path: root/wpa_supplicant/defconfig
Commit message (Collapse)AuthorAgeFilesLines
* OCV: Add build configuration for channel validation supportMathy Vanhoef2018-12-161-0/+3
| | | | | | Add compilation flags for Operating Channel Verification (OCV) support. Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
* Uncomment CONFIG_LIBNL32=y in defconfigJouni Malinen2018-12-021-1/+1
| | | | | | | | libnl 3.2 release is much more likely to be used nowadays than the versions using the older API, so uncomment this in wpa_supplicant and hostapd defconfig. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove CONFIG_IEEE80211R_AP=y build option from wpa_supplicantJouni Malinen2018-04-021-4/+0
| | | | | | | | | | | | There is no existing mechanism for setting up AP mode functionality with FT enabled, so there is not really much point in having a build option for trying to include the AP-to-AP FT functionality into wpa_supplicant either. Since this build option results in failures to complete the build, simply remove it completely. This can be restored if there is ever desire to enable FT functionality in wpa_supplicant controlled AP mode. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add config information related to MACsecJaap Keuter2018-04-011-2/+11
| | | | | | | | | | Add examples of relevant top level CONFIG clauses for wpa_supplicant MACsec support to defconfig. Extend the example of MACsec related network configuration. Also bring them in line with the format of the other example network configurations. Signed-off-by: Jaap Keuter <jaap.keuter@xs4all.nl>
* Remove all PeerKey functionalityJouni Malinen2017-10-151-3/+0
| | | | | | | | | | | | | | | | | | | | | | | | This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
* OpenSSL: Add build option to select default ciphersBeniamino Galvani2017-07-171-0/+4
| | | | | | | | | | | | | | Add a build option to select different default ciphers for OpenSSL instead of the hardcoded default "DEFAULT:!EXP:!LOW". This new option is useful on distributions where the security level should be consistent for all applications, as in Fedora [1]. In such cases the new configuration option would be set to "" or "PROFILE=SYSTEM" to select the global crypto policy by default. [1] https://fedoraproject.org/wiki/Changes/CryptoPolicy Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
* FILS: Add FILS SK auth PFS support in STA modeJouni Malinen2017-03-121-0/+2
| | | | | | | | | | | This adds an option to configure wpa_supplicant to use the perfect forward secrecy option in FILS shared key authentication. A new build option CONFIG_FILS_SK_PFS=y can be used to include this functionality. A new runtime network profile parameter fils_dh_group is used to enable this by specifying which DH group to use. For example, fils_dh_group=19 would use FILS SK PFS with a 256-bit random ECP group. Signed-off-by: Jouni Malinen <j@w1.fi>
* OWE: Add CONFIG_OWE=y build optionJouni Malinen2017-03-121-0/+4
| | | | | | | This can be used to enable OWE support in hostapd and wpa_supplicant builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* af_alg: Crypto wrappers for Linux kernel crypto (AF_ALG)Jouni Malinen2017-02-281-0/+1
| | | | | | | | | | | CONFIG_TLS=linux can now be used to select the crypto implementation that uses the user space socket interface (AF_ALG) for the Linux kernel crypto implementation. This commit includes some of the cipher, hash, and HMAC functions. The functions that are not available through AF_ALG (e.g., the actual TLS implementation) use the internal implementation (CONFIG_TLS=internal). Signed-off-by: Jouni Malinen <j@w1.fi>
* Add bgscan options to wpa_supplicant defconfigJouni Malinen2017-02-111-0/+10
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix wpa_supplicant defconfig copy-paste descriptionJouni Malinen2017-02-111-3/+3
| | | | | | This is obviously for the wpa_supplicant binary, not hostapd. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add CONFIG_MESH into wpa_supplicant defconfigMasashi Honma2016-12-301-0/+3
| | | | Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* External persistent storage for PMKSA cache entriesJouni Malinen2016-12-121-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds new wpa_supplicant control interface commands PMKSA_GET and PMKSA_ADD that can be used to store PMKSA cache entries in an external persistent storage when terminating a wpa_supplicant process and then restore those entries when starting a new process. The previously added PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing the external storage with the memory-only volatile storage within wpa_supplicant. "PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to a specific network profile. The network_id of the current profile is available with the STATUS command (id=<network_id). In addition, the network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The output of the PMKSA_GET command uses the following format: <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> For example: 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0 The PMKSA_GET command uses the following format: <network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds> <akmp> <opportunistic> (i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET output data; however, the reauth_time and expiration values need to be updated by decrementing them by number of seconds between the PMKSA_GET and PMKSA_ADD commands) For example: PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0 PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0 This functionality is disabled be default and can be enabled with CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be noted that this allows any process that has access to the wpa_supplicant control interface to use PMKSA_ADD command to fetch keying material (PMK), so this is for environments in which the control interface access is restricted. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FT: Differentiate between FT for station and for AP in buildIlan Peer2016-10-291-1/+5
| | | | | | | | | | | | | | Previously, CONFIG_IEEE80211R enabled build that supports FT for both station mode and AP mode. However, in most wpa_supplicant cases only station mode FT is required and there is no need for AP mode FT. Add support to differentiate between station mode FT and AP mode FT in wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used when AP mode FT support is required in addition to station mode FT. This allows binary size to be reduced for builds that require only the station side FT functionality. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* Add CONFIG_IBSS_RSN=y into wpa_supplicant defconfigJouni Malinen2016-10-281-0/+5
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FILS: Add wpa_supplicant configuration optionsJouni Malinen2016-10-101-0/+5
| | | | | | | This adds CONFIG_FILS=y build configuration option and new key management options for FILS authentication. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add interface matching support with -M, guarded by CONFIG_MATCH_IFACERoy Marples2016-03-221-0/+3
| | | | | | | | | The new wpa_supplicant command line argument -M can be used to describe matching rules with a wildcard interface name (e.g., "wlan*"). This is very useful for systems without udev (Linux) or devd (FreeBSD). Signed-off-by: Roy Marples <roy@marples.name>
* MBO: Add non-preferred channel configuration in wpa_supplicantDavid Spinadel2016-02-211-0/+3
| | | | | | Add non-preferred channel configuration to wpa_config for MBO. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Add CONFIG_ELOOP_KQUEUE to defconfigRoy Marples2016-02-181-0/+3
| | | | Signed-off-by: Roy Marples <roy@marples.name>
* wpa_supplicant: Enable Automatic Channel Selection support for AP modeTomasz Bursztyka2015-12-241-0/+26
| | | | | | | | | | Since hostapd supports ACS now, let's enable its support in wpa_supplicant as well when starting AP mode. Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com> [u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master] [u.oelmann@pengutronix.de: adjusted added text in defconfig] Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
* l2_packet: Add build option to disable Linux packet socket workaroundMohammed Shafi Shajakhan2015-10-251-0/+6
| | | | | | | | | | | | | | | | | | | | | | | Linux packet socket workaround(*) has an impact in performance when the workaround socket needs to be kept open to receive EAPOL frames. While this is normally avoided with a kernel that has the issue addressed by closing the workaround packet socket when detecting a frame through the main socket, it is possible for that mechanism to not be sufficient, e.g., when an open network connection (no EAPOL frames) is used. Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the workaround. This build option is disabled by default and can be enabled explicitly on distributions which have an older kernel or a fix for the kernel regression. Also remove the unused variable num_rx. (*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge: respect RFC2863 operational state') from 2012 introduced a regression for using wpa_supplicant with EAPOL frames and a station interface in a bridge. Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
* nl80211: Add build option for QCA vendor extensionsJouni Malinen2015-10-011-0/+3
| | | | | | | This allows the binary sizes to be reduced if no support for nl80211 vendor extensions are needed. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Linker changes for building eapol_test on OS XAlan T. DeKok2015-09-251-0/+3
| | | | Signed-off-by: Alan DeKok <aland@freeradius.org>
* FST: Testing supportAnton Nayshtut2015-07-161-0/+3
| | | | | | This patch introduces infrastructure needed for FST module tests. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* FST: wpa_supplicant build rulesAnton Nayshtut2015-07-161-0/+3
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* test: Remove driver_test.cJouni Malinen2014-10-111-3/+0
| | | | | | | | | | | | The driver_test.c driver wrapper (-Dtest in wpa_supplicant and driver=test in hostapd) was previously used for testing without real Wi-Fi hardware. mac80211_hwsim-based tests have practically replaced all these needs and there has been no improvements or use for driver_test.c in a long while. Because of this, there has not really been any effort to maintain this older test tool and no justification to change this either. Remove the obsoleted test mechanism to clean up the repository. Signed-off-by: Jouni Malinen <j@w1.fi>
* eloop: Add epoll option for better performanceMasashi Honma2014-05-161-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch adds epoll option for the eloop implementation. This can be selected with the CONFIG_ELOOP_EPOLL=y build option. [merit] See Table1. Table1. comparison table +--------+--------+-----------+------------+-------------+ | | add fd | remove fd | prepare fd | dispatch fd | +--------+--------+-----------+------------+-------------+ | select | O(1) | O(1) | O(N) | O(N) | +--------+--------+-----------+------------+-------------+ | poll | O(1) | O(1) | O(N) | O(N) | +--------+--------+-----------+------------+-------------+ | epoll | O(1) | O(1) | 0 | O(M) | +--------+--------+-----------+------------+-------------+ "add fd" is addition of fd by eloop_sock_table_add_sock(). "remove fd" is removal of fd by eloop_sock_table_remove_sock(). "prepare fd" is preparation of fds before wait in eloop_run(). "dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch(). "N" is all watching fds. "M" is fds which could be dispatched after waiting. As shown in Table1, epoll option has better performance on "prepare fd" column. Because select/poll option requires setting fds before every select()/poll(). But epoll_wait() doesn't need it. And epoll option has also better performance on "dispatch fd" column. Because select/poll option needs to check all registered fds to find out dispatchable fds. But epoll option doesn't require checking all registered fds. Because epoll_wait() returns dispatchable fd set. So epoll option is effective for GO/AP functionality. [demerit] The epoll option requires additional heap memory. In case of P2P GO, it is about 8K bytes. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* WPS: Enable WSC 2.0 support unconditionallyJouni Malinen2014-03-251-2/+0
| | | | | | | | | There is not much point in building devices with WPS 1.0 only supported nowadays. As such, there is not sufficient justification for maintaining extra complexity for the CONFIG_WPS2 build option either. Remove this by enabling WSC 2.0 support unconditionally. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Add support for IPv6 with UDP ctrl_ifaceJanusz Dziedzic2014-02-251-0/+2
| | | | | | | | | | | | | | | | | | | | Add IPv6 support when using udp/udp-remote control interface using the following new build configuration options: CONFIG_CTRL_IFACE=udp6 CONFIG_CTRL_IFACE=udp6-remote This is useful for testing, while we don't need to assign IPv4 address (static or using DHCP) and can just use auto configured IPv6 addresses (link local, which is based on the MAC address). Also add scope id support for link local case. For example, ./wpa_cli ./wpa_cli -i ::1,9877 ./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877 Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* nl80211: Document how to configure for libnl 2.0 and 3.2Ben Greear2014-01-071-0/+13
| | | | | | Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com> Signed-hostap: Ben Greear <greearb@candelatech.com>
* Remove forgotten notes about already removed driver wrappersJouni Malinen2014-01-021-57/+0
| | | | | | | | These old driver wrappers have been removed quite some time ago, but some of the build configuration notes were still describing how they are configured. Signed-hostap: Jouni Malinen <j@w1.fi>
* Update EAP-FAST note regarding OpenSSL supportJouni Malinen2014-01-021-4/+3
| | | | | | This is now supported in the current OpenSSL version. Signed-hostap: Jouni Malinen <j@w1.fi>
* Add Wi-Fi Direct to the build configuration exampleJouni Malinen2013-11-201-0/+5
| | | | | | | In addition, include Wi-Fi Direct support for Android builds by default. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* eloop: Remove eloop_none.cJouni Malinen2013-11-171-1/+0
| | | | | | | | | | This was supposed to be a minimal sample of eloop wrapper, but it is unclear whether this is of that much use and the file has not been kept up-to-date. Remove this file to reduce maintenance effort. The other eloop*.c files can be used as a starting point if something new is needed. Signed-hostap: Jouni Malinen <j@w1.fi>
* Replace unnecessary UTF-8 characters with ASCII versionsJouni Malinen2013-11-021-1/+1
| | | | | | | There is no need for using UTF-8 in these files when perfectly fine ASCII versions of these characters exist. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Add CONFIG_IEEE80211ACEliad Peller2013-10-271-0/+4
