ca88yzc 6

Linux有线互联网设置ca88yzc,wpa_supplicant软件架构深入分析

Posted by

ca88yzc 1

(1)通过adb命令行,能够直接张开supplicant,进而运维wpa_cli,能够解决顾客未有显示器而一点办法也想不出来操作WIFI的标题,还足以幸免UI的难点带到driver。进一步来讲,能够用在众多从未键盘输入和LCD输出的安卓终端产品的操作上。

主机际遇:Gentoo Linux 3.1.10

 

     
  wpa_supplicant富含几个相当重要的可执行工具:wpa_supplicant和wpa_cli。wpa_supplicant是主导程序,
它和wpa_cli的关系便是服务和客户端的涉嫌:后台运维wpa_supplicant,使用wpa_cli来搜索、设置、和连接互连网。

WPA
Supplicant工具包能够令你连接受这一个使用WPA的AP。因为还只是beta版,所以它的布局方式仍会平常变化——即使如此,在多数景色下它已经能很好的办事。

wpa_supplicant软件架构深入分析

(2)在wpa_cli交互模式下能够奉行非常多发令,列表如下:

安装上wap_supplicant后方可经过改造/etc/wpa_supplicant/wpa_supplicant.conf来张开布局有线接入点网络

1. 开发银行命令

wpa supplicant
在运转时,运维命令能够包括相当多参数,这段日子我们的起步命令如下:

wpa_supplicant /system/bin/wpa_supplicant -Dwext -ieth0
-c/data/wifi/wpa_supplicant.conf -f/data/wifi/wpa_log.txt

 

wpa_supplicant对于运行命令带的参数,用了四个数据结构来保存,

一个是 wpa_params, 另三个是wpa_interface.

那首若是怀想到wpa_supplicant是足以並且支持多个网络接口的。

wpa_params数据结构首要记录与网络接口毫不相关的一些参数设置。

而每一个网络接口就用一个wpa_interface数据结构来记录。

在起步命令行中,能够用-N来钦赐将在描述一个新的互连网接口,对于二个新的互连网接口,可以用上面四个参数描述:

-i<ifname> : 互联网接口名称

-c<conf>: 配置文件名称

-C<ctrl_intf>: 调节接口名称

-D<driver>: 驱动类型

-p<driver_param>: 驱动参数

-b<br_ifname>: 桥接口名称

 

 

下边是几个配备文件的实例。

2. wpa_supplicant 初叶化流程

Full command

Short command

Description

status

stat

displays the current connection status

disconnect

disc

prevents wpa_supplicant from connecting to any access point

quit

q

exits wpa_cli

terminate

term

kills wpa_supplicant

reconfigure

recon

reloads wpa_supplicant with the configuration file supplied (-c parameter)

scan

scan

scans for available access points (only scans it, doesn’t display anything)

scan_result

scan_r

displays the results of the last scan

list_networks

list_n

displays a list of configured networks and their status (active or not, enabled or disabled)

select_network

select_n

select a network among those defined to initiate a connection (ie select_network 0)

enable_network

enable_n

makes a configured network available for selection (ie enable_network 0)

disable_network

disable_n

makes a configured network unavailable for selection (ie disable_network 0)

remove_network

remove_n

removes a network and its configuration from the list (ie remove_network 0)

add_network

add_n

adds a new network to the list. Its id will be created automatically

set_network

set_n

shows a very short list of available options to configure a network when supplied with no parameters.

See next section for a list of extremely useful parameters to be used with set_network and get_network.

get_network

get_n

displays the required parameter for the specified network. See next section for a list of parameters

save_config

save_c

saves the configuration

  1. # 请不要改变上边这一行内容,不然将无法健康专门的学业  
  2. ctrl_interface=/var/run/wpa_supplicant  
  3.   
  4. # 确认保证唯有root客户能读取WPA的安顿  
  5. ctrl_interface_group=0  
  6.   
  7. # 使用wpa_supplicant来围观和采用AP  
  8. ap_scan=1  
  9.   
  10. # 简单的场所:WPA-PSk密码验证办法,PSK是ASCII密码短语,全数法定的加密方法都同意连接  
  11. network={  
  12. ssid=”simple”  
  13. psk=”very secret passphrase”  
  14. # 优先级越高,就可以越早匹配到。  
  15. priority=5  
  16. }  
  17.   
  18. # 与前方的设置同样,www.linuxidc.com但须求对特定的SSID举行扫描(针对这三个拒绝广播SSID的AP)  
  19. network={  
  20. ssid=”second ssid”  
  21. scan_ssid=1  
  22. psk=”very secret passphrase”  
  23. priority=2  
  24. }  
  25.   
  26. # 仅使用WPA-PSK方式。允许选用任何官方的加密方法的构成  
  27. network={  
  28. ssid=”example”  
  29. proto=WPA  
  30. key_mgmt=WPA-PSK  
  31. pairwise=CCMP TKIP  
  32. group=CCMP TKIP WEP104 WEP40  
  33. psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb  
  34. priority=2  
  35. }  
  36.   
  37. # 明文连接格局(不行使WPA和IEEE802.1X)  
  38. network={  
  39. ssid=”plaintext-test”  
  40. key_mgmt=NONE  
  41. }  
  42.   
  43. # 分享WEP秘钥连接格局(不利用WPA和IEEE802.1X)  
  44. network={  
  45. ssid=”static-wep-test”  
  46. key_mgmt=NONE  
  47. wep_key0=”abcde”  
  48. wep_key1=0102030405  
  49. wep_key2=”1234567890123″  
  50. wep_tx_keyidx=0  
  51. priority=5  
  52. }  
  53.   
  54. # 分享WEP秘钥连接格局(无WPA和IEEE802.1X),使用分享秘钥IEEE802.11验证办法  
  55. network={  
  56. ssid=”static-wep-test2″  
  57. key_mgmt=NONE  
  58. wep_key0=”abcde”  
  59. wep_key1=0102030405  
  60. wep_key2=”1234567890123″  
  61. wep_tx_keyidx=0  
  62. priority=5  
  63. auth_alg=SHARED  
  64. }  
  65.   
  66. # 在IBSS/ad-hoc互连网中使用WPA-None/TKIP  
  67. network={  
  68. ssid=”test adhoc”  
  69. mode=1  
  70. proto=WPA  
  71. key_mgmt=WPA-NONE  
  72. pairwise=NONE  
  73. group=TKIP  
  74. psk=”secret passphrase”  
  75. }  

2.1. main()函数:

在这几个函数中,主要做了四件事。

a. 分析命令行传进的参数。

b. 调用wpa_supplicant_init()函数,做wpa_supplicant的开首化职业。

c. 调用wpa_supplicant_add_iface()函数,增添网络接口。

d. 调用wpa_supplicant_run()函数,让wpa_supplicant真正的run起来。

 

(3)平台操作实例(只限于MediaTek平台 且具ROOT权限)

 

2.2. wpa_supplicant_init()函数:

a. 打开debug 文件。

b. 注册EAP peer方法。

c. 申请wpa_global内部存储器,该数据结构作为统领别的数据结构的三个大旨,
首要总结五个部分:

wpa_supplicant *ifaces  
/*各样互连网接口都有二个相应的wpa_supplicant数据结构,该指针指向近来参与的多个,在wpa_supplicant数据结构中有指针指向next*/

wpa_params params   /*开发银行命令行中带的通用的参数*/

ctrl_iface_global_priv *ctrl_iface  /*global 的调节接口*/

ctrl_iface_dbus_priv *dbus_ctrl_iface  /*dbus 的支配接口*/

d. 设置wpa_global中的wpa_params中的参数。

e. 调用eloop_init函数将全局变量eloop中的user_data指针指向wpa_global。

f. 调用wpa_supplicant_global_ctrl_iface_init函数早先化global
调控接口。

g. 调用wpa_supplicant_dbus_ctrl_iface_init函数开始化dbus 调整接口。

h. 将该daemon的pid写入pid_file中。

 

        A,首先保险ADB连入,且能运维adb
remount,那样幸免系统文件只读。然后设置wpa_cli和wpa_supplicant有较强权限。

2.3. wpa_supplicant_add_iface()函数:

该函数依照运行命令行中带有的参数扩大互联网接口, 有多少个就大增多少个。

a.
因为wpa_supplicant是与互连网接口对应的珍视的数据结构,所以,首先分配三个wpa_supplicant数据结构的内部存款和储蓄器。

b. 调用wpa_supplicant_init_iface()
函数来做互连网接口的最早专门的学问,首要不外乎:

安装驱动类型,默许是wext;

读取配置文件,并将里面的消息设置到wpa_supplicant数据结构中的conf
指针指向的数据结构,它是一个wpa_config类型;

命令行设置的操纵接口ctrl_interface和驱动参数driver_param覆盖配置文件里设置,命令行中的优先;

拷贝网络接口名称和桥接口名称到wpa_config数据结构;

对于网络铺排块有四个链表描述它,多个是
config->ssid,它遵照布置文件中的顺序依次挂载在那个链表上,还应该有贰个是pssid,它是二个二级指针,指向八个指南针数组,该指针数组依照事先级从高到底的依次依次保存wpa_ssid指针,同样优先级的在平等链表中挂载。

c. 调用wpa_supplicant_init_iface2() 函数,主要回顾:

调用wpa_supplicant_init_eapol()函数来开头化eapol;

调用相应品种的driver的init()函数;

设置driver的param参数;

调用wpa_drv_get_ifname()函数获得互联网接口的称号,对于wext类型的driver,未有那么些接口函数;

调用wpa_supplicant_init_wpa()函数来开首化wpa,并做相应的初叶化专门的职业;

调用wpa_supplicant_driver_init()函数,来伊始化driver接口参数;在该函数的终极,会

wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;

wpa_supplicant_req_scan(wpa_s, interface_count, 100000);

来积极发起scan,

调用wpa_supplicant_ctrl_iface_init()函数,来初叶化调整接口;对于UNIX
SOCKET这种方式,其本地socket文件是由陈设文件里的ctrl_interface参数钦赐的不二诀要加上互连网接口名称;

 

        B,运转echo 1 >
/dev/wmtWifi,运转WIFI驱动。可是那么些使能不会显今后安卓分界面上层,默许是要在运营安卓时开启WIFI模块的,也即设置中的WIFI要默许ON。

下边是自己的布局文件

2.4. wpa_supplicant_run()函数:

初阶化完结之后,让wpa_supplicant的main event loop run起来。

在wpa_supplicant中,有数不清与外面通讯的socket,它们都以必要注册到eloop
event模块中的,具体地说,正是在eloop_sock_table中加进一项记录,其中囊括了sock_fd,
handle, eloop_data, user_data。

eloop
event模块正是将这一个socket组织起来,统一管理,然后在eloop_run中接纳select机制来治本socket的通信。

 

        C,步入/system/bin目录,首先运转服务端wpa_supplicant。

  1. ctrl_interface=/var/run/wpa_supplicant  
  2. ap_scan=1  
  3.   
  4. #Home Network  
  5. network={  
  6.     psk=”yming0221″  
  7.     priority=1  
  8.     ssid=79616E277320776972656C657373  
  9.     mode=0  
  10.     bssid=E0:05:C5:17:F8:2C  
  11.     key_mgmt=WPA-PSK  
  12. }  
  13. #  
  14. network={  
  15.     ssid=”351471azjlb”  
  16.     psk=”CCTV1-CCTV2-KTV-1987″  
  17.     priority=2  
  18. }  

3. Wpa_supplicant提供的接口

从通讯档案的次序上划分,wpa_supplicant提供发展的决定接口 control
interface,用于与别的模块(如UI)进行通信,其余模块能够通过control
interface
来获取新闻或下发命令。Wpa_supplicant通过socket通讯机制落到实处下行接口,与基本实行通讯,获撤除息或下发命令。

 

./wpa_supplicant -iwlan0 -Dnl80211
-c/system/etc/wifi/wpa_supplicant.conf

下一场重启wlan0连接

3.1 上行接口

Wpa_supplicant提供二种情势的上行接口。一种基于古板dbus机制完毕与别的进度间的IPC通讯;另一种通过Unix
domain socket机制完成进度间的IPC通信。

例行运营后的回显如下:

 

3.1.1 Dbus接口

该接口首要在文书“ctrl_iface_dbus.h”,“ctrl_iface_dbus.c”,“ctrl_iface_dbus_handler.h”和“ctrl_iface_dbus_handler.c”中达成,提供部分着力的支配措施。

 

DBusMessage * wpas_dbus_new_invalid_iface_error(DBusMessage
*message);

 

DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,

                                        struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_remove_interface(DBusMessage
*message,

                                          struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,

                                        struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_set_debugparams(DBusMessage
*message,

                                          struct wpa_global *global);

 

DBusMessage * wpas_dbus_iface_scan(DBusMessage *message,

                               struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_bssid_properties(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s,

                                    struct wpa_scan_res *res);

 

DBusMessage * wpas_dbus_iface_capabilities(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,

                                     struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,

                                        struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_set_network(DBusMessage *message,

                                     struct wpa_supplicant *wpa_s,

                                     struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_enable_network(DBusMessage *message,

                                        struct wpa_supplicant *wpa_s,

                                        struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_disable_network(DBusMessage
*message,

                                         struct wpa_supplicant
*wpa_s,

                                         struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,

                                             struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_disconnect(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_set_ap_scan(DBusMessage *message,

                                          struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_set_smartcard_modules(

       DBusMessage *message, struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,

                                   struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_get_scanning(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

ca88yzc 2

/etc/init.d/net.wlan0 restart

3.1.2 Unix domain socket 接口

该接口主要在文书“wpa_ctrl.h”,“wpa_ctrl.c”,“ctrl_iface_unix.c”,“ctrl_iface.h”和“ctrl_iface.c”实现。

 

(1)“wpa_ctrl.h”,“wpa_ctrl.c”完毕对control
interface的包装,对外提供统一的接口。其根本的干活是经过Unix domain
socket创设三个control interface
的client结点,与作为server的wpa_supplicant结点通讯。

 

器重意义函数:

struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path);

/* 创建并最初化三个Unix domain
socket的client结点,并与作为server的wpa_supplicant结点绑定 */

void wpa_ctrl_close(struct wpa_ctrl *ctrl);

/* 撤消并销毁已确立的Unix domain socket的client结点 */

 

int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd,
size_t cmd_len,

                   char *reply, size_t *reply_len,

                   void (*msg_cb)(char *msg, size_t len));

 

/* 客户模块直接调用该函数对wpa_supplicant发送命令并获取所需消息

 * 能够发送的下令如附属类小部件1所示 */

Note:

       Wpa_supplicant
提供三种由外界模块获取音讯的法子:一种是外界模块通过发送request
命令然后拿走response的问答方式,另一种是wpa_supplicant主动向外界发送event事件,由外界模块监听接收。

 

      
一般的常用做法是外表模块通过调用wpa_ctrl_open()两回,创立八个control
interface接口,一个为ctrl
interface,用于发送命令,获取音讯,另贰个为monitor
interface,用于监听接收来自于wpa_supplicant的event时间。此举能够减弱通讯的耦合性,防止response和event的相互苦恼。

 

int wpa_ctrl_attach(struct wpa_ctrl *ctrl);

/* 注册 某个 control interface 作为 monitor interface */

 

int wpa_ctrl_detach(struct wpa_ctrl *ctrl);

/* 撤消有个别 monitor interface 为 普通的 control interface  */

 

int wpa_ctrl_pending(struct wpa_ctrl *ctrl);

/* 判别是或不是有挂起的event 事件 */

 

int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t
*reply_len);

/* 获取挂起的event 事件 */

 

(2)“ctrl_iface_unix.c”实现wpa_supplicant的Unix domain
socket通讯机制中server结点,实现对client结点的响应。

       其中最重大的五个函数为:

static void wpa_supplicant_ctrl_iface_receive(int sock, void
*eloop_ctx,

                                         void *sock_ctx)

/*
接收并分析client发送request命令,然后依照差别的通令调用底层差异的管理函数;

 * 然后将获得response结果回馈到 client 结点。

 */

 

static void wpa_supplicant_ctrl_iface_send(struct
ctrl_iface_priv *priv,

                                      int level, const char *buf,

                                      size_t len)

/* 向注册的monitor interfaces 主动发送event事件 */

 

(3)“ctrl_iface.h”和“ctrl_iface.c”重要完成了各样request命令的平底管理函数。

 

不行收入态申明该服务端已经在运行了(也或者是可输入状态,只要后边的wpa_cali可连日来就行)。-i
-D -c的参数意义可一向在Help中查询,具体某个参数或者因平台不相同而有差距。

3.2 下行接口

Wpa_supplicant提供的下水接口首要用以和kernel(driver)实行通讯,下发命令和获取音信。

Wpa_supplicant下行接口首要包蕴三种重大的接口:

1.    PF_INET socket接口,首要用于向kernel
发送ioctl命令,调整并拿走相应音信。

2.    PF_NETLINK socket接口,首要用来吸收接纳kernel发送上来的event
事件。

3.    PF_PACKET socket接口,主要用来向driver传递802.1X报文。

 

首要涉及到的公文包蕴:“driver.h”,“drivers.c”,“driver_wext.h”,“driver_wext.c”,“l2_packet.h”和“l2_packet_linux.c”。其中“driver.h”,“drivers.c”,“driver_wext.h”和“driver_wext.c”实现PF_INET
socket接口和PF_NETLINK
socket接口;“l2_packet.h”和“l2_packet_linux.c”实现PF_PACKET
socket接口。

 

(1)“driver.h”,“drivers.c”重要用以封装底层差距对外展现一个一致的wpa_driver_ops接口。Wpa_supplicant可协理atmel,
布罗兹com, ipw, madwifi, ndis, nl80211, wext等各样使得。

内部四个最要害的数据结构为wpa_driver_ops,
其定义了driver相关的各类操作接口。

 

(2)“driver_wext.h”,“driver_wext.c”实现了wext形式的wpa_driver_ops,并创立了PF_INET
socket接口和PF_NETLINK
socket接口,然后经过那四个接口达成与kernel的新闻互相。

 

Wext提供的一个生死攸关数据结构为:

struct wpa_driver_wext_data {

       void *ctx;

       int event_sock;

       int ioctl_sock;

       int mlme_sock;

       char ifname[IFNAMSIZ + 1];

       int ifindex;

       int ifindex2;

       int if_removed;

       u8 *assoc_req_ies;

       size_t assoc_req_ies_len;

       u8 *assoc_resp_ies;

       size_t assoc_resp_ies_len;

       struct wpa_driver_capa capa;

       int has_capability;

       int we_version_compiled;

 

       /* for set_auth_alg fallback */

       int use_crypt;

       int auth_alg_fallback;

 

       int operstate;

 

       char mlmedev[IFNAMSIZ + 1];

 

       int scan_complete_events;

};

其中event_sock 为PF_NETLINK socket接口,ioctl_sock为PF_INET
socket借口。

 

Driver_wext.c完毕了汪洋平底处理函数用于落到实处wpa_driver_ops操作参数,当中比较重大的有:

void * wpa_driver_wext_init(void *ctx, const char *ifname);

/* 初始化wpa_driver_wext_data 数据结构,并创立PF_NETLINK
socket和 PF_INET socket 接口 */

 

void wpa_driver_wext_deinit(void *priv);

/* 销毁wpa_driver_wext_data 数据结构,PF_NETLINK socket和
PF_INET socket 接口 */

 

static void wpa_driver_wext_event_receive(int sock, void
*eloop_ctx,

                                     void *sock_ctx);

/* 管理kernel主动发送的event事件的 callback 函数 */

 

最终,将促成的操作函数映射到多个大局的wpa_driver_ops类型数据结构
wpa_driver_wext_ops中。

 

const struct wpa_driver_ops wpa_driver_wext_ops = {

       .name = “wext”,

       .desc = “Linux wireless extensions (generic)”,

       .get_bssid = wpa_driver_wext_get_bssid,

       .get_ssid = wpa_driver_wext_get_ssid,

       .set_wpa = wpa_driver_wext_set_wpa,

       .set_key = wpa_driver_wext_set_key,

       .set_countermeasures = wpa_driver_wext_set_countermeasures,

       .set_drop_unencrypted =
wpa_driver_wext_set_drop_unencrypted,

       .scan = wpa_driver_wext_scan,

       .get_scan_results2 = wpa_driver_wext_get_scan_results,

       .deauthenticate = wpa_driver_wext_deauthenticate,

       .disassociate = wpa_driver_wext_disassociate,

       .set_mode = wpa_driver_wext_set_mode,

       .associate = wpa_driver_wext_associate,

       .set_auth_alg = wpa_driver_wext_set_auth_alg,

       .init = wpa_driver_wext_init,

       .deinit = wpa_driver_wext_deinit,

       .add_pmkid = wpa_driver_wext_add_pmkid,

       .remove_pmkid = wpa_driver_wext_remove_pmkid,

       .flush_pmkid = wpa_driver_wext_flush_pmkid,

       .get_capa = wpa_driver_wext_get_capa,

       .set_operstate = wpa_driver_wext_set_operstate,

};

 

(3)“l2_packet.h”和“l2_packet_linux.c”首要用于落到实处PF_PACKET
socket接口,通过该接口,wpa_supplicant能够直接将802.1X
packet发送到L2层,而不经过TCP/IP公约栈。

 

当中首要的功效函数为:

struct l2_packet_data * l2_packet_init(

       const char *ifname, const u8 *own_addr, unsigned short
protocol,

       void (*rx_callback)(void *ctx, const u8 *src_addr,

                         const u8 *buf, size_t len),

       void *rx_callback_ctx, int l2_hdr);

/* 创立并最初化PF_PACKET socket接口,其中rx_callback
为从L2接收到的packet 管理callback函数 */

 

void l2_packet_deinit(struct l2_packet_data *l2);

/* 销毁 PF_PACKET socket接口 */

 

int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr,
u16 proto,

                 const u8 *buf, size_t len);

/* L2层packet发送函数,wpa_supplicant用此发送L2层 802.1X packet  */

 

static void l2_packet_receive(int sock, void *eloop_ctx, void
*sock_ctx);

/*  L2层packet接收函数,接收来自L2层数据后,将其发送到上层  */

        D,另开启一个ADB SHELL,作客商端运营wpa_cali。如下:

4. Control interface commands

       PING

       MIB

       STATUS

       STATUS-VERBOSE

       PMKSA

       SET <variable> <valus>

       LOGON

       LOGOFF

       REASSOCIATE

       RECONNECT

       PREAUTH <BSSID>

       ATTACH

       DETACH

       LEVEL <debug level>

       RECONFIGURE

       TERMINATE

       BSSID <network id> <BSSID>

       LIST_NETWORKS

       DISCONNECT

       SCAN

       SCAN_RESULTS

       BSS

       SELECT_NETWORK <network id>

       ENABLE_NETWORK <network id>

       DISABLE_NETWORK <network id>

       ADD_NETWORK

       REMOVE_NETWORK <network id>

       SET_NETWORK <network id> <variable> <value>

       GET_NETWORK <network id> <variable>

       SAVE_CONFIG


cd /system/bin

Linux有线互联网设置(wpa_supplicant的使用)

长机意况:Gentoo Linux 3.1.10
 WPA
Supplicant工具包能够令你连接受那么些使用WPA的AP。因为还只是beta版,所以它的配置情势仍会有时变化——固然如此,在大好多景色下它早就会很好的干活。
 安装上wap_supplicant后能够由此退换/etc/wpa_supplicant/wpa_supplicant.conf来开展示公布置无线接入点互联网
 上边是二个布置文件的实例。
 
 # 请不要改换上边这一行内容,不然将不能健康干活
 ctrl_interface=/var/run/wpa_supplicant
 
 # 确定保障独有root客商能读取WPA的布署
 ctrl_interface_group=0
 
 # 使用wpa_supplicant来围观和挑选AP
 ap_scan=1
 
 #
轻松的图景:WPA-PSk密码验证措施,PSK是ASCII密码短语,全体官方的加密方法都同意连接
 network={
 ssid=”simple”
 psk=”very secret passphrase”
 # 优先级越高,就会越早相配到。
 priority=5
 }
 
 #
与前边的安装同一,但须求对特定的SSID实行围观(针对那多少个拒绝广播SSID的AP)
 network={
 ssid=”second ssid”
 scan_ssid=1
 psk=”very secret passphrase”
 priority=2
 }
 
 # 仅使用WPA-PSK格局。允许使用别的合法的加密方法的整合
 network={
 ssid=”example”
 proto=WPA
 key_mgmt=WPA-PSK
 pairwise=CCMP TKIP
 group=CCMP TKIP WEP104 WEP40
 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
 priority=2
 }
 
