From f8a4314503072af90d8a4ab443898be7c73f3895 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 17:19:04 +0100 Subject: wireless: T3043: rename "wpa mode both" to "wpa+wpa2" --- interface-definitions/interfaces-wireless.xml.in | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'interface-definitions/interfaces-wireless.xml.in') diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 423ec7ba2..7d576648a 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -681,7 +681,7 @@ WPA mode - wpa wpa2 both + wpa wpa2 wpa+wpa2 wpa @@ -692,15 +692,15 @@ WPA2 (full IEEE 802.11i/RSN) - both + wpa+wpa2 Allow both WPA and WPA2 - ^(wpa|wpa2|both)$ + ^(wpa|wpa2|wpa\+wpa2)$ Unknown WPA mode - both + wpa+wpa2 -- cgit v1.2.3 From 28d9061ea913741980972b31c59d819b11bd5c8e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 17:20:10 +0100 Subject: wireless: T3034: add WPA3 support --- data/templates/wifi/hostapd.conf.tmpl | 22 ++++++- data/templates/wifi/wpa_supplicant.conf.tmpl | 70 ++++++++++++++++++++++- interface-definitions/interfaces-wireless.xml.in | 4 +- smoketest/scripts/cli/test_interfaces_wireless.py | 63 +++++++++++++++++++- 4 files changed, 152 insertions(+), 7 deletions(-) (limited to 'interface-definitions/interfaces-wireless.xml.in') diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 409c9d3bc..95837da95 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -538,7 +538,7 @@ wep_key{{ loop.index -1 }}={{ security.wep.key }} {% if security.wpa.mode is defined %} {% if security.wpa.mode == 'wpa+wpa2' %} wpa=3 -{% elif security.wpa.mode == 'wpa2' %} +{% elif security.wpa.mode == 'wpa2' or security.wpa.mode == 'wpa3' %} wpa=2 {% elif security.wpa.mode == 'wpa' %} wpa=1 @@ -598,7 +598,15 @@ wpa_passphrase={{ security.wpa.passphrase }} # added to enable SHA256-based stronger algorithms. # WPA-PSK = WPA-Personal / WPA2-Personal # WPA-PSK-SHA256 = WPA2-Personal using SHA256 -wpa_key_mgmt=WPA-PSK +# WPA-EAP = WPA-Enterprise / WPA2-Enterprise +# WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 +# SAE = SAE (WPA3-Personal) +# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %} +wpa_key_mgmt=SAE +{% else %} +wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256 +{% endif %} {% elif security.wpa.radius is defined %} ##### IEEE 802.1X-2004 related configuration ################################## @@ -608,9 +616,17 @@ ieee8021x=1 # Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The # entries are separated with a space. WPA-PSK-SHA256 and WPA-EAP-SHA256 can be # added to enable SHA256-based stronger algorithms. +# WPA-PSK = WPA-Personal / WPA2-Personal +# WPA-PSK-SHA256 = WPA2-Personal using SHA256 # WPA-EAP = WPA-Enterprise / WPA2-Enterprise # WPA-EAP-SHA256 = WPA2-Enterprise using SHA256 -wpa_key_mgmt=WPA-EAP +# SAE = SAE (WPA3-Personal) +# WPA-EAP-SUITE-B-192 = WPA3-Enterprise with 192-bit security/CNSA suite +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %} +wpa_key_mgmt=WPA-EAP-SUITE-B-192 +{% else %} +wpa_key_mgmt=WPA-EAP WPA-EAP-SHA256 +{% endif %} {% if security.wpa.radius.server is defined %} # RADIUS client forced local IP address for the access point diff --git a/data/templates/wifi/wpa_supplicant.conf.tmpl b/data/templates/wifi/wpa_supplicant.conf.tmpl index f84892dc0..20b4f7976 100644 --- a/data/templates/wifi/wpa_supplicant.conf.tmpl +++ b/data/templates/wifi/wpa_supplicant.conf.tmpl @@ -4,10 +4,78 @@ # https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf network={ + # ssid: SSID (mandatory); network name in one of the optional formats: + # - an ASCII string with double quotation + # - a hex string (two characters per octet of SSID) + # - a printf-escaped ASCII string P"" + # ssid="{{ ssid }}" + + # scan_ssid: + # 0 = do not scan this SSID with specific Probe Request frames (default) + # 1 = scan