Use monotonic clock for RADIUS cache timeouts
Use monotonic clock for both cache and query timeouts. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg
Jouni Malinen
parent
fe52c210cf
commit
af5389610b
1 changed files with 19 additions and 19 deletions
|
|
@ -29,7 +29,7 @@
|
||||||
|
|
||||||
|
|
||||||
struct hostapd_cached_radius_acl {
|
struct hostapd_cached_radius_acl {
|
||||||
os_time_t timestamp;
|
struct os_reltime timestamp;
|
||||||
macaddr addr;
|
macaddr addr;
|
||||||
int accepted; /* HOSTAPD_ACL_* */
|
int accepted; /* HOSTAPD_ACL_* */
|
||||||
struct hostapd_cached_radius_acl *next;
|
struct hostapd_cached_radius_acl *next;
|
||||||
|
|
@ -43,7 +43,7 @@ struct hostapd_cached_radius_acl {
|
||||||
|
|
||||||
|
|
||||||
struct hostapd_acl_query_data {
|
struct hostapd_acl_query_data {
|
||||||
os_time_t timestamp;
|
struct os_reltime timestamp;
|
||||||
u8 radius_id;
|
u8 radius_id;
|
||||||
macaddr addr;
|
macaddr addr;
|
||||||
u8 *auth_msg; /* IEEE 802.11 authentication frame from station */
|
u8 *auth_msg; /* IEEE 802.11 authentication frame from station */
|
||||||
|
|
@ -104,15 +104,16 @@ static int hostapd_acl_cache_get(struct hostapd_data *hapd, const u8 *addr,
|
||||||
char **identity, char **radius_cui)
|
char **identity, char **radius_cui)
|
||||||
{
|
{
|
||||||
struct hostapd_cached_radius_acl *entry;
|
struct hostapd_cached_radius_acl *entry;
|
||||||
struct os_time now;
|
struct os_reltime now;
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_reltime(&now);
|
||||||
|
|
||||||
for (entry = hapd->acl_cache; entry; entry = entry->next) {
|
for (entry = hapd->acl_cache; entry; entry = entry->next) {
|
||||||
if (os_memcmp(entry->addr, addr, ETH_ALEN) != 0)
|
if (os_memcmp(entry->addr, addr, ETH_ALEN) != 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
if (now.sec - entry->timestamp > RADIUS_ACL_TIMEOUT)
|
if (os_reltime_expired(&now, &entry->timestamp,
|
||||||
|
RADIUS_ACL_TIMEOUT))
|
||||||
return -1; /* entry has expired */
|
return -1; /* entry has expired */
|
||||||
if (entry->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT)
|
if (entry->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT)
|
||||||
if (session_timeout)
|
if (session_timeout)
|
||||||
|
|
@ -265,7 +266,6 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
|
||||||
return HOSTAPD_ACL_REJECT;
|
return HOSTAPD_ACL_REJECT;
|
||||||
#else /* CONFIG_NO_RADIUS */
|
#else /* CONFIG_NO_RADIUS */
|
||||||
struct hostapd_acl_query_data *query;
|
struct hostapd_acl_query_data *query;
|
||||||
struct os_time t;
|
|
||||||
|
|
||||||
/* Check whether ACL cache has an entry for this station */
|
/* Check whether ACL cache has an entry for this station */
|
||||||
int res = hostapd_acl_cache_get(hapd, addr, session_timeout,
|
int res = hostapd_acl_cache_get(hapd, addr, session_timeout,
|
||||||
|
|
@ -305,8 +305,7 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
|
||||||
wpa_printf(MSG_ERROR, "malloc for query data failed");
|
wpa_printf(MSG_ERROR, "malloc for query data failed");
|
||||||
return HOSTAPD_ACL_REJECT;
|
return HOSTAPD_ACL_REJECT;
|
||||||
}
|
}
|
||||||
os_get_time(&t);
|
os_get_reltime(&query->timestamp);
|
||||||
query->timestamp = t.sec;
|
|
||||||
os_memcpy(query->addr, addr, ETH_ALEN);
|
os_memcpy(query->addr, addr, ETH_ALEN);
|
||||||
if (hostapd_radius_acl_query(hapd, addr, query)) {
|
if (hostapd_radius_acl_query(hapd, addr, query)) {
|
||||||
wpa_printf(MSG_DEBUG, "Failed to send Access-Request "
|
wpa_printf(MSG_DEBUG, "Failed to send Access-Request "
|
||||||
|
|
@ -338,7 +337,8 @@ int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr,
|
||||||
|
|
||||||
|
|
||||||
#ifndef CONFIG_NO_RADIUS
|
#ifndef CONFIG_NO_RADIUS
|
||||||
static void hostapd_acl_expire_cache(struct hostapd_data *hapd, os_time_t now)
|
static void hostapd_acl_expire_cache(struct hostapd_data *hapd,
