xref: /freebsd/contrib/wpa/src/ap/ap_config.h (revision 1349891a0eed79625faafa5ad354d65ff9ea6012)
1 /*
2  * hostapd / Configuration definitions and helpers functions
3  * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #ifndef HOSTAPD_CONFIG_H
10 #define HOSTAPD_CONFIG_H
11 
12 #include "common/defs.h"
13 #include "utils/list.h"
14 #include "ip_addr.h"
15 #include "common/wpa_common.h"
16 #include "common/ieee802_11_defs.h"
17 #include "common/ieee802_11_common.h"
18 #include "crypto/sha256.h"
19 #include "wps/wps.h"
20 #include "fst/fst.h"
21 #include "vlan.h"
22 
23 /**
24  * mesh_conf - local MBSS state and settings
25  */
26 struct mesh_conf {
27 	u8 meshid[32];
28 	u8 meshid_len;
29 	/* Active Path Selection Protocol Identifier */
30 	u8 mesh_pp_id;
31 	/* Active Path Selection Metric Identifier */
32 	u8 mesh_pm_id;
33 	/* Congestion Control Mode Identifier */
34 	u8 mesh_cc_id;
35 	/* Synchronization Protocol Identifier */
36 	u8 mesh_sp_id;
37 	/* Authentication Protocol Identifier */
38 	u8 mesh_auth_id;
39 	u8 *rsn_ie;
40 	int rsn_ie_len;
41 #define MESH_CONF_SEC_NONE BIT(0)
42 #define MESH_CONF_SEC_AUTH BIT(1)
43 #define MESH_CONF_SEC_AMPE BIT(2)
44 	unsigned int security;
45 	enum mfp_options ieee80211w;
46 	int ocv;
47 	unsigned int pairwise_cipher;
48 	unsigned int group_cipher;
49 	unsigned int mgmt_group_cipher;
50 	int dot11MeshMaxRetries;
51 	int dot11MeshRetryTimeout; /* msec */
52 	int dot11MeshConfirmTimeout; /* msec */
53 	int dot11MeshHoldingTimeout; /* msec */
54 };
55 
56 #define MAX_STA_COUNT 2007
57 #define MAX_VLAN_ID 4094
58 
59 typedef u8 macaddr[ETH_ALEN];
60 
61 struct mac_acl_entry {
62 	macaddr addr;
63 	struct vlan_description vlan_id;
64 };
65 
66 struct hostapd_radius_servers;
67 struct ft_remote_r0kh;
68 struct ft_remote_r1kh;
69 
70 #ifdef CONFIG_WEP
71 #define NUM_WEP_KEYS 4
72 struct hostapd_wep_keys {
73 	u8 idx;
74 	u8 *key[NUM_WEP_KEYS];
75 	size_t len[NUM_WEP_KEYS];
76 	int keys_set;
77 	size_t default_len; /* key length used for dynamic key generation */
78 };
79 #endif /* CONFIG_WEP */
80 
81 typedef enum hostap_security_policy {
82 	SECURITY_PLAINTEXT = 0,
83 #ifdef CONFIG_WEP
84 	SECURITY_STATIC_WEP = 1,
85 #endif /* CONFIG_WEP */
86 	SECURITY_IEEE_802_1X = 2,
87 	SECURITY_WPA_PSK = 3,
88 	SECURITY_WPA = 4,
89 	SECURITY_OSEN = 5
90 } secpolicy;
91 
92 struct hostapd_ssid {
93 	u8 ssid[SSID_MAX_LEN];
94 	size_t ssid_len;
95 	u32 short_ssid;
96 	unsigned int ssid_set:1;
97 	unsigned int utf8_ssid:1;
98 	unsigned int wpa_passphrase_set:1;
99 	unsigned int wpa_psk_set:1;
100 
101 	char vlan[IFNAMSIZ + 1];
102 	secpolicy security_policy;
103 
104 	struct hostapd_wpa_psk *wpa_psk;
105 	char *wpa_passphrase;
106 	char *wpa_psk_file;
107 	struct sae_pt *pt;
108 
109 #ifdef CONFIG_WEP
110 	struct hostapd_wep_keys wep;
111 #endif /* CONFIG_WEP */
112 
113 #define DYNAMIC_VLAN_DISABLED 0
114 #define DYNAMIC_VLAN_OPTIONAL 1
115 #define DYNAMIC_VLAN_REQUIRED 2
116 	int dynamic_vlan;
117 #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0
118 #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1
119 #define DYNAMIC_VLAN_NAMING_END 2
120 	int vlan_naming;
121 	int per_sta_vif;
122 #ifdef CONFIG_FULL_DYNAMIC_VLAN
123 	char *vlan_tagged_interface;
124 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
125 };
126 
127 
128 #define VLAN_ID_WILDCARD -1
129 
130 struct hostapd_vlan {
131 	struct hostapd_vlan *next;
132 	int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */
133 	struct vlan_description vlan_desc;
134 	char ifname[IFNAMSIZ + 1];
135 	char bridge[IFNAMSIZ + 1];
136 	int configured;
137 	int dynamic_vlan;
138 #ifdef CONFIG_FULL_DYNAMIC_VLAN
139 
140 #define DVLAN_CLEAN_WLAN_PORT	0x8
141 	int clean;
142 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
143 };
144 
145 #define PMK_LEN 32
146 #define KEYID_LEN 32
147 #define MIN_PASSPHRASE_LEN 8
148 #define MAX_PASSPHRASE_LEN 63
149 struct hostapd_sta_wpa_psk_short {
150 	struct hostapd_sta_wpa_psk_short *next;
151 	unsigned int is_passphrase:1;
152 	u8 psk[PMK_LEN];
153 	char passphrase[MAX_PASSPHRASE_LEN + 1];
154 	int ref; /* (number of references held) - 1 */
155 };
156 
157 struct hostapd_wpa_psk {
158 	struct hostapd_wpa_psk *next;
