Three Topics Here

David Chen dave at interepoch.com.tw
Thu Feb 27 08:59:22 EST 2003


I guess I found out  why the static WEP doesn't work with 8021.x with the following configuration procedures:

hostapd -d -Stest -x -o192.168.168.201 -a192.168.168.220 -stest wlan0
iwconfig wlan0 key off
iwconfig wlan0 key 1111111111 [1]
iwconfig wlan0 key 2222222222 [2]
iwconfig wlan0 key 3333333333 [3]
iwconfig wlan0 key 4444444444 [4]
iwconfig wlan0 key on

in hostap_hw.c: (2002/10/12 version)

static inline int prism2_rx_decrypt(local_info_t *local, int iswep, int *len,
				    struct sk_buff *skb)
{
	...
	if (!iswep && !local->open_wep) {    <<<-----------------open_wep is set to non-zero value by iwconfig wlan0 key XXX, so the driver code will not enter this if( ) and that is why 802.1x packet can not be passed up to the hostapd....
If this observation is correct, then should i change the code to "if(!iswep && (local->open_wep!=0)" to let the 802.1x packets get passed???


		if (local->ieee_802_1x &&
		    hostap_is_eapol_frame(local, rxdesc, local->bus_m1_buf,
					  *len)) {
			/* pass unencrypted EAPOL frames even if encryption is
			 * configured */
			printk(KERN_DEBUG "%s: RX: IEEE 802.1X - passing "
			       "unencrypted EAPOL frame\n", local->dev->name);
			goto done;
		}
		printk(KERN_DEBUG "%s: encryption configured, but RX frame "
		       "not encrypted (SA=" MACSTR ")\n",
		       local->dev->name, MAC2STR(rxdesc->addr2));
		ret = -1;
		goto done;
	}

	...
}
-----Original Message-----
From: hostap-admin at shmoo.com [mailto:hostap-admin at shmoo.com]On Behalf Of Jouni Malinen
Sent: Wednesday, February 26, 2003 12:20 PM
To: hostap at shmoo.com
Subject: Re: Three Topics Here


On Tue, Feb 25, 2003 at 08:16:59PM +0800, David Chen wrote:

> 1. 802.1x and ACL : 
> 	
> 	since ACL MAC address filtering is implented in the driver layer, it is not possible to have ACL and 802.1x co-exist in the current architecture. Does anyone have a clear idea of how to move the ACL up to the user space and become part of the hostapd? 

Yes, just update to the latest CVS version and you will get
hostapd-based ACL for 802.11 authentication (both with locally
configured accept/reject lists and external RADIUS server).

> 2. the callback function:
> 	
> 	in the hostap driver, the hostap_callback.c file is included in the hostap_hw.c file(I guess it's because the callback function is a without doubt a hardware-dependent implementation). it cause a deadlock when someone trying to load hostap driver module with the callback function implemented!!! the cause of the deadlock is that hostap.o has to be inserted into the kernel before hostap_pci.o, but it will lead to an unresolved symbol (prism2_callback).

I have never used this functionality myself and it looks like that
others are not using it that either since it took so long to get a
report about it not working..

> my solution to this issue is:
> 
> A.	put the callback function pointer into the private data area.
> 
> or
> 
> B.	include the hostap_callback.c file in hostap.c rather than hostap_hw.c. then export the prism2_callback symbol so that the prism2_pci.o module could have access to this function.

A would be nicer assuming it would export a function that could be used
to register such a callback handler. That would make it possible to
write board-specific code into a completely separate module.
Conditionally including an external file was only there to make it easy
to include some additional code without needing to change Host AP driver
code. Using an external module would make this even more cleaner.
However, I don't know whether this functionality is really required to
be in the Host AP driver.

> 3.Static WEP doesn't work with 802.1x:
> 
> 	if one runs hostapd with -oOWN_IP -aAUTH_SRV_IP -sSHARED_SECRET -x  -b5 -i5 then set static WEP keys with iwconfig, the 802.1x authentication will not succeed (the hostapd will not receive any EAPOL identity response packet...I'm now tracing the packet flow to find out the reason. anyone got an idea?

If you use -b or -i options with hostapd, you cannot use iwconfig to
configure WEP keys. hostapd tries to set keys itself and this will end
up in confusion.. If you want to use preconfigured, static WEP keys with
hostapd, you would first need to modify hostapd to understand this and
preferable to set the keys based on its own configuration.

-- 
Jouni Malinen                                            PGP id EFC895FA
_______________________________________________
HostAP mailing list
HostAP at shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap


More information about the HostAP mailing list