139beb93cSSam Leffler# Example hostapd build time configuration 239beb93cSSam Leffler# 339beb93cSSam Leffler# This file lists the configuration options that are used when building the 439beb93cSSam Leffler# hostapd binary. All lines starting with # are ignored. Configuration option 539beb93cSSam Leffler# lines must be commented out complete, if they are not to be included, i.e., 639beb93cSSam Leffler# just setting VARIABLE=n is not disabling that variable. 739beb93cSSam Leffler# 839beb93cSSam Leffler# This file is included in Makefile, so variables like CFLAGS and LIBS can also 939beb93cSSam Leffler# be modified from here. In most cass, these lines should use += in order not 1039beb93cSSam Leffler# to override previous values of the variables. 1139beb93cSSam Leffler 1239beb93cSSam Leffler# Driver interface for Host AP driver 1339beb93cSSam LefflerCONFIG_DRIVER_HOSTAP=y 1439beb93cSSam Leffler 1539beb93cSSam Leffler# Driver interface for wired authenticator 1639beb93cSSam Leffler#CONFIG_DRIVER_WIRED=y 1739beb93cSSam Leffler 1839beb93cSSam Leffler# Driver interface for drivers using the nl80211 kernel interface 19f05cddf9SRui PauloCONFIG_DRIVER_NL80211=y 2039beb93cSSam Leffler 21780fb4a2SCy Schubert# QCA vendor extensions to nl80211 22780fb4a2SCy Schubert#CONFIG_DRIVER_NL80211_QCA=y 23780fb4a2SCy Schubert 245b9c547cSRui Paulo# driver_nl80211.c requires libnl. If you are compiling it yourself 255b9c547cSRui Paulo# you may need to point hostapd to your version of libnl. 265b9c547cSRui Paulo# 275b9c547cSRui Paulo#CFLAGS += -I$<path to libnl include files> 285b9c547cSRui Paulo#LIBS += -L$<path to libnl library files> 295b9c547cSRui Paulo 305b9c547cSRui Paulo# Use libnl v2.0 (or 3.0) libraries. 315b9c547cSRui Paulo#CONFIG_LIBNL20=y 325b9c547cSRui Paulo 335b9c547cSRui Paulo# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) 3485732ac8SCy SchubertCONFIG_LIBNL32=y 355b9c547cSRui Paulo 365b9c547cSRui Paulo 3739beb93cSSam Leffler# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) 3839beb93cSSam Leffler#CONFIG_DRIVER_BSD=y 3939beb93cSSam Leffler#CFLAGS += -I/usr/local/include 4039beb93cSSam Leffler#LIBS += -L/usr/local/lib 41e28a4053SRui Paulo#LIBS_p += -L/usr/local/lib 42e28a4053SRui Paulo#LIBS_c += -L/usr/local/lib 4339beb93cSSam Leffler 4439beb93cSSam Leffler# Driver interface for no driver (e.g., RADIUS server only) 4539beb93cSSam Leffler#CONFIG_DRIVER_NONE=y 4639beb93cSSam Leffler 4739beb93cSSam Leffler# WPA2/IEEE 802.11i RSN pre-authentication 4839beb93cSSam LefflerCONFIG_RSN_PREAUTH=y 4939beb93cSSam Leffler 504bc52338SCy Schubert# Support Operating Channel Validation 514bc52338SCy Schubert#CONFIG_OCV=y 524bc52338SCy Schubert 5339beb93cSSam Leffler# Integrated EAP server 5439beb93cSSam LefflerCONFIG_EAP=y 5539beb93cSSam Leffler 565b9c547cSRui Paulo# EAP Re-authentication Protocol (ERP) in integrated EAP server 575b9c547cSRui PauloCONFIG_ERP=y 585b9c547cSRui Paulo 5939beb93cSSam Leffler# EAP-MD5 for the integrated EAP server 6039beb93cSSam LefflerCONFIG_EAP_MD5=y 6139beb93cSSam Leffler 6239beb93cSSam Leffler# EAP-TLS for the integrated EAP server 6339beb93cSSam LefflerCONFIG_EAP_TLS=y 6439beb93cSSam Leffler 6539beb93cSSam Leffler# EAP-MSCHAPv2 for the integrated EAP server 6639beb93cSSam LefflerCONFIG_EAP_MSCHAPV2=y 6739beb93cSSam