projects / project / luci.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
luci-mod-admin-full: Add mesh_fwding support
[project/luci.git] / modules / luci-mod-admin-full / luasrc / model / cbi / admin_network / wifi.lua
1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
3
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
9
10 arg[1] = arg[1] or ""
11
12 m = Map("wireless", "",
13 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
14 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
15 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
16 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
17
18 m:chain("network")
19 m:chain("firewall")
20 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
21
22 local ifsection
23
24 function m.on_commit(map)
25 local wnet = nw:get_wifinet(arg[1])
26 if ifsection and wnet then
27 ifsection.section = wnet.sid
28 m.title = luci.util.pcdata(wnet:get_i18n())
29 end
30 end
31
32 nw.init(m.uci)
33
34 local wnet = nw:get_wifinet(arg[1])
35 local wdev = wnet and wnet:get_device()
36
37 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
38 if not wnet or not wdev then
39 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
40 return
41 end
42
43 -- wireless toggle was requested, commit and reload page
44 function m.parse(map)
45 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
46 local old_cc = m:get(wdev:name(), "country")
47
48 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
49 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
50 wnet:set("disabled", nil)
51 else
52 wnet:set("disabled", "1")
53 end
54 wdev:set("disabled", nil)
55
56 nw:commit("wireless")
57 luci.sys.call("(env -i /bin/ubus call network reload) >/dev/null 2>/dev/null")
58
59 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
60 return
61 end
62
63 Map.parse(map)
64
65 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
66 luci.sys.call("iw reg set %q" % new_cc)
67 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless", arg[1]))
68 return
69 end
70 end
71
72 m.title = luci.util.pcdata(wnet:get_i18n())
73
74
75 local function txpower_list(iw)
76 local list = iw.txpwrlist or { }
77 local off = tonumber(iw.txpower_offset) or 0
78 local new = { }
79 local prev = -1
80 local _, val
81 for _, val in ipairs(list) do
82 local dbm = val.dbm + off
83 local mw = math.floor(10 ^ (dbm / 10))
84 if mw ~= prev then
85 prev = mw
86 new[#new+1] = {
87 display_dbm = dbm,
88 display_mw = mw,
89 driver_dbm = val.dbm,
90 driver_mw = val.mw
91 }
92 end
93 end
94 return new
95 end
96
97 local function txpower_current(pwr, list)
98 pwr = tonumber(pwr)
99 if pwr ~= nil then
100 local _, item
101 for _, item in ipairs(list) do
102 if item.driver_dbm >= pwr then
103 return item.driver_dbm
104 end
105 end
106 end
107 return pwr or ""
108 end
109
110 local iw = luci.sys.wifi.getiwinfo(arg[1])
111 local hw_modes = iw.hwmodelist or { }
112 local tx_power_list = txpower_list(iw)
113 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
114
115 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
116 s.addremove = false
117
118 s:tab("general", translate("General Setup"))
119 s:tab("macfilter", translate("MAC-Filter"))
120 s:tab("advanced", translate("Advanced Settings"))
121
122 --[[
123 back = s:option(DummyValue, "_overview", translate("Overview"))
124 back.value = ""
125 back.titleref = luci.dispatcher.build_url("admin", "network", "wireless")
126 ]]
127
128 st = s:taboption("general", DummyValue, "__status", translate("Status"))
129 st.template = "admin_network/wifi_status"
130 st.ifname = arg[1]
131
132 en = s:taboption("general", Button, "__toggle")
133
134 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
135 en.title = translate("Wireless network is disabled")
136 en.inputtitle = translate("Enable")
137 en.inputstyle = "apply"
138 else
139 en.title = translate("Wireless network is enabled")
140 en.inputtitle = translate("Disable")
141 en.inputstyle = "reset"
142 end
143
144
145 local hwtype = wdev:get("type")
146
147 -- NanoFoo
148 local nsantenna = wdev:get("antenna")
149
150 -- Check whether there are client interfaces on the same radio,
151 -- if yes, lock the channel choice as these stations will dicatate the freq
152 local found_sta = nil
153 local _, net
154 if wnet:mode() ~= "sta" then
155 for _, net in ipairs(wdev:get_wifinets()) do
156 if net:mode() == "sta" and net:get("disabled") ~= "1" then
157 if not found_sta then
158 found_sta = {}
159 found_sta.channel = net:channel()
160 found_sta.names = {}
161 end
162 found_sta.names[#found_sta.names+1] = net:shortname()
163 end
164 end
165 end
166
167 if found_sta then
168 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
169 ch.value = translatef("Locked to channel %s used by: %s",
170 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
171 else
172 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
173 ch.hwmodes = hw_modes
174 ch.htmodes = iw.htmodelist
175 ch.freqlist = iw.freqlist
176 ch.template = "cbi/wireless_modefreq"
177
178 function ch.cfgvalue(self, section)
179 return {
180 m:get(section, "hwmode") or "",
181 m:get(section, "channel") or "auto",
182 m:get(section, "htmode") or ""
183 }
184 end
185
186 function ch.formvalue(self, section)
187 return {
188 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
189 m:formvalue(self:cbid(section) .. ".channel") or "auto",
190 m:formvalue(self:cbid(section) .. ".htmode") or ""
191 }
192 end
193
194 function ch.write(self, section, value)
195 m:set(section, "hwmode", value[1])
196 m:set(section, "channel", value[2])
197 m:set(section, "htmode", value[3])
198 end
199 end
200
201 ------------------- MAC80211 Device ------------------
202
203 if hwtype == "mac80211" then
204 if #tx_power_list > 0 then
205 tp = s:taboption("general", ListValue,
206 "txpower", translate("Transmit Power"), "dBm")
207 tp.rmempty = true
208 tp.default = tx_power_cur
209 function tp.cfgvalue(...)
