Merge branch 'wifi' into next

2024-05-14 08:04:19 +00:00 · 2023-11-14 23:36:13 +01:00 · 2023-11-14 23:36:13 +01:00 · a4b2da8087
parent 3aec5d70c6 4c3430fbb6
commit a4b2da8087
26 changed files with 693 additions and 61 deletions
--- a/25
+++ b/25
@ -4,31 +4,38 @@

 CAPSMAN = $(wildcard *.capsman.rsc)
 LOCAL = $(wildcard *.local.rsc)
+WIFI = $(wildcard *.wifi.rsc)
 WIFIWAVE2 = $(wildcard *.wifiwave2.rsc)

 MARKDOWN = $(wildcard *.md doc/*.md doc/mod/*.md)
 HTML = $(MARKDOWN:.md=.html)

-all: $(CAPSMAN) $(LOCAL) $(WIFIWAVE2) $(HTML)
+all: $(CAPSMAN) $(LOCAL) $(WIFI) $(WIFIWAVE2) $(HTML)

 %.html: %.md Makefile
 	markdown $< | sed 's/href="\([-_\./[:alnum:]]*\)\.md"/href="\1.html"/g' > $@

-%.local.rsc: %.template.rsc Makefile
-	sed -e '/\/caps-man/d' -e '/\/interface\/wifiwave2/d' -e 's|%TEMPL%|.local|' \
-		-e '/^# NOT \/interface\/wireless #$$/,/^# NOT \/interface\/wireless #$$/d' \
+%.capsman.rsc: %.template.rsc Makefile
+	sed -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.capsman|' \
+		-e '/^# NOT \/caps-man\/ #$$/,/^# NOT \/caps-man\/ #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@

-%.capsman.rsc: %.template.rsc Makefile
-	sed -e '/\/interface\/wifiwave2/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.capsman|' \
-		-e '/^# NOT \/caps-man #$$/,/^# NOT \/caps-man #$$/d' \
+%.local.rsc: %.template.rsc Makefile
+	sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wifiwave2\//d' -e 's|%TEMPL%|.local|' \
+		-e '/^# NOT \/interface\/wireless\/ #$$/,/^# NOT \/interface\/wireless\/ #$$/d' \
+		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
+		< $< > $@
+
+%.wifi.rsc: %.template.rsc Makefile
+	sed -e '/\/caps-man\//d' -e '/\/interface\/wifiwave2\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifi|' \
+		-e '/^# NOT \/interface\/wifi\/ #$$/,/^# NOT \/interface\/wifi\/ #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@

 %.wifiwave2.rsc: %.template.rsc Makefile
-	sed -e '/\/caps-man/d' -e '/\/interface\/wireless/d' -e 's|%TEMPL%|.wifiwave2|' \
-		-e '/^# NOT \/interface\/wifiwave2 #$$/,/^# NOT \/interface\/wifiwave2 #$$/d' \
+	sed -e '/\/caps-man\//d' -e '/\/interface\/wifi\//d' -e '/\/interface\/wireless\//d' -e 's|%TEMPL%|.wifiwave2|' \
+		-e '/^# NOT \/interface\/wifiwave2\/ #$$/,/^# NOT \/interface\/wifiwave2\/ #$$/d' \
 		-e '/^# !!/,/^# !!/c # !! Do not edit this file, it is generated from template!' \
 		< $< > $@

--- a/accesslist-duplicates.template.rsc
+++ b/accesslist-duplicates.template.rsc
@ -18,13 +18,16 @@
 :local Seen ({});

 :foreach AccList in=[ /caps-man/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
+:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
 :foreach AccList in=[ /interface/wifiwave2/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
 :foreach AccList in=[ /interface/wireless/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
  :local Mac [ /caps-man/access-list/get $AccList mac-address ];
+  :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
  :local Mac [ /interface/wifiwave2/access-list/get $AccList mac-address ];
  :local Mac [ /interface/wireless/access-list/get $AccList mac-address ];
  :if ($Seen->$Mac = 1) do={
    /caps-man/access-list/print where mac-address=$Mac;
+    /interface/wifi/access-list/print where mac-address=$Mac;
    /interface/wifiwave2/access-list/print where mac-address=$Mac;
    /interface/wireless/access-list/print where mac-address=$Mac;
    :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
@ -32,6 +35,7 @@
    :if ([ :typeof $Remove ] = "num") do={
      :put ("Removing numeric id " . $Remove . "...\n");
      /caps-man/access-list/remove $Remove;
+      /interface/wifi/access-list/remove $Remove;
      /interface/wifiwave2/access-list/remove $Remove;
      /interface/wireless/access-list/remove $Remove;
    }
--- a/accesslist-duplicates.wifi.rsc
+++ b/accesslist-duplicates.wifi.rsc
@ -0,0 +1,31 @@
+#!rsc by RouterOS
+# RouterOS script: accesslist-duplicates.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# requires RouterOS, version=7.12beta1
+#
+# print duplicate antries in wireless access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/accesslist-duplicates.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "accesslist-duplicates.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:local Seen ({});
+
+:foreach AccList in=[ /interface/wifi/access-list/find where mac-address!="00:00:00:00:00:00" ] do={
+  :local Mac [ /interface/wifi/access-list/get $AccList mac-address ];
+  :if ($Seen->$Mac = 1) do={
+    /interface/wifi/access-list/print where mac-address=$Mac;
+    :local Remove [ :tonum [ /terminal/ask prompt="\nNumeric id to remove, any key to skip!" ] ];
+
+    :if ([ :typeof $Remove ] = "num") do={
+      :put ("Removing numeric id " . $Remove . "...\n");
+      /interface/wifi/access-list/remove $Remove;
+    }
+  }
+  :set ($Seen->$Mac) 1;
+}
--- a/capsman-download-packages.template.rsc
+++ b/capsman-download-packages.template.rsc
@ -25,6 +25,7 @@ $ScriptLock $0;
 $WaitFullyConnected;

 :local PackagePath [ $CleanFilePath [ /caps-man/manager/get package-path ] ];
+:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
 :local PackagePath [ $CleanFilePath [ /interface/wifiwave2/capsman/get package-path ] ];
 :local InstalledVersion [ /system/package/update/get installed-version ];
 :local Updated false;
@ -55,7 +56,8 @@ $WaitFullyConnected;
  }
 }

-# NOT /interface/wifiwave2 #
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
 :if ([ :len [ /system/logging/find where topics~"error" !(topics~"!error") \
     !(topics~"!caps") action=memory !disabled !invalid ] ] < 1) do={
  $LogPrintExit2 warning $0 ("Looks like error messages for 'caps' are not sent to memory. " . \
@ -81,19 +83,25 @@ $WaitFullyConnected;
    :set Updated true;
  }
 }
-# NOT /interface/wifiwave2 #
-# NOT /caps-man #
+# NOT /interface/wifiwave2/ #
+# NOT /interface/wifi/ #
+# NOT /caps-man/ #
 :if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
  $LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
  :foreach Arch in={ "arm"; "arm64" } do={
+# NOT /interface/wifi/ #
    :foreach Package in={ "routeros"; "wifiwave2" } do={
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
+    :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={
+# NOT /interface/wifiwave2/ #
      :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
        :set Updated true;
      }
    }
  }
 }
-# NOT /caps-man #
+# NOT /caps-man/ #

 :if ($Updated = true) do={
  :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
@ -101,6 +109,7 @@ $WaitFullyConnected;
    /system/script/run $Script;
  } else={
    /caps-man/remote-cap/upgrade [ find where version!=$InstalledVersion ];
+    /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
    /interface/wifiwave2/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
  }
 }
--- a/capsman-download-packages.wifi.rsc
+++ b/capsman-download-packages.wifi.rsc
@ -0,0 +1,74 @@
+#!rsc by RouterOS
+# RouterOS script: capsman-download-packages.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+#                         Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# download and cleanup packages for CAP installation from CAPsMAN
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-download-packages.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "capsman-download-packages.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global CleanFilePath;
+:global DownloadPackage;
+:global LogPrintExit2;
+:global MkDir;
+:global ScriptLock;
+:global WaitFullyConnected;
+
+$ScriptLock $0;
+$WaitFullyConnected;
+
+:local PackagePath [ $CleanFilePath [ /interface/wifi/capsman/get package-path ] ];
+:local InstalledVersion [ /system/package/update/get installed-version ];
+:local Updated false;
+
+:if ([ :len $PackagePath ] = 0) do={
+  $LogPrintExit2 warning $0 ("The CAPsMAN package path is not defined, can not download packages.") true;
+}
+
+:if ([ :len [ /file/find where name=$PackagePath type="directory" ] ] = 0) do={
+  :if ([ $MkDir $PackagePath ] = false) do={
+    $LogPrintExit2 warning $0 ("Creating directory at CAPsMAN package path (" . \
+      $PackagePath . ") failed!") true;
+  }
+  $LogPrintExit2 info $0 ("Created directory at CAPsMAN package path (" . $PackagePath . \
+    "). Please place your packages!") false;
+}
+
+:foreach Package in=[ /file/find where type=package \
+      package-version!=$InstalledVersion name~("^" . $PackagePath) ] do={
+  :local File [ /file/get $Package ];
+  :if ($File->"package-architecture" = "mips") do={
+    :set ($File->"package-architecture") "mipsbe";
+  }
+  :if ([ $DownloadPackage ($File->"package-name") $InstalledVersion \
+       ($File->"package-architecture") $PackagePath ] = true) do={
+    :set Updated true;
+    /file/remove $Package;
+  }
+}
+
+:if ([ :len [ /file/find where type=package name~("^" . $PackagePath) ] ] = 0) do={
+  $LogPrintExit2 info $0 ("No packages available, downloading default set.") false;
+  :foreach Arch in={ "arm"; "arm64" } do={
+    :foreach Package in={ "routeros"; "wifi-qcom"; "wifi-qcom-ac" } do={
+      :if ([ $DownloadPackage $Package $InstalledVersion $Arch $PackagePath ] = true) do={
+        :set Updated true;
+      }
+    }
+  }
+}
+
+:if ($Updated = true) do={
+  :local Script ([ /system/script/find where source~"\n# provides: capsman-rolling-upgrade\n" ]->0);
+  :if ([ :len $Script ] > 0) do={
+    /system/script/run $Script;
+  } else={
+    /interface/wifi/capsman/remote-cap/upgrade [ find where version!=$InstalledVersion ];
+  }
+}
--- a/capsman-rolling-upgrade.template.rsc
+++ b/capsman-rolling-upgrade.template.rsc
@ -24,21 +24,25 @@ $ScriptLock $0;
 :local InstalledVersion [ /system/package/update/get installed-version ];

 :local RemoteCapCount [ :len [ /caps-man/remote-cap/find ] ];
+:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
 :local RemoteCapCount [ :len [ /interface/wifiwave2/capsman/remote-cap/find ] ];
 :if ($RemoteCapCount > 0) do={
  :local Delay (600 / $RemoteCapCount);
  :if ($Delay > 120) do={ :set Delay 120; }
  :foreach RemoteCap in=[ /caps-man/remote-cap/find where version!=$InstalledVersion ] do={
+  :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
  :foreach RemoteCap in=[ /interface/wifiwave2/capsman/remote-cap/find where version!=$InstalledVersion ] do={
    :local RemoteCapVal [ /caps-man/remote-cap/get $RemoteCap ];
+    :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
    :local RemoteCapVal [ /interface/wifiwave2/capsman/remote-cap/get $RemoteCap ];
    :if ([ :len $RemoteCapVal ] > 1) do={
-# NOT /caps-man #
+# NOT /caps-man/ #
      :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
-# NOT /caps-man #
+# NOT /caps-man/ #
      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
        " (" . $RemoteCapVal->"identity" . ")...") false;
      /caps-man/remote-cap/upgrade $RemoteCap;
+      /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
      /interface/wifiwave2/capsman/remote-cap/upgrade $RemoteCap;
    } else={
      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
--- a/capsman-rolling-upgrade.wifi.rsc
+++ b/capsman-rolling-upgrade.wifi.rsc
@ -0,0 +1,41 @@
+#!rsc by RouterOS
+# RouterOS script: capsman-rolling-upgrade.wifi
+# Copyright (c) 2018-2023 Christian Hesse <mail@eworm.de>
+#                         Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: capsman-rolling-upgrade
+#
+# upgrade CAPs one after another
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/capsman-rolling-upgrade.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "capsman-rolling-upgrade.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:local InstalledVersion [ /system/package/update/get installed-version ];
+
+:local RemoteCapCount [ :len [ /interface/wifi/capsman/remote-cap/find ] ];
+:if ($RemoteCapCount > 0) do={
+  :local Delay (600 / $RemoteCapCount);
+  :if ($Delay > 120) do={ :set Delay 120; }
+  :foreach RemoteCap in=[ /interface/wifi/capsman/remote-cap/find where version!=$InstalledVersion ] do={
+    :local RemoteCapVal [ /interface/wifi/capsman/remote-cap/get $RemoteCap ];
+    :if ([ :len $RemoteCapVal ] > 1) do={
+      :set ($RemoteCapVal->"name") ($RemoteCapVal->"common-name");
+      $LogPrintExit2 info $0 ("Starting upgrade for " . $RemoteCapVal->"name" . \
+        " (" . $RemoteCapVal->"identity" . ")...") false;
+      /interface/wifi/capsman/remote-cap/upgrade $RemoteCap;
+    } else={
+      $LogPrintExit2 warning $0 ("Remote CAP vanished, skipping upgrade.") false;
+    }
+    :delay ($Delay . "s");
+  }
+}
--- a/collect-wireless-mac.template.rsc
+++ b/collect-wireless-mac.template.rsc
@ -29,23 +29,28 @@
 $ScriptLock $0 false 10;

