Firmware
devices are not the only machines that can serve as an access point.
There is an 802.11 access point driver for Linux called
HostAP
. HostAP
provides all
of the standard access point functionality but you have the added
benefit of a general-purpose operating system to allow you to create
unique network architectures and security policies.
HostAP
is designed to run on wireless cards
that use Intersil’s Prism chipset Version 2, 2.5, or
3. Cards based on this chipset include the D-Link DWL650, Netgear
MA401, Compaq WL100, and the Linksys WMP11. Intersil, to date, is the
only vendor to have released their radio specification to open source
developers. It is possible that the HostAP
driver will be ported to run on other chipsets in the future, so
check the HostAP
web site (http://hostap.epitest.fi) for equipment
requirements. Most wireless cards on the market today do not specify
the chipset used to drive the card. Check your
vendor’s web site or online lists of cards and their
chipsets such as http://www.personaltelco.net/index.cgi/Prism2Card.
In order to install
HostAP
, you will need a custom-built Linux 2.4
kernel and the kernel source code available. See Section 5.2.1 for information on compiling your own kernel.
If you are using the pcmcia-cs
package, you will
need its source code. You will also need to download the latest
HostAP
source code from http://hostap.epitest.fi.
Read the instructions that come with the distribution to determine
how to install the HostAP
driver. There are many
different ways, and they all require your kernel to be compiled
differently depending on the option you choose. You can compile
HostAP
as a loadable module for your existing
kernel, as a replacement for the Prism drivers in the
pcmcia-cs
package, or as a replacement for your
PLX drivers if you are using a PLX PCI-PCMCIA
bridge. PLX bridges are common in desktop PCs that have PCMCIA card
slots in them. They are very uncommon in laptops.
Once you get the HostAP
driver installed per the
instructions, your access point will appear as a
wlan
device:
bash# ifconfig wlan0 wlan0 Link encap:Ethernet HWaddr 00:04:E2:36:68:02 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:597 errors:0 dropped:1720 overruns:0 frame:0 TX packets:110440 errors:10 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:7492 (7.3 Kb) TX bytes:9070827 (8.6 Mb) Interrupt:3 Base address:0x2880
You cannot assign an IP address to the wlan
device. However, you can create an Ethernet bridge to pass traffic
between a wired network and a wireless network as a firmware access
point would. Once you have created the bridge group, you can also
assign an IP address to the bridge interface. This IP address will be
accessible from both the wired and wireless networks.
You must have Ethernet bridging support compiled into your kernel:
CONFIG_BRIDGE=y
Once bridging support is compiled in, you may need to download the Ethernet bridging tools if they were not distributed with your core operating system. These tools can be obtained from http://bridge.sourceforge.net/. The tools have both a binary and a source distribution. Install whichever suits your needs.
The
brctl
command is used to control the activities
of the bridge groups on the host. In order to bridge between the
wired and wireless networks, you must first create the bridge group,
then assign both interfaces to the group. Once that is done, you need
to remove any existing IP address assignments and assign the address
to the bridge interface. The following shell script can be run at
startup to configure your access point to be a wired to wireless
bridge:
#!/bin/sh PATH=/usr/sbin:/sbin:/bin # Check to see if bridge group 0 is already configured ifconfig br0 if [ $? -ne 0 ]; then brctl addbr br0 brctl addif br0 eth0 brctl addif br0 wlan0 ifconfig eth0 0.0.0.0 ifconfig wlan0 0.0.0.0 ifconfig br0 192.168.1.102 up else echo "Bridge Group 0 already configured" exit 1; fi exit 0;
You should
now be able to ping the bridge interface. Now you need to configure
the access points wireless parameters. The
HostAP
driver is controlled by the
iwcontrol
and iwpriv
commands. The following iwcontrol
commands
manipulate the HostAP
driver in a similar manner
to the methods documented in Section 5.2.4, however in
this case, they are configuring the access point for use by clients
rather than configuring the client.
