1 | /* |
---|
2 | * WPA Supplicant / Configuration file structures |
---|
3 | * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> |
---|
4 | * |
---|
5 | * This software may be distributed under the terms of the BSD license. |
---|
6 | * See README for more details. |
---|
7 | */ |
---|
8 | |
---|
9 | #ifndef CONFIG_H |
---|
10 | #define CONFIG_H |
---|
11 | |
---|
12 | #define DEFAULT_EAPOL_VERSION 1 |
---|
13 | #ifdef CONFIG_NO_SCAN_PROCESSING |
---|
14 | #define DEFAULT_AP_SCAN 2 |
---|
15 | #else /* CONFIG_NO_SCAN_PROCESSING */ |
---|
16 | #define DEFAULT_AP_SCAN 1 |
---|
17 | #endif /* CONFIG_NO_SCAN_PROCESSING */ |
---|
18 | #define DEFAULT_USER_MPM 1 |
---|
19 | #define DEFAULT_MAX_PEER_LINKS 99 |
---|
20 | #define DEFAULT_MESH_MAX_INACTIVITY 300 |
---|
21 | /* |
---|
22 | * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard, |
---|
23 | * but use 1000 ms in practice to avoid issues on low power CPUs. |
---|
24 | */ |
---|
25 | #define DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD 1000 |
---|
26 | #define DEFAULT_FAST_REAUTH 1 |
---|
27 | #define DEFAULT_P2P_GO_INTENT 7 |
---|
28 | #define DEFAULT_P2P_INTRA_BSS 1 |
---|
29 | #define DEFAULT_P2P_GO_MAX_INACTIVITY (5 * 60) |
---|
30 | #define DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN 0 |
---|
31 | #define DEFAULT_BSS_MAX_COUNT 200 |
---|
32 | #define DEFAULT_BSS_EXPIRATION_AGE 180 |
---|
33 | #define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2 |
---|
34 | #define DEFAULT_MAX_NUM_STA 128 |
---|
35 | #define DEFAULT_ACCESS_NETWORK_TYPE 15 |
---|
36 | #define DEFAULT_SCAN_CUR_FREQ 0 |
---|
37 | #define DEFAULT_P2P_SEARCH_DELAY 500 |
---|
38 | #define DEFAULT_RAND_ADDR_LIFETIME 60 |
---|
39 | #define DEFAULT_KEY_MGMT_OFFLOAD 1 |
---|
40 | #define DEFAULT_CERT_IN_CB 1 |
---|
41 | #define DEFAULT_P2P_GO_CTWINDOW 0 |
---|
42 | |
---|
43 | #include "config_ssid.h" |
---|
44 | #include "wps/wps.h" |
---|
45 | #include "common/ieee802_11_defs.h" |
---|
46 | #include "common/ieee802_11_common.h" |
---|
47 | |
---|
48 | #ifdef __rtems__ |
---|
49 | #include <machine/rtems-bsd-commands.h> |
---|
50 | #endif /* __rtems__ */ |
---|
51 | |
---|
52 | struct wpa_cred { |
---|
53 | /** |
---|
54 | * next - Next credential in the list |
---|
55 | * |
---|
56 | * This pointer can be used to iterate over all credentials. The head |
---|
57 | * of this list is stored in the cred field of struct wpa_config. |
---|
58 | */ |
---|
59 | struct wpa_cred *next; |
---|
60 | |
---|
61 | /** |
---|
62 | * id - Unique id for the credential |
---|
63 | * |
---|
64 | * This identifier is used as a unique identifier for each credential |
---|
65 | * block when using the control interface. Each credential is allocated |
---|
66 | * an id when it is being created, either when reading the |
---|
67 | * configuration file or when a new credential is added through the |
---|
68 | * control interface. |
---|
69 | */ |
---|
70 | int id; |
---|
71 | |
---|
72 | /** |
---|
73 | * temporary - Whether this credential is temporary and not to be saved |
---|
74 | */ |
---|
75 | int temporary; |
---|
76 | |
---|
77 | /** |
---|
78 | * priority - Priority group |
---|
79 | * |
---|
80 | * By default, all networks and credentials get the same priority group |
---|
81 | * (0). This field can be used to give higher priority for credentials |
---|
82 | * (and similarly in struct wpa_ssid for network blocks) to change the |
---|
83 | * Interworking automatic networking selection behavior. The matching |
---|
84 | * network (based on either an enabled network block or a credential) |
---|
85 | * with the highest priority value will be selected. |
---|
86 | */ |
---|
87 | int priority; |
---|
88 | |
---|
89 | /** |
---|
90 | * pcsc - Use PC/SC and SIM/USIM card |
---|
91 | */ |
---|
92 | int pcsc; |
---|
93 | |
---|
94 | /** |
---|
95 | * realm - Home Realm for Interworking |
---|
96 | */ |
---|
97 | char *realm; |
---|
98 | |
---|
99 | /** |
---|
100 | * username - Username for Interworking network selection |
---|
101 | */ |
---|
102 | char *username; |
---|
103 | |
---|
104 | /** |
---|
105 | * password - Password for Interworking network selection |
---|
106 | */ |
---|
107 | char *password; |
---|
108 | |
---|
109 | /** |
---|
110 | * ext_password - Whether password is a name for external storage |
---|
111 | */ |
---|
112 | int ext_password; |
---|
113 | |
---|
114 | /** |
---|
115 | * ca_cert - CA certificate for Interworking network selection |
---|
116 | */ |
---|
117 | char *ca_cert; |
---|
118 | |
---|
119 | /** |
---|
120 | * client_cert - File path to client certificate file (PEM/DER) |
---|
121 | * |
---|
122 | * This field is used with Interworking networking selection for a case |
---|
123 | * where client certificate/private key is used for authentication |
---|
124 | * (EAP-TLS). Full path to the file should be used since working |
---|
125 | * directory may change when wpa_supplicant is run in the background. |
---|
126 | * |
---|
127 | * Alternatively, a named configuration blob can be used by setting |
---|
128 | * this to blob://blob_name. |
---|
129 | */ |
---|
130 | char *client_cert; |
---|
131 | |
---|
132 | /** |
---|
133 | * private_key - File path to client private key file (PEM/DER/PFX) |
---|
134 | * |
---|
135 | * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be |
---|
136 | * commented out. Both the private key and certificate will be read |
---|
137 | * from the PKCS#12 file in this case. Full path to the file should be |
---|
138 | * used since working directory may change when wpa_supplicant is run |
---|
139 | * in the background. |
---|
140 | * |
---|
141 | * Windows certificate store can be used by leaving client_cert out and |
---|
142 | * configuring private_key in one of the following formats: |
---|
143 | * |
---|
144 | * cert://substring_to_match |
---|
145 | * |
---|
146 | * hash://certificate_thumbprint_in_hex |
---|
147 | * |
---|
148 | * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" |
---|
149 | * |
---|
150 | * Note that when running wpa_supplicant as an application, the user |
---|
151 | * certificate store (My user account) is used, whereas computer store |
---|
152 | * (Computer account) is used when running wpasvc as a service. |
---|
153 | * |
---|
154 | * Alternatively, a named configuration blob can be used by setting |
---|
155 | * this to blob://blob_name. |
---|
156 | */ |
---|
157 | char *private_key; |
---|
158 | |
---|
159 | /** |
---|
160 | * private_key_passwd - Password for private key file |
---|
161 | */ |
---|
162 | char *private_key_passwd; |
---|
163 | |
---|
164 | /** |
---|
165 | * imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format |
---|
166 | */ |
---|
167 | char *imsi; |
---|
168 | |
---|
169 | /** |
---|
170 | * milenage - Milenage parameters for SIM/USIM simulator in |
---|
171 | * <Ki>:<OPc>:<SQN> format |
---|
172 | */ |
---|
173 | char *milenage; |
---|
174 | |
---|
175 | /** |
---|
176 | * domain_suffix_match - Constraint for server domain name |
---|
177 | * |
---|
178 | * If set, this FQDN is used as a suffix match requirement for the AAA |
---|
179 | * server certificate in SubjectAltName dNSName element(s). If a |
---|
180 | * matching dNSName is found, this constraint is met. If no dNSName |
