PERFORCE change 129471 for review
John Birrell
jb at FreeBSD.org
Sat Nov 24 14:32:39 PST 2007
http://perforce.freebsd.org/chv.cgi?CH=129471
Change 129471 by jb at jb_freebsd1 on 2007/11/24 22:31:49
IFC
Affected files ...
.. //depot/projects/dtrace/doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml#11 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml#3 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/basics/chapter.sgml#5 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/config/chapter.sgml#5 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/firewalls/chapter.sgml#5 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/introduction/chapter.sgml#7 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/mail/chapter.sgml#3 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/printing/chapter.sgml#3 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/users/chapter.sgml#3 integrate
.. //depot/projects/dtrace/doc/zh_TW.Big5/books/porters-handbook/book.sgml#10 integrate
.. //depot/projects/dtrace/src/contrib/binutils/opcodes/ppc-dis.c#4 integrate
.. //depot/projects/dtrace/src/etc/periodic/security/100.chksetuid#4 integrate
.. //depot/projects/dtrace/src/lib/libc/sparc64/fpu/fpu_explode.c#5 integrate
.. //depot/projects/dtrace/src/lib/libdisk/libdisk.3#5 integrate
.. //depot/projects/dtrace/src/lib/libelf/elf.3#9 integrate
.. //depot/projects/dtrace/src/lib/libelf/libelf_data.c#8 integrate
.. //depot/projects/dtrace/src/lib/libpmc/Makefile#4 integrate
.. //depot/projects/dtrace/src/lib/libpmc/pmc_allocate.3#1 branch
.. //depot/projects/dtrace/src/lib/libpmc/pmc_disable.3#1 branch
.. //depot/projects/dtrace/src/lib/libpmc/pmc_event_names_of_class.3#1 branch
.. //depot/projects/dtrace/src/lib/libpmc/pmc_name_of_capability.3#1 branch
.. //depot/projects/dtrace/src/lib/libthr/thread/thr_sem.c#7 integrate
.. //depot/projects/dtrace/src/libexec/tftpd/Makefile#4 integrate
.. //depot/projects/dtrace/src/libexec/tftpd/tftpd.8#7 integrate
.. //depot/projects/dtrace/src/libexec/tftpd/tftpd.c#4 integrate
.. //depot/projects/dtrace/src/sbin/geom/class/nop/gnop.8#5 integrate
.. //depot/projects/dtrace/src/share/man/man4/hwpmc.4#8 integrate
.. //depot/projects/dtrace/src/sys/amd64/amd64/genassym.c#8 integrate
.. //depot/projects/dtrace/src/sys/dev/aac/aac_debug.c#4 integrate
.. //depot/projects/dtrace/src/sys/dev/ata/ata-chipset.c#20 integrate
.. //depot/projects/dtrace/src/sys/dev/ata/ata-disk.c#8 integrate
.. //depot/projects/dtrace/src/sys/dev/usb/if_zyd.c#6 integrate
.. //depot/projects/dtrace/src/sys/dev/usb/usbdevs#20 integrate
.. //depot/projects/dtrace/src/sys/i386/i386/genassym.c#10 integrate
.. //depot/projects/dtrace/src/sys/kern/kern_lock.c#11 integrate
.. //depot/projects/dtrace/src/sys/kern/subr_witness.c#12 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211.c#9 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211.h#9 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_ht.c#4 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_node.c#8 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_output.c#11 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_proto.c#8 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_scan_sta.c#4 integrate
.. //depot/projects/dtrace/src/sys/net80211/ieee80211_var.h#9 integrate
.. //depot/projects/dtrace/src/sys/netinet/libalias/alias_util.c#6 integrate
.. //depot/projects/dtrace/src/sys/netinet/tcp_subr.c#17 integrate
.. //depot/projects/dtrace/src/sys/sys/lockmgr.h#8 integrate
.. //depot/projects/dtrace/src/sys/vm/vm_pageout.c#8 integrate
.. //depot/projects/dtrace/www/share/sgml/events.xml#13 integrate
.. //depot/projects/dtrace/www/share/sgml/navibar.ent#6 integrate
Differences ...
==== //depot/projects/dtrace/doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml#11 (text+ko) ====
@@ -1,7 +1,7 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.400 2007/09/12 11:47:33 murray Exp $
+ $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.402 2007/11/24 14:10:49 remko Exp $
-->
<chapter id="advanced-networking">
@@ -1739,6 +1739,305 @@
ready to exchange informations.</para>
</sect2>
+ <sect2 id="network-wireless-ap">
+ <title>&os; Host Access Points</title>
+
+ <para>&os; can act as an Access Point (AP) which eliminates the
+ need to buy a hardware AP or run an ad-hoc network. This can be
+ particularly useful when your &os; machine is acting as a
+ gateway to another network (e.g., the Internet).</para>
+
+ <sect3 id="network-wireless-ap-basic">
+ <title>Basic Settings</title>
+
+ <para>Before configuring your &os; machine as an AP, the
+ kernel must be configured with the appropriate wireless
+ networking support for your wireless card. You also have to
+ add the support for the security protocols you intend to
+ use. For more details, see <xref
+ linkend="network-wireless-basic">.</para>
+
+ <note>
+ <para>The use of the NDIS driver wrapper and the &windows;
+ drivers do not allow currently the AP operation. Only
+ native &os; wireless drivers support AP mode.</para>
+ </note>
+
+ <para>Once the wireless networking support is loaded, you can
+ check if your wireless device supports the host-based access
+ point mode (also know as hostap mode):</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> list caps</userinput>
+ath0=783ed0f<WEP,TKIP,AES,AES_CCM,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,TKIPMIC,WPA1,WPA2,BURST,WME></screen>
+
+ <para>This output displays the card capabilities; the
+ <literal>HOSTAP</literal> word confirms this wireless card
+ can act as an Access Point. Various supported ciphers are
+ also mentioned: WEP, TKIP, WPA2, etc., these informations
+ are important to know what security protocols could be set
+ on the Access Point.</para>
+
+ <para>The wireless device can now be put into hostap mode and
+ configured with the correct SSID and IP address:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap</userinput> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></screen>
+
+ <para>Use again <command>ifconfig</command> to see the status
+ of the <devicename>ath0</devicename> interface:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput>
+ ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+ inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
+ inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
+ ether 00:11:95:c3:0d:ac
+ media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
+ status: associated
+ ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
+ authmode OPEN privacy OFF txpowmax 38 bmiss 7 protmode CTS burst dtimperiod 1 bintval 100</screen>
+
+ <para>The <literal>hostap</literal> parameter indicates the
+ interface is running in the host-based access point
+ mode.</para>
+
+ <para>The interface configuration can be done automatically at
+ boot time by adding the following line to
+ <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>ifconfig_ath0="ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable>"</programlisting>
+ </sect3>
+
+ <sect3>
+ <title>Host-based Access Point without Authentication or
+ Encryption</title>
+
+ <para>Although it is not recommended to run an AP without any
+ authentication or encryption, this is a simple way to check
+ if your AP is working. This configuration is also important
+ for debugging client issues.</para>
+
+ <para>Once the AP configured as previously shown, it is
+ possible from another wireless machine to initiate a scan to
+ find the AP:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput>
+SSID BSSID CHAN RATE S:N INT CAPS
+freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 ES</screen>
+
+ <para>The client machine found the Access Point and can be
+ associated with it:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> inet <replaceable>192.168.0.2</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput>
+&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput>
+ ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+ inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
+ inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
+ ether 00:11:95:d5:43:62
+ media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
+ status: associated
+ ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
+ authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen>
+ </sect3>
+
+ <sect3>
+ <title>WPA Host-based Access Point</title>
+
+ <para>This section will focus on setting up &os; Access Point
+ using the WPA security protocol. More details regarding WPA
+ and the configuration of WPA-based wireless clients can be
+ found in the <xref linkend="network-wireless-wpa">.</para>
+
+ <para>The <application>hostapd</application> daemon is used to
+ deal with client authentication and keys management on the
+ WPA enabled Access Point.</para>
+
+ <para>In the following, all the configuration operations will
+ be performed on the &os; machine acting as AP. Once the
+ AP is correctly working, <application>hostapd</application>
