From 34ca39360410ab03c7909494e6291bbb65622e3d Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Fri, 22 Mar 2019 12:27:38 +0100 Subject: [PATCH] wireless-ap: Allow to enable/disable 802.11w Management Frame Protection This is disabled by default, because loads of stations have issues associating with an AP that has 802.11w enabled. Signed-off-by: Michael Tremer --- src/functions/functions.hostapd | 17 +++++++++++++++++ src/helpers/hostapd-config-helper | 1 + src/hooks/ports/wireless-ap | 18 ++++++++++++++++++ 3 files changed, 36 insertions(+) diff --git a/src/functions/functions.hostapd b/src/functions/functions.hostapd index 245b4cf8..bf0c5fc9 100644 --- a/src/functions/functions.hostapd +++ b/src/functions/functions.hostapd @@ -41,6 +41,7 @@ hostapd_config_write() { local encryption local environment="${WIRELESS_DEFAULT_ENVIRONMENT}" local key + local mfp="off" local mode local ssid local wmm="1" @@ -68,6 +69,9 @@ hostapd_config_write() { --key=*) key=$(cli_get_val "${1}") ;; + --mfp=*) + mfp="$(cli_get_val "${1}")" + ;; --mode=*) mode=$(cli_get_val "${1}") @@ -133,6 +137,12 @@ hostapd_config_write() { return ${EXIT_ERROR} fi + # Management Frame Proection + if ! isbool mfp; then + error "Invalid value for --mfp: ${mfp}" + return ${EXIT_ERROR} + fi + # 802.11ac/n flags local ieee80211ac local ieee80211n @@ -325,6 +335,13 @@ hostapd_config_write() { print "vht_oper_chwidth=${vht_oper_chwidth}" print + + # 802.11w - Management Frame Protection (MFP) + if enabled mfp; then + print "ieee80211w=2" # required + else + print "ieee80211w=0" + fi ) >> ${file} # Control interface. diff --git a/src/helpers/hostapd-config-helper b/src/helpers/hostapd-config-helper index d3292c3a..7af723d2 100644 --- a/src/helpers/hostapd-config-helper +++ b/src/helpers/hostapd-config-helper @@ -45,6 +45,7 @@ case "${action}" in --encryption="${ENCRYPTION}" \ --environment="${ENVIRONMENT}" \ --key="${KEY}" \ + --mfp="${MFP}" \ --mode="${MODE}" \ --ssid="${SSID}" \ || exit $? diff --git a/src/hooks/ports/wireless-ap b/src/hooks/ports/wireless-ap index 6db39b8c..7073cbc7 100644 --- a/src/hooks/ports/wireless-ap +++ b/src/hooks/ports/wireless-ap @@ -25,6 +25,7 @@ HOOK_PORT_PATTERN="${PORT_PATTERN_ACCESSPOINT}" HOOK_SETTINGS="ADDRESS BROADCAST_SSID CHANNEL CHANNEL_BANDWIDTH DFS MODE PHY" HOOK_SETTINGS="${HOOK_SETTINGS} ENCRYPTION ENVIRONMENT KEY SSID" +HOOK_SETTINGS="${HOOK_SETTINGS} MFP" ADDRESS=$(mac_generate) BROADCAST_SSID=on @@ -37,6 +38,10 @@ SSID= # Perform radar detection by default when possible DFS="on" +# 802.11w - Management Frame Protection +# Disable by default because many clients cannot connect when enabled +MFP="off" + ENVIRONMENT="${WIRELESS_DEFAULT_ENVIRONMENT}" hook_check_settings() { @@ -46,6 +51,7 @@ hook_check_settings() { assert isbool BROADCAST_SSID assert isset CHANNEL assert isbool DFS + assert isbool MFP assert isset MODE assert isoneof MODE ${HOSTAPD_SUPPORTED_MODES} assert isset PHY @@ -104,6 +110,18 @@ hook_parse_cmdline() { --mac=*) ADDRESS=$(cli_get_val "${1}") ;; + --mfp=*) + MFP="$(cli_get_val "${1}")" + + if enabled MFP; then + MFP="on" + elif disabled MFP; then + MFP="off" + else + error "Invalid value for --mfp: ${MFP}" + return ${EXIT_ERROR} + fi + ;; --mode=*) MODE=$(cli_get_val "${1}") -- 2.39.2