aboutsummaryrefslogtreecommitdiffstats
path: root/doc/ctrl_iface.doxygen
blob: 7dccdc797ef334b0d6fd1c00a2c79d8f4b3de79d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
/**
\page ctrl_iface_page wpa_supplicant control interface

wpa_supplicant implements a control interface that can be used by
external programs to control the operations of the wpa_supplicant
daemon and to get status information and event notifications. There is
a small C library, in a form of a single C file, \ref wpa_ctrl.c, that
provides helper functions to facilitate the use of the control
interface. External programs can link this file into them and then use
the library functions documented in \ref wpa_ctrl.h to interact with
wpa_supplicant. This library can also be used with C++. \ref wpa_cli.c and
wpa_gui are example programs using this library.

There are multiple mechanisms for inter-process communication. For
example, Linux version of wpa_supplicant is using UNIX domain sockets
for the control interface and Windows version UDP sockets. The use of
the functions defined in \ref wpa_ctrl.h can be used to hide the details of
the used IPC from external programs.


\section using_ctrl_iface Using the control interface

External programs, e.g., a GUI or a configuration utility, that need to
communicate with wpa_supplicant should link in \ref wpa_ctrl.c. This
allows them to use helper functions to open connection to the control
interface with \ref wpa_ctrl_open() and to send commands with
\ref wpa_ctrl_request().

wpa_supplicant uses the control interface for two types of communication:
commands and unsolicited event messages. Commands are a pair of
messages, a request from the external program and a response from
wpa_supplicant. These can be executed using \ref wpa_ctrl_request().
Unsolicited event messages are sent by wpa_supplicant to the control
interface connection without specific request from the external program
for receiving each message. However, the external program needs to
attach to the control interface with \ref wpa_ctrl_attach() to receive these
unsolicited messages.

If the control interface connection is used both for commands and
unsolicited event messages, there is potential for receiving an
unsolicited message between the command request and response.
\ref wpa_ctrl_request() caller will need to supply a callback, msg_cb,
for processing these messages. Often it is easier to open two
control interface connections by calling \ref wpa_ctrl_open() twice and
then use one of the connections for commands and the other one for
unsolicited messages. This way command request/response pairs will
not be broken by unsolicited messages. wpa_cli is an example of how
to use only one connection for both purposes and wpa_gui demonstrates
how to use two separate connections.

Once the control interface connection is not needed anymore, it should
be closed by calling \ref wpa_ctrl_close(). If the connection was used for
unsolicited event messages, it should be first detached by calling
\ref wpa_ctrl_detach().


\section ctrl_iface_cmds Control interface commands

Following commands can be used with \ref wpa_ctrl_request():

\subsection ctrl_iface_PING PING

This command can be used to test whether wpa_supplicant is replying
to the control interface commands. The expected reply is \c PONG if the
connection is open and wpa_supplicant is processing commands.


\subsection ctrl_iface_MIB MIB

Request a list of MIB variables (dot1x, dot11). The output is a text
block with each line in \c variable=value format. For example:

\verbatim
dot11RSNAOptionImplemented=TRUE
dot11RSNAPreauthenticationImplemented=TRUE
dot11RSNAEnabled=FALSE
dot11RSNAPreauthenticationEnabled=FALSE
dot11RSNAConfigVersion=1
dot11RSNAConfigPairwiseKeysSupported=5
dot11RSNAConfigGroupCipherSize=128
dot11RSNAConfigPMKLifetime=43200
dot11RSNAConfigPMKReauthThreshold=70
dot11RSNAConfigNumberOfPTKSAReplayCounters=1
dot11RSNAConfigSATimeout=60
dot11RSNAAuthenticationSuiteSelected=00-50-f2-2
dot11RSNAPairwiseCipherSelected=00-50-f2-4
dot11RSNAGroupCipherSelected=00-50-f2-4
dot11RSNAPMKIDUsed=
dot11RSNAAuthenticationSuiteRequested=00-50-f2-2
dot11RSNAPairwiseCipherRequested=00-50-f2-4
dot11RSNAGroupCipherRequested=00-50-f2-4
dot11RSNAConfigNumberOfGTKSAReplayCounters=0
dot11RSNA4WayHandshakeFailures=0
dot1xSuppPaeState=5
dot1xSuppHeldPeriod=60
dot1xSuppAuthPeriod=30
dot1xSuppStartPeriod=30
dot1xSuppMaxStart=3
dot1xSuppSuppControlledPortStatus=Authorized
dot1xSuppBackendPaeState=2
dot1xSuppEapolFramesRx=0
dot1xSuppEapolFramesTx=440
dot1xSuppEapolStartFramesTx=2
dot1xSuppEapolLogoffFramesTx=0
dot1xSuppEapolRespFramesTx=0
dot1xSuppEapolReqIdFramesRx=0
dot1xSuppEapolReqFramesRx=0
dot1xSuppInvalidEapolFramesRx=0
dot1xSuppEapLengthErrorFramesRx=0
dot1xSuppLastEapolFrameVersion=0
dot1xSuppLastEapolFrameSource=00:00:00:00:00:00
\endverbatim


