projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
modules: Make luci-base sufficient to use luci apps
[project/luci.git] / modules / luci-mod-admin-full / luasrc / model / cbi / admin_network / wifi.lua
1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
3
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
9
10 local acct_port, acct_secret, acct_server, anonymous_identity, ant1, ant2,
11 auth, auth_port, auth_secret, auth_server, bssid, cacert, cacert2,
12 cc, ch, cipher, clientcert, clientcert2, ea, eaptype, en, encr,
13 ft_protocol, ft_psk_generate_local, hidden, htmode, identity,
14 ieee80211r, ieee80211w, ifname, isolate, key_retries,
15 legacyrates, max_timeout, meshfwd, meshid, ml, mobility_domain, mode,
16 mp, nasid, network, password, pmk_r1_push, privkey, privkey2, privkeypwd,
17 privkeypwd2, r0_key_lifetime, r0kh, r1_key_holder, r1kh,
18 reassociation_deadline, retry_timeout, ssid, st, tp, wepkey, wepslot,
19 wmm, wpakey, wps, disassoc_low_ack, short_preamble, beacon_int, dtim_period
20
21 arg[1] = arg[1] or ""
22
23 m = Map("wireless", "",
24 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
25 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
26 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
27 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
28
29 m:chain("network")
30 m:chain("firewall")
31 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
32
33 nw.init(m.uci)
34
35 local wnet = nw:get_wifinet(arg[1])
36 local wdev = wnet and wnet:get_device()
37
38 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
39 if not wnet or not wdev then
40 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
41 return
42 end
43
44 local function txpower_list(iw)
45 local list = iw.txpwrlist or { }
46 local off = tonumber(iw.txpower_offset) or 0
47 local new = { }
48 local prev = -1
49 local _, val
50 for _, val in ipairs(list) do
51 local dbm = val.dbm + off
52 local mw = math.floor(10 ^ (dbm / 10))
53 if mw ~= prev then
54 prev = mw
55 new[#new+1] = {
56 display_dbm = dbm,
57 display_mw = mw,
58 driver_dbm = val.dbm,
59 driver_mw = val.mw
60 }
61 end
62 end
63 return new
64 end
65
66 local function txpower_current(pwr, list)
67 pwr = tonumber(pwr)
68 if pwr ~= nil then
69 local _, item
70 for _, item in ipairs(list) do
71 if item.driver_dbm >= pwr then
72 return item.driver_dbm
73 end
74 end
75 end
76 return pwr or ""
77 end
78
79 local iw = luci.sys.wifi.getiwinfo(arg[1])
80 local hw_modes = iw.hwmodelist or { }
81 local tx_power_list = txpower_list(iw)
82 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
83
84 -- wireless toggle was requested, commit and reload page
85 function m.parse(map)
86 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
87 local old_cc = m:get(wdev:name(), "country")
88
89 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
90 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
91 wnet:set("disabled", nil)
92 else
93 wnet:set("disabled", "1")
94 end
95 wdev:set("disabled", nil)
96 m.apply_needed = true
97 m.redirect = nil
98 end
99
100 Map.parse(map)
101
102 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
103 luci.sys.call("iw reg set %s" % ut.shellquote(new_cc))
104
105 local old_ch = tonumber(m:formvalue("cbid.wireless.%s._mode_freq.channel" % wdev:name()) or "")
106 if old_ch then
107 local _, c, new_ch
108 for _, c in ipairs(iw.freqlist) do
109 if c.channel > old_ch or (old_ch <= 14 and c.channel > 14) then
110 break
111 end
112 new_ch = c.channel
113 end
114 if new_ch ~= old_ch then
115 wdev:set("channel", new_ch)
116 m.message = translatef("Channel %d is not available in the %s regulatory domain and has been auto-adjusted to %d.",
117 old_ch, new_cc, new_ch)
118 end
119 end
120 end
121
122 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
123 en.title = translate("Wireless network is disabled")
124 en.inputtitle = translate("Enable")
125 en.inputstyle = "apply"
126 else
127 en.title = translate("Wireless network is enabled")
128 en.inputtitle = translate("Disable")
129 en.inputstyle = "reset"
130 end
131 end
132
133 m.title = luci.util.pcdata(wnet:get_i18n())
134
135 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
136 s.addremove = false
137
138 s:tab("general", translate("General Setup"))
139 s:tab("macfilter", translate("MAC-Filter"))
