OpenWrt – Diff between revs 2 and 3
?pathlinks?
Rev 2 | Rev 3 | |||
---|---|---|---|---|
1 | . /lib/functions/network.sh |
1 | . /lib/functions/network.sh |
|
2 | |
2 | |
|
3 | wpa_supplicant_add_rate() { |
3 | wpa_supplicant_add_rate() { |
|
4 | local var="$1" |
4 | local var="$1" |
|
5 | local val="$(($2 / 1000))" |
5 | local val="$(($2 / 1000))" |
|
6 | local sub="$((($2 / 100) % 10))" |
6 | local sub="$((($2 / 100) % 10))" |
|
7 | append $var "$val" "," |
7 | append $var "$val" "," |
|
8 | [ $sub -gt 0 ] && append $var "." |
8 | [ $sub -gt 0 ] && append $var "." |
|
9 | } |
9 | } |
|
10 | |
10 | |
|
11 | hostapd_add_rate() { |
11 | hostapd_add_rate() { |
|
12 | local var="$1" |
12 | local var="$1" |
|
13 | local val="$(($2 / 100))" |
13 | local val="$(($2 / 100))" |
|
14 | append $var "$val" " " |
14 | append $var "$val" " " |
|
15 | } |
15 | } |
|
16 | |
16 | |
|
17 | hostapd_append_wep_key() { |
17 | hostapd_append_wep_key() { |
|
18 | local var="$1" |
18 | local var="$1" |
|
19 | |
19 | |
|
20 | wep_keyidx=0 |
20 | wep_keyidx=0 |
|
21 | set_default key 1 |
21 | set_default key 1 |
|
22 | case "$key" in |
22 | case "$key" in |
|
23 | [1234]) |
23 | [1234]) |
|
24 | for idx in 1 2 3 4; do |
24 | for idx in 1 2 3 4; do |
|
25 | local zidx |
25 | local zidx |
|
26 | zidx=$(($idx - 1)) |
26 | zidx=$(($idx - 1)) |
|
27 | json_get_var ckey "key${idx}" |
27 | json_get_var ckey "key${idx}" |
|
28 | [ -n "$ckey" ] && \ |
28 | [ -n "$ckey" ] && \ |
|
29 | append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" |
29 | append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" |
|
30 | done |
30 | done |
|
31 | wep_keyidx=$((key - 1)) |
31 | wep_keyidx=$((key - 1)) |
|
32 | ;; |
32 | ;; |
|
33 | *) |
33 | *) |
|
34 | append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" |
34 | append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" |
|
35 | ;; |
35 | ;; |
|
36 | esac |
36 | esac |
|
37 | } |
37 | } |
|
38 | |
38 | |
|
39 | hostapd_append_wpa_key_mgmt() { |
39 | hostapd_append_wpa_key_mgmt() { |
|
40 | local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')" |
40 | local auth_type="$(echo $auth_type | tr 'a-z' 'A-Z')" |
|
41 | |
- | ||
42 | case "$auth_type" in |
- | ||
43 | psk|eap) |
41 | |
|
44 | append wpa_key_mgmt "WPA-$auth_type_l" |
42 | append wpa_key_mgmt "WPA-$auth_type" |
|
45 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" |
43 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type}" |
|
46 | [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" |
- | ||
47 | ;; |
- | ||
48 | eap192) |
- | ||
49 | append wpa_key_mgmt "WPA-EAP-SUITE-B-192" |
- | ||
50 | ;; |
- | ||
51 | eap-eap192) |
- | ||
52 | append wpa_key_mgmt "WPA-EAP-SUITE-B-192" |
- | ||
53 | append wpa_key_mgmt "WPA-EAP" |
- | ||
54 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" |
- | ||
55 | [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256" |
- | ||
56 | ;; |
- | ||
57 | sae) |
- | ||
58 | append wpa_key_mgmt "SAE" |
- | ||
59 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" |
- | ||
60 | ;; |
- | ||
61 | psk-sae) |
- | ||
62 | append wpa_key_mgmt "WPA-PSK" |
- | ||
63 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK" |
- | ||
64 | [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" |
- | ||
65 | append wpa_key_mgmt "SAE" |
- | ||
66 | [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" |
- | ||
67 | ;; |
- | ||
68 | owe) |
- | ||
69 | append wpa_key_mgmt "OWE" |
- | ||
70 | ;; |
- | ||
71 | esac |
44 | [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type}-SHA256" |
|
72 | } |
45 | } |
|
73 | |
46 | |
|
74 | hostapd_add_log_config() { |
47 | hostapd_add_log_config() { |
|
75 | config_add_boolean \ |
48 | config_add_boolean \ |
|
76 | log_80211 \ |
49 | log_80211 \ |
|
77 | log_8021x \ |
50 | log_8021x \ |
|
78 | log_radius \ |
51 | log_radius \ |
|
79 | log_wpa \ |
52 | log_wpa \ |
|
80 | log_driver \ |
53 | log_driver \ |
|
81 | log_iapp \ |
54 | log_iapp \ |
|
82 | log_mlme |
55 | log_mlme |
|
83 | |
56 | |
|
84 | config_add_int log_level |
57 | config_add_int log_level |
|
85 | } |
58 | } |
|
86 | |
59 | |
|
87 | hostapd_common_add_device_config() { |
60 | hostapd_common_add_device_config() { |
|
88 | config_add_array basic_rate |
61 | config_add_array basic_rate |
|
89 | config_add_array supported_rates |
62 | config_add_array supported_rates |
|
90 | |
63 | |
|
91 | config_add_string country |
64 | config_add_string country |
|
92 | config_add_boolean country_ie doth |
65 | config_add_boolean country_ie doth |
|
93 | config_add_string require_mode |
66 | config_add_string require_mode |
|
94 | config_add_boolean legacy_rates |
67 | config_add_boolean legacy_rates |
|
95 | |
68 | |
|
96 | config_add_string acs_chan_bias |
69 | config_add_string acs_chan_bias |
|
97 | config_add_array hostapd_options |
70 | config_add_array hostapd_options |
|
98 | |
71 | |
|
99 | hostapd_add_log_config |
72 | hostapd_add_log_config |
|
100 | } |
73 | } |
|
101 | |
74 | |
|
102 | hostapd_prepare_device_config() { |
75 | hostapd_prepare_device_config() { |
|
103 | local config="$1" |
76 | local config="$1" |
|
104 | local driver="$2" |
77 | local driver="$2" |
|
105 | |
78 | |
|
106 | local base="${config%%.conf}" |
79 | local base="${config%%.conf}" |
|
107 | local base_cfg= |
80 | local base_cfg= |
|
108 | |
81 | |
|
109 | json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias |
82 | json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias |
|
110 | |
83 | |
|
111 | hostapd_set_log_options base_cfg |
84 | hostapd_set_log_options base_cfg |
|
112 | |
85 | |
|
113 | set_default country_ie 1 |
86 | set_default country_ie 1 |
|
114 | set_default doth 1 |
87 | set_default doth 1 |
|
115 | set_default legacy_rates 1 |
88 | set_default legacy_rates 1 |
|
116 | |
89 | |
|
117 | [ "$hwmode" = "b" ] && legacy_rates=1 |
90 | [ "$hwmode" = "b" ] && legacy_rates=1 |
|
118 | |
91 | |
|
119 | [ -n "$country" ] && { |
92 | [ -n "$country" ] && { |
|
120 | append base_cfg "country_code=$country" "$N" |
93 | append base_cfg "country_code=$country" "$N" |
|
121 | |
94 | |
|
122 | [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" |
95 | [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" |
|
123 | [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N" |
96 | [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N" |
|
124 | } |
97 | } |
|
125 | |
98 | |
|
126 | [ -n "$acs_chan_bias" ] && append base_cfg "acs_chan_bias=$acs_chan_bias" "$N" |
99 | [ -n "$acs_chan_bias" ] && append base_cfg "acs_chan_bias=$acs_chan_bias" "$N" |
|
127 | |
100 | |
|
128 | local brlist= br |
101 | local brlist= br |
|
129 | json_get_values basic_rate_list basic_rate |
102 | json_get_values basic_rate_list basic_rate |
|
130 | local rlist= r |
103 | local rlist= r |
|
131 | json_get_values rate_list supported_rates |
104 | json_get_values rate_list supported_rates |
|
132 | |
105 | |
|
133 | [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" |
106 | [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" |
|
134 | [ "$legacy_rates" -eq 0 ] && set_default require_mode g |
107 | [ "$legacy_rates" -eq 0 ] && set_default require_mode g |
|
135 | |
108 | |
|
136 | [ "$hwmode" = "g" ] && { |
109 | [ "$hwmode" = "g" ] && { |
|
137 | [ "$legacy_rates" -eq 0 ] && set_default rate_list "6000 9000 12000 18000 24000 36000 48000 54000" |
110 | [ "$legacy_rates" -eq 0 ] && set_default rate_list "6000 9000 12000 18000 24000 36000 48000 54000" |
|
138 | [ -n "$require_mode" ] && set_default basic_rate_list "6000 12000 24000" |
111 | [ -n "$require_mode" ] && set_default basic_rate_list "6000 12000 24000" |
