WPA-PSK won't exchange keys using interface - wifi0
espy at pepper.com
Fri Jul 8 14:55:00 EDT 2005
i've looked over the code for the known Linux DHCP clients: pump,
dhclient, and dhcpcd; all of them mark the interface 'down' when
releasing an IP address lease and/or shutting down. i've only run pump
and dhclient on our system, so i can't be 100% of dhcpd's behavior until
i run it.
so, it looks like they all make the assumption that even though the
interface has been marked 'down', DHCP packets can still be transmitted
over the interface. my contention is that the current Linux ifconfig
manpage's description of 'down' is too vague. it should state that the
'down' flag should cause the driver to disallow IP traffic ( this is
what the Linux NAG and various other Unix manpages state ).
does this convince you that this isn't a problem isolated to our DHCP
in order for us to support WPA, i have three choices...
1. modify the hostAP driver to allow EAPOL packets to be transmitted
over the wifi0 device. this would allow us to continue to run
wpa_supplicant with wifi0 as the specified interface, and pump with wlan0.
2. modify the hostAP driver to allow the lan devices ( eg. wlan0 in our
case ) to be marked down without 'disabling' the driver.
3. modify our core application to look for a known invalid IP address
which signifies that we're 'offline'. this is the least preferrable
option as it means we have to re-configure the IP parameters everytime
the connection drops and comes back online. toggling the up/down flag
allows the IP address and routing table entries to remain configured.
we're supposed to ship our first customer units soon, and right now
they're going to go out with WPA disabled until i resolve this.
if you can point me in the right direction, i'd like to try and
implement #1 or #2 if possible.
by the way, hope you have a great vacation... i'm envious.
p.s. here are links for dhclient and dhcpcd:
Jouni Malinen wrote:
> On Tue, Jul 05, 2005 at 06:50:42PM -0400, Tony Espy wrote:
>>Jouni Malinen wrote:
>>>On Tue, Jul 05, 2005 at 01:20:17PM -0400, Tony Espy wrote:
>>>>i've run into a problem where i can't seem to get wpa_supplicant to
>>>>complete it's key exchange with an AP using WPA-PSK over the wifi0
>>>>interface. it works just fine if i specify wlan0 as the interface.
>>>Using wifi0 interface for this is not supported, nor expected to work.
>>Is there anyway around this? I posted a question on 03/28 re: using
>>this sort of configuration, and from your response, it sounded like this
>>wouldn't be a problem ( note -- I've attached your original reply ).
> No you did not, your earlier question was completely different..
>>In my email, I didn't explicitly call out the fact that we were using
>>wpa_supplicant, so that may have been my bad.
> .. indeed.. wpa_supplicant with this configuration is indeed the
> completely diffenret part. wpa_supplicant needs to receive and send
> EAPOL frames and this is not supported through wifi0.
> Sure, this could be worked around somehow, but I'm not interested in
> using time with this unless someone can first convince me that this is
> really something that should be done instead of changing the DHCP client
> to behave otherwise.
>>My assumption was that the UP/DOWN flag could be used to indicate to the
>>rest of the system that an interface was "online/offline" ( ie.
>>available for IP traffic ). Apparently the authors of pump made this
> UP/DOWN for me means whether the device is enabled or disabled. This
> seems to match with number of network device drivers in Linux. In case
> of wireless devices, this would mean that one will need to complete
> reauthentication after setting the interface DOWN and then UP.
> In my opinion, DHCP client should not set interface down if it was
> already up when the client was started.
>>Note -- however that the ethernet driver doesn't behave that way.
>>'eth0' can be marked down, but will still allow DHCP messages to be
> What is _the_ ethernet driver? Many Ethernet drivers in Linux 2.6.x
> disable interrupts when the interface is set down..
>>Would it be possible to modify the driver to allow key exchange to occur
>>even though the interface was marked down?
> That does not match with the expected behavior (at least the way I see
> it). No packets should be transmitted if the interface is down.
More information about the HostAP