1 /* 2 * hostapd / Configuration definitions and helpers functions 3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #ifndef HOSTAPD_CONFIG_H 10 #define HOSTAPD_CONFIG_H 11 12 #include "common/defs.h" 13 #include "ip_addr.h" 14 #include "common/wpa_common.h" 15 #include "common/ieee802_11_common.h" 16 #include "wps/wps.h" 17 18 #define MAX_STA_COUNT 2007 19 #define MAX_VLAN_ID 4094 20 21 typedef u8 macaddr[ETH_ALEN]; 22 23 struct mac_acl_entry { 24 macaddr addr; 25 int vlan_id; 26 }; 27 28 struct hostapd_radius_servers; 29 struct ft_remote_r0kh; 30 struct ft_remote_r1kh; 31 32 #define HOSTAPD_MAX_SSID_LEN 32 33 34 #define NUM_WEP_KEYS 4 35 struct hostapd_wep_keys { 36 u8 idx; 37 u8 *key[NUM_WEP_KEYS]; 38 size_t len[NUM_WEP_KEYS]; 39 int keys_set; 40 size_t default_len; /* key length used for dynamic key generation */ 41 }; 42 43 typedef enum hostap_security_policy { 44 SECURITY_PLAINTEXT = 0, 45 SECURITY_STATIC_WEP = 1, 46 SECURITY_IEEE_802_1X = 2, 47 SECURITY_WPA_PSK = 3, 48 SECURITY_WPA = 4 49 } secpolicy; 50 51 struct hostapd_ssid { 52 u8 ssid[HOSTAPD_MAX_SSID_LEN]; 53 size_t ssid_len; 54 int ssid_set; 55 56 char vlan[IFNAMSIZ + 1]; 57 secpolicy security_policy; 58 59 struct hostapd_wpa_psk *wpa_psk; 60 char *wpa_passphrase; 61 char *wpa_psk_file; 62 63 struct hostapd_wep_keys wep; 64 65 #define DYNAMIC_VLAN_DISABLED 0 66 #define DYNAMIC_VLAN_OPTIONAL 1 67 #define DYNAMIC_VLAN_REQUIRED 2 68 int dynamic_vlan; 69 #define DYNAMIC_VLAN_NAMING_WITHOUT_DEVICE 0 70 #define DYNAMIC_VLAN_NAMING_WITH_DEVICE 1 71 #define DYNAMIC_VLAN_NAMING_END 2 72 int vlan_naming; 73 #ifdef CONFIG_FULL_DYNAMIC_VLAN 74 char *vlan_tagged_interface; 75 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 76 struct hostapd_wep_keys **dyn_vlan_keys; 77 size_t max_dyn_vlan_keys; 78 }; 79 80 81 #define VLAN_ID_WILDCARD -1 82 83 struct hostapd_vlan { 84 struct hostapd_vlan *next; 85 int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ 86 char ifname[IFNAMSIZ + 1]; 87 int dynamic_vlan; 88 #ifdef CONFIG_FULL_DYNAMIC_VLAN 89 90 #define DVLAN_CLEAN_BR 0x1 91 #define DVLAN_CLEAN_VLAN 0x2 92 #define DVLAN_CLEAN_VLAN_PORT 0x4 93 #define DVLAN_CLEAN_WLAN_PORT 0x8 94 int clean; 95 #endif /* CONFIG_FULL_DYNAMIC_VLAN */ 96 }; 97 98 #define PMK_LEN 32 99 struct hostapd_wpa_psk { 100 struct hostapd_wpa_psk *next; 101 int group; 102 u8 psk[PMK_LEN]; 103 u8 addr[ETH_ALEN]; 104 }; 105 106 struct hostapd_eap_user { 107 struct hostapd_eap_user *next; 108 u8 *identity; 109 size_t identity_len; 110 struct { 111 int vendor; 112 u32 method; 113 } methods[EAP_MAX_METHODS]; 114 u8 *password; 115 size_t password_len; 116 int phase2; 117 int force_version; 118 unsigned int wildcard_prefix:1; 119 unsigned int password_hash:1; /* whether password is hashed with 120 * nt_password_hash() */ 121 int ttls_auth; /* EAP_TTLS_AUTH_* bitfield */ 122 }; 123 124 struct hostapd_radius_attr { 125 u8 type; 126 struct wpabuf *val; 127 struct hostapd_radius_attr *next; 128 }; 129 130 131 #define NUM_TX_QUEUES 4 132 133 struct hostapd_tx_queue_params { 134 int aifs; 135 int cwmin; 136 int cwmax; 137 int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */ 138 }; 139 140 141 #define MAX_ROAMING_CONSORTIUM_LEN 15 142 143 struct hostapd_roaming_consortium { 144 u8 len; 145 u8 oi[MAX_ROAMING_CONSORTIUM_LEN]; 146 }; 147 148 struct hostapd_lang_string { 149 u8 lang[3]; 150 u8 name_len; 151 u8 name[252]; 152 }; 153 154 #define MAX_NAI_REALMS 10 155 #define MAX_NAI_REALMLEN 255 156 #define MAX_NAI_EAP_METHODS 5 157 #define