mirror of
https://github.com/coolsnowwolf/lede.git
synced 2025-04-16 04:13:31 +00:00
This commit is contained in:
aooom
commit
ca1c449a69
@ -5,9 +5,9 @@ PKG_RELEASE=1
|
||||
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_URL=$(LEDE_GIT)/project/libubox.git
|
||||
PKG_SOURCE_DATE:=2017-06-17
|
||||
PKG_SOURCE_VERSION:=fd57eea9f37e447814afbf934db626288aac23c4
|
||||
PKG_MIRROR_HASH:=6921c507c0c7a951a47d619caa8228f7553141484a3c6d87ba526216f9dd927e
|
||||
PKG_SOURCE_DATE:=2017-09-29
|
||||
PKG_SOURCE_VERSION:=632688e8d6cde32781e4ec685d59afb0938300ad
|
||||
PKG_MIRROR_HASH:=84b5a0bc404e96a2965cadc1beb92664f4c22cc878a0a624eecd4b6884b56625
|
||||
CMAKE_INSTALL:=1
|
||||
|
||||
PKG_LICENSE:=ISC
|
||||
|
||||
@ -7,13 +7,13 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=hostapd
|
||||
PKG_RELEASE:=4
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL:=http://w1.fi/hostap.git
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_DATE:=2016-12-19
|
||||
PKG_SOURCE_VERSION:=ad02e79d12fd70ed6bd5fbaf64001a2851e5bb7b
|
||||
PKG_MIRROR_HASH:=7a0983f004b156d46911765c113754a4c00f56fb889430620bbd061b3b1fcf33
|
||||
PKG_SOURCE_DATE:=2017-08-24
|
||||
PKG_SOURCE_VERSION:=c2d4f2eb5dba0b5c5a8c5805823084da958a9b52
|
||||
PKG_MIRROR_HASH:=c6ad9a73fc1ae0ba8bc48f71cf14394b274bc9c2c1d1b53c2775f08312597e74
|
||||
|
||||
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
|
||||
PKG_LICENSE:=BSD-3-Clause
|
||||
@ -299,6 +299,7 @@ define Build/Compile/wpad
|
||||
$(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \
|
||||
sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \
|
||||
` > $(PKG_BUILD_DIR)/.cflags
|
||||
sed -i 's/"/\\"/g' $(PKG_BUILD_DIR)/.cflags
|
||||
+$(call Build/RunMake,hostapd, \
|
||||
CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \
|
||||
MULTICALL=1 \
|
||||
|
||||
@ -15,22 +15,31 @@
|
||||
# Driver interface for wired authenticator
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
|
||||
# Driver interface for Prism54 driver
|
||||
#CONFIG_DRIVER_PRISM54=y
|
||||
|
||||
# Driver interface for drivers using the nl80211 kernel interface
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
|
||||
# shipped with your distribution yet. If that is the case, you need to build
|
||||
# newer libnl version and point the hostapd build to use it.
|
||||
#LIBNL=/usr/src/libnl
|
||||
#CFLAGS += -I$(LIBNL)/include
|
||||
#LIBS += -L$(LIBNL)/lib
|
||||
|
||||
# QCA vendor extensions to nl80211
|
||||
#CONFIG_DRIVER_NL80211_QCA=y
|
||||
|
||||
# driver_nl80211.c requires libnl. If you are compiling it yourself
|
||||
# you may need to point hostapd to your version of libnl.
|
||||
#
|
||||
#CFLAGS += -I$<path to libnl include files>
|
||||
#LIBS += -L$<path to libnl library files>
|
||||
|
||||
# Use libnl v2.0 (or 3.0) libraries.
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
|
||||
#CONFIG_LIBNL32=y
|
||||
|
||||
|
||||
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
||||
#CONFIG_DRIVER_BSD=y
|
||||
#CFLAGS += -I/usr/local/include
|
||||
#LIBS += -L/usr/local/lib
|
||||
#LIBS_p += -L/usr/local/lib
|
||||
#LIBS_c += -L/usr/local/lib
|
||||
|
||||
# Driver interface for no driver (e.g., RADIUS server only)
|
||||
#CONFIG_DRIVER_NONE=y
|
||||
@ -45,16 +54,14 @@ CONFIG_RSN_PREAUTH=y
|
||||
CONFIG_PEERKEY=y
|
||||
|
||||
# IEEE 802.11w (management frame protection)
|
||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||
# draft and is subject to change since the standard has not yet been finalized.
|
||||
# Driver support is also needed for IEEE 802.11w.
|
||||
#CONFIG_IEEE80211W=y
|
||||
|
||||
# Integrated EAP server
|
||||
CONFIG_EAP=y
|
||||
|
||||
# EAP-FAST for the integrated EAP server
|
||||
CONFIG_EAP_FAST=y
|
||||
# EAP Re-authentication Protocol (ERP) in integrated EAP server
|
||||
#CONFIG_ERP=y
|
||||
|
||||
# EAP-MD5 for the integrated EAP server
|
||||
CONFIG_EAP_MD5=y
|
||||
@ -90,6 +97,9 @@ CONFIG_EAP_TTLS=y
|
||||
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
|
||||
#CONFIG_EAP_PSK=y
|
||||
|
||||
# EAP-pwd for the integrated EAP server (secure authentication with a password)
|
||||
#CONFIG_EAP_PWD=y
|
||||
|
||||
# EAP-SAKE for the integrated EAP server
|
||||
#CONFIG_EAP_SAKE=y
|
||||
|
||||
@ -99,17 +109,17 @@ CONFIG_EAP_TTLS=y
|
||||
#CONFIG_EAP_GPSK_SHA256=y
|
||||
|
||||
# EAP-FAST for the integrated EAP server
|
||||
# Note: Default OpenSSL package does not include support for all the
|
||||
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
||||
# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
|
||||
# to add the needed functions.
|
||||
#CONFIG_EAP_FAST=y
|
||||
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
|
||||
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
|
||||
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
|
||||
CONFIG_EAP_FAST=y
|
||||
|
||||
# Wi-Fi Protected Setup (WPS)
|
||||
CONFIG_WPS=y
|
||||
CONFIG_WPS2=y
|
||||
# Enable UPnP support for external WPS Registrars
|
||||
#CONFIG_WPS_UPNP=y
|
||||
# Enable WPS support with NFC config method
|
||||
#CONFIG_WPS_NFC=y
|
||||
|
||||
# EAP-IKEv2
|
||||
#CONFIG_EAP_IKEV2=y
|
||||
@ -117,6 +127,9 @@ CONFIG_WPS2=y
|
||||
# Trusted Network Connect (EAP-TNC)
|
||||
#CONFIG_EAP_TNC=y
|
||||
|
||||
# EAP-EKE for the integrated EAP server
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
CONFIG_PKCS12=y
|
||||
@ -132,23 +145,43 @@ CONFIG_IPV6=y
|
||||
CONFIG_IEEE80211R=y
|
||||
|
||||
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
|
||||
# the IEEE 802.11 Management capability (e.g. FreeBSD/net80211)
|
||||
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
|
||||
#CONFIG_DRIVER_RADIUS_ACL=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support
|
||||
CONFIG_IEEE80211N=y
|
||||
|
||||
# Wireless Network Management (IEEE Std 802.11v-2011)
|
||||
# Note: This is experimental and not complete implementation.
|
||||
#CONFIG_WNM=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support
|
||||
CONFIG_IEEE80211AC=y
|
||||
|
||||
# IEEE 802.11ax HE support
|
||||
# Note: This is experimental and work in progress. The definitions are still
|
||||
# subject to change and this should not be expected to interoperate with the
|
||||
# final IEEE 802.11ax version.
|
||||
#CONFIG_IEEE80211AX=y
|
||||
|
||||
# Remove debugging code that is printing out debug messages to stdout.
|
||||
# This can be used to reduce the size of the hostapd considerably if debugging
|
||||
# code is not needed.
|
||||
#CONFIG_NO_STDOUT_DEBUG=y
|
||||
|
||||
# Add support for writing debug log to a file: -f /tmp/hostapd.log
|
||||
# Disabled by default.
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
# Send debug messages to syslog instead of stdout
|
||||
CONFIG_DEBUG_SYSLOG=y
|
||||
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
# same file, e.g., using trace-cmd.
|
||||
#CONFIG_DEBUG_LINUX_TRACING=y
|
||||
|
||||
# Remove support for RADIUS accounting
|
||||
#CONFIG_NO_ACCOUNTING=y
|
||||
|
||||
@ -158,15 +191,190 @@ CONFIG_DEBUG_SYSLOG=y
|
||||
# Remove support for VLANs
|
||||
#CONFIG_NO_VLAN=y
|
||||
|
||||
CONFIG_TLS=internal
|
||||
CONFIG_INTERNAL_LIBTOMMATH=y
|
||||
CONFIG_INTERNAL_AES=y
|
||||
NEED_AES_DEC=y
|
||||
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
CONFIG_NO_DUMP_STATE=y
|
||||
|
||||
CONFIG_WPS=y
|
||||
# Enable support for fully dynamic VLANs. This enables hostapd to
|
||||
# automatically create bridge and VLAN interfaces if necessary.
|
||||
CONFIG_FULL_DYNAMIC_VLAN=y
|
||||
|
||||
# Use netlink-based kernel API for VLAN operations instead of ioctl()
|
||||
# Note: This requires libnl 3.1 or newer.
|
||||
#CONFIG_VLAN_NETLINK=y
|
||||
|
||||
# Remove support for dumping internal state through control interface commands
|
||||
# This can be used to reduce binary size at the cost of disabling a debugging
|
||||
# option.
|
||||
CONFIG_NO_DUMP_STATE=y
|
||||
|
||||
# Enable tracing code for developer debugging
|
||||
# This tracks use of memory allocations and other registrations and reports
|
||||
# incorrect use with a backtrace of call (or allocation) location.
|
||||
#CONFIG_WPA_TRACE=y
|
||||
# For BSD, comment out these.
|
||||
#LIBS += -lexecinfo
|
||||
#LIBS_p += -lexecinfo
|
||||
#LIBS_c += -lexecinfo
|
||||
|
||||
# Use libbfd to get more details for developer debugging
|
||||
# This enables use of libbfd to get more detailed symbols for the backtraces
|
||||
# generated by CONFIG_WPA_TRACE=y.
|
||||
#CONFIG_WPA_TRACE_BFD=y
|
||||
# For BSD, comment out these.
|
||||
#LIBS += -lbfd -liberty -lz
|
||||
#LIBS_p += -lbfd -liberty -lz
|
||||
#LIBS_c += -lbfd -liberty -lz
|
||||
|
||||
# hostapd depends on strong random number generation being available from the
|
||||
# operating system. os_get_random() function is used to fetch random data when
|
||||
# needed, e.g., for key generation. On Linux and BSD systems, this works by
|
||||
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
|
||||
# properly initialized before hostapd is started. This is important especially
|
||||
# on embedded devices that do not have a hardware random number generator and
|
||||
# may by default start up with minimal entropy available for random number
|
||||
# generation.
|
||||
#
|
||||
# As a safety net, hostapd is by default trying to internally collect
|
||||
# additional entropy for generating random data to mix in with the data
|
||||
# fetched from the OS. This by itself is not considered to be very strong, but
|
||||
# it may help in cases where the system pool is not initialized properly.
|
||||
# However, it is very strongly recommended that the system pool is initialized
|
||||
# with enough entropy either by using hardware assisted random number
|
||||
# generator or by storing state over device reboots.
|
||||
#
|
||||
# hostapd can be configured to maintain its own entropy store over restarts to
|
||||
# enhance random number generation. This is not perfect, but it is much more
|
||||
# secure than using the same sequence of random numbers after every reboot.
|
||||
# This can be enabled with -e<entropy file> command line option. The specified
|
||||
# file needs to be readable and writable by hostapd.
|
||||
#
|
||||
# If the os_get_random() is known to provide strong random data (e.g., on
|
||||
# Linux/BSD, the board in question is known to have reliable source of random
|
||||
# data from /dev/urandom), the internal hostapd random pool can be disabled.
|
||||
# This will save some in binary size and CPU use. However, this should only be
|
||||
# considered for builds that are known to be used on devices that meet the
|
||||
# requirements described above.
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
|
||||
# Should we use poll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_POLL=y
|
||||
|
||||
# Should we use epoll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Should we use kqueue instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_KQUEUE=y
|
||||
|
||||
# Select TLS implementation
|
||||
# openssl = OpenSSL (default)
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
CONFIG_TLS=internal
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used.
|
||||
#CONFIG_TLSV11=y
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
|
||||
# can be enabled to enable use of stronger crypto algorithms.
|
||||
#CONFIG_TLSV12=y
|
||||
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
|
||||
# and drawbacks of this option.
|
||||
CONFIG_INTERNAL_LIBTOMMATH=y
|
||||
#ifndef CONFIG_INTERNAL_LIBTOMMATH
|
||||
#LTM_PATH=/usr/src/libtommath-0.39
|
||||
#CFLAGS += -I$(LTM_PATH)
|
||||
#LIBS += -L$(LTM_PATH)
|
||||
#LIBS_p += -L$(LTM_PATH)
|
||||
#endif
|
||||
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
|
||||
# can be configured to include faster routines for exptmod, sqr, and div to
|
||||
# speed up DH and RSA calculation considerably
|
||||
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks.
|
||||
#CONFIG_INTERWORKING=y
|
||||
|
||||
# Hotspot 2.0
|
||||
#CONFIG_HS20=y
|
||||
|
||||
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
|
||||
#CONFIG_SQLITE=y
|
||||
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
|
||||
# Enable CLI commands for FST testing
|
||||
#CONFIG_FST_TEST=y
|
||||
|
||||
# Testing options
|
||||
# This can be used to enable some testing options (see also the example
|
||||
# configuration file) that are really useful only for testing clients that
|
||||
# connect to this hostapd. These options allow, for example, to drop a
|
||||
# certain percentage of probe requests or auth/(re)assoc frames.
|
||||
#
|
||||
#CONFIG_TESTING_OPTIONS=y
|
||||
|
||||
# Automatic Channel Selection
|
||||
# This will allow hostapd to pick the channel automatically when channel is set
|
||||
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
|
||||
# similar way.
|
||||
#
|
||||
# Automatic selection is currently only done through initialization, later on
|
||||
# we hope to do background checks to keep us moving to more ideal channels as
|
||||
# time goes by. ACS is currently only supported through the nl80211 driver and
|
||||
# your driver must have survey dump capability that is filled by the driver
|
||||
# during scanning.
|
||||
#
|
||||
# You can customize the ACS survey algorithm with the hostapd.conf variable
|
||||
# acs_num_scans.
|
||||
#
|
||||
# Supported ACS drivers:
|
||||
# * ath9k
|
||||
# * ath5k
|
||||
# * ath10k
|
||||
#
|
||||
# For more details refer to:
|
||||
# http://wireless.kernel.org/en/users/Documentation/acs
|
||||
#
|
||||
#CONFIG_ACS=y
|
||||
|
||||
# Multiband Operation support
|
||||
# These extentions facilitate efficient use of multiple frequency bands
|
||||
# available to the AP and the devices that may associate with it.
|
||||
#CONFIG_MBO=y
|
||||
|
||||
# Client Taxonomy
|
||||
# Has the AP retain the Probe Request and (Re)Association Request frames from
|
||||
# a client, from which a signature can be produced which can identify the model
|
||||
# of client device like "Nexus 6P" or "iPhone 5s".
|
||||
#CONFIG_TAXONOMY=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
# FILS shared key authentication with PFS
|
||||
#CONFIG_FILS_SK_PFS=y
|
||||
|
||||
# Include internal line edit mode in hostapd_cli. This can be used to provide
|
||||
# limited command line editing and history support.
|
||||
#CONFIG_WPA_CLI_EDIT=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
#CONFIG_OWE=y
|
||||
|
||||
# uBus IPC/RPC System
|
||||
# Services can connect to the bus and provide methods
|
||||
# that can be called by other services or clients.
|
||||
CONFIG_UBUS=y
|
||||
|
||||
@ -15,28 +15,37 @@
|
||||
# Driver interface for wired authenticator
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
|
||||
# Driver interface for Prism54 driver
|
||||
#CONFIG_DRIVER_PRISM54=y
|
||||
|
||||
# Driver interface for drivers using the nl80211 kernel interface
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be
|
||||
# shipped with your distribution yet. If that is the case, you need to build
|
||||
# newer libnl version and point the hostapd build to use it.
|
||||
#LIBNL=/usr/src/libnl
|
||||
#CFLAGS += -I$(LIBNL)/include
|
||||
#LIBS += -L$(LIBNL)/lib
|
||||
|
||||
# QCA vendor extensions to nl80211
|
||||
#CONFIG_DRIVER_NL80211_QCA=y
|
||||
|
||||
# driver_nl80211.c requires libnl. If you are compiling it yourself
|
||||
# you may need to point hostapd to your version of libnl.
|
||||
#
|
||||
#CFLAGS += -I$<path to libnl include files>
|
||||
#LIBS += -L$<path to libnl library files>
|
||||
|
||||
# Use libnl v2.0 (or 3.0) libraries.
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
|
||||
#CONFIG_LIBNL32=y
|
||||
|
||||
|
||||
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
||||
#CONFIG_DRIVER_BSD=y
|
||||
#CFLAGS += -I/usr/local/include
|
||||
#LIBS += -L/usr/local/lib
|
||||
#LIBS_p += -L/usr/local/lib
|
||||
#LIBS_c += -L/usr/local/lib
|
||||
|
||||
# Driver interface for no driver (e.g., RADIUS server only)
|
||||
#CONFIG_DRIVER_NONE=y
|
||||
|
||||
# IEEE 802.11F/IAPP
|
||||
# CONFIG_IAPP=y
|
||||
#CONFIG_IAPP=y
|
||||
|
||||
# WPA2/IEEE 802.11i RSN pre-authentication
|
||||
CONFIG_RSN_PREAUTH=y
|
||||
@ -45,14 +54,15 @@ CONFIG_RSN_PREAUTH=y
|
||||
CONFIG_PEERKEY=y
|
||||
|
||||
# IEEE 802.11w (management frame protection)
|
||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||
# draft and is subject to change since the standard has not yet been finalized.
|
||||
# Driver support is also needed for IEEE 802.11w.
|
||||
#CONFIG_IEEE80211W=y
|
||||
|
||||
# Integrated EAP server
|
||||
#CONFIG_EAP=y
|
||||
|
||||
# EAP Re-authentication Protocol (ERP) in integrated EAP server
|
||||
#CONFIG_ERP=y
|
||||
|
||||
# EAP-MD5 for the integrated EAP server
|
||||
#CONFIG_EAP_MD5=y
|
||||
|
||||
@ -87,6 +97,9 @@ CONFIG_PEERKEY=y
|
||||
# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK)
|
||||
#CONFIG_EAP_PSK=y
|
||||
|
||||
# EAP-pwd for the integrated EAP server (secure authentication with a password)
|
||||
#CONFIG_EAP_PWD=y
|
||||
|
||||
# EAP-SAKE for the integrated EAP server
|
||||
#CONFIG_EAP_SAKE=y
|
||||
|
||||
@ -96,16 +109,17 @@ CONFIG_PEERKEY=y
|
||||
#CONFIG_EAP_GPSK_SHA256=y
|
||||
|
||||
# EAP-FAST for the integrated EAP server
|
||||
# Note: Default OpenSSL package does not include support for all the
|
||||
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
||||
# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch)
|
||||
# to add the needed functions.
|
||||
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
|
||||
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
|
||||
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
|
||||
#CONFIG_EAP_FAST=y
|
||||
|
||||
# Wi-Fi Protected Setup (WPS)
|
||||
#CONFIG_WPS=y
|
||||
# Enable UPnP support for external WPS Registrars
|
||||
#CONFIG_WPS_UPNP=y
|
||||
# Enable WPS support with NFC config method
|
||||
#CONFIG_WPS_NFC=y
|
||||
|
||||
# EAP-IKEv2
|
||||
#CONFIG_EAP_IKEV2=y
|
||||
@ -113,6 +127,9 @@ CONFIG_PEERKEY=y
|
||||
# Trusted Network Connect (EAP-TNC)
|
||||
#CONFIG_EAP_TNC=y
|
||||
|
||||
# EAP-EKE for the integrated EAP server
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
#CONFIG_PKCS12=y
|
||||
@ -128,23 +145,43 @@ CONFIG_PEERKEY=y
|
||||
#CONFIG_IEEE80211R=y
|
||||
|
||||
# Use the hostapd's IEEE 802.11 authentication (ACL), but without
|
||||
# the IEEE 802.11 Management capability (e.g. FreeBSD/net80211)
|
||||
# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211)
|
||||
#CONFIG_DRIVER_RADIUS_ACL=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support
|
||||
CONFIG_IEEE80211N=y
|
||||
|
||||
# Wireless Network Management (IEEE Std 802.11v-2011)
|
||||
# Note: This is experimental and not complete implementation.
|
||||
#CONFIG_WNM=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support
|
||||
CONFIG_IEEE80211AC=y
|
||||
|
||||
# IEEE 802.11ax HE support
|
||||
# Note: This is experimental and work in progress. The definitions are still
|
||||
# subject to change and this should not be expected to interoperate with the
|
||||
# final IEEE 802.11ax version.
|
||||
#CONFIG_IEEE80211AX=y
|
||||
|
||||
# Remove debugging code that is printing out debug messages to stdout.
|
||||
# This can be used to reduce the size of the hostapd considerably if debugging
|
||||
# code is not needed.
|
||||
#CONFIG_NO_STDOUT_DEBUG=y
|
||||
|
||||
# Add support for writing debug log to a file: -f /tmp/hostapd.log
|
||||
# Disabled by default.
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
# Send debug messages to syslog instead of stdout
|
||||
CONFIG_DEBUG_SYSLOG=y
|
||||
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
# same file, e.g., using trace-cmd.
|
||||
#CONFIG_DEBUG_LINUX_TRACING=y
|
||||
|
||||
# Remove support for RADIUS accounting
|
||||
CONFIG_NO_ACCOUNTING=y
|
||||
|
||||
@ -154,9 +191,190 @@ CONFIG_NO_RADIUS=y
|
||||
# Remove support for VLANs
|
||||
#CONFIG_NO_VLAN=y
|
||||
|
||||
CONFIG_TLS=internal
|
||||
# Enable support for fully dynamic VLANs. This enables hostapd to
|
||||
# automatically create bridge and VLAN interfaces if necessary.
|
||||
#CONFIG_FULL_DYNAMIC_VLAN=y
|
||||
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
# Use netlink-based kernel API for VLAN operations instead of ioctl()
|
||||
# Note: This requires libnl 3.1 or newer.
|
||||
#CONFIG_VLAN_NETLINK=y
|
||||
|
||||
# Remove support for dumping internal state through control interface commands
|
||||
# This can be used to reduce binary size at the cost of disabling a debugging
|
||||
# option.
|
||||
CONFIG_NO_DUMP_STATE=y
|
||||
|
||||
# Enable tracing code for developer debugging
|
||||
# This tracks use of memory allocations and other registrations and reports
|
||||
# incorrect use with a backtrace of call (or allocation) location.
|
||||
#CONFIG_WPA_TRACE=y
|
||||
# For BSD, comment out these.
|
||||
#LIBS += -lexecinfo
|
||||
#LIBS_p += -lexecinfo
|
||||
#LIBS_c += -lexecinfo
|
||||
|
||||
# Use libbfd to get more details for developer debugging
|
||||
# This enables use of libbfd to get more detailed symbols for the backtraces
|
||||
# generated by CONFIG_WPA_TRACE=y.
|
||||
#CONFIG_WPA_TRACE_BFD=y
|
||||
# For BSD, comment out these.
|
||||
#LIBS += -lbfd -liberty -lz
|
||||
#LIBS_p += -lbfd -liberty -lz
|
||||
#LIBS_c += -lbfd -liberty -lz
|
||||
|
||||
# hostapd depends on strong random number generation being available from the
|
||||
# operating system. os_get_random() function is used to fetch random data when
|
||||
# needed, e.g., for key generation. On Linux and BSD systems, this works by
|
||||
# reading /dev/urandom. It should be noted that the OS entropy pool needs to be
|
||||
# properly initialized before hostapd is started. This is important especially
|
||||
# on embedded devices that do not have a hardware random number generator and
|
||||
# may by default start up with minimal entropy available for random number
|
||||
# generation.
|
||||
#
|
||||
# As a safety net, hostapd is by default trying to internally collect
|
||||
# additional entropy for generating random data to mix in with the data
|
||||
# fetched from the OS. This by itself is not considered to be very strong, but
|
||||
# it may help in cases where the system pool is not initialized properly.
|
||||
# However, it is very strongly recommended that the system pool is initialized
|
||||
# with enough entropy either by using hardware assisted random number
|
||||
# generator or by storing state over device reboots.
|
||||
#
|
||||
# hostapd can be configured to maintain its own entropy store over restarts to
|
||||
# enhance random number generation. This is not perfect, but it is much more
|
||||
# secure than using the same sequence of random numbers after every reboot.
|
||||
# This can be enabled with -e<entropy file> command line option. The specified
|
||||
# file needs to be readable and writable by hostapd.
|
||||
#
|
||||
# If the os_get_random() is known to provide strong random data (e.g., on
|
||||
# Linux/BSD, the board in question is known to have reliable source of random
|
||||
# data from /dev/urandom), the internal hostapd random pool can be disabled.
|
||||
# This will save some in binary size and CPU use. However, this should only be
|
||||
# considered for builds that are known to be used on devices that meet the
|
||||
# requirements described above.
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
|
||||
# Should we use poll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_POLL=y
|
||||
|
||||
# Should we use epoll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Should we use kqueue instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_KQUEUE=y
|
||||
|
||||
# Select TLS implementation
|
||||
# openssl = OpenSSL (default)
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
CONFIG_TLS=internal
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used.