---|
181 | * values are present, this constraint is matched against SubjectName CN |
---|
182 | * using same suffix match comparison. Suffix match here means that the |
---|
183 | * host/domain name is compared one label at a time starting from the |
---|
184 | * top-level domain and all the labels in @domain_suffix_match shall be |
---|
185 | * included in the certificate. The certificate may include additional |
---|
186 | * sub-level labels in addition to the required labels. |
---|
187 | * |
---|
188 | * For example, domain_suffix_match=example.com would match |
---|
189 | * test.example.com but would not match test-example.com. |
---|
190 | */ |
---|
191 | char *domain_suffix_match; |
---|
192 | |
---|
193 | /** |
---|
194 | * domain - Home service provider FQDN(s) |
---|
195 | * |
---|
196 | * This is used to compare against the Domain Name List to figure out |
---|
197 | * whether the AP is operated by the Home SP. Multiple domain entries |
---|
198 | * can be used to configure alternative FQDNs that will be considered |
---|
199 | * home networks. |
---|
200 | */ |
---|
201 | char **domain; |
---|
202 | |
---|
203 | /** |
---|
204 | * num_domain - Number of FQDNs in the domain array |
---|
205 | */ |
---|
206 | size_t num_domain; |
---|
207 | |
---|
208 | /** |
---|
209 | * roaming_consortium - Roaming Consortium OI |
---|
210 | * |
---|
211 | * If roaming_consortium_len is non-zero, this field contains the |
---|
212 | * Roaming Consortium OI that can be used to determine which access |
---|
213 | * points support authentication with this credential. This is an |
---|
214 | * alternative to the use of the realm parameter. When using Roaming |
---|
215 | * Consortium to match the network, the EAP parameters need to be |
---|
216 | * pre-configured with the credential since the NAI Realm information |
---|
217 | * may not be available or fetched. |
---|
218 | */ |
---|
219 | u8 roaming_consortium[15]; |
---|
220 | |
---|
221 | /** |
---|
222 | * roaming_consortium_len - Length of roaming_consortium |
---|
223 | */ |
---|
224 | size_t roaming_consortium_len; |
---|
225 | |
---|
226 | u8 required_roaming_consortium[15]; |
---|
227 | size_t required_roaming_consortium_len; |
---|
228 | |
---|
229 | /** |
---|
230 | * eap_method - EAP method to use |
---|
231 | * |
---|
232 | * Pre-configured EAP method to use with this credential or %NULL to |
---|
233 | * indicate no EAP method is selected, i.e., the method will be |
---|
234 | * selected automatically based on ANQP information. |
---|
235 | */ |
---|
236 | struct eap_method_type *eap_method; |
---|
237 | |
---|
238 | /** |
---|
239 | * phase1 - Phase 1 (outer authentication) parameters |
---|
240 | * |
---|
241 | * Pre-configured EAP parameters or %NULL. |
---|
242 | */ |
---|
243 | char *phase1; |
---|
244 | |
---|
245 | /** |
---|
246 | * phase2 - Phase 2 (inner authentication) parameters |
---|
247 | * |
---|
248 | * Pre-configured EAP parameters or %NULL. |
---|
249 | */ |
---|
250 | char *phase2; |
---|
251 | |
---|
252 | struct excluded_ssid { |
---|
253 | u8 ssid[SSID_MAX_LEN]; |
---|
254 | size_t ssid_len; |
---|
255 | } *excluded_ssid; |
---|
256 | size_t num_excluded_ssid; |
---|
257 | |
---|
258 | struct roaming_partner { |
---|
259 | char fqdn[128]; |
---|
260 | int exact_match; |
---|
261 | u8 priority; |
---|
262 | char country[3]; |
---|
263 | } *roaming_partner; |
---|
264 | size_t num_roaming_partner; |
---|
265 | |
---|
266 | int update_identifier; |
---|
267 | |
---|
268 | /** |
---|
269 | * provisioning_sp - FQDN of the SP that provisioned the credential |
---|
270 | */ |
---|
271 | char *provisioning_sp; |
---|
272 | |
---|
273 | /** |
---|
274 | * sp_priority - Credential priority within a provisioning SP |
---|
275 | * |
---|
276 | * This is the priority of the credential among all credentials |
---|
277 | * provisionined by the same SP (i.e., for entries that have identical |
---|
278 | * provisioning_sp value). The range of this priority is 0-255 with 0 |
---|
279 | * being the highest and 255 the lower priority. |
---|
280 | */ |
---|
281 | int sp_priority; |
---|
282 | |
---|
283 | unsigned int min_dl_bandwidth_home; |
---|
284 | unsigned int min_ul_bandwidth_home; |
---|
285 | unsigned int min_dl_bandwidth_roaming; |
---|
286 | unsigned int min_ul_bandwidth_roaming; |
---|
287 | |
---|
288 | /** |
---|
289 | * max_bss_load - Maximum BSS Load Channel Utilization (1..255) |
---|
290 | * This value is used as the maximum channel utilization for network |
---|
291 | * selection purposes for home networks. If the AP does not advertise |
---|
292 | * BSS Load or if the limit would prevent any connection, this |
---|
293 | * constraint will be ignored. |
---|
294 | */ |
---|
295 | unsigned int max_bss_load; |
---|
296 | |
---|
297 | unsigned int num_req_conn_capab; |
---|
298 | u8 *req_conn_capab_proto; |
---|
299 | int **req_conn_capab_port; |
---|
300 | |
---|
301 | /** |
---|
302 | * ocsp - Whether to use/require OCSP to check server certificate |
---|
303 | * |
---|
304 | * 0 = do not use OCSP stapling (TLS certificate status extension) |
---|
305 | * 1 = try to use OCSP stapling, but not require response |
---|
306 | * 2 = require valid OCSP stapling response |
---|
307 | */ |
---|
308 | int ocsp; |
---|
309 | |
---|
310 | /** |
---|
311 | * sim_num - User selected SIM identifier |
---|
312 | * |
---|
313 | * This variable is used for identifying which SIM is used if the system |
---|
314 | * has more than one. |
---|
315 | */ |
---|
316 | int sim_num; |
---|
317 | }; |
---|
318 | |
---|
319 | |
---|
320 | #define CFG_CHANGED_DEVICE_NAME BIT(0) |
---|
321 | #define CFG_CHANGED_CONFIG_METHODS BIT(1) |
---|
322 | #define CFG_CHANGED_DEVICE_TYPE BIT(2) |
---|
323 | #define CFG_CHANGED_OS_VERSION BIT(3) |
---|
324 | #define CFG_CHANGED_UUID BIT(4) |
---|
325 | #define CFG_CHANGED_COUNTRY BIT(5) |
---|
326 | #define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6) |
---|
327 | #define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7) |
---|
328 | #define CFG_CHANGED_WPS_STRING BIT(8) |
---|
329 | #define CFG_CHANGED_P2P_INTRA_BSS BIT(9) |
---|
330 | #define CFG_CHANGED_VENDOR_EXTENSION BIT(10) |
---|
331 | #define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11) |
---|
332 | #define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12) |
---|
333 | #define CFG_CHANGED_P2P_PREF_CHAN BIT(13) |
---|
334 | #define CFG_CHANGED_EXT_PW_BACKEND BIT(14) |
---|
335 | #define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15) |
---|
336 | #define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16) |
---|
337 | |
---|
338 | /** |
---|
339 | * struct wpa_config - wpa_supplicant configuration data |
---|
340 | * |
---|
341 | * This data structure is presents the per-interface (radio) configuration |
---|
342 | * data. In many cases, there is only one struct wpa_config instance, but if |
---|
343 | * more than one network interface is being controlled, one instance is used |
---|
344 | * for each. |
---|
345 | */ |
---|
346 | struct wpa_config { |
---|
347 | /** |
---|
348 | * ssid - Head of the global network list |
---|
349 | * |
---|
350 | * This is the head for the list of all the configured networks. |
---|
351 | */ |
---|
352 | struct wpa_ssid *ssid; |
