个人工具

Quick HOWTO : Ch13 : Linux Wireless Networking/zh

来自Ubuntu中文

跳转至: 导航, 搜索


目录

简介

我的第一台Linux网络服务器是一台从二手市场买来的古老的、报废的台式电脑。他很便宜还能工作,但是很丑并且有噪音,吵得我都不能容受。我在这个老东西上面花了多于我该花的钱,使它能够在我寝室外面有DSL连接的地方上网。回想一下,做这些确实对我是个挑战,也由于我在有时在犯傻。我以前以为 Linux无线上网会很容易,但是那时不是很容易。我对它很头痛以至于我想起我的初次的网页之一就是关于我的一些噩梦,警告人们怎么去正确的做。这就是 www.linuxhomenetworking.com诞生的过程。这是关于怎么开始的章节。

无线网络用802.11标准有很多的优势,不仅仅是我提到的审美方面的。硬件一般是能够得到,无线网络提供相对容易且价格低的部署,而且安全也不断的提高。在考虑使你的Linux服务器能无线上网之前,确定你购买的NIC是Linux兼容的。而且你要决定你准备用的无线Linux包:Linux- WLAN或Wireless Tools 。Wireless Tools更方便使用因为它需要比较少的设置步骤,并且在你每次更新你的内核时不需要重装PRM包。如果这看起来比较令人迷惑,不要担心,我会待会儿介绍这些。

Linux 无线兼容网卡

不是所有的NIC无线卡都能在Linux上运行。由于这个原因,你就得做些作业了。你能在流行的搜索引擎上找到最新的兼容Wireless Tools硬件表。至于Linux-WLAN,请到www.linux-wlan.org上找最新的硬件兼容表。

无线网络NIC制造商因零件的价格的改变而改变他们卡上的芯片组,这使得他们臭名昭着。然后他们为每个不同的新卡提供不同的驱动。到相同的制造商买到不同的电路结构却有相同的模型号码是不可能的。频繁的linux无线新卡驱动是没有的,请在购买无线硬件的时候总是核对兼容表。

Linksys WMP11无线网卡是个好的例子,这种卡的原始的版本使用的是可以在Linux上运行的Intersill Prisim 芯片组,但是新的2.7版(Broadcom 芯片组)和版本4(InProComm 芯片组)却不能运行。即便是这样,原始的WMP如果不更新固件也不能运行。

最近几年在Linux上用Windows的驱动成为了可能。具体的细节将会在题为"设置linux兼容无线NIC"上讨论。这些方法需要理解前面一提到的Wireless Tools,但首先,为了提供一点背景,我们的提一下无线网络基础。

注意:请不要搞错了,你的Linux系统能检测到你的NIC不意味着它就兼容。所以请核对linux的硬件兼容表,这样你就能知道怎样进行下去。

无线网络中的常用术语

如果我们说着同一种语言,学习linux的无线网络系统的细节将会更容易。在开始学习前,请先来熟悉三个重要的无线技术术语:无线接入点,服务区域名称,共享密钥。现在就熟识它们,因为它们将出现在整篇文章中。

无线接入点

无线接入点(WAP)是一个为所以中心数据起着中心集线器作用的装置。在多数的普通的模式中(基础模式),所以的无线服务器通过WAP和其他的服务器通讯,WAP通常连接到一个普通的外部或内部的路由器于Internet通讯。因此WAP类似于有线网络的交换机。

如果服务器的NIC配置为Ad-hoc模式它们能够不通过WAP而相互通讯,但是,他们就不能通过其他的途径通讯。因此,你的网络需要一个WAP


加密技术

     加密技术是一种给数据加密的方法,这样只有拥有密钥的才能对已加密的数据进行解密,从而看到原始数据。可以想到,你对你所有的网络服务需要用同样的加密方法来使你的通讯能成功进行。

有线等效加密

第一种被广泛应用于家庭和公司中的无线网络的数据加密方案是有线等效加密(WEP)。这个加密方案的一个瑕疵很快就被发现。人们可以随意地获得像“WEP打击者”和“aircrack-ng”那样的工具,在几分钟内就可破解有线等效加密方案中的密钥。


Wi-Fi Protected Access

更新的 Wi-Fi Protected Access (WPA) 安全方案克服了WEP的许多缺点. WPA有几种不同的模式:

  • 预共享密钥 (PSK) 或个人模式
整个无线网络的设备都使用同一个配置好的常规密钥。
  • 企业模式

在很多可用的方案中,一般同时使用认证和加密两种方案。

一个常用认证方法是扩展认证协议: Extensible Authentication Protocol (EAP)。 EAP 一般依赖于用户的 LDAP或者登录计算机所使用的有效用户名及密码来连接无线网络。 方案对用户来说是透明的。一旦用户登录他们的系统,EAP会自动在后台运行。
EAP 经常和加密方案结合在一起来提供附加的更强安全性,比如TLS(传输层加密,它被视为SSL的继任者)和TKIP(临时密码完整协议,一个快速生成新密码的方案)方案。

注意: 最好在激活附加安全性前使用非加密方式测试网络。这样可以让你在遇到网络问题时只局限于检查基本的网络配置,避免涉及检查更多的加密设置。

加密

加密是一种数据编码方式,这样只有持有密钥的用户才能解密而看到原始的数据。当然,为了能够成功的通讯你们需要在所有的装置上使用相同的加密方式。

Wired Equivalent Privacy

第一个在家庭/公司环境用的加密模式是Wire Euivalent Privacy(WEP)。其中的数据流能够很快的解密,一些免费获得的工具例如"WEP crack"和aircrack-ng能够在数分钟内取得WEP密钥。

Wi-Fi Protected Access

较新的Wi-Fi Protected Access(WPA)克服了WEP的一些安全方面的缺点,他有一些模式。

Pre Shared Key(PSK) 或Personal模式

在所以的装置上使用手工设置的密钥。

 Enterprise模式

 在很多可供选择的方法中同时用认证和加密方法。

 一种普通的认证方式是可扩展的认证协议(EAP),EAP通常依靠用户的LDAP或进入他们电脑的Active Directory用户名和密码来认证他们十分能接入网络,只有你一登入计算机,EAP就能自动的在后台引用。

EAP常常结合如TLS和TKIP等加密方法一起使用增加安全性。

注意:最好在没有网络加密的情况下测试网络,这样,能够把故障排除的工作限制在一个基础的范围内,而没有加密程序的干扰。

Linux的无线网络工具

Linux的大多数被802.11a/b需要的工具包已经被默认安装,它的主要优点是你不必像 Linux-WLAN 那样,在每次升级内核后都要重新安装。

用iwconfig配置wireless-tools

安装上linux兼容的NIC后,在用Wireless Tools前你需要配置你的NIC的IP和一下无线设定。

你能像配置一般的以太网一样配置你的NIC的ip,用ifup命令启动NIC之后,他还不能正确的发挥功效,因为无线设定还没有配置好。

在Wireless Tolols中最常用的命令是iwconfig,用它可以配置多数的无线参数,包括SSID和无线模式。至于无线模式,Managed意思是在网络上有一个无线接入点(WAP),而Ad-hoc意味着没有。

例如,你的无线网卡名为eth0,用managed模式,ESSID是homenet,那么你的命令就会是:

iwconfig eth0 mode Managed
iwconfig eth0 essid homenet

你的NIC将会充分的发挥功效,每次你用ifup命令时你都要运行这些命令,忘记这些命令就会出现些错误。下个阶段就会说明怎么一劳永逸的设置改变。

长期的无线工具的配置

After testing your ad-hoc configuration, you will need to make the changes permanent. The methods for doing this vary slightly by distribution.

Fedora / RedHat

With Fedora / RedHat, wireless configuration will require some additional statements in your NIC configuration files.

1. Configure your /etc/sysconfig/network-scripts/ifcfg-eth0 file normally as if it were a regular Ethernet NIC.

DHCP Version           Fixed IP Version
============          =================
 
DEVICE=eth0           DEVICE=eth0
USERCTL=yes           IPADDR=192.168.1.100
ONBOOT=yes            NETMASK=255.255.255.0
BOOTPROTO=dhcp        ONBOOT=yes
                      BOOTPROTO=static

2. Add the following statements to the end to specify that the NIC is wireless; provide the ESSID to use (in this case homenet), and choose Managed (a WAP on present of the network) or Ad-hoc (no WAP) for the wireless mode. "Managed" is the most likely setting if you have a wireless router or WAP on your network.

If you are using a 802.11g wireless router and NIC, you can specify the higher speed 54Mbps maximum data rate this protocol provides, if not, the NIC will default to the 11 Mbps maximum rate of slower protocols. The NIC will automatically negotiate the protocol type with the WAP. You just need to set the maximum rate.

#
# Wireless configuration
#
TYPE=Wireless
MODE=Managed
ESSID=homenet
RATE=54Mb/s


These commands need only be on the main interface file. They are not needed for IP aliases. Your wireless NIC should function as if it were a regular Ethernet NIC using the ifup and ifdown commands.

Debian / Ubuntu

In Debian / Ubuntu systems configuration requires the addition of a valid wireless-essid parameter to the /etc/network/interfaces file.

#
# File: /etc/network/interfaces
#

# The primary network interface
auto eth1
iface eth1 inet static
        address 192.168.1.100
        netmask 255.255.255.0
        wireless-essid homenet

auto eth0
iface eth0 inet dhcp
        wireless-essid jamrock

In this example interface eth1 uses an ESSID of homenet while interface eth0 uses an ESSID of jamrock.

WEP Encryption Configuration

Linux supports both the WEP and WPA encryption schemes. Here's how you can configure them on your system.

WEP Encryption Configuration

Linux supports both the WEP and WPA encryption schemes. Here's how you can configure them on your system.

WEP Key Generation

WEP encryption requires an encryption key that you can make up yourself or you can generate a random one using the dd command as shown here.

[[email protected] tmp]# dd if=/dev/random bs=1 count=5 2>/dev/null | xxd -ps
c276246d65
[[email protected] tmp]#

By default, Linux WEP uses a 40 bit key formatted in hexadecimal notation, ie. numeric values between 0 and 9 and alphabetic characters between A and F. This requires you to use a byte count of 5, which will generate a key containing twice as many (ten) hexadecimal characters. Table 13.1 shows the byte counts required for generating keys of varying lengths, and the corresponding number of hexadecimal characters to expect in the key.

Table 13-1 Byte Count to WEP Key Length Conversion
Key Length (Bits) Byte Count Hexadecimal Character Count
40 5 10
64 8 16
104 13 26
128 16 32
152 19 28
232 29 58
256 32 64

If you decide to make up your own key, then remember to use the correct number of hexadecimal numbers.

Fedora/RedHat中设置WEP密钥

下列命令会把你的WEP密钥临时的加入你的NIC设置中,确认在密钥的字体中没有冒号和任何其他的非十六进制字体,应该共有十个字体:

iwconfig eth0 key 967136deac

相同的规则(在十个字体中无冒号和任何非十六进制字体)也被应用到添加密钥到/etc/sysconfig/network-scripts时:

#
# File: ifcfg-eth0
#

DEVICE=eth0
IPADDR=192.168.1.100
NETMASK=255.255.255.0
ONBOOT=yes
BOOTPROTO=static
TYPE=Wireless
MODE=Managed
ESSID=homenet
KEY=967136deac



注意: 在新版本的Fedora中仅仅支持在/etc/sysconfig/network-scripts目录中使用密钥,文件格式和老版本的设置文件中相同。记住,KEY语句在设置文件将不会被支持。

#
# File: /etc/sysconfig/network-scripts/keys-eth0
#
KEY=967136deac

Debian / Ubuntu中设置WEP密钥

在Debian/Ubuntu系统中,需要在/etc/network/interfaces文件中加入一个合法的wireless-key参数,和wireless-essid在一起

#
# File: /etc/network/interfaces
#

# The primary network interface
auto eth1
iface eth1 inet static
 address 192.168.1.100
 netmask 255.255.255.0
 wireless-key 967136deac
 wireless-essid homenet

在此例中,曾被用的WEP密钥967136deac和ESSID homenet将会在每次无线网卡激活的时候使用。

WPA 加密

Linux 上的WAP依赖一个请求守护程序,此程序代表操作系统请求进入验证和执行数据加密,他独立于网络守护进程,对于WPA,网络甚至都不设置加密。

  安装WPA Supplicant

安装本身很简单,安装wpa_supplicant RPM 或 wpa_supplicant DEB包就行了, Chapter 6, "Installing Linux Software",涉及了做法的细节

wpa_supplicant.conf文件

主要的WPA Supplicant设置文件是/etc/wpa_supplicant/wpa_supplicant.conf,在man页的帮助下,它的设置很好编辑

[[email protected] tmp]# man wpa_supplicant.conf

注意: 在Debian/Ubuntu中,此文件不会在安装的时候产生,你需要象这样手动的产生:


[email protected]:/tmp# mkdir -p /etc/wpa_supplicant


[email protected]:/tmp# vi /etc/wpa_supplicant/wpa_supplicant.conf

此章仅针对简单的PSK WPA方法,其他的方法超出了本书的范围。

在此例中,我们已经设置SSID为homenet,正在用密钥为"ketchup_and_mustard"的WPA-PSK加密


#


File: wpa_supplicant.conf ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=root network={ ssid="homenet" key_mgmt=WPA-PSK psk="ketchup_and_mustard" }

如果你担心别人能读懂你的wpa_supplicant.conf文件,那么用wpa_passphrase命令产生一个简单的配置加密PSK,它需要SSID和不被加密的密钥作为参数,此例中,我们看到未加密的字符串 psk="ketchup_and_mustard"被等效的不用引号的被加密的字符串替换。


[[email protected] tmp]# wpa_passphrase homenet ketchup_and_mustard


network={ ssid="homenet"

  1. psk="ketchup_and_mustard"

psk=aeaa365d1703f88afc11715cd997b71038ce5798907510bd1b1c6786d33c8c3a } [[email protected] tmp]#

注意: 唯一一处需要被确定的加密密钥在WPA文件中。

=

    

==

 

进一步WPA设置  - Fedora / RedHat ===
==


          WPA Supplicant也需要依赖文件 /etc/sysconfig/wpa_sypplicant 来决定用哪个网卡和哪个驱动来做这些事情 


在此例中,WPA需要用于网卡eth0并用默认的"wext"驱动。

  1. <pre>#File: /etc/sysconfig/wpa_supplicant
INTERFACES="-ieth0"
DRIVERS="-Dwext"</pre>


此为对网卡wlan0用ndiswrapper驱动配置。

  1. <pre>#File: /etc/sysconfig/wpa_supplicant

INTERFACES="-iwlan0" DRIVERS="-Dndiswrapper"</pre>

从wpa_supplicant得man文件中能够获得更多得帮助。


[[email protected] tmp]# man wpa_supplicant


当你完成编辑将要使之激活的文件後,要立即启动WPA Supplicant守护进程;
                 记得用chkconfig命令也能使之一直处于激活状态。


[[email protected] tmp]# service wpa_supplicant restart


[[email protected] tmp]# chkconfig wpa_supplicant on 

最后,设置你的NIC为无线,但是不需SSID和密钥,因为这些信息将会由WPA supplicant提供。


File: /etc/sysconfig/network-scripts/ifcfg-eth0


DEVICE=eth0 IPADDR=192.168.1.100 NETMASK=255.255.255.0 ONBOOT=yes TYPE=Wireless MODE=Managed

Please refer to the troubleshooting section of this chapter to resolve any problems you may encounter.

参考这一章得trubleshooting节解决你所遇到的问题

Further WPA Configuration Steps - Debian / Ubuntu

WPA supplicant can be invoked from the command line. In Debian / Ubuntu systems the /etc/network/interfaces file needs to be modified to include a pre-up parameter with a valid WPA supplicant command set following it. In this example the /etc/wpa_supplicant/wpa_supplicant.conf file is referenced using the "-c" option, and the desired interface is defined using the "-i" option. The post-down parameter is then used to define the command to terminate wpa_supplicant daemon when the eth1 interface is shut down.

#
  1. File: /etc/network/interfaces
  1. The primary network interface

auto eth1 iface eth1 inet static

address 192.168.1.100
netmask 255.255.255.0
wireless-essid homenet
pre-up wpa_supplicant -Bw -Dwext -ieth1 -c/etc/wpa_supplicant/wpa_supplicant.conf
post-down killall -q wpa_supplicant

Please refer to the troubleshooting section of this chapter to resolve any problems you may encounter.

配置Linux不兼容的无线 NIC

Not all wireless cards work with Linux, especially the newer 54 Mbps 802.11g/n cards models. Fortunately there are a number of ways to overcome this apparent limitation. This will be covered next.

用bcm43xx-fwcutter于Broadcom无线芯片

近些年,无线芯片厂商已经偏离了以前的为特定的无线应用程序而设计、定制的方式,开始生产适合不同目的能够适用于不同的传输协议的芯片,一些厂商认为固件工作的知识能够揭示他们芯片的性质,竞争对手会用这个与之竞争。这些就阻碍了一些于开源社区贡献工作的行为。

尽管如此,开源社区还是保留和或设法从一些无线芯片的工程师获得固件,或从一些愿意的厂商那里获得固件,并将其打包作为Linux标准发行版的一部分,当前Linux对Broadcom 4301 的支持就是依靠前一种方法。


Note: The reliability of fwcutter and the Broadcom can be sporadic with the driver working for only a few hours after installation, or even not at all.    如果这个指导失败了,请尝试我们稍后设计的 ndiswrapper。

分辨你是否有 Broadcom 43XX 芯片组

你可以用lspci来分辨你正在用的NIC的芯片组的类型

[[email protected] tmp]# lspci
...
...
01:07.0 Network controller: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev 02)
[[email protected] tmp]#

安装 Broadcom 43XX 固件

固件的安装并不复杂,以下就是做法

1. 安装bcm43xx-fwcutter 包, 用yum or apt 工具. 如果你需要更新, Chapter 6, "Installing RPM Software", 涉及这方面的细节.