 # 明文连接形式(不采用WPA和IEEE802.1X)
 network={
 ssid=”plaintext-test”
 key_mgmt=NONE
 }
 
 # 分享WEP秘钥连接格局(不利用WPA和IEEE802.1X)
 network={
 ssid=”static-wep-test”
 key_mgmt=NONE
 wep_key0=”abcde”
 wep_key1=0102030405
 wep_key2=”1234567890123″
 wep_tx_keyidx=0
 priority=5
 }
 
 #
分享WEP秘钥连接情势(无WPA和IEEE802.1X),使用分享秘钥IEEE802.11验证办法
 network={
 ssid=”static-wep-test2″
 key_mgmt=NONE
 wep_key0=”abcde”
 wep_key1=0102030405
 wep_key2=”1234567890123″
 wep_tx_keyidx=0
 priority=5
 auth_alg=SHARED
 }
 
 # 在IBSS/ad-hoc互连网中使用WPA-None/TKIP
 network={
 ssid=”test adhoc”
 mode=1
 proto=WPA
 key_mgmt=WPA-NONE
 pairwise=NONE
 group=TKIP
 psk=”secret passphrase”
 }
 
 —
 上面是自身的配备文件
 
 ctrl_interface=/var/run/wpa_supplicant
 ap_scan=1
 
 #Home Network
 network={
     psk=”yming0221″
     priority=1
     ssid=79616E277320776972656C657373
     mode=0
     bssid=E0:05:C5:17:F8:2C
     key_mgmt=WPA-PSK
 }
 #
 network={
     ssid=”351471azjlb”
     psk=”CCTV1-CCTV2-KTV-1987″
     priority=2
 }
 
 然后重启wlan0连接

 /etc/init.d/net.wlan0 restart

======================================================================================

常用命令:

wpa_supplicant -Dwext -iwlan0 -c配置文件.conf
-C/var/run/wpa_supplicant -B

-B: 后台运维

-c: 配置文件

-C:unix socket 名称

-i:监听的接口

-D:使用的驱动名, 一般为wext或许 nl80211

wpa_passphrase
              创建 wpa_supplicant.conf 的工具

        wpa_passphrase [ ssid ] [ passphrase ]  > conf 文件

wpa_cli

    wpa_cli  [  -p path to ctrl sockets ] [ -i ifname ] [ -hvB ]
[ -a action file ] [ -P pid file ] [command … ]

    wpa_cli -i wlan0     |

                                | list_network

                                | remove_netwok

                                | add_network

                                | set_network %d    | ssid “名称”

                                                              |
key_mgmt 类型(NONE, )

                                                              |
wep_key0 密码

                                                              | psk 密码

                                                              |
wep_tx_keyidx 0

                                | select_network %d

                                | enable_network %d

                                | save_config

                                | scan

                                | scan_results

                                | terminate

wpa_cli -p /data/misc/wpa_supplicant

wpa_cli用法

1: run wpa_supplicant first

use the following command:

       wpa_supplicant -Dwext -iwlan0 -C/data/system/wpa_supplicant
-c/data/misc/wifi/wpa_supplicant.conf

      (use “ps”to make sure wpa_supplicant is running )

 

2: Run the command line tool wpa_cli to connect wifi

       wpa_cli -p/data/system/wpa_supplicant -iwlan0

       Then , it will let you set network interactively

 

       some common command:

       >scan = to scan the neighboring AP

       >scan_results = show the scan results

       >status = check out the current connection information

       >terminate = terminate wpa_supplicant

       >quit = exit wpa_cli

       >add_network = it will return a network id to you

       >set_network <network id> <variable>
<value> = set network variables (shows

list of variables when run without arguments), success will return OK,
or will return Fail

       >select_network <network id> = select a network
(disable others)

       >disable_network <network id> = disable a network

       >enable_network <network id> = enable a network

 

3: example

 

       for AP that doesn`t have encryption

              >add_network      (It will display a network id for
you, assume it returns 0)

              >set_network 0 ssid “666”

              >set_network 0 key_mgmt NONE

              >enable_network 0

              >quit

       if normal, we have connectted to the AP “666”, now you need a IP
to access internet, for example:

              dhcpcd wlan0

              if everything is ok, it will get an IP & can access
internet

 

       for AP that has WEP

              >add_network      (assume returns 1)

              >set_network 1 ssid “666”

              >set_network 1 key_mgmt NONE

              >set_network 1 wep_key0 “your ap passwork”(if usting
ASCII, it need double quotation marks, if using hex, then don`t need
the double quotation marks)

              >set_network 1 wep_tx_keyidx 0

              >select_network 1  (optional, remember, if you are
connecting with another AP, you should select it to disable the another)

              >enable_network 1

              and then ,get an IP to access internet

 

       for AP that has WPA-PSK/WPA2-PSK

              >add_network      (assume returns 2)

              >set_network 2 ssid “666”

              >set_network 2 psk “your pre-shared key”

              >select_network 2  (optional, remember, if you are
connecting with another AP, you should select it to disable the another)

              >enable_network 2

              there is still some others options to be set, but
wpa_supplicant will choose the default for you, the default will
include all we need to set

              and then ,get an IP to access internet

 

       for Hidden AP(补充)

        原则上应有即使在地点的根基上去set_network netid scan_ssid
1就可以,测量试验过无加密的Hidden AP,WEP/WPA/WPA2相应道理同样

=====================  wpa_supplicant.conf 官方描述(当中带有了
set_network 子命令中所带的参数与取值范围)
========================================

**##### Example wpa_supplicant configuration file
###############################
#
# This file describes configuration file format and lists all available
option.
# Please also take a look at simpler configuration examples in
‘examples’
# subdirectory.
#
# Empty lines and lines starting with # are ignored

# NOTE! This file may contain password information and should probably
be made
# readable only by root user on multiuser systems.

# Note: All file paths in this configuration file should use full
(absolute,
# not relative to working directory) path in order to allow working
directory
# to be changed. This can happen if wpa_supplicant is run in the
background.

# Whether to allow wpa_supplicant to update (overwrite)
configuration
#
# This option can be used to allow wpa_supplicant to overwrite
configuration
# file whenever configuration is changed (e.g., new network block is
added with
# wpa_cli or wpa_gui, or a password is changed). This is required
for
# wpa_cli/wpa_gui to be able to store the configuration changes
permanently.
# Please note that overwriting configuration file will remove the
comments from
# it.
#update_config=1

# global configuration (shared by all network blocks)
#
# Parameters for the control interface. If this is specified,
wpa_supplicant
# will open a control interface that is available for external programs
to
# manage wpa_supplicant. The meaning of this string depends on which
control
# interface mechanism is used. For all cases, the existance of this
parameter
# in configuration is used to determine whether the control interface
is
# enabled.
#
# For UNIX domain sockets (default on Linux and BSD): This is a
directory that
# will be created for UNIX domain sockets for listening to requests
from
# external programs (CLI/GUI, etc.) for status information and
configuration.
# The socket file will be named based on the interface name, so
multiple
# wpa_supplicant processes can be run at the same time if more than
one
# interface is used.
# /var/run/wpa_supplicant is the recommended directory for sockets and
by
# default, wpa_cli will use it when trying to connect with
wpa_supplicant.
#
# Access control for the control interface can be configured by setting
the
# directory to allow only members of a group to use sockets. This way,
it is
# possible to run wpa_supplicant as root (since it needs to change
network
# configuration and open raw sockets) and still allow GUI/CLI
components to be
# run as non-root users. However, since the control interface can be
used to
# change the network configuration, this access needs to be protected
in many
# cases. By default, wpa_supplicant is configured to use gid 0 (root).
If you
# want to allow non-root users to use the control interface, add a new
group
# and change this value to match with that group. Add users that should
have
# control interface access to this group. If this variable is commented
out or
# not included in the configuration file, group will not be changed
from the
# value it got by default when the directory or socket was created.
#
# When configuring both the directory and group, use following
format:
# DIR=/var/run/wpa_supplicant GROUP=wheel
# DIR=/var/run/wpa_supplicant GROUP=0
# (group can be either group name or gid)
#
# For UDP connections (default on Windows): The value will be ignored.
This
# variable is just used to select that the control interface is to be
created.
# The value can be set to, e.g., udp (ctrl_interface=udp)
#
# For Windows Named Pipe: This value can be used to set the security
descriptor
# for controlling access to the control interface. Security descriptor
can be
# set using Security Descriptor String Format (see

# library/default.asp?url=/library/en-us/secauthz/security/
# security_descriptor_string_format.asp). The descriptor string
needs to be
# prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set
an empty
# DACL (which will reject all connections). See README-Windows.txt for
more
# information about SDDL string format.
#
ctrl_interface=/var/run/wpa_supplicant

# IEEE 802.1X/EAPOL version
# wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which
defines
# EAPOL version 2. However, there are many APs that do not handle the
new
# version number correctly (they seem to drop the frames completely).
In order
# to make wpa_supplicant interoperate with these APs, the version
number is set
# to 1 by default. This configuration value can be used to set it to
the new
# version (2).
eapol_version=1

# AP scanning/selection
# By default, wpa_supplicant requests driver to perform AP scanning
and then
# uses the scan results to select a suitable AP. Another alternative is
to
# allow the driver to take care of AP scanning and selection and use
# wpa_supplicant just to process EAPOL frames based on IEEE 802.11
association
# information from the driver.
# 1: wpa_supplicant initiates scanning and AP selection
# 0: driver takes care of scanning, AP selection, and IEEE 802.11
association
#    parameters (e.g., WPA IE generation); this mode can also be used
with
#    non-WPA drivers when using IEEE 802.1X mode; do not try to
associate with
#    APs (i.e., external program needs to control association). This
mode must
#    also be used when using wired Ethernet drivers.
# 2: like 0, but associate with APs using security policy and SSID (but
not
#    BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers
to
#    enable operation with hidden SSIDs and optimized roaming; in this
mode,
#    the network blocks in the configuration file are tried one by one
until
#    the driver reports successful association; each network block
should have
#    explicit security policy (i.e., only one option in the lists)
for
#    key_mgmt, pairwise, group, proto variables
ap_scan=1

# EAP fast re-authentication
# By default, fast re-authentication is enabled for all EAP methods
that
# support it. This variable can be used to disable fast
re-authentication.
# Normally, there is no need to disable this.
fast_reauth=1

# OpenSSL Engine support
# These options can be used to load OpenSSL engines.
# The two engines that are supported currently are shown below:
# They are both from the opensc project ()
# By default no engines are loaded.
# make the opensc engine available
#opensc_engine_path=/usr/lib/opensc/engine_opensc.so
# make the pkcs11 engine available
#pkcs11_engine_path=/usr/lib/opensc/engine_pkcs11.so
# configure the path to the pkcs11 module required by the pkcs11
engine
#pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

# Dynamic EAP methods
# If EAP methods were built dynamically as shared object files, they
need to be
# loaded here before being used in the network blocks. By default, EAP
methods
# are included statically in the build, so these lines are not needed
#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_tls.so
#load_dynamic_eap=/usr/lib/wpa_supplicant/eap_md5.so

# Driver interface parameters
# This field can be used to configure arbitrary driver interace
parameters. The
# format is specific to the selected driver interface. This field is
not used
# in most cases.
#driver_param=”field=value”

# Country code
# The ISO/IEC alpha2 country code for the country in which this device
is
# currently operating.
#country=US

# Maximum lifetime for PMKSA in seconds; default 43200
#dot11RSNAConfigPMKLifetime=43200
# Threshold for reauthentication (percentage of PMK lifetime); default
70
#dot11RSNAConfigPMKReauthThreshold=70
# Timeout for security association negotiation in seconds; default 60
#dot11RSNAConfigSATimeout=60

# Wi-Fi Protected Setup (WPS) parameters

# Universally Unique IDentifier (UUID; see RFC 4122) of the device
# If not configured, UUID will be generated based on the local MAC
address.
#uuid=12345678-9abc-def0-1234-56789abcdef0

# Device Name
# User-friendly description of device; up to 32 octets encoded in
UTF-8
#device_name=Wireless Client

# Manufacturer
# The manufacturer of the device (up to 64 ASCII characters)
#manufacturer=Company

# Model Name
# Model of the device (up to 32 ASCII characters)
#model_name=cmodel

# Model Number
# Additional device description (up to 32 ASCII characters)
#model_number=123

# Serial Number
# Serial number of the device (up to 32 characters)
#serial_number=12345

# Primary Device Type
# Used format: <categ>-<OUI>-<subcateg>
# categ = Category as an integer value
# OUI = OUI and type octet as a 4-octet hex-encoded value; 0050F204
for
#       default WPS OUI
# subcateg = OUI-specific Sub Category as an integer value
# Examples:
#   1-0050F204-1 (Computer / PC)
#   1-0050F204-2 (Computer / Server)
#   5-0050F204-1 (Storage / NAS)
#   6-0050F204-1 (Network Infrastructure / AP)
#device_type=1-0050F204-1

