WPA_supplicant/ WPA_cli 使用格式，以及802.11 联结状态码 / 未认证异常码

#格式：wpa_supplicant  -i wlan0 -c /etc/wpa_supplicant.conf  -D wext -d  

按照下面的参考格式填入内容并保存 wpa_supplicant.conf 文件。

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=root
update_config=1  
 
country=CN
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1     # 是否允许wpa_supplicant更新（覆盖）配置文件

network={
ssid="WiFi-A"
proto=WPA RSN       # WPA WPA2(RSN)
key_mgmt=WPA-PSK    # NONE WPA-PSK WPS-EAP IEEE8021X 
pairwise=CCMP TKIP  #CCMP TKIP(包含AES)
group=CCMP TKIP WEP104 WEP40
psk="12345678"
priority=1          # 连接优先级，数字越大优先级越高
}

network={
ssid="WiFi-B"
psk="12345678"
key_mgmt=WPA-PSK    #认证密钥管理协议，如果不确定也可以不写这行
priority=2
scan_ssid=1         # 如果你的SSID是隐藏的这个就是必须的
}

如果你的wifi没有密码

network={
ssid="你的无线网络名称（ssid）"
key_mgmt=NONE
}

如果你的 WiFi 使用WEP加密

network={
ssid="你的无线网络名称（ssid）"
key_mgmt=NONE
wep_key0="你的wifi密码"
}

如果你的 WiFi 使用WPA/WPA2加密

network={
ssid="你的无线网络名称（ssid）"
key_mgmt=WPA-PSK
psk="你的wifi密码"
}

#格式：wpa_cli -i wlan0 -p /etc/wpa_supplicant  # 控制套接字。

此时会进入交互模式。其中交互模式的命令如下表：

Full command	Short command	Description
status	stat	displays the current connection status
disconnect	disc	prevents wpa_supplicant from connecting to any access point
quit	q	exits wpa_cli
terminate	term	kills wpa_supplicant
reconfigure	recon	reloads wpa_supplicant with the configuration file supplied (-c parameter)
scan	scan	scans for available access points (only scans it, doesn't display anything)
scan_result	scan_r	displays the results of the last scan
list_networks	list_n	displays a list of configured networks and their status (active or not, enabled or disabled)
select_network	select_n	select a network among those defined to initiate a connection (ie select_network 0)
enable_network	enable_n	makes a configured network available for selection (ie enable_network 0)
disable_network	disable_n	makes a configured network unavailable for selection (ie disable_network 0)
remove_network	remove_n	removes a network and its configuration from the list (ie remove_network 0)
add_network	add_n	adds a new network to the list. Its id will be created automatically
set_network	set_n	shows a very short list of available options to configure a network when supplied with no parameters. See next section for a list of extremely useful parameters to be used with set_network and get_network.
get_network	get_n	displays the required parameter for the specified network. See next section for a list of parameters
save_config	save_c	saves the configuration

设置网络的基本格式：set_network <network id> <key> <parameter> [<parameter>]
显示网络信息的基本格式：get_network <network id> <key>
相应的参数如下表：

Key	Description	Parameters
ssid	Access point name	string
id_str	String identifying the network	string
priority	Connection priority over other APs	number (0 being the default low priority)
bssid	Mac address of the access point	mac address
scan_ssid	Enable/disbale ssid scan	0, 1, 2
key_mgmt	Type of key management	WPA-PSK, WPA_EAP, None
pairwise	Pairwise ciphers for WPA	CCMP, TKIP
group=TKIP	Group ciphers for WPA	CCMP, TKIP, WEP104, WEP40
psk	Pre-Shared Key (clear or encrypted)	string
wep_key0	WEP key (up to 4: wep_key[0123])	string
eap	Extensible Authentication Protocol	MD5, MSCHAPV2, OTP, GTC, TLS, PEAP, TTLS
identity	EAP identity string	string
password	EAP password	string
ca_cert	Pathname to CA certificate file	/full/path/to/certificate
client_cert	Pathname to client certificate	/full/path/to/certificate (PEM/DER)
private_key	Pathname to a client private key file	/full/path/to/private_key (PEM/DER/PFX)

连接无加密的AP

>add_network  (It will display a network id for you, assume it returns 0)
>set_network 0 ssid "666"
>set_network 0 key_mgmt NONE
>enable_network 0
>quit