---|
353 | |
---|
354 | /** |
---|
355 | * pssid - Per-priority network lists (in priority order) |
---|
356 | */ |
---|
357 | struct wpa_ssid **pssid; |
---|
358 | |
---|
359 | /** |
---|
360 | * num_prio - Number of different priorities used in the pssid lists |
---|
361 | * |
---|
362 | * This indicates how many per-priority network lists are included in |
---|
363 | * pssid. |
---|
364 | */ |
---|
365 | int num_prio; |
---|
366 | |
---|
367 | /** |
---|
368 | * cred - Head of the credential list |
---|
369 | * |
---|
370 | * This is the head for the list of all the configured credentials. |
---|
371 | */ |
---|
372 | struct wpa_cred *cred; |
---|
373 | |
---|
374 | /** |
---|
375 | * eapol_version - IEEE 802.1X/EAPOL version number |
---|
376 | * |
---|
377 | * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which |
---|
378 | * defines EAPOL version 2. However, there are many APs that do not |
---|
379 | * handle the new version number correctly (they seem to drop the |
---|
380 | * frames completely). In order to make wpa_supplicant interoperate |
---|
381 | * with these APs, the version number is set to 1 by default. This |
---|
382 | * configuration value can be used to set it to the new version (2). |
---|
383 | */ |
---|
384 | int eapol_version; |
---|
385 | |
---|
386 | /** |
---|
387 | * ap_scan - AP scanning/selection |
---|
388 | * |
---|
389 | * By default, wpa_supplicant requests driver to perform AP |
---|
390 | * scanning and then uses the scan results to select a |
---|
391 | * suitable AP. Another alternative is to allow the driver to |
---|
392 | * take care of AP scanning and selection and use |
---|
393 | * wpa_supplicant just to process EAPOL frames based on IEEE |
---|
394 | * 802.11 association information from the driver. |
---|
395 | * |
---|
396 | * 1: wpa_supplicant initiates scanning and AP selection (default). |
---|
397 | * |
---|
398 | * 0: Driver takes care of scanning, AP selection, and IEEE 802.11 |
---|
399 | * association parameters (e.g., WPA IE generation); this mode can |
---|
400 | * also be used with non-WPA drivers when using IEEE 802.1X mode; |
---|
401 | * do not try to associate with APs (i.e., external program needs |
---|
402 | * to control association). This mode must also be used when using |
---|
403 | * wired Ethernet drivers. |
---|
404 | * |
---|
405 | * 2: like 0, but associate with APs using security policy and SSID |
---|
406 | * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS |
---|
407 | * drivers to enable operation with hidden SSIDs and optimized roaming; |
---|
408 | * in this mode, the network blocks in the configuration are tried |
---|
409 | * one by one until the driver reports successful association; each |
---|
410 | * network block should have explicit security policy (i.e., only one |
---|
411 | * option in the lists) for key_mgmt, pairwise, group, proto variables. |
---|
412 | * |
---|
413 | * Note: ap_scan=2 should not be used with the nl80211 driver interface |
---|
414 | * (the current Linux interface). ap_scan=1 is optimized work working |
---|
415 | * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in |
---|
416 | * the network block can be used with nl80211. |
---|
417 | */ |
---|
418 | int ap_scan; |
---|
419 | |
---|
420 | /** |
---|
421 | * bgscan - Background scan and roaming parameters or %NULL if none |
---|
422 | * |
---|
423 | * This is an optional set of parameters for background scanning and |
---|
424 | * roaming within a network (ESS). For more detailed information see |
---|
425 | * ssid block documentation. |
---|
426 | * |
---|
427 | * The variable defines default bgscan behavior for all BSS station |
---|
428 | * networks except for those which have their own bgscan configuration. |
---|
429 | */ |
---|
430 | char *bgscan; |
---|
431 | |
---|
432 | /** |
---|
433 | * disable_scan_offload - Disable automatic offloading of scan requests |
---|
434 | * |
---|
435 | * By default, %wpa_supplicant tries to offload scanning if the driver |
---|
436 | * indicates support for this (sched_scan). This configuration |
---|
437 | * parameter can be used to disable this offloading mechanism. |
---|
438 | */ |
---|
439 | int disable_scan_offload; |
---|
440 | |
---|
441 | /** |
---|
442 | * ctrl_interface - Parameters for the control interface |
---|
443 | * |
---|
444 | * If this is specified, %wpa_supplicant will open a control interface |
---|
445 | * that is available for external programs to manage %wpa_supplicant. |
---|
446 | * The meaning of this string depends on which control interface |
---|
447 | * mechanism is used. For all cases, the existence of this parameter |
---|
448 | * in configuration is used to determine whether the control interface |
---|
449 | * is enabled. |
---|
450 | * |
---|
451 | * For UNIX domain sockets (default on Linux and BSD): This is a |
---|
452 | * directory that will be created for UNIX domain sockets for listening |
---|
453 | * to requests from external programs (CLI/GUI, etc.) for status |
---|
454 | * information and configuration. The socket file will be named based |
---|
455 | * on the interface name, so multiple %wpa_supplicant processes can be |
---|
456 | * run at the same time if more than one interface is used. |
---|
457 | * /var/run/wpa_supplicant is the recommended directory for sockets and |
---|
458 | * by default, wpa_cli will use it when trying to connect with |
---|
459 | * %wpa_supplicant. |
---|
460 | * |
---|
461 | * Access control for the control interface can be configured |
---|
462 | * by setting the directory to allow only members of a group |
---|
463 | * to use sockets. This way, it is possible to run |
---|
464 | * %wpa_supplicant as root (since it needs to change network |
---|
465 | * configuration and open raw sockets) and still allow GUI/CLI |
---|
466 | * components to be run as non-root users. However, since the |
---|
467 | * control interface can be used to change the network |
---|
468 | * configuration, this access needs to be protected in many |
---|
469 | * cases. By default, %wpa_supplicant is configured to use gid |
---|
470 | * 0 (root). If you want to allow non-root users to use the |
---|
471 | * control interface, add a new group and change this value to |
---|
472 | * match with that group. Add users that should have control |
---|
473 | * interface access to this group. |
---|
474 | * |
---|
475 | * When configuring both the directory and group, use following format: |
---|
476 | * DIR=/var/run/wpa_supplicant GROUP=wheel |
---|
477 | * DIR=/var/run/wpa_supplicant GROUP=0 |
---|
478 | * (group can be either group name or gid) |
---|
479 | * |
---|
480 | * For UDP connections (default on Windows): The value will be ignored. |
---|
481 | * This variable is just used to select that the control interface is |
---|
482 | * to be created. The value can be set to, e.g., udp |
---|
483 | * (ctrl_interface=udp). |
---|
484 | * |
---|
485 | * For Windows Named Pipe: This value can be used to set the security |
---|
486 | * descriptor for controlling access to the control interface. Security |
---|
487 | * descriptor can be set using Security Descriptor String Format (see |
---|
488 | * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). |
---|