159 	int group;
160 	char keyid[KEYID_LEN];
161 	int wps;
162 	u8 psk[PMK_LEN];
163 	u8 addr[ETH_ALEN];
164 	u8 p2p_dev_addr[ETH_ALEN];
165 	int vlan_id;
166 };
167 
168 struct hostapd_eap_user {
169 	struct hostapd_eap_user *next;
170 	u8 *identity;
171 	size_t identity_len;
172 	struct {
173 		int vendor;
174 		u32 method;
175 	} methods[EAP_MAX_METHODS];
176 	u8 *password;
177 	size_t password_len;
178 	u8 *salt;
179 	size_t salt_len; /* non-zero when password is salted */
180 	int phase2;
181 	int force_version;
182 	unsigned int wildcard_prefix:1;
183 	unsigned int password_hash:1; /* whether password is hashed with
184 				       * nt_password_hash() */
185 	unsigned int remediation:1;
186 	unsigned int macacl:1;
187 	int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */
188 	struct hostapd_radius_attr *accept_attr;
189 	u32 t_c_timestamp;
190 };
191 
192 struct hostapd_radius_attr {
193 	u8 type;
194 	struct wpabuf *val;
195 	struct hostapd_radius_attr *next;
196 };
197 
198 
199 #define NUM_TX_QUEUES 4
200 #define MAX_ROAMING_CONSORTIUM_LEN 15
201 
202 struct hostapd_roaming_consortium {
203 	u8 len;
204 	u8 oi[MAX_ROAMING_CONSORTIUM_LEN];
205 };
206 
207 struct hostapd_lang_string {
208 	u8 lang[3];
209 	u8 name_len;
210 	u8 name[252];
211 };
212 
213 struct hostapd_venue_url {
214 	u8 venue_number;
215 	u8 url_len;
216 	u8 url[254];
217 };
218 
219 #define MAX_NAI_REALMS 10
220 #define MAX_NAI_REALMLEN 255
221 #define MAX_NAI_EAP_METHODS 5
222 #define MAX_NAI_AUTH_TYPES 4
223 struct hostapd_nai_realm_data {
224 	u8 encoding;
225 	char realm_buf[MAX_NAI_REALMLEN + 1];
226 	char *realm[MAX_NAI_REALMS];
227 	u8 eap_method_count;
228 	struct hostapd_nai_realm_eap {
229 		u8 eap_method;
230 		u8 num_auths;
231 		u8 auth_id[MAX_NAI_AUTH_TYPES];
232 		u8 auth_val[MAX_NAI_AUTH_TYPES];
233 	} eap_method[MAX_NAI_EAP_METHODS];
234 };
235 
236 struct anqp_element {
237 	struct dl_list list;
238 	u16 infoid;
239 	struct wpabuf *payload;
240 };
241 
242 struct fils_realm {
243 	struct dl_list list;
244 	u8 hash[2];
245 	char realm[];
246 };
247 
248 struct sae_password_entry {
249 	struct sae_password_entry *next;
250 	char *password;
251 	char *identifier;
252 	u8 peer_addr[ETH_ALEN];
253 	int vlan_id;
254 	struct sae_pt *pt;
255 	struct sae_pk *pk;
256 };
257 
258 struct dpp_controller_conf {
259 	struct dpp_controller_conf *next;
260 	u8 pkhash[SHA256_MAC_LEN];
261 	struct hostapd_ip_addr ipaddr;
262 };
263 
264 struct airtime_sta_weight {
265 	struct airtime_sta_weight *next;
266 	unsigned int weight;
267 	u8 addr[ETH_ALEN];
268 };
269 
270 #define EXT_CAPA_MAX_LEN 15
271 
272 /**
273  * struct hostapd_bss_config - Per-BSS configuration
274  */
275 struct hostapd_bss_config {
276 	char iface[IFNAMSIZ + 1];
277 	char bridge[IFNAMSIZ + 1];
278 	char vlan_bridge[IFNAMSIZ + 1];
279 	char wds_bridge[IFNAMSIZ + 1];
280 
281 	enum hostapd_logger_level logger_syslog_level, logger_stdout_level;
282 
283 	unsigned int logger_syslog; /* module bitfield */
284 	unsigned int logger_stdout; /* module bitfield */
285 
286 	int max_num_sta; /* maximum number of STAs in station table */
287 
288 	int dtim_period;
289 	unsigned int bss_load_update_period;
290 	unsigned int chan_util_avg_period;
291 
292 	int ieee802_1x; /* use IEEE 802.1X */
293 	int eapol_version;
294 	int eap_server; /* Use internal EAP server instead of external
295 			 * RADIUS server */
296 	struct hostapd_eap_user *eap_user;
297 	char *eap_user_sqlite;
298 	char *eap_sim_db;
299 	unsigned int eap_sim_db_timeout;
300 	int eap_server_erp; /* Whether ERP is enabled on internal EAP server */
301 	struct hostapd_ip_addr own_ip_addr;
302 	char *nas_identifier;
303 	struct hostapd_radius_servers *radius;
304 	int acct_interim_interval;
305 	int radius_request_cui;
306 	struct hostapd_radius_attr *radius_auth_req_attr;
307 	struct hostapd_radius_attr *radius_acct_req_attr;
308 	char *radius_req_attr_sqlite;
309 	int radius_das_port;
310 	unsigned int radius_das_time_window;
311 	int radius_das_require_event_timestamp;
312 	int radius_das_require_message_authenticator;
313 	struct hostapd_ip_addr radius_das_client_addr;
314 	u8 *radius_das_shared_secret;
315 	size_t radius_das_shared_secret_len;
316 
