From 71782efdfb9591cc5e53c54fd201804de0ce7ba9 Mon Sep 17 00:00:00 2001 From: lakinduakash Date: Thu, 28 Feb 2019 20:37:17 +0530 Subject: [PATCH] Initial commit --- LICENSE | 23 + Makefile | 21 + README.md | 87 +++ bash_completion | 168 ++++ create_ap | 1868 +++++++++++++++++++++++++++++++++++++++++++++ create_ap.conf | 28 + create_ap.service | 13 + howto/realtek.md | 74 ++ 8 files changed, 2282 insertions(+) create mode 100644 LICENSE create mode 100644 Makefile create mode 100644 README.md create mode 100644 bash_completion create mode 100755 create_ap create mode 100644 create_ap.conf create mode 100644 create_ap.service create mode 100644 howto/realtek.md diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..cdea412 --- /dev/null +++ b/LICENSE @@ -0,0 +1,23 @@ +Copyright (c) 2013, oblique +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + +* Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. + +* Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER +CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, +OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..57911b5 --- /dev/null +++ b/Makefile @@ -0,0 +1,21 @@ +PREFIX=/usr +MANDIR=$(PREFIX)/share/man +BINDIR=$(PREFIX)/bin + +all: + @echo "Run 'make install' for installation." + @echo "Run 'make uninstall' for uninstallation." + +install: + install -Dm755 create_ap $(DESTDIR)$(BINDIR)/create_ap + install -Dm644 create_ap.conf $(DESTDIR)/etc/create_ap.conf + [ ! -d /lib/systemd/system ] || install -Dm644 create_ap.service $(DESTDIR)$(PREFIX)/lib/systemd/system/create_ap.service + install -Dm644 bash_completion $(DESTDIR)$(PREFIX)/share/bash-completion/completions/create_ap + install -Dm644 README.md $(DESTDIR)$(PREFIX)/share/doc/create_ap/README.md + +uninstall: + rm -f $(DESTDIR)$(BINDIR)/create_ap + rm -f $(DESTDIR)/etc/create_ap.conf + [ ! -f /lib/systemd/system/create_ap.service ] || rm -f $(DESTDIR)$(PREFIX)/lib/systemd/system/create_ap.service + rm -f $(DESTDIR)$(PREFIX)/share/bash-completion/completions/create_ap + rm -f $(DESTDIR)$(PREFIX)/share/doc/create_ap/README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..a56e643 --- /dev/null +++ b/README.md @@ -0,0 +1,87 @@ +## Features +* Create an AP (Access Point) at any channel. +* Choose one of the following encryptions: WPA, WPA2, WPA/WPA2, Open (no encryption). +* Hide your SSID. +* Disable communication between clients (client isolation). +* IEEE 802.11n & 802.11ac support +* Internet sharing methods: NATed or Bridged or None (no Internet sharing). +* Choose the AP Gateway IP (only for 'NATed' and 'None' Internet sharing methods). +* You can create an AP with the same interface you are getting your Internet connection. +* You can pass your SSID and password through pipe or through arguments (see examples). + + +## Dependencies +### General +* bash (to run this script) +* util-linux (for getopt) +* procps or procps-ng +* hostapd +* iproute2 +* iw +* iwconfig (you only need this if 'iw' can not recognize your adapter) +* haveged (optional) + +### For 'NATed' or 'None' Internet sharing method +* dnsmasq +* iptables + + +## Installation +### Generic + git clone https://github.com/oblique/create_ap + cd create_ap + make install + +### ArchLinux + pacman -S create_ap + +### Gentoo + emerge layman + layman -f -a jorgicio + emerge net-wireless/create_ap + +## Examples +### No passphrase (open network): + create_ap wlan0 eth0 MyAccessPoint + +### WPA + WPA2 passphrase: + create_ap wlan0 eth0 MyAccessPoint MyPassPhrase + +### AP without Internet sharing: + create_ap -n wlan0 MyAccessPoint MyPassPhrase + +### Bridged Internet sharing: + create_ap -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase + +### Bridged Internet sharing (pre-configured bridge interface): + create_ap -m bridge wlan0 br0 MyAccessPoint MyPassPhrase + +### Internet sharing from the same WiFi interface: + create_ap wlan0 wlan0 MyAccessPoint MyPassPhrase + +### Choose a different WiFi adapter driver + create_ap --driver rtl871xdrv wlan0 eth0 MyAccessPoint MyPassPhrase + +### No passphrase (open network) using pipe: + echo -e "MyAccessPoint" | create_ap wlan0 eth0 + +### WPA + WPA2 passphrase using pipe: + echo -e "MyAccessPoint\nMyPassPhrase" | create_ap wlan0 eth0 + +### Enable IEEE 802.11n + create_ap --ieee80211n --ht_capab '[HT40+]' wlan0 eth0 MyAccessPoint MyPassPhrase + +### Client Isolation: + create_ap --isolate-clients wlan0 eth0 MyAccessPoint MyPassPhrase + +## Systemd service +Using the persistent [systemd](https://wiki.archlinux.org/index.php/systemd#Basic_systemctl_usage) service +### Start service immediately: + systemctl start create_ap + +### Start on boot: + systemctl enable create_ap + + +## License +FreeBSD diff --git a/bash_completion b/bash_completion new file mode 100644 index 0000000..aae0bb2 --- /dev/null +++ b/bash_completion @@ -0,0 +1,168 @@ +# +# Bash Completion routine for create_ap +# + +_use_filedir() { + if [[ $(type -t _filedir) == "function" ]]; then + _filedir + return 0 + fi + return 1 +} + +_create_ap() { + local awk_cmd=' + ($1 ~ /^-/) { + for (i = 1; i <= NF; i++) { + if ($i ~ /,$/) { + print substr ($i, 0, length ($i)-1) + } + else { + print $i + break + } + } + } + ' + + local cur prev opts + COMPREPLY=() + cur="$2" + prev="$3" + opts=$("$1" --help | awk "$awk_cmd") + + case "$prev" in + -h|--help) + # No Options + ;; + --version) + # No Options + ;; + -c) + # Refer http://en.wikipedia.org/wiki/List_of_WLAN_channels + opts=$( + iw list | grep ' MHz \[[[:digit:]]\+\] ' | + grep -v 'no IR\|disabled' | + sed 's/.*\[\(.*\)\].*/\1/' | sort -n | uniq + ) + ;; + -w) + opts="1 2 1+2" + ;; + -n) + # No Options + ;; + -m) + opts="nat bridge none" + ;; + --psk) + # No Options + ;; + --hidden) + # No Options + ;; + --mac-filter) + # No Options + ;; + --mac-filter-accept) + # No Options + ;; + --ieee80211n) + # No Options + ;; + --ht_capab) + # Refer http://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf + opts=' + [LDPC] [HT40-] [HT40+] [SMPS-STATIC] [SMPS-DYNAMIC] + [GF] [SHORT-GI-20] [SHORT-GI-40] [TX-STBC] + [RX-STBC1] [RX-STBC12] [RX-STBC123] [DELAYED-BA] + [MAX-AMSDU-7935] [DSSS_CCK-40] [40-INTOLERANT] + [LSIG-TXOP-PROT] + ' + ;; + --country) + local reg_file=/usr/lib/crda/regulatory.bin + if command -v regdbdump > /dev/null && [[ -f "$reg_file" ]]; then + local country_awk_cmd=' + ($1 ~ /^country/) { + print substr ($2, 0, length ($2)-1) + } + ' + opts=$(regdbdump "$reg_file" 2>/dev/null | awk "$country_awk_cmd") + else + opts=' + AD AE AF AI AL AM AN AR AS AT AU AW AZ BA BB BD BE + BF BG BH BL BM BN BO BR BS BT BY BZ CA CF CH CI CL + CN CO CR CX CY CZ DE DK DM DO DZ EC EE EG ES ET FI + FM FR GB GD GE GF GH GL GP GR GT GU GY HK HN HR HT + HU ID IE IL IN IR IS IT JM JO JP KE KH KN KP KR KW + KY KZ LB LC LI LK LS LT LU LV MA MC MD ME MF MH MK + MN MO MP MQ MR MT MU MW MX MY NG NI NL NO NP NZ OM + PA PE PF PG PH PK PL PM PR PT PW PY QA RE RO RS RU + RW SA SE SG SI SK SN SR SV SY TC TD TG TH TN TR TT + TW TZ UA UG US UY UZ VC VE VI VN VU WF WS YE YT ZA + ZW 00 + ' + fi + ;; + --freq-band) + opts="2.4 5" + ;; + --driver) + # Refer http://w1.fi/cgit/hostap/tree/src/drivers + # Not going to implement + ;; + --no-virt) + # No Options + ;; + --no-haveged) + # No Options + ;; + --fix-unmanaged) + # No Options + ;; + --mac) + # Not going to implement + ;; + --daemon) + # No Options + ;; + --stop) + local stop_awk_cmd='$1 ~ /^[0-9]+$/' + opts=$("$1" --list-running | awk "$stop_awk_cmd") + ;; + --list-running) + # No Options + ;; + --list-clients) + local clients_awk_cmd='$1 ~ /^[0-9]+$/' + opts=$("$1" --list-running | awk "$clients_awk_cmd") + ;; + --no-dns) + # No Options + ;; + --dhcp-dns) + # Not going to implement + ;; + --mkconfig) + _use_filedir && return 0 + ;; + --config) + _use_filedir && return 0 + ;; + -g) + # Not going to implement + ;; + -d) + # No Options + ;; + *) + ;; + esac + + COMPREPLY=( $(compgen -W "$opts" -- $cur) ) + return 0 +} +complete -F _create_ap create_ap + +# vim: set ft=sh: diff --git a/create_ap b/create_ap new file mode 100755 index 0000000..6b3b5ca --- /dev/null +++ b/create_ap @@ -0,0 +1,1868 @@ +#!