OpenWrt – Diff between revs 2 and 3
?pathlinks?
Rev 2 | Rev 3 | |||
---|---|---|---|---|
1 | # Example hostapd build time configuration |
1 | # Example hostapd build time configuration |
|
2 | # |
2 | # |
|
3 | # This file lists the configuration options that are used when building the |
3 | # This file lists the configuration options that are used when building the |
|
4 | # hostapd binary. All lines starting with # are ignored. Configuration option |
4 | # hostapd binary. All lines starting with # are ignored. Configuration option |
|
5 | # lines must be commented out complete, if they are not to be included, i.e., |
5 | # lines must be commented out complete, if they are not to be included, i.e., |
|
6 | # just setting VARIABLE=n is not disabling that variable. |
6 | # just setting VARIABLE=n is not disabling that variable. |
|
7 | # |
7 | # |
|
8 | # This file is included in Makefile, so variables like CFLAGS and LIBS can also |
8 | # This file is included in Makefile, so variables like CFLAGS and LIBS can also |
|
9 | # be modified from here. In most cass, these lines should use += in order not |
9 | # be modified from here. In most cass, these lines should use += in order not |
|
10 | # to override previous values of the variables. |
10 | # to override previous values of the variables. |
|
11 | |
11 | |
|
12 | # Driver interface for Host AP driver |
12 | # Driver interface for Host AP driver |
|
13 | #CONFIG_DRIVER_HOSTAP=y |
13 | #CONFIG_DRIVER_HOSTAP=y |
|
14 | |
14 | |
|
15 | # Driver interface for wired authenticator |
15 | # Driver interface for wired authenticator |
|
16 | CONFIG_DRIVER_WIRED=y |
16 | CONFIG_DRIVER_WIRED=y |
|
17 | |
17 | |
|
18 | # Driver interface for drivers using the nl80211 kernel interface |
18 | # Driver interface for drivers using the nl80211 kernel interface |
|
19 | CONFIG_DRIVER_NL80211=y |
19 | CONFIG_DRIVER_NL80211=y |
|
20 | |
20 | |
|
21 | # QCA vendor extensions to nl80211 |
21 | # QCA vendor extensions to nl80211 |
|
22 | #CONFIG_DRIVER_NL80211_QCA=y |
22 | #CONFIG_DRIVER_NL80211_QCA=y |
|
23 | |
23 | |
|
24 | # driver_nl80211.c requires libnl. If you are compiling it yourself |
24 | # driver_nl80211.c requires libnl. If you are compiling it yourself |
|
25 | # you may need to point hostapd to your version of libnl. |
25 | # you may need to point hostapd to your version of libnl. |
|
26 | # |
26 | # |
|
27 | #CFLAGS += -I$<path to libnl include files> |
27 | #CFLAGS += -I$<path to libnl include files> |
|
28 | #LIBS += -L$<path to libnl library files> |
28 | #LIBS += -L$<path to libnl library files> |
|
29 | |
29 | |
|
30 | # Use libnl v2.0 (or 3.0) libraries. |
30 | # Use libnl v2.0 (or 3.0) libraries. |
|
31 | #CONFIG_LIBNL20=y |
31 | #CONFIG_LIBNL20=y |
|
32 | |
32 | |
|
33 | # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
33 | # Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) |
|
34 | #CONFIG_LIBNL32=y |
34 | #CONFIG_LIBNL32=y |
|
35 | |
35 | |
|
36 | |
36 | |
|
37 | # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
37 | # Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) |
|
38 | #CONFIG_DRIVER_BSD=y |
38 | #CONFIG_DRIVER_BSD=y |
|
39 | #CFLAGS += -I/usr/local/include |
39 | #CFLAGS += -I/usr/local/include |
|
40 | #LIBS += -L/usr/local/lib |
40 | #LIBS += -L/usr/local/lib |
|
41 | #LIBS_p += -L/usr/local/lib |
41 | #LIBS_p += -L/usr/local/lib |
|
42 | #LIBS_c += -L/usr/local/lib |
42 | #LIBS_c += -L/usr/local/lib |
|
43 | |
43 | |
|
44 | # Driver interface for no driver (e.g., RADIUS server only) |
44 | # Driver interface for no driver (e.g., RADIUS server only) |
|
45 | #CONFIG_DRIVER_NONE=y |
45 | #CONFIG_DRIVER_NONE=y |
|
46 | |
46 | |
|
47 | # IEEE 802.11F/IAPP |
47 | # IEEE 802.11F/IAPP |
|
48 | CONFIG_IAPP=y |
48 | CONFIG_IAPP=y |
|
49 | |
49 | |
|
50 | # WPA2/IEEE 802.11i RSN pre-authentication |
50 | # WPA2/IEEE 802.11i RSN pre-authentication |
|
51 | CONFIG_RSN_PREAUTH=y |
51 | CONFIG_RSN_PREAUTH=y |
|
- | 52 | |
||
- | 53 | # PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) |
||
- | 54 | CONFIG_PEERKEY=y |
||
52 | |
55 | |
|
- | 56 | # IEEE 802.11w (management frame protection) |
||
53 | # IEEE 802.11w (management frame protection) |
57 | # Driver support is also needed for IEEE 802.11w. |
|
54 | #CONFIG_IEEE80211W=y |
58 | #CONFIG_IEEE80211W=y |
|
55 | |
59 | |
|
56 | # Integrated EAP server |
60 | # Integrated EAP server |
|
57 | CONFIG_EAP=y |
61 | CONFIG_EAP=y |
|
58 | |
62 | |
|
59 | # EAP Re-authentication Protocol (ERP) in integrated EAP server |
63 | # EAP Re-authentication Protocol (ERP) in integrated EAP server |
|
60 | #CONFIG_ERP=y |
64 | #CONFIG_ERP=y |
|
61 | |
65 | |
|
62 | # EAP-MD5 for the integrated EAP server |
66 | # EAP-MD5 for the integrated EAP server |
|
63 | CONFIG_EAP_MD5=y |
67 | CONFIG_EAP_MD5=y |
|
64 | |
68 | |
|
65 | # EAP-TLS for the integrated EAP server |
69 | # EAP-TLS for the integrated EAP server |
|
66 | CONFIG_EAP_TLS=y |
70 | CONFIG_EAP_TLS=y |
|
67 | |
71 | |
|
68 | # EAP-MSCHAPv2 for the integrated EAP server |
72 | # EAP-MSCHAPv2 for the integrated EAP server |
|
69 | CONFIG_EAP_MSCHAPV2=y |
73 | CONFIG_EAP_MSCHAPV2=y |
|
70 | |
74 | |
|
71 | # EAP-PEAP for the integrated EAP server |
75 | # EAP-PEAP for the integrated EAP server |
|
72 | CONFIG_EAP_PEAP=y |
76 | CONFIG_EAP_PEAP=y |
|
73 | |
77 | |
|
74 | # EAP-GTC for the integrated EAP server |
78 | # EAP-GTC for the integrated EAP server |
|
75 | CONFIG_EAP_GTC=y |
79 | CONFIG_EAP_GTC=y |
|
76 | |
80 | |
|
77 | # EAP-TTLS for the integrated EAP server |
81 | # EAP-TTLS for the integrated EAP server |
|
78 | CONFIG_EAP_TTLS=y |
82 | CONFIG_EAP_TTLS=y |
|
79 | |
83 | |
|
80 | # EAP-SIM for the integrated EAP server |
84 | # EAP-SIM for the integrated EAP server |
|
81 | #CONFIG_EAP_SIM=y |
85 | #CONFIG_EAP_SIM=y |
|
82 | |
86 | |
|
83 | # EAP-AKA for the integrated EAP server |
87 | # EAP-AKA for the integrated EAP server |
|
84 | #CONFIG_EAP_AKA=y |
88 | #CONFIG_EAP_AKA=y |
|
85 | |
89 | |
|
86 | # EAP-AKA' for the integrated EAP server |
90 | # EAP-AKA' for the integrated EAP server |
|
87 | # This requires CONFIG_EAP_AKA to be enabled, too. |
91 | # This requires CONFIG_EAP_AKA to be enabled, too. |
|
88 | #CONFIG_EAP_AKA_PRIME=y |
92 | #CONFIG_EAP_AKA_PRIME=y |
|
89 | |
93 | |
|
90 | # EAP-PAX for the integrated EAP server |
94 | # EAP-PAX for the integrated EAP server |
|
91 | #CONFIG_EAP_PAX=y |
95 | #CONFIG_EAP_PAX=y |
|
92 | |
96 | |
|
93 | # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) |
97 | # EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) |
|
94 | #CONFIG_EAP_PSK=y |
98 | #CONFIG_EAP_PSK=y |
|
95 | |
99 | |
|
96 | # EAP-pwd for the integrated EAP server (secure authentication with a password) |
100 | # EAP-pwd for the integrated EAP server (secure authentication with a password) |
|
97 | #CONFIG_EAP_PWD=y |
101 | #CONFIG_EAP_PWD=y |
|
98 | |
102 | |
|
99 | # EAP-SAKE for the integrated EAP server |
103 | # EAP-SAKE for the integrated EAP server |
|
100 | #CONFIG_EAP_SAKE=y |
104 | #CONFIG_EAP_SAKE=y |
|
101 | |
105 | |
|
102 | # EAP-GPSK for the integrated EAP server |
106 | # EAP-GPSK for the integrated EAP server |
|
103 | #CONFIG_EAP_GPSK=y |
107 | #CONFIG_EAP_GPSK=y |
|
104 | # Include support for optional SHA256 cipher suite in EAP-GPSK |
108 | # Include support for optional SHA256 cipher suite in EAP-GPSK |
|
105 | #CONFIG_EAP_GPSK_SHA256=y |
109 | #CONFIG_EAP_GPSK_SHA256=y |
|
106 | |
110 | |
|
107 | # EAP-FAST for the integrated EAP server |
111 | # EAP-FAST for the integrated EAP server |
|
108 | # Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
112 | # Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed |
|
109 | # for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
113 | # for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., |
|
110 | # with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
114 | # with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. |
