From 28d9061ea913741980972b31c59d819b11bd5c8e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 17:20:10 +0100 Subject: wireless: T3034: add WPA3 support --- smoketest/scripts/cli/test_interfaces_wireless.py | 63 ++++++++++++++++++++++- 1 file changed, 62 insertions(+), 1 deletion(-) (limited to 'smoketest/scripts/cli/test_interfaces_wireless.py') diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 0e93b6432..a62b44ee5 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -18,14 +18,16 @@ import os import re import unittest +from vyos.configsession import ConfigSessionError from base_interfaces_test import BasicInterfaceTest + from vyos.util import process_named_running from vyos.util import check_kmod from vyos.util import read_file def get_config_value(interface, key): tmp = read_file(f'/run/hostapd/{interface}.conf') - tmp = re.findall(r'\n?{}=+(.*)'.format(key), tmp) + tmp = re.findall(f'{key}=+(.*)', tmp) return tmp[0] class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): @@ -114,6 +116,8 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): # # Validate Config # + tmp = get_config_value(interface, 'interface') + self.assertEqual(interface, tmp) # ssid tmp = get_config_value(interface, 'ssid') @@ -138,6 +142,63 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): # Check for running process self.assertTrue(process_named_running('hostapd')) + def test_hostapd_wpa_config(self): + """ Check if hostapd config is properly generated """ + + # Only set the hostapd (access-point) options + interface = 'wlan0' + phy = 'phy0' + ssid = 'ssid' + channel = '0' + wpa_key = 'VyOSVyOSVyOS' + mode = 'n' + + self.session.set(self._base_path + [interface, 'physical-device', phy]) + self.session.set(self._base_path + [interface, 'type', 'access-point']) + self.session.set(self._base_path + [interface, 'mode', 'mode']) + + # SSID must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'ssid', ssid]) + + # Channel must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'channel', channel]) + + + self.session.set(self._base_path + [interface, 'security', 'wpa', 'mode', 'wpa2']) + self.session.set(self._base_path + [interface, 'security', 'wpa', 'passphrase', wpa_key]) + + self.session.commit() + + # + # Validate Config + # + tmp = get_config_value(interface, 'interface') + self.assertEqual(interface, tmp) + + tmp = get_config_value(interface, 'hw_mode') + self.assertEqual(mode, tmp) + + # WPA key + tmp = get_config_value(interface, 'wpa') + self.assertEqual('2', tmp) + tmp = get_config_value(interface, 'wpa_passphrase') + self.assertEqual(wpa_key, tmp) + + # SSID + tmp = get_config_value(interface, 'ssid') + self.assertEqual(ssid, tmp) + + # channel + tmp = get_config_value(interface, 'channel') + self.assertEqual(channel, tmp) + + # Check for running process + self.assertTrue(process_named_running('hostapd')) + if __name__ == '__main__': check_kmod('mac80211_hwsim') unittest.main() -- cgit v1.2.3 From 01e3d935a34f38e48364724da1cad7cbbb18576e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 18:22:55 +0100 Subject: wireless: T3042: move wifi-regulatory-domain into individual interface definition --- data/configd-include.json | 3 +- data/templates/wifi/hostapd.conf.tmpl | 12 +-- interface-definitions/interfaces-wireless.xml.in | 59 +++++++-------- smoketest/scripts/cli/test_interfaces_wireless.py | 19 ++++- src/conf_mode/interfaces-wireless.py | 8 +- src/conf_mode/system-wifi-regdom.py | 90 ----------------------- src/migration-scripts/interfaces/13-to-14 | 12 ++- 7 files changed, 61 insertions(+), 142 deletions(-) delete mode 100755 src/conf_mode/system-wifi-regdom.py (limited to 'smoketest/scripts/cli/test_interfaces_wireless.py') diff --git a/data/configd-include.json b/data/configd-include.json index 95aef65ad..da6fb915f 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -48,7 +48,6 @@ "system-options.py", "system-syslog.py", "system-timezone.py", -"system-wifi-regdom.py", "system_console.py", "system_lcd.py", "task_scheduler.py", @@ -59,4 +58,4 @@ "vrf.py", "vrrp.py", "vyos_cert.py" -] \ No newline at end of file +] diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 95837da95..16d9f7c98 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -72,18 +72,18 @@ ssid={{ ssid }} channel={{ channel }} {% endif %} -{% if mode %} +{% if mode is defined and mode is not none %} # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz), # g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used # with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this -# needs to be set to hw_mode=a. For IEEE 802.11ax (HE) on 6 GHz this needs -# to be set to hw_mode=a. When using ACS (see channel