Approved way to bring individual wifi interfaces up / down?

Is there a 'LEDE/OpenWRT' approved way to bring up / down an individual wifi interface within the existing system?

I have multiple essids defined on my wifi interface, with the intention of bringing one of them up / down from a cron job. On a full Linux box, I would just bring the interface up/down with ifup / ifdown, with the relevant hostap kicked off from /etc/network/interfaces. I can't seem to work out what the equivalent command would be under OpenWRT/LEDE. I can bring up the entire wifi stack easily enough with the wifi command (which also appears to be what the wifi_schedule extension does), but not an individual essid.

Any suggestions?

Take a look at https://openwrt.org/docs/guide-developer/ubus if it's too "hackish" to either directly modify /etc/config/network or indirectly modify it with uci and calling /sbin/wifi reload

Be aware that in OpenWRT, at least as I understand it, a change to the wireless configuration results in the destruction and re-creation of all wireless interfaces. This also potentially re-numbers/names the interfaces unless they are explicitly declared in /etc/config/wireless

Edit: See package/kernel/mac80211/files/lib/netifd/wireless/mac80211.sh

1 Like

Ta - I'll have a poke about.

(I'd rather not reload the entire wifi stack as that would impact existing connections on the other essids.)

What's wrong with

ip link dev wlan3 set down

On OpenWrt a single hostapd instance usually controls all vifs so no, you cannot bring down single SSIDs by the means of ifdown/ifup. You could see if you could abuse the hostapd control socket interface though, to stop networks at runtime.

2 Likes

IIRC hostapd complains in the logs on a regular basis if you do that. But the errors are presumably benign, so it's not the worst approach.

Something else to try! Thanks.

1 Like

Hmm. On further investigation, ip link dev wlan0-1 set down appears to kill that network interface for good until you restart hostapd.

would it be sufficient for your use case to firewall off this link so that although you can get connected via wifi, you can't reach anything? It seems like because there's just one hostapd you probably can't drop that one wifi connection without a restart of the other networks.

cron could put in a simple reject rule for all forwarding from or to this network, and remove it later.

1 Like

That would be a good solution to the problem: It's beginning to look like there's no way to drop an individual virtual wifi interface without restarting the whole wifi stack, so going a level up the networking stack is probably the next step.

1 Like