wpa_supplicant messaging

Roy Marples uberlord
Thu Apr 14 03:09:06 PDT 2005


On Wed, 2005-04-13 at 21:16 -0700, Jouni Malinen wrote:
> On Wed, Apr 13, 2005 at 12:25:02PM +0100, Roy Marples wrote:
> 
> > I'm writing a daemon that listens to wpa_supplicant messages so that
> > external actions can be taken - such changing IP addresses on the
> > interface when wpa_supplicant changes which AP it's talking too.
> > 
> > So far I can successfully get terminate and deassociation messages.
> > 
> > However, I've hit a stumbling block. I can get association messages but
> > they don't contain enough information to be of use as security stuff
> > happens after association and there's no message for no security being
> > applied when none has been configured.
> 
> Which version of wpa_supplicant are you using? The current development
> version should have a single wpa_msg() call that is called at the
> completion of the full authentication, regardless of the security mode.

0.3.8 - and it does not have this afaik
If it does, then wpa_cli wasn't receiving it either.

> 
> > What I need is wpa_supplicant to send a message saying "SHOWTIME" or
> > similar to indicate that as far as wpa_supplicant is concerned the
> > interface is ready for use.
> 
> Is this enough (from CVS devel snapshot):
> 
> wpa_supplicant_set_state():
> 
>     if (state == WPA_COMPLETED && wpa_s->new_connection) {
> 	wpa_s->new_connection = 0;
> 	wpa_msg(wpa_s, MSG_INFO, "Connection to " MACSTR
> 	    " completed %s",
> 	    MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
> 	    "(reauth)" : "(auth)");

Yes, that would work


> > Whilst writing this daemon (working name wpa_action) I've also hit on an
> > improvement/addition I'd also like to see to make writing this and
> > similar programs easier.
> > 
> > At present, wpa_supplicant sends MSG_INFO with a string that is defined
> > in the .c files with extra information like MAC addresses. Whilst this
> > is good for us humans to read, it make writing programs like this a PITA
> > as we have parse parts of the string - and there's no guarantee that the
> > string won't change.
> 
> Similar reason was already used to define a bit more structured wpa_msg
> texts for password/identity/otp/pin requests. These use following
> format:
> 
> <2>CTRL-REQ-PIN-<network id>:PIN needed for SSID <ssid>
> 
> It is a compromise between something that can be parsed easily and
> something that humans can read..
> 
> > Below is an example of what I'd like to see.
> > 
> > #define MSG_EVENT_ASSOCIATED "ASSOCIATED"
> > #define MSG_EVENT_DEASSOCIATED "DEASSOCIATED"
> > #define MSG_EVENT_SHOWTIME "SHOWTIME"
> > #define MSG_EVENT_TERMINATING "TERMINATING"
> > 
> > wpa_msg(wpa_s, MSG_EVENT, MSG_EVENT_SHOWTIME)
> 
> Is the "Connection to <BSSID> completed ({,re}auth)" clear enough? I
> was not planning on changing it, but this would still be early enough
> for a change since I don't think anyone is yet using it (or if someone
> is; this is part of development branch.. be prepared for surprised ;-).

It's clear enough to me, but it's trying to get a program to understand
it.

I suppose I could continue to use regex though, but that's clunky imho.

> 
> I would use similar format to the password request here. For example:
> 
> <2>CTRL-EVENT-CONNECTED-<network id>:BSSID ({,re}auth)
> 
> Similar CTRL-EVENT- prefixes could be added to other places, too,
> although I would expect this connection completed message to be most
> important for external actions.
> 

Now we're getting somewhere.
MSG_INFO is fixed as 2 in an loose enum (I'd rather a strict enum or a
#define, but whatever)
If CTRL-EVENT-CONNECTED is a #define in a .h file then we're smoking as
we can work out our string constants and then simply trim the rest.

I would like to have as much as possible #defined in a .h file so if you
have the text for whatever reason, wpa_monitor and other programs can
get the same change without having to debug/recode, etc.

FYI I have wpa_monitor working with a development version of Gentoo
networking scripts, and it works perfectly (well, for me anyway). Stops
the interface (really deletes addresses but does not take it down) and
starts the interface for new network information based on the SSID
attached to.

-- 
Roy Marples <uberlord at gentoo.org>
Gentoo Linux Developer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20050414/166110ae/attachment.pgp 



More information about the Hostap mailing list