By Toradex秦海

1).?簡介

本文介紹基于ARM嵌入式平臺(tái)使用開源Hostapd軟件配置測試WiFi Access Point模式，也就是AP模式。

本文所使用的ARM嵌入式平臺(tái)來自于Toradex?基于NXP最新的iMX8 SoC（基于Cortex-A72+A53和Coretex-M4架構(gòu)）的ARM計(jì)算機(jī)模塊Apalis iMX8QM 4GB WB IT，模塊上面集成了AzureWave AW-CM276NF WiFi/BT?模塊，其具體WiFi參數(shù)如下：

2).?準(zhǔn)備

a).?Apalis iMX8QM?4GB WB IT ARM核心版配合Ioxra?載板，連接調(diào)試串口UART1（載板X22）到開發(fā)主機(jī)方便調(diào)試。

b). Apalis iMX8安裝Toradex Ycoto Linux Reference Multimedia image V5.0.0 2020Q3季度版本，詳細(xì)信息請參考這里。

c). WiFi模塊安裝標(biāo)準(zhǔn)WHF4接口天線，詳情請參考這里。

3). WiFi AP模式配置

a).?查看WiFi模塊AP模式端口uap0

-------------------------------

root@apalis-imx8:~# ifconfig -a |grep uap

uap0????? Link encap:Ethernet? HWaddr C0:E4:34:2F:C6:A1

-------------------------------

b).?配置Hostapd配置文件

./ file - /etc/hostapd.conf，Hostapd服務(wù)配置文件，里面預(yù)設(shè)了很多配置項(xiàng)目，這里只將必要的進(jìn)行修改，其他可以自行根據(jù)實(shí)際需要來配置。

-------------------------------

--- a/etc/hostapd.conf

+++ b/etc/hostapd.conf

@@ -5,7 +5,7 @@

?# management frames with the Host AP driver); wlan0 with many nl80211 drivers

?# Note: This attribute can be overridden by the values supplied with the '-i'

?# command line parameter.

-interface=wlan0

+interface=uap0

?# In case of atheros and nl80211 driver interfaces, an additional

?# configuration parameter, bridge, may be used to notify hostapd if the

@@ -85,7 +85,7 @@

?##### IEEE 802.11 related configuration #######################################

?# SSID to be used in IEEE 802.11 management frames

-ssid=test

+ssid=ap-apalis-imx8

?# Alternative formats for configuring SSID

?# (double quoted string, hexdump, printf-escaped string)

?#ssid2="test"

@@ -1234,7 +1234,7 @@

?# authentication with external ACL for MAC addresses, and accounting

?# The own IP address of the access point (used as NAS-IP-Address)

-own_ip_addr=127.0.0.1

+own_ip_addr=192.168.8.1

?# NAS-Identifier string for RADIUS messages. When used, this should be unique

?# to the NAS within the scope of the RADIUS server. Please note that hostapd

@@ -1464,7 +1464,7 @@

?# Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.

?# In other words, for WPA3, wpa=2 is used the configuration (and

?# wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).

-#wpa=2

+wpa=2

?# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit

?# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase

@@ -1473,7 +1473,7 @@

?# wpa_psk (dot11RSNAConfigPSKValue)

?# wpa_passphrase (dot11RSNAConfigPSKPassPhrase)

?#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

-#wpa_passphrase=secret passphrase

+wpa_passphrase=MyPassword1234

?# Optionally, WPA PSKs can be read from a separate text file (containing list

?# of (PSK,MAC address) pairs. This allows more than one PSK to be configured.

-------------------------------

上面是配置2.4GHz頻段的AP，如果需要配置5GHz頻段，則需要修改下面內(nèi)容：

-------------------------------

hw_mode=a

channel=40

ieee80211n=1

-------------------------------

./?文件?- /etc/systemd/network/hostapd.network，用于配置AP?固定IP以及DHCP服務(wù)

-------------------------------

[Match]

Name=<IF_NAME>

[Network]

Address=192.168.8.1/24

DHCPServer=yes

-------------------------------

c).?配置相關(guān)systemd啟動(dòng)服務(wù)

