Merge branch 'topic/wifi-roaming'

3 files changed, 97 insertions, 15 deletions

diff --git a/filter_plugins/crypto.py b/filter_plugins/crypto.py
index b3dc32c4..54547a34 100644
--- a/filter_plugins/crypto.py
+++ b/filter_plugins/crypto.py
@@ -2,6 +2,7 @@ from __future__ import (absolute_import, division, print_function)
 __metaclass__ = type
 
 import hashlib
+from binascii import hexlify
 from passlib.utils.binary import Base64Engine, HASH64_CHARS, BCRYPT_CHARS
 from ansible.module_utils._text import to_bytes, to_text
 from ansible import errors
@@ -41,6 +42,17 @@ def bcrypt_salt(seed):
         raise errors.AnsibleFilterError("bcrypt_salt(): %s" % str(e))
 
 
+def wifi_80211r_key(seed):
+    ''' generate keys 802.11r r0kh and r1kh keys based on seed-value '''
+    try:
+        h = hashlib.new('sha256')
+        h.update(to_bytes(seed, errors='surrogate_or_strict'))
+        return to_text(hexlify(h.digest()))
+
+    except Exception as e:
+        raise errors.AnsibleFilterError("wifi_80211r_key(): %s" % str(e))
+
+
 class FilterModule(object):
 
     ''' crypto helpers '''
@@ -49,6 +61,7 @@ class FilterModule(object):
         'sha256_salt': sha2_crypt_salt,
         'sha512_salt': sha2_crypt_salt,
         'bcrypt_salt': bcrypt_salt,
+        'wifi_80211r_key': wifi_80211r_key,
     }
 
     def filters(self):
diff --git a/inventory/group_vars/accesspoints/vars.yml b/inventory/group_vars/accesspoints/vars.yml
index 7abe0582..e78740d4 100644
--- a/inventory/group_vars/accesspoints/vars.yml
+++ b/inventory/group_vars/accesspoints/vars.yml
@@ -85,28 +85,41 @@ accesspoint_wireless_devices_yaml: |
   {% endfor %}
 
 
-## TODO: set up 802.11r see:
-##        * https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming_working/
-##        * https://gist.github.com/lg/998d3e908d547bd9972a6bb604df377b
 accesspoint_wireless_ifaces: "{{ accesspoint_wireless_ifaces_yaml | from_yaml }}"
 accesspoint_wireless_ifaces_yaml: |
   {% for zone in accesspoint_zones.keys() %}
+  {%   set outer_loop = loop %}
   {%   for band in accesspoint_wireless_frequency_bands %}
   - name: wifi-iface '{{ zone }}{{ band }}'
     options:
       device: 'radio{{ band }}'
       network: '{{ zone }}'
       mode: 'ap'
-      disassoc_low_ack: '1'
-      rsn_preauth: '1'
       ssid: '{{ accesspoint_zones[zone].ssid }}'
       encryption: '{{ accesspoint_zones[zone].encryption }}'
       key: '{{ accesspoint_zones[zone].key }}'
+      disassoc_low_ack: '1'
+      rsn_preauth: '1'
+  {%     if accesspoint_80211r is defined %}
+      ieee80211r: '1'
+      mobility_domain: '{{ "%04x" % (accesspoint_80211r.mobility_domain_base + outer_loop.index0) }}'
+      ft_over_ds: '1'
+  {%     endif %}
+  {%     if accesspoint_band_steering is defined %}
+      bss_transition: '1'
+      wnm_sleep_mode: '1'
+      time_advertisement: '2'
+      time_zone: 'CET-1CEST,M3.5.0,M10.5.0/3'
+      ieee80211k: '1'
+      rrm_neighbor_report: '1'
+      rrm_beacon_report: '1'
+  {%     endif %}
   {%   endfor %}
   {% endfor %}
 
 
 
+
 openwrt_arch: ath79
 openwrt_target: generic
 openwrt_profile: ubnt_unifiac-lite
@@ -143,6 +156,16 @@ openwrt_packages_add:
   - libiwinfo-lua
   - libubus-lua
 
