星期二, 10月 25, 2005

周思博趣談軟體

這個網站我在2000年那時候就看過了,當時就覺得Team Work應該如此;今日看起更加堅定我的信念。

中文版 http://chinesetrad.joelonsoftware.com/

英文版 http://www.joelonsoftware.com/

中文版中有幾篇經典的文章,必讀的大概就是下面這篇
約耳測試: 邁向高品質的12個步驟

很可惜的是他英文網站變成Blog,以前看到的幾篇經典文章我找不到,中文版沒有的就不知從何看起。

星期日, 10月 23, 2005

在Cygwin console輸入、顯示中文

在Cygwin console輸入、顯示中文

需要在家目錄($HOME)下新增或編輯兩個檔案:
.inputrc 和 .bash_profile

在.inputrc中要有下面三行
set meta-flag on
set convert-meta off
set output-meta on

在.bash_profile中要有下面三行
export LESSCHARSET=latin1
alias less='/bin/less -r'
alias ls='/bin/ls -F --color=tty --show-control-chars'

請參考Cygwin FAQWhy don't international (Unicode) characters work?

中文字型問題

開放原碼軟體社群討論區
http://www.cosa.org.tw/forum/index.php?action=profile;u=74;sa=showPosts

打造 Unicode 的環境

Debian下Java 1.5中文字體配置

Mono compiler

剛才寫了一個mono的Hello.cs
{
public static void Main()
{
System.Console.WriteLine("Hello World");
}
}

~>mcs hello.cs
~>mono hello.exe
Hello World
後來去Mono站看一下,發現己經支援C# 2.0,但要換compiler
~>gmcs hello.cs
~>mono hello.exe
Hello World

微軟真是過份,居然標準格式就是一個MZ檔,這是那門子的標準,ECMA太好騙了吧。

能夠執行很不錯,有空再來仔細測看看相容性如何

FreeBSD 6 無線網路設定

Wireless Network

剛才去freebsd看6.0何時Release,上面寫很多doc待更新,無意中找到這篇設定方法,是目前最完整的資料。

<sam@FreeBSD.org>

loader

$FreeBSDMall: doc/en_US.ISO8859-1/articles/wireless/article.sgml,v 1.12 2005/09/15 08:57:52 loader Exp $


1 Wireless networking basics

Wireless networks are based on the IEEE 802.11 standards. A basic wireless network consists of multiple stations communicating with radios that broadcast in either the 2.4GHz or 5GHz band (though this varies according to the locale and is also changing to enable communication in the 2.3Ghz and 4.9Ghz ranges).

802.11 networks are organized in two ways: in a BSS one station acts as a master with all the other stations associating to it; this is termed infrastructure mode and the master station is termed an access point (AP). In BSS mode all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly know as an adhoc network.

802.11 networks were first created in the 2.4GHz band using protocols defined by the IEEE 802.11b standard. These specifications include the operating frequencies, MAC layer characteristics including framing and transmission rates (communication can be done at various rates). Later the 802.11a standard defined operation in the 5GHz band, including different signalling mechanisms and higher transmission rates. Still later the 802.11g standard was defined to enable use of 802.11a signalling and transmission mechanisms in the 2.4GHz band in such a way as to be backwards compatible with 802.11b networks.

Separate from the underlying transmission techniques 802.11 networks have a variety of security mechanisms. The original 802.11 specifications defined a simple security protocol called WEP. This protocol uses a fixed pre-shared key and the RC4 cryptographic cipher to encode data transmitted on a network. Stations must all agree on the identity of the fixed key in order to communmicate. This scheme was shown to be easily broken and is now rarely used except to discourage transient users from joining networks. Current security practice is given by the IEEE 802.11i specification which defines new cryptographic ciphers and an additional protocol to authenticate stations to an access point and exchange keys for doing data communication. Further, cryptographic keys are periodically refreshed and there are mechanisms for detecting intrusion attempts (and for countering intrusion attempts). Another security protocol specification commonly used in wireless networks is termed WPA. This was a precursor to 802.11i defined by an industry group as an interim measure while waiting for 802.11i to be ratified. WPA specifies a subset of the requirements found in 802.11i and is designed for implementation on legacy hardware. Specifically WPA defines the TKIP protocol that is derived from the original WEP protocol. 802.11i permits use of TKIP but most stations will instead use the AES cipher for encrypting data; a cipher that is too computationally costly to be implemented on legacy hardware.

