wmm:depends({mode="ap"})
wmm:depends({mode="ap-wds"})
wmm.default = wmm.enabled
-
+
ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
ifname.optional = true
end
if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
- -- Probe EAP support as a proxy for determining if 802.11r support is present
- local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
+ -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
+ local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
translate("802.11r Fast Transition"),
ieee80211r:depends({mode="ap", encryption="wpa2"})
ieee80211r:depends({mode="ap-wds", encryption="wpa"})
ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
- if has_ap_eap then
+ if has_80211r then
ieee80211r:depends({mode="ap", encryption="psk"})
ieee80211r:depends({mode="ap", encryption="psk2"})
ieee80211r:depends({mode="ap", encryption="psk-mixed"})
r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
translate("List of R0KHs in the same Mobility Domain. " ..
- "<br>Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
- "<br>This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
+ "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
+ "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
"MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
"used during the Initial Mobility Domain Association."))
r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
translate ("List of R1KHs in the same Mobility Domain. "..
- "<br>Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
- "<br>This list is used to map R1KH-ID to a destination MAC address " ..
+ "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
+ "<br />This list is used to map R1KH-ID to a destination MAC address " ..
"when sending PMK-R1 key from the R0KH. This is also the " ..
"list of authorized R1KHs in the MD that can request PMK-R1 keys."))
r1kh:depends({ieee80211r="1"})
-- ieee802.11w options
if hwtype == "mac80211" then
- ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
- translate("802.11w Management Frame Protection"),
- translate("Requires the 'full' version of wpad/hostapd " ..
- "and support from the wifi driver <br>(as of Feb 2017: " ..
- "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
- ieee80211w.default = "0"
- ieee80211w.rmempty = true
- ieee80211w:value("0", translate("Disabled (default)"))
- ieee80211w:value("1", translate("Optional"))
- ieee80211w:value("2", translate("Required"))
- ieee80211w:depends({mode="ap", encryption="wpa2"})
- ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
- ieee80211w:depends({mode="ap", encryption="psk2"})
- ieee80211w:depends({mode="ap", encryption="psk-mixed"})
- ieee80211w:depends({mode="ap-wds", encryption="psk2"})
- ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
-
- max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
+ local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
+ if has_80211w then
+ ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
+ translate("802.11w Management Frame Protection"),
+ translate("Requires the 'full' version of wpad/hostapd " ..
+ "and support from the wifi driver <br />(as of Feb 2017: " ..
+ "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
+ ieee80211w.default = ""
+ ieee80211w.rmempty = true
+ ieee80211w:value("", translate("Disabled (default)"))
+ ieee80211w:value("1", translate("Optional"))
+ ieee80211w:value("2", translate("Required"))
+ ieee80211w:depends({mode="ap", encryption="wpa2"})
+ ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
+ ieee80211w:depends({mode="ap", encryption="psk2"})
+ ieee80211w:depends({mode="ap", encryption="psk-mixed"})
+ ieee80211w:depends({mode="ap-wds", encryption="psk2"})
+ ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
+
+ max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
translate("802.11w maximum timeout"),
translate("802.11w Association SA Query maximum timeout"))
- max_timeout:depends({ieee80211w="1"})
- max_timeout:depends({ieee80211w="2"})
- max_timeout.datatype = "uinteger"
- max_timeout.placeholder = "1000"
- max_timeout.rmempty = true
+ max_timeout:depends({ieee80211w="1"})
+ max_timeout:depends({ieee80211w="2"})
+ max_timeout.datatype = "uinteger"
+ max_timeout.placeholder = "1000"
+ max_timeout.rmempty = true
- retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
+ retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
translate("802.11w retry timeout"),
translate("802.11w Association SA Query retry timeout"))
- retry_timeout:depends({ieee80211w="1"})
- retry_timeout:depends({ieee80211w="2"})
- retry_timeout.datatype = "uinteger"
- retry_timeout.placeholder = "201"
- retry_timeout.rmempty = true
+ retry_timeout:depends({ieee80211w="1"})
+ retry_timeout:depends({ieee80211w="2"})
+ retry_timeout.datatype = "uinteger"
+ retry_timeout.placeholder = "201"
+ retry_timeout.rmempty = true
+ end
+
+ local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+ translate("Enable key reinstallation (KRACK) countermeasures"),
+ translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+ key_retries:depends({mode="ap", encryption="wpa2"})
+ key_retries:depends({mode="ap", encryption="psk2"})
+ key_retries:depends({mode="ap", encryption="psk-mixed"})
+ key_retries:depends({mode="ap-wds", encryption="wpa2"})
+ key_retries:depends({mode="ap-wds", encryption="psk2"})
+ key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
end
if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
projects / project / luci.git / blobdiff