Hello, At present on Kamikaze, the encryption option in /etc/config/wireless controls both crypto and akm:
option encryption psk : WPA-PSK using TKIP option encryption psk+psk2 : WPA-PSK / WPA2-PSK using AES+TKIP option encryption psk2 : WPA2-PSK using AES There is no way to independently control these seperately. This patch allows a suffix to be added, which will override the default crypto options listed above, e.g.: option encryption psk+psk2|aes : WPA-PSK / WPA2-PSK using AES option encryption psk2|aes+tkip : WPA2-PSK using AES+TKIP In addition to the above changes, it also makes the pattern matches a little bit stricter. e.g., it changes "*psk*" to "psk*" and "*psk+*psk2" to "psk+psk2". It strikes me that unless there's a very good reason to do, allowing a wide range of options is asking for trouble. I've tested the patch as best I can, and it always appears to pass the correct options to nas. At present, this patch only applies to broadcom platforms, but I guess the syntax can be ported to others pretty readily. Signed-off-by: Christopher Key <[EMAIL PROTECTED]> Index: package/broadcom-wl/files/lib/wifi/broadcom.sh =================================================================== --- package/broadcom-wl/files/lib/wifi/broadcom.sh (revision 10522) +++ package/broadcom-wl/files/lib/wifi/broadcom.sh (working copy) @@ -165,27 +165,75 @@ *) append vif_do_up "wepkey =1,$key" "$N";; esac ;; - *psk*|*PSK*) + psk*|PSK*) wsec_r=1 config_get key "$vif" key case "$enc" in - wpa*+wpa2*|WPA*+WPA2*|*psk+*psk2|*PSK+*PSK2) auth=132; wsec=6;; - wpa2*|WPA2*|*PSK2|*psk2) auth=128; wsec=4;; - *) auth=4; wsec=2;; + psk+psk2*|PSK+PSK2*) + auth=132 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=6;; + esac + ;; + psk2*|PSK2*) + auth=128 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=4;; + esac + ;; + *) + auth=4 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=2;; + esac + ;; esac eval "${vif}_key=\"\$key\"" nasopts="-k \"\$${vif}_key\"" ;; - *wpa*|*WPA*) + wpa*|WPA*) wsec_r=1 eap_r=1 config_get key "$vif" key config_get server "$vif" server config_get port "$vif" port case "$enc" in - wpa*+wpa2*|WPA*+WPA2*) auth=66; wsec=6;; - wpa2*|WPA2*) auth=64; wsec=4;; - *) auth=2; wsec=2;; + wpa+wpa2*|WPA+WPA2*) + auth=66 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=6;; + esac + ;; + wpa2*|WPA2*) + auth=64 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=4;; + esac + ;; + *) + auth=2 + case "$enc" in + *aes+tkip|*AES+TKIP) wsec=6;; + *aes|*AES) wsec=4;; + *tkip|*TKIP) wsec=2;; + *) wsec=2;; + esac + ;; esac eval "${vif}_key=\"\$key\"" nasopts="-r \"\$${vif}_key\" -h $server -p $port" _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel