DSA Supplicant for Linux Targets
Overview of DSA Supplicant for Linux Targets
The Devicescape Agent Supplicant (DSA Supplicant) is driven by an event loop. DSA Supplicant must respond to specified events, such as signals and sockets (receiving new packets to be read). The Linux version of DSA Supplicant uses the select() method, from the sys/time.h system library, to implement the event loop interface. Using select, the Linux implementation defines timeouts and handlers; that is, an instruction to perform a certain action after a specified amount of time has passed.
The Linux distribution of DSA Supplicant includes two implementations for handling layer 2 (link layer) packet sending and receiving. An implementation using Linux packet sockets is provided in l2_packet_linux.c. The second implementation uses libpcap and libdnet and is provided in l2_packet_pcap.c.
Linux WLAN Drivers
Generic Linux Wireless Extensions functions are implemented in driver_wext.c. All Linux driver wrappers can use these when the kernel driver supports the generic ioctl() and wireless events. For best results, use a Linux driver with Wireless Extensions version 18 (WE-18) or later.
The following table provides a list of known Linux drivers that can be used with DSA Supplicant for generic WPA/WPA2 PSK and enterprise functions.
Note: Many of these drivers do not support Cisco CCX or Wi-Fi WPS extensions - check with the driver developer to confirm the availability of these features..
|
Driver
|
Description
|
|
Supported Drivers
|
|
Atheros AR6000 driver
|
Linux driver for Atheros AR6000 (SDIO interface)
|
|
Broadcom BCM43xx driver
|
Linux driver for Broadcom IEEE 802.11a/g cards BCM4306/4309/4318/4320 (USB)
|
|
Multiband Atheros Driver for Wi-Fi (MADWIFI) driver for cards based on Atheros chip set (ar521x)
|
You will need to modify the wpa_supplicant .config file to use the correct path for the madwifi driver root directory (CFLAGS += -I../madwifi/wpa line in example defconfig).
|
| |
|
Host AP driver for Prism2/2.5/3 (development snapshot/v0.3x)
|
Development snapshot/v0.3.x is available at http://hostap.epitest.fi/
Driver must be set in Managed mode (iwconfig wlan0 mode managed)
The station firmware version needs to be 1.7.0 or newer to work in WPA mode.
|
|
Linuxant DriverLoader
|
Linuxant DriverLoader with Windows NDIS driver for your wlan card supporting WPA available at http://www.linuxant.com/driverloader/
|
|
Agere Systems Inc. Linux Driver
|
The driver interface file (driver_hermes.c) and hardware specific include files are not included in the wpa_supplicant distribution. You will need to copy these from the source package of the Agere driver.
|
|
ATMEL AT76C5XXx driver for USB and PCMCIA cards
|
|
|
Conexant Prism GT/Duette/Indigo driver
|
Linux driver for Conexant cards using SoftMAC architecture
|
|
Linux ndiswrapper
|
Linux ndiswrapper with Windows NDIS driver is available at http://ndiswrapper.sourceforge.net/
|
|
Intel ipw2100 driver
|
|
|
Intel ipw2200 driver
|
|
|
BSD net80211 layer
(For example, the Atheros driver)
|
For FreeBSD 6-CURRENT branch
|
|
Marvell
|
Marvell driver for Linux
|
Building DSA Supplicant and Necessary Components
DSA Supplicant for Linux is provided in source form and must be compiled for your specific Linux operating system. Before you build the Devicescape Agent Supplicant you must configure and build OpenSSL, that is, provided you are using OpenSSL as your TLS library. If you wish to use another TLS library (e.g. Certicom), please refer to Configuring the DSA Supplicant Build.
Building OpenSSL
- Unpack the OpenSSL source code (if you have not already done so):
tar xzf openssl-0.9.8a-devicescape-dsa-<version>.tar.gz
cd openssl-0.9.8.a-devicescape-dsa-<version>
- Select a location for the OpenSSL library installation, (i.e.
/usr/local/openssl)and run the OpenSSL build configuration command from the OpenSSL root directory:
./Configure --prefix=/usr/local/openssl linux-elf
This command can also include other configuration parameters for OpenSSL. See the OpenSSL documentation for more details. You can also run ./Configure to see brief list of configuration options.
- Build OpenSSL using the make command on the OpenSSL directory.
- Install OpenSSL library files into the selected directory (You must have write access to this directory in order to do this.)
- The build directory
openssl-0.9.8a-devicescape-dsa-<version>/ can now be removed since it is no longer required.
Configuring the DSA Supplicant build
Unpack the DSA Supplicant source code (if you have not already done so).
tar xzf devicescape-dsa-<version>.tar.gz
cd devicescape-dsa-<version>
In order to be able to build the Devicescape Agent Supplicant (wpa_supplicant), you will first need to select which parts of it will be included in your customized build. This is done by creating a build time configuration file, .config, in the DSA Supplicant (wpa_supplicant) root directory. The build time configuration can be used to select only the required features and limit the binary size and requirements for external libraries. The main configuration parts are the selection of which driver interfaces and which authentication methods (such as, EAP-TLS, EAP-PEAP, and so on) are included.