210 return txpower_current(Value.cfgvalue(...), tx_power_list)
211 end
212
213 tp:value("", translate("auto"))
214 for _, p in ipairs(tx_power_list) do
215 tp:value(p.driver_dbm, "%i dBm (%i mW)"
216 %{ p.display_dbm, p.display_mw })
217 end
218 end
219
220 local cl = iw and iw.countrylist
221 if cl and #cl > 0 then
222 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
223 cc.default = tostring(iw and iw.country or "00")
224 for _, c in ipairs(cl) do
225 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
226 end
227 else
228 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
229 end
230
231 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
232 translate("Distance to farthest network member in meters."))
233
234 -- external antenna profiles
235 local eal = iw and iw.extant
236 if eal and #eal > 0 then
237 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
238 for _, eap in ipairs(eal) do
239 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
240 if eap.selected then
241 ea.default = eap.id
242 end
243 end
244 end
245
246 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
247 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
248 end
249
250
251 ------------------- Madwifi Device ------------------
252
253 if hwtype == "atheros" then
254 tp = s:taboption("general",
255 (#tx_power_list > 0) and ListValue or Value,
256 "txpower", translate("Transmit Power"), "dBm")
257
258 tp.rmempty = true
259 tp.default = tx_power_cur
260
261 function tp.cfgvalue(...)
262 return txpower_current(Value.cfgvalue(...), tx_power_list)
263 end
264
265 tp:value("", translate("auto"))
266 for _, p in ipairs(tx_power_list) do
267 tp:value(p.driver_dbm, "%i dBm (%i mW)"
268 %{ p.display_dbm, p.display_mw })
269 end
270
271 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
272
273 if not nsantenna then
274 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
275 ant1.widget = "radio"
276 ant1.orientation = "horizontal"
277 ant1:depends("diversity", "")
278 ant1:value("0", translate("auto"))
279 ant1:value("1", translate("Antenna 1"))
280 ant1:value("2", translate("Antenna 2"))
281
282 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
283 ant2.widget = "radio"
284 ant2.orientation = "horizontal"
285 ant2:depends("diversity", "")
286 ant2:value("0", translate("auto"))
287 ant2:value("1", translate("Antenna 1"))
288 ant2:value("2", translate("Antenna 2"))
289
290 else -- NanoFoo
291 local ant = s:taboption("advanced", ListValue, "antenna", translate("Transmitter Antenna"))
292 ant:value("auto")
293 ant:value("vertical")
294 ant:value("horizontal")
295 ant:value("external")
296 end
297
298 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
299 translate("Distance to farthest network member in meters."))
300 s:taboption("advanced", Value, "regdomain", translate("Regulatory Domain"))
301 s:taboption("advanced", Value, "country", translate("Country Code"))
302 s:taboption("advanced", Flag, "outdoor", translate("Outdoor Channels"))
303
304 --s:option(Flag, "nosbeacon", translate("Disable HW-Beacon timer"))
305 end
306
307
308
309 ------------------- Broadcom Device ------------------
310
311 if hwtype == "broadcom" then
312 tp = s:taboption("general",
313 (#tx_power_list > 0) and ListValue or Value,
314 "txpower", translate("Transmit Power"), "dBm")
315
316 tp.rmempty = true
317 tp.default = tx_power_cur
318
319 function tp.cfgvalue(...)
320 return txpower_current(Value.cfgvalue(...), tx_power_list)
321 end
322
323 tp:value("", translate("auto"))
324 for _, p in ipairs(tx_power_list) do
325 tp:value(p.driver_dbm, "%i dBm (%i mW)"
326 %{ p.display_dbm, p.display_mw })
327 end
328
329 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
330 if hw_modes.b then
331 mode:value("11b", "2.4GHz (802.11b)")
332 if hw_modes.g then
333 mode:value("11bg", "2.4GHz (802.11b+g)")
334 end
335 end
336 if hw_modes.g then
337 mode:value("11g", "2.4GHz (802.11g)")
338 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
339 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
340 end
341 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
342 if hw_modes.n then
343 if hw_modes.g then
344 mode:value("11ng", "2.4GHz (802.11g+n)")
345 mode:value("11n", "2.4GHz (802.11n)")
346 end
347 if hw_modes.a then
348 mode:value("11na", "5GHz (802.11a+n)")
349 mode:value("11n", "5GHz (802.11n)")
350 end
351 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
352 htmode:depends("hwmode", "11ng")
353 htmode:depends("hwmode", "11na")
354 htmode:depends("hwmode", "11n")
355 htmode:value("HT20", "20MHz")
356 htmode:value("HT40", "40MHz")
357 end
358
359 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
360 ant1.widget = "radio"
361 ant1:depends("diversity", "")
362 ant1:value("3", translate("auto"))
363 ant1:value("0", translate("Antenna 1"))
364 ant1:value("1", translate("Antenna 2"))
365
366 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
367 ant2.widget = "radio"
368 ant2:depends("diversity", "")
369 ant2:value("3", translate("auto"))
370 ant2:value("0", translate("Antenna 1"))
371 ant2:value("1", translate("Antenna 2"))
372
373 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
374
375 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
376 --s:option(Value, "slottime", translate("Slot time"))
377
378 s:taboption("advanced", Value, "country", translate("Country Code"))
379 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
380 end
381
382
383 --------------------- HostAP Device ---------------------
384
385 if hwtype == "prism2" then
386 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
387
388 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
389
390 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
391 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
392 end
393
394
395 ----------------------- Interface -----------------------
396
397 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
398 ifsection = s
399 s.addremove = false
400 s.anonymous = true
401 s.defaults.device = wdev:name()
402
403 s:tab("general", translate("General Setup"))
404 s:tab("encryption", translate("Wireless Security"))
405 s:tab("macfilter", translate("MAC-Filter"))
406 s:tab("advanced", translate("Advanced Settings"))
407
408 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
409 mode.override_values = true
410 mode:value("ap", translate("Access Point"))
411 mode:value("sta", translate("Client"))
412 mode:value("adhoc", translate("Ad-Hoc"))
413
414 meshid = s:taboption("general", Value, "mesh_id", translate("Mesh Id"))
415 meshid:depends({mode="mesh"})
416
417 meshfwd = s:taboption("advanced", Flag, "mesh_fwding", translate("internal forwarding of Mesh-peers"))
418 meshfwd.rmempty = false
419 meshfwd.default = "1"
420 meshfwd:depends({mode="mesh"})
421
422 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
423 ssid.datatype = "maxlength(32)"
424 ssid:depends({mode="ap"})
425 ssid:depends({mode="sta"})
426 ssid:depends({mode="adhoc"})
427 ssid:depends({mode="ahdemo"})
428 ssid:depends({mode="monitor"})
429 ssid:depends({mode="ap-wds"})
430 ssid:depends({mode="sta-wds"})
431 ssid:depends({mode="wds"})
432
433 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
434
435 network = s:taboption("general", Value, "network", translate("Network"),
436 translate("Choose the network(s) you want to attach to this wireless interface or " ..
437 "fill out the <em>create</em> field to define a new network."))