|
139 | } |
112 | } |
|
140 | |
113 | |
|
141 | case "$require_mode" in |
114 | case "$require_mode" in |
|
142 | n) append base_cfg "require_ht=1" "$N";; |
115 | n) append base_cfg "require_ht=1" "$N";; |
|
143 | ac) append base_cfg "require_vht=1" "$N";; |
116 | ac) append base_cfg "require_vht=1" "$N";; |
|
144 | esac |
117 | esac |
|
145 | |
118 | |
|
146 | for r in $rate_list; do |
119 | for r in $rate_list; do |
|
147 | hostapd_add_rate rlist "$r" |
120 | hostapd_add_rate rlist "$r" |
|
148 | done |
121 | done |
|
149 | |
122 | |
|
150 | for br in $basic_rate_list; do |
123 | for br in $basic_rate_list; do |
|
151 | hostapd_add_rate brlist "$br" |
124 | hostapd_add_rate brlist "$br" |
|
152 | done |
125 | done |
|
153 | |
126 | |
|
154 | [ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N" |
127 | [ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N" |
|
155 | [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" |
128 | [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" |
|
156 | append base_cfg "beacon_int=$beacon_int" "$N" |
129 | append base_cfg "beacon_int=$beacon_int" "$N" |
|
157 | |
130 | |
|
158 | json_get_values opts hostapd_options |
131 | json_get_values opts hostapd_options |
|
159 | for val in $opts; do |
132 | for val in $opts; do |
|
160 | append base_cfg "$val" "$N" |
133 | append base_cfg "$val" "$N" |
|
161 | done |
134 | done |
|
162 | |
135 | |
|
163 | cat > "$config" <<EOF |
136 | cat > "$config" <<EOF |
|
164 | driver=$driver |
137 | driver=$driver |
|
165 | $base_cfg |
138 | $base_cfg |
|
166 | EOF |
139 | EOF |
|
167 | } |
140 | } |
|
168 | |
141 | |
|
169 | hostapd_common_add_bss_config() { |
142 | hostapd_common_add_bss_config() { |
|
170 | config_add_string 'bssid:macaddr' 'ssid:string' |
143 | config_add_string 'bssid:macaddr' 'ssid:string' |
|
171 | config_add_boolean wds wmm uapsd hidden utf8_ssid |
144 | config_add_boolean wds wmm uapsd hidden |
|
172 | |
145 | |
|
173 | config_add_int maxassoc max_inactivity |
146 | config_add_int maxassoc max_inactivity |
|
174 | config_add_boolean disassoc_low_ack isolate short_preamble |
147 | config_add_boolean disassoc_low_ack isolate short_preamble |
|
175 | |
148 | |
|
176 | config_add_int \ |
149 | config_add_int \ |
|
177 | wep_rekey eap_reauth_period \ |
150 | wep_rekey eap_reauth_period \ |
|
178 | wpa_group_rekey wpa_pair_rekey wpa_master_rekey |
151 | wpa_group_rekey wpa_pair_rekey wpa_master_rekey |
|
179 | config_add_boolean wpa_disable_eapol_key_retries |
152 | config_add_boolean wpa_disable_eapol_key_retries |
|
180 | |
153 | |
|
181 | config_add_boolean tdls_prohibit |
154 | config_add_boolean tdls_prohibit |
|
182 | |
155 | |
|
183 | config_add_boolean rsn_preauth auth_cache |
156 | config_add_boolean rsn_preauth auth_cache |
|
184 | config_add_int ieee80211w |
157 | config_add_int ieee80211w |
|
185 | config_add_int eapol_version |
158 | config_add_int eapol_version |
|
186 | |
159 | |
|
187 | config_add_string 'auth_server:host' 'server:host' |
160 | config_add_string 'auth_server:host' 'server:host' |
|
188 | config_add_string auth_secret |
161 | config_add_string auth_secret |
|
189 | config_add_int 'auth_port:port' 'port:port' |
162 | config_add_int 'auth_port:port' 'port:port' |
|
190 | |
163 | |
|
191 | config_add_string acct_server |
164 | config_add_string acct_server |
|
192 | config_add_string acct_secret |
165 | config_add_string acct_secret |
|
193 | config_add_int acct_port |
166 | config_add_int acct_port |
|
194 | config_add_int acct_interval |
167 | config_add_int acct_interval |
|
195 | |
168 | |
|
196 | config_add_string dae_client |
169 | config_add_string dae_client |
|
197 | config_add_string dae_secret |
170 | config_add_string dae_secret |
|
198 | config_add_int dae_port |
171 | config_add_int dae_port |
|
199 | |
172 | |
|
200 | config_add_string nasid |
173 | config_add_string nasid |
|
201 | config_add_string ownip |
174 | config_add_string ownip |
|
202 | config_add_string radius_client_addr |
175 | config_add_string radius_client_addr |
|
203 | config_add_string iapp_interface |
176 | config_add_string iapp_interface |
|
204 | config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd |
177 | config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd |
|
205 | config_add_string ieee80211w_mgmt_cipher |
178 | config_add_string ieee80211w_mgmt_cipher |
|
206 | |
179 | |
|
207 | config_add_int dynamic_vlan vlan_naming |
180 | config_add_int dynamic_vlan vlan_naming |
|
208 | config_add_string vlan_tagged_interface vlan_bridge |
181 | config_add_string vlan_tagged_interface vlan_bridge |
|
209 | config_add_string vlan_file |
182 | config_add_string vlan_file |
|
210 | |
183 | |
|
211 | config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey' |
184 | config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey' |
|
212 | |
185 | |
|
213 | config_add_string wpa_psk_file |
186 | config_add_string wpa_psk_file |
|
214 | |
- | ||
215 | config_add_int multi_ap |
- | ||
216 | |
187 | |
|
217 | config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 |
188 | config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 |
|
218 | config_add_int wps_ap_setup_locked wps_independent |
189 | config_add_int wps_ap_setup_locked wps_independent |
|
219 | config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin |
190 | config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin |
|
220 | config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key |
- | ||
221 | |
191 | |
|
222 | config_add_boolean ieee80211v wnm_sleep_mode bss_transition |
192 | config_add_boolean ieee80211v wnm_sleep_mode bss_transition |
|
223 | config_add_int time_advertisement |
193 | config_add_int time_advertisement |
|
224 | config_add_string time_zone |
194 | config_add_string time_zone |
|
225 | |
195 | |
|
226 | config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds |
196 | config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds |
|
227 | config_add_int r0_key_lifetime reassociation_deadline |
197 | config_add_int r0_key_lifetime reassociation_deadline |
|
228 | config_add_string mobility_domain r1_key_holder |
198 | config_add_string mobility_domain r1_key_holder |
|
229 | config_add_array r0kh r1kh |
199 | config_add_array r0kh r1kh |
|
230 | |
200 | |
|
231 | config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout |
201 | config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout |
|
232 | |
202 | |
|
233 | config_add_string macfilter 'macfile:file' |
203 | config_add_string macfilter 'macfile:file' |
|
234 | config_add_array 'maclist:list(macaddr)' |
204 | config_add_array 'maclist:list(macaddr)' |
|
235 | |
205 | |
|
236 | config_add_array bssid_blacklist |
206 | config_add_array bssid_blacklist |
|
237 | config_add_array bssid_whitelist |
207 | config_add_array bssid_whitelist |
|
238 | |
208 | |
|
239 | config_add_int mcast_rate |
209 | config_add_int mcast_rate |
|
240 | config_add_array basic_rate |
210 | config_add_array basic_rate |
|
241 | config_add_array supported_rates |
211 | config_add_array supported_rates |
|
242 | |
- | ||
243 | config_add_boolean sae_require_mfp |
- | ||
244 | |
- | ||
245 | config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string' |
- | ||
246 | } |
212 | } |
|
247 | |
213 | |
|
248 | hostapd_set_bss_options() { |
214 | hostapd_set_bss_options() { |
|
249 | local var="$1" |
215 | local var="$1" |
|
250 | local phy="$2" |
216 | local phy="$2" |
|
251 | local vif="$3" |
217 | local vif="$3" |
|
252 | |
218 | |
|
253 | wireless_vif_parse_encryption |
219 | wireless_vif_parse_encryption |
|
254 | |
220 | |
|
255 | local bss_conf |
