From patchwork Tue Oct 20 09:15:03 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tremer X-Patchwork-Id: 3590 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CFnyl2YjJz44Sq for ; Tue, 20 Oct 2020 09:15:11 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CFnyj51J3z1W4; Tue, 20 Oct 2020 09:15:09 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CFnyj2d57z2yVn; Tue, 20 Oct 2020 09:15:09 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CFnyg3rDVz2xk9 for ; Tue, 20 Oct 2020 09:15:07 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CFnyf6Cpdz7W; Tue, 20 Oct 2020 09:15:06 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1603185306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oXcfS2XzXjGMMg6VfH4tPSM+iuW/cSsI5Sex50NYYew=; b=9hvsfbNKN06T0aS8glutrxaprfMkG4gJ27NI9hyXcrlQ7KU40/zOInkb6hPXqYGdfjf/fX WSPbT5EDeOTzWcAQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1603185306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=oXcfS2XzXjGMMg6VfH4tPSM+iuW/cSsI5Sex50NYYew=; b=tPxnMxM2NG23dmBsoncEilM6kUvQwiFdPWITLK0M6HP/NCMJubmODjnHrIc6LW+DiA7BWi rPbtfG4LWFjmnjplJIQDpHwAVRn7zyXc+EIOecHnfDouwlXaQkVfXMGhn8HV61GUr5uBfS ukaUp5qaNtWzty9EIf6lgJQq8EgEXAz/SxR5ow6ZBhn5ozf8grUzlUHaVAInE98G5mIXdK azMcto51mKKJvxrXPAuc9RQQWbSeapwHqKmXtM1QwTLEMeewp2MXQjJPwAOICeBCjSZGMo Pnv8FkQnfiegZPlk37iHDVkrRjc8YmQSf9upaKGWJVFMIoIQhSNLTKPKWQsNVw== From: Michael Tremer To: development@lists.ipfire.org Subject: [PATCH] hostapd: Allow to make Management Frame Protection optional Date: Tue, 20 Oct 2020 09:15:03 +0000 Message-Id: <20201020091503.31259-1-michael.tremer@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Michael Tremer Errors-To: development-bounces@lists.ipfire.org Sender: "Development" WPA3 mandates MFP, but many clients do not support it at all. Therefore this can now be set to optional and clients will fall back to WPA2. Signed-off-by: Michael Tremer --- doc/language_issues.de | 3 +++ doc/language_issues.en | 5 ++++- doc/language_issues.es | 3 +++ doc/language_issues.fr | 3 +++ doc/language_issues.it | 3 +++ doc/language_issues.nl | 3 +++ doc/language_issues.pl | 3 +++ doc/language_issues.ru | 3 +++ doc/language_issues.tr | 3 +++ doc/language_missings | 24 ++++++++++++++++++++++++ html/cgi-bin/wlanap.cgi | 20 +++++++++++--------- langs/en/cgi-bin/en.pl | 3 +++ 12 files changed, 66 insertions(+), 10 deletions(-) diff --git a/doc/language_issues.de b/doc/language_issues.de index 6fcafc460..f3246cd18 100644 --- a/doc/language_issues.de +++ b/doc/language_issues.de @@ -888,3 +888,6 @@ WARNING: untranslated string: show tls-auth key = Show tls-auth key WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.en b/doc/language_issues.en index 63106d66b..9efb56a39 100644 --- a/doc/language_issues.en +++ b/doc/language_issues.en @@ -1447,7 +1447,7 @@ WARNING: untranslated string: play = Play WARNING: untranslated string: please reboot to apply your changes = Please reboot to apply your changes WARNING: untranslated string: policy = Policy WARNING: untranslated string: port = Port -WARNING: untranslated string: portscans = portscancs +WARNING: untranslated string: portscans = Port Scans WARNING: untranslated string: ppp setup = PPP setup WARNING: untranslated string: pppoe settings = Additional PPPoE settings: WARNING: untranslated string: pptp netconfig = My Net Config @@ -2138,6 +2138,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap channel = Channel diff --git a/doc/language_issues.es b/doc/language_issues.es index 689eeca7c..e01f5aa98 100644 --- a/doc/language_issues.es +++ b/doc/language_issues.es @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.fr b/doc/language_issues.fr index 632acf938..1f5654456 100644 --- a/doc/language_issues.fr +++ b/doc/language_issues.fr @@ -925,3 +925,6 @@ WARNING: untranslated string: samba server role standalone = Standalone WARNING: untranslated string: smb daemon = SMB Daemon WARNING: untranslated string: user management = User Management WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional diff --git a/doc/language_issues.it b/doc/language_issues.it index 99a7f3e8d..2f41213a8 100644 --- a/doc/language_issues.it +++ b/doc/language_issues.it @@ -1191,6 +1191,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.nl b/doc/language_issues.nl index 2afa7b0f3..d486349bc 100644 --- a/doc/language_issues.nl +++ b/doc/language_issues.nl @@ -1231,6 +1231,9 @@ WARNING: untranslated string: wlan client password = Password WARNING: untranslated string: wlan client tls cipher = TLS Cipher