|
||||
#CONFIG_TLSV11=y
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
|
||||
# can be enabled to enable use of stronger crypto algorithms.
|
||||
#CONFIG_TLSV12=y
|
||||
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
# LibTomMath can be used. See beginning of libtommath.c for details on benefits
|
||||
# and drawbacks of this option.
|
||||
#CONFIG_INTERNAL_LIBTOMMATH=y
|
||||
#ifndef CONFIG_INTERNAL_LIBTOMMATH
|
||||
#LTM_PATH=/usr/src/libtommath-0.39
|
||||
#CFLAGS += -I$(LTM_PATH)
|
||||
#LIBS += -L$(LTM_PATH)
|
||||
#LIBS_p += -L$(LTM_PATH)
|
||||
#endif
|
||||
# At the cost of about 4 kB of additional binary size, the internal LibTomMath
|
||||
# can be configured to include faster routines for exptmod, sqr, and div to
|
||||
# speed up DH and RSA calculation considerably
|
||||
#CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks.
|
||||
#CONFIG_INTERWORKING=y
|
||||
|
||||
# Hotspot 2.0
|
||||
#CONFIG_HS20=y
|
||||
|
||||
# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file
|
||||
#CONFIG_SQLITE=y
|
||||
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
|
||||
# Enable CLI commands for FST testing
|
||||
#CONFIG_FST_TEST=y
|
||||
|
||||
# Testing options
|
||||
# This can be used to enable some testing options (see also the example
|
||||
# configuration file) that are really useful only for testing clients that
|
||||
# connect to this hostapd. These options allow, for example, to drop a
|
||||
# certain percentage of probe requests or auth/(re)assoc frames.
|
||||
#
|
||||
#CONFIG_TESTING_OPTIONS=y
|
||||
|
||||
# Automatic Channel Selection
|
||||
# This will allow hostapd to pick the channel automatically when channel is set
|
||||
# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in
|
||||
# similar way.
|
||||
#
|
||||
# Automatic selection is currently only done through initialization, later on
|
||||
# we hope to do background checks to keep us moving to more ideal channels as
|
||||
# time goes by. ACS is currently only supported through the nl80211 driver and
|
||||
# your driver must have survey dump capability that is filled by the driver
|
||||
# during scanning.
|
||||
#
|
||||
# You can customize the ACS survey algorithm with the hostapd.conf variable
|
||||
# acs_num_scans.
|
||||
#
|
||||
# Supported ACS drivers:
|
||||
# * ath9k
|
||||
# * ath5k
|
||||
# * ath10k
|
||||
#
|
||||
# For more details refer to:
|
||||
# http://wireless.kernel.org/en/users/Documentation/acs
|
||||
#
|
||||
#CONFIG_ACS=y
|
||||
|
||||
# Multiband Operation support
|
||||
# These extentions facilitate efficient use of multiple frequency bands
|
||||
# available to the AP and the devices that may associate with it.
|
||||
#CONFIG_MBO=y
|
||||
|
||||
# Client Taxonomy
|
||||
# Has the AP retain the Probe Request and (Re)Association Request frames from
|
||||
# a client, from which a signature can be produced which can identify the model
|
||||
# of client device like "Nexus 6P" or "iPhone 5s".
|
||||
#CONFIG_TAXONOMY=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
# FILS shared key authentication with PFS
|
||||
#CONFIG_FILS_SK_PFS=y
|
||||
|
||||
# Include internal line edit mode in hostapd_cli. This can be used to provide
|
||||
# limited command line editing and history support.
|
||||
#CONFIG_WPA_CLI_EDIT=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
#CONFIG_OWE=y
|
||||
|
||||
# uBus IPC/RPC System
|
||||
# Services can connect to the bus and provide methods
|
||||
# that can be called by other services or clients.
|
||||
CONFIG_UBUS=y
|
||||
|
||||
@ -67,6 +67,7 @@ hostapd_common_add_device_config() {
|
||||
config_add_boolean legacy_rates
|
||||
|
||||
config_add_string acs_chan_bias
|
||||
config_add_array hostapd_options
|
||||
|
||||
hostapd_add_log_config
|
||||
}
|
||||
@ -127,6 +128,11 @@ hostapd_prepare_device_config() {
|
||||
[ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N"
|
||||
append base_cfg "beacon_int=$beacon_int" "$N"
|
||||
|
||||
json_get_values opts hostapd_options
|
||||
for val in $opts; do
|
||||
append base_cfg "$val" "$N"
|
||||
done
|
||||
|
||||
cat > "$config" <<EOF
|
||||
driver=$driver
|
||||
$base_cfg
|
||||
@ -178,7 +184,7 @@ hostapd_common_add_bss_config() {
|
||||
config_add_int wps_ap_setup_locked wps_independent
|
||||
config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin
|
||||
|
||||
config_add_boolean ieee80211r pmk_r1_push
|
||||
config_add_boolean ieee80211r pmk_r1_push ft_psk_generate_local ft_over_ds
|
||||
config_add_int r0_key_lifetime reassociation_deadline
|
||||
config_add_string mobility_domain r1_key_holder
|
||||
config_add_array r0kh r1kh
|
||||
@ -382,7 +388,7 @@ hostapd_set_bss_options() {
|
||||
|
||||
if [ "$ieee80211r" -gt "0" ]; then
|
||||
json_get_vars mobility_domain r0_key_lifetime r1_key_holder \
|
||||
reassociation_deadline pmk_r1_push
|
||||
reassociation_deadline pmk_r1_push ft_psk_generate_local ft_over_ds
|
||||
json_get_values r0kh r0kh
|
||||
json_get_values r1kh r1kh
|
||||
|
||||
@ -391,12 +397,16 @@ hostapd_set_bss_options() {
|
||||
set_default r1_key_holder "00004f577274"
|
||||
set_default reassociation_deadline 1000
|
||||
set_default pmk_r1_push 0
|
||||
set_default ft_psk_generate_local 0
|
||||
set_default ft_over_ds 1
|
||||
|
||||
append bss_conf "mobility_domain=$mobility_domain" "$N"
|
||||
append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N"
|
||||
append bss_conf "r1_key_holder=$r1_key_holder" "$N"
|
||||
append bss_conf "reassociation_deadline=$reassociation_deadline" "$N"
|
||||
append bss_conf "pmk_r1_push=$pmk_r1_push" "$N"
|
||||
append bss_conf "ft_psk_generate_local=$ft_psk_generate_local" "$N"
|
||||
append bss_conf "ft_over_ds=$ft_over_ds" "$N"
|
||||
|
||||
for kh in $r0kh; do
|
||||
append bss_conf "r0kh=${kh//,/ }" "$N"
|
||||
@ -627,7 +637,7 @@ wpa_supplicant_add_network() {
|
||||
scan_ssid=""
|
||||
}
|
||||
|
||||
[[ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ]] && append network_data "$_w_modestr" "$N$T"
|
||||
[ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ] && append network_data "$_w_modestr" "$N$T"
|
||||
|
||||
case "$auth_type" in
|
||||
none) ;;
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
# Example wpa_supplicant build time configuration
|
||||
#
|
||||
# This file lists the configuration options that are used when building the
|
||||
# hostapd binary. All lines starting with # are ignored. Configuration option
|
||||
# lines must be commented out complete, if they are not to be included, i.e.,
|
||||
# just setting VARIABLE=n is not disabling that variable.
|
||||
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
|
||||
# option lines must be commented out complete, if they are not to be included,
|
||||
# i.e., just setting VARIABLE=n is not disabling that variable.
|
||||
#
|
||||
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
|
||||
# be modified from here. In most cases, these lines should use += in order not
|
||||
@ -20,63 +20,33 @@
|
||||
# used to fix build issues on such systems (krb5.h not found).
|
||||
#CFLAGS += -I/usr/include/kerberos
|
||||
|
||||
# Example configuration for various cross-compilation platforms
|
||||
|
||||
#### sveasoft (e.g., for Linksys WRT54G) ######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
|
||||
#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
|
||||
###############################################################################
|
||||
|
||||
#### openwrt (e.g., for Linksys WRT54G) #######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
|
||||
# -I../WRT54GS/release/src/include
|
||||
#LIBS = -lssl
|
||||
###############################################################################
|
||||
|
||||
|
||||
# Driver interface for Host AP driver
|
||||
#CONFIG_DRIVER_HOSTAP=y
|
||||
|
||||
# Driver interface for Agere driver
|
||||
#CONFIG_DRIVER_HERMES=y
|
||||
# Change include directories to match with the local setup
|
||||
#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
|
||||
#CFLAGS += -I../../include/wireless
|
||||
|
||||
# Driver interface for ndiswrapper
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_NDISWRAPPER=y
|
||||
|
||||
# Driver interface for Atmel driver
|
||||
# CONFIG_DRIVER_ATMEL=y
|
||||
|
||||
# Driver interface for old Broadcom driver
|
||||
# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
|
||||
# Linux wireless extensions and does not need (or even work) with the old
|
||||
# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
|
||||
#CONFIG_DRIVER_BROADCOM=y
|
||||
# Example path for wlioctl.h; change to match your configuration
|
||||
#CFLAGS += -I/opt/WRT54GS/release/src/include
|
||||
|
||||
# Driver interface for Intel ipw2100/2200 driver
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_IPW=y
|
||||
|
||||
# Driver interface for Ralink driver
|
||||
#CONFIG_DRIVER_RALINK=y
|
||||
|
||||
# Driver interface for generic Linux wireless extensions
|
||||
# Note: WEXT is deprecated in the current Linux kernel version and no new
|
||||
# functionality is added to it. nl80211-based interface is the new
|
||||
# replacement for WEXT and its use allows wpa_supplicant to properly control
|
||||
# the driver to improve existing functionality like roaming and to support new
|
||||
# functionality.
|
||||
CONFIG_DRIVER_WEXT=y
|
||||
|
||||
# Driver interface for Linux drivers using the nl80211 kernel interface
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
|
||||
# QCA vendor extensions to nl80211
|
||||
#CONFIG_DRIVER_NL80211_QCA=y
|
||||
|
||||
# driver_nl80211.c requires libnl. If you are compiling it yourself
|
||||
# you may need to point hostapd to your version of libnl.
|
||||
#
|
||||
#CFLAGS += -I$<path to libnl include files>
|
||||
#LIBS += -L$<path to libnl library files>
|
||||
|
||||
# Use libnl v2.0 (or 3.0) libraries.
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
|
||||
#CONFIG_LIBNL32=y
|
||||
|
||||
|
||||
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
||||
#CONFIG_DRIVER_BSD=y
|
||||
#CFLAGS += -I/usr/local/include
|
||||
@ -100,14 +70,6 @@ CONFIG_DRIVER_NL80211=y
|
||||
# wpa_supplicant.
|
||||
# CONFIG_USE_NDISUIO=y
|
||||
|
||||
# Driver interface for development testing
|
||||
#CONFIG_DRIVER_TEST=y
|
||||
|
||||
# Include client MLME (management frame processing) for test driver
|
||||
# This can be used to test MLME operations in hostapd with the test interface.
|
||||
# space.
|
||||
#CONFIG_CLIENT_MLME=y
|
||||
|
||||
# Driver interface for wired Ethernet drivers
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
|
||||
@ -117,13 +79,14 @@ CONFIG_DRIVER_WIRED=y
|
||||
# Driver interface for no driver (e.g., WPS ER only)
|
||||
#CONFIG_DRIVER_NONE=y
|
||||
|
||||
# Solaris libraries
|
||||
#LIBS += -lsocket -ldlpi -lnsl
|
||||
#LIBS_c += -lsocket
|
||||
|
||||
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
|
||||
# included)
|
||||
CONFIG_IEEE8021X_EAPOL=y
|
||||
|
||||
# EAP-FAST
|
||||
CONFIG_EAP_FAST=y
|
||||
|
||||
# EAP-MD5
|
||||
CONFIG_EAP_MD5=y
|
||||
|
||||
@ -140,11 +103,10 @@ CONFIG_EAP_PEAP=y
|
||||
CONFIG_EAP_TTLS=y
|
||||
|
||||
# EAP-FAST
|
||||
# Note: Default OpenSSL package does not include support for all the
|
||||
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
||||
# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
|
||||
# to add the needed functions.
|
||||
#CONFIG_EAP_FAST=y
|
||||
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
|
||||
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
|
||||
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
|
||||
CONFIG_EAP_FAST=y
|
||||
|
||||
# EAP-GTC
|
||||
CONFIG_EAP_GTC=y
|
||||
@ -158,6 +120,9 @@ CONFIG_EAP_OTP=y
|
||||
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
|
||||
#CONFIG_EAP_PSK=y
|
||||
|
||||
# EAP-pwd (secure authentication using only a password)
|
||||
#CONFIG_EAP_PWD=y
|
||||
|
||||
# EAP-PAX
|
||||
#CONFIG_EAP_PAX=y
|
||||
|
||||
@ -187,10 +152,20 @@ CONFIG_EAP_LEAP=y
|
||||
|
||||
# Wi-Fi Protected Setup (WPS)
|
||||
CONFIG_WPS=y
|
||||
# Enable WPS external registrar functionality
|
||||
#CONFIG_WPS_ER=y
|
||||
# Disable credentials for an open network by default when acting as a WPS
|
||||
# registrar.
|
||||
#CONFIG_WPS_REG_DISABLE_OPEN=y
|
||||
# Enable WPS support with NFC config method
|
||||
#CONFIG_WPS_NFC=y
|
||||
|
||||
# EAP-IKEv2
|
||||
#CONFIG_EAP_IKEV2=y
|
||||
|
||||
# EAP-EKE
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
CONFIG_PKCS12=y
|
||||
@ -203,13 +178,22 @@ CONFIG_SMARTCARD=y
|
||||
# Enable this if EAP-SIM or EAP-AKA is included
|
||||
#CONFIG_PCSC=y
|
||||
|
||||
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
|
||||
#CONFIG_HT_OVERRIDES=y
|
||||
|
||||
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
|
||||
#CONFIG_VHT_OVERRIDES=y
|
||||
|
||||
# Development testing
|
||||
#CONFIG_EAPOL_TEST=y
|
||||
|
||||
# Select control interface backend for external programs, e.g, wpa_cli:
|
||||
# unix = UNIX domain sockets (default for Linux/*BSD)
|
||||
# udp = UDP sockets using localhost (127.0.0.1)
|
||||
# udp6 = UDP IPv6 sockets using localhost (::1)
|
||||
# named_pipe = Windows Named Pipe (default for Windows)
|
||||
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
|
||||
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
|
||||
# y = use default (backwards compatibility)
|
||||
# If this option is commented out, control interface is not included in the
|
||||
# build.
|
||||
@ -221,6 +205,10 @@ CONFIG_CTRL_IFACE=y
|
||||
# the resulting binary.
|
||||
#CONFIG_READLINE=y
|
||||
|
||||
# Include internal line edit mode in wpa_cli. This can be used as a replacement
|
||||
# for GNU Readline to provide limited command line editing and history support.
|
||||
#CONFIG_WPA_CLI_EDIT=y
|
||||
|
||||
# Remove debugging code that is printing out debug message to stdout.
|
||||
# This can be used to reduce the size of the wpa_supplicant considerably
|
||||
# if debugging code is not needed. The size reduction can be around 35%
|
||||
@ -231,11 +219,6 @@ CONFIG_CTRL_IFACE=y
|
||||
# 35-50 kB in code size.
|
||||
#CONFIG_NO_WPA=y
|
||||
|
||||
# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
|
||||
# save about 1 kB in code size when building only WPA-Personal (no EAP support)
|
||||
# or 6 kB if building for WPA-Enterprise.
|
||||
#CONFIG_NO_WPA2=y
|
||||
|
||||
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
|
||||
# This option can be used to reduce code size by removing support for
|
||||
# converting ASCII passphrases into PSK. If this functionality is removed, the
|
||||
@ -270,7 +253,7 @@ CONFIG_BACKEND=file
|
||||
# main_none = Very basic example (development use only)
|
||||
#CONFIG_MAIN=main
|
||||
|
||||
# Select wrapper for operatins system and C library specific functions
|
||||
# Select wrapper for operating system and C library specific functions
|
||||
# unix = UNIX/POSIX like systems (default)
|
||||
# win32 = Windows systems
|
||||
# none = Empty template
|
||||
@ -279,9 +262,17 @@ CONFIG_BACKEND=file
|
||||
# Select event loop implementation
|
||||
# eloop = select() loop (default)
|
||||
# eloop_win = Windows events and WaitForMultipleObject() loop
|
||||
# eloop_none = Empty template
|
||||
#CONFIG_ELOOP=eloop
|
||||
|
||||
# Should we use poll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_POLL=y
|
||||
|
||||
# Should we use epoll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Should we use kqueue instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_KQUEUE=y
|
||||
|
||||
# Select layer 2 packet implementation
|
||||
# linux = Linux packet socket (default)
|
||||
# pcap = libpcap/libdnet/WinPcap
|
||||
@ -291,29 +282,44 @@ CONFIG_BACKEND=file
|
||||
# none = Empty template
|
||||
#CONFIG_L2_PACKET=linux
|
||||
|
||||
# Disable Linux packet socket workaround applicable for station interface
|
||||
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
|
||||
# is known to not have the regression issue in packet socket behavior with
|
||||
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
||||
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
||||
|
||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
||||
CONFIG_PEERKEY=y
|
||||
|
||||
# IEEE 802.11w (management frame protection)
|
||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||
# draft and is subject to change since the standard has not yet been finalized.
|
||||
# IEEE 802.11w (management frame protection), also known as PMF
|
||||
# Driver support is also needed for IEEE 802.11w.
|
||||
CONFIG_IEEE80211W=y
|
||||
#CONFIG_IEEE80211W=y
|
||||
|
||||
# Select TLS implementation
|
||||
# openssl = OpenSSL (default)
|
||||
# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
CONFIG_TLS=internal
|
||||
|
||||
# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
|
||||
# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
|
||||
# even though the core GnuTLS library is released under LGPL, this extra
|
||||
# library uses GPL and as such, the terms of GPL apply to the combination
|
||||
# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
|
||||
# apply for distribution of the resulting binary.
|
||||
#CONFIG_GNUTLS_EXTRA=y
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used. It should be noted that some existing TLS v1.0 -based
|
||||
# implementation may not be compatible with TLS v1.1 message (ClientHello is
|
||||
# sent prior to negotiating which version will be used)
|
||||
#CONFIG_TLSV11=y
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
|
||||
# can be enabled to enable use of stronger crypto algorithms. It should be
|
||||
# noted that some existing TLS v1.0 -based implementation may not be compatible
|
||||
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
|
||||
# will be used)
|
||||
#CONFIG_TLSV12=y
|
||||
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@ -369,12 +375,31 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
# amount of memory/flash.
|
||||
#CONFIG_DYNAMIC_EAP_METHODS=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition)
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
|
||||
CONFIG_IEEE80211R=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies
|
||||
# CONFIG_IEEE80211R).
|
||||
#CONFIG_IEEE80211R_AP=y
|
||||
|
||||
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
# Send debug messages to syslog instead of stdout
|
||||
#CONFIG_DEBUG_SYSLOG=y
|
||||
# Set syslog facility for debug messages
|
||||
#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
|
||||
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
# same file, e.g., using trace-cmd.
|
||||
#CONFIG_DEBUG_LINUX_TRACING=y
|
||||
|
||||
# Add support for writing debug log to Android logcat instead of standard
|
||||
# output
|
||||
#CONFIG_ANDROID_LOG=y
|
||||
|
||||
# Enable privilege separation (see README 'Privilege separation' for details)
|
||||
#CONFIG_PRIVSEP=y
|
||||
|
||||
@ -386,7 +411,7 @@ CONFIG_IEEE80211R=y
|
||||
# This tracks use of memory allocations and other registrations and reports
|
||||
# incorrect use with a backtrace of call (or allocation) location.
|
||||
#CONFIG_WPA_TRACE=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lexecinfo
|
||||
#LIBS_p += -lexecinfo
|
||||
#LIBS_c += -lexecinfo
|
||||
@ -395,12 +420,174 @@ CONFIG_IEEE80211R=y
|
||||
# This enables use of libbfd to get more detailed symbols for the backtraces
|
||||
# generated by CONFIG_WPA_TRACE=y.
|
||||
#CONFIG_WPA_TRACE_BFD=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lbfd -liberty -lz
|
||||
#LIBS_p += -lbfd -liberty -lz
|
||||
#LIBS_c += -lbfd -liberty -lz
|
||||
|
||||
# wpa_supplicant depends on strong random number generation being available
|
||||
# from the operating system. os_get_random() function is used to fetch random
|
||||
# data when needed, e.g., for key generation. On Linux and BSD systems, this
|
||||
# works by reading /dev/urandom. It should be noted that the OS entropy pool
|
||||
# needs to be properly initialized before wpa_supplicant is started. This is
|
||||
# important especially on embedded devices that do not have a hardware random
|
||||
# number generator and may by default start up with minimal entropy available
|
||||
# for random number generation.
|
||||
#
|
||||
# As a safety net, wpa_supplicant is by default trying to internally collect
|
||||
# additional entropy for generating random data to mix in with the data fetched
|
||||
# from the OS. This by itself is not considered to be very strong, but it may
|
||||
# help in cases where the system pool is not initialized properly. However, it
|
||||
# is very strongly recommended that the system pool is initialized with enough
|
||||
# entropy either by using hardware assisted random number generator or by
|
||||
# storing state over device reboots.
|
||||
#
|
||||
# wpa_supplicant can be configured to maintain its own entropy store over
|
||||
# restarts to enhance random number generation. This is not perfect, but it is
|
||||
# much more secure than using the same sequence of random numbers after every
|
||||
# reboot. This can be enabled with -e<entropy file> command line option. The
|
||||
# specified file needs to be readable and writable by wpa_supplicant.
|
||||
#
|
||||
# If the os_get_random() is known to provide strong random data (e.g., on
|
||||
# Linux/BSD, the board in question is known to have reliable source of random
|
||||
# data from /dev/urandom), the internal wpa_supplicant random pool can be
|
||||
# disabled. This will save some in binary size and CPU use. However, this
|
||||
# should only be considered for builds that are known to be used on devices
|
||||
# that meet the requirements described above.
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
NEED_80211_COMMON=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
|
||||
#CONFIG_IEEE80211N=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
|
||||
# (depends on CONFIG_IEEE80211N)
|
||||
#CONFIG_IEEE80211AC=y
|
||||
|
||||
# Wireless Network Management (IEEE Std 802.11v-2011)
|
||||
# Note: This is experimental and not complete implementation.
|
||||
#CONFIG_WNM=y
|
||||
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks (GAS/ANQP to learn more about the networks and network
