[PATCH v4 0/4] Add support for HS20 data frame filtering
Jouni Malinen
j at w1.fi
Fri Apr 8 05:49:06 PDT 2016
On Wed, Apr 06, 2016 at 05:14:39PM +0300, Ilan Peer wrote:
> On association to an HS2.0 network, configure the following filtering
> based on the net-sysfs APIs (based on net-next tree).
>
> 1. Enable gratuitous ARP filtering
> 2. Enable unsolicited Neighbor Advertisement filtering
> 3. Enable GTK filtering if DGAF disabled bit is zero
>
> In this version the filter configuration is done early in the
> beginning of the connection flow which is not strictly compliant
> with the HS 2.0 release 2 specification that requests to configure
> the filters only after the IP address is set to avoid possible race
> conditions. This can be changed later if needed.
Thanks, applied with some fixes (wpa_drv_configure_frame_filters() call
from wpa_supplicant_cleanup() resulted in NULL pointer dereference in
case interface initialization failed).
I've discussed the Hotspot 2.0 specification text and concluded that the
correct behavior here is to ignore the part that might imply that IP
address needs to be obtained before enabling filtering, so the design in
this patch set is fine for that area.
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list