1 /* 2 * hostapd / Configuration definitions and helpers functions 3 * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef HOSTAPD_CONFIG_H 10 #define HOSTAPD_CONFIG_H 11 12 #include "common/defs.h" 13 #include "ip_addr.h" 14 #include "common/wpa_common.h" 15 #include "common/ieee802_11_common.h" 16 #include "wps/wps.h" 17 18 #define MAX_STA_COUNT 2007 19 #define MAX_VLAN_ID 4094 20 21 typedef u8 macaddr[ETH_ALEN]; 22 23 struct mac_acl_entry { 24 macaddr addr; 25 int vlan_id; 26 }; 27 28 struct hostapd_radius_servers; 29 struct ft_remote_r0kh; 30 struct ft_remote_r1kh; 31 32 #define HOSTAPD_MAX_SSID_LEN 32 33 34 #define NUM_WEP_KEYS 4 35 struct hostapd_wep_keys { 36 u8 idx; 37 u8 *key[NUM_WEP_KEYS]; 38 size_t len[NUM_WEP_KEYS]; 39 int keys_set; 40 size_t default_len; /* key length used for dynamic key generation */ 41 }; 42 43 typedef enum hostap_security_policy { 44 SECURITY_PLAINTEXT = 0, 45 SECURITY_STATIC_WEP = 1, 46 SECURITY_IEEE_802_1X = 2, 47 SECURITY_WPA_PSK = 3, 48 SECURITY_WPA = 4 49 } secpolicy; 50 51 struct hostapd_ssid { 52 u8 ssid[HOSTAPD_MAX_SSID_LEN]; 53 size_t ssid_len; 54 unsigned int ssid_set:1; 55 unsigned int utf8_ssid:1; 56 57 char vlan[IFNAMSIZ + 1]; 58 secpolicy security_policy; 59 60 struct hostapd_wpa_psk *wpa_psk; 61 char *wpa_passphrase; 62 char *wpa_psk_file; 63 64 struct hostapd_wep_keys wep; 65 66 #define DYNAMIC_VLAN_DISABLED 0 67 #define DYNAMIC_VLAN_OPTIONAL 1 68 #define DYNAMIC_VLAN_REQUIRED 2 69 int dynamic_vlan; 70 #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0 71 #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1 72 #define DYNAMIC_VLAN_NAMING_END 2 73 int vlan_naming; 74 #ifdef CONFIG_FULL_DYNAMIC_VLAN 75 char *vlan_tagged_interface; 76 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 77 }; 78 79 80 #define VLAN_ID_WILDCARD -1 81 82 struct hostapd_vlan { 83 struct hostapd_vlan *next; 84 int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ 85 char ifname[IFNAMSIZ + 1]; 86 int dynamic_vlan; 87 #ifdef CONFIG_FULL_DYNAMIC_VLAN 88 89 #define DVLAN_CLEAN_BR 0x1 90 #define DVLAN_CLEAN_VLAN 0x2 91 #define DVLAN_CLEAN_VLAN_PORT 0x4 92 #define DVLAN_CLEAN_WLAN_PORT 0x8 93 int clean; 94 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 95 }; 96 97 #define PMK_LEN 32 98 struct hostapd_sta_wpa_psk_short { 99 struct hostapd_sta_wpa_psk_short *next; 100 u8 psk[PMK_LEN]; 101 }; 102 103 struct hostapd_wpa_psk { 104 struct hostapd_wpa_psk *next; 105 int group; 106 u8 psk[PMK_LEN]; 107 u8 addr[ETH_ALEN]; 108 u8 p2p_dev_addr[ETH_ALEN]; 109 }; 110 111 struct hostapd_eap_user { 112 struct hostapd_eap_user *next; 113 u8 *identity; 114 size_t identity_len; 115 struct { 116 int vendor; 117 u32 method; 118 } methods[EAP_MAX_METHODS]; 119 u8 *password; 120 size_t password_len; 121 int phase2; 122 int force_version; 123 unsigned int wildcard_prefix:1; 124 unsigned int password_hash:1; /* whether password is hashed with 125 * nt_password_hash() */ 126 int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */ 127 }; 128 129 struct hostapd_radius_attr { 130 u8 type; 131 struct wpabuf *val; 132 struct hostapd_radius_attr *next; 133 }; 134 135 136 #define NUM_TX_QUEUES 4 137 138 struct hostapd_tx_queue_params { 139 int aifs; 140 int cwmin; 141 int cwmax; 142 int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */ 143 }; 144 145 146 #define MAX_ROAMING_CONSORTIUM_LEN 15 147 148 struct hostapd_roaming_consortium { 149 u8 len; 150 u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; 151 }; 152 153 struct hostapd_lang_string { 154 u8 lang[3]; 155 u8 name_len; 156 u8 name[252]; 157 }; 158 159 #define MAX_NAI_REALMS 10 160 #define MAX_NAI_REALMLEN 255 161 #define MAX_NAI_EAP_METHODS 5 162 #define MAX_NAI_AUTH_TYPES 4 163 struct hostapd_nai_realm_data { 164 u8 encoding; 165 char realm_buf[MAX_NAI_REALMLEN + 1]; 166 char *realm[MAX_NAI_REALMS]; 167 u8 eap_method_count; 168 struct hostapd_nai_realm_eap { 169 u8 eap_method; 170 u8 num_auths; 171 u8 auth_id[MAX_NAI_AUTH_TYPES]; 172 u8 auth_val[MAX_NAI_AUTH_TYPES]; 173 } eap_method[MAX_NAI_EAP_METHODS]; 174 }; 175 176 /** 177 * struct hostapd_bss_config - Per-BSS configuration 178 */ 179 struct hostapd_bss_config { 180 char iface[IFNAMSIZ + 1]; 181 char bridge[IFNAMSIZ + 1]; 182 char vlan_bridge[IFNAMSIZ + 1]; 183 char wds_bridge[IFNAMSIZ + 1]; 184 185 enum hostapd_logger_level logger_syslog_level, logger_stdout_level; 186 187 unsigned int logger_syslog; /* module bitfield */ 188 unsigned int logger_stdout; /* module bitfield */ 189 190 char *dump_log_name; /* file name for state dump (SIGUSR1) */ 191 192 int max_num_sta; /* maximum number of STAs in station table */ 193 194 int dtim_period; 195 196 int ieee802_1x; /* use IEEE 802.1X */ 197 int eapol_version; 198 int eap_server; /* Use internal EAP server instead of external 199 * RADIUS server */ 200 struct hostapd_eap_user *eap_user; 201 char *eap_user_sqlite; 202 char *eap_sim_db; 203 struct hostapd_ip_addr own_ip_addr; 204 char *nas_identifier; 205 struct hostapd_radius_servers *radius; 206 int acct_interim_interval; 207 int radius_request_cui; 208 struct hostapd_radius_attr *radius_auth_req_attr; 209 struct hostapd_radius_attr *radius_acct_req_attr; 210 int radius_das_port; 211 unsigned int radius_das_time_window; 212 int radius_das_require_event_timestamp; 213 struct hostapd_ip_addr radius_das_client_addr; 214 u8 *radius_das_shared_secret; 215 size_t radius_das_shared_secret_len; 216 217 struct hostapd_ssid ssid; 218 219 char *eap_req_id_text; /* optional displayable message sent with 220 * EAP Request-Identity */ 221 size_t eap_req_id_text_len; 222 int eapol_key_index_workaround; 223 224 size_t default_wep_key_len; 225 int individual_wep_key_len; 226 int wep_rekeying_period; 227 int broadcast_key_idx_min, broadcast_key_idx_max; 228 int eap_reauth_period; 229 230 int ieee802_11f; /* use IEEE 802.11f (IAPP) */ 231 char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast 232 * frames */ 233 234 enum { 235 ACCEPT_UNLESS_DENIED = 0, 236 DENY_UNLESS_ACCEPTED = 1, 237 USE_EXTERNAL_RADIUS_AUTH = 2 238 } macaddr_acl; 239 struct mac_acl_entry *accept_mac; 240 int num_accept_mac; 241 struct mac_acl_entry *deny_mac; 242 int num_deny_mac; 243 int wds_sta; 244 int isolate; 245 int start_disabled; 246 247 int auth_algs; /* bitfield of allowed IEEE 802.11 authentication 248 * algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */ 249 250 int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */ 251 int wpa_key_mgmt; 252 #ifdef CONFIG_IEEE80211W 253 enum mfp_options ieee80211w; 254 /* dot11AssociationSAQueryMaximumTimeout (in TUs) */ 255 unsigned int assoc_sa_query_max_timeout; 256 /* dot11AssociationSAQueryRetryTimeout (in TUs) */ 257 int assoc_sa_query_retry_timeout; 258 #endif /* CONFIG_IEEE80211W */ 259 enum { 260 PSK_RADIUS_IGNORED = 0, 261 PSK_RADIUS_ACCEPTED = 1, 262 PSK_RADIUS_REQUIRED = 2 263 } wpa_psk_radius; 264 int wpa_pairwise; 265 int wpa_group; 266 int wpa_group_rekey; 267 int wpa_strict_rekey; 268 int wpa_gmk_rekey; 269 int wpa_ptk_rekey; 270 int rsn_pairwise; 271 int rsn_preauth; 272 char *rsn_preauth_interfaces; 273 int peerkey; 274 275 #ifdef CONFIG_IEEE80211R 276 /* IEEE 802.11r - Fast BSS Transition */ 277 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 278 u8 r1_key_holder[FT_R1KH_ID_LEN]; 279 u32 r0_key_lifetime; 280 u32 reassociation_deadline; 281 struct ft_remote_r0kh *r0kh_list; 282 struct ft_remote_r1kh *r1kh_list; 283 int pmk_r1_push; 284 int ft_over_ds; 285 #endif /* CONFIG_IEEE80211R */ 286 287 char *ctrl_interface; /* directory for UNIX domain sockets */ 288 #ifndef CONFIG_NATIVE_WINDOWS 289 gid_t ctrl_interface_gid; 290 #endif /* CONFIG_NATIVE_WINDOWS */ 291 int ctrl_interface_gid_set; 292 293 char *ca_cert; 294 char *server_cert; 295 char *private_key; 296 char *private_key_passwd; 297 int check_crl; 298 char *ocsp_stapling_response; 299 char *dh_file; 300 u8 *pac_opaque_encr_key; 301 u8 *eap_fast_a_id; 302 size_t eap_fast_a_id_len; 303 char *eap_fast_a_id_info; 304 int eap_fast_prov; 305 int pac_key_lifetime; 306 int pac_key_refresh_time; 307 int eap_sim_aka_result_ind; 308 int tnc; 309 int fragment_size; 310 u16 pwd_group; 311 312 char *radius_server_clients; 313 int radius_server_auth_port; 314 int radius_server_ipv6; 315 316 char *test_socket; /* UNIX domain socket path for driver_test */ 317 318 int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group 319 * address instead of individual address 320 * (for driver_wired.c). 321 */ 322 323 int ap_max_inactivity; 324 int ignore_broadcast_ssid; 325 326 int wmm_enabled; 327 int wmm_uapsd; 328 329 struct hostapd_vlan *vlan; 330 331 macaddr bssid; 332 333 /* 334 * Maximum listen interval that STAs can use when associating with this 335 * BSS. If a STA tries to use larger value, the association will be 336 * denied with status code 51. 337 */ 338 u16 max_listen_interval; 339 340 int disable_pmksa_caching; 341 int okc; /* Opportunistic Key Caching */ 342 343 int wps_state; 344 #ifdef CONFIG_WPS 345 int wps_independent; 346 int ap_setup_locked; 347 u8 uuid[16]; 348 char *wps_pin_requests; 349 char *device_name; 350 char *manufacturer; 351 char *model_name; 352 char *model_number; 353 char *serial_number; 354 u8 device_type[WPS_DEV_TYPE_LEN]; 355 char *config_methods; 356 u8 os_version[4]; 357 char *ap_pin; 358 int skip_cred_build; 359 u8 *extra_cred; 360 size_t extra_cred_len; 361 int wps_cred_processing; 362 int force_per_enrollee_psk; 363 u8 *ap_settings; 364 size_t ap_settings_len; 365 char *upnp_iface; 366 char *friendly_name; 367 char *manufacturer_url; 368 char *model_description; 369 char *model_url; 370 char *upc; 371 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; 372 int wps_nfc_pw_from_config; 373 int wps_nfc_dev_pw_id; 374 struct wpabuf *wps_nfc_dh_pubkey; 375 struct wpabuf *wps_nfc_dh_privkey; 376 struct wpabuf *wps_nfc_dev_pw; 377 #endif /* CONFIG_WPS */ 378 int pbc_in_m1; 379 char *server_id; 380 381 #define P2P_ENABLED BIT(0) 382 #define P2P_GROUP_OWNER BIT(1) 383 #define P2P_GROUP_FORMATION BIT(2) 384 #define P2P_MANAGE BIT(3) 385 #define P2P_ALLOW_CROSS_CONNECTION BIT(4) 386 int p2p; 387 388 int disassoc_low_ack; 389 int skip_inactivity_poll; 390 391 #define TDLS_PROHIBIT BIT(0) 392 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1) 393 int tdls; 394 int disable_11n; 395 int disable_11ac; 396 397 /* IEEE 802.11v */ 398 int time_advertisement; 399 char *time_zone; 400 int wnm_sleep_mode; 401 int bss_transition; 402 403 /* IEEE 802.11u - Interworking */ 404 int interworking; 405 int access_network_type; 406 int internet; 407 int asra; 408 int esr; 409 int uesa; 410 int venue_info_set; 411 u8 venue_group; 412 u8 venue_type; 413 u8 hessid[ETH_ALEN]; 414 415 /* IEEE 802.11u - Roaming Consortium list */ 416 unsigned int roaming_consortium_count; 417 struct hostapd_roaming_consortium *roaming_consortium; 418 419 /* IEEE 802.11u - Venue Name duples */ 420 unsigned int venue_name_count; 421 struct hostapd_lang_string *venue_name; 422 423 /* IEEE 802.11u - Network Authentication Type */ 424 u8 *network_auth_type; 425 size_t network_auth_type_len; 426 427 /* IEEE 802.11u - IP Address Type Availability */ 428 u8 ipaddr_type_availability; 429 u8 ipaddr_type_configured; 430 431 /* IEEE 802.11u - 3GPP Cellular Network */ 432 u8 *anqp_3gpp_cell_net; 433 size_t anqp_3gpp_cell_net_len; 434 435 /* IEEE 802.11u - Domain Name */ 436 u8 *domain_name; 437 size_t domain_name_len; 438 439 unsigned int nai_realm_count; 440 struct hostapd_nai_realm_data *nai_realm_data; 441 442 u16 gas_comeback_delay; 443 int gas_frag_limit; 444 445 #ifdef CONFIG_HS20 446 int hs20; 447 int disable_dgaf; 448 unsigned int hs20_oper_friendly_name_count; 449 struct hostapd_lang_string *hs20_oper_friendly_name; 450 u8 *hs20_wan_metrics; 451 u8 *hs20_connection_capability; 452 size_t hs20_connection_capability_len; 453 u8 *hs20_operating_class; 454 u8 hs20_operating_class_len; 455 #endif /* CONFIG_HS20 */ 456 457 u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */ 458 459 #ifdef CONFIG_RADIUS_TEST 460 char *dump_msk_file; 461 #endif /* CONFIG_RADIUS_TEST */ 462 463 struct wpabuf *vendor_elements; 464 465 unsigned int sae_anti_clogging_threshold; 466 int *sae_groups; 467 }; 468 469 470 /** 471 * struct hostapd_config - Per-radio interface configuration 472 */ 473 struct hostapd_config { 474 struct hostapd_bss_config *bss, *last_bss; 475 size_t num_bss; 476 477 u16 beacon_int; 478 int rts_threshold; 479 int fragm_threshold; 480 u8 send_probe_response; 481 u8 channel; 482 enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ 483 enum { 484 LONG_PREAMBLE = 0, 485 SHORT_PREAMBLE = 1 486 } preamble; 487 488 int *supported_rates; 489 int *basic_rates; 490 491 const struct wpa_driver_ops *driver; 492 493 int ap_table_max_size; 494 int ap_table_expiration_time; 495 496 char country[3]; /* first two octets: country code as described in 497 * ISO/IEC 3166-1. Third octet: 498 * ' ' (ascii 32): all environments 499 * 'O': Outdoor environemnt only 500 * 'I': Indoor environment only 501 */ 502 503 int ieee80211d; 504 505 int ieee80211h; /* DFS */ 506 507 struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; 508 509 /* 510 * WMM AC parameters, in same order as 802.1D, i.e. 511 * 0 = BE (best effort) 512 * 1 = BK (background) 513 * 2 = VI (video) 514 * 3 = VO (voice) 515 */ 516 struct hostapd_wmm_ac_params wmm_ac_params[4]; 517 518 int ht_op_mode_fixed; 519 u16 ht_capab; 520 int ieee80211n; 521 int secondary_channel; 522 int require_ht; 523 u32 vht_capab; 524 int ieee80211ac; 525 int require_vht; 526 u8 vht_oper_chwidth; 527 u8 vht_oper_centr_freq_seg0_idx; 528 u8 vht_oper_centr_freq_seg1_idx; 529 530 #ifdef CONFIG_TESTING_OPTIONS 531 double ignore_probe_probability; 532 double ignore_auth_probability; 533 double ignore_assoc_probability; 534 double ignore_reassoc_probability; 535 double corrupt_gtk_rekey_mic_probability; 536 #endif /* CONFIG_TESTING_OPTIONS */ 537 538 #ifdef CONFIG_ACS 539 unsigned int acs_num_scans; 540 #endif /* CONFIG_ACS */ 541 }; 542 543 544 int hostapd_mac_comp(const void *a, const void *b); 545 int hostapd_mac_comp_empty(const void *a); 546 struct hostapd_config * hostapd_config_defaults(void); 547 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss); 548 void hostapd_config_free(struct hostapd_config *conf); 549 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, 550 const u8 *addr, int *vlan_id); 551 int hostapd_rate_found(int *list, int rate); 552 int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, 553 struct hostapd_wep_keys *b); 554 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, 555 const u8 *addr, const u8 *p2p_dev_addr, 556 const u8 *prev_psk); 557 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); 558 int hostapd_vlan_id_valid(struct hostapd_vlan *vlan, int vlan_id); 559 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, 560 int vlan_id); 561 struct hostapd_radius_attr * 562 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type); 563 564 #endif /* HOSTAPD_CONFIG_H */ 565