如果你不能接入Internet,你可以用其他可以接入的电脑上下载bcm43xx-fwcutter包。幸运的是,此包是Fedora发行版的一部分,但是它被认为是"extra"部分,所以默认没有被安装,可以在/etc/yum.repos.d 的目录里的 .repo 文件里找到 "extra" 的URL的参考信息。在这里我们可以在 http://download.fedora.redhat.com/pub/fedora/linux/extras 里下载 "extra"包。

[[email protected] tmp]# ls /etc/yum.repos.d/
fedora-core.repo fedora- updates.repo
fedora-development.repo fedora-extras.repo 
[[email protected] tmp]# cat /etc/yum.repos.d/fedora-extras.repo 
[extras]
name=Fedora Extras $releasever - $basearch
baseurl=http://download.fedora.redhat.com/pub/fedora/linux/extras/$releasever/$basearch/
...
[[email protected] tmp]#

下载后,把它复制到无线Linux文件夹里,用 rpm 命令安装之。

2.复制 Windows NIC 驱动到Linux ,他们应该被放在你CD的"drivers"目录里或下载的ZIP文件里,此驱动应被称为“bcmwl5a.sys“。

 此例中,我们把文件复制到 /tmp/fwcuuter/ 目录中

[[email protected] tmp]# ls /tmp/fwcutter/
bcmwl5a.sys bcmwl5.sys WMP54GSa.inf WMP54GS.cat WMP54GS.inf
[[email protected] tmp]#

3.用 -w 选项告诉 bcm43xx-fwcutter 命令提取(extract)固件到 /lib/firmware 目录中,记得要在命令的末尾写明驱动文件名。

[[email protected] tmp]# bcm43xx-fwcutter -w /lib/firmware /tmp/fwcutter/bcmwl5a.sys
bcm43xx-fwcutter can cut the firmware out of bcmwl5.sys
 
 filename  : bcmwl5a.sys
 version  : 3.90.16.0
 MD5  : e6d927deea6c75bddf84080e6c3837b7
 microcodes : 2 4 5 
 pcms  : 4 5 

 microcode  : 2
 revision  : 0x0122
 patchlevel : 0x0098
 date  : 2004-11-16
 time  : 07:21:20

 microcode  : 4
 revision  : 0x0122
 patchlevel : 0x0098
 date  : 2004-11-16
 time  : 07:21:20

 microcode  : 5
 revision  : 0x0122
 patchlevel : 0x0098
 date  : 2004-11-16
 time  : 07:21:20

extracting bcm43xx_microcode2.fw ...
extracting bcm43xx_microcode4.fw ...
extracting bcm43xx_microcode5.fw ...
extracting bcm43xx_pcm4.fw ...
extracting bcm43xx_pcm5.fw ...
extracting bcm43xx_initval01.fw ...
extracting bcm43xx_initval02.fw ...
extracting bcm43xx_initval03.fw ...
extracting bcm43xx_initval04.fw ...
extracting bcm43xx_initval05.fw ...
extracting bcm43xx_initval06.fw ...
extracting bcm43xx_initval07.fw ...
extracting bcm43xx_initval08.fw ...
extracting bcm43xx_initval09.fw ...
extracting bcm43xx_initval10.fw ...
...
...
[[email protected] tmp]#

Note: 如果你看到一个以“ it is impossible to extract the microcode”开始的错误, 那么你选择错了文件. 以下是例子.

*****: Sorry, it's not possible to extract "bcm43xx_microcode11.fw".
 *****: Extracting firmware from an old driver is bad. Choose a more recent one.
 *****: Luckily bcm43xx driver doesn't include microcode11 uploads at the moment.
 *****: But this can be added in the future...
 *****: Sorry, it's not possible to extract "bcm43xx_microcode13.fw".
 *****: Extracting firmware from an old driver is bad. Choose a more recent one.
 *****: Luckily bcm43xx driver doesn't include microcode11 uploads at the moment.
 *****: But this can be added in the future...


4. 现在我们必须把驱动模块装载到内存中,这样才能它才能被内核识别

[[email protected] tmp]# modprobe bcm43xx

5. 在 Fedora/Redhat中,你还可以重启是模块自动加载,把bcm43xx 驱动配置文件放到 /etc/modprobe.d 目录中就行了,幸运的是,RPM包自带一个样本,你可以将其复制到那个地方,在 Debian/Ubuntu中这一步没有必要。

[[email protected] tmp]# updatedb 
[[email protected] tmp]# locate modprobe.bcm43xx
/usr/share/doc/bcm43xx-fwcutter-005/modprobe.bcm43xx
[[email protected] bigboy tmp]# cp /usr/share/doc/bcm43xx-fwcutter-005/modprobe.bcm43xx /etc/modprobe.d/

最后一步是设置你的NIC,我们稍后会提到的。

  配置Broadcom NIC

安装固件后,设置NIC就像设置任何Linux兼容的无线网卡一样。

如果你的NIC不是被兼容的,也不含Broadcom 43XX 芯片组,那你就要考虑用ndiswrapper ,稍后涉及。

注意: 如果你在系统上同时装了 fwcutter和ndiswrapper ,即便是它们配置的是不同的NIC,你的网络连接也会断断续续。在我的小笔记本上的测试表明,这些包将会相互干扰与WAP联系能力。

  用 ndiswrapper

Windows  用 网络驱动接口规范(NDIS)作为操作系统与来自不同厂商的NIC驱动程序通信的标准,Linux ndiswrapper 软件套件(可从ndiswrapper.sourceforge.net 获得)允许你在Linux下允许你的Windows NIC 的驱动,它通过创造一个能够骗windows 驱动程序认为他在和Windows通信的包装,这样兼容性就大大扩展了,为了你重新编译你的内核,此工程的网站连接了支持ndiswrapper 的标准内核的 RPM 包。

此工程网站的安装指导很清晰,熟练的Linux 用户应该能在第一次尝试就能在一两小时内搞定。

ndiswrapper 还是从在局限性,他仅仅能工作在那些能被Windows支持硬件结构上,那个非常有用的 iwspay 命令(稍后讨论)就不能被支持,wrapper加入了一个一些复杂的不能正常从在的层,一个ndiswrapper的商业竞争者叫 DrverLoader (由 Linuxant corporation生产),我们也可以考虑一下这个。

  开始之前- Broadcom Chipsets

一下Linux发行版能够正确的检测到用 Broadcom 43xx 的芯片组,但是开源的驱动却不能工作,一下就是做法:

1.用 lspci 命令查看你所安装的网卡的类型,用 lsmod 弄清你已经加载的驱动。

[[email protected] tmp]# lspci
...
...
01:07.0 Network controller: Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev 02)
[[email protected] tmp]# lsmod
...
...
bcm43xx 419937 0 
...
...
[[email protected] tmp]#

2 . 如果你是Broadcom芯片组且 fw-cutter的方法又失败了,那么加入一下的条目到 /etc/modprobe.d/blacklist-compat 和 /etc/modprobe.d/blacklist 文件中,以阻止驱动在下一次启动时有被加载了。

#
# File: /etc/modprobe.d/blacklist AND 
# /etc/modprobe.d/blacklist-compat
# 

blacklist bcm43xx

安装完成后重启系统,继续安装 ndiswrapper。

==   安装并设置 ndiswrapper == 安装简单也快,开始吧
1.安装NIC,安装ndiswrapper tar 文件,解压缩。进入ndiswrapper 目录,在特定的版本的INSTALL文件中阅读安装指南,例子的版本是ndiswrapper,需 make uninstall , make 和 make install 命令来完成安装过程,由于我们都已经完成了内核的更新,应该不会出些错误了。
[[email protected] tmp]# tar -xvzf ndiswrapper-1.16.tar.gz [[email protected] tmp]# cd ndiswrapper-1.16 [[email protected] ndiswrapper-1.16]# make uninstall [[email protected] ndiswrapper-1.16]# make [[email protected] ndiswrapper-1.16]# make install 注意: 对于基于Debian 的发行版, 像 Ubuntu, ndiswrapper 可用apt-get 命令安装 。
2. 接下来我们需决定我们新安装的NIC 卡的PCI ID ,首先用lspci 命令找到NIC 的IRQ号,IRQ号将会在第一列列出 ,本例中  IRQ 是 01:08.0 

