[B.A.T.M.A.N.] [PATCH 0/3] Implement the AP-Isolation mechanism

[B.A.T.M.A.N.] [PATCH 0/3] Implement the AP-Isolation mechanism

[Antonio Quartulli]

This patchset introduces the AP-isolation functionality. As for common access
points, the AP-isolation is a mechanism that prevents clients to communicate
to each other. In batman-adv the AP-isolation, if activated, will prevent
"WIFI bridged-in clients" to communicate with any other "WIFI bridged-in
client".

The first patch introduces a mechanism which permit to detect the interface type
used by a client and to possibly mark its tt_local_entry in case of WIFI. This
information is then spread over the network within the TT announcements.

The other two patches implement the AP-isolation mechanism which exploits the
WIFI mark (on tt_entries) to prevent communications between WIFI clients.

The "AP-isolation check" is done either on the receiver and on the sender side.

Best regards,
	Antonio Quartulli

[B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Antonio Quartulli]

Clients connected through a 802.11 device are now marked with the
TT_CLIENT_WIFI flag. This flag is also advertised with the tt
announcement.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 compat.h            |    2 +
 main.c              |    2 +-
 packet.h            |    3 +-
 routing.c           |    2 +-
 soft-interface.c    |    4 +-
 translation-table.c |   59 ++++++++++++++++++++++++++++++++++++++++----------
 translation-table.h |   17 +++++++++-----
 types.h             |    2 +-
 8 files changed, 67 insertions(+), 24 deletions(-)

diff --git a/compat.h b/compat.h
index 66a8adc..f1965d0 100644
--- a/compat.h
+++ b/compat.h
@@ -263,6 +263,8 @@ int bat_seq_printf(struct seq_file *m, const char *f, ...);
 
 #define __always_unused			__attribute__((unused))
 
+#define skb_iif iif
+
 #endif /* < KERNEL_VERSION(2, 6, 33) */
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34)
diff --git a/main.c b/main.c
index c2b06b7..9f3ff52 100644
--- a/main.c
+++ b/main.c
@@ -108,7 +108,7 @@ int mesh_init(struct net_device *soft_iface)
 	if (tt_init(bat_priv) < 1)
 		goto err;
 
-	tt_local_add(soft_iface, soft_iface->dev_addr);
+	tt_local_add(soft_iface, soft_iface->dev_addr, 0);
 
 	if (vis_init(bat_priv) < 1)
 		goto err;
diff --git a/packet.h b/packet.h
index 0c3e44d..d1bbdbc 100644
--- a/packet.h
+++ b/packet.h
@@ -75,7 +75,8 @@ enum tt_query_flags {
 /* TT_CHANGE flags */
 enum tt_change_flags {
 	TT_CHANGE_DEL  = 0x01,
-	TT_CLIENT_ROAM = 0x02
+	TT_CLIENT_ROAM = 0x02,
+	TT_CLIENT_WIFI = 0x04
 };
 
 struct batman_packet {
diff --git a/routing.c b/routing.c
index c620d4f..70c39dd 100644
--- a/routing.c
+++ b/routing.c
@@ -1290,7 +1290,7 @@ int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if)
 		roam_adv_packet->client);
 
 	tt_global_add(bat_priv, orig_node, roam_adv_packet->client,
-		      atomic_read(&orig_node->last_ttvn) + 1, true);
+		      atomic_read(&orig_node->last_ttvn) + 1, true, false);
 
 	/* Roaming phase starts: I have new information but the ttvn has not
 	 * been incremented yet. This flag will make me check all the incoming
diff --git a/soft-interface.c b/soft-interface.c
index b268f85..60234af 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -535,7 +535,7 @@ static int interface_set_mac_addr(struct net_device *dev, void *p)
 	if (atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE) {
 		tt_local_remove(bat_priv, dev->dev_addr,
 				"mac address changed", false);
-		tt_local_add(dev, addr->sa_data);
+		tt_local_add(dev, addr->sa_data, 0);
 	}
 
 	memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
@@ -593,7 +593,7 @@ int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
 		goto dropped;
 
 	/* Register the client MAC in the transtable */
-	tt_local_add(soft_iface, ethhdr->h_source);
+	tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
 
 	if (is_multicast_ether_addr(ethhdr->h_dest)) {
 		ret = gw_is_target(bat_priv, skb);
diff --git a/translation-table.c b/translation-table.c
index d2a9f80..1d4c34c 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -144,7 +144,7 @@ static void tt_global_entry_free_ref(struct tt_global_entry *tt_global_entry)
 }
 
 static void tt_local_event(struct bat_priv *bat_priv, uint8_t op,
-			   const uint8_t *addr, bool roaming)
+			   const uint8_t *addr, bool roaming, bool wifi)
 {
 	struct tt_change_node *tt_change_node;
 
@@ -158,6 +158,9 @@ static void tt_local_event(struct bat_priv *bat_priv, uint8_t op,
 	if (roaming)
 		tt_change_node->change.flags |= TT_CLIENT_ROAM;
 
+	if (wifi)
+		tt_change_node->change.flags |= TT_CLIENT_WIFI;
+
 	memcpy(tt_change_node->change.addr, addr, ETH_ALEN);
 
 	spin_lock_bh(&bat_priv->tt_changes_list_lock);
@@ -187,7 +190,31 @@ static int tt_local_init(struct bat_priv *bat_priv)
 	return 1;
 }
 
-void tt_local_add(struct net_device *soft_iface, const uint8_t *addr)
+/* This function check whether the interface represented by ifindex is a
+ * 802.11 wireless device or not. If so the tt_local_entry is marked with the
+ * TT_CLIENT_WIFI flag */
+static void tt_check_iface(struct tt_local_entry *tt_local_entry, int ifindex)
+{
+	struct net_device *net_device;
+
+	net_device = dev_get_by_index(&init_net, ifindex);
+	if (!net_device)
+		return;
+
+#ifdef CONFIG_WIRELESS_EXT
+	/* pre-cfg80211 driver have to implement WEXT, so it is possible to
+	 * check for wireless_handlers != NULL */
+	if (net_device->wireless_handlers)
+		tt_local_entry->flags |= TT_CLIENT_WIFI;
+	else
+#endif
+		/* cfg80211 drivers have to set ieee80211_ptr */
+		if (net_device->ieee80211_ptr)
+			tt_local_entry->flags |= TT_CLIENT_WIFI;
+}
+
+void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
+		  int ifindex)
 {
 	struct bat_priv *bat_priv = netdev_priv(soft_iface);
 	struct tt_local_entry *tt_local_entry = NULL;
@@ -204,21 +231,22 @@ void tt_local_add(struct net_device *soft_iface, const uint8_t *addr)
 	if (!tt_local_entry)
 		goto out;
 
-	tt_local_event(bat_priv, NO_FLAGS, addr, false);
-
 	bat_dbg(DBG_TT, bat_priv,
 		"Creating new local tt entry: %pM (ttvn: %d)\n", addr,
 		(uint8_t)atomic_read(&bat_priv->ttvn));
 
 	memcpy(tt_local_entry->addr, addr, ETH_ALEN);
 	tt_local_entry->last_seen = jiffies;
+	tt_local_entry->flags = 0;
+	tt_check_iface(tt_local_entry, ifindex);
 	atomic_set(&tt_local_entry->refcount, 2);
 
 	/* the batman interface mac address should never be purged */
 	if (compare_eth(addr, soft_iface->dev_addr))
-		tt_local_entry->never_purge = 1;
-	else
-		tt_local_entry->never_purge = 0;
+		tt_local_entry->flags |= TT_LOCAL_NOPURGE;
+
+	tt_local_event(bat_priv, NO_FLAGS, addr, false,
+		       tt_local_entry->flags & TT_CLIENT_WIFI);
 
 	hash_add(bat_priv->tt_local_hash, compare_ltt, choose_orig,
 		 tt_local_entry, &tt_local_entry->hash_entry);
@@ -388,7 +416,8 @@ void tt_local_remove(struct bat_priv *bat_priv, const uint8_t *addr,
 	if (!tt_local_entry)
 		goto out;
 
