Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ./*.sh
- ==> ./8023af.sh <==
- #!/bin/sh
- # These chainmask values are programmed for POE AF operation
- CHAIN_2G_MIN=1
- CHAIN_5G_MIN=3
- # Default chainmask values for 4x4
- CHAIN_2G_MAX=15
- CHAIN_5G_MAX=15
- # These power values are programmed for POE AF operation
- TXPWR_2G_MIN=15
- TXPWR_5G_MIN=18
- # Default TX PWR values
- TXPWR_2G_MAX=30
- TXPWR_5G_MAX=24
- RADIO_CONF_2G="/tmp/radio1/radio.conf"
- RADIO_CONF_5G="/tmp/radio0/radio.conf"
- #NOTE! This file is also referenced by init_ap_script.sh
- POE_TXPOW_LIM_FILE="/tmp/poe_txpow_lim"
- #value of gpio15 inidcates AF or AT: AF=1 and AT=0
- #value of gpio17 indicates DC or PoE: DC=1 and PoE=0
- AF_PIN=15
- DC_PIN=16
- POE_PIN=17
- GPIODIR=/sys/class/gpio
- # TX PWR values defined in template
- TMPL_TXPWR_2G=""
- TMPL_TXPWR_5G=""
- TXPWR_2G=""
- TXPWR_5G=""
- update_txpow_lim()
- {
- echo DC=$7 > $POE_TXPOW_LIM_FILE
- echo AF=$1 >> $POE_TXPOW_LIM_FILE
- echo POE=$2 >> $POE_TXPOW_LIM_FILE
- echo TXPOW_LIM_2G=$3 >> $POE_TXPOW_LIM_FILE
- echo TXPOW_LIM_5G=$4 >> $POE_TXPOW_LIM_FILE
- echo TX_CHAINMASK_IF1=$5 >> $POE_TXPOW_LIM_FILE
- echo RX_CHAINMASK_IF1=$5 >> $POE_TXPOW_LIM_FILE
- echo TX_CHAINMASK_IF0=$6 >> $POE_TXPOW_LIM_FILE
- echo RX_CHAINMASK_IF0=$6 >> $POE_TXPOW_LIM_FILE
- }
- eth_usb_ctrl()
- {
- local TXPOW_LIM_2G=""
- local TXPOW_LIM_5G=""
- local CHAINMASK_2G=""
- local CHAINMASK_5G=""
- if [ "$1" = "down" ]; then
- # turn usb off
- gpio.sh 67 out 0
- # turn eth1 off
- ifconfig eth1 down
- gpio.sh 8 out 0
- TXPOW_LIM_2G=$TXPWR_2G_MIN
- TXPOW_LIM_5G=$TXPWR_5G_MIN
- CHAINMASK_2G=$CHAIN_2G_MIN
- CHAINMASK_5G=$CHAIN_5G_MIN
- fi
- if [ "$1" = "up" ]; then
- # turn usb on
- gpio.sh 67 out 1
- # turn eth1 on
- gpio.sh 8 out 1
- ifconfig eth1 up
- TXPOW_LIM_2G=$TXPWR_2G_MAX
- TXPOW_LIM_5G=$TXPWR_5G_MAX
- CHAINMASK_2G=$CHAIN_2G_MAX
- CHAINMASK_5G=$CHAIN_5G_MAX
- fi
- update_txpow_lim $AF $POE $TXPOW_LIM_2G $TXPOW_LIM_5G $CHAINMASK_2G $CHAINMASK_5G $DC
- }
- wifi_ctrl()
- {
- local TXPWR_2G_VAL=$3
- local TXPWR_5G_VAL=$4
- local CHAIN_2G_VAL=$1
- local CHAIN_5G_VAL=$2
- iwpriv wifi0 txchainmask $CHAIN_5G_VAL
- iwpriv wifi0 rxchainmask $CHAIN_5G_VAL
- iwpriv wifi1 txchainmask $CHAIN_2G_VAL
- iwpriv wifi1 rxchainmask $CHAIN_2G_VAL
- TXPWR_2G_VAL=$(($TXPWR_2G_VAL*2))
- TXPWR_5G_VAL=$(($TXPWR_5G_VAL*2))
- iwpriv wifi1 TXPowLim2G $TXPWR_2G_VAL
- iwpriv wifi0 TXPowLim5G $TXPWR_5G_VAL
- }
- get_tmpl_txpwr()
- {
- local TMPL_TXPWR=""
- local RADIO_CONF=$2
- local TXPWR_MAX=$3
- local ENA_AP_TXPOW=""
- ENA_AP_TXPOW=`grep ENA_AP_TXPOW $RADIO_CONF | cut -d "=" -f 2 | xargs`
- if [ "${ENA_AP_TXPOW}" = "0" ]; then
- TMPL_TXPWR=$TXPWR_MAX
- else
- TMPL_TXPWR=`cat $RADIO_CONF | grep AP_TXPOW_LIM | cut -d = -f 2`
- fi
- if [ "$1" = "2G" ]; then
- TMPL_TXPWR_2G=$TMPL_TXPWR
- else
- TMPL_TXPWR_5G=$TMPL_TXPWR
- fi
- }
- get_power_source()
- {
- POWER_SOURCE=/tmp/power_source
- if [ ! -e $GPIODIR/gpio$AF_PIN ]; then
- echo $AF_PIN > $GPIODIR/export
- fi
- if [ ! -e $GPIODIR/gpio$POE_PIN ]; then
- echo $POE_PIN > $GPIODIR/export
- fi
- if [ ! -e $GPIODIR/gpio$DC_PIN ]; then
- echo $DC_PIN > $GPIODIR/export
- fi
- AF=$(cat $GPIODIR/gpio$AF_PIN/value 2> /dev/null)
- POE=$(cat $GPIODIR/gpio$POE_PIN/value 2> /dev/null)
- DC=$(cat $GPIODIR/gpio$DC_PIN/value 2> /dev/null)
- if [ "$DC" = "0" ]; then
- if [ "$AF" = "1" ]; then
- echo "802.3af" > $POWER_SOURCE
- else
- echo "802.3at" > $POWER_SOURCE
- fi
- else
- echo "DC" > $POWER_SOURCE
- fi
- }
- get_txpwr()
- {
- local TXPWR=""
- local TMPL_TXPWR=$2
- local TXPWR_THRESH=$3
- if [ $TMPL_TXPWR -gt $TXPWR_THRESH ]; then
- TXPWR=$TXPWR_THRESH
- else
- TXPWR=$TMPL_TXPWR
- fi
- if [ "$1" = "2G" ]; then
- TXPWR_2G=$TXPWR
- else
- TXPWR_5G=$TXPWR
- fi
- }
- if [ ! -e $GPIODIR/gpio$AF_PIN ]; then
- echo $AF_PIN > $GPIODIR/export
- fi
- if [ ! -e $GPIODIR/gpio$POE_PIN ]; then
- echo $POE_PIN > $GPIODIR/export
- fi
- if [ ! -e $GPIODIR/gpio$DC_PIN ]; then
- echo $DC_PIN > $GPIODIR/export
- fi
- #echo "Starting to handle 802.3af or 802.3at..."
- i=1
- #AF_SET and AT_SET flags are variables used to control when to change config
- #They are used to avoid repetitive config changes, i.e. power and chainmasks
- AF_SET=0
- AT_SET=1
- DC_SET=1
- PREV_WIFI_DRV_STATE=0
- WIFI_DRV_LOADED=0
- while [ "$i" -ne 0 ]
- do
- #read the gpios in every iteration in the beginning
- AF=$(cat $GPIODIR/gpio$AF_PIN/value)
- POE=$(cat $GPIODIR/gpio$POE_PIN/value)
- DC=$(cat $GPIODIR/gpio$DC_PIN/value)
- WIFI_DRV_LOADED=`lsmod | grep umac | wc -l`
- if [ -e "$RADIO_CONF_2G" -a -e "$RADIO_CONF_5G" ]; then
- get_tmpl_txpwr "2G" $RADIO_CONF_2G $TXPWR_2G_MAX
- get_tmpl_txpwr "5G" $RADIO_CONF_5G $TXPWR_5G_MAX
- fi
- if [ $WIFI_DRV_LOADED -ge 9 -a $PREV_WIFI_DRV_STATE -eq 0 ]; then
- # WiFi drivers have just been loaded
- # Wait for some time to avoid any race condition
- sleep 5
- fi
- PREV_WIFI_DRV_STATE=$WIFI_DRV_LOADED
- #echo "AF=$AF POE=$POE DC=$DC TMPL_2G=$TMPL_TXPWR_2G TMPL_5G=$TMPL_TXPWR_5G AF_SET=$AF_SET AT_SET=$AT_SET DC_SET=$DC_SET"
- #1st if starts
- #detect if AT to AF transition happened??? OR DC power transition happened
- if [ "$DC" = "0" ]; then
- if [ "$AF" = "1" -a "$POE" = "0" ]; then
- #2nd if starts
- if [ "$AF_SET" = "0" -a "$AT_SET" = "1" ]; then
- eth_usb_ctrl down
- if [ $WIFI_DRV_LOADED -ge 9 -a "$TMPL_TXPWR_2G" != "" -a "$TMPL_TXPWR_5G" != "" ]; then
- # reduce tx power
- get_txpwr "2G" $TMPL_TXPWR_2G $TXPWR_2G_MIN
- get_txpwr "5G" $TMPL_TXPWR_5G $TXPWR_5G_MIN
- wifi_ctrl $CHAIN_2G_MIN $CHAIN_5G_MIN $TXPWR_2G $TXPWR_5G
- AF_SET=1
- AT_SET=0
- fi
- fi
- #2nd if ends
- fi
- if [ "$DC_SET" = "1" ]; then
- DC_SET=0
- fi
- fi
- #1st if ends
- #3rd if starts
- if [ "$AF" = "0" -a "$POE" = "0" -a "$DC" = "0" ] || [ "$DC" = "1" ]; then
- #4th if starts
- if [ "$AT_SET" = "0" -a "$AF_SET" = "1" ] || [ "$DC_SET" = "0" ]; then
- eth_usb_ctrl up
- if [ $WIFI_DRV_LOADED -ge 9 -a "$TMPL_TXPWR_2G" != "" -a "$TMPL_TXPWR_5G" != "" ]; then
- # increase tx power
- get_txpwr "2G" $TMPL_TXPWR_2G $TXPWR_2G_MAX
- get_txpwr "5G" $TMPL_TXPWR_5G $TXPWR_5G_MAX
- wifi_ctrl $CHAIN_2G_MAX $CHAIN_5G_MAX $TXPWR_2G $TXPWR_5G
- AT_SET=1
- AF_SET=0
- DC_SET=1
- fi
- #4th if ends
- fi
- #3rd if ends
- fi
- get_power_source
- sleep 5
- done
- ==> ./ap-config-parser.sh <==
- #!/bin/sh
- . /opt/sensor/env
- #VLAN_ENV_FILE='/tmp/vlans_env'
- section_names=$(echo -en "RADIO\nVAP\nGUEST")
- MAX_VLAN_ID=4094
- MAX_DYNAMIC_VLAN_COUNT=32
- global_vap_count=0
- WIRED_GUEST_ALREADY_ENABLED=0
- DHCPD_AUTO_TIME=2
- STANDALONE_MODE="/opt/standalone_mode"
- APP_VISIBILITY_SUPPORT=`cat /opt/sensor/capability.conf | sed 's/^[[:blank:]]*//;' | grep "^app_visibility_support" | cut -d "=" -f2 | xargs`
- ## $1: File_name
- ## $2: string to be replaced(no regexps allowed)
- ## $3: new string
- replace_string_in_a_file()
- {
- $(sed -i $1 -e "s/$2/$3/g")
- }
- get_client_vap_list()
- {
- CLIENT_VAP_LIST=""
- local ATH_VAP_LIST=`echo $VAP_LIST | sed 's/,/\ /g' | xargs`
- for vap in $ATH_VAP_LIST
- do
- ath=`echo $vap | awk -F "." '{print $1}' | xargs`
- if [ "$CLIENT_VAP_LIST" != "" ]; then
- CLIENT_VAP_LIST="${CLIENT_VAP_LIST},${ath}"
- else
- CLIENT_VAP_LIST="${ath}"
- fi
- done
- }
- ## $1: dynamic_vlan_list
- ##
- get_dynamic_vap_list()
- {
- local dynamic_vlan_ids
- local vap_list
- local ath_name
- vap_list=`echo $VAP_LIST | sed 's/,/\ /g' | xargs`
- dynamic_vlan_ids=`echo $1 | sed 's/,/\ /g' | xargs`
- DYNAMIC_VAP_LIST=""
- for vap in $vap_list
- do
- ath_name=`echo $vap | awk -F "." '{print $1}' | xargs`
- for dynamic_vlan in $dynamic_vlan_ids
- do
- [ "$dynamic_vlan" = "0" ] && dynamic_vlanid_suffix="" || dynamic_vlanid_suffix=".$dynamic_vlan"
- if [ "$DYNAMIC_VAP_LIST" != "" ]; then
- DYNAMIC_VAP_LIST=`echo $DYNAMIC_VAP_LIST,$ath_name$dynamic_vlanid_suffix`
- else
- DYNAMIC_VAP_LIST="$ath_name$dynamic_vlanid_suffix"
- fi
- done
- done
- }
- ## $1: Number of vaps expected
- ## $2: Suffix
- get_vap_list()
- {
- local total_vap_count
- local i=0
- local count
- VAP_LIST=""
- if [ "$CURRENT_SECTION_CMD" != "NEW" -a -f "/tmp/profile${CURRENT_SECTION_ID}_old_params" ]; then
- OLD_VAP_LIST=`grep "^VAP_LIST" "/tmp/profile${CURRENT_SECTION_ID}_old_params" | cut -d "=" -f2`
- OLD_VAP_LIST=`echo $OLD_VAP_LIST | sed 's/,/\ /g' | xargs`
- for vap in $OLD_VAP_LIST
- do
- ath=`echo $vap | awk -F "." '{print $1}' | xargs`
- if [ "$VAP_LIST" != "" ]; then
- VAP_LIST="${VAP_LIST},${ath}${2}"
- else
- VAP_LIST="${ath}${2}"
- fi
- done
- return 0
- fi
- count=$1
- if [ "$BUILD_V2" = "TRUE" ]; then
- total_vap_count=$TOTAL_VAP_COUNT
- else
- #BUILD_V1
- if [ "$PLATFORM_TYPE" = "PLATFORM_SENAO_CAP4200" -o "$PLATFORM_TYPE" = "PLATFORM_SENAO_OAP6200AG" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_DB12x" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP135" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_OUTDOOR_AP135" -o "$PLATFORM_TYPE" = "PLATFORM_ACCTON_AP135_2X2" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_WALLJACK_AP135" -o "$PLATFORM_TYPE" = "PLATFORM_RJIL_AV2_WIFI" ]; then
- total_vap_count=16
- else
- total_vap_count=8
- fi
- #BUILD_V2
- fi
- while [ $i -lt $total_vap_count ];
- do
- ifconfig ath$i > /dev/null 2>&1
- if [ "$?" = "0" ]; then
- i=`expr $i + 1`
- continue
- fi
- ifconfig mesh$i > /dev/null 2>&1
- if [ "$?" = "0" ]; then
- i=`expr $i + 1`
- continue
- fi
- count=`expr $count - 1`
- if [ "$VAP_LIST" != "" ]; then
- VAP_LIST=`echo $VAP_LIST,ath$i$2`
- else
- VAP_LIST="ath$i$2"
- fi
- i=`expr $i + 1`
- if [ "$count" = "0" ]; then
- return 0
- fi
- done
- return 1
- }
- sanitize_integer()
- {
- local value
- local min_val
- local max_val
- value=$1
- min_val=$2
- max_val=$3
- value=`expr $value + 0` > /dev/null 2>&1 # For some reason, this doesnt like value = 0
- # Hence the special check below
- if [ $? -ne 0 ]; then
- if [ "$value" != "0" ]; then
- value=`expr $max_val + 10`
- fi
- elif [ $value -gt $max_val -o $value -lt $min_val ]; then
- value=`expr $max_val + 10`
- fi
- return $value
- }
- init_profile_var()
- {
- DHCPD_LOCAL_IP=""
- DHCPD_SUBNET_MASK=""
- DHCPD_START_IP=""
- DHCPD_END_IP=""
- DHCPD_LEASE=0
- LoginTimeout=0
- BlackoutTime=0
- Homepage=0
- DNSAddr=""
- BlockedWebHosts=""
- AllowedWebHosts=""
- AllowedWebHosts_old=""
- AllowedWalledGardenHosts=""
- AllowedAuthSitesHosts=""
- ApSsid=""
- PORTAL_BUNDLE_URL=""
- PORTAL_BUNDLE_MD5SUM=""
- SSID_IS_PORTAL_CONFIGURED=0
- VAP_LIST=""
- NAT_INTERNAL_INTERFACE=""
- EXTERNAL_INTERFACE=""
- NAT_VLANID=""
- FIREWALL_ENABLED=""
- FW_DEFAULT=""
- SSID_PROFILE_ID=""
- WEBQ_ENABLED=""
- webq_exempt_list=""
- webq_exempt_list_old=""
- webq_url=""
- EXTERNAL_PORTAL_URL=""
- PORTAL_SECRET_KEY=""
- PORTAL_SERVICE_ID=""
- VALIDATE_PORTAL=""
- PORTAL_RADIUS_SERVER_IP=""
- PORTAL_RADIUS_SERVER_PORT=""
- PORTAL_RADIUS_SECRET_KEY=""
- PORTAL_RADIUS_SERVER_IP_2=""
- PORTAL_RADIUS_SERVER_PORT_2=""
- PORTAL_RADIUS_SECRET_KEY_2=""
- PORTAL_RADIUS_ACCT_ENABLED="0"
- PORTAL_RADIUS_ACCT_INTERVAL=""
- PORTAL_RADIUS_ACCT_SERVER_IP=""
- PORTAL_RADIUS_ACCT_SERVER_PORT=""
- PORTAL_RADIUS_ACCT_SECRET_KEY=""
- PORTAL_RADIUS_ACCT_SERVER_IP_2=""
- PORTAL_RADIUS_ACCT_SERVER_PORT_2=""
- PORTAL_RADIUS_ACCT_SECRET_KEY_2=""
- PORTAL_RADIUS_CALLED_STATION_ID=""
- PORTAL_RADIUS_NAS_ID=""
- REQUEST_TYPE_TO_PORTAL=""
- SERVICE_ID_TO_PORTAL=""
- CHALLENGE_TO_PORTAL=""
- CLIENT_MAC_TO_PORTAL=""
- AP_MAC_TO_PORTAL=""
- AP_IP_TO_PORTAL=""
- AP_PORT_TO_PORTAL=""
- FAILURE_COUNT_TO_PORTAL=""
- USER_URL_TO_PORTAL=""
- LOGIN_URL_TO_PORTAL=""
- LOGOFF_URL_TO_PORTAL=""
- BLACKOUT_TIME_TO_PORTAL=""
- CHALLENGE_FROM_PORTAL=""
- RESPONSE_TYPE_FROM_PORTAL=""
- CHALLENGE_RESPONSE_FROM_PORTAL=""
- REDIRECT_URL_FROM_PORTAL=""
- SESSION_TIMEOUT_FROM_PORTAL=""
- USERNAME_FROM_PORTAL=""
- PASSWORD_FROM_PORTAL=""
- ExternalInterface=""
- SPLASHLESS_ROAMING_ENABLED="0"
- ASSOCIATION_ANALYTICS_ENABLED="0"
- GRE_REMOTE_ENDPOINT=""
- GRE_KEY=""
- GRE_EXEMPTED_IP_LIST=""
- IS_GRE_CONFIGURED="0"
- GRE_TUNNEL_IP=""
- CWMENABLE=""
- PORTAL_INTERNET_DOWN_ENABLED="0"
- CONTENT_ANALYTICS_ENABLED="0"
- POST_HTTP_DATA_ENABLED="0"
- POST_HTTP_DATA_INTERVAL="0"
- POST_HTTP_DATA_USERNAME=""
- POST_HTTP_DATA_SERVER=""
- POST_HTTP_DATA_PASSWD=""
- POST_HTTP_DATA_REQ_BODY="0"
- POST_HTTP_DATA_UA="1"
- POST_HTTP_DATA_REFERER="1"
- POST_HTTP_DATA_UPLOAD_ON_MEM_THRSLD="1"
- MAC_FILTER_ENABLED=""
- MAC_FILTER_ACTION=""
- mesh_passphrase=""
- MESH_ENABLED=0
- MESH_ID=0
- MESH_MAX_HOP_COUNT=0
- MESH_MAX_ALLOWED_LINKS=0
- MESH_MIN_RSSI=0
- dynamic_vlan_enabled=0
- bonjour_gateway_enabled=0
- per_user_bandwidth_enable=0
- ena_remote_bridging=0
- PORTAL_GATE1_AUTH="0"
- ena_ap_acct=""
- device_name=`cat /opt/sensor/sensor.conf | grep "device_name"`
- device_name="`extract_value \"$device_name\" "device_name"`"
- location_identifier=`cat /opt/sensor/sensor.conf | grep location_identifier`
- location_identifier="`extract_value \"$location_identifier\" "location_identifier"`"
- ena_ap_acct=""
- YADWIRE_INTEGRATION_ENABLED="0"
- YADWIRE_PING_INTERVAL="300"
- YADWIRE_USER_KEY=""
- YADWIRE_NETWORK_ID=""
- DNAT_ENABLED="0"
- }
- extract_value()
- {
- echo "$1" | sed "s/^${2}=//g" #echo -E
- }
- sanitize_dynamic_vlan_list()
- {
- local dynamic_vlan_ids=`echo $1 | sed 's/,/\ /g' | xargs`
- local ap_vlan_id=$2
- local counter=1
- dynamic_vlan_list=""
- for dynamic_vlan in $dynamic_vlan_ids
- do
- if [ "$dynamic_vlan" != "$ap_vlan_id" ]; then
- if [ "$dynamic_vlan_list" != "" ]; then
- dynamic_vlan_list=`echo $dynamic_vlan_list,$dynamic_vlan`
- else
- dynamic_vlan_list="$dynamic_vlan"
- fi
- let counter++
- if [ "$counter" -gt "$MAX_DYNAMIC_VLAN_COUNT" ]; then
- break
- fi
- fi
- done
- }
- sanitize_vlan_id()
- {
- vlan_id=$1
- vlan_id=`expr $vlan_id + 0` > /dev/null 2>&1 # For some reason, this doesnt like vlan_id = 0
- # Hence the special check below
- if [ $? -ne 0 ]; then
- if [ "$vlan_id" != "0" ]; then
- vlan_id=`expr $MAX_VLAN_ID + 10`
- fi
- elif [ $vlan_id -gt $MAX_VLAN_ID -o $vlan_id -lt 0 ]; then
- vlan_id=`expr $MAX_VLAN_ID + 10`
- fi
- return $vlan_id
- }
- update_wgarden_conf_common()
- {
- WGARDEN_CONF=$1/wgarden.conf
- echo "NewTTL=10" >> $WGARDEN_CONF
- echo "TTLCheckInterval=14400" >> $WGARDEN_CONF # 4 hours
- echo "wgdQueueNo=$profile_id" >> $WGARDEN_CONF
- echo "PROFILE_ID=$profile_id" >> $WGARDEN_CONF
- }
- update_webq_conf()
- {
- WEBQ_CONF=$1/webq.conf
- touch /tmp/webq_dummy.sh
- chmod 777 /tmp/webq_dummy.sh
- #Setting static portion of $NOCAT_CONF
- echo > $WEBQ_CONF
- echo "GatewayMode Open" >>$WEBQ_CONF
- echo "SplashForm $webq_url" >>$WEBQ_CONF
- echo "GatewayPort $NOCAT_PORT" >> $WEBQ_CONF
- echo "GatewayAddr $DHCPD_LOCAL_IP" >> $WEBQ_CONF
- echo "ResetCmd /tmp/webq_dummy.sh" >>$WEBQ_CONF
- echo "PermitCmd /tmp/webq_dummy.sh" >>$WEBQ_CONF
- echo "DenyCmd /tmp/webq_dummy.sh" >>$WEBQ_CONF
- echo "OperatingMode 4" >> $WEBQ_CONF
- echo "SplashlessRoamingEnabled 0" >> $WEBQ_CONF
- echo "VALIDATE_PORTAL 0" >> $WEBQ_CONF
- echo "ApMac $ETH_MAC" >> $WEBQ_CONF
- echo "ApSsid $ApSsid" >> $WEBQ_CONF
- echo "ExternalInterface $ExternalInterface" >> $WEBQ_CONF
- echo "CLIENT_MAC_TO_PORTAL client_mac" >> $WEBQ_CONF
- echo "AP_MAC_TO_PORTAL ap_mac" >> $WEBQ_CONF
- echo "AP_SSID_TO_PORTAL ap_ssid" >> $WEBQ_CONF
- echo "USER_URL_TO_PORTAL user_url" >> $WEBQ_CONF
- }
- ## which_ip_address funcion is added from /sbin/validate_ip_address.sh file
- . /sbin/validate_ip_address.sh
- IPV6_SUPPORT=`cat /opt/sensor/capability.conf | sed 's/^[[:blank:]]*//;' | grep "^advance_ipv6" | cut -d "=" -f2 | xargs`
- update_profile_conf()
- {
- PROFILE_CONF=$1/profile.conf
- echo "DEFAULT_FW_ACTION=$FW_DEFAULT" >> $PROFILE_CONF
- echo "VAP_LIST=$VAP_LIST" >>$PROFILE_CONF
- echo "FIREWALL_ENABLED=$FIREWALL_ENABLED" >> $PROFILE_CONF
- echo "TRAFFIC_SHAPING_UPLOAD=$TRAFFIC_SHAPING_UPLOAD" >>$PROFILE_CONF
- echo "TRAFFIC_SHAPING_DOWNLOAD=$TRAFFIC_SHAPING_DOWNLOAD" >>$PROFILE_CONF
- echo "WEBQ_ENABLED=$WEBQ_ENABLED" >>$PROFILE_CONF
- echo "SSID_PROFILE_ID=$SSID_PROFILE_ID" >>$PROFILE_CONF
- echo "ExternalDevice=$EXTERNAL_INTERFACE" >>$PROFILE_CONF
- echo "VLAN_ID=$vlan_id" >>$PROFILE_CONF
- echo "CONTENT_ANALYTICS_ENABLED=$CONTENT_ANALYTICS_ENABLED">>$PROFILE_CONF
- echo "POST_HTTP_DATA_ENABLED=$POST_HTTP_DATA_ENABLED">>$PROFILE_CONF
- if [ "$POST_HTTP_DATA_ENABLED" = "1" ]; then
- echo "POST_HTTP_DATA_REQ_BODY=$POST_HTTP_DATA_REQ_BODY">>$PROFILE_CONF
- echo "POST_HTTP_DATA_UA=$POST_HTTP_DATA_UA">>$PROFILE_CONF
- echo "POST_HTTP_DATA_REFERER=$POST_HTTP_DATA_REFERER">>$PROFILE_CONF
- echo "POST_HTTP_DATA_UPLOAD_ON_MEM_THRSLD=$POST_HTTP_DATA_UPLOAD_ON_MEM_THRSLD">>$PROFILE_CONF
- echo "POST_HTTP_DATA_INTERVAL=$POST_HTTP_DATA_INTERVAL">>$PROFILE_CONF
- echo "POST_HTTP_DATA_SERVER=$POST_HTTP_DATA_SERVER">>$PROFILE_CONF
- fi
- echo "MAC_FILTER_ENABLED=$MAC_FILTER_ENABLED" >>$PROFILE_CONF
- echo "MAC_FILTER_ACTION=$MAC_FILTER_ACTION" >>$PROFILE_CONF
- if [ "$IPV6_SUPPORT" = "1" -a "$auth_server_addr" != "" ]; then
- which_ip_address $auth_server_addr
- if [ "$?" = "6" ]; then
- echo "radius_server_addr_ipv6=1" >> $PROFILE_CONF
- radius_server_addr_ipv6=1
- echo "radius_acctserver_addr_ipv6=1" >> $PROFILE_CONF
- radius_acctserver_addr_ipv6=1
- else
- echo "radius_acctserver_addr_ipv6=0" >> $PROFILE_CONF
- radius_acctserver_addr_ipv6=0
- fi
- elif [ "$IPV6_SUPPORT" = "1" -a "$acct_server_addr" != "" ]; then
- which_ip_address $acct_server_addr
- if [ "$?" = "6" ]; then
- echo "radius_acctserver_addr_ipv6=1" >> $PROFILE_CONF
- radius_acctserver_addr_ipv6=1
- else
- echo "radius_acctserver_addr_ipv6=0" >> $PROFILE_CONF
- radius_acctserver_addr_ipv6=0
- fi
- fi
- echo "YADWIRE_INTEGRATION_ENABLED=$YADWIRE_INTEGRATION_ENABLED" >>$PROFILE_CONF
- echo "YADWIRE_PING_INTERVAL=$YADWIRE_PING_INTERVAL" >>$PROFILE_CONF
- echo "YADWIRE_USER_KEY=$YADWIRE_USER_KEY" >>$PROFILE_CONF
- echo "YADWIRE_NETWORK_ID=$YADWIRE_NETWORK_ID" >>$PROFILE_CONF
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- echo "DNAT_ENABLED=$DNAT_ENABLED" >>$PROFILE_CONF
- fi
- }
- #Update given mac in the mac filtering list (mac_filter.conf)
- update_mac_filter_list()
- {
- local profile_id macaddress
- profile_id=$1
- macaddress=$2
- MAC_FILTER_CONF=/tmp/profile${profile_id}/mac_filter.conf
- touch $MAC_FILTER_CONF
- echo "$macaddress" >>$MAC_FILTER_CONF
- }
- update_resolv_conf()
- {
- OLD_IFS=$IFS
- IFS=$(echo -en " \t\n\r")
- PROFILE_RESOLV_CONF="$1/resolv.conf"
- echo > $PROFILE_RESOLV_CONF
- for i in $DNSAddr ; do
- echo nameserver $i >> $PROFILE_RESOLV_CONF
- done
- IFS=$OLD_IFS
- }
- update_udhcpd_conf()
- {
- UDHCPD_CONF="$1/udhcpd.conf"
- DHCPD_LEASE_FILE="$1/udhcpd.leases"
- echo "start $DHCPD_START_IP" > $UDHCPD_CONF
- echo "end $DHCPD_END_IP" >> $UDHCPD_CONF
- echo "interface $NAT_INTERNAL_INTERFACE" >>$UDHCPD_CONF
- echo "auto_time $DHCPD_AUTO_TIME" >> $UDHCPD_CONF
- echo "lease_file $DHCPD_LEASE_FILE" >> $UDHCPD_CONF
- echo "option dns $DNSAddr" >> $UDHCPD_CONF
- echo "option subnet $DHCPD_SUBNET_MASK" >> $UDHCPD_CONF
- echo "option router $DHCPD_LOCAL_IP" >> $UDHCPD_CONF
- echo "option lease $DHCPD_LEASE" >> $UDHCPD_CONF
- echo "appid $ApSsid" >> $UDHCPD_CONF
- echo "dhcp_synch_enable 1" >> $UDHCPD_CONF
- echo "ex_interface $EXTERNAL_INTERFACE" >> $UDHCPD_CONF
- }
- update_rad_conf(){
- RAD_CONF="$1/rad.conf"
- BINDADDR=""
- echo "auth_order radius" > $RAD_CONF
- echo "login_tries 4" >> $RAD_CONF
- echo "login_timeout 60" >> $RAD_CONF
- echo "nologin $1/nologin" >> $RAD_CONF
- echo "issue $1/issue" >> $RAD_CONF
- echo "authserver $PORTAL_RADIUS_SERVER_IP:$PORTAL_RADIUS_SERVER_PORT:$PORTAL_RADIUS_SECRET_KEY" >> $RAD_CONF
- echo "servers $1/server" >> $RAD_CONF
- echo "dictionary /opt/ap/radius/dictionary" >> $RAD_CONF
- echo "login_radius $1/radlogin" >> $RAD_CONF
- echo "radius_timeout 5" >> $RAD_CONF
- echo "radius_retries 3" >> $RAD_CONF
- echo "radius_deadtime 0" >> $RAD_CONF
- echo "default_realm" >> $RAD_CONF
- echo "mapfile $1/map" >> $RAD_CONF
- echo "seqfile $1/seqfile" >> $RAD_CONF
- if ! [ -z $PORTAL_RADIUS_SERVER_IP_2 ] && ! [ -z $PORTAL_RADIUS_SERVER_PORT_2 ]; then
- # fallback server ip and port are defined, add them to the config
- echo "authserver $PORTAL_RADIUS_SERVER_IP_2:$PORTAL_RADIUS_SERVER_PORT_2:$PORTAL_RADIUS_SECRET_KEY_2" >> $RAD_CONF
- fi
- if ! [ -z $PORTAL_RADIUS_ACCT_ENABLED ] && [ $PORTAL_RADIUS_ACCT_ENABLED -eq 1 ]; then # TODO: Check what should be the correct truth value
- echo "acctserver $PORTAL_RADIUS_ACCT_SERVER_IP:$PORTAL_RADIUS_ACCT_SERVER_PORT:$PORTAL_RADIUS_ACCT_SECRET_KEY" >> $RAD_CONF
- if ! [ -z $PORTAL_RADIUS_ACCT_SERVER_IP_2 ] && ! [ -z $PORTAL_RADIUS_ACCT_SERVER_PORT_2 ]; then
- echo "acctserver $PORTAL_RADIUS_ACCT_SERVER_IP_2:$PORTAL_RADIUS_ACCT_SERVER_PORT_2:$PORTAL_RADIUS_ACCT_SECRET_KEY_2" >> $RAD_CONF
- fi
- else
- # libradiusclient segfaults without an acct_server entry
- echo "acctserver $PORTAL_RADIUS_SERVER_IP:$PORTAL_RADIUS_SERVER_PORT:$PORTAL_RADIUS_SECRET_KEY" >> $RAD_CONF
- fi
- echo "bindaddr $BINDADDR" >> $RAD_CONF
- }
- update_rad_attr_conf(){
- RAD_ATTR_CONF="$1/rad_attr.conf"
- if [ "$PORTAL_RADIUS_NAS_ID" = "" ]; then
- PORTAL_RADIUS_NAS_ID="%m-%s"
- fi
- PORTAL_RADIUS_NAS_ID=`/opt/ap/stringhandler "${PORTAL_RADIUS_NAS_ID}" 252 -r%m:"$ETH_MAC" -r%s:"$ssid" -r%n:"$device_name" -r%l:"$location_identifier"`
