hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
 
[20070816] Network auto-detection scripts
Some time ago I had to redo the network auto-detection scripts on my laptop when the harddisk crashed and I had no backup. Here's an attempt at documenting things.

The picture: My laptop has an ethernet and a wireless card, tlp0 and ath0. Ethernet can be plugged in at times, and should have precedence over wireless -- this is mostly to prevent a wifi network bouncing up and down interrupting operating via the cable. Wireless can be configured in several ways, including no security, WEP or WPA.

The machine should try to find network when waking up from APM, when ethernet is plugged in, or when a wireless network is found (using whatever SSID).

The idea is to use wpa_supplicant(8) to detect wifi networks and mark the ath0 interface as "connected". NetBSD's ifwatchd(8) is used to detect if either ethernet or wifi is "connected" or disconnected when the machine's either running, or returning from sleep. A shell script then runs dhcp and does assorted setup and cleanup.

The main engine in this setup is ifwatchd(8), which basically handles all the work that's either induced by kicking wpa_supplicant(8) via APM, wpa_supplicant(8) finding a working wifi network, or by plugging in/out an ethernet cable.

The configuration:

  1. /etc/rc.conf:
    apmd=yes
    wpa_supplicant=yes
    wpa_supplicant_flags="-B -iath0 -c/root/wpa.conf"
    ifwatchd=yes
    ifwatchd_flags="-c /root/ifwatch-up -n /root/ifwatch-down tlp0 ath0" 

  2. WPA supplicant config: /root/wpa.conf

    Here's a sample config file for wpa_supplicant(8) that I use for University, home and another place. Note that the WPA in there is a bit more complex than in a home-setup with just a pre-shared key (PSK):

    % cat /root/wpa.conf
    ctrl_interface=/var/run/wpa_supplicant
    ctrl_interface_group=wheel
    
    #
    # WPA-enabled network with identities 
    # (used at uni-regensburg.de and fh-regensburg.de)
    #
    network={
            ssid="802.11i"
            key_mgmt=WPA-EAP
            eap=TTLS
            identity="abc12345"
            password="foobar"
            phase2="auth=PAP"
    }
    
    #
    # An unencrypted (open) network:
    #
    network={
            ssid="eyeswideshut"
            scan_ssid=1
            key_mgmt=NONE
    }
    
    #
    # A WEP-encrypted network with pre-shared key:
    #
    network={
           ssid="wepssid"
           scan_ssid=1
           key_mgmt=NONE
           wep_key0="wepkey"
           #wep_tx_keyidx=0
           #priority=5
    } 

  3. Watching interfaces: /root/ifwatch-updown

    ifwatchd(8) can't pass parameters, so I'm using two different scripts, and then look at $0 to see if we're going up or down:

    % ls -la /root/ifwatch-*
    lrwxr-xr-x  1 root  wheel   14 Mar 10 12:27 /root/ifwatch-down -> ifwatch-updown
    lrwxr-xr-x  1 root  wheel   14 Mar 10 12:27 /root/ifwatch-up -> ifwatch-updown
    -rwxr-xr-x  1 root  wheel  760 Aug 16 11:45 /root/ifwatch-updown
    
    Here is the script that handles ethernet and wifi networks going up and down:

    % cat /root/ifwatch-updown
    #!/bin/sh
    #
    # See if network is going up or down, to be called via ifwatchd(8)
    #
    # Copyright (c) 2007 Hubert Feyrer <hubert@feyrer.de>
    # All rights reserved.
    #
    
    case $0 in
    *-up)
            case $1 in
            tlp*)
                    # Disable wireless bouncing up and down if we're on wire
                    #
                    logger stopping wpa_supplicant
                    sh /etc/rc.d/wpa_supplicant stop
                    ;;
            esac
    
            pkill dhclient
            sh /etc/rc.d/network restart
            dhclient $1
            sh /etc/rc.d/ntpd restart
            ;;
    
    *-down)
            case $1 in
            tlp*)
                    # Re-enable wireless if we go off-wire
                    #
                    logger starting wpa_supplicant
                    sh /etc/rc.d/wpa_supplicant start
                    ;;
            esac
    
            pkill -x ssh
            sh /etc/rc.d/ntpd stop
    
            pkill dhclient
    
            sh /etc/rc.d/network stop
            route delete 194.95.108.0/24
            ;;
    
