From: Markus Theil <theil.markus@xxxxxxxxx>
Currently, NetworkManager sends ieee80211w=1 for every connection,
if wpa_supplicant has pmf support enabled/compiled in. If the used
NIC does not support BIP ciphers, adding the IGTK fails.
This patch circumvents this, by ignoring ieee80211w=1 (optional MFP)
if hardware support is not given. Making NetworkManager aware of
per-interface MFP support would be the cleaner solution of course.
Signed-off-by: Markus Theil <theil.markus@xxxxxxxxx>
---
wpa_supplicant/wpa_supplicant.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index b990e94ad..5c9173fd2 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -6828,7 +6828,9 @@ int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
#ifdef CONFIG_IEEE80211W
- if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
+ if (ssid == NULL ||
+ ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ||
+ ssid->ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL) {
if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
!(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
/*
--
2.20.1
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
