[people/ms/network.git] / src / hooks / ports / wireless-ap

#!/bin/bash
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /usr/lib/network/header-port

HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"

HOOK_SETTINGS=(
	"ADDRESS"
	"BROADCAST_SSID"
	"CHANNEL"
	"CHANNEL_BANDWIDTH"
	"DFS"
	"ENVIRONMENT"
	"MFP"
	"MODE"
	"PHY"
	"SECRET"
	"SSID"
	"WPA3_PERSONAL"
	"WPA2_PERSONAL"
)

# Disable WPA3+2 by default
DEFAULT_WPA3_PERSONAL="off"
DEFAULT_WPA2_PERSONAL="off"

# Broadcast SSID by default
DEFAULT_BROADCAST_SSID="on"

# Perform radar detection by default when possible
DEFAULT_DFS="on"

# 802.11w - Management Frame Protection
DEFAULT_MFP="on"

DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"

hook_check_settings() {
	assert isset ADDRESS
	assert ismac ADDRESS
	assert isset BROADCAST_SSID
	assert isbool BROADCAST_SSID
	assert isset CHANNEL
	assert isbool DFS
	assert isbool MFP
	assert isset MODE
	assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
	assert isset PHY
	assert ismac PHY
	assert isset SSID

	assert wireless_environment_is_valid "${ENVIRONMENT}"
}

hook_parse_cmdline() {
	while [ $# -gt 0 ]; do
		case "${1}" in
			--broadcast-ssid=*)
				BROADCAST_SSID=$(cli_get_val "${1}")
				;;
			--channel=*)
				CHANNEL=$(cli_get_val "${1}")
				;;
			--channel-bandwidth=*)
				CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
				;;
			--dfs=*)
				DFS="$(cli_get_val "${1}")"

				if enabled DFS; then
					DFS="on"
				elif disabled DFS; then
					DFS="off"
				else
					error "Invalid value for DFS: ${DFS}"
					return ${EXIT_ERROR}
				fi
				;;
			--environment=*)
				ENVIRONMENT="$(cli_get_val "${1}")"

				if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
					error "Invalid wireless environment: ${ENVIRONMENT}"
					return ${EXIT_ERROR}
				fi
				;;
			--mac=*)
				ADDRESS=$(cli_get_val "${1}")
				;;
			--mfp=*)
				MFP="$(cli_get_val "${1}")"

				if enabled MFP; then
					MFP="on"
				elif disabled MFP; then
					MFP="off"
				else
					error "Invalid value for --mfp: ${MFP}"
					return ${EXIT_ERROR}
				fi
				;;
			--mode=*)
				MODE=$(cli_get_val "${1}")

				if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
					error "Unsupported mode: ${MODE}"
					error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
					return ${EXIT_ERROR}
				fi
				;;
			--phy=*)
				PHY=$(cli_get_val "${1}")
				;;
			--secret=*)
				SECRET="$(cli_get_val "${1}")"
				;;
			--ssid=*)
				SSID=$(cli_get_val "${1}")
				;;
			--wpa2-personal=*)
				WPA2_PERSONAL="$(cli_get_bool "${1}")"
				;;
			--wpa3-personal=*)
				WPA3_PERSONAL="$(cli_get_bool "${1}")"
				;;
			*)
				warning "Ignoring unknown argument '${1}'"
				;;
		esac
		shift
	done

	# Generate a random MAC address if none is set
	if ! isset ADDRESS; then
		ADDRESS="$(mac_generate)"
	fi

	# MODE must be set
	if ! isset MODE; then
		error "--mode is not set"
		return ${EXIT_ERROR}
	fi

	# Automatically enable ACS if no channel is set and ACS is available
	if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
		CHANNEL="0"

		log INFO "Automatic Channel Selection (ACS) enabled"
	fi

	# Channel bandwidth must match the mode
	if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
		error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
		return ${EXIT_ERROR}
	fi

