path: root/wpa_supplicant/config.h
Commit message (Collapse)AuthorAgeFilesLines
* SAE: Add sae_pwe configuration parameter for wpa_supplicantJouni Malinen2019-10-151-0/+8
| | | | | | | | This parameter can be used to specify which PWE derivation mechanism(s) is enabled. This commit is only introducing the new parameter; actual use of it will be address in separate commits. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* DPP: Allow name and mudurl to be configured for Config RequestJouni Malinen2019-09-181-0/+10
| | | | | | | | | | | The new hostapd and wpa_supplicant configuration parameters dpp_name and dpp_mud_url can now be used to set a specific name and MUD URL for the Enrollee to use in the Configuration Request. dpp_name replaces the previously hardcoded "Test" string (which is still the default if an explicit configuration entry is not included). dpp_mud_url can optionally be used to add a MUD URL to describe the Enrollee device. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* SAE: Allow PMKID to be added into Association Request frame following SAEJouni Malinen2019-08-141-0/+5
| | | | | | | | | | | IEEE Std 802.11-2016 does not require this behavior from a SAE STA, but it is not disallowed either, so it is useful to have an option to identify the derived PMKSA in the immediately following Association Request frames. This is disabled by default (i.e., no change to previous behavior) and can be enabled with a global wpa_supplicant configuration parameter sae_pmkid_in_assoc=1. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Provide option to disable/enable BTM support in STAAnkita Bajaj2019-06-141-0/+10
| | | | | | | Add support to disable/enable BTM support using configuration and wpa_cli command. This is useful mainly for testing purposes. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WPS: Allow SAE configuration to be added automatically for PSKJouni Malinen2019-03-061-0/+10
| | | | | | | | | | The new wpa_supplicant configuration parameter wps_cred_add_sae=1 can be used to request wpa_supplicant to add SAE configuration whenever WPS is used to provision WPA2-PSK credentials and the credential includes a passphrase (instead of PSK). This can be used to enable WPA3-Personal transition mode with both SAE and PSK enabled and also with PMF enabled. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* P2P: support random interface addressJimmy Chen2019-01-121-0/+10
| | | | | | | | | | To enhance privacy, generate a random interface for each group. There are two configurations are introduced: * p2p_interface_random_mac_addr enable interface random MAC address feature, default disable. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Support random device addressJimmy Chen2019-01-121-0/+19
| | | | | | | | | | | | | | | To enhance privacy, generate a random device address for P2P interface. If there is no saved persistent group, it generate a new random MAC address on bringing up p2p0. If there is saved persistent group, it will use last MAC address to avoid breaking group reinvoke behavior. There are two configurations are introduced: * p2p_device_random_mac_addr enable device random MAC address feature, default disable. * p2p_device_persistent_mac_addr store last used random MAC address. Signed-off-by: Jimmy Chen <jimmycmchen@google.com>
* P2P: Add 802.11ax support for P2P GOPeng Xu2019-01-121-0/+10
| | | | | | | | An optional parameter "he" is added to p2p_connect, p2p_group_add, and p2p_invite to enable 11ax HE support. The new p2p_go_he=1 configuration parameter can be used to request this to be enabled by default. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* WNM: Collocated Interference ReportingJouni Malinen2018-10-301-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for negotiating WNM Collocated Interference Reporting. This allows hostapd to request associated STAs to report their collocated interference information and wpa_supplicant to process such request and reporting. The actual values (Collocated Interference Report Elements) are out of scope of hostapd and wpa_supplicant, i.e., external components are expected to generated and process these. For hostapd/AP, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration. STAs are requested to perform reporting with "COLOC_INTF_REQ <addr> <Automatic Report Enabled> <Report Timeout>" control interface command. The received reports are indicated as control interface events "COLOC-INTF-REPORT <addr> <dialog token> <hexdump of report elements>". For wpa_supplicant/STA, this mechanism is enabled by setting coloc_intf_reporting=1 in configuration and setting Collocated Interference Report Elements as a hexdump with "SET coloc_intf_elems <hexdump>" control interface command. The hexdump can contain one or more Collocated Interference Report Elements (each including the information element header). For additional testing purposes, received requests are reported with "COLOC-INTF-REQ <dialog token> <automatic report enabled> <report timeout>" control interface events and unsolicited reports can be sent with "COLOC_INTF_REPORT <hexdump>". This commit adds support for reporting changes in the collocated interference (Automatic Report Enabled == 1 and partial 3), but not for periodic reports (2 and other part of 3). Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Add a new cred block parameter roaming_consortiumsJouni Malinen2018-04-171-0/+25
| | | | | | | | | | This new string parameter contains a comma delimited list of OIs (hexdump) in a string. This is used to store Hotspot 2.0 PerProviderSubscription/<X+>/HomeSP/RoamingConsortiumOI. This commit includes the configuration changes to parse and write the parameter. The actual values are not yet used in Interworking network selection. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* HS 2.0: Document credential parameter required_roaming_consortiumJouni Malinen2018-04-171-0/+11
| | | | Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
* Fix a typo in disassoc_low_ack documentationJouni Malinen2018-02-171-1/+1
| | | | Signed-off-by: Jouni Malinen <j@w1.fi>
* Add ap_isolate configuration option for wpa_supplicant AP modeDanilo Ravotto2018-02-171-0/+15
| | | | | | | Allow client isolation to be configured with ap_isolate inside wpa_supplicant configuration file. Signed-off-by: Danilo Ravotto <danilo.ravotto@zirak.it>
* P2P: Allow GO to advertise Interworking elementSunil Dutt2017-10-051-0/+28
| | | | | | | | | This adds new wpa_supplicant configuration parameters (go_interworking, go_access_network_type, go_internet, go_venue_group, go_venue_type) to add a possibility of configuring the P2P GO to advertise Interworking element. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Support dynamic update of wowlan_triggersLior David2017-09-131-0/+1
| | | | | | | Previously, wowlan_triggers were updated in kernel only during startup. Also update it whenever it is set from the control interface. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* STA: Add OCE capability indication attributeAshwini Patil2017-07-141-0/+8
| | | | | | | Add OCE capability indication attribute in Probe Request and (Re)Association Request frames. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Whitespace cleanupJouni Malinen2017-07-041-1/+1
| | | | | | Fix couple of previously missed whitespace issues. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* DPP: Automatic network profile creationJouni Malinen2017-06-211-0/+15
| | | | | | | | | | | | | | | | | wpa_supplicant can now be configured to generate a network profile automatically based on DPP configuration. The following dpp_config_processing values can be used to specify the behavior: 0 = report received configuration to an external program for processing; do not generate any network profile internally (default) 1 = report received configuration to an external program and generate a network profile internally, but do not automatically connect to the created (disabled) profile; the network profile id is reported to external programs 2 = report received configuration to an external program, generate a network profile internally, try to connect to the created profile automatically Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* WPS: Add option for using random UUIDJouni Malinen2017-04-131-0/+7
| | | | | | | | | | | If the uuid configuration parameter is not set, wpa_supplicant generates an UUID automatically to allow WPS operations to proceed. This was previously always using an UUID generated from the MAC address. This commit adds an option to use a random UUID instead. The type of the automatically generated UUID is set with the auto_uuid parameter: 0 = based on MAC address (default; old behavior), 1 = random UUID. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* nl80211: Add option to delay start of schedule scan plansPurushottam Kushwaha2017-03-091-0/+9
| | | | | | | | | | | | The userspace may want to delay the the first scheduled scan. This enhances sched_scan to add initial delay (in seconds) before starting first scan cycle. The driver may optionally choose to ignore this parameter and start immediately (or at any other time). This uses NL80211_ATTR_SCHED_SCAN_DELAY to add this via user global configurable option: sched_scan_start_delay. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Add support for transition reject reason codeKanchanapally, Vidyullatha2017-03-061-0/+7