|
111 | CONFIG_EAP_FAST=y |
115 | CONFIG_EAP_FAST=y |
|
112 | |
116 | |
|
113 | # Wi-Fi Protected Setup (WPS) |
117 | # Wi-Fi Protected Setup (WPS) |
|
114 | CONFIG_WPS=y |
118 | CONFIG_WPS=y |
|
115 | # Enable UPnP support for external WPS Registrars |
119 | # Enable UPnP support for external WPS Registrars |
|
116 | #CONFIG_WPS_UPNP=y |
120 | #CONFIG_WPS_UPNP=y |
|
117 | # Enable WPS support with NFC config method |
121 | # Enable WPS support with NFC config method |
|
118 | #CONFIG_WPS_NFC=y |
122 | #CONFIG_WPS_NFC=y |
|
119 | |
123 | |
|
120 | # EAP-IKEv2 |
124 | # EAP-IKEv2 |
|
121 | #CONFIG_EAP_IKEV2=y |
125 | #CONFIG_EAP_IKEV2=y |
|
122 | |
126 | |
|
123 | # Trusted Network Connect (EAP-TNC) |
127 | # Trusted Network Connect (EAP-TNC) |
|
124 | #CONFIG_EAP_TNC=y |
128 | #CONFIG_EAP_TNC=y |
|
125 | |
129 | |
|
126 | # EAP-EKE for the integrated EAP server |
130 | # EAP-EKE for the integrated EAP server |
|
127 | #CONFIG_EAP_EKE=y |
131 | #CONFIG_EAP_EKE=y |
|
128 | |
132 | |
|
129 | # PKCS#12 (PFX) support (used to read private key and certificate file from |
133 | # PKCS#12 (PFX) support (used to read private key and certificate file from |
|
130 | # a file that usually has extension .p12 or .pfx) |
134 | # a file that usually has extension .p12 or .pfx) |
|
131 | CONFIG_PKCS12=y |
135 | CONFIG_PKCS12=y |
|
132 | |
136 | |
|
133 | # RADIUS authentication server. This provides access to the integrated EAP |
137 | # RADIUS authentication server. This provides access to the integrated EAP |
|
134 | # server from external hosts using RADIUS. |
138 | # server from external hosts using RADIUS. |
|
135 | #CONFIG_RADIUS_SERVER=y |
139 | #CONFIG_RADIUS_SERVER=y |
|
136 | |
140 | |
|
137 | # Build IPv6 support for RADIUS operations |
141 | # Build IPv6 support for RADIUS operations |
|
138 | CONFIG_IPV6=y |
142 | CONFIG_IPV6=y |
|
139 | |
143 | |
|
140 | # IEEE Std 802.11r-2008 (Fast BSS Transition) |
144 | # IEEE Std 802.11r-2008 (Fast BSS Transition) |
|
141 | CONFIG_IEEE80211R=y |
145 | CONFIG_IEEE80211R=y |
|
142 | |
146 | |
|
143 | # Use the hostapd's IEEE 802.11 authentication (ACL), but without |
147 | # Use the hostapd's IEEE 802.11 authentication (ACL), but without |
|
144 | # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) |
148 | # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) |
|
145 | #CONFIG_DRIVER_RADIUS_ACL=y |
149 | #CONFIG_DRIVER_RADIUS_ACL=y |
|
146 | |
150 | |
|
147 | # IEEE 802.11n (High Throughput) support |
151 | # IEEE 802.11n (High Throughput) support |
|
148 | CONFIG_IEEE80211N=y |
152 | CONFIG_IEEE80211N=y |
|
149 | |
153 | |
|
150 | # Wireless Network Management (IEEE Std 802.11v-2011) |
154 | # Wireless Network Management (IEEE Std 802.11v-2011) |
|
151 | # Note: This is experimental and not complete implementation. |
155 | # Note: This is experimental and not complete implementation. |
|
152 | CONFIG_WNM=y |
156 | CONFIG_WNM=y |
|
153 | |
157 | |
|
154 | # IEEE 802.11ac (Very High Throughput) support |
158 | # IEEE 802.11ac (Very High Throughput) support |
|
155 | CONFIG_IEEE80211AC=y |
159 | CONFIG_IEEE80211AC=y |
|
156 | |
160 | |
|
157 | # IEEE 802.11ax HE support |
161 | # IEEE 802.11ax HE support |
|
158 | # Note: This is experimental and work in progress. The definitions are still |
162 | # Note: This is experimental and work in progress. The definitions are still |
|
159 | # subject to change and this should not be expected to interoperate with the |
163 | # subject to change and this should not be expected to interoperate with the |
|
160 | # final IEEE 802.11ax version. |
164 | # final IEEE 802.11ax version. |
|
161 | #CONFIG_IEEE80211AX=y |
165 | #CONFIG_IEEE80211AX=y |
|
162 | |
166 | |
|
163 | # Remove debugging code that is printing out debug messages to stdout. |
167 | # Remove debugging code that is printing out debug messages to stdout. |
|
164 | # This can be used to reduce the size of the hostapd considerably if debugging |