	# Check if SECRET is set when WPA* is enabled
	if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
		error "Secret is not set when PSK authentication is enabled"
		return ${EXIT_ERROR}
	fi

	# Save address of phy do identify it again
	PHY=$(phy_get ${PHY})
	PHY=$(phy_get_address ${PHY})
}

hook_edit() {
	local port=${1}
	assert isset port

	if ! hook_default_edit "$@"; then
		return ${EXIT_ERROR}
	fi

	# To apply all changes, we need to restart the port
	port_restart "${port}"
}

hook_create() {
	local port="${1}"
	assert isset port

	device_exists "${port}" && exit ${EXIT_OK}

	port_settings_read "${port}"

	# Check if the PHY is present.
	local phy=$(phy_get ${PHY})
	if ! isset phy; then
		log DEBUG "phy '${PHY}' is not present"
		exit ${EXIT_ERROR}
	fi

	# Create the wireless device
	wireless_create "${port}" \
		--phy="${phy}" \
		--type="ap" \
		--address="${ADDRESS}"

	exit ${EXIT_OK}
}

hook_remove() {
	local port="${1}"
	assert isset port

	# Remove the device if present
	if device_exists "${port}"; then
		wireless_remove "${port}"
	fi

	exit ${EXIT_OK}
}

hook_up() {
	local port="${1}"
	assert isset port

	# The port must already exist before
	# hostapd is started. Otherwise it will
	# fail horribly over and over again.
	assert device_exists "${port}"

	hostapd_start "${port}"
}

hook_down() {
	local port="${1}"
	assert isset port

	hostapd_stop "${port}"
}

hook_hotplug() {
	local port="${1}"
	assert isset port

	case "$(hotplug_action)" in
		add)
			# Create the port when the phy is plugged in
			if hotplug_event_port_uses_phy "${port}"; then
				hook_create "${port}"
			fi
			;;

		remove)
			# Stop hostapd
			if hotplug_event_port_is_interface "${port}"; then
				hostapd_stop "${port}"