\subsection ctrl_iface_STATUS STATUS

Request current WPA/EAPOL/EAP status information. The output is a text
block with each line in \c variable=value format. For example:

\verbatim
bssid=02:00:01:02:03:04
ssid=test network
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
ip_address=192.168.1.21
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
EAP state=SUCCESS
\endverbatim


\subsection ctrl_iface_STATUS-VERBOSE STATUS-VERBOSE

Same as STATUS, but with more verbosity (i.e., more \c variable=value pairs).

\verbatim
bssid=02:00:01:02:03:04
ssid=test network
id=0
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA-PSK
wpa_state=COMPLETED
ip_address=192.168.1.21
Supplicant PAE state=AUTHENTICATED
suppPortStatus=Authorized
heldPeriod=60
authPeriod=30
startPeriod=30
maxStart=3
portControl=Auto
Supplicant Backend state=IDLE
EAP state=SUCCESS
reqMethod=0
methodState=NONE
decision=COND_SUCC
ClientTimeout=60
\endverbatim


\subsection ctrl_iface_PMKSA PMKSA

Show PMKSA cache

\verbatim
Index / AA / PMKID / expiration (in seconds) / opportunistic
1 / 02:00:01:02:03:04 / 000102030405060708090a0b0c0d0e0f / 41362 / 0
2 / 02:00:01:33:55:77 / 928389281928383b34afb34ba4212345 / 362 / 1
\endverbatim


\subsection ctrl_iface_SET SET <variable> <value>

Set variables:
- EAPOL::heldPeriod
- EAPOL::authPeriod
- EAPOL::startPeriod
- EAPOL::maxStart
- dot11RSNAConfigPMKLifetime
- dot11RSNAConfigPMKReauthThreshold
- dot11RSNAConfigSATimeout

Example command:
\verbatim
SET EAPOL::heldPeriod 45
\endverbatim


\subsection ctrl_iface_LOGON LOGON

IEEE 802.1X EAPOL state machine logon.


\subsection ctrl_iface_LOGOFF LOGOFF

IEEE 802.1X EAPOL state machine logoff.


\subsection ctrl_iface_REASSOCIATE REASSOCIATE

Force reassociation.


\subsection ctrl_iface_RECONNECT RECONNECT

Connect if disconnected (i.e., like \c REASSOCIATE, but only connect
if in disconnected state).


\subsection ctrl_iface_PREAUTH PREAUTH <BSSID>

Start pre-authentication with the given BSSID.


\subsection ctrl_iface_ATTACH ATTACH

Attach the connection as a monitor for unsolicited events. This can
be done with \ref wpa_ctrl_attach().


\subsection ctrl_iface_DETACH DETACH

Detach the connection as a monitor for unsolicited events. This can
be done with \ref wpa_ctrl_detach().


\subsection ctrl_iface_LEVEL LEVEL <debug level>

Change debug level.


\subsection ctrl_iface_RECONFIGURE RECONFIGURE

Force wpa_supplicant to re-read its configuration data.


\subsection ctrl_iface_TERMINATE TERMINATE

Terminate wpa_supplicant process.


\subsection ctrl_iface_BSSID BSSID <network id> <BSSID>

Set preferred BSSID for a network. Network id can be received from the
\c LIST_NETWORKS command output.


\subsection ctrl_iface_LIST_NETWORKS LIST_NETWORKS

List configured networks.

\verbatim
network id / ssid / bssid / flags
0	example network	any	[CURRENT]
\endverbatim

(note: fields are separated with tabs)


\subsection ctrl_iface_DISCONNECT DISCONNECT

Disconnect and wait for \c REASSOCIATE or \c RECONNECT command before
connecting.


\subsection ctrl_iface_SCAN SCAN

Request a new BSS scan.


\subsection ctrl_iface_SCAN_RESULTS SCAN_RESULTS

Get the latest scan results.

\verbatim
bssid / frequency / signal level / flags / ssid
00:09:5b:95:e0:4e	2412	208	[WPA-PSK-CCMP]	jkm private
02:55:24:33:77:a3	2462	187	[WPA-PSK-TKIP]	testing
00:09:5b:95:e0:4f	2412	209		jkm guest
\endverbatim

(note: fields are separated with tabs)


\subsection ctrl_iface_BSS BSS

Get detailed per-BSS scan results. \c BSS command can be used to
iterate through scan results one BSS at a time and to fetch all
information from the found BSSes. This provides access to the same
data that is available through \c SCAN_RESULTS but in a way that
avoids problems with large number of scan results not fitting in the
ctrl_iface messages.

