Date: Sat, 12 Jun 2004 19:01:00 -0700 From: Sam Leffler <sam@errno.com> To: freebsd-mobile@freebsd.org Cc: mobile@freebsd.org Subject: Re: 802.1x/802.11i support Message-ID: <200406121901.00470.sam@errno.com> In-Reply-To: <20040613004422.GD12085@afflictions.org> References: <20040613004422.GD12085@afflictions.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 12 June 2004 05:44 pm, Damian Gerow wrote: > As a matter of curiousity, is anyone working on 802.1x/802.11i support for > FreeBSD? As a corollary, is 802.11i even a standard yet? > > As per a thread a few months ago, Sam said he would be getting around to > it, but I know he's been busy with things like network stack locking and > such: Yes and no. I've got wpa_supplicant working on Linux with a port of the net80211 layer and an Atheros driver. Bringing it back to FreeBSD should be straightforward though there are some issues (wpa_supplicant gives you WPA1 and WPA2 (aka 11i) support with both PSK and .1x). This is still work in progress but pretty close to being "usable" (getting the Atheros driver finally reliable has been the hard part). Once things are stable my intent is to backport to FreeBSD but that may not happen quickly. Finding a motivated person with some kernel hacking skills would make things happen faster (much faster) and/or allow concurrent development under FreeBSD. 802.11i as a standard is probably in process (don't know the details). There have been WPA2 testathon-style get-togethers going on and the net80211+wpa_supplicant code will undergo formal testing pretty soon. I know that numerous companies are rolling out 11i support in products so it's likely not going to change substantially if it's not already in ballot. On the authenticator side the code I mentioned above has an 802.1x authenticator that needs a bit of work but was working well enough some time back to support multiple WinXP and OS X clients talking to FreeRADIUS and/or IAS backends. WPA authenticator support is incomplete and won't happen by me until later this year (I've got another project before I can return to that). But the good news is that I've done the biggest part of this work already in the net80211 layer (including all the crypto support). Of course adding support for non-Atheros h/w will take some work. But for Prism cards at least there is the Linux hostap code that has been working for a while to crib from. Getting things hooked up to the ndis emulation layer also shouldn't be a big deal as wpa_supplicant apparently works already with at least one of the Linux equivalents. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200406121901.00470.sam>