From: Michael Yartys Date: Sun, 13 Feb 2022 14:17:54 +0000 (+0100) Subject: wpa_supplicant: compile with OCV support X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=442708dfe2f599796b87eb113b03ab6cc42e0292;p=openwrt%2Fstaging%2Fsvanheule.git wpa_supplicant: compile with OCV support Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile -basic and -full variants with support for OCV. This feature can be configured in the wireless config by setting ocv equal to one of the following values: 0 = disabled (hostapd/wpa_supplicant default) 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the driver indicates support for operating channel validation. Signed-off-by: Michael Yartys --- diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh index 831c562b47..f11b40702c 100644 --- a/package/network/services/hostapd/files/hostapd.sh +++ b/package/network/services/hostapd/files/hostapd.sh @@ -1272,7 +1272,7 @@ wpa_supplicant_add_network() { json_get_vars \ ssid bssid key \ basic_rate mcast_rate \ - ieee80211w ieee80211r fils \ + ieee80211w ieee80211r fils ocv \ multi_ap \ default_disabled @@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() { [ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T" } + [ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T" + case "$auth_type" in none) ;; owe) diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config index c550b37b21..6abd8e2331 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-basic.config +++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config @@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y #CONFIG_IEEE80211W=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index de3302c875..d24fbbb01f 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y #CONFIG_IEEE80211W=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default)