;;
eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP"
;;
eap-eap192)
append wpa_key_mgmt "WPA-EAP-SUITE-B-192"
config_add_string country
config_add_boolean country_ie doth
+ config_add_boolean spectrum_mgmt_required
+ config_add_int local_pwr_constraint
config_add_string require_mode
config_add_boolean legacy_rates
local base="${config%%.conf}"
local base_cfg=
- json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias
+ json_get_vars country country_ie beacon_int:100 dtim_period:2 doth require_mode legacy_rates \
+ acs_chan_bias local_pwr_constraint spectrum_mgmt_required
hostapd_set_log_options base_cfg
set_default country_ie 1
+ set_default spectrum_mgmt_required 0
set_default doth 1
set_default legacy_rates 1
[ -n "$country" ] && {
append base_cfg "country_code=$country" "$N"
- [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N"
+ [ "$country_ie" -gt 0 ] && {
+ append base_cfg "ieee80211d=1" "$N"
+ [ -n "$local_pwr_constraint" ] && append base_cfg "local_pwr_constraint=$local_pwr_constraint" "$N"
+ [ "$spectrum_mgmt_required" -gt 0 ] && append base_cfg "spectrum_mgmt_required=$spectrum_mgmt_required" "$N"
+ }
[ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N"
}
[ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N"
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
append base_cfg "beacon_int=$beacon_int" "$N"
+ append base_cfg "dtim_period=$dtim_period" "$N"
json_get_values opts hostapd_options
for val in $opts; do
config_add_int \
wep_rekey eap_reauth_period \
wpa_group_rekey wpa_pair_rekey wpa_master_rekey
+ config_add_boolean wpa_strict_rekey
config_add_boolean wpa_disable_eapol_key_retries
config_add_boolean tdls_prohibit
config_add_string radius_client_addr
config_add_string iapp_interface
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+ config_add_boolean ca_cert_usesystem ca_cert2_usesystem
+ config_add_string subject_match subject_match2
+ config_add_array altsubject_match altsubject_match2
+ config_add_array domain_match domain_match2 domain_suffix_match domain_suffix_match2
config_add_string ieee80211w_mgmt_cipher
config_add_int dynamic_vlan vlan_naming
local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
json_get_vars \
- wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
+ wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_strict_rekey \
wpa_disable_eapol_key_retries tdls_prohibit \
maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
[ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N"
[ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N"
[ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N"
+ [ -n "$wpa_strict_rekey" ] && append bss_conf "wpa_strict_rekey=$wpa_strict_rekey" "$N"
}
[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N"
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
- set_default ft_psk_generate_local 1
set_default ft_over_ds 1
set_default reassociation_deadline 1000
+ case "$auth_type" in
+ psk|sae|psk-sae)
+ set_default ft_psk_generate_local 1
+ ;;
+ *)
+ set_default ft_psk_generate_local 0
+ ;;
+ esac
+
append bss_conf "mobility_domain=$mobility_domain" "$N"
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
append bss_conf "ft_over_ds=$ft_over_ds" "$N"
local ap_scan=
_w_mode="$mode"
- _w_modestr=
- [[ "$mode" = adhoc ]] && {
+ [ "$mode" = adhoc ] && {
ap_scan="ap_scan=2"
-
- _w_modestr="mode=1"
}
local country_str=
case "$htmode" in
VHT80) append network_data "max_oper_chwidth=1" "$N$T";;
VHT160) append network_data "max_oper_chwidth=2" "$N$T";;
- *) append network_data "max_oper_chwidth=0" "$N$T";;
+ VHT20|VHT40) append network_data "max_oper_chwidth=0" "$N$T";;
+ *) append network_data "disable_vht=1" "$N$T";;
esac
}
local scan_ssid="scan_ssid=1"
local freq wpa_key_mgmt
- [[ "$_w_mode" = "adhoc" ]] && {
+ [ "$_w_mode" = "adhoc" ] && {
append network_data "mode=1" "$N$T"
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode"
+ [ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T"
scan_ssid="scan_ssid=0"
[ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE"
}
- [[ "$_w_mode" = "mesh" ]] && {
+ [ "$_w_mode" = "mesh" ] && {
json_get_vars mesh_id mesh_fwding mesh_rssi_threshold
[ -n "$mesh_id" ] && ssid="${mesh_id}"
scan_ssid=""
}
- [ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T"
-
[ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T"
case "$auth_type" in
hostapd_append_wpa_key_mgmt
key_mgmt="$wpa_key_mgmt"
- json_get_vars eap_type identity anonymous_identity ca_cert
- [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ json_get_vars eap_type identity anonymous_identity ca_cert ca_cert_usesystem