+ should be automatically enabled at boot with the following
+ line in <filename>/etc/rc.conf</filename>:</para>
+
+ <programlisting>hostapd_enable="YES"</programlisting>
+
+ <para>Before trying to configure
+ <application>hostapd</application>, be sure you have done
+ the basic settings introduced in the <xref
+ linkend="network-wireless-ap-basic">.</para>
+
+ <sect4>
+ <title>WPA-PSK</title>
+
+ <para>WPA-PSK is intended for small networks where the use
+ of an backend authentication server is not possible or
+ desired.</para>
+
+ <para>The configuration is done in the
+ <filename>/etc/hostapd.conf</filename> file:</para>
+
+ <programlisting>interface=ath0 <co id="co-ap-wpapsk-iface">
+debug=1 <co id="co-ap-wpapsk-dbug">
+ctrl_interface=/var/run/hostapd <co id="co-ap-wpapsk-ciface">
+ctrl_interface_group=wheel <co id="co-ap-wpapsk-cifacegrp">
+ssid=freebsdap <co id="co-ap-wpapsk-ssid">
+wpa=1 <co id="co-ap-wpapsk-wpa">
+wpa_passphrase=freebsdmall <co id="co-ap-wpapsk-pass">
+wpa_key_mgmt=WPA-PSK <co id="co-ap-wpapsk-kmgmt">
+wpa_pairwise=CCMP TKIP <co id="co-ap-wpapsk-pwise"></programlisting>
+
+ <calloutlist>
+ <callout arearefs="co-ap-wpapsk-iface">
+ <para>This field indicates the wireless interface used
+ for the Access Point.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-dbug">
+ <para>This field sets the level of verbosity during the
+ execution of <application>hostapd</application>. A
+ value of <literal>1</literal> represents the minimal
+ level.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-ciface">
+ <para>The <literal>ctrl_interface</literal> field gives
+ the pathname of the directory used by
+ <application>hostapd</application> to stores its
+ domain socket files for the communication with
+ external programs such as &man.hostapd.cli.8;. The
+ default value is used here.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-cifacegrp">
+ <para>The <literal>ctrl_interface_group</literal> line
+ sets the group (here, it is the
+ <groupname>wheel</groupname> group) allowed to access
+ to the control interface files.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-ssid">
+ <para>This field sets the network name.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-wpa">
+ <para>The <literal>wpa</literal> field enables WPA and
+ specifies which WPA authentication protocol will be
+ required. A value of <literal>1</literal> configures the
+ AP for WPA-PSK.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-pass">
+ <para>The <literal>wpa_passphrase</literal> field
+ contains the ASCII passphrase for the WPA
+ authentication.</para>
+
+ <warning>
+ <para>Always use strong passwords that are
+ sufficiently long and made from a rich alphabet so
+ they will not be guessed and/or attacked.</para>
+ </warning>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-kmgmt">
+ <para>The <literal>wpa_key_mgmt</literal> line refers to
+ the key management protocol we use. In our case it is
+ WPA-PSK.</para>
+ </callout>
+
+ <callout arearefs="co-ap-wpapsk-pwise">
+ <para>The <literal>wpa_pairwise</literal> field
+ indicates the set of accepted encryption algorithms by
+ the Access Point. Here both TKIP (WPA) and CCMP
+ (WPA2) ciphers are accepted. CCMP cipher is an
+ alternative to TKIP and that is strongly preferred
+ when possible; TKIP should be used solely for stations
+ incapable of doing CCMP.</para>
+ </callout>
+ </calloutlist>
+
+ <para>The next step is to start
+ <application>hostapd</application>:</para>
+
+ <screen>&prompt.root <userinput>/etc/rc.d/hostapd forcestart</userinput></screen>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput>
+ ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290
+ inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
+ inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
+ ether 00:11:95:c3:0d:ac
+ media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
+ status: associated
+ ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
+ authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen>
+
+ <para>The Access Point is running, the clients can now be
+ associated with it, see <xref
+ linkend="network-wireless-wpa"> for more details. It is
+ possible to see the stations associated with the AP using
+ the <command>ifconfig <replaceable>ath0</replaceable> list
+ sta</command> command.</para>
+ </sect4>
+ </sect3>
+
+ <sect3>
+ <title>WEP Host-based Access Point</title>
+
+ <para>It is not recommended to use WEP for setting up an
+ Access Point since there is no authentication mechanism and
+ it is easily to be cracked. Some legacy wireless cards only
+ support WEP as security protocol, these cards will only
+ allow to set up AP without authentication or encryption or
+ using the WEP protocol.</para>
+
+ <para>The wireless device can now be put into hostap mode and
+ configured with the correct SSID and IP address:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \
+ inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput></screen>
+
+ <itemizedlist>
+ <listitem>
+ <para>The <literal>weptxkey</literal> means which WEP
+ key will be used in the transmission. Here we used the
+ third key (note that the key numbering starts with
+ <literal>1</literal>). This parameter must be specified
+ to really encrypt the data.</para>
+ </listitem>
+
