Sam Leffler has recently committed a major 80211 update to FreeBSD's -current tree, providing full support for Wi-Fi Protected Access (WPA), 80211i, and 802.1x among other new features such as the QoS WME/WMM protocols. Sam suggests the new code is stable and tested, but advises:"[...] I expect that wi cards operating in hostap with wep will need some fixup. If you encounter problems please post
here as I've been promised other folks will assist in handling issues." Sam will also be committing revisions to ifconfig to support the new 80211 code, as well as new dhclient code that understands 80211 layer events.
Apropos to these changes, Leffler has also updated the ath driver to take advantage of the new 80211 layer functionality, among other things. See the links section below.
From: Sam Leffler [email blocked] To: freebsd-current Subject: HEADSUP: updated net80211 layer committed Date: 2004-12-08 18:59:19 I just committed a major update to the 802.11 support. I did my best to verify all existing users compile and work (where I have cards) but there's sure to be some fallout. In particular I expect that wi cards operating in hostap with wep will need some fixup. If you encounter problems please post here as I've been promised other folks will assist in handling issues. There are many new features added. The most important probably is that there is now full support for WPA, 802.11i, and 802.1x though the wpa_supplicant and hostap programs. I've got simple ports for these packages http://people.freebsd.org/~sam/security-wpa_supplicant.tgz http://people.freebsd.org/~sam/security-hostapd.tgz If someone wants to step up and see them committed it would be appreciated. More work will be filtering in to the tree. I've got a revised ifconfig that hooks up to all the new 802.11 functionality and a dhclient that understands events generated by the 802.11 layer so, for example, roaming between AP's results in fast IP address changes. Sam
From: Pierre DAVID [email blocked] Subject: Re: HEADSUP: updated net80211 layer committed Date: 2004-12-10 15:16:28 On Wed, Dec 08, 2004 at 10:59:19AM -0800, Sam Leffler wrote: > > I just committed a major update to the 802.11 support. I did my best to > verify all existing users compile and work (where I have cards) but there's > sure to be some fallout. In particular I expect that wi cards operating in > hostap with wep will need some fixup. If you encounter problems please post > here as I've been promised other folks will assist in handling issues. > This is really a major update! I'm now able to use our 802.11 network, with an EAP/TTLS based 802.1X authentication. Nearly everything went smoothly, except two nits: - as EAP/TTLS support was apparently not enabled in the wpa_supplicant port, I had to force its configuration. - I had to manually set: ifconfig ath0 authmode 8021x (ifconfig was incorrectly using WPA1+WPA2) Thanks for this great and long awaited work! Pierre
From: Stijn Hoop [email blocked] Subject: Re: HEADSUP: updated net80211 layer committed Date: 2004-12-10 16:04:30 On Fri, Dec 10, 2004 at 04:16:28PM +0100, Pierre DAVID wrote: > This is really a major update! I'm now able to use our 802.11 > network, with an EAP/TTLS based 802.1X authentication. I guess it doesn't yet work with the 'unofficial' ipi/ipw driver? I haven't tried it yet but I recently acquired an Intel 2200BG to replace my Dell Broadcom proprietary card. So I guess I'll wait for the iwi/ipw maintainer to catch up. No hurry, Damien! I'm just anxious! Great work by Sam though -- this is indeed what I need to get wireless to work at our university. --Stijn
From: Sam Leffler [email blocked] Subject: Re: HEADSUP: updated net80211 layer committed Date: 2004-12-10 16:54:30 Pierre DAVID wrote: > On Wed, Dec 08, 2004 at 10:59:19AM -0800, Sam Leffler wrote: > >>I just committed a major update to the 802.11 support. I did my best to >>verify all existing users compile and work (where I have cards) but there's >>sure to be some fallout. In particular I expect that wi cards operating in >>hostap with wep will need some fixup. If you encounter problems please post >>here as I've been promised other folks will assist in handling issues. >> > > > This is really a major update! I'm now able to use our 802.11 > network, with an EAP/TTLS based 802.1X authentication. > > Nearly everything went smoothly, except two nits: > > - as EAP/TTLS support was apparently not enabled in the > wpa_supplicant port, I had to force its configuration. Hmm, yes forgot about that. We have openssl already in the base system so we can automatically include support (though not sure if the current version has everything). As I said before it'd be good if someone were to pick up the port and fix it up and commit it. > > - I had to manually set: > ifconfig ath0 authmode 8021x > (ifconfig was incorrectly using WPA1+WPA2) This is a bug in driver_bsd.c. It should check if no WPA is request and set the authentication mode appropriately. If you have a fix please send it to Jouni; otherwise I'll add it to my TODO list. Sam
From: Sam Leffler [email blocked] Subject: Re: HEADSUP: updated net80211 layer committed Date: 2004-12-10 17:30:58 >On Fri, Dec 10, 2004 at 04:16:28PM +0100, Pierre DAVID wrote: > > >>This is really a major update! I'm now able to use our 802.11 >>network, with an EAP/TTLS based 802.1X authentication. >> >> > >I guess it doesn't yet work with the 'unofficial' ipi/ipw driver? I haven't >tried it yet but I recently acquired an Intel 2200BG to replace my Dell >Broadcom proprietary card. So I guess I'll wait for the iwi/ipw maintainer to >catch up. No hurry, Damien! I'm just anxious! > >Great work by Sam though -- this is indeed what I need to get wireless >to work at our university. > > I would like to see all the drivers in the tree updated to use the new functionality. Most drivers should be capable of doing WPA, albeit with some work. If wpa_supplicant and hostapd work out well (and I believe they will) I'd like to see them brought into the base system and properly integrated. There's really no reason to use static key'd WEP any more now that we can build WPA authenticators and commercial AP's are supporting WPA-PSK. Sam
