wpa_supplicant: wired driver
cristian.ionescu-idbohrn at axis.com
Thu Sep 15 09:25:20 EDT 2005
I'm trying to use wpa_supplicant, the wired driver, EAP-TLS.
I've got it working, but also discovered (I think) a small glitch.
I have to set the nic in promiscuous mode, else it won't see the
802.1x frames sent by the switch the nic is connected to.
My understanding is that both wpa_supplicant and the switch send their
frames to the multicast address 01:80:c2:00:00:03. wpa_supplicant
misses frames comming from the switch, like:
| No. Time Source Destination Protocol Info
| 1 0.000000 Cisco_aa:bb:cc Spanning-tree-(for-bridges)_03 EAP Request, Identity [RFC3748]
| Frame 1 (60 bytes on wire, 60 bytes captured)
| Arrival Time: Sep 14, 2005 15:46:41.467596000
| Time delta from previous packet: 0.000000000 seconds
| Time since reference or first frame: 0.000000000 seconds
| Frame Number: 1
| Packet Length: 60 bytes
| Capture Length: 60 bytes
| Protocols in frame: eth:eapol:eap
| Ethernet II, Src: 00:13:60:aa:bb:cc, Dst: 01:80:c2:00:00:03
| Destination: 01:80:c2:00:00:03 (Spanning-tree-(for-bridges)_03)
| Source: 00:13:60:aa:bb:cc (Cisco_aa:bb:cc)
| Type: 802.1X Authentication (0x888e)
| Trailer: 000000000000000000000000000000000000000000000000...
| 802.1x Authentication
| Version: 1
| Type: EAP Packet (0)
| Length: 5
| Extensible Authentication Protocol
| Code: Request (1)
| Id: 12
| Length: 5
| Type: Identity [RFC3748] (1)
unless the nic in the supplicant side is set in promiscuous mode or
wpa_supplicant requires PACKET_ADD_MEMBERSHIP with setsockopt.
I'd like to skip the promiscuous mode stuff. Can anyone point me to what
(and maybe where) I need to add a small hack.
More information about the HostAP