    *)
            logger "$0 $@": unknown 
            ;;
    esac
    
    logger "$0 $@" done.
    echo ^G >/dev/console
    

    A few comments:

    • As the comment says, if the ethernet interface (tlp) is found to be connected, wpa_supplicant(8) is stopped to prevent it from bouncing up and down and possibly disrupt things.
    • I stop the network at every time, to flush routes and everything. This mostly works, but not completely, thus I remove one route manually. Someone please fix "route flush"...
    • I use NTP, and to prevent ntpd(8) from spamming the logs when offline, I disable it when offline.
    • When network goes away, I kill my ssh sessions. I prefer this over dead sessions that I have to kill with ~.
    • The echo-command in the last line sends a beep with ^G to give a signal that network's up/down now.

  4. APM setup:

    During my experiments, wpa_supplicant(8) died during suspend/resume, I thus stop it before suspending, and start after resuming. This may also have positive effects on power consumption (if not it should probably be hooked in here). My machine uses APM, and I mostly use /usr/share/examples/apm/script, see that file for install instructions.

    Here's the diff that I use to handle wpa_supplicant - dhclient is restarted via ifwatchd:

    % diff -u /usr/share/examples/apm/script /etc/apm/battery
    --- /usr/share/examples/apm/script      2003-03-11 15:56:54.000000000 +0100
    +++ /etc/apm/battery    2007-03-10 12:57:21.000000000 +0100
    @@ -25,7 +25,7 @@
     S=/usr/X11R6/share/kde/sounds
     
     # What my network card's recognized as:
    -if=ne0
    +if=ath0
     
     LOGGER='logger -t apm'
     
    @@ -43,8 +43,11 @@
            # In case some NFS mounts still exist - we don't want them to hang:
            umount -a    -t nfs
            umount -a -f -t nfs
    -       ifconfig $if down
    -       sh /etc/rc.d/dhclient stop
    +
    +       sh /etc/rc.d/wpa_supplicant stop
    +
    +       cd /usr/tmp ; make off
    +
            $LOGGER 'Suspending done.'
            ;;
     
    @@ -62,7 +65,9 @@
     *resume)
            $LOGGER 'Resuming...'
            noise $S/KDE_Startup.wav
    -       sh /etc/rc.d/dhclient start
    +
    +       sh /etc/rc.d/wpa_supplicant start
    +
            # mount /home
            # mount /data
            $LOGGER 'Resuming done.'
    

    The "make off" when shutting down the machine unmounts the cgf-encrypted data partition that I'm using for SSH and PGP keys. I manually mount it when I need it again.

With these four steps -- rc.conf, wpa.conf, ifwatch-script, and APM script -- things should be in place to auto-detect cable and wifi networks, and get things online.

The future -- more work on this would include adding ACPI/powerd(8) scripts, and putting all of this either into the default NetBSD install, or at least into NetBSD's /usr/share/examples.

[Tags: , , , , , , ]


[20070814] Catching up: netbsd.se web design contest, CuWIN, cobalt restore CD, ...
Ok, some more busy days have passed, and I feel like I should post about things that have happened. Sorry for not being more upto date. So, what happened in NetBSD land?

[Tags: , , , , , , , , , ]


[20051206] Patch: an(4) radiotap for NetBSD 3.0 (Update #1)
Eric Auge has privided a patch against the an(4) driver for Aironet 4500/4800 and Cisco 340/350 series wireless network drivers in the upcoming NetBSD 3.0 release (available today on the netbsd-3 branch ans via some release candidates), allowing it to capture tcpdump(8) packets including their IEEE 802.11 headers. The patch also includes support for newer firmwares. See his mail for more information and a link to his patch.

Update #1: Eric has updated me that ``radiotap gives informations about the state of the card at the time the packet was received, the best example for that is using radiotap headers to have signal/noise informations without each time asking the card (using ioctl()).

With radiotap header the signal informations for this packet are embedded in those headers, same for channel informations, malformed packet flags, other flags or infos the card can provide directly within the driver (usually not accessible from userland) etc..''

