Date: Wed, 16 Feb 2005 08:36:38 -0800 From: Brooks Davis <brooks@one-eyed-alien.net> To: Yamamoto Shigeru <shigeru@iij.ad.jp> Cc: ports@freebsd.org Subject: Re: update patch of security/wpa_supplicant, from 0.3.0 to 0.3.8 Message-ID: <20050216163638.GA29910@odin.ac.hmc.edu> In-Reply-To: <20050216.195034.21935248.shigeru@iij.ad.jp> References: <20050216.115303.39149829.shigeru@iij.ad.jp> <20050216071340.GB18826@odin.ac.hmc.edu> <20050216.195034.21935248.shigeru@iij.ad.jp>
next in thread | previous in thread | raw e-mail | index | archive | help
--tThc/1wpZn/ma/RB Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Feb 16, 2005 at 07:50:34PM +0900, Yamamoto Shigeru wrote: >=20 > >>>>> "Brooks" =3D=3D Brooks Davis <brooks@one-eyed-alien.net> writes: > Brooks> Thanks for you submission. I've committed these parts along with > Brooks> some fixes. >=20 > Thank you. >=20 > >> - install start/stop script > Brooks> I did not commit this because I believe this is the wrong way to > Brooks> integrate wpa_supplication. The integration needs to take place = in > Brooks> /etc/rc.d/netif so wpa supplicant is started on interfaces when t= hey > Brooks> arrive, not at boot since they may not exist until arbitrarily > Brooks> later. >=20 > I think it is better to separate wpa_supplicant start/stop script from ne= tif > script. > Because, we sometimes need to restart wpa_supplicant when changing WEP ke= y. >=20 > In our company, in which we can't use WPA, WEP key is sometimes changed to > be more secure. > In this case, we need restarting wpa_supplicant to change WEP key. >=20 > I think it is populer to change WEP key frequently in none-WPA/802.11i > environment. > So, it is useful to separate wpa_supplicant start/stop script from netif > script. OK that makes sense. However, the script needs to be in /etc/rc.d and run before dhclient to keep things happy at startup. Want to give this a shot, probably using a script similar to /etc/rc.d/dhclient? The ability to specify interfaces to take action on at the command line of the script is very useful. If you write one that allows the path to wpa_supplicant and any config files (and I do believe we should support one per interface) to be specified we can point the default to /usr/local for now and then change them when we bring wpa_supplicant in to the tree. I'd be happy to get rc support in before wpa_supplicant so we can do more testing before doing an import. -- Brooks --=20 Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4 --tThc/1wpZn/ma/RB Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFCE3aWXY6L6fI4GtQRAlk8AJ45hfs+h9nMMzdqsH+ijbJbutRCsACePaPI xtzTqLkRLM+43gWCeDQAJZE= =AdCg -----END PGP SIGNATURE----- --tThc/1wpZn/ma/RB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050216163638.GA29910>