Presence of wpa_supplicant

When developing (using) Wireless LAN products, wpa_supplicant is often used as a supplicant function.

In fact, the Qualcomm Wi-Fi product I work on uses wpa_supplicant as a reference.

If you search for the meaning of "supplicant", you will find "petitioner / supplicant" and so on. Literally wpa_supplicant is a “WPA certification petitioner”. In other words, it is software that requests connection from the client side to the AP (access point).

When providing product support for an environment that uses wpa_supplicant, there are often cases where connection is not possible due to wpa_supplicant settings.

So this time I will introduce how to use wpa_supplicant.

What is wpa_supplicant?

wpa_supplicant is free and open source software that provides IEEE802.1X/WPA supplicant functionality.

It supports various OSs and drivers, and the user interface also supports CUI/GUI.

It used to be a software package named wpa_supplicant, but now it's hostap and within that is the wpa_supplicant module.

* There is also a module called hostapd as an AP function.

About the Environment

This time, the environment to be used is a combination of Ubuntu16.04 + Kernel4.9.11 + QCA9377 (Qualcomm Wireless LAN product).

How to use wpa_supplicant

wpa_supplicant connects to AP by setting AP information inside.

As a connection flow,

1. Start wpa_supplicant

2. Registration of network block (AP information)

3. Run Scan

4. Connect to discovered AP

becomes.

wpa_supplicant can be operated with a user interface (CUI/GUI).

By writing network blocks in the wpa_supplicant.conf file in advance, it is possible to connect simply by starting wpa_supplicant, but by using the user interface, you can add network blocks, connect/disconnect, connect Dynamic processing such as switching destinations and connecting with WPS is also possible.

Start wpa_supplicant

First, prepare the wpa_supplicant configuration file.

This time, we will proceed while explaining the parameters to be set.

Below is the contents of the minimum required configuration file (wpa_supplicant.conf (any name)).

ctrl_interface=/var/run/wpa_supplicant　<=　ユーザーインターフェスのために使用するsocketの指定です。wpa_supplicant起動時の”C”オプションでも指定可能です。ない場合外部からのコントロールができません。 country=JP <=　設定されていない場合、意図しないカントリーコードの設定で動作してしまいます。

After creating wpa_supplicant.conf, load the driver and check the interface name.

You can find the interface name by checking the iwconfig results before and after loading the driver.

In the example below, wlan0 and p2p0 are created, but wlan0 is the interface name for client mode. p2p0 is for P2P mode.

Now that we know the interface name, start wpa_supplicant. (requires root privileges)

wpa_supplicant -iwlan0 -Dnl80211 -c/home/root/wpa_supplicant.conf -ddd

'i' option: interface name => wlan0

'D' option: Driver used => nl80211 (depending on the wireless LAN device used)

'c' option: config file path => /home/root/wpa_supplicant.conf

'd' option: change the log level. The default is ``MSG_INFO'' and the number is reduced by the number of 'd'. "-ddd" will make it "MSG_EXESSIVE".

MSG_EXCESSIVE < MSG_MSGDUMP < MSG_DEBUG < MSG_INFO < MSG_WARNING < MSG_ERROR

If "Successfully initialized wpa_supplicant" is displayed, the startup is successful.

test@test-ThinkPad-T430:~# iwconfig lo no wireless extensions. eth0 no wireless extensions. test@test-ThinkPad-T430:~# insmod wlan.ko test@test-ThinkPad-T430:~# iwconfig p2p0 Qcom:802.11n ESSID:off/any Nickname:"" Channel:0 Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power=off RTS thr:off Fragment thr:off Encryption key:off lo no wireless extensions. eth0 no wireless extensions. wlan0 Qcom:802.11n ESSID:off/any Nickname:"" Channel:0 Access Point: Not-Associated Bit Rate:0 kb/s Tx-Power=off RTS thr:off Fragment thr:off Encryption key:off test@test-ThinkPad-T430:~# wpa_supplicant -iwlan0 -Dnl80211 -c ~/wpa_supplicant.conf & test@test-ThinkPad-T430:~# Successfully initialized wpa_supplicant

Well, I tried to start it, but there are no entries other than ctrl_interface and country in the configuration file.

Now wpa_supplicant is just running.

Let's touch on various things from here.