-	tt_local_event(bat_priv, TT_CHANGE_DEL, tt_local_entry->addr, roaming);
+	tt_local_event(bat_priv, TT_CHANGE_DEL, tt_local_entry->addr, roaming,
+		       false);
 	tt_local_del(bat_priv, tt_local_entry, message);
 out:
 	if (tt_local_entry)
@@ -411,7 +440,7 @@ static void tt_local_purge(struct bat_priv *bat_priv)
 		spin_lock_bh(list_lock);
 		hlist_for_each_entry_safe(tt_local_entry, node, node_tmp,
 					  head, hash_entry) {
-			if (tt_local_entry->never_purge)
+			if (tt_local_entry->flags & TT_LOCAL_NOPURGE)
 				continue;
 
 			if (!is_out_of_time(tt_local_entry->last_seen,
@@ -419,7 +448,7 @@ static void tt_local_purge(struct bat_priv *bat_priv)
 				continue;
 
 			tt_local_event(bat_priv, TT_CHANGE_DEL,
-				       tt_local_entry->addr, false);
+				       tt_local_entry->addr, false, false);
 			atomic_dec(&bat_priv->num_local_tt);
 			bat_dbg(DBG_TT, bat_priv, "Deleting local "
 				"tt entry (%pM): timed out\n",
@@ -495,7 +524,8 @@ static void tt_changes_list_free(struct bat_priv *bat_priv)
 
 /* caller must hold orig_node refcount */
 int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
-		  const unsigned char *tt_addr, uint8_t ttvn, bool roaming)
+		  const unsigned char *tt_addr, uint8_t ttvn, bool roaming,
+		  bool wifi)
 {
 	struct tt_global_entry *tt_global_entry;
 	struct orig_node *orig_node_tmp;
@@ -537,6 +567,9 @@ int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
 		tt_global_entry->roam_at = 0;
 	}
 
+	if (wifi)
+		tt_global_entry->flags |= TT_CLIENT_WIFI;
+
 	bat_dbg(DBG_TT, bat_priv,
 		"Creating new global tt entry: %pM (via %pM)\n",
 		tt_global_entry->addr, orig_node->orig);
@@ -1342,7 +1375,9 @@ static void _tt_update_changes(struct bat_priv *bat_priv,
 				      (tt_change + i)->flags & TT_CLIENT_ROAM);
 		else
 			if (!tt_global_add(bat_priv, orig_node,
-					   (tt_change + i)->addr, ttvn, false))
+					   (tt_change + i)->addr, ttvn, false,
+					   (tt_change + i)->flags &
+							TT_CLIENT_WIFI))
 				/* In case of problem while storing a
 				 * global_entry, we stop the updating
 				 * procedure without committing the
diff --git a/translation-table.h b/translation-table.h
index 1cd2d39..b62ae00 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -22,20 +22,25 @@
 #ifndef _NET_BATMAN_ADV_TRANSLATION_TABLE_H_
 #define _NET_BATMAN_ADV_TRANSLATION_TABLE_H_
 
+/* Transtable local entry flags */
+enum tt_local_flags {
+	TT_LOCAL_NOPURGE = 0x01
+};
+
 int tt_len(int changes_num);
 int tt_changes_fill_buffer(struct bat_priv *bat_priv,
 			   unsigned char *buff, int buff_len);
 int tt_init(struct bat_priv *bat_priv);
-void tt_local_add(struct net_device *soft_iface, const uint8_t *addr);
+void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
+		  int ifindex);
 void tt_local_remove(struct bat_priv *bat_priv,
 		     const uint8_t *addr, const char *message, bool roaming);
 int tt_local_seq_print_text(struct seq_file *seq, void *offset);
-void tt_global_add_orig(struct bat_priv *bat_priv,
-			struct orig_node *orig_node,
+void tt_global_add_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
 			const unsigned char *tt_buff, int tt_buff_len);
-int tt_global_add(struct bat_priv *bat_priv,
-		  struct orig_node *orig_node, const unsigned char *addr,
-		  uint8_t ttvn, bool roaming);
+int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
+		  const unsigned char *addr, uint8_t ttvn, bool roaming,
+		  bool wifi);
 int tt_global_seq_print_text(struct seq_file *seq, void *offset);
 void tt_global_del_orig(struct bat_priv *bat_priv,
 			struct orig_node *orig_node, const char *message);
diff --git a/types.h b/types.h
index 11e8569..0d85ba7 100644
--- a/types.h
+++ b/types.h
@@ -223,7 +223,7 @@ struct socket_packet {
 struct tt_local_entry {
 	uint8_t addr[ETH_ALEN];
 	unsigned long last_seen;
-	char never_purge;
+	uint8_t flags;
 	atomic_t refcount;
 	struct rcu_head rcu;
 	struct hlist_node hash_entry;
-- 
1.7.3.4

[B.A.T.M.A.N.] [PATCH 2/3] batman-adv: implement AP-isolation on the sender side

[Antonio Quartulli]

If a node has to send a packet issued by a WIFI client to another WIFI client,
the packet is dropped.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 bat_sysfs.c          |    2 ++
 routing.c            |    2 +-
 soft-interface.c     |    1 +
 sysfs-class-net-mesh |    8 ++++++++
 translation-table.c  |   38 ++++++++++++++++++++++++++++++++------
 translation-table.h  |    2 +-
 types.h              |    1 +
 unicast.c            |    6 ++++--
 8 files changed, 50 insertions(+), 10 deletions(-)

diff --git a/bat_sysfs.c b/bat_sysfs.c
index 63738ec..29cba25 100644
--- a/bat_sysfs.c
+++ b/bat_sysfs.c
@@ -366,6 +366,7 @@ static ssize_t store_gw_bwidth(struct kobject *kobj, struct attribute *attr,
 BAT_ATTR_BOOL(aggregated_ogms, S_IRUGO | S_IWUSR, NULL);
 BAT_ATTR_BOOL(bonding, S_IRUGO | S_IWUSR, NULL);
 BAT_ATTR_BOOL(fragmentation, S_IRUGO | S_IWUSR, update_min_mtu);
+BAT_ATTR_BOOL(ap_isolation, S_IRUGO | S_IWUSR, NULL);
 static BAT_ATTR(vis_mode, S_IRUGO | S_IWUSR, show_vis_mode, store_vis_mode);
 static BAT_ATTR(gw_mode, S_IRUGO | S_IWUSR, show_gw_mode, store_gw_mode);
 BAT_ATTR_UINT(orig_interval, S_IRUGO | S_IWUSR, 2 * JITTER, INT_MAX, NULL);
@@ -382,6 +383,7 @@ static struct bat_attribute *mesh_attrs[] = {
 	&bat_attr_aggregated_ogms,
 	&bat_attr_bonding,
 	&bat_attr_fragmentation,
+	&bat_attr_ap_isolation,
 	&bat_attr_vis_mode,
 	&bat_attr_gw_mode,
 	&bat_attr_orig_interval,
diff --git a/routing.c b/routing.c
index 70c39dd..d5fd35f 100644
--- a/routing.c
+++ b/routing.c
@@ -1527,7 +1527,7 @@ static int check_unicast_ttvn(struct bat_priv *bat_priv,
 
 		ethhdr = (struct ethhdr *)(skb->data +
 			sizeof(struct unicast_packet));
-		orig_node = transtable_search(bat_priv, ethhdr->h_dest);
+		orig_node = transtable_search(bat_priv, NULL, ethhdr->h_dest);
 
 		if (!orig_node) {
 			if (!is_my_client(bat_priv, ethhdr->h_dest))
diff --git a/soft-interface.c b/soft-interface.c
index 60234af..6489665 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -817,6 +817,7 @@ struct net_device *softif_create(const char *name)
 
 	atomic_set(&bat_priv->aggregated_ogms, 1);
 	atomic_set(&bat_priv->bonding, 0);
+	atomic_set(&bat_priv->ap_isolation, 0);
 	atomic_set(&bat_priv->vis_mode, VIS_TYPE_CLIENT_UPDATE);
 	atomic_set(&bat_priv->gw_mode, GW_MODE_OFF);
 	atomic_set(&bat_priv->gw_sel_class, 20);
diff --git a/sysfs-class-net-mesh b/sysfs-class-net-mesh
index 748fe17..b020014 100644
--- a/sysfs-class-net-mesh
+++ b/sysfs-class-net-mesh
@@ -22,6 +22,14 @@ Description:
                 mesh will be fragmented or silently discarded if the
                 packet size exceeds the outgoing interface MTU.
 
