/branches/18.06.1/package/network/services/hostapd/files/hostapd-basic.config |
@@ -0,0 +1,380 @@ |
# Example hostapd build time configuration |
# |
# This file lists the configuration options that are used when building the |
# hostapd binary. All lines starting with # are ignored. Configuration option |
# lines must be commented out complete, if they are not to be included, i.e., |
# just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cass, these lines should use += in order not |
# to override previous values of the variables. |
|
# Driver interface for Host AP driver |
#CONFIG_DRIVER_HOSTAP=y |
|
# Driver interface for wired authenticator |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for no driver (e.g., RADIUS server only) |
#CONFIG_DRIVER_NONE=y |
|
# IEEE 802.11F/IAPP |
#CONFIG_IAPP=y |
|
# WPA2/IEEE 802.11i RSN pre-authentication |
CONFIG_RSN_PREAUTH=y |
|
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) |
CONFIG_PEERKEY=y |
|
# IEEE 802.11w (management frame protection) |
# Driver support is also needed for IEEE 802.11w. |
#CONFIG_IEEE80211W=y |
|
# Integrated EAP server |
#CONFIG_EAP=y |
|
# EAP Re-authentication Protocol (ERP) in integrated EAP server |
#CONFIG_ERP=y |
|
# EAP-MD5 for the integrated EAP server |
#CONFIG_EAP_MD5=y |
|
# EAP-TLS for the integrated EAP server |
#CONFIG_EAP_TLS=y |
|
# EAP-MSCHAPv2 for the integrated EAP server |
#CONFIG_EAP_MSCHAPV2=y |
|
# EAP-PEAP for the integrated EAP server |
#CONFIG_EAP_PEAP=y |
|
# EAP-GTC for the integrated EAP server |
#CONFIG_EAP_GTC=y |
|
# EAP-TTLS for the integrated EAP server |
#CONFIG_EAP_TTLS=y |
|
# EAP-SIM for the integrated EAP server |
#CONFIG_EAP_SIM=y |
|
# EAP-AKA for the integrated EAP server |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' for the integrated EAP server |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# EAP-PAX for the integrated EAP server |
#CONFIG_EAP_PAX=y |
|
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd for the integrated EAP server (secure authentication with a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-SAKE for the integrated EAP server |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK for the integrated EAP server |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-FAST for the integrated EAP server |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
#CONFIG_EAP_FAST=y |
|
# Wi-Fi Protected Setup (WPS) |
#CONFIG_WPS=y |
# Enable UPnP support for external WPS Registrars |
#CONFIG_WPS_UPNP=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# Trusted Network Connect (EAP-TNC) |
#CONFIG_EAP_TNC=y |
|
# EAP-EKE for the integrated EAP server |
#CONFIG_EAP_EKE=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
#CONFIG_PKCS12=y |
|
# RADIUS authentication server. This provides access to the integrated EAP |
# server from external hosts using RADIUS. |
#CONFIG_RADIUS_SERVER=y |
|
# Build IPv6 support for RADIUS operations |
#CONFIG_IPV6=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) |
CONFIG_IEEE80211R=y |
|
# Use the hostapd's IEEE 802.11 authentication (ACL), but without |
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) |
#CONFIG_DRIVER_RADIUS_ACL=y |
|
# IEEE 802.11n (High Throughput) support |
CONFIG_IEEE80211N=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
#CONFIG_WNM=y |
|
# IEEE 802.11ac (Very High Throughput) support |
CONFIG_IEEE80211AC=y |
|
# IEEE 802.11ax HE support |
# Note: This is experimental and work in progress. The definitions are still |
# subject to change and this should not be expected to interoperate with the |
# final IEEE 802.11ax version. |
#CONFIG_IEEE80211AX=y |
|
# Remove debugging code that is printing out debug messages to stdout. |
# This can be used to reduce the size of the hostapd considerably if debugging |
# code is not needed. |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Add support for writing debug log to a file: -f /tmp/hostapd.log |
# Disabled by default. |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Remove support for RADIUS accounting |
CONFIG_NO_ACCOUNTING=y |
|
# Remove support for RADIUS |
CONFIG_NO_RADIUS=y |
|
# Remove support for VLANs |
#CONFIG_NO_VLAN=y |
|
# Enable support for fully dynamic VLANs. This enables hostapd to |
# automatically create bridge and VLAN interfaces if necessary. |
#CONFIG_FULL_DYNAMIC_VLAN=y |
|
# Use netlink-based kernel API for VLAN operations instead of ioctl() |
# Note: This requires libnl 3.1 or newer. |
#CONFIG_VLAN_NETLINK=y |
|
# Remove support for dumping internal state through control interface commands |
# This can be used to reduce binary size at the cost of disabling a debugging |
# option. |
CONFIG_NO_DUMP_STATE=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, comment out these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, comment out these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# hostapd depends on strong random number generation being available from the |
# operating system. os_get_random() function is used to fetch random data when |
# needed, e.g., for key generation. On Linux and BSD systems, this works by |
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be |
# properly initialized before hostapd is started. This is important especially |
# on embedded devices that do not have a hardware random number generator and |
# may by default start up with minimal entropy available for random number |
# generation. |
# |
# As a safety net, hostapd is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data |
# fetched from the OS. This by itself is not considered to be very strong, but |
# it may help in cases where the system pool is not initialized properly. |
# However, it is very strongly recommended that the system pool is initialized |
# with enough entropy either by using hardware assisted random number |
# generator or by storing state over device reboots. |
# |
# hostapd can be configured to maintain its own entropy store over restarts to |
# enhance random number generation. This is not perfect, but it is much more |
# secure than using the same sequence of random numbers after every reboot. |
# This can be enabled with -e<entropy file> command line option. The specified |
# file needs to be readable and writable by hostapd. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal hostapd random pool can be disabled. |
# This will save some in binary size and CPU use. However, this should only be |
# considered for builds that are known to be used on devices that meet the |
# requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
#CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks. |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file |
#CONFIG_SQLITE=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# Testing options |
# This can be used to enable some testing options (see also the example |
# configuration file) that are really useful only for testing clients that |
# connect to this hostapd. These options allow, for example, to drop a |
# certain percentage of probe requests or auth/(re)assoc frames. |
# |
#CONFIG_TESTING_OPTIONS=y |
|
# Automatic Channel Selection |
# This will allow hostapd to pick the channel automatically when channel is set |
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# You can customize the ACS survey algorithm with the hostapd.conf variable |
# acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
# |
#CONFIG_ACS=y |
|
# Multiband Operation support |
# These extentions facilitate efficient use of multiple frequency bands |
# available to the AP and the devices that may associate with it. |
#CONFIG_MBO=y |
|
# Client Taxonomy |
# Has the AP retain the Probe Request and (Re)Association Request frames from |
# a client, from which a signature can be produced which can identify the model |
# of client device like "Nexus 6P" or "iPhone 5s". |
#CONFIG_TAXONOMY=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Include internal line edit mode in hostapd_cli. This can be used to provide |
# limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/hostapd-full.config |
@@ -0,0 +1,380 @@ |
# Example hostapd build time configuration |
# |
# This file lists the configuration options that are used when building the |
# hostapd binary. All lines starting with # are ignored. Configuration option |
# lines must be commented out complete, if they are not to be included, i.e., |
# just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cass, these lines should use += in order not |
# to override previous values of the variables. |
|
# Driver interface for Host AP driver |
#CONFIG_DRIVER_HOSTAP=y |
|
# Driver interface for wired authenticator |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for no driver (e.g., RADIUS server only) |
#CONFIG_DRIVER_NONE=y |
|
# IEEE 802.11F/IAPP |
CONFIG_IAPP=y |
|
# WPA2/IEEE 802.11i RSN pre-authentication |
CONFIG_RSN_PREAUTH=y |
|
# IEEE 802.11w (management frame protection) |
#CONFIG_IEEE80211W=y |
|
# Integrated EAP server |
CONFIG_EAP=y |
|
# EAP Re-authentication Protocol (ERP) in integrated EAP server |
#CONFIG_ERP=y |
|
# EAP-MD5 for the integrated EAP server |
CONFIG_EAP_MD5=y |
|
# EAP-TLS for the integrated EAP server |
CONFIG_EAP_TLS=y |
|
# EAP-MSCHAPv2 for the integrated EAP server |
CONFIG_EAP_MSCHAPV2=y |
|
# EAP-PEAP for the integrated EAP server |
CONFIG_EAP_PEAP=y |
|
# EAP-GTC for the integrated EAP server |
CONFIG_EAP_GTC=y |
|
# EAP-TTLS for the integrated EAP server |
CONFIG_EAP_TTLS=y |
|
# EAP-SIM for the integrated EAP server |
#CONFIG_EAP_SIM=y |
|
# EAP-AKA for the integrated EAP server |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' for the integrated EAP server |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# EAP-PAX for the integrated EAP server |
#CONFIG_EAP_PAX=y |
|
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd for the integrated EAP server (secure authentication with a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-SAKE for the integrated EAP server |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK for the integrated EAP server |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-FAST for the integrated EAP server |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
CONFIG_EAP_FAST=y |
|
# Wi-Fi Protected Setup (WPS) |
CONFIG_WPS=y |
# Enable UPnP support for external WPS Registrars |
#CONFIG_WPS_UPNP=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# Trusted Network Connect (EAP-TNC) |
#CONFIG_EAP_TNC=y |
|
# EAP-EKE for the integrated EAP server |
#CONFIG_EAP_EKE=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
CONFIG_PKCS12=y |
|
# RADIUS authentication server. This provides access to the integrated EAP |
# server from external hosts using RADIUS. |
#CONFIG_RADIUS_SERVER=y |
|
# Build IPv6 support for RADIUS operations |
CONFIG_IPV6=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) |
CONFIG_IEEE80211R=y |
|
# Use the hostapd's IEEE 802.11 authentication (ACL), but without |
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) |
#CONFIG_DRIVER_RADIUS_ACL=y |
|
# IEEE 802.11n (High Throughput) support |
CONFIG_IEEE80211N=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
CONFIG_WNM=y |
|
# IEEE 802.11ac (Very High Throughput) support |
CONFIG_IEEE80211AC=y |
|
# IEEE 802.11ax HE support |
# Note: This is experimental and work in progress. The definitions are still |
# subject to change and this should not be expected to interoperate with the |
# final IEEE 802.11ax version. |
#CONFIG_IEEE80211AX=y |
|
# Remove debugging code that is printing out debug messages to stdout. |
# This can be used to reduce the size of the hostapd considerably if debugging |
# code is not needed. |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Add support for writing debug log to a file: -f /tmp/hostapd.log |
# Disabled by default. |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Remove support for RADIUS accounting |
#CONFIG_NO_ACCOUNTING=y |
|
# Remove support for RADIUS |
#CONFIG_NO_RADIUS=y |
|
# Remove support for VLANs |
#CONFIG_NO_VLAN=y |
|
# Enable support for fully dynamic VLANs. This enables hostapd to |
# automatically create bridge and VLAN interfaces if necessary. |
CONFIG_FULL_DYNAMIC_VLAN=y |
|
# Use netlink-based kernel API for VLAN operations instead of ioctl() |
# Note: This requires libnl 3.1 or newer. |
#CONFIG_VLAN_NETLINK=y |
|
# Remove support for dumping internal state through control interface commands |
# This can be used to reduce binary size at the cost of disabling a debugging |
# option. |
CONFIG_NO_DUMP_STATE=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, comment out these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, comment out these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# hostapd depends on strong random number generation being available from the |
# operating system. os_get_random() function is used to fetch random data when |
# needed, e.g., for key generation. On Linux and BSD systems, this works by |
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be |
# properly initialized before hostapd is started. This is important especially |
# on embedded devices that do not have a hardware random number generator and |
# may by default start up with minimal entropy available for random number |
# generation. |
# |
# As a safety net, hostapd is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data |
# fetched from the OS. This by itself is not considered to be very strong, but |
# it may help in cases where the system pool is not initialized properly. |
# However, it is very strongly recommended that the system pool is initialized |
# with enough entropy either by using hardware assisted random number |
# generator or by storing state over device reboots. |
# |
# hostapd can be configured to maintain its own entropy store over restarts to |
# enhance random number generation. This is not perfect, but it is much more |
# secure than using the same sequence of random numbers after every reboot. |
# This can be enabled with -e<entropy file> command line option. The specified |
# file needs to be readable and writable by hostapd. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal hostapd random pool can be disabled. |
# This will save some in binary size and CPU use. However, this should only be |
# considered for builds that are known to be used on devices that meet the |
# requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks. |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file |
#CONFIG_SQLITE=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# Testing options |
# This can be used to enable some testing options (see also the example |
# configuration file) that are really useful only for testing clients that |
# connect to this hostapd. These options allow, for example, to drop a |
# certain percentage of probe requests or auth/(re)assoc frames. |
# |
#CONFIG_TESTING_OPTIONS=y |
|
# Automatic Channel Selection |
# This will allow hostapd to pick the channel automatically when channel is set |
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# You can customize the ACS survey algorithm with the hostapd.conf variable |
# acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
# |
#CONFIG_ACS=y |
|
# Multiband Operation support |
# These extentions facilitate efficient use of multiple frequency bands |
# available to the AP and the devices that may associate with it. |
#CONFIG_MBO=y |
|
