[openwrt/openwrt] wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz
LEDE Commits
lede-commits at lists.infradead.org
Sat Jun 21 11:34:30 PDT 2025
nbd pushed a commit to openwrt/openwrt.git, branch main:
https://git.openwrt.org/a17c3be409b066be24b66e748432dd767c1fa61d
commit a17c3be409b066be24b66e748432dd767c1fa61d
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Wed Jun 11 11:05:04 2025 +0200
wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz
This allows sharing a wifi-iface section across bands while enforcing the no-PSK
rule for 6 GHz
Signed-off-by: Felix Fietkau <nbd at nbd.name>
---
.../wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc | 12 +++++++++---
.../wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc | 8 ++++----
.../network/config/wifi-scripts/files/lib/netifd/hostapd.sh | 8 +++++---
3 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
index d6ca3b5dd2..d72abdd3e4 100644
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -76,8 +76,6 @@ function iface_accounting_server(config) {
}
function iface_auth_type(config) {
- iface.parse_encryption(config);
-
if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) {
config.ieee80211w = 2;
config.sae_require_mfp = 1;
@@ -432,13 +430,21 @@ function iface_interworking(config) {
]);
}
-export function generate(interface, config, vlans, stas, phy_features) {
+export function generate(interface, data, config, vlans, stas, phy_features) {
config.ctrl_interface = '/var/run/hostapd';
iface_stations(config, stas);
iface_setup(config);
+ iface.parse_encryption(config);
+ if (data.config.band == '6g') {
+ if (config.auth_type == 'psk-sae')
+ config.auth_type = 'sae';
+ if (config.auth_type == 'eap-eap2')
+ config.auth_type = 'eap2';
+ }
+
iface_auth_type(config);
iface_accounting_server(config);
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
index 848f02d323..cc174cda50 100644
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
@@ -523,11 +523,11 @@ function generate(config) {
}
let iface_idx = 0;
-function setup_interface(interface, config, vlans, stas, phy_features, fixup) {
+function setup_interface(interface, data, config, vlans, stas, phy_features, fixup) {
config = { ...config, fixup };
config.idx = iface_idx++;
- ap.generate(interface, config, vlans, stas, phy_features);
+ ap.generate(interface, data, config, vlans, stas, phy_features);
}
export function setup(data) {
@@ -556,9 +556,9 @@ export function setup(data) {
let owe = interface.config.encryption == 'owe' && interface.config.owe_transition;
- setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
+ setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
if (owe)
- setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
+ setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
}
let config = dump_config(file_name);
diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index 080f15d7a6..f4a7c71bea 100644
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -64,9 +64,11 @@ hostapd_append_wpa_key_mgmt() {
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;;
psk-sae)
- append wpa_key_mgmt "WPA-PSK"
- [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
- [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+ [ "$band" = "6g" ] || {
+ append wpa_key_mgmt "WPA-PSK"
+ [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+ [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+ }
append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;;
More information about the lede-commits
mailing list