221 | local bss_conf |
|
256 | local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt |
222 | local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt |
|
257 | |
223 | |
|
258 | json_get_vars \ |
224 | json_get_vars \ |
|
259 | wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ |
225 | wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ |
|
260 | wpa_disable_eapol_key_retries tdls_prohibit \ |
226 | wpa_disable_eapol_key_retries tdls_prohibit \ |
|
261 | maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ |
227 | maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ |
|
262 | wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \ |
228 | wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \ |
|
263 | wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \ |
229 | wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \ |
|
264 | macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \ |
230 | macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ |
|
265 | iapp_interface eapol_version dynamic_vlan ieee80211w nasid \ |
231 | iapp_interface eapol_version dynamic_vlan ieee80211w nasid \ |
|
266 | acct_server acct_secret acct_port acct_interval \ |
232 | acct_server acct_secret acct_port acct_interval \ |
|
267 | bss_load_update_period chan_util_avg_period sae_require_mfp \ |
233 | bss_load_update_period chan_util_avg_period |
|
268 | multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key |
- | ||
269 | |
234 | |
|
270 | set_default isolate 0 |
235 | set_default isolate 0 |
|
271 | set_default maxassoc 0 |
236 | set_default maxassoc 0 |
|
272 | set_default max_inactivity 0 |
237 | set_default max_inactivity 0 |
|
273 | set_default short_preamble 1 |
238 | set_default short_preamble 1 |
|
274 | set_default disassoc_low_ack 1 |
239 | set_default disassoc_low_ack 1 |
|
275 | set_default hidden 0 |
240 | set_default hidden 0 |
|
276 | set_default wmm 1 |
241 | set_default wmm 1 |
|
277 | set_default uapsd 1 |
242 | set_default uapsd 1 |
|
278 | set_default wpa_disable_eapol_key_retries 0 |
243 | set_default wpa_disable_eapol_key_retries 0 |
|
279 | set_default tdls_prohibit 0 |
244 | set_default tdls_prohibit 0 |
|
280 | set_default eapol_version 0 |
245 | set_default eapol_version 0 |
|
281 | set_default acct_port 1813 |
246 | set_default acct_port 1813 |
|
282 | set_default bss_load_update_period 60 |
247 | set_default bss_load_update_period 60 |
|
283 | set_default chan_util_avg_period 600 |
248 | set_default chan_util_avg_period 600 |
|
284 | set_default utf8_ssid 1 |
- | ||
285 | set_default multi_ap 0 |
- | ||
286 | |
249 | |
|
287 | append bss_conf "ctrl_interface=/var/run/hostapd" |
250 | append bss_conf "ctrl_interface=/var/run/hostapd" |
|
288 | if [ "$isolate" -gt 0 ]; then |
251 | if [ "$isolate" -gt 0 ]; then |
|
289 | append bss_conf "ap_isolate=$isolate" "$N" |
252 | append bss_conf "ap_isolate=$isolate" "$N" |
|
290 | fi |
253 | fi |
|
291 | if [ "$maxassoc" -gt 0 ]; then |
254 | if [ "$maxassoc" -gt 0 ]; then |
|
292 | append bss_conf "max_num_sta=$maxassoc" "$N" |
255 | append bss_conf "max_num_sta=$maxassoc" "$N" |
|
293 | fi |
256 | fi |
|
294 | if [ "$max_inactivity" -gt 0 ]; then |
257 | if [ "$max_inactivity" -gt 0 ]; then |
|
295 | append bss_conf "ap_max_inactivity=$max_inactivity" "$N" |
258 | append bss_conf "ap_max_inactivity=$max_inactivity" "$N" |
|
296 | fi |
259 | fi |
|
297 | |
260 | |
|
298 | append bss_conf "bss_load_update_period=$bss_load_update_period" "$N" |
261 | append bss_conf "bss_load_update_period=$bss_load_update_period" "$N" |
|
299 | append bss_conf "chan_util_avg_period=$chan_util_avg_period" "$N" |
262 | append bss_conf "chan_util_avg_period=$chan_util_avg_period" "$N" |
|
300 | append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" |
263 | append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" |
|
301 | append bss_conf "preamble=$short_preamble" "$N" |
264 | append bss_conf "preamble=$short_preamble" "$N" |
|
302 | append bss_conf "wmm_enabled=$wmm" "$N" |
265 | append bss_conf "wmm_enabled=$wmm" "$N" |
|
303 | append bss_conf "ignore_broadcast_ssid=$hidden" "$N" |
266 | append bss_conf "ignore_broadcast_ssid=$hidden" "$N" |
|
304 | append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N" |
267 | append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N" |
|
305 | append bss_conf "utf8_ssid=$utf8_ssid" "$N" |
- | ||
306 | append bss_conf "multi_ap=$multi_ap" "$N" |
- | ||
307 | |
268 | |
|
308 | [ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N" |
269 | [ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N" |
|
309 | |
270 | |
|
310 | [ "$wpa" -gt 0 ] && { |
271 | [ "$wpa" -gt 0 ] && { |
|
311 | [ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N" |
272 | [ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N" |
|
312 | [ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N" |
273 | [ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N" |
|
313 | [ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N" |
274 | [ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N" |
|
314 | } |
275 | } |
|
315 | |
276 | |
|
316 | [ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N" |
277 | [ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N" |
|
317 | [ -n "$acct_server" ] && { |
278 | [ -n "$acct_server" ] && { |
|
318 | append bss_conf "acct_server_addr=$acct_server" "$N" |
279 | append bss_conf "acct_server_addr=$acct_server" "$N" |
|
319 | append bss_conf "acct_server_port=$acct_port" "$N" |
280 | append bss_conf "acct_server_port=$acct_port" "$N" |
|
320 | [ -n "$acct_secret" ] && \ |
281 | [ -n "$acct_secret" ] && \ |
|
321 | append bss_conf "acct_server_shared_secret=$acct_secret" "$N" |
282 | append bss_conf "acct_server_shared_secret=$acct_secret" "$N" |
|
322 | [ -n "$acct_interval" ] && \ |
283 | [ -n "$acct_interval" ] && \ |
|
323 | append bss_conf "radius_acct_interim_interval=$acct_interval" "$N" |
284 | append bss_conf "radius_acct_interim_interval=$acct_interval" "$N" |
|
324 | } |
285 | } |
|
325 | |
- | ||
326 | case "$auth_type" in |
- | ||
327 | sae|owe|eap192|eap-eap192) |
- | ||
328 | set_default ieee80211w 2 |
- | ||
329 | set_default sae_require_mfp 1 |
- | ||
330 | ;; |
- | ||
331 | psk-sae) |
- | ||
332 | set_default ieee80211w 1 |
- | ||
333 | set_default sae_require_mfp 1 |
- | ||
334 | ;; |
- | ||
335 | esac |
- | ||
336 | [ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N" |
- | ||
337 | |
286 | |
|
338 | local vlan_possible="" |
287 | local vlan_possible="" |
|
339 | |
288 | |
|
340 | case "$auth_type" in |
289 | case "$auth_type" in |
|
341 | none|owe) |
290 | none) |
|
342 | json_get_vars owe_transition_bssid owe_transition_ssid |
- | ||
343 | |
- | ||
344 | [ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N" |
- | ||
345 | [ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N" |
- | ||
346 | |
- | ||
347 | wps_possible=1 |
291 | wps_possible=1 |
|
348 | # Here we make the assumption that if we're in open mode |
292 | # Here we make the assumption that if we're in open mode |
|
349 | # with WPS enabled, we got to be in unconfigured state. |
293 | # with WPS enabled, we got to be in unconfigured state. |
|
350 | wps_not_configured=1 |
294 | wps_not_configured=1 |
|
351 | ;; |
295 | ;; |
|
352 | psk|sae|psk-sae) |
296 | psk) |
|
353 | json_get_vars key wpa_psk_file |
297 | json_get_vars key wpa_psk_file |
|
354 | if [ ${#key} -lt 8 ]; then |
298 | if [ ${#key} -lt 8 ]; then |
|
355 | wireless_setup_vif_failed INVALID_WPA_PSK |
299 | wireless_setup_vif_failed INVALID_WPA_PSK |
|
356 | return 1 |
300 | return 1 |
|
357 | elif [ ${#key} -eq 64 ]; then |
