1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
12 m = Map("wireless", "",
13 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
14 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
15 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
16 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
20 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
24 function m.on_commit(map)
25 local wnet = nw:get_wifinet(arg[1])
26 if ifsection and wnet then
27 ifsection.section = wnet.sid
28 m.title = luci.util.pcdata(wnet:get_i18n())
34 local wnet = nw:get_wifinet(arg[1])
35 local wdev = wnet and wnet:get_device()
37 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
38 if not wnet or not wdev then
39 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
43 -- wireless toggle was requested, commit and reload page
45 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
46 local old_cc = m:get(wdev:name(), "country")
48 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
49 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
50 wnet:set("disabled", nil)
52 wnet:set("disabled", "1")
54 wdev:set("disabled", nil)
57 luci.sys.call("(env -i /bin/ubus call network reload) >/dev/null 2>/dev/null")
59 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
65 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
66 luci.sys.call("iw reg set %q" % new_cc)
67 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
72 m.title = luci.util.pcdata(wnet:get_i18n())
75 local function txpower_list(iw)
76 local list = iw.txpwrlist or { }
77 local off = tonumber(iw.txpower_offset) or 0
81 for _, val in ipairs(list) do
82 local dbm = val.dbm + off
83 local mw = math.floor(10 ^ (dbm / 10))
97 local function txpower_current(pwr, list)
101 for _, item in ipairs(list) do
102 if item.driver_dbm >= pwr then
103 return item.driver_dbm
110 local iw = luci.sys.wifi.getiwinfo(arg[1])
111 local hw_modes = iw.hwmodelist or { }
112 local tx_power_list = txpower_list(iw)
113 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
115 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
118 s:tab("general", translate("General Setup"))
119 s:tab("macfilter", translate("MAC-Filter"))
120 s:tab("advanced", translate("Advanced Settings"))
123 back = s:option(DummyValue, "_overview", translate("Overview"))
125 back.titleref = luci.dispatcher.build_url("admin", "network", "wireless")
128 st = s:taboption("general", DummyValue, "__status", translate("Status"))
129 st.template = "admin_network/wifi_status"
132 en = s:taboption("general", Button, "__toggle")
134 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
135 en.title = translate("Wireless network is disabled")
136 en.inputtitle = translate("Enable")
137 en.inputstyle = "apply"
139 en.title = translate("Wireless network is enabled")
140 en.inputtitle = translate("Disable")
141 en.inputstyle = "reset"
145 local hwtype = wdev:get("type")
148 local nsantenna = wdev:get("antenna")
150 -- Check whether there are client interfaces on the same radio,
151 -- if yes, lock the channel choice as these stations will dicatate the freq
152 local found_sta = nil
154 if wnet:mode() ~= "sta" then
155 for _, net in ipairs(wdev:get_wifinets()) do
156 if net:mode() == "sta" and net:get("disabled") ~= "1" then
157 if not found_sta then
159 found_sta.channel = net:channel()
162 found_sta.names[#found_sta.names+1] = net:shortname()
168 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
169 ch.value = translatef("Locked to channel %s used by: %s",
170 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
172 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
173 ch.hwmodes = hw_modes
174 ch.htmodes = iw.htmodelist
175 ch.freqlist = iw.freqlist
176 ch.template = "cbi/wireless_modefreq"
178 function ch.cfgvalue(self, section)
180 m:get(section, "hwmode") or "",
181 m:get(section, "channel") or "auto",
182 m:get(section, "htmode") or ""
186 function ch.formvalue(self, section)
188 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
189 m:formvalue(self:cbid(section) .. ".channel") or "auto",
190 m:formvalue(self:cbid(section) .. ".htmode") or ""
194 function ch.write(self, section, value)
195 m:set(section, "hwmode", value[1])
196 m:set(section, "channel", value[2])
197 m:set(section, "htmode", value[3])
201 ------------------- MAC80211 Device ------------------
203 if hwtype == "mac80211" then
204 if #tx_power_list > 0 then
205 tp = s:taboption("general", ListValue,
206 "txpower", translate("Transmit Power"), "dBm")
208 tp.default = tx_power_cur
209 function tp.cfgvalue(...)
210 return txpower_current(Value.cfgvalue(...), tx_power_list)
213 tp:value("", translate("auto"))
214 for _, p in ipairs(tx_power_list) do
215 tp:value(p.driver_dbm, "%i dBm (%i mW)"
216 %{ p.display_dbm, p.display_mw })
220 local cl = iw and iw.countrylist
221 if cl and #cl > 0 then
222 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
223 cc.default = tostring(iw and iw.country or "00")
224 for _, c in ipairs(cl) do
225 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
228 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
231 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
232 translate("Distance to farthest network member in meters."))
234 -- external antenna profiles
235 local eal = iw and iw.extant
236 if eal and #eal > 0 then
237 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
238 for _, eap in ipairs(eal) do
239 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
246 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
247 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
251 ------------------- Madwifi Device ------------------
253 if hwtype == "atheros" then
254 tp = s:taboption("general",
255 (#tx_power_list > 0) and ListValue or Value,
256 "txpower", translate("Transmit Power"), "dBm")
259 tp.default = tx_power_cur
261 function tp.cfgvalue(...)
262 return txpower_current(Value.cfgvalue(...), tx_power_list)
265 tp:value("", translate("auto"))
266 for _, p in ipairs(tx_power_list) do
267 tp:value(p.driver_dbm, "%i dBm (%i mW)"
268 %{ p.display_dbm, p.display_mw })
271 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
273 if not nsantenna then
274 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
275 ant1.widget = "radio"
276 ant1.orientation = "horizontal"
277 ant1:depends("diversity", "")
278 ant1:value("0", translate("auto"))
279 ant1:value("1", translate("Antenna 1"))
280 ant1:value("2", translate("Antenna 2"))
282 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
283 ant2.widget = "radio"
284 ant2.orientation = "horizontal"
285 ant2:depends("diversity", "")
286 ant2:value("0", translate("auto"))
287 ant2:value("1", translate("Antenna 1"))
288 ant2:value("2", translate("Antenna 2"))
291 local ant = s:taboption("advanced", ListValue, "antenna", translate("Transmitter Antenna"))
293 ant:value("vertical")
294 ant:value("horizontal")
295 ant:value("external")
298 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
299 translate("Distance to farthest network member in meters."))
300 s:taboption("advanced", Value, "regdomain", translate("Regulatory Domain"))
301 s:taboption("advanced", Value, "country", translate("Country Code"))
302 s:taboption("advanced", Flag, "outdoor", translate("Outdoor Channels"))
304 --s:option(Flag, "nosbeacon", translate("Disable HW-Beacon timer"))
309 ------------------- Broadcom Device ------------------
311 if hwtype == "broadcom" then
312 tp = s:taboption("general",
313 (#tx_power_list > 0) and ListValue or Value,
314 "txpower", translate("Transmit Power"), "dBm")
317 tp.default = tx_power_cur
319 function tp.cfgvalue(...)