168 | # This can be used to reduce the size of the hostapd considerably if debugging |
|
165 | # code is not needed. |
169 | # code is not needed. |
|
166 | #CONFIG_NO_STDOUT_DEBUG=y |
170 | #CONFIG_NO_STDOUT_DEBUG=y |
|
167 | |
171 | |
|
168 | # Add support for writing debug log to a file: -f /tmp/hostapd.log |
172 | # Add support for writing debug log to a file: -f /tmp/hostapd.log |
|
169 | # Disabled by default. |
173 | # Disabled by default. |
|
170 | #CONFIG_DEBUG_FILE=y |
174 | #CONFIG_DEBUG_FILE=y |
|
171 | |
175 | |
|
172 | # Send debug messages to syslog instead of stdout |
176 | # Send debug messages to syslog instead of stdout |
|
173 | CONFIG_DEBUG_SYSLOG=y |
177 | CONFIG_DEBUG_SYSLOG=y |
|
174 | |
178 | |
|
175 | # Add support for sending all debug messages (regardless of debug verbosity) |
179 | # Add support for sending all debug messages (regardless of debug verbosity) |
|
176 | # to the Linux kernel tracing facility. This helps debug the entire stack by |
180 | # to the Linux kernel tracing facility. This helps debug the entire stack by |
|
177 | # making it easy to record everything happening from the driver up into the |
181 | # making it easy to record everything happening from the driver up into the |
|
178 | # same file, e.g., using trace-cmd. |
182 | # same file, e.g., using trace-cmd. |
|
179 | #CONFIG_DEBUG_LINUX_TRACING=y |
183 | #CONFIG_DEBUG_LINUX_TRACING=y |
|
180 | |
184 | |
|
181 | # Remove support for RADIUS accounting |
185 | # Remove support for RADIUS accounting |
|
182 | #CONFIG_NO_ACCOUNTING=y |
186 | #CONFIG_NO_ACCOUNTING=y |
|
183 | |
187 | |
|
184 | # Remove support for RADIUS |
188 | # Remove support for RADIUS |
|
185 | #CONFIG_NO_RADIUS=y |
189 | #CONFIG_NO_RADIUS=y |
|
186 | |
190 | |
|
187 | # Remove support for VLANs |
191 | # Remove support for VLANs |
|
188 | #CONFIG_NO_VLAN=y |
192 | #CONFIG_NO_VLAN=y |
|
189 | |
193 | |
|
190 | # Enable support for fully dynamic VLANs. This enables hostapd to |
194 | # Enable support for fully dynamic VLANs. This enables hostapd to |
|
191 | # automatically create bridge and VLAN interfaces if necessary. |
195 | # automatically create bridge and VLAN interfaces if necessary. |
|
192 | CONFIG_FULL_DYNAMIC_VLAN=y |
196 | CONFIG_FULL_DYNAMIC_VLAN=y |
|
193 | |
197 | |
|
194 | # Use netlink-based kernel API for VLAN operations instead of ioctl() |
198 | # Use netlink-based kernel API for VLAN operations instead of ioctl() |
|
195 | # Note: This requires libnl 3.1 or newer. |
199 | # Note: This requires libnl 3.1 or newer. |
|
196 | #CONFIG_VLAN_NETLINK=y |
200 | #CONFIG_VLAN_NETLINK=y |
|
197 | |
201 | |
|
198 | # Remove support for dumping internal state through control interface commands |
202 | # Remove support for dumping internal state through control interface commands |
|
199 | # This can be used to reduce binary size at the cost of disabling a debugging |
203 | # This can be used to reduce binary size at the cost of disabling a debugging |
|
200 | # option. |
204 | # option. |
|
201 | CONFIG_NO_DUMP_STATE=y |
205 | CONFIG_NO_DUMP_STATE=y |
|
202 | |
206 | |
|
203 | # Enable tracing code for developer debugging |
207 | # Enable tracing code for developer debugging |
|
204 | # This tracks use of memory allocations and other registrations and reports |
208 | # This tracks use of memory allocations and other registrations and reports |
|
205 | # incorrect use with a backtrace of call (or allocation) location. |
209 | # incorrect use with a backtrace of call (or allocation) location. |
|
206 | #CONFIG_WPA_TRACE=y |
210 | #CONFIG_WPA_TRACE=y |
|
207 | # For BSD, comment out these. |
211 | # For BSD, comment out these. |
|
208 | #LIBS += -lexecinfo |
212 | #LIBS += -lexecinfo |
|
209 | #LIBS_p += -lexecinfo |
213 | #LIBS_p += -lexecinfo |
|
210 | #LIBS_c += -lexecinfo |
214 | #LIBS_c += -lexecinfo |
|
211 | |
215 | |
|
212 | # Use libbfd to get more details for developer debugging |
