[people/ms/network.git] / src / hooks / ports / wireless-ap

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-port

HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"

HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
HOOK_SETTINGS="${HOOK_SETTINGS} MFP"

ADDRESS=$(mac_generate)
BROADCAST_SSID=on
CHANNEL=
CHANNEL_BANDWIDTH=
ENCRYPTION=""
KEY=""
SSID=

# Perform radar detection by default when possible
DFS="on"

# 802.11w - Management Frame Protection
# Disable by default because many clients cannot connect when enabled
MFP="off"

ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"

hook_check_settings() {
	assert isset ADDRESS
	assert ismac ADDRESS
	assert isset BROADCAST_SSID
	assert isbool BROADCAST_SSID
	assert isset CHANNEL
	assert isbool DFS
	assert isbool MFP
	assert isset MODE
	assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
	assert isset PHY
	assert ismac PHY
	assert isset SSID

	if isset ENCRYPTION; then
		assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2

		assert isset KEY
		assert [ ${#KEY} -ge 8 ]
		assert [ ${#KEY} -le 63 ]
	fi

	assert wireless_environment_is_valid "${ENVIRONMENT}"
}

hook_parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--broadcast-ssid=*)
				BROADCAST_SSID=$(cli_get_val "${1}")
				;;
			--channel=*)
				CHANNEL=$(cli_get_val "${1}")
				;;
			--channel-bandwidth=*)
				CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
				;;
			--dfs=*)
				DFS="$(cli_get_val "${1}")"

				if enabled DFS; then
					DFS="on"
				elif disabled DFS; then
					DFS="off"
				else
					error "Invalid value for DFS: ${DFS}"
					return ${EXIT_ERROR}
				fi
				;;
			--encryption=*)
				ENCRYPTION=$(cli_get_val "${1}")
				;;
			--environment=*)
				ENVIRONMENT="$(cli_get_val "${1}")"

				if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
					error "Invalid wireless environment: ${ENVIRONMENT}"
					return ${EXIT_ERROR}
				fi
				;;
			--key=*)
				KEY=$(cli_get_val "${1}")
				;;
			--mac=*)
				ADDRESS=$(cli_get_val "${1}")
				;;
			--mfp=*)
				MFP="$(cli_get_val "${1}")"

				if enabled MFP; then
					MFP="on"
				elif disabled MFP; then
					MFP="off"
				else
					error "Invalid value for --mfp: ${MFP}"
					return ${EXIT_ERROR}
				fi
				;;
			--mode=*)
				MODE=$(cli_get_val "${1}")

				if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
					error "Unsupported mode: ${MODE}"
					error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
					return ${EXIT_ERROR}
				fi
				;;
			--phy=*)
				PHY=$(cli_get_val "${1}")
				;;
			--ssid=*)
				SSID=$(cli_get_val "${1}")
				;;
			*)
				warning "Ignoring unknown argument '${1}'"
				;;
		esac
		shift
	done

	# Generate a random MAC address if none is set
	if ! isset ADDRESS; then
		ADDRESS="$(mac_generate)"
	fi

	# MODE must be set
	if ! isset MODE; then
		error "--mode is not set"
		return ${EXIT_ERROR}
	fi

	# Automatically enable ACS if no channel is set and ACS is available
	if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
		CHANNEL="0"

		log INFO "Automatic Channel Selection (ACS) enabled"
	fi

	# Channel bandwidth must match the mode
	if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
		error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
		return ${EXIT_ERROR}
	fi

	# Save address of phy do identify it again
	PHY=$(phy_get ${PHY})
	PHY=$(phy_get_address ${PHY})
}

hook_edit() {
	local port=${1}
	assert isset port

	if ! hook_default_edit "$@"; then
		return ${EXIT_ERROR}
	fi

	# To apply all changes, we need to restart the port
	port_restart "${port}"
}

hook_create() {
	local port="${1}"
	assert isset port

	device_exists "${port}" && exit ${EXIT_OK}

	port_settings_read "${port}" ${HOOK_SETTINGS}

	# Check if the PHY is present.
	local phy=$(phy_get ${PHY})
	if ! isset phy; then
		log DEBUG "phy '${PHY}' is not present"
		exit ${EXIT_ERROR}
	fi