- echo "nas_id=$PORTAL_RADIUS_NAS_ID" > $RAD_ATTR_CONF
- echo "nas_port_type=19" >> $RAD_ATTR_CONF
- if [ "$PORTAL_RADIUS_CALLED_STATION_ID" = "" ]; then
- PORTAL_RADIUS_CALLED_STATION_ID="%m-%s"
- fi
- PORTAL_RADIUS_CALLED_STATION_ID=`/opt/ap/stringhandler "${PORTAL_RADIUS_CALLED_STATION_ID}" 252 -r%m:"$ETH_MAC" -r%s:"$ssid" -r%n:"$device_name" -r%l:"$location_identifier"`
- echo "called_station_id=$PORTAL_RADIUS_CALLED_STATION_ID" >> $RAD_ATTR_CONF
- }
- update_wgarden_conf_firewall()
- {
- profile_id=$1
- rule_prefix="FW"$profile_id"_RULE"$rule_id":"
- WGARDEN_CONF=/tmp/profile`expr $profile_id`/wgarden.conf
- touch $WGARDEN_CONF
- echo "#FIREWAL_RULE_$rule_id -----------------------------------------------------------------------" >> $WGARDEN_CONF
- echo ""$rule_prefix"InitAction=/opt/ap/fw_action.sh init $profile_id $rule_id" >> $WGARDEN_CONF
- echo ""$rule_prefix"AddAction=/opt/ap/fw_action.sh add $profile_id $rule_id $protocol $port $direction $action %s" >> $WGARDEN_CONF
- echo ""$rule_prefix"DelAction=/opt/ap/fw_action.sh del $profile_id $rule_id $protocol $port $direction $action %s" >> $WGARDEN_CONF
- #Function returns Networks and Domains seperated in different variables
- create_network_lists "$target"
- echo ""$rule_prefix"networks=$Networks" >> $WGARDEN_CONF
- echo ""$rule_prefix"domains=$Domains" >> $WGARDEN_CONF
- }
- #arg1 = list of hosts to allow
- #arg2 = profile id for wgarden file
- #arg3 = wgarden file to input walled garden classes
- #arg4 = action file to input in wgarden.conf
- #arg5 = prefix for action in wgarden.conf
- update_wgarden_file()
- {
- local Allowed_hosts="$1"
- local profile_id="$2"
- local WGARDEN_CONF="$3"
- local action_file="$4"
- local action_prefix="$5"
- local wg_rule_prefix="$6"
- local count=1
- local http_networks=""
- local http_domains=""
- local ip=""
- local ports=""
- local domain=""
- local is_network=""
- local i
- OLD_IFS=$IFS
- IFS=$(echo -en " \t\n\r")
- for i in $Allowed_hosts; do
- #remove port for iter
- host=`echo $i | awk -F ":" '{print $1}' | xargs`
- ports=`echo $i | awk -F ":" '{print $2}' | xargs`
- if (echo $host | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\(\/[0-9]\{1,2\}\)\?$' > /dev/null) then
- is_network="1"
- else
- is_network="0"
- fi
- if [ "$ports" = "" ]; then
- if [ "$is_network" = "1" ]; then
- echo adding ip [$host] to http list
- http_networks="$http_networks $host"
- else
- echo adding domain [$host] to http list
- http_domains="$http_domains $host"
- fi
- continue
- fi
- echo "$wg_rule_prefix$count:InitAction=$action_file "$action_prefix"init $profile_id" >> $WGARDEN_CONF
- echo "$wg_rule_prefix$count:AddAction=$action_file "$action_prefix"add $profile_id %s $ports" >> $WGARDEN_CONF
- echo "$wg_rule_prefix$count:DelAction=$action_file "$action_prefix"del $profile_id %s $ports" >> $WGARDEN_CONF
- if [ "$is_network" = "1" ]; then
- echo "$wg_rule_prefix$count:networks=$host" >> $WGARDEN_CONF
- echo "$wg_rule_prefix$count:domains=""" >> $WGARDEN_CONF
- else
- echo "$wg_rule_prefix$count:networks=""" >> $WGARDEN_CONF
- echo "$wg_rule_prefix$count:domains=$host" >> $WGARDEN_CONF
- fi
- count=`expr $count + 1`
- done
- IFS=$OLD_IFS
- if [ "$http_networks" != "" -o "$http_domains" != "" ]; then
- echo "WG:InitAction=$action_file "$action_prefix"init $profile_id" >> $WGARDEN_CONF
- echo "WG:AddAction=$action_file "$action_prefix"add $profile_id %s 80,443" >> $WGARDEN_CONF
- echo "WG:DelAction=$action_file "$action_prefix"del $profile_id %s 80,443" >> $WGARDEN_CONF
- echo "WG:networks=$http_networks" >> $WGARDEN_CONF
- echo "WG:domains=$http_domains" >> $WGARDEN_CONF
- fi
- }
- update_nat_conf()
- {
- NAT_CONF=$1/nat.conf
- echo "#Autogenerated NAT configuration" > $NAT_CONF
- echo "ExternalDevice=$EXTERNAL_INTERFACE" >>$NAT_CONF
- echo "InternalDevice=$NAT_INTERNAL_INTERFACE" >>$NAT_CONF
- echo "NAT_VLANID=$NAT_VLANID" >> $NAT_CONF
- echo "DHCPD_LOCAL_IP=$DHCPD_LOCAL_IP" >> $NAT_CONF
- echo "DHCPD_SUBNET_MASK=$DHCPD_SUBNET_MASK" >> $NAT_CONF
- echo "ENABLE_WIRED_GUEST=$2" >> $NAT_CONF
- }
- update_portal_conf()
- {
- PORTAL_CONF=$1/portal.conf
- echo "#Autogenerated portal configuration" > $PORTAL_CONF
- echo "GatewayPort=$NOCAT_PORT" >> $PORTAL_CONF
- echo "PORTAL_BUNDLE_MD5SUM=$PORTAL_BUNDLE_MD5SUM" >> $PORTAL_CONF
- echo "PORTAL_BUNDLE_URL='$PORTAL_BUNDLE_URL'" >> $PORTAL_CONF
- echo "DNSAddr='$DNSAddr'" >> $PORTAL_CONF
- echo "wgdQueueNo=$profile_id" >> $PORTAL_CONF
- }
- update_nocat_conf()
- {
- NOCAT_CONF=$1/nocat.conf
- #Setting static portion of $NOCAT_CONF
- echo > $NOCAT_CONF
- echo "GatewayMode Open" >>$NOCAT_CONF
- if [ "$SSID_IS_PORTAL_CONFIGURED" != "1" ];then
- echo "DocumentRoot /opt/nocatsplash/htdocs" >>$NOCAT_CONF
- echo "SplashForm $EXTERNAL_PORTAL_URL" >> $NOCAT_CONF
- else
- echo "DocumentRoot $1/htdocs" >>$NOCAT_CONF
- echo "SplashForm index.html" >>$NOCAT_CONF
- fi
- if [ "$PORTAL_INTERNET_DOWN_ENABLED" = "1" ]; then
- echo "InternetDownForm NoInternet.html" >>$NOCAT_CONF
- echo "PORTAL_INTERNET_DOWN_ENABLED 1" >>$NOCAT_CONF
- fi
- echo "GatewayPort $NOCAT_PORT" >> $NOCAT_CONF
- echo "GatewayAddr $DHCPD_LOCAL_IP" >> $NOCAT_CONF
- #Setting dynamic portion of $NOCAT_CONF
- echo "LoginTimeout $LoginTimeout " >> $NOCAT_CONF
- echo "BlackoutTime $BlackoutTime " >> $NOCAT_CONF
- echo "HomePage $Homepage " >> $NOCAT_CONF
- echo "ProfileId $profile_id " >> $NOCAT_CONF
- echo "ApMac $ETH_MAC" >> $NOCAT_CONF
- echo "ApRebootCount $AP_REBOOT_COUNT" >> $NOCAT_CONF
- echo "ApMacWithoutColon $AP_MAC_WITHOUT_COLON" >> $NOCAT_CONF
- echo "ApSsid $ApSsid" >> $NOCAT_CONF
- echo "ExternalInterface $ExternalInterface" >> $NOCAT_CONF
- echo "SplashlessRoamingEnabled $SPLASHLESS_ROAMING_ENABLED" >> $NOCAT_CONF
- echo "OperatingMode $SSID_IS_PORTAL_CONFIGURED " >> $NOCAT_CONF
- echo "Authenticator /opt/ap/radius/radius_client" >> $NOCAT_CONF
- echo "Authenticator_conf_dir $1" >> $NOCAT_CONF
- echo "PORTAL_SECRET_KEY $PORTAL_SECRET_KEY" >> $NOCAT_CONF
- echo "PORTAL_SERVICE_ID $PORTAL_SERVICE_ID" >> $NOCAT_CONF
- echo "VALIDATE_PORTAL $VALIDATE_PORTAL" >> $NOCAT_CONF
- echo "REQUEST_TYPE_TO_PORTAL $REQUEST_TYPE_TO_PORTAL" >> $NOCAT_CONF
- echo "SERVICE_ID_TO_PORTAL $SERVICE_ID_TO_PORTAL" >> $NOCAT_CONF
- echo "CHALLENGE_TO_PORTAL $CHALLENGE_TO_PORTAL" >> $NOCAT_CONF
- echo "FAILURE_COUNT_TO_PORTAL $FAILURE_COUNT_TO_PORTAL" >> $NOCAT_CONF
- echo "LOGIN_URL_TO_PORTAL $LOGIN_URL_TO_PORTAL" >> $NOCAT_CONF
- echo "LOGOFF_URL_TO_PORTAL $LOGOFF_URL_TO_PORTAL" >> $NOCAT_CONF
- echo "BLACKOUT_TIME_TO_PORTAL $BLACKOUT_TIME_TO_PORTAL" >> $NOCAT_CONF
- echo "CHALLENGE_FROM_PORTAL" $CHALLENGE_FROM_PORTAL >> $NOCAT_CONF
- echo "RESPONSE_TYPE_FROM_PORTAL $RESPONSE_TYPE_FROM_PORTAL" >> $NOCAT_CONF
- echo "CHALLENGE_RESPONSE_FROM_PORTAL $CHALLENGE_RESPONSE_FROM_PORTAL" >> $NOCAT_CONF
- echo "REDIRECT_URL_FROM_PORTAL $REDIRECT_URL_FROM_PORTAL" >> $NOCAT_CONF
- echo "SESSION_TIMEOUT_FROM_PORTAL $SESSION_TIMEOUT_FROM_PORTAL" >> $NOCAT_CONF
- echo "BLACKOUT_TIME_FROM_PORTAL blackout_time" >> $NOCAT_CONF
- echo "USERNAME_FROM_PORTAL $USERNAME_FROM_PORTAL" >> $NOCAT_CONF
- echo "PASSWORD_FROM_PORTAL $PASSWORD_FROM_PORTAL" >> $NOCAT_CONF
- echo "CLIENT_MAC_TO_PORTAL $CLIENT_MAC_TO_PORTAL" >> $NOCAT_CONF
- echo "AP_MAC_TO_PORTAL $AP_MAC_TO_PORTAL" >> $NOCAT_CONF
- echo "AP_IP_TO_PORTAL $AP_IP_TO_PORTAL" >> $NOCAT_CONF
- echo "AP_PORT_TO_PORTAL $AP_PORT_TO_PORTAL" >> $NOCAT_CONF
- echo "AP_SSID_TO_PORTAL ap_ssid" >> $NOCAT_CONF
- echo "USER_URL_TO_PORTAL $USER_URL_TO_PORTAL" >> $NOCAT_CONF
- echo "VAP_LIST $VAP_LIST" >> $NOCAT_CONF
- echo "ACCOUNTING_ENABLED $PORTAL_RADIUS_ACCT_ENABLED" >> $NOCAT_CONF
- echo "ACCOUNTING_INTERVAL $PORTAL_RADIUS_ACCT_INTERVAL" >> $NOCAT_CONF
- echo "PER_USER_BANDWIDTH_ENABLED $per_user_bandwidth_enable" >> $NOCAT_CONF
- echo "IAPC_THROUGH_SENSORD $iapc_through_sensord" >> $NOCAT_CONF
- echo "ENA_REMOTE_BRIDGING $ena_remote_bridging" >> $NOCAT_CONF
- echo "COMM_VLAN $comm_vlan" >> $NOCAT_CONF
- echo "SEND_RADIUS_PARAMS send_radius_params" >> $NOCAT_CONF
- SHOWROOMING_SUPPORTED=0
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- if [ "$SSID_IS_PORTAL_CONFIGURED" = "2" -o "$SSID_IS_PORTAL_CONFIGURED" = "3" ];then
- SHOWROOMING_SUPPORTED=1
- fi
- else
- SHOWROOMING_SUPPORTED=0
- fi
- if [ "$SHOWROOMING_SUPPORTED" = "1" ]; then
- echo "SHOWROOMING_SUPPORTED $SHOWROOMING_SUPPORTED" >> $NOCAT_CONF
- echo "SHOWROOMING_CONF_FILE /tmp/profile$profile_id/showrooming.conf" >> $NOCAT_CONF
- echo "SHOWROOMING_SCRIPT_FILE /opt/ap/showrooming.sh" >> $NOCAT_CONF
- echo "WGARDEN_CONF_FILE /tmp/profile$profile_id/client_wgarden.conf" >> $NOCAT_CONF
- echo "WGARDEN_PID_FILE /tmp/profile$profile_id/wgd.pid" >> $NOCAT_CONF
- fi
- # If AllowedAuthSitesHosts parameter is blank i.e. No domains have been added in Auth Sites,
- # it indicates that Gate1 is always open,
- # else gate1 is closed
- if [ "$AllowedAuthSitesHosts" = "" ] ; then
- echo "PORTAL_GATE1_AUTH 0" >>$NOCAT_CONF
- else
- echo "PORTAL_GATE1_AUTH 1" >>$NOCAT_CONF
- fi
- }
- update_HS20_parameter()
- {
- #valid only when 802.1x (EAP) is present with hs20 vap enabled
- if [ "$2" = "EAP" -a "$3" = "1" ]; then
- echo "$4" >> $1
- fi
- }
- create_network_lists()
- {
- local netlist=""
- local domainlist=""
- local i
- OLD_IFS=$IFS
- IFS=$(echo -en " \t\n\r")
- for i in $1; do
- if (echo $i | grep '^[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\(\/[0-9]\{1,2\}\)\?$' > /dev/null) then
- if [ -z "$netlist" ]; then
- netlist="$i"
- else
- netlist="$netlist $i"
- fi
- else
- if [ -z "$domainlist" ]; then
- domainlist="$i"
- else
- domainlist="$domainlist $i"
- fi
- fi
- done
- IFS=$OLD_IFS
- Networks=$netlist
- Domains=$domainlist
- }
- check_wep_configured()
- {
- profile_id=$2
- radio_id_1=$3
- radio_id_2=$4
- wep_conf_profile_id_1=`cat /tmp/radio$radio_id_1/wep_configured | xargs`
- if [ "$radio_id_1" != "" -a "$radio_id_2" != "" ]; then
- wep_conf_profile_id_2=`cat /tmp/radio$radio_id_2/wep_configured | xargs`
- ## Profile on both the radios
- if [ "$profile_id" != "$wep_conf_profile_id_1" -a "$profile_id" != "$wep_conf_profile_id_2" -a \
- "$wep_conf_profile_id_1" != "" -a "$wep_conf_profile_id_2" != "" ]; then
- ## Both the radios have one WEP profile on it.
- ## As we can have only _one_ WEP profile on each radio,
- ## this profile can't be configured at all.
- echo "WEP cannot be confiured for profile [$profile_id]"
- return 1
- elif [ "$profile_id" != "$wep_conf_profile_id_1" -a "$wep_conf_profile_id_1" != "" ]; then
- ## radio_id_1 taken, use only radio_id_2
- replace_string_in_a_file $1 "RADIO_ID=$radio_id_1,$radio_id_2" \
- "RADIO_ID=$radio_id_2"
- echo "WEP cannot be confiured for profile [$profile_id] on radio $radio_id_1"
- elif [ "$profile_id" != "$wep_conf_profile_id_2" -a "$wep_conf_profile_id_2" != "" ]; then
- ## radio_id_2 taken, use only radio_id_1
- replace_string_in_a_file $1 "RADIO_ID=$radio_id_1,$radio_id_2" \
- "RADIO_ID=$radio_id_1"
- echo "WEP cannot be confiured for profile [$profile_id] on radio $radio_id_1"
- fi
- else
- ## Profile on only one radio
- if [ "$radio_id_1" != "" ]; then
- if [ "$profile_id" != "$wep_conf_profile_id_1" -a "$wep_conf_profile_id_1" != "" ]; then
- echo "WEP cannot be confiured for profile [$profile_id]"
- return 1
- fi
- fi
- fi
- return 0
- }
- check_for_dynamic_vlan()
- {
- if [ -e "/tmp/used_global_numbers" ];then
- COUNT_DYNAMIC_VLAN_SSID=`cat /tmp/used_global_numbers | grep "^COUNT_DYNAMIC_VLAN_SSID=" | awk -F "=" '{print $2}' | xargs` 2>/dev/null
- if [ -z "$COUNT_DYNAMIC_VLAN_SSID" ];then
- echo "COUNT_DYNAMIC_VLAN_SSID=1" >> /tmp/used_global_numbers
- return 1
- fi
- if [ $COUNT_DYNAMIC_VLAN_SSID -lt 4 ]; then
- COUNT_DYNAMIC_VLAN_SSID=`expr $COUNT_DYNAMIC_VLAN_SSID + 1`
- sed -i "s/COUNT_DYNAMIC_VLAN_SSID=.*/COUNT_DYNAMIC_VLAN_SSID=${COUNT_DYNAMIC_VLAN_SSID}/g" /tmp/used_global_numbers
- return 1
- fi
- return 0
- fi
- echo "COUNT_DYNAMIC_VLAN_SSID=1" > /tmp/used_global_numbers
- return 1
- }
- process_ssid_profile()
- {
- local this_profile_nat
- local ena_ap_okc
- local ena_ap_coa
- local ena_dynamic_vlan
- local ena_ap_preauth
- local ap_secfile_param
- local radio_id
- local nat_config_found
- local vap_count
- local enable_wired_guest
- local ena_per_user_bandwidth_download
- local ena_per_user_bandwidth_upload
- local dynamic_vlan_list
- local hs20_vap
- local cellular_networks_list
- local domain_names_list
- local service_vlan_list
- # To invalidate values of last ssid profile in ap.conf
- init_profile_var
- # need outfile funda like radio handling
- profile_id=`cat $1 | grep SSID_PROFILE_ID | xargs | cut -d "=" -f2`
- #create profile dir in /tmp/. It contains all Profile related conf files and logs
- PROFILE_DIR="/tmp/profile$CURRENT_SECTION_ID"
- ACCT_RAD_CONF="$PROFILE_DIR/rad.conf"
- this_profile_nat=0
- vap_count=0
- enable_wired_guest=0
- ena_samog_mab=""
- ena_ap_okc=0
- ena_ap_coa=0
- ena_dynamic_vlan=0
- ena_ap_preauth=0
- ena_ap_acct=0
- iapc_through_sensord=0
- ap_secfile_param=""
- radio_id=""
- more_radio_id=""
- skip_radio_id=""
- ena_per_user_bandwidth_download=""
- ena_per_user_bandwidth_upload=""
- hs20_vap=""
- cellular_networks_list=""
- domain_names_list=""
- hs20_osen_enabled=0
- hs20_icon_present=0
- hs20_release=0 #default to release 1
- qos_map_set_exceptions=""
- qos_map_set_mandatory=""
- APP_VISIBILITY_ENABLED=0
- #comm_vlan=`grep communication_vlan /opt/sensor/discovery.conf | cut -d "=" -f2 | xargs`
- #if [ $comm_vlan == 0 ] ; then
- # comm_vlan="br0"
- #else
- # comm_vlan="br0."$comm_vlan
- #fi
- line=`cat ${1} | grep RADIO_ID`
- line_2=`cat ${1} | grep AP_SEC_MODE`
- radio=`echo -E "$line" | cut -f2- -d"="`
- sec_mode=`echo -E "$line_2" | cut -f2- -d"="`
- radio_id_1=`echo $radio | awk -F "," '{print $1}' | xargs`
- radio_id_2=`echo $radio | awk -F "," '{print $2}' | xargs`
- radio_id_1=`expr $radio_id_1 - 1`
- if [ "$radio_id_2" != "" ]; then
- radio_id_2=`expr $radio_id_2 - 1`
- fi
- if [ "$sec_mode" = "1" ]; then
- check_wep_configured $1 $profile_id $radio_id_1 $radio_id_2
- if [ $? -eq 1 ]; then
- return 1
- fi
- fi
- if [ "$CURRENT_SECTION_CMD" = "F_MOD" ]; then
- rm -f $PROFILE_DIR/modified.conf
- OUT_FILE=`echo $PROFILE_DIR/modified.conf`
- else
- if [ -d "$PROFILE_DIR" ]; then
- rm -rf $PROFILE_DIR
- fi
- mkdir $PROFILE_DIR >/dev/null 2>&1
- OUT_FILE=`echo $PROFILE_DIR/profile.conf`
- fi
- echo "" > $OUT_FILE
- while read -r line
- do
- param=`echo -E "$line" | cut -f1 -d"=" | xargs`
- value=`echo -E "$line" | cut -f2- -d"="`
- if [ -z "$param" ];then
- echo "Paramname blank in line ($line). Ignoring.."
- continue
- fi
- case $param in
- "VAP_IS_GUEST_SSID")
- #VAP_IS_GUEST_SSID in new workflow indicates that this profile is NAT enabled.Name was not changed
- #to keep parser backward(server) compatible.IS_PORTAL_CONFIGURED indicats that the profile is GUEST
- if [ "$value" = "1" ];then
- this_profile_nat=1
- echo "IS_VAP_NAT=1" >> $OUT_FILE
- else
- echo "IS_VAP_NAT=0" >> $OUT_FILE
- fi
- ;;
- "AP_SSID")
- ApSsid="`extract_value \"$line\" AP_SSID`"
- tempssid=`echo "$ApSsid" | sed "s/'/'\\\\\''/g"`
- echo "AP_SSID='$tempssid'" >> $OUT_FILE
- ssid=$ApSsid
- ;;
- "SSID_PROFILE_ID")
- SSID_PROFILE_ID=$value
- ;;
- "HIDESSID_BROADCAST")
- echo "HIDESSID_ENABLE=$value" >> $OUT_FILE
- ;;
- "WMM_ENABLE")
- WMM_ENABLE="${value:='1'}"
- ;;
- "ISOLATION_ENABLE")
- [ "$value" = "0" ] && val1=1 || val1=0
- echo "ISOLATION_ENABLE=$val1" >> $OUT_FILE
- assoc_broadcast_enable=$val1
- ;;
- "IAPC_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "IAPC_ENABLE=$val1" >> $OUT_FILE
- iapc_through_sensord=$val1
- ;;
- "AP_VLAN")
- sanitize_vlan_id $value
- vlan_id=$?
- ;;
- "REMOTE_BRIDGING_ENABLED")
- if [ "$value" = "1" ];then
- ena_remote_bridging=1
- fi
- ;;
- "NETWORK_PROFILE_ID")
- network_profile_id=$value
- echo "NETWORK_PROFILE_ID=$value" >> $OUT_FILE
- ;;
- "DYNAMIC_VLAN_ENABLED")
- if [ "$value" = "1" ];then
- ena_dynamic_vlan=1
- fi
- ;;
- "DYNAMIC_VLAN_LIST")
- dynamic_vlan_list=$value
- ;;
- "TRAFFIC_SHAPING_STA_ENABLE")
- if [ "$value" = "1" ];then
- per_user_bandwidth_enable=1
- fi
- ;;
- "TRAFFIC_SHAPING_STA_UPLOAD")
- ena_per_user_bandwidth_upload=$value
- ;;
- "TRAFFIC_SHAPING_STA_DOWNLOAD")
- ena_per_user_bandwidth_download=$value
- ;;
- "AP_SEC_MODE")
- case $value in
- 0) ap_sec_mode="None"
- ap_cypher="0"
- ap_wpa="0"
- ;;
- 1) ap_sec_mode="WEP"
- ap_cypher="0"
- ap_wpa="0"
- ;;
- 2) ap_sec_mode="WPA"
- ap_cypher="TKIP"
- ap_wpa="1"
- ;;
- 3) ap_sec_mode="WPA"
- ap_cypher="CCMP"
- ap_wpa="2"
- ;;
- 4) ap_sec_mode="WPA"
- ap_cypher="TKIP CCMP"
- ap_wpa="3"
- ;;
- 5) ap_sec_mode="WPA" # Hotspot2.0 OSEN
- ap_cypher="CCMP"
- ap_wpa="2"
- hs20_osen_enabled=1
- ;;
- *) ap_sec_mode=None
- ap_cypher="0"
- ap_wpa="0"
- ;;
- esac
- echo "AP_SECMODE=$ap_sec_mode" >> $OUT_FILE
- echo "HS20_OSEN_ENABLED=$hs20_osen_enabled" >> $OUT_FILE
- wpa=$ap_wpa
- wpa_pairwise=$ap_cypher
- ;;
- "AP_WEP_TYPE")
- ap_wep_type="$value"
- ;;
- "AP_KEY_TYPE")
- echo "AP_KEY_TYPE=${value:='ASCII'}" >> $OUT_FILE
- ;;
- "AP_WEP_KEY")
- wepkey="`extract_value \"$line\" AP_WEP_KEY`"
- wepkey_1=`echo "$wepkey" | sed "s/'/'\\\\\''/g"`
- ;;
- "AP_WEP_MODE")
- ap_wep_mode="$value"
- ;;
- "AP_SECFILE")
- echo "AP_SECFILE=${value:='PSK'}" >> $OUT_FILE
- ap_secfile_param="$value"
- ;;
- "PSK_KEY")
- wpa_psk=${value:=''}
- wpa_passphrase=${value:=''}
- ;;
- "MESH_PSK_KEY")
- mesh_passphrase=${value:=''}
- ;;
- "AP_AUTH_SERVER")
- auth_server_addr=${value:=''}
- ;;
- "AP_AUTH_PORT")
- auth_server_port=${value:='1919'}
- ;;
- "AP_AUTH_SECRET")
- auth_server_shared_secret=${value:=''}
- ;;
- "AP_OKC_ENABLED")
- if [ "$value" = "1" ];then
- ena_ap_okc=1
- fi
- ;;
- "AP_COA_ENABLED")
- if [ "$value" = "1" ];then
- ena_ap_coa=1
- fi
- ;;
- "AP_AUTH_SERVER2")
- value=`echo $value | xargs`
- auth_server_addr_2=${value:=''}
- ;;
- "AP_AUTH_PORT2")
- value=`echo $value | xargs`
- auth_server_port_2=${value:='1919'}
- ;;
- "AP_AUTH_SECRET2")
- auth_server_shared_secret_2=${value:=''}
- ;;
- "AP_PREAUTH_ENABLED")
- if [ "$value" = "1" ];then
- ena_ap_preauth=1
- fi
- ;;
- "AP_ACCT_ENABLED")
- if [ "$value" = "1" ];then
- ena_ap_acct=1
- fi
- ;;
- "AP_ACCT_SERVER")
- value=`echo $value | xargs`
- acct_server_addr="$value"
- ;;
- "AP_ACCT_PORT")
- value=`echo $value | xargs`
- acct_server_port=${value:=0}
- ;;
- "AP_ACCT_SECRET")
- acct_server_shared_secret=${value:=''}
- ;;
- "AP_ACCT_SERVER2")
- value=`echo $value | xargs`
- acct_server_addr2="$value"
- ;;
- "AP_ACCT_PORT2")
- value=`echo $value | xargs`
- acct_server_port2=${value:=0}
- ;;
- "AP_ACCT_SECRET2")
- acct_server_shared_secret2=${value:=''}
- ;;
- "RADIO_ID")
- if [ "$radio_id_2" != "" ]; then
- value="$radio_id_1,$radio_id_2"
- vap_count=2
- else
- value="$radio_id_1"
- vap_count=1
- fi
- echo "RADIO_ID=$value" >> $OUT_FILE
- ;;
- "DHCPD_LOCAL_IP")
- DHCPD_LOCAL_IP=$value
- nat_config_found=1
- ;;
- "DHCPD_SUBNET_MASK")
- DHCPD_SUBNET_MASK=$value
- ;;
- "DHCPD_START_IP")
- DHCPD_START_IP=$value
- ;;
- "DHCPD_END_IP")
- DHCPD_END_IP=$value
- ;;
- "DHCPD_LEASE_TIME")
- DHCPD_LEASE=$(($value*60))
- ;;
- "AUTH_TIMEOUT")
- LoginTimeout=$(($value*60))
- ;;
- "BLACKOUT_TIME")
- BlackoutTime=$(($value*60))
- ;;
- "PORTAL_HOME_PAGE")
- Homepage=$value
- ;;
- "DNS_SERVER_LIST")
- DNSAddr=$value
- ;;
- "BLOCKED_IP_LIST")
- BlockedWebHosts=$value
- ;;
- "EXEMPTED_IP_PORT_LIST")
- AllowedWebHosts=$value
- ;;
- "EXEMPTED_IP_LIST")
- AllowedWebHosts_old=$value
- ;;
- "EXEMPTED_IP_PORT_LIST_WALLED_GARDEN")
- AllowedWalledGardenHosts=$value
- ;;
- "EXEMPTED_IP_PORT_LIST_AUTH_SITES")
- AllowedAuthSitesHosts=$value
- ;;
- "SSID_PORTAL_BUNDLE_URL")
- PORTAL_BUNDLE_URL=$value
- ;;
- "PORTAL_BUNDLE_MD5SUM")
- PORTAL_BUNDLE_MD5SUM="$value"
- ;;
- "AP_IS_PORTAL_CONFIGURED")
- SSID_IS_PORTAL_CONFIGURED=$value
- ;;
- "TRAFFIC_SHAPING_UPLOAD")
- TRAFFIC_SHAPING_UPLOAD=$value
- ;;
- "TRAFFIC_SHAPING_DOWNLOAD")
- TRAFFIC_SHAPING_DOWNLOAD=$value
- ;;
- "MAC_FILTER_ENABLED")
- MAC_FILTER_ENABLED=$value
- ;;
- "MAC_FILTER_MACADDRESS")
- macaddress="$value"
- update_mac_filter_list $profile_id $macaddress
- ;;
- "MAC_FILTER_ACTION")
- MAC_FILTER_ACTION=$value
- ;;
- "FIREWALL_ENABLED")
- FIREWALL_ENABLED="$value"
- ;;
- "FW_DEFAULT")
- FW_DEFAULT="$value"
- ;;
- "FW_RULE_START")
- rule_id="$value"
- #reinitialize variable before every rule
- target=""
- protocol=""
- port=0
- direction=0
- action=""
- ;;
- "FW_RULE_END")
- update_wgarden_conf_firewall $profile_id
- #reinitialize variable after every rule
- target=""
- protocol=""
- port=0
- direction=0
- action=""
- rule_id=""
- ;;
- "TARGET")
- if [ "$value" = "" ]; then
- target="0.0.0.0/0"
- else
- target="$value"
- fi
- ;;
- "PROTOCOL")
- protocol="$value"
- ;;
- "PORT")
- if [ "$value" = "" ]; then
- port="0"
- else
- port="$value"
- fi
- ;;
- "DIRECTION")
- direction="$value"
- ;;
- "ACTION")
- action="$value"
- ;;
- "WEBQ_EXEMPT_IP_PORT_LIST")
- webq_exempt_list="$value"
- ;;
- "WEBQ_EXEMPT_LIST")
- webq_exempt_list_old="$value"
- ;;
- "WEBQ_ENABLED")
- WEBQ_ENABLED="$value"
- ;;
- "WEBQ_REDIRECT_URL")
- webq_url="$value"
- ;;
- "ENABLE_LIMIT_ON_ASSOC")
- echo "ENA_ASSOC_LIMIT=${value:=0}" >> $OUT_FILE
- ;;
- "ASSOC_LIMIT")
- sanitize_integer $value 0 127
- assoc_limit=$?
- if [ "$assoc_limit" -gt "127" ]; then
- echo "VAP: Invalid ASSOC_LIMIT ($value). Using Default ASSOC_LIMIT instead."
- value="NA"
- else
- value=$assoc_limit
- fi
- echo "ASSOC_LIMIT=$value" >> $OUT_FILE
- ;;
- "QOS_SSID_PRIORITY")
- echo "QOS_SSID_PRIORITY=$value" >> $OUT_FILE
- ;;
- "QOS_PRIORITY_TYPE")
- echo "QOS_PRIORITY_TYPE=$value" >> $OUT_FILE
- ;;
- "QOS_DOWNSTR_MAP")
- echo "QOS_DOWNSTR_MAP=$value" >> $OUT_FILE
- ;;
- "QOS_UPSTR_MARK_802_1p")
- echo "QOS_UPSTR_MARK_802_1p=$value" >> $OUT_FILE
- ;;
- "QOS_UPSTR_MARK_DSCP_TOS")
- echo "QOS_UPSTR_MARK_DSCP_TOS=$value" >> $OUT_FILE
- ;;
- "EXTERNAL_PORTAL_URL")
- EXTERNAL_PORTAL_URL="$value"
- ;;
- "PORTAL_SECRET_KEY")
- PORTAL_SECRET_KEY="$value"
- ;;
- "PORTAL_SERVICE_ID")
- PORTAL_SERVICE_ID="$value"
- ;;
- "VALIDATE_PORTAL")
- VALIDATE_PORTAL="$value"
- ;;
- "PORTAL_RADIUS_SERVER_IP")
- PORTAL_RADIUS_SERVER_IP="$value"
- ;;
- "PORTAL_RADIUS_SERVER_PORT")
- PORTAL_RADIUS_SERVER_PORT="$value"
- ;;
- "PORTAL_RADIUS_SECRET_KEY")
- PORTAL_RADIUS_SECRET_KEY="$value"
- ;;
- "PORTAL_RADIUS_SERVER_IP_2")
- PORTAL_RADIUS_SERVER_IP_2="$value"
- ;;
- "PORTAL_RADIUS_SERVER_PORT_2")
- PORTAL_RADIUS_SERVER_PORT_2="$value"
- ;;
- "PORTAL_RADIUS_SECRET_KEY_2")
- PORTAL_RADIUS_SECRET_KEY_2="$value"
- ;;
- "PORTAL_RADIUS_ACCT_ENABLED")
- PORTAL_RADIUS_ACCT_ENABLED="$value"
- ;;
- "PORTAL_RADIUS_ACCT_INTERVAL")
- PORTAL_RADIUS_ACCT_INTERVAL="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SERVER_IP")
- PORTAL_RADIUS_ACCT_SERVER_IP="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SERVER_PORT")
- PORTAL_RADIUS_ACCT_SERVER_PORT="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SECRET_KEY")
- PORTAL_RADIUS_ACCT_SECRET_KEY="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SERVER_IP_2")
- PORTAL_RADIUS_ACCT_SERVER_IP_2="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SERVER_PORT_2")
- PORTAL_RADIUS_ACCT_SERVER_PORT_2="$value"
- ;;
- "PORTAL_RADIUS_ACCT_SECRET_KEY_2")
- PORTAL_RADIUS_ACCT_SECRET_KEY_2="$value"
- ;;
- "PORTAL_RADIUS_CALLED_STATION_ID")
- PORTAL_RADIUS_CALLED_STATION_ID="`extract_value \"$line\" PORTAL_RADIUS_CALLED_STATION_ID`"
- tempportalstid=`echo "$PORTAL_RADIUS_CALLED_STATION_ID" | sed "s/'/'\\\\\''/g"`
- echo "PORTAL_RADIUS_CALLED_STATION_ID='$tempportalstid'" >> $OUT_FILE
- ;;
- "CALLED_STATION_ID")
- called_station_id="`extract_value \"$line\" CALLED_STATION_ID`"
- backup_called_station_id="`extract_value \"$line\" CALLED_STATION_ID`"
- tempstid=`echo "$called_station_id" | sed "s/'/'\\\\\''/g"`
- echo "CALLED_STATION_ID='$tempstid'" >> $OUT_FILE
- if [ "$called_station_id" = "" ];then
- called_station_id="%m:%s"
- fi
- called_station_id=`/opt/ap/stringhandler "${called_station_id}" 252 -r%m:"$RFC_ETH_MAC" -r%s:"$ssid" -r%n:"$device_name" -r%l:"$location_identifier"`
- ;;
- "PORTAL_RADIUS_NAS_ID")
- PORTAL_RADIUS_NAS_ID="`extract_value \"$line\" PORTAL_RADIUS_NAS_ID`"
- tempportalnasid=`echo "$PORTAL_RADIUS_NAS_ID" | sed "s/'/'\\\\\''/g"`
- echo "PORTAL_RADIUS_NAS_IDENTIFIER='$tempportalnasid'" >> $OUT_FILE
- ;;
- "REQUEST_TYPE_TO_PORTAL")
- REQUEST_TYPE_TO_PORTAL="$value"
- ;;
- "SERVICE_ID_TO_PORTAL")
- SERVICE_ID_TO_PORTAL="$value"
- ;;
- "CHALLENGE_TO_PORTAL")
- CHALLENGE_TO_PORTAL="$value"
- ;;
- "CLIENT_MAC_TO_PORTAL")
- CLIENT_MAC_TO_PORTAL="$value"
- ;;
- "AP_MAC_TO_PORTAL")
- AP_MAC_TO_PORTAL="$value"
- ;;
- "AP_IP_TO_PORTAL")
- AP_IP_TO_PORTAL="$value"
- ;;
- "AP_PORT_TO_PORTAL")
- AP_PORT_TO_PORTAL="$value"
- ;;
- "FAILURE_COUNT_TO_PORTAL")
- FAILURE_COUNT_TO_PORTAL="$value"
- ;;
- "USER_URL_TO_PORTAL")
- USER_URL_TO_PORTAL="$value"
- ;;
- "LOGIN_URL_TO_PORTAL")
- LOGIN_URL_TO_PORTAL="$value"
- ;;
- "LOGOFF_URL_TO_PORTAL")
- LOGOFF_URL_TO_PORTAL="$value"
- ;;
- "BLACKOUT_TIME_TO_PORTAL")
- BLACKOUT_TIME_TO_PORTAL="$value"
- ;;
- "CHALLENGE_FROM_PORTAL")
- CHALLENGE_FROM_PORTAL="$value"
- ;;
- "RESPONSE_TYPE_FROM_PORTAL")
- RESPONSE_TYPE_FROM_PORTAL="$value"
- ;;
- "CHALLENGE_RESPONSE_FROM_PORTAL")
- CHALLENGE_RESPONSE_FROM_PORTAL="$value"
- ;;
- "REDIRECT_URL_FROM_PORTAL")
- REDIRECT_URL_FROM_PORTAL="$value"
- ;;
- "SESSION_TIMEOUT_FROM_PORTAL")
- SESSION_TIMEOUT_FROM_PORTAL="$value"
- ;;
- "USERNAME_FROM_PORTAL")
- USERNAME_FROM_PORTAL="$value"
- ;;
- "PASSWORD_FROM_PORTAL")
- PASSWORD_FROM_PORTAL="$value"
- ;;
- "SPLASHLESS_ROAMING_ENABLED")
- SPLASHLESS_ROAMING_ENABLED="$value"
- ;;
- "GRE_REMOTE_ENDPOINT")
- GRE_REMOTE_ENDPOINT="$value"
- ;;
- "GRE_KEY")
- GRE_KEY="$value"
- ;;
- "GRE_EXEMPTED_IP_LIST")
- GRE_EXEMPTED_IP_LIST="$value"
- ;;
- "IS_GRE_CONFIGURED")
- IS_GRE_CONFIGURED="$value"
- ;;
- "GRE_TUNNEL_IP")
- GRE_TUNNEL_IP="$value"
- ;;
- "CWMENABLE")
- echo "CWMENABLE=$value" >> $OUT_FILE
- ;;
- "VAP_MIN_RATE")
- expr $value + 0 > /dev/null 2>&1
- if [ "$?" = "0" ] ; then
- TMP_RATE_VAL="$(expr $value \* 10)"
- else
- TMP_RATE_VAL="$(echo $value | cut -d '.' -f1)$(echo $value | cut -d '.' -f2 | cut -b 1)"
- fi
- TMP_RATE_VAL="$(expr $TMP_RATE_VAL / 5)"
- if [ "$?" = "0" ] ; then
- echo "MIN_RATE=$TMP_RATE_VAL" >> $OUT_FILE
- else
- echo "MIN_RATE=0" >> $OUT_FILE
- fi
- ;;
- "VAP_MAX_RATE")
- expr $value + 0 > /dev/null 2>&1
- if [ "$?" = "0" ] ; then
- TMP_RATE_VAL="$(expr $value \* 10)"
- else
- TMP_RATE_VAL="$(echo $value | cut -d '.' -f1)$(echo $value | cut -d '.' -f2 | cut -b 1)"
- fi
- TMP_RATE_VAL="$(expr $TMP_RATE_VAL / 5)"
- if [ "$?" = "0" ] ; then
- echo "MAX_RATE=$TMP_RATE_VAL" >> $OUT_FILE
- else
- echo "MAX_RATE=0" >> $OUT_FILE
- fi
- ;;
- "VAP_NONLEGACY_MAX_RATE")
- echo "NONLEGACY_MAX_RATE=$value" >> $OUT_FILE
- ;;
- "VAP_MCAST_MGMT_RATE")
- expr $value + 0 > /dev/null 2>&1
- if [ "$?" = "0" ] ; then
- TMP_RATE_VAL="$(expr $value \* 10)"
- else
- TMP_RATE_VAL="$(echo $value | cut -d '.' -f1)$(echo $value | cut -d '.' -f2 | cut -b 1)"
- fi
- TMP_RATE_VAL="$(expr $TMP_RATE_VAL / 5)"
- if [ "$?" = "0" ] ; then
- echo "MCAST_MGMT_RATE=$TMP_RATE_VAL" >> $OUT_FILE
- else
- echo "MCAST_MGMT_RATE=0" >> $OUT_FILE
- fi
- ;;
- "ASSOCIATION_ANALYTICS_ENABLED")
- if [ -z $value ]; then
- value=0
- fi
- ASSOCIATION_ANALYTICS_ENABLED=$value
- echo "ASSOCIATION_ANALYTICS_ENABLED=$value" >> $OUT_FILE
- ;;
- "WIRED_GUEST_ENABLED")
- if [ -z $value ]; then
- value=0
- fi
- enable_wired_guest=$value
- ;;
- "BS_BAND_STEERING_ENABLED")
- local bs_radios=$(cat ${1} | grep RADIO_ID | cut -d= -f2)
- local bs_radios_num=${#bs_radios}
- if [ $bs_radios_num -ge 2 ] && [ x$value = x1 ]; then
- BS_BAND_STEERING_ENABLED="1"
- else
- BS_BAND_STEERING_ENABLED="0"
- fi
- ;;
- "BS_RSSI_THRESHOLD")
- BS_RSSI_THRESHOLD="$value"
- ;;
- "SMART_STEERING_ENABLED")
- if [ -z $value ]; then
- value=0
- fi
- echo "SMART_STEERING_ENABLED=$value" >> $OUT_FILE
- ;;
- "ASSOC_CONTROL_ENABLED")
- if [ -z $value ]; then
- value=0
- fi
- echo "ASSOC_CONTROL_ENABLED=$value" >> $OUT_FILE
- ;;
- "PORTAL_INTERNET_DOWN_ENABLED")
- PORTAL_INTERNET_DOWN_ENABLED="${value:='0'}"
- ;;
- "CONTENT_ANALYTICS_ENABLE")
- CONTENT_ANALYTICS_ENABLED="$value"
- ;;
- "APPLICATION_VISIBILITY_ENABLED")
- if [ "$APP_VISIBILITY_SUPPORT" = "1" ]; then
- APP_VISIBILITY_ENABLED="$value"
- else
- APP_VISIBILITY_ENABLED=0
- fi
- ;;
- "POST_HTTP_DATA_ENABLED")
- POST_HTTP_DATA_ENABLED="$value"
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- POST_HTTP_DATA_ENABLED=0
- fi
- ;;
- "POST_HTTP_DATA_REQ_BODY")
- POST_HTTP_DATA_REQ_BODY="$value"
- ;;
- "POST_HTTP_DATA_UA")
- POST_HTTP_DATA_UA="$value"
- ;;
- "POST_HTTP_DATA_REFERER")
- POST_HTTP_DATA_REFERER="$value"
- ;;
- "POST_HTTP_DATA_UPLOAD_ON_MEM_THRSLD")
- POST_HTTP_DATA_UPLOAD_ON_MEM_THRSLD="$value"
- ;;
- "POST_HTTP_DATA_INTERVAL")
- expr $value + 0 > /dev/null 2>&1
- if [ "$?" = "0" ] ; then
- POST_HTTP_DATA_INTERVAL=$(($value*60))
- else
- POST_HTTP_DATA_INTERVAL=86400
- fi
- ;;
- "POST_HTTP_DATA_SERVER")
- POST_HTTP_DATA_SERVER="$value"
- ;;
- "POST_HTTP_DATA_USERNAME")
- POST_HTTP_DATA_USERNAME="`extract_value \"$line\" POST_HTTP_DATA_USERNAME`"
- tempstring=`echo "$POST_HTTP_DATA_USERNAME" | sed "s/'/'\\\\\''/g"`
- echo "POST_HTTP_DATA_USERNAME='$tempstring'" >> $OUT_FILE
- ;;
- "POST_HTTP_DATA_PASSWD")
- POST_HTTP_DATA_PASSWD="`extract_value \"$line\" POST_HTTP_DATA_PASSWD`"
- tempstring=`echo "$POST_HTTP_DATA_PASSWD" | sed "s/'/'\\\\\''/g"`
- echo "POST_HTTP_DATA_PASSWD='$tempstring'" >> $OUT_FILE
- ;;
- "LIFETIME_PERIOD")
- echo "LIFETIME_PERIOD=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_ENABLE")
- echo "SCHED_ENABLE=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_TYPE")
- echo "SCHED_TYPE=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_DAILY_TIME_DUR")
- echo "SCHED_DAILY_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_SUN_TIME_DUR")
- echo "SCHED_WEEKLY_SUN_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_MON_TIME_DUR")
- echo "SCHED_WEEKLY_MON_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_TUES_TIME_DUR")
- echo "SCHED_WEEKLY_TUES_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_WED_TIME_DUR")
- echo "SCHED_WEEKLY_WED_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_THURS_TIME_DUR")
- echo "SCHED_WEEKLY_THURS_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_FRI_TIME_DUR")
- echo "SCHED_WEEKLY_FRI_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "SCHED_WEEKLY_SAT_TIME_DUR")
- echo "SCHED_WEEKLY_SAT_TIME_DUR=$value" >> $PROFILE_DIR/schedule.conf
- ;;
- "MESH_ENABLED")
- echo "MESH_ENABLED=${value:=0}" >> $OUT_FILE
- MESH_ENABLED=${value:=0}
- if [ "$value" = "1" ]; then
- echo "$profile_id" > /tmp/mesh_enabled;
- fi
- ;;
- "MESH_ID")
- echo "MESH_ID=$value" >> $OUT_FILE
- ;;
- "MESH_MAX_HOP_COUNT")
- echo "MESH_MAX_HOP_COUNT=$value" >> $OUT_FILE
- ;;
- "MESH_MAX_DOWNLINKS")
- echo "MESH_MAX_DOWNLINKS=$value" >> $OUT_FILE
- ;;
- "MESH_MIN_RSSI")
- echo "MESH_MIN_RSSI=$value" >> $OUT_FILE
- ;;
- "IEEE802_1X_RETRY_TIMEOUT")
- value=`echo $value | xargs`
- ieee802_1x_retry_timeout=${value:='2'}
- ;;
- "IEEE802_1X_MAX_RETRIES")
- value=`echo $value | xargs`
- ieee802_1x_max_retries=${value:='4'}
- ;;
- "PORTAL_GATE1_AUTH")
- PORTAL_GATE1_AUTH="$value"
- ;;
- "YADWIRE_INTEGRATION_ENABLED")
- YADWIRE_INTEGRATION_ENABLED="$value"
- ;;
- "YADWIRE_PING_INTERVAL")
- YADWIRE_PING_INTERVAL="$value"
- ;;
- "YADWIRE_USER_KEY")
- YADWIRE_USER_KEY="$value"
- ;;
- "YADWIRE_NETWORK_ID")
- YADWIRE_NETWORK_ID="$value"
- ;;
- "DNAT_ENABLED")
- DNAT_ENABLED="$value"
- ;;
- "NAS_IDENTIFIER")
- nas_identifier="`extract_value \"$line\" NAS_IDENTIFIER`"
- if [ "$nas_identifier" = "" ];then
- nas_identifier="%m-%s"
- fi
- tempnasid=`echo "$nas_identifier" | sed "s/'/'\\\\\''/g"`
- echo "NAS_IDENTIFIER='$tempnasid'" >> $OUT_FILE
- nas_identifier=`/opt/ap/stringhandler "${nas_identifier}" 252 -r%m:"$ETH_MAC" -r%s:"$ssid" -r%n:"$device_name" -r%l:"$location_identifier"`
- ;;
- "DHCP82_CONFIGURED")
- echo "DHCP82_CONFIGURED=$value" >> $OUT_FILE
- ;;
- "DHCP82_CIRCUIT_ID")
- CircuitID="`extract_value \"$line\" DHCP82_CIRCUIT_ID`"
- tempcid=`echo "$CircuitID" | sed "s/'/'\\\\\''/g"`
- echo "DHCP82_CIRCUIT_ID='$tempcid'" >> $OUT_FILE
- ;;
- "BSS_LOAD_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "BSS_LOAD_ENABLE=$val1" >> $OUT_FILE
- ;;
- "HS20_VAP_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "HS20_VAP_ENABLE=$val1" >> $OUT_FILE
- if [ "$val1" = "1" ]; then
- hs20_vap=1
- touch $PROFILE_DIR/hs20_profile
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "interworking=1"
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20=1"
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "anqp_domain_id=$profile_id"
- fi
- ;;
- "HS20_L2TIF_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "HS20_L2TIF_ENABLE=$val1" >> $OUT_FILE
- ;;
- "HS20_ACCESS_NETWORK_TYPE")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "access_network_type=$value"
- fi
- ;;
- "HS20_VENUE_GROUP")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "venue_group=$value"
- fi
- ;;
- "HS20_VENUE_TYPE")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "venue_type=$value"
- fi
- ;;
- "HS20_HESSID")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hessid=$value"
- fi
- ;;
- "HS20_INTERNET_ACCESS")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "internet=$value"
- fi
- ;;
- "HS20_VENUE_NAME_AND_LANG_CODE")
- # venue group and venue type need to be set for this
- if [ "$value" != "" ]; then
- venue_name="`extract_value \"$line\" HS20_VENUE_NAME_AND_LANG_CODE`"
- tmp_venue_name=`echo "$venue_name" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "venue_name=P\"$tmp_venue_name\""
- fi
- ;;
- "HS20_NETWORK_AUTH_TYPE")
- if [ "$value" != "" ]; then
- # the value from server is of type <code>[URL]
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "network_auth_type=$value"
- fi
- ;;
- "HS20_ROAMING_CONSORTIUM_OI")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "roaming_consortium=$value"
- fi
- ;;
- "HS20_IP_ADDR_TYPE_AVAILABILITY")
- # this is a 1 byte bitmap: MSB 2 bits for IPV6 and rest for IPV4
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "ipaddr_type_availability=$value"
- fi
- ;;
- "HS20_NAI_REALM_ENTRY_START")
- nai_realm_id=$value
- #reinitialize variable before every entry
- nai_realm=""
- eap_methods_list=""
- ;;
- "HS20_NAI_REALM")
- if [ "$value" != "" ]; then
- nai_realm=$value
- fi
- ;;
- "HS20_EAP_METHOD")
- if [ "$value" != "" ]; then
- ##########################################
- ## EAP METHODS BITMAP ##
- ## BIT EAP-METHOD ##
- ##--------------------------------------##
- ## 0 EAP-TLS ##
- ## 1 EAP-TTLS/MSCHAPV2 ##
- ## 2 EAP-SIM ##
- ## 3 EAP-AKA ##
- ## 4 EAP-AKA' (release 2) ##
- ##########################################
- method=""
- #eap method 1: TLS 2: TTLS/MSCHAPv2 3: SIM 4: AKA 5: AKA'
- if [ "$value" = "0" ]; then
- method="13[5:6]"
- elif [ "$value" = "1" ]; then
- method="21[2:4][5:7]"
- elif [ "$value" = "2" ]; then
- method="18"
- elif [ "$value" = "3" ]; then
- method="23"
- elif [ "$value" = "4" ]; then
- method="50"
- fi
- if [ "$method" != "" ]; then
- eap_methods_list="$eap_methods_list,$method"
- fi
- fi
- ;;
- "HS20_NAI_REALM_ENTRY_END")
- if [ "$nai_realm" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "nai_realm=0,$nai_realm$eap_methods_list"
- fi
- #reinitialize variable after every entry
- nai_realm=""
- eap_methods_list=""
- nai_realm_id=""
- ;;
- "HS20_CELLULAR_NETWORK_ENTRY_START")
- cn_list_id=$value
- mobile_country_code=""
- mobile_network_code=""
- ;;
- "HS20_MOBILE_COUNTRY_CODE")
- mobile_country_code=$value
- ;;
- "HS20_MOBILE_NETWORK_CODE")
- mobile_network_code=$value
- ;;
- "HS20_CELLULAR_NETWORK_ENTRY_END")
- if [ "$mobile_country_code" != "" -a "$mobile_network_code" != "" ]; then
- if [ "$cellular_networks_list" != "" ]; then
- cellular_networks_list="$cellular_networks_list;$mobile_country_code,$mobile_network_code"
- else
- cellular_networks_list="$mobile_country_code,$mobile_network_code"
- fi
- fi
- mobile_country_code=""
- mobile_network_code=""
- cn_list_id=""
- ;;
- "HS20_DOMAIN_NAME")
- if [ "$value" != "" ]; then
- if [ "$domain_names_list" != "" ]; then
- domain_names_list="$domain_names_list,$value"
- else
- domain_names_list="$value"
- fi
- fi
- ;;
- "HS20_OP_FRIENDLY_NAME_AND_LANG_CODE")
- if [ "$value" != "" ]; then
- op_friendly_name="`extract_value \"$line\" HS20_OP_FRIENDLY_NAME_AND_LANG_CODE`"
- tmp_op_friendly_name=`echo "$op_friendly_name" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_oper_friendly_name=$tmp_op_friendly_name"
- fi
- ;;
- "HS20_CONNECTION_CAPAB_ENTRY_START")
- conn_capab_id=$value
- protocol=""
- port_no=""
- port_status=""
- ;;
- "HS20_PROTOCOL")
- protocol=$value
- ;;
- "HS20_PORT_NO")
- port_no=$value
- ;;
- "HS20_PORT_STATUS")
- port_status=$value
- ;;
- "HS20_CONNECTION_CAPAB_ENTRY_END")
- if [ "$protocol" != "" -a "$port_no" != "" -a "$port_status" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_conn_capab=$protocol:$port_no:$port_status"
- fi
- conn_capab_id=""
- protocol=""
- port_no=""
- port_status=""
- ;;
- "HS20_WAN_METRICS")
- if [ "$value" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_wan_metrics=$value"
- fi
- ;;
- "PROXYARP_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "PROXYARP_ENABLE=$val1" >> $OUT_FILE
- proxy_arp=$val1
- ;;
- "PROXYARP_DGAF_DISABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "PROXYARP_DGAF_DISABLE=$val1" >> $OUT_FILE
- disable_dgaf=$val1
- ;;
- "P2P_XCONNECT_ENABLE")
- [ "$value" = "0" ] && val1=0 || val1=1
- echo "P2P_XCONNECT_ENABLE=$val1" >> $OUT_FILE
- ;;
- "IEEE80211W_ENABLE")
- if [ "$value" != "" ]; then
- ieee80211w_enable=$value
- else
- ieee80211w_enable=0
- fi
- ;;
- "IEEE80211W_GRP_MGMT_CIPHER")
- if [ "$value" != "" ]; then
- ieee80211w_grp_mgmt_cipher=$value
- else
- ieee80211w_grp_mgmt_cipher=0
- fi
- ;;
- "IEEE80211W_SA_QUERY_MAX_TIMEOUT")
- if [ "$value" != "" ]; then
- ieee80211w_sa_query_max_timeout=$value
- else
- ieee80211w_sa_query_max_timeout=1000
- fi
- ;;
- "IEEE80211W_SA_QUERY_RETRY_TIMEOUT")
- if [ "$value" != "" ]; then
- ieee80211w_sa_query_retry_timeout=$value
- else
- ieee80211w_sa_query_retry_timeout=200
- fi
- ;;
- "FT_ENABLE")
- ieee80211r_enable=$value
- ;;
- "FT_OVER_DS")
- ft_over_ds=$value
- ;;
- "FT_MIXED_MODE")
- ft_mixed_mode=$value
- ;;
- "HS20_RELEASE")
- if [ "$value" != "" ]; then
- hs20_release=$value
- fi
- ;;
- "HS20_GAS_FRAG_LIMIT")
- if [ "$value" != "" ]; then
- hs20_gas_frag_limit=$value
- else
- hs20_gas_frag_limit=1400 # default 1400 bytes
- fi
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "gas_frag_limit=$hs20_gas_frag_limit"
- ;;
- "HS20_GAS_COMEBACK_DELAY")
- if [ "$value" != "" ]; then
- hs20_gas_comeback_delay=$value
- else
- hs20_gas_comeback_delay=0 # default 2 frame gas exchange
- fi
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "gas_comeback_delay=$hs20_gas_comeback_delay"
- ;;
- "HS20_R2_DEAUTH_REQ_TIMEOUT")
- if [ "$value" != "" ]; then
- hs20_deauth_req_timeout=$value
- else
- hs20_deauth_req_timeout=60 #60 seconds default
- fi
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_deauth_req_timeout=$hs20_deauth_req_timeout"
- ;;
- "HS20_R2_ICON_DETAILS")
- if [ "$value" != "" ]; then # path to icon is: /tmp/profile$profile_id/icons/icon_file_name
- tmp_icon_details="`extract_value \"$line\" HS20_R2_ICON_DETAILS`"
- icon_details=`echo "$tmp_icon_details" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_icon=$icon_details"
- hs20_icon_present=1
- fi
- ;;
- "HS20_R2_OSU_SSID")
- if [ "$value" != "" ]; then
- tmp_osu_ssid="`extract_value \"$line\" HS20_R2_OSU_SSID`"
- osu_ssid=`echo "$tmp_osu_ssid" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_ssid=\"$osu_ssid\""
- fi
- ;;
- "HS20_R2_OSU_PROVIDER_LIST_START")
- osu_provider_id=$value
- osu_server_uri=""
- osu_friendly_name_with_lang_code="" #can be multiple
- osu_nai=""
- osu_method_list=""
- osu_icon="" #can be multiple
- osu_service_desc_with_lang_code="" #can be multiple
- osu_subscription_remediation_url=""
- ;;
- "HS20_R2_OSU_SERVER_URI")
- osu_server_uri=$value
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_server_uri=$osu_server_uri"
- ;;
- "HS20_R2_OSU_FRIENDLY_NAME_WITH_LANG_CODE")
- if [ "$value" != "" -a "$osu_server_uri" != "" ]; then
- osu_friendly_name="`extract_value \"$line\" HS20_R2_OSU_FRIENDLY_NAME_WITH_LANG_CODE`"
- tmp_osu_friendly_name=`echo "$osu_friendly_name" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_friendly_name=$tmp_osu_friendly_name"
- fi
- ;;
- "HS20_R2_OSU_NAI")
- osu_nai=$value
- if [ "$osu_nai" != "" -a "$osu_server_uri" != "" ]; then #osen must be 1 for this
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_nai=$osu_nai"
- fi
- ;;
- "HS20_R2_OSU_METHOD_LIST")
- osu_method_list=$value
- if [ "$osu_method_list" != "" -a "$osu_server_uri" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_method_list=$osu_method_list"
- fi
- ;;
- "HS20_R2_OSU_ICON_NAME")
- osu_icon_name=$value #must be one of the icon names from icon list
- if [ "$osu_icon_name" != "" -a "$osu_server_uri" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_icon=$osu_icon_name"
- fi
- ;;
- "HS20_R2_OSU_SERVICE_DESC_WITH_LANG_CODE")
- if [ "$value" != "" -a "$osu_server_uri" != "" ]; then
- osu_service_desc="`extract_value \"$line\" HS20_R2_OSU_SERVICE_DESC_WITH_LANG_CODE`"
- tmp_osu_service_desc=`echo "$osu_service_desc" | sed "s/'/'\\\\\''/g"`
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "osu_service_desc=$tmp_osu_service_desc"
- fi
- ;;
- "HS20_R2_OSU_PROVIDER_LIST_END")
- osu_provider_id=""
- osu_server_uri=""
- osu_friendly_name_with_lang_code=""
- osu_nai=""
- osu_method_list=""
- osu_icon=""
- osu_service_desc_with_lang_code=""
- osu_subscription_remediation_url=""
- ;;
- "HS20_R2_QOS_MAP_SET_EXCEPTIONS")
- qos_map_set_exceptions=$value
- ;;
- "HS20_R2_QOS_MAP_SET")
- qos_map_set_mandatory=$value
- ;;
- "HS20_ICONS_BUNDLE_URL")
- icons_bundle_url=$value
- echo "HS20_ICONS_BUNDLE_URL='$icons_bundle_url'" >> $OUT_FILE
- ;;
- "HS20_ICONS_BUNDLE_MD5SUM")
- icons_bundle_md5sum=$value
- echo "HS20_ICONS_BUNDLE_MD5SUM=$icons_bundle_md5sum" >> $OUT_FILE
- ;;
- "WMM_ENFORCE_POLICY_ENABLE")
- if [ "$value" != "" ]; then
- echo "WMM_ENFORCE_POLICY=$value" >> $OUT_FILE
- fi
- ;;
- "BONJOUR_GATEWAY_ENABLED")
- if [ "$value" = "1" ];then
- bonjour_gateway_enabled=1
- fi
- ;;
- "SERVICE_VLAN_LIST")
- service_vlan_list=$value
- ;;
- *)
- echo "Unrecognized pair $param:$value in VAP section, using default config command"
- ;;
- esac
- done < $1
- if [ "$auth_server_addr" != "" ] && [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ] && [ "$ap_secfile_param" = "" -o "$ap_secfile_param" = "PSK" ];then
- echo "SAMOG_MAB_ENABLED=1" >> $OUT_FILE
- ena_samog_mab=1;
- fi
- if [ "$ena_remote_bridging" = "1" ];then
- if [ "$this_profile_nat" = "0" -a "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- echo "REMOTE_BRIDGING_ENABLED=1" >> $OUT_FILE
- else
- echo "REMOTE_BRIDGING_ENABLED=0" >> $OUT_FILE
- ena_remote_bridging=0
- fi
- fi
- if [ -z $ASSOCIATION_ANALYTICS_ENABLED ] || ! [ $ASSOCIATION_ANALYTICS_ENABLED = 1 ]; then
- CONTENT_ANALYTICS_ENABLED=0
- fi
- if [ "$BS_BAND_STEERING_ENABLED" != "" -o "$BS_RSSI_THRESHOLD" != "" ]; then
- echo "BS_BAND_STEERING_ENABLED=$BS_BAND_STEERING_ENABLED" >> $OUT_FILE
- echo "BS_RSSI_THRESHOLD=$BS_RSSI_THRESHOLD" >> $OUT_FILE
- fi
- if [ "$CURRENT_SECTION_CMD" != "F_MOD" ]; then
- #Fix for backward compatibility
- #If new parameters exempt list is empty. We will consider old exempt list for walled garden functionality.