There are two options for selecting the BSS with the \c BSS command:
"BSS <idx>" requests information for the BSS identified by the index
(0 .. size-1) in the scan results table and "BSS <BSSID>" requests
information for the given BSS (based on BSSID in 00:01:02:03:04:05
format).

BSS information is presented in following format. Please note that new
fields may be added to this field=value data, so the ctrl_iface user
should be prepared to ignore values it does not understand.

\verbatim
bssid=00:09:5b:95:e0:4e
freq=2412
beacon_int=0
capabilities=0x0011
qual=51
noise=161
level=212
tsf=0000000000000000
ie=000b6a6b6d2070726976617465010180dd180050f20101000050f20401000050f20401000050f2020000
ssid=jkm private
\endverbatim



\subsection ctrl_iface_SELECT_NETWORK SELECT_NETWORK <network id>

Select a network (disable others). Network id can be received from the
\c LIST_NETWORKS command output.


\subsection ctrl_iface_ENABLE_NETWORK ENABLE_NETWORK <network id>

Enable a network. Network id can be received from the
\c LIST_NETWORKS command output. Special network id \c all can be
used to enable all network.


\subsection ctrl_iface_DISABLE_NETWORK DISABLE_NETWORK <network id>

Disable a network. Network id can be received from the
\c LIST_NETWORKS command output. Special network id \c all can be
used to disable all network.


\subsection ctrl_iface_ADD_NETWORK ADD_NETWORK

Add a new network. This command creates a new network with empty
configuration. The new network is disabled and once it has been
configured it can be enabled with \c ENABLE_NETWORK command. \c ADD_NETWORK
returns the network id of the new network or FAIL on failure.


\subsection ctrl_iface_REMOVE_NETWORK REMOVE_NETWORK <network id>

Remove a network. Network id can be received from the
\c LIST_NETWORKS command output. Special network id \c all can be
used to remove all network.


\subsection ctrl_iface_SET_NETWORK SET_NETWORK <network id> <variable> <value>

Set network variables. Network id can be received from the
\c LIST_NETWORKS command output.

This command uses the same variables and data formats as the
configuration file. See example wpa_supplicant.conf for more details.

- ssid (network name, SSID)
- psk (WPA passphrase or pre-shared key)
- key_mgmt (key management protocol)
- identity (EAP identity)
- password (EAP password)
- ...


\subsection ctrl_iface_GET_NETWORK GET_NETWORK <network id> <variable>

Get network variables. Network id can be received from the
\c LIST_NETWORKS command output.


\subsection ctrl_iface_SAVE_CONFIG SAVE_CONFIG

Save the current configuration.


\subsection ctrl_iface_P2P_FIND P2P_FIND

Start P2P device discovery. Optional parameter can be used to specify
the duration for the discovery in seconds (e.g., "P2P_FIND 5"). If the
duration is not specified, discovery will be started for indefinite
time, i.e., until it is terminated by P2P_STOP_FIND or P2P_CONNECT (to
start group formation with a discovered peer).

The default search type is to first run a full scan of all channels
and then continue scanning only social channels (1, 6, 11). This
behavior can be changed by specifying a different search type: social
(e.g., "P2P_FIND 5 type=social") will skip the initial full scan and
only search social channels; progressive (e.g., "P2P_FIND
type=progressive") starts with a full scan and then searches
progressively through all channels one channel at the time with the
social channel scans. Progressive device discovery can be used to find
new groups (and groups that were not found during the initial scan,
e.g., due to the GO being asleep) over time without adding
considerable extra delay for every Search state round.


\subsection ctrl_iface_P2P_STOP_FIND P2P_STOP_FIND

Stop ongoing P2P device discovery or other operation (connect, listen
mode).


\subsection ctrl_iface_P2P_CONNECT P2P_CONNECT

Start P2P group formation with a discovered P2P peer. This includes
group owner negotiation, group interface setup, provisioning, and
establishing data connection.

P2P_CONNECT <peer device address> <pbc|pin|PIN#>
[label|display|keypad] [persistent] [join|auth] [go_intent=<0..15>]

Start P2P group formation with a discovered P2P peer. This includes
optional group owner negotiation, group interface setup, provisioning,
and establishing data connection.

The <pbc|pin|PIN#> parameter specifies the WPS provisioning
method. "pbc" string starts pushbutton method, "pin" string start PIN
method using an automatically generated PIN (which will be returned as
the command return code), PIN# means that a pre-selected PIN can be
used (e.g., 12345670). [label|display|keypad] is used with PIN method
to specify which PIN is used (label=PIN from local label,
display=dynamically generated random PIN from local display,
keypad=PIN entered from peer device label or display). "persistent"
parameter can be used to request a persistent group to be formed.

"join" indicates that this is a command to join an existing group as a
client. It skips the GO Negotiation part.

"auth" indicates that the WPS parameters are authorized for the peer
device without actually starting GO Negotiation (i.e., the peer is
expected to initiate GO Negotiation). This is mainly for testing
purposes.

The optional "go_intent" parameter can be used to override the default
GO Intent value.


\subsection ctrl_iface_P2P_LISTEN P2P_LISTEN

Start Listen-only state. Optional parameter can be used to specify the
duration for the Listen operation in seconds. This command may not
be of that much use during normal operations and is mainly designed
for testing. It can also be used to keep the device discoverable
without having to maintain a group.


\subsection ctrl_iface_P2P_GROUP_REMOVE P2P_GROUP_REMOVE

Terminate a P2P group. If a new virtual network interface was used for
the group, it will also be removed. The network interface name of the
group interface is used as a parameter for this command.


\subsection ctrl_iface_P2P_GROUP_ADD P2P_GROUP_ADD

Set up a P2P group owner manually (i.e., without group owner
negotiation with a specific peer). This is also known as autonomous
GO. Optional persistent=<network id> can be used to specify restart of
a persistent group.


\subsection ctrl_iface_P2P_PROV_DISC P2P_PROV_DISC

Send P2P provision discovery request to the specified peer. The
parameters for this command are the P2P device address of the peer and
the desired configuration method. For example, "P2P_PROV_DISC
02:01:02:03:04:05 display" would request the peer to display a PIN for
us and "P2P_PROV_DISC 02:01:02:03:04:05 keypad" would request the peer
to enter a PIN that we display.


\subsection ctrl_iface_P2P_GET_PASSPHRASE P2P_GET_PASSPHRASE

Get the passphrase for a group (only available when acting as a GO).


\subsection ctrl_iface_P2P_SERV_DISC_REQ P2P_SERV_DISC_REQ

Schedule a P2P service discovery request. The parameters for this
command are the device address of the peer device (or 00:00:00:00:00:00
for wildcard query that is sent to every discovered P2P peer that
supports service discovery) and P2P Service Query TLV(s) as hexdump.
For example, "P2P_SERV_DISC_REQ 00:00:00:00:00:00 02000001" schedules
a request for listing all supported service discovery protocols and
requests this to be sent to all discovered peers. The pending requests
are sent during device discovery (see \ref ctrl_iface_P2P_FIND).

This command returns an identifier for the pending query (e.g.,
"1f77628") that can be used to cancel the request. Directed requests
will be automatically removed when the specified peer has replied to
it.


\subsection ctrl_iface_P2P_SERV_DISC_CANCEL_REQ P2P_SERV_DISC_CANCEL_REQ

Cancel a pending P2P service discovery request. This command takes a
single parameter: identifier for the pending query (the value returned
by \ref ctrl_iface_P2P_SERV_DISC_REQ), e.g.,
"P2P_SERV_DISC_CANCEL_REQ 1f77628".


\subsection ctrl_iface_P2P_SERV_DISC_RESP P2P_SERV_DISC_RESP

Reply to a service discovery query. This command takes following
parameters: frequency in MHz, destination address, dialog token,
response TLV(s). The first three parameters are copied from the
request event. For example,
"P2P_SERV_DISC_RESP 2437 02:40:61:c2:f3:b7 1 0300000101".


\subsection ctrl_iface_P2P_SERVICE_UPDATE P2P_SERVICE_UPDATE

Indicate that local services have changed. This is used to increment
the P2P service indicator value so that peers know when previously
cached information may have changed.


\subsection ctrl_iface_P2P_SERV_DISC_EXTERNAL P2P_SERV_DISC_EXTERNAL

Configure external processing of P2P service requests: 0 (default) =
no external processing of requests (i.e., internal code will reject
each request), 1 = external processing of requests (external program
is responsible for replying to service discovery requests with
\ref ctrl_iface_P2P_SERV_DISC_RESP).


\subsection ctrl_iface_P2P_REJECT P2P_REJECT

Reject connection attempt from a peer (specified with a device
address). This is a mechanism to reject a pending GO Negotiation with
a peer and request to automatically block any further connection or
discovery of the peer.


\subsection ctrl_iface_P2P_INVITE P2P_INVITE

Invite a peer to join a group or to (re)start a persistent group.


\subsection ctrl_iface_P2P_PEER P2P_PEER

Fetch information about a discovered peer. This command takes in an
argument specifying which peer to select: P2P Device Address of the
peer, "FIRST" to indicate the first peer in the list, or "NEXT-<P2P
Device Address>" to indicate the entry following the specified peer
(to allow for iterating through the list).


\subsection ctrl_iface_P2P_EXT_LISTEN P2P_EXT_LISTEN

Enable/disable extended listen timing. Without parameters, this
command disables extended listen timing. When enabling the feature,
two parameters are used: availability period and availability interval
(both in milliseconds and with range of 1-65535).


