From dc20ebf1f823232558dfc9e3b27941238f268949 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Thu, 17 Jul 2025 18:07:10 +0000 Subject: [PATCH] hostapd: Rebase the configuration on the upstream default config Most options are added, but not enabled. There are however the following changes: * Enable Operating Channel Validation * Enable Fast BSS Transition (802.11r) * Support for 802.11ax and 802.11be * Disable the internal randomness pool * Enable Interworking (802.11u) * Enable Fast Session Transfer (FST) * Enable Multiband Operation support Signed-off-by: Michael Tremer --- config/hostapd/config | 49 ++++++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 10 deletions(-) diff --git a/config/hostapd/config b/config/hostapd/config index b590309004..f3cfa8682b 100644 --- a/config/hostapd/config +++ b/config/hostapd/config @@ -48,7 +48,7 @@ CONFIG_LIBNL32=y CONFIG_RSN_PREAUTH=y # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Integrated EAP server #CONFIG_EAP=y @@ -141,8 +141,11 @@ CONFIG_RSN_PREAUTH=y # Build IPv6 support for RADIUS operations #CONFIG_IPV6=y +# Include support fo RADIUS/TLS into the RADIUS client +#CONFIG_RADIUS_TLS=y + # IEEE Std 802.11r-2008 (Fast BSS Transition) -#CONFIG_IEEE80211R=y +CONFIG_IEEE80211R=y # Use the hostapd's IEEE 802.11 authentication (ACL), but without # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) @@ -156,10 +159,20 @@ CONFIG_RSN_PREAUTH=y CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support +CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the -# final IEEE 802.11ax version. -CONFIG_IEEE80211AX=y +# final IEEE 802.11be version. +CONFIG_IEEE80211BE=y + +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +CONFIG_SAE=y + +# SAE Public Key, WPA3-Personal +CONFIG_SAE_PK=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging @@ -248,7 +261,7 @@ CONFIG_NO_VLAN=y # This will save some in binary size and CPU use. However, this should only be # considered for builds that are known to be used on devices that meet the # requirements described above. -#CONFIG_NO_RANDOM_POOL=y +CONFIG_NO_RANDOM_POOL=y # Should we attempt to use the getrandom(2) call that provides more reliable # yet secure randomness source than /dev/random on Linux 3.17 and newer. @@ -304,7 +317,7 @@ CONFIG_TLS=openssl # Interworking (IEEE 802.11u) # This can be used to enable functionality to improve interworking with # external networks. -#CONFIG_INTERWORKING=y +CONFIG_INTERWORKING=y # Hotspot 2.0 #CONFIG_HS20=y @@ -313,7 +326,7 @@ CONFIG_TLS=openssl #CONFIG_SQLITE=y # Enable Fast Session Transfer (FST) -#CONFIG_FST=y +CONFIG_FST=y # Enable CLI commands for FST testing #CONFIG_FST_TEST=y @@ -346,14 +359,14 @@ CONFIG_TLS=openssl # * ath10k # # For more details refer to: -# http://wireless.kernel.org/en/users/Documentation/acs +# https://wireless.wiki.kernel.org/en/users/documentation/acs # CONFIG_ACS=y # Multiband Operation support # These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. -#CONFIG_MBO=y +CONFIG_MBO=y # Client Taxonomy # Has the AP retain the Probe Request and (Re)Association Request frames from @@ -396,6 +409,22 @@ CONFIG_AIRTIME_POLICY=y # that functionality is subject to be removed in the future. #CONFIG_NO_TKIP=y +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y + +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) +CONFIG_DPP=y +# DPP version 2 support +CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + +# Wi-Fi Aware unsynchronized service discovery (NAN USD) +#CONFIG_NAN_USD=y + # Manually added options -CONFIG_SAE=y CONFIG_IEEE80211W=y -- 2.47.3