16d49e1aeSJan Lentfer /* 26d49e1aeSJan Lentfer * WPA Supplicant / Network configuration structures 33ff40c12SJohn Marino * Copyright (c) 2003-2013, Jouni Malinen <j@w1.fi> 46d49e1aeSJan Lentfer * 53ff40c12SJohn Marino * This software may be distributed under the terms of the BSD license. 63ff40c12SJohn Marino * See README for more details. 76d49e1aeSJan Lentfer */ 86d49e1aeSJan Lentfer 96d49e1aeSJan Lentfer #ifndef CONFIG_SSID_H 106d49e1aeSJan Lentfer #define CONFIG_SSID_H 116d49e1aeSJan Lentfer 123ff40c12SJohn Marino #include "common/defs.h" 133ff40c12SJohn Marino #include "utils/list.h" 146d49e1aeSJan Lentfer #include "eap_peer/eap_config.h" 156d49e1aeSJan Lentfer 166d49e1aeSJan Lentfer 176d49e1aeSJan Lentfer #define DEFAULT_EAP_WORKAROUND ((unsigned int) -1) 186d49e1aeSJan Lentfer #define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \ 196d49e1aeSJan Lentfer EAPOL_FLAG_REQUIRE_KEY_BROADCAST) 206d49e1aeSJan Lentfer #define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN) 216d49e1aeSJan Lentfer #define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X) 226d49e1aeSJan Lentfer #define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) 23*a1157835SDaniel Fojt #define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) 246d49e1aeSJan Lentfer #define DEFAULT_FRAGMENT_SIZE 1398 256d49e1aeSJan Lentfer 263ff40c12SJohn Marino #define DEFAULT_BG_SCAN_PERIOD -1 27*a1157835SDaniel Fojt #define DEFAULT_MESH_MAX_RETRIES 2 28*a1157835SDaniel Fojt #define DEFAULT_MESH_RETRY_TIMEOUT 40 29*a1157835SDaniel Fojt #define DEFAULT_MESH_CONFIRM_TIMEOUT 40 30*a1157835SDaniel Fojt #define DEFAULT_MESH_HOLDING_TIMEOUT 40 31*a1157835SDaniel Fojt #define DEFAULT_MESH_RSSI_THRESHOLD 1 /* no change */ 323ff40c12SJohn Marino #define DEFAULT_DISABLE_HT 0 333ff40c12SJohn Marino #define DEFAULT_DISABLE_HT40 0 343ff40c12SJohn Marino #define DEFAULT_DISABLE_SGI 0 35*a1157835SDaniel Fojt #define DEFAULT_DISABLE_LDPC 0 36*a1157835SDaniel Fojt #define DEFAULT_TX_STBC -1 /* no change */ 37*a1157835SDaniel Fojt #define DEFAULT_RX_STBC -1 /* no change */ 383ff40c12SJohn Marino #define DEFAULT_DISABLE_MAX_AMSDU -1 /* no change */ 393ff40c12SJohn Marino #define DEFAULT_AMPDU_FACTOR -1 /* no change */ 403ff40c12SJohn Marino #define DEFAULT_AMPDU_DENSITY -1 /* no change */ 41*a1157835SDaniel Fojt #define DEFAULT_USER_SELECTED_SIM 1 42*a1157835SDaniel Fojt #define DEFAULT_MAX_OPER_CHWIDTH -1 433ff40c12SJohn Marino 443ff40c12SJohn Marino struct psk_list_entry { 453ff40c12SJohn Marino struct dl_list list; 463ff40c12SJohn Marino u8 addr[ETH_ALEN]; 473ff40c12SJohn Marino u8 psk[32]; 483ff40c12SJohn Marino u8 p2p; 493ff40c12SJohn Marino }; 503ff40c12SJohn Marino 51*a1157835SDaniel Fojt enum wpas_mode { 52*a1157835SDaniel Fojt WPAS_MODE_INFRA = 0, 53*a1157835SDaniel Fojt WPAS_MODE_IBSS = 1, 54*a1157835SDaniel Fojt WPAS_MODE_AP = 2, 55*a1157835SDaniel Fojt WPAS_MODE_P2P_GO = 3, 56*a1157835SDaniel Fojt WPAS_MODE_P2P_GROUP_FORMATION = 4, 57*a1157835SDaniel Fojt WPAS_MODE_MESH = 5, 58*a1157835SDaniel Fojt }; 59*a1157835SDaniel Fojt 606d49e1aeSJan Lentfer /** 616d49e1aeSJan Lentfer * struct wpa_ssid - Network configuration data 626d49e1aeSJan Lentfer * 636d49e1aeSJan Lentfer * This structure includes all the configuration variables for a network. This 646d49e1aeSJan Lentfer * data is included in the per-interface configuration data as an element of 656d49e1aeSJan Lentfer * the network list, struct wpa_config::ssid. Each network block in the 666d49e1aeSJan Lentfer * configuration is mapped to a struct wpa_ssid instance. 676d49e1aeSJan Lentfer */ 686d49e1aeSJan Lentfer struct wpa_ssid { 696d49e1aeSJan Lentfer /** 706d49e1aeSJan Lentfer * next - Next network in global list 716d49e1aeSJan Lentfer * 726d49e1aeSJan Lentfer * This pointer can be used to iterate over all networks. The head of 736d49e1aeSJan Lentfer * this list is stored in the ssid field of struct wpa_config. 746d49e1aeSJan Lentfer */ 756d49e1aeSJan Lentfer struct wpa_ssid *next; 766d49e1aeSJan Lentfer 776d49e1aeSJan Lentfer /** 786d49e1aeSJan Lentfer * pnext - Next network in per-priority list 796d49e1aeSJan Lentfer * 806d49e1aeSJan Lentfer * This pointer can be used to iterate over all networks in the same 816d49e1aeSJan Lentfer * priority class. The heads of these list are stored in the pssid 826d49e1aeSJan Lentfer * fields of struct wpa_config. 836d49e1aeSJan Lentfer */ 846d49e1aeSJan Lentfer struct wpa_ssid *pnext; 856d49e1aeSJan Lentfer 866d49e1aeSJan Lentfer /** 876d49e1aeSJan Lentfer * id - Unique id for the network 886d49e1aeSJan Lentfer * 896d49e1aeSJan Lentfer * This identifier is used as a unique identifier for each network 906d49e1aeSJan Lentfer * block when using the control interface. Each network is allocated an 916d49e1aeSJan Lentfer * id when it is being created, either when reading the configuration 926d49e1aeSJan Lentfer * file or when a new network is added through the control interface. 936d49e1aeSJan Lentfer */ 946d49e1aeSJan Lentfer int id; 956d49e1aeSJan Lentfer 966d49e1aeSJan Lentfer /** 976d49e1aeSJan Lentfer * priority - Priority group 986d49e1aeSJan Lentfer * 996d49e1aeSJan Lentfer * By default, all networks will get same priority group (0). If some 1006d49e1aeSJan Lentfer * of the networks are more desirable, this field can be used to change 1016d49e1aeSJan Lentfer * the order in which wpa_supplicant goes through the networks when 1026d49e1aeSJan Lentfer * selecting a BSS. The priority groups will be iterated in decreasing 1036d49e1aeSJan Lentfer * priority (i.e., the larger the priority value, the sooner the 1046d49e1aeSJan Lentfer * network is matched against the scan results). Within each priority 1056d49e1aeSJan Lentfer * group, networks will be selected based on security policy, signal 1066d49e1aeSJan Lentfer * strength, etc. 1076d49e1aeSJan Lentfer * 1086d49e1aeSJan Lentfer * Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are 1096d49e1aeSJan Lentfer * not using this priority to select the order for scanning. Instead, 1106d49e1aeSJan Lentfer * they try the networks in the order that used in the configuration 1116d49e1aeSJan Lentfer * file. 1126d49e1aeSJan Lentfer */ 1136d49e1aeSJan Lentfer int priority; 1146d49e1aeSJan Lentfer 1156d49e1aeSJan Lentfer /** 1166d49e1aeSJan Lentfer * ssid - Service set identifier (network name) 1176d49e1aeSJan Lentfer * 1186d49e1aeSJan Lentfer * This is the SSID for the network. For wireless interfaces, this is 1196d49e1aeSJan Lentfer * used to select which network will be used. If set to %NULL (or 1206d49e1aeSJan Lentfer * ssid_len=0), any SSID can be used. For wired interfaces, this must 1216d49e1aeSJan Lentfer * be set to %NULL. Note: SSID may contain any characters, even nul 1226d49e1aeSJan Lentfer * (ASCII 0) and as such, this should not be assumed to be a nul 1236d49e1aeSJan Lentfer * terminated string. ssid_len defines how many characters are valid 1246d49e1aeSJan Lentfer * and the ssid field is not guaranteed to be nul terminated. 