projects / project / netifd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
netifd: fix WPA3 enterprise ciphers
[project/netifd.git] / scripts / netifd-wireless.sh
1 NETIFD_MAIN_DIR="${NETIFD_MAIN_DIR:-/lib/netifd}"
2
3 . /usr/share/libubox/jshn.sh
4 . $NETIFD_MAIN_DIR/utils.sh
5
6 CMD_UP=0
7 CMD_SET_DATA=1
8 CMD_PROCESS_ADD=2
9 CMD_PROCESS_KILL_ALL=3
10 CMD_SET_RETRY=4
11
12 add_driver() {
13 return
14 }
15
16 wireless_setup_vif_failed() {
17 local error="$1"
18 echo "Interface $_w_iface setup failed: $error"
19 }
20
21 wireless_setup_failed() {
22 local error="$1"
23
24 echo "Device setup failed: $error"
25 wireless_set_retry 0
26 }
27
28 prepare_key_wep() {
29 local key="$1"
30 local hex=1
31
32 echo -n "$key" | grep -qE "[^a-fA-F0-9]" && hex=0
33 [ "${#key}" -eq 10 -a $hex -eq 1 ] || \
34 [ "${#key}" -eq 26 -a $hex -eq 1 ] || {
35 [ "${key:0:2}" = "s:" ] && key="${key#s:}"
36 key="$(echo -n "$key" | hexdump -ve '1/1 "%02x" ""')"
37 }
38 echo "$key"
39 }
40
41 _wdev_prepare_channel() {
42 json_get_vars channel band hwmode
43
44 auto_channel=0
45 enable_ht=0
46 htmode=
47 hwmode="${hwmode##11}"
48
49 case "$channel" in
50 ""|0|auto)
51 channel=0
52 auto_channel=1
53 ;;
54 [0-9]*) ;;
55 *)
56 wireless_setup_failed "INVALID_CHANNEL"
57 ;;
58 esac
59
60 case "$hwmode" in
61 a|b|g|ad) ;;
62 *)
63 if [ "$channel" -gt 14 ]; then
64 hwmode=a
65 else
66 hwmode=g
67 fi
68 ;;
69 esac
70
71 case "$band" in
72 2g) hwmode=g;;
73 5g|6g) hwmode=a;;
74 60g) hwmode=ad;;
75 *)
76 case "$hwmode" in
77 *a) band=5g;;
78 *ad) band=60g;;
79 *b|*g) band=2g;;
80 esac
81 ;;
82 esac
83 }
84
85 _wdev_handler() {
86 json_load "$data"
87
88 json_select config
89 _wdev_prepare_channel
90 json_select ..
91
92 eval "drv_$1_$2 \"$interface\""
93 }
94
95 _wdev_msg_call() {
96 local old_cb
97
98 json_set_namespace wdev old_cb
99 "$@"
100 json_set_namespace $old_cb
101 }
102
103 _wdev_wrapper() {
104 while [ -n "$1" ]; do
105 eval "$1() { _wdev_msg_call _$1 \"\$@\"; }"
106 shift
107 done
108 }
109
110 _wdev_notify_init() {
111 local command="$1"
112 local name="$2"
113 local value="$3"
114
115 json_init
116 json_add_int "command" "$command"
117 json_add_string "device" "$__netifd_device"
118 [ -n "$name" -a -n "$value" ] && json_add_string "$name" "$value"
119 json_add_object "data"
120 }
121
122 _wdev_notify() {
123 local options="$1"
124
125 json_close_object
126 ubus $options call network.wireless notify "$(json_dump)"
127 }
128
129 _wdev_add_variables() {
130 while [ -n "$1" ]; do
131 local var="${1%%=*}"
132 local val="$1"
133 shift
134 [[ "$var" = "$val" ]] && continue
135 val="${val#*=}"
136 json_add_string "$var" "$val"
137 done
138 }
139
140 _wireless_add_vif() {
141 local name="$1"; shift
142 local ifname="$1"; shift
143
144 _wdev_notify_init $CMD_SET_DATA "interface" "$name"
145 json_add_string "ifname" "$ifname"
146 _wdev_add_variables "$@"
147 _wdev_notify
148 }
149
150 _wireless_add_vlan() {
151 local name="$1"; shift
152 local ifname="$1"; shift
153
154 _wdev_notify_init $CMD_SET_DATA "vlan" "$name"
155 json_add_string "ifname" "$ifname"