+What:		/sys/class/net/<mesh_iface>/mesh/ap_isolation
+Date:		May 2011
+Contact:	Antonio Quartulli <ordex@autistici.org>
+Description:
+		Indicates whether the data traffic going from a
+		wireless client to another wireless client will be
+		silently dropped.
+
 What:           /sys/class/net/<mesh_iface>/mesh/gw_bandwidth
 Date:           October 2010
 Contact:        Marek Lindner <lindner_marek@yahoo.de>
diff --git a/translation-table.c b/translation-table.c
index 1d4c34c..e0c5945 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -807,25 +807,51 @@ static void tt_global_table_free(struct bat_priv *bat_priv)
 	bat_priv->tt_global_hash = NULL;
 }
 
+static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
+			    struct tt_global_entry *tt_global_entry)
+{
+	bool ret = false;
+
+	if (tt_local_entry->flags & TT_CLIENT_WIFI &&
+	    tt_global_entry->flags & TT_CLIENT_WIFI)
+		ret = true;
+
+	return ret;
+}
+
 struct orig_node *transtable_search(struct bat_priv *bat_priv,
-				    const uint8_t *addr)
+				    const uint8_t *src, const uint8_t *addr)
 {
-	struct tt_global_entry *tt_global_entry;
+	struct tt_local_entry *tt_local_entry = NULL;
+	struct tt_global_entry *tt_global_entry = NULL;
 	struct orig_node *orig_node = NULL;
 
-	tt_global_entry = tt_global_hash_find(bat_priv, addr);
+	if (src && atomic_read(&bat_priv->ap_isolation)) {
+		tt_local_entry = tt_local_hash_find(bat_priv, src);
+		if (!tt_local_entry)
+			goto out;
+	}
 
+	tt_global_entry = tt_global_hash_find(bat_priv, addr);
 	if (!tt_global_entry)
 		goto out;
 
+	/* check whether the clients should not communicate due to AP
+	 * isolation */
+	if (tt_local_entry && _is_ap_isolated(tt_local_entry, tt_global_entry))
+		goto out;
+
 	if (!atomic_inc_not_zero(&tt_global_entry->orig_node->refcount))
-		goto free_tt;
+		goto out;
 
 	orig_node = tt_global_entry->orig_node;
 
-free_tt:
-	tt_global_entry_free_ref(tt_global_entry);
 out:
+	if (tt_global_entry)
+		tt_global_entry_free_ref(tt_global_entry);
+	if (tt_local_entry)
+		tt_local_entry_free_ref(tt_local_entry);
+
 	return orig_node;
 }
 
diff --git a/translation-table.h b/translation-table.h
index b62ae00..3055b8b 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -48,7 +48,7 @@ void tt_global_del(struct bat_priv *bat_priv,
 		   struct orig_node *orig_node, const unsigned char *addr,
 		   const char *message, bool roaming);
 struct orig_node *transtable_search(struct bat_priv *bat_priv,
-				    const uint8_t *addr);
+				    const uint8_t *src, const uint8_t *addr);
 void tt_save_orig_buffer(struct bat_priv *bat_priv, struct orig_node *orig_node,
 			 const unsigned char *tt_buff, uint8_t tt_num_changes);
 uint16_t tt_local_crc(struct bat_priv *bat_priv);
diff --git a/types.h b/types.h
index 0d85ba7..2ec748d 100644
--- a/types.h
+++ b/types.h
@@ -146,6 +146,7 @@ struct bat_priv {
 	atomic_t aggregated_ogms;	/* boolean */
 	atomic_t bonding;		/* boolean */
 	atomic_t fragmentation;		/* boolean */
+	atomic_t ap_isolation;		/* boolean */
 	atomic_t vis_mode;		/* VIS_TYPE_* */
 	atomic_t gw_mode;		/* GW_MODE_* */
 	atomic_t gw_sel_class;		/* uint */
diff --git a/unicast.c b/unicast.c
index 32b125f..07d1c1d 100644
--- a/unicast.c
+++ b/unicast.c
@@ -299,8 +299,10 @@ int unicast_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv)
 			goto find_router;
 	}
 
-	/* check for tt host - increases orig_node refcount */
-	orig_node = transtable_search(bat_priv, ethhdr->h_dest);
+	/* check for tt host - increases orig_node refcount.
+	 * returns NULL in case of AP isolation */
+	orig_node = transtable_search(bat_priv, ethhdr->h_source,
+				      ethhdr->h_dest);
 
 find_router:
 	/**
-- 
1.7.3.4

[B.A.T.M.A.N.] [PATCH 3/3] batman-adv: implement AP-isolation on the receiver side

[Antonio Quartulli]

When a node receives a unicast packet it checks if the source and the
destination client can communicate or not due to the AP isolation

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 soft-interface.c    |    3 +++
 translation-table.c |   30 ++++++++++++++++++++++++++++++
 translation-table.h |    1 +
 3 files changed, 34 insertions(+), 0 deletions(-)

diff --git a/soft-interface.c b/soft-interface.c
index 6489665..714a2af 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -733,6 +733,9 @@ void interface_rx(struct net_device *soft_iface,
 
 	soft_iface->last_rx = jiffies;
 
+	if (is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
+		goto dropped;
+
 	netif_rx(skb);
 	goto out;
 
diff --git a/translation-table.c b/translation-table.c
index e0c5945..24e48e7 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -1683,3 +1683,33 @@ void tt_free(struct bat_priv *bat_priv)
 
 	kfree(bat_priv->tt_buff);
 }
+
+bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst)
+{
+	struct tt_local_entry *tt_local_entry = NULL;
+	struct tt_global_entry *tt_global_entry = NULL;
+	bool ret = true;
+
+	if (!atomic_read(&bat_priv->ap_isolation))
+		return false;
+
+	tt_local_entry = tt_local_hash_find(bat_priv, dst);
+	if (!tt_local_entry)
+		goto out;
+
+	tt_global_entry = tt_global_hash_find(bat_priv, src);
+	if (!tt_global_entry)
+		goto out;
+
+	if (_is_ap_isolated(tt_local_entry, tt_global_entry))
+		goto out;
+
+	ret = false;
+
+out:
+	if (tt_global_entry)
+		tt_global_entry_free_ref(tt_global_entry);
+	if (tt_local_entry)
+		tt_local_entry_free_ref(tt_local_entry);
+	return ret;
+}
diff --git a/translation-table.h b/translation-table.h
index 3055b8b..8080153 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -67,5 +67,6 @@ void handle_tt_response(struct bat_priv *bat_priv,
 			struct tt_query_packet *tt_response);
 void send_roam_adv(struct bat_priv *bat_priv, uint8_t *client,
 		   struct orig_node *orig_node);
+bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst);
 
 #endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
-- 
1.7.3.4

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Andrew Lunn]

Hi Antonio

>  
> -	tt_local_add(soft_iface, soft_iface->dev_addr);
> +	tt_local_add(soft_iface, soft_iface->dev_addr, 0);

Reading the code, it is not obvious what this 0 mean here. Did you see
Sven's recent patches which introduced enums in various places? Maybe
instead of a bool you could have an enum with two values: wired, wifi?

I've not looked at the other patches yet, but it might even make sense
to have enums for wired, AP, client, adhoc?

> +/* This function check whether the interface represented by ifindex is a
> + * 802.11 wireless device or not. If so the tt_local_entry is marked with the
> + * TT_CLIENT_WIFI flag */
> +static void tt_check_iface(struct tt_local_entry *tt_local_entry, int ifindex)

It would be nice to have a more descriptive name, one which tells you
what it is checking. Here it is clear, because of the comment, but
where it is actually used, it is not possible to know what the
function is checking.

Maybe what is actually needed is a function:

bool is_iface_wifi(int ifindex)

and maybe that should be in hard-interface.c? It could be that knowing
if an interface is wired or wifi could be useful in other places. This
was one of the discussions at WBMv4, giving preference to wired
interfaces over wireless.

	   Andrew

Re: [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: implement AP-isolation on the sender side

[Andrew Lunn]

Hi Antonio

> +static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
> +			    struct tt_global_entry *tt_global_entry)

The general pattern i've seen in linux code is that a function _foobar
is a helper for a function foobar. I don't see an is_ap_isolated()
here. So i would just call it is_ap_isolated.

      Andrew

Re: [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: implement AP-isolation on the receiver side

[Andrew Lunn]

> diff --git a/translation-table.c b/translation-table.c
> index e0c5945..24e48e7 100644
> --- a/translation-table.c
> +++ b/translation-table.c
> @@ -1683,3 +1683,33 @@ void tt_free(struct bat_priv *bat_priv)
>  
>  	kfree(bat_priv->tt_buff);
>  }
> +
> +bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst)

Doh!

