[ovs-discuss] Multiple Virtual Wireless Ports

Joo Yong-Seok joo.yongseok at gmail.com
Thu Jul 27 18:38:06 UTC 2017 

You can easily get the wireless STA mac-address from your AP. Then, you can
plumb the rule based on your wifi STA mac-address. There is no such a
"port" concept - inside wifi driver - specially if you are talking about
AP-STA association.

Actually, logical connection is "association". You can retrieve association
table and use the mac-address. Before any kind of packets are delivered to
bridge, association should happen first. From hostapd or some user-space
auth managing application, plumb ovs rule based on client mac - call
ovs-ofctl or other tools to create flows.

Linux and wifi driver doesn't support "port concept" on wifi association.

I hope it will help.

Best regards,

On Thu, Jul 27, 2017 at 10:59 AM, Michael Williams <mw7301 at hotmail.com>
wrote:

> When I WiFi interface I mean WLAN0 and in this particular box we have
> WLAN0 for the 5 GHz radio.
>
>
> When you add it to OvS you are just adding it as an individual port to the
> bridge. But if you have for example 4 computers connect wirelessly its like
> they are all connecting via that single port unlike if you plugged in 4
> computers via the wired ports where each computer would plug into a single
> individual port.
>
>
> My problem is I want to be able to control the traffic between the
> wireless devices using OvS in the same way that I can control the traffic
> between the wired devices.
>
>
> When you said added multiple wifi interfaces do you mean that you have
> multiple radios? Because we only have two and are only using one.
>
>
> ------------------------------
> *From:* Joo Yong-Seok <joo.yongseok at gmail.com>
> *Sent:* Thursday, July 27, 2017 1:33 PM
> *To:* Michael Williams
> *Cc:* Ben Pfaff; ovs-discuss at openvswitch.org
>
> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>
> When you say, "wifi interface", do you mean wlan interface (which is VAP)
> at AP? or low-level wifi interface?
> I don't know rate-limit since I've never tried but it works well for
> regular OVS rules.
>
> - Drop everything
> - Allow ARP
> - Allow DHCP
> - Allow DNS
>
> I applied the rule in one of ovs bridge and added multiple wifi interface
> over GRE tunnel.
>
> At least, I've tried this on top of Linux kernel 4.4 / OVS 2.6 - OPENWRT
> package.
>
> Best regards,
>
> On Thu, Jul 27, 2017 at 10:28 AM, Michael Williams <mw7301 at hotmail.com>
> wrote:
>
>> Hi Ben,
>>
>>
>> I don't think I explained it properly. Between the wired ports we
>> can apply Openflow rules to limit traffic between computers connected via
>> those wired ports, and that works with standard OvS. On the wireless WiFi
>> side I would like to be able do the same thing and to limit the traffic
>> between WiFi connected devices.
>>
>>
>> Since WiFi only has one interface and not multiple individual ports like
>> the wired stuff, my rules for dropping traffic between ports won't work. So
>> I was wondering if there was someway with OvS to limit or stop
>> traffic between WiFi connected computers?
>>
>>
>>
>> ------------------------------
>> *From:* Ben Pfaff <blp at ovn.org>
>> *Sent:* Thursday, July 27, 2017 12:57 PM
>> *To:* Michael Williams
>> *Cc:* ovs-discuss at openvswitch.org
>> *Subject:* Re: [ovs-discuss] Multiple Virtual Wireless Ports
>>
>> On Thu, Jul 27, 2017 at 01:33:23PM +0000, Michael Williams wrote:
>> > We have OvS running on a wireless router with 4 wired Ethernet
>> > ports. We can apply rules on the wired ports but when we try to apply
>> > rules on the wireless port the rules don't work between multiple
>> > wireless devices. Is there a way within OvS to treat the wireless
>> > interface like multiple virtual ports so that when a wireless device
>> > connects we can apply rules to govern behavior between the wireless
>> > devices like we can with the wired devices?
>>
>> OVS doesn't distinguish between different kinds of ports, so the
>> restrictions you're describing don't make sense; OVS doesn't work that
>> way.  You might be using a vendor's modified version of OVS.  If so,
>> then you should ask the vendor for assistance.
>>
>> _______________________________________________
>> discuss mailing list
>> discuss at openvswitch.org
>> https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-discuss/attachments/20170727/24f14628/attachment-0001.html>

More information about the discuss mailing list