local encryption
local environment="${WIRELESS_DEFAULT_ENVIRONMENT}"
local key
+ local mfp="off"
local mode
local ssid
local wmm="1"
--key=*)
key=$(cli_get_val "${1}")
;;
+ --mfp=*)
+ mfp="$(cli_get_val "${1}")"
+ ;;
--mode=*)
mode=$(cli_get_val "${1}")
return ${EXIT_ERROR}
fi
+ # Management Frame Proection
+ if ! isbool mfp; then
+ error "Invalid value for --mfp: ${mfp}"
+ return ${EXIT_ERROR}
+ fi
+
# 802.11ac/n flags
local ieee80211ac
local ieee80211n
print "vht_oper_chwidth=${vht_oper_chwidth}"
print
+
+ # 802.11w - Management Frame Protection (MFP)
+ if enabled mfp; then
+ print "ieee80211w=2" # required
+ else
+ print "ieee80211w=0"
+ fi
) >> ${file}
# Control interface.
HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY"
HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID"
+HOOK_SETTINGS="${HOOK_SETTINGS} MFP"
ADDRESS=$(mac_generate)
BROADCAST_SSID=on
# Perform radar detection by default when possible
DFS="on"
+# 802.11w - Management Frame Protection
+# Disable by default because many clients cannot connect when enabled
+MFP="off"
+
ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}"
hook_check_settings() {
assert isbool BROADCAST_SSID
assert isset CHANNEL
assert isbool DFS
+ assert isbool MFP
assert isset MODE
assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES}
assert isset PHY
--mac=*)
ADDRESS=$(cli_get_val "${1}")
;;
+ --mfp=*)
+ MFP="$(cli_get_val "${1}")"
+
+ if enabled MFP; then
+ MFP="on"
+ elif disabled MFP; then
+ MFP="off"
+ else
+ error "Invalid value for --mfp: ${MFP}"
+ return ${EXIT_ERROR}
+ fi
+ ;;
--mode=*)
MODE=$(cli_get_val "${1}")