mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-19 03:14:05 -05:00
e519314ee9
Find attached the patch that creates a new driver: roboswitch. This driver adds support for wired authentication with a Broadcom RoboSwitch chipset. For example it is now possible to do wired authentication with a Linksys WRT54G router running OpenWRT. LIMITATIONS - At the moment the driver does not support the BCM5365 series (though adding it requires just some register tweaks). - The driver is also limited to Linux (this is a far more technical restriction). - In order to compile against a 2.4 series you need to edit include/linux/mii.h and change all references to "u16" in "__u16". I have submitted a patch upstream that will fix this in a future version of the 2.4 kernel. [These modifications (and more) are now included in the kernel source and can be found in versions 2.4.37-rc2 and up.] USAGE - Usage is similar to the wired driver. Choose the interfacename of the vlan that contains your desired authentication port on the router. This name must be formatted as <interface>.<vlan>, which is the default on all systems I know.
819 lines
24 KiB
Plaintext
819 lines
24 KiB
Plaintext
<!doctype refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
|
|
|
|
<refentry>
|
|
<refmeta>
|
|
<refentrytitle>wpa_supplicant</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</refmeta>
|
|
<refnamediv>
|
|
<refname>wpa_supplicant</refname>
|
|
<refpurpose>Wi-Fi Protected Access client and IEEE 802.1X supplicant</refpurpose>
|
|
</refnamediv>
|
|
<refsynopsisdiv>
|
|
<cmdsynopsis>
|
|
<command>wpa_supplicant</command>
|
|
<arg>-BddfhKLqqtuvW</arg>
|
|
<arg>-i<replaceable>ifname</replaceable></arg>
|
|
<arg>-c<replaceable>config file</replaceable></arg>
|
|
<arg>-D<replaceable>driver</replaceable></arg>
|
|
<arg>-P<replaceable>PID_file</replaceable></arg>
|
|
<arg>-f<replaceable>output file</replaceable></arg>
|
|
</cmdsynopsis>
|
|
</refsynopsisdiv>
|
|
<refsect1>
|
|
<title>Overview</title>
|
|
|
|
<para>
|
|
Wireless networks do not require physical access to the network equipment
|
|
in the same way as wired networks. This makes it easier for unauthorized
|
|
users to passively monitor a network and capture all transmitted frames.
|
|
In addition, unauthorized use of the network is much easier. In many cases,
|
|
this can happen even without user's explicit knowledge since the wireless
|
|
LAN adapter may have been configured to automatically join any available
|
|
network.
|
|
</para>
|
|
|
|
<para>
|
|
Link-layer encryption can be used to provide a layer of security for
|
|
wireless networks. The original wireless LAN standard, IEEE 802.11,
|
|
included a simple encryption mechanism, WEP. However, that proved to
|
|
be flawed in many areas and network protected with WEP cannot be consider
|
|
secure. IEEE 802.1X authentication and frequently changed dynamic WEP keys
|
|
can be used to improve the network security, but even that has inherited
|
|
security issues due to the use of WEP for encryption. Wi-Fi Protected
|
|
Access and IEEE 802.11i amendment to the wireless LAN standard introduce
|
|
a much improvement mechanism for securing wireless networks. IEEE 802.11i
|
|
enabled networks that are using CCMP (encryption mechanism based on strong
|
|
cryptographic algorithm AES) can finally be called secure used for
|
|
applications which require efficient protection against unauthorized
|
|
access.
