Page MenuHomeFreeBSD

wtap(4): Implement STA/HostAP mode and support WPA/WPA2
Needs ReviewPublic

Authored by enweiwu on Aug 17 2022, 2:56 PM.
Referenced Files
F108434804: D36243.id118172.diff
Fri, Jan 24, 6:00 PM
F108434494: D36243.id120667.diff
Fri, Jan 24, 5:57 PM
F108433250: D36243.id121397.diff
Fri, Jan 24, 5:47 PM
Unknown Object (File)
Thu, Jan 23, 6:49 PM
Unknown Object (File)
Thu, Jan 23, 6:23 PM
Unknown Object (File)
Sat, Jan 18, 4:51 PM
Unknown Object (File)
Fri, Jan 17, 9:33 PM
Unknown Object (File)
Tue, Jan 14, 3:21 PM
Subscribers
None

Details

Reviewers
lwhsu
bz
adrian
cy
cc
Group Reviewers
wireless
Summary

wtap(4): support hostap/sta mode and WPA/WPA2

Wtap originally only supported mesh/ad-hoc mode, and cannot be combined with wpa_supplicant(8)
and hostapd(8) since it's unaware of encryption/decryption. Now I have supported hostap and sta mode
with WPA/WPA2, thus now wtap(4) can be used with hostapd(8) and wpa_supplicant(8).

There is a problem when combining wtap(4) with wpa_supplicant(8):
A race between net80211's scan request and wpa_supplicant's scan request which
all of the net80211(4) drivers will face. D38753 introduces the problem, and D38807 fixes the problem with
only real world NIC, wtap(4) still fails because ic->ic_parent() finish too quick (more details
can be found in D38508). I have solved this problem by making wtap(4) sleep for a while in
ic->ic_parent(). Now wtap(4) supports wpa_supplicant(8) and hostapd(8) well.

This patch depends on D37973 and D38807.

Test Plan

create wtap devices

wtapctl device create 0
wtapctl device create 1

add links in visibility tool

wtapctl vis open
wtapctl vis add 0 1
wtapctl vis add 1 0

create vaps

ifconfig wlan0 create wlandev wtap0 wlanmode hostap ssid test
ifconfig wlan1 create wlandev wtap1 wlanmode sta ssid test

run hostapd on wlan0

hostapd -i wlan0 hostapd.conf

Here is the hostapd.conf for example:

interface=wlan0
debug=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=test
wpa=2
wpa_passphrase=12345678
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP

run wpa_supplicant on wlan1

wpa_supplicant -i wlan1 -dd -c wpa.conf

Here is the wpa.conf for example:

network={
	ssid="test"
	psk=fe727aa8b64ac9b3f54c72432da14faed933ea511ecab15bbc6c52e7522f709a
}

see connection result

After running wpa_supplicant, one may check whether wlan1 connects to wlan0 by ifconfig(8):

ifconfig wlan1 | grep bssid

If one wants to do ping test between the two interfaces, he or she may need jail(8) for isolating network stack.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

sys/dev/wtap/if_wtap.c
481

Please be aware of that there is a trailing space.

sys/dev/wtap/if_wtap.c
474

Please use a tab between`struct ieee80211_frame` and *wh;

enweiwu retitled this revision from wtap(4): Implement STA/HostAP mode to wtap(4): Implement STA/HostAP mode and support WPA/WPA2.
enweiwu edited the summary of this revision. (Show Details)
enweiwu edited the test plan for this revision. (Show Details)
enweiwu added a reviewer: cy.
enweiwu removed subscribers: zlei, imp.
enweiwu edited the summary of this revision. (Show Details)
enweiwu edited the test plan for this revision. (Show Details)
enweiwu edited the summary of this revision. (Show Details)
enweiwu edited the test plan for this revision. (Show Details)

Can you upload this with more context? Either use arc or git diff -U9999 when creating the diff. That'll help to see surrounding code (and probably stop asking me silly questions ;-) )

sys/dev/wtap/if_wtap.c
430

What is this pause for? Simulate delay or wait on something else?

484

Without more context here, this looks like it's writing something somewhere. Are we sure we are not overwriting anything and still write into valid memory?

wh probably already points to the right place from line 477?

635

What happens with the mbuf in that case?

693

Indentation seems odd in Phabricator?

sys/dev/wtap/if_wtap.c
430

What is this pause for? Simulate delay or wait on something else?

I have added comments, sorry for lack of explanation.

484

Without more context here, this looks like it's writing something somewhere. Are we sure we are not overwriting anything and still write into valid memory?

wh probably already points to the right place from line 477?

I'm inserting a TSF timer into the timestamp field in a probe response, which is the mandatory field. I think maybe I should do the boundary check to avoid malicious probe response.

sys/dev/wtap/if_wtap.c
482

Hm, is there no net80211 routine to update the TSF in a frame that has one? We should likely go add one.