连接WEP加密AP

>add_network   (assume return 1)
>set_network 1 ssid "666"
>set_network 1 key_mgmt NONE
>set_network 1 wep_key0 "your ap password"
>enable_network 1

连接WPA-PSK/WPA2-PSK加密的AP

>add_network   (assume return 2)
>set_network 2 ssid "666"
>set_network 2 psk "your pre-shared key"
>enable_network 2

功能类似wpa_supplicant的配置文件，以上是通过命令行工具wpa_cli来实现wifi网络的连接。。

==================================================================== 

802.11 Association Status Codes

Code	802.11 definition	Explanation
0	Successful
1	Unspecified failure	For example : when there is no ssid specified in an association request
10	Cannot support all requested capabilities in the Capability Information field	Example Test: Reject when privacy bit is set for WLAN not requiring security
11	Reassociation denied due to inability to confirm that association exists	NOT SUPPORTED
12	Association denied due to reason outside the scope of this standard	Example : When controller receives assoc from an unknown or disabled SSID
13	Responding station does not support the specified authentication algorithm	For example, MFP is disabled but was requested by the client.
14	Received an Authentication frame with authentication transaction sequence number out of expected sequence	If the authentication sequence number is not correct.
15	Authentication rejected because of challenge failure
16	Authentication rejected due to timeout waiting for next frame in sequence
17	Association denied because AP is unable to handle additional associated stations	Will happen if you run out of AIDs on the AP; so try associating a large number of stations.
18	Association denied due to requesting station not supporting all of the data rates in the BSSBasicRateSet parameter	Will happen if the rates in the assoc request are not in the BasicRateSet in the beacon.
19	Association denied due to requesting station not supporting the short preamble option	NOT SUPPORTED
20	Association denied due to requesting station not supporting the PBCC modulation option	NOT SUPPORTED
21	Association denied due to requesting station not supporting the Channel Agility option	NOT SUPPORTED
22	Association request rejected because Spectrum Management capability is required	NOT SUPPORTED
23	Association request rejected because the information in the Power Capability element is unacceptable	NOT SUPPORTED
24	Association request rejected because the information in the Supported Channels element is unacceptable	NOT SUPPORTED
25	Association denied due to requesting station not supporting the Short Slot Time option	NOT SUPPORTED
26	Association denied due to requesting station not supporting the DSSS-OFDM option	NOT SUPPORTED
27-31	Reserved	NOT SUPPORTED
32	Unspecified, QoS-related failure	NOT SUPPORTED
33	Association denied because QAP has insufficient bandwidth to handle another QSTA	NOT SUPPORTED
34	Association denied due to excessive frame loss rates and/or poor conditions on current operating channel	NOT SUPPORTED
35	Association (with QBSS) denied because the requesting STA does not support the QoS facility	If the WMM is required by the WLAN and the client is not capable of it, the association will get rejected.
36	Reserved in 802.11	This is used in our code ! There is no blackbox test for this status code.
37	The request has been declined	This is not used in assoc response; ignore
38	The request has not been successful as one or more parameters have invalid values	NOT SUPPORTED
39	The TS has not been created because the request cannot be honored; however, a suggested TSPEC is provided so that the initiating QSTA may attempt to set another TS with the suggested changes to the TSPEC	NOT SUPPORTED
40	Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7	Sent when Aironet IE is not present for a CKIP WLAN
41	Invalid group cipher	Used when received unsupported Multicast 802.11i OUI Code
42	Invalid pairwise cipher
43	Invalid AKMP
44	Unsupported RSN information element version	If you put anything but version value of 1, you will see this code.
45	Invalid RSN information element capabilities	If WPA/RSN IE is malformed, such as incorrect length etc, you will see this code.
46	Cipher suite rejected because of security policy	NOT SUPPORTED
47	The TS has not been created; however, the HC may be capable of creating a TS, in response to a request, after the time indicated in the TS Delay element	NOT SUPPORTED
48	Direct link is not allowed in the BSS by policy	NOT SUPPORTED
49	Destination STA is not present within this QBSS	NOT SUPPORTED
50	The Destination STA is not a QSTA	NOT SUPPORTED
51	Association denied because the ListenInterval is too large	NOT SUPPORTED
200 (0xC8)	Unspecified, QoS-related failure. Not defined in IEEE, defined in CCXv4	Unspecified QoS Failure. This will happen if the Assoc request contains more than one TSPEC for the same AC.
201 (0xC9)	TSPEC request refused due to AP’s policy configuration (e.g., AP is configured to deny all TSPEC requests on this SSID). A TSPEC will not be suggested by the AP for this reason code. Not defined in IEEE, defined in CCXv4	This will happen if a TSPEC comes to a WLAN which has lower priority than the WLAN priority settings. For example a Voice TSPEC coming to a Silver WLAN. Only applies to CCXv4 clients.
202 (0xCA)	Association Denied due to AP having insufficient bandwidth to handle a new TS. This cause code will be useful while roaming only. Not defined in IEEE, defined in CCXv4
203 (0xCB)	Invalid Parameters. The request has not been successful as one or more TSPEC parameters in the request have invalid values. A TSPEC SHALL be present in the response as a suggestion. Not defined in IEEE, defined in CCXv4	This happens in cases such as PHY rate mismatch. If the TSRS IE contains a phy rate not supported by the controller, for example. Other examples include sending a TSPEC with bad parameters, such as sending a date rate of 85K for a narrowband TSPEC.