|
||||
# selection based on available credentials).
|
||||
#CONFIG_INTERWORKING=y
|
||||
|
||||
# Hotspot 2.0
|
||||
#CONFIG_HS20=y
|
||||
|
||||
# Enable interface matching in wpa_supplicant
|
||||
#CONFIG_MATCH_IFACE=y
|
||||
|
||||
# Disable roaming in wpa_supplicant
|
||||
#CONFIG_NO_ROAMING=y
|
||||
|
||||
# AP mode operations with wpa_supplicant
|
||||
# This can be used for controlling AP mode operations with wpa_supplicant. It
|
||||
# should be noted that this is mainly aimed at simple cases like
|
||||
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
|
||||
# external RADIUS server can be supported with hostapd.
|
||||
#CONFIG_AP=y
|
||||
|
||||
# P2P (Wi-Fi Direct)
|
||||
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
|
||||
# more information on P2P operations.
|
||||
#CONFIG_P2P=y
|
||||
|
||||
# Enable TDLS support
|
||||
#CONFIG_TDLS=y
|
||||
|
||||
# Wi-Fi Direct
|
||||
# This can be used to enable Wi-Fi Direct extensions for P2P using an external
|
||||
# program to control the additional information exchanges in the messages.
|
||||
#CONFIG_WIFI_DISPLAY=y
|
||||
|
||||
# Autoscan
|
||||
# This can be used to enable automatic scan support in wpa_supplicant.
|
||||
# See wpa_supplicant.conf for more information on autoscan usage.
|
||||
#
|
||||
# Enabling directly a module will enable autoscan support.
|
||||
# For exponential module:
|
||||
#CONFIG_AUTOSCAN_EXPONENTIAL=y
|
||||
# For periodic module:
|
||||
#CONFIG_AUTOSCAN_PERIODIC=y
|
||||
|
||||
# Password (and passphrase, etc.) backend for external storage
|
||||
# These optional mechanisms can be used to add support for storing passwords
|
||||
# and other secrets in external (to wpa_supplicant) location. This allows, for
|
||||
# example, operating system specific key storage to be used
|
||||
#
|
||||
# External password backend for testing purposes (developer use)
|
||||
#CONFIG_EXT_PASSWORD_TEST=y
|
||||
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
|
||||
# Enable CLI commands for FST testing
|
||||
#CONFIG_FST_TEST=y
|
||||
|
||||
# OS X builds. This is only for building eapol_test.
|
||||
#CONFIG_OSX=y
|
||||
|
||||
# Automatic Channel Selection
|
||||
# This will allow wpa_supplicant to pick the channel automatically when channel
|
||||
# is set to "0".
|
||||
#
|
||||
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
|
||||
# to "channel=0". This would enable us to eventually add other ACS algorithms in
|
||||
# similar way.
|
||||
#
|
||||
# Automatic selection is currently only done through initialization, later on
|
||||
# we hope to do background checks to keep us moving to more ideal channels as
|
||||
# time goes by. ACS is currently only supported through the nl80211 driver and
|
||||
# your driver must have survey dump capability that is filled by the driver
|
||||
# during scanning.
|
||||
#
|
||||
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
|
||||
# a newly to create wpa_supplicant.conf variable acs_num_scans.
|
||||
#
|
||||
# Supported ACS drivers:
|
||||
# * ath9k
|
||||
# * ath5k
|
||||
# * ath10k
|
||||
#
|
||||
# For more details refer to:
|
||||
# http://wireless.kernel.org/en/users/Documentation/acs
|
||||
#CONFIG_ACS=y
|
||||
|
||||
# Support Multi Band Operation
|
||||
#CONFIG_MBO=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
# FILS shared key authentication with PFS
|
||||
#CONFIG_FILS_SK_PFS=y
|
||||
|
||||
# Support RSN on IBSS networks
|
||||
# This is needed to be able to use mode=1 network profile with proto=RSN and
|
||||
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
|
||||
CONFIG_IBSS_RSN=y
|
||||
|
||||
# External PMKSA cache control
|
||||
# This can be used to enable control interface commands that allow the current
|
||||
# PMKSA cache entries to be fetched and new entries to be added.
|
||||
#CONFIG_PMKSA_CACHE_EXTERNAL=y
|
||||
|
||||
# Mesh Networking (IEEE 802.11s)
|
||||
#CONFIG_MESH=y
|
||||
|
||||
# Background scanning modules
|
||||
# These can be used to request wpa_supplicant to perform background scanning
|
||||
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
|
||||
# the wpa_supplicant.conf file for more details.
|
||||
# Periodic background scans based on signal strength
|
||||
#CONFIG_BGSCAN_SIMPLE=y
|
||||
# Learn channels used by the network and try to avoid bgscans on other
|
||||
# channels (experimental)
|
||||
#CONFIG_BGSCAN_LEARN=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
#CONFIG_OWE=y
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
# Example wpa_supplicant build time configuration
|
||||
#
|
||||
# This file lists the configuration options that are used when building the
|
||||
# hostapd binary. All lines starting with # are ignored. Configuration option
|
||||
# lines must be commented out complete, if they are not to be included, i.e.,
|
||||
# just setting VARIABLE=n is not disabling that variable.
|
||||
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
|
||||
# option lines must be commented out complete, if they are not to be included,
|
||||
# i.e., just setting VARIABLE=n is not disabling that variable.
|
||||
#
|
||||
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
|
||||
# be modified from here. In most cases, these lines should use += in order not
|
||||
@ -20,63 +20,33 @@
|
||||
# used to fix build issues on such systems (krb5.h not found).
|
||||
#CFLAGS += -I/usr/include/kerberos
|
||||
|
||||
# Example configuration for various cross-compilation platforms
|
||||
|
||||
#### sveasoft (e.g., for Linksys WRT54G) ######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
|
||||
#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
|
||||
###############################################################################
|
||||
|
||||
#### openwrt (e.g., for Linksys WRT54G) #######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
|
||||
# -I../WRT54GS/release/src/include
|
||||
#LIBS = -lssl
|
||||
###############################################################################
|
||||
|
||||
|
||||
# Driver interface for Host AP driver
|
||||
#CONFIG_DRIVER_HOSTAP=y
|
||||
|
||||
# Driver interface for Agere driver
|
||||
#CONFIG_DRIVER_HERMES=y
|
||||
# Change include directories to match with the local setup
|
||||
#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
|
||||
#CFLAGS += -I../../include/wireless
|
||||
|
||||
# Driver interface for ndiswrapper
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_NDISWRAPPER=y
|
||||
|
||||
# Driver interface for Atmel driver
|
||||
# CONFIG_DRIVER_ATMEL=y
|
||||
|
||||
# Driver interface for old Broadcom driver
|
||||
# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
|
||||
# Linux wireless extensions and does not need (or even work) with the old
|
||||
# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
|
||||
#CONFIG_DRIVER_BROADCOM=y
|
||||
# Example path for wlioctl.h; change to match your configuration
|
||||
#CFLAGS += -I/opt/WRT54GS/release/src/include
|
||||
|
||||
# Driver interface for Intel ipw2100/2200 driver
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_IPW=y
|
||||
|
||||
# Driver interface for Ralink driver
|
||||
#CONFIG_DRIVER_RALINK=y
|
||||
|
||||
# Driver interface for generic Linux wireless extensions
|
||||
# Note: WEXT is deprecated in the current Linux kernel version and no new
|
||||
# functionality is added to it. nl80211-based interface is the new
|
||||
# replacement for WEXT and its use allows wpa_supplicant to properly control
|
||||
# the driver to improve existing functionality like roaming and to support new
|
||||
# functionality.
|
||||
CONFIG_DRIVER_WEXT=y
|
||||
|
||||
# Driver interface for Linux drivers using the nl80211 kernel interface
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
|
||||
# QCA vendor extensions to nl80211
|
||||
#CONFIG_DRIVER_NL80211_QCA=y
|
||||
|
||||
# driver_nl80211.c requires libnl. If you are compiling it yourself
|
||||
# you may need to point hostapd to your version of libnl.
|
||||
#
|
||||
#CFLAGS += -I$<path to libnl include files>
|
||||
#LIBS += -L$<path to libnl library files>
|
||||
|
||||
# Use libnl v2.0 (or 3.0) libraries.
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
|
||||
#CONFIG_LIBNL32=y
|
||||
|
||||
|
||||
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
||||
#CONFIG_DRIVER_BSD=y
|
||||
#CFLAGS += -I/usr/local/include
|
||||
@ -100,14 +70,6 @@ CONFIG_DRIVER_NL80211=y
|
||||
# wpa_supplicant.
|
||||
# CONFIG_USE_NDISUIO=y
|
||||
|
||||
# Driver interface for development testing
|
||||
#CONFIG_DRIVER_TEST=y
|
||||
|
||||
# Include client MLME (management frame processing) for test driver
|
||||
# This can be used to test MLME operations in hostapd with the test interface.
|
||||
# space.
|
||||
#CONFIG_CLIENT_MLME=y
|
||||
|
||||
# Driver interface for wired Ethernet drivers
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
|
||||
@ -117,37 +79,40 @@ CONFIG_DRIVER_WIRED=y
|
||||
# Driver interface for no driver (e.g., WPS ER only)
|
||||
#CONFIG_DRIVER_NONE=y
|
||||
|
||||
# Solaris libraries
|
||||
#LIBS += -lsocket -ldlpi -lnsl
|
||||
#LIBS_c += -lsocket
|
||||
|
||||
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
|
||||
# included)
|
||||
# CONFIG_IEEE8021X_EAPOL=y
|
||||
#CONFIG_IEEE8021X_EAPOL=y
|
||||
|
||||
# EAP-MD5
|
||||
# CONFIG_EAP_MD5=y
|
||||
#CONFIG_EAP_MD5=y
|
||||
|
||||
# EAP-MSCHAPv2
|
||||
# CONFIG_EAP_MSCHAPV2=y
|
||||
#CONFIG_EAP_MSCHAPV2=y
|
||||
|
||||
# EAP-TLS
|
||||
# CONFIG_EAP_TLS=y
|
||||
#CONFIG_EAP_TLS=y
|
||||
|
||||
# EAL-PEAP
|
||||
# CONFIG_EAP_PEAP=y
|
||||
#CONFIG_EAP_PEAP=y
|
||||
|
||||
# EAP-TTLS
|
||||
# CONFIG_EAP_TTLS=y
|
||||
#CONFIG_EAP_TTLS=y
|
||||
|
||||
# EAP-FAST
|
||||
# Note: Default OpenSSL package does not include support for all the
|
||||
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
||||
# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
|
||||
# to add the needed functions.
|
||||
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
|
||||
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
|
||||
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
|
||||
#CONFIG_EAP_FAST=y
|
||||
|
||||
# EAP-GTC
|
||||
# CONFIG_EAP_GTC=y
|
||||
#CONFIG_EAP_GTC=y
|
||||
|
||||
# EAP-OTP
|
||||
# CONFIG_EAP_OTP=y
|
||||
#CONFIG_EAP_OTP=y
|
||||
|
||||
# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used)
|
||||
#CONFIG_EAP_SIM=y
|
||||
@ -155,11 +120,14 @@ CONFIG_DRIVER_WIRED=y
|
||||
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
|
||||
#CONFIG_EAP_PSK=y
|
||||
|
||||
# EAP-pwd (secure authentication using only a password)
|
||||
#CONFIG_EAP_PWD=y
|
||||
|
||||
# EAP-PAX
|
||||
#CONFIG_EAP_PAX=y
|
||||
|
||||
# LEAP
|
||||
# CONFIG_EAP_LEAP=y
|
||||
#CONFIG_EAP_LEAP=y
|
||||
|
||||
# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used)
|
||||
#CONFIG_EAP_AKA=y
|
||||
@ -184,29 +152,48 @@ CONFIG_DRIVER_WIRED=y
|
||||
|
||||
# Wi-Fi Protected Setup (WPS)
|
||||
#CONFIG_WPS=y
|
||||
# Enable WPS external registrar functionality
|
||||
#CONFIG_WPS_ER=y
|
||||
# Disable credentials for an open network by default when acting as a WPS
|
||||
# registrar.
|
||||
#CONFIG_WPS_REG_DISABLE_OPEN=y
|
||||
# Enable WPS support with NFC config method
|
||||
#CONFIG_WPS_NFC=y
|
||||
|
||||
# EAP-IKEv2
|
||||
#CONFIG_EAP_IKEV2=y
|
||||
|
||||
# EAP-EKE
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
# CONFIG_PKCS12=y
|
||||
#CONFIG_PKCS12=y
|
||||
|
||||
# Smartcard support (i.e., private key on a smartcard), e.g., with openssl
|
||||
# engine.
|
||||
# CONFIG_SMARTCARD=y
|
||||
#CONFIG_SMARTCARD=y
|
||||
|
||||
# PC/SC interface for smartcards (USIM, GSM SIM)
|
||||
# Enable this if EAP-SIM or EAP-AKA is included
|
||||
#CONFIG_PCSC=y
|
||||
|
||||
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
|
||||
#CONFIG_HT_OVERRIDES=y
|
||||
|
||||
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
|
||||
#CONFIG_VHT_OVERRIDES=y
|
||||
|
||||
# Development testing
|
||||
#CONFIG_EAPOL_TEST=y
|
||||
|
||||
# Select control interface backend for external programs, e.g, wpa_cli:
|
||||
# unix = UNIX domain sockets (default for Linux/*BSD)
|
||||
# udp = UDP sockets using localhost (127.0.0.1)
|
||||
# udp6 = UDP IPv6 sockets using localhost (::1)
|
||||
# named_pipe = Windows Named Pipe (default for Windows)
|
||||
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
|
||||
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
|
||||
# y = use default (backwards compatibility)
|
||||
# If this option is commented out, control interface is not included in the
|
||||
# build.
|
||||
@ -218,6 +205,10 @@ CONFIG_CTRL_IFACE=y
|
||||
# the resulting binary.
|
||||
#CONFIG_READLINE=y
|
||||
|
||||
# Include internal line edit mode in wpa_cli. This can be used as a replacement
|
||||
# for GNU Readline to provide limited command line editing and history support.
|
||||
#CONFIG_WPA_CLI_EDIT=y
|
||||
|
||||
# Remove debugging code that is printing out debug message to stdout.
|
||||
# This can be used to reduce the size of the wpa_supplicant considerably
|
||||
# if debugging code is not needed. The size reduction can be around 35%
|
||||
@ -228,11 +219,6 @@ CONFIG_CTRL_IFACE=y
|
||||
# 35-50 kB in code size.
|
||||
#CONFIG_NO_WPA=y
|
||||
|
||||
# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
|
||||
# save about 1 kB in code size when building only WPA-Personal (no EAP support)
|
||||
# or 6 kB if building for WPA-Enterprise.
|
||||
#CONFIG_NO_WPA2=y
|
||||
|
||||
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
|
||||
# This option can be used to reduce code size by removing support for
|
||||
# converting ASCII passphrases into PSK. If this functionality is removed, the
|
||||
@ -267,7 +253,7 @@ CONFIG_BACKEND=file
|
||||
# main_none = Very basic example (development use only)
|
||||
#CONFIG_MAIN=main
|
||||
|
||||
# Select wrapper for operatins system and C library specific functions
|
||||
# Select wrapper for operating system and C library specific functions
|
||||
# unix = UNIX/POSIX like systems (default)
|
||||
# win32 = Windows systems
|
||||
# none = Empty template
|
||||
@ -276,9 +262,17 @@ CONFIG_BACKEND=file
|
||||
# Select event loop implementation
|
||||
# eloop = select() loop (default)
|
||||
# eloop_win = Windows events and WaitForMultipleObject() loop
|
||||
# eloop_none = Empty template
|
||||
#CONFIG_ELOOP=eloop
|
||||
|
||||
# Should we use poll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_POLL=y
|
||||
|
||||
# Should we use epoll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Should we use kqueue instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_KQUEUE=y
|
||||
|
||||
# Select layer 2 packet implementation
|
||||
# linux = Linux packet socket (default)
|
||||
# pcap = libpcap/libdnet/WinPcap
|
||||
@ -288,29 +282,44 @@ CONFIG_BACKEND=file
|
||||
# none = Empty template
|
||||
#CONFIG_L2_PACKET=linux
|
||||
|
||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
||||
# CONFIG_PEERKEY=y
|
||||
# Disable Linux packet socket workaround applicable for station interface
|
||||
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
|
||||
# is known to not have the regression issue in packet socket behavior with
|
||||
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
||||
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
||||
|
||||
# IEEE 802.11w (management frame protection)
|
||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||
# draft and is subject to change since the standard has not yet been finalized.
|
||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
||||
#CONFIG_PEERKEY=y
|
||||
|
||||
# IEEE 802.11w (management frame protection), also known as PMF
|
||||
# Driver support is also needed for IEEE 802.11w.
|
||||
#CONFIG_IEEE80211W=y
|
||||
|
||||
# Select TLS implementation
|
||||
# openssl = OpenSSL (default)
|
||||
# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
CONFIG_TLS=internal
|
||||
|
||||
# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
|
||||
# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
|
||||
# even though the core GnuTLS library is released under LGPL, this extra
|
||||
# library uses GPL and as such, the terms of GPL apply to the combination
|
||||
# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
|
||||
# apply for distribution of the resulting binary.
|
||||
#CONFIG_GNUTLS_EXTRA=y
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used. It should be noted that some existing TLS v1.0 -based
|
||||
# implementation may not be compatible with TLS v1.1 message (ClientHello is
|
||||
# sent prior to negotiating which version will be used)
|
||||
#CONFIG_TLSV11=y
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
|
||||
# can be enabled to enable use of stronger crypto algorithms. It should be
|
||||
# noted that some existing TLS v1.0 -based implementation may not be compatible
|
||||
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
|
||||
# will be used)
|
||||
#CONFIG_TLSV12=y
|
||||
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@ -366,12 +375,31 @@ CONFIG_TLS=internal
|
||||
# amount of memory/flash.
|
||||
#CONFIG_DYNAMIC_EAP_METHODS=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition)
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
|
||||
#CONFIG_IEEE80211R=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies
|
||||
# CONFIG_IEEE80211R).
|
||||
#CONFIG_IEEE80211R_AP=y
|
||||
|
||||
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
# Send debug messages to syslog instead of stdout
|
||||
#CONFIG_DEBUG_SYSLOG=y
|
||||
# Set syslog facility for debug messages
|
||||
#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
|
||||
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
# same file, e.g., using trace-cmd.
|
||||
#CONFIG_DEBUG_LINUX_TRACING=y
|
||||
|
||||
# Add support for writing debug log to Android logcat instead of standard
|
||||
# output
|
||||
#CONFIG_ANDROID_LOG=y
|
||||
|
||||
# Enable privilege separation (see README 'Privilege separation' for details)
|
||||
#CONFIG_PRIVSEP=y
|
||||
|
||||
@ -383,7 +411,7 @@ CONFIG_TLS=internal
|
||||
# This tracks use of memory allocations and other registrations and reports
|
||||
# incorrect use with a backtrace of call (or allocation) location.
|
||||
#CONFIG_WPA_TRACE=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lexecinfo
|
||||
#LIBS_p += -lexecinfo
|
||||
#LIBS_c += -lexecinfo
|
||||
@ -392,10 +420,174 @@ CONFIG_TLS=internal
|
||||
# This enables use of libbfd to get more detailed symbols for the backtraces
|
||||
# generated by CONFIG_WPA_TRACE=y.
|
||||
#CONFIG_WPA_TRACE_BFD=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lbfd -liberty -lz
|
||||
#LIBS_p += -lbfd -liberty -lz
|
||||
#LIBS_c += -lbfd -liberty -lz
|
||||
|
||||
# wpa_supplicant depends on strong random number generation being available
|
||||
# from the operating system. os_get_random() function is used to fetch random
|
||||
# data when needed, e.g., for key generation. On Linux and BSD systems, this
|
||||
# works by reading /dev/urandom. It should be noted that the OS entropy pool
|
||||
# needs to be properly initialized before wpa_supplicant is started. This is
|
||||
# important especially on embedded devices that do not have a hardware random
|
||||
# number generator and may by default start up with minimal entropy available
|
||||
# for random number generation.
|
||||
#
|
||||
# As a safety net, wpa_supplicant is by default trying to internally collect
|
||||
# additional entropy for generating random data to mix in with the data fetched
|
||||
# from the OS. This by itself is not considered to be very strong, but it may
|
||||
# help in cases where the system pool is not initialized properly. However, it
|
||||
# is very strongly recommended that the system pool is initialized with enough
|
||||
# entropy either by using hardware assisted random number generator or by
|
||||
# storing state over device reboots.
|
||||
#
|
||||
# wpa_supplicant can be configured to maintain its own entropy store over
|
||||
# restarts to enhance random number generation. This is not perfect, but it is
|
||||
# much more secure than using the same sequence of random numbers after every
|
||||
# reboot. This can be enabled with -e<entropy file> command line option. The
|
||||
# specified file needs to be readable and writable by wpa_supplicant.
|
||||
#
|
||||
# If the os_get_random() is known to provide strong random data (e.g., on
|
||||
# Linux/BSD, the board in question is known to have reliable source of random
|
||||
# data from /dev/urandom), the internal wpa_supplicant random pool can be
|
||||
# disabled. This will save some in binary size and CPU use. However, this
|
||||
# should only be considered for builds that are known to be used on devices
|
||||
# that meet the requirements described above.
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
NEED_80211_COMMON=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
|
||||
#CONFIG_IEEE80211N=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
|
||||
# (depends on CONFIG_IEEE80211N)
|
||||
#CONFIG_IEEE80211AC=y
|
||||
|
||||
# Wireless Network Management (IEEE Std 802.11v-2011)
|
||||
# Note: This is experimental and not complete implementation.
|
||||
#CONFIG_WNM=y
|
||||
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks (GAS/ANQP to learn more about the networks and network
|
||||
# selection based on available credentials).
|
||||
#CONFIG_INTERWORKING=y
|
||||
|
||||
# Hotspot 2.0
|
||||
#CONFIG_HS20=y
|
||||
|
||||
# Enable interface matching in wpa_supplicant
|
||||
#CONFIG_MATCH_IFACE=y
|
||||
|
||||
# Disable roaming in wpa_supplicant
|
||||
#CONFIG_NO_ROAMING=y
|
||||
|
||||
# AP mode operations with wpa_supplicant
|
||||
# This can be used for controlling AP mode operations with wpa_supplicant. It
|
||||
# should be noted that this is mainly aimed at simple cases like
|
||||
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
|
||||
# external RADIUS server can be supported with hostapd.
|
||||
#CONFIG_AP=y
|
||||
|
||||
# P2P (Wi-Fi Direct)
|
||||
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
|
||||
# more information on P2P operations.
|
||||
#CONFIG_P2P=y
|
||||
|
||||
# Enable TDLS support
|
||||
#CONFIG_TDLS=y
|
||||
|
||||
# Wi-Fi Direct
|
||||
# This can be used to enable Wi-Fi Direct extensions for P2P using an external
|
||||
# program to control the additional information exchanges in the messages.
|
||||
#CONFIG_WIFI_DISPLAY=y
|
||||
|
||||
# Autoscan
|
||||
# This can be used to enable automatic scan support in wpa_supplicant.
|
||||
# See wpa_supplicant.conf for more information on autoscan usage.
|
||||
#
|
||||
# Enabling directly a module will enable autoscan support.
|
||||
# For exponential module:
|
||||
#CONFIG_AUTOSCAN_EXPONENTIAL=y
|
||||
# For periodic module:
|
||||
#CONFIG_AUTOSCAN_PERIODIC=y
|
||||
|
||||
# Password (and passphrase, etc.) backend for external storage
|
||||
# These optional mechanisms can be used to add support for storing passwords
|
||||
# and other secrets in external (to wpa_supplicant) location. This allows, for
|
||||
# example, operating system specific key storage to be used
|
||||
#
|
||||
# External password backend for testing purposes (developer use)
|
||||
#CONFIG_EXT_PASSWORD_TEST=y
|
||||
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
|
||||
# Enable CLI commands for FST testing
|
||||
#CONFIG_FST_TEST=y
|
||||
|
||||
# OS X builds. This is only for building eapol_test.
|
||||
#CONFIG_OSX=y
|
||||
|
||||
# Automatic Channel Selection
|
||||
# This will allow wpa_supplicant to pick the channel automatically when channel
|
||||
# is set to "0".
|
||||
#
|
||||
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
|
||||
# to "channel=0". This would enable us to eventually add other ACS algorithms in
|
||||
# similar way.
|
||||
#
|
||||
# Automatic selection is currently only done through initialization, later on
|
||||
# we hope to do background checks to keep us moving to more ideal channels as
|
||||
# time goes by. ACS is currently only supported through the nl80211 driver and
|
||||
# your driver must have survey dump capability that is filled by the driver
|
||||
# during scanning.
|
||||
#
|
||||
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
|
||||
# a newly to create wpa_supplicant.conf variable acs_num_scans.
|
||||
#
|
||||
# Supported ACS drivers:
|
||||
# * ath9k
|
||||
# * ath5k
|
||||
# * ath10k
|
||||
#
|
||||
# For more details refer to:
|
||||
# http://wireless.kernel.org/en/users/Documentation/acs
|
||||
#CONFIG_ACS=y
|
||||
|
||||
# Support Multi Band Operation
|
||||
#CONFIG_MBO=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
# FILS shared key authentication with PFS
|
||||
#CONFIG_FILS_SK_PFS=y
|
||||
|
||||
# Support RSN on IBSS networks
|
||||
# This is needed to be able to use mode=1 network profile with proto=RSN and
|
||||
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
|
||||
#CONFIG_IBSS_RSN=y
|
||||
|
||||
# External PMKSA cache control
|
||||
# This can be used to enable control interface commands that allow the current
|
||||
# PMKSA cache entries to be fetched and new entries to be added.
|
||||
#CONFIG_PMKSA_CACHE_EXTERNAL=y
|
||||
|
||||
# Mesh Networking (IEEE 802.11s)
|
||||
#CONFIG_MESH=y
|
||||
|
||||
# Background scanning modules
|
||||
# These can be used to request wpa_supplicant to perform background scanning
|
||||
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
|
||||
# the wpa_supplicant.conf file for more details.
|
||||
# Periodic background scans based on signal strength
|
||||
#CONFIG_BGSCAN_SIMPLE=y
|
||||
# Learn channels used by the network and try to avoid bgscans on other
|
||||
# channels (experimental)
|
||||
#CONFIG_BGSCAN_LEARN=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
#CONFIG_OWE=y
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
# Example wpa_supplicant build time configuration
|
||||
#
|
||||
# This file lists the configuration options that are used when building the
|
||||
# hostapd binary. All lines starting with # are ignored. Configuration option
|
||||
# lines must be commented out complete, if they are not to be included, i.e.,
|
||||
# just setting VARIABLE=n is not disabling that variable.
|
||||
# wpa_supplicant binary. All lines starting with # are ignored. Configuration
|
||||
# option lines must be commented out complete, if they are not to be included,
|
||||
# i.e., just setting VARIABLE=n is not disabling that variable.
|
||||
#
|
||||
# This file is included in Makefile, so variables like CFLAGS and LIBS can also
|
||||
# be modified from here. In most cases, these lines should use += in order not
|
||||
@ -20,63 +20,33 @@
|
||||
# used to fix build issues on such systems (krb5.h not found).
|
||||
#CFLAGS += -I/usr/include/kerberos
|
||||
|
||||
# Example configuration for various cross-compilation platforms
|
||||
|
||||
#### sveasoft (e.g., for Linksys WRT54G) ######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS += -I../src/include -I../../src/router/openssl/include
|
||||
#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl
|
||||
###############################################################################
|
||||
|
||||
#### openwrt (e.g., for Linksys WRT54G) #######################################
|
||||
#CC=mipsel-uclibc-gcc
|
||||
#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc
|
||||
#CFLAGS += -Os
|
||||
#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \
|
||||
# -I../WRT54GS/release/src/include
|
||||
#LIBS = -lssl
|
||||
###############################################################################
|
||||
|
||||
|
||||
# Driver interface for Host AP driver
|
||||
#CONFIG_DRIVER_HOSTAP=y
|
||||
|
||||
# Driver interface for Agere driver
|
||||
#CONFIG_DRIVER_HERMES=y
|
||||
# Change include directories to match with the local setup
|
||||
#CFLAGS += -I../../hcf -I../../include -I../../include/hcf
|
||||
#CFLAGS += -I../../include/wireless
|
||||
|
||||
# Driver interface for ndiswrapper
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_NDISWRAPPER=y
|
||||
|
||||
# Driver interface for Atmel driver
|
||||
# CONFIG_DRIVER_ATMEL=y
|
||||
|
||||
# Driver interface for old Broadcom driver
|
||||
# Please note that the newer Broadcom driver ("hybrid Linux driver") supports
|
||||
# Linux wireless extensions and does not need (or even work) with the old
|
||||
# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver.