| | | | | | | | | | Add support for rejecting a BSS transition request using MBO reject reason codes. A candidate is selected or rejected based on whether it is found acceptable by both wpa_supplicant and the driver. Also accept any candidate meeting a certain threshold if disassoc imminent is set in BTM Request frame. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* GAS: Add support to randomize transmitter addressVamsi Krishna2017-02-071-0/+15
| | | | | | | | | | | | | | | | | Add support to send GAS requests with a randomized transmitter address if supported by the driver. The following control interface commands (and matching configuration file parameters) can be used to configure different types of randomization: "SET gas_rand_mac_addr 0" to disable randomizing TX MAC address, "SET gas_rand_mac_addr 1" to randomize the complete TX MAC address, "SET gas_rand_mac_addr 2" to randomize the TX MAC address except for OUI. A new random MAC address will be generated for every gas_rand_addr_lifetime seconds and this can be configured with "SET gas_rand_addr_lifetime <timeout>". Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Allow FTM functionality to be publishedLior David2016-09-051-0/+26
| | | | | | | | | | | | Add configuration options that control publishing of fine timing measurement (FTM) responder and initiator functionality via bits 70, 71 of Extended Capabilities element. Typically, FTM functionality is controlled by a location framework outside wpa_supplicant. When framework is activated, it will use wpa_supplicant to configure the STA/AP to publish the FTM functionality. See IEEE P802.11-REVmc/D7.0, Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
* wpa_supplicant: Make GAS Address3 field selection behavior configurableJouni Malinen2016-06-101-0/+10
| | | | | | | | | | | | | | | | | | | | IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies that the wildcard BSSID value is used in Public Action frames that are transmitted to a STA that is not a member of the same BSS. wpa_supplicant used to use the actual BSSID value for all such frames regardless of whether the destination STA is a member of the BSS. P2P does not follow this rule, so P2P Public Action frame construction must not be changed. However, the cases using GAS/ANQP for non-P2P purposes should follow the standard requirements. Unfortunately, there are deployed AP implementations that do not reply to a GAS request sent using the wildcard BSSID value. The previously used behavior (Address3 = AP BSSID even when not associated) continues to be the default, but the IEEE 802.11 standard compliant addressing behavior can now be configured with gas_address3=1. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Ignore pmf=1/2 parameter for non-RSN networksJouni Malinen2016-05-051-1/+2
| | | | | | | | | PMF is available only with RSN and pmf=2 could have prevented open network connections. Change the global wpa_supplicant pmf parameter to be interpreted as applying only to RSN cases to allow it to be used with open networks. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* MBO: Add cellular capability to MBO IEDavid Spinadel2016-02-221-0/+6
| | | | | | | | Add cellular capability attribute to MBO IE and add MBO IE with cellular capabilities to Probe Request frames. By default, cellular capability value is set to Not Cellular capable (3). Signed-off-by: David Spinadel <david.spinadel@intel.com>
* MBO: Add non-preferred channel configuration in wpa_supplicantDavid Spinadel2016-02-211-0/+10
| | | | | | Add non-preferred channel configuration to wpa_config for MBO. Signed-off-by: David Spinadel <david.spinadel@intel.com>
* Allow sched_scan_plans to be updated at runtimeJouni Malinen2015-11-301-0/+1
| | | | | | | | This allows the control interface SET command to be used to update the sched_scan_plans parameter at runtime. In addition, an empty string can be used to clear the previously configured plan. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add support for configuring scheduled scan plansAvraham Stern2015-11-301-0/+11
| | | | | | | | | | | | Add the option to configure scheduled scan plans in the config file. Each scan plan specifies the interval between scans and the number of scan iterations. The last plan will run infinitely and thus specifies only the interval between scan iterations. usage: sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval> Signed-off-by: Avraham Stern <avraham.stern@intel.com>
* wpa_supplicant: Add GTK RSC relaxation workaroundMax Stepanov2015-11-011-0/+11