# Client Taxonomy |
# Has the AP retain the Probe Request and (Re)Association Request frames from |
# a client, from which a signature can be produced which can identify the model |
# of client device like "Nexus 6P" or "iPhone 5s". |
CONFIG_TAXONOMY=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Include internal line edit mode in hostapd_cli. This can be used to provide |
# limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# Override default value for the wpa_disable_eapol_key_retries configuration |
# parameter. See that parameter in hostapd.conf for more details. |
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/hostapd-mini.config |
@@ -0,0 +1,380 @@ |
# Example hostapd build time configuration |
# |
# This file lists the configuration options that are used when building the |
# hostapd binary. All lines starting with # are ignored. Configuration option |
# lines must be commented out complete, if they are not to be included, i.e., |
# just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cass, these lines should use += in order not |
# to override previous values of the variables. |
|
# Driver interface for Host AP driver |
#CONFIG_DRIVER_HOSTAP=y |
|
# Driver interface for wired authenticator |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for no driver (e.g., RADIUS server only) |
#CONFIG_DRIVER_NONE=y |
|
# IEEE 802.11F/IAPP |
#CONFIG_IAPP=y |
|
# WPA2/IEEE 802.11i RSN pre-authentication |
CONFIG_RSN_PREAUTH=y |
|
# IEEE 802.11w (management frame protection) |
#CONFIG_IEEE80211W=y |
|
# Integrated EAP server |
#CONFIG_EAP=y |
|
# EAP Re-authentication Protocol (ERP) in integrated EAP server |
#CONFIG_ERP=y |
|
# EAP-MD5 for the integrated EAP server |
#CONFIG_EAP_MD5=y |
|
# EAP-TLS for the integrated EAP server |
#CONFIG_EAP_TLS=y |
|
# EAP-MSCHAPv2 for the integrated EAP server |
#CONFIG_EAP_MSCHAPV2=y |
|
# EAP-PEAP for the integrated EAP server |
#CONFIG_EAP_PEAP=y |
|
# EAP-GTC for the integrated EAP server |
#CONFIG_EAP_GTC=y |
|
# EAP-TTLS for the integrated EAP server |
#CONFIG_EAP_TTLS=y |
|
# EAP-SIM for the integrated EAP server |
#CONFIG_EAP_SIM=y |
|
# EAP-AKA for the integrated EAP server |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' for the integrated EAP server |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# EAP-PAX for the integrated EAP server |
#CONFIG_EAP_PAX=y |
|
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd for the integrated EAP server (secure authentication with a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-SAKE for the integrated EAP server |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK for the integrated EAP server |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-FAST for the integrated EAP server |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
#CONFIG_EAP_FAST=y |
|
# Wi-Fi Protected Setup (WPS) |
#CONFIG_WPS=y |
# Enable UPnP support for external WPS Registrars |
#CONFIG_WPS_UPNP=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# Trusted Network Connect (EAP-TNC) |
#CONFIG_EAP_TNC=y |
|
# EAP-EKE for the integrated EAP server |
#CONFIG_EAP_EKE=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
#CONFIG_PKCS12=y |
|
# RADIUS authentication server. This provides access to the integrated EAP |
# server from external hosts using RADIUS. |
#CONFIG_RADIUS_SERVER=y |
|
# Build IPv6 support for RADIUS operations |
#CONFIG_IPV6=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) |
#CONFIG_IEEE80211R=y |
|
# Use the hostapd's IEEE 802.11 authentication (ACL), but without |
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) |
#CONFIG_DRIVER_RADIUS_ACL=y |
|
# IEEE 802.11n (High Throughput) support |
CONFIG_IEEE80211N=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
#CONFIG_WNM=y |
|
# IEEE 802.11ac (Very High Throughput) support |
CONFIG_IEEE80211AC=y |
|
# IEEE 802.11ax HE support |
# Note: This is experimental and work in progress. The definitions are still |
# subject to change and this should not be expected to interoperate with the |
# final IEEE 802.11ax version. |
#CONFIG_IEEE80211AX=y |
|
# Remove debugging code that is printing out debug messages to stdout. |
# This can be used to reduce the size of the hostapd considerably if debugging |
# code is not needed. |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Add support for writing debug log to a file: -f /tmp/hostapd.log |
# Disabled by default. |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Remove support for RADIUS accounting |
CONFIG_NO_ACCOUNTING=y |
|
# Remove support for RADIUS |
CONFIG_NO_RADIUS=y |
|
# Remove support for VLANs |
#CONFIG_NO_VLAN=y |
|
# Enable support for fully dynamic VLANs. This enables hostapd to |
# automatically create bridge and VLAN interfaces if necessary. |
#CONFIG_FULL_DYNAMIC_VLAN=y |
|
# Use netlink-based kernel API for VLAN operations instead of ioctl() |
# Note: This requires libnl 3.1 or newer. |
#CONFIG_VLAN_NETLINK=y |
|
# Remove support for dumping internal state through control interface commands |
# This can be used to reduce binary size at the cost of disabling a debugging |
# option. |
CONFIG_NO_DUMP_STATE=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, comment out these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, comment out these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# hostapd depends on strong random number generation being available from the |
# operating system. os_get_random() function is used to fetch random data when |
# needed, e.g., for key generation. On Linux and BSD systems, this works by |
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be |
# properly initialized before hostapd is started. This is important especially |
# on embedded devices that do not have a hardware random number generator and |
# may by default start up with minimal entropy available for random number |
# generation. |
# |
# As a safety net, hostapd is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data |
# fetched from the OS. This by itself is not considered to be very strong, but |
# it may help in cases where the system pool is not initialized properly. |
# However, it is very strongly recommended that the system pool is initialized |
# with enough entropy either by using hardware assisted random number |
# generator or by storing state over device reboots. |
# |
# hostapd can be configured to maintain its own entropy store over restarts to |
# enhance random number generation. This is not perfect, but it is much more |
# secure than using the same sequence of random numbers after every reboot. |
# This can be enabled with -e<entropy file> command line option. The specified |
# file needs to be readable and writable by hostapd. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal hostapd random pool can be disabled. |
# This will save some in binary size and CPU use. However, this should only be |
# considered for builds that are known to be used on devices that meet the |
# requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
#CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks. |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file |
#CONFIG_SQLITE=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# Testing options |
# This can be used to enable some testing options (see also the example |
# configuration file) that are really useful only for testing clients that |
# connect to this hostapd. These options allow, for example, to drop a |
# certain percentage of probe requests or auth/(re)assoc frames. |
# |
#CONFIG_TESTING_OPTIONS=y |
|
# Automatic Channel Selection |
# This will allow hostapd to pick the channel automatically when channel is set |
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# You can customize the ACS survey algorithm with the hostapd.conf variable |
# acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
# |
#CONFIG_ACS=y |
|
# Multiband Operation support |
# These extentions facilitate efficient use of multiple frequency bands |
# available to the AP and the devices that may associate with it. |
#CONFIG_MBO=y |
|
# Client Taxonomy |
# Has the AP retain the Probe Request and (Re)Association Request frames from |
# a client, from which a signature can be produced which can identify the model |
# of client device like "Nexus 6P" or "iPhone 5s". |
#CONFIG_TAXONOMY=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Include internal line edit mode in hostapd_cli. This can be used to provide |
# limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# Override default value for the wpa_disable_eapol_key_retries configuration |
# parameter. See that parameter in hostapd.conf for more details. |
#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/hostapd.sh |
@@ -0,0 +1,946 @@ |
. /lib/functions/network.sh |
|
wpa_supplicant_add_rate() { |
local var="$1" |
local val="$(($2 / 1000))" |
local sub="$((($2 / 100) % 10))" |
append $var "$val" "," |
[ $sub -gt 0 ] && append $var "." |
} |
|
hostapd_add_rate() { |
local var="$1" |
local val="$(($2 / 100))" |
append $var "$val" " " |
} |
|
hostapd_append_wep_key() { |
local var="$1" |
|
wep_keyidx=0 |
set_default key 1 |
case "$key" in |
[1234]) |
for idx in 1 2 3 4; do |
local zidx |
zidx=$(($idx - 1)) |
json_get_var ckey "key${idx}" |
[ -n "$ckey" ] && \ |
append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" |
done |
wep_keyidx=$((key - 1)) |
;; |
*) |
append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" |
;; |
esac |
} |
|
hostapd_append_wpa_key_mgmt() { |
local auth_type_l="$(echo $auth_type | tr 'a-z' 'A-Z')" |
|
case "$auth_type" in |
psk|eap) |
append wpa_key_mgmt "WPA-$auth_type_l" |
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-${auth_type_l}" |
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-${auth_type_l}-SHA256" |
;; |
eap192) |
append wpa_key_mgmt "WPA-EAP-SUITE-B-192" |
;; |
eap-eap192) |
append wpa_key_mgmt "WPA-EAP-SUITE-B-192" |
append wpa_key_mgmt "WPA-EAP" |
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-EAP" |
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-EAP-SHA256" |
;; |
sae) |
append wpa_key_mgmt "SAE" |
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" |
;; |
psk-sae) |
append wpa_key_mgmt "WPA-PSK" |
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-PSK" |
[ "${ieee80211w:-0}" -gt 0 ] && append wpa_key_mgmt "WPA-PSK-SHA256" |
append wpa_key_mgmt "SAE" |
[ "${ieee80211r:-0}" -gt 0 ] && append wpa_key_mgmt "FT-SAE" |
;; |
owe) |
append wpa_key_mgmt "OWE" |
;; |
esac |
} |
|
hostapd_add_log_config() { |
config_add_boolean \ |
log_80211 \ |
log_8021x \ |
log_radius \ |
log_wpa \ |
log_driver \ |
log_iapp \ |
log_mlme |
|
config_add_int log_level |
} |
|
hostapd_common_add_device_config() { |
config_add_array basic_rate |
config_add_array supported_rates |
|
config_add_string country |
config_add_boolean country_ie doth |
config_add_string require_mode |
config_add_boolean legacy_rates |
|
config_add_string acs_chan_bias |
config_add_array hostapd_options |
|
hostapd_add_log_config |
} |
|
hostapd_prepare_device_config() { |
local config="$1" |
local driver="$2" |
|
local base="${config%%.conf}" |
local base_cfg= |
|
json_get_vars country country_ie beacon_int:100 doth require_mode legacy_rates acs_chan_bias |
|
hostapd_set_log_options base_cfg |
|
set_default country_ie 1 |
set_default doth 1 |
set_default legacy_rates 1 |
|
[ "$hwmode" = "b" ] && legacy_rates=1 |
|
[ -n "$country" ] && { |
append base_cfg "country_code=$country" "$N" |
|
[ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" |
[ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N" |
} |
|
[ -n "$acs_chan_bias" ] && append base_cfg "acs_chan_bias=$acs_chan_bias" "$N" |
|
local brlist= br |
json_get_values basic_rate_list basic_rate |
local rlist= r |
json_get_values rate_list supported_rates |
|
[ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" |
[ "$legacy_rates" -eq 0 ] && set_default require_mode g |
|
[ "$hwmode" = "g" ] && { |
[ "$legacy_rates" -eq 0 ] && set_default rate_list "6000 9000 12000 18000 24000 36000 48000 54000" |
[ -n "$require_mode" ] && set_default basic_rate_list "6000 12000 24000" |
} |
|
case "$require_mode" in |
n) append base_cfg "require_ht=1" "$N";; |
ac) append base_cfg "require_vht=1" "$N";; |
esac |
|
for r in $rate_list; do |
hostapd_add_rate rlist "$r" |
done |
|
for br in $basic_rate_list; do |
hostapd_add_rate brlist "$br" |
done |
|
[ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N" |
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" |
append base_cfg "beacon_int=$beacon_int" "$N" |
|
json_get_values opts hostapd_options |
for val in $opts; do |
append base_cfg "$val" "$N" |
done |
|
cat > "$config" <<EOF |
driver=$driver |
$base_cfg |
EOF |
} |
|
hostapd_common_add_bss_config() { |
config_add_string 'bssid:macaddr' 'ssid:string' |
config_add_boolean wds wmm uapsd hidden utf8_ssid |
|
config_add_int maxassoc max_inactivity |
config_add_boolean disassoc_low_ack isolate short_preamble |
|
config_add_int \ |
wep_rekey eap_reauth_period \ |
wpa_group_rekey wpa_pair_rekey wpa_master_rekey |
config_add_boolean wpa_disable_eapol_key_retries |
|
config_add_boolean tdls_prohibit |
|
config_add_boolean rsn_preauth auth_cache |
config_add_int ieee80211w |
config_add_int eapol_version |
|
config_add_string 'auth_server:host' 'server:host' |
config_add_string auth_secret |
config_add_int 'auth_port:port' 'port:port' |
|
config_add_string acct_server |
config_add_string acct_secret |
config_add_int acct_port |
config_add_int acct_interval |
|
config_add_string dae_client |
config_add_string dae_secret |
config_add_int dae_port |
|
config_add_string nasid |
config_add_string ownip |
config_add_string radius_client_addr |
config_add_string iapp_interface |
config_add_string eap_type ca_cert client_cert identity anonymous_identity auth priv_key priv_key_pwd |
config_add_string ieee80211w_mgmt_cipher |
|
config_add_int dynamic_vlan vlan_naming |
config_add_string vlan_tagged_interface vlan_bridge |
config_add_string vlan_file |
|
config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey' |
|
config_add_string wpa_psk_file |
|
config_add_int multi_ap |
|
config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 |
config_add_int wps_ap_setup_locked wps_independent |
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin |
config_add_string multi_ap_backhaul_ssid multi_ap_backhaul_key |
|
config_add_boolean ieee80211v wnm_sleep_mode bss_transition |
config_add_int time_advertisement |
config_add_string time_zone |
|
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds |
config_add_int r0_key_lifetime reassociation_deadline |
config_add_string mobility_domain r1_key_holder |
config_add_array r0kh r1kh |
|
config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout |
|
config_add_string macfilter 'macfile:file' |
config_add_array 'maclist:list(macaddr)' |
|
config_add_array bssid_blacklist |
config_add_array bssid_whitelist |
|
config_add_int mcast_rate |
config_add_array basic_rate |
config_add_array supported_rates |
|
config_add_boolean sae_require_mfp |
|
config_add_string 'owe_transition_bssid:macaddr' 'owe_transition_ssid:string' |
} |
|
hostapd_set_bss_options() { |
local var="$1" |
local phy="$2" |
local vif="$3" |
|
wireless_vif_parse_encryption |
|
local bss_conf |
local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt |
|
json_get_vars \ |
wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ |
wpa_disable_eapol_key_retries tdls_prohibit \ |
maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ |
wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 wps_ap_setup_locked \ |
wps_independent wps_device_type wps_device_name wps_manufacturer wps_pin \ |
macfilter ssid utf8_ssid wmm uapsd hidden short_preamble rsn_preauth \ |
iapp_interface eapol_version dynamic_vlan ieee80211w nasid \ |
acct_server acct_secret acct_port acct_interval \ |
bss_load_update_period chan_util_avg_period sae_require_mfp \ |
multi_ap multi_ap_backhaul_ssid multi_ap_backhaul_key |
|
set_default isolate 0 |
set_default maxassoc 0 |
set_default max_inactivity 0 |
set_default short_preamble 1 |
set_default disassoc_low_ack 1 |
set_default hidden 0 |
set_default wmm 1 |
set_default uapsd 1 |
set_default wpa_disable_eapol_key_retries 0 |
set_default tdls_prohibit 0 |
set_default eapol_version 0 |
set_default acct_port 1813 |
set_default bss_load_update_period 60 |
set_default chan_util_avg_period 600 |
set_default utf8_ssid 1 |
set_default multi_ap 0 |
|
append bss_conf "ctrl_interface=/var/run/hostapd" |
if [ "$isolate" -gt 0 ]; then |
append bss_conf "ap_isolate=$isolate" "$N" |
fi |
if [ "$maxassoc" -gt 0 ]; then |
append bss_conf "max_num_sta=$maxassoc" "$N" |
fi |
if [ "$max_inactivity" -gt 0 ]; then |
append bss_conf "ap_max_inactivity=$max_inactivity" "$N" |
fi |
|
append bss_conf "bss_load_update_period=$bss_load_update_period" "$N" |
append bss_conf "chan_util_avg_period=$chan_util_avg_period" "$N" |
append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" |
append bss_conf "preamble=$short_preamble" "$N" |
append bss_conf "wmm_enabled=$wmm" "$N" |
append bss_conf "ignore_broadcast_ssid=$hidden" "$N" |
append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N" |
append bss_conf "utf8_ssid=$utf8_ssid" "$N" |
append bss_conf "multi_ap=$multi_ap" "$N" |
|
[ "$tdls_prohibit" -gt 0 ] && append bss_conf "tdls_prohibit=$tdls_prohibit" "$N" |
|
[ "$wpa" -gt 0 ] && { |
[ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N" |
[ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N" |
[ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N" |
} |
|
[ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N" |
[ -n "$acct_server" ] && { |
append bss_conf "acct_server_addr=$acct_server" "$N" |
append bss_conf "acct_server_port=$acct_port" "$N" |
[ -n "$acct_secret" ] && \ |
append bss_conf "acct_server_shared_secret=$acct_secret" "$N" |
[ -n "$acct_interval" ] && \ |
append bss_conf "radius_acct_interim_interval=$acct_interval" "$N" |
} |
|
case "$auth_type" in |
sae|owe|eap192|eap-eap192) |
set_default ieee80211w 2 |
set_default sae_require_mfp 1 |
;; |
psk-sae) |
set_default ieee80211w 1 |
set_default sae_require_mfp 1 |
;; |
esac |
[ -n "$sae_require_mfp" ] && append bss_conf "sae_require_mfp=$sae_require_mfp" "$N" |
|
local vlan_possible="" |
|
case "$auth_type" in |
none|owe) |
json_get_vars owe_transition_bssid owe_transition_ssid |
|
[ -n "$owe_transition_ssid" ] && append bss_conf "owe_transition_ssid=\"$owe_transition_ssid\"" "$N" |
[ -n "$owe_transition_bssid" ] && append bss_conf "owe_transition_bssid=$owe_transition_bssid" "$N" |
|
wps_possible=1 |
# Here we make the assumption that if we're in open mode |
# with WPS enabled, we got to be in unconfigured state. |
wps_not_configured=1 |
;; |
psk|sae|psk-sae) |
json_get_vars key wpa_psk_file |
if [ ${#key} -lt 8 ]; then |
wireless_setup_vif_failed INVALID_WPA_PSK |
return 1 |
elif [ ${#key} -eq 64 ]; then |
append bss_conf "wpa_psk=$key" "$N" |
else |
append bss_conf "wpa_passphrase=$key" "$N" |
fi |
[ -n "$wpa_psk_file" ] && { |
[ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" |
append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" |
} |
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
|
wps_possible=1 |
;; |
eap|eap192|eap-eap192) |
json_get_vars \ |
auth_server auth_secret auth_port \ |
dae_client dae_secret dae_port \ |
ownip radius_client_addr \ |
eap_reauth_period |
|
# radius can provide VLAN ID for clients |
vlan_possible=1 |
|
# legacy compatibility |
[ -n "$auth_server" ] || json_get_var auth_server server |
[ -n "$auth_port" ] || json_get_var auth_port port |
[ -n "$auth_secret" ] || json_get_var auth_secret key |
|
set_default auth_port 1812 |
set_default dae_port 3799 |
|
|
append bss_conf "auth_server_addr=$auth_server" "$N" |
append bss_conf "auth_server_port=$auth_port" "$N" |
append bss_conf "auth_server_shared_secret=$auth_secret" "$N" |
|
[ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N" |
|
[ -n "$dae_client" -a -n "$dae_secret" ] && { |
append bss_conf "radius_das_port=$dae_port" "$N" |
append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" |
} |
|
[ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" |
[ -n "$radius_client_addr" ] && append bss_conf "radius_client_addr=$radius_client_addr" "$N" |
append bss_conf "eapol_key_index_workaround=1" "$N" |
append bss_conf "ieee8021x=1" "$N" |
|
[ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" |
;; |
wep) |
local wep_keyidx=0 |
json_get_vars key |
hostapd_append_wep_key bss_conf |
append bss_conf "wep_default_key=$wep_keyidx" "$N" |
[ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N" |
;; |
esac |
|
local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) |
append bss_conf "auth_algs=${auth_algs:-1}" "$N" |
append bss_conf "wpa=$wpa" "$N" |
[ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N" |
|
set_default wps_pushbutton 0 |
set_default wps_label 0 |
set_default wps_pbc_in_m1 0 |
|
config_methods= |
[ "$wps_pushbutton" -gt 0 ] && append config_methods push_button |
[ "$wps_label" -gt 0 ] && append config_methods label |
|
# WPS not possible on Multi-AP backhaul-only SSID |
[ "$multi_ap" = 1 ] && wps_possible= |
|
[ -n "$wps_possible" -a -n "$config_methods" ] && { |
set_default ext_registrar 0 |
set_default wps_device_type "6-0050F204-1" |
set_default wps_device_name "OpenWrt AP" |
set_default wps_manufacturer "www.openwrt.org" |
set_default wps_independent 1 |
|
wps_state=2 |
[ -n "$wps_configured" ] && wps_state=1 |
|
[ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N" |
|
append bss_conf "eap_server=1" "$N" |
[ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" |
append bss_conf "wps_state=$wps_state" "$N" |
append bss_conf "device_type=$wps_device_type" "$N" |
append bss_conf "device_name=$wps_device_name" "$N" |
append bss_conf "manufacturer=$wps_manufacturer" "$N" |
append bss_conf "config_methods=$config_methods" "$N" |
append bss_conf "wps_independent=$wps_independent" "$N" |
[ -n "$wps_ap_setup_locked" ] && append bss_conf "ap_setup_locked=$wps_ap_setup_locked" "$N" |
[ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N" |
[ "$multi_ap" -gt 0 ] && [ -n "$multi_ap_backhaul_ssid" ] && { |
append bss_conf "multi_ap_backhaul_ssid=\"$multi_ap_backhaul_ssid\"" "$N" |
if [ -z "$multi_ap_backhaul_key" ]; then |
: |
elif [ ${#multi_ap_backhaul_key} -lt 8 ]; then |
wireless_setup_vif_failed INVALID_WPA_PSK |
return 1 |
elif [ ${#multi_ap_backhaul_key} -eq 64 ]; then |
append bss_conf "multi_ap_backhaul_wpa_psk=$multi_ap_backhaul_key" "$N" |
else |
append bss_conf "multi_ap_backhaul_wpa_passphrase=$multi_ap_backhaul_key" "$N" |
fi |
} |
} |
|
append bss_conf "ssid=$ssid" "$N" |
[ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N" |
[ -n "$iapp_interface" ] && { |
local ifname |
network_get_device ifname "$iapp_interface" || ifname="$iapp_interface" |
append bss_conf "iapp_interface=$ifname" "$N" |
} |
|
json_get_vars ieee80211v |
set_default ieee80211v 0 |
if [ "$ieee80211v" -eq "1" ]; then |
json_get_vars time_advertisement time_zone wnm_sleep_mode bss_transition |
|
set_default time_advertisement 0 |
set_default wnm_sleep_mode 0 |
set_default bss_transition 0 |
|
append bss_conf "time_advertisement=$time_advertisement" "$N" |
[ -n "$time_zone" ] && append bss_conf "time_zone=$time_zone" "$N" |
append bss_conf "wnm_sleep_mode=$wnm_sleep_mode" "$N" |
append bss_conf "bss_transition=$bss_transition" "$N" |
fi |
|
if [ "$wpa" -ge "1" ]; then |
json_get_vars ieee80211r |
set_default ieee80211r 0 |
|
if [ "$ieee80211r" -gt "0" ]; then |
json_get_vars mobility_domain ft_psk_generate_local ft_over_ds reassociation_deadline |
|
set_default mobility_domain "$(echo "$ssid" | md5sum | head -c 4)" |
set_default ft_psk_generate_local 1 |
set_default ft_over_ds 1 |
set_default reassociation_deadline 1000 |
|
append bss_conf "mobility_domain=$mobility_domain" "$N" |
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N" |
append bss_conf "ft_over_ds=$ft_over_ds" "$N" |
append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" |
[ -n "$nasid" ] || append bss_conf "nas_identifier=${macaddr//\:}" "$N" |
|
if [ "$ft_psk_generate_local" -eq "0" ]; then |
json_get_vars r0_key_lifetime r1_key_holder pmk_r1_push |
json_get_values r0kh r0kh |
json_get_values r1kh r1kh |
|
set_default r0_key_lifetime 10000 |
set_default pmk_r1_push 0 |
|
[ -n "$r1_key_holder" ] && append bss_conf "r1_key_holder=$r1_key_holder" "$N" |
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" |
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" |
|
for kh in $r0kh; do |
append bss_conf "r0kh=${kh//,/ }" "$N" |
done |
for kh in $r1kh; do |
append bss_conf "r1kh=${kh//,/ }" "$N" |
done |
fi |
fi |
|
append bss_conf "wpa_disable_eapol_key_retries=$wpa_disable_eapol_key_retries" "$N" |
|
hostapd_append_wpa_key_mgmt |
[ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N" |
fi |
|
if [ "$wpa" -ge "2" ]; then |
if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then |
set_default auth_cache 1 |
append bss_conf "rsn_preauth=1" "$N" |
append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" |
else |
set_default auth_cache 0 |
fi |
|
append bss_conf "okc=$auth_cache" "$N" |
[ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" |
|
# RSN -> allow management frame protection |
case "$ieee80211w" in |
[012]) |
json_get_vars ieee80211w_mgmt_cipher ieee80211w_max_timeout ieee80211w_retry_timeout |
append bss_conf "ieee80211w=$ieee80211w" "$N" |
[ "$ieee80211w" -gt "0" ] && { |
append bss_conf "group_mgmt_cipher=${ieee80211w_mgmt_cipher:-AES-128-CMAC}" "$N" |
[ -n "$ieee80211w_max_timeout" ] && \ |
append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" |
[ -n "$ieee80211w_retry_timeout" ] && \ |
append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" |
} |
;; |
esac |
fi |
|
_macfile="/var/run/hostapd-$ifname.maclist" |
case "$macfilter" in |
allow) |
append bss_conf "macaddr_acl=1" "$N" |
append bss_conf "accept_mac_file=$_macfile" "$N" |
# accept_mac_file can be used to set MAC to VLAN ID mapping |
vlan_possible=1 |
;; |
deny) |
append bss_conf "macaddr_acl=0" "$N" |
append bss_conf "deny_mac_file=$_macfile" "$N" |
;; |
*) |
_macfile="" |
;; |
esac |
|
[ -n "$_macfile" ] && { |
json_get_vars macfile |
json_get_values maclist maclist |
|
rm -f "$_macfile" |
( |
for mac in $maclist; do |
echo "$mac" |
done |
[ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" |
) > "$_macfile" |
} |
|
[ -n "$vlan_possible" -a -n "$dynamic_vlan" ] && { |
json_get_vars vlan_naming vlan_tagged_interface vlan_bridge vlan_file |
set_default vlan_naming 1 |
append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" |
append bss_conf "vlan_naming=$vlan_naming" "$N" |
[ -n "$vlan_bridge" ] && \ |
append bss_conf "vlan_bridge=$vlan_bridge" "$N" |
[ -n "$vlan_tagged_interface" ] && \ |
append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" |
[ -n "$vlan_file" ] && { |
[ -e "$vlan_file" ] || touch "$vlan_file" |
append bss_conf "vlan_file=$vlan_file" "$N" |
} |
} |
|
append "$var" "$bss_conf" "$N" |
return 0 |
} |
|
hostapd_set_log_options() { |
local var="$1" |
|
local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme |
|
set_default log_level 2 |
set_default log_80211 1 |
set_default log_8021x 1 |
set_default log_radius 1 |
set_default log_wpa 1 |
set_default log_driver 1 |
set_default log_iapp 1 |
set_default log_mlme 1 |
|
local log_mask=$(( \ |
($log_80211 << 0) | \ |
($log_8021x << 1) | \ |
($log_radius << 2) | \ |
($log_wpa << 3) | \ |
($log_driver << 4) | \ |
($log_iapp << 5) | \ |
($log_mlme << 6) \ |
)) |
|
append "$var" "logger_syslog=$log_mask" "$N" |
append "$var" "logger_syslog_level=$log_level" "$N" |
append "$var" "logger_stdout=$log_mask" "$N" |
append "$var" "logger_stdout_level=$log_level" "$N" |
|
return 0 |
} |
|
_wpa_supplicant_common() { |
local ifname="$1" |
|
_rpath="/var/run/wpa_supplicant" |
_config="${_rpath}-$ifname.conf" |
} |
|
wpa_supplicant_teardown_interface() { |
_wpa_supplicant_common "$1" |
rm -rf "$_rpath/$1" "$_config" |
} |
|
wpa_supplicant_prepare_interface() { |
local ifname="$1" |
_w_driver="$2" |
|
_wpa_supplicant_common "$1" |
|
json_get_vars mode wds multi_ap |
|
[ -n "$network_bridge" ] && { |
fail= |
case "$mode" in |
adhoc) |
fail=1 |
;; |
sta) |
[ "$wds" = 1 -o "$multi_ap" = 1 ] || fail=1 |
;; |
esac |
|
[ -n "$fail" ] && { |
wireless_setup_vif_failed BRIDGE_NOT_ALLOWED |
return 1 |
} |
} |
|
local ap_scan= |
|
_w_mode="$mode" |
_w_modestr= |
|
[[ "$mode" = adhoc ]] && { |
ap_scan="ap_scan=2" |
|
_w_modestr="mode=1" |
} |
|
local country_str= |
[ -n "$country" ] && { |
country_str="country=$country" |
} |
|
multiap_flag_file="${_config}.is_multiap" |
if [ "$multi_ap" = "1" ]; then |
touch "$multiap_flag_file" |
else |
[ -e "$multiap_flag_file" ] && rm "$multiap_flag_file" |
fi |
wpa_supplicant_teardown_interface "$ifname" |
cat > "$_config" <<EOF |
$ap_scan |
$country_str |
EOF |
return 0 |
} |
|
wpa_supplicant_set_fixed_freq() { |
local freq="$1" |
local htmode="$2" |
|
append network_data "fixed_freq=1" "$N$T" |
append network_data "frequency=$freq" "$N$T" |
case "$htmode" in |
NOHT) append network_data "disable_ht=1" "$N$T";; |
HT20|VHT20) append network_data "disable_ht40=1" "$N$T";; |
HT40*|VHT40*|VHT80*|VHT160*) append network_data "ht40=1" "$N$T";; |
esac |
case "$htmode" in |
VHT*) append network_data "vht=1" "$N$T";; |
esac |
case "$htmode" in |
VHT80) append network_data "max_oper_chwidth=1" "$N$T";; |
VHT160) append network_data "max_oper_chwidth=2" "$N$T";; |
*) append network_data "max_oper_chwidth=0" "$N$T";; |
esac |
} |
|
wpa_supplicant_add_network() { |
local ifname="$1" |
local freq="$2" |
local htmode="$3" |
local noscan="$4" |
|
_wpa_supplicant_common "$1" |
wireless_vif_parse_encryption |
|
json_get_vars \ |
ssid bssid key \ |
basic_rate mcast_rate \ |
ieee80211w ieee80211r \ |
multi_ap |
|
set_default ieee80211r 0 |
set_default multi_ap 0 |
|
local key_mgmt='NONE' |
local enc_str= |
local network_data= |
local T=" " |
|
local scan_ssid="scan_ssid=1" |
local freq wpa_key_mgmt |
|
[[ "$_w_mode" = "adhoc" ]] && { |
append network_data "mode=1" "$N$T" |
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
|
scan_ssid="scan_ssid=0" |
|
[ "$_w_driver" = "nl80211" ] || append wpa_key_mgmt "WPA-NONE" |
} |
|
[[ "$_w_mode" = "mesh" ]] && { |
json_get_vars mesh_id mesh_fwding mesh_rssi_threshold |
[ -n "$mesh_id" ] && ssid="${mesh_id}" |
|
append network_data "mode=5" "$N$T" |
[ -n "$mesh_fwding" ] && append network_data "mesh_fwding=${mesh_fwding}" "$N$T" |
[ -n "$mesh_rssi_threshold" ] && append network_data "mesh_rssi_threshold=${mesh_rssi_threshold}" "$N$T" |
[ -n "$freq" ] && wpa_supplicant_set_fixed_freq "$freq" "$htmode" |
[ "$noscan" = "1" ] && append network_data "noscan=1" "$N$T" |
append wpa_key_mgmt "SAE" |
scan_ssid="" |
} |
|
[ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T" |
|
[ "$multi_ap" = 1 -a "$_w_mode" = "sta" ] && append network_data "multi_ap_backhaul_sta=1" "$N$T" |
|
case "$auth_type" in |
none) ;; |
owe) |
