source: rtems-libbsd/freebsd/contrib/wpa/wpa_supplicant/config.h @ 9c9d11b

5-freebsd-12
Last change on this file since 9c9d11b was 9c9d11b, checked in by Sichen Zhao <1473996754@…>, on Aug 1, 2017 at 12:43:41 PM

Import wpa from FreeBSD

  • Property mode set to 100644
File size: 41.6 KB
RevLine 
[9c9d11b]1/*
2 * WPA Supplicant / Configuration file structures
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#ifndef CONFIG_H
10#define CONFIG_H
11
12#define DEFAULT_EAPOL_VERSION 1
13#ifdef CONFIG_NO_SCAN_PROCESSING
14#define DEFAULT_AP_SCAN 2
15#else /* CONFIG_NO_SCAN_PROCESSING */
16#define DEFAULT_AP_SCAN 1
17#endif /* CONFIG_NO_SCAN_PROCESSING */
18#define DEFAULT_USER_MPM 1
19#define DEFAULT_MAX_PEER_LINKS 99
20#define DEFAULT_MESH_MAX_INACTIVITY 300
21/*
22 * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard,
23 * but use 1000 ms in practice to avoid issues on low power CPUs.
24 */
25#define DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD 1000
26#define DEFAULT_FAST_REAUTH 1
27#define DEFAULT_P2P_GO_INTENT 7
28#define DEFAULT_P2P_INTRA_BSS 1
29#define DEFAULT_P2P_GO_MAX_INACTIVITY (5 * 60)
30#define DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN 0
31#define DEFAULT_BSS_MAX_COUNT 200
32#define DEFAULT_BSS_EXPIRATION_AGE 180
33#define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2
34#define DEFAULT_MAX_NUM_STA 128
35#define DEFAULT_ACCESS_NETWORK_TYPE 15
36#define DEFAULT_SCAN_CUR_FREQ 0
37#define DEFAULT_P2P_SEARCH_DELAY 500
38#define DEFAULT_RAND_ADDR_LIFETIME 60
39#define DEFAULT_KEY_MGMT_OFFLOAD 1
40#define DEFAULT_CERT_IN_CB 1
41#define DEFAULT_P2P_GO_CTWINDOW 0
42
43#include "config_ssid.h"
44#include "wps/wps.h"
45#include "common/ieee802_11_defs.h"
46#include "common/ieee802_11_common.h"
47
48
49struct wpa_cred {
50        /**
51         * next - Next credential in the list
52         *
53         * This pointer can be used to iterate over all credentials. The head
54         * of this list is stored in the cred field of struct wpa_config.
55         */
56        struct wpa_cred *next;
57
58        /**
59         * id - Unique id for the credential
60         *
61         * This identifier is used as a unique identifier for each credential
62         * block when using the control interface. Each credential is allocated
63         * an id when it is being created, either when reading the
64         * configuration file or when a new credential is added through the
65         * control interface.
66         */
67        int id;
68
69        /**
70         * temporary - Whether this credential is temporary and not to be saved
71         */
72        int temporary;
73
74        /**
75         * priority - Priority group
76         *
77         * By default, all networks and credentials get the same priority group
78         * (0). This field can be used to give higher priority for credentials
79         * (and similarly in struct wpa_ssid for network blocks) to change the
80         * Interworking automatic networking selection behavior. The matching
81         * network (based on either an enabled network block or a credential)
82         * with the highest priority value will be selected.
83         */
84        int priority;
85
86        /**
87         * pcsc - Use PC/SC and SIM/USIM card
88         */
89        int pcsc;
90
91        /**
92         * realm - Home Realm for Interworking
93         */
94        char *realm;
95
96        /**
97         * username - Username for Interworking network selection
98         */
99        char *username;
100
101        /**
102         * password - Password for Interworking network selection
103         */
104        char *password;
105
106        /**
107         * ext_password - Whether password is a name for external storage
108         */
109        int ext_password;
110
111        /**
112         * ca_cert - CA certificate for Interworking network selection
113         */
114        char *ca_cert;
115
116        /**
117         * client_cert - File path to client certificate file (PEM/DER)
118         *
119         * This field is used with Interworking networking selection for a case
120         * where client certificate/private key is used for authentication
121         * (EAP-TLS). Full path to the file should be used since working
122         * directory may change when wpa_supplicant is run in the background.
123         *
124         * Alternatively, a named configuration blob can be used by setting
125         * this to blob://blob_name.
126         */
127        char *client_cert;
128
129        /**
130         * private_key - File path to client private key file (PEM/DER/PFX)
131         *
132         * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be
133         * commented out. Both the private key and certificate will be read
134         * from the PKCS#12 file in this case. Full path to the file should be
135         * used since working directory may change when wpa_supplicant is run
136         * in the background.
137         *
138         * Windows certificate store can be used by leaving client_cert out and
139         * configuring private_key in one of the following formats:
140         *
141         * cert://substring_to_match
142         *
143         * hash://certificate_thumbprint_in_hex
144         *
145         * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"
146         *
147         * Note that when running wpa_supplicant as an application, the user
148         * certificate store (My user account) is used, whereas computer store
149         * (Computer account) is used when running wpasvc as a service.
150         *
151         * Alternatively, a named configuration blob can be used by setting
152         * this to blob://blob_name.
