wpa_supplicant & wpa_cli工具基于bash的脚本分析

1, 概述wpa_supplicant是wifi客户端（client）加密认证工具，和iwconfig不同，wpa_supplicant支持wep、wpa、wpa2等完整的加密认证，而iwconfig只能支持wep。,和wpa_supplocant相对应的，ap端的加密认证工具为hostapd。wpa_supplicant运行于后台，它需要借助控制台工具wpa_cli来进行手动操作。 2, wpa_supplicant配置文件 2.1 Config文件 在wpa_supplicant源码目录下，存在参考的配置文件wpa_supplicant.conf，几乎包含里所有的配置项。我们的配置文件不需要这么复杂，开始测试阶段，我只写最简单的配置文件，其它手动操作先。在/etc/下建立配置文件wpa_supplicant.conf，内容如下： ctrl_interface=/var/run/wpa_supplicant update_config=1 //使能配置更改。 2.2 wpa_supplicant参数 wpa_supplicant可以通过如下命令查看其所有操作参数： #wpa_supplicant -h usage:wpa_supplicant [-BddhKLqqstuvW] [-P] [-g] \-i -c [-C] [-D] [-p] \[-b] [-f] [-e] \[-o] [-O] \[-N -i -c [-C] [-D] \[-p] [-b] ...] drivers:athr = Atheros Linux driveroptions: -b = optional bridge interface name -B = run daemon in the background -c = Configuration file -C = ctrl_interface parameter (only used if -c is not) -i = interface name -d = increase debugging verbosity (-dd even more) -D = driver name (can be multiple drivers: nl80211,wext) -e = entropy file-g = global ctrl_interface -K = include keys (passwords, etc.) in debug output -t = include timestamp in debug messages -h = show this help text-L = show license (GPL and BSD) -o = override driver parameter for new interfaces -O = override ctrl_interface parameter for new interfaces -p = driver parameters-P = PID file -q = decrease debugging verbosity (-qq even less) -v = show version-W = wait for a control interface monitor before starting -N = start describing new interface example:wpa_supplicant -Dwext -iwlan0 -c/etc/wpa_supplicant.conf 3, wpa_cli参数 status：列出目前的联网状态。 list：列出所有备选网络。目前正连接到的网络会标[CURRENT]，禁用的网络会标[DISABLE]。 add_network：增加一个备选网络，输出新网络的号码（这个号码替代下文的[network_id]）。注意新网络此时是禁用状态。 set_network [network_id] ssid “Your SSID”：设置无线网的名称（SSID） set_network [network_id] key_mgmt WPA-PSK：设置无线网的加密方式为WPA-PSK/WPA2-PSK set_network [network_id] psk “Your Password”：设置无线网的PSK密码 enable_network [network_id]：启用网络。启用后如果系统搜索到了这个网络，就会尝试连接。 disable_network [network_id]：禁用网络。 save_config：保存配置 scan : 扫描热点 scan_result:把扫描结果输出到标准输出中 4, wpa_supplican脚本分析 #!/bin/sh TOPDIR=`pwd` //获取当前路径 MODULE_PATH=${TOPDIR}/lib/modules //driver modules路径 WPA_SUPPLICANT=${TOPDIR}/sbin/wpa_supplicant //wpa_supplicant 工具 WPA_CLI=${TOPDIR}/sbin/wpa_cli //wpa_cli工具 SIGMA_DUT=${TOPDIR}/sbin/sigma_dut //wifi系统认证工具 IW=${TOPDIR}/sbin/iw //wifi 配置工具 WFA_SCRIPTS_PATH=${TOPDIR}/home/atheros/Atheros-P2P/scripts //wifi配置文件路径 P2P_ACT_FILE=${WFA_SCRIPTS_PATH}/p2p-action.sh P2P_DEV_CONF=${WFA_SCRIPTS_PATH}/p2pdev_dual.conf WLAN_ACT_FILE=${WFA_SCRIPTS_PATH}/wlan-action.sh WLAN_DEV_CONF=${WFA_SCRIPTS_PATH}/empty.conf //wpa_supplicant 配置文件 WPA_SUPPLICANT_ENTROPY_FILE=${WFA_SCRIPTS_PATH}/entropy.dat ETHDEV=eth0 //以太网设备接口 WLANDEV= //wlan 设备接口 P2PDEV=p2p0 //p2p设备接口 #root 权限检查 USER=`whoami` if [ $USER != "root" ]; then echo You must be 'root' to run the command exit 1 fi ####usb, pci, sido接口设备检查。 