hostapd_append_wpa_key_mgmt |
;; |
wep) |
local wep_keyidx=0 |
hostapd_append_wep_key network_data |
append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" |
;; |
wps) |
key_mgmt='WPS' |
;; |
psk|sae|psk-sae) |
local passphrase |
|
if [ "$_w_mode" != "mesh" ]; then |
hostapd_append_wpa_key_mgmt |
fi |
|
key_mgmt="$wpa_key_mgmt" |
|
if [ ${#key} -eq 64 ]; then |
passphrase="psk=${key}" |
else |
if [ "$_w_mode" = "mesh" ]; then |
passphrase="sae_password=\"${key}\"" |
else |
passphrase="psk=\"${key}\"" |
fi |
fi |
append network_data "$passphrase" "$N$T" |
;; |
eap|eap192|eap-eap192) |
hostapd_append_wpa_key_mgmt |
key_mgmt="$wpa_key_mgmt" |
|
json_get_vars eap_type identity anonymous_identity ca_cert |
[ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" |
[ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T" |
[ -n "$anonymous_identity" ] && append network_data "anonymous_identity=\"$anonymous_identity\"" "$N$T" |
case "$eap_type" in |
tls) |
json_get_vars client_cert priv_key priv_key_pwd |
append network_data "client_cert=\"$client_cert\"" "$N$T" |
append network_data "private_key=\"$priv_key\"" "$N$T" |
append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" |
;; |
fast|peap|ttls) |
json_get_vars auth password ca_cert2 client_cert2 priv_key2 priv_key2_pwd |
set_default auth MSCHAPV2 |
|
if [ "$auth" = "EAP-TLS" ]; then |
[ -n "$ca_cert2" ] && |
append network_data "ca_cert2=\"$ca_cert2\"" "$N$T" |
append network_data "client_cert2=\"$client_cert2\"" "$N$T" |
append network_data "private_key2=\"$priv_key2\"" "$N$T" |
append network_data "private_key2_passwd=\"$priv_key2_pwd\"" "$N$T" |
else |
append network_data "password=\"$password\"" "$N$T" |
fi |
|
phase2proto="auth=" |
case "$auth" in |
"auth"*) |
phase2proto="" |
;; |
"EAP-"*) |
auth="$(echo $auth | cut -b 5- )" |
[ "$eap_type" = "ttls" ] && |
phase2proto="autheap=" |
;; |
esac |
append network_data "phase2=\"$phase2proto$auth\"" "$N$T" |
;; |
esac |
append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" |
;; |
esac |
|
[ "$mode" = mesh ] || { |
case "$wpa" in |
1) |
append network_data "proto=WPA" "$N$T" |
;; |
2) |
append network_data "proto=RSN" "$N$T" |
;; |
esac |
|
case "$ieee80211w" in |
[012]) |
[ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" |
;; |
esac |
} |
[ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" |
[ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T" |
|
local bssid_blacklist bssid_whitelist |
json_get_values bssid_blacklist bssid_blacklist |
json_get_values bssid_whitelist bssid_whitelist |
|
[ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T" |
[ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T" |
|
[ -n "$basic_rate" ] && { |
local br rate_list= |
for br in $basic_rate; do |
wpa_supplicant_add_rate rate_list "$br" |
done |
[ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" |
} |
|
[ -n "$mcast_rate" ] && { |
local mc_rate= |
wpa_supplicant_add_rate mc_rate "$mcast_rate" |
append network_data "mcast_rate=$mc_rate" "$N$T" |
} |
|
if [ "$key_mgnt" = "WPS" ]; then |
echo "wps_cred_processing=1" >> "$_config" |
else |
cat >> "$_config" <<EOF |
network={ |
$scan_ssid |
ssid="$ssid" |
key_mgmt=$key_mgmt |
$network_data |
} |
EOF |
fi |
return 0 |
} |
|
wpa_supplicant_run() { |
local ifname="$1"; shift |
|
_wpa_supplicant_common "$ifname" |
|
/usr/sbin/wpa_supplicant -B -s \ |
${network_bridge:+-b $network_bridge} \ |
-P "/var/run/wpa_supplicant-${ifname}.pid" \ |
-D ${_w_driver:-wext} \ |
-i "$ifname" \ |
-c "$_config" \ |
-C "$_rpath" \ |
"$@" |
|
ret="$?" |
wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1 |
|
[ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED |
|
return $ret |
} |
|
hostapd_common_cleanup() { |
killall hostapd wpa_supplicant meshd-nl80211 |
} |
/branches/18.06.1/package/network/services/hostapd/files/wpa_supplicant-basic.config |
@@ -0,0 +1,598 @@ |
# Example wpa_supplicant build time configuration |
# |
# This file lists the configuration options that are used when building the |
# wpa_supplicant binary. All lines starting with # are ignored. Configuration |
# option lines must be commented out complete, if they are not to be included, |
# i.e., just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cases, these lines should use += in order not |
# to override previous values of the variables. |
|
|
# Uncomment following two lines and fix the paths if you have installed OpenSSL |
# or GnuTLS in non-default location |
#CFLAGS += -I/usr/local/openssl/include |
#LIBS += -L/usr/local/openssl/lib |
|
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but |
# the kerberos files are not in the default include path. Following line can be |
# used to fix build issues on such systems (krb5.h not found). |
#CFLAGS += -I/usr/include/kerberos |
|
# Driver interface for generic Linux wireless extensions |
# Note: WEXT is deprecated in the current Linux kernel version and no new |
# functionality is added to it. nl80211-based interface is the new |
# replacement for WEXT and its use allows wpa_supplicant to properly control |
# the driver to improve existing functionality like roaming and to support new |
# functionality. |
CONFIG_DRIVER_WEXT=y |
|
# Driver interface for Linux drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for Windows NDIS |
#CONFIG_DRIVER_NDIS=y |
#CFLAGS += -I/usr/include/w32api/ddk |
#LIBS += -L/usr/local/lib |
# For native build using mingw |
#CONFIG_NATIVE_WINDOWS=y |
# Additional directories for cross-compilation on Linux host for mingw target |
#CFLAGS += -I/opt/mingw/mingw32/include/ddk |
#LIBS += -L/opt/mingw/mingw32/lib |
#CC=mingw32-gcc |
# By default, driver_ndis uses WinPcap for low-level operations. This can be |
# replaced with the following option which replaces WinPcap calls with NDISUIO. |
# However, this requires that WZC is disabled (net stop wzcsvc) before starting |
# wpa_supplicant. |
# CONFIG_USE_NDISUIO=y |
|
# Driver interface for wired Ethernet drivers |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for the Broadcom RoboSwitch family |
#CONFIG_DRIVER_ROBOSWITCH=y |
|
# Driver interface for no driver (e.g., WPS ER only) |
#CONFIG_DRIVER_NONE=y |
|
# Solaris libraries |
#LIBS += -lsocket -ldlpi -lnsl |
#LIBS_c += -lsocket |
|
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is |
# included) |
#CONFIG_IEEE8021X_EAPOL=y |
|
# EAP-MD5 |
#CONFIG_EAP_MD5=y |
|
# EAP-MSCHAPv2 |
#CONFIG_EAP_MSCHAPV2=y |
|
# EAP-TLS |
#CONFIG_EAP_TLS=y |
|
# EAL-PEAP |
#CONFIG_EAP_PEAP=y |
|
# EAP-TTLS |
#CONFIG_EAP_TTLS=y |
|
# EAP-FAST |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
#CONFIG_EAP_FAST=y |
|
# EAP-GTC |
#CONFIG_EAP_GTC=y |
|
# EAP-OTP |
#CONFIG_EAP_OTP=y |
|
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) |
#CONFIG_EAP_SIM=y |
|
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd (secure authentication using only a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-PAX |
#CONFIG_EAP_PAX=y |
|
# LEAP |
#CONFIG_EAP_LEAP=y |
|
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# Enable USIM simulator (Milenage) for EAP-AKA |
#CONFIG_USIM_SIMULATOR=y |
|
# EAP-SAKE |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-TNC and related Trusted Network Connect support (experimental) |
#CONFIG_EAP_TNC=y |
|
# Wi-Fi Protected Setup (WPS) |
#CONFIG_WPS=y |
# Enable WPS external registrar functionality |
#CONFIG_WPS_ER=y |
# Disable credentials for an open network by default when acting as a WPS |
# registrar. |
#CONFIG_WPS_REG_DISABLE_OPEN=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# EAP-EKE |
#CONFIG_EAP_EKE=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
#CONFIG_PKCS12=y |
|
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl |
# engine. |
#CONFIG_SMARTCARD=y |
|
# PC/SC interface for smartcards (USIM, GSM SIM) |
# Enable this if EAP-SIM or EAP-AKA is included |
#CONFIG_PCSC=y |
|
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) |
CONFIG_HT_OVERRIDES=y |
|
# Support VHT overrides (disable VHT, mask MCS rates, etc.) |
CONFIG_VHT_OVERRIDES=y |
|
# Development testing |
#CONFIG_EAPOL_TEST=y |
|
# Select control interface backend for external programs, e.g, wpa_cli: |
# unix = UNIX domain sockets (default for Linux/*BSD) |
# udp = UDP sockets using localhost (127.0.0.1) |
# udp6 = UDP IPv6 sockets using localhost (::1) |
# named_pipe = Windows Named Pipe (default for Windows) |
# udp-remote = UDP sockets with remote access (only for tests systems/purpose) |
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) |
# y = use default (backwards compatibility) |
# If this option is commented out, control interface is not included in the |
# build. |
CONFIG_CTRL_IFACE=y |
|
# Include support for GNU Readline and History Libraries in wpa_cli. |
# When building a wpa_cli binary for distribution, please note that these |
# libraries are licensed under GPL and as such, BSD license may not apply for |
# the resulting binary. |
#CONFIG_READLINE=y |
|
# Include internal line edit mode in wpa_cli. This can be used as a replacement |
# for GNU Readline to provide limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Remove debugging code that is printing out debug message to stdout. |
# This can be used to reduce the size of the wpa_supplicant considerably |
# if debugging code is not needed. The size reduction can be around 35% |
# (e.g., 90 kB). |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save |
# 35-50 kB in code size. |
#CONFIG_NO_WPA=y |
|
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support |
# This option can be used to reduce code size by removing support for |
# converting ASCII passphrases into PSK. If this functionality is removed, the |
# PSK can only be configured as the 64-octet hexstring (e.g., from |
# wpa_passphrase). This saves about 0.5 kB in code size. |
#CONFIG_NO_WPA_PASSPHRASE=y |
|
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. |
# This can be used if ap_scan=1 mode is never enabled. |
#CONFIG_NO_SCAN_PROCESSING=y |
|
# Select configuration backend: |
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file |
# path is given on command line, not here; this option is just used to |
# select the backend that allows configuration files to be used) |
# winreg = Windows registry (see win_example.reg for an example) |
CONFIG_BACKEND=file |
|
# Remove configuration write functionality (i.e., to allow the configuration |
# file to be updated based on runtime configuration changes). The runtime |
# configuration can still be changed, the changes are just not going to be |
# persistent over restarts. This option can be used to reduce code size by |
# about 3.5 kB. |
#CONFIG_NO_CONFIG_WRITE=y |
|
# Remove support for configuration blobs to reduce code size by about 1.5 kB. |
#CONFIG_NO_CONFIG_BLOBS=y |
|
# Select program entry point implementation: |
# main = UNIX/POSIX like main() function (default) |
# main_winsvc = Windows service (read parameters from registry) |
# main_none = Very basic example (development use only) |
#CONFIG_MAIN=main |
|
# Select wrapper for operating system and C library specific functions |
# unix = UNIX/POSIX like systems (default) |
# win32 = Windows systems |
# none = Empty template |
#CONFIG_OS=unix |
|
# Select event loop implementation |
# eloop = select() loop (default) |
# eloop_win = Windows events and WaitForMultipleObject() loop |
#CONFIG_ELOOP=eloop |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select layer 2 packet implementation |
# linux = Linux packet socket (default) |
# pcap = libpcap/libdnet/WinPcap |
# freebsd = FreeBSD libpcap |
# winpcap = WinPcap with receive thread |
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) |
# none = Empty template |
#CONFIG_L2_PACKET=linux |
|
# Disable Linux packet socket workaround applicable for station interface |
# in a bridge for EAPOL frames. This should be uncommented only if the kernel |
# is known to not have the regression issue in packet socket behavior with |
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). |
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y |
|
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) |
#CONFIG_PEERKEY=y |
|
# IEEE 802.11w (management frame protection), also known as PMF |
# Driver support is also needed for IEEE 802.11w. |
#CONFIG_IEEE80211W=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. It should be noted that some existing TLS v1.0 -based |
# implementation may not be compatible with TLS v1.1 message (ClientHello is |
# sent prior to negotiating which version will be used) |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. It should be |
# noted that some existing TLS v1.0 -based implementation may not be compatible |
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version |
# will be used) |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
#CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. |
# This is only for Windows builds and requires WMI-related header files and |
# WbemUuid.Lib from Platform SDK even when building with MinGW. |
#CONFIG_NDIS_EVENTS_INTEGRATED=y |
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" |
|
# Add support for old DBus control interface |
# (fi.epitest.hostap.WPASupplicant) |
#CONFIG_CTRL_IFACE_DBUS=y |
|
# Add support for new DBus control interface |
# (fi.w1.hostap.wpa_supplicant1) |
#CONFIG_CTRL_IFACE_DBUS_NEW=y |
|
# Add introspection support for new DBus control interface |
#CONFIG_CTRL_IFACE_DBUS_INTRO=y |
|
# Add support for loading EAP methods dynamically as shared libraries. |
# When this option is enabled, each EAP method can be either included |
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). |
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to |
# be loaded in the beginning of the wpa_supplicant configuration file |
# (see load_dynamic_eap parameter in the example file) before being used in |
# the network blocks. |
# |
# Note that some shared parts of EAP methods are included in the main program |
# and in order to be able to use dynamic EAP methods using these parts, the |
# main program must have been build with the EAP method enabled (=y or =dyn). |
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries |
# unless at least one of them was included in the main build to force inclusion |
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included |
# in the main build to be able to load these methods dynamically. |
# |
# Please also note that using dynamic libraries will increase the total binary |
# size. Thus, it may not be the best option for targets that have limited |
# amount of memory/flash. |
#CONFIG_DYNAMIC_EAP_METHODS=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode |
CONFIG_IEEE80211R=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies |
# CONFIG_IEEE80211R). |
#CONFIG_IEEE80211R_AP=y |
|
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
# Set syslog facility for debug messages |
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Add support for writing debug log to Android logcat instead of standard |
# output |
#CONFIG_ANDROID_LOG=y |
|
# Enable privilege separation (see README 'Privilege separation' for details) |
#CONFIG_PRIVSEP=y |
|
# Enable mitigation against certain attacks against TKIP by delaying Michael |
# MIC error reports by a random amount of time between 0 and 60 seconds |
#CONFIG_DELAYED_MIC_ERROR_REPORT=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, uncomment these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, uncomment these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# wpa_supplicant depends on strong random number generation being available |
