Difuse/difos
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

wifi-scripts: on psk-sae configurations, disable PSK support on 6 GHz

Browse source 
This allows sharing a wifi-iface section across bands while enforcing the no-PSK
rule for 6 GHz

Signed-off-by: Felix Fietkau <nbd@nbd.name>
This commit is contained in:
Felix Fietkau 2025-06-11 11:05:04 +02:00
parent 91a50b27bc
commit a17c3be409
3 changed files with 18 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/ap.uc
View file

@ -76,8 +76,6 @@ function iface_accounting_server(config) {
} }
function iface_auth_type(config) { function iface_auth_type(config) {
iface.parse_encryption(config);
if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) { if (config.auth_type in [ 'sae', 'owe', 'eap2', 'eap192' ]) {
config.ieee80211w = 2; config.ieee80211w = 2;
config.sae_require_mfp = 1; config.sae_require_mfp = 1;
@ -432,13 +430,21 @@ function iface_interworking(config) {
]); ]);
} }
export function generate(interface, config, vlans, stas, phy_features) { export function generate(interface, data, config, vlans, stas, phy_features) {
config.ctrl_interface = '/var/run/hostapd'; config.ctrl_interface = '/var/run/hostapd';
iface_stations(config, stas); iface_stations(config, stas);
iface_setup(config); iface_setup(config);
iface.parse_encryption(config);
if (data.config.band == '6g') {
if (config.auth_type == 'psk-sae')
config.auth_type = 'sae';
if (config.auth_type == 'eap-eap2')
config.auth_type = 'eap2';
}
iface_auth_type(config); iface_auth_type(config);
iface_accounting_server(config); iface_accounting_server(config);

8
package/network/config/wifi-scripts/files-ucode/usr/share/ucode/wifi/hostapd.uc
View file

@ -523,11 +523,11 @@ function generate(config) {
} }
let iface_idx = 0; let iface_idx = 0;
function setup_interface(interface, config, vlans, stas, phy_features, fixup) { function setup_interface(interface, data, config, vlans, stas, phy_features, fixup) {
config = { ...config, fixup }; config = { ...config, fixup };
config.idx = iface_idx++; config.idx = iface_idx++;
ap.generate(interface, config, vlans, stas, phy_features); ap.generate(interface, data, config, vlans, stas, phy_features);
} }
export function setup(data) { export function setup(data) {
@ -556,9 +556,9 @@ export function setup(data) {
let owe = interface.config.encryption == 'owe' && interface.config.owe_transition; let owe = interface.config.encryption == 'owe' && interface.config.owe_transition;
setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null ); setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, owe ? 'owe' : null );
if (owe) if (owe)
setup_interface(k, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition'); setup_interface(k, data, interface.config, interface.vlans, interface.stas, phy_features, 'owe-transition');
} }
let config = dump_config(file_name); let config = dump_config(file_name);

8
package/network/config/wifi-scripts/files/lib/netifd/hostapd.sh
View file

@ -64,9 +64,11 @@ hostapd_append_wpa_key_mgmt() {
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;; ;;
psk-sae) psk-sae)
append wpa_key_mgmt "WPA-PSK" [ "$band" = "6g" ] || {
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK" append wpa_key_mgmt "WPA-PSK"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK"
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256"
}
append wpa_key_mgmt "SAE" append wpa_key_mgmt "SAE"
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" [ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE"
;; ;;