320 return txpower_current(Value.cfgvalue(...), tx_power_list)
323 tp:value("", translate("auto"))
324 for _, p in ipairs(tx_power_list) do
325 tp:value(p.driver_dbm, "%i dBm (%i mW)"
326 %{ p.display_dbm, p.display_mw })
329 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
331 mode:value("11b", "2.4GHz (802.11b)")
333 mode:value("11bg", "2.4GHz (802.11b+g)")
337 mode:value("11g", "2.4GHz (802.11g)")
338 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
339 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
341 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
344 mode:value("11ng", "2.4GHz (802.11g+n)")
345 mode:value("11n", "2.4GHz (802.11n)")
348 mode:value("11na", "5GHz (802.11a+n)")
349 mode:value("11n", "5GHz (802.11n)")
351 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
352 htmode:depends("hwmode", "11ng")
353 htmode:depends("hwmode", "11na")
354 htmode:depends("hwmode", "11n")
355 htmode:value("HT20", "20MHz")
356 htmode:value("HT40", "40MHz")
359 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
360 ant1.widget = "radio"
361 ant1:depends("diversity", "")
362 ant1:value("3", translate("auto"))
363 ant1:value("0", translate("Antenna 1"))
364 ant1:value("1", translate("Antenna 2"))
366 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
367 ant2.widget = "radio"
368 ant2:depends("diversity", "")
369 ant2:value("3", translate("auto"))
370 ant2:value("0", translate("Antenna 1"))
371 ant2:value("1", translate("Antenna 2"))
373 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
375 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
376 --s:option(Value, "slottime", translate("Slot time"))
378 s:taboption("advanced", Value, "country", translate("Country Code"))
379 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
383 --------------------- HostAP Device ---------------------
385 if hwtype == "prism2" then
386 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
388 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
390 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
391 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
395 ----------------------- Interface -----------------------
397 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
401 s.defaults.device = wdev:name()
403 s:tab("general", translate("General Setup"))
404 s:tab("encryption", translate("Wireless Security"))
405 s:tab("macfilter", translate("MAC-Filter"))
406 s:tab("advanced", translate("Advanced Settings"))
408 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
409 mode.override_values = true
410 mode:value("ap", translate("Access Point"))
411 mode:value("sta", translate("Client"))
412 mode:value("adhoc", translate("Ad-Hoc"))
414 meshid = s:taboption("general", Value, "mesh_id", translate("Mesh Id"))
415 meshid:depends({mode="mesh"})
417 meshfwd = s:taboption("advanced", Flag, "mesh_fwding", translate("internal forwarding of Mesh-peers"))
418 meshfwd.rmempty = false
419 meshfwd.default = "1"
420 meshfwd:depends({mode="mesh"})
422 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
423 ssid.datatype = "maxlength(32)"
424 ssid:depends({mode="ap"})
425 ssid:depends({mode="sta"})
426 ssid:depends({mode="adhoc"})
427 ssid:depends({mode="ahdemo"})
428 ssid:depends({mode="monitor"})
429 ssid:depends({mode="ap-wds"})
430 ssid:depends({mode="sta-wds"})
431 ssid:depends({mode="wds"})
433 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
435 network = s:taboption("general", Value, "network", translate("Network"),
436 translate("Choose the network(s) you want to attach to this wireless interface or " ..
437 "fill out the <em>create</em> field to define a new network."))
439 network.rmempty = true
440 network.template = "cbi/network_netlist"
441 network.widget = "checkbox"
442 network.novirtual = true
444 function network.write(self, section, value)
445 local i = nw:get_interface(section)
448 value = m:formvalue(self:cbid(section) .. ".newnet")
449 if value and #value > 0 then
450 local n = nw:add_network(value, {proto="none"})
451 if n then n:add_interface(i) end
453 local n = i:get_network()
454 if n then n:del_interface(i) end
458 for _, v in ipairs(i:get_networks()) do
461 for v in ut.imatch(value) do
462 local n = nw:get_network(v)
464 if not n:is_empty() then
465 n:set("type", "bridge")
474 -------------------- MAC80211 Interface ----------------------
476 if hwtype == "mac80211" then
477 if fs.access("/usr/sbin/iw") then
478 mode:value("mesh", "802.11s")
481 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
482 mode:value("monitor", translate("Monitor"))
483 bssid:depends({mode="adhoc"})
484 bssid:depends({mode="sta"})
485 bssid:depends({mode="sta-wds"})
487 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
488 mp:depends({mode="ap"})
489 mp:depends({mode="ap-wds"})
490 mp:value("", translate("disable"))
491 mp:value("allow", translate("Allow listed only"))
