Merge pull request #998 from hnyman/backport-80211r-80211w
Backport 802.11r and 802.11w LuCI support to lede-17.01
This commit is contained in:
Hannu Nyman
GitHub
commit
3613236505
2 changed files with 124 additions and 1 deletions
|
|
@ -267,6 +267,13 @@ function wepkey(val)
|
|||
end
|
||||
end
|
||||
|
||||
function hexstring(val)
|
||||
if val then
|
||||
return (val:match("^[a-fA-F0-9]+$") ~= nil)
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
function string(val)
|
||||
return true -- Everything qualifies as valid string
|
||||
end
|
||||
|
|
|
|||
|
|
@ -900,13 +900,91 @@ end
|
|||
|
||||
|
||||
if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
|
||||
nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"))
|
||||
|
||||
-- Probe EAP support as a proxy for determining if 802.11r support is present
|
||||
local has_ap_eap = (os.execute("hostapd -veap >/dev/null 2>/dev/null") == 0)
|
||||
|
||||
ieee80211r = s:taboption("encryption", Flag, "ieee80211r",
|
||||
translate("802.11r Fast Transition"),
|
||||
translate("Enables fast roaming among access points that belong " ..
|
||||
"to the same Mobility Domain"))
|
||||
ieee80211r:depends({mode="ap", encryption="wpa"})
|
||||
ieee80211r:depends({mode="ap", encryption="wpa2"})
|
||||
ieee80211r:depends({mode="ap-wds", encryption="wpa"})
|
||||
ieee80211r:depends({mode="ap-wds", encryption="wpa2"})
|
||||
if has_ap_eap then
|
||||
ieee80211r:depends({mode="ap", encryption="psk"})
|
||||
ieee80211r:depends({mode="ap", encryption="psk2"})
|
||||
ieee80211r:depends({mode="ap", encryption="psk-mixed"})
|
||||
end
|
||||
ieee80211r.rmempty = true
|
||||
|
||||
nasid = s:taboption("encryption", Value, "nasid", translate("NAS ID"),
|
||||
translate("Used for two different purposes: RADIUS NAS ID and " ..
|
||||
"802.11r R0KH-ID. Not needed with normal WPA(2)-PSK."))
|
||||
nasid:depends({mode="ap", encryption="wpa"})
|
||||
nasid:depends({mode="ap", encryption="wpa2"})
|
||||
nasid:depends({mode="ap-wds", encryption="wpa"})
|
||||
nasid:depends({mode="ap-wds", encryption="wpa2"})
|
||||
nasid:depends({ieee80211r="1"})
|
||||
nasid.rmempty = true
|
||||
|
||||
mobility_domain = s:taboption("encryption", Value, "mobility_domain",
|
||||
translate("Mobility Domain"),
|
||||
translate("4-character hexadecimal ID"))
|
||||
mobility_domain:depends({ieee80211r="1"})
|
||||
mobility_domain.placeholder = "4f57"
|
||||
mobility_domain.datatype = "and(hexstring,rangelength(4,4))"
|
||||
mobility_domain.rmempty = true
|
||||
|
||||
r0_key_lifetime = s:taboption("encryption", Value, "r0_key_lifetime",
|
||||
translate("R0 Key Lifetime"), translate("minutes"))
|
||||
r0_key_lifetime:depends({ieee80211r="1"})
|
||||
r0_key_lifetime.placeholder = "10000"
|
||||
r0_key_lifetime.datatype = "uinteger"
|
||||
r0_key_lifetime.rmempty = true
|
||||
|
||||
r1_key_holder = s:taboption("encryption", Value, "r1_key_holder",
|
||||
translate("R1 Key Holder"),
|
||||
translate("6-octet identifier as a hex string - no colons"))
|
||||
r1_key_holder:depends({ieee80211r="1"})
|
||||
r1_key_holder.placeholder = "00004f577274"
|
||||
r1_key_holder.datatype = "and(hexstring,rangelength(12,12))"
|
||||
r1_key_holder.rmempty = true
|
||||
|
||||
reassociation_deadline = s:taboption("encryption", Value, "reassociation_deadline",
|
||||
translate("Reassociation Deadline"),
|
||||
translate("time units (TUs / 1.024 ms) [1000-65535]"))
|
||||
reassociation_deadline:depends({ieee80211r="1"})
|
||||
reassociation_deadline.placeholder = "1000"
|
||||
reassociation_deadline.datatype = "range(1000,65535)"
|
||||
reassociation_deadline.rmempty = true
|
||||
|
||||
pmk_r1_push = s:taboption("encryption", Flag, "pmk_r1_push", translate("PMK R1 Push"))
|
||||
pmk_r1_push:depends({ieee80211r="1"})
|
||||
pmk_r1_push.placeholder = "0"
|
||||
pmk_r1_push.rmempty = true
|
||||
|
||||
r0kh = s:taboption("encryption", DynamicList, "r0kh", translate("External R0 Key Holder List"),
|
||||
translate("List of R0KHs in the same Mobility Domain. " ..
|
||||
"<br>Format: MAC-address,NAS-Identifier,128-bit key as hex string. " ..
|
||||
"<br>This list is used to map R0KH-ID (NAS Identifier) to a destination " ..
|
||||
"MAC address when requesting PMK-R1 key from the R0KH that the STA " ..
|
||||
"used during the Initial Mobility Domain Association."))
|
||||
|
||||
r0kh:depends({ieee80211r="1"})
|
||||
r0kh.rmempty = true
|
||||
|
||||
r1kh = s:taboption("encryption", DynamicList, "r1kh", translate("External R1 Key Holder List"),
|
||||
translate ("List of R1KHs in the same Mobility Domain. "..
|
||||
"<br>Format: MAC-address,R1KH-ID as 6 octets with colons,128-bit key as hex string. "..
|
||||
"<br>This list is used to map R1KH-ID to a destination MAC address " ..
|
||||
"when sending PMK-R1 key from the R0KH. This is also the " ..
|
||||
"list of authorized R1KHs in the MD that can request PMK-R1 keys."))
|
||||
r1kh:depends({ieee80211r="1"})
|
||||
r1kh.rmempty = true
|
||||
-- End of 802.11r options
|
||||
|
||||
eaptype = s:taboption("encryption", ListValue, "eap_type", translate("EAP-Method"))
|
||||
eaptype:value("tls", "TLS")
|
||||
eaptype:value("ttls", "TTLS")
|
||||
|
|
@ -1045,6 +1123,44 @@ if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
|
|||
password.password = true
|
||||
end
|
||||
|
||||
-- ieee802.11w options
|
||||
if hwtype == "mac80211" then
|
||||
ieee80211w = s:taboption("encryption", ListValue, "ieee80211w",
|
||||
translate("802.11w Management Frame Protection"),
|
||||
translate("Requires the 'full' version of wpad/hostapd " ..
|
||||
"and support from the wifi driver <br>(as of Feb 2017: " ..
|
||||
"ath9k and ath10k, in LEDE also mwlwifi and mt76)"))
|
||||
ieee80211w.default = "0"
|
||||
ieee80211w.rmempty = true
|
||||
ieee80211w:value("0", translate("Disabled (default)"))
|
||||
ieee80211w:value("1", translate("Optional"))
|
||||
ieee80211w:value("2", translate("Required"))
|
||||
ieee80211w:depends({mode="ap", encryption="wpa2"})
|
||||
ieee80211w:depends({mode="ap-wds", encryption="wpa2"})
|
||||
ieee80211w:depends({mode="ap", encryption="psk2"})
|
||||
ieee80211w:depends({mode="ap", encryption="psk-mixed"})
|
||||
ieee80211w:depends({mode="ap-wds", encryption="psk2"})
|
||||
ieee80211w:depends({mode="ap-wds", encryption="psk-mixed"})
|
||||
|
||||
max_timeout = s:taboption("encryption", Value, "ieee80211w_max_timeout",
|
||||
translate("802.11w maximum timeout"),
|
||||
translate("802.11w Association SA Query maximum timeout"))
|
||||
max_timeout:depends({ieee80211w="1"})
|
||||
max_timeout:depends({ieee80211w="2"})
|
||||
max_timeout.datatype = "uinteger"
|
||||
max_timeout.placeholder = "1000"
|
||||
max_timeout.rmempty = true
|
||||
|
||||
retry_timeout = s:taboption("encryption", Value, "ieee80211w_retry_timeout",
|
||||
translate("802.11w retry timeout"),
|
||||
translate("802.11w Association SA Query retry timeout"))
|
||||
retry_timeout:depends({ieee80211w="1"})
|
||||
retry_timeout:depends({ieee80211w="2"})
|
||||
retry_timeout.datatype = "uinteger"
|
||||
retry_timeout.placeholder = "201"
|
||||
retry_timeout.rmempty = true
|
||||
end
|
||||
|
||||
if hwtype == "atheros" or hwtype == "mac80211" or hwtype == "prism2" then
|
||||
local wpasupplicant = fs.access("/usr/sbin/wpa_supplicant")
|
||||
local hostcli = fs.access("/usr/sbin/hostapd_cli")
|
||||
|
|
|
|||
Loading…
Reference in a new issue