wpa_supplicant: compile with OCV support

Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile -basic and -full variants with support for OCV. This feature can be configured in the wireless config by setting ocv equal to one of the following values: 0 = disabled (hostapd/wpa_supplicant default) 1 = enabled if wpa_supplicant's SME in use. Otherwise enabled only when the driver indicates support for operating channel validation. Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
2022-02-13 15:17:54 +01:00 · 2022-02-13 15:17:54 +01:00 · 442708dfe2
parent f60628f33c
commit 442708dfe2
3 changed files with 5 additions and 3 deletions
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@ -1272,7 +1272,7 @@ wpa_supplicant_add_network() {
 	json_get_vars \
 		ssid bssid key \
 		basic_rate mcast_rate \
-		ieee80211w ieee80211r fils \
+		ieee80211w ieee80211r fils ocv \
 		multi_ap \
 		default_disabled

@ -1324,6 +1324,8 @@ wpa_supplicant_add_network() {
 		[ "$default_disabled" = 1 ] && append network_data "disabled=1" "$N$T"
 	}

+	[ -n "$ocv" ] && append network_data "ocv=$ocv" "$N$T"
+
 	case "$auth_type" in
 		none) ;;
 		owe)
--- a/package/network/services/hostapd/files/wpa_supplicant-basic.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config
@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y

 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y

 # Select TLS implementation
 # openssl = OpenSSL (default)
--- a/package/network/services/hostapd/files/wpa_supplicant-full.config
+++ b/package/network/services/hostapd/files/wpa_supplicant-full.config
@ -315,7 +315,7 @@ CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
 #CONFIG_IEEE80211W=y

 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y

 # Select TLS implementation
 # openssl = OpenSSL (default)