140 s:tab("advanced", translate("Advanced Settings"))
141
142 st = s:taboption("general", DummyValue, "__status", translate("Status"))
143 st.template = "admin_network/wifi_status"
144 st.ifname = arg[1]
145
146 en = s:taboption("general", Button, "__toggle")
147
148 local hwtype = wdev:get("type")
149
150 -- NanoFoo
151 local nsantenna = wdev:get("antenna")
152
153 -- Check whether there are client interfaces on the same radio,
154 -- if yes, lock the channel choice as these stations will dicatate the freq
155 local found_sta = nil
156 local _, net
157 if wnet:mode() ~= "sta" then
158 for _, net in ipairs(wdev:get_wifinets()) do
159 if net:mode() == "sta" and net:get("disabled") ~= "1" then
160 if not found_sta then
161 found_sta = {}
162 found_sta.channel = net:channel()
163 found_sta.names = {}
164 end
165 found_sta.names[#found_sta.names+1] = net:shortname()
166 end
167 end
168 end
169
170 if found_sta then
171 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
172 ch.value = translatef("Locked to channel %s used by: %s",
173 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
174 else
175 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
176 ch.iwinfo = iw
177 ch.template = "cbi/wireless_modefreq"
178
179 function ch.cfgvalue(self, section)
180 return {
181 m:get(section, "hwmode") or "",
182 m:get(section, "channel") or "auto",
183 m:get(section, "htmode") or ""
184 }
185 end
186
187 function ch.formvalue(self, section)
188 return {
189 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
190 m:formvalue(self:cbid(section) .. ".channel") or "auto",
191 m:formvalue(self:cbid(section) .. ".htmode") or ""
192 }
193 end
194
195 function ch.write(self, section, value)
196 m:set(section, "hwmode", value[1])
197 m:set(section, "channel", value[2])
198 m:set(section, "htmode", value[3])
199 end
200 end
201
202 ------------------- MAC80211 Device ------------------
203
204 if hwtype == "mac80211" then
205 if #tx_power_list > 0 then
206 tp = s:taboption("general", ListValue,
207 "txpower", translate("Transmit Power"), "dBm")
208 tp.rmempty = true
209 tp.default = tx_power_cur
210 function tp.cfgvalue(...)
211 return txpower_current(Value.cfgvalue(...), tx_power_list)
212 end
213
214 tp:value("", translate("auto"))
215 for _, p in ipairs(tx_power_list) do
216 tp:value(p.driver_dbm, "%i dBm (%i mW)"
217 %{ p.display_dbm, p.display_mw })
218 end
219 end
220
221 local cl = iw and iw.countrylist
222 if cl and #cl > 0 then
223 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
224 cc.default = tostring(iw and iw.country or "00")
225 for _, c in ipairs(cl) do
226 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
227 end
228 else
229 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
230 end
231
232 legacyrates = s:taboption("advanced", Flag, "legacy_rates", translate("Allow legacy 802.11b rates"))
233 legacyrates.rmempty = false
234 legacyrates.default = "1"
235
236 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
237 translate("Distance to farthest network member in meters."))
238
239 -- external antenna profiles
240 local eal = iw and iw.extant
241 if eal and #eal > 0 then
242 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
243 for _, eap in ipairs(eal) do
244 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
245 if eap.selected then
246 ea.default = eap.id
247 end
248 end
249 end
250
251 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
252 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
253
254 s:taboption("advanced", Flag, "noscan", translate("Force 40MHz mode"),
255 translate("Always use 40MHz channels even if the secondary channel overlaps. Using this option does not comply with IEEE 802.11n-2009!")).optional = true
256
257 beacon_int = s:taboption("advanced", Value, "beacon_int", translate("Beacon Interval"))
258 beacon_int.optional = true
259 beacon_int.placeholder = 100
260 beacon_int.datatype = "range(15,65535)"
261 end
262
263
264 ------------------- Broadcom Device ------------------
265
266 if hwtype == "broadcom" then
267 tp = s:taboption("general",
268 (#tx_power_list > 0) and ListValue or Value,
269 "txpower", translate("Transmit Power"), "dBm")
270
271 tp.rmempty = true
272 tp.default = tx_power_cur
273
274 function tp.cfgvalue(...)
