Fwd: How to enable FILS feature on Raspberry Pi 3b+ platform

Xiao Ma max8612 at gmail.com
Mon Aug 12 00:39:22 PDT 2019


Hello Chatty,

I would like to have a check if it's possible to enable FILS feature
on Raspberry Pi 3b+ platform and create a wireless network with FILS
feature, if so I can verify the authentication and HLP features.

I have two Raspberry Pi 3b+, and I pulled down the latest master
branch of hostap git repo, copied the "defconfig" to ".config" file in
the hostapd and wpa_supplicant directory. Comment out below
configuration:

# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
CONFIG_FILS=y
# FILS shared key authentication with PFS
CONFIG_FILS_SK_PFS=y

and I can compile the hostapd and wpa_supplicant execute file
successfully. Then I have a simple “ hostapd.conf" to configure the
Raspberry Pi 3b+ as Wi-Fi AP.

interface=wlan0
driver=nl80211
hw_mode=g
channel=11
ssid=hostapd
wmm_enabled=0
wpa=2
wpa_key_mgmt=FILS-SHA256
wpa_passphrase=12345678
rsn_pairwise=CCMP

Then I ran the hostapd with below command:

# sudo hostapd -P /run/hostapd.pid /etc/hostapd/hostapd.conf -B -dd

if my understanding is correct from reading the IEEE80211ai standard,
AP which can support FILS capability would broadcast Beacon frame with
FILS Indication element (element ID: 240) and also set FILS Capability
bit (bit 72) in the Extended Capabilities element. I can observe the
FILS indication element bytes from the output log of hostapd, like
below:

nl80211: Beacon head - hexdump(len=57): 80 00 00 00 ff ff ff ff ff ff
b8 27 eb 70 e9 b0 b8 27 eb 70 e9 b0 00 00 00 00 00 00 00 00 00 00 64
00 31 04 00 06 50 69 34 2d 41 50 01 08 82 84 8b 96 0c 12 18 24 03 01
0b
nl80211: Beacon tail - hexdump(len=39): 2a 01 00 32 04 30 48 60 6c 30
14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 f0 06
80 02 12 34 d4 c9

the last 8 bytes: f0 06 80 02 12 34 d4 c9, I believe that's FILS
indication elements.
However, when I use wireshark to capture the packet over the air, I
didn't notice these kind of information appeared in the Beacon frame
sent from AP (Raspberry Pi 3b+). Not sure if the nl80211 driver on
Raspberry Pi does't support FILS feature yet or something else.

BTW, I also noticed that in the python unittest on FILS feature, when
scanning the APs, the test code can always get the flags
[WPA_FILS_SHA256_CCMP][ESS]. However, when I used the compiled
wpa_supplicant to scan the APs nearby, from the scan_result, I get the
flags: [WEP][ESS] for the hostapd who enables FILS with above
hostapd.conf.

Please correct me if I miss something and any feedback is pretty
welcomed. That would be great if I can get some example config on
“hostapd.conf" that enables FILS feature.

Thanks!



More information about the Hostap mailing list