# from the operating system. os_get_random() function is used to fetch random |
# data when needed, e.g., for key generation. On Linux and BSD systems, this |
# works by reading /dev/urandom. It should be noted that the OS entropy pool |
# needs to be properly initialized before wpa_supplicant is started. This is |
# important especially on embedded devices that do not have a hardware random |
# number generator and may by default start up with minimal entropy available |
# for random number generation. |
# |
# As a safety net, wpa_supplicant is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data fetched |
# from the OS. This by itself is not considered to be very strong, but it may |
# help in cases where the system pool is not initialized properly. However, it |
# is very strongly recommended that the system pool is initialized with enough |
# entropy either by using hardware assisted random number generator or by |
# storing state over device reboots. |
# |
# wpa_supplicant can be configured to maintain its own entropy store over |
# restarts to enhance random number generation. This is not perfect, but it is |
# much more secure than using the same sequence of random numbers after every |
# reboot. This can be enabled with -e<entropy file> command line option. The |
# specified file needs to be readable and writable by wpa_supplicant. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal wpa_supplicant random pool can be |
# disabled. This will save some in binary size and CPU use. However, this |
# should only be considered for builds that are known to be used on devices |
# that meet the requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# IEEE 802.11n (High Throughput) support (mainly for AP mode) |
#CONFIG_IEEE80211N=y |
|
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) |
# (depends on CONFIG_IEEE80211N) |
#CONFIG_IEEE80211AC=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
#CONFIG_WNM=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks (GAS/ANQP to learn more about the networks and network |
# selection based on available credentials). |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable interface matching in wpa_supplicant |
#CONFIG_MATCH_IFACE=y |
|
# Disable roaming in wpa_supplicant |
#CONFIG_NO_ROAMING=y |
|
# AP mode operations with wpa_supplicant |
# This can be used for controlling AP mode operations with wpa_supplicant. It |
# should be noted that this is mainly aimed at simple cases like |
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an |
# external RADIUS server can be supported with hostapd. |
#CONFIG_AP=y |
|
# P2P (Wi-Fi Direct) |
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for |
# more information on P2P operations. |
#CONFIG_P2P=y |
|
# Enable TDLS support |
#CONFIG_TDLS=y |
|
# Wi-Fi Direct |
# This can be used to enable Wi-Fi Direct extensions for P2P using an external |
# program to control the additional information exchanges in the messages. |
#CONFIG_WIFI_DISPLAY=y |
|
# Autoscan |
# This can be used to enable automatic scan support in wpa_supplicant. |
# See wpa_supplicant.conf for more information on autoscan usage. |
# |
# Enabling directly a module will enable autoscan support. |
# For exponential module: |
#CONFIG_AUTOSCAN_EXPONENTIAL=y |
# For periodic module: |
#CONFIG_AUTOSCAN_PERIODIC=y |
|
# Password (and passphrase, etc.) backend for external storage |
# These optional mechanisms can be used to add support for storing passwords |
# and other secrets in external (to wpa_supplicant) location. This allows, for |
# example, operating system specific key storage to be used |
# |
# External password backend for testing purposes (developer use) |
#CONFIG_EXT_PASSWORD_TEST=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# OS X builds. This is only for building eapol_test. |
#CONFIG_OSX=y |
|
# Automatic Channel Selection |
# This will allow wpa_supplicant to pick the channel automatically when channel |
# is set to "0". |
# |
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative |
# to "channel=0". This would enable us to eventually add other ACS algorithms in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with |
# a newly to create wpa_supplicant.conf variable acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
#CONFIG_ACS=y |
|
# Support Multi Band Operation |
#CONFIG_MBO=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Support RSN on IBSS networks |
# This is needed to be able to use mode=1 network profile with proto=RSN and |
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). |
#CONFIG_IBSS_RSN=y |
|
# External PMKSA cache control |
# This can be used to enable control interface commands that allow the current |
# PMKSA cache entries to be fetched and new entries to be added. |
#CONFIG_PMKSA_CACHE_EXTERNAL=y |
|
# Mesh Networking (IEEE 802.11s) |
#CONFIG_MESH=y |
|
# Background scanning modules |
# These can be used to request wpa_supplicant to perform background scanning |
# operations for roaming within an ESS (same SSID). See the bgscan parameter in |
# the wpa_supplicant.conf file for more details. |
# Periodic background scans based on signal strength |
#CONFIG_BGSCAN_SIMPLE=y |
# Learn channels used by the network and try to avoid bgscans on other |
# channels (experimental) |
#CONFIG_BGSCAN_LEARN=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/wpa_supplicant-full.config |
@@ -0,0 +1,600 @@ |
# Example wpa_supplicant build time configuration |
# |
# This file lists the configuration options that are used when building the |
# wpa_supplicant binary. All lines starting with # are ignored. Configuration |
# option lines must be commented out complete, if they are not to be included, |
# i.e., just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cases, these lines should use += in order not |
# to override previous values of the variables. |
|
|
# Uncomment following two lines and fix the paths if you have installed OpenSSL |
# or GnuTLS in non-default location |
#CFLAGS += -I/usr/local/openssl/include |
#LIBS += -L/usr/local/openssl/lib |
|
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but |
# the kerberos files are not in the default include path. Following line can be |
# used to fix build issues on such systems (krb5.h not found). |
#CFLAGS += -I/usr/include/kerberos |
|
# Driver interface for generic Linux wireless extensions |
# Note: WEXT is deprecated in the current Linux kernel version and no new |
# functionality is added to it. nl80211-based interface is the new |
# replacement for WEXT and its use allows wpa_supplicant to properly control |
# the driver to improve existing functionality like roaming and to support new |
# functionality. |
CONFIG_DRIVER_WEXT=y |
|
# Driver interface for Linux drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for Windows NDIS |
#CONFIG_DRIVER_NDIS=y |
#CFLAGS += -I/usr/include/w32api/ddk |
#LIBS += -L/usr/local/lib |
# For native build using mingw |
#CONFIG_NATIVE_WINDOWS=y |
# Additional directories for cross-compilation on Linux host for mingw target |
#CFLAGS += -I/opt/mingw/mingw32/include/ddk |
#LIBS += -L/opt/mingw/mingw32/lib |
#CC=mingw32-gcc |
# By default, driver_ndis uses WinPcap for low-level operations. This can be |
# replaced with the following option which replaces WinPcap calls with NDISUIO. |
# However, this requires that WZC is disabled (net stop wzcsvc) before starting |
# wpa_supplicant. |
# CONFIG_USE_NDISUIO=y |
|
# Driver interface for wired Ethernet drivers |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for MACsec capable Qualcomm Atheros drivers |
#CONFIG_DRIVER_MACSEC_QCA=y |
|
# Driver interface for Linux MACsec drivers |
#CONFIG_DRIVER_MACSEC_LINUX=y |
|
# Driver interface for the Broadcom RoboSwitch family |
#CONFIG_DRIVER_ROBOSWITCH=y |
|
# Driver interface for no driver (e.g., WPS ER only) |
#CONFIG_DRIVER_NONE=y |
|
# Solaris libraries |
#LIBS += -lsocket -ldlpi -lnsl |
#LIBS_c += -lsocket |
|
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or |
# MACsec is included) |
CONFIG_IEEE8021X_EAPOL=y |
|
# EAP-MD5 |
CONFIG_EAP_MD5=y |
|
# EAP-MSCHAPv2 |
CONFIG_EAP_MSCHAPV2=y |
|
# EAP-TLS |
CONFIG_EAP_TLS=y |
|
# EAL-PEAP |
CONFIG_EAP_PEAP=y |
|
# EAP-TTLS |
CONFIG_EAP_TTLS=y |
|
# EAP-FAST |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
CONFIG_EAP_FAST=y |
|
# EAP-GTC |
CONFIG_EAP_GTC=y |
|
# EAP-OTP |
CONFIG_EAP_OTP=y |
|
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) |
#CONFIG_EAP_SIM=y |
|
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd (secure authentication using only a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-PAX |
#CONFIG_EAP_PAX=y |
|
# LEAP |
CONFIG_EAP_LEAP=y |
|
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# Enable USIM simulator (Milenage) for EAP-AKA |
#CONFIG_USIM_SIMULATOR=y |
|
# EAP-SAKE |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-TNC and related Trusted Network Connect support (experimental) |
#CONFIG_EAP_TNC=y |
|
# Wi-Fi Protected Setup (WPS) |
CONFIG_WPS=y |
# Enable WPS external registrar functionality |
#CONFIG_WPS_ER=y |
# Disable credentials for an open network by default when acting as a WPS |
# registrar. |
#CONFIG_WPS_REG_DISABLE_OPEN=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# EAP-EKE |
#CONFIG_EAP_EKE=y |
|
# MACsec |
#CONFIG_MACSEC=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
CONFIG_PKCS12=y |
|
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl |
# engine. |
CONFIG_SMARTCARD=y |
|
# PC/SC interface for smartcards (USIM, GSM SIM) |
# Enable this if EAP-SIM or EAP-AKA is included |
#CONFIG_PCSC=y |
|
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) |
CONFIG_HT_OVERRIDES=y |
|
# Support VHT overrides (disable VHT, mask MCS rates, etc.) |
CONFIG_VHT_OVERRIDES=y |
|
# Development testing |
#CONFIG_EAPOL_TEST=y |
|
# Select control interface backend for external programs, e.g, wpa_cli: |
# unix = UNIX domain sockets (default for Linux/*BSD) |
# udp = UDP sockets using localhost (127.0.0.1) |
# udp6 = UDP IPv6 sockets using localhost (::1) |
# named_pipe = Windows Named Pipe (default for Windows) |
# udp-remote = UDP sockets with remote access (only for tests systems/purpose) |
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) |
# y = use default (backwards compatibility) |
# If this option is commented out, control interface is not included in the |
# build. |
CONFIG_CTRL_IFACE=y |
|
# Include support for GNU Readline and History Libraries in wpa_cli. |
# When building a wpa_cli binary for distribution, please note that these |
# libraries are licensed under GPL and as such, BSD license may not apply for |
# the resulting binary. |
#CONFIG_READLINE=y |
|
# Include internal line edit mode in wpa_cli. This can be used as a replacement |
# for GNU Readline to provide limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Remove debugging code that is printing out debug message to stdout. |
# This can be used to reduce the size of the wpa_supplicant considerably |
# if debugging code is not needed. The size reduction can be around 35% |
# (e.g., 90 kB). |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save |
# 35-50 kB in code size. |
#CONFIG_NO_WPA=y |
|
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support |
# This option can be used to reduce code size by removing support for |
# converting ASCII passphrases into PSK. If this functionality is removed, the |
# PSK can only be configured as the 64-octet hexstring (e.g., from |
# wpa_passphrase). This saves about 0.5 kB in code size. |
#CONFIG_NO_WPA_PASSPHRASE=y |
|
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. |
# This can be used if ap_scan=1 mode is never enabled. |
#CONFIG_NO_SCAN_PROCESSING=y |
|
# Select configuration backend: |
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file |
# path is given on command line, not here; this option is just used to |
# select the backend that allows configuration files to be used) |
# winreg = Windows registry (see win_example.reg for an example) |
CONFIG_BACKEND=file |
|
# Remove configuration write functionality (i.e., to allow the configuration |
# file to be updated based on runtime configuration changes). The runtime |
# configuration can still be changed, the changes are just not going to be |
# persistent over restarts. This option can be used to reduce code size by |
# about 3.5 kB. |
#CONFIG_NO_CONFIG_WRITE=y |
|
# Remove support for configuration blobs to reduce code size by about 1.5 kB. |
#CONFIG_NO_CONFIG_BLOBS=y |
|
# Select program entry point implementation: |
# main = UNIX/POSIX like main() function (default) |
# main_winsvc = Windows service (read parameters from registry) |
# main_none = Very basic example (development use only) |
#CONFIG_MAIN=main |
|
# Select wrapper for operating system and C library specific functions |
# unix = UNIX/POSIX like systems (default) |
# win32 = Windows systems |
# none = Empty template |
#CONFIG_OS=unix |
|
# Select event loop implementation |
# eloop = select() loop (default) |
# eloop_win = Windows events and WaitForMultipleObject() loop |
#CONFIG_ELOOP=eloop |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select layer 2 packet implementation |
# linux = Linux packet socket (default) |
# pcap = libpcap/libdnet/WinPcap |
# freebsd = FreeBSD libpcap |
# winpcap = WinPcap with receive thread |
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) |
# none = Empty template |
#CONFIG_L2_PACKET=linux |
|
# Disable Linux packet socket workaround applicable for station interface |
# in a bridge for EAPOL frames. This should be uncommented only if the kernel |
# is known to not have the regression issue in packet socket behavior with |
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). |
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y |
|
# IEEE 802.11w (management frame protection), also known as PMF |
# Driver support is also needed for IEEE 802.11w. |
#CONFIG_IEEE80211W=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. It should be noted that some existing TLS v1.0 -based |
# implementation may not be compatible with TLS v1.1 message (ClientHello is |
# sent prior to negotiating which version will be used) |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. It should be |
# noted that some existing TLS v1.0 -based implementation may not be compatible |
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version |
# will be used) |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. |
# This is only for Windows builds and requires WMI-related header files and |
# WbemUuid.Lib from Platform SDK even when building with MinGW. |
#CONFIG_NDIS_EVENTS_INTEGRATED=y |
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" |
|
# Add support for old DBus control interface |
# (fi.epitest.hostap.WPASupplicant) |
#CONFIG_CTRL_IFACE_DBUS=y |
|
# Add support for new DBus control interface |
# (fi.w1.hostap.wpa_supplicant1) |
#CONFIG_CTRL_IFACE_DBUS_NEW=y |
|
# Add introspection support for new DBus control interface |
#CONFIG_CTRL_IFACE_DBUS_INTRO=y |
|
# Add support for loading EAP methods dynamically as shared libraries. |
# When this option is enabled, each EAP method can be either included |
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). |
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to |