- if [ "$AllowedWebHosts" = "" ]; then
- AllowedWebHosts="$AllowedWebHosts_old"
- fi
- #Fix for backward compatibility with 7.1U3
- #If new parameters - exempt ip list for walled garden as well as auth sites are empty. We will consider old exempt ip port list for walled garden functionality.
- if [ "$AllowedWalledGardenHosts" = "" ] && [ "$AllowedAuthSitesHosts" = "" ]; then
- if [ "$PORTAL_GATE1_AUTH" -eq "0" ] ; then
- AllowedWalledGardenHosts="$AllowedWebHosts"
- else
- AllowedAuthSitesHosts="$AllowedWebHosts"
- fi
- fi
- if [ "$webq_exempt_list" = "" ]; then
- webq_exempt_list="$webq_exempt_list_old"
- fi
- if [ $ena_ap_okc -eq 1 -a "$ap_secfile_param" = "EAP" ];then
- if [ "$ap_wpa" = "2" -o "$ap_wpa" = "3" ];then
- echo "AP_OKC_ENABLE=1" >> $OUT_FILE
- okc_enable=1
- fi
- fi
- if [ $ena_ap_coa -eq 1 -a "$ap_secfile_param" = "EAP" ];then
- if [ "$ap_wpa" = "2" -o "$ap_wpa" = "3" ];then
- echo "AP_COA_ENABLE=1" >> $OUT_FILE
- coa_enable=1
- fi
- fi
- if [ "$ena_dynamic_vlan" -eq "1" -a "$ap_secfile_param" = "EAP" ];then
- if [ "$ap_wpa" = "2" -o "$ap_wpa" = "3" ];then
- check_for_dynamic_vlan
- if [ $? -eq 1 ];then
- echo "DYNAMIC_VLAN_ENABLED=1" >> $OUT_FILE
- dynamic_vlan_enabled=1
- fi
- fi
- fi
- if [ "$per_user_bandwidth_enable" -eq "1" -a "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ];then
- echo "PER_USER_BANDWIDTH_ENABLED=1" >> $OUT_FILE
- if [ "$ena_per_user_bandwidth_download" != "" ];then
- echo "PER_USER_BANDWIDTH_DOWNLOAD_LIMIT=$ena_per_user_bandwidth_download" >> $OUT_FILE
- fi
- if [ "$ena_per_user_bandwidth_upload" != "" ];then
- echo "PER_USER_BANDWIDTH_UPLOAD_LIMIT=$ena_per_user_bandwidth_upload" >> $OUT_FILE
- fi
- fi
- BRIDGE_NAME="br0"
- if [ "$ena_remote_bridging" = "1" ]; then
- BRIDGE_NAME="tunbr$network_profile_id"
- fi
- echo "PARENT_BRIDGE_NAME=$BRIDGE_NAME" >> $OUT_FILE
- if [ "$ap_secfile_param" = "EAP" -o "$ap_secfile_param" = "PSK" ];then
- if [ "$vlan_id" = "0" ];then
- echo "AP_ATN_INTERFACE=$BRIDGE_NAME" >> $OUT_FILE
- bss_interface=$BRIDGE_NAME
- else
- echo "AP_ATN_INTERFACE=$BRIDGE_NAME.$vlan_id" >> $OUT_FILE
- bss_interface=$BRIDGE_NAME.$vlan_id
- fi
- fi
- if [ $ena_ap_preauth -eq 1 -a "$ap_secfile_param" = "EAP" ];then
- if [ "$ap_wpa" = "2" -o "$ap_wpa" = "3" ];then
- echo "AP_RSN_ENA_PREAUTH=1" >> $OUT_FILE
- rsn_preauth=1
- if [ "$vlan_id" = "0" ];then
- echo "AP_WPA_PREAUTH_IF=$BRIDGE_NAME" >> $OUT_FILE
- rsn_preauth_interfaces="$BRIDGE_NAME"
- else
- echo "AP_WPA_PREAUTH_IF=$BRIDGE_NAME.$vlan_id" >> $OUT_FILE
- rsn_preauth_interfaces="$BRIDGE_NAME.$vlan_id"
- fi
- fi
- fi
- if [ "$vlan_id" = "0" ];then
- ExternalInterface="$BRIDGE_NAME"
- else
- ExternalInterface="$BRIDGE_NAME.$vlan_id"
- fi
- if [ "$ap_sec_mode" = "WEP" ];then
- if [ "$ap_wep_mode" != "" -a "$wepkey_1" != "" -a "$ap_wep_type" != "" ];then
- echo "AP_WEP_MODE=$ap_wep_mode" >> $OUT_FILE
- echo "WEP_KEY_1='$wepkey_1'" >> $OUT_FILE
- echo "AP_WEP_TYPE=$ap_wep_type" >> $OUT_FILE
- echo "WEP_CONFIGURED=1" >> $OUT_FILE
- echo "$CURRENT_SECTION_ID" > /tmp/radio${radio_id_1}/wep_configured
- if [ "$radio_id_2" != "" ]; then
- echo "$CURRENT_SECTION_ID" > /tmp/radio${radio_id_2}/wep_configured
- fi
- else
- echo "some issue with wep params, not configuring. ap_wep_mode=$ap_wep_mode, wepkey_1=$wepkey_1, ap_wep_type=$ap_wep_type"
- fi
- fi
- fi
- if [ "$CURRENT_SECTION_CMD" = "F_MOD" ]; then
- return 0
- fi
- WMM_ENABLE_0=$WMM_ENABLE
- radio_file="/tmp/radio${radio_id_1}/radio.conf"
- AP_CHMODE=`cat $radio_file | grep AP_CHMODE | cut -d "=" -f2` > /dev/null 2>&1
- echo $AP_CHMODE | grep "HT"
- if [ "$?" = "0" ]; then
- WMM_ENABLE_0=1
- fi
- if [ "$WMM_ENABLE" != "" ]; then
- echo "WMM_ENABLE_${radio_id_1}=$WMM_ENABLE_0" >> $OUT_FILE
- fi
- if [ "${radio_id_2}" != "" ]; then
- WMM_ENABLE_1=$WMM_ENABLE
- radio_file="/tmp/radio${radio_id_2}/radio.conf"
- AP_CHMODE=`cat $radio_file | grep AP_CHMODE | cut -d "=" -f2` > /dev/null 2>&1
- echo $AP_CHMODE | grep "HT"
- if [ "$?" = "0" ]; then
- WMM_ENABLE_1=1
- fi
- if [ "$WMM_ENABLE" != "" ]; then
- echo "WMM_ENABLE_${radio_id_2}=$WMM_ENABLE_1" >> $OUT_FILE
- fi
- fi
- if [ $vap_count = "0" ]; then
- echo "Return from process_profile as no vap configured for profile [$profile_id]"
- return 1
- fi
- echo "APP_VISIBILITY_ENABLED=$APP_VISIBILITY_ENABLED" >> $OUT_FILE
- if [ "$APP_VISIBILITY_ENABLED" = "1" ]; then
- APP_VISIBILITY_CONF=$PROFILE_DIR/app_visibility_conf
- echo "AP_SSID=$ssid" >> $APP_VISIBILITY_CONF
- echo "PROFILE_ID=$profile_id" >> $APP_VISIBILITY_CONF
- fi
- [ "$vlan_id" = "0" ] && vlanid_suffix="" || vlanid_suffix=".$vlan_id"
- EXTERNAL_INTERFACE="$BRIDGE_NAME$vlanid_suffix"
- if [ "$MESH_ENABLED" = "1" ]; then
- EXTERNAL_INTERFACE="mbr"
- if [ "$radio_id_1" != "" ]; then
- radio_conf=/tmp/radio"$radio_id_1"/radio.conf
- if [ -e $radio_conf ]; then
- local mesh_role=`cat $radio_conf | grep MESH_ROLE | cut -d "=" -f2`
- else
- mesh_role="2"
- fi
- else
- local mesh_role="2"
- fi
- if [ "$mesh_role" = "2" ]; then
- ## Allocate 2 vaps to profile if mesh intermediate node
- vap_count=2
- fi
- fi
- get_vap_list $vap_count $vlanid_suffix
- if [ "$dynamic_vlan_enabled" = "1" ]; then
- sanitize_dynamic_vlan_list $dynamic_vlan_list $vlan_id
- echo "DYNAMIC_VLAN=$dynamic_vlan_list" >> $OUT_FILE
- get_dynamic_vap_list $dynamic_vlan_list
- echo "DYNAMIC_VAP_LIST=$DYNAMIC_VAP_LIST" >> $OUT_FILE
- FIREWALL_ENABLED=0
- SSID_IS_PORTAL_CONFIGURED=0
- WEBQ_ENABLED=0
- nat_config_found=0
- fi
- if [ "$bonjour_gateway_enabled" -eq "1" ];then
- if [ "$this_profile_nat" = "0" -a "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- get_client_vap_list
- echo "BONJOUR_GATEWAY_ENABLED=1" >> $OUT_FILE
- echo "SERVICE_VLAN_LIST=$service_vlan_list" >> $OUT_FILE
- echo "client_interface_list=$CLIENT_VAP_LIST" >> $PROFILE_DIR/bonjour_gateway.conf
- fi
- fi
- if [ "$MESH_ENABLED" = "1" ]; then
- VAP_LIST=`echo $VAP_LIST | sed -e "s/"ath"/"mesh"/g"`
- fi
- if [ "$?" != "0" ]; then
- echo "Unable to get vap list for profile [$profile_id]"
- return 1
- fi
- if [ "$FIREWALL_ENABLED" = "1" -o "$SSID_IS_PORTAL_CONFIGURED" != "0" -o "$WEBQ_ENABLED" = "1" ]; then
- update_wgarden_conf_common $PROFILE_DIR
- fi
- if [ "$nat_config_found" = "1" -a "$this_profile_nat" = "1" ]; then
- echo "Configuring nat setting for [$NAT_COUNT] and vap id is [$global_vap_count]"
- NAT_COUNT=$(($NAT_COUNT+1))
- NAT_INTERNAL_INTERFACE="natbr`expr $profile_id`"
- NAT_VLANID="$vlan_id"
- update_udhcpd_conf $PROFILE_DIR
- if [ $WIRED_GUEST_ALREADY_ENABLED -eq 1 -o "$PLATFORM_TYPE" = "PLATFORM_SENAO_CAP4200" -o "$PLATFORM_TYPE" = "PLATFORM_SENAO_OAP6200AG" -o "$PLATFORM_TYPE" = "PLATFORM_ACCTON_AP135_2X2" ]; then
- enable_wired_guest=0
- fi
- if [ $enable_wired_guest -eq 1 ]; then
- WIRED_GUEST_ALREADY_ENABLED=1
- fi
- update_nat_conf $PROFILE_DIR $enable_wired_guest
- if [ "$IS_GRE_CONFIGURED" = "1" ]; then
- gre_conf="$PROFILE_DIR/gre.conf"
- echo "exempted_ip=$GRE_EXEMPTED_IP_LIST" > $gre_conf
- echo "remote_ip=$GRE_REMOTE_ENDPOINT" >> $gre_conf
- echo "gre_key=$GRE_KEY" >> $gre_conf
- echo "tunnel_ip=$GRE_TUNNEL_IP" >> $gre_conf
- # Disabling Portal Internet Down Feature for GRE configured profiles
- PORTAL_INTERNET_DOWN_ENABLED="0"
- fi
- echo "NAT VAP detected VLANID $NAT_VLANID on VAP list [$VAP_LIST]"
- else
- DHCPD_LOCAL_IP="0.0.0.0"
- fi
- if [ "$WEBQ_ENABLED" = "1" ]; then
- NOCAT_PORT=$(($NOCAT_PORT+1))
- update_webq_conf $PROFILE_DIR
- update_wgarden_file "$webq_exempt_list" "$profile_id" "$PROFILE_DIR/wgarden.conf" "/opt/ap/handle_web_quarantine.sh" "wgd_" "WG_"
- echo $PROFILE_DIR
- elif [ "$SSID_IS_PORTAL_CONFIGURED" != "0" ]; then
- NOCAT_PORT=$(($NOCAT_PORT+1))
- update_nocat_conf $PROFILE_DIR $profile_id
- #update rad.conf only when portal is exrternal signin
- if [ "$SSID_IS_PORTAL_CONFIGURED" = "3" ]; then
- update_rad_conf $PROFILE_DIR
- update_rad_attr_conf $PROFILE_DIR
- fi
- update_portal_conf $PROFILE_DIR $profile_id # update portal.conf
- echo $PROFILE_DIR
- # Update wgarden file for portal page, in this case the action script is different
- # since portal page must always be accessible to client
- # separate http and host
- external_portal_url_without_http=`echo $EXTERNAL_PORTAL_URL | awk -F "://" '{print $2}' | xargs`
- external_portal_url=`echo $external_portal_url_without_http | awk -F "/" '{print $1}' | xargs`
- update_wgarden_file "$external_portal_url" "$profile_id" "$PROFILE_DIR/wgarden.conf" "/opt/nocatsplash/libexec/wgarden/wg_action.sh" "" "WG_"
- update_wgarden_file "$AllowedWalledGardenHosts" "$profile_id" "$PROFILE_DIR/wgarden.conf" "/opt/nocatsplash/libexec/wgarden/wg_action.sh" "" "WG_"
- update_wgarden_file "$AllowedAuthSitesHosts" "$profile_id" "$PROFILE_DIR/wgarden.conf" "/opt/nocatsplash/libexec/wgarden/auth_sites_action.sh" "" "AS_"
- wgdQueueNo=$profile_id
- if [ "$PORTAL_INTERNET_DOWN_ENABLED" = "1" ]; then
- DNSD_PORT=$(($NOCAT_PORT+1000))
- if [ "$nat_config_found" = "1" -a "$this_profile_nat" = "1" ]; then
- update_resolv_conf $PROFILE_DIR
- fi
- echo "$profile_id 0.0.0.0 $DNSD_PORT $PROFILE_DIR/profile_dnsd.conf" >> /tmp/dnsd.conf
- echo > $PROFILE_DIR/profile_dnsd.conf
- fi
- fi
- update_profile_conf $PROFILE_DIR
- # If ad_injection is enabled and it is a NAT profile, update resolv.conf
- # For bridge profile, it is updated from handle_vlan_route.sh
- if [ "$DNAT_ENABLED" = "1" -a "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- if [ "$nat_config_found" = "1" -a "$this_profile_nat" = "1" ]; then
- update_resolv_conf $PROFILE_DIR
- fi
- fi
- if [ "$ap_sec_mode" = "WPA" ]; then
- cp /etc/ath/ap_bss_template $PROFILE_DIR/sec_profile
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ];then
- echo "driver=madwifi" >> $PROFILE_DIR/sec_profile
- else
- echo "driver=atheros" >> $PROFILE_DIR/sec_profile
- fi
- set_security_constants $PROFILE_DIR/sec_profile $ap_secfile_param $profile_id
- if [ "$ena_samog_mab" = "1" ];then
- set_radius_mab_sec_profile $PROFILE_DIR/sec_profile $profile_id
- fi
- # tell hostapd about dgaf settings
- if [ "$proxy_arp" = "1" -a "$disable_dgaf" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "disable_dgaf=$disable_dgaf"
- fi
- # add cellular networks list and domain names list in the hs20_profile
- if [ "$cellular_networks_list" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "anqp_3gpp_cell_net=$cellular_networks_list"
- fi
- if [ "$domain_names_list" != "" ]; then
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "domain_name=$domain_names_list"
- fi
- # update the Release number for hotspot2.0 (0 for R1 and 1 for R2)
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "hs20_release=$hs20_release"
- # update the QoS map set
- qos_map_set_final=""
- if [ "$qos_map_set_mandatory" != "" ]; then
- if [ "$qos_map_set_exceptions" != "" ]; then
- qos_map_set_final=$qos_map_set_exceptions,$qos_map_set_mandatory
- else
- qos_map_set_final=$qos_map_set_mandatory
- fi
- update_HS20_parameter $PROFILE_DIR/hs20_profile $ap_secfile_param $hs20_vap "qos_map_set=$qos_map_set_final"
- fi
- # put hotspot2.0 related info in sec_profile sans C-50 platform
- if [ "$PLATFORM_TYPE" != "$PLATFORM_LITEON_AP83" -a "$hs20_vap" = "1" ]; then
- cat $PROFILE_DIR/hs20_profile >> $PROFILE_DIR/sec_profile
- echo "HS20_ICON_PRESENT=$hs20_icon_present" >> $OUT_FILE
- fi
- elif [ "$ap_sec_mode" = "None" ];then
- if [ "$ena_samog_mab" = "1" ];then
- set_mab_basic_open_sec_profile $PROFILE_DIR/sec_profile $profile_id
- set_radius_mab_sec_profile $PROFILE_DIR/sec_profile $profile_id
- fi
- fi
- set_misc_params $OUT_FILE
- return 0
- }
- remove_dfs_chans()
- {
- LIST=$1
- local final_list=""
- local chan
- LIST=`echo $LIST | sed 's/,/ /g' | xargs`
- for chan in $LIST
- do
- if [ $chan -lt 52 -o $chan -gt 144 ]; then
- if [ "${final_list}" = "" ]; then
- final_list="${chan}"
- else
- final_list="${final_list},${chan}"
- fi
- fi
- done
- # This will work properly even for 2.4GHz
- if [ "$final_list" = "" ]; then
- final_list="36"
- fi
- echo $final_list
- }
- process_radio()
- {
- local OUT_DIR
- local OUT_FILE
- local MESH_ROLE=2
- OUT_DIR="/tmp/radio$CURRENT_SECTION_ID"
- if [ "$CURRENT_SECTION_CMD" = "MOD" ] || [ "$CURRENT_SECTION_CMD" = "F_MOD" ]; then
- rm -f $OUT_DIR/modified.conf
- OUT_FILE=`echo $OUT_DIR/modified.conf`
- else
- if [ -d "$OUT_DIR" ]; then
- rm -rf $OUT_DIR
- fi
- mkdir $OUT_DIR
- OUT_FILE=`echo $OUT_DIR/radio.conf`
- fi
- echo "" > $OUT_FILE
- while read -r line
- do
- param=`echo -E "$line" | cut -f1 -d"=" | xargs`
- value=`echo -E "$line" | cut -f2- -d"="`
- if [ -z "$param" ];then
- echo "Paramname blank in line ($line). Ignoring.."
- continue
- fi
- case $param in
- "WIRELESS_MODE")
- case $value in
- 0) wmode="11b"
- ;;
- 1) wmode="11g"
- ;;
- 2) wmode="11a"
- ;;
- 3) wmode="11ng"
- ;;
- 4) wmode="11na"
- ;;
- 5) wmode="11ac"
- ;;
- esac
- echo "WMODE=$wmode" >> $OUT_FILE
- ;;
- "AP_CHAN_WIDTH")
- chwidth=""
- if [ "$wmode" = "11ac" ]; then #IF 11AC RADIO
- case $value in
- 1) chwidth="VHT20"
- echo "AP_CH_WIDTH=20" >> $OUT_FILE
- ;;
- 2) chwidth="VHT40"
- echo "AP_CH_WIDTH=40" >> $OUT_FILE
- ;;
- 3) chwidth="VHT80"
- echo "AP_CH_WIDTH=80" >> $OUT_FILE
- ;;
- # Temporarily adding following modes
- 4) chwidth="VHT80"
- echo "AP_CH_WIDTH=80" >> $OUT_FILE
- ;;
- 5) chwidth="VHT80"
- echo "AP_CH_WIDTH=80" >> $OUT_FILE
- ;;
- #Temporarily removing following modes, remove comment also later
- #4) chwidth="VHT160"
- # echo "AP_CH_WIDTH=160" >> $OUT_FILE
- # ;;
- #5) chwidth="VHT80_80"
- # echo "AP_CH_WIDTH=80_80" >> $OUT_FILE
- # ;;
- esac
- else
- case $value in
- 1) chwidth="HT20"
- echo "AP_CH_WIDTH=20" >> $OUT_FILE
- ;;
- 2) chwidth="HT40"
- echo "AP_CH_WIDTH=40" >> $OUT_FILE
- ;;
- esac
- fi
- ;;
- "OP_CHANNEL")
- if [ "$BUILD_V2" = "TRUE" ]; then
- if [ $value -ge 52 -a $value -le 144 ]; then
- value=36
- fi
- fi
- echo "AP_PRIMARY_CH=$value" >> $OUT_FILE
- ;;
- "SECOND_OP_CHANNEL")
- echo "AP_SECONDARY_CH=$value" >> $OUT_FILE
- ;;
- "OPERATING_MODE")
- echo "OPERATING_MODE=${value:=1}" >> $OUT_FILE
- ;;
- "FRAG_THRESH")
- echo "FRAG_THRESH=${value:=2346}" >> $OUT_FILE
- ;;
- "RTSCTS_THRESH")
- echo "RTSCTS_THRESH=${value:=2346}" >> $OUT_FILE
- ;;
- "BEACON_INT")
- echo "BEACON_INT=${value:=100}" >> $OUT_FILE
- ;;
- "DTIM_PERIOD")
- echo "DTIM_PERIOD=${value:=1}" >> $OUT_FILE
- ;;
- "SHORT_GI")
- echo "SHORTGI=${value:=1}" >> $OUT_FILE
- ;;
- "AMPDUENABLE")
- echo "AMPDUENABLE=${value:=1}" >> $OUT_FILE
- ;;
- "MONITORED_VLAN_ID")
- ;;
- "AP_TRANSMIT_POWER_ENABLED")
- echo "ENA_AP_TXPOW=${value:=0}" >> $OUT_FILE
- ;;
- "AP_TRANSMIT_POWER")
- sanitize_integer $value 0 30
- tx_power=$?
- if [ "$tx_power" -gt "30" ]; then
- echo "RADIO_$radio_id: Invalid TX Power ($value). Using Default TX Power instead."
- value=""
- else
- value=$tx_power
- fi
- echo "AP_TXPOW_LIM=$value" >> $OUT_FILE
- ;;
- "BGSCAN_ENABLED")
- echo "ENABLE_BGSCAN=${value:=0}" >> $OUT_FILE
- ;;
- "AP_INTERVAL")
- echo "AP_INTERVAL=${value:=10000}" >> $OUT_FILE
- ;;
- "SCAN_INTERVAL")
- echo "SCAN_INTERVAL=${value:=100}" >> $OUT_FILE
- ;;
- "BS_LOAD_BAL_THRESHOLD")
- CURR_RADIO_BS_LOAD_BAL_THRESHOLD="$value"
- ;;
- "MESH_ROLE")
- echo "MESH_ROLE=${value:=2}" >> $OUT_FILE
- ;;
- "RADIO_ENABLED")
- echo "RADIO_ENABLED=${value:=1}" >> $OUT_FILE
- ;;
- "ACS_CHAN_LIST")
- if [ "$BUILD_V2" = "TRUE" ]; then
- value=`remove_dfs_chans $value`
- fi
- echo "ACS_CHAN_LIST=$value" >> $OUT_FILE
- ;;
- "DCS_ENABLED")
- echo "ENABLE_DCS=${value:=0}" >> $OUT_FILE
- ;;
- "ROAM_INIT_RSSI_THRESHOLD")
- echo "ROAM_INIT_RSSI_THRESHOLD=$value" >> $OUT_FILE
- ;;
- "ROAM_INIT_THRESHOLD_INTERVAL")
- echo "ROAM_INIT_THRESHOLD_INTERVAL=$value" >> $OUT_FILE
- ;;
- "ROAM_INIT_THRESHOLD_PKTS")
- echo "ROAM_INIT_THRESHOLD_PKTS=$value" >> $OUT_FILE
- ;;
- "ASSOC_RSSI_THRESHOLD")
- echo "ASSOC_RSSI_THRESHOLD=$value" >> $OUT_FILE
- ;;
- "MAX_ASSOC_RETRIES")
- echo "MAX_ASSOC_RETRIES=$value" >> $OUT_FILE
- ;;
- "DESPERATE_CLIENT_INTERVAL")
- echo "DESPERATE_CLIENT_INTERVAL=$value" >> $OUT_FILE
- ;;
- "DESPERATE_CLIENT_TIMEOUT")
- echo "DESPERATE_CLIENT_TIMEOUT=$value" >> $OUT_FILE
- ;;
- "CWMIN_AP")
- echo "CWMIN_AP=$value" >> $OUT_FILE
- ;;
- "CWMAX_AP")
- echo "CWMAX_AP=$value" >> $OUT_FILE
- ;;
- "AIFS_AP")
- echo "AIFS_AP=$value" >> $OUT_FILE
- ;;
- "TXOP_AP")
- echo "TXOP_AP=$value" >> $OUT_FILE
- ;;
- "ACM_AP")
- echo "ACM_AP=$value" >> $OUT_FILE
- ;;
- "CWMIN_STA")
- echo "CWMIN_STA=$value" >> $OUT_FILE
- ;;
- "CWMAX_STA")
- echo "CWMAX_STA=$value" >> $OUT_FILE
- ;;
- "AIFS_STA")
- echo "AIFS_STA=$value" >> $OUT_FILE
- ;;
- "TXOP_STA")
- echo "TXOP_STA=$value" >> $OUT_FILE
- ;;
- "ACM_STA")
- echo "ACM_STA=$value" >> $OUT_FILE
- ;;
- "AMSDU_ENABLED")
- echo "AMSDUENABLE=${value:=0}" >> $OUT_FILE
- ;;
- "NOACKPOLICY_AP")
- echo "NOACKPOLICY_AP=$value" >> $OUT_FILE
- ;;
- "MAX_CALLS_LIMIT_VIVO")
- echo "MAX_CALLS_LIMIT_VIVO=$value" >> $OUT_FILE
- ;;
- "MAX_MEDIUMTIME_SHARE_VIVO")
- echo "MAX_MEDIUMTIME_SHARE_VIVO=$value" >> $OUT_FILE
- ;;
- "ROAM_RESERVE_CALLS_VIVO")
- echo "ROAM_RESERVE_CALLS_VIVO=$value" >> $OUT_FILE
- ;;
- "ROAM_RESERVE_MEDIUMTIME_VIVO")
- echo "ROAM_RESERVE_MEDIUMTIME_VIVO=$value" >> $OUT_FILE
- ;;
- *)
- echo "Unrecognized pair $param:$value in Radio section, using default config command"
- ;;
- esac
- done < $1
- # Items only for 2.4 GHz Band
- echo $wmode | grep "a"
- if [ "$?" = "1" ]; then
- if [ "$CURR_RADIO_BS_LOAD_BAL_THRESHOLD" != "" ]; then
- echo "BS_LOAD_BAL_THRESHOLD=$CURR_RADIO_BS_LOAD_BAL_THRESHOLD" >> $OUT_FILE
- fi
- fi
- # AP_CHMODE expects a suffix of plus/minus to current value. As it cannot be derived from
- # template, driver will change to add it on its own.