O.K. The ordering could of been better... but the code at the end is
O.K, which is what matters.

     Andrew

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Antonio Quartulli]

Hi Andrew, Thank you for replying

On dom, giu 05, 2011 at 11:42:36 +0200, Andrew Lunn wrote:
> Hi Antonio
> 
> >  
> > -	tt_local_add(soft_iface, soft_iface->dev_addr);
> > +	tt_local_add(soft_iface, soft_iface->dev_addr, 0);
> 
> Reading the code, it is not obvious what this 0 mean here. Did you see
> Sven's recent patches which introduced enums in various places? Maybe
> instead of a bool you could have an enum with two values: wired, wifi?
> 
> I've not looked at the other patches yet, but it might even make sense
> to have enums for wired, AP, client, adhoc?
>

Actually I only know whether the device is 802.11 or not. It could also be
something different from both wired and wireless. However you are right,
I should avoid the hardcoded zero. Maybe I can use NO_FLAGS as we did
for the other patches.

Later on someone else could add more enum values (interface types) and avoid
using NO_FLAGS here (TT_CLIENT_WIFI is an enum already).

> > +/* This function check whether the interface represented by ifindex is a
> > + * 802.11 wireless device or not. If so the tt_local_entry is marked with the
> > + * TT_CLIENT_WIFI flag */
> > +static void tt_check_iface(struct tt_local_entry *tt_local_entry, int ifindex)
> 
> It would be nice to have a more descriptive name, one which tells you
> what it is checking. Here it is clear, because of the comment, but
> where it is actually used, it is not possible to know what the
> function is checking.
> 
> Maybe what is actually needed is a function:
> 
> bool is_iface_wifi(int ifindex)
> 

sounds good. It is definitely simpler to read and to understand.

> and maybe that should be in hard-interface.c? It could be that knowing
> if an interface is wired or wifi could be useful in other places. This
> was one of the discussions at WBMv4, giving preference to wired
> interfaces over wireless.
> 

mh..Yes, once the function is named is_iface_wifi(), it makes definitely
sense to move it in hard-interface.c and make it usable by other part of
the code.


Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara ☭

Re: [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: implement AP-isolation on the receiver side

[Antonio Quartulli]

On dom, giu 05, 2011 at 11:55:52 +0200, Andrew Lunn wrote:
> > diff --git a/translation-table.c b/translation-table.c
> > index e0c5945..24e48e7 100644
> > --- a/translation-table.c
> > +++ b/translation-table.c
> > @@ -1683,3 +1683,33 @@ void tt_free(struct bat_priv *bat_priv)
> >  
> >  	kfree(bat_priv->tt_buff);
> >  }
> > +
> > +bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst)
> 
> Doh!
> 
> O.K. The ordering could of been better... but the code at the end is
> O.K, which is what matters.
> 

:-) I avoided to rename such function...so I directly called it _foobar
from the beginning.

Regards,


-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara ☭

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Antonio Quartulli]

Hi all,

On lun, giu 06, 2011 at 12:01:10 +0200, Antonio Quartulli wrote:
> Hi Andrew, Thank you for replying
> 
> On dom, giu 05, 2011 at 11:42:36 +0200, Andrew Lunn wrote:
> > Hi Antonio
> > 
> > >  
> > > -	tt_local_add(soft_iface, soft_iface->dev_addr);
> > > +	tt_local_add(soft_iface, soft_iface->dev_addr, 0);
> > 
> > Reading the code, it is not obvious what this 0 mean here. Did you see
> > Sven's recent patches which introduced enums in various places? Maybe
> > instead of a bool you could have an enum with two values: wired, wifi?
> > 
> > I've not looked at the other patches yet, but it might even make sense
> > to have enums for wired, AP, client, adhoc?
> >
> 
> Actually I only know whether the device is 802.11 or not. It could also be
> something different from both wired and wireless. However you are right,
> I should avoid the hardcoded zero. Maybe I can use NO_FLAGS as we did
> for the other patches.

Ok, this was not the case for NO_FLAGS (this is not a flag field).
I introduced a new constant:

#define NULL_IFINDEX 0 /* dummy ifindex used to avoid iface checks */

I can't use an enum here because it is just a simple MACRO, not a set of
values. However does it make sense to have several constats defined as
0? should we always use the same? But what about the name?

> Later on someone else could add more enum values (interface types) and avoid
> using NO_FLAGS here (TT_CLIENT_WIFI is an enum already).

It is late. I mixed things up. These are two separated issues:

1) With NULL_IFINDEX I account the hardcoded 0.

2) Later on more enum values similar to TT_CLIENT_WIFI (e.g.
TT_CLIENT_ETH, TT_CLIENT_ADHOC, etc..) can be added. But till now we
only have is_wifi_iface().

Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara ☭

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Marek Lindner]

On Sunday, June 05, 2011 11:01:02 PM Antonio Quartulli wrote:
> +/* This function returns true if the interface represented by ifindex is a
> + * 802.11 wireless device */
> +bool is_wifi_iface(int ifindex)
> +{
> +       struct net_device *net_device;
> +
> +       if (ifindex == NULL_IFINDEX)
> +               return false;
> +
> +       net_device = dev_get_by_index(&init_net, ifindex);
> +       if (!net_device)
> +               return false;
> +
> +#ifdef CONFIG_WIRELESS_EXT
> +       /* pre-cfg80211 drivers have to implement WEXT, so it is possible to
> +        * check for wireless_handlers != NULL */
> +       if (net_device->wireless_handlers)
> +               return true;
> +       else
> +#endif
> +               /* cfg80211 drivers have to set ieee80211_ptr */
> +               if (net_device->ieee80211_ptr)
> +                       return true;
> +       return false;
> +}

If I am not mistaken dev_get_by_index() increases a counter on the returned 
interface. We have to decrease that counter as soon as we don't need the 
interface anymore otherwise the interface can never be freed.


> @@ -108,7 +108,7 @@ int mesh_init(struct net_device *soft_iface)
>  	if (tt_init(bat_priv) < 1)
>  		goto err;
> 
> -	tt_local_add(soft_iface, soft_iface->dev_addr);
> +	tt_local_add(soft_iface, soft_iface->dev_addr, NULL_IFINDEX);

Are you sure 0 is not a valid index for any interface ?


>  static void tt_local_event(struct bat_priv *bat_priv, uint8_t op,
> -			   const uint8_t *addr, bool roaming)
> +			   const uint8_t *addr, bool roaming, bool wifi)

How about adding a set of flags (TT_CLIENT_ROAM / TT_CLIENT_WIFI / etc) 
instead of adding more and more bool arguments ? In several places the code 
converts one to the other which does not seem necessary.


> +void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
> +		  int ifindex)
>  {
>  	struct bat_priv *bat_priv = netdev_priv(soft_iface);
>  	struct tt_local_entry *tt_local_entry = NULL;
> @@ -204,21 +231,22 @@ void tt_local_add(struct net_device *soft_iface,
> const uint8_t *addr) if (!tt_local_entry)
>  		goto out;
> 
> -	tt_local_event(bat_priv, NO_FLAGS, addr, false);
> -
>  	bat_dbg(DBG_TT, bat_priv,
>  		"Creating new local tt entry: %pM (ttvn: %d)\n", addr,
>  		(uint8_t)atomic_read(&bat_priv->ttvn));
> 
>  	memcpy(tt_local_entry->addr, addr, ETH_ALEN);
>  	tt_local_entry->last_seen = jiffies;
> +	tt_local_entry->flags = 0;

Here you should make use of the NO_FLAGS define you introduced.  :-)


>  	/* the batman interface mac address should never be purged */
>  	if (compare_eth(addr, soft_iface->dev_addr))
> -		tt_local_entry->never_purge = 1;
> -	else
> -		tt_local_entry->never_purge = 0;
> +		tt_local_entry->flags |= TT_LOCAL_NOPURGE;
> +
> +	tt_local_event(bat_priv, NO_FLAGS, addr, false,
> +		       tt_local_entry->flags & TT_CLIENT_WIFI);

Changing "never_purge" to a flag probably is a good idea but should go into a 
separate patch.