|
||||||
|
struct os_reltime *now)
|
||||||
{
|
{
|
||||||
struct hostapd_cached_radius_acl *prev, *entry, *tmp;
|
struct hostapd_cached_radius_acl *prev, *entry, *tmp;
|
||||||
|
|
||||||
|
|
@ -346,7 +346,8 @@ static void hostapd_acl_expire_cache(struct hostapd_data *hapd, os_time_t now)
|
||||||
entry = hapd->acl_cache;
|
entry = hapd->acl_cache;
|
||||||
|
|
||||||
while (entry) {
|
while (entry) {
|
||||||
if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) {
|
if (os_reltime_expired(now, &entry->timestamp,
|
||||||
|
RADIUS_ACL_TIMEOUT)) {
|
||||||
wpa_printf(MSG_DEBUG, "Cached ACL entry for " MACSTR
|
wpa_printf(MSG_DEBUG, "Cached ACL entry for " MACSTR
|
||||||
" has expired.", MAC2STR(entry->addr));
|
" has expired.", MAC2STR(entry->addr));
|
||||||
if (prev)
|
if (prev)
|
||||||
|
|
@ -367,7 +368,7 @@ static void hostapd_acl_expire_cache(struct hostapd_data *hapd, os_time_t now)
|
||||||
|
|
||||||
|
|
||||||
static void hostapd_acl_expire_queries(struct hostapd_data *hapd,
|
static void hostapd_acl_expire_queries(struct hostapd_data *hapd,
|
||||||
os_time_t now)
|
struct os_reltime *now)
|
||||||
{
|
{
|
||||||
struct hostapd_acl_query_data *prev, *entry, *tmp;
|
struct hostapd_acl_query_data *prev, *entry, *tmp;
|
||||||
|
|
||||||
|
|
@ -375,7 +376,8 @@ static void hostapd_acl_expire_queries(struct hostapd_data *hapd,
|
||||||
entry = hapd->acl_queries;
|
entry = hapd->acl_queries;
|
||||||
|
|
||||||
while (entry) {
|
while (entry) {
|
||||||
if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) {
|
if (os_reltime_expired(now, &entry->timestamp,
|
||||||
|
RADIUS_ACL_TIMEOUT)) {
|
||||||
wpa_printf(MSG_DEBUG, "ACL query for " MACSTR
|
wpa_printf(MSG_DEBUG, "ACL query for " MACSTR
|
||||||
" has expired.", MAC2STR(entry->addr));
|
" has expired.", MAC2STR(entry->addr));
|
||||||
if (prev)
|
if (prev)
|
||||||
|
|
@ -403,11 +405,11 @@ static void hostapd_acl_expire_queries(struct hostapd_data *hapd,
|
||||||
static void hostapd_acl_expire(void *eloop_ctx, void *timeout_ctx)
|
static void hostapd_acl_expire(void *eloop_ctx, void *timeout_ctx)
|
||||||
{
|
{
|
||||||
struct hostapd_data *hapd = eloop_ctx;
|
struct hostapd_data *hapd = eloop_ctx;
|
||||||
struct os_time now;
|
struct os_reltime now;
|
||||||
|
|
||||||
os_get_time(&now);
|
os_get_reltime(&now);
|
||||||
hostapd_acl_expire_cache(hapd, now.sec);
|
hostapd_acl_expire_cache(hapd, &now);
|
||||||
hostapd_acl_expire_queries(hapd, now.sec);
|
hostapd_acl_expire_queries(hapd, &now);
|
||||||
|
|
||||||
eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
|
eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL);
|
||||||
}
|
}
|
||||||
|
|
@ -480,7 +482,6 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
|
||||||
struct hostapd_acl_query_data *query, *prev;
|
struct hostapd_acl_query_data *query, *prev;
|
||||||
struct hostapd_cached_radius_acl *cache;
|
struct hostapd_cached_radius_acl *cache;
|
||||||
struct radius_hdr *hdr = radius_msg_get_hdr(msg);
|
struct radius_hdr *hdr = radius_msg_get_hdr(msg);
|
||||||
struct os_time t;
|
|
||||||
|
|
||||||
query = hapd->acl_queries;
|
query = hapd->acl_queries;
|
||||||
prev = NULL;
|
prev = NULL;
|
||||||
|
|
@ -515,8 +516,7 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
|
||||||
wpa_printf(MSG_DEBUG, "Failed to add ACL cache entry");
|
wpa_printf(MSG_DEBUG, "Failed to add ACL cache entry");
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
os_get_time(&t);
|
os_get_reltime(&cache->timestamp);
|
||||||
cache->timestamp = t.sec;
|
|
||||||
os_memcpy(cache->addr, query->addr, sizeof(cache->addr));
|
os_memcpy(cache->addr, query->addr, sizeof(cache->addr));
|
||||||
if (hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
|
if (hdr->code == RADIUS_CODE_ACCESS_ACCEPT) {
|
||||||
u8 *buf;
|
u8 *buf;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue