HotSpot 2.0

Owned by Dejan Pojbič
Nov 12, 2024
5 min read

General

Feature is about adding support for HotSpot 2.0 (Wi-Fi Alliance Certified Passpoint) to OpenSync.

Controller has to set up HotSpot 2.0 configuration through Passpoint_Config table. Then one of the BSS-es have to be configured with Wifi_VIF_Config::passpoint_config UUID pointing to the entry in Passpoint_Config table.

Please note, that Key Management (WPA2-EAP, WPA3-EAP, …) and all other BSS (VIF) specific configurations still have to be set in Wifi_VIF_Config table.

Northbound API

Passpoint_Config

 

Comments

Passpoint_Config

 

Comments

enabled

bool

reqiured

Enables/disables HotSpot 2.0 and Interworking Elements.

Note that it controls HS2.0 for all the VIF’s referring to this row.

osen

bool

Enables/disables OSU Server-Only Authenticated L2 Encryption Network (deprecated)

anqp_domain_id

integer

[0..65535]

A number within a range of 0x0-0xffff. It is used to group APs advertising the same set of ANQP parameters. The same integer value means that client device don’t have to fetch ANQP parameters from AP, but can assume it is the same as received from other AP with the same anqp_domain_id.

It is mutually exclusive with pps_mo_id!

pps_mo_id

integer

[0..65535]

A number within a range of 0x0-0xffff. It is used to suggest PerProviderSubscription Management Object ID. Client device uses this to determine if the profile installed is in correct version and ‘matches’ AP.

It is mutually exclusive with anqp_domain_id!

operator_friendly_name

string

max: 16 entries

“{3}:{1..252}”

Defines a list of language:friendly_name tuples, where language is encoded with ISO-639 3-character country code.

Examples:

  • ["eng:OperatorFN1", "slv:Operaterju prijazno ime"]

adv_wan_status

bool

reqiured

Sets a value for HotSpot 2.0 ANQP WAN Metrics subelement field named Link Status.

true sets it to 01 - Link up and false to 02 - Link down

adv_wan_symmetric

bool

reqiured

Sets a value for HotSpot 2.0 ANQP WAN Metrics subelement field named Symmetric Link.

true indicates that uplink WAN connection has symmetrical uplink/downlink throughputs.

adv_wan_at_capacity

bool

reqiured

Sets a value for HotSpot 2.0 ANQP WAN Metrics subelement field named At Capacity.

true indicates that WAN uplink is fully congested. This may impact client’s connection decision!

t_c_filename

string

Terms and Conditions filename. BSS adds this value while sending RADIUS Access-Request message so that the AAA server knows which T&C the AP requires its users to accept.

t_c_timestamp

integer

AP adds this value while sending RADIUS Access-Request message so that the server knows the timestamp of T&C the AP requires its users to accept. Value is an Unix Epoch timestamp of the last T&C file modification.

osu_ssid

string

SSID of the ESS used for Online Sign-Up (deprecated)

osu_providers

list of uuid’s

Specifies list of Online Sign-Up Providers. UUID’s in this list refer to the Passpoint_OSU_Providers table entries. This field and referenced table was designed, but never used due to deprecation of the OSU feature. (deprecated)

 

 

 

access_network_type

integer

[0-15]

0 - Private Network
1 - Private Network with Guest Access
2 - Chargeable Public Network
3 - Free Public Network (default)

IEEE Std 802.11-2020 table 9-236

asra

bool

Controls Additional Step Required for Access field in the Interworking Information Element.

true indicates that network requires an additional step defined in Network Authentication Type field to get access.

venue_group

integer

[0-255]

Indicate the type of Venue advertised in the Interworking Element

e.g.

  • 7,1 - Private Residence

  • 1,13 - Coffee Shop

  • 2,0 - Unspecified Business

IEEE Std 802.11-2020 table 9-65.

venue_type

integer

[0-255]

hessid

string

“xx:xx:xx:xx:xx:xx”

where each xx is an 8-bit hexadecimal value

{17}

required

Homogeneous Extended Service Set Identifier.

Specifies the target specific HESSID network identifier or the wildcard network identifier.

roaming_consortium

list of strings

up to 8 RCOIs supported

A list of Roaming Consortium Organization Identifiers to advertise. Note that only 3 values are advertised in Beacon frames. The remaining list is available only through ANQP Query.

venue_name

list of strings

up to 16 values supported

{4..255}

Provides zero or more (up to 16) Venue Names associated with BSS. Supplied string must match the format %d:%3s:%s corresponding to VenueIndex:Language:VenueName, where language is encoded with ISO-639 3-character country code.

e.g.

