diff options
26 files changed, 692 insertions, 60 deletions
@@ -4,31 +4,38 @@ CAPSMAN = $(wildcard *.capsman.rsc) LOCAL = $(wildcard *.local.rsc) +WIFI = $(wildcard *.wifi.rsc) WIFIWAVE2 = $(wildcard *.wifiwave2.rsc) MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md) HTML = $(MARKDOWN:.md=.html) -all: $(CAPSMAN) $(LOCAL) $(WIFIWAVE2) $(HTML) +all: $(CAPSMAN) $(LOCAL) $(WIFI) $(WIFIWAVE2) $(HTML) %.html: %.md Makefile markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@ +%.capsman.rsc: %.template.rsc Makefile + sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \ + -e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \ + -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ + < $< > $@ + %.local.rsc: %.template.rsc Makefile - sed -e '/\/caps-man/d' -e '/\/interface\/wifiwave2/d' -e 's|%TEMPL%|.local|' \ - -e '/^# NOT \/interface\/wireless #$$/,/^# NOT \/interface\/wireless #$$/d' \ + sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e 's|%TEMPL%|.local|' \ + -e '/^# NOT \/interface\/wireless\/ #$$/,/^# NOT \/interface\/wireless\/ #$$/d' \ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ < $< > $@ -%.capsman.rsc: %.template.rsc Makefile - sed -e '/\/interface\/wifiwave2/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.capsman|' \ - -e '/^# NOT \/caps-man #$$/,/^# NOT \/caps-man #$$/d' \ +%.wifi.rsc: %.template.rsc Makefile + sed -e '/\/caps-man\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifi|' \ + -e '/^# NOT \/interface\/wifi\/ #$$/,/^# NOT \/interface\/wifi\/ #$$/d' \ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ < $< > $@ %.wifiwave2.rsc: %.template.rsc Makefile - sed -e '/\/caps-man/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.wifiwave2|' \ - -e '/^# NOT \/interface\/wifiwave2 #$$/,/^# NOT \/interface\/wifiwave2 #$$/d' \ + sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifiwave2|' \ + -e '/^# NOT \/interface\/wifiwave2\/ #$$/,/^# NOT \/interface\/wifiwave2\/ #$$/d' \ -e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \ < $< > $@ diff --git a/accesslist-duplicates.template.rsc b/accesslist-duplicates.template.rsc index beb7ef2..c83b428 100644 --- a/accesslist-duplicates.template.rsc +++ b/accesslist-duplicates.template.rsc @@ -18,13 +18,16 @@ :local Seen ({}); :foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={ +:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={ :foreach AccList in=[ /interface/wifiwave2/access-list/find where mac-address!="00:00:00:00:00:00" ] do={ :foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={ :local Mac [ /caps-man/access-list/get $AccList mac-address ]; + :local Mac [ /interface/wifi/access-list/get $AccList mac-address ]; :local Mac [ /interface/wifiwave2/access-list/get $AccList mac-address ]; :local Mac [ /interface/wireless/access-list/get $AccList mac-address ]; :if ($Seen->$Mac = 1) do={ /caps-man/access-list/print where mac-address=$Mac; + /interface/wifi/access-list/print where mac-address=$Mac; /interface/wifiwave2/access-list/print where mac-address=$Mac; /interface/wireless/access-list/print where mac-address=$Mac; :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ]; @@ -32,6 +35,7 @@ :if ([ :typeof $Remove ] = "num") do={ :put ("Removing numeric id " . $Remove . "...\n"); /caps-man/access-list/remove $Remove; + /interface/wifi/access-list/remove $Remove; /interface/wifiwave2/access-list/remove $Remove; /interface/wireless/access-list/remove $Remove; } diff --git a/accesslist-duplicates.wifi.rsc b/accesslist-duplicates.wifi.rsc new file mode 100644 index 0000000..4ca8be8 --- /dev/null +++ b/accesslist-duplicates.wifi.rsc @@ -0,0 +1,31 @@ +#!rsc by RouterOS +# RouterOS script: accesslist-duplicates.wifi +# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# requires RouterOS, version=7.12beta1 +# +# print duplicate antries in wireless access list +# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "accesslist-duplicates.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:local Seen ({}); + +:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={ + :local Mac [ /interface/wifi/access-list/get $AccList mac-address ]; + :if ($Seen->$Mac = 1) do={ + /interface/wifi/access-list/print where mac-address=$Mac; + :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ]; + + :if ([ :typeof $Remove ] = "num") do={ + :put ("Removing numeric id " . $Remove . "...\n"); + /interface/wifi/access-list/remove $Remove; + } + } + :set ($Seen->$Mac) 1; +} diff --git a/capsman-download-packages.template.rsc b/capsman-download-packages.template.rsc index 80f1988..7b37c36 100644 --- a/capsman-download-packages.template.rsc +++ b/capsman-download-packages.template.rsc @@ -25,6 +25,7 @@ $ScriptLock $0; $WaitFullyConnected; :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ]; +:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ]; :local PackagePath [ $CleanFilePath [ /interface/wifiwave2/capsman/get package-path ] ]; :local InstalledVersion [ /system/package/update/get installed-version ]; :local Updated false; @@ -55,7 +56,8 @@ $WaitFullyConnected; } } -# NOT /interface/wifiwave2 # +# NOT /interface/wifi/ # +# NOT /interface/wifiwave2/ # :if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \ !(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={ $LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \ @@ -81,19 +83,25 @@ $WaitFullyConnected; :set Updated true; } } -# NOT /interface/wifiwave2 # -# NOT /caps-man # +# NOT /interface/wifiwave2/ # +# NOT /interface/wifi/ # +# NOT /caps-man/ # :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={ $LogPrintExit2 info $0 ("No packages available, downloading default set.") false; :foreach Arch in={ "arm"; "arm64" } do={ +# NOT /interface/wifi/ # :foreach Package in={ "routeros"; "wifiwave2" } do={ +# NOT /interface/wifi/ # +# NOT /interface/wifiwave2/ # + :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={ +# NOT /interface/wifiwave2/ # :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={ :set Updated true; } } } } -# NOT /caps-man # +# NOT /caps-man/ # :if ($Updated = true) do={ :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0); @@ -101,6 +109,7 @@ $WaitFullyConnected; /system/script/run $Script; } else={ /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ]; + /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ]; /interface/wifiwave2/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ]; } } diff --git a/capsman-download-packages.wifi.rsc b/capsman-download-packages.wifi.rsc new file mode 100644 index 0000000..3552924 --- /dev/null +++ b/capsman-download-packages.wifi.rsc @@ -0,0 +1,74 @@ +#!rsc by RouterOS +# RouterOS script: capsman-download-packages.wifi +# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de> +# Michael Gisbers <michael@gisbers.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# download and cleanup packages for CAP installation from CAPsMAN +# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "capsman-download-packages.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global CleanFilePath; +:global DownloadPackage; +:global LogPrintExit2; +:global MkDir; +:global ScriptLock; +:global WaitFullyConnected; + +$ScriptLock $0; +$WaitFullyConnected; + +:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ]; +:local InstalledVersion [ /system/package/update/get installed-version ]; +:local Updated false; + +:if ([ :len $PackagePath ] = 0) do={ + $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true; +} + +:if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={ + :if ([ $MkDir $PackagePath ] = false) do={ + $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \ + $PackagePath . ") failed!") true; + } + $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \ + "). Please place your packages!") false; +} + +:foreach Package in=[ /file/find where type=package \ + package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={ + :local File [ /file/get $Package ]; + :if ($File->"package-architecture" = "mips") do={ + :set ($File->"package-architecture") "mipsbe"; + } + :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \ + ($File->"package-architecture") $PackagePath ] = true) do={ + :set Updated true; + /file/remove $Package; + } +} + +:if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={ + $LogPrintExit2 info $0 ("No packages available, downloading default set.") false; + :foreach Arch in={ "arm"; "arm64" } do={ + :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={ + :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={ + :set Updated true; + } + } + } +} + +:if ($Updated = true) do={ + :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0); + :if ([ :len $Script ] > 0) do={ + /system/script/run $Script; + } else={ + /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ]; + } +} diff --git a/capsman-rolling-upgrade.template.rsc b/capsman-rolling-upgrade.template.rsc index fc6872c..10245b5 100644 --- a/capsman-rolling-upgrade.template.rsc +++ b/capsman-rolling-upgrade.template.rsc @@ -24,21 +24,25 @@ $ScriptLock $0; :local InstalledVersion [ /system/package/update/get installed-version ]; :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ]; +:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ]; :local RemoteCapCount [ :len [ /interface/wifiwave2/capsman/remote-cap/find ] ]; :if ($RemoteCapCount > 0) do={ :local Delay (600 / $RemoteCapCount); :if ($Delay > 120) do={ :set Delay 120; } :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={ + :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={ :foreach RemoteCap in=[ /interface/wifiwave2/capsman/remote-cap/find where version!=$InstalledVersion ] do={ :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ]; + :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ]; :local RemoteCapVal [ /interface/wifiwave2/capsman/remote-cap/get $RemoteCap ]; :if ([ :len $RemoteCapVal ] > 1) do={ -# NOT /caps-man # +# NOT /caps-man/ # :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name"); -# NOT /caps-man # +# NOT /caps-man/ # $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \ " (" . $RemoteCapVal->"identity" . ")...") false; /caps-man/remote-cap/upgrade $RemoteCap; + /interface/wifi/capsman/remote-cap/upgrade $RemoteCap; /interface/wifiwave2/capsman/remote-cap/upgrade $RemoteCap; } else={ $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false; diff --git a/capsman-rolling-upgrade.wifi.rsc b/capsman-rolling-upgrade.wifi.rsc new file mode 100644 index 0000000..3e13bf4 --- /dev/null +++ b/capsman-rolling-upgrade.wifi.rsc @@ -0,0 +1,41 @@ +#!rsc by RouterOS +# RouterOS script: capsman-rolling-upgrade.wifi +# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de> +# Michael Gisbers <michael@gisbers.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# provides: capsman-rolling-upgrade +# +# upgrade CAPs one after another +# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "capsman-rolling-upgrade.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global LogPrintExit2; +:global ScriptLock; + +$ScriptLock $0; + +:local InstalledVersion [ /system/package/update/get installed-version ]; + +:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ]; +:if ($RemoteCapCount > 0) do={ + :local Delay (600 / $RemoteCapCount); + :if ($Delay > 120) do={ :set Delay 120; } + :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={ + :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ]; + :if ([ :len $RemoteCapVal ] > 1) do={ + :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name"); + $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \ + " (" . $RemoteCapVal->"identity" . ")...") false; + /interface/wifi/capsman/remote-cap/upgrade $RemoteCap; + } else={ + $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false; + } + :delay ($Delay . "s"); + } +} diff --git a/collect-wireless-mac.template.rsc b/collect-wireless-mac.template.rsc index 75073a4..97760d6 100644 --- a/collect-wireless-mac.template.rsc +++ b/collect-wireless-mac.template.rsc @@ -29,23 +29,28 @@ $ScriptLock $0 false 10; :if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={ +:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={ :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={ :if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={ /caps-man/access-list/add comment="--- collected above ---" disabled=yes; + /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes; /interface/wifiwave2/access-list/add comment="--- collected above ---" disabled=yes; /interface/wireless/access-list/add comment="--- collected above ---" disabled=yes; $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false; } :local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0); +:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0); :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ]->0); :local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0); :foreach Reg in=[ /caps-man/registration-table/find ] do={ +:foreach Reg in=[ /interface/wifi/registration-table/find ] do={ :foreach Reg in=[ /interface/wifiwave2/registration-table/find ] do={ :foreach Reg in=[ /interface/wireless/registration-table/find where ap=no ] do={ :local RegVal; :do { :set RegVal [ /caps-man/registration-table/get $Reg ]; + :set RegVal [ /interface/wifi/registration-table/get $Reg ]; :set RegVal [ /interface/wifiwave2/registration-table/get $Reg ]; :set RegVal [ /interface/wireless/registration-table/get $Reg ]; } on-error={ @@ -54,11 +59,13 @@ $ScriptLock $0 false 10; :if ([ :len ($RegVal->"mac-address") ] > 0) do={ :local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0); + :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0); :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($RegVal->"mac-address") ]->0); :local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0); :if ([ :len $AccessList ] > 0) do={ $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \ [ /caps-man/access-list/get $AccessList comment ]) false; + [ /interface/wifi/access-list/get $AccessList comment ]) false; [ /interface/wifiwave2/access-list/get $AccessList comment ]) false; [ /interface/wireless/access-list/get $AccessList comment ]) false; } @@ -87,6 +94,7 @@ $ScriptLock $0 false 10; "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface"); $LogPrintExit2 info $0 $Message false; /caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes; + /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes; /interface/wifiwave2/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes; /interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes; $SendNotification2 ({ origin=$0; \ diff --git a/collect-wireless-mac.wifi.rsc b/collect-wireless-mac.wifi.rsc new file mode 100644 index 0000000..40ad4d2 --- /dev/null +++ b/collect-wireless-mac.wifi.rsc @@ -0,0 +1,90 @@ +#!rsc by RouterOS +# RouterOS script: collect-wireless-mac.wifi +# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# provides: lease-script, order=40 +# +# collect wireless mac adresses in access list +# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "collect-wireless-mac.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global Identity; + +:global EitherOr; +:global FormatLine; +:global FormatMultiLines; +:global GetMacVendor; +:global LogPrintExit2; +:global ScriptLock; +:global SendNotification2; +:global SymbolForNotification; + +$ScriptLock $0 false 10; + +:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={ + /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes; + $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false; +} +:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0); + +:foreach Reg in=[ /interface/wifi/registration-table/find ] do={ + :local RegVal; + :do { + :set RegVal [ /interface/wifi/registration-table/get $Reg ]; + } on-error={ + $LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false; + } + + :if ([ :len ($RegVal->"mac-address") ] > 0) do={ + :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0); + :if ([ :len $AccessList ] > 0) do={ + $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \ + [ /interface/wifi/access-list/get $AccessList comment ]) false; + } + + :if ([ :len $AccessList ] = 0) do={ + :local Address "no dhcp lease"; + :local DnsName "no dhcp lease"; + :local HostName "no dhcp lease"; + :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0); + :if ([ :len $Lease ] > 0) do={ + :set Address [ /ip/dhcp-server/lease/get $Lease active-address ]; + :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ]; + :set DnsName "no dns name"; + :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0); + :if ([ :len $DnsRec ] > 0) do={ + :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] }); + :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={ + :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]); + } + } + } + :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]); + :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ]; + :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \ + "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface"); + $LogPrintExit2 info $0 $Message false; + /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes; + $SendNotification2 ({ origin=$0; \ + subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \ + message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \ + [ $FormatLine "Controller" $Identity ] . "\n" . \ + [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \ + [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \ + [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \ + [ $FormatLine "Vendor" $Vendor ] . "\n" . \ + [ $FormatLine "Hostname" $HostName ] . "\n" . \ + [ $FormatLine "Address" $Address ] . "\n" . \ + [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \ + [ $FormatLine "Date" $DateTime ]) }); + } + } else={ + $LogPrintExit2 debug $0 ("No mac address available... Ignoring.") false; + } +} diff --git a/daily-psk.template.rsc b/daily-psk.template.rsc