For more data, see the ieee80211_radiotap(9) manpage (on -current, maybe 3.0 - I'm happy with 2.1 on my laptop!)

[Tags: , , ]


[20051126] ural(4) for NetBSD 3.0
iMil has finished a backport of the latest ural(4) driver from NetBSD-current to the netbsd-3 branch. See his mail for all the details.

[Tags: , ]


[20051107] Article: Secure WiFi client stack supports WPA2, CCX, Linux
In context of Devicescape Software ``shipping a "cross-platform" WiFi stack for wireless consumers and office client devices'', their Vice President of Marketing, Glee Flinchbaugh is quoted to admit that while ``Wireless access points seem to all be running Linux'' that ``There's a little bit of NetBSD out there''. See the full article for more.

[Tags: , ]


[20051016] Volunteers wanted for a wireless "mesh" network
David Young is working on CUWiN, which is `` an IPv4 / IPv6 network that provides both a community intranet and Internet service over a "mesh" of wireless routers on subscribers' homes''. If you want to help out on the project, which is ``an inexhaustible supply of sub-projects'', check David's mail to tech-net or check out his pages on Internet gateway selection and a simulation environment.

[Tags: , , ]


[20051002] WPA Support in NetBSD-current
If you have a recent wireless card and access point, you can use NetBSD(-current) now to use Wi-Fi Protected Access - WPA. Steve Woodford has imported the necessary code and also sent instructions on how to use it - seems fairly trivial. BTW, to those wondering, the code is originally offered under a BSD/GPL dual-license. The BSD part is of course what NetBSD chooses, hence no import of this into src/gnu.

[Tags: , ]


[20050807] WPA / IEEE 802.1x progress
It seems that Ronald van der Pol convinced NetBSD to talk IEEE 802.1 authentication for wireless LAN using hostapd with his Atheros card. It seems that a few small patches were needed to compile things, but nothing serious. Let's hope this gets integrated into NetBSD and documented(!) eventually. (We should start a WLAN chapter in the NetBSD Guide... :)

(Why is this interesting for me and Jan? I've moved to teach at Jan's campus this fall, and they seem to be phasing out the MAC/DHCP-based wireless LAN with something that's using IEEE 802.1x and some *yuck* Windows-domain accounts - but at least no more seperate registration for machines then...)

[Tags: , ]


[20050608] Article: Open Mesh
There's an article that describes how to skip the digital divide by making bandwidth cheaply available via mesh neighbourhoods PCs. The article introduces the solution by the Champaign-Urbana Community Wireless Network (CUWiN) which uses a software setup based on NetBSD and freely available. Interesting detail: automatic software upgrade made easy.

[Tags: , , ]


[20050323] ural(4) - Ralink Technology RT2500USB IEEE 802.11 driver
Fukaumi Naoki has ported Damien Bergamini's ural(4) to NetBSD, see his posting to tech-kern.

[Tags: ]