275 return txpower_current(Value.cfgvalue(...), tx_power_list)
276 end
277
278 tp:value("", translate("auto"))
279 for _, p in ipairs(tx_power_list) do
280 tp:value(p.driver_dbm, "%i dBm (%i mW)"
281 %{ p.display_dbm, p.display_mw })
282 end
283
284 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
285 if hw_modes.b then
286 mode:value("11b", "2.4GHz (802.11b)")
287 if hw_modes.g then
288 mode:value("11bg", "2.4GHz (802.11b+g)")
289 end
290 end
291 if hw_modes.g then
292 mode:value("11g", "2.4GHz (802.11g)")
293 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
294 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
295 end
296 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
297 if hw_modes.n then
298 if hw_modes.g then
299 mode:value("11ng", "2.4GHz (802.11g+n)")
300 mode:value("11n", "2.4GHz (802.11n)")
301 end
302 if hw_modes.a then
303 mode:value("11na", "5GHz (802.11a+n)")
304 mode:value("11n", "5GHz (802.11n)")
305 end
306 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
307 htmode:depends("hwmode", "11ng")
308 htmode:depends("hwmode", "11na")
309 htmode:depends("hwmode", "11n")
310 htmode:value("HT20", "20MHz")
311 htmode:value("HT40", "40MHz")
312 end
313
314 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
315 ant1.widget = "radio"
316 ant1:depends("diversity", "")
317 ant1:value("3", translate("auto"))
318 ant1:value("0", translate("Antenna 1"))
319 ant1:value("1", translate("Antenna 2"))
320
321 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
322 ant2.widget = "radio"
323 ant2:depends("diversity", "")
324 ant2:value("3", translate("auto"))
325 ant2:value("0", translate("Antenna 1"))
326 ant2:value("1", translate("Antenna 2"))
327
328 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
329
330 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
331 --s:option(Value, "slottime", translate("Slot time"))
332
333 s:taboption("advanced", Value, "country", translate("Country Code"))
334 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
335 end
336
337
338 --------------------- HostAP Device ---------------------
339
340 if hwtype == "prism2" then
341 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
342
343 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
344
345 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
346 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
347 end
348
349
350 ----------------------- Interface -----------------------
351
352 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
353 s.addremove = false
354 s.anonymous = true
355 s.defaults.device = wdev:name()
356
357 s:tab("general", translate("General Setup"))
358 s:tab("encryption", translate("Wireless Security"))
359 s:tab("macfilter", translate("MAC-Filter"))
360 s:tab("advanced", translate("Advanced Settings"))
361
362 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
363 mode.override_values = true
364 mode:value("ap", translate("Access Point"))
365 mode:value("sta", translate("Client"))
366 mode:value("adhoc", translate("Ad-Hoc"))
367
368 meshid = s:taboption("general", Value, "mesh_id", translate("Mesh Id"))
369 meshid:depends({mode="mesh"})
370
371 meshfwd = s:taboption("advanced", Flag, "mesh_fwding", translate("Forward mesh peer traffic"))
372 meshfwd.rmempty = false
373 meshfwd.default = "1"
374 meshfwd:depends({mode="mesh"})
375
376 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
377 ssid.datatype = "maxlength(32)"
378 ssid:depends({mode="ap"})
379 ssid:depends({mode="sta"})
380 ssid:depends({mode="adhoc"})
381 ssid:depends({mode="ahdemo"})
382 ssid:depends({mode="monitor"})
383 ssid:depends({mode="ap-wds"})
384 ssid:depends({mode="sta-wds"})
385 ssid:depends({mode="wds"})
386
387 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
388
389 network = s:taboption("general", Value, "network", translate("Network"),
390 translate("Choose the network(s) you want to attach to this wireless interface or " ..
391 "fill out the <em>create</em> field to define a new network."))
