From: Sybil127 Date: Thu, 23 May 2024 15:43:07 +0000 (+0200) Subject: wifi-scripts: introduce rxkh_file uci option X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=97c8a94ec509407105db1b942ae5b8ab92252480;p=openwrt%2Fopenwrt.git wifi-scripts: introduce rxkh_file uci option With rxkh_file, hostapd will read a list of RxKHs from a text file. This also makes it possible for hostapd to dynamically reload RxKHs. RxKHs defined in rxkh_file should be formated as described in hostapd.conf, with one entry per line. R0KH/R1KH format: r0kh= <256-bit key as hex string> r1kh= <256-bit key as hex string> Reworked behavior of the uci options r0kh and r1kh. When rxkh_file is not configured: Instead of appending the RxKHs to the hostapd bss configuration. They will be added to a interface specific file with name /var/run/hostapd-phyX-apX.rxkh. This file will be used as the rxkh_file in the hostapd bss configuration. When rxkh_file is configured: The specified file will be used in the hostapd bss configuration, and will be the only source for configured RxKHs. All RxKHs defined with the uci options r0kh or r1kh will be ignored. Signed-off-by: Sybil127 Signed-off-by: Felix Fietkau --- diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index 0b2241ea60..3285ee4312 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -335,7 +335,7 @@ hostapd_common_add_bss_config() { config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds config_add_int r0_key_lifetime reassociation_deadline - config_add_string mobility_domain r1_key_holder + config_add_string mobility_domain r1_key_holder rxkh_file config_add_array r0kh r1kh config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout @@ -592,7 +592,7 @@ hostapd_set_bss_options() { wireless_vif_parse_encryption - local bss_conf bss_md5sum ft_key + local bss_conf bss_md5sum ft_key rxkhs local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt json_get_vars \ @@ -981,7 +981,7 @@ hostapd_set_bss_options() { append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" if [ "$ft_psk_generate_local" -eq "0" ]; then - json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push + json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push rxkh_file json_get_values r0kh r0kh json_get_values r1kh r1kh @@ -1003,12 +1003,20 @@ hostapd_set_bss_options() { append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" - for kh in $r0kh; do - append bss_conf "r0kh=${kh//,/ }" "$N" - done - for kh in $r1kh; do - append bss_conf "r1kh=${kh//,/ }" "$N" - done + if [ -z "$rxkh_file" ]; then + set_default rxkh_file /var/run/hostapd-$ifname.rxkh + [ -e "$rxkh_file" ] && rm -f "$rxkh_file" + touch "$rxkh_file" + + for kh in $r0kh; do + append rxkhs "r0kh=${kh//,/ }" "$N" + done + for kh in $r1kh; do + append rxkhs "r1kh=${kh//,/ }" "$N" + done + echo "$rxkhs" > "$rxkh_file" + fi + append bss_conf "rxkh_file=$rxkh_file" "$N" fi fi