OpenBSD Journal

p2k18 Hackathon report: Peter Hessler on wifi nwid switching

Contributed by phessler on from the roaming-to-new-networks dept.

Peter Hessler (phessler@) writes about his time in Nantes:

I had arrived at Nantes with two goals, first was to port an app to watch baseball via mlb.tv, and second to clean up my work on BFD and hopefully enable it.

I'd sent out some ports for OKs, and was cleaning up some long-standing diffs for BFD when I overheard a conversation between Paul Irofti (pirofti@) and Theo de Raadt (deraadt@) about remembering which WiFi networks a machine has connected to. I mentioned I had 90% of that done, and only needed to finish the remaining 90%. After some discussion, I sent out my existing diff with the warning "it breaks WEP".

Stefan (stsp@) and I spent some time analyzing my diff, and realized that it wasn't my changes that broke it. I was certain that an un-modified kernel had still worked, but tested it again. Oups. Turns out it was broken 8 months before! It was an easy fix so we did that, and my code now properly switched between WPA (1/2/Enterprise), WEP, and clear. During the testing, we found all sorts of minor things to fix and polish. I'm breaking quite a few of the existing expectations, so we had to track and fix those. I also entertained fellow hackers by repeatedly taking my laptop, walking away from the access point I was using, then quickly running back over to unplug it to test some threshold code.

For the 6.3 release, Stefan committed roaming support for the iwm(4) and iwn(4) drivers. This moves between Access Points using the same network name. There is another kind of network switching that is erroneously called roaming, which is moving from one network name to another. Your phone does it pretty well. This is what I implemented.

hostname.if:
    nwid A wpakey wpasecretkey
    nwid B nwkey
    nwid C
    dhcp

This will configure 3 different networks for the interface to connect to, with the appropriate network configurations. When the wifi interface is not connected, it will do a scan and connect to the "best" of the networks it finds. Once it does that, the interface goes Up, and dhclient/userland fetches a new lease and generally behaves as normal. It will NOT change networks as long as it is connected, it will only switch if you lose link and the old one isn't available any more.

The code is not yet in, but we're doing the (hopefully) final reviews and fixes before I can commit it

Thanks to Epitech Nantes and The OpenBSD Foundation for the hackathon!

(Comments are closed)


  1. By Renaud Allard (renaud) renaud@allard.it on

    WEP being broken is somewhat of a non issue to be honest. It's about the same as running an open network.

    In 2003 the Wi-Fi Alliance announced that WEP had been superseded by Wi-Fi Protected Access (WPA). In 2004, with the ratification of the full 802.11i standard (i.e. WPA2), the IEEE declared that both WEP-40 and WEP-104 have been deprecated.

    Furthermore, Wi-Fi certified APs must NOT include WEP since 2013, so I am not really sure WEP is still relevant.

    1. By phessler (phessler) spambox@theapt.org on http://www.openbsdfoundation.org/donations.html

      WEP is still used in many places, and new changes should not unintentionally break it. When I was in Japan last year (yes, 2017), 2/3rds of the places I used wifi at used WEP.

      Yes, it isn't secure. But it is required to connect to those networks.

      1. By Renaud Allard (renaud) renaud@allard.it on

        I agree, no change should unintentionally break anything else. But, the fact that WEP is not supported by "recent" APs might explain why the breakage has not been seen earlier.
        I find it amazing that you had to use WEP in Japan... That's not a country known to be lagging in technology.

  2. By rjc (rjc) on

    You've mentioned WPA{,2} Enterprise. Does this mean that support for it will land in OpenBSD base and we won't have to use wpa_supplicant any more?

    1. By phessler (phessler) spambox@theapt.org on http://www.openbsdfoundation.org/donations.html

      No, this work is not adding a Supplicant. I tested it with other networks, and have to re-start wpa_supplicant when I enter a network with 802.1X. Pre-shared keys with wpa1 and wpa2 are fine with this diff.

      1. By rjc (rjc) on

        Thanks for confirming this.

        In the above hostname.if example, how would one add a wpa_supplicant into the mix? Will it be at all possible or will I have to rely on a 3rd-party script as I do now?

        I rely heavily on access to Eduroam.

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]