From ecc659c5fc44a1aedeab96ad777ecbe242dc948b Mon Sep 17 00:00:00 2001 From: Reyk Floeter Date: Tue, 27 Jun 2006 20:55:52 +0000 Subject: add the net80211 hostap options "nwflag hidenwid" for hidden SSID mode and "nwflag nobridge" to prevent inter-station communications. "hidenwid" will also work with wi(4) to replace the old -E 3 option of wicontrol. ok damien@ jmc@ --- sbin/ifconfig/ifconfig.8 | 36 +++++++++++++++++++++++++++++++++++- sbin/ifconfig/ifconfig.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 77 insertions(+), 2 deletions(-) (limited to 'sbin/ifconfig') diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 index bee632d7c92..2a076fd2805 100644 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ifconfig.8,v 1.131 2006/06/23 18:06:36 todd Exp $ +.\" $OpenBSD: ifconfig.8,v 1.132 2006/06/27 20:55:51 reyk Exp $ .\" $NetBSD: ifconfig.8,v 1.11 1996/01/04 21:27:29 pk Exp $ .\" $FreeBSD: ifconfig.8,v 1.16 1998/02/01 07:03:29 steve Exp $ .\" @@ -524,15 +524,18 @@ will begin advertising as master. .\" IEEE 802.11 .Sh IEEE 802.11 (WIRELESS DEVICES) .Nm ifconfig +.Bk -words .Op Fl M .Ar wireless-interface .Op Oo Fl Oc Cm bssid Ar bssid .Op Oo Fl Oc Cm chan Ar n +.Op Oo Fl Oc Ns Cm nwflag Ar flag .Op Cm nwid Ar id .Op Oo Fl Oc Cm nwkey Ar key .Op Oo Fl Oc Cm powersave .Op Cm powersavesleep Ar duration .Op Oo Fl Oc Cm txpower Ar dBm +.Ek .Pp The options are as follows: .Bl -tag -width Ds @@ -553,6 +556,37 @@ wireless network interfaces from the given channel ID Unset the desired channel to be used for IEEE 802.11-based wireless network interfaces. It doesn't affect the channel to be created for IBSS or hostap mode. +.It Cm nwflag Ar flag +Set a specified flag for the wireless network interface. +The flag name can be either +.Ql hidenwid +or +.Ql nobridge . +The +.Ql hidenwid +flag will hide the network ID (ESSID) in beacon frames when operating +in Host AP mode. +It will also prevent responses to probe requests with an unspecified +network ID. +The +.Ql nobridge +flag will disable the direct bridging of frames between associated +nodes when operating in Host AP mode. +Setting this flag will block and filter direct inter-station +communications. +.Pp +Note that the +.Ql hidenwid +and +.Ql nobridge +options do not provide any security. +The hidden network ID will be sent in clear text by associating +stations and can be easily discovered with tools like +.Xr tcpdump 8 +and +.Xr hostapd 8 . +.It Fl nwflag Ar flag +Remove a specified flag for the wireless network interface. .It Cm nwid Ar id Configure network ID for IEEE 802.11-based wireless network interfaces. The diff --git a/sbin/ifconfig/ifconfig.c b/sbin/ifconfig/ifconfig.c index 33f6919c838..ebd16e9af3c 100644 --- a/sbin/ifconfig/ifconfig.c +++ b/sbin/ifconfig/ifconfig.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifconfig.c,v 1.168 2006/06/23 21:41:30 reyk Exp $ */ +/* $OpenBSD: ifconfig.c,v 1.169 2006/06/27 20:55:51 reyk Exp $ */ /* $NetBSD: ifconfig.c,v 1.40 1997/10/01 02:19:43 enami Exp $ */ /* @@ -161,6 +161,8 @@ void setifchan(const char *, int); void setiftxpower(const char *, int); void setifpowersave(const char *, int); void setifpowersavesleep(const char *, int); +void setifnwflag(const char *, int); +void unsetifnwflag(const char *, int); void setifnetmask(const char *, int); void setifprefixlen(const char *, int); void setipxframetype(const char *, int); @@ -349,6 +351,8 @@ const struct cmd { { "peerkey", NEXTARG, 0, setsppppeerkey }, { "peerflag", NEXTARG, 0, setsppppeerflag }, { "-peerflag", NEXTARG, 0, unsetsppppeerflag }, + { "nwflag", NEXTARG, 0, setifnwflag }, + { "-nwflag", NEXTARG, 0, unsetifnwflag }, #endif /* SMALL */ #if 0 /* XXX `create' special-cased below */ @@ -1434,6 +1438,39 @@ setiftxpower(const char *val, int d) if (ioctl(s, SIOCS80211TXPOWER, (caddr_t)&txpower) == -1) warn("SIOCS80211TXPOWER"); } + +void +setifnwflag(const char *val, int d) +{ + static const struct ieee80211_flags nwflags[] = IEEE80211_FLAGS; + u_int i, flag = 0; + + for (i = 0; i < (sizeof(nwflags) / sizeof(nwflags[0])); i++) { + if (strcmp(val, nwflags[i].f_name) == 0) { + flag = nwflags[i].f_flag; + break; + } + } + if (flag == 0) + errx(1, "Invalid nwflag: %s", val); + + if (ioctl(s, SIOCG80211FLAGS, (caddr_t)&ifr) != 0) + err(1, "SIOCG80211FLAGS"); + + if (d) + ifr.ifr_flags &= ~flag; + else + ifr.ifr_flags |= flag; + + if (ioctl(s, SIOCS80211FLAGS, (caddr_t)&ifr) != 0) + err(1, "SIOCS80211FLAGS"); +} + +void +unsetifnwflag(const char *val, int d) +{ + setifnwflag(val, 1); +} #endif /* ARGSUSED */ @@ -1620,6 +1657,10 @@ ieee80211_status(void) txpower.i_mode == IEEE80211_TXPOWER_MODE_AUTO ? "(auto) " : ""); + if (ioctl(s, SIOCG80211FLAGS, (caddr_t)&ifr) == 0 && + ifr.ifr_flags) + printb_status(ifr.ifr_flags, IEEE80211_F_USERBITS); + putchar('\n'); if (net80211flag) ieee80211_listnodes(); -- cgit v1.2.3