From owner-freebsd-mobile@FreeBSD.ORG Wed Dec 24 16:07:29 2003 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5BFFF16A4CE; Wed, 24 Dec 2003 16:07:29 -0800 (PST) Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com [192.108.102.143]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6E99843D1F; Wed, 24 Dec 2003 16:07:28 -0800 (PST) (envelope-from the_mip_rvl@myrealbox.com) Received: from the_mip_rvl [145.53.68.203] by myrealbox.com with NetMail ModWeb Module; Thu, 25 Dec 2003 01:07:31 +0100 From: "The MiP RvL" To: freebsd-hackers@freebsd.org Date: Thu, 25 Dec 2003 01:07:31 +0100 X-Mailer: NetMail ModWeb Module X-Sender: the_mip_rvl MIME-Version: 1.0 Message-ID: <1072310851.bd48a4a0the_mip_rvl@myrealbox.com> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable cc: techniek@lijst.wirelessleiden.nl cc: freebsd-mobile@freebsd.org Subject: enhanced security patch for if_wi X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Dec 2003 00:07:29 -0000 Hello This is a patch for which a couple of wi-fi fans have been waiting to get := ) And now it's there, just before Christmas ;) This patch is against FreeBSD 5.1, I didn't have current installed and 5.0 = doesn't work in hostap mode with 1.7.4 firmware. http://wleiden.webweaving.org:8080/svn/node-config/other/enh-sec-patch/ For the enhsec option to work you need a prism 2,2.5,3 with firmware 1.6.3 = or higher. To give a small explaination: It uses a firmware feature: 0xFC43 # wicontrol -i iface -E 0|1|2|3 This sets the WI_RID_CNFENHSECURITY flag.=20 0 =3D "disabled" 1 =3D hide SSID in beacon frames 2 =3D ignore clients with a "ANY" SSID 3 =3D 1 and 2 combined It blocks clients with a "" or "ANY" ssid And disables ssid broadcasting. I checked it today, and it worked, but please do acknowledge the fact that I haven't been able to test this function on a real network, with real data going over the= link. I haven't had the time yet to make it work with ifconfig, so until then, us= e wicontrol. Regards, Roland van Laar