Date: Sat, 24 Nov 2007 22:32:37 GMT From: John Birrell <jb@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 129471 for review Message-ID: <200711242232.lAOMWb71084574@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=129471 Change 129471 by jb@jb_freebsd1 on 2007/11/24 22:31:49 IFC Affected files ... .. //depot/projects/dtrace/doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml#11 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml#3 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/basics/chapter.sgml#5 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/config/chapter.sgml#5 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/firewalls/chapter.sgml#5 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/introduction/chapter.sgml#7 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/mail/chapter.sgml#3 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/printing/chapter.sgml#3 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/users/chapter.sgml#3 integrate .. //depot/projects/dtrace/doc/zh_TW.Big5/books/porters-handbook/book.sgml#10 integrate .. //depot/projects/dtrace/src/contrib/binutils/opcodes/ppc-dis.c#4 integrate .. //depot/projects/dtrace/src/etc/periodic/security/100.chksetuid#4 integrate .. //depot/projects/dtrace/src/lib/libc/sparc64/fpu/fpu_explode.c#5 integrate .. //depot/projects/dtrace/src/lib/libdisk/libdisk.3#5 integrate .. //depot/projects/dtrace/src/lib/libelf/elf.3#9 integrate .. //depot/projects/dtrace/src/lib/libelf/libelf_data.c#8 integrate .. //depot/projects/dtrace/src/lib/libpmc/Makefile#4 integrate .. //depot/projects/dtrace/src/lib/libpmc/pmc_allocate.3#1 branch .. //depot/projects/dtrace/src/lib/libpmc/pmc_disable.3#1 branch .. //depot/projects/dtrace/src/lib/libpmc/pmc_event_names_of_class.3#1 branch .. //depot/projects/dtrace/src/lib/libpmc/pmc_name_of_capability.3#1 branch .. //depot/projects/dtrace/src/lib/libthr/thread/thr_sem.c#7 integrate .. //depot/projects/dtrace/src/libexec/tftpd/Makefile#4 integrate .. //depot/projects/dtrace/src/libexec/tftpd/tftpd.8#7 integrate .. //depot/projects/dtrace/src/libexec/tftpd/tftpd.c#4 integrate .. //depot/projects/dtrace/src/sbin/geom/class/nop/gnop.8#5 integrate .. //depot/projects/dtrace/src/share/man/man4/hwpmc.4#8 integrate .. //depot/projects/dtrace/src/sys/amd64/amd64/genassym.c#8 integrate .. //depot/projects/dtrace/src/sys/dev/aac/aac_debug.c#4 integrate .. //depot/projects/dtrace/src/sys/dev/ata/ata-chipset.c#20 integrate .. //depot/projects/dtrace/src/sys/dev/ata/ata-disk.c#8 integrate .. //depot/projects/dtrace/src/sys/dev/usb/if_zyd.c#6 integrate .. //depot/projects/dtrace/src/sys/dev/usb/usbdevs#20 integrate .. //depot/projects/dtrace/src/sys/i386/i386/genassym.c#10 integrate .. //depot/projects/dtrace/src/sys/kern/kern_lock.c#11 integrate .. //depot/projects/dtrace/src/sys/kern/subr_witness.c#12 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211.c#9 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211.h#9 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_ht.c#4 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_node.c#8 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_output.c#11 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_proto.c#8 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_scan_sta.c#4 integrate .. //depot/projects/dtrace/src/sys/net80211/ieee80211_var.h#9 integrate .. //depot/projects/dtrace/src/sys/netinet/libalias/alias_util.c#6 integrate .. //depot/projects/dtrace/src/sys/netinet/tcp_subr.c#17 integrate .. //depot/projects/dtrace/src/sys/sys/lockmgr.h#8 integrate .. //depot/projects/dtrace/src/sys/vm/vm_pageout.c#8 integrate .. //depot/projects/dtrace/www/share/sgml/events.xml#13 integrate .. //depot/projects/dtrace/www/share/sgml/navibar.ent#6 integrate Differences ... ==== //depot/projects/dtrace/doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml#11 (text+ko) ==== @@ -1,7 +1,7 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.400 2007/09/12 11:47:33 murray Exp $ + $FreeBSD: doc/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.sgml,v 1.402 2007/11/24 14:10:49 remko Exp $ --> <chapter id="advanced-networking"> @@ -1739,6 +1739,305 @@ ready to exchange informations.</para> </sect2> + <sect2 id="network-wireless-ap"> + <title>&os; Host Access Points</title> + + <para>&os; can act as an Access Point (AP) which eliminates the + need to buy a hardware AP or run an ad-hoc network. This can be + particularly useful when your &os; machine is acting as a + gateway to another network (e.g., the Internet).</para> + + <sect3 id="network-wireless-ap-basic"> + <title>Basic Settings</title> + + <para>Before configuring your &os; machine as an AP, the + kernel must be configured with the appropriate wireless + networking support for your wireless card. You also have to + add the support for the security protocols you intend to + use. For more details, see <xref + linkend="network-wireless-basic">.