DEVICE_USB=`lsusb | grep "0cf3:9378"` DEVICE_PCI=`lspci | grep "Atheros Communications Inc. Device 003e (rev 30)"` DEVICE_PCI1=`lspci | grep "Qualcomm Atheros Device 003e (rev 30)"` DEVICE_SDIO=`dmesg | grep "SDIO"` if [ "$DEVICE_PCI" = "" -a "$DEVICE_PCI1" = "" -a "$DEVICE_USB" = "" -a "$DEVICE_SDIO" = "" ]; then echo You must insert device before running the command exit 2 fi rfkill unblock all //启动无线网络 ## install driver echo "=====Install Driver=====" insmod $MODULE_PATH/compat.ko insmod $MODULE_PATH/cfg80211.ko // Linux 802.11配置API insmod $MODULE_PATH/wlan.ko //设备驱动 sleep 3 ##设置wlan接口 if [ "$WLANDEV" = "" ]; then WLANDEV=wlan0 WLANPHY=phy0 fi sleep 1 ###启动wap_supplicant应用作为后台程序， # -i, 设备接口名称， # -D 驱动名称（nl80211,wext）， # -c 配置文件 # -N 创建新的文件描述符 # -e entropy file ${WPA_SUPPLICANT} -Dnl80211 -i ${WLANDEV} -c ${WLAN_DEV_CONF} -e ${WPA_SUPPLICANT_ENTROPY_FILE} & sleep 1 5, wpa_cli脚本分析 #!/bin/sh ###如下三个参数是执行此脚本需要输入的参数 SECURITY=$1 // 认证方式选择wpa/wpa2 SSID=$2 // 无线名称 PASSPHASE=$3 //无线密码 TOPDIR=`pwd` //获取当前路径 ##设置wlan接口 if [ "$WLANDEV" = "" ]; then WLANDEV=wlan0 WLANPHY=phy0 fi WPA_CLI="${TOPDIR}/sbin/wpa_cli -i $WLANDEV" //定义wpa_cli控制的wlan接口 ifconfig $WLANDEV 192.168.1.4 netmask 255.255.255.0 //设置静态IP if [ "${SECURITY}" = "open" ]; then //判断认证方式是否为Open方式。 echo "=============Set ${SECURITY} Security=============" ${WPA_CLI} remove_network all //删除对应wlan接口下面的网络 ${WPA_CLI} add_network //添加新的网络，一般返回的ID为0 ${WPA_CLI} disable_network all // ${WPA_CLI} set_network 0 ssid \"${SSID}\" //设置网络名 ${WPA_CLI} set_network 0 priority 0 //设置wlan接口优先级 ${WPA_CLI} set_network 0 key_mgmt NONE //无密码设置 ${WPA_CLI} set_network 0 auth_alg OPEN //认证方式设置 ${WPA_CLI} set_network 0 scan_ssid 1 // scan with SSID-specific Probe Request frames (this can be used to find APs that do not accept broadcast SSID or use multiple SSIDs this will add latency to scanning, so enable this only when needed) ${WPA_CLI} enable_network all ${WPA_CLI} reassociate //重新连接 elif [ "${SECURITY}" = "wpa2" ]; then echo "=============Set ${SECURITY} Security=============" ${WPA_CLI} remove_network all ${WPA_CLI} add_network ${WPA_CLI} disable_network all ${WPA_CLI} set_network 0 proto "RSN" //list of accepted protocols, WPA,RSN ${WPA_CLI} set_network 0 ssid \"${SSID}\" ${WPA_CLI} set_network 0 priority 0 ${WPA_CLI} set_network 0 key_mgmt WPA-PSK // list of accepted authenticated key management protocols, WPA-PSK WPA-EAP ${WPA_CLI} set_network 0 pairwise CCMP //list of accepted pairwise (unicast) ciphers for WPA, CCMP, TKIP ${WPA_CLI} set_network 0 psk \"${PASSPHASE}\" ${WPA_CLI} set_network 0 auth_alg OPEN // list of allowed IEEE 802.11 authentication algorithms, OPEN, SHARED,LEAP ${WPA_CLI} set_network 0 scan_ssid 1 ${WPA_CLI} enable_network all ${WPA_CLI} reassociate else echo "=============Disconnect WLAN=============" ${WPA_CLI} disconnect fi