1 /* 2 * hostapd / Configuration definitions and helpers functions 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef HOSTAPD_CONFIG_H 10 #define HOSTAPD_CONFIG_H 11 12 #include "common/defs.h" 13 #include "utils/list.h" 14 #include "ip_addr.h" 15 #include "common/wpa_common.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/ieee802_11_common.h" 18 #include "crypto/sha256.h" 19 #include "wps/wps.h" 20 #include "fst/fst.h" 21 #include "vlan.h" 22 23 /** 24 * mesh_conf - local MBSS state and settings 25 */ 26 struct mesh_conf { 27 u8 meshid[32]; 28 u8 meshid_len; 29 /* Active Path Selection Protocol Identifier */ 30 u8 mesh_pp_id; 31 /* Active Path Selection Metric Identifier */ 32 u8 mesh_pm_id; 33 /* Congestion Control Mode Identifier */ 34 u8 mesh_cc_id; 35 /* Synchronization Protocol Identifier */ 36 u8 mesh_sp_id; 37 /* Authentication Protocol Identifier */ 38 u8 mesh_auth_id; 39 u8 *rsn_ie; 40 int rsn_ie_len; 41 #define MESH_CONF_SEC_NONE BIT(0) 42 #define MESH_CONF_SEC_AUTH BIT(1) 43 #define MESH_CONF_SEC_AMPE BIT(2) 44 unsigned int security; 45 enum mfp_options ieee80211w; 46 int ocv; 47 unsigned int pairwise_cipher; 48 unsigned int group_cipher; 49 unsigned int mgmt_group_cipher; 50 int dot11MeshMaxRetries; 51 int dot11MeshRetryTimeout; /* msec */ 52 int dot11MeshConfirmTimeout; /* msec */ 53 int dot11MeshHoldingTimeout; /* msec */ 54 }; 55 56 #define MAX_STA_COUNT 2007 57 #define MAX_VLAN_ID 4094 58 59 typedef u8 macaddr[ETH_ALEN]; 60 61 struct mac_acl_entry { 62 macaddr addr; 63 struct vlan_description vlan_id; 64 }; 65 66 struct hostapd_radius_servers; 67 struct ft_remote_r0kh; 68 struct ft_remote_r1kh; 69 70 #ifdef CONFIG_WEP 71 #define NUM_WEP_KEYS 4 72 struct hostapd_wep_keys { 73 u8 idx; 74 u8 *key[NUM_WEP_KEYS]; 75 size_t len[NUM_WEP_KEYS]; 76 int keys_set; 77 size_t default_len; /* key length used for dynamic key generation */ 78 }; 79 #endif /* CONFIG_WEP */ 80 81 typedef enum hostap_security_policy { 82 SECURITY_PLAINTEXT = 0, 83 #ifdef CONFIG_WEP 84 SECURITY_STATIC_WEP = 1, 85 #endif /* CONFIG_WEP */ 86 SECURITY_IEEE_802_1X = 2, 87 SECURITY_WPA_PSK = 3, 88 SECURITY_WPA = 4, 89 SECURITY_OSEN = 5 90 } secpolicy; 91 92 struct hostapd_ssid { 93 u8 ssid[SSID_MAX_LEN]; 94 size_t ssid_len; 95 u32 short_ssid; 96 unsigned int ssid_set:1; 97 unsigned int utf8_ssid:1; 98 unsigned int wpa_passphrase_set:1; 99 unsigned int wpa_psk_set:1; 100 101 char vlan[IFNAMSIZ + 1]; 102 secpolicy security_policy; 103 104 struct hostapd_wpa_psk *wpa_psk; 105 char *wpa_passphrase; 106 char *wpa_psk_file; 107 struct sae_pt *pt; 108 109 #ifdef CONFIG_WEP 110 struct hostapd_wep_keys wep; 111 #endif /* CONFIG_WEP */ 112 113 #define DYNAMIC_VLAN_DISABLED 0 114 #define DYNAMIC_VLAN_OPTIONAL 1 115 #define DYNAMIC_VLAN_REQUIRED 2 116 int dynamic_vlan; 117 #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0 118 #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1 119 #define DYNAMIC_VLAN_NAMING_END 2 120 int vlan_naming; 121 int per_sta_vif; 122 #ifdef CONFIG_FULL_DYNAMIC_VLAN 123 char *vlan_tagged_interface; 124 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 125 }; 126 127 128 #define VLAN_ID_WILDCARD -1 129 130 struct hostapd_vlan { 131 struct hostapd_vlan *next; 132 int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ 133 struct vlan_description vlan_desc; 134 char ifname[IFNAMSIZ + 1]; 135 char bridge[IFNAMSIZ + 1]; 136 int configured; 137 int dynamic_vlan; 138 #ifdef CONFIG_FULL_DYNAMIC_VLAN 139 140 #define DVLAN_CLEAN_WLAN_PORT 0x8 141 int clean; 142 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 143 }; 144 145 #define PMK_LEN 32 146 #define KEYID_LEN 32 147 #define MIN_PASSPHRASE_LEN 8 148 #define MAX_PASSPHRASE_LEN 63 149 struct hostapd_sta_wpa_psk_short { 150 struct hostapd_sta_wpa_psk_short *next; 151 unsigned int is_passphrase:1; 152 u8 psk[PMK_LEN]; 153 char passphrase[MAX_PASSPHRASE_LEN + 1]; 154 int ref; /* (number of references held) - 1 */ 155 }; 156 157 struct hostapd_wpa_psk { 158 struct hostapd_wpa_psk *next; 159 int group; 160 char keyid[KEYID_LEN]; 161 int wps; 162 u8 psk[PMK_LEN]; 163 u8 addr[ETH_ALEN]; 164 u8 p2p_dev_addr[ETH_ALEN]; 165 int