[PATCH v2 24/33] Prepare 802.11i pre-authentication for full dynamic vlan.

Michael Braun michael-dev at fami-braun.de
Sat Sep 24 13:54:05 PDT 2016 

To receive pre-authentication packets on a non-wifi-client-data bridge,
the bssid needs to appear as local mac.

This is implemented by creating an interface of type "macvlan" with the
mac address configured as bssid.

Signed-off-by: Michael Braun <michael-dev at fami-braun.de>
---
 hostapd/Makefile      |  4 ++++
 hostapd/defconfig     |  3 +++
 hostapd/hostapd.conf  |  4 ++++
 src/ap/preauth_auth.c | 35 +++++++++++++++++++++++++++++++++--
 4 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/hostapd/Makefile b/hostapd/Makefile
index 47ba052..1d6872b 100644
--- a/hostapd/Makefile
+++ b/hostapd/Makefile
@@ -260,6 +260,10 @@ endif
 ifdef CONFIG_RSN_PREAUTH
 CFLAGS += -DCONFIG_RSN_PREAUTH
 CONFIG_L2_PACKET=y
+ifdef CONFIG_RSN_PREAUTH_MACVLAN
+CFLAGS += -DCONFIG_RSN_PREAUTH_MACVLAN
+NEED_MACVLAN=y
+endif
 endif
 
 ifdef CONFIG_PEERKEY
diff --git a/hostapd/defconfig b/hostapd/defconfig
index db35e0b..193546f 100644
--- a/hostapd/defconfig
+++ b/hostapd/defconfig
@@ -52,6 +52,9 @@ CONFIG_IAPP=y
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
+# see hostapd.conf
+# CONFIG_RSN_PREAUTH_MACVLAN=y
+
 # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
 CONFIG_PEERKEY=y
 
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 62bac5a..da0fb42 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1209,6 +1209,10 @@ own_ip_addr=127.0.0.1
 # associated stations (e.g., wlan0) should not be added, since
 # pre-authentication is only used with APs other than the currently associated
 # one.
+# Packets addressed to the local bssid need to appear as "local" to
+# rsn_preauth_interfaces in order to be received.
+# If hostapd is build with CONFIG_RSN_PREAUTH_MACVLAN, hostapd will add an
+# macvlan type interface using the bssid as mac.
 #rsn_preauth_interfaces=eth0
 
 # peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
diff --git a/src/ap/preauth_auth.c b/src/ap/preauth_auth.c
index 3e0c800..d83b5f3 100644
--- a/src/ap/preauth_auth.c
+++ b/src/ap/preauth_auth.c
@@ -22,6 +22,10 @@
 #include "sta_info.h"
 #include "wpa_auth.h"
 #include "preauth_auth.h"
+#if CONFIG_RSN_PREAUTH_MACVLAN
+#include "macvlan.h"
+#include "vlan_ifconfig.h"
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 
 #ifndef ETH_P_PREAUTH
 #define ETH_P_PREAUTH 0x88C7 /* IEEE 802.11i pre-authentication */
@@ -35,6 +39,9 @@ struct rsn_preauth_interface {
 	struct l2_packet_data *l2;
 	char *ifname;
 	int ifindex;
+#if CONFIG_RSN_PREAUTH_MACVLAN
+	int is_macvlan;
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 };
 
 
@@ -94,9 +101,13 @@ static void rsn_preauth_receive(void *ctx, const u8 *src_addr,
 }
 
 
-static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
+static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname,
+				 int idx)
 {
 	struct rsn_preauth_interface *piface;
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+	char macvlan_iface[IFNAMSIZ+1];
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 
 	wpa_printf(MSG_DEBUG, "RSN pre-auth interface '%s'", ifname);
 
@@ -105,6 +116,19 @@ static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname)
 		return -1;
 	piface->hapd = hapd;
 
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+	snprintf(macvlan_iface, sizeof(macvlan_iface), "pre%d%s",
+		 idx, hapd->conf->iface);
+	if (macvlan_add(macvlan_iface, hapd->own_addr, ifname) < 0 ||
+	    ifconfig_up(macvlan_iface) < 0) {
+		wpa_printf(MSG_ERROR, "Failed to add bssid to "
+			   "rsn_preauth_interface %s", ifname);
+	} else {
+		piface->is_macvlan = 1;
+		ifname = macvlan_iface;
+	}
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
+
 	piface->ifname = os_strdup(ifname);
 	if (piface->ifname == NULL) {
 		goto fail1;
@@ -139,6 +163,12 @@ void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
 	while (piface) {
 		prev = piface;
 		piface = piface->next;
+#ifdef CONFIG_RSN_PREAUTH_MACVLAN
+		if (prev->is_macvlan) {
+			ifconfig_down(prev->ifname);
+			macvlan_del(prev->ifname);
+		}
+#endif /* CONFIG_RSN_PREAUTH_MACVLAN */
 		l2_packet_deinit(prev->l2);
 		os_free(prev->ifname);
 		os_free(prev);
@@ -149,6 +179,7 @@ void rsn_preauth_iface_deinit(struct hostapd_data *hapd)
 int rsn_preauth_iface_init(struct hostapd_data *hapd)
 {
 	char *tmp, *start, *end;
+	int i = 0;
 
 	if (hapd->conf->rsn_preauth_interfaces == NULL)
 		return 0;
@@ -166,7 +197,7 @@ int rsn_preauth_iface_init(struct hostapd_data *hapd)
 		if (end)
 			*end = '\0';
 
-		if (rsn_preauth_iface_add(hapd, start)) {
+		if (rsn_preauth_iface_add(hapd, start, i++)) {
 			rsn_preauth_iface_deinit(hapd);
 			os_free(tmp);
 			return -1;
-- 
2.1.4

More information about the Hostap mailing list