1 -- Copyright 2008 Steven Barth <steven@midlink.org>
2 -- Licensed to the public under the Apache License 2.0.
4 local wa = require "luci.tools.webadmin"
5 local nw = require "luci.model.network"
6 local ut = require "luci.util"
7 local nt = require "luci.sys".net
8 local fs = require "nixio.fs"
10 local acct_port, acct_secret, acct_server, anonymous_identity, ant1, ant2,
11 auth, auth_port, auth_secret, auth_server, bssid, cacert, cacert2,
12 cc, ch, cipher, clientcert, clientcert2, ea, eaptype, en, encr,
13 ft_protocol, ft_psk_generate_local, hidden, htmode, identity,
14 ieee80211r, ieee80211w, ifname, isolate, key_retries,
15 legacyrates, max_timeout, meshfwd, meshid, ml, mobility_domain, mode,
16 mp, nasid, network, password, pmk_r1_push, privkey, privkey2, privkeypwd,
17 privkeypwd2, r0_key_lifetime, r0kh, r1_key_holder, r1kh,
18 reassociation_deadline, retry_timeout, ssid, st, tp, wepkey, wepslot,
19 wmm, wpakey, wps, disassoc_low_ack, short_preamble, beacon_int, dtim_period,
20 wparekey, inactivitypool, maxinactivity, listeninterval,
21 dae_client, dae_port, dae_port
26 m = Map("wireless", "",
27 translate("The <em>Device Configuration</em> section covers physical settings of the radio " ..
28 "hardware such as channel, transmit power or antenna selection which are shared among all " ..
29 "defined wireless networks (if the radio hardware is multi-SSID capable). Per network settings " ..
30 "like encryption or operation mode are grouped in the <em>Interface Configuration</em>."))
34 m.redirect = luci.dispatcher.build_url("admin/network/wireless")
38 local wnet = nw:get_wifinet(arg[1])
39 local wdev = wnet and wnet:get_device()
41 -- redirect to overview page if network does not exist anymore (e.g. after a revert)
42 if not wnet or not wdev then
43 luci.http.redirect(luci.dispatcher.build_url("admin/network/wireless"))
47 local function txpower_list(iw)
48 local list = iw.txpwrlist or { }
49 local off = tonumber(iw.txpower_offset) or 0
53 for _, val in ipairs(list) do
54 local dbm = val.dbm + off
55 local mw = math.floor(10 ^ (dbm / 10))
69 local function txpower_current(pwr, list)
73 for _, item in ipairs(list) do
74 if item.driver_dbm >= pwr then
75 return item.driver_dbm
82 local iw = luci.sys.wifi.getiwinfo(arg[1])
83 local hw_modes = iw.hwmodelist or { }
84 local tx_power_list = txpower_list(iw)
85 local tx_power_cur = txpower_current(wdev:get("txpower"), tx_power_list)
87 -- wireless toggle was requested, commit and reload page
89 local new_cc = m:formvalue("cbid.wireless.%s.country" % wdev:name())
90 local old_cc = m:get(wdev:name(), "country")
92 if m:formvalue("cbid.wireless.%s.__toggle" % wdev:name()) then
93 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
94 wnet:set("disabled", nil)
96 wnet:set("disabled", "1")
98 wdev:set("disabled", nil)
105 if m:get(wdev:name(), "type") == "mac80211" and new_cc and new_cc ~= old_cc then
106 luci.sys.call("iw reg set %s" % ut.shellquote(new_cc))
108 local old_ch = tonumber(m:formvalue("cbid.wireless.%s._mode_freq.channel" % wdev:name()) or "")
111 for _, c in ipairs(iw.freqlist) do
112 if c.channel > old_ch or (old_ch <= 14 and c.channel > 14) then
117 if new_ch ~= old_ch then
118 wdev:set("channel", new_ch)
119 m.message = translatef("Channel %d is not available in the %s regulatory domain and has been auto-adjusted to %d.",
120 old_ch, new_cc, new_ch)
125 if wdev:get("disabled") == "1" or wnet:get("disabled") == "1" then
126 en.title = translate("Wireless network is disabled")
127 en.inputtitle = translate("Enable")
128 en.inputstyle = "apply"
130 en.title = translate("Wireless network is enabled")
131 en.inputtitle = translate("Disable")
132 en.inputstyle = "reset"
136 m.title = luci.util.pcdata(wnet:get_i18n())
138 s = m:section(NamedSection, wdev:name(), "wifi-device", translate("Device Configuration"))
141 s:tab("general", translate("General Setup"))
142 s:tab("macfilter", translate("MAC-Filter"))
143 s:tab("advanced", translate("Advanced Settings"))
145 st = s:taboption("general", DummyValue, "__status", translate("Status"))
146 st.template = "admin_network/wifi_status"
149 en = s:taboption("general", Button, "__toggle")
151 local hwtype = wdev:get("type")
154 local nsantenna = wdev:get("antenna")
156 -- Check whether there are client interfaces on the same radio,
157 -- if yes, lock the channel choice as these stations will dicatate the freq
158 local found_sta = nil
160 if wnet:mode() ~= "sta" then
161 for _, net in ipairs(wdev:get_wifinets()) do
162 if net:mode() == "sta" and net:get("disabled") ~= "1" then
163 if not found_sta then
165 found_sta.channel = net:channel()
168 found_sta.names[#found_sta.names+1] = net:shortname()
174 ch = s:taboption("general", DummyValue, "choice", translate("Channel"))
175 ch.value = translatef("Locked to channel %s used by: %s",
176 found_sta.channel or "(auto)", table.concat(found_sta.names, ", "))
178 ch = s:taboption("general", Value, "_mode_freq", '<br />'..translate("Operating frequency"))
180 ch.hostapd_acs = (os.execute("hostapd -vacs >/dev/null 2>/dev/null") == 0)
181 ch.template = "cbi/wireless_modefreq"
183 function ch.cfgvalue(self, section)
185 m:get(section, "hwmode") or "",
186 m:get(section, "channel") or "auto",
187 m:get(section, "htmode") or ""
191 function ch.formvalue(self, section)
193 m:formvalue(self:cbid(section) .. ".band") or (hw_modes.g and "11g" or "11a"),
194 m:formvalue(self:cbid(section) .. ".channel") or "auto",
195 m:formvalue(self:cbid(section) .. ".htmode") or ""
199 function ch.write(self, section, value)
200 m:set(section, "hwmode", value[1])
201 m:set(section, "channel", value[2])
202 m:set(section, "htmode", value[3])
206 ------------------- MAC80211 Device ------------------
208 if hwtype == "mac80211" then
209 if #tx_power_list > 0 then
210 tp = s:taboption("general", ListValue,
211 "txpower", translate("Transmit Power"), "dBm")
213 tp.default = tx_power_cur
214 function tp.cfgvalue(...)
