mirror/openwrt
1
0
Fork 1
mirror of https://git.openwrt.org/openwrt/openwrt.git synced 2026-01-31 18:23:17 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
openwrt/package/network
History
Timo Sigurdsson 19ebc19f54 hostapd: Expose the tdls_prohibit option to UCI 
wpa_disable_eapol_key_retries can't prevent attacks against the
Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested
that the existing hostapd option tdls_prohibit can be used to further
complicate this possibility at the AP side. tdls_prohibit=1 makes
hostapd advertise that use of TDLS is not allowed in the BSS.

Note: If an attacker manages to lure both TDLS peers into a fake
AP, hiding the tdls_prohibit advertisement from them, it might be
possible to bypass this protection.

Make this option configurable via UCI, but disabled by default.

Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de>
(cherry picked from commit 6515887ed9)
2017-12-07 19:42:30 +01:00
..
config treewide: fix shellscript syntax errors/typos 2017-09-13 08:07:39 +02:00
ipv6 dhcpv6: add missing dollar sign in dhcpv6 script (FS#874) 2017-06-29 10:02:14 +02:00
services hostapd: Expose the tdls_prohibit option to UCI 2017-12-07 19:42:30 +01:00
utils curl: apply CVE 2017-8816 and 2017-8817 security patches 2017-12-04 11:10:31 +01:00