•  30-06-2022
  •  | 
  •  

Question

I'm creating an access point with no Internet access. Users can view content hosted locally on a Raspberry Pi

I want a jump-off point where the user can share something on Facebook. At this point I would need them to be kicked from the WiFi network so they can use their own 3G/4G connection.

How can I force a mac address off the access point instantly without restarting hostapd?

Was it helpful?

Solution

You an use the hostapd_cli command to control the hostapd daemon. To force a client off the wifi you can use either the "disassociate" or the "deauthenticate" command.

hostapd_cli deauthenticate 00:5e:3d:38:fe:ab

make sure you have the ctrl_interface properly set in your hostapd config!

The default is this: 

ctrl_interface=/var/run/hostapd

It depends on the Client if it will reconnect right away though. This could be "remedied" by filtering his packets using iptables so he doesn't get an IP anymore and thus is highly likely to not try and connect again.

NOTE: Doing the latter with iptables might make the client "blacklist" your AP, at least for a certain time!

NOTE2: If you do not provide a default route with your DHCP-Server you should not need to disconnect them from the wifi at all. Though most devices (Smartphones) will avoid the wifi alltogether since it's not what they expect (an internet connection).

OTHER TIPS

Like Badmaster's answer, the Client will try to reconnect to the AP in my case and it got connected. But in my case I want to force the Client disconnected and the AP will not accept it when reconnecting.

So I just add some codes in related function of disassociate, before it call the function hostapd_drv_sta_disassoc() in file ctrl_iface_ap.c in function hostapd_ctrl_iface_disassociate. I add codes of adding the mac address of the Client to the mac deny list in hapd->conf->deny_mac. Before make these codes working you should make sure your settings of mac access control in file hostapd.conf is right.

then then command hostapd_cli deauthenticate 00:5e:3d:38:fe:ab can force the Client disconnect and will not connect again.

At the same time, I create a function to remove the mac address from the mac deny list to allow the Client connecting.

the example of modifying source codes is as follows:

  1. Force disconnect a P2P Client/STA from GO/AP side

  2. hostapd: make it possible to remove addresses from maclists

The prevent your sta rejoin the network automatically, before the 'hostapd_cli deauthenticate ' cmd, you could run cmd below to enable allowed macaddr list hostapd_cli macaddr_acl 1

Assuming the macaddr has not been added in the allowed list it will be prevented to join.

Later disable it via hostapd_cli macaddr_acl 0 so that the sta can join

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top