set ieee80211w to optional in hostapd config set ieee80211w=1 config item in the hostapd config file. This is to enable IEEE 802.11 management frame protection feature optional on SoftAp interface. This is mainly to prevent denial of service when an attacker sends deauthentication frames to the clients connected to the SoftAp. Bug: 197874458 Test: Connected STAs to Pixel SofAp and confirmed from the sniffer logs that PMF capabilities are exchanged and the required management frames are protected. Change-Id: Ia773b79a65771a7b53c561ed2601f02aee82f0ea

commit: b3580db65eef0ef8fa932815e36e773e02824b0e [log] [tgz]
author: Sunil Ravi <sunilravi@google.com> Fri Jan 28 12:25:46 2022 -0800
committer: Sunil Ravi <sunilravi@google.com> Fri Jan 28 12:25:46 2022 -0800
tree: 6da3009503d63e775a1516cbb99d42482ac0be68
parent: aefbe888b908daffd53b2ead24dc0dc32b82a60a [diff] [blame]
diff --git a/hostapd/aidl/hostapd.cpp b/hostapd/aidl/hostapd.cpp
index 7874785..9e23247 100644
--- a/hostapd/aidl/hostapd.cpp
+++ b/hostapd/aidl/hostapd.cpp

@@ -355,6 +355,9 @@
 		encryption_config_as_string = StringPrintf(
 			"wpa=2\n"
 			"rsn_pairwise=%s\n"
+#ifdef ENABLE_HOSTAPD_CONFIG_80211W_MFP_OPTIONAL
+			"ieee80211w=1\n"
+#endif
 			"wpa_passphrase=%s",
 			is_60Ghz_band_only ? "GCMP" : "CCMP",
 			nw_params.passphrase.c_str());
commit	b3580db65eef0ef8fa932815e36e773e02824b0e	[log] [tgz]
author	Sunil Ravi <sunilravi@google.com>	Fri Jan 28 12:25:46 2022 -0800
committer	Sunil Ravi <sunilravi@google.com>	Fri Jan 28 12:25:46 2022 -0800
tree	6da3009503d63e775a1516cbb99d42482ac0be68
parent	aefbe888b908daffd53b2ead24dc0dc32b82a60a [diff] [blame]