392
393 network.rmempty = true
394 network.template = "cbi/network_netlist"
395 network.widget = "checkbox"
396 network.novirtual = true
397
398 function network.write(self, section, value)
399 local i = nw:get_interface(section)
400 if i then
401 local _, net, old, new = nil, nil, {}, {}
402
403 for _, net in ipairs(i:get_networks()) do
404 old[net:name()] = true
405 end
406
407 for net in ut.imatch(value) do
408 new[net] = true
409 if not old[net] then
410 local n = nw:get_network(net) or nw:add_network(net, { proto = "none" })
411 if n then
412 if not n:is_empty() then
413 n:set("type", "bridge")
414 end
415 n:add_interface(i)
416 end
417 end
418 end
419
420 for net, _ in pairs(old) do
421 if not new[net] then
422 local n = nw:get_network(net)
423 if n then
424 n:del_interface(i)
425 end
426 end
427 end
428 end
429 end
430
431 -------------------- MAC80211 Interface ----------------------
432
433 if hwtype == "mac80211" then
434 if fs.access("/usr/sbin/iw") then
435 mode:value("mesh", "802.11s")
436 end
437
438 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
439 mode:value("monitor", translate("Monitor"))
440 bssid:depends({mode="adhoc"})
441 bssid:depends({mode="sta"})
442 bssid:depends({mode="sta-wds"})
443
444 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
445 mp:depends({mode="ap"})
446 mp:depends({mode="ap-wds"})
447 mp:value("", translate("disable"))
448 mp:value("allow", translate("Allow listed only"))
449 mp:value("deny", translate("Allow all except listed"))
450
451 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
452 ml.datatype = "macaddr"
453 ml:depends({macfilter="allow"})
454 ml:depends({macfilter="deny"})
455 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
456
457 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
458 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
459
460 function mode.write(self, section, value)
461 if value == "ap-wds" then
462 ListValue.write(self, section, "ap")
463 m.uci:set("wireless", section, "wds", 1)
464 elseif value == "sta-wds" then
465 ListValue.write(self, section, "sta")
466 m.uci:set("wireless", section, "wds", 1)
467 else
468 ListValue.write(self, section, value)
469 m.uci:delete("wireless", section, "wds")
470 end
471 end
472
473 function mode.cfgvalue(self, section)
474 local mode = ListValue.cfgvalue(self, section)
475 local wds = m.uci:get("wireless", section, "wds") == "1"
476
477 if mode == "ap" and wds then
478 return "ap-wds"
479 elseif mode == "sta" and wds then
480 return "sta-wds"
481 else
482 return mode
483 end
484 end
485
486 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
487 hidden:depends({mode="ap"})
488 hidden:depends({mode="ap-wds"})
489
490 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
491 wmm:depends({mode="ap"})
492 wmm:depends({mode="ap-wds"})
493 wmm.default = wmm.enabled
494
495 isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"),
496 translate("Prevents client-to-client communication"))
497 isolate:depends({mode="ap"})
498 isolate:depends({mode="ap-wds"})
499
500 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
501 ifname.optional = true
502
503 short_preamble = s:taboption("advanced", Flag, "short_preamble", translate("Short Preamble"))
504 short_preamble.default = short_preamble.enabled
505
506 dtim_period = s:taboption("advanced", Value, "dtim_period", translate("DTIM Interval"), translate("Delivery Traffic Indication Message Interval"))
507 dtim_period.optional = true
508 dtim_period.placeholder = 2
509 dtim_period.datatype = "range(1,255)"
510
511 disassoc_low_ack = s:taboption("advanced", Flag, "disassoc_low_ack", translate("Disassociate On Low Acknowledgement"),
512 translate("Allow AP mode to disconnect STAs based on low ACK condition"))
513 disassoc_low_ack.default = disassoc_low_ack.enabled
514 end
515
516
517 -------------------- Broadcom Interface ----------------------
518
519 if hwtype == "broadcom" then
520 mode:value("wds", translate("WDS"))
521 mode:value("monitor", translate("Monitor"))
522
523 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
524 hidden:depends({mode="ap"})
525 hidden:depends({mode="adhoc"})
526 hidden:depends({mode="wds"})
527
528 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
529 translate("Prevents client-to-client communication"))
530 isolate:depends({mode="ap"})
531
532 s:taboption("advanced", Flag, "doth", "802.11h")
533 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
534
535 bssid:depends({mode="wds"})
536 bssid:depends({mode="adhoc"})
537 end
538
539
540 ----------------------- HostAP Interface ---------------------
541
542 if hwtype == "prism2" then
543 mode:value("wds", translate("WDS"))
544 mode:value("monitor", translate("Monitor"))
545
546 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