+
+ if [ "$ca_cert_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T"
+ fi
[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T"
[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T"
case "$eap_type" in
append network_data "client_cert=\"$client_cert\"" "$N$T"
append network_data "private_key=\"$priv_key\"" "$N$T"
append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T"
+
+ json_get_vars subject_match
+ [ -n "$subject_match" ] && append network_data "subject_match=\"$subject_match\"" "$N$T"
+
+ json_get_values altsubject_match altsubject_match
+ if [ -n "$altsubject_match" ]; then
+ local list=
+ for x in $altsubject_match; do
+ append list "$x" ";"
+ done
+ append network_data "altsubject_match=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_match domain_match
+ if [ -n "$domain_match" ]; then
+ local list=
+ for x in $domain_match; do
+ append list "$x" ";"
+ done
+ append network_data "domain_match=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_suffix_match domain_suffix_match
+ if [ -n "$domain_suffix_match" ]; then
+ local list=
+ for x in $domain_suffix_match; do
+ append list "$x" ";"
+ done
+ append network_data "domain_suffix_match=\"$list\"" "$N$T"
+ fi
;;
fast|peap|ttls)
- json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd
+ json_get_vars auth password ca_cert2 ca_cert2_usesystem client_cert2 priv_key2 priv_key2_pwd
set_default auth MSCHAPV2
if [ "$auth" = "EAP-TLS" ]; then
- [ -n "$ca_cert2" ] &&
- append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ if [ "$ca_cert2_usesystem" -eq "1" -a -f "/etc/ssl/certs/ca-certificates.crt" ]; then
+ append network_data "ca_cert2=\"/etc/ssl/certs/ca-certificates.crt\"" "$N$T"
+ else
+ [ -n "$ca_cert2" ] && append network_data "ca_cert2=\"$ca_cert2\"" "$N$T"
+ fi
append network_data "client_cert2=\"$client_cert2\"" "$N$T"
append network_data "private_key2=\"$priv_key2\"" "$N$T"
append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T"
append network_data "password=\"$password\"" "$N$T"
fi
+ json_get_vars subject_match
+ [ -n "$subject_match" ] && append network_data "subject_match=\"$subject_match\"" "$N$T"
+
+ json_get_values altsubject_match altsubject_match
+ if [ -n "$altsubject_match" ]; then
+ local list=
+ for x in $altsubject_match; do
+ append list "$x" ";"
+ done
+ append network_data "altsubject_match=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_match domain_match
+ if [ -n "$domain_match" ]; then
+ local list=
+ for x in $domain_match; do
+ append list "$x" ";"
+ done
+ append network_data "domain_match=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_suffix_match domain_suffix_match
+ if [ -n "$domain_suffix_match" ]; then
+ local list=
+ for x in $domain_suffix_match; do
+ append list "$x" ";"
+ done
+ append network_data "domain_suffix_match=\"$list\"" "$N$T"
+ fi
+
phase2proto="auth="
case "$auth" in
"auth"*)
auth="$(echo $auth | cut -b 5- )"
[ "$eap_type" = "ttls" ] &&
phase2proto="autheap="
+ json_get_vars subject_match2
+ [ -n "$subject_match2" ] && append network_data "subject_match2=\"$subject_match2\"" "$N$T"
+
+ json_get_values altsubject_match2 altsubject_match2
+ if [ -n "$altsubject_match2" ]; then
+ local list=
+ for x in $altsubject_match2; do
+ append list "$x" ";"
+ done
+ append network_data "altsubject_match2=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_match2 domain_match2
+ if [ -n "$domain_match2" ]; then
+ local list=
+ for x in $domain_match2; do
+ append list "$x" ";"
+ done
+ append network_data "domain_match2=\"$list\"" "$N$T"
+ fi
+
+ json_get_values domain_suffix_match2 domain_suffix_match2
+ if [ -n "$domain_suffix_match2" ]; then
+ local list=
+ for x in $domain_suffix_match2; do
+ append list "$x" ";"
+ done
+ append network_data "domain_suffix_match2=\"$list\"" "$N$T"
+ fi
;;
esac
append network_data "phase2=\"$phase2proto$auth\"" "$N$T"
_wpa_supplicant_common "$ifname"
- ubus wait_for wpa_supplicant.$phy
- ubus call wpa_supplicant.$phy config_add "{ \
+ ubus wait_for wpa_supplicant
+ ubus call wpa_supplicant config_add "{ \
\"driver\": \"${_w_driver:-wext}\", \"ctrl\": \"$_rpath\", \
\"iface\": \"$ifname\", \"config\": \"$_config\" \
${network_bridge:+, \"bridge\": \"$network_bridge\"} \
[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED
- local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant-${phy}'].pid")
+ local supplicant_pid=$(ubus call service list '{"name": "hostapd"}' | jsonfilter -l 1 -e "@['hostapd'].instances['supplicant'].pid")
wireless_add_process "$supplicant_pid" "/usr/sbin/wpa_supplicant" 1
return $ret