You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
freshtomato-arm/release/src-rt-6.x.4708/router/nas_arm_714
..
nas
Makefile
README

README

NAS is a minimal VxWorks and Linux compatible Network Authentication
Server that implements 802.1X port authentication (RADIUS only) and
Wi-Fi Protected Access (WPA) for 802.11 networks (Broadcom drivers only).

The code base is split between common code (nas.c and wpa.c), driver 
specific code (nas_wl.c), application specific code (nas_wksp.c), and
OS specific code (nas_vx.c and nas_linux.c).

Major features yet to be implemented include:

* RADIUS Accounting. See 802.1X Internet Draft 20.
* Mutual authentication (802.11 IBSS mode).
* Limited network access (e.g., via 802.1Q VLAN)

=====
NAS/Driver interface:

NAS and the Broadcom driver communicate using two mechanisms: ioctls and
802.3/SNAP frames.  Ioctls are used by NAS to query or setup driver states.
802.3/SNAP frames are generated by the driver when it needs to asynchronously
indicate information to NAS. 802.3/SNAP frames are also used to encapsulate
802.1x frames starting from release 3.41.xx. NAS listens on a socket for
these indications and encapsulated 802.1x frames.

-----
The following ioctls are used by NAS:

  interface discovery:
	WLC_GET_MAGIC
	WLC_GET_VERSION
	WLC_GET_INSTANCE

  per interface initialization:
	(clear stuff)
	WLC_SET_EAP_RESTRICT (true)
	WLC_SET_WEP_RESTRICT* (true)
	WLC_SET_KEY (clear all default keys)
	WLC_SCB_DEAUTHORIZE (broadcast addr)
	(set up)
	WLC_SET_WSEC*
	WLC_GET_WSEC (verify that SET took)
	WLC_SET_WPA_AUTH*

  during authentication:
	WLC_SCB_AUTHORIZE
	WLC_SCB_DEAUTHORIZE
	WLC_SET_KEY
	WLC_GET_KEY_TXIV
	WLC_SCB_DEAUTHENTICATE_FOR_REASON
	WLC_TKIP_COUNTERMEASURES (toggle on or off)

  on exit:
	WLC_SET_EAP_RESTRICT (false)
	WLC_SET_WEP_RESTRICT* (false)
	WLC_SET_KEY (clear all default keys)
	WLC_SCB_DEAUTHORIZE (broadcast addr)

  wireless bridging:
	WLC_WDS_GET_REMOTE_HWADDR
	WLC_WDS_GET_WPA_ROLE
	get "wds_wpa_role"
	set "wds_wpa_role"

  *These are followed by gratuitous WLC_GET_SSID/WLC_SET_SSID pair.


-----
Details of the ioctls:

Most ioctl calls use wl_ioctl(), defined e.g. in src/router/shared/wl_vx.c as:

	int wl_ioctl(char *pDevName, int cmd, void *buf, int len)

"buf" is a structure which is specific to each call.  Any portion of buf not
explicitly set on input should be zero.  Structures and values not explicitly
defined below are defined in src/include/wlioctl.h.

WLC_GET_MAGIC
	buf:
	input:
	output:
	return:

WLC_GET_VERSION
	buf:
	input:
	output:
	return:

WLC_GET_INSTANCE
	buf:
		int 

	input:
		none

	output:
		unit number/network interface instance

	return:
		0

WLC_SET_EAP_RESTRICT
	buf:
		int

	input:
		buf = TRUE
			require 802.1X authentication before STA can pass data frames
		buf = FALSE
			allow STA to pass data frames without 802.1X authentication

	output:
		none

	return:
		0

WLC_SET_WEP_RESTRICT
	buf:
		int

	input:
		buf = TRUE
			require all data frames to be encrypted
		buf = FALSE
			allow unencrypted data frames

	output:
		none

	return:
		0

WLC_SET_KEY:
	buffer:
		wsec_key_t buf

	input:
		buf.index = key index (0-3)
		buf.ea = address of STA (if pairwise key)
		buf.flags = WSEC_PRIMARY_KEY
			key is for transmit and receive 
		buf.flags = 0
			key is for receive only
		buf.len = key length in bytes
			when adding a key
		buf.len = 0
			to delete a key
		buf.data = key data