				exit ${EXIT_OK}
			fi
			;;
	esac

	exit ${EXIT_NOT_HANDLED}
}
Commit	Line	Data
d76f5107 MT	1	#!/bin/bash
	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2010 Michael Tremer & Christian Schmidt #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
	21
8ee92277	22	. /usr/lib/network/header-port
d76f5107	23
54bae947 MT	24	HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
54bae947 MT	25
d389e96b MT	26	HOOK_SETTINGS=(
	27	"ADDRESS"
	28	"BROADCAST_SSID"
	29	"CHANNEL"
	30	"CHANNEL_BANDWIDTH"
	31	"DFS"
d389e96b	32	"ENVIRONMENT"
d389e96b MT	33	"MFP"
	34	"MODE"
	35	"PHY"
0a4c5aba	36	"SECRET"
d389e96b	37	"SSID"
0a4c5aba MT	38	"WPA3_PERSONAL"
0a4c5aba MT	39	"WPA2_PERSONAL"
d389e96b	40	)
d76f5107	41
0a4c5aba MT	42	# Disable WPA3+2 by default
	43	DEFAULT_WPA3_PERSONAL="off"
	44	DEFAULT_WPA2_PERSONAL="off"
	45
4637109c MT	46	# Broadcast SSID by default
4637109c MT	47	DEFAULT_BROADCAST_SSID="on"
d76f5107	48
7b297fb2	49	# Perform radar detection by default when possible
4637109c	50	DEFAULT_DFS="on"
7b297fb2	51
34ca3936	52	# 802.11w - Management Frame Protection
298a1ffe	53	DEFAULT_MFP="on"
34ca3936	54
4637109c	55	DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
7842c2ce	56
1c6a4e30	57	hook_check_settings() {
d76f5107 MT	58	assert isset ADDRESS
	59	assert ismac ADDRESS
	60	assert isset BROADCAST_SSID
	61	assert isbool BROADCAST_SSID
	62	assert isset CHANNEL
7b297fb2	63	assert isbool DFS
34ca3936	64	assert isbool MFP
d76f5107	65	assert isset MODE
6c262922	66	assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
d76f5107 MT	67	assert isset PHY
	68	assert ismac PHY
	69	assert isset SSID
25e32463	70
7842c2ce	71	assert wireless_environment_is_valid "${ENVIRONMENT}"
d76f5107 MT	72	}
d76f5107 MT	73
270aab39	74	hook_parse_cmdline() {
d76f5107 MT	75	while [ $# -gt 0 ]; do
	76	case "${1}" in
	77	--broadcast-ssid=*)
2212045f	78	BROADCAST_SSID=$(cli_get_val "${1}")
d76f5107 MT	79	;;
d76f5107 MT	80	--channel=*)
2212045f	81	CHANNEL=$(cli_get_val "${1}")
d76f5107	82	;;
54094fc7 MT	83	--channel-bandwidth=*)
	84	CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
	85	;;
7b297fb2 MT	86	--dfs=*)
	87	DFS="$(cli_get_val "${1}")"
	88
	89	if enabled DFS; then
	90	DFS="on"
	91	elif disabled DFS; then
	92	DFS="off"
	93	else
	94	error "Invalid value for DFS: ${DFS}"
	95	return ${EXIT_ERROR}
	96	fi
	97	;;
7842c2ce MT	98	--environment=*)
	99	ENVIRONMENT="$(cli_get_val "${1}")"
	100
	101	if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
	102	error "Invalid wireless environment: ${ENVIRONMENT}"
	103	return ${EXIT_ERROR}
	104	fi
	105	;;
d76f5107	106	--mac=*)
2212045f	107	ADDRESS=$(cli_get_val "${1}")
d76f5107	108	;;
34ca3936 MT	109	--mfp=*)
	110	MFP="$(cli_get_val "${1}")"
	111
	112	if enabled MFP; then
	113	MFP="on"
	114	elif disabled MFP; then
	115	MFP="off"
	116	else
	117	error "Invalid value for --mfp: ${MFP}"
	118	return ${EXIT_ERROR}
	119	fi
	120	;;
d76f5107	121	--mode=*)
2212045f	122	MODE=$(cli_get_val "${1}")
6c262922 MT	123
	124	if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
	125	error "Unsupported mode: ${MODE}"
	126	error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
	127	return ${EXIT_ERROR}
	128	fi
d76f5107 MT	129	;;
d76f5107 MT	130	--phy=*)
2212045f	131	PHY=$(cli_get_val "${1}")
d76f5107	132	;;
0a4c5aba MT	133	--secret=*)
	134	SECRET="$(cli_get_val "${1}")"
	135	;;
d76f5107	136	--ssid=*)
2212045f	137	SSID=$(cli_get_val "${1}")
d76f5107	138	;;
0a4c5aba MT	139	--wpa2-personal=*)
	140	WPA2_PERSONAL="$(cli_get_bool "${1}")"
	141	;;
	142	--wpa3-personal=*)
	143	WPA3_PERSONAL="$(cli_get_bool "${1}")"
	144	;;
d76f5107 MT	145	*)