215 return txpower_current(Value.cfgvalue(...), tx_power_list)
218 tp:value("", translate("auto"))
219 for _, p in ipairs(tx_power_list) do
220 tp:value(p.driver_dbm, "%i dBm (%i mW)"
221 %{ p.display_dbm, p.display_mw })
225 local cl = iw and iw.countrylist
226 if cl and #cl > 0 then
227 cc = s:taboption("advanced", ListValue, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
228 cc.default = tostring(iw and iw.country or "00")
229 for _, c in ipairs(cl) do
230 cc:value(c.alpha2, "%s - %s" %{ c.alpha2, c.name })
233 s:taboption("advanced", Value, "country", translate("Country Code"), translate("Use ISO/IEC 3166 alpha2 country codes."))
236 legacyrates = s:taboption("advanced", Flag, "legacy_rates", translate("Allow legacy 802.11b rates"))
237 legacyrates.rmempty = false
238 legacyrates.default = "1"
240 s:taboption("advanced", Value, "distance", translate("Distance Optimization"),
241 translate("Distance to farthest network member in meters."))
243 -- external antenna profiles
244 local eal = iw and iw.extant
245 if eal and #eal > 0 then
246 ea = s:taboption("advanced", ListValue, "extant", translate("Antenna Configuration"))
247 for _, eap in ipairs(eal) do
248 ea:value(eap.id, "%s (%s)" %{ eap.name, eap.description })
255 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
256 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
258 s:taboption("advanced", Flag, "noscan", translate("Force 40MHz mode"),
259 translate("Always use 40MHz channels even if the secondary channel overlaps. Using this option does not comply with IEEE 802.11n-2009!")).optional = true
261 beacon_int = s:taboption("advanced", Value, "beacon_int", translate("Beacon Interval"))
262 beacon_int.optional = true
263 beacon_int.placeholder = 100
264 beacon_int.datatype = "range(15,65535)"
268 ------------------- Broadcom Device ------------------
270 if hwtype == "broadcom" then
271 tp = s:taboption("general",
272 (#tx_power_list > 0) and ListValue or Value,
273 "txpower", translate("Transmit Power"), "dBm")
276 tp.default = tx_power_cur
278 function tp.cfgvalue(...)
279 return txpower_current(Value.cfgvalue(...), tx_power_list)
282 tp:value("", translate("auto"))
283 for _, p in ipairs(tx_power_list) do
284 tp:value(p.driver_dbm, "%i dBm (%i mW)"
285 %{ p.display_dbm, p.display_mw })
288 mode = s:taboption("advanced", ListValue, "hwmode", translate("Band"))
290 mode:value("11b", "2.4GHz (802.11b)")
292 mode:value("11bg", "2.4GHz (802.11b+g)")
296 mode:value("11g", "2.4GHz (802.11g)")
297 mode:value("11gst", "2.4GHz (802.11g + Turbo)")
298 mode:value("11lrs", "2.4GHz (802.11g Limited Rate Support)")
300 if hw_modes.a then mode:value("11a", "5GHz (802.11a)") end
303 mode:value("11ng", "2.4GHz (802.11g+n)")
304 mode:value("11n", "2.4GHz (802.11n)")
307 mode:value("11na", "5GHz (802.11a+n)")
308 mode:value("11n", "5GHz (802.11n)")
310 htmode = s:taboption("advanced", ListValue, "htmode", translate("HT mode (802.11n)"))
311 htmode:depends("hwmode", "11ng")
312 htmode:depends("hwmode", "11na")
313 htmode:depends("hwmode", "11n")
314 htmode:value("HT20", "20MHz")
315 htmode:value("HT40", "40MHz")
318 ant1 = s:taboption("advanced", ListValue, "txantenna", translate("Transmitter Antenna"))
319 ant1.widget = "radio"
320 ant1:depends("diversity", "")
321 ant1:value("3", translate("auto"))
322 ant1:value("0", translate("Antenna 1"))
323 ant1:value("1", translate("Antenna 2"))
325 ant2 = s:taboption("advanced", ListValue, "rxantenna", translate("Receiver Antenna"))
326 ant2.widget = "radio"
327 ant2:depends("diversity", "")
328 ant2:value("3", translate("auto"))
329 ant2:value("0", translate("Antenna 1"))
330 ant2:value("1", translate("Antenna 2"))
332 s:taboption("advanced", Flag, "frameburst", translate("Frame Bursting"))
334 s:taboption("advanced", Value, "distance", translate("Distance Optimization"))
335 --s:option(Value, "slottime", translate("Slot time"))
337 s:taboption("advanced", Value, "country", translate("Country Code"))
338 s:taboption("advanced", Value, "maxassoc", translate("Connection Limit"))
342 --------------------- HostAP Device ---------------------
344 if hwtype == "prism2" then
345 s:taboption("advanced", Value, "txpower", translate("Transmit Power"), "att units").rmempty = true
347 s:taboption("advanced", Flag, "diversity", translate("Diversity")).rmempty = false
349 s:taboption("advanced", Value, "txantenna", translate("Transmitter Antenna"))
350 s:taboption("advanced", Value, "rxantenna", translate("Receiver Antenna"))
354 ----------------------- Interface -----------------------
356 s = m:section(NamedSection, wnet.sid, "wifi-iface", translate("Interface Configuration"))
359 s.defaults.device = wdev:name()
361 s:tab("general", translate("General Setup"))
362 s:tab("encryption", translate("Wireless Security"))
363 s:tab("macfilter", translate("MAC-Filter"))
364 s:tab("advanced", translate("Advanced Settings"))
366 mode = s:taboption("general", ListValue, "mode", translate("Mode"))
367 mode.override_values = true
368 mode:value("ap", translate("Access Point"))
369 mode:value("sta", translate("Client"))
370 mode:value("adhoc", translate("Ad-Hoc"))
372 meshid = s:taboption("general", Value, "mesh_id", translate("Mesh Id"))
373 meshid:depends({mode="mesh"})
375 meshfwd = s:taboption("advanced", Flag, "mesh_fwding", translate("Forward mesh peer traffic"))
376 meshfwd.rmempty = false
377 meshfwd.default = "1"
378 meshfwd:depends({mode="mesh"})
380 mesh_rssi_th = s:taboption("advanced", Value, "mesh_rssi_threshold",
381 translate("RSSI threshold for joining"),
382 translate("0 = not using RSSI threshold, 1 = do not change driver default"))
383 mesh_rssi_th.rmempty = false
384 mesh_rssi_th.default = "0"
385 mesh_rssi_th.datatype = "range(-255,1)"