547 hidden:depends({mode="ap"})
548 hidden:depends({mode="adhoc"})
549 hidden:depends({mode="wds"})
550
551 bssid:depends({mode="sta"})
552
553 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
554 mp:value("", translate("disable"))
555 mp:value("allow", translate("Allow listed only"))
556 mp:value("deny", translate("Allow all except listed"))
557 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
558 ml:depends({macpolicy="allow"})
559 ml:depends({macpolicy="deny"})
560 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
561
562 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
563 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
564 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
565 end
566
567
568 ------------------- WiFI-Encryption -------------------
569
570 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
571 encr.override_values = true
572 encr.override_depends = true
573 encr:depends({mode="ap"})
574 encr:depends({mode="sta"})
575 encr:depends({mode="adhoc"})
576 encr:depends({mode="ahdemo"})
577 encr:depends({mode="ap-wds"})
578 encr:depends({mode="sta-wds"})
579 encr:depends({mode="mesh"})
580
581 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
582 cipher:depends({encryption="wpa"})
583 cipher:depends({encryption="wpa2"})
584 cipher:depends({encryption="psk"})
585 cipher:depends({encryption="psk2"})
586 cipher:depends({encryption="wpa-mixed"})
587 cipher:depends({encryption="psk-mixed"})
588 cipher:value("auto", translate("auto"))
589 cipher:value("ccmp", translate("Force CCMP (AES)"))
590 cipher:value("tkip", translate("Force TKIP"))
591 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
592
593 function encr.cfgvalue(self, section)
594 local v = tostring(ListValue.cfgvalue(self, section))
595 if v == "wep" then
596 return "wep-open"
597 elseif v and v:match("%+") then
598 return (v:gsub("%+.+$", ""))
599 end
600 return v
601 end
602
603 function encr.write(self, section, value)
604 local e = tostring(encr:formvalue(section))
605 local c = tostring(cipher:formvalue(section))
606 if value == "wpa" or value == "wpa2" then
607 self.map.uci:delete("wireless", section, "key")
608 end
609 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
610 e = e .. "+" .. c
611 end
612 self.map:set(section, "encryption", e)
613 end
614
615 function cipher.cfgvalue(self, section)
616 local v = tostring(ListValue.cfgvalue(encr, section))
617 if v and v:match("%+") then
618 v = v:gsub("^[^%+]+%+", "")
619 if v == "aes" then v = "ccmp"
620 elseif v == "tkip+aes" then v = "tkip+ccmp"
621 elseif v == "aes+tkip" then v = "tkip+ccmp"
622 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
623 end
624 end
625 return v
626 end
627
628 function cipher.write(self, section)
629 return encr:write(section)
630 end
631
632
633 encr:value("none", "No Encryption")
634 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
635 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
636
637 if hwtype == "mac80211" or hwtype == "prism2" then
638 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
639 local hostapd = fs.access("/usr/sbin/hostapd")
640
641 -- Probe EAP support
642 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
643 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
644
645 if hostapd and supplicant then
646 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
647 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
648 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
649 if has_ap_eap and has_sta_eap then
650 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
651 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
652 end
653 elseif hostapd and not supplicant then
654 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
655 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
656 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
657 if has_ap_eap then
658 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
659 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
660 end
661 encr.description = translate(
662 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
663 "and ad-hoc mode) to be installed."
664 )
665 elseif not hostapd and supplicant then
666 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
667 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
668 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
669 if has_sta_eap then
670 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
671 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
672 end
673 encr.description = translate(
674 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
675 "and ad-hoc mode) to be installed."
676 )
677 else
678 encr.description = translate(
679 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
680 "and ad-hoc mode) to be installed."
