projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge pull request #2466 from HenryGiraldo/master
[project/luci.git] / modules / luci-mod-network / luasrc / model / cbi / admin_network / wifi.lua
1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
3
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
9
10 local acct_port, acct_secret, acct_server, anonymous_identity, ant1, ant2,
11 auth, auth_port, auth_secret, auth_server, bssid, cacert, cacert2,
12 cc, ch, cipher, clientcert, clientcert2, ea, eaptype, en, encr,
13 ft_protocol, ft_psk_generate_local, hidden, htmode, identity,
14 ieee80211r, ieee80211w, ifname, isolate, key_retries,
15 legacyrates, max_timeout, meshfwd, meshid, ml, mobility_domain, mode,
16 mp, nasid, network, password, pmk_r1_push, privkey, privkey2, privkeypwd,
17 privkeypwd2, r0_key_lifetime, r0kh, r1_key_holder, r1kh,
18 reassociation_deadline, retry_timeout, ssid, st, tp, wepkey, wepslot,
19 wmm, wpakey, wps, disassoc_low_ack, short_preamble, beacon_int, dtim_period,
20 wparekey, inactivitypool, maxinactivity, listeninterval,
21 dae_client, dae_port, dae_port
22
23
24 arg[1] = arg[1] or ""
25
26 m = Map("wireless", "",
27 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
28 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
29 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
30 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
31
32 m:chain("network")
33 m:chain("firewall")
34 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
35
36 nw.init(m.uci)
37
38 local wnet = nw:get_wifinet(arg[1])
39 local wdev = wnet and wnet:get_device()
40
41 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
42 if not wnet or not wdev then
43 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
44 return
45 end
46
47 local function txpower_list(iw)
48 local list = iw.txpwrlist or { }
49 local off = tonumber(iw.txpower_offset) or 0
50 local new = { }
51 local prev = -1
52 local _, val
53 for _, val in ipairs(list) do
54 local dbm = val.dbm + off
55 local mw = math.floor(10 ^ (dbm / 10))
56 if mw ~= prev then
57 prev = mw
58 new[#new+1] = {
59 display_dbm = dbm,
60 display_mw = mw,
61 driver_dbm = val.dbm,
62 driver_mw = val.mw
63 }
64 end
65 end
66 return new
67 end
68
69 local function txpower_current(pwr, list)
70 pwr = tonumber(pwr)
71 if pwr ~= nil then
72 local _, item
73 for _, item in ipairs(list) do
74 if item.driver_dbm >= pwr then
75 return item.driver_dbm
76 end
77 end
78 end
79 return pwr or ""
80 end
81
82 local iw = luci.sys.wifi.getiwinfo(arg[1])
83 local hw_modes = iw.hwmodelist or { }
84 local tx_power_list = txpower_list(iw)
85 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
86
87 -- wireless toggle was requested, commit and reload page
88 function m.parse(map)
89 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
90 local old_cc = m:get(wdev:name(), "country")
91
92 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
93 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
94 wnet:set("disabled", nil)
95 else
96 wnet:set("disabled", "1")
97 end
98 wdev:set("disabled", nil)
99 m.apply_needed = true
100 m.redirect = nil
101 end
102
103 Map.parse(map)
104
105 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
106 luci.sys.call("iw reg set %s" % ut.shellquote(new_cc))
107
108 local old_ch = tonumber(m:formvalue("cbid.wireless.%s._mode_freq.channel" % wdev:name()) or "")
109 if old_ch then
110 local _, c, new_ch
111 for _, c in ipairs(iw.freqlist) do
112 if c.channel > old_ch or (old_ch <= 14 and c.channel > 14) then
113 break
114 end
115 new_ch = c.channel
116 end
117 if new_ch ~= old_ch then
118 wdev:set("channel", new_ch)
119 m.message = translatef("Channel %d is not available in the %s regulatory domain and has been auto-adjusted to %d.",
120 old_ch, new_cc, new_ch)
121 end
122 end
123 end
124
125 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
126 en.title = translate("Wireless network is disabled")
127 en.inputtitle = translate("Enable")
128 en.inputstyle = "apply"
129 else
130 en.title = translate("Wireless network is enabled")
131 en.inputtitle = translate("Disable")
132 en.inputstyle = "reset"
133 end
134 end
135
136 m.title = luci.util.pcdata(wnet:get_i18n())
137
138 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
139 s.addremove = false
140
141 s:tab("general", translate("General Setup"))
