]> git.ipfire.org Git - thirdparty/openwrt.git/commitdiff
projects / thirdparty / openwrt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9d496df)
wifi-scripts: fix ieee80211w override for psk-sae/sae-mixed
authorFelix Fietkau <nbd@nbd.name>
Sat, 31 Jan 2026 16:56:53 +0000 (16:56 +0000)
committerFelix Fietkau <nbd@nbd.name>
Sat, 31 Jan 2026 17:00:50 +0000 (18:00 +0100)
The ucode wifi-scripts unconditionally set ieee80211w=1 for psk-sae
and eap-eap2 auth types, ignoring any user-configured value. This
caused ieee80211w=2 (MFP required) to be silently downgraded to 1
(MFP optional) when using sae-mixed encryption.

Change the logic to only set the default of 1 when ieee80211w is not
already configured by the user.

Fixes: https://github.com/openwrt/openwrt/issues/21751
Signed-off-by: Felix Fietkau <nbd@nbd.name>
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc patch | blob | blame | history
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc patch | blob | blame | history

diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
index 4585998d30ed4cf60eaea6200f48f97b26f8ea21..5771e0e2df573947e9c56c3626a0a78ea6761211 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -90,7 +90,8 @@ function iface_auth_type(config) {
        }
 
        if (config.auth_type in [ 'psk-sae', 'eap-eap2' ]) {
-               config.ieee80211w = 1;
+               if (!config.ieee80211w)
+                       config.ieee80211w = 1;
                if (config.rsn_override)
                        config.rsn_override_mfp = 2;
                config.sae_require_mfp = 1;
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
index 6d65b5b248ddfae9470812ac7a9a6d5b9b87a0b7..a1daf041a14f5b99323814ea2d73209cce17a3fa 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
@@ -60,7 +60,7 @@ function setup_sta(data, config) {
 
        if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ])
                config.ieee80211w = 2;
-       else if (config.auth_type in [ 'psk-sae' ])
+       else if (config.auth_type in [ 'psk-sae' ] && !config.ieee80211w)
                config.ieee80211w = 1;
        if ((wildcard(data.htmode, 'EHT*') || wildcard(data.htmode, 'HE*')) &&
                config.rsn_override)
Mirror of https://github.com/openwrt/openwrt.git