| wiki1651: Wifi_wiki_page (Version 6) |
802.11 a/b/g Wi-Fi Support#Wi-Fi capability is built into the two "-hc" variants of the stack (io-pkt-v4-hc and io-pkt-v6-hc). The NetBSD stack includes it's own separate 802.11 MAC layer that is independent of the driver. Many other implementations pull the 802.11 MAC inside the driver and this results in separate interfaces and configuration utilities required for every driver. By writing a driver that conforms to the stack's 802.11 layer, the same set of configuration and control utilities can be used for all wireless drivers. The Core Networking Wi-Fi solution allows a user to join or host WLAN (Wireless LAN) networks based on IEEE 802.11 specifications. Using Core Networking, you can connect using a peer to peer mode (ad-hoc mode, also referred to as Independent Basic Service Set, IBSS configuration) or you can either act as a client for a Wireless Access Point (WAP, also known as a base station) or configure Neutrino to act as a Wireless Access Point. This second mode is referred to as Infrastructure Mode or BSS (Basic Service Set). add-hoc mode allows you create a wireless network quickly by allowing wireless nodes within range (for example, the wireless devices in a room) to communicate directly with each other without the need for a wireless access point. While being easy to construct, it may not be appropriate for a large number of nodes because of performance degradation, limited range, non-central administration and weak encryption. Infrastructure mode is the more common network configuration where all wireless hosts (clients) connect to the wireless network via a WAP (Wireless Access Point). The WAP centrally controls access and authentication to the wireless network and provides access to rest of your network. More than one WAP can exist on a wireless network to services large numbers of wireless clients. Core Networking supports WEP, WPA, WPA2 or no security for authentication and encryption when acting as the WAP or client. WPA/WPA2 is the recommended encryption protocol for use with your wireless network. WEP is not as secure as WPA/WPA2 and is known to be breakable. It is available for backward compatibility with already deployed wireless networks. How do I use Wi-Fi with Core Networking 6.4.0?#When connecting to a Wireless Network in Neutrino, the first step that needs to be done is to start the stack process. The stack 'io-pkt' needs to be started with the appropriate driver for the installed hardware. Information on available drivers can be found in the drivers wiki. For this sample, we will use the driver for network adapters using the RAL chipset "devnp-ral.so". After a default installation, all driver binaries are installed under the staging directory /<cpu>/lib/dll.
If the network driver is installed to a location other than /lib/dll, you will need to specify the fullpath and filename of the driver on the command line. Once the stack and appropriate driver has been started, you need to determine what wireless networks are available. If you already have the network name (SSID or Service Set Identifier), you can skip this step as you already know what network you want to join. These steps can also be used to determine if the network you wish to joint is within range and active. To determine what wireless networks are available to join, you must first set the interface status to up. This is done with the ifconfig command
After this step, you can then check to see what wireless networks have advertised themselves using the command
This command will provide a listing of available networks and their configuration. You can use this information to determine the network name (SSID), its mode of operation (ad-hoc or infrastructure mode), and radio channel for example. You can also force a manual scan of the network with the command
This will cause the wireless adapter to scan for WAP stations or ad-hoc nodes within range of the wireless adapter. The available networks will be listed in the utility output along with their configuration. Scan information can also be retrieved from the wpa_supplicant utility (detailed later in this document). Once the appropriate driver is started and the wireless network has been located, you will need to choose the network mode that will be used (ad-hoc vs Infrastructure mode), the authentication method to attach to the wireless network, and the encryption protocol being used, if encryption is being used at all. NOTE: It is recommended that you implement encryption on your wireless network if there are no physical security solutions being used. By default, most network drivers will implement Infrastructure mode (BSS) as most wireless networks are configured to allow network access via a WAP. If you wish to implement an ad-hoc network, you can change the network mode via the ifconfig command.