1256d49e1aeSJan Lentfer */ 1266d49e1aeSJan Lentfer u8 *ssid; 1276d49e1aeSJan Lentfer 1286d49e1aeSJan Lentfer /** 1296d49e1aeSJan Lentfer * ssid_len - Length of the SSID 1306d49e1aeSJan Lentfer */ 1316d49e1aeSJan Lentfer size_t ssid_len; 1326d49e1aeSJan Lentfer 1336d49e1aeSJan Lentfer /** 1346d49e1aeSJan Lentfer * bssid - BSSID 1356d49e1aeSJan Lentfer * 1366d49e1aeSJan Lentfer * If set, this network block is used only when associating with the AP 1376d49e1aeSJan Lentfer * using the configured BSSID 1383ff40c12SJohn Marino * 1393ff40c12SJohn Marino * If this is a persistent P2P group (disabled == 2), this is the GO 1403ff40c12SJohn Marino * Device Address. 1416d49e1aeSJan Lentfer */ 1426d49e1aeSJan Lentfer u8 bssid[ETH_ALEN]; 1436d49e1aeSJan Lentfer 1446d49e1aeSJan Lentfer /** 145*a1157835SDaniel Fojt * bssid_blacklist - List of inacceptable BSSIDs 146*a1157835SDaniel Fojt */ 147*a1157835SDaniel Fojt u8 *bssid_blacklist; 148*a1157835SDaniel Fojt size_t num_bssid_blacklist; 149*a1157835SDaniel Fojt 150*a1157835SDaniel Fojt /** 151*a1157835SDaniel Fojt * bssid_blacklist - List of acceptable BSSIDs 152*a1157835SDaniel Fojt */ 153*a1157835SDaniel Fojt u8 *bssid_whitelist; 154*a1157835SDaniel Fojt size_t num_bssid_whitelist; 155*a1157835SDaniel Fojt 156*a1157835SDaniel Fojt /** 1576d49e1aeSJan Lentfer * bssid_set - Whether BSSID is configured for this network 1586d49e1aeSJan Lentfer */ 1596d49e1aeSJan Lentfer int bssid_set; 1606d49e1aeSJan Lentfer 1616d49e1aeSJan Lentfer /** 162*a1157835SDaniel Fojt * bssid_hint - BSSID hint 163*a1157835SDaniel Fojt * 164*a1157835SDaniel Fojt * If set, this is configured to the driver as a preferred initial BSSID 165*a1157835SDaniel Fojt * while connecting to this network. 166*a1157835SDaniel Fojt */ 167*a1157835SDaniel Fojt u8 bssid_hint[ETH_ALEN]; 168*a1157835SDaniel Fojt 169*a1157835SDaniel Fojt /** 170*a1157835SDaniel Fojt * bssid_hint_set - Whether BSSID hint is configured for this network 171*a1157835SDaniel Fojt */ 172*a1157835SDaniel Fojt int bssid_hint_set; 173*a1157835SDaniel Fojt 174*a1157835SDaniel Fojt /** 1753ff40c12SJohn Marino * go_p2p_dev_addr - GO's P2P Device Address or all zeros if not set 1763ff40c12SJohn Marino */ 1773ff40c12SJohn Marino u8 go_p2p_dev_addr[ETH_ALEN]; 1783ff40c12SJohn Marino 1793ff40c12SJohn Marino /** 1806d49e1aeSJan Lentfer * psk - WPA pre-shared key (256 bits) 1816d49e1aeSJan Lentfer */ 1826d49e1aeSJan Lentfer u8 psk[32]; 1836d49e1aeSJan Lentfer 1846d49e1aeSJan Lentfer /** 1856d49e1aeSJan Lentfer * psk_set - Whether PSK field is configured 1866d49e1aeSJan Lentfer */ 1876d49e1aeSJan Lentfer int psk_set; 1886d49e1aeSJan Lentfer 1896d49e1aeSJan Lentfer /** 1906d49e1aeSJan Lentfer * passphrase - WPA ASCII passphrase 1916d49e1aeSJan Lentfer * 1926d49e1aeSJan Lentfer * If this is set, psk will be generated using the SSID and passphrase 1936d49e1aeSJan Lentfer * configured for the network. ASCII passphrase must be between 8 and 1946d49e1aeSJan Lentfer * 63 characters (inclusive). 1956d49e1aeSJan Lentfer */ 1966d49e1aeSJan Lentfer char *passphrase; 1976d49e1aeSJan Lentfer 1986d49e1aeSJan Lentfer /** 199*a1157835SDaniel Fojt * sae_password - SAE password 200*a1157835SDaniel Fojt * 201*a1157835SDaniel Fojt * This parameter can be used to set a password for SAE. By default, the 202*a1157835SDaniel Fojt * passphrase value is used if this separate parameter is not used, but 203*a1157835SDaniel Fojt * passphrase follows the WPA-PSK constraints (8..63 characters) even 204*a1157835SDaniel Fojt * though SAE passwords do not have such constraints. 205*a1157835SDaniel Fojt */ 206*a1157835SDaniel Fojt char *sae_password; 207*a1157835SDaniel Fojt 208*a1157835SDaniel Fojt /** 209*a1157835SDaniel Fojt * sae_password_id - SAE password identifier 210*a1157835SDaniel Fojt * 211*a1157835SDaniel Fojt * This parameter can be used to identify a specific SAE password. If 212*a1157835SDaniel Fojt * not included, the default SAE password is used instead. 213*a1157835SDaniel Fojt */ 214*a1157835SDaniel Fojt char *sae_password_id; 215*a1157835SDaniel Fojt 216*a1157835SDaniel Fojt /** 2173ff40c12SJohn Marino * ext_psk - PSK/passphrase name in external storage 2183ff40c12SJohn Marino * 2193ff40c12SJohn Marino * If this is set, PSK/passphrase will be fetched from external storage 2203ff40c12SJohn Marino * when requesting association with the network. 2213ff40c12SJohn Marino */ 2223ff40c12SJohn Marino char *ext_psk; 2233ff40c12SJohn Marino 2243ff40c12SJohn Marino /** 225*a1157835SDaniel Fojt * mem_only_psk - Whether to keep PSK/passphrase only in memory 226*a1157835SDaniel Fojt * 227*a1157835SDaniel Fojt * 0 = allow psk/passphrase to be stored to the configuration file 228*a1157835SDaniel Fojt * 1 = do not store psk/passphrase to the configuration file 229*a1157835SDaniel Fojt */ 230*a1157835SDaniel Fojt int mem_only_psk; 231*a1157835SDaniel Fojt 232*a1157835SDaniel Fojt /** 2336d49e1aeSJan Lentfer * pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_* 2346d49e1aeSJan Lentfer */ 2356d49e1aeSJan Lentfer int pairwise_cipher; 2366d49e1aeSJan Lentfer 2376d49e1aeSJan Lentfer /** 2386d49e1aeSJan Lentfer * group_cipher - Bitfield of allowed group ciphers, WPA_CIPHER_* 2396d49e1aeSJan Lentfer */ 2406d49e1aeSJan Lentfer int group_cipher; 2416d49e1aeSJan Lentfer 2426d49e1aeSJan Lentfer /** 243*a1157835SDaniel Fojt * group_mgmt_cipher - Bitfield of allowed group management ciphers 244*a1157835SDaniel Fojt * 245*a1157835SDaniel Fojt * This is a bitfield of WPA_CIPHER_AES_128_CMAC and WPA_CIPHER_BIP_* 246*a1157835SDaniel Fojt * values. If 0, no constraint is used for the cipher, i.e., whatever 247*a1157835SDaniel Fojt * the AP uses is accepted. 248*a1157835SDaniel Fojt */ 249*a1157835SDaniel Fojt int group_mgmt_cipher; 250*a1157835SDaniel Fojt 251*a1157835SDaniel Fojt /** 2526d49e1aeSJan Lentfer * key_mgmt - Bitfield of allowed key management protocols 2536d49e1aeSJan Lentfer * 2546d49e1aeSJan Lentfer * WPA_KEY_MGMT_* 2556d49e1aeSJan Lentfer */ 2566d49e1aeSJan Lentfer int key_mgmt; 2576d49e1aeSJan Lentfer 2586d49e1aeSJan Lentfer /** 2593ff40c12SJohn Marino * bg_scan_period - Background scan period in seconds, 0 to disable, or 2603ff40c12SJohn Marino * -1 to indicate no change to default driver configuration 2613ff40c12SJohn Marino */ 2623ff40c12SJohn Marino int bg_scan_period; 2633ff40c12SJohn Marino 2643ff40c12SJohn Marino /** 2656d49e1aeSJan Lentfer * proto - Bitfield of allowed protocols, WPA_PROTO_* 2666d49e1aeSJan Lentfer */ 2676d49e1aeSJan Lentfer int proto; 2686d49e1aeSJan Lentfer 2696d49e1aeSJan Lentfer /** 2706d49e1aeSJan Lentfer * auth_alg - Bitfield of allowed authentication algorithms 2716d49e1aeSJan Lentfer * 2726d49e1aeSJan Lentfer * WPA_AUTH_ALG_* 2736d49e1aeSJan Lentfer */ 2746d49e1aeSJan Lentfer int auth_alg; 2756d49e1aeSJan Lentfer 2766d49e1aeSJan Lentfer /** 2776d49e1aeSJan Lentfer * scan_ssid - Scan this SSID with Probe Requests 2786d49e1aeSJan Lentfer * 2796d49e1aeSJan Lentfer * scan_ssid can be used to scan for APs using hidden SSIDs. 2806d49e1aeSJan Lentfer * Note: Many drivers do not support this. ap_mode=2 can be used with 281*a1157835SDaniel Fojt * such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers 282*a1157835SDaniel Fojt * do support scan_ssid=1 and that should be used with them instead of 283*a1157835SDaniel Fojt * ap_scan=2. 2846d49e1aeSJan Lentfer */ 2856d49e1aeSJan Lentfer int scan_ssid; 2866d49e1aeSJan Lentfer 2876d49e1aeSJan Lentfer #ifdef IEEE8021X_EAPOL 2886d49e1aeSJan Lentfer #define EAPOL_FLAG_REQUIRE_KEY_UNICAST BIT(0) 2896d49e1aeSJan Lentfer #define EAPOL_FLAG_REQUIRE_KEY_BROADCAST BIT(1) 2906d49e1aeSJan Lentfer /** 2916d49e1aeSJan Lentfer * eapol_flags - Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*) 2926d49e1aeSJan Lentfer */ 2936d49e1aeSJan Lentfer int eapol_flags; 2946d49e1aeSJan Lentfer 2956d49e1aeSJan Lentfer /** 2966d49e1aeSJan Lentfer * eap - EAP peer configuration for this network 2976d49e1aeSJan Lentfer */ 2986d49e1aeSJan Lentfer struct eap_peer_config eap; 2996d49e1aeSJan Lentfer #endif /* IEEE8021X_EAPOL */ 3006d49e1aeSJan Lentfer 3016d49e1aeSJan Lentfer #define NUM_WEP_KEYS 4 3026d49e1aeSJan Lentfer #define MAX_WEP_KEY_LEN 16 3036d49e1aeSJan Lentfer /** 3046d49e1aeSJan Lentfer * wep_key - WEP keys 3056d49e1aeSJan Lentfer */ 3066d49e1aeSJan Lentfer u8 wep_key[NUM_WEP_KEYS][MAX_WEP_KEY_LEN]; 3076d49e1aeSJan Lentfer 3086d49e1aeSJan Lentfer /** 3096d49e1aeSJan Lentfer * wep_key_len - WEP key lengths 3106d49e1aeSJan Lentfer */ 3116d49e1aeSJan Lentfer size_t wep_key_len[NUM_WEP_KEYS]; 3126d49e1aeSJan Lentfer 3136d49e1aeSJan Lentfer /** 3146d49e1aeSJan Lentfer * wep_tx_keyidx - Default key index for TX frames using WEP 3156d49e1aeSJan Lentfer */ 3166d49e1aeSJan Lentfer int wep_tx_keyidx; 3176d49e1aeSJan Lentfer 3186d49e1aeSJan Lentfer /** 3196d49e1aeSJan Lentfer * proactive_key_caching - Enable proactive key caching 3206d49e1aeSJan Lentfer * 3216d49e1aeSJan Lentfer * This field can be used to enable proactive key caching which is also 3226d49e1aeSJan Lentfer * known as opportunistic PMKSA caching for WPA2. This is disabled (0) 3233ff40c12SJohn Marino * by default unless default value is changed with the global okc=1 3243ff40c12SJohn Marino * parameter. Enable by setting this to 1. 3256d49e1aeSJan Lentfer * 3266d49e1aeSJan Lentfer * Proactive key caching is used to make supplicant assume that the APs 3276d49e1aeSJan Lentfer * are using the same PMK and generate PMKSA cache entries without 3286d49e1aeSJan Lentfer * doing RSN pre-authentication. This requires support from the AP side 3296d49e1aeSJan Lentfer * and is normally used with wireless switches that co-locate the 3306d49e1aeSJan Lentfer * authenticator. 3313ff40c12SJohn Marino * 3323ff40c12SJohn Marino * Internally, special value -1 is used to indicate that the parameter 3333ff40c12SJohn Marino * was not specified in the configuration (i.e., default behavior is 3343ff40c12SJohn Marino * followed). 3356d49e1aeSJan Lentfer */ 3366d49e1aeSJan Lentfer int proactive_key_caching; 3376d49e1aeSJan Lentfer 3386d49e1aeSJan Lentfer /** 3396d49e1aeSJan Lentfer * mixed_cell - Whether mixed cells are allowed 3406d49e1aeSJan Lentfer * 3416d49e1aeSJan Lentfer * This option can be used to configure whether so called mixed cells, 3426d49e1aeSJan Lentfer * i.e., networks that use both plaintext and encryption in the same 3436d49e1aeSJan Lentfer * SSID, are allowed. This is disabled (0) by default. Enable by 3446d49e1aeSJan Lentfer * setting this to 1. 3456d49e1aeSJan Lentfer */ 3466d49e1aeSJan Lentfer int mixed_cell; 3476d49e1aeSJan Lentfer 3486d49e1aeSJan Lentfer #ifdef IEEE8021X_EAPOL 3496d49e1aeSJan Lentfer 3506d49e1aeSJan Lentfer /** 3516d49e1aeSJan Lentfer * leap - Number of EAP methods using LEAP 3526d49e1aeSJan Lentfer * 3536d49e1aeSJan Lentfer * This field should be set to 1 if LEAP is enabled. This is used to 3546d49e1aeSJan Lentfer * select IEEE 802.11 authentication algorithm. 3556d49e1aeSJan Lentfer */ 3566d49e1aeSJan Lentfer int leap; 3576d49e1aeSJan Lentfer 3586d49e1aeSJan Lentfer /** 3596d49e1aeSJan Lentfer * non_leap - Number of EAP methods not using LEAP 3606d49e1aeSJan Lentfer * 3616d49e1aeSJan Lentfer * This field should be set to >0 if any EAP method other than LEAP is 3626d49e1aeSJan Lentfer * enabled. This is used to select IEEE 802.11 authentication 3636d49e1aeSJan Lentfer * algorithm. 3646d49e1aeSJan Lentfer */ 3656d49e1aeSJan Lentfer int non_leap; 3666d49e1aeSJan Lentfer 3676d49e1aeSJan Lentfer /** 3686d49e1aeSJan Lentfer * eap_workaround - EAP workarounds enabled 3696d49e1aeSJan Lentfer * 3706d49e1aeSJan Lentfer * wpa_supplicant supports number of "EAP workarounds" to work around 3716d49e1aeSJan Lentfer * interoperability issues with incorrectly behaving authentication 3726d49e1aeSJan Lentfer * servers. This is recommended to be enabled by default because some 3736d49e1aeSJan Lentfer * of the issues are present in large number of authentication servers. 3746d49e1aeSJan Lentfer * 3756d49e1aeSJan Lentfer * Strict EAP conformance mode can be configured by disabling 3766d49e1aeSJan Lentfer * workarounds with eap_workaround = 0. 3776d49e1aeSJan Lentfer */ 3786d49e1aeSJan Lentfer unsigned int eap_workaround; 3796d49e1aeSJan Lentfer 3806d49e1aeSJan Lentfer #endif /* IEEE8021X_EAPOL */ 3816d49e1aeSJan Lentfer 3826d49e1aeSJan Lentfer /** 3836d49e1aeSJan Lentfer * mode - IEEE 802.11 operation mode (Infrastucture/IBSS) 3846d49e1aeSJan Lentfer * 3856d49e1aeSJan Lentfer * 0 = infrastructure (Managed) mode, i.e., associate with an AP. 3866d49e1aeSJan Lentfer * 3876d49e1aeSJan Lentfer * 1 = IBSS (ad-hoc, peer-to-peer) 3886d49e1aeSJan Lentfer * 3893ff40c12SJohn Marino * 2 = AP (access point) 3903ff40c12SJohn Marino * 3913ff40c12SJohn Marino * 3 = P2P Group Owner (can be set in the configuration file) 3923ff40c12SJohn Marino * 3933ff40c12SJohn Marino * 4 = P2P Group Formation (used internally; not in configuration 3943ff40c12SJohn Marino * files) 3953ff40c12SJohn Marino * 396*a1157835SDaniel Fojt * 5 = Mesh 397*a1157835SDaniel Fojt * 3983ff40c12SJohn Marino * Note: IBSS can only be used with key_mgmt NONE (plaintext and static 3993ff40c12SJohn Marino * WEP) and WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE 4003ff40c12SJohn Marino * (fixed group key TKIP/CCMP) is available for backwards compatibility, 4013ff40c12SJohn Marino * but its use is deprecated. WPA-None requires following network block 4023ff40c12SJohn Marino * options: proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or 4033ff40c12SJohn Marino * CCMP, but not both), and psk must also be set (either directly or 4043ff40c12SJohn Marino * using ASCII passphrase). 4056d49e1aeSJan Lentfer */ 406*a1157835SDaniel Fojt enum wpas_mode mode; 407*a1157835SDaniel Fojt 408*a1157835SDaniel Fojt /** 409*a1157835SDaniel Fojt * pbss - Whether to use PBSS. Relevant to DMG networks only. 410*a1157835SDaniel Fojt * 0 = do not use PBSS 411*a1157835SDaniel Fojt * 1 = use PBSS 412*a1157835SDaniel Fojt * 2 = don't care (not allowed in AP mode) 413*a1157835SDaniel Fojt * Used together with mode configuration. When mode is AP, it 414*a1157835SDaniel Fojt * means to start a PCP instead of a regular AP. When mode is INFRA it 415*a1157835SDaniel Fojt * means connect to a PCP instead of AP. In this mode you can also 416*a1157835SDaniel Fojt * specify 2 (don't care) meaning connect to either AP or PCP. 417*a1157835SDaniel Fojt * P2P_GO and P2P_GROUP_FORMATION modes must use PBSS in DMG network. 418*a1157835SDaniel Fojt */ 419*a1157835SDaniel Fojt int pbss; 4206d49e1aeSJan Lentfer 4216d49e1aeSJan Lentfer /** 4226d49e1aeSJan Lentfer * disabled - Whether this network is currently disabled 4236d49e1aeSJan Lentfer * 4246d49e1aeSJan Lentfer * 0 = this network can be used (default). 4256d49e1aeSJan Lentfer * 1 = this network block is disabled (can be enabled through 4266d49e1aeSJan Lentfer * ctrl_iface, e.g., with wpa_cli or wpa_gui). 4273ff40c12SJohn Marino * 2 = this network block includes parameters for a persistent P2P 4283ff40c12SJohn Marino * group (can be used with P2P ctrl_iface commands) 4296d49e1aeSJan Lentfer */ 4306d49e1aeSJan Lentfer int disabled; 4316d49e1aeSJan Lentfer 4326d49e1aeSJan Lentfer /** 4333ff40c12SJohn Marino * disabled_for_connect - Whether this network was temporarily disabled 4343ff40c12SJohn Marino * 4353ff40c12SJohn Marino * This flag is used to reenable all the temporarily disabled networks 4363ff40c12SJohn Marino * after either the success or failure of a WPS connection. 4373ff40c12SJohn Marino */ 4383ff40c12SJohn Marino int disabled_for_connect; 4393ff40c12SJohn Marino 4403ff40c12SJohn Marino /** 4416d49e1aeSJan Lentfer * id_str - Network identifier string for external scripts 4426d49e1aeSJan Lentfer * 4436d49e1aeSJan Lentfer * This value is passed to external ctrl_iface monitors in 4446d49e1aeSJan Lentfer * WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR 4456d49e1aeSJan Lentfer * environment variable for action scripts. 4466d49e1aeSJan Lentfer */ 4476d49e1aeSJan Lentfer char *id_str; 4486d49e1aeSJan Lentfer 4496d49e1aeSJan Lentfer #ifdef CONFIG_IEEE80211W 4506d49e1aeSJan Lentfer /** 4516d49e1aeSJan Lentfer * ieee80211w - Whether management frame protection is enabled 4526d49e1aeSJan Lentfer * 4536d49e1aeSJan Lentfer * This value is used to configure policy for management frame 4546d49e1aeSJan Lentfer * protection (IEEE 802.11w). 0 = disabled, 1 = optional, 2 = required. 4553ff40c12SJohn Marino * This is disabled by default unless the default value has been changed 4563ff40c12SJohn Marino * with the global pmf=1/2 parameter. 4573ff40c12SJohn Marino * 4583ff40c12SJohn Marino * Internally, special value 3 is used to indicate that the parameter 4593ff40c12SJohn Marino * was not specified in the configuration (i.e., default behavior is 4603ff40c12SJohn Marino * followed). 4616d49e1aeSJan Lentfer */ 4623ff40c12SJohn Marino enum mfp_options ieee80211w; 4636d49e1aeSJan Lentfer #endif /* CONFIG_IEEE80211W */ 4646d49e1aeSJan Lentfer 465*a1157835SDaniel Fojt #ifdef CONFIG_OCV 466*a1157835SDaniel Fojt /** 467*a1157835SDaniel Fojt * ocv - Enable/disable operating channel validation 468*a1157835SDaniel Fojt * 469*a1157835SDaniel Fojt * If this parameter is set to 1, stations will exchange OCI element 470*a1157835SDaniel Fojt * to cryptographically verify the operating channel. Setting this 471*a1157835SDaniel Fojt * parameter to 0 disables this option. Default value: 0. 472*a1157835SDaniel Fojt */ 473*a1157835SDaniel Fojt int ocv; 474*a1157835SDaniel Fojt #endif /* CONFIG_OCV */ 475*a1157835SDaniel Fojt 4766d49e1aeSJan Lentfer /** 4776d49e1aeSJan Lentfer * frequency - Channel frequency in megahertz (MHz) for IBSS 4786d49e1aeSJan Lentfer * 4796d49e1aeSJan Lentfer * This value is used to configure the initial channel for IBSS (adhoc) 4806d49e1aeSJan Lentfer * networks, e.g., 2412 = IEEE 802.11b/g channel 1. It is ignored in 4816d49e1aeSJan Lentfer * the infrastructure mode. In addition, this value is only used by the 4826d49e1aeSJan Lentfer * station that creates the IBSS. If an IBSS network with the 4836d49e1aeSJan Lentfer * configured SSID is already present, the frequency of the network 4846d49e1aeSJan Lentfer * will be used instead of this configured value. 4856d49e1aeSJan Lentfer */ 4866d49e1aeSJan Lentfer int frequency; 4876d49e1aeSJan Lentfer 488*a1157835SDaniel Fojt /** 489*a1157835SDaniel Fojt * fixed_freq - Use fixed frequency for IBSS 490*a1157835SDaniel Fojt */ 491*a1157835SDaniel Fojt int fixed_freq; 492*a1157835SDaniel Fojt 493*a1157835SDaniel Fojt #ifdef CONFIG_ACS 494*a1157835SDaniel Fojt /** 495*a1157835SDaniel Fojt * ACS - Automatic Channel Selection for AP mode 496*a1157835SDaniel Fojt * 497*a1157835SDaniel Fojt * If present, it will be handled together with frequency. 498*a1157835SDaniel Fojt * frequency will be used to determine hardware mode only, when it is 499*a1157835SDaniel Fojt * used for both hardware mode and channel when used alone. This will 500*a1157835SDaniel Fojt * force the channel to be set to 0, thus enabling ACS. 501*a1157835SDaniel Fojt */ 502*a1157835SDaniel Fojt int acs; 503*a1157835SDaniel Fojt #endif /* CONFIG_ACS */ 504*a1157835SDaniel Fojt 505*a1157835SDaniel Fojt /** 506*a1157835SDaniel Fojt * mesh_basic_rates - BSS Basic rate set for mesh network 507*a1157835SDaniel Fojt * 508*a1157835SDaniel Fojt */ 509*a1157835SDaniel Fojt int *mesh_basic_rates; 510*a1157835SDaniel Fojt 511*a1157835SDaniel Fojt /** 512*a1157835SDaniel Fojt * Mesh network plink parameters 513*a1157835SDaniel Fojt */ 514*a1157835SDaniel Fojt int dot11MeshMaxRetries; 515*a1157835SDaniel Fojt int dot11MeshRetryTimeout; /* msec */ 516*a1157835SDaniel Fojt int dot11MeshConfirmTimeout; /* msec */ 517*a1157835SDaniel Fojt int dot11MeshHoldingTimeout; /* msec */ 518*a1157835SDaniel Fojt 519*a1157835SDaniel Fojt int ht; 5203ff40c12SJohn Marino int ht40; 5213ff40c12SJohn Marino 5223ff40c12SJohn Marino int vht; 5233ff40c12SJohn Marino 524*a1157835SDaniel Fojt int he; 525*a1157835SDaniel Fojt 526*a1157835SDaniel Fojt int max_oper_chwidth; 527*a1157835SDaniel Fojt 528*a1157835SDaniel Fojt unsigned int vht_center_freq1; 529*a1157835SDaniel Fojt unsigned int vht_center_freq2; 530*a1157835SDaniel Fojt 5316d49e1aeSJan Lentfer /** 5326d49e1aeSJan Lentfer * wpa_ptk_rekey - Maximum lifetime for PTK in seconds 5336d49e1aeSJan Lentfer * 5346d49e1aeSJan Lentfer * This value can be used to enforce rekeying of PTK to mitigate some 5356d49e1aeSJan Lentfer * attacks against TKIP deficiencies. 5366d49e1aeSJan Lentfer */ 5376d49e1aeSJan Lentfer int wpa_ptk_rekey; 5383ff40c12SJohn Marino 5393ff40c12SJohn Marino /** 540*a1157835SDaniel Fojt * group_rekey - Group rekeying time in seconds 541*a1157835SDaniel Fojt * 542*a1157835SDaniel Fojt * This value, if non-zero, is used as the dot11RSNAConfigGroupRekeyTime 543*a1157835SDaniel Fojt * parameter when operating in Authenticator role in IBSS. 544*a1157835SDaniel Fojt */ 545*a1157835SDaniel Fojt int group_rekey; 546*a1157835SDaniel Fojt 547*a1157835SDaniel Fojt /** 5483ff40c12SJohn Marino * scan_freq - Array of frequencies to scan or %NULL for all 5493ff40c12SJohn Marino * 5503ff40c12SJohn Marino * This is an optional zero-terminated array of frequencies in 5513ff40c12SJohn Marino * megahertz (MHz) to include in scan requests when searching for this 5523ff40c12SJohn Marino * network. This can be used to speed up scanning when the network is 5533ff40c12SJohn Marino * known to not use all possible channels. 5543ff40c12SJohn Marino */ 5553ff40c12SJohn Marino int *scan_freq; 5563ff40c12SJohn Marino 5573ff40c12SJohn Marino /** 5583ff40c12SJohn Marino * bgscan - Background scan and roaming parameters or %NULL if none 5593ff40c12SJohn Marino * 5603ff40c12SJohn Marino * This is an optional set of parameters for background scanning and 5613ff40c12SJohn Marino * roaming within a network (ESS) in following format: 5623ff40c12SJohn Marino * <bgscan module name>:<module parameters> 5633ff40c12SJohn Marino */ 5643ff40c12SJohn Marino char *bgscan; 5653ff40c12SJohn Marino 5663ff40c12SJohn Marino /** 5673ff40c12SJohn Marino * ignore_broadcast_ssid - Hide SSID in AP mode 5683ff40c12SJohn Marino * 5693ff40c12SJohn Marino * Send empty SSID in beacons and ignore probe request frames that do 5703ff40c12SJohn Marino * not specify full SSID, i.e., require stations to know SSID. 5713ff40c12SJohn Marino * default: disabled (0) 5723ff40c12SJohn Marino * 1 = send empty (length=0) SSID in beacon and ignore probe request 5733ff40c12SJohn Marino * for broadcast SSID 5743ff40c12SJohn Marino * 2 = clear SSID (ASCII 0), but keep the original length (this may be 5753ff40c12SJohn Marino * required with some clients that do not support empty SSID) and 5763ff40c12SJohn Marino * ignore probe requests for broadcast SSID 5773ff40c12SJohn Marino */ 5783ff40c12SJohn Marino int ignore_broadcast_ssid; 5793ff40c12SJohn Marino 5803ff40c12SJohn Marino /** 5813ff40c12SJohn Marino * freq_list - Array of allowed frequencies or %NULL for all 5823ff40c12SJohn Marino * 5833ff40c12SJohn Marino * This is an optional zero-terminated array of frequencies in 5843ff40c12SJohn Marino * megahertz (MHz) to allow for selecting the BSS. If set, scan results 5853ff40c12SJohn Marino * that do not match any of the specified frequencies are not 5863ff40c12SJohn Marino * considered when selecting a BSS. 5873ff40c12SJohn Marino */ 5883ff40c12SJohn Marino int *freq_list; 5893ff40c12SJohn Marino 5903ff40c12SJohn Marino /** 5913ff40c12SJohn Marino * p2p_client_list - List of P2P Clients in a persistent group (GO) 5923ff40c12SJohn Marino * 5933ff40c12SJohn Marino * This is a list of P2P Clients (P2P Device Address) that have joined 5943ff40c12SJohn Marino * the persistent group. This is maintained on the GO for persistent 5953ff40c12SJohn Marino * group entries (disabled == 2). 5963ff40c12SJohn Marino */ 5973ff40c12SJohn Marino u8 *p2p_client_list; 5983ff40c12SJohn Marino 5993ff40c12SJohn Marino /** 6003ff40c12SJohn Marino * num_p2p_clients - Number of entries in p2p_client_list 6013ff40c12SJohn Marino */ 6023ff40c12SJohn Marino size_t num_p2p_clients; 6033ff40c12SJohn Marino 6043ff40c12SJohn Marino #ifndef P2P_MAX_STORED_CLIENTS 6053ff40c12SJohn Marino #define P2P_MAX_STORED_CLIENTS 100 6063ff40c12SJohn Marino #endif /* P2P_MAX_STORED_CLIENTS */ 6073ff40c12SJohn Marino 6083ff40c12SJohn Marino /** 6093ff40c12SJohn Marino * psk_list - Per-client PSKs (struct psk_list_entry) 6103ff40c12SJohn Marino */ 6113ff40c12SJohn Marino struct dl_list psk_list; 6123ff40c12SJohn Marino 6133ff40c12SJohn Marino /** 6143ff40c12SJohn Marino * p2p_group - Network generated as a P2P group (used internally) 6153ff40c12SJohn Marino */ 6163ff40c12SJohn Marino int p2p_group; 6173ff40c12SJohn Marino 6183ff40c12SJohn Marino /** 6193ff40c12SJohn Marino * p2p_persistent_group - Whether this is a persistent group 6203ff40c12SJohn Marino */ 6213ff40c12SJohn Marino int p2p_persistent_group; 6223ff40c12SJohn Marino 6233ff40c12SJohn Marino /** 6243ff40c12SJohn Marino * temporary - Whether this network is temporary and not to be saved 6253ff40c12SJohn Marino */ 6263ff40c12SJohn Marino int temporary; 6273ff40c12SJohn Marino 6283ff40c12SJohn Marino /** 6293ff40c12SJohn Marino * export_keys - Whether keys may be exported 6303ff40c12SJohn Marino * 6313ff40c12SJohn Marino * This attribute will be set when keys are determined through 6323ff40c12SJohn Marino * WPS or similar so that they may be exported. 6333ff40c12SJohn Marino */ 6343ff40c12SJohn Marino int export_keys; 6353ff40c12SJohn Marino 6363ff40c12SJohn Marino #ifdef CONFIG_HT_OVERRIDES 6373ff40c12SJohn Marino /** 6383ff40c12SJohn Marino * disable_ht - Disable HT (IEEE 802.11n) for this network 6393ff40c12SJohn Marino * 6403ff40c12SJohn Marino * By default, use it if it is available, but this can be configured 6413ff40c12SJohn Marino * to 1 to have it disabled. 6423ff40c12SJohn Marino */ 6433ff40c12SJohn Marino int disable_ht; 6443ff40c12SJohn Marino 6453ff40c12SJohn Marino /** 6463ff40c12SJohn Marino * disable_ht40 - Disable HT40 for this network 6473ff40c12SJohn Marino * 6483ff40c12SJohn Marino * By default, use it if it is available, but this can be configured 6493ff40c12SJohn Marino * to 1 to have it disabled. 6503ff40c12SJohn Marino */ 6513ff40c12SJohn Marino int disable_ht40; 6523ff40c12SJohn Marino 6533ff40c12SJohn Marino /** 6543ff40c12SJohn Marino * disable_sgi - Disable SGI (Short Guard Interval) for this network 6553ff40c12SJohn Marino * 6563ff40c12SJohn Marino * By default, use it if it is available, but this can be configured 6573ff40c12SJohn Marino * to 1 to have it disabled. 6583ff40c12SJohn Marino */ 6593ff40c12SJohn Marino int disable_sgi; 6603ff40c12SJohn Marino 6613ff40c12SJohn Marino /** 662*a1157835SDaniel Fojt * disable_ldpc - Disable LDPC for this network 663*a1157835SDaniel Fojt * 664*a1157835SDaniel Fojt * By default, use it if it is available, but this can be configured 665*a1157835SDaniel Fojt * to 1 to have it disabled. 666*a1157835SDaniel Fojt */ 667*a1157835SDaniel Fojt int disable_ldpc; 668*a1157835SDaniel Fojt 669*a1157835SDaniel Fojt /** 670*a1157835SDaniel Fojt * ht40_intolerant - Indicate 40 MHz intolerant for this network 671*a1157835SDaniel Fojt */ 672*a1157835SDaniel Fojt int ht40_intolerant; 673*a1157835SDaniel Fojt 674*a1157835SDaniel Fojt /** 6753ff40c12SJohn Marino * disable_max_amsdu - Disable MAX A-MSDU 6763ff40c12SJohn Marino * 6773ff40c12SJohn Marino * A-MDSU will be 3839 bytes when disabled, or 7935 6783ff40c12SJohn Marino * when enabled (assuming it is otherwise supported) 6793ff40c12SJohn Marino * -1 (default) means do not apply any settings to the kernel. 6803ff40c12SJohn Marino */ 6813ff40c12SJohn Marino int disable_max_amsdu; 6823ff40c12SJohn Marino 6833ff40c12SJohn Marino /** 6843ff40c12SJohn Marino * ampdu_factor - Maximum A-MPDU Length Exponent 6853ff40c12SJohn Marino * 6863ff40c12SJohn Marino * Value: 0-3, see 7.3.2.56.3 in IEEE Std 802.11n-2009. 6873ff40c12SJohn Marino */ 6883ff40c12SJohn Marino int ampdu_factor; 6893ff40c12SJohn Marino 6903ff40c12SJohn Marino /** 6913ff40c12SJohn Marino * ampdu_density - Minimum A-MPDU Start Spacing 6923ff40c12SJohn Marino * 6933ff40c12SJohn Marino * Value: 0-7, see 7.3.2.56.3 in IEEE Std 802.11n-2009. 6943ff40c12SJohn Marino */ 6953ff40c12SJohn Marino int ampdu_density; 6963ff40c12SJohn Marino 6973ff40c12SJohn Marino /** 6983ff40c12SJohn Marino * ht_mcs - Allowed HT-MCS rates, in ASCII hex: ffff0000... 6993ff40c12SJohn Marino * 7003ff40c12SJohn Marino * By default (empty string): Use whatever the OS has configured. 7013ff40c12SJohn Marino */ 7023ff40c12SJohn Marino char *ht_mcs; 703*a1157835SDaniel Fojt 704*a1157835SDaniel Fojt /** 705*a1157835SDaniel Fojt * tx_stbc - Indicate STBC support for TX streams 706*a1157835SDaniel Fojt * 707*a1157835SDaniel Fojt * Value: -1..1, by default (-1): use whatever the OS or card has 708*a1157835SDaniel Fojt * configured. See IEEE Std 802.11-2016, 9.4.2.56.2. 709*a1157835SDaniel Fojt */ 710*a1157835SDaniel Fojt int tx_stbc; 711*a1157835SDaniel Fojt 712*a1157835SDaniel Fojt /** 713*a1157835SDaniel Fojt * rx_stbc - Indicate STBC support for RX streams 714*a1157835SDaniel Fojt * 715*a1157835SDaniel Fojt * Value: -1..3, by default (-1): use whatever the OS or card has 716*a1157835SDaniel Fojt * configured. See IEEE Std 802.11-2016, 9.4.2.56.2. 717*a1157835SDaniel Fojt */ 718*a1157835SDaniel Fojt int rx_stbc; 7193ff40c12SJohn Marino #endif /* CONFIG_HT_OVERRIDES */ 7203ff40c12SJohn Marino 7213ff40c12SJohn Marino #ifdef CONFIG_VHT_OVERRIDES 7223ff40c12SJohn Marino /** 7233ff40c12SJohn Marino * disable_vht - Disable VHT (IEEE 802.11ac) for this network 7243ff40c12SJohn Marino * 7253ff40c12SJohn Marino * By default, use it if it is available, but this can be configured 7263ff40c12SJohn Marino * to 1 to have it disabled. 7273ff40c12SJohn Marino */ 7283ff40c12SJohn Marino int disable_vht; 7293ff40c12SJohn Marino 7303ff40c12SJohn Marino /** 7313ff40c12SJohn Marino * vht_capa - VHT capabilities to use 7323ff40c12SJohn Marino */ 7333ff40c12SJohn Marino unsigned int vht_capa; 7343ff40c12SJohn Marino 7353ff40c12SJohn Marino /** 7363ff40c12SJohn Marino * vht_capa_mask - mask for VHT capabilities 7373ff40c12SJohn Marino */ 7383ff40c12SJohn Marino unsigned int vht_capa_mask; 7393ff40c12SJohn Marino 7403ff40c12SJohn Marino int vht_rx_mcs_nss_1, vht_rx_mcs_nss_2, 7413ff40c12SJohn Marino vht_rx_mcs_nss_3, vht_rx_mcs_nss_4, 7423ff40c12SJohn Marino vht_rx_mcs_nss_5, vht_rx_mcs_nss_6, 7433ff40c12SJohn Marino vht_rx_mcs_nss_7, vht_rx_mcs_nss_8; 7443ff40c12SJohn Marino int vht_tx_mcs_nss_1, vht_tx_mcs_nss_2, 7453ff40c12SJohn Marino vht_tx_mcs_nss_3, vht_tx_mcs_nss_4, 7463ff40c12SJohn Marino vht_tx_mcs_nss_5, vht_tx_mcs_nss_6, 7473ff40c12SJohn Marino vht_tx_mcs_nss_7, vht_tx_mcs_nss_8; 7483ff40c12SJohn Marino #endif /* CONFIG_VHT_OVERRIDES */ 7493ff40c12SJohn Marino 7503ff40c12SJohn Marino /** 7513ff40c12SJohn Marino * ap_max_inactivity - Timeout in seconds to detect STA's inactivity 7523ff40c12SJohn Marino * 7533ff40c12SJohn Marino * This timeout value is used in AP mode to clean up inactive stations. 7543ff40c12SJohn Marino * By default: 300 seconds. 