492 mp:value("deny", translate("Allow all except listed"))
494 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
495 ml.datatype = "macaddr"
496 ml:depends({macfilter="allow"})
497 ml:depends({macfilter="deny"})
498 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
500 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
501 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
503 function mode.write(self, section, value)
504 if value == "ap-wds" then
505 ListValue.write(self, section, "ap")
506 m.uci:set("wireless", section, "wds", 1)
507 elseif value == "sta-wds" then
508 ListValue.write(self, section, "sta")
509 m.uci:set("wireless", section, "wds", 1)
511 ListValue.write(self, section, value)
512 m.uci:delete("wireless", section, "wds")
516 function mode.cfgvalue(self, section)
517 local mode = ListValue.cfgvalue(self, section)
518 local wds = m.uci:get("wireless", section, "wds") == "1"
520 if mode == "ap" and wds then
522 elseif mode == "sta" and wds then
529 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
530 hidden:depends({mode="ap"})
531 hidden:depends({mode="ap-wds"})
533 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
534 wmm:depends({mode="ap"})
535 wmm:depends({mode="ap-wds"})
536 wmm.default = wmm.enabled
538 isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"), translate("Prevents client-to-client communication"))
539 isolate:depends({mode="ap"})
540 isolate:depends({mode="ap-wds"})
542 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
543 ifname.optional = true
548 -------------------- Madwifi Interface ----------------------
550 if hwtype == "atheros" then
551 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
552 mode:value("monitor", translate("Monitor"))
553 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
554 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
555 mode:value("wds", translate("Static WDS"))
557 function mode.write(self, section, value)
558 if value == "ap-wds" then
559 ListValue.write(self, section, "ap")
560 m.uci:set("wireless", section, "wds", 1)
561 elseif value == "sta-wds" then
562 ListValue.write(self, section, "sta")
563 m.uci:set("wireless", section, "wds", 1)
565 ListValue.write(self, section, value)
566 m.uci:delete("wireless", section, "wds")
570 function mode.cfgvalue(self, section)
571 local mode = ListValue.cfgvalue(self, section)
572 local wds = m.uci:get("wireless", section, "wds") == "1"
574 if mode == "ap" and wds then
576 elseif mode == "sta" and wds then
583 bssid:depends({mode="adhoc"})
584 bssid:depends({mode="ahdemo"})
585 bssid:depends({mode="wds"})
587 wdssep = s:taboption("advanced", Flag, "wdssep", translate("Separate WDS"))
588 wdssep:depends({mode="ap-wds"})
590 s:taboption("advanced", Flag, "doth", "802.11h")
591 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
592 hidden:depends({mode="ap"})
593 hidden:depends({mode="adhoc"})
594 hidden:depends({mode="ap-wds"})
595 hidden:depends({mode="sta-wds"})
596 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
597 translate("Prevents client-to-client communication"))
598 isolate:depends({mode="ap"})
599 s:taboption("advanced", Flag, "bgscan", translate("Background Scan"))
601 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
602 mp:value("", translate("disable"))
603 mp:value("allow", translate("Allow listed only"))
604 mp:value("deny", translate("Allow all except listed"))
606 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
607 ml.datatype = "macaddr"
608 ml:depends({macpolicy="allow"})
609 ml:depends({macpolicy="deny"})
610 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
612 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
613 s:taboption("advanced", Value, "mcast_rate", translate("Multicast Rate"))
614 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
615 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
616 s:taboption("advanced", Value, "minrate", translate("Minimum Rate"))
617 s:taboption("advanced", Value, "maxrate", translate("Maximum Rate"))
618 s:taboption("advanced", Flag, "compression", translate("Compression"))
620 s:taboption("advanced", Flag, "bursting", translate("Frame Bursting"))
621 s:taboption("advanced", Flag, "turbo", translate("Turbo Mode"))
622 s:taboption("advanced", Flag, "ff", translate("Fast Frames"))
624 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
625 s:taboption("advanced", Flag, "xr", translate("XR Support"))
626 s:taboption("advanced", Flag, "ar", translate("AR Support"))
628 local swm = s:taboption("advanced", Flag, "sw_merge", translate("Disable HW-Beacon timer"))
629 swm:depends({mode="adhoc"})
631 local nos = s:taboption("advanced", Flag, "nosbeacon", translate("Disable HW-Beacon timer"))
632 nos:depends({mode="sta"})
633 nos:depends({mode="sta-wds"})
635 local probereq = s:taboption("advanced", Flag, "probereq", translate("Do not send probe responses"))