</para> + + <note> + <para>The use of the NDIS driver wrapper and the &windows; + drivers do not allow currently the AP operation. Only + native &os; wireless drivers support AP mode.</para> + </note> + + <para>Once the wireless networking support is loaded, you can + check if your wireless device supports the host-based access + point mode (also know as hostap mode):</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> list caps</userinput> +ath0=783ed0f<WEP,TKIP,AES,AES_CCM,IBSS,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,TKIPMIC,WPA1,WPA2,BURST,WME></screen> + + <para>This output displays the card capabilities; the + <literal>HOSTAP</literal> word confirms this wireless card + can act as an Access Point. Various supported ciphers are + also mentioned: WEP, TKIP, WPA2, etc., these informations + are important to know what security protocols could be set + on the Access Point.</para> + + <para>The wireless device can now be put into hostap mode and + configured with the correct SSID and IP address:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap</userinput> inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></screen> + + <para>Use again <command>ifconfig</command> to see the status + of the <devicename>ath0</devicename> interface:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput> + ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 + inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 + ether 00:11:95:c3:0d:ac + media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> + status: associated + ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac + authmode OPEN privacy OFF txpowmax 38 bmiss 7 protmode CTS burst dtimperiod 1 bintval 100</screen> + + <para>The <literal>hostap</literal> parameter indicates the + interface is running in the host-based access point + mode.</para> + + <para>The interface configuration can be done automatically at + boot time by adding the following line to + <filename>/etc/rc.conf</filename>:</para> + + <programlisting>ifconfig_ath0="ssid <replaceable>freebsdap</replaceable> mode 11g mediaopt hostap inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable>"</programlisting> + </sect3> + + <sect3> + <title>Host-based Access Point without Authentication or + Encryption</title> + + <para>Although it is not recommended to run an AP without any + authentication or encryption, this is a simple way to check + if your AP is working. This configuration is also important + for debugging client issues.</para> + + <para>Once the AP configured as previously shown, it is + possible from another wireless machine to initiate a scan to + find the AP:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput> +SSID BSSID CHAN RATE S:N INT CAPS +freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 ES</screen> + + <para>The client machine found the Access Point and can be + associated with it:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> inet <replaceable>192.168.0.2</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput> +&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput> + ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 + inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255 + ether 00:11:95:d5:43:62 + media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) + status: associated + ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac + authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> + </sect3> + + <sect3> + <title>WPA Host-based Access Point</title> + + <para>This section will focus on setting up &os; Access Point + using the WPA security protocol. More details regarding WPA + and the configuration of WPA-based wireless clients can be + found in the <xref linkend="network-wireless-wpa">.</para> + + <para>The <application>hostapd</application> daemon is used to + deal with client authentication and keys management on the + WPA enabled Access Point.</para> + + <para>In the following, all the configuration operations will + be performed on the &os; machine acting as AP. Once the + AP is correctly working, <application>hostapd</application> + should be automatically enabled at boot with the following + line in <filename>/etc/rc.conf</filename>:</para> + + <programlisting>hostapd_enable="YES"</programlisting> + + <para>Before trying to configure + <application>hostapd</application>, be sure you have done + the basic settings introduced in the <xref + linkend="network-wireless-ap-basic">.</para> + + <sect4> + <title>WPA-PSK</title> + + <para>WPA-PSK is intended for small networks where the use + of an backend authentication server is not possible or + desired.</para> + + <para>The configuration is done in the + <filename>/etc/hostapd.conf</filename> file:</para> + + <programlisting>interface=ath0 <co id="co-ap-wpapsk-iface"> +debug=1 <co id="co-ap-wpapsk-dbug"> +ctrl_interface=/var/run/hostapd <co id="co-ap-wpapsk-ciface"> +ctrl_interface_group=wheel <co id="co-ap-wpapsk-cifacegrp"> +ssid=freebsdap <co id="co-ap-wpapsk-ssid"> +wpa=1 <co id="co-ap-wpapsk-wpa"> +wpa_passphrase=freebsdmall <co id="co-ap-wpapsk-pass"> +wpa_key_mgmt=WPA-PSK <co id="co-ap-wpapsk-kmgmt"> +wpa_pairwise=CCMP TKIP <co id="co-ap-wpapsk-pwise"></programlisting> + + <calloutlist> + <callout arearefs="co-ap-wpapsk-iface"> + <para>This field indicates the wireless interface used + for the Access Point.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-dbug"> + <para>This field sets the level of verbosity during the + execution of <application>hostapd</application>. A + value of <literal>1</literal> represents the minimal + level.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-ciface"> + <para>The <literal>ctrl_interface</literal> field gives + the pathname of the directory used by + <application>hostapd</application> to stores its + domain socket files for the communication with + external programs such as &man.hostapd.cli.8;. The + default value is used here.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-cifacegrp"> + <para>The <literal>ctrl_interface_group</literal> line + sets the group (here, it is the + <groupname>wheel</groupname> group) allowed to access + to the control interface files.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-ssid"> + <para>This field sets the network name.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-wpa"> + <para>The <literal>wpa</literal> field enables WPA and + specifies which WPA authentication protocol will be + required. A value of <literal>1</literal> configures the + AP for WPA-PSK.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-pass"> + <para>The <literal>wpa_passphrase</literal> field + contains the ASCII passphrase for the WPA + authentication.</para> + + <warning> + <para>Always use strong passwords that are + sufficiently long and made from a rich alphabet so + they will not be guessed and/or attacked.</para> + </warning> + </callout> + + <callout arearefs="co-ap-wpapsk-kmgmt"> + <para>The <literal>wpa_key_mgmt</literal> line refers to + the key management protocol we use. In our case it is + WPA-PSK.</para> + </callout> + + <callout arearefs="co-ap-wpapsk-pwise"> + <para>The <literal>wpa_pairwise</literal> field + indicates the set of accepted encryption algorithms by + the Access Point. Here both TKIP (WPA) and CCMP + (WPA2) ciphers are accepted. CCMP cipher is an + alternative to TKIP and that is strongly preferred + when possible; TKIP should be used solely for stations + incapable of doing CCMP.</para> + </callout> + </calloutlist> + + <para>The next step is to start + <application>hostapd</application>:</para> + + <screen>&prompt.root <userinput>/etc/rc.d/hostapd forcestart</userinput></screen> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput> + ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2290 + inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 + inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 + ether 00:11:95:c3:0d:ac + media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> + status: associated + ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac + authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> + + <para>The Access Point is running, the clients can now be + associated with it, see <xref + linkend="network-wireless-wpa"> for more details. It is + possible to see the stations associated with the AP using + the <command>ifconfig <replaceable>ath0</replaceable> list + sta</command> command.</para> + </sect4> + </sect3> + + <sect3> + <title>WEP Host-based Access Point</title> + + <para>It is not recommended to use WEP for setting up an + Access Point since there is no authentication mechanism and + it is easily to be cracked. Some legacy wireless cards only + support WEP as security protocol, these cards will only + allow to set up AP without authentication or encryption or + using the WEP protocol.</para> + + <para>The wireless device can now be put into hostap mode and + configured with the correct SSID and IP address:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> ssid <replaceable>freebsdap</replaceable> wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap \ + inet <replaceable>192.168.0.1</replaceable> netmask <replaceable>255.255.255.0</replaceable></userinput></screen> + + <itemizedlist> + <listitem> + <para>The <literal>weptxkey</literal> means which WEP + key will be used in the transmission. Here we used the + third key (note that the key numbering starts with + <literal>1</literal>). This parameter must be specified + to really encrypt the data.</para> + </listitem> + + <listitem> + <para>The <literal>wepkey</literal> means setting the + selected WEP key. It should in the format + <replaceable>index:key</replaceable>, if the index is + not given, key <literal>1</literal> is set. That is + to say we need to set the index if we use keys other + than the first key.