aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd/config_file.c
Commit message (Collapse)AuthorAgeFilesLines
* hostapd Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-101-0/+2
| | | | | | | | | gas_address3=1 can now be used to force hostapd to use the IEEE 802.11 standards compliant Address 3 field value (Wildcard BSSID when not associated) even if the GAS request uses non-compliant address (AP BSSID). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use a shared helper function for parsing hostapd.conf IEsJouni Malinen2016-04-201-56/+27
| | | | | | | | wpabuf_parse_bin() can be used to take care of parsing a hexstring to a wpabuf and a shared helper function can take care of clearing the previous value when empty string is used. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add assocresp_elements parameter for hostapdBala Krishna Bhamidipati2016-04-201-0/+30
| | | | | | | | This new parameter allows hostapd to add Vendor Specific elements into (Re)Association Response frames similarly to the way vendor_elements parameter can be used for Beacon and Probe Response frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Extend the configuration of RRM capabilitiesDavid Spinadel2016-04-161-1/+13
| | | | | | | | | | | | | Extend the radio_measurements parameter to save all the supported RRM capabilities as it's used in RM enabled capabilities element. Make this parameter not directly configurable via config file (though, keep the radio_measurements parameter for some time for backwards compatibility). Instead, add a configuration option to enable neighbor report via radio measurements. Other features can be added later as well. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move itDavid Spinadel2016-04-091-28/+5
| | | | | | | Make the function available as part of the wpabuf API. Use this renamed function where possible. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* hostapd: Set LCI and Location Civic information in configurationDavid Spinadel2016-04-091-2/+6
| | | | | | | Enable configuration of LCI and location civic information in hostapd.conf. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* FST: Fix a compiler warningJouni Malinen2016-03-201-1/+2
| | | | | | | | | FST_MAX_PRIO_VALUE is unsigned (u32) and some gcc versions warning about comparisong to long int val at least on 32-bit builds. Get rid of this warning by type casesing val to unsigned long int after having verified that it is positive. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Allow use of driver-generated interface addressesEliad Peller2016-03-061-0/+2
| | | | | | | | | Add a new 'use_driver_iface_addr' configuration parameter to allow use of the default interface address generated by the driver on interface creation. This can be useful when specific MAC addresses were allocated to the device and we want to use them for multi-BSS operation. Signed-off-by: Eliad Peller <eliad@wizery.com>
* hostapd: Add MBO IE to Beacon, Probe Response, Association ResponseAvraham Stern2016-02-221-0/+4
| | | | | | | | | | | | | | | | | | Add MBO IE with AP capability attribute to Beacon, Probe Response, and (Re)Association Response frames to indicate the AP supports MBO. Add option to add Association Disallowed attribute to Beacon, Probe Response, and (Re)Association Response frames. Usage: SET mbo_assoc_disallow <reason code> Valid reason code values are between 1-5. Setting the reason code to 0 will remove the Association Disallowed attribute from the MBO IE and will allow new associations. MBO functionality is enabled by setting "mbo=1" in the config file. Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* VLAN: Add per-STA vif optionMichael Braun2016-02-171-0/+2
| | | | | | | | This allows the stations to be assigned to their own vif. It does not need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if !vlan_desc.notempty, so vlan_id can be assigned regardless. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* VLAN: Separate station grouping and uplink configurationMichael Braun2016-02-171-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Separate uplink configuration (IEEE 802.1q VID) and grouping of stations into AP_VLAN interfaces. The int vlan_id will continue to identify the AP_VLAN interface the station should be assigned to. Each AP_VLAN interface corresponds to an instance of struct hostapd_vlan that is uniquely identified by int vlan_id within an BSS. New: Each station and struct hostapd_vlan holds a struct vlan_description vlan_desc member that describes the uplink configuration requested. Currently this is just an int untagged IEEE 802.1q VID, but can be extended to tagged VLANs and other settings easily. When the station was about to be assigned its vlan_id, vlan_desc and vlan_id will now be set simultaneously by ap_sta_set_vlan(). So sta->vlan_id can still be tested for whether the station needs to be moved to an AP_VLAN interface. To ease addition of tagged VLAN support, a member notempty is added to struct vlan_description. Is is set to 1 if an untagged or tagged VLAN assignment is requested and needs to be validated. The inverted form allows os_zalloc() to initialize an empty description. Though not depended on by the code, vlan_id assignment ensures: * vlan_id = 0 will continue to mean no AP_VLAN interface * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id with no per_sta_vif and no extra tagged vlan. * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans. This way struct wpa_group and drivers API do not need to be changed in order to implement tagged VLANs or per_sta_vif support. DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only, thus grouping of the stations for per_sta_vif can be used with DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct hostapd_vlan is still used to manage AP_VLAN interfaces. MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will continue to refer to int vlan_id. Renaming vlan_id to vlan_desc when type changed from int to struct vlan_description was avoided when vlan_id was also used in a way that did not depend on its type (for example, when passed to another function). Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN %d" will refer to untagged IEEE 802.1q VID. Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
* Server configuration for OCSP stapling with ocsp_multi (RFC 6961)Jouni Malinen2015-12-221-0/+3
| | | | | | | | | | | This adds a new hostapd configuration parameter ocsp_stapling_response_multi that can be used similarly to the existing ocsp_stapling_response, but for the purpose of providing multiple cached OCSP responses. This commit adds only the configuration parameter, but does not yet add support for this mechanism with any of the supported TLS implementations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Use proper build config for parsing proxy_arpMatt Woods2015-12-051-2/+4
| | | | | | | | | | In the definition of struct hostapd_bss_config, proxy_arp isn't affected by the macro CONFIG_HS20. In addition, proxy_arp is not described in the section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp should be decided its action area by the macro CONFIG_PROXYARP which is used to select whether the needed function gets included in the build. Signed-off-by: Matt Woods <matt.woods@aliyun.com>
* eap_sim_db: Implement eap_sim_db_expire_pending()Frederic Leroy2015-10-311-0/+2
| | | | | | | Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1 second and is user configurable in hostapd.conf (eap_sim_db_timeout). Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
* Allow -1 as value to disable frag_thresholdMatthias May2015-10-281-2/+4
| | | | | | | To be consistent with the internal representation of how to disable framentation, allow -1 as a value to disable it in configuration. Signed-off-by: Matthias May <matthias.may@neratec.com>
* Extend the range of values for the RTS thresholdMatthias May2015-10-281-1/+1
| | | | | | | | Since we have HT rates the maximum framesize is no longer 2346. The usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1 is already internally used. Allow it in the configuration parameter. Signed-off-by: Matthias May <matthias.may@neratec.com>
* Option to reduce Probe Response frame responses during max STAJouni Malinen2015-10-171-0/+2
| | | | | | | | | | | The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can be used to request hostapd not to reply to broadcast Probe Request frames from unassociated STA if there is no room for additional stations (max_num_sta). This can be used to discourage a STA from trying to associate with this AP if the association would be rejected due to maximum STA limit. Signed-off-by: Jouni Malinen <j@w1.fi>
* Increase the maximum hostapd.conf line length to 4096 bytesJouni Malinen2015-10-081-1/+1
| | | | | | | | | It was already possible to use longer values through the control interface SET command, but the configuration file parser was still limited to 512 byte lines. Increase this to 4096 bytes since some of the configuration parameters (e.g., anqp_elem) can be longer. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Interworking: Add support for configuring arbitrary ANQP-elementsJouni Malinen2015-10-071-0/+51
| | | | | | | | | | | | | | | | | | The new hostapd configuration parameter anqp_elem can now be used to configure arbitrary ANQP-elements for the GAS/ANQP server. In addition to supporting new elements, this can be used to override previously supported elements if some special values are needed (mainly for testing purposes). The parameter uses following format: anqp_elem=<InfoID>:<hexdump of payload> For example, AP Geospatial Location ANQP-element with unknown location: anqp_elem=265:0000 and AP Civic Location ANQP-element with unknown location: anqp_elem=266:000000 Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Add testing option to use only ECSAJohannes Berg2015-10-031-0/+2
| | | | | | | | Some APs don't include a CSA IE when an ECSA IE is generated, and mac80211 used to fail following their channel switch. Add a testing option to hostapd to allow reproducing the behavior. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
* Add option to reject authentication on 2.4 GHz from dualband STAJouni Malinen2015-09-051-0/+3
| | | | | | | | | | | | | | | | | | The new no_auth_if_seen_on=<ifname> parameter can now be used to configure hostapd to reject authentication from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to reject authentication attempts from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for connecting with the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add option to ignore Probe Request frames on 2.4 GHz from dualband STAJouni Malinen2015-09-051-0/+3
| | | | | | | | | | | | | | | | | | | The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to configure hostapd to not reply to group-addressed Probe Request from a station that was seen on another radio. This can be used with enabled track_sta_max_num configuration on another interface controlled by the same hostapd process to restrict Probe Request frame handling from replying to group-addressed Probe Request frames from a station that has been detected to be capable of operating on another band, e.g., to try to reduce likelihood of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz BSS concurrently. Note: Enabling this can cause connectivity issues and increase latency for discovering the AP. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add mechanism to track unconnected stationsJouni Malinen2015-09-051-0/+4
| | | | | | | | | | | hostapd can now be configured to track unconnected stations based on Probe Request frames seen from them. This can be used, e.g., to detect dualband capable station before they have associated. Such information could then be used to provide guidance on which colocated BSS to use in case of a dualband AP that operates concurrently on multiple bands under the control of a single hostapd process. Signed-off-by: Jouni Malinen <j@w1.fi>
* EAP server: Add tls_session_lifetime configurationJouni Malinen2015-08-231-0/+2
| | | | | | | | | | This new hostapd configuration parameter can be used to enable TLS session resumption. This commit adds the configuration parameter through the configuration system and RADIUS/EAPOL/EAP server components. The actual changes to enable session caching will be addressed in followup commits. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add testing option to override own WPA/RSN IE(s)Jouni Malinen2015-08-081-0/+18
| | | | | | | | This allows the new own_ie_override=<hexdump> configuration parameter to be used to replace the normally generated WPA/RSN IE(s) for testing purposes in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Mark config parameter name constJouni Malinen2015-07-211-5/+6
| | | | | | | | | The functions parsing configuration parameters do not modify the name of the parameter, so mark that function argument constant. In theory, the value should also be const, but at least for now, number of the parser functions end up modifying this to simplify parsing. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* hostapd: Extend the sounding and BF steering capabilitiesVivek Natarajan2015-07-171-0/+12
| | | | | | | Depending on the number of antennas, the txbf sounding and steering capabilites need to be extended. Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
* FST: hostapd configuration parametersAnton Nayshtut2015-07-161-0/+58
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* AP: Increase maximum value accepted for cwmin/cwmaxJouni Malinen2015-06-271-1/+3
| | | | | | | | The cwmin/cwmax parameters were limited more than is needed. Allow the full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for tx_queue_data?_{cwmin,cwmax}) to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove [MU-BEAMFORMEE] option from hostapd vht_capab parameterJouni Malinen2015-06-101-2/+0
| | | | | | | | The standard hardcodes the MU Beamformee Capable subfield is hardcoded to 0 when transmitting by an AP, so there is no need to provide a configuration parameter for setting this to one. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Extend hw_mode to support any band for offloaded ACS casePeng Xu2015-05-271-0/+2
| | | | | | | | | When device supports dual band operations with offloaded ACS, hw_mode can now be set to any band (hw_mode=any) in order to allow ACS to select the best channel from any band. After a channel is selected, the hw_mode is updated for hostapd. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Add support for 60 GHz bandHamad Kadmany2015-04-271-1/+3
| | | | | | | | Handling of WPS RF band for 60 GHz was missing. Add it in all relevant places and also map "AES" as the cipher to GCMP instead of CCMP when operating on the 60 GHz band. Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
* Make IPv6 NA multicast-to-unicast conversion configurableJouni Malinen2015-04-271-0/+2
| | | | | | | | | | | This can be used with Proxy ARP to allow multicast NAs to be forwarded to associated STAs using link layer unicast delivery. This used to be hardcoded to be enabled, but it is now disabled by default and can be enabled with na_mcast_to_ucast=1. This functionality may not be desired in all networks and most cases work without it, so the new default-to-disabled is more appropriate. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LENJouni Malinen2015-04-221-3/+3
| | | | | | This makes source code more consistent. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add WPS_DEV_NAME_MAX_LEN define and use it when comparing lengthJouni Malinen2015-04-221-1/+1
| | | | | | This make code easier to understand. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Error out if user configures SQLite DB without CONFIG_SQLITEBen Greear2015-03-281-0/+6
| | | | | | | This should make it more obvious to users that they have a fatal configuration problem in hostapd authentication server. Signed-off-by: Ben Greear <greearb@candelatech.com>
* Extend offloaded ACS QCA vendor command to support VHTManikandan Mohan2015-03-231-2/+23
| | | | | | | | Update ACS driver offload feature for VHT configuration. In addition, this allows the chanlist parameter to be used to specify which channels are included as options for the offloaded ACS case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add option to force a specific RADIUS client address to be usedJouni Malinen2015-03-011-0/+8