7553ff40c12SJohn Marino */ 7563ff40c12SJohn Marino int ap_max_inactivity; 7573ff40c12SJohn Marino 7583ff40c12SJohn Marino /** 7593ff40c12SJohn Marino * dtim_period - DTIM period in Beacon intervals 7603ff40c12SJohn Marino * By default: 2 7613ff40c12SJohn Marino */ 7623ff40c12SJohn Marino int dtim_period; 7633ff40c12SJohn Marino 7643ff40c12SJohn Marino /** 7653ff40c12SJohn Marino * beacon_int - Beacon interval (default: 100 TU) 7663ff40c12SJohn Marino */ 7673ff40c12SJohn Marino int beacon_int; 7683ff40c12SJohn Marino 7693ff40c12SJohn Marino /** 7703ff40c12SJohn Marino * auth_failures - Number of consecutive authentication failures 7713ff40c12SJohn Marino */ 7723ff40c12SJohn Marino unsigned int auth_failures; 7733ff40c12SJohn Marino 7743ff40c12SJohn Marino /** 7753ff40c12SJohn Marino * disabled_until - Network block disabled until this time if non-zero 7763ff40c12SJohn Marino */ 7773ff40c12SJohn Marino struct os_reltime disabled_until; 7783ff40c12SJohn Marino 7793ff40c12SJohn Marino /** 7803ff40c12SJohn Marino * parent_cred - Pointer to parent wpa_cred entry 7813ff40c12SJohn Marino * 7823ff40c12SJohn Marino * This pointer can be used to delete temporary networks when a wpa_cred 7833ff40c12SJohn Marino * that was used to create them is removed. This pointer should not be 7843ff40c12SJohn Marino * dereferences since it may not be updated in all cases. 7853ff40c12SJohn Marino */ 7863ff40c12SJohn Marino void *parent_cred; 787*a1157835SDaniel Fojt 788*a1157835SDaniel Fojt #ifdef CONFIG_MACSEC 789*a1157835SDaniel Fojt /** 790*a1157835SDaniel Fojt * macsec_policy - Determines the policy for MACsec secure session 791*a1157835SDaniel Fojt * 792*a1157835SDaniel Fojt * 0: MACsec not in use (default) 793*a1157835SDaniel Fojt * 1: MACsec enabled - Should secure, accept key server's advice to 794*a1157835SDaniel Fojt * determine whether to use a secure session or not. 795*a1157835SDaniel Fojt */ 796*a1157835SDaniel Fojt int macsec_policy; 797*a1157835SDaniel Fojt 798*a1157835SDaniel Fojt /** 799*a1157835SDaniel Fojt * macsec_integ_only - Determines how MACsec are transmitted 800*a1157835SDaniel Fojt * 801*a1157835SDaniel Fojt * This setting applies only when MACsec is in use, i.e., 802*a1157835SDaniel Fojt * - macsec_policy is enabled 803*a1157835SDaniel Fojt * - the key server has decided to enable MACsec 804*a1157835SDaniel Fojt * 805*a1157835SDaniel Fojt * 0: Encrypt traffic (default) 806*a1157835SDaniel Fojt * 1: Integrity only 807*a1157835SDaniel Fojt */ 808*a1157835SDaniel Fojt int macsec_integ_only; 809*a1157835SDaniel Fojt 810*a1157835SDaniel Fojt /** 811*a1157835SDaniel Fojt * macsec_replay_protect - Enable MACsec replay protection 812*a1157835SDaniel Fojt * 813*a1157835SDaniel Fojt * This setting applies only when MACsec is in use, i.e., 814*a1157835SDaniel Fojt * - macsec_policy is enabled 815*a1157835SDaniel Fojt * - the key server has decided to enable MACsec 816*a1157835SDaniel Fojt * 817*a1157835SDaniel Fojt * 0: Replay protection disabled (default) 818*a1157835SDaniel Fojt * 1: Replay protection enabled 819*a1157835SDaniel Fojt */ 820*a1157835SDaniel Fojt int macsec_replay_protect; 821*a1157835SDaniel Fojt 822*a1157835SDaniel Fojt /** 823*a1157835SDaniel Fojt * macsec_replay_window - MACsec replay protection window 824*a1157835SDaniel Fojt * 825*a1157835SDaniel Fojt * A window in which replay is tolerated, to allow receipt of frames 826*a1157835SDaniel Fojt * that have been misordered by the network. 827*a1157835SDaniel Fojt * 828*a1157835SDaniel Fojt * This setting applies only when MACsec replay protection active, i.e., 829*a1157835SDaniel Fojt * - macsec_replay_protect is enabled 830*a1157835SDaniel Fojt * - the key server has decided to enable MACsec 831*a1157835SDaniel Fojt * 832*a1157835SDaniel Fojt * 0: No replay window, strict check (default) 833*a1157835SDaniel Fojt * 1..2^32-1: number of packets that could be misordered 834*a1157835SDaniel Fojt */ 835*a1157835SDaniel Fojt u32 macsec_replay_window; 836*a1157835SDaniel Fojt 837*a1157835SDaniel Fojt /** 838*a1157835SDaniel Fojt * macsec_port - MACsec port (in SCI) 839*a1157835SDaniel Fojt * 840*a1157835SDaniel Fojt * Port component of the SCI. 841*a1157835SDaniel Fojt * 842*a1157835SDaniel Fojt * Range: 1-65534 (default: 1) 843*a1157835SDaniel Fojt */ 844*a1157835SDaniel Fojt int macsec_port; 845*a1157835SDaniel Fojt 846*a1157835SDaniel Fojt /** 847*a1157835SDaniel Fojt * mka_priority - Priority of MKA Actor 848*a1157835SDaniel Fojt * 849*a1157835SDaniel Fojt * Range: 0-255 (default: 255) 850*a1157835SDaniel Fojt */ 851*a1157835SDaniel Fojt int mka_priority; 852*a1157835SDaniel Fojt 853*a1157835SDaniel Fojt /** 854*a1157835SDaniel Fojt * mka_ckn - MKA pre-shared CKN 855*a1157835SDaniel Fojt */ 856*a1157835SDaniel Fojt #define MACSEC_CKN_MAX_LEN 32 857*a1157835SDaniel Fojt size_t mka_ckn_len; 858*a1157835SDaniel Fojt u8 mka_ckn[MACSEC_CKN_MAX_LEN]; 859*a1157835SDaniel Fojt 860*a1157835SDaniel Fojt /** 861*a1157835SDaniel Fojt * mka_cak - MKA pre-shared CAK 862*a1157835SDaniel Fojt */ 863*a1157835SDaniel Fojt #define MACSEC_CAK_MAX_LEN 32 864*a1157835SDaniel Fojt size_t mka_cak_len; 865*a1157835SDaniel Fojt u8 mka_cak[MACSEC_CAK_MAX_LEN]; 866*a1157835SDaniel Fojt 867*a1157835SDaniel Fojt #define MKA_PSK_SET_CKN BIT(0) 868*a1157835SDaniel Fojt #define MKA_PSK_SET_CAK BIT(1) 869*a1157835SDaniel Fojt #define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK) 870*a1157835SDaniel Fojt /** 871*a1157835SDaniel Fojt * mka_psk_set - Whether mka_ckn and mka_cak are set 872*a1157835SDaniel Fojt */ 873*a1157835SDaniel Fojt u8 mka_psk_set; 874*a1157835SDaniel Fojt #endif /* CONFIG_MACSEC */ 875*a1157835SDaniel Fojt 876*a1157835SDaniel Fojt #ifdef CONFIG_HS20 877*a1157835SDaniel Fojt int update_identifier; 878*a1157835SDaniel Fojt 879*a1157835SDaniel Fojt /** 880*a1157835SDaniel Fojt * roaming_consortium_selection - Roaming Consortium Selection 881*a1157835SDaniel Fojt * 882*a1157835SDaniel Fojt * The matching Roaming Consortium OI that was used to generate this 883*a1157835SDaniel Fojt * network profile. 