[openwrt/openwrt] wifi-scripts: introduce rxkh_file uci option

LEDE Commits lede-commits at lists.infradead.org
Thu Dec 12 10:40:16 PST 2024


nbd pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/97c8a94ec509407105db1b942ae5b8ab92252480

commit 97c8a94ec509407105db1b942ae5b8ab92252480
Author: Sybil127 <sybil127 at outlook.com>
AuthorDate: Thu May 23 17:43:07 2024 +0200

    wifi-scripts: introduce rxkh_file uci option
    
    With rxkh_file, hostapd will read a list of RxKHs from a text file.
    This also makes it possible for hostapd to dynamically reload RxKHs.
    
    RxKHs defined in rxkh_file should be formated as described in hostapd.conf,
    with one entry per line.
    
    R0KH/R1KH format:
    r0kh=<MAC address> <NAS Identifier> <256-bit key as hex string>
    r1kh=<MAC address> <R1KH-ID> <256-bit key as hex string>
    
    Reworked behavior of the uci options r0kh and r1kh.
    
    When rxkh_file is not configured:
      Instead of appending the RxKHs to the hostapd bss configuration.
      They will be added to a interface specific file with name
      /var/run/hostapd-phyX-apX.rxkh.
      This file will be used as the rxkh_file in the hostapd bss configuration.
    
    When rxkh_file is configured:
      The specified file will be used in the hostapd bss configuration,
      and will be the only source for configured RxKHs.
      All RxKHs defined with the uci options r0kh or r1kh will be ignored.
    
    Signed-off-by: Sybil127 <sybil127 at outlook.com>
    Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
 .../wifi-scripts/files/lib/netifd/hostapd.sh       | 26 ++++++++++++++--------
 1 file changed, 17 insertions(+), 9 deletions(-)

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index 0b2241ea60..3285ee4312 100644
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -335,7 +335,7 @@ hostapd_common_add_bss_config() {
 
 	config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
 	config_add_int r0_key_lifetime reassociation_deadline
-	config_add_string mobility_domain r1_key_holder
+	config_add_string mobility_domain r1_key_holder rxkh_file
 	config_add_array r0kh r1kh
 
 	config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout
@@ -592,7 +592,7 @@ hostapd_set_bss_options() {
 
 	wireless_vif_parse_encryption
 
-	local bss_conf bss_md5sum ft_key
+	local bss_conf bss_md5sum ft_key rxkhs
 	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
 	json_get_vars \
@@ -981,7 +981,7 @@ hostapd_set_bss_options() {
 			append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
 
 			if [ "$ft_psk_generate_local" -eq "0" ]; then
-				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+				json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push rxkh_file
 				json_get_values r0kh r0kh
 				json_get_values r1kh r1kh
 
@@ -1003,12 +1003,20 @@ hostapd_set_bss_options() {
 				append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
 				append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
 
-				for kh in $r0kh; do
-					append bss_conf "r0kh=${kh//,/ }" "$N"
-				done
-				for kh in $r1kh; do
-					append bss_conf "r1kh=${kh//,/ }" "$N"
-				done
+				if [ -z "$rxkh_file" ]; then
+					set_default rxkh_file /var/run/hostapd-$ifname.rxkh
+					[ -e "$rxkh_file" ] && rm -f "$rxkh_file"
+					touch "$rxkh_file"
+
+					for kh in $r0kh; do
+						append rxkhs "r0kh=${kh//,/ }" "$N"
+					done
+					for kh in $r1kh; do
+						append rxkhs "r1kh=${kh//,/ }" "$N"
+					done
+					echo "$rxkhs" > "$rxkh_file"
+				fi
+				append bss_conf "rxkh_file=$rxkh_file" "$N"
 			fi
 		fi
 




More information about the lede-commits mailing list