hostapd and Marvell WIFI sd8787 AP setup or client connectting via command line
来源:互联网 发布:诺亚方舟分级基金软件 编辑:程序博客网 时间:2024/05/05 04:18
目录
- hostapd Linux documentation page
- About hostapd
- Getting hostapd
- Using your distributions hostapd
- Download and compile hostapd
- Configuring hostapd
- Establishing Baseline for Configuration
- Common Options
- Wireless Interface
- Wireless Environment
- Authentication and Encryption
- Additional Options
- Extra Options
- Dynamic VLAN tagging
hostapd Linux documentation page
About hostapd
Homepage: http://w1.fi/hostapd/
hostapd is an IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator. This page is dedicated to the Linux documentation of it's implementation and use. Please refer to the hostapd home page for information for other Operating Systems.
As far a Linux is concerned, out of the old drivers you can only use these 3 drivers with hostapd:
HostAP
madwifi
prism54
All new mac80211 based drivers that implement AP functionality are supported with hostapd's nl80211driver.
The mac80211 subsystem moves all aspects of master mode into user space. It depends on hostapd to handle authenticating clients, setting encryption keys, establishing key rotation policy, and other aspects of the wireless infrastructure. Due to this, the old method of issuing 'iwconfig <wireless interface> mode master' no longer works. Userspace programs like hostapd now use netlink (the nl80211 driver) to create a master mode interface for your traffic and a monitor mode interface for receiving and transmitting management frames.
Getting hostapd
Using your distributions hostapd
It is advisable to try your distributions version of hostapd before taking the time to compile and install your own copy. This will make future maintenance easier as you'll be able to use the init scripts shipped by the distro and hostapd will be updated by it as well. If your distribution ships 0.6.8 or later, you can test with this bare minimum config by creating the file hostapd-minimal.conf:
#change wlan0 to your wireless deviceinterface=wlan0driver=nl80211ssid=testchannel=1
If that config errors out with something like:
hostapd $ sudo hostapd ./hostapd-minimal.confConfiguration file: ./hostapd-minimal.confLine 2: invalid/unknown driver 'nl80211'1 errors found in configuration file './hostapd-minimal.conf'
that means that your distro is not shipping hostapd with nl80211 driver support and you'll need to follow the building instructions that follow. If it works, you can skip down to the configuring hostapd section. If not, continue on.
Download and compile hostapd
Using hostapd with nl80211 requires you to have at least libnl-1.0 pre8 as this release introduced genl, Generic Netlink, which nl80211 relies on. Most distributions are shipping this or a later release by now. To compile on fedora or other distibutions that separate out the headers from the binaries, you need the libnl-devel package.
Throughout this section, versions will be referred to by: x.y.z
ex: hostapd-0.6.8.tar.gz would be referred to as hostapd-x.y.z.tar.gz
You can get the latest development version of hostapd from the git repository with:
git clone git://w1.fi/srv/git/hostap.gitcd hostap/hostapd
Or you can get a stable release (0.6.8 or later reccomended) by downloading the tarball from http://w1.fi/hostapd/.
wget http://w1.fi/releases/hostapd-x.y.z.tar.gztar xzvf hostapd-x.y.z.tar.gzcd hostapd-x.y.z/hostapd
Next, we need to configure the hostapd build to enable nl80211 driver support. Copy defconfig to .config, and open it in your preferred text editor. Also, there are other options that you may want to enable, like 802.11n support if your hardware can do it. Most of the other encryption types and features aren't needed for most applications, so if you're questioning if you need to enable it, you probably don't need to.
cp defconfig .configvi .config
Now find this line:
#CONFIG_DRIVER_NL80211=y
and uncomment it by removing the '#' sign. Repeat for other settings that you may be interested in. The basic configuration, with only this line uncommented is enough to get hostapd up and running with WPA/WPA2 authentication and encryption.
Next, compile hostapd:
make
if this fails with errors like:
driver_nl80211.c:21:31: warning: netlink/genl/genl.h: No such file or directorydriver_nl80211.c:22:33: warning: netlink/genl/family.h: No such file or directorydriver_nl80211.c:23:31: warning: netlink/genl/ctrl.h: No such file or directorydriver_nl80211.c:24:25: warning: netlink/msg.h: No such file or directorydriver_nl80211.c:25:26: warning: netlink/attr.h: No such file or directory
you need to install/update libnl-1.0pre8 (or later). If all goes well and the compilation finishes, try the minimal hostapd again, see the section Using your distributions hostapd above for that.
hostapd # ./hostapd ./hostapd-minimal.confConfiguration file: ./hostapd-minimal.confUsing interface wlan1 with hwaddr 00:0d:0b:cf:04:40 and ssid 'test'
If that starts as the example here shows, you can move on to configuring hostapd. If it fails to start with errors about the driver not being found, review the steps listed above for compiling hostapd again. If it gets the error messages:
Hardware does not support configured modewlan0: IEEE 802.11 Hardware does not support configured mode (2)Could not select hw_mode and channel. (-2)wlan0: Unable to setup interface.rmdir[ctrl_interface]: No such file or directory
then it means the hw_mode (a, b or g) in the config file is set to a value not supported by the hardware.
Configuring hostapd
Establishing Baseline for Configuration
Before configuring hostapd, you need to know the capabilities of the clients that will be using it. Not all clients will support all of the methods you may want to implement, so a baseline configuration needs to be established. You will also want to do a survey of your area to find the channel that has the fewest other APs on it. When choosing which channel to use, it is important to remember that the channels overlap with any channels that are within 20MHz.
Examples of the baseline you might establish:
Encryption: wpa-psk + tkipWireless Mode: gNormal for an environment that has to support semi legacy devices, that don't support ccmp or wpa2
Encryption: wpa2-psk + ccmpWireless Mode: g+nNormal for an environment that has only up to date hardware and software
Encryption: wepWireless Mode: bThis is the works case scenario, as wep is broken and can be trivially cracked. Don't consider this as anything more than keeping casual free loaders out.
Once you've found your baseline, it's time to edit hostapd.conf. The configuration options will be broken into 3 sections:
Common Options: options that you will probably want to setAdditional Options: options that are likely useful to at least know you haveExtra Options: options that you aren't likely to need for most setups
Common Options
The most basic set of options for using hostapd with the nl80211 driver have already been provided as the hostapd-minimal.conf. That is all you need if you don't care about consistantly being on the same channel, don't need/want encryption, and don't need a flashy name. However, that is not a realistic idea in the real world.
First, we'll setup the wireless interface settings, then the wireless environment settings, and finally the authentication and encryption.
Wireless Interface
Setting Summary:
- interface: Tells hostapd what wireless interface to use
- bridge: Set to a bridge if the wireless interface in use is part of a network bridge interface
- driver: For our purposes, always nl80211
If you only have 1 wireless interface, and it's going to be bridged with a wired interface, a good example setup would be:
interface=wlan0bridge=br0driver=nl80211
Wireless Environment
Setting Summary:
ssid: Sets the name (SSID = service set identifier) of the network, wireless extensions/iwconfig incorrectly calls this "essid".
- hw_mode: Sets the operating mode of the interface, and the allowed channels. Valid values depend on hardware, but are always a subset of a, b, g
- channel: Sets the channel for hostapd to operate on. Must be a channel supported by the mode set in hw_mode, as well as allowed by your countries Wireless Regulatory rules.
The ssid is just for ease of configuration. It is what shows up in scan results, and can help in configuring your clients. Check the scan results for your area and choose a name.
hw_mode needs to be something that all of your hardware supports. Setting this to 'g' is probably the most common setup, and also enables backwards compatability with 802.11b devices. Note, this is not where you enable 802.11n support, as 802.11n operates on top of 802.11a or 802.11g's functionality.
channel should be chosen so that it has the minimum overlap with other APs or other networks in your area. 802.11 channels are 20mhz (4 channels) wide in total, or 10mhz (2 channels) wide on each side. This means that an access point on channel 3 will interfere with an acces point on channel 1 or channel 5. Use this to pick a channel. Most consumer APs default to channel 6, so you can use channel 1 or channel 11 in most cases for the best results. Also note that the channels available to you depends heavily entirerly on the local regulatory rules.