142 s:tab("macfilter", translate("MAC-Filter"))
143 s:tab("advanced", translate("Advanced Settings"))
144
145 st = s:taboption("general", DummyValue, "__status", translate("Status"))
146 st.template = "admin_network/wifi_status"
147 st.ifname = arg[1]
148
149 en = s:taboption("general", Button, "__toggle")
150
151 local hwtype = wdev:get("type")
152
153 -- NanoFoo
154 local nsantenna = wdev:get("antenna")
155
156 -- Check whether there are client interfaces on the same radio,
157 -- if yes, lock the channel choice as these stations will dicatate the freq
158 local found_sta = nil
159 local _, net
160 if wnet:mode() ~= "sta" then
161 for _, net in ipairs(wdev:get_wifinets()) do
162 if net:mode() == "sta" and net:get("disabled") ~= "1" then
163 if not found_sta then
164 found_sta = {}
165 found_sta.channel = net:channel()
166 found_sta.names = {}
167 end
168 found_sta.names[#found_sta.names+1] = net:shortname()
169 end
170 end
171 end
172
173 if found_sta then
174 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
175 ch.value = translatef("Locked to channel %s used by: %s",
176 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
177 else
178 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
179 ch.iwinfo = iw
180 ch.template = "cbi/wireless_modefreq"
181
182 function ch.cfgvalue(self, section)
183 return {
184 m:get(section, "hwmode") or "",
185 m:get(section, "channel") or "auto",
186 m:get(section, "htmode") or ""
187 }
188 end
189
190 function ch.formvalue(self, section)
191 return {
192 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
193 m:formvalue(self:cbid(section) .. ".channel") or "auto",
194 m:formvalue(self:cbid(section) .. ".htmode") or ""
195 }
196 end
197
198 function ch.write(self, section, value)
199 m:set(section, "hwmode", value[1])
200 m:set(section, "channel", value[2])
201 m:set(section, "htmode", value[3])
202 end
203 end
204
205 ------------------- MAC80211 Device ------------------
206
207 if hwtype == "mac80211" then
208 if #tx_power_list > 0 then
209 tp = s:taboption("general", ListValue,
210 "txpower", translate("Transmit Power"), "dBm")
211 tp.rmempty = true
212 tp.default = tx_power_cur
213 function tp.cfgvalue(...)
214 return txpower_current(Value.cfgvalue(...), tx_power_list)
215 end
216
217 tp:value("", translate("auto"))
218 for _, p in ipairs(tx_power_list) do
219 tp:value(p.driver_dbm, "%i dBm (%i mW)"
220 %{ p.display_dbm, p.display_mw })
221 end
222 end
223
224 local cl = iw and iw.countrylist
225 if cl and #cl > 0 then
226 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
227 cc.default = tostring(iw and iw.country or "00")
228 for _, c in ipairs(cl) do
229 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
230 end
231 else
232 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
233 end
234
235 legacyrates = s:taboption("advanced", Flag, "legacy_rates", translate("Allow legacy 802.11b rates"))
236 legacyrates.rmempty = false
237 legacyrates.default = "1"
238
239 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
240 translate("Distance to farthest network member in meters."))
241
242 -- external antenna profiles
243 local eal = iw and iw.extant
244 if eal and #eal > 0 then
245 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
246 for _, eap in ipairs(eal) do
247 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
248 if eap.selected then
249 ea.default = eap.id
250 end
251 end
252 end
253
254 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
255 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
256
257 s:taboption("advanced", Flag, "noscan", translate("Force 40MHz mode"),
258 translate("Always use 40MHz channels even if the secondary channel overlaps. Using this option does not comply with IEEE 802.11n-2009!")).optional = true
259
260 beacon_int = s:taboption("advanced", Value, "beacon_int", translate("Beacon Interval"))
261 beacon_int.optional = true
262 beacon_int.placeholder = 100
263 beacon_int.datatype = "range(15,65535)"
264 end
265
266
267 ------------------- Broadcom Device ------------------
268
269 if hwtype == "broadcom" then
270 tp = s:taboption("general",
271 (#tx_power_list > 0) and ListValue or Value,
272 "txpower", translate("Transmit Power"), "dBm")
273
274 tp.rmempty = true
275 tp.default = tx_power_cur
276
277 function tp.cfgvalue(...)
