[openwrt/openwrt] wpa_supplicant: compile with OCV support
LEDE Commits
lede-commits at lists.infradead.org
Sun Jul 3 12:05:58 PDT 2022
hauke pushed a commit to openwrt/openwrt.git, branch master:
https://git.openwrt.org/442708dfe2f599796b87eb113b03ab6cc42e0292
commit 442708dfe2f599796b87eb113b03ab6cc42e0292
Author: Michael Yartys <michael.yartys at protonmail.com>
AuthorDate: Sun Feb 13 15:17:54 2022 +0100
wpa_supplicant: compile with OCV support
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys at protonmail.com>
---
package/network/services/hostapd/files/hostapd.sh | 4 +++-
package/network/services/hostapd/files/wpa_supplicant-basic.config | 2 +-
package/network/services/hostapd/files/wpa_supplicant-full.config | 2 +-
3 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 831c562b47..f11b40702c 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -1272,7 +1272,7 @@ wpa_supplicant_add_network() {
json_get_vars \
ssid bssid key \
basic_rate mcast_rate \
- ieee80211w ieee80211r fils \
+ ieee80211w ieee80211r fils ocv \
multi_ap \
default_disabled
@@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() {
[ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T"
}
+ [ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T"
+
case "$auth_type" in
none) ;;
owe)
diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config
index c550b37b21..6abd8e2331 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-basic.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config
@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index de3302c875..d24fbbb01f 100644
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Select TLS implementation
# openssl = OpenSSL (default)
More information about the lede-commits
mailing list