301 | elif [ ${#key} -eq 64 ]; then |
|
358 | append bss_conf "wpa_psk=$key" "$N" |
302 | append bss_conf "wpa_psk=$key" "$N" |
|
359 | else |
303 | else |
|
360 | append bss_conf "wpa_passphrase=$key" "$N" |
304 | append bss_conf "wpa_passphrase=$key" "$N" |
|
361 | fi |
305 | fi |
|
362 | [ -n "$wpa_psk_file" ] && { |
306 | [ -n "$wpa_psk_file" ] && { |
|
363 | [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" |
307 | [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" |
|
364 | append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" |
308 | append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" |
|
365 | } |
309 | } |
|
366 | [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
310 | [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
|
367 | |
311 | |
|
368 | wps_possible=1 |
312 | wps_possible=1 |
|
369 | ;; |
313 | ;; |
|
370 | eap|eap192|eap-eap192) |
314 | eap) |
|
371 | json_get_vars \ |
315 | json_get_vars \ |
|
372 | auth_server auth_secret auth_port \ |
316 | auth_server auth_secret auth_port \ |
|
373 | dae_client dae_secret dae_port \ |
317 | dae_client dae_secret dae_port \ |
|
374 | ownip radius_client_addr \ |
318 | ownip radius_client_addr \ |
|
375 | eap_reauth_period |
319 | eap_reauth_period |
|
376 | |
320 | |
|
377 | # radius can provide VLAN ID for clients |
321 | # radius can provide VLAN ID for clients |
|
378 | vlan_possible=1 |
322 | vlan_possible=1 |
|
379 | |
323 | |
|
380 | # legacy compatibility |
324 | # legacy compatibility |
|
381 | [ -n "$auth_server" ] || json_get_var auth_server server |
325 | [ -n "$auth_server" ] || json_get_var auth_server server |
|
382 | [ -n "$auth_port" ] || json_get_var auth_port port |
326 | [ -n "$auth_port" ] || json_get_var auth_port port |
|
383 | [ -n "$auth_secret" ] || json_get_var auth_secret key |
327 | [ -n "$auth_secret" ] || json_get_var auth_secret key |
|
384 | |
328 | |
|
385 | set_default auth_port 1812 |
329 | set_default auth_port 1812 |
|
386 | set_default dae_port 3799 |
330 | set_default dae_port 3799 |
|
387 | |
331 | |
|
388 | |
332 | |
|
389 | append bss_conf "auth_server_addr=$auth_server" "$N" |
333 | append bss_conf "auth_server_addr=$auth_server" "$N" |
|
390 | append bss_conf "auth_server_port=$auth_port" "$N" |
334 | append bss_conf "auth_server_port=$auth_port" "$N" |
|
391 | append bss_conf "auth_server_shared_secret=$auth_secret" "$N" |
335 | append bss_conf "auth_server_shared_secret=$auth_secret" "$N" |
|
392 | |
336 | |
|
393 | [ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N" |
337 | [ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N" |
|
394 | |
338 | |
|
395 | [ -n "$dae_client" -a -n "$dae_secret" ] && { |
339 | [ -n "$dae_client" -a -n "$dae_secret" ] && { |
|
396 | append bss_conf "radius_das_port=$dae_port" "$N" |
340 | append bss_conf "radius_das_port=$dae_port" "$N" |
|
397 | append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" |
341 | append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" |
|
398 | } |
342 | } |
|
399 | |
343 | |
|
400 | [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" |
344 | [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" |
|
401 | [ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N" |
345 | [ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N" |
|
402 | append bss_conf "eapol_key_index_workaround=1" "$N" |
346 | append bss_conf "eapol_key_index_workaround=1" "$N" |
|
403 | append bss_conf "ieee8021x=1" "$N" |
347 | append bss_conf "ieee8021x=1" "$N" |
|
404 | |
348 | |
|
405 | [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
349 | [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
|
406 | ;; |
350 | ;; |
|
407 | wep) |
351 | wep) |
|
408 | local wep_keyidx=0 |
352 | local wep_keyidx=0 |
|
409 | json_get_vars key |
353 | json_get_vars key |
|
410 | hostapd_append_wep_key bss_conf |
354 | hostapd_append_wep_key bss_conf |
|
411 | append bss_conf "wep_default_key=$wep_keyidx" "$N" |
355 | append bss_conf "wep_default_key=$wep_keyidx" "$N" |
|
412 | [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N" |
356 | [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N" |
|
413 | ;; |
357 | ;; |
|
414 | esac |
358 | esac |
|
415 | |
359 | |
|
416 | local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) |
360 | local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) |
|
417 | append bss_conf "auth_algs=${auth_algs:-1}" "$N" |
361 | append bss_conf "auth_algs=${auth_algs:-1}" "$N" |
|
418 | append bss_conf "wpa=$wpa" "$N" |
362 | append bss_conf "wpa=$wpa" "$N" |
|
419 | [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N" |
363 | [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N" |
|
420 | |
364 | |
|
421 | set_default wps_pushbutton 0 |
365 | set_default wps_pushbutton 0 |
|
422 | set_default wps_label 0 |
366 | set_default wps_label 0 |
|
423 | set_default wps_pbc_in_m1 0 |
367 | set_default wps_pbc_in_m1 0 |
|
424 | |
368 | |
|
425 | config_methods= |
369 | config_methods= |
|
426 | [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button |
370 | [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button |
|
427 | [ "$wps_label" -gt 0 ] && append config_methods label |
371 | [ "$wps_label" -gt 0 ] && append config_methods label |
|
428 | |
- | ||
429 | # WPS not possible on Multi-AP backhaul-only SSID |
- | ||
430 | [ "$multi_ap" = 1 ] && wps_possible= |
- | ||
431 | |
372 | |
|
432 | [ -n "$wps_possible" -a -n "$config_methods" ] && { |
373 | [ -n "$wps_possible" -a -n "$config_methods" ] && { |
|
433 | set_default ext_registrar 0 |
374 | set_default ext_registrar 0 |
|
434 | set_default wps_device_type "6-0050F204-1" |
375 | set_default wps_device_type "6-0050F204-1" |
|
435 | set_default wps_device_name "OpenWrt AP" |
376 | set_default wps_device_name "OpenWrt AP" |
|
436 | set_default wps_manufacturer "www.openwrt.org" |
377 | set_default wps_manufacturer "www.openwrt.org" |
|
437 | set_default wps_independent 1 |
378 | set_default wps_independent 1 |
|
438 | |
379 | |
|
439 | wps_state=2 |
380 | wps_state=2 |
|
440 | [ -n "$wps_configured" ] && wps_state=1 |
381 | [ -n "$wps_configured" ] && wps_state=1 |
|
441 | |
382 | |
|
442 | [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N" |
383 | [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N" |
|
443 | |
384 | |
|
444 | append bss_conf "eap_server=1" "$N" |
385 | append bss_conf "eap_server=1" "$N" |
|
445 | [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" |
386 | [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" |
|
446 | append bss_conf "wps_state=$wps_state" "$N" |
387 | append bss_conf "wps_state=$wps_state" "$N" |
|
447 | append bss_conf "device_type=$wps_device_type" "$N" |
388 | append bss_conf "device_type=$wps_device_type" "$N" |
|
448 | append bss_conf "device_name=$wps_device_name" "$N" |
389 | append bss_conf "device_name=$wps_device_name" "$N" |
|
449 | append bss_conf "manufacturer=$wps_manufacturer" "$N" |
390 | append bss_conf "manufacturer=$wps_manufacturer" "$N" |
|
450 | append bss_conf "config_methods=$config_methods" "$N" |
391 | append bss_conf "config_methods=$config_methods" "$N" |
|
451 | append bss_conf "wps_independent=$wps_independent" "$N" |
392 | append bss_conf "wps_independent=$wps_independent" "$N" |
|
452 | [ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N" |
393 | [ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N" |
|
453 | [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N" |
394 | [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N" |
|
454 | [ "$multi_ap" -gt 0 ] && [ -n "$multi_ap_backhaul_ssid" ] && { |
- | ||
