[openwrt/openwrt] wifi-scripts: fix ieee80211w override for psk-sae/sae-mixed
LEDE Commits
lede-commits at lists.infradead.org
Sun Feb 1 11:45:01 PST 2026
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-25.12:
https://git.openwrt.org/b99c19835ce2971577ce53ff231dbe56d6f8cf34
commit b99c19835ce2971577ce53ff231dbe56d6f8cf34
Author: Felix Fietkau <nbd at nbd.name>
AuthorDate: Sat Jan 31 16:56:53 2026 +0000
wifi-scripts: fix ieee80211w override for psk-sae/sae-mixed
The ucode wifi-scripts unconditionally set ieee80211w=1 for psk-sae
and eap-eap2 auth types, ignoring any user-configured value. This
caused ieee80211w=2 (MFP required) to be silently downgraded to 1
(MFP optional) when using sae-mixed encryption.
Change the logic to only set the default of 1 when ieee80211w is not
already configured by the user.
Fixes: https://github.com/openwrt/openwrt/issues/21751
Signed-off-by: Felix Fietkau <nbd at nbd.name>
(cherry picked from commit 1bbb60184d1f25b369b26802d199ac4c85af3111)
Signed-off-by: Hauke Mehrtens <hauke at hauke-m.de>
---
.../network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc | 3 ++-
.../config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc | 2 +-
2 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
index 4585998d30..5771e0e2df 100644
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -90,7 +90,8 @@ function iface_auth_type(config) {
}
if (config.auth_type in [ 'psk-sae', 'eap-eap2' ]) {
- config.ieee80211w = 1;
+ if (!config.ieee80211w)
+ config.ieee80211w = 1;
if (config.rsn_override)
config.rsn_override_mfp = 2;
config.sae_require_mfp = 1;
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
index 6d65b5b248..a1daf041a1 100644
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
@@ -60,7 +60,7 @@ function setup_sta(data, config) {
if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ])
config.ieee80211w = 2;
- else if (config.auth_type in [ 'psk-sae' ])
+ else if (config.auth_type in [ 'psk-sae' ] && !config.ieee80211w)
config.ieee80211w = 1;
if ((wildcard(data.htmode, 'EHT*') || wildcard(data.htmode, 'HE*')) &&
config.rsn_override)
More information about the lede-commits
mailing list