[openwrt/openwrt] hostapd: fix 11r defaults when using WPA
LEDE Commits
lede-commits at lists.infradead.org
Mon Jul 8 13:28:18 PDT 2024
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/7e31d2ad408a184f8f378646e9ba39c9e23a6db4
commit 7e31d2ad408a184f8f378646e9ba39c9e23a6db4
Author: Jesus Fernandez Manzano <jesus.manzano at galgus.ai>
AuthorDate: Mon Jan 22 13:46:14 2024 +0100
hostapd: fix 11r defaults when using WPA
802.11r can not be used when selecting WPA. It needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano at galgus.ai>
(cherry picked from commit cdc4c551755115e0e1047a0c90a658e6238e96ee)
Link: https://github.com/openwrt/openwrt/pull/15899
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
package/network/services/hostapd/files/hostapd.sh | 28 +++++++++++------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 03f34f8b21..88d7ce76b3 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -43,7 +43,7 @@ hostapd_append_wpa_key_mgmt() {
case "$auth_type" in
psk|eap)
append wpa_key_mgmt "WPA-$auth_type_l"
- [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
+ [ "${wpa:-2}" -ge 2 ] && [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
;;
eap192)
@@ -846,10 +846,21 @@ hostapd_set_bss_options() {
}
fi
+ json_get_vars ieee80211r
+ set_default ieee80211r 0
if [ "$wpa" -ge "1" ]; then
- json_get_vars ieee80211r
- set_default ieee80211r 0
+ if [ "$fils" -gt 0 ]; then
+ json_get_vars fils_realm
+ set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
+ fi
+
+ append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
+
+ hostapd_append_wpa_key_mgmt
+ [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
+ fi
+ if [ "$wpa" -ge "2" ]; then
if [ "$ieee80211r" -gt "0" ]; then
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
@@ -900,18 +911,7 @@ hostapd_set_bss_options() {
done
fi
fi
- if [ "$fils" -gt 0 ]; then
- json_get_vars fils_realm
- set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
- fi
-
- append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
- hostapd_append_wpa_key_mgmt
- [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
- fi
-
- if [ "$wpa" -ge "2" ]; then
if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
set_default auth_cache 1
append bss_conf "rsn_preauth=1" "$N"
More information about the lede-commits
mailing list