139beb93cSSam Leffler# Example hostapd build time configuration 239beb93cSSam Leffler# 339beb93cSSam Leffler# This file lists the configuration options that are used when building the 439beb93cSSam Leffler# hostapd binary. All lines starting with # are ignored. Configuration option 539beb93cSSam Leffler# lines must be commented out complete, if they are not to be included, i.e., 639beb93cSSam Leffler# just setting VARIABLE=n is not disabling that variable. 739beb93cSSam Leffler# 839beb93cSSam Leffler# This file is included in Makefile, so variables like CFLAGS and LIBS can also 939beb93cSSam Leffler# be modified from here. In most cass, these lines should use += in order not 1039beb93cSSam Leffler# to override previous values of the variables. 1139beb93cSSam Leffler 1239beb93cSSam Leffler# Driver interface for Host AP driver 1339beb93cSSam LefflerCONFIG_DRIVER_HOSTAP=y 1439beb93cSSam Leffler 1539beb93cSSam Leffler# Driver interface for wired authenticator 1639beb93cSSam Leffler#CONFIG_DRIVER_WIRED=y 1739beb93cSSam Leffler 1839beb93cSSam Leffler# Driver interface for madwifi driver 1939beb93cSSam Leffler#CONFIG_DRIVER_MADWIFI=y 2039beb93cSSam Leffler#CFLAGS += -I../../madwifi # change to the madwifi source directory 2139beb93cSSam Leffler 2239beb93cSSam Leffler# Driver interface for drivers using the nl80211 kernel interface 23f05cddf9SRui PauloCONFIG_DRIVER_NL80211=y 2439beb93cSSam Leffler 2539beb93cSSam Leffler# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) 2639beb93cSSam Leffler#CONFIG_DRIVER_BSD=y 2739beb93cSSam Leffler#CFLAGS += -I/usr/local/include 2839beb93cSSam Leffler#LIBS += -L/usr/local/lib 29e28a4053SRui Paulo#LIBS_p += -L/usr/local/lib 30e28a4053SRui Paulo#LIBS_c += -L/usr/local/lib 3139beb93cSSam Leffler 3239beb93cSSam Leffler# Driver interface for no driver (e.g., RADIUS server only) 3339beb93cSSam Leffler#CONFIG_DRIVER_NONE=y 3439beb93cSSam Leffler 3539beb93cSSam Leffler# IEEE 802.11F/IAPP 3639beb93cSSam LefflerCONFIG_IAPP=y 3739beb93cSSam Leffler 3839beb93cSSam Leffler# WPA2/IEEE 802.11i RSN pre-authentication 3939beb93cSSam LefflerCONFIG_RSN_PREAUTH=y 4039beb93cSSam Leffler 4139beb93cSSam Leffler# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) 4239beb93cSSam LefflerCONFIG_PEERKEY=y 4339beb93cSSam Leffler 4439beb93cSSam Leffler# IEEE 802.11w (management frame protection) 4539beb93cSSam Leffler# This version is an experimental implementation based on IEEE 802.11w/D1.0 4639beb93cSSam Leffler# draft and is subject to change since the standard has not yet been finalized. 4739beb93cSSam Leffler# Driver support is also needed for IEEE 802.11w. 4839beb93cSSam Leffler#CONFIG_IEEE80211W=y 4939beb93cSSam Leffler 5039beb93cSSam Leffler# Integrated EAP server 5139beb93cSSam LefflerCONFIG_EAP=y 5239beb93cSSam Leffler 5339beb93cSSam Leffler# EAP-MD5 for the integrated EAP server 5439beb93cSSam LefflerCONFIG_EAP_MD5=y 5539beb93cSSam Leffler 5639beb93cSSam Leffler# EAP-TLS for the integrated EAP server 5739beb93cSSam LefflerCONFIG_EAP_TLS=y 5839beb93cSSam Leffler 5939beb93cSSam Leffler# EAP-MSCHAPv2 for the integrated EAP server 6039beb93cSSam LefflerCONFIG_EAP_MSCHAPV2=y 6139beb93cSSam Leffler 6239beb93cSSam Leffler# EAP-PEAP for the integrated EAP server 6339beb93cSSam LefflerCONFIG_EAP_PEAP=y 6439beb93cSSam Leffler 6539beb93cSSam Leffler# EAP-GTC for the integrated EAP server 6639beb93cSSam LefflerCONFIG_EAP_GTC=y 6739beb93cSSam Leffler 6839beb93cSSam Leffler# EAP-TTLS for the integrated EAP server 6939beb93cSSam LefflerCONFIG_EAP_TTLS=y 7039beb93cSSam Leffler 7139beb93cSSam Leffler# EAP-SIM for the integrated EAP server 7239beb93cSSam Leffler#CONFIG_EAP_SIM=y 7339beb93cSSam Leffler 7439beb93cSSam