438
439 network.rmempty = true
440 network.template = "cbi/network_netlist"
441 network.widget = "checkbox"
442 network.novirtual = true
443
444 function network.write(self, section, value)
445 local i = nw:get_interface(section)
446 if i then
447 if value == '-' then
448 value = m:formvalue(self:cbid(section) .. ".newnet")
449 if value and #value > 0 then
450 local n = nw:add_network(value, {proto="none"})
451 if n then n:add_interface(i) end
452 else
453 local n = i:get_network()
454 if n then n:del_interface(i) end
455 end
456 else
457 local v
458 for _, v in ipairs(i:get_networks()) do
459 v:del_interface(i)
460 end
461 for v in ut.imatch(value) do
462 local n = nw:get_network(v)
463 if n then
464 if not n:is_empty() then
465 n:set("type", "bridge")
466 end
467 n:add_interface(i)
468 end
469 end
470 end
471 end
472 end
473
474 -------------------- MAC80211 Interface ----------------------
475
476 if hwtype == "mac80211" then
477 if fs.access("/usr/sbin/iw") then
478 mode:value("mesh", "802.11s")
479 end
480
481 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
482 mode:value("monitor", translate("Monitor"))
483 bssid:depends({mode="adhoc"})
484 bssid:depends({mode="sta"})
485 bssid:depends({mode="sta-wds"})
486
487 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
488 mp:depends({mode="ap"})
489 mp:depends({mode="ap-wds"})
490 mp:value("", translate("disable"))
491 mp:value("allow", translate("Allow listed only"))
492 mp:value("deny", translate("Allow all except listed"))
493
494 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
495 ml.datatype = "macaddr"
496 ml:depends({macfilter="allow"})
497 ml:depends({macfilter="deny"})
498 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
499
500 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
501 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
502
503 function mode.write(self, section, value)
504 if value == "ap-wds" then
505 ListValue.write(self, section, "ap")
506 m.uci:set("wireless", section, "wds", 1)
507 elseif value == "sta-wds" then
508 ListValue.write(self, section, "sta")
509 m.uci:set("wireless", section, "wds", 1)
510 else
511 ListValue.write(self, section, value)
512 m.uci:delete("wireless", section, "wds")
513 end
514 end
515
516 function mode.cfgvalue(self, section)
517 local mode = ListValue.cfgvalue(self, section)
518 local wds = m.uci:get("wireless", section, "wds") == "1"
519
520 if mode == "ap" and wds then
521 return "ap-wds"
522 elseif mode == "sta" and wds then
523 return "sta-wds"
524 else
525 return mode
526 end
527 end
528
529 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
530 hidden:depends({mode="ap"})
531 hidden:depends({mode="ap-wds"})
532
533 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
534 wmm:depends({mode="ap"})
535 wmm:depends({mode="ap-wds"})
536 wmm.default = wmm.enabled
537
538 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
539 ifname.optional = true
540 end
541
542
543
544 -------------------- Madwifi Interface ----------------------
545
546 if hwtype == "atheros" then
547 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
548 mode:value("monitor", translate("Monitor"))
549 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
550 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
551 mode:value("wds", translate("Static WDS"))
552
553 function mode.write(self, section, value)
554 if value == "ap-wds" then
555 ListValue.write(self, section, "ap")
556 m.uci:set("wireless", section, "wds", 1)
557 elseif value == "sta-wds" then
558 ListValue.write(self, section, "sta")
559 m.uci:set("wireless", section, "wds", 1)
560 else
561 ListValue.write(self, section, value)
562 m.uci:delete("wireless", section, "wds")
563 end
564 end
565
566 function mode.cfgvalue(self, section)
567 local mode = ListValue.cfgvalue(self, section)
568 local wds = m.uci:get("wireless", section, "wds") == "1"
569
570 if mode == "ap" and wds then
571 return "ap-wds"
572 elseif mode == "sta" and wds then
573 return "sta-wds"
574 else
575 return mode
576 end
577 end
578
579 bssid:depends({mode="adhoc"})
580 bssid:depends({mode="ahdemo"})
581 bssid:depends({mode="wds"})
582
583 wdssep = s:taboption("advanced", Flag, "wdssep", translate("Separate WDS"))
584 wdssep:depends({mode="ap-wds"})
585
586 s:taboption("advanced", Flag, "doth", "802.11h")
587 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
588 hidden:depends({mode="ap"})
589 hidden:depends({mode="adhoc"})
590 hidden:depends({mode="ap-wds"})
591 hidden:depends({mode="sta-wds"})
592 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
593 translate("Prevents client-to-client communication"))
594 isolate:depends({mode="ap"})
595 s:taboption("advanced", Flag, "bgscan", translate("Background Scan"))
596
597 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
598 mp:value("", translate("disable"))
599 mp:value("allow", translate("Allow listed only"))
600 mp:value("deny", translate("Allow all except listed"))
601
602 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
603 ml.datatype = "macaddr"
604 ml:depends({macpolicy="allow"})
605 ml:depends({macpolicy="deny"})
606 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
607
608 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
609 s:taboption("advanced", Value, "mcast_rate", translate("Multicast Rate"))
610 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
611 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
612 s:taboption("advanced", Value, "minrate", translate("Minimum Rate"))
613 s:taboption("advanced", Value, "maxrate", translate("Maximum Rate"))
614 s:taboption("advanced", Flag, "compression", translate("Compression"))
615
616 s:taboption("advanced", Flag, "bursting", translate("Frame Bursting"))
617 s:taboption("advanced", Flag, "turbo", translate("Turbo Mode"))
