AP

1. 工具安装

1.1 wireless tools

修改Makefile的 PREFIX
make

1.2 wpa_supplicant

编译 libnl
编译 openssl
编译 wpa
修改 wpa的 Makefile，添加

DESTDIR=/usr/local/wpa
LIBS += -L/usr/local/libnl/lib
LIBS += -L/usr/local/openssl/lib
CFLAGS += -I/usr/local/libnl/include/libnl3/
CFLAGS += -I/usr/local/openssl/include/

make

2. 做客户端

ifconfig wlan0 up
iwconfig

wlan0     IEEE 802.11  ESSID:off/any
          Mode:Managed  Access Point: Not-Associated   Tx-Power=16 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off

确保是 Managed 模式

扫描AP
iwlist wlan0 scan

          Cell 02 - Address: 22:2D:78:06:00:0A
                    Channel:6
                    Frequency:2.437 GHz (Channel 6)
                    Quality=40/70  Signal level=-70 dBm
                    Encryption key:on
                    ESSID:"IFw8"
                    IE: WPA Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK

关键信息：channel, essid, WPA

如果没有加密可以用 iwconfig 修改essid ，直接连接，
加密连接使用 wpa
wpa_supplicant -i wlan0 -c /etc/wpa_aa.conf -B

ctrl_interface=/var/run/wpa_supplicant
network={
        ssid="aa"
        psk="12345678"
}

成功后 ESSID 改变
iwconfig wlan0

ifw8$ iwconfig wlan0
wlan0     IEEE 802.11  ESSID:"aa"
          Mode:Managed  Frequency:2.437 GHz  Access Point: 22:2D:78:06:00:0A
          Bit Rate=1 Mb/s   Tx-Power=16 dBm
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=43/70  Signal level=-67 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

分配IP
ifconfig wlan0 192.168.1.144 netmask 255.255.255.0
添加网关。。。

查看连接状态
wpa_cli status
端口连接
wpa_cli terminate

hostapd

1. 确认网卡支持的模式

root #iw list | grep "Supported interface modes" -A 8

        Supported interface modes:
                 * IBSS
                 * managed
                 * AP
                 * AP/VLAN
                 * WDS
                 * monitor
                 * P2P-client
                 * P2P-GO

2. wifi技术简介

2.1 802.11

Technology	Frequency Band	Year	Max Speed	notes
802.11a	5GHz	1999	54Mbps	obsolete
802.11b	2.4GHz	1999	11Mbps	obsolete
802.11g	2.4GHz	2003	54Mbps	becoming obsolete
802.11n	2.4GHz or 5GHz	2009	150Mbps	can use multiple streams to increase speed (if both client and AP have more than one antenna)
802.11ac	5GHz	2013	867Mbps	can use multiple streams
802.11ax	2.4GHz or 5GHz	2019	1201Mbps	can use multiple streams, supports higher clients density

2.2 频率和信道

Frequency	802.11	Channels
2.4GHz	b/g/n/ax	up to 14, depends on the country
5GHz	a/n/ac/ax	up to 37, depends on the country

2.3 做VAP时常用参数

频段，信道，频段带宽
wifi有两个频段：2.4G 5G

在频段上划分信道，减少冲突

一个信道中最大频率与最小频率的差，就叫做信道带宽，在Wi-Fi中，每个信道的带宽是22MHz。但是，实际使用中，有效的带宽是20MHz，其中有2MHz是隔离频带，起保护作用。
20MHz信道带宽对应的是65M带宽 ，它的特性是穿透性好 传输的距离远（100米左右）。
40MHz信道带宽对应的是150M带宽 ，它的穿透性差 传输的距离较近 （50米左右)。

2.4 Access Point

• An AP is like a wireless switch;
• An AP can only use one band at a time: 2.4GHz OR 5GHz, a so-called "dual-band AP" is just one AP at 2.4GHz and another at 5GHz;
• An AP using the 2.4GHz band can be b, g, n and ax at the same time (if the hardware supports it);
• An AP using the 5GHz band can be a, n, ac and ax at the same time (if the hardware supports it);
• An AP can have multiple SSIDs, making it look like multiple APs, but all will share the same band AND channel.