317 	struct hostapd_ssid ssid;
318 
319 	char *eap_req_id_text; /* optional displayable message sent with
320 				* EAP Request-Identity */
321 	size_t eap_req_id_text_len;
322 	int eapol_key_index_workaround;
323 
324 #ifdef CONFIG_WEP
325 	size_t default_wep_key_len;
326 	int individual_wep_key_len;
327 	int wep_rekeying_period;
328 	int broadcast_key_idx_min, broadcast_key_idx_max;
329 #endif /* CONFIG_WEP */
330 	int eap_reauth_period;
331 	int erp_send_reauth_start;
332 	char *erp_domain;
333 
334 	enum macaddr_acl {
335 		ACCEPT_UNLESS_DENIED = 0,
336 		DENY_UNLESS_ACCEPTED = 1,
337 		USE_EXTERNAL_RADIUS_AUTH = 2
338 	} macaddr_acl;
339 	struct mac_acl_entry *accept_mac;
340 	int num_accept_mac;
341 	struct mac_acl_entry *deny_mac;
342 	int num_deny_mac;
343 	int wds_sta;
344 	int isolate;
345 	int start_disabled;
346 
347 	int auth_algs; /* bitfield of allowed IEEE 802.11 authentication
348 			* algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */
349 
350 	int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */
351 	int extended_key_id;
352 	int wpa_key_mgmt;
353 	enum mfp_options ieee80211w;
354 	int group_mgmt_cipher;
355 	int beacon_prot;
356 	/* dot11AssociationSAQueryMaximumTimeout (in TUs) */
357 	unsigned int assoc_sa_query_max_timeout;
358 	/* dot11AssociationSAQueryRetryTimeout (in TUs) */
359 	int assoc_sa_query_retry_timeout;
360 #ifdef CONFIG_OCV
361 	int ocv; /* Operating Channel Validation */
362 #endif /* CONFIG_OCV */
363 	enum {
364 		PSK_RADIUS_IGNORED = 0,
365 		PSK_RADIUS_ACCEPTED = 1,
366 		PSK_RADIUS_REQUIRED = 2
367 	} wpa_psk_radius;
368 	int wpa_pairwise;
369 	int group_cipher; /* wpa_group value override from configuation */
370 	int wpa_group;
371 	int wpa_group_rekey;
372 	int wpa_group_rekey_set;
373 	int wpa_strict_rekey;
374 	int wpa_gmk_rekey;
375 	int wpa_ptk_rekey;
376 	enum ptk0_rekey_handling wpa_deny_ptk0_rekey;
377 	u32 wpa_group_update_count;
378 	u32 wpa_pairwise_update_count;
379 	int wpa_disable_eapol_key_retries;
380 	int rsn_pairwise;
381 	int rsn_preauth;
382 	char *rsn_preauth_interfaces;
383 
384 #ifdef CONFIG_IEEE80211R_AP
385 	/* IEEE 802.11r - Fast BSS Transition */
386 	u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN];
387 	u8 r1_key_holder[FT_R1KH_ID_LEN];
388 	u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */
389 	int rkh_pos_timeout;
390 	int rkh_neg_timeout;
391 	int rkh_pull_timeout; /* ms */
392 	int rkh_pull_retries;
393 	u32 reassociation_deadline;
394 	struct ft_remote_r0kh *r0kh_list;
395 	struct ft_remote_r1kh *r1kh_list;
396 	int pmk_r1_push;
397 	int ft_over_ds;
398 	int ft_psk_generate_local;
399 	int r1_max_key_lifetime;
400 #endif /* CONFIG_IEEE80211R_AP */
401 
402 	char *ctrl_interface; /* directory for UNIX domain sockets */
403 #ifndef CONFIG_NATIVE_WINDOWS
404 	gid_t ctrl_interface_gid;
405 #endif /* CONFIG_NATIVE_WINDOWS */
406 	int ctrl_interface_gid_set;
407 
408 	char *ca_cert;
409 	char *server_cert;
410 	char *server_cert2;
411 	char *private_key;
412 	char *private_key2;
413 	char *private_key_passwd;
414 	char *private_key_passwd2;
415 	char *check_cert_subject;
416 	int check_crl;
417 	int check_crl_strict;
418 	unsigned int crl_reload_interval;
419 	unsigned int tls_session_lifetime;
420 	unsigned int tls_flags;
421 	unsigned int max_auth_rounds;
422 	unsigned int max_auth_rounds_short;
423 	char *ocsp_stapling_response;
424 	char *ocsp_stapling_response_multi;
425 	char *dh_file;
426 	char *openssl_ciphers;
427 	char *openssl_ecdh_curves;
428 	u8 *pac_opaque_encr_key;
429 	u8 *eap_fast_a_id;
430 	size_t eap_fast_a_id_len;
431 	char *eap_fast_a_id_info;
432 	int eap_fast_prov;
433 	int pac_key_lifetime;
434 	int pac_key_refresh_time;
435 	int eap_teap_auth;
436 	int eap_teap_pac_no_inner;
437 	int eap_teap_separate_result;
438 	int eap_teap_id;
439 	int eap_sim_aka_result_ind;
440 	int eap_sim_id;
441 	int tnc;
442 	int fragment_size;
443 	u16 pwd_group;
444 
445 	char *radius_server_clients;
446 	int radius_server_auth_port;
447 	int radius_server_acct_port;
448 	int radius_server_ipv6;
449 
450 	int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group
451 				 * address instead of individual address
452 				 * (for driver_wired.c).