</para> + </listitem> + </itemizedlist> + + <para>Use again <command>ifconfig</command> to see the status + of the <devicename>ath0</devicename> interface:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput> + ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255 + inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4 + ether 00:11:95:c3:0d:ac + media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> + status: associated + ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac + authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36 protmode CTS dtimperiod 1 bintval 100</screen> + + <para>From another wireless machine, it is possible to initiate + a scan to find the AP:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput> +SSID BSSID CHAN RATE S:N INT CAPS +freebsdap 00:11:95:c3:0d:ac 1 54M 22:1 100 EPS</screen> + + <para>The client machine found the Access Point and can be + associated with it using the correct parameters (key, etc.), + see <xref linkend="network-wireless-wep"> for more + details.</para> + </sect3> + </sect2> + <sect2> <title>Troubleshooting</title> ==== //depot/projects/dtrace/doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml#3 (text+ko) ==== @@ -1,74 +1,78 @@ <!-- The FreeBSD Documentation Project - $FreeBSD: doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml,v 1.2 2006/01/31 01:31:01 vanilla Exp $ - Original revision: 1.376 + $FreeBSD: doc/zh_TW.Big5/books/handbook/advanced-networking/chapter.sgml,v 1.3 2007/11/24 16:37:17 chinsan Exp $ + Original revision: 1.402 --> <chapter id="advanced-networking"> - <title>Advanced Networking</title> + <title>網路進階練功房</title> <sect1 id="advanced-networking-synopsis"> - <title>Synopsis</title> + <title>概述</title> - <para>This chapter will cover a number of advanced networking - topics.</para> + <para>本章將介紹一些進階的網路設定主題。</para> - <para>After reading this chapter, you will know:</para> + <para>讀完這章,您將了解:</para> <itemizedlist> <listitem> - <para>The basics of gateways and routes.</para> + <para>gateway(閘道)及 route(路由)的概念。</para> + </listitem> + + <listitem> + <para>如何設定 IEEE 802.11 以及藍芽(&bluetooth;)設備。</para> </listitem> <listitem> - <para>How to set up IEEE 802.11 and &bluetooth; devices.</para> + <para>如何以 FreeBSD 作為 bridge(橋接)。</para> </listitem> <listitem> - <para>How to make FreeBSD act as a bridge.</para> + <para>如何為無碟系統設定網路開機。</para> </listitem> <listitem> - <para>How to set up network booting on a diskless machine.</para> + <para>如何設定 NAT(Network Address Translation)。</para> </listitem> <listitem> - <para>How to set up network address translation.</para> + <para>如何透過 PLIP 方式來連接兩台電腦。</para> </listitem> <listitem> - <para>How to connect two computers via PLIP.</para> + <para>如何在 FreeBSD 內設定 IPv6。</para> </listitem> <listitem> - <para>How to set up IPv6 on a FreeBSD machine.</para> + <para>如何設定 ATM。</para> </listitem> <listitem> - <para>How to configure ATM.</para> + <para>如何去善用 &os; 的 CARP(Common Access Redundancy Protocol)功能 + 。</para> </listitem> </itemizedlist> - <para>Before reading this chapter, you should:</para> + <para>在開始閱讀這章之前,您需要︰</para> <itemizedlist> <listitem> - <para>Understand the basics of the <filename>/etc/rc</filename> scripts.</para> + <para>瞭解 <filename>/etc/rc</filename> 相關 script 的概念。</para> </listitem> <listitem> - <para>Be familiar with basic network terminology.</para> + <para>熟悉基本常用的網路術語。</para> </listitem> <listitem> - <para>Know how to configure and install a new FreeBSD kernel - (<xref linkend="kernelconfig">).</para> + <para>知道如何設定、安裝新的 FreeBSD kernel (<xref + linkend="kernelconfig">)。</para> </listitem> <listitem> - <para>Know how to install additional third-party - software (<xref linkend="ports">).</para> + <para>知道如何透過 port/package 安裝軟體 (<xref linkend="ports">) + 。</para> </listitem> </itemizedlist> @@ -89,28 +93,25 @@ <indexterm><primary>routing</primary></indexterm> <indexterm><primary>gateway</primary></indexterm> <indexterm><primary>subnet</primary></indexterm> - <para>For one machine to be able to find another over a network, - there must be a mechanism in place to describe how to get from - one to the other. This is called - <firstterm>routing</firstterm>. A <quote>route</quote> is a - defined pair of addresses: a <quote>destination</quote> and a - <quote>gateway</quote>. The pair indicates that if you are - trying to get to this <emphasis>destination</emphasis>, - communicate through this <emphasis>gateway</emphasis>. There - are three types of destinations: individual hosts, subnets, and - <quote>default</quote>. The <quote>default route</quote> is - used if none of the other routes apply. We will talk a little - bit more about default routes later on. There are also three - types of gateways: individual hosts, interfaces (also called - <quote>links</quote>), and Ethernet hardware addresses (MAC - addresses). - </para> + <para>為了讓一部電腦能找到另一部電腦,因此必需要有一種機制, + 讓這部電腦知道該怎麼做,這個機制就是路由選擇 + (<firstterm>routing</firstterm>)。 + 一條路由(<quote>route</quote>)是由一對位址所定義的:一個是 + <quote>目的地(destination)</quote>以及另一個則是閘道 + (<quote>gateway</quote>)。 + 這對位址表示要送到<emphasis>目的地</emphasis>的封包, + 必須經過<emphasis>閘道</emphasis>。 + 目的地分為三種類型:主機、子網路(subnet)、預設路由( + <quote>default route</quote>。 若都沒有其它的路由可以使用, + 這時就會使用預設路由,稍後我們會對預設路由作進一步的說明。 此外, + 閘道也可分為三種類型:主機、傳輸介面(interface,也稱為 + <quote>links</quote>)、乙太網路硬體位址(MAC addresses)。</para> <sect2> - <title>An Example</title> + <title>範例</title> - <para>To illustrate different aspects of routing, we will use the - following example from <command>netstat</command>:</para> + <para>為了方便說明不同類型的路由選擇(routing),以下使用 + <command>netstat</command> 指令的結果作為介紹範例:</para> <screen>&prompt.user; <userinput>netstat -r</userinput> Routing tables @@ -659,554 +660,1447 @@ <sect1 id="network-wireless"> <sect1info> <authorgroup> - <author> - <firstname>Eric</firstname> - <surname>Anderson</surname> - <contrib>Written by </contrib> - </author> + <author> + <othername>Loader</othername> + </author> + + <author> + <firstname>Marc</firstname> + <surname>Fonvieille</surname> + </author> + + <author> + <firstname>Murray</firstname> + <surname>Stokely</surname> + </author> </authorgroup> </sect1info> <title>Wireless Networking</title> - <indexterm><primary>wireless networking</primary></indexterm> - <indexterm> - <primary>802.11</primary> - <see>wireless networking</see> - </indexterm> + <indexterm><primary>wireless networking</primary></indexterm> + <indexterm> + <primary>802.11</primary> + <see>wireless networking</see> + </indexterm> + + <sect2> + <title>Wireless Networking Basics</title> + + <para>Most wireless networks are based on the IEEE 802.11 + standards. A basic wireless network consists of multiple + stations communicating with radios that broadcast in either + the 2.4GHz or 5GHz band (though this varies according to the + locale and is also changing to enable communication in the + 2.3GHz and 4.9GHz ranges).</para> + + <para>802.11 networks are organized in two ways: in + <emphasis>infrastructure mode</emphasis> one station acts as a + master with all the other stations associating to it; the + network is known as a BSS and the master station is termed an + access point (AP). In a BSS all communication passes through + the AP; even when one station wants to communicate with + another wireless station messages must go through the AP. In + the second form of network there is no master and stations + communicate directly. This form of network is termed an IBSS + and is commonly known as an <emphasis>ad-hoc + network</emphasis>.</para> + + <para>802.11 networks were first deployed in the 2.4GHz band + using protocols defined by the IEEE 802.11 and 802.11b + standard. These specifications include the operating + frequencies, MAC layer characteristics including framing and + transmission rates (communication can be done at various + rates). Later the 802.11a standard defined operation in the + 5GHz band, including different signalling mechanisms and + higher transmission rates. Still later the 802.11g standard + was defined to enable use of 802.11a signalling and + transmission mechanisms in the 2.4GHz band in such a way as to + be backwards compatible with 802.11b networks.</para> + + <para>Separate from the underlying transmission techniques + 802.11 networks have a variety of security mechanisms. The + original 802.11 specifications defined a simple security + protocol called WEP. This protocol uses a fixed pre-shared key + and the RC4 cryptographic cipher to encode data transmitted on + a network. Stations must all agree on the fixed key in order + to communicate. This scheme was shown to be easily broken and + is now rarely used except to discourage transient users from + joining networks. Current security practice is given by the + IEEE 802.11i specification that defines new cryptographic + ciphers and an additional protocol to authenticate stations to + an access point and exchange keys for doing data + communication. Further, cryptographic keys are periodically + refreshed and there are mechanisms for detecting intrusion + attempts (and for countering intrusion attempts). Another + security protocol specification commonly used in wireless + networks is termed WPA. This was a precursor to 802.11i + defined by an industry group as an interim measure while + waiting for 802.11i to be ratified. WPA specifies a subset of + the requirements found in 802.11i and is designed for + implementation on legacy hardware. Specifically WPA requires + only the TKIP cipher that is derived from the original WEP + cipher. 802.11i permits use of TKIP but also requires support + for a stronger cipher, AES-CCM, for encrypting data. (The AES + cipher was not required in WPA because it was deemed too + computationally costly to be implemented on legacy + hardware.)</para> + + <para>Other than the above protocol standards the other + important standard to be aware of is 802.11e. This defines + protocols for deploying multi-media applications such as + streaming video and voice over IP (VoIP) in an 802.11 network. + Like 802.11i, 802.11e also has a precursor specification + termed WME (later renamed WMM) that has been defined by an + industry group as a subset of 802.11e that can be deployed now + to enable multi-media applications while waiting for the final + ratification of 802.11e. The most important thing to know + about 802.11e and WME/WMM is that it enables prioritized + traffic use of a wireless network through Quality of Service + (QoS) protocols and enhanced media access protocols. Proper + implementation of these protocols enable high speed bursting + of data and prioritized traffic flow.</para> + + <para>Since the 6.0 version, &os; supports networks that operate + using 802.11a, 802.11b, and 802.11g. The WPA and 802.11i + security protocols are likewise supported (in conjunction with + any of 11a, 11b, and 11g) and QoS and traffic prioritization + required by the WME/WMM protocols are supported for a limited + set of wireless devices.</para> + </sect2> + + <sect2 id="network-wireless-basic"> + <title>Basic Setup</title> + + <sect3> + <title>Kernel Configuration</title> + + <para>To use wireless networking you need a wireless + networking card and to configure the kernel with the + appropriate wireless networking support. The latter is + separated into multiple modules so that you only need to + configure the software you are actually going to use.</para> + + <para>The first thing you need is a wireless device. The most + commonly used devices are those that use parts made by + Atheros. These devices are supported by the &man.ath.4; + driver and require the following line to be added to the + <filename>/boot/loader.conf</filename> file:</para> + + <programlisting>if_ath_load="YES"</programlisting> + + <para>The Atheros driver is split up into three separate + pieces: the driver proper (&man.ath.4;), the hardware + support layer that handles chip-specific functions + (&man.ath.hal.4;), and an algorithm for selecting which of + several possible rates for transmitting frames + (ath_rate_sample here). When you load this support as + modules these dependencies are automatically handled for + you. If instead of an Atheros device you had another device + you would select the module for that device; e.g.:</para> + + <programlisting>if_wi_load="YES"</programlisting> + + <para>for devices based on the Intersil Prism parts + (&man.wi.4; driver).</para> + + <note> + <para>In the rest of this document, we will use an + &man.ath.4; device, the device name in the examples must + be changed according to your configuration. A list of + available wireless drivers can be found at the beginning + of the &man.wlan.4; manual page. If a native &os; driver + for your wireless device does not exist, it may be + possible to directly use the &windows; driver with the + help of the <link + linkend="config-network-ndis">NDIS</link> driver + wrapper.</para> + </note> + + <para>With a device driver configured you need to also bring + in the 802.11 networking support required by the driver. + For the &man.ath.4; driver this is at least the &man.wlan.4; + module; this module is automatically loaded with the + wireless device driver. With that you will need the modules + that implement cryptographic support for the security + protocols you intend to use. These are intended to be + dynamically loaded on demand by the &man.wlan.4; module but + for now they must be manually configured. The following + modules are available: &man.wlan.wep.4;, &man.wlan.ccmp.4; + and &man.wlan.tkip.4;. Both &man.wlan.ccmp.4; and + &man.wlan.tkip.4; drivers are only needed if you intend to + use the WPA and/or 802.11i security protocols. If your + network is to run totally open (i.e., with no encryption) + then you do not even need the &man.wlan.wep.4; support. To + load these modules at boot time, add the following lines to + <filename>/boot/loader.conf</filename>:</para> + + <programlisting>wlan_wep_load="YES" +wlan_ccmp_load="YES" +wlan_tkip_load="YES"</programlisting> + + <para>With this information in the system bootstrap + configuration file (i.e., + <filename>/boot/loader.conf</filename>), you have to reboot + your &os; box. If you do not want to reboot your machine + for the moment, you can just load the modules by hand using + &man.kldload.8;.</para> + + <note> + <para>If you do not want to use modules, it is possible to + compile these drivers into the kernel by adding the + following lines to your kernel configuration file:</para> + + <programlisting>device ath # Atheros IEEE 802.11 wireless network driver +device ath_hal # Atheros Hardware Access Layer +device ath_rate_sample # John Bicket's SampleRate control algorithm. +device wlan # 802.11 support (Required) +device wlan_wep # WEP crypto support for 802.11 devices +device wlan_ccmp # AES-CCMP crypto support for 802.11 devices +device wlan_tkip # TKIP and Michael crypto support for 802.11 devices</programlisting> + + <para>With this information in the kernel configuration + file, recompile the kernel and reboot your &os; + machine.