386 mesh_rssi_th:depends({mode="mesh"})
388 ssid = s:taboption("general", Value, "ssid", translate("<abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
389 ssid.datatype = "maxlength(32)"
390 ssid:depends({mode="ap"})
391 ssid:depends({mode="sta"})
392 ssid:depends({mode="adhoc"})
393 ssid:depends({mode="ahdemo"})
394 ssid:depends({mode="monitor"})
395 ssid:depends({mode="ap-wds"})
396 ssid:depends({mode="sta-wds"})
397 ssid:depends({mode="wds"})
399 bssid = s:taboption("general", Value, "bssid", translate("<abbr title=\"Basic Service Set Identifier\">BSSID</abbr>"))
400 bssid.datatype = "macaddr"
402 network = s:taboption("general", Value, "network", translate("Network"),
403 translate("Choose the network(s) you want to attach to this wireless interface or " ..
404 "fill out the <em>create</em> field to define a new network."))
406 network.rmempty = true
407 network.template = "cbi/network_netlist"
408 network.widget = "checkbox"
409 network.novirtual = true
411 function network.write(self, section, value)
412 local i = nw:get_interface(section)
414 local _, net, old, new = nil, nil, {}, {}
416 for _, net in ipairs(i:get_networks()) do
417 old[net:name()] = true
420 for net in ut.imatch(value) do
423 local n = nw:get_network(net) or nw:add_network(net, { proto = "none" })
425 if not n:is_empty() then
426 n:set("type", "bridge")
433 for net, _ in pairs(old) do
435 local n = nw:get_network(net)
444 -------------------- MAC80211 Interface ----------------------
446 if hwtype == "mac80211" then
447 if fs.access("/usr/sbin/iw") then
448 mode:value("mesh", "802.11s")
451 mode:value("ahdemo", translate("Pseudo Ad-Hoc (ahdemo)"))
452 mode:value("monitor", translate("Monitor"))
453 bssid:depends({mode="adhoc"})
454 bssid:depends({mode="sta"})
455 bssid:depends({mode="sta-wds"})
457 mp = s:taboption("macfilter", ListValue, "macfilter", translate("MAC-Address Filter"))
458 mp:depends({mode="ap"})
459 mp:depends({mode="ap-wds"})
460 mp:value("", translate("disable"))
461 mp:value("allow", translate("Allow listed only"))
462 mp:value("deny", translate("Allow all except listed"))
464 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
465 ml.datatype = "macaddr"
466 ml:depends({macfilter="allow"})
467 ml:depends({macfilter="deny"})
468 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
470 mode:value("ap-wds", "%s (%s)" % {translate("Access Point"), translate("WDS")})
471 mode:value("sta-wds", "%s (%s)" % {translate("Client"), translate("WDS")})
473 function mode.write(self, section, value)
474 if value == "ap-wds" then
475 ListValue.write(self, section, "ap")
476 m.uci:set("wireless", section, "wds", 1)
477 elseif value == "sta-wds" then
478 ListValue.write(self, section, "sta")
479 m.uci:set("wireless", section, "wds", 1)
481 ListValue.write(self, section, value)
482 m.uci:delete("wireless", section, "wds")
486 function mode.cfgvalue(self, section)
487 local mode = ListValue.cfgvalue(self, section)
488 local wds = m.uci:get("wireless", section, "wds") == "1"
490 if mode == "ap" and wds then
492 elseif mode == "sta" and wds then
499 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
500 hidden:depends({mode="ap"})
501 hidden:depends({mode="ap-wds"})
503 wmm = s:taboption("general", Flag, "wmm", translate("WMM Mode"))
504 wmm:depends({mode="ap"})
505 wmm:depends({mode="ap-wds"})
506 wmm.default = wmm.enabled
508 isolate = s:taboption("advanced", Flag, "isolate", translate("Isolate Clients"),
509 translate("Prevents client-to-client communication"))
510 isolate:depends({mode="ap"})
511 isolate:depends({mode="ap-wds"})
513 ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
514 ifname.optional = true
516 short_preamble = s:taboption("advanced", Flag, "short_preamble", translate("Short Preamble"))
517 short_preamble.default = short_preamble.enabled
519 dtim_period = s:taboption("advanced", Value, "dtim_period", translate("DTIM Interval"), translate("Delivery Traffic Indication Message Interval"))
520 dtim_period.optional = true
521 dtim_period.placeholder = 2
522 dtim_period.datatype = "range(1,255)"
525 wparekey = s:taboption("advanced", Value, "wpa_group_rekey", translate("Time interval for rekeying GTK"), translate("sec"))
526 wparekey.optional = true
527 wparekey.placeholder = 600
528 wparekey.datatype = "uinteger"
530 inactivitypool = s:taboption("advanced", Flag , "skip_inactivity_poll", translate("Disable Inactivity Polling"))
531 inactivitypool.optional = true
532 inactivitypool.datatype = "uinteger"
534 maxinactivity = s:taboption("advanced", Value, "max_inactivity", translate("Station inactivity limit"), translate("sec"))
535 maxinactivity.optional = true
536 maxinactivity.placeholder = 300
537 maxinactivity.datatype = "uinteger"
539 listeninterval = s:taboption("advanced", Value, "max_listen_interval", translate("Maximum allowed Listen Interval"))
540 listeninterval.optional = true
541 listeninterval.placeholder = 65535
542 listeninterval.datatype = "uinteger"
544 disassoc_low_ack = s:taboption("advanced", Flag, "disassoc_low_ack", translate("Disassociate On Low Acknowledgement"),
545 translate("Allow AP mode to disconnect STAs based on low ACK condition"))
546 disassoc_low_ack.default = disassoc_low_ack.enabled
550 -------------------- Broadcom Interface ----------------------
552 if hwtype == "broadcom" then
553 mode:value("wds", translate("WDS"))
554 mode:value("monitor", translate("Monitor"))
556 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
557 hidden:depends({mode="ap"})
558 hidden:depends({mode="adhoc"})
559 hidden:depends({mode="wds"})
561 isolate = s:taboption("advanced", Flag, "isolate", translate("Separate Clients"),
562 translate("Prevents client-to-client communication"))
