2018-01-23 14:36:03 +00:00
-- Copyright 2008 Steven Barth <steven@midlink.org>
-- Licensed to the public under the Apache License 2.0.
local wa = require " luci.tools.webadmin "
local nw = require " luci.model.network "
local ut = require " luci.util "
local nt = require " luci.sys " . net
local fs = require " nixio.fs "
2018-05-25 12:36:55 +00:00
local acct_port , acct_secret , acct_server , anonymous_identity , ant1 , ant2 ,
auth , auth_port , auth_secret , auth_server , bssid , cacert , cacert2 ,
cc , ch , cipher , clientcert , clientcert2 , ea , eaptype , en , encr ,
ft_protocol , ft_psk_generate_local , hidden , htmode , identity ,
ieee80211r , ieee80211w , ifname , isolate , key_retries ,
legacyrates , max_timeout , meshfwd , meshid , ml , mobility_domain , mode ,
mp , nasid , network , password , pmk_r1_push , privkey , privkey2 , privkeypwd ,
privkeypwd2 , r0_key_lifetime , r0kh , r1_key_holder , r1kh ,
reassociation_deadline , retry_timeout , ssid , st , tp , wepkey , wepslot ,
wmm , wpakey , wps
2018-01-23 14:36:03 +00:00
arg [ 1 ] = arg [ 1 ] or " "
m = Map ( " wireless " , " " ,
translate ( " The <em>Device Configuration</em> section covers physical settings of the radio " ..
" hardware such as channel, transmit power or antenna selection which are shared among all " ..
" defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
" like encryption or operation mode are grouped in the <em>Interface Configuration</em>. " ) )
m : chain ( " network " )
m : chain ( " firewall " )
m.redirect = luci.dispatcher . build_url ( " admin/network/wireless " )
nw.init ( m.uci )
local wnet = nw : get_wifinet ( arg [ 1 ] )
local wdev = wnet and wnet : get_device ( )
-- redirect to overview page if network does not exist anymore (e.g. after a revert)
if not wnet or not wdev then
luci.http . redirect ( luci.dispatcher . build_url ( " admin/network/wireless " ) )
return
end
local function txpower_list ( iw )
local list = iw.txpwrlist or { }
local off = tonumber ( iw.txpower_offset ) or 0
local new = { }
local prev = - 1
local _ , val
for _ , val in ipairs ( list ) do
local dbm = val.dbm + off
local mw = math.floor ( 10 ^ ( dbm / 10 ) )
if mw ~= prev then
prev = mw
new [ # new + 1 ] = {
display_dbm = dbm ,
display_mw = mw ,
driver_dbm = val.dbm ,
driver_mw = val.mw
}
end
end
return new
end
local function txpower_current ( pwr , list )
pwr = tonumber ( pwr )
if pwr ~= nil then
local _ , item
for _ , item in ipairs ( list ) do
if item.driver_dbm >= pwr then
return item.driver_dbm
end
end
end
return pwr or " "
end
local iw = luci.sys . wifi.getiwinfo ( arg [ 1 ] )
local hw_modes = iw.hwmodelist or { }
local tx_power_list = txpower_list ( iw )
local tx_power_cur = txpower_current ( wdev : get ( " txpower " ) , tx_power_list )
2018-05-25 12:36:55 +00:00
-- wireless toggle was requested, commit and reload page
function m . parse ( map )
local new_cc = m : formvalue ( " cbid.wireless.%s.country " % wdev : name ( ) )
local old_cc = m : get ( wdev : name ( ) , " country " )
if m : formvalue ( " cbid.wireless.%s.__toggle " % wdev : name ( ) ) then
if wdev : get ( " disabled " ) == " 1 " or wnet : get ( " disabled " ) == " 1 " then
wnet : set ( " disabled " , nil )
else
wnet : set ( " disabled " , " 1 " )
end
wdev : set ( " disabled " , nil )
m.apply_needed = true
m.redirect = nil
end
Map.parse ( map )
if m : get ( wdev : name ( ) , " type " ) == " mac80211 " and new_cc and new_cc ~= old_cc then
luci.sys . call ( " iw reg set %s " % ut.shellquote ( new_cc ) )
local old_ch = tonumber ( m : formvalue ( " cbid.wireless.%s._mode_freq.channel " % wdev : name ( ) ) or " " )
if old_ch then
local _ , c , new_ch
for _ , c in ipairs ( iw.freqlist ) do
if c.channel > old_ch or ( old_ch <= 14 and c.channel > 14 ) then
break
end
new_ch = c.channel
end
if new_ch ~= old_ch then
wdev : set ( " channel " , new_ch )
m.message = translatef ( " Channel %d is not available in the %s regulatory domain and has been auto-adjusted to %d. " ,
old_ch , new_cc , new_ch )
end
end
end
if wdev : get ( " disabled " ) == " 1 " or wnet : get ( " disabled " ) == " 1 " then
en.title = translate ( " Wireless network is disabled " )
en.inputtitle = translate ( " Enable " )
en.inputstyle = " apply "
else
en.title = translate ( " Wireless network is enabled " )
en.inputtitle = translate ( " Disable " )
en.inputstyle = " reset "
end
end
m.title = luci.util . pcdata ( wnet : get_i18n ( ) )
2018-01-23 14:36:03 +00:00
s = m : section ( NamedSection , wdev : name ( ) , " wifi-device " , translate ( " Device Configuration " ) )
s.addremove = false
s : tab ( " general " , translate ( " General Setup " ) )
s : tab ( " macfilter " , translate ( " MAC-Filter " ) )
s : tab ( " advanced " , translate ( " Advanced Settings " ) )
st = s : taboption ( " general " , DummyValue , " __status " , translate ( " Status " ) )
st.template = " admin_network/wifi_status "
st.ifname = arg [ 1 ]
en = s : taboption ( " general " , Button , " __toggle " )
local hwtype = wdev : get ( " type " )
-- NanoFoo
local nsantenna = wdev : get ( " antenna " )
-- Check whether there are client interfaces on the same radio,
-- if yes, lock the channel choice as these stations will dicatate the freq
local found_sta = nil
local _ , net
if wnet : mode ( ) ~= " sta " then
for _ , net in ipairs ( wdev : get_wifinets ( ) ) do
