Backport: support for 802.11w Management Frame Protection 998/head
authorHannu Nyman <hannu.nyman@iki.fi>
Fri, 10 Feb 2017 15:21:46 +0000 (17:21 +0200)
committerHannu Nyman <hannu.nyman@iki.fi>
Fri, 10 Feb 2017 15:21:47 +0000 (17:21 +0200)
Add support for IEEE802.11w Management Frame Protection options
into the wireless config.

Mention in the help text that the full version of wpad/hostapd is
needed.

Currently supported in LEDE by ath9k and ath10k, mwlwifi and mt76.

Signed-off-by: Hannu Nyman <hannu.nyman@iki.fi>
(cherry picked from commit 4ddb6b28168e030263bc4ee7242880b8176637b7)
(cherry picked from commit 4d31f7ca30efc7158f8184885df86b9325ecdcba)

modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua

index 6927da4706c1b7edb12c557202b1ba5d32e7c023..d49786e541f723215e4b7cf213d86a665192c99e 100644 (file)
@@ -1123,6 +1123,44 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
        password.password = true
 end
 
+-- ieee802.11w options
+if hwtype == "mac80211" then
+       ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
+               translate("802.11w Management Frame Protection"),
+               translate("Requires the 'full' version of wpad/hostapd " ..
+                       "and support from the wifi driver <br>(as of Feb 2017: " ..
+                       "ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
+       ieee80211w.default = "0"
+       ieee80211w.rmempty = true
+       ieee80211w:value("0", translate("Disabled (default)"))
+       ieee80211w:value("1", translate("Optional"))
+       ieee80211w:value("2", translate("Required"))
+       ieee80211w:depends({mode="ap", encryption="wpa2"})
+       ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
+       ieee80211w:depends({mode="ap", encryption="psk2"})
+       ieee80211w:depends({mode="ap", encryption="psk-mixed"})
+       ieee80211w:depends({mode="ap-wds", encryption="psk2"})
+       ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
+
+       max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
+                       translate("802.11w maximum timeout"),
+                       translate("802.11w Association SA Query maximum timeout"))
+       max_timeout:depends({ieee80211w="1"})
+       max_timeout:depends({ieee80211w="2"})
+       max_timeout.datatype = "uinteger"
+       max_timeout.placeholder = "1000"
+       max_timeout.rmempty = true
+
+       retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
+                       translate("802.11w retry timeout"),
+                       translate("802.11w Association SA Query retry timeout"))
+       retry_timeout:depends({ieee80211w="1"})
+       retry_timeout:depends({ieee80211w="2"})
+       retry_timeout.datatype = "uinteger"
+       retry_timeout.placeholder = "201"
+       retry_timeout.rmempty = true
+end
+
 if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
        local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
        local hostcli = fs.access("/usr/sbin/hostapd_cli")