how to configure WEP with shared password

Li Jin ljin at broadcom.com
Thu Sep 26 12:50:48 EDT 2013


Hello Jouni,

Thanks for your reply!

I tried the following configuration without HT capability specified. However the AP still shows up as OPEN. Anything else I might missed?

interface=wlan0
ctrl_interface=/opt/wifi/hostapd
ssid=Android
channel=6
auth_algs=2
wep_default_key=0
wep_key0=123456789a
wep_key1="vwxyz"
wep_key2=0102030405060708090a0b0c0d
wep_key3=".2.4.6.8.0.23"
bridge=br0

Li

-----Original Message-----
From: hostap-bounces at lists.shmoo.com [mailto:hostap-bounces at lists.shmoo.com] On Behalf Of hostap-request at lists.shmoo.com
Sent: Monday, September 23, 2013 1:17 AM
To: hostap at lists.shmoo.com
Subject: HostAP Digest, Vol 125, Issue 23

Send HostAP mailing list submissions to
	hostap at lists.shmoo.com

To subscribe or unsubscribe via the World Wide Web, visit
	http://lists.shmoo.com/mailman/listinfo/hostap
or, via email, send a message with subject or body 'help' to
	hostap-request at lists.shmoo.com

You can reach the person managing the list at
	hostap-owner at lists.shmoo.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of HostAP digest..."


Today's Topics:

   1. where to put passphrase? (eMyListsDDg)
   2. Re: [PATCH] Handle EAGAIN in wpa_supplicant_ctrl_iface_send
      (Pontus Fuchs)
   3. Re: unable to clone (Jouni Malinen)
   4. Re: Stop wpa_supplicant from retrying authentication?
      (Jouni Malinen)
   5. Re: Group rekey with lots of stations. (Jouni Malinen)
   6. Re: [PATCH 1/2] supplicant: Use high-priority queue for
      management	packets. (Jouni Malinen)
   7. Re: how to configure WEP with shared password (Jouni Malinen)
   8. Re: [wpa_supplicant]does_not_build_without_md4 (Jouni Malinen)
   9. [PATCH V2] Handle EAGAIN in wpa_supplicant_ctrl_iface_send
      (Pontus Fuchs)


----------------------------------------------------------------------

Message: 1
Date: Sun, 22 Sep 2013 13:54:15 -0700
From: eMyListsDDg <emylistsddg at gmail.com>
Subject: where to put passphrase?
To: "hostap at lists.shmoo.com" <hostap at lists.shmoo.com>
Message-ID: <1683918645.20130922135415 at gmail.com>
Content-Type: text/plain; charset=us-ascii

is it more secure to use a "wpa_passphrase= " entry in hostapd.conf or putting a passphrase in a "wpa_psk_file= " file ?






------------------------------

Message: 2
Date: Mon, 23 Sep 2013 08:51:05 +0200
From: Pontus Fuchs <pontus.fuchs at gmail.com>
Subject: Re: [PATCH] Handle EAGAIN in wpa_supplicant_ctrl_iface_send
To: Ben Greear <greearb at candelatech.com>
Cc: pontus2.fuchs at sonymobile.com, hostap at lists.shmoo.com
Message-ID: <523FE4D9.2030709 at gmail.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 2013-09-20 18:05, Ben Greear wrote:
> On 09/20/2013 12:53 AM, Pontus Fuchs wrote:
>> Commit 4fdc8def changed the ctrl interface socket to be non-blocking,
>> but didn't update wpa_supplicant_ctrl_iface_send to handle EAGAIN.
>>
>> If a burst of events are sent, the socket queue can overflow and
>> sendmsg fails with EAGAIN. When this happens the monitor is silently
>> detached.
>
> Patch looks OK to me, but since sendmsg uses MSG_DONTWAIT, then it
> was always non-blocking and my patch should have not made things any
> worse...
>

Thanks Ben. Missed the MSG_DONTWAIT. I'll have to look for another 
reason to why this started to happen then. Anyway the patch is still 
valid. I'll update the commit msg.