278 return txpower_current(Value.cfgvalue(...), tx_power_list)
279 end
280
281 tp:value("", translate("auto"))
282 for _, p in ipairs(tx_power_list) do
283 tp:value(p.driver_dbm, "%i dBm (%i mW)"
284 %{ p.display_dbm, p.display_mw })
285 end
286
287 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
288 if hw_modes.b then
289 mode:value("11b", "2.4GHz (802.11b)")
290 if hw_modes.g then
291 mode:value("11bg", "2.4GHz (802.11b+g)")
292 end
293 end
294 if hw_modes.g then
295 mode:value("11g", "2.4GHz (802.11g)")
296 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
297 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
298 end
299 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
300 if hw_modes.n then
301 if hw_modes.g then
302 mode:value("11ng", "2.4GHz (802.11g+n)")
303 mode:value("11n", "2.4GHz (802.11n)")
304 end
305 if hw_modes.a then
306 mode:value("11na", "5GHz (802.11a+n)")
307 mode:value("11n", "5GHz (802.11n)")
308 end
309 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
310 htmode:depends("hwmode", "11ng")
311 htmode:depends("hwmode", "11na")
312 htmode:depends("hwmode", "11n")
313 htmode:value("HT20", "20MHz")
314 htmode:value("HT40", "40MHz")
315 end
316
317 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
318 ant1.widget = "radio"
319 ant1:depends("diversity", "")
320 ant1:value("3", translate("auto"))
321 ant1:value("0", translate("Antenna 1"))
322 ant1:value("1", translate("Antenna 2"))
323
324 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
325 ant2.widget = "radio"
326 ant2:depends("diversity", "")
327 ant2:value("3", translate("auto"))
328 ant2:value("0", translate("Antenna 1"))
329 ant2:value("1", translate("Antenna 2"))
330
331 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
332
333 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
334 --s:option(Value, "slottime", translate("Slot time"))
335
336 s:taboption("advanced", Value, "country", translate("Country Code"))
337 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
338 end
339
340
341 --------------------- HostAP Device ---------------------
342
343 if hwtype == "prism2" then
344 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
345
346 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
347
348 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
349 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
350 end
351
352
353 ----------------------- Interface -----------------------
354
355 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
356 s.addremove = false
357 s.anonymous = true
358 s.defaults.device = wdev:name()
359
360 s:tab("general", translate("General Setup"))
361 s:tab("encryption", translate("Wireless Security"))
362 s:tab("macfilter", translate("MAC-Filter"))
363 s:tab("advanced", translate("Advanced Settings"))
364
365 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
366 mode.override_values = true
367 mode:value("ap", translate("Access Point"))
368 mode:value("sta", translate("Client"))
369 mode:value("adhoc", translate("Ad-Hoc"))
370
371 meshid = s:taboption("general", Value, "mesh_id", translate("Mesh Id"))
372 meshid:depends({mode="mesh"})
373
374 meshfwd = s:taboption("advanced", Flag, "mesh_fwding", translate("Forward mesh peer traffic"))
375 meshfwd.rmempty = false
376 meshfwd.default = "1"
377 meshfwd:depends({mode="mesh"})
378
379 mesh_rssi_th = s:taboption("advanced", Value, "mesh_rssi_threshold",
380 translate("RSSI threshold for joining"),
381 translate("0 = not using RSSI threshold, 1 = do not change driver default"))
382 mesh_rssi_th.rmempty = false
383 mesh_rssi_th.default = "0"
384 mesh_rssi_th.datatype = "range(-255,1)"
385 mesh_rssi_th:depends({mode="mesh"})
386
387 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
388 ssid.datatype = "maxlength(32)"
389 ssid:depends({mode="ap"})
390 ssid:depends({mode="sta"})
391 ssid:depends({mode="adhoc"})
392 ssid:depends({mode="ahdemo"})
393 ssid:depends({mode="monitor"})
394 ssid:depends({mode="ap-wds"})
395 ssid:depends({mode="sta-wds"})
396 ssid:depends({mode="wds"})
397
398 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
399
400 network = s:taboption("general", Value, "network", translate("Network"),
401 translate("Choose the network(s) you want to attach to this wireless interface or " ..
402 "fill out the <em>create</em> field to define a new network."))
