By Toradex秦海

1). 简介

本文介绍基于ARM嵌入式平台使用开源Hostapd软件配置测试WiFi Access Point模式,也就是AP模式。

 

本文所使用的ARM嵌入式平台来自于Toradex 基于NXP最新的iMX8 SoC(基于Cortex-A72+A53Coretex-M4架构)的ARM计算机模块Apalis iMX8QM 4GB WB IT,模块上面集成了AzureWave AW-CM276NF WiFi/BT 模块,其具体WiFi参数如下:

 

                                              image001.png

 

 

2). 准备

a). Apalis iMX8QM 4GB WB IT ARM核心版配合Ioxra 载板,连接调试串口UART1(载板X22)到开发主机方便调试。

 

b). Apalis iMX8安装Toradex Ycoto Linux Reference Multimedia image V5.0.0 2020Q3季度版本,详细信息请参考这里

 

c). WiFi模块安装标准WHF4接口天线,详情请参考这里

 

 

3). WiFi AP模式配置

a). 查看WiFi模块AP模式端口uap0

-------------------------------

root@apalis-imx8:~# ifconfig -a |grep uap

uap0      Link encap:Ethernet  HWaddr C0:E4:34:2F:C6:A1

-------------------------------

 

b). 配置Hostapd配置文件

./ file - /etc/hostapd.confHostapd服务配置文件,里面预设了很多配置项目,这里只将必要的进行修改,其他可以自行根据实际需要来配置。

-------------------------------

--- a/etc/hostapd.conf

+++ b/etc/hostapd.conf

@@ -5,7 +5,7 @@

 # management frames with the Host AP driver); wlan0 with many nl80211 drivers

 # Note: This attribute can be overridden by the values supplied with the '-i'

 # command line parameter.

-interface=wlan0

+interface=uap0

 

 # In case of atheros and nl80211 driver interfaces, an additional

 # configuration parameter, bridge, may be used to notify hostapd if the

@@ -85,7 +85,7 @@

 ##### IEEE 802.11 related configuration #######################################

 

 # SSID to be used in IEEE 802.11 management frames

-ssid=test

+ssid=ap-apalis-imx8

 # Alternative formats for configuring SSID

 # (double quoted string, hexdump, printf-escaped string)

 #ssid2="test"

@@ -1234,7 +1234,7 @@

 # authentication with external ACL for MAC addresses, and accounting

 

 # The own IP address of the access point (used as NAS-IP-Address)

-own_ip_addr=127.0.0.1

+own_ip_addr=192.168.8.1

 

 # NAS-Identifier string for RADIUS messages. When used, this should be unique

 # to the NAS within the scope of the RADIUS server. Please note that hostapd

@@ -1464,7 +1464,7 @@

 # Note that WPA3 is also configured with bit1 since it uses RSN just like WPA2.

 # In other words, for WPA3, wpa=2 is used the configuration (and

 # wpa_key_mgmt=SAE for WPA3-Personal instead of wpa_key_mgmt=WPA-PSK).

-#wpa=2

+wpa=2

 

 # WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit

 # secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase

@@ -1473,7 +1473,7 @@

 # wpa_psk (dot11RSNAConfigPSKValue)

 # wpa_passphrase (dot11RSNAConfigPSKPassPhrase)

 #wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef

-#wpa_passphrase=secret passphrase

+wpa_passphrase=MyPassword1234

 

 # Optionally, WPA PSKs can be read from a separate text file (containing list

 # of (PSK,MAC address) pairs. This allows more than one PSK to be configured.

-------------------------------

 

上面是配置2.4GHz频段的AP,如果需要配置5GHz频段,则需要修改下面内容:

-------------------------------

hw_mode=a

channel=40

ieee80211n=1

-------------------------------

 

./ 文件 - /etc/systemd/network/hostapd.network,用于配置AP 固定IP以及DHCP服务

-------------------------------

[Match]

Name=<IF_NAME>

[Network]

Address=192.168.8.1/24

DHCPServer=yes

-------------------------------

 

c). 配置相关systemd启动服务

./ 开机自动启动WiFi服务,当然Linux BSP已经包含了 /lib/systemd/system/enable-wifi.service 服务文件,只需要后面通过systemctl命令使能即可。

-------------------------------

[Unit]

Description=Enable Wifi

BindsTo=sys-subsystem-net-devices-uap0.device

After=sys-subsystem-net-devices-uap0.device

 

[Service]

Type=oneshot

ExecStart=/usr/bin/connmanctl enable wifi

ExecStop=

RemainAfterExit=yes

 

[Install]

WantedBy=multi-user.target

-------------------------------

 

./ 修改默认的 Hostapd 服务文件,使其确定在Wifi服务以及uap0端口起来后再启动,避免出现启动失败。

-------------------------------

--- a/lib/systemd/system/hostapd.service

+++ b/lib/systemd/system/hostapd.service

@@ -1,6 +1,7 @@

 [Unit]

 Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator

-After=network.target

+BindsTo=sys-subsystem-net-devices-uap0.device

+After=sys-subsystem-net-devices-uap0.device

 

 [Service]

 Type=forking

-------------------------------

 

./ 重载并使能上述修改的服务然后重新启动

-------------------------------

$ systemctl --system daemon-reload

$ systemctl enable hostapd

$ systemctl enable enable-wifi.service

$ reboot

-------------------------------

 

c). 测试AP配置

./ 重启后,通过PC WiFi网卡扫描可以找到 ap-apalis-imx8 AP设备,使用上面配置文件设定的密码连接后,ping通讯正常

-------------------------------

// on apalis imx8 linux

root@apalis-imx8:~# ifconfig uap0

uap0      Link encap:Ethernet  HWaddr C0:E4:34:2F:C6:A1 

          inet addr:192.168.8.1  Bcast:192.168.8.255  Mask:255.255.255.0

          inet6 addr: fe80::c2e4:34ff:fe2f:c6a1/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:78 errors:0 dropped:0 overruns:0 frame:0

