[PATCH 1/2] hostapd: add support for unicast beacons

Jouni Malinen j at w1.fi
Wed Feb 1 08:48:59 PST 2023

On Thu, Jan 05, 2023 at 09:09:44PM +0100, Raphaël Mélotte wrote:
> In some specific scenarios where a BSS is used for a single station,
> it can be useful to be able to configure beacons as unicast instead of
> broadcast.

That would be explicitly non-compliant with the standard: IEEE Std
802.11-2020, "The Address 1 field of the Beacon or Timing
Advertisement frame shall be set to the broadcast address."

In addition to not being allowed, this would sound like a potentially
quite bad thing to allow on the non-AP STA side since using unicast
Beacon frames might be sufficient to bypass beacon protection (which is
defined using BIP that works only with group-addressed frames) and
because this could be used for targeted attacks against a single non-AP
STA in the BSS. In other words, I'd recommend non-AP STA implementations
to discard any received Beacon frame if Address 1 is not broadcast.

In addition to this, I doubt this would work correctly with most
existing driver implementations on the transmitter side. In particular,
power save buffering of group addressed frames or anything else that is
gated on Beacon frame transmission might get quite interesting if there
is suddenly an expectation of having to retransmit the Beacon frame due
not having received an ACK frame for it.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list