403
404 network.rmempty = true
405 network.template = "cbi/network_netlist"
406 network.widget = "checkbox"
407 network.novirtual = true
408
409 function network.write(self, section, value)
410 local i = nw:get_interface(section)
411 if i then
412 local _, net, old, new = nil, nil, {}, {}
413
414 for _, net in ipairs(i:get_networks()) do
415 old[net:name()] = true
416 end
417
418 for net in ut.imatch(value) do
419 new[net] = true
420 if not old[net] then
421 local n = nw:get_network(net) or nw:add_network(net, { proto = "none" })
422 if n then
423 if not n:is_empty() then
424 n:set("type", "bridge")
425 end
426 n:add_interface(i)
427 end
428 end
429 end
430
431 for net, _ in pairs(old) do
432 if not new[net] then
433 local n = nw:get_network(net)
434 if n then
435 n:del_interface(i)
436 end
437 end
438 end
439 end
440 end
441
442 -------------------- MAC80211 Interface ----------------------
443
444 if hwtype == "mac80211" then
445 if fs.access("/usr/sbin/iw") then
446 mode:value("mesh", "802.11s")
447 end
448
449 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
450 mode:value("monitor", translate("Monitor"))
451 bssid:depends({mode="adhoc"})
452 bssid:depends({mode="sta"})
453 bssid:depends({mode="sta-wds"})
454
455 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
456 mp:depends({mode="ap"})
457 mp:depends({mode="ap-wds"})
458 mp:value("", translate("disable"))
459 mp:value("allow", translate("Allow listed only"))
460 mp:value("deny", translate("Allow all except listed"))
461
462 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
463 ml.datatype = "macaddr"
464 ml:depends({macfilter="allow"})
465 ml:depends({macfilter="deny"})
466 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
467
468 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
469 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
470
471 function mode.write(self, section, value)
472 if value == "ap-wds" then
473 ListValue.write(self, section, "ap")
474 m.uci:set("wireless", section, "wds", 1)
475 elseif value == "sta-wds" then
476 ListValue.write(self, section, "sta")
477 m.uci:set("wireless", section, "wds", 1)
478 else
479 ListValue.write(self, section, value)
480 m.uci:delete("wireless", section, "wds")
481 end
482 end
483
484 function mode.cfgvalue(self, section)
485 local mode = ListValue.cfgvalue(self, section)
486 local wds = m.uci:get("wireless", section, "wds") == "1"
487
488 if mode == "ap" and wds then
489 return "ap-wds"
490 elseif mode == "sta" and wds then
491 return "sta-wds"
492 else
493 return mode
494 end
495 end
496
497 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
498 hidden:depends({mode="ap"})
499 hidden:depends({mode="ap-wds"})
500
501 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
502 wmm:depends({mode="ap"})
503 wmm:depends({mode="ap-wds"})
504 wmm.default = wmm.enabled
505
506 isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"),
507 translate("Prevents client-to-client communication"))
508 isolate:depends({mode="ap"})
509 isolate:depends({mode="ap-wds"})
510
511 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
512 ifname.optional = true
513
514 short_preamble = s:taboption("advanced", Flag, "short_preamble", translate("Short Preamble"))
515 short_preamble.default = short_preamble.enabled
516
517 dtim_period = s:taboption("advanced", Value, "dtim_period", translate("DTIM Interval"), translate("Delivery Traffic Indication Message Interval"))
518 dtim_period.optional = true
519 dtim_period.placeholder = 2
520 dtim_period.datatype = "range(1,255)"
521
522
523 wparekey = s:taboption("advanced", Value, "wpa_group_rekey", translate("Time interval for rekeying GTK"), translate("sec"))
524 wparekey.optional = true
525 wparekey.placeholder = 600
526 wparekey.datatype = "uinteger"
527
528 inactivitypool = s:taboption("advanced", Flag , "skip_inactivity_poll", translate("Disable Inactivity Polling"))
529 inactivitypool.optional = true
530 inactivitypool.datatype = "uinteger"
531
532 maxinactivity = s:taboption("advanced", Value, "max_inactivity", translate("Station inactivity limit"), translate("sec"))
533 maxinactivity.optional = true
534 maxinactivity.placeholder = 300
535 maxinactivity.datatype = "uinteger"
536
537 listeninterval = s:taboption("advanced", Value, "max_listen_interval", translate("Maximum allowed Listen Interval"))
538 listeninterval.optional = true
539 listeninterval.placeholder = 65535
540 listeninterval.datatype = "uinteger"
541
542 disassoc_low_ack = s:taboption("advanced", Flag, "disassoc_low_ack", translate("Disassociate On Low Acknowledgement"),
543 translate("Allow AP mode to disconnect STAs based on low ACK condition"))
544 disassoc_low_ack.default = disassoc_low_ack.enabled
545 end
546
547
548 -------------------- Broadcom Interface ----------------------
549
550 if hwtype == "broadcom" then
551 mode:value("wds", translate("WDS"))
552 mode:value("monitor", translate("Monitor"))
553
554 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
555 hidden:depends({mode="ap"})
556 hidden:depends({mode="adhoc"})
557 hidden:depends({mode="wds"})
558
559 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
560 translate("Prevents client-to-client communication"))
561 isolate:depends({mode="ap"})
562
563 s:taboption("advanced", Flag, "doth", "802.11h")
