summaryrefslogtreecommitdiffhomepage
path: root/modules/luci-mod-admin-full
diff options
context:
space:
mode:
Diffstat (limited to 'modules/luci-mod-admin-full')
-rw-r--r--modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua87
1 files changed, 49 insertions, 38 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index 51913729d..f9a2dee6c 100644
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -460,7 +460,7 @@ if hwtype == "mac80211" then
wmm:depends({mode="ap"})
wmm:depends({mode="ap-wds"})
wmm.default = wmm.enabled
-
+
isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"),
translate("Prevents client-to-client communication"))
isolate:depends({mode="ap"})
@@ -981,43 +981,54 @@ end
-- ieee802.11w options
if hwtype == "mac80211" then
- local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
- if has_80211w then
- ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
- translate("802.11w Management Frame Protection"),
- translate("Requires the 'full' version of wpad/hostapd " ..
- "and support from the wifi driver <br />(as of Feb 2017: " ..
- "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
- ieee80211w.default = ""
- ieee80211w.rmempty = true
- ieee80211w:value("", translate("Disabled (default)"))
- ieee80211w:value("1", translate("Optional"))
- ieee80211w:value("2", translate("Required"))
- ieee80211w:depends({mode="ap", encryption="wpa2"})
- ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
- ieee80211w:depends({mode="ap", encryption="psk2"})
- ieee80211w:depends({mode="ap", encryption="psk-mixed"})
- ieee80211w:depends({mode="ap-wds", encryption="psk2"})
- ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
-
- max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
- translate("802.11w maximum timeout"),
- translate("802.11w Association SA Query maximum timeout"))
- max_timeout:depends({ieee80211w="1"})
- max_timeout:depends({ieee80211w="2"})
- max_timeout.datatype = "uinteger"
- max_timeout.placeholder = "1000"
- max_timeout.rmempty = true
-
- retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
- translate("802.11w retry timeout"),
- translate("802.11w Association SA Query retry timeout"))
- retry_timeout:depends({ieee80211w="1"})
- retry_timeout:depends({ieee80211w="2"})
- retry_timeout.datatype = "uinteger"
- retry_timeout.placeholder = "201"
- retry_timeout.rmempty = true
- end
+ local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
+ if has_80211w then
+ ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
+ translate("802.11w Management Frame Protection"),
+ translate("Requires the 'full' version of wpad/hostapd " ..
+ "and support from the wifi driver <br />(as of Feb 2017: " ..
+ "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
+ ieee80211w.default = ""
+ ieee80211w.rmempty = true
+ ieee80211w:value("", translate("Disabled (default)"))
+ ieee80211w:value("1", translate("Optional"))
+ ieee80211w:value("2", translate("Required"))
+ ieee80211w:depends({mode="ap", encryption="wpa2"})
+ ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
+ ieee80211w:depends({mode="ap", encryption="psk2"})
+ ieee80211w:depends({mode="ap", encryption="psk-mixed"})
+ ieee80211w:depends({mode="ap-wds", encryption="psk2"})
+ ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
+
+ max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
+ translate("802.11w maximum timeout"),
+ translate("802.11w Association SA Query maximum timeout"))
+ max_timeout:depends({ieee80211w="1"})
+ max_timeout:depends({ieee80211w="2"})
+ max_timeout.datatype = "uinteger"
+ max_timeout.placeholder = "1000"
+ max_timeout.rmempty = true
+
+ retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
+ translate("802.11w retry timeout"),
+ translate("802.11w Association SA Query retry timeout"))
+ retry_timeout:depends({ieee80211w="1"})
+ retry_timeout:depends({ieee80211w="2"})
+ retry_timeout.datatype = "uinteger"
+ retry_timeout.placeholder = "201"
+ retry_timeout.rmempty = true
+ end
+
+ local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+ translate("Enable key reinstallation (KRACK) countermeasures"),
+ translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+ key_retries:depends({mode="ap", encryption="wpa2"})
+ key_retries:depends({mode="ap", encryption="psk2"})
+ key_retries:depends({mode="ap", encryption="psk-mixed"})
+ key_retries:depends({mode="ap-wds", encryption="wpa2"})
+ key_retries:depends({mode="ap-wds", encryption="psk2"})
+ key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
end
if hwtype == "mac80211" or hwtype == "prism2" then