# OS Version
# 4-octet operating system version number (hex string)
#os_version=01020300

# Credential processing
#   0 = process received credentials internally (default)
#   1 = do not process received credentials; just pass them over
ctrl_iface to
#    external program(s)
#   2 = process received credentials internally and pass them over
ctrl_iface
#    to external program(s)
#wps_cred_processing=0

# network block
#
# Each network (usually AP’s sharing the same SSID) is configured as a
separate
# block in this configuration file. The network blocks are in
preference order
# (the first match is used).
#
# network block fields:
#
# disabled:
#    0 = this network can be used (default)
#    1 = this network block is disabled (can be enabled through
ctrl_iface,
#        e.g., with wpa_cli or wpa_gui)
#
# id_str: Network identifier string for external scripts. This value
is passed
#    to external action script through wpa_cli as WPA_ID_STR
environment
#    variable to make it easier to do network specific configuration.
#
# ssid: SSID (mandatory); either as an ASCII string with double
quotation or
#    as hex string; network name
#
# scan_ssid:
#    0 = do not scan this SSID with specific Probe Request frames
(default)
#    1 = scan with SSID-specific Probe Request frames (this can be used
to
#        find APs that do not accept broadcast SSID or use multiple
SSIDs;
#        this will add latency to scanning, so enable this only when
needed)
#
# bssid: BSSID (optional); if set, this network block is used only
when
#    associating with the AP using the configured BSSID
#
# priority: priority group (integer)
# By default, all networks will get same priority group (0). If some of
the
# networks are more desirable, this field can be used to change the
order in
# which wpa_supplicant goes through the networks when selecting a BSS.
The
# priority groups will be iterated in decreasing priority (i.e., the
larger the
# priority value, the sooner the network is matched against the scan
results).
# Within each priority group, networks will be selected based on
security
# policy, signal strength, etc.
# Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode
are not
# using this priority to select the order for scanning. Instead, they
try the
# networks in the order that used in the configuration file.
#
# mode: IEEE 802.11 operation mode
# 0 = infrastructure (Managed) mode, i.e., associate with an AP
(default)
# 1 = IBSS (ad-hoc, peer-to-peer)
# Note: IBSS can only be used with key_mgmt NONE (plaintext and static
WEP)
# and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition,
ap_scan has
# to be set to 2 for IBSS. WPA-None requires following network block
options:
# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP,
but not
# both), and psk must also be set.
#
# frequency: Channel frequency in megahertz (MHz) for IBSS, e.g.,
# 2412 = IEEE 802.11b/g channel 1. This value is used to configure the
initial
# channel for IBSS (adhoc) networks. It is ignored in the
infrastructure mode.
# In addition, this value is only used by the station that creates the
IBSS. If
# an IBSS network with the configured SSID is already present, the
frequency of
# the network will be used instead of this configured value.
#
# proto: list of accepted protocols
# WPA = WPA/IEEE 802.11i/D3.0
# RSN = WPA2/IEEE 802.11i (also WPA2 can be used as an alias for RSN)
# If not set, this defaults to: WPA RSN
#
# key_mgmt: list of accepted authenticated key management protocols
# WPA-PSK = WPA pre-shared key (this requires ‘psk’ field)
# WPA-EAP = WPA using EAP authentication
# IEEE8021X = IEEE 802.1X using EAP authentication and (optionally)
dynamically
#    generated WEP keys
# NONE = WPA is not used; plaintext or static WEP could be used
# WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based
algorithms
# WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based
algorithms
# If not set, this defaults to: WPA-PSK WPA-EAP
#
# auth_alg: list of allowed IEEE 802.11 authentication algorithms
# OPEN = Open System authentication (required for WPA/WPA2)
# SHARED = Shared Key authentication (requires static WEP keys)
# LEAP = LEAP/Network EAP (only used with LEAP)
# If not set, automatic selection is used (Open System with LEAP
enabled if
# LEAP is allowed as one of the EAP methods).
#
# pairwise: list of accepted pairwise (unicast) ciphers for WPA
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE
802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# NONE = Use only Group Keys (deprecated, should not be included if APs
support
#    pairwise keys)
# If not set, this defaults to: CCMP TKIP
#
# group: list of accepted group (broadcast/multicast) ciphers for WPA
# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE
802.11i/D7.0]
# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0]
# WEP104 = WEP (Wired Equivalent Privacy) with 104-bit key
# WEP40 = WEP (Wired Equivalent Privacy) with 40-bit key [IEEE
802.11]
# If not set, this defaults to: CCMP TKIP WEP104 WEP40
#
# psk: WPA preshared key; 256-bit pre-shared key
# The key used in WPA-PSK mode can be entered either as 64 hex-digits,
i.e.,
# 32 bytes or as an ASCII passphrase (in which case, the real PSK will
be
# generated using the passphrase and SSID). ASCII passphrase must be
between
# 8 and 63 characters (inclusive).
# This field is not needed, if WPA-EAP is used.
# Note: Separate tool, wpa_passphrase, can be used to generate 256-bit
keys
# from ASCII passphrase. This process uses lot of CPU and
wpa_supplicant
# startup and reconfiguration time can be optimized by generating the
PSK only
# only when the passphrase or SSID has actually changed.
#
# eapol_flags: IEEE 802.1X/EAPOL options (bit field)
# Dynamic WEP key required for non-WPA mode
# bit0 (1): require dynamically generated unicast WEP key
# bit1 (2): require dynamically generated broadcast WEP key
#     (3 = require both keys; default)
# Note: When using wired authentication, eapol_flags must be set to 0
for the
# authentication to be completed successfully.
#
# mixed_cell: This option can be used to configure whether so called
mixed
# cells, i.e., networks that use both plaintext and encryption in the
same
# SSID, are allowed when selecting a BSS form scan results.
# 0 = disabled (default)
# 1 = enabled
#
# proactive_key_caching:
# Enable/disable opportunistic PMKSA caching for WPA2.
# 0 = disabled (default)
# 1 = enabled
#
# wep_key0..3: Static WEP key (ASCII in double quotation, e.g. “abcde”
or
# hex without quotation, e.g., 0102030405)
# wep_tx_keyidx: Default WEP key index (TX) (0..3)
#
# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e
DLS) is
# allowed. This is only used with RSN/WPA2.
# 0 = disabled (default)
# 1 = enabled
#peerkey=1
#
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be
used to
# enforce rekeying of PTK to mitigate some attacks against TKIP
deficiencies.
#
# Following fields are only used with internal EAP implementation.
# eap: space-separated list of accepted EAP methods
#    MD5 = EAP-MD5 (unsecure and does not generate keying material
->
#            cannot be used with WPA; to be used as a Phase 2 method
#            with EAP-PEAP or EAP-TTLS)
#       MSCHAPV2 = EAP-MSCHAPv2 (cannot be used separately with WPA; to
be used
#        as a Phase 2 method with EAP-PEAP or EAP-TTLS)
#       OTP = EAP-OTP (cannot be used separately with WPA; to be used
#        as a Phase 2 method with EAP-PEAP or EAP-TTLS)
#       GTC = EAP-GTC (cannot be used separately with WPA; to be used
#        as a Phase 2 method with EAP-PEAP or EAP-TTLS)
#    TLS = EAP-TLS (client and server certificate)
#    PEAP = EAP-PEAP (with tunnelled EAP authentication)
#    TTLS = EAP-TTLS (with tunnelled EAP or PAP/CHAP/MSCHAP/MSCHAPV2
#             authentication)
#    If not set, all compiled in methods are allowed.
#
# identity: Identity string for EAP
#    This field is also used to configure user NAI for
#    EAP-PSK/PAX/SAKE/GPSK.
# anonymous_identity: Anonymous identity string for EAP (to be used as
the
#    unencrypted identity with EAP types that support different
tunnelled
#    identity, e.g., EAP-TTLS)
# password: Password string for EAP. This field can include either
the
#    plaintext password (using ASCII or hex string) or a
NtPasswordHash
#    (16-byte MD4 hash of password) in hash:<32 hex digits>
format.
#    NtPasswordHash can only be used when the password is for MSCHAPv2
or
#    MSCHAP (EAP-MSCHAPv2, EAP-TTLS/MSCHAPv2, EAP-TTLS/MSCHAP, LEAP).
#    EAP-PSK (128-bit PSK), EAP-PAX (128-bit PSK), and EAP-SAKE
(256-bit
#    PSK) is also configured using this field. For EAP-GPSK, this is
a
#    variable length PSK.
# ca_cert: File path to CA certificate file (PEM/DER). This file can
have one
#    or more trusted CA certificates. If ca_cert and ca_path are
not
#    included, server certificate will not be verified. This is
insecure and
#    a trusted CA certificate should always be configured when using
#    EAP-TLS/TTLS/PEAP. Full path should be used since working
directory may
#    change when wpa_supplicant is run in the background.
#    On Windows, trusted CA certificates can be loaded from the
system
#    certificate store by setting this to cert_store://<name>,
e.g.,
#    ca_cert=”cert_store://CA” or ca_cert=”cert_store://ROOT”.
#    Note that when running wpa_supplicant as an application, the
user
#    certificate store (My user account) is used, whereas computer
store
#    (Computer account) is used when running wpasvc as a service.
# ca_path: Directory path for CA certificate files (PEM). This path
may
#    contain multiple CA certificates in OpenSSL format. Common use for
this
#    is to point to system trusted CA list which is often installed
into
#    directory like /etc/ssl/certs. If configured, these certificates
are
#    added to the list of trusted CAs. ca_cert may also be included in
that
#    case, but it is not required.
# client_cert: File path to client certificate file (PEM/DER)
#    Full path should be used since working directory may change when
#    wpa_supplicant is run in the background.
#    Alternatively, a named configuration blob can be used by setting
this
#    to blob://<blob name>.
# private_key: File path to client private key file (PEM/DER/PFX)
#    When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should
be
#    commented out. Both the private key and certificate will be read
from
#    the PKCS#12 file in this case. Full path should be used since
working
#    directory may change when wpa_supplicant is run in the
background.
#    Windows certificate store can be used by leaving client_cert out
and
#    configuring private_key in one of the following formats:
#    cert://substring_to_match
#    hash://certificate_thumbprint_in_hex
#    for example: private_key=”hash://63093aa9c47f56ae88334c7b65a4″
#    Note that when running wpa_supplicant as an application, the
user
#    certificate store (My user account) is used, whereas computer
store
#    (Computer account) is used when running wpasvc as a service.
#    Alternatively, a named configuration blob can be used by setting
this
#    to blob://<blob name>.
# private_key_passwd: Password for private key file (if left out,
this will be
#    asked through control interface)
# dh_file: File path to DH/DSA parameters file (in PEM format)
#    This is an optional configuration file for setting parameters for
an
#    ephemeral DH key exchange. In most cases, the default RSA
#    authentication does not use this configuration. However, it is
possible
#    setup RSA to use ephemeral DH key exchange. In addition, ciphers
with
#    DSA keys always use ephemeral DH keys. This can be used to
achieve
#    forward secrecy. If the file is in DSA parameters format, it will
be
#    automatically converted into DH params.
# subject_match: Substring to be matched against the subject of the
#    authentication server certificate. If this string is set, the
server
#    sertificate is only accepted if it contains this string in the
subject.
#    The subject string is in following format:
#    /C=US/ST=CA/L=San Francisco/CN=Test
AS/emailAddress=as@example.com
# altsubject_match: Semicolon separated string of entries to be
matched against
#    the alternative subject name of the authentication server
certificate.
#    If this string is set, the server sertificate is only accepted if
it
#    contains one of the entries in an alternative subject name
extension.
#    altSubjectName string is in following format: TYPE:VALUE
#    Example: EMAIL:server@example.com
#    Example: DNS:server.example.com;DNS:server2.example.com
#    Following types are supported: EMAIL, DNS, URI
# phase1: Phase1 (outer authentication, i.e., TLS tunnel) parameters
#    (string with field-value pairs, e.g., “peapver=0” or
#    “peapver=1 peaplabel=1”)
#    ‘peapver’ can be used to force which PEAP version (0 or 1) is
used.
#    ‘peaplabel=1’ can be used to force new label, “client PEAP
encryption”,
#    to be used during key derivation when PEAPv1 or newer. Most
existing
#    PEAPv1 implementation seem to be using the old label, “client
EAP
#    encryption”, and wpa_supplicant is now using that as the default
value.
#    Some servers, e.g., Radiator, may require peaplabel=1
configuration to
#    interoperate with PEAPv1; see eap_testing.txt for more details.
#    ‘peap_outer_success=0’ can be used to terminate PEAP
authentication on
#    tunneled EAP-Success. This is required with some RADIUS servers
that
#    implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g.,
#    Lucent NavisRadius v4.4.0 with PEAP in “IETF Draft 5” mode)
#    include_tls_length=1 can be used to force wpa_supplicant to
include
#    TLS Message Length field in all TLS messages even if they are
not
#    fragmented.
#    sim_min_num_chal=3 can be used to configure EAP-SIM to require
three
#    challenges (by default, it accepts 2 or 3)
#    result_ind=1 can be used to enable EAP-SIM and EAP-AKA to use
#    protected result indication.
#    ‘crypto_binding’ option can be used to control PEAPv0
cryptobinding
#    behavior:
#     * 0 = do not use cryptobinding (default)
#     * 1 = use cryptobinding if server supports it
#     * 2 = require cryptobinding
#    EAP-WSC (WPS) uses following options: pin=<Device Password>
or
#    pbc=1.
# phase2: Phase2 (inner authentication with TLS tunnel) parameters
#    (string with field-value pairs, e.g., “auth=MSCHAPV2” for EAP-PEAP
or
#    “autheap=MSCHAPV2 autheap=MD5” for EAP-TTLS)
# Following certificate/private key fields are used in inner Phase2
# authentication when using EAP-TTLS or EAP-PEAP.
# ca_cert2: File path to CA certificate file. This file can have one
or more
#    trusted CA certificates. If ca_cert2 and ca_path2 are not
included,
#    server certificate will not be verified. This is insecure and a
trusted
#    CA certificate should always be configured.
# ca_path2: Directory path for CA certificate files (PEM)
# client_cert2: File path to client certificate file
# private_key2: File path to client private key file
# private_key2_passwd: Password for private key file
# dh_file2: File path to DH/DSA parameters file (in PEM format)
# subject_match2: Substring to be matched against the subject of the
#    authentication server certificate.
# altsubject_match2: Substring to be matched against the alternative
subject
#    name of the authentication server certificate.
#
# fragment_size: Maximum EAP fragment size in bytes (default 1398).
#    This value limits the fragment size for EAP methods that support
#    fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be
set
#    small enough to make the EAP messages fit in MTU of the network
#    interface used for EAPOL. The default value is suitable for most
#    cases.
#
# EAP-FAST variables:
# pac_file: File path for the PAC entries. wpa_supplicant will need
to be able
#    to create this file and write updates to it when PAC is being
#    provisioned or refreshed. Full path to the file should be used
since
#    working directory may change when wpa_supplicant is run in the
#    background. Alternatively, a named configuration blob can be used
by
#    setting this to blob://<blob name>
# phase1: fast_provisioning option can be used to enable in-line
provisioning
#         of EAP-FAST credentials (PAC):
#         0 = disabled,
#         1 = allow unauthenticated provisioning,
#         2 = allow authenticated provisioning,
#         3 = allow both unauthenticated and authenticated
provisioning
#    fast_max_pac_list_len=<num> option can be used to set
the maximum
#        number of PAC entries to store in a PAC list (default: 10)
#    fast_pac_format=binary option can be used to select binary
format for
#        storing PAC entries in order to save some space (the default
#        text format uses about 2.5 times the size of minimal binary
#        format)
#
# wpa_supplicant supports number of “EAP workarounds” to work around
# interoperability issues with incorrectly behaving authentication
servers.
# These are enabled by default because some of the issues are present
in large
# number of authentication servers. Strict EAP conformance mode can
be
# configured by disabling workarounds with eap_workaround=0.