</para> + </note> + + <para>When the system is up, we could find some information + about the wireless device in the boot messages, like + this:</para> + + <screen>ath0: <Atheros 5212> mem 0xff9f0000-0xff9fffff irq 17 at device 2.0 on pci2 +ath0: Ethernet address: 00:11:95:d5:43:62 +ath0: mac 7.9 phy 4.5 radio 5.6</screen> + </sect3> + </sect2> + + <sect2> + <title>Infrastructure Mode</title> + + <para>The infrastructure mode or BSS mode is the mode that is + typically used. In this mode, a number of wireless access + points are connected to a wired network. Each wireless + network has its own name, this name is called the SSID of the + network. Wireless clients connect to the wireless access + points.</para> + + <sect3> + <title>&os; Clients</title> + + <sect4> + <title>How to Find Access Points</title> + + <para>To scan for networks, use the + <command>ifconfig</command> command. This request may + take a few moments to complete as it requires that the + system switches to each available wireless frequency and + probes for available access points. Only the super-user + can initiate such a scan:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> up scan</userinput> +SSID BSSID CHAN RATE S:N INT CAPS +dlinkap 00:13:46:49:41:76 6 54M 29:0 100 EPS WPA WME +freebsdap 00:11:95:c3:0d:ac 1 54M 22:0 100 EPS WPA</screen> + + <note> + <para>You must mark the interface <option>up</option> + before you can scan. Subsequent scan requests do not + require you to mark the interface up again.</para> + </note> + + <para>The output of a scan request lists each BSS/IBSS + network found. Beside the name of the network, + <literal>SSID</literal>, we find the + <literal>BSSID</literal> which is the MAC address of the + access point. The <literal>CAPS</literal> field + identifies the type of each network and the capabilities + of the stations operating there:</para> + + <variablelist> + <varlistentry> + <term><literal>E</literal></term> + + <listitem> + <para>Extended Service Set (ESS). Indicates that the + station is part of an infrastructure network (in + contrast to an IBSS/ad-hoc network).</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>I</literal></term> + + <listitem> + <para>IBSS/ad-hoc network. Indicates that the station + is part of an ad-hoc network (in contrast to an ESS + network).</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>P</literal></term> + + <listitem> + <para>Privacy. Data confidentiality is required for + all data frames exchanged within the BSS. This means + that this BSS requires the station to use + cryptographic means such as WEP, TKIP or AES-CCMP to + encrypt/decrypt data frames being exchanged with + others.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>S</literal></term> + + <listitem> + <para>Short Preamble. Indicates that the network is + using short preambles (defined in 802.11b High + Rate/DSSS PHY, short preamble utilizes a 56 bit sync + field in contrast to a 128 bit field used in long + preamble mode).</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><literal>s</literal></term> + + <listitem> + <para>Short slot time. Indicates that the 802.11g + network is using a short slot time because there are + no legacy (802.11b) stations present.</para> + </listitem> + </varlistentry> + </variablelist> + + <para>One can also display the current list of known + networks with:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable> list scan</userinput></screen> + + <para>This information may be updated automatically by the + adapter or manually with a <option>scan</option> request. + Old data is automatically removed from the cache, so over + time this list may shrink unless more scans are + done.</para> + </sect4> + + <sect4> + <title>Basic Settings</title> + + <para>This section provides a simple example of how to make + the wireless network adapter work in &os; without + encryption. After you are familiar with these concepts, + we strongly recommend using <link + linkend="network-wireless-wpa">WPA</link> to set up your + wireless network.</para> + + <para>There are three basic steps to configure a wireless + network: selecting an access point, authenticating your + station, and configuring an IP address. The following + sections discuss each step.