HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
-HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY SSID"
-
-ADDRESS=$(mac_generate)
-BROADCAST_SSID=on
-CHANNEL=0
-CHANNEL_BANDWIDTH=
-ENCRYPTION=""
-KEY=""
-SSID=
+HOOK_SETTINGS=(
+ "ADDRESS"
+ "BROADCAST_SSID"
+ "CHANNEL"
+ "CHANNEL_BANDWIDTH"
+ "DFS"
+ "ENVIRONMENT"
+ "MFP"
+ "MODE"
+ "PHY"
+ "SECRET"
+ "SSID"
+ "WPA3_PERSONAL"
+ "WPA2_PERSONAL"
+)
+
+# Disable WPA3+2 by default
+DEFAULT_WPA3_PERSONAL="off"
+DEFAULT_WPA2_PERSONAL="off"
+
+# Broadcast SSID by default
+DEFAULT_BROADCAST_SSID="on"
# Perform radar detection by default when possible
-DFS="on"
+DEFAULT_DFS="on"
+
+# 802.11w - Management Frame Protection
+DEFAULT_MFP="on"
+
+DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
hook_check_settings() {
assert isset ADDRESS
assert isbool BROADCAST_SSID
assert isset CHANNEL
assert isbool DFS
+ assert isbool MFP
assert isset MODE
assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
assert isset PHY
assert ismac PHY
assert isset SSID
- if isset ENCRYPTION; then
- assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2
-
- assert isset KEY
- assert [ ${#KEY} -ge 8 ]
- assert [ ${#KEY} -le 63 ]
- fi
+ assert wireless_environment_is_valid "${ENVIRONMENT}"
}
hook_parse_cmdline() {
CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
;;
--dfs=*)
- DFS="$(cli_get_val "${1}")"
-
- if enabled DFS; then
- DFS="on"
- elif disabled DFS; then
- DFS="off"
- else
- error "Invalid value for DFS: ${DFS}"
+ DFS="$(cli_get_bool "${1}")"
+ ;;
+ --environment=*)
+ ENVIRONMENT="$(cli_get_val "${1}")"
+
+ if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
+ error "Invalid wireless environment: ${ENVIRONMENT}"
return ${EXIT_ERROR}
fi
;;
- --encryption=*)
- ENCRYPTION=$(cli_get_val "${1}")
- ;;
- --key=*)
- KEY=$(cli_get_val "${1}")
- ;;
--mac=*)
ADDRESS=$(cli_get_val "${1}")
;;
+ --mfp=*)
+ MFP="$(cli_get_bool "${1}")"
+ ;;
--mode=*)
MODE=$(cli_get_val "${1}")
--phy=*)
PHY=$(cli_get_val "${1}")
;;
+ --secret=*)
+ SECRET="$(cli_get_val "${1}")"
+ ;;
--ssid=*)
SSID=$(cli_get_val "${1}")
;;
+ --wpa2-personal=*)
+ WPA2_PERSONAL="$(cli_get_bool "${1}")"
+ ;;
+ --wpa3-personal=*)
+ WPA3_PERSONAL="$(cli_get_bool "${1}")"
+ ;;
*)
warning "Ignoring unknown argument '${1}'"
;;
return ${EXIT_ERROR}
fi
+ # Automatically enable ACS if no channel is set and ACS is available
+ if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
+ CHANNEL="0"
+
+ log INFO "Automatic Channel Selection (ACS) enabled"
+ fi
+
# Channel bandwidth must match the mode
if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
return ${EXIT_ERROR}
fi
+ # Check if SECRET is set when WPA* is enabled
+ if enabled WPA3_PERSONAL || enabled WPA2_PERSONAL; then
+ if ! isset SECRET; then
+ error "Secret is not set when PSK authentication is enabled"
+ return ${EXIT_ERROR}
+ fi
+
+ # Check if SECRET is valid
+ if ! wireless_pre_shared_key_is_valid "${SECRET}"; then
+ error "The secret is in an invalid format"
+ return ${EXIT_ERROR}
+ fi
+ fi
+
# Save address of phy do identify it again
PHY=$(phy_get ${PHY})
PHY=$(phy_get_address ${PHY})
device_exists "${port}" && exit ${EXIT_OK}
- port_settings_read "${port}" ${HOOK_SETTINGS}
+ port_settings_read "${port}"
# Check if the PHY is present.
local phy=$(phy_get ${PHY})