Leffler 6839beb93cSSam Leffler# EAP-PEAP for the integrated EAP server 6939beb93cSSam LefflerCONFIG_EAP_PEAP=y 7039beb93cSSam Leffler 7139beb93cSSam Leffler# EAP-GTC for the integrated EAP server 7239beb93cSSam LefflerCONFIG_EAP_GTC=y 7339beb93cSSam Leffler 7439beb93cSSam Leffler# EAP-TTLS for the integrated EAP server 7539beb93cSSam LefflerCONFIG_EAP_TTLS=y 7639beb93cSSam Leffler 7739beb93cSSam Leffler# EAP-SIM for the integrated EAP server 7839beb93cSSam Leffler#CONFIG_EAP_SIM=y 7939beb93cSSam Leffler 8039beb93cSSam Leffler# EAP-AKA for the integrated EAP server 8139beb93cSSam Leffler#CONFIG_EAP_AKA=y 8239beb93cSSam Leffler 8339beb93cSSam Leffler# EAP-AKA' for the integrated EAP server 8439beb93cSSam Leffler# This requires CONFIG_EAP_AKA to be enabled, too. 8539beb93cSSam Leffler#CONFIG_EAP_AKA_PRIME=y 8639beb93cSSam Leffler 8739beb93cSSam Leffler# EAP-PAX for the integrated EAP server 8839beb93cSSam Leffler#CONFIG_EAP_PAX=y 8939beb93cSSam Leffler 9039beb93cSSam Leffler# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) 9139beb93cSSam Leffler#CONFIG_EAP_PSK=y 9239beb93cSSam Leffler 93f05cddf9SRui Paulo# EAP-pwd for the integrated EAP server (secure authentication with a password) 94f05cddf9SRui Paulo#CONFIG_EAP_PWD=y 95f05cddf9SRui Paulo 9639beb93cSSam Leffler# EAP-SAKE for the integrated EAP server 9739beb93cSSam Leffler#CONFIG_EAP_SAKE=y 9839beb93cSSam Leffler 9939beb93cSSam Leffler# EAP-GPSK for the integrated EAP server 10039beb93cSSam Leffler#CONFIG_EAP_GPSK=y 10139beb93cSSam Leffler# Include support for optional SHA256 cipher suite in EAP-GPSK 10239beb93cSSam Leffler#CONFIG_EAP_GPSK_SHA256=y 10339beb93cSSam Leffler 10439beb93cSSam Leffler# EAP-FAST for the integrated EAP server 10539beb93cSSam Leffler#CONFIG_EAP_FAST=y 10639beb93cSSam Leffler 107206b73d0SCy Schubert# EAP-TEAP for the integrated EAP server 108206b73d0SCy Schubert# Note: The current EAP-TEAP implementation is experimental and should not be 109206b73d0SCy Schubert# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number 110206b73d0SCy Schubert# of conflicting statements and missing details and the implementation has 111206b73d0SCy Schubert# vendor specific workarounds for those and as such, may not interoperate with 112206b73d0SCy Schubert# any other implementation. This should not be used for anything else than 113206b73d0SCy Schubert# experimentation and interoperability testing until those issues has been 114206b73d0SCy Schubert# resolved. 115206b73d0SCy Schubert#CONFIG_EAP_TEAP=y 116206b73d0SCy Schubert 11739beb93cSSam Leffler# Wi-Fi Protected Setup (WPS) 11839beb93cSSam Leffler#CONFIG_WPS=y 11939beb93cSSam Leffler# Enable UPnP support for external WPS Registrars 12039beb93cSSam Leffler#CONFIG_WPS_UPNP=y 121f05cddf9SRui Paulo# Enable WPS support with NFC config method 122f05cddf9SRui Paulo#CONFIG_WPS_NFC=y 12339beb93cSSam Leffler 12439beb93cSSam Leffler# EAP-IKEv2 12539beb93cSSam Leffler#CONFIG_EAP_IKEV2=y 12639beb93cSSam Leffler 12739beb93cSSam Leffler# Trusted Network Connect (EAP-TNC) 12839beb93cSSam Leffler#CONFIG_EAP_TNC=y 12939beb93cSSam Leffler 1305b9c547cSRui Paulo# EAP-EKE for the integrated EAP server 1315b9c547cSRui Paulo#CONFIG_EAP_EKE=y 1325b9c547cSRui Paulo 13339beb93cSSam Leffler# PKCS#12 (PFX) support (used to read private key and certificate file from 13439beb93cSSam Leffler# a file that usually has extension .p12 or .pfx) 13539beb93cSSam LefflerCONFIG_PKCS12=y 13639beb93cSSam Leffler 13739beb93cSSam Leffler# RADIUS authentication server. This provides access to the integrated EAP 13839beb93cSSam Leffler# server from external hosts using RADIUS. 