</para> + + <sect5> + <title>Selecting an Access Point</title> + + <para>Most of time it is sufficient to let the system + choose an access point using the builtin heuristics. + This is the default behaviour when you mark an interface + up or otherwise configure an interface by listing it in + <filename>/etc/rc.conf</filename>, e.g.:</para> + + <programlisting>ifconfig_ath0="DHCP"</programlisting> + + <para>If there are multiple access points and you want to + select a specific one, you can select it by its + SSID:</para> + + <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting> + + <para>In an environment where there are multiple access + points with the same SSID (often done to simplify + roaming) it may be necessary to associate to one + specific device. In this case you can also specify the + BSSID of the access point (you can also leave off the + SSID):</para> + + <programlisting>ifconfig_ath0="ssid <replaceable>your_ssid_here</replaceable> bssid <replaceable>xx:xx:xx:xx:xx:xx</replaceable> DHCP"</programlisting> + + <para>There are other ways to constrain the choice of an + access point such as limiting the set of frequencies the + system will scan on. This may be useful if you have a + multi-band wireless card as scanning all the possible + channels can be time-consuming. To limit operation to a + specific band you can use the <option>mode</option> + parameter; e.g.:</para> + + <programlisting>ifconfig_ath0="mode <replaceable>11g</replaceable> ssid <replaceable>your_ssid_here</replaceable> DHCP"</programlisting> + + <para>will force the card to operate in 802.11g which is + defined only for 2.4GHz frequencies so any 5GHz channels + will not be considered. Other ways to do this are the + <option>channel</option> parameter, to lock operation to + one specific frequency, and the + <option>chanlist</option> parameter, to specify a list + of channels for scanning. More information about these + parameters can be found in the &man.ifconfig.8; manual + page.</para> + </sect5> + + <sect5> + <title>Authentication</title> + + <para>Once you have selected an access point your station + needs to authenticate before it can pass data. + Authentication can happen in several ways. The most + common scheme used is termed open authentication and + allows any station to join the network and communicate. + This is the authentication you should use for test + purpose the first time you set up a wireless network. + Other schemes require cryptographic handshakes be + completed before data traffic can flow; either using + pre-shared keys or secrets, or more complex schemes that + involve backend services such as RADIUS. Most users + will use open authentication which is the default + setting. Next most common setup is WPA-PSK, also known + as WPA Personal, which is described <link + linkend="network-wireless-wpa-wpa-psk">below</link>.</para> + + <note> + <para>If you have an &apple; &airport; Extreme base + station for an access point you may need to configure + shared-key authentication together with a WEP key. + This can be done in the + <filename>/etc/rc.conf</filename> file or using the + &man.wpa.supplicant.8; program. If you have a single + &airport; base station you can setup access with + something like:</para> + + <programlisting>ifconfig_ath0="authmode shared wepmode on weptxkey <replaceable>1</replaceable> wepkey <replaceable>01234567</replaceable> DHCP"</programlisting> + + <para>In general shared key authentication is to be + avoided because it uses the WEP key material in a + highly-constrained manner making it even easier to + crack the key. If WEP must be used (e.g., for + compatibility with legacy devices) it is better to use + WEP with <literal>open</literal> authentication. More + information regarding WEP can be found in the <xref + linkend="network-wireless-wep">.</para> + </note> + </sect5> + + <sect5> + <title>Getting an IP Address with DHCP</title> + + <para>Once you have selected an access point and set the + authentication parameters, you will have to get an IP + address to communicate. Most of time you will obtain + your wireless IP address via DHCP. To achieve that, + simply edit <filename>/etc/rc.conf</filename> and add + <literal>DHCP</literal> to the configuration for your + device as shown in various examples above:</para> + + <programlisting>ifconfig_ath0="DHCP"</programlisting> + + <para>At this point, you are ready to bring up the + wireless interface:</para> + + <screen>&prompt.root; <userinput>/etc/rc.d/netif start</userinput></screen> + + <para>Once the interface is running, use + <command>ifconfig</command> to see the status of the + interface <devicename>ath0</devicename>:</para> + + <screen>&prompt.root; <userinput>ifconfig <replaceable>ath0</replaceable></userinput> +ath0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 + inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1 + inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 + ether 00:11:95:d5:43:62 + media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) + status: associated + ssid dlinkap channel 6 bssid 00:13:46:49:41:76 + authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100</screen> + + <para>The <literal>status: associated</literal> means you >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200711242232.lAOMWb71084574>