453 				 */
454 
455 	int ap_max_inactivity;
456 	int ignore_broadcast_ssid;
457 	int no_probe_resp_if_max_sta;
458 
459 	int wmm_enabled;
460 	int wmm_uapsd;
461 
462 	struct hostapd_vlan *vlan;
463 
464 	macaddr bssid;
465 
466 	/*
467 	 * Maximum listen interval that STAs can use when associating with this
468 	 * BSS. If a STA tries to use larger value, the association will be
469 	 * denied with status code 51.
470 	 */
471 	u16 max_listen_interval;
472 
473 	int disable_pmksa_caching;
474 	int okc; /* Opportunistic Key Caching */
475 
476 	int wps_state;
477 #ifdef CONFIG_WPS
478 	int wps_independent;
479 	int ap_setup_locked;
480 	u8 uuid[16];
481 	char *wps_pin_requests;
482 	char *device_name;
483 	char *manufacturer;
484 	char *model_name;
485 	char *model_number;
486 	char *serial_number;
487 	u8 device_type[WPS_DEV_TYPE_LEN];
488 	char *config_methods;
489 	u8 os_version[4];
490 	char *ap_pin;
491 	int skip_cred_build;
492 	u8 *extra_cred;
493 	size_t extra_cred_len;
494 	int wps_cred_processing;
495 	int wps_cred_add_sae;
496 	int force_per_enrollee_psk;
497 	u8 *ap_settings;
498 	size_t ap_settings_len;
499 	struct hostapd_ssid multi_ap_backhaul_ssid;
500 	char *upnp_iface;
501 	char *friendly_name;
502 	char *manufacturer_url;
503 	char *model_description;
504 	char *model_url;
505 	char *upc;
506 	struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS];
507 	struct wpabuf *wps_application_ext;
508 	int wps_nfc_pw_from_config;
509 	int wps_nfc_dev_pw_id;
510 	struct wpabuf *wps_nfc_dh_pubkey;
511 	struct wpabuf *wps_nfc_dh_privkey;
512 	struct wpabuf *wps_nfc_dev_pw;
513 #endif /* CONFIG_WPS */
514 	int pbc_in_m1;
515 	char *server_id;
516 
517 #define P2P_ENABLED BIT(0)
518 #define P2P_GROUP_OWNER BIT(1)
519 #define P2P_GROUP_FORMATION BIT(2)
520 #define P2P_MANAGE BIT(3)
521 #define P2P_ALLOW_CROSS_CONNECTION BIT(4)
522 	int p2p;
523 #ifdef CONFIG_P2P
524 	u8 ip_addr_go[4];
525 	u8 ip_addr_mask[4];
526 	u8 ip_addr_start[4];
527 	u8 ip_addr_end[4];
528 #endif /* CONFIG_P2P */
529 
530 	int disassoc_low_ack;
531 	int skip_inactivity_poll;
532 
533 #define TDLS_PROHIBIT BIT(0)
534 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1)
535 	int tdls;
536 	bool disable_11n;
537 	bool disable_11ac;
538 	bool disable_11ax;
539 
540 	/* IEEE 802.11v */
541 	int time_advertisement;
542 	char *time_zone;
543 	int wnm_sleep_mode;
544 	int wnm_sleep_mode_no_keys;
545 	int bss_transition;
546 
547 	/* IEEE 802.11u - Interworking */
548 	int interworking;
549 	int access_network_type;
550 	int internet;
551 	int asra;
552 	int esr;
553 	int uesa;
554 	int venue_info_set;
555 	u8 venue_group;
556 	u8 venue_type;
557 	u8 hessid[ETH_ALEN];
558 
559 	/* IEEE 802.11u - Roaming Consortium list */
560 	unsigned int roaming_consortium_count;
561 	struct hostapd_roaming_consortium *roaming_consortium;
562 
563 	/* IEEE 802.11u - Venue Name duples */
564 	unsigned int venue_name_count;
565 	struct hostapd_lang_string *venue_name;
566 
567 	/* Venue URL duples */
568 	unsigned int venue_url_count;
569 	struct hostapd_venue_url *venue_url;
570 
571 	/* IEEE 802.11u - Network Authentication Type */
572 	u8 *network_auth_type;
573 	size_t network_auth_type_len;
574 
575 	/* IEEE 802.11u - IP Address Type Availability */
576 	u8 ipaddr_type_availability;
577 	u8 ipaddr_type_configured;
578 
579 	/* IEEE 802.11u - 3GPP Cellular Network */
580 	u8 *anqp_3gpp_cell_net;
581 	size_t anqp_3gpp_cell_net_len;
582 
583 	/* IEEE 802.11u - Domain Name */
584 	u8 *domain_name;
585 	size_t domain_name_len;
586 
587 	unsigned int nai_realm_count;
588 	struct hostapd_nai_realm_data *nai_realm_data;
589 
590 	struct dl_list anqp_elem; /* list of struct anqp_element */
591 
592 	u16 gas_comeback_delay;
593 	size_t gas_frag_limit;
594 	int gas_address3;
595 
596 	u8 qos_map_set[16 + 2 * 21];
597 	unsigned int qos_map_set_len;
598 
599 	int osen;
600 	int proxy_arp;
601 	int na_mcast_to_ucast;
602 
603 #ifdef CONFIG_HS20
604 	int hs20;
605 	int hs20_release;
606 	int disable_dgaf;
607 	u16 anqp_domain_id;
608 	unsigned int hs20_oper_friendly_name_count;
609 	struct hostapd_lang_string *hs20_oper_friendly_name;
610 	u8 *hs20_wan_metrics;
611 	u8 *hs20_connection_capability;
612 	size_t hs20_connection_capability_len;
613 	u8 *hs20_operating_class;
614 	u8 hs20_operating_class_len;
615 	struct hs20_icon {
616 		u16 width;
617 		u16 height;
618 		char language[3];
619 		char type[256];
620 		char name[256];
621 		char file[256];
622 	} *hs20_icons;
623 	size_t hs20_icons_count;
624 	u8 osu_ssid[SSID_MAX_LEN];
625 	size_t osu_ssid_len;
626 	struct hs20_osu_provider {
627 		unsigned int friendly_name_count;
628 		struct hostapd_lang_string *friendly_name;