If you wish to switch back to infrastructure mode, you can use the command
The media options available for your driver are listed in the manual entry for the driver. When you are in ad-hoc mode you advertise your presence to other peers which are within physical range. This means that other 802.11 devices can discover you and connect to your network. Whether you are a client in infrastructure mode, or are using ad-hoc mode, the steps to implement encryption are the same. You will need to make sure that you are using the authentication method and encryption key that has been chosen for the network. If wish to connect with your peers using an ad-hoc wireless network, all peers must be using the same authentication method and encryption key. If you are a client connecting to a WAP, you must use the same authentication method and encryption key as has been configured on the WAP. Connecting to a Wireless Network using WEP (Wired Equivalent Privacy) for Authentication and Encryption#WEP can be used for both authentication and privacy with your wireless network. To connect with the network, a client must pass an authentication phase with its WAP. There are two types of authentication which can take place, Open System Authentication (OSA) or Shared Key Authentication (SKA). By default, your wireless adapter will likely implement the commonly used OSA. To change the method, you can use the ifconfig command.
If it is not know what authentication method to use, you can use the ifconfig utility to view the network parameters. Once the authentication method is chosen, you can then enter your network name and WEP key with the ifconfig command. The network name can be up to 32 characters long. The WEP keymust be either 40 bits long or 104 bits long. This means you will have to enter either 5 or 13 characters for the WEP key, or a 10 or 26 digit long hexadecimal value. For example:
Once you have entered the network name and encryption method, the 802.11 network should be active. This can be verified with the ifconfig utility. In the case of ad-hoc networks, the status will only show active if there is at least one other peer on the (ssid) network.
Once the network status is active, you can send and receive packets on the wireless link. Please refer to the TCP/IP Configuration in a Wireless Network (Client in Infrastructure Mode, or Ad-hoc mode) section for TCP/IP interface configuration to complete your network configuration. Connecting to a Wireless Network Using WPA/WPA2 for Authentication and Encryption#Core Networking also supports connecting to a wireless network using the more secure option of WPA (WiFi Protected Access) or WPA2 (802.11i) protocols. The application which manages this feature is called wpa_supplicant. The wpa_supplicant application can manage your connection to a single access point, or can manage a configuration which includes settings for connections to multiple wireless networks (SSID) either implementing WPA, or WEP to support roaming from network to network. wpa_supplicant supports IEEE802.1X EAP Authentication (referred to as WPA), WPA-PSK, and WPA-NONE (for ad-hoc networks) key management protocols along with encryption support for TKIP and AES (CCMP). A WAP for a simple home or small office wireless network would likely use WPA-PSK for the key management protocol, while a large office network would use WAP along with a central authentication server such as RADIUS. To enable a wireless client (or supplicant) to connect to a WAP configured to use WPA, you must first determine the network name (as described above) and the authentication and encryption methods used from your network administrator. wpa_supplicant uses a configuration file (/etc/wpa_supplicant.conf by default) to configure its settings and then runs as a daemon in the background. You can also use the utility wpa_cli to change the wpa_supplicant configuration while it is running. Changes done by the wpa_cli utility will be saved to the /etc/wpa_supplicant.conf file. The /etc/wpa_supplicant.conf file has a rich set of options which can be configured, but wpa_supplicant also makes use of various default settings which help simplify your wireless configuration. If you are connecting to a WAP and your WPA configuration consists of a network name (SSID) and a pre-shared key, your network configuration can be as simple as this. /etc/wpa_supplicant.conf (Make sure that this file is only readable and writable by root) network={ ssid="my_network_name" #The name of the network you wish to join psk="1234567890" #The preshared key applied by the access point } Start wpa_supplicant as:
wpa_supplicant will by default negotiate the use of the WPA protocol, WPA-PSK for key-management and TKIP or AES for encryption. Infrastructure mode is used by default. Once the interface status is active (ifconfig ral0, where ath0 is the interface name), you can apply the appropriate TCP/IP configuration (See TCP/IP Configuration in a Wireless Network). If you were to create an ad-hoc network using WPA, you could do the following: /etc/wpa_supplicant.conf (**make sure that this file is only readable and writable by root since it contains the key information in clear text) network={ mode=1 #This sets the mode to be ad-hoc, 0 represents Infrastructure mode ssid="my_network_name" #The name of the ad-hoc network key_mgmt=NONE #Sets WPA-NONE group=CCMP #Use AES encryption psk="1234567890" #The preshared key applied by the access point } Start wpa_supplicant as:
Connecting to a Wireless network using no encryption (Not Recommended)#If you are creating a wireless network with no encryption, all network traffic on the network is easily viewable by anyone within range of the wireless network. For example, someone driving by your building in a car. It is possible to create a network without using encryption, but it is not recommended unless the network has been secured by some other mechanism. Note: Many consumer devices (wireless routers to connect your internal lan to the internet for example) are shipped with security features such as encryption turned off. It is recommended that you enable encryption in these devices rather than turn off encryption in Core Networking when creating a wireless network. To connect using no encryption or authentication,
The -nwkey argument is used to disable WEP encryption, and also deletes the temporary WEP key. Note: Core Networking does not support a combination of Shared Key Authentication (SKA) and WEP encryption disabled. Once you have entered the network name, the 802.11 network should be active. This can be verified with the ifconfig utility. In the case of ad-hoc networks, the status will only show active if there is at least one other peer on the (ssid) network.
ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 ssid "network name" powersave off bssid 00:11:22:33:44:55 chan 11 \ address: 11:44:88:44:88:44 media: IEEE802.11 autoselect (OFDM36 mode 11g) status: active Once the network status is active, you can send and receive packets on the wireless link. Please refer to the TCP/IP Configuration in a Wireless Network (Client in Infrastructure Mode, or Ad-hoc mode) section for TCP/IP interface configuration to complete your network configuration. TCP/IP Configuration in A Wireless Network (Client in Infrastructure Mode, or Ad-hoc Mode)#Assigning an IP address to your wireless interface is independent of the 802.11 network configuration and uses the same utilities or daemons as a wired network. The main issue is whether your TCP/IP configuration is dynamically assigned, or statically configured. A static TCP/IP configuration can be applied regardless of the state of your wireless network connection. The wireless network could be active, or it could be unavailable until later. A dynamically assigned TCP/IP configuration (via the DHCP protocol) requires that the wireless network configuration be active, so that it can reach the DHCP server somewhere on the network. This is typically applied in a network that is centrally administered (using Infrastructure Mode with a WAP). The most common use case is that you are a client using a Wireless Access Point to connect to the network. In this kind of network, there should be a DHCP server available. After the 802.11 network status is active, you just need to start dhcp.client to complete your TCP/IP configuration
As an alternative, you could use lsm-autoip.so. AutoIP is a special case in that it negotiates with its peers on the network as they become available. You do not need to wait until the network link is active to launch it. AutoIP will assign your network interface an IP address, and resolve any IP address conflicts with your network peers as they are discovered by either your host or the peer changing its current IP address. You will be able to use this IP address once the wireless network is active. Please see the AutoIP documentation for more information. The last configuration option is a static configuration, which does not change without intervention from the user. An example of a static configuration is
The other use case is an ad-hoc network. This network mode will typically be made up of a number of standalone peers with no central services. Since there is no central server it is likely that DHCP services will not be available. If there are Windows or Apple systems on your ad-hoc network, they will enable the AutoIP protocol to assign an IP address. By using AutoIP, you will avoid IP address conflicts (two or more hosts using the same IP address) and avoid having to configure a new IP manually. Your IP address will be automatically configured, and you will be able to exchange TCP/IP packets with your peers. If you are using a static configuration in an ad-hoc network, you will have the added task of deciding what IP address will be used on each system, making sure that there is no conflicts, and that all the IP addresses assigned are on the same subnet so that the systems can communicate. Creating A WAP (Wireless Acess Point)#A Wireless Access Point (WAP) is a system which allows wireless clients to access the rest of the network or the internet. Your WAP will operate in BSS mode. A WAP will have at least one wireless network interface, to provide a connection point for your wireless clients, and one wired network interface which will connect to the rest of your network. Your WAP will act as a bridge or gateway between the wireless clients, and the wired intra-net or internet. To setup your wireless access point, you will first need to start the appropriate driver for your network adapters. Note that not all network adapter hardware will support operating as an access point. Please refer to the documentation for your specific hardware for further information. For the wireless access point samples, we will use the driver for the RAL wireless chipsets "devnp-ral.so", the driver "devnp-i82544.so" for the wired interface. After a default installation, all driver binaries are installed under the directory $QNX_TARGET/<cpu>/lib/dll (or in the same location in your staging directory if you've built the source yourself). "io-pkt-v4-hc -d ral -d i82544" or "io-pkt-v4-hc -d /lib/dll/devnp-ath.so -d /lib/dll/devnp-i82544.so" or "io-pkt-v6-hc -d ral -d i82544" If the driver is installed to a location other than /lib/dll, you will need to specify the fullpath and filename of the driver on the command line. The next step to configure your WAP is to determine whether it will be acting as a gateway, or a bridge to the rest of the network.