# Example blocks:

# Simple case: WPA-PSK, PSK as an ASCII passphrase, allow all valid
ciphers
network={
    ssid=”simple”
    psk=”very secret passphrase”
    priority=5
}

# Same as previous, but request SSID-specific scanning (for APs that
reject
# broadcast SSID)
network={
    ssid=”second ssid”
    scan_ssid=1
    psk=”very secret passphrase”
    priority=2
}

# Only WPA-PSK is used. Any valid cipher combination is accepted.
network={
    ssid=”example”
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
  
 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
    priority=2
}

# WPA-Personal(PSK) with TKIP and enforcement for frequent PTK
rekeying
network={
    ssid=”example”
    proto=WPA
    key_mgmt=WPA-PSK
    pairwise=TKIP
    group=TKIP
    psk=”not so secure passphrase”
    wpa_ptk_rekey=600
}

# Only WPA-EAP is used. Both CCMP and TKIP is accepted. An AP that used
WEP104
# or WEP40 as the group cipher will not be accepted.
network={
    ssid=”example”
    proto=RSN
    key_mgmt=WPA-EAP
    pairwise=CCMP TKIP
    group=CCMP TKIP
    eap=TLS
    identity=”user@example.com”
    ca_cert=”/etc/cert/ca.pem”
    client_cert=”/etc/cert/user.pem”
    private_key=”/etc/cert/user.prv”
    private_key_passwd=”password”
    priority=1
}

# EAP-PEAP/MSCHAPv2 configuration for RADIUS servers that use the new
peaplabel
# (e.g., Radiator)
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=PEAP
    identity=”user@example.com”
    password=”foobar”
    ca_cert=”/etc/cert/ca.pem”
    phase1=”peaplabel=1″
    phase2=”auth=MSCHAPV2″
    priority=10
}

# EAP-TTLS/EAP-MD5-Challenge configuration with anonymous identity for
the
# unencrypted use. Real identity is sent only within an encrypted TLS
tunnel.
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=TTLS
    identity=”user@example.com”
    anonymous_identity=”anonymous@example.com”
    password=”foobar”
    ca_cert=”/etc/cert/ca.pem”
    priority=2
}

# EAP-TTLS/MSCHAPv2 configuration with anonymous identity for the
unencrypted
# use. Real identity is sent only within an encrypted TLS tunnel.
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=TTLS
    identity=”user@example.com”
    anonymous_identity=”anonymous@example.com”
    password=”foobar”
    ca_cert=”/etc/cert/ca.pem”
    phase2=”auth=MSCHAPV2″
}

# WPA-EAP, EAP-TTLS with different CA certificate used for outer and
inner
# authentication.
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=TTLS
    # Phase1 / outer authentication
    anonymous_identity=”anonymous@example.com”
    ca_cert=”/etc/cert/ca.pem”
    # Phase 2 / inner authentication
    phase2=”autheap=TLS”
    ca_cert2=”/etc/cert/ca2.pem”
    client_cert2=”/etc/cer/user.pem”
    private_key2=”/etc/cer/user.prv”
    private_key2_passwd=”password”
    priority=2
}

# Both WPA-PSK and WPA-EAP is accepted. Only CCMP is accepted as
pairwise and
# group cipher.
network={
    ssid=”example”
    bssid=00:11:22:33:44:55
    proto=WPA RSN
    key_mgmt=WPA-PSK WPA-EAP
    pairwise=CCMP
    group=CCMP
  
 psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
}

# Special characters in SSID, so use hex string. Default to WPA-PSK,
WPA-EAP
# and all valid ciphers.
network={
    ssid=00010203
  
 psk=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
}

# EAP-SIM with a GSM SIM or USIM
network={
    ssid=”eap-sim-test”
    key_mgmt=WPA-EAP
    eap=SIM
    pin=”1234″
    pcsc=””
}

# EAP-PSK
network={
    ssid=”eap-psk-test”
    key_mgmt=WPA-EAP
    eap=PSK
    anonymous_identity=”eap_psk_user”
    password=06b4be19da289f475aa46a33cb793029
    identity=”eap_psk_user@example.com”
}

# IEEE 802.1X/EAPOL with dynamically generated WEP keys (i.e., no WPA)
using
# EAP-TLS for authentication and key generation; require both unicast
and
# broadcast WEP keys.
network={
    ssid=”1x-test”
    key_mgmt=IEEE8021X
    eap=TLS
    identity=”user@example.com”
    ca_cert=”/etc/cert/ca.pem”
    client_cert=”/etc/cert/user.pem”
    private_key=”/etc/cert/user.prv”
    private_key_passwd=”password”
    eapol_flags=3
}

# LEAP with dynamic WEP keys
network={
    ssid=”leap-example”
    key_mgmt=IEEE8021X
    eap=LEAP
    identity=”user”
    password=”foobar”
}

# EAP-IKEv2 using shared secrets for both server and peer
authentication
network={
    ssid=”ikev2-example”
    key_mgmt=WPA-EAP
    eap=IKEV2
    identity=”user”
    password=”foobar”
}

# EAP-FAST with WPA (WPA or WPA2)
network={
    ssid=”eap-fast-test”
    key_mgmt=WPA-EAP
    eap=FAST
    anonymous_identity=”FAST-000102030405″
    identity=”username”
    password=”password”
    phase1=”fast_provisioning=1″
    pac_file=”/etc/wpa_supplicant.eap-fast-pac”
}

network={
    ssid=”eap-fast-test”
    key_mgmt=WPA-EAP
    eap=FAST
    anonymous_identity=”FAST-000102030405″
    identity=”username”
    password=”password”
    phase1=”fast_provisioning=1″
    pac_file=”blob://eap-fast-pac”
}

# Plaintext connection (no WPA, no IEEE 802.1X)
network={
    ssid=”plaintext-test”
    key_mgmt=NONE
}

# Shared WEP key connection (no WPA, no IEEE 802.1X)
network={
    ssid=”static-wep-test”
    key_mgmt=NONE
    wep_key0=”abcde”
    wep_key1=0102030405
    wep_key2=”1234567890123″
    wep_tx_keyidx=0
    priority=5
}

# Shared WEP key connection (no WPA, no IEEE 802.1X) using Shared Key
# IEEE 802.11 authentication
network={
    ssid=”static-wep-test2″
    key_mgmt=NONE
    wep_key0=”abcde”
    wep_key1=0102030405
    wep_key2=”1234567890123″
    wep_tx_keyidx=0
    priority=5
    auth_alg=SHARED
}

# IBSS/ad-hoc network with WPA-None/TKIP.
network={
    ssid=”test adhoc”
    mode=1
    frequency=2412
    proto=WPA
    key_mgmt=WPA-NONE
    pairwise=NONE
    group=TKIP
    psk=”secret passphrase”
}

# Catch all example that allows more or less all configuration modes
network={
    ssid=”example”
    scan_ssid=1
    key_mgmt=WPA-EAP WPA-PSK IEEE8021X NONE
    pairwise=CCMP TKIP
    group=CCMP TKIP WEP104 WEP40
    psk=”very secret passphrase”
    eap=TTLS PEAP TLS
    identity=”user@example.com”
    password=”foobar”
    ca_cert=”/etc/cert/ca.pem”
    client_cert=”/etc/cert/user.pem”
    private_key=”/etc/cert/user.prv”
    private_key_passwd=”password”
    phase1=”peaplabel=0″
}

# Example of EAP-TLS with smartcard (openssl engine)
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=TLS
    proto=RSN
    pairwise=CCMP TKIP
    group=CCMP TKIP
    identity=”user@example.com”
    ca_cert=”/etc/cert/ca.pem”
    client_cert=”/etc/cert/user.pem”

    engine=1

    # The engine configured here must be available. Look at
    # OpenSSL engine support in the global section.
    # The key available through the engine must be the private key
    # matching the client certificate configured above.