An example of a good normal setup is:
ssid=MyNetworkhw_mode=gchannel=1
802.11n Setting Summary
802.11n builds on the settings above, and adds additional functionality. If your hardware doesn't support 802.11n, or you don't plan on using it, you can ignore these.
- ieee80211n: Set to 1 to enable 802.11n support, 0 to disable it
- ht_capab: A list of the 802.11n features supported by your device
The explanation of these settings in the sample config file are quite helpful, so I'll suggest reading those. You can use the command 'iw list' to find a short list of the capabilities of your device.
Example settings:
wme_enabled=1ieee80211n=1ht_capab=[HT40+][SHORT-GI-40][DSSS_CCK-40]
Authentication and Encryption
There is a lot to the authentication and encryption options in hostapd. This section will cover the basics as far as wep/wpa/wpa2 goes, as well as some of the other commonly used options.
Settings Summary:
- macaddr_acl: This controls mac address filtering. Mac addresses are easily spoofed, so only consider the use of this to be augmenting other security measures you have in place.
- auth_algs: This is a bit field where the first bit (1) is for open auth, the second bit (2) is for Shared key auth (wep) and both (3) is both.
- ignore_broadcast_ssid: This enables/disables broadcasting the ssid.
- wpa: This is a bitfield like auth_algs. The first bit enables wpa1 (1), the second bit enables wpa2 (2), and bothe enables both (3)
- wpa_psk/wpa_passphrase: These establish what the pre-shared key will be for wpa authentication.
- wpa_key_mgmt: This controls what key management algorithms a client can authenticate with.
- wpa_pairwise: This controls wpa's data encryption
- rsn_pairwise: This controls wpa2's data encryption
First, scratch macaddr_acl and ignore_broadcast_ssid from your priorities as they only enhance security (and even then, only slightly). Also, WEP has been effectively broken now, so unless you HAVE to support wep, scratch that from your list. This just leaves wpa/wpa2. Per the draft standard, wpa2 is required for 802.11n, and as there are known attacks on wpa now, wpa2 is the recommended authentication and encryption suite to use. Fortunately, you can have both enabled at once. If Windows clients are going to be connecting, you should leave ccmp encryption out of the wpa_pairwise option, as some windows drivers have problems with systems that enable it.
A good starting point for a wpa & wpa2 enabled access point is:
macaddr_acl=0auth_algs=1ignore_broadcast_ssid=0wpa=3wpa_passphrase=YourPassPhrasewpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPrsn_pairwise=CCMP
If, alternately, you just want to support wpa2, you could use something like:
macaddr_acl=0auth_algs=1ignore_broadcast_ssid=0wpa=2wpa_passphrase=YourPassPhrasewpa_key_mgmt=WPA-PSKwpa_pairwise=TKIPrsn_pairwise=CCMP
That should be all of the settings that you'll need to change for a basic, secure, access point using hostapd with an AP enabled mac80211 driver.
Additional Options
Extra Options
Dynamic VLAN tagging
hostapd can be configured to move STAs into separate VLANs based on RADIUS tunnel attributes (as specified in RFC3580, http://tools.ietf.org/html/rfc3580#section-3.31):
Tunnel-Type=VLAN (13)Tunnel-Medium-Type=802Tunnel-Private-Group-ID=VLANID
To enable dynamic VLAN tagging the following options in hostapd.conf need to be set:
dynamic_vlan=1vlan_file=/etc/hostapd.vlan
A value of 0 disables dynamic VLAN tagging, a value of 1 allows dynamic VLAN tagging and a value of 2 will reject the authentication if the RADIUS server does not provide the appropriate tunnel attributes.
Furthermore, hostapd needs to know how the VLAN interfaces should be named, this is done through an additional config file as specified in vlan_file.
