Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Allow client isolation to be configured (ap_isolate=1)

Client isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging is
allowed.
Felix Fietkau 14 years ago
parent
5a5009dc92
commit
d3b4286967
4 changed files with 22 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      hostapd/config_file.c
  2. 4 0
      hostapd/hostapd.conf
  3. 1 0
      src/ap/ap_config.h
  4. 15 0
      src/ap/ap_drv_ops.c

+ 2 - 0
hostapd/config_file.c
View File 

@@ -1282,6 +1282,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 
 			}
 
 		} else if (os_strcmp(buf, "wds_sta") == 0) {
 
 			bss->wds_sta = atoi(pos);
 
+		} else if (os_strcmp(buf, "ap_isolate") == 0) {
 
+			bss->isolate = atoi(pos);
 
 		} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
 
 			bss->ap_max_inactivity = atoi(pos);
 
 		} else if (os_strcmp(buf, "country_code") == 0) {

+ 4 - 0
hostapd/hostapd.conf
View File 

@@ -357,6 +357,10 @@ wmm_ac_vo_acm=0
 
 # use a separate bridge.
 
 #wds_bridge=wds-br0
 
 
+# Client isolation can be used to prevent low-level bridging of frames between
 
+# associated stations in the BSS. By default, this bridging is allowed.
 
+#ap_isolate=1
 
+
 
 ##### IEEE 802.11n related configuration ######################################
 
 
 # ieee80211n: Whether IEEE 802.11n (HT) is enabled

+ 1 - 0
src/ap/ap_config.h
View File 

@@ -199,6 +199,7 @@ struct hostapd_bss_config {
 
 	struct mac_acl_entry *deny_mac;
 
 	int num_deny_mac;
 
 	int wds_sta;
 
+	int isolate;
 
 
 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
 
 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */

+ 15 - 0
src/ap/ap_drv_ops.c
View File 

@@ -281,6 +281,14 @@ static int hostapd_set_radius_acl_expire(struct hostapd_data *hapd,
 
 }
 
 
 
+static int hostapd_set_ap_isolate(struct hostapd_data *hapd, int value)
 
+{
 
+	if (hapd->driver == NULL || hapd->driver->set_intra_bss == NULL)
 
+		return 0;
 
+	return hapd->driver->set_intra_bss(hapd->drv_priv, !value);
 
+}
 
+
 
+
 
 static int hostapd_set_bss_params(struct hostapd_data *hapd,
 
 				  int use_protection)
 
 {
 
@@ -331,6 +339,13 @@ static int hostapd_set_bss_params(struct hostapd_data *hapd,
 
 		ret = -1;
 
 	}
 
 
+	if (hostapd_set_ap_isolate(hapd, hapd->conf->isolate) &&
 
+	    hapd->conf->isolate) {
 
+		wpa_printf(MSG_ERROR, "Could not enable AP isolation in "
 
+			   "kernel driver");
 
+		ret = -1;
 
+	}
 
+
 
 	return ret;
 
 }