1 /* 2 * hostapd / Configuration definitions and helpers functions 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef HOSTAPD_CONFIG_H 10 #define HOSTAPD_CONFIG_H 11 12 #include "common/defs.h" 13 #include "utils/list.h" 14 #include "ip_addr.h" 15 #include "common/wpa_common.h" 16 #include "common/ieee802_11_defs.h" 17 #include "common/ieee802_11_common.h" 18 #include "crypto/sha256.h" 19 #include "wps/wps.h" 20 #include "fst/fst.h" 21 #include "vlan.h" 22 23 /** 24 * mesh_conf - local MBSS state and settings 25 */ 26 struct mesh_conf { 27 u8 meshid[32]; 28 u8 meshid_len; 29 /* Active Path Selection Protocol Identifier */ 30 u8 mesh_pp_id; 31 /* Active Path Selection Metric Identifier */ 32 u8 mesh_pm_id; 33 /* Congestion Control Mode Identifier */ 34 u8 mesh_cc_id; 35 /* Synchronization Protocol Identifier */ 36 u8 mesh_sp_id; 37 /* Authentication Protocol Identifier */ 38 u8 mesh_auth_id; 39 u8 *rsn_ie; 40 int rsn_ie_len; 41 #define MESH_CONF_SEC_NONE BIT(0) 42 #define MESH_CONF_SEC_AUTH BIT(1) 43 #define MESH_CONF_SEC_AMPE BIT(2) 44 unsigned int security; 45 enum mfp_options ieee80211w; 46 int ocv; 47 unsigned int pairwise_cipher; 48 unsigned int group_cipher; 49 unsigned int mgmt_group_cipher; 50 int dot11MeshMaxRetries; 51 int dot11MeshRetryTimeout; /* msec */ 52 int dot11MeshConfirmTimeout; /* msec */ 53 int dot11MeshHoldingTimeout; /* msec */ 54 }; 55 56 #define MAX_STA_COUNT 2007 57 #define MAX_VLAN_ID 4094 58 59 typedef u8 macaddr[ETH_ALEN]; 60 61 struct mac_acl_entry { 62 macaddr addr; 63 struct vlan_description vlan_id; 64 }; 65 66 struct hostapd_radius_servers; 67 struct ft_remote_r0kh; 68 struct ft_remote_r1kh; 69 70 #define NUM_WEP_KEYS 4 71 struct hostapd_wep_keys { 72 u8 idx; 73 u8 *key[NUM_WEP_KEYS]; 74 size_t len[NUM_WEP_KEYS]; 75 int keys_set; 76 size_t default_len; /* key length used for dynamic key generation */ 77 }; 78 79 typedef enum hostap_security_policy { 80 SECURITY_PLAINTEXT = 0, 81 SECURITY_STATIC_WEP = 1, 82 SECURITY_IEEE_802_1X = 2, 83 SECURITY_WPA_PSK = 3, 84 SECURITY_WPA = 4, 85 SECURITY_OSEN = 5 86 } secpolicy; 87 88 struct hostapd_ssid { 89 u8 ssid[SSID_MAX_LEN]; 90 size_t ssid_len; 91 unsigned int ssid_set:1; 92 unsigned int utf8_ssid:1; 93 unsigned int wpa_passphrase_set:1; 94 unsigned int wpa_psk_set:1; 95 96 char vlan[IFNAMSIZ + 1]; 97 secpolicy security_policy; 98 99 struct hostapd_wpa_psk *wpa_psk; 100 char *wpa_passphrase; 101 char *wpa_psk_file; 102 103 struct hostapd_wep_keys wep; 104 105 #define DYNAMIC_VLAN_DISABLED 0 106 #define DYNAMIC_VLAN_OPTIONAL 1 107 #define DYNAMIC_VLAN_REQUIRED 2 108 int dynamic_vlan; 109 #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0 110 #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1 111 #define DYNAMIC_VLAN_NAMING_END 2 112 int vlan_naming; 113 int per_sta_vif; 114 #ifdef CONFIG_FULL_DYNAMIC_VLAN 115 char *vlan_tagged_interface; 116 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 117 }; 118 119 120 #define VLAN_ID_WILDCARD -1 121 122 struct hostapd_vlan { 123 struct hostapd_vlan *next; 124 int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ 125 struct vlan_description vlan_desc; 126 char ifname[IFNAMSIZ + 1]; 127 char bridge[IFNAMSIZ + 1]; 128 int configured; 129 int dynamic_vlan; 130 #ifdef CONFIG_FULL_DYNAMIC_VLAN 131 132 #define DVLAN_CLEAN_WLAN_PORT 0x8 133 int clean; 134 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 135 }; 136 137 #define PMK_LEN 32 138 #define KEYID_LEN 32 139 #define MIN_PASSPHRASE_LEN 8 140 #define MAX_PASSPHRASE_LEN 63 141 struct hostapd_sta_wpa_psk_short { 142 struct hostapd_sta_wpa_psk_short *next; 143 unsigned int is_passphrase:1; 144 u8 psk[PMK_LEN]; 145 char passphrase[MAX_PASSPHRASE_LEN + 1]; 146 int ref; /* (number of references held) - 1 */ 147 }; 148 149 struct hostapd_wpa_psk { 150 struct hostapd_wpa_psk *next; 151 int group; 152 char keyid[KEYID_LEN]; 153 u8 psk[PMK_LEN]; 154 u8 addr[ETH_ALEN]; 155 u8 p2p_dev_addr[ETH_ALEN]; 156 int vlan_id; 157 }; 158 159 struct hostapd_eap_user { 160 struct hostapd_eap_user *next; 161 u8 *identity; 162 size_t identity_len; 163 struct { 164 int vendor; 165 u32 method; 166 } methods[EAP_MAX_METHODS]; 167 u8 *password; 168 size_t password_len; 169 u8 *salt; 170 size_t salt_len; /* non-zero when password is salted */ 171 int phase2; 172 int force_version; 173 unsigned int wildcard_prefix:1; 174 unsigned int password_hash:1; /* whether password is hashed with 175 * nt_password_hash() */ 176 unsigned int remediation:1; 177 unsigned int macacl:1; 178 int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */ 179 struct hostapd_radius_attr *accept_attr; 180 u32 t_c_timestamp; 181 }; 182 183 struct hostapd_radius_attr { 184 u8 type; 185 struct wpabuf *val; 186 struct hostapd_radius_attr *next; 187 }; 188 189 190 #define NUM_TX_QUEUES 4 191 192 struct hostapd_tx_queue_params { 193 int aifs; 194 int cwmin; 195 int cwmax; 196 int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */ 197 }; 198 199 200 #define MAX_ROAMING_CONSORTIUM_LEN 15 201 202 struct hostapd_roaming_consortium { 203 u8 len; 204 u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; 205 }; 206 207 struct hostapd_lang_string { 208 u8 lang[3]; 209 u8 name_len; 210 u8 name[252]; 211 }; 212 213 struct hostapd_venue_url { 214 u8 venue_number; 215 u8 url_len; 216 u8 url[254]; 217 }; 218 219 #define MAX_NAI_REALMS 10 220 #define MAX_NAI_REALMLEN 255 221 #define MAX_NAI_EAP_METHODS 5 222 #define MAX_NAI_AUTH_TYPES 4 223 struct hostapd_nai_realm_data { 224 u8 encoding; 225 char realm_buf[MAX_NAI_REALMLEN + 1]; 226 char *realm[MAX_NAI_REALMS]; 227 u8 eap_method_count; 228 struct hostapd_nai_realm_eap { 229 u8 eap_method; 230 u8 num_auths; 231 u8 auth_id[MAX_NAI_AUTH_TYPES]; 232 u8 auth_val[MAX_NAI_AUTH_TYPES]; 233 } eap_method[MAX_NAI_EAP_METHODS]; 234 }; 235 236 struct anqp_element { 237 struct dl_list list; 238 u16 infoid; 239 struct wpabuf *payload; 240 }; 241 242 struct fils_realm { 243 struct dl_list list; 244 u8 hash[2]; 245 char realm[]; 246 }; 247 248 struct sae_password_entry { 249 struct sae_password_entry *next; 250 char *password; 251 char *identifier; 252 u8 peer_addr[ETH_ALEN]; 253 int vlan_id; 254 }; 255 256 struct dpp_controller_conf { 257 struct dpp_controller_conf *next; 258 u8 pkhash[SHA256_MAC_LEN]; 259 struct hostapd_ip_addr ipaddr; 260 }; 261 262 struct airtime_sta_weight { 263 struct airtime_sta_weight *next; 264 unsigned int weight; 265 u8 addr[ETH_ALEN]; 266 }; 267 268 /** 269 * struct hostapd_bss_config - Per-BSS configuration 270 */ 271 struct hostapd_bss_config { 272 char iface[IFNAMSIZ + 1]; 273 char bridge[IFNAMSIZ + 1]; 274 char vlan_bridge[IFNAMSIZ + 1]; 275 char wds_bridge[IFNAMSIZ + 1]; 276 277 enum hostapd_logger_level logger_syslog_level, logger_stdout_level; 278 279 unsigned int logger_syslog; /* module bitfield */ 280 unsigned int logger_stdout; /* module bitfield */ 281 282 int max_num_sta; /* maximum number of STAs in station table */ 283 284 int dtim_period; 285 unsigned int bss_load_update_period; 286 unsigned int chan_util_avg_period; 287 288 int ieee802_1x; /* use IEEE 802.1X */ 289 int eapol_version; 290 int eap_server; /* Use internal EAP server instead of external 291 * RADIUS server */ 292 struct hostapd_eap_user *eap_user; 293 char *eap_user_sqlite; 294 char *eap_sim_db; 295 unsigned int eap_sim_db_timeout; 296 int eap_server_erp; /* Whether ERP is enabled on internal EAP server */ 297 struct hostapd_ip_addr own_ip_addr; 298 char *nas_identifier; 299 struct hostapd_radius_servers *radius; 300 int acct_interim_interval; 301 int radius_request_cui; 302 struct hostapd_radius_attr *radius_auth_req_attr; 303 struct hostapd_radius_attr *radius_acct_req_attr; 304 char *radius_req_attr_sqlite; 305 int radius_das_port; 306 unsigned int radius_das_time_window; 307 int radius_das_require_event_timestamp; 308 int radius_das_require_message_authenticator; 309 struct hostapd_ip_addr radius_das_client_addr; 310 u8 *radius_das_shared_secret; 311 size_t radius_das_shared_secret_len; 312 313 struct hostapd_ssid ssid; 314 315 char *eap_req_id_text; /* optional displayable message sent with 316 * EAP Request-Identity */ 317 size_t eap_req_id_text_len; 318 int eapol_key_index_workaround; 319 320 size_t default_wep_key_len; 321 int individual_wep_key_len; 322 int wep_rekeying_period; 323 int broadcast_key_idx_min, broadcast_key_idx_max; 324 int eap_reauth_period; 325 int erp_send_reauth_start; 326 char *erp_domain; 327 328 int ieee802_11f; /* use IEEE 802.11f (IAPP) */ 329 char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast 330 * frames */ 331 332 enum macaddr_acl { 333 ACCEPT_UNLESS_DENIED = 0, 334 DENY_UNLESS_ACCEPTED = 1, 335 USE_EXTERNAL_RADIUS_AUTH = 2 336 } macaddr_acl; 337 struct mac_acl_entry *accept_mac; 338 int num_accept_mac; 339 struct mac_acl_entry *deny_mac; 340 int num_deny_mac; 341 int wds_sta; 342 int isolate; 343 int start_disabled; 344 345 int auth_algs; /* bitfield of allowed IEEE 802.11 authentication 346 * algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */ 347 348 int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */ 349 int wpa_key_mgmt; 350 #ifdef CONFIG_IEEE80211W 351 enum mfp_options ieee80211w; 352 int group_mgmt_cipher; 353 /* dot11AssociationSAQueryMaximumTimeout (in TUs) */ 354 unsigned int assoc_sa_query_max_timeout; 355 /* dot11AssociationSAQueryRetryTimeout (in TUs) */ 356 int assoc_sa_query_retry_timeout; 357 #endif /* CONFIG_IEEE80211W */ 358 #ifdef CONFIG_OCV 359 int ocv; /* Operating Channel Validation */ 360 #endif /* CONFIG_OCV */ 361 enum { 362 PSK_RADIUS_IGNORED = 0, 363 PSK_RADIUS_ACCEPTED = 1, 364 PSK_RADIUS_REQUIRED = 2 365 } wpa_psk_radius; 366 int wpa_pairwise; 367 int group_cipher; /* wpa_group value override from configuation */ 368 int wpa_group; 369 int wpa_group_rekey; 370 int wpa_group_rekey_set; 371 int wpa_strict_rekey; 372 int wpa_gmk_rekey; 373 int wpa_ptk_rekey; 374 u32 wpa_group_update_count; 375 u32 wpa_pairwise_update_count; 376 int wpa_disable_eapol_key_retries; 377 int rsn_pairwise; 378 int rsn_preauth; 379 char *rsn_preauth_interfaces; 380 381 #ifdef CONFIG_IEEE80211R_AP 382 /* IEEE 802.11r - Fast BSS Transition */ 383 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 384 u8 r1_key_holder[FT_R1KH_ID_LEN]; 385 u32 r0_key_lifetime; /* PMK-R0 lifetime seconds */ 386 int rkh_pos_timeout; 387 int rkh_neg_timeout; 388 int rkh_pull_timeout; /* ms */ 389 int rkh_pull_retries; 390 u32 reassociation_deadline; 391 struct ft_remote_r0kh *r0kh_list; 392 struct ft_remote_r1kh *r1kh_list; 393 int pmk_r1_push; 394 int ft_over_ds; 395 int ft_psk_generate_local; 396 int r1_max_key_lifetime; 397 #endif /* CONFIG_IEEE80211R_AP */ 398 399 char *ctrl_interface; /* directory for UNIX domain sockets */ 400 #ifndef CONFIG_NATIVE_WINDOWS 401 gid_t ctrl_interface_gid; 402 #endif /* CONFIG_NATIVE_WINDOWS */ 403 int ctrl_interface_gid_set; 404 405 char *ca_cert; 406 char *server_cert; 407 char *server_cert2; 408 char *private_key; 409 char *private_key2; 410 char *private_key_passwd; 411 char *private_key_passwd2; 412 char *check_cert_subject; 413 int check_crl; 414 int check_crl_strict; 415 unsigned int crl_reload_interval; 416 unsigned int tls_session_lifetime; 417 unsigned int tls_flags; 418 char *ocsp_stapling_response; 419 char *ocsp_stapling_response_multi; 420 char *dh_file; 421 char *openssl_ciphers; 422 char *openssl_ecdh_curves; 