Contributed by merdely on from the would-you-like-some-cheese-with-your-whine dept.
Damien Bergamini (damien@) just committed WPA-support (wikipedia) for OpenBSD. In the commit message, Damien states that "bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4) should work." And, Damien says "support for more chipsets should arrive soon."
Examples, ifconfig(8) output and commit messages below.
To use WPA-PSK in station mode:
To convert a passphrase to a 256-bit hexadecimal key, use wpa-psk(8):# ifconfig ral0 wpa wpapsk \ 0x0e8de50e2a614dbd83df61db3e042b396177e8cc8ef7e1f2e83e158a19ba5ea3
# /sbin/wpa-psk <ssid> <passphrase>
The output of ifconfig ral0 looks like:
ral0: flags=8802mtu 1500 lladdr 00:11:2f:82:8c:01 groups: wlan media: IEEE802.11 autoselect mode 11g hostap status: active ieee80211: nwid openbsd-ap chan 5 bssid 00:11:2f:82:8c:01 wpapsk <not displayed> wpaprotos wpa1,wpa2 wpaakms psk,802.1x wpaciphers tkip,ccmp wpagroupcipher tkip 100dBm
Commit messages:
CVSROOT: /cvs Module name: src Changes by: damien@ 2008/04/16 12:32:15 Modified files: sys/conf : files sbin/ifconfig : ifconfig.8 ifconfig.c sys/net80211 : ieee80211.c ieee80211.h ieee80211_crypto.c ieee80211_crypto.h ieee80211_input.c ieee80211_ioctl.c ieee80211_ioctl.h ieee80211_node.c ieee80211_node.h ieee80211_output.c ieee80211_proto.c ieee80211_proto.h ieee80211_var.h sys/dev/ic : acx.c atw.c bwi.c malo.c pgt.c rt2560.c rt2661.c rt2860.c rt2860reg.h rtw.c sys/dev/pci : if_ipw.c if_ipwvar.h if_iwn.c if_wpi.c sys/dev/usb : if_ral.c if_rum.c if_upgt.c if_zyd.c Added files: sys/net80211 : ieee80211_crypto_ccmp.c ieee80211_crypto_tkip.c ieee80211_crypto_wep.c Log message: Kernel implementation of the 4-way handshake and group-key handshake protocols (both supplicant and authenticator state machines) as defined in the IEEE 802.11i standard. Software implementation of the TKIP (Temporal Key Integrity Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols. This diff doesn't implement any of the 802.1X authentication protocols and thus only PSK authentication (using pre-shared keys) is currently supported. In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes. The following drivers are marked as WPA-capable and should work: bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4) The following options have been added to ifconfig(8): wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher wpa-psk(8) can be used to generate keys from passphrases. tested by many@ ok deraadt@
and
CVSROOT: /cvs Module name: src Changes by: damien@ 2008/04/15 10:29:05 Added files: sbin/wpa-psk : Makefile wpa-psk.8 wpa-psk.c Log message: welcome wpa-psk(8). ok deraadt@
Thank you to Damien for working on this oft requested feature and making it a reality (and thanks for helping me with this article). Be sure to show your appreciation by donating to the project.
(Comments are closed)
By Anonymous Coward (2a01:348:6:b5::2) on
Comments
By Didier Wiroth (158.64.152.221) didier.wiroth@mcesr.etat.lu on http://www.wiroth.net
Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Comments
By Anonymous Coward (24.37.242.64) on
>
> Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
> Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
My sentiments too.
Comments
By Baldusi (190.16.188.60) on
> >
> > Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
> > Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
>
> My sentiments too.
I couldn't have expressed in better words.
By clvrmnky (69.28.228.76) on http://clevermonkey.org
>
> Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
> Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I'll have what he's having.
By Luis Coronado (190.10.76.226) on
Comments
By jason (jason) jason@dixongroup.net on http://www.dixongroup.net/
This is the real deal.
By Brad (2001:470:8802:3:216:41ff:fe17:6933) brad at comstyle dot com on
Having working 3D support via DRI is not that far off for the ATI and Intel drivers.
Comments
By Anonymous Coward (192.193.245.14) on
>
> Having working 3D support via DRI is not that far off for the ATI and Intel drivers.
How come Nvidia isn't in the list? Lack of hardware or has the recent release of ATI specs (which I thought lacked 3D stuff for the moment)?
