Do Hostap support Authorization or some kind of traffic control?

Jouni Malinen j at w1.fi
Tue Apr 6 11:17:09 EDT 2010


On Wed, Mar 31, 2010 at 01:16:51PM -0300, Douglas Diniz wrote:

> Now I want to try Authorization. I have a computer that works as a
> wireless AP to some clients. I use hostap for authentication with a
> radius server (using freeradius). There is no traffic control for the
> clients, so what I want to do is to control the traffic based on the
> user. Do HostAP support this traffic control based on the
> authentication?

There is currently no support for doing this.

> Until this moment I can do traffic control with netfilter, but
> everything is manual, so I want automatize this procedure based on
> some client information stored in the radius server.

If you have pre-configured netfilter chains in place and want to assign
users to a specific chain based on information on the RADIUS server,
adding support for Filter-Id attribute could be the easiest way of
achieving this. It should be relatively simple to add code for
processing this attribute in Access-Accept messages and then update
firewall configuration based on the received Filter-Id value for the
specific station (and maybe also store that value and clear the firewall
setting when the station gets disconnected/unauthorized).

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list