618 s:taboption("advanced", Flag, "ff", translate("Fast Frames"))
619
620 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
621 s:taboption("advanced", Flag, "xr", translate("XR Support"))
622 s:taboption("advanced", Flag, "ar", translate("AR Support"))
623
624 local swm = s:taboption("advanced", Flag, "sw_merge", translate("Disable HW-Beacon timer"))
625 swm:depends({mode="adhoc"})
626
627 local nos = s:taboption("advanced", Flag, "nosbeacon", translate("Disable HW-Beacon timer"))
628 nos:depends({mode="sta"})
629 nos:depends({mode="sta-wds"})
630
631 local probereq = s:taboption("advanced", Flag, "probereq", translate("Do not send probe responses"))
632 probereq.enabled = "0"
633 probereq.disabled = "1"
634 end
635
636
637 -------------------- Broadcom Interface ----------------------
638
639 if hwtype == "broadcom" then
640 mode:value("wds", translate("WDS"))
641 mode:value("monitor", translate("Monitor"))
642
643 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
644 hidden:depends({mode="ap"})
645 hidden:depends({mode="adhoc"})
646 hidden:depends({mode="wds"})
647
648 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
649 translate("Prevents client-to-client communication"))
650 isolate:depends({mode="ap"})
651
652 s:taboption("advanced", Flag, "doth", "802.11h")
653 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
654
655 bssid:depends({mode="wds"})
656 bssid:depends({mode="adhoc"})
657 end
658
659
660 ----------------------- HostAP Interface ---------------------
661
662 if hwtype == "prism2" then
663 mode:value("wds", translate("WDS"))
664 mode:value("monitor", translate("Monitor"))
665
666 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
667 hidden:depends({mode="ap"})
668 hidden:depends({mode="adhoc"})
669 hidden:depends({mode="wds"})
670
671 bssid:depends({mode="sta"})
672
673 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
674 mp:value("", translate("disable"))
675 mp:value("allow", translate("Allow listed only"))
676 mp:value("deny", translate("Allow all except listed"))
677 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
678 ml:depends({macpolicy="allow"})
679 ml:depends({macpolicy="deny"})
680 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
681
682 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
683 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
684 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
685 end
686
687
688 ------------------- WiFI-Encryption -------------------
689
690 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
691 encr.override_values = true
692 encr.override_depends = true
693 encr:depends({mode="ap"})
694 encr:depends({mode="sta"})
695 encr:depends({mode="adhoc"})
696 encr:depends({mode="ahdemo"})
697 encr:depends({mode="ap-wds"})
698 encr:depends({mode="sta-wds"})
699 encr:depends({mode="mesh"})
700
701 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
702 cipher:depends({encryption="wpa"})
703 cipher:depends({encryption="wpa2"})
704 cipher:depends({encryption="psk"})
705 cipher:depends({encryption="psk2"})
706 cipher:depends({encryption="wpa-mixed"})
707 cipher:depends({encryption="psk-mixed"})
708 cipher:value("auto", translate("auto"))
709 cipher:value("ccmp", translate("Force CCMP (AES)"))
710 cipher:value("tkip", translate("Force TKIP"))
711 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
712
713 function encr.cfgvalue(self, section)
714 local v = tostring(ListValue.cfgvalue(self, section))
715 if v == "wep" then
716 return "wep-open"
717 elseif v and v:match("%+") then
718 return (v:gsub("%+.+$", ""))
719 end
720 return v
721 end
722
723 function encr.write(self, section, value)
724 local e = tostring(encr:formvalue(section))
725 local c = tostring(cipher:formvalue(section))
726 if value == "wpa" or value == "wpa2" then
727 self.map.uci:delete("wireless", section, "key")
728 end
729 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
730 e = e .. "+" .. c
731 end
732 self.map:set(section, "encryption", e)
733 end
734
735 function cipher.cfgvalue(self, section)
736 local v = tostring(ListValue.cfgvalue(encr, section))
737 if v and v:match("%+") then
738 v = v:gsub("^[^%+]+%+", "")
739 if v == "aes" then v = "ccmp"
740 elseif v == "tkip+aes" then v = "tkip+ccmp"
741 elseif v == "aes+tkip" then v = "tkip+ccmp"
742 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
743 end
744 end
745 return v
746 end
747
748 function cipher.write(self, section)
749 return encr:write(section)
750 end
751
752
753 encr:value("none", "No Encryption")
754 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
755 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
756
757 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
758 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
759 local hostapd = fs.access("/usr/sbin/hostapd")
760
761 -- Probe EAP support
762 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
763 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
764
765 if hostapd and supplicant then
766 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
767 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
768 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
769 if has_ap_eap and has_sta_eap then
770 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
771 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
772 end
773 elseif hostapd and not supplicant then
774 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
775 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
776 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
777 if has_ap_eap then
778 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
779 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
780 end
781 encr.description = translate(
782 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
783 "and ad-hoc mode) to be installed."