636 probereq.enabled = "0"
637 probereq.disabled = "1"
641 -------------------- Broadcom Interface ----------------------
643 if hwtype == "broadcom" then
644 mode:value("wds", translate("WDS"))
645 mode:value("monitor", translate("Monitor"))
647 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
648 hidden:depends({mode="ap"})
649 hidden:depends({mode="adhoc"})
650 hidden:depends({mode="wds"})
652 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
653 translate("Prevents client-to-client communication"))
654 isolate:depends({mode="ap"})
656 s:taboption("advanced", Flag, "doth", "802.11h")
657 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
659 bssid:depends({mode="wds"})
660 bssid:depends({mode="adhoc"})
664 ----------------------- HostAP Interface ---------------------
666 if hwtype == "prism2" then
667 mode:value("wds", translate("WDS"))
668 mode:value("monitor", translate("Monitor"))
670 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
671 hidden:depends({mode="ap"})
672 hidden:depends({mode="adhoc"})
673 hidden:depends({mode="wds"})
675 bssid:depends({mode="sta"})
677 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
678 mp:value("", translate("disable"))
679 mp:value("allow", translate("Allow listed only"))
680 mp:value("deny", translate("Allow all except listed"))
681 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
682 ml:depends({macpolicy="allow"})
683 ml:depends({macpolicy="deny"})
684 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
686 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
687 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
688 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
692 ------------------- WiFI-Encryption -------------------
694 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
695 encr.override_values = true
696 encr.override_depends = true
697 encr:depends({mode="ap"})
698 encr:depends({mode="sta"})
699 encr:depends({mode="adhoc"})
700 encr:depends({mode="ahdemo"})
701 encr:depends({mode="ap-wds"})
702 encr:depends({mode="sta-wds"})
703 encr:depends({mode="mesh"})
705 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
706 cipher:depends({encryption="wpa"})
707 cipher:depends({encryption="wpa2"})
708 cipher:depends({encryption="psk"})
709 cipher:depends({encryption="psk2"})
710 cipher:depends({encryption="wpa-mixed"})
711 cipher:depends({encryption="psk-mixed"})
712 cipher:value("auto", translate("auto"))
713 cipher:value("ccmp", translate("Force CCMP (AES)"))
714 cipher:value("tkip", translate("Force TKIP"))
715 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
717 function encr.cfgvalue(self, section)
718 local v = tostring(ListValue.cfgvalue(self, section))
721 elseif v and v:match("%+") then
722 return (v:gsub("%+.+$", ""))
727 function encr.write(self, section, value)
728 local e = tostring(encr:formvalue(section))
729 local c = tostring(cipher:formvalue(section))
730 if value == "wpa" or value == "wpa2" then
731 self.map.uci:delete("wireless", section, "key")
733 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
736 self.map:set(section, "encryption", e)
739 function cipher.cfgvalue(self, section)
740 local v = tostring(ListValue.cfgvalue(encr, section))
741 if v and v:match("%+") then
742 v = v:gsub("^[^%+]+%+", "")
743 if v == "aes" then v = "ccmp"
744 elseif v == "tkip+aes" then v = "tkip+ccmp"
745 elseif v == "aes+tkip" then v = "tkip+ccmp"
746 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
752 function cipher.write(self, section)
753 return encr:write(section)
757 encr:value("none", "No Encryption")
758 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
759 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
761 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
762 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
763 local hostapd = fs.access("/usr/sbin/hostapd")
766 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
767 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
769 if hostapd and supplicant then
770 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
771 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
772 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
773 if has_ap_eap and has_sta_eap then
774 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
775 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
777 elseif hostapd and not supplicant then
778 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
779 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
780 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
782 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
783 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
785 encr.description = translate(
786 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
787 "and ad-hoc mode) to be installed."