|
|
</para>
|
|
|
|
<para><command>wpa_supplicant</command> is an implementation of
|
|
the WPA Supplicant component, i.e., the part that runs in the
|
|
client stations. It implements WPA key negotiation with a WPA
|
|
Authenticator and EAP authentication with Authentication
|
|
Server. In addition, it controls the roaming and IEEE 802.11
|
|
authentication/association of the wireless LAN driver.</para>
|
|
|
|
<para><command>wpa_supplicant</command> is designed to be a
|
|
"daemon" program that runs in the background and acts as the
|
|
backend component controlling the wireless
|
|
connection. <command>wpa_supplicant</command> supports separate
|
|
frontend programs and an example text-based frontend,
|
|
<command>wpa_cli</command>, is included with
|
|
wpa_supplicant.</para>
|
|
|
|
<para>Before wpa_supplicant can do its work, the network interface
|
|
must be available. That means that the physical device must be
|
|
present and enabled, and the driver for the device must have be
|
|
loaded. The daemon will exit immediately if the device is not already
|
|
available.</para>
|
|
|
|
<para>After <command>wpa_supplicant</command> has configured the
|
|
network device, higher level configuration such as DHCP may
|
|
proceed. There are a variety of ways to integrate wpa_supplicant
|
|
into a machine's networking scripts, a few of which are described
|
|
in sections below.</para>
|
|
|
|
<para>The following steps are used when associating with an AP
|
|
using WPA:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><command>wpa_supplicant</command> requests the kernel
|
|
driver to scan neighboring BSSes</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><command>wpa_supplicant</command> selects a BSS based on
|
|
its configuration</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><command>wpa_supplicant</command> requests the kernel
|
|
driver to associate with the chosen BSS</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>If WPA-EAP: integrated IEEE 802.1X Supplicant
|
|
completes EAP authentication with the
|
|
authentication server (proxied by the Authenticator in the
|
|
AP)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>If WPA-EAP: master key is received from the IEEE 802.1X
|
|
Supplicant</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>If WPA-PSK: <command>wpa_supplicant</command> uses PSK
|
|
as the master session key</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><command>wpa_supplicant</command> completes WPA 4-Way
|
|
Handshake and Group Key Handshake with the Authenticator
|
|
(AP)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para><command>wpa_supplicant</command> configures encryption
|
|
keys for unicast and broadcast</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>normal data packets can be transmitted and received</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Supported Features</title>
|
|
<para>Supported WPA/IEEE 802.11i features:</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>WPA-PSK ("WPA-Personal")</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>WPA with EAP (e.g., with RADIUS authentication server)
|
|
("WPA-Enterprise") Following authentication methods are
|
|
supported with an integrate IEEE 802.1X Supplicant:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>EAP-TLS</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>EAP-PEAP/MSCHAPv2 (both PEAPv0 and PEAPv1)</para>
|
|
</listitem>
|
|
|
|
|
|
<listitem>
|
|
<para>EAP-PEAP/TLS (both PEAPv0 and PEAPv1)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>EAP-PEAP/GTC (both PEAPv0 and PEAPv1)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>EAP-PEAP/OTP (both PEAPv0 and PEAPv1)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>EAP-PEAP/MD5-Challenge (both PEAPv0 and PEAPv1)</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>EAP-TTLS/EAP-MD5-Challenge</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>EAP-TTLS/EAP-GTC</para>
|
|
</listitem>
|
|
|
|
<listitem><para>EAP-TTLS/EAP-OTP</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/EAP-MSCHAPv2</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/EAP-TLS</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/MSCHAPv2</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/MSCHAP</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/PAP</para></listitem>
|
|
|
|
<listitem><para>EAP-TTLS/CHAP</para></listitem>
|
|
|
|
<listitem><para>EAP-SIM</para></listitem>
|
|
|
|
<listitem><para>EAP-AKA</para></listitem>
|
|
|
|
<listitem><para>EAP-PSK</para></listitem>
|
|
|
|
<listitem><para>EAP-PAX</para></listitem>
|
|
|
|
<listitem><para>LEAP (note: requires special support from
|
|
the driver for IEEE 802.11 authentication)</para></listitem>
|
|
|
|
<listitem><para>(following methods are supported, but since
|
|
they do not generate keying material, they cannot be used
|
|
with WPA or IEEE 802.1X WEP keying)</para></listitem>
|
|
|
|
<listitem><para>EAP-MD5-Challenge </para></listitem>
|
|
|
|
<listitem><para>EAP-MSCHAPv2</para></listitem>
|
|
|
|
<listitem><para>EAP-GTC</para></listitem>
|
|
|
|
<listitem><para>EAP-OTP</para></listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>key management for CCMP, TKIP, WEP104, WEP40</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>RSN/WPA2 (IEEE 802.11i)</para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>pre-authentication</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>PMKSA caching</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Available Drivers</title>
|
|
<para>A summary of available driver backends is below. Support for each
|
|
of the driver backends is chosen at wpa_supplicant compile time. For a
|
|
list of supported driver backends that may be used with the -D option on
|
|
your system, refer to the help output of wpa_supplicant
|
|
(<emphasis>wpa_supplicant -h</emphasis>).</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>hostap</term>
|
|
<listitem>
|
|
<para>(default) Host AP driver (Intersil Prism2/2.5/3).