[no mention of 802.1x]

Other than the above protocol standards the other important standard to be aware of is 802.11e. This defines protocols for deploying multi-media applications such as streaming video and voice over IP (VoIP) in an 802.11 network. Like 802.11i, 802.11e also has a precursor specification termed WME (and now WMM) that has been defined by an industry group as a subset of 802.11e that can be implemented now to enable multi-media applications while waiting for the final ratification of 802.11e. The most important thing to understand about 802.11e and WME/WMM is that it enables prioritized traffic use of a wireless network through Quality of Service (QoS) protocols and enhanced media access protocols. Proper implementation of these protocols enable high speed bursting of data and prioritized traffic flow.

FreeBSD 6.0 supports networks that operate using 802.11a, 80.211b, and 802.11g. The WPA and 802.11i security protocols are likewise supported (in conjunction with any of 11a, 11b, and 11g) and QoS and traffic prioritization required by the WME/WMM protocols are supported for a limited set of wireless devices.


2 Basic setup

2.1 Kernel config

To use wireless networking you need a wireless networking card and to configure the kernel with the appropriate wireless networking support. The latter is separated into multiple modules so that you need only configure the software you are actually going to use.

The first thing you need is a wireless device. The most commonly used devices are those that use parts made by Atheros. These devices are supported by the ath driver and require the following modules:

device ath               # Atheros IEEE 802.11 wireless network driver
device ath_hal # Atheros Hardware Access Layer
device ath_rate_sample # John Bicket's SampleRate control algorithm.

The Atheros driver is split up into three separate pieces: the driver proper (ath), the hardware support layer that handles chip-specific functions (ath_hal), and an algorithm for selecting which of several possible rates for transmitting frames (ath_rate_sample here). If instead of an Atheros device you had another device you would select the module for that device; e.g.

device wi

for devices based on the Intersil Prism parts.

With a device driver configured you need to also bring in the 802.11 networking support required by the driver. For the ath driver this is at least the wlan module:

device wlan              # 802.11 support (Required)

Past this you will need the modules that implement cryptographic suport for the security protocols you intend to use. These are intended to be dynanmically loaded on demand by the wlan module but for now they must be statically configured. The following modules are available:

device wlan_wep          # WEP crypto support for 802.11 devices
device wlan_ccmp # AES-CCMP crypto support for 802.11 devices
device wlan_tkip # TKIP and Michael crypto support for 802.11 devices

wlan_ccmp and wlan_tkip are only needed if you intend to use the WPA and/or 802.11i security protocols. If your network is to run totally open (i.e. with no encryption) then you don't even need the wlan_wep support.

Aside from the above modules there are two other modules that are needed only if you intend to operate an access point (AP) and plan to enable WPA/802.11i/802.1x. The wlan_xauth module is used to construct an authenticator based on the hostapd program; it delegates authentication requests for stations associating to an access point to an external agent (hostapd in this case). The wlan_acl module implements an access control mechanism whereby an AP can restrict the stations that associate based on their MAC address. Like WEP this is provided to discourage casual users from joining a network; in practice it provides little true security to a wireless network. In summary you might add one or both of the following to your configuration if you plan to build an access point:

device wlan_xauth        # External authenticator support for 802.11 devices
device wlan_acl # MAC-based ACL support for 802.11 devices

With this information in the kernel configuration file, recompile the kernel and reboot your FreeBSD box (or load the modules using kldload in which case there is no need to reboot).


2.2 Load the wireless crypto support modules

# vi /boot/loader.conf 
wlan_wep_load="YES"
wlan_tkip_load="YES"
wlan_ccmp_load="YES"
wlan_xauth_load="YES"
wlan_acl_load="YES"

Note: You may the choose the crypto services support you need: either to compile them in the kernel or to load the .ko modules. Please note that you need to configure those modules manually as the kernel is not yet able to dynamically load them on-demand.

