
     option remove_client        '15'
     option remove_probe         '120'
     option remove_ap            '460'

src/include/datastorage.h

@@ -67,6 +67,7 @@ struct time_config_s {
     time_t remove_ap;
     time_t update_hostapd;
     time_t update_tcp_con;
+    time_t denied_req_threshold;
 };
 
 struct network_config_s {
@@ -100,6 +101,7 @@ typedef struct probe_entry_s {
     uint8_t vht_support;
     time_t time;
     int counter;
+    int deny_counter;
 } probe_entry;
 
 typedef struct auth_entry_s {
@@ -108,6 +110,8 @@ typedef struct auth_entry_s {
     uint8_t target_addr[ETH_ALEN];
     uint32_t signal;
     uint32_t freq;
+    time_t time;
+    int counter;
 } auth_entry;
 
 typedef struct hostapd_notify_entry_s {
@@ -117,6 +121,11 @@ typedef struct hostapd_notify_entry_s {
 
 typedef struct auth_entry_s assoc_entry;
 
+#define DENY_REQ_ARRAY_LEN 100
+struct auth_entry_s denied_req_array[DENY_REQ_ARRAY_LEN];
+pthread_mutex_t denied_array_mutex;
+auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter);
+
 // ---------------- Defines ----------------
 #define PROBE_ARRAY_LEN 1000
 

src/main.c

@@ -86,6 +86,11 @@ int init_mutex() {
         printf("\n mutex init failed\n");
         return 1;
     }
+
+    if (pthread_mutex_init(&denied_array_mutex, NULL) != 0) {
+        printf("\n mutex init failed\n");
+        return 1;
+    }
     return 0;
 }
 

src/storage/datastorage.c

@@ -45,10 +45,21 @@ int compare_station_count(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compar
                           int automatic_kick);
 int compare_ssid(uint8_t *bssid_addr_own, uint8_t *bssid_addr_to_compare);
 
+void denied_req_array_insert(auth_entry entry);
+
+auth_entry denied_req_array_delete(auth_entry entry);
+
+int denied_req_array_go_next(char sort_order[], int i, auth_entry entry,
+                             auth_entry next_entry);
+
+int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry,
+                                  auth_entry next_entry);
+
 int probe_entry_last = -1;
 int client_entry_last = -1;
 int ap_entry_last = -1;
 int mac_list_entry_last = -1;
+int denied_req_last = -1;
 
 void remove_probe_array_cb(struct uloop_timeout *t);
 
@@ -68,6 +79,12 @@ struct uloop_timeout ap_timeout = {
         .cb = remove_ap_array_cb
 };
 
+void denied_req_array_cb(struct uloop_timeout *t);
+
+struct uloop_timeout denied_req_timeout = {
+        .cb = denied_req_array_cb
+};
+
 int build_hearing_map_sort_client(struct blob_buf *b)
 {
     print_probe_array();
@@ -830,6 +847,7 @@ void uloop_add_data_cbs() {
     uloop_timeout_add(&probe_timeout);
     uloop_timeout_add(&client_timeout);
     uloop_timeout_add(&ap_timeout);
+    uloop_timeout_add(&denied_req_timeout);
 }
 
 void remove_probe_array_cb(struct uloop_timeout *t) {
@@ -857,6 +875,34 @@ void remove_ap_array_cb(struct uloop_timeout *t) {
     uloop_timeout_set(&ap_timeout, timeout_config.remove_ap * 1000);
 }
 
+void denied_req_array_cb(struct uloop_timeout *t) {
+    pthread_mutex_lock(&denied_array_mutex);
+    printf("[ULOOP] : Processing denied AUTH!\n");
+
+    time_t current_time = time(0);
+
+    for (int i = 0; i <= denied_req_last; i++) {
+        // check counter
+
+        //check timer
+        if (denied_req_array[i].time < current_time - timeout_config.denied_req_threshold) {
+
+            // client is not connected for a given time threshold!
+            if(!is_connected(denied_req_array[i].bssid_addr, denied_req_array[i].client_addr))
+            {
+                printf("Client has propaly a BAD DRIVER!\n");
+                if (insert_to_maclist(denied_req_array[i].client_addr) == 0) {
+                    send_add_mac(denied_req_array[i].client_addr);
+                    write_mac_to_file("/etc/dawn/mac_list", denied_req_array[i].client_addr);
+                }
+            }
+            denied_req_array_delete(denied_req_array[i]);
+        }
+    }
+    pthread_mutex_unlock(&denied_array_mutex);
+    uloop_timeout_set(&denied_req_timeout, timeout_config.denied_req_threshold * 1000);
+}
+
 void insert_client_to_array(client entry) {
     pthread_mutex_lock(&client_array_mutex);
     entry.time = time(0);
@@ -933,7 +979,108 @@ int mac_in_maclist(uint8_t mac[])
     return 0;
 }
 
+auth_entry insert_to_denied_req_array(auth_entry entry, int inc_counter) {
+    pthread_mutex_lock(&denied_array_mutex);
 