[[email protected] ndiswrapper-1.16]# lspci
...
...
01:08.0 Network controller: Intersil Corporation Prism 2.5 Wavelan chipset (rev 01)
...
...
[[email protected] ndiswrapper-1.16]#

[[email protected] ndiswrapper-1.16]# lspci -n ... ... 01:08.0 Class 0280: 1260:3873 (rev 01) ... ... [[email protected] ndiswrapper-1.16]# 3.lspci -n 能够获得xxxx:xxxx格式的PCI ID,我们的ID 是 1260:3873 4.ndiwwrpper网站上有一个PCI ID的表格和分别匹配Windows驱动。
http://ndiswrapper.sourceforge.net/mediawiki/index.php/List. 注意: 用这些信息下载合适你NIC的驱动,不要用来自你NIC 的CD上的Windows 驱动,因为他可能没有被ndiswrapper开发者在质量保证中测试过。网站列表提供了已知的可以工作的驱动的名字。
5.下载後就解压驱动文件,在主驱动目录下,应该有些匹配各种Windows版本的子目录,进入最近版本的目录。 [[email protected] tmp]# unzip mzq345v25_xp_certd.zip Archive: mzq345v25_xp_certd.zip inflating: mzq345v25_xp_certd_no_doc/autorun.exe inflating: mzq345v25_xp_certd_no_doc/autorun.inf ... ... ... inflating: mzq345v25_xp_certd_no_doc/winxp/NETmzq345.INF inflating: mzq345v25_Release_Note.TXT [[email protected] tmp]# cd mzq345v25_xp_certd_no_doc/winxp [[email protected] winxp]# 6.主要的Windows驱动将有个.INF 的扩展,用 ndiswrapper 带 -i 选项,在其后加上驱动名,用带 -l 选项的 ndiswrapper 命令确认安装成功。 [[email protected] winxp]# ls mzq345n51.sys NETmzq345.INF [[email protected] winxp]# ndiswrapper -i NETmzq345.INF Installing netmzq345 [[email protected] winxp]# ndiswrapper -l Installed drivers: netmzq345 driver installed, hardware present [[email protected] winxp]# 7.接下来,要更新Linux内核模块表,使之包含 ndiwrapper ,用带-a 选项的 depmod 命令可以做到这些。
[[email protected] winxp]# depmod -a [[email protected] winxp]# 8. 当 ndiswrapper 装载时,需要赋予给你的NIC卡一个设备名字,这需要用带 -m 选项的 ndiswrapper 命令,这里我们假设新设备名字叫wlan0。
[[email protected] winxp]# ndiswrapper -m Adding "alias wlan0 ndiswrapper" to /etc/modprobe.d/ndiswrapper [[email protected] winxp]# 9. 是时候用 modprobe 命令装载 ndiswrapper 内核模块了,你可以在 /var/log/messages 文件的尾端寻找命令的正确执行,以确认此操作的成功。
[[email protected] winxp]# modprobe ndiswrapper [[email protected] winxp]# tail /var/log/messages ... ... Mar 17 23:25:21 bigboy kernel: ndiswrapper version 1.6 loaded (preempt=no,smp=no) [[email protected] winxp]# dmesg 命令将会给出装载NIC驱动和ndiswrapper 模块的状态信息,应该不会有错误,如果有错误,你可能用了不是 ndiswrapper 网站推荐的驱动,你的NIC可能错了,它可能是Linux兼容的,也可能是你的ndiswrapper 或内核安装错了,更多细节请参照“Troubleshooting Your Wireless LAN”
[[email protected] tmp]# dmesg ... ... ... ndiswrapper version 1.16 loaded (preempt=no,smp=no) ndiswrapper: driver mzq345 (Broadcom,04/21/2005, 3.100.65.1) loaded ACPI: PCI Interrupt 0000:01:08.0[A] -> Link [LNKB] -> GSI 10 (level, low) -> IRQ 10 ndiswrapper: using irq 10 wlan0: vendor: wlan0: ndiswrapper ethernet device 00:06:25:1b:b2:a9 using driver mzq345, 14E4:4301.5.conf wlan0: encryption modes supported: WEP; TKIP with WPA, WPA2, WPA2PSK, WPA2, WPA2PSK [[email protected] tmp]# 10.为了能使应用程序正确的工作,你需要能总是能兼容ndiswrapper 的内核,用 yum 升级会升级你的当前内核,编辑你的 /etc/yum.conf 文件让内核不随着一起升级。 # # File: /etc/yum.conf # exclude= kernel 11. 用普通的Linux 无线工具配置wlan0的 IP 地址,ESSID,必要时还有加密,在Fedora 中,你可以调整速率到802.11g 的54Mp/s,要在/etc/sysconfig/network-scripts/ifcfg-wlan0 文件的末尾加上以下申明,如果你用的是802.11b则留空格。 RATE=54Mb/s 12. 现在用 ifup 命令启动NIC,当正确的连接以54Mps连接到一个介入点时,iwconfig命令将会显示界面。
[[email protected] winxp]# ifup wlan0 [[email protected] winxp]# iwconfig ... ... wlan0 IEEE 802.11g ESSID:"johncr0w" Nickname:"bigboy" Mode:Managed Frequency:2.462GHz Access Point: 00:09:5B:C9:19:22 Bit Rate=54Mb/s Tx-Power:32 dBm RTS thr=2347 B Fragment thr=2346 B Encryption key:98D1-26D5-AC Security mode:restricted Power Management:off Link Quality:88/100 Signal level:-55 dBm Noise level:-256 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:96 Invalid misc:1157 Missed beacon:0 ... ... [[email protected] winxp]# My experience with ndiswrapper in the home has been very good, but like Prism54 and even Linux-WLAN, you have to reinstall the product each time you upgrade your kernel. This may not be tolerable in a mission critical business environment where maintenance related downtime needs to be kept to a minimum and where all software used needs to be 100% Linux compatible to ensure stability. When 802.11g WiFi technology becomes more mature it will indubitably be supported natively by Linux Wireless Tools without the need for additional software, but there will always be NICs that don't support Linux and knowledge of ndiswrapper will be invaluable. 我在家中ndiswrapper 的体验很棒,但是象Prism54甚至Linux-WLAN,在你每次更新你的内核是,不得不重装,

Linux-WLAN 网络

Linux-WLAN 是初始的面向Linux的无线LAN产品之一,一般说来他要比安装wireless-tools要困难,排查错误的工具也少,但是它有广泛的硬件支持,所以鉴于你所能得到的NIC卡,这是中非常可取的方法,你会主要到Linux-WLAN用的是SSID而不是ESSID来配置文件。

Linux-WLAN 准备工作

此处有一些在用Linux-WLAN之前你需要谨记的指导:

为了相互通讯,所以在无线网络上的装置都必须用相同的网络标志或SSID:Linux-WLAN默认的SSID是linux-wlan,windows的NIC的SSID可能是不同的,要是设定一个普通的SSID并一直用下去就好很好。

一经配置完成,Linux-WLAN就不会认为无线NIC是个以太网的装置了,而是一个网线局域网的装置Linux-WLAN : T知道了这点很好,它防止了我们在排查错误的时候被搞糊了。

要是没有正常的发挥功效,就要在你的系统日志 /var/log/messages 找错误: 这是一个好的信息来源,第五章 "Troubleshooting Linux with syslog",展示了怎样使你的日志对错误更敏感。


如果你用的是那些老的并未打包的Linux-WLAN软件版本,你可能在/var/log/messeges 会得到一些诸如"device unknown" 或 "no such device" 于wlan相关的错误信息 : 尽可能的用最新版本,这样使安装能更顺利。

在安装PCMCIA卡(如Linksys WPC11)的Linux-WLAN软件的之前,你需要安装支持PCMCIA的RPM包:这一步在安装PCI卡(如Linux WPC11)时就不需要了。

在Fedora中,包的名字是pcmcia-cs,在RedHat 9和更早的版本中叫 kernel-pcmcia-cs,搜索RPM时记住,包的名字往往是以软件名字和版本号开始的,就像 kernel-pcmcia-cs-3.1.31-13.i386.rpm。

辨别正确的RPM

http://prism2.unixguru.raleigh.nc.us 可以找到驱动文件,记住下载正确的内核类型,操作系统版本,内核版本的包,如果你需要一个更新的,参照 Chapter 6, "Installing RPM Software"的细节。

决定内核类型

利用uname -p 命令,  Bigboy 在Chapter 1讨论了, "Why Host Your Own Site?", 一个在i686上运行的linux版本,你安装的linux版本可能和你的CPU不符,坚持使用 uname :

