interesting
/
linux-router
mirror of https://github.com/garywill/linux-router.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: interesting:b4cbcbdbbb8be942b887d1e069a97ae5506563db
Branches Tags
interesting:master
interesting:workaround-31
interesting:dev-12
interesting:history
interesting:0.8.1
interesting:0.7.6
interesting:0.7.3
interesting:0.7.1
interesting:0.7.1b
interesting:0.6.7
interesting:0.6.6
interesting:0.6.5
interesting:0.6.2
interesting:0.6.0
..
compare: interesting:cf9bc306c4caaf956ef746069b696391d1852292
Branches Tags
interesting:master
interesting:workaround-31
interesting:dev-12
interesting:history
interesting:0.8.1
interesting:0.7.6
interesting:0.7.3
interesting:0.7.1
interesting:0.7.1b
interesting:0.6.7
interesting:0.6.6
interesting:0.6.5
interesting:0.6.2
interesting:0.6.0

15 Commits
b4cbcbdbbb ... cf9bc306c4

Author SHA1 Message Date
garywill cf9bc306c4 version 0.8.0 2025-08-17 16:21:56 +08:00
garywill 3f8415a103 Merge branch 'wifi6' 2025-08-17 12:12:25 +08:00
garywill 7ffd74d4eb fix if interface already in a firewalld zone 2025-08-17 11:08:02 +08:00
garywill 3b036f4781 readme 2025-08-17 11:07:21 +08:00
garywill c6d704e3aa readme 2025-08-17 10:32:48 +08:00
garywill a511219b50 hostapd.conf: separate ieee80211n=1 and ht_capab= 2025-08-17 10:32:48 +08:00
garywill 7ecc846459 alias: --req-wifi4 = --req-ht . Same for wifi5/6 2025-08-17 10:32:48 +08:00
garywill bbb70b99ba update wifi options description 2025-08-17 10:32:48 +08:00
garywill 3ebbf37428 Rename --idle-timeout to --sta-timeout. No default value 2025-08-17 10:32:48 +08:00
garywill 958ebffd7f rename --enable-twt to --p2ptwt 2025-08-17 10:32:48 +08:00
garywill ff15c19383 wifi options sequence 2025-08-17 10:32:48 +08:00
garywill bc8bfb5cab wifi 4~6 options sequence 2025-08-17 10:32:48 +08:00
Phani Pavan K d288b8f0ed bump unstable version 2025-08-16 11:01:12 +08:00
Phani Pavan K 13a1654b91 added p2p twt and idle timeout, remove random spaces 2025-08-16 11:00:30 +08:00
Phani Pavan K a18d4e75a4 add he beamform(er/ee) options 2025-08-16 11:00:27 +08:00
2 changed files with 261 additions and 175 deletions
Show Stats Expand all files Collapse all files

87
README.md
View File

@ -19,13 +19,16 @@ Basic features:
- Specify upstream DNS (kind of a plain DNS proxy) - Specify upstream DNS (kind of a plain DNS proxy)
- IPv6 (behind NATed LAN, like IPv4) - IPv6 (behind NATed LAN, like IPv4)
- Creating WiFi hotspot: - Creating WiFi hotspot:
- Wifi 4/5/6
- 2.4GHz, 5GHz
- Channel selecting - Channel selecting
- Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption - Choose encryptions: WPA2/WPA, WPA2, WPA, No encryption
- Create AP on the same interface you are getting Internet (usually require same channel) - Create AP on the same interface you are getting Internet (usually require same channel)
- Transparent proxy (redsocks) - Transparent proxy (redsocks)
- Transparent DNS proxy (hijack port 53 packets) - Transparent DNS proxy (hijack port 53 packets)
- Detect NetworkManager and make sure it won't interfere (handle interface (un)managed status) - Detect and prevent interference from following Linux system daemons:
- Detect firewalld and make sure it won't interfere our (by using `trusted` zone) - NetworkManager (handle interface (un)managed status)
- firewalld (use temporary `trusted` zone)
- You can run many instances, to create many different networks. Has instances managing feature. - You can run many instances, to create many different networks. Has instances managing feature.
