From: Benjamin Berg <benjamin.berg@xxxxxxxxxxxxx> The current roaming implementation requires prior knowledge about all other hostapd instances on the network and one must have an AES key assigned to each pair of APs. This is bad from a deployment perspective as further APs cannot be added or removed easily and a list of all APs is required to configure hostapd. This patch series adds the possibility to use a common static key to exchange the information for FT to work. Using a common key has the disadvantage that the key is disclosed if a single AP is compromised. With this series applied setting the ft_remote_key option and configuring the mobility domain should allow using roaming inside the layer two network. The bssid, nas_identifier and r1_key_holder should match when configuring the AP like this. The nas_identifier and r1_key_holder will be set to the BSSID automatically if it is specified. Benjamin Berg (6): FT: Allow roaming between APs if IDs match MAC FT: Default IDs to BSSID if static roaming key is defined. tests: Test FT roaming using fixed key and mac as IDs FT: Re-calculate PMK-R0 for pull requests if value is not cached. FT: Implement basic cache expiration and limiting l2: Add outgoing listener to catch packets from other hostapd hostapd/config_file.c | 9 ++ src/ap/ap_config.c | 31 +++- src/ap/ap_config.h | 2 + src/ap/wpa_auth.h | 3 + src/ap/wpa_auth_ft.c | 339 ++++++++++++++++++++++++++++++++++------ src/ap/wpa_auth_glue.c | 19 ++- src/l2_packet/l2_packet.h | 14 ++ src/l2_packet/l2_packet_linux.c | 70 +++++++++ tests/hwsim/test_ap_ft.py | 42 +++++ 9 files changed, 473 insertions(+), 56 deletions(-) -- 2.9.3 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