153         */
154        char *private_key;
155
156        /**
157         * private_key_passwd - Password for private key file
158         */
159        char *private_key_passwd;
160
161        /**
162         * imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format
163         */
164        char *imsi;
165
166        /**
167         * milenage - Milenage parameters for SIM/USIM simulator in
168         *      <Ki>:<OPc>:<SQN> format
169         */
170        char *milenage;
171
172        /**
173         * domain_suffix_match - Constraint for server domain name
174         *
175         * If set, this FQDN is used as a suffix match requirement for the AAA
176         * server certificate in SubjectAltName dNSName element(s). If a
177         * matching dNSName is found, this constraint is met. If no dNSName
178         * values are present, this constraint is matched against SubjectName CN
179         * using same suffix match comparison. Suffix match here means that the
180         * host/domain name is compared one label at a time starting from the
181         * top-level domain and all the labels in @domain_suffix_match shall be
182         * included in the certificate. The certificate may include additional
183         * sub-level labels in addition to the required labels.
184         *
185         * For example, domain_suffix_match=example.com would match
186         * test.example.com but would not match test-example.com.
187         */
188        char *domain_suffix_match;
189
190        /**
191         * domain - Home service provider FQDN(s)
192         *
193         * This is used to compare against the Domain Name List to figure out
194         * whether the AP is operated by the Home SP. Multiple domain entries
195         * can be used to configure alternative FQDNs that will be considered
196         * home networks.
197         */
198        char **domain;
199
200        /**
201         * num_domain - Number of FQDNs in the domain array
202         */
203        size_t num_domain;
204
205        /**
206         * roaming_consortium - Roaming Consortium OI
207         *
208         * If roaming_consortium_len is non-zero, this field contains the
209         * Roaming Consortium OI that can be used to determine which access
210         * points support authentication with this credential. This is an
211         * alternative to the use of the realm parameter. When using Roaming
212         * Consortium to match the network, the EAP parameters need to be
213         * pre-configured with the credential since the NAI Realm information
214         * may not be available or fetched.
215         */
216        u8 roaming_consortium[15];
217
218        /**
219         * roaming_consortium_len - Length of roaming_consortium
220         */
221        size_t roaming_consortium_len;
222
223        u8 required_roaming_consortium[15];
224        size_t required_roaming_consortium_len;
225
226        /**
227         * eap_method - EAP method to use
228         *
229         * Pre-configured EAP method to use with this credential or %NULL to
230         * indicate no EAP method is selected, i.e., the method will be
231         * selected automatically based on ANQP information.
232         */
233        struct eap_method_type *eap_method;
234
235        /**
236         * phase1 - Phase 1 (outer authentication) parameters
237         *
238         * Pre-configured EAP parameters or %NULL.
239         */
240        char *phase1;
241
242        /**
243         * phase2 - Phase 2 (inner authentication) parameters
244         *
245         * Pre-configured EAP parameters or %NULL.
246         */
247        char *phase2;
248
249        struct excluded_ssid {
250                u8 ssid[SSID_MAX_LEN];
251                size_t ssid_len;
252        } *excluded_ssid;
253        size_t num_excluded_ssid;
254
255        struct roaming_partner {
256                char fqdn[128];
257                int exact_match;
258                u8 priority;
259                char country[3];
260        } *roaming_partner;
261        size_t num_roaming_partner;
262
263        int update_identifier;
264
265        /**
266         * provisioning_sp - FQDN of the SP that provisioned the credential
267         */
268        char *provisioning_sp;
269
270        /**
271         * sp_priority - Credential priority within a provisioning SP
272         *
273         * This is the priority of the credential among all credentials
274         * provisionined by the same SP (i.e., for entries that have identical
275         * provisioning_sp value). The range of this priority is 0-255 with 0
276         * being the highest and 255 the lower priority.
277         */
278        int sp_priority;
279
280        unsigned int min_dl_bandwidth_home;
281        unsigned int min_ul_bandwidth_home;
282        unsigned int min_dl_bandwidth_roaming;
283        unsigned int min_ul_bandwidth_roaming;
284
285        /**
286         * max_bss_load - Maximum BSS Load Channel Utilization (1..255)
287         * This value is used as the maximum channel utilization for network
288         * selection purposes for home networks. If the AP does not advertise
289         * BSS Load or if the limit would prevent any connection, this
290         * constraint will be ignored.
291         */
292        unsigned int max_bss_load;
293
294        unsigned int num_req_conn_capab;
295        u8 *req_conn_capab_proto;
296        int **req_conn_capab_port;
297
298        /**
299         * ocsp - Whether to use/require OCSP to check server certificate
300         *
301         * 0 = do not use OCSP stapling (TLS certificate status extension)
302         * 1 = try to use OCSP stapling, but not require response
303         * 2 = require valid OCSP stapling response
304         */
305        int ocsp;
306
307        /**
308         * sim_num - User selected SIM identifier
309         *
310         * This variable is used for identifying which SIM is used if the system
311         * has more than one.
312         */
313        int sim_num;
314};
315
316
317#define CFG_CHANGED_DEVICE_NAME BIT(0)
318#define CFG_CHANGED_CONFIG_METHODS BIT(1)
319#define CFG_CHANGED_DEVICE_TYPE BIT(2)
320#define CFG_CHANGED_OS_VERSION BIT(3)
321#define CFG_CHANGED_UUID BIT(4)
322#define CFG_CHANGED_COUNTRY BIT(5)
323#define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6)
324#define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7)
325#define CFG_CHANGED_WPS_STRING BIT(8)
326#define CFG_CHANGED_P2P_INTRA_BSS BIT(9)
327#define CFG_CHANGED_VENDOR_EXTENSION BIT(10)
328#define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11)
329#define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12)
330#define CFG_CHANGED_P2P_PREF_CHAN BIT(13)
331#define CFG_CHANGED_EXT_PW_BACKEND BIT(14)
332#define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15)
333#define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16)
334
335/**
336 * struct wpa_config - wpa_supplicant configuration data
337 *
338 * This data structure is presents the per-interface (radio) configuration
339 * data. In many cases, there is only one struct wpa_config instance, but if
340 * more than one network interface is being controlled, one instance is used
341 * for each.