563 isolate:depends({mode="ap"})
565 s:taboption("advanced", Flag, "doth", "802.11h")
566 s:taboption("advanced", Flag, "wmm", translate("WMM Mode"))
568 bssid:depends({mode="wds"})
569 bssid:depends({mode="adhoc"})
573 ----------------------- HostAP Interface ---------------------
575 if hwtype == "prism2" then
576 mode:value("wds", translate("WDS"))
577 mode:value("monitor", translate("Monitor"))
579 hidden = s:taboption("general", Flag, "hidden", translate("Hide <abbr title=\"Extended Service Set Identifier\">ESSID</abbr>"))
580 hidden:depends({mode="ap"})
581 hidden:depends({mode="adhoc"})
582 hidden:depends({mode="wds"})
584 bssid:depends({mode="sta"})
586 mp = s:taboption("macfilter", ListValue, "macpolicy", translate("MAC-Address Filter"))
587 mp:value("", translate("disable"))
588 mp:value("allow", translate("Allow listed only"))
589 mp:value("deny", translate("Allow all except listed"))
590 ml = s:taboption("macfilter", DynamicList, "maclist", translate("MAC-List"))
591 ml:depends({macpolicy="allow"})
592 ml:depends({macpolicy="deny"})
593 nt.mac_hints(function(mac, name) ml:value(mac, "%s (%s)" %{ mac, name }) end)
595 s:taboption("advanced", Value, "rate", translate("Transmission Rate"))
596 s:taboption("advanced", Value, "frag", translate("Fragmentation Threshold"))
597 s:taboption("advanced", Value, "rts", translate("RTS/CTS Threshold"))
601 ------------------- WiFI-Encryption -------------------
603 encr = s:taboption("encryption", ListValue, "encryption", translate("Encryption"))
604 encr.override_values = true
605 encr.override_depends = true
606 encr:depends({mode="ap"})
607 encr:depends({mode="sta"})
608 encr:depends({mode="adhoc"})
609 encr:depends({mode="ahdemo"})
610 encr:depends({mode="ap-wds"})
611 encr:depends({mode="sta-wds"})
612 encr:depends({mode="mesh"})
614 cipher = s:taboption("encryption", ListValue, "cipher", translate("Cipher"))
615 cipher:depends({encryption="wpa"})
616 cipher:depends({encryption="wpa2"})
617 cipher:depends({encryption="psk"})
618 cipher:depends({encryption="psk2"})
619 cipher:depends({encryption="wpa-mixed"})
620 cipher:depends({encryption="psk-mixed"})
621 cipher:value("auto", translate("auto"))
622 cipher:value("ccmp", translate("Force CCMP (AES)"))
623 cipher:value("tkip", translate("Force TKIP"))
624 cipher:value("tkip+ccmp", translate("Force TKIP and CCMP (AES)"))
626 function encr.cfgvalue(self, section)
627 local v = tostring(ListValue.cfgvalue(self, section))
630 elseif v and v:match("%+") then
631 return (v:gsub("%+.+$", ""))
636 function encr.write(self, section, value)
637 local e = tostring(encr:formvalue(section))
638 local c = tostring(cipher:formvalue(section))
639 if value == "wpa" or value == "wpa2" then
640 self.map.uci:delete("wireless", section, "key")
642 if e and (c == "tkip" or c == "ccmp" or c == "tkip+ccmp") then
645 self.map:set(section, "encryption", e)
648 function cipher.cfgvalue(self, section)
649 local v = tostring(ListValue.cfgvalue(encr, section))
650 if v and v:match("%+") then
651 v = v:gsub("^[^%+]+%+", "")
652 if v == "aes" then v = "ccmp"
653 elseif v == "tkip+aes" then v = "tkip+ccmp"
654 elseif v == "aes+tkip" then v = "tkip+ccmp"
655 elseif v == "ccmp+tkip" then v = "tkip+ccmp"
661 function cipher.write(self, section)
662 return encr:write(section)
666 encr:value("none", "No Encryption")
667 encr:value("wep-open", translate("WEP Open System"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
668 encr:value("wep-shared", translate("WEP Shared Key"), {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="ahdemo"}, {mode="wds"})
670 if hwtype == "mac80211" or hwtype == "prism2" then
671 local supplicant = fs.access("/usr/sbin/wpa_supplicant")
672 local hostapd = fs.access("/usr/sbin/hostapd")
675 local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
676 local has_sta_eap = (os.execute("wpa_supplicant -veap >/dev/null 2>/dev/null") == 0)
679 local has_ap_sae = (os.execute("hostapd -vsae >/dev/null 2>/dev/null") == 0)
680 local has_sta_sae = (os.execute("wpa_supplicant -vsae >/dev/null 2>/dev/null") == 0)
683 local has_ap_owe = (os.execute("hostapd -vowe >/dev/null 2>/dev/null") == 0)
684 local has_sta_owe = (os.execute("wpa_supplicant -vowe >/dev/null 2>/dev/null") == 0)
686 if hostapd and supplicant then
687 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
688 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
689 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
690 if has_ap_sae and has_sta_sae then
691 encr:value("sae", "WPA3-SAE", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"}, {mode="mesh"})
692 encr:value("sae-mixed", "WPA2-PSK/WPA3-SAE Mixed Mode", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
694 if has_ap_eap and has_sta_eap then
695 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
696 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"})
698 if has_ap_owe and has_sta_owe then
699 encr:value("owe", "OWE", {mode="ap"}, {mode="sta"}, {mode="ap-wds"}, {mode="sta-wds"}, {mode="adhoc"})
701 elseif hostapd and not supplicant then
702 encr:value("psk", "WPA-PSK", {mode="ap"}, {mode="ap-wds"})
703 encr:value("psk2", "WPA2-PSK", {mode="ap"}, {mode="ap-wds"})
704 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="ap"}, {mode="ap-wds"})
706 encr:value("sae", "WPA3-SAE", {mode="ap"}, {mode="ap-wds"})
707 encr:value("sae-mixed", "WPA2-PSK/WPA3-SAE Mixed Mode", {mode="ap"}, {mode="ap-wds"})
710 encr:value("wpa", "WPA-EAP", {mode="ap"}, {mode="ap-wds"})
711 encr:value("wpa2", "WPA2-EAP", {mode="ap"}, {mode="ap-wds"})
714 encr:value("owe", "OWE", {mode="ap"}, {mode="ap-wds"})
716 encr.description = translate(
717 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
718 "and ad-hoc mode) to be installed."