489 | * The descriptor string needs to be prefixed with SDDL=. For example, |
---|
490 | * ctrl_interface=SDDL=D: would set an empty DACL (which will reject |
---|
491 | * all connections). |
---|
492 | */ |
---|
493 | char *ctrl_interface; |
---|
494 | |
---|
495 | /** |
---|
496 | * ctrl_interface_group - Control interface group (DEPRECATED) |
---|
497 | * |
---|
498 | * This variable is only used for backwards compatibility. Group for |
---|
499 | * UNIX domain sockets should now be specified using GROUP=group in |
---|
500 | * ctrl_interface variable. |
---|
501 | */ |
---|
502 | char *ctrl_interface_group; |
---|
503 | |
---|
504 | /** |
---|
505 | * fast_reauth - EAP fast re-authentication (session resumption) |
---|
506 | * |
---|
507 | * By default, fast re-authentication is enabled for all EAP methods |
---|
508 | * that support it. This variable can be used to disable fast |
---|
509 | * re-authentication (by setting fast_reauth=0). Normally, there is no |
---|
510 | * need to disable fast re-authentication. |
---|
511 | */ |
---|
512 | int fast_reauth; |
---|
513 | |
---|
514 | /** |
---|
515 | * opensc_engine_path - Path to the OpenSSL engine for opensc |
---|
516 | * |
---|
517 | * This is an OpenSSL specific configuration option for loading OpenSC |
---|
518 | * engine (engine_opensc.so); if %NULL, this engine is not loaded. |
---|
519 | */ |
---|
520 | char *opensc_engine_path; |
---|
521 | |
---|
522 | /** |
---|
523 | * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 |
---|
524 | * |
---|
525 | * This is an OpenSSL specific configuration option for loading PKCS#11 |
---|
526 | * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. |
---|
527 | */ |
---|
528 | char *pkcs11_engine_path; |
---|
529 | |
---|
530 | /** |
---|
531 | * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module |
---|
532 | * |
---|
533 | * This is an OpenSSL specific configuration option for configuring |
---|
534 | * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this |
---|
535 | * module is not loaded. |
---|
536 | */ |
---|
537 | char *pkcs11_module_path; |
---|
538 | |
---|
539 | /** |
---|
540 | * openssl_ciphers - OpenSSL cipher string |
---|
541 | * |
---|
542 | * This is an OpenSSL specific configuration option for configuring the |
---|
543 | * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the |
---|
544 | * default. |
---|
545 | */ |
---|
546 | char *openssl_ciphers; |
---|
547 | |
---|
548 | /** |
---|
549 | * pcsc_reader - PC/SC reader name prefix |
---|
550 | * |
---|
551 | * If not %NULL, PC/SC reader with a name that matches this prefix is |
---|
552 | * initialized for SIM/USIM access. Empty string can be used to match |
---|
553 | * the first available reader. |
---|
554 | */ |
---|
555 | char *pcsc_reader; |
---|
556 | |
---|
557 | /** |
---|
558 | * pcsc_pin - PIN for USIM, GSM SIM, and smartcards |
---|
559 | * |
---|
560 | * This field is used to configure PIN for SIM/USIM for EAP-SIM and |
---|
561 | * EAP-AKA. If left out, this will be asked through control interface. |
---|
562 | */ |
---|
563 | char *pcsc_pin; |
---|
564 | |
---|
565 | /** |
---|
566 | * external_sim - Use external processing for SIM/USIM operations |
---|
567 | */ |
---|
568 | int external_sim; |
---|
569 | |
---|
570 | /** |
---|
571 | * driver_param - Driver interface parameters |
---|
572 | * |
---|
573 | * This text string is passed to the selected driver interface with the |
---|
574 | * optional struct wpa_driver_ops::set_param() handler. This can be |
---|
575 | * used to configure driver specific options without having to add new |
---|
576 | * driver interface functionality. |
---|
577 | */ |
---|
578 | char *driver_param; |
---|
579 | |
---|
580 | /** |
---|
581 | * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK |
---|
582 | * |
---|
583 | * dot11 MIB variable for the maximum lifetime of a PMK in the PMK |
---|
584 | * cache (unit: seconds). |
---|
585 | */ |
---|
586 | unsigned int dot11RSNAConfigPMKLifetime; |
---|
587 | |
---|
588 | /** |
---|
589 | * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold |
---|
590 | * |
---|
591 | * dot11 MIB variable for the percentage of the PMK lifetime |
---|
592 | * that should expire before an IEEE 802.1X reauthentication occurs. |
---|
593 | */ |
---|
594 | unsigned int dot11RSNAConfigPMKReauthThreshold; |
---|
595 | |
---|
596 | /** |
---|
597 | * dot11RSNAConfigSATimeout - Security association timeout |
---|
598 | * |
---|
599 | * dot11 MIB variable for the maximum time a security association |
---|
600 | * shall take to set up (unit: seconds). |
---|
601 | */ |
---|
602 | unsigned int dot11RSNAConfigSATimeout; |
---|
603 | |
---|
604 | /** |
---|
605 | * update_config - Is wpa_supplicant allowed to update configuration |
---|
606 | * |
---|
607 | * This variable control whether wpa_supplicant is allow to re-write |
---|
608 | * its configuration with wpa_config_write(). If this is zero, |
---|
609 | * configuration data is only changed in memory and the external data |
---|
610 | * is not overriden. If this is non-zero, wpa_supplicant will update |
---|
611 | * the configuration data (e.g., a file) whenever configuration is |
---|
612 | * changed. This update may replace the old configuration which can |
---|
613 | * remove comments from it in case of a text file configuration. |
---|
614 | */ |
---|
615 | int update_config; |
---|
616 | |
---|
617 | /** |
---|
618 | * blobs - Configuration blobs |
---|
619 | */ |
---|
620 | struct wpa_config_blob *blobs; |
---|
621 | |
---|
622 | /** |
---|
623 | * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS |
---|
624 | */ |
---|
625 | u8 uuid[16]; |
---|
626 | |
---|
627 | /** |
---|
628 | * device_name - Device Name (WPS) |
---|
629 | * User-friendly description of device; up to 32 octets encoded in |
---|
630 | * UTF-8 |
---|
631 | */ |
---|
632 | char *device_name; |
---|
633 | |
---|
634 | /** |
---|
635 | * manufacturer - Manufacturer (WPS) |
---|
636 | * The manufacturer of the device (up to 64 ASCII characters) |
---|
637 | */ |
---|
638 | char *manufacturer; |
---|
639 | |
---|
640 | /** |
---|
641 | * model_name - Model Name (WPS) |
---|
642 | * Model of the device (up to 32 ASCII characters) |
---|
643 | */ |
---|
644 | char *model_name; |
---|
645 | |
---|
646 | /** |
---|
647 | * model_number - Model Number (WPS) |
---|
648 | * Additional device description (up to 32 ASCII characters) |
---|
649 | */ |
---|
650 | char *model_number; |
---|
651 | |
---|
652 | /** |
---|
653 | * serial_number - Serial Number (WPS) |
---|
654 | * Serial number of the device (up to 32 characters) |
---|
655 | */ |
---|
656 | char *serial_number; |
---|
657 | |
---|
658 | /** |
---|
659 | * device_type - Primary Device Type (WPS) |
---|
660 | */ |
---|
661 | u8 device_type[WPS_DEV_TYPE_LEN]; |
---|
662 | |
---|
663 | /** |
---|
664 | * config_methods - Config Methods |
---|
665 | * |
---|
666 | * This is a space-separated list of supported WPS configuration |
---|
667 | * methods. For example, "label virtual_display virtual_push_button |
---|
668 | * keypad". |
---|
669 | * Available methods: usba ethernet label display ext_nfc_token |
---|
670 | * int_nfc_token nfc_interface push_button keypad |
---|
671 | * virtual_display physical_display |