|
|
(this can also be used with Linuxant DriverLoader).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>hermes</term>
|
|
<listitem>
|
|
<para>Agere Systems Inc. driver (Hermes-I/Hermes-II).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>madwifi</term>
|
|
<listitem>
|
|
<para>MADWIFI 802.11 support (Atheros, etc.).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>atmel</term>
|
|
<listitem>
|
|
<para>ATMEL AT76C5XXx (USB, PCMCIA).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>wext</term>
|
|
<listitem>
|
|
<para>Linux wireless extensions (generic).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>ndiswrapper</term>
|
|
<listitem>
|
|
<para>Linux ndiswrapper.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>broadcom</term>
|
|
<listitem>
|
|
<para>Broadcom wl.o driver.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>ipw</term>
|
|
<listitem>
|
|
<para>Intel ipw2100/2200 driver.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>wired</term>
|
|
<listitem>
|
|
<para>wpa_supplicant wired Ethernet driver</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>roboswitch</term>
|
|
<listitem>
|
|
<para>wpa_supplicant Broadcom switch driver</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>bsd</term>
|
|
<listitem>
|
|
<para>BSD 802.11 support (Atheros, etc.).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>ndis</term>
|
|
<listitem>
|
|
<para>Windows NDIS driver.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Command Line Options</title>
|
|
<para>Most command line options have global scope. Some are given per
|
|
interface, and are only valid if at least one <option>-i</option> option
|
|
is specified, otherwise they're ignored. Option groups for different
|
|
interfaces must be separated by <option>-N</option> option.</para>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>-b br_ifname</term>
|
|
<listitem>
|
|
<para>Optional bridge interface name. (Per interface)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-B</term>
|
|
<listitem>
|
|
<para>Run daemon in the background.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-c filename</term>
|
|
<listitem>
|
|
<para>Path to configuration file. (Per interface)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-C ctrl_interface</term>
|
|
<listitem>
|
|
<para>Path to ctrl_interface socket (Per interface. Only used if
|
|
<option>-c</option> is not).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-i ifname</term>
|
|
<listitem>
|
|
<para>Interface to listen on. Multiple instances of this option can
|
|
be present, one per interface, separated by <option>-N</option>
|
|
option (see below).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-d</term>
|
|
<listitem>
|
|
<para>Increase debugging verbosity (<option>-dd</option> even
|
|
more).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-D driver</term>
|
|
<listitem>
|
|
<para>Driver to use. (Per interface, see the available options
|
|
below.)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-f output file</term>
|
|
<listitem>
|
|
<para>Log output to specified file instead of stdout.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-g global ctrl_interface</term>
|
|
<listitem>
|
|
<para>Path to global ctrl_interface socket. If specified, interface
|
|
definitions may be omitted.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-K</term>
|
|
<listitem>
|
|
<para>Include keys (passwords, etc.) in debug output.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-t</term>
|
|
<listitem>
|
|
<para>Include timestamp in debug messages.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-h</term>
|
|
<listitem>
|
|
<para>Help. Show a usage message.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-L</term>
|
|
<listitem>
|
|
<para>Show license (GPL and BSD).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-p</term>
|
|
<listitem>
|
|
<para>Driver parameters. (Per interface)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-P PID_file</term>
|
|
<listitem>
|
|
<para>Path to PID file.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-q</term>
|
|
<listitem>
|
|
<para>Decrease debugging verbosity (<option>-qq</option> even
|
|
less).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-u</term>
|
|
<listitem>
|
|
<para>Enabled DBus control interface. If enabled, interface
|
|
definitions may be omitted.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-v</term>
|
|
<listitem>
|
|
<para>Show version.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-W</term>
|
|
<listitem>
|
|
<para>Wait for a control interface monitor before starting.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>-N</term>
|
|
<listitem>
|
|
<para>Start describing new interface.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Examples</title>
|
|
|
|
<para>In most common cases, <command>wpa_supplicant</command> is
|
|
started with:</para>
|
|
|
|
<blockquote><programlisting>
|
|
wpa_supplicant -B -c/etc/wpa_supplicant.conf -iwlan0
|
|
</programlisting></blockquote>
|
|
|
|
<para>This makes the process fork into background.</para>
|
|
|
|
<para>The easiest way to debug problems, and to get debug log for
|
|
bug reports, is to start <command>wpa_supplicant</command> on
|
|
foreground with debugging enabled:</para>
|
|
|
|
<blockquote><programlisting>
|
|
wpa_supplicant -c/etc/wpa_supplicant.conf -iwlan0 -d
|
|
</programlisting></blockquote>
|
|
|
|
<para><command>wpa_supplicant</command> can control multiple
|
|
interfaces (radios) either by running one process for each
|
|
interface separately or by running just one process and list of
|
|
options at command line. Each interface is separated with -N
|
|
argument. As an example, following command would start
|
|
wpa_supplicant for two interfaces:</para>
|
|
|
|
<blockquote><programlisting>
|
|
wpa_supplicant \
|
|
-c wpa1.conf -i wlan0 -D hostap -N \
|
|
-c wpa2.conf -i ath0 -D madwifi
|
|
</programlisting></blockquote>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>OS Requirements</title>
|
|
<para>Current hardware/software requirements:</para>
|
|
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Linux kernel 2.4.x or 2.6.x with Linux Wireless
|
|
Extensions v15 or newer</para>
|
|
</listitem>
|
|
|
|
|
|
<listitem>
|
|
<para>FreeBSD 6-CURRENT</para>
|
|
</listitem>
|
|
|
|
<listitem>
|
|
<para>Microsoft Windows with WinPcap (at least WinXP, may work
|
|
with other versions)</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Supported Drivers</title>
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term>Host AP driver for Prism2/2.5/3 (development
|
|
snapshot/v0.2.x)</term>
|
|
<listitem>
|
|
<para> (http://hostap.epitest.fi/) Driver needs to be set in
|
|
Managed mode (<emphasis>iwconfig wlan0 mode managed</emphasis>).
