AP: Disable VHT in TKIP configuration

Message ID	1476715989-1251-1-git-send-email-filip.matusiak@tieto.com
State	Accepted
Headers	show Return-Path: <hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org> From: Filip Matusiak <filip.matusiak@tieto.com> To: hostap@lists.infradead.org Subject: [PATCH] AP: Disable VHT in TKIP configuration Date: Mon, 17 Oct 2016 16:53:09 +0200 Message-Id: <1476715989-1251-1-git-send-email-filip.matusiak@tieto.com> summary: Content analysis details: (-2.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [2a00:1450:4010:c07:0:0:0:22d listed in] [list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Precedence: list Cc: marek.kwaczynski@tieto.com, michal.kazior@tieto.com, filip.matusiak@tieto.com MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "Hostap" <hostap-bounces@lists.infradead.org> Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

Message ID

1476715989-1251-1-git-send-email-filip.matusiak@tieto.com

State

Accepted

Headers

From: Filip Matusiak <filip.matusiak@tieto.com>
To: hostap@lists.infradead.org
Subject: [PATCH] AP: Disable VHT in TKIP configuration
Date: Mon, 17 Oct 2016 16:53:09 +0200
Message-Id: <1476715989-1251-1-git-send-email-filip.matusiak@tieto.com>
Precedence: list
Cc: marek.kwaczynski@tieto.com, michal.kazior@tieto.com,
	filip.matusiak@tieto.com
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: "Hostap" <hostap-bounces@lists.infradead.org>
Errors-To: hostap-bounces+incoming=patchwork.ozlabs.org@lists.infradead.org

This has already been done for WEP, but there's same constraint for not allowing VTH rates in case of TKIP. Signed-off-by: Filip Matusiak <filip.matusiak@tieto.com> --- src/ap/ap_config.c | 11 +++++++++++ 1 file changed, 11 insertions(+)

Comments

Jouni Malinen Oct. 28, 2016, 10:30 p.m. UTC | #1

On Mon, Oct 17, 2016 at 04:53:09PM +0200, Filip Matusiak wrote:
> This has already been done for WEP, but there's same constraint for not
> allowing VTH rates in case of TKIP.

Thanks, applied.

diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 228de2b..9c178c7 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -848,6 +848,17 @@  static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
 		wpa_printf(MSG_ERROR,
 			   "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
 	}
+
+	if (full_config && conf->ieee80211ac && bss->wpa &&
+	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
+	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
+				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
+	{
+		bss->disable_11ac = 1;
+		wpa_printf(MSG_ERROR, "VHT (IEEE 802.11ac) with WPA/WPA2 "
+			   "requires CCMP/GCMP to be enabled, disabling VHT "
+			   "capabilities");
+	}
 #endif /* CONFIG_IEEE80211AC */
 
 #ifdef CONFIG_WPS

AP: Disable VHT in TKIP configuration

Commit Message

Comments

Patch