How to enable FILS (Fast Initial Link setup, defined in the IEEE80211ai standard) feature in the OpenWrt Wi-Fi AP mode?

Dear OpenWrt team,

I would like to have a check on how to enable FILS feature when configuring OpenWrt as a Wi-Fi AP (actually I download the latest snapshot factory image for Raspberry Pi3B+ platform and flashed SD card with this image). May I have an example configuration on /etc/config/wireless to enable this feature? If so, that would be very helpful. Thanks in advance.

BTW, if my understanding is correct from reading the IEEE80211ai standard, AP which can support FILS capability would broadcast Beacon frame with FILS Indication element (element ID: 240) and also set FILS Capability bit (bit 72) in the Extended Capabilities element. However, when I use wireshark to capture the packet over the air, I didn't notice these kind of information appeared in the Beacon frame sent from AP (Raspberry Pi 3B+ running OpenWrt).

Please correct me if I miss something and any feedback is welcomed.

Thanks!

Hello new member,

as this specification is from November 2018 and is published in the first quarter of 2019, i doubt that this 802.11 extension is already supported by OpenWRT itself.
Further more i doubt it's supported on hostapd that is used for managing wifi ap's in OpenWRT.
If it's supported by hostapd, someone could bump hostadp to this new version on OpenWRT master branch and add support for this configuration options in the openwrt configs.

Greets

Hi Juppin,

Thanks for reply!

Yes, I think latest hostapd already supports FILS feature. If you download hostapd 2.8 source code, there are two config macros 'CONFIG_FILS' and 'CONFIG_FILS_SK_PFS' for enabling FILS feature. And in the hostapd.conf file, we can file bunches of configuration params related to FILS.

However, I tried to enable this macro and enable parts of the params in the hostapd.conf. I still cannot find any FILS Indication element appeared in the Beacon frame sent from hostapd. Maybe I have some incorrect configuration for that.

Not sure if anyone who already enabled this feature successfully, that would be super helpful if who can share the example config.

Thanks!

https://git.openwrt.org/?p=openwrt%2Fopenwrt.git&a=search&h=HEAD&st=grep&s=CONFIG_FILS

implies that it only pertains to

ath79: add support for D-Link DIR-842 C3

and even there it appears being commented out (being experimental)

# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
# Note: This is an experimental and not yet complete implementation. This
# should not be enabled for production use.
#CONFIG_FILS=y
# FILS shared key authentication with PFS
#CONFIG_FILS_SK_PFS=y

Hi km,

The experiment flag has been removed since Jan 22 (commit: 13a200a9) in hostap git repo. I guess that this feature has been verified already in practice and unittest.

I was also trying to validate this feature by compiling hostapd and wpa_supplicant source code and enable above two flags.

Below is my brief hostapd.conf

interface=wlan0
driver=nl80211
hw_mode=g
channel=11
ssid=hostapd
wmm_enabled=0

wpa=2
wpa_key_mgmt=FILS-SHA256
wpa_passphrase=12345678
rsn_pairwise=CCMP

However, when I started hostapd on Raspberry Pi and another one running wpa_supplicant, I used wpa_cli to scan the APs, and always get the AP(new added ssid "hostapd") with flags: "[WEP][ESS]" not "[WPA-FILS-SHA256-CCMP][ESS]".

Maybe i missed some config, please correct me if any. Thanks!

We talked different repos then - you source development whilst I looked at OpenWrt repo. Latter showing (master | 19.07)

PKG_RELEASE:=6
PKG_SOURCE_DATE:=2018-12-02

which seems to be matching source development stable version 2.7 / 2018-12-2


which version from source, 2.8 || 2.9 || master?


Out of my depth I am afraid. Seeing that the OpenWrt repo still flags the feature as experimental (and only implemented for a single device) and since you compiled from source I am not sure how much exposure/feedback this will currently get in this forum.

Why do you think it's only for one device?
I don't think this is true as it would make really no sense to build hodtapd for only one device differently than for all other devices.

queried the OpenWrt source code


If you have better input why not to share it with the community?

The commit you see is the commit which is the current HEAD and on this tree you are doing the search.
This is not related to your searched string.
I only want to inform you about your wrong assumption...

I'm interested in FILS too, but currently i don't have the time to play with it... So I'm following this thread...
If i have input that another person is probably interested in, i will share it here.

Edit: HEAD is always the commit that was most recently added to a branch

1 Like

My bad, thanks for clearing that up.

What remains though is that it is labelled experimental and commented out in the build time configuration.

3 Likes

Hi Slh,

Thanks for quick confirmation. Looks like FILS is kind of pretty recent feature, not too many platforms already support this.

Appreciate much for all of you guys' reply and feedback. And if anyone are interested in playing with hostapd and wpa_supplicant with FILS feature, for example, creating a wireless network with FILS enabled and verify the auth and HLP, we can discuss in details more.

Thanks!

Hi Km,

Yes, I pulled down the latest master branch of hostap and compiled hostapd and wpa_supplicant respectively.

FYI

1 Like