216 | # Use libbfd to get more details for developer debugging |
|
213 | # This enables use of libbfd to get more detailed symbols for the backtraces |
217 | # This enables use of libbfd to get more detailed symbols for the backtraces |
|
214 | # generated by CONFIG_WPA_TRACE=y. |
218 | # generated by CONFIG_WPA_TRACE=y. |
|
215 | #CONFIG_WPA_TRACE_BFD=y |
219 | #CONFIG_WPA_TRACE_BFD=y |
|
216 | # For BSD, comment out these. |
220 | # For BSD, comment out these. |
|
217 | #LIBS += -lbfd -liberty -lz |
221 | #LIBS += -lbfd -liberty -lz |
|
218 | #LIBS_p += -lbfd -liberty -lz |
222 | #LIBS_p += -lbfd -liberty -lz |
|
219 | #LIBS_c += -lbfd -liberty -lz |
223 | #LIBS_c += -lbfd -liberty -lz |
|
220 | |
224 | |
|
221 | # hostapd depends on strong random number generation being available from the |
225 | # hostapd depends on strong random number generation being available from the |
|
222 | # operating system. os_get_random() function is used to fetch random data when |
226 | # operating system. os_get_random() function is used to fetch random data when |
|
223 | # needed, e.g., for key generation. On Linux and BSD systems, this works by |
227 | # needed, e.g., for key generation. On Linux and BSD systems, this works by |
|
224 | # reading /dev/urandom. It should be noted that the OS entropy pool needs to be |
228 | # reading /dev/urandom. It should be noted that the OS entropy pool needs to be |
|
225 | # properly initialized before hostapd is started. This is important especially |
229 | # properly initialized before hostapd is started. This is important especially |
|
226 | # on embedded devices that do not have a hardware random number generator and |
230 | # on embedded devices that do not have a hardware random number generator and |
|
227 | # may by default start up with minimal entropy available for random number |
231 | # may by default start up with minimal entropy available for random number |
|
228 | # generation. |
232 | # generation. |
|
229 | # |
233 | # |
|
230 | # As a safety net, hostapd is by default trying to internally collect |
234 | # As a safety net, hostapd is by default trying to internally collect |
|
231 | # additional entropy for generating random data to mix in with the data |
235 | # additional entropy for generating random data to mix in with the data |
|
232 | # fetched from the OS. This by itself is not considered to be very strong, but |
236 | # fetched from the OS. This by itself is not considered to be very strong, but |
|
233 | # it may help in cases where the system pool is not initialized properly. |
237 | # it may help in cases where the system pool is not initialized properly. |
|
234 | # However, it is very strongly recommended that the system pool is initialized |
238 | # However, it is very strongly recommended that the system pool is initialized |
|
235 | # with enough entropy either by using hardware assisted random number |
239 | # with enough entropy either by using hardware assisted random number |
|
236 | # generator or by storing state over device reboots. |
240 | # generator or by storing state over device reboots. |
|
237 | # |
241 | # |
|
238 | # hostapd can be configured to maintain its own entropy store over restarts to |
242 | # hostapd can be configured to maintain its own entropy store over restarts to |
|
239 | # enhance random number generation. This is not perfect, but it is much more |
243 | # enhance random number generation. This is not perfect, but it is much more |
|
240 | # secure than using the same sequence of random numbers after every reboot. |
244 | # secure than using the same sequence of random numbers after every reboot. |
|
241 | # This can be enabled with -e<entropy file> command line option. The specified |
245 | # This can be enabled with -e<entropy file> command line option. The specified |
|
242 | # file needs to be readable and writable by hostapd. |
246 | # file needs to be readable and writable by hostapd. |
|
243 | # |
247 | # |
|