Regards,
Marek

Re: [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: implement AP-isolation on the sender side

[Marek Lindner]

On Sunday, June 05, 2011 11:50:52 PM Andrew Lunn wrote:
> Hi Antonio
> 
> > +static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
> > +			    struct tt_global_entry *tt_global_entry)
> 
> The general pattern i've seen in linux code is that a function _foobar
> is a helper for a function foobar. I don't see an is_ap_isolated()
> here. So i would just call it is_ap_isolated.

I agree - I also wondered about where to find is_ap_isolated() when I saw 
_is_ap_isolated().

Regards,
Marek

Re: [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: implement AP-isolation on the receiver side

[Marek Lindner]

On Sunday, June 05, 2011 11:55:52 PM Andrew Lunn wrote:
> > diff --git a/translation-table.c b/translation-table.c
> > index e0c5945..24e48e7 100644
> > --- a/translation-table.c
> > +++ b/translation-table.c
> > @@ -1683,3 +1683,33 @@ void tt_free(struct bat_priv *bat_priv)
> > 
> >  	kfree(bat_priv->tt_buff);
> >  
> >  }
> > 
> > +
> > +bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t
> > *dst)
> 
> Doh!
> 
> O.K. The ordering could of been better... but the code at the end is
> O.K, which is what matters.

Aarrgh, same here. Let's see how many others fall into this trap.
How about reversing the order of these patches to avoid this "problem" ?

Regards,
Marek

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Antonio Quartulli]

On mer, giu 15, 2011 at 11:28:28 +0200, Marek Lindner wrote:
> On Sunday, June 05, 2011 11:01:02 PM Antonio Quartulli wrote:
> > +/* This function returns true if the interface represented by ifindex is a
> > + * 802.11 wireless device */
> > +bool is_wifi_iface(int ifindex)
> > +{
> > +       struct net_device *net_device;
> > +
> > +       if (ifindex == NULL_IFINDEX)
> > +               return false;
> > +
> > +       net_device = dev_get_by_index(&init_net, ifindex);
> > +       if (!net_device)
> > +               return false;
> > +
> > +#ifdef CONFIG_WIRELESS_EXT
> > +       /* pre-cfg80211 drivers have to implement WEXT, so it is possible to
> > +        * check for wireless_handlers != NULL */
> > +       if (net_device->wireless_handlers)
> > +               return true;
> > +       else
> > +#endif
> > +               /* cfg80211 drivers have to set ieee80211_ptr */
> > +               if (net_device->ieee80211_ptr)
> > +                       return true;
> > +       return false;
> > +}
> 
> If I am not mistaken dev_get_by_index() increases a counter on the returned 
> interface. We have to decrease that counter as soon as we don't need the 
> interface anymore otherwise the interface can never be freed.

Definitely right!

> 
> 
> > @@ -108,7 +108,7 @@ int mesh_init(struct net_device *soft_iface)
> >  	if (tt_init(bat_priv) < 1)
> >  		goto err;
> > 
> > -	tt_local_add(soft_iface, soft_iface->dev_addr);
> > +	tt_local_add(soft_iface, soft_iface->dev_addr, NULL_IFINDEX);
> 
> Are you sure 0 is not a valid index for any interface ?

Yes. You can also check the function dev_new_index() at
http://lxr.linux.no/linux+v2.6.39/net/core/dev.c#L5080
indexes start from 1 :)

> 
> 
> >  static void tt_local_event(struct bat_priv *bat_priv, uint8_t op,
> > -			   const uint8_t *addr, bool roaming)
> > +			   const uint8_t *addr, bool roaming, bool wifi)
> 
> How about adding a set of flags (TT_CLIENT_ROAM / TT_CLIENT_WIFI / etc) 
> instead of adding more and more bool arguments ? In several places the code 
> converts one to the other which does not seem necessary.

You mean simply passing a int value which is combination of the used
flags? mught be a good idea, even for further changes.

> 
> 
> > +void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
> > +		  int ifindex)
> >  {
> >  	struct bat_priv *bat_priv = netdev_priv(soft_iface);
> >  	struct tt_local_entry *tt_local_entry = NULL;
> > @@ -204,21 +231,22 @@ void tt_local_add(struct net_device *soft_iface,
> > const uint8_t *addr) if (!tt_local_entry)
> >  		goto out;
> > 
> > -	tt_local_event(bat_priv, NO_FLAGS, addr, false);
> > -
> >  	bat_dbg(DBG_TT, bat_priv,
> >  		"Creating new local tt entry: %pM (ttvn: %d)\n", addr,
> >  		(uint8_t)atomic_read(&bat_priv->ttvn));
> > 
> >  	memcpy(tt_local_entry->addr, addr, ETH_ALEN);
> >  	tt_local_entry->last_seen = jiffies;
> > +	tt_local_entry->flags = 0;
> 
> Here you should make use of the NO_FLAGS define you introduced.  :-)

Right :)

> 
> 
> >  	/* the batman interface mac address should never be purged */
> >  	if (compare_eth(addr, soft_iface->dev_addr))
> > -		tt_local_entry->never_purge = 1;
> > -	else
> > -		tt_local_entry->never_purge = 0;
> > +		tt_local_entry->flags |= TT_LOCAL_NOPURGE;
> > +
> > +	tt_local_event(bat_priv, NO_FLAGS, addr, false,
> > +		       tt_local_entry->flags & TT_CLIENT_WIFI);
> 
> Changing "never_purge" to a flag probably is a good idea but should go into a 
> separate patch.

Ok, I'll propose a separated patch.

Thank you for reviewing!

Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: implement AP-isolation on the receiver side

[Antonio Quartulli]

On mer, giu 15, 2011 at 11:42:38 +0200, Marek Lindner wrote:
> On Sunday, June 05, 2011 11:55:52 PM Andrew Lunn wrote:
> > > diff --git a/translation-table.c b/translation-table.c
> > > index e0c5945..24e48e7 100644
> > > --- a/translation-table.c
> > > +++ b/translation-table.c
> > > @@ -1683,3 +1683,33 @@ void tt_free(struct bat_priv *bat_priv)
> > > 
> > >  	kfree(bat_priv->tt_buff);
> > >  
> > >  }
> > > 
> > > +
> > > +bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t
> > > *dst)
> > 
> > Doh!
> > 
> > O.K. The ordering could of been better... but the code at the end is
> > O.K, which is what matters.
> 
> Aarrgh, same here. Let's see how many others fall into this trap.
> How about reversing the order of these patches to avoid this "problem" ?

Mh...the patches should be independent from each other. ok I like your
suggestion :)

Thank you!

Regards,

-- 
Antonio Quartulli

..each of us alone is worth nothing..
Ernesto "Che" Guevara

Re: [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: detect clients connected through a 802.11 device

[Marek Lindner]

On Thursday, June 16, 2011 12:43:55 AM Antonio Quartulli wrote:
> > > -	tt_local_add(soft_iface, soft_iface->dev_addr);
> > > +	tt_local_add(soft_iface, soft_iface->dev_addr, NULL_IFINDEX);
> > 
> > Are you sure 0 is not a valid index for any interface ?
> 
> Yes. You can also check the function dev_new_index() at
> http://lxr.linux.no/linux+v2.6.39/net/core/dev.c#L5080
> indexes start from 1 :)

Ok.


> > How about adding a set of flags (TT_CLIENT_ROAM / TT_CLIENT_WIFI / etc)
> > instead of adding more and more bool arguments ? In several places the
> > code converts one to the other which does not seem necessary.
> 
> You mean simply passing a int value which is combination of the used
> flags? mught be a good idea, even for further changes.

Yes, that is what I had in mind.


Regards,
Marek

[B.A.T.M.A.N.] [PATCHv2 1/4] batman-adv: detect clients connected through a 802.11 device

[Antonio Quartulli]

Clients connected through a 802.11 device are now marked with the
TT_CLIENT_WIFI flag. This flag is also advertised with the tt
announcement.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---


This patchset is based on top of:
"batman-adv: pass a unique flag arg instead of a sequence of bool ones"
which is on the ML but has not been applied yet.

