AP

1. 工具安裝

1.1 wireless tools

修改Makefile的 PREFIX
make

1.2 wpa_supplicant

編譯 libnl
編譯 openssl
編譯 wpa
修改 wpa的 Makefile，添加

DESTDIR=/usr/local/wpa
LIBS += -L/usr/local/libnl/lib
LIBS += -L/usr/local/openssl/lib
CFLAGS += -I/usr/local/libnl/include/libnl3/
CFLAGS += -I/usr/local/openssl/include/

make

2. 做客戶端

ifconfig wlan0 up
iwconfig

wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=16 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

確保是 Managed 模式

掃描AP
iwlist wlan0 scan

          Cell 02 - Address: 22:2D:78:06:00:0A
                    Channel:6
                    Frequency:2.437 GHz (Channel 6)
                    Quality=40/70  Signal level=-70 dBm
                    Encryption key:on
                    ESSID:"IFw8"
                    IE: WPA Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK

關鍵信息：channel, essid, WPA

如果沒有加密可以用 iwconfig 修改essid ，直接連接，
加密連接使用 wpa
wpa_supplicant -i wlan0 -c /etc/wpa_aa.conf -B

ctrl_interface=/var/run/wpa_supplicant
network={
        ssid="aa"
        psk="12345678"
}

成功后 ESSID 改變
iwconfig wlan0

ifw8$ iwconfig wlan0
wlan0     IEEE 802.11  ESSID:"aa"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 22:2D:78:06:00:0A
          Bit Rate=1 Mb/s   Tx-Power=16 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=43/70  Signal level=-67 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

分配IP
ifconfig wlan0 192.168.1.144 netmask 255.255.255.0
添加網關。。。

查看連接狀態
wpa_cli status
端口連接
wpa_cli terminate

hostapd

1. 確認網卡支持的模式

root #iw list | grep "Supported interface modes" -A 8

        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * P2P-client
                 * P2P-GO

2. wifi技術簡介

2.1 802.11

Technology	Frequency Band	Year	Max Speed	notes
802.11a	5GHz	1999	54Mbps	obsolete
802.11b	2.4GHz	1999	11Mbps	obsolete
802.11g	2.4GHz	2003	54Mbps	becoming obsolete
802.11n	2.4GHz or 5GHz	2009	150Mbps	can use multiple streams to increase speed (if both client and AP have more than one antenna)
802.11ac	5GHz	2013	867Mbps	can use multiple streams
802.11ax	2.4GHz or 5GHz	2019	1201Mbps	can use multiple streams, supports higher clients density

2.2 頻率和信道

Frequency	802.11	Channels
2.4GHz	b/g/n/ax	up to 14, depends on the country
5GHz	a/n/ac/ax	up to 37, depends on the country

2.3 做VAP時常用參數

頻段，信道，頻段帶寬
wifi有兩個頻段：2.4G 5G

在頻段上划分信道，減少沖突

一個信道中最大頻率與最小頻率的差，就叫做信道帶寬，在Wi-Fi中，每個信道的帶寬是22MHz。但是，實際使用中，有效的帶寬是20MHz，其中有2MHz是隔離頻帶，起保護作用。
20MHz信道帶寬對應的是65M帶寬 ，它的特性是穿透性好 傳輸的距離遠（100米左右）。
40MHz信道帶寬對應的是150M帶寬 ，它的穿透性差 傳輸的距離較近 （50米左右)。

2.4 Access Point

• An AP is like a wireless switch;
• An AP can only use one band at a time: 2.4GHz OR 5GHz, a so-called "dual-band AP" is just one AP at 2.4GHz and another at 5GHz;
• An AP using the 2.4GHz band can be b, g, n and ax at the same time (if the hardware supports it);
• An AP using the 5GHz band can be a, n, ac and ax at the same time (if the hardware supports it);
• An AP can have multiple SSIDs, making it look like multiple APs, but all will share the same band AND channel.