 :if ([ :len [ /caps-man/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
 :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
 :if ([ :len [ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- collected above ---" disabled=yes;
+  /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
  /interface/wifiwave2/access-list/add comment="--- collected above ---" disabled=yes;
  /interface/wireless/access-list/add comment="--- collected above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
 }
 :local PlaceBefore ([ /caps-man/access-list/find where comment="--- collected above ---" disabled ]->0);
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- collected above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wireless/access-list/find where comment="--- collected above ---" disabled ]->0);

 :foreach Reg in=[ /caps-man/registration-table/find ] do={
+:foreach Reg in=[ /interface/wifi/registration-table/find ] do={
 :foreach Reg in=[ /interface/wifiwave2/registration-table/find ] do={
 :foreach Reg in=[ /interface/wireless/registration-table/find where ap=no ] do={
  :local RegVal;
  :do {
    :set RegVal [ /caps-man/registration-table/get $Reg ];
+    :set RegVal [ /interface/wifi/registration-table/get $Reg ];
    :set RegVal [ /interface/wifiwave2/registration-table/get $Reg ];
    :set RegVal [ /interface/wireless/registration-table/get $Reg ];
  } on-error={
@ -54,11 +59,13 @@ $ScriptLock $0 false 10;

  :if ([ :len ($RegVal->"mac-address") ] > 0) do={
    :local AccessList ([ /caps-man/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
+    :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :local AccessList ([ /interface/wireless/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
    :if ([ :len $AccessList ] > 0) do={
      $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
        [ /caps-man/access-list/get $AccessList comment ]) false;
+        [ /interface/wifi/access-list/get $AccessList comment ]) false;
        [ /interface/wifiwave2/access-list/get $AccessList comment ]) false;
        [ /interface/wireless/access-list/get $AccessList comment ]) false;
    }
@ -87,6 +94,7 @@ $ScriptLock $0 false 10;
        "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
      $LogPrintExit2 info $0 $Message false;
      /caps-man/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
+      /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      /interface/wifiwave2/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      /interface/wireless/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
      $SendNotification2 ({ origin=$0; \
--- a/collect-wireless-mac.wifi.rsc
+++ b/collect-wireless-mac.wifi.rsc
@ -0,0 +1,90 @@
+#!rsc by RouterOS
+# RouterOS script: collect-wireless-mac.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=40
+#
+# collect wireless mac adresses in access list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/collect-wireless-mac.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "collect-wireless-mac.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global Identity;
+
+:global EitherOr;
+:global FormatLine;
+:global FormatMultiLines;
+:global GetMacVendor;
+:global LogPrintExit2;
+:global ScriptLock;
+:global SendNotification2;
+:global SymbolForNotification;
+
+$ScriptLock $0 false 10;
+
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ] ] = 0) do={
+  /interface/wifi/access-list/add comment="--- collected above ---" disabled=yes;
+  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- collected above ---'.") false;
+}
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- collected above ---" disabled ]->0);
+
+:foreach Reg in=[ /interface/wifi/registration-table/find ] do={
+  :local RegVal;
+  :do {
+    :set RegVal [ /interface/wifi/registration-table/get $Reg ];
+  } on-error={
+    $LogPrintExit2 debug $0 ("Device already gone... Ignoring.") false;
+  }
+
+  :if ([ :len ($RegVal->"mac-address") ] > 0) do={
+    :local AccessList ([ /interface/wifi/access-list/find where mac-address=($RegVal->"mac-address") ]->0);
+    :if ([ :len $AccessList ] > 0) do={
+      $LogPrintExit2 debug $0 ("MAC address " . $RegVal->"mac-address" . " already known: " . \
+        [ /interface/wifi/access-list/get $AccessList comment ]) false;
+    }
+
+    :if ([ :len $AccessList ] = 0) do={
+      :local Address "no dhcp lease";
+      :local DnsName "no dhcp lease";
+      :local HostName "no dhcp lease";
+      :local Lease ([ /ip/dhcp-server/lease/find where active-mac-address=($RegVal->"mac-address") dynamic=yes status=bound ]->0);
+      :if ([ :len $Lease ] > 0) do={
+        :set Address [ /ip/dhcp-server/lease/get $Lease active-address ];
+        :set HostName [ $EitherOr [ /ip/dhcp-server/lease/get $Lease host-name ] "no hostname" ];
+        :set DnsName "no dns name";
+        :local DnsRec ([ /ip/dns/static/find where address=$Address ]->0);
+        :if ([ :len $DnsRec ] > 0) do={
+          :set DnsName ({ [ /ip/dns/static/get $DnsRec name ] });
+          :foreach CName in=[ /ip/dns/static/find where type=CNAME cname=($DnsName->0) ] do={
+            :set DnsName ($DnsName, [ /ip/dns/static/get $CName name ]);
+          }
+        }
+      }
+      :local DateTime ([ /system/clock/get date ] . " " . [ /system/clock/get time ]);
+      :local Vendor [ $GetMacVendor ($RegVal->"mac-address") ];
+      :local Message ("MAC address " . $RegVal->"mac-address" . " (" . $Vendor . ", " . $HostName . ") " . \
+        "first seen on " . $DateTime . " connected to SSID " . $RegVal->"ssid" . ", interface " . $RegVal->"interface");
+      $LogPrintExit2 info $0 $Message false;
+      /interface/wifi/access-list/add place-before=$PlaceBefore comment=$Message mac-address=($RegVal->"mac-address") disabled=yes;
+      $SendNotification2 ({ origin=$0; \
+        subject=([ $SymbolForNotification "mobile-phone" ] . $RegVal->"mac-address" . " connected to " . $RegVal->"ssid"); \
+        message=("A device with unknown MAC address connected to " . $RegVal->"ssid" . " on " . $Identity . ".\n\n" . \
+          [ $FormatLine "Controller" $Identity ] . "\n" . \
+          [ $FormatLine "Interface" ($RegVal->"interface") ] . "\n" . \
+          [ $FormatLine "SSID" ($RegVal->"ssid") ] . "\n" . \
+          [ $FormatLine "MAC" ($RegVal->"mac-address") ] . "\n" . \
+          [ $FormatLine "Vendor" $Vendor ] . "\n" . \
+          [ $FormatLine "Hostname" $HostName ] . "\n" . \
+          [ $FormatLine "Address" $Address ] . "\n" . \
+          [ $FormatMultiLines "DNS name" $DnsName ] . "\n" . \
+          [ $FormatLine "Date" $DateTime ]) });
+    }
+  } else={
+    $LogPrintExit2 debug $0 ("No mac address available... Ignoring.") false;
+  }
+}
--- a/daily-psk.template.rsc
+++ b/daily-psk.template.rsc
@ -56,17 +56,22 @@ $WaitFullyConnected;
 :local NewPsk [ $GeneratePSK $Date ];

