[openwrt/openwrt] hostapd: set group_mgmt_cipher when ieee80211w is enabled

LEDE Commits lede-commits at lists.infradead.org
Sun Jan 7 03:34:10 PST 2018


jow pushed a commit to openwrt/openwrt.git, branch master:
https://git.lede-project.org/8a57531855bd13d5930d74abd8d708be3a14b887

commit 8a57531855bd13d5930d74abd8d708be3a14b887
Author: Jo-Philipp Wich <jo at mein.io>
AuthorDate: Fri Jan 5 13:15:01 2018 +0100

    hostapd: set group_mgmt_cipher when ieee80211w is enabled
    
    In order to properly support 802.11w, hostapd needs to advertise a group
    management cipher when negotiating associations.
    
    Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which
    defaults to the standard AES-128-CMAC cipher and always emit a
    "group_mgmt_cipher" setting in native hostapd config when 802.11w is
    enabled.
    
    Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
 package/network/services/hostapd/files/hostapd.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 623b1f9..36aee85 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -174,6 +174,7 @@ hostapd_common_add_bss_config() {
 	config_add_string ownip
 	config_add_string iapp_interface
 	config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+	config_add_string ieee80211w_mgmt_cipher
 
 	config_add_int dynamic_vlan vlan_naming
 	config_add_string vlan_tagged_interface vlan_bridge
@@ -444,9 +445,10 @@ hostapd_set_bss_options() {
 		# RSN -> allow management frame protection
 		case "$ieee80211w" in
 			[012])
-				json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout
+				json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
 				append bss_conf "ieee80211w=$ieee80211w" "$N"
 				[ "$ieee80211w" -gt "0" ] && {
+					append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
 					[ -n "$ieee80211w_max_timeout" ] && \
 						append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
 					[ -n "$ieee80211w_retry_timeout" ] && \



More information about the lede-commits mailing list