From d3b4286967697113ad9bc5e8e84effd16a978baf Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Tue, 9 Nov 2010 16:27:15 +0200
Subject: [PATCH] Allow client isolation to be configured (ap_isolate=1)

Client isolation can be used to prevent low-level bridging of frames
between associated stations in the BSS. By default, this bridging is
allowed.
---
 hostapd/config_file.c |  2 ++
 hostapd/hostapd.conf  |  4 ++++
 src/ap/ap_config.h    |  1 +
 src/ap/ap_drv_ops.c   | 15 +++++++++++++++
 4 files changed, 22 insertions(+)

diff --git a/hostapd/config_file.c b/hostapd/config_file.c
index c2083f676..36b75e50c 100644
--- a/hostapd/config_file.c
+++ b/hostapd/config_file.c
@@ -1282,6 +1282,8 @@ struct hostapd_config * hostapd_config_read(const char *fname)
 			}
 		} else if (os_strcmp(buf, "wds_sta") == 0) {
 			bss->wds_sta = atoi(pos);
+		} else if (os_strcmp(buf, "ap_isolate") == 0) {
+			bss->isolate = atoi(pos);
 		} else if (os_strcmp(buf, "ap_max_inactivity") == 0) {
 			bss->ap_max_inactivity = atoi(pos);
 		} else if (os_strcmp(buf, "country_code") == 0) {
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index afeb20657..fe97ea87e 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -357,6 +357,10 @@ wmm_ac_vo_acm=0
 # use a separate bridge.
 #wds_bridge=wds-br0
 
+# Client isolation can be used to prevent low-level bridging of frames between
+# associated stations in the BSS. By default, this bridging is allowed.
+#ap_isolate=1
+
 ##### IEEE 802.11n related configuration ######################################
 
 # ieee80211n: Whether IEEE 802.11n (HT) is enabled
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index be2e33465..a95ebe9ac 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -199,6 +199,7 @@ struct hostapd_bss_config {
 	struct mac_acl_entry *deny_mac;
 	int num_deny_mac;
 	int wds_sta;
+	int isolate;
 
 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
diff --git a/src/ap/ap_drv_ops.c b/src/ap/ap_drv_ops.c
index 001c4c799..0ac5289d4 100644
--- a/src/ap/ap_drv_ops.c
+++ b/src/ap/ap_drv_ops.c
@@ -281,6 +281,14 @@ static int hostapd_set_radius_acl_expire(struct hostapd_data *hapd,
 }
 
 
+static int hostapd_set_ap_isolate(struct hostapd_data *hapd, int value)
+{
+	if (hapd->driver == NULL || hapd->driver->set_intra_bss == NULL)
+		return 0;
+	return hapd->driver->set_intra_bss(hapd->drv_priv, !value);
+}
+
+
 static int hostapd_set_bss_params(struct hostapd_data *hapd,
 				  int use_protection)
 {
@@ -331,6 +339,13 @@ static int hostapd_set_bss_params(struct hostapd_data *hapd,
 		ret = -1;
 	}
 
+	if (hostapd_set_ap_isolate(hapd, hapd->conf->isolate) &&
+	    hapd->conf->isolate) {
+		wpa_printf(MSG_ERROR, "Could not enable AP isolation in "
+			   "kernel driver");
+		ret = -1;
+	}
+
 	return ret;
 }