**For many other features, see below [CLI usage](#cli-usage-and-other-features)** **For many other features, see below [CLI usage](#cli-usage-and-other-features)**
@ -313,17 +316,17 @@ Options:
queries to other interfaces) queries to other interfaces)
-n Do not provide Internet -n Do not provide Internet
--ban-priv Disallow clients to access my private network --ban-priv Disallow clients to access my private network
-g <ip> This host's IPv4 address in subnet (mask is /24) -g <ip> This host's IPv4 address in subnet (mask is /24)
(example: '192.168.5.1' or '5' shortly) (example: '192.168.5.1' or '5' shortly)
-6 Enable IPv6 (NAT) -6 Enable IPv6 (NAT)
--no4 Disable IPv4 Internet (not forwarding IPv4). --no4 Disable IPv4 Internet (not forwarding IPv4).
Usually used with '-6' Usually used with '-6'
--p6 <prefix> Set IPv6 LAN address prefix (length 64) --p6 <prefix> Set IPv6 LAN address prefix (length 64)
(example: 'fd00:0:0:5::' or '5' shortly) (example: 'fd00:0:0:5::' or '5' shortly)
Using this enables '-6' Using this enables '-6'
--dns <ip>|<port>|<ip:port> --dns <ip>|<port>|<ip:port>
DNS server's upstream DNS. DNS server's upstream DNS.
Use ',' to seperate multiple servers Use ',' to seperate multiple servers
@ -331,37 +334,37 @@ Options:
(Note IPv6 addresses need '[]' around) (Note IPv6 addresses need '[]' around)
--no-dns Do not serve DNS --no-dns Do not serve DNS
--no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA) --no-dnsmasq Disable dnsmasq server (DHCP, DNS, RA)
--catch-dns Transparent DNS proxy, redirect packets(TCP/UDP) --catch-dns Transparent DNS proxy, redirect packets(TCP/UDP)
whose destination port is 53 to this host whose destination port is 53 to this host
--log-dns Show DNS query log (dnsmasq) --log-dns Show DNS query log (dnsmasq)
--dhcp-dns <IP1[,IP2]>|no --dhcp-dns <IP1[,IP2]>|no
Set IPv4 DNS offered by DHCP (default: this host). Set IPv4 DNS offered by DHCP (default: this host).
--dhcp-dns6 <IP1[,IP2]>|no --dhcp-dns6 <IP1[,IP2]>|no
Set IPv6 DNS offered by DHCP (RA) Set IPv6 DNS offered by DHCP (RA)
(default: this host) (default: this host)
(Note IPv6 addresses need '[]' around) (Note IPv6 addresses need '[]' around)
Using both above two will enable '--no-dns' Using both above two will enable '--no-dns'
--hostname <name> DNS server associate this name with this host. --hostname <name> DNS server associate this name with this host.
Use '-' to read name from /etc/hostname Use '-' to read name from /etc/hostname
-d DNS server will take into account /etc/hosts -d DNS server will take into account /etc/hosts
-e <hosts_file> DNS server will take into account additional -e <hosts_file> DNS server will take into account additional
hosts file hosts file
--dns-nocache DNS server no cache --dns-nocache DNS server no cache
--mac <MAC> Set MAC address --mac <MAC> Set MAC address
--random-mac Use random MAC address --random-mac Use random MAC address
--tp <port> Transparent proxy, --tp <port> Transparent proxy,
redirect non-LAN TCP and UDP(not tested) traffic to redirect non-LAN TCP and UDP(not tested) traffic to
port. (usually used with '--dns') port. (usually used with '--dns')
WiFi hotspot options: WiFi hotspot options:
--ap <wifi interface> <SSID> --ap <wifi interface> <SSID>
Create WiFi access point Create WiFi access point
-p, --password <password> -p, --password <password>
WiFi password WiFi password
--qr Show WiFi QR code in terminal (need qrencode) --qr Show WiFi QR code in terminal (need qrencode)
--hidden Hide access point (not broadcast SSID) --hidden Hide access point (not broadcast SSID)
--no-virt Do not create virtual interface --no-virt Do not create virtual interface