---|
672 | * virtual_push_button physical_push_button. |
---|
673 | */ |
---|
674 | char *config_methods; |
---|
675 | |
---|
676 | /** |
---|
677 | * os_version - OS Version (WPS) |
---|
678 | * 4-octet operating system version number |
---|
679 | */ |
---|
680 | u8 os_version[4]; |
---|
681 | |
---|
682 | /** |
---|
683 | * country - Country code |
---|
684 | * |
---|
685 | * This is the ISO/IEC alpha2 country code for which we are operating |
---|
686 | * in |
---|
687 | */ |
---|
688 | char country[2]; |
---|
689 | |
---|
690 | /** |
---|
691 | * wps_cred_processing - Credential processing |
---|
692 | * |
---|
693 | * 0 = process received credentials internally |
---|
694 | * 1 = do not process received credentials; just pass them over |
---|
695 | * ctrl_iface to external program(s) |
---|
696 | * 2 = process received credentials internally and pass them over |
---|
697 | * ctrl_iface to external program(s) |
---|
698 | */ |
---|
699 | int wps_cred_processing; |
---|
700 | |
---|
701 | #define MAX_SEC_DEVICE_TYPES 5 |
---|
702 | /** |
---|
703 | * sec_device_types - Secondary Device Types (P2P) |
---|
704 | */ |
---|
705 | u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN]; |
---|
706 | int num_sec_device_types; |
---|
707 | |
---|
708 | int p2p_listen_reg_class; |
---|
709 | int p2p_listen_channel; |
---|
710 | int p2p_oper_reg_class; |
---|
711 | int p2p_oper_channel; |
---|
712 | int p2p_go_intent; |
---|
713 | char *p2p_ssid_postfix; |
---|
714 | int persistent_reconnect; |
---|
715 | int p2p_intra_bss; |
---|
716 | unsigned int num_p2p_pref_chan; |
---|
717 | struct p2p_channel *p2p_pref_chan; |
---|
718 | struct wpa_freq_range_list p2p_no_go_freq; |
---|
719 | int p2p_add_cli_chan; |
---|
720 | int p2p_ignore_shared_freq; |
---|
721 | int p2p_optimize_listen_chan; |
---|
722 | |
---|
723 | struct wpabuf *wps_vendor_ext_m1; |
---|
724 | |
---|
725 | #define MAX_WPS_VENDOR_EXT 10 |
---|
726 | /** |
---|
727 | * wps_vendor_ext - Vendor extension attributes in WPS |
---|
728 | */ |
---|
729 | struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT]; |
---|
730 | |
---|
731 | /** |
---|
732 | * p2p_group_idle - Maximum idle time in seconds for P2P group |
---|
733 | * |
---|
734 | * This value controls how long a P2P group is maintained after there |
---|
735 | * is no other members in the group. As a GO, this means no associated |
---|
736 | * stations in the group. As a P2P client, this means no GO seen in |
---|
737 | * scan results. The maximum idle time is specified in seconds with 0 |
---|
738 | * indicating no time limit, i.e., the P2P group remains in active |
---|
739 | * state indefinitely until explicitly removed. As a P2P client, the |
---|
740 | * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e., |
---|
741 | * this parameter is mainly meant for GO use and for P2P client, it can |
---|
742 | * only be used to reduce the default timeout to smaller value. A |
---|
743 | * special value -1 can be used to configure immediate removal of the |
---|
744 | * group for P2P client role on any disconnection after the data |
---|
745 | * connection has been established. |
---|
746 | */ |
---|
747 | int p2p_group_idle; |
---|
748 | |
---|
749 | /** |
---|
750 | * p2p_go_freq_change_policy - The GO frequency change policy |
---|
751 | * |
---|
752 | * This controls the behavior of the GO when there is a change in the |
---|
753 | * map of the currently used frequencies in case more than one channel |
---|
754 | * is supported. |
---|
755 | * |
---|
756 | * @P2P_GO_FREQ_MOVE_SCM: Prefer working in a single channel mode if |
---|
757 | * possible. In case the GO is the only interface using its frequency |
---|
758 | * and there are other station interfaces on other frequencies, the GO |
---|
759 | * will migrate to one of these frequencies. |
---|
760 | * |
---|
761 | * @P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS: Same as P2P_GO_FREQ_MOVE_SCM, |
---|
762 | * but a transition is possible only in case one of the other used |
---|
763 | * frequencies is one of the frequencies in the intersection of the |
---|
764 | * frequency list of the local device and the peer device. |
---|
765 | * |
---|
766 | * @P2P_GO_FREQ_MOVE_STAY: Prefer to stay on the current frequency. |
---|
767 | */ |
---|
768 | enum { |
---|
769 | P2P_GO_FREQ_MOVE_SCM = 0, |
---|
770 | P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS = 1, |
---|
771 | P2P_GO_FREQ_MOVE_STAY = 2, |
---|
772 | P2P_GO_FREQ_MOVE_MAX = P2P_GO_FREQ_MOVE_STAY, |
---|
773 | } p2p_go_freq_change_policy; |
---|
774 | |
---|
775 | #define DEFAULT_P2P_GO_FREQ_MOVE P2P_GO_FREQ_MOVE_STAY |
---|
776 | |
---|
777 | /** |
---|
778 | * p2p_passphrase_len - Passphrase length (8..63) for P2P GO |
---|
779 | * |
---|
780 | * This parameter controls the length of the random passphrase that is |
---|
781 | * generated at the GO. |
---|
782 | */ |
---|
783 | unsigned int p2p_passphrase_len; |
---|
784 | |
---|
785 | /** |
---|
786 | * bss_max_count - Maximum number of BSS entries to keep in memory |
---|
787 | */ |
---|
788 | unsigned int bss_max_count; |
---|
789 | |
---|
790 | /** |
---|
791 | * bss_expiration_age - BSS entry age after which it can be expired |
---|
792 | * |
---|
793 | * This value controls the time in seconds after which a BSS entry |
---|
794 | * gets removed if it has not been updated or is not in use. |
---|
795 | */ |
---|
796 | unsigned int bss_expiration_age; |
---|
797 | |
---|
798 | /** |
---|
799 | * bss_expiration_scan_count - Expire BSS after number of scans |
---|
800 | * |
---|
801 | * If the BSS entry has not been seen in this many scans, it will be |
---|
802 | * removed. A value of 1 means that entry is removed after the first |
---|
803 | * scan in which the BSSID is not seen. Larger values can be used |
---|
804 | * to avoid BSS entries disappearing if they are not visible in |
---|
805 | * every scan (e.g., low signal quality or interference). |
---|
806 | */ |
---|
807 | unsigned int bss_expiration_scan_count; |
---|
808 | |
---|
809 | /** |
---|
810 | * filter_ssids - SSID-based scan result filtering |
---|
811 | * |
---|
812 | * 0 = do not filter scan results |
---|
813 | * 1 = only include configured SSIDs in scan results/BSS table |
---|
814 | */ |
---|
815 | int filter_ssids; |
---|
816 | |
---|
817 | /** |
---|
818 | * filter_rssi - RSSI-based scan result filtering |
---|
819 | * |
---|
820 | * 0 = do not filter scan results |
---|
821 | * -n = filter scan results below -n dBm |
---|
822 | */ |
---|
823 | int filter_rssi; |
---|
824 | |
---|
825 | /** |
---|
826 | * max_num_sta - Maximum number of STAs in an AP/P2P GO |
---|
827 | */ |
---|
828 | unsigned int max_num_sta; |
---|
829 | |
---|
830 | /** |
---|
831 | * freq_list - Array of allowed scan frequencies or %NULL for all |
---|
832 | * |
---|
833 | * This is an optional zero-terminated array of frequencies in |
---|
834 | * megahertz (MHz) to allow for narrowing scanning range. |
---|
835 | */ |
---|
836 | int *freq_list; |
---|
837 | |
---|
838 | /** |
---|
839 | * scan_cur_freq - Whether to scan only the current channel |
---|
840 | * |
---|
841 | * If true, attempt to scan only the current channel if any other |
---|
842 | * VIFs on this radio are already associated on a particular channel. |