parameter), a +# needs to be set to hw_mode a. For IEEE 802.11ax (HE) on 6 GHz this needs +# to be set to hw_mode a. When using ACS (see channel parameter), a # special value "any" can be used to indicate that any support band can be used. # This special case is currently supported only with drivers with which # offloaded ACS is used. -{% if 'n' in mode %} +{% if mode == 'n' %} hw_mode=g -{% elif 'ac' in mode %} +{% elif mode == 'ac' %} hw_mode=a ieee80211h=1 ieee80211ac=1 @@ -533,7 +533,7 @@ wep_key{{ loop.index -1 }}={{ security.wep.key }} # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) # Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2. -# In other words, for WPA3, wpa=2 is used the configuration (and +# In other words, for WPA3, wpa 2 is used the configuration (and # wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK). {% if security.wpa.mode is defined %} {% if security.wpa.mode == 'wpa+wpa2' %} diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index c805e488a..78c40d876 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -58,7 +58,7 @@ Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel - (ht20|ht40\+|ht40-) + ^(ht20|ht40\+|ht40-)$ @@ -108,7 +108,7 @@ Set maximum A-MSDU length to 7935 octets - (3839|7935) + ^(3839|7935)$ @@ -127,7 +127,7 @@ Short GI for 40 MHz - (20|40) + ^(20|40)$ @@ -147,7 +147,7 @@ DYNAMIC Spatial Multiplexing (SM) Power Save - (static|dynamic) + ^(static|dynamic)$ @@ -164,7 +164,7 @@ Number of spacial streams that can use RX STBC - [1-3]+ + ^[1-3]+$ Invalid capability item @@ -243,7 +243,7 @@ Support for operation as multi user beamformee - (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) + ^(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)$ @@ -329,7 +329,7 @@ Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB - (unsolicited|both) + ^(unsolicited|both)$ Invalid capability item @@ -361,7 +361,7 @@ ncrease Maximum MPDU length to 11454 octets - (7991|11454) + ^(7991|11454)$ @@ -380,7 +380,7 @@ Short GI for 160 MHz - (80|160) + ^(80|160)$ @@ -398,7 +398,7 @@ Number of spacial streams that can use RX STBC - [1-4]+ + ^[1-4]+$ Invalid capability item @@ -443,6 +443,22 @@ + + + Indicate country in which device is operating + + US EU JP DE UK CN ES FR RU + + + <code%gt; + ISO/IEC 3166-1 Country Code + + + ^[A-Z][A-Z]$ + + Invalid ISO/IEC 3166-1 Country Code + + #include #include #include @@ -520,7 +536,7 @@ MFP enforced - (disabled|optional|required) + ^(disabled|optional|required)$ @@ -782,25 +798,4 @@ - - - - - Wireless regulatory domain (mandatory) - 305 - - US EU JP DE UK CN - - - <code%gt; - Country code (ISO/IEC 3166-1) - - - [A-Z][A-Z]$ - - invalid country code - - - - diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index a62b44ee5..65cf127ce 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -38,15 +38,14 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self._options = { 'wlan0': ['physical-device phy0', 'ssid VyOS-WIFI-0', 'type station', 'address 192.0.2.1/30'], - 'wlan1': ['physical-device phy0', 'ssid VyOS-WIFI-1', + 'wlan1': ['physical-device phy0', 'ssid VyOS-WIFI-1', 'country-code SE', 'type access-point', 'address 192.0.2.5/30', 'channel 0'], 'wlan10': ['physical-device phy1', 'ssid VyOS-WIFI-2', 'type station', 'address 192.0.2.9/30'], - 'wlan11': ['physical-device phy1', 'ssid VyOS-WIFI-3', + 'wlan11': ['physical-device phy1', 'ssid VyOS-WIFI-3', 'country-code SE', 'type access-point', 'address 192.0.2.13/30', 'channel 0'], } self._interfaces = list(self._options) - self.session.set(['system', 'wifi-regulatory-domain', 'SE']) def test_add_address_single(self): """ derived method to check if member interfaces are enslaved properly """ @@ -75,6 +74,7 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.session.set(self._base_path + [interface, 'ssid', ssid]) self.session.set(self._base_path + [interface, 'type', 'access-point']) self.session.set(self._base_path + [interface, 'channel', channel]) + self.session.set(self._base_path + [interface, 'country-code', 'SE']) # auto-powersave is special self.session.set(self._base_path + [interface, 'capabilities', 'ht', 'auto-powersave']) @@ -152,10 +152,11 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): channel = '0' wpa_key = 'VyOSVyOSVyOS' mode = 'n' + country = 'DE' self.session.set(self._base_path + [interface, 'physical-device', phy]) self.session.set(self._base_path + [interface, 'type', 'access-point']) - self.session.set(self._base_path + [interface, 'mode', 'mode']) + self.session.set(self._base_path + [interface, 'mode', mode]) # SSID must be set with self.assertRaises(ConfigSessionError): @@ -167,6 +168,10 