Wi-Fi: Add support for accesspoint

Simple configuration:

admin@rpi4:/config/> edit interface wifi0 wifi
admin@rpi4:/config/interface/wifi0/wifi/> set country-code SE
admin@rpi4:/config/interface/wifi0/wifi/> set band
 2.4GHz   5GHz
admin@rpi4:/config/interface/wifi0/wifi/> set band 2.4GHz
admin@rpi4:/config/interface/wifi0/wifi/> edit ssid test
admin@rpi4:/config/interface/wifi0/wifi/ssid/test/> set secret se
admin@rpi4:/config/interface/wifi0/wifi/ssid/test/> set encryption
admin@rpi4:/config/interface/wifi0/wifi/ssid/test/>

Author: mattiaswal

src/confd/src/infix-if-wifi.c

@@ -5,8 +5,9 @@
 
 #define WPA_SUPPLICANT_FINIT_CONF "/etc/finit.d/available/wpa_supplicant-%s.conf"
 #define WPA_SUPPLICANT_CONF       "/etc/wpa_supplicant-%s.conf"
+#define HOSTAPD_SUPPLICANT_CONF   "/etc/hostapd-%s.conf"
 
-static int wifi_gen_client_config(const char *ifname, const char *ssid, const char *country, const char *secret, const char* encryption, struct dagger *net, bool first)
+static int wifi_gen_client_config(const char *ifname, const char *ssid, const char *country, const char *secret, const char* encryption, struct dagger *net, int counter)
 {
 	FILE *wpa_supplicant = NULL, *wpa = NULL;
 	char *encryption_str;
@@ -49,7 +50,7 @@ static int wifi_gen_client_config(const char *ifname, const char *ssid, const ch
 		} else {
 			asprintf(&encryption_str, "key_mgmt=SAE WPA-PSK\npsk=\"%s\"", secret);
 		}
-		if (first) {
+		if (!counter) { /* First SSID */
 			fprintf(wpa_supplicant,
 				"country=%s\n"
 				"ctrl_interface=/run/wpa_supplicant\n"
@@ -69,56 +70,162 @@ static int wifi_gen_client_config(const char *ifname, const char *ssid, const ch
 	return rc;
 
 }
+static int wifi_gen_accesspoint_config(const char *ifname, const char *ssid, const char *country, const char *secret, const char* encryption, const char *band, const char *channel, struct dagger *net, int counter)
+{
+	FILE *hostapd_conf, *hostapd_finit;
+	int rc = 0;
+
+	hostapd_finit = dagger_fopen_net_init(net, ifname, NETDAG_INIT_POST, "hostapd.sh");
+	if (!hostapd_finit) {
+		rc = SR_ERR_INTERNAL;
+		goto out;
+	}
+
+	fprintf(hostapd_finit, "# Generated by Infix confd\n");
+
+	fprintf(hostapd_finit, "if [ -f '/etc/finit.d/enabled/hostapd@%s.conf' ];then\n", ifname);
+	fprintf(hostapd_finit, "initctl -bfqn touch hostapd@%s\n", ifname);
+	fprintf(hostapd_finit, "else\n");
+	fprintf(hostapd_finit, "initctl -bfqn enable hostapd@%s\n", ifname);
+	fprintf(hostapd_finit, "fi\n");
+	fclose(hostapd_finit);
+	hostapd_conf = fopenf("a+", HOSTAPD_SUPPLICANT_CONF, ifname);
+	if (!hostapd_conf) {
+		rc = SR_ERR_INTERNAL;
+		goto out;
+	}
+
+	if (!counter) { /* First SSID */
+		bool freq_24GHz = !strcmp(band, "2.4GHz");
+		fprintf(hostapd_conf, "# Generated by Infix confd\n");
+
+		if (!strcmp(channel, "auto"))
+			channel = freq_24GHz ? "6" : "149";
+
+		fprintf(hostapd_conf,
+			"interface=%s\n"
+			"driver=nl80211\n"
+			"hw_mode=%c\n"
+			"country_code=%s\n"
+			"wmm_enabled=1\n"      /* QoS */
+			"channel=%s\n"
+			"logger_syslog=-1\n"
+			"logger_syslog_level=0\n\n"
+			"logger_stdout=0\n",
+			ifname, freq_24GHz ? 'g' : 'a', country, channel);
+		if (freq_24GHz)
+			fprintf(hostapd_conf, "ieee80211n=1\n");
+		else
+			fprintf(hostapd_conf, "ieee80211ac=1\n");
+	}
+
+
+	fprintf (hostapd_conf,
+		 "\n\n#################################\n"
+		 "# SSID %s\n"
+		 "#################################\n\n",
+		 ssid);
+	if (counter)
+		fprintf(hostapd_conf, "bss=%s_%d\n", ifname, counter);
+
+	fprintf(hostapd_conf, "ssid=%s\n", ssid);
+	if (encryption) {
+		fprintf(hostapd_conf, "wpa_key_mgmt=WPA-PSK SAE\n");
+		fprintf(hostapd_conf, "wpa_passphrase=%s\n", secret);
+		fprintf(hostapd_conf, "sae_password=%s\n", secret);
+		fputs("wpa_pairwise=CCMP\n",hostapd_conf);
+		fputs("rsn_pairwise=CCMP\n", hostapd_conf);
+		fputs("ieee80211w=1\n",hostapd_conf); /* This to allow WPA2 clients */
+		fputs("wpa=2\n",hostapd_conf);
+	}
+	fputs("ignore_broadcast_ssid=0\n", hostapd_conf);
+	fputs("\n", hostapd_conf);
+	fclose(hostapd_conf);
+out:
+	return rc;
+
+}
+static void disable_wifi(const char *ifname,  FILE *fp)
+{
+	fprintf(fp, "# Generated by Infix confd\n");
+	fprintf(fp, "iw dev %s disconnect\n", ifname);
+	fprintf(fp, "initctl -bfqn disable wifi@%s\n", ifname);
+	fprintf(fp, "initctl -bfqn disable hostapd@%s\n", ifname);
+	erasef(WPA_SUPPLICANT_CONF, ifname);
+	erasef(HOSTAPD_SUPPLICANT_CONF, ifname);
+}
 int wifi_gen(struct lyd_node *dif, struct lyd_node *cif, struct dagger *net)
 {
-	const char *ssid_name, *secret_name, *secret, *ifname, *country, *encryption, *mode;
+	const char *ssid_name, *secret_name, *secret = NULL, *ifname, *country;
+	const char *encryption, *mode, *band, *channel;;
 	struct lyd_node *wifi, *secret_node, *ssid;
-	bool first = true;
 	bool enabled;
-	ifname      = lydx_get_cattr(cif, "name");
-	enabled     = lydx_get_bool(cif, "enabled");
+        int counter = 0;
+	FILE *fp;
 
