From patchwork Fri Oct 12 15:26:06 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kevin 'ldir' Darbyshire-Bryant X-Patchwork-Id: 983140 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=darbyshire-bryant.me.uk Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="i+MouLqM"; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=darbyshire-bryant.me.uk header.i=@darbyshire-bryant.me.uk header.b="kvTWkBr0"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 42WsC40MTbz9s3Z for ; Sat, 13 Oct 2018 02:27:12 +1100 (AEDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:Subject:MIME-Version:References: In-Reply-To:Message-Id:Date:To:From:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=RkNgxWn5cpnLXD2q+p2LfAtfFSX9OTjjnqOErvFHhno=; b=i+MouLqMASZDYz +WJwU5XzorPysOpAKvPRSTOkMoIvjvjyetkSG0MpEY8RrPUgFBUk7xsZpLyUag1PdXNsrQQ9sqVhV 4pg7hCxPu5BhLxQ9dy81mGd/FWh/B+KtxZgr+0NLw4oOW07sh2R17sbfztusC3gwE0Gh1ELhS6GT/ vv2uVbDyTBN46NJ1ZN9qmKqt0LlrozF2/TgUgBUO3FtimVnAe6RerIpPdq+c1/JepQ7c3BDtJfBzY uMHe4vjf0XS1+2OZfS0C48GXtggzFUf0zd2PoVCRF5Fybvx5cDdVl7VJI/mzfCjqrc5u7lnoZTpAi Qp+NxSc6rnHiWtyZvyZQ==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAzLE-0007wD-Us; Fri, 12 Oct 2018 15:27:05 +0000 Received: from mail-eopbgr30078.outbound.protection.outlook.com ([40.107.3.78] helo=EUR03-AM5-obe.outbound.protection.outlook.com) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1gAzKh-0007ig-V4 for openwrt-devel@lists.openwrt.org; Fri, 12 Oct 2018 15:27:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=darbyshire-bryant.me.uk; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8QGcNXdRaMos3PpqKOp0hFB4ie+n6GJm2hv2ZoQNAFI=; b=kvTWkBr0SYd5ED6sH6JybNvk+ALlRctcO7gy70fXFDdgggcY3FL+hD2aj9Sn3HwTOVbYRlYECZjS7DYTLbcJ6juAt8AuykYJzN2UBzJnUozM+AdDDqQ712RqSdfIzuJcWkAfgqi+S76eW9N4P0ikluKbBE0PEPZG/EYr81qnQlA= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=kevin@darbyshire-bryant.me.uk; Received: from Kevins-MBP.lan.darbyshire-bryant.me.uk (188.221.217.140) by AM4PR0302MB2739.eurprd03.prod.outlook.com (2603:10a6:200:92::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1228.23; Fri, 12 Oct 2018 15:26:14 +0000 From: Kevin Darbyshire-Bryant To: openwrt-devel@lists.openwrt.org Date: Fri, 12 Oct 2018 16:26:06 +0100 Message-Id: <20181012152607.51628-2-ldir@darbyshire-bryant.me.uk> X-Mailer: git-send-email 2.17.1 (Apple Git-112) In-Reply-To: <20181012152607.51628-1-ldir@darbyshire-bryant.me.uk> References: <20181012152607.51628-1-ldir@darbyshire-bryant.me.uk> MIME-Version: 1.0 X-Originating-IP: [188.221.217.140] X-ClientProxiedBy: CWXP265CA0088.GBRP265.PROD.OUTLOOK.COM (2603:10a6:401:39::28) To AM4PR0302MB2739.eurprd03.prod.outlook.com (2603:10a6:200:92::11) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 0d32eee1-c295-4d61-1b83-08d630570c2a X-Microsoft-Antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600074)(711020)(2017052603328)(7153060)(7193020); SRVR:AM4PR0302MB2739; X-Microsoft-Exchange-Diagnostics: 1; AM4PR0302MB2739; 3:Wlwtc3xHAL036RktOCKMrhjXwKlD11cBgGTmPP7d8t1LuZ1xqfvivKQJ/l5VqSXwcIuYMredJr9RdqV7XdbRDg0chIBINCTYVvGiIhJBjee4iObIte30d8cOD8tDPCX4XB7VatpoSFIXYQlTP9UFLkdZ/mY5OAOfsCpqcb8o1DrzBoil/kXfK5rhvUXT3KLomekdoGYI8vQ44dObl6UHu9TiWIRZzqbY3v7l95/qQruZXk/FxOSHesd06HCvqNLc; 25:AwjnsKN+HFmymazR3T8OBOdVbYg5Gngzu/Q1UaT/xes6ebDmsm9dQmIpQC0Jb8hf9JseNFh7ZLrOtslBNtw9+gCFvECI6o8qrRYZjM+Qia+3wI4RD5GvKIv+U3HAhHnennG2ynhAtYTzjEWfXWDBjDHh5+1vczKb6uNqb8PLCbF3WO3b0elTOiT4IYT6F2RUQUqHqwR1Jx3tJ2RQnimpOuA82dxzEa1Q5end9b8Yh6OQncsPFlVoO2GiNZ2/pbe/0Fm+npjL9plkWJRzaJ5lYmoQmViHivUoMMR4eoTrHtErtn6axLZOQSmy2bx7IbrxKPc95W6IosMp8AkGXeehlw==; 31:LLiRVDR7Mj13Jc+Vp7sE6tbf7+jPHpoHAz5OtShTFaZhvYFvL5IaeL3LQbKZqJIhl5do8ZeFP5RPN/dmj3Vsm+K7rHqI1wN+7bOJ0mm7I4g44zDEoJxJreXt71vqfx0Yivm8tOwSzYOpHOuSzl2ziVQKo2nZ8RoMSdIWQ3VwaH1jMiVQsaU4wbtnNpF2ZkTtUBRjbogD1gjvQ49nILEJBvKYqqMW3LHjcHYtRUzeAmw= X-MS-TrafficTypeDiagnostic: AM4PR0302MB2739: X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(158342451672863)(21532816269658)(20558992708506)(269456686620040)(265634631926514); X-MS-Exchange-SenderADCheck: 1 X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(10201501046)(3231355)(944501410)(4982022)(52105095)(3002001)(149066)(150057)(6041310)(20161123562045)(20161123564045)(20161123558120)(20161123560045)(2016111802025)(6043046)(201708071742011)(7699051); SRVR:AM4PR0302MB2739; BCL:0; PCL:0; RULEID:; SRVR:AM4PR0302MB2739; X-Microsoft-Exchange-Diagnostics: 1; AM4PR0302MB2739; 4:okMfM2iR59oh7El/Chj68cSDybeWSAAodrcGwl2GEw3p6MCPH36ia3CjZsLTtFNAJ++v2YXHwZqJ+9o/2vBDP4LcdAcJI2qnJhWlgPH0RWIugYg5e6eS2AMpzMO0gR6DTg0oIVUf89y5/9ZcPRSYzSHqVFgvmOu7P0YYuzGzq2F1gHEItcMXv8CZpC5IMnqCfVON8F8F4D0X85j7/K+b+/3BH2lZZirr6XwK6H5BvrznHc9JixGYOCV1MfUlE2fPI8MYmck7aFWANo/ZTOl7Ws6PEDVb09tHLZ8BXW0RE9NpTnOFJyvF4m+O8slm4XivlsscjOVN6n2NUsCu3tGvXJkMHLrVy6sE7M2gGpW4jWhri6TzfYPn/pmcXdJ2/9hxWJehW8bFCrKSdXQLI2OQEJXQYgNbQ3pZrd/axLtyIt5koP6uTnsYNKZaKzks47iSTFZCxGbF+GjsTNbausNGYQ== X-Forefront-PRVS: 0823A5777B X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(346002)(376002)(396003)(366004)(136003)(39830400003)(199004)(189003)(2906002)(52116002)(105586002)(47776003)(66066001)(3846002)(50466002)(48376002)(6916009)(11346002)(446003)(476003)(486006)(50226002)(2351001)(956004)(2616005)(51416003)(7696005)(36756003)(4744004)(6116002)(551544002)(76176011)(1076002)(6666004)(6306002)(386003)(14444005)(305945005)(316002)(16586007)(5660300001)(107886003)(106356001)(6486002)(53936002)(8936002)(16526019)(8676002)(1720100001)(97736004)(2361001)(81166006)(81156014)(53946003)(74482002)(186003)(4326008)(26005)(508600001)(68736007)(7736002)(45080400002)(966005)(25786009)(579004); DIR:OUT; SFP:1101; SCL:1; SRVR:AM4PR0302MB2739; H:Kevins-MBP.lan.darbyshire-bryant.me.uk; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; Received-SPF: None (protection.outlook.com: darbyshire-bryant.me.uk does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; AM4PR0302MB2739; 23:zMYwrtGFtggkJfG8joKhgsixV/0yhS9PD9QdDQb?