[[email protected] tmp]# uname -p
i686
[[email protected] tmp]#

决定操作系统版本

最简单的查询操作系统的版本的方法之一是查看 /etc/redhat-release 或 /etc/fedora-release 文件,本例中,bigboy服务器运行的是RedHat 9.0,而 zero 运行的是Fedora Core 1,在其他的linux发行版中你可以在/etc/iusse 文件中查看。

[[email protected] tmp]# cat /etc/redhat-release
Red Hat Linux release 9 (Shrike)
[[email protected] tmp]#

[[email protected] root]# cat /etc/fedora-release
Fedora Core release 1 (Yarrow)
[[email protected] root]#

决定内核版本

你可以用uname -r 命令列出内核的版本,本例中,bigboy 运行的是 2.4.20-8;

[[email protected] tmp]# uname -r
2.4.20-8
[[email protected] tmp]#

  安装RPM

有了Linux的所有信息后,你需要下载和安装base,模块和界面包,搜索RPM时要记得文件名总是以文件名后接版本号开头的:

kernel-wlan-ng-0.2.1-pre14.i686.rpm
kernel-wlan-ng-modules-fc1.1.2115-0.2.1-pre14.i686.rpm
kernel-wlan-ng-pci-0.2.1-pre14.i686.rpm
kernel-wlan-ng-pcmcia-0.2.1-pre14.i686.rpm

注意: 基于PCMCIA和PCI的RPM包有一些不同,在所有的例子中base和模块的RPM都要安装。

注意此处安装样本的输出的顺序,如果在安这的最后的一行给出的是成功的代码,则要仔细检查你的安装准备步骤和RPM版本。

[[email protected] tmp]# rpm -Uvh kernel-wlan-ng-0.2.1-pre14.i686.rpm
Preparing... ##################################### [100%]
 1:kernel-wlan-ng ##################################### [100%]
[[email protected] tmp]# rpm -Uvh kernel-wlan-ng-modules-fc1.1.2115-0.2.1-pre14.i686.rpm
Preparing... ##################################### [100%]
 1:kernel-wlan-ng-modules-##################################### [100%]
[[email protected] tmp]#
 
[[email protected] tmp]# rpm -Uvh kernel-wlan-ng-pcmcia-0.2.1-pre14.i686.rpm
Preparing... ##################################### [100%]
 1:kernel-wlan-ng-pci ##################################### [100%]
Adding prism2_pci alias to /etc/modprobe.conf file...
***NOTE*** YOU MUST CHANGE THIS IF YOU HAVE A PLX CARD!!!
The default wlan0 network configuration is DHCP. Adjust accordingly.
 
ACHTUNG! ATTENTION! WARNING!
 YOU MUST configure /etc/wlan/wlan.conf to define your SSID!
 YOU ALSO must configure /etc/wlan/wlancfg-SSID to match WAP settings!
 (---> replace SSID in filename with the value of your SSID)
 
If you get an error after this point, there is either a problem with
your drivers or you don't have the hardware installed! If the former,
get help!
 
Starting WLAN Devices:message=dot11req_mibset
 mibattribute=dot11PrivacyInvoked=false
 resultcode=success
message=dot11req_mibset
 mibattribute=dot11ExcludeUnencrypted=false
 resultcode=success
[[email protected] tmp]#

Note: 如果升级你的Linux版本,你必须整个重新安装Linux-WLAN,这将会重新的创建新版本的 /etc/sysconfig/network-scripts/ifcfg-wlan0, /etc/wlan/wlan.conf 和 /etc/pcmcia/wlan-ng.opts 文件, 你就不得不从自动保存的版本中恢复。

Linux-WLAN Post Installation Steps

After the RPMs are installed, you need to configure the new wlan0 wireless NIC to be compatible with your network.

Configure The New wlan0 Interface

Edit /etc/sysconfig/network-scripts/ifcfg-wlan0 to include these new lines:

DHCP Version Fixed IP Version
============ =================
 
DEVICE=wlan0 DEVICE=wlan0
USERCTL=yes IPADDR=192.168.1.100
ONBOOT=yes NETMASK=255.255.255.0
BOOTPROTO=dhcp ONBOOT=yes
 BOOTPROTO=static

In the fixed IP version you also need to substitute your selected IP, netmask, network, and broadcast address with those above. Plus, make sure you have the correct gateway statement in your /etc/sysconfig/network file, for example. GATEWAY=192.168.1.1.

  关掉已存在的以太网 NIC

你可能想在安装了驱动后关掉已存在的eth0以太网卡, 在/etc/sysconfig/network-scripts/ifcfg-eth0 文件后加上 ONBOOT=no行,和这样能在网卡重启或 when /etc/init.d/network 重启后关掉网卡.

选择无线模式和SSID

所有的配置文件都在/etc/wlan 目录中,你的服务器允许你连接总计3个的网线LAN,你要在 /etc/wlan/wlan.conf 文件中为每个无线WLAN分别设置SSID(LAN ID),例如,我使wlan0网卡连接到 homenet 的WLAN中,指导驱动搜索所有chanel的SSID.


#
# Specify all the wlan interfaces on the server
#
WLAN_DEVICES="wlan0"
 
#
# Specify whether the server should scan the network channels
# for valid SSIDs
#
WLAN_SCAN=y

#
# Specify expected SSIDs and the wlan0 interface to which it should
# be tied
#
SSID_wlan0="homenet"
ENABLE_wlan0=y

每个特定的WLAN在 /etc/wlan/wlan.conf 文件中都有自己的配置文件, 复制 /etc/wlan/wlancfg-DEFAULT 到名为file to a file named /etc/wlan/wlancfg-SSID (用实际的SSID代替此处的SSID). 此行用来配置homenet 为SSID:

[[email protected] wlan]# cp wlancfg-DEFAULT wlancfg-homenet

Start Linux-WLAN

Start the wlan process and test for errors in the file /var/log/messages. All the result codes in the status messages should be "success". You may receive the following error, however, which the WLAN RPM website claims is "harmless".

Error for wireless request "Set Encode" (8B2A) :
 SET failed on device wlan0 ; Function not implemented.
Error for wireless request "Set ESSID" (8B1A) :
 SET failed on device wlan0 ; Function not implemented.
 

tertetetetetet

PCI Cards - Installed Using RPMs

With PCI cards, Linux-wlan can be started by restarting the WLAN daemon.

[[email protected] tmp]# service wlan restart
[[email protected] tmp]# ifup wlan0

PCMCIA Cards

With PCMCIA cards, Linux-wlan can be started by restarting the Linux PCMCIA daemon.

[[email protected] tmp]# service pcmcia restart
[[email protected] tmp]# service network restart

Testing Linux-WLAN

Now check to see if IP address of the wlan0 interface is okay. Refer to the troubleshooting section below if you cannot ping the network's gateway.

[[email protected] tmp]# ifconfig -a
[[email protected] tmp]# ping <gateway-address>

Linux-WLAN WEP Encryption For Security

One of the flaws of wireless networking is that all the wireless clients can detect the presence of all available network SSIDs and have the option of joining any of them. With encryption, the client must have a membership encryption password that can also be represented as a series of Wireless Encryption Protocol (WEP) keys. The wlan.conf file (RedHat 8.0 RPMs), wlan-SSID file (RedHat 9/Fedora Core 1 RPMs), or /etc/pcmcia/wlan-ng.opts file (PCMCIA-type NICs) is also used to activate this feature.

Note: I strongly recommend that you first set up your network without encryption. Only migrate to an encrypted design after you are satisfied that the unencrypted design works correctly.

To invoke encryption, you have to set the dot11PrivacyInvoked parameter to true. You also must state which of the keys will be used as the default starting key via the dot11WEPDefaultKeyID parameter. You then have the option of either providing a key-generating string (simple password) or all four of the keys. In the example below, ketchup is the password used to automatically generate the keys.

#=======WEP===========================================
# [Dis/En]able WEP. Settings only matter if PrivacyInvoked is true
lnxreq_hostWEPEncrypt=false # true|false
lnxreq_hostWEPDecrypt=false # true|false
dot11PrivacyInvoked=true
dot11WEPDefaultKeyID=1
dot11ExcludeUnencrypted=true # true|false, in AP this means WEP
# is required for all STAs
# If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate
# keys (just a convenience)
PRIV_GENERATOR=/sbin/nwepgen # nwepgen, Neesus compatible
PRIV_KEY128=false # keylength to generate
PRIV_GENSTR="ketchup"
# or set them explicitly. Set genstr or keys, not both.
dot11WEPDefaultKey0= # format: xx:xx:xx:xx:xx or
dot11WEPDefaultKey1= # xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx
dot11WEPDefaultKey2= # e.g. 01:20:03:40:05 or
dot11WEPDefaultKey3= # 01:02:03:04:05:06:07:08:09:0a:0b:0c:0d 

Not all devices on your network will use the same algorithm method to generate the encryption keys. You may find the same generator string will not create the same keys, rendering intra-network communication impossible. If this is the case, you can use the /sbin/nwepgen program to generate the keys after you provide an easy to remember key generator string. Once you have the four sets of keys, you'll have to add them individually and in sequence to the wlan.conf, wlan-SSID or /etc/pcmcia/wlan-ng.opts file and set the PRIV_GENSTR parameter to a null string of a null string of "" (the quotes are important). Here is how you can use nwepgen to create the keys with a generator string of ketchup.

