/* Copyright 2017 Mathias Andersson * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation, either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program. If not, see . */ #ifndef KMAC_H #define KMAC_H #include "quantum.h" // Keymap for the winkey version of the PCB. #define LAYOUT( \ K00, K02, K03, K04, K05, K06, K07, K08, K09, K0A, K0B, K0C, K0D, K0E, K0F, K0G, \ K10, K11, K12, K13, K14, K15, K16, K17, K18, K19, K1A, K1B, K1C, K1D, K1E, K1F, K1G, \ K20, K21, K22, K23, K24, K25, K26, K27, K28, K29, K2A, K2B, K2C, K2D, K2E, K2F, K2G, \ K30, K31, K32, K33, K34, K35, K36, K37, K38, K39, K3A, K3B, K3D, \ K40, K41, K42, K43, K44, K45, K46, K47, K48, K49, K4A, K4D, K4F, \ K50, K51, K52, K55, K58, K5A, K5C, K5D, K5E, K5F, K5G) \ { \ /* 0 1 2 3 4 5 6 7 8 9 A B C D E F G */ \ /* 0 */ {K00, KC_NO, K02, K03, K04, K05, K06, K07, K08, K09, K0A, K0B, K0C, K0D, K0E, K0F, K0G}, \ /* 1 */ {K10, K11, K12, K13, K14, K15, K16, K17, K18, K19, K1A, K1B, K1C, K1D, K1E, K1F, K1G}, \ /* 2 */ {K20, K21, K22, K23, K24, K25, K26, K27, K28, K29, K2A, K2B, K2C, K2D, K2E, K2F, K2G}, \ /* 3 */ {K30, K31, K32, K33, K34, K35, K36, K37, K38, K39, K3A, K3B, KC_NO, K3D, KC_NO, KC_NO, KC_NO}, \ /* 4 */ {K40, K41, K42, K43, K44, K45, K46, K47, K48, K49, K4A, KC_NO, KC_NO, K4D, KC_NO, K4F, KC_NO}, \ /* 5 */ { K50, K51, K52, KC_NO, KC_NO, K55, KC_NO, KC_NO, K58, KC_NO, K5A, KC_NO, K5C, K5D, K5E, K5F, K5G } \ } // Keymap for the winkeyless version of the PCB. #define LAYOUT_WKL( \ K00, K02, K03, K04, K05, K06, K07, K08, K09, K0A, K0B, K0C, K0D, K0E, K0F, K0G, \ K10, K11, K12, K13, K14, K15, K16, K17, K18, K19, K1A, K1B, K1C, K1D, K1E, K1F, K1G, \ K20, K21, K22, K23, K24, K25, K26, K27, K28, K29, K2A, K2B, K2C, K2D, K2E, K2F, K2G, \ K30, K31, K32, K33, K34, K35, K36, K37, K38, K39, K3A, K3B, K3D, \ K40, K41, K42, K43, K44, K45, K46, K47, K48, K49, K4A, K4D, K4F, \ K50, K51, K52, K55, K58, K5A, K5D, K5E, K5F, K5G) LAYOUT(K00, K02, K03, K04, K05, K06, K07, K08, K09, K0A, K0B, K0C, K0D, K0E, K0F, K0G, \ K10, K11, K12, K13, K14, K15, K16, K17, K18, K19, K1A, K1B, K1C, K1D, K1E, K1F, K1G, \ K20, K21, K22, K23, K24, K25, K26, K27, K28, K29, K2A, K2B, K2C, K2D, K2E, K2F, K2G, \ K30, K31, K32, K33, K34, K35, K36, K37, K38, K39, K3A, K3B, K3D, \ K40, K41, K42, K43, K44, K45, K46, K47, K48, K49, K4A, K4D, K4F, \ K50, K51, K52, K55, K58, K5A, KC_NO, K5D, K5E, K5F, K5G) #endif a id='n27' href='#n27'>27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 
The WiFi settings are configured in the file \texttt{/etc/config/wireless}
(currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
it should detect your card and create a sample configuration file. By default '\texttt{option network  lan}' is
commented. This prevents unsecured sharing of the network over the wireless interface.

Each wireless driver has its own configuration script in \texttt{/lib/wifi/driver\_name.sh} which handles
driver specific options and configurations. This script is also calling driver specific binaries like wlc for
Broadcom, or hostapd and wpa\_supplicant for atheros and mac80211.

The reason for using such architecture, is that it abstracts the driver configuration. 

