3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00
The iNet Wireless Daemon (iwd) project aims to provide a comprehensive Wi-Fi connectivity solution for Linux based devices. The core goal of the project is to optimize resource utilization: storage, runtime memory and link-time costs. https://iwd.wiki.kernel.org/
Go to file
James Prestwood e678d6655f netdev: signal handshake complete after setting all keys
Currently, netdev triggers the HANDSHAKE_COMPLETE event after completing
the SET_STATION (after setting the pairwise key). Depending on the timing
this may happen before the GTK/IGTK are set which will result in group
traffic not working initially (the GTK/IGTK would still get set, but group
traffic would not work immediately after DBus said you were connected, this
mainly poses a problem with autotests).

In order to fix this, several flags were added in netdev_handshake_state:
ptk_installed, gtk_installed, igtk_installed, and completed. Each of these
flags are set true when their respective keys are set, and in each key
callback we try to trigger the handshake complete event (assuming all the
flags are true). Initially the gtk/igtk flags are set to true, for reasons
explained below.

In the WPA2 case, all the key setter functions are called sequentially from
eapol. With this change, the PTK is now set AFTER the gtk/igtk. This is
because the gtk/igtk are optional and only set if group traffic is allowed.
If the gtk/igtk are not used, we set the PTK and can immediately trigger the
handshake complete event (since gtk_installed/igtk_installed are initialized
as true). When the gtk/igtk are being set, we immediately set their flags to
false and wait for their callbacks in addition to the PTK callback. Doing it
this way handles both group traffic and non group traffic paths.

WPA1 throws a wrench into this since the group keys are obtained in a
separate handshake. For this case a new flag was added to the handshake_state,
'wait_for_gtk'. This allows netdev to set the PTK after the initial 4-way,
but still wait for the gtk/igtk setters to get called before triggering the
handshake complete event. As a precaution, netdev sets a timeout that will
trigger if the gtk/igtk setters are never called. In this case we can still
complete the connection, but print a warning that group traffic will not be
allowed.
2018-10-26 15:26:49 -05:00
autotests auto-t: Change EAP-PWD to a common pwd setting key name 2018-10-25 14:52:41 -05:00
client client: Unify device sibling interface arg completion 2018-09-14 22:59:19 -05:00
doc doc: Add notes about running hostapd in a network namespace 2018-10-16 17:46:33 +02:00
linux nl80211: Update to the latest header 2018-04-04 09:38:46 -05:00
monitor monitor: Fix spelling errors spotted by lintian 2018-08-06 12:28:57 -05:00
plugins ofono: removed exit from parse_modem 2018-08-07 17:19:21 -05:00
src netdev: signal handshake complete after setting all keys 2018-10-26 15:26:49 -05:00
test test: Update the list-devices script 2018-09-24 13:42:13 -05:00
tools hwsim: limit "Unknown attribute type:" print 2018-10-24 16:23:12 -05:00
unit unit: Fix TTLS test 2018-10-19 10:00:10 -05:00
wired wired: Hook up EAP key material and event callback functions 2018-10-17 14:12:36 +02:00
.gitignore build: Prepare the systemd configuration option for extensions 2018-09-14 14:07:34 +02:00
acinclude.m4 build: Add -fno-exceptions to compiler flags 2018-10-04 10:28:02 +02:00
AUTHORS AUTHORS: Mention Jordan's contributions 2018-08-09 10:46:47 -05:00
bootstrap build: Add support for internal ELL compilation 2014-05-11 11:01:11 -07:00
bootstrap-configure tools: Add configure option and D-Bus policy file for hwsim utility 2018-09-14 15:24:15 +02:00
ChangeLog Release 0.10 2018-10-20 20:08:01 +02:00
configure.ac Release 0.10 2018-10-20 20:08:01 +02:00
COPYING build: Add COPYING and INSTALL template files 2014-05-22 10:09:24 -07:00
HACKING HACKING: Add Submitting Patches section 2015-01-22 08:53:10 -06:00
INSTALL build: Add COPYING and INSTALL template files 2014-05-22 10:09:24 -07:00
Makefile.am build: Include ell/utf8.h and ell/utf8.c into build objects 2018-10-26 21:22:37 +02:00
README README: Add description for --enable-external-ell option 2018-10-19 19:31:32 +02:00
TODO TODO: Add certificate element matching task 2018-08-30 14:39:00 -05:00

Wireless daemon for Linux
*************************

Copyright (C) 2013-2018  Intel Corporation. All rights reserved.


Compilation and installation
============================

In order to compile the source code you need following software packages:
	- GCC compiler
	- GNU C library
	- Embedded Linux library
	- readline (command line client)

To configure run:
	./configure --prefix=/usr

Configure automatically searches for all required components and packages.

To compile and install run:
	make && make install


Embedded Linux library
======================

In order to compile the daemon and control utility the development version
of Embedded Linux library is required to be present. The development
repositories can be found here:

	git://git.kernel.org/pub/scm/libs/ell/ell.git
	https://kernel.googlesource.com/pub/scm/libs/ell/ell.git

The build systems requires that the Embedded Linux library source code
is available on the same top level directory as the Wireless daemon
source code:

	.
	|--- ell
	|    |--- ell
	|    `--- unit
	`--- iwd
	     |--- src
	     `--- client

It is not required to build or install Embedded Linux library. The build
will happen when building the Wireless daemon and it will then be linked
internally.

