diff options
author | Sunil Ravi <sunilravi@google.com> | 2022-01-28 12:25:46 -0800 |
---|---|---|
committer | Sunil Ravi <sunilravi@google.com> | 2022-01-28 12:25:46 -0800 |
commit | b3580db65eef0ef8fa932815e36e773e02824b0e (patch) | |
tree | 6da3009503d63e775a1516cbb99d42482ac0be68 | |
parent | aefbe888b908daffd53b2ead24dc0dc32b82a60a (diff) | |
download | wpa_supplicant_8-b3580db65eef0ef8fa932815e36e773e02824b0e.tar.gz |
set ieee80211w to optional in hostapd config
set ieee80211w=1 config item in the hostapd config file.
This is to enable IEEE 802.11 management frame protection
feature optional on SoftAp interface. This is mainly to
prevent denial of service when an attacker sends deauthentication
frames to the clients connected to the SoftAp.
Bug: 197874458
Test: Connected STAs to Pixel SofAp and confirmed from the
sniffer logs that PMF capabilities are exchanged and the required
management frames are protected.
Change-Id: Ia773b79a65771a7b53c561ed2601f02aee82f0ea
-rw-r--r-- | hostapd/Android.mk | 4 | ||||
-rw-r--r-- | hostapd/aidl/hostapd.cpp | 3 |
2 files changed, 7 insertions, 0 deletions
diff --git a/hostapd/Android.mk b/hostapd/Android.mk index 8449d161..54548aa0 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -42,6 +42,10 @@ ifeq ($(BOARD_HOSTAPD_PRIVATE_LIB),) L_CFLAGS += -DANDROID_LIB_STUB endif +ifeq ($(BOARD_HOSTAPD_CONFIG_80211W_MFP_OPTIONAL),true) +L_CFLAGS += -DENABLE_HOSTAPD_CONFIG_80211W_MFP_OPTIONAL +endif + # Use Android specific directory for control interface sockets L_CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/data/vendor/wifi/hostapd/sockets\" L_CFLAGS += -DCONFIG_CTRL_IFACE_DIR=\"/data/vendor/wifi/hostapd/ctrl\" diff --git a/hostapd/aidl/hostapd.cpp b/hostapd/aidl/hostapd.cpp index 78747852..9e23247b 100644 --- a/hostapd/aidl/hostapd.cpp +++ b/hostapd/aidl/hostapd.cpp @@ -355,6 +355,9 @@ std::string CreateHostapdConfig( encryption_config_as_string = StringPrintf( "wpa=2\n" "rsn_pairwise=%s\n" +#ifdef ENABLE_HOSTAPD_CONFIG_80211W_MFP_OPTIONAL + "ieee80211w=1\n" +#endif "wpa_passphrase=%s", is_60Ghz_band_only ? "GCMP" : "CCMP", nw_params.passphrase.c_str()); |