[[email protected] tmp]# /sbin/nwepgen ketchup
64:c1:a1:cc:db
2b:32:ed:37:16
b6:cc:9e:1b:37
d7:0e:51:3f:03
[[email protected] tmp]#

In this case your wlan.conf or wlan-SSID file would look like this:

PRIV_GENSTR=""
# or set them explicitly. Set genstr or keys, not both.
dot11WEPDefaultKey0= 64:c1:a1:cc:db
dot11WEPDefaultKey1= 2b:32:ed:37:16
dot11WEPDefaultKey2= b6:cc:9e:1b:37
dot11WEPDefaultKey3= d7:0e:51:3f:03

Remember that all devices on your network, including all wireless NICs and WAPs, need to have the same keys and default key for this to work.

De-activating Encryption

In some cases, NIC cards without full Linux-WLAN compatibility freeze up after a number of hours of working with encryption. The steps to reverse encryption are:

1. Set the configuration file parameter dot11PrivacyInvoked to false.

2. Stop Linux-WLAN, and disable the wireless wlan0 interface

[[email protected] tmp]# service wlan stop
Shutting Down WLAN Devices:message=lnxreq_ifstate
 ifstate=disable
 resultcode=success
[[email protected] tmp]# ifdown wlan0

3. The driver is still loaded in memory with the old encryption parameters, even though it is not active. Linux frequently loads device driver software, such as those that govern the operation of NIC cards, as modules that the kernel, or Linux master program, uses in its regular operation. Use the lsmod command to display a list of loaded modules. You'll be most interested in the modules associated with 802.11 wireless protocols, which appear here as p80211 and prism2_pci:.

[[email protected] tmp]# lsmod
Module Size Used by Not tainted
...
...
prism2_pci 66672 1 (autoclean)
p80211 20328 1 [prism2_pci]
...
...
[[email protected] tmp]#

Sometimes your NIC card may use the orinoco chip set drivers instead of the prism drivers:

[[email protected] tmp]# lsmod
Module Size Used by
...
...
orinoco 45517 1 orinoco_pci
hermes 6721 2 orinoco_pci,orinoco
...
...
[[email protected] tmp]#

4. Now that you have identified the driver modules in memory, unload them with the rmmod command:

[[email protected] tmp]# rmmod prism2_pci
[[email protected] tmp]# rmmod p80211

5. Restart Linux-WLAN, reactivate the wlan0 interface, and you should be functional again:

[[email protected] tmp]# service wlan start
Starting WLAN Devices:message=lnxreq_hostwep
 resultcode=no_value
 decrypt=false
 encrypt=false
[[email protected] tmp]# ifup wlan0

If you fail to reload the driver modules, you'll get errors in your /var/log/messages file and your NIC card will operate in an encrypted mode only.

Jan 2 18:11:12 bigboy kernel: prism2sta_ifstate: hfa384x_drvr_start() failed,result=-110
Jan 2 18:11:18 bigboy kernel: hfa384x_docmd_wait: hfa384x_cmd timeout(1), reg=0x8021.
Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Initialize command failed.
Jan 2 18:11:18 bigboy kernel: hfa384x_drvr_start: Failed, result=-110

Troubleshooting Your Wireless LAN

Linux wireless troubleshooting tools are quite extensive and provide a variety of useful information to help you get your network working. This section covers many important strategies that will compliment the use of more conventional procedures such as scanning your /var/log/messages file.

Check The NIC Status

When using WLAN methodology, the iwconfig, iwlist, and iwspy commands can provide useful information about the status of your wireless network. Take a closer look.

The iwconfig Command

In addition to using the regular ifconfig command to check the status of your NIC, you can use the iwconfig command to view the state of your wireless network, just don't specify any parameters. Specifically, you can see such important information as the link quality, WAP MAC address, data rate, and encryption keys, which can be helpful in ensuring the parameters across your network are the same. For example:

[[email protected] tmp]# iwconfig
eth0      IEEE 802.11-DS  ESSID:"homenet"   Nickname:"bigboy"
          Mode:Managed   Frequency:2.462GHz  Access Point: 00:09:5B:C9:19:22
          Bit Rate:11Mb/s   Tx-Power=15 dBm   Sensitivity:1/3
          Retry min limit:8   RTS thr:off   Fragment thr:off
          Encryption key:98D1-26D5-AC   Security mode:restricted
          Power Management:off
          Link Quality:36/92   Signal level:-92 dBm  Noise level:-148 dBm
          Rx invalid nwid:0  Rx invalid crypt:2  Rx invalid frag:0
          Tx excessive retries:10  Invalid misc:0   Missed beacon:0
[[email protected] tmp]#

The iwlist Command

The iwlist command can provide get further information related to not just the NIC, but the entire network, including the number of available frequency channels, the range of possible data rates, and the signal strength. This example uses the command to verify the encryption key being used by the NIC, which can be very helpful in troubleshooting security related difficulties on your network.

[[email protected] tmp]# iwlist key
...
...
eth0      2 key sizes : 40, 104bits
          4 keys available :
                [1]: 9671-36DE-AC (40 bits)
                [2]: off
                [3]: off
                [4]: off
          Current Transmit Key: [1]
          Security mode:open
...
...
[[email protected] tmp]#

The iwlist command can verify the speed of the NIC card being used, 11Mb/s in this case. This can be helpful in determining possible reasons for network slowness, especially as poor signal quality can result in the NIC negotiating a low bit rate with its WAP.

[[email protected] tmp]# iwlist rate
...
...
eth0      4 available bit-rates :
          1Mb/s
          2Mb/s
          5.5Mb/s
          11Mb/s
          Current Bit Rate:11Mb/s
...
...
[[email protected] tmp]#

For further information on the iwlist command, consult the man pages.

The iwspy Command

The iwspy command provides statistics on the quality of the link between your NIC and another wireless device on the network. It doesn't run all the time; you have to activate iwspy on your interface first. When not activated, iwspy gives a "no statistics to collect" message.

[[email protected] root]# iwspy eth0
eth0      No statistics to collect
[[email protected] root]#

Activation requires you to specify the target IP address and the wireless NIC interface through which it can be found.

[[email protected] tmp]# iwspy eth0 192.168.1.1

If you use the iwspy command without the IP address it provides WLAN statistics with a typical/reference value against which it can be compared. In the example that follows the signal is considered fairly strong, with a 64/92 quality value versus a typical 36/92 value, but it could be weak by the historical values on your network. It's good to check this from time to time for fluctuations.

[[email protected] tmp]# iwspy eth0
eth0      Statistics collected:
    00:09:5B:C9:19:22 : Quality:0  Signal level:0  Noise level:0
    Link/Cell/AP      : Quality:64/92  Signal level:-51 dBm   Noise level:-149 dBm (updated)
    Typical/Reference : Quality:36/92  Signal level:-62 dBm   Noise level:-98 dBm
[[email protected] tmp]#

To switch off iwspy monitoring, add the off argument.

[[email protected] root]# iwspy eth0 off

Check For Interrupt Conflicts

Devices slotted into your PCI bus are generally assigned an interrupt value by the system, which the system uses to signal its need to communicate with the device. Multiple devices on the bus can have the same interrupt, but the system will access each one using a different memory address to avoid confusion. Sometimes this automatic allocation of interrupt (IRQ) values and memory locations is flawed and overlaps do occur, causing devices to fail.

Before configuring your WLAN software, you should ensure that the wireless NIC card doesn't have an interrupt that clashes with another device in your computer. Insert the card in an empty slot in your Linux box according to the instructions in its manual, reboot, and inspect your /var/log/messages file again:

[[email protected] tmp]# tail -300 /var/log/messages

Look carefully for any signs that the card is interfering with existing card IRQs. If there is a conflict, there will usually be a warning or "IRQ also used by ..." message. If that is the case, move the card to a different slot or otherwise eliminate the conflict by disabling the conflicting device if you don't really need it.

You should also inspect your /proc/interrupts file for multiple devices having the same interrupt

[[email protected] tmp]# cat /proc/interrupts
11:     4639     XT-PIC     wlan0, eth0      (potentially bad)
 
[[email protected] tmp]# cat /proc/interrupts
11:     4639     XT-PIC     wlan0            (good)
 

Interrupt conflicts are usually more problematic with old style PC-AT buses; newer PCI-based systems generally handle conflicts better. The prior (potentially bad) /proc/interrupts example came from a functioning PCI-based Linux box. It worked because, although the interrupt was the same, the base memory addresses that Linux used to communicate with the cards were different. You can check both the interrupts and base memory of your NIC cards by using the ifconfig -a command:

[[email protected] tmp]# ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:08:C7:10:74:A8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:11 Base address:0x1820 

wlan0 Link encap:Ethernet HWaddr 00:06:25:09:6A:B5
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:215233 errors:0 dropped:0 overruns:0 frame:0
TX packets:447594 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:39394014 (37.5 Mb) TX bytes:126738425 (120.8 Mb)
Interrupt:11 Memory:c887a000-c887b000

[[email protected] tmp]#

Kernel Errors

When you find p80211 Kernel errors in /var/log/messages, they usually point to an incorrectly configured SSID or may also be caused by a NIC card with an outdated firmware version. For example

Nov 13 22:24:54 bigboy kernel: p80211knetdev_hard_start_xmit: Tx attempt prior to association, frame dropped.

Another good source of information is the dmesg command which shows errors encountered by the kernel. In this case the firmware (microcode) for a Broadcom 43XX NIC could not be found. This was fixed by using the bcm43xx-fwcutter technique explained in this chapter.

[[email protected] tmp]# dmesg
...
...
bcm43xx: PHY connected
bcm43xx: Error: Microcode "bcm43xx_microcode5.fw" not available or load failed.
bcm43xx: core_up for active 802.11 core failed (-2)
[[email protected] tmp]#

Can't Ping Default Gateway

If you can't ping the default gateway, first check for kernel log errors.

If there are no errors in /var/log/messages and you can't ping your gateways or obtain an IP address, then check your /etc/sysconfig/network-scripts/ configuration files for a correct IP configuration and your routing table to make sure your routes are OK. You can also check to see if your Linux box is out or range of the WAP using the iwconfig command.

"Unknown Device" Errors

Look for "unknown device" or "no such device" errors in your log files or on your screen during installation or configuration. These may be caused by:

  • A NIC card that hasn't been correctly inserted in the PCI slot
  • Incompatible hardware.

For example, you might see incompatible hardware errors in /var/log/messages:

00:0c.0 Network controller: BROADCOM Corporation: Unknown device 4301 (rev01)
Subsystem: Unknown device 1737:4301
Flags: bus master, fast devsel, latency 64, IRQ 5
Memory at f4000000 (32-bit, non-prefetchable) [size=3D8K]
Capabilities: [40] Power Management version 2

Or, you might see errors on the screen:

Dec 1 01:28:14 bigboy insmod: /lib/modules/2.4.18-14/net/prism2_pci.o: init_module: No such device
Dec 1 01:28:14 bigboy insmod: Hint: insmod errors can be caused by incorrect module parameters, including invalid IO or IRQ parameters. You may find more information in syslog or the output from dmesg
Dec 1 01:28:14 bigboy insmod: /lib/modules/2.4.18-14/net/prism2_pci.o: insmod wlan0 failed

Hermes Chipset Errors

I have seen cases where Linux compatible NIC cards with the Hermes chipset fail to respond after the system has been running for a few days with errors in the /var/log/messages file similar to these.

May  7 22:26:26 bigboy kernel: hermes @ e0854000: BAP0 offset timeout: reg=0x8044 id=0xfc80 offset=0x0
May  7 22:26:26 bigboy kernel: eth1: Error -110 setting multicast list.
May  7 22:26:26 bigboy avahi-daemon[1701]: Withdrawing address record for 216.10.119.243 on eth1.
May  7 22:26:26 bigboy avahi-daemon[1701]: Leaving mDNS multicast group on interface eth1.IPv4 with address 216.10.119.243.
May  7 22:26:26 bigboy avahi-daemon[1701]: IP_DROP_MEMBERSHIP failed: No such device
May  7 22:26:26 bigboy avahi-daemon[1701]: iface.c: interface_mdns_mcast_join() called but no local address available.
May  7 22:26:26 bigboy avahi-daemon[1701]: Interface eth1.IPv4 no longer relevant for mDNS.
May  7 22:26:27 bigboy kernel: hermes @ e0854000: Timeout waiting for command 0x0002 completion.
May  7 22:26:27 bigboy kernel: eth1: Error -110 disabling MAC port
May  7 22:26:31 bigboy kernel: hermes @ e0854000: ng Error -16 issuing command 0x0021.
May  7 22:26:31 bigboy kernel: hermes @ e0854000: Error -16 issuing command 0x0021.
May  7 22:26:31 bigboy kernel: eth1: Error -110 setting MAC address
May  7 22:26:31 bigboy kernel: eth1: Error -110 configuring card

Connectivity is usually only restored after a reboot. The best solution to the problem has been to either use ndiswrapper or replace the NIC with a truly compatible device.

Broadcom SoftMac Errors

If your configuration is correct, and your NIC fails to work while adding repeated failed SoftMAC authentication requests messgaes to your /var/logs/messages file, as seen here, you may have a Linux incompatibility issue with your NIC.

May 15 20:02:04 bigboy kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
May 15 20:02:04 bigboy kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
May 15 20:02:04 bigboy kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
May 15 20:02:04 bigboy kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
May 15 20:02:04 bigboy kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
May 15 20:02:04 bigboy kernel: SoftMAC: Scanning finished: scanned 14 channels starting with channel 1
May 15 20:02:04 bigboy kernel: SoftMAC: Queueing Authentication Request to 00:18:39:ea:5c:ac
May 15 20:02:04 bigboy kernel: SoftMAC: Cannot associate without being authenticated, requested authentication
May 15 20:02:04 bigboy kernel: SoftMAC: Sent Authentication Request to 00:18:39:ea:5c:ac.
May 15 20:02:04 bigboy kernel: SoftMAC: generic IE set to dd160050f20101000050f20201000050f20201000050f202
May 15 20:02:04 bigboy kernel: SoftMAC: Already associating or associated to 00:18:39:ea:5c:ac
May 15 20:02:04 bigboy kernel: SoftMAC: Open Authentication completed with 00:18:39:ea:5c:ac
May 15 20:02:04 bigboy kernel: SoftMAC: sent association request!
May 15 20:02:04 bigboy kernel: SoftMAC: associated!
May 15 20:02:04 bigboy kernel: SoftMAC: Associate: Scanning for networks first.

Try using ndiswrapper as a quick solution to this problem.

ndiswrapper Errors

There are a number of common errors that can occur with the use of ndiswrappers. Here are some common examples.

CONFIG_4KSTACKS errors During Installation

Sometimes your ndiswrapper installation will give CONFIG_4KSTACKS errors, like the one that follows, due to a kernel incompatibility:

*** WARNING: Kernel seems to have 4K size stack option (CONFIG_4KSTACKS) removed; many Windows
drivers will need at least 8K size stacks. You should read wiki about 4K size stack issue. Don't
complain about crashes until you resolve this.
...
...
[[email protected] ndiswrapper-1.16]#

This is common with default Fedora installations, and ndiswrapper may work perfectly with this limitation. If you had no CONFIG_4KSTACKS type errors or are willing to test ndiswrapper even though they exist, then you can proceed with your installation in the normal fashion. The following steps will show you how to recover from this error cleanly.

1. The ndiswrapper website lists websites at the following URL from which you can download kernels with larger 16K stacks. This will be faster than creating your own.

http://ndiswrapper.sourceforge.net/mediawiki/index.php/Fedora

Remember to download a kernel that matches your system architecture and kernel version. This can be ascertained using the uname -a command. Here our system is running Fedora Core 5 kernel version 2.6.16-1.2122 on an i686 platform.

[[email protected] linux]# uname -rp
2.6.16-1.2122_FC5 i686
[[email protected] linux]#

If you choose to download the purpose built kernel then do so. Install the RPM, reboot and then continue to the section, "Installing and Configuring ndiswrapper".

If you decide to create your own kernel, then follow the next steps.

2. You have reached this step because you have decided to recompile your kernel. It is not a difficult process, there are only a few steps, but the compilation time can be lengthy. The first step is to install the kernel source files. This is covered in Chapter 33, "Modifying the Kernel to Improve Performance".

3. After installing the sources, you'll have to prepare for compiling a new kernel customized for use with ndiswrapper. The first step is to clean up any temporary files that may have existed from any previous compilations you may have done by using the make mrproper command. You'll then need to use the make oldconfig command to create a default version of the .config file Linux will use in compiling your new customized kernel.