423 u8 *pac_opaque_encr_key; 424 u8 *eap_fast_a_id; 425 size_t eap_fast_a_id_len; 426 char *eap_fast_a_id_info; 427 int eap_fast_prov; 428 int pac_key_lifetime; 429 int pac_key_refresh_time; 430 int eap_teap_auth; 431 int eap_teap_pac_no_inner; 432 int eap_sim_aka_result_ind; 433 int eap_sim_id; 434 int tnc; 435 int fragment_size; 436 u16 pwd_group; 437 438 char *radius_server_clients; 439 int radius_server_auth_port; 440 int radius_server_acct_port; 441 int radius_server_ipv6; 442 443 int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group 444 * address instead of individual address 445 * (for driver_wired.c). 446 */ 447 448 int ap_max_inactivity; 449 int ignore_broadcast_ssid; 450 int no_probe_resp_if_max_sta; 451 452 int wmm_enabled; 453 int wmm_uapsd; 454 455 struct hostapd_vlan *vlan; 456 457 macaddr bssid; 458 459 /* 460 * Maximum listen interval that STAs can use when associating with this 461 * BSS. If a STA tries to use larger value, the association will be 462 * denied with status code 51. 463 */ 464 u16 max_listen_interval; 465 466 int disable_pmksa_caching; 467 int okc; /* Opportunistic Key Caching */ 468 469 int wps_state; 470 #ifdef CONFIG_WPS 471 int wps_independent; 472 int ap_setup_locked; 473 u8 uuid[16]; 474 char *wps_pin_requests; 475 char *device_name; 476 char *manufacturer; 477 char *model_name; 478 char *model_number; 479 char *serial_number; 480 u8 device_type[WPS_DEV_TYPE_LEN]; 481 char *config_methods; 482 u8 os_version[4]; 483 char *ap_pin; 484 int skip_cred_build; 485 u8 *extra_cred; 486 size_t extra_cred_len; 487 int wps_cred_processing; 488 int wps_cred_add_sae; 489 int force_per_enrollee_psk; 490 u8 *ap_settings; 491 size_t ap_settings_len; 492 struct hostapd_ssid multi_ap_backhaul_ssid; 493 char *upnp_iface; 494 char *friendly_name; 495 char *manufacturer_url; 496 char *model_description; 497 char *model_url; 498 char *upc; 499 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; 500 int wps_nfc_pw_from_config; 501 int wps_nfc_dev_pw_id; 502 struct wpabuf *wps_nfc_dh_pubkey; 503 struct wpabuf *wps_nfc_dh_privkey; 504 struct wpabuf *wps_nfc_dev_pw; 505 #endif /* CONFIG_WPS */ 506 int pbc_in_m1; 507 char *server_id; 508 509 #define P2P_ENABLED BIT(0) 510 #define P2P_GROUP_OWNER BIT(1) 511 #define P2P_GROUP_FORMATION BIT(2) 512 #define P2P_MANAGE BIT(3) 513 #define P2P_ALLOW_CROSS_CONNECTION BIT(4) 514 int p2p; 515 #ifdef CONFIG_P2P 516 u8 ip_addr_go[4]; 517 u8 ip_addr_mask[4]; 518 u8 ip_addr_start[4]; 519 u8 ip_addr_end[4]; 520 #endif /* CONFIG_P2P */ 521 522 int disassoc_low_ack; 523 int skip_inactivity_poll; 524 525 #define TDLS_PROHIBIT BIT(0) 526 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1) 527 int tdls; 528 int disable_11n; 529 int disable_11ac; 530 531 /* IEEE 802.11v */ 532 int time_advertisement; 533 char *time_zone; 534 int wnm_sleep_mode; 535 int wnm_sleep_mode_no_keys; 536 int bss_transition; 537 538 /* IEEE 802.11u - Interworking */ 539 int interworking; 540 int access_network_type; 541 int internet; 542 int asra; 543 int esr; 544 int uesa; 545 int venue_info_set; 546 u8 venue_group; 547 u8 venue_type; 548 u8 hessid[ETH_ALEN]; 549 550 /* IEEE 802.11u - Roaming Consortium list */ 551 unsigned int roaming_consortium_count; 552 struct hostapd_roaming_consortium *roaming_consortium; 553 554 /* IEEE 802.11u - Venue Name duples */ 555 unsigned int venue_name_count; 556 struct hostapd_lang_string *venue_name; 557 558 /* Venue URL duples */ 559 unsigned int venue_url_count; 560 struct hostapd_venue_url *venue_url; 561 562 /* IEEE 802.11u - Network Authentication Type */ 563 u8 *network_auth_type; 564 size_t network_auth_type_len; 565 566 /* IEEE 802.11u - IP Address Type Availability */ 567 u8 ipaddr_type_availability; 568 u8 ipaddr_type_configured; 569 570 /* IEEE 802.11u - 3GPP Cellular Network */ 571 u8 *anqp_3gpp_cell_net; 572 size_t anqp_3gpp_cell_net_len; 573 574 /* IEEE 802.11u - Domain Name */ 575 u8 *domain_name; 576 size_t domain_name_len; 577 578 unsigned int nai_realm_count; 579 struct hostapd_nai_realm_data *nai_realm_data; 580 581 struct dl_list anqp_elem; /* list of struct anqp_element */ 582 583 u16 gas_comeback_delay; 584 size_t gas_frag_limit; 585 int gas_address3; 586 587 u8 qos_map_set[16 + 2 * 21]; 588 unsigned int qos_map_set_len; 589 590 int osen; 591 int proxy_arp; 592 int na_mcast_to_ucast; 593 594 #ifdef CONFIG_HS20 595 int hs20; 596 int hs20_release; 597 int disable_dgaf; 598 u16 anqp_domain_id; 599 unsigned int hs20_oper_friendly_name_count; 600 struct hostapd_lang_string *hs20_oper_friendly_name; 601 u8 *hs20_wan_metrics; 602 u8 *hs20_connection_capability; 603 size_t hs20_connection_capability_len; 604 u8 *hs20_operating_class; 605 u8 hs20_operating_class_len; 606 struct hs20_icon { 607 u16 width; 608 u16 height; 609 char language[3]; 610 char type[256]; 611 char name[256]; 612 char file[256]; 613 } *hs20_icons; 614 size_t hs20_icons_count; 615 u8 osu_ssid[SSID_MAX_LEN]; 616 size_t osu_ssid_len; 617 struct hs20_osu_provider { 618 unsigned int friendly_name_count; 619 struct hostapd_lang_string *friendly_name; 620 char *server_uri; 621 int *method_list; 622 char **icons; 623 size_t icons_count; 624 char *osu_nai; 625 char *osu_nai2; 626 unsigned int service_desc_count; 627 struct hostapd_lang_string *service_desc; 628 } *hs20_osu_providers, *last_osu; 629 size_t hs20_osu_providers_count; 630 size_t hs20_osu_providers_nai_count; 631 char **hs20_operator_icon; 632 size_t hs20_operator_icon_count; 633 unsigned int hs20_deauth_req_timeout; 634 char *subscr_remediation_url; 635 u8 subscr_remediation_method; 636 char *hs20_sim_provisioning_url; 637 char *t_c_filename; 638 u32 t_c_timestamp; 639 char *t_c_server_url; 640 #endif /* CONFIG_HS20 */ 641 642 u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */ 643 644 #ifdef CONFIG_RADIUS_TEST 645 char *dump_msk_file; 646 #endif /* CONFIG_RADIUS_TEST */ 647 648 struct wpabuf *vendor_elements; 649 struct wpabuf *assocresp_elements; 650 651 unsigned int sae_anti_clogging_threshold; 652 unsigned int sae_sync; 653 int sae_require_mfp; 654 int *sae_groups; 655 struct sae_password_entry *sae_passwords; 656 657 char *wowlan_triggers; /* Wake-on-WLAN triggers */ 658 659 #ifdef CONFIG_TESTING_OPTIONS 660 u8 bss_load_test[5]; 661 u8 bss_load_test_set; 662 struct wpabuf *own_ie_override; 663 int sae_reflection_attack; 664 struct wpabuf *sae_commit_override; 665 #endif /* CONFIG_TESTING_OPTIONS */ 666 667 #define MESH_ENABLED BIT(0) 668 int mesh; 669 670 u8 radio_measurements[RRM_CAPABILITIES_IE_LEN]; 671 672 int vendor_vht; 673 int use_sta_nsts; 674 675 char *no_probe_resp_if_seen_on; 676 char *no_auth_if_seen_on; 677 678 int pbss; 679 680 #ifdef CONFIG_MBO 681 int mbo_enabled; 682 /** 683 * oce - Enable OCE in AP and/or STA-CFON mode 684 * - BIT(0) is Reserved 685 * - Set BIT(1) to enable OCE in STA-CFON mode 686 * - Set BIT(2) to enable OCE in AP mode 687 */ 688 unsigned int oce; 689 int mbo_cell_data_conn_pref; 690 #endif /* CONFIG_MBO */ 691 692 int ftm_responder; 693 int ftm_initiator; 694 695 #ifdef CONFIG_FILS 696 u8 fils_cache_id[FILS_CACHE_ID_LEN]; 697 int fils_cache_id_set; 698 struct dl_list fils_realms; /* list of struct fils_realm */ 699 int fils_dh_group; 700 struct hostapd_ip_addr dhcp_server; 701 int dhcp_rapid_commit_proxy; 702 unsigned int fils_hlp_wait_time; 703 u16 dhcp_server_port; 704 u16 dhcp_relay_port; 705 #endif /* CONFIG_FILS */ 706 707 int multicast_to_unicast; 708 709 int broadcast_deauth; 710 711 #ifdef CONFIG_DPP 712 char *dpp_connector; 713 struct wpabuf *dpp_netaccesskey; 714 unsigned int