Re: [PATCH 2/2] hostapd: force ieee80211w instead of setting a default
Hi, > right now luci will force 2 nope, it will not. It calculates the dynamic default according to the logic in hostapd.sh and will remove the value from uci if the selected user value matches the dynamic default [1]. So with WPA3 selected and choosing 11w ... ... required -> remove option ieee80211w ... optional -> write option ieee80211w 1 ... disabled -> write option ieee80211w 0 [2] With WPA3 mixed mode selected and choosing 11w ... ... required -> write option ieee80211w 2 ... optional -> remove option ieee80211w ... disabled -> write option ieee80211w 0 [2] With any other WPA mode selected and choosing 11w ... ... required -> write option ieee80211w 2 ... optional -> write option ieee80211w 1 ... disabled -> remove option ieee80211w 1: See defaults at: https://github.com/openwrt/luci/blob/master/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js#L1685 2: Disabling (0) is bugged in 21.02.0 and has been fixed in master with: https://github.com/openwrt/luci/commit/0b49ed45c6e9f4bc10abdcea392125aec3794e58 ~ Jo signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 2/2] hostapd: force ieee80211w instead of setting a default
Am 11.10.21 um 19:40 schrieb Henrique de Moraes Holschuh via openwrt-devel: The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. right now luci will force 2 ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 2/2] hostapd: force ieee80211w instead of setting a default
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software.--- Begin Message --- On 11/10/2021 14:14, Jo-Philipp Wich wrote: Doesn't that downgrade PSK-SAE which the user configured to be with mandatory MFP to now only have optional MFP? yes. The way I read it, it also prevents using the WPA3 protocol without obligatory MFP (afair some users use that for limited drivers) The only way this is not going to cause user issues, is to have an "auto" in LuCI (for UCI, that might be "unset"), for the proper default, and let the user force-override it where wanted. -- Henrique de Moraes Holschuh Analista de Projetos Centro de Estudos e Pesquisas em Tecnologias de Redes e Operações (Ceptro.br) +55 11 5509-3537 R.:4023 INOC 22548*625 www.nic.br --- End Message --- ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 2/2] hostapd: force ieee80211w instead of setting a default
Hi, > Doesn't that downgrade PSK-SAE which the user configured to be with > mandatory MFP to now only have optional MFP? yes. The way I read it, it also prevents using the WPA3 protocol without obligatory MFP (afair some users use that for limited drivers) ~ Jo signature.asc Description: OpenPGP digital signature ___ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Re: [PATCH 2/2] hostapd: force ieee80211w instead of setting a default
On Mon, Oct 11, 2021 at 02:16:14PM +0200, John Crispin wrote:
> WPA3 modes require 11w to be set to optional/required. Using set_default would
> allow forcing an invalid value from UCI.
>
> Signed-off-by: John Crispin
> ---
> package/network/services/hostapd/files/hostapd.sh | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/package/network/services/hostapd/files/hostapd.sh
> b/package/network/services/hostapd/files/hostapd.sh
> index efb06427ca..36156a002c 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -1211,10 +1211,10 @@ wpa_supplicant_add_network() {
>
> case "$auth_type" in
> sae|owe|eap192|eap-eap256|eap256)
> - set_default ieee80211w 2
> + ieee80211w=2
> ;;
> psk-sae)
> - set_default ieee80211w 1
> + ieee80211w=1
Doesn't that downgrade PSK-SAE which the user configured to be with
mandatory MFP to now only have optional MFP?
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
[PATCH 2/2] hostapd: force ieee80211w instead of setting a default
WPA3 modes require 11w to be set to optional/required. Using set_default would
allow forcing an invalid value from UCI.
Signed-off-by: John Crispin
---
package/network/services/hostapd/files/hostapd.sh | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/network/services/hostapd/files/hostapd.sh
b/package/network/services/hostapd/files/hostapd.sh
index efb06427ca..36156a002c 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -1211,10 +1211,10 @@ wpa_supplicant_add_network() {
case "$auth_type" in
sae|owe|eap192|eap-eap256|eap256)
- set_default ieee80211w 2
+ ieee80211w=2
;;
psk-sae)
- set_default ieee80211w 1
+ ieee80211w=1
;;
esac
--
2.25.1
___
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
