雜記

日前從wpa_supplicant 官網 http://hostap.epitest.fi/wpa_supplicant/

下載了source code

(狀況1) 測試使用WPA_GUI介面更新conf 檔卻更新不了

發現wpa.conf 應要加上 

update_config=1

否則無法更新wpa.conf, 官網解說如下

# Whether to allow wpa_supplicant to update (overwrite) configuration
#
# This option can be used to allow wpa_supplicant to overwrite configuration
# file whenever configuration is changed (e.g., new network block is added with
# wpa_cli or wpa_gui, or a password is changed). This is required for
# wpa_cli/wpa_gui to be able to store the configuration changes permanently.
# Please note that overwriting configuration file will remove the comments from
# it.
#update_config=1

(狀況2) 無法連線隱藏SSID之AP

要設

network={
	ssid="XXXXXXX"
	scan_ssid=1
	psk="XXXXXXXX"
	priority=2
}

官網解說如下

# scan_ssid:
#	0 = do not scan this SSID with specific Probe Request frames (default)
#	1 = scan with SSID-specific Probe Request frames (this can be used to
#	    find APs that do not accept broadcast SSID or use multiple SSIDs;
#	    this will add latency to scanning, so enable this only when needed)

另外

不確定ap_scan 要設為幾, 但應該可以確定不可不設

但以我的狀況, 應該是要設

ap_scan=2 //目前應用為只在wpa.conf設一個network, 且那個network為隱藏SSID

 (驗證 OK)

# AP scanning/selection
# By default, wpa_supplicant requests driver to perform AP scanning and then
# uses the scan results to select a suitable AP. Another alternative is to
# allow the driver to take care of AP scanning and selection and use
# wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association
# information from the driver.
# 1: wpa_supplicant initiates scanning and AP selection; if no APs matching to
#    the currently enabled networks are found, a new network (IBSS or AP mode
#    operation) may be initialized (if configured) (default)
# 0: driver takes care of scanning, AP selection, and IEEE 802.11 association
#    parameters (e.g., WPA IE generation); this mode can also be used with
#    non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
#    APs (i.e., external program needs to control association). This mode must
#    also be used when using wired Ethernet drivers.
# 2: like 0, but associate with APs using security policy and SSID (but not
#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
#    enable operation with hidden SSIDs and optimized roaming; in this mode,
#    the network blocks in the configuration file are tried one by one until
#    the driver reports successful association; each network block should have
#    explicit security policy (i.e., only one option in the lists) for
#    key_mgmt, pairwise, group, proto variables
# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
# created immediately regardless of scan results. ap_scan=1 mode will first try
# to scan for existing networks and only if no matches with the enabled
# networks are found, a new IBSS or AP mode network is created.
ap_scan=1

 以下為# AP scanning/selection 中文翻譯..因為覺得這一段解說閱讀起來比較困難, 所以寫翻譯..若有翻錯請指正..(通通翻對就不正常了哈哈)

預設(若沒有設此參數的話) 則wpa_supplicant會要求driver去做AP掃描, 並且接著使用掃描的結果去選擇連線合適的AP

反之其他(一旦設了此參數), 則 wpa_supplicant 即允許driver可1.掃描, 2.直接選擇AP, 3.使用wpa_supplicant僅去處理從driver得到之IEEE 802.11相關資訊之 EAPOL freames

模式1: wpa_supplicant 開啟掃描以及直接選擇AP; 如果沒有和最近掃描結果(有找到的AP列表)中匹配的AP, 則一個新的(IBSS或AP模式控制的)network即可能會被啟動 (前提是如果有寫入conf 的話)

模式0: driver可去做 (take care..關心..?翻成"可去做"不知道可不可以) 1.掃描, 2.直接選擇AP, 以及3. IEEE 802.11相關參數(也就是WPA IE generation);

當使用IEEE 802.1X時, 這個模式也可以被non-WPA之driver所使用

不會去嘗試與多個AP連線(也就是需要外部程序去控制連線)

這個模式必須也被使用在有線乙鈦drivers的狀況時

模式2: 與模式0相似, 但是使用安全策略(security policy)及SSID(非BSSID)與多個AP連線, 

可被使用在有ndiswrapper及NDIS driver的狀況, 以可去操作被隱藏的SSIDs及優化漫遊(optimized roaming)

在這模式裡, conf 檔中的網路區塊(應該是指 network={......})會一個接一個地嘗試直到driver回報成功連線

每個網路區塊都應該要有明確地安全策略(exlicit security policy) (也就是每個區塊都要寫明..吧) (安全策略的控制相關參數..key_mgmt, pairwise, group, proto等)

 (最後一段..應該算是小結論)

當使用IBSS或AP模式時, 模式2可以強迫新網路立刻被創立且無須掃描結果.

模式1將會先嘗試掃描已存在的網路並且只有如果掃描不到匹配的可使用網路, 一個新的IBSS或AP模式的網路才會被創立.

============   分隔線   ==========================

感謝以下網站

1.  http://www.gentoo.org/doc/zh_tw/handbook/handbook-x86.xml?part=4&chap=4#doc_chap4

介紹WPA相當詳細的網站, 也詳細解說了wpa.conf參數該如何設置

1.5  http://hostap.epitest.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf

wpa_supplicant 的官網中,  解說conf檔的參數

2.  http://hsian-studio.blogspot.tw/2010/03/wpasupplicant-and-wpacli.html

介紹wpa_cli 指令(以操作控制wpa_supplicant ) 的用法

(貼出部分出來..)

使用wpa_cli控制和管理wpa_supplicant
# wpa_cli -i wlan0 status (看看目前的狀態)
# wpa_cli -i wlan0 help (查看參數與指令)
# wpa_cli -i wlan0 terminate (關閉wpa_supplicant)
# wpa_cli -i wlan0 interface (查看有那些無線網卡介面)
# wpa_cli -i wlan0 list_networks (查看wpa_supplicant.conf檔裡的設定)
# wpa_cli -i wlan0 select_network (選擇不同的AP，id為AP代號0,1,2,3...)
# wpa_cli -i wlan0 enable_network 
# wpa_cli -i wlan0 disable_network 
# wpa_cli -i wlan0 remove_network (刪除AP資訊)
# wpa_cli -i wlan0 reconfigure (重新讀取wpa_supplicant.conf設定內容)
# wpa_cli -i wlan0 save_config (儲存寫入到wpa_supplicant.conf中，否責變更無效)
# wpa_cli -i wlan0 disconnect (斷線)
# wpa_cli -i wlan0 reconnect (重新連線)
# wpa_cli -i wlan0 scan (掃描附近的AP)
# wpa_cli -i wlan0 scan_results (印出附近AP的相關資訊)

以上常常用到的差不多是disconnect, reconnect, scan, scan_results, select_network, list_networks, status, reconfigure

※wpa_supplicat是個非常好用的工具，讓我們不必自己去一行一行用指令去設定要連結的AP相關資訊，而可以透過wpa_supplicant.conf設定檔，讓系統開機之後自動搜尋附近AP如果已建立資訊的，就會自動連結好，而如果你換了一個地方，要更換無線網路設定，也只需要用wpa_cli select_network 就可以把網路切換過去。

(貼出部分出來..end)