720 elseif not hostapd and supplicant then
721 encr:value("psk", "WPA-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
722 encr:value("psk2", "WPA2-PSK", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
723 encr:value("psk-mixed", "WPA-PSK/WPA2-PSK Mixed Mode", {mode="sta"}, {mode="sta-wds"}, {mode="adhoc"})
725 encr:value("sae", "WPA3-SAE", {mode="sta"}, {mode="sta-wds"}, {mode="mesh"})
726 encr:value("sae-mixed", "WPA2-PSK/WPA3-SAE Mixed Mode", {mode="sta"}, {mode="sta-wds"})
729 encr:value("wpa", "WPA-EAP", {mode="sta"}, {mode="sta-wds"})
730 encr:value("wpa2", "WPA2-EAP", {mode="sta"}, {mode="sta-wds"})
733 encr:value("owe", "OWE", {mode="sta"}, {mode="sta-wds"})
735 encr.description = translate(
736 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
737 "and ad-hoc mode) to be installed."
740 encr.description = translate(
741 "WPA-Encryption requires wpa_supplicant (for client mode) or hostapd (for AP " ..
742 "and ad-hoc mode) to be installed."
745 elseif hwtype == "broadcom" then
746 encr:value("psk", "WPA-PSK")
747 encr:value("psk2", "WPA2-PSK")
748 encr:value("psk+psk2", "WPA-PSK/WPA2-PSK Mixed Mode")
751 auth_server = s:taboption("encryption", Value, "auth_server", translate("Radius-Authentication-Server"))
752 auth_server:depends({mode="ap", encryption="wpa"})
753 auth_server:depends({mode="ap", encryption="wpa2"})
754 auth_server:depends({mode="ap-wds", encryption="wpa"})
755 auth_server:depends({mode="ap-wds", encryption="wpa2"})
756 auth_server.rmempty = true
757 auth_server.datatype = "host(0)"
759 auth_port = s:taboption("encryption", Value, "auth_port", translate("Radius-Authentication-Port"), translatef("Default %d", 1812))
760 auth_port:depends({mode="ap", encryption="wpa"})
761 auth_port:depends({mode="ap", encryption="wpa2"})
762 auth_port:depends({mode="ap-wds", encryption="wpa"})
763 auth_port:depends({mode="ap-wds", encryption="wpa2"})
764 auth_port.rmempty = true
765 auth_port.datatype = "port"
767 auth_secret = s:taboption("encryption", Value, "auth_secret", translate("Radius-Authentication-Secret"))
768 auth_secret:depends({mode="ap", encryption="wpa"})
769 auth_secret:depends({mode="ap", encryption="wpa2"})
770 auth_secret:depends({mode="ap-wds", encryption="wpa"})
771 auth_secret:depends({mode="ap-wds", encryption="wpa2"})
772 auth_secret.rmempty = true
773 auth_secret.password = true
775 acct_server = s:taboption("encryption", Value, "acct_server", translate("Radius-Accounting-Server"))
776 acct_server:depends({mode="ap", encryption="wpa"})
777 acct_server:depends({mode="ap", encryption="wpa2"})
778 acct_server:depends({mode="ap-wds", encryption="wpa"})
779 acct_server:depends({mode="ap-wds", encryption="wpa2"})
780 acct_server.rmempty = true
781 acct_server.datatype = "host(0)"
783 acct_port = s:taboption("encryption", Value, "acct_port", translate("Radius-Accounting-Port"), translatef("Default %d", 1813))
784 acct_port:depends({mode="ap", encryption="wpa"})
785 acct_port:depends({mode="ap", encryption="wpa2"})
786 acct_port:depends({mode="ap-wds", encryption="wpa"})
787 acct_port:depends({mode="ap-wds", encryption="wpa2"})
788 acct_port.rmempty = true
789 acct_port.datatype = "port"
791 acct_secret = s:taboption("encryption", Value, "acct_secret", translate("Radius-Accounting-Secret"))
792 acct_secret:depends({mode="ap", encryption="wpa"})
793 acct_secret:depends({mode="ap", encryption="wpa2"})
794 acct_secret:depends({mode="ap-wds", encryption="wpa"})
795 acct_secret:depends({mode="ap-wds", encryption="wpa2"})
796 acct_secret.rmempty = true
797 acct_secret.password = true
799 dae_client = s:taboption("encryption", Value, "dae_client", translate("DAE-Client"))
800 dae_client:depends({mode="ap", encryption="wpa"})
801 dae_client:depends({mode="ap", encryption="wpa2"})
802 dae_client:depends({mode="ap-wds", encryption="wpa"})
803 dae_client:depends({mode="ap-wds", encryption="wpa2"})
804 dae_client.rmempty = true
805 dae_client.datatype = "host(0)"
807 dae_port = s:taboption("encryption", Value, "dae_port", translate("DAE-Port"), translatef("Default %d", 3799))
808 dae_port:depends({mode="ap", encryption="wpa"})
809 dae_port:depends({mode="ap", encryption="wpa2"})
810 dae_port:depends({mode="ap-wds", encryption="wpa"})
811 dae_port:depends({mode="ap-wds", encryption="wpa2"})
812 dae_port.rmempty = true
813 dae_port.datatype = "port"
815 dae_secret = s:taboption("encryption", Value, "dae_secret", translate("DAE-Secret"))
816 dae_secret:depends({mode="ap", encryption="wpa"})
817 dae_secret:depends({mode="ap", encryption="wpa2"})
818 dae_secret:depends({mode="ap-wds", encryption="wpa"})
819 dae_secret:depends({mode="ap-wds", encryption="wpa2"})
820 dae_secret.rmempty = true
821 dae_secret.password = true
823 wpakey = s:taboption("encryption", Value, "_wpa_key", translate("Key"))