-	if (!enabled)
-		return wifi_gen_del(cif, net);
+	ifname      = lydx_get_cattr(cif, "name");
+	fp = dagger_fopen_net_init(net, ifname, NETDAG_INIT_POST, "disable-wifi.sh");
 
+	if (!fp) {
+		ERROR("Could not open disable-wifi.sh");
+		return SR_ERR_INTERNAL;
+	}
+	enabled     = lydx_get_bool(cif, "enabled");
 	wifi        = lydx_get_child(cif, "wifi");
-	if (!wifi)
-		return wifi_gen_del(cif, net);
+
+	if (!enabled || !wifi) {
+	        disable_wifi(ifname, fp);
+		goto out;
+	}
 
 	if (wifi && !lydx_get_child(wifi, "ssid")) { /* Only the precense container is set. */
-		return wifi_gen_client_config(ifname, NULL, NULL, NULL, NULL, net, true);
+		wifi_gen_client_config(ifname, NULL, NULL, NULL, NULL, net, 0);
+		goto out;
 	}
+
 	country     = lydx_get_cattr(wifi, "country-code");
 	mode        = lydx_get_cattr(wifi, "mode");
+	band        = lydx_get_cattr(wifi, "band"); /* Only set in AP mode */
+	channel     = lydx_get_cattr(wifi, "channel"); /* Only set in AP mode */
 
-
-	if (!strcmp(mode, "client")) {
+	if (!strcmp(mode, "client"))
 		erasef(WPA_SUPPLICANT_CONF, ifname);
-
-		LYX_LIST_FOR_EACH(lyd_child(wifi), ssid, "ssid") {
-			ssid_name   = lydx_get_cattr(ssid, "name");
-			secret_name = lydx_get_cattr(ssid, "secret");
-			encryption  = lydx_get_cattr(ssid, "encryption");
+	else
+		erasef(HOSTAPD_SUPPLICANT_CONF, ifname);
+	LYX_LIST_FOR_EACH(lyd_child(wifi), ssid, "ssid") {
+		ssid_name   = lydx_get_cattr(ssid, "name");
+		secret_name = lydx_get_cattr(ssid, "secret");
+		encryption  = lydx_get_cattr(ssid, "encryption");
+		if (encryption) {
 			secret_node = lydx_get_xpathf(cif, "../../keystore/symmetric-keys/symmetric-key[name='%s']", secret_name);
 			secret      = lydx_get_cattr(secret_node, "cleartext-key");
-			wifi_gen_client_config(ifname, ssid_name, country, secret, encryption, net, first);
-			first = false;
 		}
+		if (!strcmp(mode, "client")) {
+			wifi_gen_client_config(ifname, ssid_name, country, secret, encryption, net, counter);
+		} else {
+			wifi_gen_accesspoint_config(ifname, ssid_name, country, secret, encryption, band, channel, net, counter);
+		}
+		counter++;
+
 	}
 
+out:
+	fclose(fp);
 	return SR_ERR_OK;
 }
 
 int wifi_gen_del(struct lyd_node *iface,  struct dagger *net)
 {
-	const char *ifname = lydx_get_cattr(iface, "name");
-	FILE *iw = dagger_fopen_net_exit(net, ifname, NETDAG_EXIT_PRE, "iw.sh");
-
-	fprintf(iw, "# Generated by Infix confd\n");
-	fprintf(iw, "iw dev %s disconnect\n", ifname);
-	fprintf(iw, "initctl -bfqn disable wifi@%s\n", ifname);
-	fclose(iw);
-	erasef(WPA_SUPPLICANT_CONF, ifname);
-
+	const char *ifname;
+	FILE *fp;
+
+	ifname = lydx_get_cattr(iface, "name");
+	fp = dagger_fopen_net_exit(net, ifname, NETDAG_EXIT_PRE, "disable-wifi.sh");
+	if (!fp) {
+		ERROR("Failed to open disable-wifi.sh");
+		return SR_ERR_INTERNAL;
+	}
+	disable_wifi(ifname, fp);
+	fclose(fp);
 	return SR_ERR_OK;
 }

src/confd/yang/confd/infix-if-wifi.yang

@@ -183,6 +183,9 @@ submodule infix-if-wifi {
            Manual selection available for common channels.";
       }
       list ssid {
+        max-elements 1;
+        description "WiFi network configuration (currently limited to 1 SSID).";
+
         must "../country-code" {
           error-message "Country code is required when SSIDs are configured.";
         }