vlan_id; 166 }; 167 168 struct hostapd_eap_user { 169 struct hostapd_eap_user *next; 170 u8 *identity; 171 size_t identity_len; 172 struct { 173 int vendor; 174 u32 method; 175 } methods[EAP_MAX_METHODS]; 176 u8 *password; 177 size_t password_len; 178 u8 *salt; 179 size_t salt_len; /* non-zero when password is salted */ 180 int phase2; 181 int force_version; 182 unsigned int wildcard_prefix:1; 183 unsigned int password_hash:1; /* whether password is hashed with 184 * nt_password_hash() */ 185 unsigned int remediation:1; 186 unsigned int macacl:1; 187 int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */ 188 struct hostapd_radius_attr *accept_attr; 189 u32 t_c_timestamp; 190 }; 191 192 struct hostapd_radius_attr { 193 u8 type; 194 struct wpabuf *val; 195 struct hostapd_radius_attr *next; 196 }; 197 198 199 #define NUM_TX_QUEUES 4 200 #define MAX_ROAMING_CONSORTIUM_LEN 15 201 202 struct hostapd_roaming_consortium { 203 u8 len; 204 u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; 205 }; 206 207 struct hostapd_lang_string { 208 u8 lang[3]; 209 u8 name_len; 210 u8 name[252]; 211 }; 212 213 struct hostapd_venue_url { 214 u8 venue_number; 215 u8 url_len; 216 u8 url[254]; 217 }; 218 219 #define MAX_NAI_REALMS 10 220 #define MAX_NAI_REALMLEN 255 221 #define MAX_NAI_EAP_METHODS 5 222 #define MAX_NAI_AUTH_TYPES 4 223 struct hostapd_nai_realm_data { 224 u8 encoding; 225 char realm_buf[MAX_NAI_REALMLEN + 1]; 226 char *realm[MAX_NAI_REALMS]; 227 u8 eap_method_count; 228 struct hostapd_nai_realm_eap { 229 u8 eap_method; 230 u8 num_auths; 231 u8 auth_id[MAX_NAI_AUTH_TYPES]; 232 u8 auth_val[MAX_NAI_AUTH_TYPES]; 233 } eap_method[MAX_NAI_EAP_METHODS]; 234 }; 235 236 struct anqp_element { 237 struct dl_list list; 238 u16 infoid; 239 struct wpabuf *payload; 240 }; 241 242 struct fils_realm { 243 struct dl_list list; 244 u8 hash[2]; 245 char realm[]; 246 }; 247 248 struct sae_password_entry { 249 struct sae_password_entry *next; 250 char *password; 251 char *identifier; 252 u8 peer_addr[ETH_ALEN]; 253 int vlan_id; 254 struct sae_pt *pt; 255 struct sae_pk *pk; 256 }; 257 258 struct dpp_controller_conf { 259 struct dpp_controller_conf *next; 260 u8 pkhash[SHA256_MAC_LEN]; 261 struct hostapd_ip_addr ipaddr; 262 }; 263 264 struct airtime_sta_weight { 265 struct airtime_sta_weight *next; 266 unsigned int weight; 267 u8 addr[ETH_ALEN]; 268 }; 269 270 #define EXT_CAPA_MAX_LEN 15 271 272 /** 273 * struct hostapd_bss_config - Per-BSS configuration 274 */ 275 struct hostapd_bss_config { 276 char iface[IFNAMSIZ + 1]; 277 char bridge[IFNAMSIZ + 1]; 278 char vlan_bridge[IFNAMSIZ + 1]; 279 char wds_bridge[IFNAMSIZ + 1]; 280 281 enum hostapd_logger_level logger_syslog_level, logger_stdout_level; 282 283 unsigned int logger_syslog; /* module bitfield */ 284 unsigned int logger_stdout; /* module bitfield */ 285 286 int max_num_sta; /* maximum number of STAs in station table */ 287 288 int dtim_period; 289 unsigned int bss_load_update_period; 290 unsigned int chan_util_avg_period; 291 292 int ieee802_1x; /* use IEEE 802.1X */ 293 int eapol_version; 294 int eap_server; /* Use internal EAP server instead of external 295 * RADIUS server */ 296 struct hostapd_eap_user *eap_user; 297 char *eap_user_sqlite; 298 char *eap_sim_db; 299 unsigned int eap_sim_db_timeout; 300 int eap_server_erp; /* Whether ERP is enabled on internal EAP server */ 301 struct hostapd_ip_addr own_ip_addr; 302 char *nas_identifier; 303 struct hostapd_radius_servers *radius; 304 int acct_interim_interval; 305 int radius_request_cui; 306 struct hostapd_radius_attr *radius_auth_req_attr; 307 struct hostapd_radius_attr *radius_acct_req_attr; 308 char *radius_req_attr_sqlite; 309 int radius_das_port; 310 unsigned int radius_das_time_window; 311 int radius_das_require_event_timestamp; 312 int radius_das_require_message_authenticator; 313 struct hostapd_ip_addr radius_das_client_addr; 314 u8 *radius_das_shared_secret; 315 size_t radius_das_shared_secret_len; 316 317 struct hostapd_ssid ssid; 318 319 char *eap_req_id_text; /* optional displayable message sent with 320 * EAP Request-Identity */ 321 size_t eap_req_id_text_len; 322 int