455 | append bss_conf "multi_ap_backhaul_ssid=\"$multi_ap_backhaul_ssid\"" "$N" |
- | ||
456 | if [ -z "$multi_ap_backhaul_key" ]; then |
- | ||
457 | : |
- | ||
458 | elif [ ${#multi_ap_backhaul_key} -lt 8 ]; then |
- | ||
459 | wireless_setup_vif_failed INVALID_WPA_PSK |
- | ||
460 | return 1 |
- | ||
461 | elif [ ${#multi_ap_backhaul_key} -eq 64 ]; then |
- | ||
462 | append bss_conf "multi_ap_backhaul_wpa_psk=$multi_ap_backhaul_key" "$N" |
- | ||
463 | else |
- | ||
464 | append bss_conf "multi_ap_backhaul_wpa_passphrase=$multi_ap_backhaul_key" "$N" |
- | ||
465 | fi |
- | ||
466 | } |
- | ||
467 | } |
395 | } |
|
468 | |
396 | |
|
469 | append bss_conf "ssid=$ssid" "$N" |
397 | append bss_conf "ssid=$ssid" "$N" |
|
470 | [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N" |
398 | [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N" |
|
471 | [ -n "$iapp_interface" ] && { |
399 | [ -n "$iapp_interface" ] && { |
|
472 | local ifname |
400 | local ifname |
|
473 | network_get_device ifname "$iapp_interface" || ifname="$iapp_interface" |
401 | network_get_device ifname "$iapp_interface" || ifname="$iapp_interface" |
|
474 | append bss_conf "iapp_interface=$ifname" "$N" |
402 | append bss_conf "iapp_interface=$ifname" "$N" |
|
475 | } |
403 | } |
|
476 | |
404 | |
|
477 | json_get_vars ieee80211v |
405 | json_get_vars ieee80211v |
|
478 | set_default ieee80211v 0 |
406 | set_default ieee80211v 0 |
|
479 | if [ "$ieee80211v" -eq "1" ]; then |
407 | if [ "$ieee80211v" -eq "1" ]; then |
|
480 | json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition |
408 | json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition |
|
481 | |
409 | |
|
482 | set_default time_advertisement 0 |
410 | set_default time_advertisement 0 |
|
483 | set_default wnm_sleep_mode 0 |
411 | set_default wnm_sleep_mode 0 |
|
484 | set_default bss_transition 0 |
412 | set_default bss_transition 0 |
|
485 | |
413 | |
|
486 | append bss_conf "time_advertisement=$time_advertisement" "$N" |
414 | append bss_conf "time_advertisement=$time_advertisement" "$N" |
|
487 | [ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N" |
415 | [ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N" |
|
488 | append bss_conf "wnm_sleep_mode=$wnm_sleep_mode" "$N" |
416 | append bss_conf "wnm_sleep_mode=$wnm_sleep_mode" "$N" |
|
489 | append bss_conf "bss_transition=$bss_transition" "$N" |
417 | append bss_conf "bss_transition=$bss_transition" "$N" |
|
490 | fi |
418 | fi |
|
491 | |
419 | |
|
492 | if [ "$wpa" -ge "1" ]; then |
420 | if [ "$wpa" -ge "1" ]; then |
|
493 | json_get_vars ieee80211r |
421 | json_get_vars ieee80211r |
|
494 | set_default ieee80211r 0 |
422 | set_default ieee80211r 0 |
|
495 | |
423 | |
|
496 | if [ "$ieee80211r" -gt "0" ]; then |
424 | if [ "$ieee80211r" -gt "0" ]; then |
|
497 | json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline |
425 | json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline |
|
498 | |
426 | |
|
499 | set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)" |
427 | set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)" |
|
500 | set_default ft_psk_generate_local 1 |
428 | set_default ft_psk_generate_local 1 |
|
501 | set_default ft_over_ds 1 |
429 | set_default ft_over_ds 1 |
|
502 | set_default reassociation_deadline 1000 |
430 | set_default reassociation_deadline 1000 |
|
503 | |
431 | |
|
504 | append bss_conf "mobility_domain=$mobility_domain" "$N" |
432 | append bss_conf "mobility_domain=$mobility_domain" "$N" |
|
505 | append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N" |
433 | append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N" |
|
506 | append bss_conf "ft_over_ds=$ft_over_ds" "$N" |
434 | append bss_conf "ft_over_ds=$ft_over_ds" "$N" |
|
507 | append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" |
435 | append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" |
|
508 | [ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N" |
436 | [ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N" |
|
509 | |
437 | |
|
510 | if [ "$ft_psk_generate_local" -eq "0" ]; then |
438 | if [ "$ft_psk_generate_local" -eq "0" ]; then |
|
511 | json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push |
439 | json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push |
|
512 | json_get_values r0kh r0kh |
440 | json_get_values r0kh r0kh |
|
513 | json_get_values r1kh r1kh |
441 | json_get_values r1kh r1kh |
|
514 | |
442 | |
|
515 | set_default r0_key_lifetime 10000 |
443 | set_default r0_key_lifetime 10000 |
|
516 | set_default pmk_r1_push 0 |
444 | set_default pmk_r1_push 0 |
|
517 | |
445 | |
|
518 | [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N" |
446 | [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N" |
|
519 | append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" |
447 | append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" |
|
520 | append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" |
448 | append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" |
|
521 | |
449 | |
|
522 | for kh in $r0kh; do |
450 | for kh in $r0kh; do |
|
523 | append bss_conf "r0kh=${kh//,/ }" "$N" |
451 | append bss_conf "r0kh=${kh//,/ }" "$N" |
|
524 | done |
452 | done |
|
525 | for kh in $r1kh; do |
453 | for kh in $r1kh; do |
|
526 | append bss_conf "r1kh=${kh//,/ }" "$N" |
454 | append bss_conf "r1kh=${kh//,/ }" "$N" |
|
527 | done |
455 | done |
|
528 | fi |
456 | fi |
|
529 | fi |
457 | fi |
|
530 | |
458 | |
|
531 | append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N" |
459 | append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N" |
|
532 | |
460 | |
|
533 | hostapd_append_wpa_key_mgmt |
461 | hostapd_append_wpa_key_mgmt |
|
534 | [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N" |
462 | [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N" |
|
535 | fi |
463 | fi |
|
536 | |
464 | |
|
537 | if [ "$wpa" -ge "2" ]; then |
465 | if [ "$wpa" -ge "2" ]; then |
|
538 | if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then |
466 | if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then |
|
539 | set_default auth_cache 1 |
467 | set_default auth_cache 1 |
|
540 | append bss_conf "rsn_preauth=1" "$N" |
468 | append bss_conf "rsn_preauth=1" "$N" |
|
541 | append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" |
469 | append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" |
|
542 | else |
470 | else |
|
543 | set_default auth_cache 0 |
471 | set_default auth_cache 0 |
|
544 | fi |
472 | fi |
|
545 | |
473 | |
|
546 | append bss_conf "okc=$auth_cache" "$N" |
474 | append bss_conf "okc=$auth_cache" "$N" |
|
547 | [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" |
475 | [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" |
|
548 | |
476 | |
|
549 | # RSN -> allow management frame protection |
477 | # RSN -> allow management frame protection |
|
550 | case "$ieee80211w" in |
478 | case "$ieee80211w" in |
|
551 | [012]) |
479 | [012]) |
|
552 | json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout |
480 | json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout |
|
553 | append bss_conf "ieee80211w=$ieee80211w" "$N" |
481 | append bss_conf "ieee80211w=$ieee80211w" "$N" |
|
554 | [ "$ieee80211w" -gt "0" ] && { |
482 | [ "$ieee80211w" -gt "0" ] && { |
|
555 | append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" |
483 | append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" |
|
556 | [ -n "$ieee80211w_max_timeout" ] && \ |
484 | [ -n "$ieee80211w_max_timeout" ] && \ |
|
557 | append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" |
