Skip to content
This repository was archived by the owner on Sep 30, 2021. It is now read-only.

Clarify options, and make backups when installing create_ap.conf file#434

Open
dlenski wants to merge 46 commits into
oblique:masterfrom
dlenski:master
Open

Clarify options, and make backups when installing create_ap.conf file#434
dlenski wants to merge 46 commits into
oblique:masterfrom
dlenski:master

Conversation

@dlenski
Copy link
Copy Markdown

@dlenski dlenski commented Mar 25, 2020

  • Add additional comments clarifying the behavior of DNS/DHCP-related options
  • Create backups so that user doesn't inadvertently clobber create_ap.conf when installing a newer version

@dlenski dlenski mentioned this pull request Apr 5, 2020
Open
dlenski added 2 commits April 15, 2020 20:27
@dlenski
restart create_ap after suspend-and-resume
380e4f4 
Uses the /lib/systemd/system-sleep mechanism.
See https://www.freedesktop.org/software/systemd/man/systemd-suspend.service.html for how this works.

For unclear reasons, this only works in /lib/systemd/system-sleep, not in /usr/lib/systemd/system-sleep.

(ping oblique#153, oblique#167)
@dlenski
Merge branch 'dlenski/restart_after_suspend_and_resume'
790c3fa
@dlenski dlenski force-pushed the master branch 2 times, most recently from 2af7132 to b14e6a1 Compare April 19, 2020 09:17
@dlenski
clarify --country option / COUNTRY config
04d4c7c
@dlenski
Allow 'gateway' to be listed as one DNS server, among several
1210770
@dlenski
Clarify MAC, ETC_HOSTS, and ADDN_HOSTS in --help, and add example cre…
69ae387 
…ate_ap.conf comments

Also makes it *possible* to set ADDN_HOSTS via create_ap.conf
@dlenski
Enable WPS push button (PBC) and PIN modes
86a3d60 
Use 'sudo create_ap --wps-pbc <id>' to simulate the button being pushed,
or 'sudo create_ap --wps-pin <id>,<pin>' to enroll a specific PIN
requested by a device.
exuvo and others added 2 commits December 3, 2023 13:52
@exuvo @dlenski
Fix incorrect DTIM_PERIOD name in example config
624eb20 
Fixes #2
@dlenski
Fix (?) WPS support
91e095a 
I added WPS push-button and PIN modes in 86a3d60, but now they don't work
for me. Apparently:

1. hostapd's built in EAP server *must* be enabled in order for WPS to
   complete.

   (Did this ever actually work for me previously, without this??)

2. Also, the 'push_button' method seems to have been replaced with
   'virtual_push_button', per the following warning message from hostapd
   (v2.9):

   ```
   WPS: Converting push_button to virtual_push_button for WPS 2.0 compliance
   ```
@dlenski
Remove the 'haveged' options and entropy watchdog
4664f05 
These were needed because of an annoying bug in old versions of
'hostapd', where the kernel's entropy pool was used incorrectly, and 'hostapd'
would decide that there wasn't enough randomness available, e.g.:

    random: Only 9/20 bytes of strong random data available from /dev/random
    random: Not enough entropy pool available for secure operations
    WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects

That issue has been fixed since hostapd v2.6, released in 2016
(https://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html),
so there's really no reason for 'create_ap' to have an entropy-checking
watchdog or to encourage users to install 'haveged'.
@dlenski
Install create_ap.resume in the proper location, /usr/lib/systemd/sys…
8bb9068 
…tem-sleep

For unclear reasons, this only worked for me on Ubuntu 16.04 if it was put
in `/lib/systemd/system-sleep`, and NOT in `/usr/lib/systemd/system-sleep`.

I'm unsure if this was a systemd bug, a distro bug, or what… but it's
probably no longer applicable on modern distros.

Fix it, and leave behind a warning comment.

Thanks to @exuvo for bringing this up in
#1.
@dlenski
Show QR code
5f7257d
@dlenski
Enabled local timezone advertisement
946c414 
This feature is specified in 802.11v-2011 7.3.2.87.

The timezone is supposed to be specified via beacon tag 98 (0x62) as a
string in "POSIX format"
(https://developer.ibm.com/articles/au-aix-posix/#understanding-the-posix-format3).

Happily, the POSIX format timezone is easily extracted from the tzfile
format (https://stackoverflow.com/a/67045287), and /etc/localtime is a
symlink to such a file.

I'm not sure what OSes, if any, will detect these tags and use them to set
timezone.  Most likely it would only be used as a fallback from some
"location-based" timezone determination algorithm.

