And an interesting idea at that... My initial reaction says that this sort of defeats the purpose of "dynamic" vlan. The radius server (and in our case Active Directory attributes) determines what VLAN a client gets placed on. Having to specify what vlans might be used beforehand seems counter productive, especially since all of the firewalling etc. is being handled by a router further upstream.
After some further thought I can conjure up some use cases where you might want to specify all of this ahead of time, especially if OpenWRT was the sole router / radius server on the network. However, I'm pretty new to OpenWRT and haven't dug deep enough into the code to get anywhere near being able to implement such a function. I wrote this patch mostly to restore this functionality to Barrier Breaker: http://www.packetfence.org/news/2013/article/packetfence-now-supports-hostapd.html We don't use packet fence here, but wanted similar functionality so I found their old patches and re-worked them for the new netifd stuff. My pie in the sky thought is to have netifd monitor for new bridges and / or wlan interfaces (sounds like a kludge), or modify hostapd to notify netifd and not do any bridge creation at all (sounds hard to maintain). Either way, this is somewhat out of my league. On Mon, Mar 17, 2014 at 9:38 AM, Helmut Schaa <helmut.sc...@googlemail.com>wrote: > Hi Joe, > > On Sat, Mar 15, 2014 at 2:59 AM, Joseph CG Walker > <joe+open...@chubbypenguin.net> wrote: > > Are there any other steps / edits required to get this patch committed? > > Just a quick comment: > > Wouldn't it be nicer to add a new wifi interface type "ap_vlan" so netifd > would be aware of interface bringup/bridging instad of just passing plain > config options to hostapd. > > Something like: > > config wifi-iface iface0 > option device 'radio0' > option mode 'ap' > option network 'lan' > > config wifi-iface iface0vlan65 > option iface 'iface0' > option mode 'ap_vlan' > option network 'lan2' > option vlan 65 > > config wifi-iface iface0vlan67 > option iface 'iface0' > option mode 'ap_vlan' > option network 'other' > option vlan 67 > > > Just an idea ... > Helmut > > > Thanks, > > Joe > > > > On Mon, Mar 3, 2014 at 2:50 PM, Joseph CG Walker > > <joe+open...@chubbypenguin.net> wrote: > >> On 03/03/2014 01:14 PM, Felix Fietkau wrote: > >>> On 2014-03-03 17:59, Joseph CG Walker wrote: > >>>> > >>>> This patch brings full dynamic vlan support to netifd that existed in > hostapd.sh in Attitude Adjustment. > >>>> > >>>> This email was originally sent to n...@openwrt.org, but the CC to the > devel list was rejected, this email is another attempt at a CC. > >>>> > >>>> Signed-off-by: Joseph CG Walker <j...@chubbypenguin.net> > >>> Sorry, I've been AFK most of the time during the last days. > >>> About your use of /etc/config/hostpad.vlan: Please use /etc/config only > >>> for UCI files, not for custom-format config files. > >>> > >>> Why is that file needed anyway? > >>> > >>> - Felix > >>> > >> > >> No need for apologies, the email error was mine not yours. > >> > >> My including hostapd.vlan was mostly an attempt to follow the structure > of http://patchwork.openwrt.org/patch/2761/ however from the hostapd > documentation and from just testing it, if the file isn't changed from the > default (it wasn't) then it isn't necessary. I have removed it from my > patch. > >> > >> Thanks, > >> Joe > >> > >> Signed-off-by: Joseph CG Walker <j...@chubbypenguin.net> > >> > >> diff --git a/package/network/services/hostapd/files/netifd.sh > b/package/network/services/hostapd/files/netifd.sh > >> index f06b2ac..e587d05 100644 > >> --- a/package/network/services/hostapd/files/netifd.sh > >> +++ b/package/network/services/hostapd/files/netifd.sh > >> @@ -118,6 +118,9 @@ hostapd_common_add_bss_config() { > >> config_add_string iapp_interface > >> config_add_string eap_type ca_cert client_cert identity auth > priv_key priv_key_pwd > >> > >> + config_add_int dynamic_vlan vlan_naming > >> + config_add_string vlan_tagged_interface > >> + > >> config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' > 'key4:wepkey' 'password:wpakey' > >> > >> config_add_boolean wps_pushbutton wps_label ext_registrar > >> @@ -204,7 +207,8 @@ hostapd_set_bss_options() { > >> acct_server acct_secret acct_port \ > >> dae_client dae_secret dae_port \ > >> nasid rsn_preauth iapp_interface \ > >> - eap_reauth_period > >> + eap_reauth_period dynamic_vlan \ > >> + vlan_tagged_interface > >> > >> # legacy compatibility > >> [ -n "$auth_server" ] || json_get_var > auth_server server > >> @@ -215,6 +219,8 @@ hostapd_set_bss_options() { > >> set_default acct_port 1813 > >> set_default dae_port 3799 > >> > >> + set_default vlan_naming "1" > >> + > >> append bss_conf "auth_server_addr=$auth_server" > "$N" > >> append bss_conf "auth_server_port=$auth_port" > "$N" > >> append bss_conf > "auth_server_shared_secret=$auth_secret" "$N" > >> @@ -237,6 +243,13 @@ hostapd_set_bss_options() { > >> append bss_conf "eapol_key_index_workaround=1" > "$N" > >> append bss_conf "ieee8021x=1" "$N" > >> append bss_conf "wpa_key_mgmt=WPA-EAP" "$N" > >> + > >> + [ -n "$dynamic_vlan" ] && { > >> + append bss_conf > "dynamic_vlan=$dynamic_vlan" "$N" > >> + append bss_conf > "vlan_naming=$vlan_naming" "$N" > >> + [ -n "$vlan_tagged_interface" ] && \ > >> + append bss_conf > "vlan_tagged_interface=$vlan_tagged_interface" "$N" > >> + } > >> ;; > >> wep) > >> local wep_keyidx=0 > >> > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