784 )
785 elseif not hostapd and supplicant then
786 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"})
787 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"})
788 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"})
789 if has_sta_eap then
790 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
791 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
792 end
793 encr.description = translate(
794 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
795 "and ad-hoc mode) to be installed."
796 )
797 else
798 encr.description = translate(
799 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
800 "and ad-hoc mode) to be installed."
801 )
802 end
803 elseif hwtype == "broadcom" then
804 encr:value("psk", "WPA-PSK")
805 encr:value("psk2", "WPA2-PSK")
806 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
807 end
808
809 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
810 auth_server:depends({mode="ap", encryption="wpa"})
811 auth_server:depends({mode="ap", encryption="wpa2"})
812 auth_server:depends({mode="ap-wds", encryption="wpa"})
813 auth_server:depends({mode="ap-wds", encryption="wpa2"})
814 auth_server.rmempty = true
815 auth_server.datatype = "host(0)"
816
817 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
818 auth_port:depends({mode="ap", encryption="wpa"})
819 auth_port:depends({mode="ap", encryption="wpa2"})
820 auth_port:depends({mode="ap-wds", encryption="wpa"})
821 auth_port:depends({mode="ap-wds", encryption="wpa2"})
822 auth_port.rmempty = true
823 auth_port.datatype = "port"
824
825 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
826 auth_secret:depends({mode="ap", encryption="wpa"})
827 auth_secret:depends({mode="ap", encryption="wpa2"})
828 auth_secret:depends({mode="ap-wds", encryption="wpa"})
829 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
830 auth_secret.rmempty = true
831 auth_secret.password = true
832
833 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
834 acct_server:depends({mode="ap", encryption="wpa"})
835 acct_server:depends({mode="ap", encryption="wpa2"})
836 acct_server:depends({mode="ap-wds", encryption="wpa"})
837 acct_server:depends({mode="ap-wds", encryption="wpa2"})
838 acct_server.rmempty = true
839 acct_server.datatype = "host(0)"
840
841 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
842 acct_port:depends({mode="ap", encryption="wpa"})
843 acct_port:depends({mode="ap", encryption="wpa2"})
844 acct_port:depends({mode="ap-wds", encryption="wpa"})
845 acct_port:depends({mode="ap-wds", encryption="wpa2"})
846 acct_port.rmempty = true
847 acct_port.datatype = "port"
848
849 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
850 acct_secret:depends({mode="ap", encryption="wpa"})
851 acct_secret:depends({mode="ap", encryption="wpa2"})
852 acct_secret:depends({mode="ap-wds", encryption="wpa"})
853 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
854 acct_secret.rmempty = true
855 acct_secret.password = true
856
857 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
858 wpakey:depends("encryption", "psk")
859 wpakey:depends("encryption", "psk2")
860 wpakey:depends("encryption", "psk+psk2")
861 wpakey:depends("encryption", "psk-mixed")
862 wpakey.datatype = "wpakey"
863 wpakey.rmempty = true
864 wpakey.password = true
865
866 wpakey.cfgvalue = function(self, section, value)
867 local key = m.uci:get("wireless", section, "key")
868 if key == "1" or key == "2" or key == "3" or key == "4" then
869 return nil
870 end
871 return key
872 end
873
874 wpakey.write = function(self, section, value)
875 self.map.uci:set("wireless", section, "key", value)
876 self.map.uci:delete("wireless", section, "key1")
877 end
878
879
880 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
881 wepslot:depends("encryption", "wep-open")
882 wepslot:depends("encryption", "wep-shared")
883 wepslot:value("1", translatef("Key #%d", 1))
884 wepslot:value("2", translatef("Key #%d", 2))
885 wepslot:value("3", translatef("Key #%d", 3))
886 wepslot:value("4", translatef("Key #%d", 4))
887
888 wepslot.cfgvalue = function(self, section)
889 local slot = tonumber(m.uci:get("wireless", section, "key"))
890 if not slot or slot < 1 or slot > 4 then
891 return 1
892 end
893 return slot
894 end
895
896 wepslot.write = function(self, section, value)
897 self.map.uci:set("wireless", section, "key", value)
898 end
899
900 local slot
901 for slot=1,4 do
902 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
903 wepkey:depends("encryption", "wep-open")
904 wepkey:depends("encryption", "wep-shared")
905 wepkey.datatype = "wepkey"
906 wepkey.rmempty = true
907 wepkey.password = true
908
909 function wepkey.write(self, section, value)
910 if value and (#value == 5 or #value == 13) then
911 value = "s:" .. value
912 end
913 return Value.write(self, section, value)
914 end
915 end
916
917
918 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
919
920 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
921 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
922
923 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
924 translate("802.11r Fast Transition"),
925 translate("Enables fast roaming among access points that belong " ..