3. hostapd的特性

3.1 hostapd能做什么

• Create an AP;
• Create multiple APs on the same card (if the card supports it, usually up to 8);
• Create one AP on one card and another AP on a second card, all within a single instance of Hostapd;
• Use 2.4GHz and 5GHz at the same time on the same card. This requires a card with two radios though, which is pretty rare (but hostapd supports it) - if the card creates two wlanX interfaces, you might be lucky;

3.2 hostapd 不能做

• Create multiple APs on different channels on the same card. Multiple APs on the same card will share the same channel;
• Create a dual-band AP, even with two cards. But it can create two APs with the same SSID;
• Assign IPs to the devices connecting to the AP, a dhcp server is needed for that;
• Assign an IP to the AP itself, it is not hostapd's job to do that;

3.4 配置示例

3.4.1 5g

interface=wlan0
# "a" simply means 5GHz
hw_mode=a
# the channel to use, 0 means the AP will search for the channel with the least interferences (ACS)
channel=0
ieee80211d=1
country_code=FR
ieee80211n=1
# 802.11ac support
ieee80211ac=1         
wmm_enabled=1

ssid=somename
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword

3.4.2 多ssid

interface=wlan0
hw_mode=g
channel=10
ieee80211d=1
country_code=FR
ieee80211n=1
wmm_enabled=1

# First AP
ssid=test1
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword

# Second AP
# the name of the new interface hostapd will create to handle this AP 
bss=wlan1
ssid=test2
auth_algs=1
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_passphrase=someotherpassword

# Third AP
# the name of the new interface hostapd will create to handle this AP 
bss=wlan2
ssid=test3
# since there is no encryption defined, none will be used

3.5 使用5g須知

Depending on where you live, using the 5GHz band for an AP has limitations:

some channels are forbidden
some channels are for indoor use only
some channels cannot be used without first listening to make sure they are not already used by something else (no-IR, a.k.a: no initiate radiation)
some channels require DFS to be used (Dynamic Frequency Selection, to prevent interferences with radars)
some channels require TPC to be used (Transmit Power Control, to limit interferences)

The problem is that each country has its own rules and those rules are complex and regularly changing.

The package net-wireless/wireless-regdb maintains a regulatory database, for each country, of what channels can be used and with what limitations.

To use the database, you either need to emerge net-wireless/hostapd with the crda USE flag, or make the database directly available to the kernel, as you would with a firmware (the files are: /lib/firmware/regulatory.db and /lib/firmware/regulatory.db.p7s)

CRDA is on its way to being deprecated in favour of the firmware approach but is still maintained.

These limitations are somewhat recent and only implemented in 802.11n/ac/ax devices. Old devices which ignore these limitations may break the law.

3.6 固件和驅動

Some firmwares will refuse to work as APs even though they can work as clients.

Some drivers do not implement the required checks (DFS, no-IR, etc) and will also refuse to create APs on most or even all channels.

Currently only Atheros drivers (ath9k, ath10k) are know to properly support AP mode in the 5GHz band.
Most notably, the intel driver iwlwifi only has good AP mode support for the 2.4GHz band, AP mode in the 5GHz band is either disabled or crippled.

3.7 常見錯誤

3.7.1 創建多ssid失敗

當創建多個vaps，可能報錯

Invalid BSSID mask ff:ff:ff:ff:ff:fe for start address 5a:42:e7:c2:f5:8f.
Start address must be the first address in the block (i.e., addr AND mask == addr).

解決方法用iw創建第一個vap時，設置其 地址，保證最后 值為0

3.7.2 no IR

有時會顯示

iw list

Frequencies:
* 5180 MHz [36] (16.0 dBm) (no IR)
* 5200 MHz [40] (16.0 dBm) (no IR)
* 5220 MHz [44] (16.0 dBm) (no IR)
* 5240 MHz [48] (16.0 dBm) (no IR)
* 5260 MHz [52] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)
* 5280 MHz [56] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)
* 5300 MHz [60] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)

no IR 表示 不能使用此頻率，作為AP，但可以作為STA。
這是由於 無線頻率監管限制，各個地區的無線頻率規定不同，可以嘗試通過修改 地區 解決限制。
也可以修改 wireless-regdb 的 db.txt ，刪除 無線限制。

4. 編譯驅動

使用backports,參考
https://www.cnblogs.com/zengjfgit/p/7513394.html

5. 更多文檔

https://wireless.wiki.kernel.org/welcome