Wireless networks are based on the IEEE 802.11 standards. A basic wireless network consists of multiple stations communicating with radios that broadcast in either the 2.4GHz or 5GHz band (though this varies according to the locale and is also changing to enable communication in the 2.3Ghz and 4.9Ghz ranges).
802.11 networks are organized in two ways: in a BSS one station acts as a master with all the other stations associating to it; this is termed infrastructure mode and the master station is termed an access point (AP). In BSS mode all communication passes through the AP; even when one station wants to communicate with another wireless station messages must go through the AP. In the second form of network there is no master and stations communicate directly. This form of network is termed an IBSS and is commonly know as an adhoc network.
802.11 networks were first created in the 2.4GHz band using protocols defined by the IEEE 802.11b standard. These specifications include the operating frequencies, MAC layer characteristics including framing and transmission rates (communication can be done at various rates). Later the 802.11a standard defined operation in the 5GHz band, including different signalling mechanisms and higher transmission rates. Still later the 802.11g standard was defined to enable use of 802.11a signalling and transmission mechanisms in the 2.4GHz band in such a way as to be backwards compatible with 802.11b networks.
Separate from the underlying transmission techniques 802.11 networks have a variety of security mechanisms. The original 802.11 specifications defined a simple security protocol called WEP. This protocol uses a fixed pre-shared key and the RC4 cryptographic cipher to encode data transmitted on a network. Stations must all agree on the identity of the fixed key in order to communmicate. This scheme was shown to be easily broken and is now rarely used except to discourage transient users from joining networks. Current security practice is given by the IEEE 802.11i specification which defines new cryptographic ciphers and an additional protocol to authenticate stations to an access point and exchange keys for doing data communication. Further, cryptographic keys are periodically refreshed and there are mechanisms for detecting intrusion attempts (and for countering intrusion attempts). Another security protocol specification commonly used in wireless networks is termed WPA. This was a precursor to 802.11i defined by an industry group as an interim measure while waiting for 802.11i to be ratified. WPA specifies a subset of the requirements found in 802.11i and is designed for implementation on legacy hardware. Specifically WPA defines the TKIP protocol that is derived from the original WEP protocol. 802.11i permits use of TKIP but most stations will instead use the AES cipher for encrypting data; a cipher that is too computationally costly to be implemented on legacy hardware.
Other than the above protocol standards the other important standard to be aware of is 802.11e. This defines protocols for deploying multi-media applications such as streaming video and voice over IP (VoIP) in an 802.11 network. Like 802.11i, 802.11e also has a precursor specification termed WME (and now WMM) that has been defined by an industry group as a subset of 802.11e that can be implemented now to enable multi-media applications while waiting for the final ratification of 802.11e. The most important thing to understand about 802.11e and WME/WMM is that it enables prioritized traffic use of a wireless network through Quality of Service (QoS) protocols and enhanced media access protocols. Proper implementation of these protocols enable high speed bursting of data and prioritized traffic flow.
FreeBSD 6.0 supports networks that operate using 802.11a, 80.211b, and 802.11g. The WPA and 802.11i security protocols are likewise supported (in conjunction with any of 11a, 11b, and 11g) and QoS and traffic prioritization required by the WME/WMM protocols are supported for a limited set of wireless devices.
2 Basic setup
2.1 Kernel config
To use wireless networking you need a wireless networking card and to configure the kernel with the appropriate wireless networking support. The latter is separated into multiple modules so that you need only configure the software you are actually going to use.
The first thing you need is a wireless device. The most commonly used devices are those that use parts made by Atheros. These devices are supported by the ath driver and require the following modules:
device ath # Atheros IEEE 802.11 wireless network driver
device ath_hal # Atheros Hardware Access Layer
device ath_rate_sample # John Bicket's SampleRate control algorithm.
The Atheros driver is split up into three separate pieces: the driver proper (ath), the hardware support layer that handles chip-specific functions (ath_hal), and an algorithm for selecting which of several possible rates for transmitting frames (ath_rate_sample here). If instead of an Atheros device you had another device you would select the module for that device; e.g.
device wi
for devices based on the Intersil Prism parts.
With a device driver configured you need to also bring in the 802.11 networking support required by the driver. For the ath driver this is at least the wlan module:
device wlan # 802.11 support (Required)
Past this you will need the modules that implement cryptographic suport for the security protocols you intend to use. These are intended to be dynanmically loaded on demand by the wlan module but for now they must be statically configured. The following modules are available:
device wlan_wep # WEP crypto support for 802.11 devices
device wlan_ccmp # AES-CCMP crypto support for 802.11 devices
device wlan_tkip # TKIP and Michael crypto support for 802.11 devices
wlan_ccmp and wlan_tkip are only needed if you intend to use the WPA and/or 802.11i security protocols. If your network is to run totally open (i.e. with no encryption) then you don't even need the wlan_wep support.
Aside from the above modules there are two other modules that are needed only if you intend to operate an access point (AP) and plan to enable WPA/802.11i/802.1x. The wlan_xauth module is used to construct an authenticator based on the hostapd program; it delegates authentication requests for stations associating to an access point to an external agent (hostapd in this case). The wlan_acl module implements an access control mechanism whereby an AP can restrict the stations that associate based on their MAC address. Like WEP this is provided to discourage casual users from joining a network; in practice it provides little true security to a wireless network. In summary you might add one or both of the following to your configuration if you plan to build an access point:
No comments:
Post a Comment