if net : mode ( ) == " sta " and net : get ( " disabled " ) ~= " 1 " then
if not found_sta then
found_sta = { }
found_sta.channel = net : channel ( )
found_sta.names = { }
end
found_sta.names [ # found_sta.names + 1 ] = net : shortname ( )
end
end
end
if found_sta then
ch = s : taboption ( " general " , DummyValue , " choice " , translate ( " Channel " ) )
ch.value = translatef ( " Locked to channel %s used by: %s " ,
found_sta.channel or " (auto) " , table.concat ( found_sta.names , " , " ) )
else
ch = s : taboption ( " general " , Value , " _mode_freq " , ' <br /> ' .. translate ( " Operating frequency " ) )
2018-05-25 12:36:55 +00:00
ch.iwinfo = iw
2018-01-23 14:36:03 +00:00
ch.template = " cbi/wireless_modefreq "
function ch . cfgvalue ( self , section )
return {
m : get ( section , " hwmode " ) or " " ,
m : get ( section , " channel " ) or " auto " ,
m : get ( section , " htmode " ) or " "
}
end
function ch . formvalue ( self , section )
return {
m : formvalue ( self : cbid ( section ) .. " .band " ) or ( hw_modes.g and " 11g " or " 11a " ) ,
m : formvalue ( self : cbid ( section ) .. " .channel " ) or " auto " ,
m : formvalue ( self : cbid ( section ) .. " .htmode " ) or " "
}
end
function ch . write ( self , section , value )
m : set ( section , " hwmode " , value [ 1 ] )
m : set ( section , " channel " , value [ 2 ] )
m : set ( section , " htmode " , value [ 3 ] )
end
end
------------------- MAC80211 Device ------------------
if hwtype == " mac80211 " then
if # tx_power_list > 0 then
tp = s : taboption ( " general " , ListValue ,
" txpower " , translate ( " Transmit Power " ) , " dBm " )
tp.rmempty = true
tp.default = tx_power_cur
function tp . cfgvalue ( ... )
return txpower_current ( Value.cfgvalue ( ... ) , tx_power_list )
end
tp : value ( " " , translate ( " auto " ) )
for _ , p in ipairs ( tx_power_list ) do
tp : value ( p.driver_dbm , " %i dBm (%i mW) "
% { p.display_dbm , p.display_mw } )
end
end
local cl = iw and iw.countrylist
if cl and # cl > 0 then
cc = s : taboption ( " advanced " , ListValue , " country " , translate ( " Country Code " ) , translate ( " Use ISO/IEC 3166 alpha2 country codes. " ) )
cc.default = tostring ( iw and iw.country or " 00 " )
for _ , c in ipairs ( cl ) do
cc : value ( c.alpha2 , " %s - %s " % { c.alpha2 , c.name } )
end
else
s : taboption ( " advanced " , Value , " country " , translate ( " Country Code " ) , translate ( " Use ISO/IEC 3166 alpha2 country codes. " ) )
end
2018-03-15 14:27:42 +00:00
legacyrates = s : taboption ( " advanced " , Flag , " legacy_rates " , translate ( " Allow legacy 802.11b rates " ) )
2018-03-06 14:09:20 +00:00
legacyrates.rmempty = false
legacyrates.default = " 1 "
2018-01-23 14:36:03 +00:00
s : taboption ( " advanced " , Value , " distance " , translate ( " Distance Optimization " ) ,
translate ( " Distance to farthest network member in meters. " ) )
-- external antenna profiles
local eal = iw and iw.extant
if eal and # eal > 0 then
ea = s : taboption ( " advanced " , ListValue , " extant " , translate ( " Antenna Configuration " ) )
for _ , eap in ipairs ( eal ) do
ea : value ( eap.id , " %s (%s) " % { eap.name , eap.description } )
if eap.selected then
ea.default = eap.id
end
end
end
s : taboption ( " advanced " , Value , " frag " , translate ( " Fragmentation Threshold " ) )
s : taboption ( " advanced " , Value , " rts " , translate ( " RTS/CTS Threshold " ) )
end
------------------- Broadcom Device ------------------
if hwtype == " broadcom " then
tp = s : taboption ( " general " ,
( # tx_power_list > 0 ) and ListValue or Value ,
" txpower " , translate ( " Transmit Power " ) , " dBm " )
tp.rmempty = true
tp.default = tx_power_cur
function tp . cfgvalue ( ... )
return txpower_current ( Value.cfgvalue ( ... ) , tx_power_list )
end
tp : value ( " " , translate ( " auto " ) )
for _ , p in ipairs ( tx_power_list ) do
tp : value ( p.driver_dbm , " %i dBm (%i mW) "
% { p.display_dbm , p.display_mw } )
end
mode = s : taboption ( " advanced " , ListValue , " hwmode " , translate ( " Band " ) )
if hw_modes.b then
mode : value ( " 11b " , " 2.4GHz (802.11b) " )
if hw_modes.g then
mode : value ( " 11bg " , " 2.4GHz (802.11b+g) " )
end
end
if hw_modes.g then
mode : value ( " 11g " , " 2.4GHz (802.11g) " )
mode : value ( " 11gst " , " 2.4GHz (802.11g + Turbo) " )
mode : value ( " 11lrs " , " 2.4GHz (802.11g Limited Rate Support) " )
end
if hw_modes.a then mode : value ( " 11a " , " 5GHz (802.11a) " ) end
if hw_modes.n then
if hw_modes.g then
mode : value ( " 11ng " , " 2.4GHz (802.11g+n) " )
mode : value ( " 11n " , " 2.4GHz (802.11n) " )
end
if hw_modes.a then
mode : value ( " 11na " , " 5GHz (802.11a+n) " )
mode : value ( " 11n " , " 5GHz (802.11n) " )
end
htmode = s : taboption ( " advanced " , ListValue , " htmode " , translate ( " HT mode (802.11n) " ) )
htmode : depends ( " hwmode " , " 11ng " )
htmode : depends ( " hwmode " , " 11na " )
htmode : depends ( " hwmode " , " 11n " )
htmode : value ( " HT20 " , " 20MHz " )
htmode : value ( " HT40 " , " 40MHz " )
end
ant1 = s : taboption ( " advanced " , ListValue , " txantenna " , translate ( " Transmitter Antenna " ) )
ant1.widget = " radio "
ant1 : depends ( " diversity " , " " )
ant1 : value ( " 3 " , translate ( " auto " ) )
ant1 : value ( " 0 " , translate ( " Antenna 1 " ) )
