Network & Security IT - Le RSI
Check news about my company
"new station" patch for hostapd
Requesting 802.1X authentication to a new host with hostapdDownload the patch for hostapd-0.4.9 : hostapd-0.4.9-newsta.diff
Download patched sources : hostapd-0.4.9-newsta.tar.gz
Author of the patch : Alexandre Fenyo (firstname.lastname@example.org) - © 2006
Platform : U*x
License : GPL
Documentation : HOSTAPD is an open tool that implements 802.1X Authenticator PAE (Port Access Entity). According to IEEE Std 802.1X-2004, the two-party conversation between systems performing an authentication process may be initiated by the Authenticator. In the wired case, It means that a switch may start the authentication process at the moment it detects an electrical signal on an Ethernet port, indicating that the port has become operable. The supplicant can also start the authentication process by sending an EAPOL-Start Frame (EAP over LAN), but many personal computer OSes do not send this first frame. The problem with the implementation of HOSTAPD in a wired environment is that it can not detect an electrical signal on an Ethernet port, since it only is a generic software implementation of 802.1X. Thus, HOSTAPD detects new devices looking for DHCP broadcasts. This means that you can not use fixed IP addresses with HOSTAPD on wired IEEE 802 media.
This patch implements a workaround to this situation : it adds a new command to the CLI, that starts the authentication process with a specified MAC address. So, you can automate the beginning of the authentication process using other informations than DHCP requests. For instance, you can snoop the network for new MAC addresses.
To get help, just type hostapd_cli with option -h :
root@localhost# hostapd_cli -h
usage: hostapd_cli [-p<path>] [-i<ifname>] [-hv] [command..]
new_sta <addr> new station to authenticate
Starting authentication with a new device :
root@localhost# hostapd_cli -i eth0 new_sta 00:50:56:C0:00:01
IP phone to analog phone interface circuit
At work, people usually do not get an analog phone line anymore since numeric or IP phones appeared. See how to connect your old analog device (modem, wireless DECT phone, Minitel) only using your IP phone to get the network access: read this.
Very low cost 20MHz signal generator for ham radio HF power amplifiers testing
Learn how to make a 20MHz HF signal generator using a few simple discrete analog components. Moreover, see how a 33 years old Tektronix oscilloscope gives better results than a numeric one bought recently. The whole story is here.
Split tunneling with Cisco
Enabling split tunneling with Cisco IPsec VPN Linux client software is always possible: read this.
Modelling IEEE Spanning Tree protocols using an UML Class Diagram
To really understand the dependencies between the many Spanning Tree protocols, I wrote an UML class diagram describing their relationships here.
Motorized camera controlled by the telephone
This project demonstrates how to drive a camera from the telephone line, any details here.
My Former Web Site
Since 04/26/01, I maintain a web site named www.fenyo.net. Since I made many updates recently, click here to access the original content, where old informations are kept. The photo is also from 2001 :-)
Agnes' Web Site
Agnes, my wife, maintains a web server where you will find plenty of original resources : free software from her own production, probability courses, exams' corrections, photos of her trips in the US... Do not hesitate to visit her site, she will be glad to see her access.log growing !
Canardou's Web Site
Canardou has always been for me a friend that really matters, helping me in every situation. According to informations currently available, Canardou could be affected by the H5N1 virus. So, for a few weeks, Public Health Bird Regulations have made me forbid Canardou to walk away from our appartement. Feel free to take news about him from his personal home page.