789 elseif not hostapd and supplicant then
790 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"})
791 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"})
792 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"})
794 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
795 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
797 encr.description = translate(
798 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
799 "and ad-hoc mode) to be installed."
802 encr.description = translate(
803 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
804 "and ad-hoc mode) to be installed."
807 elseif hwtype == "broadcom" then
808 encr:value("psk", "WPA-PSK")
809 encr:value("psk2", "WPA2-PSK")
810 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
813 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
814 auth_server:depends({mode="ap", encryption="wpa"})
815 auth_server:depends({mode="ap", encryption="wpa2"})
816 auth_server:depends({mode="ap-wds", encryption="wpa"})
817 auth_server:depends({mode="ap-wds", encryption="wpa2"})
818 auth_server.rmempty = true
819 auth_server.datatype = "host(0)"
821 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
822 auth_port:depends({mode="ap", encryption="wpa"})
823 auth_port:depends({mode="ap", encryption="wpa2"})
824 auth_port:depends({mode="ap-wds", encryption="wpa"})
825 auth_port:depends({mode="ap-wds", encryption="wpa2"})
826 auth_port.rmempty = true
827 auth_port.datatype = "port"
829 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
830 auth_secret:depends({mode="ap", encryption="wpa"})
831 auth_secret:depends({mode="ap", encryption="wpa2"})
832 auth_secret:depends({mode="ap-wds", encryption="wpa"})
833 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
834 auth_secret.rmempty = true
835 auth_secret.password = true
837 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
838 acct_server:depends({mode="ap", encryption="wpa"})
839 acct_server:depends({mode="ap", encryption="wpa2"})
840 acct_server:depends({mode="ap-wds", encryption="wpa"})
841 acct_server:depends({mode="ap-wds", encryption="wpa2"})
842 acct_server.rmempty = true
843 acct_server.datatype = "host(0)"
845 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
846 acct_port:depends({mode="ap", encryption="wpa"})
847 acct_port:depends({mode="ap", encryption="wpa2"})
848 acct_port:depends({mode="ap-wds", encryption="wpa"})
849 acct_port:depends({mode="ap-wds", encryption="wpa2"})
850 acct_port.rmempty = true
851 acct_port.datatype = "port"
853 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
854 acct_secret:depends({mode="ap", encryption="wpa"})
855 acct_secret:depends({mode="ap", encryption="wpa2"})
856 acct_secret:depends({mode="ap-wds", encryption="wpa"})
857 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
858 acct_secret.rmempty = true
859 acct_secret.password = true
861 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
862 wpakey:depends("encryption", "psk")
863 wpakey:depends("encryption", "psk2")
864 wpakey:depends("encryption", "psk+psk2")
865 wpakey:depends("encryption", "psk-mixed")
866 wpakey.datatype = "wpakey"
867 wpakey.rmempty = true
868 wpakey.password = true
870 wpakey.cfgvalue = function(self, section, value)
871 local key = m.uci:get("wireless", section, "key")
872 if key == "1" or key == "2" or key == "3" or key == "4" then
878 wpakey.write = function(self, section, value)
879 self.map.uci:set("wireless", section, "key", value)
880 self.map.uci:delete("wireless", section, "key1")
884 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
885 wepslot:depends("encryption", "wep-open")
886 wepslot:depends("encryption", "wep-shared")
887 wepslot:value("1", translatef("Key #%d", 1))
888 wepslot:value("2", translatef("Key #%d", 2))
889 wepslot:value("3", translatef("Key #%d", 3))
890 wepslot:value("4", translatef("Key #%d", 4))
892 wepslot.cfgvalue = function(self, section)
893 local slot = tonumber(m.uci:get("wireless", section, "key"))
894 if not slot or slot < 1 or slot > 4 then
900 wepslot.write = function(self, section, value)
901 self.map.uci:set("wireless", section, "key", value)
906 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
907 wepkey:depends("encryption", "wep-open")
908 wepkey:depends("encryption", "wep-shared")
909 wepkey.datatype = "wepkey"
910 wepkey.rmempty = true
911 wepkey.password = true
913 function wepkey.write(self, section, value)
914 if value and (#value == 5 or #value == 13) then
915 value = "s:" .. value
917 return Value.write(self, section, value)
922 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
924 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
925 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
927 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
928 translate("802.11r Fast Transition"),
929 translate("Enables fast roaming among access points that belong " ..