- if [ "$wmode" = "11na" -a "$chwidth" = "HT20" ];then
- echo "AP_CHMODE=11NAHT20" >> $OUT_FILE
- elif [ "$wmode" = "11ng" -a "$chwidth" = "HT20" ];then
- echo "AP_CHMODE=11NGHT20" >> $OUT_FILE
- elif [ "$wmode" = "11na" -a "$chwidth" = "HT40" ];then
- echo "AP_CHMODE=11NAHT40" >> $OUT_FILE
- elif [ "$wmode" = "11ng" -a "$chwidth" = "HT40" ];then
- echo "AP_CHMODE=11NGHT40" >> $OUT_FILE
- elif [ "$wmode" = "11ac" -a "$chwidth" = "VHT20" ];then
- echo "AP_CHMODE=11ACVHT20" >> $OUT_FILE
- elif [ "$wmode" = "11ac" -a "$chwidth" = "VHT40" ];then
- echo "AP_CHMODE=11ACVHT40" >> $OUT_FILE
- elif [ "$wmode" = "11ac" -a "$chwidth" = "VHT80" ];then
- echo "AP_CHMODE=11ACVHT80" >> $OUT_FILE
- elif [ "$wmode" = "11ac" -a "$chwidth" = "VHT160" ];then
- echo "AP_CHMODE=11ACVHT160" >> $OUT_FILE
- elif [ "$wmode" = "11ac" -a "$chwidth" = "VHT80_80" ];then
- echo "AP_CHMODE=11ACVHT80_80" >> $OUT_FILE
- elif [ "$wmode" = "11a" ];then
- echo "AP_CHMODE=11A" >> $OUT_FILE
- elif [ "$wmode" = "11g" ];then
- echo "AP_CHMODE=11G" >> $OUT_FILE
- elif [ "$wmode" = "11b" ];then
- echo "AP_CHMODE=11B" >> $OUT_FILE
- fi
- }
- set_mab_basic_open_sec_profile()
- {
- if [ "$vlan_id" = "0" ];then
- bss_interface=$BRIDGE_NAME
- else
- bss_interface=$BRIDGE_NAME.$vlan_id
- fi
- cp /etc/ath/ap_bss_template $PROFILE_DIR/sec_profile
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ];then
- echo "driver=madwifi" >> $PROFILE_DIR/sec_profile
- else
- echo "driver=atheros" >> $PROFILE_DIR/sec_profile
- fi
- echo "ena_remote_bridging=$ena_remote_bridging" >> $1
- echo "comm_vlan=$comm_vlan" >> $1
- echo "ssid=$ssid" >> $1
- echo "assoc_broadcast_enable=$assoc_broadcast_enable" >> $1
- echo "iapc_through_sensord=$iapc_through_sensord" >> $1
- echo "bss_interface=$bss_interface" >> $1
- echo "debug=0" >> $1
- echo "profile_id=$2" >> $1
- echo "reboot_count=$AP_REBOOT_COUNT" >> $1
- echo "ap_mac_without_colon=$AP_MAC_WITHOUT_COLON" >> $1
- if [ "$nas_identifier" = "" ]; then
- nas_identifier="%m-%s"
- nas_identifier=`/opt/ap/stringhandler "$(eval echo "${nas_identifier}")" 256 -r%m:"$ETH_MAC" -r%s:"$ssid"`
- fi
- echo "nas_identifier=$nas_identifier" >> $1
- }
- set_radius_mab_sec_profile()
- {
- echo "samog_enable=1" >> $1
- if [ "$auth_server_addr" != "" ]; then
- echo "auth_server_addr=$auth_server_addr" >> $1
- echo "auth_server_port=$auth_server_port" >> $1
- echo "auth_server_shared_secret=$auth_server_shared_secret" >> $1
- fi
- if [ "$auth_server_addr_2" != "" ]; then
- echo "auth_server_addr=$auth_server_addr_2" >> $1
- echo "auth_server_port=$auth_server_port_2" >> $1
- echo "auth_server_shared_secret=$auth_server_shared_secret_2" >> $1
- fi
- echo "own_ip_addr=0.0.0.0" >> $1
- echo "dump_file=/tmp/hostapd.dump" >> $1
- echo "radius_das_enable=1" >> $1
- if [ "$acct_server_addr" != "" ]; then
- echo "acct_server_addr=$acct_server_addr" >> $1
- echo "acct_server_port=$acct_server_port" >> $1
- echo "acct_server_shared_secret=$acct_server_shared_secret" >> $1
- fi
- if [ "$acct_server_addr2" != "" ]; then
- echo "acct_server_addr=$acct_server_addr2" >> $1
- echo "acct_server_port=$acct_server_port2" >> $1
- echo "acct_server_shared_secret=$acct_server_shared_secret2" >> $1
- fi
- if [ "$ieee802_1x_retry_timeout" != "" ]; then
- echo "ieee802_1x_retry_timeout=$ieee802_1x_retry_timeout" >> $1
- fi
- if [ "$ieee802_1x_max_retries" != "" ]; then
- echo "ieee802_1x_max_retries=$ieee802_1x_max_retries" >> $1
- fi
- if [ "$called_station_id" = "" ];then
- called_station_id="%m:%s"
- called_station_id=`/opt/ap/stringhandler "${called_station_id}" 252 -r%m:"$RFC_ETH_MAC" -r%s:"$ssid"`
- fi
- echo "called_station_id=$called_station_id" >> $1
- }
- ## $1: Security file for profile
- ## $2: EAP/PSK
- ## $3: profile_id
- set_security_constants()
- {
- echo "ena_remote_bridging=$ena_remote_bridging" >> $1
- echo "comm_vlan=$comm_vlan" >> $1
- echo "wpa_gmk_rekey=3600" >> $1
- echo "wpa_group_rekey=3600" >> $1
- echo "ssid=$ssid" >> $1
- echo "assoc_broadcast_enable=$assoc_broadcast_enable" >> $1
- echo "iapc_through_sensord=$iapc_through_sensord" >> $1
- echo "wpa=$wpa" >> $1
- echo "bss_interface=$bss_interface" >> $1
- echo "debug=0" >> $1
- echo "profile_id=$3" >> $1
- echo "reboot_count=$AP_REBOOT_COUNT" >> $1
- echo "ap_mac_without_colon=$AP_MAC_WITHOUT_COLON" >> $1
- # 11w not supported for C-50, also handle old server new sensor case
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" -a "$ieee80211w_enable" != "" ]; then
- echo "ieee80211w=$ieee80211w_enable" >> $1
- if [ "$ieee80211w_enable" != "0" ]; then # 11w optional(1) or required(2)
- echo "group_mgmt_cipher=AES-128-CMAC" >> $1 # only this supported for now
- echo "assoc_sa_query_max_timeout=$ieee80211w_sa_query_max_timeout" >> $1
- echo "assoc_sa_query_retry_timeout=$ieee80211w_sa_query_retry_timeout" >> $1
- fi
- fi
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" -a "$ieee80211r_enable" = "1" ]; then
- echo "ft_enable=$ieee80211r_enable" >> $1
- echo "ft_over_ds=$ft_over_ds" >> $1
- echo "pmk_r1_push=1" >> $1
- mobility_domain=`expr $profile_id % 65535`
- echo "mobility_domain=$mobility_domain" >> $1
- echo "mobility_domain=$mobility_domain"
- # Retrieve key from /opt/sensor/auth.conf file
- key=`grep HexKey /opt/sensor/auth.conf | cut -d "=" -f2 | xargs`
- echo "$key"
- padding=80000000
- # Add padding to attain 160 bit size
- key="$key$padding"
- echo "$key"
- # Push content into a file and generate HMAC-SHA1 of that file
- echo "$ssid $profile_id" > /tmp/temp_keygen.in
- s1=`openssl_util hmac $key /tmp/temp_keygen.in | cut -d " " -f2 | xargs`
- rm -rf /tmp/temp_keygen.in >/dev/null 2>&1
- # Using substring command assign values to various elements from main hmac output string
- r1_key_holder=`expr substr $s1 1 12`
- echo "$r1_key_holder"
- key=`expr substr $s1 9 40`
- echo "$key"
- # Converting r1_key_holder string into MAC format
- r1kh_id=`echo $r1_key_holder | sed 's/.\{2\}/&:/g' | sed "s/\(.*\).\{1\}/\1/"`
- # Prepare the main r0kh and r1kh entries
- broadcast="FF:FF:FF:FF:FF:FF"
- r0kh="$broadcast $ETH_MAC:$profile_id $key"
- r1kh="$broadcast $r1kh_id $key"
- echo "r0kh=$r0kh"
- echo "r1kh=$r1kh"
- echo "r1_key_holder=$r1_key_holder" >> $1
- echo "r0kh=$r0kh" >> $1
- echo "r1kh=$r1kh" >> $1
- fi
- if [ "$2" = "EAP" ]; then
- echo "auth_server_addr=$auth_server_addr" >> $1
- echo "auth_server_port=$auth_server_port" >> $1
- echo "auth_server_shared_secret=$auth_server_shared_secret" >> $1
- if [ "$auth_server_addr_2" != "" ]; then
- echo "auth_server_addr=$auth_server_addr_2" >> $1
- echo "auth_server_port=$auth_server_port_2" >> $1
- echo "auth_server_shared_secret=$auth_server_shared_secret_2" >> $1
- fi
- if [ "$eap_reauth_period" != "" ]; then
- echo "eap_reauth_period=$eap_reauth_period" >> $1
- else
- echo "eap_reauth_period=0" >> $1
- fi
- if [ "$wpa" != "" ]; then
- wpa_key_mgmt=WPA-EAP
- ft_key_mgmt=FT-EAP
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- if [ "$ieee80211w_enable" = "2" ]; then
- wpa_key_mgmt="$wpa_key_mgmt-SHA256"
- ft_key_mgmt="$ft_key_mgmt-SHA256"
- fi
- if [ "$ieee80211r_enable" = "1" ]; then
- if [ "$ft_mixed_mode" = "1" ]; then
- wpa_key_mgmt="$wpa_key_mgmt $ft_key_mgmt"
- else
- wpa_key_mgmt="$ft_key_mgmt"
- fi
- fi
- fi
- echo "wpa_key_mgmt=$wpa_key_mgmt" >> $1
- if [ "$wpa_pairwise" != "" ]; then
- echo "wpa_pairwise=$wpa_pairwise" >> $1
- else
- echo "wpa_pairwise=CCMP" >> $1
- fi
- if [ "$hs20_osen_enabled" != "0" ]; then
- echo "osen=1" >> $1
- fi
- else
- if [ "$wep_key_len_unicast" != "" ]; then
- echo "wep_key_len_unicast=$wep_key_len_unicast" >> $1
- else
- echo "wep_key_len_unicast=13" >> $1
- fi
- if [ "$wep_rekey_period" != "" ]; then
- echo "wep_rekey_period=$wep_rekey_period" >> $1
- else
- echo "wep_rekey_period=1800" >> $1
- fi
- if [ "$wep_key_len_broadcast" != "" ]; then
- echo "wep_key_len_broadcast=$wep_key_len_broadcast" >> $1
- else
- echo "wep_key_len_broadcast=13" >> $1
- fi
- fi
- echo "eap_server=0" >> $1
- echo "ieee8021x=1" >> $1
- echo "own_ip_addr=0.0.0.0" >> $1
- echo "dump_file=/tmp/hostapd.dump" >> $1
- if [ "$rsn_preauth" = "1" ]; then
- echo "rsn_preauth=$rsn_preauth" >> $1
- echo "rsn_preauth_interfaces=$rsn_preauth_interfaces" >> $1
- fi
- if [ "$okc_enable" = "1" ]; then
- echo "okc_enable=1" >> $1
- fi
- echo "radius_das_enable=1" >> $1
- if [ "$coa_enable" = "1" ]; then
- echo "radius_coa_enable=1" >> $1
- fi
- if [ "$dynamic_vlan_enabled" = "1" ]; then
- echo "dynamic_vlan=1" >> $1
- fi
- if [ "$per_user_bandwidth_enable" = "1" ]; then
- echo "per_user_bandwidth_enable=1" >>$1
- fi
- if [ "$acct_server_addr" != "" ]; then
- echo "acct_server_addr=$acct_server_addr" >> $1
- echo "acct_server_port=$acct_server_port" >> $1
- echo "acct_server_shared_secret=$acct_server_shared_secret" >> $1
- fi
- if [ "$acct_server_addr2" != "" ]; then
- echo "acct_server_addr=$acct_server_addr2" >> $1
- echo "acct_server_port=$acct_server_port2" >> $1
- echo "acct_server_shared_secret=$acct_server_shared_secret2" >> $1
- fi
- if [ "$ieee802_1x_retry_timeout" != "" ]; then
- echo "ieee802_1x_retry_timeout=$ieee802_1x_retry_timeout" >> $1
- fi
- if [ "$ieee802_1x_max_retries" != "" ]; then
- echo "ieee802_1x_max_retries=$ieee802_1x_max_retries" >> $1
- fi
- if [ "$nas_identifier" = "" ]; then
- nas_identifier="%m-%s"
- nas_identifier=`/opt/ap/stringhandler "$(eval echo "${nas_identifier}")" 256 -r%m:"$ETH_MAC" -r%s:"$ssid"`
- fi
- echo "nas_identifier=$nas_identifier" >> $1
- if [ "$called_station_id" = "" ];then
- called_station_id="%m:%s"
- called_station_id=`/opt/ap/stringhandler "${called_station_id}" 252 -r%m:"$RFC_ETH_MAC" -r%s:"$ssid"`
- fi
- if [ "$backup_called_station_id" != "%b:%s" -a "$backup_called_station_id" != "" ];then
- echo "called_station_id=$called_station_id" >> $1
- fi
- else
- wpa_key_mgmt=WPA-PSK
- ft_key_mgmt=FT-PSK
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- if [ "$ieee80211w_enable" = "2" ]; then
- wpa_key_mgmt="$wpa_key_mgmt-SHA256"
- ft_key_mgmt="$ft_key_mgmt-SHA256"
- fi
- if [ "$ieee80211r_enable" = "1" ]; then
- if [ "$ft_mixed_mode" = "1" ]; then
- wpa_key_mgmt="$wpa_key_mgmt $ft_key_mgmt"
- else
- wpa_key_mgmt="$ft_key_mgmt"
- fi
- fi
- fi
- echo "wpa_key_mgmt=$wpa_key_mgmt" >> $1
- echo "wpa_pairwise=$wpa_pairwise" >> $1
- echo "eap_server=1" >> $1
- echo "ieee8021x=0" >> $1
- if [ "$PLATFORM_TYPE" = "PLATFORM_SENAO_CAP4200" -o "$PLATFORM_TYPE" = "PLATFORM_SENAO_OAP6200AG" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_DB12x" -o "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ];then
- echo "wpa_strict_rekey=1" >> $1
- fi
- # If mesh psk key is there then ignore ssid psk key.
- if [ "$mesh_passphrase" != "" -a "$MESH_ENABLED" = "1" ]; then
- echo "wpa_passphrase=$mesh_passphrase" >> $1
- else
- if [ "$wpa_passphrase" != "" ]; then
- echo "wpa_passphrase=$wpa_passphrase" >> $1
- fi
- fi
- if [ "$nas_identifier" = "" ]; then
- nas_identifier="%m-%s"
- nas_identifier=`/opt/ap/stringhandler "$(eval echo "${nas_identifier}")" 256 -r%m:"$ETH_MAC" -r%s:"$ssid"`
- fi
- echo "nas_identifier=$nas_identifier" >> $1
- fi
- }
- set_misc_params()
- {
- echo "AP_STARTMODE=multivlan">> $1
- echo "RATECTL=auto" >> $1
- echo "TXQUEUELEN=1000" >> $1
- echo "AMPDUFRAMES=32" >> $1
- echo "AMPDULIMIT=50000" >> $1
- echo "AMPDUMIN=32768" >> $1
- echo "WPS_ENABLE=0" >> $1
- echo "AP_PRIMARY_KEY=1" >> $1
- }
- set_profile_for_vap()
- {
- local vap_1
- local vap_2
- per_user_bw_mapping=0
- PROFILE_CONF="/tmp/profile$1/profile.conf"
- nocat_conf="/tmp/profile$1/nocat.conf"
- is_portal_radius=""
- AP_SECMODE=`grep "AP_SECMODE" "$PROFILE_CONF" | cut -f2 -d '='`
- if [ -f "$nocat_conf" ];then
- is_portal_radius=`grep "OperatingMode" "$nocat_conf" | sed "s/OperatingMode//" | xargs` >/dev/null 2>&1
- fi
- vap_1=`cat /tmp/profile$1/profile.conf | grep "^VAP_LIST" \
- | cut -d "=" -f2 | awk -F "," '{print $1}' | xargs`
- vap_2=`cat /tmp/profile$1/profile.conf | grep "^VAP_LIST" \
- | cut -d "=" -f2 | awk -F "," '{print $2}' | xargs`
- vap_1=`echo $vap_1 | cut -d "." -f1`
- vap_2=`echo $vap_2 | cut -d "." -f1`
- if [ "$2" = "disable" ]; then
- # BW binary is being used for Radius accounting feature as well
- bw=$(cat /tmp/profile$1/profile.conf \
- | grep "^PER_USER_BANDWIDTH_ENABLED=" | cut -d "=" -f2 | xargs)
- if [ "$bw" = "1" ];then
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- bw profile_for_vap ${vap_1} 0 $per_user_bw_mapping
- bw profile_for_vap ${vap_2} 0 $per_user_bw_mapping
- fi
- fi
- elif [ "$2" = "enable" ]; then
- bw=$(cat /tmp/profile${profile_id}/profile.conf \
- | grep "^PER_USER_BANDWIDTH_ENABLED=" | cut -d "=" -f2 | xargs)
- if [ "$bw" = "1" ];then
- if [ "$PLATFORM_TYPE" != "PLATFORM_LITEON_AP83" ]; then
- bw profile_for_vap ${vap_1} $1 $per_user_bw_mapping
- bw profile_for_vap ${vap_2} $1 $per_user_bw_mapping
- fi
- fi
- fi
- }
- update_radio_vap_mapping()
- {
- local vap_1
- local vap_2
- local radio_1
- local radio_2
- local radio_vap_mapping_file=/tmp/radio_vap_mapping
- local tmp_file=/tmp/radio_vap_mapping.tmp
- local tmp_file_1=/tmp/radio_vap_mapping.tmp.1
- mesh_enabled=`cat /tmp/profile$1/profile.conf | grep MESH_ENABLED | awk -F "=" '{print $2}' | xargs`
- vap_1=`cat /tmp/profile$1/profile.conf | grep "^VAP_LIST" \
- | cut -d "=" -f2 | awk -F "," '{print $1}' | xargs`
- vap_2=`cat /tmp/profile$1/profile.conf | grep "^VAP_LIST" \
- | cut -d "=" -f2 | awk -F "," '{print $2}' | xargs`
- radio_1=`cat /tmp/profile$1/profile.conf | grep RADIO_ID \
- | cut -d "=" -f2 | awk -F "," '{print $1}' | xargs`
- if [ "$mesh_enabled" != "1" ]; then
- radio_2=`cat /tmp/profile$1/profile.conf | grep RADIO_ID \
- | cut -d "=" -f2 | awk -F "," '{print $2}' | xargs`
- else
- radio_2=$radio_1
- fi
- vap_1=`echo $vap_1 | cut -d "." -f1`
- vap_2=`echo $vap_2 | cut -d "." -f1`
- echo "$radio_1:$vap_1,$radio_2:$vap_2"
- if [ "$2" = "remove" ]; then
- if [ "$vap_1" != "" ]; then
- cat $radio_vap_mapping_file | grep -v "${vap_1}$" > $tmp_file
- cp $tmp_file $tmp_file_1
- fi
- if [ "$vap_2" != "" ]; then
- cat $tmp_file | grep -v "${vap_2}$" > $tmp_file_1
- fi
- rm $tmp_file
- mv $tmp_file_1 $radio_vap_mapping_file
- elif [ "$2" = "add" ]; then
- if [ "$vap_1" != "" ]; then
- echo "${radio_1}:${vap_1}" >> $radio_vap_mapping_file
- fi
- if [ "$vap_2" != "" ]; then
- echo "${radio_2}:${vap_2}" >> $radio_vap_mapping_file
- fi
- fi
- }
- cleanup_current_network_section()
- {
- cp -r /tmp/network$CURRENT_SECTION_ID /tmp/.network$CURRENT_SECTION_ID >/dev/null 2>&1
- rm -rf /tmp/network$CURRENT_SECTION_ID >/dev/null 2>&1
- }
- cleanup_current_section()
- {
- set_profile_for_vap $CURRENT_SECTION_ID disable
- update_radio_vap_mapping $CURRENT_SECTION_ID remove
- cp -r /tmp/profile$CURRENT_SECTION_ID /tmp/.profile$CURRENT_SECTION_ID
- rm -rf /tmp/profile$CURRENT_SECTION_ID
- ## What else needs to be cleaned up?
- }
- update_fmod_params()
- {
- conf_file=$1
- modified_conf_file=$2
- while read -r line
- do
- name=`echo $line | cut -d "=" -f1 | xargs`
- value=`echo $line | cut -d "=" -f2 | xargs`
- nv_line_old=`grep "$name" "$conf_file"`
- if [ "$name" = "" -o "$value" = "" ]; then
- continue
- fi
- if [ "$nv_line_old" != "" ]; then
- replace_string_in_a_file $conf_file $nv_line_old "$name=$value"
- else
- echo "Param $name not found in file $conf_file. Writing into it."
- echo "$name=$value" >> $conf_file
- fi
- done < $modified_conf_file
- }
- ## VAP handling
- check_and_start_ssid()
- {
- local id=$1
- local cmd=$2
- local life_time
- local sched_enabled
- local start="now"
- local stop="forever"
- local match
- sched_enabled="0"
- if [ -f /tmp/profile${id}/schedule.conf ]; then
- sched_enabled=`cat /tmp/profile${id}/schedule.conf | grep SCHED_ENABLE | cut -d "=" -f2`
- life_time=`cat /tmp/profile${id}/schedule.conf | grep LIFETIME_PERIOD | cut -d "=" -f2`
- start=`echo $life_time | cut -d "(" -f2 | cut -d "," -f1 |xargs`
- stop=`echo $life_time | cut -d "(" -f2 | cut -d "," -f2 | cut -d ")" -f1 | xargs`
- fi
- match=`awk -vs1="${start}_${stop}" -vs2="now_forever" 'BEGIN { if ( tolower(s1) == tolower(s2) ){ print "match" } }'`
- if [ "$sched_enabled" != "1" -a "$match" = "match" ]; then
- /opt/ap/ssid_start.sh ${id} $cmd >> /tmp/profile${id}/ssid_start_logs 2>&1
- else
- # We have to create VAP even if its schedule is not up right now
- if [ "$CURRENT_SECTION_CMD" = "NEW" ]; then
- /opt/ap/ssid_start.sh ${id} create_only >> /tmp/profile${id}/ssid_start_logs 2>&1
- # F_MOD is allowed now only if this schedule is up right now, i.e. is running file is present
- elif [ "$CURRENT_SECTION_CMD" = "F_MOD" -a -f /tmp/profile${id}/running ]; then
- /opt/ap/ssid_start.sh ${id} fast >> /tmp/profile${id}/ssid_start_logs 2>&1
- fi
- # MOD_START is taken care by schedule_ssid.sh script
- fi
- }
- handle_vap_new()
- {
- process_ssid_profile /tmp/.section_VAP
- if [ $? -eq 1 ]; then
- echo "NEW START VAP $CURRENT_SECTION_ID aborted"
- rm -rf /tmp/profile${CURRENT_SECTION_ID}
- return
- fi
- update_radio_vap_mapping $CURRENT_SECTION_ID add
- echo "NEW START VAP $CURRENT_SECTION_ID"
- set_profile_for_vap $CURRENT_SECTION_ID enable
- check_and_start_ssid $CURRENT_SECTION_ID create
- }
- handle_vap_del()
- {
- /opt/ap/ssid_stop.sh $CURRENT_SECTION_ID delete >> /tmp/profile${CURRENT_SECTION_ID}/ssid_stop_logs 2>&1
- cleanup_current_section
- if [ -f /opt/nocatsplash/portal${CURRENT_SECTION_ID}.tgz ]; then
- rm -f /opt/nocatsplash/portal${CURRENT_SECTION_ID}.tgz
- fi
- if [ -f /opt/ap/icons/icons${CURRENT_SECTION_ID}.tgz ]; then
- rm -f /opt/ap/icons/icons${CURRENT_SECTION_ID}.tgz
- fi
- }
- handle_vap_fmod()
- {
- local PROFILE_DIR=/tmp/profile$CURRENT_SECTION_ID
- process_ssid_profile /tmp/.section_VAP
- if [ $? -eq 1 ]; then
- echo "F_MOD VAP $CURRENT_SECTION_ID aborted"
- rm -rf /tmp/profile${CURRENT_SECTION_ID}
- return
- fi
- update_fmod_params $PROFILE_DIR/profile.conf $PROFILE_DIR/modified.conf
- echo "F_MOD VAP $CURRENT_SECTION_ID"
- echo "" >> /tmp/profile${CURRENT_SECTION_ID}/ssid_start_logs
- echo "Doing Fast Path changes" >> /tmp/profile${CURRENT_SECTION_ID}/ssid_start_logs
- check_and_start_ssid $CURRENT_SECTION_ID fast
- mv $PROFILE_DIR/modified.conf $PROFILE_DIR/modified.conf.debug
- }
- handle_vap_mod_stop()
- {
- echo "MOD STOP VAP $CURRENT_SECTION_ID"
- /opt/ap/ssid_stop.sh $CURRENT_SECTION_ID stop >> /tmp/profile${CURRENT_SECTION_ID}/ssid_stop_logs 2>&1
- grep "^VAP_LIST" /tmp/profile${CURRENT_SECTION_ID}/profile.conf > /tmp/profile${CURRENT_SECTION_ID}_old_params
- cleanup_current_section
- }
- handle_vap_mod_start()
- {
- process_ssid_profile /tmp/.section_VAP
- if [ $? -eq 1 ]; then
- echo "MOD START VAP $CURRENT_SECTION_ID aborted"
- rm -rf /tmp/profile${CURRENT_SECTION_ID}
- rm -f /tmp/profile${CURRENT_SECTION_ID}_old_params
- return
- fi
- echo "MOD START VAP $CURRENT_SECTION_ID"
- set_profile_for_vap $CURRENT_SECTION_ID enable
- check_and_start_ssid $CURRENT_SECTION_ID normal
- update_radio_vap_mapping $CURRENT_SECTION_ID add
- rm -f /tmp/profile${CURRENT_SECTION_ID}_old_params
- }
- handle_vap_start()
- {
- echo "START VAP $CURRENT_SECTION_ID"
- /opt/ap/ssid_start.sh $CURRENT_SECTION_ID normal >> /tmp/profile${CURRENT_SECTION_ID}/ssid_start_logs 2>&1
- }
- handle_vap_stop()
- {
- echo "STOP VAP $CURRENT_SECTION_ID"
- /opt/ap/ssid_stop.sh $CURRENT_SECTION_ID scheduled_stop >> /tmp/profile${CURRENT_SECTION_ID}/ssid_stop_logs 2>&1
- }
- ## Radio handling
- handle_radio_new()
- {
- process_radio /tmp/.section_RADIO
- }
- handle_radio_fmod()
- {
- local RADIO_DIR=/tmp/radio$CURRENT_SECTION_ID
- process_radio /tmp/.section_RADIO
- update_fmod_params $RADIO_DIR/radio.conf $RADIO_DIR/modified.conf
- }
- handle_radio_section()
- {
- case $CURRENT_SECTION_CMD in
- "NEW")
- handle_radio_new
- ;;
- "MOD")
- handle_radio_fmod
- ;;
- "F_MOD")
- handle_radio_fmod
- ;;
- *)
- handle_radio_new
- ;;
- esac
- }
- handle_vap_section()
- {
- case $CURRENT_SECTION_CMD in
- "NEW")
- handle_vap_new
- ;;
- "MOD_STOP")
- handle_vap_mod_stop
- ;;
- "MOD_START")
- handle_vap_mod_start
- ;;
- "F_MOD")
- handle_vap_fmod
- ;;
- "DEL")
- handle_vap_del
- ;;
- "START")
- handle_vap_start
- ;;
- "STOP")
- handle_vap_stop
- ;;
- *)
- handle_vap_new
- ;;
- esac
- }
- check_and_start_network()
- {
- local id=$1
- local cmd=$2
- /opt/ap/network_start.sh ${id} ${cmd} >> /tmp/network$id/network_start_logs 2>&1
- }
- set_gretap_conf()
- {
- NETWORK_PROFILE_DIR="/tmp/network$CURRENT_SECTION_ID"
- mkdir $NETWORK_PROFILE_DIR/gretap >/dev/null 2>&1
- GRETAP_DIR=$NETWORK_PROFILE_DIR/gretap
- GRETAP_CONF_FILE=$GRETAP_DIR/gretap.conf
- echo "EOGRE_PRIMARY_KEY=$EOGRE_PRIMARY_KEY" >> $GRETAP_CONF_FILE
- echo "EOGRE_SECONDARY_KEY=$EOGRE_SECONDARY_KEY" >> $GRETAP_CONF_FILE
- }
- get_ipsec_ids()
- {
- if [ "$tunnel" = "primary" ];then
- IPSEC_LOCAL_IP=$1
- if [ "$IPSEC_LEFT_ID" = "" ];then
- IPSEC_LEFT_ID="$IPSEC_LOCAL_IP"
- echo "DEBUG_LOG : Reverting LEFT ID to Ip"
- fi
- if [ "$IPSEC_RIGHT_ID" = "" ];then
- # PRIMARY - SECONDARY logic to be added here
- IPSEC_RIGHT_ID=$IPSEC_PRIMARY_REMOTE
- echo "DEBUG_LOG : Reverting RIGHT ID to Ip"
- fi
- elif [ "$tunnel" = "secondary" ];then
- IPSEC_LOCAL_IP=$1
- if [ "$IPSEC_LEFT_ID_2" = "" ];then
- IPSEC_LEFT_ID_2="$IPSEC_LOCAL_IP"
- echo "DEBUG_LOG : Reverting LEFT ID to Ip"
- fi
- if [ "$IPSEC_RIGHT_ID_2" = "" ];then
- # PRIMARY - SECONDARY logic to be added here
- IPSEC_RIGHT_ID_2=$IPSEC_SECONDARY_REMOTE
- echo "DEBUG_LOG : Reverting RIGHT ID to Ip"
- fi
- fi
- }
- get_ipsec_username()
- {
- if [ "$tunnel" = "primary" ];then
- case $IPSEC_LEFT_AUTH in
- "xauth")
- if [ "$IPSEC_XAUTH_USERNAME" = "" ];then
- echo "DEBUG_LOG : Reverting username to identity"
- IPSEC_XAUTH_USERNAME=$IPSEC_LEFT_ID
- fi
- ;;
- "eap")
- if [ "$IPSEC_EAP_USERNAME" = "" ];then
- IPSEC_EAP_USERNAME=$IPSEC_LEFT_ID
- echo "DEBUG_LOG : Reverting username to identity"
- fi
- ;;
- esac
- elif [ "$tunnnel" = "secondary" ];then
- case $IPSEC_LEFT_AUTH_2 in
- "xauth")
- if [ "$IPSEC_XAUTH_USERNAME_2" = "" ];then
- echo "DEBUG_LOG : Reverting username to identity"
- IPSEC_XAUTH_USERNAME_2=$IPSEC_LEFT_ID_2
- fi
- ;;
- "eap")
- if [ "$IPSEC_EAP_USERNAME_2" = "" ];then
- IPSEC_EAP_USERNAME_2=$IPSEC_LEFT_ID_2
- echo "DEBUG_LOG : Reverting username to identity"
- fi
- ;;
- esac
- fi
- }
- set_ipsec_secret()
- {
- tunnel=$1
- if [ "$tunnel" = "primary" ];then
- case $IPSEC_LEFT_AUTH in
- "xauth")
- # else handled in handle_vlan_route
- echo "DEBUG_LOG : LEFT : $IPSEC_LEFT_AUTH and USERNAME : $IPSEC_XAUTH_USERNAME"
- if [ "$IPSEC_XAUTH_USERNAME" != "" ];then
- echo "$IPSEC_XAUTH_USERNAME : XAUTH $IPSEC_XAUTH_PASSWORD" >> $IPSEC_SECRET_FILE
- fi
- if [ "$IPSEC_RIGHT_AUTH" = "psk" -a "$IPSEC_IKE_VERSION" = "ikev2" ];then
- if [ "$IPSEC_LEFT_ID" != "" -a "$IPSEC_RIGHT_ID" != "" -a "$IPSEC_RIGHT_PSK" != "" ];then
- echo "$IPSEC_LEFT_ID $IPSEC_RIGHT_ID : PSK $IPSEC_RIGHT_PSK" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- "eap")
- # else handled in handle_vlan_route
- echo "DEBUG_LOG : LEFT : $IPSEC_LEFT_AUTH and USERNAME : $IPSEC_EAP_USERNAME "
- if [ "$IPSEC_EAP_USERNAME" != "" ];then
- echo "$IPSEC_EAP_USERNAME : EAP $IPSEC_EAP_PASSWORD" >> $IPSEC_SECRET_FILE
- fi
- if [ "$IPSEC_RIGHT_AUTH" = "psk" -a "$IPSEC_IKE_VERSION" = "ikev2" ];then
- if [ "$IPSEC_LEFT_ID" != "" -a "$IPSEC_RIGHT_ID" != "" -a "$IPSEC_RIGHT_PSK" != "" ];then
- echo "DEBUG_LOG : Setting RIGHT_PSK to $IPSEC_RIGHT_ID $IPSEC_LEFT_ID : PSK $IPSEC_RIGHT_PSK"
- echo "$IPSEC_RIGHT_ID $IPSEC_LEFT_ID : PSK $IPSEC_RIGHT_PSK" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- "psk")
- if [ "$IPSEC_LEFT_ID" != "" -a "$IPSEC_RIGHT_ID" != "" ];then
- echo "DEBUG_LOG : Setting LEFT_PSK to $IPSEC_LEFT_ID $IPSEC_RIGHT_ID : PSK $IPSEC_LEFT_PSK"
- echo "$IPSEC_LEFT_ID $IPSEC_RIGHT_ID : PSK $IPSEC_LEFT_PSK" >> $IPSEC_SECRET_FILE
- if [ "$IPSEC_RIGHT_AUTH" = "psk" -a "$IPSEC_RIGHT_PSK" != "" -a "$IPSEC_IKE_VERSION" = "ikev2" ];then
- echo "DEBUG_LOG : Setting RIGHT_PSK to $IPSEC_RIGHT_ID $IPSEC_LEFT_ID : PSK $IPSEC_RIGHT_PSK"
- echo "$IPSEC_RIGHT_ID $IPSEC_LEFT_ID : PSK $IPSEC_RIGHT_PSK" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- esac
- elif [ "$tunnel" = "secondary" ];then
- case $IPSEC_LEFT_AUTH_2 in
- "xauth")
- # else handled in handle_vlan_route
- echo "DEBUG_LOG : LEFT : $IPSEC_LEFT_AUTH_2 and USERNAME : $IPSEC_XAUTH_USERNAME_2"
- if [ "$IPSEC_XAUTH_USERNAME_2" != "" ];then
- echo "$IPSEC_XAUTH_USERNAME_2 : XAUTH $IPSEC_XAUTH_PASSWORD_2" >> $IPSEC_SECRET_FILE
- fi
- if [ "$IPSEC_RIGHT_AUTH_2" = "psk" -a "$IPSEC_IKE_VERSION_2" = "ikev2" -a "$IPSEC_RIGHT_PSK" != "" ];then
- if [ "$IPSEC_LEFT_ID_2" != "" -a "$IPSEC_RIGHT_ID_2" != "" ];then
- echo "$IPSEC_LEFT_ID_2 $IPSEC_RIGHT_ID_2 : PSK $IPSEC_LEFT_PSK_2" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- "eap")
- # else handled in handle_vlan_route
- echo "DEBUG_LOG : LEFT : $IPSEC_LEFT_AUTH_2 and USERNAME : $IPSEC_EAP_USERNAME_2"
- if [ "$IPSEC_EAP_USERNAME_2" != "" ];then
- echo "$IPSEC_EAP_USERNAME_2 : EAP $IPSEC_EAP_PASSWORD_2" >> $IPSEC_SECRET_FILE
- fi
- if [ "$IPSEC_RIGHT_AUTH_2" = "psk" -a "$IPSEC_IKE_VERSION_2" = "ikev2" ];then
- if [ "$IPSEC_LEFT_ID_2" != "" -a "$IPSEC_RIGHT_ID_2" != "" -a "$IPSEC_RIGHT_PSK" != "" ];then
- echo "DEBUG_LOG : Setting RIGHT_PSK to $IPSEC_RIGHT_ID_2 $IPSEC_LEFT_ID_2 : PSK $IPSEC_RIGHT_PSK_2"
- echo "IPSEC_RIGHT_ID_2 $IPSEC_LEFT_ID_2 : PSK $IPSEC_RIGHT_PSK_2" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- "psk")
- if [ "$IPSEC_LEFT_ID_2" != "" -a "$IPSEC_RIGHT_ID_2" != "" ];then
- echo "$IPSEC_LEFT_ID_2 $IPSEC_RIGHT_ID_2 : PSK $IPSEC_LEFT_PSK_2" >> $IPSEC_SECRET_FILE
- echo "DEBUG_LOG : Setting LEFT_PSK to $IPSEC_LEFT_ID_2 $IPSEC_RIGHT_ID_2 : PSK $IPSEC_LEFT_PSK_2"
- if [ "$IPSEC_RIGHT_AUTH_2" = "psk" -a "$IPSEC_RIGHT_PSK_2" != "" -a "$IPSEC_IKE_VERSION_2" = "ikev2" ];then
- echo "DEBUG_LOG : Setting RIGHT_PSK to $IPSEC_RIGHT_ID_2 $IPSEC_LEFT_ID_2 : PSK $IPSEC_RIGHT_PSK_2"
- echo "$IPSEC_RIGHT_ID_2 $IPSEC_LEFT_ID_2 : PSK $IPSEC_RIGHT_PSK_2" >> $IPSEC_SECRET_FILE
- fi
- fi
- ;;
- esac
- fi
- }
- set_secondary_ipsec_conf()
- {
- # Handling blank entry
- if [ "$IPSEC_IKE_ALGO_2" = "" ];then
- set_default_cipher 128
- IPSEC_IKE_ALGO_2=$CIPHER
- fi
- if [ "$IPSEC_PHASE2_ALGO_2" = "" ];then
- set_default_cipher 128
- IPSEC_PHASE2_ALGO_2=$CIPHER
- fi
- IPSEC_CONF_FILE="$IPSEC_DIR/secondary_ipsec.conf"
- IPSEC_SECRET_FILE="$IPSEC_DIR/secondary_ipsec.secrets"
- if [ "$IPSEC_RESTRICT_PHASE2_2" = "1" ];then
- IPSEC_PHASE2_ALGO_2=$IPSEC_PHASE2_ALGO_2"!"
