aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTimo Sigurdsson <public_timo.s@silentcreek.de>2021-06-15 23:09:41 +0200
committerPaul Spooren <mail@aparcar.org>2021-06-22 11:10:06 -1000
commitbf98faaac8ed24cf7d3d93dd4fcd7304d109363b (patch)
tree8e45e568a2fb06808dd4deab617e4fd8a4929297
parentcc7316d1e924977881f03a7cb5863b695f79d81e (diff)
downloadupstream-bf98faaac8ed24cf7d3d93dd4fcd7304d109363b.tar.gz
upstream-bf98faaac8ed24cf7d3d93dd4fcd7304d109363b.tar.bz2
upstream-bf98faaac8ed24cf7d3d93dd4fcd7304d109363b.zip
hostapd: make wnm_sleep_mode_no_keys configurable
In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not enabled by default on OpenWrt, but it is configurable through the option wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by exposing the option wnm_sleep_mode_no_keys. If you use the option wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might consider using this workaround. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
-rw-r--r--package/network/services/hostapd/files/hostapd.sh10
1 files changed, 7 insertions, 3 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index b9409c8ca3..4a5f8d61fe 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -295,7 +295,7 @@ hostapd_common_add_bss_config() {
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
- config_add_boolean wnm_sleep_mode bss_transition
+ config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
config_add_int time_advertisement
config_add_string time_zone
@@ -756,13 +756,17 @@ hostapd_set_bss_options() {
append bss_conf "iapp_interface=$ifname" "$N"
}
- json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
+ json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
set_default bss_transition 0
set_default wnm_sleep_mode 0
+ set_default wnm_sleep_mode_no_keys 0
[ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
- [ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N"
+ if [ "$wnm_sleep_mode" -eq "1" ]; then
+ append bss_conf "wnm_sleep_mode=1" "$N"
+ [ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
+ fi
[ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report