---|
843 | */ |
---|
844 | int scan_cur_freq; |
---|
845 | |
---|
846 | /** |
---|
847 | * changed_parameters - Bitmap of changed parameters since last update |
---|
848 | */ |
---|
849 | unsigned int changed_parameters; |
---|
850 | |
---|
851 | /** |
---|
852 | * disassoc_low_ack - Disassocicate stations with massive packet loss |
---|
853 | */ |
---|
854 | int disassoc_low_ack; |
---|
855 | |
---|
856 | /** |
---|
857 | * interworking - Whether Interworking (IEEE 802.11u) is enabled |
---|
858 | */ |
---|
859 | int interworking; |
---|
860 | |
---|
861 | /** |
---|
862 | * access_network_type - Access Network Type |
---|
863 | * |
---|
864 | * When Interworking is enabled, scans will be limited to APs that |
---|
865 | * advertise the specified Access Network Type (0..15; with 15 |
---|
866 | * indicating wildcard match). |
---|
867 | */ |
---|
868 | int access_network_type; |
---|
869 | |
---|
870 | /** |
---|
871 | * hessid - Homogenous ESS identifier |
---|
872 | * |
---|
873 | * If this is set (any octet is non-zero), scans will be used to |
---|
874 | * request response only from BSSes belonging to the specified |
---|
875 | * Homogeneous ESS. This is used only if interworking is enabled. |
---|
876 | */ |
---|
877 | u8 hessid[ETH_ALEN]; |
---|
878 | |
---|
879 | /** |
---|
880 | * hs20 - Hotspot 2.0 |
---|
881 | */ |
---|
882 | int hs20; |
---|
883 | |
---|
884 | /** |
---|
885 | * pbc_in_m1 - AP mode WPS probing workaround for PBC with Windows 7 |
---|
886 | * |
---|
887 | * Windows 7 uses incorrect way of figuring out AP's WPS capabilities |
---|
888 | * by acting as a Registrar and using M1 from the AP. The config |
---|
889 | * methods attribute in that message is supposed to indicate only the |
---|
890 | * configuration method supported by the AP in Enrollee role, i.e., to |
---|
891 | * add an external Registrar. For that case, PBC shall not be used and |
---|
892 | * as such, the PushButton config method is removed from M1 by default. |
---|
893 | * If pbc_in_m1=1 is included in the configuration file, the PushButton |
---|
894 | * config method is left in M1 (if included in config_methods |
---|
895 | * parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from |
---|
896 | * a label in the AP). |
---|
897 | */ |
---|
898 | int pbc_in_m1; |
---|
899 | |
---|
900 | /** |
---|
901 | * autoscan - Automatic scan parameters or %NULL if none |
---|
902 | * |
---|
903 | * This is an optional set of parameters for automatic scanning |
---|
904 | * within an interface in following format: |
---|
905 | * <autoscan module name>:<module parameters> |
---|
906 | */ |
---|
907 | char *autoscan; |
---|
908 | |
---|
909 | /** |
---|
910 | * wps_nfc_pw_from_config - NFC Device Password was read from config |
---|
911 | * |
---|
912 | * This parameter can be determined whether the NFC Device Password was |
---|
913 | * included in the configuration (1) or generated dynamically (0). Only |
---|
914 | * the former case is re-written back to the configuration file. |
---|
915 | */ |
---|
916 | int wps_nfc_pw_from_config; |
---|
917 | |
---|
918 | /** |
---|
919 | * wps_nfc_dev_pw_id - NFC Device Password ID for password token |
---|
920 | */ |
---|
921 | int wps_nfc_dev_pw_id; |
---|
922 | |
---|
923 | /** |
---|
924 | * wps_nfc_dh_pubkey - NFC DH Public Key for password token |
---|
925 | */ |
---|
926 | struct wpabuf *wps_nfc_dh_pubkey; |
---|
927 | |
---|
928 | /** |
---|
929 | * wps_nfc_dh_privkey - NFC DH Private Key for password token |
---|
930 | */ |
---|
931 | struct wpabuf *wps_nfc_dh_privkey; |
---|
932 | |
---|
933 | /** |
---|
934 | * wps_nfc_dev_pw - NFC Device Password for password token |
---|
935 | */ |
---|
936 | struct wpabuf *wps_nfc_dev_pw; |
---|
937 | |
---|
938 | /** |
---|
939 | * ext_password_backend - External password backend or %NULL if none |
---|
940 | * |
---|
941 | * format: <backend name>[:<optional backend parameters>] |
---|
942 | */ |
---|
943 | char *ext_password_backend; |
---|
944 | |
---|
945 | /* |
---|
946 | * p2p_go_max_inactivity - Timeout in seconds to detect STA inactivity |
---|
947 | * |
---|
948 | * This timeout value is used in P2P GO mode to clean up |
---|
949 | * inactive stations. |
---|
950 | * By default: 300 seconds. |
---|
951 | */ |
---|
952 | int p2p_go_max_inactivity; |
---|
953 | |
---|
954 | struct hostapd_wmm_ac_params wmm_ac_params[4]; |
---|
955 | |
---|
956 | /** |
---|
957 | * auto_interworking - Whether to use network selection automatically |
---|
958 | * |
---|
959 | * 0 = do not automatically go through Interworking network selection |
---|
960 | * (i.e., require explicit interworking_select command for this) |
---|
961 | * 1 = perform Interworking network selection if one or more |
---|
962 | * credentials have been configured and scan did not find a |
---|
963 | * matching network block |
---|
964 | */ |
---|
965 | int auto_interworking; |
---|
966 | |
---|
967 | /** |
---|
968 | * p2p_go_ht40 - Default mode for HT40 enable when operating as GO. |
---|
969 | * |
---|
970 | * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. |
---|
971 | * Note that regulatory constraints and driver capabilities are |
---|
972 | * consulted anyway, so setting it to 1 can't do real harm. |
---|
973 | * By default: 0 (disabled) |
---|
974 | */ |
---|
975 | int p2p_go_ht40; |
---|
976 | |
---|
977 | /** |
---|
978 | * p2p_go_vht - Default mode for VHT enable when operating as GO |
---|
979 | * |
---|
980 | * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. |
---|
981 | * Note that regulatory constraints and driver capabilities are |
---|
982 | * consulted anyway, so setting it to 1 can't do real harm. |
---|
983 | * By default: 0 (disabled) |
---|
984 | */ |
---|
985 | int p2p_go_vht; |
---|
986 | |
---|
987 | /** |
---|
988 | * p2p_go_ctwindow - CTWindow to use when operating as GO |
---|
989 | * |
---|
990 | * By default: 0 (no CTWindow). Values 0-127 can be used to indicate |
---|
991 | * the length of the CTWindow in TUs. |
---|
992 | */ |
---|
993 | int p2p_go_ctwindow; |
---|
994 | |
---|
995 | /** |
---|
996 | * p2p_disabled - Whether P2P operations are disabled for this interface |
---|
997 | */ |
---|
998 | int p2p_disabled; |
---|
999 | |
---|
1000 | /** |
---|
1001 | * p2p_no_group_iface - Whether group interfaces can be used |
---|
1002 | * |
---|
1003 | * By default, wpa_supplicant will create a separate interface for P2P |
---|
1004 | * group operations if the driver supports this. This functionality can |
---|
1005 | * be disabled by setting this parameter to 1. In that case, the same |
---|
1006 | * interface that was used for the P2P management operations is used |
---|
1007 | * also for the group operation. |
---|
1008 | */ |
---|
1009 | int p2p_no_group_iface; |
---|
1010 | |
---|
1011 | /** |
---|
1012 | * p2p_cli_probe - Enable/disable P2P CLI probe request handling |
---|
1013 | * |
---|
1014 | * If this parameter is set to 1, a connected P2P Client will receive |
---|
1015 | * and handle Probe Request frames. Setting this parameter to 0 |
---|
1016 | * disables this option. Default value: 0. |
---|
1017 | * |
---|
1018 | * Note: Setting this property at run time takes effect on the following |
---|
