IEEE 802.11 management frames filtering with nftables
Opty
opty77 at gmail.com
Thu Nov 9 03:50:29 PST 2023
On Tue, Jul 25, 2023 at 3:18 PM Michael Richardson <mcr at sandelman.ca> wrote:
> Opty <opty77 at gmail.com> wrote:
> > can I filter IEEE 802.11 management frames with nftables?
>
> > I want to get rid off
>
> > root at tplink:~# logread -e 'hostapd: wlan0: STA d8:1f:12:33:9e:aa IEEE
> > 802.11: did not acknowledge authentication response' | wc -l 12982
>
> I don't think that this is a message about a frame, so whatever nftables does
> makes no difference.
> It's a message from hostapd saying that it got no reply.
Not directly but related.
IIRC from my own experience these messages indicate weak signal of a
device trying to authenticate.
>
> > flooding the log but I'd also like to know about it in an aggregated
> > form (like 1/hour). From what I've read so far I got an impression that
> > those frames won't get it to nftables unless hostapd authenticates the
> > STA.
>
> I think you'd have to change hostapd code.
> If your goal is to limit that message to once/hour for all stations, that
> probably easy. If you want to limit it to once/hour/station, then that might
> require more infrastructure to remember things.
Unfortunately (?) won't happen -- low cost/benefit ratio.
I gave up some time ago and started using MAC address filter which
seems to work so far although I can't easily prove it. :-)
Regards,
Opty
More information about the Hostap
mailing list