ant1 : value ( " 1 " , translate ( " Antenna 2 " ) )
ant2 = s : taboption ( " advanced " , ListValue , " rxantenna " , translate ( " Receiver Antenna " ) )
ant2.widget = " radio "
ant2 : depends ( " diversity " , " " )
ant2 : value ( " 3 " , translate ( " auto " ) )
ant2 : value ( " 0 " , translate ( " Antenna 1 " ) )
ant2 : value ( " 1 " , translate ( " Antenna 2 " ) )
s : taboption ( " advanced " , Flag , " frameburst " , translate ( " Frame Bursting " ) )
s : taboption ( " advanced " , Value , " distance " , translate ( " Distance Optimization " ) )
--s:option(Value, "slottime", translate("Slot time"))
s : taboption ( " advanced " , Value , " country " , translate ( " Country Code " ) )
s : taboption ( " advanced " , Value , " maxassoc " , translate ( " Connection Limit " ) )
end
--------------------- HostAP Device ---------------------
if hwtype == " prism2 " then
s : taboption ( " advanced " , Value , " txpower " , translate ( " Transmit Power " ) , " att units " ) . rmempty = true
s : taboption ( " advanced " , Flag , " diversity " , translate ( " Diversity " ) ) . rmempty = false
s : taboption ( " advanced " , Value , " txantenna " , translate ( " Transmitter Antenna " ) )
s : taboption ( " advanced " , Value , " rxantenna " , translate ( " Receiver Antenna " ) )
end
----------------------- Interface -----------------------
s = m : section ( NamedSection , wnet.sid , " wifi-iface " , translate ( " Interface Configuration " ) )
s.addremove = false
s.anonymous = true
s.defaults . device = wdev : name ( )
s : tab ( " general " , translate ( " General Setup " ) )
s : tab ( " encryption " , translate ( " Wireless Security " ) )
s : tab ( " macfilter " , translate ( " MAC-Filter " ) )
s : tab ( " advanced " , translate ( " Advanced Settings " ) )
mode = s : taboption ( " general " , ListValue , " mode " , translate ( " Mode " ) )
mode.override_values = true
mode : value ( " ap " , translate ( " Access Point " ) )
mode : value ( " sta " , translate ( " Client " ) )
mode : value ( " adhoc " , translate ( " Ad-Hoc " ) )
2018-03-06 14:09:20 +00:00
meshid = s : taboption ( " general " , Value , " mesh_id " , translate ( " Mesh Id " ) )
meshid : depends ( { mode = " mesh " } )
2018-03-15 14:27:42 +00:00
meshfwd = s : taboption ( " advanced " , Flag , " mesh_fwding " , translate ( " Forward mesh peer traffic " ) )
2018-03-06 14:09:20 +00:00
meshfwd.rmempty = false
meshfwd.default = " 1 "
meshfwd : depends ( { mode = " mesh " } )
ssid = s : taboption ( " general " , Value , " ssid " , translate ( " <abbr title= \" Extended Service Set Identifier \" >ESSID</abbr> " ) )
ssid.datatype = " maxlength(32) "
ssid : depends ( { mode = " ap " } )
ssid : depends ( { mode = " sta " } )
ssid : depends ( { mode = " adhoc " } )
ssid : depends ( { mode = " ahdemo " } )
ssid : depends ( { mode = " monitor " } )
ssid : depends ( { mode = " ap-wds " } )
ssid : depends ( { mode = " sta-wds " } )
ssid : depends ( { mode = " wds " } )
2018-01-23 14:36:03 +00:00
bssid = s : taboption ( " general " , Value , " bssid " , translate ( " <abbr title= \" Basic Service Set Identifier \" >BSSID</abbr> " ) )
network = s : taboption ( " general " , Value , " network " , translate ( " Network " ) ,
translate ( " Choose the network(s) you want to attach to this wireless interface or " ..
" fill out the <em>create</em> field to define a new network. " ) )
network.rmempty = true
network.template = " cbi/network_netlist "
network.widget = " checkbox "
network.novirtual = true
function network . write ( self , section , value )
local i = nw : get_interface ( section )
if i then
2018-06-08 08:51:00 +00:00
local _ , net , old , new = nil , nil , { } , { }
for _ , net in ipairs ( i : get_networks ( ) ) do
old [ net : name ( ) ] = true
end
for net in ut.imatch ( value ) do
new [ net ] = true
if not old [ net ] then
local n = nw : get_network ( net ) or nw : add_network ( net , { proto = " none " } )
2018-01-23 14:36:03 +00:00
if n then
if not n : is_empty ( ) then
n : set ( " type " , " bridge " )
end
n : add_interface ( i )
end
end
end
2018-06-08 08:51:00 +00:00
for net , _ in pairs ( old ) do
if not new [ net ] then
local n = nw : get_network ( net )
if n then
n : del_interface ( i )
end
end
end
2018-01-23 14:36:03 +00:00
end
end
-------------------- MAC80211 Interface ----------------------
if hwtype == " mac80211 " then
if fs.access ( " /usr/sbin/iw " ) then
mode : value ( " mesh " , " 802.11s " )
end
mode : value ( " ahdemo " , translate ( " Pseudo Ad-Hoc (ahdemo) " ) )
mode : value ( " monitor " , translate ( " Monitor " ) )
bssid : depends ( { mode = " adhoc " } )
bssid : depends ( { mode = " sta " } )
bssid : depends ( { mode = " sta-wds " } )
mp = s : taboption ( " macfilter " , ListValue , " macfilter " , translate ( " MAC-Address Filter " ) )
mp : depends ( { mode = " ap " } )
mp : depends ( { mode = " ap-wds " } )
mp : value ( " " , translate ( " disable " ) )
mp : value ( " allow " , translate ( " Allow listed only " ) )
mp : value ( " deny " , translate ( " Allow all except listed " ) )
ml = s : taboption ( " macfilter " , DynamicList , " maclist " , translate ( " MAC-List " ) )
ml.datatype = " macaddr "
ml : depends ( { macfilter = " allow " } )
ml : depends ( { macfilter = " deny " } )
nt.mac_hints ( function ( mac , name ) ml : value ( mac , " %s (%s) " % { mac , name } ) end )