Previous 8 entries

Tags: , 2bsd, 34c3, 3com, 501c3, 64bit, acl, acls, acm, acorn, acpi, acpitz, adobe, adsense, Advocacy, advocacy, advogato, aes, afs, aiglx, aio, airport, alereon, alex, alix, alpha, altq, am64t, amazon, amd64, anatomy, ansible, apache, apm, apple, arkeia, arla, arm, art, Article, Articles, ascii, asiabsdcon, aslr, asterisk, asus, atf, ath, atheros, atmel, audio, audiocodes, autoconf, avocent, avr32, aws, axigen, azure, backup, balloon, banners, basename, bash, bc, beaglebone, benchmark, bigip, bind, blackmouse, bldgblog, blog, blogs, blosxom, bluetooth, board, bonjour, books, boot, boot-z, bootprops, bozohttpd, bs2000, bsd, bsdca, bsdcan, bsdcertification, bsdcg, bsdforen, bsdfreak, bsdmac, bsdmagazine, bsdnexus, bsdnow, bsdstats, bsdtalk, bsdtracker, bug, build.sh, busybox, buttons, bzip, c-jump, c99, cafepress, calendar, callweaver, camera, can, candy, capabilities, card, carp, cars, cauldron, ccc, ccd, cd, cddl, cdrom, cdrtools, cebit, centrino, cephes, cert, certification, cfs, cgd, cgf, checkpointing, china, christos, cisco, cloud, clt, cobalt, coccinelle, codian, colossus, common-criteria, community, compat, compiz, compsci, concept04, config, console, contest, copyright, core, cortina, coverity, cpu, cradlepoint, cray, crosscompile, crunchgen, cryptography, csh, cu, cuneiform, curses, curtain, cuwin, cvs, cvs-digest, cvsup, cygwin, daemon, daemonforums, daimer, danger, darwin, data, date, dd, debian, debugging, dell, desktop, devd, devfs, devotionalia, df, dfd_keeper, dhcp, dhcpcd, dhcpd, dhs, diezeit, digest, digests, dilbert, dirhash, disklabel, distcc, dmesg, Docs, Documentation, donations, draco, dracopkg, dragonflybsd, dreamcast, dri, driver, drivers, drm, dsl, dst, dtrace, dvb, ec2, eclipse, eeepc, eeepca, ehci, ehsm, eifel, elf, em64t, Embedded, embedded, emips, emulate, encoding, envsys, eol, espresso, etcupdate, etherip, euca2ools, eucalyptus, eurobsdcon, eurosys, Events, exascale, ext3, f5, facebook, falken, fan, faq, fatbinary, features, fefe, ffs, filesystem, fileysstem, firefox, firewire, fireworks, flag, flash, flashsucks, flickr, flyer, fmslabs, force10, fortunes, fosdem, fpga, freebsd, freedarwin, freescale, freex, freshbsd, friendlyAam, friendlyarm, fritzbox, froscamp, fsck, fss, fstat, ftp, ftpd, fujitsu, fun, fundraising, funds, funny, fuse, fusion, g4u, g5, galaxy, games, gcc, gdb, gentoo, geode, getty, gimstix, git, gnome, google, google-soc, googlecomputeengine, gpio, gpl, gprs, gracetech, gre, groff, groupwise, growfs, grub, gumstix, guug, gzip, hackathon, hackbench, hal, hanoi, happabsd, hardware, Hardware, haze, hdaudio, heat, heimdal, hf6to4, hfblog, hfs, history, hosting, hotplug, hp, hp700, hpcarm, hpcsh, hpux, html, httpd, hubertf, hurd, i18n, i386, i386pkg, ia64, ian, ibm, ids, ieee, ifwatchd, igd, iij, image, images, imx233, imx7, information, init, initrd, install, intel, interix, internet2, interview, interviews, io, ioccc, iostat, ipbt, ipfilter, ipmi, ipplug, ipsec, ipv6, irbsd, irc, irix, iscsi, isdn, iso, isp, itojun, jail, jails, japanese, java, javascript, jetson, jibbed, jihbed, jobs, jokes, journaling, kame, kauth, kde, kerberos, kergis, kernel, keyboardcolemak, kirkwood, kitt, kmod, kolab, kvm, kylin, l10n, landisk, laptop, laptops, law, ld.so, ldap, lehmanns, lenovo, lfs, libc, license, licensing, linkedin, links, linksys, linux, linuxtag, live-cd, lkm, localtime, locate.updatedb, logfile, logging, logo, logos, lom, lte, lvm, m68k, macmini, macppc, macromedia, magicmouse, mahesha, mail, makefs, malo, mame, manpages, marvell, matlab, maus, max3232, mbr95, mbuf, mca, mdns, mediant, mediapack, meetbsd, mercedesbenz, mercurial, mesh, meshcube, mfs, mhonarc, microkernel, microsoft, midi, mini