[Feature request] Blacklist access points. about netctl HOT 10 OPEN

Anyone? PLEASE HELP!

from netctl.

Questions have a better chance of getting an answer in the Arch forums, but let me try to help you.
So you have a profile for Eduroam and some networks with an Eduroam SSID don't work, correct? One thing I can think of is that you list those APs that do work for you and use their BSSIDs in profiles for them. You could keep a general Eduroam profile around and add an ExcludeAuto=yes line to it.

from netctl.

Thanks, I will try and ask the question there.

The problem with "whitelisting" the BSSIDs which work is, every time you go to a new place (or probably even another part of the same building) you will have to manually add more BSSIDs to the list. And then have to maintain and prune the list as it grows over time.

from netctl.

Let me know when you find a solution! I just found that wpa_supplicant has the ability to blacklist BSSIDs and your use case is a good reason to support such a blacklist. I would be interested in adding support to netctl(-auto). Any suggestions as to how this functionality should be exposed are welcome!

Note: it is currently possible to start netctl-auto and then use wpa_cli -i <interface> blacklist <BSSID> to add BSSIDs to the blacklist. You could put a few of these statements in a script:

#! /bin/bash

for bssid in \
  <BSSID> \
  <BSSID> \
  ... \
  <BSSID> \
; do
    wpa_cli ${1:+-i $1} blacklist $bssid
done

and run this script each time after starting netctl_auto (supply the interface as an argument to the script).

from netctl.

from netctl.

Have you tried including something like

Security=wpa-configsection
WPAConfigSection=(
    'ssid="eduroam"'
    'key_mgmt=WPA-EAP'
    'eap=PEAP'
    'pairwise=TKIP CCMP'
    'anonymous_identity="anonymous"'
    'identity="<USERNAME>"'
    'password="<PASSWORD>"'
    'bssid_blacklist=<BSSID> <BSSID> ... <BSSID>'
)

in your profile?

from netctl.

Wow, thanks, according to $ strings '/usr/bin/wpa_supplicant' |grep -i bssid_blacklist it seems to be there. Strange that neither manpages nor my Internet searches had shown it to me. I will definitely give it a try today!

The external-script solution seems to work more or less, and it can be used on the systems whose wpa_supplicant is old and does not include this feature yet, and I improved the script to accept input with comments:
`
#!/bin/sh --

sed -E -e'/^#/d' -e's/#.*//' ${@:?} |while read bssid; do
wpa_cli blacklist "${bssid}"
done
`

from netctl.

The output of $ wpa_cli blacklist is only Selected interface 'wlp2s0' meaning it does not work somehow?..

from netctl.

It looks like the blacklist you set in the config section does not show up in the output of wpa_cli blacklist. This would be a bug in wpa_cli and (if so) should be reported upstream.

from netctl.

The setting does have effect, that means wpa_cli is indeed bugged.

from netctl.