= mvQZYhcfL5lv/SpX8vlK4C2uP2qUBWvnVehkqXB/3sxwOZrAJuvxcHxw3XO92SACdUZs4xxbLJK8b1TyIrfS6zL/PMgiZF+DSBWkPi3RVnJeFxEq6pw/VR9VkH87dQezvsoYiMmFDQzn6nsx/sYBtLou/5w2ZkTQyYPSyVAHGIpLtyuopYZW/+2MjpajLgpjf1qetiiViRL5duCE2HIBibch8Aq6cuppidd5t/1ktwjhRQ2mSTM/VJonRgsrQ7WsF6Bm+Yz7AAl0Plct5d5xLH/AgwtafxPaiD1e/goPNOa587hFoMJlCoIoTCtv6GR5H7U4cNRTD3MAzHSI0hpbKuh9VDIa04w/Y0KBh53I4lYrnAn/TLzlqsz/4p2uvoJdyFfdBQvt6FR307ixiSjTe9hmr3C1vS3NawPlf2uzsIg48Hw43rWSXk+AZD2PJBzqcd3hs1YItgAhmw8fvj4iMWE3/9nCRd0mHhBdcK604vpVkE+H17B2nQGDt26MyQyqSABMiUifWutYY/8DavH/HCAh3DQxrt0Gwwe0eHwiQgisU0WWoge4yeqF/cIPqAGV9WCaM8HIraIfZ5Sg1UYyJDMCw+LQLiyPyQloB4oNy8vGsTP7Pp1Ce5wlf6gFidpGybcFznIZTzjcD4UmGt8kADhFlQ4cWWnu1kjKkbML2LXG6iw2bc/5Y9U8STA2iDhJknClDuwB63JuGHjanNLTXT4BKR3G8ZeITnb55S9Gd2wnetYh+jeDoQRcS6p4HWXHhkxUQgje4+9eGOL3cCiIPh5DKvnDflJPXEmQHu1uMuos3mAjwvTWemoGL5dS4btduir3yisA1QCDvpCBJQ49xpXyqIBfmjzIBisIuiuwTv6dtWuIy8tvXjHsdVb3HlBLvFBBw4dMmCott93wPMHwHhPth9eyebJj1G1xxsUDhZMf8iiqMIebwA+TbbuQGwwPfQm5UfS6qkWPQNNoGPJpC4RR53vKrZs/QYqFVWFTfkjtodjJ8mStyOUo8aniJirYJqyfE77IbHlvuuN5UeqDGnNdUm9c0m2xnKSoleL2ixdOEM0h1uTUa45qIQcZNvuu2Neo9JwyLzzII99zwkLIYKyZJNSAUSNFa30AuC28SeIu+wlwF0x9b3QCt41UgIJdfBdJhY2TTeBzzkGES/HwzZl2+pyXGSOEou0eNV7AWrNJlul08ef6Ex/JiC3+0mKnzlO/WME5yQINe7ezvc7DxtNULpt7r9VzlqN87X9vPKJ6cwAZbUAWfsAcfeY6ctxsyP3i096M+mqly5LdC0bgwkBJb4b50Es7T6VIrnTuoJ6x+UCWKgryoiJDaUyp994drmVXX2hMYG2XCTDj3hj/Eic/xX1pY5qU4TRHKZjQcCH8fLw== X-Microsoft-Antispam-Message-Info: LegIkdo66O4Zw5tfyRWS5qbmilh7fjIvbMoN9mum2HCyALp5oHPZ4pC3Uw4uoXP+A5CT/D3r/itHTtnHJ3nbAsJjlSPcPEqQkxC0zxeAh++7b8S5CTSBAaGy1i9zwwIqhAr/WQfHqW2tvirfy/vqo56r3o2BspEsiXs5XOFEqjlbYdwtCywCNoc+5Rd3ESN5PzF3V7InmluuCnYMChHL25dkvXpHLjtRIZ5MvKXm4DXXMRX9tk6UFuCSj3DUSRg12j/08T6cmFC15gJqrrPghFEm3G5CbMIgIyt+quqPqtjMDdt8B8yjdrYhdkNORIQZI5/iV6tttFGVuBGtxgHkC9pN/wGCAFpey3rJXeUAfZI= X-Microsoft-Exchange-Diagnostics: 1; AM4PR0302MB2739; 6:uBh/VjSVhErvPKLYCeJo3+1rbKehFysDBEzBbUURWnfCFBQHQDWdxvyTsoNNUlC5hmFoOrvEojjLl8D/MdXlnEtj/GxBJBCLQAkm0E6XaUYWmBhUIZDXJoNnTELPYuZpS2c5St+31t2Tlkrw6a5vfMBXQ8R3jGLJoYMvvSdPFajeCUIpA3TH+kkL+YUk1vzXSfgsY6Oo0vwr50vpF2EGV6O19wTf/e3Am5wN4c2ATD2ffLjFdBHB4RNkASifM3K/5MFdG79QqE4nwswqzxvcs7sWmIceKnvqK8/fM/eLKI5e+e7MPofMHlB/FsaaFV5egYr/jDwWYCm3boJqsxWPTJl+8Wi5ZNJvwrhBBy+erOn1+IeZ3Zt/lHRGcbItTw2BLmCOiMCmIB4djmZI0FS9SlDK5bJh1YUD9H+msd3f7Vjoq5cA4g4EJYB9F1F/kL/xAuvZZQ8mm1BDuwNh+AWlsw==; 5:8yCZE+6TCUOVVN/MrGSQAocQqwEDuhpn3WnpGn8f13Y+zwTewyCPhGB9S8TISgjF5kU64SOUHYc44qo2Dwh/TOUDBWJO1VnJYe/9Ae1mSM4KtSsQBvUYgcG10vpUvNTyGv2I7oFtCl99G9mxIuHxpGi1QRrKqUMSK4XG/PCwE7A=; 7:zJrg16sehEMtaasUpLE3eE7QHGgOAm77TufEq3og0QI2K/5j+5HyjkXjQNVV5lHPaKdIyoOUbq5mQt/vmB0JL1/fk10NNGLW3u59suYPprrd0IVB9BWOHYG6mBi679fPsWD3IyRfTsviLR8b74Mb92YI9lyNpn/3Cvnvoq2+ObKx8RyjG4sd4yHQA8vR5seCBcNESJrTZZcX8iZ+AG0BWLHeW67mbmBYZgsUt7jA3BT86t9OI41oScDiH3zIoB8A SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: darbyshire-bryant.me.uk X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Oct 2018 15:26:14.2927 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 0d32eee1-c295-4d61-1b83-08d630570c2a X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 9151708b-c553-406f-8e56-694f435154a4 X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM4PR0302MB2739 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20181012_082632_163786_B7CBDEE4 X-CRM114-Status: UNSURE ( 7.44 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [40.107.3.78 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid Subject: [OpenWrt-Devel] [PATCH 1/2] hostapd: add basic variant X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kevin Darbyshire-Bryant Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org Add a basic variant which provides WPA-PSK only, 802.11r and 802.11w. Signed-off-by: Kevin Darbyshire-Bryant Acked-by: Jo-Philipp Wich --- include/target.mk | 2 +- package/network/services/hostapd/Config.in | 6 + package/network/services/hostapd/Makefile | 37 ++ .../hostapd/files/hostapd-basic.config | 380 +++++++++++ .../hostapd/files/wpa_supplicant-basic.config | 593 ++++++++++++++++++ 5 files changed, 1017 insertions(+), 1 deletion(-) create mode 100644 package/network/services/hostapd/files/hostapd-basic.config create mode 100644 package/network/services/hostapd/files/wpa_supplicant-basic.config diff --git a/include/target.mk b/include/target.mk index 88beae5001..1d6888fde3 100644 --- a/include/target.mk +++ b/include/target.mk @@ -59,7 +59,7 @@ endif DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE)) filter_packages = $(filter-out -% $(patsubst -%,%,$(filter -%,$(1))),$(1)) -extra_packages = $(if $(filter wpad-mini wpad nas,$(1)),iwinfo) +extra_packages = $(if $(filter wpad-mini wpad-basic wpad nas,$(1)),iwinfo) define ProfileDefault NAME:= diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in index 222cfb7f13..578fba839c 100644 --- a/package/network/services/hostapd/Config.in +++ b/package/network/services/hostapd/Config.in @@ -6,11 +6,13 @@ config WPA_SUPPLICANT_NO_TIMESTAMP_CHECK PACKAGE_wpa-supplicant-wolfssl || \ PACKAGE_wpa-supplicant-mesh-openssl || \ PACKAGE_wpa-supplicant-mesh-wolfssl || \ + PACKAGE_wpa-supplicant-basic || \ PACKAGE_wpa-supplicant-mini || \ PACKAGE_wpa-supplicant-p2p || \ PACKAGE_wpad || \ PACKAGE_wpad-openssl || \ PACKAGE_wpad-wolfssl || \ + PACKAGE_wpad-basic || \ PACKAGE_wpad-mini || \ PACKAGE_wpad-mesh-openssl || \ PACKAGE_wpad-mesh-wolfssl @@ -26,11 +28,13 @@ config WPA_RFKILL_SUPPORT PACKAGE_wpa-supplicant-wolfssl || \ PACKAGE_wpa-supplicant-mesh-openssl || \ PACKAGE_wpa-supplicant-mesh-wolfssl || \ + PACKAGE_wpa-supplicant-basic || \ PACKAGE_wpa-supplicant-mini || \ PACKAGE_wpa-supplicant-p2p || \ PACKAGE_wpad || \ PACKAGE_wpad-openssl || \ PACKAGE_wpad-wolfssl || \ + PACKAGE_wpad-basic || \ PACKAGE_wpad-mini || \ PACKAGE_wpad-mesh-openssl || \ PACKAGE_wpad-mesh-wolfssl @@ -43,11 +47,13 @@ config WPA_MSG_MIN_PRIORITY PACKAGE_wpa-supplicant-wolfssl || \ PACKAGE_wpa-supplicant-mesh-openssl || \ PACKAGE_wpa-supplicant-mesh-wolfssl || \ + PACKAGE_wpa-supplicant-basic || \ PACKAGE_wpa-supplicant-mini || \ PACKAGE_wpa-supplicant-p2p || \ PACKAGE_wpad || \ PACKAGE_wpad-openssl || \ PACKAGE_wpad-wolfssl || \ + PACKAGE_wpad-basic || \ PACKAGE_wpad-mini || \ PACKAGE_wpad-mesh-openssl || \ PACKAGE_wpad-mesh-wolfssl diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile index a5c5379738..1b67216676 100644 --- a/package/network/services/hostapd/Makefile +++ b/package/network/services/hostapd/Makefile @@ -26,6 +26,7 @@ PKG_CONFIG_DEPENDS:= \ CONFIG_PACKAGE_kmod-ath9k \ CONFIG_PACKAGE_kmod-cfg80211 \ CONFIG_PACKAGE_hostapd \ + CONFIG_PACKAGE_hostapd-basic \ CONFIG_PACKAGE_hostapd-mini \ CONFIG_WPA_RFKILL_SUPPORT \ CONFIG_DRIVER_WEXT_SUPPORT \ @@ -95,6 +96,10 @@ ifeq ($(LOCAL_VARIANT),full) DRIVER_MAKEOPTS += CONFIG_IEEE80211W=$(CONFIG_DRIVER_11W_SUPPORT) endif +ifeq ($(LOCAL_VARIANT),basic) + DRIVER_MAKEOPTS += CONFIG_IEEE80211W=$(CONFIG_DRIVER_11W_SUPPORT) +endif + ifeq ($(LOCAL_VARIANT),full) ifeq ($(SSL_VARIANT),openssl) DRIVER_MAKEOPTS += CONFIG_TLS=openssl @@ -176,6 +181,16 @@ endef Package/hostapd-wolfssl/description = $(Package/hostapd/description) +define Package/hostapd-basic +$(call Package/hostapd/Default,$(1)) + TITLE+= (WPA-PSK, 11r and 11w) + VARIANT:=basic +endef + +define Package/hostapd-basic/description + This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support. +endef + define Package/hostapd-mini $(call Package/hostapd/Default,$(1)) TITLE+= (WPA-PSK only) @@ -228,6 +243,16 @@ endef Package/wpad-wolfssl/description = $(Package/wpad/description) +define Package/wpad-basic +$(call Package/wpad/Default,$(1)) + TITLE+= (WPA-PSK, 11r and 11w) + VARIANT:=wpad-basic +endef + +define Package/wpad-basic/description + This package contains a basic IEEE 802.1x/WPA Authenticator and Supplicant with WPA-PSK, 802.11r and 802.11w support. +endef + define Package/wpad-mini $(call Package/wpad/Default,$(1)) TITLE+= (WPA-PSK only) @@ -324,6 +349,12 @@ $(call Package/wpa-supplicant-mesh/Default,$(1)) DEPENDS+=+libwolfssl endef +define Package/wpa-supplicant-basic +$(call Package/wpa-supplicant/Default,$(1)) + TITLE+= (with 11r and 11w) + VARIANT:=supplicant-basic +endef + define Package/wpa-supplicant-mini $(call Package/wpa-supplicant/Default,$(1)) TITLE+= (minimal version) @@ -511,6 +542,7 @@ define Package/hostapd/install $(call Install/hostapd,$(1)) $(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/ endef +Package/hostapd-basic/install = $(Package/hostapd/install) Package/hostapd-mini/install = $(Package/hostapd/install) Package/hostapd-openssl/install = $(Package/hostapd/install) Package/hostapd-wolfssl/install = $(Package/hostapd/install) @@ -530,6 +562,7 @@ define Package/wpad/install $(LN) wpad $(1)/usr/sbin/hostapd $(LN) wpad $(1)/usr/sbin/wpa_supplicant endef +Package/wpad-basic/install = $(Package/wpad/install) Package/wpad-mini/install = $(Package/wpad/install) Package/wpad-openssl/install = $(Package/wpad/install) Package/wpad-wolfssl/install = $(Package/wpad/install) @@ -540,6 +573,7 @@ define Package/wpa-supplicant/install $(call Install/supplicant,$(1)) $(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/ endef +Package/wpa-supplicant-basic/install = $(Package/wpa-supplicant/install) Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install) Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install) Package/wpa-supplicant-openssl/install = $(Package/wpa-supplicant/install) @@ -576,18 +610,21 @@ ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl) endif $(eval $(call BuildPackage,hostapd)) +$(eval $(call BuildPackage,hostapd-basic)) $(eval $(call BuildPackage,hostapd-mini)) $(eval $(call BuildPackage,hostapd-openssl)) $(eval $(call BuildPackage,hostapd-wolfssl)) $(eval $(call BuildPackage,wpad)) $(eval $(call BuildPackage,wpad-mesh-openssl)) $(eval $(call BuildPackage,wpad-mesh-wolfssl)) +$(eval $(call BuildPackage,wpad-basic)) $(eval $(call BuildPackage,wpad-mini)) $(eval $(call BuildPackage,wpad-openssl)) $(eval $(call BuildPackage,wpad-wolfssl)) $(eval $(call BuildPackage,wpa-supplicant)) $(eval $(call BuildPackage,wpa-supplicant-mesh-openssl)) $(eval $(call BuildPackage,wpa-supplicant-mesh-wolfssl)) +$(eval $(call BuildPackage,wpa-supplicant-basic)) $(eval $(call BuildPackage,wpa-supplicant-mini)) $(eval $(call BuildPackage,wpa-supplicant-p2p)) $(eval $(call BuildPackage,wpa-supplicant-openssl)) diff --git a/package/network/services/hostapd/files/hostapd-basic.config b/package/network/services/hostapd/files/hostapd-basic.config new file mode 100644 index 0000000000..b15116fbbe --- /dev/null +++ b/package/network/services/hostapd/files/hostapd-basic.config @@ -0,0 +1,380 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +#CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +CONFIG_DRIVER_WIRED=y + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +#CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +#CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Integrated EAP server +#CONFIG_EAP=y + +# EAP Re-authentication Protocol (ERP) in integrated EAP server +#CONFIG_ERP=y + +# EAP-MD5 for the integrated EAP server +#CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +#CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +#CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +#CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +#CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +#CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd for the integrated EAP server (secure authentication with a password) +#CONFIG_EAP_PWD=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# EAP-EKE for the integrated EAP