Exploring Linux's new iNet wireless daemon
Abracadabra
Intel's iNet wireless daemon offers virtually all of the features found in the obsolete WPA Supplicant, and it is smaller by a factor of 10.
On Linux, a component called WPA Supplicant [1], which has been around since 2003, plays an important role in wireless connections (see the box entitled "Why the Name?"). As the name suggests, WPA Supplicant is a wireless supplicant that supports the WiFi Protected Access Standard (WPA) for secure wireless communication [2]. WPA has been around for over 20 years, and the industry is now on the third major version, which is known as WPA3. WPA Supplicant toils in the background on most modern Linux distros, where users tend to interact with the system through a GUI interface, but if you're using a wireless configuration tool like NetworkManager, Wicd, or ConnMan, WPA Supplicant is probably at work behind the scenes.
Why the Name?
A supplicant is one who petitions or asks for something. The 802.11 standards, which provide a vendor-neutral definition for wireless communication, define a role for an authenticator (typically a wireless access point) and a supplicant (which is the component that asks for the connection – basically, the wireless client).
WPA Supplicant has seen many improvements through the years, and, in general, it is much easier to connect Linux to a wireless network than it used to be. However, many experts believe that Linux wireless support is due for some reinvention. The world got a scare a few years ago, when WPA Supplicant was shown to be susceptible to the KRACK attack on the WPA2 protocol [3]. Since then, KRACK vulnerabilities have been patched, and WPA3 has taken wireless security to a deeper level, but the complications in implementing a reliable solution underscored the inherent complexity and ungainliness of the WPA Supplicant codebase. That complexity, along with many dependencies, also means that WPA Supplicant is ill-suited for mobile devices and Internet of Things configurations. The need to simplify and provide a better solution for these new technologies explains why efforts have been underway for several years to create a lean alternative to WPA Supplicant.
One alternative that has already arrived, although it still is not installed by default on most Linux systems, is the iNet wireless daemon (iwd) [4]. Intel has been leading the development of iwd for the last four years. In October 2019, the stable 1.0 version was released, and today iwd's version count has reached 1.9. NetworkManager versions from 1.12.0 on can use iwd as their back end. Iwd also works with alternatives such as ConnMan and systemd-networkd. And recently, a small GUI was released for users who want to do without NetworkManager or ConnMan but still want to work through a graphical interface.
The description of the iwd project on www.kernel.org highlights simplicity as an important factor behind iwd's recent rise: "The core goal of the project is to optimize resource utilization: storage, runtime memory, and link-time costs. This is accomplished by not depending on any external libraries and utilizing features provided by the Linux Kernel to the maximum extent possible. The result is a self-contained environment that only depends on the Linux Kernel and the runtime C library." [5]
Arch Linux switched to iwd in a snapshot from July 2020. During the installation, you no longer call the wifi-menu
command to set up WiFi, and the netctl
network manager has been replaced by iwctl
. Ubuntu has also been testing iwd and evaluating the possibility of making it the new standard. The developers now consider iwd to be functionally almost on a par with WPA Supplicant.
Iwd is likely on its way to your Linux version sometime in the future. In the meantime, we decided to install iwd and take a closer look.
iwd with Ubuntu
We chose a daily build of Ubuntu 20.10 as the test candidate, and we tried to recreate as many of Ubuntu's test requirements as possible. We first used iwd in the terminal, then tested it with the new GUI, and finally used it in combination with NetworkManager, replacing WPA Supplicant as the back end.
Iwd consists of the iwd daemon, the iwctl
client, and the iwmon
monitoring tool. The daemon and client were implemented with less than 50,000 lines of code. In comparison: WPA Supplicant weighs in at almost 500,000 lines of code. Iwd uses kernel functions wherever possible (e.g., for encryption). Other benefits include WiFi Protected Setup (WPS) support, simplified network management, fast roaming without unnecessary scanning, and support for multiple profiles per user. For enterprises, iwd also offers support for the following:
- Extensible Authentication Protocol (EAP): A general authentication protocol developed by the Internet Engineering Task Force (IETF) that supports authentication methods such as RADIUS, digital certificates, or SIM cards.
- Trusted Platform Module (TPM): A chip that adds basic security functions to a computer or similar device. In combination with a modified operating system and appropriate software, a Trusted Computing Platform is created.
Iwd basically gets along without configuration because it mainly relies on kernel functions. Only advanced functions like WPA Enterprise require configuration files. Iwd supports WPA3 and Opportunistic Wireless Encryption (OWE). OWE is a standardized procedure for securely encrypting data exchanged on public WiFi networks without a password.
