wpa_supplicant: wired driver

Cristian Ionescu-Idbohrn cristian.ionescu-idbohrn at axis.com
Thu Sep 15 09:25:20 EDT 2005


I'm trying to use wpa_supplicant, the wired driver, EAP-TLS.
I've got it working, but also discovered (I think) a small glitch.
I have to set the nic in promiscuous mode, else it won't see the
802.1x frames sent by the switch the nic is connected to.

My understanding is that both wpa_supplicant and the switch send their
frames to the multicast address 01:80:c2:00:00:03. wpa_supplicant
misses frames comming from the switch, like:

| No.     Time        Source                Destination           Protocol Info
|       1 0.000000    Cisco_aa:bb:cc        Spanning-tree-(for-bridges)_03 EAP      Request, Identity [RFC3748]
| Frame 1 (60 bytes on wire, 60 bytes captured)
|     Arrival Time: Sep 14, 2005 15:46:41.467596000
|     Time delta from previous packet: 0.000000000 seconds
|     Time since reference or first frame: 0.000000000 seconds
|     Frame Number: 1
|     Packet Length: 60 bytes
|     Capture Length: 60 bytes
|     Protocols in frame: eth:eapol:eap
| Ethernet II, Src: 00:13:60:aa:bb:cc, Dst: 01:80:c2:00:00:03
|     Destination: 01:80:c2:00:00:03 (Spanning-tree-(for-bridges)_03)
|     Source: 00:13:60:aa:bb:cc (Cisco_aa:bb:cc)
|     Type: 802.1X Authentication (0x888e)
|     Trailer: 000000000000000000000000000000000000000000000000...
| 802.1x Authentication
|     Version: 1
|     Type: EAP Packet (0)
|     Length: 5
|     Extensible Authentication Protocol
|         Code: Request (1)
|         Id: 12
|         Length: 5
|         Type: Identity [RFC3748] (1)

unless the nic in the supplicant side is set in promiscuous mode or
wpa_supplicant requires PACKET_ADD_MEMBERSHIP with setsockopt.

I'd like to skip the promiscuous mode stuff. Can anyone point me to what
(and maybe where) I need to add a small hack.


More information about the HostAP mailing list