sae_require_mfp and sae_pwe are SAE-specific knobs but iface_auth_type()
set them on every auth type that requires PMF (sae, owe, eap2, eap192,
dpp) and on both PMF-optional transition modes (psk-sae, eap-eap2).
hostapd silently ignores the stray settings on non-SAE BSSes, but they
clutter the generated configuration and make it harder to tell at a
glance which knobs actually apply.
Split the grouping: keep ieee80211w (and rsn_override_mfp for transition
modes) where it was, and move sae_require_mfp / sae_pwe into a separate
check that only fires for the two auth types that actually run SAE (sae
and psk-sae).
No functional change on the air.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Link: https://github.com/openwrt/openwrt/pull/23009
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
}
function iface_auth_type(config) {
- if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192', 'dpp' ]) {
+ if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192', 'dpp' ])
config.ieee80211w = 2;
- config.sae_require_mfp = 1;
- if (!config.ppsk)
- set_default(config, 'sae_pwe', 2);
- }
if (config.auth_type in [ 'psk-sae', 'eap-eap2' ]) {
set_default(config, 'ieee80211w', 1);
if (config.rsn_override)
config.rsn_override_mfp = 2;
+ }
+
+ if (config.auth_type in [ 'sae', 'psk-sae' ]) {
config.sae_require_mfp = 1;
if (!config.ppsk)
set_default(config, 'sae_pwe', 2);
projects / thirdparty / openwrt.git / commitdiff
