hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
 
[20070816] Network auto-detection scripts
Some time ago I had to redo the network auto-detection scripts on my laptop when the harddisk crashed and I had no backup. Here's an attempt at documenting things.

The picture: My laptop has an ethernet and a wireless card, tlp0 and ath0. Ethernet can be plugged in at times, and should have precedence over wireless -- this is mostly to prevent a wifi network bouncing up and down interrupting operating via the cable. Wireless can be configured in several ways, including no security, WEP or WPA.

The machine should try to find network when waking up from APM, when ethernet is plugged in, or when a wireless network is found (using whatever SSID).

The idea is to use wpa_supplicant(8) to detect wifi networks and mark the ath0 interface as "connected". NetBSD's ifwatchd(8) is used to detect if either ethernet or wifi is "connected" or disconnected when the machine's either running, or returning from sleep. A shell script then runs dhcp and does assorted setup and cleanup.

The main engine in this setup is ifwatchd(8), which basically handles all the work that's either induced by kicking wpa_supplicant(8) via APM, wpa_supplicant(8) finding a working wifi network, or by plugging in/out an ethernet cable.

The configuration:

  1. /etc/rc.conf:
    apmd=yes
    wpa_supplicant=yes
    wpa_supplicant_flags="-B -iath0 -c/root/wpa.conf"
    ifwatchd=yes
    ifwatchd_flags="-c /root/ifwatch-up -n /root/ifwatch-down tlp0 ath0" 

  2. WPA supplicant config: /root/wpa.conf

    Here's a sample config file for wpa_supplicant(8) that I use for University, home and another place. Note that the WPA in there is a bit more complex than in a home-setup with just a pre-shared key (PSK):

    % cat /root/wpa.conf
    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=wheel
    
    #
    # WPA-enabled network with identities 
    # (used at uni-regensburg.de and fh-regensburg.de)
    #
    network={
            ssid="802.11i"
            key_mgmt=WPA-EAP
            eap=TTLS
            identity="abc12345"
            password="foobar"
            phase2="auth=PAP"
    }
    
    #
    # An unencrypted (open) network:
    #
    network={
            ssid="eyeswideshut"
            scan_ssid=1
            key_mgmt=NONE
    }
    
    #
    # A WEP-encrypted network with pre-shared key:
    #
    network={
           ssid="wepssid"
           scan_ssid=1
           key_mgmt=NONE
           wep_key0="wepkey"
           #wep_tx_keyidx=0
           #priority=5
    } 

  3. Watching interfaces: /root/ifwatch-updown

    ifwatchd(8) can't pass parameters, so I'm using two different scripts, and then look at $0 to see if we're going up or down:

    % ls -la /root/ifwatch-*
    lrwxr-xr-x  1 root  wheel   14 Mar 10 12:27 /root/ifwatch-down -> ifwatch-updown
    lrwxr-xr-x  1 root  wheel   14 Mar 10 12:27 /root/ifwatch-up -> ifwatch-updown
    -rwxr-xr-x  1 root  wheel  760 Aug 16 11:45 /root/ifwatch-updown
    
    Here is the script that handles ethernet and wifi networks going up and down:

    % cat /root/ifwatch-updown
    #!/bin/sh
    #
    # See if network is going up or down, to be called via ifwatchd(8)
    #
    # Copyright (c) 2007 Hubert Feyrer <hubert@feyrer.de>
    # All rights reserved.
    #
    
    case $0 in
    *-up)
            case $1 in
            tlp*)
                    # Disable wireless bouncing up and down if we're on wire
                    #
                    logger stopping wpa_supplicant
                    sh /etc/rc.d/wpa_supplicant stop
                    ;;
            esac
    
            pkill dhclient
            sh /etc/rc.d/network restart
            dhclient $1
            sh /etc/rc.d/ntpd restart
            ;;
    
    *-down)
            case $1 in
            tlp*)
                    # Re-enable wireless if we go off-wire
                    #
                    logger starting wpa_supplicant
                    sh /etc/rc.d/wpa_supplicant start
                    ;;
            esac
    
            pkill -x ssh
            sh /etc/rc.d/ntpd stop
    
            pkill dhclient
    
            sh /etc/rc.d/network stop
            route delete 194.95.108.0/24
            ;;
    
    *)
            logger "$0 $@": unknown 
            ;;
    esac
    
    logger "$0 $@" done.
    echo ^G >/dev/console
    

    A few comments:

    • As the comment says, if the ethernet interface (tlp) is found to be connected, wpa_supplicant(8) is stopped to prevent it from bouncing up and down and possibly disrupt things.
    • I stop the network at every time, to flush routes and everything. This mostly works, but not completely, thus I remove one route manually. Someone please fix "route flush"...
    • I use NTP, and to prevent ntpd(8) from spamming the logs when offline, I disable it when offline.
    • When network goes away, I kill my ssh sessions. I prefer this over dead sessions that I have to kill with ~.
    • The echo-command in the last line sends a beep with ^G to give a signal that network's up/down now.

