From: Jo-Philipp Wich <jo@mein.io>
Date: Tue, 17 Oct 2017 20:54:18 +0000 (+0200)
Subject: luci-mod-admin-full: wifi: expose wpa_disable_eapol_key_retries option
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=13ce0a1e21f83c6612dcebfd8615f9af887c210f;p=oweals%2Fluci.git

luci-mod-admin-full: wifi: expose wpa_disable_eapol_key_retries option

Bacport of 48ed00e5b.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---

diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
index 222b36273..663d55580 100644
--- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
+++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua
@@ -518,7 +518,7 @@ if hwtype == "mac80211" then
 	wmm:depends({mode="ap"})
 	wmm:depends({mode="ap-wds"})
 	wmm.default = wmm.enabled
-	
+
 	ifname = s:taboption("advanced", Value, "ifname", translate("Interface name"), translate("Override default interface name"))
 	ifname.optional = true
 end
@@ -1161,6 +1161,17 @@ if hwtype == "mac80211" then
 	retry_timeout.datatype = "uinteger"
 	retry_timeout.placeholder = "201"
 	retry_timeout.rmempty = true
+
+	local key_retries = s:taboption("encryption", Flag, "wpa_disable_eapol_key_retries",
+		translate("Enable key reinstallation (KRACK) countermeasures"),
+		translate("Works around key reinstallation attacks on the client side by disabling retransmission of EAPOL-Key frames that are used to install keys. This workaround might cause interoperability issues and reduced robustness of key negotiation especially in environments with heavy traffic load."))
+
+	key_retries:depends({mode="ap", encryption="wpa2"})
+	key_retries:depends({mode="ap", encryption="psk2"})
+	key_retries:depends({mode="ap", encryption="psk-mixed"})
+	key_retries:depends({mode="ap-wds", encryption="wpa2"})
+	key_retries:depends({mode="ap-wds", encryption="psk2"})
+	key_retries:depends({mode="ap-wds", encryption="psk-mixed"})
    end
 end