342 */
343struct wpa_config {
344        /**
345         * ssid - Head of the global network list
346         *
347         * This is the head for the list of all the configured networks.
348         */
349        struct wpa_ssid *ssid;
350
351        /**
352         * pssid - Per-priority network lists (in priority order)
353         */
354        struct wpa_ssid **pssid;
355
356        /**
357         * num_prio - Number of different priorities used in the pssid lists
358         *
359         * This indicates how many per-priority network lists are included in
360         * pssid.
361         */
362        int num_prio;
363
364        /**
365         * cred - Head of the credential list
366         *
367         * This is the head for the list of all the configured credentials.
368         */
369        struct wpa_cred *cred;
370
371        /**
372         * eapol_version - IEEE 802.1X/EAPOL version number
373         *
374         * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which
375         * defines EAPOL version 2. However, there are many APs that do not
376         * handle the new version number correctly (they seem to drop the
377         * frames completely). In order to make wpa_supplicant interoperate
378         * with these APs, the version number is set to 1 by default. This
379         * configuration value can be used to set it to the new version (2).
380         */
381        int eapol_version;
382
383        /**
384         * ap_scan - AP scanning/selection
385         *
386         * By default, wpa_supplicant requests driver to perform AP
387         * scanning and then uses the scan results to select a
388         * suitable AP. Another alternative is to allow the driver to
389         * take care of AP scanning and selection and use
390         * wpa_supplicant just to process EAPOL frames based on IEEE
391         * 802.11 association information from the driver.
392         *
393         * 1: wpa_supplicant initiates scanning and AP selection (default).
394         *
395         * 0: Driver takes care of scanning, AP selection, and IEEE 802.11
396         * association parameters (e.g., WPA IE generation); this mode can
397         * also be used with non-WPA drivers when using IEEE 802.1X mode;
398         * do not try to associate with APs (i.e., external program needs
399         * to control association). This mode must also be used when using
400         * wired Ethernet drivers.
401         *
402         * 2: like 0, but associate with APs using security policy and SSID
403         * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS
404         * drivers to enable operation with hidden SSIDs and optimized roaming;
405         * in this mode, the network blocks in the configuration are tried
406         * one by one until the driver reports successful association; each
407         * network block should have explicit security policy (i.e., only one
408         * option in the lists) for key_mgmt, pairwise, group, proto variables.
409         *
410         * Note: ap_scan=2 should not be used with the nl80211 driver interface
411         * (the current Linux interface). ap_scan=1 is optimized work working
412         * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in
413         * the network block can be used with nl80211.
414         */
415        int ap_scan;
416
417        /**
418         * bgscan - Background scan and roaming parameters or %NULL if none
419         *
420         * This is an optional set of parameters for background scanning and
421         * roaming within a network (ESS). For more detailed information see
422         * ssid block documentation.
423         *
424         * The variable defines default bgscan behavior for all BSS station
425         * networks except for those which have their own bgscan configuration.
426         */
427         char *bgscan;
428
429        /**
430         * disable_scan_offload - Disable automatic offloading of scan requests
431         *
432         * By default, %wpa_supplicant tries to offload scanning if the driver
433         * indicates support for this (sched_scan). This configuration
434         * parameter can be used to disable this offloading mechanism.
435         */
436        int disable_scan_offload;
437
438        /**
439         * ctrl_interface - Parameters for the control interface
440         *
441         * If this is specified, %wpa_supplicant will open a control interface
442         * that is available for external programs to manage %wpa_supplicant.
443         * The meaning of this string depends on which control interface
444         * mechanism is used. For all cases, the existence of this parameter
445         * in configuration is used to determine whether the control interface
446         * is enabled.
447         *
448         * For UNIX domain sockets (default on Linux and BSD): This is a
449         * directory that will be created for UNIX domain sockets for listening
450         * to requests from external programs (CLI/GUI, etc.) for status
451         * information and configuration. The socket file will be named based
452         * on the interface name, so multiple %wpa_supplicant processes can be
453         * run at the same time if more than one interface is used.
454         * /var/run/wpa_supplicant is the recommended directory for sockets and
455         * by default, wpa_cli will use it when trying to connect with
456         * %wpa_supplicant.
457         *
458         * Access control for the control interface can be configured
459         * by setting the directory to allow only members of a group
460         * to use sockets. This way, it is possible to run
461         * %wpa_supplicant as root (since it needs to change network
462         * configuration and open raw sockets) and still allow GUI/CLI
463         * components to be run as non-root users. However, since the
464         * control interface can be used to change the network
465         * configuration, this access needs to be protected in many
466         * cases. By default, %wpa_supplicant is configured to use gid
467         * 0 (root). If you want to allow non-root users to use the
468         * control interface, add a new group and change this value to
469         * match with that group. Add users that should have control
470         * interface access to this group.
471         *
472         * When configuring both the directory and group, use following format:
473         * DIR=/var/run/wpa_supplicant GROUP=wheel
474         * DIR=/var/run/wpa_supplicant GROUP=0
475         * (group can be either group name or gid)
476         *
477         * For UDP connections (default on Windows): The value will be ignored.
478         * This variable is just used to select that the control interface is
479         * to be created. The value can be set to, e.g., udp
480         * (ctrl_interface=udp).
481         *
482         * For Windows Named Pipe: This value can be used to set the security
483         * descriptor for controlling access to the control interface. Security
484         * descriptor can be set using Security Descriptor String Format (see
485         * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp).
486         * The descriptor string needs to be prefixed with SDDL=. For example,
487         * ctrl_interface=SDDL=D: would set an empty DACL (which will reject
488         * all connections).
489         */
490        char *ctrl_interface;
491
492        /**
493         * ctrl_interface_group - Control interface group (DEPRECATED)
494         *
495         * This variable is only used for backwards compatibility. Group for
496         * UNIX domain sockets should now be specified using GROUP=group in
497         * ctrl_interface variable.