| | | | | | | In order to support P2P GO with 11ac support, add CONFIG_IEEE80211AC config option support to the Makefile. Signed-hostap: Eliad Peller <eliadx.peller@intel.com>
* EAP-EKE: Add peer implementationJouni Malinen2013-07-071-0/+3
| | | | | | This adds a new password-based EAP method defined in RFC 6124. Signed-hostap: Jouni Malinen <j@w1.fi>
* Remove CONFIG_NO_WPA2 build parameterJouni Malinen2013-06-071-5/+0
| | | | | | | | | | There is not much use for enabling WPA without WPA2 nowadays since most networks have been upgraded to WPA2. Furthermore, the code size savings from disabling just WPA2 are pretty small, so there is not much justification for maintaining this build option. Remove it to get rid of undesired complexity. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Synchronize build config comments for wpa_supplicantJouni Malinen2013-05-041-0/+10
| | | | | | | | This updates number of comments in android.config to match the latest version in defconfig and adds some of the entries that were previously present only in android.config into defconfig. Signed-hostap: Jouni Malinen <j@w1.fi>
* wpa_supplicant: Support VHT capability overridesJohannes Berg2013-03-101-0/+3
| | | | | | | | | Add support for VHT capability overrides to allow testing connections with a subset of the VHT capabilities that are actually supported by the device. The only thing that isn't currently supported (by mac80211 and this code) is the RX/TX highest rate field. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
* wpa_supplicant: Add optional remote access for ctrl_ifaceJanusz Dziedzic2012-08-051-0/+1
| | | | | | | | | Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This enables remote access to control interface via UDP port(s). This should be used for testing purpose only since there is no authentication or access control on the commands. Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
* EXT PW: Add framework for supporting external password storageJouni Malinen2012-08-031-0/+8
| | | | | | | | | | | This new mechanism can be used to make wpa_supplicant using external storage (e.g., key store in the operating system) for passwords, passphrases, and PSKs. This commit is only adding the framework part needed to support this, i.e., no actual configuration parameter can yet use this new mechanism. In addition, only a simple test backend is added to allow developer testing of the functionality. Signed-hostap: Jouni Malinen <j@w1.fi>
* WPS: Document NFC use cases with password/config tokenJouni Malinen2012-06-281-0/+2
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* Add a simple periodic autoscan moduleTomasz Bursztyka2012-06-261-0/+2
| | | | | | | This module will sets a fixed scanning interval. Thus, the parameter to this module is following this format: <fixed interval> Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* Add autoscan module named exponentialTomasz Bursztyka2012-06-261-1/+4
| | | | | | | This module will compute the interval on a base exponential. Thus, params to this module are following this format: <base>:<limit> Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* Add automatic scanning supportTomasz Bursztyka2012-06-261-0/+5
| | | | | | | | | | | | | | | | | | | Like bgscan, autoscan is an optional module based feature to automate scanning but while disconnected or inactive. Instead of requesting directly a scan, it only sets the scan_interval and the sched_scan_interval. So, if the driver supports sched_scan, autoscan will be able to tweak its interval. Otherwise, the tweaked scan_interval will be used. If scan parameters needs to be tweaked, an autoscan_params pointer in wpa_s will provide those. So req_scan / req_sched_scan will not set the scan parameters as they usually do, but instead will use this pointer. Modules will not have to request a scan directly, like bgscan does. Instead, it will need to return the interval it wants after each notification. Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
* Describe CONFIG_AP=y and CONFIG_P2P=y in defconfigJouni Malinen2012-06-231-0/+12
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>
* WNM: Add advertisement of BSS max idle periodJouni Malinen2012-05-281-0/+4
| | | | | | | | | | | If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period information to the (Re)Association Response frame from the AP and parse this information on the station. For SME-in-wpa_supplicant case, add a timer to handle periodic transmission of the keep-alive frame. The actual request for the driver to transmit a frame is not yet implemented. Signed-hostap: Jouni Malinen <j@w1.fi>
* HS 2.0: Add Hotspot 2.0 ANQP routinesJay Katabathuni2012-05-081-0/+3
| | | | Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
* Add more documentation for IEEE 802.11w/PMF configurationJouni Malinen2012-05-051-3/+1
| | | | Signed-hostap: Jouni Malinen <j@w1.fi>