mode : value ( " ap-wds " , " %s (%s) " % { translate ( " Access Point " ) , translate ( " WDS " ) } )
mode : value ( " sta-wds " , " %s (%s) " % { translate ( " Client " ) , translate ( " WDS " ) } )
function mode . write ( self , section , value )
if value == " ap-wds " then
ListValue.write ( self , section , " ap " )
m.uci : set ( " wireless " , section , " wds " , 1 )
elseif value == " sta-wds " then
ListValue.write ( self , section , " sta " )
m.uci : set ( " wireless " , section , " wds " , 1 )
else
ListValue.write ( self , section , value )
m.uci : delete ( " wireless " , section , " wds " )
end
end
function mode . cfgvalue ( self , section )
local mode = ListValue.cfgvalue ( self , section )
local wds = m.uci : get ( " wireless " , section , " wds " ) == " 1 "
if mode == " ap " and wds then
return " ap-wds "
elseif mode == " sta " and wds then
return " sta-wds "
else
return mode
end
end
hidden = s : taboption ( " general " , Flag , " hidden " , translate ( " Hide <abbr title= \" Extended Service Set Identifier \" >ESSID</abbr> " ) )
hidden : depends ( { mode = " ap " } )
hidden : depends ( { mode = " ap-wds " } )
wmm = s : taboption ( " general " , Flag , " wmm " , translate ( " WMM Mode " ) )
wmm : depends ( { mode = " ap " } )
wmm : depends ( { mode = " ap-wds " } )
wmm.default = wmm.enabled
2018-03-15 14:27:42 +00:00
isolate = s : taboption ( " advanced " , Flag , " isolate " , translate ( " Isolate Clients " ) ,
2018-01-23 14:36:03 +00:00
translate ( " Prevents client-to-client communication " ) )
isolate : depends ( { mode = " ap " } )
2018-03-15 14:27:42 +00:00
isolate : depends ( { mode = " ap-wds " } )
2018-01-23 14:36:03 +00:00
2018-03-15 14:27:42 +00:00
ifname = s : taboption ( " advanced " , Value , " ifname " , translate ( " Interface name " ) , translate ( " Override default interface name " ) )
ifname.optional = true
2018-01-23 14:36:03 +00:00
end
-------------------- Broadcom Interface ----------------------
if hwtype == " broadcom " then
mode : value ( " wds " , translate ( " WDS " ) )
mode : value ( " monitor " , translate ( " Monitor " ) )
hidden = s : taboption ( " general " , Flag , " hidden " , translate ( " Hide <abbr title= \" Extended Service Set Identifier \" >ESSID</abbr> " ) )
hidden : depends ( { mode = " ap " } )
hidden : depends ( { mode = " adhoc " } )
hidden : depends ( { mode = " wds " } )
isolate = s : taboption ( " advanced " , Flag , " isolate " , translate ( " Separate Clients " ) ,
translate ( " Prevents client-to-client communication " ) )
isolate : depends ( { mode = " ap " } )
s : taboption ( " advanced " , Flag , " doth " , " 802.11h " )
s : taboption ( " advanced " , Flag , " wmm " , translate ( " WMM Mode " ) )
bssid : depends ( { mode = " wds " } )
bssid : depends ( { mode = " adhoc " } )
end
----------------------- HostAP Interface ---------------------
if hwtype == " prism2 " then
mode : value ( " wds " , translate ( " WDS " ) )
mode : value ( " monitor " , translate ( " Monitor " ) )
hidden = s : taboption ( " general " , Flag , " hidden " , translate ( " Hide <abbr title= \" Extended Service Set Identifier \" >ESSID</abbr> " ) )
hidden : depends ( { mode = " ap " } )
hidden : depends ( { mode = " adhoc " } )
hidden : depends ( { mode = " wds " } )
bssid : depends ( { mode = " sta " } )
mp = s : taboption ( " macfilter " , ListValue , " macpolicy " , translate ( " MAC-Address Filter " ) )
mp : value ( " " , translate ( " disable " ) )
mp : value ( " allow " , translate ( " Allow listed only " ) )
mp : value ( " deny " , translate ( " Allow all except listed " ) )
ml = s : taboption ( " macfilter " , DynamicList , " maclist " , translate ( " MAC-List " ) )
ml : depends ( { macpolicy = " allow " } )
ml : depends ( { macpolicy = " deny " } )
nt.mac_hints ( function ( mac , name ) ml : value ( mac , " %s (%s) " % { mac , name } ) end )
s : taboption ( " advanced " , Value , " rate " , translate ( " Transmission Rate " ) )
s : taboption ( " advanced " , Value , " frag " , translate ( " Fragmentation Threshold " ) )
s : taboption ( " advanced " , Value , " rts " , translate ( " RTS/CTS Threshold " ) )
end
------------------- WiFI-Encryption -------------------
encr = s : taboption ( " encryption " , ListValue , " encryption " , translate ( " Encryption " ) )
encr.override_values = true
encr.override_depends = true
encr : depends ( { mode = " ap " } )
encr : depends ( { mode = " sta " } )
encr : depends ( { mode = " adhoc " } )
encr : depends ( { mode = " ahdemo " } )
encr : depends ( { mode = " ap-wds " } )
encr : depends ( { mode = " sta-wds " } )
encr : depends ( { mode = " mesh " } )
cipher = s : taboption ( " encryption " , ListValue , " cipher " , translate ( " Cipher " ) )
cipher : depends ( { encryption = " wpa " } )
cipher : depends ( { encryption = " wpa2 " } )
cipher : depends ( { encryption = " psk " } )
cipher : depends ( { encryption = " psk2 " } )
cipher : depends ( { encryption = " wpa-mixed " } )
cipher : depends ( { encryption = " psk-mixed " } )
cipher : value ( " auto " , translate ( " auto " ) )
cipher : value ( " ccmp " , translate ( " Force CCMP (AES) " ) )
cipher : value ( " tkip " , translate ( " Force TKIP " ) )
cipher : value ( " tkip+ccmp " , translate ( " Force TKIP and CCMP (AES) " ) )
