Using wpa_supplicant/hostapd in IKEv2 daemon...

Stjepan Gros sgros
Fri Aug 18 11:54:36 PDT 2006


I'm a member of a team that develops IKEv2 daemon
( and we would like to add EAP authentication to
daemon. There are several possible ideas how to do that.

First idea is to implement everything from stretch and the second is to
take existing code base (like wpa_supplicant/hostapd) and integrate it
into IKEv2 daemon. But, those two ideas require too much resources that
we don't have now so we would like to avoid them.

Now, the third solution is to write glue layer that would allow us to
take and pass EAP messages from/to wpa_supplicant/hostapd.

To minimize necessary changes we are thinking about leaving
wpa_supplicant/hostapd as a separate processes that communicate with
IKEv2 via some IPC mechanism. 

So, now we come to implementation and, of course, questions:

1. Generally, do you think is this idea feasible?

2. We are thinking at implementing glue code at the l2_packet level,
that just relays EAP packet to IKEv2 daemon (and vice versa). That is in
wpa_supplicant. Is this the best place? Note that we need raw EAP

3. There are no such files (l2_packet*) in hostapd so where is the best
place to do such thing in hostapd?

I think there will be more questions, but I think this will be enough
for start. :)

Thanks for help,
Stjepan Gros

More information about the Hostap mailing list