#include "utils/list.h"
#include "eap_peer/eap_config.h"
-#define MAX_SSID_LEN 32
-
#define DEFAULT_EAP_WORKAROUND ((unsigned int) -1)
#define DEFAULT_EAPOL_FLAGS (EAPOL_FLAG_REQUIRE_KEY_UNICAST | \
#define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN)
#define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X)
#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
-#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP | \
- WPA_CIPHER_WEP104 | WPA_CIPHER_WEP40)
+#define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP)
#define DEFAULT_FRAGMENT_SIZE 1398
#define DEFAULT_BG_SCAN_PERIOD -1
#define DEFAULT_MESH_RETRY_TIMEOUT 40
#define DEFAULT_MESH_CONFIRM_TIMEOUT 40
#define DEFAULT_MESH_HOLDING_TIMEOUT 40
+#define DEFAULT_MESH_RSSI_THRESHOLD 1 /* no change */
#define DEFAULT_DISABLE_HT 0
#define DEFAULT_DISABLE_HT40 0
#define DEFAULT_DISABLE_SGI 0
#define DEFAULT_DISABLE_LDPC 0
+#define DEFAULT_TX_STBC -1 /* no change */
+#define DEFAULT_RX_STBC -1 /* no change */
#define DEFAULT_DISABLE_MAX_AMSDU -1 /* no change */
#define DEFAULT_AMPDU_FACTOR -1 /* no change */
#define DEFAULT_AMPDU_DENSITY -1 /* no change */
#define DEFAULT_USER_SELECTED_SIM 1
+#define DEFAULT_MAX_OPER_CHWIDTH -1
struct psk_list_entry {
struct dl_list list;
u8 p2p;
};
+enum wpas_mode {
+ WPAS_MODE_INFRA = 0,
+ WPAS_MODE_IBSS = 1,
+ WPAS_MODE_AP = 2,
+ WPAS_MODE_P2P_GO = 3,
+ WPAS_MODE_P2P_GROUP_FORMATION = 4,
+ WPAS_MODE_MESH = 5,
+};
+
/**
* struct wpa_ssid - Network configuration data
*
*/
u8 bssid[ETH_ALEN];
+ /**
+ * bssid_blacklist - List of inacceptable BSSIDs
+ */
+ u8 *bssid_blacklist;
+ size_t num_bssid_blacklist;
+
+ /**
+ * bssid_blacklist - List of acceptable BSSIDs
+ */
+ u8 *bssid_whitelist;
+ size_t num_bssid_whitelist;
+
/**
* bssid_set - Whether BSSID is configured for this network
*/
int bssid_set;
+ /**
+ * bssid_hint - BSSID hint
+ *
+ * If set, this is configured to the driver as a preferred initial BSSID
+ * while connecting to this network.
+ */
+ u8 bssid_hint[ETH_ALEN];
+
+ /**
+ * bssid_hint_set - Whether BSSID hint is configured for this network
+ */
+ int bssid_hint_set;
+
/**
* go_p2p_dev_addr - GO's P2P Device Address or all zeros if not set
*/
*/
char *passphrase;
+ /**
+ * sae_password - SAE password
+ *
+ * This parameter can be used to set a password for SAE. By default, the
+ * passphrase value is used if this separate parameter is not used, but
+ * passphrase follows the WPA-PSK constraints (8..63 characters) even
+ * though SAE passwords do not have such constraints.
+ */
+ char *sae_password;
+
+ /**
+ * sae_password_id - SAE password identifier
+ *
+ * This parameter can be used to identify a specific SAE password. If
+ * not included, the default SAE password is used instead.
+ */
+ char *sae_password_id;
+
+ struct sae_pt *pt;
+
/**
* ext_psk - PSK/passphrase name in external storage
*
*/
char *ext_psk;
+ /**
+ * mem_only_psk - Whether to keep PSK/passphrase only in memory
+ *
+ * 0 = allow psk/passphrase to be stored to the configuration file
+ * 1 = do not store psk/passphrase to the configuration file
+ */
+ int mem_only_psk;
+
/**
* pairwise_cipher - Bitfield of allowed pairwise ciphers, WPA_CIPHER_*
*/
*/
int group_cipher;
+ /**
+ * group_mgmt_cipher - Bitfield of allowed group management ciphers
+ *
+ * This is a bitfield of WPA_CIPHER_AES_128_CMAC and WPA_CIPHER_BIP_*
+ * values. If 0, no constraint is used for the cipher, i.e., whatever
+ * the AP uses is accepted.