|
|
Please note that station firmware version needs to be 1.7.0 or
|
|
newer to work in WPA mode.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Linuxant DriverLoader</term>
|
|
<listitem>
|
|
<para>(http://www.linuxant.com/driverloader/)
|
|
with Windows NDIS driver for your wlan card supporting WPA.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Agere Systems Inc. Linux Driver</term>
|
|
<listitem>
|
|
<para> (http://www.agere.com/support/drivers/) Please note
|
|
that the driver interface file (driver_hermes.c) and hardware
|
|
specific include files are not included in the wpa_supplicant
|
|
distribution. You will need to copy these from the source
|
|
package of the Agere driver.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>madwifi driver for cards based on Atheros chip set (ar521x)</term>
|
|
<listitem>
|
|
<para> (http://sourceforge.net/projects/madwifi/) Please
|
|
note that you will need to modify the wpa_supplicant .config
|
|
file to use the correct path for the madwifi driver root
|
|
directory (CFLAGS += -I../madwifi/wpa line in example
|
|
defconfig).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>ATMEL AT76C5XXx driver for USB and PCMCIA cards</term>
|
|
<listitem>
|
|
<para> (http://atmelwlandriver.sourceforge.net/).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Linux ndiswrapper</term>
|
|
<listitem>
|
|
<para> (http://ndiswrapper.sourceforge.net/) with Windows
|
|
NDIS driver.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Broadcom wl.o driver</term>
|
|
<listitem>
|
|
<para> This is a generic Linux driver for Broadcom IEEE
|
|
802.11a/g cards. However, it is proprietary driver that is
|
|
not publicly available except for couple of exceptions, mainly
|
|
Broadcom-based APs/wireless routers that use Linux. The driver
|
|
binary can be downloaded, e.g., from Linksys support site
|
|
(http://www.linksys.com/support/gpl.asp) for Linksys
|
|
WRT54G. The GPL tarball includes cross-compiler and the needed
|
|
header file, wlioctl.h, for compiling wpa_supplicant. This
|
|
driver support in wpa_supplicant is expected to work also with
|
|
other devices based on Broadcom driver (assuming the driver
|
|
includes client mode support).</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term> Intel ipw2100 driver</term>
|
|
<listitem>
|
|
<para> (http://sourceforge.net/projects/ipw2100/)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Intel ipw2200 driver</term>
|
|
<listitem>
|
|
<para> (http://sourceforge.net/projects/ipw2200/)</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Linux wireless extensions</term>
|
|
<listitem>
|
|
<para>In theory, any driver that supports Linux wireless
|
|
extensions can be used with IEEE 802.1X (i.e., not WPA) when
|
|
using ap_scan=0 option in configuration file.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Wired Ethernet drivers</term>
|
|
<listitem>
|
|
<para>Use ap_scan=0.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>BSD net80211 layer (e.g., Atheros driver)</term>
|
|
<listitem>
|
|
<para>At the moment, this is for FreeBSD 6-CURRENT branch.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term>Windows NDIS</term>
|
|
<listitem>
|
|
<para>The current Windows port requires WinPcap
|
|
(http://winpcap.polito.it/). See README-Windows.txt for more
|
|
information.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
|
|
<para>wpa_supplicant was designed to be portable for different
|
|
drivers and operating systems. Hopefully, support for more wlan
|
|
cards and OSes will be added in the future. See developer.txt for
|
|
more information about the design of wpa_supplicant and porting to
|
|
other drivers. One main goal is to add full WPA/WPA2 support to
|
|
Linux wireless extensions to allow new drivers to be supported
|
|
without having to implement new driver-specific interface code in
|
|
wpa_supplicant.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Architecture</title> <para>The
|
|
<command>wpa_supplicant</command> system consists of the following
|
|
components:</para>
|
|
|
|
<variablelist>
|
|
<varlistentry>
|
|
<term><filename>wpa_supplicant.conf</filename> </term>
|
|
<listitem>
|
|
<para>the configuration file describing all networks that the
|
|
user wants the computer to connect to. </para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><command>wpa_supplicant</command></term>
|
|
<listitem><para>the program that directly interacts with the
|
|
network interface. </para></listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><command>wpa_cli</command></term> <listitem><para> the
|
|
client program that provides a high-level interface to the
|
|
functionality of the daemon. </para></listitem>
|
|
</varlistentry>
|
|
<varlistentry>
|
|
<term><command>wpa_passphrase</command></term>
|
|
<listitem><para>a utility needed to construct
|
|
<filename>wpa_supplicant.conf</filename> files that include
|
|
encrypted passwords.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Quick Start</title>
|
|
|
|
<para>First, make a configuration file, e.g.
