[OpenWrt-Devel] [PATCH 1/2 for netifd] wireless: set different default ciphers for AP and STA

Daniel Golle daniel at makrotopia.org
Tue Mar 8 06:15:31 EST 2016


It came up that, due to CCMP being set as a default which currently
affects only AP mode, this default would also be applied in STA mode
once the value of $wpa_cipher is going to be used for wpa_supplicant.
In order not to hurt existing setups by changing the default,
be more sensitive and set different default values to be used by AP
and by STA mode, ie. for STA don't set the cipher explicitely if it
is unconfigured.

Signed-off-by: Daniel Golle <daniel at makrotopia.org>
---
 scripts/netifd-wireless.sh | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts/netifd-wireless.sh b/scripts/netifd-wireless.sh
index 87d13ca..198e91c 100644
--- a/scripts/netifd-wireless.sh
+++ b/scripts/netifd-wireless.sh
@@ -195,7 +195,6 @@ wireless_vif_parse_encryption() {
 	auth_mode_open=1
 	auth_mode_shared=0
 	auth_type=none
-	wpa_cipher=CCMP
 	case "$encryption" in
 		*tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) wpa_cipher="CCMP TKIP";;
 		*aes|*ccmp) wpa_cipher="CCMP";;
@@ -205,6 +204,9 @@ wireless_vif_parse_encryption() {
 	# 802.11n requires CCMP for WPA
 	[ "$enable_ht:$wpa_cipher" = "1:TKIP" ] && wpa_cipher="CCMP TKIP"
 
+	# set CCMP as default for AP mode
+	wpa_pairwise="${wpa_cipher:-CCMP}"
+
 	# Examples:
 	# psk-mixed/tkip    => WPA1+2 PSK, TKIP
 	# wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP
@@ -223,9 +225,9 @@ wireless_vif_parse_encryption() {
 		*)
 			wpa=0
 			wpa_cipher=
+			wpa_pairwise=
 		;;
 	esac
-	wpa_pairwise="$wpa_cipher"
 
 	case "$encryption" in
 		*psk*)
-- 
2.7.2
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel


More information about the openwrt-devel mailing list