1019 | * interface state transition to/from the WPA_COMPLETED state. |
---|
1020 | */ |
---|
1021 | int p2p_cli_probe; |
---|
1022 | |
---|
1023 | /** |
---|
1024 | * okc - Whether to enable opportunistic key caching by default |
---|
1025 | * |
---|
1026 | * By default, OKC is disabled unless enabled by the per-network |
---|
1027 | * proactive_key_caching=1 parameter. okc=1 can be used to change this |
---|
1028 | * default behavior. |
---|
1029 | */ |
---|
1030 | int okc; |
---|
1031 | |
---|
1032 | /** |
---|
1033 | * pmf - Whether to enable/require PMF by default |
---|
1034 | * |
---|
1035 | * By default, PMF is disabled unless enabled by the per-network |
---|
1036 | * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change |
---|
1037 | * this default behavior. |
---|
1038 | */ |
---|
1039 | enum mfp_options pmf; |
---|
1040 | |
---|
1041 | /** |
---|
1042 | * sae_groups - Preference list of enabled groups for SAE |
---|
1043 | * |
---|
1044 | * By default (if this parameter is not set), the mandatory group 19 |
---|
1045 | * (ECC group defined over a 256-bit prime order field) is preferred, |
---|
1046 | * but other groups are also enabled. If this parameter is set, the |
---|
1047 | * groups will be tried in the indicated order. |
---|
1048 | */ |
---|
1049 | int *sae_groups; |
---|
1050 | |
---|
1051 | /** |
---|
1052 | * dtim_period - Default DTIM period in Beacon intervals |
---|
1053 | * |
---|
1054 | * This parameter can be used to set the default value for network |
---|
1055 | * blocks that do not specify dtim_period. |
---|
1056 | */ |
---|
1057 | int dtim_period; |
---|
1058 | |
---|
1059 | /** |
---|
1060 | * beacon_int - Default Beacon interval in TU |
---|
1061 | * |
---|
1062 | * This parameter can be used to set the default value for network |
---|
1063 | * blocks that do not specify beacon_int. |
---|
1064 | */ |
---|
1065 | int beacon_int; |
---|
1066 | |
---|
1067 | /** |
---|
1068 | * ap_vendor_elements: Vendor specific elements for Beacon/ProbeResp |
---|
1069 | * |
---|
1070 | * This parameter can be used to define additional vendor specific |
---|
1071 | * elements for Beacon and Probe Response frames in AP/P2P GO mode. The |
---|
1072 | * format for these element(s) is a hexdump of the raw information |
---|
1073 | * elements (id+len+payload for one or more elements). |
---|
1074 | */ |
---|
1075 | struct wpabuf *ap_vendor_elements; |
---|
1076 | |
---|
1077 | /** |
---|
1078 | * ignore_old_scan_res - Ignore scan results older than request |
---|
1079 | * |
---|
1080 | * The driver may have a cache of scan results that makes it return |
---|
1081 | * information that is older than our scan trigger. This parameter can |
---|
1082 | * be used to configure such old information to be ignored instead of |
---|
1083 | * allowing it to update the internal BSS table. |
---|
1084 | */ |
---|
1085 | int ignore_old_scan_res; |
---|
1086 | |
---|
1087 | /** |
---|
1088 | * sched_scan_interval - schedule scan interval |
---|
1089 | */ |
---|
1090 | unsigned int sched_scan_interval; |
---|
1091 | |
---|
1092 | /** |
---|
1093 | * tdls_external_control - External control for TDLS setup requests |
---|
1094 | * |
---|
1095 | * Enable TDLS mode where external programs are given the control |
---|
1096 | * to specify the TDLS link to get established to the driver. The |
---|
1097 | * driver requests the TDLS setup to the supplicant only for the |
---|
1098 | * specified TDLS peers. |
---|
1099 | */ |
---|
1100 | int tdls_external_control; |
---|
1101 | |
---|
1102 | u8 ip_addr_go[4]; |
---|
1103 | u8 ip_addr_mask[4]; |
---|
1104 | u8 ip_addr_start[4]; |
---|
1105 | u8 ip_addr_end[4]; |
---|
1106 | |
---|
1107 | /** |
---|
1108 | * osu_dir - OSU provider information directory |
---|
1109 | * |
---|
1110 | * If set, allow FETCH_OSU control interface command to be used to fetch |
---|
1111 | * OSU provider information into all APs and store the results in this |
---|
1112 | * directory. |
---|
1113 | */ |
---|
1114 | char *osu_dir; |
---|
1115 | |
---|
1116 | /** |
---|
1117 | * wowlan_triggers - Wake-on-WLAN triggers |
---|
1118 | * |
---|
1119 | * If set, these wowlan triggers will be configured. |
---|
1120 | */ |
---|
1121 | char *wowlan_triggers; |
---|
1122 | |
---|
1123 | /** |
---|
1124 | * p2p_search_delay - Extra delay between concurrent search iterations |
---|
1125 | * |
---|
1126 | * Add extra delay (in milliseconds) between search iterations when |
---|
1127 | * there is a concurrent operation to make p2p_find friendlier to |
---|
1128 | * concurrent operations by avoiding it from taking 100% of radio |
---|
1129 | * resources. |
---|
1130 | */ |
---|
1131 | unsigned int p2p_search_delay; |
---|
1132 | |
---|
1133 | /** |
---|
1134 | * mac_addr - MAC address policy default |
---|
1135 | * |
---|
1136 | * 0 = use permanent MAC address |
---|
1137 | * 1 = use random MAC address for each ESS connection |
---|
1138 | * 2 = like 1, but maintain OUI (with local admin bit set) |
---|
1139 | * |
---|
1140 | * By default, permanent MAC address is used unless policy is changed by |
---|
1141 | * the per-network mac_addr parameter. Global mac_addr=1 can be used to |
---|
1142 | * change this default behavior. |
---|
1143 | */ |
---|
1144 | int mac_addr; |
---|
1145 | |
---|
1146 | /** |
---|
1147 | * rand_addr_lifetime - Lifetime of random MAC address in seconds |
---|
1148 | */ |
---|
1149 | unsigned int rand_addr_lifetime; |
---|
1150 | |
---|
1151 | /** |
---|
1152 | * preassoc_mac_addr - Pre-association MAC address policy |
---|
1153 | * |
---|
1154 | * 0 = use permanent MAC address |
---|
1155 | * 1 = use random MAC address |
---|
1156 | * 2 = like 1, but maintain OUI (with local admin bit set) |
---|
1157 | */ |
---|
1158 | int preassoc_mac_addr; |
---|
1159 | |
---|
1160 | /** |
---|
1161 | * key_mgmt_offload - Use key management offload |
---|
1162 | * |
---|
1163 | * Key management offload should be used if the device supports it. |
---|
1164 | * Key management offload is the capability of a device operating as |
---|
1165 | * a station to do the exchange necessary to establish temporal keys |
---|
1166 | * during initial RSN connection, after roaming, or during a PTK |
---|
1167 | * rekeying operation. |
---|
1168 | */ |
---|
1169 | int key_mgmt_offload; |
---|
1170 | |
---|
1171 | /** |
---|
1172 | * user_mpm - MPM residency |
---|
1173 | * |
---|
1174 | * 0: MPM lives in driver. |
---|
1175 | * 1: wpa_supplicant handles peering and station allocation. |
---|
1176 | * |
---|
1177 | * If AMPE or SAE is enabled, the MPM is always in userspace. |
---|
1178 | */ |
---|
1179 | int user_mpm; |
---|
1180 | |
---|
1181 | /** |
---|
1182 | * max_peer_links - Maximum number of peer links |
---|
1183 | * |
---|
1184 | * Maximum number of mesh peering currently maintained by the STA. |
---|
1185 | */ |
---|
1186 | int max_peer_links; |
---|
1187 | |
---|
1188 | /** |
---|
1189 | * cert_in_cb - Whether to include a peer certificate dump in events |
---|
1190 | * |
---|
1191 | * This controls whether peer certificates for authentication server and |
---|
1192 | * its certificate chain are included in EAP peer certificate events. |
---|
1193 | */ |
---|
1194 | int cert_in_cb; |
---|
1195 | |
---|
1196 | /** |
---|
1197 | * mesh_max_inactivity - Timeout in seconds to detect STA inactivity |
