The wpa_supplicant daemon is the "standard" mechanism used to provide persistence of wireless networking information as well as managing automated connections into networks without user intervention.
The supplicant is based upon the open source supplicant (albeit an earlier revision that matches that used by the NetBSD distribution) located at http://hostap.epitest.fi/wpa_supplicant/.
The supplicant provides a number of key features to support wireless connectivity. These are:
An example wpa_supplicant.conf file is installed in $STAGE/etc for you. It contains a detailed description of the basic supplicant configuration parameters and network parameter descriptions (and there are lots of them) and example network configuration blocks.
In conjunction with the supplicant is a command line configuration tool called wpa_cli. This tool lets you query the stack for information on wireless networks as well as update the configuration file on the fly. We are also in the process of developing a library of routines that will be pulled into a GUI (or that you can use yourself to create a Wi-Fi configuration tool). This library can be found under the source tree in lib/wlconfig and creates a libwlconfig library for applications to use.
The following commands are currently supported by the wpa_cli utility:
status [verbose] = get current WPA/EAPOL/EAP status
mib = get MIB variables (dot1x, dot11)
help = show this usage help
interface [ifname] = show interfaces/select interface
level <debug level> = change debug level
license = show full wpa_cli license
logoff = IEEE 802.1X EAPOL state machine logoff
logon = IEEE 802.1X EAPOL state machine logon
set = set variables (shows list of variables when run without arguments)
pmksa = show PMKSA cache
reassociate = force reassociation
reconfigure = force wpa_supplicant to re-read its configuration file
preauthenticate <BSSID> = force preauthentication
identity <network id> <identity> = configure identity for an SSID
password <network id> <password> = configure password for an SSID
new_password <network id> <password> = change password for an SSID
pin <network id> <pin> = configure pin for an SSID
otp <network id> <password> = configure one-time-password for an SSID
passphrase <network id> <passphrase> = configure private key passphrase
for an SSID
bssid <network id> <BSSID> = set preferred BSSID for an SSID
list_networks = list configured networks
select_network <network id> = select a network (disable others)
enable_network <network id> = enable a network
disable_network <network id> = disable a network
add_network = add a network
remove_network <network id> = remove a network
set_network <network id> <variable> <value> = set network variables (shows
list of variables when run without arguments)
get_network <network id> <variable> = get network variables
save_config = save the current configuration
disconnect = disconnect and wait for reassociate command before connecting
scan = request new BSS scan
scan_results = get latest scan results
get_capability <eap/pairwise/group/key_mgmt/proto/auth_alg> = get capabilities
terminate = terminate wpa_supplicant
quit = exit wpa_cli
If you want the wpa_cli to be capable of updating the wpa_supplicant.conf file, edit the wpa_supplicant.conf file and uncomment the "update_config=1" option. (Note that when wpa_cli re-writes the configuration file, all of the comments in there will be stripped out.) Copy the file into /etc (and make sure that it's owned and read/writable by root only. It contains clear text keys and password information).
Given a system with a USB-WiFi dongle based on the RAL chips, here's a sample session showing how to get things working with a WEP based WAP.
# cp $HOME/stage/etc/wpa_supplicant.conf /etc
# chown root:root /etc/wpa_supplicant.conf
# chmod 600 /etc/wpa_supplicant.conf
# io-pkt-v4-hc -dural
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
inet 127.0.0.1 netmask 0xff000000
ural0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
ssid ""
powersave off
address: 00:ab:cd:ef:d7:ac
media: IEEE802.11 autoselect
status: no network
# wpa_supplicant -B -iural0
# wpa_cli
wpa_cli v0.4.9
Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi> and contributors
This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.
Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.
Selected interface 'ural0'
Interactive mode
> scan
OK
> scan_results
bssid / frequency / signal level / flags / ssid
00:02:34:45:65:76 2437 10 [WPA-EAP-CCMP] A_NET
00:23:44:44:55:66 2412 10 [WPA-PSK-CCMP] AN_OTHERNET
00:12:4c:56:a7:8c 2412 10 [WEP] MY_NET
> list_networks
network id / ssid / bssid / flags
0 simple any
1 second ssid any
2 example any
> remove_network 0
OK
> remove_network 1
OK
> remove_network 2
OK
> add_network
0
> set_network 0 ssid "MY_NET"
OK
> set_network 0 key_mgmt NONE
OK
> set_network 0 wep_key0 "My_Net_Key234"
OK
> enable_network 0
OK
> save
OK
> list_network
network id / ssid / bssid / flags
0 QWA_NET any
> status
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2412 MHz)
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2412 MHz)
wpa_state=ASSOCIATING
> status
<2>Trying to associate with 00:12:4c:56:a7:8c (SSID='MY_NET' freq=2462 MHz)
<2>Associated with 00:12:4c:56:a7:8c
<2>CTRL-EVENT-CONNECTED - Connection to 00:12:4c:56:a7:8c completed (auth)
bssid=00:12:4c:56:a7:8c
ssid=MY_NET
pairwise_cipher=WEP-104
group_cipher=WEP-104
key_mgmt=NONE
wpa_state=COMPLETED
> quit
# dhcp.client -i ural0
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33192
inet 127.0.0.1 netmask 0xff000000
ural0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ssid MY_NET nwkey My_Net_Key234
powersave off
bssid 00:12:4c:56:a7:8c chan 11
address: 00:ab:cd:ef:d7:ac
media: IEEE802.11 autoselect (OFDM54 mode 11g)
status: active
inet 10.42.161.233 netmask 0xfffffc00 broadcast 10.42.160.252
#