Download raw body.
Make ifconfig scan display wpa3
Hi,
The diff below makes ifconfig scan display wpa3. If WPA3 APs support
WPA3-Personal only mode, 'ifconfig scan' will mistakenly show all those as
wpa2 ones. Diff also adds SAE AKMP to define support for SAE.
If the suite type is set to 8, it indicates the use of SAE.
Index: sbin/ifconfig/ifconfig.c
===================================================================
RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
diff -u -p -u -p -r1.475 ifconfig.c
--- sbin/ifconfig/ifconfig.c 6 Jan 2025 17:49:29 -0000 1.475
+++ sbin/ifconfig/ifconfig.c 20 Mar 2025 09:01:27 -0000
@@ -727,6 +727,7 @@ void ieee80211_listnodes(void);
void ieee80211_printnode(struct ieee80211_nodereq *);
u_int getwpacipher(const char *);
void print_cipherset(u_int32_t);
+void print_rsnprotocol(u_int, u_int);
void spppauthinfo(struct sauthreq *, int);
void spppdnsinfo(struct sdnsreq *);
@@ -2398,6 +2399,22 @@ print_cipherset(u_int32_t cipherset)
}
}
+void
+print_rsnprotocol(u_int proto, u_int akm)
+{
+ if (proto & IEEE80211_WPA_PROTO_WPA2) {
+ if (akm & IEEE80211_WPA_AKM_SAE) {
+ if (akm == IEEE80211_WPA_AKM_SAE)
+ fputs(",wpa3", stdout);
+ else
+ fputs(",wpa3,wpa2", stdout);
+ } else
+ fputs(",wpa2", stdout);
+ }
+ if (proto & IEEE80211_WPA_PROTO_WPA1)
+ fputs(",wpa1", stdout);
+}
+
static void
print_assoc_failures(uint32_t assoc_fail)
{
@@ -2803,12 +2820,10 @@ ieee80211_printnode(struct ieee80211_nod
if (nr->nr_capinfo) {
printb_status(nr->nr_capinfo, IEEE80211_CAPINFO_BITS);
if (nr->nr_capinfo & IEEE80211_CAPINFO_PRIVACY) {
- if (nr->nr_rsnprotos) {
- if (nr->nr_rsnprotos & IEEE80211_WPA_PROTO_WPA2)
- fputs(",wpa2", stdout);
- if (nr->nr_rsnprotos & IEEE80211_WPA_PROTO_WPA1)
- fputs(",wpa1", stdout);
- } else
+ if (nr->nr_rsnprotos)
+ print_rsnprotocol(nr->nr_rsnprotos,
+ nr->nr_rsnakms);
+ else
fputs(",wep", stdout);
if (nr->nr_rsnakms & IEEE80211_WPA_AKM_8021X ||
Index: sys/net80211/ieee80211_crypto.h
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_crypto.h,v
diff -u -p -u -p -r1.27 ieee80211_crypto.h
--- sys/net80211/ieee80211_crypto.h 15 May 2020 14:21:09 -0000 1.27
+++ sys/net80211/ieee80211_crypto.h 20 Mar 2025 09:01:34 -0000
@@ -44,7 +44,8 @@ enum ieee80211_akm {
IEEE80211_AKM_8021X = 0x00000001,
IEEE80211_AKM_PSK = 0x00000002,
IEEE80211_AKM_SHA256_8021X = 0x00000004, /* 11w */
- IEEE80211_AKM_SHA256_PSK = 0x00000008 /* 11w */
+ IEEE80211_AKM_SHA256_PSK = 0x00000008, /* 11w */
+ IEEE80211_AKM_SAE = 0x00000010
};
#define IEEE80211_TKIP_HDRLEN 8
Index: sys/net80211/ieee80211_input.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
diff -u -p -u -p -r1.254 ieee80211_input.c
--- sys/net80211/ieee80211_input.c 23 May 2024 11:19:13 -0000 1.254
+++ sys/net80211/ieee80211_input.c 20 Mar 2025 09:01:34 -0000
@@ -1429,6 +1429,8 @@ ieee80211_parse_rsn_akm(const u_int8_t s
return IEEE80211_AKM_SHA256_8021X;
case 6: /* PSK with SHA256 KDF */
return IEEE80211_AKM_SHA256_PSK;
+ case 8: /* SAE */
+ return IEEE80211_AKM_SAE;
}
}
return IEEE80211_AKM_NONE; /* ignore unknown AKMs */
Index: sys/net80211/ieee80211_ioctl.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
diff -u -p -u -p -r1.81 ieee80211_ioctl.c
--- sys/net80211/ieee80211_ioctl.c 7 Mar 2022 08:13:13 -0000 1.81
+++ sys/net80211/ieee80211_ioctl.c 20 Mar 2025 09:01:34 -0000
@@ -126,6 +126,8 @@ ieee80211_node2req(struct ieee80211com *
nr->nr_rsnakms |= IEEE80211_WPA_AKM_SHA256_8021X;
if (ni->ni_supported_rsnakms & IEEE80211_AKM_SHA256_PSK)
nr->nr_rsnakms |= IEEE80211_WPA_AKM_SHA256_PSK;
+ if (ni->ni_supported_rsnakms & IEEE80211_AKM_SAE)
+ nr->nr_rsnakms |= IEEE80211_WPA_AKM_SAE;
/* Node flags */
nr->nr_flags = 0;
Index: sys/net80211/ieee80211_ioctl.h
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.h,v
diff -u -p -u -p -r1.43 ieee80211_ioctl.h
--- sys/net80211/ieee80211_ioctl.h 14 Mar 2022 15:07:24 -0000 1.43
+++ sys/net80211/ieee80211_ioctl.h 20 Mar 2025 09:01:34 -0000
@@ -237,6 +237,7 @@ struct ieee80211_wpapsk {
#define IEEE80211_WPA_AKM_8021X 0x02
#define IEEE80211_WPA_AKM_SHA256_PSK 0x04
#define IEEE80211_WPA_AKM_SHA256_8021X 0x08
+#define IEEE80211_WPA_AKM_SAE 0x10
struct ieee80211_wpaparams {
char i_name[IFNAMSIZ]; /* if_name, e.g. "wi0" */
Index: sys/net80211/ieee80211_node.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
diff -u -p -u -p -r1.199 ieee80211_node.c
--- sys/net80211/ieee80211_node.c 4 Sep 2024 07:54:52 -0000 1.199
+++ sys/net80211/ieee80211_node.c 20 Mar 2025 09:01:34 -0000
@@ -295,6 +295,8 @@ ieee80211_ess_setwpaparms(struct ieee802
ess->rsnakms |= IEEE80211_AKM_8021X;
if (wpa->i_akms & IEEE80211_WPA_AKM_SHA256_8021X)
ess->rsnakms |= IEEE80211_AKM_SHA256_8021X;
+ if (wpa->i_akms & IEEE80211_WPA_AKM_SAE)
+ ess->rsnakms |= IEEE80211_AKM_SAE;
if (ess->rsnakms == 0) /* set to default (PSK) */
ess->rsnakms = IEEE80211_AKM_PSK;
Make ifconfig scan display wpa3