Patch for wlanap.cgi

Hey guys,

I installed IPFire 190 the other day (again self compiled with freshest kernel 6.12.6 because of needed ath12k-support) and noticed some “issues” with the wlanap-page.

Therefore I did some adjustments and wrote a patch for it. Please don’t ask me to make it official and submit it, I do not have a github account and don’t want one.

Anyway, maybe this adjustments will be helpful to someone (details see below). Have fun!

--- wlanap.cgi-old	2024-12-22 23:49:26.832184480 +0100
+++ wlanap.cgi-new	2024-12-22 23:49:26.816184124 +0100
@@ -30,9 +30,9 @@
 require '/var/ipfire/header.pl';
 
 my $errormessage = '';
-my %selected=();
-my %checked=();
-my %wlanapsettings=();
+my %selected = ();
+my %checked = ();
+my %wlanapsettings = ();
 
 # Read the configuration file
 &General::readhash("/var/ipfire/wlanap/settings", \%wlanapsettings);
@@ -42,17 +42,17 @@
 	"APMODE" => "on",
 	"SSID" => "IPFire",
 	"HIDESSID" => "off",
-	"ENC" => "wpa2",
-	"TXPOWER" => "auto",
-	"CHANNEL" => "0",
+	"CLIENTISOLATION" => "off",
 	"COUNTRY" => "00",
 	"HW_MODE" => "g",
+	"CHANNEL" => "0",
+	"NOSCAN" => "on",
+	"ENC" => "wpa2",
 	"PWD" => "",
+	"IEEE80211W" => "off",
 	"HTCAPS" => "",
 	"VHTCAPS" => "",
-	"NOSCAN" => "on",
-	"CLIENTISOLATION" => "off",
-	"IEEE80211W" => "off",
+	"TXPOWER" => "auto",
 });
 
 my %cgiparams = ();
@@ -94,7 +94,7 @@
 	$wlanapsettings{'NOSCAN'} = ($cgiparams{'NOSCAN'} eq 'on') ? 'on' : 'off';
 	$wlanapsettings{'ENC'} = $cgiparams{'ENC'};
 	$wlanapsettings{'PWD'} = $cgiparams{'PWD'};
-	$wlanapsettings{'IEEE80211W'} = ($cgiparams{'IEEE80211W'} eq 'on') ? 'on' : 'off';
+	$wlanapsettings{'IEEE80211W'} = $cgiparams{'IEEE80211W'};
 	$wlanapsettings{'HTCAPS'} = $cgiparams{'HTCAPS'};
 	$wlanapsettings{'VHTCAPS'} = $cgiparams{'VHTCAPS'};
 	$wlanapsettings{'TX_POWER'} = $cgiparams{'TX_POWER'};
@@ -135,31 +135,28 @@
 
 # Change old "n" to "gn"
 if ( $wlanapsettings{'HW_MODE'} eq 'n' ) {
-	$wlanapsettings{'HW_MODE'}='gn';
+	$wlanapsettings{'HW_MODE'}= 'gn';
 }
 
 $checked{'HIDESSID'}{'off'} = '';
 $checked{'HIDESSID'}{'on'} = '';
 $checked{'HIDESSID'}{$wlanapsettings{'HIDESSID'}} = "checked='checked'";
 
-$checked{'NOSCAN'}{'off'} = '';
-$checked{'NOSCAN'}{'on'} = '';
-$checked{'NOSCAN'}{$wlanapsettings{'NOSCAN'}} = "checked='checked'";
-
 $checked{'CLIENTISOLATION'}{'off'} = '';
 $checked{'CLIENTISOLATION'}{'on'} = '';
 $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'";
 
-$selected{'IEEE80211W'}{'off'} = '';
-$selected{'IEEE80211W'}{'optional'} = '';
-$selected{'IEEE80211W'}{'on'} = '';
-$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected";
+$selected{'COUNTRY'}{$wlanapsettings{'COUNTRY'}} = "selected='selected'";
+$selected{'HW_MODE'}{$wlanapsettings{'HW_MODE'}} = "selected='selected'";
+$selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'";
+
+$checked{'NOSCAN'}{'off'} = '';
+$checked{'NOSCAN'}{'on'} = '';
+$checked{'NOSCAN'}{$wlanapsettings{'NOSCAN'}} = "checked='checked'";
 
 $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'";
-$selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'";
-$selected{'COUNTRY'}{$wlanapsettings{'COUNTRY'}} = "selected='selected'";
+$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected='selected'";
 $selected{'TXPOWER'}{$wlanapsettings{'TXPOWER'}} = "selected='selected'";
-$selected{'HW_MODE'}{$wlanapsettings{'HW_MODE'}} = "selected='selected'";
 