	# Create the wireless device
	wireless_create "${port}" \
		--phy="${phy}" \
		--type="ap" \
		--address="${ADDRESS}"

	exit ${EXIT_OK}
}

hook_remove() {
	local port="${1}"
	assert isset port

	# Remove the device if present
	if device_exists "${port}"; then
		wireless_remove "${port}"
	fi

	exit ${EXIT_OK}
}

hook_up() {
	local port="${1}"
	assert isset port

	# The port must already exist before
	# hostapd is started. Otherwise it will
	# fail horribly over and over again.
	assert device_exists "${port}"

	hostapd_start "${port}"
}

hook_down() {
	local port="${1}"
	assert isset port

	hostapd_stop "${port}"
}

hook_hotplug() {
	local port="${1}"
	assert isset port

	case "$(hotplug_action)" in
		add)
			# Create the port when the phy is plugged in
			if hotplug_event_port_uses_phy "${port}"; then
				hook_create "${port}"
			fi
			;;

		remove)
			# Stop hostapd
			if hotplug_event_port_is_interface "${port}"; then
				hostapd_stop "${port}"

				exit ${EXIT_OK}
			fi
			;;
	esac

	exit ${EXIT_NOT_HANDLED}
}
Commit	Line	Data
d76f5107 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
8ee92277	22	. /usr/lib/network/header-port
d76f5107	23
54bae947 MT	24	HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
54bae947 MT	25
40c95a6b	26	HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
7842c2ce	27	HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
34ca3936	28	HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
d76f5107 MT	29
	30	ADDRESS=$(mac_generate)
	31	BROADCAST_SSID=on
1b4aa2ca	32	CHANNEL=
54094fc7	33	CHANNEL_BANDWIDTH=
25e32463 MT	34	ENCRYPTION=""
25e32463 MT	35	KEY=""
d76f5107 MT	36	SSID=
d76f5107 MT	37
7b297fb2 MT	38	# Perform radar detection by default when possible
	39	DFS="on"
	40
34ca3936 MT	41	# 802.11w - Management Frame Protection
	42	# Disable by default because many clients cannot connect when enabled
	43	MFP="off"
	44
7842c2ce MT	45	ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
7842c2ce MT	46
1c6a4e30	47	hook_check_settings() {
d76f5107 MT	48	assert isset ADDRESS
	49	assert ismac ADDRESS
	50	assert isset BROADCAST_SSID
	51	assert isbool BROADCAST_SSID
	52	assert isset CHANNEL
7b297fb2	53	assert isbool DFS
34ca3936	54	assert isbool MFP
d76f5107	55	assert isset MODE
6c262922	56	assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
d76f5107 MT	57	assert isset PHY
	58	assert ismac PHY
	59	assert isset SSID
25e32463 MT	60
	61	if isset ENCRYPTION; then
	62	assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2
	63
	64	assert isset KEY
	65	assert [ ${#KEY} -ge 8 ]
	66	assert [ ${#KEY} -le 63 ]
	67	fi
7842c2ce MT	68
7842c2ce MT	69	assert wireless_environment_is_valid "${ENVIRONMENT}"
d76f5107 MT	70	}
d76f5107 MT	71
270aab39	72	hook_parse_cmdline() {
d76f5107 MT	73	while [ $# -gt 0 ]; do
	74	case "${1}" in
	75	--broadcast-ssid=*)
2212045f	76	BROADCAST_SSID=$(cli_get_val "${1}")
d76f5107 MT	77	;;
d76f5107 MT	78	--channel=*)
2212045f	79	CHANNEL=$(cli_get_val "${1}")
d76f5107	80	;;
54094fc7 MT	81	--channel-bandwidth=*)
	82	CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
	83	;;
7b297fb2 MT	84	--dfs=*)
	85	DFS="$(cli_get_val "${1}")"
	86
	87	if enabled DFS; then
	88	DFS="on"
	89	elif disabled DFS; then
	90	DFS="off"
	91	else
	92	error "Invalid value for DFS: ${DFS}"
	93	return ${EXIT_ERROR}
	94	fi
	95	;;
25e32463	96	--encryption=*)
2212045f	97	ENCRYPTION=$(cli_get_val "${1}")
25e32463	98	;;
7842c2ce MT	99	--environment=*)
	100	ENVIRONMENT="$(cli_get_val "${1}")"
	101
	102	if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
	103	error "Invalid wireless environment: ${ENVIRONMENT}"
	104	return ${EXIT_ERROR}
	105	fi
	106	;;
25e32463	107	--key=*)
2212045f	108	KEY=$(cli_get_val "${1}")
25e32463	109	;;
d76f5107	110	--mac=*)
2212045f	111	ADDRESS=$(cli_get_val "${1}")
d76f5107	112	;;
34ca3936 MT	113	--mfp=*)
	114	MFP="$(cli_get_val "${1}")"
	115
	116	if enabled MFP; then
	117	MFP="on"
	118	elif disabled MFP; then
	119	MFP="off"
