1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
12 m = Map("wireless", "",
13 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
14 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
15 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
16 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
20 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
24 function m.on_commit(map)
25 local wnet = nw:get_wifinet(arg[1])
26 if ifsection and wnet then
27 ifsection.section = wnet.sid
28 m.title = luci.util.pcdata(wnet:get_i18n())
34 local wnet = nw:get_wifinet(arg[1])
35 local wdev = wnet and wnet:get_device()
37 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
38 if not wnet or not wdev then
39 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
43 -- wireless toggle was requested, commit and reload page
45 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
46 local old_cc = m:get(wdev:name(), "country")
48 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
49 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
50 wnet:set("disabled", nil)
52 wnet:set("disabled", "1")
54 wdev:set("disabled", nil)
57 luci.sys.call("(env -i /bin/ubus call network reload) >/dev/null 2>/dev/null")
59 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
65 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
66 luci.sys.call("iw reg set %q" % new_cc)
67 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
72 m.title = luci.util.pcdata(wnet:get_i18n())
75 local function txpower_list(iw)
76 local list = iw.txpwrlist or { }
77 local off = tonumber(iw.txpower_offset) or 0
81 for _, val in ipairs(list) do
82 local dbm = val.dbm + off
83 local mw = math.floor(10 ^ (dbm / 10))
97 local function txpower_current(pwr, list)
101 for _, item in ipairs(list) do
102 if item.driver_dbm >= pwr then
103 return item.driver_dbm
110 local iw = luci.sys.wifi.getiwinfo(arg[1])
111 local hw_modes = iw.hwmodelist or { }
112 local tx_power_list = txpower_list(iw)
113 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
115 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
118 s:tab("general", translate("General Setup"))
119 s:tab("macfilter", translate("MAC-Filter"))
120 s:tab("advanced", translate("Advanced Settings"))
123 back = s:option(DummyValue, "_overview", translate("Overview"))
125 back.titleref = luci.dispatcher.build_url("admin", "network", "wireless")
128 st = s:taboption("general", DummyValue, "__status", translate("Status"))
129 st.template = "admin_network/wifi_status"
132 en = s:taboption("general", Button, "__toggle")
134 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
135 en.title = translate("Wireless network is disabled")
136 en.inputtitle = translate("Enable")
137 en.inputstyle = "apply"
139 en.title = translate("Wireless network is enabled")
140 en.inputtitle = translate("Disable")
141 en.inputstyle = "reset"
145 local hwtype = wdev:get("type")
148 local nsantenna = wdev:get("antenna")
150 -- Check whether there are client interfaces on the same radio,
151 -- if yes, lock the channel choice as these stations will dicatate the freq
152 local found_sta = nil
154 if wnet:mode() ~= "sta" then
155 for _, net in ipairs(wdev:get_wifinets()) do
156 if net:mode() == "sta" and net:get("disabled") ~= "1" then
157 if not found_sta then
159 found_sta.channel = net:channel()
162 found_sta.names[#found_sta.names+1] = net:shortname()
168 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
169 ch.value = translatef("Locked to channel %s used by: %s",
170 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
172 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
173 ch.hwmodes = hw_modes
174 ch.htmodes = iw.htmodelist
175 ch.freqlist = iw.freqlist
176 ch.template = "cbi/wireless_modefreq"
178 function ch.cfgvalue(self, section)
180 m:get(section, "hwmode") or "",
181 m:get(section, "channel") or "auto",
182 m:get(section, "htmode") or ""
186 function ch.formvalue(self, section)
188 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
189 m:formvalue(self:cbid(section) .. ".channel") or "auto",
190 m:formvalue(self:cbid(section) .. ".htmode") or ""
194 function ch.write(self, section, value)
195 m:set(section, "hwmode", value[1])
196 m:set(section, "channel", value[2])
197 m:set(section, "htmode", value[3])
201 ------------------- MAC80211 Device ------------------
203 if hwtype == "mac80211" then
204 if #tx_power_list > 0 then
205 tp = s:taboption("general", ListValue,
206 "txpower", translate("Transmit Power"), "dBm")
208 tp.default = tx_power_cur
209 function tp.cfgvalue(...)