|
||||
#CONFIG_DRIVER_BROADCOM=y
|
||||
# Example path for wlioctl.h; change to match your configuration
|
||||
#CFLAGS += -I/opt/WRT54GS/release/src/include
|
||||
|
||||
# Driver interface for Intel ipw2100/2200 driver
|
||||
# Deprecated; use CONFIG_DRIVER_WEXT=y instead.
|
||||
#CONFIG_DRIVER_IPW=y
|
||||
|
||||
# Driver interface for Ralink driver
|
||||
#CONFIG_DRIVER_RALINK=y
|
||||
|
||||
# Driver interface for generic Linux wireless extensions
|
||||
# Note: WEXT is deprecated in the current Linux kernel version and no new
|
||||
# functionality is added to it. nl80211-based interface is the new
|
||||
# replacement for WEXT and its use allows wpa_supplicant to properly control
|
||||
# the driver to improve existing functionality like roaming and to support new
|
||||
# functionality.
|
||||
CONFIG_DRIVER_WEXT=y
|
||||
|
||||
# Driver interface for Linux drivers using the nl80211 kernel interface
|
||||
CONFIG_DRIVER_NL80211=y
|
||||
|
||||
# QCA vendor extensions to nl80211
|
||||
#CONFIG_DRIVER_NL80211_QCA=y
|
||||
|
||||
# driver_nl80211.c requires libnl. If you are compiling it yourself
|
||||
# you may need to point hostapd to your version of libnl.
|
||||
#
|
||||
#CFLAGS += -I$<path to libnl include files>
|
||||
#LIBS += -L$<path to libnl library files>
|
||||
|
||||
# Use libnl v2.0 (or 3.0) libraries.
|
||||
#CONFIG_LIBNL20=y
|
||||
|
||||
# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored)
|
||||
#CONFIG_LIBNL32=y
|
||||
|
||||
|
||||
# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver)
|
||||
#CONFIG_DRIVER_BSD=y
|
||||
#CFLAGS += -I/usr/local/include
|
||||
@ -100,14 +70,6 @@ CONFIG_DRIVER_NL80211=y
|
||||
# wpa_supplicant.
|
||||
# CONFIG_USE_NDISUIO=y
|
||||
|
||||
# Driver interface for development testing
|
||||
#CONFIG_DRIVER_TEST=y
|
||||
|
||||
# Include client MLME (management frame processing) for test driver
|
||||
# This can be used to test MLME operations in hostapd with the test interface.
|
||||
# space.
|
||||
#CONFIG_CLIENT_MLME=y
|
||||
|
||||
# Driver interface for wired Ethernet drivers
|
||||
CONFIG_DRIVER_WIRED=y
|
||||
|
||||
@ -117,6 +79,10 @@ CONFIG_DRIVER_WIRED=y
|
||||
# Driver interface for no driver (e.g., WPS ER only)
|
||||
#CONFIG_DRIVER_NONE=y
|
||||
|
||||
# Solaris libraries
|
||||
#LIBS += -lsocket -ldlpi -lnsl
|
||||
#LIBS_c += -lsocket
|
||||
|
||||
# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is
|
||||
# included)
|
||||
CONFIG_IEEE8021X_EAPOL=y
|
||||
@ -137,11 +103,10 @@ CONFIG_EAP_PEAP=y
|
||||
CONFIG_EAP_TTLS=y
|
||||
|
||||
# EAP-FAST
|
||||
# Note: Default OpenSSL package does not include support for all the
|
||||
# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL,
|
||||
# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch)
|
||||
# to add the needed functions.
|
||||
#CONFIG_EAP_FAST=y
|
||||
# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
|
||||
# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
|
||||
# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
|
||||
CONFIG_EAP_FAST=y
|
||||
|
||||
# EAP-GTC
|
||||
CONFIG_EAP_GTC=y
|
||||
@ -155,6 +120,9 @@ CONFIG_EAP_OTP=y
|
||||
# EAP-PSK (experimental; this is _not_ needed for WPA-PSK)
|
||||
#CONFIG_EAP_PSK=y
|
||||
|
||||
# EAP-pwd (secure authentication using only a password)
|
||||
#CONFIG_EAP_PWD=y
|
||||
|
||||
# EAP-PAX
|
||||
#CONFIG_EAP_PAX=y
|
||||
|
||||
@ -184,10 +152,20 @@ CONFIG_EAP_LEAP=y
|
||||
|
||||
# Wi-Fi Protected Setup (WPS)
|
||||
CONFIG_WPS=y
|
||||
# Enable WPS external registrar functionality
|
||||
#CONFIG_WPS_ER=y
|
||||
# Disable credentials for an open network by default when acting as a WPS
|
||||
# registrar.
|
||||
#CONFIG_WPS_REG_DISABLE_OPEN=y
|
||||
# Enable WPS support with NFC config method
|
||||
#CONFIG_WPS_NFC=y
|
||||
|
||||
# EAP-IKEv2
|
||||
#CONFIG_EAP_IKEV2=y
|
||||
|
||||
# EAP-EKE
|
||||
#CONFIG_EAP_EKE=y
|
||||
|
||||
# PKCS#12 (PFX) support (used to read private key and certificate file from
|
||||
# a file that usually has extension .p12 or .pfx)
|
||||
CONFIG_PKCS12=y
|
||||
@ -200,13 +178,22 @@ CONFIG_SMARTCARD=y
|
||||
# Enable this if EAP-SIM or EAP-AKA is included
|
||||
#CONFIG_PCSC=y
|
||||
|
||||
# Support HT overrides (disable HT/HT40, mask MCS rates, etc.)
|
||||
#CONFIG_HT_OVERRIDES=y
|
||||
|
||||
# Support VHT overrides (disable VHT, mask MCS rates, etc.)
|
||||
#CONFIG_VHT_OVERRIDES=y
|
||||
|
||||
# Development testing
|
||||
#CONFIG_EAPOL_TEST=y
|
||||
|
||||
# Select control interface backend for external programs, e.g, wpa_cli:
|
||||
# unix = UNIX domain sockets (default for Linux/*BSD)
|
||||
# udp = UDP sockets using localhost (127.0.0.1)
|
||||
# udp6 = UDP IPv6 sockets using localhost (::1)
|
||||
# named_pipe = Windows Named Pipe (default for Windows)
|
||||
# udp-remote = UDP sockets with remote access (only for tests systems/purpose)
|
||||
# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose)
|
||||
# y = use default (backwards compatibility)
|
||||
# If this option is commented out, control interface is not included in the
|
||||
# build.
|
||||
@ -218,6 +205,10 @@ CONFIG_CTRL_IFACE=y
|
||||
# the resulting binary.
|
||||
#CONFIG_READLINE=y
|
||||
|
||||
# Include internal line edit mode in wpa_cli. This can be used as a replacement
|
||||
# for GNU Readline to provide limited command line editing and history support.
|
||||
#CONFIG_WPA_CLI_EDIT=y
|
||||
|
||||
# Remove debugging code that is printing out debug message to stdout.
|
||||
# This can be used to reduce the size of the wpa_supplicant considerably
|
||||
# if debugging code is not needed. The size reduction can be around 35%
|
||||
@ -228,11 +219,6 @@ CONFIG_CTRL_IFACE=y
|
||||
# 35-50 kB in code size.
|
||||
#CONFIG_NO_WPA=y
|
||||
|
||||
# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to
|
||||
# save about 1 kB in code size when building only WPA-Personal (no EAP support)
|
||||
# or 6 kB if building for WPA-Enterprise.
|
||||
#CONFIG_NO_WPA2=y
|
||||
|
||||
# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support
|
||||
# This option can be used to reduce code size by removing support for
|
||||
# converting ASCII passphrases into PSK. If this functionality is removed, the
|
||||
@ -267,7 +253,7 @@ CONFIG_BACKEND=file
|
||||
# main_none = Very basic example (development use only)
|
||||
#CONFIG_MAIN=main
|
||||
|
||||
# Select wrapper for operatins system and C library specific functions
|
||||
# Select wrapper for operating system and C library specific functions
|
||||
# unix = UNIX/POSIX like systems (default)
|
||||
# win32 = Windows systems
|
||||
# none = Empty template
|
||||
@ -276,9 +262,17 @@ CONFIG_BACKEND=file
|
||||
# Select event loop implementation
|
||||
# eloop = select() loop (default)
|
||||
# eloop_win = Windows events and WaitForMultipleObject() loop
|
||||
# eloop_none = Empty template
|
||||
#CONFIG_ELOOP=eloop
|
||||
|
||||
# Should we use poll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_POLL=y
|
||||
|
||||
# Should we use epoll instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_EPOLL=y
|
||||
|
||||
# Should we use kqueue instead of select? Select is used by default.
|
||||
#CONFIG_ELOOP_KQUEUE=y
|
||||
|
||||
# Select layer 2 packet implementation
|
||||
# linux = Linux packet socket (default)
|
||||
# pcap = libpcap/libdnet/WinPcap
|
||||
@ -288,29 +282,44 @@ CONFIG_BACKEND=file
|
||||
# none = Empty template
|
||||
#CONFIG_L2_PACKET=linux
|
||||
|
||||
# Disable Linux packet socket workaround applicable for station interface
|
||||
# in a bridge for EAPOL frames. This should be uncommented only if the kernel
|
||||
# is known to not have the regression issue in packet socket behavior with
|
||||
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
||||
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
||||
|
||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
||||
CONFIG_PEERKEY=y
|
||||
|
||||
# IEEE 802.11w (management frame protection)
|
||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||
# draft and is subject to change since the standard has not yet been finalized.
|
||||
# IEEE 802.11w (management frame protection), also known as PMF
|
||||
# Driver support is also needed for IEEE 802.11w.
|
||||
CONFIG_IEEE80211W=y
|
||||
|
||||
# Select TLS implementation
|
||||
# openssl = OpenSSL (default)
|
||||
# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA)
|
||||
# gnutls = GnuTLS
|
||||
# internal = Internal TLSv1 implementation (experimental)
|
||||
# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental)
|
||||
# none = Empty template
|
||||
CONFIG_TLS=internal
|
||||
|
||||
# Whether to enable TLS/IA support, which is required for EAP-TTLSv1.
|
||||
# You need CONFIG_TLS=gnutls for this to have any effect. Please note that
|
||||
# even though the core GnuTLS library is released under LGPL, this extra
|
||||
# library uses GPL and as such, the terms of GPL apply to the combination
|
||||
# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not
|
||||
# apply for distribution of the resulting binary.
|
||||
#CONFIG_GNUTLS_EXTRA=y
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1)
|
||||
# can be enabled to get a stronger construction of messages when block ciphers
|
||||
# are used. It should be noted that some existing TLS v1.0 -based
|
||||
# implementation may not be compatible with TLS v1.1 message (ClientHello is
|
||||
# sent prior to negotiating which version will be used)
|
||||
#CONFIG_TLSV11=y
|
||||
|
||||
# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2)
|
||||
# can be enabled to enable use of stronger crypto algorithms. It should be
|
||||
# noted that some existing TLS v1.0 -based implementation may not be compatible
|
||||
# with TLS v1.2 message (ClientHello is sent prior to negotiating which version
|
||||
# will be used)
|
||||
#CONFIG_TLSV12=y
|
||||
|
||||
# Select which ciphers to use by default with OpenSSL if the user does not
|
||||
# specify them.
|
||||
#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW"
|
||||
|
||||
# If CONFIG_TLS=internal is used, additional library and include paths are
|
||||
# needed for LibTomMath. Alternatively, an integrated, minimal version of
|
||||
@ -366,12 +375,31 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
# amount of memory/flash.
|
||||
#CONFIG_DYNAMIC_EAP_METHODS=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition)
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode
|
||||
#CONFIG_IEEE80211R=y
|
||||
|
||||
# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies
|
||||
# CONFIG_IEEE80211R).
|
||||
#CONFIG_IEEE80211R_AP=y
|
||||
|
||||
# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt)
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
# Send debug messages to syslog instead of stdout
|
||||
#CONFIG_DEBUG_SYSLOG=y
|
||||
# Set syslog facility for debug messages
|
||||
#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON
|
||||
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
# same file, e.g., using trace-cmd.
|
||||
#CONFIG_DEBUG_LINUX_TRACING=y
|
||||
|
||||
# Add support for writing debug log to Android logcat instead of standard
|
||||
# output
|
||||
#CONFIG_ANDROID_LOG=y
|
||||
|
||||
# Enable privilege separation (see README 'Privilege separation' for details)
|
||||
#CONFIG_PRIVSEP=y
|
||||
|
||||
@ -383,7 +411,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
# This tracks use of memory allocations and other registrations and reports
|
||||
# incorrect use with a backtrace of call (or allocation) location.
|
||||
#CONFIG_WPA_TRACE=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lexecinfo
|
||||
#LIBS_p += -lexecinfo
|
||||
#LIBS_c += -lexecinfo
|
||||
@ -392,15 +420,174 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y
|
||||
# This enables use of libbfd to get more detailed symbols for the backtraces
|
||||
# generated by CONFIG_WPA_TRACE=y.
|
||||
#CONFIG_WPA_TRACE_BFD=y
|
||||
# For BSD, comment out these.
|
||||
# For BSD, uncomment these.
|
||||
#LIBS += -lbfd -liberty -lz
|
||||
#LIBS_p += -lbfd -liberty -lz
|
||||
#LIBS_c += -lbfd -liberty -lz
|
||||
|
||||
# wpa_supplicant depends on strong random number generation being available
|
||||
# from the operating system. os_get_random() function is used to fetch random
|
||||
# data when needed, e.g., for key generation. On Linux and BSD systems, this
|
||||
# works by reading /dev/urandom. It should be noted that the OS entropy pool
|
||||
# needs to be properly initialized before wpa_supplicant is started. This is
|
||||
# important especially on embedded devices that do not have a hardware random
|
||||
# number generator and may by default start up with minimal entropy available
|
||||
# for random number generation.
|
||||
#
|
||||
# As a safety net, wpa_supplicant is by default trying to internally collect
|
||||
# additional entropy for generating random data to mix in with the data fetched
|
||||
# from the OS. This by itself is not considered to be very strong, but it may
|
||||
# help in cases where the system pool is not initialized properly. However, it
|
||||
# is very strongly recommended that the system pool is initialized with enough
|
||||
# entropy either by using hardware assisted random number generator or by
|
||||
# storing state over device reboots.
|
||||
#
|
||||
# wpa_supplicant can be configured to maintain its own entropy store over
|
||||
# restarts to enhance random number generation. This is not perfect, but it is
|
||||
# much more secure than using the same sequence of random numbers after every
|
||||
# reboot. This can be enabled with -e<entropy file> command line option. The
|
||||
# specified file needs to be readable and writable by wpa_supplicant.
|
||||
#
|
||||
# If the os_get_random() is known to provide strong random data (e.g., on
|
||||
# Linux/BSD, the board in question is known to have reliable source of random
|
||||
# data from /dev/urandom), the internal wpa_supplicant random pool can be
|
||||
# disabled. This will save some in binary size and CPU use. However, this
|
||||
# should only be considered for builds that are known to be used on devices
|
||||
# that meet the requirements described above.
|
||||
CONFIG_NO_RANDOM_POOL=y
|
||||
NEED_80211_COMMON=y
|
||||
|
||||
# IEEE 802.11n (High Throughput) support (mainly for AP mode)
|
||||
#CONFIG_IEEE80211N=y
|
||||
|
||||
# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode)
|
||||
# (depends on CONFIG_IEEE80211N)
|
||||
#CONFIG_IEEE80211AC=y
|
||||
|
||||
# Wireless Network Management (IEEE Std 802.11v-2011)
|
||||
# Note: This is experimental and not complete implementation.
|
||||
#CONFIG_WNM=y
|
||||
|
||||
# Interworking (IEEE 802.11u)
|
||||
# This can be used to enable functionality to improve interworking with
|
||||
# external networks (GAS/ANQP to learn more about the networks and network
|
||||
# selection based on available credentials).
|
||||
#CONFIG_INTERWORKING=y
|
||||
|
||||
# Hotspot 2.0
|
||||
#CONFIG_HS20=y
|
||||
|
||||
# Enable interface matching in wpa_supplicant
|
||||
#CONFIG_MATCH_IFACE=y
|
||||
|
||||
# Disable roaming in wpa_supplicant
|
||||
#CONFIG_NO_ROAMING=y
|
||||
|
||||
# AP mode operations with wpa_supplicant
|
||||
# This can be used for controlling AP mode operations with wpa_supplicant. It
|
||||
# should be noted that this is mainly aimed at simple cases like
|
||||
# WPA2-Personal while more complex configurations like WPA2-Enterprise with an
|
||||
# external RADIUS server can be supported with hostapd.
|
||||
CONFIG_AP=y
|
||||
|
||||
# P2P (Wi-Fi Direct)
|
||||
# This can be used to enable P2P support in wpa_supplicant. See README-P2P for
|
||||
# more information on P2P operations.
|
||||
CONFIG_P2P=y
|
||||
|
||||
# Enable TDLS support
|
||||
#CONFIG_TDLS=y
|
||||
|
||||
# Wi-Fi Direct
|
||||
# This can be used to enable Wi-Fi Direct extensions for P2P using an external
|
||||
# program to control the additional information exchanges in the messages.
|
||||
#CONFIG_WIFI_DISPLAY=y
|
||||
|
||||
# Autoscan
|
||||
# This can be used to enable automatic scan support in wpa_supplicant.
|
||||
# See wpa_supplicant.conf for more information on autoscan usage.
|
||||
#
|
||||
# Enabling directly a module will enable autoscan support.
|
||||
# For exponential module:
|
||||
#CONFIG_AUTOSCAN_EXPONENTIAL=y
|
||||
# For periodic module:
|
||||
#CONFIG_AUTOSCAN_PERIODIC=y
|
||||
|
||||
# Password (and passphrase, etc.) backend for external storage
|
||||
# These optional mechanisms can be used to add support for storing passwords
|
||||
# and other secrets in external (to wpa_supplicant) location. This allows, for
|
||||
# example, operating system specific key storage to be used
|
||||
#
|
||||
# External password backend for testing purposes (developer use)
|
||||
#CONFIG_EXT_PASSWORD_TEST=y
|
||||
|
||||
# Enable Fast Session Transfer (FST)
|
||||
#CONFIG_FST=y
|
||||
|
||||
# Enable CLI commands for FST testing
|
||||
#CONFIG_FST_TEST=y
|
||||
|
||||
# OS X builds. This is only for building eapol_test.
|
||||
#CONFIG_OSX=y
|
||||
|
||||
# Automatic Channel Selection
|
||||
# This will allow wpa_supplicant to pick the channel automatically when channel
|
||||
# is set to "0".
|
||||
#
|
||||
# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative
|
||||
# to "channel=0". This would enable us to eventually add other ACS algorithms in
|
||||
# similar way.
|
||||
#
|
||||
# Automatic selection is currently only done through initialization, later on
|
||||
# we hope to do background checks to keep us moving to more ideal channels as
|
||||
# time goes by. ACS is currently only supported through the nl80211 driver and
|
||||
# your driver must have survey dump capability that is filled by the driver
|
||||
# during scanning.
|
||||
#
|
||||
# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with
|
||||
# a newly to create wpa_supplicant.conf variable acs_num_scans.
|
||||
#
|
||||
# Supported ACS drivers:
|
||||
# * ath9k
|
||||
# * ath5k
|
||||
# * ath10k
|
||||
#
|
||||
# For more details refer to:
|
||||
# http://wireless.kernel.org/en/users/Documentation/acs
|
||||
#CONFIG_ACS=y
|
||||
|
||||
# Support Multi Band Operation
|
||||
#CONFIG_MBO=y
|
||||
|
||||
# Fast Initial Link Setup (FILS) (IEEE 802.11ai)
|
||||
# Note: This is an experimental and not yet complete implementation. This
|
||||
# should not be enabled for production use.
|
||||
#CONFIG_FILS=y
|
||||
# FILS shared key authentication with PFS
|
||||
#CONFIG_FILS_SK_PFS=y
|
||||
|
||||
# Support RSN on IBSS networks
|
||||
# This is needed to be able to use mode=1 network profile with proto=RSN and
|
||||
# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None).
|
||||
CONFIG_IBSS_RSN=y
|
||||
|
||||
CONFIG_P2P=y
|
||||
CONFIG_AP=y
|
||||
# External PMKSA cache control
|
||||
# This can be used to enable control interface commands that allow the current
|
||||
# PMKSA cache entries to be fetched and new entries to be added.
|
||||
#CONFIG_PMKSA_CACHE_EXTERNAL=y
|
||||
|
||||
# Mesh Networking (IEEE 802.11s)
|
||||
#CONFIG_MESH=y
|
||||
|
||||
# Background scanning modules
|
||||
# These can be used to request wpa_supplicant to perform background scanning
|
||||
# operations for roaming within an ESS (same SSID). See the bgscan parameter in
|
||||
# the wpa_supplicant.conf file for more details.
|
||||
# Periodic background scans based on signal strength
|
||||
#CONFIG_BGSCAN_SIMPLE=y
|
||||
# Learn channels used by the network and try to avoid bgscans on other
|
||||
# channels (experimental)
|
||||
#CONFIG_BGSCAN_LEARN=y
|
||||
|
||||
# Opportunistic Wireless Encryption (OWE)
|
||||
# Experimental implementation of draft-harkins-owe-07.txt
|
||||
#CONFIG_OWE=y
|
||||
|
||||
@ -0,0 +1,154 @@
|
||||
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
Date: Fri, 14 Jul 2017 15:15:35 +0200
|
||||
Subject: [PATCH] hostapd: Avoid key reinstallation in FT handshake
|
||||
|
||||
Do not reinstall TK to the driver during Reassociation Response frame
|
||||
processing if the first attempt of setting the TK succeeded. This avoids
|
||||
issues related to clearing the TX/RX PN that could result in reusing
|
||||
same PN values for transmitted frames (e.g., due to CCM nonce reuse and
|
||||
also hitting replay protection on the receiver) and accepting replayed
|
||||
frames on RX side.
|
||||
|
||||
This issue was introduced by the commit
|
||||
0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
|
||||
authenticator') which allowed wpa_ft_install_ptk() to be called multiple
|
||||
times with the same PTK. While the second configuration attempt is
|
||||
needed with some drivers, it must be done only if the first attempt
|
||||
failed.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
---
|
||||
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -2522,6 +2522,7 @@ static int add_associated_sta(struct hos
|
||||
{
|
||||
struct ieee80211_ht_capabilities ht_cap;
|
||||
struct ieee80211_vht_capabilities vht_cap;
|
||||
+ int set = 1;
|
||||
|
||||
/*
|
||||
* Remove the STA entry to ensure the STA PS state gets cleared and
|
||||
@@ -2529,9 +2530,18 @@ static int add_associated_sta(struct hos
|
||||
* FT-over-the-DS, where a station re-associates back to the same AP but
|
||||
* skips the authentication flow, or if working with a driver that
|
||||
* does not support full AP client state.
|
||||
+ *
|
||||
+ * Skip this if the STA has already completed FT reassociation and the
|
||||
+ * TK has been configured since the TX/RX PN must not be reset to 0 for
|
||||
+ * the same key.
|
||||
*/
|
||||
- if (!sta->added_unassoc)
|
||||
+ if (!sta->added_unassoc &&
|
||||
+ (!(sta->flags & WLAN_STA_AUTHORIZED) ||
|
||||
+ !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
|
||||
hostapd_drv_sta_remove(hapd, sta->addr);
|
||||
+ wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
|
||||
+ set = 0;
|
||||
+ }
|
||||
|
||||
#ifdef CONFIG_IEEE80211N
|
||||
if (sta->flags & WLAN_STA_HT)
|
||||
@@ -2554,11 +2564,11 @@ static int add_associated_sta(struct hos
|
||||
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
|
||||
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
|
||||
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
|
||||
- sta->added_unassoc)) {
|
||||
+ set)) {
|
||||
hostapd_logger(hapd, sta->addr,
|
||||
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
|
||||
"Could not %s STA to kernel driver",
|
||||
- sta->added_unassoc ? "set" : "add");
|
||||
+ set ? "set" : "add");
|
||||
|
||||
if (sta->added_unassoc) {
|
||||
hostapd_drv_sta_remove(hapd, sta->addr);
|
||||
--- a/src/ap/wpa_auth.c
|
||||
+++ b/src/ap/wpa_auth.c
|
||||
@@ -1783,6 +1783,9 @@ int wpa_auth_sm_event(struct wpa_state_m
|
||||
#else /* CONFIG_FILS */
|
||||
break;
|
||||
#endif /* CONFIG_FILS */
|
||||
+ case WPA_DRV_STA_REMOVED:
|
||||
+ sm->tk_already_set = FALSE;
|
||||
+ return 0;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_IEEE80211R_AP
|
||||
@@ -3922,6 +3925,14 @@ int wpa_auth_sta_wpa_version(struct wpa_
|
||||
}
|
||||
|
||||
|
||||
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
|
||||
+{
|
||||
+ if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
|
||||
+ return 0;
|
||||
+ return sm->tk_already_set;
|
||||
+}
|
||||
+
|
||||
+
|
||||
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
|
||||
struct rsn_pmksa_cache_entry *entry)
|
||||
{
|
||||
--- a/src/ap/wpa_auth.h
|
||||
+++ b/src/ap/wpa_auth.h
|
||||
@@ -300,7 +300,7 @@ void wpa_receive(struct wpa_authenticato
|
||||
u8 *data, size_t data_len);
|
||||
enum wpa_event {
|
||||
WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
|
||||
- WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS
|
||||
+ WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_ASSOC_FILS, WPA_DRV_STA_REMOVED
|
||||
};
|
||||
void wpa_remove_ptk(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
|
||||
@@ -313,6 +313,7 @@ int wpa_auth_pairwise_set(struct wpa_sta
|
||||
int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
|
||||
+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
|
||||
int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
|
||||
struct rsn_pmksa_cache_entry *entry);
|
||||
struct rsn_pmksa_cache_entry *
|
||||
--- a/src/ap/wpa_auth_ft.c
|
||||
+++ b/src/ap/wpa_auth_ft.c
|
||||
@@ -1937,6 +1937,14 @@ void wpa_ft_install_ptk(struct wpa_state
|
||||
return;
|
||||
}
|
||||
|
||||
+ if (sm->tk_already_set) {
|
||||
+ /* Must avoid TK reconfiguration to prevent clearing of TX/RX
|
||||
+ * PN in the driver */
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "FT: Do not re-install same PTK to the driver");
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
/* FIX: add STA entry to kernel/driver here? The set_key will fail
|
||||
* most likely without this.. At the moment, STA entry is added only
|
||||
* after association has been completed. This function will be called
|
||||
@@ -1949,6 +1957,7 @@ void wpa_ft_install_ptk(struct wpa_state
|
||||
|
||||
/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
|
||||
sm->pairwise_set = TRUE;
|
||||
+ sm->tk_already_set = TRUE;
|
||||
}
|
||||
|
||||
|
||||
@@ -2152,6 +2161,7 @@ static int wpa_ft_process_auth_req(struc
|
||||
|
||||
sm->pairwise = pairwise;
|
||||
sm->PTK_valid = TRUE;
|
||||
+ sm->tk_already_set = FALSE;
|
||||
wpa_ft_install_ptk(sm);
|
||||
|
||||
buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
|
||||
--- a/src/ap/wpa_auth_i.h
|
||||
+++ b/src/ap/wpa_auth_i.h
|
||||
@@ -61,6 +61,7 @@ struct wpa_state_machine {
|
||||
struct wpa_ptk PTK;
|
||||
Boolean PTK_valid;
|
||||
Boolean pairwise_set;
|
||||
+ Boolean tk_already_set;
|
||||
int keycount;
|
||||
Boolean Pair;
|
||||
struct wpa_key_replay_counter {
|
||||
@ -1,83 +0,0 @@
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Tue, 20 Dec 2016 01:30:09 +0200
|
||||
Subject: [PATCH] Fix race condition between AssocResp callback and 4addr event
|
||||
|
||||
It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
|
||||
event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
|
||||
event for (Re)Association Response frame. This resulted in the 4-address
|
||||
WDS mode not getting enabled for a STA. This could occur in particular
|
||||
when operating under heavy load and the STA is reconnecting to the same
|
||||
AP in a sequence where Deauthentication frame is followed immediately by
|
||||
Authentication frame and the driver event processing gets delayed due to
|
||||
removal of the previous netdev taking time in the middle of this
|
||||
sequence.
