18dbcf02cSchristos /* 28dbcf02cSchristos * WPA Supplicant / Configuration file structures 362a52023Schristos * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 48dbcf02cSchristos * 562a52023Schristos * This software may be distributed under the terms of the BSD license. 662a52023Schristos * See README for more details. 78dbcf02cSchristos */ 88dbcf02cSchristos 98dbcf02cSchristos #ifndef CONFIG_H 108dbcf02cSchristos #define CONFIG_H 118dbcf02cSchristos 128dbcf02cSchristos #define DEFAULT_EAPOL_VERSION 1 138dbcf02cSchristos #ifdef CONFIG_NO_SCAN_PROCESSING 148dbcf02cSchristos #define DEFAULT_AP_SCAN 2 158dbcf02cSchristos #else /* CONFIG_NO_SCAN_PROCESSING */ 168dbcf02cSchristos #define DEFAULT_AP_SCAN 1 178dbcf02cSchristos #endif /* CONFIG_NO_SCAN_PROCESSING */ 189a53cbbeSchristos #define DEFAULT_USER_MPM 1 199a53cbbeSchristos #define DEFAULT_MAX_PEER_LINKS 99 209a53cbbeSchristos #define DEFAULT_MESH_MAX_INACTIVITY 300 21928750b6Schristos /* 22928750b6Schristos * The default dot11RSNASAERetransPeriod is defined as 40 ms in the standard, 23928750b6Schristos * but use 1000 ms in practice to avoid issues on low power CPUs. 24928750b6Schristos */ 25928750b6Schristos #define DEFAULT_DOT11_RSNA_SAE_RETRANS_PERIOD 1000 268dbcf02cSchristos #define DEFAULT_FAST_REAUTH 1 2742669be3Schristos #define DEFAULT_P2P_GO_INTENT 7 2842669be3Schristos #define DEFAULT_P2P_INTRA_BSS 1 2962a52023Schristos #define DEFAULT_P2P_GO_MAX_INACTIVITY (5 * 60) 3036d97821Schristos #define DEFAULT_P2P_OPTIMIZE_LISTEN_CHAN 0 318dbcf02cSchristos #define DEFAULT_BSS_MAX_COUNT 200 3242669be3Schristos #define DEFAULT_BSS_EXPIRATION_AGE 180 3342669be3Schristos #define DEFAULT_BSS_EXPIRATION_SCAN_COUNT 2 3442669be3Schristos #define DEFAULT_MAX_NUM_STA 128 35ebb5671cSchristos #define DEFAULT_AP_ISOLATE 0 3642669be3Schristos #define DEFAULT_ACCESS_NETWORK_TYPE 15 3736d97821Schristos #define DEFAULT_SCAN_CUR_FREQ 0 3836d97821Schristos #define DEFAULT_P2P_SEARCH_DELAY 500 3936d97821Schristos #define DEFAULT_RAND_ADDR_LIFETIME 60 409a53cbbeSchristos #define DEFAULT_KEY_MGMT_OFFLOAD 1 419a53cbbeSchristos #define DEFAULT_CERT_IN_CB 1 429a53cbbeSchristos #define DEFAULT_P2P_GO_CTWINDOW 0 43928750b6Schristos #define DEFAULT_WPA_RSC_RELAXATION 1 44928750b6Schristos #define DEFAULT_MBO_CELL_CAPA MBO_CELL_CAPA_NOT_SUPPORTED 45ebb5671cSchristos #define DEFAULT_DISASSOC_IMMINENT_RSSI_THRESHOLD -75 46ebb5671cSchristos #define DEFAULT_OCE_SUPPORT OCE_STA 478dbcf02cSchristos 488dbcf02cSchristos #include "config_ssid.h" 4942669be3Schristos #include "wps/wps.h" 50928750b6Schristos #include "common/ieee802_11_defs.h" 5162a52023Schristos #include "common/ieee802_11_common.h" 5262a52023Schristos 5362a52023Schristos 54ebb5671cSchristos #define MAX_ROAMING_CONS 36 55ebb5671cSchristos #define MAX_ROAMING_CONS_OI_LEN 15 56ebb5671cSchristos 5762a52023Schristos struct wpa_cred { 5862a52023Schristos /** 5962a52023Schristos * next - Next credential in the list 6062a52023Schristos * 6162a52023Schristos * This pointer can be used to iterate over all credentials. The head 6262a52023Schristos * of this list is stored in the cred field of struct wpa_config. 6362a52023Schristos */ 6462a52023Schristos struct wpa_cred *next; 6562a52023Schristos 6662a52023Schristos /** 6762a52023Schristos * id - Unique id for the credential 6862a52023Schristos * 6962a52023Schristos * This identifier is used as a unique identifier for each credential 7062a52023Schristos * block when using the control interface. Each credential is allocated 7162a52023Schristos * an id when it is being created, either when reading the 7262a52023Schristos * configuration file or when a new credential is added through the 7362a52023Schristos * control interface. 7462a52023Schristos */ 7562a52023Schristos int id; 7662a52023Schristos 7762a52023Schristos /** 7836d97821Schristos * temporary - Whether this credential is temporary and not to be saved 7936d97821Schristos */ 8036d97821Schristos int temporary; 8136d97821Schristos 8236d97821Schristos /** 8362a52023Schristos * priority - Priority group 8462a52023Schristos * 8562a52023Schristos * By default, all networks and credentials get the same priority group 8662a52023Schristos * (0). This field can be used to give higher priority for credentials 8762a52023Schristos * (and similarly in struct wpa_ssid for network blocks) to change the 8862a52023Schristos * Interworking automatic networking selection behavior. The matching 8962a52023Schristos * network (based on either an enabled network block or a credential) 9062a52023Schristos * with the highest priority value will be selected. 9162a52023Schristos */ 9262a52023Schristos int priority; 9362a52023Schristos 9462a52023Schristos /** 9562a52023Schristos * pcsc - Use PC/SC and SIM/USIM card 9662a52023Schristos */ 9762a52023Schristos int pcsc; 9862a52023Schristos 9962a52023Schristos /** 10062a52023Schristos * realm - Home Realm for Interworking 10162a52023Schristos */ 10262a52023Schristos char *realm; 10362a52023Schristos 10462a52023Schristos /** 10562a52023Schristos * username - Username for Interworking network selection 10662a52023Schristos */ 10762a52023Schristos char *username; 10862a52023Schristos 10962a52023Schristos /** 11062a52023Schristos * password - Password for Interworking network selection 11162a52023Schristos */ 11262a52023Schristos char *password; 11362a52023Schristos 11462a52023Schristos /** 11562a52023Schristos * ext_password - Whether password is a name for external storage 11662a52023Schristos */ 11762a52023Schristos int ext_password; 11862a52023Schristos 11962a52023Schristos /** 12062a52023Schristos * ca_cert - CA certificate for Interworking network selection 12162a52023Schristos */ 12262a52023Schristos char *ca_cert; 12362a52023Schristos 12462a52023Schristos /** 12562a52023Schristos * client_cert - File path to client certificate file (PEM/DER) 12662a52023Schristos * 12762a52023Schristos * This field is used with Interworking networking selection for a case 12862a52023Schristos * where client certificate/private key is used for authentication 12962a52023Schristos * (EAP-TLS). Full path to the file should be used since working 13062a52023Schristos * directory may change when wpa_supplicant is run in the background. 13162a52023Schristos * 13262a52023Schristos * Alternatively, a named configuration blob can be used by setting 13362a52023Schristos * this to blob://blob_name. 13462a52023Schristos */ 13562a52023Schristos char *client_cert; 13662a52023Schristos 13762a52023Schristos /** 13862a52023Schristos * private_key - File path to client private key file (PEM/DER/PFX) 13962a52023Schristos * 14062a52023Schristos * When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be 14162a52023Schristos * commented out. Both the private key and certificate will be read 14262a52023Schristos * from the PKCS#12 file in this case. Full path to the file should be 14362a52023Schristos * used since working directory may change when wpa_supplicant is run 14462a52023Schristos * in the background. 14562a52023Schristos * 14662a52023Schristos * Windows certificate store can be used by leaving client_cert out and 14762a52023Schristos * configuring private_key in one of the following formats: 14862a52023Schristos * 14962a52023Schristos * cert://substring_to_match 15062a52023Schristos * 15162a52023Schristos * hash://certificate_thumbprint_in_hex 15262a52023Schristos * 15362a52023Schristos * For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" 15462a52023Schristos * 15562a52023Schristos * Note that when running wpa_supplicant as an application, the user 15662a52023Schristos * certificate store (My user account) is used, whereas computer store 15762a52023Schristos * (Computer account) is used when running wpasvc as a service. 15862a52023Schristos * 15962a52023Schristos * Alternatively, a named configuration blob can be used by setting 16062a52023Schristos * this to blob://blob_name. 16162a52023Schristos */ 16262a52023Schristos char *private_key; 16362a52023Schristos 16462a52023Schristos /** 16562a52023Schristos * private_key_passwd - Password for private key file 16662a52023Schristos */ 16762a52023Schristos char *private_key_passwd; 16862a52023Schristos 16962a52023Schristos /** 17062a52023Schristos * imsi - IMSI in <MCC> | <MNC> | '-' | <MSIN> format 17162a52023Schristos */ 17262a52023Schristos char *imsi; 17362a52023Schristos 17462a52023Schristos /** 17562a52023Schristos * milenage - Milenage parameters for SIM/USIM simulator in 17662a52023Schristos * <Ki>:<OPc>:<SQN> format 17762a52023Schristos */ 17862a52023Schristos char *milenage; 17962a52023Schristos 18062a52023Schristos /** 18136d97821Schristos * domain_suffix_match - Constraint for server domain name 18236d97821Schristos * 18336d97821Schristos * If set, this FQDN is used as a suffix match requirement for the AAA 18436d97821Schristos * server certificate in SubjectAltName dNSName element(s). If a 18536d97821Schristos * matching dNSName is found, this constraint is met. If no dNSName 1869a53cbbeSchristos * values are present, this constraint is matched against SubjectName CN 18736d97821Schristos * using same suffix match comparison. Suffix match here means that the 18836d97821Schristos * host/domain name is compared one label at a time starting from the 18936d97821Schristos * top-level domain and all the labels in @domain_suffix_match shall be 19036d97821Schristos * included in the certificate. The certificate may include additional 19136d97821Schristos * sub-level labels in addition to the required labels. 19236d97821Schristos * 19336d97821Schristos * For example, domain_suffix_match=example.com would match 19436d97821Schristos * test.example.com but would not match test-example.com. 19536d97821Schristos */ 19636d97821Schristos char *domain_suffix_match; 19736d97821Schristos 19836d97821Schristos /** 19936d97821Schristos * domain - Home service provider FQDN(s) 20062a52023Schristos * 20162a52023Schristos * This is used to compare against the Domain Name List to figure out 20236d97821Schristos * whether the AP is operated by the Home SP. Multiple domain entries 20336d97821Schristos * can be used to configure alternative FQDNs that will be considered 20436d97821Schristos * home networks. 