\paragraph{Generic Broadcom wireless config:}

\begin{Verbatim}
config wifi-device      "wl0"
    option type         "broadcom"
    option channel      "5"

config wifi-iface
    option device       "wl0"
#   option network  lan
    option mode         "ap"
    option ssid         "OpenWrt"
    option hidden       "0"
    option encryption   "none"
\end{Verbatim}

\paragraph{Generic Atheros wireless config:}

\begin{Verbatim}
config wifi-device      "wifi0"
    option type         "atheros"
    option channel      "5"
    option hwmode	"11g"

config wifi-iface
    option device       "wifi0"
#   option network  lan
    option mode         "ap"
    option ssid         "OpenWrt"
    option hidden       "0"
    option encryption   "none"
\end{Verbatim}

\paragraph{Generic mac80211 wireless config:}

\begin{Verbatim}
config wifi-device      "wifi0"
    option type         "mac80211"
    option channel      "5"

config wifi-iface
    option device       "wlan0"
#   option network  lan
    option mode         "ap"
    option ssid         "OpenWrt"
    option hidden       "0"
    option encryption   "none"
\end{Verbatim}

\paragraph{Generic multi-radio Atheros wireless config:}

\begin{Verbatim}
config wifi-device  wifi0
    option type     atheros
    option channel  1

config wifi-iface
    option device   wifi0
#   option network  lan
    option mode     ap
    option ssid     OpenWrt_private
    option hidden   0
    option encryption none

config wifi-device  wifi1
    option type     atheros
    option channel  11

config wifi-iface
    option device   wifi1
#   option network  lan
    option mode     ap
    option ssid     OpenWrt_public
    option hidden   1
    option encryption none
\end{Verbatim}

There are two types of config sections in this file. The '\texttt{wifi-device}' refers to
the physical wifi interface and '\texttt{wifi-iface}' configures a virtual interface on top
of that (if supported by the driver).

A full outline of the wireless configuration file with description of each field:

\begin{Verbatim}
config wifi-device    wifi device name
    option type       broadcom, atheros, mac80211
    option country    us, uk, fr, de, etc.
    option channel    1-14
    option maxassoc   1-128 (broadcom only)
    option distance   1-n (meters)
    option hwmode     11b, 11g, 11a, 11bg (atheros, mac80211)
    option rxantenna  0,1,2 (atheros, broadcom)
    option txantenna  0,1,2 (atheros, broadcom)
    option txpower  transmission power in dBm

config wifi-iface
    option network  the interface you want wifi to bridge with
    option device   wifi0, wifi1, wifi2, wifiN
    option mode     ap, sta, adhoc, monitor, mesh, or wds
    option txpower  (deprecated) transmission power in dBm
    option ssid     ssid name
    option bssid    bssid address
    option encryption none, wep, psk, psk2, wpa, wpa2
    option key      encryption key
    option key1     key 1
    option key2     key 2
    option key3     key 3
    option key4     key 4
    option passphrase 0,1
    option server   ip address
    option port     port
    option hidden   0,1
    option isolate  0,1	(broadcom)
    option doth     0,1	(atheros, broadcom)
    option wmm      0,1	(atheros, broadcom)
\end{Verbatim}

\paragraph{Options for the \texttt{wifi-device}:}

\begin{itemize}
    \item \texttt{type} \\
        The driver to use for this interface.
	
    \item \texttt{country} \\
        The country code used to determine the regulatory settings.

    \item \texttt{channel} \\
        The wifi channel (e.g. 1-14, depending on your country setting).

    \item \texttt{maxassoc} \\
        Optional: Maximum number of associated clients. This feature is supported only on the Broadcom chipsets.

    \item \texttt{distance} \\
	Optional: Distance between the ap and the furthest client in meters. This feature is supported only on the Atheros chipsets.

	\item \texttt{mode} \\
		The frequency band (\texttt{b}, \texttt{g}, \texttt{bg}, \texttt{a}). This feature is only supported on the Atheros chipsets.

    \item \texttt{diversity} \\
	Optional: Enable diversity for the Wi-Fi device. This feature is supported only on the Atheros chipsets.

    \item \texttt{rxantenna} \\
	Optional: Antenna identifier (0, 1 or 2) for reception. This feature is supported by Atheros and some Broadcom chipsets.

    \item \texttt{txantenna} \\
	Optional: Antenna identifier (0, 1 or 2) for emission. This feature is supported by Atheros and some Broadcom chipsets.

    \item \texttt{txpower}
	Set the transmission power to be used. The amount is specified in dBm.