/bin/bash + +# general dependencies: +# bash (to run this script) +# util-linux (for getopt) +# procps or procps-ng +# hostapd +# iproute2 +# iw +# iwconfig (you only need this if 'iw' can not recognize your adapter) +# haveged (optional) + +# dependencies for 'nat' or 'none' Internet sharing method +# dnsmasq +# iptables + +VERSION=0.4.6 +PROGNAME="$(basename $0)" + +# make sure that all command outputs are in english +# so we can parse them correctly +export LC_ALL=C + +# all new files and directories must be readable only by root. +# in special cases we must use chmod to give any other permissions. +SCRIPT_UMASK=0077 +umask $SCRIPT_UMASK + +usage() { + echo "Usage: "$PROGNAME" [options] [] [ []]" + echo + echo "Options:" + echo " -h, --help Show this help" + echo " --version Print version number" + echo " -c Channel number (default: 1)" + echo " -w Use 1 for WPA, use 2 for WPA2, use 1+2 for both (default: 1+2)" + echo " -n Disable Internet sharing (if you use this, don't pass" + echo " the argument)" + echo " -m Method for Internet sharing." + echo " Use: 'nat' for NAT (default)" + echo " 'bridge' for bridging" + echo " 'none' for no Internet sharing (equivalent to -n)" + echo " --psk Use 64 hex digits pre-shared-key instead of passphrase" + echo " --hidden Make the Access Point hidden (do not broadcast the SSID)" + echo " --mac-filter Enable MAC address filtering" + echo " --mac-filter-accept Location of MAC address filter list (defaults to /etc/hostapd/hostapd.accept)" + echo " --redirect-to-localhost If -n is set, redirect every web request to localhost (useful for public information networks)" + echo " --hostapd-debug With level between 1 and 2, passes arguments -d or -dd to hostapd for debugging." + echo " --isolate-clients Disable communication between clients" + echo " --ieee80211n Enable IEEE 802.11n (HT)" + echo " --ieee80211ac Enable IEEE 802.11ac (VHT)" + echo " --ht_capab HT capabilities (default: [HT40+])" + echo " --vht_capab VHT capabilities" + echo " --country Set two-letter country code for regularity (example: US)" + echo " --freq-band Set frequency band. Valid inputs: 2.4, 5 (default: 2.4)" + echo " --driver Choose your WiFi adapter driver (default: nl80211)" + echo " --no-virt Do not create virtual interface" + echo " --no-haveged Do not run 'haveged' automatically when needed" + echo " --fix-unmanaged If NetworkManager shows your interface as unmanaged after you" + echo " close create_ap, then use this option to switch your interface" + echo " back to managed" + echo " --mac Set MAC address" + echo " --dhcp-dns Set DNS returned by DHCP" + echo " --daemon Run create_ap in the background" + echo " --stop Send stop command to an already running create_ap. For an " + echo " you can put the PID of create_ap or the WiFi interface. You can" + echo " get them with --list-running" + echo " --list-running Show the create_ap processes that are already running" + echo " --list-clients List the clients connected to create_ap instance associated with ." + echo " For an you can put the PID of create_ap or the WiFi interface." + echo " If virtual WiFi interface was created, then use that one." + echo " You can get them with --list-running" + echo " --mkconfig Store configs in conf_file" + echo " --config Load configs from conf_file" + echo + echo "Non-Bridging Options:" + echo " --no-dns Disable dnsmasq DNS server" + echo " --no-dnsmasq Disable dnsmasq server completely" + echo " -g IPv4 Gateway for the Access Point (default: 192.168.12.1)" + echo " -d DNS server will take into account /etc/hosts" + echo " -e DNS server will take into account additional hosts file" + echo + echo "Useful informations:" + echo " * If you're not using the --no-virt option, then you can create an AP with the same" + echo " interface you are getting your Internet connection." + echo " * You can pass your SSID and password through pipe or through arguments (see examples)." + echo " * On bridge method if the is not a bridge interface, then" + echo " a bridge interface is created automatically." + echo + echo "Examples:" + echo " "$PROGNAME" wlan0 eth0 MyAccessPoint MyPassPhrase" + echo " echo -e 'MyAccessPoint\nMyPassPhrase' | "$PROGNAME" wlan0 eth0" + echo " "$PROGNAME" wlan0 eth0 MyAccessPoint" + echo " echo 'MyAccessPoint' | "$PROGNAME" wlan0 eth0" + echo " "$PROGNAME" wlan0 wlan0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" -n wlan0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" -m bridge wlan0 eth0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" -m bridge wlan0 br0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" --driver rtl871xdrv wlan0 eth0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" --daemon wlan0 eth0 MyAccessPoint MyPassPhrase" + echo " "$PROGNAME" --stop wlan0" +} + +# on success it echos a non-zero unused FD +# on error it echos 0 +get_avail_fd() { + local x + for x in $(seq 1 $(ulimit -n)); do + if [[ ! -a "/proc/$BASHPID/fd/$x" ]]; then + echo $x + return + fi + done + echo 0 +} + +# lock file for the mutex counter +COUNTER_LOCK_FILE=/tmp/create_ap.$$.lock + +cleanup_lock() { + rm -f $COUNTER_LOCK_FILE +} + +init_lock() { + local LOCK_FILE=/tmp/create_ap.all.lock + + # we initialize only once + [[ $LOCK_FD -ne 0 ]] && return 0 + + LOCK_FD=$(get_avail_fd) + [[ $LOCK_FD -eq 0 ]] && return 1 + + # open/create lock file with write access for all users + # otherwise normal users will not be able to use it. + # to avoid race conditions on creation, we need to + # use umask to set the permissions. + umask 0555 + eval "exec $LOCK_FD>$LOCK_FILE" > /dev/null 2>&1 || return 1 + umask $SCRIPT_UMASK + + # there is a case where lock file was created from a normal + # user. change the owner to root as soon as we can. + [[ $(id -u) -eq 0 ]] && chown 0:0 $LOCK_FILE + + # create mutex counter lock file + echo 0 > $COUNTER_LOCK_FILE + + return $? +} + +# recursive mutex lock for all create_ap processes +mutex_lock() { + local counter_mutex_fd + local counter + + # lock local mutex and read counter + counter_mutex_fd=$(get_avail_fd) + if [[ $counter_mutex_fd -ne 0 ]]; then + eval "exec $counter_mutex_fd<>$COUNTER_LOCK_FILE" + flock $counter_mutex_fd + read -u $counter_mutex_fd counter + else + echo "Failed to lock mutex counter" >&2 + return 1 + fi + + # lock global mutex and increase counter + [[ $counter -eq 0 ]] && flock $LOCK_FD + counter=$(( $counter + 1 )) + + # write counter and unlock local mutex + echo $counter > /proc/$BASHPID/fd/$counter_mutex_fd + eval "exec ${counter_mutex_fd}<&-" + return 0 +} + +# recursive mutex unlock for all create_ap processes +mutex_unlock() { + local counter_mutex_fd + local counter + + # lock local mutex and read counter + counter_mutex_fd=$(get_avail_fd) + if [[ $counter_mutex_fd -ne 0 ]]; then + eval "exec $counter_mutex_fd<>$COUNTER_LOCK_FILE" + flock $counter_mutex_fd + read -u $counter_mutex_fd counter + else + echo "Failed to lock mutex counter" >&2 + return 1 + fi + + # decrease counter and unlock global mutex + if [[ $counter -gt 0 ]]; then + counter=$(( $counter - 1 )) + [[ $counter -eq 0 ]] && flock -u $LOCK_FD + fi + + # write counter and unlock local mutex + echo $counter > /proc/$BASHPID/fd/$counter_mutex_fd + eval "exec ${counter_mutex_fd}<&-" + return 0 +} + +# it takes 2 arguments +# returns: +# 0 if v1 (1st argument) and v2 (2nd argument) are the same +# 1 if v1 is less than v2 +# 2 if v1 is greater than v2 +version_cmp() { + local V1 V2 VN x + [[ ! $1 =~ ^[0-9]+(\.