Does hostapd not support setting acl rules for each bss?
Ming Kuang
ming at imkuang.com
Sat Jul 27 02:02:21 PDT 2024
Hello, everyone,
I have two bss on the same radio and I'm trying to configure allow and
deny list for each bss.
I have written the following configuration for hostapd (cropped):
interface=wlan0
driver=nl80211
...
accept_mac_file=/data/hostapd.accept
deny_mac_file=/data/hostapd.deny
macaddr_acl=0
...
bss=wlan0_0
accept_mac_file=/data/hostapd_0.accept
deny_mac_file=/data/hostapd_0.deny
...
However the acl rules on the second bss wlan0_0 does not take effect now.
I checked with the iwpriv command and found that the acl rules were
indeed not configured into the driver, so I started looking at the logic
in hostapd.
We use hostapd_set_acl to configure acl rules to the driver, however the
function seems to always use the rules recorded in bss[0]
int hostapd_set_acl(struct hostapd_data *hapd)
{
struct hostapd_config *conf = hapd->iconf;
...
if (conf->bss[0]->macaddr_acl == DENY_UNLESS_ACCEPTED) {
accept_acl = 1;
err = hostapd_set_acl_list(hapd, conf->bss[0]->accept_mac,
conf->bss[0]->num_accept_mac,
accept_acl);
...
} else if (conf->bss[0]->macaddr_acl == ACCEPT_UNLESS_DENIED) {
accept_acl = 0;
err = hostapd_set_acl_list(hapd, conf->bss[0]->deny_mac,
conf->bss[0]->num_deny_mac,
accept_acl);
...
}
return err;
}
By adding logs to the DENY_ACL SHOW process, I confirmed that my
configurations were correctly parsed into each bss's hapd struct.
So why does hostapd only use the bss[0]'s acl configuration?
What happens if I modify the hostapd_set_acl function to use its
incoming parameter hapd's configuration hapd->conf instead of
hapd->iconf->bss[0]?
I'm not particularly familiar with hostapd, so if anyone can
enlighten me it would be greatly appreciated!
More information about the Hostap
mailing list