index ad9198a..e7d9b54 100644 --- a/daily-psk.template.rsc +++ b/daily-psk.template.rsc @@ -56,17 +56,22 @@ $WaitFullyConnected; :local NewPsk [ $GeneratePSK $Date ]; :foreach AccList in=[ /caps-man/access-list/find where comment~$DailyPskMatchComment ] do={ +:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={ :foreach AccList in=[ /interface/wifiwave2/access-list/find where comment~$DailyPskMatchComment ] do={ :foreach AccList in=[ /interface/wireless/access-list/find where comment~$DailyPskMatchComment ] do={ :local SsidRegExp [ /caps-man/access-list/get $AccList ssid-regexp ]; + :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ]; :local SsidRegExp [ /interface/wifiwave2/access-list/get $AccList ssid-regexp ]; :local Configuration ([ /caps-man/configuration/find where ssid~$SsidRegExp ]->0); + :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0); :local Configuration ([ /interface/wifiwave2/configuration/find where ssid~$SsidRegExp ]->0); :local Ssid [ /caps-man/configuration/get $Configuration ssid ]; + :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ]; :local Ssid [ /interface/wifiwave2/configuration/get $Configuration ssid ]; :local OldPsk [ /caps-man/access-list/get $AccList private-passphrase ]; + :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ]; :local OldPsk [ /interface/wifiwave2/access-list/get $AccList passphrase ]; - # /caps-man /interface/wifiwave2 above - /interface/wireless below + # /caps-man/ /interface/wifi/ /interface/wifiwave2/ above - /interface/wireless/ below :local IntName [ /interface/wireless/access-list/get $AccList interface ]; :local Ssid [ /interface/wireless/get $IntName ssid ]; :local OldPsk [ /interface/wireless/access-list/get $AccList private-pre-shared-key ]; @@ -75,10 +80,12 @@ $WaitFullyConnected; :if ($NewPsk != $OldPsk) do={ $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false; /caps-man/access-list/set $AccList private-passphrase=$NewPsk; + /interface/wifi/access-list/set $AccList passphrase=$NewPsk; /interface/wifiwave2/access-list/set $AccList passphrase=$NewPsk; /interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk; :if ([ :len [ /caps-man/actual-interface-configuration/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={ + :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={ :if ([ :len [ /interface/wifiwave2/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={ :if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={ :if ($Seen->$Ssid = 1) do={ diff --git a/daily-psk.wifi.rsc b/daily-psk.wifi.rsc new file mode 100644 index 0000000..a8b1320 --- /dev/null +++ b/daily-psk.wifi.rsc @@ -0,0 +1,85 @@ +#!rsc by RouterOS +# RouterOS script: daily-psk.wifi +# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de> +# Michael Gisbers <michael@gisbers.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# update daily PSK (pre shared key) +# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "daily-psk.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global DailyPskMatchComment; +:global DailyPskQrCodeUrl; +:global Identity; + +:global FormatLine; +:global LogPrintExit2; +:global ScriptLock; +:global SendNotification2; +:global SymbolForNotification; +:global UrlEncode; +:global WaitForFile; +:global WaitFullyConnected; + +$ScriptLock $0; +$WaitFullyConnected; + +# return pseudo-random string for PSK +:local GeneratePSK do={ + :local Date [ :tostr $1 ]; + + :global DailyPskSecrets; + + :global ParseDate; + + :set Date [ $ParseDate $Date ]; + + :local A ((14 - ($Date->"month")) / 12); + :local B (($Date->"year") - $A); + :local C (($Date->"month") + 12 * $A - 2); + :local WeekDay (7000 + ($Date->"day") + $B + ($B / 4) - ($B / 100) + ($B / 400) + ((31 * $C) / 12)); + :set WeekDay ($WeekDay - (($WeekDay / 7) * 7)); + + :return (($DailyPskSecrets->0->(($Date->"day") - 1)) . \ + ($DailyPskSecrets->1->(($Date->"month") - 1)) . \ + ($DailyPskSecrets->2->$WeekDay)); +} + +:local Seen ({}); +:local Date [ /system/clock/get date ]; +:local NewPsk [ $GeneratePSK $Date ]; + +:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={ + :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ]; + :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0); + :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ]; + :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ]; + :local Skip 0; + + :if ($NewPsk != $OldPsk) do={ + $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false; + /interface/wifi/access-list/set $AccList passphrase=$NewPsk; + + :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={ + :if ($Seen->$Ssid = 1) do={ + $LogPrintExit2 debug $0 ("Already sent a mail for SSID " . $Ssid . ", skipping.") false; + } else={ + :local Link ($DailyPskQrCodeUrl . \ + "?scale=8&level=1&ssid=" . [ $UrlEncode $Ssid ] . "&pass=" . [ $UrlEncode $NewPsk ]); + $SendNotification2 ({ origin=$0; \ + subject=([ $SymbolForNotification "calendar" ] . "daily PSK " . $Ssid); \ + message=("This is the daily PSK on " . $Identity . ":\n\n" . \ + [ $FormatLine "SSID" $Ssid ] . "\n" . \ + [ $FormatLine "PSK" $NewPsk ] . "\n" . \ + [ $FormatLine "Date" $Date ] . "\n\n" . \ + "A client device specific rule must not exist!"); link=$Link }); + :set ($Seen->$Ssid) 1; + } + } + } +} diff --git a/dhcp-lease-comment.template.rsc b/dhcp-lease-comment.template.rsc index 0f16285..05b1254 100644 --- a/dhcp-lease-comment.template.rsc +++ b/dhcp-lease-comment.template.rsc @@ -24,10 +24,12 @@ $ScriptLock $0; :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; :local NewComment; :local AccessList ([ /caps-man/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0); + :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0); :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0); :local AccessList ([ /interface/wireless/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0); :if ([ :len $AccessList ] > 0) do={ :set NewComment [ /caps-man/access-list/get $AccessList comment ]; + :set NewComment [ /interface/wifi/access-list/get $AccessList comment ]; :set NewComment [ /interface/wifiwave2/access-list/get $AccessList comment ]; :set NewComment [ /interface/wireless/access-list/get $AccessList comment ]; } diff --git a/dhcp-lease-comment.wifi.rsc b/dhcp-lease-comment.wifi.rsc new file mode 100644 index 0000000..fe34b09 --- /dev/null +++ b/dhcp-lease-comment.wifi.rsc @@ -0,0 +1,33 @@ +#!rsc by RouterOS +# RouterOS script: dhcp-lease-comment.wifi +# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# provides: lease-script, order=60 +# +# update dhcp-server lease comment with infos from access-list +# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "dhcp-lease-comment.