[pkg-wpa-devel] r929 - in /wpasupplicant/trunk/debian: README.modes changelog
kelmo-guest at users.alioth.debian.org
kelmo-guest at users.alioth.debian.org
Wed Dec 26 01:50:26 UTC 2007
Author: kelmo-guest
Date: Wed Dec 26 01:50:26 2007
New Revision: 929
URL: http://svn.debian.org/wsvn/pkg-wpa/?sc=1&rev=929
Log:
* Sanitize whitepsace in debian/README.modes, swapping tabs for 8 spaces,
improving layout of basic tables. Fix a couple of typo's too.
* Clarify in debian/README.modes the URI to BTS discussions. Also add a note
that using ap_scan=2 requires explicit security policies to be set for
each network.
Modified:
wpasupplicant/trunk/debian/README.modes
wpasupplicant/trunk/debian/changelog
Modified: wpasupplicant/trunk/debian/README.modes
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/README.modes?rev=929&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/README.modes (original)
+++ wpasupplicant/trunk/debian/README.modes Wed Dec 26 01:50:26 2007
@@ -8,29 +8,29 @@
=================
1. Specifying the wpa_supplicant driver backend
- - Table of supported drivers
- - Common Driver Recommendations
+ - Table of supported drivers
+ - Common Driver Recommendations
2. Mode #1: Managed Mode
- - Examples
- - Table of Common Options
- - Important Notes About Managed Mode
- - How It Works
+ - Examples
+ - Table of Common Options
+ - Important Notes About Managed Mode
+ - How It Works
3. Mode #2: Roaming Mode
- - wpa_supplicant.conf
- - /etc/network/interfaces
- - Controlling the Roaming Daemon with wpa_action
- - Fine Tuning the Roaming Setup
- - The Logfile
- - Using External Mapping Scripts (e.g. guessnet)
- - /etc/network/interfaces with external mapping
+ - wpa_supplicant.conf
+ - /etc/network/interfaces
+ - Controlling the Roaming Daemon with wpa_action
+ - Fine Tuning the Roaming Setup
+ - The Logfile
+ - Using External Mapping Scripts (e.g. guessnet)
+ - /etc/network/interfaces with external mapping
4. Troubleshooting
- - Hidden ssids
+ - Hidden ssids
5. Security Considerations
- - Configuration File Permissions
+ - Configuration File Permissions
1. Specifying the wpa_supplicant driver backend
@@ -46,16 +46,16 @@
A summary of supported drivers follows:
-Driver Description
-====== ===========
-hostap Host AP driver (Intersil Prism2/2.5/3)
-madwifi MADWIFI 802.11 support (Atheros, etc.)
-atmel ATMEL AT76C5XXx (USB, PCMCIA)
-wext Linux wireless extensions (generic)
-ndiswrapper Linux ndiswrapper
-ipw Intel ipw2100/2200 driver
-wired wired Ethernet driver
-test test driver
+Driver Description
+====== ===========
+hostap Host AP driver (Intersil Prism2/2.5/3)
+madwifi MADWIFI 802.11 support (Atheros, etc.)
+atmel ATMEL AT76C5XXx (USB, PCMCIA)
+wext Linux wireless extensions (generic)
+ndiswrapper Linux ndiswrapper
+ipw Intel ipw2100/2200 driver
+wired wired Ethernet driver
+test test driver
Common Driver Recommendations
=============================
@@ -74,8 +74,8 @@
'wpa-driver' option. For example:
iface eth0 inet dhcp
- wpa-driver wext
- . . . . . more options
+ wpa-driver wext
+ . . . . . more options
2. Mode #1: Managed Mode
@@ -90,9 +90,9 @@
========
NOTE: the 'wpa-psk' value is only valid if:
- 1) It is a plaintext (ascii) string between 8 and 63 characters in
- length
- 2) It is a hexadecimal string of 64 characters
+ 1) It is a plaintext (ascii) string between 8 and 63 characters in
+ length
+ 2) It is a hexadecimal string of 64 characters
# Connect to access point of ssid 'NETBEER' with an encryption type of
# WPA-PSK/WPA2-PSK. It assumes the driver will use the 'wext' driver backend
@@ -101,9 +101,9 @@
# obtain a network address.
#
iface wlan0 inet dhcp
- wpa-ssid NETBEER
- # plaintext passphrase
- wpa-psk PlainTextSecret
+ wpa-ssid NETBEER
+ # plaintext passphrase
+ wpa-psk PlainTextSecret
# Connect to access point of ssid 'homezone' with an encryption type of
# WPA-PSK/WPA2-PSK, using the 'wext' driver backend of wpa_supplicant.
@@ -111,10 +111,10 @@
# a network address.
#
iface wlan0 inet dhcp
- wpa-driver wext
- wpa-ssid homezone
- # hexadecimal psk is encoded from a plaintext passphrase
- wpa-psk 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
+ wpa-driver wext
+ wpa-ssid homezone
+ # hexadecimal psk is encoded from a plaintext passphrase
+ wpa-psk 000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# Connect to access point of ssid 'HotSpot1' and bssid of '00:1a:2b:3c:4d:5e'
# with an encryption type of WPA-PSK/WPA2-PSK, using the the 'madwifi' driver
@@ -122,16 +122,16 @@
# A static network address assignment is used.
#
iface ath0 inet static
- wpa-driver madwifi
- wpa-ssid HotSpot1
- wpa-bssid 00:1a:2b:3c:4d:5e
- # plaintext passphrase
- wpa-psk madhotspot
+ wpa-driver madwifi
+ wpa-ssid HotSpot1
+ wpa-bssid 00:1a:2b:3c:4d:5e
+ # plaintext passphrase
+ wpa-psk madhotspot
wpa-key-mgmt WPA-PSK
wpa-pairwise TKIP CCMP
wpa-group TKIP CCMP
wpa-proto WPA RSN
- # static ip settings
+ # static ip settings
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
@@ -143,7 +143,7 @@
# is specified, so wext is used. DHCP is used to obtain a network address.
#
iface eth1 inet dhcp
- wpa-conf /path/to/wpa_supplicant.conf
+ wpa-conf /path/to/wpa_supplicant.conf
Table of Common Options
=======================
@@ -155,29 +155,40 @@
NOTE: ALL values are CASE SeNsItVe
-Element Example Value Description
-======= ============= ===========
-wpa-ssid plaintextstring sets the ssid of your network
-wpa-bssid 00:1a:2b:3c:4d:5e the bssid of your AP
-wpa-psk 0123456789...... your preshared wpa key. Use
- wpa_passphrase(8) to generate your psk
- from a passphrase and ssid pair
-wpa-key-mgmt NONE, WPA-PSK, WPA-EAP, list of accepted authenticated key
- IEEE8021X management protocols
-wpa-group CCMP, TKIP, WEP104, list of accepted group ciphers for WPA
- WEP40
-wpa-pairwise CCMP, TKIP, NONE list of accepted pairwise ciphers for
- WPA
-wpa-auth-alg OPEN, SHARED, LEAP list of allowed IEEE 802.11
- authentication algorithms
-wpa-proto WPA, RSN list of accepted protocols
-wpa-identity myplaintextname administrator provided username
- (EAP authentication)
-wpa-password myplaintextpassword your password (EAP authentication)
-wpa-scan-ssid 0 or 1 toggles scanning of ssid with specific
- Probe Request frames
-wpa-ap-scan 0 or 1 or 2 adjusts the scanning logic of
- wpa_supplicant
+Element Example Value Description
+======= ============= ===========
+wpa-ssid plaintextstring sets the ssid of your network
+
+wpa-bssid 00:1a:2b:3c:4d:5e the bssid of your AP
+
+wpa-psk 0123456789...... your preshared wpa key. Use
+ wpa_passphrase(8) to generate your psk
+ from a passphrase and ssid pair
+
+wpa-key-mgmt NONE, WPA-PSK, WPA-EAP, list of accepted authenticated key
+ IEEE8021X management protocols
+
+wpa-group CCMP, TKIP, WEP104, list of accepted group ciphers for WPA
+ WEP40
+
+wpa-pairwise CCMP, TKIP, NONE list of accepted pairwise ciphers for
+ WPA
+
+wpa-auth-alg OPEN, SHARED, LEAP list of allowed IEEE 802.11
+ authentication algorithms
+
+wpa-proto WPA, RSN list of accepted protocols
+
+wpa-identity myplaintextname administrator provided username
+ (EAP authentication)
+
+wpa-password myplaintextpassword your password (EAP authentication)
+
+wpa-scan-ssid 0 or 1 toggles scanning of ssid with specific
+ Probe Request frames
+
+wpa-ap-scan 0 or 1 or 2 adjusts the scanning logic of
+ wpa_supplicant
The complete functionality of wpa_cli(8) should be implemented. Anything
missing is considered a bug and should be reported as such. Patches are always
@@ -222,22 +233,23 @@
has scanned the area, and found that the suitable access point is available for
use, these properties are set.
-The script that does all the work is located at:
-
- /etc/wpa_supplicant/ifupdown.sh
-
-It is executed by run-parts, which in turn is invoked by ifupdown during the
-'pre-up', 'pre-down' and 'post-down' phases.
+The scripts that do all the work are located at:
+
+ /etc/wpa_supplicant/ifupdown.sh
+ /etc/wpa_supplicant/functions.sh
+
+ifupdown.sh is executed by run-parts, which in turn is invoked by ifupdown
+during the 'pre-up', 'pre-down' and 'post-down' phases.
In the 'pre-up' phase, a wpa_supplicant daemon is launched followed by a series
of wpa_cli commands that set up a network configuration according to what
'wpa-' options were used in /etc/network/interfaces for the physical device.
-If wpa-roam is used, a wpa_cli daemon is lauched in the 'post-up' phase.
-
-In the 'pre-down' phase, the wpa_cli daemon is killed if it exists.
-
-In the 'post-down' phase, the wpa_supplicant daemon is killed.
+If wpa-roam is used, a wpa_cli daemon is launched in the 'post-up' phase.
+
+In the 'pre-down' phase, the wpa_cli daemon is terminated.
+
+In the 'post-down' phase, the wpa_supplicant daemon is terminated.
3. Mode #2: Roaming Mode
@@ -252,15 +264,15 @@
stanza:
iface eth1 inet manual
- wpa-driver wext
- wpa-roam /path/to/wpa_supplicant.conf
+ wpa-driver wext
+ wpa-roam /path/to/wpa_supplicant.conf
Two daemons are spawned from the above example; wpa_supplicant and wpa_cli. It
is required to provide a wpa_supplicant.conf. A good starting point is provided
by an example configuration file:
-cp /usr/share/doc/wpasupplicant/examples/wpa_supplicant.conf.template \
- /etc/wpa_supplicant/wpa_supplicant.conf
+ cp /usr/share/doc/wpasupplicant/examples/wpa_supplicant.conf.template \
+ /etc/wpa_supplicant/wpa_supplicant.conf
NOTE: it is critical that the used wpa_supplicant.conf defines the location of
the 'ctrl_interface' so that a communication socket is created for the
@@ -284,23 +296,23 @@
wpa_supplicant.conf
===================
network={
- ssid="foo"
- # this id_str will notify /sbin/wpa_action to 'ifup uni'
- id_str="uni"
- key_mgmt=NONE
+ ssid="foo"
+ # this id_str will notify /sbin/wpa_action to 'ifup uni'
+ id_str="uni"
+ key_mgmt=NONE
}
network={
- ssid="bar"
- # this id_str will notify /sbin/wpa_action to 'ifup home_static'
- id_str="home_static"
- psk=123456789...