A sample configuration file in the DSA Supplicant root directory called defconfig is provided as a starting point. We suggest that you make a copy of this default configuration file and rename it .config, as shown below:
Now you can edit .config as required.
Configuration options are text lines that use the following format:
Do not set more than one configuration option per line of text. Lines starting with # are considered comments and are ignored.
The following lines need to be uncommented in the .config file to select OpenSSL as the TLS library and to point the compiler to use the library files you "installed" in the previous task (Building OpenSSL).
CFLAGS += -I/usr/local/openssl/include
LIBS += -L/usr/local/openssl/lib
The following build time configuration options are used to control IEEE 802.1X/EAPOL and EAP state machines and all EAP methods.
The following configuration option can be used to include GSM SIM/USIM interface for GSM/UMTS authentication algorithm (for EAP-SIM/EAP-AKA). This requires pcsc-lite (http://www.linuxnet.com/) for smart card access.
The following option can be used to replace the native Linux packet socket interface with libpcap/libdnet.
The following options can be added to .config to select which driver interfaces are included. Prism54.org driver is not yet complete and Hermes driver interface needs to be downloaded from Agere. For more information see http://www.agere.com/support/drivers/.
Most Linux driver need to include CONFIG_WIRELESS_EXTENSION.
CONFIG_WIRELESS_EXTENSION=y
CONFIG_DRIVER_NDISWRAPPER=y
The following example includes all features and driver interfaces that are included in the wpa_supplicant package:
CONFIG_DRIVER_NDISWRAPPER=y
CONFIG_WIRELESS_EXTENSION=y
EAP-PEAP and EAP-TTLS will automatically include configured EAP methods (MD5, OTP, GTC, MSCHAPV2) for inner authentication selection.
During development and testing, you may want to include a driver interface for development testing by uncommenting and including the following option:
For more information about using this option for driver interface testing, see the Testing and Development Tools section of the API reference documentation.
Building DSA Supplicant and the CLI
After you have created a configuration file, you can build the Devicescape Agent Supplicant using the make command. Then, you can install the binaries to a suitable directory on the system where you want to run the client (for example /usr/local/bin).
- Build the client by running make in the directory containing the DSA Supplicant source files:
The make will result in several binary files, including:
- wpa_supplicant - The DSA Supplicant runtime binary
- wpa_cli - The CLI with which to configure the runtime DSA Supplicant.
- Copy/install the wpa_supplicant and wpa_cli binaries to the runtime directory on the system where you want to run the supplicant. For example, if for initial testing you want to run the client on the same system you built it on:
cp wpa_cli wpa_supplicant /usr/local/bin
(You might need root privileges to copy the binaries into the runtime directory.)
Running DSA Supplicant
If you have not yet implemented a configuration interface for the DSA Supplicant, you must create a configuration file (/etc/wpa_supplicant.conf) that enables the client to associate with an access point. For more detail about the wpa_supplicant.conf file, see Example Runtime Configuration and Usage.
After creating the configuration file, you can test it by running the following command to start the Devicescape Agent Supplicant (wpa_supplicant) in the foreground with debugging enabled:
wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -d
Use the following command to start the Devicescape Agent Supplicant (wpa_supplicant) in the background without debugging:
wpa_supplicant -iwlan0 -c/etc/wpa_supplicant.conf -B
If you have included more than one driver interface in the build time configuration (.config), you may need to specify which interface to use by including -D<DriverName> option on the command line. For more information on command line options, see Sample GUI for Linux Target Device.
|
Note
|
If you start/run the DSA Supplicant in the background, it will change its working directory to the root directory. If you are referring to certificate and private key files with relative pathnames based on the starting directory, wpa_supplicant may not be able to find these files after having moved to another directory. To avoid this problem, be sure to use absolute pathnames when specifying these files in the wpa_supplicant.conf file.
|
Sample GUI for Linux Target Device
A typical development requirement for the Devicescape Agent Supplicant (DSA Supplicant) is to provide a user interface to the wireless client in order to get status from the client, select a network, get scan results, and add a network to the client's preferred networks list.
DSA Supplicant includes a sample GUI based on Qt. Qt is a cross-platform C++ application framework for building GUIs. For more information about the Qt development framework, see http://www.trolltech.com/products/qt/index.html.
A sample Qt Version 4 based GUI for the DSA Supplicant is provided along with the source code in the following directory:
devicescape-dsa-<version>/wpa_gui/
To build the sample GUI, you need to install Qt Version 4 development libraries and run make wpa_gui in the wpa_supplicant root directory (for example, devicescape_dsa-<version>/).
The output of running make wpa_gui is a GUI binary located in devicescape_dsa/wpa_gui/wpa_gui.
To run the GUI binary, include it with your other runtime files in the copy/install step:
cp wpa_gui/wpa_gui wpa_cli wpa_supplicant /usr/local/bin
The wpa_gui command starts the GUI.
