Three Topics Here

Jouni Malinen jkmaline at cc.hut.fi
Tue Feb 25 23:19:49 EST 2003


On Tue, Feb 25, 2003 at 08:16:59PM +0800, David Chen wrote:

> 1. 802.1x and ACL : 
> 	
> 	since ACL MAC address filtering is implented in the driver layer, it is not possible to have ACL and 802.1x co-exist in the current architecture. Does anyone have a clear idea of how to move the ACL up to the user space and become part of the hostapd? 

Yes, just update to the latest CVS version and you will get
hostapd-based ACL for 802.11 authentication (both with locally
configured accept/reject lists and external RADIUS server).

> 2. the callback function:
> 	
> 	in the hostap driver, the hostap_callback.c file is included in the hostap_hw.c file(I guess it's because the callback function is a without doubt a hardware-dependent implementation). it cause a deadlock when someone trying to load hostap driver module with the callback function implemented!!! the cause of the deadlock is that hostap.o has to be inserted into the kernel before hostap_pci.o, but it will lead to an unresolved symbol (prism2_callback).

I have never used this functionality myself and it looks like that
others are not using it that either since it took so long to get a
report about it not working..

> my solution to this issue is:
> 
> A.	put the callback function pointer into the private data area.
> 
> or
> 
> B.	include the hostap_callback.c file in hostap.c rather than hostap_hw.c. then export the prism2_callback symbol so that the prism2_pci.o module could have access to this function.

A would be nicer assuming it would export a function that could be used
to register such a callback handler. That would make it possible to
write board-specific code into a completely separate module.
Conditionally including an external file was only there to make it easy
to include some additional code without needing to change Host AP driver
code. Using an external module would make this even more cleaner.
However, I don't know whether this functionality is really required to
be in the Host AP driver.

> 3.Static WEP doesn't work with 802.1x:
> 
> 	if one runs hostapd with -oOWN_IP -aAUTH_SRV_IP -sSHARED_SECRET -x  -b5 -i5 then set static WEP keys with iwconfig, the 802.1x authentication will not succeed (the hostapd will not receive any EAPOL identity response packet...I'm now tracing the packet flow to find out the reason. anyone got an idea?

If you use -b or -i options with hostapd, you cannot use iwconfig to
configure WEP keys. hostapd tries to set keys itself and this will end
up in confusion.. If you want to use preconfigured, static WEP keys with
hostapd, you would first need to modify hostapd to understand this and
preferable to set the keys based on its own configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list