Subject: Re: proposal: API for Host AP Daemons
To: None <tech-net@netbsd.org>
From: David Young <dyoung@ojctech.com>
List: tech-net
Date: 10/09/2002 00:34:39
On Fri, Oct 04, 2002 at 03:45:14PM +0900, Atsushi Onoe wrote:
> > or the Internet. (Just think: the first AP with a standards-compliant
> > IAPP could run NetBSD, provided 802.11f ever emerges from committee. =)
> 
> First of all, I know almost nothing about IAPP or 802.11f.
> Does IAPP affect the basic management frame in 802.11?  For example,
> if an AP want to respond to Association-Request, does it need to interact
> someone via IAPP to make a decition if it is OK?

Yes.

When a STA sends a Reassociate Request to an AP, it is necessary for
the AP to confirm that the STA is already associated with an AP in the
ESS. The Reassociate Request contains a Current BSSID. Call the recipient
of the Request, the New AP, and its BSSID, the New BSSID.

If the STA's request carries a Current BSSID not equal to the New
BSSID, then the New AP must confirm with the Current AP that the STA is
associated.  Essentially, the New AP will ask the Current AP to forward
the STA's session context, which will include its association status,
its accounting and AAA information, etc. If the Current AP answers with
an error, or if the New AP times-out before the context is received,
reassociation should be denied with status code 11, "Reassociation denied
due to inability to confirm that association exists."

A user-level process, a "Host AP daemon," should implement the
confirmation; IMHO, it is a function too specialized and sophisticated
to belong in the kernel.

A user-level process may also desire to disassociate STAs by a more
sophisticated policy than the kernel. For example, it may disassociate
a STA because it was (re)associated least/most recently, because it is
least/most active of all STAs, because of an operator command, et cetera.

A user-level process can detect a STA "flapping" between APs and help
to damp it with its answers to (Re)Associate Requests.

Additionally, a user-level process may implement some new and peculiar
authentication scheme by answering Authenticate Requests.

All these functions of a user-level process are supported by an interface
to the Host AP functions of the kernel, such as what I described in my
previous e-mail.

Thoughts?

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Engineering from the Right Brain
                        Urbana, IL * (217) 278-3933