diff options
Diffstat (limited to 'modules/luci-mod-admin-full')
-rw-r--r-- | modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua | 87 |
1 files changed, 49 insertions, 38 deletions
diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua index 51913729d..f9a2dee6c 100644 --- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua +++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua @@ -460,7 +460,7 @@ if hwtype == "mac80211" then wmm:depends({mode="ap"}) wmm:depends({mode="ap-wds"}) wmm.default = wmm.enabled - + isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"), translate("Prevents client-to-client communication")) isolate:depends({mode="ap"}) @@ -981,43 +981,54 @@ end -- ieee802.11w options if hwtype == "mac80211" then - local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0) - if has_80211w then - ieee80211w = s:taboption("encryption", ListValue, "ieee80211w", - translate("802.11w Management Frame Protection"), - translate("Requires the 'full' version of wpad/hostapd " .. - "and support from the wifi driver <br />(as of Feb 2017: " .. - "ath9k and ath10k, in LEDE also mwlwifi and mt76)")) - ieee80211w.default = "" - ieee80211w.rmempty = true - ieee80211w:value("", translate("Disabled (default)")) - ieee80211w:value("1", translate("Optional")) - ieee80211w:value("2", translate("Required")) - ieee80211w:depends({mode="ap", encryption="wpa2"}) - ieee80211w:depends({mode="ap-wds", encryption="wpa2"}) - ieee80211w:depends({mode="ap", encryption="psk2"}) - ieee80211w:depends({mode="ap", encryption="psk-mixed"}) - ieee80211w:depends({mode="ap-wds", encryption="psk2"}) - ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"}) - - max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout", - translate("802.11w maximum timeout"), - translate("802.11w Association SA Query maximum timeout")) - max_timeout:depends({ieee80211w="1"}) - max_timeout:depends({ieee80211w="2"}) - max_timeout.datatype = "uinteger" - max_timeout.placeholder = "1000" - max_timeout.rmempty = true - - retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout", - translate("802.11w retry timeout"), - translate("802.11w Association SA Query retry timeout")) - retry_timeout:depends({ieee80211w="1"}) - retry_timeout:depends({ieee80211w="2"}) - retry_timeout.datatype = "uinteger" - retry_timeout.placeholder = "201" - retry_timeout.rmempty = true - end + local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0) + if has_80211w then + ieee80211w = s:taboption("encryption", ListValue, "ieee80211w", + translate("802.11w Management Frame Protection"), + translate("Requires the 'full' version of wpad/hostapd " .. + "and support from the wifi driver <br />(as of Feb 2017: " .. + "ath9k and ath10k, in LEDE also mwlwifi and mt76)")) + ieee80211w.default = "" + ieee80211w.rmempty = true + ieee80211w:value("", translate("Disabled (default)")) + ieee80211w:value("1", translate("Optional")) + ieee80211w:value("2", translate("Required")) + ieee80211w:depends({mode="ap", encryption="wpa2"}) + ieee80211w:depends({mode="ap-wds", encryption="wpa2"}) + ieee80211w:depends({mode="ap", encryption="psk2"}) + ieee80211w:depends({mode="ap", encryption="psk-mixed"}) + ieee80211w:depends({mode="ap-wds", encryption="psk2"}) + ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"}) + + max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout", + translate("802.11w maximum timeout"), + translate("802.11w Association SA Query maximum timeout")) + max_timeout:depends({ieee80211w="1"}) + max_timeout:depends({ieee80211w="2"}) + max_timeout.datatype = "uinteger" + max_timeout.placeholder = "1000" + max_timeout.rmempty = true + + retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout", + translate("802.11w retry timeout"), + translate("802.11w Association SA Query retry timeout")) + retry_timeout:depends({ieee80211w="1"}) + retry_timeout:depends({ieee80211w="2"}) + retry_timeout.datatype = "uinteger" + retry_timeout.placeholder = "201" + retry_timeout.rmempty = true + end + + local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries", + translate("Enable key reinstallation (KRACK) countermeasures"), + translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load.")) + + key_retries:depends({mode="ap", encryption="wpa2"}) + key_retries:depends({mode="ap", encryption="psk2"}) + key_retries:depends({mode="ap", encryption="psk-mixed"}) + key_retries:depends({mode="ap-wds", encryption="wpa2"}) + key_retries:depends({mode="ap-wds", encryption="psk2"}) + key_retries:depends({mode="ap-wds", encryption="psk-mixed"}) end if hwtype == "mac80211" or hwtype == "prism2" then |