Incorporate `hostapd`.

The inclusion of `hostapd` [1] brings a lot of related changes
because the build process have to extended to take the challenge.

- Convert `wpa_passthru` to a more a generic services, called
  `uds_passthru` to deal with the control socket forwarding.
  It can also log the `socat` errors properly.
- Make the `Makefile` more parametric therefore the virtual disk
  image can be customized better.
- Default configurations are now moved fully to the guest's side.
- Tweak the packages to be more flexible.
- Document everything.

[1] https://w1.fi/hostapd/

4 files changed, 91 insertions, 0 deletions

diff --git a/etc/hostapd/appliance/interfaces.conf.sample b/etc/hostapd/appliance/interfaces.conf.sample
new file mode 100644
index 0000000..d346368
--- /dev/null
+++ b/etc/hostapd/appliance/interfaces.conf.sample
@@ -0,0 +1,35 @@
+# This is an iface stanza for interfaces(5) with relatively sane
+# defaults.  Consult http://manpages.org/etc-network-interfaces/5 for
+# more.
+#
+# The `eth0` networking interface represents the virtual Ethernet card
+# of the guest, which is shared with the host.  The `gateway` IP
+# address should match with the address as it was configured on the
+# host, and `address` is the guest's own address.  In addition to
+# this, it is recommended to setup a NAT between `wifibox0` and the
+# interface that faces towards the Internet.  This can be done with
+# the help of pf(4) for example.  Here is sample configuration, see
+# pf.conf(5) for more information.
+#
+#     wlan_if="wifibox0"
+#     lan_if="em0"
+#     virt_net="10.0.0.0/24"
+#
+#     scrub all
+#     nat on $lan_if from $virt_net to any -> $lan_if
+#     pass log all
+#
+# Change these values as desired, they are here only for inspiration.
+
+iface eth0 inet static
+  gateway 10.0.0.1
+  address 10.0.0.2/24
+
+# The `wlan0` networking interface is associated with the wireless
+# networking card as it is exposed by the driver.  By this default
+# configuration, the corresponding IP address is statically set to
+# make it the gateway for the wireless network, see the contents of
+# udhcp.conf for the rest.
+
+iface wlan0 inet static
+  address 192.168.0.1/24
diff --git a/etc/hostapd/appliance/iptables.sample b/etc/hostapd/appliance/iptables.sample
new file mode 100644
index 0000000..b9e2044
--- /dev/null
+++ b/etc/hostapd/appliance/iptables.sample
@@ -0,0 +1,23 @@
+# This file contains exported IP Tables data that can be read by the
+# iptables-restore(8) utility.  It is not meant to be edited by hand
+# but regenerated by the iptables-save(8) utility after the necessary
+# changes were made via the respective iptables(8) commands.
+#
+# The IP Tables stored here implement a simplistic IP forwarding and
+# NAT between `wlan0` (wireless networking) and `eth0` (virtual
+# Ethernet, facing towards the host) interfaces.
+
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+[0:0] -A FORWARD -i wlan0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+[0:0] -A FORWARD -i wlan0 -o eth0 -j ACCEPT
+COMMIT
+*nat
+:PREROUTING ACCEPT [0:0]
+:INPUT ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+[0:0] -A POSTROUTING -o eth0 -j MASQUERADE
+COMMIT
diff --git a/etc/hostapd/appliance/udhcpd.conf.sample b/etc/hostapd/appliance/udhcpd.conf.sample
new file mode 100644
index 0000000..6411e6f
--- /dev/null
+++ b/etc/hostapd/appliance/udhcpd.conf.sample
@@ -0,0 +1,19 @@
+# This is a configuration file for udhcpd(8) with some basic defaults.
+# Consult https://udhcp.busybox.net/udhcpd.conf for more.
+#
+# The value of `interface` should match with the one defined in the
+# interfaces.conf file: `interface` should be exactly the same,
+# `router` should correspond to `address` and `subnet` is the
+# `netmask`.  According to these settings below, the IP addresses are
+# handed out for the 192.168.0.0/24 network.
+#
+# Change these values as needed, they are here only for inspiration.
+
+start		192.168.0.2
+end		192.168.0.254
+max_leases	64
+interface	wlan0
+opt	subnet	255.255.255.0
+opt	router	192.168.0.1
+opt     dns     8.8.8.8 8.8.4.4
+opt	lease	864000
diff --git a/etc/hostapd/appliance/uds_passthru.conf.sample b/etc/hostapd/appliance/uds_passthru.conf.sample
new file mode 100644
index 0000000..ea5b942
--- /dev/null
+++ b/etc/hostapd/appliance/uds_passthru.conf.sample
@@ -0,0 +1,14 @@
+# This is a configuration file for the Unix Domain Socket (UDS)
+# pass-through feature.
+
+# The `network` setting should specify the IP address of the guest,
+# which should match how it was defined in the interfaces.conf file.
+network=10.0.0.2:255.255.255.0
+
+# The `sockets` setting should list all the sockets to be forwarded
+# for the host on the given ports.  The `path` will be created on the
+# host as a UDS with the specific owner and permissions.  Ideally,
+# this does not have to be changed.
+_sockdir=/var/run/hostapd
+_perms="user=root,group=0,mode=770"
+sockets="path=${_sockdir}/wlan0,${_perms},port=1200"