./?開機(jī)自動(dòng)啟動(dòng)WiFi服務(wù)，當(dāng)然Linux BSP已經(jīng)包含了?/lib/systemd/system/enable-wifi.service?服務(wù)文件，只需要后面通過systemctl命令使能即可。

-------------------------------

[Unit]

Description=Enable Wifi

BindsTo=sys-subsystem-net-devices-uap0.device

After=sys-subsystem-net-devices-uap0.device

[Service]

Type=oneshot

ExecStart=/usr/bin/connmanctl enable wifi

ExecStop=

RemainAfterExit=yes

[Install]

WantedBy=multi-user.target

-------------------------------

./?修改默認(rèn)的?Hostapd?服務(wù)文件，使其確定在Wifi服務(wù)以及uap0端口起來后再啟動(dòng)，避免出現(xiàn)啟動(dòng)失敗。

-------------------------------

--- a/lib/systemd/system/hostapd.service

+++ b/lib/systemd/system/hostapd.service

@@ -1,6 +1,7 @@

?[Unit]

?Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

-After=network.target

+BindsTo=sys-subsystem-net-devices-uap0.device

+After=sys-subsystem-net-devices-uap0.device

?[Service]

?Type=forking

-------------------------------

./?重載并使能上述修改的服務(wù)然后重新啟動(dòng)

-------------------------------

$ systemctl --system daemon-reload

$ systemctl enable hostapd

$ systemctl enable enable-wifi.service

$ reboot

-------------------------------

c).?測試AP配置

./?重啟后，通過PC WiFi網(wǎng)卡掃描可以找到?ap-apalis-imx8 AP設(shè)備，使用上面配置文件設(shè)定的密碼連接后，ping通訊正常

-------------------------------

// on apalis imx8 linux

root@apalis-imx8:~# ifconfig uap0

uap0????? Link encap:Ethernet? HWaddr C0:E4:34:2F:C6:A1?

????????? inet addr:192.168.8.1? Bcast:192.168.8.255? Mask:255.255.255.0

????? ????inet6 addr: fe80::c2e4:34ff:fe2f:c6a1/64 Scope:Link

????????? UP BROADCAST RUNNING MULTICAST? MTU:1500? Metric:1

????????? RX packets:78 errors:0 dropped:0 overruns:0 frame:0

????????? TX packets:100 errors:39 dropped:0 overruns:0 carrier:0

????????? collisions:0 txqueuelen:1000

????????? RX bytes:11466 (11.1 KiB)? TX bytes:5792 (5.6 KiB)

// on Ubuntu desktop

$ ifconfig wlo1

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>? mtu 1500

??????? inet 192.168.8.72? netmask 255.255.255.0? broadcast 192.168.8.255

??????? inet6 fe80::8f97:db63:7329:9efb? prefixlen 64? scopeid 0x20<link>

ether 3c:f0:11:6f:d0:47? txqueuelen 1000? (以太網(wǎng))

??????? RX packets 951788? bytes 722874574 (722.8 MB)

??????? RX errors 0? dropped 0? overruns 0? frame 0

??????? TX packets 99168? bytes 16375180 (16.3 MB)

??????? TX errors 0? dropped 0 overruns 0? carrier 0? collisions 0

$ ping 192.168.8.1

PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.

64 bytes from 192.168.8.1: icmp_seq=1 ttl=64 time=5.82 ms

64 bytes from 192.168.8.1: icmp_seq=2 ttl=64 time=4.13 ms

64 bytes from 192.168.8.1: icmp_seq=3 ttl=64 time=4.15 ms

^C

--- 192.168.8.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2001ms

rtt min/avg/max/mdev = 4.138/4.705/5.824/0.793 ms

-------------------------------

4).?網(wǎng)絡(luò)共享功能配置

a).?將WiFi模塊Client模式端口連接到可連接互聯(lián)網(wǎng)的WiFi網(wǎng)絡(luò)，用于作為下面AP端口網(wǎng)絡(luò)共享的端口

./?查看WiFi模塊client模式端口

-------------------------------

root@apalis-imx8:~# ifconfig |grep mlan

mlan0???? Link encap:Ethernet? HWaddr C0:E4:34:2F:C4:A1

-------------------------------

./?參考這里的說明，連接WiFi網(wǎng)絡(luò)，連接后狀態(tài)如下：

-------------------------------

root@apalis-imx8:~# ifconfig mlan0?????

mlan0???? Link encap:Ethernet? HWaddr C0:E4:34:2F:C4:A1?

