[openwrt/openwrt] hostapd: make wnm_sleep_mode_no_keys configurable

LEDE Commits lede-commits at lists.infradead.org
Tue Jun 22 14:10:40 PDT 2021 

aparcar pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/bf98faaac8ed24cf7d3d93dd4fcd7304d109363b

commit bf98faaac8ed24cf7d3d93dd4fcd7304d109363b
Author: Timo Sigurdsson <public_timo.s at silentcreek.de>
AuthorDate: Tue Jun 15 23:09:41 2021 +0200

    hostapd: make wnm_sleep_mode_no_keys configurable
    
    In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
    against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
    enabled by default on OpenWrt, but it is configurable through the option
    wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
    exposing the option wnm_sleep_mode_no_keys. If you use the option
    wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
    consider using this workaround.
    
    Signed-off-by: Timo Sigurdsson <public_timo.s at silentcreek.de>
---
 package/network/services/hostapd/files/hostapd.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index b9409c8ca3..4a5f8d61fe 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -295,7 +295,7 @@ hostapd_common_add_bss_config() {
 	config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
 	config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
 
-	config_add_boolean wnm_sleep_mode bss_transition
+	config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
 	config_add_int time_advertisement
 	config_add_string time_zone
 
@@ -756,13 +756,17 @@ hostapd_set_bss_options() {
 		append bss_conf "iapp_interface=$ifname" "$N"
 	}
 
-	json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
+	json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
 	set_default bss_transition 0
 	set_default wnm_sleep_mode 0
+	set_default wnm_sleep_mode_no_keys 0
 
 	[ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
 	[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
-	[ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N"
+	if [ "$wnm_sleep_mode" -eq "1" ]; then
+		append bss_conf "wnm_sleep_mode=1" "$N"
+		[ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
+	fi
 	[ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
 
 	json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report

More information about the lede-commits mailing list