| | | | | | | | | | | | | | | | | | | | | | Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte order (or by some other corrupted way). Thus, after a successful EAPOL-Key exchange the TSC values of received multicast packets, such as DHCP, don't match the RSC one and as a result these packets are dropped on replay attack TSC verification. An example of such AP is Sapido RB-1732. Work around this by setting RSC octets to 0 on GTK installation if the AP RSC value is identified as a potentially having the byte order issue. This may open a short window during which older (but valid) group-addressed frames could be replayed. However, the local receive counter will be updated on the first received group-addressed frame and the workaround is enabled only if the common invalid cases are detected, so this workaround is acceptable as not decreasing security significantly. The wpa_rsc_relaxation global configuration property allows the GTK RSC workaround to be disabled if it's not needed. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
* dbus: Expose interface globals via D-Bus propertiesDan Williams2015-10-281-0/+3
| | | | | | | All interface globals are now exposed as D-Bus properties of type string, and parsed via the normal interface global parsing functions. Signed-off-by: Dan Williams <dcbw@redhat.com>
* P2P: Implement P2P_GO_FREQ_MOVE_SCM_ECSA policyAndrei Otcheretianski2015-10-031-1/+6
| | | | | | | | Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers SCM if all the clients advertise eCSA support and the candidate frequency is one of the group common frequencies. Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
* Make it clearer that ap_scan=2 mode should not be used with nl80211Jouni Malinen2015-09-041-0/+5
| | | | | | | Add more details into configuration comments and a runtime info message if ap_scan=2 is used with the nl80211 driver interface. Signed-off-by: Jouni Malinen <j@w1.fi>
* P2P: Move a GO from its operating frequencyIlan Peer2015-08-031-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | Upon any change in the currently used channels evaluate if a GO should move to a different operating frequency, where the possible scenarios: 1. The frequency that the GO is currently using is no longer valid, due to regulatory reasons, and thus the GO must be moved to some other frequency. 2. Due to Multi Concurrent Channel (MCC) policy considerations, it would be preferable, based on configuration settings, to prefer Same Channel Mode (SCM) over concurrent operation in multiple channels. The supported policies: - prefer SCM: prefer moving the GO to a frequency used by some other interface. - prefer SCM if Peer supports: prefer moving the GO to a frequency used by some other station interface iff the other station interface is using a frequency that is common between the local and the peer device (based on the GO Negotiation/Invitation signaling). - Stay on the current frequency. Currently, the GO transition to another frequency is handled by a complete tear down and re-setup of the GO. Still need to add CSA flow to the considerations. Signed-off-by: Ilan Peer <ilan.peer@intel.com>
* mesh: Fix mesh SAE auth on low spec devicesMasashi Honma2015-08-021-0/+14
| | | | | | | | | | | | | | | | | | | | | | | | | The mesh SAE auth often fails with master branch. By bisect I found commit eb5fee0bf50444419ac12d3c7f38f27a47523a47 ('SAE: Add side-channel protection to PWE derivation with ECC') causes this issue. This does not mean the commit has a bug. This is just a CPU resource issue. After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So auth_sae_retransmit_timer() is always called and it can causes continuous frame exchanges. Before the commit, it was 23(msec). On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod is defined as 40(msec). But it looks short because generally mesh functionality will be used on low spec devices. Indeed Raspberry Pi B+ (ARM ARM1176JZF-S 700MHz) requires 287(msec) for new sae_derive_pwe_ecc(). So this patch makes the default to 1000(msec) and makes it configurable. This issue does not occur on infrastructure SAE because the dot11RSNASAERetransPeriod is not used on it. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* FST: wpa_supplicant configuration parametersAnton Nayshtut2015-07-161-0/+16
| | | | Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2PS: Enable Probe Request frame processing by P2P ClientMax Stepanov2015-06-141-0/+12
| | | | | | | | | | | | | | | | 1. Add global p2p_cli_probe property to enable/disable Probe Request frame RX reporting for connected P2P Clients. The property can be set to 0 - disable or 1 - enable. The default value is 0. 2. Enable Probe Request frame RX reporting for P2P Client on WPA_COMPLETED state if p2p_cli_probe property is set to 1. Disable it when an interface state is changing to any other state. 3. Don't cancel Probe Request frame RX reporting on wpa_stop_listen for a connected P2P Client handling Probe Request frames. Signed-off-by: Max Stepanov <Max.Stepanov@intel.com> Reviewed-by: Ilan Peer <ilan.peer@intel.com>