Start wpa_cli

First, start CUI in interactive mode. (requires root privileges)

wpa_cli -iwlan0 -p /ver/run/wpa_supplicant

'i' option: interface name => wlan0

'p' option: control interface path => /var/run/wpa_supplicant (setting value of ctrl_interface described in wpa_supplicant.conf)

test@test-ThinkPad-T430:~# wpa_cli -iwlan0 -p/var/run/wpa_supplicant wpa_cli v2.10-devel-hostap_2_9-2307-g7b65003+ Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors This software may be distributed under the terms of the BSD license. See README for more details. Interactive mode >

Run a scan

Run a scan and view the scan results (list of found APs).

scan: Run a scan.

scan_results: Displays scan results.

> scan OK <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>CTRL-EVENT-NETWORK-NOT-FOUND > scan_results bssid / frequency / signal level / flags / ssid 11:22:33:44:55:66 5180 -39 [WPA-PSK-CCMP][WPA2-PSK-CCMP][WPS][ESS] test

Create a network block

Create network blocks based on scan results and AP configuration information.

add_network: Create an empty network block.

set_network <network ID> <parameter> <value>: Sets a parameter for a network block.

    parameter:

ssid: Enter the ssid of the AP enclosed in double quotes "".

psk: Enter the AP passphrase surrounded by double quotes "".

key_mgmt: Enter key management support. (NONE (open)/WPA-PSK/SAE, etc.)

list_networks: Displays registered network blocks.

save_config: Save registered network blocks to wpa_supplicant.conf. If you don't save, the network blocks you added will disappear when you exit wpa_supplicant.

> add_network 0 <3>CTRL-EVENT-NETWORK-ADDED 0　<=　作成したネットワークブロックにID=0が付与されました。以降このIDでネットワークブロックにアクセスします。 > set_network 0 ssid "test"　<=　ID=0のネットワークブロック対して、ssidを”test”に設定します。 OK > set_network 0 psk "12345678"　<=　ID=0のネットワークブロック対して、pskを”12345678”に設定します。 OK > set_network 0 key_mgmt WPA-PSK　<=　ID=0のネットワークブロック対して、key_mgmtをWPA-PSKに設定します。スキャン結果の[WPA-PSK-CCMP][WPA2-PSK-CCMP]よりWPA/WPA2対応APなのでWPA-PSKを設定します。protoでWPA（RSN）を指定するとWPA（RSN）で接続します。設定しない場合RSNを優先して設定します。 OK >save_config

When describing the network block in wpa_supplicant.conf, describe it as follows.

This is the network block created by the above command.

network={

ssid="test"

psk="12345678"

key_mgmt=WPA-PSK

}

By the way, parameters that are not in the above settings use default values or more secure ones that are supported.

example:

proto: RSN(WPA2) > WPA

pairwise chipher: CCMP > TKIP

group chipher: CCMP > TKIP

connection

Connect with the created network block.

The status of the network block is either enabled (nothing)/temporarily disabled ([TEMP-DISABLED])/disabled ([DISABLED])/selected state (CURRENT).

Each state:

Enabled (nothing): Connection target when the [CURRENT] network cannot be connected (cannot receive radio waves)

Temporarily disabled ([TEMP-DISABLED]): Retrying status due to connection failure due to incorrect password, etc.

Disabled ([DISABLED]): Unconnected target

Selection state (CURRENT): Connection target

If you just create a network block, it will be in the "DISABLED" state, so enable it and select it if necessary.

”enable_network <ID>”: Enable network block.

”select_network <ID>”: Select a network block.

未接続の場合 > list_networks　<=　ネットワークブロックの一覧を表示します。 network id / ssid / bssid / flags 0 test1 any [DISABLED] > enable_network 0　<=　作成したネットワークブロックを有効にします。 ＝＝＝＝＝＝　接続処理　＝＝＝＝＝ > list_networks network id / ssid / bssid / flags 0 test1 any [CURRENT]　<=　有効になった後接続処理が実行され選択状態になります。 既に他のAPへ接続積みの場合： > list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] 1 test2 any [CURRENT] > enable_network 0 > list_networks network id / ssid / bssid / flags 0 test1 any 1 test2 any [CURRENT]　<=　ID'0'は有効になるが接続先は変わらず > select_network 0　<=　選択先を'0'に変更します。 ＝＝＝＝＝＝　接続処理　＝＝＝＝＝ > list_networks network id / ssid / bssid / flags 0 test1 any [CURRENT]　<=　'0'が選択先になります。 1 test2 any [DISABLED]

disconnect/reconnect

To disconnect and reconnect, run the following command.

disconnect: Disconnect from connected AP. Network blocks are not deleted.

reconnect: Reconnect to an active network.