Cheers,

Pontus




------------------------------

Message: 3
Date: Mon, 23 Sep 2013 10:42:22 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: unable to clone
To: hostap at lists.shmoo.com
Message-ID: <20130923074222.GA10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Mon, Sep 16, 2013 at 11:02:44PM +0530, Akhil Gaur wrote:
> I was trying to sync code from hostap site, using following command:
> 
> *git clone git://w1.fi/srv/git/hostap.git*
> 
> *git clone  http://w1.fi/hostap.git*
> Both the protocol failed. It looks like the hostap code sharing service is
> down.

git-daemon was in a bit confused state, but it should be fine now (I
restarted it last week). This would explain the git protocol not working
a week ago. However, HTTP option should have worked fine. Anyway, based
on a test, both protocols are working fine now.

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 4
Date: Mon, 23 Sep 2013 11:01:03 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: Stop wpa_supplicant from retrying authentication?
To: hostap at lists.shmoo.com
Message-ID: <20130923080103.GB10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Tue, Sep 10, 2013 at 03:36:23PM -0700, Pengcheng Chen wrote:
> Is there a way to stop wpa_suppliant from retrying on authentication
> failures? Can I configure this through the config file? Or is there a
> command line option to achieve this?

wpa_supplicant does not disable a network on authentication failures on
its own. Consecutive connections attempts are delayed (there are
somewhat recent changes in this area), but the network is left enabled
unless something above wpa_supplicant decides to disable it.

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 5
Date: Mon, 23 Sep 2013 11:06:10 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: Group rekey with lots of stations.
To: hostap at lists.shmoo.com
Message-ID: <20130923080610.GC10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Thu, Sep 05, 2013 at 11:12:16AM -0700, Ben Greear wrote:
> We are seeing an issue where a few of our 60+ stations are getting kicked
> out by a customer's AP when it rekeys.  It seems that at least a few rekey messages
> are lost and the hostapd gives up and disconnects the client stations.

Do you know why the messages are lost?

> These 60+ stations are all on one machine, so the supplicant there has lots of work
> to do in a short time.  There are some additional station machines connected and running
> some background traffic.

If there are any stations that are unable to reply to group rekey
messages in reasonable time, such stations are expected to be
disconnected to allow the rekey operation to go ahead.

> Since it appears all stations need to rekey at once, I am wondering if
> it would be valid to be more lenient in hostapd's retransmit timers?

Your use case sounds quite special and if you want to test something
like that, you may need more CPU on the simulated station side.. The
default timeouts should not be modified unless a more real world use
case is showing failures for this to avoid delaying rekeying. The new
GTK can be taken into use only after all associated STAs have received
it (or are disconnected due to timeout or are using WNM-Sleep Mode).

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 6
Date: Mon, 23 Sep 2013 11:08:17 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: [PATCH 1/2] supplicant: Use high-priority queue for
	management	packets.
To: hostap at lists.shmoo.com
Message-ID: <20130923080817.GD10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Mon, Sep 09, 2013 at 11:49:04AM -0700, greearb at candelatech.com wrote:
> Without this patch, wpa_supplicant EAPOL packets (at least)
> are sent on normal best-effort TX queue.  I believe they
> should be on the VO high-priority queue instead.

> diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c

> @@ -97,6 +97,7 @@ struct l2_packet_data * l2_packet_init(
> +	/* Use high-priority queue for management packets
> +	 * http://wireless.kernel.org/en/developers/Documentation/mac80211/queues
> +	 */
> +	if (setsockopt(l2->fd, SOL_SOCKET,
> +		       SO_PRIORITY, (char*)&val, sizeof(val)) < 0) {

This seems to be assuming that mac80211 is used always. That is not
really the case and I guess this SO_PRIORITY change to a special
mac80211-specific value could result in undesired results with
non-mac80211 drivers.

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 7
Date: Mon, 23 Sep 2013 11:10:10 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: how to configure WEP with shared password
To: hostap at lists.shmoo.com
Message-ID: <20130923081010.GE10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Wed, Sep 11, 2013 at 05:11:59PM +0000, Li Jin wrote:
> I use the following hostapd configuration file to configure an softAP with WEP with key "1234567890", however the AP appears to be OPEN security. Could you please let me know what I did wrong?

auth_algs=2 should enable Shared Key authentication. Anyway, please note
that WEP is not allowed with HT, so this configuration is not really
valid.