[[email protected] tmp]# cd /usr/src/linux
[[email protected] linux]# make mrproper
[[email protected] linux]# make oldconfig

4. Edit the .config file and set the CONFIG_4KSTACKS variable to "n".

[[email protected] linux]# vi .config

#
# File: /usr/src/linux/.config
#

#CONFIG_4KSTACKS=y
CONFIG_4KSTACKS=n

[[email protected] linux]#

5. The kernel compilation process also reads the file Makefile to determine the new name of the kernel to be used. The EXTRAVERSION variable in this file adds a suffix to the kernel name to help you track version numbers. Edit Makefile and set the EXTRAVERSION to -ndis-stk16 so that the new kernel will be easily identifiable as a version that supports ndiswrapper.

[[email protected] linux]# vi Makefile

#
# File: /usr/src/linux/Makefile
#

EXTRAVERSION = -ndis-stk16

[[email protected] linux]#

6. Compile the kernel and its modules with the following series of make commands. Make sure they finish without error and remember that this can be a lengthy process.

[[email protected] linux]# make; make modules_install; make install

7. If you installed a new version of the kernel, you'll now have to ensure that your system selects the correct kernel version when it reboots. This will require you to edit the /etc/grub.conf file as outlined in Chapter 33, "Modifying the Kernel to Improve Performance".

8. Shutdown your system, install the NIC card and boot up. The system will now load your new kernel which you can verify with the uname command.

[[email protected] linux]# uname -r
2.6.16-ndis-stk16
[[email protected] linux]#

9. If you installed a new version of the kernel and your system fails to reboot correctly, refer to the "Kernel Crash Recovery" section of Chapter 33, "Modifying the Kernel to Improve Performance" for help. When you get your system to reboot correctly, revise your installation steps and make sure you had originally installed the correct version.

With your new kernel running, its time to reinstall and configure ndiswrapper.

Incorrect Driver

Using an incorrect driver will cause errors to be displayed when you run the dmesg command. Here is a simple error message in which part of th edriver initialization process failed:

[[email protected] tmp]# 
...
...
...
wlan0: ndiswrapper ethernet device 00:06:25:1b:b2:a9 using driver wmp11v27, 14E4:4301:1737:4301.5.conf
ndiswrapper (set_auth_mode:702): setting auth mode to 3 failed (C0010015)
[[email protected] tmp]#

The best way to fix this is to obtain the correct driver, unload the ndiswrapper module from memory, uninstall the old driver, install the new driver and then reload ndiswrapper. Here are the steps with the necessary commands:

1. Download the driver package from the correct source and extract the contents to your Linux system. 2. Verify that the ndiswrapper module has been loaded using the lsmod command, and then remove it from memory using the rmod command.

[[email protected] tmp]# lsmod
 Module                  Size  Used by
 ...
 ...
 ndiswrapper           145584  0 
 ipv6                  225504  16 
 autofs4                19204  1 
 [[email protected] tmp]# rmmod ndiswrapper

3. Get a listing of the installed drivers using the ndiswrapper command with the -l flag, and then remove the desired driver using the ndiswrapper -e flag.

[[email protected] tmp]# ndiswrapper -l
Installed drivers:
wmp11v27                driver installed, hardware present 
[[email protected] tmp]# ndiswrapper -e wmp11v27 
[[email protected] tmp]# 

4. Install the new driver with the ndiswrapper -i flag and verify that the driver was loaded with the ndiswrapper -l flag.

[[email protected] tmp]# ndiswrapper -i bcmwl5.inf
Installing bcmwl5
[[email protected] tmp]# ndiswrapper -l
Installed drivers:
bcmwl5          driver installed, hardware present 
[[email protected] tmp]#

5. Use modprobe to reload the ndiswrapper module into memory.

[[email protected] tmp]# modprobe ndiswrapper

6. Finally, verify that there were no loading problems with the dmesg command. If there weren't any, configure your wlan0 interface like any other Linux NIC interface on your system.

It is always a good idea to use the correct drivers to reduce the risk of installation failure. Fortunately this recovery procedure should get your system to function correctly.

NICs that are Incompatible with ndiswrapper

The ndiswrapper module works by assuming that the Linux operating system does not recognize the NIC card. If Linux does recognize the card, then ndiswrapper won't load correctly. The ndiswrapper -l command will list installed drivers, there will be ndiswrapper entries in the /var/log/messages file but the dmesg command won't mention the status of the ndiswrapper module loading process at all and activating the wlan0 interface will fail.

[[email protected] tmp]# ifup wlan0
ndiswrapper device wlan0 does not seem to be present, delaying initialization.
[[email protected] tmp]# ndiswrapper -l
Installed drivers:
netma311                driver installed, hardware present 
[[email protected] tmp]# dmesg | grep ndiswrapper
[[email protected] tmp]#

The previous example shows these symptoms when using ndiswrapper with a Linux compatible Netgear ma311 NIC.

A Common Problem With Linux-WLAN And Fedora Core 1

In older versions of Fedora Core 1, the operating system will auto-detect Linux-WLAN-compatible NIC cards and enter a line similar to.

alias      eth2       orinoco_pci

in the /etc/modprobe.conf file. In other words, it detects them as an Ethernet eth device instead of a WLAN wlan device.

This seems to conflict with the WLAN RPMs, and you'll get errors like this when starting Linux-WLAN:

Starting WLAN Devices: /etc/init.d/wlan: line 119: Error: Device wlan0 does not seem to be present.: command not found
/etc/init.d/wlan: line 120: Make sure you've inserted the appropriate: command not found
/etc/init.d/wlan: line 121: modules or that your modules.conf file contains: command not found
/etc/init.d/wlan: line 122: the appropriate aliase(s).: command not found

You can fix the problem with the proper steps. This example refers to a compatible Orinoco chipset card:

Use the following steps to fix the problem. The example below refers to a compatible Orinoco chipset card. The intention of this procedure is to remove all reference to the Orinoco driver in the Linux configuration files and then force the Linux new hardware detection program, named "kudzu", not to configure the NIC card according to the Linux defaults. The "eth" device will be recreated, but the "ignore" option provided to kudzu will prevent the Orinoco entry in the /etc/modprobe.conf from being reinserted, preventing conflict with the Linux-WLAN package's "wlan" device.

  1. Remove the orinoco_pci line from the /etc/modprobe.conf file. Do not remove the entry for device wlan0.
  2. Edit your /etc/sysconfig/hwconf file, search for orinoco_pci, and remove the orinoco_pci section that refers to your wireless card. (Each section starts and ends with a single - on a new line.)
  3. Reboot.
  4. The Linux boot process always runs kudzu, the program that detects new hardware. Kudzu detects the wireless card and asks whether you want to configure it. Choose ignore. This will reinsert the wireless card in the /etc/sysconfig/hwconf file, but not in the /etc/modprobe.conf file.
  5. Your NIC card should start to function as expected as device wlan0 when you use the ifconfig -a command. Configure the IP address, and activate the NIC as shown earlier in this chapter. Remove the orinoco_pci line from the /etc/modprobe.conf file. DO NOT remove the entry for device wlan0.

The procedure removes all reference to the Orinoco driver in the Linux configuration files and then forces kudzu not to configure the NIC card according to the Linux defaults. The eth device will be recreated, but the ignore option provided to kudzu will prevent the Orinoco entry in the /etc/modprobe.conf from being reinserted, preventing conflict with the Linux-WLAN package's wlan device.

Wireless Networks In Businesses

Sometimes implementing a wireless network inside a business place becomes necessary. Visiting managers may need a quick connection in a conference room; sales people sharing cubicles my need it as the number of work spaces get exhausted. Perhaps someone is going to set one up on your network anyway, you might as well control this from the beginning.

Apart from people who download infected software and e-mail attachments, mobile employees' notebook computers are usually viewed as a high risk source of unintentional malicious activity as there is even less control over what these employees do than those with fixed workstations. With this in mind, it is usually best to isolate this type of wireless network completely from your internal, trusted, and wired one. Some types of network architectures make the wireless router only have access to the Internet, and no where else, via its own dedicated DSL line. The wireless users then have to use some form of a VPN client to gain access to the office servers just as if they were doing so from home. To reduce the risk of the network being hijacked, be sure to encrypt the traffic and use a proxy server running such software as Squid (see Chapter 32, "Controlling Web Access with Squid") to limit Internet access to authorized users via some form of pop-up username and password authentication. With this sort of architecture, if the wireless network gets hijacked, your office systems should remain relatively safe.

Many WAPs have the option of not advertising their ESSIDs which prevents users from browsing around to select the nearest available WLAN. Activation of this feature can be inconvenient to users as wireless clients will need to know the predefined ESSID to gain LAN access, but it more importantly reduces the risk of an outsider connecting to your wireless LAN by roaming the airwaves for an available WAP.

There are many other types of wireless methodologies. Please investigate a variety of options before coming to a final conclusion.

Conclusion

With the knowledge gained in the chapters in Part 1 of the book you will be able to configure a Linux file and DHCP server on small network with relative ease. Part 2 will explore the possibility of making your server also become the core of your self-managed dedicated Web site.