From: Markus Theil <theil.markus@xxxxxxxxx> Currently, NetworkManager sends ieee80211w=1 for every connection, if wpa_supplicant has pmf support enabled/compiled in. If the used NIC does not support BIP ciphers, adding the IGTK fails. This patch circumvents this, by ignoring ieee80211w=1 (optional MFP) if hardware support is not given. Making NetworkManager aware of per-interface MFP support would be the cleaner solution of course. Signed-off-by: Markus Theil <theil.markus@xxxxxxxxx> --- wpa_supplicant/wpa_supplicant.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index b990e94ad..5c9173fd2 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -6828,7 +6828,9 @@ int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) { #ifdef CONFIG_IEEE80211W - if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) { + if (ssid == NULL || + ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT || + ssid->ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL) { if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL && !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) { /* -- 2.20.1 _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap