Enable management frame protection in hostapd, and make it configurable in /etc/confi...
[openwrt/openwrt.git] / package / hostapd / files / hostapd.sh
1 hostapd_set_bss_options() {
2 local var="$1"
3 local vif="$2"
4 local enc wpa_group_rekey
5
6 config_get enc "$vif" encryption
7 config_get wpa_group_rekey "$vif" wpa_group_rekey
8
9 # Examples:
10 # psk-mixed/tkip => WPA1+2 PSK, TKIP
11 # wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP
12 # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP
13 # ...
14
15 # TODO: move this parsing function somewhere generic, so that
16 # later it can be reused by drivers that don't use hostapd
17
18 # crypto defaults: WPA2 vs WPA1
19 case "$enc" in
20 wpa2*|*psk2*)
21 wpa=2
22 crypto="CCMP"
23 ;;
24 *mixed*)
25 wpa=3
26 crypto="CCMP TKIP"
27 ;;
28 *)
29 wpa=1
30 crypto="TKIP"
31 ;;
32 esac
33
34 # explicit override for crypto setting
35 case "$enc" in
36 *tkip+aes|*tkip+ccmp) crypto="CCMP TKIP";;
37 *aes|*ccmp) crypto="CCMP";;
38 *tkip) crypto="TKIP";;
39 esac
40
41 # use crypto/auth settings for building the hostapd config
42 case "$enc" in
43 *psk*)
44 config_get psk "$vif" key
45 if [ ${#psk} -eq 64 ]; then
46 append "$var" "wpa_psk=$psk" "$N"
47 else
48 append "$var" "wpa_passphrase=$psk" "$N"
49 fi
50 ;;
51 *wpa*)
52 # required fields? formats?
53 # hostapd is particular, maybe a default configuration for failures
54 config_get server "$vif" server
55 append "$var" "auth_server_addr=$server" "$N"
56 config_get port "$vif" port
57 port=${port:-1812}
58 append "$var" "auth_server_port=$port" "$N"
59 config_get secret "$vif" key
60 append "$var" "auth_server_shared_secret=$secret" "$N"
61 config_get nasid "$vif" nasid
62 append "$var" "nas_identifier=$nasid" "$N"
63 append "$var" "eapol_key_index_workaround=1" "$N"
64 append "$var" "radius_acct_interim_interval=300" "$N"
65 append "$var" "ieee8021x=1" "$N"
66 append "$var" "auth_algs=1" "$N"
67 append "$var" "wpa_key_mgmt=WPA-EAP" "$N"
68 append "$var" "wpa_group_rekey=300" "$N"
69 append "$var" "wpa_gmk_rekey=640" "$N"
70 ;;
71 *wep*)
72 config_get key "$vif" key
73 key="${key:-1}"
74 case "$key" in
75 [1234])
76 for idx in 1 2 3 4; do
77 local zidx
78 zidx=$(($idx - 1))
79 config_get ckey "$vif" "key${idx}"
80 [ -n "$ckey" ] && \
81 append "$var" "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N"
82 done
83 append "$var" "wep_default_key=$((key - 1))" "$N"
84 ;;
85 *)
86 append "$var" "wep_key0=$(prepare_key_wep "$key")" "$N"
87 append "$var" "wep_default_key=0" "$N"
88 ;;
89 esac
90 wpa=0
91 crypto=
92 ;;
93 *)
94 wpa=0
95 crypto=
96 ;;
97 esac
98 append "$var" "wpa=$wpa" "$N"
99 [ -n "$crypto" ] && append "$var" "wpa_pairwise=$crypto" "$N"
100 [ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N"
101
102 config_get ssid "$vif" ssid
103 config_get bridge "$vif" bridge
104 config_get ieee80211d "$vif" ieee80211d
105
106 append "$var" "ssid=$ssid" "$N"
107 [ -n "$bridge" ] && append "$var" "bridge=$bridge" "$N"
108 [ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N"
109
110 [ "$wpa" -ge "2" ] && config_get ieee80211w "$vif" ieee80211w
111 case "$ieee80211w" in
112 [012])
113 append "$var" "ieee80211w=$ieee80211w" "$N"
114 ;;
115 esac
116 }
117
118 hostapd_setup_vif() {
119 local vif="$1"
120 local driver="$2"
121 hostapd_cfg=
122
123 hostapd_set_bss_options hostapd_cfg "$vif"
124 config_get ifname "$vif" ifname
125 config_get device "$vif" device
126 config_get channel "$device" channel
127 config_get hwmode "$device" hwmode
128 case "$hwmode" in
129 *bg) hwmode=g;;
130 esac
131 [ "$channel" = auto ] && channel=
132 [ -n "$channel" -a -z "$hwmode" ] && wifi_fixup_hwmode "$device"
133 cat > /var/run/hostapd-$ifname.conf <<EOF
134 ctrl_interface=/var/run/hostapd-$ifname
135 driver=$driver
136 interface=$ifname
137 ${hwmode:+hw_mode=${hwmode#11}}
138 ${channel:+channel=$channel}
139 $hostapd_cfg
140 EOF
141 hostapd -P /var/run/wifi-$ifname.pid -B /var/run/hostapd-$ifname.conf
142 }
143