Example /etc/hostapd.vlan:
1 wlan0.1* wlan0.#
This will create a wlan0.1 interface on top of wlan0 and move all STAs with the RADIUS supplied vlantag 1 to that interface. The second entry is used to dynamically create VLAN interfaces on top of wlan0, hostapd will create an interface wlan0.vlantag for each different vlantag as supplied by the RADIUS server. For example, if a STA associates and the RADIUS server attributes contain the vlantag 100 hostapd will create a wlan0.100 interface and map the STA to this new interface.
Marvell WIFI AP setup via command line
WiFi AP (Access Point) mode
The factory supplied DreamPlug provides a WiFi setup. This guide is for those who have installed their own Debian rootfs (Squeeze or Wheezy). These instructions are known to work on kernels later than 2.6.38.7.
Further the instructions work for Dreamplug serial numbers less than DS2-112* .
- infrastructure
- We provide most of the required Files in a single archive (tar.gz). The archive contains:
blacklist libertas
The libertas wireless client drivers need to be excluded. You do this by blacklisting by creating the file /etc/modprobe.d/dpwifiap.conf.# cat /etc/modprobe.d/dpwifiap.conf# disable dreamplug wireless client modulesblacklist libertasblacklist libertas_sdio
firmware
Once firmware is loaded it is difficult to unload, unless you reboot. So avoid loading the "libertas-firmware". The firmware we use is placed in /lib/firmware/mrvl. This firmware is the same as the firmware from the orginal micro SD as supplied by Globalscale.uaputl
The uaputl sources were downloaded and compiled from http://plugcomputer.org/plugforum/index.php?topic=2196.msg13114#msg13114. We include uaputl and a sample configuration.uaputl and uapevent are now available as Debian Wheezy packages.# wget http://www.spinifex.com.au/plugs/downloads/dreamplug/mrvl_uap.tar.gz# tar x -C '/' -zf mrvl_uap.tar.gz
# apt-get install uaputl uapevent
- configure dnsmasq
- dnsmasq is required to handle DNS and DHCP services for WiFi.
# apt-get install dnsmasq
dnsmasq provides a conf file with most of the options commented out. You need only to set a few lines.
In the following setup the 192.168.0.1 address is the network router/dhcp server/gateway.
The dhcp-range is the range of addresses provided by dhcp. If you are using a different range then change these numbers and change your network/interfaces setup.vi /etc/default/dnsmasqENABLED=1CONFIG_DIR=/etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-newIGNORE_RESOLVCONF=yes
The follwoing options need to be set in dnsmasq.confvi /etc/dnsmasq.confdomain-neededbogus-privstrict-orderno-pollserver=192.168.0.1@eth1interface=uap0dhcp-range=192.168.1.192,192.168.1.253,48hdhcp-lease-max=100dhcp-leasefile=/var/lib/misc/dnsmasq.leases
You can set the DHCP range to whatever suits you.
The/etc/resolv.conf
we are using must point to the DNS server(s), in our test case this simply contains the 192.168.0.1 address. e.g.# cat /etc/resolv.confnameserver 192.168.0.1
Restart dnsmasq/etc/init.d/dnsmasq restart
- start the AP
- To start the AP
# ifconfig uap0 up# uaputl sys_config ./uaputl.conf# uaputl sys_cfg_radio_ctl 0# uaputl bss_start
You should now have a an unsecured WiFi access point. The network for the WiFi is 192.168.1.* - stop the AP
# uaputl bss_stop# uaputl sys_reset# ifconfig uap0 down
- config the AP
- You can play with parameters in uaputl.conf. The conf file seems a more convenient way to configure the AP. To get help on uaputl, read /etc/uaputl.conf and
# uaputl --help
- sample interface
- This allows you to stop and start the AP with ifup/ifdown
# cat /etc/network/interfaces# Used by ifup(8) and ifdown(8). See the interfaces(5) manpage or# /usr/share/doc/ifupdown/examples for more information.auto loiface lo inet loopbackauto eth1iface eth1 inet dhcp# interface for the dreamplug wifi in AP mode# this requires /lib/firmware/mrvl# ensure libertas and libertas_sdio are blacklistedauto uap0iface uap0 inet static pre-up modprobe uap8xxx || true post-up /usr/bin/uaputl sys_config /etc/dp_uap/uaputl.conf post-up /usr/bin/uaputl sys_cfg_radio_ctl 0 post-up /usr/bin/uaputl bss_start post-down /usr/bin/uaputl bss_stop post-down /usr/bin/uaputl sys_reset address 192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0
- reset the hardware
- This allows you to reset the WiFi hardware. Once you do this, you need to remove the uap8xxx module. e.g.
echo 2 > /proc/uap/uap0/hwstatusmodprobe -rv uap8xxx
Testing the Wi-Fi Interface in Client Mode
Use the following steps to test the Wi-Fi interface in client mode:
Connect to a WPA2 secured access point using wpa_supplicant edit /etc/wpa_supplicant.conf:
#vi /etc/wpa_supplicant.conf
Edit the configuration to contain the following text:
network={
ssid="hidden_essid"
scan_ssid=1
psk="secretpassword"
priority=2
}
Issue the following commands:
#wpa_supplicant -D wext -i mlan0 -c /etc/wpa_supplicant.conf &
#dhclient mlan0
Check that the interface is up.
#ifconfigmlan0
mlan0 Linkencap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inetaddr:192.168.0.121 Bcast:192.168.0.255 Mask:255.255.255.0
inet6addr: fe80::208:caff:fec3:6a/64 Scope:Link
UPBROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RXpackets:7369 errors:0 dropped:0 overruns:0 frame:0
TXpackets:3826 errors:0 dropped:0 overruns:0 carrier:0
collisions:0txqueuelen:1000
RXbytes:10781639 (10.7 MB) TX bytes:209585 (209.5 KB)
Test the connection using wget to download a file from a working host.
Testing the Wi-Fi Interface in Access Point Mode
Use the following steps to test the Wi-Fi interface in Access Point (AP)mode:
Edit /etc/dnsmasq.conf and add the following line with the desired network addressing:
dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
Issue the following commands:
# ifconfig uap0 192.168.0.1 netmask 255.255.255.0 up
# uaputl bss_stop
# uaputl sys_cfg_ssid "Qseven_AP" // set the ap name
# uaputl sys_cfg_channel --help
Usage : sys_cfg_channel [CHANNEL] [MODE]
If CHANNEL is provided, a 'set' is performed, else a 'get' is performed.
MODE: band config mode
Bit 0: ACS mode enable/disable
Bit 1: secondary channel is above primary channel
Bit 2: secondary channel is below primary channel
# uaputl sys_cfg_channel [1 / 6 / 11]
说明:
wikipedia说全球運作的頻譜指配和操作限制並不一貫。美國所用的標準在2.4 GHz頻帶有11個通道,而在歐洲大部份地區有另外的2個通道,即13個通道(1-11 v.s 1-13)。日本還要追加一個(1-14)。2007年歐洲是在這方面基本上是均勻的。一個非常混亂事實:一個Wi-Fi信號在2.4 GHz頻段實際上佔用五個通道,兩個通道編號之差大於5的通道,如2和7,不會發生通道重疊,因此在美國只有3個非重疊通道:1,6,11。在歐洲有三個或四個非重疊通道:1,6,13或1,5,9,13。等效全向輻射功率(EIRP)在歐盟被限制為20 dBm(100mW)。The current 'fastest' norm, 802.11n, uses double the radio spectrum/bandwidth (40 MHz) compared to 802.11a or 802.11g (20 MHz). This means there can be only one 802.11n network on the 2.4 GHz band at a given location, without interference to/from other WLAN traffic. 802.11n can also be set to use 20 MHz bandwidth only to prevent interference in dense community.http://zh.wikipedia.org/wiki/Wi-Fi#.E9.99.90.E5.88.B6http://en.wikipedia.org/wiki/Wi-Fi#Limitations
# uaputl bss_start
# mkdir -p /var/lib/misc
# dnsmasq -d &
To connect another Qseven system to this AP, on the client (phone or other wifi devices), issue the following commands:
# iwlist mlan0 scan
# iwconfig mlan0 essid "Qseven_AP"
# dhclient mlan0
Connect with another device. Messages are displayed indicating that thedevice has obtained an IP address and is connected to the access point.