564 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
565
566 bssid:depends({mode="wds"})
567 bssid:depends({mode="adhoc"})
568 end
569
570
571 ----------------------- HostAP Interface ---------------------
572
573 if hwtype == "prism2" then
574 mode:value("wds", translate("WDS"))
575 mode:value("monitor", translate("Monitor"))
576
577 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
578 hidden:depends({mode="ap"})
579 hidden:depends({mode="adhoc"})
580 hidden:depends({mode="wds"})
581
582 bssid:depends({mode="sta"})
583
584 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
585 mp:value("", translate("disable"))
586 mp:value("allow", translate("Allow listed only"))
587 mp:value("deny", translate("Allow all except listed"))
588 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
589 ml:depends({macpolicy="allow"})
590 ml:depends({macpolicy="deny"})
591 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
592
593 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
594 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
595 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
596 end
597
598
599 ------------------- WiFI-Encryption -------------------
600
601 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
602 encr.override_values = true
603 encr.override_depends = true
604 encr:depends({mode="ap"})
605 encr:depends({mode="sta"})
606 encr:depends({mode="adhoc"})
607 encr:depends({mode="ahdemo"})
608 encr:depends({mode="ap-wds"})
609 encr:depends({mode="sta-wds"})
610 encr:depends({mode="mesh"})
611
612 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
613 cipher:depends({encryption="wpa"})
614 cipher:depends({encryption="wpa2"})
615 cipher:depends({encryption="psk"})
616 cipher:depends({encryption="psk2"})
617 cipher:depends({encryption="wpa-mixed"})
618 cipher:depends({encryption="psk-mixed"})
619 cipher:value("auto", translate("auto"))
620 cipher:value("ccmp", translate("Force CCMP (AES)"))
621 cipher:value("tkip", translate("Force TKIP"))
622 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
623
624 function encr.cfgvalue(self, section)
625 local v = tostring(ListValue.cfgvalue(self, section))
626 if v == "wep" then
627 return "wep-open"
628 elseif v and v:match("%+") then
629 return (v:gsub("%+.+$", ""))
630 end
631 return v
632 end
633
634 function encr.write(self, section, value)
635 local e = tostring(encr:formvalue(section))
636 local c = tostring(cipher:formvalue(section))
637 if value == "wpa" or value == "wpa2" then
638 self.map.uci:delete("wireless", section, "key")
639 end
640 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
641 e = e .. "+" .. c
642 end
643 self.map:set(section, "encryption", e)
644 end
645
646 function cipher.cfgvalue(self, section)
647 local v = tostring(ListValue.cfgvalue(encr, section))
648 if v and v:match("%+") then
649 v = v:gsub("^[^%+]+%+", "")
650 if v == "aes" then v = "ccmp"
651 elseif v == "tkip+aes" then v = "tkip+ccmp"
652 elseif v == "aes+tkip" then v = "tkip+ccmp"
653 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
654 end
655 end
656 return v
657 end
658
659 function cipher.write(self, section)
660 return encr:write(section)
661 end
662
663
664 encr:value("none", "No Encryption")
665 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
666 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
667
668 if hwtype == "mac80211" or hwtype == "prism2" then
669 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
670 local hostapd = fs.access("/usr/sbin/hostapd")
671
672 -- Probe EAP support
673 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
674 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
675
676 if hostapd and supplicant then
677 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
678 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
679 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
680 encr:value("sae", "SAE", {mode="mesh"})
681 if has_ap_eap and has_sta_eap then
682 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
683 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
684 end
685 elseif hostapd and not supplicant then
686 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
687 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
688 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
689 if has_ap_eap then
690 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
691 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
692 end
693 encr.description = translate(
694 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
695 "and ad-hoc mode) to be installed."
696 )
697 elseif not hostapd and supplicant then
698 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
699 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
700 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
701 encr:value("sae", "SAE", {mode="mesh"})
702 if has_sta_eap then
703 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
704 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
705 end
706 encr.description = translate(
707 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
708 "and ad-hoc mode) to be installed."
709 )
710 else
711 encr.description = translate(
712 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
713 "and ad-hoc mode) to be installed."