926 "to the same Mobility Domain"))
927 ieee80211r:depends({mode="ap", encryption="wpa"})
928 ieee80211r:depends({mode="ap", encryption="wpa2"})
929 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
930 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
931 if has_80211r then
932 ieee80211r:depends({mode="ap", encryption="psk"})
933 ieee80211r:depends({mode="ap", encryption="psk2"})
934 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
935 end
936 ieee80211r.rmempty = true
937
938 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
939 translate("Used for two different purposes: RADIUS NAS ID and " ..
940 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
941 nasid:depends({mode="ap", encryption="wpa"})
942 nasid:depends({mode="ap", encryption="wpa2"})
943 nasid:depends({mode="ap-wds", encryption="wpa"})
944 nasid:depends({mode="ap-wds", encryption="wpa2"})
945 nasid:depends({ieee80211r="1"})
946 nasid.rmempty = true
947
948 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
949 translate("Mobility Domain"),
950 translate("4-character hexadecimal ID"))
951 mobility_domain:depends({ieee80211r="1"})
952 mobility_domain.placeholder = "4f57"
953 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
954 mobility_domain.rmempty = true
955
956 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
957 translate("R0 Key Lifetime"), translate("minutes"))
958 r0_key_lifetime:depends({ieee80211r="1"})
959 r0_key_lifetime.placeholder = "10000"
960 r0_key_lifetime.datatype = "uinteger"
961 r0_key_lifetime.rmempty = true
962
963 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
964 translate("R1 Key Holder"),
965 translate("6-octet identifier as a hex string - no colons"))
966 r1_key_holder:depends({ieee80211r="1"})
967 r1_key_holder.placeholder = "00004f577274"
968 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
969 r1_key_holder.rmempty = true
970
971 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
972 translate("Reassociation Deadline"),
973 translate("time units (TUs / 1.024 ms) [1000-65535]"))
974 reassociation_deadline:depends({ieee80211r="1"})
975 reassociation_deadline.placeholder = "1000"
976 reassociation_deadline.datatype = "range(1000,65535)"
977 reassociation_deadline.rmempty = true
978
979 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
980 pmk_r1_push:depends({ieee80211r="1"})
981 pmk_r1_push.placeholder = "0"
982 pmk_r1_push.rmempty = true
983
984 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
985 translate("List of R0KHs in the same Mobility Domain. " ..
986 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
987 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
988 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
989 "used during the Initial Mobility Domain Association."))
990
991 r0kh:depends({ieee80211r="1"})
992 r0kh.rmempty = true
993
994 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
995 translate ("List of R1KHs in the same Mobility Domain. "..
996 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
997 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
998 "when sending PMK-R1 key from the R0KH. This is also the " ..
