From 9a22315ca45a9a52670405bf422043ec97e68e54 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@openwrt.org>
Date: Tue, 6 Aug 2013 18:55:30 +0000
Subject: hostapd: Settings for DAE/CoA server

hostapd supports "Dynamic Authorization Extensions", making it possible
to forcibly disconnect a user by sending it a RADIUS "Disconnect-Request"
packet.

I've added three new variables to enable setting of the
"radius_das_client" and "radius_das_port" variables in the hostapd
configuration, which enable these extensions.

* dae_client - IP of the client that can send disconnect requests
* dae_secret - shared secret for DAE packets

These are combined into the "radius_das_client" option in hostapd.conf
To enable the server, both dae_client and dae_secret must be set.

* dae_port - optional, default value is 3799 as specified in RFC 5176

Signed-off-by: Martijn van de Streek <martijn@vandestreek.net>

SVN-Revision: 37734
---
 package/network/services/hostapd/files/hostapd.sh | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'package/network')

diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh
index 94f75c1..e25e870 100644
--- a/package/network/services/hostapd/files/hostapd.sh
+++ b/package/network/services/hostapd/files/hostapd.sh
@@ -108,6 +108,13 @@ hostapd_set_bss_options() {
 			[ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N"
 			config_get acct_secret "$vif" acct_secret
 			[ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N"
+			config_get dae_client "$vif" dae_client
+			config_get dae_secret "$vif" dae_secret
+			[ -n "$dae_client" -a -n "$dae_secret" ] && {
+				config_get dae_port  "$vif" dae_port
+				append "$var" "radius_das_port=${dae_port:-3799}" "$N"
+				append "$var" "radius_das_client=$dae_client $dae_secret" "$N"
+			}
 			config_get nasid "$vif" nasid
 			append "$var" "nas_identifier=$nasid" "$N"
 			append "$var" "eapol_key_index_workaround=1" "$N"
-- 
cgit v1.1