Several stuff have been fixed in this version following Andrew's and Marek's suggestion.
** Patch4 adds support for showing client flags in the transtables output. **
For more details look at the following mails:

- patch 1:
http://www.mail-archive.com/b.a.t.m.a.n@lists.open-mesh.org/msg04814.html
http://www.mail-archive.com/b.a.t.m.a.n@lists.open-mesh.org/msg04892.html

- patch 2:
http://www.mail-archive.com/b.a.t.m.a.n@lists.open-mesh.org/msg04816.html

- patch 3:
http://www.mail-archive.com/b.a.t.m.a.n@lists.open-mesh.org/msg04817.html
http://www.mail-archive.com/b.a.t.m.a.n@lists.open-mesh.org/msg04894.html


 compat.h            |    2 ++
 hard-interface.c    |   30 ++++++++++++++++++++++++++++++
 hard-interface.h    |    1 +
 main.c              |    2 +-
 main.h              |    2 ++
 packet.h            |    3 ++-
 routing.c           |    2 +-
 soft-interface.c    |    4 ++--
 translation-table.c |   15 ++++++++++++---
 translation-table.h |    9 +++++----
 10 files changed, 58 insertions(+), 12 deletions(-)

diff --git a/compat.h b/compat.h
index 66a8adc..f1965d0 100644
--- a/compat.h
+++ b/compat.h
@@ -263,6 +263,8 @@ int bat_seq_printf(struct seq_file *m, const char *f, ...);
 
 #define __always_unused			__attribute__((unused))
 
+#define skb_iif iif
+
 #endif /* < KERNEL_VERSION(2, 6, 33) */
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 34)
diff --git a/hard-interface.c b/hard-interface.c
index db7aacf..f2b6fd9 100644
--- a/hard-interface.c
+++ b/hard-interface.c
@@ -681,6 +681,36 @@ err_out:
 	return NET_RX_DROP;
 }
 
+/* This function returns true if the interface represented by ifindex is a
+ * 802.11 wireless device */
+bool is_wifi_iface(int ifindex)
+{
+	struct net_device *net_device = NULL;
+	bool ret = false;
+
+	if (ifindex == NULL_IFINDEX)
+		goto out;
+
+	net_device = dev_get_by_index(&init_net, ifindex);
+	if (!net_device)
+		goto out;
+
+#ifdef CONFIG_WIRELESS_EXT
+	/* pre-cfg80211 drivers have to implement WEXT, so it is possible to
+	 * check for wireless_handlers != NULL */
+	if (net_device->wireless_handlers)
+		ret = true;
+	else
+#endif
+		/* cfg80211 drivers have to set ieee80211_ptr */
+		if (net_device->ieee80211_ptr)
+			ret = true;
+out:
+	if (net_device)
+		dev_put(net_device);
+	return ret;
+}
+
 struct notifier_block hard_if_notifier = {
 	.notifier_call = hard_if_event,
 };
diff --git a/hard-interface.h b/hard-interface.h
index 442eacb..67f78d1 100644
--- a/hard-interface.h
+++ b/hard-interface.h
@@ -42,6 +42,7 @@ void hardif_remove_interfaces(void);
 int hardif_min_mtu(struct net_device *soft_iface);
 void update_min_mtu(struct net_device *soft_iface);
 void hardif_free_rcu(struct rcu_head *rcu);
+bool is_wifi_iface(int ifindex);
 
 static inline void hardif_free_ref(struct hard_iface *hard_iface)
 {
diff --git a/main.c b/main.c
index e367e69..5dc47a3 100644
--- a/main.c
+++ b/main.c
@@ -108,7 +108,7 @@ int mesh_init(struct net_device *soft_iface)
 	if (tt_init(bat_priv) < 1)
 		goto err;
 
-	tt_local_add(soft_iface, soft_iface->dev_addr);
+	tt_local_add(soft_iface, soft_iface->dev_addr, NULL_IFINDEX);
 
 	if (vis_init(bat_priv) < 1)
 		goto err;
diff --git a/main.h b/main.h
index f3fe9f4..4e2bbe3 100644
--- a/main.h
+++ b/main.h
@@ -61,6 +61,8 @@
 
 #define NO_FLAGS 0
 
+#define NULL_IFINDEX 0 /* dummy ifindex used to avoid iface checks */
+
 #define NUM_WORDS (TQ_LOCAL_WINDOW_SIZE / WORD_BIT_SIZE)
 
 #define LOG_BUF_LEN 8192	  /* has to be a power of 2 */
diff --git a/packet.h b/packet.h
index 8fd2fde..b17baa5 100644
--- a/packet.h
+++ b/packet.h
@@ -82,7 +82,8 @@ enum tt_query_flags {
 enum tt_client_flags {
 	TT_CLIENT_DEL     = 0x01,
 	TT_CLIENT_ROAM    = 0x02,
-	TT_CLIENT_NOPURGE = 0x04
+	TT_CLIENT_NOPURGE = 0x04,
+	TT_CLIENT_WIFI    = 0x08
 };
 
 struct batman_packet {
diff --git a/routing.c b/routing.c
index 2cb98be..d86fbd9 100644
--- a/routing.c
+++ b/routing.c
@@ -1288,7 +1288,7 @@ int recv_roam_adv(struct sk_buff *skb, struct hard_iface *recv_if)
 		roam_adv_packet->client);
 
 	tt_global_add(bat_priv, orig_node, roam_adv_packet->client,
-		      atomic_read(&orig_node->last_ttvn) + 1, true);
+		      atomic_read(&orig_node->last_ttvn) + 1, true, false);
 
 	/* Roaming phase starts: I have new information but the ttvn has not
 	 * been incremented yet. This flag will make me check all the incoming
diff --git a/soft-interface.c b/soft-interface.c
index 3f20332..48146e5 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -536,7 +536,7 @@ static int interface_set_mac_addr(struct net_device *dev, void *p)
 	if (atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE) {
 		tt_local_remove(bat_priv, dev->dev_addr,
 				"mac address changed", false);
-		tt_local_add(dev, addr->sa_data);
+		tt_local_add(dev, addr->sa_data, NULL_IFINDEX);
 	}
 
 	memcpy(dev->dev_addr, addr->sa_data, ETH_ALEN);
@@ -595,7 +595,7 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
 		goto dropped;
 
 	/* Register the client MAC in the transtable */
-	tt_local_add(soft_iface, ethhdr->h_source);
+	tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
 
 	orig_node = transtable_search(bat_priv, ethhdr->h_dest);
 	if (is_multicast_ether_addr(ethhdr->h_dest) ||
diff --git a/translation-table.c b/translation-table.c
index 796303d..e1dede1 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -186,7 +186,8 @@ static int tt_local_init(struct bat_priv *bat_priv)
 	return 1;
 }
 
-void tt_local_add(struct net_device *soft_iface, const uint8_t *addr)
+void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
+		  int ifindex)
 {
 	struct bat_priv *bat_priv = netdev_priv(soft_iface);
 	struct tt_local_entry *tt_local_entry = NULL;
@@ -210,6 +211,8 @@ void tt_local_add(struct net_device *soft_iface, const uint8_t *addr)
 	memcpy(tt_local_entry->addr, addr, ETH_ALEN);
 	tt_local_entry->last_seen = jiffies;
 	tt_local_entry->flags = NO_FLAGS;
+	if (is_wifi_iface(ifindex))
+		tt_local_entry->flags |= TT_CLIENT_WIFI;
 	atomic_set(&tt_local_entry->refcount, 2);
 
 	/* the batman interface mac address should never be purged */
@@ -494,7 +497,8 @@ static void tt_changes_list_free(struct bat_priv *bat_priv)
 
 /* caller must hold orig_node refcount */
 int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
-		  const unsigned char *tt_addr, uint8_t ttvn, bool roaming)
+		  const unsigned char *tt_addr, uint8_t ttvn, bool roaming,
+		  bool wifi)
 {
 	struct tt_global_entry *tt_global_entry;
 	struct orig_node *orig_node_tmp;
@@ -536,6 +540,9 @@ int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
 		tt_global_entry->roam_at = 0;
 	}
 