MAX_NAI_AUTH_TYPES 4 158 struct hostapd_nai_realm_data { 159 u8 encoding; 160 char realm_buf[MAX_NAI_REALMLEN + 1]; 161 char *realm[MAX_NAI_REALMS]; 162 u8 eap_method_count; 163 struct hostapd_nai_realm_eap { 164 u8 eap_method; 165 u8 num_auths; 166 u8 auth_id[MAX_NAI_AUTH_TYPES]; 167 u8 auth_val[MAX_NAI_AUTH_TYPES]; 168 } eap_method[MAX_NAI_EAP_METHODS]; 169 }; 170 171 /** 172 * struct hostapd_bss_config - Per-BSS configuration 173 */ 174 struct hostapd_bss_config { 175 char iface[IFNAMSIZ + 1]; 176 char bridge[IFNAMSIZ + 1]; 177 char wds_bridge[IFNAMSIZ + 1]; 178 179 enum hostapd_logger_level logger_syslog_level, logger_stdout_level; 180 181 unsigned int logger_syslog; /* module bitfield */ 182 unsigned int logger_stdout; /* module bitfield */ 183 184 char *dump_log_name; /* file name for state dump (SIGUSR1) */ 185 186 int max_num_sta; /* maximum number of STAs in station table */ 187 188 int dtim_period; 189 190 int ieee802_1x; /* use IEEE 802.1X */ 191 int eapol_version; 192 int eap_server; /* Use internal EAP server instead of external 193 * RADIUS server */ 194 struct hostapd_eap_user *eap_user; 195 char *eap_sim_db; 196 struct hostapd_ip_addr own_ip_addr; 197 char *nas_identifier; 198 struct hostapd_radius_servers *radius; 199 int acct_interim_interval; 200 int radius_request_cui; 201 struct hostapd_radius_attr *radius_auth_req_attr; 202 struct hostapd_radius_attr *radius_acct_req_attr; 203 int radius_das_port; 204 unsigned int radius_das_time_window; 205 int radius_das_require_event_timestamp; 206 struct hostapd_ip_addr radius_das_client_addr; 207 u8 *radius_das_shared_secret; 208 size_t radius_das_shared_secret_len; 209 210 struct hostapd_ssid ssid; 211 212 char *eap_req_id_text; /* optional displayable message sent with 213 * EAP Request-Identity */ 214 size_t eap_req_id_text_len; 215 int eapol_key_index_workaround; 216 217 size_t default_wep_key_len; 218 int individual_wep_key_len; 219 int wep_rekeying_period; 220 int broadcast_key_idx_min, broadcast_key_idx_max; 221 int eap_reauth_period; 222 223 int ieee802_11f; /* use IEEE 802.11f (IAPP) */ 224 char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast 225 * frames */ 226 227 enum { 228 ACCEPT_UNLESS_DENIED = 0, 229 DENY_UNLESS_ACCEPTED = 1, 230 USE_EXTERNAL_RADIUS_AUTH = 2 231 } macaddr_acl; 232 struct mac_acl_entry *accept_mac; 233 int num_accept_mac; 234 struct mac_acl_entry *deny_mac; 235 int num_deny_mac; 236 int wds_sta; 237 int isolate; 238 239 int auth_algs; /* bitfield of allowed IEEE 802.11 authentication 240 * algorithms, WPA_AUTH_ALG_{OPEN,SHARED,LEAP} */ 241 242 int wpa; /* bitfield of WPA_PROTO_WPA, WPA_PROTO_RSN */ 243 int wpa_key_mgmt; 244 #ifdef CONFIG_IEEE80211W 245 enum mfp_options ieee80211w; 246 /* dot11AssociationSAQueryMaximumTimeout (in TUs) */ 247 unsigned int assoc_sa_query_max_timeout; 248 /* dot11AssociationSAQueryRetryTimeout (in TUs) */ 249 int assoc_sa_query_retry_timeout; 250 #endif /* CONFIG_IEEE80211W */ 251 enum { 252 PSK_RADIUS_IGNORED = 0, 253 PSK_RADIUS_ACCEPTED = 1, 254 PSK_RADIUS_REQUIRED = 2 255 } wpa_psk_radius; 256 int wpa_pairwise; 257 int wpa_group; 258 int wpa_group_rekey; 259 int wpa_strict_rekey; 260 int wpa_gmk_rekey; 261 int wpa_ptk_rekey; 262 int rsn_pairwise; 263 int rsn_preauth; 264 char *rsn_preauth_interfaces; 265 int peerkey; 266 267 #ifdef CONFIG_IEEE80211R 268 /* IEEE 802.11r - Fast BSS Transition */ 269 u8 mobility_domain[MOBILITY_DOMAIN_ID_LEN]; 270 u8 r1_key_holder[FT_R1KH_ID_LEN]; 271 u32 r0_key_lifetime; 272 u32 reassociation_deadline; 