WARNING: untranslated string: wlan client tls version = TLS Version WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.pl b/doc/language_issues.pl index 689eeca7c..e01f5aa98 100644 --- a/doc/language_issues.pl +++ b/doc/language_issues.pl @@ -1513,6 +1513,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.ru b/doc/language_issues.ru index ac9715beb..cc2fe7489 100644 --- a/doc/language_issues.ru +++ b/doc/language_issues.ru @@ -1508,6 +1508,9 @@ WARNING: untranslated string: wlan client wpa mode ccmp tkip = CCMP-TKIP WARNING: untranslated string: wlan client wpa mode tkip tkip = TKIP-TKIP WARNING: untranslated string: wlan clients = Wireless clients WARNING: untranslated string: wlanap = Access Point +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_issues.tr b/doc/language_issues.tr index 7613e2ff7..99ead4c4a 100644 --- a/doc/language_issues.tr +++ b/doc/language_issues.tr @@ -1055,6 +1055,9 @@ WARNING: untranslated string: vpn wait = WAITING WARNING: untranslated string: vulnerability = Vulnerability WARNING: untranslated string: vulnerable = Vulnerable WARNING: untranslated string: winbind daemon = Winbind Daemon +WARNING: untranslated string: wlanap 802.11w disabled = Disabled +WARNING: untranslated string: wlanap 802.11w enforced = Enforced +WARNING: untranslated string: wlanap 802.11w optional = Optional WARNING: untranslated string: wlanap auto = Automatic Channel Selection WARNING: untranslated string: wlanap broadcast ssid = Broadcast SSID WARNING: untranslated string: wlanap client isolation = Client Isolation diff --git a/doc/language_missings b/doc/language_missings index a1fcdc334..c519c5a6a 100644 --- a/doc/language_missings +++ b/doc/language_missings @@ -61,6 +61,9 @@ < user management < vpn configuration main < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: es # ############################################################################ @@ -869,6 +872,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -958,6 +964,9 @@ < upload fcdsl.o < user management < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional ############################################################################ # Checking cgi-bin translations for language: it # ############################################################################ @@ -1287,6 +1296,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -1710,6 +1722,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -2541,6 +2556,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3410,6 +3428,9 @@ < winbind daemon < wireless network < wlanap +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation @@ -3630,6 +3651,9 @@ < vulnerable < Weekly < winbind daemon +< wlanap 802.11w disabled +< wlanap 802.11w enforced +< wlanap 802.11w optional < wlanap auto < wlanap broadcast ssid < wlanap client isolation diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 29fdd1cd5..fd7e9a679 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -258,9 +258,10 @@ $checked{'CLIENTISOLATION'}{'off'} = ''; $checked{'CLIENTISOLATION'}{'on'} = ''; $checked{'CLIENTISOLATION'}{$wlanapsettings{'CLIENTISOLATION'}} = "checked='checked'"; -$checked{'IEEE80211W'}{'off'} = ''; -$checked{'IEEE80211W'}{'on'} = ''; -$checked{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "checked='checked'"; +$selected{'IEEE80211W'}{'off'} = ''; +$selected{'IEEE80211W'}{'optional'} = ''; +$selected{'IEEE80211W'}{'on'} = ''; +$selected{'IEEE80211W'}{$wlanapsettings{'IEEE80211W'}} = "selected"; $selected{'ENC'}{$wlanapsettings{'ENC'}} = "selected='selected'"; $selected{'CHANNEL'}{$wlanapsettings{'CHANNEL'}} = "selected='selected'"; @@ -451,12 +452,11 @@ print< $Lang::tr{'wlanap management frame protection'}:  - | - +
@@ -686,6 +686,8 @@ END # Management Frame Protection (802.11w) if ($wlanapsettings{'IEEE80211W'} eq "on") { print CONFIGFILE "ieee80211w=2\n"; + } elsif ($wlanapsettings{'IEEE80211W'} eq "optional") { + print CONFIGFILE "ieee80211w=1\n"; } else { print CONFIGFILE "ieee80211w=0\n"; } diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index 0b4f098a7..d00de3d03 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2962,6 +2962,9 @@ 'wlan client wpa mode tkip tkip' => 'TKIP-TKIP', 'wlan clients' => 'Wireless clients', 'wlanap' => 'Access Point', +'wlanap 802.11w disabled' => 'Disabled', +'wlanap 802.11w enforced' => 'Enforced', +'wlanap 802.11w optional' => 'Optional', 'wlanap auto' => 'Automatic Channel Selection', 'wlanap broadcast ssid' => 'Broadcast SSID', 'wlanap channel' => 'Channel',