]>
Commit | Line | Data |
---|---|---|
1 | #!/bin/bash | |
2 | ############################################################################### | |
3 | # # | |
4 | # IPFire.org - A linux based firewall # | |
5 | # Copyright (C) 2012 IPFire Network Development Team # | |
6 | # # | |
7 | # This program is free software: you can redistribute it and/or modify # | |
8 | # it under the terms of the GNU General Public License as published by # | |
9 | # the Free Software Foundation, either version 3 of the License, or # | |
10 | # (at your option) any later version. # | |
11 | # # | |
12 | # This program is distributed in the hope that it will be useful, # | |
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of # | |
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # | |
15 | # GNU General Public License for more details. # | |
16 | # # | |
17 | # You should have received a copy of the GNU General Public License # | |
18 | # along with this program. If not, see <http://www.gnu.org/licenses/>. # | |
19 | # # | |
20 | ############################################################################### | |
21 | ||
22 | HOSTAPD_CONTROL_INTERFACE_DIR="/run/hostapd/ctrl" | |
23 | ||
24 | HOSTAPD_SUPPORTED_MODES="802.11a 802.11a/n 802.11ac 802.11g 802.11g/n" | |
25 | ||
26 | hostapd_config_write() { | |
27 | local device=${1} | |
28 | assert isset device | |
29 | ||
30 | local file=${2} | |
31 | assert isset file | |
32 | ||
33 | # Shift the device and file argument. | |
34 | shift 2 | |
35 | ||
36 | local broadcast_ssid | |
37 | local channel | |
38 | local channel_bandwidth | |
39 | local country_code="$(wireless_get_reg_domain)" | |
40 | local dfs="on" | |
41 | local encryption | |
42 | local environment="${WIRELESS_DEFAULT_ENVIRONMENT}" | |
43 | local key | |
44 | local mfp="off" | |
45 | local mode | |
46 | local ssid | |
47 | local wmm="1" | |
48 | ||
49 | while [ $# -gt 0 ]; do | |
50 | case "${1}" in | |
51 | --broadcast-ssid=*) | |
52 | broadcast_ssid=$(cli_get_val "${1}") | |
53 | ;; | |
54 | --channel=*) | |
55 | channel=$(cli_get_val "${1}") | |
56 | ;; | |
57 | --channel-bandwidth=*) | |
58 | channel_bandwidth="$(cli_get_val "${1}")" | |
59 | ;; | |
60 | --dfs=*) | |
61 | dfs="$(cli_get_val "${1}")" | |
62 | ;; | |
63 | --encryption=*) | |
64 | encryption=$(cli_get_val "${1}") | |
65 | ;; | |
66 | --environment=*) | |
67 | environment="$(cli_get_val "${1}")" | |
68 | ;; | |
69 | --key=*) | |
70 | key=$(cli_get_val "${1}") | |
71 | ;; | |
72 | --mfp=*) | |
73 | mfp="$(cli_get_val "${1}")" | |
74 | ;; | |
75 | --mode=*) | |
76 | mode=$(cli_get_val "${1}") | |
77 | ||
78 | if ! isoneof mode ${HOSTAPD_SUPPORTED_MODES}; then | |
79 | error "Unsupported mode: ${mode}" | |
80 | return ${EXIT_ERROR} | |
81 | fi | |
82 | ;; | |
83 | --ssid=*) | |
84 | ssid=$(cli_get_val "${1}") | |
85 | ;; | |
86 | --wmm=*) | |
87 | local val="$(cli_get_val "${1}")" | |
88 | if enabled val; then | |
89 | wmm="1" | |
90 | else | |
91 | wmm="0" | |
92 | fi | |
