diff mbox series

hostapd: Allow to make Management Frame Protection optional

Message ID	20201020091503.31259-1-michael.tremer@ipfire.org
State	Accepted
Headers	From: Michael Tremer <michael.tremer@ipfire.org> To: development@lists.ipfire.org Subject: [PATCH] hostapd: Allow to make Management Frame Protection optional Date: Tue, 20 Oct 2020 09:15:03 +0000 Message-Id: <20201020091503.31259-1-michael.tremer@ipfire.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: list Cc: Michael Tremer <michael.tremer@ipfire.org> Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	hostapd: Allow to make Management Frame Protection optional \| hostapd: Allow to make Management Frame Protection optional

Commit Message

Michael Tremer Oct. 20, 2020, 9:15 a.m. UTC

  WPA3 mandates MFP, but many clients do not support it at all.

Therefore this can now be set to optional and clients will
fall back to WPA2.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 doc/language_issues.de  |  3 +++
 doc/language_issues.en  |  5 ++++-
 doc/language_issues.es  |  3 +++
 doc/language_issues.fr  |  3 +++
 doc/language_issues.it  |  3 +++
 doc/language_issues.nl  |  3 +++
 doc/language_issues.pl  |  3 +++
 doc/language_issues.ru  |  3 +++
 doc/language_issues.tr  |  3 +++
 doc/language_missings   | 24 ++++++++++++++++++++++++
 html/cgi-bin/wlanap.cgi | 20 +++++++++++---------
 langs/en/cgi-bin/en.pl  |  3 +++
 12 files changed, 66 insertions(+), 10 deletions(-)

diff mbox series

Patch

diff --git a/doc/language_issues.de b/doc/language_issues.de
index 6fcafc460..f3246cd18 100644
--- a/doc/language_issues.de
+++ b/doc/language_issues.de
@@ -888,3 +888,6 @@  WARNING: untranslated string: show tls-auth key = Show tls-auth key
 WARNING: untranslated string: smb daemon = SMB Daemon
 WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_issues.en b/doc/language_issues.en
index 63106d66b..9efb56a39 100644
--- a/doc/language_issues.en
+++ b/doc/language_issues.en
@@ -1447,7 +1447,7 @@  WARNING: untranslated string: play = Play
 WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes
 WARNING: untranslated string: policy = Policy
 WARNING: untranslated string: port = Port
-WARNING: untranslated string: portscans = portscancs
+WARNING: untranslated string: portscans = Port Scans
 WARNING: untranslated string: ppp setup = PPP setup
 WARNING: untranslated string: pppoe settings = Additional PPPoE settings:
 WARNING: untranslated string: pptp netconfig = My Net Config
@@ -2138,6 +2138,9 @@  WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP
 WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP
 WARNING: untranslated string: wlan clients = Wireless clients
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap channel = Channel
diff --git a/doc/language_issues.es b/doc/language_issues.es
index 689eeca7c..e01f5aa98 100644
--- a/doc/language_issues.es
+++ b/doc/language_issues.es
@@ -1513,6 +1513,9 @@  WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP
 WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP
 WARNING: untranslated string: wlan clients = Wireless clients
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_issues.fr b/doc/language_issues.fr
index 632acf938..1f5654456 100644
--- a/doc/language_issues.fr
+++ b/doc/language_issues.fr
@@ -925,3 +925,6 @@  WARNING: untranslated string: samba server role standalone = Standalone
 WARNING: untranslated string: smb daemon = SMB Daemon
 WARNING: untranslated string: user management = User Management
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
diff --git a/doc/language_issues.it b/doc/language_issues.it
index 99a7f3e8d..2f41213a8 100644
--- a/doc/language_issues.it
+++ b/doc/language_issues.it
@@ -1191,6 +1191,9 @@  WARNING: untranslated string: wlan client password = Password
 WARNING: untranslated string: wlan client tls cipher = TLS Cipher
 WARNING: untranslated string: wlan client tls version = TLS Version
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_issues.nl b/doc/language_issues.nl
index 2afa7b0f3..d486349bc 100644
--- a/doc/language_issues.nl
+++ b/doc/language_issues.nl
@@ -1231,6 +1231,9 @@  WARNING: untranslated string: wlan client password = Password
 WARNING: untranslated string: wlan client tls cipher = TLS Cipher
 WARNING: untranslated string: wlan client tls version = TLS Version
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_issues.pl b/doc/language_issues.pl
index 689eeca7c..e01f5aa98 100644
--- a/doc/language_issues.pl
+++ b/doc/language_issues.pl
@@ -1513,6 +1513,9 @@  WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP
 WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP
 WARNING: untranslated string: wlan clients = Wireless clients
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_issues.ru b/doc/language_issues.ru
index ac9715beb..cc2fe7489 100644
--- a/doc/language_issues.ru
+++ b/doc/language_issues.ru
@@ -1508,6 +1508,9 @@  WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP
 WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP
 WARNING: untranslated string: wlan clients = Wireless clients
 WARNING: untranslated string: wlanap = Access Point
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_issues.tr b/doc/language_issues.tr
index 7613e2ff7..99ead4c4a 100644
--- a/doc/language_issues.tr
+++ b/doc/language_issues.tr
@@ -1055,6 +1055,9 @@  WARNING: untranslated string: vpn wait = WAITING
 WARNING: untranslated string: vulnerability = Vulnerability
 WARNING: untranslated string: vulnerable = Vulnerable
 WARNING: untranslated string: winbind daemon = Winbind Daemon
+WARNING: untranslated string: wlanap 802.11w disabled = Disabled
+WARNING: untranslated string: wlanap 802.11w enforced = Enforced
+WARNING: untranslated string: wlanap 802.11w optional = Optional
 WARNING: untranslated string: wlanap auto = Automatic Channel Selection
 WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID
 WARNING: untranslated string: wlanap client isolation = Client Isolation
diff --git a/doc/language_missings b/doc/language_missings
index a1fcdc334..c519c5a6a 100644
--- a/doc/language_missings
+++ b/doc/language_missings
@@ -61,6 +61,9 @@ 
 < user management
 < vpn configuration main
 < winbind daemon
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 ############################################################################
 # Checking cgi-bin translations for language: es                           #
 ############################################################################
@@ -869,6 +872,9 @@ 
 < winbind daemon
 < wireless network
 < wlanap
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
@@ -958,6 +964,9 @@ 
 < upload fcdsl.o
 < user management
 < winbind daemon
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 ############################################################################
 # Checking cgi-bin translations for language: it                           #
 ############################################################################
@@ -1287,6 +1296,9 @@ 
 < winbind daemon
 < wireless network
 < wlanap
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
@@ -1710,6 +1722,9 @@ 
 < winbind daemon
 < wireless network
 < wlanap
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
@@ -2541,6 +2556,9 @@ 
 < winbind daemon
 < wireless network
 < wlanap
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
@@ -3410,6 +3428,9 @@ 
 < winbind daemon
 < wireless network
 < wlanap
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
@@ -3630,6 +3651,9 @@ 
 < vulnerable
 < Weekly
 < winbind daemon
+< wlanap 802.11w disabled
+< wlanap 802.11w enforced
+< wlanap 802.11w optional
 < wlanap auto
 < wlanap broadcast ssid
 < wlanap client isolation
diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi
index 29fdd1cd5..fd7e9a679 100644
--- a/html/cgi-bin/wlanap.cgi
+++ b/html/cgi-bin/wlanap.cgi
@@ -258,9 +258,10 @@  $checked{'CLIENTISOLATION'}{'off'} = '';
 $checked{'CLIENTISOLATION'}{'on'} = '';
 $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'";
 