\section ctrl_iface_interactive Interactive requests

If wpa_supplicant needs additional information during authentication
(e.g., password), it will use a specific prefix, \c CTRL-REQ-
(\a WPA_CTRL_REQ macro) in an unsolicited event message. An external
program, e.g., a GUI, can provide such information by using
\c CTRL-RSP- (\a WPA_CTRL_RSP macro) prefix in a command with matching
field name.

The following fields can be requested in this way from the user:
- IDENTITY (EAP identity/user name)
- PASSWORD (EAP password)
- NEW_PASSWORD (New password if the server is requesting password change)
- PIN (PIN code for accessing a SIM or smartcard)
- OTP (one-time password; like password, but the value is used only once)
- PASSPHRASE (passphrase for a private key file)

\verbatim
CTRL-REQ-<field name>-<network id>-<human readable text>
CTRL-RSP-<field name>-<network id>-<value>
\endverbatim

For example, request from wpa_supplicant:
\verbatim
CTRL-REQ-PASSWORD-1-Password needed for SSID test-network
\endverbatim

And a matching reply from the GUI:
\verbatim
CTRL-RSP-PASSWORD-1-secret
\endverbatim


\subsection ctrl_iface_GET_CAPABILITY GET_CAPABILITY <option> [strict]

Get list of supported functionality (eap, pairwise, group,
proto). Supported functionality is shown as space separate lists of
values used in the same format as in wpa_supplicant configuration.
If optional argument, 'strict', is added, only the values that the
driver claims to explicitly support are included. Without this, all
available capabilities are included if the driver does not provide
a mechanism for querying capabilities.

Example request/reply pairs:

\verbatim
GET_CAPABILITY eap
AKA FAST GTC LEAP MD5 MSCHAPV2 OTP PAX PEAP PSK SIM TLS TTLS
\endverbatim

\verbatim
GET_CAPABILITY pairwise
CCMP TKIP NONE
\endverbatim

\verbatim
GET_CAPABILITY pairwise strict
\endverbatim

\verbatim
GET_CAPABILITY group
CCMP TKIP WEP104 WEP40
\endverbatim

\verbatim
GET_CAPABILITY key_mgmt
WPA-PSK WPA-EAP IEEE8021X NONE
\endverbatim

\verbatim
GET_CAPABILITY proto
RSN WPA
\endverbatim

\verbatim
GET_CAPABILITY auth_alg
OPEN SHARED LEAP
\endverbatim


\subsection ctrl_iface_AP_SCAN AP_SCAN <ap_scan value>

Change ap_scan value:
0 = no scanning,
1 = wpa_supplicant requests scans and uses scan results to select the AP,
2 = wpa_supplicant does not use scanning and just requests driver to
associate and take care of AP selection


\subsection ctrl_iface_INTERFACES INTERFACES

List configured interfaces.

\verbatim
wlan0
eth0
\endverbatim


\section ctrl_iface_events Control interface events

wpa_supplicant generates number messages based on events like
connection or a completion of a task. These are available to external
programs that attach to receive unsolicited messages over the control
interface with \ref wpa_ctrl_attach().

The event messages will be delivered over the attach control interface
as text strings that start with the priority level of the message and
a fixed prefix text as defined in \ref wpa_ctrl.h. After this, optional
additional information may be included depending on the event
message. For example, following event message is delivered when new
scan results are available:

\verbatim
<2>CTRL-EVENT-SCAN-RESULTS
\endverbatim

Following priority levels are used:
- 0 = MSGDUMP
- 1 = DEBUG
- 2 = INFO
- 3 = WARNING
- 4 = ERROR

By default, any priority level greater than equal to 2 (INFO) are
delivered over the attached control interface. LEVEL command can be
used to set the level of messages which will be delivered. It should
be noted that there are many debug messages that do not include any
particulat prefix and are subject to change. They may be used for
debug information, but can usually be ignored by external programs.

In most cases, the external program can skip over the priority field
in the beginning of the event message and then compare the following
text to the event strings from \ref wpa_ctrl.h that the program is
interested in processing.

Following subsections describe the most common event notifications
generated by wpa_supplicant.

\subsection ctrl_iface_event_CTRL_REQ CTRL-REQ-

WPA_CTRL_REQ: Request information from a user. See
\ref ctrl_iface_interactive "Interactive requests" sections for more
details.

\subsection ctrl_iface_event_CONNECTED CTRL-EVENT-CONNECTED

WPA_EVENT_CONNECTED: Indicate successfully completed authentication
and that the data connection is now enabled.

