Using wpa_supplicant/hostapd in IKEv2 daemon...

Stjepan Gros sgros at zemris.fer.hr
Fri Aug 18 14:54:36 EDT 2006


Hi!

I'm a member of a team that develops IKEv2 daemon
(ikev2.sourceforge.net) and we would like to add EAP authentication to
daemon. There are several possible ideas how to do that.

First idea is to implement everything from stretch and the second is to
take existing code base (like wpa_supplicant/hostapd) and integrate it
into IKEv2 daemon. But, those two ideas require too much resources that
we don't have now so we would like to avoid them.

Now, the third solution is to write glue layer that would allow us to
take and pass EAP messages from/to wpa_supplicant/hostapd.

To minimize necessary changes we are thinking about leaving
wpa_supplicant/hostapd as a separate processes that communicate with
IKEv2 via some IPC mechanism. 

So, now we come to implementation and, of course, questions:

1. Generally, do you think is this idea feasible?

2. We are thinking at implementing glue code at the l2_packet level,
that just relays EAP packet to IKEv2 daemon (and vice versa). That is in
wpa_supplicant. Is this the best place? Note that we need raw EAP
packets.

3. There are no such files (l2_packet*) in hostapd so where is the best
place to do such thing in hostapd?

I think there will be more questions, but I think this will be enough
for start. :)

Thanks for help,
Stjepan Gros




More information about the HostAP mailing list