Leffler# EAP-AKA for the integrated EAP server 7539beb93cSSam Leffler#CONFIG_EAP_AKA=y 7639beb93cSSam Leffler 7739beb93cSSam Leffler# EAP-AKA' for the integrated EAP server 7839beb93cSSam Leffler# This requires CONFIG_EAP_AKA to be enabled, too. 7939beb93cSSam Leffler#CONFIG_EAP_AKA_PRIME=y 8039beb93cSSam Leffler 8139beb93cSSam Leffler# EAP-PAX for the integrated EAP server 8239beb93cSSam Leffler#CONFIG_EAP_PAX=y 8339beb93cSSam Leffler 8439beb93cSSam Leffler# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) 8539beb93cSSam Leffler#CONFIG_EAP_PSK=y 8639beb93cSSam Leffler 87f05cddf9SRui Paulo# EAP-pwd for the integrated EAP server (secure authentication with a password) 88f05cddf9SRui Paulo#CONFIG_EAP_PWD=y 89f05cddf9SRui Paulo 9039beb93cSSam Leffler# EAP-SAKE for the integrated EAP server 9139beb93cSSam Leffler#CONFIG_EAP_SAKE=y 9239beb93cSSam Leffler 9339beb93cSSam Leffler# EAP-GPSK for the integrated EAP server 9439beb93cSSam Leffler#CONFIG_EAP_GPSK=y 9539beb93cSSam Leffler# Include support for optional SHA256 cipher suite in EAP-GPSK 9639beb93cSSam Leffler#CONFIG_EAP_GPSK_SHA256=y 9739beb93cSSam Leffler 9839beb93cSSam Leffler# EAP-FAST for the integrated EAP server 9939beb93cSSam Leffler# Note: Default OpenSSL package does not include support for all the 10039beb93cSSam Leffler# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, 10139beb93cSSam Leffler# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) 10239beb93cSSam Leffler# to add the needed functions. 10339beb93cSSam Leffler#CONFIG_EAP_FAST=y 10439beb93cSSam Leffler 10539beb93cSSam Leffler# Wi-Fi Protected Setup (WPS) 10639beb93cSSam Leffler#CONFIG_WPS=y 107f05cddf9SRui Paulo# Enable WSC 2.0 support 108f05cddf9SRui Paulo#CONFIG_WPS2=y 10939beb93cSSam Leffler# Enable UPnP support for external WPS Registrars 11039beb93cSSam Leffler#CONFIG_WPS_UPNP=y 111f05cddf9SRui Paulo# Enable WPS support with NFC config method 112f05cddf9SRui Paulo#CONFIG_WPS_NFC=y 11339beb93cSSam Leffler 11439beb93cSSam Leffler# EAP-IKEv2 11539beb93cSSam Leffler#CONFIG_EAP_IKEV2=y 11639beb93cSSam Leffler 11739beb93cSSam Leffler# Trusted Network Connect (EAP-TNC) 11839beb93cSSam Leffler#CONFIG_EAP_TNC=y 11939beb93cSSam Leffler 12039beb93cSSam Leffler# PKCS#12 (PFX) support (used to read private key and certificate file from 12139beb93cSSam Leffler# a file that usually has extension .p12 or .pfx) 12239beb93cSSam LefflerCONFIG_PKCS12=y 12339beb93cSSam Leffler 12439beb93cSSam Leffler# RADIUS authentication server. This provides access to the integrated EAP 12539beb93cSSam Leffler# server from external hosts using RADIUS. 12639beb93cSSam Leffler#CONFIG_RADIUS_SERVER=y 12739beb93cSSam Leffler 12839beb93cSSam Leffler# Build IPv6 support for RADIUS operations 12939beb93cSSam LefflerCONFIG_IPV6=y 13039beb93cSSam Leffler 13139beb93cSSam Leffler# IEEE Std 802.11r-2008 (Fast BSS Transition) 13239beb93cSSam Leffler#CONFIG_IEEE80211R=y 13339beb93cSSam Leffler 13439beb93cSSam Leffler# Use the hostapd's IEEE 802.11 authentication (ACL), but without 13539beb93cSSam Leffler# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) 13639beb93cSSam Leffler#CONFIG_DRIVER_RADIUS_ACL=y 13739beb93cSSam Leffler 13839beb93cSSam Leffler# IEEE 802.11n (High Throughput) support 13939beb93cSSam Leffler#CONFIG_IEEE80211N=y 14039beb93cSSam Leffler 141f05cddf9SRui Paulo# Wireless Network Management (IEEE Std 802.11v-2011) 142f05cddf9SRui Paulo# Note: This is experimental and not complete implementation. 143f05cddf9SRui Paulo#CONFIG_WNM=y 144f05cddf9SRui Paulo 145f05cddf9SRui Paulo# IEEE 802.11ac (Very High Throughput) support 146f05cddf9SRui Paulo#CONFIG_IEEE80211AC=y 147f05cddf9SRui Paulo 14839beb93cSSam Leffler# Remove debugging code that is printing out debug messages to stdout. 