629 		char *server_uri;
630 		int *method_list;
631 		char **icons;
632 		size_t icons_count;
633 		char *osu_nai;
634 		char *osu_nai2;
635 		unsigned int service_desc_count;
636 		struct hostapd_lang_string *service_desc;
637 	} *hs20_osu_providers, *last_osu;
638 	size_t hs20_osu_providers_count;
639 	size_t hs20_osu_providers_nai_count;
640 	char **hs20_operator_icon;
641 	size_t hs20_operator_icon_count;
642 	unsigned int hs20_deauth_req_timeout;
643 	char *subscr_remediation_url;
644 	u8 subscr_remediation_method;
645 	char *hs20_sim_provisioning_url;
646 	char *t_c_filename;
647 	u32 t_c_timestamp;
648 	char *t_c_server_url;
649 #endif /* CONFIG_HS20 */
650 
651 	u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */
652 
653 #ifdef CONFIG_RADIUS_TEST
654 	char *dump_msk_file;
655 #endif /* CONFIG_RADIUS_TEST */
656 
657 	struct wpabuf *vendor_elements;
658 	struct wpabuf *assocresp_elements;
659 
660 	unsigned int anti_clogging_threshold;
661 	unsigned int sae_sync;
662 	int sae_require_mfp;
663 	int sae_confirm_immediate;
664 	int sae_pwe;
665 	int *sae_groups;
666 	struct sae_password_entry *sae_passwords;
667 
668 	char *wowlan_triggers; /* Wake-on-WLAN triggers */
669 
670 #ifdef CONFIG_TESTING_OPTIONS
671 	u8 bss_load_test[5];
672 	u8 bss_load_test_set;
673 	struct wpabuf *own_ie_override;
674 	int sae_reflection_attack;
675 	int sae_commit_status;
676 	int sae_pk_omit;
677 	int sae_pk_password_check_skip;
678 	struct wpabuf *sae_commit_override;
679 	struct wpabuf *rsne_override_eapol;
680 	struct wpabuf *rsnxe_override_eapol;
681 	struct wpabuf *rsne_override_ft;
682 	struct wpabuf *rsnxe_override_ft;
683 	struct wpabuf *gtk_rsc_override;
684 	struct wpabuf *igtk_rsc_override;
685 	int no_beacon_rsnxe;
686 	int skip_prune_assoc;
687 	int ft_rsnxe_used;
688 	unsigned int oci_freq_override_eapol_m3;
689 	unsigned int oci_freq_override_eapol_g1;
690 	unsigned int oci_freq_override_saquery_req;
691 	unsigned int oci_freq_override_saquery_resp;
692 	unsigned int oci_freq_override_ft_assoc;
693 	unsigned int oci_freq_override_fils_assoc;
694 	unsigned int oci_freq_override_wnm_sleep;
695 #endif /* CONFIG_TESTING_OPTIONS */
696 
697 #define MESH_ENABLED BIT(0)
698 	int mesh;
699 
700 	u8 radio_measurements[RRM_CAPABILITIES_IE_LEN];
701 
702 	int vendor_vht;
703 	int use_sta_nsts;
704 
705 	char *no_probe_resp_if_seen_on;
706 	char *no_auth_if_seen_on;
707 
708 	int pbss;
709 
710 #ifdef CONFIG_MBO
711 	int mbo_enabled;
712 	/**
713 	 * oce - Enable OCE in AP and/or STA-CFON mode
714 	 *  - BIT(0) is Reserved
715 	 *  - Set BIT(1) to enable OCE in STA-CFON mode
716 	 *  - Set BIT(2) to enable OCE in AP mode
717 	 */
718 	unsigned int oce;
719 	int mbo_cell_data_conn_pref;
720 #endif /* CONFIG_MBO */
721 
722 	int ftm_responder;
723 	int ftm_initiator;
724 
725 #ifdef CONFIG_FILS
726 	u8 fils_cache_id[FILS_CACHE_ID_LEN];
727 	int fils_cache_id_set;
728 	struct dl_list fils_realms; /* list of struct fils_realm */
729 	int fils_dh_group;
730 	struct hostapd_ip_addr dhcp_server;
731 	int dhcp_rapid_commit_proxy;
732 	unsigned int fils_hlp_wait_time;
733 	u16 dhcp_server_port;
734 	u16 dhcp_relay_port;
735 	u32 fils_discovery_min_int;
736 	u32 fils_discovery_max_int;
737 #endif /* CONFIG_FILS */
738 
739 	int multicast_to_unicast;
740 
741 	int broadcast_deauth;
742 
743 	int notify_mgmt_frames;
744 
745 #ifdef CONFIG_DPP
746 	char *dpp_name;
747 	char *dpp_mud_url;
748 	char *dpp_connector;
749 	struct wpabuf *dpp_netaccesskey;
750 	unsigned int dpp_netaccesskey_expiry;
751 	struct wpabuf *dpp_csign;
752 #ifdef CONFIG_DPP2
753 	struct dpp_controller_conf *dpp_controller;
754 	int dpp_configurator_connectivity;
755 	int dpp_pfs;
756 #endif /* CONFIG_DPP2 */
757 #endif /* CONFIG_DPP */
758 
759 #ifdef CONFIG_OWE
760 	macaddr owe_transition_bssid;
761 	u8 owe_transition_ssid[SSID_MAX_LEN];
762 	size_t owe_transition_ssid_len;
763 	char owe_transition_ifname[IFNAMSIZ + 1];
764 	int *owe_groups;
765 	int owe_ptk_workaround;
766 #endif /* CONFIG_OWE */
767 
768 	int coloc_intf_reporting;
769 
770 	u8 send_probe_response;
771 
772 	u8 transition_disable;
773 
774 #define BACKHAUL_BSS 1
775 #define FRONTHAUL_BSS 2
776 	int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */
777 
778 #ifdef CONFIG_AIRTIME_POLICY
779 	unsigned int airtime_weight;
780 	int airtime_limit;
781 	struct airtime_sta_weight *airtime_weight_list;
782 #endif /* CONFIG_AIRTIME_POLICY */
783 
784 #ifdef CONFIG_MACSEC
785 	/**
786 	 * macsec_policy - Determines the policy for MACsec secure session
787 	 *
788 	 * 0: MACsec not in use (default)
789 	 * 1: MACsec enabled - Should secure, accept key server's advice to
790 	 *    determine whether to use a secure session or not.
