Date: Fri, 26 Dec 2003 10:56:31 +0100 From: "Sebastian Yepes F. [ESN]" <esn@x123.info> To: freebsd-hackers@freebsd.org Subject: Re: enhanced security patch for if_wi Message-ID: <20031226105631.22c85008@fire.x123.info> In-Reply-To: <1072310851.bd48a4a0the_mip_rvl@myrealbox.com> References: <1072310851.bd48a4a0the_mip_rvl@myrealbox.com>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Thu, 25 Dec 2003 01:07:31 +0100 "The MiP RvL" <the_mip_rvl@myrealbox.com> wrote: > Hello > > This is a patch for which a couple of wi-fi fans have been waiting to get :) And now it's there, just before Christmas ;) > > This patch is against FreeBSD 5.1, I didn't have current installed and 5.0 doesn't work in hostap mode with 1.7.4 firmware. > http://wleiden.webweaving.org:8080/svn/node-config/other/enh-sec-patch/ > > For the enhsec option to work you need a prism 2,2.5,3 with firmware 1.6.3 or higher. > > To give a small explaination: > > It uses a firmware feature: 0xFC43 > > # wicontrol -i iface -E 0|1|2|3 > This sets the WI_RID_CNFENHSECURITY flag. > 0 = "disabled" > 1 = hide SSID in beacon frames > 2 = ignore clients with a "ANY" SSID > 3 = 1 and 2 combined > > It blocks clients with a "" or "ANY" ssid > And disables ssid broadcasting. > > I checked it today, and it worked, > but please do acknowledge the fact that I haven't been > able to test this function on a real network, with real data going over the link. > > I haven't had the time yet to make it work with ifconfig, so until then, use wicontrol. > > Regards, > > Roland van Laar > hi man nice work.. there are the diff on Current[Tuday], i well try to make this work with the ath drv.. Until next time.. ---- if (Better You Treat Them) { return "Worst You Get Treated"; } I have a dream that one day this nation will rise up and live out the true meaning of its creed.. (Martin Luther King) /* www: http://www.x123.info Contect: FingerPrint: esn aT x123.info 0D42 F870 F650 6B86 CA9E esn aT freshpkgsrc.org E199 A57D 3824 F8AA A934 sebastian.yepes aT hp.com */ [-- Attachment #2 --] --- if_wavelan_ieee.h Fri Jun 27 02:49:04 2003 +++ if_wavelan_ieee.h.p Fri Dec 26 10:17:03 2003 @@ -238,6 +238,7 @@ #define WI_RID_CNFAUTHMODE 0xFC2A #define WI_RID_ROAMING_MODE 0xFC2D #define WI_RID_OWN_BEACON_INT 0xFC33 /* beacon xmit time for BSS creation */ +#define WI_RID_CNFENHSEC 0xFC43 /* firmware 1.6.3 or above needed */ #define WI_RID_CNF_DBM_ADJUST 0xFC46 #define WI_RID_DBM_ADJUST 0xFC46 /* RSSI - WI_RID_DBM_ADJUST ~ dBm */ #define WI_RID_BASIC_RATE 0xFCB3 [-- Attachment #3 --] --- if_wi.c Tue Dec 9 08:41:06 2003 +++ if_wi.c.p Fri Dec 26 10:16:41 2003 @@ -402,6 +402,8 @@ */ if (sc->sc_sta_firmware_ver >= 803) ic->ic_caps |= IEEE80211_C_HOSTAP; + if (sc->sc_sta_firmware_ver >=10603) + sc->sc_flags |= WI_FLAGS_HAS_ENHSEC; sc->sc_ibss_port = htole16(0); sc->sc_min_rssi = WI_PRISM_MIN_RSSI; @@ -705,6 +707,8 @@ wi_write_val(sc, WI_RID_RTS_THRESH, ic->ic_rtsthreshold); if (sc->sc_flags & WI_FLAGS_HAS_FRAGTHR) wi_write_val(sc, WI_RID_FRAG_THRESH, ic->ic_fragthreshold); + if (sc->sc_flags & WI_FLAGS_HAS_ENHSEC) + wi_write_val(sc, WI_RID_CNFENHSEC, sc->sc_enhsec); /* driver specific 802.11 configuration */ if (sc->sc_flags & WI_FLAGS_HAS_SYSSCALE) @@ -1885,6 +1889,16 @@ case WI_RID_TX_RATE: return ieee80211_cfgget(ifp, cmd, data); + case WI_RID_CNFENHSEC: + if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_ENHSEC)) { + error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val, + &len); + break; + } + wreq.wi_val[0] = htole16(sc->sc_enhsec); + len = sizeof(u_int16_t); + break; + case WI_RID_MICROWAVE_OVEN: if (sc->sc_enabled && (sc->sc_flags & WI_FLAGS_HAS_MOR)) { error = wi_read_rid(sc, wreq.wi_type, wreq.wi_val, @@ -2105,6 +2119,7 @@ memcpy(sc->sc_nodename, &wreq.wi_val[1], sc->sc_nodelen); break; + case WI_RID_CNFENHSEC: case WI_RID_MICROWAVE_OVEN: case WI_RID_ROAMING_MODE: case WI_RID_SYSTEM_SCALE: @@ -2121,6 +2136,9 @@ if (wreq.wi_type == WI_RID_FRAG_THRESH && (sc->sc_flags & WI_FLAGS_HAS_FRAGTHR) == 0) break; + if (wreq.wi_type == WI_RID_CNFENHSEC && + (sc->sc_flags & WI_FLAGS_HAS_ENHSEC) == 0) + break; /* FALLTHROUGH */ case WI_RID_RTS_THRESH: case WI_RID_CNFAUTHMODE: @@ -2152,6 +2170,9 @@ break; case WI_RID_MAX_DATALEN: sc->sc_max_datalen = le16toh(wreq.wi_val[0]); + break; + case WI_RID_CNFENHSEC: + sc->sc_enhsec = le16toh(wreq.wi_val[0]); break; } break; [-- Attachment #4 --] --- if_wivar.h Tue Dec 9 08:41:07 2003 +++ if_wivar.h.p Fri Dec 26 10:16:55 2003 @@ -57,6 +57,7 @@ #define WI_RID_P2_CRYPT_KEY3 0xFC27 #define WI_RID_P2_ENCRYPTION 0xFC28 #define WI_RID_ROAMING_MODE 0xFC2D +#define WI_RID_CNFENHSEC 0xFC43 /* firmware 1.6.3 or above needed */ #define WI_RID_CUR_TX_RATE 0xFD44 /* current TX rate */ struct wi_softc { @@ -118,6 +119,7 @@ u_int16_t sc_roaming_mode; u_int16_t sc_microwave_oven; u_int16_t sc_authtype; + u_int16_t sc_enhsec; int sc_nodelen; char sc_nodename[IEEE80211_NWID_LEN]; @@ -193,6 +195,7 @@ #define WI_FLAGS_BUG_AUTOINC 0x0100 #define WI_FLAGS_HAS_FRAGTHR 0x0200 #define WI_FLAGS_HAS_DBMADJUST 0x0400 +#define WI_FLAGS_HAS_ENHSEC 0x0800 struct wi_card_ident { u_int16_t card_id; [-- Attachment #5 --] --- wicontrol.c Mon Sep 29 08:32:11 2003 +++ wicontrol.c.p Fri Dec 26 10:17:20 2003 @@ -54,6 +54,7 @@ #include <net80211/ieee80211_ioctl.h> #include <dev/wi/if_wavelan_ieee.h> #include <dev/wi/if_wireg.h> +#define WI_RID_CNFENHSEC 0xFC43 #include <stdio.h> #include <string.h> @@ -710,6 +711,7 @@ { WI_RID_CARD_ID, WI_HEXWORDS, "Card ID register:\t\t\t" }, { WI_RID_REG_DOMAINS, WI_REGDOMS, "Regulatory Domains:\t\t\t" }, { WI_RID_TEMP_TYPE, WI_WORDS, "Temperature Range:\t\t\t" }, + { WI_RID_CNFENHSEC, WI_WORDS, "Enhanced SSID Security:\t\t\t" }, #ifdef WI_EXTRA_INFO { WI_RID_PRI_SUP_RANGE, WI_WORDS, "PRI Sup Range:\t\t\t\t" }, { WI_RID_CIF_ACT_RANGE, WI_WORDS, "CFI Act Sup Range:\t\t\t" }, @@ -910,6 +912,7 @@ fprintf(stderr, "\t%s -i iface -P 0|1\n", p); fprintf(stderr, "\t%s -i iface -S max sleep duration\n", p); fprintf(stderr, "\t%s -i iface -T 1|2|3|4\n", p); + fprintf(stderr, "\t%s -i iface -E 0|1|2|3\n" ,p); #ifdef WICACHE fprintf(stderr, "\t%s -i iface -Z zero out signal cache\n", p); fprintf(stderr, "\t%s -i iface -C print signal cache\n", p); @@ -1097,7 +1100,7 @@ opterr = 1; while((ch = getopt(argc, argv, - "a:c:d:e:f:hi:k:lm:n:op:q:r:s:t:v:CF:LP:QS:T:Z")) != -1) { + "a:c:d:e:E:f:hi:k:lm:n:op:q:r:s:t:v:CF:LP:QS:T:Z")) != -1) { switch(ch) { case 'Z': #ifdef WICACHE @@ -1133,6 +1136,13 @@ wi_setword(iface, WI_RID_ENCRYPTION, atoi(optarg)); exit(0); break; + case 'E': + if (atoi(optarg) >= 0 && atoi(optarg) <=3) { + wi_setword(iface, WI_RID_CNFENHSEC, atoi(optarg)); + } + else fprintf(stderr, "invalid option\n"); + exit(0); + break; case 'f': dep("f", "channel"); wi_setword(iface, WI_RID_OWN_CHNL, atoi(optarg));help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20031226105631.22c85008>