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.session.commit() self.session.set(self._base_path + [interface, 'channel', channel]) + # Country-Code must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'country-code', country]) self.session.set(self._base_path + [interface, 'security', 'wpa', 'mode', 'wpa2']) self.session.set(self._base_path + [interface, 'security', 'wpa', 'passphrase', wpa_key]) @@ -180,6 +185,8 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.assertEqual(interface, tmp) tmp = get_config_value(interface, 'hw_mode') + # rewrite special mode + if mode == 'n': mode = 'g' self.assertEqual(mode, tmp) # WPA key @@ -196,6 +203,10 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): tmp = get_config_value(interface, 'channel') self.assertEqual(channel, tmp) + # Country code + tmp = get_config_value(interface, 'country_code') + self.assertEqual(country, tmp) + # Check for running process self.assertTrue(process_named_running('hostapd')) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index a18a21b83..5d723bbfd 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -109,11 +109,6 @@ def get_config(config=None): if tmp: wifi = dict_merge(tmp, wifi) - # retrieve configured regulatory domain - conf.set_level(['system']) - if conf.exists(['wifi-regulatory-domain']): - wifi['country_code'] = conf.return_value(['wifi-regulatory-domain']) - # Only one wireless interface per phy can be in station mode tmp = find_other_stations(conf, base, wifi['ifname']) if tmp: wifi['station_interfaces'] = tmp @@ -144,8 +139,7 @@ def verify(wifi): if wifi['type'] == 'access-point': if 'country_code' not in wifi: - raise ConfigError('Wireless regulatory domain is mandatory,\n' \ - 'use "set system wifi-regulatory-domain" for configuration.') + raise ConfigError('Wireless country-code is mandatory') if 'channel' not in wifi: raise ConfigError('Wireless channel must be configured!') diff --git a/src/conf_mode/system-wifi-regdom.py b/src/conf_mode/system-wifi-regdom.py deleted file mode 100755 index 874f93923..000000000 --- a/src/conf_mode/system-wifi-regdom.py +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2019-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from copy import deepcopy -from sys import exit - -from vyos.config import Config -from vyos import ConfigError -from vyos.template import render - -from vyos import airbag -airbag.enable() - -config_80211_file='/etc/modprobe.d/cfg80211.conf' -config_crda_file='/etc/default/crda' - -default_config_data = { - 'regdom' : '', - 'deleted' : False -} - -def get_config(config=None): - regdom = deepcopy(default_config_data) - if config: - conf = config - else: - conf = Config() - base = ['system', 'wifi-regulatory-domain'] - - # Check if interface has been removed - if not conf.exists(base): - regdom['deleted'] = True - return regdom - else: - regdom['regdom'] = conf.return_value(base) - - return regdom - -def verify(regdom): - if regdom['deleted']: - return None - - if not regdom['regdom']: - raise ConfigError("Wireless regulatory domain is mandatory.") - - return None - -def generate(regdom): - print("Changing the wireless regulatory domain requires a system reboot.") - - if regdom['deleted']: - if os.path.isfile(config_80211_file): - os.unlink(config_80211_file) - - if os.path.isfile(config_crda_file): - os.unlink(config_crda_file) - - return None - - render(config_80211_file, 'wifi/cfg80211.conf.tmpl', regdom) - render(config_crda_file, 'wifi/crda.tmpl', regdom) - return None - -def apply(regdom): - return None - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/migration-scripts/interfaces/13-to-14 b/src/migration-scripts/interfaces/13-to-14 index 545b57ab2..fc6d7f443 100755 --- a/src/migration-scripts/interfaces/13-to-14 +++ b/src/migration-scripts/interfaces/13-to-14 @@ -14,7 +14,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# Rename Wireless interface security mode 'both' to 'wpa+wpa2' +# T3043: rename Wireless interface security mode 'both' to 'wpa+wpa2' +# T3043: move "system wifi-regulatory-domain" to indicidual wireless interface import os @@ -36,6 +37,12 @@ if __name__ == '__main__': # Nothing to do exit(0) + country_code = '' + cc_cli = ['system', 'wifi-regulatory-domain'] + if config.exists(cc_cli): + country_code = config.return_value(cc_cli) + config.delete(cc_cli) + for wifi in config.list_nodes(base): sec_mode = base + [wifi, 'security', 'wpa', 'mode'] if config.exists(sec_mode): @@ -43,6 +50,9 @@ if __name__ == '__main__': if mode == 'both': config.set(sec_mode, value='wpa+wpa2', replace=True) + if country_code: + config.set(base + [wifi, 'country-code'], value=country_code) + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3