Functional Linux 802.11G Centrino Driver Released

sixstring355 writes "Intel has released the first functional version of its Centrino/IPW2200 chipset driver. for Linux (kernel 2.6.4+). Posts to the ipw2100/2200 developer mailing list report connection speeds of 450KB/s. See the feature list for more details."

Nice start

[viniosity]

WEP is not completely hooked up yet, so while you can associate with an encrypted AP, you won't be able to communiate (no DHCP, no data, etc.)

Unfortunately, without WEP (are they shooting for 40bit or 128bit?) it won't be much good for everyday use. Still, a great step in the right direction. Also, headline writer should note that it supports 802.11b as well as 802.11g..

Re:Nice start

[swillden]

Unfortunately, without WEP it won't be much good for everyday use.

WEP isn't much good for everyday use. WEP creates complexity because you need to deploy keys everywhere, reduces performance -- sometimes by as much as half -- and is very easy to break, so the security it provides is mostly illusion. I'm somewhat of a security expert (as in, it's my day job, and they haven't fired me yet), and I run my home network unencrypted, but with the wireless part firewalled off, with the AP configured to do MAC address filtering and not to broadcast the SSID. That's just about as secure as WEP, is much easier to manage and doesn't slow down my data transfers.

That said, the driver in question uses the HostAP infrastructure, which includes a WPA supplicant, so when the security is all hooked up, it should not only have WEP, but it will also support WPA and WPA2, along with either PSK or any of the zillion EAP authentication methods, for centrally-manageable, strong security.

IMO, the driver's security is perfectly acceptable for home use now, and when they get it all hooked up, it'll be just fine for enterprise use as well. Good stuff!

Re:Nice start

[swillden]

And so will the other countermeasures I mentioned, just about as effectively as WEP, and with less overhead.

The Myth of Easy WEP Cracking

[Karpe]

Please check out this [oreillynet.com].

The fact is that WEP is better than no WEP, that if you use WDS you gotta use WEP instead of WPA because of the MAC addresses, and that you should still use higher level encryption layers anyway for sensitive information.

Deploying WEP is easy (and I don't even mean using it with the Wireless wizard in XP SP2 that will deploy passwords for you).

Re:Nice start

[Blittzed]

No offence, but if you think masking an SSID and using MAC filtering is a defence, then you shouldn't be calling yourself a security expert. Masked SSID's can still be sniffed (AirJack), and MAC addresses can be spoofed. Sure maybe not at the same time that you use it, but are you on there permanently connected with that client MAC 24/7? Even if you are, it still won't necessarily protect you. I can use a deauth attack against your client, then spoof your MAC to allow my client to connect to your AP. This i

Re:Nice start

[swillden]

No offence, but if you think masking an SSID and using MAC filtering is a defence, then you shouldn't be calling yourself a security expert.

It's an obstacle, not a defense. But, then, so is WEP. Anyone cluefull enough to sniff your SSID and spoof their MAC is cluefull enough to run airsnort, etc., and crack your WEP key. The WEP cracking takes longer, of course, so WEP will probably defeat casual but smart drive-by attackers. Anyone willing to hang around for a while can find you WEP key and anyone w

Re:Nice start

[Blittzed]

I agree with you that unless you are rotating your key, either through a centralised key server, or WPA, then wi-fi shouldn't be considered. VPN's however are less secure. Layer 2 vulnerabilities mean that a VPN can be bypassed using tools such as Kracker-Jack. Seen it, done it. Scared some very large organisations IT security managers by showing them...

Re:Nice start

[swillden]

VPN's however are less secure. Layer 2 vulnerabilities mean that a VPN can be bypassed using tools such as Kracker-Jack.

What are you talking about? No decent VPN should make *any* assumptions about the link layer. A VPN has to assume that the packets are traversing networks that are entirely under the control of the attacker. Whatever kind of low-level spoofing you want to try, if the VPN does strong mutual authentication end-to-end, the most you should be able to accomplish is denial of service.

For

Re:Nice start

[Blittzed]

Sorry, I should have been more specific. Kracker Jack is used to perpetrate a MITM attack, this is how the VPN is circumvented. It goes something like this:

When a client is using a VPN solution, it sends a modified DHCP request with its public key; the VPN gateway inserts the clients public key into the DNS server; the client requests the gateways public key from the DNS server, client receives the key and the tunnel is then established. Kracker-Jack works by firstly initiating a deauthentication attack a

Re:Nice start

[swillden]

Ick. What VPN is that, and who designed it? There's a reason public keys shouldn't be trusted without some sort of certification or verification...

