Connecting to a Wi-Fi network is getting more and more complicated. The system should figure this out by itself.
For example, for WPA2-Enterprise you have to select all the correct options, instead of just installing a (properly signed) file.
The reason behind this is that
wpa_supplicant is too low level, except that sometimes it swallows the details. The
hostap project (that manages
really want to do the high-level things.
This is why Intel started working on
iwd. It is a complete Wi-Fi management tool, as automatically as possible. It also e.g. remembers passwords. It is the only entity that has
to scan on the radio - with
wpa_supplicant, you have to do a parallel scan in network-manager because
wpa_supplicant doesn’t give you the information. It gives fast roaming
possibilities because it keeps track itself of the available networks.
iwd also has clean, readable source code (uses a daemon library ELL) and it only runs on Linux. It only supports nl80211/cfg80211, no wext.
The security bits are separated out and use kernel crypto (
AF_ALG and keycontrol to manage keyrings, no openssl). Its API is a user-focused API. It only asks for
things when it needs to. It has non-interactive interfaces for installing credentials, for enterprise provisioning (can only be done with a file, but if you leave something out (e.g. password) it will be asked for interactively). Its WPS support actually works. It also supports Wi-Fi hotspots.
There are regular releases, roughly monthly since February 2018. Latest release 0.10 on 2018-10-20.
It already supports WPA3.
The API has station, ad-hoc and AP mode.
Interacting with it goes over D-Bus, and there is a
iwctl command-line client that exposes that interface to shell. There is integration available for ConnMan, but it aged a
little and should be updated. Integration with NetworkManager is there for personal networks, enterprise underway. systemd-networkd is not there net.
There is a conflict with renaming network interfaces in udev, because iwd is faster than udev so udev cannot rename the interface any more because it is already up.
During development, there were a lot of fixes to the kernel as well. E.g. hotplug didn’t properly work because
wpa_supplicant didn’t support it. They also built a tracing
iwmon that decodes the
Last TODO items for 1.0: review the ELL (Embedded Linux Library) API, and review the D-Bus API.
Up to now it has been focused on the Wi-Fi, but the authentiation also applies to wired networks (802.1x).
wpa_supplicant does this by converting the ethernet port into a
iwd has an
ead that does it properly, but eventually it will be spun out.
Source is on git.kernel.org, documentation on https://iwd.wiki.kernel.org/
In the future it is also going to be a replacement for hostapd (i.e. for a full-fledged access points), but at the moment it is not up to it.