930 "to the same Mobility Domain"))
931 ieee80211r:depends({mode="ap", encryption="wpa"})
932 ieee80211r:depends({mode="ap", encryption="wpa2"})
933 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
934 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
936 ieee80211r:depends({mode="ap", encryption="psk"})
937 ieee80211r:depends({mode="ap", encryption="psk2"})
938 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
940 ieee80211r.rmempty = true
942 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
943 translate("Used for two different purposes: RADIUS NAS ID and " ..
944 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
945 nasid:depends({mode="ap", encryption="wpa"})
946 nasid:depends({mode="ap", encryption="wpa2"})
947 nasid:depends({mode="ap-wds", encryption="wpa"})
948 nasid:depends({mode="ap-wds", encryption="wpa2"})
949 nasid:depends({ieee80211r="1"})
952 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
953 translate("Mobility Domain"),
954 translate("4-character hexadecimal ID"))
955 mobility_domain:depends({ieee80211r="1"})
956 mobility_domain.placeholder = "4f57"
957 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
958 mobility_domain.rmempty = true
960 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
961 translate("R0 Key Lifetime"), translate("minutes"))
962 r0_key_lifetime:depends({ieee80211r="1"})
963 r0_key_lifetime.placeholder = "10000"
964 r0_key_lifetime.datatype = "uinteger"
965 r0_key_lifetime.rmempty = true
967 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
968 translate("R1 Key Holder"),
969 translate("6-octet identifier as a hex string - no colons"))
970 r1_key_holder:depends({ieee80211r="1"})
971 r1_key_holder.placeholder = "00004f577274"
972 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
973 r1_key_holder.rmempty = true
975 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
976 translate("Reassociation Deadline"),
977 translate("time units (TUs / 1.024 ms) [1000-65535]"))
978 reassociation_deadline:depends({ieee80211r="1"})
979 reassociation_deadline.placeholder = "1000"
980 reassociation_deadline.datatype = "range(1000,65535)"
981 reassociation_deadline.rmempty = true
983 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
984 pmk_r1_push:depends({ieee80211r="1"})
985 pmk_r1_push.placeholder = "0"
986 pmk_r1_push.rmempty = true
988 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
989 translate("List of R0KHs in the same Mobility Domain. " ..
990 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
991 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
992 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
993 "used during the Initial Mobility Domain Association."))
995 r0kh:depends({ieee80211r="1"})
998 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
999 translate ("List of R1KHs in the same Mobility Domain. "..
1000 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
1001 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
1002 "when sending PMK-R1 key from the R0KH. This is also the " ..