20562a52023Schristos */ 20636d97821Schristos char **domain; 20736d97821Schristos 20836d97821Schristos /** 20936d97821Schristos * num_domain - Number of FQDNs in the domain array 21036d97821Schristos */ 21136d97821Schristos size_t num_domain; 21262a52023Schristos 21362a52023Schristos /** 21462a52023Schristos * roaming_consortium - Roaming Consortium OI 21562a52023Schristos * 21662a52023Schristos * If roaming_consortium_len is non-zero, this field contains the 21762a52023Schristos * Roaming Consortium OI that can be used to determine which access 21862a52023Schristos * points support authentication with this credential. This is an 21962a52023Schristos * alternative to the use of the realm parameter. When using Roaming 22062a52023Schristos * Consortium to match the network, the EAP parameters need to be 22162a52023Schristos * pre-configured with the credential since the NAI Realm information 22262a52023Schristos * may not be available or fetched. 22362a52023Schristos */ 22462a52023Schristos u8 roaming_consortium[15]; 22562a52023Schristos 22662a52023Schristos /** 22762a52023Schristos * roaming_consortium_len - Length of roaming_consortium 22862a52023Schristos */ 22962a52023Schristos size_t roaming_consortium_len; 23062a52023Schristos 231ebb5671cSchristos /** 232ebb5671cSchristos * required_roaming_consortium - Required Roaming Consortium OI 233ebb5671cSchristos * 234ebb5671cSchristos * If required_roaming_consortium_len is non-zero, this field contains 235ebb5671cSchristos * the Roaming Consortium OI that is required to be advertised by the AP 236ebb5671cSchristos * for the credential to be considered matching. 237ebb5671cSchristos */ 23836d97821Schristos u8 required_roaming_consortium[15]; 239ebb5671cSchristos 240ebb5671cSchristos /** 241ebb5671cSchristos * required_roaming_consortium_len - Length of required_roaming_consortium 242ebb5671cSchristos */ 24336d97821Schristos size_t required_roaming_consortium_len; 24436d97821Schristos 24562a52023Schristos /** 246ebb5671cSchristos * roaming_consortiums - Roaming Consortium OI(s) memberships 247ebb5671cSchristos * 248ebb5671cSchristos * This field contains one or more OIs identifying the roaming 249ebb5671cSchristos * consortiums of which the provider is a member. The list is sorted 250ebb5671cSchristos * from the most preferred one to the least preferred one. A match 251ebb5671cSchristos * between the Roaming Consortium OIs advertised by an AP and the OIs 252ebb5671cSchristos * in this list indicates that successful authentication is possible. 253ebb5671cSchristos * (Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI) 254ebb5671cSchristos */ 255ebb5671cSchristos u8 roaming_consortiums[MAX_ROAMING_CONS][MAX_ROAMING_CONS_OI_LEN]; 256ebb5671cSchristos 257ebb5671cSchristos /** 258ebb5671cSchristos * roaming_consortiums_len - Length on roaming_consortiums[i] 259ebb5671cSchristos */ 260ebb5671cSchristos size_t roaming_consortiums_len[MAX_ROAMING_CONS]; 261ebb5671cSchristos 262ebb5671cSchristos /** 263ebb5671cSchristos * num_roaming_consortiums - Number of entries in roaming_consortiums 264ebb5671cSchristos */ 265ebb5671cSchristos unsigned int num_roaming_consortiums; 266ebb5671cSchristos 267ebb5671cSchristos /** 26862a52023Schristos * eap_method - EAP method to use 26962a52023Schristos * 27062a52023Schristos * Pre-configured EAP method to use with this credential or %NULL to 27162a52023Schristos * indicate no EAP method is selected, i.e., the method will be 27262a52023Schristos * selected automatically based on ANQP information. 27362a52023Schristos */ 27462a52023Schristos struct eap_method_type *eap_method; 27562a52023Schristos 27662a52023Schristos /** 27762a52023Schristos * phase1 - Phase 1 (outer authentication) parameters 27862a52023Schristos * 27962a52023Schristos * Pre-configured EAP parameters or %NULL. 28062a52023Schristos */ 28162a52023Schristos char *phase1; 28262a52023Schristos 28362a52023Schristos /** 28462a52023Schristos * phase2 - Phase 2 (inner authentication) parameters 28562a52023Schristos * 28662a52023Schristos * Pre-configured EAP parameters or %NULL. 28762a52023Schristos */ 28862a52023Schristos char *phase2; 28962a52023Schristos 29062a52023Schristos struct excluded_ssid { 291928750b6Schristos u8 ssid[SSID_MAX_LEN]; 29262a52023Schristos size_t ssid_len; 29362a52023Schristos } *excluded_ssid; 29462a52023Schristos size_t num_excluded_ssid; 29536d97821Schristos 29636d97821Schristos struct roaming_partner { 29736d97821Schristos char fqdn[128]; 29836d97821Schristos int exact_match; 29936d97821Schristos u8 priority; 30036d97821Schristos char country[3]; 30136d97821Schristos } *roaming_partner; 30236d97821Schristos size_t num_roaming_partner; 30336d97821Schristos 30436d97821Schristos int update_identifier; 30536d97821Schristos 30636d97821Schristos /** 30736d97821Schristos * provisioning_sp - FQDN of the SP that provisioned the credential 30836d97821Schristos */ 30936d97821Schristos char *provisioning_sp; 31036d97821Schristos 31136d97821Schristos /** 31236d97821Schristos * sp_priority - Credential priority within a provisioning SP 31336d97821Schristos * 31436d97821Schristos * This is the priority of the credential among all credentials 31536d97821Schristos * provisionined by the same SP (i.e., for entries that have identical 31636d97821Schristos * provisioning_sp value). The range of this priority is 0-255 with 0 31736d97821Schristos * being the highest and 255 the lower priority. 31836d97821Schristos */ 31936d97821Schristos int sp_priority; 32036d97821Schristos 32136d97821Schristos unsigned int min_dl_bandwidth_home; 32236d97821Schristos unsigned int min_ul_bandwidth_home; 32336d97821Schristos unsigned int min_dl_bandwidth_roaming; 32436d97821Schristos unsigned int min_ul_bandwidth_roaming; 32536d97821Schristos 32636d97821Schristos /** 32736d97821Schristos * max_bss_load - Maximum BSS Load Channel Utilization (1..255) 32836d97821Schristos * This value is used as the maximum channel utilization for network 32936d97821Schristos * selection purposes for home networks. If the AP does not advertise 33036d97821Schristos * BSS Load or if the limit would prevent any connection, this 33136d97821Schristos * constraint will be ignored. 33236d97821Schristos */ 33336d97821Schristos unsigned int max_bss_load; 33436d97821Schristos 33536d97821Schristos unsigned int num_req_conn_capab; 33636d97821Schristos u8 *req_conn_capab_proto; 33736d97821Schristos int **req_conn_capab_port; 33836d97821Schristos 33936d97821Schristos /** 34036d97821Schristos * ocsp - Whether to use/require OCSP to check server certificate 34136d97821Schristos * 34236d97821Schristos * 0 = do not use OCSP stapling (TLS certificate status extension) 34336d97821Schristos * 1 = try to use OCSP stapling, but not require response 34436d97821Schristos * 2 = require valid OCSP stapling response 34536d97821Schristos */ 34636d97821Schristos int ocsp; 34736d97821Schristos 34836d97821Schristos /** 34936d97821Schristos * sim_num - User selected SIM identifier 35036d97821Schristos * 35136d97821Schristos * This variable is used for identifying which SIM is used if the system 35236d97821Schristos * has more than one. 35336d97821Schristos */ 35436d97821Schristos int sim_num; 35562a52023Schristos }; 3568dbcf02cSchristos 3578dbcf02cSchristos 35842669be3Schristos #define CFG_CHANGED_DEVICE_NAME BIT(0) 35942669be3Schristos #define CFG_CHANGED_CONFIG_METHODS BIT(1) 36042669be3Schristos #define CFG_CHANGED_DEVICE_TYPE BIT(2) 36142669be3Schristos #define CFG_CHANGED_OS_VERSION BIT(3) 36242669be3Schristos #define CFG_CHANGED_UUID BIT(4) 36342669be3Schristos #define CFG_CHANGED_COUNTRY BIT(5) 36442669be3Schristos #define CFG_CHANGED_SEC_DEVICE_TYPE BIT(6) 36542669be3Schristos #define CFG_CHANGED_P2P_SSID_POSTFIX BIT(7) 36642669be3Schristos #define CFG_CHANGED_WPS_STRING BIT(8) 36742669be3Schristos #define CFG_CHANGED_P2P_INTRA_BSS BIT(9) 36842669be3Schristos #define CFG_CHANGED_VENDOR_EXTENSION BIT(10) 36942669be3Schristos #define CFG_CHANGED_P2P_LISTEN_CHANNEL BIT(11) 37042669be3Schristos #define CFG_CHANGED_P2P_OPER_CHANNEL BIT(12) 37142669be3Schristos #define CFG_CHANGED_P2P_PREF_CHAN BIT(13) 37262a52023Schristos #define CFG_CHANGED_EXT_PW_BACKEND BIT(14) 37336d97821Schristos #define CFG_CHANGED_NFC_PASSWORD_TOKEN BIT(15) 37436d97821Schristos #define CFG_CHANGED_P2P_PASSPHRASE_LEN BIT(16) 375928750b6Schristos #define CFG_CHANGED_SCHED_SCAN_PLANS BIT(17) 376ebb5671cSchristos #define CFG_CHANGED_WOWLAN_TRIGGERS BIT(18) 377*0d69f216Schristos #define CFG_CHANGED_DISABLE_BTM BIT(19) 37842669be3Schristos 3798dbcf02cSchristos /** 3808dbcf02cSchristos * struct wpa_config - wpa_supplicant configuration data 3818dbcf02cSchristos * 3828dbcf02cSchristos * This data structure is presents the per-interface (radio) configuration 3838dbcf02cSchristos * data. In many cases, there is only one struct wpa_config instance, but if 3848dbcf02cSchristos * more than one network interface is being controlled, one instance is used 3858dbcf02cSchristos * for each. 3868dbcf02cSchristos */ 3878dbcf02cSchristos struct wpa_config { 3888dbcf02cSchristos /** 3898dbcf02cSchristos * ssid - Head of the global network list 3908dbcf02cSchristos * 3918dbcf02cSchristos * This is the head for the list of all the configured networks. 3928dbcf02cSchristos */ 3938dbcf02cSchristos struct wpa_ssid *ssid; 3948dbcf02cSchristos 3958dbcf02cSchristos /** 3968dbcf02cSchristos * pssid - Per-priority network lists (in priority order) 3978dbcf02cSchristos */ 3988dbcf02cSchristos struct wpa_ssid **pssid; 3998dbcf02cSchristos 4008dbcf02cSchristos /** 4018dbcf02cSchristos * num_prio - Number of different priorities used in the pssid lists 4028dbcf02cSchristos * 4038dbcf02cSchristos * This indicates how many per-priority network lists are included in 4048dbcf02cSchristos * pssid. 4058dbcf02cSchristos */ 4068dbcf02cSchristos int num_prio; 4078dbcf02cSchristos 4088dbcf02cSchristos /** 40962a52023Schristos * cred - Head of the credential list 41062a52023Schristos * 41162a52023Schristos * This is the head for the list of all the configured credentials. 41262a52023Schristos */ 41362a52023Schristos struct wpa_cred *cred; 41462a52023Schristos 41562a52023Schristos /** 4168dbcf02cSchristos * eapol_version - IEEE 802.1X/EAPOL version number 4178dbcf02cSchristos * 4188dbcf02cSchristos * wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which 4198dbcf02cSchristos * defines EAPOL version 2. However, there are many APs that do not 4208dbcf02cSchristos * handle the new version number correctly (they seem to drop the 4218dbcf02cSchristos * frames completely). In order to make wpa_supplicant interoperate 4228dbcf02cSchristos * with these APs, the version number is set to 1 by default. This 4238dbcf02cSchristos * configuration value can be used to set it to the new version (2). 