* WPS: Allow the priority for the WPS networks to be configuredSunil Dutt2015-06-041-0/+8
| | | | | | | This commit adds a configurable parameter (wps_priority) to specify the priority for the networks derived through WPS connection. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Replace MAX_SSID_LEN with SSID_MAX_LENJouni Malinen2015-04-221-1/+2
| | | | | | | | This makes source code more consistent. The use within Android driver interface is left as-is to avoid changes in the old PNO interface definition. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* P2P: Allow configuring CTWindow when working as GOEliad Peller2015-02-211-0/+9
| | | | | | | | | Read p2p_go_ctwindow (0-127 TUs) from the config file, and pass it to the driver on GO start. Use p2p_go_ctwindow=0 (no CTWindow) by default. Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
* Add optional reassoc-to-same-BSS optimizationJouni Malinen2015-02-191-0/+5
| | | | | | | | | | The new reassoc_same_bss_optim=1 configuration parameter can now be used to request wpa_supplicant to bypass the unnecessary Authentication frame exchange when reassociating back to the same BSS with which the device is already associated. This functionality is disabled by default since it may cause undesired interoperability issues with some APs. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* Add control interface commands for fetching wpa_config valuesOla Olsson2015-02-081-0/+5
| | | | | | | The new "DUMP" and "SET <variable>" control interface commands can be used to fetch global wpa_supplicant configuration parameters. Signed-off-by: Ola Olsson <ola.olsson@sonymobile.com>
* Add passive_scan configuration parameterJouni Malinen2015-01-221-0/+12
| | | | | | | | | | This new wpa_supplicant configuration parameter can be used to force passive scanning to be used for most scanning cases at the cost of increased latency and less reliably scans. This may be of use for both testing purposes and somewhat increased privacy due to no Probe Request frames with fixed MAC address being sent out. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* mesh: Make inactivity timer configurableMasashi Honma2015-01-191-0/+9
| | | | | | | | | | | Current mesh code uses ap_max_inactivity as inactivity timer. This patch makes it configurable. There is another mesh inactivity timer in mac80211. The timer works even if user_mpm=1. So this patch sets the max value to the timer for workaround. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* Include peer certificate always in EAP eventsJouni Malinen2015-01-141-0/+9
| | | | | | | | | | | | | | | | This makes it easier for upper layer applications to get information regarding the server certificate without having to use a special certificate probing connection. This provides both the SHA256 hash of the certificate (to be used with ca_cert="hash://server/sha256/<hash>", if desired) and the full DER encoded X.509 certificate so that upper layer applications can parse and display the certificate easily or extract fields from it for purposes like configuring an altsubject_match or domain_suffix_match. The old behavior can be configured by adding cert_in_cb=0 to wpa_supplicant configuration file. Signed-off-by: Jouni Malinen <j@w1.fi>
* Fix a typo in domain_suffix_match documentationJouni Malinen2015-01-101-1/+1
| | | | | | Spell SubjectName correctly. Signed-off-by: Jouni Malinen <j@w1.fi>
* mesh: Make maximum number of peer links configurableMasashi Honma2014-12-211-0/+8
| | | | | | | | Maximum number of peer links is maximum number of connecting mesh peers at the same time. This value is 0..255 based on the dot11MeshNumberOfPeerings range. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
* mesh: Add user_mpm config optionThomas Pedersen2014-10-251-0/+11
| | | | | | | | | | Add user_mpm config parameter, when this is set to 1 (the default) the peer link management is done on userspace, otherwise the peer management will be done by the kernel. Signed-off-by: Javier Lopez <jlopex@gmail.com> Signed-off-by: Jason Mobarak <x@jason.mobarak.name> Signed-off-by: Thomas Pedersen <thomas@noack.us>
* Add support for offloading key management operations to the driverChet Lanctot2014-10-231-0/+12
| | | | | | | | | This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
* wpa_supplicant: Allow OpenSSL cipherlist string to be configuredJouni Malinen2014-10-121-0/+9
| | | | | | | | | | | The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>