714 )
715 end
716 elseif hwtype == "broadcom" then
717 encr:value("psk", "WPA-PSK")
718 encr:value("psk2", "WPA2-PSK")
719 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
720 end
721
722 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
723 auth_server:depends({mode="ap", encryption="wpa"})
724 auth_server:depends({mode="ap", encryption="wpa2"})
725 auth_server:depends({mode="ap-wds", encryption="wpa"})
726 auth_server:depends({mode="ap-wds", encryption="wpa2"})
727 auth_server.rmempty = true
728 auth_server.datatype = "host(0)"
729
730 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
731 auth_port:depends({mode="ap", encryption="wpa"})
732 auth_port:depends({mode="ap", encryption="wpa2"})
733 auth_port:depends({mode="ap-wds", encryption="wpa"})
734 auth_port:depends({mode="ap-wds", encryption="wpa2"})
735 auth_port.rmempty = true
736 auth_port.datatype = "port"
737
738 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
739 auth_secret:depends({mode="ap", encryption="wpa"})
740 auth_secret:depends({mode="ap", encryption="wpa2"})
741 auth_secret:depends({mode="ap-wds", encryption="wpa"})
742 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
743 auth_secret.rmempty = true
744 auth_secret.password = true
745
746 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
747 acct_server:depends({mode="ap", encryption="wpa"})
748 acct_server:depends({mode="ap", encryption="wpa2"})
749 acct_server:depends({mode="ap-wds", encryption="wpa"})
750 acct_server:depends({mode="ap-wds", encryption="wpa2"})
751 acct_server.rmempty = true
752 acct_server.datatype = "host(0)"
753
754 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
755 acct_port:depends({mode="ap", encryption="wpa"})
756 acct_port:depends({mode="ap", encryption="wpa2"})
757 acct_port:depends({mode="ap-wds", encryption="wpa"})
758 acct_port:depends({mode="ap-wds", encryption="wpa2"})
759 acct_port.rmempty = true
760 acct_port.datatype = "port"
761
762 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
763 acct_secret:depends({mode="ap", encryption="wpa"})
764 acct_secret:depends({mode="ap", encryption="wpa2"})
765 acct_secret:depends({mode="ap-wds", encryption="wpa"})
766 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
767 acct_secret.rmempty = true
768 acct_secret.password = true
769
770 dae_client = s:taboption("encryption", Value, "dae_client", translate("DAE-Client"))
771 dae_client:depends({mode="ap", encryption="wpa"})
772 dae_client:depends({mode="ap", encryption="wpa2"})
773 dae_client:depends({mode="ap-wds", encryption="wpa"})
774 dae_client:depends({mode="ap-wds", encryption="wpa2"})
775 dae_client.rmempty = true
776 dae_client.datatype = "host(0)"
777
778 dae_port = s:taboption("encryption", Value, "dae_port", translate("DAE-Port"), translatef("Default %d", 3799))
779 dae_port:depends({mode="ap", encryption="wpa"})
780 dae_port:depends({mode="ap", encryption="wpa2"})
781 dae_port:depends({mode="ap-wds", encryption="wpa"})
782 dae_port:depends({mode="ap-wds", encryption="wpa2"})
783 dae_port.rmempty = true
784 dae_port.datatype = "port"
785
786 dae_secret = s:taboption("encryption", Value, "dae_secret", translate("DAE-Secret"))
787 dae_secret:depends({mode="ap", encryption="wpa"})
788 dae_secret:depends({mode="ap", encryption="wpa2"})
789 dae_secret:depends({mode="ap-wds", encryption="wpa"})
790 dae_secret:depends({mode="ap-wds", encryption="wpa2"})
791 dae_secret.rmempty = true
792 dae_secret.password = true
793
794 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
795 wpakey:depends("encryption", "psk")
796 wpakey:depends("encryption", "psk2")
797 wpakey:depends("encryption", "psk+psk2")
798 wpakey:depends("encryption", "psk-mixed")
799 wpakey.datatype = "wpakey"
800 wpakey.rmempty = true
801 wpakey.password = true
802
803 wpakey.cfgvalue = function(self, section, value)
804 local key = m.uci:get("wireless", section, "key")
805 if key == "1" or key == "2" or key == "3" or key == "4" then
806 return nil
807 end
808 return key
809 end
810
811 wpakey.write = function(self, section, value)
812 self.map.uci:set("wireless", section, "key", value)
813 self.map.uci:delete("wireless", section, "key1")
814 end
815
816
817 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
818 wepslot:depends("encryption", "wep-open")
819 wepslot:depends("encryption", "wep-shared")
820 wepslot:value("1", translatef("Key #%d", 1))
821 wepslot:value("2", translatef("Key #%d", 2))
822 wepslot:value("3", translatef("Key #%d", 3))
823 wepslot:value("4", translatef("Key #%d", 4))
824
825 wepslot.cfgvalue = function(self, section)
826 local slot = tonumber(m.uci:get("wireless", section, "key"))
827 if not slot or slot < 1 or slot > 4 then
828 return 1
829 end
830 return slot
831 end
832
833 wepslot.write = function(self, section, value)
834 self.map.uci:set("wireless", section, "key", value)
835 end
836
837 local slot
838 for slot=1,4 do
839 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
840 wepkey:depends("encryption", "wep-open")
841 wepkey:depends("encryption", "wep-shared")
842 wepkey.datatype = "wepkey"
843 wepkey.rmempty = true
844 wepkey.password = true
845
846 function wepkey.write(self, section, value)
847 if value and (#value == 5 or #value == 13) then
848 value = "s:" .. value
849 end
850 return Value.write(self, section, value)
851 end
852 end
853
854 saekey = s:taboption("encryption", Value, "_sae_key", translate("Key"))
855 saekey:depends("encryption", "sae")
856 saekey.rmempty = true
857 saekey.datatype = "wpakey"
858 saekey.password = true
859
860 saekey.cfgvalue = function(self, section, value)
861 local key = m.uci:get("wireless", section, "key")
862 return key
863 end
864
865 saekey.write = function(self, section, value)
866 self.map.uci:set("wireless", section, "key", value)
867 end
868
869 if hwtype == "mac80211" or hwtype == "prism2" then
870
871 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
872 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
873
874 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
875 translate("802.11r Fast Transition"),
876 translate("Enables fast roaming among access points that belong " ..