681 )
682 end
683 elseif hwtype == "broadcom" then
684 encr:value("psk", "WPA-PSK")
685 encr:value("psk2", "WPA2-PSK")
686 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
687 end
688
689 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
690 auth_server:depends({mode="ap", encryption="wpa"})
691 auth_server:depends({mode="ap", encryption="wpa2"})
692 auth_server:depends({mode="ap-wds", encryption="wpa"})
693 auth_server:depends({mode="ap-wds", encryption="wpa2"})
694 auth_server.rmempty = true
695 auth_server.datatype = "host(0)"
696
697 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
698 auth_port:depends({mode="ap", encryption="wpa"})
699 auth_port:depends({mode="ap", encryption="wpa2"})
700 auth_port:depends({mode="ap-wds", encryption="wpa"})
701 auth_port:depends({mode="ap-wds", encryption="wpa2"})
702 auth_port.rmempty = true
703 auth_port.datatype = "port"
704
705 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
706 auth_secret:depends({mode="ap", encryption="wpa"})
707 auth_secret:depends({mode="ap", encryption="wpa2"})
708 auth_secret:depends({mode="ap-wds", encryption="wpa"})
709 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
710 auth_secret.rmempty = true
711 auth_secret.password = true
712
713 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
714 acct_server:depends({mode="ap", encryption="wpa"})
715 acct_server:depends({mode="ap", encryption="wpa2"})
716 acct_server:depends({mode="ap-wds", encryption="wpa"})
717 acct_server:depends({mode="ap-wds", encryption="wpa2"})
718 acct_server.rmempty = true
719 acct_server.datatype = "host(0)"
720
721 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
722 acct_port:depends({mode="ap", encryption="wpa"})
723 acct_port:depends({mode="ap", encryption="wpa2"})
724 acct_port:depends({mode="ap-wds", encryption="wpa"})
725 acct_port:depends({mode="ap-wds", encryption="wpa2"})
726 acct_port.rmempty = true
727 acct_port.datatype = "port"
728
729 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
730 acct_secret:depends({mode="ap", encryption="wpa"})
731 acct_secret:depends({mode="ap", encryption="wpa2"})
732 acct_secret:depends({mode="ap-wds", encryption="wpa"})
733 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
734 acct_secret.rmempty = true
735 acct_secret.password = true
736
737 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
738 wpakey:depends("encryption", "psk")
739 wpakey:depends("encryption", "psk2")
740 wpakey:depends("encryption", "psk+psk2")
741 wpakey:depends("encryption", "psk-mixed")
742 wpakey.datatype = "wpakey"
743 wpakey.rmempty = true
744 wpakey.password = true
745
746 wpakey.cfgvalue = function(self, section, value)
747 local key = m.uci:get("wireless", section, "key")
748 if key == "1" or key == "2" or key == "3" or key == "4" then
749 return nil
750 end
751 return key
752 end
753
754 wpakey.write = function(self, section, value)
755 self.map.uci:set("wireless", section, "key", value)
756 self.map.uci:delete("wireless", section, "key1")
757 end
758
759
760 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
761 wepslot:depends("encryption", "wep-open")
762 wepslot:depends("encryption", "wep-shared")
763 wepslot:value("1", translatef("Key #%d", 1))
764 wepslot:value("2", translatef("Key #%d", 2))
765 wepslot:value("3", translatef("Key #%d", 3))
766 wepslot:value("4", translatef("Key #%d", 4))
767
768 wepslot.cfgvalue = function(self, section)
769 local slot = tonumber(m.uci:get("wireless", section, "key"))
770 if not slot or slot < 1 or slot > 4 then
771 return 1
772 end
773 return slot
774 end
775
776 wepslot.write = function(self, section, value)
777 self.map.uci:set("wireless", section, "key", value)
778 end
779
780 local slot
781 for slot=1,4 do
782 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
783 wepkey:depends("encryption", "wep-open")
784 wepkey:depends("encryption", "wep-shared")
785 wepkey.datatype = "wepkey"
786 wepkey.rmempty = true
787 wepkey.password = true
788
789 function wepkey.write(self, section, value)
790 if value and (#value == 5 or #value == 13) then
791 value = "s:" .. value
792 end
793 return Value.write(self, section, value)
794 end
795 end
796
797
798 if hwtype == "mac80211" or hwtype == "prism2" then
799
800 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
801 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
802
803 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
804 translate("802.11r Fast Transition"),
805 translate("Enables fast roaming among access points that belong " ..
806 "to the same Mobility Domain"))
807 ieee80211r:depends({mode="ap", encryption="wpa"})
808 ieee80211r:depends({mode="ap", encryption="wpa2"})
809 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
810 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
811 if has_80211r then
812 ieee80211r:depends({mode="ap", encryption="psk"})
813 ieee80211r:depends({mode="ap", encryption="psk2"})
814 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
815 ieee80211r:depends({mode="ap-wds", encryption="psk"})
816 ieee80211r:depends({mode="ap-wds", encryption="psk2"})
817 ieee80211r:depends({mode="ap-wds", encryption="psk-mixed"})
818 end
819 ieee80211r.rmempty = true
820
821 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
822 translate("Used for two different purposes: RADIUS NAS ID and " ..
823 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
824 nasid:depends({mode="ap", encryption="wpa"})
825 nasid:depends({mode="ap", encryption="wpa2"})
826 nasid:depends({mode="ap-wds", encryption="wpa"})
827 nasid:depends({mode="ap-wds", encryption="wpa2"})
828 nasid:depends({ieee80211r="1"})
829 nasid.rmempty = true
830
831 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
832 translate("Mobility Domain"),
833 translate("4-character hexadecimal ID"))
834 mobility_domain:depends({ieee80211r="1"})
835 mobility_domain.placeholder = "4f57"
836 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
837 mobility_domain.rmempty = true
838
839 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
840 translate("Reassociation Deadline"),
841 translate("time units (TUs / 1.024 ms) [1000-65535]"))
842 reassociation_deadline:depends({ieee80211r="1"})
843 reassociation_deadline.placeholder = "1000"
844 reassociation_deadline.datatype = "range(1000,65535)"
845 reassociation_deadline.rmempty = true
846
847 ft_protocol = s:taboption("encryption", ListValue, "ft_over_ds", translate("FT protocol"))
848 ft_protocol:depends({ieee80211r="1"})
849 ft_protocol:value("1", translatef("FT over DS"))
850 ft_protocol:value("0", translatef("FT over the Air"))
851 ft_protocol.rmempty = true
852
853 ft_psk_generate_local = s:taboption("encryption", Flag, "ft_psk_generate_local",
854 translate("Generate PMK locally"),
855 translate("When using a PSK, the PMK can be generated locally without inter AP communications"))
856 ft_psk_generate_local:depends({ieee80211r="1"})
857
858 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
859 translate("R0 Key Lifetime"), translate("minutes"))
860 r0_key_lifetime:depends({ieee80211r="1", ft_psk_generate_local=""})
861 r0_key_lifetime.placeholder = "10000"
862 r0_key_lifetime.datatype = "uinteger"
863 r0_key_lifetime.rmempty = true
864
865 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
866 translate("R1 Key Holder"),
867 translate("6-octet identifier as a hex string - no colons"))
868 r1_key_holder:depends({ieee80211r="1", ft_psk_generate_local=""})
869 r1_key_holder.placeholder = "00004f577274"
870 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
871 r1_key_holder.rmempty = true
872
873 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
874 pmk_r1_push:depends({ieee80211r="1", ft_psk_generate_local=""})
875 pmk_r1_push.placeholder = "0"
876 pmk_r1_push.rmempty = true
877
878 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
879 translate("List of R0KHs in the same Mobility Domain. " ..
880 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
881 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
882 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
883 "used during the Initial Mobility Domain Association."))
884 r0kh:depends({ieee80211r="1", ft_psk_generate_local=""})
885 r0kh.rmempty = true
886
887 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
888 translate ("List of R1KHs in the same Mobility Domain. "..
889 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
890 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
891 "when sending PMK-R1 key from the R0KH. This is also the " ..
892 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
893 r1kh:depends({ieee80211r="1", ft_psk_generate_local=""})
894 r1kh.rmempty = true
895 -- End of 802.11r options
896
897 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
898 eaptype:value("tls", "TLS")
899 eaptype:value("ttls", "TTLS")
900 eaptype:value("peap", "PEAP")
901 eaptype:value("fast", "FAST")
902 eaptype:depends({mode="sta", encryption="wpa"})
903 eaptype:depends({mode="sta", encryption="wpa2"})
904 eaptype:depends({mode="sta-wds", encryption="wpa"})
905 eaptype:depends({mode="sta-wds", encryption="wpa2"})
906
907 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
908 cacert:depends({mode="sta", encryption="wpa"})
909 cacert:depends({mode="sta", encryption="wpa2"})
910 cacert:depends({mode="sta-wds", encryption="wpa"})
911 cacert:depends({mode="sta-wds", encryption="wpa2"})
912 cacert.rmempty = true
913
914 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
915 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
916 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
917 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
918 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
919
920 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
921 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
922 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
923 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
924 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
925
926 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
927 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
928 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
929 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
930 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
931 privkeypwd.rmempty = true
932 privkeypwd.password = true
933
934 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
935 auth:value("PAP", "PAP", {eap_type="ttls"})
936 auth:value("CHAP", "CHAP", {eap_type="ttls"})
937 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
938 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
939 auth:value("EAP-GTC")
940 auth:value("EAP-MD5")
941 auth:value("EAP-MSCHAPV2")
942 auth:value("EAP-TLS")
943 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
944 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
945 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
946 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
947 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
948 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
949 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
950 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
951 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
952 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
953 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
954 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
955
956 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
957 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
958 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
959 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
960 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
961
962 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
963 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
964 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
965 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
966 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
967
968 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
969 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
970 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
971 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
972 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
973
974 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
975 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
976 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
977 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
978 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
979 privkeypwd2.rmempty = true
980 privkeypwd2.password = true
981
982 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
983 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
984 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
985 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
986 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
987 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
988 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
989 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
990 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
991 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
992 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
993 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
994 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
995 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
996 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
997 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
998 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
999
1000 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
1001 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1002 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1003 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1004 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1005 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1006 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1007 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1008 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1009 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1010 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1011 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1012 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1013 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1014 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1015 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1016 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1017
1018 password = s:taboption("encryption", Value, "password", translate("Password"))
1019 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1020 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
1021 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1022 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
1023 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1024 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1025 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1026 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1027 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1028 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1029 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1030 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1031 password.rmempty = true
1032 password.password = true
1033 end
1034
1035 -- ieee802.11w options
1036 if hwtype == "mac80211" then
1037 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
1038 if has_80211w then
1039 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
1040 translate("802.11w Management Frame Protection"),
1041 translate("Requires the 'full' version of wpad/hostapd " ..
1042 "and support from the wifi driver <br />(as of Feb 2017: " ..
1043 "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
1044 ieee80211w.default = ""
1045 ieee80211w.rmempty = true
1046 ieee80211w:value("", translate("Disabled (default)"))
1047 ieee80211w:value("1", translate("Optional"))
1048 ieee80211w:value("2", translate("Required"))
1049 ieee80211w:depends({mode="ap", encryption="wpa2"})
1050 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
1051 ieee80211w:depends({mode="ap", encryption="psk2"})
1052 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
1053 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
1054 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1055
1056 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1057 translate("802.11w maximum timeout"),
1058 translate("802.11w Association SA Query maximum timeout"))
1059 max_timeout:depends({ieee80211w="1"})
1060 max_timeout:depends({ieee80211w="2"})
1061 max_timeout.datatype = "uinteger"
1062 max_timeout.placeholder = "1000"
1063 max_timeout.rmempty = true
1064
1065 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1066 translate("802.11w retry timeout"),
1067 translate("802.11w Association SA Query retry timeout"))
1068 retry_timeout:depends({ieee80211w="1"})
1069 retry_timeout:depends({ieee80211w="2"})
1070 retry_timeout.datatype = "uinteger"
1071 retry_timeout.placeholder = "201"
1072 retry_timeout.rmempty = true
1073 end
1074
1075 key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
1076 translate("Enable key reinstallation (KRACK) countermeasures"),
1077 translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
1078
1079 key_retries:depends({mode="ap", encryption="wpa2"})
1080 key_retries:depends({mode="ap", encryption="psk2"})
1081 key_retries:depends({mode="ap", encryption="psk-mixed"})
1082 key_retries:depends({mode="ap-wds", encryption="wpa2"})
1083 key_retries:depends({mode="ap-wds", encryption="psk2"})
1084 key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
1085 end
1086
1087 if hwtype == "mac80211" or hwtype == "prism2" then
1088 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1089 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1090 if hostcli and wpasupplicant then
1091 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1092 wps.enabled = "1"
1093 wps.disabled = "0"
1094 wps.rmempty = false
1095 wps:depends("encryption", "psk")
1096 wps:depends("encryption", "psk2")
1097 wps:depends("encryption", "psk-mixed")
1098 end
1099 end
1100
1101 return m
Lua Configuration Interface (mirror)