;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
config_add_string country
config_add_boolean country_ie doth
+ config_add_boolean spectrum_mgmt_required
+ config_add_int local_pwr_constraint
config_add_string require_mode
config_add_boolean legacy_rates
local base="${config%%.conf}"
local base_cfg=
- json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias
+ json_get_vars country country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
+ acs_chan_bias local_pwr_constraint spectrum_mgmt_required
hostapd_set_log_options base_cfg
set_default country_ie 1
+ set_default spectrum_mgmt_required 0
set_default doth 1
set_default legacy_rates 1
[ -n "$country" ] && {
append base_cfg "country_code=$country" "$N"
- [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
+ [ "$country_ie" -gt 0 ] && {
+ append base_cfg "ieee80211d=1" "$N"
+ [ -n "$local_pwr_constraint" ] && append base_cfg "local_pwr_constraint=$local_pwr_constraint" "$N"
+ [ "$spectrum_mgmt_required" -gt 0 ] && append base_cfg "spectrum_mgmt_required=$spectrum_mgmt_required" "$N"
+ }
[ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N"
}
[ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N"
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
append base_cfg "beacon_int=$beacon_int" "$N"
+ append base_cfg "dtim_period=$dtim_period" "$N"
json_get_values opts hostapd_options
for val in $opts; do
config_add_int \
wep_rekey eap_reauth_period \
wpa_group_rekey wpa_pair_rekey wpa_master_rekey
+ config_add_boolean wpa_strict_rekey
config_add_boolean wpa_disable_eapol_key_retries
config_add_boolean tdls_prohibit
config_add_string radius_client_addr
config_add_string iapp_interface
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+ config_add_boolean ca_cert_usesystem ca_cert2_usesystem
config_add_string subject_match subject_match2
config_add_array altsubject_match altsubject_match2
config_add_array domain_match domain_match2 domain_suffix_match domain_suffix_match2
config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string'
}
+hostapd_set_vlan_file() {
+ local ifname="$1"
+ local vlan="$2"
+ json_get_vars name vid
+ echo "${vid} ${ifname}-${name}" >> /var/run/hostapd-${ifname}.vlan
+ wireless_add_vlan "${vlan}" "${ifname}-${name}"
+}
+
+hostapd_set_vlan() {
+ local ifname="$1"
+
+ rm -f /var/run/hostapd-${ifname}.vlan
+ for_each_vlan hostapd_set_vlan_file ${ifname}
+}
+
+hostapd_set_psk_file() {
+ local ifname="$1"
+ local vlan="$2"
+ local vlan_id=""
+
+ json_get_vars mac vid key
+ set_default isolate "00:00:00:00:00:00"
+ [ -n "$vid" ] && vlan_id="vlanid=$vid "
+ echo "${vlan_id} ${mac} ${key}" >> /var/run/hostapd-${ifname}.psk
+}
+
+hostapd_set_psk() {
+ local ifname="$1"
+
+ rm -f /var/run/hostapd-${ifname}.psk
+ for_each_station hostapd_set_psk_file ${ifname}
+}
+
hostapd_set_bss_options() {
local var="$1"
local phy="$2"
local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
json_get_vars \
- wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
+ wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_strict_rekey \
wpa_disable_eapol_key_retries tdls_prohibit \
maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
[ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N"
[ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
[ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N"
+ [ -n "$wpa_strict_rekey" ] && append bss_conf "wpa_strict_rekey=$wpa_strict_rekey" "$N"
}
[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
else
append bss_conf "wpa_passphrase=$key" "$N"
fi
+ [ -z "$wpa_psk_file" ] && set_default wpa_psk_file /var/run/hostapd-$ifname.psk
[ -n "$wpa_psk_file" ] && {
[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file"
append bss_conf "wpa_psk_file=$wpa_psk_file" "$N"
}
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N"
+ set_default dynamic_vlan 0
+ vlan_possible=1
wps_possible=1
;;
eap|eap192|eap-eap192)
[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && {
json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file
set_default vlan_naming 1
+ [ -z "$vlan_file" ] && set_default vlan_file /var/run/hostapd-$ifname.vlan
append bss_conf "dynamic_vlan=$dynamic_vlan" "$N"
append bss_conf "vlan_naming=$vlan_naming" "$N"
[ -n "$vlan_bridge" ] && \
local ap_scan=
_w_mode="$mode"
- _w_modestr=
- [[ "$mode" = adhoc ]] && {
+ [ "$mode" = adhoc ] && {
ap_scan="ap_scan=2"
-
- _w_modestr="mode=1"
}
local country_str=
case "$htmode" in
VHT80) append network_data "max_oper_chwidth=1" "$N$T";;
VHT160) append network_data "max_oper_chwidth=2" "$N$T";;
- *) append network_data "max_oper_chwidth=0" "$N$T";;
+ VHT20|VHT40) append network_data "max_oper_chwidth=0" "$N$T";;
+ *) append network_data "disable_vht=1" "$N$T";;
esac
}
local scan_ssid="scan_ssid=1"
local freq wpa_key_mgmt
- [[ "$_w_mode" = "adhoc" ]] && {
+ [ "$_w_mode" = "adhoc" ] && {
append network_data "mode=1" "$N$T"
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
+ [ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
scan_ssid="scan_ssid=0"
[ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE"
}
- [[ "$_w_mode" = "mesh" ]] && {
+ [ "$_w_mode" = "mesh" ] && {
json_get_vars mesh_id mesh_fwding mesh_rssi_threshold
[ -n "$mesh_id" ] && ssid="${mesh_id}"
scan_ssid=""
}
- [ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T"
-
[ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T"
case "$auth_type" in
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
- json_get_vars eap_type identity anonymous_identity ca_cert
- [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ json_get_vars eap_type identity anonymous_identity ca_cert ca_cert_usesystem
+
+ if [ "$ca_cert_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ fi
[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T"
case "$eap_type" in
fi
;;
fast|peap|ttls)
- json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
+ json_get_vars auth password ca_cert2 ca_cert2_usesystem client_cert2 priv_key2 priv_key2_pwd
set_default auth MSCHAPV2
if [ "$auth" = "EAP-TLS" ]; then
- [ -n "$ca_cert2" ] &&
- append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ if [ "$ca_cert2_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert2=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert2" ] && append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ fi
append network_data "client_cert2=\"$client_cert2\"" "$N$T"
append network_data "private_key2=\"$priv_key2\"" "$N$T"
append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
_wpa_supplicant_common "$ifname"
- ubus wait_for wpa_supplicant.$phy
- ubus call wpa_supplicant.$phy config_add "{ \
+ ubus wait_for wpa_supplicant
+ ubus call wpa_supplicant config_add "{ \
\"driver\": \"${_w_driver:-wext}\", \"ctrl\": \"$_rpath\", \
\"iface\": \"$ifname\", \"config\": \"$_config\" \
${network_bridge:+, \"bridge\": \"$network_bridge\"} \
[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
- local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant-${phy}'].pid")
+ local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant'].pid")
wireless_add_process "$supplicant_pid" "/usr/sbin/wpa_supplicant" 1
return $ret