- fi
- if [ "$IPSEC_RESTRICT_IKE_2" = "1" ];then
- IPSEC_IKE_ALGO_2=$IPSEC_IKE_ALGO_2"!"
- fi
- # set left authentication
- if [ "$sec_network_vlan" = "0" ];then
- local_iface="br0"
- else
- local_iface="br0.$sec_network_vlan"
- fi
- local_ip=`ifconfig $local_iface | grep inet\ addr | cut -f 2 -d ":" | cut -f 1 -d " "`
- get_ipsec_ids $local_ip
- get_ipsec_username
- echo "conn network"$CURRENT_SECTION_ID"_secondary" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_LEFT_AUTH_2" = "xauth" ]; then
- if [ "$IPSEC_RIGHT_AUTH_2" = "psk" ];then
- echo " leftauth=psk" >> $IPSEC_CONF_FILE
- echo " leftauth2=xauth" >> $IPSEC_CONF_FILE
- else
- echo " leftauth=$IPSEC_LEFT_AUTH_2" >> $IPSEC_CONF_FILE
- fi
- # Adding to xauth entries secrets file
- else
- echo " leftauth=$IPSEC_LEFT_AUTH_2" >> $IPSEC_CONF_FILE
- fi
- # Handling if defaults to IP because IP maynot be available in handle_vlan_route script
- if [ "$IPSEC_LEFT_AUTH_2" = "eap" ];then
- echo " eap_identity=$IPSEC_EAP_USERNAME_2" >> $IPSEC_CONF_FILE
- echo " aaa_identity=\"$IPSEC_AAA_IDENTITY_2\"" >> $IPSEC_CONF_FILE
- sed -i "s/.*leftauth=eap/ leftauth=$IPSEC_EAP_METHOD_2/" $IPSEC_CONF_FILE
- elif [ "$IPSEC_LEFT_AUTH_2" = "xauth" ]; then
- echo " xauth_identity=$IPSEC_XAUTH_USERNAME_2" >> $IPSEC_CONF_FILE
- fi
- echo " leftid=$IPSEC_LEFT_ID_2" >> $IPSEC_CONF_FILE
- echo " right=$IPSEC_SECONDARY_REMOTE" >> $IPSEC_CONF_FILE
- echo " rightid=$IPSEC_RIGHT_ID_2" >> $IPSEC_CONF_FILE
- echo " rightauth=$IPSEC_RIGHT_AUTH_2" >> $IPSEC_CONF_FILE
- echo " keyexchange=$IPSEC_IKE_VERSION_2" >> $IPSEC_CONF_FILE
- echo " left=$IPSEC_LOCAL_IP" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_VIRTUAL_IP_ENABLED_2" = "1" ];then
- echo " leftsourceip=%config" >> $IPSEC_CONF_FILE
- fi
- echo " leftupdown=/opt/ap/ipsec_updown" >> $IPSEC_CONF_FILE
- echo " auto=route" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_DPD_ACTION_2" = "" ];then
- IPSEC_DPD_ACTION_2="none"
- fi
- if [ "$IPSEC_DPD_DELAY_2" = "" ];then
- IPSEC_DPD_DELAY_2="30"
- fi
- if [ "$IPSEC_DPD_TIMEOUT_2" = "" ];then
- IPSEC_DPD_TIMEOUT_2="150"
- fi
- echo " ikelifetime=$IPSEC_IKE_LIFETIME_2" >> $IPSEC_CONF_FILE
- echo " lifetime=$IPSEC_PHASE2_LIFETIME_2" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_DPD_ENABLED_2" = "1" ];then
- echo " dpdaction=$IPSEC_DPD_ACTION_2" >> $IPSEC_CONF_FILE
- echo " dpddelay=$IPSEC_DPD_DELAY_2" >> $IPSEC_CONF_FILE
- echo " dpdtimeout=$IPSEC_DPD_TIMEOUT_2" >> $IPSEC_CONF_FILE
- fi
- if [ "$IPSEC_PHASE2_METHOD_2" = "esp" ];then
- echo " esp=$IPSEC_PHASE2_ALGO_2" >> $IPSEC_CONF_FILE
- else
- echo " ah=$IPSEC_PHASE2_ALGO_2" >> $IPSEC_CONF_FILE
- fi
- if [ "$IPSEC_IKE_ALGO_2" != "" ];then
- echo " ike=$IPSEC_IKE_ALGO_2" >> $IPSEC_CONF_FILE
- fi
- echo " type=$IPSEC_TUNNEL_TYPE_2" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_MODE_2" = "2" ];then
- echo " aggressive=yes" >> $IPSEC_CONF_FILE
- else
- echo " aggressive=no" >> $IPSEC_CONF_FILE
- fi
- GRE_REMOTE_IP=`cat /tmp/network$CURRENT_SECTION_ID/network.conf | grep "SECONDARY_REMOTE_IP" | sed "s/SECONDARY_REMOTE_IP=//g"`
- echo " rightsubnet=$GRE_REMOTE_IP[47]" >> $IPSEC_CONF_FILE
- set_ipsec_secret "secondary"
- }
- set_default_cipher()
- {
- LENGTH=$1
- CIPHER="aes${LENGTH}-sha2_256-modp2048,blowfish${LENGTH}-sha2_256-modp2048,camellia${LENGTH}-sha2_256-modp2048,aes${LENGTH}-sha1-modp1024,blowfish${LENGTH}-sha1-modp1024,camellia${LENGTH}-sha1-modp1024,3des-md5-modp768"
- }
- set_primary_ipsec_conf()
- {
- # Handling blank entry
- if [ "$IPSEC_IKE_ALGO" = "" ];then
- set_default_cipher 128
- IPSEC_IKE_ALGO=$CIPHER
- fi
- if [ "$IPSEC_PHASE2_ALGO" = "" ];then
- set_default_cipher 128
- IPSEC_PHASE2_ALGO=$CIPHER
- fi
- IPSEC_CONF_FILE="$IPSEC_DIR/primary_ipsec.conf"
- IPSEC_SECRET_FILE="$IPSEC_DIR/primary_ipsec.secrets"
- if [ "$IPSEC_RESTRICT_PHASE2" = "1" ];then
- IPSEC_PHASE2_ALGO=$IPSEC_PHASE2_ALGO"!"
- fi
- if [ "$IPSEC_RESTRICT_IKE" = "1" ];then
- IPSEC_IKE_ALGO=$IPSEC_IKE_ALGO"!"
- fi
- # set left authentication
- if [ "$primary_network_vlan" = "0" ];then
- local_iface="br0"
- else
- local_iface="br0.$primary_network_vlan"
- fi
- local_ip=`ifconfig $local_iface | grep inet\ addr | cut -f 2 -d ":" | cut -f 1 -d " "`
- get_ipsec_ids $local_ip
- get_ipsec_username
- echo "conn network"$CURRENT_SECTION_ID"_primary" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_LEFT_AUTH" = "xauth" ]; then
- if [ "$IPSEC_RIGHT_AUTH" = "psk" ];then
- echo " leftauth=psk" >> $IPSEC_CONF_FILE
- echo " leftauth2=xauth" >> $IPSEC_CONF_FILE
- else
- echo " leftauth=$IPSEC_LEFT_AUTH" >> $IPSEC_CONF_FILE
- fi
- else
- echo " leftauth=$IPSEC_LEFT_AUTH" >> $IPSEC_CONF_FILE
- fi
- # Handling if defaults to IP because IP maynot be available in handle_vlan_route script
- if [ "$IPSEC_LEFT_AUTH" = "eap" ];then
- echo " eap_identity=$IPSEC_EAP_USERNAME" >> $IPSEC_CONF_FILE
- echo " aaa_identity=\"$IPSEC_AAA_IDENTITY\"" >> $IPSEC_CONF_FILE
- sed -i "s/.*leftauth.*/ leftauth=$IPSEC_EAP_METHOD/" $IPSEC_CONF_FILE
- elif [ "$IPSEC_LEFT_AUTH" = "xauth" ]; then
- echo " xauth_identity=$IPSEC_XAUTH_USERNAME" >> $IPSEC_CONF_FILE
- fi
- echo " leftid=$IPSEC_LEFT_ID" >> $IPSEC_CONF_FILE
- echo " right=$IPSEC_PRIMARY_REMOTE" >> $IPSEC_CONF_FILE
- echo " rightid=$IPSEC_RIGHT_ID" >> $IPSEC_CONF_FILE
- echo " rightauth=$IPSEC_RIGHT_AUTH" >> $IPSEC_CONF_FILE
- echo " keyexchange=$IPSEC_IKE_VERSION" >> $IPSEC_CONF_FILE
- echo " left=$IPSEC_LOCAL_IP" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_VIRTUAL_IP_ENABLED" = "1" ];then
- echo " leftsourceip=%config" >> $IPSEC_CONF_FILE
- fi
- echo " leftupdown=/opt/ap/ipsec_updown" >> $IPSEC_CONF_FILE
- echo " auto=route" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_DPD_ACTION" = "" ];then
- IPSEC_DPD_ACTION="none"
- fi
- if [ "$IPSEC_DPD_DELAY" = "" ];then
- IPSEC_DPD_DELAY="30"
- fi
- if [ "$IPSEC_DPD_TIMEOUT" = "" ];then
- IPSEC_DPD_TIMEOUT="150"
- fi
- echo " ikelifetime=$IPSEC_IKE_LIFETIME" >> $IPSEC_CONF_FILE
- echo " lifetime=$IPSEC_PHASE2_LIFETIME" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_DPD_ENABLED" = "1" ];then
- echo " dpdaction=$IPSEC_DPD_ACTION" >> $IPSEC_CONF_FILE
- echo " dpddelay=$IPSEC_DPD_DELAY" >> $IPSEC_CONF_FILE
- echo " dpdtimeout=$IPSEC_DPD_TIMEOUT" >> $IPSEC_CONF_FILE
- fi
- if [ "$IPSEC_PHASE2_METHOD" = "esp" ];then
- echo " esp=$IPSEC_PHASE2_ALGO" >> $IPSEC_CONF_FILE
- else
- echo " ah=$IPSEC_PHASE2_ALGO" >> $IPSEC_CONF_FILE
- fi
- if [ "$IPSEC_IKE_ALGO" != "" ];then
- echo " ike=$IPSEC_IKE_ALGO" >> $IPSEC_CONF_FILE
- fi
- echo " type=$IPSEC_TUNNEL_TYPE" >> $IPSEC_CONF_FILE
- if [ "$IPSEC_MODE" = "2" ];then
- echo " aggressive=yes" >> $IPSEC_CONF_FILE
- else
- echo " aggressive=no" >> $IPSEC_CONF_FILE
- fi
- GRE_REMOTE_IP=`cat /tmp/network$CURRENT_SECTION_ID/network.conf | grep "PRIMARY_REMOTE_IP" | sed "s/PRIMARY_REMOTE_IP=//g"`
- echo " rightsubnet=$GRE_REMOTE_IP[47]" >> $IPSEC_CONF_FILE
- set_ipsec_secret "primary"
- }
- init_network_section()
- {
- NETWORK_PROFILE_ID=`cat $1 | grep NETWORK_PROFILE_ID | xargs | cut -d "=" -f2`
- NETWORK_DIR="/tmp/network$CURRENT_SECTION_ID"
- EOGRE_PRIMARY_KEY=""
- EOGRE_SECONDARY_KEY=""
- NETWORK_TYPE=0
- EOGRE_PRIMARY_KEY=""
- sec_network_vlan=0
- primary_network_vlan=0
- EOGRE_SECONDARY_KEY=""
- is_secondary_network_enabled=0
- NETWORK_PING_RETRY_COUNT=0
- NETWORK_PROBE_INTERVAL=0
- NETWORK_PING_TIMEOUT=0
- PRIMARY_PRIORITY_ENABLED=0
- IPSEC_ENABLED=0
- IPSEC_PRIMARY_REMOTE=""
- IPSEC_SECONDARY_REMOTE=""
- IPSEC_LEFT_ID=""
- IPSEC_RIGHT_ID=""
- IPSEC_MODE=""
- IPSEC_TUNNEL_TYPE=""
- IPSEC_IKE_VERSION=""
- IPSEC_DPD_TIMEOUT=""
- IPSEC_DPD_DELAY=""
- IPSEC_DPD_ACTION=""
- IPSEC_LEFT_AUTH=""
- IPSEC_RIGHT_AUTH=""
- IPSEC_LEFT_PSK=""
- IPSEC_RIGHT_PSK=""
- IPSEC_VIRTUAL_IP_ENABLED=""
- IPSEC_XAUTH_PASSWORD=""
- IPSEC_XAUTH_USERNAME=""
- IPSEC_EAP_USERNAME=""
- IPSEC_EAP_PASSWORD=""
- IPSEC_AUTH_CA_MD5SUM=""
- IPSEC_AUTH_CA_FILE=""
- IPSEC_RADIUS_CA_FILE=""
- IPSEC_RADIUS_CA_MD5SUM=""
- IPSEC_PHASE2_METHOD=""
- IPSEC_IKE_ALGO=""
- IPSEC_PHASE2_ALGO=""
- IPSEC_RESTRICT_PHASE2=""
- IPSEC_RESTRICT_IKE=""
- IPSEC_AAA_IDENTITY=""
- IPSEC_IKE_LIFETIME=""
- IPSEC_DPD_ENABLED=""
- IPSEC_PHASE2_LIFETIME=""
- IPSEC_EAP_METHOD=""
- IPSEC_LEFT_ID_2=""
- IPSEC_RIGHT_ID_2=""
- IPSEC_MODE_2=""
- IPSEC_TUNNEL_TYPE_2=""
- IPSEC_IKE_VERSION_2=""
- IPSEC_DPD_TIMEOUT_2=""
- IPSEC_DPD_DELAY_2=""
- IPSEC_DPD_ACTION_2=""
- IPSEC_LEFT_AUTH_2=""
- IPSEC_RIGHT_AUTH_2=""
- IPSEC_LEFT_PSK_2=""
- IPSEC_RIGHT_PSK_2=""
- IPSEC_VIRTUAL_IP_ENABLED_2=""
- IPSEC_XAUTH_PASSWORD_2=""
- IPSEC_XAUTH_USERNAME_2=""
- IPSEC_EAP_USERNAME_2=""
- IPSEC_EAP_PASSWORD_2=""
- IPSEC_AUTH_CA_MD5SUM_2=""
- IPSEC_AUTH_CA_FILE_2=""
- IPSEC_RADIUS_CA_FILE_2=""
- IPSEC_RADIUS_CA_MD5SUM_2=""
- IPSEC_PHASE2_METHOD_2=""
- IPSEC_IKE_ALGO_2=""
- IPSEC_PHASE2_ALGO_2=""
- IPSEC_RESTRICT_PHASE2_2=""
- IPSEC_RESTRICT_IKE_2=""
- IPSEC_AAA_IDENTITY_2=""
- IPSEC_IKE_LIFETIME_2=""
- IPSEC_DPD_ENABLED_2=""
- IPSEC_PHASE2_LIFETIME_2=""
- IPSEC_EAP_METHOD_2=""
- }
- process_network_section()
- {
- init_network_section $1
- if [ -d "$NETWORK_DIR" ]; then
- rm -rf $NETWORK_DIR >/dev/null 2>&1
- fi
- mkdir $NETWORK_DIR >/dev/null 2>&1
- OUT_FILE=`echo $NETWORK_DIR/network.conf`
- echo "" > $OUT_FILE
- echo "NETWORK_PROFILE_ID=$NETWORK_PROFILE_ID" > $OUT_FILE
- while read -r line
- do
- param=`echo -E "$line" | cut -f1 -d"=" | xargs`
- value=`echo -E "$line" | cut -f2- -d"="`
- if [ -z "$param" ];then
- echo "Paramname blank in line ($line). Ignoring.."
- continue
- fi
- case $param in
- "NETWORK_TYPE")
- # Disabling Network type 2 of IPSEC by overriding
- if [ "$value" = "2" ];then
- value=1
- fi
- NETWORK_TYPE=$value
- echo "NETWORK_TYPE=$value" >> $OUT_FILE
- ;;
- "PRIMARY_NETWORK_VLAN")
- sanitize_vlan_id $value
- primary_network_vlan=$?
- echo "PRIMARY_NETWORK_VLAN=$primary_network_vlan" >> $OUT_FILE
- ;;
- "PRIMARY_REMOTE_IP")
- echo "PRIMARY_REMOTE_IP=$value" >> $OUT_FILE
- ;;
- "EOGRE_PRIMARY_KEY")
- EOGRE_PRIMARY_KEY=$value
- ;;
- "SECONDARY_NETWORK_VLAN")
- sanitize_vlan_id $value
- sec_network_vlan=$?
- echo "SECONDARY_NETWORK_VLAN=$sec_network_vlan" >> $OUT_FILE
- ;;
- "SECONDARY_REMOTE_IP")
- echo "SECONDARY_REMOTE_IP=$value" >> $OUT_FILE
- ;;
- "EOGRE_SECONDARY_KEY")
- EOGRE_SECONDARY_KEY=$value
- ;;
- "SECONDARY_NETWORK_ENABLED")
- if [ "$value" = "1" ];then
- echo "SECONDARY_NETWORK_ENABLED=1" >> $OUT_FILE
- is_secondary_network_enabled=1
- fi
- ;;
- "NETWORK_PING_TIMEOUT")
- if [ "$value" = "" ];then
- value=60
- fi
- echo "NETWORK_PING_TIMEOUT=$value" >> $OUT_FILE
- ;;
- "NETWORK_PING_RETRY_COUNT")
- if [ "$value" = "" ];then
- value=3
- fi
- echo "NETWORK_PING_RETRY_COUNT=$value" >> $OUT_FILE
- ;;
- "NETWORK_PROBE_INTERVAL")
- if [ "$value" = "" ];then
- value=300
- fi
- echo "NETWORK_PROBE_INTERVAL=$value" >> $OUT_FILE
- ;;
- "PRIMARY_PRIORITY_ENABLED")
- if [ "$value" = "" ];then
- value=1
- fi
- echo "PRIMARY_PRIORITY_ENABLED=$value" >> $OUT_FILE
- ;;
- "IPSEC_VIRTUAL_IP_ENABLED")
- IPSEC_VIRTUAL_IP_ENABLED=$value
- echo "IPSEC_VIRTUAL_IP_ENABLED=$value" >> $OUT_FILE
- ;;
- "IPSEC_ENABLED")
- echo "IPSEC_ENABLED=$value" >> $OUT_FILE
- ;;
- "IPSEC_PRIMARY_REMOTE")
- IPSEC_PRIMARY_REMOTE=$value
- echo "IPSEC_PRIMARY_REMOTE=$value" >> $OUT_FILE
- ;;
- "IPSEC_SECONDARY_REMOTE")
- IPSEC_SECONDARY_REMOTE=$value
- echo "IPSEC_SECONDARY_REMOTE=$value" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_ID")
- if [ "$value" != "" ];then
- IPSEC_LEFT_ID=\"$value\"
- fi
- echo "IPSEC_LEFT_ID=$IPSEC_LEFT_ID" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_ID_2")
- if [ "$value" != "" ];then
- IPSEC_LEFT_ID_2=\"$value\"
- fi
- echo "IPSEC_LEFT_ID_2=$IPSEC_LEFT_ID_2" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_ID")
- if [ "$value" != "" ];then
- IPSEC_RIGHT_ID=\"$value\"
- fi
- echo "IPSEC_RIGHT_ID=$IPSEC_RIGHT_ID" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_ID_2")
- if [ "$value" != "" ];then
- IPSEC_RIGHT_ID_2=\"$value\"
- fi
- echo "IPSEC_RIGHT_ID_2=$IPSEC_RIGHT_ID_2" >> $OUT_FILE
- ;;
- "IPSEC_MODE")
- IPSEC_MODE=$value
- echo "IPSEC_MODE=$IPSEC_MODE" >> $OUT_FILE
- ;;
- "IPSEC_MODE_2")
- IPSEC_MODE_2=$value
- echo "IPSEC_MODE_2=$IPSEC_MODE_2" >> $OUT_FILE
- ;;
- "IPSEC_TUNNEL_TYPE")
- if [ "$value" = "" -o "$value" = "1" ];then
- IPSEC_TUNNEL_TYPE="tunnel"
- else
- IPSEC_TUNNEL_TYPE="transport"
- fi
- echo "IPSEC_TUNNEL_TYPE=$IPSEC_TUNNEL_TYPE" >> $OUT_FILE
- ;;
- "IPSEC_TUNNEL_TYPE_2")
- if [ "$value" = "" -o "$value" = "1" ];then
- IPSEC_TUNNEL_TYPE_2="tunnel"
- else
- IPSEC_TUNNEL_TYPE_2="transport"
- fi
- echo "IPSEC_TUNNEL_TYPE_2=$IPSEC_TUNNEL_TYPE" >> $OUT_FILE
- ;;
- "IPSEC_IKE_VERSION")
- IPSEC_IKE_VERSION="ikev"$value
- echo "IPSEC_IKE_VERSION=$IPSEC_IKE_VERSION" >> $OUT_FILE
- ;;
- "IPSEC_IKE_VERSION_2")
- if [ "$value" = "5" ];then
- value=1
- else
- value=2
- fi
- IPSEC_IKE_VERSION_2="ikev"$value
- echo "IPSEC_IKE_VERSION_2=$IPSEC_IKE_VERSION_2" >> $OUT_FILE
- ;;
- "IPSEC_PHASE2_METHOD")
- IPSEC_PHASE2_METHOD=$value
- if [ "$IPSEC_PHASE2_METHOD" = "" -o "$IPSEC_PHASE2_METHOD" = "3" ];then
- echo "IPSEC_PHASE2_METHOD=esp" >> $OUT_FILE
- IPSEC_PHASE2_METHOD="esp"
- else
- echo "IPSEC_PHASE2_METHOD=ah" >> $OUT_FILE
- IPSEC_PHASE2_METHOD="ah"
- fi
- ;;
- "IPSEC_PHASE2_METHOD_2")
- IPSEC_PHASE2_METHOD_2=$value
- if [ "$IPSEC_PHASE2_METHOD_2" = "" -o "$IPSEC_PHASE2_METHOD_2" = "7" ];then
- echo "IPSEC_PHASE2_METHOD_2=esp" >> $OUT_FILE
- IPSEC_PHASE2_METHOD_2="esp"
- else
- echo "IPSEC_PHASE2_METHOD_2=ah" >> $OUT_FILE
- IPSEC_PHASE2_METHOD_2="ah"
- fi
- ;;
- "IPSEC_DPD_DELAY")
- IPSEC_DPD_DELAY=$value
- if [ "$IPSEC_DPD_DELAY" = "" ];then
- IPSEC_DPD_DELAY=30
- fi
- ;;
- "IPSEC_DPD_DELAY_2")
- IPSEC_DPD_DELAY_2=$value
- if [ "$IPSEC_DPD_DELAY_2" = "" ];then
- IPSEC_DPD_DELAY_2=30
- fi
- ;;
- "IPSEC_DPD_TIMEOUT")
- IPSEC_DPD_TIMEOUT=$value
- if [ "$IPSEC_DPD_TIMEOUT" = "" ];then
- IPSEC_DPD_TIMEOUT=150
- fi
- ;;
- "IPSEC_DPD_TIMEOUT_2")
- IPSEC_DPD_TIMEOUT_2=$value
- if [ "$IPSEC_DPD_TIMEOUT_2" = "" ];then
- IPSEC_DPD_TIMEOUT_2=150
- fi
- ;;
- "IPSEC_DPD_ACTION")
- IPSEC_DPD_ACTION=$value
- if [ "$IPSEC_DPD_ACTION" = "" -o "$IPSEC_DPD_ACTION" = "1" ];then
- IPSEC_DPD_ACTION="none"
- elif [ "$IPSEC_DPD_ACTION" = "2" ];then
- IPSEC_DPD_ACTION="restart"
- fi
- ;;
- "IPSEC_DPD_ACTION_2")
- IPSEC_DPD_ACTION_2=$value
- if [ "$IPSEC_DPD_ACTION_2" = "" -o "$IPSEC_DPD_ACTION_2" = "1" ];then
- IPSEC_DPD_ACTION_2="none"
- elif [ "$IPSEC_DPD_ACTION_2" = "2" ];then
- IPSEC_DPD_ACTION_2="restart"
- fi
- ;;
- "IPSEC_XAUTH_PASSWORD")
- if [ "$value" != "" ];then
- IPSEC_XAUTH_PASSWORD=\"$value\"
- fi
- echo "IPSEC_XAUTH_PASSWORD=$IPSEC_XAUTH_PASSWORD" >> $OUT_FILE
- ;;
- "IPSEC_XAUTH_PASSWORD_2")
- if [ "$value" != "" ];then
- IPSEC_XAUTH_PASSWORD_2=\"$value\"
- fi
- echo "IPSEC_XAUTH_PASSWORD_2=$IPSEC_XAUTH_PASSWORD_2" >> $OUT_FILE
- ;;
- "IPSEC_XAUTH_USERNAME")
- if [ "$value" != "" ];then
- IPSEC_XAUTH_USERNAME=\"$value\"
- fi
- echo "IPSEC_XAUTH_USERNAME=$IPSEC_XAUTH_USERNAME" >> $OUT_FILE
- ;;
- "IPSEC_XAUTH_USERNAME_2")
- if [ "$value" != "" ];then
- IPSEC_XAUTH_USERNAME_2=\"$value\"
- fi
- echo "IPSEC_XAUTH_USERNAME_2=$IPSEC_XAUTH_USERNAME_2" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_AUTH")
- IPSEC_LEFT_AUTH=$value
- if [ "$IPSEC_LEFT_AUTH" = "1" ];then
- IPSEC_LEFT_AUTH="psk"
- elif [ "$IPSEC_LEFT_AUTH" = "2" ];then
- IPSEC_LEFT_AUTH="xauth"
- elif [ "$IPSEC_LEFT_AUTH" = "3" ];then
- IPSEC_LEFT_AUTH="eap"
- fi
- echo "IPSEC_LEFT_AUTH=$IPSEC_LEFT_AUTH" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_AUTH_2")
- IPSEC_LEFT_AUTH_2=$value
- if [ "$IPSEC_LEFT_AUTH_2" = "1" ];then
- IPSEC_LEFT_AUTH_2="psk"
- elif [ "$IPSEC_LEFT_AUTH_2" = "2" ];then
- IPSEC_LEFT_AUTH_2="xauth"
- elif [ "$IPSEC_LEFT_AUTH_2" = "3" ];then
- IPSEC_LEFT_AUTH_2="eap"
- fi
- echo "IPSEC_LEFT_AUTH_2=$IPSEC_LEFT_AUTH_2" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_AUTH")
- IPSEC_RIGHT_AUTH=$value
- if [ "$IPSEC_RIGHT_AUTH" = "1" ];then
- IPSEC_RIGHT_AUTH="psk"
- elif [ "$IPSEC_RIGHT_AUTH" = "2" ];then
- IPSEC_RIGHT_AUTH="pubkey"
- fi
- echo "IPSEC_RIGHT_AUTH=$IPSEC_RIGHT_AUTH" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_AUTH_2")
- IPSEC_RIGHT_AUTH_2=$value
- if [ "$IPSEC_RIGHT_AUTH_2" = "1" ];then
- IPSEC_RIGHT_AUTH_2="psk"
- elif [ "$IPSEC_RIGHT_AUTH_2" = "2" ];then
- IPSEC_RIGHT_AUTH_2="pubkey"
- fi
- echo "IPSEC_RIGHT_AUTH_2=$IPSEC_RIGHT_AUTH_2" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_PSK")
- if [ "$value" != "" ];then
- IPSEC_LEFT_PSK=\"$value\"
- fi
- echo "IPSEC_LEFT_PSK=$IPSEC_LEFT_PSK" >> $OUT_FILE
- ;;
- "IPSEC_LEFT_PSK_2")
- if [ "$value" != "" ];then
- IPSEC_LEFT_PSK_2=\"$value\"
- fi
- echo "IPSEC_LEFT_PSK_2=$IPSEC_LEFT_PSK_2" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_PSK")
- if [ "$value" != "" ];then
- IPSEC_RIGHT_PSK=\"$value\"
- fi
- echo "IPSEC_RIGHT_PSK=$IPSEC_RIGHT_PSK" >> $OUT_FILE
- ;;
- "IPSEC_RIGHT_PSK_2")
- if [ "$value" != "" ];then
- IPSEC_RIGHT_PSK_2=\"$value\"
- fi
- echo "IPSEC_RIGHT_PSK_2=$IPSEC_RIGHT_PSK_2" >> $OUT_FILE
- ;;
- "IPSEC_EAP_USERNAME")
- if [ "$value" != "" ];then
- IPSEC_EAP_USERNAME=\"$value\"
- fi
- echo "IPSEC_EAP_USERNAME=$IPSEC_EAP_USERNAME" >> $OUT_FILE
- ;;
- "IPSEC_EAP_USERNAME_2")
- if [ "$value" != "" ];then
- IPSEC_EAP_USERNAME_2=\"$value\"
- fi
- echo "IPSEC_EAP_USERNAME_2=$IPSEC_EAP_USERNAME_2" >> $OUT_FILE
- ;;
- "IPSEC_EAP_PASSWORD")
- if [ "$value" != "" ];then
- IPSEC_EAP_PASSWORD=\"$value\"
- fi
- echo "IPSEC_EAP_PASSWORD=$IPSEC_EAP_PASSWORD" >> $OUT_FILE
- ;;
- "IPSEC_EAP_PASSWORD_2")
- if [ "$value" != "" ];then
- IPSEC_EAP_PASSWORD_2=\"$value\"
- fi
- echo "IPSEC_EAP_PASSWORD_2=$IPSEC_EAP_PASSWORD_2" >> $OUT_FILE
- ;;
- "IPSEC_AUTH_CA_FILE")
- IPSEC_AUTH_CA_FILE=$value
- echo "IPSEC_AUTH_CA_FILE=$value" >> $OUT_FILE
- ;;
- "IPSEC_AUTH_CA_FILE_2")
- IPSEC_AUTH_CA_FILE_2=$value
- echo "IPSEC_AUTH_CA_FILE_2=$value" >> $OUT_FILE
- ;;
- "IPSEC_AUTH_CA_MD5SUM")
- IPSEC_AUTH_CA_MD5SUM=$value
- echo "IPSEC_AUTH_CA_MD5SUM=$value" >> $OUT_FILE
- ;;
- "IPSEC_AUTH_CA_MD5SUM_2")
- IPSEC_AUTH_CA_MD5SUM_2=$value
- echo "IPSEC_AUTH_CA_MD5SUM_2=$value" >> $OUT_FILE
- ;;
- "IPSEC_RADIUS_CA_FILE")
- IPSEC_RADIUS_CA_FILE=$value
- echo "IPSEC_RADIUS_CA_FILE=$value" >> $OUT_FILE
- ;;
- "IPSEC_RADIUS_CA_FILE_2")
- IPSEC_RADIUS_CA_FILE_2=$value
- echo "IPSEC_RADIUS_CA_FILE_2=$value" >> $OUT_FILE
- ;;
- "IPSEC_RADIUS_CA_MD5SUM")
- IPSEC_RADIUS_CA_MD5SUM=$value
- echo "IPSEC_RADIUS_CA_MD5SUM=$value" >> $OUT_FILE
- ;;
- "IPSEC_RADIUS_CA_MD5SUM_2")
- IPSEC_RADIUS_CA_MD5SUM_2=$value
- echo "IPSEC_RADIUS_CA_MD5SUM_2=$value" >> $OUT_FILE
- ;;
- "IPSEC_RESTRICT_PHASE2")
- IPSEC_RESTRICT_PHASE2=$value
- ;;
- "IPSEC_RESTRICT_PHASE2_2")
- IPSEC_RESTRICT_PHASE2_2=$value
- ;;
- "IPSEC_RESTRICT_IKE")
- IPSEC_RESTRICT_IKE=$value
- ;;
- "IPSEC_RESTRICT_IKE_2")
- IPSEC_RESTRICT_IKE_2=$value
- ;;
- "IPSEC_IKE_CIPHER_START")
- if [ "$value" = "1" ];then
- IPSEC_IKE_ALGO=""
- PRIMARY_IKE_CIPHER=1
- elif [ "$value" = "2" ];then
- SECONDARY_IKE_CIPHER=1
- IPSEC_IKE_ALGO_2=""
- fi
- ;;
- "IPSEC_IKE_CIPHER_STOP")
- if [ "$value" = "1" ];then
- PRIMARY_IKE_CIPHER=""
- elif [ "$value" = "2" ];then
- SECONDARY_IKE_CIPHER=""
- fi
- ;;
- "IKE_CIPHER_ENTRY")
- CIPHER=`echo $value | sed "s/ (.*)//g"`
- CIPHER=`echo $CIPHER | sed "s/-//"`
- 3DES_PRESENT=`echo $CIPHER | grep "3des"`
- if [ "$3DES_PRESENT" != "" ];then
- CIPHER=`echo $CIPHER | sed "s/3des[0-9]*/3des/g"`
- fi
- 3DES_PRESENT=""
- CIPHER=`echo $CIPHER | sed "s/none-//g"`
- CIPHER=`echo $CIPHER | sed "s/-none//g"`
- CIPHER=`echo $CIPHER | sed "s/-noesn//g"`
- CIPHER=`echo $CIPHER | sed "s/none//g"`
- # Handling of 'any' clause
- ANY_CASE=`echo $CIPHER | grep "any"`
- if [ "$ANY_CASE" != "" ];then
- LENGTH=`echo $CIPHER | cut -d "-" -f1 | sed 's/[^0-9]*//g' | xargs`
- set_default_cipher $LENGTH
- fi
- if [ "$PRIMARY_IKE_CIPHER" = "1" ];then
- if [ "$IPSEC_IKE_ALGO" != "" ];then
- IPSEC_IKE_ALGO=$IPSEC_IKE_ALGO","
- fi
- IPSEC_IKE_ALGO=$IPSEC_IKE_ALGO"$CIPHER"
- elif [ "$SECONDARY_IKE_CIPHER" = "1" ];then
- if [ "$IPSEC_IKE_ALGO_2" != "" ];then
- IPSEC_IKE_ALGO_2=$IPSEC_IKE_ALGO_2","
- fi
- IPSEC_IKE_ALGO_2=$IPSEC_IKE_ALGO_2"$CIPHER"
- fi
- ;;
- "IPSEC_PHASE2_CIPHER_START")
- if [ "$value" = "1" ];then
- IPSEC_PHASE2_ALGO=""
- PRIMARY_PHASE2_CIPHER=1
- elif [ "$value" = "2" ];then
- IPSEC_PHASE2_ALGO_2=""
- SECONDARY_PHASE2_CIPHER=1
- fi
- ;;
- "IPSEC_PHASE2_CIPHER_STOP")
- if [ "$value" = "1" ];then
- PRIMARY_PHASE2_CIPHER=""
- elif [ "$value" = "2" ];then
- SECONDARY_PHASE2_CIPHER=""
- fi
- ;;
- "PHASE2_CIPHER_ENTRY")
- CIPHER=`echo $value | sed "s/ (.*)//g"`
- CIPHER=`echo $CIPHER | sed "s/-//"`
- 3DES_PRESENT=`echo $CIPHER | grep "3des"`
- if [ "$3DES_PRESENT" != "" ];then
- CIPHER=`echo $CIPHER | sed "s/3des[0-9]*/3des/g"`
- fi
- 3DES_PRESENT=""
- CIPHER=`echo $CIPHER | sed "s/none-//g"`
- CIPHER=`echo $CIPHER | sed "s/-none//g"`
- CIPHER=`echo $CIPHER | sed "s/-noesn//g"`
- CIPHER=`echo $CIPHER | sed "s/none//g"`
- # Handling of 'any' clause
- ANY_CASE=`echo $CIPHER | grep "any"`
- if [ "$ANY_CASE" != "" ];then
- LENGTH=`echo $CIPHER | cut -d "-" -f1 | sed 's/[^0-9]*//g' | xargs`
- set_default_cipher $LENGTH
- fi
- if [ "$PRIMARY_PHASE2_CIPHER" = "1" ];then
- if [ "$IPSEC_PHASE2_ALGO" != "" ];then
- IPSEC_PHASE2_ALGO=$IPSEC_PHASE2_ALGO","
- fi
- IPSEC_PHASE2_ALGO=$IPSEC_PHASE2_ALGO"$CIPHER"
- elif [ "$SECONDARY_PHASE2_CIPHER" = "1" ];then
- if [ "$IPSEC_PHASE2_ALGO_2" != "" ];then
- IPSEC_PHASE2_ALGO_2=$IPSEC_PHASE2_ALGO_2","
- fi
- IPSEC_PHASE2_ALGO_2=$IPSEC_PHASE2_ALGO_2"$CIPHER"
- fi
- ;;