273 struct ft_remote_r0kh *r0kh_list; 274 struct ft_remote_r1kh *r1kh_list; 275 int pmk_r1_push; 276 int ft_over_ds; 277 #endif /* CONFIG_IEEE80211R */ 278 279 char *ctrl_interface; /* directory for UNIX domain sockets */ 280 #ifndef CONFIG_NATIVE_WINDOWS 281 gid_t ctrl_interface_gid; 282 #endif /* CONFIG_NATIVE_WINDOWS */ 283 int ctrl_interface_gid_set; 284 285 char *ca_cert; 286 char *server_cert; 287 char *private_key; 288 char *private_key_passwd; 289 int check_crl; 290 char *dh_file; 291 u8 *pac_opaque_encr_key; 292 u8 *eap_fast_a_id; 293 size_t eap_fast_a_id_len; 294 char *eap_fast_a_id_info; 295 int eap_fast_prov; 296 int pac_key_lifetime; 297 int pac_key_refresh_time; 298 int eap_sim_aka_result_ind; 299 int tnc; 300 int fragment_size; 301 u16 pwd_group; 302 303 char *radius_server_clients; 304 int radius_server_auth_port; 305 int radius_server_ipv6; 306 307 char *test_socket; /* UNIX domain socket path for driver_test */ 308 309 int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group 310 * address instead of individual address 311 * (for driver_wired.c). 312 */ 313 314 int ap_max_inactivity; 315 int ignore_broadcast_ssid; 316 317 int wmm_enabled; 318 int wmm_uapsd; 319 320 struct hostapd_vlan *vlan, *vlan_tail; 321 322 macaddr bssid; 323 324 /* 325 * Maximum listen interval that STAs can use when associating with this 326 * BSS. If a STA tries to use larger value, the association will be 327 * denied with status code 51. 328 */ 329 u16 max_listen_interval; 330 331 int disable_pmksa_caching; 332 int okc; /* Opportunistic Key Caching */ 333 334 int wps_state; 335 #ifdef CONFIG_WPS 336 int ap_setup_locked; 337 u8 uuid[16]; 338 char *wps_pin_requests; 339 char *device_name; 340 char *manufacturer; 341 char *model_name; 342 char *model_number; 343 char *serial_number; 344 u8 device_type[WPS_DEV_TYPE_LEN]; 345 char *config_methods; 346 u8 os_version[4]; 347 char *ap_pin; 348 int skip_cred_build; 349 u8 *extra_cred; 350 size_t extra_cred_len; 351 int wps_cred_processing; 352 u8 *ap_settings; 353 size_t ap_settings_len; 354 char *upnp_iface; 355 char *friendly_name; 356 char *manufacturer_url; 357 char *model_description; 358 char *model_url; 359 char *upc; 360 struct wpabuf *wps_vendor_ext[MAX_WPS_VENDOR_EXTENSIONS]; 361 int wps_nfc_dev_pw_id; 362 struct wpabuf *wps_nfc_dh_pubkey; 363 struct wpabuf *wps_nfc_dh_privkey; 364 struct wpabuf *wps_nfc_dev_pw; 365 #endif /* CONFIG_WPS */ 366 int pbc_in_m1; 367 368 #define P2P_ENABLED BIT(0) 369 #define P2P_GROUP_OWNER BIT(1) 370 #define P2P_GROUP_FORMATION BIT(2) 371 #define P2P_MANAGE BIT(3) 372 #define P2P_ALLOW_CROSS_CONNECTION BIT(4) 373 int p2p; 374 375 int disassoc_low_ack; 376 int skip_inactivity_poll; 377 378 #define TDLS_PROHIBIT BIT(0) 379 #define TDLS_PROHIBIT_CHAN_SWITCH BIT(1) 380 int tdls; 381 int disable_11n; 382 int disable_11ac; 383 384 /* IEEE 802.11v */ 385 int time_advertisement; 386 char *time_zone; 387 388 /* IEEE 802.11u - Interworking */ 389 int interworking; 390 int access_network_type; 391 int internet; 392 int asra; 393 int esr; 394 int uesa; 395 int venue_info_set; 396 u8 venue_group; 397 u8 venue_type; 398 u8 hessid[ETH_ALEN]; 399 400 /* IEEE 802.11u - Roaming Consortium list */ 401 unsigned int roaming_consortium_count; 402 struct hostapd_roaming_consortium *roaming_consortium; 403 404 /* IEEE 802.11u - Venue Name duples */ 405 unsigned int venue_name_count; 406 struct hostapd_lang_string *venue_name; 407 408 /* IEEE 802.11u - Network Authentication Type */ 409 