summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorJo-Philipp Wich <jo@mein.io>2017-10-17 22:19:08 +0200
committerJo-Philipp Wich <jo@mein.io>2017-10-17 22:19:08 +0200
commit48ed00e5b9cda33a29188a3b9833c9a86051fd0a (patch)
treeafdf77f9010a99bc81ba247528e290424c34b04a
parent27fbdada6c78464fd54f5a9bcf8ddf0dae0fc7b2 (diff)
luci-mod-admin-full: wifi: expose "wpa_disable_eapol_key_retries" option
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
-rw-r--r--modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua11
1 files changed, 11 insertions, 0 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index f431c26a0e..e4f512b662 100644
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -1018,6 +1018,17 @@ if hwtype == "mac80211" then
retry_timeout.placeholder = "201"
retry_timeout.rmempty = true
end
+
+ local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+ translate("Enable key reinstallation (KRACK) countermeasures"),
+ translate("Works around key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+ key_retries:depends({mode="ap", encryption="wpa2"})
+ key_retries:depends({mode="ap", encryption="psk2"})
+ key_retries:depends({mode="ap", encryption="psk-mixed"})
+ key_retries:depends({mode="ap-wds", encryption="wpa2"})
+ key_retries:depends({mode="ap-wds", encryption="psk2"})
+ key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
end
if hwtype == "mac80211" or hwtype == "prism2" then