  • 1:eng:ExampleVenue

  • 1:slv:PrimerKraja

  • 2:eng:ExampleVenue2

venue_url

list of strings

up to 16 values supported

{2..255}

The list of one or more (up to 16) URLs that can be used for web page advertising services or providing information, particular to a venue’s BSS. Field must match the format %d:%s corresponding to VenueIndex:URL, where URL is defined in accordance to IETF RFC 3986.

network_auth_type

 list of integers

[0-255]

 

List of Network authentication Type identifiers.

# Network Authentication Type Indicator values: 00 = Acceptance of terms and conditions 01 = On-line enrollment supported 02 = http/https redirection 03 = DNS redirection

only valid when ASRA is set to true.

IEEE Std 802.11-2020 table 9-332

network_auth_t_c_url

string

{0-255}

Formatted in accordance to IETF RFC 3986. Specifies a URL to obtain Terms and Conditions if Additional Step Required for Access is true and Network Authentication Type is 00 - Acceptance of terms and conditions.

network_auth_redirect_url

string

{0-255}

Formatted in accordance to IETF RFC 3986. Specifies a redirect URL if Additional Step Required for Access is true and Network Authentication Type is 02 - http/https redirection.

domain_name

list of strings

up to 16

{2-255}

List of domain names supported for authentication with this AP. It’s defined in accordance to “Preferred Name Syntax” defined in IETF RFC 1035.

list_3gpp

list of strings

up to 64

{2-15}

Corresponds to 3GPP Cellular Network ANQP-element values. Each entry is a Mobile Country Code (MCC) and Mobile Network Code (MNC) pair in MCC,MNC format.

nairealm_list

list of strings

up to 64

{2-64}

A list of network access identifier (NAI) realms corresponding to Service Providers or other entities whose networks or services are accessible via this AP.

encoding: 0 - NAI Realm is formatted in accordance to IETF RFC 4282 encoding: 1 - not formatted in accordance to IETF RFC 4282 (UTF-8)

<encoding>,<NAI Realm>,<EAPMethod>[AuthParamType(s)][..]

Example: 0,example.com,13[5:6],21[5:7]

0 - IETF RFC 4282 formatted

example.com - domain http://example.com

13 - EAP-TLS (IANA EAP Methods value)

[5:6] - Authentication Parameter Type: 5 - Credential Type (Table 9-335 IEEE Std 802.11-2020), 6 - enum value “Certificate”

21 - EAP-TTLS (IANA EAP Methods value)

[5:7] - Authentication Parameter Type: 5- Credential Type, 7 - Username/Password

EAP methods (for this context) are defined in table 9-355 of IEEE Std 802.11-2020

anqp_elem

string

{1-1024}

Used for testing!

Any arbitrary ANQP element can be added using syntax <ANQPElementId>:<hexdump of payload>

ANQP Element ID’s are defined in Table 9-331 of IEEE Std 802.11-2020.

Southbound API

Feature uses hostapd daemon with nl80211 driver to configure parameters of HotSpot2.0 included in Beacons, Probe Req/Res and ANQP messages.

Implementation follows closely an interface defined by hostapd so for further guidance please refer to hostap's official Git repository.

Implementation errata for Broadcom

Broadcom platforms have to be treated with a special attention, because BCM proprietary driver does not support nl80211 configuration interface that allows setting up ANQP parameters. Instead Broadcom delivers a proprietary binary that reads parameters from nvram memory, attaches itself to wireless interface, intercepts ANQP requests and responds to requestors. Additionally it adds required parameters to management frames, so HotSpot 2.0 configuration has to be removed from hostapd configuration file (if used), otherwise Beacon frame will contain a HotSpot 2.0 Indication IE twice.

Broadcom support comes with OpenSync 6.4.2 version.

Requirements

No special attention is needed while using OpenSync 6.4 native implementation of HotSpot 2.0 on platforms that fill below requirements:

  • use hostapd to construct IEEE802.11u Information Elements in Beacon frames e.g.

    • Interworking IE

    • Advertisment Protocol IE

    • Roaming Consortium IE

  • use hostapd to add Wi-Fi Alliance’s Vendor Specific HotSpot 2.0 Indication Element

  • support ANQP elements defined in Passpoint Specification v3.3 in the Wi-Fi driver

Remarks for integration:

  • Customers need to use their own RADIUS/AAA infrastructure and tools for generating HotSpot 2.0 end-device configuration profiles.

  • Any additional network configuration control e.g. network zones, traffic separation, throughput throttling etc. is not a subject of HotSpot2.0 configuration.

  • Limited security features support with HotSpot 2.0