	output:
		none

	return:
		0 success
		-1 invalid key index or interface currently disabled

WLC_SCB_DEAUTHORIZE:
	buf:
		struct ether_addr

	input:
		buf = address of STA to be deauthorized

	output:
		none

	return:
		0

WLC_SET_WSEC
	buf:
		int

	input:
		buf = any combination of TKIP_ENABLED, AES_ENABLED, WEP_ENABLED

	output:
		none

	return:
		0 success
		-1 unsupported algorithm

WLC_GET_WSEC
	buf:
		int

	input:
		none

	output:
		buf = any combination of TKIP_ENABLED, AES_ENABLED, WEP_ENABLED

	return:
		0 success

WLC_SET_WPA_AUTH
	buf:
		int

	input:
		buf = one of WPA_AUTH_DISABLED, WPA_AUTH_PSK, or WPA_AUTH_UNSPECIFIED

	output:
		none

	return:
		0

WLC_SCB_AUTHORIZE
	buf:
		struct ether_addr

	input:
		buf = address of STA to authorize

	output:
		none

	return:
		0

WLC_GET_KEY_TXIV:
	buf:
		union {
			int index;
			wsec_iv_t iv;
		} buf;

	input:
	    buf.index = index of key to query (0-MAXKEYS)

	output:
		buf.iv = current value of the transmit sequence counter for key
			specified by buf.index

	return:
		0 success
		-1 invalid key index

WLC_SCB_DEAUTHENTICATE_FOR_REASON
	buf:
		scb_val_t

	input:
		buf.val = reason code
		buf.ea = address of STA to be deauthenticated

	output:
		none

	return:
		0

WLC_TKIP_COUNTERMEASURES
	buf:
		int

	input:
		buf = TRUE
			start countermeasures
		buf = TRUE
			stop countermeasures

	output:
		none

	return:
		0 success
		-1 TKIP not currently enabled

WLC_WDS_GET_REMOTE_HWADDR
	buf:
		struct ether_addr

	input:
		none
	
	output:
		buf = wireless bridge's remote endpoint's mac address

	return:
		0 success
		-1 the interface is not WDS
		
WLC_WDS_GET_WPA_ROLE
	buf:
		int[2]

	input:
		buf = wireless bridge's remote endpoint's mac address
	
	output:
		buf[0] =  <role>

			role: 	0 - local endpoint is WPA supplicant
				1 - local endpoint is WPA authenticator

	return:
		0 success
		-1 the interface is not a wireless bridge

get "wds_wpa_role" (using WLC_GET_VAR ioctl)
	buf:
		char[N]

	input:
		buf = "wds_wpa_role<null><6 bytes remote endpoint's mac address>"

	output:
		buf[0] = <role>

			role: 	0 - local endpoint is WPA supplicant
				1 - local endpoint is WPA authenticator

	return:
		0 success

set "wds_wpa_role" (using WLC_SET_VAR ioctl)
	buf:
		char[N]

	input:
		buf = "wds_wpa_role<null><6 bytes remote endpoint's mac address><1 byte role>"
			role: 	0 - local endpoint is WPA supplicant
				1 - local endpoint is WPA authenticator
				255 - endpoint with lower mac address is WPA supplicant

	output:
		none

	return:
		0 success

-----
Driver communicates the indication messages to the NAS, message format is  

Actual message data follows the header:

Data = (char *(wlc_secpvt_data + 1));

Ethernet protocol type used is ETHER_TYPE_BRCM (0x886c). Frames exchanged are ETHERNET II frames.

(this data structure is defined in include/wlioctl.h)

typedef struct wl_secpvt_data {
        struct ether_header eth; /*Regular ethernet header with proto type 0x886c */
        bcmeth_bcm_hdr_t bcm_hdr;
        /* user specific Data*/
        uint8  version;
        uint8  msg_type;
        char ifname[WL_WPA_MSG_IFNAME_MAX]; /* name of the packet incoming interface*/
}wl_secpvt_data_t;

(this common data structure is defined in proto/bcmeth.h)

typedef  struct bcmeth_bcm_hdr
{
        uint16  subtype; /* Vendor specific..32769*/
        uint16  length; 
        uint8   version; /* Version is 0*/
        uint8   oui[3]; /* Broadcom OUI*/
        /* user specific Data */
        uint16  usr_subtype;
} PACKED bcmeth_bcm_hdr_t;

vendor_long is defined as 32769 . to specify this as a vendor specific subtype.
length field indicates the length of the actual frame from this field.
version field is set to 0 BCMILCP_BCM_SUBTYPEHDR_VERSION
oui is broadcom OUI. 0x00/0x10/0x18
sub_type defined in bcmeth_bcm_hdr data structure identifies different messages.

#define BCMILCP_BCM_SUBTYPE_RESERVED    0
#define BCMILCP_BCM_SUBTYPE_WPA         1
#define BCMILCP_BCM_SUBTYPE_EAPOL       2
#define BCMILCP_BCM_SUBTYPE_SES         3

once the sub_type is identified,

version: indicates the version of this user specific data.

msg_type: this has meaning only when sub_type is BCMILCP_BCM_SUBTYPE_WPA 

/* Type field values for the WL WPA subtype  driver messages */
#define WLC_ASSOC_MSG           1
#define WLC_DISASSOC_MSG        2
#define WLC_PTK_MIC_MSG         3
#define WLC_GTK_MIC_MSG         4