+ <listitem>
+ <para>The <literal>wepkey</literal> means setting the
+ selected WEP key. It should in the format
+ <replaceable>index:key</replaceable>, if the index is
+ not given, key <literal>1</literal> is set. That is
+ to say we need to set the index if we use keys other
+ than the first key.</para>
+ </listitem>
+ </itemizedlist>
+
+ <para>Use again <command>ifconfig</command> to see the status
+ of the <devicename>ath0</devicename> interface:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput>
+ ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+ inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
+ inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
+ ether 00:11:95:c3:0d:ac
+ media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
+ status: associated
+ ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
+ authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen>
+
+ <para>From another wireless machine, it is possible to initiate
+ a scan to find the AP:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput>
+SSID BSSID CHAN RATE S:N INT CAPS
+freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 EPS</screen>
+
+ <para>The client machine found the Access Point and can be
+ associated with it using the correct parameters (key, etc.),
+ see <xref linkend="network-wireless-wep"> for more
+ details.</para>
+ </sect3>
+ </sect2>
+
<sect2>
<title>Troubleshooting</title>
==== //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml#3 (text+ko) ====
@@ -1,74 +1,78 @@
<!--
The FreeBSD Documentation Project
- $FreeBSD: doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml,v 1.2 2006/01/31 01:31:01 vanilla Exp $
- Original revision: 1.376
+ $FreeBSD: doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml,v 1.3 2007/11/24 16:37:17 chinsan Exp $
+ Original revision: 1.402
-->
<chapter id="advanced-networking">
- <title>Advanced Networking</title>
+ <title>ºô¸ô¶i¶¥½m¥\©Ð</title>
<sect1 id="advanced-networking-synopsis">
- <title>Synopsis</title>
+ <title>·§z</title>
- <para>This chapter will cover a number of advanced networking
- topics.</para>
+ <para>¥»³¹±N¤¶²Ð¤@¨Ç¶i¶¥ªººô¸ô³]©w¥DÃD¡C</para>
- <para>After reading this chapter, you will know:</para>
+ <para>Ū§¹³o³¹¡A±z±N¤F¸Ñ¡G</para>
<itemizedlist>
<listitem>
- <para>The basics of gateways and routes.</para>
+ <para>gateway(¹h¹D)¤Î route(¸ô¥Ñ)ªº·§©À¡C</para>
+ </listitem>
+
+ <listitem>
+ <para>¦p¦ó³]©w IEEE 802.11 ¥H¤ÎÂŪÞ(&bluetooth;)³]³Æ¡C</para>
</listitem>
<listitem>
- <para>How to set up IEEE 802.11 and &bluetooth; devices.</para>
+ <para>¦p¦ó¥H FreeBSD §@¬° bridge(¾ô±µ)¡C</para>
</listitem>
<listitem>
- <para>How to make FreeBSD act as a bridge.</para>
+ <para>¦p¦ó¬°µLºÐ¨t²Î³]©wºô¸ô¶}¾÷¡C</para>
</listitem>
<listitem>
- <para>How to set up network booting on a diskless machine.</para>
+ <para>¦p¦ó³]©w NAT(Network Address Translation)¡C</para>
</listitem>
<listitem>
- <para>How to set up network address translation.</para>
+ <para>¦p¦ó³z¹L PLIP ¤è¦¡¨Ó³s±µ¨â¥x¹q¸£¡C</para>
</listitem>
<listitem>
- <para>How to connect two computers via PLIP.</para>
+ <para>¦p¦ó¦b FreeBSD ¤º³]©w IPv6¡C</para>
</listitem>
<listitem>
- <para>How to set up IPv6 on a FreeBSD machine.</para>
+ <para>¦p¦ó³]©w ATM¡C</para>
</listitem>
<listitem>
- <para>How to configure ATM.</para>
+ <para>¦p¦ó¥hµ½¥Î &os; ªº CARP(Common Access Redundancy Protocol)¥\¯à
+ ¡C</para>
</listitem>
</itemizedlist>
- <para>Before reading this chapter, you should:</para>
+ <para>¦b¶}©l¾\Ū³o³¹¤§«e¡A±z»Ýn¡J</para>
<itemizedlist>
<listitem>
- <para>Understand the basics of the <filename>/etc/rc</filename> scripts.</para>
+ <para>ÁA¸Ñ <filename>/etc/rc</filename> ¬ÛÃö script ªº·§©À¡C</para>
</listitem>
<listitem>
- <para>Be familiar with basic network terminology.</para>
+ <para>¼ô±x°ò¥»±`¥Îªººô¸ô³N»y¡C</para>
</listitem>
<listitem>
- <para>Know how to configure and install a new FreeBSD kernel
- (<xref linkend="kernelconfig">).</para>
+ <para>ª¾¹D¦p¦ó³]©w¡B¦w¸Ë·sªº FreeBSD kernel (<xref
+ linkend="kernelconfig">)¡C</para>
</listitem>
<listitem>
- <para>Know how to install additional third-party
- software (<xref linkend="ports">).</para>
+ <para>ª¾¹D¦p¦ó³z¹L port/package ¦w¸Ë³nÅé (<xref linkend="ports">)
+ ¡C</para>
</listitem>
</itemizedlist>
@@ -89,28 +93,25 @@
<indexterm><primary>routing</primary></indexterm>
<indexterm><primary>gateway</primary></indexterm>
<indexterm><primary>subnet</primary></indexterm>
- <para>For one machine to be able to find another over a network,
- there must be a mechanism in place to describe how to get from
- one to the other. This is called
- <firstterm>routing</firstterm>. A <quote>route</quote> is a
- defined pair of addresses: a <quote>destination</quote> and a
- <quote>gateway</quote>. The pair indicates that if you are
- trying to get to this <emphasis>destination</emphasis>,
- communicate through this <emphasis>gateway</emphasis>. There
- are three types of destinations: individual hosts, subnets, and
- <quote>default</quote>. The <quote>default route</quote> is
- used if none of the other routes apply. We will talk a little
- bit more about default routes later on. There are also three
- types of gateways: individual hosts, interfaces (also called
- <quote>links</quote>), and Ethernet hardware addresses (MAC
- addresses).
