#!/bin/bash ############################################################################### # # # IPFire.org - A linux based firewall # # Copyright (C) 2010 Michael Tremer & Christian Schmidt # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # # the Free Software Foundation, either version 3 of the License, or # # (at your option) any later version. # # # # This program is distributed in the hope that it will be useful, # # but WITHOUT ANY WARRANTY; without even the implied warranty of # # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # # GNU General Public License for more details. # # # # You should have received a copy of the GNU General Public License # # along with this program. If not, see . # # # ############################################################################### . /usr/lib/network/header-port HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}" HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY" HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID" HOOK_SETTINGS="${HOOK_SETTINGS} MFP" ADDRESS=$(mac_generate) BROADCAST_SSID=on CHANNEL= CHANNEL_BANDWIDTH= ENCRYPTION="" KEY="" SSID= # Perform radar detection by default when possible DFS="on" # 802.11w - Management Frame Protection # Disable by default because many clients cannot connect when enabled MFP="off" ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}" hook_check_settings() { assert isset ADDRESS assert ismac ADDRESS assert isset BROADCAST_SSID assert isbool BROADCAST_SSID assert isset CHANNEL assert isbool DFS assert isbool MFP assert isset MODE assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES} assert isset PHY assert ismac PHY assert isset SSID if isset ENCRYPTION; then assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2 assert isset KEY assert [ ${#KEY} -ge 8 ] assert [ ${#KEY} -le 63 ] fi assert wireless_environment_is_valid "${ENVIRONMENT}" } hook_parse_cmdline() { while [ $# -gt 0 ]; do case "${1}" in --broadcast-ssid=*) BROADCAST_SSID=$(cli_get_val "${1}") ;; --channel=*) CHANNEL=$(cli_get_val "${1}") ;; --channel-bandwidth=*) CHANNEL_BANDWIDTH="$(cli_get_val "${1}")" ;; --dfs=*) DFS="$(cli_get_val "${1}")" if enabled DFS; then DFS="on" elif disabled DFS; then DFS="off" else error "Invalid value for DFS: ${DFS}" return ${EXIT_ERROR} fi ;; --encryption=*) ENCRYPTION=$(cli_get_val "${1}") ;; --environment=*) ENVIRONMENT="$(cli_get_val "${1}")" if ! wireless_environment_is_valid "${ENVIRONMENT}"; then error "Invalid wireless environment: ${ENVIRONMENT}" return ${EXIT_ERROR} fi ;; --key=*) KEY=$(cli_get_val "${1}") ;; --mac=*) ADDRESS=$(cli_get_val "${1}") ;; --mfp=*) MFP="$(cli_get_val "${1}")" if enabled MFP; then MFP="on" elif disabled MFP; then MFP="off" else error "Invalid value for --mfp: ${MFP}" return ${EXIT_ERROR} fi ;; --mode=*) MODE=$(cli_get_val "${1}") if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then error "Unsupported mode: ${MODE}" error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}" return ${EXIT_ERROR} fi ;; --phy=*) PHY=$(cli_get_val "${1}") ;; --ssid=*) SSID=$(cli_get_val "${1}") ;; *) warning "Ignoring unknown argument '${1}'" ;; esac shift done # Generate a random MAC address if none is set if ! isset ADDRESS; then ADDRESS="$(mac_generate)" fi # MODE must be set if ! isset MODE; then error "--mode is not set" return ${EXIT_ERROR} fi # Automatically enable ACS if no channel is set and ACS is available if ! isset CHANNEL && phy_supports_acs "${PHY}"; then CHANNEL="0" log INFO "Automatic Channel Selection (ACS) enabled" fi # Channel bandwidth must match the mode if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}" return ${EXIT_ERROR} fi # Save address of phy do identify it again PHY=$(phy_get ${PHY}) PHY=$(phy_get_address ${PHY}) } hook_edit() { local port=${1} assert isset port if ! hook_default_edit "$@"; then return ${EXIT_ERROR} fi # To apply all changes, we need to restart the port port_restart "${port}" } hook_create() { local port="${1}" assert isset port device_exists "${port}" && exit ${EXIT_OK} port_settings_read "${port}" ${HOOK_SETTINGS} # Check if the PHY is present. local phy=$(phy_get ${PHY}) if ! isset phy; then log DEBUG "phy '${PHY}' is not present" exit ${EXIT_ERROR} fi # Create the wireless device wireless_create "${port}" \ --phy="${phy}" \ --type="ap" \ --address="${ADDRESS}" exit ${EXIT_OK} } hook_remove() { local port="${1}" assert isset port # Remove the device if present if device_exists "${port}"; then wireless_remove "${port}" fi exit ${EXIT_OK} } hook_up() { local port="${1}" assert isset port # The port must already exist before # hostapd is started. Otherwise it will # fail horribly over and over again. assert device_exists "${port}" hostapd_start "${port}" } hook_down() { local port="${1}" assert isset port hostapd_stop "${port}" } hook_hotplug() { local port="${1}" assert isset port case "$(hotplug_action)" in add) # Create the port when the phy is plugged in if hotplug_event_port_uses_phy "${port}"; then hook_create "${port}" fi ;; remove) # Stop hostapd if hotplug_event_port_is_interface "${port}"; then hostapd_stop "${port}" exit ${EXIT_OK} fi ;; esac exit ${EXIT_NOT_HANDLED} }