+ */
+ int group_mgmt_cipher;
+
/**
* key_mgmt - Bitfield of allowed key management protocols
*
*
* scan_ssid can be used to scan for APs using hidden SSIDs.
* Note: Many drivers do not support this. ap_mode=2 can be used with
- * such drivers to use hidden SSIDs.
+ * such drivers to use hidden SSIDs. Note2: Most nl80211-based drivers
+ * do support scan_ssid=1 and that should be used with them instead of
+ * ap_scan=2.
*/
int scan_ssid;
* CCMP, but not both), and psk must also be set (either directly or
* using ASCII passphrase).
*/
- enum wpas_mode {
- WPAS_MODE_INFRA = 0,
- WPAS_MODE_IBSS = 1,
- WPAS_MODE_AP = 2,
- WPAS_MODE_P2P_GO = 3,
- WPAS_MODE_P2P_GROUP_FORMATION = 4,
- WPAS_MODE_MESH = 5,
- } mode;
+ enum wpas_mode mode;
+
+ /**
+ * pbss - Whether to use PBSS. Relevant to DMG networks only.
+ * 0 = do not use PBSS
+ * 1 = use PBSS
+ * 2 = don't care (not allowed in AP mode)
+ * Used together with mode configuration. When mode is AP, it
+ * means to start a PCP instead of a regular AP. When mode is INFRA it
+ * means connect to a PCP instead of AP. In this mode you can also
+ * specify 2 (don't care) meaning connect to either AP or PCP.
+ * P2P_GO and P2P_GROUP_FORMATION modes must use PBSS in DMG network.
+ */
+ int pbss;
/**
* disabled - Whether this network is currently disabled
*/
int disabled_for_connect;
- /**
- * peerkey - Whether PeerKey handshake for direct links is allowed
- *
- * This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are
- * enabled.
- *
- * 0 = disabled (default)
- * 1 = enabled
- */
- int peerkey;
-
/**
* id_str - Network identifier string for external scripts
*
*/
char *id_str;
-#ifdef CONFIG_IEEE80211W
/**
* ieee80211w - Whether management frame protection is enabled
*
* followed).
*/
enum mfp_options ieee80211w;
-#endif /* CONFIG_IEEE80211W */
+
+#ifdef CONFIG_OCV
+ /**
+ * ocv - Enable/disable operating channel validation
+ *
+ * If this parameter is set to 1, stations will exchange OCI element
+ * to cryptographically verify the operating channel. Setting this
+ * parameter to 0 disables this option. Default value: 0.
+ */
+ int ocv;
+#endif /* CONFIG_OCV */
/**
* frequency - Channel frequency in megahertz (MHz) for IBSS
*/
int frequency;
+ /**
+ * enable_edmg - Enable EDMG feature in STA/AP mode
+ *
+ * This flag is used for enabling the EDMG capability in STA/AP mode.
+ */
+ int enable_edmg;
+
+ /**
+ * edmg_channel - EDMG channel number
+ *
+ * This value is used to configure the EDMG channel bonding feature.
+ * In AP mode it defines the EDMG channel to start the AP on.
+ * in STA mode it defines the EDMG channel to use for connection
+ * (if supported by AP).
+ */
+ u8 edmg_channel;
+
+ /**
+ * fixed_freq - Use fixed frequency for IBSS
+ */
+ int fixed_freq;
+
+#ifdef CONFIG_ACS
+ /**
+ * ACS - Automatic Channel Selection for AP mode
+ *
+ * If present, it will be handled together with frequency.
+ * frequency will be used to determine hardware mode only, when it is
+ * used for both hardware mode and channel when used alone. This will
+ * force the channel to be set to 0, thus enabling ACS.
+ */
+ int acs;
+#endif /* CONFIG_ACS */
+
/**
* mesh_basic_rates - BSS Basic rate set for mesh network
*
int dot11MeshConfirmTimeout; /* msec */
int dot11MeshHoldingTimeout; /* msec */
+ int ht;
int ht40;
int vht;
+ int he;
+
+ int max_oper_chwidth;
+
+ unsigned int vht_center_freq1;
+ unsigned int vht_center_freq2;
+
/**
* wpa_ptk_rekey - Maximum lifetime for PTK in seconds
*
*/
int wpa_ptk_rekey;
+ /**
+ * group_rekey - Group rekeying time in seconds
+ *
+ * This value, if non-zero, is used as the dot11RSNAConfigGroupRekeyTime
+ * parameter when operating in Authenticator role in IBSS.
