6515887ed9
wpa_disable_eapol_key_retries can't prevent attacks against the Tunneled Direct-Link Setup (TDLS) handshake. Jouni Malinen suggested that the existing hostapd option tdls_prohibit can be used to further complicate this possibility at the AP side. tdls_prohibit=1 makes hostapd advertise that use of TDLS is not allowed in the BSS. Note: If an attacker manages to lure both TDLS peers into a fake AP, hiding the tdls_prohibit advertisement from them, it might be possible to bypass this protection. Make this option configurable via UCI, but disabled by default. Signed-off-by: Timo Sigurdsson <public_timo.s@silentcreek.de> |
||
---|---|---|
.. | ||
authsae | ||
dnsmasq | ||
dropbear | ||
ead | ||
hostapd | ||
igmpproxy | ||
ipset-dns | ||
lldpd | ||
odhcpd | ||
omcproxy | ||
openvpn | ||
openvpn-easy-rsa | ||
ppp | ||
relayd | ||
samba36 | ||
uhttpd | ||
umdns | ||
wireguard |