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global LogPrintExit2; +:global ScriptLock; + +$ScriptLock $0; + +:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic=yes status=bound ] do={ + :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; + :local NewComment; + :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0); + :if ([ :len $AccessList ] > 0) do={ + :set NewComment [ /interface/wifi/access-list/get $AccessList comment ]; + } + :if ([ :len $NewComment ] != 0 && $LeaseVal->"comment" != $NewComment) do={ + $LogPrintExit2 info $0 ("Updating comment for DHCP lease " . $LeaseVal->"active-mac-address" . ": " . $NewComment) false; + /ip/dhcp-server/lease/set comment=$NewComment $Lease; + } +} diff --git a/doc/accesslist-duplicates.md b/doc/accesslist-duplicates.md index ba5ac4b..7cb0bc2 100644 --- a/doc/accesslist-duplicates.md +++ b/doc/accesslist-duplicates.md @@ -17,11 +17,16 @@ entries in wireless access list. Requirements and installation ----------------------------- -Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`) -or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface -(`/interface/wireless`) you need to install a different script. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`) +or local wireless interface (`/interface/wireless`) you need to install a +different script. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate accesslist-duplicates.wifi; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate accesslist-duplicates.wifiwave2; @@ -38,7 +43,7 @@ Usage and invocation Run this script from a terminal: - /system/script/run accesslist-duplicates.local; + /system/script/run accesslist-duplicates.wifi; ![screenshot: example](accesslist-duplicates.d/01-example.avif) diff --git a/doc/capsman-download-packages.md b/doc/capsman-download-packages.md index f6e6f96..ccd2ee5 100644 --- a/doc/capsman-download-packages.md +++ b/doc/capsman-download-packages.md @@ -18,11 +18,16 @@ This script automatically downloads these packages. Requirements and installation ----------------------------- -Just install the script on CAPsMAN device. Depending on whether you use -`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN -(`/caps-man`) you need to install a different script. +Just install the script on CAPsMAN device. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) +you need to install a different script. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate capsman-download-packages.wifi; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate capsman-download-packages.wifiwave2; @@ -30,7 +35,12 @@ For legacy CAPsMAN: $ScriptInstallUpdate capsman-download-packages.capsman; -Optionally add a scheduler to run after startup. For `wifiwave2`: +Optionally add a scheduler to run after startup. For `wifi` (RouterOS 7.13 +and later): + + /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifi;" start-time=startup; + +For `wifiwave2` (up to RouterOS 7.12): /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifiwave2;" start-time=startup; @@ -42,8 +52,11 @@ Packages available in local storage in older version are downloaded unconditionally. If no packages are found the script tries to download missing packages for -legacy CAPsMAN by guessing from system log. For `wifiwave2` a default set -of packages (`routeros` and `wifiwave2` for *arm* and *arm64*) is downloaded. +legacy CAPsMAN by guessing from system log. For `wifi` and `wifiwave2` a +default set of packages is downloaded. + + * `wifi`: `routeros`, `wifi-qcom` and `wifi-qcom-ac` for *arm* and *arm64* + * `wifiwave2`: `routeros` and `wifiwave2` for *arm* and *arm64* > ℹ️ **Info**: If you have packages in the directory and things go wrong for > what ever unknown reason: Remove **all** packages and start over. @@ -53,7 +66,7 @@ Usage and invocation Run the script manually: - /system/script/run capsman-download-packages.wifiwave2; + /system/script/run capsman-download-packages.wifi; ... or from scheduler. diff --git a/doc/capsman-rolling-upgrade.md b/doc/capsman-rolling-upgrade.md index 5c038e9..bbc8e14 100644 --- a/doc/capsman-rolling-upgrade.md +++ b/doc/capsman-rolling-upgrade.md @@ -20,11 +20,16 @@ parallel. Requirements and installation ----------------------------- -Just install the script on CAPsMAN device. Depending on whether you use -`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN -(`/caps-man`) you need to install a different script. +Just install the script on CAPsMAN device. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) +you need to install a different script. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate capsman-rolling-upgrade.wifi; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate capsman-rolling-upgrade.wifiwave2; @@ -41,7 +46,7 @@ that script when required. Alternatively run it manually: - /system/script/run capsman-rolling-upgrade.wifiwave2; + /system/script/run capsman-rolling-upgrade.wifi; See also -------- diff --git a/doc/collect-wireless-mac.md b/doc/collect-wireless-mac.md index 6407c3a..e73cf58 100644 --- a/doc/collect-wireless-mac.md +++ b/doc/collect-wireless-mac.md @@ -22,11 +22,16 @@ and modify it to your needs. Requirements and installation ----------------------------- -Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`) -or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface -(`/interface/wireless`) you need to install a different script. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`) +or local wireless interface (`/interface/wireless`) you need to install a +different script. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate collect-wireless-mac.wifi; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate collect-wireless-mac.wifiwave2; diff --git a/doc/daily-psk.md b/doc/daily-psk.md index f551e46..6eb656c 100644 --- a/doc/daily-psk.md +++ b/doc/daily-psk.md @@ -21,12 +21,18 @@ Requirements and installation Just install this script. -Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`) -or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface -(`/interface/wireless`) you need to install a different script and add -schedulers to run the script: +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`) +or local wireless interface (`/interface/wireless`) you need to install a +different script and add schedulers to run the script: -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate daily-psk.wifi; + /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifi;" start-time=03:00:00; + /system/scheduler/add name=daily-psk@startup on-event="/system/script/run daily-psk.wifi;" start-time=startup; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate daily-psk.wifiwave2; /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifiwave2;" start-time=03:00:00; @@ -58,7 +64,11 @@ The configuration goes to `global-config-overlay`, these are the parameters: > [`global-config`](../global-config.rsc) (the one without `-overlay`) to > your local `global-config-overlay` and modify it to your specific needs. -Then add an access list entry. For `wifiwave2`: +Then add an access list entry. For `wifi` (RouterOS 7.13 and later): + + /interface/wifi/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily"; + +For `wifiwave2` (up to RouterOS 7.12): /interface/wifiwave2/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily"; diff --git a/doc/dhcp-lease-comment.md b/doc/dhcp-lease-comment.md index cd29641..ae0edfb 100644 --- a/doc/dhcp-lease-comment.md +++ b/doc/dhcp-lease-comment.md @@ -15,11 +15,16 @@ from wireless access list. Requirements and installation ----------------------------- -Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`) -or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface -(`/interface/wireless`) you need to install a different script. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`) +or local wireless interface (`/interface/wireless`) you need to install a +different script. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate dhcp-lease-comment.wifi; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate dhcp-lease-comment.wifiwave2; diff --git a/doc/hotspot-to-wpa.md b/doc/hotspot-to-wpa.md index 4909eef..f0ffce9 100644 --- a/doc/hotspot-to-wpa.md +++ b/doc/hotspot-to-wpa.md @@ -19,11 +19,18 @@ Requirements and installation You need a properly configured hotspot on one (open) SSID and a WP2 enabled SSID with suffix "`-wpa`". -Then install the script. Depending on whether you use `wifiwave2` package -(`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) you need -to install a different script and set it as `on-login` script in hotspot. +Then install the script. +Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2` +package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) +you need to install a different script and set it as `on-login` script in +hotspot. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate hotspot-to-wpa.wifi; + /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifi" [ find ]; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate hotspot-to-wpa.wifiwave2; /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifiwave2" [ find ]; @@ -39,7 +46,12 @@ With just `hotspot-to-wpa` installed the mac addresses will last in the access list forever. Install the optional script for automatic cleanup and add a scheduler. -For `wifiwave2`: +For `wifi` (RouterOS 7.13 and later): + + $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifi,lease-script; + /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifi;" start-time=startup; + +For `wifiwave2` (up to RouterOS 7.12): $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifiwave2,lease-script; /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifiwave2;" start-time=startup; @@ -86,7 +98,11 @@ Additionally templates can be created to give more options for access list: * `vlan-mode`: set the VLAN mode for device For a hotspot called `example` the template could look like this. For -`wifiwave2`: +`wifi` (RouterOS 7.13 and later): + + /interface/wifi/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10; + +For `wifiwave2` (up to RouterOS 7.12): /interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10; diff --git a/global-functions.rsc b/global-functions.rsc index 90ed0b6..f0446bd 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -12,7 +12,7 @@ :local 0 "global-functions"; # expected configuration version -:global ExpectedConfigVersion 113; +:global ExpectedConfigVersion 114; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/hotspot-to-wpa-cleanup.template.rsc b/hotspot-to-wpa-cleanup.template.rsc index 8cc732b..0f89cec 100644 --- a/hotspot-to-wpa-cleanup.template.rsc +++ b/hotspot-to-wpa-cleanup.template.rsc @@ -4,9 +4,9 @@ # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md # # provides: lease-script, order=80 -# NOT /caps-man # +# NOT /caps-man/ # # requires RouterOS, version=7.12beta3 -# NOT /caps-man # +# NOT /caps-man/ # # # manage and clean up private WPA passphrase after hotspot login # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md @@ -36,8 +36,10 @@ $ScriptLock $0 false 10; } :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={ +:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={ :foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={ :local ClientVal [ /caps-man/registration-table/get $Client ]; + :local ClientVal [ /interface/wifi/registration-table/get $Client ]; :local ClientVal [ /interface/wifiwave2/registration-table/get $Client ]; :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \ mac-address=($ClientVal->"mac-address") ] do={ @@ -51,15 +53,18 @@ $ScriptLock $0 false 10; } :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \ +:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \ :foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \ !(comment~[ /system/clock/get date ]) ] do={ :local ClientVal [ /caps-man/access-list/get $Client ]; + :local ClientVal [ /interface/wifi/access-list/get $Client ]; :local ClientVal [ /interface/wifiwave2/access-list/get $Client ]; :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \ mac-address=($ClientVal->"mac-address") ] ] = 0) do={ $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ " did not connect to WPA, removing from access list.") false; /caps-man/access-list/remove $Client; + /interface/wifi/access-list/remove $Client; /interface/wifiwave2/access-list/remove $Client; } } @@ -71,6 +76,7 @@ $ScriptLock $0 false 10; $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \ " was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false; /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \ + /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \ /interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \ mac-address=($LeaseVal->"mac-address") ]; /ip/dhcp-server/lease/remove $Lease; diff --git a/hotspot-to-wpa-cleanup.wifi.rsc b/hotspot-to-wpa-cleanup.wifi.rsc new file mode 100644 index 0000000..1cee316 --- /dev/null +++ b/hotspot-to-wpa-cleanup.wifi.rsc @@ -0,0 +1,69 @@ +#!rsc by RouterOS +# RouterOS script: hotspot-to-wpa-cleanup.wifi +# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# provides: lease-script, order=80 +# requires RouterOS, version=7.12beta3 +# +# manage and clean up private WPA passphrase after hotspot login +# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "hotspot-to-wpa-cleanup.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global EitherOr; +:global LogPrintExit2; +:global ParseKeyValueStore; +:global ScriptLock; + +$ScriptLock $0 false 10; + +:local DHCPServers ({}); +:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={ + :local ServerVal [ /ip/dhcp-server/get $Server ] + :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ]; + :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={ + :set ($DHCPServers->($ServerVal->"name")) \ + [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ]; + } +} + +:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={ + :local ClientVal [ /interface/wifi/registration-table/get $Client ]; + :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \ + mac-address=($ClientVal->"mac-address") ] do={ + :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={ + $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ + " connected to WPA, making lease static.") false; + /ip/dhcp-server/lease/make-static $Lease; + /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease; + } + } +} + +:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \ + !(comment~[ /system/clock/get date ]) ] do={ + :local ClientVal [ /interface/wifi/access-list/get $Client ]; + :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \ + mac-address=($ClientVal->"mac-address") ] ] = 0) do={ + $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \ + " did not connect to WPA, removing from access list.") false; + /interface/wifi/access-list/remove $Client; + } +} + +:foreach Server,Timeout in=$DHCPServers do={ + :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \ + server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={ + :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ]; + $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \ + " was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false; + /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \ + mac-address=($LeaseVal->"mac-address") ]; + /ip/dhcp-server/lease/remove $Lease; + } +} diff --git a/hotspot-to-wpa.template.rsc b/hotspot-to-wpa.template.rsc index c676fe6..a858285 100644 --- a/hotspot-to-wpa.template.rsc +++ b/hotspot-to-wpa.template.rsc @@ -36,22 +36,28 @@ $ScriptLock $0; :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ]; :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={ +:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={ :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={ /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes; + /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes; /interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes; $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false; } :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0); +:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0); :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0); :if ([ :len [ /caps-man/access-list/find where \ +:if ([ :len [ /interface/wifi/access-list/find where \ :if ([ :len [ /interface/wifiwave2/access-list/find where \ comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={ /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore; + /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore; /interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore; $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false; } :local Template [ /caps-man/access-list/get ([ find where \ +:local Template [ /interface/wifi/access-list/get ([ find where \ :local Template [ /interface/wifiwave2/access-list/get ([ find where \ comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ]; @@ -65,45 +71,55 @@ $ScriptLock $0; $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \ " (user " . $UserName . ").") false; /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ]; +/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ]; /interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ]; /caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \ +/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \ /interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \ mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \ action=reject place-before=$PlaceBefore; :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \ +:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \ :local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \ comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ]; -# NOT /caps-man # +# NOT /caps-man/ # :set ($Template->"private-passphrase") ($Template->"passphrase"); -# NOT /caps-man # +# NOT /caps-man/ # :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ]; :if ([ :len $PrivatePassphrase ] > 0) do={ :if ($PrivatePassphrase = "ignore") do={ /caps-man/access-list/set $Entry !private-passphrase; + /interface/wifi/access-list/set $Entry !passphrase; /interface/wifiwave2/access-list/set $Entry !passphrase; } else={ /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase; + /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase; /interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase; } } :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ]; :if ([ :len $SsidRegexp ] > 0) do={ /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp; + /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp; /interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp; } :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ]; :if ([ :len $VlanId ] > 0) do={ /caps-man/access-list/set $Entry vlan-id=$VlanId; + /interface/wifi/access-list/set $Entry vlan-id=$VlanId; /interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId; } -# NOT /interface/wifiwave2 # +# NOT /interface/wifi/ # +# NOT /interface/wifiwave2/ # :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ]; :if ([ :len $VlanMode] > 0) do={ /caps-man/access-list/set $Entry vlan-mode=$VlanMode; } -# NOT /interface/wifiwave2 # +# NOT /interface/wifiwave2/ # +# NOT /interface/wifi/ # :delay 2s; /caps-man/access-list/set $Entry action=accept; +/interface/wifi/access-list/set $Entry action=accept; /interface/wifiwave2/access-list/set $Entry action=accept; diff --git a/hotspot-to-wpa.wifi.rsc b/hotspot-to-wpa.wifi.rsc new file mode 100644 index 0000000..f7c99a9 --- /dev/null +++ b/hotspot-to-wpa.wifi.rsc @@ -0,0 +1,86 @@ +#!rsc by RouterOS +# RouterOS script: hotspot-to-wpa.wifi +# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de> +# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md +# +# add private WPA passphrase after hotspot login +# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md +# +# !! Do not edit this file, it is generated from template! + +:local 0 "hotspot-to-wpa.wifi"; +:global GlobalFunctionsReady; +:while ($GlobalFunctionsReady != true) do={ :delay 500ms; } + +:global EitherOr; +:global LogPrintExit2; +:global ParseKeyValueStore; +:global ScriptLock; + +$ScriptLock $0; + +:local MacAddress $"mac-address"; +:local UserName $username; + +:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={ + $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true; +} + +:local Date [ /system/clock/get date ]; +:local UserVal ({}); +:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={ + :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ]; +} +:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ]; +:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ]; + +:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={ + /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes; + $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false; +} +:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0); + +:if ([ :len [ /interface/wifi/access-list/find where \ + comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={ + /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore; + $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false; +} +:local Template [ /interface/wifi/access-list/get ([ find where \ + comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ]; + +:if ($Template->"action" = "reject") do={ + $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true; +} + +# allow login page to load +:delay 1s; + +$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \ + " (user " . $UserName . ").") false; +/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ]; +/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \ + mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \ + action=reject place-before=$PlaceBefore; + +:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \ + comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ]; +:set ($Template->"private-passphrase") ($Template->"passphrase"); +:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ]; +:if ([ :len $PrivatePassphrase ] > 0) do={ + :if ($PrivatePassphrase = "ignore") do={ + /interface/wifi/access-list/set $Entry !passphrase; + } else={ + /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase; + } +} +:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ]; +:if ([ :len $SsidRegexp ] > 0) do={ + /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp; +} +:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ]; +:if ([ :len $VlanId ] > 0) do={ + /interface/wifi/access-list/set $Entry vlan-id=$VlanId; +} + +:delay 2s; +/interface/wifi/access-list/set $Entry action=accept; diff --git a/news-and-changes.rsc b/news-and-changes.rsc index 64e114f..d0b3820 100644 --- a/news-and-changes.rsc +++ b/news-and-changes.rsc @@ -27,6 +27,7 @@ 111="Modified 'dhcp-to-dns' to allow multiple records for one mac address."; 112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys."; 113="Added helper functions for easier setup to Matrix notification module."; + 114="All relevant scripts were ported to new wifi package for RouterOS 7.13 and later. Migration is complex and thus not done automatically!"; }; # Migration steps to be applied on script updates |