From owner-freebsd-current@FreeBSD.ORG Mon Mar 16 22:17:15 2009 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9BE18106566B for ; Mon, 16 Mar 2009 22:17:15 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from ebb.errno.com (ebb.errno.com [69.12.149.25]) by mx1.freebsd.org (Postfix) with ESMTP id 6DEA08FC0A for ; Mon, 16 Mar 2009 22:17:15 +0000 (UTC) (envelope-from sam@freebsd.org) Received: from trouble.errno.com (trouble.errno.com [10.0.0.248]) (authenticated bits=0) by ebb.errno.com (8.13.6/8.12.6) with ESMTP id n2GMHESZ074657 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 Mar 2009 15:17:15 -0700 (PDT) (envelope-from sam@freebsd.org) Message-ID: <49BECFEA.1090808@freebsd.org> Date: Mon, 16 Mar 2009 15:17:14 -0700 From: Sam Leffler Organization: FreeBSD Project User-Agent: Thunderbird 2.0.0.18 (X11/20081209) MIME-Version: 1.0 To: Doug Barton References: <49BEBB45.7050605@FreeBSD.org> In-Reply-To: <49BEBB45.7050605@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-DCC--Metrics: ebb.errno.com; whitelist Cc: freebsd-current@freebsd.org Subject: Re: Is wpa_supplicant supposed to work with a hidden ssid? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Mar 2009 22:17:15 -0000 Doug Barton wrote: > I spent a pretty long, frustrating evening last night getting > wpa_supplicant working with my Intel 3945abg (wpi) card. I could > connect when the network was open, or using WEP just fine. However it > turned out that I could not connect with WPA unless the AP was showing > the ssid. > > Now hiding ssid is not a show-stopper for me, I just think it's odd > that I can't do it. FWIW, I vaguely recall that the same thing was > true with ath-based cards as well. I still have one somewhere, and I > can double-check this if anyone is interested. > > Now this seems to be related to the fact that we can only use > ap_scan=1 with the wlan module. The description in the example conf > file seems to indicate that setting that option to 2 would do the > trick, but the man page for wpa_supplicant.conf says that we can only > use ap_scan=1. Therefore I'd like to propose the attached patch which > would have saved me a lot of time flailing around with this (since I > assumed that the example conf file had the necessary information). > Since we have svn now, the "pristine" copy of the file will still live > on in the vendor tree, and there is no "expense" to changing things in > contrib like there was with cvs. > > If you use a driver that uses net80211 to handle scanning then hidden ssid is automatically handled for you regardless of the ap_scan setting. For drivers like wpi where scanning is done in firmware you need to coerce wpa_supplicant to ask net80211 to send directed probe request frames that include the ssid of the ap. That used to be done with ap_scan=1 (I believe). If it is not then something is broken and you can identify where the problem is using the normal debug mechanisms--e.g. wlandebug will help you check net80211 operation. FWIW hidden ssid is useless as a security mechanism; about as effective as mac address filtering. Sam