Hello,
At present on Kamikaze, the encryption option in /etc/config/wireless
controls both crypto and akm:
option encryption psk : WPA-PSK using TKIP
option encryption psk+psk2 : WPA-PSK / WPA2-PSK using AES+TKIP
option encryption psk2 : WPA2-PSK using AES
There is no way to independently control these seperately. This patch
allows a suffix to be added, which will override the default crypto
options listed above, e.g.:
option encryption psk+psk2|aes : WPA-PSK / WPA2-PSK using AES
option encryption psk2|aes+tkip : WPA2-PSK using AES+TKIP
In addition to the above changes, it also makes the pattern matches a
little bit stricter. e.g., it changes "*psk*" to "psk*" and
"*psk+*psk2" to "psk+psk2". It strikes me that unless there's a very
good reason to do, allowing a wide range of options is asking for trouble.
I've tested the patch as best I can, and it always appears to pass the
correct options to nas. At present, this patch only applies to broadcom
platforms, but I guess the syntax can be ported to others pretty readily.
Signed-off-by: Christopher Key <[EMAIL PROTECTED]>
Index: package/broadcom-wl/files/lib/wifi/broadcom.sh
===================================================================
--- package/broadcom-wl/files/lib/wifi/broadcom.sh (revision 10522)
+++ package/broadcom-wl/files/lib/wifi/broadcom.sh (working copy)
@@ -165,27 +165,75 @@
*) append vif_do_up "wepkey =1,$key" "$N";;
esac
;;
- *psk*|*PSK*)
+ psk*|PSK*)
wsec_r=1
config_get key "$vif" key
case "$enc" in
- wpa*+wpa2*|WPA*+WPA2*|*psk+*psk2|*PSK+*PSK2)
auth=132; wsec=6;;
- wpa2*|WPA2*|*PSK2|*psk2) auth=128; wsec=4;;
- *) auth=4; wsec=2;;
+ psk+psk2*|PSK+PSK2*)
+ auth=132
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=6;;
+ esac
+ ;;
+ psk2*|PSK2*)
+ auth=128
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=4;;
+ esac
+ ;;
+ *)
+ auth=4
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=2;;
+ esac
+ ;;
esac
eval "${vif}_key=\"\$key\""
nasopts="-k \"\$${vif}_key\""
;;
- *wpa*|*WPA*)
+ wpa*|WPA*)
wsec_r=1
eap_r=1
config_get key "$vif" key
config_get server "$vif" server
config_get port "$vif" port
case "$enc" in
- wpa*+wpa2*|WPA*+WPA2*) auth=66; wsec=6;;
- wpa2*|WPA2*) auth=64; wsec=4;;
- *) auth=2; wsec=2;;
+ wpa+wpa2*|WPA+WPA2*)
+ auth=66
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=6;;
+ esac
+ ;;
+ wpa2*|WPA2*)
+ auth=64
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=4;;
+ esac
+ ;;
+ *)
+ auth=2
+ case "$enc" in
+ *aes+tkip|*AES+TKIP) wsec=6;;
+ *aes|*AES) wsec=4;;
+ *tkip|*TKIP) wsec=2;;
+ *) wsec=2;;
+ esac
+ ;;
esac
eval "${vif}_key=\"\$key\""
nasopts="-r \"\$${vif}_key\" -h $server -p $port"
_______________________________________________
openwrt-devel mailing list
[email protected]
http://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