2440, miniroot, minix, mips, mirbsd, missile, mit, mixer, mobile-ip, modula3, modules, money, mouse, mp3, mpls, mprotect, mtftp, mult, multics, multilib, multimedia, music, mysql, named, nas, nasa, nat, ncode, ncq, ndis, nec, nemo, neo1973, netbook, netboot, netbsd, netbsd.se, nethack, nethence, netksb, netstat, netwalker, networking, neutrino, nforce, nfs, nis, npf, npwr, nroff, nslu2, nspluginwrapper, ntfs-3f, ntp, nullfs, numa, nvi, nvidia, nycbsdcon, office, ofppc, ohloh, olimex, olinuxino, olpc, onetbsd, openat, openbgpd, openblocks, openbsd, opencrypto, opendarwin, opengrok, openmoko, openoffice, openpam, openrisk, opensolaris, openssl, or1k, oracle, oreilly, oscon, osf1, osjb, paas, packages, pad, pae, pam, pan, panasonic, parallels, pascal, patch, patents, pax, paypal, pc532, pc98, pcc, pci, pdf, pegasos, penguin, performance, pexpect, pf, pfsync, pgx32, php, pie, pike, pinderkent, pkg_install, pkg_select, pkgin, pkglint, pkgmanager, pkgsrc, pkgsrc.se, pkgsrccon, pkgsrcCon, Platforms, plathome, pleiades, pocketsan, podcast, pofacs, politics, polls, polybsd, portability, posix, postinstall, power3, powernow, powerpc, powerpf, pppoe, precedence, preemption, prep, presentations, prezi, Products, products, proplib, protectdrive, proxy, ps, ps3, psp, psrset, pthread, ptp, ptyfs, Publications, puffs, puredarwin, pxe, qemu, qnx, qos, qt, quality-management, quine, quote, quotes, r-project, ra5370, radio, radiotap, raid, raidframe, rants, raptor, raq, raspberrypi, rc.d, readahead, realtime, record, refuse, reiserfs, Release, releases, Releases, releng, reports, resize, restore, ricoh, rijndael, rip, riscos, rng, roadmap, robopkg, robot, robots, roff, rootserver, rotfl, rox, rs323, rs6k, rss, ruby, rump, rzip, sa, safenet, san, sata, savin, sbsd, scampi, scheduler, scheduling, schmonz, sco, screen, script, sdf, sdtemp, secmodel, Security, security, sed, segvguard, seil, sendmail, serial, serveraptor, sfu, sge, sgi, sgimips, sh, sha2, shark, sharp, shisa, shutdown, sidekick, size, slackware, slashdot, slides, slit, smbus, smp, sockstat, soekris, softdep, softlayer, software, solaris, sony, sound, source, source-changes, spanish, sparc, sparc64, spider, spreadshirt, spz, squid, ssh, sshfs, ssp, statistics, stereostream, stickers, storage, stty, studybsd, subfile, sudbury, sudo, summit, sun, sun2, sun3, sunfire, sunpci, support, sus, suse, sushi, susv3, svn, swcrypto, symlinks, sysbench, sysctl, sysinst, sysjail, syslog, syspkg, systat, systrace, sysupdate, t-shirt, tabs, talks, tanenbaum, tape, tcp, tcp/ip, tcpdrop, tcpmux, tcsh, teamasa, tegra, teredo, termcap, terminfo, testdrive, testing, tetris, tex, TeXlive, thecus, theopengroup, thin-client, thinkgeek, thorpej, threads, time, time_t, timecounters, tip, tk1, tme, tmp, tmpfs, tnf, toaster, todo, toolchain, top, torvalds, toshiba, touchpanel, training, translation, tso, tty, ttyrec, tulip, tun, tuning, uboot, ucom, udf, ufs, ukfs, ums, unetbootin, unicos, unix, updating, upnp, uptime, usb, usenix, useradd, userconf, userfriendly, usermode, usl, utc, utf8, uucp, uvc, uvm, valgrind, vax, vcfe, vcr, veriexec, vesa, video, videos, virtex, virtualization, vm, vmware, vnd, vobb, voip, voltalinux, vpn, vpnc, vulab, w-zero3, wallpaper, wapbl, wargames, wasabi, webcam, webfwlog, wedges, wgt624v3, wiki, willcom, wimax, window, windows, winmodem, wireless, wizd, wlan, wordle, wpa, wscons, wstablet, X, x.org, x11, x2apic, xbox, xcast, Xen, xen, xfree, xfs, xgalaxy, xilinx, xkcd, xlockmore, xmms, xmp, xorg, xscale, youos, youtube, zaurus, zdump, zfs, zlib

'nuff. Grab the RSS-feed, index, or go back to my regular NetBSD page

Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 35847669
Copyright (c) Hubert Feyrer