function encr . cfgvalue ( self , section )
local v = tostring ( ListValue.cfgvalue ( self , section ) )
if v == " wep " then
return " wep-open "
elseif v and v : match ( " %+ " ) then
return ( v : gsub ( " %+.+$ " , " " ) )
end
return v
end
function encr . write ( self , section , value )
local e = tostring ( encr : formvalue ( section ) )
local c = tostring ( cipher : formvalue ( section ) )
if value == " wpa " or value == " wpa2 " then
self.map . uci : delete ( " wireless " , section , " key " )
end
if e and ( c == " tkip " or c == " ccmp " or c == " tkip+ccmp " ) then
e = e .. " + " .. c
end
self.map : set ( section , " encryption " , e )
end
function cipher . cfgvalue ( self , section )
local v = tostring ( ListValue.cfgvalue ( encr , section ) )
if v and v : match ( " %+ " ) then
v = v : gsub ( " ^[^%+]+%+ " , " " )
if v == " aes " then v = " ccmp "
elseif v == " tkip+aes " then v = " tkip+ccmp "
elseif v == " aes+tkip " then v = " tkip+ccmp "
elseif v == " ccmp+tkip " then v = " tkip+ccmp "
end
end
return v
end
function cipher . write ( self , section )
return encr : write ( section )
end
encr : value ( " none " , " No Encryption " )
encr : value ( " wep-open " , translate ( " WEP Open System " ) , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } , { mode = " adhoc " } , { mode = " ahdemo " } , { mode = " wds " } )
encr : value ( " wep-shared " , translate ( " WEP Shared Key " ) , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } , { mode = " adhoc " } , { mode = " ahdemo " } , { mode = " wds " } )
2018-03-15 14:27:42 +00:00
if hwtype == " mac80211 " or hwtype == " prism2 " then
2018-01-23 14:36:03 +00:00
local supplicant = fs.access ( " /usr/sbin/wpa_supplicant " )
local hostapd = fs.access ( " /usr/sbin/hostapd " )
-- Probe EAP support
local has_ap_eap = ( os.execute ( " hostapd -veap >/dev/null 2>/dev/null " ) == 0 )
local has_sta_eap = ( os.execute ( " wpa_supplicant -veap >/dev/null 2>/dev/null " ) == 0 )
if hostapd and supplicant then
2018-03-15 14:27:42 +00:00
encr : value ( " psk " , " WPA-PSK " , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } , { mode = " adhoc " } )
encr : value ( " psk2 " , " WPA2-PSK " , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } , { mode = " adhoc " } )
encr : value ( " psk-mixed " , " WPA-PSK/WPA2-PSK Mixed Mode " , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } , { mode = " adhoc " } )
2018-01-23 14:36:03 +00:00
if has_ap_eap and has_sta_eap then
encr : value ( " wpa " , " WPA-EAP " , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } )
encr : value ( " wpa2 " , " WPA2-EAP " , { mode = " ap " } , { mode = " sta " } , { mode = " ap-wds " } , { mode = " sta-wds " } )
end
elseif hostapd and not supplicant then
encr : value ( " psk " , " WPA-PSK " , { mode = " ap " } , { mode = " ap-wds " } )
encr : value ( " psk2 " , " WPA2-PSK " , { mode = " ap " } , { mode = " ap-wds " } )
encr : value ( " psk-mixed " , " WPA-PSK/WPA2-PSK Mixed Mode " , { mode = " ap " } , { mode = " ap-wds " } )
if has_ap_eap then
encr : value ( " wpa " , " WPA-EAP " , { mode = " ap " } , { mode = " ap-wds " } )
encr : value ( " wpa2 " , " WPA2-EAP " , { mode = " ap " } , { mode = " ap-wds " } )
end
encr.description = translate (
" WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
" and ad-hoc mode) to be installed. "
)
elseif not hostapd and supplicant then
2018-03-15 14:27:42 +00:00
encr : value ( " psk " , " WPA-PSK " , { mode = " sta " } , { mode = " sta-wds " } , { mode = " adhoc " } )
encr : value ( " psk2 " , " WPA2-PSK " , { mode = " sta " } , { mode = " sta-wds " } , { mode = " adhoc " } )
encr : value ( " psk-mixed " , " WPA-PSK/WPA2-PSK Mixed Mode " , { mode = " sta " } , { mode = " sta-wds " } , { mode = " adhoc " } )
2018-01-23 14:36:03 +00:00
if has_sta_eap then
encr : value ( " wpa " , " WPA-EAP " , { mode = " sta " } , { mode = " sta-wds " } )
encr : value ( " wpa2 " , " WPA2-EAP " , { mode = " sta " } , { mode = " sta-wds " } )
end
encr.description = translate (
" WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
" and ad-hoc mode) to be installed. "
)
else
encr.description = translate (
" WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
" and ad-hoc mode) to be installed. "
)
end
elseif hwtype == " broadcom " then
encr : value ( " psk " , " WPA-PSK " )
encr : value ( " psk2 " , " WPA2-PSK " )
encr : value ( " psk+psk2 " , " WPA-PSK/WPA2-PSK Mixed Mode " )
end
auth_server = s : taboption ( " encryption " , Value , " auth_server " , translate ( " Radius-Authentication-Server " ) )
auth_server : depends ( { mode = " ap " , encryption = " wpa " } )
auth_server : depends ( { mode = " ap " , encryption = " wpa2 " } )
auth_server : depends ( { mode = " ap-wds " , encryption = " wpa " } )
auth_server : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
auth_server.rmempty = true
auth_server.datatype = " host(0) "
auth_port = s : taboption ( " encryption " , Value , " auth_port " , translate ( " Radius-Authentication-Port " ) , translatef ( " Default %d " , 1812 ) )
auth_port : depends ( { mode = " ap " , encryption = " wpa " } )
auth_port : depends ( { mode = " ap " , encryption = " wpa2 " } )
auth_port : depends ( { mode = " ap-wds " , encryption = " wpa " } )
auth_port : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
auth_port.rmempty = true