with SSID-specific Probe Request frames (this can be used to + # find APs that do not accept broadcast SSID or use multiple SSIDs; + # this will add latency to scanning, so enable this only when needed) scan_ssid=1 + {% if security is defined and security.wpa is defined and security.wpa.passphrase is defined %} - key_mgmt=WPA-PSK + # ieee80211w: whether management frame protection is enabled + # 0 = disabled (default unless changed with the global pmf parameter) + # 1 = optional + # 2 = required + # The most common configuration options for this based on the PMF (protected + # management frames) certification program are: + # PMF enabled: ieee80211w=1 and key_mgmt=WPA-EAP WPA-EAP-SHA256 + # PMF required: ieee80211w=2 and key_mgmt=WPA-EAP-SHA256 + # (and similarly for WPA-PSK and WPA-PSK-SHA256 if WPA2-Personal is used) + # WPA3-Personal-only mode: ieee80211w=2 and key_mgmt=SAE + ieee80211w=1 + + # key_mgmt: list of accepted authenticated key management protocols + # WPA-PSK = WPA pre-shared key (this requires 'psk' field) + # WPA-EAP = WPA using EAP authentication + # IEEE8021X = IEEE 802.1X using EAP authentication and (optionally) dynamically + # generated WEP keys + # NONE = WPA is not used; plaintext or static WEP could be used + # WPA-NONE = WPA-None for IBSS (deprecated; use proto=RSN key_mgmt=WPA-PSK + # instead) + # FT-PSK = Fast BSS Transition (IEEE 802.11r) with pre-shared key + # FT-EAP = Fast BSS Transition (IEEE 802.11r) with EAP authentication + # FT-EAP-SHA384 = Fast BSS Transition (IEEE 802.11r) with EAP authentication + # and using SHA384 + # WPA-PSK-SHA256 = Like WPA-PSK but using stronger SHA256-based algorithms + # WPA-EAP-SHA256 = Like WPA-EAP but using stronger SHA256-based algorithms + # SAE = Simultaneous authentication of equals; pre-shared key/password -based + # authentication with stronger security than WPA-PSK especially when using + # not that strong password; a.k.a. WPA3-Personal + # FT-SAE = SAE with FT + # WPA-EAP-SUITE-B = Suite B 128-bit level + # WPA-EAP-SUITE-B-192 = Suite B 192-bit level + # OSEN = Hotspot 2.0 Rel 2 online signup connection + # FILS-SHA256 = Fast Initial Link Setup with SHA256 + # FILS-SHA384 = Fast Initial Link Setup with SHA384 + # FT-FILS-SHA256 = FT and Fast Initial Link Setup with SHA256 + # FT-FILS-SHA384 = FT and Fast Initial Link Setup with SHA384 + # OWE = Opportunistic Wireless Encryption (a.k.a. Enhanced Open) + # DPP = Device Provisioning Protocol + # If not set, this defaults to: WPA-PSK WPA-EAP +{% if security.wpa.mode is defined and security.wpa.mode == 'wpa3' %} + key_mgmt=SAE +{% else %} + key_mgmt=WPA-PSK WPA-PSK-SHA256 +{% endif %} + + # psk: WPA preshared key; 256-bit pre-shared key + # The key used in WPA-PSK mode can be entered either as 64 hex-digits, i.e., + # 32 bytes or as an ASCII passphrase (in which case, the real PSK will be + # generated using the passphrase and SSID). ASCII passphrase must be between + # 8 and 63 characters (inclusive). ext: format can + # be used to indicate that the PSK/passphrase is stored in external storage. + # This field is not needed, if WPA-EAP is used. + # Note: Separate tool, wpa_passphrase, can be used to generate 256-bit keys + # from ASCII passphrase. This process uses lot of CPU and wpa_supplicant + # startup and reconfiguration time can be optimized by generating the PSK only + # only when the passphrase or SSID has actually changed. psk="{{ security.wpa.passphrase }}" {% else %} key_mgmt=NONE diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 7d576648a..8dbbc4353 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -681,7 +681,7 @@ WPA mode - wpa wpa2 wpa+wpa2 + wpa wpa2 wpa+wpa2 wpa3 wpa @@ -696,7 +696,7 @@ Allow both WPA and WPA2 - ^(wpa|wpa2|wpa\+wpa2)$ + ^(wpa|wpa2|wpa\+wpa2|wpa3)$ Unknown WPA mode diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index 0e93b6432..a62b44ee5 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -18,14 +18,16 @@ import os import re import unittest +from vyos.configsession import ConfigSessionError from base_interfaces_test import BasicInterfaceTest + from vyos.util import process_named_running from vyos.util import check_kmod from vyos.util import read_file def get_config_value(interface, key): tmp = read_file(f'/run/hostapd/{interface}.conf') - tmp = re.findall(r'\n?