- Android 5.x source alludes to knowledge of this 802.11 feature in `DateTimeSettings.java`:
  https://android.googlesource.com/platform/packages/apps/Settings/+/android-5.0.1_r1/src/com/android/settings/DateTimeSettings.java#113
- … but more recent versions of Android don't appear to mention it at all:
  https://android.googlesource.com/platform/packages/apps/Settings/+/main/src/com/android/settings/datetime/DateTimeSettings.java

FIXME: The capability of advertising local timezoney was added to hostapd in
https://chromium.googlesource.com/external/w1.fi/cgit/hostap/+/39b97072b2a45551e6f20e6251eeaca269f22a2d%5E%21/#F1
with the 'time_zone' variable, but appears to be broken in hostapd v2.9.
@dlenski
Enable GPS location advertisement ("French drone format")
a4e1cee 
The format is defined in this French legislative document specifying how
UAVs/drones should broadcast their GPS position and heading via vendor
elemnts in WiFi beacons:
https://www.legifrance.gouv.fr/eli/arrete/2019/12/27/ECOI1934044A/jo/texte

Wireshark dissector shows how the sub-fields are decoded:
https://gitlab.com/wireshark/wireshark/commit/7ed3180

There are other fields such as "takeoff" coordinates, takeoff-relative
altitude, heading, and aircraft serial numbers; these seem pointless for a
non-aircraft application.
@dlenski
Show QR code only if qrencode available
17c8e6d
dlenski added 7 commits March 3, 2025 15:44
@dlenski
Add WPA3 support and make WPA2/3 the default
8b7008c
@dlenski
Check for adapters which don't support 802.11w and thus can't do WPA3
6484586 
While WPA3 is "mostly" a pure-software feature, it requires 802.11w
(protected management frames) which require hardware support.

Detect adapters that don't support this and prevent them from attempting
WPA3.
@dlenski
Allow virtual AP device on separate channel if adapter supports it
c26da0d
@dlenski
Brevity
eca2b09
@dlenski
Precision
21d5aa3
@dlenski
Move confdir to /run and make name deterministic
e65f24a 
The /run directory is writable only by root, so we should be able to use the
directory `/run/create_ap.${VWIFI_IFACE}.conf/` in all cases.
@dlenski
Handle systemd's resume-from-suspend automatically
97faad1 
Instead of relying on a "static" `create_ap.resume` script (added in
8bb9068), just create one on-the-fly.

If the AP isn't working after resume-from-suspend, it will disable and
re-enable it via `hostapd_cli`.

(ping #1,
oblique#153,
oblique#167)
@dlenski
--mac-filter-accept OR --mac-filter-deny
de3f42e 
It doesn't make any sense to use both.
dlenski and others added 9 commits April 30, 2026 20:58
@dlenski
Add hidden --wep option
fa35d18 
Obviously, WEP (https://en.wikipedia.org/wiki/Wired_Equivalent_Privacy) is
thoroughly insecure and has been crackable for decades, but it can be useful
for research or testing purposes.
@joanbm @dlenski
Update frequency parsing for iw 6.7 compatibility
968d550 
[ Cherry picked from lakinduakash/linux-wifi-hotspot@50cf12c ]

Since iw 6.7, which adds 802.11ah support, iw may print fractional
frequencies (e.g. 917.4 MHz). The change in the formatting code can
also affect frequencies in the 2.4 and 5 GHz bands, so a frequency
that used to be shown as "2412 MHz" may now be shown as "2412.0 MHz".

This breaks the parsing logic in `can_transmit_to_channel`,
`ieee80211_frequency_to_channel` and `is_5ghz_frequency`.
The problem in `can_transmit_to_channel` causes an error when creating
an AP, due the frequency not being detected as supported ("ERROR:
Your adapter can not transmit to channel 1, frequency band 2.4GHz.").

Fix this by changing the parsing logic to accept a trailing ".0"
(or even ".00", etc.) suffix for the existing 2.4 and 5 GHz bands.

See also: https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=f2d9f5b52677f5414dc194be94b5916d2b080eab
          https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=e2224c729840cc33c6ea89ba5e91b69f79c88e85
          https://git.kernel.org/pub/scm/linux/kernel/git/jberg/iw.git/commit/?id=1bc6ab0abbb6f26f35d826d166d06bc28ae47b6b
@dlenski
Fix option to enable local timezone advertisement
e863af5 
Setting this to zero should disable it.
@dlenski
No QR code if not outputting to terminal
cf68756 
No need to spam log files with this
@dlenski
Verify hostapd version is >=2.6
c922446 
I should have done this back in
4664f05 ("Remove the 'haveged' options and entropy watchdog")
@dlenski
Stop supporting iwconfig
219d356 
It's old and incomplete, and only needed as a workaround
for old and buggy hardware drivers that don't support
iw/nl80211.
@dlenski
Stop working around non-nl80211 drivers
cbc42c4 
Both brcmfmac and old Realtek drivers only support very old hardware:
I don't have any to test it with.

Instead of attempting various heroic workarounds for them, just warn
about them.
@mathiassmichno @dlenski
Add --hostapd-timestamps options to create_ap
482776d 
[ Cherry picked from lakinduakash/linux-wifi-hotspot@bae89da ]
@dlenski
Add reinstall option, which doesn't clobber config file
d57d76b
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@dlenski @jyhi @exuvo @joanbm @mathiassmichno