93 | ;; | |
94 | *) | |
95 | warning_log "Ignoring unknown argument '${1}'." | |
96 | ;; | |
97 | esac | |
98 | shift | |
99 | done | |
100 | ||
101 | # Check if mode is set | |
102 | if ! isset mode; then | |
103 | error "Mode is not set" | |
104 | return ${EXIT_ERROR} | |
105 | fi | |
106 | ||
107 | assert isset broadcast_ssid | |
108 | assert isbool broadcast_ssid | |
109 | ||
110 | assert isset channel | |
111 | assert isinteger channel | |
112 | ||
113 | assert isset mode | |
114 | assert isset ssid | |
115 | ||
116 | # Check if key is set when encryption is used. | |
117 | if isset encryption; then | |
118 | assert isoneof encryption WPA WPA2 WPA/WPA2 | |
119 | assert isset key | |
120 | fi | |
121 | ||
122 | # Check wireless environment | |
123 | if ! wireless_environment_is_valid "${environment}"; then | |
124 | error "Invalid wireless environment: ${environment}" | |
125 | return ${EXIT_ERROR} | |
126 | fi | |
127 | ||
128 | # With channel 0, ACS must be supported | |
129 | if [ ${channel} -eq 0 ] && ! wireless_supports_acs "${device}"; then | |
130 | error "ACS requested, but not supported by ${device}" | |
131 | return ${EXIT_ERROR} | |
132 | fi | |
133 | ||
134 | # Check channel bandwidth for validity | |
135 | if isset channel_bandwidth && ! wireless_channel_bandwidth_is_valid "${mode}" "${channel_bandwidth}"; then | |
136 | error "Invalid channel bandwidth for ${mode}: ${channel_bandwidth}" | |
137 | return ${EXIT_ERROR} | |
138 | fi | |
139 | ||
140 | # Management Frame Proection | |
141 | if ! isbool mfp; then | |
142 | error "Invalid value for --mfp: ${mfp}" | |
143 | return ${EXIT_ERROR} | |
144 | fi | |
145 | ||
146 | # 802.11ac/n flags | |
147 | local ieee80211ac | |
148 | local ieee80211n | |
149 | local vht_caps | |
150 | local vht_oper_chwidth="0" | |
151 | local ht_caps | |
152 | ||
153 | local hw_mode | |
154 | case "${mode}" in | |
155 | 802.11a) | |
156 | hw_mode="a" | |
157 | ;; | |
158 | ||
159 | 802.11a/n) | |
160 | hw_mode="a" | |
161 | ieee80211n="1" | |
162 | ||
163 | # Fetch HT caps | |
164 | ht_caps="$(wireless_get_ht_caps "${device}")" | |
165 | ;; | |
166 | ||
167 | 802.11g) | |
168 | hw_mode="g" | |
169 | ;; | |
170 | ||
171 | 802.11g/n) | |
172 | hw_mode="g" | |
173 | ieee80211n="1" | |
174 | ||
175 | # Fetch HT caps | |
176 | ht_caps="$(wireless_get_ht_caps "${device}")" | |
177 | ;; | |
178 | ||
179 | 802.11ac) | |
180 | hw_mode="a" | |
181 | ieee80211ac="1" | |
182 | ieee80211n="1" | |
183 | ||
184 | # Fetch VHT caps | |
185 | vht_caps="$(wireless_get_vht_caps "${device}")" | |
186 | ||
187 | # Fetch HT caps | |
188 | ht_caps="$(wireless_get_ht_caps "${device}")" | |
189 | ||
190 | case "${channel_bandwidth}" in | |
191 | 80) | |
192 | vht_oper_chwidth="1" | |
193 | ;; | |
194 | 160) | |
195 | vht_oper_chwidth="2" | |
196 | ;; | |
197 | 80+80) | |
198 | vht_oper_chwidth="3" | |
199 | ;; | |
200 | esac | |
201 | ;; | |
202 | esac | |
203 | ||
204 | # Create configuration directory. | |
