[openwrt/openwrt] hostapd: enable compilation of OCV and add build feature discovery
LEDE Commits
lede-commits at lists.infradead.org
Sun Jul 3 12:05:57 PDT 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/f60628f33ca9891fd9fb814588530df56ebdcdca
commit f60628f33ca9891fd9fb814588530df56ebdcdca
Author: Michael Yartys <michael.yartys at protonmail.com>
AuthorDate: Sun Feb 13 15:09:56 2022 +0100
hostapd: enable compilation of OCV and add build feature discovery
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys at protonmail.com>
---
package/network/services/hostapd/files/hostapd-basic.config | 2 +-
package/network/services/hostapd/files/hostapd-full.config | 2 +-
package/network/services/hostapd/files/hostapd.sh | 6 +++++-
package/network/services/hostapd/src/src/utils/build_features.h | 4 ++++
4 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd-basic.config b/package/network/services/hostapd/files/hostapd-basic.config
index 1f52546d57..3d19d8f902 100644
--- a/package/network/services/hostapd/files/hostapd-basic.config
+++ b/package/network/services/hostapd/files/hostapd-basic.config
@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index 4e942a60b2..b92f9a25b8 100644
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 760b3ff792..831c562b47 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -372,6 +372,8 @@ hostapd_common_add_bss_config() {
config_add_boolean fils
config_add_string fils_dhcp
+
+ config_add_int ocv
}
hostapd_set_vlan_file() {
@@ -544,7 +546,7 @@ hostapd_set_bss_options() {
airtime_bss_weight airtime_bss_limit airtime_sta_weight \
multicast_to_unicast proxy_arp per_sta_vif \
eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
- vendor_elements fils
+ vendor_elements fils ocv
set_default fils 0
set_default isolate 0
@@ -617,6 +619,8 @@ hostapd_set_bss_options() {
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
}
+ [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
+
case "$auth_type" in
sae|owe|eap192|eap-eap192)
set_default ieee80211w 2
diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
index cb7cb72731..642a35836e 100644
--- a/package/network/services/hostapd/src/src/utils/build_features.h
+++ b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -54,6 +54,10 @@ static inline int has_feature(const char *feat)
#ifdef CONFIG_FILS
if (!strcmp(feat, "fils"))
return 1;
+#endif
+#ifdef CONFIG_OCV
+ if (!strcmp(feat, "ocv"))
+ return 1;
#endif
return 0;
}
More information about the lede-commits
mailing list