[PATCH 0/6] Roaming between all hostapd instances using a fixed key

Benjamin Berg benjamin at sipsolutions.net
Mon Sep 19 08:47:38 PDT 2016

From: Benjamin Berg <benjamin.berg at open-mesh.com>

The current roaming implementation requires prior knowledge about all
other hostapd instances on the network and one must have an AES key
assigned to each pair of APs. This is bad from a deployment perspective
as further APs cannot be added or removed easily and a list of all APs
is required to configure hostapd.

This patch series adds the possibility to use a common static key to
exchange the information for FT to work. Using a common key has the
disadvantage that the key is disclosed if a single AP is compromised.

With this series applied setting the ft_remote_key option and configuring
the mobility domain should allow using roaming inside the layer two
network. The bssid, nas_identifier and r1_key_holder should match when
configuring the AP like this. The nas_identifier and r1_key_holder will be
set to the BSSID automatically if it is specified.

Benjamin Berg (6):
  FT: Allow roaming between APs if IDs match MAC
  FT: Default IDs to BSSID if static roaming key is defined.
  tests: Test FT roaming using fixed key and mac as IDs
  FT: Re-calculate PMK-R0 for pull requests if value is not cached.
  FT: Implement basic cache expiration and limiting
  l2: Add outgoing listener to catch packets from other hostapd

 hostapd/config_file.c           |   9 ++
 src/ap/ap_config.c              |  31 +++-
 src/ap/ap_config.h              |   2 +
 src/ap/wpa_auth.h               |   3 +
 src/ap/wpa_auth_ft.c            | 339 ++++++++++++++++++++++++++++++++++------
 src/ap/wpa_auth_glue.c          |  19 ++-
 src/l2_packet/l2_packet.h       |  14 ++
 src/l2_packet/l2_packet_linux.c |  70 +++++++++
 tests/hwsim/test_ap_ft.py       |  42 +++++
 9 files changed, 473 insertions(+), 56 deletions(-)


More information about the Hostap mailing list