Re: Some Questions (WDS / WEP in Host AP mode)

From: Jouni Malinen (
Date: 2001-12-10 21:27:35 UTC

On Mon, Dec 10, 2001 at 09:09:48PM +0000, hristo wrote:

> 1. Can Host Ap connect to commercial bridges which are
> acting as bridge Master. Can WDS be made with this driver.
> If I have Commercial Bridge (SMC for instance Bridge Master)
> can I make Host AP to connect to this bridge (Bridge Master)
> and act as an AP (for roaming)
> 2. Can Host AP be configured to act as bridge
> slave/master(WDS Again).I have two machines (Linux and Host
> AP) and they Both act as Ap and to be able to talk to each
> other (WDS)

So far I haven't experimented with WDS very much and I do not know all details about it. The driver would probably require some changes, but I would assume this to be doable if there is use for this kind of functionality.

Current version allows two APs to communicate in a "pseudo ad-hoc" manner (send frames without associating to each other). However, the driver does not yet use four-address frames (i.e., additional A4 field in 802.11 header) that would probably be required for distributing packets. If there would be use for this, it should be possible to implement it in the host driver. Adding the fourth address field should be trivial, but the driver would probably also need some decision logic for determining which frames are sent to which peer (and this would probably be dynamically configured by a user space helper daemon).

> 3. Why Wep is disabled in AP mode? I think it was supported
> in this mode in previous versions

It was "supported" in previous versions (i.e., driver allowed it to be configured), but should not really have been. Station firmware does not seem to support WEP in Host AP mode. Even though the card is configured for WEP, it may send and accept plain text packets. I think it is better to clearly disable WEP than to risk having this kind of situations.

WEP could be implemented in the host driver for Host AP mode, but I'm not very keen on supporting WEP due to its more or less total insecurity.. Using strong encryption with, e.g., IPSec or SSH tunnels would be a much better method for protecting wireless networks.

Jouni Malinen                                            PGP id EFC895FA

This archive was generated by hypermail 2.1.4.