u8 *network_auth_type; 410 size_t network_auth_type_len; 411 412 /* IEEE 802.11u - IP Address Type Availability */ 413 u8 ipaddr_type_availability; 414 u8 ipaddr_type_configured; 415 416 /* IEEE 802.11u - 3GPP Cellular Network */ 417 u8 *anqp_3gpp_cell_net; 418 size_t anqp_3gpp_cell_net_len; 419 420 /* IEEE 802.11u - Domain Name */ 421 u8 *domain_name; 422 size_t domain_name_len; 423 424 unsigned int nai_realm_count; 425 struct hostapd_nai_realm_data *nai_realm_data; 426 427 u16 gas_comeback_delay; 428 int gas_frag_limit; 429 430 #ifdef CONFIG_HS20 431 int hs20; 432 int disable_dgaf; 433 unsigned int hs20_oper_friendly_name_count; 434 struct hostapd_lang_string *hs20_oper_friendly_name; 435 u8 *hs20_wan_metrics; 436 u8 *hs20_connection_capability; 437 size_t hs20_connection_capability_len; 438 u8 *hs20_operating_class; 439 u8 hs20_operating_class_len; 440 #endif /* CONFIG_HS20 */ 441 442 u8 wps_rf_bands; /* RF bands for WPS (WPS_RF_*) */ 443 444 #ifdef CONFIG_RADIUS_TEST 445 char *dump_msk_file; 446 #endif /* CONFIG_RADIUS_TEST */ 447 448 struct wpabuf *vendor_elements; 449 }; 450 451 452 /** 453 * struct hostapd_config - Per-radio interface configuration 454 */ 455 struct hostapd_config { 456 struct hostapd_bss_config *bss, *last_bss; 457 size_t num_bss; 458 459 u16 beacon_int; 460 int rts_threshold; 461 int fragm_threshold; 462 u8 send_probe_response; 463 u8 channel; 464 enum hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ 465 enum { 466 LONG_PREAMBLE = 0, 467 SHORT_PREAMBLE = 1 468 } preamble; 469 470 int *supported_rates; 471 int *basic_rates; 472 473 const struct wpa_driver_ops *driver; 474 475 int ap_table_max_size; 476 int ap_table_expiration_time; 477 478 char country[3]; /* first two octets: country code as described in 479 * ISO/IEC 3166-1. Third octet: 480 * ' ' (ascii 32): all environments 481 * 'O': Outdoor environemnt only 482 * 'I': Indoor environment only 483 */ 484 485 int ieee80211d; 486 487 struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; 488 489 /* 490 * WMM AC parameters, in same order as 802.1D, i.e. 491 * 0 = BE (best effort) 492 * 1 = BK (background) 493 * 2 = VI (video) 494 * 3 = VO (voice) 495 */ 496 struct hostapd_wmm_ac_params wmm_ac_params[4]; 497 498 int ht_op_mode_fixed; 499 u16 ht_capab; 500 int ieee80211n; 501 int secondary_channel; 502 int require_ht; 503 u32 vht_capab; 504 int ieee80211ac; 505 int require_vht; 506 u8 vht_oper_chwidth; 507 u8 vht_oper_centr_freq_seg0_idx; 508 }; 509 510 511 int hostapd_mac_comp(const void *a, const void *b); 512 int hostapd_mac_comp_empty(const void *a); 513 struct hostapd_config * hostapd_config_defaults(void); 514 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss); 515 void hostapd_config_free(struct hostapd_config *conf); 516 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries, 517 const u8 *addr, int *vlan_id); 518 int hostapd_rate_found(int *list, int rate); 519 int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, 520 struct hostapd_wep_keys *b); 521 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, 522 const u8 *addr, const u8 *prev_psk); 523 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); 524 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, 525 int vlan_id); 526 const struct hostapd_eap_user * 527 hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity, 528 size_t identity_len, int phase2); 529 struct hostapd_radius_attr * 530 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type); 531 532 #endif /* HOSTAPD_CONFIG_H */ 533