Comments
By Brynet (Brynet) on
>
>
What are you rambling about?
Last time I checked, NVidia has NOT released any 3D(or 2D).. GPU programming information.
AMD/ATI's docs only benefit ATI card users, what on earth made you think they would assist in the creation of an NVidia driver?
Comments
By Anonymous Coward (192.193.245.14) on
> >
> >
>
> What are you rambling about?
>
> Last time I checked, NVidia has NOT released any 3D(or 2D).. GPU programming information.
>
> AMD/ATI's docs only benefit ATI card users, what on earth made you think they would assist in the creation of an NVidia driver?
Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.
Comments
By Brynet (Brynet) on
>
Apologies, didn't understand you.
I'm sure the existing Xorg ATI drive was improved, probably most of the work was deobfustication.
There are 2 projects you should look at:
http://www.radeonhd.org/ --> Based on the released docs, most development done by Novell.
http://wiki.x.org/wiki/radeon
http://dri.freedesktop.org/wiki/ATIRadeon
http://nouveau.freedesktop.org/ --> Based on reverse engineering, lot's of work has been done.
Older ATI cards have DRI 3D acceleration, so, assuming oga@'s great improvements get my attention, they should work.
By sthen (2a01:348:108:155:20a:e4ff:fe2d:99ee) on
It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.
nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)
Comments
By Anonymous Coward (192.193.245.14) on
>
> It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.
>
> nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)
Thanks for the info!
By oga (155.198.68.11) oga@openbsd.org on
>
> It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.
>
> nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)
The thing about 2D/3D being the same on current cards is correct. This is the reasoning behind some newer X projects, like the Gallium3d mesa rewrite (still in early days), the eventual plan seems to be merging the 2d and 3d pipelines completely.
Work such as the intel batchbuffer branch (which depends on the TTM memory manager, something we lack right now) get better 2d performance by accelerating EXA rendering.
For the record (Sorry Stephen that i'm replying to you, you know this):
Intel's driver is open, developed by people they pay. It's currently
the most technically advanced.
Ati's stuff had support based on NDAed docs from years ago for the r100 and r200 cards (up the the 9200 IIRC). r300 support was there, but reverse engineered. Since they released the specs, a lot of work has gone onto improving this. Actually both xf86-video-ati and xf86-video-radeonhd both have support for these cards. Which one to use is a matter for debate.
Nvidia are by far the least open. There's the xf86-video-nv stuff. It is SHIT. Nouveau, the project to reverse engineer Nvidia hardware is making progress, but it's still early days. Support for this driver is on my todo list, but depends upon other stuff higher up.
For the time being:
- If you just want a desktop, nothing special get intel.
- If you want to eventually do something with more intensive 3d, get Ati.
- Avoid Nvidia. Honestly.
Our current status (quite a bit of this is not in the tree while it's waiting for an ok): intel mostly works (there's still a few crash bugs in there), I've only got i965 hardware, but other hardware has been tested for me. Radeon works fairly well if you force the agp cards to pci mode, though some chipsets segfault every GL app (I don't have any of these to work with), my r400 card (X800SE pcie) works great. SiS chipsets I'm told work (or at least used to), someone recently tried a 3dfx card, it seems to crash a lot.
this is on i386, but there are patches for amd64 too.
In other words:
Work is coming on, it'll be done in good time. If you want to help, email me privately please.
Cheers,
-0-
By Brad (2001:470:8802:3:216:41ff:fe17:6933) brad at comstyle dot com on
No. It required a developer willing and able to do the work. There is a project started already by the name of Nouveau which aims to reverse engineer the hw and provide 3D capabilities as well as a much better 2D driver, TV output support and so on. That is fairly important and will come along later though due to other dependencies will take a bit longer to get going what is available now.
By Bryan.Brake (138.163.0.43) on
Damn Damien, this is bleeding edge stuff. committed ~2hours ago...
Well done chap. I'll hoist one in your honor tonight. Tivo's and wife's windows laptop and now my OBSD box will all have WPA on them...
And we did our way. It's open, free, and done correctly... I feel the need to open my pocketbook again...
By Renaud Allard (renaud) renaud@llorien.org on
Congratulations guys, excellent work.
By Wifi (86.91.41.86) on
is there a Soekris variant i can put a wireless card in ?