	146	warning "Ignoring unknown argument '${1}'"
	147	;;
	148	esac
	149	shift
	150	done
	151
8578e61d MT	152	# Generate a random MAC address if none is set
	153	if ! isset ADDRESS; then
	154	ADDRESS="$(mac_generate)"
	155	fi
	156
6c262922 MT	157	# MODE must be set
	158	if ! isset MODE; then
	159	error "--mode is not set"
	160	return ${EXIT_ERROR}
	161	fi
	162
1b4aa2ca MT	163	# Automatically enable ACS if no channel is set and ACS is available
	164	if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
	165	CHANNEL="0"
	166
	167	log INFO "Automatic Channel Selection (ACS) enabled"
	168	fi
	169
54094fc7 MT	170	# Channel bandwidth must match the mode
54094fc7 MT	171	if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
f9e980d9	172	error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
54094fc7 MT	173	return ${EXIT_ERROR}
	174	fi
	175
0a4c5aba MT	176	# Check if SECRET is set when WPA* is enabled
	177	if ! isset SECRET && (enabled WPA3_PERSONAL \|\| enabled WPA2_PERSONAL); then
	178	error "Secret is not set when PSK authentication is enabled"
	179	return ${EXIT_ERROR}
	180	fi
	181
d76f5107 MT	182	# Save address of phy do identify it again
	183	PHY=$(phy_get ${PHY})
	184	PHY=$(phy_get_address ${PHY})
270aab39 MT	185	}
270aab39 MT	186
1c6a4e30	187	hook_edit() {
d76f5107	188	local port=${1}
d76f5107 MT	189	assert isset port
d76f5107 MT	190
2212045f	191	if ! hook_default_edit "$@"; then
270aab39 MT	192	return ${EXIT_ERROR}
270aab39 MT	193	fi
d76f5107	194
270aab39 MT	195	# To apply all changes, we need to restart the port
270aab39 MT	196	port_restart "${port}"
d76f5107 MT	197	}
d76f5107 MT	198
1c6a4e30	199	hook_create() {
1ba6a2bb	200	local port="${1}"
d76f5107 MT	201	assert isset port
d76f5107 MT	202
1ba6a2bb MT	203	device_exists "${port}" && exit ${EXIT_OK}
1ba6a2bb MT	204
eba9fa9c	205	port_settings_read "${port}"
d76f5107	206
49ec20d8 MT	207	# Check if the PHY is present.
	208	local phy=$(phy_get ${PHY})
	209	if ! isset phy; then
	210	log DEBUG "phy '${PHY}' is not present"
	211	exit ${EXIT_ERROR}
	212	fi
	213
1ba6a2bb MT	214	# Create the wireless device
	215	wireless_create "${port}" \
	216	--phy="${phy}" \
	217	--type="ap" \
	218	--address="${ADDRESS}"
d76f5107 MT	219
	220	exit ${EXIT_OK}
	221	}
	222
1c6a4e30	223	hook_remove() {
1ba6a2bb	224	local port="${1}"
d76f5107 MT	225	assert isset port
d76f5107 MT	226
b8026986 MT	227	# Remove the device if present
	228	if device_exists "${port}"; then
	229	wireless_remove "${port}"
47859d95	230	fi
d76f5107 MT	231
	232	exit ${EXIT_OK}
	233	}
	234
1c6a4e30	235	hook_up() {
1ba6a2bb MT	236	local port="${1}"
	237	assert isset port
	238
	239	# The port must already exist before
	240	# hostapd is started. Otherwise it will
	241	# fail horribly over and over again.
	242	assert device_exists "${port}"
	243
	244	hostapd_start "${port}"
	245	}
	246
1c6a4e30	247	hook_down() {
1ba6a2bb MT	248	local port="${1}"
	249	assert isset port
	250
	251	hostapd_stop "${port}"
	252	}
	253
1c6a4e30	254	hook_hotplug() {
b8026986	255	local port="${1}"
47859d95	256	assert isset port
49ec20d8	257
b8026986 MT	258	case "$(hotplug_action)" in
b8026986 MT	259	add)
1ba6a2bb MT	260	# Create the port when the phy is plugged in
	261	if hotplug_event_port_uses_phy "${port}"; then
	262	hook_create "${port}"
b8026986 MT	263	fi
	264	;;
	265
	266	remove)
	267	# Stop hostapd
	268	if hotplug_event_port_is_interface "${port}"; then
	269	hostapd_stop "${port}"
b8026986	270
1ba6a2bb MT	271	exit ${EXIT_OK}
1ba6a2bb MT	272	fi
b8026986 MT	273	;;
b8026986 MT	274	esac
47859d95	275
1ba6a2bb	276	exit ${EXIT_NOT_HANDLED}
47859d95	277	}