Hostapd

Hostapd (Host access point daemon) is a user space software access point capable of turning normal network interface cards into access points and authentication servers. The current version supports Linux (Host AP, madwifi, mac80211-based drivers) and FreeBSD (net80211).

Scope of this document
Hostapd can do a lot of things, but only its most basic aspects will be covered in this article.

Requirement
A WiFi card with AP mode support is needed:

WiFi Technology
A brief reminder of the technology involved.

Access Point

 * An AP is like a wireless switch;
 * An AP can only use one band at a time: 2.4GHz OR 5GHz, a so-called "dual-band AP" is just one AP at 2.4GHz plus one at 5GHz;
 * An AP using the 2.4GHz band can be b, g and n at the same time (if the hardware supports it);
 * An AP using the 5GHz band can be a, n and ac at the same time (if the hardware supports it);
 * An AP can have multiple SSIDs, making it look like multiple APs, but all will share the same band AND channel.

What it can do

 * Create an AP;
 * Create multiple APs on the same card (if the card supports it, usually up to 8);
 * Create one AP on one card and another AP on a second card, all within a single instance of Hostapd;
 * Use 2.4GHz and 5GHz at the same time on the same card. This requires a card with two radios though, which is pretty rare (but hostapd supports it) - if the card creates two wlanX interfaces, you might be lucky;

What it cannot do

 * Create multiple APs on different channels on the same card. Multiple APs on the same card will share the same channel;
 * Create a dual-band AP, even with two cards. But it can create two APs with the same SSID;
 * Assign IPs to the devices connecting to the AP, a dhcp server is needed for that;
 * Assign an IP to the AP itself, it is not hostapd's job to do that;

IP, DHCP, and Routing
Hostapd only creates wireless Ethernet switches, it does not know about the IP protocol or routing.

IP of the AP
An AP's interface really is just an Ethernet interface:

DHCP
A DHCP server listening on the AP's interface will provide the AP's clients with IPs.

Routing
Nothing special about routing an AP, it behaves exactly like an Ethernet interface.

802.11b/g/n with WPA2-PSK and CCMP
A simple but secure AP with maximal compatibility for current hardware:

802.11a/n/ac with WPA2-PSK and CCMP
A simple but secure AP for recent hardware:

802.11b/g/n triple AP
Three APs on the same card, one with WPA2, one with WPA1, one without encryption.

Hostapd automatically creates new interfaces for the extra APs:

Proper use of the 5GHz band
Depending on where you live, using the 5GHz band has limitations:
 * some channels are forbidden
 * some channels are for indoor use only
 * some channels require DFS to be used (Dynamic Frequency Selection, to prevent interferences with radars)
 * some channels require TPC to be used (Transmit Power Control, to limit interferences)

The problem is that each country has its own rules and those rules are complex and regularly changing.

The package maintains a regulatory database, for each country, of what channels can be used and with what limitations.

To use the database, you either need to emerge with the crda USE flag, or make the database directly available to the kernel, as you would with a firmware (the files are: /lib/firmware/regulatory.db and /lib/firmware/regulatory.db.p7s)

CRDA is on its way to being deprecated in favour of the firmware approach but is still maintained.

DFS
The DFS requirement is relatively new and is usually only implemented in 802.11ac and recent 802.11n devices.

Furthermore, only Atheros drivers (ath5k, ath9k, ath10k) support it.

Note that a driver missing DFS support can still use the 5Ghz band, but only on channels which do not require DFS

External resources

 * DFS explained on Wikipedia
 * Status of DFS support in Linux drivers