791 	 */
792 	int macsec_policy;
793 
794 	/**
795 	 * macsec_integ_only - Determines how MACsec are transmitted
796 	 *
797 	 * This setting applies only when MACsec is in use, i.e.,
798 	 *  - macsec_policy is enabled
799 	 *  - the key server has decided to enable MACsec
800 	 *
801 	 * 0: Encrypt traffic (default)
802 	 * 1: Integrity only
803 	 */
804 	int macsec_integ_only;
805 
806 	/**
807 	 * macsec_replay_protect - Enable MACsec replay protection
808 	 *
809 	 * This setting applies only when MACsec is in use, i.e.,
810 	 *  - macsec_policy is enabled
811 	 *  - the key server has decided to enable MACsec
812 	 *
813 	 * 0: Replay protection disabled (default)
814 	 * 1: Replay protection enabled
815 	 */
816 	int macsec_replay_protect;
817 
818 	/**
819 	 * macsec_replay_window - MACsec replay protection window
820 	 *
821 	 * A window in which replay is tolerated, to allow receipt of frames
822 	 * that have been misordered by the network.
823 	 *
824 	 * This setting applies only when MACsec replay protection active, i.e.,
825 	 *  - macsec_replay_protect is enabled
826 	 *  - the key server has decided to enable MACsec
827 	 *
828 	 * 0: No replay window, strict check (default)
829 	 * 1..2^32-1: number of packets that could be misordered
830 	 */
831 	u32 macsec_replay_window;
832 
833 	/**
834 	 * macsec_port - MACsec port (in SCI)
835 	 *
836 	 * Port component of the SCI.
837 	 *
838 	 * Range: 1-65534 (default: 1)
839 	 */
840 	int macsec_port;
841 
842 	/**
843 	 * mka_priority - Priority of MKA Actor
844 	 *
845 	 * Range: 0-255 (default: 255)
846 	 */
847 	int mka_priority;
848 
849 	/**
850 	 * mka_ckn - MKA pre-shared CKN
851 	 */
852 #define MACSEC_CKN_MAX_LEN 32
853 	size_t mka_ckn_len;
854 	u8 mka_ckn[MACSEC_CKN_MAX_LEN];
855 
856 	/**
857 	 * mka_cak - MKA pre-shared CAK
858 	 */
859 #define MACSEC_CAK_MAX_LEN 32
860 	size_t mka_cak_len;
861 	u8 mka_cak[MACSEC_CAK_MAX_LEN];
862 
863 #define MKA_PSK_SET_CKN BIT(0)
864 #define MKA_PSK_SET_CAK BIT(1)
865 #define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK)
866 	/**
867 	 * mka_psk_set - Whether mka_ckn and mka_cak are set
868 	 */
869 	u8 mka_psk_set;
870 #endif /* CONFIG_MACSEC */
871 
872 #ifdef CONFIG_PASN
873 #ifdef CONFIG_TESTING_OPTIONS
874 	/*
875 	 * Normally, KDK should be derived if and only if both sides support
876 	 * secure LTF. Allow forcing KDK derivation for testing purposes.
877 	 */
878 	int force_kdk_derivation;
879 
880 	/* If set, corrupt the MIC in the 2nd Authentication frame of PASN */
881 	int pasn_corrupt_mic;
882 #endif /* CONFIG_TESTING_OPTIONS */
883 
884 	int *pasn_groups;
885 
886 	/*
887 	 * The time in TUs after which the non-AP STA is requested to retry the
888 	 * PASN authentication in case there are too many parallel operations.
889 	 */
890 	u16 pasn_comeback_after;
891 #endif /* CONFIG_PASN */
892 
893 	unsigned int unsol_bcast_probe_resp_interval;
894 
895 	u8 ext_capa_mask[EXT_CAPA_MAX_LEN];
896 	u8 ext_capa[EXT_CAPA_MAX_LEN];
897 };
898 
899 /**
900  * struct he_phy_capabilities_info - HE PHY capabilities
901  */
902 struct he_phy_capabilities_info {
903 	bool he_su_beamformer;
904 	bool he_su_beamformee;
905 	bool he_mu_beamformer;
906 };
907 
908 /**
909  * struct he_operation - HE operation
910  */
911 struct he_operation {
912 	u8 he_bss_color;
913 	u8 he_bss_color_disabled;
914 	u8 he_bss_color_partial;
915 	u8 he_default_pe_duration;
916 	u8 he_twt_required;
917 	u8 he_twt_responder;
918 	u16 he_rts_threshold;
919 	u16 he_basic_mcs_nss_set;
920 };
921 
922 /**
923  * struct spatial_reuse - Spatial reuse
924  */
925 struct spatial_reuse {
926 	u8 sr_control;
927 	u8 non_srg_obss_pd_max_offset;
928 	u8 srg_obss_pd_min_offset;
929 	u8 srg_obss_pd_max_offset;
930 	u8 srg_bss_color_bitmap[8];
931 	u8 srg_partial_bssid_bitmap[8];
932 };
933 
934 /**
935  * struct hostapd_config - Per-radio interface configuration
936  */
937 struct hostapd_config {
938 	struct hostapd_bss_config **bss, *last_bss;
939 	size_t num_bss;
940 
941 	u16 beacon_int;
942 	int rts_threshold;
943 	int fragm_threshold;
944 	u8 op_class;
945 	u8 channel;
946 	int enable_edmg;
947 	u8 edmg_channel;
948 	u8 acs;
949 	struct wpa_freq_range_list acs_ch_list;
950 	struct wpa_freq_range_list acs_freq_list;
951 	u8 acs_freq_list_present;
952 	int acs_exclude_dfs;
953 	enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */
954 	int acs_exclude_6ghz_non_psc;
955 	enum {
956 		LONG_PREAMBLE = 0,
957 		SHORT_PREAMBLE = 1
958 	} preamble;
959 
960 	int *supported_rates;
961 	int *basic_rates;
962 	unsigned int beacon_rate;
963 	enum beacon_rate_type rate_type;
964 
965 	const struct wpa_driver_ops *driver;
966 	char *driver_params;
967 
968 	int ap_table_max_size;
969 	int ap_table_expiration_time;
970 
971 	unsigned int track_sta_max_num;
972 	unsigned int track_sta_max_age;
973 
974 	char country[3]; /* first two octets: country code as described in
975 			  * ISO/IEC 3166-1. Third octet:
976 			  * ' ' (ascii 32): all environments
977 			  * 'O': Outdoor environemnt only
978 			  * 'I': Indoor environment only
979 			  * 'X': Used with noncountry entity ("XXX")
980 			  * 0x00..0x31: identifying IEEE 802.11 standard
981 			  *	Annex E table (0x04 = global table)
982 			  */
983 
984 	int ieee80211d;
985 
986 	int ieee80211h; /* DFS */
987 
988 	/*
989 	 * Local power constraint is an octet encoded as an unsigned integer in
990 	 * units of decibels. Invalid value -1 indicates that Power Constraint
991 	 * element will not be added.
992 	 */
993 	int local_pwr_constraint;
994 
995 	/* Control Spectrum Management bit */
996 	int spectrum_mgmt_required;
997 
998 	struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES];
999 
1000 	/*
1001 	 * WMM AC parameters, in same order as 802.1D, i.e.
1002 	 * 0 = BE (best effort)
1003 	 * 1 = BK (background)
1004 	 * 2 = VI (video)
1005 	 * 3 = VO (voice)
1006 	 */
1007 	struct hostapd_wmm_ac_params wmm_ac_params[4];
1008 
1009 	int ht_op_mode_fixed;
1010 	u16 ht_capab;
1011 	int ieee80211n;
1012 	int secondary_channel;
1013 	int no_pri_sec_switch;
1014 	int require_ht;
1015 	int obss_interval;
1016 	u32 vht_capab;
1017 	int ieee80211ac;
1018 	int require_vht;
1019 	u8 vht_oper_chwidth;
1020 	u8 vht_oper_centr_freq_seg0_idx;
1021 	u8 vht_oper_centr_freq_seg1_idx;
1022 	u8 ht40_plus_minus_allowed;
1023 
1024 	/* Use driver-generated interface addresses when adding multiple BSSs */
1025 	u8 use_driver_iface_addr;
1026 
1027 #ifdef CONFIG_FST
1028 	struct fst_iface_cfg fst_cfg;
1029 #endif /* CONFIG_FST */
1030 
1031 #ifdef CONFIG_P2P
1032 	u8 p2p_go_ctwindow;
1033 #endif /* CONFIG_P2P */
1034 
1035 #ifdef CONFIG_TESTING_OPTIONS
1036 	double ignore_probe_probability;
1037 	double ignore_auth_probability;
1038 	double ignore_assoc_probability;
1039 	double ignore_reassoc_probability;
1040 	double corrupt_gtk_rekey_mic_probability;
1041 	int ecsa_ie_only;
1042 #endif /* CONFIG_TESTING_OPTIONS */
1043 
1044 #ifdef CONFIG_ACS
1045 	unsigned int acs_num_scans;
1046 	struct acs_bias {
1047 		int channel;
1048 		double bias;
1049 	} *acs_chan_bias;
1050 	unsigned int num_acs_chan_bias;
1051 #endif /* CONFIG_ACS */
1052 
1053 	struct wpabuf *lci;
1054 	struct wpabuf *civic;
1055 	int stationary_ap;
1056 
1057 	int ieee80211ax;
1058 #ifdef CONFIG_IEEE80211AX
1059 	struct he_phy_capabilities_info he_phy_capab;
1060 	struct he_operation he_op;
1061 	struct ieee80211_he_mu_edca_parameter_set he_mu_edca;
1062 	struct spatial_reuse spr;
1063 	u8 he_oper_chwidth;
1064 	u8 he_oper_centr_freq_seg0_idx;
1065 	u8 he_oper_centr_freq_seg1_idx;
1066 	u8 he_6ghz_max_mpdu;
1067 	u8 he_6ghz_max_ampdu_len_exp;
1068 	u8 he_6ghz_rx_ant_pat;
1069 	u8 he_6ghz_tx_ant_pat;
1070 #endif /* CONFIG_IEEE80211AX */
1071 
1072 	/* VHT enable/disable config from CHAN_SWITCH */
1073 #define CH_SWITCH_VHT_ENABLED BIT(0)
1074 #define CH_SWITCH_VHT_DISABLED BIT(1)
1075 	unsigned int ch_switch_vht_config;
1076 
1077 	/* HE enable/disable config from CHAN_SWITCH */
1078 #define CH_SWITCH_HE_ENABLED BIT(0)
1079 #define CH_SWITCH_HE_DISABLED BIT(1)
1080 	unsigned int ch_switch_he_config;
1081 
1082 	int rssi_reject_assoc_rssi;
1083 	int rssi_reject_assoc_timeout;
1084 	int rssi_ignore_probe_request;
1085 
1086 #ifdef CONFIG_AIRTIME_POLICY
1087 	enum {
1088 		AIRTIME_MODE_OFF = 0,
1089 		AIRTIME_MODE_STATIC = 1,
1090 		AIRTIME_MODE_DYNAMIC = 2,
1091 		AIRTIME_MODE_LIMIT = 3,
1092 		__AIRTIME_MODE_MAX,
1093 	} airtime_mode;
1094 	unsigned int airtime_update_interval;
1095 #define AIRTIME_MODE_MAX (__AIRTIME_MODE_MAX - 1)
1096 #endif /* CONFIG_AIRTIME_POLICY */
1097 };
1098 
1099 
1100 static inline u8 hostapd_get_oper_chwidth(struct hostapd_config *conf)
1101 {
1102 #ifdef CONFIG_IEEE80211AX
1103 	if (conf->ieee80211ax)
1104 		return conf->he_oper_chwidth;
1105 #endif /* CONFIG_IEEE80211AX */
1106 	return conf->vht_oper_chwidth;
1107 }
1108 
1109 static inline void
1110 hostapd_set_oper_chwidth(struct hostapd_config *conf, u8 oper_chwidth)
1111 {
1112 #ifdef CONFIG_IEEE80211AX
1113 	if (conf->ieee80211ax)
1114 		conf->he_oper_chwidth = oper_chwidth;
1115 #endif /* CONFIG_IEEE80211AX */
1116 	conf->vht_oper_chwidth = oper_chwidth;
1117 }
1118 
1119 static inline u8
1120 hostapd_get_oper_centr_freq_seg0_idx(struct hostapd_config *conf)
1121 {
1122 #ifdef CONFIG_IEEE80211AX
1123 	if (conf->ieee80211ax)
1124 		return conf->he_oper_centr_freq_seg0_idx;
1125 #endif /* CONFIG_IEEE80211AX */
1126 	return conf->vht_oper_centr_freq_seg0_idx;
1127 }
1128 
1129 static inline void
1130 hostapd_set_oper_centr_freq_seg0_idx(struct hostapd_config *conf,
1131 				     u8 oper_centr_freq_seg0_idx)
1132 {
1133 #ifdef CONFIG_IEEE80211AX
1134 	if (conf->ieee80211ax)
1135 		conf->he_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx;
1136 #endif /* CONFIG_IEEE80211AX */
1137 	conf->vht_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx;
1138 }
1139 
1140 static inline u8
1141 hostapd_get_oper_centr_freq_seg1_idx(struct hostapd_config *conf)
1142 {
1143 #ifdef CONFIG_IEEE80211AX
1144 	if (conf->ieee80211ax)
1145 		return conf->he_oper_centr_freq_seg1_idx;
1146 #endif /* CONFIG_IEEE80211AX */
1147 	return conf->vht_oper_centr_freq_seg1_idx;
1148 }
1149 
1150 static inline void
1151 hostapd_set_oper_centr_freq_seg1_idx(struct hostapd_config *conf,
1152 				     u8 oper_centr_freq_seg1_idx)
1153 {
1154 #ifdef CONFIG_IEEE80211AX
1155 	if (conf->ieee80211ax)
1156 		conf->he_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx;
1157 #endif /* CONFIG_IEEE80211AX */
1158 	conf->vht_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx;
1159 }
1160 
1161 
1162 int hostapd_mac_comp(const void *a, const void *b);
1163 struct hostapd_config * hostapd_config_defaults(void);
1164 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss);
1165 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr);
1166 void hostapd_config_free_eap_user(struct hostapd_eap_user *user);
1167 void hostapd_config_free_eap_users(struct hostapd_eap_user *user);
1168 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **p);
1169 void hostapd_config_free_bss(struct hostapd_bss_config *conf);
1170 void hostapd_config_free(struct hostapd_config *conf);
1171 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
1172 			  const u8 *addr, struct vlan_description *vlan_id);
1173 int hostapd_rate_found(int *list, int rate);
1174 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
1175 			   const u8 *addr, const u8 *p2p_dev_addr,
1176 			   const u8 *prev_psk, int *vlan_id);
1177 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
1178 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1179 		       struct vlan_description *vlan_desc);
1180 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan,
1181 					int vlan_id);
1182 struct hostapd_radius_attr *
1183 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type);
1184 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value);
1185 int hostapd_config_check(struct hostapd_config *conf, int full_config);
1186 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1187 				 int full_config);
1188 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf);
1189 bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf);
1190 bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf);
1191 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf);
1192 
1193 #endif /* HOSTAPD_CONFIG_H */
1194