14939beb93cSSam Leffler# This can be used to reduce the size of the hostapd considerably if debugging 15039beb93cSSam Leffler# code is not needed. 15139beb93cSSam Leffler#CONFIG_NO_STDOUT_DEBUG=y 152e28a4053SRui Paulo 153f05cddf9SRui Paulo# Add support for writing debug log to a file: -f /tmp/hostapd.log 154f05cddf9SRui Paulo# Disabled by default. 155f05cddf9SRui Paulo#CONFIG_DEBUG_FILE=y 156f05cddf9SRui Paulo 157e28a4053SRui Paulo# Remove support for RADIUS accounting 158e28a4053SRui Paulo#CONFIG_NO_ACCOUNTING=y 159e28a4053SRui Paulo 160e28a4053SRui Paulo# Remove support for RADIUS 161e28a4053SRui Paulo#CONFIG_NO_RADIUS=y 162e28a4053SRui Paulo 163e28a4053SRui Paulo# Remove support for VLANs 164e28a4053SRui Paulo#CONFIG_NO_VLAN=y 165e28a4053SRui Paulo 166f05cddf9SRui Paulo# Enable support for fully dynamic VLANs. This enables hostapd to 167f05cddf9SRui Paulo# automatically create bridge and VLAN interfaces if necessary. 168f05cddf9SRui Paulo#CONFIG_FULL_DYNAMIC_VLAN=y 169f05cddf9SRui Paulo 170f05cddf9SRui Paulo# Use netlink-based kernel API for VLAN operations instead of ioctl() 171f05cddf9SRui Paulo# Note: This requires libnl 3.1 or newer. 172f05cddf9SRui Paulo#CONFIG_VLAN_NETLINK=y 173f05cddf9SRui Paulo 174e28a4053SRui Paulo# Remove support for dumping state into a file on SIGUSR1 signal 175e28a4053SRui Paulo# This can be used to reduce binary size at the cost of disabling a debugging 176e28a4053SRui Paulo# option. 177e28a4053SRui Paulo#CONFIG_NO_DUMP_STATE=y 178e28a4053SRui Paulo 179e28a4053SRui Paulo# Enable tracing code for developer debugging 180e28a4053SRui Paulo# This tracks use of memory allocations and other registrations and reports 181e28a4053SRui Paulo# incorrect use with a backtrace of call (or allocation) location. 182e28a4053SRui Paulo#CONFIG_WPA_TRACE=y 183e28a4053SRui Paulo# For BSD, comment out these. 184e28a4053SRui Paulo#LIBS += -lexecinfo 185e28a4053SRui Paulo#LIBS_p += -lexecinfo 186e28a4053SRui Paulo#LIBS_c += -lexecinfo 187e28a4053SRui Paulo 188e28a4053SRui Paulo# Use libbfd to get more details for developer debugging 189e28a4053SRui Paulo# This enables use of libbfd to get more detailed symbols for the backtraces 190e28a4053SRui Paulo# generated by CONFIG_WPA_TRACE=y. 191e28a4053SRui Paulo#CONFIG_WPA_TRACE_BFD=y 192e28a4053SRui Paulo# For BSD, comment out these. 193e28a4053SRui Paulo#LIBS += -lbfd -liberty -lz 194e28a4053SRui Paulo#LIBS_p += -lbfd -liberty -lz 195e28a4053SRui Paulo#LIBS_c += -lbfd -liberty -lz 196f05cddf9SRui Paulo 197f05cddf9SRui Paulo# hostapd depends on strong random number generation being available from the 198f05cddf9SRui Paulo# operating system. os_get_random() function is used to fetch random data when 199f05cddf9SRui Paulo# needed, e.g., for key generation. On Linux and BSD systems, this works by 200f05cddf9SRui Paulo# reading /dev/urandom. It should be noted that the OS entropy pool needs to be 201f05cddf9SRui Paulo# properly initialized before hostapd is started. This is important especially 202f05cddf9SRui Paulo# on embedded devices that do not have a hardware random number generator and 203f05cddf9SRui Paulo# may by default start up with minimal entropy available for random number 204f05cddf9SRui Paulo# generation. 205f05cddf9SRui Paulo# 206f05cddf9SRui Paulo# As a safety net, hostapd is by default trying to internally collect 207f05cddf9SRui Paulo# additional entropy for generating random data to mix in with the data 208f05cddf9SRui Paulo# fetched from the OS. This by itself is not considered to be very strong, but 209f05cddf9SRui Paulo# it may help in cases where the system pool is not initialized properly. 