+ ssid="bar"
+ # this id_str will notify /sbin/wpa_action to 'ifup home_static'
+ id_str="home_static"
+ psk=123456789...
}
network={
- ssid=""
- # no 'id_str' is given, /sbin/wpa_action will 'ifup default'
- key_mgmt=NONE
+ ssid=""
+ # no 'id_str' is given, /sbin/wpa_action will 'ifup default'
+ key_mgmt=NONE
}
/etc/network/interfaces
@@ -309,8 +321,8 @@
# 'allow-hotplug' or 'auto' ensures the daemon starts automatically
allow-hotplug eth1
iface eth1 inet manual
- wpa-driver wext
- wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
+ wpa-driver wext
+ wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
# no id_str, 'default' is used as the fallback mapping target
iface default inet dhcp
@@ -344,7 +356,7 @@
reload the roaming daemon. For example, to stop the
romaing daemon on the device 'eth1':
- wpa_action eth1 stop
+ wpa_action eth1 stop
When it is required to update the roaming daemon with a new networks details,
it can be done without stopping it. Edit the wpa_supplicant.conf file that is
@@ -352,7 +364,7 @@
settings to /etc/network/interfaces that are specific to the new network
(linked by the 'id_str') and then 'reload' the daemon like so:
- wpa_action eth1 reload
+ wpa_action eth1 reload
For the complete technical details of what wpa_action can do, read the
wpa_action(8) manpage.
@@ -371,20 +383,20 @@
All activity of the roaming dameon is logged to /var/log/wpa_action.log. The
following information is logged:
- * time and date
- * interface name and action event
- * values of enviromental variables (WPA_ID, WPA_ID_STR, WPA_CTRL_DIR)
- * ifupdown command executed
- * wpa_cli status (based on WPA-PSK network, may display different info)
- - bssid
- - ssid
- - id
- - id_str
- - pairwise_cipher
- - group_cipher
- - key_mgmt
- - wpa_state
- - ip_address
+ * time and date
+ * interface name and action event
+ * values of enviromental variables (WPA_ID, WPA_ID_STR, WPA_CTRL_DIR)
+ * ifupdown command executed
+ * wpa_cli status (based on WPA-PSK network, may display different info)
+ - bssid
+ - ssid
+ - id
+ - id_str
+ - pairwise_cipher
+ - group_cipher
+ - key_mgmt
+ - wpa_state
+ - ip_address
Using External Mapping Scripts (e.g. guessnet)
==============================================
@@ -404,13 +416,13 @@
to wpa-map for additional lines. For example:
iface wlan0 inet manual
- wpa-driver wext
- wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
- wpa-mapping-script guessnet-ifupdown
- wpa-map0 home
- wpa-map1 work
- wpa-map2 school
- # ... additional wpa-mapX lines as required
+ wpa-driver wext
+ wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
+ wpa-mapping-script guessnet-ifupdown
+ wpa-map0 home
+ wpa-map1 work
+ wpa-map2 school
+ # ... additional wpa-mapX lines as required
By default the mapping script will only be used when no 'id_str' is available
@@ -432,16 +444,16 @@
iface wlan0 inet manual
wpa-driver wext
wpa-roam /etc/wpa_supplicant/wpa_supplicant.conf
- wpa-roam-default-iface default-wparoam
+ wpa-roam-default-iface default-wparoam
wpa-mapping-script guessnet-ifupdown
- wpa-map default: default-guessnet
- wpa-map0 home_static
- wpa-map1 work_static
+ wpa-map default: default-guessnet
+ wpa-map0 home_static
+ wpa-map1 work_static
# school can only be chosen via 'id_str' matching
iface school inet dhcp
- # resolvconf
- dns-nameservers 11.22.33.44 55.66.77.88
+ # resolvconf
+ dns-nameservers 11.22.33.44 55.66.77.88
iface home_static inet static
address 192.168.0.20
@@ -449,15 +461,15 @@
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1