eapol_key_index_workaround; 323 324 #ifdef CONFIG_WEP 325 size_t default_wep_key_len; 326 int individual_wep_key_len; 327 int wep_rekeying_period; 328 int broadcast_key_idx_min, broadcast_key_idx_max; 329 #endif /* CONFIG_WEP */ 330 int eap_reauth_period; 331 int erp_send_reauth_start; 332 char *erp_domain; 333 334 enum macaddr_acl { 335 ACCEPT_UNLESS_DENIED = 0, 336 DENY_UNLESS_ACCEPTED = 1, 337 USE_EXTERNAL_RADIUS_AUTH = 2 338 } macaddr_acl; 339 struct mac_acl_entry *accept_mac; 340 int num_accept_mac; 341 struct mac_acl_entry *deny_mac; 342 int num_deny_mac; 343 int wds_sta; 344 int isolate; 345 int start_disabled; 346 347 int auth_algs; /* bitfield of allowed IEEE 802.11 authentication 348 * algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */ 349 350 int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */ 351 int extended_key_id; 352 int wpa_key_mgmt; 353 enum mfp_options ieee80211w; 354 int group_mgmt_cipher; 355 int beacon_prot; 356 /* dot11AssociationSAQueryMaximumTimeout (in TUs) */ 357 unsigned int assoc_sa_query_max_timeout; 358 /* dot11AssociationSAQueryRetryTimeout (in TUs) */ 359 int assoc_sa_query_retry_timeout; 360 #ifdef CONFIG_OCV 361 int ocv; /* Operating Channel Validation */ 362 #endif /* CONFIG_OCV */ 363 enum { 364 PSK_RADIUS_IGNORED = 0, 365 PSK_RADIUS_ACCEPTED = 1, 366 PSK_RADIUS_REQUIRED = 2 367 } wpa_psk_radius; 368 int wpa_pairwise; 369 int group_cipher; /* wpa_group value override from configuation */ 370 int wpa_group; 371 int wpa_group_rekey; 372 int wpa_group_rekey_set; 373 int wpa_strict_rekey; 374 int wpa_gmk_rekey; 375 int wpa_ptk_rekey; 376 enum ptk0_rekey_handling wpa_deny_ptk0_rekey; 377 u32 wpa_group_update_count; 378 u32 wpa_pairwise_update_count; 379 int wpa_disable_eapol_key_retries; 380 int rsn_pairwise; 381 int rsn_preauth; 382 char *rsn_preauth_interfaces; 383 384 #ifdef CONFIG_IEEE80211R_AP 385 /* IEEE 802.11r - Fast BSS Transition */ 386 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 387 u8 r1_key_holder[FT_R1KH_ID_LEN]; 388 u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ 389 int rkh_pos_timeout; 390 int rkh_neg_timeout; 391 int rkh_pull_timeout; /* ms */ 392 int rkh_pull_retries; 393 u32 reassociation_deadline; 394 struct ft_remote_r0kh *r0kh_list; 395 struct ft_remote_r1kh *r1kh_list; 396 int pmk_r1_push; 397 int ft_over_ds; 398 int ft_psk_generate_local; 399 int r1_max_key_lifetime; 400 #endif /* CONFIG_IEEE80211R_AP */ 401 402 char *ctrl_interface; /* directory for UNIX domain sockets */ 403 #ifndef CONFIG_NATIVE_WINDOWS 404 gid_t ctrl_interface_gid; 405 #endif /* CONFIG_NATIVE_WINDOWS */ 406 int ctrl_interface_gid_set; 407 408 char *ca_cert; 409 char *server_cert; 410 char *server_cert2; 411 char *private_key; 412 char *private_key2; 413 char *private_key_passwd; 414 char *private_key_passwd2; 415 char *check_cert_subject; 416 int check_crl; 417 int check_crl_strict; 418 unsigned int crl_reload_interval; 419 unsigned int tls_session_lifetime; 420 unsigned int tls_flags; 421 unsigned int max_auth_rounds; 422 unsigned int max_auth_rounds_short; 423 char *ocsp_stapling_response; 424 char *ocsp_stapling_response_multi; 425 char *dh_file; 426 char *openssl_ciphers; 427 char *openssl_ecdh_curves; 428 u8 *pac_opaque_encr_key; 429 u8 *eap_fast_a_id; 430 size_t eap_fast_a_id_len; 431 char *eap_fast_a_id_info; 432 int eap_fast_prov; 433 int pac_key_lifetime; 434 int pac_key_refresh_time; 435 int eap_teap_auth; 436 int eap_teap_pac_no_inner; 437 int eap_teap_separate_result; 438 int eap_teap_id; 439 int eap_sim_aka_result_ind; 440 int eap_sim_id; 441 int tnc; 442 int fragment_size; 443 u16 pwd_group; 444 445 char *radius_server_clients; 446 int radius_server_auth_port; 447 int radius_server_acct_port; 448 int radius_server_ipv6; 449 450 int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group 451 * address instead of individual address 452 * (for driver_wired.c). 453 */ 454 455 int ap_max_inactivity; 456 int ignore_broadcast_ssid; 457 int no_probe_resp_if_max_sta; 458 459 int wmm_enabled; 460 int wmm_uapsd; 461 462 struct hostapd_vlan *vlan; 463 464 macaddr bssid; 465 466 /* 467 * Maximum listen interval that STAs can use when associating with this 468 * BSS. If a STA tries to use larger value, the association will be 469 * denied with status code 51. 