auth_port.datatype = " port "
auth_secret = s : taboption ( " encryption " , Value , " auth_secret " , translate ( " Radius-Authentication-Secret " ) )
auth_secret : depends ( { mode = " ap " , encryption = " wpa " } )
auth_secret : depends ( { mode = " ap " , encryption = " wpa2 " } )
auth_secret : depends ( { mode = " ap-wds " , encryption = " wpa " } )
auth_secret : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
auth_secret.rmempty = true
auth_secret.password = true
acct_server = s : taboption ( " encryption " , Value , " acct_server " , translate ( " Radius-Accounting-Server " ) )
acct_server : depends ( { mode = " ap " , encryption = " wpa " } )
acct_server : depends ( { mode = " ap " , encryption = " wpa2 " } )
acct_server : depends ( { mode = " ap-wds " , encryption = " wpa " } )
acct_server : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
acct_server.rmempty = true
acct_server.datatype = " host(0) "
acct_port = s : taboption ( " encryption " , Value , " acct_port " , translate ( " Radius-Accounting-Port " ) , translatef ( " Default %d " , 1813 ) )
acct_port : depends ( { mode = " ap " , encryption = " wpa " } )
acct_port : depends ( { mode = " ap " , encryption = " wpa2 " } )
acct_port : depends ( { mode = " ap-wds " , encryption = " wpa " } )
acct_port : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
acct_port.rmempty = true
acct_port.datatype = " port "
acct_secret = s : taboption ( " encryption " , Value , " acct_secret " , translate ( " Radius-Accounting-Secret " ) )
acct_secret : depends ( { mode = " ap " , encryption = " wpa " } )
acct_secret : depends ( { mode = " ap " , encryption = " wpa2 " } )
acct_secret : depends ( { mode = " ap-wds " , encryption = " wpa " } )
acct_secret : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
acct_secret.rmempty = true
acct_secret.password = true
wpakey = s : taboption ( " encryption " , Value , " _wpa_key " , translate ( " Key " ) )
wpakey : depends ( " encryption " , " psk " )
wpakey : depends ( " encryption " , " psk2 " )
wpakey : depends ( " encryption " , " psk+psk2 " )
wpakey : depends ( " encryption " , " psk-mixed " )
wpakey.datatype = " wpakey "
wpakey.rmempty = true
wpakey.password = true
wpakey.cfgvalue = function ( self , section , value )
local key = m.uci : get ( " wireless " , section , " key " )
if key == " 1 " or key == " 2 " or key == " 3 " or key == " 4 " then
return nil
end
return key
end
wpakey.write = function ( self , section , value )
self.map . uci : set ( " wireless " , section , " key " , value )
self.map . uci : delete ( " wireless " , section , " key1 " )
end
wepslot = s : taboption ( " encryption " , ListValue , " _wep_key " , translate ( " Used Key Slot " ) )
wepslot : depends ( " encryption " , " wep-open " )
wepslot : depends ( " encryption " , " wep-shared " )
wepslot : value ( " 1 " , translatef ( " Key #%d " , 1 ) )
wepslot : value ( " 2 " , translatef ( " Key #%d " , 2 ) )
wepslot : value ( " 3 " , translatef ( " Key #%d " , 3 ) )
wepslot : value ( " 4 " , translatef ( " Key #%d " , 4 ) )
wepslot.cfgvalue = function ( self , section )
local slot = tonumber ( m.uci : get ( " wireless " , section , " key " ) )
if not slot or slot < 1 or slot > 4 then
return 1
end
return slot
end
wepslot.write = function ( self , section , value )
self.map . uci : set ( " wireless " , section , " key " , value )
end
local slot
for slot = 1 , 4 do
wepkey = s : taboption ( " encryption " , Value , " key " .. slot , translatef ( " Key #%d " , slot ) )
wepkey : depends ( " encryption " , " wep-open " )
wepkey : depends ( " encryption " , " wep-shared " )
wepkey.datatype = " wepkey "
wepkey.rmempty = true
wepkey.password = true
function wepkey . write ( self , section , value )
if value and ( # value == 5 or # value == 13 ) then
value = " s: " .. value
end
return Value.write ( self , section , value )
end
end
2018-03-15 14:27:42 +00:00
if hwtype == " mac80211 " or hwtype == " prism2 " then
2018-01-23 14:36:03 +00:00
-- Probe 802.11r support (and EAP support as a proxy for Openwrt)
local has_80211r = ( os.execute ( " hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null " ) == 0 )
ieee80211r = s : taboption ( " encryption " , Flag , " ieee80211r " ,
translate ( " 802.11r Fast Transition " ) ,
translate ( " Enables fast roaming among access points that belong " ..
" to the same Mobility Domain " ) )
ieee80211r : depends ( { mode = " ap " , encryption = " wpa " } )
ieee80211r : depends ( { mode = " ap " , encryption = " wpa2 " } )
ieee80211r : depends ( { mode = " ap-wds " , encryption = " wpa " } )
ieee80211r : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
if has_80211r then
ieee80211r : depends ( { mode = " ap " , encryption = " psk " } )
ieee80211r : depends ( { mode = " ap " , encryption = " psk2 " } )
ieee80211r : depends ( { mode = " ap " , encryption = " psk-mixed " } )
2018-03-15 14:27:42 +00:00
ieee80211r : depends ( { mode = " ap-wds " , encryption = " psk " } )
ieee80211r : depends ( { mode = " ap-wds " , encryption = " psk2 " } )
ieee80211r : depends ( { mode = " ap-wds " , encryption = " psk-mixed " } )
2018-01-23 14:36:03 +00:00
end
ieee80211r.rmempty = true
nasid = s : taboption ( " encryption " , Value , " nasid " , translate ( " NAS ID " ) ,
translate ( " Used for two different purposes: RADIUS NAS ID and " ..