This is the name of the interface to be configured. Typically, this
value will be something like wlan0
. If
iwconfig
is passed the interface name only and
no other configuration parameters, it will return the current
configuration of the wireless interface.
essid
This is the name of the Extended Service Set ID (ESSID) to create. This will be the value that stations will enter when prompted for their ESSID.
nwid
This is the network ID. A network ID is a mechanism used to identify particular access points within an SSID. Many access points may have the same SSID and therefore provide service to the same network.
channel
This is the channel the access point will use to communicate with stations. The 802.11b PHY specification describes channels in the 2.4 GHz ISM band for use by 802.11b radios. In the U.S., there are 11 usable channels, while European countries have 14. The client must specify the same channel as the access point in order to be able to communicate with it.
[wepkey] [index]
This flag controls all the WEP
configuration options. The WEP key may be entered as hex (e.g.,
0123-4567-89
) or ASCII pre-pended with
s:
(e.g., s:secrt
). Multiple
keys can be entered and referenced by specifying an index value
between 0 and 3.
For example, to set your HostAP
driver to an
ESSID of linuxtest
running on channel 6 using
WEP key secrt
, issue the following command as
root:
iwconfig wlan0 essid linuxtest freq 6 key s:secrt
These are not all of the commands supported by
iwcontrol
. See the documentation with the
HostAP
driver for more details.
The iwpriv
tool is used to configure the
portions of the access point that are not handled by
iwconfig
. The following are options that can be
passed to iwpriv
:
interface
monitor value
This command controls the drivers’ ability to snoop raw 802.11 frames. A value of 2 will sniff all 802.11 frames and allow user space programs to grab them. A value of 3 will grab all data received by the Prism chipset as well as all 802.11 frames and allow user space access. A value of 0 is normal, non-promiscuous access.
interface
maccmd value
This sets the policy for the HostAP
MAC address
filtering. A value of 0 will allow all MAC addresses to connection, 1
will allow only listed MAC addresses to connect, and 2 will allow all
MAC address but the ones listed to connect. A value or 3 will flush
the existing MAC ACL, and 4 will disassociate all associated
stations.
interface
addmac MAC addr
This command will add the specified MAC address to the MAC ACL. The
MAC address should be listed as a colon-separated list of hexadecimal
bytes (i.e.,: 12:34:56:78:9a:bc
)
interface
delmac MAC addr
This will remove the specified MAC address from the MAC ACL.
interface
kickmac MAC addr
This will deassociate the specified MAC address from the network.
This is not an exhaustive list of commands that are handled by
iwpriv
. See the HostAP
documentation for all possible options.
Once you have the HostAP
driver configured as
desired, there are various ways you can monitor the operations of the
access point. The HostAP
driver will provide
information in the /proc/net
and
/proc/net/prism2
directories. Using a tool such
as tkined
lets you monitor the contents of the
files below and alarm on critical conditions such as excessive error
rates or changes in core configurations. The following options allow
you to monitor your files:
/proc/net/prism2/
interface/MAC address
There is an entry in the prism2 directory for every associated MAC address. Each entry contains information regarding each station including supported bit rates, number of bytes transferred, signal levels, when the last association was, when the last authentication was, and when the last packet was received.
/proc/net/prism2/
interface/ap_control
This file contains the MAC ACL policy type as well as the current MAC
addresses listed in the ACL. These MAC addresses can be modified by
iwpriv
.
/proc/net/prism2/
interface/
ap_control
This file contains statistics about frames the access point has sent or received. This data includes the number of sent and received unicast packets, the number of excessive retries, undecryptable packets, and general discards.
The Linux HostAP
driver provides a great deal of
access-point functionality while continuing to offer all the
flexibility of Linux. You can turn your access point into your
network’s IP gateway as well. For information on how
to set up Linux gateways, see Chapter 11.
18.222.69.152