 :foreach AccList in=[ /caps-man/access-list/find where comment~$DailyPskMatchComment ] do={
+:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={
 :foreach AccList in=[ /interface/wifiwave2/access-list/find where comment~$DailyPskMatchComment ] do={
 :foreach AccList in=[ /interface/wireless/access-list/find where comment~$DailyPskMatchComment ] do={
  :local SsidRegExp [ /caps-man/access-list/get $AccList ssid-regexp ];
+  :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ];
  :local SsidRegExp [ /interface/wifiwave2/access-list/get $AccList ssid-regexp ];
  :local Configuration ([ /caps-man/configuration/find where ssid~$SsidRegExp ]->0);
+  :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0);
  :local Configuration ([ /interface/wifiwave2/configuration/find where ssid~$SsidRegExp ]->0);
  :local Ssid [ /caps-man/configuration/get $Configuration ssid ];
+  :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ];
  :local Ssid [ /interface/wifiwave2/configuration/get $Configuration ssid ];
  :local OldPsk [ /caps-man/access-list/get $AccList private-passphrase ];
+  :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ];
  :local OldPsk [ /interface/wifiwave2/access-list/get $AccList passphrase ];
-  # /caps-man /interface/wifiwave2 above - /interface/wireless below
+  # /caps-man/ /interface/wifi/ /interface/wifiwave2/ above - /interface/wireless/ below
  :local IntName [ /interface/wireless/access-list/get $AccList interface ];
  :local Ssid [ /interface/wireless/get $IntName ssid ];
  :local OldPsk [ /interface/wireless/access-list/get $AccList private-pre-shared-key ];
@ -75,10 +80,12 @@ $WaitFullyConnected;
  :if ($NewPsk != $OldPsk) do={
    $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
    /caps-man/access-list/set $AccList private-passphrase=$NewPsk;
+    /interface/wifi/access-list/set $AccList passphrase=$NewPsk;
    /interface/wifiwave2/access-list/set $AccList passphrase=$NewPsk;
    /interface/wireless/access-list/set $AccList private-pre-shared-key=$NewPsk;