|
||||
|
||||
Fix this by recording a pending item for 4-address WDS enabling if the
|
||||
NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
|
||||
incompleted association and then process this pending item if the TX
|
||||
status for the (Re)Association Response frame is received and it shows
|
||||
that the frame was acknowledged.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -2634,6 +2634,8 @@ static void handle_assoc(struct hostapd_
|
||||
taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
|
||||
#endif /* CONFIG_TAXONOMY */
|
||||
|
||||
+ sta->pending_wds_enable = 0;
|
||||
+
|
||||
fail:
|
||||
/*
|
||||
* In case of a successful response, add the station to the driver.
|
||||
@@ -3248,6 +3250,14 @@ static void handle_assoc_cb(struct hosta
|
||||
|
||||
hostapd_set_sta_flags(hapd, sta);
|
||||
|
||||
+ if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
|
||||
+ wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
|
||||
+ MACSTR " based on pending request",
|
||||
+ MAC2STR(sta->addr));
|
||||
+ sta->pending_wds_enable = 0;
|
||||
+ sta->flags |= WLAN_STA_WDS;
|
||||
+ }
|
||||
+
|
||||
if (sta->flags & WLAN_STA_WDS) {
|
||||
int ret;
|
||||
char ifname_wds[IFNAMSIZ + 1];
|
||||
@@ -3512,10 +3522,22 @@ void ieee802_11_rx_from_unknown(struct h
|
||||
struct sta_info *sta;
|
||||
|
||||
sta = ap_get_sta(hapd, src);
|
||||
- if (sta && (sta->flags & WLAN_STA_ASSOC)) {
|
||||
+ if (sta &&
|
||||
+ ((sta->flags & WLAN_STA_ASSOC) ||
|
||||
+ ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
|
||||
if (!hapd->conf->wds_sta)
|
||||
return;
|
||||
|
||||
+ if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
|
||||
+ WLAN_STA_ASSOC_REQ_OK) {
|
||||
+ wpa_printf(MSG_DEBUG,
|
||||
+ "Postpone 4-address WDS mode enabling for STA "
|
||||
+ MACSTR " since TX status for AssocResp is not yet known",
|
||||
+ MAC2STR(sta->addr));
|
||||
+ sta->pending_wds_enable = 1;
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
if (wds && !(sta->flags & WLAN_STA_WDS)) {
|
||||
int ret;
|
||||
char ifname_wds[IFNAMSIZ + 1];
|
||||
--- a/src/ap/sta_info.h
|
||||
+++ b/src/ap/sta_info.h
|
||||
@@ -115,6 +115,7 @@ struct sta_info {
|
||||
unsigned int radius_das_match:1;
|
||||
unsigned int ecsa_supported:1;
|
||||
unsigned int added_unassoc:1;
|
||||
+ unsigned int pending_wds_enable:1;
|
||||
|
||||
u16 auth_alg;
|
||||
|
||||
@ -0,0 +1,244 @@
|
||||
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
Date: Wed, 12 Jul 2017 16:03:24 +0200
|
||||
Subject: [PATCH] Prevent reinstallation of an already in-use group key
|
||||
|
||||
Track the current GTK and IGTK that is in use and when receiving a
|
||||
(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
|
||||
not install the given key if it is already in use. This prevents an
|
||||
attacker from trying to trick the client into resetting or lowering the
|
||||
sequence counter associated to the group key.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
---
|
||||
|
||||
--- a/src/common/wpa_common.h
|
||||
+++ b/src/common/wpa_common.h
|
||||
@@ -218,6 +218,17 @@ struct wpa_ptk {
|
||||
size_t tk_len;
|
||||
};
|
||||
|
||||
+struct wpa_gtk {
|
||||
+ u8 gtk[WPA_GTK_MAX_LEN];
|
||||
+ size_t gtk_len;
|
||||
+};
|
||||
+
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+struct wpa_igtk {
|
||||
+ u8 igtk[WPA_IGTK_MAX_LEN];
|
||||
+ size_t igtk_len;
|
||||
+};
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
/* WPA IE version 1
|
||||
* 00-50-f2:1 (OUI:OUI type)
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -800,6 +800,15 @@ static int wpa_supplicant_install_gtk(st
|
||||
const u8 *_gtk = gd->gtk;
|
||||
u8 gtk_buf[32];
|
||||
|
||||
+ /* Detect possible key reinstallation */
|
||||
+ if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
+ gd->keyidx, gd->tx, gd->gtk_len);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
@@ -834,6 +843,9 @@ static int wpa_supplicant_install_gtk(st
|
||||
}
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
|
||||
+ sm->gtk.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -940,6 +952,48 @@ static int wpa_supplicant_pairwise_gtk(s
|
||||
}
|
||||
|
||||
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
||||
+ const struct wpa_igtk_kde *igtk)
|
||||
+{
|
||||
+ size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
+ u16 keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
+
|
||||
+ /* Detect possible key reinstallation */
|
||||
+ if (sm->igtk.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
|
||||
+ keyidx);
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
+ "WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
|
||||
+ keyidx, MAC2STR(igtk->pn));
|
||||
+ wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
|
||||
+ if (keyidx > 4095) {
|
||||
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
+ "WPA: Invalid IGTK KeyID %d", keyidx);
|
||||
+ return -1;
|
||||
+ }
|
||||
+ if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
+ broadcast_ether_addr,
|
||||
+ keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
+ igtk->igtk, len) < 0) {
|
||||
+ wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
+ "WPA: Failed to configure IGTK to the driver");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ sm->igtk.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
+
|
||||
+
|
||||
static int ieee80211w_set_keys(struct wpa_sm *sm,
|
||||
struct wpa_eapol_ie_parse *ie)
|
||||
{
|
||||
@@ -950,30 +1004,14 @@ static int ieee80211w_set_keys(struct wp
|
||||
if (ie->igtk) {
|
||||
size_t len;
|
||||
const struct wpa_igtk_kde *igtk;
|
||||
- u16 keyidx;
|
||||
+
|
||||
len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
|
||||
return -1;
|
||||
+
|
||||
igtk = (const struct wpa_igtk_kde *) ie->igtk;
|
||||
- keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
- wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
|
||||
- "pn %02x%02x%02x%02x%02x%02x",
|
||||
- keyidx, MAC2STR(igtk->pn));
|
||||
- wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
|
||||
- igtk->igtk, len);
|
||||
- if (keyidx > 4095) {
|
||||
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
- "WPA: Invalid IGTK KeyID %d", keyidx);
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
return -1;
|
||||
- }
|
||||
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
- broadcast_ether_addr,
|
||||
- keyidx, 0, igtk->pn, sizeof(igtk->pn),
|
||||
- igtk->igtk, len) < 0) {
|
||||
- wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||
- "WPA: Failed to configure IGTK to the driver");
|
||||
- return -1;
|
||||
- }
|
||||
}
|
||||
|
||||
return 0;
|
||||
@@ -2491,7 +2529,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
|
||||
*/
|
||||
void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
|
||||
{
|
||||
- int clear_ptk = 1;
|
||||
+ int clear_keys = 1;
|
||||
|
||||
if (sm == NULL)
|
||||
return;
|
||||
@@ -2517,7 +2555,7 @@ void wpa_sm_notify_assoc(struct wpa_sm *
|
||||
/* Prepare for the next transition */
|
||||
wpa_ft_prepare_auth_request(sm, NULL);
|
||||
|
||||
- clear_ptk = 0;
|
||||
+ clear_keys = 0;
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211R */
|
||||
#ifdef CONFIG_FILS
|
||||
@@ -2527,11 +2565,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *
|
||||
* AUTHENTICATED state to get the EAPOL port Authorized.
|
||||
*/
|
||||
wpa_supplicant_key_neg_complete(sm, sm->bssid, 1);
|
||||
- clear_ptk = 0;
|
||||
+ clear_keys = 0;
|
||||
}
|
||||
#endif /* CONFIG_FILS */
|
||||
|
||||
- if (clear_ptk) {
|
||||
+ if (clear_keys) {
|
||||
/*
|
||||
* IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
|
||||
* this is not part of a Fast BSS Transition.
|
||||
@@ -2541,6 +2579,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
sm->tptk_set = 0;
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
}
|
||||
|
||||
#ifdef CONFIG_TDLS
|
||||
@@ -3117,6 +3159,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
|
||||
os_memset(sm->pmk, 0, sizeof(sm->pmk));
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
+ os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
|
||||
os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
|
||||
@@ -3189,29 +3235,11 @@ int wpa_wnmsleep_install_key(struct wpa_
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
|
||||
- struct wpa_igtk_kde igd;
|
||||
- u16 keyidx;
|
||||
+ const struct wpa_igtk_kde *igtk;
|
||||
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
- keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
- os_memcpy(igd.keyid, buf + 2, 2);
|
||||
- os_memcpy(igd.pn, buf + 4, 6);
|
||||
-
|
||||
- keyidx = WPA_GET_LE16(igd.keyid);
|
||||
- os_memcpy(igd.igtk, buf + 10, keylen);
|
||||
-
|
||||
- wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
|
||||
- igd.igtk, keylen);
|
||||
- if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
|
||||
- broadcast_ether_addr,
|
||||
- keyidx, 0, igd.pn, sizeof(igd.pn),
|
||||
- igd.igtk, keylen) < 0) {
|
||||
- wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
|
||||
- "WNM mode");
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
+ igtk = (const struct wpa_igtk_kde *) (buf + 2);
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
return -1;
|
||||
- }
|
||||
- os_memset(&igd, 0, sizeof(igd));
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "Unknown element id");
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -31,6 +31,10 @@ struct wpa_sm {
|
||||
u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
int rx_replay_counter_set;
|
||||
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
+ struct wpa_gtk gtk;
|
||||
+#ifdef CONFIG_IEEE80211W
|
||||
+ struct wpa_igtk igtk;
|
||||
+#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
|
||||
|
||||
@ -0,0 +1,182 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sun, 1 Oct 2017 12:12:24 +0300
|
||||
Subject: [PATCH] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
|
||||
Mode cases
|
||||
|
||||
This extends the protection to track last configured GTK/IGTK value
|
||||
separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
|
||||
corner case where these two different mechanisms may get used when the
|
||||
GTK/IGTK has changed and tracking a single value is not sufficient to
|
||||
detect a possible key reconfiguration.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -795,14 +795,17 @@ struct wpa_gtk_data {
|
||||
|
||||
static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
||||
const struct wpa_gtk_data *gd,
|
||||
- const u8 *key_rsc)
|
||||
+ const u8 *key_rsc, int wnm_sleep)
|
||||
{
|
||||
const u8 *_gtk = gd->gtk;
|
||||
u8 gtk_buf[32];
|
||||
|
||||
/* Detect possible key reinstallation */
|
||||
- if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
- os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
|
||||
+ if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
|
||||
+ (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
|
||||
+ os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
|
||||
+ sm->gtk_wnm_sleep.gtk_len) == 0)) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
|
||||
gd->keyidx, gd->tx, gd->gtk_len);
|
||||
@@ -843,8 +846,14 @@ static int wpa_supplicant_install_gtk(st
|
||||
}
|
||||
os_memset(gtk_buf, 0, sizeof(gtk_buf));
|
||||
|
||||
- sm->gtk.gtk_len = gd->gtk_len;
|
||||
- os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+ if (wnm_sleep) {
|
||||
+ sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
|
||||
+ sm->gtk_wnm_sleep.gtk_len);
|
||||
+ } else {
|
||||
+ sm->gtk.gtk_len = gd->gtk_len;
|
||||
+ os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -938,7 +947,7 @@ static int wpa_supplicant_pairwise_gtk(s
|
||||
(wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
|
||||
gtk_len, gtk_len,
|
||||
&gd.key_rsc_len, &gd.alg) ||
|
||||
- wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
|
||||
+ wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"RSN: Failed to install GTK");
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
@@ -954,14 +963,18 @@ static int wpa_supplicant_pairwise_gtk(s
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
|
||||
- const struct wpa_igtk_kde *igtk)
|
||||
+ const struct wpa_igtk_kde *igtk,
|
||||
+ int wnm_sleep)
|
||||
{
|
||||
size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
|
||||
u16 keyidx = WPA_GET_LE16(igtk->keyid);
|
||||
|
||||
/* Detect possible key reinstallation */
|
||||
- if (sm->igtk.igtk_len == len &&
|
||||
- os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
|
||||
+ if ((sm->igtk.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
|
||||
+ (sm->igtk_wnm_sleep.igtk_len == len &&
|
||||
+ os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
|
||||
+ sm->igtk_wnm_sleep.igtk_len) == 0)) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
|
||||
keyidx);
|
||||
@@ -986,8 +999,14 @@ static int wpa_supplicant_install_igtk(s
|
||||
return -1;
|
||||
}
|
||||
|
||||
- sm->igtk.igtk_len = len;
|
||||
- os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+ if (wnm_sleep) {
|
||||
+ sm->igtk_wnm_sleep.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
|
||||
+ sm->igtk_wnm_sleep.igtk_len);
|
||||
+ } else {
|
||||
+ sm->igtk.igtk_len = len;
|
||||
+ os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
|
||||
+ }
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1010,7 +1029,7 @@ static int ieee80211w_set_keys(struct wp
|
||||
return -1;
|
||||
|
||||
igtk = (const struct wpa_igtk_kde *) ie->igtk;
|
||||
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1659,7 +1678,7 @@ static void wpa_supplicant_process_1_of_
|
||||
if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
|
||||
key_rsc = null_rsc;
|
||||
|
||||
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
|
||||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
|
||||
wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
|
||||
goto failed;
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
@@ -2580,8 +2599,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *
|
||||
sm->tptk_set = 0;
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
}
|
||||
|
||||
@@ -3160,8 +3181,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
|
||||
os_memset(&sm->ptk, 0, sizeof(sm->ptk));
|
||||
os_memset(&sm->tptk, 0, sizeof(sm->tptk));
|
||||
os_memset(&sm->gtk, 0, sizeof(sm->gtk));
|
||||
+ os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
os_memset(&sm->igtk, 0, sizeof(sm->igtk));
|
||||
+ os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211R
|
||||
os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
|
||||
@@ -3226,7 +3249,7 @@ int wpa_wnmsleep_install_key(struct wpa_
|
||||
|
||||
wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
|
||||
gd.gtk, gd.gtk_len);
|
||||
- if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
|
||||
+ if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
|
||||
os_memset(&gd, 0, sizeof(gd));
|
||||
wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
|
||||
"WNM mode");
|
||||
@@ -3238,7 +3261,7 @@ int wpa_wnmsleep_install_key(struct wpa_
|
||||
const struct wpa_igtk_kde *igtk;
|
||||
|
||||
igtk = (const struct wpa_igtk_kde *) (buf + 2);
|
||||
- if (wpa_supplicant_install_igtk(sm, igtk) < 0)
|
||||
+ if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
|
||||
return -1;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
} else {
|
||||
@@ -4121,7 +4144,7 @@ int fils_process_assoc_resp(struct wpa_s
|
||||
os_memcpy(gd.gtk, kde.gtk + 2, kde.gtk_len - 2);
|
||||
|
||||
wpa_printf(MSG_DEBUG, "FILS: Set GTK to driver");
|
||||
- if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery) < 0) {
|
||||
+ if (wpa_supplicant_install_gtk(sm, &gd, elems.key_delivery, 0) < 0) {
|
||||
wpa_printf(MSG_DEBUG, "FILS: Failed to set GTK");
|
||||
goto fail;
|
||||
}
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -32,8 +32,10 @@ struct wpa_sm {
|
||||
int rx_replay_counter_set;
|
||||
u8 request_counter[WPA_REPLAY_COUNTER_LEN];
|
||||
struct wpa_gtk gtk;
|
||||
+ struct wpa_gtk gtk_wnm_sleep;
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
struct wpa_igtk igtk;
|
||||
+ struct wpa_igtk igtk_wnm_sleep;
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
|
||||
@ -1,36 +0,0 @@
|
||||
From: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
Date: Sat, 14 Jan 2017 01:04:31 +0200
|
||||
Subject: [PATCH] Fix duplicate Reassociation Request frame dropping
|
||||
|
||||
Relational operators (==) have higher precedence than the ternary
|
||||
conditional in C. The last_subtype check for association/reassociation
|
||||
was broken due to incorrect assumption about the precedence. Fix this by
|
||||
adding parenthesis around the ternary conditional.
|
||||
|
||||
The previous implementation worked for Association Request frames by
|
||||
accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
|
||||
the last receive frame was an Association Request frame, the
|
||||
sta->last_subtype == reassoc check was true and non-zero
|
||||
WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
|
||||
broken for Reassociation Request frame. reassoc == 1 in that case could
|
||||
have matched received Association Response frame (subtype == 1), but
|
||||
those are not received in AP mode and as such, this did not break other
|
||||
behavior apart from not being able to drop duplicated Reassociation
|
||||
Request frames.
|
||||
|
||||
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
|
||||
---
|
||||
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -2485,8 +2485,8 @@ static void handle_assoc(struct hostapd_
|
||||
if ((fc & WLAN_FC_RETRY) &&
|
||||
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
||||
sta->last_seq_ctrl == seq_ctrl &&
|
||||
- sta->last_subtype == reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
||||
- WLAN_FC_STYPE_ASSOC_REQ) {
|
||||
+ sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
||||
+ WLAN_FC_STYPE_ASSOC_REQ)) {
|
||||
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
||||
HOSTAPD_LEVEL_DEBUG,
|
||||
"Drop repeated association frame seq_ctrl=0x%x",
|
||||
@ -0,0 +1,73 @@
|
||||
From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
Date: Fri, 29 Sep 2017 04:22:51 +0200
|
||||
Subject: [PATCH] Prevent installation of an all-zero TK
|
||||
|
||||
Properly track whether a PTK has already been installed to the driver
|
||||
and the TK part cleared from memory. This prevents an attacker from
|
||||
trying to trick the client into installing an all-zero TK.
|
||||
|
||||
This fixes the earlier fix in commit
|
||||
ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
|
||||
driver in EAPOL-Key 3/4 retry case') which did not take into account
|
||||
possibility of an extra message 1/4 showing up between retries of
|
||||
message 3/4.
|
||||
|
||||
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
|
||||
---
|
||||
|
||||
--- a/src/common/wpa_common.h
|
||||
+++ b/src/common/wpa_common.h
|
||||
@@ -216,6 +216,7 @@ struct wpa_ptk {
|
||||
size_t kck_len;
|
||||
size_t kek_len;
|
||||
size_t tk_len;
|
||||
+ int installed; /* 1 if key has already been installed to driver */
|
||||
};
|
||||
|
||||
struct wpa_gtk {
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -594,7 +594,6 @@ static void wpa_supplicant_process_1_of_
|
||||
os_memset(buf, 0, sizeof(buf));
|
||||
}
|
||||
sm->tptk_set = 1;
|
||||
- sm->tk_to_set = 1;
|
||||
|
||||
kde = sm->assoc_wpa_ie;
|
||||
kde_len = sm->assoc_wpa_ie_len;
|
||||
@@ -701,7 +700,7 @@ static int wpa_supplicant_install_ptk(st
|
||||
enum wpa_alg alg;
|
||||
const u8 *key_rsc;
|
||||
|
||||
- if (!sm->tk_to_set) {
|
||||
+ if (sm->ptk.installed) {
|
||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
||||
"WPA: Do not re-install same PTK to the driver");
|
||||
return 0;
|
||||
@@ -745,7 +744,7 @@ static int wpa_supplicant_install_ptk(st
|
||||
|
||||
/* TK is not needed anymore in supplicant */
|
||||
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
||||
- sm->tk_to_set = 0;
|
||||
+ sm->ptk.installed = 1;
|
||||
|
||||
if (sm->wpa_ptk_rekey) {
|
||||
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
||||
@@ -4172,6 +4171,7 @@ int fils_process_assoc_resp(struct wpa_s
|
||||
* takes care of association frame encryption/decryption. */
|
||||
/* TK is not needed anymore in supplicant */
|
||||
os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
|
||||
+ sm->ptk.installed = 1;
|
||||
|
||||
/* FILS HLP Container */
|
||||
fils_process_hlp_container(sm, ie_start, end - ie_start);
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -24,7 +24,6 @@ struct wpa_sm {
|
||||
struct wpa_ptk ptk, tptk;
|
||||
int ptk_set, tptk_set;
|
||||
unsigned int msg_3_of_4_ok:1;
|
||||
- unsigned int tk_to_set:1;
|
||||
u8 snonce[WPA_NONCE_LEN];
|
||||
u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
|
||||
int renew_snonce;
|
||||
@ -1,40 +0,0 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sat, 14 Jan 2017 13:56:18 +0200
|
||||
Subject: [PATCH] RSN IBSS: Fix TK clearing on Authentication frame RX
|
||||
|
||||
When wpa_supplicant was processing a received Authentication frame (seq
|
||||
1) from a peer STA for which there was already a TK configured to the
|
||||
driver, debug log claimed that the PTK gets cleared, but the actual
|
||||
call to clear the key was actually dropped due to AUTH vs. SUPP set_key
|
||||
selection. Fix this by explicitly clearing the TK in case it was set
|
||||
and an Authentication frame (seq 1) is received.
|
||||
|
||||
This fixes some cases where EAPOL-Key frames were sent encrypted using
|
||||
the old key when a peer STA restarted itself and lost the key and had to
|
||||
re-join the IBSS. Previously, that state required timing out the 4-way
|
||||
handshake and Deauthentication frame exchange to recover.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/wpa_supplicant/ibss_rsn.c
|
||||
+++ b/wpa_supplicant/ibss_rsn.c
|
||||
@@ -838,6 +838,18 @@ static void ibss_rsn_handle_auth_1_of_2(
|
||||
MAC2STR(addr));
|
||||
|
||||
if (peer &&
|
||||
+ peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP |
|
||||
+ IBSS_RSN_SET_PTK_AUTH)) {
|
||||
+ /* Clear the TK for this pair to allow recovery from the case
|
||||
+ * where the peer STA has restarted and lost its key while we
|
||||
+ * still have a pairwise key configured. */
|
||||
+ wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer "
|
||||
+ MACSTR, MAC2STR(addr));
|
||||
+ wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0,
|
||||
+ NULL, 0, NULL, 0);
|
||||
+ }
|
||||
+
|
||||
+ if (peer &&
|
||||
peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
|
||||
if (peer->own_auth_tx.sec) {
|
||||
struct os_reltime now, diff;
|
||||
@ -0,0 +1,56 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Sun, 1 Oct 2017 12:32:57 +0300
|
||||
Subject: [PATCH] Fix PTK rekeying to generate a new ANonce
|
||||
|
||||
The Authenticator state machine path for PTK rekeying ended up bypassing
|
||||
the AUTHENTICATION2 state where a new ANonce is generated when going
|
||||
directly to the PTKSTART state since there is no need to try to
|
||||
determine the PMK again in such a case. This is far from ideal since the
|
||||
new PTK would depend on a new nonce only from the supplicant.
|
||||
|
||||
Fix this by generating a new ANonce when moving to the PTKSTART state
|
||||
for the purpose of starting new 4-way handshake to rekey PTK.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/src/ap/wpa_auth.c
|
||||
+++ b/src/ap/wpa_auth.c
|
||||
@@ -1951,6 +1951,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
|
||||
}
|
||||
|
||||
|
||||
+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
|
||||
+{
|
||||
+ if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
|
||||
+ wpa_printf(MSG_ERROR,
|
||||
+ "WPA: Failed to get random data for ANonce");
|
||||
+ sm->Disconnect = TRUE;
|
||||
+ return -1;
|
||||
+ }
|
||||
+ wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
|
||||
+ WPA_NONCE_LEN);
|
||||
+ sm->TimeoutCtr = 0;
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
SM_STATE(WPA_PTK, INITPMK)
|
||||
{
|
||||
u8 msk[2 * PMK_LEN];
|
||||
@@ -3116,9 +3131,12 @@ SM_STEP(WPA_PTK)
|
||||
SM_ENTER(WPA_PTK, AUTHENTICATION);
|
||||
else if (sm->ReAuthenticationRequest)
|
||||
SM_ENTER(WPA_PTK, AUTHENTICATION2);
|
||||
- else if (sm->PTKRequest)
|
||||
- SM_ENTER(WPA_PTK, PTKSTART);
|
||||
- else switch (sm->wpa_ptk_state) {
|
||||
+ else if (sm->PTKRequest) {
|
||||
+ if (wpa_auth_sm_ptk_update(sm) < 0)
|
||||
+ SM_ENTER(WPA_PTK, DISCONNECTED);
|
||||
+ else
|
||||
+ SM_ENTER(WPA_PTK, PTKSTART);
|
||||
+ } else switch (sm->wpa_ptk_state) {
|
||||
case WPA_PTK_INITIALIZE:
|
||||
break;
|
||||
case WPA_PTK_DISCONNECT:
|
||||
@ -1,145 +0,0 @@
|
||||
From cc3dae85bd694506cdea66ae532d452fb8716297 Mon Sep 17 00:00:00 2001
|
||||
From: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
|
||||
Date: Mon, 23 Jan 2017 13:55:04 +0100
|
||||
Subject: [PATCH] hostapd: Add possibility to send debug messages to syslog
|
||||
|
||||
We can only send module specific messages to syslog and not debug
|
||||
messages printed with wpa_printf. Add an extra command line parameter
|
||||
'-s' to allow it. The feature is enabled with compile flag
|
||||
CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
|
||||
as the wpa_supplicant -s command line argument.