# be loaded in the beginning of the wpa_supplicant configuration file |
# (see load_dynamic_eap parameter in the example file) before being used in |
# the network blocks. |
# |
# Note that some shared parts of EAP methods are included in the main program |
# and in order to be able to use dynamic EAP methods using these parts, the |
# main program must have been build with the EAP method enabled (=y or =dyn). |
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries |
# unless at least one of them was included in the main build to force inclusion |
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included |
# in the main build to be able to load these methods dynamically. |
# |
# Please also note that using dynamic libraries will increase the total binary |
# size. Thus, it may not be the best option for targets that have limited |
# amount of memory/flash. |
#CONFIG_DYNAMIC_EAP_METHODS=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode |
CONFIG_IEEE80211R=y |
|
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
# Set syslog facility for debug messages |
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Add support for writing debug log to Android logcat instead of standard |
# output |
#CONFIG_ANDROID_LOG=y |
|
# Enable privilege separation (see README 'Privilege separation' for details) |
#CONFIG_PRIVSEP=y |
|
# Enable mitigation against certain attacks against TKIP by delaying Michael |
# MIC error reports by a random amount of time between 0 and 60 seconds |
#CONFIG_DELAYED_MIC_ERROR_REPORT=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, uncomment these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, uncomment these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# wpa_supplicant depends on strong random number generation being available |
# from the operating system. os_get_random() function is used to fetch random |
# data when needed, e.g., for key generation. On Linux and BSD systems, this |
# works by reading /dev/urandom. It should be noted that the OS entropy pool |
# needs to be properly initialized before wpa_supplicant is started. This is |
# important especially on embedded devices that do not have a hardware random |
# number generator and may by default start up with minimal entropy available |
# for random number generation. |
# |
# As a safety net, wpa_supplicant is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data fetched |
# from the OS. This by itself is not considered to be very strong, but it may |
# help in cases where the system pool is not initialized properly. However, it |
# is very strongly recommended that the system pool is initialized with enough |
# entropy either by using hardware assisted random number generator or by |
# storing state over device reboots. |
# |
# wpa_supplicant can be configured to maintain its own entropy store over |
# restarts to enhance random number generation. This is not perfect, but it is |
# much more secure than using the same sequence of random numbers after every |
# reboot. This can be enabled with -e<entropy file> command line option. The |
# specified file needs to be readable and writable by wpa_supplicant. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal wpa_supplicant random pool can be |
# disabled. This will save some in binary size and CPU use. However, this |
# should only be considered for builds that are known to be used on devices |
# that meet the requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# IEEE 802.11n (High Throughput) support (mainly for AP mode) |
#CONFIG_IEEE80211N=y |
|
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) |
# (depends on CONFIG_IEEE80211N) |
#CONFIG_IEEE80211AC=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
CONFIG_WNM=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks (GAS/ANQP to learn more about the networks and network |
# selection based on available credentials). |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable interface matching in wpa_supplicant |
#CONFIG_MATCH_IFACE=y |
|
# Disable roaming in wpa_supplicant |
#CONFIG_NO_ROAMING=y |
|
# AP mode operations with wpa_supplicant |
# This can be used for controlling AP mode operations with wpa_supplicant. It |
# should be noted that this is mainly aimed at simple cases like |
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an |
# external RADIUS server can be supported with hostapd. |
#CONFIG_AP=y |
|
# P2P (Wi-Fi Direct) |
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for |
# more information on P2P operations. |
#CONFIG_P2P=y |
|
# Enable TDLS support |
#CONFIG_TDLS=y |
|
# Wi-Fi Direct |
# This can be used to enable Wi-Fi Direct extensions for P2P using an external |
# program to control the additional information exchanges in the messages. |
#CONFIG_WIFI_DISPLAY=y |
|
# Autoscan |
# This can be used to enable automatic scan support in wpa_supplicant. |
# See wpa_supplicant.conf for more information on autoscan usage. |
# |
# Enabling directly a module will enable autoscan support. |
# For exponential module: |
#CONFIG_AUTOSCAN_EXPONENTIAL=y |
# For periodic module: |
#CONFIG_AUTOSCAN_PERIODIC=y |
|
# Password (and passphrase, etc.) backend for external storage |
# These optional mechanisms can be used to add support for storing passwords |
# and other secrets in external (to wpa_supplicant) location. This allows, for |
# example, operating system specific key storage to be used |
# |
# External password backend for testing purposes (developer use) |
#CONFIG_EXT_PASSWORD_TEST=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# OS X builds. This is only for building eapol_test. |
#CONFIG_OSX=y |
|
# Automatic Channel Selection |
# This will allow wpa_supplicant to pick the channel automatically when channel |
# is set to "0". |
# |
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative |
# to "channel=0". This would enable us to eventually add other ACS algorithms in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with |
# a newly to create wpa_supplicant.conf variable acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
#CONFIG_ACS=y |
|
# Support Multi Band Operation |
#CONFIG_MBO=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Support RSN on IBSS networks |
# This is needed to be able to use mode=1 network profile with proto=RSN and |
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). |
CONFIG_IBSS_RSN=y |
|
# External PMKSA cache control |
# This can be used to enable control interface commands that allow the current |
# PMKSA cache entries to be fetched and new entries to be added. |
#CONFIG_PMKSA_CACHE_EXTERNAL=y |
|
# Mesh Networking (IEEE 802.11s) |
#CONFIG_MESH=y |
|
# Background scanning modules |
# These can be used to request wpa_supplicant to perform background scanning |
# operations for roaming within an ESS (same SSID). See the bgscan parameter in |
# the wpa_supplicant.conf file for more details. |
# Periodic background scans based on signal strength |
#CONFIG_BGSCAN_SIMPLE=y |
# Learn channels used by the network and try to avoid bgscans on other |
# channels (experimental) |
#CONFIG_BGSCAN_LEARN=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/wpa_supplicant-mini.config |
@@ -0,0 +1,600 @@ |
# Example wpa_supplicant build time configuration |
# |
# This file lists the configuration options that are used when building the |
# wpa_supplicant binary. All lines starting with # are ignored. Configuration |
# option lines must be commented out complete, if they are not to be included, |
# i.e., just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cases, these lines should use += in order not |
# to override previous values of the variables. |
|
|
# Uncomment following two lines and fix the paths if you have installed OpenSSL |
# or GnuTLS in non-default location |
#CFLAGS += -I/usr/local/openssl/include |
#LIBS += -L/usr/local/openssl/lib |
|
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but |
# the kerberos files are not in the default include path. Following line can be |
# used to fix build issues on such systems (krb5.h not found). |
#CFLAGS += -I/usr/include/kerberos |
|
# Driver interface for generic Linux wireless extensions |
# Note: WEXT is deprecated in the current Linux kernel version and no new |
# functionality is added to it. nl80211-based interface is the new |
# replacement for WEXT and its use allows wpa_supplicant to properly control |
# the driver to improve existing functionality like roaming and to support new |
# functionality. |
CONFIG_DRIVER_WEXT=y |
|
# Driver interface for Linux drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for Windows NDIS |
#CONFIG_DRIVER_NDIS=y |
#CFLAGS += -I/usr/include/w32api/ddk |
#LIBS += -L/usr/local/lib |
# For native build using mingw |
#CONFIG_NATIVE_WINDOWS=y |
# Additional directories for cross-compilation on Linux host for mingw target |
#CFLAGS += -I/opt/mingw/mingw32/include/ddk |
#LIBS += -L/opt/mingw/mingw32/lib |
#CC=mingw32-gcc |
# By default, driver_ndis uses WinPcap for low-level operations. This can be |
# replaced with the following option which replaces WinPcap calls with NDISUIO. |
# However, this requires that WZC is disabled (net stop wzcsvc) before starting |
# wpa_supplicant. |
# CONFIG_USE_NDISUIO=y |
|
# Driver interface for wired Ethernet drivers |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for MACsec capable Qualcomm Atheros drivers |
#CONFIG_DRIVER_MACSEC_QCA=y |
|
# Driver interface for Linux MACsec drivers |
#CONFIG_DRIVER_MACSEC_LINUX=y |
|
# Driver interface for the Broadcom RoboSwitch family |
#CONFIG_DRIVER_ROBOSWITCH=y |
|
# Driver interface for no driver (e.g., WPS ER only) |
#CONFIG_DRIVER_NONE=y |
|
# Solaris libraries |
#LIBS += -lsocket -ldlpi -lnsl |
#LIBS_c += -lsocket |
|
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or |
# MACsec is included) |
#CONFIG_IEEE8021X_EAPOL=y |
|
# EAP-MD5 |
#CONFIG_EAP_MD5=y |
|
# EAP-MSCHAPv2 |
#CONFIG_EAP_MSCHAPV2=y |
|
# EAP-TLS |
#CONFIG_EAP_TLS=y |
|
# EAL-PEAP |
#CONFIG_EAP_PEAP=y |
|
# EAP-TTLS |
#CONFIG_EAP_TTLS=y |
|
# EAP-FAST |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
#CONFIG_EAP_FAST=y |
|
# EAP-GTC |
#CONFIG_EAP_GTC=y |
|
# EAP-OTP |
#CONFIG_EAP_OTP=y |
|
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) |
#CONFIG_EAP_SIM=y |
|
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd (secure authentication using only a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-PAX |
#CONFIG_EAP_PAX=y |
|
# LEAP |
#CONFIG_EAP_LEAP=y |
|
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# Enable USIM simulator (Milenage) for EAP-AKA |
#CONFIG_USIM_SIMULATOR=y |
|
# EAP-SAKE |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-TNC and related Trusted Network Connect support (experimental) |
#CONFIG_EAP_TNC=y |
|
# Wi-Fi Protected Setup (WPS) |
#CONFIG_WPS=y |
# Enable WPS external registrar functionality |
#CONFIG_WPS_ER=y |
# Disable credentials for an open network by default when acting as a WPS |
# registrar. |
#CONFIG_WPS_REG_DISABLE_OPEN=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# EAP-EKE |
#CONFIG_EAP_EKE=y |
|
# MACsec |
#CONFIG_MACSEC=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
#CONFIG_PKCS12=y |
|
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl |
# engine. |
#CONFIG_SMARTCARD=y |
|
# PC/SC interface for smartcards (USIM, GSM SIM) |
# Enable this if EAP-SIM or EAP-AKA is included |
#CONFIG_PCSC=y |
|
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) |
CONFIG_HT_OVERRIDES=y |
|
# Support VHT overrides (disable VHT, mask MCS rates, etc.) |
CONFIG_VHT_OVERRIDES=y |
|
# Development testing |
#CONFIG_EAPOL_TEST=y |
|
# Select control interface backend for external programs, e.g, wpa_cli: |
# unix = UNIX domain sockets (default for Linux/*BSD) |
# udp = UDP sockets using localhost (127.0.0.1) |
# udp6 = UDP IPv6 sockets using localhost (::1) |
# named_pipe = Windows Named Pipe (default for Windows) |
# udp-remote = UDP sockets with remote access (only for tests systems/purpose) |
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) |
# y = use default (backwards compatibility) |
# If this option is commented out, control interface is not included in the |
# build. |
CONFIG_CTRL_IFACE=y |
|
# Include support for GNU Readline and History Libraries in wpa_cli. |
# When building a wpa_cli binary for distribution, please note that these |
# libraries are licensed under GPL and as such, BSD license may not apply for |
# the resulting binary. |
#CONFIG_READLINE=y |
|
# Include internal line edit mode in wpa_cli. This can be used as a replacement |
# for GNU Readline to provide limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Remove debugging code that is printing out debug message to stdout. |
# This can be used to reduce the size of the wpa_supplicant considerably |
# if debugging code is not needed. The size reduction can be around 35% |
# (e.g., 90 kB). |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save |
# 35-50 kB in code size. |
#CONFIG_NO_WPA=y |
|
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support |
# This option can be used to reduce code size by removing support for |
# converting ASCII passphrases into PSK. If this functionality is removed, the |
# PSK can only be configured as the 64-octet hexstring (e.g., from |
# wpa_passphrase). This saves about 0.5 kB in code size. |
#CONFIG_NO_WPA_PASSPHRASE=y |
|
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. |
# This can be used if ap_scan=1 mode is never enabled. |
#CONFIG_NO_SCAN_PROCESSING=y |
|
# Select configuration backend: |
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file |
# path is given on command line, not here; this option is just used to |
# select the backend that allows configuration files to be used) |
# winreg = Windows registry (see win_example.reg for an example) |
CONFIG_BACKEND=file |
|
# Remove configuration write functionality (i.e., to allow the configuration |
# file to be updated based on runtime configuration changes). The runtime |
# configuration can still be changed, the changes are just not going to be |
# persistent over restarts. This option can be used to reduce code size by |
# about 3.5 kB. |
#CONFIG_NO_CONFIG_WRITE=y |
|
# Remove support for configuration blobs to reduce code size by about 1.5 kB. |
#CONFIG_NO_CONFIG_BLOBS=y |
|
# Select program entry point implementation: |
# main = UNIX/POSIX like main() function (default) |
# main_winsvc = Windows service (read parameters from registry) |
# main_none = Very basic example (development use only) |
#CONFIG_MAIN=main |
|
# Select wrapper for operating system and C library specific functions |
# unix = UNIX/POSIX like systems (default) |
# win32 = Windows systems |
# none = Empty template |
#CONFIG_OS=unix |
|
# Select event loop implementation |
# eloop = select() loop (default) |
# eloop_win = Windows events and WaitForMultipleObject() loop |
#CONFIG_ELOOP=eloop |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select layer 2 packet implementation |
# linux = Linux packet socket (default) |
# pcap = libpcap/libdnet/WinPcap |
# freebsd = FreeBSD libpcap |
# winpcap = WinPcap with receive thread |
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) |
# none = Empty template |
#CONFIG_L2_PACKET=linux |
|
# Disable Linux packet socket workaround applicable for station interface |
# in a bridge for EAPOL frames. This should be uncommented only if the kernel |
# is known to not have the regression issue in packet socket behavior with |
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). |
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y |
|
# IEEE 802.11w (management frame protection), also known as PMF |
# Driver support is also needed for IEEE 802.11w. |
#CONFIG_IEEE80211W=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. It should be noted that some existing TLS v1.0 -based |
# implementation may not be compatible with TLS v1.1 message (ClientHello is |
# sent prior to negotiating which version will be used) |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. It should be |
# noted that some existing TLS v1.0 -based implementation may not be compatible |
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version |
# will be used) |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
#CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. |
# This is only for Windows builds and requires WMI-related header files and |
# WbemUuid.Lib from Platform SDK even when building with MinGW. |
#CONFIG_NDIS_EVENTS_INTEGRATED=y |
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" |
|
# Add support for old DBus control interface |
# (fi.epitest.hostap.WPASupplicant) |
#CONFIG_CTRL_IFACE_DBUS=y |
|
# Add support for new DBus control interface |
# (fi.w1.hostap.wpa_supplicant1) |
#CONFIG_CTRL_IFACE_DBUS_NEW=y |
|
# Add introspection support for new DBus control interface |
#CONFIG_CTRL_IFACE_DBUS_INTRO=y |
|
# Add support for loading EAP methods dynamically as shared libraries. |
# When this option is enabled, each EAP method can be either included |
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). |
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to |
# be loaded in the beginning of the wpa_supplicant configuration file |
# (see load_dynamic_eap parameter in the example file) before being used in |
# the network blocks. |
# |
# Note that some shared parts of EAP methods are included in the main program |
# and in order to be able to use dynamic EAP methods using these parts, the |
# main program must have been build with the EAP method enabled (=y or =dyn). |
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries |
# unless at least one of them was included in the main build to force inclusion |
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included |
# in the main build to be able to load these methods dynamically. |
# |
# Please also note that using dynamic libraries will increase the total binary |
# size. Thus, it may not be the best option for targets that have limited |
# amount of memory/flash. |
#CONFIG_DYNAMIC_EAP_METHODS=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode |
#CONFIG_IEEE80211R=y |
|
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
# Set syslog facility for debug messages |
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Add support for writing debug log to Android logcat instead of standard |
# output |
#CONFIG_ANDROID_LOG=y |
|
# Enable privilege separation (see README 'Privilege separation' for details) |
#CONFIG_PRIVSEP=y |
|
# Enable mitigation against certain attacks against TKIP by delaying Michael |
# MIC error reports by a random amount of time between 0 and 60 seconds |
#CONFIG_DELAYED_MIC_ERROR_REPORT=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, uncomment these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, uncomment these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# wpa_supplicant depends on strong random number generation being available |
# from the operating system. os_get_random() function is used to fetch random |
# data when needed, e.g., for key generation. On Linux and BSD systems, this |
# works by reading /dev/urandom. It should be noted that the OS entropy pool |
# needs to be properly initialized before wpa_supplicant is started. This is |
# important especially on embedded devices that do not have a hardware random |
# number generator and may by default start up with minimal entropy available |
# for random number generation. |
# |
# As a safety net, wpa_supplicant is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data fetched |
# from the OS. This by itself is not considered to be very strong, but it may |
# help in cases where the system pool is not initialized properly. However, it |
# is very strongly recommended that the system pool is initialized with enough |
# entropy either by using hardware assisted random number generator or by |
# storing state over device reboots. |
# |
# wpa_supplicant can be configured to maintain its own entropy store over |
# restarts to enhance random number generation. This is not perfect, but it is |
# much more secure than using the same sequence of random numbers after every |
# reboot. This can be enabled with -e<entropy file> command line option. The |
# specified file needs to be readable and writable by wpa_supplicant. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal wpa_supplicant random pool can be |
# disabled. This will save some in binary size and CPU use. However, this |
# should only be considered for builds that are known to be used on devices |
# that meet the requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# IEEE 802.11n (High Throughput) support (mainly for AP mode) |
#CONFIG_IEEE80211N=y |
|
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) |
# (depends on CONFIG_IEEE80211N) |
#CONFIG_IEEE80211AC=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
#CONFIG_WNM=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks (GAS/ANQP to learn more about the networks and network |
# selection based on available credentials). |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable interface matching in wpa_supplicant |
#CONFIG_MATCH_IFACE=y |
|
# Disable roaming in wpa_supplicant |
#CONFIG_NO_ROAMING=y |
|
# AP mode operations with wpa_supplicant |
# This can be used for controlling AP mode operations with wpa_supplicant. It |
# should be noted that this is mainly aimed at simple cases like |
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an |
# external RADIUS server can be supported with hostapd. |
#CONFIG_AP=y |
|
# P2P (Wi-Fi Direct) |
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for |
# more information on P2P operations. |
#CONFIG_P2P=y |
|
# Enable TDLS support |
#CONFIG_TDLS=y |
|
# Wi-Fi Direct |
# This can be used to enable Wi-Fi Direct extensions for P2P using an external |
# program to control the additional information exchanges in the messages. |
#CONFIG_WIFI_DISPLAY=y |
|
# Autoscan |
# This can be used to enable automatic scan support in wpa_supplicant. |
# See wpa_supplicant.conf for more information on autoscan usage. |
# |
# Enabling directly a module will enable autoscan support. |
# For exponential module: |
#CONFIG_AUTOSCAN_EXPONENTIAL=y |
# For periodic module: |
#CONFIG_AUTOSCAN_PERIODIC=y |
|
# Password (and passphrase, etc.) backend for external storage |
# These optional mechanisms can be used to add support for storing passwords |
# and other secrets in external (to wpa_supplicant) location. This allows, for |
# example, operating system specific key storage to be used |
# |
# External password backend for testing purposes (developer use) |
#CONFIG_EXT_PASSWORD_TEST=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# OS X builds. This is only for building eapol_test. |
#CONFIG_OSX=y |
|
# Automatic Channel Selection |
# This will allow wpa_supplicant to pick the channel automatically when channel |
# is set to "0". |
# |
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative |
# to "channel=0". This would enable us to eventually add other ACS algorithms in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with |
# a newly to create wpa_supplicant.conf variable acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
#CONFIG_ACS=y |
|
# Support Multi Band Operation |
#CONFIG_MBO=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Support RSN on IBSS networks |
# This is needed to be able to use mode=1 network profile with proto=RSN and |
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). |
#CONFIG_IBSS_RSN=y |
|
# External PMKSA cache control |
# This can be used to enable control interface commands that allow the current |
# PMKSA cache entries to be fetched and new entries to be added. |
#CONFIG_PMKSA_CACHE_EXTERNAL=y |
|
# Mesh Networking (IEEE 802.11s) |
#CONFIG_MESH=y |
|
# Background scanning modules |
# These can be used to request wpa_supplicant to perform background scanning |
# operations for roaming within an ESS (same SSID). See the bgscan parameter in |
# the wpa_supplicant.conf file for more details. |
# Periodic background scans based on signal strength |
#CONFIG_BGSCAN_SIMPLE=y |
# Learn channels used by the network and try to avoid bgscans on other |
# channels (experimental) |
#CONFIG_BGSCAN_LEARN=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |
/branches/18.06.1/package/network/services/hostapd/files/wpa_supplicant-p2p.config |
@@ -0,0 +1,600 @@ |
# Example wpa_supplicant build time configuration |
# |
# This file lists the configuration options that are used when building the |
# wpa_supplicant binary. All lines starting with # are ignored. Configuration |
# option lines must be commented out complete, if they are not to be included, |
# i.e., just setting VARIABLE=n is not disabling that variable. |
# |
# This file is included in Makefile, so variables like CFLAGS and LIBS can also |
# be modified from here. In most cases, these lines should use += in order not |
# to override previous values of the variables. |
|
|
# Uncomment following two lines and fix the paths if you have installed OpenSSL |
# or GnuTLS in non-default location |
#CFLAGS += -I/usr/local/openssl/include |
#LIBS += -L/usr/local/openssl/lib |
|
# Some Red Hat versions seem to include kerberos header files from OpenSSL, but |
# the kerberos files are not in the default include path. Following line can be |
# used to fix build issues on such systems (krb5.h not found). |
#CFLAGS += -I/usr/include/kerberos |
|
# Driver interface for generic Linux wireless extensions |
# Note: WEXT is deprecated in the current Linux kernel version and no new |
# functionality is added to it. nl80211-based interface is the new |
# replacement for WEXT and its use allows wpa_supplicant to properly control |
# the driver to improve existing functionality like roaming and to support new |
# functionality. |
CONFIG_DRIVER_WEXT=y |
|
# Driver interface for Linux drivers using the nl80211 kernel interface |
CONFIG_DRIVER_NL80211=y |
|
# QCA vendor extensions to nl80211 |
#CONFIG_DRIVER_NL80211_QCA=y |
|
# driver_nl80211.c requires libnl. If you are compiling it yourself |
# you may need to point hostapd to your version of libnl. |
# |
#CFLAGS += -I$<path to libnl include files> |
#LIBS += -L$<path to libnl library files> |
|
# Use libnl v2.0 (or 3.0) libraries. |
#CONFIG_LIBNL20=y |
|
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
#CONFIG_LIBNL32=y |
|
|
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
#CONFIG_DRIVER_BSD=y |
#CFLAGS += -I/usr/local/include |
#LIBS += -L/usr/local/lib |
#LIBS_p += -L/usr/local/lib |
#LIBS_c += -L/usr/local/lib |
|
# Driver interface for Windows NDIS |
#CONFIG_DRIVER_NDIS=y |
#CFLAGS += -I/usr/include/w32api/ddk |
#LIBS += -L/usr/local/lib |
# For native build using mingw |
#CONFIG_NATIVE_WINDOWS=y |
# Additional directories for cross-compilation on Linux host for mingw target |
#CFLAGS += -I/opt/mingw/mingw32/include/ddk |
#LIBS += -L/opt/mingw/mingw32/lib |
#CC=mingw32-gcc |
# By default, driver_ndis uses WinPcap for low-level operations. This can be |
# replaced with the following option which replaces WinPcap calls with NDISUIO. |
# However, this requires that WZC is disabled (net stop wzcsvc) before starting |
# wpa_supplicant. |
# CONFIG_USE_NDISUIO=y |
|
# Driver interface for wired Ethernet drivers |
CONFIG_DRIVER_WIRED=y |
|
# Driver interface for MACsec capable Qualcomm Atheros drivers |
#CONFIG_DRIVER_MACSEC_QCA=y |
|
# Driver interface for Linux MACsec drivers |
#CONFIG_DRIVER_MACSEC_LINUX=y |
|
# Driver interface for the Broadcom RoboSwitch family |
#CONFIG_DRIVER_ROBOSWITCH=y |
|
# Driver interface for no driver (e.g., WPS ER only) |
#CONFIG_DRIVER_NONE=y |
|
# Solaris libraries |
#LIBS += -lsocket -ldlpi -lnsl |
#LIBS_c += -lsocket |
|
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method or |
# MACsec is included) |
CONFIG_IEEE8021X_EAPOL=y |
|
# EAP-MD5 |
CONFIG_EAP_MD5=y |
|
# EAP-MSCHAPv2 |
CONFIG_EAP_MSCHAPV2=y |
|
# EAP-TLS |
CONFIG_EAP_TLS=y |
|
# EAL-PEAP |
CONFIG_EAP_PEAP=y |
|
# EAP-TTLS |
CONFIG_EAP_TTLS=y |
|
# EAP-FAST |
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
CONFIG_EAP_FAST=y |
|
# EAP-GTC |
CONFIG_EAP_GTC=y |
|
# EAP-OTP |
CONFIG_EAP_OTP=y |
|
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) |
#CONFIG_EAP_SIM=y |
|
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) |
#CONFIG_EAP_PSK=y |
|
# EAP-pwd (secure authentication using only a password) |
#CONFIG_EAP_PWD=y |
|
# EAP-PAX |
#CONFIG_EAP_PAX=y |
|
# LEAP |
CONFIG_EAP_LEAP=y |
|
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) |
#CONFIG_EAP_AKA=y |
|
# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). |
# This requires CONFIG_EAP_AKA to be enabled, too. |
#CONFIG_EAP_AKA_PRIME=y |
|
# Enable USIM simulator (Milenage) for EAP-AKA |
#CONFIG_USIM_SIMULATOR=y |
|
# EAP-SAKE |
#CONFIG_EAP_SAKE=y |
|
# EAP-GPSK |
#CONFIG_EAP_GPSK=y |
# Include support for optional SHA256 cipher suite in EAP-GPSK |
#CONFIG_EAP_GPSK_SHA256=y |
|
# EAP-TNC and related Trusted Network Connect support (experimental) |
#CONFIG_EAP_TNC=y |
|
# Wi-Fi Protected Setup (WPS) |
CONFIG_WPS=y |
# Enable WPS external registrar functionality |
#CONFIG_WPS_ER=y |
# Disable credentials for an open network by default when acting as a WPS |
# registrar. |
#CONFIG_WPS_REG_DISABLE_OPEN=y |
# Enable WPS support with NFC config method |
#CONFIG_WPS_NFC=y |
|
# EAP-IKEv2 |
#CONFIG_EAP_IKEV2=y |
|
# EAP-EKE |
#CONFIG_EAP_EKE=y |
|
# MACsec |
#CONFIG_MACSEC=y |
|
# PKCS#12 (PFX) support (used to read private key and certificate file from |
# a file that usually has extension .p12 or .pfx) |
CONFIG_PKCS12=y |
|
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl |
# engine. |
CONFIG_SMARTCARD=y |
|
# PC/SC interface for smartcards (USIM, GSM SIM) |
# Enable this if EAP-SIM or EAP-AKA is included |
#CONFIG_PCSC=y |
|
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) |
CONFIG_HT_OVERRIDES=y |
|
# Support VHT overrides (disable VHT, mask MCS rates, etc.) |
CONFIG_VHT_OVERRIDES=y |
|
# Development testing |
#CONFIG_EAPOL_TEST=y |
|
# Select control interface backend for external programs, e.g, wpa_cli: |
# unix = UNIX domain sockets (default for Linux/*BSD) |
# udp = UDP sockets using localhost (127.0.0.1) |
# udp6 = UDP IPv6 sockets using localhost (::1) |
# named_pipe = Windows Named Pipe (default for Windows) |
# udp-remote = UDP sockets with remote access (only for tests systems/purpose) |
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) |
# y = use default (backwards compatibility) |
# If this option is commented out, control interface is not included in the |
# build. |
CONFIG_CTRL_IFACE=y |
|
# Include support for GNU Readline and History Libraries in wpa_cli. |
# When building a wpa_cli binary for distribution, please note that these |
# libraries are licensed under GPL and as such, BSD license may not apply for |
# the resulting binary. |
#CONFIG_READLINE=y |
|
# Include internal line edit mode in wpa_cli. This can be used as a replacement |
# for GNU Readline to provide limited command line editing and history support. |
#CONFIG_WPA_CLI_EDIT=y |