dpp_netaccesskey_expiry; 715 struct wpabuf *dpp_csign; 716 #ifdef CONFIG_DPP2 717 struct dpp_controller_conf *dpp_controller; 718 #endif /* CONFIG_DPP2 */ 719 #endif /* CONFIG_DPP */ 720 721 #ifdef CONFIG_OWE 722 macaddr owe_transition_bssid; 723 u8 owe_transition_ssid[SSID_MAX_LEN]; 724 size_t owe_transition_ssid_len; 725 char owe_transition_ifname[IFNAMSIZ + 1]; 726 int *owe_groups; 727 #endif /* CONFIG_OWE */ 728 729 int coloc_intf_reporting; 730 731 u8 send_probe_response; 732 733 #define BACKHAUL_BSS 1 734 #define FRONTHAUL_BSS 2 735 int multi_ap; /* bitmap of BACKHAUL_BSS, FRONTHAUL_BSS */ 736 737 #ifdef CONFIG_AIRTIME_POLICY 738 unsigned int airtime_weight; 739 int airtime_limit; 740 struct airtime_sta_weight *airtime_weight_list; 741 #endif /* CONFIG_AIRTIME_POLICY */ 742 743 #ifdef CONFIG_MACSEC 744 /** 745 * macsec_policy - Determines the policy for MACsec secure session 746 * 747 * 0: MACsec not in use (default) 748 * 1: MACsec enabled - Should secure, accept key server's advice to 749 * determine whether to use a secure session or not. 750 */ 751 int macsec_policy; 752 753 /** 754 * macsec_integ_only - Determines how MACsec are transmitted 755 * 756 * This setting applies only when MACsec is in use, i.e., 757 * - macsec_policy is enabled 758 * - the key server has decided to enable MACsec 759 * 760 * 0: Encrypt traffic (default) 761 * 1: Integrity only 762 */ 763 int macsec_integ_only; 764 765 /** 766 * macsec_replay_protect - Enable MACsec replay protection 767 * 768 * This setting applies only when MACsec is in use, i.e., 769 * - macsec_policy is enabled 770 * - the key server has decided to enable MACsec 771 * 772 * 0: Replay protection disabled (default) 773 * 1: Replay protection enabled 774 */ 775 int macsec_replay_protect; 776 777 /** 778 * macsec_replay_window - MACsec replay protection window 779 * 780 * A window in which replay is tolerated, to allow receipt of frames 781 * that have been misordered by the network. 782 * 783 * This setting applies only when MACsec replay protection active, i.e., 784 * - macsec_replay_protect is enabled 785 * - the key server has decided to enable MACsec 786 * 787 * 0: No replay window, strict check (default) 788 * 1..2^32-1: number of packets that could be misordered 789 */ 790 u32 macsec_replay_window; 791 792 /** 793 * macsec_port - MACsec port (in SCI) 794 * 795 * Port component of the SCI. 796 * 797 * Range: 1-65534 (default: 1) 798 */ 799 int macsec_port; 800 801 /** 802 * mka_priority - Priority of MKA Actor 803 * 804 * Range: 0-255 (default: 255) 805 */ 806 int mka_priority; 807 808 /** 809 * mka_ckn - MKA pre-shared CKN 810 */ 811 #define MACSEC_CKN_MAX_LEN 32 812 size_t mka_ckn_len; 813 u8 mka_ckn[MACSEC_CKN_MAX_LEN]; 814 815 /** 816 * mka_cak - MKA pre-shared CAK 817 */ 818 #define MACSEC_CAK_MAX_LEN 32 819 size_t mka_cak_len; 820 u8 mka_cak[MACSEC_CAK_MAX_LEN]; 821 822 #define MKA_PSK_SET_CKN BIT(0) 823 #define MKA_PSK_SET_CAK BIT(1) 824 #define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK) 825 /** 826 * mka_psk_set - Whether mka_ckn and mka_cak are set 827 */ 828 u8 mka_psk_set; 829 #endif /* CONFIG_MACSEC */ 830 }; 831 832 /** 833 * struct he_phy_capabilities_info - HE PHY capabilities 834 */ 835 struct he_phy_capabilities_info { 836 Boolean he_su_beamformer; 837 Boolean he_su_beamformee; 838 Boolean he_mu_beamformer; 839 }; 840 841 /** 842 * struct he_operation - HE operation 843 */ 844 struct he_operation { 845 u8 he_bss_color; 846 u8 he_default_pe_duration; 847 u8 he_twt_required; 848 u16 he_rts_threshold; 849 u16 he_basic_mcs_nss_set; 850 }; 851 852 /** 853 * struct spatial_reuse - Spatial reuse 854 */ 855 struct spatial_reuse { 856 u8 sr_control; 857 u8 non_srg_obss_pd_max_offset; 858 u8 srg_obss_pd_min_offset; 859 u8 srg_obss_pd_max_offset; 860 u8 