498         */
499        char *ctrl_interface_group;
500
501        /**
502         * fast_reauth - EAP fast re-authentication (session resumption)
503         *
504         * By default, fast re-authentication is enabled for all EAP methods
505         * that support it. This variable can be used to disable fast
506         * re-authentication (by setting fast_reauth=0). Normally, there is no
507         * need to disable fast re-authentication.
508         */
509        int fast_reauth;
510
511        /**
512         * opensc_engine_path - Path to the OpenSSL engine for opensc
513         *
514         * This is an OpenSSL specific configuration option for loading OpenSC
515         * engine (engine_opensc.so); if %NULL, this engine is not loaded.
516         */
517        char *opensc_engine_path;
518
519        /**
520         * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11
521         *
522         * This is an OpenSSL specific configuration option for loading PKCS#11
523         * engine (engine_pkcs11.so); if %NULL, this engine is not loaded.
524         */
525        char *pkcs11_engine_path;
526
527        /**
528         * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module
529         *
530         * This is an OpenSSL specific configuration option for configuring
531         * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this
532         * module is not loaded.
533         */
534        char *pkcs11_module_path;
535
536        /**
537         * openssl_ciphers - OpenSSL cipher string
538         *
539         * This is an OpenSSL specific configuration option for configuring the
540         * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the
541         * default.
542         */
543        char *openssl_ciphers;
544
545        /**
546         * pcsc_reader - PC/SC reader name prefix
547         *
548         * If not %NULL, PC/SC reader with a name that matches this prefix is
549         * initialized for SIM/USIM access. Empty string can be used to match
550         * the first available reader.
551         */
552        char *pcsc_reader;
553
554        /**
555         * pcsc_pin - PIN for USIM, GSM SIM, and smartcards
556         *
557         * This field is used to configure PIN for SIM/USIM for EAP-SIM and
558         * EAP-AKA. If left out, this will be asked through control interface.
559         */
560        char *pcsc_pin;
561
562        /**
563         * external_sim - Use external processing for SIM/USIM operations
564         */
565        int external_sim;
566
567        /**
568         * driver_param - Driver interface parameters
569         *
570         * This text string is passed to the selected driver interface with the
571         * optional struct wpa_driver_ops::set_param() handler. This can be
572         * used to configure driver specific options without having to add new
573         * driver interface functionality.
574         */
575        char *driver_param;
576
577        /**
578         * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK
579         *
580         * dot11 MIB variable for the maximum lifetime of a PMK in the PMK
581         * cache (unit: seconds).
582         */
583        unsigned int dot11RSNAConfigPMKLifetime;
584
585        /**
586         * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold
587         *
588         * dot11 MIB variable for the percentage of the PMK lifetime
589         * that should expire before an IEEE 802.1X reauthentication occurs.
590         */
591        unsigned int dot11RSNAConfigPMKReauthThreshold;
592
593        /**
594         * dot11RSNAConfigSATimeout - Security association timeout
595         *
596         * dot11 MIB variable for the maximum time a security association
597         * shall take to set up (unit: seconds).
598         */
599        unsigned int dot11RSNAConfigSATimeout;
600
601        /**
602         * update_config - Is wpa_supplicant allowed to update configuration
603         *
604         * This variable control whether wpa_supplicant is allow to re-write
605         * its configuration with wpa_config_write(). If this is zero,
606         * configuration data is only changed in memory and the external data
607         * is not overriden. If this is non-zero, wpa_supplicant will update
608         * the configuration data (e.g., a file) whenever configuration is
609         * changed. This update may replace the old configuration which can
610         * remove comments from it in case of a text file configuration.
611         */
612        int update_config;
613
614        /**
615         * blobs - Configuration blobs
616         */
617        struct wpa_config_blob *blobs;
618
619        /**
620         * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS
621         */
622        u8 uuid[16];
623
624        /**
625         * device_name - Device Name (WPS)
626         * User-friendly description of device; up to 32 octets encoded in
627         * UTF-8
628         */
629        char *device_name;
630
631        /**
632         * manufacturer - Manufacturer (WPS)
633         * The manufacturer of the device (up to 64 ASCII characters)
634         */
635        char *manufacturer;
636
637        /**
638         * model_name - Model Name (WPS)
639         * Model of the device (up to 32 ASCII characters)
640         */
641        char *model_name;
642
643        /**
644         * model_number - Model Number (WPS)
645         * Additional device description (up to 32 ASCII characters)
646         */
647        char *model_number;
648
649        /**
650         * serial_number - Serial Number (WPS)
651         * Serial number of the device (up to 32 characters)
652         */
653        char *serial_number;
654
655        /**
656         * device_type - Primary Device Type (WPS)
657         */
658        u8 device_type[WPS_DEV_TYPE_LEN];
659
660        /**
661         * config_methods - Config Methods
662         *
663         * This is a space-separated list of supported WPS configuration
664         * methods. For example, "label virtual_display virtual_push_button
665         * keypad".
666         * Available methods: usba ethernet label display ext_nfc_token
667         * int_nfc_token nfc_interface push_button keypad
668         * virtual_display physical_display
669         * virtual_push_button physical_push_button.
