From 8a57531855bd13d5930d74abd8d708be3a14b887 Mon Sep 17 00:00:00 2001 From: Jo-Philipp Wich Date: Fri, 5 Jan 2018 13:15:01 +0100 Subject: [PATCH] hostapd: set group_mgmt_cipher when ieee80211w is enabled In order to properly support 802.11w, hostapd needs to advertise a group management cipher when negotiating associations. Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which defaults to the standard AES-128-CMAC cipher and always emit a "group_mgmt_cipher" setting in native hostapd config when 802.11w is enabled. Signed-off-by: Jo-Philipp Wich --- package/network/services/hostapd/files/hostapd.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 623b1f9afd0..36aee85f17a 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -174,6 +174,7 @@ hostapd_common_add_bss_config() { config_add_string ownip config_add_string iapp_interface config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd + config_add_string ieee80211w_mgmt_cipher config_add_int dynamic_vlan vlan_naming config_add_string vlan_tagged_interface vlan_bridge @@ -444,9 +445,10 @@ hostapd_set_bss_options() { # RSN -> allow management frame protection case "$ieee80211w" in [012]) - json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout + json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout append bss_conf "ieee80211w=$ieee80211w" "$N" [ "$ieee80211w" -gt "0" ] && { + append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" [ -n "$ieee80211w_max_timeout" ] && \ append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" [ -n "$ieee80211w_retry_timeout" ] && \