aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/services/hostapd/files
diff options
context:
space:
mode:
authorGospod Nassa <devianca@gmail.com>2018-05-18 09:39:33 +0100
committerJohn Crispin <john@phrozen.org>2018-05-18 11:19:00 +0200
commit3cc56a5534b8b49a7e9ba57edf9878ec32bdd27a (patch)
tree77db9207cde8f8169c018ef6aa79e973aaab89ab /package/network/services/hostapd/files
parent20b76c0a5bb7a13dcc739bd644f0f968e3b3c68a (diff)
downloadupstream-3cc56a5534b8b49a7e9ba57edf9878ec32bdd27a.tar.gz
upstream-3cc56a5534b8b49a7e9ba57edf9878ec32bdd27a.tar.bz2
upstream-3cc56a5534b8b49a7e9ba57edf9878ec32bdd27a.zip
hostapd: fix IEEE 802.11r (fast roaming) defaults
Use ft_psk_generate_local=1 by default, as it makes everything else fairly trivial. All of the r0kh/r1kh and key management stuff goes away and hostapd fairly much does it all for us. We do need to provide nas_identifier, which can be derived from the BSSID, and we need to generate a mobility_domain, for which we default to the first four chars of the md5sum of the SSID. The complex manual setup should also still work, but the defaults also now work easily out of the box. Verified by manually running hostapd (with the autogenerated config) and watching the debug output: wlan2: STA ac:37:43:a0:a6:ae WPA: FT authentication already completed - do not start 4-way handshake This was previous submitted to LEDE in https://github.com/lede-project/source/pull/1382 [dwmw2: Rewrote commit message] Signed-off-by: Gospod Nassa <devianca@gmail.com> Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Diffstat (limited to 'package/network/services/hostapd/files')
-rw-r--r--package/network/services/hostapd/files/hostapd.sh48
1 files changed, 27 insertions, 21 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 520da5b159..4deb0b97ae 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -422,32 +422,38 @@ hostapd_set_bss_options() {
set_default ieee80211r 0
if [ "$ieee80211r" -gt "0" ]; then
- json_get_vars mobility_domain r0_key_lifetime r1_key_holder \
- reassociation_deadline pmk_r1_push ft_psk_generate_local ft_over_ds
- json_get_values r0kh r0kh
- json_get_values r1kh r1kh
-
- set_default mobility_domain "4f57"
- set_default r0_key_lifetime 10000
- set_default reassociation_deadline 1000
- set_default pmk_r1_push 0
- set_default ft_psk_generate_local 0
+ json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline
+
+ set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)"
+ set_default ft_psk_generate_local 1
set_default ft_over_ds 1
+ set_default reassociation_deadline 1000
append bss_conf "mobility_domain=$mobility_domain" "$N"
- append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
- [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
- append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
- append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
append bss_conf "ft_over_ds=$ft_over_ds" "$N"
-
- for kh in $r0kh; do
- append bss_conf "r0kh=${kh//,/ }" "$N"
- done
- for kh in $r1kh; do
- append bss_conf "r1kh=${kh//,/ }" "$N"
- done
+ append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
+ [ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N"
+
+ if [ "$ft_psk_generate_local" -eq "0" ]; then
+ json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push
+ json_get_values r0kh r0kh
+ json_get_values r1kh r1kh
+
+ set_default r0_key_lifetime 10000
+ set_default pmk_r1_push 0
+
+ [ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N"
+ append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
+ append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
+
+ for kh in $r0kh; do
+ append bss_conf "r0kh=${kh//,/ }" "$N"
+ done
+ for kh in $r1kh; do
+ append bss_conf "r1kh=${kh//,/ }" "$N"
+ done
+ fi
fi
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N"