---|
1198 | * |
---|
1199 | * This timeout value is used in mesh STA to clean up inactive stations. |
---|
1200 | * By default: 300 seconds. |
---|
1201 | */ |
---|
1202 | int mesh_max_inactivity; |
---|
1203 | |
---|
1204 | /** |
---|
1205 | * dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame |
---|
1206 | * |
---|
1207 | * This timeout value is used in mesh STA to retransmit |
---|
1208 | * SAE Authentication frame. |
---|
1209 | * By default: 1000 milliseconds. |
---|
1210 | */ |
---|
1211 | int dot11RSNASAERetransPeriod; |
---|
1212 | |
---|
1213 | /** |
---|
1214 | * passive_scan - Whether to force passive scan for network connection |
---|
1215 | * |
---|
1216 | * This parameter can be used to force only passive scanning to be used |
---|
1217 | * for network connection cases. It should be noted that this will slow |
---|
1218 | * down scan operations and reduce likelihood of finding the AP. In |
---|
1219 | * addition, some use cases will override this due to functional |
---|
1220 | * requirements, e.g., for finding an AP that uses hidden SSID |
---|
1221 | * (scan_ssid=1) or P2P device discovery. |
---|
1222 | */ |
---|
1223 | int passive_scan; |
---|
1224 | |
---|
1225 | /** |
---|
1226 | * reassoc_same_bss_optim - Whether to optimize reassoc-to-same-BSS |
---|
1227 | */ |
---|
1228 | int reassoc_same_bss_optim; |
---|
1229 | |
---|
1230 | /** |
---|
1231 | * wps_priority - Priority for the networks added through WPS |
---|
1232 | * |
---|
1233 | * This priority value will be set to each network profile that is added |
---|
1234 | * by executing the WPS protocol. |
---|
1235 | */ |
---|
1236 | int wps_priority; |
---|
1237 | |
---|
1238 | /** |
---|
1239 | * fst_group_id - FST group ID |
---|
1240 | */ |
---|
1241 | char *fst_group_id; |
---|
1242 | |
---|
1243 | /** |
---|
1244 | * fst_priority - priority of the interface within the FST group |
---|
1245 | */ |
---|
1246 | int fst_priority; |
---|
1247 | |
---|
1248 | /** |
---|
1249 | * fst_llt - default FST LLT (Link-Lost Timeout) to be used for the |
---|
1250 | * interface. |
---|
1251 | */ |
---|
1252 | int fst_llt; |
---|
1253 | }; |
---|
1254 | |
---|
1255 | |
---|
1256 | /* Prototypes for common functions from config.c */ |
---|
1257 | |
---|
1258 | void wpa_config_free(struct wpa_config *ssid); |
---|
1259 | void wpa_config_free_ssid(struct wpa_ssid *ssid); |
---|
1260 | void wpa_config_foreach_network(struct wpa_config *config, |
---|
1261 | void (*func)(void *, struct wpa_ssid *), |
---|
1262 | void *arg); |
---|
1263 | struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); |
---|
1264 | struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); |
---|
1265 | int wpa_config_remove_network(struct wpa_config *config, int id); |
---|
1266 | void wpa_config_set_network_defaults(struct wpa_ssid *ssid); |
---|
1267 | int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, |
---|
1268 | int line); |
---|
1269 | int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var, |
---|
1270 | const char *value); |
---|
1271 | int wpa_config_dump_values(struct wpa_config *config, char *buf, |
---|
1272 | size_t buflen); |
---|
1273 | int wpa_config_get_value(const char *name, struct wpa_config *config, |
---|
1274 | char *buf, size_t buflen); |
---|
1275 | |
---|
1276 | char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys); |
---|
1277 | char * wpa_config_get(struct wpa_ssid *ssid, const char *var); |
---|
1278 | char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var); |
---|
1279 | void wpa_config_update_psk(struct wpa_ssid *ssid); |
---|
1280 | int wpa_config_add_prio_network(struct wpa_config *config, |
---|
1281 | struct wpa_ssid *ssid); |
---|
1282 | int wpa_config_update_prio_list(struct wpa_config *config); |
---|
1283 | const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config, |
---|
1284 | const char *name); |
---|
1285 | void wpa_config_set_blob(struct wpa_config *config, |
---|
1286 | struct wpa_config_blob *blob); |
---|
1287 | void wpa_config_free_blob(struct wpa_config_blob *blob); |
---|
1288 | int wpa_config_remove_blob(struct wpa_config *config, const char *name); |
---|
1289 | void wpa_config_flush_blobs(struct wpa_config *config); |
---|
1290 | |
---|
1291 | struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id); |
---|
1292 | struct wpa_cred * wpa_config_add_cred(struct wpa_config *config); |
---|
1293 | int wpa_config_remove_cred(struct wpa_config *config, int id); |
---|
1294 | void wpa_config_free_cred(struct wpa_cred *cred); |
---|
1295 | int wpa_config_set_cred(struct wpa_cred *cred, const char *var, |
---|
1296 | const char *value, int line); |
---|
1297 | char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var); |
---|
1298 | |
---|
1299 | struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, |
---|
1300 | const char *driver_param); |
---|
1301 | #ifndef CONFIG_NO_STDOUT_DEBUG |
---|
1302 | void wpa_config_debug_dump_networks(struct wpa_config *config); |
---|
1303 | #else /* CONFIG_NO_STDOUT_DEBUG */ |
---|
1304 | #define wpa_config_debug_dump_networks(c) do { } while (0) |
---|
1305 | #endif /* CONFIG_NO_STDOUT_DEBUG */ |
---|
1306 | |
---|
1307 | |
---|
1308 | /* Prototypes for common functions from config.c */ |
---|
1309 | int wpa_config_process_global(struct wpa_config *config, char *pos, int line); |
---|
1310 | |
---|
1311 | |
---|
1312 | /* Prototypes for backend specific functions from the selected config_*.c */ |
---|
1313 | |
---|
1314 | /** |
---|
1315 | * wpa_config_read - Read and parse configuration database |
---|
1316 | * @name: Name of the configuration (e.g., path and file name for the |
---|
1317 | * configuration file) |
---|
1318 | * @cfgp: Pointer to previously allocated configuration data or %NULL if none |
---|
1319 | * Returns: Pointer to allocated configuration data or %NULL on failure |
---|
1320 | * |
---|
1321 | * This function reads configuration data, parses its contents, and allocates |
---|
1322 | * data structures needed for storing configuration information. The allocated |
---|
1323 | * data can be freed with wpa_config_free(). |
---|
1324 | * |
---|
1325 | * Each configuration backend needs to implement this function. |
---|
1326 | */ |
---|
1327 | struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp); |
---|
1328 | |
---|
1329 | /** |
---|
1330 | * wpa_config_write - Write or update configuration data |
---|
1331 | * @name: Name of the configuration (e.g., path and file name for the |
---|
1332 | * configuration file) |
---|
1333 | * @config: Configuration data from wpa_config_read() |
---|
1334 | * Returns: 0 on success, -1 on failure |
---|
1335 | * |
---|
1336 | * This function write all configuration data into an external database (e.g., |
---|
1337 | * a text file) in a format that can be read with wpa_config_read(). This can |
---|
1338 | * be used to allow wpa_supplicant to update its configuration, e.g., when a |
---|
1339 | * new network is added or a password is changed. |
---|
1340 | * |
---|
1341 | * Each configuration backend needs to implement this function. |
---|
1342 | */ |
---|
1343 | int wpa_config_write(const char *name, struct wpa_config *config); |
---|
1344 | |
---|
1345 | #endif /* CONFIG_H */ |
---|