- </para>
+ <para>¬°¤FÅý¤@³¡¹q¸£¯à§ä¨ì¥t¤@³¡¹q¸£¡A¦]¦¹¥²»Ýn¦³¤@ºØ¾÷¨î¡A
+ Åý³o³¡¹q¸£ª¾¹D¸Ó«ç»ò°µ¡A³oÓ¾÷¨î´N¬O¸ô¥Ñ¿ï¾Ü
+ (<firstterm>routing</firstterm>)¡C
+ ¤@±ø¸ô¥Ñ(<quote>route</quote>)¬O¥Ñ¤@¹ï¦ì§}©Ò©w¸qªº¡G¤@Ó¬O
+ <quote>¥Øªº¦a(destination)</quote>¥H¤Î¥t¤@Ó«h¬O¹h¹D
+ (<quote>gateway</quote>)¡C
+ ³o¹ï¦ì§}ªí¥Ün°e¨ì<emphasis>¥Øªº¦a</emphasis>ªº«Ê¥]¡A
+ ¥²¶·¸g¹L<emphasis>¹h¹D</emphasis>¡C
+ ¥Øªº¦a¤À¬°¤TºØÃþ«¬¡G¥D¾÷¡B¤lºô¸ô(subnet)¡B¹w³]¸ô¥Ñ(
+ <quote>default route</quote>¡C Y³£¨S¦³¨ä¥¦ªº¸ô¥Ñ¥i¥H¨Ï¥Î¡A
+ ³o®É´N·|¨Ï¥Î¹w³]¸ô¥Ñ¡Aµy«á§ÚÌ·|¹ï¹w³]¸ô¥Ñ§@¶i¤@¨Bªº»¡©ú¡C ¦¹¥~¡A
+ ¹h¹D¤]¥i¤À¬°¤TºØÃþ«¬¡G¥D¾÷¡B¶Ç¿é¤¶±(interface¡A¤]ºÙ¬°
+ <quote>links</quote>)¡B¤A¤Óºô¸ôµwÅé¦ì§}(MAC addresses)¡C</para>
<sect2>
- <title>An Example</title>
+ <title>½d¨Ò</title>
- <para>To illustrate different aspects of routing, we will use the
- following example from <command>netstat</command>:</para>
+ <para>¬°¤F¤è«K»¡©ú¤£¦PÃþ«¬ªº¸ô¥Ñ¿ï¾Ü(routing)¡A¥H¤U¨Ï¥Î
+ <command>netstat</command> «ü¥Oªºµ²ªG§@¬°¤¶²Ð½d¨Ò¡G</para>
<screen>&prompt.user; <userinput>netstat -r</userinput>
Routing tables
@@ -659,554 +660,1447 @@
<sect1 id="network-wireless">
<sect1info>
<authorgroup>
- <author>
- <firstname>Eric</firstname>
- <surname>Anderson</surname>
- <contrib>Written by </contrib>
- </author>
+ <author>
+ <othername>Loader</othername>
+ </author>
+
+ <author>
+ <firstname>Marc</firstname>
+ <surname>Fonvieille</surname>
+ </author>
+
+ <author>
+ <firstname>Murray</firstname>
+ <surname>Stokely</surname>
+ </author>
</authorgroup>
</sect1info>
<title>Wireless Networking</title>
- <indexterm><primary>wireless networking</primary></indexterm>
- <indexterm>
- <primary>802.11</primary>
- <see>wireless networking</see>
- </indexterm>
+ <indexterm><primary>wireless networking</primary></indexterm>
+ <indexterm>
+ <primary>802.11</primary>
+ <see>wireless networking</see>
+ </indexterm>
+
+ <sect2>
+ <title>Wireless Networking Basics</title>
+
+ <para>Most wireless networks are based on the IEEE 802.11
+ standards. A basic wireless network consists of multiple
+ stations communicating with radios that broadcast in either
+ the 2.4GHz or 5GHz band (though this varies according to the
+ locale and is also changing to enable communication in the
+ 2.3GHz and 4.9GHz ranges).</para>
+
+ <para>802.11 networks are organized in two ways: in
+ <emphasis>infrastructure mode</emphasis> one station acts as a
+ master with all the other stations associating to it; the
+ network is known as a BSS and the master station is termed an
+ access point (AP). In a BSS all communication passes through
+ the AP; even when one station wants to communicate with
+ another wireless station messages must go through the AP. In
+ the second form of network there is no master and stations
+ communicate directly. This form of network is termed an IBSS
+ and is commonly known as an <emphasis>ad-hoc
+ network</emphasis>.</para>
+
+ <para>802.11 networks were first deployed in the 2.4GHz band
+ using protocols defined by the IEEE 802.11 and 802.11b
+ standard. These specifications include the operating
+ frequencies, MAC layer characteristics including framing and
+ transmission rates (communication can be done at various
+ rates). Later the 802.11a standard defined operation in the
+ 5GHz band, including different signalling mechanisms and
+ higher transmission rates. Still later the 802.11g standard
+ was defined to enable use of 802.11a signalling and
+ transmission mechanisms in the 2.4GHz band in such a way as to
+ be backwards compatible with 802.11b networks.</para>
+
+ <para>Separate from the underlying transmission techniques
+ 802.11 networks have a variety of security mechanisms. The
+ original 802.11 specifications defined a simple security
+ protocol called WEP. This protocol uses a fixed pre-shared key
+ and the RC4 cryptographic cipher to encode data transmitted on
+ a network. Stations must all agree on the fixed key in order
+ to communicate. This scheme was shown to be easily broken and
+ is now rarely used except to discourage transient users from
+ joining networks. Current security practice is given by the
+ IEEE 802.11i specification that defines new cryptographic
+ ciphers and an additional protocol to authenticate stations to
