luci-mod-admin-full: wifi: expose "wpa_disable_eapol_key_retries" option

[project/luci.git] / modules / luci-mod-admin-full / luasrc / model / cbi / admin_network / wifi.lua

diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index f431c26..e4f512b 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -1018,6 +1018,17 @@ if hwtype == "mac80211" then
                retry_timeout.placeholder = "201"
                retry_timeout.rmempty = true
        end
+
+       local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+               translate("Enable key reinstallation (KRACK) countermeasures"),
+               translate("Works around key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+       key_retries:depends({mode="ap", encryption="wpa2"})
+       key_retries:depends({mode="ap", encryption="psk2"})
+       key_retries:depends({mode="ap", encryption="psk-mixed"})
+       key_retries:depends({mode="ap-wds", encryption="wpa2"})
+       key_retries:depends({mode="ap-wds", encryption="psk2"})
+       key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
 end
 
 if hwtype == "mac80211" or hwtype == "prism2" then