13939beb93cSSam Leffler#CONFIG_RADIUS_SERVER=y 14039beb93cSSam Leffler 14139beb93cSSam Leffler# Build IPv6 support for RADIUS operations 14239beb93cSSam LefflerCONFIG_IPV6=y 14339beb93cSSam Leffler 14439beb93cSSam Leffler# IEEE Std 802.11r-2008 (Fast BSS Transition) 14539beb93cSSam Leffler#CONFIG_IEEE80211R=y 14639beb93cSSam Leffler 14739beb93cSSam Leffler# Use the hostapd's IEEE 802.11 authentication (ACL), but without 1485b9c547cSRui Paulo# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) 14939beb93cSSam Leffler#CONFIG_DRIVER_RADIUS_ACL=y 15039beb93cSSam Leffler 151f05cddf9SRui Paulo# Wireless Network Management (IEEE Std 802.11v-2011) 152f05cddf9SRui Paulo# Note: This is experimental and not complete implementation. 153f05cddf9SRui Paulo#CONFIG_WNM=y 154f05cddf9SRui Paulo 155f05cddf9SRui Paulo# IEEE 802.11ac (Very High Throughput) support 156f05cddf9SRui Paulo#CONFIG_IEEE80211AC=y 157f05cddf9SRui Paulo 15885732ac8SCy Schubert# IEEE 802.11ax HE support 15985732ac8SCy Schubert# Note: This is experimental and work in progress. The definitions are still 16085732ac8SCy Schubert# subject to change and this should not be expected to interoperate with the 16185732ac8SCy Schubert# final IEEE 802.11ax version. 16285732ac8SCy Schubert#CONFIG_IEEE80211AX=y 16385732ac8SCy Schubert 16439beb93cSSam Leffler# Remove debugging code that is printing out debug messages to stdout. 16539beb93cSSam Leffler# This can be used to reduce the size of the hostapd considerably if debugging 16639beb93cSSam Leffler# code is not needed. 16739beb93cSSam Leffler#CONFIG_NO_STDOUT_DEBUG=y 168e28a4053SRui Paulo 169f05cddf9SRui Paulo# Add support for writing debug log to a file: -f /tmp/hostapd.log 170f05cddf9SRui Paulo# Disabled by default. 171f05cddf9SRui Paulo#CONFIG_DEBUG_FILE=y 172f05cddf9SRui Paulo 17385732ac8SCy Schubert# Send debug messages to syslog instead of stdout 17485732ac8SCy Schubert#CONFIG_DEBUG_SYSLOG=y 17585732ac8SCy Schubert 1765b9c547cSRui Paulo# Add support for sending all debug messages (regardless of debug verbosity) 1775b9c547cSRui Paulo# to the Linux kernel tracing facility. This helps debug the entire stack by 1785b9c547cSRui Paulo# making it easy to record everything happening from the driver up into the 1795b9c547cSRui Paulo# same file, e.g., using trace-cmd. 1805b9c547cSRui Paulo#CONFIG_DEBUG_LINUX_TRACING=y 1815b9c547cSRui Paulo 182e28a4053SRui Paulo# Remove support for RADIUS accounting 183e28a4053SRui Paulo#CONFIG_NO_ACCOUNTING=y 184e28a4053SRui Paulo 185e28a4053SRui Paulo# Remove support for RADIUS 186e28a4053SRui Paulo#CONFIG_NO_RADIUS=y 187e28a4053SRui Paulo 188e28a4053SRui Paulo# Remove support for VLANs 189e28a4053SRui Paulo#CONFIG_NO_VLAN=y 190e28a4053SRui Paulo 191f05cddf9SRui Paulo# Enable support for fully dynamic VLANs. This enables hostapd to 192f05cddf9SRui Paulo# automatically create bridge and VLAN interfaces if necessary. 