+_accesspoint_band_steering_packages_extra_:
+  none: []
+  dawn:
+  - dawn
+  usteer:
+  - usteer
+
+openwrt_packages_extra: "{{ _accesspoint_band_steering_packages_extra_[accesspoint_band_steering.kind | default('none')] }}"
+
+
 openwrt_mixin:
   /etc/sysctl.conf:
     content: |
@@ -281,7 +304,7 @@ openwrt_mixin:
       exit 0
 
 
-openwrt_uci:
+openwrt_uci_base:
   system:
     - name: system
       options:
@@ -293,13 +316,9 @@ openwrt_uci:
 
     - name: timeserver 'ntp'
       options:
-        enabled: '0'
+        enabled: '{{ accesspoint_ntp_servers is defined | ternary("1", "0") }}'
         enable_server: '0'
-        server:
-          - '0.lede.pool.ntp.org'
-          - '1.lede.pool.ntp.org'
-          - '2.lede.pool.ntp.org'
-          - '3.lede.pool.ntp.org'
+        server: "{{ accesspoint_ntp_servers | default([]) }}"
 
     - name: led
       options:
@@ -332,3 +351,41 @@ openwrt_uci:
 
   network: "{{ accesspoint_network_base + accesspoint_network_zones }}"
   wireless: "{{ accesspoint_wireless_devices + accesspoint_wireless_ifaces }}"
+
+openwrt_uci_band_steering: "{{ openwrt_uci_band_steering_yaml | from_yaml }}"
+openwrt_uci_band_steering_yaml: |
+  {% if accesspoint_band_steering is defined %}
+  {%   if accesspoint_band_steering.kind == 'dawn' %}
+  umdns:
+    - name: umds
+      options:
+        jail: '1'
+        network:
+        - mgmt
+
+  ## TODO: what are the minimal required settings here??
+  dawn:
+    - name: network
+      options:
+        broadcast_ip: '{{ network_mgmt_zone.prefix | ansible.utils.ipaddr("broadcast") }}'
+  {%   elif accesspoint_band_steering.kind == 'usteer' %}
+  usteer:
+    - name: usteer
+      options:
+        network: 'mgmt'
+        syslog: '1'
+        local_mode: '0'
+        ipv6: '0'
+        debug_level: '2'
+        assoc_steering: '1'
+        band_steering_threshold: '0'
+        band_steering_interval: '30000'
+        ssid_list:
+  {%     for zone in accesspoint_band_steering.zones %}
+        - '{{ accesspoint_zones[zone].ssid }}'
+  {%     endfor %}
+  {%   endif %}
+  {% endif %}
+
+
+openwrt_uci: "{{ openwrt_uci_base | combine(accesspoint_band_steering is defined | ternary(openwrt_uci_band_steering, {})) }}"
diff --git a/inventory/group_vars/chaos-at-home-ap/vars.yml b/inventory/group_vars/chaos-at-home-ap/vars.yml
index 83925639..af4773f4 100644
--- a/inventory/group_vars/chaos-at-home-ap/vars.yml
+++ b/inventory/group_vars/chaos-at-home-ap/vars.yml
@@ -1,6 +1,11 @@
 ---
 network_mgmt_zone: "{{ network_zones.mgmt }}"
 
+accesspoint_zones:
+  lan: "{{ network_zones.lan.wifi }}"
+  iot: "{{ network_zones.iot.wifi }}"
+
+
 accesspoint_wifi_channels:
   2g:
     ch-ap0: 1
@@ -10,9 +15,16 @@ accesspoint_wifi_channels:
     ch-ap1: 48
     ch-ap2: 40
 
-accesspoint_zones:
-  lan: "{{ network_zones.lan.wifi }}"
-  iot: "{{ network_zones.iot.wifi }}"
+accesspoint_80211r:
+  mobility_domain_base: 0xca00
+
+accesspoint_band_steering:
+  kind: usteer
+  zones: "{{ accesspoint_zones | list }}"
+
+
+accesspoint_ntp_servers:
+  - '{{ network_zones.mgmt.prefix | ansible.utils.ipaddr(network_zones.mgmt.offsets["ch-router"]) | ansible.utils.ipaddr("address") }}'
 
 
 prometheus_scrape_endpoint: "{{ network_mgmt_zone.prefix | ansible.utils.ipaddr(network_mgmt_zone.offsets[inventory_hostname]) | ansible.utils.ipaddr('address') }}:9100"