|
||||
|
||||
Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
|
||||
---
|
||||
hostapd/Android.mk | 4 ++++
|
||||
hostapd/Makefile | 4 ++++
|
||||
hostapd/defconfig | 3 +++
|
||||
hostapd/main.c | 19 ++++++++++++++++++-
|
||||
src/utils/wpa_debug.c | 2 +-
|
||||
src/utils/wpa_debug.h | 3 +++
|
||||
6 files changed, 33 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/hostapd/Android.mk
|
||||
+++ b/hostapd/Android.mk
|
||||
@@ -952,6 +952,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG
|
||||
L_CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
|
||||
endif
|
||||
|
||||
+ifdef CONFIG_DEBUG_SYSLOG
|
||||
+L_CFLAGS += -DCONFIG_DEBUG_SYSLOG
|
||||
+endif
|
||||
+
|
||||
ifdef CONFIG_DEBUG_LINUX_TRACING
|
||||
L_CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
|
||||
endif
|
||||
--- a/hostapd/Makefile
|
||||
+++ b/hostapd/Makefile
|
||||
@@ -997,6 +997,10 @@ ifdef CONFIG_NO_STDOUT_DEBUG
|
||||
CFLAGS += -DCONFIG_NO_STDOUT_DEBUG
|
||||
endif
|
||||
|
||||
+ifdef CONFIG_DEBUG_SYSLOG
|
||||
+CFLAGS += -DCONFIG_DEBUG_SYSLOG
|
||||
+endif
|
||||
+
|
||||
ifdef CONFIG_DEBUG_LINUX_TRACING
|
||||
CFLAGS += -DCONFIG_DEBUG_LINUX_TRACING
|
||||
endif
|
||||
--- a/hostapd/defconfig
|
||||
+++ b/hostapd/defconfig
|
||||
@@ -166,6 +166,9 @@ CONFIG_IPV6=y
|
||||
# Disabled by default.
|
||||
#CONFIG_DEBUG_FILE=y
|
||||
|
||||
+# Send debug messages to syslog instead of stdout
|
||||
+#CONFIG_DEBUG_SYSLOG=y
|
||||
+
|
||||
# Add support for sending all debug messages (regardless of debug verbosity)
|
||||
# to the Linux kernel tracing facility. This helps debug the entire stack by
|
||||
# making it easy to record everything happening from the driver up into the
|
||||
--- a/hostapd/main.c
|
||||
+++ b/hostapd/main.c
|
||||
@@ -108,6 +108,10 @@ static void hostapd_logger_cb(void *ctx,
|
||||
module_str ? module_str : "",
|
||||
module_str ? ": " : "", txt);
|
||||
|
||||
+#ifdef CONFIG_DEBUG_SYSLOG
|
||||
+ if (wpa_debug_syslog)
|
||||
+ conf_stdout = 0;
|
||||
+#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
if ((conf_stdout & module) && level >= conf_stdout_level) {
|
||||
wpa_debug_print_timestamp();
|
||||
wpa_printf(MSG_INFO, "%s", format);
|
||||
@@ -484,6 +488,9 @@ static void usage(void)
|
||||
" (records all messages regardless of debug verbosity)\n"
|
||||
#endif /* CONFIG_DEBUG_LINUX_TRACING */
|
||||
" -i list of interface names to use\n"
|
||||
+#ifdef CONFIG_DEBUG_SYSLOG
|
||||
+ " -s log output to syslog instead of stdout\n"
|
||||
+#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
" -S start all the interfaces synchronously\n"
|
||||
" -t include timestamps in some debug messages\n"
|
||||
" -v show hostapd version\n");
|
||||
@@ -661,7 +668,7 @@ int main(int argc, char *argv[])
|
||||
dl_list_init(&interfaces.global_ctrl_dst);
|
||||
|
||||
for (;;) {
|
||||
- c = getopt(argc, argv, "b:Bde:f:hi:KP:STtu:vg:G:");
|
||||
+ c = getopt(argc, argv, "b:Bde:f:hi:KP:sSTtu:vg:G:");
|
||||
if (c < 0)
|
||||
break;
|
||||
switch (c) {
|
||||
@@ -718,6 +725,11 @@ int main(int argc, char *argv[])
|
||||
bss_config = tmp_bss;
|
||||
bss_config[num_bss_configs++] = optarg;
|
||||
break;
|
||||
+#ifdef CONFIG_DEBUG_SYSLOG
|
||||
+ case 's':
|
||||
+ wpa_debug_syslog = 1;
|
||||
+ break;
|
||||
+#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
case 'S':
|
||||
start_ifaces_in_sync = 1;
|
||||
break;
|
||||
@@ -746,6 +758,10 @@ int main(int argc, char *argv[])
|
||||
wpa_debug_open_file(log_file);
|
||||
else
|
||||
wpa_debug_setup_stdout();
|
||||
+#ifdef CONFIG_DEBUG_SYSLOG
|
||||
+ if (wpa_debug_syslog)
|
||||
+ wpa_debug_open_syslog();
|
||||
+#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
#ifdef CONFIG_DEBUG_LINUX_TRACING
|
||||
if (enable_trace_dbg) {
|
||||
int tret = wpa_debug_open_linux_tracing();
|
||||
@@ -882,6 +898,7 @@ int main(int argc, char *argv[])
|
||||
hostapd_global_deinit(pid_file, interfaces.eloop_initialized);
|
||||
os_free(pid_file);
|
||||
|
||||
+ wpa_debug_close_syslog();
|
||||
if (log_file)
|
||||
wpa_debug_close_file();
|
||||
wpa_debug_close_linux_tracing();
|
||||
--- a/src/utils/wpa_debug.c
|
||||
+++ b/src/utils/wpa_debug.c
|
||||
@@ -13,7 +13,7 @@
|
||||
#ifdef CONFIG_DEBUG_SYSLOG
|
||||
#include <syslog.h>
|
||||
|
||||
-static int wpa_debug_syslog = 0;
|
||||
+int wpa_debug_syslog = 0;
|
||||
#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
|
||||
#ifdef CONFIG_DEBUG_LINUX_TRACING
|
||||
--- a/src/utils/wpa_debug.h
|
||||
+++ b/src/utils/wpa_debug.h
|
||||
@@ -14,6 +14,9 @@
|
||||
extern int wpa_debug_level;
|
||||
extern int wpa_debug_show_keys;
|
||||
extern int wpa_debug_timestamp;
|
||||
+#ifdef CONFIG_DEBUG_SYSLOG
|
||||
+extern int wpa_debug_syslog;
|
||||
+#endif /* CONFIG_DEBUG_SYSLOG */
|
||||
|
||||
/* Debugging function - conditional printf and hex dump. Driver wrappers can
|
||||
* use these for debugging purposes. */
|
||||
@ -0,0 +1,124 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Fri, 22 Sep 2017 11:03:15 +0300
|
||||
Subject: [PATCH] TDLS: Reject TPK-TK reconfiguration
|
||||
|
||||
Do not try to reconfigure the same TPK-TK to the driver after it has
|
||||
been successfully configured. This is an explicit check to avoid issues
|
||||
related to resetting the TX/RX packet number. There was already a check
|
||||
for this for TPK M2 (retries of that message are ignored completely), so
|
||||
that behavior does not get modified.
|
||||
|
||||
For TPK M3, the TPK-TK could have been reconfigured, but that was
|
||||
followed by immediate teardown of the link due to an issue in updating
|
||||
the STA entry. Furthermore, for TDLS with any real security (i.e.,
|
||||
ignoring open/WEP), the TPK message exchange is protected on the AP path
|
||||
and simple replay attacks are not feasible.
|
||||
|
||||
As an additional corner case, make sure the local nonce gets updated if
|
||||
the peer uses a very unlikely "random nonce" of all zeros.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/src/rsn_supp/tdls.c
|
||||
+++ b/src/rsn_supp/tdls.c
|
||||
@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
|
||||
u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
|
||||
} tpk;
|
||||
int tpk_set;
|
||||
+ int tk_set; /* TPK-TK configured to the driver */
|
||||
int tpk_success;
|
||||
int tpk_in_progress;
|
||||
|
||||
@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_s
|
||||
u8 rsc[6];
|
||||
enum wpa_alg alg;
|
||||
|
||||
+ if (peer->tk_set) {
|
||||
+ /*
|
||||
+ * This same TPK-TK has already been configured to the driver
|
||||
+ * and this new configuration attempt (likely due to an
|
||||
+ * unexpected retransmitted frame) would result in clearing
|
||||
+ * the TX/RX sequence number which can break security, so must
|
||||
+ * not allow that to happen.
|
||||
+ */
|
||||
+ wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
|
||||
+ " has already been configured to the driver - do not reconfigure",
|
||||
+ MAC2STR(peer->addr));
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
os_memset(rsc, 0, 6);
|
||||
|
||||
switch (peer->cipher) {
|
||||
@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_s
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
|
||||
+ MAC2STR(peer->addr));
|
||||
if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
|
||||
rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
|
||||
wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
|
||||
"driver");
|
||||
return -1;
|
||||
}
|
||||
+ peer->tk_set = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -695,7 +713,7 @@ static void wpa_tdls_peer_clear(struct w
|
||||
peer->cipher = 0;
|
||||
peer->qos_info = 0;
|
||||
peer->wmm_capable = 0;
|
||||
- peer->tpk_set = peer->tpk_success = 0;
|
||||
+ peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
|
||||
peer->chan_switch_enabled = 0;
|
||||
os_memset(&peer->tpk, 0, sizeof(peer->tpk));
|
||||
os_memset(peer->inonce, 0, WPA_NONCE_LEN);
|
||||
@@ -1158,6 +1176,7 @@ skip_rsnie:
|
||||
wpa_tdls_peer_free(sm, peer);
|
||||
return -1;
|
||||
}
|
||||
+ peer->tk_set = 0; /* A new nonce results in a new TK */
|
||||
wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
|
||||
peer->inonce, WPA_NONCE_LEN);
|
||||
os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
|
||||
@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct w
|
||||
}
|
||||
|
||||
|
||||
+static int tdls_nonce_set(const u8 *nonce)
|
||||
+{
|
||||
+ int i;
|
||||
+
|
||||
+ for (i = 0; i < WPA_NONCE_LEN; i++) {
|
||||
+ if (nonce[i])
|
||||
+ return 1;
|
||||
+ }
|
||||
+
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
|
||||
const u8 *buf, size_t len)
|
||||
{
|
||||
@@ -2004,7 +2036,8 @@ skip_rsn:
|
||||
peer->rsnie_i_len = kde.rsn_ie_len;
|
||||
peer->cipher = cipher;
|
||||
|
||||
- if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
|
||||
+ if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
|
||||
+ !tdls_nonce_set(peer->inonce)) {
|
||||
/*
|
||||
* There is no point in updating the RNonce for every obtained
|
||||
* TPK M1 frame (e.g., retransmission due to timeout) with the
|
||||
@@ -2020,6 +2053,7 @@ skip_rsn:
|
||||
"TDLS: Failed to get random data for responder nonce");
|
||||
goto error;
|
||||
}
|
||||
+ peer->tk_set = 0; /* A new nonce results in a new TK */
|
||||
}
|
||||
|
||||
#if 0
|
||||
@ -0,0 +1,35 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Fri, 22 Sep 2017 11:25:02 +0300
|
||||
Subject: [PATCH] WNM: Ignore WNM-Sleep Mode Response without pending
|
||||
request
|
||||
|
||||
Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
|
||||
Mode Response if WNM-Sleep Mode has not been used') started ignoring the
|
||||
response when no WNM-Sleep Mode Request had been used during the
|
||||
association. This can be made tighter by clearing the used flag when
|
||||
successfully processing a response. This adds an additional layer of
|
||||
protection against unexpected retransmissions of the response frame.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/wpa_supplicant/wnm_sta.c
|
||||
+++ b/wpa_supplicant/wnm_sta.c
|
||||
@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(
|
||||
|
||||
if (!wpa_s->wnmsleep_used) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
- "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
|
||||
+ "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(
|
||||
return;
|
||||
}
|
||||
|
||||
+ wpa_s->wnmsleep_used = 0;
|
||||
+
|
||||
if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
|
||||
wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
|
||||
wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
|
||||
@ -0,0 +1,68 @@
|
||||
From: Jouni Malinen <j@w1.fi>
|
||||
Date: Fri, 22 Sep 2017 12:06:37 +0300
|
||||
Subject: [PATCH] FT: Do not allow multiple Reassociation Response frames
|
||||
|
||||
The driver is expected to not report a second association event without
|
||||
the station having explicitly request a new association. As such, this
|
||||
case should not be reachable. However, since reconfiguring the same
|
||||
pairwise or group keys to the driver could result in nonce reuse issues,
|
||||
be extra careful here and do an additional state check to avoid this
|
||||
even if the local driver ends up somehow accepting an unexpected
|
||||
Reassociation Response frame.
|
||||
|
||||
Signed-off-by: Jouni Malinen <j@w1.fi>
|
||||
---
|
||||
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -2637,6 +2637,9 @@ void wpa_sm_notify_disassoc(struct wpa_s
|
||||
#ifdef CONFIG_FILS
|
||||
sm->fils_completed = 0;
|
||||
#endif /* CONFIG_FILS */
|
||||
+#ifdef CONFIG_IEEE80211R
|
||||
+ sm->ft_reassoc_completed = 0;
|
||||
+#endif /* CONFIG_IEEE80211R */
|
||||
|
||||
/* Keys are not needed in the WPA state machine anymore */
|
||||
wpa_sm_drop_sa(sm);
|
||||
--- a/src/rsn_supp/wpa_ft.c
|
||||
+++ b/src/rsn_supp/wpa_ft.c
|
||||
@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wp
|
||||
u16 capab;
|
||||
|
||||
sm->ft_completed = 0;
|
||||
+ sm->ft_reassoc_completed = 0;
|
||||
|
||||
buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
|
||||
2 + sm->r0kh_id_len + ric_ies_len + 100;
|
||||
@@ -687,6 +688,11 @@ int wpa_ft_validate_reassoc_resp(struct
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ if (sm->ft_reassoc_completed) {
|
||||
+ wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
|
||||
wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
|
||||
return -1;
|
||||
@@ -787,6 +793,8 @@ int wpa_ft_validate_reassoc_resp(struct
|
||||
return -1;
|
||||
}
|
||||
|
||||
+ sm->ft_reassoc_completed = 1;
|
||||
+
|
||||
if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
|
||||
return -1;
|
||||
|
||||
--- a/src/rsn_supp/wpa_i.h
|
||||
+++ b/src/rsn_supp/wpa_i.h
|
||||
@@ -128,6 +128,7 @@ struct wpa_sm {
|
||||
size_t r0kh_id_len;
|
||||
u8 r1kh_id[FT_R1KH_ID_LEN];
|
||||
int ft_completed;
|
||||
+ int ft_reassoc_completed;
|
||||
int over_the_ds_in_progress;
|
||||
u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
|
||||
int set_ptk_after_assoc;
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
#ifdef ANDROID
|
||||
#include <sys/capability.h>
|
||||
@@ -179,59 +180,46 @@ int os_gmtime(os_time_t t, struct os_tm
|
||||
@@ -182,59 +183,46 @@ int os_gmtime(os_time_t t, struct os_tm
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -259,9 +259,10 @@ void wpa_supplicant_cancel_auth_timeout(
|
||||
@@ -265,9 +265,10 @@ void wpa_supplicant_cancel_auth_timeout(
|
||||
*/
|
||||
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
|
||||
{
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/src/l2_packet/l2_packet_linux.c
|
||||
+++ b/src/l2_packet/l2_packet_linux.c
|
||||
@@ -337,8 +337,7 @@ struct l2_packet_data * l2_packet_init_b
|
||||
@@ -340,8 +340,7 @@ struct l2_packet_data * l2_packet_init_b
|
||||
|
||||
l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback,
|
||||
rx_callback_ctx, l2_hdr);
|
||||
|
||||
@ -18,7 +18,7 @@
|
||||
OBJS += ../src/ap/vlan_init.o
|
||||
OBJS += ../src/ap/vlan_ifconfig.o
|
||||
OBJS += ../src/ap/vlan.o
|
||||
@@ -330,10 +332,14 @@ CFLAGS += -DCONFIG_MBO
|
||||
@@ -354,10 +356,14 @@ CFLAGS += -DCONFIG_MBO
|
||||
OBJS += ../src/ap/mbo_ap.o
|
||||
endif
|
||||
|
||||
@ -36,7 +36,7 @@
|
||||
LIBS += $(DRV_AP_LIBS)
|
||||
|
||||
ifdef CONFIG_L2_PACKET
|
||||
@@ -1077,6 +1083,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
|
||||
@@ -1204,6 +1210,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR)
|
||||
|
||||
BCHECK=../src/drivers/build.hostapd
|
||||
|
||||
@ -49,8 +49,8 @@
|
||||
hostapd: $(BCHECK) $(OBJS)
|
||||
$(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS)
|
||||
@$(E) " LD " $@
|
||||
@@ -1118,6 +1130,12 @@ HOBJS += ../src/crypto/aes-internal.o
|
||||
HOBJS += ../src/crypto/aes-internal-enc.o
|
||||
@@ -1248,6 +1260,12 @@ ifeq ($(CONFIG_TLS), linux)
|
||||
HOBJS += ../src/crypto/crypto_linux.o
|
||||
endif
|
||||
|
||||
+dump_cflags:
|
||||
@ -72,7 +72,7 @@
|
||||
|
||||
ifndef CONFIG_NO_GITVER
|
||||
# Add VERSION_STR postfix for builds from a git repository
|
||||
@@ -329,7 +330,9 @@ endif
|
||||
@@ -357,7 +358,9 @@ endif
|
||||
ifdef CONFIG_IBSS_RSN
|
||||
NEED_RSN_AUTHENTICATOR=y
|
||||
CFLAGS += -DCONFIG_IBSS_RSN
|
||||
@ -82,7 +82,7 @@
|
||||
OBJS += ibss_rsn.o
|
||||
endif
|
||||
|
||||
@@ -820,6 +823,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
|
||||
@@ -861,6 +864,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS
|
||||
CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS
|
||||
LIBS += -ldl -rdynamic
|
||||
endif
|
||||
@ -92,8 +92,8 @@
|
||||
+ endif
|
||||
endif
|
||||
|
||||
ifdef CONFIG_MACSEC
|
||||
@@ -840,9 +847,11 @@ NEED_EAP_COMMON=y
|
||||
ifdef CONFIG_AP
|
||||
@@ -868,9 +875,11 @@ NEED_EAP_COMMON=y
|
||||
NEED_RSN_AUTHENTICATOR=y
|
||||
CFLAGS += -DCONFIG_AP
|
||||
OBJS += ap.o
|
||||
@ -105,7 +105,7 @@
|
||||
OBJS += ../src/ap/hostapd.o
|
||||
OBJS += ../src/ap/wpa_auth_glue.o
|
||||
OBJS += ../src/ap/utils.o
|
||||
@@ -910,6 +919,12 @@ endif
|
||||
@@ -952,6 +961,12 @@ endif
|
||||
ifdef CONFIG_HS20
|
||||
OBJS += ../src/ap/hs20.o
|
||||
endif
|
||||
@ -118,7 +118,7 @@
|
||||
endif
|
||||
|
||||
ifdef CONFIG_MBO
|
||||
@@ -918,7 +933,9 @@ CFLAGS += -DCONFIG_MBO
|
||||
@@ -960,7 +975,9 @@ CFLAGS += -DCONFIG_MBO
|
||||
endif
|
||||
|
||||
ifdef NEED_RSN_AUTHENTICATOR
|
||||
@ -128,7 +128,7 @@
|
||||
NEED_AES_WRAP=y
|
||||
OBJS += ../src/ap/wpa_auth.o
|
||||
OBJS += ../src/ap/wpa_auth_ie.o
|
||||
@@ -1706,6 +1723,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
|
||||
@@ -1835,6 +1852,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv)
|
||||
|
||||
$(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config
|
||||
|
||||
@ -141,7 +141,7 @@
|
||||
wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs)
|
||||
$(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS)
|
||||
@$(E) " LD " $@
|
||||
@@ -1808,6 +1831,12 @@ endif
|
||||
@@ -1937,6 +1960,12 @@ endif
|
||||
-e 's|\@DBUS_INTERFACE\@|$(DBUS_INTERFACE)|g' $< >$@
|
||||
@$(E) " sed" $<
|
||||
|
||||
@ -156,7 +156,7 @@
|
||||
wpa_cli.exe: wpa_cli
|
||||
--- a/src/drivers/driver.h
|
||||
+++ b/src/drivers/driver.h
|
||||
@@ -4968,8 +4968,8 @@ union wpa_event_data {
|
||||
@@ -5317,8 +5317,8 @@ union wpa_event_data {
|
||||
* Driver wrapper code should call this function whenever an event is received
|
||||
* from the driver.
|
||||
*/
|
||||
@ -167,7 +167,7 @@
|
||||
|
||||
/**
|
||||
* wpa_supplicant_event_global - Report a driver event for wpa_supplicant
|
||||
@@ -4981,7 +4981,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
@@ -5330,7 +5330,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
* Same as wpa_supplicant_event(), but we search for the interface in
|
||||
* wpa_global.
