package/hostapd/files/hostapd.sh

   1 hostapd_setup_vif() {
   2         local vif="$1"
   3         local driver="$2"
   4         local hostapd_cfg=
   5
   6         # Examples:
   7         # psk-mixed/tkip        => WPA1+2 PSK, TKIP
   8         # wpa-psk2/tkip+aes     => WPA2 PSK, CCMP+TKIP
   9         # wpa2/tkip+aes         => WPA2 RADIUS, CCMP+TKIP
  10         # ...
  11
  12         # TODO: move this parsing function somewhere generic, so that
  13         # later it can be reused by drivers that don't use hostapd
  14
  15         # crypto defaults: WPA2 vs WPA1
  16         case "$enc" in
  17                 wpa2*|WPA2*|*PSK2*|*psk2*)
  18                         wpa=2
  19                         crypto="CCMP"
  20                 ;;
  21                 *mixed*)
  22                         wpa=3
  23                         crypto="CCMP TKIP"
  24                 ;;
  25                 *)
  26                         wpa=1
  27                         crypto="TKIP"
  28                 ;;
  29         esac
  30
  31         # explicit override for crypto setting
  32         case "$enc" in
  33                 *tkip+aes|*TKIP+AES|*tkip+ccmp|*TKIP+CCMP) crypto="CCMP TKIP";;
  34                 *tkip|*TKIP) crypto="TKIP";;
  35                 *aes|*AES|*ccmp|*CCMP) crypto="CCMP";;
  36         esac
  37
  38         # use crypto/auth settings for building the hostapd config
  39         case "$enc" in
  40                 *psk*|*PSK*)
  41                         config_get psk "$vif" key
  42                         append hostapd_cfg "wpa_passphrase=$psk" "$N"
  43                 ;;
  44                 *wpa*|*WPA*)
  45                         # required fields? formats?
  46                         # hostapd is particular, maybe a default configuration for failures
  47                         config_get server "$vif" server
  48                         append hostapd_cfg "auth_server_addr=$server" "$N"
  49                         config_get port "$vif" port
  50                         port=${port:-1812}
  51                         append hostapd_cfg "auth_server_port=$port" "$N"
  52                         config_get secret "$vif" key
  53                         append hostapd_cfg "auth_server_shared_secret=$secret" "$N"
  54                         config_get nasid "$vif" nasid
  55                         append hostapd_cfg "nas_identifier=$nasid" "$N"
  56                         append hostapd_cfg "eapol_key_index_workaround=1" "$N"
  57                         append hostapd_cfg "radius_acct_interim_interval=300" "$N"
  58                         append hostapd_cfg "ieee8021x=1" "$N"
  59                         append hostapd_cfg "auth_algs=1" "$N"
  60                         append hostapd_cfg "wpa_key_mgmt=WPA-EAP" "$N"
  61                         append hostapd_cfg "wpa_group_rekey=300" "$N"
  62                         append hostapd_cfg "wpa_gmk_rekey=640" "$N"
  63                 ;;
  64                 *)
  65                         return 0;
  66                 ;;
  67         esac
  68         config_get ifname "$vif" ifname
  69         config_get bridge "$vif" bridge
  70         config_get ssid "$vif" ssid
  71         cat > /var/run/hostapd-$ifname.conf <<EOF
  72 driver=$driver
  73 interface=$ifname
  74 ${bridge:+bridge=$bridge}
  75 ssid=$ssid
  76 debug=0
  77 wpa=$wpa
  78 wpa_pairwise=$crypto
  79 $hostapd_cfg
  80 EOF
  81         hostapd -B /var/run/hostapd-$ifname.conf
  82 }
  83