From nobody@FreeBSD.org  Sat Oct 13 13:38:59 2012
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 5F5C92B9
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Oct 2012 13:38:59 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id 476708FC08
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Oct 2012 13:38:59 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.5/8.14.5) with ESMTP id q9DDcxS3089692
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 13 Oct 2012 13:38:59 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.5/8.14.5/Submit) id q9DDcwjL089691;
	Sat, 13 Oct 2012 13:38:58 GMT
	(envelope-from nobody)
Message-Id: <201210131338.q9DDcwjL089691@red.freebsd.org>
Date: Sat, 13 Oct 2012 13:38:58 GMT
From: Boris Lytochkin <lytboris@gmail.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: hostapd securing wireless adapter in HostAP mode is started too late
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         172661
>Category:       kern
>Synopsis:       hostapd(8) securing wireless adapter in HostAP mode is started too late
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-wireless
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 13 13:40:00 UTC 2012
>Closed-Date:    
>Last-Modified:  Sat Oct 13 22:24:41 UTC 2012
>Originator:     Boris Lytochkin
>Release:        10.0-CURRENT
>Organization:
Yandex, LLC
>Environment:
FreeBSD gate.home 10.0-CURRENT FreeBSD 10.0-CURRENT #8: Sat Sep 29 06:31:21 MSK 2012     root@gate.home:/usr/obj/usr/src/sys/GATEv2  i386

>Description:
hostupd rc-script is scheduled for running in a trail of rc-scripts thus it should run as much close to netif as possible: if one is using wireless adapter in hostap mode, nnetif configures it into this mode BUT with no security applied. The interval between netif and hostapd launches this wireless network runs unsecured.
>How-To-Repeat:
Configure wlan0 into hostap mode, configure hostapd.
Reboot machine and observe your wireless network running without any security for 30-40 seconds or even couple of minutes.
>Fix:
1) hostapd should be inserted into NETWORKING REQUIRE record.
2) netif should be inserted into hostapd REQUIRE record.

This will significantly reduce period of unsecured wireless network running though not eliminating it totally.

Another approach is to introduce hostapd_ifaces variable and controlling wireless interface UP/DOWN state from rc-script. Ideally both of approaches should be implemented.

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-wireless 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Sat Oct 13 22:24:20 UTC 2012 
Responsible-Changed-Why:  
Over to maintainer(s). 

http://www.freebsd.org/cgi/query-pr.cgi?pr=172661 
>Unformatted:
