1 /* 2 * WPA Supplicant / Configuration file structures 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef CONFIG_H 10 #define CONFIG_H 11 12 #define DEFAULT_EAPOL_VERSION 1 13 #ifdef CONFIG_NO_SCAN_PROCESSING 14 #define DEFAULT_AP_SCAN 2 15 #else /* CONFIG_NO_SCAN_PROCESSING */ 16 #define DEFAULT_AP_SCAN 1 17 #endif /* CONFIG_NO_SCAN_PROCESSING */ 18 #define DEFAULT_USER_MPM 1 19 #define DEFAULT_MAX_PEER_LINKS 99 20 #define DEFAULT_MESH_MAX_INACTIVITY 300 21 #define DEFAULT_FAST_REAUTH 1 22 #define DEFAULT_P2P_GO_INTENT 7 23 #define DEFAULT_P2P_INTRA_BSS 1 24 #define DEFAULT_P2P_GO_MAX_INACTIVITY (5 * 60) 25 #define DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN 0 26 #define DEFAULT_BSS_MAX_COUNT 200 27 #define DEFAULT_BSS_EXPIRATION_AGE 180 28 #define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2 29 #define DEFAULT_MAX_NUM_STA 128 30 #define DEFAULT_ACCESS_NETWORK_TYPE 15 31 #define DEFAULT_SCAN_CUR_FREQ 0 32 #define DEFAULT_P2P_SEARCH_DELAY 500 33 #define DEFAULT_RAND_ADDR_LIFETIME 60 34 #define DEFAULT_KEY_MGMT_OFFLOAD 1 35 #define DEFAULT_CERT_IN_CB 1 36 #define DEFAULT_P2P_GO_CTWINDOW 0 37 38 #include "config_ssid.h" 39 #include "wps/wps.h" 40 #include "common/ieee802_11_common.h" 41 42 43 struct wpa_cred { 44 /** 45 * next - Next credential in the list 46 * 47 * This pointer can be used to iterate over all credentials. The head 48 * of this list is stored in the cred field of struct wpa_config. 49 */ 50 struct wpa_cred *next; 51 52 /** 53 * id - Unique id for the credential 54 * 55 * This identifier is used as a unique identifier for each credential 56 * block when using the control interface. Each credential is allocated 57 * an id when it is being created, either when reading the 58 * configuration file or when a new credential is added through the 59 * control interface. 60 */ 61 int id; 62 63 /** 64 * temporary - Whether this credential is temporary and not to be saved 65 */ 66 int temporary; 67 68 /** 69 * priority - Priority group 70 * 71 * By default, all networks and credentials get the same priority group 72 * (0). This field can be used to give higher priority for credentials 73 * (and similarly in struct wpa_ssid for network blocks) to change the 74 * Interworking automatic networking selection behavior. The matching 75 * network (based on either an enabled network block or a credential) 76 * with the highest priority value will be selected. 77 */ 78 int priority; 79 80 /** 81 * pcsc - Use PC/SC and SIM/USIM card 82 */ 83 int pcsc; 84 85 /** 86 * realm - Home Realm for Interworking 87 */ 88 char *realm; 89 90 /** 91 * username - Username for Interworking network selection 92 */ 93 char *username; 94 95 /** 96 * password - Password for Interworking network selection 97 */ 98 char *password; 99 100 /** 101 * ext_password - Whether password is a name for external storage 102 */ 103 int ext_password; 104 105 /** 106 * ca_cert - CA certificate for Interworking network selection 107 */ 108 char *ca_cert; 109 110 /** 111 * client_cert - File path to client certificate file (PEM/DER) 112 * 113 * This field is used with Interworking networking selection for a case 114 * where client certificate/private key is used for authentication 115 * (EAP-TLS). Full path to the file should be used since working 116 * directory may change when wpa_supplicant is run in the background. 117 * 118 * Alternatively, a named configuration blob can be used by setting 119 * this to blob://blob_name. 120 */ 121 char *client_cert; 122 123 /** 124 * private_key - File path to client private key file (PEM/DER/PFX) 125 * 126 * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 127 * commented out. Both the private key and certificate will be read 128 * from the PKCS#12 file in this case. Full path to the file should be 129 * used since working directory may change when wpa_supplicant is run 130 * in the background. 131 * 132 * Windows certificate store can be used by leaving client_cert out and 133 * configuring private_key in one of the following formats: 134 * 135 * cert://substring_to_match 136 * 137 * hash://certificate_thumbprint_in_hex 138 * 139 * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 140 * 141 * Note that when running wpa_supplicant as an application, the user 142 * certificate store (My user account) is used, whereas computer store 143 * (Computer account) is used when running wpasvc as a service. 144 * 145 * Alternatively, a named configuration blob can be used by setting 146 * this to blob://blob_name. 147 */ 148 char *private_key; 149 150 /** 151 * private_key_passwd - Password for private key file 152 */ 153 char *private_key_passwd; 154 155 /** 156 * imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format 157 */ 158 char *imsi; 159 160 /** 161 * milenage - Milenage parameters for SIM/USIM simulator in 162 * <Ki>:<OPc>:<SQN> format 163 */ 164 char *milenage; 165 166 /** 167 * domain_suffix_match - Constraint for server domain name 168 * 169 * If set, this FQDN is used as a suffix match requirement for the AAA 170 * server certificate in SubjectAltName dNSName element(s). If a 171 * matching dNSName is found, this constraint is met. If no dNSName 172 * values are present, this constraint is matched against SubjectName CN 173 * using same suffix match comparison. Suffix match here means that the 174 * host/domain name is compared one label at a time starting from the 175 * top-level domain and all the labels in @domain_suffix_match shall be 176 * included in the certificate. The certificate may include additional 177 * sub-level labels in addition to the required labels. 178 * 179 * For example, domain_suffix_match=example.com would match 180 * test.example.com but would not match test-example.com. 181 */ 182 char *domain_suffix_match; 183 184 /** 185 * domain - Home service provider FQDN(s) 186 * 187 * This is used to compare against the Domain Name List to figure out 188 * whether the AP is operated by the Home SP. Multiple domain entries 189 * can be used to configure alternative FQDNs that will be considered 190 * home networks. 191 */ 192 char **domain; 193 194 /** 195 * num_domain - Number of FQDNs in the domain array 196 */ 197 size_t num_domain; 198 199 /** 200 * roaming_consortium - Roaming Consortium OI 201 * 202 * If roaming_consortium_len is non-zero, this field contains the 203 * Roaming Consortium OI that can be used to determine which access 204 * points support authentication with this credential. This is an 205 * alternative to the use of the realm parameter. When using Roaming 206 * Consortium to match the network, the EAP parameters need to be 207 * pre-configured with the credential since the NAI Realm information 208 * may not be available or fetched. 209 */ 210 u8 roaming_consortium[15]; 211 212 /** 213 * roaming_consortium_len - Length of roaming_consortium 214 */ 215 size_t roaming_consortium_len; 216 217 u8 required_roaming_consortium[15]; 218 size_t required_roaming_consortium_len; 219 220 /** 221 * eap_method - EAP method to use 222 * 223 * Pre-configured EAP method to use with this credential or %NULL to 224 * indicate no EAP method is selected, i.e., the method will be 225 * selected automatically based on ANQP information. 226 */ 227 struct eap_method_type *eap_method; 228 229 /** 230 * phase1 - Phase 1 (outer authentication) parameters 231 * 232 * Pre-configured EAP parameters or %NULL. 233 */ 234 char *phase1; 235 236 /** 237 * phase2 - Phase 2 (inner authentication) parameters 238 * 239 * Pre-configured EAP parameters or %NULL. 240 */ 241 char *phase2; 242 243 struct excluded_ssid { 244 u8 ssid[MAX_SSID_LEN]; 245 size_t ssid_len; 246 } *excluded_ssid; 247 size_t num_excluded_ssid; 248 249 struct roaming_partner { 250 char fqdn[128]; 251 int exact_match; 252 u8 priority; 253 char country[3]; 254 } *roaming_partner; 255 size_t num_roaming_partner; 256 257 int update_identifier; 258 259 /** 260 * provisioning_sp - FQDN of the SP that provisioned the credential 261 */ 262 char *provisioning_sp; 263 264 /** 265 * sp_priority - Credential priority within a provisioning SP 266 * 267 * This is the priority of the credential among all credentials 268 * provisionined by the same SP (i.e., for entries that have identical 269 * provisioning_sp value). The range of this priority is 0-255 with 0 270 * being the highest and 255 the lower priority. 271 */ 272 int sp_priority; 273 274 unsigned int min_dl_bandwidth_home; 275 unsigned int min_ul_bandwidth_home; 276 unsigned int min_dl_bandwidth_roaming; 277 unsigned int min_ul_bandwidth_roaming; 278 279 /** 280 * max_bss_load - Maximum BSS Load Channel Utilization (1..255) 281 * This value is used as the maximum channel utilization for network 282 * selection purposes for home networks. If the AP does not advertise 283 * BSS Load or if the limit would prevent any connection, this 284 * constraint will be ignored. 285 */ 286 unsigned int max_bss_load; 287 288 unsigned int num_req_conn_capab; 289 u8 *req_conn_capab_proto; 290 int **req_conn_capab_port; 291 292 /** 293 * ocsp - Whether to use/require OCSP to check server certificate 294 * 295 * 0 = do not use OCSP stapling (TLS certificate status extension) 296 * 1 = try to use OCSP stapling, but not require response 297 * 2 = require valid OCSP stapling response 298 */ 299 int ocsp; 300 301 /** 302 * sim_num - User selected SIM identifier 303 * 304 * This variable is used for identifying which SIM is used if the system 305 * has more than one. 306 */ 307 int sim_num; 308 }; 309 310 311 #define CFG_CHANGED_DEVICE_NAME BIT(0) 312 #define CFG_CHANGED_CONFIG_METHODS BIT(1) 313 #define CFG_CHANGED_DEVICE_TYPE BIT(2) 314 #define CFG_CHANGED_OS_VERSION BIT(3) 315 #define CFG_CHANGED_UUID BIT(4) 316 #define CFG_CHANGED_COUNTRY BIT(5) 317 #define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6) 318 #define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7) 319 #define CFG_CHANGED_WPS_STRING BIT(8) 320 #define CFG_CHANGED_P2P_INTRA_BSS BIT(9) 321 #define CFG_CHANGED_VENDOR_EXTENSION BIT(10) 322 #define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11) 323 #define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12) 324 #define CFG_CHANGED_P2P_PREF_CHAN BIT(13) 325 #define CFG_CHANGED_EXT_PW_BACKEND BIT(14) 326 #define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15) 327 #define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16) 328 329 /** 330 * struct wpa_config - wpa_supplicant configuration data 331 * 332 * This data structure is presents the per-interface (radio) configuration 333 * data. In many cases, there is only one struct wpa_config instance, but if 334 * more than one network interface is being controlled, one instance is used 335 * for each. 336 */ 337 struct wpa_config { 338 /** 339 * ssid - Head of the global network list 340 * 341 * This is the head for the list of all the configured networks. 