485 | append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" |
|
558 | [ -n "$ieee80211w_retry_timeout" ] && \ |
486 | [ -n "$ieee80211w_retry_timeout" ] && \ |
|
559 | append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" |
487 | append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" |
|
560 | } |
488 | } |
|
561 | ;; |
489 | ;; |
|
562 | esac |
490 | esac |
|
563 | fi |
491 | fi |
|
564 | |
492 | |
|
565 | _macfile="/var/run/hostapd-$ifname.maclist" |
493 | _macfile="/var/run/hostapd-$ifname.maclist" |
|
566 | case "$macfilter" in |
494 | case "$macfilter" in |
|
567 | allow) |
495 | allow) |
|
568 | append bss_conf "macaddr_acl=1" "$N" |
496 | append bss_conf "macaddr_acl=1" "$N" |
|
569 | append bss_conf "accept_mac_file=$_macfile" "$N" |
497 | append bss_conf "accept_mac_file=$_macfile" "$N" |
|
570 | # accept_mac_file can be used to set MAC to VLAN ID mapping |
498 | # accept_mac_file can be used to set MAC to VLAN ID mapping |
|
571 | vlan_possible=1 |
499 | vlan_possible=1 |
|
572 | ;; |
500 | ;; |
|
573 | deny) |
501 | deny) |
|
574 | append bss_conf "macaddr_acl=0" "$N" |
502 | append bss_conf "macaddr_acl=0" "$N" |
|
575 | append bss_conf "deny_mac_file=$_macfile" "$N" |
503 | append bss_conf "deny_mac_file=$_macfile" "$N" |
|
576 | ;; |
504 | ;; |
|
577 | *) |
505 | *) |
|
578 | _macfile="" |
506 | _macfile="" |
|
579 | ;; |
507 | ;; |
|
580 | esac |
508 | esac |
|
581 | |
509 | |
|
582 | [ -n "$_macfile" ] && { |
510 | [ -n "$_macfile" ] && { |
|
583 | json_get_vars macfile |
511 | json_get_vars macfile |
|
584 | json_get_values maclist maclist |
512 | json_get_values maclist maclist |
|
585 | |
513 | |
|
586 | rm -f "$_macfile" |
514 | rm -f "$_macfile" |
|
587 | ( |
515 | ( |
|
588 | for mac in $maclist; do |
516 | for mac in $maclist; do |
|
589 | echo "$mac" |
517 | echo "$mac" |
|
590 | done |
518 | done |
|
591 | [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" |
519 | [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" |
|
592 | ) > "$_macfile" |
520 | ) > "$_macfile" |
|
593 | } |
521 | } |
|
594 | |
522 | |
|
595 | [ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && { |
523 | [ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && { |
|
596 | json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file |
524 | json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file |
|
597 | set_default vlan_naming 1 |
525 | set_default vlan_naming 1 |
|
598 | append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" |
526 | append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" |
|
599 | append bss_conf "vlan_naming=$vlan_naming" "$N" |
527 | append bss_conf "vlan_naming=$vlan_naming" "$N" |
|
600 | [ -n "$vlan_bridge" ] && \ |
528 | [ -n "$vlan_bridge" ] && \ |
|
601 | append bss_conf "vlan_bridge=$vlan_bridge" "$N" |
529 | append bss_conf "vlan_bridge=$vlan_bridge" "$N" |
|
602 | [ -n "$vlan_tagged_interface" ] && \ |
530 | [ -n "$vlan_tagged_interface" ] && \ |
|
603 | append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" |
531 | append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" |
|
604 | [ -n "$vlan_file" ] && { |
532 | [ -n "$vlan_file" ] && { |
|
605 | [ -e "$vlan_file" ] || touch "$vlan_file" |
533 | [ -e "$vlan_file" ] || touch "$vlan_file" |
|
606 | append bss_conf "vlan_file=$vlan_file" "$N" |
534 | append bss_conf "vlan_file=$vlan_file" "$N" |
|
607 | } |
535 | } |
|
608 | } |
536 | } |
|
609 | |
537 | |
|
610 | append "$var" "$bss_conf" "$N" |
538 | append "$var" "$bss_conf" "$N" |
|
611 | return 0 |
539 | return 0 |
|
612 | } |
540 | } |
|
613 | |
541 | |
|
614 | hostapd_set_log_options() { |
542 | hostapd_set_log_options() { |
|
615 | local var="$1" |
543 | local var="$1" |
|
616 | |
544 | |
|
617 | local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
545 | local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
|
618 | json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
546 | json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
|
619 | |
547 | |
|
620 | set_default log_level 2 |
548 | set_default log_level 2 |
|
621 | set_default log_80211 1 |
549 | set_default log_80211 1 |
|
622 | set_default log_8021x 1 |
550 | set_default log_8021x 1 |
|
623 | set_default log_radius 1 |
551 | set_default log_radius 1 |
|
624 | set_default log_wpa 1 |
552 | set_default log_wpa 1 |
|
625 | set_default log_driver 1 |
553 | set_default log_driver 1 |
|
626 | set_default log_iapp 1 |
554 | set_default log_iapp 1 |
|
627 | set_default log_mlme 1 |
555 | set_default log_mlme 1 |
|
628 | |
556 | |
|
629 | local log_mask=$(( \ |
557 | local log_mask=$(( \ |
|
630 | ($log_80211 << 0) | \ |
558 | ($log_80211 << 0) | \ |
|
631 | ($log_8021x << 1) | \ |
559 | ($log_8021x << 1) | \ |
|
632 | ($log_radius << 2) | \ |
560 | ($log_radius << 2) | \ |
|
633 | ($log_wpa << 3) | \ |
561 | ($log_wpa << 3) | \ |
|
634 | ($log_driver << 4) | \ |
562 | ($log_driver << 4) | \ |
|
635 | ($log_iapp << 5) | \ |
563 | ($log_iapp << 5) | \ |
|
636 | ($log_mlme << 6) \ |
564 | ($log_mlme << 6) \ |
|
637 | )) |
565 | )) |
|
638 | |
566 | |
|
639 | append "$var" "logger_syslog=$log_mask" "$N" |
567 | append "$var" "logger_syslog=$log_mask" "$N" |
|
640 | append "$var" "logger_syslog_level=$log_level" "$N" |
568 | append "$var" "logger_syslog_level=$log_level" "$N" |
|
641 | append "$var" "logger_stdout=$log_mask" "$N" |
569 | append "$var" "logger_stdout=$log_mask" "$N" |
|
642 | append "$var" "logger_stdout_level=$log_level" "$N" |
570 | append "$var" "logger_stdout_level=$log_level" "$N" |
|
643 | |
571 | |
|
644 | return 0 |
572 | return 0 |
|
645 | } |
573 | } |
|
646 | |
574 | |
|
647 | _wpa_supplicant_common() { |
575 | _wpa_supplicant_common() { |
|
648 | local ifname="$1" |
576 | local ifname="$1" |
|
649 | |
577 | |
|
650 | _rpath="/var/run/wpa_supplicant" |
578 | _rpath="/var/run/wpa_supplicant" |
|
651 | _config="${_rpath}-$ifname.conf" |
579 | _config="${_rpath}-$ifname.conf" |
|
652 | } |
580 | } |
|
653 | |
581 | |
|
654 | wpa_supplicant_teardown_interface() { |
582 | wpa_supplicant_teardown_interface() { |
|
655 | _wpa_supplicant_common "$1" |
583 | _wpa_supplicant_common "$1" |
|
656 | rm -rf "$_rpath/$1" "$_config" |
584 | rm -rf "$_rpath/$1" "$_config" |
|
657 | } |
585 | } |
|
658 | |
586 | |
|
659 | wpa_supplicant_prepare_interface() { |
587 | wpa_supplicant_prepare_interface() { |
|
660 | local ifname="$1" |
588 | local ifname="$1" |
|
661 | _w_driver="$2" |
589 | _w_driver="$2" |
|
662 | |
590 | |
|
663 | _wpa_supplicant_common "$1" |
591 | _wpa_supplicant_common "$1" |
|
664 | |
592 | |
|
665 | json_get_vars mode wds multi_ap |
593 | json_get_vars mode wds |
|
666 | |
594 | |
|
667 | [ -n "$network_bridge" ] && { |
595 | [ -n "$network_bridge" ] && { |
|
668 | fail= |
596 | fail= |
|
669 | case "$mode" in |
597 | case "$mode" in |
|
670 | adhoc) |
598 | adhoc) |
|
671 | fail=1 |
599 | fail=1 |
|
672 | ;; |
600 | ;; |
|
673 | sta) |
601 | sta) |
|
674 | [ "$wds" = 1 -o "$multi_ap" = 1 ] || fail=1 |
602 | [ "$wds" = 1 ] || fail=1 |
|
675 | ;; |
603 | ;; |
|
676 | esac |
604 | esac |
|
677 | |
605 | |
|
678 | [ -n "$fail" ] && { |
606 | [ -n "$fail" ] && { |
|
679 | wireless_setup_vif_failed BRIDGE_NOT_ALLOWED |
607 | wireless_setup_vif_failed BRIDGE_NOT_ALLOWED |
|
680 | return 1 |
608 | return 1 |
|
681 | } |
609 | } |
|
682 | } |
610 | } |
|
683 | |
611 | |
|
684 | local ap_scan= |
612 | local ap_scan= |
|
685 | |
613 | |
|
686 | _w_mode="$mode" |
614 | _w_mode="$mode" |
|
687 | _w_modestr= |
615 | _w_modestr= |
|
688 | |
616 | |
|
689 | [[ "$mode" = adhoc ]] && { |
617 | [[ "$mode" = adhoc ]] && { |
|
690 | ap_scan="ap_scan=2" |
618 | ap_scan="ap_scan=2" |
