802.1x/802.11i support

Sam Leffler sam at errno.com
Sun Jun 13 02:06:43 GMT 2004


On Saturday 12 June 2004 05:44 pm, Damian Gerow wrote:
> As a matter of curiousity, is anyone working on 802.1x/802.11i support for
> FreeBSD?  As a corollary, is 802.11i even a standard yet?
>
> As per a thread a few months ago, Sam said he would be getting around to
> it, but I know he's been busy with things like network stack locking and
> such:

Yes and no.  I've got wpa_supplicant working on Linux with a port of the 
net80211 layer and an Atheros driver.  Bringing it back to FreeBSD should be 
straightforward though there are some issues (wpa_supplicant gives you WPA1 
and WPA2 (aka 11i) support with both PSK and .1x).  This is still work in 
progress but pretty close to being "usable" (getting the Atheros driver 
finally reliable has been the hard part).  Once things are stable my intent 
is to backport to FreeBSD but that may not happen quickly.  Finding a 
motivated person with some kernel hacking skills would make things happen 
faster (much faster) and/or allow concurrent development under FreeBSD.

802.11i as a standard is probably in process (don't know the details).  There 
have been WPA2 testathon-style get-togethers going on and the 
net80211+wpa_supplicant code will undergo formal testing pretty soon.  I know 
that numerous companies are rolling out 11i support in products so it's 
likely not going to change substantially if it's not already in ballot.

On the authenticator side the code I mentioned above has an 802.1x 
authenticator that needs a bit of work but was working well enough some time 
back to support multiple WinXP and OS X clients talking to FreeRADIUS and/or 
IAS backends.  WPA authenticator support is incomplete and won't happen by me 
until later this year (I've got another project before I can return to that).  
But the good news is that I've done the biggest part of this work already in 
the net80211 layer (including all the crypto support).

Of course adding support for non-Atheros h/w will take some work.  But for 
Prism cards at least there is the Linux hostap code that has been working for 
a while to crib from.  Getting things hooked up to the ndis emulation layer 
also shouldn't be a big deal as wpa_supplicant apparently works already with 
at least one of the Linux equivalents.

	Sam


More information about the freebsd-mobile mailing list