    :if ([ :len [ /caps-man/actual-interface-configuration/find where configuration.ssid=$Ssid !disabled ] ] > 0) do={
+    :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
    :if ([ :len [ /interface/wifiwave2/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
    :if ([ :len [ /interface/wireless/find where name=$IntName !disabled ] ] = 1) do={
      :if ($Seen->$Ssid = 1) do={
--- a/daily-psk.wifi.rsc
+++ b/daily-psk.wifi.rsc
@ -0,0 +1,85 @@
+#!rsc by RouterOS
+# RouterOS script: daily-psk.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+#                         Michael Gisbers <michael@gisbers.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# update daily PSK (pre shared key)
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/daily-psk.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "daily-psk.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global DailyPskMatchComment;
+:global DailyPskQrCodeUrl;
+:global Identity;
+
+:global FormatLine;
+:global LogPrintExit2;
+:global ScriptLock;
+:global SendNotification2;
+:global SymbolForNotification;
+:global UrlEncode;
+:global WaitForFile;
+:global WaitFullyConnected;
+
+$ScriptLock $0;
+$WaitFullyConnected;
+
+# return pseudo-random string for PSK
+:local GeneratePSK do={
+  :local Date [ :tostr $1 ];
+
+  :global DailyPskSecrets;
+
+  :global ParseDate;
+
+  :set Date [ $ParseDate $Date ];
+
+  :local A ((14 - ($Date->"month")) / 12);
+  :local B (($Date->"year") - $A);
+  :local C (($Date->"month") + 12 * $A - 2);
+  :local WeekDay (7000 + ($Date->"day") + $B + ($B / 4) - ($B / 100) + ($B / 400) + ((31 * $C) / 12));
+  :set WeekDay ($WeekDay - (($WeekDay / 7) * 7));
+
+  :return (($DailyPskSecrets->0->(($Date->"day") - 1)) . \
+    ($DailyPskSecrets->1->(($Date->"month") - 1)) . \
+    ($DailyPskSecrets->2->$WeekDay));
+}
+
+:local Seen ({});
+:local Date [ /system/clock/get date ];
+:local NewPsk [ $GeneratePSK $Date ];
+
+:foreach AccList in=[ /interface/wifi/access-list/find where comment~$DailyPskMatchComment ] do={
+  :local SsidRegExp [ /interface/wifi/access-list/get $AccList ssid-regexp ];
+  :local Configuration ([ /interface/wifi/configuration/find where ssid~$SsidRegExp ]->0);
+  :local Ssid [ /interface/wifi/configuration/get $Configuration ssid ];
+  :local OldPsk [ /interface/wifi/access-list/get $AccList passphrase ];
+  :local Skip 0;
+
+  :if ($NewPsk != $OldPsk) do={
+    $LogPrintExit2 info $0 ("Updating daily PSK for " . $Ssid . " to " . $NewPsk . " (was " . $OldPsk . ")") false;
+    /interface/wifi/access-list/set $AccList passphrase=$NewPsk;
+
+    :if ([ :len [ /interface/wifi/actual-configuration/find where configuration.ssid=$Ssid ] ] > 0) do={
+      :if ($Seen->$Ssid = 1) do={
+        $LogPrintExit2 debug $0 ("Already sent a mail for SSID " . $Ssid . ", skipping.") false;
+      } else={
+        :local Link ($DailyPskQrCodeUrl . \
+            "?scale=8&level=1&ssid=" . [ $UrlEncode $Ssid ] . "&pass=" . [ $UrlEncode $NewPsk ]);
+        $SendNotification2 ({ origin=$0; \
+          subject=([ $SymbolForNotification "calendar" ] . "daily PSK " . $Ssid); \
+          message=("This is the daily PSK on " . $Identity . ":\n\n" . \
+            [ $FormatLine "SSID" $Ssid ] . "\n" . \
+            [ $FormatLine "PSK" $NewPsk ] . "\n" . \
+            [ $FormatLine "Date" $Date ] . "\n\n" . \
+            "A client device specific rule must not exist!"); link=$Link });
+        :set ($Seen->$Ssid) 1;
+      }
+    }
+  }
+}
--- a/dhcp-lease-comment.template.rsc
+++ b/dhcp-lease-comment.template.rsc
@ -24,10 +24,12 @@ $ScriptLock $0;
  :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
  :local NewComment;
  :local AccessList ([ /caps-man/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
+  :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :local AccessList ([ /interface/wifiwave2/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :local AccessList ([ /interface/wireless/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
  :if ([ :len $AccessList ] > 0) do={
    :set NewComment [ /caps-man/access-list/get $AccessList comment ];
+    :set NewComment [ /interface/wifi/access-list/get $AccessList comment ];
    :set NewComment [ /interface/wifiwave2/access-list/get $AccessList comment ];
    :set NewComment [ /interface/wireless/access-list/get $AccessList comment ];
  }
--- a/dhcp-lease-comment.wifi.rsc
+++ b/dhcp-lease-comment.wifi.rsc
@ -0,0 +1,33 @@
+#!rsc by RouterOS
+# RouterOS script: dhcp-lease-comment.wifi
+# Copyright (c) 2013-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=60
+#
+# update dhcp-server lease comment with infos from access-list
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/dhcp-lease-comment.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "dhcp-lease-comment.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global LogPrintExit2;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic=yes status=bound ] do={
+  :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
+  :local NewComment;
+  :local AccessList ([ /interface/wifi/access-list/find where mac-address=($LeaseVal->"active-mac-address") ]->0);
+  :if ([ :len $AccessList ] > 0) do={
+    :set NewComment [ /interface/wifi/access-list/get $AccessList comment ];
+  }
+  :if ([ :len $NewComment ] != 0 && $LeaseVal->"comment" != $NewComment) do={
+    $LogPrintExit2 info $0 ("Updating comment for DHCP lease " . $LeaseVal->"active-mac-address" . ": " . $NewComment) false;
+    /ip/dhcp-server/lease/set comment=$NewComment $Lease;
+  }
+}
--- a/doc/accesslist-duplicates.md
+++ b/doc/accesslist-duplicates.md
@ -17,11 +17,16 @@ entries in wireless access list.
 Requirements and installation
 -----------------------------

-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate accesslist-duplicates.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate accesslist-duplicates.wifiwave2;

@ -38,7 +43,7 @@ Usage and invocation

 Run this script from a terminal:

-    /system/script/run accesslist-duplicates.local;
+    /system/script/run accesslist-duplicates.wifi;

 ![screenshot: example](accesslist-duplicates.d/01-example.avif)

--- a/doc/capsman-download-packages.md
+++ b/doc/capsman-download-packages.md
@ -18,11 +18,16 @@ This script automatically downloads these packages.
 Requirements and installation
 -----------------------------

-Just install the script on CAPsMAN device. Depending on whether you use
-`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
-(`/caps-man`) you need to install a different script.
+Just install the script on CAPsMAN device.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate capsman-download-packages.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate capsman-download-packages.wifiwave2;

@ -30,7 +35,12 @@ For legacy CAPsMAN:

    $ScriptInstallUpdate capsman-download-packages.capsman;

-Optionally add a scheduler to run after startup. For `wifiwave2`:
+Optionally add a scheduler to run after startup. For `wifi` (RouterOS 7.13
+and later):
+
+    /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):

    /system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages.wifiwave2;" start-time=startup;

@ -42,8 +52,11 @@ Packages available in local storage in older version are downloaded
 unconditionally.

 If no packages are found the script tries to download missing packages for
-legacy CAPsMAN by guessing from system log. For `wifiwave2` a default set
-of packages (`routeros` and `wifiwave2` for *arm* and *arm64*) is downloaded.
+legacy CAPsMAN by guessing from system log. For `wifi` and `wifiwave2` a
+default set of packages is downloaded.
+
+ * `wifi`: `routeros`, `wifi-qcom` and `wifi-qcom-ac` for *arm* and *arm64*
+ * `wifiwave2`: `routeros` and `wifiwave2` for *arm* and *arm64*

 > ℹ️ **Info**: If you have packages in the directory and things go wrong for
 > what ever unknown reason: Remove **all** packages and start over.
@ -53,7 +66,7 @@ Usage and invocation

 Run the script manually:

-    /system/script/run capsman-download-packages.wifiwave2;
+    /system/script/run capsman-download-packages.wifi;

 ... or from scheduler.

--- a/doc/capsman-rolling-upgrade.md
+++ b/doc/capsman-rolling-upgrade.md
@ -20,11 +20,16 @@ parallel.
 Requirements and installation
 -----------------------------

-Just install the script on CAPsMAN device. Depending on whether you use
-`wifiwave2` package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN
-(`/caps-man`) you need to install a different script.
+Just install the script on CAPsMAN device.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate capsman-rolling-upgrade.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate capsman-rolling-upgrade.wifiwave2;

@ -41,7 +46,7 @@ that script when required.