Number of STA = 1
STA 1 information:
=====================
MAC Address: b4:07:f9:c6:ba:eb
Power mfg status: power save
Rssi : -85 dBm
wifi 具体驱动文件信息在:# ll /proc/mwlan
-rw-r--r-- 1 root root 0 Jan 1 06:05 config
dr-xr-xr-x 2 root root 0 Jan 1 06:05 mlan0/
dr-xr-xr-x 2 root root 0 Jan 1 06:05 uap0/
dr-xr-xr-x 2 root root 0 Jan 1 06:05 wfd0/
net 位置: # ll /proc/net
bluetooth 位置: # ll /proc/mbt
dr-xr-xr-x 2 root root 0 Jan 1 06:06 hci0/
dr-xr-xr-x 2 root root 0 Jan 1 06:06 hci1/
# cat /proc/mwlan/uap0/info
driver_name = "uap"
driver_version = SD8787-w8787-Ax, RF878X, FP66, 14.66.9.p64, BT_SDIO-M3X14347-GPL-(FP66)
interface_name="uap0"
media_state="Disconnected"
mac_address="00:08:ca:c3:02:3d"
num_tx_bytes = 57018
num_rx_bytes = 97084
num_tx_pkts = 513
num_rx_pkts = 1583
num_tx_pkts_dropped = 0
num_rx_pkts_dropped = 0
num_tx_pkts_err = 10
num_rx_pkts_err = 0
carrier on
tx queue 0: started
tx queue 1: started
tx queue 2: started
tx queue 3: started
tkip_mic_failures = 0
ccmp_decrypt_errors = 0
wep_undecryptable_count = 0
wep_icv_error_count = 0
decrypt_failure_count = 0
mcast_tx_count = 0
failed_count = 0
retry_count = 0
multiple_retry_count = 0
frame_duplicate_count = 0
rts_success_count = 0
rts_failure_count = 0
ack_failure_count = 0
rx_fragment_count = 0
mcast_rx_frame_count = 0
fcs_error_count = 0
tx_frame_count = 0
rsna_tkip_cm_invoked = 0
rsna_4way_hshk_failures = 0
- hostapd and Marvell WIFI sd8787 AP setup or client connectting via command line
- wifi command line connect to ap
- soft ap && wifi client
- wifi 連ap command
- Marvell w8782 sdio wifi AP模式设置
- Marvell sd8782 sdio wifi AP配置
- hostapd实现WIFI 热点(AP)
- hostapd实现WIFI 热点(AP)
- hostapd实现WIFI 热点(AP)
- hostapd实现WIFI 热点(AP)
- hostapd实现WIFI 热点(AP)
- MySQL Command Line Client
- MySQL Command Line Client
- marvell mmp3 pxa2128 sd8787 bluetooth code analysis
- marvell mmp3 pxa2128 sd8787 bluetooth code analysis
- 配置wifi为AP模式 -- 接入点hostapd基本配置
- mysql command line client语法
- enable usb tethering via command line failed
- 游标的基本使用
- 基本数据结构——二叉查找树
- 简单的tab选项卡效果
- Android学习 --有进度条下载对话框
- tomcat的安全漏洞
- hostapd and Marvell WIFI sd8787 AP setup or client connectting via command line
- 函数模板、类模板学习二
- cpp调用短信猫发送短信WAVECOM
- 敏捷之旅2012天津站活动组织心得
- ubuntu软件更新源,提高更新速度
- System.arraycopy用法
- (EM算法)The EM Algorithm
- 算法书籍推荐及网络资源
- 未能加载文件或程序集Microsoft.ReportViewer.WinForms