wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz

author Felix Fietkau <nbd@nbd.name>

Wed, 11 Jun 2025 09:05:04 +0000 (11:05 +0200)

committer Felix Fietkau <nbd@nbd.name>

Sat, 21 Jun 2025 18:34:06 +0000 (20:34 +0200)
author Felix Fietkau <nbd@nbd.name>
Wed, 11 Jun 2025 09:05:04 +0000 (11:05 +0200)
committer Felix Fietkau <nbd@nbd.name>
Sat, 21 Jun 2025 18:34:06 +0000 (20:34 +0200)
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc

index d6ca3b5dd26f7b02612234d84e5b17ec18102915..d72abdd3e4ad062eda76061b29c728333ca09bfc 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
@@ -76,8 +76,6 @@ function iface_accounting_server(config) {
  }
  
  function iface_auth_type(config) {
-       iface.parse_encryption(config);
-
         if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) {
                 config.ieee80211w = 2;
                 config.sae_require_mfp = 1;
@@ -432,13 +430,21 @@ function iface_interworking(config) {
         ]);
  }
  
-export function generate(interface, config, vlans, stas, phy_features) {
+export function generate(interface, data, config, vlans, stas, phy_features) {
         config.ctrl_interface = '/var/run/hostapd';
  
         iface_stations(config, stas);
  
         iface_setup(config);
  
+       iface.parse_encryption(config);
+       if (data.config.band == '6g') {
+               if (config.auth_type == 'psk-sae')
+                       config.auth_type = 'sae';
+               if (config.auth_type == 'eap-eap2')
+                       config.auth_type = 'eap2';
+       }
+
         iface_auth_type(config);
  
         iface_accounting_server(config);
diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc

index 848f02d323d3356fa58aa781278a236bb5fbd737..cc174cda5027829bfbc39b76c8c87c33f1e716ec 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
@@ -523,11 +523,11 @@ function generate(config) {
  }
  
  let iface_idx = 0;
-function setup_interface(interface, config, vlans, stas, phy_features, fixup) {
+function setup_interface(interface, data, config, vlans, stas, phy_features, fixup) {
         config = { ...config, fixup };
  
         config.idx = iface_idx++;
-       ap.generate(interface, config, vlans, stas, phy_features);
+       ap.generate(interface, data, config, vlans, stas, phy_features);
  }
  
  export function setup(data) {
@@ -556,9 +556,9 @@ export function setup(data) {
  
                 let owe = interface.config.encryption == 'owe' && interface.config.owe_transition;
  
-               setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
+               setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
                 if (owe)
-                       setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
+                       setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
         }
  
         let config = dump_config(file_name);
diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh

index 080f15d7a6579ec043bda4bd36aaa5f5266931e2..f4a7c71bea1aa44345e94fab5620394655133eeb 100644 (file)
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -64,9 +64,11 @@ hostapd_append_wpa_key_mgmt() {
                         [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
                 ;;
                 psk-sae)
-                       append wpa_key_mgmt "WPA-PSK"
-                       [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
-                       [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+                       [ "$band" = "6g" ] || {
+                               append wpa_key_mgmt "WPA-PSK"
+                               [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
+                               [ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
+                       }
                         append wpa_key_mgmt "SAE"
                         [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
                 ;;
author	Felix Fietkau <nbd@nbd.name>
	Wed, 11 Jun 2025 09:05:04 +0000 (11:05 +0200)
committer	Felix Fietkau <nbd@nbd.name>
	Sat, 21 Jun 2025 18:34:06 +0000 (20:34 +0200)
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc		patch \| blob \| blame \| history
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc		patch \| blob \| blame \| history
package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh		patch \| blob \| blame \| history