diff options
| author | Jesus Fernandez Manzano <jesus.manzano@galgus.ai> | 2024-01-23 10:49:34 +0100 |
|---|---|---|
| committer | Jesus Fernandez Manzano <jesus.manzano@galgus.ai> | 2024-01-23 10:49:34 +0100 |
| commit | 4c76a91fd7aabdef0a8bc8769727b909e994a628 (patch) | |
| tree | fa3e1b85104e5e93d28c401d4cec0e523d64dbdd /modules/luci-mod-network | |
| parent | 87734b841d4de8385fe4a1d0c11440be01ccc7d8 (diff) | |
luci-mod-network: wireless.js: fix 802.11r dependencies
Don't allow enabling 802.11r when using WPA, it needs at least WPA2.
This is because 802.11r advertises FT support in-part through the
Authentication and Key Management (AKM) suites in the Robust
Security Network (RSN) Information Element, which was included in
the 802.11i amendment and WPA2 certification program.
Pre-standard WPA did not include the RSN IE, but the WPA IE.
This IE can not advertise the AKM suite for FT.
Also restrict ft_psk_generate_local to psk2 and psk-mixed. Using it
with non-psk encryptions breaks roaming.
Signed-off-by: Jesus Fernandez Manzano <jesus.manzano@galgus.ai>
Diffstat (limited to 'modules/luci-mod-network')
| -rw-r--r-- | modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js index 80ab426a0e..e51eb023c8 100644 --- a/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js +++ b/modules/luci-mod-network/htdocs/luci-static/resources/view/network/wireless.js @@ -1548,9 +1548,9 @@ return view.extend({ var has_80211r = L.hasSystemFeature('hostapd', '11r') || L.hasSystemFeature('hostapd', 'eap'); o = ss.taboption('roaming', form.Flag, 'ieee80211r', _('802.11r Fast Transition'), _('Enables fast roaming among access points that belong to the same Mobility Domain')); - add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa', 'wpa2', 'wpa3', 'wpa3-mixed'] }); + add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['wpa2', 'wpa3', 'wpa3-mixed'] }); if (has_80211r) - add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk', 'psk2', 'psk-mixed', 'sae', 'sae-mixed'] }); + add_dependency_permutations(o, { mode: ['ap', 'ap-wds'], encryption: ['psk2', 'psk-mixed', 'sae', 'sae-mixed'] }); o.rmempty = true; o = ss.taboption('roaming', form.Value, 'nasid', _('NAS ID'), _('Used for two different purposes: RADIUS NAS ID and 802.11r R0KH-ID. Not needed with normal WPA(2)-PSK.')); @@ -1577,7 +1577,7 @@ return view.extend({ o.rmempty = true; o = ss.taboption('roaming', form.Flag, 'ft_psk_generate_local', _('Generate PMK locally'), _('When using a PSK, the PMK can be automatically generated. When enabled, the R0/R1 key options below are not applied. Disable this to use the R0 and R1 key options.')); - o.depends({ ieee80211r: '1' }); + add_dependency_permutations(o, { ieee80211r: ['1'], mode: ['ap', 'ap-wds'], encryption: ['psk2', 'psk-mixed'] }); o.default = o.enabled; o.rmempty = false; |