824 wpakey:depends("encryption", "psk")
825 wpakey:depends("encryption", "psk2")
826 wpakey:depends("encryption", "psk+psk2")
827 wpakey:depends("encryption", "psk-mixed")
828 wpakey:depends("encryption", "sae")
829 wpakey:depends("encryption", "sae-mixed")
830 wpakey.datatype = "wpakey"
831 wpakey.rmempty = true
832 wpakey.password = true
834 wpakey.cfgvalue = function(self, section, value)
835 local key = m.uci:get("wireless", section, "key")
836 if key == "1" or key == "2" or key == "3" or key == "4" then
842 wpakey.write = function(self, section, value)
843 self.map.uci:set("wireless", section, "key", value)
844 self.map.uci:delete("wireless", section, "key1")
848 wepslot = s:taboption("encryption", ListValue, "_wep_key", translate("Used Key Slot"))
849 wepslot:depends("encryption", "wep-open")
850 wepslot:depends("encryption", "wep-shared")
851 wepslot:value("1", translatef("Key #%d", 1))
852 wepslot:value("2", translatef("Key #%d", 2))
853 wepslot:value("3", translatef("Key #%d", 3))
854 wepslot:value("4", translatef("Key #%d", 4))
856 wepslot.cfgvalue = function(self, section)
857 local slot = tonumber(m.uci:get("wireless", section, "key"))
858 if not slot or slot < 1 or slot > 4 then
864 wepslot.write = function(self, section, value)
865 self.map.uci:set("wireless", section, "key", value)
870 wepkey = s:taboption("encryption", Value, "key" .. slot, translatef("Key #%d", slot))
871 wepkey:depends("encryption", "wep-open")
872 wepkey:depends("encryption", "wep-shared")
873 wepkey.datatype = "wepkey"
874 wepkey.rmempty = true
875 wepkey.password = true
877 function wepkey.write(self, section, value)
878 if value and (#value == 5 or #value == 13) then
879 value = "s:" .. value
881 return Value.write(self, section, value)
885 if hwtype == "mac80211" or hwtype == "prism2" then
887 -- Probe 802.11r support (and EAP support as a proxy for Openwrt)
888 local has_80211r = (os.execute("hostapd -v11r 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
890 ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
891 translate("802.11r Fast Transition"),
892 translate("Enables fast roaming among access points that belong " ..
893 "to the same Mobility Domain"))
894 ieee80211r:depends({mode="ap", encryption="wpa"})
895 ieee80211r:depends({mode="ap", encryption="wpa2"})
896 ieee80211r:depends({mode="ap-wds", encryption="wpa"})
897 ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
899 ieee80211r:depends({mode="ap", encryption="psk"})
900 ieee80211r:depends({mode="ap", encryption="psk2"})
901 ieee80211r:depends({mode="ap", encryption="psk-mixed"})
902 ieee80211r:depends({mode="ap", encryption="sae"})
903 ieee80211r:depends({mode="ap", encryption="sae-mixed"})
904 ieee80211r:depends({mode="ap-wds", encryption="psk"})
905 ieee80211r:depends({mode="ap-wds", encryption="psk2"})
906 ieee80211r:depends({mode="ap-wds", encryption="psk-mixed"})
907 ieee80211r:depends({mode="ap-wds", encryption="sae"})
908 ieee80211r:depends({mode="ap-wds", encryption="sae-mixed"})
910 ieee80211r.rmempty = true
912 nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
913 translate("Used for two different purposes: RADIUS NAS ID and " ..
914 "802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
915 nasid:depends({mode="ap", encryption="wpa"})
916 nasid:depends({mode="ap", encryption="wpa2"})
917 nasid:depends({mode="ap-wds", encryption="wpa"})
918 nasid:depends({mode="ap-wds", encryption="wpa2"})
919 nasid:depends({ieee80211r="1"})
922 mobility_domain = s:taboption("encryption", Value, "mobility_domain",
923 translate("Mobility Domain"),
924 translate("4-character hexadecimal ID"))
925 mobility_domain:depends({ieee80211r="1"})
926 mobility_domain.placeholder = "4f57"
927 mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
928 mobility_domain.rmempty = true
930 reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
931 translate("Reassociation Deadline"),
932 translate("time units (TUs / 1.024 ms) [1000-65535]"))
933 reassociation_deadline:depends({ieee80211r="1"})
934 reassociation_deadline.placeholder = "1000"
935 reassociation_deadline.datatype = "range(1000,65535)"
936 reassociation_deadline.rmempty = true
938 ft_protocol = s:taboption("encryption", ListValue, "ft_over_ds", translate("FT protocol"))
939 ft_protocol:depends({ieee80211r="1"})
940 ft_protocol:value("1", translatef("FT over DS"))
941 ft_protocol:value("0", translatef("FT over the Air"))
942 ft_protocol.rmempty = true
944 ft_psk_generate_local = s:taboption("encryption", Flag, "ft_psk_generate_local",
945 translate("Generate PMK locally"),
946 translate("When using a PSK, the PMK can be automatically generated. When enabled, the R0/R1 key options below are not applied. Disable this to use the R0 and R1 key options."))