Using this you can't use same wlan interface Using this you can't use same wlan interface
@ -381,44 +384,62 @@ Options:
(defaults to /etc/hostapd/hostapd.accept) (defaults to /etc/hostapd/hostapd.accept)
--hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd --hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd
--isolate-clients Disable wifi communication between clients --isolate-clients Disable wifi communication between clients
--sta-timeout <seconds> Timeout to disconnect a no-signal client
--no-haveged Do not run haveged automatically when needed --no-haveged Do not run haveged automatically when needed
--hs20 Enable Hotspot 2.0 --hs20 Enable Hotspot 2.0
WiFi 4 (802.11n) configs: WiFi 4 (802.11n) configs:
--wifi4 Enable IEEE 802.11n (HT) --wifi4 Enable IEEE 802.11n (HT, High Throughput)
--req-ht Require station HT (High Throughput) mode --ht-capab <HT caps> HT capabilities (example: '[HT40+][HT40-]')
--ht-capab <HT caps> HT capabilities (default: [HT40+]) (default: '[HT40+]')
--req-wifi4 Only support Wifi>=4 clients
WiFi 5 (802.11ac) configs: WiFi 5 (802.11ac) configs:
--wifi5 Enable IEEE 802.11ac (VHT) --wifi5 Enable IEEE 802.11ac (VHT, Very High Thoughtput)
--req-vht Require station VHT (Very High Thoughtput) mode --vht-capab <VHT caps> VHT capabilities (example: '[VHT160][RXLDPC]')
--vht-capab <VHT caps> VHT capabilities
--vht-ch-width <index> Index of VHT channel width: --vht-ch-width <index> Index of VHT channel width:
0 for 20MHz or 40MHz (default) 0 for 20MHz or 40MHz (default)
1 for 80MHz 1 for 80MHz
2 for 160MHz 2 for 160MHz
3 for 80+80MHz (Non-contigous 160MHz) 3 for 80+80MHz (Non-contigous 160MHz)
--vht-seg0-ch <channel> Channel index of VHT center frequency for primary --vht-seg0-ch <channel> Channel index of VHT center frequency for primary
segment. Use with '--vht-ch-width' segment. Use with '--vht-ch-width'
--vht-seg1-ch <channel> Channel index of VHT center frequency for secondary --vht-seg1-ch <channel> Channel index of VHT center frequency for secondary
(second 80MHz) segment. Use with '--vht-ch-width 3' (second 80MHz) segment. Use with '--vht-ch-width 3'
--req-wifi5 Only support Wifi>=5 clients
WiFi 6 (802.11ax) configs:
--wifi6 Enable IEEE 802.11ax (HE, High Efficiency)
--he-ch-width <index> Index of HE channel width:
0 for 20MHz or 40MHz (default)
1 for 80MHz
2 for 160MHz
3 for 80+80MHz (Non-contigous 160MHz)
--he-seg0-ch <channel> Channel index of HE center frequency for primary
segment. Use with '--he-ch-width'
--he-seg1-ch <channel> Channel index of HE center frequency for secondary
(second 80MHz) segment. Use with '--he-ch-width 3'
--he-su-bfe HE Single User Beamformee support
--he-su-bfr HE Single User Beamformer support
--he-mu-bfr HE Multi User Beamformer support
--req-wifi6 Only support Wifi>=6 clients
--p2ptwt Peer-to-Peer Target Wake Time support
Note: Some cutting-edge Wifi features strongly depends on hostapd built
with specific flags enabled and compatible hardware
Instance managing: Instance managing:
--daemon Run in background --daemon Run in background
--keep-confdir Don't delete the temporary config dir after exit
-l, --list-running Show running instances -l, --list-running Show running instances
--lc, --list-clients <id|interface> --lc, --list-clients <id|interface>
List clients of an instance. Or list neighbors of List clients of an instance. Or list neighbors of
an interface, even if it isn't handled by us. an interface, even if it isn't handled by us.
(passive mode) (passive mode)
--stop <id> Stop a running instance --stop <id> Stop a running instance
For <id> you can use PID or subnet interface name. For <id> you can use PID or subnet interface name.