670         */
671        char *config_methods;
672
673        /**
674         * os_version - OS Version (WPS)
675         * 4-octet operating system version number
676         */
677        u8 os_version[4];
678
679        /**
680         * country - Country code
681         *
682         * This is the ISO/IEC alpha2 country code for which we are operating
683         * in
684         */
685        char country[2];
686
687        /**
688         * wps_cred_processing - Credential processing
689         *
690         *   0 = process received credentials internally
691         *   1 = do not process received credentials; just pass them over
692         *      ctrl_iface to external program(s)
693         *   2 = process received credentials internally and pass them over
694         *      ctrl_iface to external program(s)
695         */
696        int wps_cred_processing;
697
698#define MAX_SEC_DEVICE_TYPES 5
699        /**
700         * sec_device_types - Secondary Device Types (P2P)
701         */
702        u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN];
703        int num_sec_device_types;
704
705        int p2p_listen_reg_class;
706        int p2p_listen_channel;
707        int p2p_oper_reg_class;
708        int p2p_oper_channel;
709        int p2p_go_intent;
710        char *p2p_ssid_postfix;
711        int persistent_reconnect;
712        int p2p_intra_bss;
713        unsigned int num_p2p_pref_chan;
714        struct p2p_channel *p2p_pref_chan;
715        struct wpa_freq_range_list p2p_no_go_freq;
716        int p2p_add_cli_chan;
717        int p2p_ignore_shared_freq;
718        int p2p_optimize_listen_chan;
719
720        struct wpabuf *wps_vendor_ext_m1;
721
722#define MAX_WPS_VENDOR_EXT 10
723        /**
724         * wps_vendor_ext - Vendor extension attributes in WPS
725         */
726        struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT];
727
728        /**
729         * p2p_group_idle - Maximum idle time in seconds for P2P group
730         *
731         * This value controls how long a P2P group is maintained after there
732         * is no other members in the group. As a GO, this means no associated
733         * stations in the group. As a P2P client, this means no GO seen in
734         * scan results. The maximum idle time is specified in seconds with 0
735         * indicating no time limit, i.e., the P2P group remains in active
736         * state indefinitely until explicitly removed. As a P2P client, the
737         * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e.,
738         * this parameter is mainly meant for GO use and for P2P client, it can
739         * only be used to reduce the default timeout to smaller value. A
740         * special value -1 can be used to configure immediate removal of the
741         * group for P2P client role on any disconnection after the data
742         * connection has been established.
743         */
744        int p2p_group_idle;
745
746        /**
747         * p2p_go_freq_change_policy - The GO frequency change policy
748         *
749         * This controls the behavior of the GO when there is a change in the
750         * map of the currently used frequencies in case more than one channel
751         * is supported.
752         *
753         * @P2P_GO_FREQ_MOVE_SCM: Prefer working in a single channel mode if
754         * possible. In case the GO is the only interface using its frequency
755         * and there are other station interfaces on other frequencies, the GO
756         * will migrate to one of these frequencies.
757         *
758         * @P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS: Same as P2P_GO_FREQ_MOVE_SCM,
759         * but a transition is possible only in case one of the other used
760         * frequencies is one of the frequencies in the intersection of the
761         * frequency list of the local device and the peer device.
762         *
763         * @P2P_GO_FREQ_MOVE_STAY: Prefer to stay on the current frequency.
764         */
765        enum {
766                P2P_GO_FREQ_MOVE_SCM = 0,
767                P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS = 1,
768                P2P_GO_FREQ_MOVE_STAY = 2,
769                P2P_GO_FREQ_MOVE_MAX = P2P_GO_FREQ_MOVE_STAY,
770        } p2p_go_freq_change_policy;
771
772#define DEFAULT_P2P_GO_FREQ_MOVE P2P_GO_FREQ_MOVE_STAY
773
774        /**
775         * p2p_passphrase_len - Passphrase length (8..63) for P2P GO
776         *
777         * This parameter controls the length of the random passphrase that is
778         * generated at the GO.
779         */
780        unsigned int p2p_passphrase_len;
781
782        /**
783         * bss_max_count - Maximum number of BSS entries to keep in memory
784         */
785        unsigned int bss_max_count;
786
787        /**
788         * bss_expiration_age - BSS entry age after which it can be expired
789         *
790         * This value controls the time in seconds after which a BSS entry
791         * gets removed if it has not been updated or is not in use.
792         */
793        unsigned int bss_expiration_age;
794
795        /**
796         * bss_expiration_scan_count - Expire BSS after number of scans
797         *
798         * If the BSS entry has not been seen in this many scans, it will be
799         * removed. A value of 1 means that entry is removed after the first
800         * scan in which the BSSID is not seen. Larger values can be used
801         * to avoid BSS entries disappearing if they are not visible in
802         * every scan (e.g., low signal quality or interference).
803         */
804        unsigned int bss_expiration_scan_count;
805
806        /**
807         * filter_ssids - SSID-based scan result filtering
808         *
809         *   0 = do not filter scan results
810         *   1 = only include configured SSIDs in scan results/BSS table
811         */
812        int filter_ssids;
813
814        /**
815         * filter_rssi - RSSI-based scan result filtering
816         *
817         * 0 = do not filter scan results
818         * -n = filter scan results below -n dBm
819         */
820        int filter_rssi;
821
822        /**
823         * max_num_sta - Maximum number of STAs in an AP/P2P GO
824         */
825        unsigned int max_num_sta;
826
827        /**
828         * freq_list - Array of allowed scan frequencies or %NULL for all
829         *
830         * This is an optional zero-terminated array of frequencies in
831         * megahertz (MHz) to allow for narrowing scanning range.
832         */
833        int *freq_list;
834
835        /**
836         * scan_cur_freq - Whether to scan only the current channel
837         *
838         * If true, attempt to scan only the current channel if any other
839         * VIFs on this radio are already associated on a particular channel.
840         */
841        int scan_cur_freq;
842
843        /**
844         * changed_parameters - Bitmap of changed parameters since last update
845         */
846        unsigned int changed_parameters;
847
848        /**
849         * disassoc_low_ack - Disassocicate stations with massive packet loss
850         */
851        int disassoc_low_ack;
852
853        /**
854         * interworking - Whether Interworking (IEEE 802.11u) is enabled
855         */
856        int interworking;
857
858        /**
859         * access_network_type - Access Network Type
860         *
861         * When Interworking is enabled, scans will be limited to APs that
862         * advertise the specified Access Network Type (0..15; with 15
863         * indicating wildcard match).