+ */
+ int group_rekey;
+
/**
* scan_freq - Array of frequencies to scan or %NULL for all
*
* By default (empty string): Use whatever the OS has configured.
*/
char *ht_mcs;
+
+ /**
+ * tx_stbc - Indicate STBC support for TX streams
+ *
+ * Value: -1..1, by default (-1): use whatever the OS or card has
+ * configured. See IEEE Std 802.11-2016, 9.4.2.56.2.
+ */
+ int tx_stbc;
+
+ /**
+ * rx_stbc - Indicate STBC support for RX streams
+ *
+ * Value: -1..3, by default (-1): use whatever the OS or card has
+ * configured. See IEEE Std 802.11-2016, 9.4.2.56.2.
+ */
+ int rx_stbc;
#endif /* CONFIG_HT_OVERRIDES */
#ifdef CONFIG_VHT_OVERRIDES
* determine whether to use a secure session or not.
*/
int macsec_policy;
+
+ /**
+ * macsec_integ_only - Determines how MACsec are transmitted
+ *
+ * This setting applies only when MACsec is in use, i.e.,
+ * - macsec_policy is enabled
+ * - the key server has decided to enable MACsec
+ *
+ * 0: Encrypt traffic (default)
+ * 1: Integrity only
+ */
+ int macsec_integ_only;
+
+ /**
+ * macsec_replay_protect - Enable MACsec replay protection
+ *
+ * This setting applies only when MACsec is in use, i.e.,
+ * - macsec_policy is enabled
+ * - the key server has decided to enable MACsec
+ *
+ * 0: Replay protection disabled (default)
+ * 1: Replay protection enabled
+ */
+ int macsec_replay_protect;
+
+ /**
+ * macsec_replay_window - MACsec replay protection window
+ *
+ * A window in which replay is tolerated, to allow receipt of frames
+ * that have been misordered by the network.
+ *
+ * This setting applies only when MACsec replay protection active, i.e.,
+ * - macsec_replay_protect is enabled
+ * - the key server has decided to enable MACsec
+ *
+ * 0: No replay window, strict check (default)
+ * 1..2^32-1: number of packets that could be misordered
+ */
+ u32 macsec_replay_window;
+
+ /**
+ * macsec_port - MACsec port (in SCI)
+ *
+ * Port component of the SCI.
+ *
+ * Range: 1-65534 (default: 1)
+ */
+ int macsec_port;
+
+ /**
+ * mka_priority - Priority of MKA Actor
+ *
+ * Range: 0-255 (default: 255)
+ */
+ int mka_priority;
+
+ /**
+ * mka_ckn - MKA pre-shared CKN
+ */
+#define MACSEC_CKN_MAX_LEN 32
+ size_t mka_ckn_len;
+ u8 mka_ckn[MACSEC_CKN_MAX_LEN];
+
+ /**
+ * mka_cak - MKA pre-shared CAK
+ */
+#define MACSEC_CAK_MAX_LEN 32
+ size_t mka_cak_len;
+ u8 mka_cak[MACSEC_CAK_MAX_LEN];
+
+#define MKA_PSK_SET_CKN BIT(0)
+#define MKA_PSK_SET_CAK BIT(1)
+#define MKA_PSK_SET (MKA_PSK_SET_CKN | MKA_PSK_SET_CAK)
+ /**
+ * mka_psk_set - Whether mka_ckn and mka_cak are set
+ */
+ u8 mka_psk_set;
#endif /* CONFIG_MACSEC */
#ifdef CONFIG_HS20
int update_identifier;
+
+ /**
+ * roaming_consortium_selection - Roaming Consortium Selection
+ *
+ * The matching Roaming Consortium OI that was used to generate this
+ * network profile.
+ */
+ u8 *roaming_consortium_selection;
+
+ /**
+ * roaming_consortium_selection_len - roaming_consortium_selection len
+ */
+ size_t roaming_consortium_selection_len;
#endif /* CONFIG_HS20 */
unsigned int wps_run;
* this MBSS will trigger a peering attempt.