You can get them with '--list-running' You can get them with '--list-running'
Examples:
lnxrouter -i eth1
lnxrouter --ap wlan0 MyAccessPoint -p MyPassPhrase
lnxrouter -i eth1 --tp <transparent-proxy> --dns <dns-proxy>
``` ```
</details> </details>

349
lnxrouter
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
VERSION=0.8.0-unstable2 VERSION=0.8.0
PROGNAME="$(basename "$0")" PROGNAME="$(basename "$0")"
export LC_ALL=C export LC_ALL=C
@ -101,19 +101,19 @@ Options:
(defaults to /etc/hostapd/hostapd.accept) (defaults to /etc/hostapd/hostapd.accept)
--hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd --hostapd-debug <level> 1 or 2. Passes -d or -dd to hostapd
--isolate-clients Disable wifi communication between clients --isolate-clients Disable wifi communication between clients
--sta-timeout <seconds> Timeout to disconnect a no-signal client
--no-haveged Do not run haveged automatically when needed --no-haveged Do not run haveged automatically when needed
--hs20 Enable Hotspot 2.0 --hs20 Enable Hotspot 2.0
WiFi 4 (802.11n) configs: WiFi 4 (802.11n) configs:
--wifi4 Enable IEEE 802.11n (HT) --wifi4 Enable IEEE 802.11n (HT, High Throughput)
--req-ht Require station HT (High Throughput) mode --ht-capab <HT caps> HT capabilities (example: '[HT40+][HT40-]')
--ht-capab <HT caps> HT capabilities (default: [HT40+]) (default: '[HT40+]')
--req-wifi4 Only support Wifi>=4 clients
WiFi 5 (802.11ac) configs:
--wifi5 Enable IEEE 802.11ac (VHT)
--req-vht Require station VHT (Very High Thoughtput) mode
--vht-capab <VHT caps> VHT capabilities
WiFi 5 (802.11ac) configs:
--wifi5 Enable IEEE 802.11ac (VHT, Very High Thoughtput)
--vht-capab <VHT caps> VHT capabilities (example: '[VHT160][RXLDPC]')
--vht-ch-width <index> Index of VHT channel width: --vht-ch-width <index> Index of VHT channel width:
0 for 20MHz or 40MHz (default) 0 for 20MHz or 40MHz (default)
1 for 80MHz 1 for 80MHz
@ -123,11 +123,10 @@ Options:
segment. Use with '--vht-ch-width' segment. Use with '--vht-ch-width'
--vht-seg1-ch <channel> Channel index of VHT center frequency for secondary --vht-seg1-ch <channel> Channel index of VHT center frequency for secondary
(second 80MHz) segment. Use with '--vht-ch-width 3' (second 80MHz) segment. Use with '--vht-ch-width 3'
--req-wifi5 Only support Wifi>=5 clients
WiFi 6 (802.11ax) configs: WiFi 6 (802.11ax) configs:
--wifi6 Enable IEEE 802.11ax (HE) --wifi6 Enable IEEE 802.11ax (HE, High Efficiency)
--req-he Require station HE (High Efficiency) mode
--he-ch-width <index> Index of HE channel width: --he-ch-width <index> Index of HE channel width:
0 for 20MHz or 40MHz (default) 0 for 20MHz or 40MHz (default)
1 for 80MHz 1 for 80MHz
@ -137,6 +136,14 @@ Options:
segment. Use with '--he-ch-width' segment. Use with '--he-ch-width'
--he-seg1-ch <channel> Channel index of HE center frequency for secondary --he-seg1-ch <channel> Channel index of HE center frequency for secondary
(second 80MHz) segment. Use with '--he-ch-width 3' (second 80MHz) segment. Use with '--he-ch-width 3'
--he-su-bfe HE Single User Beamformee support