| | | | | | | | The new hostapd.conf parameter radius_client_addr can now be used to select a specific local IP address to be used as the RADIUS client address. Signed-off-by: Jouni Malinen <j@w1.fi>
* Allow RADIUS server address to be replacedJouni Malinen2015-02-281-0/+18
| | | | | | | | | | The new hostapd parameters auth_server_addr_replace and acct_server_addr_replace can now be used to replace the configured IP address instead of adding a new RADIUS server. This is mainly useful for testing purposes where the address can be changed over control interface during AP operation. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add helper function to clear and free wpa_psk listStefan Tomanek2015-02-211-5/+3
| | | | | | | | | | This change adds the function hostapd_config_clear_wpa_psk() that deletes an entire wpa_psk structure, making sure to follow the linked list and to free the allocated memory of each PSK node. This helps to prevent memory leaks when using PSKs from multiple sources and reconfiguring the AP during runtime. Signed-off-by: Stefan Tomanek <stefan.tomanek@wertarbyte.de>
* ACS: Allow specific channels to be preferredJouni Malinen2015-02-061-0/+48
| | | | | | | | | | | | | | | The new acs_chan_bias configuration parameter is a space-separated list of <channel>:<bias> pairs. It can be used to increase (or decrease) the likelihood of a specific channel to be selected by the ACS algorithm. The total interference factor for each channel gets multiplied by the specified bias value before finding the channel with the lowest value. In other words, values between 0.0 and 1.0 can be used to make a channel more likely to be picked while values larger than 1.0 make the specified channel less likely to be picked. This can be used, e.g., to prefer the commonly used 2.4 GHz band channels 1, 6, and 11 (which is the default behavior on 2.4 GHz band if no acs_chan_bias parameter is specified). Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Free old eap_user_file data on configuration changeJouni Malinen2015-01-291-2/+14
| | | | | | This fixes a memory leak if hostapd eap_user_file parameter is modified. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add Suite B 192-bit AKMJouni Malinen2015-01-261-1/+7
| | | | | | | WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into use as the key management method. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add vendor specific VHT extension for the 2.4 GHz bandYanbo Li2015-01-131-0/+2
| | | | | | | | | | | | This allows vendor specific information element to be used to advertise support for VHT on 2.4 GHz band. In practice, this is used to enable use of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band. This functionality is disabled by default, but can be enabled with vendor_vht=1 parameter in hostapd.conf if the driver advertises support for VHT on either 2.4 or 5 GHz bands. Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
* RRM: Add AP mode minimal advertisement support for testingJouni Malinen2014-12-121-0/+2
| | | | | | | | | | The new hostapd.conf radio_measurements parameter can now be used to configure a test build to advertise support for radio measurements with neighbor report enabled. There is no real functionality that would actually process the request, i.e., this only for the purpose of minimal STA side testing for now. Signed-off-by: Jouni Malinen <j@w1.fi>
* ERP: Add support for ERP on EAP server and authenticatorJouni Malinen2014-12-041-0/+2
| | | | | | | | | | | | | Derive rRK and rIK on EAP server if ERP is enabled and use these keys to allow EAP re-authentication to be used and to derive rMSK. The new hostapd configuration parameter eap_server_erp=1 can now be used to configure the integrated EAP server to derive EMSK, rRK, and rIK at the successful completion of an EAP authentication method. This functionality is not included in the default build and can be enabled with CONFIG_ERP=y. Signed-off-by: Jouni Malinen <j@w1.fi>
* ERP: Add optional EAP-Initiate/Re-auth-Start transmissionJouni Malinen2014-12-041-0/+5
| | | | | | | | | hostapd can now be configured to transmit EAP-Initiate/Re-auth-Start before EAP-Request/Identity to try to initiate ERP. This is disabled by default and can be enabled with erp_send_reauth_start=1 and optional erp_reauth_start_domain=<domain>. Signed-off-by: Jouni Malinen <j@w1.fi>
* Add hostapd driver_params config parameterJouni Malinen2014-11-291-0/+3
| | | | | | | This is mainly for development testing purposes to allow driver_nl80211 behavior to be modified. Signed-off-by: Jouni Malinen <j@w1.fi>
* Remove forgotten driver_test.c variablesJouni Malinen2014-11-291-3/+0
| | | | | | | hostapd was still providing couple of parameters that were used only in the already removed driver_test.c framework. Signed-off-by: Jouni Malinen <j@w1.fi>
* hostapd: Add wowlan_triggers config paramDmitry Shmidt2014-11-161-0/+3
| | | | | | | | | | New kernels in wiphy_suspend() will call cfg80211_leave_all() that will eventually end up in cfg80211_stop_ap() unless wowlan_triggers were set. For now, use the parameters from the station mode as-is. It may be desirable to extend (or constraint) this in the future for specific AP mode needs. Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>