    # use the opensc engine
    #engine_id=”opensc”
    #key_id=”45″

    # use the pkcs11 engine
    engine_id=”pkcs11″
    key_id=”id_45″

    # Optional PIN configuration; this can be left out and PIN will
be
    # asked through the control interface
    pin=”1234″
}

# Example configuration showing how to use an inlined blob as a CA
certificate
# data instead of using external file
network={
    ssid=”example”
    key_mgmt=WPA-EAP
    eap=TTLS
    identity=”user@example.com”
    anonymous_identity=”anonymous@example.com”
    password=”foobar”
    ca_cert=”blob://exampleblob”
    priority=20
}

blob-base64-exampleblob={
SGVsbG8gV29ybGQhCg==
}

# Wildcard match for SSID (plaintext APs only). This example select
any
# open AP regardless of its SSID.
network={
    key_mgmt=NONE
}
**

回显如下表明平时并处在交互情势:

ca88yzc 3

      E,试行一雨后冬笋命令看看

scan

ca88yzc 4

scan_results

ca88yzc 5

        F,连WIFI的命令行,有以下两种:

for AP that doesn`t have encryption
>add_network (It will display a network id for you, assume it
returns 0)
>set_network 0 ssid “666”
>set_network 0 key_mgmt NONE
>enable_network 0
>quit

for AP that has WEP
>add_network (assume returns 1)
>set_network 1 ssid “666”
>set_network 1 key_mgmt NONE
>set_network 1 wep_key0 “your ap passwork”(if usting ASCII, it
need
double quotation marks, if using hex, then don`t need the double
quotation
marks)
>set_network 1 wep_tx_keyidx 0
>select_network 1 (optional, remember, if you are connecting with
another
AP, you should select it to disable the another)
>enable_network 1

for AP that has WPA-PSK/WPA2-PSK
>add_network (assume returns 2)
>set_network 2 ssid “666”
>set_network 2 psk “your pre-shared key”
>select_network 2 (optional, remember, if you are connecting with
another
AP, you should select it to disable the another)
>enable_network 2

     作者本身的实验图如下:

ca88yzc 6

以上进度就认证联网OK,能够上网了。

参照原版的书文:
/c?m=9f65cb4a8c8507ed4fece7631046893b4c4380146d96864968d4e414c42246100024b8ed7a66471980853a3c50f11e41bca770216c5d61aa9bc98b4addb9922b3bcd7a742613d51742c419de8a1c729f7e875a98ea42b3e1&p=8b2a975bcd8711a052eedb2f4a4c&newp=8b2a971f81822dec08e29e7d495d92695c02dc3051dcd14f2895ff0b&user=baidu&fm=sc&query=adb+shell+wifi&qid=&p1=4

参照他事他说加以考察原来的文章:

 

 

 

 

 

 

 

 

 

   
Android系统中对于WIFI的设置集成到了“设置”中,其实跟手动设置大致。这里介绍下什么样手动连接WIFI,以利于现在调节和测量试验WIFI。

       
第一步要做的正是要加载WIFI模块驱动了。当然要是您的WIFI是编写翻译到基本里面的,就没有供给的。我们的WIFI晶片用的是BCM4330,编写翻译为模块。

insmod /system/lib/modules/kernel/drivers/net/wireless/bcm4330/bcm4330.ko firmware_path=/system/vendor/firmware/bcm4330.bin
\ nvram_path=/system/vendor/firmware/nvram.txt

       那样驱动模块加载后,需求运行wpa_supplicant

root@android:/ # wpa_supplicant -Dwext -iwlan0
-C/data/system/wpa_supplicant -c/data/misc/wifi/wpa_supplicant.conf &
 

下一场ps|grep wpa看看有未有起来,在wifi职业进程中,那一个进度要一味都在的。

        接着运维顾客端wpa_cli举行配置并接连wifi销路广

130|root@android:/ # wpa_cli -p/data/system/wpa_supplicant -iwlan0
wpa_cli v0.8.x
Copyright (c) 2004-2011, Jouni Malinen <j@w1.fi> and
contributors

This program is free software. You can distribute it and/or modify it
under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the
BSD license. See README and COPYING for more details.

Interactive mode

其中/data/system/wpa_supplicant
是刚刚启航wpa_supplicant的时候创造的三个套接字

继之进行检索wifi

> scan
OK
<3>CTRL-EVENT-SCAN-RESULTS 

查看搜到的有啥火爆

> scan_result
bssid / frequency / signal level / flags / ssid
40:16:9f:67:0f:00       2462    -42    
[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][WPS][ESS]      
HHCN-NET
b0:48:7a:49:44:68       2437    -58     [WPA2-PSK-CCMP][WPS][ESS]
      HHTech.Arch
e0:05:c5:97:d8:5a       2412    -71    
[WPA-PSK-CCMP][WPA2-PSK-CCMP-preauth][ESS]      1103-5
40:16:9f:67:0c:a6       2412    -74    
[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][WPS][ESS]      
hardware
b0:48:7a:49:65:54       2437    -58    
[WPA-PSK-CCMP][WPA2-PSK-CCMP][WPS][ESS] Dept_driver

随之设置wifi,就总是Dept_driver那个抢手吧

> add_net
3
> set_net 3 ssid “Dept_driver”
OK

Dept_driver的加密方法是WPA2-PSK

> set_net 3 psk “password”
OK
> select_net 3
OK
<3>CTRL-EVENT-STATE-CHANGE id=0 state=0 BSSID=00:00:00:00:0[
2752.332061] dhd_aoe_hostip_clr failed code -23
0:00
<3>CTR[ 2752.337768] dhd_aoe_arp_clr failed code 1
L-EVENT-STATE-CHANGE id=-1 state=3 BSSID=00:00:00:00:00:00
<3>CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
<3>CTRL-EVENT-STATE-CHANGE id=-1 state=0 BSSID=00:00:00:00:00:00
<3>CTRL-EVENT-STATE-CHANGE id=-1 state=3 BSSID=00:00:00:00:00:00
<3>CTRL-EVENT-SCAN-RESULTS 
<3>WPS-AP-AVAILABLE 
<3>Trying to associate with b0:48:7a:49:65:54 (SSID=’Dept_driver’
freq=2437 MHz)
<3>CTRL-EVENT-STATE-CHANGE id=-1 state=5 BSSID=b0:48:7a:49:65:54
[ 2753.153717] wl_iw_set_essid: join SSID=Dept_driver ch=6
<3>CTRL-EVENT-STATE-CHANGE id=3 state=6 BSSID=b0:48:7a:49:65:54
<3>Associated with b0:48:7a:49:65:54
<3>CTRL-EVENT-STATE-CHANGE id=3 state=7 BSSID=00:00:00:00:00:00
<3>CTRL-EVENT-STATE-CHANGE id=3 state=8 BSSID=00:00:00:00:00:00
<3>WPA: Key negotiation completed with b0:48:7a:49:65:54
[PTK=CCMP GTK=CCMP]
<3>CTRL-EVENT-CONNECTED – Connection to b0:48:7a:49:65:54
completed (reauth) [id=3 id_str=]
<3>CTRL-EVENT-STATE-CHANGE id=3 state=9 BSSID=00:00:00:00:00:00

> enable_net 3
OK
> q

如此,就都安装好了,接着用dhcpd分配贰个IP地址

root@android:/ # dhcpcd wlan0                                          
       
dhcpcd[3940]: version 5.2.10 starting
dhcpcd[3940]: host does not support a monotonic clock – timing can
skew
dhcpcd[3940]: wlan0: rebinding lease of 192.168.1.216
dhcpcd[3940]: wlan0: acknowledged 192.168.1.216 from 192.168.1.1
`�’
dhcpcd[3940]: wlan0: leased 192.168.1.216 for 7200 seconds
dhcpcd[3940]: forked to background, child pid 3971
root@android:/ # busybox ifconfig wlan0                                
       
wlan0     Link encap:Ethernet  HWaddr AC:E8:7B:89:D3:C0  
          inet addr:192.168.1.216  Bcast:255.255.255.255
 Mask:255.255.255.0
          inet6 addr: fe80::aee8:7bff:fe89:d3c0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6637 errors:0 dropped:25 overruns:0 frame:0
          TX packets:4357 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:3825961 (3.6 MiB)  TX bytes:704832 (688.3 KiB)

这般就到位了。能够上网了。

 

 

 

wpa_supplicant软件架构分析

二〇一三年一月30日 ⁄ 综合 ⁄ 共
12345字 ⁄ 字号 小 中 大 ⁄
商量关闭

 

初稿地址:

1. 开首命令

wpa
supplicant 在运行时,运维命令能够富含比相当多参数,如今我们的运维命令如下:

wpa_supplicant /system/bin/wpa_supplicant -Dwext -ieth0
-c/data/wifi/wpa_supplicant.conf -f/data/wifi/wpa_log.txt

 

wpa_supplicant对于运转命令带的参数,用了五个数据结构来保存,

一个是 wpa_params, 另三个是wpa_interface.

那根本是考虑到wpa_supplicant是能够并且接济多个网络接口的。

wpa_params数据结构首要记录与网络接口毫不相关的一些参数设置。

而每三个网络接口就用二个wpa_interface数据结构来记录。

在运行命令行中,能够用-N来钦定将要描述多个新的网络接口,对于三个新的网络接口,能够用上边三个参数描述:

-i<ifname> : 网络接口名称

-c<conf>: 配置文件名称

-C<ctrl_intf>: 调控接口名称

-D<driver>: 驱动类型

-p<driver_param>: 驱动参数

-b<br_ifname>: 桥接口名称

 

2. wpa_supplicant 发轫化流程

2.1. main()函数:

在这一个函数中,首要做了四件事。

a. 剖析命令行传进的参数。

b. 调用wpa_supplicant_init()函数,做wpa_supplicant的初阶化职业。

c. 调用wpa_supplicant_add_iface()函数,扩充互连网接口。

d. 调用wpa_supplicant_run()函数,让wpa_supplicant真正的run起来。

 

2.2. wpa_supplicant_init()函数:

a. 打开debug 文件。

b. 注册EAP peer方法。

c. 申请wpa_global内部存款和储蓄器,该数据结构作为统领别的数据结构的三个主导, 首要归纳八个部分:

wpa_supplicant
*ifaces   /*每一个网络接口都有三个对应的wpa_supplicant数据结构,该指针指向前段时间步入的一个,在wpa_supplicant数据结构中有指针指向next*/

wpa_params params   /*起步命令行中带的通用的参数*/

ctrl_iface_global_priv *ctrl_iface  /*global 的调节接口*/

ctrl_iface_dbus_priv *dbus_ctrl_iface  /*dbus 的支配接口*/

d. 设置wpa_global中的wpa_params中的参数。

e. 调用eloop_init函数将全局变量eloop中的user_data指针指向wpa_global。

f. 调用wpa_supplicant_global_ctrl_iface_init函数早先化global 调整接口。

g. 调用wpa_supplicant_dbus_ctrl_iface_init函数开端化dbus 调控接口。

h. 将该daemon的pid写入pid_file中。

 

2.3. wpa_supplicant_add_iface()函数:

该函数依照运营命令行中带有的参数扩充互联网接口, 有几个就充实多少个。

a. 因为wpa_supplicant是与网络接口对应的重要的数据结构,所以,首先分配三个wpa_supplicant数据结构的内存。

b. 调用wpa_supplicant_init_iface() 函数来做互联网接口的上马职业,主要满含:

安装驱动类型,暗许是wext;

读取配置文件,并将内部的消息设置到wpa_supplicant数据结构中的conf 指针指向的数据结构,它是一个wpa_config类型;

命令行设置的决定接口ctrl_interface和驱动参数driver_param覆盖配置文件里设置,命令行中的优先;

拷贝互联网接口名称和桥接口名称到wpa_config数据结构;

对此互连网布局块有七个链表描述它,一个是 config->ssid,它根据布署文件中的顺序依次挂载在那几个链表上,还恐怕有一个是pssid,它是一个二级指针,指向多少个指针数组,该指针数组依照优先级从高到底的次第依次保存
wpa_ssid指针,一样优先级的在一样链表中挂载。

c. 调用wpa_supplicant_init_iface2() 函数,首要回顾:

调用wpa_supplicant_init_eapol()函数来起首化eapol;

调用相应品种的driver的init()函数;

设置driver的param参数;

调用wpa_drv_get_ifname()函数得到互连网接口的称谓,对于wext类型的driver,未有这几个接口函数;

调用wpa_supplicant_init_wpa()函数来起始化wpa,并做相应的初叶化职业;

调用wpa_supplicant_driver_init()函数,来开头化driver接口参数;在该函数的终极,会

wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;

wpa_supplicant_req_scan(wpa_s, interface_count, 100000);

来积极发起scan,

调用wpa_supplicant_ctrl_iface_init()函数,来早先化调节接口;对于UNIX
SOCKET这种方法,其当地socket文件是由布置文件里的ctrl_interface参数指定的不二等秘书技加上互联网接口名称;

 

2.4. wpa_supplicant_run()函数:

初始化达成以往,让wpa_supplicant的main event loop run起来。

在wpa_supplicant中,有成都百货上千与外边通讯的socket,它们都以须要登记 到eloop
event模块中的,具体地说,正是在eloop_sock_table中追加一项记录,在那之中富含了sock_fd,
handle, eloop_data, user_data。

eloop
event模块正是将那么些socket组织起来,统一处理,然后在eloop_run中使用select机制来治本socket的通讯。

 