156 _wdev_add_variables "$@"
157 _wdev_notify
158 }
159
160 _wireless_set_up() {
161 _wdev_notify_init $CMD_UP
162 _wdev_notify
163 }
164
165 _wireless_set_data() {
166 _wdev_notify_init $CMD_SET_DATA
167 _wdev_add_variables "$@"
168 _wdev_notify
169 }
170
171 _wireless_add_process() {
172 _wdev_notify_init $CMD_PROCESS_ADD
173 local exe="$2"
174 [ -L "$exe" ] && exe="$(readlink -f "$exe")"
175 json_add_int pid "$1"
176 json_add_string exe "$exe"
177 [ -n "$3" ] && json_add_boolean required 1
178 [ -n "$4" ] && json_add_boolean keep 1
179 exe2="$(readlink -f /proc/$1/exe)"
180 [ "$exe" != "$exe2" ] && echo "WARNING (wireless_add_process): executable path $exe does not match process $1 path ($exe2)"
181 _wdev_notify
182 }
183
184 _wireless_process_kill_all() {
185 _wdev_notify_init $CMD_PROCESS_KILL_ALL
186 [ -n "$1" ] && json_add_int signal "$1"
187 _wdev_notify
188 }
189
190 _wireless_set_retry() {
191 _wdev_notify_init $CMD_SET_RETRY
192 json_add_int retry "$1"
193 _wdev_notify
194 }
195
196 _wdev_wrapper \
197 wireless_add_vif \
198 wireless_add_vlan \
199 wireless_set_up \
200 wireless_set_data \
201 wireless_add_process \
202 wireless_process_kill_all \
203 wireless_set_retry \
204
205 wireless_vif_parse_encryption() {
206 json_get_vars encryption
207 set_default encryption none
208
209 auth_mode_open=1
210 auth_mode_shared=0
211 auth_type=none
212
213 if [ "$hwmode" = "ad" ]; then
214 wpa_cipher="GCMP"
215 else
216 wpa_cipher="CCMP"
217 fi
218
219 # WPA3 enterprise requires the GCMP-256 cipher (technically also CCMP and GCMP are possible
220 # but many clients/devices do not support that)
221 case "$encryption" in
222 wpa3-mixed*) wpa_cipher="${wpa_cipher} GCMP-256";;
223 wpa3*) wpa_cipher="GCMP-256";;
224 esac
225
226 case "$encryption" in
227 *tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
228 *ccmp256) wpa_cipher="CCMP-256";;
229 *aes|*ccmp) wpa_cipher="CCMP";;
230 *tkip) wpa_cipher="TKIP";;
231 *gcmp256) wpa_cipher="GCMP-256";;
232 *gcmp) wpa_cipher="GCMP";;
233 esac
234
235 # 802.11n requires CCMP for WPA
236 [ "$enable_ht:$wpa_cipher" = "1:TKIP" ] && wpa_cipher="CCMP TKIP"
237
238 # Examples:
239 # psk-mixed/tkip => WPA1+2 PSK, TKIP
240 # wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP
241 # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP
242
243 case "$encryption" in
244 wpa2*|wpa3*|*psk2*|psk3*|sae*|owe*)
245 wpa=2
246 ;;
247 wpa*mixed*|*psk*mixed*)
248 wpa=3
249 ;;
250 wpa*|*psk*)
251 wpa=1
252 ;;
253 *)
254 wpa=0
255 wpa_cipher=
256 ;;
257 esac
258 wpa_pairwise="$wpa_cipher"
259
260 case "$encryption" in
261 owe*)
262 auth_type=owe
263 ;;
264 wpa3-mixed*)
265 auth_type=eap-eap192
266 ;;
267 wpa3*)
268 auth_type=eap192
269 ;;
270 psk3-mixed*|sae-mixed*)
271 auth_type=psk-sae
272 ;;
273 psk3*|sae*)
274 auth_type=sae
275 ;;
276 *psk*)
277 auth_type=psk
278 ;;
279 *wpa*|*8021x*)
280 auth_type=eap
281 ;;
282 *wep*)
283 auth_type=wep
284 case "$encryption" in
285 *shared*)
286 auth_mode_open=0
287 auth_mode_shared=1
288 ;;
289 *mixed*)
290 auth_mode_shared=1
291 ;;
292 esac
293 ;;
294 esac
295
296 case "$encryption" in
297 *osen*)
298 auth_osen=1
299 ;;
300 esac
301 }
302
303 _wireless_set_brsnoop_isolation() {
304 local multicast_to_unicast="$1"
305 local isolate
306
307 json_get_vars isolate proxy_arp
308
309 [ ${isolate:-0} -gt 0 -o -z "$network_bridge" ] && return
310 [ ${multicast_to_unicast:-1} -gt 0 -o ${proxy_arp:-0} -gt 0 ] && json_add_boolean isolate 1
311 }
312
313 for_each_interface() {
314 local _w_types="$1"; shift
315 local _w_ifaces _w_iface
316 local _w_type
317 local _w_found
318
319 local multicast_to_unicast
320
321 json_get_keys _w_ifaces interfaces
322 json_select interfaces
323 for _w_iface in $_w_ifaces; do
324 json_select "$_w_iface"
325 if [ -n "$_w_types" ]; then
326 json_get_var network_bridge bridge
327 json_get_var network_ifname bridge-ifname
328 json_get_var multicast_to_unicast multicast_to_unicast
329 json_select config
330 _wireless_set_brsnoop_isolation "$multicast_to_unicast"
331 json_get_var _w_type mode
332 json_select ..
333 _w_types=" $_w_types "
334 [[ "${_w_types%$_w_type*}" = "$_w_types" ]] && {
335 json_select ..
336 continue
337 }
338 fi
339 "$@" "$_w_iface"
340 json_select ..
341 done
342 json_select ..
343 }
344
345 for_each_vlan() {
346 local _w_vlans _w_vlan
347
348 json_get_keys _w_vlans vlans
349 json_select vlans
350 for _w_vlan in $_w_vlans; do
351 json_select "$_w_vlan"
352 json_select config
353 "$@" "$_w_vlan"
354 json_select ..
355 json_select ..
356 done
357 json_select ..
358 }
359
360 for_each_station() {
361 local _w_stas _w_sta
362
363 json_get_keys _w_stas stas
364 json_select stas
365 for _w_sta in $_w_stas; do
366 json_select "$_w_sta"
367 json_select config
368 "$@" "$_w_sta"
369 json_select ..
370 json_select ..
371 done
372 json_select ..
373 }
374
375 _wdev_common_device_config() {
376 config_add_string channel hwmode band htmode noscan
377 }
378
379 _wdev_common_iface_config() {
380 config_add_string mode ssid encryption 'key:wpakey'
381 }
382
383 _wdev_common_vlan_config() {
384 config_add_string name vid iface
385 }
386
387 _wdev_common_station_config() {
388 config_add_string mac key vid iface
389 }
390
391 init_wireless_driver() {
392 name="$1"; shift
393 cmd="$1"; shift
394
395 case "$cmd" in
396 dump)
397 add_driver() {
398 eval "drv_$1_cleanup"
399
400 json_init
401 json_add_string name "$1"
402
403 json_add_array device
404 _wdev_common_device_config
405 eval "drv_$1_init_device_config"
406 json_close_array
407
408 json_add_array iface
409 _wdev_common_iface_config
410 eval "drv_$1_init_iface_config"
411 json_close_array
412
413 json_add_array vlan
414 _wdev_common_vlan_config
415 eval "drv_$1_init_vlan_config"
416 json_close_array
417
418 json_add_array station
419 _wdev_common_station_config
420 eval "drv_$1_init_station_config"
421 json_close_array
422
423 json_dump
424 }
425 ;;
426 setup|teardown)
427 interface="$1"; shift
428 data="$1"; shift
429 export __netifd_device="$interface"
430
431 add_driver() {
432 [[ "$name" == "$1" ]] || return 0
433 _wdev_handler "$1" "$cmd"
434 }
435 ;;
436 esac
437 }
OpenWrt Network interface configuration daemon