864         */
865        int access_network_type;
866
867        /**
868         * hessid - Homogenous ESS identifier
869         *
870         * If this is set (any octet is non-zero), scans will be used to
871         * request response only from BSSes belonging to the specified
872         * Homogeneous ESS. This is used only if interworking is enabled.
873         */
874        u8 hessid[ETH_ALEN];
875
876        /**
877         * hs20 - Hotspot 2.0
878         */
879        int hs20;
880
881        /**
882         * pbc_in_m1 - AP mode WPS probing workaround for PBC with Windows 7
883         *
884         * Windows 7 uses incorrect way of figuring out AP's WPS capabilities
885         * by acting as a Registrar and using M1 from the AP. The config
886         * methods attribute in that message is supposed to indicate only the
887         * configuration method supported by the AP in Enrollee role, i.e., to
888         * add an external Registrar. For that case, PBC shall not be used and
889         * as such, the PushButton config method is removed from M1 by default.
890         * If pbc_in_m1=1 is included in the configuration file, the PushButton
891         * config method is left in M1 (if included in config_methods
892         * parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from
893         * a label in the AP).
894         */
895        int pbc_in_m1;
896
897        /**
898         * autoscan - Automatic scan parameters or %NULL if none
899         *
900         * This is an optional set of parameters for automatic scanning
901         * within an interface in following format:
902         * <autoscan module name>:<module parameters>
903         */
904        char *autoscan;
905
906        /**
907         * wps_nfc_pw_from_config - NFC Device Password was read from config
908         *
909         * This parameter can be determined whether the NFC Device Password was
910         * included in the configuration (1) or generated dynamically (0). Only
911         * the former case is re-written back to the configuration file.
912         */
913        int wps_nfc_pw_from_config;
914
915        /**
916         * wps_nfc_dev_pw_id - NFC Device Password ID for password token
917         */
918        int wps_nfc_dev_pw_id;
919
920        /**
921         * wps_nfc_dh_pubkey - NFC DH Public Key for password token
922         */
923        struct wpabuf *wps_nfc_dh_pubkey;
924
925        /**
926         * wps_nfc_dh_privkey - NFC DH Private Key for password token
927         */
928        struct wpabuf *wps_nfc_dh_privkey;
929
930        /**
931         * wps_nfc_dev_pw - NFC Device Password for password token
932         */
933        struct wpabuf *wps_nfc_dev_pw;
934
935        /**
936         * ext_password_backend - External password backend or %NULL if none
937         *
938         * format: <backend name>[:<optional backend parameters>]
939         */
940        char *ext_password_backend;
941
942        /*
943         * p2p_go_max_inactivity - Timeout in seconds to detect STA inactivity
944         *
945         * This timeout value is used in P2P GO mode to clean up
946         * inactive stations.
947         * By default: 300 seconds.
948         */
949        int p2p_go_max_inactivity;
950
951        struct hostapd_wmm_ac_params wmm_ac_params[4];
952
953        /**
954         * auto_interworking - Whether to use network selection automatically
955         *
956         * 0 = do not automatically go through Interworking network selection
957         *     (i.e., require explicit interworking_select command for this)
958         * 1 = perform Interworking network selection if one or more
959         *     credentials have been configured and scan did not find a
960         *     matching network block
961         */
962        int auto_interworking;
963
964        /**
965         * p2p_go_ht40 - Default mode for HT40 enable when operating as GO.
966         *
967         * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
968         * Note that regulatory constraints and driver capabilities are
969         * consulted anyway, so setting it to 1 can't do real harm.
970         * By default: 0 (disabled)
971         */
972        int p2p_go_ht40;
973
974        /**
975         * p2p_go_vht - Default mode for VHT enable when operating as GO
976         *
977         * This will take effect for p2p_group_add, p2p_connect, and p2p_invite.
978         * Note that regulatory constraints and driver capabilities are
979         * consulted anyway, so setting it to 1 can't do real harm.
980         * By default: 0 (disabled)
981         */
982        int p2p_go_vht;
983
984        /**
985         * p2p_go_ctwindow - CTWindow to use when operating as GO
986         *
987         * By default: 0 (no CTWindow). Values 0-127 can be used to indicate
988         * the length of the CTWindow in TUs.
989         */
990        int p2p_go_ctwindow;
991
992        /**
993         * p2p_disabled - Whether P2P operations are disabled for this interface
994         */
995        int p2p_disabled;
996
997        /**
998         * p2p_no_group_iface - Whether group interfaces can be used
999         *
1000         * By default, wpa_supplicant will create a separate interface for P2P
1001         * group operations if the driver supports this. This functionality can
1002         * be disabled by setting this parameter to 1. In that case, the same
1003         * interface that was used for the P2P management operations is used
1004         * also for the group operation.
1005         */
1006        int p2p_no_group_iface;
1007
1008        /**
1009         * p2p_cli_probe - Enable/disable P2P CLI probe request handling
1010         *
1011         * If this parameter is set to 1, a connected P2P Client will receive
1012         * and handle Probe Request frames. Setting this parameter to 0
1013         * disables this option. Default value: 0.
1014         *
1015         * Note: Setting this property at run time takes effect on the following
1016         * interface state transition to/from the WPA_COMPLETED state.
1017         */
1018        int p2p_cli_probe;
1019
1020        /**
1021         * okc - Whether to enable opportunistic key caching by default
1022         *
1023         * By default, OKC is disabled unless enabled by the per-network
1024         * proactive_key_caching=1 parameter. okc=1 can be used to change this
1025         * default behavior.
