From 8ad5416d997312a4ae86ebb7bee7dfd1f80c0407 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Wed, 25 Jun 2025 10:48:34 +0200 Subject: [PATCH] wifi-scripts: fix corner case in RSN override support When used, all relevant parameters need to be set Signed-off-by: Felix Fietkau --- .../files-ucode/usr/share/ucode/wifi/ap.uc | 15 ++++++++++++--- .../wifi-scripts/files/lib/netifd/hostapd.sh | 7 +++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc index eccd5824cf8..add9ec137b4 100644 --- a/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc +++ b/package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc @@ -173,8 +173,7 @@ function iface_auth_type(config) { 'eapol_version', 'dynamic_vlan', 'radius_request_cui', 'eap_reauth_period', 'radius_das_client', 'radius_das_port', 'own_ip_addr', 'dynamic_own_ip_addr', 'wpa_disable_eapol_key_retries', 'auth_algs', 'wpa', 'wpa_pairwise', - 'erp_domain', 'fils_realm', 'erp_send_reauth_start', 'fils_cache_id', - 'rsn_override_pairwise', 'rsn_override_mfp' + 'erp_domain', 'fils_realm', 'erp_send_reauth_start', 'fils_cache_id' ]); } @@ -479,9 +478,19 @@ export function generate(interface, data, config, vlans, stas, phy_features) { iface.wpa_key_mgmt(config); append_vars(config, [ 'wpa_key_mgmt', - 'rsn_override_key_mgmt' ]); + if (config.rsn_override_key_mgmt || config.rsn_override_pairwise) { + config.rsn_override_mfp ??= config.ieee80211w; + config.rsn_override_key_mgmt ??= config.wpa_key_mgmt; + config.rsn_override_pairwise ??= config.wpa_pairwise; + append_vars(config, [ + 'rsn_override_key_mgmt', + 'rsn_override_pairwise', + 'rsn_override_mfp' + ]); + } + /* raw options */ for (let raw in config.hostapd_options) append_raw(raw); diff --git a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh index dd96505f09b..623e8ffdb2c 100644 --- a/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh +++ b/package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh @@ -862,7 +862,6 @@ hostapd_set_bss_options() { append bss_conf "auth_algs=${auth_algs:-1}" "$N" append bss_conf "wpa=$wpa" "$N" [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N" - [ -n "$rsn_override_pairwise" ] && append bss_conf "rsn_override_pairwise=$rsn_override_pairwise" "$N" set_default wps_pushbutton 0 set_default wps_label 0 @@ -975,7 +974,11 @@ hostapd_set_bss_options() { hostapd_append_wpa_key_mgmt [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N" - [ -n "$rsn_override_key_mgmt" ] && append bss_conf "rsn_override_key_mgmt=$rsn_override_key_mgmt" "$N" + [ -n "$rsn_override_key_mgmt" -o -n "$rsn_override_pairwise" ] && { + append bss_conf "rsn_override_key_mgmt=${rsn_override_key_mgmt:-$wpa_key_mgmt}" "$N" + append bss_conf "rsn_override_pairwise=${rsn_override_pairwise:-$wpa_pairwise}" "$N" + append bss_conf "rsn_override_mfp=$ieee80211w" "$N" + } fi if [ "$wpa" -ge "2" ]; then