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 8
Date: Mon, 23 Sep 2013 11:15:14 +0300
From: Jouni Malinen <j at w1.fi>
Subject: Re: [wpa_supplicant]does_not_build_without_md4
To: hostap at lists.shmoo.com
Message-ID: <20130923081514.GF10148 at w1.fi>
Content-Type: text/plain; charset=us-ascii

On Mon, Sep 16, 2013 at 02:43:51PM +0200, Torsten wrote:
> I compiled OpenSSL (1.0.1e) without some algorithms (RC2, MD2 and MD4) after that I
> had to re-compile wpa_supplicant (2.0) which results in the following error:

>   unfinished jobs.... ../src/crypto/crypto_openssl.o: In function `md4_vector':
> crypto_openssl.c:(.text+0x16a): undefined reference to `EVP_md4'

Number of EAP methods require support for MD4. There is not currently
any option for disabling this. It should be doable to add a new
pre-processor macro for including md4_vector() based on NEED_MD4 so that
a build without MD4 could be achieved at the cost of having to disable
the EAP methods that require this hash function.

-- 
Jouni Malinen                                            PGP id EFC895FA


------------------------------

Message: 9
Date: Mon, 23 Sep 2013 10:17:05 +0200
From: Pontus Fuchs <pontus.fuchs at gmail.com>
Subject: [PATCH V2] Handle EAGAIN in wpa_supplicant_ctrl_iface_send
To: hostap at lists.shmoo.com
Cc: pontus2.fuchs at sonymobile.com
Message-ID: <1379924225-6699-1-git-send-email-pontus.fuchs at gmail.com>

If a burst of events are sent, the socket queue can overflow and
sendmsg fails with EAGAIN. When this happens the monitor is silently
detached.

Signed-hostap: Pontus Fuchs <pontus.fuchs at gmail.com>
---

V2: Update commit msg.

 wpa_supplicant/ctrl_iface_unix.c | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/wpa_supplicant/ctrl_iface_unix.c b/wpa_supplicant/ctrl_iface_unix.c
index 49489d6..2c67b9c 100644
--- a/wpa_supplicant/ctrl_iface_unix.c
+++ b/wpa_supplicant/ctrl_iface_unix.c
@@ -623,14 +623,21 @@ static void wpa_supplicant_ctrl_iface_send(const char *ifname, int sock,
 			msg.msg_name = (void *) &dst->addr;
 			msg.msg_namelen = dst->addrlen;
 			if (sendmsg(sock, &msg, MSG_DONTWAIT) < 0) {
-				int _errno = errno;
+				int _errno = errno, detach = 0;
 				wpa_printf(MSG_INFO, "CTRL_IFACE monitor[%d]: "
 					   "%d - %s",
 					   idx, errno, strerror(errno));
 				dst->errors++;
-				if (dst->errors > 1000 ||
-				    (_errno != ENOBUFS && dst->errors > 10) ||
-				    _errno == ENOENT) {
+				if (dst->errors > 1000 || _errno == ENOENT)
+					detach = 1;
+				if (!(_errno == ENOBUFS || _errno == EAGAIN ||
+				    _errno == EWOULDBLOCK) && dst->errors > 10)
+					detach = 1;
+				if (detach) {
+					wpa_printf(MSG_ERROR, "CTRL_IFACE "
+						   "monitor[%d]: Too many "
+						   "errors. Detaching. ",
+						   idx);
 					wpa_supplicant_ctrl_iface_detach(
 						ctrl_dst, &dst->addr,
 						dst->addrlen);
-- 
1.8.1.2



------------------------------

_______________________________________________
HostAP mailing list
HostAP at lists.shmoo.com
http://lists.shmoo.com/mailman/listinfo/hostap


End of HostAP Digest, Vol 125, Issue 23
***************************************




More information about the HostAP mailing list