[0-9]+)*$ ]] && die "Wrong version format!" + [[ ! $2 =~ ^[0-9]+(\.[0-9]+)*$ ]] && die "Wrong version format!" + + V1=( $(echo $1 | tr '.' ' ') ) + V2=( $(echo $2 | tr '.' ' ') ) + VN=${#V1[@]} + [[ $VN -lt ${#V2[@]} ]] && VN=${#V2[@]} + + for ((x = 0; x < $VN; x++)); do + [[ ${V1[x]} -lt ${V2[x]} ]] && return 1 + [[ ${V1[x]} -gt ${V2[x]} ]] && return 2 + done + + return 0 +} + +USE_IWCONFIG=0 + +is_interface() { + [[ -z "$1" ]] && return 1 + [[ -d "/sys/class/net/${1}" ]] +} + +is_wifi_interface() { + which iw > /dev/null 2>&1 && iw dev $1 info > /dev/null 2>&1 && return 0 + if which iwconfig > /dev/null 2>&1 && iwconfig $1 > /dev/null 2>&1; then + USE_IWCONFIG=1 + return 0 + fi + return 1 +} + +is_bridge_interface() { + [[ -z "$1" ]] && return 1 + [[ -d "/sys/class/net/${1}/bridge" ]] +} + +get_phy_device() { + local x + for x in /sys/class/ieee80211/*; do + [[ ! -e "$x" ]] && continue + if [[ "${x##*/}" = "$1" ]]; then + echo $1 + return 0 + elif [[ -e "$x/device/net/$1" ]]; then + echo ${x##*/} + return 0 + elif [[ -e "$x/device/net:$1" ]]; then + echo ${x##*/} + return 0 + fi + done + echo "Failed to get phy interface" >&2 + return 1 +} + +get_adapter_info() { + local PHY + PHY=$(get_phy_device "$1") + [[ $? -ne 0 ]] && return 1 + iw phy $PHY info +} + +get_adapter_kernel_module() { + local MODULE + MODULE=$(readlink -f "/sys/class/net/$1/device/driver/module") + echo ${MODULE##*/} +} + +can_be_sta_and_ap() { + # iwconfig does not provide this information, assume false + [[ $USE_IWCONFIG -eq 1 ]] && return 1 + if [[ "$(get_adapter_kernel_module "$1")" == "brcmfmac" ]]; then + echo "WARN: brmfmac driver doesn't work properly with virtual interfaces and" >&2 + echo " it can cause kernel panic. For this reason we disallow virtual" >&2 + echo " interfaces for your adapter." >&2 + echo " For more info: https://github.com/oblique/create_ap/issues/203" >&2 + return 1 + fi + get_adapter_info "$1" | grep -E '{.* managed.* AP.*}' > /dev/null 2>&1 && return 0 + get_adapter_info "$1" | grep -E '{.* AP.* managed.*}' > /dev/null 2>&1 && return 0 + return 1 +} + +can_be_ap() { + # iwconfig does not provide this information, assume true + [[ $USE_IWCONFIG -eq 1 ]] && return 0 + get_adapter_info "$1" | grep -E '\* AP$' > /dev/null 2>&1 && return 0 + return 1 +} + +can_transmit_to_channel() { + local IFACE CHANNEL_NUM CHANNEL_INFO + IFACE=$1 + CHANNEL_NUM=$2 + + if [[ $USE_IWCONFIG -eq 0 ]]; then + if [[ $FREQ_BAND == 2.4 ]]; then + CHANNEL_INFO=$(get_adapter_info ${IFACE} | grep " 24[0-9][0-9] MHz \[${CHANNEL_NUM}\]") + else + CHANNEL_INFO=$(get_adapter_info ${IFACE} | grep " \(49[0-9][0-9]\|5[0-9]\{3\}\) MHz \[${CHANNEL_NUM}\]") + fi + [[ -z "${CHANNEL_INFO}" ]] && return 1 + [[ "${CHANNEL_INFO}" == *no\ IR* ]] && return 1 + [[ "${CHANNEL_INFO}" == *disabled* ]] && return 1 + return 0 + else + CHANNEL_NUM=$(printf '%02d' ${CHANNEL_NUM}) + CHANNEL_INFO=$(iwlist ${IFACE} channel | grep -E "Channel[[:blank:]]${CHANNEL_NUM}[[:blank:]]?:") + [[ -z "${CHANNEL_INFO}" ]] && return 1 + return 0 + fi +} + +# taken from iw/util.c +ieee80211_frequency_to_channel() { + local FREQ=$1 + if [[ $FREQ -eq 2484 ]]; then + echo 14 + elif [[ $FREQ -lt 2484 ]]; then + echo $(( ($FREQ - 2407) / 5 )) + elif [[ $FREQ -ge 4910 && $FREQ -le 4980 ]]; then + echo $(( ($FREQ - 4000) / 5 )) + elif [[ $FREQ -le 45000 ]]; then + echo $(( ($FREQ - 5000) / 5 )) + elif [[ $FREQ -ge 58320 && $FREQ -le 64800 ]]; then + echo $(( ($FREQ - 56160) / 2160 )) + else + echo 0 + fi +} + +is_5ghz_frequency() { + [[ $1 =~ ^(49[0-9]{2})|(5[0-9]{3})$ ]] +} + +is_wifi_connected() { + if [[ $USE_IWCONFIG -eq 0 ]]; then + iw dev "$1" link 2>&1 | grep -E '^Connected to' > /dev/null 2>&1 && return 0 + else + iwconfig "$1" 2>&1 | grep -E 'Access Point: [0-9a-fA-F]{2}:' > /dev/null 2>&1 && return 0 + fi + return 1 +} + +is_macaddr() { + echo "$1" | grep -E "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$" > /dev/null 2>&1 +} + +is_unicast_macaddr() { + local x + is_macaddr "$1" || return 1 + x=$(echo "$1" | cut -d: -f1) + x=$(printf '%d' "0x${x}") + [[ $(expr $x % 2) -eq 0 ]] +} + +get_macaddr() { + is_interface "$1" || return + cat "/sys/class/net/${1}/address" +} + +get_mtu() { + is_interface "$1" || return + cat "/sys/class/net/${1}/mtu" +} + +alloc_new_iface() { + local prefix=$1 + local i=0 + + mutex_lock + while :; do + if ! is_interface $prefix$i && [[ ! -f $COMMON_CONFDIR/ifaces/$prefix$i ]]; then + mkdir -p $COMMON_CONFDIR/ifaces + touch $COMMON_CONFDIR/ifaces/$prefix$i + echo $prefix$i + mutex_unlock + return + fi + i=$((i + 1)) + done + mutex_unlock +} + +dealloc_iface() { + rm -f $COMMON_CONFDIR/ifaces/$1 +} + +get_all_macaddrs() { + cat /sys/class/net/*/address +} + +get_new_macaddr() { + local OLDMAC NEWMAC LAST_BYTE i + OLDMAC=$(get_macaddr "$1") + LAST_BYTE=$(printf %d 0x${OLDMAC##*:}) + mutex_lock + for i in {1..255}; do + NEWMAC="${OLDMAC%:*}:$(printf %02x $(( ($LAST_BYTE + $i) % 256 )))" + (get_all_macaddrs | grep "$NEWMAC" > /dev/null 2>&1) || break + done + mutex_unlock + echo $NEWMAC +} + +# start haveged when needed +haveged_watchdog() { + local show_warn=1 + while :; do + mutex_lock + if [[ $(cat /proc/sys/kernel/random/entropy_avail) -lt 1000 ]]; then + if ! which haveged > /dev/null 2>&1; then + if [[ $show_warn -eq 1 ]]; then + echo "WARN: Low entropy detected. We recommend you to install \`haveged'" + show_warn=0 + fi + elif ! pidof haveged > /dev/null 2>&1; then + echo "Low entropy detected, starting haveged" + # boost low-entropy + haveged -w 1024 -p $COMMON_CONFDIR/haveged.pid + fi + fi + mutex_unlock + sleep 2 + done +} + +NETWORKMANAGER_CONF=/etc/NetworkManager/NetworkManager.conf +NM_OLDER_VERSION=1 + +networkmanager_exists() { + local NM_VER + which nmcli > /dev/null 2>&1 || return 1 + NM_VER=$(nmcli -v | grep -m1 -oE '[0-9]+(\.[0-9]+)*\.[0-9]+') + version_cmp $NM_VER 0.9.9 + if [[ $? -eq 1 ]]; then + NM_OLDER_VERSION=1 + else + NM_OLDER_VERSION=0 + fi + return 0 +} + +networkmanager_is_running() { + local NMCLI_OUT + networkmanager_exists || return 1 + if [[ $NM_OLDER_VERSION -eq 1 ]]; then + NMCLI_OUT=$(nmcli -t -f RUNNING nm 2>&1 | grep -E '^running$') + else + NMCLI_OUT=$(nmcli -t -f RUNNING g 2>&1 | grep -E '^running$') + fi + [[ -n "$NMCLI_OUT" ]] +} + +networkmanager_iface_is_unmanaged() { + is_interface "$1" || return 2 + (nmcli -t -f DEVICE,STATE d 2>&1 | grep -E "^$1:unmanaged$" > /dev/null 2>&1) || return 1 +} + +ADDED_UNMANAGED= + +networkmanager_add_unmanaged() { + local MAC UNMANAGED WAS_EMPTY x + networkmanager_exists || return 1 + + [[ -d ${NETWORKMANAGER_CONF%/*} ]] || mkdir -p ${NETWORKMANAGER_CONF%/*} + [[ -f ${NETWORKMANAGER_CONF} ]] || touch ${NETWORKMANAGER_CONF} + + if [[ $NM_OLDER_VERSION -eq 1 ]]; then + if [[ -z "$2" ]]; then + MAC=$(get_macaddr "$1") + else + MAC="$2" + fi + [[ -z "$MAC" ]] && return 1 + fi + + mutex_lock + UNMANAGED=$(grep -m1 -Eo '^unmanaged-devices=[[:alnum:]:;,-]*' /etc/NetworkManager/NetworkManager.conf) + + WAS_EMPTY=0 + [[ -z "$UNMANAGED" ]] && WAS_EMPTY=1 + UNMANAGED=$(echo "$UNMANAGED" | sed 's/unmanaged-devices=//' | tr ';,' ' ') + + # if it exists, do nothing + for x in $UNMANAGED; do + if [[ $x == "mac:${MAC}" ]] || + [[ $NM_OLDER_VERSION -eq 0 && $x == "interface-name:${1}" ]]; then + mutex_unlock + return 2 + fi + done + + if [[ $NM_OLDER_VERSION -eq 1 ]]; then + UNMANAGED="${UNMANAGED} mac:${MAC}" + else + UNMANAGED="${UNMANAGED} interface-name:${1}" + fi + + UNMANAGED=$(echo $UNMANAGED | sed -e 's/^ //') + UNMANAGED="${UNMANAGED// /;}" + UNMANAGED="unmanaged-devices=${UNMANAGED}" + + if ! grep -E '^\[keyfile\]' ${NETWORKMANAGER_CONF} > /dev/null 2>&1; then + echo -e "\n\n[keyfile]\n${UNMANAGED}" >> ${NETWORKMANAGER_CONF} + elif [[ $WAS_EMPTY -eq 1 ]]; then + sed -e "s/^\(\[keyfile\].