On Wed, Apr 06, 2022 at 02:09:10PM +0200, Andrej Shadura wrote: > Last week I noticed that wpa-supplicant on Debian/kFreeBSD hasn’t been successfully built for a couple of years (!). Part of that was the unavailability of Qt5 on kFreeBSD, but the key factor apparently was that I enabled WPA 3 features (OWE, SAE) and also mesh networking and FILS, which apparently depend on IEEE80211W which seems to be supported on Linux only. Eventually, I was able to get it to build, but I had to disable all of these features. > Is this a known issue, and is there a plan to get these features to work? Can you please provide some more details on what was failing to compile_ Surely Qt5 would not having anything to do with wpa_supplicant build itself, but for wpa_gui (and even that should not require Qt5), so I'm mostly interested in the PMF (IEEE 802.11w) related issues (but that seems to be only on FreeBSD wishlist for features, so not much chance to do anything in wpa_supplicant before the kernel functionality is available). WPA3 itself requires PMF to be used, so for that, there needs to be PMF support in the driver. I'm not familiar with FreeBSD functionality in this area, so I cannot comment on the driver interface changes for this, but based on a quick web search, PMF seems to be only on FreeBSD wishlist for features, so not much chance to do anything in wpa_supplicant before the kernel functionality is available. OWE and SAE do not actually mandate use of PMF, so it should be possible to build and use those for testing purposes even without any PMF support. That said, SAE will require pretty low level driver functionality changes since it is done as part of the IEEE 802.11 Authentication frame exchange which is something that driver_bsd.c does not seem to support and would likely require significant extensions in the kernel interface design. OWE might be easier to implement since it needs simpler addition and reporting of information elements with Association Request/Response frames. Mesh BSS (802.11s) support seems to be under development for FreeBSD. It requires significant kernel interface changes as well, so would be far from trivial to get working with wpa_supplicant, I'd assume. FILS authentication has similar constraints with SAE. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