\subsection ctrl_iface_event_DISCONNECTED CTRL-EVENT-DISCONNECTED

WPA_EVENT_DISCONNECTED: Disconnected, data connection is not available

\subsection ctrl_iface_event_TERMINATING  CTRL-EVENT-TERMINATING

WPA_EVENT_TERMINATING: wpa_supplicant is exiting

\subsection ctrl_iface_event_PASSWORD_CHANGED CTRL-EVENT-PASSWORD-CHANGED

WPA_EVENT_PASSWORD_CHANGED: Password change was completed successfully

\subsection ctrl_iface_event_EAP_NOTIFICATION CTRL-EVENT-EAP-NOTIFICATION

WPA_EVENT_EAP_NOTIFICATION: EAP-Request/Notification received

\subsection ctrl_iface_event_EAP_STARTED CTRL-EVENT-EAP-STARTED

WPA_EVENT_EAP_STARTED: EAP authentication started (EAP-Request/Identity
received)

\subsection ctrl_iface_event_EAP_METHOD CTRL-EVENT-EAP-METHOD

WPA_EVENT_EAP_METHOD: EAP method selected

\subsection ctrl_iface_event_EAP_SUCCESS CTRL-EVENT-EAP-SUCCESS

WPA_EVENT_EAP_SUCCESS: EAP authentication completed successfully

\subsection ctrl_iface_event_EAP_FAILURE CTRL-EVENT-EAP-FAILURE

WPA_EVENT_EAP_FAILURE: EAP authentication failed (EAP-Failure received)

\subsection ctrl_iface_event_SCAN_RESULTS CTRL-EVENT-SCAN-RESULTS

WPA_EVENT_SCAN_RESULTS: New scan results available

\subsection ctrl_iface_event_BSS_ADDED CTRL-EVENT-BSS-ADDED

WPA_EVENT_BSS_ADDED: A new BSS entry was added. The event prefix is
followed by the BSS entry id and BSSID.

\verbatim
CTRL-EVENT-BSS-ADDED 34 00:11:22:33:44:55
\endverbatim

\subsection ctrl_iface_event_BSS_REMOVED CTRL-EVENT-BSS-REMOVED

WPA_EVENT_BSS_REMOVED: A BSS entry was removed. The event prefix is
followed by BSS entry id and BSSID.

\verbatim
CTRL-EVENT-BSS-REMOVED 34 00:11:22:33:44:55
\endverbatim

\subsection ctrl_iface_event_WPS_OVERLAP_DETECTED WPS-OVERLAP-DETECTED

WPS_EVENT_OVERLAP: WPS overlap detected in PBC mode

\subsection ctrl_iface_event_WPS_AP_AVAILABLE_PBC WPS-AP-AVAILABLE-PBC

WPS_EVENT_AP_AVAILABLE_PBC: Available WPS AP with active PBC found in
scan results.

\subsection ctrl_iface_event_WPS_AP_AVAILABLE_PIN WPS-AP-AVAILABLE-PIN

WPS_EVENT_AP_AVAILABLE_PIN: Available WPS AP with recently selected PIN
registrar found in scan results.

\subsection ctrl_iface_event_WPS_AP_AVAILABLE WPS-AP-AVAILABLE

WPS_EVENT_AP_AVAILABLE: Available WPS AP found in scan results

\subsection ctrl_iface_event_WPS_CRED_RECEIVED WPS-CRED-RECEIVED

WPS_EVENT_CRED_RECEIVED: A new credential received

\subsection ctrl_iface_event_WPS_M2D WPS-M2D

WPS_EVENT_M2D: M2D received

\subsection ctrl_iface_event_WPS_FAIL

WPS_EVENT_FAIL: WPS registration failed after M2/M2D

\subsection ctrl_iface_event_WPS_SUCCESS WPS-SUCCESS

WPS_EVENT_SUCCESS: WPS registration completed successfully

\subsection ctrl_iface_event_WPS_TIMEOUT WPS-TIMEOUT

WPS_EVENT_TIMEOUT: WPS enrollment attempt timed out and was terminated

\subsection ctrl_iface_event_WPS_ENROLLEE_SEEN WPS-ENROLLEE-SEEN

WPS_EVENT_ENROLLEE_SEEN: WPS Enrollee was detected (used in AP mode).
The event prefix is followed by MAC addr, UUID-E, pri dev type,
config methods, dev passwd id, request type, [dev name].

\verbatim
WPS-ENROLLEE-SEEN 02:00:00:00:01:00
572cf82f-c957-5653-9b16-b5cfb298abf1 1-0050F204-1 0x80 4 1
[Wireless Client]
\endverbatim

\subsection ctrl_iface_event_WPS_ER_AP_ADD WPS-ER-AP-ADD

WPS_EVENT_ER_AP_ADD: WPS ER discovered an AP

\verbatim
WPS-ER-AP-ADD 87654321-9abc-def0-1234-56789abc0002 02:11:22:33:44:55
pri_dev_type=6-0050F204-1 wps_state=1 |Very friendly name|Company|
Long description of the model|WAP|http://w1.fi/|http://w1.fi/hostapd/
\endverbatim

\subsection ctrl_iface_event_WPS_ER_AP_REMOVE WPS-ER-AP-REMOVE

WPS_EVENT_ER_AP_REMOVE: WPS ER removed an AP entry

\verbatim
WPS-ER-AP-REMOVE 87654321-9abc-def0-1234-56789abc0002
\endverbatim

\subsection ctrl_iface_event_WPS_ER_ENROLLEE_ADD WPS-ER-ENROLLEE-ADD

WPS_EVENT_ER_ENROLLEE_ADD: WPS ER discovered a new Enrollee

\verbatim
WPS-ER-ENROLLEE-ADD 2b7093f1-d6fb-5108-adbb-bea66bb87333
02:66:a0:ee:17:27 M1=1 config_methods=0x14d dev_passwd_id=0
pri_dev_type=1-0050F204-1
|Wireless Client|Company|cmodel|123|12345|
\endverbatim

\subsection ctrl_iface_event_WPS_ER_ENROLLEE_REMOVE WPS-ER-ENROLLEE-REMOVE

WPS_EVENT_ER_ENROLLEE_REMOVE: WPS ER removed an Enrollee entry

\verbatim
WPS-ER-ENROLLEE-REMOVE 2b7093f1-d6fb-5108-adbb-bea66bb87333
02:66:a0:ee:17:27
\endverbatim

\subsection ctrl_iface_event_WPS_PIN_NEEDED WPS-PIN-NEEDED

WPS_EVENT_PIN_NEEDED: PIN is needed to complete provisioning with an
Enrollee. This is followed by information about the Enrollee (UUID,
MAC address, device name, manufacturer, model name, model number,
serial number, primary device type).
\verbatim
WPS-PIN-NEEDED 5a02a5fa-9199-5e7c-bc46-e183d3cb32f7 02:2a:c4:18:5b:f3
[Wireless Client|Company|cmodel|123|12345|1-0050F204-1]
\endverbatim

\subsection ctrl_iface_event_WPS_NEW_AP_SETTINGS WPS-NEW-AP-SETTINGS

WPS_EVENT_NEW_AP_SETTINGS: New AP settings were received

\subsection ctrl_iface_event_WPS_REG_SUCCESS WPS-REG-SUCCESS

WPS_EVENT_REG_SUCCESS: WPS provisioning was completed successfully
(AP/Registrar)

\subsection ctrl_iface_event_WPS_AP_SETUP_LOCKED WPS-AP-SETUP-LOCKED

WPS_EVENT_AP_SETUP_LOCKED: AP changed into setup locked state due to
multiple failed configuration attempts using the AP PIN.

\subsection ctrl_iface_event_AP_STA_CONNECTED AP-STA-CONNECTED

AP_STA_CONNECTED: A station associated with us (AP mode event). The
event prefix is followed by the MAC address of the station.

\verbatim
AP-STA-CONNECTED 02:2a:c4:18:5b:f3
\endverbatim

\subsection ctrl_iface_event_AP_STA_DISCONNECTED AP-STA-DISCONNECTED

AP_STA_DISCONNECTED: A station disassociated (AP mode event)

\verbatim
AP-STA-DISCONNECTED 02:2a:c4:18:5b:f3
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_DEVICE_FOUND P2P-DEVICE-FOUND

P2P_EVENT_DEVICE_FOUND: Indication of a discovered P2P device with
information about that device.

\verbatim
P2P-DEVICE-FOUND 02:b5:64:63:30:63 p2p_dev_addr=02:b5:64:63:30:63
pri_dev_type=1-0050f204-1 name='Wireless Client' config_methods=0x84
dev_capab=0x21 group_capab=0x0
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_REQUEST P2P-GO-NEG-REQUEST

P2P_EVENT_GO_NEG_REQUEST: A P2P device requested GO negotiation, but we
were not ready to start the negotiation.

\verbatim
P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_SUCCESS P2P-GO-NEG-SUCCESS

P2P_EVENT_GO_NEG_SUCCESS: Indication of successfully complete group
owner negotiation.

\subsection ctrl_iface_event_P2P_EVENT_GO_NEG_FAILURE P2P-GO-NEG-FAILURE

P2P_EVENT_GO_NEG_FAILURE: Indication of failed group owner negotiation.

\subsection ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_SUCCESS P2P-GROUP-FORMATION-SUCCESS

P2P_EVENT_GROUP_FORMATION_SUCCESS: Indication that P2P group formation
has been completed successfully.

\subsection ctrl_iface_event_P2P_EVENT_GROUP_FORMATION_FAILURE P2P-GROUP-FORMATION-FAILURE

P2P_EVENT_GROUP_FORMATION_FAILURE: Indication that P2P group formation
failed (e.g., due to provisioning failure or timeout).