 # Fetch all available channels
 my @channellist = &get_channellist($INTF);
@@ -270,6 +267,8 @@
 						<option value='an' $selected{'HW_MODE'}{'an'}>802.11an</option>
 						<option value='gn' $selected{'HW_MODE'}{'gn'}>802.11gn</option>
 						<option value='ac' $selected{'HW_MODE'}{'ac'}>802.11ac</option>
+						<option value='ax' $selected{'HW_MODE'}{'ax'}>802.11ax</option>
+						<option value='be' $selected{'HW_MODE'}{'be'}>802.11be</option>
 					</select>
 				</td>
 			</tr>
@@ -329,13 +328,13 @@
 				<td>$Lang::tr{'wlanap management frame protection'}</td>
 				<td>
 					<select name="IEEE80211W">
-						<option value="off" $selected{'IEEE80211W'}{'off'}>
+						<option value='off' $selected{'IEEE80211W'}{'off'}>
 							$Lang::tr{'wlanap 802.11w disabled'}
 						</option>
-						<option value="optional" $selected{'IEEE80211W'}{'optional'}>
+						<option value='optional' $selected{'IEEE80211W'}{'optional'}>
 							$Lang::tr{'wlanap 802.11w optional'}
 						</option>
-						<option value="on" $selected{'IEEE80211W'}{'on'}>
+						<option value='on' $selected{'IEEE80211W'}{'on'}>
 							$Lang::tr{'wlanap 802.11w enforced'}
 						</option>
 					</select>
@@ -407,47 +406,94 @@
 sub WriteConfig_hostapd{
 	open (CONFIGFILE, ">/var/ipfire/wlanap/hostapd.conf");
 	print CONFIGFILE <<END
+##### hostapd configuration file ##############################################
 driver=nl80211
-######################### basic hostapd configuration ##########################
-#
+logger_syslog=-1
+logger_syslog_level=4
+ctrl_interface=/var/run/hostapd
+ctrl_interface_group=0
+##### IEEE 802.11 related configuration #######################################
+ssid2=\"$wlanapsettings{'SSID'}\"
+utf8_ssid=1
 country_code=$wlanapsettings{'COUNTRY'}
-country3=0x49 # indoor
+# country3=0x49 # indoor
 ieee80211d=1
 ieee80211h=1
-channel=$wlanapsettings{'CHANNEL'}
-
-# Always advertise TPC
 local_pwr_constraint=3
 spectrum_mgmt_required=1
+channel=$wlanapsettings{'CHANNEL'}
+# acs_num_scans=
+# chanlist=
+# freqlist=
+# acs_exclude_dfs=
+# auth_algs=1
+wmm_enabled=1
+disassoc_low_ack=1
 END
 ;
  if ( $wlanapsettings{'HW_MODE'} eq 'an' ){
 	print CONFIGFILE <<END
+##### IEEE 802.11n related configuration ######################################
 hw_mode=a
 ieee80211n=1
-wmm_enabled=1
 ht_capab=$wlanapsettings{'HTCAPS'}
 END
 ;
 
  }elsif ( $wlanapsettings{'HW_MODE'} eq 'gn' ){
 	print CONFIGFILE <<END
+##### IEEE 802.11n related configuration ######################################
 hw_mode=g
 ieee80211n=1
-wmm_enabled=1
 ht_capab=$wlanapsettings{'HTCAPS'}
 END
 ;
 
  }elsif ( $wlanapsettings{'HW_MODE'} eq 'ac' ){
 	print CONFIGFILE <<END
+##### IEEE 802.11n related configuration ######################################
+hw_mode=a
+ieee80211n=1
+ht_capab=$wlanapsettings{'HTCAPS'}
+##### IEEE 802.11ac related configuration #####################################
+ieee80211ac=1
+vht_capab=$wlanapsettings{'VHTCAPS'}
+vht_oper_chwidth=1
+END
+;
+
+ }elsif ( $wlanapsettings{'HW_MODE'} eq 'ax' ){
+	print CONFIGFILE <<END
+##### IEEE 802.11n related configuration ######################################
 hw_mode=a
+ieee80211n=1
+ht_capab=$wlanapsettings{'HTCAPS'}
+##### IEEE 802.11ac related configuration #####################################
 ieee80211ac=1
+vht_capab=$wlanapsettings{'VHTCAPS'}
+vht_oper_chwidth=1
+##### IEEE 802.11ax related configuration #####################################
+ieee80211ax=1
+he_oper_chwidth=1
+END
+;
+
+ }elsif ( $wlanapsettings{'HW_MODE'} eq 'be' ){
+	print CONFIGFILE <<END
+##### IEEE 802.11n related configuration ######################################
+hw_mode=a
 ieee80211n=1
-wmm_enabled=1
 ht_capab=$wlanapsettings{'HTCAPS'}
+##### IEEE 802.11ac related configuration #####################################
+ieee80211ac=1
 vht_capab=$wlanapsettings{'VHTCAPS'}
 vht_oper_chwidth=1
+##### IEEE 802.11ax related configuration #####################################
+ieee80211ax=1
+he_oper_chwidth=1
+##### IEEE 802.11be related configuration #####################################
+ieee80211be=1
+eht_oper_chwidth=1
 END
 ;
 