193f05cddf9SRui Paulo#CONFIG_FULL_DYNAMIC_VLAN=y 194f05cddf9SRui Paulo 195f05cddf9SRui Paulo# Use netlink-based kernel API for VLAN operations instead of ioctl() 196f05cddf9SRui Paulo# Note: This requires libnl 3.1 or newer. 197f05cddf9SRui Paulo#CONFIG_VLAN_NETLINK=y 198f05cddf9SRui Paulo 1995b9c547cSRui Paulo# Remove support for dumping internal state through control interface commands 200e28a4053SRui Paulo# This can be used to reduce binary size at the cost of disabling a debugging 201e28a4053SRui Paulo# option. 202e28a4053SRui Paulo#CONFIG_NO_DUMP_STATE=y 203e28a4053SRui Paulo 204e28a4053SRui Paulo# Enable tracing code for developer debugging 205e28a4053SRui Paulo# This tracks use of memory allocations and other registrations and reports 206e28a4053SRui Paulo# incorrect use with a backtrace of call (or allocation) location. 207e28a4053SRui Paulo#CONFIG_WPA_TRACE=y 208e28a4053SRui Paulo# For BSD, comment out these. 209e28a4053SRui Paulo#LIBS += -lexecinfo 210e28a4053SRui Paulo#LIBS_p += -lexecinfo 211e28a4053SRui Paulo#LIBS_c += -lexecinfo 212e28a4053SRui Paulo 213e28a4053SRui Paulo# Use libbfd to get more details for developer debugging 214e28a4053SRui Paulo# This enables use of libbfd to get more detailed symbols for the backtraces 215e28a4053SRui Paulo# generated by CONFIG_WPA_TRACE=y. 216e28a4053SRui Paulo#CONFIG_WPA_TRACE_BFD=y 217e28a4053SRui Paulo# For BSD, comment out these. 218e28a4053SRui Paulo#LIBS += -lbfd -liberty -lz 219e28a4053SRui Paulo#LIBS_p += -lbfd -liberty -lz 220e28a4053SRui Paulo#LIBS_c += -lbfd -liberty -lz 221f05cddf9SRui Paulo 222f05cddf9SRui Paulo# hostapd depends on strong random number generation being available from the 223f05cddf9SRui Paulo# operating system. os_get_random() function is used to fetch random data when 224f05cddf9SRui Paulo# needed, e.g., for key generation. On Linux and BSD systems, this works by 225f05cddf9SRui Paulo# reading /dev/urandom. It should be noted that the OS entropy pool needs to be 226f05cddf9SRui Paulo# properly initialized before hostapd is started. This is important especially 227f05cddf9SRui Paulo# on embedded devices that do not have a hardware random number generator and 228f05cddf9SRui Paulo# may by default start up with minimal entropy available for random number 229f05cddf9SRui Paulo# generation. 230f05cddf9SRui Paulo# 231f05cddf9SRui Paulo# As a safety net, hostapd is by default trying to internally collect 232f05cddf9SRui Paulo# additional entropy for generating random data to mix in with the data 233f05cddf9SRui Paulo# fetched from the OS. This by itself is not considered to be very strong, but 234f05cddf9SRui Paulo# it may help in cases where the system pool is not initialized properly. 235f05cddf9SRui Paulo# However, it is very strongly recommended that the system pool is initialized 236f05cddf9SRui Paulo# with enough entropy either by using hardware assisted random number 237f05cddf9SRui Paulo# generator or by storing state over device reboots. 238f05cddf9SRui Paulo# 239f05cddf9SRui Paulo# hostapd can be configured to maintain its own entropy store over restarts to 240f05cddf9SRui Paulo# enhance random number generation. This is not perfect, but it is much more 241f05cddf9SRui Paulo# secure than using the same sequence of random numbers after every reboot. 242f05cddf9SRui Paulo# This can be enabled with -e<entropy file> command line option. The specified 243f05cddf9SRui Paulo# file needs to be readable and writable by hostapd. 244f05cddf9SRui Paulo# 245f05cddf9SRui Paulo# If the os_get_random() is known to provide strong random data (e.g., on 246f05cddf9SRui Paulo# Linux/BSD, the board in question is known to have reliable source of random 247f05cddf9SRui Paulo# data from /dev/urandom), the internal hostapd random pool can be disabled. 248f05cddf9SRui Paulo# This will save some in binary size and CPU use. However, this should only be 249f05cddf9SRui Paulo# considered for builds that are known to be used on devices that meet the 250f05cddf9SRui Paulo# requirements described above. 251f05cddf9SRui Paulo#CONFIG_NO_RANDOM_POOL=y 252f05cddf9SRui Paulo 2534bc52338SCy Schubert# Should we attempt to use the getrandom(2) call that provides more reliable 2544bc52338SCy Schubert# yet secure randomness source than /dev/random on Linux 3.17 and newer. 2554bc52338SCy Schubert# Requires glibc 2.25 to build, falls back to /dev/random if unavailable. 2564bc52338SCy Schubert#CONFIG_GETRANDOM=y 2574bc52338SCy Schubert 258325151a3SRui Paulo# Should we use poll instead of select? Select is used by default. 259325151a3SRui Paulo#CONFIG_ELOOP_POLL=y 260325151a3SRui Paulo 261325151a3SRui Paulo# Should we use epoll instead of select? Select is used by default. 262325151a3SRui Paulo#CONFIG_ELOOP_EPOLL=y 263325151a3SRui Paulo 264780fb4a2SCy Schubert# Should we use kqueue instead of select? Select is used by default. 265780fb4a2SCy Schubert#CONFIG_ELOOP_KQUEUE=y 266780fb4a2SCy Schubert 267f05cddf9SRui Paulo# Select TLS implementation 268f05cddf9SRui Paulo# openssl = OpenSSL (default) 269f05cddf9SRui Paulo# gnutls = GnuTLS 270f05cddf9SRui Paulo# internal = Internal TLSv1 implementation (experimental) 27185732ac8SCy Schubert# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) 272f05cddf9SRui Paulo# none = Empty template 273f05cddf9SRui Paulo#CONFIG_TLS=openssl 274f05cddf9SRui Paulo 275f05cddf9SRui Paulo# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) 276f05cddf9SRui Paulo# can be enabled to get a stronger construction of messages when block ciphers 277f05cddf9SRui Paulo# are used. 278f05cddf9SRui Paulo#CONFIG_TLSV11=y 279f05cddf9SRui Paulo 280f05cddf9SRui Paulo# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) 281f05cddf9SRui Paulo# can be enabled to enable use of stronger crypto algorithms. 282f05cddf9SRui Paulo#CONFIG_TLSV12=y 283f05cddf9SRui Paulo 28485732ac8SCy Schubert# Select which ciphers to use by default with OpenSSL if the user does not 28585732ac8SCy Schubert# specify them. 28685732ac8SCy Schubert#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" 28785732ac8SCy Schubert 288f05cddf9SRui Paulo# If CONFIG_TLS=internal is used, additional library and include paths are 289f05cddf9SRui Paulo# needed for LibTomMath. Alternatively, an integrated, minimal version of 290f05cddf9SRui Paulo# LibTomMath can be used. See beginning of libtommath.c for details on benefits 291f05cddf9SRui Paulo# and drawbacks of this option. 