Multi-AP: Add hostapd config option to disallow certain profiles

Add a new config option "multi_ap_client_disallow" to control allowing
backhaul STA with certain profiles alone to associate. This is done to
adhere to Wi-Fi EasyMesh specification which defined rules to
allow/disallow association of backhaul STA of certain profiles.

Signed-off-by: Manoj Sekar <quic_sekar@quicinc.com>

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index 668317300d71af6523c6e4e4cfbd1bc876f6e5b1..2f9c9286a65c6ad9563e808cedd386200985efca 100644 (file)
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -4812,6 +4812,16 @@ static int hostapd_config_fill(struct hostapd_config *conf,
                        return -1;
                }
                bss->multi_ap_profile = val;
+       } else if (os_strcmp(buf, "multi_ap_client_disallow") == 0) {
+               int val = atoi(pos);
+
+               if (val < 0 || val > 3) {
+                       wpa_printf(MSG_ERROR,
+                                  "Line %d: Invalid multi_ap_client_allow '%s'",
+                                  line, buf);
+                       return -1;
+               }
+               bss->multi_ap_client_disallow = val;
        } else if (os_strcmp(buf, "rssi_reject_assoc_rssi") == 0) {
                conf->rssi_reject_assoc_rssi = atoi(pos);
        } else if (os_strcmp(buf, "rssi_reject_assoc_timeout") == 0) {

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 8d3d32838a42030845eb035625e2eef9250aa874..ca1989893146663237f20aeabdcde0d505e1299c 100644 (file)
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -2571,6 +2571,13 @@ own_ip_addr=127.0.0.1
 # 2 = Supports Multi-AP profile 2 as defined in Wi-Fi EasyMesh specification
 #multi_ap_profile=2
 
+# Multi-AP client disallow
+# Used to disallow profile specific backhaul STA association
+# Bitmap of the disallowed Profile-X profiles
+# 1 = Profile-1 Backhaul STA association disallowed
+# 2 = Profile-2 Backhaul STA association disallowed
+#multi_ap_client_disallow=0
+
 # WPS UPnP interface
 # If set, support for external Registrars is enabled.
 #upnp_iface=br0

diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index bbc63dc3f0c2a42f04443bab5375e3c5bfd309a9..3254bfd8cf06f5cf7150b5f51bc9fccf2bc417d0 100644 (file)
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -801,6 +801,11 @@ struct hostapd_bss_config {
 #define FRONTHAUL_BSS 2
        int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */
        int multi_ap_profile;
+       /* Multi-AP Profile-1 clients not allowed to connect */
+#define PROFILE1_CLIENT_ASSOC_DISALLOW BIT(0)
+       /* Multi-AP Profile-2 clients not allowed to connect */
+#define PROFILE2_CLIENT_ASSOC_DISALLOW BIT(1)
+       unsigned int multi_ap_client_disallow;
 
 #ifdef CONFIG_AIRTIME_POLICY
        unsigned int airtime_weight;

diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
index f3761dce8dbbc8331a8c1c5f61d0fe06214c73ab..dfc5a5c392118bd1206c282a1c28882bb3720f53 100644 (file)
--- a/src/ap/ieee802_11.c
+++ b/src/ap/ieee802_11.c
@@ -100,6 +100,15 @@ static u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid, size_t len)
        if (hapd->conf->multi_ap & FRONTHAUL_BSS)
                multi_ap.capability |= MULTI_AP_FRONTHAUL_BSS;
 
+       if (hapd->conf->multi_ap_client_disallow &
+           PROFILE1_CLIENT_ASSOC_DISALLOW)
+               multi_ap.capability |=
+                       MULTI_AP_PROFILE1_BACKHAUL_STA_DISALLOWED;
+       if (hapd->conf->multi_ap_client_disallow &
+           PROFILE2_CLIENT_ASSOC_DISALLOW)
+               multi_ap.capability |=
+                       MULTI_AP_PROFILE2_BACKHAUL_STA_DISALLOWED;
+
        multi_ap.profile = hapd->conf->multi_ap_profile;
 
        return eid + add_multi_ap_ie(eid, len, &multi_ap);
@@ -3449,6 +3458,26 @@ static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
                               "Multi-AP IE with unexpected value 0x%02x",
                               multi_ap.capability);
 
+       if (multi_ap.profile == MULTI_AP_PROFILE_1 &&
+           (hapd->conf->multi_ap_client_disallow &
+            PROFILE1_CLIENT_ASSOC_DISALLOW)) {
+               hostapd_logger(hapd, sta->addr,
+                              HOSTAPD_MODULE_IEEE80211,
+                              HOSTAPD_LEVEL_INFO,
+                              "Multi-AP Profile-1 clients not allowed");
+               return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
+       }
+
+       if (multi_ap.profile >= MULTI_AP_PROFILE_2 &&
+           (hapd->conf->multi_ap_client_disallow &
+            PROFILE2_CLIENT_ASSOC_DISALLOW)) {
+               hostapd_logger(hapd, sta->addr,
+                              HOSTAPD_MODULE_IEEE80211,
+                              HOSTAPD_LEVEL_INFO,
+                              "Multi-AP Profile-2 clients not allowed");
+               return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
+       }
+
        if (!(multi_ap.capability & MULTI_AP_BACKHAUL_STA)) {
                if (hapd->conf->multi_ap & FRONTHAUL_BSS)
                        return WLAN_STATUS_SUCCESS;

diff --git a/src/common/ieee802_11_defs.h b/src/common/ieee802_11_defs.h
index 147ab7322e4f9610d60760db126847ce66889396..b248a5cac0558a2f2eeb7e584a500d5fd718737e 100644 (file)
--- a/src/common/ieee802_11_defs.h
+++ b/src/common/ieee802_11_defs.h
@@ -1449,6 +1449,8 @@ struct ieee80211_ampe_ie {
 #define MULTI_AP_SUB_ELEM_TYPE 0x06
 #define MULTI_AP_PROFILE_SUB_ELEM_TYPE 0x07
 
+#define MULTI_AP_PROFILE2_BACKHAUL_STA_DISALLOWED BIT(2)
+#define MULTI_AP_PROFILE1_BACKHAUL_STA_DISALLOWED BIT(3)
 #define MULTI_AP_TEAR_DOWN BIT(4)
 #define MULTI_AP_FRONTHAUL_BSS BIT(5)
 #define MULTI_AP_BACKHAUL_BSS BIT(6)