--he-su-bfr HE Single User Beamformer support
--he-mu-bfr HE Multi User Beamformer support
--req-wifi6 Only support Wifi>=6 clients
--p2ptwt Peer-to-Peer Target Wake Time support
Note: Some cutting-edge Wifi features strongly depends on hostapd built
with specific flags enabled and compatible hardware
Instance managing: Instance managing:
--daemon Run in background --daemon Run in background
@ -209,20 +216,6 @@ define_global_variables(){
WPA_VERSION=2 WPA_VERSION=2
MAC_FILTER=0 MAC_FILTER=0
MAC_FILTER_ACCEPT=/etc/hostapd/hostapd.accept MAC_FILTER_ACCEPT=/etc/hostapd/hostapd.accept
IEEE80211N=0
REQUIREHT=0
IEEE80211AC=0
REQUIREVHT=0
IEEE80211AX=0
REQUIREHE=0
HT_CAPAB='[HT40+]'
VHT_CAPAB=
VHTCHANNELWIDTH=0
VHTSEG0CHINDEX=0
VHTSEG1CHINDEX=0
HECHANNELWIDTH=0
HESEG0CHINDEX=0
HESEG1CHINDEX=0
DRIVER=nl80211 DRIVER=nl80211
NO_VIRT=0 # not use virtual interface NO_VIRT=0 # not use virtual interface
COUNTRY= COUNTRY=
@ -232,6 +225,29 @@ define_global_variables(){
USE_PSK=0 USE_PSK=0
ISOLATE_CLIENTS=0 ISOLATE_CLIENTS=0
QR=0 # show wifi qr QR=0 # show wifi qr
STATIMEOUT=
#wifi4
IEEE80211N=0
REQUIREHT=0
HT_CAPAB='[HT40+]'
#wifi5
IEEE80211AC=0
REQUIREVHT=0
VHT_CAPAB=
VHTCHANNELWIDTH=0
VHTSEG0CHINDEX=0
VHTSEG1CHINDEX=0
#wifi6
IEEE80211AX=0
REQUIREHE=0
HECHANNELWIDTH=0
HESEG0CHINDEX=0
HESEG1CHINDEX=0
HESUBFE=0
HESUBFR=0
HEMUBFR=0
P2PTWT=0
# script variables # script variables
PHY= PHY=
@ -252,6 +268,7 @@ define_global_variables(){
NM_UNM_LIST= # it's called "list" but for now one interface NM_UNM_LIST= # it's called "list" but for now one interface
NM_PID= NM_PID=
FIREWALLD_PID= FIREWALLD_PID=
OLD_FIREWALLD_ZONE=
TMP_FIREWALLD_ZONE= TMP_FIREWALLD_ZONE=
KEEP_CONFDIR= KEEP_CONFDIR=
} }
@ -291,8 +308,6 @@ parse_user_options(){
SHARE_METHOD=redsocks SHARE_METHOD=redsocks
shift shift
;; ;;
-g) -g)
shift shift
GATEWAY4="$1" GATEWAY4="$1"
@ -321,7 +336,6 @@ parse_user_options(){
shift shift
MAC_USE_RANDOM=1 MAC_USE_RANDOM=1
;; ;;
--dns) --dns)
shift shift
DNS="$1" DNS="$1"
@ -371,12 +385,11 @@ parse_user_options(){
shift shift
DNS_NOCACHE=1 DNS_NOCACHE=1
;; ;;
--isolate-clients) --isolate-clients)
shift shift
ISOLATE_CLIENTS=1 ISOLATE_CLIENTS=1
;; ;;
# wifi ap
--ap) --ap)
shift shift
WIFI_IFACE="$1" WIFI_IFACE="$1"
@ -393,8 +406,6 @@ parse_user_options(){
shift shift
QR=1 QR=1
;; ;;
--hidden) --hidden)
shift shift
HIDDEN=1 HIDDEN=1
@ -408,7 +419,6 @@ parse_user_options(){
MAC_FILTER_ACCEPT="$1" MAC_FILTER_ACCEPT="$1"
shift shift
;; ;;
-c) -c)
shift shift
CHANNEL="$1" CHANNEL="$1"
@ -424,69 +434,9 @@ parse_user_options(){
[[ "$WPA_VERSION" == "2+1" ]] && WPA_VERSION=1+2 [[ "$WPA_VERSION" == "2+1" ]] && WPA_VERSION=1+2
shift shift
;; ;;
--sta-timeout)
--wifi4|--ieee80211n)
shift shift
IEEE80211N=1 STATIMEOUT="$1"
;;
--req-ht|--require-ht)
shift
REQUIREHT=1
;;
--wifi5|--ieee80211ac)
shift
IEEE80211AC=1
;;
--wifi6|--ieee80211ax)
shift
IEEE80211AX=1
;;
--req-he|--require-he)
shift
REQUIREHE=1
;;
--req-vht|--require-vht)
shift
REQUIREVHT=1
;;
--ht-capab)
shift
HT_CAPAB="$1"
shift
;;
--vht-capab)
shift
VHT_CAPAB="$1"
shift
;;
--vht-ch-width|--vht-channel-width)
shift
