aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2018-01-05 13:15:01 +0100
committerJo-Philipp Wich <jo@mein.io>2018-01-07 12:33:47 +0100
commit8a57531855bd13d5930d74abd8d708be3a14b887 (patch)
treeed446eb7f5df31c47bd02b1bd498b8666ec21490
parentb153dbf04610501278315cd453a83bdcfeff97b4 (diff)
downloadupstream-8a57531855bd13d5930d74abd8d708be3a14b887.tar.gz
upstream-8a57531855bd13d5930d74abd8d708be3a14b887.tar.bz2
upstream-8a57531855bd13d5930d74abd8d708be3a14b887.zip
hostapd: set group_mgmt_cipher when ieee80211w is enabled
In order to properly support 802.11w, hostapd needs to advertise a group management cipher when negotiating associations. Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which defaults to the standard AES-128-CMAC cipher and always emit a "group_mgmt_cipher" setting in native hostapd config when 802.11w is enabled. Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--package/network/services/hostapd/files/hostapd.sh4
1 files changed, 3 insertions, 1 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 623b1f9afd..36aee85f17 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -174,6 +174,7 @@ hostapd_common_add_bss_config() {
config_add_string ownip
config_add_string iapp_interface
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+ config_add_string ieee80211w_mgmt_cipher
config_add_int dynamic_vlan vlan_naming
config_add_string vlan_tagged_interface vlan_bridge
@@ -444,9 +445,10 @@ hostapd_set_bss_options() {
# RSN -> allow management frame protection
case "$ieee80211w" in
[012])
- json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout
+ json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
append bss_conf "ieee80211w=$ieee80211w" "$N"
[ "$ieee80211w" -gt "0" ] && {
+ append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
[ -n "$ieee80211w_max_timeout" ] && \
append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
[ -n "$ieee80211w_retry_timeout" ] && \