Linux Wireless is the source for documentation regarding the entire Linux Kernel IEEE 802.11 ("wireless") subsystem. It is a wiki like this one, so feel free to contribute there as well! Everything not OpenWrt specific, belongs there. This page is an exception, as I believe I can provide a better introduction.
- IEEE 802.3 has an official name: Ethernet
- IEEE 802.11 is a family of communication protocols also comprising Layer 1 and Layer 2 Sublayer MAC
- IEEE 802.11 has no official name; so most people simply call it "wireless" or "wavelan" or
wifi(note that Wi-Fi is a brand name)
- The support for IEEE 802.11 in the Linux-Kernel is fragmented: this means there are two frames (WEXT=deprecated, cfg80211 + nl80211=current) and multiple drivers, e.g.
- for some atheros WNICs, there are three drivers available: atheros proprietary drivers, madwifi-driver and atheros mac80211-based drivers (
- for some broadcom WNICs, there are also three drivers available: broadcom proprietary drivers, broadcom mac80211-based drivers (the
b43) and the brcmSmac- and brcmFmac drivers
- In contrast to Ethernet drivers, wireless drivers work in a Wireless Mode of Operation.
See what the Linux 802.11 driver for your hardware can and cannot do. Some drivers support only one mode: STA (also called station, client or managed mode) other drivers support multiple modes, some even simultaneously:
Limitations when combining multiple wireless modes of operation at the same time do exist.
Available Frequencies, Bands and Channels are subject to regulation in each state. Please see: http://git.kernel.org/cgit/linux/kernel/git/linville/wireless-regdb.git/tree/db.txt
Wireless drivers are pulled on a more or less regularly basis from wireless-testing and the OpenWrt-patches which are not mainlined yet are adjusted, see e.g. r36939. The package is called mac80211 in OpenWrt using work of the backports project, previously called compat-wireless or compat-drivers.
- wireless.tool.kismet – An IEEE 802.11 network detector, sniffer and intrusion detection system.
- wireless.tool.aircrack-ptw – A tool using a new method for breaking WEP Keys
- wireless.tool.aircrack-ng – Aircrack-ng is the next generation of aircrack with new features
- wireless.tool.horst – A scanning and analysis tool for IEEE 802.11 networks and especially IBSS (ad-hoc) mode and mesh networks (OLSR).
|NoCatAuth is the original "catch and release" captive portal implementation. It provides a simple splash screen web page for clients on your network, as well as a variety of authenticated modes. NoCatAuth is written in Perl.|
|NoCatSplash is an Open Public Network Gateway Daemon. It performs as a [captive/open/active] portal. When run on a gateway/router on a network, all web requests are redirected until the client either logs in or clicks "I Accept" to an AUP. The gateway daemon then changes the firewall rules on the gateway to pass traffic for that client (based on IP address and MAC address).
NoCatSplash is the C port of NoCatAuth
|NoDogSplash offers a simple way to open a free hotspot providing restricted access to an internet connection.
It is another alternative from NoCat which aims to offer captive portal solutions local to the router/gateway and a simplistic setup, user bandwidth control and basic auth/splash page. Nodogsplash is small, well tested, tailored for OpenWrt by its author and can be set up with only one or two config file changes, in contrast Chilli is more complete but complex to set up.
|The Wifidog project is a complete and embeddable captive portal solution for wireless community groups or individuals who wish to open a free Hotspot while still preventing abuse of their Internet connection.
Originally forked from NoCatSplash and NoCatAuth,ran at layer3 using iptables as opposed to chillispots layer2 solutions. Wifidog offers a simple package and none uci based configuration file. Users can be managed and controlled through the gateway and hooked into any custom user management. This solution creates a custom central user management system. You can build your own login page and user management system or use their own portal system.
|ChilliSpot is an open source captive portal or wireless LAN access point controller. It is used for authenticating users of a wireless LAN. It supports web based login which is today's standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication, authorization and accounting (AAA) is handled by your favorite RADIUS server.