947 ft_psk_generate_local:depends({ieee80211r="1"})
948 ft_psk_generate_local.default = ft_psk_generate_local.enabled
949 ft_psk_generate_local.rmempty = false
951 r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
952 translate("R0 Key Lifetime"), translate("minutes"))
953 r0_key_lifetime:depends({ieee80211r="1"})
954 r0_key_lifetime.placeholder = "10000"
955 r0_key_lifetime.datatype = "uinteger"
956 r0_key_lifetime.rmempty = true
958 r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
959 translate("R1 Key Holder"),
960 translate("6-octet identifier as a hex string - no colons"))
961 r1_key_holder:depends({ieee80211r="1"})
962 r1_key_holder.placeholder = "00004f577274"
963 r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
964 r1_key_holder.rmempty = true
966 pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
967 pmk_r1_push:depends({ieee80211r="1"})
968 pmk_r1_push.placeholder = "0"
969 pmk_r1_push.rmempty = true
971 r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
972 translate("List of R0KHs in the same Mobility Domain. " ..
973 "<br />Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
974 "<br />This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
975 "MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
976 "used during the Initial Mobility Domain Association."))
977 r0kh:depends({ieee80211r="1"})
980 r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
981 translate ("List of R1KHs in the same Mobility Domain. "..
982 "<br />Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
983 "<br />This list is used to map R1KH-ID to a destination MAC address " ..
984 "when sending PMK-R1 key from the R0KH. This is also the " ..
985 "list of authorized R1KHs in the MD that can request PMK-R1 keys."))
986 r1kh:depends({ieee80211r="1"})
988 -- End of 802.11r options
990 eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
991 eaptype:value("tls", "TLS")
992 eaptype:value("ttls", "TTLS")
993 eaptype:value("peap", "PEAP")
994 eaptype:value("fast", "FAST")
995 eaptype:depends({mode="sta", encryption="wpa"})
996 eaptype:depends({mode="sta", encryption="wpa2"})
997 eaptype:depends({mode="sta-wds", encryption="wpa"})
998 eaptype:depends({mode="sta-wds", encryption="wpa2"})
1000 cacert = s:taboption("encryption", FileUpload, "ca_cert", translate("Path to CA-Certificate"))
1001 cacert:depends({mode="sta", encryption="wpa"})
1002 cacert:depends({mode="sta", encryption="wpa2"})
1003 cacert:depends({mode="sta-wds", encryption="wpa"})
1004 cacert:depends({mode="sta-wds", encryption="wpa2"})
1005 cacert.rmempty = true
1007 clientcert = s:taboption("encryption", FileUpload, "client_cert", translate("Path to Client-Certificate"))
1008 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa"})
1009 clientcert:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1010 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1011 clientcert:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1013 privkey = s:taboption("encryption", FileUpload, "priv_key", translate("Path to Private Key"))
1014 privkey:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1015 privkey:depends({mode="sta", eap_type="tls", encryption="wpa"})
1016 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1017 privkey:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1019 privkeypwd = s:taboption("encryption", Value, "priv_key_pwd", translate("Password of Private Key"))
1020 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1021 privkeypwd:depends({mode="sta", eap_type="tls", encryption="wpa"})
1022 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1023 privkeypwd:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1024 privkeypwd.rmempty = true
1025 privkeypwd.password = true
1027 auth = s:taboption("encryption", ListValue, "auth", translate("Authentication"))
1028 auth:value("PAP", "PAP", {eap_type="ttls"})
1029 auth:value("CHAP", "CHAP", {eap_type="ttls"})
1030 auth:value("MSCHAP", "MSCHAP", {eap_type="ttls"})
1031 auth:value("MSCHAPV2", "MSCHAPv2", {eap_type="ttls"})
1032 auth:value("EAP-GTC")
1033 auth:value("EAP-MD5")
1034 auth:value("EAP-MSCHAPV2")
1035 auth:value("EAP-TLS")
1036 auth:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1037 auth:depends({mode="sta", eap_type="fast", encryption="wpa"})
1038 auth:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1039 auth:depends({mode="sta", eap_type="peap", encryption="wpa"})
1040 auth:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1041 auth:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1042 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1043 auth:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1044 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1045 auth:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1046 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1047 auth:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1049 cacert2 = s:taboption("encryption", FileUpload, "ca_cert2", translate("Path to inner CA-Certificate"))
1050 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1051 cacert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1052 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1053 cacert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1055 clientcert2 = s:taboption("encryption", FileUpload, "client_cert2", translate("Path to inner Client-Certificate"))
1056 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1057 clientcert2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1058 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1059 clientcert2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1061 privkey2 = s:taboption("encryption", FileUpload, "priv_key2", translate("Path to inner Private Key"))
1062 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1063 privkey2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1064 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1065 privkey2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1067 privkeypwd2 = s:taboption("encryption", Value, "priv_key2_pwd", translate("Password of inner Private Key"))
1068 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa"})
1069 privkeypwd2:depends({mode="sta", auth="EAP-TLS", encryption="wpa2"})
1070 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa"})
1071 privkeypwd2:depends({mode="sta-wds", auth="EAP-TLS", encryption="wpa2"})
1072 privkeypwd2.rmempty = true
1073 privkeypwd2.password = true
1075 identity = s:taboption("encryption", Value, "identity", translate("Identity"))