*\)$/\1\n${UNMANAGED}/" -i ${NETWORKMANAGER_CONF} + else + sed -e "s/^unmanaged-devices=.*/${UNMANAGED}/" -i ${NETWORKMANAGER_CONF} + fi + + ADDED_UNMANAGED="${ADDED_UNMANAGED} ${1} " + mutex_unlock + + local nm_pid=$(pidof NetworkManager) + [[ -n "$nm_pid" ]] && kill -HUP $nm_pid + + return 0 +} + +networkmanager_rm_unmanaged() { + local MAC UNMANAGED + networkmanager_exists || return 1 + [[ ! -f ${NETWORKMANAGER_CONF} ]] && return 1 + + if [[ $NM_OLDER_VERSION -eq 1 ]]; then + if [[ -z "$2" ]]; then + MAC=$(get_macaddr "$1") + else + MAC="$2" + fi + [[ -z "$MAC" ]] && return 1 + fi + + mutex_lock + UNMANAGED=$(grep -m1 -Eo '^unmanaged-devices=[[:alnum:]:;,-]*' /etc/NetworkManager/NetworkManager.conf | sed 's/unmanaged-devices=//' | tr ';,' ' ') + + if [[ -z "$UNMANAGED" ]]; then + mutex_unlock + return 1 + fi + + [[ -n "$MAC" ]] && UNMANAGED=$(echo $UNMANAGED | sed -e "s/mac:${MAC}\( \|$\)//g") + UNMANAGED=$(echo $UNMANAGED | sed -e "s/interface-name:${1}\( \|$\)//g") + UNMANAGED=$(echo $UNMANAGED | sed -e 's/ $//') + + if [[ -z "$UNMANAGED" ]]; then + sed -e "/^unmanaged-devices=.*/d" -i ${NETWORKMANAGER_CONF} + else + UNMANAGED="${UNMANAGED// /;}" + UNMANAGED="unmanaged-devices=${UNMANAGED}" + sed -e "s/^unmanaged-devices=.*/${UNMANAGED}/" -i ${NETWORKMANAGER_CONF} + fi + + ADDED_UNMANAGED="${ADDED_UNMANAGED/ ${1} /}" + mutex_unlock + + local nm_pid=$(pidof NetworkManager) + [[ -n "$nm_pid" ]] && kill -HUP $nm_pid + + return 0 +} + +networkmanager_fix_unmanaged() { + [[ -f ${NETWORKMANAGER_CONF} ]] || return + + mutex_lock + sed -e "/^unmanaged-devices=.*/d" -i ${NETWORKMANAGER_CONF} + mutex_unlock + + local nm_pid=$(pidof NetworkManager) + [[ -n "$nm_pid" ]] && kill -HUP $nm_pid +} + +networkmanager_rm_unmanaged_if_needed() { + [[ $ADDED_UNMANAGED =~ .*\ ${1}\ .* ]] && networkmanager_rm_unmanaged $1 $2 +} + +networkmanager_wait_until_unmanaged() { + local RES + networkmanager_is_running || return 1 + while :; do + networkmanager_iface_is_unmanaged "$1" + RES=$? + [[ $RES -eq 0 ]] && break + [[ $RES -eq 2 ]] && die "Interface '${1}' does not exist. + It's probably renamed by a udev rule." + sleep 1 + done + sleep 2 + return 0 +} + + +CHANNEL=default +GATEWAY=192.168.12.1 +WPA_VERSION=1+2 +ETC_HOSTS=0 +ADDN_HOSTS= +DHCP_DNS=gateway +NO_DNS=0 +NO_DNSMASQ=0 +DNS_PORT= +HIDDEN=0 +MAC_FILTER=0 +MAC_FILTER_ACCEPT=/etc/hostapd/hostapd.accept +ISOLATE_CLIENTS=0 +SHARE_METHOD=nat +IEEE80211N=0 +IEEE80211AC=0 +HT_CAPAB='[HT40+]' +VHT_CAPAB= +DRIVER=nl80211 +NO_VIRT=0 +COUNTRY= +FREQ_BAND=2.4 +NEW_MACADDR= +DAEMONIZE=0 +NO_HAVEGED=0 +USE_PSK=0 + +HOSTAPD_DEBUG_ARGS= +REDIRECT_TO_LOCALHOST=0 + +CONFIG_OPTS=(CHANNEL GATEWAY WPA_VERSION ETC_HOSTS DHCP_DNS NO_DNS NO_DNSMASQ HIDDEN MAC_FILTER MAC_FILTER_ACCEPT ISOLATE_CLIENTS + SHARE_METHOD IEEE80211N IEEE80211AC HT_CAPAB VHT_CAPAB DRIVER NO_VIRT COUNTRY FREQ_BAND + NEW_MACADDR DAEMONIZE NO_HAVEGED WIFI_IFACE INTERNET_IFACE + SSID PASSPHRASE USE_PSK) + +FIX_UNMANAGED=0 +LIST_RUNNING=0 +STOP_ID= +LIST_CLIENTS_ID= + +STORE_CONFIG= +LOAD_CONFIG= + +CONFDIR= +WIFI_IFACE= +VWIFI_IFACE= +INTERNET_IFACE= +BRIDGE_IFACE= +OLD_MACADDR= +IP_ADDRS= +ROUTE_ADDRS= + +HAVEGED_WATCHDOG_PID= + +_cleanup() { + local PID x + + trap "" SIGINT SIGUSR1 SIGUSR2 EXIT + mutex_lock + disown -a + + # kill haveged_watchdog + [[ -n "$HAVEGED_WATCHDOG_PID" ]] && kill $HAVEGED_WATCHDOG_PID + + # kill processes + for x in $CONFDIR/*.pid; do + # even if the $CONFDIR is empty, the for loop will assign + # a value in $x. so we need to check if the value is a file + [[ -f $x ]] && kill -9 $(cat $x) + done + + rm -rf $CONFDIR + + local found=0 + for x in $(list_running_conf); do + if [[ -f $x/nat_internet_iface && $(cat $x/nat_internet_iface) == $INTERNET_IFACE ]]; then + found=1 + break + fi + done + + if [[ $found -eq 0 ]]; then + cp -f $COMMON_CONFDIR/${INTERNET_IFACE}_forwarding \ + /proc/sys/net/ipv4/conf/$INTERNET_IFACE/forwarding + rm -f $COMMON_CONFDIR/${INTERNET_IFACE}_forwarding + fi + + # if we are the last create_ap instance then set back the common values + if ! has_running_instance; then + # kill common processes + for x in $COMMON_CONFDIR/*.pid; do + [[ -f $x ]] && kill -9 $(cat $x) + done + + # set old ip_forward + if [[ -f $COMMON_CONFDIR/ip_forward ]]; then + cp -f $COMMON_CONFDIR/ip_forward /proc/sys/net/ipv4 + rm -f $COMMON_CONFDIR/ip_forward + fi + + # set old bridge-nf-call-iptables + if [[ -f $COMMON_CONFDIR/bridge-nf-call-iptables ]]; then + if [[ -e /proc/sys/net/bridge/bridge-nf-call-iptables ]]; then + cp -f $COMMON_CONFDIR/bridge-nf-call-iptables /proc/sys/net/bridge + fi + rm -f $COMMON_CONFDIR/bridge-nf-call-iptables + fi + + rm -rf $COMMON_CONFDIR + fi + + if [[ "$SHARE_METHOD" != "none" ]]; then + if [[ "$SHARE_METHOD" == "nat" ]]; then + iptables -w -t nat -D POSTROUTING -s ${GATEWAY%.*}.0/24 ! -o ${WIFI_IFACE} -j MASQUERADE + iptables -w -D FORWARD -i ${WIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT + iptables -w -D FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT + elif [[ "$SHARE_METHOD" == "bridge" ]]; then + if ! is_bridge_interface $INTERNET_IFACE; then + ip link set dev $BRIDGE_IFACE down + ip link set dev $INTERNET_IFACE down + ip link set dev $INTERNET_IFACE promisc off + ip link set dev $INTERNET_IFACE nomaster + ip link delete $BRIDGE_IFACE type bridge + ip addr flush $INTERNET_IFACE + ip link set dev $INTERNET_IFACE up + dealloc_iface $BRIDGE_IFACE + + for x in "${IP_ADDRS[@]}"; do + x="${x/inet/}" + x="${x/secondary/}" + x="${x/dynamic/}" + x=$(echo $x | sed 's/\([0-9]\)sec/\1/g') + x="${x/${INTERNET_IFACE}/}" + ip addr add $x dev $INTERNET_IFACE + done + + ip route flush dev $INTERNET_IFACE + + for x in "${ROUTE_ADDRS[@]}"; do + [[ -z "$x" ]] && continue + [[ "$x" == default* ]] && continue + ip route add $x dev $INTERNET_IFACE + done + + for x in "${ROUTE_ADDRS[@]}"; do + [[ -z "$x" ]] && continue + [[ "$x" != default* ]] && continue + ip route add $x dev $INTERNET_IFACE + done + + networkmanager_rm_unmanaged_if_needed $INTERNET_IFACE + fi + fi + fi + + if [[ "$SHARE_METHOD" != "bridge" ]]; then + if [[ $NO_DNS -eq 0 ]]; then + iptables -w -D INPUT -p tcp -m tcp --dport $DNS_PORT -j ACCEPT + iptables -w -D INPUT -p udp -m udp --dport $DNS_PORT -j ACCEPT + iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ + -p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT + iptables -w -t nat -D PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ + -p udp -m udp --dport 53 -j REDIRECT --to-ports $DNS_PORT + fi + iptables -w -D INPUT -p udp -m udp --dport 67 -j ACCEPT + fi + + if [[ $NO_VIRT -eq 0 ]]; then + if [[ -n "$VWIFI_IFACE" ]]; then + ip link set down dev ${VWIFI_IFACE} + ip addr flush ${VWIFI_IFACE} + networkmanager_rm_unmanaged_if_needed ${VWIFI_IFACE} ${OLD_MACADDR} + iw dev ${VWIFI_IFACE} del + dealloc_iface $VWIFI_IFACE + fi + else + ip link set down dev ${WIFI_IFACE} + ip addr flush ${WIFI_IFACE} + if [[ -n "$NEW_MACADDR" ]]; then + ip link set dev ${WIFI_IFACE} address ${OLD_MACADDR} + fi + networkmanager_rm_unmanaged_if_needed ${WIFI_IFACE} ${OLD_MACADDR} + fi + + mutex_unlock + cleanup_lock +} + +cleanup() { + echo + echo -n "Doing cleanup.. " + _cleanup > /dev/null 2>&1 + echo "done" +} + +die() { + [[ -n "$1" ]] && echo -e "\nERROR: $1\n" >&2 + # send die signal to the main process + [[ $BASHPID -ne $$ ]] && kill -USR2 $$ + # we don't need to call cleanup because it's traped on EXIT + exit 1 +} + +clean_exit() { + # send clean_exit signal to the main process + [[ $BASHPID -ne $$ ]] && kill -USR1 $$ + # we don't need to call cleanup because it's traped on EXIT + exit 0 +} + +list_running_conf() { + local x + mutex_lock + for x in /tmp/create_ap.