bss->pasn_comeback_after = atoi(pos);
} else if (os_strcmp(buf, "pasn_noauth") == 0) {
bss->pasn_noauth = atoi(pos);
+ } else if (os_strcmp(buf, "urnm_mfpr") == 0) {
+ bss->urnm_mfpr = !!atoi(pos);
+ } else if (os_strcmp(buf, "urnm_mfpr_x20") == 0) {
+ bss->urnm_mfpr_x20 = !!atoi(pos);
#endif /* CONFIG_PASN */
} else if (os_strcmp(buf, "ext_capa_mask") == 0) {
if (get_hex_config(bss->ext_capa_mask, EXT_CAPA_MAX_LEN,
#sae_require_mfp=1
#sae_pwe=2
+##### IEEE 802.11az configuration #############################################
+#
+# urnm_mfpr:
+# urnm_mfpr mandates use of management frame protection and establishment of
+# PTKSA across all supported bandwidths, regardless of the urnm_mfpr_x20
+# setting for unassociated negotiation and measurement operations.
+#
+# urnm_mfpr_x20:
+# urnm_mfpr_x20 allows unassociated negotiation and measurement
+# operations using 20 MHz bandwidth without requiring management frame
+# protection and a PTKSA while mandating the security for higher bandwidth
+# cases. This is only valid if urnm_mfpr is false.
+#
+# Behavior Summary:
+# - urnm_mfpr = 1:
+# - PTKSA is required for all supported bandwidths.
+# - urnm_mfpr_x20 is ignored.
+#
+# - urnm_mfpr = 0 and urnm_mfpr_x20 = 1:
+# - PTKSA is required only for bandwidths greater than 20 MHz.
+#
+# - urnm_mfpr = 0 and urnm_mfpr_x20 = 0:
+# - PTKSA is not required for any bandwidths.
+#urnm_mfpr=0
+#urnm_mfpr_x20=0
##### IEEE 802.11r configuration ##############################################
bss->pasn_comeback_after = 10;
bss->pasn_noauth = 1;
#endif /* CONFIG_PASN */
+ bss->urnm_mfpr_x20 = -1;
+ bss->urnm_mfpr = -1;
}
u16 pasn_comeback_after;
#endif /* CONFIG_PASN */
+ int urnm_mfpr_x20;
+ int urnm_mfpr;
+
unsigned int unsol_bcast_probe_resp_interval;
u8 ext_capa_mask[EXT_CAPA_MAX_LEN];
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT_AP)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
- if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP)
- capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
+ if (hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG_AP) {
+ if (hapd->conf->urnm_mfpr != 0)
+ capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
+ if (hapd->conf->urnm_mfpr_x20 == 1)
+ capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR_X20);
+ }
if (hapd->conf->ssid_protection)
capab |= BIT(WLAN_RSNX_CAPAB_SSID_PROTECTION);
if ((hapd->iface->drv_flags2 & WPA_DRIVER_FLAGS2_SPP_AMSDU) &&
#endif /* CONFIG_FILS */
enum sae_pwe sae_pwe;
bool sae_pk;
+ bool urnm_mfpr_x20;
+ bool urnm_mfpr;
unsigned int secure_ltf:1;
unsigned int secure_rtt:1;
#endif /* CONFIG_TESTING_OPTIONS */
#endif /* CONFIG_PASN */
+ if (conf->urnm_mfpr_x20 == 1)
+ wconf->urnm_mfpr_x20 = true;
+ if (conf->urnm_mfpr != 0)
+ wconf->urnm_mfpr = true;
wconf->radius_psk = conf->wpa_psk_radius == PSK_RADIUS_DURING_4WAY_HS;
wconf->no_disconnect_on_group_keyerror =
conf->bss_max_idle && conf->ap_max_inactivity &&
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
if (conf->secure_rtt)
capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
- if (conf->prot_range_neg)
- capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
+ if (conf->prot_range_neg) {
+ if (conf->urnm_mfpr)
+ capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
+ if (conf->urnm_mfpr_x20)
+ capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR_X20);
+ }
if (conf->ssid_protection)
capab |= BIT(WLAN_RSNX_CAPAB_SSID_PROTECTION);
if (conf->spp_amsdu)
projects / thirdparty / hostap.git / commitdiff