4248dbcf02cSchristos */ 4258dbcf02cSchristos int eapol_version; 4268dbcf02cSchristos 4278dbcf02cSchristos /** 4288dbcf02cSchristos * ap_scan - AP scanning/selection 4298dbcf02cSchristos * 4308dbcf02cSchristos * By default, wpa_supplicant requests driver to perform AP 4318dbcf02cSchristos * scanning and then uses the scan results to select a 4328dbcf02cSchristos * suitable AP. Another alternative is to allow the driver to 4338dbcf02cSchristos * take care of AP scanning and selection and use 4348dbcf02cSchristos * wpa_supplicant just to process EAPOL frames based on IEEE 4358dbcf02cSchristos * 802.11 association information from the driver. 4368dbcf02cSchristos * 4378dbcf02cSchristos * 1: wpa_supplicant initiates scanning and AP selection (default). 4388dbcf02cSchristos * 4398dbcf02cSchristos * 0: Driver takes care of scanning, AP selection, and IEEE 802.11 4408dbcf02cSchristos * association parameters (e.g., WPA IE generation); this mode can 4418dbcf02cSchristos * also be used with non-WPA drivers when using IEEE 802.1X mode; 4428dbcf02cSchristos * do not try to associate with APs (i.e., external program needs 4438dbcf02cSchristos * to control association). This mode must also be used when using 4448dbcf02cSchristos * wired Ethernet drivers. 4458dbcf02cSchristos * 4468dbcf02cSchristos * 2: like 0, but associate with APs using security policy and SSID 4478dbcf02cSchristos * (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS 4488dbcf02cSchristos * drivers to enable operation with hidden SSIDs and optimized roaming; 4498dbcf02cSchristos * in this mode, the network blocks in the configuration are tried 4508dbcf02cSchristos * one by one until the driver reports successful association; each 4518dbcf02cSchristos * network block should have explicit security policy (i.e., only one 4528dbcf02cSchristos * option in the lists) for key_mgmt, pairwise, group, proto variables. 453928750b6Schristos * 454928750b6Schristos * Note: ap_scan=2 should not be used with the nl80211 driver interface 455928750b6Schristos * (the current Linux interface). ap_scan=1 is optimized work working 456928750b6Schristos * with nl80211. For finding networks using hidden SSID, scan_ssid=1 in 457928750b6Schristos * the network block can be used with nl80211. 4588dbcf02cSchristos */ 4598dbcf02cSchristos int ap_scan; 4608dbcf02cSchristos 4618dbcf02cSchristos /** 46236d97821Schristos * bgscan - Background scan and roaming parameters or %NULL if none 46336d97821Schristos * 46436d97821Schristos * This is an optional set of parameters for background scanning and 46536d97821Schristos * roaming within a network (ESS). For more detailed information see 46636d97821Schristos * ssid block documentation. 46736d97821Schristos * 46836d97821Schristos * The variable defines default bgscan behavior for all BSS station 46936d97821Schristos * networks except for those which have their own bgscan configuration. 47036d97821Schristos */ 47136d97821Schristos char *bgscan; 47236d97821Schristos 47336d97821Schristos /** 47462a52023Schristos * disable_scan_offload - Disable automatic offloading of scan requests 47562a52023Schristos * 47662a52023Schristos * By default, %wpa_supplicant tries to offload scanning if the driver 47762a52023Schristos * indicates support for this (sched_scan). This configuration 47862a52023Schristos * parameter can be used to disable this offloading mechanism. 47962a52023Schristos */ 48062a52023Schristos int disable_scan_offload; 48162a52023Schristos 48262a52023Schristos /** 4838dbcf02cSchristos * ctrl_interface - Parameters for the control interface 4848dbcf02cSchristos * 4858dbcf02cSchristos * If this is specified, %wpa_supplicant will open a control interface 4868dbcf02cSchristos * that is available for external programs to manage %wpa_supplicant. 4878dbcf02cSchristos * The meaning of this string depends on which control interface 48842669be3Schristos * mechanism is used. For all cases, the existence of this parameter 4898dbcf02cSchristos * in configuration is used to determine whether the control interface 4908dbcf02cSchristos * is enabled. 4918dbcf02cSchristos * 4928dbcf02cSchristos * For UNIX domain sockets (default on Linux and BSD): This is a 4938dbcf02cSchristos * directory that will be created for UNIX domain sockets for listening 4948dbcf02cSchristos * to requests from external programs (CLI/GUI, etc.) for status 4958dbcf02cSchristos * information and configuration. The socket file will be named based 4968dbcf02cSchristos * on the interface name, so multiple %wpa_supplicant processes can be 4978dbcf02cSchristos * run at the same time if more than one interface is used. 4988dbcf02cSchristos * /var/run/wpa_supplicant is the recommended directory for sockets and 4998dbcf02cSchristos * by default, wpa_cli will use it when trying to connect with 5008dbcf02cSchristos * %wpa_supplicant. 5018dbcf02cSchristos * 5028dbcf02cSchristos * Access control for the control interface can be configured 5038dbcf02cSchristos * by setting the directory to allow only members of a group 5048dbcf02cSchristos * to use sockets. This way, it is possible to run 5058dbcf02cSchristos * %wpa_supplicant as root (since it needs to change network 5068dbcf02cSchristos * configuration and open raw sockets) and still allow GUI/CLI 5078dbcf02cSchristos * components to be run as non-root users. However, since the 5088dbcf02cSchristos * control interface can be used to change the network 5098dbcf02cSchristos * configuration, this access needs to be protected in many 5108dbcf02cSchristos * cases. By default, %wpa_supplicant is configured to use gid 5118dbcf02cSchristos * 0 (root). If you want to allow non-root users to use the 5128dbcf02cSchristos * control interface, add a new group and change this value to 5138dbcf02cSchristos * match with that group. Add users that should have control 5148dbcf02cSchristos * interface access to this group. 5158dbcf02cSchristos * 5168dbcf02cSchristos * When configuring both the directory and group, use following format: 5178dbcf02cSchristos * DIR=/var/run/wpa_supplicant GROUP=wheel 5188dbcf02cSchristos * DIR=/var/run/wpa_supplicant GROUP=0 5198dbcf02cSchristos * (group can be either group name or gid) 5208dbcf02cSchristos * 5218dbcf02cSchristos * For UDP connections (default on Windows): The value will be ignored. 5228dbcf02cSchristos * This variable is just used to select that the control interface is 5238dbcf02cSchristos * to be created. The value can be set to, e.g., udp 5248dbcf02cSchristos * (ctrl_interface=udp). 5258dbcf02cSchristos * 5268dbcf02cSchristos * For Windows Named Pipe: This value can be used to set the security 5278dbcf02cSchristos * descriptor for controlling access to the control interface. Security 5288dbcf02cSchristos * descriptor can be set using Security Descriptor String Format (see 5298dbcf02cSchristos * http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). 5308dbcf02cSchristos * The descriptor string needs to be prefixed with SDDL=. For example, 5318dbcf02cSchristos * ctrl_interface=SDDL=D: would set an empty DACL (which will reject 5328dbcf02cSchristos * all connections). 5338dbcf02cSchristos */ 5348dbcf02cSchristos char *ctrl_interface; 5358dbcf02cSchristos 5368dbcf02cSchristos /** 5378dbcf02cSchristos * ctrl_interface_group - Control interface group (DEPRECATED) 5388dbcf02cSchristos * 5398dbcf02cSchristos * This variable is only used for backwards compatibility. Group for 5408dbcf02cSchristos * UNIX domain sockets should now be specified using GROUP=group in 5418dbcf02cSchristos * ctrl_interface variable. 5428dbcf02cSchristos */ 5438dbcf02cSchristos char *ctrl_interface_group; 5448dbcf02cSchristos 5458dbcf02cSchristos /** 5468dbcf02cSchristos * fast_reauth - EAP fast re-authentication (session resumption) 5478dbcf02cSchristos * 5488dbcf02cSchristos * By default, fast re-authentication is enabled for all EAP methods 5498dbcf02cSchristos * that support it. This variable can be used to disable fast 5508dbcf02cSchristos * re-authentication (by setting fast_reauth=0). Normally, there is no 5518dbcf02cSchristos * need to disable fast re-authentication. 5528dbcf02cSchristos */ 5538dbcf02cSchristos int fast_reauth; 5548dbcf02cSchristos 5558dbcf02cSchristos /** 5568dbcf02cSchristos * opensc_engine_path - Path to the OpenSSL engine for opensc 5578dbcf02cSchristos * 5588dbcf02cSchristos * This is an OpenSSL specific configuration option for loading OpenSC 5598dbcf02cSchristos * engine (engine_opensc.so); if %NULL, this engine is not loaded. 5608dbcf02cSchristos */ 5618dbcf02cSchristos char *opensc_engine_path; 5628dbcf02cSchristos 5638dbcf02cSchristos /** 5648dbcf02cSchristos * pkcs11_engine_path - Path to the OpenSSL engine for PKCS#11 5658dbcf02cSchristos * 5668dbcf02cSchristos * This is an OpenSSL specific configuration option for loading PKCS#11 5678dbcf02cSchristos * engine (engine_pkcs11.so); if %NULL, this engine is not loaded. 5688dbcf02cSchristos */ 5698dbcf02cSchristos char *pkcs11_engine_path; 5708dbcf02cSchristos 5718dbcf02cSchristos /** 5728dbcf02cSchristos * pkcs11_module_path - Path to the OpenSSL OpenSC/PKCS#11 module 5738dbcf02cSchristos * 5748dbcf02cSchristos * This is an OpenSSL specific configuration option for configuring 5758dbcf02cSchristos * path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if %NULL, this 5768dbcf02cSchristos * module is not loaded. 5778dbcf02cSchristos */ 5788dbcf02cSchristos char *pkcs11_module_path; 5798dbcf02cSchristos 5808dbcf02cSchristos /** 5819a53cbbeSchristos * openssl_ciphers - OpenSSL cipher string 5829a53cbbeSchristos * 5839a53cbbeSchristos * This is an OpenSSL specific configuration option for configuring the 5849a53cbbeSchristos * default ciphers. If not set, "DEFAULT:!EXP:!LOW" is used as the 5859a53cbbeSchristos * default. 5869a53cbbeSchristos */ 5879a53cbbeSchristos char *openssl_ciphers; 5889a53cbbeSchristos 5899a53cbbeSchristos /** 59062a52023Schristos * pcsc_reader - PC/SC reader name prefix 59162a52023Schristos * 59262a52023Schristos * If not %NULL, PC/SC reader with a name that matches this prefix is 59362a52023Schristos * initialized for SIM/USIM access. Empty string can be used to match 59462a52023Schristos * the first available reader. 59562a52023Schristos */ 59662a52023Schristos char *pcsc_reader; 59762a52023Schristos 59862a52023Schristos /** 59962a52023Schristos * pcsc_pin - PIN for USIM, GSM SIM, and smartcards 60062a52023Schristos * 60162a52023Schristos * This field is used to configure PIN for SIM/USIM for EAP-SIM and 60262a52023Schristos * EAP-AKA. If left out, this will be asked through control interface. 