Merge wifi6 branch

added support for aa-complian.

README.md

@@ -6,7 +6,6 @@ It wraps `iptables`, `dnsmasq` etc. stuff. Use in one command, restore in one co
 
 [Linux-Router News & Developer Notes 📰](https://github.com/garywill/linux-router/issues/28) | [More tools and projects 🛠️](https://garywill.github.io) | [🍻 Buy me a coffee ❤️](https://github.com/garywill/receiving/blob/master/receiving_methods.md)
 
-> [Read this readme in web doc reader](https://garywill.github.io/proj-doc/linux-router/) ( also available in 中文, Español, Русский язык ... )
 
 ## Features
 
@@ -26,6 +25,7 @@ Basic features:
 - Transparent proxy (redsocks)
 - Transparent DNS proxy (hijack port 53 packets)
 - Detect NetworkManager and make sure it won't interfere (handle interface (un)managed status)
+- Detect firewalld and make sure it won't interfere our (by using `trusted` zone)
 - You can run many instances, to create many different networks. Has instances managing feature.
 
 **For many other features, see below [CLI usage](#cli-usage-and-other-features)**
@@ -67,13 +67,13 @@ Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
 
 1-file-script. Release on [Linux-router repo on Github](https://github.com/garywill/linux-router). Just download and run the bash script (meet the dependencies). In this case use without installation.
 
-> I'm currently not packaging for any distro. If you do, open a PR and add the link (can be with a version badge) to list here:
+I'm currently not packaging for any distro. If you do, open a PR and add the link (can be with a version badge) to list here
 
 | Linux distro |                                                                                                            |
 | ------------ | ---------------------------------------------------------------------------------------------------------- |
 | Any          | download [1-file-script](https://raw.githubusercontent.com/garywill/linux-router/master/lnxrouter) and run without installation |
 
-## Dependencies
+### Dependencies
 
 - bash
 - procps or procps-ng
@@ -92,7 +92,7 @@ Internet----(eth0/wlan0)-Linux-(virtual interface)-----VM/container
 
 ### Provide Internet to an interface
 
-```
+```bash
 sudo lnxrouter -i eth1
 ```
 
@@ -100,7 +100,7 @@ no matter which interface (other than `eth1`) you're getting Internet from.
 
 ### Create WiFi hotspot
 
-```
+```bash
 sudo lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
 ```
 
@@ -112,16 +112,14 @@ Clients access Internet through only `isp5`
 
 <details>
 
-```
+```bash
 sudo lnxrouter -i eth1 -o isp5  --no-dns  --dhcp-dns 1.1.1.1  -6 --dhcp-dns6 [2606:4700:4700::1111]
 ```
 
 > In this case of usage, it's recommended to:
 > 
 > 1. Stop serving local DNS
-> 2. Tell clients which DNS to use ISP5's DNS. (Or, a safe public DNS, like above example)
+> 2. Tell clients which DNS to use (ISP5's DNS. Or, a safe public DNS, like above example)
-
-> Also, read *Notice 1*
 
 </details>
 
@@ -129,12 +127,13 @@ sudo lnxrouter -i eth1 -o isp5  --no-dns  --dhcp-dns 1.1.1.1  -6 --dhcp-dns6 [26
 
 <details>
 
-```
+```bash
 sudo lnxrouter -n -i eth1
-sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
 ```
 
-> Read _Notice 1_
+```bash
+sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
+```
 
 </details>
 
@@ -144,7 +143,7 @@ sudo lnxrouter -n --ap wlan0 MyAccessPoint -p MyPassPhrase
 
 Create a bridge
 
-```
+```bash
 sudo brctl addbr lxcbr5
 ```
 
@@ -157,7 +156,7 @@ lxc.network.link = lxcbr5
 lxc.network.hwaddr = xx:xx:xx:xx:xx:xx
 ```
 
-```
+```bash
 sudo lnxrouter -i lxcbr5
 ```
 
@@ -169,7 +168,7 @@ All clients' Internet traffic go through, for example, Tor (notice this example
 
 <details>
 
-```
+```bash
 sudo lnxrouter -i eth1 --tp 9040 --dns 9053 -g 192.168.55.1 -6 --p6 fd00:5:6:7::
 ```
 
@@ -194,7 +193,7 @@ To not give our infomation to clients. Clients can still access Internet.
 
 <details>
 
-```
+```bash
 sudo lnxrouter -i eth1 \
     --tp 9040 --dns 9053 \
     --random-mac \
@@ -212,13 +211,13 @@ sudo lnxrouter -i eth1 \
 
 Create a bridge
 
-```
+```bash
 sudo brctl addbr lxdbr5
 ```
 
 Create and add a new LXD profile overriding container's `eth0`
 
-```
+```bash
 lxc profile create profile5
 lxc profile edit profile5
 
@@ -236,13 +235,13 @@ name: profile5
 lxc profile add <container> profile5
 ```
 
-```
+```bash
 sudo lnxrouter -i lxdbr5 --tp 9040 --dns 9053
 ```
 
 To remove that new profile from container
 
-```
+```bash
 lxc profile remove <container> profile5
 ```
 
@@ -250,13 +249,13 @@ lxc profile remove <container> profile5
 
 Add new `eth0` to container overriding default `eth0`
 
-```
+```bash
 lxc config device add <container> eth0 nic name=eth0 nictype=bridged parent=lxdbr5
 ```
 
 To remove the customized `eth0` to restore default `eth0`
 
-```
+```bash
 lxc config device remove <container> eth0
 ```
 
@@ -268,7 +267,7 @@ lxc config device remove <container> eth0
 
 In VirtualBox's global settings, create a host-only network `vboxnet5` with DHCP disabled.
 
