projects / openwrt / staging / lynxis.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f60628f)
wpa_supplicant: compile with OCV support
authorMichael Yartys <michael.yartys@protonmail.com>
Sun, 13 Feb 2022 14:17:54 +0000 (15:17 +0100)
committerHauke Mehrtens <hauke@hauke-m.de>
Sun, 3 Jul 2022 18:25:38 +0000 (20:25 +0200)
Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile -basic and
-full variants with support for OCV. This feature can be configured in the
wireless config by setting ocv equal to one of the following values:

0 = disabled (hostapd/wpa_supplicant default)
1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the
    driver indicates support for operating channel validation.

Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
package/network/services/hostapd/files/hostapd.sh patch | blob | history
package/network/services/hostapd/files/wpa_supplicant-basic.config patch | blob | history
package/network/services/hostapd/files/wpa_supplicant-full.config patch | blob | history

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 831c562b4708a699408d0da69a35f735c1673fa4..f11b40702c1811690861a828bab589b3ca97b3e6 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -1272,7 +1272,7 @@ wpa_supplicant_add_network() {
        json_get_vars \
                ssid bssid key \
                basic_rate mcast_rate \
-               ieee80211w ieee80211r fils \
+               ieee80211w ieee80211r fils ocv \
                multi_ap \
                default_disabled
 
@@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() {
                [ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T"
        }
 
+       [ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T"
+
        case "$auth_type" in
                none) ;;
                owe)
diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config
index c550b37b21b3f631f4d51096f26f93a321df50b0..6abd8e2331aa13c8f646065bcef1e8000c7e1c72 100644 (file)
--- a/package/network/services/hostapd/files/wpa_supplicant-basic.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config
@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)
diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config
index de3302c875fb7862ef146d6960d3c868869dbf41..d24fbbb01f17238ca8a9b82e5f03945acf4b7bd4 100644 (file)
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Select TLS implementation
 # openssl = OpenSSL (default)
lynxis staging tree