|
||||
*/
|
||||
@ -178,7 +178,7 @@
|
||||
/*
|
||||
--- a/src/ap/drv_callbacks.c
|
||||
+++ b/src/ap/drv_callbacks.c
|
||||
@@ -1163,8 +1163,8 @@ static void hostapd_event_dfs_cac_starte
|
||||
@@ -1375,8 +1375,8 @@ static void hostapd_event_dfs_cac_starte
|
||||
#endif /* NEED_AP_MLME */
|
||||
|
||||
|
||||
@ -189,7 +189,7 @@
|
||||
{
|
||||
struct hostapd_data *hapd = ctx;
|
||||
#ifndef CONFIG_NO_STDOUT_DEBUG
|
||||
@@ -1373,7 +1373,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
@@ -1590,7 +1590,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
}
|
||||
|
||||
|
||||
@ -231,7 +231,7 @@
|
||||
os_memset(&global, 0, sizeof(global));
|
||||
--- a/wpa_supplicant/events.c
|
||||
+++ b/wpa_supplicant/events.c
|
||||
@@ -3610,8 +3610,8 @@ static void wpa_supplicant_event_assoc_a
|
||||
@@ -3709,8 +3709,8 @@ static void wpa_supplicant_event_assoc_a
|
||||
}
|
||||
|
||||
|
||||
@ -242,16 +242,7 @@
|
||||
{
|
||||
struct wpa_supplicant *wpa_s = ctx;
|
||||
int resched;
|
||||
@@ -4315,7 +4315,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
#endif /* CONFIG_AP */
|
||||
break;
|
||||
case EVENT_ACS_CHANNEL_SELECTED:
|
||||
-#ifdef CONFIG_ACS
|
||||
+#if defined(CONFIG_ACS) && defined(CONFIG_AP)
|
||||
if (!wpa_s->ap_iface)
|
||||
break;
|
||||
hostapd_acs_channel_selected(wpa_s->ap_iface->bss[0],
|
||||
@@ -4337,7 +4337,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
@@ -4466,7 +4466,7 @@ void wpa_supplicant_event(void *ctx, enu
|
||||
}
|
||||
|
||||
|
||||
@ -262,7 +253,7 @@
|
||||
struct wpa_supplicant *wpa_s;
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -5136,7 +5136,6 @@ struct wpa_interface * wpa_supplicant_ma
|
||||
@@ -5457,7 +5457,6 @@ struct wpa_interface * wpa_supplicant_ma
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -270,7 +261,7 @@
|
||||
/**
|
||||
* wpa_supplicant_match_existing - Match existing interfaces
|
||||
* @global: Pointer to global data from wpa_supplicant_init()
|
||||
@@ -5173,6 +5172,11 @@ static int wpa_supplicant_match_existing
|
||||
@@ -5494,6 +5493,11 @@ static int wpa_supplicant_match_existing
|
||||
|
||||
#endif /* CONFIG_MATCH_IFACE */
|
||||
|
||||
@ -282,7 +273,7 @@
|
||||
|
||||
/**
|
||||
* wpa_supplicant_add_iface - Add a new network interface
|
||||
@@ -5428,6 +5432,8 @@ struct wpa_global * wpa_supplicant_init(
|
||||
@@ -5750,6 +5754,8 @@ struct wpa_global * wpa_supplicant_init(
|
||||
#ifndef CONFIG_NO_WPA_MSG
|
||||
wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
|
||||
#endif /* CONFIG_NO_WPA_MSG */
|
||||
@ -305,9 +296,9 @@
|
||||
|
||||
#ifdef CONFIG_WPS
|
||||
static int gen_uuid(const char *txt_addr)
|
||||
@@ -667,6 +672,8 @@ int main(int argc, char *argv[])
|
||||
interfaces.global_ctrl_sock = -1;
|
||||
dl_list_init(&interfaces.global_ctrl_dst);
|
||||
@@ -670,6 +675,8 @@ int main(int argc, char *argv[])
|
||||
dl_list_init(&interfaces.eth_p_oui);
|
||||
#endif /* CONFIG_ETH_P_OUI */
|
||||
|
||||
+ wpa_supplicant_event = hostapd_wpa_event;
|
||||
+ wpa_supplicant_event_global = hostapd_wpa_event_global;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/hostapd/config_file.c
|
||||
+++ b/hostapd/config_file.c
|
||||
@@ -2953,6 +2953,10 @@ static int hostapd_config_fill(struct ho
|
||||
@@ -3014,6 +3014,10 @@ static int hostapd_config_fill(struct ho
|
||||
}
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
#ifdef CONFIG_IEEE80211N
|
||||
@ -13,7 +13,7 @@
|
||||
} else if (os_strcmp(buf, "ht_capab") == 0) {
|
||||
--- a/src/ap/ap_config.h
|
||||
+++ b/src/ap/ap_config.h
|
||||
@@ -681,6 +681,8 @@ struct hostapd_config {
|
||||
@@ -734,6 +734,8 @@ struct hostapd_config {
|
||||
|
||||
int ht_op_mode_fixed;
|
||||
u16 ht_capab;
|
||||
@ -24,7 +24,7 @@
|
||||
int no_pri_sec_switch;
|
||||
--- a/src/ap/hw_features.c
|
||||
+++ b/src/ap/hw_features.c
|
||||
@@ -474,7 +474,8 @@ static int ieee80211n_check_40mhz(struct
|
||||
@@ -480,7 +480,8 @@ static int ieee80211n_check_40mhz(struct
|
||||
int ret;
|
||||
|
||||
/* Check that HT40 is used and PRI / SEC switch is allowed */
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -3696,7 +3696,7 @@ wpa_supplicant_alloc(struct wpa_supplica
|
||||
@@ -3927,7 +3927,7 @@ wpa_supplicant_alloc(struct wpa_supplica
|
||||
if (wpa_s == NULL)
|
||||
return NULL;
|
||||
wpa_s->scan_req = INITIAL_SCAN_REQ;
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/src/drivers/driver_nl80211.c
|
||||
+++ b/src/drivers/driver_nl80211.c
|
||||
@@ -4104,7 +4104,7 @@ static int nl80211_set_channel(struct i8
|
||||
@@ -4152,7 +4152,7 @@ static int nl80211_set_channel(struct i8
|
||||
freq->freq, freq->ht_enabled, freq->vht_enabled,
|
||||
freq->bandwidth, freq->center_freq1, freq->center_freq2);
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/src/ap/hostapd.c
|
||||
+++ b/src/ap/hostapd.c
|
||||
@@ -80,6 +80,25 @@ static void hostapd_reload_bss(struct ho
|
||||
@@ -87,6 +87,25 @@ static void hostapd_reload_bss(struct ho
|
||||
#endif /* CONFIG_NO_RADIUS */
|
||||
|
||||
ssid = &hapd->conf->ssid;
|
||||
@ -26,7 +26,7 @@
|
||||
if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next &&
|
||||
ssid->wpa_passphrase_set && ssid->wpa_passphrase) {
|
||||
/*
|
||||
@@ -158,6 +177,7 @@ int hostapd_reload_config(struct hostapd
|
||||
@@ -165,6 +184,7 @@ int hostapd_reload_config(struct hostapd
|
||||
struct hostapd_data *hapd = iface->bss[0];
|
||||
struct hostapd_config *newconf, *oldconf;
|
||||
size_t j;
|
||||
@ -34,7 +34,7 @@
|
||||
|
||||
if (iface->config_fname == NULL) {
|
||||
/* Only in-memory config in use - assume it has been updated */
|
||||
@@ -179,21 +199,20 @@ int hostapd_reload_config(struct hostapd
|
||||
@@ -186,21 +206,20 @@ int hostapd_reload_config(struct hostapd
|
||||
oldconf = hapd->iconf;
|
||||
iface->conf = newconf;
|
||||
|
||||
|
||||
@ -1,72 +1,54 @@
|
||||
--- a/src/drivers/driver_nl80211.c
|
||||
+++ b/src/drivers/driver_nl80211.c
|
||||
@@ -2490,13 +2490,18 @@ wpa_driver_nl80211_finish_drv_init(struc
|
||||
}
|
||||
|
||||
|
||||
-static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv)
|
||||
+static int wpa_driver_nl80211_del_beacon(struct i802_bss *bss)
|
||||
{
|
||||
+ struct wpa_driver_nl80211_data *drv = bss->drv;
|
||||
@@ -2536,10 +2536,15 @@ static int wpa_driver_nl80211_del_beacon
|
||||
struct nl_msg *msg;
|
||||
struct wpa_driver_nl80211_data *drv = bss->drv;
|
||||
|
||||
+ if (!bss->beacon_set)
|
||||
+ return 0;
|
||||
+
|
||||
+ bss->beacon_set = 0;
|
||||
+
|
||||
wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)",
|
||||
- drv->ifindex);
|
||||
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
|
||||
+ bss->ifindex);
|
||||
nl80211_put_wiphy_data_ap(bss);
|
||||
- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON);
|
||||
+ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON);
|
||||
return send_and_recv_msgs(drv, msg, NULL, NULL);
|
||||
}
|
||||
|
||||
@@ -2548,7 +2553,7 @@ static void wpa_driver_nl80211_deinit(st
|
||||
nl80211_remove_monitor_interface(drv);
|
||||
|
||||
if (is_ap_interface(drv->nlmode))
|
||||
- wpa_driver_nl80211_del_beacon(drv);
|
||||
+ wpa_driver_nl80211_del_beacon(bss);
|
||||
|
||||
if (drv->eapol_sock >= 0) {
|
||||
eloop_unregister_read_sock(drv->eapol_sock);
|
||||
@@ -4703,8 +4708,7 @@ static void nl80211_teardown_ap(struct i
|
||||
nl80211_remove_monitor_interface(drv);
|
||||
else
|
||||
@@ -4753,7 +4758,7 @@ static void nl80211_teardown_ap(struct i
|
||||
nl80211_mgmt_unsubscribe(bss, "AP teardown");
|
||||
-
|
||||
|
||||
nl80211_put_wiphy_data_ap(bss);
|
||||
- bss->beacon_set = 0;
|
||||
+ wpa_driver_nl80211_del_beacon(bss);
|
||||
}
|
||||
|
||||
|
||||
@@ -6728,8 +6732,6 @@ static int wpa_driver_nl80211_if_remove(
|
||||
@@ -6853,8 +6858,6 @@ static int wpa_driver_nl80211_if_remove(
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context");
|
||||
nl80211_teardown_ap(bss);
|
||||
- if (!bss->added_if && !drv->first_bss->next)
|
||||
- wpa_driver_nl80211_del_beacon(drv);
|
||||
- wpa_driver_nl80211_del_beacon(bss);
|
||||
nl80211_destroy_bss(bss);
|
||||
if (!bss->added_if)
|
||||
i802_set_iface_flags(bss, 0);
|
||||
@@ -7091,8 +7093,7 @@ static int wpa_driver_nl80211_deinit_ap(
|
||||
struct wpa_driver_nl80211_data *drv = bss->drv;
|
||||
@@ -7225,7 +7228,6 @@ static int wpa_driver_nl80211_deinit_ap(
|
||||
if (!is_ap_interface(drv->nlmode))
|
||||
return -1;
|
||||
- wpa_driver_nl80211_del_beacon(drv);
|
||||
wpa_driver_nl80211_del_beacon(bss);
|
||||
- bss->beacon_set = 0;
|
||||
+ wpa_driver_nl80211_del_beacon(bss);
|
||||
|
||||
/*
|
||||
* If the P2P GO interface was dynamically added, then it is
|
||||
@@ -7111,8 +7112,7 @@ static int wpa_driver_nl80211_stop_ap(vo
|
||||
struct wpa_driver_nl80211_data *drv = bss->drv;
|
||||
@@ -7245,7 +7247,6 @@ static int wpa_driver_nl80211_stop_ap(vo
|
||||
if (!is_ap_interface(drv->nlmode))
|
||||
return -1;
|
||||
- wpa_driver_nl80211_del_beacon(drv);
|
||||
wpa_driver_nl80211_del_beacon(bss);
|
||||
- bss->beacon_set = 0;
|
||||
+ wpa_driver_nl80211_del_beacon(bss);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/hostapd/ctrl_iface.c
|
||||
+++ b/hostapd/ctrl_iface.c
|
||||
@@ -55,6 +55,7 @@
|
||||
@@ -56,6 +56,7 @@
|
||||
#include "fst/fst_ctrl_iface.h"
|
||||
#include "config_file.h"
|
||||
#include "ctrl_iface.h"
|
||||
@ -8,7 +8,7 @@
|
||||
|
||||
|
||||
#define HOSTAPD_CLI_DUP_VALUE_MAX_LEN 256
|
||||
@@ -73,6 +74,7 @@ static void hostapd_ctrl_iface_send(stru
|
||||
@@ -74,6 +75,7 @@ static void hostapd_ctrl_iface_send(stru
|
||||
enum wpa_msg_type type,
|
||||
const char *buf, size_t len);
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd,
|
||||
struct sockaddr_storage *from,
|
||||
@@ -124,6 +126,61 @@ static int hostapd_ctrl_iface_new_sta(st
|
||||
@@ -125,6 +127,61 @@ static int hostapd_ctrl_iface_new_sta(st
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -78,7 +78,7 @@
|
||||
|
||||
#ifdef CONFIG_IEEE80211W
|
||||
#ifdef NEED_AP_MLME
|
||||
@@ -2620,6 +2677,8 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
@@ -2607,6 +2664,8 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
} else if (os_strncmp(buf, "VENDOR ", 7) == 0) {
|
||||
reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply,
|
||||
reply_size);
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/wpa_supplicant/wpa_supplicant_i.h
|
||||
+++ b/wpa_supplicant/wpa_supplicant_i.h
|
||||
@@ -100,6 +100,11 @@ struct wpa_interface {
|
||||
@@ -101,6 +101,11 @@ struct wpa_interface {
|
||||
const char *ifname;
|
||||
|
||||
/**
|
||||
@ -12,7 +12,7 @@
|
||||
* bridge_ifname - Optional bridge interface name
|
||||
*
|
||||
* If the driver interface (ifname) is included in a Linux bridge
|
||||
@@ -484,6 +489,8 @@ struct wpa_supplicant {
|
||||
@@ -512,6 +517,8 @@ struct wpa_supplicant {
|
||||
#endif /* CONFIG_CTRL_IFACE_BINDER */
|
||||
char bridge_ifname[16];
|
||||
|
||||
@ -34,7 +34,7 @@
|
||||
-include .config
|
||||
-include $(if $(MULTICALL),../hostapd/.config)
|
||||
|
||||
@@ -115,6 +119,8 @@ OBJS_c += ../src/utils/common.o
|
||||
@@ -117,6 +121,8 @@ OBJS_c += ../src/utils/common.o
|
||||
OBJS_c += ../src/common/cli.o
|
||||
OBJS += wmm_ac.o
|
||||
|
||||
@ -45,9 +45,9 @@
|
||||
CONFIG_OS=win32
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -112,6 +112,55 @@ const char *const wpa_supplicant_full_li
|
||||
"\n";
|
||||
#endif /* CONFIG_NO_STDOUT_DEBUG */
|
||||
@@ -118,6 +118,55 @@ const char *const wpa_supplicant_full_li
|
||||
static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
|
||||
|
||||
|
||||
+static int hostapd_stop(struct wpa_supplicant *wpa_s)
|
||||
+{
|
||||
@ -101,7 +101,7 @@
|
||||
/* Configure default/group WEP keys for static WEP */
|
||||
int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
|
||||
{
|
||||
@@ -819,8 +868,12 @@ void wpa_supplicant_set_state(struct wpa
|
||||
@@ -883,8 +932,12 @@ void wpa_supplicant_set_state(struct wpa
|
||||
wpas_p2p_completed(wpa_s);
|
||||
|
||||
sme_sched_obss_scan(wpa_s, 1);
|
||||
@ -114,7 +114,7 @@
|
||||
wpa_s->new_connection = 1;
|
||||
wpa_drv_set_operstate(wpa_s, 0);
|
||||
#ifndef IEEE8021X_EAPOL
|
||||
@@ -4790,6 +4843,20 @@ static int wpa_supplicant_init_iface(str
|
||||
@@ -5080,6 +5133,20 @@ static int wpa_supplicant_init_iface(str
|
||||
sizeof(wpa_s->bridge_ifname));
|
||||
}
|
||||
|
||||
@ -135,7 +135,7 @@
|
||||
/* RSNA Supplicant Key Management - INITIALIZE */
|
||||
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
|
||||
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
|
||||
@@ -5083,6 +5150,11 @@ static void wpa_supplicant_deinit_iface(
|
||||
@@ -5404,6 +5471,11 @@ static void wpa_supplicant_deinit_iface(
|
||||
if (terminate)
|
||||
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
|
||||
|
||||
@ -157,7 +157,7 @@
|
||||
#include "drivers/driver.h"
|
||||
#include "eap_peer/eap.h"
|
||||
#include "wpa_supplicant_i.h"
|
||||
@@ -290,6 +291,10 @@ static void calculate_update_time(const
|
||||
@@ -290,6 +291,10 @@ void calculate_update_time(const struct
|
||||
static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src,
|
||||
struct os_reltime *fetch_time)
|
||||
{
|
||||
|
||||
@ -12,7 +12,7 @@
|
||||
else
|
||||
--- a/hostapd/ctrl_iface.c
|
||||
+++ b/hostapd/ctrl_iface.c
|
||||
@@ -2471,6 +2471,7 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
@@ -2458,6 +2458,7 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
reply_size);
|
||||
} else if (os_strcmp(buf, "STATUS-DRIVER") == 0) {
|
||||
reply_len = hostapd_drv_status(hapd, reply, reply_size);
|
||||
@ -20,7 +20,7 @@
|
||||
} else if (os_strcmp(buf, "MIB") == 0) {
|
||||
reply_len = ieee802_11_get_mib(hapd, reply, reply_size);
|
||||
if (reply_len >= 0) {
|
||||
@@ -2512,6 +2513,7 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
@@ -2499,6 +2500,7 @@ static int hostapd_ctrl_iface_receive_pr
|
||||
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
|
||||
reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply,
|
||||
reply_size);
|
||||
@ -30,8 +30,8 @@
|
||||
reply_len = -1;
|
||||
--- a/wpa_supplicant/Makefile
|
||||
+++ b/wpa_supplicant/Makefile
|
||||
@@ -891,6 +891,9 @@ ifdef CONFIG_MBO
|
||||
OBJS += ../src/ap/mbo_ap.o
|
||||
@@ -926,6 +926,9 @@ ifdef CONFIG_FILS
|
||||
OBJS += ../src/ap/fils_hlp.o
|
||||
endif
|
||||
ifdef CONFIG_CTRL_IFACE
|
||||
+ifdef CONFIG_CTRL_IFACE_MIB
|
||||
@ -42,7 +42,7 @@
|
||||
|
||||
--- a/wpa_supplicant/ctrl_iface.c
|
||||
+++ b/wpa_supplicant/ctrl_iface.c
|
||||
@@ -1907,7 +1907,7 @@ static int wpa_supplicant_ctrl_iface_sta
|
||||
@@ -2070,7 +2070,7 @@ static int wpa_supplicant_ctrl_iface_sta
|
||||
pos += ret;
|
||||
}
|
||||
|
||||
@ -51,7 +51,7 @@
|
||||
if (wpa_s->ap_iface) {
|
||||
pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos,
|
||||
end - pos,
|
||||
@@ -9032,6 +9032,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
@@ -9631,6 +9631,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
reply_len = -1;
|
||||
} else if (os_strncmp(buf, "NOTE ", 5) == 0) {
|
||||
wpa_printf(MSG_INFO, "NOTE: %s", buf + 5);
|
||||
@ -59,7 +59,7 @@
|
||||
} else if (os_strcmp(buf, "MIB") == 0) {
|
||||
reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size);
|
||||
if (reply_len >= 0) {
|
||||
@@ -9039,6 +9040,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
@@ -9638,6 +9639,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
reply + reply_len,
|
||||
reply_size - reply_len);
|
||||
}
|
||||
@ -67,7 +67,7 @@
|
||||
} else if (os_strncmp(buf, "STATUS", 6) == 0) {
|
||||
reply_len = wpa_supplicant_ctrl_iface_status(
|
||||
wpa_s, buf + 6, reply, reply_size);
|
||||
@@ -9517,6 +9519,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
@@ -10124,6 +10126,7 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
reply_len = wpa_supplicant_ctrl_iface_bss(
|
||||
wpa_s, buf + 4, reply, reply_size);
|
||||
#ifdef CONFIG_AP
|
||||
@ -75,7 +75,7 @@
|
||||
} else if (os_strcmp(buf, "STA-FIRST") == 0) {
|
||||
reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size);
|
||||
} else if (os_strncmp(buf, "STA ", 4) == 0) {
|
||||
@@ -9525,12 +9528,15 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
@@ -10132,12 +10135,15 @@ char * wpa_supplicant_ctrl_iface_process
|
||||
} else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) {
|
||||
reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply,
|
||||
reply_size);
|
||||
@ -111,7 +111,7 @@
|
||||
static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype,
|
||||
--- a/src/ap/ieee802_1x.c
|
||||
+++ b/src/ap/ieee802_1x.c
|
||||
@@ -2490,6 +2490,7 @@ static const char * bool_txt(Boolean val
|
||||
@@ -2492,6 +2492,7 @@ static const char * bool_txt(Boolean val
|
||||
return val ? "TRUE" : "FALSE";
|
||||
}
|
||||
|
||||
@ -119,7 +119,7 @@
|
||||
|
||||
int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
|
||||
{
|
||||
@@ -2665,6 +2666,7 @@ int ieee802_1x_get_mib_sta(struct hostap
|
||||
@@ -2667,6 +2668,7 @@ int ieee802_1x_get_mib_sta(struct hostap
|
||||
return len;
|
||||
}
|
||||
|
||||
@ -129,7 +129,7 @@
|
||||
static void ieee802_1x_wnm_notif_send(void *eloop_ctx, void *timeout_ctx)
|
||||
--- a/src/ap/wpa_auth.c
|
||||
+++ b/src/ap/wpa_auth.c
|
||||
@@ -3544,6 +3544,7 @@ static const char * wpa_bool_txt(int val
|
||||
@@ -3762,6 +3762,7 @@ static const char * wpa_bool_txt(int val
|
||||
return val ? "TRUE" : "FALSE";
|
||||
}
|
||||
|
||||
@ -137,7 +137,7 @@
|
||||
|
||||
#define RSN_SUITE "%02x-%02x-%02x-%d"
|
||||
#define RSN_SUITE_ARG(s) \
|
||||
@@ -3688,7 +3689,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
|
||||
@@ -3906,7 +3907,7 @@ int wpa_get_mib_sta(struct wpa_state_mac
|
||||
|
||||
return len;
|
||||
}
|
||||
@ -148,7 +148,7 @@
|
||||
{
|
||||
--- a/src/rsn_supp/wpa.c
|
||||
+++ b/src/rsn_supp/wpa.c
|
||||
@@ -2252,6 +2252,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
|
||||
@@ -2339,6 +2339,8 @@ static u32 wpa_key_mgmt_suite(struct wpa
|
||||
}
|
||||
|
||||
|
||||
@ -157,7 +157,7 @@
|
||||
#define RSN_SUITE "%02x-%02x-%02x-%d"
|
||||
#define RSN_SUITE_ARG(s) \
|
||||
((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff
|
||||
@@ -2335,6 +2337,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
|
||||
@@ -2422,6 +2424,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch
|
||||
|
||||
return (int) len;
|
||||
}
|
||||
@ -167,7 +167,7 @@
|
||||
|
||||
--- a/wpa_supplicant/ap.c
|
||||
+++ b/wpa_supplicant/ap.c
|
||||
@@ -1119,7 +1119,7 @@ int wpas_ap_wps_nfc_report_handover(stru
|
||||
@@ -1139,7 +1139,7 @@ int wpas_ap_wps_nfc_report_handover(stru
|
||||
#endif /* CONFIG_WPS */
|
||||
|
||||
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/src/common/wpa_common.c
|
||||
+++ b/src/common/wpa_common.c
|
||||
@@ -1445,6 +1445,31 @@ u32 wpa_akm_to_suite(int akm)
|
||||
@@ -1664,6 +1664,31 @@ u32 wpa_akm_to_suite(int akm)
|
||||
}
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
int wpa_compare_rsn_ie(int ft_initial_assoc,
|
||||
const u8 *ie1, size_t ie1len,
|
||||
const u8 *ie2, size_t ie2len)
|
||||
@@ -1452,8 +1477,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
|
||||
@@ -1671,8 +1696,19 @@ int wpa_compare_rsn_ie(int ft_initial_as
|
||||
if (ie1 == NULL || ie2 == NULL)
|
||||
return -1;
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
#include "crypto/random.h"
|
||||
#include "crypto/tls.h"
|
||||
#include "common/version.h"
|
||||
@@ -675,7 +676,7 @@ int main(int argc, char *argv[])
|
||||
@@ -678,7 +679,7 @@ int main(int argc, char *argv[])
|
||||
wpa_supplicant_event = hostapd_wpa_event;
|
||||
wpa_supplicant_event_global = hostapd_wpa_event_global;
|
||||
for (;;) {
|
||||
@ -17,7 +17,7 @@
|
||||
if (c < 0)
|
||||
break;
|
||||
switch (c) {
|
||||
@@ -712,6 +713,8 @@ int main(int argc, char *argv[])
|
||||
@@ -715,6 +716,8 @@ int main(int argc, char *argv[])
|
||||
break;
|
||||
#endif /* CONFIG_DEBUG_LINUX_TRACING */
|
||||
case 'v':
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
--- a/hostapd/hostapd_cli.c
|
||||
+++ b/hostapd/hostapd_cli.c
|
||||
@@ -447,7 +447,6 @@ static int hostapd_cli_cmd_sa_query(stru
|
||||
@@ -417,7 +417,6 @@ static int hostapd_cli_cmd_sa_query(stru
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
|
||||
|
||||
@ -8,7 +8,7 @@
|
||||
static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc,
|
||||
char *argv[])
|
||||
{
|
||||
@@ -673,7 +672,6 @@ static int hostapd_cli_cmd_wps_config(st
|
||||
@@ -643,7 +642,6 @@ static int hostapd_cli_cmd_wps_config(st
|
||||
ssid_hex, argv[1]);
|
||||
return wpa_ctrl_command(ctrl, buf);
|
||||
}
|
||||
@ -16,19 +16,19 @@
|
||||
|
||||
|
||||
static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc,
|
||||
@@ -1367,7 +1365,6 @@ static const struct hostapd_cli_cmd host
|
||||
{ "sa_query", hostapd_cli_cmd_sa_query, NULL,
|
||||
@@ -1476,7 +1474,6 @@ static const struct hostapd_cli_cmd host
|
||||
{ "sa_query", hostapd_cli_cmd_sa_query, hostapd_complete_stations,
|
||||
"<addr> = send SA Query to a station" },
|
||||
#endif /* CONFIG_IEEE80211W */
|
||||
-#ifdef CONFIG_WPS
|
||||
{ "wps_pin", hostapd_cli_cmd_wps_pin, NULL,
|
||||
"<uuid> <pin> [timeout] [addr] = add WPS Enrollee PIN" },
|
||||
{ "wps_check_pin", hostapd_cli_cmd_wps_check_pin, NULL,
|
||||
@@ -1392,7 +1389,6 @@ static const struct hostapd_cli_cmd host
|
||||
@@ -1501,7 +1498,6 @@ static const struct hostapd_cli_cmd host
|
||||
"<SSID> <auth> <encr> <key> = configure AP" },
|
||||
{ "wps_get_status", hostapd_cli_cmd_wps_get_status, NULL,
|
||||
"= show current WPS status" },
|
||||
-#endif /* CONFIG_WPS */
|
||||
{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL, NULL },
|
||||
{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL, NULL },
|
||||
{ "bss_tm_req", hostapd_cli_cmd_bss_tm_req, NULL, NULL },
