wpa_supplicant messaging

Jouni Malinen jkmaline
Wed Apr 13 21:16:56 PDT 2005

On Wed, Apr 13, 2005 at 12:25:02PM +0100, Roy Marples wrote:

> I'm writing a daemon that listens to wpa_supplicant messages so that
> external actions can be taken - such changing IP addresses on the
> interface when wpa_supplicant changes which AP it's talking too.
> So far I can successfully get terminate and deassociation messages.
> However, I've hit a stumbling block. I can get association messages but
> they don't contain enough information to be of use as security stuff
> happens after association and there's no message for no security being
> applied when none has been configured.

Which version of wpa_supplicant are you using? The current development
version should have a single wpa_msg() call that is called at the
completion of the full authentication, regardless of the security mode.

> What I need is wpa_supplicant to send a message saying "SHOWTIME" or
> similar to indicate that as far as wpa_supplicant is concerned the
> interface is ready for use.

Is this enough (from CVS devel snapshot):


    if (state == WPA_COMPLETED && wpa_s->new_connection) {
	wpa_s->new_connection = 0;
	wpa_msg(wpa_s, MSG_INFO, "Connection to " MACSTR
	    " completed %s",
	    MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
	    "(reauth)" : "(auth)");

> I could parse STATUS information for the required info, but I don't like
> that idea as it kind of defeats the messaging system in place.

"Connection to .." message is there to get rid of need to poll
wpa_supplicant continuously. The current information from the event
includes the current BSSID and whether this is the first authentication
with the network or not. If additional information is needed, it can be
requested through STATUS call.

> Whilst writing this daemon (working name wpa_action) I've also hit on an
> improvement/addition I'd also like to see to make writing this and
> similar programs easier.
> At present, wpa_supplicant sends MSG_INFO with a string that is defined
> in the .c files with extra information like MAC addresses. Whilst this
> is good for us humans to read, it make writing programs like this a PITA
> as we have parse parts of the string - and there's no guarantee that the
> string won't change.

Similar reason was already used to define a bit more structured wpa_msg
texts for password/identity/otp/pin requests. These use following

<2>CTRL-REQ-PIN-<network id>:PIN needed for SSID <ssid>

It is a compromise between something that can be parsed easily and
something that humans can read..

> Below is an example of what I'd like to see.

Is the "Connection to <BSSID> completed ({,re}auth)" clear enough? I
was not planning on changing it, but this would still be early enough
for a change since I don't think anyone is yet using it (or if someone
is; this is part of development branch.. be prepared for surprised ;-).

I would use similar format to the password request here. For example:

<2>CTRL-EVENT-CONNECTED-<network id>:BSSID ({,re}auth)

Similar CTRL-EVENT- prefixes could be added to other places, too,
although I would expect this connection completed message to be most
important for external actions.

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list