3. hostapd的特性

3.1 hostapd能做什么

• Create an AP;
• Create multiple APs on the same card (if the card supports it, usually up to 8);
• Create one AP on one card and another AP on a second card, all within a single instance of Hostapd;
• Use 2.4GHz and 5GHz at the same time on the same card. This requires a card with two radios though, which is pretty rare (but hostapd supports it) - if the card creates two wlanX interfaces, you might be lucky;

3.2 hostapd 不能做

• Create multiple APs on different channels on the same card. Multiple APs on the same card will share the same channel;
• Create a dual-band AP, even with two cards. But it can create two APs with the same SSID;
• Assign IPs to the devices connecting to the AP, a dhcp server is needed for that;
• Assign an IP to the AP itself, it is not hostapd's job to do that;

3.4 配置示例

3.4.1 5g

interface=wlan0
# "a" simply means 5GHz
hw_mode=a
# the channel to use, 0 means the AP will search for the channel with the least interferences (ACS)
channel=0
ieee80211d=1
country_code=FR
ieee80211n=1
# 802.11ac support
ieee80211ac=1         
wmm_enabled=1

ssid=somename
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword

3.4.2 多ssid

interface=wlan0
hw_mode=g
channel=10
ieee80211d=1
country_code=FR
ieee80211n=1
wmm_enabled=1

# First AP
ssid=test1
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=somepassword

# Second AP
# the name of the new interface hostapd will create to handle this AP 
bss=wlan1
ssid=test2
auth_algs=1
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_passphrase=someotherpassword

# Third AP
# the name of the new interface hostapd will create to handle this AP 
bss=wlan2
ssid=test3
# since there is no encryption defined, none will be used

3.5 使用5g须知

Depending on where you live, using the 5GHz band for an AP has limitations:

some channels are forbidden
some channels are for indoor use only
some channels cannot be used without first listening to make sure they are not already used by something else (no-IR, a.k.a: no initiate radiation)
some channels require DFS to be used (Dynamic Frequency Selection, to prevent interferences with radars)
some channels require TPC to be used (Transmit Power Control, to limit interferences)

The problem is that each country has its own rules and those rules are complex and regularly changing.

The package net-wireless/wireless-regdb maintains a regulatory database, for each country, of what channels can be used and with what limitations.

To use the database, you either need to emerge net-wireless/hostapd with the crda USE flag, or make the database directly available to the kernel, as you would with a firmware (the files are: /lib/firmware/regulatory.db and /lib/firmware/regulatory.db.p7s)

CRDA is on its way to being deprecated in favour of the firmware approach but is still maintained.

These limitations are somewhat recent and only implemented in 802.11n/ac/ax devices. Old devices which ignore these limitations may break the law.

3.6 固件和驱动

Some firmwares will refuse to work as APs even though they can work as clients.

Some drivers do not implement the required checks (DFS, no-IR, etc) and will also refuse to create APs on most or even all channels.

Currently only Atheros drivers (ath9k, ath10k) are know to properly support AP mode in the 5GHz band.
Most notably, the intel driver iwlwifi only has good AP mode support for the 2.4GHz band, AP mode in the 5GHz band is either disabled or crippled.

3.7 常见错误

3.7.1 创建多ssid失败

当创建多个vaps，可能报错

Invalid BSSID mask ff:ff:ff:ff:ff:fe for start address 5a:42:e7:c2:f5:8f.
Start address must be the first address in the block (i.e., addr AND mask == addr).

解决方法用iw创建第一个vap时，设置其 地址，保证最后 值为0

3.7.2 no IR

有时会显示

iw list

Frequencies:
* 5180 MHz [36] (16.0 dBm) (no IR)
* 5200 MHz [40] (16.0 dBm) (no IR)
* 5220 MHz [44] (16.0 dBm) (no IR)
* 5240 MHz [48] (16.0 dBm) (no IR)
* 5260 MHz [52] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)
* 5280 MHz [56] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)
* 5300 MHz [60] (16.0 dBm) (no IR, radar detection)
DFS state: usable (for 1284 sec)

no IR 表示 不能使用此频率，作为AP，但可以作为STA。
这是由于 无线频率监管限制，各个地区的无线频率规定不同，可以尝试通过修改 地区 解决限制。
也可以修改 wireless-regdb 的 db.txt ，删除 无线限制。

4. 编译驱动

使用backports,参考
https://www.cnblogs.com/zengjfgit/p/7513394.html

5. 更多文档

https://wireless.wiki.kernel.org/welcome