Since version 1.8, iwd has supported peer-to-peer functions via its own API. Bluetooth-style WiFi Direct (WiFi P2P) lets users connect supported devices directly without an intermediate access point.
Getting Started
Before you can get started with iwd, you'll need to take some preliminary steps (Listing 1). First, check if iwd is already installed (line 1). We did not find iwd on the Ubuntu image we tested, which dated from September 12, 2020. We proceeded to install iwd and remove NetworkManager (lines 3 and 4). We then disabled WPA and stopped it permanently by masking (lines 5 to 7). Finally, we enabled iwd (lines 8 and 9) and checked if everything was working (line 10).
Listing 1
First Steps
01 $ systemctl status iwd.service 02 Unit iwd.service could not be found. 03 $ sudo apt install iwd 04 $ sudo apt purge network-manager 05 $ sudo systemctl stop wpa_supplicant.service 06 $ sudo systemctl disable wpa_supplicant.service 07 $ sudo systemctl mask wpa_supplicant 08 $ sudo systemctl enable iwd.service 09 $ sudo systemctl start iwd.service 10 $ systemctl status iwd.service
It is a bad idea to remove the wpasupplicant package after the preliminary work is complete, instead of just disabling it. On Ubuntu, removing wpasupplicant would also remove the ubuntu-desktop metapackage due to many dependencies. On Debian, NetworkManager would be removed as well – which might be a benefit in some cases.
WLAN Setup
Once you have completed the necessary steps, and assuming the status query is positive, you can set up WiFi access. If you get a message about rfkill
blocking (Figure 1), call the command:
sudo rfkill list wifi
If Soft blocked shows up as yes, pressing Fn+F5 might help to switch off flight mode. If this does not help, use:
sudo rfkill unblock wifi
Check if this worked with rfkill
or a new status request for iwd.service
.
Now launch an interactive shell as a normal user with the iwctl
command. Typing help
lists all the available options. To exit the shell, press Ctrl+D. Iwd can also be used without an interactive shell; you just have to prefix each command with iwctl
.
Find devices and their names with the adapter list
command. Use device list
to discover the name the system is using for the interface (Figure 2). On the test device, the interface goes by the name of wlan0
. The command
device wlan0 show
delivers more details about the network interface card (Figure 3). Now scan by typing station wlan0 scan
before using station wlan0 get-networks
to display the available networks (Figure 4).
The station WiFi0 connect your_SSID
command (you need to replace the placeholder with the correct SSID), enables the connection. The requested password is stored in /var/lib/iwd
when input with the .psk
suffix.
If needed, check the functionality again by typing:
status wlan0 get-networks
A check mark, hardly visible against the dark color scheme of the Ubuntu terminal, indicates that the connection was successfully opened. Then use ping
to check the status of the Internet connection or browse to a website. After rebooting the computer, iwd automatically re-establishes the wireless connection.
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
ESET Discovers New Linux Malware
WolfsBane is an all-in-one malware that has hit the Linux operating system and includes a dropper, a launcher, and a backdoor.
-
New Linux Kernel Patch Allows Forcing a CPU Mitigation
Even when CPU mitigations can consume precious CPU cycles, it might not be a bad idea to allow users to enable them, even if your machine isn't vulnerable.
-
Red Hat Enterprise Linux 9.5 Released
Notify your friends, loved ones, and colleagues that the latest version of RHEL is available with plenty of enhancements.
-
Linux Sees Massive Performance Increase from a Single Line of Code
With one line of code, Intel was able to increase the performance of the Linux kernel by 4,000 percent.
-
Fedora KDE Approved as an Official Spin
If you prefer the Plasma desktop environment and the Fedora distribution, you're in luck because there's now an official spin that is listed on the same level as the Fedora Workstation edition.
-
New Steam Client Ups the Ante for Linux
The latest release from Steam has some pretty cool tricks up its sleeve.
-
Gnome OS Transitioning Toward a General-Purpose Distro
If you're looking for the perfectly vanilla take on the Gnome desktop, Gnome OS might be for you.
-
Fedora 41 Released with New Features
If you're a Fedora fan or just looking for a Linux distribution to help you migrate from Windows, Fedora 41 might be just the ticket.
-
AlmaLinux OS Kitten 10 Gives Power Users a Sneak Preview
If you're looking to kick the tires of AlmaLinux's upstream version, the developers have a purrfect solution.
-
Gnome 47.1 Released with a Few Fixes
The latest release of the Gnome desktop is all about fixing a few nagging issues and not about bringing new features into the mix.