+    entry.time = time(0);
+    entry.counter = 0;
+    auth_entry tmp = denied_req_array_delete(entry);
+
+    if (mac_is_equal(entry.bssid_addr, tmp.bssid_addr)
+        && mac_is_equal(entry.client_addr, tmp.client_addr)) {
+        entry.counter = tmp.counter;
+    }
+
+    if (inc_counter) {
+
+        entry.counter++;
+    }
+
+    denied_req_array_insert(entry);
+
+    pthread_mutex_unlock(&denied_array_mutex);
+
+    return entry;
+}
+
+int denied_req_array_go_next_help(char sort_order[], int i, auth_entry entry,
+                              auth_entry next_entry) {
+    switch (sort_order[i]) {
+        // bssid-mac
+        case 'b':
+            return mac_is_greater(entry.bssid_addr, next_entry.bssid_addr);
+            // client-mac
+        case 'c':
+            return mac_is_greater(entry.client_addr, next_entry.client_addr) &&
+                   mac_is_equal(entry.bssid_addr, next_entry.bssid_addr);
+        default:
+            break;
+    }
+    return 0;
+}
+
+int denied_req_array_go_next(char sort_order[], int i, auth_entry entry,
+                         auth_entry next_entry) {
+    int conditions = 1;
+    for (int j = 0; j < i; j++) {
+        i &= !(denied_req_array_go_next(sort_order, j, entry, next_entry));
+    }
+    return conditions && denied_req_array_go_next_help(sort_order, i, entry, next_entry);
+}
+
+void denied_req_array_insert(auth_entry entry) {
+    if (denied_req_last == -1) {
+        denied_req_array[0] = entry;
+        denied_req_last++;
+        return;
+    }
+
+    int i;
+    for (i = 0; i <= denied_req_last; i++) {
+        if (!denied_req_array_go_next("bc", 2, entry, denied_req_array[i])) {
+            break;
+        }
+    }
+    for (int j = denied_req_last; j >= i; j--) {
+        if (j + 1 <= DENY_REQ_ARRAY_LEN) {
+            denied_req_array[j + 1] = denied_req_array[j];
+        }
+    }
+    denied_req_array[i] = entry;
+
+    if (denied_req_last < DENY_REQ_ARRAY_LEN) {
+        denied_req_last++;
+    }
+}
+
+auth_entry denied_req_array_delete(auth_entry entry) {
+
+    int i;
+    int found_in_array = 0;
+    auth_entry tmp;
+
+    if (denied_req_last == -1) {
+        return tmp;
+    }
+
+    for (i = 0; i <= denied_req_last; i++) {
+        if (mac_is_equal(entry.bssid_addr, denied_req_array[i].bssid_addr) &&
+            mac_is_equal(entry.client_addr, denied_req_array[i].client_addr)) {
+            found_in_array = 1;
+            tmp = denied_req_array[i];
+            break;
+        }
+    }
+
+    for (int j = i; j < denied_req_last; j++) {
+        denied_req_array[j] = denied_req_array[j + 1];
+    }
+
+    if (denied_req_last > -1 && found_in_array) {
+        denied_req_last--;
+    }
+    return tmp;
+}
 
 
 

src/utils/dawn_uci.c

@@ -33,6 +33,7 @@ struct time_config_s uci_get_time_config() {
             ret.update_hostapd = uci_lookup_option_int(uci_ctx, s, "update_hostapd");
             ret.remove_ap = uci_lookup_option_int(uci_ctx, s, "remove_ap");
             ret.update_tcp_con = uci_lookup_option_int(uci_ctx, s, "update_tcp_con");
+            ret.denied_req_threshold = uci_lookup_option_int(uci_ctx, s, "denied_req_threshold");
             return ret;
         }
     }

src/utils/ubus.c

@@ -405,6 +405,7 @@ static int handle_auth_req(struct blob_attr *msg) {
     print_probe_array();
     auth_entry auth_req;
     parse_to_auth_req(msg, &auth_req);
+
     printf("AUTH Entry: ");
     print_auth_entry(auth_req);
 
@@ -416,15 +417,18 @@ static int handle_auth_req(struct blob_attr *msg) {
     // block if entry was not already found in probe database
     if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) {
         printf("DENY AUTH!\n");
+        insert_to_denied_req_array(auth_req, 1);
         return dawn_metric.deny_auth_reason;
     }
 
     if (!decide_function(&tmp, REQ_TYPE_AUTH)) {
         printf("DENY AUTH\n");
-
+        insert_to_denied_req_array(auth_req, 1);
         return dawn_metric.deny_auth_reason;
     }
 
+    // maybe send here that the client is connected?
+
     printf("ALLOW AUTH!\n");
     return WLAN_STATUS_SUCCESS;
 }
@@ -445,11 +449,13 @@ static int handle_assoc_req(struct blob_attr *msg) {
     // block if entry was not already found in probe database
     if (!(mac_is_equal(tmp.bssid_addr, auth_req.bssid_addr) && mac_is_equal(tmp.client_addr, auth_req.client_addr))) {
         printf("DENY ASSOC!\n");
+        insert_to_denied_req_array(auth_req, 1);
         return dawn_metric.deny_assoc_reason;
     }
 
     if (!decide_function(&tmp, REQ_TYPE_ASSOC)) {
         printf("DENY ASSOC\n");
+        insert_to_denied_req_array(auth_req, 1);
         return dawn_metric.deny_assoc_reason;
     }