wireless-ap: Enable 802.11w by default
[people/ms/network.git] / src / hooks / ports / wireless-ap
1 #!/bin/bash
2 ###############################################################################
3 # #
4 # IPFire.org - A linux based firewall #
5 # Copyright (C) 2010 Michael Tremer & Christian Schmidt #
6 # #
7 # This program is free software: you can redistribute it and/or modify #
8 # it under the terms of the GNU General Public License as published by #
9 # the Free Software Foundation, either version 3 of the License, or #
10 # (at your option) any later version. #
11 # #
12 # This program is distributed in the hope that it will be useful, #
13 # but WITHOUT ANY WARRANTY; without even the implied warranty of #
14 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
15 # GNU General Public License for more details. #
16 # #
17 # You should have received a copy of the GNU General Public License #
18 # along with this program. If not, see <http://www.gnu.org/licenses/>. #
19 # #
20 ###############################################################################
21
22 . /usr/lib/network/header-port
23
24 HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
25
26 HOOK_SETTINGS=(
27 "ADDRESS"
28 "BROADCAST_SSID"
29 "CHANNEL"
30 "CHANNEL_BANDWIDTH"
31 "DFS"
32 "ENVIRONMENT"
33 "MFP"
34 "MODE"
35 "PHY"
36 "SECRET"
37 "SSID"
38 "WPA3_PERSONAL"
39 "WPA2_PERSONAL"
40 )
41
42 # Disable WPA3+2 by default
43 DEFAULT_WPA3_PERSONAL="off"
44 DEFAULT_WPA2_PERSONAL="off"
45
46 # Broadcast SSID by default
47 DEFAULT_BROADCAST_SSID="on"
48
49 # Perform radar detection by default when possible
50 DEFAULT_DFS="on"
51
52 # 802.11w - Management Frame Protection
53 DEFAULT_MFP="on"
54
55 DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
56
57 hook_check_settings() {
58 assert isset ADDRESS
59 assert ismac ADDRESS
60 assert isset BROADCAST_SSID
61 assert isbool BROADCAST_SSID
62 assert isset CHANNEL
63 assert isbool DFS
64 assert isbool MFP
65 assert isset MODE
66 assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
67 assert isset PHY
68 assert ismac PHY
69 assert isset SSID
70
71 assert wireless_environment_is_valid "${ENVIRONMENT}"
72 }
73
74 hook_parse_cmdline() {
75 while [ $# -gt 0 ]; do
76 case "${1}" in
77 --broadcast-ssid=*)
78 BROADCAST_SSID=$(cli_get_val "${1}")
79 ;;
80 --channel=*)
81 CHANNEL=$(cli_get_val "${1}")
82 ;;
83 --channel-bandwidth=*)
84 CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
85 ;;
86 --dfs=*)
87 DFS="$(cli_get_val "${1}")"
88
89 if enabled DFS; then
90 DFS="on"
91 elif disabled DFS; then
92 DFS="off"
93 else
94 error "Invalid value for DFS: ${DFS}"
95 return ${EXIT_ERROR}
96 fi
97 ;;
98 --environment=*)
99 ENVIRONMENT="$(cli_get_val "${1}")"
100
101 if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
102 error "Invalid wireless environment: ${ENVIRONMENT}"
103 return ${EXIT_ERROR}
104 fi
105 ;;
106 --mac=*)
107 ADDRESS=$(cli_get_val "${1}")
108 ;;
109 --mfp=*)
110 MFP="$(cli_get_val "${1}")"
111
112 if enabled MFP; then
113 MFP="on"
114 elif disabled MFP; then
115 MFP="off"
116 else
117 error "Invalid value for --mfp: ${MFP}"
118 return ${EXIT_ERROR}
119 fi
120 ;;
121 --mode=*)
122 MODE=$(cli_get_val "${1}")
123
124 if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
125 error "Unsupported mode: ${MODE}"
126 error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
127 return ${EXIT_ERROR}
128 fi
129 ;;
130 --phy=*)
131 PHY=$(cli_get_val "${1}")
132 ;;
133 --secret=*)
134 SECRET="$(cli_get_val "${1}")"
135 ;;
136 --ssid=*)
137 SSID=$(cli_get_val "${1}")
138 ;;
139 --wpa2-personal=*)
140 WPA2_PERSONAL="$(cli_get_bool "${1}")"
141 ;;
142 --wpa3-personal=*)
143 WPA3_PERSONAL="$(cli_get_bool "${1}")"
144 ;;
145 *)
146 warning "Ignoring unknown argument '${1}'"
147 ;;
148 esac
149 shift
150 done
151
152 # Generate a random MAC address if none is set
153 if ! isset ADDRESS; then
154 ADDRESS="$(mac_generate)"
155 fi
156
157 # MODE must be set
158 if ! isset MODE; then
159 error "--mode is not set"
160 return ${EXIT_ERROR}
161 fi
162
163 # Automatically enable ACS if no channel is set and ACS is available
164 if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
165 CHANNEL="0"
166
167 log INFO "Automatic Channel Selection (ACS) enabled"
168 fi
169
170 # Channel bandwidth must match the mode
171 if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
172 error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
173 return ${EXIT_ERROR}
174 fi
175
176 # Check if SECRET is set when WPA* is enabled
177 if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
178 error "Secret is not set when PSK authentication is enabled"
179 return ${EXIT_ERROR}
180 fi
181
182 # Save address of phy do identify it again
183 PHY=$(phy_get ${PHY})
184 PHY=$(phy_get_address ${PHY})
185 }
186
187 hook_edit() {
188 local port=${1}
189 assert isset port
190
191 if ! hook_default_edit "$@"; then
192 return ${EXIT_ERROR}
193 fi
194
195 # To apply all changes, we need to restart the port
196 port_restart "${port}"
197 }
198
199 hook_create() {
200 local port="${1}"
201 assert isset port
202
203 device_exists "${port}" && exit ${EXIT_OK}
204
205 port_settings_read "${port}"
206
207 # Check if the PHY is present.
208 local phy=$(phy_get ${PHY})
209 if ! isset phy; then
210 log DEBUG "phy '${PHY}' is not present"
211 exit ${EXIT_ERROR}
212 fi
213
214 # Create the wireless device
215 wireless_create "${port}" \
216 --phy="${phy}" \
217 --type="ap" \
218 --address="${ADDRESS}"
219
220 exit ${EXIT_OK}
221 }
222
223 hook_remove() {
224 local port="${1}"
225 assert isset port
226
227 # Remove the device if present
228 if device_exists "${port}"; then
229 wireless_remove "${port}"
230 fi
231
232 exit ${EXIT_OK}
233 }
234
235 hook_up() {
236 local port="${1}"
237 assert isset port
238
239 # The port must already exist before
240 # hostapd is started. Otherwise it will
241 # fail horribly over and over again.
242 assert device_exists "${port}"
243
244 hostapd_start "${port}"
245 }
246
247 hook_down() {
248 local port="${1}"
249 assert isset port
250
251 hostapd_stop "${port}"
252 }
253
254 hook_hotplug() {
255 local port="${1}"
256 assert isset port
257
258 case "$(hotplug_action)" in
259 add)
260 # Create the port when the phy is plugged in
261 if hotplug_event_port_uses_phy "${port}"; then
262 hook_create "${port}"
263 fi
264 ;;
265
266 remove)
267 # Stop hostapd
268 if hotplug_event_port_is_interface "${port}"; then
269 hostapd_stop "${port}"
270
271 exit ${EXIT_OK}
272 fi
273 ;;
274 esac
275
276 exit ${EXIT_NOT_HANDLED}
277 }