@@ -459,21 +505,6 @@
 
  }
 
-print CONFIGFILE <<END;
-# Enable logging
-logger_syslog=-1
-logger_syslog_level=4
-auth_algs=1
-ctrl_interface=/var/run/hostapd
-ctrl_interface_group=0
-disassoc_low_ack=1
-
-# SSID
-ssid2=\"$wlanapsettings{'SSID'}\"
-utf8_ssid=1
-
-END
-
 if ( $wlanapsettings{'HIDESSID'} eq 'on' ){
 	print CONFIGFILE <<END
 ignore_broadcast_ssid=2
@@ -491,13 +522,13 @@
 
  if ( $wlanapsettings{'NOSCAN'} eq 'on' ){
 	print CONFIGFILE <<END
-noscan=1
+noscan=0
 END
 ;
 
  }else{
  	print CONFIGFILE <<END
-noscan=0
+noscan=1
 END
 ;
 
@@ -505,17 +536,26 @@
 
  # Management Frame Protection (802.11w)
  if ($wlanapsettings{'IEEE80211W'} eq "on") {
-	print CONFIGFILE "ieee80211w=2\n";
+	print CONFIGFILE <<END
+ieee80211w=2
+END
+;
  } elsif ($wlanapsettings{'IEEE80211W'} eq "optional") {
-	print CONFIGFILE "ieee80211w=1\n";
+	print CONFIGFILE <<END
+ieee80211w=1
+END
+;
  } else {
-	print CONFIGFILE "ieee80211w=0\n";
+	print CONFIGFILE <<END
+ieee80211w=0
+END
+;
+
  }
 
  if ( $wlanapsettings{'ENC'} eq 'wpa1'){
 	print CONFIGFILE <<END
-######################### wpa hostapd configuration ############################
-#
+##### WPA/IEEE 802.11i configuration ##########################################
 wpa=1
 wpa_passphrase=$wlanapsettings{'PWD'}
 wpa_key_mgmt=WPA-PSK
@@ -524,8 +564,7 @@
 ;
  }elsif ( $wlanapsettings{'ENC'} eq 'wpa2'){
 	print CONFIGFILE <<END
-######################### wpa hostapd configuration ############################
-#
+##### WPA/IEEE 802.11i configuration ##########################################
 wpa=2
 wpa_passphrase=$wlanapsettings{'PWD'}
 wpa_key_mgmt=WPA-PSK
@@ -534,18 +573,16 @@
 ;
  }elsif ( $wlanapsettings{'ENC'} eq 'wpa3'){
 	print CONFIGFILE <<END
-######################### wpa hostapd configuration ############################
-#
+##### WPA/IEEE 802.11i configuration ##########################################
 wpa=2
-wpa_passphrase=$wlanapsettings{'PWD'}
 wpa_key_mgmt=SAE
 rsn_pairwise=CCMP
+sae_password=$wlanapsettings{'PWD'}
 END
 ;
  } elsif ( $wlanapsettings{'ENC'} eq 'wpa1+2'){
 	print CONFIGFILE <<END
-######################### wpa hostapd configuration ############################
-#
+##### WPA/IEEE 802.11i configuration ##########################################
 wpa=3
 wpa_passphrase=$wlanapsettings{'PWD'}
 wpa_key_mgmt=WPA-PSK
@@ -555,12 +592,12 @@
 ;
  }elsif ( $wlanapsettings{'ENC'} eq 'wpa2+3'){
 	print CONFIGFILE <<END
-######################### wpa hostapd configuration ############################
-#
+##### WPA/IEEE 802.11i configuration ##########################################
 wpa=2
 wpa_passphrase=$wlanapsettings{'PWD'}
 wpa_key_mgmt=WPA-PSK SAE
 rsn_pairwise=CCMP
+sae_password=$wlanapsettings{'PWD'}
 END
 ;
  }

Details:

I did some adjustments in the type face here and there to please my inner Mr. Monk. This includes some sorting, so that the order of the items is always the same (first interface, then ssid, then hidessid, etc.).

“Management Frame Protection” did not work with the “optional”-setting for me (it always switched back to “disabled”), therefore I changed the way this option processes its input and matched it to HW_MODE or ENC.

I added basic support for 802.11ax (Wifi6) and 802.11be (Wifi7). For the latter one to work, you have to compile hostapd with “CONFIG_IEEE80211BE=y”. For now, this option is experimental!
Both options also are completely basic (no beamforming, 160Mhz-channel-width or anything else) since they heavily depend on the hardware you are using.

