Operating Channel Validation (OCV) is a security feature designed to
prevent person-in-the-middle multi-channel attacks. Compile the -basic and
-full variants of hostapd with this feature, and enable discovery of this
feature for future luci integration. OCV can be configured by setting ocv
equal to one of the following values in the wireless config:
0 = disabled (hostapd/wpa_supplicant default)
1 = enabled
2 = enabled in workaround mode - Allow STA that claims OCV capability to
connect even if the STA doesn't send OCI or negotiate PMF.
Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Integrated EAP server
#CONFIG_EAP=y
#CONFIG_IEEE80211W=y
# Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
# Integrated EAP server
CONFIG_EAP=y
config_add_boolean fils
config_add_string fils_dhcp
+
+ config_add_int ocv
}
hostapd_set_vlan_file() {
airtime_bss_weight airtime_bss_limit airtime_sta_weight \
multicast_to_unicast proxy_arp per_sta_vif \
eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
- vendor_elements fils
+ vendor_elements fils ocv
set_default fils 0
set_default isolate 0
json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
}
+ [ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
+
case "$auth_type" in
sae|owe|eap192|eap-eap192)
set_default ieee80211w 2
#ifdef CONFIG_FILS
if (!strcmp(feat, "fils"))
return 1;
+#endif
+#ifdef CONFIG_OCV
+ if (!strcmp(feat, "ocv"))
+ return 1;
#endif
return 0;
}