mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-11 07:22:54 +00:00
19ebc19f54
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.
Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.
Make this option configurable via UCI, but disabled by default.
Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| authsae | ||
| dnsmasq | ||
| dropbear | ||
| ead | ||
| hostapd | ||
| igmpproxy | ||
| ipset-dns | ||
| lldpd | ||
| odhcpd | ||
| omcproxy | ||
| openvpn | ||
| openvpn-easy-rsa | ||
| ppp | ||
| relayd | ||
| samba36 | ||
| uhttpd | ||
| umdns | ||
| wireguard | ||