210 return txpower_current(Value.cfgvalue(...), tx_power_list)
213 tp:value("", translate("auto"))
214 for _, p in ipairs(tx_power_list) do
215 tp:value(p.driver_dbm, "%i dBm (%i mW)"
216 %{ p.display_dbm, p.display_mw })
220 local cl = iw and iw.countrylist
221 if cl and #cl > 0 then
222 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
223 cc.default = tostring(iw and iw.country or "00")
224 for _, c in ipairs(cl) do
225 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
228 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
231 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
232 translate("Distance to farthest network member in meters."))
234 -- external antenna profiles
235 local eal = iw and iw.extant
236 if eal and #eal > 0 then
237 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
238 for _, eap in ipairs(eal) do
239 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
246 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
247 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
251 ------------------- Broadcom Device ------------------
253 if hwtype == "broadcom" then
254 tp = s:taboption("general",
255 (#tx_power_list > 0) and ListValue or Value,
256 "txpower", translate("Transmit Power"), "dBm")
259 tp.default = tx_power_cur
261 function tp.cfgvalue(...)
262 return txpower_current(Value.cfgvalue(...), tx_power_list)
265 tp:value("", translate("auto"))
266 for _, p in ipairs(tx_power_list) do
267 tp:value(p.driver_dbm, "%i dBm (%i mW)"
268 %{ p.display_dbm, p.display_mw })
271 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
273 mode:value("11b", "2.4GHz (802.11b)")
275 mode:value("11bg", "2.4GHz (802.11b+g)")
279 mode:value("11g", "2.4GHz (802.11g)")
280 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
281 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
283 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
286 mode:value("11ng", "2.4GHz (802.11g+n)")
287 mode:value("11n", "2.4GHz (802.11n)")
290 mode:value("11na", "5GHz (802.11a+n)")
291 mode:value("11n", "5GHz (802.11n)")
293 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
294 htmode:depends("hwmode", "11ng")
295 htmode:depends("hwmode", "11na")
296 htmode:depends("hwmode", "11n")
297 htmode:value("HT20", "20MHz")
298 htmode:value("HT40", "40MHz")
301 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
302 ant1.widget = "radio"
303 ant1:depends("diversity", "")
304 ant1:value("3", translate("auto"))
305 ant1:value("0", translate("Antenna 1"))
306 ant1:value("1", translate("Antenna 2"))
308 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
309 ant2.widget = "radio"
310 ant2:depends("diversity", "")
311 ant2:value("3", translate("auto"))
312 ant2:value("0", translate("Antenna 1"))
313 ant2:value("1", translate("Antenna 2"))
315 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
317 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
318 --s:option(Value, "slottime", translate("Slot time"))
320 s:taboption("advanced", Value, "country", translate("Country Code"))
321 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
325 --------------------- HostAP Device ---------------------
327 if hwtype == "prism2" then
328 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
330 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
332 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
333 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
337 ----------------------- Interface -----------------------
339 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
343 s.defaults.device = wdev:name()
345 s:tab("general", translate("General Setup"))
346 s:tab("encryption", translate("Wireless Security"))
347 s:tab("macfilter", translate("MAC-Filter"))
348 s:tab("advanced", translate("Advanced Settings"))
350 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
351 ssid.datatype = "maxlength(32)"
353 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
354 mode.override_values = true
355 mode:value("ap", translate("Access Point"))
356 mode:value("sta", translate("Client"))
357 mode:value("adhoc", translate("Ad-Hoc"))
359 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
361 network = s:taboption("general", Value, "network", translate("Network"),
362 translate("Choose the network(s) you want to attach to this wireless interface or " ..
363 "fill out the <em>create</em> field to define a new network."))