\end{itemize}

\paragraph{Options for the \texttt{wifi-iface}:}

\begin{itemize}
    \item \texttt{network} \\
        Selects the interface section from \texttt{/etc/config/network} to be
        used with this interface

    \item \texttt{device} \\
	Set the wifi device name.

    \item \texttt{mode} \\
        Operating mode:

        \begin{itemize}
            \item \texttt{ap} \\
                Access point mode

            \item \texttt{sta} \\
                Client mode

            \item \texttt{adhoc} \\
                Ad-Hoc mode

            \item \texttt{monitor} \\
                Monitor mode

	    \item \texttt{mesh} \\
		Mesh Point mode (802.11s)

            \item \texttt{wds} \\
                WDS point-to-point link

        \end{itemize}

    \item \texttt{ssid}
	Set the SSID to be used on the wifi device.

    \item \texttt{bssid}
	Set the BSSID address to be used for wds to set the mac address of the other wds unit.

    \item \texttt{txpower}
	(Deprecated, set in wifi-device) Set the transmission power to be used. The amount is specified in dBm.

    \item \texttt{encryption} \\
        Encryption setting. Accepts the following values:

        \begin{itemize}
	    \item \texttt{none}
	    \item \texttt{wep}
            \item \texttt{psk}, \texttt{psk2} \\
                WPA(2) Pre-shared Key

            \item \texttt{wpa}, \texttt{wpa2} \\
                WPA(2) RADIUS
        \end{itemize}

    \item \texttt{key, key1, key2, key3, key4} (wep, wpa and psk) \\
        WEP key, WPA key (PSK mode) or the RADIUS shared secret (WPA RADIUS mode)

    \item \texttt{passphrase} (wpa) \\
        0 treats the wpa psk as a text passphrase; 1 treats wpa psk as
        encoded passphrase. You can generate an encoded passphrase with
        the wpa\_passphrase utility. This is especially useful if your
        passphrase contains special characters. This option only works
        when using mac80211 or atheros type devices.

    \item \texttt{server} (wpa) \\
        The RADIUS server ip address

    \item \texttt{port} (wpa) \\
        The RADIUS server port (defaults to 1812)

    \item \texttt{hidden} \\
        0 broadcasts the ssid; 1 disables broadcasting of the ssid

    \item \texttt{isolate} \\
        Optional: Isolation is a mode usually set on hotspots that limits the clients to communicate only with the AP and not with other wireless clients.
        0 disables ap isolation (default); 1 enables ap isolation.

    \item \texttt{doth} \\
        Optional: Toggle 802.11h mode.
        0 disables 802.11h (default); 1 enables it.

    \item \texttt{wmm} \\
        Optional: Toggle 802.11e mode.
        0 disables 802.11e (default); 1 enables it.

\end{itemize}

\paragraph{Mesh Point}

Mesh Point (802.11s) is only supported by some mac80211 drivers. It requires the iw package
to be installed to setup mesh links. OpenWrt creates mshN mesh point interfaces. A sample
configuration looks like this:

\begin{Verbatim}
config wifi-device      "wlan0"
    option type		"mac80211"
    option channel      "5"

config wifi-iface
    option device       "wlan0"
    option network  	lan
    option mode         "mesh"
    option mesh_id     "OpenWrt"
\end{Verbatim}

\paragraph{Wireless Distribution System}

WDS is a non-standard mode which will be working between two Broadcom devices for instance
but not between a Broadcom and Atheros device.

\subparagraph{Unencrypted WDS connections}

This configuration example shows you how to setup unencrypted WDS connections.
We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).

\begin{Verbatim}
config wifi-device      "wl0"
    option type		"broadcom"
    option channel      "5"

config wifi-iface
    option device       "wl0"
    option network  	lan
    option mode         "ap"
    option ssid         "OpenWrt"
    option hidden       "0"
    option encryption   "none"

config wifi-iface
    option device       "wl0"
    option network      lan
    option mode         wds
    option ssid         "OpenWrt WDS"
    option bssid        "ca:fe:ba:be:00:02"
\end{Verbatim}

\subparagraph{Encrypted WDS connections}

It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
\texttt{psk+psk2} modes are supported. Configuration below is an example
configuration using Pre-Shared-Keys with AES algorithm.

\begin{Verbatim}
config wifi-device  wl0
    option type     broadcom
    option channel  5

config wifi-iface
    option device   "wl0"
    option network  lan
    option mode     ap
    option ssid     "OpenWrt"
    option encryption  psk2
    option key      "<key for clients>"

config wifi-iface
    option device   "wl0"
    option network  lan
    option mode     wds
    option bssid    ca:fe:ba:be:00:02
    option ssid     "OpenWrt WDS"
    option encryption	psk2
    option key      "<psk for WDS>"
\end{Verbatim}

\paragraph{802.1x configurations}

OpenWrt supports both 802.1x client and Access Point
configurations. 802.1x client is only working with
drivers supported by wpa-supplicant. Configuration
only supports EAP types TLS, TTLS or PEAP.

