Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 16 Mar 2022 23:33:30 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: 4f75af31a86f - main - wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping
Message-ID:  <202203162333.22GNXUtx047163@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=4f75af31a86ff71780f48a5b99cf814f61d77eae

commit 4f75af31a86ff71780f48a5b99cf814f61d77eae
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-03-16 02:18:01 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-03-16 23:33:16 +0000

    wpa_supplicant.conf.5: add note about scan_ssid=1 eavesdropping
    
    When scan_ssid=1 the list of configured SSIDs is available to
    eavesdroppers.  Note this in the man page.
    
    PR:             194122
    Reviewed by:    debdrup, Pau Amma
    MFC after:      1 week
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D34576
---
 usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5 b/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
index a2032c53bc6e..c22d3aa5da68 100644
--- a/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
+++ b/usr.sbin/wpa/wpa_supplicant/wpa_supplicant.conf.5
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd March 26, 2018
+.Dd March 16, 2022
 .Dt WPA_SUPPLICANT.CONF 5
 .Os
 .Sh NAME
@@ -133,11 +133,12 @@ An
 or hex string enclosed in quotation marks.
 .It Va scan_ssid
 SSID scan technique; 0 (default) or 1.
-Technique 0 scans for the SSID using a broadcast Probe Request
-frame while 1 uses a directed Probe Request frame.
-Access points that cloak themselves by not broadcasting their SSID
-require technique 1, but beware that this scheme can cause scanning
-to take longer to complete.
+Technique 0 scans for the SSID using a broadcast Probe Request frame.
+Technique 1 uses directed Probe Request frames, sent to each configured SSID.
+Access points that cloak themselves by not broadcasting their SSID require
+technique 1.
+Beware that this technique can cause scanning to take longer to complete,
+and exposes the list of configured network SSIDs to eavesdroppers.
 .It Va bssid
 Network BSSID (typically the MAC address of the access point).
 .It Va priority

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202203162333.22GNXUtx047163>