1026         */
1027        int okc;
1028
1029        /**
1030         * pmf - Whether to enable/require PMF by default
1031         *
1032         * By default, PMF is disabled unless enabled by the per-network
1033         * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change
1034         * this default behavior.
1035         */
1036        enum mfp_options pmf;
1037
1038        /**
1039         * sae_groups - Preference list of enabled groups for SAE
1040         *
1041         * By default (if this parameter is not set), the mandatory group 19
1042         * (ECC group defined over a 256-bit prime order field) is preferred,
1043         * but other groups are also enabled. If this parameter is set, the
1044         * groups will be tried in the indicated order.
1045         */
1046        int *sae_groups;
1047
1048        /**
1049         * dtim_period - Default DTIM period in Beacon intervals
1050         *
1051         * This parameter can be used to set the default value for network
1052         * blocks that do not specify dtim_period.
1053         */
1054        int dtim_period;
1055
1056        /**
1057         * beacon_int - Default Beacon interval in TU
1058         *
1059         * This parameter can be used to set the default value for network
1060         * blocks that do not specify beacon_int.
1061         */
1062        int beacon_int;
1063
1064        /**
1065         * ap_vendor_elements: Vendor specific elements for Beacon/ProbeResp
1066         *
1067         * This parameter can be used to define additional vendor specific
1068         * elements for Beacon and Probe Response frames in AP/P2P GO mode. The
1069         * format for these element(s) is a hexdump of the raw information
1070         * elements (id+len+payload for one or more elements).
1071         */
1072        struct wpabuf *ap_vendor_elements;
1073
1074        /**
1075         * ignore_old_scan_res - Ignore scan results older than request
1076         *
1077         * The driver may have a cache of scan results that makes it return
1078         * information that is older than our scan trigger. This parameter can
1079         * be used to configure such old information to be ignored instead of
1080         * allowing it to update the internal BSS table.
1081         */
1082        int ignore_old_scan_res;
1083
1084        /**
1085         * sched_scan_interval -  schedule scan interval
1086         */
1087        unsigned int sched_scan_interval;
1088
1089        /**
1090         * tdls_external_control - External control for TDLS setup requests
1091         *
1092         * Enable TDLS mode where external programs are given the control
1093         * to specify the TDLS link to get established to the driver. The
1094         * driver requests the TDLS setup to the supplicant only for the
1095         * specified TDLS peers.
1096         */
1097        int tdls_external_control;
1098
1099        u8 ip_addr_go[4];
1100        u8 ip_addr_mask[4];
1101        u8 ip_addr_start[4];
1102        u8 ip_addr_end[4];
1103
1104        /**
1105         * osu_dir - OSU provider information directory
1106         *
1107         * If set, allow FETCH_OSU control interface command to be used to fetch
1108         * OSU provider information into all APs and store the results in this
1109         * directory.
1110         */
1111        char *osu_dir;
1112
1113        /**
1114         * wowlan_triggers - Wake-on-WLAN triggers
1115         *
1116         * If set, these wowlan triggers will be configured.
1117         */
1118        char *wowlan_triggers;
1119
1120        /**
1121         * p2p_search_delay - Extra delay between concurrent search iterations
1122         *
1123         * Add extra delay (in milliseconds) between search iterations when
1124         * there is a concurrent operation to make p2p_find friendlier to
1125         * concurrent operations by avoiding it from taking 100% of radio
1126         * resources.
1127         */
1128        unsigned int p2p_search_delay;
1129
1130        /**
1131         * mac_addr - MAC address policy default
1132         *
1133         * 0 = use permanent MAC address
1134         * 1 = use random MAC address for each ESS connection
1135         * 2 = like 1, but maintain OUI (with local admin bit set)
1136         *
1137         * By default, permanent MAC address is used unless policy is changed by
1138         * the per-network mac_addr parameter. Global mac_addr=1 can be used to
1139         * change this default behavior.
1140         */
1141        int mac_addr;
1142
1143        /**
1144         * rand_addr_lifetime - Lifetime of random MAC address in seconds
1145         */
1146        unsigned int rand_addr_lifetime;
1147
1148        /**
1149         * preassoc_mac_addr - Pre-association MAC address policy
1150         *
1151         * 0 = use permanent MAC address
1152         * 1 = use random MAC address
1153         * 2 = like 1, but maintain OUI (with local admin bit set)
1154         */
1155        int preassoc_mac_addr;
1156
1157        /**
1158         * key_mgmt_offload - Use key management offload
1159         *
1160         * Key management offload should be used if the device supports it.
1161         * Key management offload is the capability of a device operating as
1162         * a station to do the exchange necessary to establish temporal keys
1163         * during initial RSN connection, after roaming, or during a PTK
1164         * rekeying operation.
1165         */
1166        int key_mgmt_offload;
1167
1168        /**
1169         * user_mpm - MPM residency
1170         *
1171         * 0: MPM lives in driver.
1172         * 1: wpa_supplicant handles peering and station allocation.
1173         *
1174         * If AMPE or SAE is enabled, the MPM is always in userspace.
1175         */
1176        int user_mpm;
1177
1178        /**
1179         * max_peer_links - Maximum number of peer links
1180         *
1181         * Maximum number of mesh peering currently maintained by the STA.
1182         */
1183        int max_peer_links;
1184
1185        /**
1186         * cert_in_cb - Whether to include a peer certificate dump in events
1187         *
1188         * This controls whether peer certificates for authentication server and
1189         * its certificate chain are included in EAP peer certificate events.
1190         */
1191        int cert_in_cb;
1192
1193        /**
1194         * mesh_max_inactivity - Timeout in seconds to detect STA inactivity
1195         *
1196         * This timeout value is used in mesh STA to clean up inactive stations.