1076 identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1077 identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1078 identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1079 identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1080 identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1081 identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1082 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1083 identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1084 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1085 identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1086 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1087 identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1088 identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1089 identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1090 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1091 identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1093 anonymous_identity = s:taboption("encryption", Value, "anonymous_identity", translate("Anonymous Identity"))
1094 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1095 anonymous_identity:depends({mode="sta", eap_type="fast", encryption="wpa"})
1096 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1097 anonymous_identity:depends({mode="sta", eap_type="peap", encryption="wpa"})
1098 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1099 anonymous_identity:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1100 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1101 anonymous_identity:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1102 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1103 anonymous_identity:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1104 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1105 anonymous_identity:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1106 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa2"})
1107 anonymous_identity:depends({mode="sta", eap_type="tls", encryption="wpa"})
1108 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa2"})
1109 anonymous_identity:depends({mode="sta-wds", eap_type="tls", encryption="wpa"})
1111 password = s:taboption("encryption", Value, "password", translate("Password"))
1112 password:depends({mode="sta", eap_type="fast", encryption="wpa2"})
1113 password:depends({mode="sta", eap_type="fast", encryption="wpa"})
1114 password:depends({mode="sta", eap_type="peap", encryption="wpa2"})
1115 password:depends({mode="sta", eap_type="peap", encryption="wpa"})
1116 password:depends({mode="sta", eap_type="ttls", encryption="wpa2"})
1117 password:depends({mode="sta", eap_type="ttls", encryption="wpa"})
1118 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa2"})
1119 password:depends({mode="sta-wds", eap_type="fast", encryption="wpa"})
1120 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa2"})
1121 password:depends({mode="sta-wds", eap_type="peap", encryption="wpa"})
1122 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa2"})
1123 password:depends({mode="sta-wds", eap_type="ttls", encryption="wpa"})
1124 password.rmempty = true
1125 password.password = true
1128 -- ieee802.11w options
1129 if hwtype == "mac80211" then
1130 local has_80211w = (os.execute("hostapd -v11w 2>/dev/null || hostapd -veap 2>/dev/null") == 0)
1132 ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
1133 translate("802.11w Management Frame Protection"),
1134 translate("Requires the 'full' version of wpad/hostapd " ..
1135 "and support from the wifi driver <br />(as of Jan 2019: " ..
1136 "ath9k, ath10k, mwlwifi and mt76)"))
1137 ieee80211w.default = ""
1138 ieee80211w.rmempty = true
1139 ieee80211w:value("", translate("Disabled (default)"))
1140 ieee80211w:value("1", translate("Optional"))
1141 ieee80211w:value("2", translate("Required"))
1142 ieee80211w:depends({mode="ap", encryption="wpa2"})
1143 ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
1144 ieee80211w:depends({mode="ap", encryption="psk2"})
1145 ieee80211w:depends({mode="ap", encryption="psk-mixed"})
1146 ieee80211w:depends({mode="ap", encryption="sae"})
1147 ieee80211w:depends({mode="ap", encryption="sae-mixed"})
1148 ieee80211w:depends({mode="ap", encryption="owe"})
1149 ieee80211w:depends({mode="ap-wds", encryption="psk2"})
1150 ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
1151 ieee80211w:depends({mode="ap-wds", encryption="sae"})
1152 ieee80211w:depends({mode="ap-wds", encryption="sae-mixed"})
1153 ieee80211w:depends({mode="ap-wds", encryption="owe"})
1154 ieee80211w:depends({mode="sta", encryption="wpa2"})
1155 ieee80211w:depends({mode="sta-wds", encryption="wpa2"})
1156 ieee80211w:depends({mode="sta", encryption="psk2"})
1157 ieee80211w:depends({mode="sta", encryption="psk-mixed"})
1158 ieee80211w:depends({mode="sta", encryption="sae"})
1159 ieee80211w:depends({mode="sta", encryption="sae-mixed"})
1160 ieee80211w:depends({mode="sta", encryption="owe"})
1161 ieee80211w:depends({mode="sta-wds", encryption="psk2"})
1162 ieee80211w:depends({mode="sta-wds", encryption="psk-mixed"})
1163 ieee80211w:depends({mode="sta-wds", encryption="sae"})
1164 ieee80211w:depends({mode="sta-wds", encryption="sae-mixed"})
1165 ieee80211w:depends({mode="sta-wds", encryption="owe"})
1167 max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
1168 translate("802.11w maximum timeout"),
1169 translate("802.11w Association SA Query maximum timeout"))
1170 max_timeout:depends({ieee80211w="1"})
1171 max_timeout:depends({ieee80211w="2"})
1172 max_timeout.datatype = "uinteger"
1173 max_timeout.placeholder = "1000"
1174 max_timeout.rmempty = true
1176 retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
1177 translate("802.11w retry timeout"),
1178 translate("802.11w Association SA Query retry timeout"))
1179 retry_timeout:depends({ieee80211w="1"})
1180 retry_timeout:depends({ieee80211w="2"})
1181 retry_timeout.datatype = "uinteger"
1182 retry_timeout.placeholder = "201"
1183 retry_timeout.rmempty = true
1186 key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
1187 translate("Enable key reinstallation (KRACK) countermeasures"),
1188 translate("Complicates key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
1190 key_retries:depends({mode="ap", encryption="wpa2"})
1191 key_retries:depends({mode="ap", encryption="psk2"})
1192 key_retries:depends({mode="ap", encryption="psk-mixed"})
1193 key_retries:depends({mode="ap", encryption="sae"})
1194 key_retries:depends({mode="ap", encryption="sae-mixed"})
1195 key_retries:depends({mode="ap-wds", encryption="wpa2"})
1196 key_retries:depends({mode="ap-wds", encryption="psk2"})
1197 key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
1198 key_retries:depends({mode="ap-wds", encryption="sae"})
1199 key_retries:depends({mode="ap-wds", encryption="sae-mixed"})
1202 if hwtype == "mac80211" or hwtype == "prism2" then
1203 local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
1204 local hostcli = fs.access("/usr/sbin/hostapd_cli")
1205 if hostcli and wpasupplicant then
1206 wps = s:taboption("encryption", Flag, "wps_pushbutton", translate("Enable WPS pushbutton, requires WPA(2)-PSK"))
1210 wps:depends("encryption", "psk")
1211 wps:depends("encryption", "psk2")
1212 wps:depends("encryption", "psk-mixed")