205 | local config_dir=$(dirname ${file}) | |
206 | mkdir -p ${HOSTAPD_CONTROL_INTERFACE_DIR} ${config_dir} 2>/dev/null | |
207 | ||
208 | config_header "hostapd" > ${file} | |
209 | ||
210 | # Interface configuration | |
211 | ( | |
212 | print "# Interface configuration" | |
213 | print "driver=nl80211" | |
214 | print "interface=${device}" | |
215 | ||
216 | ) >> ${file} | |
217 | ||
218 | # Wireless configuration | |
219 | local ignore_broadcast_ssid | |
220 | if enabled broadcast_ssid; then | |
221 | ignore_broadcast_ssid="0" | |
222 | else | |
223 | ignore_broadcast_ssid="1" | |
224 | fi | |
225 | ||
226 | ( | |
227 | # Advertise country code and maximum transmission power | |
228 | print "ieee80211d=1" | |
229 | print "country_code=${country_code}" | |
230 | ||
231 | # Wireless Environment | |
232 | case "${environment}" in | |
233 | indoor) | |
234 | print "country3=0x49" | |
235 | country3 | |
236 | ;; | |
237 | outdoor) | |
238 | print "country3=0x4f" | |
239 | ;; | |
240 | indoor+outdoor) | |
241 | print "country3=0x20" | |
242 | ;; | |
243 | esac | |
244 | ||
245 | # Always advertise TPC | |
246 | print "local_pwr_constraint=3" | |
247 | print "spectrum_mgmt_required=1" | |
248 | ||
249 | # Enable Radar Detection | |
250 | if enabled dfs && wireless_supports_dfs "${device}"; then | |
251 | print "ieee80211h=1" | |
252 | else | |
253 | print "ieee80211h=0" | |
254 | fi | |
255 | ||
256 | print # empty line | |
257 | ||
258 | print "# Wireless configuration" | |
259 | print "hw_mode=${hw_mode}" | |
260 | ||
261 | if isset ieee80211ac; then | |
262 | print "ieee80211ac=${ieee80211ac}" | |
263 | fi | |
264 | ||
265 | if isset ieee80211n; then | |
266 | print "ieee80211n=${ieee80211n}" | |
267 | fi | |
268 | ||
269 | print "channel=${channel}" | |
270 | print "ignore_broadcast_ssid=${ignore_broadcast_ssid}" | |
271 | ||
272 | print "ssid2=\"${ssid}\"" | |
273 | print "utf8_ssid=1" | |
274 | ||
275 | # Kick stations that are too far away | |
276 | print "disassoc_low_ack=1" | |
277 | ||
278 | # WMM & WMM-PS Unscheduled Automatic Power Save Delivery | |
279 | print "wmm_enabled=${wmm}" | |
280 | print "uapsd_advertisement_enabled=1" | |
281 | ||
282 | # Low Priority / AC_BK = Background | |
283 | print "wmm_ac_bk_cwmin=4" | |
284 | print "wmm_ac_bk_cwmax=10" | |
285 | print "wmm_ac_bk_aifs=7" | |
286 | print "wmm_ac_bk_txop_limit=0" | |
287 | print "wmm_ac_bk_acm=0" | |
288 | print "tx_queue_data3_aifs=7" | |
289 | print "tx_queue_data3_cwmin=15" | |
290 | print "tx_queue_data3_cwmax=1023" | |
291 | print "tx_queue_data3_burst=0" | |
292 | ||
293 | # Normal Priority / AC_BE = Best Effort | |
294 | print "wmm_ac_be_aifs=3" | |
295 | print "wmm_ac_be_cwmin=4" | |
296 | print "wmm_ac_be_cwmax=10" | |
297 | print "wmm_ac_be_txop_limit=0" | |
298 | print "wmm_ac_be_acm=0" | |
299 | print "tx_queue_data2_aifs=3" | |
300 | print "tx_queue_data2_cwmin=15" | |
301 | print "tx_queue_data2_cwmax=63" | |
302 | print "tx_queue_data2_burst=0" | |
