mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-15 09:19:57 +00:00
hostapd: enable compilation of OCV and add build feature discovery
Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile the -basic and -full variants of hostapd with this feature, and enable discovery of this feature for future luci integration. OCV can be configured by setting ocv equal to one of the following values in the wireless config: 0 = disabled (hostapd/wpa_supplicant default) 1 = enabled 2 = enabled in workaround mode - Allow STA that claims OCV capability to connect even if the STA doesn't send OCI or negotiate PMF. Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
This commit is contained in:
parent
90a6350423
commit
f60628f33c
@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
|
|||||||
#CONFIG_IEEE80211W=y
|
#CONFIG_IEEE80211W=y
|
||||||
|
|
||||||
# Support Operating Channel Validation
|
# Support Operating Channel Validation
|
||||||
#CONFIG_OCV=y
|
CONFIG_OCV=y
|
||||||
|
|
||||||
# Integrated EAP server
|
# Integrated EAP server
|
||||||
#CONFIG_EAP=y
|
#CONFIG_EAP=y
|
||||||
|
@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
|
|||||||
#CONFIG_IEEE80211W=y
|
#CONFIG_IEEE80211W=y
|
||||||
|
|
||||||
# Support Operating Channel Validation
|
# Support Operating Channel Validation
|
||||||
#CONFIG_OCV=y
|
CONFIG_OCV=y
|
||||||
|
|
||||||
# Integrated EAP server
|
# Integrated EAP server
|
||||||
CONFIG_EAP=y
|
CONFIG_EAP=y
|
||||||
|
@ -372,6 +372,8 @@ hostapd_common_add_bss_config() {
|
|||||||
|
|
||||||
config_add_boolean fils
|
config_add_boolean fils
|
||||||
config_add_string fils_dhcp
|
config_add_string fils_dhcp
|
||||||
|
|
||||||
|
config_add_int ocv
|
||||||
}
|
}
|
||||||
|
|
||||||
hostapd_set_vlan_file() {
|
hostapd_set_vlan_file() {
|
||||||
@ -544,7 +546,7 @@ hostapd_set_bss_options() {
|
|||||||
airtime_bss_weight airtime_bss_limit airtime_sta_weight \
|
airtime_bss_weight airtime_bss_limit airtime_sta_weight \
|
||||||
multicast_to_unicast proxy_arp per_sta_vif \
|
multicast_to_unicast proxy_arp per_sta_vif \
|
||||||
eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
|
eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
|
||||||
vendor_elements fils
|
vendor_elements fils ocv
|
||||||
|
|
||||||
set_default fils 0
|
set_default fils 0
|
||||||
set_default isolate 0
|
set_default isolate 0
|
||||||
@ -617,6 +619,8 @@ hostapd_set_bss_options() {
|
|||||||
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
|
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
|
||||||
|
|
||||||
case "$auth_type" in
|
case "$auth_type" in
|
||||||
sae|owe|eap192|eap-eap192)
|
sae|owe|eap192|eap-eap192)
|
||||||
set_default ieee80211w 2
|
set_default ieee80211w 2
|
||||||
|
@ -54,6 +54,10 @@ static inline int has_feature(const char *feat)
|
|||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (!strcmp(feat, "fils"))
|
if (!strcmp(feat, "fils"))
|
||||||
return 1;
|
return 1;
|
||||||
|
#endif
|
||||||
|
#ifdef CONFIG_OCV
|
||||||
|
if (!strcmp(feat, "ocv"))
|
||||||
|
return 1;
|
||||||
#endif
|
#endif
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user