|
691 | |
619 | |
|
692 | _w_modestr="mode=1" |
620 | _w_modestr="mode=1" |
|
693 | } |
621 | } |
|
694 | |
622 | |
|
695 | local country_str= |
623 | local country_str= |
|
696 | [ -n "$country" ] && { |
624 | [ -n "$country" ] && { |
|
697 | country_str="country=$country" |
625 | country_str="country=$country" |
|
698 | } |
626 | } |
|
699 | |
- | ||
700 | multiap_flag_file="${_config}.is_multiap" |
- | ||
701 | if [ "$multi_ap" = "1" ]; then |
- | ||
702 | touch "$multiap_flag_file" |
- | ||
703 | else |
- | ||
704 | [ -e "$multiap_flag_file" ] && rm "$multiap_flag_file" |
- | ||
705 | fi |
627 | |
|
706 | wpa_supplicant_teardown_interface "$ifname" |
628 | wpa_supplicant_teardown_interface "$ifname" |
|
707 | cat > "$_config" <<EOF |
629 | cat > "$_config" <<EOF |
|
708 | $ap_scan |
630 | $ap_scan |
|
709 | $country_str |
631 | $country_str |
|
710 | EOF |
632 | EOF |
|
711 | return 0 |
633 | return 0 |
|
712 | } |
634 | } |
|
713 | |
635 | |
|
714 | wpa_supplicant_set_fixed_freq() { |
636 | wpa_supplicant_set_fixed_freq() { |
|
715 | local freq="$1" |
637 | local freq="$1" |
|
716 | local htmode="$2" |
638 | local htmode="$2" |
|
717 | |
639 | |
|
718 | append network_data "fixed_freq=1" "$N$T" |
640 | append network_data "fixed_freq=1" "$N$T" |
|
719 | append network_data "frequency=$freq" "$N$T" |
641 | append network_data "frequency=$freq" "$N$T" |
|
720 | case "$htmode" in |
642 | case "$htmode" in |
|
721 | NOHT) append network_data "disable_ht=1" "$N$T";; |
643 | NOHT) append network_data "disable_ht=1" "$N$T";; |
|
722 | HT20|VHT20) append network_data "disable_ht40=1" "$N$T";; |
644 | HT20|VHT20) append network_data "disable_ht40=1" "$N$T";; |
|
723 | HT40*|VHT40*|VHT80*|VHT160*) append network_data "ht40=1" "$N$T";; |
645 | HT40*|VHT40*|VHT80*|VHT160*) append network_data "ht40=1" "$N$T";; |
|
724 | esac |
646 | esac |
|
725 | case "$htmode" in |
647 | case "$htmode" in |
|
726 | VHT*) append network_data "vht=1" "$N$T";; |
648 | VHT*) append network_data "vht=1" "$N$T";; |
|
727 | esac |
649 | esac |
|
728 | case "$htmode" in |
650 | case "$htmode" in |
|
729 | VHT80) append network_data "max_oper_chwidth=1" "$N$T";; |
651 | VHT80) append network_data "max_oper_chwidth=1" "$N$T";; |
|
730 | VHT160) append network_data "max_oper_chwidth=2" "$N$T";; |
652 | VHT160) append network_data "max_oper_chwidth=2" "$N$T";; |
|
731 | *) append network_data "max_oper_chwidth=0" "$N$T";; |
653 | *) append network_data "max_oper_chwidth=0" "$N$T";; |
|
732 | esac |
654 | esac |
|
733 | } |
655 | } |
|
734 | |
656 | |
|
735 | wpa_supplicant_add_network() { |
657 | wpa_supplicant_add_network() { |
|
736 | local ifname="$1" |
658 | local ifname="$1" |
|
737 | local freq="$2" |
659 | local freq="$2" |
|
738 | local htmode="$3" |
660 | local htmode="$3" |
|
739 | local noscan="$4" |
661 | local noscan="$4" |
|
740 | |
662 | |
|
741 | _wpa_supplicant_common "$1" |
663 | _wpa_supplicant_common "$1" |
|
742 | wireless_vif_parse_encryption |
664 | wireless_vif_parse_encryption |
|
743 | |
665 | |
|
744 | json_get_vars \ |
666 | json_get_vars \ |
|
745 | ssid bssid key \ |
667 | ssid bssid key \ |
|
746 | basic_rate mcast_rate \ |
668 | basic_rate mcast_rate \ |
|
747 | ieee80211w ieee80211r \ |
669 | ieee80211w ieee80211r |
|
748 | multi_ap |
- | ||
749 | |
670 | |
|
750 | set_default ieee80211r 0 |
- | ||
751 | set_default multi_ap 0 |
671 | set_default ieee80211r 0 |
|
752 | |
672 | |
|
753 | local key_mgmt='NONE' |
673 | local key_mgmt='NONE' |
|
754 | local enc_str= |
674 | local enc_str= |
|
755 | local network_data= |
675 | local network_data= |
|
756 | local T=" " |
676 | local T=" " |
|
757 | |
677 | |
|
758 | local scan_ssid="scan_ssid=1" |
678 | local scan_ssid="scan_ssid=1" |
|
759 | local freq wpa_key_mgmt |
679 | local freq wpa_key_mgmt |
|
760 | |
680 | |
|
761 | [[ "$_w_mode" = "adhoc" ]] && { |
681 | [[ "$_w_mode" = "adhoc" ]] && { |
|
762 | append network_data "mode=1" "$N$T" |
682 | append network_data "mode=1" "$N$T" |
|
763 | [ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
683 | [ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
|
764 | |
684 | |
|
765 | scan_ssid="scan_ssid=0" |
685 | scan_ssid="scan_ssid=0" |
|
766 | |
686 | |
|
767 | [ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE" |
687 | [ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE" |
|
768 | } |
688 | } |
|
769 | |
689 | |
|
770 | [[ "$_w_mode" = "mesh" ]] && { |
690 | [[ "$_w_mode" = "mesh" ]] && { |
|
771 | json_get_vars mesh_id mesh_fwding mesh_rssi_threshold |
691 | json_get_vars mesh_id mesh_fwding |
|
772 | [ -n "$mesh_id" ] && ssid="${mesh_id}" |
692 | [ -n "$mesh_id" ] && ssid="${mesh_id}" |
|
773 | |
693 | |
|
774 | append network_data "mode=5" "$N$T" |
694 | append network_data "mode=5" "$N$T" |
|
775 | [ -n "$mesh_fwding" ] && append network_data "mesh_fwding=${mesh_fwding}" "$N$T" |
695 | [ -n "$mesh_fwding" ] && append network_data "mesh_fwding=${mesh_fwding}" "$N$T" |
|
776 | [ -n "$mesh_rssi_threshold" ] && append network_data "mesh_rssi_threshold=${mesh_rssi_threshold}" "$N$T" |
- | ||
777 | [ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
696 | [ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
|
778 | [ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T" |
697 | [ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T" |
|
779 | append wpa_key_mgmt "SAE" |
698 | append wpa_key_mgmt "SAE" |
|
780 | scan_ssid="" |
699 | scan_ssid="" |
|
781 | } |
700 | } |
|
782 | |
701 | |
|
783 | [ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T" |
702 | [ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T" |
|
784 | |
- | ||
785 | [ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T" |
- | ||
786 | |
703 | |
|
787 | case "$auth_type" in |
704 | case "$auth_type" in |
|
788 | none) ;; |
- | ||
789 | owe) |
- | ||
790 | hostapd_append_wpa_key_mgmt |
- | ||
791 | ;; |
705 | none) ;; |
|
792 | wep) |
706 | wep) |
|
793 | local wep_keyidx=0 |
707 | local wep_keyidx=0 |
|
794 | hostapd_append_wep_key network_data |
708 | hostapd_append_wep_key network_data |
|
795 | append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" |
709 | append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" |
|
796 | ;; |
710 | ;; |
|
797 | wps) |
711 | psk) |
|
798 | key_mgmt='WPS' |
- | ||
799 | ;; |
- | ||
800 | psk|sae|psk-sae) |
- | ||
801 | local passphrase |
712 | local passphrase |
|
802 | |
713 | |
|
803 | if [ "$_w_mode" != "mesh" ]; then |
714 | if [ "$_w_mode" != "mesh" ]; then |
|
804 | hostapd_append_wpa_key_mgmt |
715 | hostapd_append_wpa_key_mgmt |
|
805 | fi |
716 | fi |
|
806 | |
717 | |
|
807 | key_mgmt="$wpa_key_mgmt" |
718 | key_mgmt="$wpa_key_mgmt" |
|
808 | |
719 | |
|
809 | if [ ${#key} -eq 64 ]; then |
720 | if [ ${#key} -eq 64 ]; then |
|
810 | passphrase="psk=${key}" |
721 | passphrase="psk=${key}" |
|
811 | else |
722 | else |
|
812 | if [ "$_w_mode" = "mesh" ]; then |
723 | if [ "$_w_mode" = "mesh" ]; then |
|
813 | passphrase="sae_password=\"${key}\"" |
724 | passphrase="sae_password=\"${key}\"" |
|
814 | else |
725 | else |
|
815 | passphrase="psk=\"${key}\"" |
726 | passphrase="psk=\"${key}\"" |
|
816 | fi |
727 | fi |
|
817 | fi |
728 | fi |
|
818 | append network_data "$passphrase" "$N$T" |
729 | append network_data "$passphrase" "$N$T" |
|
819 | ;; |
730 | ;; |
|
820 | eap|eap192|eap-eap192) |
731 | eap) |
|
821 | hostapd_append_wpa_key_mgmt |
732 | hostapd_append_wpa_key_mgmt |
|
822 | key_mgmt="$wpa_key_mgmt" |
733 | key_mgmt="$wpa_key_mgmt" |
|
823 | |
734 | |
|
824 | json_get_vars eap_type identity anonymous_identity ca_cert |
735 | json_get_vars eap_type identity anonymous_identity ca_cert |
|
825 | [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" |
736 | [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" |
|
826 | [ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T" |
737 | [ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T" |
|
827 | [ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T" |
738 | [ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T" |
|
828 | case "$eap_type" in |
739 | case "$eap_type" in |
|
829 | tls) |
740 | tls) |
|
830 | json_get_vars client_cert priv_key priv_key_pwd |
741 | json_get_vars client_cert priv_key priv_key_pwd |
|
831 | append network_data "client_cert=\"$client_cert\"" "$N$T" |
742 | append network_data "client_cert=\"$client_cert\"" "$N$T" |
|
832 | append network_data "private_key=\"$priv_key\"" "$N$T" |
743 | append network_data "private_key=\"$priv_key\"" "$N$T" |
|
833 | append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" |
744 | append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" |
|
834 | ;; |
745 | ;; |
|
835 | fast|peap|ttls) |
746 | fast|peap|ttls) |
|
836 | json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd |
747 | json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd |
|
837 | set_default auth MSCHAPV2 |
748 | set_default auth MSCHAPV2 |
|
838 | |
749 | |
|
839 | if [ "$auth" = "EAP-TLS" ]; then |
750 | if [ "$auth" = "EAP-TLS" ]; then |
|
840 | [ -n "$ca_cert2" ] && |
751 | [ -n "$ca_cert2" ] && |
|
841 | append network_data "ca_cert2=\"$ca_cert2\"" "$N$T" |
752 | append network_data "ca_cert2=\"$ca_cert2\"" "$N$T" |
|
842 | append network_data "client_cert2=\"$client_cert2\"" "$N$T" |
753 | append network_data "client_cert2=\"$client_cert2\"" "$N$T" |
|
843 | append network_data "private_key2=\"$priv_key2\"" "$N$T" |
754 | append network_data "private_key2=\"$priv_key2\"" "$N$T" |
|
844 | append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T" |
755 | append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T" |
|
845 | else |
756 | else |
|
846 | append network_data "password=\"$password\"" "$N$T" |
757 | append network_data "password=\"$password\"" "$N$T" |
|
847 | fi |
758 | fi |
|
848 | |
759 | |
|
849 | phase2proto="auth=" |
760 | phase2proto="auth=" |
|
850 | case "$auth" in |
761 | case "$auth" in |
|
851 | "auth"*) |
762 | "auth"*) |
|
852 | phase2proto="" |
763 | phase2proto="" |
|
853 | ;; |
764 | ;; |
|
854 | "EAP-"*) |
765 | "EAP-"*) |
|
855 | auth="$(echo $auth | cut -b 5- )" |
766 | auth="$(echo $auth | cut -b 5- )" |
|
856 | [ "$eap_type" = "ttls" ] && |
767 | [ "$eap_type" = "ttls" ] && |
|
857 | phase2proto="autheap=" |
768 | phase2proto="autheap=" |
|
858 | ;; |
769 | ;; |
|
859 | esac |
770 | esac |
|
860 | append network_data "phase2=\"$phase2proto$auth\"" "$N$T" |
771 | append network_data "phase2=\"$phase2proto$auth\"" "$N$T" |
|
861 | ;; |
772 | ;; |
|
862 | esac |
773 | esac |
|
863 | append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" |
774 | append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" |
|
864 | ;; |
775 | ;; |
|
865 | esac |
776 | esac |
|
866 | |
777 | |
|
867 | [ "$mode" = mesh ] || { |
778 | [ "$mode" = mesh ] || { |
|
868 | case "$wpa" in |
779 | case "$wpa" in |
|
869 | 1) |
780 | 1) |
|
870 | append network_data "proto=WPA" "$N$T" |
781 | append network_data "proto=WPA" "$N$T" |
|
871 | ;; |
782 | ;; |
|
872 | 2) |
783 | 2) |
|
873 | append network_data "proto=RSN" "$N$T" |
784 | append network_data "proto=RSN" "$N$T" |
|
874 | ;; |
785 | ;; |
|
875 | esac |
786 | esac |
|
876 | |
787 | |
|
877 | case "$ieee80211w" in |
788 | case "$ieee80211w" in |
|
878 | [012]) |
789 | [012]) |
|
879 | [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" |
790 | [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" |
|
880 | ;; |
791 | ;; |
|
881 | esac |
792 | esac |
|
882 | } |
793 | } |
|
883 | [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" |
794 | [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" |
|
884 | [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T" |
795 | [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T" |
|
885 | |
796 | |
|
886 | local bssid_blacklist bssid_whitelist |
797 | local bssid_blacklist bssid_whitelist |
|
887 | json_get_values bssid_blacklist bssid_blacklist |
798 | json_get_values bssid_blacklist bssid_blacklist |
|
888 | json_get_values bssid_whitelist bssid_whitelist |
799 | json_get_values bssid_whitelist bssid_whitelist |
|
889 | |
800 | |
|
890 | [ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T" |
801 | [ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T" |
|
891 | [ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T" |
802 | [ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T" |
|
892 | |
803 | |
|
893 | [ -n "$basic_rate" ] && { |
804 | [ -n "$basic_rate" ] && { |
|
894 | local br rate_list= |
805 | local br rate_list= |
|
895 | for br in $basic_rate; do |
806 | for br in $basic_rate; do |
|
896 | wpa_supplicant_add_rate rate_list "$br" |
807 | wpa_supplicant_add_rate rate_list "$br" |
|
897 | done |
808 | done |
|
898 | [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" |
809 | [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" |
|
899 | } |
810 | } |
|
900 | |
811 | |
|
901 | [ -n "$mcast_rate" ] && { |
812 | [ -n "$mcast_rate" ] && { |
|
902 | local mc_rate= |
813 | local mc_rate= |
|
903 | wpa_supplicant_add_rate mc_rate "$mcast_rate" |
814 | wpa_supplicant_add_rate mc_rate "$mcast_rate" |
|
904 | append network_data "mcast_rate=$mc_rate" "$N$T" |
815 | append network_data "mcast_rate=$mc_rate" "$N$T" |
|
905 | } |
816 | } |
|
906 | |
- | ||
907 | if [ "$key_mgnt" = "WPS" ]; then |
- | ||
908 | echo "wps_cred_processing=1" >> "$_config" |
- | ||
909 | else |
817 | |
|
910 | cat >> "$_config" <<EOF |
818 | cat >> "$_config" <<EOF |
|
911 | network={ |
819 | network={ |
|
912 | $scan_ssid |
820 | $scan_ssid |
|
913 | ssid="$ssid" |
821 | ssid="$ssid" |
|
914 | key_mgmt=$key_mgmt |
822 | key_mgmt=$key_mgmt |
|
915 | $network_data |
823 | $network_data |
|
916 | } |
824 | } |
|
917 | EOF |
825 | EOF |
|
918 | fi |
- | ||
919 | return 0 |
826 | return 0 |
|
920 | } |
827 | } |
|
921 | |
828 | |
|
922 | wpa_supplicant_run() { |
829 | wpa_supplicant_run() { |
|
923 | local ifname="$1"; shift |
830 | local ifname="$1"; shift |
|
924 | |
831 | |
|
925 | _wpa_supplicant_common "$ifname" |
832 | _wpa_supplicant_common "$ifname" |
|
926 | |
833 | |
|
927 | /usr/sbin/wpa_supplicant -B -s \ |
834 | /usr/sbin/wpa_supplicant -B \ |
|
928 | ${network_bridge:+-b $network_bridge} \ |
835 | ${network_bridge:+-b $network_bridge} \ |
|
929 | -P "/var/run/wpa_supplicant-${ifname}.pid" \ |
836 | -P "/var/run/wpa_supplicant-${ifname}.pid" \ |
|
930 | -D ${_w_driver:-wext} \ |
837 | -D ${_w_driver:-wext} \ |
|
931 | -i "$ifname" \ |
838 | -i "$ifname" \ |
|
932 | -c "$_config" \ |
839 | -c "$_config" \ |
|
933 | -C "$_rpath" \ |
840 | -C "$_rpath" \ |
|
934 | "$@" |
841 | "$@" |
|
935 | |
842 | |
|
936 | ret="$?" |
843 | ret="$?" |
|
937 | wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1 |
844 | wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1 |
|
938 | |
845 | |
|
939 | [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED |
846 | [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED |
|
940 | |
847 | |
|
941 | return $ret |
848 | return $ret |
|
942 | } |
849 | } |
|
943 | |
850 | |
|
944 | hostapd_common_cleanup() { |
851 | hostapd_common_cleanup() { |
|
945 | killall hostapd wpa_supplicant meshd-nl80211 |
852 | killall hostapd wpa_supplicant meshd-nl80211 |
|
946 | } |
853 | } |
|
947 | |
854 | |