	120	else
	121	error "Invalid value for --mfp: ${MFP}"
	122	return ${EXIT_ERROR}
	123	fi
	124	;;
d76f5107	125	--mode=*)
2212045f	126	MODE=$(cli_get_val "${1}")
6c262922 MT	127
	128	if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
	129	error "Unsupported mode: ${MODE}"
	130	error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
	131	return ${EXIT_ERROR}
	132	fi
d76f5107 MT	133	;;
d76f5107 MT	134	--phy=*)
2212045f	135	PHY=$(cli_get_val "${1}")
d76f5107 MT	136	;;
d76f5107 MT	137	--ssid=*)
2212045f	138	SSID=$(cli_get_val "${1}")
d76f5107 MT	139	;;
	140	*)
	141	warning "Ignoring unknown argument '${1}'"
	142	;;
	143	esac
	144	shift
	145	done
	146
8578e61d MT	147	# Generate a random MAC address if none is set
	148	if ! isset ADDRESS; then
	149	ADDRESS="$(mac_generate)"
	150	fi
	151
6c262922 MT	152	# MODE must be set
	153	if ! isset MODE; then
	154	error "--mode is not set"
	155	return ${EXIT_ERROR}
	156	fi
	157
1b4aa2ca MT	158	# Automatically enable ACS if no channel is set and ACS is available
	159	if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
	160	CHANNEL="0"
	161
	162	log INFO "Automatic Channel Selection (ACS) enabled"
	163	fi
	164
54094fc7 MT	165	# Channel bandwidth must match the mode
54094fc7 MT	166	if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
f9e980d9	167	error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
54094fc7 MT	168	return ${EXIT_ERROR}
	169	fi
	170
d76f5107 MT	171	# Save address of phy do identify it again
	172	PHY=$(phy_get ${PHY})
	173	PHY=$(phy_get_address ${PHY})
270aab39 MT	174	}
270aab39 MT	175
1c6a4e30	176	hook_edit() {
d76f5107	177	local port=${1}
d76f5107 MT	178	assert isset port
d76f5107 MT	179
2212045f	180	if ! hook_default_edit "$@"; then
270aab39 MT	181	return ${EXIT_ERROR}
270aab39 MT	182	fi
d76f5107	183
270aab39 MT	184	# To apply all changes, we need to restart the port
270aab39 MT	185	port_restart "${port}"
d76f5107 MT	186	}
d76f5107 MT	187
1c6a4e30	188	hook_create() {
1ba6a2bb	189	local port="${1}"
d76f5107 MT	190	assert isset port
d76f5107 MT	191
1ba6a2bb MT	192	device_exists "${port}" && exit ${EXIT_OK}
1ba6a2bb MT	193
e9df08ad	194	port_settings_read "${port}" ${HOOK_SETTINGS}
d76f5107	195
49ec20d8 MT	196	# Check if the PHY is present.
	197	local phy=$(phy_get ${PHY})
	198	if ! isset phy; then
	199	log DEBUG "phy '${PHY}' is not present"
	200	exit ${EXIT_ERROR}
	201	fi
	202
1ba6a2bb MT	203	# Create the wireless device
	204	wireless_create "${port}" \
	205	--phy="${phy}" \
	206	--type="ap" \
	207	--address="${ADDRESS}"
d76f5107 MT	208
	209	exit ${EXIT_OK}
	210	}
	211
1c6a4e30	212	hook_remove() {
1ba6a2bb	213	local port="${1}"
d76f5107 MT	214	assert isset port
d76f5107 MT	215
b8026986 MT	216	# Remove the device if present
	217	if device_exists "${port}"; then
	218	wireless_remove "${port}"
47859d95	219	fi
d76f5107 MT	220
	221	exit ${EXIT_OK}
	222	}
	223
1c6a4e30	224	hook_up() {
1ba6a2bb MT	225	local port="${1}"
	226	assert isset port
	227
	228	# The port must already exist before
	229	# hostapd is started. Otherwise it will
	230	# fail horribly over and over again.
	231	assert device_exists "${port}"
	232
	233	hostapd_start "${port}"
	234	}
	235
1c6a4e30	236	hook_down() {
1ba6a2bb MT	237	local port="${1}"
	238	assert isset port
	239
	240	hostapd_stop "${port}"
	241	}
	242
1c6a4e30	243	hook_hotplug() {
b8026986	244	local port="${1}"
47859d95	245	assert isset port
49ec20d8	246
b8026986 MT	247	case "$(hotplug_action)" in
b8026986 MT	248	add)
1ba6a2bb MT	249	# Create the port when the phy is plugged in
	250	if hotplug_event_port_uses_phy "${port}"; then
	251	hook_create "${port}"
b8026986 MT	252	fi
	253	;;
	254
	255	remove)
	256	# Stop hostapd
	257	if hotplug_event_port_is_interface "${port}"; then
	258	hostapd_stop "${port}"
b8026986	259
1ba6a2bb MT	260	exit ${EXIT_OK}
1ba6a2bb MT	261	fi
b8026986 MT	262	;;
b8026986 MT	263	esac
47859d95	264
1ba6a2bb	265	exit ${EXIT_NOT_HANDLED}
47859d95	266	}