60362a52023Schristos */ 60462a52023Schristos char *pcsc_pin; 60562a52023Schristos 60662a52023Schristos /** 60736d97821Schristos * external_sim - Use external processing for SIM/USIM operations 60836d97821Schristos */ 60936d97821Schristos int external_sim; 61036d97821Schristos 61136d97821Schristos /** 6128dbcf02cSchristos * driver_param - Driver interface parameters 6138dbcf02cSchristos * 6148dbcf02cSchristos * This text string is passed to the selected driver interface with the 6158dbcf02cSchristos * optional struct wpa_driver_ops::set_param() handler. This can be 6168dbcf02cSchristos * used to configure driver specific options without having to add new 6178dbcf02cSchristos * driver interface functionality. 6188dbcf02cSchristos */ 6198dbcf02cSchristos char *driver_param; 6208dbcf02cSchristos 6218dbcf02cSchristos /** 6228dbcf02cSchristos * dot11RSNAConfigPMKLifetime - Maximum lifetime of a PMK 6238dbcf02cSchristos * 6248dbcf02cSchristos * dot11 MIB variable for the maximum lifetime of a PMK in the PMK 6258dbcf02cSchristos * cache (unit: seconds). 6268dbcf02cSchristos */ 6278dbcf02cSchristos unsigned int dot11RSNAConfigPMKLifetime; 6288dbcf02cSchristos 6298dbcf02cSchristos /** 6308dbcf02cSchristos * dot11RSNAConfigPMKReauthThreshold - PMK re-authentication threshold 6318dbcf02cSchristos * 6328dbcf02cSchristos * dot11 MIB variable for the percentage of the PMK lifetime 6338dbcf02cSchristos * that should expire before an IEEE 802.1X reauthentication occurs. 6348dbcf02cSchristos */ 6358dbcf02cSchristos unsigned int dot11RSNAConfigPMKReauthThreshold; 6368dbcf02cSchristos 6378dbcf02cSchristos /** 6388dbcf02cSchristos * dot11RSNAConfigSATimeout - Security association timeout 6398dbcf02cSchristos * 6408dbcf02cSchristos * dot11 MIB variable for the maximum time a security association 6418dbcf02cSchristos * shall take to set up (unit: seconds). 6428dbcf02cSchristos */ 6438dbcf02cSchristos unsigned int dot11RSNAConfigSATimeout; 6448dbcf02cSchristos 6458dbcf02cSchristos /** 6468dbcf02cSchristos * update_config - Is wpa_supplicant allowed to update configuration 6478dbcf02cSchristos * 6488dbcf02cSchristos * This variable control whether wpa_supplicant is allow to re-write 6498dbcf02cSchristos * its configuration with wpa_config_write(). If this is zero, 6508dbcf02cSchristos * configuration data is only changed in memory and the external data 6518dbcf02cSchristos * is not overriden. If this is non-zero, wpa_supplicant will update 6528dbcf02cSchristos * the configuration data (e.g., a file) whenever configuration is 6538dbcf02cSchristos * changed. This update may replace the old configuration which can 6548dbcf02cSchristos * remove comments from it in case of a text file configuration. 6558dbcf02cSchristos */ 6568dbcf02cSchristos int update_config; 6578dbcf02cSchristos 6588dbcf02cSchristos /** 6598dbcf02cSchristos * blobs - Configuration blobs 6608dbcf02cSchristos */ 6618dbcf02cSchristos struct wpa_config_blob *blobs; 6628dbcf02cSchristos 6638dbcf02cSchristos /** 6648dbcf02cSchristos * uuid - Universally Unique IDentifier (UUID; see RFC 4122) for WPS 6658dbcf02cSchristos */ 6668dbcf02cSchristos u8 uuid[16]; 6678dbcf02cSchristos 6688dbcf02cSchristos /** 669ebb5671cSchristos * auto_uuid - Automatic UUID behavior 670ebb5671cSchristos * 0 = generate static value based on the local MAC address (default) 671ebb5671cSchristos * 1 = generate a random UUID every time wpa_supplicant starts 672ebb5671cSchristos */ 673ebb5671cSchristos int auto_uuid; 674ebb5671cSchristos 675ebb5671cSchristos /** 6768dbcf02cSchristos * device_name - Device Name (WPS) 6778dbcf02cSchristos * User-friendly description of device; up to 32 octets encoded in 6788dbcf02cSchristos * UTF-8 6798dbcf02cSchristos */ 6808dbcf02cSchristos char *device_name; 6818dbcf02cSchristos 6828dbcf02cSchristos /** 6838dbcf02cSchristos * manufacturer - Manufacturer (WPS) 6848dbcf02cSchristos * The manufacturer of the device (up to 64 ASCII characters) 6858dbcf02cSchristos */ 6868dbcf02cSchristos char *manufacturer; 6878dbcf02cSchristos 6888dbcf02cSchristos /** 6898dbcf02cSchristos * model_name - Model Name (WPS) 6908dbcf02cSchristos * Model of the device (up to 32 ASCII characters) 6918dbcf02cSchristos */ 6928dbcf02cSchristos char *model_name; 6938dbcf02cSchristos 6948dbcf02cSchristos /** 6958dbcf02cSchristos * model_number - Model Number (WPS) 6968dbcf02cSchristos * Additional device description (up to 32 ASCII characters) 6978dbcf02cSchristos */ 6988dbcf02cSchristos char *model_number; 6998dbcf02cSchristos 7008dbcf02cSchristos /** 7018dbcf02cSchristos * serial_number - Serial Number (WPS) 7028dbcf02cSchristos * Serial number of the device (up to 32 characters) 7038dbcf02cSchristos */ 7048dbcf02cSchristos char *serial_number; 7058dbcf02cSchristos 7068dbcf02cSchristos /** 7078dbcf02cSchristos * device_type - Primary Device Type (WPS) 7088dbcf02cSchristos */ 70942669be3Schristos u8 device_type[WPS_DEV_TYPE_LEN]; 7108dbcf02cSchristos 7118dbcf02cSchristos /** 7128dbcf02cSchristos * config_methods - Config Methods 7138dbcf02cSchristos * 7148dbcf02cSchristos * This is a space-separated list of supported WPS configuration 71542669be3Schristos * methods. For example, "label virtual_display virtual_push_button 71642669be3Schristos * keypad". 7178dbcf02cSchristos * Available methods: usba ethernet label display ext_nfc_token 71842669be3Schristos * int_nfc_token nfc_interface push_button keypad 71942669be3Schristos * virtual_display physical_display 72042669be3Schristos * virtual_push_button physical_push_button. 7218dbcf02cSchristos */ 7228dbcf02cSchristos char *config_methods; 7238dbcf02cSchristos 7248dbcf02cSchristos /** 7258dbcf02cSchristos * os_version - OS Version (WPS) 7268dbcf02cSchristos * 4-octet operating system version number 7278dbcf02cSchristos */ 7288dbcf02cSchristos u8 os_version[4]; 7298dbcf02cSchristos 7308dbcf02cSchristos /** 7318dbcf02cSchristos * country - Country code 7328dbcf02cSchristos * 7338dbcf02cSchristos * This is the ISO/IEC alpha2 country code for which we are operating 7348dbcf02cSchristos * in 7358dbcf02cSchristos */ 7368dbcf02cSchristos char country[2]; 7378dbcf02cSchristos 7388dbcf02cSchristos /** 7398dbcf02cSchristos * wps_cred_processing - Credential processing 7408dbcf02cSchristos * 7418dbcf02cSchristos * 0 = process received credentials internally 7428dbcf02cSchristos * 1 = do not process received credentials; just pass them over 7438dbcf02cSchristos * ctrl_iface to external program(s) 7448dbcf02cSchristos * 2 = process received credentials internally and pass them over 7458dbcf02cSchristos * ctrl_iface to external program(s) 7468dbcf02cSchristos */ 7478dbcf02cSchristos int wps_cred_processing; 7488dbcf02cSchristos 749*0d69f216Schristos /** 750*0d69f216Schristos * wps_cred_add_sae - Whether to enable SAE automatically for WPS 751*0d69f216Schristos * 752*0d69f216Schristos * 0 = only add the explicitly listed WPA2-PSK configuration 753*0d69f216Schristos * 1 = add both the WPA2-PSK and SAE configuration and enable PMF so 754*0d69f216Schristos * that the station gets configured in WPA3-Personal transition mode 755*0d69f216Schristos * (supports both WPA2-Personal (PSK) and WPA3-Personal (SAE) APs). 756*0d69f216Schristos */ 757*0d69f216Schristos int wps_cred_add_sae; 758*0d69f216Schristos 75942669be3Schristos #define MAX_SEC_DEVICE_TYPES 5 76042669be3Schristos /** 76142669be3Schristos * sec_device_types - Secondary Device Types (P2P) 76242669be3Schristos */ 76342669be3Schristos u8 sec_device_type[MAX_SEC_DEVICE_TYPES][WPS_DEV_TYPE_LEN]; 76442669be3Schristos int num_sec_device_types; 76542669be3Schristos 76642669be3Schristos int p2p_listen_reg_class; 76742669be3Schristos int p2p_listen_channel; 76842669be3Schristos int p2p_oper_reg_class; 76942669be3Schristos int p2p_oper_channel; 77042669be3Schristos int p2p_go_intent; 77142669be3Schristos char *p2p_ssid_postfix; 77242669be3Schristos int persistent_reconnect; 77342669be3Schristos int p2p_intra_bss; 77442669be3Schristos unsigned int num_p2p_pref_chan; 77542669be3Schristos struct p2p_channel *p2p_pref_chan; 77636d97821Schristos struct wpa_freq_range_list p2p_no_go_freq; 77736d97821Schristos int p2p_add_cli_chan; 77836d97821Schristos int p2p_ignore_shared_freq; 77936d97821Schristos int p2p_optimize_listen_chan; 78042669be3Schristos 78162a52023Schristos struct wpabuf *wps_vendor_ext_m1; 78262a52023Schristos 78342669be3Schristos #define MAX_WPS_VENDOR_EXT 10 78442669be3Schristos /** 78542669be3Schristos * wps_vendor_ext - Vendor extension attributes in WPS 78642669be3Schristos */ 78742669be3Schristos struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXT]; 78842669be3Schristos 78942669be3Schristos /** 79042669be3Schristos * p2p_group_idle - Maximum idle time in seconds for P2P group 79142669be3Schristos * 79242669be3Schristos * This value controls how long a P2P group is maintained after there 79342669be3Schristos * is no other members in the group. As a GO, this means no associated 79442669be3Schristos * stations in the group. As a P2P client, this means no GO seen in 79542669be3Schristos * scan results. The maximum idle time is specified in seconds with 0 79642669be3Schristos * indicating no time limit, i.e., the P2P group remains in active 79742669be3Schristos * state indefinitely until explicitly removed. As a P2P client, the 79842669be3Schristos * maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e., 79942669be3Schristos * this parameter is mainly meant for GO use and for P2P client, it can 80062a52023Schristos * only be used to reduce the default timeout to smaller value. A 80162a52023Schristos * special value -1 can be used to configure immediate removal of the 80262a52023Schristos * group for P2P client role on any disconnection after the data 80362a52023Schristos * connection has been established. 80442669be3Schristos */ 80562a52023Schristos int p2p_group_idle; 80642669be3Schristos 8078dbcf02cSchristos /** 808928750b6Schristos * p2p_go_freq_change_policy - The GO frequency change policy 809928750b6Schristos * 810928750b6Schristos * This controls the behavior of the GO when there is a change in the 811928750b6Schristos * map of the currently used frequencies in case more than one channel 812928750b6Schristos * is supported. 