wireless-ap: Enable 802.11w by default
[people/ms/network.git] / src / hooks / ports / wireless-ap
1 #!/bin/bash
2 ###############################################################################
3 #                                                                             #
4 # IPFire.org - A linux based firewall                                         #
5 # Copyright (C) 2010  Michael Tremer & Christian Schmidt                      #
6 #                                                                             #
7 # This program is free software: you can redistribute it and/or modify        #
8 # it under the terms of the GNU General Public License as published by        #
9 # the Free Software Foundation, either version 3 of the License, or           #
10 # (at your option) any later version.                                         #
11 #                                                                             #
12 # This program is distributed in the hope that it will be useful,             #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of              #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
15 # GNU General Public License for more details.                                #
16 #                                                                             #
17 # You should have received a copy of the GNU General Public License           #
18 # along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
19 #                                                                             #
20 ###############################################################################
21
22 . /usr/lib/network/header-port
23
24 HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
25
26 HOOK_SETTINGS=(
27         "ADDRESS"
28         "BROADCAST_SSID"
29         "CHANNEL"
30         "CHANNEL_BANDWIDTH"
31         "DFS"
32         "ENVIRONMENT"
33         "MFP"
34         "MODE"
35         "PHY"
36         "SECRET"
37         "SSID"
38         "WPA3_PERSONAL"
39         "WPA2_PERSONAL"
40 )
41
42 # Disable WPA3+2 by default
43 DEFAULT_WPA3_PERSONAL="off"
44 DEFAULT_WPA2_PERSONAL="off"
45
46 # Broadcast SSID by default
47 DEFAULT_BROADCAST_SSID="on"
48
49 # Perform radar detection by default when possible
50 DEFAULT_DFS="on"
51
52 # 802.11w - Management Frame Protection
53 DEFAULT_MFP="on"
54
55 DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
56
57 hook_check_settings() {
58         assert isset ADDRESS
59         assert ismac ADDRESS
60         assert isset BROADCAST_SSID
61         assert isbool BROADCAST_SSID
62         assert isset CHANNEL
63         assert isbool DFS
64         assert isbool MFP
65         assert isset MODE
66         assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
67         assert isset PHY
68         assert ismac PHY
69         assert isset SSID
70
71         assert wireless_environment_is_valid "${ENVIRONMENT}"
72 }
73
74 hook_parse_cmdline() {
75         while [ $# -gt 0 ]; do
76                 case "${1}" in
77                         --broadcast-ssid=*)
78                                 BROADCAST_SSID=$(cli_get_val "${1}")
79                                 ;;
80                         --channel=*)
81                                 CHANNEL=$(cli_get_val "${1}")
82                                 ;;
83                         --channel-bandwidth=*)
84                                 CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
85                                 ;;
86                         --dfs=*)
87                                 DFS="$(cli_get_val "${1}")"
88
89                                 if enabled DFS; then
90                                         DFS="on"
91                                 elif disabled DFS; then
92                                         DFS="off"
93                                 else
94                                         error "Invalid value for DFS: ${DFS}"
95                                         return ${EXIT_ERROR}
96                                 fi
97                                 ;;
98                         --environment=*)
99                                 ENVIRONMENT="$(cli_get_val "${1}")"
100
101                                 if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
102                                         error "Invalid wireless environment: ${ENVIRONMENT}"
103                                         return ${EXIT_ERROR}
104                                 fi
105                                 ;;
106                         --mac=*)
107                                 ADDRESS=$(cli_get_val "${1}")
108                                 ;;
109                         --mfp=*)
110                                 MFP="$(cli_get_val "${1}")"
111
112                                 if enabled MFP; then
113                                         MFP="on"
114                                 elif disabled MFP; then
115                                         MFP="off"
116                                 else
117                                         error "Invalid value for --mfp: ${MFP}"
118                                         return ${EXIT_ERROR}
119                                 fi
120                                 ;;