When the system is up, we could find some information about the device in the boot message, like this:

ath0:  mem 0xff9f0000-0xff9fffff irq 17 at device 2.0 on pci2
ath0: Ethernet address: 00:11:95:d5:43:62
ath0: mac 7.9 phy 4.5 radio 5.6

2.3 Project 'EVIL'

----- Add something about the ndis(4)? -----


3 Infrastructure Mode

3.1 FreeBSD Clients

3.1.1 How to find the access points

--------Add some words about 'scan & list scan' ? --------

# ifconfig ath0 up scan
dlinkap 00:13:46:49:41:76 6 54M 29:0 100 EPS WPA WME
freebsdap 00:11:95:c3:0d:ac 1 54M 22:0 100 EPS WPA

Initiate a scan of neighboring stations, wait for it to complete, and display all stations found. Only the super-user can initiate a scan. Depending on the capabilities of the APs, the following flags can be included in the output:

E

Extended Service Set (ESS). Indicates that the station is part of an infrastructure network (in contrast to an IBSS/ad-hoc network).

I

IBSS/ad-hoc network. Indicates that the station is part of an ad-hoc network (in contrast to an ESS network).

P

Privacy. Data confidentiality is required for all data frames exchanged within the BSS. This means that this BSS requires the station to use cryptographic means such as WEP, TKIP or AES-CCMP to encrypt/decrypt data frames being exchanged with others.

S

Short Preamble. Indicates that the network is using short preambles (defined in 802.11b High Rate/DSSS PHY, short pre- amble utilizes a 56 bit sync field in contrast to a 128 bit field used in long preamble mode).

s

Short slot time. Indicates that the network is using a short slot time.

list scan: Display the access points and/or ad-hoc neighbors located in the vicinity. This information may be updated automatically by the adaptor and/or with a ``scan'' request. ``list ap'' is another


3.1.2 Basic Settings

This is just an simple example showing how to make the wireless network adapter work in FreeBSD. We strongly recommand using WPA to setup your wireless network.


3.1.2.1 DHCP

simply edit /etc/rc.conf and add:

ifconfig_ath0="DHCP"

If there are multiple access points, you must set an ssid to locate one by name.

ifconfig_ath0="ssid your_ssid_here DHCP"

Bring up the interface after the system is up:

# /etc/rc.d/netif start 

3.1.2.2 Static IP Address

try to set an IP address, if there's more than one wireless network, we need to specify the ssid

# ifconfig ath0 inet 192.168.1.100 netmask 255.255.255.0 ssid your_ssid_here 

Now, run ifconfig again to see the status of the interface ath0

# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
status: associated
ssid dlinkap channel 6 bssid 00:13:46:49:41:76
authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

3.1.3 WPA

WPA (Wi-Fi Protected Access) is basically TKIP + 802.1X. TKIP (Temporary Key Integrity Protocol) the part of 802.11i standard which is designed to fix the weakness of WEP and it can be used with the old 802.11 standard.

RSN (WPA2) uses CCMP (Counter Mode with CBC-MAC Protocol) instead of TKIP.


3.1.3.1 WPA-PSK

A pre-shared key (PSK) will be generated from a given password and will be used as the master key in the wireless network.

Please use good passwords that are sufficiently long and made from a rich alphabet so they won't be guessed and/or attacked.

# vi /etc/wpa_supplicant.conf

network={
ssid="freebsdap"
psk="freebsdmall"
}
# vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ...

Then, let's bring up the interface:

# /etc/rc.d/netif start
Starting wpa_supplicant.
DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 5
DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 6
DHCPOFFER from 192.168.0.1
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
protmode CTS roaming MANUAL bintval 100

Or you can try to config it manually:

Using the same /etc/wpa_supplicant.conf above, and run:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=TKIP GTK=TKIP]

And run the dhclient command:

# dhclient ath0
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.1
bound to 192.168.0.254 -- renewal in 300 seconds.

# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/48Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
protmode CTS roaming MANUAL bintval 100

Note: If the /etc/rc.conf is setup with:

ifconfig_ath0="DHCP"
then it's no need to run the dhclient command manually, dhclient will be launched after wpa_supplicant plumbs the keys.