 Alternatively run it manually:

-    /system/script/run capsman-rolling-upgrade.wifiwave2;
+    /system/script/run capsman-rolling-upgrade.wifi;

 See also
 --------
--- a/doc/collect-wireless-mac.md
+++ b/doc/collect-wireless-mac.md
@ -22,11 +22,16 @@ and modify it to your needs.
 Requirements and installation
 -----------------------------

-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate collect-wireless-mac.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate collect-wireless-mac.wifiwave2;

--- a/doc/daily-psk.md
+++ b/doc/daily-psk.md
@ -21,12 +21,18 @@ Requirements and installation

 Just install this script.

-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script and add
-schedulers to run the script:
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script and add schedulers to run the script:

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate daily-psk.wifi;
+    /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifi;" start-time=03:00:00;
+    /system/scheduler/add name=daily-psk@startup on-event="/system/script/run daily-psk.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate daily-psk.wifiwave2;
    /system/scheduler/add interval=1d name=daily-psk on-event="/system/script/run daily-psk.wifiwave2;" start-time=03:00:00;
@ -58,7 +64,11 @@ The configuration goes to `global-config-overlay`, these are the parameters:
 > [`global-config`](../global-config.rsc) (the one without `-overlay`) to
 > your local `global-config-overlay` and modify it to your specific needs.

-Then add an access list entry. For `wifiwave2`:
+Then add an access list entry. For `wifi` (RouterOS 7.13 and later):
+
+    /interface/wifi/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily";
+
+For `wifiwave2` (up to RouterOS 7.12):

    /interface/wifiwave2/access-list/add comment="Daily PSK" ssid-regexp="-guest\$" passphrase="ToBeChangedDaily";

--- a/doc/dhcp-lease-comment.md
+++ b/doc/dhcp-lease-comment.md
@ -15,11 +15,16 @@ from wireless access list.
 Requirements and installation
 -----------------------------

-Depending on whether you use `wifiwave2` package (`/interface/wifiwave2`)
-or legacy wifi with CAPsMAN (`/caps-man`) or local wireless interface
-(`/interface/wireless`) you need to install a different script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`), legacy wifi with CAPsMAN (`/caps-man`)
+or local wireless interface (`/interface/wireless`) you need to install a
+different script.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate dhcp-lease-comment.wifi;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate dhcp-lease-comment.wifiwave2;

--- a/doc/hotspot-to-wpa.md
+++ b/doc/hotspot-to-wpa.md
@ -19,11 +19,18 @@ Requirements and installation
 You need a properly configured hotspot on one (open) SSID and a WP2 enabled
 SSID with suffix "`-wpa`".

-Then install the script. Depending on whether you use `wifiwave2` package
-(`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`) you need
-to install a different script and set it as `on-login` script in hotspot.
+Then install the script.
+Depending on whether you use `wifi` package (`/interface/wifi`), `wifiwave2`
+package (`/interface/wifiwave2`) or legacy wifi with CAPsMAN (`/caps-man`)
+you need to install a different script and set it as `on-login` script in
+hotspot.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate hotspot-to-wpa.wifi;
+    /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifi" [ find ];
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate hotspot-to-wpa.wifiwave2;
    /ip/hotspot/user/profile/set on-login="hotspot-to-wpa.wifiwave2" [ find ];
@ -39,7 +46,12 @@ With just `hotspot-to-wpa` installed the mac addresses will last in the
 access list forever. Install the optional script for automatic cleanup
 and add a scheduler.

-For `wifiwave2`:
+For `wifi` (RouterOS 7.13 and later):
+
+    $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifi,lease-script; 
+    /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifi;" start-time=startup;
+
+For `wifiwave2` (up to RouterOS 7.12):

    $ScriptInstallUpdate hotspot-to-wpa-cleanup.wifiwave2,lease-script;
    /system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup.wifiwave2;" start-time=startup;
@ -86,7 +98,11 @@ Additionally templates can be created to give more options for access list:
 * `vlan-mode`: set the VLAN mode for device

 For a hotspot called `example` the template could look like this. For
-`wifiwave2`:
+`wifi` (RouterOS 7.13 and later):
+
+    /interface/wifi/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;
+
+For `wifiwave2` (up to RouterOS 7.12):

    /interface/wifiwave2/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10;

--- a/global-functions.rsc
+++ b/global-functions.rsc
@ -12,7 +12,7 @@
 :local 0 "global-functions";

 # expected configuration version
-:global ExpectedConfigVersion 113;
+:global ExpectedConfigVersion 114;

 # global variables not to be changed by user
 :global GlobalFunctionsReady false;
--- a/hotspot-to-wpa-cleanup.template.rsc
+++ b/hotspot-to-wpa-cleanup.template.rsc
@ -4,9 +4,9 @@
 # https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
 #
 # provides: lease-script, order=80
-# NOT /caps-man #
+# NOT /caps-man/ #
 # requires RouterOS, version=7.12beta3
-# NOT /caps-man #
+# NOT /caps-man/ #
 #
 # manage and clean up private WPA passphrase after hotspot login
 # https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
@ -36,8 +36,10 @@ $ScriptLock $0 false 10;
 }

 :foreach Client in=[ /caps-man/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
+:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
 :foreach Client in=[ /interface/wifiwave2/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
  :local ClientVal [ /caps-man/registration-table/get $Client ];
+  :local ClientVal [ /interface/wifi/registration-table/get $Client ];
  :local ClientVal [ /interface/wifiwave2/registration-table/get $Client ];
  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
      mac-address=($ClientVal->"mac-address") ] do={
@ -51,15 +53,18 @@ $ScriptLock $0 false 10;
 }