342 */ 343 struct wpa_ssid *ssid; 344 345 /** 346 * pssid - Per-priority network lists (in priority order) 347 */ 348 struct wpa_ssid **pssid; 349 350 /** 351 * num_prio - Number of different priorities used in the pssid lists 352 * 353 * This indicates how many per-priority network lists are included in 354 * pssid. 355 */ 356 int num_prio; 357 358 /** 359 * cred - Head of the credential list 360 * 361 * This is the head for the list of all the configured credentials. 362 */ 363 struct wpa_cred *cred; 364 365 /** 366 * eapol_version - IEEE 802.1X/EAPOL version number 367 * 368 * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which 369 * defines EAPOL version 2. However, there are many APs that do not 370 * handle the new version number correctly (they seem to drop the 371 * frames completely). In order to make wpa_supplicant interoperate 372 * with these APs, the version number is set to 1 by default. This 373 * configuration value can be used to set it to the new version (2). 374 */ 375 int eapol_version; 376 377 /** 378 * ap_scan - AP scanning/selection 379 * 380 * By default, wpa_supplicant requests driver to perform AP 381 * scanning and then uses the scan results to select a 382 * suitable AP. Another alternative is to allow the driver to 383 * take care of AP scanning and selection and use 384 * wpa_supplicant just to process EAPOL frames based on IEEE 385 * 802.11 association information from the driver. 386 * 387 * 1: wpa_supplicant initiates scanning and AP selection (default). 388 * 389 * 0: Driver takes care of scanning, AP selection, and IEEE 802.11 390 * association parameters (e.g., WPA IE generation); this mode can 391 * also be used with non-WPA drivers when using IEEE 802.1X mode; 392 * do not try to associate with APs (i.e., external program needs 393 * to control association). This mode must also be used when using 394 * wired Ethernet drivers. 395 * 396 * 2: like 0, but associate with APs using security policy and SSID 397 * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS 398 * drivers to enable operation with hidden SSIDs and optimized roaming; 399 * in this mode, the network blocks in the configuration are tried 400 * one by one until the driver reports successful association; each 401 * network block should have explicit security policy (i.e., only one 402 * option in the lists) for key_mgmt, pairwise, group, proto variables. 403 */ 404 int ap_scan; 405 406 /** 407 * bgscan - Background scan and roaming parameters or %NULL if none 408 * 409 * This is an optional set of parameters for background scanning and 410 * roaming within a network (ESS). For more detailed information see 411 * ssid block documentation. 412 * 413 * The variable defines default bgscan behavior for all BSS station 414 * networks except for those which have their own bgscan configuration. 415 */ 416 char *bgscan; 417 418 /** 419 * disable_scan_offload - Disable automatic offloading of scan requests 420 * 421 * By default, %wpa_supplicant tries to offload scanning if the driver 422 * indicates support for this (sched_scan). This configuration 423 * parameter can be used to disable this offloading mechanism. 424 */ 425 int disable_scan_offload; 426 427 /** 428 * ctrl_interface - Parameters for the control interface 429 * 430 * If this is specified, %wpa_supplicant will open a control interface 431 * that is available for external programs to manage %wpa_supplicant. 432 * The meaning of this string depends on which control interface 433 * mechanism is used. For all cases, the existence of this parameter 434 * in configuration is used to determine whether the control interface 435 * is enabled. 436 * 437 * For UNIX domain sockets (default on Linux and BSD): This is a 438 * directory that will be created for UNIX domain sockets for listening 439 * to requests from external programs (CLI/GUI, etc.) for status 440 * information and configuration. The socket file will be named based 441 * on the interface name, so multiple %wpa_supplicant processes can be 442 * run at the same time if more than one interface is used. 443 * /var/run/wpa_supplicant is the recommended directory for sockets and 444 * by default, wpa_cli will use it when trying to connect with 445 * %wpa_supplicant. 446 * 447 * Access control for the control interface can be configured 448 * by setting the directory to allow only members of a group 449 * to use sockets. This way, it is possible to run 450 * %wpa_supplicant as root (since it needs to change network 451 * configuration and open raw sockets) and still allow GUI/CLI 452 * components to be run as non-root users. However, since the 453 * control interface can be used to change the network 454 * configuration, this access needs to be protected in many 455 * cases. By default, %wpa_supplicant is configured to use gid 456 * 0 (root). If you want to allow non-root users to use the 457 * control interface, add a new group and change this value to 458 * match with that group. Add users that should have control 459 * interface access to this group. 460 * 461 * When configuring both the directory and group, use following format: 462 * DIR=/var/run/wpa_supplicant GROUP=wheel 463 * DIR=/var/run/wpa_supplicant GROUP=0 464 * (group can be either group name or gid) 465 * 466 * For UDP connections (default on Windows): The value will be ignored. 467 * This variable is just used to select that the control interface is 468 * to be created. The value can be set to, e.g., udp 469 * (ctrl_interface=udp). 470 * 471 * For Windows Named Pipe: This value can be used to set the security 472 * descriptor for controlling access to the control interface. Security 473 * descriptor can be set using Security Descriptor String Format (see 474 * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). 475 * The descriptor string needs to be prefixed with SDDL=. For example, 476 * ctrl_interface=SDDL=D: would set an empty DACL (which will reject 477 * all connections). 478 */ 479 char *ctrl_interface; 480 481 /** 482 * ctrl_interface_group - Control interface group (DEPRECATED) 483 * 484 * This variable is only used for backwards compatibility. Group for 485 * UNIX domain sockets should now be specified using GROUP=group in 486 * ctrl_interface variable. 487 */ 488 char *ctrl_interface_group; 489 490 /** 491 * fast_reauth - EAP fast re-authentication (session resumption) 492 * 493 * By default, fast re-authentication is enabled for all EAP methods 494 * that support it. This variable can be used to disable fast 495 * re-authentication (by setting fast_reauth=0). Normally, there is no 496 * need to disable fast re-authentication. 497 */ 498 int fast_reauth; 499 500 /** 501 * opensc_engine_path - Path to the OpenSSL engine for opensc 502 * 503 * This is an OpenSSL specific configuration option for loading OpenSC 504 * engine (engine_opensc.so); if %NULL, this engine is not loaded. 505 */ 506 char *opensc_engine_path; 507 508 /** 509 * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 510 * 511 * This is an OpenSSL specific configuration option for loading PKCS#11 512 * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 513 */ 514 char *pkcs11_engine_path; 515 516 /** 517 * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 518 * 519 * This is an OpenSSL specific configuration option for configuring 520 * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 521 * module is not loaded. 522 */ 523 char *pkcs11_module_path; 524 525 /** 526 * openssl_ciphers - OpenSSL cipher string 527 * 528 * This is an OpenSSL specific configuration option for configuring the 529 * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the 530 * default. 531 */ 532 char *openssl_ciphers; 533 534 /** 535 * pcsc_reader - PC/SC reader name prefix 536 * 537 * If not %NULL, PC/SC reader with a name that matches this prefix is 538 * initialized for SIM/USIM access. Empty string can be used to match 539 * the first available reader. 540 */ 541 char *pcsc_reader; 542 543 /** 544 * pcsc_pin - PIN for USIM, GSM SIM, and smartcards 545 * 546 * This field is used to configure PIN for SIM/USIM for EAP-SIM and 547 * EAP-AKA. If left out, this will be asked through control interface. 548 */ 549 char *pcsc_pin; 550 551 /** 552 * external_sim - Use external processing for SIM/USIM operations 553 */ 554 int external_sim; 555 556 /** 557 * driver_param - Driver interface parameters 558 * 559 * This text string is passed to the selected driver interface with the 560 * optional struct wpa_driver_ops::set_param() handler. This can be 561 * used to configure driver specific options without having to add new 562 * driver interface functionality. 563 */ 564 char *driver_param; 565 566 /** 567 * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK 568 * 569 * dot11 MIB variable for the maximum lifetime of a PMK in the PMK 570 * cache (unit: seconds). 571 */ 572 unsigned int dot11RSNAConfigPMKLifetime; 573 574 /** 575 * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold 576 * 577 * dot11 MIB variable for the percentage of the PMK lifetime 578 * that should expire before an IEEE 802.1X reauthentication occurs. 579 */ 580 unsigned int dot11RSNAConfigPMKReauthThreshold; 581 582 /** 583 * dot11RSNAConfigSATimeout - Security association timeout 584 * 585 * dot11 MIB variable for the maximum time a security association 586 * shall take to set up (unit: seconds). 587 */ 588 unsigned int dot11RSNAConfigSATimeout; 589 590 /** 591 * update_config - Is wpa_supplicant allowed to update configuration 592 * 593 * This variable control whether wpa_supplicant is allow to re-write 594 * its configuration with wpa_config_write(). If this is zero, 595 * configuration data is only changed in memory and the external data 596 * is not overriden. If this is non-zero, wpa_supplicant will update 597 * the configuration data (e.g., a file) whenever configuration is 598 * changed. This update may replace the old configuration which can 599 * remove comments from it in case of a text file configuration. 