813928750b6Schristos * 814928750b6Schristos * @P2P_GO_FREQ_MOVE_SCM: Prefer working in a single channel mode if 815928750b6Schristos * possible. In case the GO is the only interface using its frequency 816928750b6Schristos * and there are other station interfaces on other frequencies, the GO 817928750b6Schristos * will migrate to one of these frequencies. 818928750b6Schristos * 819928750b6Schristos * @P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS: Same as P2P_GO_FREQ_MOVE_SCM, 820928750b6Schristos * but a transition is possible only in case one of the other used 821928750b6Schristos * frequencies is one of the frequencies in the intersection of the 822928750b6Schristos * frequency list of the local device and the peer device. 823928750b6Schristos * 824928750b6Schristos * @P2P_GO_FREQ_MOVE_STAY: Prefer to stay on the current frequency. 825928750b6Schristos * 826928750b6Schristos * @P2P_GO_FREQ_MOVE_SCM_ECSA: Same as 827928750b6Schristos * P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS but a transition is possible only 828928750b6Schristos * if all the group members advertise eCSA support. 829928750b6Schristos */ 830928750b6Schristos enum { 831928750b6Schristos P2P_GO_FREQ_MOVE_SCM = 0, 832928750b6Schristos P2P_GO_FREQ_MOVE_SCM_PEER_SUPPORTS = 1, 833928750b6Schristos P2P_GO_FREQ_MOVE_STAY = 2, 834928750b6Schristos P2P_GO_FREQ_MOVE_SCM_ECSA = 3, 835928750b6Schristos P2P_GO_FREQ_MOVE_MAX = P2P_GO_FREQ_MOVE_SCM_ECSA, 836928750b6Schristos } p2p_go_freq_change_policy; 837928750b6Schristos 838928750b6Schristos #define DEFAULT_P2P_GO_FREQ_MOVE P2P_GO_FREQ_MOVE_STAY 839928750b6Schristos 840928750b6Schristos /** 84136d97821Schristos * p2p_passphrase_len - Passphrase length (8..63) for P2P GO 84236d97821Schristos * 84336d97821Schristos * This parameter controls the length of the random passphrase that is 84436d97821Schristos * generated at the GO. 84536d97821Schristos */ 84636d97821Schristos unsigned int p2p_passphrase_len; 84736d97821Schristos 84836d97821Schristos /** 8498dbcf02cSchristos * bss_max_count - Maximum number of BSS entries to keep in memory 8508dbcf02cSchristos */ 8518dbcf02cSchristos unsigned int bss_max_count; 8528dbcf02cSchristos 8538dbcf02cSchristos /** 85442669be3Schristos * bss_expiration_age - BSS entry age after which it can be expired 85542669be3Schristos * 85642669be3Schristos * This value controls the time in seconds after which a BSS entry 85742669be3Schristos * gets removed if it has not been updated or is not in use. 85842669be3Schristos */ 85942669be3Schristos unsigned int bss_expiration_age; 86042669be3Schristos 86142669be3Schristos /** 86242669be3Schristos * bss_expiration_scan_count - Expire BSS after number of scans 86342669be3Schristos * 86442669be3Schristos * If the BSS entry has not been seen in this many scans, it will be 86542669be3Schristos * removed. A value of 1 means that entry is removed after the first 86642669be3Schristos * scan in which the BSSID is not seen. Larger values can be used 86742669be3Schristos * to avoid BSS entries disappearing if they are not visible in 86842669be3Schristos * every scan (e.g., low signal quality or interference). 86942669be3Schristos */ 87042669be3Schristos unsigned int bss_expiration_scan_count; 87142669be3Schristos 87242669be3Schristos /** 8738dbcf02cSchristos * filter_ssids - SSID-based scan result filtering 8748dbcf02cSchristos * 8758dbcf02cSchristos * 0 = do not filter scan results 8768dbcf02cSchristos * 1 = only include configured SSIDs in scan results/BSS table 8778dbcf02cSchristos */ 8788dbcf02cSchristos int filter_ssids; 87942669be3Schristos 88042669be3Schristos /** 88162a52023Schristos * filter_rssi - RSSI-based scan result filtering 88262a52023Schristos * 88362a52023Schristos * 0 = do not filter scan results 88462a52023Schristos * -n = filter scan results below -n dBm 88562a52023Schristos */ 88662a52023Schristos int filter_rssi; 88762a52023Schristos 88862a52023Schristos /** 88942669be3Schristos * max_num_sta - Maximum number of STAs in an AP/P2P GO 89042669be3Schristos */ 89142669be3Schristos unsigned int max_num_sta; 89242669be3Schristos 89342669be3Schristos /** 894ebb5671cSchristos * ap_isolate - Whether to use client isolation feature 895ebb5671cSchristos * 896ebb5671cSchristos * Client isolation can be used to prevent low-level bridging of 897ebb5671cSchristos * frames between associated stations in the BSS. By default, 898ebb5671cSchristos * this bridging is allowed (ap_isolate=0); except in P2P GO case, 899ebb5671cSchristos * where p2p_intra_bss parameter is used to determine whether to allow 900ebb5671cSchristos * intra-BSS forwarding (ap_isolate = !p2p_intra_bss). 901ebb5671cSchristos * 902ebb5671cSchristos * 0 = do not enable AP isolation 903ebb5671cSchristos * 1 = enable AP isolation 904ebb5671cSchristos */ 905ebb5671cSchristos int ap_isolate; 906ebb5671cSchristos 907ebb5671cSchristos /** 90836d97821Schristos * freq_list - Array of allowed scan frequencies or %NULL for all 90936d97821Schristos * 91036d97821Schristos * This is an optional zero-terminated array of frequencies in 91136d97821Schristos * megahertz (MHz) to allow for narrowing scanning range. 91236d97821Schristos */ 91336d97821Schristos int *freq_list; 91436d97821Schristos 91536d97821Schristos /** 91636d97821Schristos * scan_cur_freq - Whether to scan only the current channel 91736d97821Schristos * 91836d97821Schristos * If true, attempt to scan only the current channel if any other 91936d97821Schristos * VIFs on this radio are already associated on a particular channel. 92036d97821Schristos */ 92136d97821Schristos int scan_cur_freq; 92236d97821Schristos 92336d97821Schristos /** 92442669be3Schristos * changed_parameters - Bitmap of changed parameters since last update 92542669be3Schristos */ 92642669be3Schristos unsigned int changed_parameters; 92742669be3Schristos 92842669be3Schristos /** 929ebb5671cSchristos * disassoc_low_ack - Disassociate stations with massive packet loss 93042669be3Schristos */ 93142669be3Schristos int disassoc_low_ack; 93242669be3Schristos 93342669be3Schristos /** 93442669be3Schristos * interworking - Whether Interworking (IEEE 802.11u) is enabled 93542669be3Schristos */ 93642669be3Schristos int interworking; 93742669be3Schristos 93842669be3Schristos /** 93942669be3Schristos * access_network_type - Access Network Type 94042669be3Schristos * 94142669be3Schristos * When Interworking is enabled, scans will be limited to APs that 94242669be3Schristos * advertise the specified Access Network Type (0..15; with 15 94342669be3Schristos * indicating wildcard match). 94442669be3Schristos */ 94542669be3Schristos int access_network_type; 94642669be3Schristos 94742669be3Schristos /** 948ebb5671cSchristos * go_interworking - Whether Interworking for P2P GO is enabled 949ebb5671cSchristos */ 950ebb5671cSchristos int go_interworking; 951ebb5671cSchristos 952ebb5671cSchristos /** 953ebb5671cSchristos * go_access_network_type - P2P GO Access Network Type 954ebb5671cSchristos * 955ebb5671cSchristos * This indicates which access network type to advertise if Interworking 956ebb5671cSchristos * is enabled for P2P GO. 957ebb5671cSchristos */ 958ebb5671cSchristos int go_access_network_type; 959ebb5671cSchristos 960ebb5671cSchristos /** 961ebb5671cSchristos * go_internet - Interworking: Internet connectivity (0 or 1) 962ebb5671cSchristos */ 963ebb5671cSchristos int go_internet; 964ebb5671cSchristos 965ebb5671cSchristos /** 966ebb5671cSchristos * go_venue_group - Interworking: Venue group 967ebb5671cSchristos */ 968ebb5671cSchristos int go_venue_group; 969ebb5671cSchristos 970ebb5671cSchristos /** 971ebb5671cSchristos * go_venue_type: Interworking: Venue type 972ebb5671cSchristos */ 973ebb5671cSchristos int go_venue_type; 974ebb5671cSchristos 975ebb5671cSchristos /** 97642669be3Schristos * hessid - Homogenous ESS identifier 97742669be3Schristos * 97842669be3Schristos * If this is set (any octet is non-zero), scans will be used to 97942669be3Schristos * request response only from BSSes belonging to the specified 98042669be3Schristos * Homogeneous ESS. This is used only if interworking is enabled. 98142669be3Schristos */ 98242669be3Schristos u8 hessid[ETH_ALEN]; 98342669be3Schristos 98442669be3Schristos /** 98562a52023Schristos * hs20 - Hotspot 2.0 98642669be3Schristos */ 98762a52023Schristos int hs20; 98842669be3Schristos 98942669be3Schristos /** 99062a52023Schristos * pbc_in_m1 - AP mode WPS probing workaround for PBC with Windows 7 99162a52023Schristos * 99262a52023Schristos * Windows 7 uses incorrect way of figuring out AP's WPS capabilities 99362a52023Schristos * by acting as a Registrar and using M1 from the AP. The config 99462a52023Schristos * methods attribute in that message is supposed to indicate only the 99562a52023Schristos * configuration method supported by the AP in Enrollee role, i.e., to 99662a52023Schristos * add an external Registrar. For that case, PBC shall not be used and 99762a52023Schristos * as such, the PushButton config method is removed from M1 by default. 99862a52023Schristos * If pbc_in_m1=1 is included in the configuration file, the PushButton 99962a52023Schristos * config method is left in M1 (if included in config_methods 100062a52023Schristos * parameter) to allow Windows 7 to use PBC instead of PIN (e.g., from 100162a52023Schristos * a label in the AP). 