Thanx a zillion !
Comments
By Wifi (86.91.41.86) on
> is there a Soekris variant i can put a wireless card in ?
>
> Thanx a zillion !
I must learn to use google
I must learn to use google
I must learn to use google
..
..
http://glozer.net/soekris/soekris.html
By Anonymous Coward (192.94.73.2) on
Thank you, damien@, for your hard work on this and for all the other OpenBSD devs who contributed/assisted. This is the single feature that I have wished for the most in OpenBSD. I have had clients asking for this. Now, I can deploy OpenBSD in more locations where it is appropriate and, hopefully, convince more clients to pony up donations.
In any event, I will be making a special donation right now to OpenBSD for this FANTASTIC piece of news.
THANK YOU!
Comments
By Stefan (193.30.140.138) on
>
> THANK YOU!
So did I, right away!
THANK YOU! THANK YOU! THANK YOU!
By Anonymous Coward (195.29.157.74) on
This is why I buy DVD, T-Shirt and poster every OpenBSD release.
Thanx.
Comments
By Anonymous Coward (62.227.96.87) on
Comments
By Hey Vern (75.166.185.123) on
Just remember that someone has to ship the CDs, along with all the paperwork involving paying for them. As Theo said, it was a business arrangement, increasing the sales of the CDs by allowing others to take risks involved with production and storage of the shirts. If Theo had to ship the CDs less work would get done.
I'm all for disclosure, and I have several shirts (no posters though). But I have lots of CDs and donations (as in plural).
I think we need to pony up and donate until a new snapshot comes out with WPA on it. If the project got an extra $15,000 for this effort, I would think it was worth it. In fact I'll go donate tonight. Won't you join me?
By Matthew Dempsky (38.102.129.10) on
Comments
By Mike Erdely (merdely) on http://erdelynet.com/
"In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes."
Comments
By Anonymous Coward (38.102.129.10) on
D'oh, I went digging through the man pages and source before finishing reading the post. :(
Thanks for pointing that out though.
By Anonymous Coward (68.76.120.222) on
Comments
By Mike Erdely (merdely) on http://erdelynet.com/
> Question: Where does Damien live, and how can I send him a 6-pack of beer? (or drink of his choice)
According to wikipedia (I know, the world's most reliable resource), he's in France.
Comments
By Anonymous Coward (64.119.129.237) on
>
> According to wikipedia (I know, the world's most reliable resource), he's in France.
>
>
Do we just address to package to :
Damien
c.o. France
?
Comments
By Mike Erdely (merdely) on http://erdelynet.com/
>
> Damien
> c.o. France
>
> ?
If only there were some way you could contact him. Maybe an email address. He's probably unlisted though. Good luck.
Comments
By Noryungi (noryungi) on
> > Damien
> > c.o. France
> If only there were some way you could contact him. Maybe an email
> address. He's probably unlisted though. Good luck.
Oh come on, guys. This is embarassing.
If you wish to contact Damien personally, just type "Damien Bergamini" in Google.
The first page that comes up is his web site, on Free (a French ISP).
Go to this page, and he helpfully supplies an email address, right there on the front page.
No, I won't post his email address and/or URL here.
Now, of course, I don't know if he likes beer. But I am sure you can find some other way to thank him if he does not like Guinness... :-)
Comments
By Mike Erdely (merdely) on http://erdelynet.com/
> > address. He's probably unlisted though. Good luck.
>
> Oh come on, guys. This is embarassing.
>
> If you wish to contact Damien personally, just type "Damien Bergamini"
> in Google.
Or... I gave his frickin' email address in the story. damien@
By Brynet (Brynet) on
Instead of asking here, with the off chance of someone revealing this mans address publicly (which he might not appreciate..)
Visit his home page, obtain is email address.. contact him privately, and arrange delivery of the aforementioned alcoholic beverages in excessive quantities.
By ficovh (189.130.3.72) ficovh@gmail.com on http://blog.bsdguy.net
congrats.
By Anonymous Coward (195.42.56.44) on
Now they implement it .... so it's not crap anymore ? -_-'
Comments
By Karl Sjödahl (Dunceor) on
> Now they implement it .... so it's not crap anymore ? -_-'
They never said it was crap, they just said that it wasn't a must because you could optain the same level of security with stuff already implemented in OpenBSD. Not the same thing.