VHTCHANNELWIDTH="$1"
shift
;;
--vht-seg0-ch|--vht-seg0-channel)
shift
VHTSEG0CHINDEX="$1"
shift
;;
--vht-seg1-ch|--vht-seg1-channel)
shift
VHTSEG1CHINDEX="$1"
shift
;;
--he-ch-width|--he-channel-width)
shift
HECHANNELWIDTH="$1"
shift
;;
--he-seg0-ch|--he-seg0-channel)
shift
HESEG0CHINDEX="$1"
shift
;;
--he-seg1-ch|--he-seg1-channel)
shift
HESEG1CHINDEX="$1"
shift shift
;; ;;
--driver) --driver)
@ -503,7 +453,6 @@ parse_user_options(){
VIRT_NAME="$1" VIRT_NAME="$1"
shift shift
;; ;;
--country) --country)
shift shift
COUNTRY="$1" COUNTRY="$1"
@ -534,7 +483,90 @@ parse_user_options(){
shift shift
USE_PSK=1 USE_PSK=1
;; ;;
# wifi 4
--wifi4|--ieee80211n)
shift
IEEE80211N=1
;;
--req-wifi4|--req-ht|--require-ht)
shift
REQUIREHT=1
;;
--ht-capab)
shift
HT_CAPAB="$1"
shift
;;
# wifi 5
--wifi5|--ieee80211ac)
shift
IEEE80211AC=1
;;
--req-wifi5|--req-vht|--require-vht)
shift
REQUIREVHT=1
;;
--vht-capab)
shift
VHT_CAPAB="$1"
shift
;;
--vht-ch-width|--vht-channel-width)
shift
VHTCHANNELWIDTH="$1"
shift
;;
--vht-seg0-ch|--vht-seg0-channel)
shift
VHTSEG0CHINDEX="$1"
shift
;;
--vht-seg1-ch|--vht-seg1-channel)
shift
VHTSEG1CHINDEX="$1"
shift
;;
# wifi 6
--wifi6|--ieee80211ax)
shift
IEEE80211AX=1
;;
--req-wifi6|--req-he|--require-he)
shift
REQUIREHE=1
;;
--he-ch-width|--he-channel-width)
shift
HECHANNELWIDTH="$1"
shift
;;
--he-seg0-ch|--he-seg0-channel)
shift
HESEG0CHINDEX="$1"
shift
;;
--he-seg1-ch|--he-seg1-channel)
shift
HESEG1CHINDEX="$1"
shift
;;
--he-su-bfe)
shift
HESUBFE=1
;;
--he-su-bfr)
shift
HESUBFR=1
;;
--he-mu-bfr)
shift
HEMUBFR=1
;;
--p2ptwt)
shift
P2PTWT=1
;;
# instance managing
--daemon) --daemon)
shift shift
DAEMONIZE=1 DAEMONIZE=1
@ -557,7 +589,6 @@ parse_user_options(){
shift shift
KEEP_CONFDIR=1 KEEP_CONFDIR=1
;; ;;
*) *)
echo "Invalid parameter: $1" 1>&2 echo "Invalid parameter: $1" 1>&2
exit 1 exit 1
@ -778,7 +809,7 @@ show_interface_pci_info() { # pci id / model / virtual
[[ -n "$driver" ]] && echo "System-already-loaded driver: $driver" [[ -n "$driver" ]] && echo "System-already-loaded driver: $driver"
[[ -n "$device_fullname" ]] && echo "$device_fullname" [[ -n "$device_fullname" ]] && echo "$device_fullname"
echo "" echo ""
# TODO usb # TODO Fix pci and usb devices
} }
alloc_new_vface_name() { # only for wifi alloc_new_vface_name() { # only for wifi
@ -1006,18 +1037,28 @@ is_firewalld_running() {
FIREWALLD_PID= # cancel value if treat as not running FIREWALLD_PID= # cancel value if treat as not running
return 1 # not running return 1 # not running
} }
firewalld_add_tmpzone() { firewalld_addto_tmptrustedzone() {
# TMP_FIREWALLD_ZONE="lrt${$}${SUBNET_IFACE}" OLD_FIREWALLD_ZONE="$(firewall-cmd --get-zone-of-interface=$SUBNET_IFACE 2>/dev/null)"
TMP_FIREWALLD_ZONE="trusted" [[ "$OLD_FIREWALLD_ZONE" == 'trusted' ]] && return
# firewall-cmd --new-zone=$TMP_FIREWALLD_ZONE || die "Failed creating temporary firewalld zone"
TMP_FIREWALLD_ZONE="trusted" # need subnet interface into this zone during linux-router working
if [[ -n "$OLD_FIREWALLD_ZONE" ]]; then
echo "Getting $SUBNET_IFACE out from firewalld zone '$OLD_FIREWALLD_ZONE' ..."