+	if (wifi)
+		tt_global_entry->flags |= TT_CLIENT_WIFI;
+
 	bat_dbg(DBG_TT, bat_priv,
 		"Creating new global tt entry: %pM (via %pM)\n",
 		tt_global_entry->addr, orig_node->orig);
@@ -1342,7 +1349,9 @@ static void _tt_update_changes(struct bat_priv *bat_priv,
 				      (tt_change + i)->flags & TT_CLIENT_ROAM);
 		else
 			if (!tt_global_add(bat_priv, orig_node,
-					   (tt_change + i)->addr, ttvn, false))
+					   (tt_change + i)->addr, ttvn, false,
+					   (tt_change + i)->flags &
+							TT_CLIENT_WIFI))
 				/* In case of problem while storing a
 				 * global_entry, we stop the updating
 				 * procedure without committing the
diff --git a/translation-table.h b/translation-table.h
index 460e583..e244858 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -26,15 +26,16 @@ int tt_len(int changes_num);
 int tt_changes_fill_buffer(struct bat_priv *bat_priv,
 			   unsigned char *buff, int buff_len);
 int tt_init(struct bat_priv *bat_priv);
-void tt_local_add(struct net_device *soft_iface, const uint8_t *addr);
+void tt_local_add(struct net_device *soft_iface, const uint8_t *addr,
+		  int ifindex);
 void tt_local_remove(struct bat_priv *bat_priv,
 		     const uint8_t *addr, const char *message, bool roaming);
 int tt_local_seq_print_text(struct seq_file *seq, void *offset);
 void tt_global_add_orig(struct bat_priv *bat_priv, struct orig_node *orig_node,
 			const unsigned char *tt_buff, int tt_buff_len);
-int tt_global_add(struct bat_priv *bat_priv,
-		  struct orig_node *orig_node, const unsigned char *addr,
-		  uint8_t ttvn, bool roaming);
+int tt_global_add(struct bat_priv *bat_priv, struct orig_node *orig_node,
+		  const unsigned char *addr, uint8_t ttvn, bool roaming,
+		  bool wifi);
 int tt_global_seq_print_text(struct seq_file *seq, void *offset);
 void tt_global_del_orig(struct bat_priv *bat_priv,
 			struct orig_node *orig_node, const char *message);
-- 
1.7.3.4

[B.A.T.M.A.N.] [PATCHv2 2/4] batman-adv: implement AP-isolation on the receiver side

[Antonio Quartulli]

When a node receives a unicast packet it checks if the source and the
destination client can communicate or not due to the AP isolation

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 bat_sysfs.c          |    2 ++
 soft-interface.c     |    4 ++++
 sysfs-class-net-mesh |    8 ++++++++
 translation-table.c  |   42 ++++++++++++++++++++++++++++++++++++++++++
 translation-table.h  |    1 +
 types.h              |    1 +
 6 files changed, 58 insertions(+), 0 deletions(-)

diff --git a/bat_sysfs.c b/bat_sysfs.c
index cd15deb..b8a7414 100644
--- a/bat_sysfs.c
+++ b/bat_sysfs.c
@@ -380,6 +380,7 @@ static ssize_t store_gw_bwidth(struct kobject *kobj, struct attribute *attr,
 BAT_ATTR_BOOL(aggregated_ogms, S_IRUGO | S_IWUSR, NULL);
 BAT_ATTR_BOOL(bonding, S_IRUGO | S_IWUSR, NULL);
 BAT_ATTR_BOOL(fragmentation, S_IRUGO | S_IWUSR, update_min_mtu);
+BAT_ATTR_BOOL(ap_isolation, S_IRUGO | S_IWUSR, NULL);
 static BAT_ATTR(vis_mode, S_IRUGO | S_IWUSR, show_vis_mode, store_vis_mode);
 static BAT_ATTR(gw_mode, S_IRUGO | S_IWUSR, show_gw_mode, store_gw_mode);
 BAT_ATTR_UINT(orig_interval, S_IRUGO | S_IWUSR, 2 * JITTER, INT_MAX, NULL);
@@ -396,6 +397,7 @@ static struct bat_attribute *mesh_attrs[] = {
 	&bat_attr_aggregated_ogms,
 	&bat_attr_bonding,
 	&bat_attr_fragmentation,
+	&bat_attr_ap_isolation,
 	&bat_attr_vis_mode,
 	&bat_attr_gw_mode,
 	&bat_attr_orig_interval,
diff --git a/soft-interface.c b/soft-interface.c
index 48146e5..839ded9 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -739,6 +739,9 @@ void interface_rx(struct net_device *soft_iface,
 
 	soft_iface->last_rx = jiffies;
 
+	if (is_ap_isolated(bat_priv, ethhdr->h_source, ethhdr->h_dest))
+		goto dropped;
+
 	netif_rx(skb);
 	goto out;
 
@@ -823,6 +826,7 @@ struct net_device *softif_create(const char *name)
 
 	atomic_set(&bat_priv->aggregated_ogms, 1);
 	atomic_set(&bat_priv->bonding, 0);
+	atomic_set(&bat_priv->ap_isolation, 0);
 	atomic_set(&bat_priv->vis_mode, VIS_TYPE_CLIENT_UPDATE);
 	atomic_set(&bat_priv->gw_mode, GW_MODE_OFF);
 	atomic_set(&bat_priv->gw_sel_class, 20);
diff --git a/sysfs-class-net-mesh b/sysfs-class-net-mesh
index 748fe17..b020014 100644
--- a/sysfs-class-net-mesh
+++ b/sysfs-class-net-mesh
@@ -22,6 +22,14 @@ Description:
                 mesh will be fragmented or silently discarded if the
                 packet size exceeds the outgoing interface MTU.
 
+What:		/sys/class/net/<mesh_iface>/mesh/ap_isolation
+Date:		May 2011
+Contact:	Antonio Quartulli <ordex@autistici.org>
+Description:
+		Indicates whether the data traffic going from a
+		wireless client to another wireless client will be
+		silently dropped.
+
 What:           /sys/class/net/<mesh_iface>/mesh/gw_bandwidth
 Date:           October 2010
 Contact:        Marek Lindner <lindner_marek@yahoo.de>
diff --git a/translation-table.c b/translation-table.c
index e1dede1..3deccc0 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -780,6 +780,18 @@ static void tt_global_table_free(struct bat_priv *bat_priv)
 	bat_priv->tt_global_hash = NULL;
 }
 
+static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
+			    struct tt_global_entry *tt_global_entry)
+{
+	bool ret = false;
+
+	if (tt_local_entry->flags & TT_CLIENT_WIFI &&
+	    tt_global_entry->flags & TT_CLIENT_WIFI)
+		ret = true;
+
+	return ret;
+}
+
 struct orig_node *transtable_search(struct bat_priv *bat_priv,
 				    const uint8_t *addr)
 {
@@ -1631,3 +1643,33 @@ void tt_free(struct bat_priv *bat_priv)
 
 	kfree(bat_priv->tt_buff);
 }
+
+bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst)
+{
+	struct tt_local_entry *tt_local_entry = NULL;
+	struct tt_global_entry *tt_global_entry = NULL;
+	bool ret = true;
+
+	if (!atomic_read(&bat_priv->ap_isolation))
+		return false;
+
+	tt_local_entry = tt_local_hash_find(bat_priv, dst);
+	if (!tt_local_entry)
+		goto out;
+
+	tt_global_entry = tt_global_hash_find(bat_priv, src);
+	if (!tt_global_entry)
+		goto out;
+
+	if (_is_ap_isolated(tt_local_entry, tt_global_entry))
+		goto out;
+
+	ret = false;
+
+out:
+	if (tt_global_entry)
+		tt_global_entry_free_ref(tt_global_entry);
+	if (tt_local_entry)
+		tt_local_entry_free_ref(tt_local_entry);
+	return ret;
+}
diff --git a/translation-table.h b/translation-table.h
index e244858..9b93c16 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -62,5 +62,6 @@ void handle_tt_response(struct bat_priv *bat_priv,
 			struct tt_query_packet *tt_response);
 void send_roam_adv(struct bat_priv *bat_priv, uint8_t *client,
 		   struct orig_node *orig_node);
+bool is_ap_isolated(struct bat_priv *bat_priv, uint8_t *src, uint8_t *dst);
 
 #endif /* _NET_BATMAN_ADV_TRANSLATION_TABLE_H_ */
diff --git a/types.h b/types.h
index 582283a..4df1f5f 100644
--- a/types.h
+++ b/types.h
@@ -146,6 +146,7 @@ struct bat_priv {
 	atomic_t aggregated_ogms;	/* boolean */
 	atomic_t bonding;		/* boolean */
 	atomic_t fragmentation;		/* boolean */
+	atomic_t ap_isolation;		/* boolean */
 	atomic_t vis_mode;		/* VIS_TYPE_* */
 	atomic_t gw_mode;		/* GW_MODE_* */
 	atomic_t gw_sel_class;		/* uint */
-- 
1.7.3.4

[B.A.T.M.A.N.] [PATCHv2 3/4] batman-adv: implement AP-isolation on the sender side

[Antonio Quartulli]

