. /usr/lib/network/header-port
-HOOK_SETTINGS="HOOK ADDRESS BROADCAST_SSID CHANNEL MODE PHY SSID"
-HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY"
-
-ADDRESS=$(mac_generate)
-BROADCAST_SSID=on
-CHANNEL=1
-ENCRYPTION=""
-KEY=""
-MODE="g"
-SSID=
+HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}"
+
+HOOK_SETTINGS=(
+ "ADDRESS"
+ "BROADCAST_SSID"
+ "CHANNEL"
+ "CHANNEL_BANDWIDTH"
+ "DFS"
+ "ENVIRONMENT"
+ "MFP"
+ "MODE"
+ "PHY"
+ "SECRET"
+ "SSID"
+ "WPA3_PERSONAL"
+ "WPA2_PERSONAL"
+)
+
+# Disable WPA3+2 by default
+DEFAULT_WPA3_PERSONAL="off"
+DEFAULT_WPA2_PERSONAL="off"
+
+# Broadcast SSID by default
+DEFAULT_BROADCAST_SSID="on"
+
+# Perform radar detection by default when possible
+DEFAULT_DFS="on"
+
+# 802.11w - Management Frame Protection
+# Disable by default because many clients cannot connect when enabled
+DEFAULT_MFP="off"
+
+DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
hook_check_settings() {
assert isset ADDRESS
assert isset BROADCAST_SSID
assert isbool BROADCAST_SSID
assert isset CHANNEL
+ assert isbool DFS
+ assert isbool MFP
assert isset MODE
- assert isoneof MODE a b g n
+ assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
assert isset PHY
assert ismac PHY
assert isset SSID
- if isset ENCRYPTION; then
- assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2
-
- assert isset KEY
- assert [ ${#KEY} -ge 8 ]
- assert [ ${#KEY} -le 63 ]
- fi
+ assert wireless_environment_is_valid "${ENVIRONMENT}"
}
hook_parse_cmdline() {
while [ $# -gt 0 ]; do
case "${1}" in
--broadcast-ssid=*)
- BROADCAST_SSID=$(cli_get_val ${1})
+ BROADCAST_SSID=$(cli_get_val "${1}")
;;
--channel=*)
- CHANNEL=$(cli_get_val ${1})
+ CHANNEL=$(cli_get_val "${1}")
;;
- --encryption=*)
- ENCRYPTION=$(cli_get_val ${1})
+ --channel-bandwidth=*)
+ CHANNEL_BANDWIDTH="$(cli_get_val "${1}")"
;;
- --key=*)
- KEY=$(cli_get_val ${1})
+ --dfs=*)
+ DFS="$(cli_get_val "${1}")"
+
+ if enabled DFS; then
+ DFS="on"
+ elif disabled DFS; then
+ DFS="off"
+ else
+ error "Invalid value for DFS: ${DFS}"
+ return ${EXIT_ERROR}
+ fi
+ ;;
+ --environment=*)
+ ENVIRONMENT="$(cli_get_val "${1}")"
+
+ if ! wireless_environment_is_valid "${ENVIRONMENT}"; then
+ error "Invalid wireless environment: ${ENVIRONMENT}"
+ return ${EXIT_ERROR}
+ fi
;;
--mac=*)
- ADDRESS=$(cli_get_val ${1})
+ ADDRESS=$(cli_get_val "${1}")
+ ;;
+ --mfp=*)
+ MFP="$(cli_get_val "${1}")"
+
+ if enabled MFP; then
+ MFP="on"
+ elif disabled MFP; then
+ MFP="off"
+ else
+ error "Invalid value for --mfp: ${MFP}"
+ return ${EXIT_ERROR}
+ fi
;;
--mode=*)
- MODE=$(cli_get_val ${1})
+ MODE=$(cli_get_val "${1}")
+
+ if ! isoneof MODE ${HOSTAPD_SUPPORTED_MODES}; then
+ error "Unsupported mode: ${MODE}"
+ error "Mode must be one of ${HOSTAPD_SUPPORTED_MODES}"
+ return ${EXIT_ERROR}
+ fi
;;
--phy=*)
- PHY=$(cli_get_val ${1})
+ PHY=$(cli_get_val "${1}")
+ ;;
+ --secret=*)
+ SECRET="$(cli_get_val "${1}")"
;;
--ssid=*)
- SSID=$(cli_get_val ${1})
+ SSID=$(cli_get_val "${1}")
+ ;;
+ --wpa2-personal=*)
+ WPA2_PERSONAL="$(cli_get_bool "${1}")"
+ ;;
+ --wpa3-personal=*)
+ WPA3_PERSONAL="$(cli_get_bool "${1}")"
;;
*)
warning "Ignoring unknown argument '${1}'"
shift
done
- # Save address of phy do identify it again
- PHY=$(phy_get ${PHY})
- PHY=$(phy_get_address ${PHY})
-}
+ # Generate a random MAC address if none is set
+ if ! isset ADDRESS; then
+ ADDRESS="$(mac_generate)"
+ fi
-hook_new() {
- if ! hook_parse_cmdline $@; then
+ # MODE must be set
+ if ! isset MODE; then
+ error "--mode is not set"
return ${EXIT_ERROR}
fi
- local port=$(port_find_free ${PORT_PATTERN_ACCESSPOINT})
- assert isset port
+ # Automatically enable ACS if no channel is set and ACS is available
+ if ! isset CHANNEL && phy_supports_acs "${PHY}"; then
+ CHANNEL="0"
- port_settings_write "${port}" ${HOOK_SETTINGS}
+ log INFO "Automatic Channel Selection (ACS) enabled"
+ fi
- exit ${EXIT_OK}
+ # Channel bandwidth must match the mode
+ if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then
+ error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}"
+ return ${EXIT_ERROR}
+ fi
+
+ # Check if SECRET is set when WPA* is enabled
+ if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then
+ error "Secret is not set when PSK authentication is enabled"
+ return ${EXIT_ERROR}
+ fi
+
+ # Save address of phy do identify it again
+ PHY=$(phy_get ${PHY})
+ PHY=$(phy_get_address ${PHY})
}
hook_edit() {
local port=${1}
assert isset port
- if ! hook_default_edit $@; then
+ if ! hook_default_edit "$@"; then
return ${EXIT_ERROR}
fi
device_exists "${port}" && exit ${EXIT_OK}
- port_settings_read "${port}" ${HOOK_SETTINGS}
+ port_settings_read "${port}"
# Check if the PHY is present.
local phy=$(phy_get ${PHY})