When using --enable-external-ell build option, it is not required that the
Embedded Linux library source code is available in the top level directory.


Configuration and options
=========================

The configuration system provides switches to disable certain build time
configuration options which are generally useful and enabled by default:

	--disable-daemon

		Disable installation of Wireless daemon

		By default the Wireless daemon binary iwd is enabled and
		placed into --libexecdir directory.

	--disable-client

		Disable installation of Wireless client utility

		By default the Wireless client binary iwctl is enabled
		and place into --bindir directory.

	--disable-monitor

		Disable installation of Wireless monitor utility

		By default the Wireless monitor binary iwmon is enabled
		and place into --bindir directory.

	--disable-dbus-policy

		Disable installation of D-Bus system policy configuration

		By default the accompanying D-Bus policy file will be
		installed in the D-Bus data directory. The location of
		that directory will be automatically detected or can be
		manually configured via the --with-dbus-datadir option.

		The D-Bus policy is required for daemons to gain service
		name ownership and clients to access them. When disabling
		this option, manual installation of D-Bus polices is
		required.

		Note: This option affects all D-Bus policy configurations.

	--disable-systemd-service

		Disable installation of systemd service configuration

		By default the accompanying systemd service unit with
		D-Bus autostart configuration will be installed. The
		locations will be automatically detected or can be
		manually configured via --with-dbus-busdir option
		and --with-systemd-unitdir option.

		Using systemd is optional, but highly recommended. When
		disabling this option, manual installation is required.

		Note: This option affects all systemd unit setups.

When building for a system that wants to use wireless technology, disabling
any of the above options makes only limited sense. It may break the general
setup and usability for wireless connections.

The configuration system provides switches for optional build time features
that can be enabled if the functionality is required:

	--enable-external-ell

		Enable usage of external Embedded Linux library

		This allows using an externally installed Embedded Linux
		library instead of using the internal copy of ELL.

		Since the public API of Embedded Linux library  is not yet
		stable, the usage of the internal ELL copy is preferred.

	--enable-sim-hardcoded

		Enable support for hard coded SIM keys

		Note: With --disable-daemon this option is ignored

	--enable-ofono

		Enable support for oFono SIM authentication

		Note: With --disable-daemon this option is ignored

	--enable-wired

		Enable installation of Ethernet authentication daemon

		This allows enabling the Ethernet daemon binary ead which
		is then placed into --libexecdir directory.

		With this option the support for 802.1x for wired Ethernet
		connections can be enabled. It provides its own D-Bus
		policy and systemd configuration.

	--enable-hwsim

		Enable installation of Wireless simulation utility

		This allows enabling the Simulation daemon binary hwsim
		which is then placed into --bindir directory.

		With this utility and mac80211_hwim kernel module the
		simulation of 802.11 networks can be tested. It provides
		its own D-Bus policy configuration.

		This utility is only useful for developers and should not
		be considered for general installation. For this reason
		no systemd configuration is provided.

	--enable-tools

		Enable compilation of various testing utilities

		This enables building of all utilities that are however
		not installed and only useful during development.

	--enable-docs

		Enable generation of documentation and manual pages

		Note: This option does not provide any value right now


Netlink monitoring
==================

The included iwmon utility can be used to monitor the 802.11 subsystem
generic netlink commands and events. It uses the nlmon kernel driver
from Linux 3.10 and later. On startup network monitor interface named
named 'nlmon' is created unless another interface name is given on the
command line. If the monitor interface was created by the iwmon utility,
it will be removed on program exit.

Manually the monitor interface can be created using the following
commands:

	ip link add name nlmon type nlmon
	ip link set dev nlmon allmulticast on
	ip link set dev nlmon up

It is possible to create netlink traces in PCAP format using tcpdump
and then read them via iwmon utility:

	tcpdump -i nlmon -w trace-file.pcap

The resulting PCAP files will use Linux cooked packet format containing
packets with ARPHRD_NETLINK type. They can be read using iwmon:

	iwmon -r trace-file.pcap

At this time iwmon is not able to write PCAP files by itself. This might
change in future versions.

When also the authentication protocol traffic on port 0x888e (ETH_P_PAE)
is needed, then a second capture is required:

	tcpdump -i any 'ether proto 0x888e' -w trace-pae.pcap

It is possible to combine these two PCAP files using the mergecap utility
and create a combined trace file:

	mergecap -F pcap -w trace.pcap trace-file.pcap trace-pae.pcap

This will create a trace.pcap file that includes the complete picture
of nl80211 netlink traffic and authentication messages. All packets are
merged in chronological order based on timestamps.

Unfortunately it is not possible to instruct tcpdump filtering to do
this in a single capture. Post-processing of the PCAP files is required
at the moment.


Simulating devices
==================

The Linux driver mac80211_hwsim provides the functionality to simulate
Wireless devices using fake virtual air. Just load the module.

	modprobe mac80211_hwsim radios=0

Providing the radios=0 is important since otherwise it starts out with
two new Wireless radios by default.

With the provided hwsim utility it is now possible to add and remove
virtual radio devices.

	hwsim --create --keep
	hwsim --destroy=<radio-id>

The radio id assigned to each virtual device is its internal id used
by the Wireless device.


Information
===========

Mailing list:
	https://lists.01.org/mailman/listinfo/iwd

IRC:
	irc://irc.freenode.net/#iwd

Wiki:
	https://iwd.wiki.kernel.org/