If a node has to send a packet issued by a WIFI client to another WIFI client,
the packet is dropped.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 routing.c           |    2 +-
 soft-interface.c    |    3 ++-
 translation-table.c |   26 ++++++++++++++++++++------
 translation-table.h |    2 +-
 unicast.c           |    6 ++++--
 5 files changed, 28 insertions(+), 11 deletions(-)

diff --git a/routing.c b/routing.c
index d86fbd9..dbef1e2 100644
--- a/routing.c
+++ b/routing.c
@@ -1524,7 +1524,7 @@ static int check_unicast_ttvn(struct bat_priv *bat_priv,
 
 		ethhdr = (struct ethhdr *)(skb->data +
 			sizeof(struct unicast_packet));
-		orig_node = transtable_search(bat_priv, ethhdr->h_dest);
+		orig_node = transtable_search(bat_priv, NULL, ethhdr->h_dest);
 
 		if (!orig_node) {
 			if (!is_my_client(bat_priv, ethhdr->h_dest))
diff --git a/soft-interface.c b/soft-interface.c
index 839ded9..ef2fad5 100644
--- a/soft-interface.c
+++ b/soft-interface.c
@@ -597,7 +597,8 @@ static int interface_tx(struct sk_buff *skb, struct net_device *soft_iface)
 	/* Register the client MAC in the transtable */
 	tt_local_add(soft_iface, ethhdr->h_source, skb->skb_iif);
 
-	orig_node = transtable_search(bat_priv, ethhdr->h_dest);
+	orig_node = transtable_search(bat_priv, ethhdr->h_source,
+				      ethhdr->h_dest);
 	if (is_multicast_ether_addr(ethhdr->h_dest) ||
 				(orig_node && orig_node->gw_flags)) {
 		ret = gw_is_target(bat_priv, skb, orig_node);
diff --git a/translation-table.c b/translation-table.c
index 3deccc0..f5a772f 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -793,24 +793,38 @@ static bool _is_ap_isolated(struct tt_local_entry *tt_local_entry,
 }
 
 struct orig_node *transtable_search(struct bat_priv *bat_priv,
-				    const uint8_t *addr)
+				    const uint8_t *src, const uint8_t *addr)
 {
-	struct tt_global_entry *tt_global_entry;
+	struct tt_local_entry *tt_local_entry = NULL;
+	struct tt_global_entry *tt_global_entry = NULL;
 	struct orig_node *orig_node = NULL;
 
-	tt_global_entry = tt_global_hash_find(bat_priv, addr);
+	if (src && atomic_read(&bat_priv->ap_isolation)) {
+		tt_local_entry = tt_local_hash_find(bat_priv, src);
+		if (!tt_local_entry)
+			goto out;
+	}
 
+	tt_global_entry = tt_global_hash_find(bat_priv, addr);
 	if (!tt_global_entry)
 		goto out;
 
+	/* check whether the clients should not communicate due to AP
+	 * isolation */
+	if (tt_local_entry && _is_ap_isolated(tt_local_entry, tt_global_entry))
+		goto out;
+
 	if (!atomic_inc_not_zero(&tt_global_entry->orig_node->refcount))
-		goto free_tt;
+		goto out;
 
 	orig_node = tt_global_entry->orig_node;
 
-free_tt:
-	tt_global_entry_free_ref(tt_global_entry);
 out:
+	if (tt_global_entry)
+		tt_global_entry_free_ref(tt_global_entry);
+	if (tt_local_entry)
+		tt_local_entry_free_ref(tt_local_entry);
+
 	return orig_node;
 }
 
diff --git a/translation-table.h b/translation-table.h
index 9b93c16..9765034 100644
--- a/translation-table.h
+++ b/translation-table.h
@@ -43,7 +43,7 @@ void tt_global_del(struct bat_priv *bat_priv,
 		   struct orig_node *orig_node, const unsigned char *addr,
 		   const char *message, bool roaming);
 struct orig_node *transtable_search(struct bat_priv *bat_priv,
-				    const uint8_t *addr);
+				    const uint8_t *src, const uint8_t *addr);
 void tt_save_orig_buffer(struct bat_priv *bat_priv, struct orig_node *orig_node,
 			 const unsigned char *tt_buff, uint8_t tt_num_changes);
 uint16_t tt_local_crc(struct bat_priv *bat_priv);
diff --git a/unicast.c b/unicast.c
index 32b125f..07d1c1d 100644
--- a/unicast.c
+++ b/unicast.c
@@ -299,8 +299,10 @@ int unicast_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv)
 			goto find_router;
 	}
 
-	/* check for tt host - increases orig_node refcount */
-	orig_node = transtable_search(bat_priv, ethhdr->h_dest);
+	/* check for tt host - increases orig_node refcount.
+	 * returns NULL in case of AP isolation */
+	orig_node = transtable_search(bat_priv, ethhdr->h_source,
+				      ethhdr->h_dest);
 
 find_router:
 	/**
-- 
1.7.3.4

[B.A.T.M.A.N.] [PATCHv2 4/4] batman-adv: print client flags in the local/global transtables output

[Antonio Quartulli]

Since clients can have several flags on or off, this patches make them
appear in the local/global transtable output so that they can be checked
for debugging purposes.

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
---
 translation-table.c |   28 +++++++++++++++++++---------
 1 files changed, 19 insertions(+), 9 deletions(-)

diff --git a/translation-table.c b/translation-table.c
index f5a772f..b413eff 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -331,7 +331,7 @@ int tt_local_seq_print_text(struct seq_file *seq, void *offset)
 
 		rcu_read_lock();
 		__hlist_for_each_rcu(node, head)
-			buf_size += 21;
+			buf_size += 27;
 		rcu_read_unlock();
 	}
 
@@ -350,8 +350,14 @@ int tt_local_seq_print_text(struct seq_file *seq, void *offset)
 		rcu_read_lock();
 		hlist_for_each_entry_rcu(tt_local_entry, node,
 					 head, hash_entry) {
-			pos += snprintf(buff + pos, 22, " * %pM\n",
-					tt_local_entry->addr);
+			pos += snprintf(buff + pos, 28, " * %pM [%c%c%c]\n",
+					tt_local_entry->addr,
+					(tt_local_entry->flags &
+					 TT_CLIENT_ROAM ? 'R' : '.'),
+					(tt_local_entry->flags &
+					 TT_CLIENT_NOPURGE ? 'N' : '.'),
+					(tt_local_entry->flags &
+					 TT_CLIENT_WIFI ? 'W' : '.'));
 		}
 		rcu_read_unlock();
 	}
@@ -588,8 +594,8 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
 	seq_printf(seq,
 		   "Globally announced TT entries received via the mesh %s\n",
 		   net_dev->name);
-	seq_printf(seq, "       %-13s %s       %-15s %s\n",
-		   "Client", "(TTVN)", "Originator", "(Curr TTVN)");
+	seq_printf(seq, "       %-13s %s       %-15s %s %s\n",
+		   "Client", "(TTVN)", "Originator", "(Curr TTVN)", "Flags");
 
 	buf_size = 1;
 	/* Estimate length for: " * xx:xx:xx:xx:xx:xx (ttvn) via
@@ -599,7 +605,7 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
 
 		rcu_read_lock();
 		__hlist_for_each_rcu(node, head)
-			buf_size += 59;
+			buf_size += 66;
 		rcu_read_unlock();
 	}
 
@@ -618,14 +624,18 @@ int tt_global_seq_print_text(struct seq_file *seq, void *offset)
 		rcu_read_lock();
 		hlist_for_each_entry_rcu(tt_global_entry, node,
 					 head, hash_entry) {
-			pos += snprintf(buff + pos, 61,
-					" * %pM  (%3u) via %pM     (%3u)\n",
+			pos += snprintf(buff + pos, 68,
+					" * %pM  (%3u) via %pM     (%3u)   [%c%c]\n",
 					tt_global_entry->addr,
 					tt_global_entry->ttvn,
 					tt_global_entry->orig_node->orig,
 					(uint8_t) atomic_read(
 						&tt_global_entry->orig_node->
-						last_ttvn));
+						last_ttvn),
+					(tt_global_entry->flags &
+					 TT_CLIENT_ROAM ? 'R' : '.'),
+					(tt_global_entry->flags &
+					 TT_CLIENT_WIFI ? 'W' : '.'));
 		}
 		rcu_read_unlock();
 	}
-- 
1.7.3.4