| #!/vendor/bin/sh |
| |
| # Do all the setup required for WiFi. |
| # The kernel driver mac80211_hwsim has already created two virtual wifi devices |
| # us. These devices are connected so that everything that's sent on one device |
| # is recieved on the other and vice versa. This allows us to create a fake |
| # WiFi network with an access point running inside the guest. Here is the setup |
| # for that and the basics of how it works. |
| # |
| # Create a namespace named router and move eth0 to it. Create a virtual ethernet |
| # pair of devices and move both one virtual ethernet interface and one virtual |
| # wifi interface into the router namespace. Then set up NAT networking for those |
| # interfaces so that traffic flowing through them reach eth0 and eventually the |
| # host and the internet. The main network namespace will now only see the other |
| # ends of those pipes and send traffic on them depending on if WiFi or radio is |
| # used. Finally run hostapd in the network namespace to create an access point |
| # for the guest to connect to and dnsmasq to serve as a DHCP server for the WiFi |
| # connection. |
| # |
| # main namespace router namespace |
| # ------- ---------- | --------------- |
| # | ril |<----->| radio0 |<--+--->| radio0-peer |<-------+ |
| # ------- ---------- | --------------- | |
| # | ^ | |
| # | | | |
| # | v v |
| # | ************* -------- |
| # | * ipv6proxy *<--->| eth0 |<--+ |
| # | ************* -------- | |
| # | ^ ^ | |
| # | | | | |
| # | v | | |
| # ------------------ --------- | --------- | | |
| # | wpa_supplicant |<->| wlan0 |<--+------->| wlan1 |<---------+ | |
| # ------------------ --------- | --------- | |
| # | ^ ^ | |
| # | | | v |
| # | v v -------- |
| # | *********** *********** | host | |
| # | * hostapd * * dnsmasq * -------- |
| # | *********** *********** |
| # |
| |
| NAMESPACE="router" |
| rm -rf /data/vendor/var/run/netns/${NAMESPACE} |
| rm -rf /data/vendor/var/run/netns/${NAMESPACE}.pid |
| # Lower the MTU of the WiFi interface to prevent issues with packet injection. |
| # The MTU of the WiFi monitor interface cannot be higher than 1500 but injection |
| # requires extra space for injection headers which count against the MTU. So if |
| # a 1500 byte payload needs to be injected it will fail because with the |
| # additional headers the total amount of data will exceed 1500 bytes. This way |
| # the payload is restricted to a smaller size that should leave room for the |
| # injection headers. |
| /system/bin/ip link set wlan0 mtu 1400 |
| |
| createns ${NAMESPACE} |
| |
| # If this is a clean boot we need to copy the hostapd configuration file to the |
| # data partition where netmgr can change it if needed. If it already exists we |
| # need to preserve the existing settings. |
| if [ ! -f /data/vendor/wifi/hostapd/hostapd.conf ]; then |
| cp /vendor/etc/simulated_hostapd.conf /data/vendor/wifi/hostapd/hostapd.conf |
| chown wifi:wifi /data/vendor/wifi/hostapd/hostapd.conf |
| chmod 660 /data/vendor/wifi/hostapd/hostapd.conf |
| fi |
| |
| # createns will have created a file that contains the process id (pid) of a |
| # process running in the network namespace. This pid is needed for some commands |
| # to access the namespace. |
| PID=$(cat /data/vendor/var/run/netns/${NAMESPACE}.pid) |
| |
| # Move the WiFi monitor interface to the other namespace and bring it up. This |
| # is what we use for injecting WiFi frames from the outside world. |
| /system/bin/ip link set hwsim0 netns ${PID} |
| execns ${NAMESPACE} /system/bin/ip link set hwsim0 up |
| |
| # Start the network manager as soon as possible after the namespace is available. |
| # This ensures that anything that follows is properly managed and monitored. |
| setprop ctl.start netmgr |
| |
| /system/bin/ip link set eth0 netns ${PID} |
| /system/bin/ip link add radio0 type veth peer name radio0-peer |
| /system/bin/ip link set radio0-peer netns ${PID} |
| # Enable privacy addresses for radio0, this is done by the framework for wlan0 |
| sysctl -wq net.ipv6.conf.radio0.use_tempaddr=2 |
| /system/bin/ip addr add 192.168.200.2/24 broadcast 192.168.200.255 dev radio0 |
| execns ${NAMESPACE} /system/bin/ip addr add 192.168.200.1/24 dev radio0-peer |
| execns ${NAMESPACE} sysctl -wq net.ipv6.conf.all.forwarding=1 |
| execns ${NAMESPACE} /system/bin/ip link set radio0-peer up |
| # Start the dhcp client for eth0 to acquire an address |
| setprop ctl.start dhcpclient_rtr |
| # Create iptables entries. -w will cause an indefinite wait for the exclusive |
| # lock. Without this flag iptables can sporadically fail if something else is |
| # modifying the iptables at the same time. -W indicates the number of micro- |
| # seconds between each retry. The default is one second which seems like a long |
| # time. Keep this short so we don't slow down startup too much. |
| execns ${NAMESPACE} /system/bin/iptables -w -W 50000 -t nat -A POSTROUTING -s 192.168.232.0/21 -o eth0 -j MASQUERADE |
| execns ${NAMESPACE} /system/bin/iptables -w -W 50000 -t nat -A POSTROUTING -s 192.168.200.0/24 -o eth0 -j MASQUERADE |
| /vendor/bin/iw phy phy1 set netns $PID |
| |
| execns ${NAMESPACE} /system/bin/ip addr add 192.168.232.1/21 dev wlan1 |
| execns ${NAMESPACE} /system/bin/ip link set wlan1 mtu 1400 |
| execns ${NAMESPACE} /system/bin/ip link set wlan1 up |
| # Start the IPv6 proxy that will enable use of IPv6 in the main namespace |
| setprop ctl.start ipv6proxy |
| execns ${NAMESPACE} sysctl -wq net.ipv4.ip_forward=1 |
| # Start hostapd, the access point software |
| setprop ctl.start emu_hostapd |
| # Start DHCP server for the wifi interface |
| setprop ctl.start dhcpserver |
| /system/bin/ip link set radio0 up |
