Date: Mon, 16 Mar 2009 15:17:14 -0700 From: Sam Leffler <sam@freebsd.org> To: Doug Barton <dougb@freebsd.org> Cc: freebsd-current@freebsd.org Subject: Re: Is wpa_supplicant supposed to work with a hidden ssid? Message-ID: <49BECFEA.1090808@freebsd.org> In-Reply-To: <49BEBB45.7050605@FreeBSD.org> References: <49BEBB45.7050605@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Doug Barton wrote:
> I spent a pretty long, frustrating evening last night getting
> wpa_supplicant working with my Intel 3945abg (wpi) card. I could
> connect when the network was open, or using WEP just fine. However it
> turned out that I could not connect with WPA unless the AP was showing
> the ssid.
>
> Now hiding ssid is not a show-stopper for me, I just think it's odd
> that I can't do it. FWIW, I vaguely recall that the same thing was
> true with ath-based cards as well. I still have one somewhere, and I
> can double-check this if anyone is interested.
>
> Now this seems to be related to the fact that we can only use
> ap_scan=1 with the wlan module. The description in the example conf
> file seems to indicate that setting that option to 2 would do the
> trick, but the man page for wpa_supplicant.conf says that we can only
> use ap_scan=1. Therefore I'd like to propose the attached patch which
> would have saved me a lot of time flailing around with this (since I
> assumed that the example conf file had the necessary information).
> Since we have svn now, the "pristine" copy of the file will still live
> on in the vendor tree, and there is no "expense" to changing things in
> contrib like there was with cvs.
>
>
If you use a driver that uses net80211 to handle scanning then hidden
ssid is automatically handled for you regardless of the ap_scan
setting. For drivers like wpi where scanning is done in firmware you
need to coerce wpa_supplicant to ask net80211 to send directed probe
request frames that include the ssid of the ap. That used to be done
with ap_scan=1 (I believe). If it is not then something is broken and
you can identify where the problem is using the normal debug
mechanisms--e.g. wlandebug will help you check net80211 operation.
FWIW hidden ssid is useless as a security mechanism; about as effective
as mac address filtering.
Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49BECFEA.1090808>