{}=+(.*)'.format(key), tmp) + tmp = re.findall(f'{key}=+(.*)', tmp) return tmp[0] class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): @@ -114,6 +116,8 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): # # Validate Config # + tmp = get_config_value(interface, 'interface') + self.assertEqual(interface, tmp) # ssid tmp = get_config_value(interface, 'ssid') @@ -138,6 +142,63 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): # Check for running process self.assertTrue(process_named_running('hostapd')) + def test_hostapd_wpa_config(self): + """ Check if hostapd config is properly generated """ + + # Only set the hostapd (access-point) options + interface = 'wlan0' + phy = 'phy0' + ssid = 'ssid' + channel = '0' + wpa_key = 'VyOSVyOSVyOS' + mode = 'n' + + self.session.set(self._base_path + [interface, 'physical-device', phy]) + self.session.set(self._base_path + [interface, 'type', 'access-point']) + self.session.set(self._base_path + [interface, 'mode', 'mode']) + + # SSID must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'ssid', ssid]) + + # Channel must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'channel', channel]) + + + self.session.set(self._base_path + [interface, 'security', 'wpa', 'mode', 'wpa2']) + self.session.set(self._base_path + [interface, 'security', 'wpa', 'passphrase', wpa_key]) + + self.session.commit() + + # + # Validate Config + # + tmp = get_config_value(interface, 'interface') + self.assertEqual(interface, tmp) + + tmp = get_config_value(interface, 'hw_mode') + self.assertEqual(mode, tmp) + + # WPA key + tmp = get_config_value(interface, 'wpa') + self.assertEqual('2', tmp) + tmp = get_config_value(interface, 'wpa_passphrase') + self.assertEqual(wpa_key, tmp) + + # SSID + tmp = get_config_value(interface, 'ssid') + self.assertEqual(ssid, tmp) + + # channel + tmp = get_config_value(interface, 'channel') + self.assertEqual(channel, tmp) + + # Check for running process + self.assertTrue(process_named_running('hostapd')) + if __name__ == '__main__': check_kmod('mac80211_hwsim') unittest.main() -- cgit v1.2.3 From f8e6d879e7491049b8f634351258a37bbe603590 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 17:20:45 +0100 Subject: wireless: T2653: reset wireless priority to crux state Now as we can dynamically create bridge interfaces we can also reset the interface priority back to the value it used to be in VyOS 1.2 crux. --- interface-definitions/interfaces-wireless.xml.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'interface-definitions/interfaces-wireless.xml.in') diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index 8dbbc4353..c805e488a 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -5,7 +5,7 @@ Wireless (WiFi/WLAN) Network Interface - 400 + 318 ^wlan[0-9]+$ -- cgit v1.2.3 From 01e3d935a34f38e48364724da1cad7cbbb18576e Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Tue, 3 Nov 2020 18:22:55 +0100 Subject: wireless: T3042: move wifi-regulatory-domain into individual interface definition --- data/configd-include.json | 3 +- data/templates/wifi/hostapd.conf.tmpl | 12 +-- interface-definitions/interfaces-wireless.xml.in | 59 +++++++-------- smoketest/scripts/cli/test_interfaces_wireless.py | 19 ++++- src/conf_mode/interfaces-wireless.py | 8 +- src/conf_mode/system-wifi-regdom.py | 90 ----------------------- src/migration-scripts/interfaces/13-to-14 | 12 ++- 7 files changed, 61 insertions(+), 142 deletions(-) delete mode 100755 src/conf_mode/system-wifi-regdom.py (limited to 'interface-definitions/interfaces-wireless.xml.in') diff --git a/data/configd-include.json b/data/configd-include.json index 95aef65ad..da6fb915f 100644 --- a/data/configd-include.json +++ b/data/configd-include.json @@ -48,7 +48,6 @@ "system-options.py", "system-syslog.py", "system-timezone.py", -"system-wifi-regdom.py", "system_console.py", "system_lcd.py", "task_scheduler.py", @@ -59,4 +58,4 @@ "vrf.py", "vrrp.py", "vyos_cert.py" -] \ No newline at end of file +] diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index 95837da95..16d9f7c98 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -72,18 +72,18 @@ ssid={{ ssid }} channel={{ channel }} {% endif %} -{% if mode %} +{% if mode is defined and mode is not none %} # Operation mode (a = IEEE 802.11a (5 GHz), b = IEEE 802.11b (2.4 GHz), # g = IEEE 802.11g (2.4 GHz), ad = IEEE 802.11ad (60 GHz); a/g options are used # with IEEE 802.11n (HT), too, to specify band). For IEEE 802.11ac (VHT), this -# needs to be set to hw_mode=a. For IEEE 802.11ax (HE) on 6 GHz this needs -# to be set to hw_mode=a. When using ACS (see channel parameter), a +# needs to be set to hw_mode a. For IEEE 802.11ax (HE) on 6 GHz this needs +# to be set to hw_mode a. When using ACS (see channel parameter), a # special value "any" can be used to indicate that any support band can be used. # This special case is currently supported only with drivers with which # offloaded ACS is used. -{% if 'n' in mode %} +{% if mode == 'n' %} hw_mode=g -{% elif 'ac' in mode %} +{% elif mode == 'ac' %} hw_mode=a ieee80211h=1 ieee80211ac=1 @@ -533,7 +533,7 @@ wep_key{{ loop.index -1 }}={{ security.wep.key }} # bit0 = WPA # bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) # Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2. -# In other words, for WPA3, wpa=2 is used the configuration (and +# In other words, for WPA3, wpa 2 is used the configuration (and # wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK). {% if security.wpa.mode is defined %} {% if security.wpa.mode == 'wpa+wpa2' %} diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in index c805e488a..78c40d876 100644 --- a/interface-definitions/interfaces-wireless.xml.in +++ b/interface-definitions/interfaces-wireless.xml.in @@ -58,7 +58,7 @@ Supported channel set width both 20 MHz and 40 MHz with secondary channel below primary channel - (ht20|ht40\+|ht40-) + ^(ht20|ht40\+|ht40-)$ @@ -108,7 +108,7 @@ Set maximum A-MSDU length to 7935 octets - (3839|7935) + ^(3839|7935)$ @@ -127,7 +127,7 @@ Short GI for 40 MHz - (20|40) + ^(20|40)$ @@ -147,7 +147,7 @@ DYNAMIC Spatial Multiplexing (SM) Power Save - (static|dynamic) + ^(static|dynamic)$ @@ -164,7 +164,7 @@ Number of spacial streams that can use RX STBC - [1-3]+ + ^[1-3]+$ Invalid capability item @@ -243,7 +243,7 @@ Support for operation as multi user beamformee - (single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee) + ^(single-user-beamformer|single-user-beamformee|multi-user-beamformer|multi-user-beamformee)$ @@ -329,7 +329,7 @@ Station can provide VHT MFB in response to VHT MRQ and unsolicited VHT MFB - (unsolicited|both) + ^(unsolicited|both)$ Invalid capability item @@ -361,7 +361,7 @@ ncrease Maximum MPDU length to 11454 octets - (7991|11454) + ^(7991|11454)$ @@ -380,7 +380,7 @@ Short GI for 160 MHz - (80|160) + ^(80|160)$ @@ -398,7 +398,7 @@ Number of spacial streams that can use RX STBC - [1-4]+ + ^[1-4]+$ Invalid capability item @@ -443,6 +443,22 @@ + + + Indicate country in which device is operating + + US EU JP DE UK CN ES FR RU + + + <code%gt; + ISO/IEC 