When your WAP acts as a gateway, it is forwarding traffic between two subnets (your wireless network, and the wired network). For TCP/IP, this means that the wireless TCP/IP clients cannot directly reach the wired TCP/IP clients without first sending their packets to the gateway (your WAP). Your WAP network interfaces will also each be assigned an IP address. This type of configuration is common for SOHO (small office, home office) or home use where the WAP is directly connected to your internet service provider. Using this type of configuration allows you to keep all of your network hosts behind a firewall/NAT, and allows you to define and administer your own TCP/IP network. The TCP/IP configuration of a gateway, and firewall is the same whether your network interfaces are wired or wireless. Please see the documentation for more information on TCP/IP configuration of gateways, firewalls and NAT. Once your network is active, you will assign each interface of your WAP an IP address, enable forwarding of IP packets between interfaces, and apply the appropriate firewall and NAT configuration.
When your WAP acts as a bridge, it is connecting your wireless and wired network as if it was one physically connected network (broadcast domain, layer 2). In this case, all the wired and wireless hosts are on the same TCP/IP subnet and can directly exchange TCP/IP packets without the need for the WAP to act as a gateway. In this case, you do not need to assign your WAP network interfaces an IP address to be able to exchange packets between the wireless and wired network. A bridged WAP could be used to allow wireless clients onto your corporate or home network and have them configured in the same manner as the wireless hosts. You will not need to add more services (such as DHCP) or manipulate routing tables. The wireless clients will make use of the same network resources that the wired network hosts make use of. For more information on bridging two networks, plase refer to the bridging wiki Note: While it is not necessary to assign your WAP network interfaces an IP address for TCP/IP connectivity between the wireless clients and wired hosts, you probably will want to assign at least one of your WAP interfaces and IP address so that the device can be addressed for the purposes of managing the device or statistics gathering. To enable your WAP to act as a bridge, you first need to create a bridge interface. ifconfig bridge0 create In this case, "bridge" is the specific interface type, while '0' is a unique instance of the interface type. There can be no space between bridge and 0. "bridge0" becomes the new interface name. brconfig bridge0 add ral0 add wm0 up The brconfig command create a logical link between the interfaces added to the bridge (In this case bridge0). This command adds the interfaces ath0 (our wireless interface) and wm0 (our wired interface). The up option is required to activate the bridge. Note: Remember to mark your bridge as "up' or else it will not be activated To see the status of your defined bridge interface, you can use the command brconfig bridge0 bridge0: flags=41<UP,RUNNING> Configuration: priority 32768 hellotime 2 fwddelay 15 maxage 20 Interfaces: en0 flags=3<LEARNING, DISCOVER> port 3 priority 128 ath0 flags=3<LEARNING,DISCOVER> port 2 priority 128 Address cache (max cache: 100, timeout: 1200): WEP Access Point#NOTE: If you are creating a new wireless network, we recommend you use WPA or WPA2 (RSN) rather than WEP as it supports a much more secure network. WEP should only be used if there are one or more devices on your network which do not support WPA or WPA2. Enabling WEP network authentication and data encryption is similar to configuring a wireless client as both the WAP and client require the same configuration parameters. To use your network adapter as a wireless access point, you must first put the network adapter in host access point mode. ifconfig ath0 mediaopt hostap You will also likely need to adjust the media type (link speed) for your wireless adapter as the auto-selected default may not be