firewall-cmd --zone=$OLD_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null || die "Failed removing $SUBNET_IFACE from firewalld '$OLD_FIREWALLD_ZONE' zone"
fi
echo "Adding $SUBNET_IFACE to firewalld '$TMP_FIREWALLD_ZONE' zone" echo "Adding $SUBNET_IFACE to firewalld '$TMP_FIREWALLD_ZONE' zone"
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null || die "Failed adding interface to firewalld temporary zone" firewall-cmd --zone=$TMP_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null || die "Failed adding interface to firewalld temporary '$TMP_FIREWALLD_ZONE' zone"
} }
firewalld_del_tmpzone() { firewalld_restoreoldzone() {
if [[ -n "$TMP_FIREWALLD_ZONE" ]];then if [[ -n "$TMP_FIREWALLD_ZONE" ]];then
echo "Removing $SUBNET_IFACE from firewalld '$TMP_FIREWALLD_ZONE' zone" echo "Removing $SUBNET_IFACE from firewalld '$TMP_FIREWALLD_ZONE' zone"
firewall-cmd --zone=$TMP_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null firewall-cmd --zone=$TMP_FIREWALLD_ZONE --remove-interface=$SUBNET_IFACE >/dev/null
# firewall-cmd --delete-zone=$TMP_FIREWALLD_ZONE
if [[ -n "$OLD_FIREWALLD_ZONE" ]]; then
echo "Restoring $SUBNET_IFACE to firewalld '$OLD_FIREWALLD_ZONE' zone"
firewall-cmd --zone=$OLD_FIREWALLD_ZONE --add-interface=$SUBNET_IFACE >/dev/null
fi
fi fi
} }
@ -1394,7 +1435,7 @@ _cleanup() {
ip link set down dev "${SUBNET_IFACE}" ip link set down dev "${SUBNET_IFACE}"
firewalld_del_tmpzone firewalld_restoreoldzone
if [[ $VWIFI_IFACE ]]; then # the subnet interface (virtual wifi interface) will be removed if [[ $VWIFI_IFACE ]]; then # the subnet interface (virtual wifi interface) will be removed
iw dev "${VWIFI_IFACE}" del iw dev "${VWIFI_IFACE}" del
@ -1983,21 +2024,46 @@ write_hostapd_conf() {
EOF EOF
fi fi
if [[ -n "$PASSPHRASE" ]]; then
[[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3
if [[ $USE_PSK -eq 0 ]]; then
WPA_KEY_TYPE=passphrase
else
WPA_KEY_TYPE=psk
fi
cat <<- EOF >> "$CONFDIR/hostapd.conf"
wpa=${WPA_VERSION}
wpa_${WPA_KEY_TYPE}=${PASSPHRASE}
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
EOF
else
echo "WARN: WiFi is not protected by password" >&2
fi
if [[ $HOTSPOT20 -eq 1 ]]; then if [[ $HOTSPOT20 -eq 1 ]]; then
echo "hs20=1" >> "$CONFDIR/hostapd.conf" echo "hs20=1" >> "$CONFDIR/hostapd.conf"
fi fi
if [[ -n "$STATIMEOUT" ]]; then
echo "ap_max_inactivity=${STATIMEOUT}" >> "$CONFDIR/hostapd.conf"
fi
# wifi4 -----------------
if [[ $IEEE80211N -eq 1 ]]; then if [[ $IEEE80211N -eq 1 ]]; then
cat <<- EOF >> "$CONFDIR/hostapd.conf" echo "ieee80211n=1" >> "$CONFDIR/hostapd.conf"
ieee80211n=1 fi
ht_capab=${HT_CAPAB}
EOF if [[ -n "$HT_CAPAB" ]]; then
echo "ht_capab=${HT_CAPAB}" >> "$CONFDIR/hostapd.conf"
fi fi