470 */ 471 u16 max_listen_interval; 472 473 int disable_pmksa_caching; 474 int okc; /* Opportunistic Key Caching */ 475 476 int wps_state; 477 #ifdef CONFIG_WPS 478 int wps_independent; 479 int ap_setup_locked; 480 u8 uuid[16]; 481 char *wps_pin_requests; 482 char *device_name; 483 char *manufacturer; 484 char *model_name; 485 char *model_number; 486 char *serial_number; 487 u8 device_type[WPS_DEV_TYPE_LEN]; 488 char *config_methods; 489 u8 os_version[4]; 490 char *ap_pin; 491 int skip_cred_build; 492 u8 *extra_cred; 493 size_t extra_cred_len; 494 int wps_cred_processing; 495 int wps_cred_add_sae; 496 int force_per_enrollee_psk; 497 u8 *ap_settings; 498 size_t ap_settings_len; 499 struct hostapd_ssid multi_ap_backhaul_ssid; 500 char *upnp_iface; 501 char *friendly_name; 502 char *manufacturer_url; 503 char *model_description; 504 char *model_url; 505 char *upc; 506 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; 507 struct wpabuf *wps_application_ext; 508 int wps_nfc_pw_from_config; 509 int wps_nfc_dev_pw_id; 510 struct wpabuf *wps_nfc_dh_pubkey; 511 struct wpabuf *wps_nfc_dh_privkey; 512 struct wpabuf *wps_nfc_dev_pw; 513 #endif /* CONFIG_WPS */ 514 int pbc_in_m1; 515 char *server_id; 516 517 #define P2P_ENABLED BIT(0) 518 #define P2P_GROUP_OWNER BIT(1) 519 #define P2P_GROUP_FORMATION BIT(2) 520 #define P2P_MANAGE BIT(3) 521 #define P2P_ALLOW_CROSS_CONNECTION BIT(4) 522 int p2p; 523 #ifdef CONFIG_P2P 524 u8 ip_addr_go[4]; 525 u8 ip_addr_mask[4]; 526 u8 ip_addr_start[4]; 527 u8 ip_addr_end[4]; 528 #endif /* CONFIG_P2P */ 529 530 int disassoc_low_ack; 531 int skip_inactivity_poll; 532 533 #define TDLS_PROHIBIT BIT(0) 534 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1) 535 int tdls; 536 bool disable_11n; 537 bool disable_11ac; 538 bool disable_11ax; 539 540 /* IEEE 802.11v */ 541 int time_advertisement; 542 char *time_zone; 543 int wnm_sleep_mode; 544 int wnm_sleep_mode_no_keys; 545 int bss_transition; 546 547 /* IEEE 802.11u - Interworking */ 548 int interworking; 549 int access_network_type; 550 int internet; 551 int asra; 552 int esr; 553 int uesa; 554 int venue_info_set; 555 u8 venue_group; 556 u8 venue_type; 557 u8 hessid[ETH_ALEN]; 558 559 /* IEEE 802.11u - Roaming Consortium list */ 560 unsigned int roaming_consortium_count; 561 struct hostapd_roaming_consortium *roaming_consortium; 562 563 /* IEEE 802.11u - Venue Name duples */ 564 unsigned int venue_name_count; 565 struct hostapd_lang_string *venue_name; 566 567 /* Venue URL duples */ 568 unsigned int venue_url_count; 569 struct hostapd_venue_url *venue_url; 570 571 /* IEEE 802.11u - Network Authentication Type */ 572 u8 *network_auth_type; 573 size_t network_auth_type_len; 574 575 /* IEEE 802.11u - IP Address Type Availability */ 576 u8 ipaddr_type_availability; 577 u8 ipaddr_type_configured; 578 579 /* IEEE 802.11u - 3GPP Cellular Network */ 580 u8 *anqp_3gpp_cell_net; 581 size_t anqp_3gpp_cell_net_len; 582 583 /* IEEE 802.11u - Domain Name */ 584 u8 *domain_name; 585 size_t domain_name_len; 586 587 unsigned int nai_realm_count; 588 struct hostapd_nai_realm_data *nai_realm_data; 589 590 struct dl_list anqp_elem; /* list of struct anqp_element */ 591 592 u16 gas_comeback_delay; 593 size_t gas_frag_limit; 594 int gas_address3; 595 596 u8 qos_map_set[16 + 2 * 21]; 597 unsigned int qos_map_set_len; 598 599 int osen; 600 int proxy_arp; 601 int na_mcast_to_ucast; 602 603 #ifdef CONFIG_HS20 604 int hs20; 605 int hs20_release; 606 int disable_dgaf; 607 u16 anqp_domain_id; 608 unsigned int hs20_oper_friendly_name_count; 609 struct hostapd_lang_string *hs20_oper_friendly_name; 610 u8 *hs20_wan_metrics; 611 u8 *hs20_connection_capability; 612 size_t hs20_connection_capability_len; 613 u8 *hs20_operating_class; 614 u8 hs20_operating_class_len; 615 struct hs20_icon { 616 u16 width; 617 u16 height; 618 char language[3]; 619 char type[256]; 620 char name[256]; 621 char file[256]; 622 } *hs20_icons; 623 size_t hs20_icons_count; 624 u8 osu_ssid[SSID_MAX_LEN]; 625 size_t osu_ssid_len; 626 