suitable. You can view all the available media types with the command "ifconfig -m". They will be listed in the supported combinations of media type and media options. For example, if the combination of media OFDM54 mode 11g mediaopt hostap was listed, you could use the command ifconfig ral0 media OFDM54 mediaopt hostap to set the wireless adapter to use 54Mbit/s. The next parameter to specify is the network name or SSID. This can be up to 32 characters long. ifconfig ral0 ssid "my lan" After the network name, you can define the athentication mechanism that the wireless clients must use to access the WAP. There are two kinds of authentication which can be used, Open System Authentication (OSA) or Shared Key Authentication (SKA). By default, your wireless adapter is will likely implement OSA which is the commonly used mechanism. To change this method you can use ifconfig ral0 auth_type 1 (Open System Authentication) ifconfig ral1 auth_type 2 (Shared Key Authentication) The final configuration parameter is the WEP key. The WEP key must be either 40 bits long or 104 bits long. You can either enter 5 or 13 characters for the key, or a 10 to 26 digit long hexidecimal value. ifconfig ral0 nwkey corpseckey456 You must also set your network interface as up to activate it. ifconfig ral0 up You can also combine all of these commands on one command line ifconfig ral0 ssid "my lan" auth_type 1 nwkey corpseckey456 mediaopt hostap up You network should now be marked as up. ifconfig ral0 ral0: flags=8943<UP,BROADCAST, RUNNING, PROMISC, SIMPLEX, MULTICAST> mtu 1500 ssid "my lan" apbridge nwkey corpseckey456 powersave off bssid 11:22:33:44:55:66 chan 2 address: 11:22:33:44:55:66 media: IEEE802.11 autoselect hostap (autoselect mode 11b hostap) status: active WPA Access Point#WPA/WPA2 support in Neutrino is provided by the hostapd daemon. This daemon is the access point counterpart to the client side wpa_supplicant daemon. This daemon manages your wireless network adapter when in access point mode. The hostapd configuration is defined in the /etc/hostapd.conf configuration file. Before you start the hostapd process, you must put the network adapter in host access point mode. ifconfig ral0 mediaopt hostap You will also likely need to adjust the media type (link speed) for your wireless adapter as the auto-selected default may not be suitable. You can view all the available media types with the command "ifconfig -m". They will be listed in the supported combinations of media type and media options. For example, if the combination of media OFDM54 mode 11g mediaopt hostap was listed, you could use the command ifconfig ral0 media OFDM54 mediaopt hostap to set the wireless adapter to use 54Mbit/s. The remainder of the configuration is handled with the hostapd daemon. The daemon will automatically set your network interface as up, so you do not need to do this step with the ifconfig utility. A simple hostapd configuration file is shown below. This configuration uses WPA-PSK for authentication, and AES for data encryption. /etc/hostapd.conf interface=ath0 ssid=my home lan macaddr_acl=0 auth_algs=1 wpa=1 wpa_passphrase=myhomelanpass23456 wpa_key_mgmt=WPA-PSK wpa_pairwise=CCMP Note that auth_algs and wpa are bitfields, and not values, when you review the hostapd.conf documentation You can now start the hostapd utility specifying the configuration file hostapd -B /etc/hostapd.conf Using the command ifconfig should show that the network interface is active ifconfig ral0 ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290 ssid "my home lan" apbridge nwkey 2:"",0x49e2a9908872e76b3e5e0c32d09b0b52,0x00000000dc710408c04b32b07c9735b0,"" powersave off bssid 00:15:e9:31:f2:5e chan 4 address: 00:15:e9:31:f2:5e media: IEEE802.11 OFDM54 hostap (OFDM54 mode 11g hostap) status: active Your WAP should now be available to your clients. Troubleshooting Channel use. switch to channel no one else is using may interfere with other devices on 2.4G frequency eg phones Utilities and Libraries#Drivers#Ported NetBSD Drivers#Core Networking 6.4.0 Drivers# |
Show Details