|
|
<filename>/etc/wpa_supplicant.conf</filename>, that describes the networks
|
|
you are interested in. See <citerefentry>
|
|
<refentrytitle>wpa_supplicant.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry>
|
|
for details.</para>
|
|
|
|
<para>Once the configuration is ready, you can test whether the
|
|
configuration works by running <command>wpa_supplicant</command>
|
|
with following command to start it on foreground with debugging
|
|
enabled:</para>
|
|
|
|
<blockquote><programlisting>
|
|
wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
|
|
</programlisting></blockquote>
|
|
|
|
<para>Assuming everything goes fine, you can start using following
|
|
command to start <command>wpa_supplicant</command> on background
|
|
without debugging:</para>
|
|
|
|
<blockquote><programlisting>
|
|
wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
|
|
</programlisting></blockquote>
|
|
|
|
<para>Please note that if you included more than one driver
|
|
interface in the build time configuration (.config), you may need
|
|
to specify which interface to use by including -D<driver
|
|
name> option on the command line.</para>
|
|
|
|
<!-- XXX at this point, the page could include a little script
|
|
based on wpa_cli to wait for a connection and then run
|
|
dhclient -->
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Interface to pcmcia-cs/cardmrg</title>
|
|
|
|
<para>For example, following small changes to pcmcia-cs scripts
|
|
can be used to enable WPA support:</para>
|
|
|
|
<para>Add MODE="Managed" and WPA="y" to the network scheme in
|
|
<filename>/etc/pcmcia/wireless.opts</filename>.</para>
|
|
|
|
<para>Add the following block to the end of <emphasis>start</emphasis>
|
|
action handler in <filename>/etc/pcmcia/wireless</filename>:</para>
|
|
|
|
<blockquote><programlisting>
|
|
if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
|
|
/usr/local/bin/wpa_supplicant -B -c/etc/wpa_supplicant.conf -i$DEVICE
|
|
fi
|
|
</programlisting></blockquote>
|
|
|
|
|
|
<para>Add the following block to the end of <emphasis>stop</emphasis>
|
|
action handler (may need to be separated from other actions) in
|
|
<filename>/etc/pcmcia/wireless</filename>:</para>
|
|
|
|
<blockquote><programlisting>
|
|
if [ "$WPA" = "y" -a -x /usr/local/bin/wpa_supplicant ]; then
|
|
killall wpa_supplicant
|
|
fi
|
|
</programlisting></blockquote>
|
|
|
|
<para>This will make <command>cardmgr</command> start
|
|
<command>wpa_supplicant</command> when the card is plugged
|
|
in.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry>
|
|
<refentrytitle>wpa_background</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</citerefentry>
|
|
<citerefentry>
|
|
<refentrytitle>wpa_supplicant.conf</refentrytitle>
|
|
<manvolnum>5</manvolnum>
|
|
</citerefentry>
|
|
<citerefentry>
|
|
<refentrytitle>wpa_cli</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</citerefentry>
|
|
<citerefentry>
|
|
<refentrytitle>wpa_passphrase</refentrytitle>
|
|
<manvolnum>8</manvolnum>
|
|
</citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
<refsect1>
|
|
<title>Legal</title>
|
|
<para>wpa_supplicant is copyright (c) 2003-2007,
|
|
Jouni Malinen <email>j@w1.fi</email> and
|
|
contributors.
|
|
All Rights Reserved.</para>
|
|
|
|
<para>This program is dual-licensed under both the GPL version 2
|
|
and BSD license. Either license may be used at your option.</para>
|
|
</refsect1>
|
|
</refentry>
|