WDS and Dynamic WDS
(Note - this is a work in progress. Please bug Adrian if you see this message as he is currently trying to stay on top of documenting, debugging and extending it.)
WDS (Wireless Distribution System) is an early 802.11 method of linking multiple 802.11 devices together to provide WiFi relays and repeaters.
More information can be found in the Wikipedia page on Wireless Distribution System.
Unfortunately WDS did not specify how APs and relays would find each other, negotiate encryption settings and how they would determine which nodes would link to one another. WDS only specified the frame format used (called 4-address frames) which allow stations to act as relays for traffic.
Sam Leffler worked on an extension to WDS called Dynamic WDS (DWDS). Dynamic WDS implements a layer on top of WDS for connecting DWDS enabled APs, however as implemented in FreeBSD it currently does not implement a dynamic discovery method. DWDS, like WDS and other non mesh topologies, does not support loops in the DWDS enabled APs.
WDS versus DWDS
In WDS, each AP to AP link would require a static WDS association to be created. Adrian hasn't actually successfully configured legacy WDS although it in theory should work. It's just, well, not currently well documented.
DWDS is a little different. The dynamic part of Dynamic WDS involves an AP wishing to send relay traffic to another AP. When the remote AP sees this traffic, it creates a virtual station interface for that particular AP so it can bridge traffic to and from that AP using 4-address frames.
How it works
A DWDS enabled AP has three parts:
- The VAP is created with the dwds flag;
- wlanwds needs to run on the parent physical interface (not wlan0/wlan1/etc, it runs on ath0, ath1) as that is what net80211 is sending notifications from/to. This is a hold over from ye olde days;
- wlanwds will be provided with the details to create an interface and place it in the correct bridge group for traffic bridging:
# cat /var/run/wdsrun.wlan1 #! /bin/sh DEV=$1 ifconfig bridge0 addm $DEV ifconfig $DEV wepmode mixed ifconfig $DEV up #
Then whenever a 4-address frame appears from a new device, wlanwds will run the provided script to configure up a new wlanX interface for that particular station.
For the station side, a separate VAP is created - but it needs the dwds flag AND 'bssid' flag when it and the AP are created! - so it gets a new MAC address. Yes, it needs a different MAC to the AP or the receive path won't know whether it's traffic destined for DWDS processing or not.
Then wpa_supplicant is run on that particular node to associate, and it's added to the bridge0 group. The first time a packet is sent from an address that is not the STA MAC it will trigger a 4-address frame to be sent to the AP, establishing the DWDS session.
Traffic between all stations on a DWDS relay AP will be encrypted with one key to the primary AP. Yes, individual stations will have their own encryption keys to the AP itself, but AP to AP traffic is treated as a single station with a single encryption key.
Currently broadcast traffic to DWDS stations is done by a hostap interface. Ie, the data path isn't bridge -> DWDS STA interface, it's actually done via the hostap packet output path.
The only devices currently tested to work are ath(4) NICs. Other NICs which support 4-address frames with WEP or WPA/WPA2 key management may also work.
This DWDS implementation is likely used as the basis for a variety of other non-mesh AP extender configurations however the underlying mechanisms for discovery and association may differ. (eg the older Apple airport units use WDS/DWDS but how units find each other and configure up associations is much different to the FreeBSD implementation.)
Also note Apple's ProxySTA is not DWDS.
- there's no dynamic handling right now for discovering DWDS APs and configuring AP to AP links.
- the example wlanwds program indeed works but the machinery around it and net80211 currently requires the DWDS AP to be the first VAP. Ie, if you support multiple SSIDs on the same interface, the first configured VAP on that interface.
- .. and currently it only supports a single DWDS enabled VAP on a given AP. Technically this shouldn't be true but it's a shortcoming of how wlanwds currently works.
- WEP doesn't yet work; it /should/ ...
- Go figure out WEP;
- Go add DWDS info to the beacon so we can start tinkering with discovery, etc;
- Go figure out how to delete interfaces when they need to go away after a certain amount of idle time;