2 ###############################################################################
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2012 IPFire Network Development Team #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
20 ###############################################################################
22 HOSTAPD_CONTROL_INTERFACE_DIR
="/run/hostapd/ctrl"
24 HOSTAPD_SUPPORTED_MODES
="802.11a 802.11a/n 802.11ac 802.11g 802.11g/n"
26 HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS
=(
27 "GCMP-256" # Galois/counter mode protocol with 256 bit key
28 "CCMP-256" # AES in Counter mode with CBC-MAC with 256 bit key
29 "GCMP-128" # Galois/counter mode protocol with 128 bit key
30 "CCMP-128" # AES in Counter mode with CBC-MAC with 128 bit key
33 # This must be supported by all stations on the network and therefore
34 # can effectively only be CCMP
35 HOSTAPD_SUPPORTED_GROUP_CIPHERS
=(
39 hostapd_config_write
() {
46 # Shift the device and file argument.
50 if ! device_exists
"${device}"; then
51 error
"Cannot write hostapd configuration for non-existant device: ${device}"
55 # Get the phy for device
56 local phy
="$(device_get_phy "${device}")"
61 local channel_bandwidth
62 local country_code
="$(wireless_get_reg_domain)"
65 local environment
="${WIRELESS_DEFAULT_ENVIRONMENT}"
72 while [ $# -gt 0 ]; do
75 broadcast_ssid
=$
(cli_get_val
"${1}")
78 channel
=$
(cli_get_val
"${1}")
80 --channel-bandwidth=*)
81 channel_bandwidth
="$(cli_get_val "${1}")"
84 dfs
="$(cli_get_val "${1}")"
87 encryption
=$
(cli_get_val
"${1}")
90 environment
="$(cli_get_val "${1}")"
93 key
=$
(cli_get_val
"${1}")
96 mfp
="$(cli_get_val "${1}")"
99 mode
=$
(cli_get_val
"${1}")
101 if ! isoneof mode
${HOSTAPD_SUPPORTED_MODES}; then
102 error
"Unsupported mode: ${mode}"
107 ssid
=$
(cli_get_val
"${1}")
110 local val
="$(cli_get_val "${1}")"
118 warning_log
"Ignoring unknown argument '${1}'."
124 # Check if mode is set
125 if ! isset mode
; then
126 error
"Mode is not set"
130 assert isset broadcast_ssid
131 assert isbool broadcast_ssid
134 assert isinteger channel
139 # Check if key is set when encryption is used.
140 if isset encryption
; then
141 assert isoneof encryption WPA WPA2 WPA
/WPA2
145 # Check wireless environment
146 if ! wireless_environment_is_valid
"${environment}"; then
147 error
"Invalid wireless environment: ${environment}"
151 # With channel 0, ACS must be supported
152 if [ ${channel} -eq 0 ] && ! wireless_supports_acs
"${device}"; then
153 error
"ACS requested, but not supported by ${device}"
157 # Check channel bandwidth for validity
158 if isset channel_bandwidth
&& ! wireless_channel_bandwidth_is_valid
"${mode}" "${channel_bandwidth}"; then
159 error
"Invalid channel bandwidth for ${mode}: ${channel_bandwidth}"
163 # Management Frame Proection
164 if ! isbool mfp
; then
165 error
"Invalid value for --mfp: ${mfp}"
173 local vht_oper_chwidth
="0"
187 ht_caps
="$(wireless_get_ht_caps "${device}")"
199 ht_caps
="$(wireless_get_ht_caps "${device}")"
208 vht_caps
="$(wireless_get_vht_caps "${device}")"
211 ht_caps
="$(wireless_get_ht_caps "${device}")"
213 case "${channel_bandwidth}" in
230 # Get all supported pairwise ciphers
231 local pairwise_ciphers
=()
232 for cipher
in ${HOSTAPD_SUPPORTED_PAIRWISE_CIPHERS[*]}; do
233 if phy_supports_cipher
"${phy}" "${cipher}"; then
234 pairwise_ciphers
+=( "$(hostapd_cipher_name "${cipher}")" )
238 # Get all supported group ciphers
239 local group_ciphers
=()
240 for cipher
in ${HOSTAPD_SUPPORTED_GROUP_CIPHERS[*]}; do
241 if phy_supports_cipher
"${phy}" "${cipher}"; then
242 group_ciphers
+=( "$(hostapd_cipher_name "${cipher}")" )
246 # Create configuration directory.
247 local config_dir
=$
(dirname ${file})
248 mkdir
-p ${HOSTAPD_CONTROL_INTERFACE_DIR} ${config_dir} 2>/dev
/null
250 config_header
"hostapd" > ${file}
252 # Interface configuration
254 print
"# Interface configuration"
255 print
"driver=nl80211"
256 print
"interface=${device}"
260 # Wireless configuration
261 local ignore_broadcast_ssid
262 if enabled broadcast_ssid
; then
263 ignore_broadcast_ssid
="0"
265 ignore_broadcast_ssid
="1"
269 # Advertise country code and maximum transmission power
271 print
"country_code=${country_code}"
273 # Wireless Environment
274 case "${environment}" in
276 print
"country3=0x49"
280 print
"country3=0x4f"
283 print
"country3=0x20"
287 # Always advertise TPC
288 print
"local_pwr_constraint=3"
289 print
"spectrum_mgmt_required=1"
291 # Enable Radar Detection
292 if enabled dfs
&& wireless_supports_dfs
"${device}"; then
300 print
"# Wireless configuration"
301 print
"hw_mode=${hw_mode}"
303 if isset ieee80211ac
; then
304 print
"ieee80211ac=${ieee80211ac}"
307 if isset ieee80211n
; then
308 print
"ieee80211n=${ieee80211n}"
311 print
"channel=${channel}"
312 print
"ignore_broadcast_ssid=${ignore_broadcast_ssid}"
314 print
"ssid2=\"${ssid}\""
317 # Kick stations that are too far away
318 print
"disassoc_low_ack=1"
320 # WMM & WMM-PS Unscheduled Automatic Power Save Delivery
321 print
"wmm_enabled=${wmm}"
322 print
"uapsd_advertisement_enabled=1"
324 # Low Priority / AC_BK = Background
325 print
"wmm_ac_bk_cwmin=4"
326 print
"wmm_ac_bk_cwmax=10"
327 print
"wmm_ac_bk_aifs=7"
328 print
"wmm_ac_bk_txop_limit=0"
329 print
"wmm_ac_bk_acm=0"
330 print
"tx_queue_data3_aifs=7"
331 print
"tx_queue_data3_cwmin=15"
332 print
"tx_queue_data3_cwmax=1023"
333 print
"tx_queue_data3_burst=0"
335 # Normal Priority / AC_BE = Best Effort
336 print
"wmm_ac_be_aifs=3"
337 print
"wmm_ac_be_cwmin=4"
338 print
"wmm_ac_be_cwmax=10"
339 print
"wmm_ac_be_txop_limit=0"
340 print
"wmm_ac_be_acm=0"
341 print
"tx_queue_data2_aifs=3"
342 print
"tx_queue_data2_cwmin=15"
343 print
"tx_queue_data2_cwmax=63"
344 print
"tx_queue_data2_burst=0"
346 # High Priority / AC_VI = Video
347 print
"wmm_ac_vi_aifs=2"
348 print
"wmm_ac_vi_cwmin=3"
349 print
"wmm_ac_vi_cwmax=4"
350 print
"wmm_ac_vi_txop_limit=94"
351 print
"wmm_ac_vi_acm=0"
352 print
"tx_queue_data1_aifs=1"
353 print
"tx_queue_data1_cwmin=7"
354 print
"tx_queue_data1_cwmax=15"
355 print
"tx_queue_data1_burst=3.0"
357 # Highest Priority / AC_VO = Voice
358 print
"wmm_ac_vo_aifs=2"
359 print
"wmm_ac_vo_cwmin=2"
360 print
"wmm_ac_vo_cwmax=3"
361 print
"wmm_ac_vo_txop_limit=47"
362 print
"wmm_ac_vo_acm=0"
363 print
"tx_queue_data0_aifs=1"
364 print
"tx_queue_data0_cwmin=3"
365 print
"tx_queue_data0_cwmax=7"
366 print
"tx_queue_data0_burst=1.5"
369 if isset vht_caps
; then
370 print
"vht_capab=${vht_caps}"
374 print
"ht_capab=${ht_caps}"
377 print
"vht_oper_chwidth=${vht_oper_chwidth}"
381 # 802.11w - Management Frame Protection (MFP)
383 print
"ieee80211w=2" # required
391 print
"# Control interface"
392 print
"ctrl_interface=${HOSTAPD_CONTROL_INTERFACE_DIR}"
393 print
"ctrl_interface_group=0"
397 # Encryption settings
398 if isset encryption
; then
399 local encryption_mode
=0
400 case "${encryption}" in
413 print
"# Encryption settings"
414 print
"wpa=${encryption_mode}"
415 print
"wpa_passphrase=${key}"
416 print
"wpa_key_mgmt=WPA-PSK"
417 print
"wpa_pairwise=${pairwise_ciphers[*]}"
418 print
"rsn_pairwise=${pairwise_ciphers[*]}"
419 print
"group_cipher=${group_ciphers[*]}"
424 # Log configuration file
425 file_to_log DEBUG
"${file}"
434 service_start
"hostapd@${device}.service"
437 if [ ${ret} -eq ${EXIT_OK} ]; then
438 log DEBUG
"hostapd has been successfully started on '${device}'"
440 log ERROR
"Could not start hostapd on '${device}': ${ret}"
451 service_stop
"hostapd@${device}.service"
454 hostapd_cipher_name
() {