On 07/01/2019 15:30, Marianna Carrera wrote:
>> Since the specification doesn't say explicitly that a bSTA trying to associate
>> on a fronthaul-only BSS should be rejected, I think the easiest is to remove
>> this check again.
>
> Missed it as well. I think a bSTA trying to associate on a "fronthaul-only" BSS is a nominal case, so this check should indeed be removed as there is no reason to reject the bSTA.
>
> However, we may have consider the case where the device has only fronthaul BSSes, no backhaul BSS at all.
> I can't find a way in the Multi-AP specifications for a MAP Controller to provide a MAP Agent with the backhaul credentials, while not actually configuring a backhaul BSS at all.
>
> If that's correct, in theory, we could have a situation where there are one or more frounthaul BSSes configured (i.e., multi_ap=2) but no "multi_ap_backhaul_*" properties configured (cause the device has no mean to know them). When one of these BSSes with multi_ap=2 receives a WPS M1 from a "bSTA", it does not know the backhaul BSS credentials, so what credentials does it provide?
> Providing the credentials of the fronthaul BSS would be wrong per the MAP specs, so maybe rejecting it with an error would be best.
Good point.
Patch 11/12 adds:
+ if (wps->peer_dev.multi_ap_ext == MULTI_AP_BACKHAUL_STA &&
+ wps->wps->multi_ap_backhaul_ssid_len)
so that should become something like:
if (wps->peer_dev.multi_ap_ext == MULTI_AP_BACKHAUL_STA) {
if (!wps->wps->multi_ap_backhaul_ssid_len) {
return ERROR;
}
...
}
That would reject all bSTA requests if no backhaul BSS is configured, even if
hostapd is otherwise multiap-unaware. Not sure if that is approprate... On the
other hand, if a bSTA does WPS to an AP which is not multi-AP, it shouldn't use
those credentials anyway, so it's actually good to reject right away.
Regards,
Arnout
>
> What do you think?
>
> -marianna
>
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