For better orientation, testing and bugfixing I adjusted the output that would go to “hostapd.conf” so that it largely matches the order of the original hostapd.conf from https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf, for example I brought the “logging”- and the “ssid”-parts up to the main configuration (like in the original-file).

I did a lot of reading and researching about hostapd and therefore also made some adjustments here. I did not add any options that would not work with some hardware and only commented out some other (no deletions):

I commented out “country3” because some people may want to use IPFire-Wifi in an outside environment.

I added (deactivated) options, which might come in handy for testing purposes (acs_num_scans, chanlist, freqlist, acs_exluce_dfs).

I commented out “auth_algs” since this options should only be used with WPS or WEP.

I brought “wmm_enabled” up to the main config since it is part of every HW_MODE-option.

I swapped the “noscan” options because it should be set to “1” when the checkbox on the page is NOT selected!!!

I changed the WPA3 and WPA2+3-settings because the option “sae_password” should be used instead of / additionally to “wpa_passphrase”.
Hostapd mentions that it’s ok to use “wpa_passphrase” with WPA3 and maybe it’s just me but I always had some trouble with this combination.

Suggestions:

One could add

iw phy0 channels | grep -e '[*]'

iw dev blue0 scan | grep -e 'SSID:' -e 'DS Parameter set:'

iw dev blue0 survey dump | grep -e 'frequency' -e 'noise'

for informations about neighbor-networks, channels / frequencies and their strength but this would need adjustments to the template itself, which I did not want to make at this point.

Merry Christmas everybody and a good slide Happy New Year!

Hello Lexus,

thank you for your work. The best way to get this all looked at, reviewed and approved is to send the patch to the development mailing list. There are some detailed instructions on how to do this here:

www.ipfire.org - Submitting Patches

Merry Christmas!

-Michael

Hey Michael,

first of all: Happy New Year! (a bit late but what the heck…)

Thanks for the hint with the mailing-list. I know you guys prefer github but since I’m not a developer and will not be able to help to a great extent, I consider a simple mail to be the best way.

After all, it’s just some suggestions, no bugfixing or anything else. So again, thanks for this possibility!

I have some more questions regarding hostapd and it’s implementation in IPFire. Maybe @bonnietwin could answer them (if it’s not too demanding) since I read somewhere that he is “in charge” of the WiFi-section for now.

As some of you may have already noticed, I experimented with the WiFi part of IPFire a lot, built my own version with own Add-Ons etc. to implement WiFi7 and make better use of my module.

Anyway, I built IPFire with hostapd 2.11 in August when it was not implemented by default yet. Now that it is, I noticed some differences between the “IPFire version” and the “official version” of hostapd-2.11, across which I stumbled when trying to activate

ocv (Operating Channel Validation)
and
oce (Optimized Connectivity Experience)

and IPFire told me that this function is not supported (despite acitvating it in the config-file before the compilation). The thing is, I know that it is supported in hostapd-2.11 because it worked before when I built “my own” Add-On.

So I compared the source codes and found a looooot of additional and some missing lines in the “IPFire version”. Way to many for me to understand, but maybe someone could give a brief summary of what is adapted?

In the same breath I wanted to ask why the IPFire config file for hostapd seems to be obsolete, since it is missing some options which are part of the “official” hostapd-2.11 defconfig.

Not that these options are somehow necessary (except from the WiFi7 one ), I just noticed their absence:

#CONFIG_RADIUS_TLS=y
#CONFIG_IEEE80211BE=y
#CONFIG_SAE_PK=y
#CONFIG_PASN=y
#CONFIG_DPP=y
#CONFIG_DPP2=y
#CONFIG_DPP3=y
#CONFIG_NAN_USD=y

I also noticed an additional option in IPFire, which is

CONFIG_IEEE80211W=y

I know (or guess) that this is meant to be for enabling Management Frame Protection, but since it is missing in the official hostapd (where MFP is working nonetheless) and is found nowhere else in any file of IPFire- or hostapd-sourcecode (except for the wlanap.cgi), I’ve got to ask: Is it necessary?

And last but not least:

Since I have some trouble activating 160Mhz on my wifi-module because of the frequencies in the eeprom, I also did some research on possible patches and stumbled over

linux-4.9.8-ath_ignore_eeprom_regd.patch

which was dropped from IPFire after core130 and replaced with

linux-4.14_ath_user_regd.patch

which does not seem to have any effect, since

CPTCFG_ATH_USER_REGD

is no where enabled at all.

As already and (too) often stated, I’m no developer, I’m just reading and reading and researching and trying to understand. So maybe I’m completely off the road here and my understanding is absolutely wrong. In this case: I’m sorry otherwise some elightenment would be appreciated.

Greetings

Alex