600 */ 601 int update_config; 602 603 /** 604 * blobs - Configuration blobs 605 */ 606 struct wpa_config_blob *blobs; 607 608 /** 609 * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS 610 */ 611 u8 uuid[16]; 612 613 /** 614 * device_name - Device Name (WPS) 615 * User-friendly description of device; up to 32 octets encoded in 616 * UTF-8 617 */ 618 char *device_name; 619 620 /** 621 * manufacturer - Manufacturer (WPS) 622 * The manufacturer of the device (up to 64 ASCII characters) 623 */ 624 char *manufacturer; 625 626 /** 627 * model_name - Model Name (WPS) 628 * Model of the device (up to 32 ASCII characters) 629 */ 630 char *model_name; 631 632 /** 633 * model_number - Model Number (WPS) 634 * Additional device description (up to 32 ASCII characters) 635 */ 636 char *model_number; 637 638 /** 639 * serial_number - Serial Number (WPS) 640 * Serial number of the device (up to 32 characters) 641 */ 642 char *serial_number; 643 644 /** 645 * device_type - Primary Device Type (WPS) 646 */ 647 u8 device_type[WPS_DEV_TYPE_LEN]; 648 649 /** 650 * config_methods - Config Methods 651 * 652 * This is a space-separated list of supported WPS configuration 653 * methods. For example, "label virtual_display virtual_push_button 654 * keypad". 655 * Available methods: usba ethernet label display ext_nfc_token 656 * int_nfc_token nfc_interface push_button keypad 657 * virtual_display physical_display 658 * virtual_push_button physical_push_button. 659 */ 660 char *config_methods; 661 662 /** 663 * os_version - OS Version (WPS) 664 * 4-octet operating system version number 665 */ 666 u8 os_version[4]; 667 668 /** 669 * country - Country code 670 * 671 * This is the ISO/IEC alpha2 country code for which we are operating 672 * in 673 */ 674 char country[2]; 675 676 /** 677 * wps_cred_processing - Credential processing 678 * 679 * 0 = process received credentials internally 680 * 1 = do not process received credentials; just pass them over 681 * ctrl_iface to external program(s) 682 * 2 = process received credentials internally and pass them over 683 * ctrl_iface to external program(s) 684 */ 685 int wps_cred_processing; 686 687 #define MAX_SEC_DEVICE_TYPES 5 688 /** 689 * sec_device_types - Secondary Device Types (P2P) 690 */ 691 u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN]; 692 int num_sec_device_types; 693 694 int p2p_listen_reg_class; 695 int p2p_listen_channel; 696 int p2p_oper_reg_class; 697 int p2p_oper_channel; 698 int p2p_go_intent; 699 char *p2p_ssid_postfix; 700 int persistent_reconnect; 701 int p2p_intra_bss; 702 unsigned int num_p2p_pref_chan; 703 struct p2p_channel *p2p_pref_chan; 704 struct wpa_freq_range_list p2p_no_go_freq; 705 int p2p_add_cli_chan; 706 int p2p_ignore_shared_freq; 707 int p2p_optimize_listen_chan; 708 709 struct wpabuf *wps_vendor_ext_m1; 710 711 #define MAX_WPS_VENDOR_EXT 10 712 /** 713 * wps_vendor_ext - Vendor extension attributes in WPS 714 */ 715 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT]; 716 717 /** 718 * p2p_group_idle - Maximum idle time in seconds for P2P group 719 * 720 * This value controls how long a P2P group is maintained after there 721 * is no other members in the group. As a GO, this means no associated 722 * stations in the group. As a P2P client, this means no GO seen in 723 * scan results. The maximum idle time is specified in seconds with 0 724 * indicating no time limit, i.e., the P2P group remains in active 725 * state indefinitely until explicitly removed. As a P2P client, the 726 * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e., 727 * this parameter is mainly meant for GO use and for P2P client, it can 728 * only be used to reduce the default timeout to smaller value. A 729 * special value -1 can be used to configure immediate removal of the 730 * group for P2P client role on any disconnection after the data 731 * connection has been established. 732 */ 733 int p2p_group_idle; 734 735 /** 736 * p2p_passphrase_len - Passphrase length (8..63) for P2P GO 737 * 738 * This parameter controls the length of the random passphrase that is 739 * generated at the GO. 740 */ 741 unsigned int p2p_passphrase_len; 742 743 /** 744 * bss_max_count - Maximum number of BSS entries to keep in memory 745 */ 746 unsigned int bss_max_count; 747 748 /** 749 * bss_expiration_age - BSS entry age after which it can be expired 750 * 751 * This value controls the time in seconds after which a BSS entry 752 * gets removed if it has not been updated or is not in use. 753 */ 754 unsigned int bss_expiration_age; 755 756 /** 757 * bss_expiration_scan_count - Expire BSS after number of scans 758 * 759 * If the BSS entry has not been seen in this many scans, it will be 760 * removed. A value of 1 means that entry is removed after the first 761 * scan in which the BSSID is not seen. Larger values can be used 762 * to avoid BSS entries disappearing if they are not visible in 763 * every scan (e.g., low signal quality or interference). 764 */ 765 unsigned int bss_expiration_scan_count; 766 767 /** 768 * filter_ssids - SSID-based scan result filtering 769 * 770 * 0 = do not filter scan results 771 * 1 = only include configured SSIDs in scan results/BSS table 772 */ 773 int filter_ssids; 774 775 /** 776 * filter_rssi - RSSI-based scan result filtering 777 * 778 * 0 = do not filter scan results 779 * -n = filter scan results below -n dBm 780 */ 781 int filter_rssi; 782 783 /** 784 * max_num_sta - Maximum number of STAs in an AP/P2P GO 785 */ 786 unsigned int max_num_sta; 787 788 /** 789 * freq_list - Array of allowed scan frequencies or %NULL for all 790 * 791 * This is an optional zero-terminated array of frequencies in 792 * megahertz (MHz) to allow for narrowing scanning range. 793 */ 794 int *freq_list; 795 796 /** 797 * scan_cur_freq - Whether to scan only the current channel 798 * 799 * If true, attempt to scan only the current channel if any other 800 * VIFs on this radio are already associated on a particular channel. 801 */ 802 int scan_cur_freq; 803 804 /** 805 * changed_parameters - Bitmap of changed parameters since last update 806 */ 807 unsigned int changed_parameters; 808 809 /** 810 * disassoc_low_ack - Disassocicate stations with massive packet loss 811 */ 812 int disassoc_low_ack; 813 814 /** 815 * interworking - Whether Interworking (IEEE 802.11u) is enabled 816 */ 817 int interworking; 818 819 /** 820 * access_network_type - Access Network Type 821 * 822 * When Interworking is enabled, scans will be limited to APs that 823 * advertise the specified Access Network Type (0..15; with 15 824 * indicating wildcard match). 825 */ 826 int access_network_type; 827 828 /** 829 * hessid - Homogenous ESS identifier 830 * 831 * If this is set (any octet is non-zero), scans will be used to 832 * request response only from BSSes belonging to the specified 833 * Homogeneous ESS. This is used only if interworking is enabled. 834 */ 835 u8 hessid[ETH_ALEN]; 836 837 /** 838 * hs20 - Hotspot 2.0 839 */ 840 int hs20; 841 842 /** 843 * pbc_in_m1 - AP mode WPS probing workaround for PBC with Windows 7 844 * 845 * Windows 7 uses incorrect way of figuring out AP's WPS capabilities 846 * by acting as a Registrar and using M1 from the AP. The config 847 * methods attribute in that message is supposed to indicate only the 848 * configuration method supported by the AP in Enrollee role, i.e., to 849 * add an external Registrar. For that case, PBC shall not be used and 850 * as such, the PushButton config method is removed from M1 by default. 851 * If pbc_in_m1=1 is included in the configuration file, the PushButton 852 * config method is left in M1 (if included in config_methods 853 * parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from 854 * a label in the AP). 855 */ 856 int pbc_in_m1; 857 858 /** 859 * autoscan - Automatic scan parameters or %NULL if none 860 * 861 * This is an optional set of parameters for automatic scanning 862 * within an interface in following format: 863 * <autoscan module name>:<module parameters> 864 */ 865 char *autoscan; 866 867 /** 868 * wps_nfc_pw_from_config - NFC Device Password was read from config 869 * 870 * This parameter can be determined whether the NFC Device Password was 871 * included in the configuration (1) or generated dynamically (0). Only 872 * the former case is re-written back to the configuration file. 873 */ 874 int wps_nfc_pw_from_config; 875 876 /** 877 * wps_nfc_dev_pw_id - NFC Device Password ID for password token 878 */ 879 int wps_nfc_dev_pw_id; 880 881 /** 882 * wps_nfc_dh_pubkey - NFC DH Public Key for password token 883 */ 884 struct wpabuf *wps_nfc_dh_pubkey; 885 886 /** 887 * wps_nfc_dh_privkey - NFC DH Private Key for password token 888 */ 889 struct wpabuf *wps_nfc_dh_privkey; 890 891 /** 892 * wps_nfc_dev_pw - NFC Device Password for password token 893 */ 894 struct wpabuf *wps_nfc_dev_pw; 895 896 /** 897 * ext_password_backend - External password backend or %NULL if none 898 * 899 * format: <backend name>[:<optional backend parameters>] 900 */ 901 char *ext_password_backend; 902 903 /* 904 * p2p_go_max_inactivity - Timeout in seconds to detect STA inactivity 905 * 906 * This timeout value is used in P2P GO mode to clean up 907 * inactive stations. 908 * By default: 300 seconds. 909 */ 910 int p2p_go_max_inactivity; 911 912 struct hostapd_wmm_ac_params wmm_ac_params[4]; 913 914 /** 915 * auto_interworking - Whether to use network selection automatically 916 * 917 * 0 = do not automatically go through Interworking network selection 918 * (i.e., require explicit interworking_select command for this) 919 * 1 = perform Interworking network selection if one or more 920 * credentials have been configured and scan did not find a 921 * matching network block 922 */ 923 int auto_interworking; 924 925 /** 926 * p2p_go_ht40 - Default mode for HT40 enable when operating as GO. 927 * 928 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. 929 * Note that regulatory constraints and driver capabilities are 930 * consulted anyway, so setting it to 1 can't do real harm. 931 * By default: 0 (disabled) 932 */ 933 int p2p_go_ht40; 934 935 /** 936 * p2p_go_vht - Default mode for VHT enable when operating as GO 937 * 938 * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. 939 * Note that regulatory constraints and driver capabilities are 940 * consulted anyway, so setting it to 1 can't do real harm. 941 * By default: 0 (disabled) 942 */ 943 int p2p_go_vht; 944 945 /** 946 * p2p_go_ctwindow - CTWindow to use when operating as GO 947 * 948 * By default: 0 (no CTWindow). Values 0-127 can be used to indicate 949 * the length of the CTWindow in TUs. 950 */ 951 int p2p_go_ctwindow; 952 953 /** 954 * p2p_disabled - Whether P2P operations are disabled for this interface 955 */ 956 int p2p_disabled; 957 958 /** 959 * p2p_no_group_iface - Whether group interfaces can be used 960 * 961 * By default, wpa_supplicant will create a separate interface for P2P 962 * group operations if the driver supports this. This functionality can 963 * be disabled by setting this parameter to 1. In that case, the same 964 * interface that was used for the P2P management operations is used 965 * also for the group operation. 966 */ 967 int p2p_no_group_iface; 968 969 /** 970 * okc - Whether to enable opportunistic key caching by default 971 * 972 * By default, OKC is disabled unless enabled by the per-network 973 * proactive_key_caching=1 parameter. okc=1 can be used to change this 974 * default behavior. 975 */ 976 int okc; 977 978 /** 979 * pmf - Whether to enable/require PMF by default 980 * 981 * By default, PMF is disabled unless enabled by the per-network 982 * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change 983 * this default behavior. 984 */ 985 enum mfp_options pmf; 986 987 /** 988 * sae_groups - Preference list of enabled groups for SAE 989 * 990 * By default (if this parameter is not set), the mandatory group 19 991 * (ECC group defined over a 256-bit prime order field) is preferred, 992 * but other groups are also enabled. If this parameter is set, the 993 * groups will be tried in the indicated order. 994 */ 995 int *sae_groups; 996 997 /** 998 * dtim_period - Default DTIM period in Beacon intervals 999 * 1000 * This parameter can be used to set the default value for network 1001 * blocks that do not specify dtim_period. 1002 */ 1003 int dtim_period; 1004 1005 /** 1006 * beacon_int - Default Beacon interval in TU 1007 * 1008 * This parameter can be used to set the default value for network 1009 * blocks that do not specify beacon_int. 1010 */ 1011 int beacon_int; 1012 1013 /** 1014 * ap_vendor_elements: Vendor specific elements for Beacon/ProbeResp 1015 * 1016 * This parameter can be used to define additional vendor specific 1017 * elements for Beacon and Probe Response frames in AP/P2P GO mode. The 1018 * format for these element(s) is a hexdump of the raw information 1019 * elements (id+len+payload for one or more elements). 1020 */ 1021 struct wpabuf *ap_vendor_elements; 1022 1023 /** 1024 * ignore_old_scan_res - Ignore scan results older than request 1025 * 1026 * The driver may have a cache of scan results that makes it return 1027 * information that is older than our scan trigger. This parameter can 1028 * be used to configure such old information to be ignored instead of 1029 * allowing it to update the internal BSS table. 1030 */ 1031 int ignore_old_scan_res; 1032 1033 /** 1034 * sched_scan_interval - schedule scan interval 1035 */ 1036 unsigned int sched_scan_interval; 1037 1038 /** 1039 * tdls_external_control - External control for TDLS setup requests 1040 * 1041 * Enable TDLS mode where external programs are given the control 1042 * to specify the TDLS link to get established to the driver. The 1043 * driver requests the TDLS setup to the supplicant only for the 1044 * specified TDLS peers. 1045 */ 1046 int tdls_external_control; 1047 1048 u8 ip_addr_go[4]; 1049 u8 ip_addr_mask[4]; 1050 u8 ip_addr_start[4]; 1051 u8 ip_addr_end[4]; 1052 1053 /** 1054 * osu_dir - OSU provider information directory 1055 * 1056 * If set, allow FETCH_OSU control interface command to be used to fetch 1057 * OSU provider information into all APs and store the results in this 1058 * directory. 1059 */ 1060 char *osu_dir; 1061 1062 /** 1063 * wowlan_triggers - Wake-on-WLAN triggers 1064 * 1065 * If set, these wowlan triggers will be configured. 1066 */ 1067 char *wowlan_triggers; 1068 1069 /** 1070 * p2p_search_delay - Extra delay between concurrent search iterations 1071 * 1072 * Add extra delay (in milliseconds) between search iterations when 1073 * there is a concurrent operation to make p2p_find friendlier to 1074 * concurrent operations by avoiding it from taking 100% of radio 1075 * resources. 1076 */ 1077 unsigned int p2p_search_delay; 1078 1079 /** 1080 * mac_addr - MAC address policy default 1081 * 1082 * 0 = use permanent MAC address 1083 * 1 = use random MAC address for each ESS connection 1084 * 2 = like 1, but maintain OUI (with local admin bit set) 1085 * 1086 * By default, permanent MAC address is used unless policy is changed by 1087 * the per-network mac_addr parameter. Global mac_addr=1 can be used to 1088 * change this default behavior. 1089 */ 1090 int mac_addr; 1091 1092 /** 1093 * rand_addr_lifetime - Lifetime of random MAC address in seconds 1094 */ 1095 unsigned int rand_addr_lifetime; 1096 1097 /** 1098 * preassoc_mac_addr - Pre-association MAC address policy 1099 * 1100 * 0 = use permanent MAC address 1101 * 1 = use random MAC address 1102 * 2 = like 1, but maintain OUI (with local admin bit set) 1103 */ 1104 int preassoc_mac_addr; 1105 1106 /** 1107 * key_mgmt_offload - Use key management offload 1108 * 1109 * Key management offload should be used if the device supports it. 1110 * Key management offload is the capability of a device operating as 1111 * a station to do the exchange necessary to establish temporal keys 1112 * during initial RSN connection, after roaming, or during a PTK 1113 * rekeying operation. 1114 */ 1115 int key_mgmt_offload; 1116 1117 /** 1118 * user_mpm - MPM residency 1119 * 1120 * 0: MPM lives in driver. 1121 * 1: wpa_supplicant handles peering and station allocation. 1122 * 1123 * If AMPE or SAE is enabled, the MPM is always in userspace. 1124 */ 1125 int user_mpm; 1126 1127 /** 1128 * max_peer_links - Maximum number of peer links 1129 * 1130 * Maximum number of mesh peering currently maintained by the STA. 1131 */ 1132 int max_peer_links; 1133 1134 /** 1135 * cert_in_cb - Whether to include a peer certificate dump in events 1136 * 1137 * This controls whether peer certificates for authentication server and 1138 * its certificate chain are included in EAP peer certificate events. 