aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/defconfig
Commit message (Collapse)AuthorAgeFilesLines
* defconfig: Enable DBusLubomir Rintel2019-03-091-2/+2
| | | | | | | | | | | Acquire the new name, along with introspection. This is generally useful for other daemons to integrate with wpa_supplicant, notably NetworkManager. Debian and Fedora (and likely any other distro that configured wireless via NetworkManager) enable this. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* wpa_supplicant: Drop the old D-Bus interface supportLubomir Rintel2019-03-091-4/+0
| | | | | | | | | | | | This drops support for the fi.epitest.hostap.WPASupplicant D-Bus name along with the associated CONFIG_CTRL_IFACE_DBUS option. Nothing should really be using this since 2010. This is a just a straightforward removal. Perhaps the dbus_common.c and dbus_new.c can be merged now. Also, the "_NEW" suffix of the config option seems to make even less sense than it used to. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable IEEE 802.11w management frame protection (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | NetworkManager can use these if available and the distros generally enable this already. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: enable IEEE 802.11r fast BSS transition (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Linux distros already enable these, upcoming NetworkManager will support it too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable IEEE 802.11n and 802.11ac (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | I guess there's no reason anyone with capable hardware wouldn't want to enable these. Debian and Fedora aleady do. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable Hotspot 2.0 (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | Generally useful, Debian enables this. Other distros should too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable RSN on IBSS networks (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | Fedora and Debian enable this. NetworkManager actually rejects such configurations citing kernel bugs, but that actually might not be the right thing to do anymore. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Remove obsolete notes about OpenSSL requirements for EAP-FASTJouni Malinen2019-02-251-3/+0
| | | | | | | | OpenSSL 0.9.8 reached its end-of-life long time ago, so remove these old notes about need of a newer OpenSSL version for EAP-FAST since all current OpenSSL versions include the needed functionality. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable a handful of EAP methods (wpa_supplicant)Lubomir Rintel2019-02-251-8/+8
| | | | | | | | | | | | Fedora uses AKA, FAST, GPSK_SHA256, GPSK, IKEV2, PAX, SAKE and TNC. I don't know why these in particular. AKA wouldn't work, because CONFIG_PCSC is off anyways; let's enable all the other ones, and also PWD (openSUSE enabled it because users demanded it). Debian enables all of the above uses, but also PWD, AKA_PRIME, SIM, PSK and EKE. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable logging to file and syslog (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Debian and Fedora enable both and log to syslog. openSUSE seems to log to a flat file instead. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable simple bgscan module (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | Generally useful. Linux distros enable this and also utilize it via NetworkManager. Debian also enables the learn module. I'm leaving it off as it's marked experimental. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable AP (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | Generally useful. Debian and Fedora enable this and support creating access points via NetworkManager too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Enable WPS (wpa_supplicant)Lubomir Rintel2019-02-251-1/+1
| | | | | | | | | | WPS is generally useful with consumer hardware, and exposed to desktop users via NetworkManager. The Linux distros, including Debian, Fedora, and openSUSE enable it. Debian also enables external registar support and NFC. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Fix typos in Wi-Fi Display descriptionJouni Malinen2019-02-251-2/+2
| | | | | | These were supposed to be talking about Wi-Fi Display, not Wi-Fi Direct. Signed-off-by: Jouni Malinen <j@w1.fi>
* defconfig: Enable P2P and Wi-Fi Display (wpa_supplicant)Lubomir Rintel2019-02-251-2/+2
| | | | | | | Generally useful. Debian and Fedora enable this, upcoming NetworkManager provide some level of support too. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add SAE (wpa_supplicant)Lubomir Rintel2019-02-251-0/+3
| | | | | | | Generally useful and the distros (Debian, Fedora) enable this already to support WPA3-Personal and protected 802.11s mesh BSSs. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* defconfig: Add DPP (wpa_supplicant)Lubomir Rintel2019-02-251-0/+5
| | | | | | Generally useful, already enabled in Debian and Fedora. Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* FILS: Remove notes about experimental implementationJouni Malinen2019-01-221-2/+0
| | | | | | | | | The standard amendment has been published and there has been sufficient amount of interoperability testing for FILS to expect the protocol not to be changed anymore, so remove the notes claiming this to be experimental and not suitable for production use. Signed-off-by: Jouni Malinen <j@w1.fi>
* crypto: Add option to use getrandom()Lubomir Rintel2019-01-011-0/+5
| | | | | | | | | | | | | | | | | | | | | According to random(4) manual, /dev/random is essentially deprecated on Linux for quite some time: "The /dev/random interface is considered a legacy interface, and /dev/urandom is preferred and sufficient in all use cases, with the exception of applications which require randomness during early boot time; for these applications, getrandom(2) must be used instead, because it will block until the entropy pool is initialized." An attempt to use it would cause unnecessary blocking on machines without a good hwrng even when it shouldn't be needed. Since Linux 3.17, a getrandom(2) call is available that will block only until the randomness pool has been seeded. It is probably not a good default yet as it requires a fairly recent kernel and glibc (3.17 and 2.25 respectively). Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
* OCV: Add build configuration for channel validation supportMathy Vanhoef2018-12-161-0/+3
| | | | | | Add compilation flags for Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Uncomment CONFIG_LIBNL32=y in defconfigJouni Malinen2018-12-021-1/+1
| | | | | | | | libnl 3.2 release is much more likely to be used nowadays than the versions using the older API, so uncomment this in wpa_supplicant and hostapd defconfig. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove CONFIG_IEEE80211R_AP=y build option from wpa_supplicantJouni Malinen2018-04-021-4/+0
| | | | | | | | | | | | There is no existing mechanism for setting up AP mode functionality with FT enabled, so there is not really much point in having a build option for trying to include the AP-to-AP FT functionality into wpa_supplicant either. Since this build option results in failures to complete the build, simply remove it completely. This can be restored if there is ever desire to enable FT functionality in wpa_supplicant controlled AP mode. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add config information related to MACsecJaap Keuter2018-04-011-2/+11
| | | | | | | | | | Add examples of relevant top level CONFIG clauses for wpa_supplicant MACsec support to defconfig. Extend the example of MACsec related network configuration. Also bring them in line with the format of the other example network configurations. Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add build option to select default ciphersBeniamino Galvani2017-07-171-0/+4
| | | | | | | | | | | | | | Add a build option to select different default ciphers for OpenSSL instead of the hardcoded default "DEFAULT:!EXP:!LOW". This new option is useful on distributions where the security level should be consistent for all applications, as in Fedora [1]. In such cases the new configuration option would be set to "" or "PROFILE=SYSTEM" to select the global crypto policy by default. [1] https://fedoraproject.org/wiki/Changes/CryptoPolicy Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* FILS: Add FILS SK auth PFS support in STA modeJouni Malinen2017-03-121-0/+2
| | | | | | | | | | | This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Add CONFIG_OWE=y build optionJouni Malinen2017-03-121-0/+4
| | | | | | | This can be used to enable OWE support in hostapd and wpa_supplicant builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)Jouni Malinen2017-02-281-0/+1
| | | | | | | | | | | CONFIG_TLS=linux can now be used to select the crypto implementation that uses the user space socket interface (AF_ALG) for the Linux kernel crypto implementation. This commit includes some of the cipher, hash, and HMAC functions. The functions that are not available through AF_ALG (e.g., the actual TLS implementation) use the internal implementation (CONFIG_TLS=internal). Signed-off-by: Jouni Malinen <j@w1.fi>
* Add bgscan options to wpa_supplicant defconfigJouni Malinen2017-02-111-0/+10
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix wpa_supplicant defconfig copy-paste descriptionJouni Malinen2017-02-111-3/+3
| | | | | | This is obviously for the wpa_supplicant binary, not hostapd. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add CONFIG_MESH into wpa_supplicant defconfigMasashi Honma2016-12-301-0/+3
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* External persistent storage for PMKSA cache entriesJouni Malinen2016-12-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds new wpa_supplicant control interface commands PMKSA_GET and PMKSA_ADD that can be used to store PMKSA cache entries in an external persistent storage when terminating a wpa_supplicant process and then restore those entries when starting a new process. The previously added PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing the external storage with the memory-only volatile storage within wpa_supplicant. "PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to a specific network profile. The network_id of the current profile is available with the STATUS command (id=<network_id). In addition, the network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The output of the PMKSA_GET command uses the following format: <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> For example: 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0 The PMKSA_GET command uses the following format: <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> (i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET output data; however, the reauth_time and expiration values need to be updated by decrementing them by number of seconds between the PMKSA_GET and PMKSA_ADD commands) For example: PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0 PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0 This functionality is disabled be default and can be enabled with CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be noted that this allows any process that has access to the wpa_supplicant control interface to use PMKSA_ADD command to fetch keying material (PMK), so this is for environments in which the control interface access is restricted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FT: Differentiate between FT for station and for AP in buildIlan Peer2016-10-291-1/+5
| | | | | | | | | | | | | | Previously, CONFIG_IEEE80211R enabled build that supports FT for both station mode and AP mode. However, in most wpa_supplicant cases only station mode FT is required and there is no need for AP mode FT. Add support to differentiate between station mode FT and AP mode FT in wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used when AP mode FT support is required in addition to station mode FT. This allows binary size to be reduced for builds that require only the station side FT functionality. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Add CONFIG_IBSS_RSN=y into wpa_supplicant defconfigJouni Malinen2016-10-281-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add wpa_supplicant configuration optionsJouni Malinen2016-10-101-0/+5