100242669be3Schristos */ 100362a52023Schristos int pbc_in_m1; 100442669be3Schristos 100542669be3Schristos /** 100662a52023Schristos * autoscan - Automatic scan parameters or %NULL if none 100762a52023Schristos * 100862a52023Schristos * This is an optional set of parameters for automatic scanning 100962a52023Schristos * within an interface in following format: 101062a52023Schristos * <autoscan module name>:<module parameters> 101142669be3Schristos */ 101262a52023Schristos char *autoscan; 101342669be3Schristos 101442669be3Schristos /** 101536d97821Schristos * wps_nfc_pw_from_config - NFC Device Password was read from config 101636d97821Schristos * 101736d97821Schristos * This parameter can be determined whether the NFC Device Password was 101836d97821Schristos * included in the configuration (1) or generated dynamically (0). Only 101936d97821Schristos * the former case is re-written back to the configuration file. 102036d97821Schristos */ 102136d97821Schristos int wps_nfc_pw_from_config; 102236d97821Schristos 102336d97821Schristos /** 102462a52023Schristos * wps_nfc_dev_pw_id - NFC Device Password ID for password token 102542669be3Schristos */ 102662a52023Schristos int wps_nfc_dev_pw_id; 102742669be3Schristos 102842669be3Schristos /** 102962a52023Schristos * wps_nfc_dh_pubkey - NFC DH Public Key for password token 103042669be3Schristos */ 103162a52023Schristos struct wpabuf *wps_nfc_dh_pubkey; 103242669be3Schristos 103342669be3Schristos /** 103462a52023Schristos * wps_nfc_dh_privkey - NFC DH Private Key for password token 103542669be3Schristos */ 103662a52023Schristos struct wpabuf *wps_nfc_dh_privkey; 103762a52023Schristos 103862a52023Schristos /** 103962a52023Schristos * wps_nfc_dev_pw - NFC Device Password for password token 104062a52023Schristos */ 104162a52023Schristos struct wpabuf *wps_nfc_dev_pw; 104262a52023Schristos 104362a52023Schristos /** 104462a52023Schristos * ext_password_backend - External password backend or %NULL if none 104562a52023Schristos * 104662a52023Schristos * format: <backend name>[:<optional backend parameters>] 104762a52023Schristos */ 104862a52023Schristos char *ext_password_backend; 104962a52023Schristos 105062a52023Schristos /* 105162a52023Schristos * p2p_go_max_inactivity - Timeout in seconds to detect STA inactivity 105262a52023Schristos * 105362a52023Schristos * This timeout value is used in P2P GO mode to clean up 105462a52023Schristos * inactive stations. 105562a52023Schristos * By default: 300 seconds. 105662a52023Schristos */ 105762a52023Schristos int p2p_go_max_inactivity; 105862a52023Schristos 105962a52023Schristos struct hostapd_wmm_ac_params wmm_ac_params[4]; 106062a52023Schristos 106162a52023Schristos /** 106262a52023Schristos * auto_interworking - Whether to use network selection automatically 106362a52023Schristos * 106462a52023Schristos * 0 = do not automatically go through Interworking network selection 106562a52023Schristos * (i.e., require explicit interworking_select command for this) 106662a52023Schristos * 1 = perform Interworking network selection if one or more 106762a52023Schristos * credentials have been configured and scan did not find a 106862a52023Schristos * matching network block 106962a52023Schristos */ 107062a52023Schristos int auto_interworking; 107162a52023Schristos 107262a52023Schristos /** 107362a52023Schristos * p2p_go_ht40 - Default mode for HT40 enable when operating as GO. 107462a52023Schristos * 107562a52023Schristos * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. 107662a52023Schristos * Note that regulatory constraints and driver capabilities are 107762a52023Schristos * consulted anyway, so setting it to 1 can't do real harm. 107862a52023Schristos * By default: 0 (disabled) 107962a52023Schristos */ 108062a52023Schristos int p2p_go_ht40; 108162a52023Schristos 108262a52023Schristos /** 108336d97821Schristos * p2p_go_vht - Default mode for VHT enable when operating as GO 108436d97821Schristos * 108536d97821Schristos * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. 108636d97821Schristos * Note that regulatory constraints and driver capabilities are 108736d97821Schristos * consulted anyway, so setting it to 1 can't do real harm. 108836d97821Schristos * By default: 0 (disabled) 108936d97821Schristos */ 109036d97821Schristos int p2p_go_vht; 109136d97821Schristos 109236d97821Schristos /** 1093*0d69f216Schristos * p2p_go_he - Default mode for 11ax HE enable when operating as GO 1094*0d69f216Schristos * 1095*0d69f216Schristos * This will take effect for p2p_group_add, p2p_connect, and p2p_invite. 1096*0d69f216Schristos * Note that regulatory constraints and driver capabilities are 1097*0d69f216Schristos * consulted anyway, so setting it to 1 can't do real harm. 1098*0d69f216Schristos * By default: 0 (disabled) 1099*0d69f216Schristos */ 1100*0d69f216Schristos int p2p_go_he; 1101*0d69f216Schristos 1102*0d69f216Schristos /** 11039a53cbbeSchristos * p2p_go_ctwindow - CTWindow to use when operating as GO 11049a53cbbeSchristos * 11059a53cbbeSchristos * By default: 0 (no CTWindow). Values 0-127 can be used to indicate 11069a53cbbeSchristos * the length of the CTWindow in TUs. 11079a53cbbeSchristos */ 11089a53cbbeSchristos int p2p_go_ctwindow; 11099a53cbbeSchristos 11109a53cbbeSchristos /** 111162a52023Schristos * p2p_disabled - Whether P2P operations are disabled for this interface 111262a52023Schristos */ 111362a52023Schristos int p2p_disabled; 111462a52023Schristos 111562a52023Schristos /** 111662a52023Schristos * p2p_no_group_iface - Whether group interfaces can be used 111762a52023Schristos * 111862a52023Schristos * By default, wpa_supplicant will create a separate interface for P2P 111962a52023Schristos * group operations if the driver supports this. This functionality can 112062a52023Schristos * be disabled by setting this parameter to 1. In that case, the same 112162a52023Schristos * interface that was used for the P2P management operations is used 112262a52023Schristos * also for the group operation. 112362a52023Schristos */ 112462a52023Schristos int p2p_no_group_iface; 112562a52023Schristos 112662a52023Schristos /** 1127928750b6Schristos * p2p_cli_probe - Enable/disable P2P CLI probe request handling 1128928750b6Schristos * 1129928750b6Schristos * If this parameter is set to 1, a connected P2P Client will receive 1130928750b6Schristos * and handle Probe Request frames. Setting this parameter to 0 1131928750b6Schristos * disables this option. Default value: 0. 1132928750b6Schristos * 1133928750b6Schristos * Note: Setting this property at run time takes effect on the following 1134928750b6Schristos * interface state transition to/from the WPA_COMPLETED state. 1135928750b6Schristos */ 1136928750b6Schristos int p2p_cli_probe; 1137928750b6Schristos 1138928750b6Schristos /** 113962a52023Schristos * okc - Whether to enable opportunistic key caching by default 114062a52023Schristos * 114162a52023Schristos * By default, OKC is disabled unless enabled by the per-network 114262a52023Schristos * proactive_key_caching=1 parameter. okc=1 can be used to change this 114362a52023Schristos * default behavior. 114462a52023Schristos */ 114562a52023Schristos int okc; 114662a52023Schristos 114762a52023Schristos /** 114862a52023Schristos * pmf - Whether to enable/require PMF by default 114962a52023Schristos * 115062a52023Schristos * By default, PMF is disabled unless enabled by the per-network 115162a52023Schristos * ieee80211w=1 or ieee80211w=2 parameter. pmf=1/2 can be used to change 1152928750b6Schristos * this default behavior for RSN network (this is not applicable for 1153928750b6Schristos * non-RSN cases). 115462a52023Schristos */ 115562a52023Schristos enum mfp_options pmf; 115636d97821Schristos 115736d97821Schristos /** 115836d97821Schristos * sae_groups - Preference list of enabled groups for SAE 115936d97821Schristos * 116036d97821Schristos * By default (if this parameter is not set), the mandatory group 19 116136d97821Schristos * (ECC group defined over a 256-bit prime order field) is preferred, 116236d97821Schristos * but other groups are also enabled. If this parameter is set, the 116336d97821Schristos * groups will be tried in the indicated order. 116436d97821Schristos */ 116536d97821Schristos int *sae_groups; 116636d97821Schristos 116736d97821Schristos /** 116836d97821Schristos * dtim_period - Default DTIM period in Beacon intervals 116936d97821Schristos * 117036d97821Schristos * This parameter can be used to set the default value for network 117136d97821Schristos * blocks that do not specify dtim_period. 117236d97821Schristos */ 117336d97821Schristos int dtim_period; 117436d97821Schristos 117536d97821Schristos /** 117636d97821Schristos * beacon_int - Default Beacon interval in TU 117736d97821Schristos * 117836d97821Schristos * This parameter can be used to set the default value for network 117936d97821Schristos * blocks that do not specify beacon_int. 118036d97821Schristos */ 118136d97821Schristos int beacon_int; 118236d97821Schristos 118336d97821Schristos /** 118436d97821Schristos * ap_vendor_elements: Vendor specific elements for Beacon/ProbeResp 118536d97821Schristos * 118636d97821Schristos * This parameter can be used to define additional vendor specific 118736d97821Schristos * elements for Beacon and Probe Response frames in AP/P2P GO mode. The 118836d97821Schristos * format for these element(s) is a hexdump of the raw information 118936d97821Schristos * elements (id+len+payload for one or more elements). 119036d97821Schristos */ 119136d97821Schristos struct wpabuf *ap_vendor_elements; 119236d97821Schristos 119336d97821Schristos /** 119436d97821Schristos * ignore_old_scan_res - Ignore scan results older than request 119536d97821Schristos * 119636d97821Schristos * The driver may have a cache of scan results that makes it return 119736d97821Schristos * information that is older than our scan trigger. This parameter can 119836d97821Schristos * be used to configure such old information to be ignored instead of 119936d97821Schristos * allowing it to update the internal BSS table. 120036d97821Schristos */ 120136d97821Schristos int ignore_old_scan_res; 120236d97821Schristos 120336d97821Schristos /** 120436d97821Schristos * sched_scan_interval - schedule scan interval 120536d97821Schristos */ 120636d97821Schristos unsigned int sched_scan_interval; 120736d97821Schristos 120836d97821Schristos /** 1209ebb5671cSchristos * sched_scan_start_delay - Schedule scan start delay before first scan 1210ebb5671cSchristos * 1211ebb5671cSchristos * Delay (in seconds) before scheduling first scan plan cycle. The 1212ebb5671cSchristos * driver may ignore this parameter and start immediately (or at any 1213ebb5671cSchristos * other time), if this feature is not supported. 1214ebb5671cSchristos */ 1215ebb5671cSchristos unsigned int sched_scan_start_delay; 1216ebb5671cSchristos 1217ebb5671cSchristos /** 121836d97821Schristos * tdls_external_control - External control for TDLS setup requests 121936d97821Schristos * 122036d97821Schristos * Enable TDLS mode where external programs are given the control 122136d97821Schristos * to specify the TDLS link to get established to the driver. The 122236d97821Schristos * driver requests the TDLS setup to the supplicant only for the 122336d97821Schristos * specified TDLS peers. 122436d97821Schristos */ 122536d97821Schristos int tdls_external_control; 122636d97821Schristos 122736d97821Schristos u8 ip_addr_go[4]; 122836d97821Schristos u8 ip_addr_mask[4]; 122936d97821Schristos u8 ip_addr_start[4]; 123036d97821Schristos u8 ip_addr_end[4]; 123136d97821Schristos 123236d97821Schristos /** 123336d97821Schristos * osu_dir - OSU provider information directory 123436d97821Schristos * 123536d97821Schristos * If set, allow FETCH_OSU control interface command to be used to fetch 123636d97821Schristos * OSU provider information into all APs and store the results in this 123736d97821Schristos * directory. 