Beacon Stuffing using hostapd

Pedro Salazar pedrom.stj at gmail.com
Tue Jun 30 11:14:58 EDT 2015


Hi all,
I'm a final year master student and I'm currently working on my master
thesis.

One of the first objectives I'm trying to achieve is to perform beacon
stuffing using the Vendor Specific Information Element (IE 221) to pass
around some network metrics in Beacons. Nodes will be running hostapd.
To enable this Information Element in beacons and probe response frames I
used the "vendor_elements" field in the hostapd.conf file and everything is
working fine.
Although, my metrics change during run-time so I need to be able to change
the IE 221 without restarting hostapd.

After tracing the hostapd source code I still can't find the solution to my
problem: How to change the IE 221 during run time?

I see that the vendor_elements is loaded from the configuration file
in *hostapd_config_fill
*(inside config_file.c) and that the beacon is constructed in
*ieee802_11_build_ap_params* (inside beacon.c). Then it seems that
*wpa_driver_nl80211_set_ap* (inside driver_nl80211.c) sends Head and Tail
beacon parts to cfg80211 then everything is handled by the lower level
drivers. Am I right?

Using Debug Mode I can see that hostapd is in charge of handling both MLME
and Probe Req/Rep frames. But what about Beacons, does hostapd also send
the beacon frames or are these handled by mac80211?

What I am trying to understand is where should I focus if I want to update
the IE 221 during run time. Could I use for example the
ieee802_11_update_beacons function to achieve this?

Sorry for such a long email, but I've been trying to solve this question
for quite a long time and the deadline is getting closer and closer.

Best Regards,
Pedro Salazar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.shmoo.com/pipermail/hostap/attachments/20150630/c4521875/attachment-0001.htm>


More information about the HostAP mailing list