From d1d3b8612ebbcc04c994e9a664d40c8136f95cf5 Mon Sep 17 00:00:00 2001 From: Hannu Nyman Date: Fri, 10 Feb 2017 17:21:46 +0200 Subject: [PATCH] Backport: support for 802.11w Management Frame Protection Add support for IEEE802.11w Management Frame Protection options into the wireless config. Mention in the help text that the full version of wpad/hostapd is needed. Currently supported in LEDE by ath9k and ath10k, mwlwifi and mt76. Signed-off-by: Hannu Nyman (cherry picked from commit 4ddb6b28168e030263bc4ee7242880b8176637b7) (cherry picked from commit 4d31f7ca30efc7158f8184885df86b9325ecdcba) --- .../luasrc/model/cbi/admin_network/wifi.lua | 38 +++++++++++++++++++ 1 file changed, 38 insertions(+) diff --git a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua index 6927da470..d49786e54 100644 --- a/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua +++ b/modules/luci-mod-admin-full/luasrc/model/cbi/admin_network/wifi.lua @@ -1123,6 +1123,44 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then password.password = true end +-- ieee802.11w options +if hwtype == "mac80211" then + ieee80211w = s:taboption("encryption", ListValue, "ieee80211w", + translate("802.11w Management Frame Protection"), + translate("Requires the 'full' version of wpad/hostapd " .. + "and support from the wifi driver
(as of Feb 2017: " .. + "ath9k and ath10k, in LEDE also mwlwifi and mt76)")) + ieee80211w.default = "0" + ieee80211w.rmempty = true + ieee80211w:value("0", translate("Disabled (default)")) + ieee80211w:value("1", translate("Optional")) + ieee80211w:value("2", translate("Required")) + ieee80211w:depends({mode="ap", encryption="wpa2"}) + ieee80211w:depends({mode="ap-wds", encryption="wpa2"}) + ieee80211w:depends({mode="ap", encryption="psk2"}) + ieee80211w:depends({mode="ap", encryption="psk-mixed"}) + ieee80211w:depends({mode="ap-wds", encryption="psk2"}) + ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"}) + + max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout", + translate("802.11w maximum timeout"), + translate("802.11w Association SA Query maximum timeout")) + max_timeout:depends({ieee80211w="1"}) + max_timeout:depends({ieee80211w="2"}) + max_timeout.datatype = "uinteger" + max_timeout.placeholder = "1000" + max_timeout.rmempty = true + + retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout", + translate("802.11w retry timeout"), + translate("802.11w Association SA Query retry timeout")) + retry_timeout:depends({ieee80211w="1"}) + retry_timeout:depends({ieee80211w="2"}) + retry_timeout.datatype = "uinteger" + retry_timeout.placeholder = "201" + retry_timeout.rmempty = true +end + if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant") local hostcli = fs.access("/usr/sbin/hostapd_cli") -- 2.25.1