+ an access point and exchange keys for doing data
+ communication. Further, cryptographic keys are periodically
+ refreshed and there are mechanisms for detecting intrusion
+ attempts (and for countering intrusion attempts). Another
+ security protocol specification commonly used in wireless
+ networks is termed WPA. This was a precursor to 802.11i
+ defined by an industry group as an interim measure while
+ waiting for 802.11i to be ratified. WPA specifies a subset of
+ the requirements found in 802.11i and is designed for
+ implementation on legacy hardware. Specifically WPA requires
+ only the TKIP cipher that is derived from the original WEP
+ cipher. 802.11i permits use of TKIP but also requires support
+ for a stronger cipher, AES-CCM, for encrypting data. (The AES
+ cipher was not required in WPA because it was deemed too
+ computationally costly to be implemented on legacy
+ hardware.)</para>
+
+ <para>Other than the above protocol standards the other
+ important standard to be aware of is 802.11e. This defines
+ protocols for deploying multi-media applications such as
+ streaming video and voice over IP (VoIP) in an 802.11 network.
+ Like 802.11i, 802.11e also has a precursor specification
+ termed WME (later renamed WMM) that has been defined by an
+ industry group as a subset of 802.11e that can be deployed now
+ to enable multi-media applications while waiting for the final
+ ratification of 802.11e. The most important thing to know
+ about 802.11e and WME/WMM is that it enables prioritized
+ traffic use of a wireless network through Quality of Service
+ (QoS) protocols and enhanced media access protocols. Proper
+ implementation of these protocols enable high speed bursting
+ of data and prioritized traffic flow.</para>
+
+ <para>Since the 6.0 version, &os; supports networks that operate
+ using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i
+ security protocols are likewise supported (in conjunction with
+ any of 11a, 11b, and 11g) and QoS and traffic prioritization
+ required by the WME/WMM protocols are supported for a limited
+ set of wireless devices.</para>
+ </sect2>
+
+ <sect2 id="network-wireless-basic">
+ <title>Basic Setup</title>
+
+ <sect3>
+ <title>Kernel Configuration</title>
+
+ <para>To use wireless networking you need a wireless
+ networking card and to configure the kernel with the
+ appropriate wireless networking support. The latter is
+ separated into multiple modules so that you only need to
+ configure the software you are actually going to use.</para>
+
+ <para>The first thing you need is a wireless device. The most
+ commonly used devices are those that use parts made by
+ Atheros. These devices are supported by the &man.ath.4;
+ driver and require the following line to be added to the
+ <filename>/boot/loader.conf</filename> file:</para>
+
+ <programlisting>if_ath_load="YES"</programlisting>
+
+ <para>The Atheros driver is split up into three separate
+ pieces: the driver proper (&man.ath.4;), the hardware
+ support layer that handles chip-specific functions
+ (&man.ath.hal.4;), and an algorithm for selecting which of
+ several possible rates for transmitting frames
+ (ath_rate_sample here). When you load this support as
+ modules these dependencies are automatically handled for
+ you. If instead of an Atheros device you had another device
+ you would select the module for that device; e.g.:</para>
+
+ <programlisting>if_wi_load="YES"</programlisting>
+
+ <para>for devices based on the Intersil Prism parts
+ (&man.wi.4; driver).</para>
+
+ <note>
+ <para>In the rest of this document, we will use an
+ &man.ath.4; device, the device name in the examples must
+ be changed according to your configuration. A list of
+ available wireless drivers can be found at the beginning
+ of the &man.wlan.4; manual page. If a native &os; driver
+ for your wireless device does not exist, it may be
+ possible to directly use the &windows; driver with the
+ help of the <link
+ linkend="config-network-ndis">NDIS</link> driver
+ wrapper.</para>
+ </note>
+
+ <para>With a device driver configured you need to also bring
+ in the 802.11 networking support required by the driver.
