Centralized WLAN Management Application/Framework

Bryan Kadzban bryan
Tue Nov 28 14:53:04 PST 2006 

Daniel Bertolo wrote:
> The main idea is to make the APs stupid doing nothing else but 
> sending unmodified wireless frames through a tunnel to the server 
> where again HostAP will do the rest (namely authentication).

Not sure if this will work on the AP end, but if hostapd will run on a
tun/tap device, that might be a fairly easy way to get the frames to it.

Basically, you open /dev/net/tun, and do some ioctl() magic to create a
virtual NIC.  Then, any write() calls you make to the character device
act like a frame coming up the network stack, and any read() calls you
make will (block, then) return with each frame sent out that interface.
Basically, think of your program as the physical layer for this NIC.
(You have to do some select() magic to handle traffic flowing in both
directions, but at least writing to the character device never blocks.)

You could then encapsulate each frame with at minimum its length, and
send the result to the APs.  If you want to make this channel a bit more
secure, I'd suggest using an ssh session and port forwarding.

The issue would be whether the APs would support behavior like this; I
suspect it'd be pretty hard.  You could perhaps bridge the WLAN
interface and another tun/tap interface (that your AP-side program
creates), but I'm not sure how well that would work.

There are also issues with WEP, WPA, etc. -- you'd have to make sure
that either you send unencrypted data to the AP (and then you'd have to
handle the encryption-key ioctl()s somehow), so that the AP can encrypt
them, or you'd have to use a chipset that can send "raw" 802.11 data
frames, and your program would act as the bridge.  (Then the central
host would TKIP- or CCMP-encrypt all the traffic.)  Receiving data would
act the same way -- you'd have to either decrypt it at the AP or the
central host.  I assume you'd want the central host doing all the work,
so I'd look into a chipset that will allow you to send and receive raw
802.11 frames.

Most of this is just musing, though; I'm not sure if any of it is
actually possible.  :-)  (I've recently gotten a generic tunnel-over-ssh
program working here, which is why I thought of the tun/tap stuff.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20061128/b7ff79e2/attachment.pgp

More information about the Hostap mailing list