365 network.rmempty = true
366 network.template = "cbi/network_netlist"
367 network.widget = "checkbox"
368 network.novirtual = true
370 function network.write(self, section, value)
371 local i = nw:get_interface(section)
374 value = m:formvalue(self:cbid(section) .. ".newnet")
375 if value and #value > 0 then
376 local n = nw:add_network(value, {proto="none"})
377 if n then n:add_interface(i) end
379 local n = i:get_network()
380 if n then n:del_interface(i) end
384 for _, v in ipairs(i:get_networks()) do
387 for v in ut.imatch(value) do
388 local n = nw:get_network(v)
390 if not n:is_empty() then
391 n:set("type", "bridge")
400 -------------------- MAC80211 Interface ----------------------
402 if hwtype == "mac80211" then
403 if fs.access("/usr/sbin/iw") then
404 mode:value("mesh", "802.11s")
407 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
408 mode:value("monitor", translate("Monitor"))
409 bssid:depends({mode="adhoc"})
410 bssid:depends({mode="sta"})
411 bssid:depends({mode="sta-wds"})
413 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
414 mp:depends({mode="ap"})
415 mp:depends({mode="ap-wds"})
416 mp:value("", translate("disable"))
417 mp:value("allow", translate("Allow listed only"))
418 mp:value("deny", translate("Allow all except listed"))
420 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
421 ml.datatype = "macaddr"
422 ml:depends({macfilter="allow"})
423 ml:depends({macfilter="deny"})
424 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
426 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
427 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
429 function mode.write(self, section, value)
430 if value == "ap-wds" then
431 ListValue.write(self, section, "ap")
432 m.uci:set("wireless", section, "wds", 1)
433 elseif value == "sta-wds" then
434 ListValue.write(self, section, "sta")
435 m.uci:set("wireless", section, "wds", 1)
437 ListValue.write(self, section, value)
438 m.uci:delete("wireless", section, "wds")
442 function mode.cfgvalue(self, section)
443 local mode = ListValue.cfgvalue(self, section)
444 local wds = m.uci:get("wireless", section, "wds") == "1"
446 if mode == "ap" and wds then
448 elseif mode == "sta" and wds then
455 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
456 hidden:depends({mode="ap"})
457 hidden:depends({mode="ap-wds"})
459 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
460 wmm:depends({mode="ap"})
461 wmm:depends({mode="ap-wds"})
462 wmm.default = wmm.enabled
464 isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"),
465 translate("Prevents client-to-client communication"))
466 isolate:depends({mode="ap"})
467 isolate:depends({mode="ap-wds"})
469 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
470 ifname.optional = true
474 -------------------- Broadcom Interface ----------------------
476 if hwtype == "broadcom" then
477 mode:value("wds", translate("WDS"))
478 mode:value("monitor", translate("Monitor"))
480 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
481 hidden:depends({mode="ap"})
482 hidden:depends({mode="adhoc"})
483 hidden:depends({mode="wds"})
485 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
486 translate("Prevents client-to-client communication"))
487 isolate:depends({mode="ap"})
489 s:taboption("advanced", Flag, "doth", "802.11h")
490 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
492 bssid:depends({mode="wds"})
493 bssid:depends({mode="adhoc"})
497 ----------------------- HostAP Interface ---------------------
499 if hwtype == "prism2" then
500 mode:value("wds", translate("WDS"))
501 mode:value("monitor", translate("Monitor"))
503 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
504 hidden:depends({mode="ap"})
505 hidden:depends({mode="adhoc"})
506 hidden:depends({mode="wds"})
508 bssid:depends({mode="sta"})
510 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
511 mp:value("", translate("disable"))
512 mp:value("allow", translate("Allow listed only"))
513 mp:value("deny", translate("Allow all except listed"))
514 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
515 ml:depends({macpolicy="allow"})
516 ml:depends({macpolicy="deny"})
517 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
519 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
520 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
521 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
525 ------------------- WiFI-Encryption -------------------
527 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
528 encr.override_values = true
529 encr.override_depends = true
530 encr:depends({mode="ap"})
531 encr:depends({mode="sta"})
532 encr:depends({mode="adhoc"})
533 encr:depends({mode="ahdemo"})
534 encr:depends({mode="ap-wds"})
535 encr:depends({mode="sta-wds"})
536 encr:depends({mode="mesh"})
538 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
539 cipher:depends({encryption="wpa"})
540 cipher:depends({encryption="wpa2"})
541 cipher:depends({encryption="psk"})
542 cipher:depends({encryption="psk2"})
543 cipher:depends({encryption="wpa-mixed"})
544 cipher:depends({encryption="psk-mixed"})
545 cipher:value("auto", translate("auto"))