244 | # If the os_get_random() is known to provide strong random data (e.g., on |
248 | # If the os_get_random() is known to provide strong random data (e.g., on |
|
245 | # Linux/BSD, the board in question is known to have reliable source of random |
249 | # Linux/BSD, the board in question is known to have reliable source of random |
|
246 | # data from /dev/urandom), the internal hostapd random pool can be disabled. |
250 | # data from /dev/urandom), the internal hostapd random pool can be disabled. |
|
247 | # This will save some in binary size and CPU use. However, this should only be |
251 | # This will save some in binary size and CPU use. However, this should only be |
|
248 | # considered for builds that are known to be used on devices that meet the |
252 | # considered for builds that are known to be used on devices that meet the |
|
249 | # requirements described above. |
253 | # requirements described above. |
|
250 | CONFIG_NO_RANDOM_POOL=y |
254 | CONFIG_NO_RANDOM_POOL=y |
|
251 | |
255 | |
|
252 | # Should we use poll instead of select? Select is used by default. |
256 | # Should we use poll instead of select? Select is used by default. |
|
253 | #CONFIG_ELOOP_POLL=y |
257 | #CONFIG_ELOOP_POLL=y |
|
254 | |
258 | |
|
255 | # Should we use epoll instead of select? Select is used by default. |
259 | # Should we use epoll instead of select? Select is used by default. |
|
256 | #CONFIG_ELOOP_EPOLL=y |
260 | #CONFIG_ELOOP_EPOLL=y |
|
257 | |
261 | |
|
258 | # Should we use kqueue instead of select? Select is used by default. |
262 | # Should we use kqueue instead of select? Select is used by default. |
|
259 | #CONFIG_ELOOP_KQUEUE=y |
263 | #CONFIG_ELOOP_KQUEUE=y |
|
260 | |
264 | |
|
261 | # Select TLS implementation |
265 | # Select TLS implementation |
|
262 | # openssl = OpenSSL (default) |
266 | # openssl = OpenSSL (default) |
|
263 | # gnutls = GnuTLS |
267 | # gnutls = GnuTLS |
|
264 | # internal = Internal TLSv1 implementation (experimental) |
268 | # internal = Internal TLSv1 implementation (experimental) |
|
265 | # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
269 | # linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) |
|
266 | # none = Empty template |
270 | # none = Empty template |
|
267 | CONFIG_TLS=internal |
271 | CONFIG_TLS=internal |
|
268 | |
272 | |
|
269 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
273 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) |
|
270 | # can be enabled to get a stronger construction of messages when block ciphers |
274 | # can be enabled to get a stronger construction of messages when block ciphers |
|
271 | # are used. |
275 | # are used. |
|
272 | #CONFIG_TLSV11=y |
276 | #CONFIG_TLSV11=y |
|
273 | |
277 | |
|
274 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
278 | # TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) |
|
275 | # can be enabled to enable use of stronger crypto algorithms. |
279 | # can be enabled to enable use of stronger crypto algorithms. |
|
276 | #CONFIG_TLSV12=y |
280 | #CONFIG_TLSV12=y |
|
277 | |
281 | |
|
278 | # Select which ciphers to use by default with OpenSSL if the user does not |
282 | # Select which ciphers to use by default with OpenSSL if the user does not |
|
279 | # specify them. |
283 | # specify them. |
|
280 | #CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
284 | #CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" |
|
281 | |
285 | |
|
282 | # If CONFIG_TLS=internal is used, additional library and include paths are |
286 | # If CONFIG_TLS=internal is used, additional library and include paths are |
|
283 | # needed for LibTomMath. Alternatively, an integrated, minimal version of |
287 | # needed for LibTomMath. Alternatively, an integrated, minimal version of |
|
284 | # LibTomMath can be used. See beginning of libtommath.c for details on benefits |
288 | # LibTomMath can be used. See beginning of libtommath.c for details on benefits |
|
285 | # and drawbacks of this option. |
