RDKB-63887 MFPConfig is not set to "Optional" on all secure vAPs using WPA2-Personal by default when FeatureMFPConfig is enabled.#1117
Open
Sneha3821 wants to merge 22 commits intordkcentral:developfrom
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates default PMF/MFP handling so secure VAPs using WPA2-Personal default to MFP Optional (aligned with RDKB-63887) across multiple configuration/translation layers.
Changes:
- Set WPA2-Personal MFP default to
Optionalin OVSDB translation and multidoc webconfig decoding. - Update TR-181 DML security mode handling so switching to WPA2-Personal sets MFP to
Optional. - Minor whitespace/formatting cleanups in webconfig encoder/decoder code.
Reviewed changes
Copilot reviewed 4 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| source/webconfig/wifi_ovsdb_translator.c | Makes WPA2-Personal map to wifi_mfp_cfg_optional in MFP inference logic. |
| source/webconfig/wifi_encoder.c | Minor formatting change at file end (#endif). |
| source/webconfig/wifi_decoder.c | Removes an extra blank line (no functional change). |
| source/dml/tr_181/ml/cosa_wifi_dml.c | Sets WPA2-Personal default MFP to Optional when changing ModeEnabled. |
| source/core/wifi_multidoc_webconfig.c | Defaults WPA2-Personal MFP to Optional and improves MFPConfig parsing/validation behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.
Comments suppressed due to low confidence (1)
source/core/wifi_multidoc_webconfig.c:501
MFPConfigfrom the blob is now parsed for all VAPs and directly applied, but there is no follow-up validation that the resulting MFP setting is compatible with the selected security mode (e.g., WPA3-Personal/Enterprise and Enhanced-Open require PMF/MFP = Required; WPA3-Transition requires Optional; WPA3-Compatibility has band-dependent rules). This can allow invalid combinations to be accepted and later cause configuration failures. Add a mode-aware validation step after parsingMFPConfig(similar to the checks insource/webconfig/wifi_decoder.cfor webconfig) and reject/override invalid values.
if (!strcmp(value, "Disabled")) {
vap_info->u.bss_info.security.mfp = wifi_mfp_cfg_disabled;
} else if (!strcmp(value, "Optional")) {
vap_info->u.bss_info.security.mfp = wifi_mfp_cfg_optional;
} else if (!strcmp(value, "Required")) {
vap_info->u.bss_info.security.mfp = wifi_mfp_cfg_required;
} else {
Comment on lines
9330
to
+9337
| case wifi_security_mode_wpa_personal: | ||
| l_security_cfg->u.key.type = wifi_security_key_type_psk; | ||
| l_security_cfg->mfp = wifi_mfp_cfg_disabled; | ||
| break; | ||
| case wifi_security_mode_wpa2_personal: | ||
| l_security_cfg->u.key.type = wifi_security_key_type_psk; | ||
| l_security_cfg->mfp = wifi_mfp_cfg_optional; | ||
| break; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
RDKB-63887 MFPConfig is not set to "Optional" on all secure vAPs using WPA2-Personal by default when FeatureMFPConfig is enabled.
Reason For Change: WPA2personal should have mfp as optional
Test Procedure:
dmcli eRT getv Device.WiFi.FeatureMFPConfigdmcli eRT setv Device.WiFi.AccessPoint.1.Security.ModeEnabled string "WPA2-Personal"dmcli eRT setv Device.WiFi.ApplyAccessPointSettings bool 1dmcli eRT getv Device.WiFi.AccessPoint.1.Security.MFPConfigPriority: P1
Risks: Low
Signed-off-by: Sneha Kannan , sneha_kannan@comcast.com