Re:Nice start

[gl4ss]

is it good practice to trust WEP at all anyways?
wouldn't it be better to treat the air just as insecure as any connection that would go through networks you know to be tapped?

(ssh tunnels & etc..)

Re:Nice start

[sixstring355]

True, although the IPW2100 chipset driver supports 802.11b and has been functional for a while. This marks the first release of an Intel driver that supports the IPW2200 chipset, which is also the first driver supporting the 802.11g standard in addition to the 802.11b standard.

rfmon

[adamshelley]

let me know when you have released a ipw2100 driver that does rfmon mod and channel scanning.

k plz thx.

Re:rfmon

[mahdi13]

They do, the latest firmware supports rfmon.
I haven't tried it in the last couple months since it was first implemented in the ipw2100 driver and firmware, but it worked (with minor packet corruption, I think that has been redueced in the last couple releases)

Great! Now what about...

[Blakey Rat]

This is great news! Now when are we going to get one for OS X?

TROLL

[vasqzr]

Maybe when you get a Centrino-based laptop that runs OS X

Why WEP?

[cpeterso]

Why are they even bothering with WEP? It is known to be easily crackable. They should just skip ahead to WPA, which is secure (for now ;)

Re:Why WEP?

[David Byers]

They're bothering with WEP because a lot of people use it and because WEP can be quite useful in many situations, as long as you know its limitations. WEP offers an appropriate level of security for many users.

Security, even wireless security, isn't black and white. It comes in shades of gray (not to mention mauve and chartreuse), and all of them are appropriate for some situation or other.

Re:Why WEP?

[Curtman]

Its also worth noting that its possible to set up a VPN on top of WEP, so that once an attacker compromises your WEP security they still have to get inside your ssh tunnel or whatever. Sure WEP isn't very secure, but neither is IPv4, and we get along just fine anyhow most of the time.

It's a source code release!

[Spoing]

...kinda.

The firmware that runs on the card itself is still a closed source binary. Think of it as the same as a system board BIOS upgrade, though like the microcode updates for your processor it is loaded each time into the chipset before using it. Unlike the processor updates, the chipset firmware is required to use the card -- at all.

Here's something to fight over, though; [sourceforge.net]

1. This Software is licensed for use only in conjunction with Intel component products. Use of the Software in conjunction with

Re:It's a source code release!

[Omega Hacker]

> The firmware that runs on the card itself is still a closed source binary.

Talk about failure to pick your battles. A bit of real-world info: every single WiFi card on the planet has closed-source firmware. No exceptions. The difference is that the Intel 2x00 cards save money on manufacturing (and thus make the cards cheaper for YOU) by not storing the firmware on an extra flash chip on the board itself.

Take a look at the board of MOST WiFi cards. You will see either 3 or 4 chips (though some new non-PC-compatible "chipsets" manage to totally integrate this into a single chip). Chip #1 is the baseband (MAC). Chip #2 (if not integrated into the MAC, which is a very recent thing) is the radio section (upconverter/downconverter). Chip #3 is the SRAM needed to store in-flight packets. Chip #4 is the flash chip containing the closed-source firmware. The Intel 2x00 cards save money by letting the host processor and infrastructure do what they're really good at: storing and moving data. Instead of loading firmware out of flash, the card waits for the host to load the firmware as the driver boots up.

No as for the desirability of open-source firmware... If you plan on telling me that you intend to take this open-source firmware and modify it so your card can do different things with its radio, pay me no mind while I laugh in your face.

I'm developing firmware for a hardware product right now, and can tell you that there is not the slightest chance that anyone outside the designers of the hardware can make firmware do anything other than what it was designed to do.

First of all you have the hardware itself, which even the software will be useless for as far as getting the slightest clue what's really going on. Second, firmware for such devices, *especially* high-speed devices like WiFi cards, is more timing-critical than you can even begin to imagine. The slightest change will make it cease to work in ways even the original author most likely will not understand (speaking from daily experience here).

Sorry, but if you want open-source firmware, you're going to have to design your own chip.

(Not-Disclaimer: I have no relationship with Intel, their product, or this driver project, except that I plan on buying a 2x00 at some point to replace the driverless/worthless BCM4306 card that came with my laptop)

Re:It's a source code release!

[JohnGalt00]

Parent is very informative. As extra detail, FCC regulations prohibit open source firmware in 802.11. They require than non-FCC-licensed radio operators (wi-fi users) be unable to modify the device to create interference. This means that because of the FCC regulations, they can't open source the part of the code that controls the radio's power output and frequency. The atheros guys solved this by creating open source code, and then a binary-only hardware abstraction layer. Supposedly there is some under the table work on replacing the HAL with some open source code. Of course, that would be illegal in the US *wink*.