1139 */ 1140 int cert_in_cb; 1141 1142 /** 1143 * mesh_max_inactivity - Timeout in seconds to detect STA inactivity 1144 * 1145 * This timeout value is used in mesh STA to clean up inactive stations. 1146 * By default: 300 seconds. 1147 */ 1148 int mesh_max_inactivity; 1149 1150 /** 1151 * passive_scan - Whether to force passive scan for network connection 1152 * 1153 * This parameter can be used to force only passive scanning to be used 1154 * for network connection cases. It should be noted that this will slow 1155 * down scan operations and reduce likelihood of finding the AP. In 1156 * addition, some use cases will override this due to functional 1157 * requirements, e.g., for finding an AP that uses hidden SSID 1158 * (scan_ssid=1) or P2P device discovery. 1159 */ 1160 int passive_scan; 1161 1162 /** 1163 * reassoc_same_bss_optim - Whether to optimize reassoc-to-same-BSS 1164 */ 1165 int reassoc_same_bss_optim; 1166 }; 1167 1168 1169 /* Prototypes for common functions from config.c */ 1170 1171 void wpa_config_free(struct wpa_config *ssid); 1172 void wpa_config_free_ssid(struct wpa_ssid *ssid); 1173 void wpa_config_foreach_network(struct wpa_config *config, 1174 void (*func)(void *, struct wpa_ssid *), 1175 void *arg); 1176 struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); 1177 struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); 1178 int wpa_config_remove_network(struct wpa_config *config, int id); 1179 void wpa_config_set_network_defaults(struct wpa_ssid *ssid); 1180 int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, 1181 int line); 1182 int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var, 1183 const char *value); 1184 int wpa_config_dump_values(struct wpa_config *config, char *buf, 1185 size_t buflen); 1186 int wpa_config_get_value(const char *name, struct wpa_config *config, 1187 char *buf, size_t buflen); 1188 1189 char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys); 1190 char * wpa_config_get(struct wpa_ssid *ssid, const char *var); 1191 char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var); 1192 void wpa_config_update_psk(struct wpa_ssid *ssid); 1193 int wpa_config_add_prio_network(struct wpa_config *config, 1194 struct wpa_ssid *ssid); 1195 int wpa_config_update_prio_list(struct wpa_config *config); 1196 const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config, 1197 const char *name); 1198 void wpa_config_set_blob(struct wpa_config *config, 1199 struct wpa_config_blob *blob); 1200 void wpa_config_free_blob(struct wpa_config_blob *blob); 1201 int wpa_config_remove_blob(struct wpa_config *config, const char *name); 1202 void wpa_config_flush_blobs(struct wpa_config *config); 1203 1204 struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id); 1205 struct wpa_cred * wpa_config_add_cred(struct wpa_config *config); 1206 int wpa_config_remove_cred(struct wpa_config *config, int id); 1207 void wpa_config_free_cred(struct wpa_cred *cred); 1208 int wpa_config_set_cred(struct wpa_cred *cred, const char *var, 1209 const char *value, int line); 1210 char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var); 1211 1212 struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, 1213 const char *driver_param); 1214 #ifndef CONFIG_NO_STDOUT_DEBUG 1215 void wpa_config_debug_dump_networks(struct wpa_config *config); 1216 #else /* CONFIG_NO_STDOUT_DEBUG */ 1217 #define wpa_config_debug_dump_networks(c) do { } while (0) 1218 #endif /* CONFIG_NO_STDOUT_DEBUG */ 1219 1220 1221 /* Prototypes for common functions from config.c */ 1222 int wpa_config_process_global(struct wpa_config *config, char *pos, int line); 1223 1224 1225 /* Prototypes for backend specific functions from the selected config_*.c */ 1226 1227 /** 1228 * wpa_config_read - Read and parse configuration database 1229 * @name: Name of the configuration (e.g., path and file name for the 1230 * configuration file) 1231 * @cfgp: Pointer to previously allocated configuration data or %NULL if none 1232 * Returns: Pointer to allocated configuration data or %NULL on failure 1233 * 1234 * This function reads configuration data, parses its contents, and allocates 1235 * data structures needed for storing configuration information. The allocated 1236 * data can be freed with wpa_config_free(). 1237 * 1238 * Each configuration backend needs to implement this function. 1239 */ 1240 struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp); 1241 1242 /** 1243 * wpa_config_write - Write or update configuration data 1244 * @name: Name of the configuration (e.g., path and file name for the 1245 * configuration file) 1246 * @config: Configuration data from wpa_config_read() 1247 * Returns: 0 on success, -1 on failure 1248 * 1249 * This function write all configuration data into an external database (e.g., 1250 * a text file) in a format that can be read with wpa_config_read(). This can 1251 * be used to allow wpa_supplicant to update its configuration, e.g., when a 1252 * new network is added or a password is changed. 1253 * 1254 * Each configuration backend needs to implement this function. 1255 */ 1256 int wpa_config_write(const char *name, struct wpa_config *config); 1257 1258 #endif /* CONFIG_H */ 1259