*; do + if [[ -f $x/pid && -f $x/wifi_iface && -d /proc/$(cat $x/pid) ]]; then + echo $x + fi + done + mutex_unlock +} + +list_running() { + local IFACE wifi_iface x + mutex_lock + for x in $(list_running_conf); do + IFACE=${x#*.} + IFACE=${IFACE%%.*} + wifi_iface=$(cat $x/wifi_iface) + + if [[ $IFACE == $wifi_iface ]]; then + echo $(cat $x/pid) $IFACE + else + echo $(cat $x/pid) $IFACE '('$(cat $x/wifi_iface)')' + fi + done + mutex_unlock +} + +get_wifi_iface_from_pid() { + list_running | awk '{print $1 " " $NF}' | tr -d '\(\)' | grep -E "^${1} " | cut -d' ' -f2 +} + +get_pid_from_wifi_iface() { + list_running | awk '{print $1 " " $NF}' | tr -d '\(\)' | grep -E " ${1}$" | cut -d' ' -f1 +} + +get_confdir_from_pid() { + local IFACE x + mutex_lock + for x in $(list_running_conf); do + if [[ $(cat $x/pid) == "$1" ]]; then + echo $x + break + fi + done + mutex_unlock +} + +print_client() { + local line ipaddr hostname + local mac="$1" + + if [[ -f $CONFDIR/dnsmasq.leases ]]; then + line=$(grep " $mac " $CONFDIR/dnsmasq.leases | tail -n 1) + ipaddr=$(echo $line | cut -d' ' -f3) + hostname=$(echo $line | cut -d' ' -f4) + fi + + [[ -z "$ipaddr" ]] && ipaddr="*" + [[ -z "$hostname" ]] && hostname="*" + + printf "%-20s %-18s %s\n" "$mac" "$ipaddr" "$hostname" +} + +list_clients() { + local wifi_iface pid + + # If PID is given, get the associated wifi iface + if [[ "$1" =~ ^[1-9][0-9]*$ ]]; then + pid="$1" + wifi_iface=$(get_wifi_iface_from_pid "$pid") + [[ -z "$wifi_iface" ]] && die "'$pid' is not the pid of a running $PROGNAME instance." + fi + + [[ -z "$wifi_iface" ]] && wifi_iface="$1" + is_wifi_interface "$wifi_iface" || die "'$wifi_iface' is not a WiFi interface." + + [[ -z "$pid" ]] && pid=$(get_pid_from_wifi_iface "$wifi_iface") + [[ -z "$pid" ]] && die "'$wifi_iface' is not used from $PROGNAME instance.\n\ + Maybe you need to pass the virtual interface instead.\n\ + Use --list-running to find it out." + [[ -z "$CONFDIR" ]] && CONFDIR=$(get_confdir_from_pid "$pid") + + if [[ $USE_IWCONFIG -eq 0 ]]; then + local awk_cmd='($1 ~ /Station$/) {print $2}' + local client_list=$(iw dev "$wifi_iface" station dump | awk "$awk_cmd") + + if [[ -z "$client_list" ]]; then + echo "No clients connected" + return + fi + + printf "%-20s %-18s %s\n" "MAC" "IP" "Hostname" + + local mac + for mac in $client_list; do + print_client $mac + done + else + die "This option is not supported for the current driver." + fi +} + +has_running_instance() { + local PID x + + mutex_lock + for x in /tmp/create_ap.*; do + if [[ -f $x/pid ]]; then + PID=$(cat $x/pid) + if [[ -d /proc/$PID ]]; then + mutex_unlock + return 0 + fi + fi + done + mutex_lock + + return 1 +} + +is_running_pid() { + list_running | grep -E "^${1} " > /dev/null 2>&1 +} + +send_stop() { + local x + + mutex_lock + # send stop signal to specific pid + if is_running_pid $1; then + kill -USR1 $1 + mutex_unlock + return + fi + + # send stop signal to specific interface + for x in $(list_running | grep -E " \(?${1}( |\)?\$)" | cut -f1 -d' '); do + kill -USR1 $x + done + mutex_unlock +} + +# Storing configs +write_config() { + local i=1 + + if ! eval 'echo -n > "$STORE_CONFIG"' > /dev/null 2>&1; then + echo "ERROR: Unable to create config file $STORE_CONFIG" >&2 + exit 1 + fi + + WIFI_IFACE=$1 + if [[ "$SHARE_METHOD" == "none" ]]; then + SSID="$2" + PASSPHRASE="$3" + else + INTERNET_IFACE="$2" + SSID="$3" + PASSPHRASE="$4" + fi + + for config_opt in "${CONFIG_OPTS[@]}"; do + eval echo $config_opt=\$$config_opt + done >> "$STORE_CONFIG" + + echo -e "Config options written to '$STORE_CONFIG'" + exit 0 +} + +is_config_opt() { + local elem opt="$1" + + for elem in "${CONFIG_OPTS[@]}"; do + if [[ "$elem" == "$opt" ]]; then + return 0 + fi + done + return 1 +} + +# Load options from config file +read_config() { + local opt_name opt_val line + + while read line; do + # Read switches and their values + opt_name="${line%%=*}" + opt_val="${line#*=}" + if is_config_opt "$opt_name" ; then + eval $opt_name="\$opt_val" + else + echo "WARN: Unrecognized configuration entry $opt_name" >&2 + fi + done < "$LOAD_CONFIG" +} + + +ARGS=( "$@" ) + +# Preprocessing for --config before option-parsing starts +for ((i=0; i<$#; i++)); do + if [[ "${ARGS[i]}" = "--config" ]]; then + if [[ -f "${ARGS[i+1]}" ]]; then + LOAD_CONFIG="${ARGS[i+1]}" + read_config + else + echo "ERROR: No config file found at given location" >&2 + exit 1 + fi + break + fi +done + +GETOPT_ARGS=$(getopt -o hc:w:g:de:nm: -l "help","hidden","hostapd-debug:","redirect-to-localhost","mac-filter","mac-filter-accept:","isolate-clients","ieee80211n","ieee80211ac","ht_capab:","vht_capab:","driver:","no-virt","fix-unmanaged","country:","freq-band:","mac:","dhcp-dns:","daemon","stop:","list","list-running","list-clients:","version","psk","no-haveged","no-dns","no-dnsmasq","mkconfig:","config:" -n "$PROGNAME" -- "$@") +[[ $? -ne 0 ]] && exit 1 +eval set -- "$GETOPT_ARGS" + +while :; do + case "$1" in + -h|--help) + usage + exit 0 + ;; + --version) + echo $VERSION + exit 0 + ;; + --hidden) + shift + HIDDEN=1 + ;; + --mac-filter) + shift + MAC_FILTER=1 + ;; + --mac-filter-accept) + shift + MAC_FILTER_ACCEPT="$1" + shift + ;; + --isolate-clients) + shift + ISOLATE_CLIENTS=1 + ;; + -c) + shift + CHANNEL="$1" + shift + ;; + -w) + shift + WPA_VERSION="$1" + [[ "$WPA_VERSION" == "2+1" ]] && WPA_VERSION=1+2 + shift + ;; + -g) + shift + GATEWAY="$1" + shift + ;; + -d) + shift + ETC_HOSTS=1 + ;; + -e) + shift + ADDN_HOSTS="$1" + shift + ;; + -n) + shift + SHARE_METHOD=none + ;; + -m) + shift + SHARE_METHOD="$1" + shift + ;; + --ieee80211n) + shift + IEEE80211N=1 + ;; + --ieee80211ac) + shift + IEEE80211AC=1 + ;; + --ht_capab) + shift + HT_CAPAB="$1" + shift + ;; + --vht_capab) + shift + VHT_CAPAB="$1" + shift + ;; + --driver) + shift + DRIVER="$1" + shift + ;; + --no-virt) + shift + NO_VIRT=1 + ;; + --fix-unmanaged) + shift + FIX_UNMANAGED=1 + ;; + --country) + shift + COUNTRY="$1" + shift + ;; + --freq-band) + shift + FREQ_BAND="$1" + shift + ;; + --mac) + shift + NEW_MACADDR="$1" + shift + ;; + --dhcp-dns) + shift + DHCP_DNS="$1" + shift + ;; + --daemon) + shift + DAEMONIZE=1 + ;; + --stop) + shift + STOP_ID="$1" + shift + ;; + --list) + shift + LIST_RUNNING=1 + echo -e "WARN: --list is deprecated, use --list-running instead.