luci-mod-admin-full: wifi: expose wpa_disable_eapol_key_retries option

Bacport of 48ed00e5b.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>

diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index 222b3627316fdd37b9cd8885d01e2a7103461895..663d55580083919885bd8fb95c5ba05cb5c93981 100644 (file)
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -518,7 +518,7 @@ if hwtype == "mac80211" then
        wmm:depends({mode="ap"})
        wmm:depends({mode="ap-wds"})
        wmm.default = wmm.enabled
-       
+
        ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
        ifname.optional = true
 end
@@ -1161,6 +1161,17 @@ if hwtype == "mac80211" then
        retry_timeout.datatype = "uinteger"
        retry_timeout.placeholder = "201"
        retry_timeout.rmempty = true
+
+       local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+               translate("Enable key reinstallation (KRACK) countermeasures"),
+               translate("Works around key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+       key_retries:depends({mode="ap", encryption="wpa2"})
+       key_retries:depends({mode="ap", encryption="psk2"})
+       key_retries:depends({mode="ap", encryption="psk-mixed"})
+       key_retries:depends({mode="ap-wds", encryption="wpa2"})
+       key_retries:depends({mode="ap-wds", encryption="psk2"})
+       key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
    end
 end