1003 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
1004 r1kh:depends({ieee80211r="1"})
1006 -- End of 802.11r options
1008 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
1009 eaptype:value("tls", "TLS")
1010 eaptype:value("ttls", "TTLS")
1011 eaptype:value("peap", "PEAP")
1012 eaptype:value("fast", "FAST")
1013 eaptype:depends({mode="sta", encryption="wpa"})
1014 eaptype:depends({mode="sta", encryption="wpa2"})
1015 eaptype:depends({mode="sta-wds", encryption="wpa"})
1016 eaptype:depends({mode="sta-wds", encryption="wpa2"})
1018 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
1019 cacert:depends({mode="sta", encryption="wpa"})
1020 cacert:depends({mode="sta", encryption="wpa2"})
1021 cacert:depends({mode="sta-wds", encryption="wpa"})
1022 cacert:depends({mode="sta-wds", encryption="wpa2"})
1023 cacert.rmempty = true
1025 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
1026 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
1027 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1028 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1029 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1031 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
1032 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1033 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
1034 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1035 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1037 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
1038 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1039 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
1040 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1041 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1042 privkeypwd.rmempty = true
1043 privkeypwd.password = true
1045 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
1046 auth:value("PAP", "PAP", {eap_type="ttls"})
1047 auth:value("CHAP", "CHAP", {eap_type="ttls"})
1048 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
1049 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
1050 auth:value("EAP-GTC")
1051 auth:value("EAP-MD5")
1052 auth:value("EAP-MSCHAPV2")
1053 auth:value("EAP-TLS")
1054 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1055 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
1056 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1057 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
1058 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1059 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1060 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1061 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1062 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1063 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1064 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1065 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1067 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
1068 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1069 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1070 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1071 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1073 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
1074 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1075 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1076 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1077 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1079 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
1080 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1081 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1082 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1083 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1085 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
1086 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1087 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1088 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1089 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1090 privkeypwd2.rmempty = true
1091 privkeypwd2.password = true
1093 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
1094 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1095 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1096 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1097 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1098 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1099 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1100 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1101 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1102 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1103 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1104 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1105 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1106 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1107 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1108 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1109 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1111 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
1112 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1113 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1114 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1115 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1116 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1117 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1118 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1119 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1120 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1121 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1122 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1123 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1124 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1125 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1126 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1127 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1129 password = s:taboption("encryption", Value, "password", translate("Password"))
1130 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1131 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
1132 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1133 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
1134 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1135 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1136 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1137 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1138 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1139 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1140 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1141 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1142 password.rmempty = true
1143 password.password = true
1146 -- ieee802.11w options
1147 if hwtype == "mac80211" then
1148 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
1150 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
1151 translate("802.11w Management Frame Protection"),
1152 translate("Requires the 'full' version of wpad/hostapd " ..
1153 "and support from the wifi driver <br />(as of Feb 2017: " ..
1154 "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
1155 ieee80211w.default = ""
1156 ieee80211w.rmempty = true
1157 ieee80211w:value("", translate("Disabled (default)"))
1158 ieee80211w:value("1", translate("Optional"))
1159 ieee80211w:value("2", translate("Required"))
1160 ieee80211w:depends({mode="ap", encryption="wpa2"})
1161 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
1162 ieee80211w:depends({mode="ap", encryption="psk2"})
1163 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
1164 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
1165 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1167 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1168 translate("802.11w maximum timeout"),
1169 translate("802.11w Association SA Query maximum timeout"))
1170 max_timeout:depends({ieee80211w="1"})
1171 max_timeout:depends({ieee80211w="2"})
1172 max_timeout.datatype = "uinteger"
1173 max_timeout.placeholder = "1000"
1174 max_timeout.rmempty = true
1176 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1177 translate("802.11w retry timeout"),
1178 translate("802.11w Association SA Query retry timeout"))
1179 retry_timeout:depends({ieee80211w="1"})
1180 retry_timeout:depends({ieee80211w="2"})
1181 retry_timeout.datatype = "uinteger"
1182 retry_timeout.placeholder = "201"
1183 retry_timeout.rmempty = true
1186 local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
1187 translate("Enable key reinstallation (KRACK) countermeasures"),
1188 translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
1190 key_retries:depends({mode="ap", encryption="wpa2"})
1191 key_retries:depends({mode="ap", encryption="psk2"})
1192 key_retries:depends({mode="ap", encryption="psk-mixed"})
1193 key_retries:depends({mode="ap-wds", encryption="wpa2"})
1194 key_retries:depends({mode="ap-wds", encryption="psk2"})
1195 key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
1198 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
1199 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1200 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1201 if hostcli and wpasupplicant then
1202 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1206 wps:depends("encryption", "psk")
1207 wps:depends("encryption", "psk2")
1208 wps:depends("encryption", "psk-mixed")