hostapd: enable compilation of OCV and add build feature discovery

Operating Channel Validation (OCV) is a security feature designed to prevent person-in-the-middle multi-channel attacks. Compile the -basic and -full variants of hostapd with this feature, and enable discovery of this feature for future luci integration. OCV can be configured by setting ocv equal to one of the following values in the wireless config: 0 = disabled (hostapd/wpa_supplicant default) 1 = enabled 2 = enabled in workaround mode - Allow STA that claims OCV capability to connect even if the STA doesn't send OCI or negotiate PMF. Signed-off-by: Michael Yartys <michael.yartys@protonmail.com>
musashino-build · Jul 3, 2022 · f60628f · f60628f
1 parent 90a6350
commit f60628f
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/package/network/services/hostapd/files/hostapd-basic.config b/package/network/services/hostapd/files/hostapd-basic.config
@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Integrated EAP server
 #CONFIG_EAP=y

diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
@@ -54,7 +54,7 @@ CONFIG_RSN_PREAUTH=y
 #CONFIG_IEEE80211W=y
 
 # Support Operating Channel Validation
-#CONFIG_OCV=y
+CONFIG_OCV=y
 
 # Integrated EAP server
 CONFIG_EAP=y

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
@@ -372,6 +372,8 @@ hostapd_common_add_bss_config() {
 
 	config_add_boolean fils
 	config_add_string fils_dhcp
+
+	config_add_int ocv
 }
 
 hostapd_set_vlan_file() {
@@ -544,7 +546,7 @@ hostapd_set_bss_options() {
 		airtime_bss_weight airtime_bss_limit airtime_sta_weight \
 		multicast_to_unicast proxy_arp per_sta_vif \
 		eap_server eap_user_file ca_cert server_cert private_key private_key_passwd server_id \
-		vendor_elements fils
+		vendor_elements fils ocv
 
 	set_default fils 0
 	set_default isolate 0
@@ -617,6 +619,8 @@ hostapd_set_bss_options() {
 		json_for_each_item append_radius_acct_req_attr radius_acct_req_attr
 	}
 
+	[ -n "$ocv" ] && append bss_conf "ocv=$ocv" "$N"
+
 	case "$auth_type" in
 		sae|owe|eap192|eap-eap192)
 			set_default ieee80211w 2

diff --git a/package/network/services/hostapd/src/src/utils/build_features.h b/package/network/services/hostapd/src/src/utils/build_features.h
@@ -54,6 +54,10 @@ static inline int has_feature(const char *feat)
 #ifdef CONFIG_FILS
 	if (!strcmp(feat, "fils"))
 		return 1;
+#endif
+#ifdef CONFIG_OCV
+	if (!strcmp(feat, "ocv"))
+		return 1;
 #endif
 	return 0;
 }