289 | # and drawbacks of this option. |
|
286 | CONFIG_INTERNAL_LIBTOMMATH=y |
290 | CONFIG_INTERNAL_LIBTOMMATH=y |
|
287 | #ifndef CONFIG_INTERNAL_LIBTOMMATH |
291 | #ifndef CONFIG_INTERNAL_LIBTOMMATH |
|
288 | #LTM_PATH=/usr/src/libtommath-0.39 |
292 | #LTM_PATH=/usr/src/libtommath-0.39 |
|
289 | #CFLAGS += -I$(LTM_PATH) |
293 | #CFLAGS += -I$(LTM_PATH) |
|
290 | #LIBS += -L$(LTM_PATH) |
294 | #LIBS += -L$(LTM_PATH) |
|
291 | #LIBS_p += -L$(LTM_PATH) |
295 | #LIBS_p += -L$(LTM_PATH) |
|
292 | #endif |
296 | #endif |
|
293 | # At the cost of about 4 kB of additional binary size, the internal LibTomMath |
297 | # At the cost of about 4 kB of additional binary size, the internal LibTomMath |
|
294 | # can be configured to include faster routines for exptmod, sqr, and div to |
298 | # can be configured to include faster routines for exptmod, sqr, and div to |
|
295 | # speed up DH and RSA calculation considerably |
299 | # speed up DH and RSA calculation considerably |
|
296 | #CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
300 | #CONFIG_INTERNAL_LIBTOMMATH_FAST=y |
|
297 | |
301 | |
|
298 | # Interworking (IEEE 802.11u) |
302 | # Interworking (IEEE 802.11u) |
|
299 | # This can be used to enable functionality to improve interworking with |
303 | # This can be used to enable functionality to improve interworking with |
|
300 | # external networks. |
304 | # external networks. |
|
301 | #CONFIG_INTERWORKING=y |
305 | #CONFIG_INTERWORKING=y |
|
302 | |
306 | |
|
303 | # Hotspot 2.0 |
307 | # Hotspot 2.0 |
|
304 | #CONFIG_HS20=y |
308 | #CONFIG_HS20=y |
|
305 | |
309 | |
|
306 | # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file |
310 | # Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file |
|
307 | #CONFIG_SQLITE=y |
311 | #CONFIG_SQLITE=y |
|
308 | |
312 | |
|
309 | # Enable Fast Session Transfer (FST) |
313 | # Enable Fast Session Transfer (FST) |
|
310 | #CONFIG_FST=y |
314 | #CONFIG_FST=y |
|
311 | |
315 | |
|
312 | # Enable CLI commands for FST testing |
316 | # Enable CLI commands for FST testing |
|
313 | #CONFIG_FST_TEST=y |
317 | #CONFIG_FST_TEST=y |
|
314 | |
318 | |
|
315 | # Testing options |
319 | # Testing options |
|
316 | # This can be used to enable some testing options (see also the example |
320 | # This can be used to enable some testing options (see also the example |
|
317 | # configuration file) that are really useful only for testing clients that |
321 | # configuration file) that are really useful only for testing clients that |
|
318 | # connect to this hostapd. These options allow, for example, to drop a |
322 | # connect to this hostapd. These options allow, for example, to drop a |
|
319 | # certain percentage of probe requests or auth/(re)assoc frames. |
323 | # certain percentage of probe requests or auth/(re)assoc frames. |
|
320 | # |
324 | # |
|
321 | #CONFIG_TESTING_OPTIONS=y |
325 | #CONFIG_TESTING_OPTIONS=y |
|
322 | |
326 | |
|
323 | # Automatic Channel Selection |
327 | # Automatic Channel Selection |
|
324 | # This will allow hostapd to pick the channel automatically when channel is set |
328 | # This will allow hostapd to pick the channel automatically when channel is set |
|
325 | # to "acs_survey" or "0". Eventually, other ACS algorithms can be added in |
329 | # to "acs_survey" or "0". Eventually, other ACS algorithms can be added in |
|
326 | # similar way. |
330 | # similar way. |
|
327 | # |
331 | # |
|
328 | # Automatic selection is currently only done through initialization, later on |
332 | # Automatic selection is currently only done through initialization, later on |
|
329 | # we hope to do background checks to keep us moving to more ideal channels as |
333 | # we hope to do background checks to keep us moving to more ideal channels as |
|
330 | # time goes by. ACS is currently only supported through the nl80211 driver and |
334 | # time goes by. ACS is currently only supported through the nl80211 driver and |
|