884*a1157835SDaniel Fojt */ 885*a1157835SDaniel Fojt u8 *roaming_consortium_selection; 886*a1157835SDaniel Fojt 887*a1157835SDaniel Fojt /** 888*a1157835SDaniel Fojt * roaming_consortium_selection_len - roaming_consortium_selection len 889*a1157835SDaniel Fojt */ 890*a1157835SDaniel Fojt size_t roaming_consortium_selection_len; 891*a1157835SDaniel Fojt #endif /* CONFIG_HS20 */ 892*a1157835SDaniel Fojt 893*a1157835SDaniel Fojt unsigned int wps_run; 894*a1157835SDaniel Fojt 895*a1157835SDaniel Fojt /** 896*a1157835SDaniel Fojt * mac_addr - MAC address policy 897*a1157835SDaniel Fojt * 898*a1157835SDaniel Fojt * 0 = use permanent MAC address 899*a1157835SDaniel Fojt * 1 = use random MAC address for each ESS connection 900*a1157835SDaniel Fojt * 2 = like 1, but maintain OUI (with local admin bit set) 901*a1157835SDaniel Fojt * 902*a1157835SDaniel Fojt * Internally, special value -1 is used to indicate that the parameter 903*a1157835SDaniel Fojt * was not specified in the configuration (i.e., default behavior is 904*a1157835SDaniel Fojt * followed). 905*a1157835SDaniel Fojt */ 906*a1157835SDaniel Fojt int mac_addr; 907*a1157835SDaniel Fojt 908*a1157835SDaniel Fojt /** 909*a1157835SDaniel Fojt * no_auto_peer - Do not automatically peer with compatible mesh peers 910*a1157835SDaniel Fojt * 911*a1157835SDaniel Fojt * When unset, the reception of a beacon from a another mesh peer in 912*a1157835SDaniel Fojt * this MBSS will trigger a peering attempt. 913*a1157835SDaniel Fojt */ 914*a1157835SDaniel Fojt int no_auto_peer; 915*a1157835SDaniel Fojt 916*a1157835SDaniel Fojt /** 917*a1157835SDaniel Fojt * mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm) 918*a1157835SDaniel Fojt * 919*a1157835SDaniel Fojt * -255..-1 = threshold value in dBm 920*a1157835SDaniel Fojt * 0 = not using RSSI threshold 921*a1157835SDaniel Fojt * 1 = do not change driver default 922*a1157835SDaniel Fojt */ 923*a1157835SDaniel Fojt int mesh_rssi_threshold; 924*a1157835SDaniel Fojt 925*a1157835SDaniel Fojt /** 926*a1157835SDaniel Fojt * wps_disabled - WPS disabled in AP mode 927*a1157835SDaniel Fojt * 928*a1157835SDaniel Fojt * 0 = WPS enabled and configured (default) 929*a1157835SDaniel Fojt * 1 = WPS disabled 930*a1157835SDaniel Fojt */ 931*a1157835SDaniel Fojt int wps_disabled; 932*a1157835SDaniel Fojt 933*a1157835SDaniel Fojt /** 934*a1157835SDaniel Fojt * fils_dh_group - FILS DH Group 935*a1157835SDaniel Fojt * 936*a1157835SDaniel Fojt * 0 = PFS disabled with FILS shared key authentication 937*a1157835SDaniel Fojt * 1-65535 DH Group to use for FILS PFS 938*a1157835SDaniel Fojt */ 939*a1157835SDaniel Fojt int fils_dh_group; 940*a1157835SDaniel Fojt 941*a1157835SDaniel Fojt /** 942*a1157835SDaniel Fojt * dpp_connector - DPP Connector (signedConnector as string) 943*a1157835SDaniel Fojt */ 944*a1157835SDaniel Fojt char *dpp_connector; 945*a1157835SDaniel Fojt 946*a1157835SDaniel Fojt /** 947*a1157835SDaniel Fojt * dpp_netaccesskey - DPP netAccessKey (own private key) 948*a1157835SDaniel Fojt */ 949*a1157835SDaniel Fojt u8 *dpp_netaccesskey; 950*a1157835SDaniel Fojt 951*a1157835SDaniel Fojt /** 952*a1157835SDaniel Fojt * dpp_netaccesskey_len - DPP netAccessKey length in octets 953*a1157835SDaniel Fojt */ 954*a1157835SDaniel Fojt size_t dpp_netaccesskey_len; 955*a1157835SDaniel Fojt 956*a1157835SDaniel Fojt /** 957*a1157835SDaniel Fojt * net_access_key_expiry - DPP netAccessKey expiry in UNIX time stamp 958*a1157835SDaniel Fojt * 959*a1157835SDaniel Fojt * 0 indicates no expiration. 960*a1157835SDaniel Fojt */ 961*a1157835SDaniel Fojt unsigned int dpp_netaccesskey_expiry; 962*a1157835SDaniel Fojt 963*a1157835SDaniel Fojt /** 964*a1157835SDaniel Fojt * dpp_csign - C-sign-key (Configurator public key) 965*a1157835SDaniel Fojt */ 966*a1157835SDaniel Fojt u8 *dpp_csign; 967*a1157835SDaniel Fojt 968*a1157835SDaniel Fojt /** 969*a1157835SDaniel Fojt * dpp_csign_len - C-sign-key length in octets 970*a1157835SDaniel Fojt */ 971*a1157835SDaniel Fojt size_t dpp_csign_len; 972*a1157835SDaniel Fojt 973*a1157835SDaniel Fojt /** 974*a1157835SDaniel Fojt * owe_group - OWE DH Group 975*a1157835SDaniel Fojt * 976*a1157835SDaniel Fojt * 0 = use default (19) first and then try all supported groups one by 977*a1157835SDaniel Fojt * one if AP rejects the selected group 978*a1157835SDaniel Fojt * 1-65535 DH Group to use for OWE 979*a1157835SDaniel Fojt * 980*a1157835SDaniel Fojt * Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are 981*a1157835SDaniel Fojt * currently supported. 982*a1157835SDaniel Fojt */ 983*a1157835SDaniel Fojt int owe_group; 984*a1157835SDaniel Fojt 985*a1157835SDaniel Fojt /** 986*a1157835SDaniel Fojt * owe_only - OWE-only mode (disable transition mode) 987*a1157835SDaniel Fojt * 988*a1157835SDaniel Fojt * 0 = enable transition mode (allow connection to either OWE or open 989*a1157835SDaniel Fojt * BSS) 990*a1157835SDaniel Fojt * 1 = disable transition mode (allow connection only with OWE) 991*a1157835SDaniel Fojt */ 992*a1157835SDaniel Fojt int owe_only; 993*a1157835SDaniel Fojt 994*a1157835SDaniel Fojt /** 995*a1157835SDaniel Fojt * owe_transition_bss_select_count - OWE transition BSS select count 996*a1157835SDaniel Fojt * 997*a1157835SDaniel Fojt * This is an internally used variable (i.e., not used in external 998*a1157835SDaniel Fojt * configuration) to track the number of selection attempts done for 999*a1157835SDaniel Fojt * OWE BSS in transition mode. This allows fallback to an open BSS if 1000*a1157835SDaniel Fojt * the selection attempts for OWE BSS exceed the configured threshold. 1001*a1157835SDaniel Fojt */ 1002*a1157835SDaniel Fojt int owe_transition_bss_select_count; 1003*a1157835SDaniel Fojt 1004*a1157835SDaniel Fojt /** 1005*a1157835SDaniel Fojt * multi_ap_backhaul_sta - Multi-AP backhaul STA 1006*a1157835SDaniel Fojt * 0 = normal (non-Multi-AP) station 1007*a1157835SDaniel Fojt * 1 = Multi-AP backhaul station 1008*a1157835SDaniel Fojt */ 1009*a1157835SDaniel Fojt int multi_ap_backhaul_sta; 1010*a1157835SDaniel Fojt 1011*a1157835SDaniel Fojt /** 1012*a1157835SDaniel Fojt * ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed 1013*a1157835SDaniel Fojt * 0 = do not try to use PMKSA caching with FT-EAP 1014*a1157835SDaniel Fojt * 1 = try to use PMKSA caching with FT-EAP 1015*a1157835SDaniel Fojt * 1016*a1157835SDaniel Fojt * This controls whether to try to use PMKSA caching with FT-EAP for the 1017*a1157835SDaniel Fojt * FT initial mobility domain association. 1018*a1157835SDaniel Fojt */ 1019*a1157835SDaniel Fojt int ft_eap_pmksa_caching; 10206d49e1aeSJan Lentfer }; 10216d49e1aeSJan Lentfer 10226d49e1aeSJan Lentfer #endif /* CONFIG_SSID_H */ 1023