- "IPSEC_AAA_IDENTITY")
- IPSEC_AAA_IDENTITY="$value"
- ;;
- "IPSEC_AAA_IDENTITY_2")
- IPSEC_AAA_IDENTITY_2="$value"
- ;;
- "IPSEC_IKE_LIFETIME")
- if [ "$value" = "" ];then
- value=3
- fi
- value=$value"h"
- IPSEC_IKE_LIFETIME=$value
- ;;
- "IPSEC_IKE_LIFETIME_2")
- if [ "$value" = "" ];then
- value=3
- fi
- value=$value"h"
- IPSEC_IKE_LIFETIME_2=$value
- ;;
- "IPSEC_PHASE2_LIFETIME")
- IPSEC_PHASE2_LIFETIME=$value"h"
- ;;
- "IPSEC_PHASE2_LIFETIME_2")
- IPSEC_PHASE2_LIFETIME_2=$value"h"
- ;;
- "NETWORK_PROFILE_ID")
- NETWORK_PROFILE_ID=$value
- ;;
- "IPSEC_DPD_ENABLED")
- IPSEC_DPD_ENABLED=$value
- ;;
- "IPSEC_DPD_ENABLED_2")
- IPSEC_DPD_ENABLED_2=$value
- ;;
- "IPSEC_EAP_METHOD")
- if [ "$value" = "RADIUS (eap-radius)" ];then
- IPSEC_EAP_METHOD="eap-radius"
- elif [ "$value" = "MD5 (eap-md5)" ];then
- IPSEC_EAP_METHOD="eap-md5"
- elif [ "$value" = "MSCHAPv2" ];then
- IPSEC_EAP_METHOD="eap-MSCHAPv2"
- elif [ "$value" = "PEAP (eap-peap)" ];then
- IPSEC_EAP_METHOD="eap-peap"
- else
- IPSEC_EAP_METHOD="eap"
- fi
- ;;
- "IPSEC_EAP_METHOD_2")
- if [ "$value" = "RADIUS (eap-radius)" ];then
- IPSEC_EAP_METHOD_2="eap-radius"
- elif [ "$value" = "MD5 (eap-md5)" ];then
- IPSEC_EAP_METHOD_2="eap-md5"
- elif [ "$value" = "MSCHAPv2" ];then
- IPSEC_EAP_METHOD_2="eap-MSCHAPv2"
- elif [ "$value" = "PEAP (eap-peap)" ];then
- IPSEC_EAP_METHOD_2="eap-peap";
- else
- IPSEC_EAP_METHOD_2="eap"
- fi
- ;;
- *)
- echo "Unrecognized pair $param:$value in VAP section, using default config command"
- ;;
- esac
- done < $1
- BRIDGE_NAME="br0"
- if [ "$primary_network_vlan" = "0" ]; then
- echo "ExternalInterface=$BRIDGE_NAME" >> $OUT_FILE
- else
- echo "ExternalInterface=$BRIDGE_NAME.$primary_network_vlan" >> $OUT_FILE
- fi
- echo "NetworkExternalInterface=tunbr$NETWORK_PROFILE_ID" >> $OUT_FILE
- if [ "$is_secondary_network_enabled" = "1" ]; then
- if [ "$sec_network_vlan" = "0" ]; then
- echo "SecExternalInterface=$BRIDGE_NAME" >> $OUT_FILE
- else
- echo "SecExternalInterface=$BRIDGE_NAME.$sec_network_vlan" >> $OUT_FILE
- fi
- fi
- case $NETWORK_TYPE in
- 1)
- set_gretap_conf
- ;;
- 2)
- set_gretap_conf
- IPSEC_DIR=$NETWORK_PROFILE_DIR/ipsec
- if [ ! -e $IPSEC_DIR ];then
- mkdir $IPSEC_DIR >/dev/null 2>&1
- fi
- set_primary_ipsec_conf
- # SECONDARY_IPSEC_ENABLED value ?
- if [ "$is_secondary_network_enabled" = "1" ];then
- set_gretap_conf
- set_secondary_ipsec_conf
- fi
- ;;
- *)
- echo "unknown network type $NETWORK_TYPE"
- continue;
- ;;
- esac
- return 0
- }
- handle_network_del()
- {
- echo "DEL network $CURRENT_SECTION_ID"
- /opt/ap/network_stop.sh $CURRENT_SECTION_ID delete >> /tmp/network${CURRENT_SECTION_ID}/network_stop_logs 2>&1
- cleanup_current_network_section
- }
- handle_network_mod_stop()
- {
- echo "MOD STOP network $CURRENT_SECTION_ID"
- /opt/ap/network_stop.sh $CURRENT_SECTION_ID stop >> /tmp/network${CURRENT_SECTION_ID}/network_stop_logs 2>&1
- cleanup_current_network_section
- }
- handle_network_mod_start()
- {
- process_network_section /tmp/.section_NETWORK
- if [ $? -eq 1 ]; then
- echo "MOD START NETWORK $CURRENT_SECTION_ID aborted"
- rm -rf /tmp/network${CURRENT_SECTION_ID} >/dev/null 2>&1
- return
- fi
- echo "MOD START VAP $CURRENT_SECTION_ID"
- check_and_start_network $CURRENT_SECTION_ID normal
- }
- handle_network_new()
- {
- process_network_section /tmp/.section_NETWORK
- if [ $? -eq 1 ]; then
- echo "NEW START NETWORK $CURRENT_SECTION_ID aborted"
- rm -rf /tmp/network${CURRENT_SECTION_ID} >/dev/null 2>&1
- return
- fi
- echo "NEW START VAP $CURRENT_SECTION_ID"
- check_and_start_network $CURRENT_SECTION_ID create
- }
- handle_network_section()
- {
- case $CURRENT_SECTION_CMD in
- "NEW")
- echo "calling handle_network_new"
- handle_network_new
- ;;
- "MOD_STOP")
- handle_network_mod_stop
- echo "calling handle_network_mod_stop"
- ;;
- "MOD_START")
- handle_network_mod_start
- echo "calling handle_network_mod_start"
- ;;
- "F_MOD")
- echo "fmod for network is not supported"
- ;;
- "DEL")
- handle_network_del
- echo "calling handle_network_del"
- ;;
- "START")
- echo "start for network is not supported."
- ;;
- "STOP")
- echo "stop for network is not supported."
- ;;
- *)
- echo "calling handle_network_new"
- handle_network_new
- ;;
- esac
- }
- handle_eth_new()
- {
- local conf_present
- if [ ! -f /tmp/.section_$CURRENT_SECTION ]; then
- return;
- fi
- echo "NEW START ETHSECTION $CURRENT_SECTION_ID"
- touch /tmp/wired_extension.conf
- conf_present=0
- while read -r line
- do
- param=`echo -E "$line" | cut -f1 -d"=" | xargs`
- value=`echo -E "$line" | cut -f2- -d"=" | xargs`
- if [ ! -z "$param" -a ! -z "$value" ]; then
- if [ "$value" != "-1" ]; then
- echo "$param=$value" >> /tmp/wired_extension.conf
- conf_present=1
- fi
- fi
- done < /tmp/.section_$CURRENT_SECTION
- if [ $conf_present -ne 1 ]; then
- #Remove file if no configuration is present.
- #Since, other code assumes presence of this file for configuration.
- echo "No conf present for secondary ethernet ports VLAN tagging."
- rm -f /tmp/wired_extension.conf
- fi
- }
- handle_eth_section()
- {
- if [ "$SECONDARY_ETH_EXTENSION" != "TRUE" ]; then
- echo "Wired extension not supported for this platform"
- return;
- fi
- case $CURRENT_SECTION_CMD in
- "NEW")
- echo "calling handle_eth_new"
- handle_eth_new
- ;;
- *)
- echo "non matching section command [$CURRENT_SECTION_CMD]. Calling handle_eth_new by default"
- handle_eth_new
- ;;
- esac
- }
- ## main: Script starts here.
- PARSER_VARS_FILE=/tmp/parser_vars
- ETH_MAC=`cat /tmp/eth_macs | grep eth0 | awk -F " " '{print $2}' | xargs`
- RFC_ETH_MAC=`echo $ETH_MAC | sed "s/:/-/g"`
- AP_REBOOT_COUNT=`grep "^reboot_count" /opt/sensor/pmac_status.dat | awk -F "=" '{print $2}'`
- AP_MAC_WITHOUT_COLON=`echo $ETH_MAC | sed 's/://g'`
- NAT_COUNT=0
- NOCAT_PORT=5280
- CURRENT_SECTION=$1
- CURRENT_SECTION_ID=$2
- CURRENT_SECTION_CMD=$3
- comm_vlan=`grep communication_vlan /opt/sensor/discovery.conf | cut -d "=" -f2 | xargs`
- if [ $comm_vlan -eq 0 ] ; then
- comm_vlan="br0"
- else
- comm_vlan="br0."$comm_vlan
- fi
- echo ""
- echo "`date`"
- echo "ap-config-parser.sh is called with arguments CURRENT_SECTION=$CURRENT_SECTION, CURRENT_SECTION_ID=$CURRENT_SECTION_ID, CURRENT_SECTION_CMD=$CURRENT_SECTION_CMD"
- if [ "$BUILD_V2" = "TRUE" ]; then
- if [ "$DUAL_RADIO" = "1" ]; then
- NUM_RADIOS=2
- else
- NUM_RADIOS=1
- fi
- else
- #BUILD_V1
- NUM_RADIOS=2
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- NUM_RADIOS=1
- fi
- #BUILD_V2
- fi
- case $CURRENT_SECTION in
- "RADIO")
- handle_radio_section
- ;;
- "VAP")
- handle_vap_section
- ;;
- "NETWORK")
- echo "handle_network_section CURRENT_SECTION_CMD $CURRENT_SECTION_CMD "
- handle_network_section
- ;;
- "ETHSECTION")
- echo "handle_eth_section CURRENT_SECTION_CMD $CURRENT_SECTION_CMD "
- handle_eth_section
- ;;
- esac
- ==> ./bridge_mgmt.sh <==
- #!/bin/sh
- init_vars()
- {
- if [ -f /opt/sensor/fake_mac_function ]; then
- . /opt/sensor/fake_mac_function
- fi
- DISC_CONF_FILE="/opt/sensor/discovery.conf"
- COMMUNICATION_VLAN=`grep communication_vlan $DISC_CONF_FILE | cut -d "=" -f2 | xargs`
- }
- is_service_vlan()
- {
- vlid=$1
- if [ ! -z "$service_iface_vlans" ];then
- for vl in $service_iface_vlans
- do
- [ "$vl" = "$vlid" ] && return 1
- done
- fi
- return 0
- }
- ## $1 - VLAN_ID of bridge interface
- check_and_change_bonjour_service_interface_to_bridge()
- {
- for iter_profile_dir in /tmp/profile*
- do
- iter_bonjour_conf="$iter_profile_dir/bonjour_gateway.conf"
- if [ ! -e "$iter_bonjour_conf" ]; then
- continue;
- fi
- iter_profile_id=`grep "^SSID_PROFILE_ID=" $iter_profile_dir/profile.conf | awk -F "=" '{print $2}' | xargs`
- SERVICE_IFACE_LIST=`grep "^service_interface_list=" $iter_bonjour_conf | awk -F "=" '{print $2}' | xargs`
- SERVICE_IFACE_LIST=`echo $SERVICE_IFACE_LIST | sed 's/,/\ /g' | xargs`
- NEW_SERVICE_IFACE_LIST=""
- service_iface_list_changed=0
- for service_iface in $SERVICE_IFACE_LIST
- do
- interfaceName=`echo $service_iface | awk -F "." '{print $1}' | xargs`
- vlan=`echo $service_iface | awk -F "." '{print $2}' | xargs`
- if [ "$interfaceName" = "$ETH_INTERFACE" -a "$vlan" = "$1" ]; then
- if [ "$NEW_SERVICE_IFACE_LIST" = "" ]; then
- NEW_SERVICE_IFACE_LIST=br0.$vlan
- else
- NEW_SERVICE_IFACE_LIST=`echo $NEW_SERVICE_IFACE_LIST,br0.$vlan`
- fi
- service_iface_list_changed=1
- else
- if [ "$NEW_SERVICE_IFACE_LIST" = "" ]; then
- NEW_SERVICE_IFACE_LIST=$service_iface
- else
- NEW_SERVICE_IFACE_LIST=`echo $NEW_SERVICE_IFACE_LIST,$service_iface`
- fi
- fi
- done
- if [ "$service_iface_list_changed" = "1" ]; then
- sed -i "/service_interface_list/c\service_interface_list=${NEW_SERVICE_IFACE_LIST}" $iter_profile_dir/bonjour_gateway.conf
- echo -e "\n[bridge_mgmt.sh]: Calling reload_cli /tmp/bonjour_gateway_socket MOD ${iter_profile_id}" >> /tmp/bonjour_gateway_log
- reload_cli /tmp/bonjour_gateway_socket MOD ${iter_profile_id}
- fi
- done
- }
- check_and_add_bridge_iface()
- {
- VBRNAME=$1
- NETWORK_VLAN=$2
- IFACE_TO_ADD=$3
- echo "Check and add bridge $VBRNAME, vlan id is $NETWORK_VLAN, iface is $IFACE_TO_ADD"
- ## check local network vlan bridge exist br0.<VLAN_ID>
- ## we have to check for only bridges starting with ^br
- BRIDGE_NAME="br0"
- bridge_exist=0
- bridges=`brctl show | grep -v 'bridge name' | grep ^br | awk '{print $1}' | xargs`
- for i in $bridges
- do
- if [ "$i" = "$VBRNAME" ]; then
- echo "Bridge $VBRNAME found"
- bridge_exist=1
- break;
- fi
- done
- echo "bridge $VBRNAME exist $bridge_exist"
- #XXX : Not needed now. May be we will need while doing VLAN monitoring. Also, need to check at that time, how to call this script before config_apsec_vlan_monitoring.sh script. Since handling of /tmp/handle_bridge_routing is done from config_apsec_vlan_monitoring.sh.
- #if [ "$bridge_exist" = "1" -a "$VBRNAME" = "br0" ]; then
- # br0_exist=`grep "^br0$" /tmp/handle_bridge_routing`
- # if [ "$br0_exist" = "" ]; then
- # echo "adding $VBRNAME in /tmp/handle_bridge_routing, special handling for br0"
- # echo "$VBRNAME" >> /tmp/handle_bridge_routing
- # fi
- #fi
- if [ -e "/tmp/mesh_enabled" ]; then
- ETH_INTERFACE="vle0"
- else
- ETH_INTERFACE="eth0"
- fi
- if [ "$bridge_exist" = "0" ]; then
- brctl addbr $VBRNAME
- echo "bridge $VBRNAME doesn't exist."
- echo 1 > /proc/sys/net/ipv4/conf/$VBRNAME/arp_ignore
- #echo "$VBRNAME" >> /tmp/handle_bridge_routing
- #echo "adding $VBRNAME in /tmp/handle_bridge_routing. because it is new bridge."
- if [ "$NETWORK_VLAN" = "0" ]; then
- brctl addif $VBRNAME $ETH_INTERFACE
- ifconfig $ETH_INTERFACE up
- ifconfig $VBRNAME up
- echo "$ETH_INTERFACE added in $VBRNAME"
- else
- is_service_vlan $NETWORK_VLAN
- if [ $? -ne 1 ];then
- vconfig add $ETH_INTERFACE $NETWORK_VLAN
- brctl addif $VBRNAME $ETH_INTERFACE.$NETWORK_VLAN
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 0 0
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 1 1
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 2 2
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 3 3
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 4 4
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 5 5
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 6 6
- vconfig set_egress_map $ETH_INTERFACE.$NETWORK_VLAN 7 7
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 0 0
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 1 1
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 2 2
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 3 3
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 6 6
- vconfig set_ingress_map $ETH_INTERFACE.$NETWORK_VLAN 7 7
- echo "$ETH_INTERFACE.$NETWORK_VLAN added in $VBRNAME"
- if [ "$COMMUNICATION_VLAN" != "$NETWORK_VLAN" ]; then
- iface_mac=`cat /tmp/eth_macs | grep "^eth0" | awk '{print $2}' 2>/dev/null`
- iface_fake_mac=`fakemac $iface_mac $NETWORK_VLAN 2>/dev/null`
- /sbin/ifconfig $ETH_INTERFACE.$NETWORK_VLAN hw ether $iface_fake_mac > /dev/null 2>&1
- echo "fakemac $iface_fake_mac assigned on $ETH_INTERFACE.$NETWORK_VLAN"
- fi
- ifconfig $ETH_INTERFACE.$NETWORK_VLAN up
- ifconfig $VBRNAME up
- else
- brctl addif $VBRNAME $ETH_INTERFACE.$NETWORK_VLAN
- echo "$ETH_INTERFACE.$NETWORK_VLAN added in $VBRNAME"
- ifconfig $VBRNAME up
- check_and_change_bonjour_service_interface_to_bridge $NETWORK_VLAN
- fi
- fi
- fi
- brctl addif $VBRNAME $IFACE_TO_ADD
- }
- ########################## start ######################
- echo "In $0 start : params : [$1][$2][$3][$4]"
- SERVICE_IFACE_VLAN_FILE='/tmp/service_vlans'
- if [ -e $SERVICE_IFACE_VLAN_FILE ];then
- service_iface_vlans=`cat $SERVICE_IFACE_VLAN_FILE`
- fi
- init_vars
- operation=$1
- case $operation in
- ADD)
- check_and_add_bridge_iface $2 $3 $4
- ;;
- *)
- echo "Invalid operation agrument for $0"
- ;;
- esac
- ==> ./gpio.sh <==
- #!/bin/sh
- PIN=$1
- DIR=$2
- VAL=$3
- #echo $1 $2 $3
- GPIODIR=/sys/class/gpio
- if [ ! -e $GPIODIR/gpio$PIN ]
- then
- echo $PIN > $GPIODIR/export
- fi
- if [ -e $2 ]
- then
- echo "Old vlaue:"
- cat $GPIODIR/gpio$PIN/value
- cat $GPIODIR/gpio$PIN/direction
- else
- echo $DIR > $GPIODIR/gpio$PIN/direction
- echo "Old vlaue:"
- cat $GPIODIR/gpio$PIN/value
- echo "New value:"
- echo $VAL > $GPIODIR/gpio$PIN/value
- cat $GPIODIR/gpio$PIN/value
- fi
- ==> ./gpio_dump.sh <==
- #!/bin/sh
- GPIOCHIP=0
- BASE=$(cat /sys/class/gpio/gpiochip${GPIOCHIP}/base)
- NGPIO=$(cat /sys/class/gpio/gpiochip${GPIOCHIP}/ngpio)
- max=$(($BASE+$NGPIO))
- gpio=$BASE
- while [ $gpio -lt $max ] ; do
- echo $gpio > /sys/class/gpio/export
- [ -d /sys/class/gpio/gpio${gpio} ] && {
- echo in > /sys/class/gpio/gpio${gpio}/direction
- echo "[GPIO${gpio}] value $(cat /sys/class/gpio/gpio${gpio}/value)"
- echo ${gpio} > /sys/class/gpio/unexport
- }
- gpio=$((gpio+1))
- done
- ==> ./is_portal_ssid.sh <==
- #!/bin/sh
- LST_FILE=/tmp/.portal_ssid.lst
- LST_FILE_CURR=/tmp/.portal_ssid_curr.lst
- LST_FILE_SPLASHD=/tmp/.portal_splashd.lst
- SSID_NO_PORTAL=0
- SSID_PORTAL_NO_SPLASHD=1
- SSID_PORTAL_SPLASHD=2
- ret=$SSID_NO_PORTAL
- echo "" > $LST_FILE
- echo "" > $LST_FILE_CURR
- find /tmp/ -name portal.conf > $LST_FILE
- grep "\/tmp\/profile" $LST_FILE > $LST_FILE_CURR
- while read -r line
- do
- path1=`echo -E "$line" | cut -f2 -d"/"`
- path2=`echo -E "$line" | cut -f3 -d"/"`
- path=/$path1/$path2/profile.conf
- ssid=`grep AP_SSID "$path" | cut -f2 -d"="`
- ssid=`echo -E "$ssid" | cut -f2 -d"'"`
- if [ "$ssid" = "$1" ]; then
- ret=$SSID_PORTAL_NO_SPLASHD
- ps | grep splashd > $LST_FILE_SPLASHD
- while read -r line
- do
- splashd=`echo -E "$line" | grep "$path2"`
- if [ "$splashd" != "" ]; then
- ret=$SSID_PORTAL_SPLASHD
- break
- fi
- done < $LST_FILE_SPLASHD
- rm $LST_FILE_SPLASHD
- break
- fi
- done < $LST_FILE_CURR
- if [ $ret -eq $SSID_NO_PORTAL ]; then
- echo $1 has no portal configured
- elif [ $ret -eq $SSID_PORTAL_NO_SPLASHD ]; then
- echo $1 has portal configured but splashd is not running
- elif [ $ret -eq $SSID_PORTAL_SPLASHD ]; then
- echo $1 has portal configured and splashd is running
- fi
- rm $LST_FILE
- rm $LST_FILE_CURR
- exit ${ret}
- ==> ./radius_acct_wrapper.sh <==
- #!/bin/sh
- PROFILE_ID=$3
- CALLING_STATION_ID=$1
- OPERATION=$2
- DUMMY_IP="0.0.0.0"
- TIME=`date +%s`
- PROFILE_DIR="/tmp/profile$PROFILE_ID"
- PROFILE_CONF="$PROFILE_DIR/profile.conf"
- DOT1X_PROFILE=`grep "AP_SECFILE" "$PROFILE_CONF" | cut -f2 -d '='`
- AP_SECMODE=`grep "AP_SECMODE" "$PROFILE_CONF" | cut -f2 -d '='`
- NOCAT_CONF="/tmp/profile$PROFILE_ID/nocat.conf"
- if [ "$DOT1X_PROFILE" != "" -a "$DOT1X_PROFILE" != "PSK" ];then
- exit 0
- fi
- if [ "$AP_SECMODE" = "None" -o "$AP_SECMODE" = "WPA" ];then
- is_portal_radius=`grep "OperatingMode" "$NOCAT_CONF" | sed "s/OperatingMode//" | xargs` >/dev/null 2>&1
- if [ "$is_portal_radius" = "3" ];then
- exit 0
- fi
- if [ "$OPERATION" = "start" ];then
- echo "start $CALLING_STATION_ID $CALLING_STATION_ID $DUMMY_IP $TIME $TIME" | /opt/ap/radius/radius_client acct -u$CALLING_STATION_ID -c /tmp/profile${PROFILE_ID} &
- elif [ "$OPERATION" = "stop" ];then
- ps -ef | grep "radius_client acct" | grep "$CALLING_STATION_ID" | grep -v grep | awk ' { print $1 } '|xargs kill -9
- fi
- fi
- ==> ./run_speedtest.sh <==
- #!/bin/sh
- config_file=$1
- log_file=$2
- def_str="defaults"
- vlan_ids=`cat $config_file | cut -d " " -f 1`
- vlan_id_list=`echo ${vlan_ids} | sed 's/,/ /g'`
- if [ "$def_str" = "$3" ]; then
- numth="20"
- ul1="/tmp/ul1.dat"
- ul2="/tmp/ul2.dat"
- sid="0"
- dd if=/dev/urandom of=$ul1 bs=1024 count=512 2>/dev/null
- dd if=/dev/urandom of=$ul2 bs=1024 count=256 2>/dev/null
- for v in $vlan_id_list; do
- /sbin/speedtest -vlan $v -th $numth -ul1 $ul1 -ul2 $ul2 -log $log_file -sid $sid
- done
- rm $ul1
- rm $ul2
- curr_count=`cat $config_file | cut -d " " -f 2`
- curr_count=`expr $curr_count + 1`
- max_count=`cat $config_file | cut -d " " -f 3`
- if [ $curr_count -ge $max_count ]; then
- status=`ps | grep "crond" | grep -v grep | wc -l`
- if [ $status -ge 1 ]; then
- killall crond > /dev/null
- fi
- rm $config_file > /dev/null
- else
- echo $vlan_ids $curr_count $max_count > $config_file
- fi
- fi
- ==> ./tc_wrapper.sh <==
- #!/bin/sh
- . /opt/sensor/env
- do_exit()
- {
- if [ "$tcwr_on" = "bss" ]; then
- touch /tmp/.tcwr_done
- fi
- exit ${1}
- }
- get_free_ifb_number()
- {
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- return 0
- fi
- number=0
- while [ $number -le 15 ]
- do
- cat /tmp/used_ifb_numbers | grep "^${number}:" 2>/dev/null
- if [ $? -eq 1 ]; then
- return $number;
- fi
- number=$(($number + 1))
- done
- }
- get_ifaces() {
- local cnt
- local cnt1
- local IF_DL
- local IF_UL
- local VAP_LIST
- local DYNAMIC_VAP_LIST
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- return 0
- fi
- tcwr_ssid=`cat /tmp/profile${tcwr_profile}/profile.conf | grep AP_SSID | cut -d "=" -f2 | xargs`
- tcwr_ssid=`echo $tcwr_ssid | cut -d "'" -f2 | xargs`
- VAP_LIST=`cat /tmp/profile${tcwr_profile}/profile.conf | grep ^VAP_LIST | cut -d "=" -f2 | xargs`
- DYNAMIC_VAP_LIST=`cat /tmp/profile${tcwr_profile}/profile.conf | grep ^DYNAMIC_VAP_LIST | cut -d "=" -f2 | xargs`
- cnt=1
- IF_DL=$(echo $VAP_LIST | cut -d "," -f1 | cut -d "." -f1)
- IF_UL=$(echo $VAP_LIST | cut -d "," -f1)
- tmp=$(echo $VAP_LIST | grep ",")
- echo IF_DL=$IF_DL
- echo IF_UL=$IF_UL
- if [ "$tmp" = "" ]; then
- param=`echo vap_dl${cnt}`
- echo "$param=$IF_DL"
- export $param=$IF_DL
- param=`echo vap_ul${cnt}`
- echo "$param=$IF_UL"
- export $param=$IF_UL
- cnt=`expr $cnt + 1 `
- else
- while [ "$IF_DL" != "" ]; do
- param=`echo vap_dl${cnt}`
- echo "$param=$IF_DL"
- export $param=$IF_DL
- param=`echo vap_ul${cnt}`
- echo "$param=$IF_UL"
- export $param=$IF_UL
- cnt=`expr $cnt + 1 `
- IF_DL=$(echo $VAP_LIST | cut -d "," -f${cnt} | cut -d "." -f1)
- IF_UL=$(echo $VAP_LIST | cut -d "," -f${cnt})
- done
- fi
- cnt1=1
- IF_UL=$(echo $DYNAMIC_VAP_LIST | cut -d "," -f1)
- tmp=$(echo $DYNAMIC_VAP_LIST | grep ",")
- if [ "$tmp" = "" ]; then
- param=`echo vap_ul${cnt}`
- echo "$param=$IF_UL"
- export $param=$IF_UL
- cnt=`expr $cnt + 1 `
- else
- while [ "$IF_UL" != "" ]; do
- param=`echo vap_ul${cnt}`
- echo "$param=$IF_UL"
- export $param=$IF_UL
- cnt=`expr $cnt + 1 `
- cnt1=`expr $cnt1 + 1 `
- IF_UL=$(echo $DYNAMIC_VAP_LIST | cut -d "," -f${cnt1})
- done
- fi
- return 0
- }
- lookup_ifb() {
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- return 0
- fi
- CUR_INDEX=`cat /tmp/used_ifb_numbers | grep ":${tcwr_profile}$" | cut -d ":" -f1`
- if [ "$CUR_INDEX" != "" ]; then
- IFB_UP=ifb$(expr $(expr 2 \* $CUR_INDEX) + 1)
- IFB_DOWN=ifb$(expr 2 \* $CUR_INDEX)
- # Redirections for this profile have already been set
- return 0
- fi
- return 0
- }
- clear_ifb_redir() {
- local cnt
- local vap
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- return 0
- fi
- cat /tmp/used_ifb_numbers | grep -v ":${tcwr_profile}$" > /tmp/.used_ifb_profile
- mv /tmp/.used_ifb_profile /tmp/used_ifb_numbers
- IFB_UP=ifb$(expr $(expr 2 \* $CUR_INDEX) + 1)
- IFB_DOWN=ifb$(expr 2 \* $CUR_INDEX)
- echo "UPLOAD"
- cnt=1
- vap=$(eval echo \$vap_ul${cnt})
- while [ "$vap" != "" ]; do
- tc filter del dev ${vap} parent ffff: handle 800::1 protocol ip prio 10 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_UP}
- if [ "$IPV6_SUPPORT" = "1" ]; then
- tc filter del dev ${vap} parent ffff: handle 801::1 protocol ipv6 prio 11 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_UP}
- fi
- tc qdisc del dev ${vap} ingress
- echo "${vap} ----UPLOAD----> ${IFB_UP} -> BROKEN"
- cnt=`expr $cnt + 1`
- vap=$(eval echo \$vap_ul${cnt})
- done
- echo "DOWNLOAD"
- cnt=1
- vap=$(eval echo \$vap_dl${cnt})
- while [ "$vap" != "" ]; do
- tc filter del dev ${vap} parent 1: handle 800::2 protocol ip prio 10 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_DOWN}
- if [ "$IPV6_SUPPORT" = "1" ]; then
- tc filter del dev ${vap} parent 1: handle 801::2 protocol ipv6 prio 11 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_DOWN}
- fi
- tc qdisc del dev ${vap} root handle 1: htb
- echo "${vap} ---DOWNLOAD---> ${IFB_DOWN} -> BROKEN"
- cnt=`expr $cnt + 1`
- vap=$(eval echo \$vap_dl${cnt})
- done
- tc qdisc del dev ${IFB_DOWN} root handle 2:
- tc qdisc del dev ${IFB_DOWN} root handle 1:
- tc qdisc del dev ${IFB_UP} root handle 2:
- tc qdisc del dev ${IFB_UP} root handle 1:
- ifconfig ${IFB_UP} down
- ifconfig ${IFB_DOWN} down
- return 0
- }
- set_ifb_redir() {
- local cnt
- local CUR_INDEX
- local vap
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- return 0
- fi
- if [ "${IFB_UP}${IFB_DOWN}" != "" ]; then
- return 0
- fi
- get_free_ifb_number
- CUR_INDEX=$?
