Thank you for the prompt and clear reply.

Will BSSID locking interfere with explicit (controller-based) handoff for mesh 
networks? (Not regular roaming where the station would be responsible for 
selecting a new ap)

The lockout during our application running won't work for us because there are 
some processes running as root.  But this isn't crucial.


-----Original Message-----
From: Beniamino Galvani <> 
Sent: Monday, October 3, 2022 1:13 AM
To: Charles Lohr <>
Cc: '' <>
Subject: Re: Preventing network scans once connected via libnm

On Sat, Oct 01, 2022 at 12:46:24AM +0000, Charles Lohr via networkmanager-list 
> In our application, we need to maintain connection to an AP and it needs to 
> stay low latency for a variety of reasons.  Whenever networks are scanned, 
> for us they create an unacceptable level of latency (>50ms in many cases) on 
> the connection.
> Sometimes we stop NetworkManager from running with `pkill -STOP 
> NetworkManager` and `pkill -CONT NetworkManager` but, for a variety of 
> reasons this is disadvantageous.
> I've seen references to people online saying you can prevent scanning once 
> connected by specifying a BSSID, but I don't see how that can be done with 
> libnm.
> Currently we use the following, where path can be gotten from either a 
> scan or `nm_connection_get_path`
> ```
> nm_client_activate_connection_async ( m_pClient, conn, 
> (NMDevice*)m_pDevice, sAccessPointPath.c_str(), nullptr, []( GObject* 
> pObj, GAsyncResult* res, gpointer pContext ) {...} ); ```
> What mechanism can we use to specify that a given path should lock it's BSSID 
> when using NetworkManager via libnm?


to disable scanning, you can set the property NM_SETTING_WIRELESS_BSSID of the 
setting NMSettingWireless to the AP's BSSID when the connection profile is 
created. To get the AP's BSSID use nm_access_point_get_bssid().

("bssid property")

> Second question:  Are there any mechanisms we can use to lock out other apps 
> from requesting scans from NetworkManager?  This solution would be preferred 
> for our application because scans have such a significant impact on the 
> system.  Or is there a way to just outright disable all scanning via 
> NetworkManger for a period of time?

If the feature is enabled at build time, NM can use polkit to authorize D-Bus 
requests. In particular, there is a "Wi-Fi scan"
permission that grants access to scans. I think you can use polkit rules to 
restrict the access to a certain user or process; however, note that any 
process running as root bypasses polkit checks and is always authorized.

References: (nmcli general 


networkmanager-list mailing list

Reply via email to