292f05cddf9SRui Paulo#CONFIG_INTERNAL_LIBTOMMATH=y 293f05cddf9SRui Paulo#ifndef CONFIG_INTERNAL_LIBTOMMATH 294f05cddf9SRui Paulo#LTM_PATH=/usr/src/libtommath-0.39 295f05cddf9SRui Paulo#CFLAGS += -I$(LTM_PATH) 296f05cddf9SRui Paulo#LIBS += -L$(LTM_PATH) 297f05cddf9SRui Paulo#LIBS_p += -L$(LTM_PATH) 298f05cddf9SRui Paulo#endif 299f05cddf9SRui Paulo# At the cost of about 4 kB of additional binary size, the internal LibTomMath 300f05cddf9SRui Paulo# can be configured to include faster routines for exptmod, sqr, and div to 301f05cddf9SRui Paulo# speed up DH and RSA calculation considerably 302f05cddf9SRui Paulo#CONFIG_INTERNAL_LIBTOMMATH_FAST=y 303f05cddf9SRui Paulo 304f05cddf9SRui Paulo# Interworking (IEEE 802.11u) 305f05cddf9SRui Paulo# This can be used to enable functionality to improve interworking with 306f05cddf9SRui Paulo# external networks. 307f05cddf9SRui Paulo#CONFIG_INTERWORKING=y 308f05cddf9SRui Paulo 309f05cddf9SRui Paulo# Hotspot 2.0 310f05cddf9SRui Paulo#CONFIG_HS20=y 311f05cddf9SRui Paulo 312f05cddf9SRui Paulo# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file 313f05cddf9SRui Paulo#CONFIG_SQLITE=y 3145b9c547cSRui Paulo 315325151a3SRui Paulo# Enable Fast Session Transfer (FST) 316325151a3SRui Paulo#CONFIG_FST=y 317325151a3SRui Paulo 318325151a3SRui Paulo# Enable CLI commands for FST testing 319325151a3SRui Paulo#CONFIG_FST_TEST=y 320325151a3SRui Paulo 3215b9c547cSRui Paulo# Testing options 3225b9c547cSRui Paulo# This can be used to enable some testing options (see also the example 3235b9c547cSRui Paulo# configuration file) that are really useful only for testing clients that 3245b9c547cSRui Paulo# connect to this hostapd. These options allow, for example, to drop a 3255b9c547cSRui Paulo# certain percentage of probe requests or auth/(re)assoc frames. 3265b9c547cSRui Paulo# 3275b9c547cSRui Paulo#CONFIG_TESTING_OPTIONS=y 3285b9c547cSRui Paulo 3295b9c547cSRui Paulo# Automatic Channel Selection 3305b9c547cSRui Paulo# This will allow hostapd to pick the channel automatically when channel is set 3315b9c547cSRui Paulo# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in 3325b9c547cSRui Paulo# similar way. 3335b9c547cSRui Paulo# 3345b9c547cSRui Paulo# Automatic selection is currently only done through initialization, later on 3355b9c547cSRui Paulo# we hope to do background checks to keep us moving to more ideal channels as 3365b9c547cSRui Paulo# time goes by. ACS is currently only supported through the nl80211 driver and 3375b9c547cSRui Paulo# your driver must have survey dump capability that is filled by the driver 3385b9c547cSRui Paulo# during scanning. 3395b9c547cSRui Paulo# 3405b9c547cSRui Paulo# You can customize the ACS survey algorithm with the hostapd.conf variable 3415b9c547cSRui Paulo# acs_num_scans. 3425b9c547cSRui Paulo# 3435b9c547cSRui Paulo# Supported ACS drivers: 3445b9c547cSRui Paulo# * ath9k 3455b9c547cSRui Paulo# * ath5k 3465b9c547cSRui Paulo# * ath10k 3475b9c547cSRui Paulo# 3485b9c547cSRui Paulo# For more details refer to: 349c1d255d3SCy Schubert# https://wireless.wiki.kernel.org/en/users/documentation/acs 3505b9c547cSRui Paulo# 3515b9c547cSRui Paulo#CONFIG_ACS=y 352780fb4a2SCy Schubert 353780fb4a2SCy Schubert# Multiband Operation support 354c1d255d3SCy Schubert# These extensions facilitate efficient use of multiple frequency bands 355780fb4a2SCy Schubert# available to the AP and the devices that may associate with it. 356780fb4a2SCy Schubert#CONFIG_MBO=y 357780fb4a2SCy Schubert 358780fb4a2SCy Schubert# Client Taxonomy 359780fb4a2SCy Schubert# Has the AP retain the Probe Request and (Re)Association Request frames from 360780fb4a2SCy Schubert# a client, from which a signature can be produced which can identify the model 361780fb4a2SCy Schubert# of client device like "Nexus 6P" or "iPhone 5s". 