[From nobody Thu Jun 25 05:55:30 2020
Received: from danwin1210.me ([116.202.17.147])
 by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux))
 id 1iTHf5-0000qG-EH
 for openwrt-devel@lists.openwrt.org; Sat, 09 Nov 2019 03:43:44 +0000
Received: from localhost (unknown [10.8.3.3])
 by danwin1210.me (Postfix) with ESMTPA id 1E4A01FD78
 for &lt;openwrt-devel@lists.openwrt.org&gt;; Sat,  9 Nov 2019 03:43:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=danwin1210.me;
 s=mail; t=1573271015;
 bh=/a3Bhew+TYUqRKMlQOQtBqIPbY+jyyilAzMM8YwyNKI=;
 h=From:To:Subject:Date:In-Reply-To:References:From;
 b=j6fXrQyUGzRWmZJru3yAKb/O1cSq7hnroAvD6e6p6WYXl/EU+qdt9li8NmWhMgZIV
 056PWzNYml+XfRVY7f3F5TQoQPnIGyyXRfhz3IeYMpuPsG6Ew4Z5UeaV3fz6g0EGRj
 EQiePm1P+L1diKU5+568UvLVTINGt3/4COuzzokmrDcZPiQysqLaokISJPau3MsZkz
 X4JDTmgaBmqA+6qclYMMu+yhH1ngtyEmUVLdbym5FnzNm6Es29JUq4cs+oiC/oWsGI
 nbP2Ehm9qrKIDtBmv7qVourOXXtVvbCeanZhdsnJDPQ5KN9gDLjt/prX27GcD2fk+n
 HZNgB2U2l5Wi2fEErs5LwoluMprv3wc7GiakUX4xucdbXCIXBpCSz7cgR3AlQZ+8T9
 RjN/DdV6lnlgrtF5/+WzIRdHgk/2rVtmQGCNQQVW8wMqqgH0RNpliuk+yWchnLAwzF
 qAMyqi8udg8kLgcS/EW8UbpOLCYvi1+6FSHxWuL+0niCq0ekQJOP7+QGSRGUVzfl7A
 0rsbycF/ksTro8E8HkCIYzJHRZQBqHn4rTPAXnKIAcks6zfaLd0B2munjVmbNLxQHn
 IDDJ6MS/aZWv0i6yVlr4to9PgqI9qXvucLgTJyUYqG4DLErmG6FeNaLsyDoa3iLZkT
 RpIHSGApZLcaDDCmOH42Cfpo=
Received: from danwin1210.me (localhost [127.0.0.1])
 by localhost (Postfix) with ESMTP id CFD8510484E
 for &lt;openwrt-devel@lists.openwrt.org&gt;; Sat,  9 Nov 2019 03:43:34 +0000 (UTC)
From: Kyle Copperfield &lt;kmcopper@danwin1210.me&gt;
X-OPENPGPKEY: Message passed unmodified
To: openwrt-devel@lists.openwrt.org
Subject: [PATCH 2/2] hostapd: add wpa_strict_rekey support
Date: Fri,  8 Nov 2019 19:42:57 -0800
Message-Id: &lt;20191109034257.44951-2-kmcopper@danwin1210.me&gt;
In-Reply-To: &lt;20191109034257.44951-1-kmcopper@danwin1210.me&gt;
References: &lt;20191109034257.44951-1-kmcopper@danwin1210.me&gt;
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.4 at proxy
X-Virus-Status: Clean
X-Spam-Status: No, score=0.0 required=2.0 tests=none autolearn=ham
 autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on proxy
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20191108_194343_626581_EA2C7963 
X-CRM114-Status: UNSURE (   7.55  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: -2.5 (--)
X-Spam-Report: SpamAssassin version 3.4.2 on bombadil.infradead.org summary:
 Content analysis details:   (-2.5 points)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -2.3 RCVD_IN_DNSWL_MED      RBL: Sender listed at https://www.dnswl.org/,
 medium trust [116.202.17.147 listed in list.dnswl.org]
 -0.0 SPF_PASS               SPF: sender matches SPF record
 -0.0 SPF_HELO_PASS          SPF: HELO matches SPF record
 -0.1 DKIM_VALID_EF          Message has a valid DKIM or DK signature from
 envelope-from domain
 -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
 -0.1 DKIM_VALID_AU          Message has a valid DKIM or DK signature from
 author's domain
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature, not necessarily
 valid

Rekey GTK on STA disassociate

Signed-off-by: Kyle Copperfield &lt;kmcopper@danwin1210.me&gt;
---
 package/network/services/hostapd/files/hostapd.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 86b9932301..9378d5afd9 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -185,6 +185,7 @@ hostapd_common_add_bss_config() {
 	config_add_int \
 		wep_rekey eap_reauth_period \
 		wpa_group_rekey wpa_pair_rekey wpa_master_rekey
+	config_add_boolean wpa_strict_rekey
 	config_add_boolean wpa_disable_eapol_key_retries
 
 	config_add_boolean tdls_prohibit
@@ -267,7 +268,7 @@ hostapd_set_bss_options() {
 	local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt
 
 	json_get_vars \
-		wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \
+		wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_strict_rekey \
 		wpa_disable_eapol_key_retries tdls_prohibit \
 		maxassoc max_inactivity disassoc_low_ack isolate auth_cache \
 		wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \
@@ -322,6 +323,7 @@ hostapd_set_bss_options() {
 		[ -n &quot;$wpa_group_rekey&quot;  ] &amp;&amp; append bss_conf &quot;wpa_group_rekey=$wpa_group_rekey&quot; &quot;$N&quot;
 		[ -n &quot;$wpa_pair_rekey&quot;   ] &amp;&amp; append bss_conf &quot;wpa_ptk_rekey=$wpa_pair_rekey&quot;    &quot;$N&quot;
 		[ -n &quot;$wpa_master_rekey&quot; ] &amp;&amp; append bss_conf &quot;wpa_gmk_rekey=$wpa_master_rekey&quot;  &quot;$N&quot;
+		[ -n &quot;$wpa_strict_rekey&quot; ] &amp;&amp; append bss_conf &quot;wpa_strict_rekey=$wpa_strict_rekey&quot; &quot;$N&quot;
 	}
 
 	[ -n &quot;$nasid&quot; ] &amp;&amp; append bss_conf &quot;nas_identifier=$nasid&quot; &quot;$N&quot;
-- 
2.24.0


]