|
# Remove debugging code that is printing out debug message to stdout. |
# This can be used to reduce the size of the wpa_supplicant considerably |
# if debugging code is not needed. The size reduction can be around 35% |
# (e.g., 90 kB). |
#CONFIG_NO_STDOUT_DEBUG=y |
|
# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save |
# 35-50 kB in code size. |
#CONFIG_NO_WPA=y |
|
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support |
# This option can be used to reduce code size by removing support for |
# converting ASCII passphrases into PSK. If this functionality is removed, the |
# PSK can only be configured as the 64-octet hexstring (e.g., from |
# wpa_passphrase). This saves about 0.5 kB in code size. |
#CONFIG_NO_WPA_PASSPHRASE=y |
|
# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. |
# This can be used if ap_scan=1 mode is never enabled. |
#CONFIG_NO_SCAN_PROCESSING=y |
|
# Select configuration backend: |
# file = text file (e.g., wpa_supplicant.conf; note: the configuration file |
# path is given on command line, not here; this option is just used to |
# select the backend that allows configuration files to be used) |
# winreg = Windows registry (see win_example.reg for an example) |
CONFIG_BACKEND=file |
|
# Remove configuration write functionality (i.e., to allow the configuration |
# file to be updated based on runtime configuration changes). The runtime |
# configuration can still be changed, the changes are just not going to be |
# persistent over restarts. This option can be used to reduce code size by |
# about 3.5 kB. |
#CONFIG_NO_CONFIG_WRITE=y |
|
# Remove support for configuration blobs to reduce code size by about 1.5 kB. |
#CONFIG_NO_CONFIG_BLOBS=y |
|
# Select program entry point implementation: |
# main = UNIX/POSIX like main() function (default) |
# main_winsvc = Windows service (read parameters from registry) |
# main_none = Very basic example (development use only) |
#CONFIG_MAIN=main |
|
# Select wrapper for operating system and C library specific functions |
# unix = UNIX/POSIX like systems (default) |
# win32 = Windows systems |
# none = Empty template |
#CONFIG_OS=unix |
|
# Select event loop implementation |
# eloop = select() loop (default) |
# eloop_win = Windows events and WaitForMultipleObject() loop |
#CONFIG_ELOOP=eloop |
|
# Should we use poll instead of select? Select is used by default. |
#CONFIG_ELOOP_POLL=y |
|
# Should we use epoll instead of select? Select is used by default. |
#CONFIG_ELOOP_EPOLL=y |
|
# Should we use kqueue instead of select? Select is used by default. |
#CONFIG_ELOOP_KQUEUE=y |
|
# Select layer 2 packet implementation |
# linux = Linux packet socket (default) |
# pcap = libpcap/libdnet/WinPcap |
# freebsd = FreeBSD libpcap |
# winpcap = WinPcap with receive thread |
# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) |
# none = Empty template |
#CONFIG_L2_PACKET=linux |
|
# Disable Linux packet socket workaround applicable for station interface |
# in a bridge for EAPOL frames. This should be uncommented only if the kernel |
# is known to not have the regression issue in packet socket behavior with |
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). |
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y |
|
# IEEE 802.11w (management frame protection), also known as PMF |
# Driver support is also needed for IEEE 802.11w. |
CONFIG_IEEE80211W=y |
|
# Select TLS implementation |
# openssl = OpenSSL (default) |
# gnutls = GnuTLS |
# internal = Internal TLSv1 implementation (experimental) |
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
# none = Empty template |
CONFIG_TLS=internal |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
# can be enabled to get a stronger construction of messages when block ciphers |
# are used. It should be noted that some existing TLS v1.0 -based |
# implementation may not be compatible with TLS v1.1 message (ClientHello is |
# sent prior to negotiating which version will be used) |
#CONFIG_TLSV11=y |
|
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
# can be enabled to enable use of stronger crypto algorithms. It should be |
# noted that some existing TLS v1.0 -based implementation may not be compatible |
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version |
# will be used) |
#CONFIG_TLSV12=y |
|
# Select which ciphers to use by default with OpenSSL if the user does not |
# specify them. |
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
# If CONFIG_TLS=internal is used, additional library and include paths are |
# needed for LibTomMath. Alternatively, an integrated, minimal version of |
# LibTomMath can be used. See beginning of libtommath.c for details on benefits |
# and drawbacks of this option. |
CONFIG_INTERNAL_LIBTOMMATH=y |
#ifndef CONFIG_INTERNAL_LIBTOMMATH |
#LTM_PATH=/usr/src/libtommath-0.39 |
#CFLAGS += -I$(LTM_PATH) |
#LIBS += -L$(LTM_PATH) |
#LIBS_p += -L$(LTM_PATH) |
#endif |
# At the cost of about 4 kB of additional binary size, the internal LibTomMath |
# can be configured to include faster routines for exptmod, sqr, and div to |
# speed up DH and RSA calculation considerably |
CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. |
# This is only for Windows builds and requires WMI-related header files and |
# WbemUuid.Lib from Platform SDK even when building with MinGW. |
#CONFIG_NDIS_EVENTS_INTEGRATED=y |
#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" |
|
# Add support for old DBus control interface |
# (fi.epitest.hostap.WPASupplicant) |
#CONFIG_CTRL_IFACE_DBUS=y |
|
# Add support for new DBus control interface |
# (fi.w1.hostap.wpa_supplicant1) |
#CONFIG_CTRL_IFACE_DBUS_NEW=y |
|
# Add introspection support for new DBus control interface |
#CONFIG_CTRL_IFACE_DBUS_INTRO=y |
|
# Add support for loading EAP methods dynamically as shared libraries. |
# When this option is enabled, each EAP method can be either included |
# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). |
# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to |
# be loaded in the beginning of the wpa_supplicant configuration file |
# (see load_dynamic_eap parameter in the example file) before being used in |
# the network blocks. |
# |
# Note that some shared parts of EAP methods are included in the main program |
# and in order to be able to use dynamic EAP methods using these parts, the |
# main program must have been build with the EAP method enabled (=y or =dyn). |
# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries |
# unless at least one of them was included in the main build to force inclusion |
# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included |
# in the main build to be able to load these methods dynamically. |
# |
# Please also note that using dynamic libraries will increase the total binary |
# size. Thus, it may not be the best option for targets that have limited |
# amount of memory/flash. |
#CONFIG_DYNAMIC_EAP_METHODS=y |
|
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode |
#CONFIG_IEEE80211R=y |
|
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) |
#CONFIG_DEBUG_FILE=y |
|
# Send debug messages to syslog instead of stdout |
CONFIG_DEBUG_SYSLOG=y |
# Set syslog facility for debug messages |
CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON |
|
# Add support for sending all debug messages (regardless of debug verbosity) |
# to the Linux kernel tracing facility. This helps debug the entire stack by |
# making it easy to record everything happening from the driver up into the |
# same file, e.g., using trace-cmd. |
#CONFIG_DEBUG_LINUX_TRACING=y |
|
# Add support for writing debug log to Android logcat instead of standard |
# output |
#CONFIG_ANDROID_LOG=y |
|
# Enable privilege separation (see README 'Privilege separation' for details) |
#CONFIG_PRIVSEP=y |
|
# Enable mitigation against certain attacks against TKIP by delaying Michael |
# MIC error reports by a random amount of time between 0 and 60 seconds |
#CONFIG_DELAYED_MIC_ERROR_REPORT=y |
|
# Enable tracing code for developer debugging |
# This tracks use of memory allocations and other registrations and reports |
# incorrect use with a backtrace of call (or allocation) location. |
#CONFIG_WPA_TRACE=y |
# For BSD, uncomment these. |
#LIBS += -lexecinfo |
#LIBS_p += -lexecinfo |
#LIBS_c += -lexecinfo |
|
# Use libbfd to get more details for developer debugging |
# This enables use of libbfd to get more detailed symbols for the backtraces |
# generated by CONFIG_WPA_TRACE=y. |
#CONFIG_WPA_TRACE_BFD=y |
# For BSD, uncomment these. |
#LIBS += -lbfd -liberty -lz |
#LIBS_p += -lbfd -liberty -lz |
#LIBS_c += -lbfd -liberty -lz |
|
# wpa_supplicant depends on strong random number generation being available |
# from the operating system. os_get_random() function is used to fetch random |
# data when needed, e.g., for key generation. On Linux and BSD systems, this |
# works by reading /dev/urandom. It should be noted that the OS entropy pool |
# needs to be properly initialized before wpa_supplicant is started. This is |
# important especially on embedded devices that do not have a hardware random |
# number generator and may by default start up with minimal entropy available |
# for random number generation. |
# |
# As a safety net, wpa_supplicant is by default trying to internally collect |
# additional entropy for generating random data to mix in with the data fetched |
# from the OS. This by itself is not considered to be very strong, but it may |
# help in cases where the system pool is not initialized properly. However, it |
# is very strongly recommended that the system pool is initialized with enough |
# entropy either by using hardware assisted random number generator or by |
# storing state over device reboots. |
# |
# wpa_supplicant can be configured to maintain its own entropy store over |
# restarts to enhance random number generation. This is not perfect, but it is |
# much more secure than using the same sequence of random numbers after every |
# reboot. This can be enabled with -e<entropy file> command line option. The |
# specified file needs to be readable and writable by wpa_supplicant. |
# |
# If the os_get_random() is known to provide strong random data (e.g., on |
# Linux/BSD, the board in question is known to have reliable source of random |
# data from /dev/urandom), the internal wpa_supplicant random pool can be |
# disabled. This will save some in binary size and CPU use. However, this |
# should only be considered for builds that are known to be used on devices |
# that meet the requirements described above. |
CONFIG_NO_RANDOM_POOL=y |
|
# IEEE 802.11n (High Throughput) support (mainly for AP mode) |
#CONFIG_IEEE80211N=y |
|
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) |
# (depends on CONFIG_IEEE80211N) |
#CONFIG_IEEE80211AC=y |
|
# Wireless Network Management (IEEE Std 802.11v-2011) |
# Note: This is experimental and not complete implementation. |
#CONFIG_WNM=y |
|
# Interworking (IEEE 802.11u) |
# This can be used to enable functionality to improve interworking with |
# external networks (GAS/ANQP to learn more about the networks and network |
# selection based on available credentials). |
#CONFIG_INTERWORKING=y |
|
# Hotspot 2.0 |
#CONFIG_HS20=y |
|
# Enable interface matching in wpa_supplicant |
#CONFIG_MATCH_IFACE=y |
|
# Disable roaming in wpa_supplicant |
#CONFIG_NO_ROAMING=y |
|
# AP mode operations with wpa_supplicant |
# This can be used for controlling AP mode operations with wpa_supplicant. It |
# should be noted that this is mainly aimed at simple cases like |
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an |
# external RADIUS server can be supported with hostapd. |
CONFIG_AP=y |
|
# P2P (Wi-Fi Direct) |
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for |
# more information on P2P operations. |
CONFIG_P2P=y |
|
# Enable TDLS support |
#CONFIG_TDLS=y |
|
# Wi-Fi Direct |
# This can be used to enable Wi-Fi Direct extensions for P2P using an external |
# program to control the additional information exchanges in the messages. |
#CONFIG_WIFI_DISPLAY=y |
|
# Autoscan |
# This can be used to enable automatic scan support in wpa_supplicant. |
# See wpa_supplicant.conf for more information on autoscan usage. |
# |
# Enabling directly a module will enable autoscan support. |
# For exponential module: |
#CONFIG_AUTOSCAN_EXPONENTIAL=y |
# For periodic module: |
#CONFIG_AUTOSCAN_PERIODIC=y |
|
# Password (and passphrase, etc.) backend for external storage |
# These optional mechanisms can be used to add support for storing passwords |
# and other secrets in external (to wpa_supplicant) location. This allows, for |
# example, operating system specific key storage to be used |
# |
# External password backend for testing purposes (developer use) |
#CONFIG_EXT_PASSWORD_TEST=y |
|
# Enable Fast Session Transfer (FST) |
#CONFIG_FST=y |
|
# Enable CLI commands for FST testing |
#CONFIG_FST_TEST=y |
|
# OS X builds. This is only for building eapol_test. |
#CONFIG_OSX=y |
|
# Automatic Channel Selection |
# This will allow wpa_supplicant to pick the channel automatically when channel |
# is set to "0". |
# |
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative |
# to "channel=0". This would enable us to eventually add other ACS algorithms in |
# similar way. |
# |
# Automatic selection is currently only done through initialization, later on |
# we hope to do background checks to keep us moving to more ideal channels as |
# time goes by. ACS is currently only supported through the nl80211 driver and |
# your driver must have survey dump capability that is filled by the driver |
# during scanning. |
# |
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with |
# a newly to create wpa_supplicant.conf variable acs_num_scans. |
# |
# Supported ACS drivers: |
# * ath9k |
# * ath5k |
# * ath10k |
# |
# For more details refer to: |
# http://wireless.kernel.org/en/users/Documentation/acs |
#CONFIG_ACS=y |
|
# Support Multi Band Operation |
#CONFIG_MBO=y |
|
# Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
# Note: This is an experimental and not yet complete implementation. This |
# should not be enabled for production use. |
#CONFIG_FILS=y |
# FILS shared key authentication with PFS |
#CONFIG_FILS_SK_PFS=y |
|
# Support RSN on IBSS networks |
# This is needed to be able to use mode=1 network profile with proto=RSN and |
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). |
CONFIG_IBSS_RSN=y |
|
# External PMKSA cache control |
# This can be used to enable control interface commands that allow the current |
# PMKSA cache entries to be fetched and new entries to be added. |
#CONFIG_PMKSA_CACHE_EXTERNAL=y |
|
# Mesh Networking (IEEE 802.11s) |
#CONFIG_MESH=y |
|
# Background scanning modules |
# These can be used to request wpa_supplicant to perform background scanning |
# operations for roaming within an ESS (same SSID). See the bgscan parameter in |
# the wpa_supplicant.conf file for more details. |
# Periodic background scans based on signal strength |
#CONFIG_BGSCAN_SIMPLE=y |
# Learn channels used by the network and try to avoid bgscans on other |
# channels (experimental) |
#CONFIG_BGSCAN_LEARN=y |
|
# Opportunistic Wireless Encryption (OWE) |
# Experimental implementation of draft-harkins-owe-07.txt |
#CONFIG_OWE=y |
|
# uBus IPC/RPC System |
# Services can connect to the bus and provide methods |
# that can be called by other services or clients. |
CONFIG_UBUS=y |