|
||||
{ "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent, NULL,
|
||||
"= send Disassociation Imminent notification" },
|
||||
{ "ess_disassoc", hostapd_cli_cmd_ess_disassoc, NULL,
|
||||
|
||||
@ -21,8 +21,8 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
+#include "ap/sta_info.h"
|
||||
#include "common/defs.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
#ifdef CONFIG_MACSEC
|
||||
@@ -605,6 +606,9 @@ struct wpa_driver_associate_params {
|
||||
#include "common/wpa_common.h"
|
||||
@@ -762,6 +763,9 @@ struct wpa_driver_associate_params {
|
||||
* responsible for selecting with which BSS to associate. */
|
||||
const u8 *bssid;
|
||||
|
||||
@ -34,7 +34,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
*
|
||||
--- a/wpa_supplicant/config.c
|
||||
+++ b/wpa_supplicant/config.c
|
||||
@@ -16,6 +16,7 @@
|
||||
@@ -17,6 +17,7 @@
|
||||
#include "eap_peer/eap.h"
|
||||
#include "p2p/p2p.h"
|
||||
#include "fst/fst.h"
|
||||
@ -42,7 +42,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
#include "config.h"
|
||||
|
||||
|
||||
@@ -1891,6 +1892,97 @@ static char * wpa_config_write_mka_ckn(c
|
||||
@@ -1985,6 +1986,97 @@ static char * wpa_config_write_mka_ckn(c
|
||||
#endif /* CONFIG_MACSEC */
|
||||
|
||||
|
||||
@ -140,7 +140,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
/* Helper macros for network block parser */
|
||||
|
||||
#ifdef OFFSET
|
||||
@@ -2123,6 +2215,9 @@ static const struct parse_data ssid_fiel
|
||||
@@ -2224,6 +2316,9 @@ static const struct parse_data ssid_fiel
|
||||
{ INT(ap_max_inactivity) },
|
||||
{ INT(dtim_period) },
|
||||
{ INT(beacon_int) },
|
||||
@ -163,7 +163,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
|
||||
|
||||
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
|
||||
@@ -719,6 +721,9 @@ struct wpa_ssid {
|
||||
@@ -735,6 +737,9 @@ struct wpa_ssid {
|
||||
*/
|
||||
void *parent_cred;
|
||||
|
||||
@ -175,7 +175,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
* macsec_policy - Determines the policy for MACsec secure session
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -2561,6 +2561,13 @@ static void wpas_start_assoc_cb(struct w
|
||||
@@ -2781,6 +2781,13 @@ static void wpas_start_assoc_cb(struct w
|
||||
params.beacon_int = ssid->beacon_int;
|
||||
else
|
||||
params.beacon_int = wpa_s->conf->beacon_int;
|
||||
|
||||
@ -10,7 +10,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
|
||||
--- a/src/drivers/driver_nl80211.c
|
||||
+++ b/src/drivers/driver_nl80211.c
|
||||
@@ -4962,7 +4962,7 @@ static int wpa_driver_nl80211_ibss(struc
|
||||
@@ -5012,7 +5012,7 @@ static int wpa_driver_nl80211_ibss(struc
|
||||
struct wpa_driver_associate_params *params)
|
||||
{
|
||||
struct nl_msg *msg;
|
||||
@ -19,7 +19,7 @@ Signed-hostap: Antonio Quartulli <ordex@autistici.org>
|
||||
int count = 0;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex);
|
||||
@@ -4989,6 +4989,37 @@ retry:
|
||||
@@ -5039,6 +5039,37 @@ retry:
|
||||
nl80211_put_beacon_int(msg, params->beacon_int))
|
||||
goto fail;
|
||||
|
||||
|
||||
@ -16,7 +16,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
|
||||
--- a/src/drivers/driver.h
|
||||
+++ b/src/drivers/driver.h
|
||||
@@ -608,6 +608,8 @@ struct wpa_driver_associate_params {
|
||||
@@ -765,6 +765,8 @@ struct wpa_driver_associate_params {
|
||||
|
||||
unsigned char rates[WLAN_SUPP_RATES_MAX];
|
||||
int mcast_rate;
|
||||
@ -27,7 +27,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
* bssid_hint - BSSID of a proposed AP
|
||||
--- a/src/drivers/driver_nl80211.c
|
||||
+++ b/src/drivers/driver_nl80211.c
|
||||
@@ -5020,6 +5020,22 @@ retry:
|
||||
@@ -5070,6 +5070,22 @@ retry:
|
||||
nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate);
|
||||
}
|
||||
|
||||
@ -52,7 +52,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
goto fail;
|
||||
--- a/wpa_supplicant/config.c
|
||||
+++ b/wpa_supplicant/config.c
|
||||
@@ -1923,6 +1923,71 @@ static char * wpa_config_write_mcast_rat
|
||||
@@ -2017,6 +2017,71 @@ static char * wpa_config_write_mcast_rat
|
||||
}
|
||||
#endif /* NO_CONFIG_WRITE */
|
||||
|
||||
@ -124,7 +124,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
static int wpa_config_parse_rates(const struct parse_data *data,
|
||||
struct wpa_ssid *ssid, int line,
|
||||
const char *value)
|
||||
@@ -2218,6 +2283,7 @@ static const struct parse_data ssid_fiel
|
||||
@@ -2319,6 +2384,7 @@ static const struct parse_data ssid_fiel
|
||||
{ INT_RANGE(fixed_freq, 0, 1) },
|
||||
{ FUNC(rates) },
|
||||
{ FUNC(mcast_rate) },
|
||||
@ -134,7 +134,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
{ INT_RANGE(macsec_integ_only, 0, 1) },
|
||||
--- a/wpa_supplicant/config_ssid.h
|
||||
+++ b/wpa_supplicant/config_ssid.h
|
||||
@@ -723,6 +723,8 @@ struct wpa_ssid {
|
||||
@@ -739,6 +739,8 @@ struct wpa_ssid {
|
||||
|
||||
unsigned char rates[WLAN_SUPP_RATES_MAX];
|
||||
double mcast_rate;
|
||||
@ -145,7 +145,7 @@ Signed-off-by: Antonio Quartulli <ordex@autistici.org>
|
||||
/**
|
||||
--- a/wpa_supplicant/wpa_supplicant.c
|
||||
+++ b/wpa_supplicant/wpa_supplicant.c
|
||||
@@ -2568,6 +2568,8 @@ static void wpas_start_assoc_cb(struct w
|
||||
@@ -2788,6 +2788,8 @@ static void wpas_start_assoc_cb(struct w
|
||||
i++;
|
||||
}
|
||||
params.mcast_rate = ssid->mcast_rate;
|
||||
|
||||
@ -20,7 +20,7 @@
|
||||
|
||||
total = survey->channel_time;
|
||||
|
||||
@@ -395,20 +389,19 @@ static int acs_usable_vht80_chan(struct
|
||||
@@ -392,20 +386,19 @@ static int acs_usable_vht80_chan(struct
|
||||
static int acs_survey_is_sufficient(struct freq_survey *survey)
|
||||
{
|
||||
if (!(survey->filled & SURVEY_HAS_NF)) {
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
|
||||
struct wpa_ctrl_dst;
|
||||
struct radius_server_data;
|
||||
@@ -119,6 +120,7 @@ struct hostapd_data {
|
||||
@@ -122,6 +123,7 @@ struct hostapd_data {
|
||||
struct hostapd_iface *iface;
|
||||
struct hostapd_config *iconf;
|
||||
struct hostapd_bss_config *conf;
|
||||
@ -30,7 +30,7 @@
|
||||
int interface_added; /* virtual interface added for this BSS */
|
||||
unsigned int started:1;
|
||||
unsigned int disabled:1;
|
||||
@@ -328,6 +330,8 @@ struct hostapd_iface {
|
||||
@@ -370,6 +372,8 @@ struct hostapd_iface {
|
||||
struct hostapd_config *conf;
|
||||
char phy[16]; /* Name of the PHY (radio) */
|
||||
|
||||
@ -41,7 +41,7 @@
|
||||
HAPD_IFACE_DISABLED,
|
||||
--- a/src/ap/hostapd.c
|
||||
+++ b/src/ap/hostapd.c
|
||||
@@ -302,6 +302,7 @@ static void hostapd_free_hapd_data(struc
|
||||
@@ -309,6 +309,7 @@ static void hostapd_free_hapd_data(struc
|
||||
hapd->started = 0;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface);
|
||||
@ -49,7 +49,7 @@
|
||||
iapp_deinit(hapd->iapp);
|
||||
hapd->iapp = NULL;
|
||||
accounting_deinit(hapd);
|
||||
@@ -1160,6 +1161,8 @@ static int hostapd_setup_bss(struct host
|
||||
@@ -1186,6 +1187,8 @@ static int hostapd_setup_bss(struct host
|
||||
if (hapd->driver && hapd->driver->set_operstate)
|
||||
hapd->driver->set_operstate(hapd->drv_priv, 1);
|
||||
|
||||
@ -58,7 +58,7 @@
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1683,6 +1686,7 @@ static int hostapd_setup_interface_compl
|
||||
@@ -1711,6 +1714,7 @@ static int hostapd_setup_interface_compl
|
||||
if (err)
|
||||
goto fail;
|
||||
|
||||
@ -66,7 +66,7 @@
|
||||
wpa_printf(MSG_DEBUG, "Completing interface initialization");
|
||||
if (iface->conf->channel) {
|
||||
#ifdef NEED_AP_MLME
|
||||
@@ -1862,6 +1866,7 @@ dfs_offload:
|
||||
@@ -1890,6 +1894,7 @@ dfs_offload:
|
||||
|
||||
fail:
|
||||
wpa_printf(MSG_ERROR, "Interface initialization failed");
|
||||
@ -74,7 +74,7 @@
|
||||
hostapd_set_state(iface, HAPD_IFACE_DISABLED);
|
||||
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED);
|
||||
#ifdef CONFIG_FST
|
||||
@@ -2310,6 +2315,7 @@ void hostapd_interface_deinit_free(struc
|
||||
@@ -2344,6 +2349,7 @@ void hostapd_interface_deinit_free(struc
|
||||
(unsigned int) iface->conf->num_bss);
|
||||
driver = iface->bss[0]->driver;
|
||||
drv_priv = iface->bss[0]->drv_priv;
|
||||
@ -84,7 +84,7 @@
|
||||
__func__, driver, drv_priv);
|
||||
--- a/src/ap/ieee802_11.c
|
||||
+++ b/src/ap/ieee802_11.c
|
||||
@@ -1293,7 +1293,8 @@ void ieee802_11_finish_fils_auth(struct
|
||||
@@ -1587,7 +1587,8 @@ ieee802_11_set_radius_info(struct hostap
|
||||
|
||||
|
||||
static void handle_auth(struct hostapd_data *hapd,
|
||||
@ -94,7 +94,7 @@
|
||||
{
|
||||
u16 auth_alg, auth_transaction, status_code;
|
||||
u16 resp = WLAN_STATUS_SUCCESS;
|
||||
@@ -1309,6 +1310,11 @@ static void handle_auth(struct hostapd_d
|
||||
@@ -1603,6 +1604,11 @@ static void handle_auth(struct hostapd_d
|
||||
char *identity = NULL;
|
||||
char *radius_cui = NULL;
|
||||
u16 seq_ctrl;
|
||||
@ -104,24 +104,22 @@
|
||||
+ .frame_info = fi,
|
||||
+ };
|
||||
|
||||
os_memset(&vlan_id, 0, sizeof(vlan_id));
|
||||
|
||||
@@ -1466,6 +1472,14 @@ static void handle_auth(struct hostapd_d
|
||||
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
|
||||
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
|
||||
@@ -1757,6 +1763,12 @@ static void handle_auth(struct hostapd_d
|
||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
goto fail;
|
||||
}
|
||||
+
|
||||
+ if (hostapd_ubus_handle_event(hapd, &req)) {
|
||||
+ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n",
|
||||
+ MAC2STR(mgmt->sa));
|
||||
+ MAC2STR(mgmt->sa));
|
||||
+ resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
if (res == HOSTAPD_ACL_PENDING) {
|
||||
wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
|
||||
" waiting for an external authentication",
|
||||
@@ -2391,7 +2405,7 @@ static u16 send_assoc_resp(struct hostap
|
||||
if (res == HOSTAPD_ACL_PENDING)
|
||||
return;
|
||||
|
||||
@@ -2870,7 +2882,7 @@ void fils_hlp_timeout(void *eloop_ctx, v
|
||||
|
||||
static void handle_assoc(struct hostapd_data *hapd,
|
||||
const struct ieee80211_mgmt *mgmt, size_t len,
|
||||
@ -130,10 +128,10 @@
|
||||
{
|
||||
u16 capab_info, listen_interval, seq_ctrl, fc;
|
||||
u16 resp = WLAN_STATUS_SUCCESS, reply_res;
|
||||
@@ -2399,6 +2413,11 @@ static void handle_assoc(struct hostapd_
|
||||
int left, i;
|
||||
struct sta_info *sta;
|
||||
u8 *tmp = NULL;
|
||||
@@ -2884,6 +2896,11 @@ static void handle_assoc(struct hostapd_
|
||||
#ifdef CONFIG_FILS
|
||||
int delay_assoc = 0;
|
||||
#endif /* CONFIG_FILS */
|
||||
+ struct hostapd_ubus_request req = {
|
||||
+ .type = HOSTAPD_UBUS_ASSOC_REQ,
|
||||
+ .mgmt_frame = mgmt,
|
||||
@ -142,7 +140,7 @@
|
||||
|
||||
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
||||
sizeof(mgmt->u.assoc_req))) {
|
||||
@@ -2518,6 +2537,13 @@ static void handle_assoc(struct hostapd_
|
||||
@@ -3051,6 +3068,13 @@ static void handle_assoc(struct hostapd_
|
||||
}
|
||||
#endif /* CONFIG_MBO */
|
||||
|
||||
@ -156,7 +154,7 @@
|
||||
/*
|
||||
* sta->capability is used in check_assoc_ies() for RRM enabled
|
||||
* capability element.
|
||||
@@ -2688,6 +2714,7 @@ static void handle_disassoc(struct hosta
|
||||
@@ -3258,6 +3282,7 @@ static void handle_disassoc(struct hosta
|
||||
wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
|
||||
MAC2STR(mgmt->sa),
|
||||
le_to_host16(mgmt->u.disassoc.reason_code));
|
||||
@ -164,7 +162,7 @@
|
||||
|
||||
sta = ap_get_sta(hapd, mgmt->sa);
|
||||
if (sta == NULL) {
|
||||
@@ -2742,6 +2769,8 @@ static void handle_deauth(struct hostapd
|
||||
@@ -3323,6 +3348,8 @@ static void handle_deauth(struct hostapd
|
||||
" reason_code=%d",
|
||||
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
|
||||
|
||||
@ -173,7 +171,7 @@
|
||||
sta = ap_get_sta(hapd, mgmt->sa);
|
||||
if (sta == NULL) {
|
||||
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
|
||||
@@ -3025,7 +3054,7 @@ int ieee802_11_mgmt(struct hostapd_data
|
||||
@@ -3637,7 +3664,7 @@ int ieee802_11_mgmt(struct hostapd_data
|
||||
|
||||
|
||||
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
|
||||
@ -182,7 +180,7 @@
|
||||
return 1;
|
||||
}
|
||||
|
||||
@@ -3043,17 +3072,17 @@ int ieee802_11_mgmt(struct hostapd_data
|
||||
@@ -3657,17 +3684,17 @@ int ieee802_11_mgmt(struct hostapd_data
|
||||
switch (stype) {
|
||||
case WLAN_FC_STYPE_AUTH:
|
||||
wpa_printf(MSG_DEBUG, "mgmt::auth");
|
||||
@ -205,7 +203,7 @@
|
||||
case WLAN_FC_STYPE_DISASSOC:
|
||||
--- a/src/ap/beacon.c
|
||||
+++ b/src/ap/beacon.c
|
||||
@@ -702,7 +702,7 @@ void sta_track_claim_taxonomy_info(struc
|
||||
@@ -716,7 +716,7 @@ void sta_track_claim_taxonomy_info(struc
|
||||
|
||||
void handle_probe_req(struct hostapd_data *hapd,
|
||||
const struct ieee80211_mgmt *mgmt, size_t len,
|
||||
@ -214,7 +212,7 @@
|
||||
{
|
||||
u8 *resp;
|
||||
struct ieee802_11_elems elems;
|
||||
@@ -711,9 +711,15 @@ void handle_probe_req(struct hostapd_dat
|
||||
@@ -725,9 +725,15 @@ void handle_probe_req(struct hostapd_dat
|
||||
size_t i, resp_len;
|
||||
int noack;
|
||||
enum ssid_match_result res;
|
||||
@ -230,7 +228,7 @@
|
||||
|
||||
if (len < IEEE80211_HDRLEN)
|
||||
return;
|
||||
@@ -880,6 +886,12 @@ void handle_probe_req(struct hostapd_dat
|
||||
@@ -894,6 +900,12 @@ void handle_probe_req(struct hostapd_dat
|
||||
}
|
||||
#endif /* CONFIG_P2P */
|
||||
|
||||
@ -256,7 +254,7 @@
|
||||
int ieee802_11_update_beacons(struct hostapd_iface *iface);
|
||||
--- a/src/ap/drv_callbacks.c
|
||||
+++ b/src/ap/drv_callbacks.c
|
||||
@@ -52,6 +52,10 @@ int hostapd_notif_assoc(struct hostapd_d
|
||||
@@ -116,6 +116,10 @@ int hostapd_notif_assoc(struct hostapd_d
|
||||
u16 reason = WLAN_REASON_UNSPECIFIED;
|
||||
u16 status = WLAN_STATUS_SUCCESS;
|
||||
const u8 *p2p_dev_addr = NULL;
|
||||
@ -267,7 +265,7 @@
|
||||
|
||||
if (addr == NULL) {
|
||||
/*
|
||||
@@ -131,6 +135,12 @@ int hostapd_notif_assoc(struct hostapd_d
|
||||
@@ -195,6 +199,12 @@ int hostapd_notif_assoc(struct hostapd_d
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@ -282,7 +280,7 @@
|
||||
wpabuf_free(sta->p2p_ie);
|
||||
--- a/src/ap/sta_info.c
|
||||
+++ b/src/ap/sta_info.c
|
||||
@@ -386,6 +386,7 @@ void ap_handle_timer(void *eloop_ctx, vo
|
||||
@@ -404,6 +404,7 @@ void ap_handle_timer(void *eloop_ctx, vo
|
||||
HOSTAPD_LEVEL_INFO, "deauthenticated due to "
|
||||
"local deauth request");
|
||||
ap_free_sta(hapd, sta);
|
||||
@ -290,7 +288,7 @@
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -533,6 +534,7 @@ skip_poll:
|
||||
@@ -551,6 +552,7 @@ skip_poll:
|
||||
hapd, sta,
|
||||
WLAN_REASON_PREV_AUTH_NOT_VALID);
|
||||
ap_free_sta(hapd, sta);
|
||||
@ -300,7 +298,7 @@
|
||||
}
|
||||
--- a/src/ap/wpa_auth_glue.c
|
||||
+++ b/src/ap/wpa_auth_glue.c
|
||||
@@ -159,6 +159,7 @@ static void hostapd_wpa_auth_psk_failure
|
||||
@@ -173,6 +173,7 @@ static void hostapd_wpa_auth_psk_failure
|
||||
struct hostapd_data *hapd = ctx;
|
||||
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
|
||||
MAC2STR(addr));
|
||||
|
||||
@ -9,8 +9,10 @@
|
||||
#include "utils/includes.h"
|
||||
#include "utils/common.h"
|
||||
#include "utils/eloop.h"
|
||||
#include "utils/wpabuf.h"
|
||||
#include "common/ieee802_11_defs.h"
|
||||
#include "hostapd.h"
|
||||
#include "neighbor_db.h"
|
||||
#include "wps_hostapd.h"
|
||||
#include "sta_info.h"
|
||||
#include "ubus.h"
|
||||
@ -447,6 +449,170 @@ hostapd_vendor_elements(struct ubus_context *ctx, struct ubus_object *obj,
|
||||
return UBUS_STATUS_OK;
|
||||
}
|
||||
|
||||
static void
|
||||
hostapd_rrm_print_nr(struct hostapd_neighbor_entry *nr)
|
||||
{
|
||||
const u8 *data;
|
||||
char *str;
|
||||
int len;
|
||||
|
||||
blobmsg_printf(&b, "", MACSTR, MAC2STR(nr->bssid));
|
||||
|
||||
str = blobmsg_alloc_string_buffer(&b, "", nr->ssid.ssid_len + 1);
|
||||
memcpy(str, nr->ssid.ssid, nr->ssid.ssid_len);
|
||||
str[nr->ssid.ssid_len] = 0;
|
||||
blobmsg_add_string_buffer(&b);
|
||||
|
||||
len = wpabuf_len(nr->nr);
|
||||
str = blobmsg_alloc_string_buffer(&b, "", 2 * len + 1);
|
||||
wpa_snprintf_hex(str, 2 * len + 1, wpabuf_head_u8(nr->nr), len);
|
||||
blobmsg_add_string_buffer(&b);
|
||||
}
|
||||
|
||||
static int
|
||||
hostapd_rrm_nr_get_own(struct ubus_context *ctx, struct ubus_object *obj,
|
||||
struct ubus_request_data *req, const char *method,
|
||||
struct blob_attr *msg)
|
||||
{
|
||||
struct hostapd_data *hapd = get_hapd_from_object(obj);
|
||||
struct hostapd_neighbor_entry *nr;
|
||||
void *c;
|
||||
|
||||
if (!(hapd->conf->radio_measurements[0] & WLAN_RRM_CAPS_NEIGHBOR_REPORT))
|
||||
return UBUS_STATUS_NOT_SUPPORTED;
|
||||
|
||||
nr = hostapd_neighbor_get(hapd, hapd->own_addr, NULL);
|
||||
if (!nr)
|
||||
return UBUS_STATUS_NOT_FOUND;
|
||||
|
||||
blob_buf_init(&b, 0);
|
||||
|
||||
c = blobmsg_open_array(&b, "value");
|
||||
hostapd_rrm_print_nr(nr);
|
||||
blobmsg_close_array(&b, c);
|
||||
|
||||
ubus_send_reply(ctx, req, b.head);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int
|
||||
hostapd_rrm_nr_list(struct ubus_context *ctx, struct ubus_object *obj,
|
||||
struct ubus_request_data *req, const char *method,
|
||||
struct blob_attr *msg)
|
||||
{
|
||||
struct hostapd_data *hapd = get_hapd_from_object(obj);
|
||||
struct hostapd_neighbor_entry *nr;
|
||||
void *c;
|
||||
|
||||
if (!(hapd->conf->radio_measurements[0] & WLAN_RRM_CAPS_NEIGHBOR_REPORT))
|
||||
return UBUS_STATUS_NOT_SUPPORTED;
|
||||
|
||||
blob_buf_init(&b, 0);
|
||||
|
||||
c = blobmsg_open_array(&b, "list");
|
||||
dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry, list) {
|
||||
void *cur;
|
||||
|
||||
if (!memcmp(nr->bssid, hapd->own_addr, ETH_ALEN))
|
||||
continue;
|
||||
|
||||
cur = blobmsg_open_array(&b, NULL);
|
||||
hostapd_rrm_print_nr(nr);
|
||||
blobmsg_close_array(&b, cur);
|
||||
}
|
||||
blobmsg_close_array(&b, c);
|
||||
|
||||
ubus_send_reply(ctx, req, b.head);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
enum {
|
||||
NR_SET_LIST,
|
||||
__NR_SET_LIST_MAX
|
||||
};
|
||||
|
||||
static const struct blobmsg_policy nr_set_policy[__NR_SET_LIST_MAX] = {
|
||||
[NR_SET_LIST] = { "list", BLOBMSG_TYPE_ARRAY },
|
||||
};
|
||||
|
||||
|
||||
static void
|
||||
hostapd_rrm_nr_clear(struct hostapd_data *hapd)
|
||||
{
|
||||
struct hostapd_neighbor_entry *nr;
|
||||
|
||||
restart:
|
||||
dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry, list) {
|
||||
if (!memcmp(nr->bssid, hapd->own_addr, ETH_ALEN))
|
||||
continue;
|
||||
|
||||
hostapd_neighbor_remove(hapd, nr->bssid, &nr->ssid);
|
||||
goto restart;
|
||||
}
|
||||
}
|
||||
|
||||
static int
|
||||
hostapd_rrm_nr_set(struct ubus_context *ctx, struct ubus_object *obj,
|
||||
struct ubus_request_data *req, const char *method,
|
||||
struct blob_attr *msg)
|
||||
{
|
||||
static const struct blobmsg_policy nr_e_policy[] = {
|
||||
{ .type = BLOBMSG_TYPE_STRING },
|
||||
{ .type = BLOBMSG_TYPE_STRING },
|
||||
{ .type = BLOBMSG_TYPE_STRING },
|
||||
};
|
||||
struct hostapd_data *hapd = get_hapd_from_object(obj);
|
||||
struct blob_attr *tb_l[__NR_SET_LIST_MAX];
|
||||
struct blob_attr *tb[ARRAY_SIZE(nr_e_policy)];
|
||||
struct blob_attr *cur;
|
||||
int ret = 0;
|
||||
int rem;
|
||||
|
||||
if (!(hapd->conf->radio_measurements[0] & WLAN_RRM_CAPS_NEIGHBOR_REPORT))
|
||||
return UBUS_STATUS_NOT_SUPPORTED;
|
||||
|
||||
blobmsg_parse(nr_set_policy, __NR_SET_LIST_MAX, tb_l, blob_data(msg), blob_len(msg));
|
||||
if (!tb_l[NR_SET_LIST])
|
||||
return UBUS_STATUS_INVALID_ARGUMENT;
|
||||
|
||||
hostapd_rrm_nr_clear(hapd);
|
||||
blobmsg_for_each_attr(cur, tb_l[NR_SET_LIST], rem) {
|
||||
struct wpa_ssid_value ssid;
|
||||
struct wpabuf *data;
|
||||
u8 bssid[ETH_ALEN];
|
||||
char *s;
|
||||
|
||||
blobmsg_parse_array(nr_e_policy, ARRAY_SIZE(nr_e_policy), tb, blobmsg_data(cur), blobmsg_data_len(cur));
|
||||
if (!tb[0] || !tb[1] || !tb[2])
|
||||
goto invalid;
|
||||
|
||||
s = blobmsg_get_string(tb[0]);
|
||||
if (hwaddr_aton(s, bssid))
|
||||
goto invalid;
|
||||
|
||||
s = blobmsg_get_string(tb[1]);
|
||||
ssid.ssid_len = strlen(s);
|
||||
if (ssid.ssid_len > sizeof(ssid.ssid))
|
||||
goto invalid;
|
||||
|
||||
memcpy(&ssid, s, ssid.ssid_len);
|
||||
data = wpabuf_parse_bin(blobmsg_get_string(tb[2]));
|
||||
if (!data)
|
||||
goto invalid;
|
||||
|
||||
hostapd_neighbor_set(hapd, bssid, &ssid, data, NULL, NULL, 0);
|
||||
wpabuf_free(data);
|
||||
continue;
|
||||
|
||||
invalid:
|
||||
ret = UBUS_STATUS_INVALID_ARGUMENT;
|
||||
}
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const struct ubus_method bss_methods[] = {
|
||||
UBUS_METHOD_NOARG("get_clients", hostapd_bss_get_clients),
|
||||
UBUS_METHOD("del_client", hostapd_bss_del_client, del_policy),
|
||||
@ -459,6 +625,9 @@ static const struct ubus_method bss_methods[] = {
|
||||
#endif
|
||||
UBUS_METHOD("set_vendor_elements", hostapd_vendor_elements, ve_policy),
|
||||
UBUS_METHOD("notify_response", hostapd_notify_response, notify_policy),
|
||||
UBUS_METHOD_NOARG("rrm_nr_get_own", hostapd_rrm_nr_get_own),
|
||||
UBUS_METHOD_NOARG("rrm_nr_list", hostapd_rrm_nr_list),
|
||||
UBUS_METHOD("rrm_nr_set", hostapd_rrm_nr_set, nr_set_policy),
|
||||
};
|
||||
|
||||
static struct ubus_object_type bss_object_type =
|
||||
|
||||
@ -13,9 +13,9 @@ PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE_URL=$(LEDE_GIT)/project/uci.git
|
||||
PKG_SOURCE_PROTO:=git
|
||||
PKG_SOURCE_DATE=2017-04-12
|
||||
PKG_SOURCE_VERSION:=c4df32b386c7bb29568140d135d7315e76c934b7
|
||||
PKG_MIRROR_HASH:=88abfe828f164666e3d3c90141449d9c8f622d32b29df135b1b72fcadbb2cb34
|
||||
PKG_SOURCE_DATE=2017-09-29
|
||||
PKG_SOURCE_VERSION:=5ad59ad412a784c5c478e31d1701ce39568ffd58
|
||||
PKG_MIRROR_HASH:=0c1c40e8c7e08163a4c8d306ab4b676a9c545028e14aa57b5cf2d6f7bfe726cb
|
||||
|
||||
PKG_LICENSE:=LGPL-2.1
|
||||
PKG_LICENSE_FILES:=
|
||||
|
||||
Loading…
Reference in New Issue
Block a user