srg_obss_color_bitmap; 861 u8 srg_obss_color_partial_bitmap; 862 }; 863 864 /** 865 * struct hostapd_config - Per-radio interface configuration 866 */ 867 struct hostapd_config { 868 struct hostapd_bss_config **bss, *last_bss; 869 size_t num_bss; 870 871 u16 beacon_int; 872 int rts_threshold; 873 int fragm_threshold; 874 u8 channel; 875 u8 acs; 876 struct wpa_freq_range_list acs_ch_list; 877 int acs_exclude_dfs; 878 enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ 879 enum { 880 LONG_PREAMBLE = 0, 881 SHORT_PREAMBLE = 1 882 } preamble; 883 884 int *supported_rates; 885 int *basic_rates; 886 unsigned int beacon_rate; 887 enum beacon_rate_type rate_type; 888 889 const struct wpa_driver_ops *driver; 890 char *driver_params; 891 892 int ap_table_max_size; 893 int ap_table_expiration_time; 894 895 unsigned int track_sta_max_num; 896 unsigned int track_sta_max_age; 897 898 char country[3]; /* first two octets: country code as described in 899 * ISO/IEC 3166-1. Third octet: 900 * ' ' (ascii 32): all environments 901 * 'O': Outdoor environemnt only 902 * 'I': Indoor environment only 903 * 'X': Used with noncountry entity ("XXX") 904 * 0x00..0x31: identifying IEEE 802.11 standard 905 * Annex E table (0x04 = global table) 906 */ 907 908 int ieee80211d; 909 910 int ieee80211h; /* DFS */ 911 912 /* 913 * Local power constraint is an octet encoded as an unsigned integer in 914 * units of decibels. Invalid value -1 indicates that Power Constraint 915 * element will not be added. 916 */ 917 int local_pwr_constraint; 918 919 /* Control Spectrum Management bit */ 920 int spectrum_mgmt_required; 921 922 struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; 923 924 /* 925 * WMM AC parameters, in same order as 802.1D, i.e. 926 * 0 = BE (best effort) 927 * 1 = BK (background) 928 * 2 = VI (video) 929 * 3 = VO (voice) 930 */ 931 struct hostapd_wmm_ac_params wmm_ac_params[4]; 932 933 int ht_op_mode_fixed; 934 u16 ht_capab; 935 int ieee80211n; 936 int secondary_channel; 937 int no_pri_sec_switch; 938 int require_ht; 939 int obss_interval; 940 u32 vht_capab; 941 int ieee80211ac; 942 int require_vht; 943 u8 vht_oper_chwidth; 944 u8 vht_oper_centr_freq_seg0_idx; 945 u8 vht_oper_centr_freq_seg1_idx; 946 u8 ht40_plus_minus_allowed; 947 948 /* Use driver-generated interface addresses when adding multiple BSSs */ 949 u8 use_driver_iface_addr; 950 951 #ifdef CONFIG_FST 952 struct fst_iface_cfg fst_cfg; 953 #endif /* CONFIG_FST */ 954 955 #ifdef CONFIG_P2P 956 u8 p2p_go_ctwindow; 957 #endif /* CONFIG_P2P */ 958 959 #ifdef CONFIG_TESTING_OPTIONS 960 double ignore_probe_probability; 961 double ignore_auth_probability; 962 double ignore_assoc_probability; 963 double ignore_reassoc_probability; 964 double corrupt_gtk_rekey_mic_probability; 965 int ecsa_ie_only; 966 #endif /* CONFIG_TESTING_OPTIONS */ 967 968 #ifdef CONFIG_ACS 969 unsigned int acs_num_scans; 970 struct acs_bias { 971 int channel; 972 double bias; 973 } *acs_chan_bias; 974 unsigned int num_acs_chan_bias; 975 #endif /* CONFIG_ACS */ 976 977 struct wpabuf *lci; 978 struct wpabuf *civic; 979 int stationary_ap; 980 981 int ieee80211ax; 982 #ifdef CONFIG_IEEE80211AX 983 struct he_phy_capabilities_info he_phy_capab; 984 struct he_operation he_op; 985 struct ieee80211_he_mu_edca_parameter_set he_mu_edca; 986 struct spatial_reuse spr; 987 u8 he_oper_chwidth; 988 u8 he_oper_centr_freq_seg0_idx; 989 u8 he_oper_centr_freq_seg1_idx; 990 #endif /* CONFIG_IEEE80211AX */ 991 992 /* VHT enable/disable config from CHAN_SWITCH */ 993 #define CH_SWITCH_VHT_ENABLED BIT(0) 994 #define CH_SWITCH_VHT_DISABLED BIT(1) 995 unsigned int ch_switch_vht_config; 996 997 int rssi_reject_assoc_rssi; 998 int rssi_reject_assoc_timeout; 999 1000 #ifdef CONFIG_AIRTIME_POLICY 1001 enum { 1002 AIRTIME_MODE_OFF = 0, 1003 