  4. APM setup:

    During my experiments, wpa_supplicant(8) died during suspend/resume, I thus stop it before suspending, and start after resuming. This may also have positive effects on power consumption (if not it should probably be hooked in here). My machine uses APM, and I mostly use /usr/share/examples/apm/script, see that file for install instructions.

    Here's the diff that I use to handle wpa_supplicant - dhclient is restarted via ifwatchd:

    % diff -u /usr/share/examples/apm/script /etc/apm/battery
    --- /usr/share/examples/apm/script      2003-03-11 15:56:54.000000000 +0100
    +++ /etc/apm/battery    2007-03-10 12:57:21.000000000 +0100
    @@ -25,7 +25,7 @@
     S=/usr/X11R6/share/kde/sounds
     
     # What my network card's recognized as:
    -if=ne0
    +if=ath0
     
     LOGGER='logger -t apm'
     
    @@ -43,8 +43,11 @@
            # In case some NFS mounts still exist - we don't want them to hang:
            umount -a    -t nfs
            umount -a -f -t nfs
    -       ifconfig $if down
    -       sh /etc/rc.d/dhclient stop
    +
    +       sh /etc/rc.d/wpa_supplicant stop
    +
    +       cd /usr/tmp ; make off
    +
            $LOGGER 'Suspending done.'
            ;;
     
    @@ -62,7 +65,9 @@
     *resume)
            $LOGGER 'Resuming...'
            noise $S/KDE_Startup.wav
    -       sh /etc/rc.d/dhclient start
    +
    +       sh /etc/rc.d/wpa_supplicant start
    +
            # mount /home
            # mount /data
            $LOGGER 'Resuming done.'
    

    The "make off" when shutting down the machine unmounts the cgf-encrypted data partition that I'm using for SSH and PGP keys. I manually mount it when I need it again.

With these four steps -- rc.conf, wpa.conf, ifwatch-script, and APM script -- things should be in place to auto-detect cable and wifi networks, and get things online.

The future -- more work on this would include adding ACPI/powerd(8) scripts, and putting all of this either into the default NetBSD install, or at least into NetBSD's /usr/share/examples.

[Tags: , , , , , , ]


[20070509] Switched from vpnc to WPA2 for WLAN
I've used vpnc at my university's campus until a few months ago, when my other working place (FH Regensburg) deployed a WPA2-only WLAN. I've then bought a Linksys A+B+G NIC (Atheros based, works fine with NetBSD 4.0_BETA2/i386), and switched from vpnc to WPA2.

Those interested can find the config in the "May 2007" entry of the updates of my vpnc article.

(I also have some scripts that do auto-detection of wirefull and wireless networks and setup connections accordingly, together with APM-based suspend and resume; I'll write some more about that some other time, as it's what NetBSD lacks when installed out of the box)

[Tags: , , ]


[20060509] Using WPA
Someone asked about how to use WPA, and before searching the docs and mailing lists again, this link may come in handy next time.

[Tags: , , ]


[20060411] Testers for wpa_supplicant 0.4.8 wanted
Rui Paulo has ported the latest version of the WPA supplicant, version 0.4.8, to NetBSD, and he's looking for testers. Please send him mail for any input!

[Tags: ]


[20050807] WPA / IEEE 802.1x progress
It seems that Ronald van der Pol convinced NetBSD to talk IEEE 802.1 authentication for wireless LAN using hostapd with his Atheros card. It seems that a few small patches were needed to compile things, but nothing serious. Let's hope this gets integrated into NetBSD and documented(!) eventually. (We should start a WLAN chapter in the NetBSD Guide... :)

(Why is this interesting for me and Jan? I've moved to teach at Jan's campus this fall, and they seem to be phasing out the MAC/DHCP-based wireless LAN with something that's using IEEE 802.1x and some *yuck* Windows-domain accounts - but at least no more seperate registration for machines then...)

