O'Reilly Book Excerpts: Wireless Hacks

Enabling BSS Master Mode on Hermes-Based Radios

Related Reading

Wireless Hacks
100 Industrial-Strength Tips & Tools
By Rob Flickenger

by Rob Flickenger

Editor's note: Rob Flickenger is back with yet another excerpt from his latest book, the recently released Wireless Hacks. This week, Rob shows you what you'll need to do to operate a Hermes-based radio card — the kind found in the original AirPort AP — as a BSS master.

Hack #61. Hermes AP

Hermes-based radio cards (like the tremendously popular but confusingly named Lucent/Orinoco/Avaya/Proxim silver and gold cards) are notoriously difficult to operate in BSS [Hack #12] master mode. By design, the cards themselves are actually not able to provide BSS master services on their own. You might find this surprising, since they are the radio card embedded in the original AirPort AP, as well as the RG1000, RG1100, AP1000, and many others. Before these cards can operate as a BSS master, they need additional firmware uploaded to the card. This tertiary firmware is uploaded to the card's RAM, and is lost if the card loses power. To make matters even more difficult, the firmware in question is licensed software, and can't legally be distributed by anyone but the manufacturer.

The ingenious Hermes AP project ( addresses both of these tricky issues. It consists of a set of modified drivers, a utility for uploading the tertiary firmware, and a simple script that downloads the firmware from Proxim's public FTP server. Hermes AP isn't trivial to get running, but can be the perfect piece of software if you absolutely need a host-based Orinoco AP.

To get Hermes AP running, you need a kernel with Dev FS enabled. This allows the kernel to manage the /dev directory, dynamically creating device files for every physical device that the kernel supports. Run a make menuconfig, and select Code maturity level optionsPrompt for development and/or incomplete code/drivers. Now go back to the main menu, and under File systems enable /dev file system support, as well as Automatically mount at boot. When running Dev FS, it's also a good idea to disable /dev/pts file system support, as Dev FS will automatically manage your ptys for you.

Before you recompile your kernel, copy all of the source code under the drivers/ directory from Hermes AP over top of the existing drivers in the kernel (right over top of the files in linux/drivers/net/wireless/). Now build your kernel and modules as you normally would, and reboot.

Your Orinoco card should come up as usual with the new driver, but won't support BSS Master mode yet. First, cd to the Hermes AP source directory. To download a copy of the tertiary firmware from Proxim's site, run the script in the firmware/ directory. Next, build the hfwload utility by running make in the hfw/ directory. This utility uploads the tertiary firmware to your card. Copy the utility and the card firmware somewhere handy (I keep mine in /usr/local/hermesap) and run a command like this at boot time, before the interface comes up:

# cd /usr/local/hermesap; ./hfwload eth1 T1085800.hfw

Note that the card must not be configured as up when you load the firmware; if it is already up, an ifconfig eth1 down will bring it down for you. If all goes well, an iwconfig should show that eth1 is in Master mode! You can now configure the radio with an ESSID, WEP keys, and any other features as you normally would.

Hermes AP is still beta software, but it seems to run quite well. Personally, I still prefer Host AP and a good Senao/EnGenius card to Hermes AP (as the radio cards are more powerful and sensitive, and Host AP is under active development and sports more fun features) but for some situations, Hermes AP can be ideal.

Rob Flickenger is a long time supporter of FreeNetworks and DIY networking. Rob is the author of three O'Reilly books: Building Wireless Community Networks, Linux Server Hacks, and Wireless Hacks.

Return to the Wireless DevCenter