privkeypwd2, r0_key_lifetime, r0kh, r1_key_holder, r1kh,
reassociation_deadline, retry_timeout, ssid, st, tp, wepkey, wepslot,
wmm, wpakey, wps, disassoc_low_ack, short_preamble, beacon_int, dtim_period,
- wparekey, inactivitypool, maxinactivity, listeninterval
+ wparekey, inactivitypool, maxinactivity, listeninterval,
+ dae_client, dae_port, dae_port
+
arg[1] = arg[1] or ""
acct_secret.rmempty = true
acct_secret.password = true
+dae_client = s:taboption("encryption", Value, "dae_client", translate("DAE-Client"))
+dae_client:depends({mode="ap", encryption="wpa"})
+dae_client:depends({mode="ap", encryption="wpa2"})
+dae_client:depends({mode="ap-wds", encryption="wpa"})
+dae_client:depends({mode="ap-wds", encryption="wpa2"})
+dae_client.rmempty = true
+dae_client.datatype = "host(0)"
+
+dae_port = s:taboption("encryption", Value, "dae_port", translate("DAE-Port"), translatef("Default %d", 3799))
+dae_port:depends({mode="ap", encryption="wpa"})
+dae_port:depends({mode="ap", encryption="wpa2"})
+dae_port:depends({mode="ap-wds", encryption="wpa"})
+dae_port:depends({mode="ap-wds", encryption="wpa2"})
+dae_port.rmempty = true
+dae_port.datatype = "port"
+
+dae_secret = s:taboption("encryption", Value, "dae_secret", translate("DAE-Secret"))
+dae_secret:depends({mode="ap", encryption="wpa"})
+dae_secret:depends({mode="ap", encryption="wpa2"})
+dae_secret:depends({mode="ap-wds", encryption="wpa"})
+dae_secret:depends({mode="ap-wds", encryption="wpa2"})
+dae_secret.rmempty = true
+dae_secret.password = true
+
wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
wpakey:depends("encryption", "psk")
wpakey:depends("encryption", "psk2")
ft_psk_generate_local = s:taboption("encryption", Flag, "ft_psk_generate_local",
translate("Generate PMK locally"),
- translate("When using a PSK, the PMK can be generated locally without inter AP communications"))
+ translate("When using a PSK, the PMK can be automatically generated. When enabled, the R0/R1 key options below are not applied. Disable this to use the R0 and R1 key options."))
ft_psk_generate_local:depends({ieee80211r="1"})
+ ft_psk_generate_local.default = ft_psk_generate_local.enabled
+ ft_psk_generate_local.rmempty = false
r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
translate("R0 Key Lifetime"), translate("minutes"))
- r0_key_lifetime:depends({ieee80211r="1", ft_psk_generate_local=""})
+ r0_key_lifetime:depends({ieee80211r="1"})
r0_key_lifetime.placeholder = "10000"
r0_key_lifetime.datatype = "uinteger"
r0_key_lifetime.rmempty = true
r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
translate("R1 Key Holder"),
translate("6-octet identifier as a hex string - no colons"))
- r1_key_holder:depends({ieee80211r="1", ft_psk_generate_local=""})
+ r1_key_holder:depends({ieee80211r="1"})
r1_key_holder.placeholder = "00004f577274"
r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
r1_key_holder.rmempty = true
pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
- pmk_r1_push:depends({ieee80211r="1", ft_psk_generate_local=""})
+ pmk_r1_push:depends({ieee80211r="1"})
pmk_r1_push.placeholder = "0"
pmk_r1_push.rmempty = true
"<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
"MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
"used during the Initial Mobility Domain Association."))
- r0kh:depends({ieee80211r="1", ft_psk_generate_local=""})
+ r0kh:depends({ieee80211r="1"})
r0kh.rmempty = true
r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
"<br />This list is used to map R1KH-ID to a destination MAC address " ..
"when sending PMK-R1 key from the R0KH. This is also the " ..
"list of authorized R1KHs in the MD that can request PMK-R1 keys."))
- r1kh:depends({ieee80211r="1", ft_psk_generate_local=""})
+ r1kh:depends({ieee80211r="1"})
r1kh.rmempty = true
-- End of 802.11r options
ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
translate("802.11w Management Frame Protection"),
translate("Requires the 'full' version of wpad/hostapd " ..
- "and support from the wifi driver <br />(as of Feb 2017: " ..
- "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
+ "and support from the wifi driver <br />(as of Jan 2019: " ..
+ "ath9k, ath10k, mwlwifi and mt76)"))
ieee80211w.default = ""
ieee80211w.rmempty = true
ieee80211w:value("", translate("Disabled (default)"))