546 cipher:value("ccmp", translate("Force CCMP (AES)"))
547 cipher:value("tkip", translate("Force TKIP"))
548 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
550 function encr.cfgvalue(self, section)
551 local v = tostring(ListValue.cfgvalue(self, section))
554 elseif v and v:match("%+") then
555 return (v:gsub("%+.+$", ""))
560 function encr.write(self, section, value)
561 local e = tostring(encr:formvalue(section))
562 local c = tostring(cipher:formvalue(section))
563 if value == "wpa" or value == "wpa2" then
564 self.map.uci:delete("wireless", section, "key")
566 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
569 self.map:set(section, "encryption", e)
572 function cipher.cfgvalue(self, section)
573 local v = tostring(ListValue.cfgvalue(encr, section))
574 if v and v:match("%+") then
575 v = v:gsub("^[^%+]+%+", "")
576 if v == "aes" then v = "ccmp"
577 elseif v == "tkip+aes" then v = "tkip+ccmp"
578 elseif v == "aes+tkip" then v = "tkip+ccmp"
579 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
585 function cipher.write(self, section)
586 return encr:write(section)
590 encr:value("none", "No Encryption")
591 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
592 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
594 if hwtype == "mac80211" or hwtype == "prism2" then
595 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
596 local hostapd = fs.access("/usr/sbin/hostapd")
599 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
600 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
602 if hostapd and supplicant then
603 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
604 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
605 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
606 if has_ap_eap and has_sta_eap then
607 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
608 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
610 elseif hostapd and not supplicant then
611 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
612 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
613 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
615 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
616 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
618 encr.description = translate(
619 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
620 "and ad-hoc mode) to be installed."
622 elseif not hostapd and supplicant then
623 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"})
624 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"})
625 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"})
627 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
628 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
630 encr.description = translate(
631 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
632 "and ad-hoc mode) to be installed."
635 encr.description = translate(
636 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
637 "and ad-hoc mode) to be installed."
640 elseif hwtype == "broadcom" then
641 encr:value("psk", "WPA-PSK")
642 encr:value("psk2", "WPA2-PSK")
643 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
646 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
647 auth_server:depends({mode="ap", encryption="wpa"})
648 auth_server:depends({mode="ap", encryption="wpa2"})
649 auth_server:depends({mode="ap-wds", encryption="wpa"})
650 auth_server:depends({mode="ap-wds", encryption="wpa2"})
651 auth_server.rmempty = true
652 auth_server.datatype = "host(0)"
654 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
655 auth_port:depends({mode="ap", encryption="wpa"})
656 auth_port:depends({mode="ap", encryption="wpa2"})
657 auth_port:depends({mode="ap-wds", encryption="wpa"})
658 auth_port:depends({mode="ap-wds", encryption="wpa2"})
659 auth_port.rmempty = true
660 auth_port.datatype = "port"
662 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
663 auth_secret:depends({mode="ap", encryption="wpa"})
664 auth_secret:depends({mode="ap", encryption="wpa2"})
665 auth_secret:depends({mode="ap-wds", encryption="wpa"})
666 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
667 auth_secret.rmempty = true
668 auth_secret.password = true
670 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
671 acct_server:depends({mode="ap", encryption="wpa"})
672 acct_server:depends({mode="ap", encryption="wpa2"})
673 acct_server:depends({mode="ap-wds", encryption="wpa"})
674 acct_server:depends({mode="ap-wds", encryption="wpa2"})
675 acct_server.rmempty = true
676 acct_server.datatype = "host(0)"
678 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
679 acct_port:depends({mode="ap", encryption="wpa"})
680 acct_port:depends({mode="ap", encryption="wpa2"})
681 acct_port:depends({mode="ap-wds", encryption="wpa"})
682 acct_port:depends({mode="ap-wds", encryption="wpa2"})
683 acct_port.rmempty = true
684 acct_port.datatype = "port"
686 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
687 acct_secret:depends({mode="ap", encryption="wpa"})
688 acct_secret:depends({mode="ap", encryption="wpa2"})
689 acct_secret:depends({mode="ap-wds", encryption="wpa"})