3166-1 Country Code + + + ^[A-Z][A-Z]$ + + Invalid ISO/IEC 3166-1 Country Code + + #include #include #include @@ -520,7 +536,7 @@ MFP enforced - (disabled|optional|required) + ^(disabled|optional|required)$ @@ -782,25 +798,4 @@ - - - - - Wireless regulatory domain (mandatory) - 305 - - US EU JP DE UK CN - - - <code%gt; - Country code (ISO/IEC 3166-1) - - - [A-Z][A-Z]$ - - invalid country code - - - - diff --git a/smoketest/scripts/cli/test_interfaces_wireless.py b/smoketest/scripts/cli/test_interfaces_wireless.py index a62b44ee5..65cf127ce 100755 --- a/smoketest/scripts/cli/test_interfaces_wireless.py +++ b/smoketest/scripts/cli/test_interfaces_wireless.py @@ -38,15 +38,14 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self._options = { 'wlan0': ['physical-device phy0', 'ssid VyOS-WIFI-0', 'type station', 'address 192.0.2.1/30'], - 'wlan1': ['physical-device phy0', 'ssid VyOS-WIFI-1', + 'wlan1': ['physical-device phy0', 'ssid VyOS-WIFI-1', 'country-code SE', 'type access-point', 'address 192.0.2.5/30', 'channel 0'], 'wlan10': ['physical-device phy1', 'ssid VyOS-WIFI-2', 'type station', 'address 192.0.2.9/30'], - 'wlan11': ['physical-device phy1', 'ssid VyOS-WIFI-3', + 'wlan11': ['physical-device phy1', 'ssid VyOS-WIFI-3', 'country-code SE', 'type access-point', 'address 192.0.2.13/30', 'channel 0'], } self._interfaces = list(self._options) - self.session.set(['system', 'wifi-regulatory-domain', 'SE']) def test_add_address_single(self): """ derived method to check if member interfaces are enslaved properly """ @@ -75,6 +74,7 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.session.set(self._base_path + [interface, 'ssid', ssid]) self.session.set(self._base_path + [interface, 'type', 'access-point']) self.session.set(self._base_path + [interface, 'channel', channel]) + self.session.set(self._base_path + [interface, 'country-code', 'SE']) # auto-powersave is special self.session.set(self._base_path + [interface, 'capabilities', 'ht', 'auto-powersave']) @@ -152,10 +152,11 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): channel = '0' wpa_key = 'VyOSVyOSVyOS' mode = 'n' + country = 'DE' self.session.set(self._base_path + [interface, 'physical-device', phy]) self.session.set(self._base_path + [interface, 'type', 'access-point']) - self.session.set(self._base_path + [interface, 'mode', 'mode']) + self.session.set(self._base_path + [interface, 'mode', mode]) # SSID must be set with self.assertRaises(ConfigSessionError): @@ -167,6 +168,10 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.session.commit() self.session.set(self._base_path + [interface, 'channel', channel]) + # Country-Code must be set + with self.assertRaises(ConfigSessionError): + self.session.commit() + self.session.set(self._base_path + [interface, 'country-code', country]) self.session.set(self._base_path + [interface, 'security', 'wpa', 'mode', 'wpa2']) self.session.set(self._base_path + [interface, 'security', 'wpa', 'passphrase', wpa_key]) @@ -180,6 +185,8 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): self.assertEqual(interface, tmp) tmp = get_config_value(interface, 'hw_mode') + # rewrite special mode + if mode == 'n': mode = 'g' self.assertEqual(mode, tmp) # WPA key @@ -196,6 +203,10 @@ class WirelessInterfaceTest(BasicInterfaceTest.BaseTest): tmp = get_config_value(interface, 'channel') self.assertEqual(channel, tmp) + # Country code + tmp = get_config_value(interface, 'country_code') + self.assertEqual(country, tmp) + # Check for running process self.assertTrue(process_named_running('hostapd')) diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index a18a21b83..5d723bbfd 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -109,11 +109,6 @@ def get_config(config=None): if tmp: wifi = dict_merge(tmp, wifi) - # retrieve