Layer 2 solution using a RADIUS database for the backend user management and tracking. WARNING: This project may be dead. There hasn't really been much work on this project for years. Which leads to the next project.
||Layer 2 / Layer 3||http://www.coova.org/|
|CoovaChilli is an open source access controller for wireless LAN access points and is based on ChilliSpot. It is used for authenticating users of a wireless (or wired) LAN. It supports web based login (UAM) which is today's standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication, authorization and accounting (AAA) is handled by your favorite RADIUS server.
Built on top of Chillispot with several improvements and additions. Includes WISPr support, and much more. Main captive portal solution used in CoovaAP.
|PepperSpot is a captive portal or wireless LAN access point controller which support the IPv6 protocol. It supports web based login and it supports Wireless Protected Access (WPA). Authentication is handled by your favorite RADIUS server (over IPv4/IPv6).
Another Chillispot fork. Support for IPv6 protocol, Wireless Protected Access (WPA). Also RADIUS server backend.
This shall be, but is not, an exhaustive list of all packages in the OpenWrt repository regarding wireless stuff to play with. The installation is always the same
opkg install <package>, for documentation regarding the configuration and utilization, search for Howtos in this wiki or in the Internet.
|airpwn||23618||Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server.|
|collectd-mod-wireless||7321||wireless status input plugin|
|freifunk-watchdog||9546||A watchdog daemon that monitors wireless interfaces to ensure the correct BSSID and channel. The process will initiate a wireless restart as soon as it detects a BSSID or channel mismatch.|
|karma||8605||KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames.|
|kmod-wprobe||9408||A module that exports measurement data from wireless driver to user space|
|mdk3||49495||Tool to exploit wireless vulnerabilities|
|wavemon||32209||wavemon is a ncurses-based monitoring application for wireless network devices. Based on WEXT-API|
|wireless-tools||30236||This package contains a collection of tools for configuring wireless adapters implementing WEXT-API|
|Overall size = 486.450 Bytes|
|Overall size = 308.902 Bytes|
|Overall size = 561.201 Bytes|
|kmod-ath9k||155.684||This module adds support for wireless adapters based on Atheros IEEE 802.11n AR5008 and AR9001 family of chipsets.|
|kmod-ath9k-htc||113.441||This module adds support for wireless adapters based on Atheros USB AR9271 and AR7010 family of chipsets.|
|kmod-ath9k-common||104.136||Atheros 802.11n wireless devices (common code for ath9k and ath9k_htc)|
|kmod-ath5k||82.272||This module adds support for wireless adapters based on Atheros 5xxx chipset.|
|kmod-ath||10.059||This module contains some common parts needed by Atheros Wireless drivers.|
|kmod-b43||210.860||Kernel module for Broadcom 43xx wireless support (mac80211 stack)|
|kmod-mac80211||139.372||Generic IEEE 802.11 Networking Stack (mac80211)|
|kmod-cfg80211||93.696||cfg80211 is the Linux wireless LAN (802.11) configuration API.|
|iw||32.100||cfg80211 interface configuration utility|
|crda||9.627||The Central Regulatory Domain Agent serves one purpose: tell Linux kernel what to enforce. In essence it is a udev helper for communication between the kernel and userspace. You only need to run this manually for debugging purposes. For manual changing of regulatory domains use iw (
|libnl-tiny||13.529||This package contains a stripped down version of libnl|
|Due to r31954 tweaking the
- WEP (unsecure, cracked)
- WPA (sufficiently secure if strong passwords are used and WPS disabled)
- WPA2 (secure if strong passwords are used and WPS disabled)
- 802.11X (secure) Authentication of LDAP domain credentials. Can openwrt do this? With radius ?
You can find a couple of probed scenarios under →recipes.
- r37483 ath9k: add initial tx queueing rework patches This forces all packets (even for un-aggregated traffic) through software queues to improve fairness and stability
doc/howto/wireless.overview.txt · Last modified: 2013/10/17 09:07 by rwx