[Tags: , ]


Tags: , 2bsd, 34c3, 3com, 501c3, 64bit, acl, acls, acm, acorn, acpi, acpitz, adobe, adsense, advocacy, Advocacy, advogato, aes, afs, aiglx, aio, airport, alereon, alex, alix, alpha, altq, am64t, amazon, amd64, anatomy, ansible, apache, apm, apple, arkeia, arla, arm, art, Article, Articles, ascii, asiabsdcon, aslr, asterisk, asus, atf, ath, atheros, atmel, audio, audiocodes, autoconf, avocent, avr32, aws, axigen, azure, backup, balloon, banners, basename, bash, bc, beaglebone, benchmark, bigip, bind, blackmouse, bldgblog, blog, blogs, blosxom, bluetooth, board, bonjour, books, boot, boot-z, bootprops, bozohttpd, bs2000, bsd, bsdca, bsdcan, bsdcertification, bsdcg, bsdforen, bsdfreak, bsdmac, bsdmagazine, bsdnexus, bsdnow, bsdstats, bsdtalk, bsdtracker, bug, build.sh, busybox, buttons, bzip, c-jump, c99, cafepress, calendar, callweaver, camera, can, candy, capabilities, card, carp, cars, cauldron, ccc, ccd, cd, cddl, cdrom, cdrtools, cebit, centrino, cephes, cert, certification, cfs, cgd, cgf, checkpointing, china, christos, cisco, cloud, clt, cobalt, coccinelle, codian, colossus, common-criteria, community, compat, compiz, compsci, concept04, config, console, contest, copyright, core, cortina, coverity, cpu, cradlepoint, cray, crosscompile, crunchgen, cryptography, csh, cu, cuneiform, curses, curtain, cuwin, cvs, cvs-digest, cvsup, cygwin, daemon, daemonforums, daimer, danger, darwin, data, date, dd, debian, debugging, dell, desktop, devd, devfs, devotionalia, df, dfd_keeper, dhcp, dhcpcd, dhcpd, dhs, diezeit, digest, digests, dilbert, dirhash, disklabel, distcc, dmesg, Docs, Documentation, donations, draco, dracopkg, dragonflybsd, dreamcast, dri, driver, drivers, drm, dsl, dst, dtrace, dvb, ec2, eclipse, eeepc, eeepca, ehci, ehsm, eifel, elf, em64t, embedded, Embedded, emips, emulate, encoding, envsys, eol, espresso, etcupdate, etherip, euca2ools, eucalyptus, eurobsdcon, eurosys, Events, exascale, ext3, f5, facebook, falken, fan, faq, fatbinary, features, fefe, ffs, filesystem, fileysstem, firefox, firewire, fireworks, flag, flash, flashsucks, flickr, flyer, fmslabs, force10, fortunes, fosdem, fpga, freebsd, freedarwin, freescale, freex, freshbsd, friendlyAam, friendlyarm, fritzbox, froscamp, fsck, fss, fstat, ftp, ftpd, fujitsu, fun, fundraising, funds, funny, fuse, fusion, g4u, g5, galaxy, games, gcc, gdb, gentoo, geode, getty, gimstix, git, gnome, google, google-soc, googlecomputeengine, gpio, gpl, gprs, gracetech, gre, groff, groupwise, growfs, grub, gumstix, guug, gzip, hackathon, hackbench, hal, hanoi, happabsd, Hardware, hardware, haze, hdaudio, heat, heimdal, hf6to4, hfblog, hfs, history, hosting, hotplug, hp, hp700, hpcarm, hpcsh, hpux, html, httpd, hubertf, hurd, i18n, i386, i386pkg, ia64, ian, ibm, ids, ieee, ifwatchd, igd, iij, image, images, imx233, imx7, information, init, initrd, install, intel, interix, internet2, interview, interviews, io, ioccc, iostat, ipbt, ipfilter, ipmi, ipplug, ipsec, ipv6, irbsd, irc, irix, iscsi, isdn, iso, isp, itojun, jail, jails, japanese, java, javascript, jetson, jibbed, jihbed, jobs, jokes, journaling, kame, kauth, kde, kerberos, kergis, kernel, keyboardcolemak, kirkwood, kitt, kmod, kolab, kvm, kylin, l10n, landisk, laptop, laptops, law, ld.so, ldap, lehmanns, lenovo, lfs, libc, license, licensing, linkedin, links, linksys, linux, linuxtag, live-cd, lkm, localtime, locate.updatedb, logfile, logging, logo, logos, lom, lte, lvm, m68k, macmini, macppc, macromedia, magicmouse, mahesha, mail, makefs, malo, mame, manpages, marvell, matlab, maus, max3232, mbr95, mbuf, mca, mdns, mediant, mediapack, meetbsd, mercedesbenz, mercurial, mesh, meshcube, mfs, mhonarc, microkernel, microsoft, midi, mini2