From owner-freebsd-mobile@FreeBSD.ORG  Wed Dec 24 16:07:29 2003
Return-Path: <owner-freebsd-mobile@FreeBSD.ORG>
Delivered-To: freebsd-mobile@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 5BFFF16A4CE; Wed, 24 Dec 2003 16:07:29 -0800 (PST)
Received: from smtp-send.myrealbox.com (smtp-send.myrealbox.com
	[192.108.102.143])	by mx1.FreeBSD.org (Postfix) with ESMTP
	id 6E99843D1F; Wed, 24 Dec 2003 16:07:28 -0800 (PST)
	(envelope-from the_mip_rvl@myrealbox.com)
Received: from the_mip_rvl [145.53.68.203] by myrealbox.com
	with NetMail ModWeb Module; Thu, 25 Dec 2003 01:07:31 +0100
From: "The MiP RvL" <the_mip_rvl@myrealbox.com>
To: freebsd-hackers@freebsd.org
Date: Thu, 25 Dec 2003 01:07:31 +0100
X-Mailer: NetMail ModWeb Module
X-Sender: the_mip_rvl
MIME-Version: 1.0
Message-ID: <1072310851.bd48a4a0the_mip_rvl@myrealbox.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
cc: techniek@lijst.wirelessleiden.nl
cc: freebsd-mobile@freebsd.org
Subject: enhanced security patch for if_wi
X-BeenThere: freebsd-mobile@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Mobile computing with FreeBSD <freebsd-mobile.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>,
	<mailto:freebsd-mobile-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-mobile>
List-Post: <mailto:freebsd-mobile@freebsd.org>
List-Help: <mailto:freebsd-mobile-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-mobile>,
	<mailto:freebsd-mobile-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Dec 2003 00:07:29 -0000

Hello

This is a patch for which a couple of wi-fi fans have been waiting to get :=
) And now it's there, just before Christmas ;)

This patch is against FreeBSD 5.1, I didn't have current installed and 5.0 =
doesn't work in hostap mode with 1.7.4 firmware.
http://wleiden.webweaving.org:8080/svn/node-config/other/enh-sec-patch/

For the enhsec option to work you need a prism 2,2.5,3 with firmware 1.6.3 =
or higher.

To give a small explaination:

It uses a firmware feature: 0xFC43

# wicontrol -i iface -E 0|1|2|3
This sets the WI_RID_CNFENHSECURITY flag.=20
0 =3D "disabled"
1 =3D hide SSID in beacon frames
2 =3D ignore clients with a "ANY" SSID
3 =3D 1 and 2 combined

It blocks clients with a "" or "ANY" ssid
And disables ssid broadcasting.

I checked it today, and it worked,
but please do acknowledge the fact that I haven't been
able to test this function on a real network, with real data going over the=
 link.

I haven't had the time yet to make it work with ifconfig, so until then, us=
e wicontrol.

Regards,

Roland van Laar