----- Should I remove the following section? -----

And also, you can set an static IP address:

# ifconfig ath0 inet 192.168.0.100 netmask 255.255.255.0

# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.100 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/36Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit txpowmax 36
protmode CTS roaming MANUAL bintval 100

# route add default your_default_routeer

# echo "nameserver your_DNS_server" >> /etc/resolv.conf

3.1.3.2 EAP-TLS
# vi /etc/wpa_supplicant.conf

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=TLS
identity="loader"
ca_cert="/etc/certs/cacert.pem"
client_cert="/etc/certs/clientcert.pem"
private_key="/etc/certs/clientkey.pem"
private_key_passwd="freebsdmallclient"
}
# vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ...
# /etc/rc.d/netif start
Starting wpa_supplicant.
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300 seconds.
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

----- Should I remove the following section? -----

We also can bring up the interface manually:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP]
# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.1.3.3 EAP-TTLS
# vi /etc/wpa_supplicant.conf

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=TTLS
identity="test"
password="test"
ca_cert="/etc/certs/cacert.pem"
phase2="auth=MD5"
}
# vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ...
# /etc/rc.d/netif start
Starting wpa_supplicant.
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300 seconds.
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

----- Should I remove the following section? -----

We also can bring up the interface manually:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP]
# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.1.3.4 EAP-PEAP
# vi /etc/wpa_supplicant.conf

network={
ssid="freebsdap"
proto=RSN
key_mgmt=WPA-EAP
eap=PEAP
identity="test"
password="test"
ca_cert="/etc/certs/cacert.pem"
phase1="peaplabel=0"
phase2="auth=MSCHAPV2"
}
# vi /etc/rc.conf

... ... ...

ifconfig_ath0="WPA DHCP"

... ... ...
# /etc/rc.d/netif start
Starting wpa_supplicant.
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPREQUEST on ath0 to 255.255.255.255 port 67
DHCPACK from 192.168.0.20
bound to 192.168.0.254 -- renewal in 300 seconds.
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.254 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

----- Should I remove the following section? -----

We also can bring up the interface manually:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:11:95:c3:0d:ac (SSID='freebsdap' freq=2412 MHz)
Associated with 00:11:95:c3:0d:ac
EAP-MSCHAPV2: Authentication succeeded
EAP-TLV: TLV Result - Success - EAP-TLV/Phase2 Completed
WPA: Key negotiation completed with 00:11:95:c3:0d:ac [PTK=CCMP GTK=TKIP]
# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy ON deftxkey UNDEF TKIP 2:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.1.4 WEP

WEP (Wired Equivalent Privacy) is part of the original 802.11 standard. There is no authentication mechanism, only a weak form of access control, and it's easily to be cracked.

First, please make sure 「device wlan_wep」 is compiled in the kernel or module 「wlan_wep.ko」 is loaded

# ifconfig ath0 inet 192.168.1.100 netmask 255.255.255.0 ssid dlinkap       wepmode on weptxkey 3 wepkey 3:0x3456789012 
# ifconfig
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
status: associated
ssid dlinkap channel 6 bssid 00:13:46:49:41:76
authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36
protmode CTS bintval 100
  • The 「weptxkey」 means which WEP key will be used in the transmission. Here we used the third key.

  • The 「wepkey」 means setting the selected WEP key. It should in the index:key format, If the index is not give, key 1 is set. That is to say we need to set the index if we use other keys rather than the first key.

And wpa_supplicant also can be used to locate and configure access points which configured with WEP.

Set it working like the example above:

# vi /etc/wpa_supplicant.conf

network={
ssid="dlinkap"
key_mgmt=NONE
wep_key2=3456789012
wep_tx_keyidx=2
}
# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf
Trying to associate with 00:13:46:49:41:76 (SSID='dlinkap' freq=2437 MHz)
Associated with 00:13:46:49:41:76

3.2 FreeBSD Host Access Points

FreeBSD also can function as an Access Point, and now it supports WPA with the hostapd.


3.2.1 host-based access point:

----- Should I remove this section? -----

The host side:

# ifconfig ath0 inet 192.168.0.120 netmask 255.255.255.0 ssid freebsdap mode 11g mediaopt hostap 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
ether 00:11:95:c3:0d:ac
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode OPEN privacy OFF txpowmax 36 protmode CTS dtimperiod 1
bintval 100

The client side:

# ifconfig ath0 up scan
SSID BSSID CHAN RATE S:N INT CAPS
freebsdap 00:11:95:c3:0d:ac 1 54M 19:0 100 ES
dlinkap 00:13:46:49:41:76 6 54M 30:0 100 EPS WPA WME
# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 ssid freebsdap 
# ifconfig -v ath0
ath0: flags=8843 mtu 1500
inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

3.2.2 WEP:

The host side:

# ifconfig ath0 inet 192.168.0.120  netmask 255.255.255.0 ssid freebsdap     wepmode on weptxkey 3 wepkey 3:0x3456789012 mode 11g mediaopt hostap 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
ether 00:11:95:c3:0d:ac
media: IEEE 802.11 Wireless Ethernet autoselect mode 11g
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36
protmode CTS dtimperiod 1 bintval 100

The client side:

# ifconfig ath0 up scan
SSID BSSID CHAN RATE S:N INT CAPS
freebsdap 00:11:95:c3:0d:ac 1 54M 20:0 100 EPS
dlinkap 00:13:46:49:41:76 6 54M 30:0 100 EPS WPA WME
# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 ssid freebsdap     wepmode on weptxkey 3 wepkey 1:0x3456789012 
# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.130 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode OPEN privacy ON deftxkey 3 wepkey 3:40-bit txpowmax 36
protmode CTS roaming DEVICE bintval 100

3.2.3 WPA-PSK

The host side:

# vi /etc/hostapd.conf

interface=ath0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=freebsdap
wpa=1
wpa_passphrase=freebsdmall
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP

And run:

# /usr/sbin/hostapd /etc/hostapd.conf 
# ifconfig ath0 mediaopt hostap 

The client side:

# ifconfig ath0 up scan
dlinkap 00:13:46:49:41:76 6 54M 29:0 100 EPS WPA WME
freebsdap 00:11:95:c3:0d:ac 1 54M 22:0 100 EPS WPA
# vi /etc/wpa_supplicant

network={
ssid="freebsdap"
psk="freebsdmall"
}

And run:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf

# ifconfig ath0 inet 192.168.0.130 netmask 255.255.255.0 
# ifconfig -v ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (DS/11Mbps)
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA privacy ON deftxkey UNDEF TKIP 2:128-bit TKIP 3:128-bit
txpowmax 36 protmode CTS roaming MANUAL bintval 100

3.2.4 EAP-TLS:

------ Should I add a section about generating the SSL keys/certificates? -----

# vi /etc/hostapd.conf

interface=ath0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=freebsdap
ieee8021x=1
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=freebsdmallradius
wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP TKIP

I installed net/freeradius and it's running on the same host.

# vi /usr/local/etc/raddb/clients.conf

client 127.0.0.1 {
secret= freebsdmallradius
shortname= localhost
}
# vi /usr/local/etc/raddb/users

"loader" Auth-Type := EAP
# vi /usr/local/etc/raddb/eap.conf

eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = freebsdmallserver
private_key_file = /home/loader/radius/serverkey.pem
certificate_file = /home/loader/radius/servercert.pem
CA_file = /home/loader/radius/CA_nlab/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/urandom
fragment_size = 1024
}
mschapv2 {
}
}
# /usr/local/etc/rc.d/radiusd.sh start 
# hostapd /etc/hostapd-eap-tls.conf

# ifconfig ath0 mediaopt hostap 
# ifconfig ath0
ath0: flags=8843 mtu 2290
inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:c3:0d:ac
media: IEEE 802.11 Wireless Ethernet autoselect <:hostap> (autoselect )
status: associated
ssid freebsdap channel 1 bssid 00:11:95:c3:0d:ac
authmode WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit
TKIP 3:128-bit txpowmax 0 protmode CTS dtimperiod 1 bintval 100

On the client side:

# wpa_supplicant -d -K -i ath0 -c /etc/wpa_supplicant.conf


3.2.5 EAP-TTLS

Using the same /etc/hostapd.conf in the EPA-TLS section.

# vi /usr/local/etc/raddb/eap.conf

eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = freebsdmallserver
private_key_file = /home/loader/radius/serverkey.pem
certificate_file = /home/loader/radius/servercert.pem
CA_file = /home/loader/radius/CA_nlab/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/urandom
fragment_size = 1024
}
ttls {
default_eap_type = md5

}
mschapv2 {
}
}
# vi /usr/local/etc/raddb/users

"test" User-Password == "test"
# hostapd /etc/hostapd.conf 

The client side:

# wpa_supplicant -i ath0 -c /etc/wpa_supplicant.conf 

3.2.6 EAP-PEAP

The host side:

Using the same /etc/hostapd.conf in the EPA-TLS section.