440, miniroot, minix, mips, mirbsd, missile, mit, mixer, mobile-ip, modula3, modules, money, mouse, mp3, mpls, mprotect, mtftp, mult, multics, multilib, multimedia, music, mysql, named, nas, nasa, nat, ncode, ncq, ndis, nec, nemo, neo1973, netbook, netboot, netbsd, netbsd.se, nethack, nethence, netksb, netstat, netwalker, networking, neutrino, nforce, nfs, nis, npf, npwr, nroff, nslu2, nspluginwrapper, ntfs-3f, ntp, nullfs, numa, nvi, nvidia, nycbsdcon, office, ofppc, ohloh, olimex, olinuxino, olpc, onetbsd, openat, openbgpd, openblocks, openbsd, opencrypto, opendarwin, opengrok, openmoko, openoffice, openpam, openrisk, opensolaris, openssl, or1k, oracle, oreilly, oscon, osf1, osjb, paas, packages, pad, pae, pam, pan, panasonic, parallels, pascal, patch, patents, pax, paypal, pc532, pc98, pcc, pci, pdf, pegasos, penguin, performance, pexpect, pf, pfsync, pgx32, php, pie, pike, pinderkent, pkg_install, pkg_select, pkgin, pkglint, pkgmanager, pkgsrc, pkgsrc.se, pkgsrccon, pkgsrcCon, Platforms, plathome, pleiades, pocketsan, podcast, pofacs, politics, polls, polybsd, portability, posix, postinstall, power3, powernow, powerpc, powerpf, pppoe, precedence, preemption, prep, presentations, prezi, products, Products, proplib, protectdrive, proxy, ps, ps3, psp, psrset, pthread, ptp, ptyfs, Publications, puffs, puredarwin, pxe, qemu, qnx, qos, qt, quality-management, quine, quote, quotes, r-project, ra5370, radio, radiotap, raid, raidframe, rants, raptor, raq, raspberrypi, rc.d, readahead, realtime, record, refuse, reiserfs, Release, releases, Releases, releng, reports, resize, restore, ricoh, rijndael, rip, riscos, rng, roadmap, robopkg, robot, robots, roff, rootserver, rotfl, rox, rs323, rs6k, rss, ruby, rump, rzip, sa, safenet, san, sata, savin, sbsd, scampi, scheduler, scheduling, schmonz, sco, screen, script, sdf, sdtemp, secmodel, Security, security, sed, segvguard, seil, sendmail, serial, serveraptor, sfu, sge, sgi, sgimips, sh, sha2, shark, sharp, shisa, shutdown, sidekick, size, slackware, slashdot, slides, slit, smbus, smp, sockstat, soekris, softdep, softlayer, software, solaris, sony, sound, source, source-changes, spanish, sparc, sparc64, spider, spreadshirt, spz, squid, ssh, sshfs, ssp, statistics, stereostream, stickers, storage, stty, studybsd, subfile, sudbury, sudo, summit, sun, sun2, sun3, sunfire, sunpci, support, sus, suse, sushi, susv3, svn, swcrypto, symlinks, sysbench, sysctl, sysinst, sysjail, syslog, syspkg, systat, systrace, sysupdate, t-shirt, tabs, talks, tanenbaum, tape, tcp, tcp/ip, tcpdrop, tcpmux, tcsh, teamasa, tegra, teredo, termcap, terminfo, testdrive, testing, tetris, tex, TeXlive, thecus, theopengroup, thin-client, thinkgeek, thorpej, threads, time, time_t, timecounters, tip, tk1, tme, tmp, tmpfs, tnf, toaster, todo, toolchain, top, torvalds, toshiba, touchpanel, training, translation, tso, tty, ttyrec, tulip, tun, tuning, uboot, ucom, udf, ufs, ukfs, ums, unetbootin, unicos, unix, updating, upnp, uptime, usb, usenix, useradd, userconf, userfriendly, usermode, usl, utc, utf8, uucp, uvc, uvm, valgrind, vax, vcfe, vcr, veriexec, vesa, video, videos, virtex, virtualization, vm, vmware, vnd, vobb, voip, voltalinux, vpn, vpnc, vulab, w-zero3, wallpaper, wapbl, wargames, wasabi, webcam, webfwlog, wedges, wgt624v3, wiki, willcom, wimax, window, windows, winmodem, wireless, wizd, wlan, wordle, wpa, wscons, wstablet, X, x.org, x11, x2apic, xbox, xcast, Xen, xen, xfree, xfs, xgalaxy, xilinx, xkcd, xlockmore, xmms, xmp, xorg, xscale, youos, youtube, zaurus, zdump, zfs, zlib

'nuff. Grab the RSS-feed, index, or go back to my regular NetBSD page

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 34936728
Copyright (c) Hubert Feyrer