877 "to the same Mobility Domain"))
878 ieee80211r:depends({mode="ap", encryption="wpa"})
879 ieee80211r:depends({mode="ap", encryption="wpa2"})
880 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
881 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
882 if has_80211r then
883 ieee80211r:depends({mode="ap", encryption="psk"})
884 ieee80211r:depends({mode="ap", encryption="psk2"})
885 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
886 ieee80211r:depends({mode="ap-wds", encryption="psk"})
887 ieee80211r:depends({mode="ap-wds", encryption="psk2"})
888 ieee80211r:depends({mode="ap-wds", encryption="psk-mixed"})
889 end
890 ieee80211r.rmempty = true
891
892 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
893 translate("Used for two different purposes: RADIUS NAS ID and " ..
894 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
895 nasid:depends({mode="ap", encryption="wpa"})
896 nasid:depends({mode="ap", encryption="wpa2"})
897 nasid:depends({mode="ap-wds", encryption="wpa"})
898 nasid:depends({mode="ap-wds", encryption="wpa2"})
899 nasid:depends({ieee80211r="1"})
900 nasid.rmempty = true
901
902 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
903 translate("Mobility Domain"),
904 translate("4-character hexadecimal ID"))
905 mobility_domain:depends({ieee80211r="1"})
906 mobility_domain.placeholder = "4f57"
907 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
908 mobility_domain.rmempty = true
909
910 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
911 translate("Reassociation Deadline"),
912 translate("time units (TUs / 1.024 ms) [1000-65535]"))
913 reassociation_deadline:depends({ieee80211r="1"})
914 reassociation_deadline.placeholder = "1000"
915 reassociation_deadline.datatype = "range(1000,65535)"
916 reassociation_deadline.rmempty = true
917
918 ft_protocol = s:taboption("encryption", ListValue, "ft_over_ds", translate("FT protocol"))
919 ft_protocol:depends({ieee80211r="1"})
920 ft_protocol:value("1", translatef("FT over DS"))
921 ft_protocol:value("0", translatef("FT over the Air"))
922 ft_protocol.rmempty = true
923
924 ft_psk_generate_local = s:taboption("encryption", Flag, "ft_psk_generate_local",
925 translate("Generate PMK locally"),
926 translate("When using a PSK, the PMK can be automatically generated. When enabled, the R0/R1 key options below are not applied. Disable this to use the R0 and R1 key options."))
927 ft_psk_generate_local:depends({ieee80211r="1"})
928 ft_psk_generate_local.default = ft_psk_generate_local.enabled
929 ft_psk_generate_local.rmempty = false
930
931 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
932 translate("R0 Key Lifetime"), translate("minutes"))
933 r0_key_lifetime:depends({ieee80211r="1"})
934 r0_key_lifetime.placeholder = "10000"
935 r0_key_lifetime.datatype = "uinteger"
936 r0_key_lifetime.rmempty = true
937
938 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
939 translate("R1 Key Holder"),
940 translate("6-octet identifier as a hex string - no colons"))
941 r1_key_holder:depends({ieee80211r="1"})
942 r1_key_holder.placeholder = "00004f577274"
943 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
944 r1_key_holder.rmempty = true
945
946 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
947 pmk_r1_push:depends({ieee80211r="1"})
948 pmk_r1_push.placeholder = "0"
949 pmk_r1_push.rmempty = true
950
951 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
952 translate("List of R0KHs in the same Mobility Domain. " ..
953 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
954 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
955 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
956 "used during the Initial Mobility Domain Association."))
957 r0kh:depends({ieee80211r="1"})
958 r0kh.rmempty = true
959
960 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
961 translate ("List of R1KHs in the same Mobility Domain. "..
962 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
963 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
964 "when sending PMK-R1 key from the R0KH. This is also the " ..