Re:It's a source code release!

[Brian Blessed]

FCC regulations prohibit open source firmware in 802.11

Is this really true? This comment [slashdot.org] seems to suggest otherwise:

Every one of these 802.11b and 802.11a wireless networking cards that I've pried the case from includes a hardware bandpass filter. This is true even for the manufacturers who refused (at first) to repease drivers or specs.

- Brian

Re:It's a source code release!

[randyflood]

OK. Let's think about this for a second. You've got Wi-Fi developers who take source code and compile it into Kernal module and such. Then you have Wifi users, who Load kernal modules and use Wifi to access the Internet. For purposes of this discussion, I'm going to imagine that I am a manufacturer of wireless devices. I'm not, but I'm trying to put myself in their position, so I can think this through.

If I was a device manufacturer, and I released my source code that allowed someone to operate my har

Re:It's a source code release!

[Brandybuck]

The point isn't that the firmware is closed, but rather that the firmware A) isn't on the hardware and B) isn't redistributable.

What this means is that ONLY Intel has the capabilities to write this driver. For everyone else it's illegal. No porting to to other operating systems. As a FreeBSD user, this announcment is completely worthless.

Also, it means you can't fix any bugs in the firmware. While this isn't going to be something very many people will be able to do, there are enough of them that we don't

Re:It's a source code release!

[Spoing]

Thanks for the follow up. It's what I would have written (if I were faster and more clever).

Re:It's a source code release!

[Anonymous Coward]

God I love the Internet.

There is so much inaccurate crap spewed by condescending assholes who think think it is accurate.

Repeat the following until you understand:

The firmware does not execute on the PC's CPU. The firmware is not a driver a kernel module, or portion thereof. The firmware is executed entirely within WiFi card itself. Therefor it matters not what operating system (FreeBSD, Linux, Windows, BeOS, etc) or CPU architecture (x86, Mips, Sparc, PPC, etc) is used. I'm a double dumb ass for spewin

Re:It's a source code release!

[nathanh]

No as for the desirability of open-source firmware... If you plan on telling me that you intend to take this open-source firmware and modify it so your card can do different things with its radio, pay me no mind while I laugh in your face.

I think you're unfairly trivialising the need for FLOSS friendly firmware.

The actual problem is that the licensing on the firmware often prevents redistribution. This means you can't just install a distribution like Debian and start using your wireless card. There

Re:It's a source code release!

[ratboy666]

"Omega Hacker"

Of course ONLY you could conceive of the functionality locked within hardware.

Of course ONLY the manufacturer could supply good firwware for an embeded system.

Of course we can't imagine the timing requirements.

What arrogance!

Let you in on a little secret -- there are better programmers out there.

Why not loosen up, and try supporting the hacker ethos?

Ratboy

GREAT!

[agent dero]

Now I just need one of those damn Centrino laptops...

Anyone?

Isn't 450KBps too slow?

[cylcyl]

802.11G should support up to 54Mbps (6.6+MBps), isn't 450KBps (3.6Mbps) a little low. slower than 802.11b

Re:Isn't 450KBps too slow?

[Anonymous Coward]

Ran out of mod points right before modding this down so I'll just respond instead...

read the feature list [sourceforge.net] listed in the article. It mentions that it only connects in 802.11b mode, 802.11g support is still in the todo section...

Re:Wrong section?

[Carewolf]

It is: notice the 4 icons besides the story? They represents the sections this story is in.

Grr..

[addaon]

Always forgetting about us Linux PPC folk! It only supports x86!

Oh, wait. Never mind.

Re:Grr..

[Nasarius]

Broadcom really needs to be blackmailed into releasing Linux drivers (or better, the hardware specs). That way we can have Linux drivers for the Airport Extreme and other Broadcom cards [hp.com]. The strange thing is that they have released Linux drivers for some of their Ethernet cards.

450KB/s

[jovlinger]

that's what... 4000kbs? Isn't that within the speed expected from 802.11b?

Linux Installation Reports for Centrinos

[wehe]

There are many Linux installation reports for Centrino based laptops and notebooks [tuxmobil.org] available. The older manuals cover the Centrinos with Banias CPU. But some of the new cover the current Centrino generation with Dothan CPU already.

Re:This is why Intel, not Broadcom, will rule

[mahdi13]

What I wanna know is, why the hell do companies like Broadcom still get away with ignoring Linux users? What can we do to pressure them into releasing drivers?!

Don't buy their products?
Seriously, if they start to notice that their sales are dropping and they see "Don't buy Broadcom" all over Linux sites...someone there might take the hint...