" 802.11r R0KH-ID. Not needed with normal WPA(2)-PSK. " ) )
nasid : depends ( { mode = " ap " , encryption = " wpa " } )
nasid : depends ( { mode = " ap " , encryption = " wpa2 " } )
nasid : depends ( { mode = " ap-wds " , encryption = " wpa " } )
nasid : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
nasid : depends ( { ieee80211r = " 1 " } )
nasid.rmempty = true
mobility_domain = s : taboption ( " encryption " , Value , " mobility_domain " ,
translate ( " Mobility Domain " ) ,
translate ( " 4-character hexadecimal ID " ) )
mobility_domain : depends ( { ieee80211r = " 1 " } )
mobility_domain.placeholder = " 4f57 "
mobility_domain.datatype = " and(hexstring,rangelength(4,4)) "
mobility_domain.rmempty = true
2018-03-06 14:09:20 +00:00
reassociation_deadline = s : taboption ( " encryption " , Value , " reassociation_deadline " ,
translate ( " Reassociation Deadline " ) ,
translate ( " time units (TUs / 1.024 ms) [1000-65535] " ) )
reassociation_deadline : depends ( { ieee80211r = " 1 " } )
reassociation_deadline.placeholder = " 1000 "
reassociation_deadline.datatype = " range(1000,65535) "
reassociation_deadline.rmempty = true
ft_protocol = s : taboption ( " encryption " , ListValue , " ft_over_ds " , translate ( " FT protocol " ) )
ft_protocol : depends ( { ieee80211r = " 1 " } )
ft_protocol : value ( " 1 " , translatef ( " FT over DS " ) )
ft_protocol : value ( " 0 " , translatef ( " FT over the Air " ) )
ft_protocol.rmempty = true
ft_psk_generate_local = s : taboption ( " encryption " , Flag , " ft_psk_generate_local " ,
translate ( " Generate PMK locally " ) ,
translate ( " When using a PSK, the PMK can be generated locally without inter AP communications " ) )
ft_psk_generate_local : depends ( { ieee80211r = " 1 " } )
2018-01-23 14:36:03 +00:00
r0_key_lifetime = s : taboption ( " encryption " , Value , " r0_key_lifetime " ,
translate ( " R0 Key Lifetime " ) , translate ( " minutes " ) )
2018-03-06 14:09:20 +00:00
r0_key_lifetime : depends ( { ieee80211r = " 1 " , ft_psk_generate_local = " " } )
2018-01-23 14:36:03 +00:00
r0_key_lifetime.placeholder = " 10000 "
r0_key_lifetime.datatype = " uinteger "
r0_key_lifetime.rmempty = true
r1_key_holder = s : taboption ( " encryption " , Value , " r1_key_holder " ,
translate ( " R1 Key Holder " ) ,
translate ( " 6-octet identifier as a hex string - no colons " ) )
2018-03-06 14:09:20 +00:00
r1_key_holder : depends ( { ieee80211r = " 1 " , ft_psk_generate_local = " " } )
2018-01-23 14:36:03 +00:00
r1_key_holder.placeholder = " 00004f577274 "
r1_key_holder.datatype = " and(hexstring,rangelength(12,12)) "
r1_key_holder.rmempty = true
pmk_r1_push = s : taboption ( " encryption " , Flag , " pmk_r1_push " , translate ( " PMK R1 Push " ) )
2018-03-06 14:09:20 +00:00
pmk_r1_push : depends ( { ieee80211r = " 1 " , ft_psk_generate_local = " " } )
2018-01-23 14:36:03 +00:00
pmk_r1_push.placeholder = " 0 "
pmk_r1_push.rmempty = true
r0kh = s : taboption ( " encryption " , DynamicList , " r0kh " , translate ( " External R0 Key Holder List " ) ,
translate ( " List of R0KHs in the same Mobility Domain. " ..
" <br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
" <br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
" MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
" used during the Initial Mobility Domain Association. " ) )
2018-03-06 14:09:20 +00:00
r0kh : depends ( { ieee80211r = " 1 " , ft_psk_generate_local = " " } )
2018-01-23 14:36:03 +00:00
r0kh.rmempty = true
r1kh = s : taboption ( " encryption " , DynamicList , " r1kh " , translate ( " External R1 Key Holder List " ) ,
translate ( " List of R1KHs in the same Mobility Domain. " ..
" <br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. " ..
" <br />This list is used to map R1KH-ID to a destination MAC address " ..
" when sending PMK-R1 key from the R0KH. This is also the " ..
" list of authorized R1KHs in the MD that can request PMK-R1 keys. " ) )
2018-03-06 14:09:20 +00:00
r1kh : depends ( { ieee80211r = " 1 " , ft_psk_generate_local = " " } )
2018-01-23 14:36:03 +00:00
r1kh.rmempty = true
-- End of 802.11r options
eaptype = s : taboption ( " encryption " , ListValue , " eap_type " , translate ( " EAP-Method " ) )
eaptype : value ( " tls " , " TLS " )
eaptype : value ( " ttls " , " TTLS " )
eaptype : value ( " peap " , " PEAP " )
eaptype : value ( " fast " , " FAST " )
eaptype : depends ( { mode = " sta " , encryption = " wpa " } )
eaptype : depends ( { mode = " sta " , encryption = " wpa2 " } )
eaptype : depends ( { mode = " sta-wds " , encryption = " wpa " } )
eaptype : depends ( { mode = " sta-wds " , encryption = " wpa2 " } )
cacert = s : taboption ( " encryption " , FileUpload , " ca_cert " , translate ( " Path to CA-Certificate " ) )
cacert : depends ( { mode = " sta " , encryption = " wpa " } )
cacert : depends ( { mode = " sta " , encryption = " wpa2 " } )
cacert : depends ( { mode = " sta-wds " , encryption = " wpa " } )
cacert : depends ( { mode = " sta-wds " , encryption = " wpa2 " } )
cacert.rmempty = true
clientcert = s : taboption ( " encryption " , FileUpload , " client_cert " , translate ( " Path to Client-Certificate " ) )
clientcert : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa " } )
clientcert : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa2 " } )
clientcert : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa " } )
clientcert : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa2 " } )
privkey = s : taboption ( " encryption " , FileUpload , " priv_key " , translate ( " Path to Private Key " ) )
privkey : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa2 " } )
privkey : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa " } )
privkey : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa2 " } )
privkey : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa " } )
privkeypwd = s : taboption ( " encryption " , Value , " priv_key_pwd " , translate ( " Password of Private Key " ) )
privkeypwd : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa2 " } )
privkeypwd : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa " } )
privkeypwd : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa2 " } )
privkeypwd : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa " } )
privkeypwd.rmempty = true
privkeypwd.password = true
auth = s : taboption ( " encryption " , ListValue , " auth " , translate ( " Authentication " ) )
auth : value ( " PAP " , " PAP " , { eap_type = " ttls " } )
auth : value ( " CHAP " , " CHAP " , { eap_type = " ttls " } )
auth : value ( " MSCHAP " , " MSCHAP " , { eap_type = " ttls " } )
auth : value ( " MSCHAPV2 " , " MSCHAPv2 " , { eap_type = " ttls " } )
auth : value ( " EAP-GTC " )
auth : value ( " EAP-MD5 " )
auth : value ( " EAP-MSCHAPV2 " )
auth : value ( " EAP-TLS " )
auth : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa " } )
auth : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa " } )
auth : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa " } )
auth : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa " } )
auth : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa " } )
auth : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa2 " } )
auth : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa " } )
cacert2 = s : taboption ( " encryption " , FileUpload , " ca_cert2 " , translate ( " Path to inner CA-Certificate " ) )
cacert2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa " } )
cacert2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa2 " } )
cacert2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa " } )
cacert2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa2 " } )
clientcert2 = s : taboption ( " encryption " , FileUpload , " client_cert2 " , translate ( " Path to inner Client-Certificate " ) )
clientcert2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa " } )
clientcert2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa2 " } )
clientcert2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa " } )
clientcert2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa2 " } )
privkey2 = s : taboption ( " encryption " , FileUpload , " priv_key2 " , translate ( " Path to inner Private Key " ) )
privkey2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa " } )
privkey2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa2 " } )
privkey2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa " } )
privkey2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa2 " } )
privkeypwd2 = s : taboption ( " encryption " , Value , " priv_key2_pwd " , translate ( " Password of inner Private Key " ) )
privkeypwd2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa " } )
privkeypwd2 : depends ( { mode = " sta " , auth = " EAP-TLS " , encryption = " wpa2 " } )
privkeypwd2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa " } )
privkeypwd2 : depends ( { mode = " sta-wds " , auth = " EAP-TLS " , encryption = " wpa2 " } )
privkeypwd2.rmempty = true
privkeypwd2.password = true
identity = s : taboption ( " encryption " , Value , " identity " , translate ( " Identity " ) )
identity : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa " } )
identity : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa " } )
identity : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa " } )
identity : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa " } )
identity : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa " } )
identity : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa " } )
identity : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa " } )
identity : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa2 " } )
identity : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa " } )
anonymous_identity = s : taboption ( " encryption " , Value , " anonymous_identity " , translate ( " Anonymous Identity " ) )
anonymous_identity : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta " , eap_type = " tls " , encryption = " wpa " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa2 " } )
anonymous_identity : depends ( { mode = " sta-wds " , eap_type = " tls " , encryption = " wpa " } )
password = s : taboption ( " encryption " , Value , " password " , translate ( " Password " ) )
password : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa2 " } )
password : depends ( { mode = " sta " , eap_type = " fast " , encryption = " wpa " } )
password : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa2 " } )
password : depends ( { mode = " sta " , eap_type = " peap " , encryption = " wpa " } )
password : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa2 " } )
password : depends ( { mode = " sta " , eap_type = " ttls " , encryption = " wpa " } )
password : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa2 " } )
password : depends ( { mode = " sta-wds " , eap_type = " fast " , encryption = " wpa " } )
password : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa2 " } )
password : depends ( { mode = " sta-wds " , eap_type = " peap " , encryption = " wpa " } )
password : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa2 " } )
password : depends ( { mode = " sta-wds " , eap_type = " ttls " , encryption = " wpa " } )
password.rmempty = true
password.password = true
end
-- ieee802.11w options
if hwtype == " mac80211 " then
local has_80211w = ( os.execute ( " hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null " ) == 0 )
if has_80211w then
ieee80211w = s : taboption ( " encryption " , ListValue , " ieee80211w " ,
translate ( " 802.11w Management Frame Protection " ) ,
translate ( " Requires the 'full' version of wpad/hostapd " ..
" and support from the wifi driver <br />(as of Feb 2017: " ..
" ath9k and ath10k, in LEDE also mwlwifi and mt76) " ) )
ieee80211w.default = " "
ieee80211w.rmempty = true
ieee80211w : value ( " " , translate ( " Disabled (default) " ) )
ieee80211w : value ( " 1 " , translate ( " Optional " ) )
ieee80211w : value ( " 2 " , translate ( " Required " ) )
ieee80211w : depends ( { mode = " ap " , encryption = " wpa2 " } )
ieee80211w : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
ieee80211w : depends ( { mode = " ap " , encryption = " psk2 " } )
ieee80211w : depends ( { mode = " ap " , encryption = " psk-mixed " } )
ieee80211w : depends ( { mode = " ap-wds " , encryption = " psk2 " } )
ieee80211w : depends ( { mode = " ap-wds " , encryption = " psk-mixed " } )
max_timeout = s : taboption ( " encryption " , Value , " ieee80211w_max_timeout " ,
2018-03-15 14:27:42 +00:00
translate ( " 802.11w maximum timeout " ) ,
translate ( " 802.11w Association SA Query maximum timeout " ) )
2018-01-23 14:36:03 +00:00
max_timeout : depends ( { ieee80211w = " 1 " } )
max_timeout : depends ( { ieee80211w = " 2 " } )
max_timeout.datatype = " uinteger "
max_timeout.placeholder = " 1000 "
max_timeout.rmempty = true
retry_timeout = s : taboption ( " encryption " , Value , " ieee80211w_retry_timeout " ,
2018-03-15 14:27:42 +00:00
translate ( " 802.11w retry timeout " ) ,
translate ( " 802.11w Association SA Query retry timeout " ) )
2018-01-23 14:36:03 +00:00
retry_timeout : depends ( { ieee80211w = " 1 " } )
retry_timeout : depends ( { ieee80211w = " 2 " } )
retry_timeout.datatype = " uinteger "
retry_timeout.placeholder = " 201 "
retry_timeout.rmempty = true
end
2018-05-25 12:36:55 +00:00
key_retries = s : taboption ( " encryption " , Flag , " wpa_disable_eapol_key_retries " ,
2018-01-23 14:36:03 +00:00
translate ( " Enable key reinstallation (KRACK) countermeasures " ) ,
translate ( " Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load. " ) )
key_retries : depends ( { mode = " ap " , encryption = " wpa2 " } )
key_retries : depends ( { mode = " ap " , encryption = " psk2 " } )
key_retries : depends ( { mode = " ap " , encryption = " psk-mixed " } )
key_retries : depends ( { mode = " ap-wds " , encryption = " wpa2 " } )
key_retries : depends ( { mode = " ap-wds " , encryption = " psk2 " } )
key_retries : depends ( { mode = " ap-wds " , encryption = " psk-mixed " } )
end
2018-03-15 14:27:42 +00:00
if hwtype == " mac80211 " or hwtype == " prism2 " then
2018-01-23 14:36:03 +00:00
local wpasupplicant = fs.access ( " /usr/sbin/wpa_supplicant " )
local hostcli = fs.access ( " /usr/sbin/hostapd_cli " )
if hostcli and wpasupplicant then
wps = s : taboption ( " encryption " , Flag , " wps_pushbutton " , translate ( " Enable WPS pushbutton, requires WPA(2)-PSK " ) )
wps.enabled = " 1 "
wps.disabled = " 0 "
wps.rmempty = false
wps : depends ( " encryption " , " psk " )
wps : depends ( " encryption " , " psk2 " )
wps : depends ( " encryption " , " psk-mixed " )
end
end
return m