\n" >&2 + ;; + --list-running) + shift + LIST_RUNNING=1 + ;; + --list-clients) + shift + LIST_CLIENTS_ID="$1" + shift + ;; + --no-haveged) + shift + NO_HAVEGED=1 + ;; + --psk) + shift + USE_PSK=1 + ;; + --no-dns) + shift + NO_DNS=1 + ;; + --no-dnsmasq) + shift + NO_DNSMASQ=1 + ;; + --redirect-to-localhost) + shift + REDIRECT_TO_LOCALHOST=1 + ;; + --hostapd-debug) + shift + if [ "x$1" = "x1" ]; then + HOSTAPD_DEBUG_ARGS="-d" + elif [ "x$1" = "x2" ]; then + HOSTAPD_DEBUG_ARGS="-dd" + else + printf "Error: argument for --hostapd-debug expected 1 or 2, got %s\n" "$1" + exit 1 + fi + shift + ;; + --mkconfig) + shift + STORE_CONFIG="$1" + shift + ;; + --config) + shift + shift + ;; + --) + shift + break + ;; + esac +done + +# Load positional args from config file, if needed +if [[ -n "$LOAD_CONFIG" && $# -eq 0 ]]; then + i=0 + # set arguments in order + for x in WIFI_IFACE INTERNET_IFACE SSID PASSPHRASE; do + if eval "[[ -n \"\$${x}\" ]]"; then + eval "set -- \"\${@:1:$i}\" \"\$${x}\"" + ((i++)) + fi + # we unset the variable to avoid any problems later + eval "unset $x" + done +fi + +# Check if required number of positional args are present +if [[ $# -lt 1 && $FIX_UNMANAGED -eq 0 && -z "$STOP_ID" && + $LIST_RUNNING -eq 0 && -z "$LIST_CLIENTS_ID" ]]; then + usage >&2 + exit 1 +fi + +# Set NO_DNS, if dnsmasq is disabled +if [[ $NO_DNSMASQ -eq 1 ]]; then + NO_DNS=1 +fi + +trap "cleanup_lock" EXIT + +if ! init_lock; then + echo "ERROR: Failed to initialize lock" >&2 + exit 1 +fi + +# if the user press ctrl+c or we get USR1 signal +# then run clean_exit() +trap "clean_exit" SIGINT SIGUSR1 +# if we get USR2 signal then run die(). +trap "die" SIGUSR2 + +[[ -n "$STORE_CONFIG" ]] && write_config "$@" + +if [[ $LIST_RUNNING -eq 1 ]]; then + echo -e "List of running $PROGNAME instances:\n" + list_running + exit 0 +fi + +if [[ -n "$LIST_CLIENTS_ID" ]]; then + list_clients "$LIST_CLIENTS_ID" + exit 0 +fi + +if [[ $(id -u) -ne 0 ]]; then + echo "You must run it as root." >&2 + exit 1 +fi + +if [[ -n "$STOP_ID" ]]; then + echo "Trying to kill $PROGNAME instance associated with $STOP_ID..." + send_stop "$STOP_ID" + exit 0 +fi + +if [[ $FIX_UNMANAGED -eq 1 ]]; then + echo "Trying to fix unmanaged status in NetworkManager..." + networkmanager_fix_unmanaged + exit 0 +fi + +if [[ $DAEMONIZE -eq 1 && $RUNNING_AS_DAEMON -eq 0 ]]; then + echo "Running as Daemon..." + # run a detached create_ap + RUNNING_AS_DAEMON=1 setsid "$0" "${ARGS[@]}" & + exit 0 +fi + +if [[ $FREQ_BAND != 2.4 && $FREQ_BAND != 5 ]]; then + echo "ERROR: Invalid frequency band" >&2 + exit 1 +fi + +if [[ $CHANNEL == default ]]; then + if [[ $FREQ_BAND == 2.4 ]]; then + CHANNEL=1 + else + CHANNEL=36 + fi +fi + +if [[ $FREQ_BAND != 5 && $CHANNEL -gt 14 ]]; then + echo "Channel number is greater than 14, assuming 5GHz frequency band" + FREQ_BAND=5 +fi + +WIFI_IFACE=$1 + +if ! is_wifi_interface ${WIFI_IFACE}; then + echo "ERROR: '${WIFI_IFACE}' is not a WiFi interface" >&2 + exit 1 +fi + +if ! can_be_ap ${WIFI_IFACE}; then + echo "ERROR: Your adapter does not support AP (master) mode" >&2 + exit 1 +fi + +if ! can_be_sta_and_ap ${WIFI_IFACE}; then + if is_wifi_connected ${WIFI_IFACE}; then + echo "ERROR: Your adapter can not be a station (i.e. be connected) and an AP at the same time" >&2 + exit 1 + elif [[ $NO_VIRT -eq 0 ]]; then + echo "WARN: Your adapter does not fully support AP virtual interface, enabling --no-virt" >&2 + NO_VIRT=1 + fi +fi + +HOSTAPD=$(which hostapd) + +if [[ ! -x "$HOSTAPD" ]]; then + echo "ERROR: hostapd not found." >&2 + exit 1 +fi + +if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^(8192[cd][ue]|8723a[sue])$ ]]; then + if ! strings "$HOSTAPD" | grep -m1 rtl871xdrv > /dev/null 2>&1; then + echo "ERROR: You need to patch your hostapd with rtl871xdrv patches." >&2 + exit 1 + fi + + if [[ $DRIVER != "rtl871xdrv" ]]; then + echo "WARN: Your adapter needs rtl871xdrv, enabling --driver=rtl871xdrv" >&2 + DRIVER=rtl871xdrv + fi +fi + +if [[ "$SHARE_METHOD" != "nat" && "$SHARE_METHOD" != "bridge" && "$SHARE_METHOD" != "none" ]]; then + echo "ERROR: Wrong Internet sharing method" >&2 + echo + usage >&2 + exit 1 +fi + +if [[ -n "$NEW_MACADDR" ]]; then + if ! is_macaddr "$NEW_MACADDR"; then + echo "ERROR: '${NEW_MACADDR}' is not a valid MAC address" >&2 + exit 1 + fi + + if ! is_unicast_macaddr "$NEW_MACADDR"; then + echo "ERROR: The first byte of MAC address (${NEW_MACADDR}) must be even" >&2 + exit 1 + fi + + if [[ $(get_all_macaddrs | grep -c ${NEW_MACADDR}) -ne 0 ]]; then + echo "WARN: MAC address '${NEW_MACADDR}' already exists. Because of this, you may encounter some problems" >&2 + fi +fi + +if [[ "$SHARE_METHOD" != "none" ]]; then + MIN_REQUIRED_ARGS=2 +else + MIN_REQUIRED_ARGS=1 +fi + +if [[ $# -gt $MIN_REQUIRED_ARGS ]]; then + if [[ "$SHARE_METHOD" != "none" ]]; then + if [[ $# -ne 3 && $# -ne 4 ]]; then + usage >&2 + exit 1 + fi + INTERNET_IFACE="$2" + SSID="$3" + PASSPHRASE="$4" + else + if [[ $# -ne 2 && $# -ne 3 ]]; then + usage >&2 + exit 1 + fi + SSID="$2" + PASSPHRASE="$3" + fi +else + if [[ "$SHARE_METHOD" != "none" ]]; then + if [[ $# -ne 2 ]]; then + usage >&2 + exit 1 + fi + INTERNET_IFACE="$2" + fi + if tty -s; then + while :; do + read -p "SSID: " SSID + if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then + echo "ERROR: Invalid SSID length ${#SSID} (expected 1..32)" >&2 + continue + fi + break + done + while :; do + if [[ $USE_PSK -eq 0 ]]; then + read -p "Passphrase: " -s PASSPHRASE + echo + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then + echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 + continue + fi + read -p "Retype passphrase: " -s PASSPHRASE2 + echo + if [[ "$PASSPHRASE" != "$PASSPHRASE2" ]]; then + echo "Passphrases do not match." + else + break + fi + else + read -p "PSK: " PASSPHRASE + echo + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then + echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 + continue + fi + fi + done + else + read SSID + read PASSPHRASE + fi +fi + +if [[ "$SHARE_METHOD" != "none" ]] && ! is_interface $INTERNET_IFACE; then + echo "ERROR: '${INTERNET_IFACE}' is not an interface" >&2 + exit 1 +fi + +if [[ ${#SSID} -lt 1 || ${#SSID} -gt 32 ]]; then + echo "ERROR: Invalid SSID length ${#SSID} (expected 1..32)" >&2 + exit 1 +fi + +if [[ $USE_PSK -eq 0 ]]; then + if [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -lt 8 ]] || [[ ${#PASSPHRASE} -gt 63 ]]; then + echo "ERROR: Invalid passphrase length ${#PASSPHRASE} (expected 8..63)" >&2 + exit 1 + fi +elif [[ ${#PASSPHRASE} -gt 0 && ${#PASSPHRASE} -ne 64 ]]; then + echo "ERROR: Invalid pre-shared-key length ${#PASSPHRASE} (expected 64)" >&2 + exit 1 +fi + +if [[ $(get_adapter_kernel_module ${WIFI_IFACE}) =~ ^rtl[0-9].*$ ]]; then + if [[ -n "$PASSPHRASE" ]]; then + echo "WARN: Realtek drivers usually have problems with WPA1, enabling -w 2" >&2 + WPA_VERSION=2 + fi + echo "WARN: If AP doesn't work, please read: howto/realtek.md" >&2 +fi + +if [[ $NO_VIRT -eq 1 && "$WIFI_IFACE" == "$INTERNET_IFACE" ]]; then + echo -n "ERROR: You can not share your connection from the same" >&2 + echo " interface if you are using --no-virt option." >&2 + exit 1 +fi + +mutex_lock +trap "cleanup" EXIT +CONFDIR=$(mktemp -d /tmp/create_ap.