X-Git-Url: http://git.ipfire.org/?p=people%2Fms%2Fnetwork.git;a=blobdiff_plain;f=src%2Fhooks%2Fports%2Fwireless-ap;h=7176ee58dfe54768e151a30ed7697c24568d1f24;hp=49c0a84396dfe8252a4c72fdc4e4b626ee24bdb6;hb=0a4c5abab952ae0d864505f037f46cd0a27d6701;hpb=7b297fb22fb16db920d68224b232e5acc652688a diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap index 49c0a843..7176ee58 100644 --- a/src/hooks/ports/wireless-ap +++ b/src/hooks/ports/wireless-ap @@ -23,18 +23,37 @@ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}" -HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL MODE PHY SSID" -HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION KEY" - -ADDRESS=$(mac_generate) -BROADCAST_SSID=on -CHANNEL=0 -ENCRYPTION="" -KEY="" -SSID= +HOOK_SETTINGS=( + "ADDRESS" + "BROADCAST_SSID" + "CHANNEL" + "CHANNEL_BANDWIDTH" + "DFS" + "ENVIRONMENT" + "MFP" + "MODE" + "PHY" + "SECRET" + "SSID" + "WPA3_PERSONAL" + "WPA2_PERSONAL" +) + +# Disable WPA3+2 by default +DEFAULT_WPA3_PERSONAL="off" +DEFAULT_WPA2_PERSONAL="off" + +# Broadcast SSID by default +DEFAULT_BROADCAST_SSID="on" # Perform radar detection by default when possible -DFS="on" +DEFAULT_DFS="on" + +# 802.11w - Management Frame Protection +# Disable by default because many clients cannot connect when enabled +DEFAULT_MFP="off" + +DEFAULT_ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}" hook_check_settings() { assert isset ADDRESS @@ -43,19 +62,14 @@ hook_check_settings() { assert isbool BROADCAST_SSID assert isset CHANNEL assert isbool DFS + assert isbool MFP assert isset MODE assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES} assert isset PHY assert ismac PHY assert isset SSID - if isset ENCRYPTION; then - assert isoneof ENCRYPTION WPA WPA2 WPA/WPA2 - - assert isset KEY - assert [ ${#KEY} -ge 8 ] - assert [ ${#KEY} -le 63 ] - fi + assert wireless_environment_is_valid "${ENVIRONMENT}" } hook_parse_cmdline() { @@ -67,6 +81,9 @@ hook_parse_cmdline() { --channel=*) CHANNEL=$(cli_get_val "${1}") ;; + --channel-bandwidth=*) + CHANNEL_BANDWIDTH="$(cli_get_val "${1}")" + ;; --dfs=*) DFS="$(cli_get_val "${1}")" @@ -79,15 +96,29 @@ hook_parse_cmdline() { return ${EXIT_ERROR} fi ;; - --encryption=*) - ENCRYPTION=$(cli_get_val "${1}") - ;; - --key=*) - KEY=$(cli_get_val "${1}") + --environment=*) + ENVIRONMENT="$(cli_get_val "${1}")" + + if ! wireless_environment_is_valid "${ENVIRONMENT}"; then + error "Invalid wireless environment: ${ENVIRONMENT}" + return ${EXIT_ERROR} + fi ;; --mac=*) ADDRESS=$(cli_get_val "${1}") ;; + --mfp=*) + MFP="$(cli_get_val "${1}")" + + if enabled MFP; then + MFP="on" + elif disabled MFP; then + MFP="off" + else + error "Invalid value for --mfp: ${MFP}" + return ${EXIT_ERROR} + fi + ;; --mode=*) MODE=$(cli_get_val "${1}") @@ -100,9 +131,18 @@ hook_parse_cmdline() { --phy=*) PHY=$(cli_get_val "${1}") ;; + --secret=*) + SECRET="$(cli_get_val "${1}")" + ;; --ssid=*) SSID=$(cli_get_val "${1}") ;; + --wpa2-personal=*) + WPA2_PERSONAL="$(cli_get_bool "${1}")" + ;; + --wpa3-personal=*) + WPA3_PERSONAL="$(cli_get_bool "${1}")" + ;; *) warning "Ignoring unknown argument '${1}'" ;; @@ -121,6 +161,25 @@ hook_parse_cmdline() { return ${EXIT_ERROR} fi + # Automatically enable ACS if no channel is set and ACS is available + if ! isset CHANNEL && phy_supports_acs "${PHY}"; then + CHANNEL="0" + + log INFO "Automatic Channel Selection (ACS) enabled" + fi + + # Channel bandwidth must match the mode + if isset CHANNEL_BANDWIDTH && ! wireless_channel_bandwidth_is_valid "${MODE}" "${CHANNEL_BANDWIDTH}"; then + error "Channel Bandwidth '${CHANNEL_BANDWIDTH}' is not supported for ${MODE}" + return ${EXIT_ERROR} + fi + + # Check if SECRET is set when WPA* is enabled + if ! isset SECRET && (enabled WPA3_PERSONAL || enabled WPA2_PERSONAL); then + error "Secret is not set when PSK authentication is enabled" + return ${EXIT_ERROR} + fi + # Save address of phy do identify it again PHY=$(phy_get ${PHY}) PHY=$(phy_get_address ${PHY}) @@ -144,7 +203,7 @@ hook_create() { device_exists "${port}" && exit ${EXIT_OK} - port_settings_read "${port}" ${HOOK_SETTINGS} + port_settings_read "${port}" # Check if the PHY is present. local phy=$(phy_get ${PHY})