3. Wpa_supplicant提供的接口

从通讯等级次序上划分,wpa_supplicant提供发展的主宰接口 control
interface,用于与别的模块(如UI)举行通信,其余模块能够经过control
interface 来获取音信或下发命令。Wpa_supplicant通过socket通讯机制落到实处下行接口,与根本实行通讯,获取新闻或下发命令。

 

3.1 上行接口

Wpa_supplicant提供二种格局的上行接口。一种基于古板dbus机制达成与其余进度间的IPC通讯;另一种通过Unix
domain socket机制落实进度间的IPC通讯。

3.1.1 Dbus接口

该接口首要在文书“ctrl_iface_dbus.h”,“ctrl_iface_dbus.c”,“ctrl_iface_dbus_handler.h”和“ctrl_iface_dbus_handler.c”中落实,提供一些主干的调控方法。

 

DBusMessage * wpas_dbus_new_invalid_iface_error(DBusMessage
*message);

 

DBusMessage * wpas_dbus_global_add_interface(DBusMessage *message,

                                        struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_remove_interface(DBusMessage
*message,

                                          struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_get_interface(DBusMessage *message,

                                        struct wpa_global *global);

 

DBusMessage * wpas_dbus_global_set_debugparams(DBusMessage
*message,

                                          struct wpa_global *global);

 

DBusMessage * wpas_dbus_iface_scan(DBusMessage *message,

                               struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_scan_results(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_bssid_properties(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s,

                                    struct wpa_scan_res *res);

 

DBusMessage * wpas_dbus_iface_capabilities(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_add_network(DBusMessage *message,

                                     struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_remove_network(DBusMessage *message,

                                        struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_set_network(DBusMessage *message,

                                     struct wpa_supplicant *wpa_s,

                                     struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_enable_network(DBusMessage *message,

                                        struct wpa_supplicant *wpa_s,

                                        struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_disable_network(DBusMessage
*message,

                                         struct wpa_supplicant
*wpa_s,

                                         struct wpa_ssid *ssid);

 

DBusMessage * wpas_dbus_iface_select_network(DBusMessage *message,

                                             struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_disconnect(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_set_ap_scan(DBusMessage *message,

                                          struct wpa_supplicant
*wpa_s);

 

DBusMessage * wpas_dbus_iface_set_smartcard_modules(

       DBusMessage *message, struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_get_state(DBusMessage *message,

                                   struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_get_scanning(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_set_blobs(DBusMessage *message,

                                    struct wpa_supplicant *wpa_s);

 

DBusMessage * wpas_dbus_iface_remove_blobs(DBusMessage *message,

                                      struct wpa_supplicant *wpa_s);

 

3.1.2 Unix domain socket 接口

该接口首要在文书“wpa_ctrl.h”,“wpa_ctrl.c”,“ctrl_iface_unix.c”,“ctrl_iface.h”和“ctrl_iface.c”实现。

 

(1)“wpa_ctrl.h”,“wpa_ctrl.c” 完毕对control
interface的包裹,对外提供统一的接口。其主要的做事是由此Unix domain
socket创立一个control
interface 的client结点,与作为server的wpa_supplicant结点通讯。

 

注重意义函数:

struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path);

/* 创建并伊始化贰个Unix domain
socket的client结点,并与作为server的wpa_supplicant结点绑定 */

void wpa_ctrl_close(struct wpa_ctrl *ctrl);

/* 打消并销毁已创制的Unix domain socket的client结点 */

 

int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd,
size_t cmd_len,

                   char *reply, size_t *reply_len,

                   void (*msg_cb)(char *msg, size_t len));

 

/* 顾客模块直接调用该函数对wpa_supplicant发送命令并获取所需消息

 * 能够发送的一声令下如附属类小部件1所示 */

Note:

       Wpa_supplicant 提供两种由外界模块获撤消息的办法:一种是外表模块通过发送request 命令然后拿走response的问答方式,另一种是wpa_supplicant主动向外界发送event事件,由外界模块监听接收。

 

       一般的常用做法是表面模块通过调用wpa_ctrl_open()四次,营造多个control
interface接口,一个为ctrl
interface,用于发送命令,获撤销息,另一个为monitor interface,用于监听接收来自于wpa_supplicant的event时间。此举能够裁减通讯的耦合性,幸免response和event的交互干扰。

 

int wpa_ctrl_attach(struct wpa_ctrl *ctrl);

/* 注册 某个 control interface 作为 monitor interface */

 

int wpa_ctrl_detach(struct wpa_ctrl *ctrl);

/* 撤消有些 monitor interface 为 普通的 control interface  */

 

int wpa_ctrl_pending(struct wpa_ctrl *ctrl);

/* 判别是或不是有挂起的event 事件 */

 

int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t
*reply_len);

/* 获取挂起的event 事件 */

 

(2)“ctrl_iface_unix.c”实现wpa_supplicant的Unix domain
socket通讯机制中server结点,完结对client结点的响应。

       其中最重大的七个函数为:

static void wpa_supplicant_ctrl_iface_receive(int sock, void
*eloop_ctx,

                                         void *sock_ctx)

/* 接收并剖析client发送request命令,然后依据分歧的授命调用底层差别的管理函数;

 * 然后将赢得response结果回馈到 client 结点。

 */

 

static void wpa_supplicant_ctrl_iface_send(struct
ctrl_iface_priv *priv,

                                      int level, const char *buf,

                                      size_t len)

/* 向注册的monitor interfaces 主动发送event事件 */

 

(3)“ctrl_iface.h”和“ctrl_iface.c”主要达成了各样request命令的平底处理函数。

 

3.2 下行接口

Wpa_supplicant提供的下行接口首要用来和kernel(driver)实行通讯,下发命令和获取新闻。

Wpa_supplicant下行接口首要不外乎三种首要的接口:

1.    PF_INET socket接口,主要用以向kernel 发送ioctl命令,调整并获取相应音讯。

2.    PF_NETLINK socket接口,首要用于收纳kernel发送上来的event 事件。

3.    PF_PACKET socket接口,首要用于向driver传递802.1X报文。

 

重大涉嫌到的文件包含:“driver.h”,“drivers.c”,“driver_wext.h”,“driver_wext.c”,“l2_packet.h”和
“l2_packet_linux.c”。其中“driver.h”,“drivers.c”,“driver_wext.h”和
“driver_wext.c”实现PF_INET socket接口和PF_NETLINK socket接口;“l2_packet.h”和“l2_packet_linux.c”实现PF_PACKET socket接口。

 

(1)“driver.h”,“drivers.c”
首要用于封装底层差距对外显示叁个同等的wpa_driver_ops接口。Wpa_supplicant可支撑atmel,
Broadcom, ipw, madwifi, ndis, nl80211, wext等多种使得。

其间贰个最珍视的数据结构为wpa_driver_ops, 其定义了driver相关的种种操作接口。

 

(2)“driver_wext.h”,“driver_wext.c”实现了wext形式的wpa_driver_ops,并创立了PF_INET socket接口和PF_NETLINK socket接口,然后经过那多少个接口实现与kernel的新闻互相。

 

Wext提供的多少个十分重要数据结构为:

struct wpa_driver_wext_data {

       void *ctx;

       int event_sock;

       int ioctl_sock;

       int mlme_sock;

       char ifname[IFNAMSIZ + 1];

       int ifindex;

       int ifindex2;

       int if_removed;

       u8 *assoc_req_ies;

       size_t assoc_req_ies_len;

       u8 *assoc_resp_ies;

       size_t assoc_resp_ies_len;

       struct wpa_driver_capa capa;

       int has_capability;

       int we_version_compiled;

 

       /* for set_auth_alg fallback */

       int use_crypt;

       int auth_alg_fallback;

 

       int operstate;

 

       char mlmedev[IFNAMSIZ + 1];

 

       int scan_complete_events;

};

其中event_sock 为PF_NETLINK socket接口,ioctl_sock为PF_INET socket借口。

 

Driver_wext.c达成了汪洋平底管理函数用于落实wpa_driver_ops操作参数,在那之中很主要的有:

void * wpa_driver_wext_init(void *ctx, const char *ifname);

/* 初始化wpa_driver_wext_data 数据结构,并创制PF_NETLINK socket和 PF_INET socket 接口 */

 

void wpa_driver_wext_deinit(void *priv);

/* 销毁wpa_driver_wext_data 数据结构,PF_NETLINK socket和 PF_INET socket 接口 */

 

static void wpa_driver_wext_event_receive(int sock, void
*eloop_ctx,

                                     void *sock_ctx);

/* 处理kernel主动发送的event事件的 callback 函数 */

 

谈起底,将促成的操作函数映射到三个大局的wpa_driver_ops类型数据结构 wpa_driver_wext_ops中。

 

const struct wpa_driver_ops wpa_driver_wext_ops = {

       .name = “wext”,

       .desc = “Linux wireless extensions (generic)”,

       .get_bssid = wpa_driver_wext_get_bssid,

       .get_ssid = wpa_driver_wext_get_ssid,

       .set_wpa = wpa_driver_wext_set_wpa,

       .set_key = wpa_driver_wext_set_key,

       .set_countermeasures = wpa_driver_wext_set_countermeasures,

       .set_drop_unencrypted =
wpa_driver_wext_set_drop_unencrypted,

       .scan = wpa_driver_wext_scan,

       .get_scan_results2 = wpa_driver_wext_get_scan_results,

       .deauthenticate = wpa_driver_wext_deauthenticate,

       .disassociate = wpa_driver_wext_disassociate,

       .set_mode = wpa_driver_wext_set_mode,

       .associate = wpa_driver_wext_associate,

       .set_auth_alg = wpa_driver_wext_set_auth_alg,

       .init = wpa_driver_wext_init,

       .deinit = wpa_driver_wext_deinit,

       .add_pmkid = wpa_driver_wext_add_pmkid,

       .remove_pmkid = wpa_driver_wext_remove_pmkid,

       .flush_pmkid = wpa_driver_wext_flush_pmkid,

       .get_capa = wpa_driver_wext_get_capa,

       .set_operstate = wpa_driver_wext_set_operstate,

};

 

(3)“l2_packet.h”和“l2_packet_linux.c”首要用于落到实处PF_PACKET socket接口,通过该接口,wpa_supplicant可以直接将802.1X
packet发送到L2层,而不通过TCP/IP左券栈。

 

里头第一的效应函数为:

struct l2_packet_data * l2_packet_init(

       const char *ifname, const u8 *own_addr, unsigned short
protocol,

       void (*rx_callback)(void *ctx, const u8 *src_addr,

                         const u8 *buf, size_t len),

       void *rx_callback_ctx, int l2_hdr);

/* 制造并起始化PF_PACKET socket接口,其中rx_callback 为从L2接收到的packet 管理callback函数 */

 

void l2_packet_deinit(struct l2_packet_data *l2);

/* 销毁 PF_PACKET socket接口 */

 

int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr,
u16 proto,

                 const u8 *buf, size_t len);

/* L2层packet发送函数,wpa_supplicant用此发送L2层 802.1X packet  */

 

static void l2_packet_receive(int sock, void *eloop_ctx, void
*sock_ctx);

/*  L2层packet接收函数,接收来自L2层数据后,将其发送到上层  */

4. Control interface commands

       PING

       MIB

       STATUS

       STATUS-VERBOSE

       PMKSA

       SET <variable> <valus>

       LOGON

       LOGOFF

       REASSOCIATE

       RECONNECT

       PREAUTH <BSSID>

       ATTACH

       DETACH

       LEVEL <debug level>

       RECONFIGURE

       TERMINATE

       BSSID <network id> <BSSID>

       LIST_NETWORKS

       DISCONNECT

       SCAN

       SCAN_RESULTS

       BSS

       SELECT_NETWORK <network id>

       ENABLE_NETWORK <network id>

       DISABLE_NETWORK <network id>

       ADD_NETWORK

       REMOVE_NETWORK <network id>

       SET_NETWORK <network id> <variable> <value>

       GET_NETWORK <network id> <variable>

       SAVE_CONFIG

正文译至:

wpa_supplicant 是跨平台的
WPAsupplicant,支持
WEP, WPA 和 WPA2 (IEEE
802.11i / 本田UR-VSN (罗布ust Secure
Network)). 能够在桌面、台式机以至嵌入式系统中动用。

wpa_supplicant 是在客商端选拔的 IEEE 802.1X/WPA 组件, 协理与 WPA
Authenticator 的并行,调控漫游和有线驱动的 IEEE 802.11 验证和关联。 