331 | # your driver must have survey dump capability that is filled by the driver |
335 | # your driver must have survey dump capability that is filled by the driver |
|
332 | # during scanning. |
336 | # during scanning. |
|
333 | # |
337 | # |
|
334 | # You can customize the ACS survey algorithm with the hostapd.conf variable |
338 | # You can customize the ACS survey algorithm with the hostapd.conf variable |
|
335 | # acs_num_scans. |
339 | # acs_num_scans. |
|
336 | # |
340 | # |
|
337 | # Supported ACS drivers: |
341 | # Supported ACS drivers: |
|
338 | # * ath9k |
342 | # * ath9k |
|
339 | # * ath5k |
343 | # * ath5k |
|
340 | # * ath10k |
344 | # * ath10k |
|
341 | # |
345 | # |
|
342 | # For more details refer to: |
346 | # For more details refer to: |
|
343 | # http://wireless.kernel.org/en/users/Documentation/acs |
347 | # http://wireless.kernel.org/en/users/Documentation/acs |
|
344 | # |
348 | # |
|
345 | #CONFIG_ACS=y |
349 | #CONFIG_ACS=y |
|
346 | |
350 | |
|
347 | # Multiband Operation support |
351 | # Multiband Operation support |
|
348 | # These extentions facilitate efficient use of multiple frequency bands |
352 | # These extentions facilitate efficient use of multiple frequency bands |
|
349 | # available to the AP and the devices that may associate with it. |
353 | # available to the AP and the devices that may associate with it. |
|
350 | #CONFIG_MBO=y |
354 | #CONFIG_MBO=y |
|
351 | |
355 | |
|
352 | # Client Taxonomy |
356 | # Client Taxonomy |
|
353 | # Has the AP retain the Probe Request and (Re)Association Request frames from |
357 | # Has the AP retain the Probe Request and (Re)Association Request frames from |
|
354 | # a client, from which a signature can be produced which can identify the model |
358 | # a client, from which a signature can be produced which can identify the model |
|
355 | # of client device like "Nexus 6P" or "iPhone 5s". |
359 | # of client device like "Nexus 6P" or "iPhone 5s". |
|
356 | CONFIG_TAXONOMY=y |
360 | #CONFIG_TAXONOMY=y |
|
357 | |
361 | |
|
358 | # Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
362 | # Fast Initial Link Setup (FILS) (IEEE 802.11ai) |
|
359 | # Note: This is an experimental and not yet complete implementation. This |
363 | # Note: This is an experimental and not yet complete implementation. This |
|
360 | # should not be enabled for production use. |
364 | # should not be enabled for production use. |
|
361 | #CONFIG_FILS=y |
365 | #CONFIG_FILS=y |
|
362 | # FILS shared key authentication with PFS |
366 | # FILS shared key authentication with PFS |
|
363 | #CONFIG_FILS_SK_PFS=y |
367 | #CONFIG_FILS_SK_PFS=y |
|
364 | |
368 | |
|
365 | # Include internal line edit mode in hostapd_cli. This can be used to provide |
369 | # Include internal line edit mode in hostapd_cli. This can be used to provide |
|
366 | # limited command line editing and history support. |
370 | # limited command line editing and history support. |
|
367 | #CONFIG_WPA_CLI_EDIT=y |
371 | #CONFIG_WPA_CLI_EDIT=y |
|
368 | |
372 | |
|
369 | # Opportunistic Wireless Encryption (OWE) |
373 | # Opportunistic Wireless Encryption (OWE) |
|
370 | # Experimental implementation of draft-harkins-owe-07.txt |
374 | # Experimental implementation of draft-harkins-owe-07.txt |
|
371 | #CONFIG_OWE=y |
375 | #CONFIG_OWE=y |
|
372 | |
- | ||
373 | # Override default value for the wpa_disable_eapol_key_retries configuration |
- | ||
374 | # parameter. See that parameter in hostapd.conf for more details. |
- | ||
375 | #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 |
- | ||
376 | |
376 | |
|
377 | # uBus IPC/RPC System |
377 | # uBus IPC/RPC System |
|
378 | # Services can connect to the bus and provide methods |
378 | # Services can connect to the bus and provide methods |
|
379 | # that can be called by other services or clients. |
379 | # that can be called by other services or clients. |
|
380 | CONFIG_UBUS=y |
380 | CONFIG_UBUS=y |
|
381 | |
381 | |