303 | ||
304 | # High Priority / AC_VI = Video | |
305 | print "wmm_ac_vi_aifs=2" | |
306 | print "wmm_ac_vi_cwmin=3" | |
307 | print "wmm_ac_vi_cwmax=4" | |
308 | print "wmm_ac_vi_txop_limit=94" | |
309 | print "wmm_ac_vi_acm=0" | |
310 | print "tx_queue_data1_aifs=1" | |
311 | print "tx_queue_data1_cwmin=7" | |
312 | print "tx_queue_data1_cwmax=15" | |
313 | print "tx_queue_data1_burst=3.0" | |
314 | ||
315 | # Highest Priority / AC_VO = Voice | |
316 | print "wmm_ac_vo_aifs=2" | |
317 | print "wmm_ac_vo_cwmin=2" | |
318 | print "wmm_ac_vo_cwmax=3" | |
319 | print "wmm_ac_vo_txop_limit=47" | |
320 | print "wmm_ac_vo_acm=0" | |
321 | print "tx_queue_data0_aifs=1" | |
322 | print "tx_queue_data0_cwmin=3" | |
323 | print "tx_queue_data0_cwmax=7" | |
324 | print "tx_queue_data0_burst=1.5" | |
325 | ||
326 | # Enable VHT caps | |
327 | if isset vht_caps; then | |
328 | print "vht_capab=${vht_caps}" | |
329 | fi | |
330 | ||
331 | # Enable HT caps | |
332 | print "ht_capab=${ht_caps}" | |
333 | ||
334 | # Wider Channels | |
335 | print "vht_oper_chwidth=${vht_oper_chwidth}" | |
336 | ||
337 | ||
338 | ||
339 | # 802.11w - Management Frame Protection (MFP) | |
340 | if enabled mfp; then | |
341 | print "ieee80211w=2" # required | |
342 | else | |
343 | print "ieee80211w=0" | |
344 | fi | |
345 | ) >> ${file} | |
346 | ||
347 | # Control interface. | |
348 | ( | |
349 | print "# Control interface" | |
350 | print "ctrl_interface=${HOSTAPD_CONTROL_INTERFACE_DIR}" | |
351 | print "ctrl_interface_group=0" | |
352 | ||
353 | ) >> ${file} | |
354 | ||
355 | # Encryption settings | |
356 | if isset encryption; then | |
357 | local encryption_mode=0 | |
358 | case "${encryption}" in | |
359 | WPA) | |
360 | encryption_mode=1 | |
361 | ;; | |
362 | WPA2) | |
363 | encryption_mode=2 | |
364 | ;; | |
365 | WPA/WPA2) | |
366 | encryption_mode=3 | |
367 | ;; | |
368 | esac | |
369 | ||
370 | ( | |
371 | print "# Encryption settings" | |
372 | print "wpa=${encryption_mode}" | |
373 | print "wpa_passphrase=${key}" | |
374 | print "wpa_key_mgmt=WPA-PSK" | |
375 | print "wpa_pairwise=TKIP" | |
376 | print "rsn_pairwise=CCMP" | |
377 | ||
378 | ) >> ${file} | |
379 | fi | |
380 | ||
381 | # Log configuration file | |
382 | file_to_log DEBUG "${file}" | |
383 | ||
384 | return ${EXIT_OK} | |
385 | } | |
386 | ||
387 | hostapd_start() { | |
388 | local device=${1} | |
389 | assert isset device | |
390 | ||
391 | service_start "hostapd@${device}.service" | |
392 | local ret=$? | |
393 | ||
394 | if [ ${ret} -eq ${EXIT_OK} ]; then | |
395 | log DEBUG "hostapd has been successfully started on '${device}'" | |
396 | else | |
397 | log ERROR "Could not start hostapd on '${device}': ${ret}" | |
398 | return ${EXIT_ERROR} | |
399 | fi | |
400 | ||
401 | return ${EXIT_OK} | |
402 | } | |
403 | ||
404 | hostapd_stop() { | |
405 | local device=${1} | |
406 | assert isset device | |
407 | ||
408 | service_stop "hostapd@${device}.service" | |
409 | } |