diff options
| author | Michael Yartys <michael.yartys@protonmail.com> | 2022-02-13 15:17:54 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2022-07-03 20:25:38 +0200 |
| commit | 442708dfe2f599796b87eb113b03ab6cc42e0292 (patch) | |
| tree | 3ad4321257c782f3b0dace6b71a9aef2c0d3c107 /package/network | |
| parent | f60628f33ca9891fd9fb814588530df56ebdcdca (diff) | |
| download | upstream-442708dfe2f599796b87eb113b03ab6cc42e0292.tar.gz upstream-442708dfe2f599796b87eb113b03ab6cc42e0292.tar.bz2 upstream-442708dfe2f599796b87eb113b03ab6cc42e0292.zip | |
wpa_supplicant: compile with OCV support
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
driver indicates support for operating channel validation.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
Diffstat (limited to 'package/network')
3 files changed, 5 insertions, 3 deletions
diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 831c562b47..f11b40702c 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -1272,7 +1272,7 @@ wpa_supplicant_add_network() { json_get_vars \ ssid bssid key \ basic_rate mcast_rate \ - ieee80211w ieee80211r fils \ + ieee80211w ieee80211r fils ocv \ multi_ap \ default_disabled @@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() { [ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T" } + [ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T" + case "$auth_type" in none) ;; owe) diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config index c550b37b21..6abd8e2331 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-basic.config +++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config @@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y #CONFIG_IEEE80211W=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index de3302c875..d24fbbb01f 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y #CONFIG_IEEE80211W=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) |