210f05cddf9SRui Paulo# However, it is very strongly recommended that the system pool is initialized 211f05cddf9SRui Paulo# with enough entropy either by using hardware assisted random number 212f05cddf9SRui Paulo# generator or by storing state over device reboots. 213f05cddf9SRui Paulo# 214f05cddf9SRui Paulo# hostapd can be configured to maintain its own entropy store over restarts to 215f05cddf9SRui Paulo# enhance random number generation. This is not perfect, but it is much more 216f05cddf9SRui Paulo# secure than using the same sequence of random numbers after every reboot. 217f05cddf9SRui Paulo# This can be enabled with -e<entropy file> command line option. The specified 218f05cddf9SRui Paulo# file needs to be readable and writable by hostapd. 219f05cddf9SRui Paulo# 220f05cddf9SRui Paulo# If the os_get_random() is known to provide strong random data (e.g., on 221f05cddf9SRui Paulo# Linux/BSD, the board in question is known to have reliable source of random 222f05cddf9SRui Paulo# data from /dev/urandom), the internal hostapd random pool can be disabled. 223f05cddf9SRui Paulo# This will save some in binary size and CPU use. However, this should only be 224f05cddf9SRui Paulo# considered for builds that are known to be used on devices that meet the 225f05cddf9SRui Paulo# requirements described above. 226f05cddf9SRui Paulo#CONFIG_NO_RANDOM_POOL=y 227f05cddf9SRui Paulo 228f05cddf9SRui Paulo# Select TLS implementation 229f05cddf9SRui Paulo# openssl = OpenSSL (default) 230f05cddf9SRui Paulo# gnutls = GnuTLS 231f05cddf9SRui Paulo# internal = Internal TLSv1 implementation (experimental) 232f05cddf9SRui Paulo# none = Empty template 233f05cddf9SRui Paulo#CONFIG_TLS=openssl 234f05cddf9SRui Paulo 235f05cddf9SRui Paulo# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) 236f05cddf9SRui Paulo# can be enabled to get a stronger construction of messages when block ciphers 237f05cddf9SRui Paulo# are used. 238f05cddf9SRui Paulo#CONFIG_TLSV11=y 239f05cddf9SRui Paulo 240f05cddf9SRui Paulo# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) 241f05cddf9SRui Paulo# can be enabled to enable use of stronger crypto algorithms. 242f05cddf9SRui Paulo#CONFIG_TLSV12=y 243f05cddf9SRui Paulo 244f05cddf9SRui Paulo# If CONFIG_TLS=internal is used, additional library and include paths are 245f05cddf9SRui Paulo# needed for LibTomMath. Alternatively, an integrated, minimal version of 246f05cddf9SRui Paulo# LibTomMath can be used. See beginning of libtommath.c for details on benefits 247f05cddf9SRui Paulo# and drawbacks of this option. 248f05cddf9SRui Paulo#CONFIG_INTERNAL_LIBTOMMATH=y 249f05cddf9SRui Paulo#ifndef CONFIG_INTERNAL_LIBTOMMATH 250f05cddf9SRui Paulo#LTM_PATH=/usr/src/libtommath-0.39 251f05cddf9SRui Paulo#CFLAGS += -I$(LTM_PATH) 252f05cddf9SRui Paulo#LIBS += -L$(LTM_PATH) 253f05cddf9SRui Paulo#LIBS_p += -L$(LTM_PATH) 254f05cddf9SRui Paulo#endif 255f05cddf9SRui Paulo# At the cost of about 4 kB of additional binary size, the internal LibTomMath 256f05cddf9SRui Paulo# can be configured to include faster routines for exptmod, sqr, and div to 257f05cddf9SRui Paulo# speed up DH and RSA calculation considerably 258f05cddf9SRui Paulo#CONFIG_INTERNAL_LIBTOMMATH_FAST=y 259f05cddf9SRui Paulo 260f05cddf9SRui Paulo# Interworking (IEEE 802.11u) 261f05cddf9SRui Paulo# This can be used to enable functionality to improve interworking with 262f05cddf9SRui Paulo# external networks. 263f05cddf9SRui Paulo#CONFIG_INTERWORKING=y 264f05cddf9SRui Paulo 265f05cddf9SRui Paulo# Hotspot 2.0 266f05cddf9SRui Paulo#CONFIG_HS20=y 267f05cddf9SRui Paulo 268f05cddf9SRui Paulo# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file 269f05cddf9SRui Paulo#CONFIG_SQLITE=y 270