*/
int no_auto_peer;
+
+ /**
+ * mesh_rssi_threshold - Set mesh parameter mesh_rssi_threshold (dBm)
+ *
+ * -255..-1 = threshold value in dBm
+ * 0 = not using RSSI threshold
+ * 1 = do not change driver default
+ */
+ int mesh_rssi_threshold;
+
+ /**
+ * wps_disabled - WPS disabled in AP mode
+ *
+ * 0 = WPS enabled and configured (default)
+ * 1 = WPS disabled
+ */
+ int wps_disabled;
+
+ /**
+ * fils_dh_group - FILS DH Group
+ *
+ * 0 = PFS disabled with FILS shared key authentication
+ * 1-65535 DH Group to use for FILS PFS
+ */
+ int fils_dh_group;
+
+ /**
+ * dpp_connector - DPP Connector (signedConnector as string)
+ */
+ char *dpp_connector;
+
+ /**
+ * dpp_netaccesskey - DPP netAccessKey (own private key)
+ */
+ u8 *dpp_netaccesskey;
+
+ /**
+ * dpp_netaccesskey_len - DPP netAccessKey length in octets
+ */
+ size_t dpp_netaccesskey_len;
+
+ /**
+ * net_access_key_expiry - DPP netAccessKey expiry in UNIX time stamp
+ *
+ * 0 indicates no expiration.
+ */
+ unsigned int dpp_netaccesskey_expiry;
+
+ /**
+ * dpp_csign - C-sign-key (Configurator public key)
+ */
+ u8 *dpp_csign;
+
+ /**
+ * dpp_csign_len - C-sign-key length in octets
+ */
+ size_t dpp_csign_len;
+
+ /**
+ * owe_group - OWE DH Group
+ *
+ * 0 = use default (19) first and then try all supported groups one by
+ * one if AP rejects the selected group
+ * 1-65535 DH Group to use for OWE
+ *
+ * Groups 19 (NIST P-256), 20 (NIST P-384), and 21 (NIST P-521) are
+ * currently supported.
+ */
+ int owe_group;
+
+ /**
+ * owe_only - OWE-only mode (disable transition mode)
+ *
+ * 0 = enable transition mode (allow connection to either OWE or open
+ * BSS)
+ * 1 = disable transition mode (allow connection only with OWE)
+ */
+ int owe_only;
+
+ /**
+ * owe_ptk_workaround - OWE PTK derivation workaround
+ *
+ * Initial OWE implementation used SHA256 when deriving the PTK for all
+ * OWE groups. This was supposed to change to SHA384 for group 20 and
+ * SHA512 for group 21. This parameter can be used to enable older
+ * behavior mainly for testing purposes. There is no impact to group 19
+ * behavior, but if enabled, this will make group 20 and 21 cases use
+ * SHA256-based PTK derivation which will not work with the updated
+ * OWE implementation on the AP side.
+ */
+ int owe_ptk_workaround;
+
+ /**
+ * owe_transition_bss_select_count - OWE transition BSS select count
+ *
+ * This is an internally used variable (i.e., not used in external
+ * configuration) to track the number of selection attempts done for
+ * OWE BSS in transition mode. This allows fallback to an open BSS if
+ * the selection attempts for OWE BSS exceed the configured threshold.
+ */
+ int owe_transition_bss_select_count;
+
+ /**
+ * multi_ap_backhaul_sta - Multi-AP backhaul STA
+ * 0 = normal (non-Multi-AP) station
+ * 1 = Multi-AP backhaul station
+ */
+ int multi_ap_backhaul_sta;
+
+ /**
+ * ft_eap_pmksa_caching - Whether FT-EAP PMKSA caching is allowed
+ * 0 = do not try to use PMKSA caching with FT-EAP
+ * 1 = try to use PMKSA caching with FT-EAP
+ *
+ * This controls whether to try to use PMKSA caching with FT-EAP for the
+ * FT initial mobility domain association.
+ */
+ int ft_eap_pmksa_caching;
+
+ /**
+ * beacon_prot - Whether Beacon protection is enabled
+ *
+ * This depends on management frame protection (ieee80211w) being
+ * enabled.
+ */
+ int beacon_prot;
};
#endif /* CONFIG_SSID_H */