O'Reilly Book Excerpts: Wireless Hacks
Enabling BSS Master Mode on Hermes-Based Radios
Editor's note: Rob Flickenger is back with yet another excerpt from his latest book, the recently released Wireless Hacks. This week, Rob shows you what you'll need to do to operate a Hermes-based radio card — the kind found in the original AirPort AP — as a BSS master.
Hack #61. Hermes AP
Hermes-based radio cards (like the tremendously popular but confusingly named Lucent/Orinoco/Avaya/Proxim silver and gold cards) are notoriously difficult to operate in BSS [Hack #12] master mode. By design, the cards themselves are actually not able to provide BSS master services on their own. You might find this surprising, since they are the radio card embedded in the original AirPort AP, as well as the RG1000, RG1100, AP1000, and many others. Before these cards can operate as a BSS master, they need additional firmware uploaded to the card. This tertiary firmware is uploaded to the card's RAM, and is lost if the card loses power. To make matters even more difficult, the firmware in question is licensed software, and can't legally be distributed by anyone but the manufacturer.
The ingenious Hermes AP project (http://hunz.org/hermesap.html) addresses both of these tricky issues. It consists of a set of modified drivers, a utility for uploading the tertiary firmware, and a simple script that downloads the firmware from Proxim's public FTP server. Hermes AP isn't trivial to get running, but can be the perfect piece of software if you absolutely need a host-based Orinoco AP.
To get Hermes AP running, you need a kernel with Dev FS enabled. This allows the kernel to manage the /dev directory, dynamically creating device files for every
physical device that the kernel supports. Run a
make menuconfig, and select Code maturity level
options → Prompt for development and/or incomplete
code/drivers. Now go back to the main menu, and under
File systems enable /dev file system support, as
well as Automatically mount at boot. When running Dev
FS, it's also a good idea to disable /dev/pts file system
support, as Dev FS will automatically manage your ptys for you.
Before you recompile your kernel, copy all of the source code under the drivers/ directory from Hermes AP over top of the existing drivers in the kernel (right over top of the files in linux/drivers/net/wireless/). Now build your kernel and modules as you normally would, and reboot.
Your Orinoco card should come up as usual with the new driver, but won't support BSS Master mode yet. First, cd to the Hermes AP source directory. To download a copy of the tertiary firmware from Proxim's site, run the hfwget.sh script in the firmware/ directory. Next, build the hfwload utility by running make in the hfw/ directory. This utility uploads the tertiary firmware to your card. Copy the utility and the card firmware somewhere handy (I keep mine in /usr/local/hermesap) and run a command like this at boot time, before the interface comes up:
# cd /usr/local/hermesap; ./hfwload eth1 T1085800.hfw
Note that the card must not be configured as up when you load the firmware;
if it is already up, an
ifconfig eth1 down will bring it
down for you. If all goes well, an iwconfig should show
that eth1 is in Master mode! You can now configure the
radio with an ESSID, WEP keys, and any other features as you normally would.
Hermes AP is still beta software, but it seems to run quite well. Personally, I still prefer Host AP and a good Senao/EnGenius card to Hermes AP (as the radio cards are more powerful and sensitive, and Host AP is under active development and sports more fun features) but for some situations, Hermes AP can be ideal.
Return to the Wireless DevCenter