From owner-freebsd-mobile@FreeBSD.ORG Sun Jun 13 02:06:43 2004 Return-Path: Delivered-To: freebsd-mobile@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AA38B16A4CE; Sun, 13 Jun 2004 02:06:43 +0000 (GMT) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 60EA743D4C; Sun, 13 Jun 2004 02:06:43 +0000 (GMT) (envelope-from sam@errno.com) Received: from [66.127.85.91] ([66.127.85.91]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id i5D264WR092652 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Sat, 12 Jun 2004 19:06:04 -0700 (PDT) (envelope-from sam@errno.com) From: Sam Leffler Organization: Errno Consulting To: freebsd-mobile@freebsd.org Date: Sat, 12 Jun 2004 19:01:00 -0700 User-Agent: KMail/1.6.1 References: <20040613004422.GD12085@afflictions.org> In-Reply-To: <20040613004422.GD12085@afflictions.org> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200406121901.00470.sam@errno.com> cc: Damian Gerow cc: mobile@freebsd.org Subject: Re: 802.1x/802.11i support X-BeenThere: freebsd-mobile@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Mobile computing with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2004 02:06:43 -0000 On Saturday 12 June 2004 05:44 pm, Damian Gerow wrote: > As a matter of curiousity, is anyone working on 802.1x/802.11i support for > FreeBSD? As a corollary, is 802.11i even a standard yet? > > As per a thread a few months ago, Sam said he would be getting around to > it, but I know he's been busy with things like network stack locking and > such: Yes and no. I've got wpa_supplicant working on Linux with a port of the net80211 layer and an Atheros driver. Bringing it back to FreeBSD should be straightforward though there are some issues (wpa_supplicant gives you WPA1 and WPA2 (aka 11i) support with both PSK and .1x). This is still work in progress but pretty close to being "usable" (getting the Atheros driver finally reliable has been the hard part). Once things are stable my intent is to backport to FreeBSD but that may not happen quickly. Finding a motivated person with some kernel hacking skills would make things happen faster (much faster) and/or allow concurrent development under FreeBSD. 802.11i as a standard is probably in process (don't know the details). There have been WPA2 testathon-style get-togethers going on and the net80211+wpa_supplicant code will undergo formal testing pretty soon. I know that numerous companies are rolling out 11i support in products so it's likely not going to change substantially if it's not already in ballot. On the authenticator side the code I mentioned above has an 802.1x authenticator that needs a bit of work but was working well enough some time back to support multiple WinXP and OS X clients talking to FreeRADIUS and/or IAS backends. WPA authenticator support is incomplete and won't happen by me until later this year (I've got another project before I can return to that). But the good news is that I've done the biggest part of this work already in the net80211 layer (including all the crypto support). Of course adding support for non-Atheros h/w will take some work. But for Prism cards at least there is the Linux hostap code that has been working for a while to crib from. Getting things hooked up to the ndis emulation layer also shouldn't be a big deal as wpa_supplicant apparently works already with at least one of the Linux equivalents. Sam