690 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
691 acct_secret.rmempty = true
692 acct_secret.password = true
694 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
695 wpakey:depends("encryption", "psk")
696 wpakey:depends("encryption", "psk2")
697 wpakey:depends("encryption", "psk+psk2")
698 wpakey:depends("encryption", "psk-mixed")
699 wpakey.datatype = "wpakey"
700 wpakey.rmempty = true
701 wpakey.password = true
703 wpakey.cfgvalue = function(self, section, value)
704 local key = m.uci:get("wireless", section, "key")
705 if key == "1" or key == "2" or key == "3" or key == "4" then
711 wpakey.write = function(self, section, value)
712 self.map.uci:set("wireless", section, "key", value)
713 self.map.uci:delete("wireless", section, "key1")
717 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
718 wepslot:depends("encryption", "wep-open")
719 wepslot:depends("encryption", "wep-shared")
720 wepslot:value("1", translatef("Key #%d", 1))
721 wepslot:value("2", translatef("Key #%d", 2))
722 wepslot:value("3", translatef("Key #%d", 3))
723 wepslot:value("4", translatef("Key #%d", 4))
725 wepslot.cfgvalue = function(self, section)
726 local slot = tonumber(m.uci:get("wireless", section, "key"))
727 if not slot or slot < 1 or slot > 4 then
733 wepslot.write = function(self, section, value)
734 self.map.uci:set("wireless", section, "key", value)
739 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
740 wepkey:depends("encryption", "wep-open")
741 wepkey:depends("encryption", "wep-shared")
742 wepkey.datatype = "wepkey"
743 wepkey.rmempty = true
744 wepkey.password = true
746 function wepkey.write(self, section, value)
747 if value and (#value == 5 or #value == 13) then
748 value = "s:" .. value
750 return Value.write(self, section, value)
755 if hwtype == "mac80211" or hwtype == "prism2" then
757 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
758 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
760 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
761 translate("802.11r Fast Transition"),
762 translate("Enables fast roaming among access points that belong " ..
763 "to the same Mobility Domain"))
764 ieee80211r:depends({mode="ap", encryption="wpa"})
765 ieee80211r:depends({mode="ap", encryption="wpa2"})
766 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
767 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
769 ieee80211r:depends({mode="ap", encryption="psk"})
770 ieee80211r:depends({mode="ap", encryption="psk2"})
771 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
773 ieee80211r.rmempty = true
775 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
776 translate("Used for two different purposes: RADIUS NAS ID and " ..
777 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
778 nasid:depends({mode="ap", encryption="wpa"})
779 nasid:depends({mode="ap", encryption="wpa2"})
780 nasid:depends({mode="ap-wds", encryption="wpa"})
781 nasid:depends({mode="ap-wds", encryption="wpa2"})
782 nasid:depends({ieee80211r="1"})
785 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
786 translate("Mobility Domain"),
787 translate("4-character hexadecimal ID"))
788 mobility_domain:depends({ieee80211r="1"})
789 mobility_domain.placeholder = "4f57"
790 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
791 mobility_domain.rmempty = true
793 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
794 translate("R0 Key Lifetime"), translate("minutes"))
795 r0_key_lifetime:depends({ieee80211r="1"})
796 r0_key_lifetime.placeholder = "10000"
797 r0_key_lifetime.datatype = "uinteger"
798 r0_key_lifetime.rmempty = true
800 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
801 translate("R1 Key Holder"),
802 translate("6-octet identifier as a hex string - no colons"))
803 r1_key_holder:depends({ieee80211r="1"})
804 r1_key_holder.placeholder = "00004f577274"
805 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
806 r1_key_holder.rmempty = true
808 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
809 translate("Reassociation Deadline"),
810 translate("time units (TUs / 1.024 ms) [1000-65535]"))
811 reassociation_deadline:depends({ieee80211r="1"})
812 reassociation_deadline.placeholder = "1000"
813 reassociation_deadline.datatype = "range(1000,65535)"
814 reassociation_deadline.rmempty = true
816 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
817 pmk_r1_push:depends({ieee80211r="1"})
818 pmk_r1_push.placeholder = "0"
819 pmk_r1_push.rmempty = true
821 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
822 translate("List of R0KHs in the same Mobility Domain. " ..
823 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
824 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
825 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
826 "used during the Initial Mobility Domain Association."))
828 r0kh:depends({ieee80211r="1"})
831 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
832 translate ("List of R1KHs in the same Mobility Domain. "..
833 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
834 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
835 "when sending PMK-R1 key from the R0KH. This is also the " ..
836 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
837 r1kh:depends({ieee80211r="1"})
839 -- End of 802.11r options
841 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
842 eaptype:value("tls", "TLS")
843 eaptype:value("ttls", "TTLS")
844 eaptype:value("peap", "PEAP")
845 eaptype:value("fast", "FAST")
846 eaptype:depends({mode="sta", encryption="wpa"})
847 eaptype:depends({mode="sta", encryption="wpa2"})
848 eaptype:depends({mode="sta-wds", encryption="wpa"})
849 eaptype:depends({mode="sta-wds", encryption="wpa2"})
851 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
852 cacert:depends({mode="sta", encryption="wpa"})
853 cacert:depends({mode="sta", encryption="wpa2"})
854 cacert:depends({mode="sta-wds", encryption="wpa"})
855 cacert:depends({mode="sta-wds", encryption="wpa2"})
856 cacert.rmempty = true
858 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
859 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
860 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
861 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
862 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
864 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
865 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
866 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
867 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
868 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
870 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
871 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
872 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
873 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
874 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
875 privkeypwd.rmempty = true
876 privkeypwd.password = true
878 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
879 auth:value("PAP", "PAP", {eap_type="ttls"})
880 auth:value("CHAP", "CHAP", {eap_type="ttls"})
881 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
882 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
883 auth:value("EAP-GTC")
884 auth:value("EAP-MD5")
885 auth:value("EAP-MSCHAPV2")
886 auth:value("EAP-TLS")
887 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
888 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
889 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
890 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
891 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
892 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
893 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
894 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
895 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
896 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
897 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
898 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
900 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
901 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
902 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
903 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
904 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
906 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
907 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
908 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
909 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
910 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
912 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
913 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
914 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
915 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
916 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
918 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
919 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
920 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
921 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
922 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
923 privkeypwd2.rmempty = true
924 privkeypwd2.password = true
926 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
927 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
928 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
929 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
930 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
931 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
932 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
933 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
934 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
935 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
936 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
937 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
938 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
939 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
940 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
941 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
942 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
944 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
945 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
946 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
947 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
948 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
949 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
950 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
951 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
952 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
953 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
954 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
955 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
956 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
957 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
958 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
959 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
960 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
962 password = s:taboption("encryption", Value, "password", translate("Password"))
963 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
964 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
965 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
966 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
967 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
968 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
969 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
970 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
971 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
972 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
973 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
974 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
975 password.rmempty = true
976 password.password = true
979 -- ieee802.11w options
980 if hwtype == "mac80211" then
981 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
983 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
984 translate("802.11w Management Frame Protection"),
985 translate("Requires the 'full' version of wpad/hostapd " ..
986 "and support from the wifi driver <br />(as of Feb 2017: " ..
987 "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
988 ieee80211w.default = ""
989 ieee80211w.rmempty = true
990 ieee80211w:value("", translate("Disabled (default)"))
991 ieee80211w:value("1", translate("Optional"))
992 ieee80211w:value("2", translate("Required"))
993 ieee80211w:depends({mode="ap", encryption="wpa2"})
994 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
995 ieee80211w:depends({mode="ap", encryption="psk2"})
996 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
997 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
998 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1000 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1001 translate("802.11w maximum timeout"),
1002 translate("802.11w Association SA Query maximum timeout"))
1003 max_timeout:depends({ieee80211w="1"})
1004 max_timeout:depends({ieee80211w="2"})
1005 max_timeout.datatype = "uinteger"
1006 max_timeout.placeholder = "1000"
1007 max_timeout.rmempty = true
1009 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1010 translate("802.11w retry timeout"),
1011 translate("802.11w Association SA Query retry timeout"))
1012 retry_timeout:depends({ieee80211w="1"})
1013 retry_timeout:depends({ieee80211w="2"})
1014 retry_timeout.datatype = "uinteger"
1015 retry_timeout.placeholder = "201"
1016 retry_timeout.rmempty = true
1020 if hwtype == "mac80211" or hwtype == "prism2" then
1021 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1022 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1023 if hostcli and wpasupplicant then
1024 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1028 wps:depends("encryption", "psk")
1029 wps:depends("encryption", "psk2")
1030 wps:depends("encryption", "psk-mixed")