mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-17 18:34:03 -05:00
Make it clearer that ap_scan=2 mode should not be used with nl80211
Add more details into configuration comments and a runtime info message if ap_scan=2 is used with the nl80211 driver interface. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
d188367148
commit
8406cd3515
@ -406,6 +406,11 @@ struct wpa_config {
|
||||
* one by one until the driver reports successful association; each
|
||||
* network block should have explicit security policy (i.e., only one
|
||||
* option in the lists) for key_mgmt, pairwise, group, proto variables.
|
||||
*
|
||||
* Note: ap_scan=2 should not be used with the nl80211 driver interface
|
||||
* (the current Linux interface). ap_scan=1 is optimized work working
|
||||
* with nl80211. For finding networks using hidden SSID, scan_ssid=1 in
|
||||
* the network block can be used with nl80211.
|
||||
*/
|
||||
int ap_scan;
|
||||
|
||||
|
@ -225,7 +225,9 @@ struct wpa_ssid {
|
||||
*
|
||||
* scan_ssid can be used to scan for APs using hidden SSIDs.
|
||||
* Note: Many drivers do not support this. ap_mode=2 can be used with
|
||||
* such drivers to use hidden SSIDs.
|
||||
* such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers
|
||||
* do support scan_ssid=1 and that should be used with them instead of
|
||||
* ap_scan=2.
|
||||
*/
|
||||
int scan_ssid;
|
||||
|
||||
|
@ -2790,6 +2790,11 @@ int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
|
||||
if (ap_scan < 0 || ap_scan > 2)
|
||||
return -1;
|
||||
|
||||
if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
|
||||
}
|
||||
|
||||
#ifdef ANDROID
|
||||
if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
|
||||
wpa_s->wpa_state >= WPA_ASSOCIATING &&
|
||||
@ -3295,6 +3300,12 @@ int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
|
||||
}
|
||||
}
|
||||
|
||||
if (wpa_s->conf->ap_scan == 2 &&
|
||||
os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
|
||||
}
|
||||
|
||||
wpa_clear_keys(wpa_s, NULL);
|
||||
|
||||
/* Make sure that TKIP countermeasures are not left enabled (could
|
||||
|
@ -108,6 +108,10 @@ eapol_version=1
|
||||
# the driver reports successful association; each network block should have
|
||||
# explicit security policy (i.e., only one option in the lists) for
|
||||
# key_mgmt, pairwise, group, proto variables
|
||||
# Note: ap_scan=2 should not be used with the nl80211 driver interface (the
|
||||
# current Linux interface). ap_scan=1 is optimized work working with nl80211.
|
||||
# For finding networks using hidden SSID, scan_ssid=1 in the network block can
|
||||
# be used with nl80211.
|
||||
# When using IBSS or AP mode, ap_scan=2 mode can force the new network to be
|
||||
# created immediately regardless of scan results. ap_scan=1 mode will first try
|
||||
# to scan for existing networks and only if no matches with the enabled
|
||||
|
Loading…
Reference in New Issue
Block a user