diff options
author | Timo Sigurdsson <public_timo.s@silentcreek.de> | 2017-11-14 21:41:29 +0100 |
---|---|---|
committer | Stijn Tintel <stijn@linux-ipv6.be> | 2017-12-07 19:42:30 +0100 |
commit | 19ebc19f545c7f96bcf5a6437b405cb849be453c (patch) | |
tree | cbea225bb937e54e44df48e616aa84cdd9ed0973 /target/linux | |
parent | 3590316121ac48b16e6a61d2022fd2a90d20ed57 (diff) | |
download | upstream-19ebc19f545c7f96bcf5a6437b405cb849be453c.tar.gz upstream-19ebc19f545c7f96bcf5a6437b405cb849be453c.tar.bz2 upstream-19ebc19f545c7f96bcf5a6437b405cb849be453c.zip |
hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 6515887ed9b3f312635409702113dca7c14043e5)
Diffstat (limited to 'target/linux')
0 files changed, 0 insertions, 0 deletions