Great work Damien and if not a must, this is definitly something that will draw users.
Comments
By Brad (2001:470:8802:3:216:41ff:fe17:6933) on
> > Now they implement it .... so it's not crap anymore ? -_-'
>
> They never said it was crap, they just said that it wasn't a must because you could optain the same level of security with stuff already implemented in OpenBSD. Not the same thing.
Lack of a developer willing and able to do the work was what held up adding support for WPA/WPA2.
By Anonymous Coward (74.13.60.58) on
> Now they implement it .... so it's not crap anymore ? -_-'
No, it's always been PAM that they've said is crap.
By Anonymous Coward (83.226.152.62) on
> Now they implement it .... so it's not crap anymore ? -_-'
It doesn't really matter whether it's crap or not. There are de facto a great number of WPA networks out there and OpenBSD need to be able to connect to them as well. I mean WEP is already supported, and I think everyone can agree to how pointless that is, but it's still something you just have to be able to use.
By Rich (195.212.199.56) on
By Janne Johansson (jj) jan.johansson@it.su.se on www.inet6.se
I call upon all of you who previously said "why is there no WPA, it sucks, I must have it" to follow me and donate some sum to show appreciation of it now.
By Timo Myyrä (131.177.204.78) on
Gotta update my laptop to current once I get home.
By Anonymous Coward (85.106.209.253) on
wpi(4) is used as example interface type. Replace it with yours.
Also replace essid and passphrase matching with your network configuration.
/etc/hostname.wpi0:
Comments
By Anonymous Coward (2001:888:1b6b:b0e::6965:6b73) on
(...)
> !_wpakey=`/sbin/wpa-psk essid 'passphrase'`
> !ifconfig \$if nwid essid wpa wpapsk ${_wpakey}
> dhcp NONE
Hrm. If you're doing this don't forget to chmod 600 /etc/hostname.if! In fact, maybe there ought to be a warning in the manpages...
Comments
By Anonymous Coward (91.3.31.65) on
http://marc.info/?l=openbsd-cvs&m=120846187803526&w=2
http://marc.info/?l=openbsd-cvs&m=120845916429517&w=2
http://marc.info/?l=openbsd-cvs&m=120839716717153&w=2
By Han (212.120.65.251) han@mijncomputer.nl on
Comments
By jirib (89.176.154.98) on
only thing? unfortunatelly i miss unicode in ncurses :( poor mcabber with OTR&GPG :(
jirib
By Anonymous Coward (90.190.199.233) on http://udet.dyndns.org/jg3/
Well :)
Same issue here - using Ubuntu - will switch my laptop to OpenBSD soon :)
Thanks !
By Anonymous Coward (79.197.93.151) on
By Bayu Krisnawan (krisna) krisna@infobsd.org on http://www.infobsd.org
Wow very nice, thanks OpenBSD.
By Bayu Krisnawan (202.148.12.244) krisna@infobsd.org on http://www.infobsd.org
Wow very nice, thanks OpenBSD.
By Hernan Costante (201.239.217.117) hdc@openbsderos.org on www.openbsderos.org
its de best notice for my openbsd wireless server farm!!!!
....Vamos OpenBSD carajo!
Salud!
Hernan
By e4ea (82.95.251.82) on
Comments
By sthen (2a01:348:108:155:20a:e4ff:fe2d:99ee) on
If you're in a situation where you can use wires, it's usually a better idea to do so.. WPA plugs some holes, but as the saying in hostapd.conf goes, "wavelan is a battle field".
By Anonymous Coward (70.173.172.228) on
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.
What about in concert with security/wpa_supplicant?
By Martin Toft (martintoft) mt@martintoft.dk on http://martintoft.dk
Will support for some of the 802.1x authentication and key protocols follow anytime soon? E.g. PEAPv0/EAP-MSCHAPv2. I need "enterprise" mode :-)
Comments
By Anonymous Coward (70.173.172.228) on
>
> Will support for some of the 802.1x authentication and key protocols follow anytime soon? E.g. PEAPv0/EAP-MSCHAPv2. I need "enterprise" mode :-)
presumably security/wpa_supplicant (which is essentially a generic 802.1X client) will be updated.
By Anonymous Coward (88.89.138.252) on