> list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] 1 test2 any [CURRENT] > disconnect <3>CTRL-EVENT-DISCONNECTED bssid=98:de:d0:af:9f:1d reason=3 locally_generated=1 > list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] 1 test2 any > reconnect OK <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE > wlan0: Trying to associate with SSID 'test2' <3>Trying to associate with SSID 'test2' > wlan0: Associated with 98:de:d0:af:9f:1d <3>Associated with 98:de:d0:af:9f:1d > wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > wlan0: WPA: Key negotiation completed with 98:de:d0:af:9f:1d [PTK=CCMP GTK=CCMP] wlan0: CTRL-EVENT-CONNECTED - Connection to 98:de:d0:af:9f:1d completed [id=1 id_str=] <3>WPA: Key negotiation completed with 98:de:d0:af:9f:1d [PTK=CCMP GTK=CCMP] <3>CTRL-EVENT-CONNECTED - Connection to 98:de:d0:af:9f:1d completed [id=1 id_str=] > list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] 1 test2 any [CURRENT] >

Delete network block

To remove the network block, run the following command.

remove_network <ID>

Remove network blocks after disconnecting.

> list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] 1 test2 any [CURRENT] > remove_network 1 <3>CTRL-EVENT-NETWORK-REMOVED 1 <3>CTRL-EVENT-DISCONNECTED bssid=98:de:d0:af:9f:1d reason=3 locally_generated=1 > list_networks network id / ssid / bssid / flags 0 test1 any [DISABLED] > save_config　<=　wpa_supplicantconfを更新します。

WPS connection

It is also possible to connect with WPS without creating a network block.

Here, I will describe the push button that is often used in APs.

wps_pbc: ANY connection using push button.

wps_pbc <bssid>: Use push button to connect to AP at <bssid>.

wps_cancel: Cancels WPS processing in progress.

> wps_pbc wlan0: WPS-PBC-ACTIVE OK <3>CTRL-EVENT-NETWORK-ADDED 1 <3>WPS-PBC-ACTIVE <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC > wlan0: Trying to associate with 98:de:d0:af:9f:1d (SSID='TP-LINK_9F1D_5G' freq=5200 MHz) <3>Trying to associate with 98:de:d0:af:9f:1d (SSID='TP-LINK_9F1D_5G' freq=5200 MHz) > wlan0: Associated with 98:de:d0:af:9f:1d wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>Associated with 98:de:d0:af:9f:1d <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started <3>CTRL-EVENT-EAP-STARTED EAP authentication started <3>CTRL-EVENT-EAP-STATUS status='started' parameter='' > wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1 wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected <3>CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=1 <3>CTRL-EVENT-EAP-STATUS status='accept proposed method' parameter='WSC' <3>CTRL-EVENT-EAP-METHOD EAP vendor 14122 method 1 (WSC) selected > wlan0: WPS-CRED-RECEIVED <3>WPS-CRED-RECEIVED > wlan0: WPS-SUCCESS <3>WPS-SUCCESS > wlan0: CTRL-EVENT-DISCONNECTED bssid=98:de:d0:af:9f:1d reason=8 <3>CTRL-EVENT-DISCONNECTED bssid=98:de:d0:af:9f:1d reason=8 > wlan0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD <3>CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD > wlan0: CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=JP <3>CTRL-EVENT-REGDOM-CHANGE init=USER type=COUNTRY alpha2=JP <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC <3>CTRL-EVENT-NETWORK-NOT-FOUND <3>CTRL-EVENT-SCAN-STARTED <3>CTRL-EVENT-SCAN-RESULTS <3>WPS-AP-AVAILABLE-PBC > wlan0: Trying to associate with SSID 'TP-LINK_9F1D_5G' <3>Trying to associate with SSID 'TP-LINK_9F1D_5G' > wlan0: Associated with 98:de:d0:af:9f:1d wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 <3>Associated with 98:de:d0:af:9f:1d <3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 > wlan0: WPA: Key negotiation compl[ 177.273055] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready eted with 98:de:d0:af:9f:1d [PTK=CCMP GTK=TKIP] wlan0: CTRL-EVENT-CONNECTED - Connection to 98:de:d0:af:9f:1d completed [id=1 id_str=] <3>WPA: Key negotiation completed with 98:de:d0:af:9f:1d [PTK=CCMP GTK=TKIP] <3>CTRL-EVENT-CONNECTED - Connection to 98:de:d0:af:9f:1d completed [id=1 id_str=] >

Summary

This time, I explained the basic usage of wpa_supplicant.

Next time, I will explain the basic usage of hostapd.

Qualcomm's Wi-Fi products support Linux + wpa_supplicant/hostapd as a reference. If you are interested in our products, please contact us using the form below.

Inquiry

If you have any questions about Qualcomm products, please contact us from the link below.