 :foreach Client in=[ /caps-man/access-list/find where comment~"^hotspot-to-wpa:" \
+:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \
 :foreach Client in=[ /interface/wifiwave2/access-list/find where comment~"^hotspot-to-wpa:" \
    !(comment~[ /system/clock/get date ]) ] do={
  :local ClientVal [ /caps-man/access-list/get $Client ];
+  :local ClientVal [ /interface/wifi/access-list/get $Client ];
  :local ClientVal [ /interface/wifiwave2/access-list/get $Client ];
  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
      " did not connect to WPA, removing from access list.") false;
    /caps-man/access-list/remove $Client;
+    /interface/wifi/access-list/remove $Client;
    /interface/wifiwave2/access-list/remove $Client;
  }
 }
@ -71,6 +76,7 @@ $ScriptLock $0 false 10;
    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
      " was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false;
    /caps-man/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
+    /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
    /interface/wifiwave2/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
      mac-address=($LeaseVal->"mac-address") ];
    /ip/dhcp-server/lease/remove $Lease;
--- a/hotspot-to-wpa-cleanup.wifi.rsc
+++ b/hotspot-to-wpa-cleanup.wifi.rsc
@ -0,0 +1,69 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa-cleanup.wifi
+# Copyright (c) 2021-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# provides: lease-script, order=80
+# requires RouterOS, version=7.12beta3
+#
+# manage and clean up private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "hotspot-to-wpa-cleanup.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global EitherOr;
+:global LogPrintExit2;
+:global ParseKeyValueStore;
+:global ScriptLock;
+
+$ScriptLock $0 false 10;
+
+:local DHCPServers ({});
+:foreach Server in=[ /ip/dhcp-server/find where comment~"hotspot-to-wpa" ] do={
+  :local ServerVal [ /ip/dhcp-server/get $Server ]
+  :local ServerInfo [ $ParseKeyValueStore ($ServerVal->"comment") ];
+  :if (($ServerInfo->"hotspot-to-wpa") = "wpa") do={
+    :set ($DHCPServers->($ServerVal->"name")) \
+      [ :totime [ $EitherOr ($ServerInfo->"timeout") 4w ] ];
+  }
+}
+
+:foreach Client in=[ /interface/wifi/registration-table/find where comment~"^hotspot-to-wpa:" ] do={
+  :local ClientVal [ /interface/wifi/registration-table/get $Client ];
+  :foreach Lease in=[ /ip/dhcp-server/lease/find where dynamic \
+      mac-address=($ClientVal->"mac-address") ] do={
+    :if (($DHCPServers->[ /ip/dhcp-server/lease/get $Lease server ]) > 0s) do={
+      $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+        " connected to WPA, making lease static.") false;
+      /ip/dhcp-server/lease/make-static $Lease;
+      /ip/dhcp-server/lease/set comment=($ClientVal->"comment") $Lease;
+    }
+  }
+}
+
+:foreach Client in=[ /interface/wifi/access-list/find where comment~"^hotspot-to-wpa:" \
+    !(comment~[ /system/clock/get date ]) ] do={
+  :local ClientVal [ /interface/wifi/access-list/get $Client ];
+  :if ([ :len [ /ip/dhcp-server/lease/find where !dynamic comment~"^hotspot-to-wpa:" \
+       mac-address=($ClientVal->"mac-address") ] ] = 0) do={
+    $LogPrintExit2 info $0 ("Client with mac address " . ($ClientVal->"mac-address") . \
+      " did not connect to WPA, removing from access list.") false;
+    /interface/wifi/access-list/remove $Client;
+  }
+}
+
+:foreach Server,Timeout in=$DHCPServers do={
+  :foreach Lease in=[ /ip/dhcp-server/lease/find where !dynamic status="waiting" \
+      server=$Server last-seen>$Timeout comment~"^hotspot-to-wpa:" ] do={
+    :local LeaseVal [ /ip/dhcp-server/lease/get $Lease ];
+    $LogPrintExit2 info $0 ("Client with mac address " . ($LeaseVal->"mac-address") . \
+      " was not seen for " . ($LeaseVal->"last-seen") . ", removing.") false;
+    /interface/wifi/access-list/remove [ find where comment~"^hotspot-to-wpa:" \
+      mac-address=($LeaseVal->"mac-address") ];
+    /ip/dhcp-server/lease/remove $Lease;
+  }
+}
--- a/hotspot-to-wpa.template.rsc
+++ b/hotspot-to-wpa.template.rsc
@ -36,22 +36,28 @@ $ScriptLock $0;
 :local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];

 :if ([ :len [ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
 :if ([ :len [ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
  /caps-man/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+  /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  /interface/wifiwave2/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
 }
 :local PlaceBefore ([ /caps-man/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
 :local PlaceBefore ([ /interface/wifiwave2/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);

 :if ([ :len [ /caps-man/access-list/find where \
+:if ([ :len [ /interface/wifi/access-list/find where \
 :if ([ :len [ /interface/wifiwave2/access-list/find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
  /caps-man/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+  /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  /interface/wifiwave2/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
 }
 :local Template [ /caps-man/access-list/get ([ find where \
+:local Template [ /interface/wifi/access-list/get ([ find where \
 :local Template [ /interface/wifiwave2/access-list/get ([ find where \
    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];

@ -65,45 +71,55 @@ $ScriptLock $0;
 $LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
  " (user " . $UserName . ").") false;
 /caps-man/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /interface/wifiwave2/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
 /caps-man/access-list/add private-passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
 /interface/wifiwave2/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
    action=reject place-before=$PlaceBefore;

 :local Entry [ /caps-man/access-list/find where mac-address=$MacAddress \
+:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \
 :local Entry [ /interface/wifiwave2/access-list/find where mac-address=$MacAddress \
    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
-# NOT /caps-man #
+# NOT /caps-man/ #
 :set ($Template->"private-passphrase") ($Template->"passphrase");
-# NOT /caps-man #
+# NOT /caps-man/ #
 :local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
 :if ([ :len $PrivatePassphrase ] > 0) do={
  :if ($PrivatePassphrase = "ignore") do={
    /caps-man/access-list/set $Entry !private-passphrase;
+    /interface/wifi/access-list/set $Entry !passphrase;
    /interface/wifiwave2/access-list/set $Entry !passphrase;
  } else={
    /caps-man/access-list/set $Entry private-passphrase=$PrivatePassphrase;
+    /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase;
    /interface/wifiwave2/access-list/set $Entry passphrase=$PrivatePassphrase;
  }
 }
 :local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
 :if ([ :len $SsidRegexp ] > 0) do={
  /caps-man/access-list/set $Entry ssid-regexp=$SsidRegexp;
+  /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp;
  /interface/wifiwave2/access-list/set $Entry ssid-regexp=$SsidRegexp;
 }
 :local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
 :if ([ :len $VlanId ] > 0) do={
  /caps-man/access-list/set $Entry vlan-id=$VlanId;
+  /interface/wifi/access-list/set $Entry vlan-id=$VlanId;
  /interface/wifiwave2/access-list/set $Entry vlan-id=$VlanId;
 }
-# NOT /interface/wifiwave2 #
+# NOT /interface/wifi/ #
+# NOT /interface/wifiwave2/ #
 :local VlanMode [ $EitherOr ($UserInfo->"vlan-mode") ($Template->"vlan-mode") ];
 :if ([ :len $VlanMode] > 0) do={
  /caps-man/access-list/set $Entry vlan-mode=$VlanMode;
 }
-# NOT /interface/wifiwave2 #
+# NOT /interface/wifiwave2/ #
+# NOT /interface/wifi/ #

 :delay 2s;
 /caps-man/access-list/set $Entry action=accept;
+/interface/wifi/access-list/set $Entry action=accept;
 /interface/wifiwave2/access-list/set $Entry action=accept;
--- a/hotspot-to-wpa.wifi.rsc
+++ b/hotspot-to-wpa.wifi.rsc
@ -0,0 +1,86 @@
+#!rsc by RouterOS
+# RouterOS script: hotspot-to-wpa.wifi
+# Copyright (c) 2019-2023 Christian Hesse <mail@eworm.de>
+# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
+#
+# add private WPA passphrase after hotspot login
+# https://git.eworm.de/cgit/routeros-scripts/about/doc/hotspot-to-wpa.md
+#
+# !! Do not edit this file, it is generated from template!
+
+:local 0 "hotspot-to-wpa.wifi";
+:global GlobalFunctionsReady;
+:while ($GlobalFunctionsReady != true) do={ :delay 500ms; }
+
+:global EitherOr;
+:global LogPrintExit2;
+:global ParseKeyValueStore;
+:global ScriptLock;
+
+$ScriptLock $0;
+
+:local MacAddress $"mac-address";
+:local UserName $username;
+
+:if ([ :typeof $MacAddress ] = "nothing" || [ :typeof $UserName ] = "nothing") do={
+  $LogPrintExit2 error $0 ("This script is supposed to run from hotspot on login.") true;
+}
+
+:local Date [ /system/clock/get date ];
+:local UserVal ({});
+:if ([ :len [ /ip/hotspot/user/find where name=$UserName ] ] > 0) do={
+  :set UserVal [ /ip/hotspot/user/get [ find where name=$UserName ] ];
+}
+:local UserInfo [ $ParseKeyValueStore ($UserVal->"comment") ];
+:local Hotspot [ /ip/hotspot/host/get [ find where mac-address=$MacAddress authorized ] server ];
+
+:if ([ :len [ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ] ] = 0) do={
+  /interface/wifi/access-list/add comment="--- hotspot-to-wpa above ---" disabled=yes;
+  $LogPrintExit2 warning $0 ("Added disabled access-list entry with comment '--- hotspot-to-wpa above ---'.") false;
+}
+:local PlaceBefore ([ /interface/wifi/access-list/find where comment="--- hotspot-to-wpa above ---" disabled ]->0);
+
+:if ([ :len [ /interface/wifi/access-list/find where \
+    comment=("hotspot-to-wpa template " . $Hotspot) disabled ] ] = 0) do={
+  /interface/wifi/access-list/add comment=("hotspot-to-wpa template " . $Hotspot) disabled=yes place-before=$PlaceBefore;
+  $LogPrintExit2 warning $0 ("Added template in access-list for hotspot '" . $Hotspot . "'.") false;
+}
+:local Template [ /interface/wifi/access-list/get ([ find where \
+    comment=("hotspot-to-wpa template " . $Hotspot) disabled ]->0) ];
+
+:if ($Template->"action" = "reject") do={
+  $LogPrintExit2 info $0 ("Ignoring login for hotspot '" . $Hotspot . "'.") true;
+}
+
+# allow login page to load
+:delay 1s;
+
+$LogPrintExit2 info $0 ("Adding/updating access-list entry for mac address " . $MacAddress . \
+  " (user " . $UserName . ").") false;
+/interface/wifi/access-list/remove [ find where mac-address=$MacAddress comment~"^hotspot-to-wpa: " ];
+/interface/wifi/access-list/add passphrase=($UserVal->"password") ssid-regexp="-wpa\$" \
+    mac-address=$MacAddress comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) \
+    action=reject place-before=$PlaceBefore;
+
+:local Entry [ /interface/wifi/access-list/find where mac-address=$MacAddress \
+    comment=("hotspot-to-wpa: " . $UserName . ", " . $MacAddress . ", " . $Date) ];
+:set ($Template->"private-passphrase") ($Template->"passphrase");
+:local PrivatePassphrase [ $EitherOr ($UserInfo->"private-passphrase") ($Template->"private-passphrase") ];
+:if ([ :len $PrivatePassphrase ] > 0) do={
+  :if ($PrivatePassphrase = "ignore") do={
+    /interface/wifi/access-list/set $Entry !passphrase;
+  } else={
+    /interface/wifi/access-list/set $Entry passphrase=$PrivatePassphrase;
+  }
+}
+:local SsidRegexp [ $EitherOr ($UserInfo->"ssid-regexp") ($Template->"ssid-regexp") ];
+:if ([ :len $SsidRegexp ] > 0) do={
+  /interface/wifi/access-list/set $Entry ssid-regexp=$SsidRegexp;
+}
+:local VlanId [ $EitherOr ($UserInfo->"vlan-id") ($Template->"vlan-id") ];
+:if ([ :len $VlanId ] > 0) do={
+  /interface/wifi/access-list/set $Entry vlan-id=$VlanId;
+}
+
+:delay 2s;
+/interface/wifi/access-list/set $Entry action=accept;
--- a/news-and-changes.rsc
+++ b/news-and-changes.rsc
@ -27,6 +27,7 @@
  111="Modified 'dhcp-to-dns' to allow multiple records for one mac address.";
  112="Enhanced 'mod/ssh-keys-import' to record the fingerprint of keys.";
  113="Added helper functions for easier setup to Matrix notification module.";
+  114="All relevant scripts were ported to new wifi package for RouterOS 7.13 and later. Migration is complex and thus not done automatically!";
 };

 # Migration steps to be applied on script updates