-```
+```bash
 sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
 ```
 
@@ -280,11 +279,11 @@ sudo lnxrouter -i vboxnet5 --tp 9040 --dns 9053
 
 Create a bridge
 
-```
+```bash
 sudo brctl addbr firejail5
 ```
 
-```
+```bash
 sudo lnxrouter -i firejail5 -g 192.168.55.1 --tp 9040 --dns 9053 
 firejail --net=firejail5 --dns=192.168.55.1 --blacklist=/var/run/nscd
 ```
@@ -310,17 +309,16 @@ Options:
                             and to provide Internet to
                             (To create WiFi hotspot use '--ap' instead)
     -o <interface>          Specify an inteface to provide Internet from.
-                            (See Notice 1)
                             (Note using this with default DNS option may leak
                             queries to other interfaces)
-    -n                      Do not provide Internet (See Notice 1)
+    -n                      Do not provide Internet
     --ban-priv              Disallow clients to access my private network
     
     -g <ip>                 This host's IPv4 address in subnet (mask is /24)
                             (example: '192.168.5.1' or '5' shortly)
     -6                      Enable IPv6 (NAT)
-    --no4                   Disable IPv4 Internet (not forwarding IPv4)
+    --no4                   Disable IPv4 Internet (not forwarding IPv4).
-                            (See Notice 1). Usually used with '-6'
+                            Usually used with '-6'
                             
     --p6 <prefix>           Set IPv6 LAN address prefix (length 64) 
                             (example: 'fd00:0:0:5::' or '5' shortly) 
@@ -329,7 +327,7 @@ Options:
     --dns <ip>|<port>|<ip:port>
                             DNS server's upstream DNS.
                             Use ',' to seperate multiple servers
-                            (default: use /etc/resolve.conf)
+                            (default: use /etc/resolv.conf)
                             (Note IPv6 addresses need '[]' around)
     --no-dns                Do not serve DNS
     --no-dnsmasq            Disable dnsmasq server (DHCP, DNS, RA)
@@ -369,7 +367,7 @@ Options:
                             Using this you can't use same wlan interface
                             for both Internet and AP
     --virt-name <name>      Set name of virtual interface
-    -c <channel>            Channel number (default: 1)
+    -c <channel>            Specify channel (default: use current, or 1 / 36)
     --country <code>        Set two-letter country code for regularity
                             (example: US)
     --freq-band <GHz>       Set frequency band: 2.4 or 5 (default: 2.4)
@@ -383,13 +381,28 @@ Options:
                             (defaults to /etc/hostapd/hostapd.accept)
     --hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd
     --isolate-clients       Disable wifi communication between clients
-    
-    --ieee80211n            Enable IEEE 802.11n (HT)
-    --ieee80211ac           Enable IEEE 802.11ac (VHT)
-    --ht_capab <HT>         HT capabilities (default: [HT40+])
-    --vht_capab <VHT>       VHT capabilities
-    
     --no-haveged            Do not run haveged automatically when needed
+    --hs20                  Enable Hotspot 2.0
+
+    WiFi 4 (802.11n) configs:
+    --wifi4                 Enable IEEE 802.11n (HT)
+    --req-ht                Require station HT (High Throughput) mode
+    --ht-capab <HT caps>    HT capabilities (default: [HT40+])
+
+    WiFi 5 (802.11ac) configs:
+    --wifi5                 Enable IEEE 802.11ac (VHT)
+    --req-vht               Require station VHT (Very High Thoughtput) mode
+    --vht-capab <VHT caps>  VHT capabilities
+    
+    --vht-ch-width <index>  Index of VHT channel width:
+                                0 for 20MHz or 40MHz (default)
+                                1 for 80MHz
+                                2 for 160MHz
+                                3 for 80+80MHz (Non-contigous 160MHz)    
+    --vht-seg0-ch <channel> Channel index of VHT center frequency for primary 
+                            segment. Use with '--vht-ch-width'
+    --vht-seg1-ch <channel> Channel index of VHT center frequency for secondary
+                            (second 80MHz) segment. Use with '--vht-ch-width 3'
 
   Instance managing:
     --daemon                Run in background
@@ -401,20 +414,11 @@ Options:
     --stop <id>             Stop a running instance
         For <id> you can use PID or subnet interface name.
         You can get them with '--list-running'
-```
+                
-
+Examples:
-</details>
+    lnxrouter -i eth1
-
+    lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
-## Notice
+    lnxrouter -i eth1 --tp <transparent-proxy> --dns <dns-proxy>
-
-<details>
-
-```
-    Notice 1:   This script assume your host's default policy won't forward
-                packets, so the script won't explictly ban forwarding in any
-                mode. In some unexpected case (eg. mistaken configurations) may
-                cause unwanted packets leakage between 2 networks, which you
-                should be aware of if you want isolated network
 ```
 
 </details>
@@ -447,15 +451,8 @@ Visit [**my homepage** 🏡](https://garywill.github.io) to see **more tools and
 - 🙋‍♂️ Contributions are not limited to coding. There're [some posts and questions](https://github.com/garywill/linux-router/issues) that need more people to answer
 
 ## TODO
-
-Sooner is better:
-- Detect firewalld and make sure it won't interfere our interface
-
-Future:
 - WPA3
 - Global IPv6
-- Explictly ban forwarding if not needed
-- Bring bridging method back
 
 ## License