+ For the &man.ath.4; driver this is at least the &man.wlan.4;
+ module; this module is automatically loaded with the
+ wireless device driver. With that you will need the modules
+ that implement cryptographic support for the security
+ protocols you intend to use. These are intended to be
+ dynamically loaded on demand by the &man.wlan.4; module but
+ for now they must be manually configured. The following
+ modules are available: &man.wlan.wep.4;, &man.wlan.ccmp.4;
+ and &man.wlan.tkip.4;. Both &man.wlan.ccmp.4; and
+ &man.wlan.tkip.4; drivers are only needed if you intend to
+ use the WPA and/or 802.11i security protocols. If your
+ network is to run totally open (i.e., with no encryption)
+ then you do not even need the &man.wlan.wep.4; support. To
+ load these modules at boot time, add the following lines to
+ <filename>/boot/loader.conf</filename>:</para>
+
+ <programlisting>wlan_wep_load="YES"
+wlan_ccmp_load="YES"
+wlan_tkip_load="YES"</programlisting>
+
+ <para>With this information in the system bootstrap
+ configuration file (i.e.,
+ <filename>/boot/loader.conf</filename>), you have to reboot
+ your &os; box. If you do not want to reboot your machine
+ for the moment, you can just load the modules by hand using
+ &man.kldload.8;.</para>
+
+ <note>
+ <para>If you do not want to use modules, it is possible to
+ compile these drivers into the kernel by adding the
+ following lines to your kernel configuration file:</para>
+
+ <programlisting>device ath # Atheros IEEE 802.11 wireless network driver
+device ath_hal # Atheros Hardware Access Layer
+device ath_rate_sample # John Bicket's SampleRate control algorithm.
+device wlan # 802.11 support (Required)
+device wlan_wep # WEP crypto support for 802.11 devices
+device wlan_ccmp # AES-CCMP crypto support for 802.11 devices
+device wlan_tkip # TKIP and Michael crypto support for 802.11 devices</programlisting>
+
+ <para>With this information in the kernel configuration
+ file, recompile the kernel and reboot your &os;
+ machine.</para>
+ </note>
+
+ <para>When the system is up, we could find some information
+ about the wireless device in the boot messages, like
+ this:</para>
+
+ <screen>ath0: <Atheros 5212> mem 0xff9f0000-0xff9fffff irq 17 at device 2.0 on pci2
+ath0: Ethernet address: 00:11:95:d5:43:62
+ath0: mac 7.9 phy 4.5 radio 5.6</screen>
+ </sect3>
+ </sect2>
+
+ <sect2>
+ <title>Infrastructure Mode</title>
+
+ <para>The infrastructure mode or BSS mode is the mode that is
+ typically used. In this mode, a number of wireless access
+ points are connected to a wired network. Each wireless
+ network has its own name, this name is called the SSID of the
+ network. Wireless clients connect to the wireless access
+ points.</para>
+
+ <sect3>
+ <title>&os; Clients</title>
+
+ <sect4>
+ <title>How to Find Access Points</title>
+
+ <para>To scan for networks, use the
+ <command>ifconfig</command> command. This request may
+ take a few moments to complete as it requires that the
+ system switches to each available wireless frequency and
+ probes for available access points. Only the super-user
+ can initiate such a scan:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput>
+SSID BSSID CHAN RATE S:N INT CAPS
+dlinkap 00:13:46:49:41:76 6 54M 29:0 100 EPS WPA WME
+freebsdap 00:11:95:c3:0d:ac 1 54M 22:0 100 EPS WPA</screen>
+
+ <note>
+ <para>You must mark the interface <option>up</option>
+ before you can scan. Subsequent scan requests do not
+ require you to mark the interface up again.</para>
+ </note>
+
+ <para>The output of a scan request lists each BSS/IBSS
+ network found. Beside the name of the network,
+ <literal>SSID</literal>, we find the
+ <literal>BSSID</literal> which is the MAC address of the
+ access point. The <literal>CAPS</literal> field
+ identifies the type of each network and the capabilities
+ of the stations operating there:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><literal>E</literal></term>
+
+ <listitem>
+ <para>Extended Service Set (ESS). Indicates that the
+ station is part of an infrastructure network (in
+ contrast to an IBSS/ad-hoc network).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>I</literal></term>
+
+ <listitem>
+ <para>IBSS/ad-hoc network. Indicates that the station
+ is part of an ad-hoc network (in contrast to an ESS
+ network).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>P</literal></term>
+
+ <listitem>
+ <para>Privacy. Data confidentiality is required for
+ all data frames exchanged within the BSS. This means
+ that this BSS requires the station to use
+ cryptographic means such as WEP, TKIP or AES-CCMP to
+ encrypt/decrypt data frames being exchanged with
+ others.</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>S</literal></term>
+
+ <listitem>
+ <para>Short Preamble. Indicates that the network is
+ using short preambles (defined in 802.11b High
+ Rate/DSSS PHY, short preamble utilizes a 56 bit sync
+ field in contrast to a 128 bit field used in long
+ preamble mode).</para>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><literal>s</literal></term>
+
+ <listitem>
+ <para>Short slot time. Indicates that the 802.11g
+ network is using a short slot time because there are
+ no legacy (802.11b) stations present.</para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>One can also display the current list of known
+ networks with:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> list scan</userinput></screen>
+
+ <para>This information may be updated automatically by the
+ adapter or manually with a <option>scan</option> request.