\subparagraph{EAP-TLS}

\begin{Verbatim}
config wifi-iface
    option device         "ath0"
    option network        lan
    option ssid           OpenWrt
    option eap_type       tls
    option ca_cert        "/etc/config/certs/ca.crt"
    option priv_key       "/etc/config/certs/priv.crt"
    option priv_key_pwd   "PKCS#12 passphrase"
\end{Verbatim}

\subparagraph{EAP-PEAP}

\begin{Verbatim}
config wifi-iface
    option device         "ath0"
    option network        lan
    option ssid           OpenWrt
    option eap_type       peap
    option ca_cert        "/etc/config/certs/ca.crt"
    option auth           MSCHAPV2
    option identity       username
    option password       password
\end{Verbatim}

\paragraph{Limitations:}

There are certain limitations when combining modes.
Only the following mode combinations are supported:

\begin{itemize}
    \item \textbf{Broadcom}: \\
        \begin{itemize}
            \item 1x \texttt{sta}, 0-3x \texttt{ap}
            \item 1-4x \texttt{ap}
            \item 1x \texttt{adhoc}
            \item 1x \texttt{monitor}
        \end{itemize}

        WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
        settings with the master interface, which is done automatically).

    \item \textbf{Atheros}: \\
        \begin{itemize}
            \item 1x \texttt{sta}, 0-Nx \texttt{ap}
            \item 1-Nx \texttt{ap}
            \item 1x \texttt{adhoc}
        \end{itemize}

	N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
	changed by loading the module with the maxvaps=N parameter.
\end{itemize}

\paragraph{Adding a new driver configuration}

Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
you might be interested in adding support for another driver like Ralink RT2x00, 
Texas Instruments ACX100/111.

The driver specific script should be placed in \texttt{/lib/wifi/<driver>.sh} and has to
include several functions providing :

\begin{itemize}
	\item detection of the driver presence
	\item enabling/disabling the wifi interface(s)
	\item configuration reading and setting
	\item third-party programs calling (nas, supplicant)
\end{itemize}

Each driver script should append the driver to a global DRIVERS variable :

\begin{Verbatim}
append DRIVERS "driver name"
\end{Verbatim}

\subparagraph{\texttt{scan\_<driver>}}

This function will parse the \texttt{/etc/config/wireless} and make sure there
are no configuration incompatibilities, like enabling hidden SSIDS with ad-hoc mode
for instance. This can be more complex if your driver supports a lof of configuration
options. It does not change the state of the interface.

Example:
\begin{Verbatim}
scan_dummy() {
	local device="$1"

	config_get vifs "$device" vifs
	for vif in $vifs; do
		# check config consistency for wifi-iface sections
	done
	# check mode combination
}
\end{Verbatim}

\subparagraph{\texttt{enable\_<driver>}}

This function will bring up the wifi device and optionally create application specific
configuration files, e.g. for the WPA authenticator or supplicant.

Example:
\begin{Verbatim}
enable_dummy() {
	local device="$1"

	config_get vifs "$device" vifs
	for vif in $vifs; do
		# bring up virtual interface belonging to
		# the wifi-device "$device"
	done
}
\end{Verbatim}

\subparagraph{\texttt{disable\_<driver>}}

This function will bring down the wifi device and all its virtual interfaces (if supported).

Example:
\begin{Verbatim}
disable_dummy() {
	local device="$1"

	# bring down virtual interfaces belonging to
	# "$device" regardless of whether they are
	# configured or not. Don't rely on the vifs
	# variable at this point
}
\end{Verbatim}

\subparagraph{\texttt{detect\_<driver>}}

This function looks for interfaces that are usable with the driver. Template config sections
for new devices should be written to stdout. Must check for already existing config sections
belonging to the interfaces before creating new templates.

Example:
\begin{Verbatim}
detect_dummy() {
	[ wifi-device = "$(config_get dummydev type)" ] && return 0
	cat <<EOF
config wifi-device dummydev
	option type dummy
	# REMOVE THIS LINE TO ENABLE WIFI:
	option disabled 1

config wifi-iface
	option device dummydev
	option mode ap
	option ssid OpenWrt
EOF
}
\end{Verbatim}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-19 18:30:06 +0000