362780fb4a2SCy Schubert#CONFIG_TAXONOMY=y 36385732ac8SCy Schubert 36485732ac8SCy Schubert# Fast Initial Link Setup (FILS) (IEEE 802.11ai) 36585732ac8SCy Schubert#CONFIG_FILS=y 36685732ac8SCy Schubert# FILS shared key authentication with PFS 36785732ac8SCy Schubert#CONFIG_FILS_SK_PFS=y 36885732ac8SCy Schubert 36985732ac8SCy Schubert# Include internal line edit mode in hostapd_cli. This can be used to provide 37085732ac8SCy Schubert# limited command line editing and history support. 37185732ac8SCy Schubert#CONFIG_WPA_CLI_EDIT=y 37285732ac8SCy Schubert 37385732ac8SCy Schubert# Opportunistic Wireless Encryption (OWE) 37485732ac8SCy Schubert# Experimental implementation of draft-harkins-owe-07.txt 37585732ac8SCy Schubert#CONFIG_OWE=y 37685732ac8SCy Schubert 377206b73d0SCy Schubert# Airtime policy support 378206b73d0SCy Schubert#CONFIG_AIRTIME_POLICY=y 379206b73d0SCy Schubert 38085732ac8SCy Schubert# Override default value for the wpa_disable_eapol_key_retries configuration 38185732ac8SCy Schubert# parameter. See that parameter in hostapd.conf for more details. 38285732ac8SCy Schubert#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 383c1d255d3SCy Schubert 384c1d255d3SCy Schubert# Wired equivalent privacy (WEP) 385c1d255d3SCy Schubert# WEP is an obsolete cryptographic data confidentiality algorithm that is not 386c1d255d3SCy Schubert# considered secure. It should not be used for anything anymore. The 387c1d255d3SCy Schubert# functionality needed to use WEP is available in the current hostapd 388c1d255d3SCy Schubert# release under this optional build parameter. This functionality is subject to 389c1d255d3SCy Schubert# be completely removed in a future release. 390c1d255d3SCy Schubert#CONFIG_WEP=y 391c1d255d3SCy Schubert 392c1d255d3SCy Schubert# Remove all TKIP functionality 393c1d255d3SCy Schubert# TKIP is an old cryptographic data confidentiality algorithm that is not 394c1d255d3SCy Schubert# considered secure. It should not be used anymore. For now, the default hostapd 395c1d255d3SCy Schubert# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but 396c1d255d3SCy Schubert# that functionality is subject to be removed in the future. 397c1d255d3SCy Schubert#CONFIG_NO_TKIP=y 398c1d255d3SCy Schubert 399c1d255d3SCy Schubert# Pre-Association Security Negotiation (PASN) 400c1d255d3SCy Schubert# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol 401c1d255d3SCy Schubert# design is still subject to change. As such, this should not yet be enabled in 402c1d255d3SCy Schubert# production use. 403c1d255d3SCy Schubert# This requires CONFIG_IEEE80211W=y to be enabled, too. 404c1d255d3SCy Schubert#CONFIG_PASN=y 40532a95656SCy Schubert 40632a95656SCy Schubert# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) 40732a95656SCy SchubertCONFIG_DPP=y 40832a95656SCy Schubert# DPP version 2 support 40932a95656SCy SchubertCONFIG_DPP2=y 41032a95656SCy Schubert# DPP version 3 support (experimental and still changing; do not enable for 41132a95656SCy Schubert# production use) 41232a95656SCy Schubert#CONFIG_DPP3=y 413