# vi /usr/local/etc/raddb/eap.conf

eap {
default_eap_type = peap
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
gtc {
auth_type = PAP
}
tls {
private_key_password = freebsdmallserver
private_key_file = /home/loader/radius/serverkey.pem
certificate_file = /home/loader/radius/servercert.pem
CA_file = /home/loader/radius/CA_nlab/cacert.pem
dh_file = ${raddbdir}/certs/dh
random_file = /dev/urandom
fragment_size = 1024
}

peap {
default_eap_type = mschapv2
}
mschapv2 {
}
}

/usr/local/etc/raddb/users:

# vi /usr/local/etc/raddb/users

"test" User-Password == "test"
# hostapd /etc/hostapd.conf 

The client side:

# wpa_supplicant -d -i ath0 -c /etc/wpa_supplicant.conf


4 Ad-hoc mode

On the box A:

# ifconfig ath0 inet 192.168.0.1 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc

# ifconfig ath0
ath0: flags=8843 mtu 1500
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::211:95ff:fec3:dac%ath0 prefixlen 64 scopeid 0x4
ether 00:11:95:c3:0d:ac
media: IEEE 802.11 Wireless Ethernet autoselect (autoselect )
status: associated
ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac
authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

On the box B:

# ifconfig ath0 up scan
SSID BSSID CHAN RATE S:N INT CAPS
dlinkap 00:13:46:49:41:76 6 54M 30:0 100 EPS WME
freebsdap 02:11:95:c3:0d:ac 2 54M 19:0 100 IS
# ifconfig ath0 inet 192.168.0.2 netmask 255.255.255.0 ssid freebsdap mediaopt adhoc

# ifconfig ath0
ath0: flags=8843 mtu 1500
inet6 fe80::211:95ff:fed5:4362%ath0 prefixlen 64 scopeid 0x1
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
ether 00:11:95:d5:43:62
media: IEEE 802.11 Wireless Ethernet autoselect (autoselect )
status: associated
ssid freebsdap channel 2 bssid 02:11:95:c3:0d:ac
authmode OPEN privacy OFF txpowmax 36 protmode CTS bintval 100

5 Monitor mode

This is a place holder.


6 Troubleshooting

----- This part should be imporved. ------

  • running wpa_supplicant and/or hostapd with 「-dd」 option.

  • running 80211debug/80211stats tools in /usr/src/tools/tools/ath, like this:

    # ./80211debug +state +auth +debug +assoc +xrate +power +scan +wme
    net.wlan.0.debug: 0xc80000 => 0x44ec0400
  • Send all the debug information to sam@?(Is this okay?)


This, and other documents, can be downloaded from ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

For questions about FreeBSD, read the documentation before contacting <questions@FreeBSD.org>.
For questions about this documentation, e-mail <
doc@FreeBSD.org>.

網站分級標章

網站分級是好事,問題是在下面這個下載頁
http://www.ticrf.org.tw/chinese/html/06-rating-5.htm




上面這個圖就夠大了,這個下載圖也未免太大了吧...
台灣的公務員是怎麼想的,唉呀~

我不要幫你修電腦

無意中看到這篇
No, I won’t fix your computer
居然有 ,實在是太經典。
前天幫女友的同學修電腦到快凌晨一點,特別有感觸~
No, I will not fix your computer

我才不要幫你修電腦 (Sosumi!)


記憶體沒插牢,你自己去插牢
主機板嗶嗶叫,就讓他繼續叫
就算是螢幕燒掉還是被雷打到
我才不要幫你修電腦

管你不能上網,是如何的煎熬
管你不能列印,工作都亂糟糟
出了什麼問題我統統都不知道
我才不要幫你修電腦

我不要,我才不要,我才不要沒事幫你修電腦
我不要,我才不要,我憑什麼非要幫你修到好?
我不要,我就是不要,我又不是為了你才學電腦
電腦修到好,你也不會對我比較好

我不要,我才不要,我才不要沒事幫你修電腦
我不要,我才不要,我憑什麼非要幫你修到好?
我不要,我就是不要,我又不是為了你才學電腦
電腦修得好,只會要飯要到老

No, I won’t fix your computer
我才不要幫你修電腦 No!No!No!No!
No, I won’t fix your computer
我才不要幫你修電腦

星期六, 10月 22, 2005

Blogger比較好用

MSN Spaces比起來,Blogger確實比較快,使用者介面也簡單很多,
連html編輯器都比較快,難怪Google會買下來。