configured regulatory domain - conf.set_level(['system']) - if conf.exists(['wifi-regulatory-domain']): - wifi['country_code'] = conf.return_value(['wifi-regulatory-domain']) - # Only one wireless interface per phy can be in station mode tmp = find_other_stations(conf, base, wifi['ifname']) if tmp: wifi['station_interfaces'] = tmp @@ -144,8 +139,7 @@ def verify(wifi): if wifi['type'] == 'access-point': if 'country_code' not in wifi: - raise ConfigError('Wireless regulatory domain is mandatory,\n' \ - 'use "set system wifi-regulatory-domain" for configuration.') + raise ConfigError('Wireless country-code is mandatory') if 'channel' not in wifi: raise ConfigError('Wireless channel must be configured!') diff --git a/src/conf_mode/system-wifi-regdom.py b/src/conf_mode/system-wifi-regdom.py deleted file mode 100755 index 874f93923..000000000 --- a/src/conf_mode/system-wifi-regdom.py +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/env python3 -# -# Copyright (C) 2019-2020 VyOS maintainers and contributors -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 or later as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see . - -import os - -from copy import deepcopy -from sys import exit - -from vyos.config import Config -from vyos import ConfigError -from vyos.template import render - -from vyos import airbag -airbag.enable() - -config_80211_file='/etc/modprobe.d/cfg80211.conf' -config_crda_file='/etc/default/crda' - -default_config_data = { - 'regdom' : '', - 'deleted' : False -} - -def get_config(config=None): - regdom = deepcopy(default_config_data) - if config: - conf = config - else: - conf = Config() - base = ['system', 'wifi-regulatory-domain'] - - # Check if interface has been removed - if not conf.exists(base): - regdom['deleted'] = True - return regdom - else: - regdom['regdom'] = conf.return_value(base) - - return regdom - -def verify(regdom): - if regdom['deleted']: - return None - - if not regdom['regdom']: - raise ConfigError("Wireless regulatory domain is mandatory.") - - return None - -def generate(regdom): - print("Changing the wireless regulatory domain requires a system reboot.") - - if regdom['deleted']: - if os.path.isfile(config_80211_file): - os.unlink(config_80211_file) - - if os.path.isfile(config_crda_file): - os.unlink(config_crda_file) - - return None - - render(config_80211_file, 'wifi/cfg80211.conf.tmpl', regdom) - render(config_crda_file, 'wifi/crda.tmpl', regdom) - return None - -def apply(regdom): - return None - -if __name__ == '__main__': - try: - c = get_config() - verify(c) - generate(c) - apply(c) - except ConfigError as e: - print(e) - exit(1) diff --git a/src/migration-scripts/interfaces/13-to-14 b/src/migration-scripts/interfaces/13-to-14 index 545b57ab2..fc6d7f443 100755 --- a/src/migration-scripts/interfaces/13-to-14 +++ b/src/migration-scripts/interfaces/13-to-14 @@ -14,7 +14,8 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . -# Rename Wireless interface security mode 'both' to 'wpa+wpa2' +# T3043: rename Wireless interface security mode 'both' to 'wpa+wpa2' +# T3043: move "system wifi-regulatory-domain" to indicidual wireless interface import os @@ -36,6 +37,12 @@ if __name__ == '__main__': # Nothing to do exit(0) + country_code = '' + cc_cli = ['system', 'wifi-regulatory-domain'] + if config.exists(cc_cli): + country_code = config.return_value(cc_cli) + config.delete(cc_cli) + for wifi in config.list_nodes(base): sec_mode = base + [wifi, 'security', 'wpa', 'mode'] if config.exists(sec_mode): @@ -43,6 +50,9 @@ if __name__ == '__main__': if mode == 'both': config.set(sec_mode, value='wpa+wpa2', replace=True) + if country_code: + config.set(base + [wifi, 'country-code'], value=country_code) + try: with open(file_name, 'w') as f: f.write(config.to_string()) -- cgit v1.2.3