Download raw body.
Make ifconfig scan display wpa3
On Fri, 21 Mar 2025 02:39:50 +0100,
Kevin Lo <kevlo@kevlo.org> wrote:
>
> Hi,
>
> The diff below makes ifconfig scan display wpa3. If WPA3 APs support
> WPA3-Personal only mode, 'ifconfig scan' will mistakenly show all those as
> wpa2 ones. Diff also adds SAE AKMP to define support for SAE.
> If the suite type is set to 8, it indicates the use of SAE.
>
Tested against WPA2, WPA2/WPA3 and WPA3 network based on unifi solution, and
WPA2/WPA3 network from FRITZ!Box.
Works well.
> Index: sbin/ifconfig/ifconfig.c
> ===================================================================
> RCS file: /cvs/src/sbin/ifconfig/ifconfig.c,v
> diff -u -p -u -p -r1.475 ifconfig.c
> --- sbin/ifconfig/ifconfig.c 6 Jan 2025 17:49:29 -0000 1.475
> +++ sbin/ifconfig/ifconfig.c 20 Mar 2025 09:01:27 -0000
> @@ -727,6 +727,7 @@ void ieee80211_listnodes(void);
> void ieee80211_printnode(struct ieee80211_nodereq *);
> u_int getwpacipher(const char *);
> void print_cipherset(u_int32_t);
> +void print_rsnprotocol(u_int, u_int);
>
> void spppauthinfo(struct sauthreq *, int);
> void spppdnsinfo(struct sdnsreq *);
> @@ -2398,6 +2399,22 @@ print_cipherset(u_int32_t cipherset)
> }
> }
>
> +void
> +print_rsnprotocol(u_int proto, u_int akm)
> +{
> + if (proto & IEEE80211_WPA_PROTO_WPA2) {
> + if (akm & IEEE80211_WPA_AKM_SAE) {
> + if (akm == IEEE80211_WPA_AKM_SAE)
> + fputs(",wpa3", stdout);
> + else
> + fputs(",wpa3,wpa2", stdout);
> + } else
> + fputs(",wpa2", stdout);
> + }
> + if (proto & IEEE80211_WPA_PROTO_WPA1)
> + fputs(",wpa1", stdout);
> +}
> +
> static void
> print_assoc_failures(uint32_t assoc_fail)
> {
> @@ -2803,12 +2820,10 @@ ieee80211_printnode(struct ieee80211_nod
> if (nr->nr_capinfo) {
> printb_status(nr->nr_capinfo, IEEE80211_CAPINFO_BITS);
> if (nr->nr_capinfo & IEEE80211_CAPINFO_PRIVACY) {
> - if (nr->nr_rsnprotos) {
> - if (nr->nr_rsnprotos & IEEE80211_WPA_PROTO_WPA2)
> - fputs(",wpa2", stdout);
> - if (nr->nr_rsnprotos & IEEE80211_WPA_PROTO_WPA1)
> - fputs(",wpa1", stdout);
> - } else
> + if (nr->nr_rsnprotos)
> + print_rsnprotocol(nr->nr_rsnprotos,
> + nr->nr_rsnakms);
> + else
> fputs(",wep", stdout);
>
> if (nr->nr_rsnakms & IEEE80211_WPA_AKM_8021X ||
> Index: sys/net80211/ieee80211_crypto.h
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_crypto.h,v
> diff -u -p -u -p -r1.27 ieee80211_crypto.h
> --- sys/net80211/ieee80211_crypto.h 15 May 2020 14:21:09 -0000 1.27
> +++ sys/net80211/ieee80211_crypto.h 20 Mar 2025 09:01:34 -0000
> @@ -44,7 +44,8 @@ enum ieee80211_akm {
> IEEE80211_AKM_8021X = 0x00000001,
> IEEE80211_AKM_PSK = 0x00000002,
> IEEE80211_AKM_SHA256_8021X = 0x00000004, /* 11w */
> - IEEE80211_AKM_SHA256_PSK = 0x00000008 /* 11w */
> + IEEE80211_AKM_SHA256_PSK = 0x00000008, /* 11w */
> + IEEE80211_AKM_SAE = 0x00000010
> };
>
> #define IEEE80211_TKIP_HDRLEN 8
> Index: sys/net80211/ieee80211_input.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_input.c,v
> diff -u -p -u -p -r1.254 ieee80211_input.c
> --- sys/net80211/ieee80211_input.c 23 May 2024 11:19:13 -0000 1.254
> +++ sys/net80211/ieee80211_input.c 20 Mar 2025 09:01:34 -0000
> @@ -1429,6 +1429,8 @@ ieee80211_parse_rsn_akm(const u_int8_t s
> return IEEE80211_AKM_SHA256_8021X;
> case 6: /* PSK with SHA256 KDF */
> return IEEE80211_AKM_SHA256_PSK;
> + case 8: /* SAE */
> + return IEEE80211_AKM_SAE;
> }
> }
> return IEEE80211_AKM_NONE; /* ignore unknown AKMs */
> Index: sys/net80211/ieee80211_ioctl.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.c,v
> diff -u -p -u -p -r1.81 ieee80211_ioctl.c
> --- sys/net80211/ieee80211_ioctl.c 7 Mar 2022 08:13:13 -0000 1.81
> +++ sys/net80211/ieee80211_ioctl.c 20 Mar 2025 09:01:34 -0000
> @@ -126,6 +126,8 @@ ieee80211_node2req(struct ieee80211com *
> nr->nr_rsnakms |= IEEE80211_WPA_AKM_SHA256_8021X;
> if (ni->ni_supported_rsnakms & IEEE80211_AKM_SHA256_PSK)
> nr->nr_rsnakms |= IEEE80211_WPA_AKM_SHA256_PSK;
> + if (ni->ni_supported_rsnakms & IEEE80211_AKM_SAE)
> + nr->nr_rsnakms |= IEEE80211_WPA_AKM_SAE;
>
> /* Node flags */
> nr->nr_flags = 0;
> Index: sys/net80211/ieee80211_ioctl.h
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_ioctl.h,v
> diff -u -p -u -p -r1.43 ieee80211_ioctl.h
> --- sys/net80211/ieee80211_ioctl.h 14 Mar 2022 15:07:24 -0000 1.43
> +++ sys/net80211/ieee80211_ioctl.h 20 Mar 2025 09:01:34 -0000
> @@ -237,6 +237,7 @@ struct ieee80211_wpapsk {
> #define IEEE80211_WPA_AKM_8021X 0x02
> #define IEEE80211_WPA_AKM_SHA256_PSK 0x04
> #define IEEE80211_WPA_AKM_SHA256_8021X 0x08
> +#define IEEE80211_WPA_AKM_SAE 0x10
>
> struct ieee80211_wpaparams {
> char i_name[IFNAMSIZ]; /* if_name, e.g. "wi0" */
> Index: sys/net80211/ieee80211_node.c
> ===================================================================
> RCS file: /cvs/src/sys/net80211/ieee80211_node.c,v
> diff -u -p -u -p -r1.199 ieee80211_node.c
> --- sys/net80211/ieee80211_node.c 4 Sep 2024 07:54:52 -0000 1.199
> +++ sys/net80211/ieee80211_node.c 20 Mar 2025 09:01:34 -0000
> @@ -295,6 +295,8 @@ ieee80211_ess_setwpaparms(struct ieee802
> ess->rsnakms |= IEEE80211_AKM_8021X;
> if (wpa->i_akms & IEEE80211_WPA_AKM_SHA256_8021X)
> ess->rsnakms |= IEEE80211_AKM_SHA256_8021X;
> + if (wpa->i_akms & IEEE80211_WPA_AKM_SAE)
> + ess->rsnakms |= IEEE80211_AKM_SAE;
> if (ess->rsnakms == 0) /* set to default (PSK) */
> ess->rsnakms = IEEE80211_AKM_PSK;
>
--
wbr, Kirill
Make ifconfig scan display wpa3