- test peer address 192.168.0.1 mac 00:01:02:03:04:05
+ test peer address 192.168.0.1 mac 00:01:02:03:04:05
iface work_static inet static
- address 192.168.3.200
+ address 192.168.3.200
netmask 255.255.255.0
network 192.168.3.0
broadcast 192.168.3.255
gateway 192.168.3.1
- test peer address 192.168.3.1 mac 00:01:02:03:04:05
+ test peer address 192.168.3.1 mac 00:01:02:03:04:05
iface default-guessnet inet dhcp
@@ -490,20 +502,25 @@
Hidden ssids
============
-For reference, see #358137. In order to be able to associate to hidden ssids,
-please try to set the option 'ap_scan=1' in the global section, and
+For reference, see #358137 [0]. In order to be able to associate to hidden
+ssids, please try to set the option 'ap_scan=1' in the global section, and
'scan_ssid=1' in your network block section of your wpa_supplicant.conf file.
If you are using the managed mode, you can do so by these stanzas:
iface eth1 inet dhcp
- wpa-ap-scan 1
- wpa-scan-ssid 1
- # ... additional options for your setup
-
-According to #368770, association can take a very long time to associate to WEP
-secured networks. In some cases, setting the parameter 'ap_scan=2' in the
+ wpa-ap-scan 1
+ wpa-scan-ssid 1
+ # ... additional options for your setup
+
+According to #368770 [1], association can take a very long time under certain
+circumstances. In some cases, setting the parameter 'ap_scan=2' in the
config file, (or using a 'wpa-ap-scan 2' stanza, which is equivalent) can
-greatly help to speed up association.
+greatly help to speed up association. Please note that setting ap_scan to the
+value of 2 also requires that all networks have a precisely defined security
+policy for for key_mgmt, pairwise, group and proto network policy variables.
+
+[0] http://bugs.debian.org/358137
+[1] http://bugs.debian.org/368770
5. Security Considerations
@@ -515,9 +532,9 @@
network settings private, therefore ensure that important configuration files
containing such data are only readable by their owner. For example:
- chmod 0600 /etc/network/interfaces
- # substitute the path of your wpa_supplicant.conf file
- chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
+ chmod 0600 /etc/network/interfaces
+ # substitute the path of your wpa_supplicant.conf file
+ chmod 0600 /etc/wpa_supplicant/wpa_supplicant.conf
By default, /etc/network/interfaces is world readable, and thus unsuitable for
containing secret keys and passwords.
Modified: wpasupplicant/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-wpa/wpasupplicant/trunk/debian/changelog?rev=929&op=diff
==============================================================================
--- wpasupplicant/trunk/debian/changelog (original)
+++ wpasupplicant/trunk/debian/changelog Wed Dec 26 01:50:26 2007
@@ -33,8 +33,13 @@
logging wpa_supplicant debug output to a specific file given on command
line as argument to -F option.
* Update email address in debian/ifupdown/wpa_action.8 manpage.
-
- -- Kel Modderman <kel at otaku42.de> Wed, 26 Dec 2007 02:40:19 +1000
+ * Sanitize whitepsace in debian/README.modes, swapping tabs for 8 spaces,
+ improving layout of basic tables. Fix a couple of typo's too.
+ * Clarify in debian/README.modes the URI to BTS discussions. Also add a note
+ that using ap_scan=2 requires explicit security policies to be set for
+ each network.
+
+ -- Kel Modderman <kel at otaku42.de> Wed, 26 Dec 2007 11:47:31 +1000
wpasupplicant (0.6.1~git20071119-1) unstable; urgency=low
More information about the Pkg-wpa-devel
mailing list