123836d97821Schristos */ 123936d97821Schristos char *osu_dir; 124036d97821Schristos 124136d97821Schristos /** 124236d97821Schristos * wowlan_triggers - Wake-on-WLAN triggers 124336d97821Schristos * 124436d97821Schristos * If set, these wowlan triggers will be configured. 124536d97821Schristos */ 124636d97821Schristos char *wowlan_triggers; 124736d97821Schristos 124836d97821Schristos /** 124936d97821Schristos * p2p_search_delay - Extra delay between concurrent search iterations 125036d97821Schristos * 125136d97821Schristos * Add extra delay (in milliseconds) between search iterations when 125236d97821Schristos * there is a concurrent operation to make p2p_find friendlier to 125336d97821Schristos * concurrent operations by avoiding it from taking 100% of radio 125436d97821Schristos * resources. 125536d97821Schristos */ 125636d97821Schristos unsigned int p2p_search_delay; 125736d97821Schristos 125836d97821Schristos /** 125936d97821Schristos * mac_addr - MAC address policy default 126036d97821Schristos * 126136d97821Schristos * 0 = use permanent MAC address 126236d97821Schristos * 1 = use random MAC address for each ESS connection 126336d97821Schristos * 2 = like 1, but maintain OUI (with local admin bit set) 126436d97821Schristos * 126536d97821Schristos * By default, permanent MAC address is used unless policy is changed by 126636d97821Schristos * the per-network mac_addr parameter. Global mac_addr=1 can be used to 126736d97821Schristos * change this default behavior. 126836d97821Schristos */ 126936d97821Schristos int mac_addr; 127036d97821Schristos 127136d97821Schristos /** 127236d97821Schristos * rand_addr_lifetime - Lifetime of random MAC address in seconds 127336d97821Schristos */ 127436d97821Schristos unsigned int rand_addr_lifetime; 127536d97821Schristos 127636d97821Schristos /** 127736d97821Schristos * preassoc_mac_addr - Pre-association MAC address policy 127836d97821Schristos * 127936d97821Schristos * 0 = use permanent MAC address 128036d97821Schristos * 1 = use random MAC address 128136d97821Schristos * 2 = like 1, but maintain OUI (with local admin bit set) 128236d97821Schristos */ 128336d97821Schristos int preassoc_mac_addr; 12849a53cbbeSchristos 12859a53cbbeSchristos /** 12869a53cbbeSchristos * key_mgmt_offload - Use key management offload 12879a53cbbeSchristos * 12889a53cbbeSchristos * Key management offload should be used if the device supports it. 12899a53cbbeSchristos * Key management offload is the capability of a device operating as 12909a53cbbeSchristos * a station to do the exchange necessary to establish temporal keys 12919a53cbbeSchristos * during initial RSN connection, after roaming, or during a PTK 12929a53cbbeSchristos * rekeying operation. 12939a53cbbeSchristos */ 12949a53cbbeSchristos int key_mgmt_offload; 12959a53cbbeSchristos 12969a53cbbeSchristos /** 12979a53cbbeSchristos * user_mpm - MPM residency 12989a53cbbeSchristos * 12999a53cbbeSchristos * 0: MPM lives in driver. 13009a53cbbeSchristos * 1: wpa_supplicant handles peering and station allocation. 13019a53cbbeSchristos * 13029a53cbbeSchristos * If AMPE or SAE is enabled, the MPM is always in userspace. 13039a53cbbeSchristos */ 13049a53cbbeSchristos int user_mpm; 13059a53cbbeSchristos 13069a53cbbeSchristos /** 13079a53cbbeSchristos * max_peer_links - Maximum number of peer links 13089a53cbbeSchristos * 13099a53cbbeSchristos * Maximum number of mesh peering currently maintained by the STA. 13109a53cbbeSchristos */ 13119a53cbbeSchristos int max_peer_links; 13129a53cbbeSchristos 13139a53cbbeSchristos /** 13149a53cbbeSchristos * cert_in_cb - Whether to include a peer certificate dump in events 13159a53cbbeSchristos * 13169a53cbbeSchristos * This controls whether peer certificates for authentication server and 13179a53cbbeSchristos * its certificate chain are included in EAP peer certificate events. 13189a53cbbeSchristos */ 13199a53cbbeSchristos int cert_in_cb; 13209a53cbbeSchristos 13219a53cbbeSchristos /** 13229a53cbbeSchristos * mesh_max_inactivity - Timeout in seconds to detect STA inactivity 13239a53cbbeSchristos * 13249a53cbbeSchristos * This timeout value is used in mesh STA to clean up inactive stations. 13259a53cbbeSchristos * By default: 300 seconds. 13269a53cbbeSchristos */ 13279a53cbbeSchristos int mesh_max_inactivity; 13289a53cbbeSchristos 13299a53cbbeSchristos /** 1330928750b6Schristos * dot11RSNASAERetransPeriod - Timeout to retransmit SAE Auth frame 1331928750b6Schristos * 1332928750b6Schristos * This timeout value is used in mesh STA to retransmit 1333928750b6Schristos * SAE Authentication frame. 1334928750b6Schristos * By default: 1000 milliseconds. 1335928750b6Schristos */ 1336928750b6Schristos int dot11RSNASAERetransPeriod; 1337928750b6Schristos 1338928750b6Schristos /** 13399a53cbbeSchristos * passive_scan - Whether to force passive scan for network connection 13409a53cbbeSchristos * 13419a53cbbeSchristos * This parameter can be used to force only passive scanning to be used 13429a53cbbeSchristos * for network connection cases. It should be noted that this will slow 13439a53cbbeSchristos * down scan operations and reduce likelihood of finding the AP. In 13449a53cbbeSchristos * addition, some use cases will override this due to functional 13459a53cbbeSchristos * requirements, e.g., for finding an AP that uses hidden SSID 13469a53cbbeSchristos * (scan_ssid=1) or P2P device discovery. 13479a53cbbeSchristos */ 13489a53cbbeSchristos int passive_scan; 13499a53cbbeSchristos 13509a53cbbeSchristos /** 13519a53cbbeSchristos * reassoc_same_bss_optim - Whether to optimize reassoc-to-same-BSS 13529a53cbbeSchristos */ 13539a53cbbeSchristos int reassoc_same_bss_optim; 1354928750b6Schristos 1355928750b6Schristos /** 1356928750b6Schristos * wps_priority - Priority for the networks added through WPS 1357928750b6Schristos * 1358928750b6Schristos * This priority value will be set to each network profile that is added 1359928750b6Schristos * by executing the WPS protocol. 1360928750b6Schristos */ 1361928750b6Schristos int wps_priority; 1362928750b6Schristos 1363928750b6Schristos /** 1364928750b6Schristos * fst_group_id - FST group ID 1365928750b6Schristos */ 1366928750b6Schristos char *fst_group_id; 1367928750b6Schristos 1368928750b6Schristos /** 1369928750b6Schristos * fst_priority - priority of the interface within the FST group 1370928750b6Schristos */ 1371928750b6Schristos int fst_priority; 1372928750b6Schristos 1373928750b6Schristos /** 1374928750b6Schristos * fst_llt - default FST LLT (Link-Lost Timeout) to be used for the 1375928750b6Schristos * interface. 1376928750b6Schristos */ 1377928750b6Schristos int fst_llt; 1378928750b6Schristos 1379928750b6Schristos /** 1380928750b6Schristos * wpa_rsc_relaxation - RSC relaxation on GTK installation 1381928750b6Schristos * 1382928750b6Schristos * Values: 1383928750b6Schristos * 0 - use the EAPOL-Key RSC value on GTK installation 1384928750b6Schristos * 1 - use the null RSC if a bogus RSC value is detected in message 3 1385928750b6Schristos * of 4-Way Handshake or message 1 of Group Key Handshake. 1386928750b6Schristos */ 1387928750b6Schristos int wpa_rsc_relaxation; 1388928750b6Schristos 1389928750b6Schristos /** 1390928750b6Schristos * sched_scan_plans - Scan plans for scheduled scan 1391928750b6Schristos * 1392928750b6Schristos * Each scan plan specifies the interval between scans and the number of 1393928750b6Schristos * iterations. The last scan plan only specifies the scan interval and 1394928750b6Schristos * will be run infinitely. 1395928750b6Schristos * 1396928750b6Schristos * format: <interval:iterations> <interval2:iterations2> ... <interval> 1397928750b6Schristos */ 1398928750b6Schristos char *sched_scan_plans; 1399928750b6Schristos 1400928750b6Schristos #ifdef CONFIG_MBO 1401928750b6Schristos /** 1402928750b6Schristos * non_pref_chan - Non-preferred channels list, separated by spaces. 1403928750b6Schristos * 1404928750b6Schristos * format: op_class:chan:preference:reason<:detail> 1405928750b6Schristos * Detail is optional. 1406928750b6Schristos */ 1407928750b6Schristos char *non_pref_chan; 1408928750b6Schristos 1409928750b6Schristos /** 1410928750b6Schristos * mbo_cell_capa - Cellular capabilities for MBO 1411928750b6Schristos */ 1412928750b6Schristos enum mbo_cellular_capa mbo_cell_capa; 1413ebb5671cSchristos 1414ebb5671cSchristos /** 1415ebb5671cSchristos * disassoc_imminent_rssi_threshold - RSSI threshold of candidate AP 1416ebb5671cSchristos * when disassociation imminent is set. 1417ebb5671cSchristos */ 1418ebb5671cSchristos int disassoc_imminent_rssi_threshold; 1419ebb5671cSchristos 1420ebb5671cSchristos /** 1421ebb5671cSchristos * oce - Enable OCE in STA and/or STA-CFON mode 1422ebb5671cSchristos * - Set BIT(0) to enable OCE in non-AP STA mode 1423ebb5671cSchristos * - Set BIT(1) to enable OCE in STA-CFON mode 1424ebb5671cSchristos */ 1425ebb5671cSchristos unsigned int oce; 1426928750b6Schristos #endif /* CONFIG_MBO */ 1427928750b6Schristos 1428928750b6Schristos /** 1429928750b6Schristos * gas_address3 - GAS Address3 field behavior 1430928750b6Schristos * 1431928750b6Schristos * Values: 1432928750b6Schristos * 0 - P2P specification (Address3 = AP BSSID) 1433928750b6Schristos * 1 = IEEE 802.11 standard compliant (Address3 = Wildcard BSSID when 1434928750b6Schristos * sent to not-associated AP; if associated, AP BSSID) 1435928750b6Schristos */ 1436928750b6Schristos int gas_address3; 1437928750b6Schristos 1438928750b6Schristos /** 1439928750b6Schristos * ftm_responder - Publish FTM (fine timing measurement) 1440928750b6Schristos * responder functionality 1441928750b6Schristos * 1442928750b6Schristos * Values: 1443928750b6Schristos * 0 - do not publish FTM responder functionality (Default) 1444928750b6Schristos * 1 - publish FTM responder functionality in 1445928750b6Schristos * bit 70 of Extended Capabilities element 1446928750b6Schristos * Note, actual FTM responder operation is managed outside 1447928750b6Schristos * wpa_supplicant. 