+ Old data is automatically removed from the cache, so over
+ time this list may shrink unless more scans are
+ done.</para>
+ </sect4>
+
+ <sect4>
+ <title>Basic Settings</title>
+
+ <para>This section provides a simple example of how to make
+ the wireless network adapter work in &os; without
+ encryption. After you are familiar with these concepts,
+ we strongly recommend using <link
+ linkend="network-wireless-wpa">WPA</link> to set up your
+ wireless network.</para>
+
+ <para>There are three basic steps to configure a wireless
+ network: selecting an access point, authenticating your
+ station, and configuring an IP address. The following
+ sections discuss each step.</para>
+
+ <sect5>
+ <title>Selecting an Access Point</title>
+
+ <para>Most of time it is sufficient to let the system
+ choose an access point using the builtin heuristics.
+ This is the default behaviour when you mark an interface
+ up or otherwise configure an interface by listing it in
+ <filename>/etc/rc.conf</filename>, e.g.:</para>
+
+ <programlisting>ifconfig_ath0="DHCP"</programlisting>
+
+ <para>If there are multiple access points and you want to
+ select a specific one, you can select it by its
+ SSID:</para>
+
+ <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting>
+
+ <para>In an environment where there are multiple access
+ points with the same SSID (often done to simplify
+ roaming) it may be necessary to associate to one
+ specific device. In this case you can also specify the
+ BSSID of the access point (you can also leave off the
+ SSID):</para>
+
+ <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</programlisting>
+
+ <para>There are other ways to constrain the choice of an
+ access point such as limiting the set of frequencies the
+ system will scan on. This may be useful if you have a
+ multi-band wireless card as scanning all the possible
+ channels can be time-consuming. To limit operation to a
+ specific band you can use the <option>mode</option>
+ parameter; e.g.:</para>
+
+ <programlisting>ifconfig_ath0="mode <replaceable>11g</replaceable> ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting>
+
+ <para>will force the card to operate in 802.11g which is
+ defined only for 2.4GHz frequencies so any 5GHz channels
+ will not be considered. Other ways to do this are the
+ <option>channel</option> parameter, to lock operation to
+ one specific frequency, and the
+ <option>chanlist</option> parameter, to specify a list
+ of channels for scanning. More information about these
+ parameters can be found in the &man.ifconfig.8; manual
+ page.</para>
+ </sect5>
+
+ <sect5>
+ <title>Authentication</title>
+
+ <para>Once you have selected an access point your station
+ needs to authenticate before it can pass data.
+ Authentication can happen in several ways. The most
+ common scheme used is termed open authentication and
+ allows any station to join the network and communicate.
+ This is the authentication you should use for test
+ purpose the first time you set up a wireless network.
+ Other schemes require cryptographic handshakes be
+ completed before data traffic can flow; either using
+ pre-shared keys or secrets, or more complex schemes that
+ involve backend services such as RADIUS. Most users
+ will use open authentication which is the default
+ setting. Next most common setup is WPA-PSK, also known
+ as WPA Personal, which is described <link
+ linkend="network-wireless-wpa-wpa-psk">below</link>.</para>
+
+ <note>
+ <para>If you have an &apple; &airport; Extreme base
+ station for an access point you may need to configure
+ shared-key authentication together with a WEP key.
+ This can be done in the
+ <filename>/etc/rc.conf</filename> file or using the
+ &man.wpa.supplicant.8; program. If you have a single
+ &airport; base station you can setup access with
+ something like:</para>
+
+ <programlisting>ifconfig_ath0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"</programlisting>
+
+ <para>In general shared key authentication is to be
+ avoided because it uses the WEP key material in a
+ highly-constrained manner making it even easier to
+ crack the key. If WEP must be used (e.g., for
+ compatibility with legacy devices) it is better to use
+ WEP with <literal>open</literal> authentication. More
+ information regarding WEP can be found in the <xref
+ linkend="network-wireless-wep">.</para>
+ </note>
+ </sect5>
+
+ <sect5>
+ <title>Getting an IP Address with DHCP</title>
+
+ <para>Once you have selected an access point and set the
+ authentication parameters, you will have to get an IP
+ address to communicate. Most of time you will obtain
+ your wireless IP address via DHCP. To achieve that,
+ simply edit <filename>/etc/rc.conf</filename> and add
+ <literal>DHCP</literal> to the configuration for your
+ device as shown in various examples above:</para>
+
+ <programlisting>ifconfig_ath0="DHCP"</programlisting>
+
+ <para>At this point, you are ready to bring up the
+ wireless interface:</para>
+
+ <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput></screen>
+
+ <para>Once the interface is running, use
+ <command>ifconfig</command> to see the status of the
+ interface <devicename>ath0</devicename>:</para>
+
+ <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput>
+ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
+ inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
+ inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
+ ether 00:11:95:d5:43:62
+ media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
+ status: associated
+ ssid dlinkap channel 6 bssid 00:13:46:49:41:76
+ authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen>
+
+ <para>The <literal>status: associated</literal> means you
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list