AP: Add 6 GHz security constraints
Add security constraints for the 6 GHz band as given in IEEE P802.11ax/D8.0, 12.12.2. Signed-off-by: Aloka Dixit <alokad@codeaurora.org>
This commit is contained in:
parent
df0bfe4759
commit
630b1fdba8
|
@ -1154,10 +1154,54 @@ static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
|
||||||
#endif /* CONFIG_SAE_PK */
|
#endif /* CONFIG_SAE_PK */
|
||||||
|
|
||||||
|
|
||||||
|
static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss)
|
||||||
|
{
|
||||||
|
if (bss->wpa != WPA_PROTO_RSN) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"Pre-RSNA security methods are not allowed in 6 GHz");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bss->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"Management frame protection is required in 6 GHz");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bss->wpa_key_mgmt & (WPA_KEY_MGMT_PSK |
|
||||||
|
WPA_KEY_MGMT_FT_PSK |
|
||||||
|
WPA_KEY_MGMT_PSK_SHA256)) {
|
||||||
|
wpa_printf(MSG_ERROR, "Invalid AKM suite for 6 GHz");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 |
|
||||||
|
WPA_CIPHER_WEP104 |
|
||||||
|
WPA_CIPHER_TKIP)) {
|
||||||
|
wpa_printf(MSG_ERROR,
|
||||||
|
"Invalid pairwise cipher suite for 6 GHz");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (bss->wpa_group & (WPA_CIPHER_WEP40 |
|
||||||
|
WPA_CIPHER_WEP104 |
|
||||||
|
WPA_CIPHER_TKIP)) {
|
||||||
|
wpa_printf(MSG_ERROR, "Invalid group cipher suite for 6 GHz");
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
|
static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
|
||||||
struct hostapd_config *conf,
|
struct hostapd_config *conf,
|
||||||
int full_config)
|
int full_config)
|
||||||
{
|
{
|
||||||
|
if (full_config && is_6ghz_op_class(conf->op_class) &&
|
||||||
|
!hostapd_config_check_bss_6g(bss))
|
||||||
|
return -1;
|
||||||
|
|
||||||
if (full_config && bss->ieee802_1x && !bss->eap_server &&
|
if (full_config && bss->ieee802_1x && !bss->eap_server &&
|
||||||
!bss->radius->auth_servers) {
|
!bss->radius->auth_servers) {
|
||||||
wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
|
wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
|
||||||
|
|
Loading…
Reference in New Issue