openwrt/package/network/services/hostapd
Timo Sigurdsson 19ebc19f54 hostapd: Expose the tdls_prohibit option to UCI
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 6515887ed9)
2017-12-07 19:42:30 +01:00
..
files hostapd: Expose the tdls_prohibit option to UCI 2017-12-07 19:42:30 +01:00
patches hostapd: backport extra changes related to KRACK 2017-10-17 17:54:59 +03:00
src/src hostapd: fix feature indication 2017-03-01 01:18:58 +01:00
Config.in hostapd: Add ability to specify that that wireless driver supports 802.11ac 2016-12-20 16:24:22 +01:00
Makefile hostapd: add wpa_disable_eapol_key_retries option 2017-10-17 17:59:45 +03:00