-$checked{'IEEE80211W'}{'off'} = '';
-$checked{'IEEE80211W'}{'on'} = '';
-$checked{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "checked='checked'";
+$selected{'IEEE80211W'}{'off'} = '';
+$selected{'IEEE80211W'}{'optional'} = '';
+$selected{'IEEE80211W'}{'on'} = '';
+$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected";
 
 $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'";
 $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'";
@@ -451,12 +452,11 @@  print<<END
 <tr>
 	<td width='25%' class='base'>$Lang::tr{'wlanap management frame protection'}:&nbsp;</td>
 	<td class='base' colspan="3">
-		<label>
-			$Lang::tr{'on'} <input type='radio' name='IEEE80211W' value='on' $checked{'IEEE80211W'}{'on'} />
-		</label> |
-		<label>
-			<input type='radio' name='IEEE80211W' value='off' $checked{'IEEE80211W'}{'off'} /> $Lang::tr{'off'}
-		</label>
+		<select name="IEEE80211W">
+			<option value="off" $selected{'IEEE80211W'}{'off'}>$Lang::tr{'wlanap 802.11w disabled'}</option>
+			<option value="optional" $selected{'IEEE80211W'}{'optional'}>$Lang::tr{'wlanap 802.11w optional'}</option>
+			<option value="on" $selected{'IEEE80211W'}{'on'}>$Lang::tr{'wlanap 802.11w enforced'}</option>
+		</select>
 	</td>
 </tr>
 <tr><td colspan='4'><br></td></tr>
@@ -686,6 +686,8 @@  END
  # Management Frame Protection (802.11w)
  if ($wlanapsettings{'IEEE80211W'} eq "on") {
 	print CONFIGFILE "ieee80211w=2\n";
+ } elsif ($wlanapsettings{'IEEE80211W'} eq "optional") {
+	print CONFIGFILE "ieee80211w=1\n";
  } else {
 	print CONFIGFILE "ieee80211w=0\n";
  }
diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl
index 0b4f098a7..d00de3d03 100644
--- a/langs/en/cgi-bin/en.pl
+++ b/langs/en/cgi-bin/en.pl
@@ -2962,6 +2962,9 @@ 
 'wlan client wpa mode tkip tkip' => 'TKIP-TKIP',
 'wlan clients' => 'Wireless clients',
 'wlanap' => 'Access Point',
+'wlanap 802.11w disabled' => 'Disabled',
+'wlanap 802.11w enforced' => 'Enforced',
+'wlanap 802.11w optional' => 'Optional',
 'wlanap auto' => 'Automatic Channel Selection',
 'wlanap broadcast ssid' => 'Broadcast SSID',
 'wlanap channel' => 'Channel',