安装


官方软件商旅
中装置软件包 wpa_supplicant。

除此以外软件包 wpa_supplicant_gui
提供了图形分界面wpa_gui。 

启动

本节介绍运行wpa_supplicant的常用方法,选取叁个最契合您的。

systemd

wpa_supplicant提供各种劳务的文本:

  • wpa_supplicant.service
    使用 D-Bus,
    推荐 NetworkManager 的用户.
  • wpa_supplicant@.service
    接受接口名作为参数,并为该接口运转wpa_supplicant守护进度。它读取/etc/wpa_supplicant/wpa_supplicant-interface.conf的安插文件
  • wpa_supplicant-nl80211@.service
     也是接口特定的,但众人周知强制nl80211使得程序 (见下文).
    配置文件路线是/etc/wpa_supplicant/wpa_supplicant-nl80211-interface.conf
  • wpa_supplicant-wired@.service – 也是接口特定的, 使用 wired 驱动.
    配置文件路径是/etc/wpa_supplicant/wpa_supplicant-wired-interface.conf

dhcpcd

dhcpcd满含了三个钩子(默感觉启用)来机关运转相应无线接口的wpa_supplicant。它只在如下处境下运维:

  • 没有wpa_supplicant进程在该接口在监听。
  • 留存三个wpa_supplicant的铺排文件。dhcpcd 暗中同意检查
    /etc/wpa_supplicant.conf 和
    /etc/wpa_supplicant/wpa_supplicant.conf,但能够通过在/etc/dhcpcd.conf设置env
    wpa_supplicant_conf=configuration_file_path来增加自定义路线。

手动

wpa_supplicant接受五个命令行参数,极其是:

  • -B – 在后台实行
  • -c 文件名 -路线配置文件
  • -i 接口 – 监听的接口

至于全部的参数列表,参谋 man 8 wpa_supplicant。比方,常见的用法是:

# wpa_supplicant -B -i interface -c configuration_file

配置

wpa_supplicant提供了多少个参照布局文件/etc/wpa_supplicant/wpa_supplicant.conf,当中带有
了具备可用的选用及其用法和例子的详实文书档案。考虑先把它备份起来,因为上边描述的自发性抬高网络布局到wpa_supplicant.conf的法子下删除
了文本中的全体注释。

在其最简便易行的样式中,三个安顿文件,只供给三个网络布局块。举例:

/etc/wpa_supplicant/foobar.conf

network={
    ssid="..."
}

倘使你有多个安排文件,如前节所述,就足以运维wpa_supplicant守护进度,并行使三个静态IP或DHCP连接到有线网络。

wpa_passphrase

网络安排能够使用wpa_passphrase工具自动生成并增多到配置文件中。这在连年到需求密码的平安互联网时是可行的。譬如:

$ wpa_passphrase essid passphrase

network={
    ssid="essid"
    #psk="passphrase"
    psk=f5d1c49e15e679bebe385c37648d4141bc5c9297796a8a185d7bc5ac62f954e3
}

某些不胜复杂的口令大概须要从文件输入:

$ wpa_passphrase essid < passphrase.txt

提示:wpa_supplicant和wpa_passphrase能够组合起来关联到差不离全部的WPA2(个人)网络:

# wpa_supplicant -B -i interface -c <(wpa_passphrase essid passphrase)

点名驱动

你也许需求钦定叁个驱动来利用。关于援助的驱动程序的列表,请参见wpa_supplicant
-h的输出结果。

  • nl80211 是当前的标准,但不是兼具的有线微芯片的模块辅助。
  • wext 最近已不符合时机,但仍获得普及支持。

使用 -D 按键来钦赐驱动:

# wpa_supplicant -B -i interface -c configuration_file -D driver

使用 wpa_cli

wpa_supplicant能够透过动用wpa_cli命令,在运作时手动举行调节。要启用wpa_cli,wpa_supplicant守护进程必得被布置为通过在wpa_supplicant的安排文件(默许地点:/etc/wpa_supplicant
/wpa_supplicant.conf)设置ctrl_interface变量来创设叁个“调整接口”(套接字)。

客商也将急需经过点名能够访谈它的组来获准访谈该套接字。二个新的组或然为此被创建,况且客户增进到它,或已存在的组能够使用

  • 通常是 wheel。

下边包车型大巴设置将要/run/wpa_supplicant/中开创套接字并同意wheel组的积极分子开展探望:

ctrl_interface=DIR=/run/wpa_supplicant GROUP=wheel

能够因此wpa_cli修改的wpa_supplicant配置文件自己。那在手动增加新的互联网到安顿文件,而不要求另行启航wpa_supplicant守护进度时是卓有效率的。为了贯彻这一目的,在配置文件中安装update_config变量设置为1:

update_config=1

在wpa_cli最初以前,wpa_supplicant守护进度必需处于运维境况。(见#Starting精晓详细情形)。然后运营

$ wpa_cli

它会寻觅配置文件中加以地方的决定套接字,地方也足以行使p选项手动设置)。您能够动用-i选项配置的接口,不然的话将利用wpa_supplicant所管理的首先个被找到的有线接口。

当wpa_cli被调用时,将现出交互式提示符(>)。提醒包蕴tab
补全和已产生命令的求证。

使用wpa_cli增添二个新的互连网

环顾可用互连网,在>提醒符之后输入“scan”。在围观完结后将体现布告:

> scan
OK
<3>CTRL-EVENT-SCAN-RESULTS
>

接下来输入 “scan_results” 来显示结果:

> scan_results
bssid / frequency / signal level / flags / ssid
00:00:00:00:00:00 2462 -49 [WPA2-PSK-CCMP][ESS] MYSSID
11:11:11:11:11:11 2437 -64 [WPA2-PSK-CCMP][ESS] ANOTHERSSID
>

为了与MYSSID相关联,须求报告wpa_supplicant。在计划文件中的各类互连网是以零方始按数值进行索引。借令你增加了贰个新的网络,它会被相应地分配一个新数字。

> add_network
0
>

运用这几个数字来钦点你的装置使用到哪个网络。对于二个新的网络,在引号里设置其SSID:

> set_network 0 ssid "MYSSID"
OK
>

尽管你的有线接入点未有被爱慕,cli也显式地索要一个PSK,一样在引号内。密码必得是8-62个字符:

> set_network 0 psk "passkey"
OK
>

使能:

> enable_network 0
OK
>

将修改写入配置文件:

> save_config
OK
>

动作脚本

wpa_cli能够在后台方式下运作,并实施基于wpa_supplicant事件的钦定脚本。能够协助两类事件:连接和断开。一些景况变量可用以脚本,细节请参见man
8wpa_cli。

下边包车型大巴例证将选取桌面公告,公告有关事件的顾客:

#!/bin/bash

case "$2" in
    CONNECTED)
        notify-send "WPA supplicant: connection established";
        ;;
    DISCONNECTED)
        notify-send "WPA supplicant: connection lost";
        ;;
esac

牢记修改剧本为可实行,然后使用-a来传递脚本路线给wpa_cli:

$ wpa_cli -a path_to_script

另请参阅

  • Kernel.org wpa_supplicant
    documentation

 

 

 

此时此刻得以采纳wireless-tools 或wpa_supplicant工具来配置有线互联网。请记住首要的某个是,对有线网络的安排是全局性的,而非针对实际的接口。

wpa_supplicant是二个较好的挑三拣四,但劣势是它不协理具备的驱动。请浏览wpa_supplicant网址获得它所支撑的驱动列表。其他,wpa_supplicant近日不得不一而再到那二个你已经安顿好ESSID的有线互连网。wireless-tools帮衬大概全数的有线网卡和驱动,但它无法连接受那多少个只援助WPA的AP。

通过编写翻译后的wpa_supplicant源程序能够看到多少个重大的可进行工具:wpa_supplicant和wpa_cli。wpa_supplicant是基本程序,它和wpa_cli的涉及便是服务和顾客端的关联:后台运维wpa_supplicant,使用wpa_cli来搜索、设置、和连接互连网。

如何用wpa_supplicant使能三个wifi连接?

Step by step:

1、运行wpa_supplicant程序;

执行:/system/bin/wpa_supplicant -d -Dwext -iwlan0
-c/data/misc/wifi/wpa_supplicant.conf

其中:

-d :扩大调节和测量检验音信

-Dwext :wext,驱动名称

-iwlan0 :wlan0,互联网接口名称

/system/bin/wpa_supplicant :wpa_supplicant可试行程序path

/data/misc/wifi/wpa_supplicant.conf :wpa_supplicant的配置文件path

2、运行命令行工具wpa_cli ;

执行:wpa_cli -iwlan0
-p/data/system/wpa_supplicant

注,-p/data/system/wpa_supplicant中的wpa_supplicant并非可实施程序,而是个调节套接字。

此刻会进去互相格局。当中交互情势的指令如下表:

Full command

Short command

Description

status

stat

displays the current connection status

disconnect

disc

prevents wpa_supplicant from connecting to any access point

quit

q

exits wpa_cli

terminate

term

kills wpa_supplicant

reconfigure

recon

reloads wpa_supplicant with the configuration file supplied (-c parameter)

scan

scan

scans for available access points (only scans it, doesn’t display anything)

scan_result

scan_r

displays the results of the last scan

list_networks

list_n

displays a list of configured networks and their status (active or not, enabled or disabled)

select_network

select_n

select a network among those defined to initiate a connection (ie select_network 0)

enable_network

enable_n

makes a configured network available for selection (ie enable_network 0)

disable_network

disable_n

makes a configured network unavailable for selection (ie disable_network 0)

remove_network

remove_n

removes a network and its configuration from the list (ie remove_network 0)

add_network

add_n

adds a new network to the list. Its id will be created automatically

set_network

set_n

shows a very short list of available options to configure a network when supplied with no parameters.

See next section for a list of extremely useful parameters to be used with set_network and get_network.

get_network

get_n

displays the required parameter for the specified network. See next section for a list of parameters

save_config

save_c

saves the configuration

 

安装网络的着力格式:set_network <network id> <key>
<parameter> [<parameter>]

呈现网络新闻的宗旨格式:get_network <network id>
<key>

对应的参数如下表:

Key

Description

Parameters

ssid

Access point name

string

id_str

String identifying the network

string

priority

Connection priority over other APs

number (0 being the default low priority)

bssid

Mac address of the access point

mac address

scan_ssid

Enable/disbale ssid scan

0, 1, 2

key_mgmt

Type of key management

WPA-PSK, WPA_EAP, None

pairwise

Pairwise ciphers for WPA

CCMP, TKIP

group=TKIP

Group ciphers for WPA

CCMP, TKIP, WEP104, WEP40

psk

Pre-Shared Key (clear or encrypted)

string

wep_key0

WEP key (up to 4: wep_key[0123])

string

eap

Extensible Authentication Protocol

MD5, MSCHAPV2, OTP, GTC, TLS, PEAP, TTLS

identity

EAP identity string

string

password

EAP password

string

ca_cert

Pathname to CA certificate file

/full/path/to/certificate

client_cert

Pathname to client certificate

/full/path/to/certificate (PEM/DER)

private_key

Pathname to a client private key file

/full/path/to/private_key (PEM/DER/PFX)

eg.1、连接无加密的AP

>add_network (It will display a
network id for you, assume it returns 0)

>set_network 0 ssid “666”

>set_network 0 key_mgmt
NONE

>enable_network 0

>quit

eg.2、连接WEP加密AP

>add_network (assume return
1)

>set_network 1 ssid “666”

>set_network 1 key_mgmt
NONE

>set_network 1 wep_key0 “your ap
password”

>enable_network 1

eg.3、连接WPA-PSK/WPA2-PSK加密的AP

>add_network (assume return
2)

>set_network 2 ssid “666”

>set_network 2 psk “your pre-shared
key”

>enable_network 2

到此,wifi模块就能够接二连三上AP了。

3、以上是通过命令行工具wpa_cli来兑现wifi网络的连年。当然,也可以由此wpa_supplicant的布署文件来完结连接。

再回想下运维wpa_supplicant时举办的吩咐:

/system/bin/wpa_supplicant -d -Dwext
-iwlan0 -c/data/misc/wifi/wpa_supplicant.conf

大家在进行时加上了-c/data/misc/wifi/wpa_supplicant.conf,我们得以将我们要接二连三的AP的装置以自然的格式写入wpa_supplicant.conf配置文件中就可以。

eg.

ctrl_interface=DIR=/data/system/wpa_supplicant
GROUP=system update_config=1

network={

ssid=”my access point”

proto=WPA

key_mgmt=WPA-PSK

psk=”you pass words”

 

 

 

 

相关文章

Leave a Reply

电子邮件地址不会被公开。 必填项已用*标注