\subsection ctrl_iface_event_P2P_EVENT_GROUP_STARTED P2P-GROUP-STARTED

P2P_EVENT_GROUP_STARTED: Indication of a new P2P group having been
started. Additional parameters: network interface name for the group,
role (GO/client), SSID. The passphrase used in the group is also
indicated here if known (on GO) or PSK (on client). If the group is a
persistent one, a flag indicating that is included.

\verbatim
P2P-GROUP-STARTED wlan0-p2p-0 GO ssid="DIRECT-3F Testing"
passphrase="12345678" go_dev_addr=02:40:61:c2:f3:b7 [PERSISTENT]
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_GROUP_REMOVED P2P-GROUP-REMOVED

P2P_EVENT_GROUP_REMOVED: Indication of a P2P group having been removed.
Additional parameters: network interface name for the group, role
(GO/client).

\verbatim
P2P-GROUP-REMOVED wlan0-p2p-0 GO
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_SHOW_PIN P2P-PROV-DISC-SHOW-PIN

P2P_EVENT_PROV_DISC_SHOW_PIN: Request from the peer for us to display
a PIN that will be entered on the peer. The following parameters are
included after the event prefix: peer_address PIN. The PIN is a
random PIN generated for this connection. P2P_CONNECT command can be
used to accept the request with the same PIN configured for the
connection.

\verbatim
P2P-PROV-DISC-SHOW-PIN 02:40:61:c2:f3:b7 12345670
p2p_dev_addr=02:40:61:c2:f3:b7 pri_dev_type=1-0050F204-1 name='Test'
config_methods=0x188 dev_capab=0x21 group_capab=0x0
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_ENTER_PIN P2P-PROV-DISC-ENTER-PIN

P2P_EVENT_PROV_DISC_ENTER_PIN: Request from the peer for us to enter a
PIN displayed on the peer. The following parameter is included after
the event prefix: peer address.

\verbatim
P2P-PROV-DISC-ENTER-PIN 02:40:61:c2:f3:b7 p2p_dev_addr=02:40:61:c2:f3:b7
pri_dev_type=1-0050F204-1 name='Test' config_methods=0x188
dev_capab=0x21 group_capab=0x0
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_PBC_REQ P2P-PROV-DISC-PBC-REQ

P2P_EVENT_PROV_DISC_PBC_REQ: Request from the peer for us to connect
using PBC. The following parameters are included after the event prefix:
peer_address. P2P_CONNECT command can be used to accept the request.

\verbatim
P2P-PROV-DISC-PBC-REQ 02:40:61:c2:f3:b7 p2p_dev_addr=02:40:61:c2:f3:b7
pri_dev_type=1-0050F204-1 name='Test' config_methods=0x188
dev_capab=0x21 group_capab=0x0
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_PROV_DISC_PBC_RESP P2P-PROV-DISC-PBC-RESP

P2P_EVENT_PROV_DISC_PBC_RESP: The peer accepted our provision discovery
request to connect using PBC. The following parameters are included
after the event prefix: peer_address. P2P_CONNECT command can be used to
start GO Negotiation after this.

\verbatim
P2P-PROV-DISC-PBC-RESP 02:40:61:c2:f3:b7
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_SERV_DISC_REQ P2P-SERV-DISC-REQ

P2P-SERV-DISC-REQ: Indicate reception of a P2P service discovery
request. The following parameters are included after the event prefix:
frequency in MHz, source address, dialog token, Service Update
Indicator, Service Query TLV(s) as hexdump.

\verbatim
P2P-SERV-DISC-REQ 2412 02:40:61:c2:f3:b7 0 0 02000001
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_SERV_DISC_RESP P2P-SERV-DISC-RESP

P2P-SERV-DISC-RESP: Indicate reception of a P2P service discovery
response. The following parameters are included after the event prefix:
source address, Service Update Indicator, Service Response TLV(s) as
hexdump.

\verbatim
P2P-SERV-DISC-RESP 02:40:61:c2:f3:b7 0 0300000101
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_INVITATION_RECEIVED P2P-INVITATION-RECEIVED

P2P-INVITATION-RECEIVED: Indicate reception of a P2P Invitation
Request. For persistent groups, the parameter after the event prefix
indicates which network block includes the persistent group data.

\verbatim
P2P-INVITATION-RECEIVED sa=02:40:61:c2:f3:b7 persistent=0
\endverbatim

\subsection ctrl_iface_event_P2P_EVENT_INVITATION_RESULT P2P-INVITATION-RESULT

P2P-INVITATION-RESULT: Indicate result of a P2P invitation that was
requested with \ref ctrl_iface_P2P_INVITE. The parameter
status=<value> shows the status code returned by the peer (or -1 on
local failure or timeout).

\verbatim
P2P-INVITATION-RESULT status=1
\endverbatim

*/