struct hs20_osu_provider { 627 unsigned int friendly_name_count; 628 struct hostapd_lang_string *friendly_name; 629 char *server_uri; 630 int *method_list; 631 char **icons; 632 size_t icons_count; 633 char *osu_nai; 634 char *osu_nai2; 635 unsigned int service_desc_count; 636 struct hostapd_lang_string *service_desc; 637 } *hs20_osu_providers, *last_osu; 638 size_t hs20_osu_providers_count; 639 size_t hs20_osu_providers_nai_count; 640 char **hs20_operator_icon; 641 size_t hs20_operator_icon_count; 642 unsigned int hs20_deauth_req_timeout; 643 char *subscr_remediation_url; 644 u8 subscr_remediation_method; 645 char *hs20_sim_provisioning_url; 646 char *t_c_filename; 647 u32 t_c_timestamp; 648 char *t_c_server_url; 649 #endif /* CONFIG_HS20 */ 650 651 u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */ 652 653 #ifdef CONFIG_RADIUS_TEST 654 char *dump_msk_file; 655 #endif /* CONFIG_RADIUS_TEST */ 656 657 struct wpabuf *vendor_elements; 658 struct wpabuf *assocresp_elements; 659 660 unsigned int anti_clogging_threshold; 661 unsigned int sae_sync; 662 int sae_require_mfp; 663 int sae_confirm_immediate; 664 int sae_pwe; 665 int *sae_groups; 666 struct sae_password_entry *sae_passwords; 667 668 char *wowlan_triggers; /* Wake-on-WLAN triggers */ 669 670 #ifdef CONFIG_TESTING_OPTIONS 671 u8 bss_load_test[5]; 672 u8 bss_load_test_set; 673 struct wpabuf *own_ie_override; 674 int sae_reflection_attack; 675 int sae_commit_status; 676 int sae_pk_omit; 677 int sae_pk_password_check_skip; 678 struct wpabuf *sae_commit_override; 679 struct wpabuf *rsne_override_eapol; 680 struct wpabuf *rsnxe_override_eapol; 681 struct wpabuf *rsne_override_ft; 682 struct wpabuf *rsnxe_override_ft; 683 struct wpabuf *gtk_rsc_override; 684 struct wpabuf *igtk_rsc_override; 685 int no_beacon_rsnxe; 686 int skip_prune_assoc; 687 int ft_rsnxe_used; 688 unsigned int oci_freq_override_eapol_m3; 689 unsigned int oci_freq_override_eapol_g1; 690 unsigned int oci_freq_override_saquery_req; 691 unsigned int oci_freq_override_saquery_resp; 692 unsigned int oci_freq_override_ft_assoc; 693 unsigned int oci_freq_override_fils_assoc; 694 unsigned int oci_freq_override_wnm_sleep; 695 #endif /* CONFIG_TESTING_OPTIONS */ 696 697 #define MESH_ENABLED BIT(0) 698 int mesh; 699 700 u8 radio_measurements[RRM_CAPABILITIES_IE_LEN]; 701 702 int vendor_vht; 703 int use_sta_nsts; 704 705 char *no_probe_resp_if_seen_on; 706 char *no_auth_if_seen_on; 707 708 int pbss; 709 710 #ifdef CONFIG_MBO 711 int mbo_enabled; 712 /** 713 * oce - Enable OCE in AP and/or STA-CFON mode 714 * - BIT(0) is Reserved 715 * - Set BIT(1) to enable OCE in STA-CFON mode 716 * - Set BIT(2) to enable OCE in AP mode 717 */ 718 unsigned int oce; 719 int mbo_cell_data_conn_pref; 720 #endif /* CONFIG_MBO */ 721 722 int ftm_responder; 723 int ftm_initiator; 724 725 #ifdef CONFIG_FILS 726 u8 fils_cache_id[FILS_CACHE_ID_LEN]; 727 int fils_cache_id_set; 728 struct dl_list fils_realms; /* list of struct fils_realm */ 729 int fils_dh_group; 730 struct hostapd_ip_addr dhcp_server; 731 int dhcp_rapid_commit_proxy; 732 unsigned int fils_hlp_wait_time; 733 u16 dhcp_server_port; 734 u16 dhcp_relay_port; 735 u32 fils_discovery_min_int; 736 u32 fils_discovery_max_int; 737 #endif /* CONFIG_FILS */ 738 739 int multicast_to_unicast; 740 741 int broadcast_deauth; 742 743 int notify_mgmt_frames; 744 745 #ifdef CONFIG_DPP 746 char *dpp_name; 747 char *dpp_mud_url; 748 char *dpp_connector; 749 struct wpabuf *dpp_netaccesskey; 750 unsigned int dpp_netaccesskey_expiry; 751 struct wpabuf *dpp_csign; 752 #ifdef CONFIG_DPP2 753 struct dpp_controller_conf *dpp_controller; 754 int dpp_configurator_connectivity; 755 int dpp_pfs; 756 #endif /* CONFIG_DPP2 */ 757 #endif /* CONFIG_DPP */ 758 759 #ifdef CONFIG_OWE 760 macaddr owe_transition_bssid; 761 u8 owe_transition_ssid[SSID_MAX_LEN]; 762 size_t owe_transition_ssid_len; 763 char owe_transition_ifname[IFNAMSIZ + 1]; 764 int *owe_groups; 765 int owe_ptk_workaround; 766 #endif /* CONFIG_OWE */ 767 768 int coloc_intf_reporting; 769 770 u8 send_probe_response; 771 772 u8 transition_disable; 773 774 #define BACKHAUL_BSS 1 775 #define FRONTHAUL_BSS 2 776 int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */ 777 778 #ifdef CONFIG_AIRTIME_POLICY 779 unsigned int airtime_weight; 780 int airtime_limit; 781 struct airtime_sta_weight *airtime_weight_list; 782 #endif /* CONFIG_AIRTIME_POLICY */ 783 784 #ifdef CONFIG_MACSEC 785 /** 786 * macsec_policy - Determines the policy for MACsec secure session 787 * 788 * 0: MACsec not in use (default) 789 * 1: MACsec enabled - Should secure, accept key server's advice to 790 * determine whether to use a secure session or not. 791 */ 792 int macsec_policy; 793 794 /** 795 * macsec_integ_only - Determines how MACsec are transmitted 796 * 797 * This setting applies only when MACsec is in use, i.e., 798 * - macsec_policy is enabled 799 * - the key server has decided to enable MACsec 800 * 801 * 0: Encrypt traffic (default) 802 * 1: Integrity only 803 */ 804 int macsec_integ_only; 805 806 /** 807 * macsec_replay_protect - Enable MACsec replay protection 808 * 809 * This setting applies only when MACsec is in use, i.e., 810 * - macsec_policy is enabled 811 * - the key server has decided to enable MACsec 812 * 813 * 0: Replay protection disabled (default) 814 * 1: Replay protection enabled 815 */ 816 int macsec_replay_protect; 817 818 /** 819 * macsec_replay_window - MACsec replay protection window 820 * 821 * A window in which replay is tolerated, to allow receipt of frames 822 * that have been misordered by the network. 823 * 824 * This setting applies only when MACsec replay protection active, i.e., 825 * - macsec_replay_protect is enabled 826 * - the key server has decided to enable MACsec 827 * 828 * 0: No replay window, strict check (default) 829 * 1..2^32-1: number of packets that could be misordered 830 */ 831 u32 macsec_replay_window; 832 833 /** 834 * macsec_port - MACsec port (in SCI) 835 * 836 * Port component of the SCI. 837 * 838 * Range: 1-65534 (default: 1) 839 */ 840 int macsec_port; 841 842 /** 843 * mka_priority - Priority of MKA Actor 844 * 845 * Range: 0-255 (default: 255) 846 */ 847 int mka_priority; 848 849 /** 850 * mka_ckn - MKA pre-shared CKN 851 */ 852 #define MACSEC_CKN_MAX_LEN 32 853 size_t mka_ckn_len; 854 u8 mka_ckn[MACSEC_CKN_MAX_LEN]; 855 856 /** 857 * mka_cak - MKA pre-shared CAK 858 */ 859 #define MACSEC_CAK_MAX_LEN 32 860 size_t mka_cak_len; 861 u8 mka_cak[MACSEC_CAK_MAX_LEN]; 862 863 #define MKA_PSK_SET_CKN BIT(0) 864 #define MKA_PSK_SET_CAK BIT(1) 865 #define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK) 866 /** 867 * mka_psk_set - Whether mka_ckn and mka_cak are set 868 */ 869 u8 mka_psk_set; 870 #endif /* CONFIG_MACSEC */ 871 872 #ifdef CONFIG_PASN 873 #ifdef CONFIG_TESTING_OPTIONS 874 /* 875 * Normally, KDK should be derived if and only if both sides support 876 * secure LTF. Allow forcing KDK derivation for testing purposes. 877 */ 878 int force_kdk_derivation; 879 880 /* If set, corrupt the MIC in the 2nd Authentication frame of PASN */ 881 int pasn_corrupt_mic; 882 #endif /* CONFIG_TESTING_OPTIONS */ 883 884 int *pasn_groups; 885 886 /* 887 * The time in TUs after which the non-AP STA is requested to retry the 888 * PASN authentication in case there are too many parallel operations. 889 */ 890 u16 pasn_comeback_after; 891 #endif /* CONFIG_PASN */ 892 893 unsigned int unsol_bcast_probe_resp_interval; 894 895 u8 ext_capa_mask[EXT_CAPA_MAX_LEN]; 896 u8 ext_capa[EXT_CAPA_MAX_LEN]; 897 }; 898 899 /** 900 * struct he_phy_capabilities_info - HE PHY capabilities 901 */ 902 struct he_phy_capabilities_info { 903 bool he_su_beamformer; 904 bool he_su_beamformee; 905 bool he_mu_beamformer; 906 }; 907 908 /** 909 * struct he_operation - HE operation 910 */ 911 struct he_operation { 912 u8 he_bss_color; 913 u8 he_bss_color_disabled; 914 u8 he_bss_color_partial; 915 u8 he_default_pe_duration; 916 u8 he_twt_required; 917 u8 he_twt_responder; 918 u16 he_rts_threshold; 919 u16 he_basic_mcs_nss_set; 920 }; 921 922 /** 923 * struct spatial_reuse - Spatial reuse 924 */ 925 struct spatial_reuse { 926 u8 sr_control; 927 u8 non_srg_obss_pd_max_offset; 928 u8 srg_obss_pd_min_offset; 929 u8 srg_obss_pd_max_offset; 930 u8 srg_bss_color_bitmap[8]; 931 u8 srg_partial_bssid_bitmap[8]; 