| | | | | | | This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add interface matching support with -M, guarded by CONFIG_MATCH_IFACERoy Marples2016-03-221-0/+3
| | | | | | | | | The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
* MBO: Add non-preferred channel configuration in wpa_supplicantDavid Spinadel2016-02-211-0/+3
| | | | | | Add non-preferred channel configuration to wpa_config for MBO. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Add CONFIG_ELOOP_KQUEUE to defconfigRoy Marples2016-02-181-0/+3
| | | | Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Enable Automatic Channel Selection support for AP modeTomasz Bursztyka2015-12-241-0/+26
| | | | | | | | | | Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
* l2_packet: Add build option to disable Linux packet socket workaroundMohammed Shafi Shajakhan2015-10-251-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Linux packet socket workaround(*) has an impact in performance when the workaround socket needs to be kept open to receive EAPOL frames. While this is normally avoided with a kernel that has the issue addressed by closing the workaround packet socket when detecting a frame through the main socket, it is possible for that mechanism to not be sufficient, e.g., when an open network connection (no EAPOL frames) is used. Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the workaround. This build option is disabled by default and can be enabled explicitly on distributions which have an older kernel or a fix for the kernel regression. Also remove the unused variable num_rx. (*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge: respect RFC2863 operational state') from 2012 introduced a regression for using wpa_supplicant with EAPOL frames and a station interface in a bridge. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* nl80211: Add build option for QCA vendor extensionsJouni Malinen2015-10-011-0/+3
| | | | | | | This allows the binary sizes to be reduced if no support for nl80211 vendor extensions are needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Linker changes for building eapol_test on OS XAlan T. DeKok2015-09-251-0/+3
| | | | Signed-off-by: Alan DeKok <aland@freeradius.org>
* FST: Testing supportAnton Nayshtut2015-07-161-0/+3
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: wpa_supplicant build rulesAnton Nayshtut2015-07-161-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* test: Remove driver_test.cJouni Malinen2014-10-111-3/+0
| | | | | | | | | | | | The driver_test.c driver wrapper (-Dtest in wpa_supplicant and driver=test in hostapd) was previously used for testing without real Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all these needs and there has been no improvements or use for driver_test.c in a long while. Because of this, there has not really been any effort to maintain this older test tool and no justification to change this either. Remove the obsoleted test mechanism to clean up the repository. Signed-off-by: Jouni Malinen <j@w1.fi>
* eloop: Add epoll option for better performanceMasashi Honma2014-05-161-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds epoll option for the eloop implementation. This can be selected with the CONFIG_ELOOP_EPOLL=y build option. [merit] See Table1. Table1. comparison table +--------+--------+-----------+------------+-------------+ | | add fd | remove fd | prepare fd | dispatch fd | +--------+--------+-----------+------------+-------------+ | select | O(1) | O(1) | O(N) | O(N) | +--------+--------+-----------+------------+-------------+ | poll | O(1) | O(1) | O(N) | O(N) | +--------+--------+-----------+------------+-------------+ | epoll | O(1) | O(1) | 0 | O(M) | +--------+--------+-----------+------------+-------------+ "add fd" is addition of fd by eloop_sock_table_add_sock(). "remove fd" is removal of fd by eloop_sock_table_remove_sock(). "prepare fd" is preparation of fds before wait in eloop_run(). "dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch(). "N" is all watching fds. "M" is fds which could be dispatched after waiting. As shown in Table1, epoll option has better performance on "prepare fd" column. Because select/poll option requires setting fds before every select()/poll(). But epoll_wait() doesn't need it. And epoll option has also better performance on "dispatch fd" column. Because select/poll option needs to check all registered fds to find out dispatchable fds. But epoll option doesn't require checking all registered fds. Because epoll_wait() returns dispatchable fd set. So epoll option is effective for GO/AP functionality. [demerit] The epoll option requires additional heap memory. In case of P2P GO, it is about 8K bytes. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* WPS: Enable WSC 2.0 support unconditionallyJouni Malinen2014-03-251-2/+0
| | | | | | | | | There is not much point in building devices with WPS 1.0 only supported nowadays. As such, there is not sufficient justification for maintaining extra complexity for the CONFIG_WPS2 build option either. Remove this by enabling WSC 2.0 support unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Add support for IPv6 with UDP ctrl_ifaceJanusz Dziedzic2014-02-251-0/+2
| | | | | | | | | | | | | | | | | | | | Add IPv6 support when using udp/udp-remote control interface using the following new build configuration options: CONFIG_CTRL_IFACE=udp6 CONFIG_CTRL_IFACE=udp6-remote This is useful for testing, while we don't need to assign IPv4 address (static or using DHCP) and can just use auto configured IPv6 addresses (link local, which is based on the MAC address). Also add scope id support for link local case. For example, ./wpa_cli ./wpa_cli -i ::1,9877 ./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* nl80211: Document how to configure for libnl 2.0 and 3.2Ben Greear2014-01-071-0/+13
| | | | | | Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com> Signed-hostap: Ben Greear <greearb@candelatech.com>
* Remove forgotten notes about already removed driver wrappersJouni Malinen2014-01-021-57/+0
| | | | | | | | These old driver wrappers have been removed quite some time ago, but some of the build configuration notes were still describing how they are configured. Signed-hostap: Jouni Malinen <j@w1.fi>