965 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
966 r1kh:depends({ieee80211r="1"})
967 r1kh.rmempty = true
968 -- End of 802.11r options
969
970 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
971 eaptype:value("tls", "TLS")
972 eaptype:value("ttls", "TTLS")
973 eaptype:value("peap", "PEAP")
974 eaptype:value("fast", "FAST")
975 eaptype:depends({mode="sta", encryption="wpa"})
976 eaptype:depends({mode="sta", encryption="wpa2"})
977 eaptype:depends({mode="sta-wds", encryption="wpa"})
978 eaptype:depends({mode="sta-wds", encryption="wpa2"})
979
980 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
981 cacert:depends({mode="sta", encryption="wpa"})
982 cacert:depends({mode="sta", encryption="wpa2"})
983 cacert:depends({mode="sta-wds", encryption="wpa"})
984 cacert:depends({mode="sta-wds", encryption="wpa2"})
985 cacert.rmempty = true
986
987 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
988 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
989 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
990 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
991 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
992
993 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
994 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
995 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
996 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
997 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
998
999 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
1000 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1001 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
1002 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1003 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1004 privkeypwd.rmempty = true
1005 privkeypwd.password = true
1006
1007 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
1008 auth:value("PAP", "PAP", {eap_type="ttls"})
1009 auth:value("CHAP", "CHAP", {eap_type="ttls"})
1010 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
1011 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
1012 auth:value("EAP-GTC")
1013 auth:value("EAP-MD5")
1014 auth:value("EAP-MSCHAPV2")
1015 auth:value("EAP-TLS")
1016 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1017 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
1018 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1019 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
1020 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1021 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1022 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1023 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1024 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1025 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1026 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1027 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1028
1029 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
1030 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1031 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1032 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1033 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1034
1035 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
1036 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1037 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1038 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1039 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1040
1041 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
1042 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1043 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1044 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1045 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1046
1047 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
1048 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1049 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1050 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1051 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1052 privkeypwd2.rmempty = true
1053 privkeypwd2.password = true
1054
1055 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
1056 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1057 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1058 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1059 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1060 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1061 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1062 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1063 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1064 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1065 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1066 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1067 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1068 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1069 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1070 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1071 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1072
1073 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
1074 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1075 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1076 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1077 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1078 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1079 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1080 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1081 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1082 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1083 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1084 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1085 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1086 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1087 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1088 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1089 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1090
1091 password = s:taboption("encryption", Value, "password", translate("Password"))
1092 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1093 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
1094 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1095 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
1096 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1097 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1098 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1099 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1100 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1101 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1102 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1103 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1104 password.rmempty = true
1105 password.password = true
1106 end
1107
1108 -- ieee802.11w options
1109 if hwtype == "mac80211" then
1110 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
1111 if has_80211w then
1112 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
1113 translate("802.11w Management Frame Protection"),
1114 translate("Requires the 'full' version of wpad/hostapd " ..
1115 "and support from the wifi driver <br />(as of Jan 2019: " ..
1116 "ath9k, ath10k, mwlwifi and mt76)"))
1117 ieee80211w.default = ""
1118 ieee80211w.rmempty = true
1119 ieee80211w:value("", translate("Disabled (default)"))
1120 ieee80211w:value("1", translate("Optional"))
1121 ieee80211w:value("2", translate("Required"))
1122 ieee80211w:depends({mode="ap", encryption="wpa2"})
1123 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
1124 ieee80211w:depends({mode="ap", encryption="psk2"})
1125 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
1126 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
1127 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1128
1129 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1130 translate("802.11w maximum timeout"),
1131 translate("802.11w Association SA Query maximum timeout"))
1132 max_timeout:depends({ieee80211w="1"})
1133 max_timeout:depends({ieee80211w="2"})
1134 max_timeout.datatype = "uinteger"
1135 max_timeout.placeholder = "1000"
1136 max_timeout.rmempty = true
1137
1138 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1139 translate("802.11w retry timeout"),
1140 translate("802.11w Association SA Query retry timeout"))
1141 retry_timeout:depends({ieee80211w="1"})
1142 retry_timeout:depends({ieee80211w="2"})
1143 retry_timeout.datatype = "uinteger"
1144 retry_timeout.placeholder = "201"
1145 retry_timeout.rmempty = true
1146 end
1147
1148 key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
1149 translate("Enable key reinstallation (KRACK) countermeasures"),
1150 translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
1151
1152 key_retries:depends({mode="ap", encryption="wpa2"})
1153 key_retries:depends({mode="ap", encryption="psk2"})
1154 key_retries:depends({mode="ap", encryption="psk-mixed"})
1155 key_retries:depends({mode="ap-wds", encryption="wpa2"})
1156 key_retries:depends({mode="ap-wds", encryption="psk2"})
1157 key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
1158 end
1159
1160 if hwtype == "mac80211" or hwtype == "prism2" then
1161 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1162 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1163 if hostcli and wpasupplicant then
1164 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1165 wps.enabled = "1"
1166 wps.disabled = "0"
1167 wps.rmempty = false
1168 wps:depends("encryption", "psk")
1169 wps:depends("encryption", "psk2")
1170 wps:depends("encryption", "psk-mixed")
1171 end
1172 end
1173
1174 return m
Lua Configuration Interface (mirror)