if [[ $REQUIREHT -eq 1 ]]; then if [[ $REQUIREHT -eq 1 ]]; then
echo "require_ht=1" >> "$CONFDIR/hostapd.conf" echo "require_ht=1" >> "$CONFDIR/hostapd.conf"
fi fi
# wifi5 -----------------
if [[ $IEEE80211AC -eq 1 ]]; then if [[ $IEEE80211AC -eq 1 ]]; then
echo "ieee80211ac=1" >> "$CONFDIR/hostapd.conf" echo "ieee80211ac=1" >> "$CONFDIR/hostapd.conf"
fi fi
@ -2006,16 +2072,6 @@ write_hostapd_conf() {
echo "require_vht=1" >> "$CONFDIR/hostapd.conf" echo "require_vht=1" >> "$CONFDIR/hostapd.conf"
fi fi
if [[ $IEEE80211AX -eq 1 ]]; then
echo "ieee80211ax=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $REQUIREHE -eq 1 ]]; then
echo "require_he=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ -n "$VHT_CAPAB" ]]; then if [[ -n "$VHT_CAPAB" ]]; then
echo "vht_capab=${VHT_CAPAB}" >> "$CONFDIR/hostapd.conf" echo "vht_capab=${VHT_CAPAB}" >> "$CONFDIR/hostapd.conf"
fi fi
@ -2038,6 +2094,27 @@ write_hostapd_conf() {
EOF EOF
fi fi
# wifi6 -----------------
if [[ $IEEE80211AX -eq 1 ]]; then
echo "ieee80211ax=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $REQUIREHE -eq 1 ]]; then
echo "require_he=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $HESUBFE -eq 1 ]]; then
echo "he_su_beamformee=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $HESUBFR -eq 1 ]]; then
echo "he_su_beamformer=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $HEMUBFR -eq 1 ]]; then
echo "he_mu_beamformer=1" >> "$CONFDIR/hostapd.conf"
fi
if [[ $HECHANNELWIDTH -gt 0 ]]; then if [[ $HECHANNELWIDTH -gt 0 ]]; then
cat <<- EOF >> "$CONFDIR/hostapd.conf" cat <<- EOF >> "$CONFDIR/hostapd.conf"
he_oper_chwidth=${HECHANNELWIDTH} he_oper_chwidth=${HECHANNELWIDTH}
@ -2056,27 +2133,15 @@ write_hostapd_conf() {
EOF EOF
fi fi
if [[ $P2PTWT -eq 1 ]]; then
echo "peer_to_peer_twt=1" >> "$CONFDIR/hostapd.conf"
fi
# -----------------
if [[ $IEEE80211N -eq 1 ]] || [[ $IEEE80211AC -eq 1 ]] || [[ $IEEE80211AX -eq 1 ]]; then if [[ $IEEE80211N -eq 1 ]] || [[ $IEEE80211AC -eq 1 ]] || [[ $IEEE80211AX -eq 1 ]]; then
echo "wmm_enabled=1" >> "$CONFDIR/hostapd.conf" echo "wmm_enabled=1" >> "$CONFDIR/hostapd.conf"
fi fi
if [[ -n "$PASSPHRASE" ]]; then
[[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3
if [[ $USE_PSK -eq 0 ]]; then
WPA_KEY_TYPE=passphrase
else
WPA_KEY_TYPE=psk
fi
cat <<- EOF >> "$CONFDIR/hostapd.conf"
wpa=${WPA_VERSION}
wpa_${WPA_KEY_TYPE}=${PASSPHRASE}
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
rsn_pairwise=CCMP
EOF
else
echo "WARN: WiFi is not protected by password" >&2
fi
chmod 600 "$CONFDIR/hostapd.conf" chmod 600 "$CONFDIR/hostapd.conf"
} }
@ -2424,7 +2489,7 @@ fi
echo "" echo ""
is_firewalld_running && firewalld_add_tmpzone is_firewalld_running && firewalld_addto_tmptrustedzone
echo echo