diff options
author | Timo Sigurdsson <public_timo.s@silentcreek.de> | 2021-06-15 23:09:41 +0200 |
---|---|---|
committer | Paul Spooren <mail@aparcar.org> | 2021-07-05 14:04:09 -1000 |
commit | 3eb34bc2516b0f3e51f5710ab537d13c427ecbb0 (patch) | |
tree | 3a4549a830117a855327ac7492b9e6be912dee8e | |
parent | 89d21b7f6299b8c3746c1af8671b0dba19f63598 (diff) | |
download | upstream-3eb34bc2516b0f3e51f5710ab537d13c427ecbb0.tar.gz upstream-3eb34bc2516b0f3e51f5710ab537d13c427ecbb0.tar.bz2 upstream-3eb34bc2516b0f3e51f5710ab537d13c427ecbb0.zip |
hostapd: make wnm_sleep_mode_no_keys configurable
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8ed24cf7d3d93dd4fcd7304d109363b)
-rw-r--r-- | package/network/services/hostapd/Makefile | 2 | ||||
-rw-r--r-- | package/network/services/hostapd/files/hostapd.sh | 10 |
2 files changed, 8 insertions, 4 deletions
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index 628bbbec4d..67ea89c339 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=hostapd -PKG_RELEASE:=34 +PKG_RELEASE:=35 PKG_SOURCE_URL:=http://w1.fi/hostap.git PKG_SOURCE_PROTO:=git diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index ee338a9388..aa72e09eba 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -284,7 +284,7 @@ hostapd_common_add_bss_config() { config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key - config_add_boolean wnm_sleep_mode bss_transition + config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition config_add_int time_advertisement config_add_string time_zone @@ -706,13 +706,17 @@ hostapd_set_bss_options() { append bss_conf "iapp_interface=$ifname" "$N" } - json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition + json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition set_default bss_transition 0 set_default wnm_sleep_mode 0 + set_default wnm_sleep_mode_no_keys 0 [ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N" [ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N" - [ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N" + if [ "$wnm_sleep_mode" -eq "1" ]; then + append bss_conf "wnm_sleep_mode=1" "$N" + [ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N" + fi [ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N" json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report |