932 }; 933 934 /** 935 * struct hostapd_config - Per-radio interface configuration 936 */ 937 struct hostapd_config { 938 struct hostapd_bss_config **bss, *last_bss; 939 size_t num_bss; 940 941 u16 beacon_int; 942 int rts_threshold; 943 int fragm_threshold; 944 u8 op_class; 945 u8 channel; 946 int enable_edmg; 947 u8 edmg_channel; 948 u8 acs; 949 struct wpa_freq_range_list acs_ch_list; 950 struct wpa_freq_range_list acs_freq_list; 951 u8 acs_freq_list_present; 952 int acs_exclude_dfs; 953 enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ 954 int acs_exclude_6ghz_non_psc; 955 enum { 956 LONG_PREAMBLE = 0, 957 SHORT_PREAMBLE = 1 958 } preamble; 959 960 int *supported_rates; 961 int *basic_rates; 962 unsigned int beacon_rate; 963 enum beacon_rate_type rate_type; 964 965 const struct wpa_driver_ops *driver; 966 char *driver_params; 967 968 int ap_table_max_size; 969 int ap_table_expiration_time; 970 971 unsigned int track_sta_max_num; 972 unsigned int track_sta_max_age; 973 974 char country[3]; /* first two octets: country code as described in 975 * ISO/IEC 3166-1. Third octet: 976 * ' ' (ascii 32): all environments 977 * 'O': Outdoor environemnt only 978 * 'I': Indoor environment only 979 * 'X': Used with noncountry entity ("XXX") 980 * 0x00..0x31: identifying IEEE 802.11 standard 981 * Annex E table (0x04 = global table) 982 */ 983 984 int ieee80211d; 985 986 int ieee80211h; /* DFS */ 987 988 /* 989 * Local power constraint is an octet encoded as an unsigned integer in 990 * units of decibels. Invalid value -1 indicates that Power Constraint 991 * element will not be added. 992 */ 993 int local_pwr_constraint; 994 995 /* Control Spectrum Management bit */ 996 int spectrum_mgmt_required; 997 998 struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; 999 1000 /* 1001 * WMM AC parameters, in same order as 802.1D, i.e. 1002 * 0 = BE (best effort) 1003 * 1 = BK (background) 1004 * 2 = VI (video) 1005 * 3 = VO (voice) 1006 */ 1007 struct hostapd_wmm_ac_params wmm_ac_params[4]; 1008 1009 int ht_op_mode_fixed; 1010 u16 ht_capab; 1011 int ieee80211n; 1012 int secondary_channel; 1013 int no_pri_sec_switch; 1014 int require_ht; 1015 int obss_interval; 1016 u32 vht_capab; 1017 int ieee80211ac; 1018 int require_vht; 1019 u8 vht_oper_chwidth; 1020 u8 vht_oper_centr_freq_seg0_idx; 1021 u8 vht_oper_centr_freq_seg1_idx; 1022 u8 ht40_plus_minus_allowed; 1023 1024 /* Use driver-generated interface addresses when adding multiple BSSs */ 1025 u8 use_driver_iface_addr; 1026 1027 #ifdef CONFIG_FST 1028 struct fst_iface_cfg fst_cfg; 1029 #endif /* CONFIG_FST */ 1030 1031 #ifdef CONFIG_P2P 1032 u8 p2p_go_ctwindow; 1033 #endif /* CONFIG_P2P */ 1034 1035 #ifdef CONFIG_TESTING_OPTIONS 1036 double ignore_probe_probability; 1037 double ignore_auth_probability; 1038 double ignore_assoc_probability; 1039 double ignore_reassoc_probability; 1040 double corrupt_gtk_rekey_mic_probability; 1041 int ecsa_ie_only; 1042 #endif /* CONFIG_TESTING_OPTIONS */ 1043 1044 #ifdef CONFIG_ACS 1045 unsigned int acs_num_scans; 1046 struct acs_bias { 1047 int channel; 1048 double bias; 1049 } *acs_chan_bias; 1050 unsigned int num_acs_chan_bias; 1051 #endif /* CONFIG_ACS */ 1052 1053 struct wpabuf *lci; 1054 struct wpabuf *civic; 1055 int stationary_ap; 1056 1057 int ieee80211ax; 1058 #ifdef CONFIG_IEEE80211AX 1059 struct he_phy_capabilities_info he_phy_capab; 1060 struct he_operation he_op; 1061 struct ieee80211_he_mu_edca_parameter_set he_mu_edca; 1062 struct spatial_reuse spr; 1063 u8 he_oper_chwidth; 1064 u8 he_oper_centr_freq_seg0_idx; 1065 u8 he_oper_centr_freq_seg1_idx; 1066 u8 he_6ghz_max_mpdu; 1067 u8 he_6ghz_max_ampdu_len_exp; 1068 u8 he_6ghz_rx_ant_pat; 1069 u8 he_6ghz_tx_ant_pat; 1070 #endif /* CONFIG_IEEE80211AX */ 1071 1072 /* VHT enable/disable config from CHAN_SWITCH */ 1073 #define CH_SWITCH_VHT_ENABLED BIT(0) 1074 #define CH_SWITCH_VHT_DISABLED BIT(1) 1075 unsigned int ch_switch_vht_config; 1076 1077 /* HE enable/disable config from CHAN_SWITCH */ 1078 #define CH_SWITCH_HE_ENABLED BIT(0) 1079 #define CH_SWITCH_HE_DISABLED BIT(1) 1080 unsigned int ch_switch_he_config; 1081 1082 int