hostapd: set group_mgmt_cipher when ieee80211w is enabled
authorJo-Philipp Wich <jo@mein.io>
Fri, 5 Jan 2018 12:15:01 +0000 (13:15 +0100)
committerJo-Philipp Wich <jo@mein.io>
Sun, 7 Jan 2018 11:33:47 +0000 (12:33 +0100)
In order to properly support 802.11w, hostapd needs to advertise a group
management cipher when negotiating associations.

Introduce a new per-wifi-iface option "ieee80211w_mgmt_cipher" which
defaults to the standard AES-128-CMAC cipher and always emit a
"group_mgmt_cipher" setting in native hostapd config when 802.11w is
enabled.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
package/network/services/hostapd/files/hostapd.sh

index 623b1f9..36aee85 100644 (file)
@@ -174,6 +174,7 @@ hostapd_common_add_bss_config() {
        config_add_string ownip
        config_add_string iapp_interface
        config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd
+       config_add_string ieee80211w_mgmt_cipher
 
        config_add_int dynamic_vlan vlan_naming
        config_add_string vlan_tagged_interface vlan_bridge
@@ -444,9 +445,10 @@ hostapd_set_bss_options() {
                # RSN -> allow management frame protection
                case "$ieee80211w" in
                        [012])
-                               json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout
+                               json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout
                                append bss_conf "ieee80211w=$ieee80211w" "$N"
                                [ "$ieee80211w" -gt "0" ] && {
+                                       append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N"
                                        [ -n "$ieee80211w_max_timeout" ] && \
                                                append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N"
                                        [ -n "$ieee80211w_retry_timeout" ] && \