hostapd: make wnm_sleep_mode_no_keys configurable

In the aftermath of the KRACK attacks, hostapd gained an AP-side workaround
against WNM-Sleep Mode GTK/IGTK reinstallation attacks. WNM Sleep Mode is not
enabled by default on OpenWrt, but it is configurable through the option
wnm_sleep_mode. Thus, make the AP-side workaround configurable as well by
exposing the option wnm_sleep_mode_no_keys. If you use the option
wpa_disable_eapol_key_retries and have wnm_sleep_mode enabled, you might
consider using this workaround.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
[bump PKG_RELEASE]
Signed-off-by: Paul Spooren <mail@aparcar.org>
(cherry picked from commit bf98faaac8ed24cf7d3d93dd4fcd7304d109363b)

diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 628bbbec4dff764416c59bee59fad2c87c188d17..67ea89c3392199ca63f7a7d3380ab15983de28b7 100644 (file)
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hostapd
-PKG_RELEASE:=34
+PKG_RELEASE:=35
 
 PKG_SOURCE_URL:=http://w1.fi/hostap.git
 PKG_SOURCE_PROTO:=git

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index ee338a93881e8a73452a07c53b45db463be937ad..aa72e09eba34be9935b048274cbe6c9a258d4931 100644 (file)
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -284,7 +284,7 @@ hostapd_common_add_bss_config() {
        config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
        config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key
 
-       config_add_boolean wnm_sleep_mode bss_transition
+       config_add_boolean wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
        config_add_int time_advertisement
        config_add_string time_zone
 
@@ -706,13 +706,17 @@ hostapd_set_bss_options() {
                append bss_conf "iapp_interface=$ifname" "$N"
        }
 
-       json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition
+       json_get_vars time_advertisement time_zone wnm_sleep_mode wnm_sleep_mode_no_keys bss_transition
        set_default bss_transition 0
        set_default wnm_sleep_mode 0
+       set_default wnm_sleep_mode_no_keys 0
 
        [ -n "$time_advertisement" ] && append bss_conf "time_advertisement=$time_advertisement" "$N"
        [ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N"
-       [ "$wnm_sleep_mode" -eq "1" ] && append bss_conf "wnm_sleep_mode=1" "$N"
+       if [ "$wnm_sleep_mode" -eq "1" ]; then
+               append bss_conf "wnm_sleep_mode=1" "$N"
+               [ "$wnm_sleep_mode_no_keys" -eq "1" ] && append bss_conf "wnm_sleep_mode_no_keys=1" "$N"
+       fi
        [ "$bss_transition" -eq "1" ] && append bss_conf "bss_transition=1" "$N"
 
        json_get_vars ieee80211k rrm_neighbor_report rrm_beacon_report