????????? inet addr:10.20.1.123? Bcast:10.20.1.255? Mask:255.255.255.0

????????? inet6 addr: fe80::c2e4:34ff:fe2f:c4a1/64 Scope:Link

????????? UP BROADCAST RUNNING MULTICAST? MTU:1500? Metric:1

????????? RX packets:18613 errors:0 dropped:39 overruns:0 frame:0

????????? TX packets:12421 errors:0 dropped:0 overruns:0 carrier:0

????????? collisions:0 txqueuelen:1000

????????? RX bytes:20897583 (19.9 MiB)? TX bytes:1621867 (1.5 MiB)

-------------------------------

b).?使能Packet Forwarding

文件?- /etc/sysctl.d/30-ipforward.conf

-------------------------------

net.ipv4.ip_forward=1

net.ipv6.conf.default.forwarding=1

net.ipv6.conf.all.forwarding=1

-------------------------------

c).?使能NAT

./?首先需要kernel包含下面驅(qū)動(dòng)，直接編譯到kernel或者編譯成kernel modules都可以，當(dāng)前測試BSP是已經(jīng)編譯為kernel modules，如果沒有包含則需要重新編譯kernel添加進(jìn)入

-------------------------------

root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_IP_NF_IPTABLES????????????????????????????????????

CONFIG_IP_NF_IPTABLES=m

root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

-------------------------------

./?使用iptables使能NAT，首先創(chuàng)建下面iptables?規(guī)則

-------------------------------

iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i uap0 -o mlan0 -j ACCEPT

-------------------------------

./?將上面設(shè)置的規(guī)則保存到配置文件

-------------------------------

$ iptables-save > /etc/iptables/iptables.rules

-------------------------------

./?使能iptable服務(wù)，當(dāng)前BSP已經(jīng)包含服務(wù)文件?/lib/systemd/system/iptables.service

-------------------------------

$ systemctl enable iptables

-------------------------------

d).?重啟后上述配置生效，然后啟動(dòng)后可以通過systemctl查看相關(guān)服務(wù)是否都啟動(dòng)正常

-------------------------------

$ systemctl status hostapd

$ systemctl status enable-wifi

$ systemctl status iptables

-------------------------------

e).?同樣使用Ubuntu desktop連接ap-apalis-imx8 AP后，如下測試可以正常連接互聯(lián)網(wǎng)了，證明網(wǎng)絡(luò)共享配置成功

-------------------------------

$ ifconfig wlo1

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>? mtu 1500

??????? inet 192.168.8.72? netmask 255.255.255.0? broadcast 192.168.8.255

??????? inet6 fe80::8f97:db63:7329:9efb? prefixlen 64? scopeid 0x20<link>

ether 3c:f0:11:6f:d0:47? txqueuelen 1000? (以太網(wǎng))

??????? RX packets 967881? bytes 745946717 (745.9 MB)

??????? RX errors 0? dropped 0? overruns 0? frame 0

??????? TX packets 103940? bytes 17087302 (17.0 MB)

??????? TX errors 0? dropped 0 overruns 0? carrier 0? collisions 0

# ping?百度網(wǎng)址，因?yàn)锳P默認(rèn)沒有設(shè)定DNS配置，因此連接后需要手動(dòng)指定一個(gè)有效的DNS地址才能進(jìn)行DNS解析

$ ping www.baidu.com

PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=1 ttl=51 time=8.97 ms

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=2 ttl=51 time=11.2 ms

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=3 ttl=51 time=10.8 ms

^C

--- www.a.shifen.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms

rtt min/avg/max/mdev = 8.972/10.369/11.276/1.005 ms

-------------------------------

5).?總結(jié)

本文在iMX8嵌入式平臺(tái)下使用Linux開源工具測試了WiFi?模塊AP模式以及網(wǎng)絡(luò)共享功能。

參考文檔

https://developer.toradex.cn/knowledge-base/wi-fi-access-point-mode

https://wiki.archlinux.org/index.php/Internet_sharing