999 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
1000 r1kh:depends({ieee80211r="1"})
1001 r1kh.rmempty = true
1002 -- End of 802.11r options
1003
1004 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
1005 eaptype:value("tls", "TLS")
1006 eaptype:value("ttls", "TTLS")
1007 eaptype:value("peap", "PEAP")
1008 eaptype:value("fast", "FAST")
1009 eaptype:depends({mode="sta", encryption="wpa"})
1010 eaptype:depends({mode="sta", encryption="wpa2"})
1011 eaptype:depends({mode="sta-wds", encryption="wpa"})
1012 eaptype:depends({mode="sta-wds", encryption="wpa2"})
1013
1014 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
1015 cacert:depends({mode="sta", encryption="wpa"})
1016 cacert:depends({mode="sta", encryption="wpa2"})
1017 cacert:depends({mode="sta-wds", encryption="wpa"})
1018 cacert:depends({mode="sta-wds", encryption="wpa2"})
1019 cacert.rmempty = true
1020
1021 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
1022 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
1023 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1024 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1025 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1026
1027 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
1028 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1029 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
1030 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1031 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1032
1033 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
1034 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1035 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
1036 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1037 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1038 privkeypwd.rmempty = true
1039 privkeypwd.password = true
1040
1041 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
1042 auth:value("PAP", "PAP", {eap_type="ttls"})
1043 auth:value("CHAP", "CHAP", {eap_type="ttls"})
1044 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
1045 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
1046 auth:value("EAP-GTC")
1047 auth:value("EAP-MD5")
1048 auth:value("EAP-MSCHAPV2")
1049 auth:value("EAP-TLS")
1050 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1051 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
1052 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1053 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
1054 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1055 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1056 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1057 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1058 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1059 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1060 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1061 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1062
1063 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
1064 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1065 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1066 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1067 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1068
1069 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
1070 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1071 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1072 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1073 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1074
1075 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
1076 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1077 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1078 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1079 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1080
1081 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
1082 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1083 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1084 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1085 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1086 privkeypwd2.rmempty = true
1087 privkeypwd2.password = true
1088
1089 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
1090 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1091 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1092 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1093 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1094 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1095 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1096 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1097 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1098 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1099 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1100 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1101 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1102 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1103 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1104 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1105 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1106
1107 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
1108 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1109 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1110 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1111 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1112 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1113 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1114 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1115 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1116 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1117 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1118 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1119 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1120 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1121 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1122 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1123 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1124
1125 password = s:taboption("encryption", Value, "password", translate("Password"))
1126 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1127 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
1128 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1129 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
1130 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1131 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1132 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1133 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1134 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1135 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1136 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1137 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1138 password.rmempty = true
1139 password.password = true
1140 end
1141
1142 -- ieee802.11w options
1143 if hwtype == "mac80211" then
1144 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
1145 if has_80211w then
1146 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
1147 translate("802.11w Management Frame Protection"),
1148 translate("Requires the 'full' version of wpad/hostapd " ..
1149 "and support from the wifi driver <br />(as of Feb 2017: " ..
1150 "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
1151 ieee80211w.default = ""
1152 ieee80211w.rmempty = true
1153 ieee80211w:value("", translate("Disabled (default)"))
1154 ieee80211w:value("1", translate("Optional"))
1155 ieee80211w:value("2", translate("Required"))
1156 ieee80211w:depends({mode="ap", encryption="wpa2"})
1157 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
1158 ieee80211w:depends({mode="ap", encryption="psk2"})
1159 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
1160 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
1161 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1162
1163 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1164 translate("802.11w maximum timeout"),
1165 translate("802.11w Association SA Query maximum timeout"))
1166 max_timeout:depends({ieee80211w="1"})
1167 max_timeout:depends({ieee80211w="2"})
1168 max_timeout.datatype = "uinteger"
1169 max_timeout.placeholder = "1000"
1170 max_timeout.rmempty = true
1171
1172 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1173 translate("802.11w retry timeout"),
1174 translate("802.11w Association SA Query retry timeout"))
1175 retry_timeout:depends({ieee80211w="1"})
1176 retry_timeout:depends({ieee80211w="2"})
1177 retry_timeout.datatype = "uinteger"
1178 retry_timeout.placeholder = "201"
1179 retry_timeout.rmempty = true
1180 end
1181
1182 local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
1183 translate("Enable key reinstallation (KRACK) countermeasures"),
1184 translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
1185
1186 key_retries:depends({mode="ap", encryption="wpa2"})
1187 key_retries:depends({mode="ap", encryption="psk2"})
1188 key_retries:depends({mode="ap", encryption="psk-mixed"})
1189 key_retries:depends({mode="ap-wds", encryption="wpa2"})
1190 key_retries:depends({mode="ap-wds", encryption="psk2"})
1191 key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
1192 end
1193
1194 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
1195 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1196 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1197 if hostcli and wpasupplicant then
1198 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1199 wps.enabled = "1"
1200 wps.disabled = "0"
1201 wps.rmempty = false
1202 wps:depends("encryption", "psk")
1203 wps:depends("encryption", "psk2")
1204 wps:depends("encryption", "psk-mixed")
1205 end
1206 end
1207
1208 return m
Lua Configuration Interface (mirror)