rssi_reject_assoc_rssi; 1083 int rssi_reject_assoc_timeout; 1084 int rssi_ignore_probe_request; 1085 1086 #ifdef CONFIG_AIRTIME_POLICY 1087 enum { 1088 AIRTIME_MODE_OFF = 0, 1089 AIRTIME_MODE_STATIC = 1, 1090 AIRTIME_MODE_DYNAMIC = 2, 1091 AIRTIME_MODE_LIMIT = 3, 1092 __AIRTIME_MODE_MAX, 1093 } airtime_mode; 1094 unsigned int airtime_update_interval; 1095 #define AIRTIME_MODE_MAX (__AIRTIME_MODE_MAX - 1) 1096 #endif /* CONFIG_AIRTIME_POLICY */ 1097 }; 1098 1099 1100 static inline u8 hostapd_get_oper_chwidth(struct hostapd_config *conf) 1101 { 1102 #ifdef CONFIG_IEEE80211AX 1103 if (conf->ieee80211ax) 1104 return conf->he_oper_chwidth; 1105 #endif /* CONFIG_IEEE80211AX */ 1106 return conf->vht_oper_chwidth; 1107 } 1108 1109 static inline void 1110 hostapd_set_oper_chwidth(struct hostapd_config *conf, u8 oper_chwidth) 1111 { 1112 #ifdef CONFIG_IEEE80211AX 1113 if (conf->ieee80211ax) 1114 conf->he_oper_chwidth = oper_chwidth; 1115 #endif /* CONFIG_IEEE80211AX */ 1116 conf->vht_oper_chwidth = oper_chwidth; 1117 } 1118 1119 static inline u8 1120 hostapd_get_oper_centr_freq_seg0_idx(struct hostapd_config *conf) 1121 { 1122 #ifdef CONFIG_IEEE80211AX 1123 if (conf->ieee80211ax) 1124 return conf->he_oper_centr_freq_seg0_idx; 1125 #endif /* CONFIG_IEEE80211AX */ 1126 return conf->vht_oper_centr_freq_seg0_idx; 1127 } 1128 1129 static inline void 1130 hostapd_set_oper_centr_freq_seg0_idx(struct hostapd_config *conf, 1131 u8 oper_centr_freq_seg0_idx) 1132 { 1133 #ifdef CONFIG_IEEE80211AX 1134 if (conf->ieee80211ax) 1135 conf->he_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx; 1136 #endif /* CONFIG_IEEE80211AX */ 1137 conf->vht_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx; 1138 } 1139 1140 static inline u8 1141 hostapd_get_oper_centr_freq_seg1_idx(struct hostapd_config *conf) 1142 { 1143 #ifdef CONFIG_IEEE80211AX 1144 if (conf->ieee80211ax) 1145 return conf->he_oper_centr_freq_seg1_idx; 1146 #endif /* CONFIG_IEEE80211AX */ 1147 return conf->vht_oper_centr_freq_seg1_idx; 1148 } 1149 1150 static inline void 1151 hostapd_set_oper_centr_freq_seg1_idx(struct hostapd_config *conf, 1152 u8 oper_centr_freq_seg1_idx) 1153 { 1154 #ifdef CONFIG_IEEE80211AX 1155 if (conf->ieee80211ax) 1156 conf->he_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx; 1157 #endif /* CONFIG_IEEE80211AX */ 1158 conf->vht_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx; 1159 } 1160 1161 1162 int hostapd_mac_comp(const void *a, const void *b); 1163 struct hostapd_config * hostapd_config_defaults(void); 1164 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss); 1165 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr); 1166 void hostapd_config_free_eap_user(struct hostapd_eap_user *user); 1167 void hostapd_config_free_eap_users(struct hostapd_eap_user *user); 1168 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **p); 1169 void hostapd_config_free_bss(struct hostapd_bss_config *conf); 1170 void hostapd_config_free(struct hostapd_config *conf); 1171 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, 1172 const u8 *addr, struct vlan_description *vlan_id); 1173 int hostapd_rate_found(int *list, int rate); 1174 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, 1175 const u8 *addr, const u8 *p2p_dev_addr, 1176 const u8 *prev_psk, int *vlan_id); 1177 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); 1178 int hostapd_vlan_valid(struct hostapd_vlan *vlan, 1179 struct vlan_description *vlan_desc); 1180 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, 1181 int vlan_id); 1182 struct hostapd_radius_attr * 1183 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type); 1184 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value); 1185 int hostapd_config_check(struct hostapd_config *conf, int full_config); 1186 void hostapd_set_security_params(struct hostapd_bss_config *bss, 1187 int full_config); 1188 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf); 1189 bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf); 1190 bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf); 1191 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf); 1192 1193 #endif /* HOSTAPD_CONFIG_H */ 1194