${WIFI_IFACE}.conf.XXXXXXXX) +echo "Config dir: $CONFDIR" +echo "PID: $$" +echo $$ > $CONFDIR/pid + +# to make --list-running work from any user, we must give read +# permissions to $CONFDIR and $CONFDIR/pid +chmod 755 $CONFDIR +chmod 444 $CONFDIR/pid + +COMMON_CONFDIR=/tmp/create_ap.common.conf +mkdir -p $COMMON_CONFDIR + +if [[ "$SHARE_METHOD" == "nat" ]]; then + echo $INTERNET_IFACE > $CONFDIR/nat_internet_iface + cp -n /proc/sys/net/ipv4/conf/$INTERNET_IFACE/forwarding \ + $COMMON_CONFDIR/${INTERNET_IFACE}_forwarding +fi +cp -n /proc/sys/net/ipv4/ip_forward $COMMON_CONFDIR +if [[ -e /proc/sys/net/bridge/bridge-nf-call-iptables ]]; then + cp -n /proc/sys/net/bridge/bridge-nf-call-iptables $COMMON_CONFDIR +fi +mutex_unlock + +if [[ "$SHARE_METHOD" == "bridge" ]]; then + if is_bridge_interface $INTERNET_IFACE; then + BRIDGE_IFACE=$INTERNET_IFACE + else + BRIDGE_IFACE=$(alloc_new_iface br) + fi +fi + +if [[ $USE_IWCONFIG -eq 0 ]]; then + iw dev ${WIFI_IFACE} set power_save off +fi + +if [[ $NO_VIRT -eq 0 ]]; then + VWIFI_IFACE=$(alloc_new_iface ap) + + # in NetworkManager 0.9.9 and above we can set the interface as unmanaged without + # the need of MAC address, so we set it before we create the virtual interface. + if networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]]; then + echo -n "Network Manager found, set ${VWIFI_IFACE} as unmanaged device... " + networkmanager_add_unmanaged ${VWIFI_IFACE} + # do not call networkmanager_wait_until_unmanaged because interface does not + # exist yet + echo "DONE" + fi + + if is_wifi_connected ${WIFI_IFACE}; then + WIFI_IFACE_FREQ=$(iw dev ${WIFI_IFACE} link | grep -i freq | awk '{print $2}') + WIFI_IFACE_CHANNEL=$(ieee80211_frequency_to_channel ${WIFI_IFACE_FREQ}) + echo -n "${WIFI_IFACE} is already associated with channel ${WIFI_IFACE_CHANNEL} (${WIFI_IFACE_FREQ} MHz)" + if is_5ghz_frequency $WIFI_IFACE_FREQ; then + FREQ_BAND=5 + else + FREQ_BAND=2.4 + fi + if [[ $WIFI_IFACE_CHANNEL -ne $CHANNEL ]]; then + echo ", fallback to channel ${WIFI_IFACE_CHANNEL}" + CHANNEL=$WIFI_IFACE_CHANNEL + else + echo + fi + fi + + VIRTDIEMSG="Maybe your WiFi adapter does not fully support virtual interfaces. + Try again with --no-virt." + echo -n "Creating a virtual WiFi interface... " + + if iw dev ${WIFI_IFACE} interface add ${VWIFI_IFACE} type __ap; then + # now we can call networkmanager_wait_until_unmanaged + networkmanager_is_running && [[ $NM_OLDER_VERSION -eq 0 ]] && networkmanager_wait_until_unmanaged ${VWIFI_IFACE} + echo "${VWIFI_IFACE} created." + else + VWIFI_IFACE= + die "$VIRTDIEMSG" + fi + OLD_MACADDR=$(get_macaddr ${VWIFI_IFACE}) + if [[ -z "$NEW_MACADDR" && $(get_all_macaddrs | grep -c ${OLD_MACADDR}) -ne 1 ]]; then + NEW_MACADDR=$(get_new_macaddr ${VWIFI_IFACE}) + fi + WIFI_IFACE=${VWIFI_IFACE} +else + OLD_MACADDR=$(get_macaddr ${WIFI_IFACE}) +fi + +mutex_lock +echo $WIFI_IFACE > $CONFDIR/wifi_iface +chmod 444 $CONFDIR/wifi_iface +mutex_unlock + +if [[ -n "$COUNTRY" && $USE_IWCONFIG -eq 0 ]]; then + iw reg set "$COUNTRY" +fi + +can_transmit_to_channel ${WIFI_IFACE} ${CHANNEL} || die "Your adapter can not transmit to channel ${CHANNEL}, frequency band ${FREQ_BAND}GHz." + +if networkmanager_exists && ! networkmanager_iface_is_unmanaged ${WIFI_IFACE}; then + echo -n "Network Manager found, set ${WIFI_IFACE} as unmanaged device... " + networkmanager_add_unmanaged ${WIFI_IFACE} + + if networkmanager_is_running; then + networkmanager_wait_until_unmanaged ${WIFI_IFACE} + fi + + echo "DONE" +fi + +[[ $HIDDEN -eq 1 ]] && echo "Access Point's SSID is hidden!" + +[[ $MAC_FILTER -eq 1 ]] && echo "MAC address filtering is enabled!" + +[[ $ISOLATE_CLIENTS -eq 1 ]] && echo "Access Point's clients will be isolated!" + +# hostapd config +cat << EOF > $CONFDIR/hostapd.conf +beacon_int=100 +ssid=${SSID} +interface=${WIFI_IFACE} +driver=${DRIVER} +channel=${CHANNEL} +ctrl_interface=$CONFDIR/hostapd_ctrl +ctrl_interface_group=0 +ignore_broadcast_ssid=$HIDDEN +ap_isolate=$ISOLATE_CLIENTS +EOF + +if [[ -n "$COUNTRY" ]]; then + cat << EOF >> $CONFDIR/hostapd.conf +country_code=${COUNTRY} +ieee80211d=1 +EOF +fi + +if [[ $FREQ_BAND == 2.4 ]]; then + echo "hw_mode=g" >> $CONFDIR/hostapd.conf +else + echo "hw_mode=a" >> $CONFDIR/hostapd.conf +fi + +if [[ $MAC_FILTER -eq 1 ]]; then + cat << EOF >> $CONFDIR/hostapd.conf +macaddr_acl=${MAC_FILTER} +accept_mac_file=${MAC_FILTER_ACCEPT} +EOF +fi + +if [[ $IEEE80211N -eq 1 ]]; then + cat << EOF >> $CONFDIR/hostapd.conf +ieee80211n=1 +ht_capab=${HT_CAPAB} +EOF +fi + +if [[ $IEEE80211AC -eq 1 ]]; then + echo "ieee80211ac=1" >> $CONFDIR/hostapd.conf +fi + +if [[ -n "$VHT_CAPAB" ]]; then + echo "vht_capab=${VHT_CAPAB}" >> $CONFDIR/hostapd.conf +fi + +if [[ $IEEE80211N -eq 1 ]] || [[ $IEEE80211AC -eq 1 ]]; then + echo "wmm_enabled=1" >> $CONFDIR/hostapd.conf +fi + +if [[ -n "$PASSPHRASE" ]]; then + [[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3 + if [[ $USE_PSK -eq 0 ]]; then + WPA_KEY_TYPE=passphrase + else + WPA_KEY_TYPE=psk + fi + cat << EOF >> $CONFDIR/hostapd.conf +wpa=${WPA_VERSION} +wpa_${WPA_KEY_TYPE}=${PASSPHRASE} +wpa_key_mgmt=WPA-PSK +wpa_pairwise=TKIP CCMP +rsn_pairwise=CCMP +EOF +fi + +if [[ "$SHARE_METHOD" == "bridge" ]]; then + echo "bridge=${BRIDGE_IFACE}" >> $CONFDIR/hostapd.conf +elif [[ $NO_DNSMASQ -eq 0 ]]; then + # dnsmasq config (dhcp + dns) + DNSMASQ_VER=$(dnsmasq -v | grep -m1 -oE '[0-9]+(\.[0-9]+)*\.[0-9]+') + version_cmp $DNSMASQ_VER 2.63 + if [[ $? -eq 1 ]]; then + DNSMASQ_BIND=bind-interfaces + else + DNSMASQ_BIND=bind-dynamic + fi + if [[ "$DHCP_DNS" == "gateway" ]]; then + DHCP_DNS="$GATEWAY" + fi + cat << EOF > $CONFDIR/dnsmasq.conf +listen-address=${GATEWAY} +${DNSMASQ_BIND} +dhcp-range=${GATEWAY%.*}.1,${GATEWAY%.*}.254,255.255.255.0,24h +dhcp-option-force=option:router,${GATEWAY} +dhcp-option-force=option:dns-server,${DHCP_DNS} +EOF + MTU=$(get_mtu $INTERNET_IFACE) + [[ -n "$MTU" ]] && echo "dhcp-option-force=option:mtu,${MTU}" >> $CONFDIR/dnsmasq.conf + [[ $ETC_HOSTS -eq 0 ]] && echo no-hosts >> $CONFDIR/dnsmasq.conf + [[ -n "$ADDN_HOSTS" ]] && echo "addn-hosts=${ADDN_HOSTS}" >> $CONFDIR/dnsmasq.conf + if [[ "$SHARE_METHOD" == "none" && "$REDIRECT_TO_LOCALHOST" == "1" ]]; then + cat << EOF >> $CONFDIR/dnsmasq.conf +address=/#/$GATEWAY +EOF + fi +fi + +# initialize WiFi interface +if [[ $NO_VIRT -eq 0 && -n "$NEW_MACADDR" ]]; then + ip link set dev ${WIFI_IFACE} address ${NEW_MACADDR} || die "$VIRTDIEMSG" +fi + +ip link set down dev ${WIFI_IFACE} || die "$VIRTDIEMSG" +ip addr flush ${WIFI_IFACE} || die "$VIRTDIEMSG" + +if [[ $NO_VIRT -eq 1 && -n "$NEW_MACADDR" ]]; then + ip link set dev ${WIFI_IFACE} address ${NEW_MACADDR} || die +fi + +if [[ "$SHARE_METHOD" != "bridge" ]]; then + ip link set up dev ${WIFI_IFACE} || die "$VIRTDIEMSG" + ip addr add ${GATEWAY}/24 broadcast ${GATEWAY%.*}.255 dev ${WIFI_IFACE} || die "$VIRTDIEMSG" +fi + +# enable Internet sharing +if [[ "$SHARE_METHOD" != "none" ]]; then + echo "Sharing Internet using method: $SHARE_METHOD" + if [[ "$SHARE_METHOD" == "nat" ]]; then + iptables -w -t nat -I POSTROUTING -s ${GATEWAY%.*}.0/24 ! -o ${WIFI_IFACE} -j MASQUERADE || die + iptables -w -I FORWARD -i ${WIFI_IFACE} -s ${GATEWAY%.*}.0/24 -j ACCEPT || die + iptables -w -I FORWARD -i ${INTERNET_IFACE} -d ${GATEWAY%.*}.0/24 -j ACCEPT || die + echo 1 > /proc/sys/net/ipv4/conf/$INTERNET_IFACE/forwarding || die + echo 1 > /proc/sys/net/ipv4/ip_forward || die + # to enable clients to establish PPTP connections we must + # load nf_nat_pptp module + modprobe nf_nat_pptp > /dev/null 2>&1 + elif [[ "$SHARE_METHOD" == "bridge" ]]; then + # disable iptables rules for bridged interfaces + if [[ -e /proc/sys/net/bridge/bridge-nf-call-iptables ]]; then + echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables + fi + + # to initialize the bridge interface correctly we need to do the following: + # + # 1) save the IPs and route table of INTERNET_IFACE + # 2) if NetworkManager is running set INTERNET_IFACE as unmanaged + # 3) create BRIDGE_IFACE and attach INTERNET_IFACE to it + # 4) set the previously saved IPs and route table to BRIDGE_IFACE + # + # we need the above because BRIDGE_IFACE is the master interface from now on + # and it must know where is connected, otherwise connection is lost. + if ! is_bridge_interface $INTERNET_IFACE; then + echo -n "Create a bridge interface... " + OLD_IFS="$IFS" + IFS=$'\n' + + IP_ADDRS=( $(ip addr show $INTERNET_IFACE | grep -A 1 -E 'inet[[:blank:]]' | paste - -) ) + ROUTE_ADDRS=( $(ip route show dev $INTERNET_IFACE) ) + + IFS="$OLD_IFS" + + if networkmanager_is_running; then + networkmanager_add_unmanaged $INTERNET_IFACE + networkmanager_wait_until_unmanaged $INTERNET_IFACE + fi + + # create bridge interface + ip link add name $BRIDGE_IFACE type bridge || die + ip link set dev $BRIDGE_IFACE up || die + # set 0ms forward delay + echo 0 > /sys/class/net/$BRIDGE_IFACE/bridge/forward_delay + + # attach internet interface to bridge interface + ip link set dev $INTERNET_IFACE promisc on || die + ip link set dev $INTERNET_IFACE up || die + ip link set dev $INTERNET_IFACE master $BRIDGE_IFACE || die + + ip addr flush $INTERNET_IFACE + for x in "${IP_ADDRS[@]}"; do + x="${x/inet/}" + x="${x/secondary/}" + x="${x/dynamic/}" + x=$(echo $x | sed 's/\([0-9]\)sec/\1/g') + x="${x/${INTERNET_IFACE}/}" + ip addr add $x dev $BRIDGE_IFACE || die + done + + # remove any existing entries that were added from 'ip addr add' + ip route flush dev $INTERNET_IFACE + ip route flush dev $BRIDGE_IFACE + + # we must first add the entries that specify the subnets and then the + # gateway entry, otherwise 'ip addr add' will return an error + for x in "${ROUTE_ADDRS[@]}"; do + [[ "$x" == default* ]] && continue + ip route add $x dev $BRIDGE_IFACE || die + done + + for x in "${ROUTE_ADDRS[@]}"; do + [[ "$x" != default* ]] && continue + ip route add $x dev $BRIDGE_IFACE || die + done + + echo "$BRIDGE_IFACE created." + fi + fi +else + echo "No Internet sharing" +fi + +# start dhcp + dns (optional) +if [[ "$SHARE_METHOD" != "bridge" ]]; then + if [[ $NO_DNS -eq 0 ]]; then + DNS_PORT=5353 + iptables -w -I INPUT -p tcp -m tcp --dport $DNS_PORT -j ACCEPT || die + iptables -w -I INPUT -p udp -m udp --dport $DNS_PORT -j ACCEPT || die + iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ + -p tcp -m tcp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die + iptables -w -t nat -I PREROUTING -s ${GATEWAY%.*}.0/24 -d ${GATEWAY} \ + -p udp -m udp --dport 53 -j REDIRECT --to-ports $DNS_PORT || die + else + DNS_PORT=0 + fi + + if [[ $NO_DNSMASQ -eq 0 ]]; then + iptables -w -I INPUT -p udp -m udp --dport 67 -j ACCEPT || die + + if which complain > /dev/null 2>&1; then + # openSUSE's apparmor does not allow dnsmasq to read files. + # remove restriction. + complain dnsmasq + fi + + umask 0033 + dnsmasq -C $CONFDIR/dnsmasq.conf -x $CONFDIR/dnsmasq.pid -l $CONFDIR/dnsmasq.leases -p $DNS_PORT || die + umask $SCRIPT_UMASK + fi +fi + +# start access point +echo "hostapd command-line interface: hostapd_cli -p $CONFDIR/hostapd_ctrl" + +if [[ $NO_HAVEGED -eq 0 ]]; then + haveged_watchdog & + HAVEGED_WATCHDOG_PID=$! +fi + +# start hostapd (use stdbuf when available for no delayed output in programs that redirect stdout) +STDBUF_PATH=`which stdbuf` +if [ $? -eq 0 ]; then + STDBUF_PATH=$STDBUF_PATH" -oL" +fi +$STDBUF_PATH $HOSTAPD $HOSTAPD_DEBUG_ARGS $CONFDIR/hostapd.conf & +HOSTAPD_PID=$! +echo $HOSTAPD_PID > $CONFDIR/hostapd.pid + +if ! wait $HOSTAPD_PID; then + echo -e "\nError: Failed to run hostapd, maybe a program is interfering." >&2 + if networkmanager_is_running; then + echo "If an error like 'n80211: Could not configure driver mode' was thrown" >&2 + echo "try running the following before starting create_ap:" >&2 + if [[ $NM_OLDER_VERSION -eq 1 ]]; then + echo " nmcli nm wifi off" >&2 + else + echo " nmcli r wifi off" >&2 + fi + echo " rfkill unblock wlan" >&2 + fi + die +fi + +clean_exit + +# Local Variables: +# tab-width: 4 +# indent-tabs-mode: nil +# End: + +# vim: et sts=4 sw=4 diff --git a/create_ap.conf b/create_ap.conf new file mode 100644 index 0000000..9f55f09 --- /dev/null +++ b/create_ap.conf @@ -0,0 +1,28 @@ +CHANNEL=default +GATEWAY=10.0.0.1 +WPA_VERSION=2 +ETC_HOSTS=0 +DHCP_DNS=gateway +NO_DNS=0 +NO_DNSMASQ=0 +HIDDEN=0 +MAC_FILTER=0 +MAC_FILTER_ACCEPT=/etc/hostapd/hostapd.accept +ISOLATE_CLIENTS=0 +SHARE_METHOD=nat +IEEE80211N=0 +IEEE80211AC=0 +HT_CAPAB=[HT40+] +VHT_CAPAB= +DRIVER=nl80211 +NO_VIRT=0 +COUNTRY= +FREQ_BAND=2.4 +NEW_MACADDR= +DAEMONIZE=0 +NO_HAVEGED=0 +WIFI_IFACE=wlan0 +INTERNET_IFACE=eth0 +SSID=MyAccessPoint +PASSPHRASE=12345678 +USE_PSK=0 diff --git a/create_ap.service b/create_ap.service new file mode 100644 index 0000000..4e8b74f --- /dev/null +++ b/create_ap.service @@ -0,0 +1,13 @@ +[Unit] +Description=Create AP Service +After=network.target + +[Service] +Type=simple +ExecStart=/usr/bin/create_ap --config /etc/create_ap.conf +KillSignal=SIGINT +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target diff --git a/howto/realtek.md b/howto/realtek.md new file mode 100644 index 0000000..266d818 --- /dev/null +++ b/howto/realtek.md @@ -0,0 +1,74 @@ +## Try this first + +If you are facing any problems with Realtek adapters (e.g. Edimax EW-7811Un) +first try to run create_ap with `-w 2` (i.e. use WPA2 only) or use it +without passphrase. If you are still facing any problems or you want to +also use WPA1, then follow the instructions below. + +NOTE: The instructions below are only valid for Realtek adapters with 8192 chipset. + +## Before installation + +If you're using ArchLinux, run: + +``` +pacman -S base-devel linux-headers dkms git +pacman -R hostapd +``` + +If you're using Debian, Ubuntu, or any Debian-based distribution, run: + +``` +apt-get install build-essential linux-headers-generic dkms git +apt-get remove hostapd +apt-get build-dep hostapd +``` + +## Install driver + +The driver in the mainline of Linux kernel doesn't work well with the 8192 adapters. +For this reason you need to install the driver that is provided from Realtek. Their +driver can not be compiled with newer kernels, but since it was an open-source +release under GPL license some people were able to fixed it and make it compile. + +With the following commands you can install a fixed version of Realtek's driver: + +``` +git clone https://github.com/pvaret/rtl8192cu-fixes.git +dkms add rtl8192cu-fixes +dkms install 8192cu/1.9 +cp rtl8192cu-fixes/blacklist-native-rtl8192.conf /etc/modprobe.d +cp rtl8192cu-fixes/8192cu-disable-power-management.conf /etc/modprobe.d +``` + +After installation, unload the previous driver and load the new one, or just reboot. + +## Install hostapd + +Realtek's driver is using an old subsystem which is called `wireless-extensions` +(or `wext`). Hostapd works only with the new subsystem (which is called `nl80211`). +For this reason Realtek wrote a patch for hostapd. You can install it with the +following commands: + +If you have ArchLinux install [hostapd-rtl871xdrv](https://aur.archlinux.org/packages/hostapd-rtl871xdrv) +from AUR or just run: + +``` +yaourt -S hostapd-rtl871xdrv +``` + +If you're using any other distribution, run: + +``` +git clone https://github.com/pritambaral/hostapd-rtl871xdrv.git +wget http://w1.fi/releases/hostapd-2.2.tar.gz +tar zxvf hostapd-2.2.tar.gz +cd hostapd-2.2 +patch -p1 -i ../hostapd-rtl871xdrv/rtlxdrv.patch +cp ../hostapd-rtl871xdrv/driver_* src/drivers +cd hostapd +cp defconfig .config +echo CONFIG_DRIVER_RTW=y >> .config +make +make install +```