802.11 Deauth Reason Codes

When running a client debug, this code will match the ReasonCode from the output: "Scheduling mobile for deletion with delete Reason x, reasonCode y"

Code	802.11 definition	Explanation
0	Reserved	NOT SUPPORTED
1	Unspecified reason	TBD
2	Previous authentication no longer valid	NOT SUPPORTED
3	station is leaving (or has left) IBSS or ESS	NOT SUPPORTED
4	Disassociated due to inactivity	Do not send any data after association;
5	Disassociated because AP is unable to handle all currently associated stations	TBD
6	Class 2 frame received from nonauthenticated station	NOT SUPPORTED
7	Class 3 frame received from nonassociated station	NOT SUPPORTED
8	Disassociated because sending station is leaving (or has left) BSS	TBD
9	Station requesting (re)association is not authenticated with responding station	NOT SUPPORTED
10	Disassociated because the information in the Power Capability element is unacceptable	NOT SUPPORTED
11	Disassociated because the information in the Supported Channels element is unacceptable	NOT SUPPORTED
12	Reserved	NOT SUPPORTED
13	Invalid information element, i.e., an information element defined in this standard for which the content does not meet the specifications in Clause 7	NOT SUPPORTED
14	Message integrity code (MIC) failure	NOT SUPPORTED
15	4-Way Handshake timeout	NOT SUPPORTED
16	Group Key Handshake timeout	NOT SUPPORTED
17	Information element in 4-Way Handshake different from (Re)Association Request/Probe Response/Beacon frame	NOT SUPPORTED
18	Invalid group cipher	NOT SUPPORTED
19	Invalid pairwise cipher	NOT SUPPORTED
20	Invalid AKMP	NOT SUPPORTED
21	Unsupported RSN information element version	NOT SUPPORTED
22	Invalid RSN information element capabilities	NOT SUPPORTED
23	IEEE 802.1X authentication failed	NOT SUPPORTED
24	Cipher suite rejected because of the security policy	NOT SUPPORTED
25-31	Reserved	NOT SUPPORTED
32	Disassociated for unspecified, QoS-related reason	NOT SUPPORTED
33	Disassociated because QAP lacks sufficient bandwidth for this QSTA	NOT SUPPORTED
34	Disassociated because excessive number of frames need to be acknowledged, but are not acknowledged due to AP transmissions and/or poor channel conditions	NOT SUPPORTED
35	Disassociated because QSTA is transmitting outside the limits of its TXOPs	NOT SUPPORTED
36	Requested from peer QSTA as the QSTA is leaving the QBSS (or resetting)	NOT SUPPORTED
37	Requested from peer QSTA as it does not want to use the mechanism	NOT SUPPORTED
38	Requested from peer QSTA as the QSTA received frames using the mechanism for which a setup is required	NOT SUPPORTED
39	Requested from peer QSTA due to timeout	NOT SUPPORTED
40	Peer QSTA does not support the requested cipher suite	NOT SUPPORTED
46-65535	46--65 535 Reserved	NOT SUPPORTED
98	Cisco defined	TBD
99	Cisco defined Used when the reason code sent in a deassoc req or deauth by the client is invalid – invalid length, invalid value etc	Example: Send a Deauth to the AP with the reason code to be invalid, say zero