121                         --mode=*)
122                                 MODE=$(cli_get_val "${1}")
123
124                                 if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
125                                         error "Unsupported mode: ${MODE}"
126                                         error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
127                                         return ${EXIT_ERROR}
128                                 fi
129                                 ;;
130                         --phy=*)
131                                 PHY=$(cli_get_val "${1}")
132                                 ;;
133                         --secret=*)
134                                 SECRET="$(cli_get_val "${1}")"
135                                 ;;
136                         --ssid=*)
137                                 SSID=$(cli_get_val "${1}")
138                                 ;;
139                         --wpa2-personal=*)
140                                 WPA2_PERSONAL="$(cli_get_bool "${1}")"
141                                 ;;
142                         --wpa3-personal=*)
143                                 WPA3_PERSONAL="$(cli_get_bool "${1}")"
144                                 ;;
145                         *)
146                                 warning "Ignoring unknown argument '${1}'"
147                                 ;;
148                 esac
149                 shift
150         done
151
152         # Generate a random MAC address if none is set
153         if ! isset ADDRESS; then
154                 ADDRESS="$(mac_generate)"
155         fi
156
157         # MODE must be set
158         if ! isset MODE; then
159                 error "--mode is not set"
160                 return ${EXIT_ERROR}
161         fi
162
163         # Automatically enable ACS if no channel is set and ACS is available
164         if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
165                 CHANNEL="0"
166
167                 log INFO "Automatic Channel Selection (ACS) enabled"
168         fi
169
170         # Channel bandwidth must match the mode
171         if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
172                 error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
173                 return ${EXIT_ERROR}
174         fi
175
176         # Check if SECRET is set when WPA* is enabled
177         if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
178                 error "Secret is not set when PSK authentication is enabled"
179                 return ${EXIT_ERROR}
180         fi
181
182         # Save address of phy do identify it again
183         PHY=$(phy_get ${PHY})
184         PHY=$(phy_get_address ${PHY})
185 }
186
187 hook_edit() {
188         local port=${1}
189         assert isset port
190
191         if ! hook_default_edit "$@"; then
192                 return ${EXIT_ERROR}
193         fi
194
195         # To apply all changes, we need to restart the port
196         port_restart "${port}"
197 }
198
199 hook_create() {
200         local port="${1}"
201         assert isset port
202
203         device_exists "${port}" && exit ${EXIT_OK}
204
205         port_settings_read "${port}"
206
207         # Check if the PHY is present.
208         local phy=$(phy_get ${PHY})
209         if ! isset phy; then
210                 log DEBUG "phy '${PHY}' is not present"
211                 exit ${EXIT_ERROR}
212         fi
213
214         # Create the wireless device
215         wireless_create "${port}" \
216                 --phy="${phy}" \
217                 --type="ap" \
218                 --address="${ADDRESS}"
219
220         exit ${EXIT_OK}
221 }
222
223 hook_remove() {
224         local port="${1}"
225         assert isset port
226
227         # Remove the device if present
228         if device_exists "${port}"; then
229                 wireless_remove "${port}"
230         fi
231
232         exit ${EXIT_OK}
233 }
234
235 hook_up() {
236         local port="${1}"
237         assert isset port
238
239         # The port must already exist before
240         # hostapd is started. Otherwise it will
241         # fail horribly over and over again.
242         assert device_exists "${port}"
243
244         hostapd_start "${port}"
245 }
246
247 hook_down() {
248         local port="${1}"
249         assert isset port
250
251         hostapd_stop "${port}"
252 }
253
254 hook_hotplug() {
255         local port="${1}"
256         assert isset port
257
258         case "$(hotplug_action)" in
259                 add)
260                         # Create the port when the phy is plugged in
261                         if hotplug_event_port_uses_phy "${port}"; then
262                                 hook_create "${port}"
263                         fi
264                         ;;
265
266                 remove)
267                         # Stop hostapd
268                         if hotplug_event_port_is_interface "${port}"; then
269                                 hostapd_stop "${port}"
270
271                                 exit ${EXIT_OK}
272                         fi
273                         ;;
274         esac
275
276         exit ${EXIT_NOT_HANDLED}
277 }