domenico/openwrt-R7800-nss
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hostapd: fix 11r defaults when using WPA

Browse Source 
802.11r can not be used when selecting WPA. It needs at least WPA2.

This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.

Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.

Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
(cherry picked from commit cdc4c55175)
This commit is contained in:
Jesus Fernandez Manzano
2024-01-22 13:46:14 +01:00
committed by Jo-Philipp Wich
parent e5a12edb88
commit 503f78f91c
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
package/network/services/hostapd/files/hostapd.sh
View File

@@ -43,7 +43,7 @@ hostapd_append_wpa_key_mgmt() {
case "$auth_type" in
psk|eap)
append wpa_key_mgmt "WPA-$auth_type_l"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
[ "${wpa:-2}" -ge 2 ] && [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256"
;;
eap192)
@@ -897,10 +897,21 @@ hostapd_set_bss_options() {
}
fi
json_get_vars ieee80211r
set_default ieee80211r 0
if [ "$wpa" -ge "1" ]; then
json_get_vars ieee80211r
set_default ieee80211r 0
if [ "$fils" -gt 0 ]; then
json_get_vars fils_realm
set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
fi
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
hostapd_append_wpa_key_mgmt
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
fi
if [ "$wpa" -ge "2" ]; then
if [ "$ieee80211r" -gt "0" ]; then
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
@@ -950,18 +961,7 @@ hostapd_set_bss_options() {
done
fi
fi
if [ "$fils" -gt 0 ]; then
json_get_vars fils_realm
set_default fils_realm "$(echo "$ssid" | md5sum | head -c 8)"
fi
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"
hostapd_append_wpa_key_mgmt
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N"
fi
if [ "$wpa" -ge "2" ]; then
if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then
set_default auth_cache 1
append bss_conf "rsn_preauth=1" "$N"