- echo "${CUR_INDEX}:${tcwr_profile}" >> /tmp/used_ifb_numbers
- IFB_UP=ifb$(expr $(expr 2 \* $CUR_INDEX) + 1)
- IFB_DOWN=ifb$(expr 2 \* $CUR_INDEX)
- echo "UPLOAD"
- ifconfig ${IFB_UP} up
- ifconfig ${IFB_DOWN} up
- cnt=1
- vap=$(eval echo \$vap_ul${cnt})
- echo "cnt=$cnt vap=$vap"
- while [ "$vap" != "" ]; do
- echo "IN cnt=$cnt vap=$vap"
- tc qdisc add dev ${vap} ingress
- if [ "$?" != "0" ]; then
- do_exit 7
- fi
- tc filter add dev ${vap} parent ffff: handle ::1 protocol ip prio 10 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_UP}
- if [ "$?" != "0" ]; then
- do_exit 8
- fi
- if [ "$IPV6_SUPPORT" = "1" ]; then
- tc filter add dev ${vap} parent ffff: handle ::1 protocol ipv6 prio 11 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_UP}
- if [ "$?" != "0" ]; then
- do_exit 9
- fi
- fi
- echo "tc filter add dev ${vap} parent ffff: handle ::1 protocol ip prio 10 u32 match u32 0 0 flowid 1:1 action mirred egress redirect dev ${IFB_UP}"
- echo "${vap} ----UPLOAD----> ${IFB_UP}"
- cnt=`expr $cnt + 1`
- vap=$(eval echo \$vap_ul${cnt})
- done
- echo "DOWNLOAD"
- cnt=1
- vap=$(eval echo \$vap_dl${cnt})
- echo "cnt=$cnt vap=$vap"
- while [ "$vap" != "" ]; do
- echo "IN cnt=$cnt vap=$vap"
- tc qdisc add dev ${vap} root handle 1: htb
- if [ "$?" != "0" ]; then
- do_exit 10
- fi
- tc filter add dev ${vap} parent 1: handle ::2 protocol ip prio 10 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_DOWN}
- if [ "$?" != "0" ]; then
- do_exit 11
- fi
- if [ "$IPV6_SUPPORT" = "1" ]; then
- tc filter add dev ${vap} parent 1: handle ::2 protocol ipv6 prio 11 \
- u32 match u32 0 0 flowid 1:1 \
- action mirred egress redirect dev ${IFB_DOWN}
- if [ "$?" != "0" ]; then
- do_exit 12
- fi
- fi
- echo "${vap} ---DOWNLOAD---> ${IFB_DOWN}"
- cnt=`expr $cnt + 1`
- vap=$(eval echo \$vap_dl${cnt})
- done
- return 0
- }
- tcwr_set_ap83_rules() {
- local burst_down
- VAP_LIST=`grep "^VAP_LIST=" /tmp/profile${tcwr_profile}/profile.conf | cut -d'=' -f2 | xargs` 2>/dev/null
- IF0=$(echo $VAP_LIST | cut -d "," -f1 | cut -d "." -f1)
- IF0_UPLOAD=$(echo $VAP_LIST | cut -d "," -f1)
- if [ "$tcwr_down" != "0" ] ; then
- burst_down=$(expr $(expr $(expr $(expr $tcwr_down \* 1024) \/ 250) \/ 8) \/ 1024)
- if [ "$burst_down" = "" -o $burst_down -lt 5 ]; then
- burst_down=5
- fi
- tc qdisc add dev $IF0 root handle 1: tbf rate ${tcwr_down}"kbit" burst ${burst_down}"kb" latency 70ms
- if [ "$?" != "0" ]; then
- do_exit 13
- fi
- fi
- if [ "$tcwr_up" != "0" ] ; then
- tc qdisc add dev $IF0_UPLOAD ingress
- if [ "$?" != "0" ]; then
- do_exit 14
- fi
- tc filter add dev $IF0_UPLOAD parent ffff: protocol ip prio 20 u32 match u32 0 0 police rate ${tcwr_up}"kbit" buffer 10k drop flowid :1
- if [ "$?" != "0" ]; then
- do_exit 15
- fi
- fi
- }
- tcwr_clear_ap83_rules() {
- VAP_LIST=`grep "^VAP_LIST=" /tmp/profile${tcwr_profile}/profile.conf | cut -d'=' -f2 | xargs` 2>/dev/null
- IF0=$(echo $VAP_LIST | cut -d "," -f1 | cut -d "." -f1)
- IF0_UPLOAD=$(echo $VAP_LIST | cut -d "," -f1)
- tc qdisc del dev $IF0 root handle 1: tbf
- tc qdisc del dev $IF0_UPLOAD ingress
- }
- tcwr_set_upload_limit() {
- local tmp
- local PROFILE_DIR
- local burst_up
- if [ "$tcwr_on" = "bss" ]; then
- ## BSS specific rule
- if [ "$tcwr_up" = "" -o $tcwr_up -le 0 ]; then
- return
- fi
- burst_up=$(expr $(expr $(expr $(expr $tcwr_up \* 1024) \/ 250) \/ 8) \/ 1024)
- if [ "$burst_up" = "" -o $burst_up -lt 5 ]; then
- burst_up=5
- fi
- tmp=`tc qdisc show dev ${IFB_UP} | grep tbf`
- if [ "$tmp" != "" ]; then
- echo "Rule already applied on this BSS. Overriding BSS rule is not supported."
- # htb already set on this ifb; Ignore
- return 0
- fi
- tc qdisc add dev ${IFB_UP} root handle 1: tbf rate ${tcwr_up}"kbit" burst ${burst_up}kb latency 70ms
- if [ "$?" != "0" ]; then
- do_exit 16
- fi
- tc qdisc add dev ${IFB_UP} parent 1: handle 2: htb default 1
- if [ "$?" != "0" ]; then
- do_exit 17
- fi
- elif [ "$tcwr_on" != "" ]; then
- PROFILE_DIR="/tmp/profile${tcwr_profile}"
- if [ -e "$PROFILE_DIR/profile.conf" ] ; then
- if [ "$tcwr_up" = "-1" ]; then
- tcwr_up=`grep "^PER_USER_BANDWIDTH_UPLOAD_LIMIT=" $PROFILE_DIR/profile.conf | cut -d'=' -f2 | xargs` 2>/dev/null
- fi
- fi
- if [ "$tcwr_up" = "" -o $tcwr_up -le 0 ]; then
- return
- fi
- burst_up=$(expr $(expr $(expr $(expr $tcwr_up \* 1024) \/ 250) \/ 8) \/ 1024)
- if [ "$burst_up" = "" -o $burst_up -lt 5 ]; then
- burst_up=5
- fi
- tmp=`tc qdisc show dev ${IFB_UP} | grep htb`
- if [ "$tmp" = "" ]; then
- # HTB qdisc not found.
- tc qdisc add dev ${IFB_UP} root handle 2: htb default 1
- if [ "$?" != "0" ]; then
- do_exit 18
- fi
- fi
- get_mac_bytes
- echo "tc class add dev ${IFB_UP} parent 2: classid 2:${tcwr_classid} htb rate ${tcwr_up}kbit burst ${burst_up}k"
- tc class add dev ${IFB_UP} parent 2: classid 2:${tcwr_classid} \
- htb rate ${tcwr_up}kbit burst ${burst_up}"k"
- if [ "$?" != "0" ]; then
- do_exit 19
- fi
- echo "tc filter add dev ${IFB_UP} protocol ip parent 2: handle ::${tcwr_classid} prio 1 u32 match u32 0x${mac1}${mac2} 0xffff at -16 match u32 0x${mac3}${mac4}${mac5}${mac6} 0xffffffff at -12 flowid 2:${tcwr_classid}"
- tc filter add dev ${IFB_UP} protocol ip parent 2: handle ::${tcwr_classid} prio 1 \
- u32 match u32 0x${mac1}${mac2}${mac3}${mac4} 0xffffffff at -8 \
- match u32 0x${mac5}${mac6}0000 0xffff0000 at -4 \
- flowid 2:${tcwr_classid}
- if [ "$?" != "0" ]; then
- do_exit 20
- fi
- if [ "$IPV6_SUPPORT" = "1" ]; then
- echo "tc filter add dev ${IFB_UP} protocol ipv6 parent 2: handle ::${tcwr_classid} prio 2 u32 match u32 0x${mac1}${mac2} 0xffff at -16 match u32 0x${mac3}${mac4}${mac5}${mac6} 0xffffffff at -12 flowid 2:${tcwr_classid}"
- tc filter add dev ${IFB_UP} protocol ipv6 parent 2: handle ::${tcwr_classid} prio 2 \
- u32 match u32 0x${mac1}${mac2}${mac3}${mac4} 0xffffffff at -8 \
- match u32 0x${mac5}${mac6}0000 0xffff0000 at -4 \
- flowid 2:${tcwr_classid}
- if [ "$?" != "0" ]; then
- do_exit 21
- fi
- fi
- fi
- }
- get_mac_bytes() {
- mac1=`echo ${tcwr_on} | cut -d ":" -f1 | xargs`
- mac2=`echo ${tcwr_on} | cut -d ":" -f2 | xargs`
- mac3=`echo ${tcwr_on} | cut -d ":" -f3 | xargs`
- mac4=`echo ${tcwr_on} | cut -d ":" -f4 | xargs`
- mac5=`echo ${tcwr_on} | cut -d ":" -f5 | xargs`
- mac6=`echo ${tcwr_on} | cut -d ":" -f6 | xargs`
- }
- tcwr_set_download_limit() {
- local tmp
- local burst_down
- if [ "$tcwr_on" = "bss" ]; then
- if [ "$tcwr_down" = "" -o $tcwr_down -le 0 ]; then
- return
- fi
- burst_down=$(expr $(expr $(expr $(expr $tcwr_down \* 1024) \/ 250) \/ 8) \/ 1024)
- if [ "$burst_down" = "" -o $burst_down -lt 5 ]; then
- burst_down=5
- fi
- ## BSS specific rule
- tmp=`tc qdisc show dev ${IFB_DOWN} | grep tbf`
- if [ "$tmp" != "" ]; then
- echo "Rule already applied on this BSS. Overriding BSS rule is not supported."
- # htb already set on this ifb; Ignore
- return 0
- fi
- tc qdisc add dev ${IFB_DOWN} root handle 1: tbf rate ${tcwr_down}"kbit" burst ${burst_down}"kb" latency 70ms
- if [ "$?" != "0" ]; then
- do_exit 22
- fi
- tc qdisc add dev ${IFB_DOWN} parent 1: handle 2: htb default 1
- if [ "$?" != "0" ]; then
- do_exit 23
- fi
- elif [ "$tcwr_on" != "" ]; then
- PROFILE_DIR="/tmp/profile${tcwr_profile}"
- if [ -e "$PROFILE_DIR/profile.conf" ] ; then
- if [ "$tcwr_down" = "-1" ]; then
- tcwr_down=`grep "^PER_USER_BANDWIDTH_DOWNLOAD_LIMIT=" $PROFILE_DIR/profile.conf | cut -d'=' -f2 | xargs` 2>/dev/null
- fi
- fi
- if [ "$tcwr_down" = "" -o $tcwr_down -le 0 ]; then
- return
- fi
- burst_down=$(expr $(expr $(expr $(expr $tcwr_down \* 1024) \/ 250) \/ 8) \/ 1024)
- if [ "$burst_down" = "" -o $burst_down -lt 5 ]; then
- burst_down=5
- fi
- tmp=`tc qdisc show dev ${IFB_DOWN} | grep htb`
- if [ "$tmp" = "" ]; then
- # HTB qdisc not found.
- tc qdisc add dev ${IFB_DOWN} root handle 2: htb default 1
- if [ "$?" != "0" ]; then
- do_exit 24
- fi
- fi
- get_mac_bytes
- echo "tc class add dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid} htb rate ${tcwr_down}kbit burst ${burst_down}k"
- tc class add dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid} \
- htb rate ${tcwr_down}kbit burst ${burst_down}"kb"
- if [ "$?" != "0" ]; then
- do_exit 25
- fi
- echo "tc filter add dev ${IFB_DOWN} protocol ip parent 2: handle ::${tcwr_classid} prio 1 u32 match u32 0x${mac1}${mac2}${mac3}${mac4} 0xffffffff at -8 match u32 0x${mac5}${mac6} 0xffff0000 at -4 flowid 2:${tcwr_classid}"
- tc filter add dev ${IFB_DOWN} protocol ip parent 2: handle ::${tcwr_classid} prio 1 \
- u32 match u32 0x${mac1}${mac2} 0xffff at -16 \
- match u32 0x${mac3}${mac4}${mac5}${mac6} 0xffffffff at -12 \
- flowid 2:${tcwr_classid}
- if [ "$?" != "0" ]; then
- do_exit 26
- fi
- if [ "$IPV6_SUPPORT" = "1" ]; then
- echo "tc filter add dev ${IFB_DOWN} protocol ipv6 parent 2: handle ::${tcwr_classid} prio 2 u32 match u32 0x${mac1}${mac2}${mac3}${mac4} 0xffffffff at -8 match u32 0x${mac5}${mac6} 0xffff0000 at -4 flowid 2:${tcwr_classid}"
- tc filter add dev ${IFB_DOWN} protocol ipv6 parent 2: handle ::${tcwr_classid} prio 2 \
- u32 match u32 0x${mac1}${mac2} 0xffff at -16 \
- match u32 0x${mac3}${mac4}${mac5}${mac6} 0xffffffff at -12 \
- flowid 2:${tcwr_classid}
- if [ "$?" != "0" ]; then
- do_exit 27
- fi
- fi
- fi
- }
- get_profile() {
- echo "$1"
- }
- clear_rule_sta() {
- ## Clearing Download limits
- echo "tc filter del dev ${IFB_DOWN} parent 2: protocol ip handle 800::${tcwr_classid} prio 1 u32"
- tc filter del dev ${IFB_DOWN} parent 2: protocol ip handle 800::${tcwr_classid} prio 1 u32
- echo "tc class del dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid}"
- tc class del dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid}
- ## Clearing upload limits
- echo "tc filter del dev ${IFB_UP} parent 2: protocol ip handle 800::${tcwr_classid} prio 1 u32"
- tc filter del dev ${IFB_UP} parent 2: protocol ip handle 800::${tcwr_classid} prio 1 u32
- echo "tc class del dev ${IFB_UP} parent 2: classid 2:${tcwr_classid}"
- tc class del dev ${IFB_UP} parent 2: classid 2:${tcwr_classid}
- ## IPV6 Clearing Download limits
- if [ "$IPV6_SUPPORT" = "1" ]; then
- echo "tc filter del dev ${IFB_DOWN} parent 2: protocol ipv6 handle 800::${tcwr_classid} prio 2 u32"
- tc filter del dev ${IFB_DOWN} parent 2: protocol ipv6 handle 801::${tcwr_classid} prio 2 u32
- ## Clearing upload limits
- echo "tc filter del dev ${IFB_UP} parent 2: protocol ipv6 handle 800::${tcwr_classid} prio 2 u32"
- tc filter del dev ${IFB_UP} parent 2: protocol ipv6 handle 801::${tcwr_classid} prio 2 u32
- fi
- echo "tc class del dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid}"
- tc class del dev ${IFB_DOWN} parent 2: classid 2:${tcwr_classid}
- echo "tc class del dev ${IFB_UP} parent 2: classid 2:${tcwr_classid}"
- tc class del dev ${IFB_UP} parent 2: classid 2:${tcwr_classid}
- }
- tcwr_parse_args() {
- local i=1
- local arg
- while [ $i -le $# ]; do
- arg=$(eval echo \$${i})
- case $arg in
- "limit")
- tcwr_action=limit
- ;;
- "clear")
- tcwr_action=clear
- ;;
- "profile")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_profile=$(get_profile $arg)
- ;;
- "sta")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_on=${arg}
- ;;
- "classid")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_classid=${arg}
- ;;
- "bss")
- tcwr_on=${arg}
- ;;
- "up")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_up=${arg}
- ;;
- "down")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_down=${arg}
- ;;
- "priority")
- i=`expr $i + 1`
- arg=$(eval echo \$${i})
- tcwr_priority=${arg}
- ;;
- *)
- echo "Unrecognized string \"$arg\""
- do_exit 28
- esac
- i=`expr $i + 1`
- done
- if [ "$tcwr_action" = "" -o "$tcwr_profile" = "" -o "$tcwr_on" = "" ]; then
- echo "action/profile/action_on should not be empty"
- do_exit 29
- fi
- if [ "$tcwr_action" = "limit" -a "$tcwr_up" = "" -a "$tcwr_down" = "" ]; then
- echo "No Upload and Download Limits specified (Please sepcify at least one of them)"
- do_exit 30
- fi
- if [ "$tcwr_on" != "bss" -a "$tcwr_classid" = "" ]; then
- echo "Please specify classid"
- do_exit 31
- fi
- }
- handle_action_limit() {
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- if [ "$tcwr_on" = "bss" ]; then
- tcwr_clear_ap83_rules
- tcwr_set_ap83_rules
- fi
- return 0
- fi
- set_ifb_redir
- if [ "$?" != 0 ]; then
- echo "Failed to set Redirections"
- do_exit 32
- fi
- if [ "$tcwr_on" != "bss" ]; then
- clear_rule_sta
- fi
- if [ "$tcwr_up" != "" ]; then
- tcwr_set_upload_limit
- fi
- if [ "$tcwr_down" != "" ]; then
- tcwr_set_download_limit
- fi
- return 0
- }
- handle_action_clear() {
- if [ "$PLATFORM_TYPE" = "PLATFORM_LITEON_AP83" ]; then
- if [ "$tcwr_on" = "bss" ]; then
- tcwr_clear_ap83_rules
- fi
- return 0
- fi
- if [ "$IFB_DOWN" = "" -a "$IFB_UP" = "" ]; then
- echo "Rules already cleared for this profile"
- do_exit 0
- fi
- if [ "$tcwr_on" = "bss" ]; then
- clear_ifb_redir
- else
- clear_rule_sta
- fi
- return 0
- }
- ## main ##
- rm -f /tmp/.tcwr_done
- IPV6_SUPPORT=`cat /opt/sensor/capability.conf | sed 's/^[[:blank:]]*//;' | grep "^advance_ipv6" | cut -d "=" -f2 | xargs`
- tcwr_action=""
- tcwr_up=""
- tcwr_on=""
- tcwr_profile=""
- tcwr_down=""
- tcwr_classid=""
- tcwr_ssid=""
- tcwr_priority=""
- tcwr_parse_args $*
- echo tcwr_action=$tcwr_action
- echo tcwr_up=$tcwr_up
- echo tcwr_on=$tcwr_on
- echo tcwr_profile=$tcwr_profile
- echo tcwr_down=$tcwr_down
- echo "PLATFORM=$PLATFORM_TYPE"
- get_ifaces
- if [ "$?" != 0 ]; then
- echo "Failed to find VAP_LIST"
- do_exit 33
- fi
- lookup_ifb
- echo "IFB_UP=$IFB_UP"
- echo "IFB_DOWN=$IFB_DOWN"
- if [ "$tcwr_action" = "limit" ]; then
- handle_action_limit
- else
- handle_action_clear
- fi
- if [ "$tcwr_on" = "bss" ]; then
- if [ "$tcwr_action" = "limit" ]; then
- echo "bw inform $tcwr_action $tcwr_ssid $tcwr_on up $tcwr_up down $tcwr_down pri $tcwr_priority profile $tcwr_profile"
- bw inform $tcwr_action $tcwr_ssid $tcwr_on up $tcwr_up down $tcwr_down pri $tcwr_priority profile $tcwr_profile
- else
- echo "bw inform $tcwr_action $tcwr_ssid $tcwr_on pri $tcwr_priority profile $tcwr_profile"
- bw inform $tcwr_action $tcwr_ssid $tcwr_on pri $tcwr_priority profile $tcwr_profile
- fi
- else
- if [ "$tcwr_action" = "limit" ]; then
- echo "bw inform $tcwr_action $tcwr_ssid sta $tcwr_on up $tcwr_up down $tcwr_down pri $tcwr_priority profile $tcwr_profile"
- bw inform $tcwr_action $tcwr_ssid sta $tcwr_on up $tcwr_up down $tcwr_down pri $tcwr_priority profile $tcwr_profile
- else
- echo "bw inform $tcwr_action $tcwr_ssid sta $tcwr_on pri $tcwr_priority profile $tcwr_profile"
- bw inform $tcwr_action $tcwr_ssid sta $tcwr_on pri $tcwr_priority profile $tcwr_profile
- fi
- fi
- do_exit 0
- ==> ./update_smp_affinity.sh <==
- #!/bin/sh
- #
- # Copyright (c) 2015 The Linux Foundation. All rights reserved.
- # Copyright (C) 2011 OpenWrt.org
- enable_smp_affinity_wifi() {
- local device="$1"
- local hwcaps smp_affinity=1
- hwcaps=$(cat /sys/class/net/$device/hwcaps)
- irq_affinity_num=`grep $device /proc/interrupts | cut -d ':' -f 1 | tr -d ' '`
- case "${hwcaps}" in
- *11an/ac)
- smp_affinity=2
- ;;
- esac
- [ -n "$irq_affinity_num" ] && echo $smp_affinity > /proc/irq/$irq_affinity_num/smp_affinity
- }
- ==> ./validate_ip_address.sh <==
- #!/bin/sh
- is_ipv6_address () {
- __WORD="[0-9A-Fa-f]\{1,4\}"
- # flat address, no compressed __WORDs
- __FLAT="^${__WORD}\(:${__WORD}\)\{7\}$"
- # ::'s compressions excluding beginning and end edge cases
- __COMP2="^\(${__WORD}:\)\{1,1\}\(:${__WORD}\)\{1,6\}$"
- __COMP3="^\(${__WORD}:\)\{1,2\}\(:${__WORD}\)\{1,5\}$"
- __COMP4="^\(${__WORD}:\)\{1,3\}\(:${__WORD}\)\{1,4\}$"
- __COMP5="^\(${__WORD}:\)\{1,4\}\(:${__WORD}\)\{1,3\}$"
- __COMP6="^\(${__WORD}:\)\{1,5\}\(:${__WORD}\)\{1,2\}$"
- __COMP7="^\(${__WORD}:\)\{1,6\}\(:${__WORD}\)\{1,1\}$"
- # trailing :: edge case, includes case of only :: (all 0's)
- __EDGE_TAIL="^\(\(${__WORD}:\)\{1,7\}\|:\):$"
- # leading :: edge case
- __EDGE_LEAD="^:\(:${__WORD}\)\{1,7\}$"
- echo $1 | grep -q "\(${__FLAT}\)\|\(${__COMP2}\)\|\(${__COMP3}\)\|\(${__COMP4}\)\|\(${__COMP5}\)\|\(${__COMP6}\)\|\(${__COMP7}\)\|\(${__EDGE_TAIL}\)\|\(${__EDGE_LEAD}\)"
- if [ $? -eq 0 ]; then
- return 1
- fi
- return 0
- }
- is_ipv4_address () {
- __QUAD="25[0-5]\|2[0-4][0-9]\|[0-1]\?[0-9]\?[0-9]"
- echo $1 | grep -q "^\(${__QUAD}\)\(\.\(${__QUAD}\)\)\{3\}"
- if [ $? -eq 0 ]; then
- return 1
- fi
- return 0
- }
- which_ip_address () {
- is_ipv6_address $1
- if [ $? -eq 1 ]; then
- return 6
- else
- is_ipv4_address $1
- if [ $? -eq 1 ]; then
- return 4
- else
- return 0
- fi
- fi
- }
- # To merge namerservers and search entries for IPv4 and IPv6
- merge_dns_entries_sensor()
- {
- DNS_FILE=$1
- DNS_FILE_IPv4=$2
- DNS_FILE_IPv6=$3
- if [ ! -f "$DNS_FILE_IPv4" ] && [ ! -f "$DNS_FILE_IPv6" ] ; then
- # Return if both resolve.conf are absent.
- # Either variable is not set properly or something has gone wrong
- return 1
- fi
- DNS_FILE=$1
- local ipv6_search
- /bin/sh -c "echo > $DNS_FILE"
- if [ -f "$DNS_FILE_IPv4" ] ; then
- /bin/sh -c "cat $DNS_FILE_IPv4 > $DNS_FILE"
- fi
- if [ -f "$DNS_FILE_IPv6" ] ; then
- if (grep -q search $DNS_FILE) ; then
- local ipv6_search=`grep search "$DNS_FILE_IPv6" | awk '{print $2}'`
- if [ ! -z "$ipv6_search" ] ; then
- /bin/sh -c "sed -i \"s/^search.*/& $ipv6_search/\" $DNS_FILE"
- fi
- /bin/sh -c "grep nameserver $DNS_FILE_IPv6 >> $DNS_FILE"
- else
- /bin/sh -c "cat $DNS_FILE_IPv6 >> $DNS_FILE"
- fi
- fi
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement