wifi-scripts: set rsn_overriding for client mode interfaces

Unless HE/EHT is enabled, the client should not process the RSN override IE.
This prevents picking up unsupported ciphers

Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
index 49c6888d0129b4e1f0cc94a150cfa92cd39c00bd..f2d51ed34908d048c032c4a352a149d3d02d0602 100644 (file)
--- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
+++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/supplicant.uc
@@ -59,6 +59,11 @@ function setup_sta(data, config) {
                config.ieee80211w = 2;
        else if (config.auth_type in [ 'psk-sae' ])
                config.ieee80211w = 1;
+       if ((wildcard(data.htmode, 'EHT*') || wildcard(data.htmode, 'HE*')) &&
+               config.rsn_override)
+               config.rsn_overriding = 1;
+       else
+               config.rsn_overriding = 0;
 
        set_default(config, 'ieee80211r', 0);
        set_default(config, 'multi_ap', 0);
@@ -159,7 +164,7 @@ function setup_sta(data, config) {
 
        network_append_string_vars(config, [ 'ssid' ]);
        network_append_vars(config, [
-               'scan_ssid', 'noscan', 'disabled', 'multi_ap_backhaul_sta',
+               'rsn_overriding', 'scan_ssid', 'noscan', 'disabled', 'multi_ap_backhaul_sta',
                'ocv', 'key_mgmt', 'psk', 'sae_password', 'pairwise', 'group', 'bssid',
                'proto', 'mesh_fwding', 'mesh_rssi_threshold', 'frequency', 'fixed_freq',
                'disable_ht', 'disable_ht40', 'disable_vht', 'vht', 'max_oper_chwidth',

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
index c0fcf8dba080219c1706630f61064c7610d5ffb4..dabb534cf43f325ff959bd58c22e8797e8b5af0a 100644 (file)
--- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
@@ -1316,7 +1316,7 @@ wpa_supplicant_add_network() {
        wireless_vif_parse_encryption
 
        json_get_vars \
-               ssid bssid key \
+               ssid bssid key rsn_override \
                mcast_rate \
                ieee80211w ieee80211r fils ocv \
                multi_ap \
@@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() {
 
        json_get_values basic_rate_list basic_rate
 
+       set_default rsn_override 1
+
        case "$auth_type" in
                sae|owe|eap2|eap192)
                        set_default ieee80211w 2
@@ -1374,6 +1376,12 @@ wpa_supplicant_add_network() {
 
        [ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T"
 
+       rsn_overriding=0
+       case "$htmode" in
+       EHT*|HE*) [ "$rsn_override" -gt 0 ] && rsn_overriding=1;;
+       esac
+       append network_data "rsn_overriding=$rsn_overriding" "$N$T"
+
        case "$auth_type" in
                none) ;;
                owe)

diff --git a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh
index c9fa2b5fa0894dcc86faa364f19fa0550d7fde62..2e939852b683fa27d1cbc5ae861ef26fa45cefa4 100755 (executable)
--- a/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh
+++ b/package/network/config/wifi-scripts/files/lib/netifd/wireless/mac80211.sh
@@ -1015,7 +1015,7 @@ mac80211_setup_supplicant() {
        wpa_supplicant_prepare_interface "$ifname" nl80211 || return 1
 
        if [ "$mode" = "sta" ]; then
-               wpa_supplicant_add_network "$ifname"
+               wpa_supplicant_add_network "$ifname" "" "$htmode"
        else
                wpa_supplicant_add_network "$ifname" "$freq" "$htmode" "$hostapd_noscan"
        fi