          TX packets:100 errors:39 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:11466 (11.1 KiB)  TX bytes:5792 (5.6 KiB)

 

// on Ubuntu desktop

$ ifconfig wlo1

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.8.72  netmask 255.255.255.0  broadcast 192.168.8.255

        inet6 fe80::8f97:db63:7329:9efb  prefixlen 64  scopeid 0x20<link>

        ether 3c:f0:11:6f:d0:47  txqueuelen 1000  (以太网)

        RX packets 951788  bytes 722874574 (722.8 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 99168  bytes 16375180 (16.3 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

$ ping 192.168.8.1

PING 192.168.8.1 (192.168.8.1) 56(84) bytes of data.

64 bytes from 192.168.8.1: icmp_seq=1 ttl=64 time=5.82 ms

64 bytes from 192.168.8.1: icmp_seq=2 ttl=64 time=4.13 ms

64 bytes from 192.168.8.1: icmp_seq=3 ttl=64 time=4.15 ms

^C

--- 192.168.8.1 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2001ms

rtt min/avg/max/mdev = 4.138/4.705/5.824/0.793 ms

-------------------------------

 

 

4). 网络共享功能配置

a). WiFi模块Client模式端口连接到可连接互联网的WiFi网络,用于作为下面AP端口网络共享的端口

./ 查看WiFi模块client模式端口

-------------------------------

root@apalis-imx8:~# ifconfig |grep mlan

mlan0     Link encap:Ethernet  HWaddr C0:E4:34:2F:C4:A1

-------------------------------

./ 参考这里的说明,连接WiFi网络,连接后状态如下:

-------------------------------

root@apalis-imx8:~# ifconfig mlan0     

mlan0     Link encap:Ethernet  HWaddr C0:E4:34:2F:C4:A1 

          inet addr:10.20.1.123  Bcast:10.20.1.255  Mask:255.255.255.0

          inet6 addr: fe80::c2e4:34ff:fe2f:c4a1/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:18613 errors:0 dropped:39 overruns:0 frame:0

          TX packets:12421 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:20897583 (19.9 MiB)  TX bytes:1621867 (1.5 MiB)

-------------------------------

 

b). 使能Packet Forwarding

文件 - /etc/sysctl.d/30-ipforward.conf

-------------------------------

net.ipv4.ip_forward=1

net.ipv6.conf.default.forwarding=1

net.ipv6.conf.all.forwarding=1

-------------------------------

 

c). 使能NAT

./ 首先需要kernel包含下面驱动,直接编译到kernel或者编译成kernel modules都可以,当前测试BSP是已经编译为kernel modules,如果没有包含则需要重新编译kernel添加进入

-------------------------------

root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_IP_NF_IPTABLES                                    

CONFIG_IP_NF_IPTABLES=m

root@apalis-imx8:~# zcat /proc/config.gz |grep CONFIG_NETFILTER_XT_MATCH_CONNTRACK

CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m

-------------------------------

./ 使用iptables使能NAT,首先创建下面iptables 规则

-------------------------------

iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE

iptables -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

iptables -A FORWARD -i uap0 -o mlan0 -j ACCEPT

-------------------------------

./ 将上面设置的规则保存到配置文件

-------------------------------

$ iptables-save > /etc/iptables/iptables.rules

-------------------------------

 

./ 使能iptable服务,当前BSP已经包含服务文件 /lib/systemd/system/iptables.service

-------------------------------

$ systemctl enable iptables

-------------------------------

 

d). 重启后上述配置生效,然后启动后可以通过systemctl查看相关服务是否都启动正常

-------------------------------

$ systemctl status hostapd

$ systemctl status enable-wifi

$ systemctl status iptables

-------------------------------

 

e). 同样使用Ubuntu desktop连接ap-apalis-imx8 AP后,如下测试可以正常连接互联网了,证明网络共享配置成功

-------------------------------

$ ifconfig wlo1

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.8.72  netmask 255.255.255.0  broadcast 192.168.8.255

        inet6 fe80::8f97:db63:7329:9efb  prefixlen 64  scopeid 0x20<link>

        ether 3c:f0:11:6f:d0:47  txqueuelen 1000  (以太网)

        RX packets 967881  bytes 745946717 (745.9 MB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 103940  bytes 17087302 (17.0 MB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

# ping 百度网址,因为AP默认没有设定DNS配置,因此连接后需要手动指定一个有效的DNS地址才能进行DNS解析

$ ping www.baidu.com

PING www.a.shifen.com (180.101.49.11) 56(84) bytes of data.

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=1 ttl=51 time=8.97 ms

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=2 ttl=51 time=11.2 ms

64 bytes from 180.101.49.11 (180.101.49.11): icmp_seq=3 ttl=51 time=10.8 ms

^C

--- www.a.shifen.com ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 2003ms

rtt min/avg/max/mdev = 8.972/10.369/11.276/1.005 ms

-------------------------------

 

 

5). 总结

本文在iMX8嵌入式平台下使用Linux开源工具测试了WiFi 模块AP模式以及网络共享功能。

 

 

 

参考文档

https://developer.toradex.cn/knowledge-base/wi-fi-access-point-mode

https://wiki.archlinux.org/index.php/Internet_sharing