1197         * By default: 300 seconds.
1198         */
1199        int mesh_max_inactivity;
1200
1201        /**
1202         * dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame
1203         *
1204         * This timeout value is used in mesh STA to retransmit
1205         * SAE Authentication frame.
1206         * By default: 1000 milliseconds.
1207         */
1208        int dot11RSNASAERetransPeriod;
1209
1210        /**
1211         * passive_scan - Whether to force passive scan for network connection
1212         *
1213         * This parameter can be used to force only passive scanning to be used
1214         * for network connection cases. It should be noted that this will slow
1215         * down scan operations and reduce likelihood of finding the AP. In
1216         * addition, some use cases will override this due to functional
1217         * requirements, e.g., for finding an AP that uses hidden SSID
1218         * (scan_ssid=1) or P2P device discovery.
1219         */
1220        int passive_scan;
1221
1222        /**
1223         * reassoc_same_bss_optim - Whether to optimize reassoc-to-same-BSS
1224         */
1225        int reassoc_same_bss_optim;
1226
1227        /**
1228         * wps_priority - Priority for the networks added through WPS
1229         *
1230         * This priority value will be set to each network profile that is added
1231         * by executing the WPS protocol.
1232         */
1233        int wps_priority;
1234
1235        /**
1236         * fst_group_id - FST group ID
1237         */
1238        char *fst_group_id;
1239
1240        /**
1241         * fst_priority - priority of the interface within the FST group
1242         */
1243        int fst_priority;
1244
1245        /**
1246         * fst_llt - default FST LLT (Link-Lost Timeout) to be used for the
1247         * interface.
1248         */
1249        int fst_llt;
1250};
1251
1252
1253/* Prototypes for common functions from config.c */
1254
1255void wpa_config_free(struct wpa_config *ssid);
1256void wpa_config_free_ssid(struct wpa_ssid *ssid);
1257void wpa_config_foreach_network(struct wpa_config *config,
1258                                void (*func)(void *, struct wpa_ssid *),
1259                                void *arg);
1260struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id);
1261struct wpa_ssid * wpa_config_add_network(struct wpa_config *config);
1262int wpa_config_remove_network(struct wpa_config *config, int id);
1263void wpa_config_set_network_defaults(struct wpa_ssid *ssid);
1264int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value,
1265                   int line);
1266int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var,
1267                          const char *value);
1268int wpa_config_dump_values(struct wpa_config *config, char *buf,
1269                           size_t buflen);
1270int wpa_config_get_value(const char *name, struct wpa_config *config,
1271                         char *buf, size_t buflen);
1272
1273char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys);
1274char * wpa_config_get(struct wpa_ssid *ssid, const char *var);
1275char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var);
1276void wpa_config_update_psk(struct wpa_ssid *ssid);
1277int wpa_config_add_prio_network(struct wpa_config *config,
1278                                struct wpa_ssid *ssid);
1279int wpa_config_update_prio_list(struct wpa_config *config);
1280const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config,
1281                                                   const char *name);
1282void wpa_config_set_blob(struct wpa_config *config,
1283                         struct wpa_config_blob *blob);
1284void wpa_config_free_blob(struct wpa_config_blob *blob);
1285int wpa_config_remove_blob(struct wpa_config *config, const char *name);
1286void wpa_config_flush_blobs(struct wpa_config *config);
1287
1288struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id);
1289struct wpa_cred * wpa_config_add_cred(struct wpa_config *config);
1290int wpa_config_remove_cred(struct wpa_config *config, int id);
1291void wpa_config_free_cred(struct wpa_cred *cred);
1292int wpa_config_set_cred(struct wpa_cred *cred, const char *var,
1293                        const char *value, int line);
1294char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var);
1295
1296struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface,
1297                                           const char *driver_param);
1298#ifndef CONFIG_NO_STDOUT_DEBUG
1299void wpa_config_debug_dump_networks(struct wpa_config *config);
1300#else /* CONFIG_NO_STDOUT_DEBUG */
1301#define wpa_config_debug_dump_networks(c) do { } while (0)
1302#endif /* CONFIG_NO_STDOUT_DEBUG */
1303
1304
1305/* Prototypes for common functions from config.c */
1306int wpa_config_process_global(struct wpa_config *config, char *pos, int line);
1307
1308
1309/* Prototypes for backend specific functions from the selected config_*.c */
1310
1311/**
1312 * wpa_config_read - Read and parse configuration database
1313 * @name: Name of the configuration (e.g., path and file name for the
1314 * configuration file)
1315 * @cfgp: Pointer to previously allocated configuration data or %NULL if none
1316 * Returns: Pointer to allocated configuration data or %NULL on failure
1317 *
1318 * This function reads configuration data, parses its contents, and allocates
1319 * data structures needed for storing configuration information. The allocated
1320 * data can be freed with wpa_config_free().
1321 *
1322 * Each configuration backend needs to implement this function.
1323 */
1324struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp);
1325
1326/**
1327 * wpa_config_write - Write or update configuration data
1328 * @name: Name of the configuration (e.g., path and file name for the
1329 * configuration file)
1330 * @config: Configuration data from wpa_config_read()
1331 * Returns: 0 on success, -1 on failure
1332 *
1333 * This function write all configuration data into an external database (e.g.,
1334 * a text file) in a format that can be read with wpa_config_read(). This can
1335 * be used to allow wpa_supplicant to update its configuration, e.g., when a
1336 * new network is added or a password is changed.
1337 *
1338 * Each configuration backend needs to implement this function.
1339 */
1340int wpa_config_write(const char *name, struct wpa_config *config);
1341
1342#endif /* CONFIG_H */
Note: See TracBrowser for help on using the repository browser.