AIRTIME_MODE_STATIC = 1, 1004 AIRTIME_MODE_DYNAMIC = 2, 1005 AIRTIME_MODE_LIMIT = 3, 1006 __AIRTIME_MODE_MAX, 1007 } airtime_mode; 1008 unsigned int airtime_update_interval; 1009 #define AIRTIME_MODE_MAX (__AIRTIME_MODE_MAX - 1) 1010 #endif /* CONFIG_AIRTIME_POLICY */ 1011 }; 1012 1013 1014 static inline u8 hostapd_get_oper_chwidth(struct hostapd_config *conf) 1015 { 1016 #ifdef CONFIG_IEEE80211AX 1017 if (conf->ieee80211ax) 1018 return conf->he_oper_chwidth; 1019 #endif /* CONFIG_IEEE80211AX */ 1020 return conf->vht_oper_chwidth; 1021 } 1022 1023 static inline void 1024 hostapd_set_oper_chwidth(struct hostapd_config *conf, u8 oper_chwidth) 1025 { 1026 #ifdef CONFIG_IEEE80211AX 1027 if (conf->ieee80211ax) 1028 conf->he_oper_chwidth = oper_chwidth; 1029 #endif /* CONFIG_IEEE80211AX */ 1030 conf->vht_oper_chwidth = oper_chwidth; 1031 } 1032 1033 static inline u8 1034 hostapd_get_oper_centr_freq_seg0_idx(struct hostapd_config *conf) 1035 { 1036 #ifdef CONFIG_IEEE80211AX 1037 if (conf->ieee80211ax) 1038 return conf->he_oper_centr_freq_seg0_idx; 1039 #endif /* CONFIG_IEEE80211AX */ 1040 return conf->vht_oper_centr_freq_seg0_idx; 1041 } 1042 1043 static inline void 1044 hostapd_set_oper_centr_freq_seg0_idx(struct hostapd_config *conf, 1045 u8 oper_centr_freq_seg0_idx) 1046 { 1047 #ifdef CONFIG_IEEE80211AX 1048 if (conf->ieee80211ax) 1049 conf->he_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx; 1050 #endif /* CONFIG_IEEE80211AX */ 1051 conf->vht_oper_centr_freq_seg0_idx = oper_centr_freq_seg0_idx; 1052 } 1053 1054 static inline u8 1055 hostapd_get_oper_centr_freq_seg1_idx(struct hostapd_config *conf) 1056 { 1057 #ifdef CONFIG_IEEE80211AX 1058 if (conf->ieee80211ax) 1059 return conf->he_oper_centr_freq_seg1_idx; 1060 #endif /* CONFIG_IEEE80211AX */ 1061 return conf->vht_oper_centr_freq_seg1_idx; 1062 } 1063 1064 static inline void 1065 hostapd_set_oper_centr_freq_seg1_idx(struct hostapd_config *conf, 1066 u8 oper_centr_freq_seg1_idx) 1067 { 1068 #ifdef CONFIG_IEEE80211AX 1069 if (conf->ieee80211ax) 1070 conf->he_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx; 1071 #endif /* CONFIG_IEEE80211AX */ 1072 conf->vht_oper_centr_freq_seg1_idx = oper_centr_freq_seg1_idx; 1073 } 1074 1075 1076 int hostapd_mac_comp(const void *a, const void *b); 1077 struct hostapd_config * hostapd_config_defaults(void); 1078 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss); 1079 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr); 1080 void hostapd_config_free_eap_user(struct hostapd_eap_user *user); 1081 void hostapd_config_free_eap_users(struct hostapd_eap_user *user); 1082 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **p); 1083 void hostapd_config_free_bss(struct hostapd_bss_config *conf); 1084 void hostapd_config_free(struct hostapd_config *conf); 1085 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, 1086 const u8 *addr, struct vlan_description *vlan_id); 1087 int hostapd_rate_found(int *list, int rate); 1088 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, 1089 const u8 *addr, const u8 *p2p_dev_addr, 1090 const u8 *prev_psk, int *vlan_id); 1091 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); 1092 int hostapd_vlan_valid(struct hostapd_vlan *vlan, 1093 struct vlan_description *vlan_desc); 1094 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, 1095 int vlan_id); 1096 struct hostapd_radius_attr * 1097 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type); 1098 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value); 1099 int hostapd_config_check(struct hostapd_config *conf, int full_config); 1100 void hostapd_set_security_params(struct hostapd_bss_config *bss, 1101 int full_config); 1102 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf); 1103 1104 #endif /* HOSTAPD_CONFIG_H */ 1105