NetworkManager Issues

Dan Williams dcbw at redhat.com
Wed Nov 3 15:19:32 UTC 2004


On Tue, 2004-11-02 at 21:05 -0500, Jason 'vanRijn' Kasper wrote:
> On Tue, 2004-11-02 at 10:47 -0500, Amitabha Roy wrote:
> > Latest rawhide networkmanager is now asking for a password for a
> > wireless network
> > which I know is not encrypted!
> 
> How can I get NetworkManagerInfo to prompt me for a WEP key??  I can't
> for the life of me get this to work, and I REALLY want to....

Some of these issues are fixed in CVS already, but not in FC3 since FC3
is locked.  I'm going to release updates after FC3 is release that
should alleviate many of these issues.

Bear in mind though, that its very, very hard to figure out if you have
a link to the access point.  Some cards report a link even when they
could not possibly have authenticated and associated with the access
point (atmel cards using shared key with the wrong WEP key), other cards
stubbornly refuse to switch their ESSID no matter how many times you set
it (3 Orinoco-based cards I've tried), and others are just plain broken.
Windows Gets This Right in driverland by forcing some amount of
consistency among wireless drivers, but We Utterly Suck.  Its a slow
process getting fixes upstream into the kernel.

So, if we have a very hard time figuring out whether you have a link to
the access point or not, its hard to do networking stuff with any
certainty.  Were you doing this manually, you'd fumble around for 10
seconds figuring out that your WEP key was wrong, or that you set the
wrong authentication mode on the card, and you'd have to change it from
the command line.  That's a non-starter for users.  This Stuff Should
Just Work, which is what NetworkManager tries to do.  Do you ever see
Windows users configuring their wireless card with all the arcane
options that iwconfig has?  No, mostly its automatic, even more so on
Windows XP with Wireless Zero Config.

The process that NM goes through to figure out if you have a link the AP
or not is basically this:

while NOT ((valid reported AP MAC addres) && (no invalid encrypted
packets received))   <ie, we don't have a link>
{
	if (encrypted AP )
		Ask For A Key since what we have is wrong, since we failed to connect
already

	attempt to connect with ESSID and WEP key
}

Ad nauseum.  So evidentally, the card is reporting an invalid MAC
address, or it takes too long to negotiate a connection, or you're
getting invalid encrypted packets.  The invalid encrypted packets happen
when the card cannot decrypt a packet with the WEP key that's set.

This little check is to help with Open System mode, where you can still
connect to the AP event though the WEP key may be wrong.  Try it, your
card will still report a valid MAC address, even though you CAN'T SEND
OR RECEIVE TRAFFIC.  This is just plain broken, but its how Open System
works on Linux.  So, and I'm at a loss here, how do we figure out your
WEP key is wrong without waiting 30s for DHCP to time out?

That's why you don't use Open System.  It sucks.  Privacy concerns are
mostly unfounded, since anyone who can crack your WEP key doesn't really
care whether you're using Shared Key as long as you're using WEP.  If
you have WEP turned on, you're vulnerable.

Dan




More information about the test mailing list