1448928750b6Schristos */ 1449928750b6Schristos int ftm_responder; 1450928750b6Schristos 1451928750b6Schristos /** 1452928750b6Schristos * ftm_initiator - Publish FTM (fine timing measurement) 1453928750b6Schristos * initiator functionality 1454928750b6Schristos * 1455928750b6Schristos * Values: 1456928750b6Schristos * 0 - do not publish FTM initiator functionality (Default) 1457928750b6Schristos * 1 - publish FTM initiator functionality in 1458928750b6Schristos * bit 71 of Extended Capabilities element 1459928750b6Schristos * Note, actual FTM initiator operation is managed outside 1460928750b6Schristos * wpa_supplicant. 1461928750b6Schristos */ 1462928750b6Schristos int ftm_initiator; 1463ebb5671cSchristos 1464ebb5671cSchristos /** 1465ebb5671cSchristos * gas_rand_addr_lifetime - Lifetime of random MAC address for ANQP in 1466ebb5671cSchristos * seconds 1467ebb5671cSchristos */ 1468ebb5671cSchristos unsigned int gas_rand_addr_lifetime; 1469ebb5671cSchristos 1470ebb5671cSchristos /** 1471ebb5671cSchristos * gas_rand_mac_addr - GAS MAC address policy 1472ebb5671cSchristos * 1473ebb5671cSchristos * 0 = use permanent MAC address 1474ebb5671cSchristos * 1 = use random MAC address 1475ebb5671cSchristos * 2 = like 1, but maintain OUI (with local admin bit set) 1476ebb5671cSchristos */ 1477ebb5671cSchristos int gas_rand_mac_addr; 1478ebb5671cSchristos 1479ebb5671cSchristos /** 1480ebb5671cSchristos * dpp_config_processing - How to process DPP configuration 1481ebb5671cSchristos * 1482ebb5671cSchristos * 0 = report received configuration to an external program for 1483ebb5671cSchristos * processing; do not generate any network profile internally 1484ebb5671cSchristos * 1 = report received configuration to an external program and generate 1485ebb5671cSchristos * a network profile internally, but do not automatically connect 1486ebb5671cSchristos * to the created (disabled) profile; the network profile id is 1487ebb5671cSchristos * reported to external programs 1488ebb5671cSchristos * 2 = report received configuration to an external program, generate 1489ebb5671cSchristos * a network profile internally, try to connect to the created 1490ebb5671cSchristos * profile automatically 1491ebb5671cSchristos */ 1492ebb5671cSchristos int dpp_config_processing; 1493ebb5671cSchristos 1494ebb5671cSchristos /** 1495ebb5671cSchristos * coloc_intf_reporting - Colocated interference reporting 1496ebb5671cSchristos * 1497ebb5671cSchristos * dot11CoLocIntfReportingActivated 1498ebb5671cSchristos * 0 = disabled (false) 1499ebb5671cSchristos * 1 = enabled (true) 1500ebb5671cSchristos */ 1501ebb5671cSchristos int coloc_intf_reporting; 1502*0d69f216Schristos 1503*0d69f216Schristos /** 1504*0d69f216Schristos * p2p_device_random_mac_addr - P2P Device MAC address policy default 1505*0d69f216Schristos * 1506*0d69f216Schristos * 0 = use permanent MAC address 1507*0d69f216Schristos * 1 = use random MAC address on creating the interface if there is no 1508*0d69f216Schristos * persistent groups. 1509*0d69f216Schristos * 1510*0d69f216Schristos * By default, permanent MAC address is used. 1511*0d69f216Schristos */ 1512*0d69f216Schristos int p2p_device_random_mac_addr; 1513*0d69f216Schristos 1514*0d69f216Schristos /** 1515*0d69f216Schristos * p2p_device_persistent_mac_addr - Record last used MAC address 1516*0d69f216Schristos * 1517*0d69f216Schristos * If there are saved persistent groups, P2P cannot generate another 1518*0d69f216Schristos * random MAC address, and need to restore to last used MAC address. 1519*0d69f216Schristos */ 1520*0d69f216Schristos u8 p2p_device_persistent_mac_addr[ETH_ALEN]; 1521*0d69f216Schristos 1522*0d69f216Schristos /** 1523*0d69f216Schristos * p2p_interface_random_mac_addr - P2P Interface MAC address policy default 1524*0d69f216Schristos * 1525*0d69f216Schristos * 0 = use permanent MAC address 1526*0d69f216Schristos * 1 = use random MAC address on creating the interface. 1527*0d69f216Schristos * 1528*0d69f216Schristos * By default, permanent MAC address is used. 1529*0d69f216Schristos */ 1530*0d69f216Schristos int p2p_interface_random_mac_addr; 1531*0d69f216Schristos 1532*0d69f216Schristos /** 1533*0d69f216Schristos * disable_btm - Disable BSS transition management in STA 1534*0d69f216Schristos * - Set to 0 to enable BSS transition management 1535*0d69f216Schristos * - Set to 1 to disable BSS transition management 1536*0d69f216Schristos * 1537*0d69f216Schristos * By default BSS transition management is enabled 1538*0d69f216Schristos */ 1539*0d69f216Schristos int disable_btm; 15408dbcf02cSchristos }; 15418dbcf02cSchristos 15428dbcf02cSchristos 15438dbcf02cSchristos /* Prototypes for common functions from config.c */ 15448dbcf02cSchristos 15458dbcf02cSchristos void wpa_config_free(struct wpa_config *ssid); 15468dbcf02cSchristos void wpa_config_free_ssid(struct wpa_ssid *ssid); 154742669be3Schristos void wpa_config_foreach_network(struct wpa_config *config, 154842669be3Schristos void (*func)(void *, struct wpa_ssid *), 154942669be3Schristos void *arg); 15508dbcf02cSchristos struct wpa_ssid * wpa_config_get_network(struct wpa_config *config, int id); 15518dbcf02cSchristos struct wpa_ssid * wpa_config_add_network(struct wpa_config *config); 15528dbcf02cSchristos int wpa_config_remove_network(struct wpa_config *config, int id); 15538dbcf02cSchristos void wpa_config_set_network_defaults(struct wpa_ssid *ssid); 15548dbcf02cSchristos int wpa_config_set(struct wpa_ssid *ssid, const char *var, const char *value, 15558dbcf02cSchristos int line); 155642669be3Schristos int wpa_config_set_quoted(struct wpa_ssid *ssid, const char *var, 155742669be3Schristos const char *value); 15589a53cbbeSchristos int wpa_config_dump_values(struct wpa_config *config, char *buf, 15599a53cbbeSchristos size_t buflen); 15609a53cbbeSchristos int wpa_config_get_value(const char *name, struct wpa_config *config, 15619a53cbbeSchristos char *buf, size_t buflen); 15629a53cbbeSchristos 15638dbcf02cSchristos char ** wpa_config_get_all(struct wpa_ssid *ssid, int get_keys); 15648dbcf02cSchristos char * wpa_config_get(struct wpa_ssid *ssid, const char *var); 15658dbcf02cSchristos char * wpa_config_get_no_key(struct wpa_ssid *ssid, const char *var); 15668dbcf02cSchristos void wpa_config_update_psk(struct wpa_ssid *ssid); 15678dbcf02cSchristos int wpa_config_add_prio_network(struct wpa_config *config, 15688dbcf02cSchristos struct wpa_ssid *ssid); 15698dbcf02cSchristos int wpa_config_update_prio_list(struct wpa_config *config); 15708dbcf02cSchristos const struct wpa_config_blob * wpa_config_get_blob(struct wpa_config *config, 15718dbcf02cSchristos const char *name); 15728dbcf02cSchristos void wpa_config_set_blob(struct wpa_config *config, 15738dbcf02cSchristos struct wpa_config_blob *blob); 15748dbcf02cSchristos void wpa_config_free_blob(struct wpa_config_blob *blob); 15758dbcf02cSchristos int wpa_config_remove_blob(struct wpa_config *config, const char *name); 157636d97821Schristos void wpa_config_flush_blobs(struct wpa_config *config); 15778dbcf02cSchristos 157862a52023Schristos struct wpa_cred * wpa_config_get_cred(struct wpa_config *config, int id); 157962a52023Schristos struct wpa_cred * wpa_config_add_cred(struct wpa_config *config); 158062a52023Schristos int wpa_config_remove_cred(struct wpa_config *config, int id); 158162a52023Schristos void wpa_config_free_cred(struct wpa_cred *cred); 158262a52023Schristos int wpa_config_set_cred(struct wpa_cred *cred, const char *var, 158362a52023Schristos const char *value, int line); 158436d97821Schristos char * wpa_config_get_cred_no_key(struct wpa_cred *cred, const char *var); 158562a52023Schristos 15868dbcf02cSchristos struct wpa_config * wpa_config_alloc_empty(const char *ctrl_interface, 15878dbcf02cSchristos const char *driver_param); 15888dbcf02cSchristos #ifndef CONFIG_NO_STDOUT_DEBUG 15898dbcf02cSchristos void wpa_config_debug_dump_networks(struct wpa_config *config); 15908dbcf02cSchristos #else /* CONFIG_NO_STDOUT_DEBUG */ 15918dbcf02cSchristos #define wpa_config_debug_dump_networks(c) do { } while (0) 15928dbcf02cSchristos #endif /* CONFIG_NO_STDOUT_DEBUG */ 15938dbcf02cSchristos 15948dbcf02cSchristos 159542669be3Schristos /* Prototypes for common functions from config.c */ 159642669be3Schristos int wpa_config_process_global(struct wpa_config *config, char *pos, int line); 159742669be3Schristos 1598928750b6Schristos int wpa_config_get_num_global_field_names(void); 1599928750b6Schristos 1600928750b6Schristos const char * wpa_config_get_global_field_name(unsigned int i, int *no_var); 160142669be3Schristos 16028dbcf02cSchristos /* Prototypes for backend specific functions from the selected config_*.c */ 16038dbcf02cSchristos 16048dbcf02cSchristos /** 16058dbcf02cSchristos * wpa_config_read - Read and parse configuration database 16068dbcf02cSchristos * @name: Name of the configuration (e.g., path and file name for the 16078dbcf02cSchristos * configuration file) 160836d97821Schristos * @cfgp: Pointer to previously allocated configuration data or %NULL if none 16098dbcf02cSchristos * Returns: Pointer to allocated configuration data or %NULL on failure 16108dbcf02cSchristos * 16118dbcf02cSchristos * This function reads configuration data, parses its contents, and allocates 16128dbcf02cSchristos * data structures needed for storing configuration information. The allocated 16138dbcf02cSchristos * data can be freed with wpa_config_free(). 16148dbcf02cSchristos * 16158dbcf02cSchristos * Each configuration backend needs to implement this function. 16168dbcf02cSchristos */ 161736d97821Schristos struct wpa_config * wpa_config_read(const char *name, struct wpa_config *cfgp); 16188dbcf02cSchristos 16198dbcf02cSchristos /** 16208dbcf02cSchristos * wpa_config_write - Write or update configuration data 16218dbcf02cSchristos * @name: Name of the configuration (e.g., path and file name for the 16228dbcf02cSchristos * configuration file) 16238dbcf02cSchristos * @config: Configuration data from wpa_config_read() 16248dbcf02cSchristos * Returns: 0 on success, -1 on failure 16258dbcf02cSchristos * 16268dbcf02cSchristos * This function write all configuration data into an external database (e.g., 16278dbcf02cSchristos * a text file) in a format that can be read with wpa_config_read(). This can 16288dbcf02cSchristos * be used to allow wpa_supplicant to update its configuration, e.g., when a 16298dbcf02cSchristos * new network is added or a password is changed. 16308dbcf02cSchristos * 16318dbcf02cSchristos * Each configuration backend needs to implement this function. 16328dbcf02cSchristos */ 16338dbcf02cSchristos int wpa_config_write(const char *name, struct wpa_config *config); 16348dbcf02cSchristos 16358dbcf02cSchristos #endif /* CONFIG_H */ 1636