server +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +#CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +#CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + +# IEEE 802.11ax HE support +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11ax version. +#CONFIG_IEEE80211AX=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Add support for writing debug log to a file: -f /tmp/hostapd.log +# Disabled by default. +#CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +CONFIG_DEBUG_SYSLOG=y + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Remove support for RADIUS accounting +CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +# Enable support for fully dynamic VLANs. This enables hostapd to +# automatically create bridge and VLAN interfaces if necessary. +#CONFIG_FULL_DYNAMIC_VLAN=y + +# Use netlink-based kernel API for VLAN operations instead of ioctl() +# Note: This requires libnl 3.1 or newer. +#CONFIG_VLAN_NETLINK=y + +# Remove support for dumping internal state through control interface commands +# This can be used to reduce binary size at the cost of disabling a debugging +# option. +CONFIG_NO_DUMP_STATE=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# hostapd depends on strong random number generation being available from the +# operating system. os_get_random() function is used to fetch random data when +# needed, e.g., for key generation. On Linux and BSD systems, this works by +# reading /dev/urandom. It should be noted that the OS entropy pool needs to be +# properly initialized before hostapd is started. This is important especially +# on embedded devices that do not have a hardware random number generator and +# may by default start up with minimal entropy available for random number +# generation. +# +# As a safety net, hostapd is by default trying to internally collect +# additional entropy for generating random data to mix in with the data +# fetched from the OS. This by itself is not considered to be very strong, but +# it may help in cases where the system pool is not initialized properly. +# However, it is very strongly recommended that the system pool is initialized +# with enough entropy either by using hardware assisted random number +# generator or by storing state over device reboots. +# +# hostapd can be configured to maintain its own entropy store over restarts to +# enhance random number generation. This is not perfect, but it is much more +# secure than using the same sequence of random numbers after every reboot. +# This can be enabled with -e command line option. The specified +# file needs to be readable and writable by hostapd. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal hostapd random pool can be disabled. +# This will save some in binary size and CPU use. However, this should only be +# considered for builds that are known to be used on devices that meet the +# requirements described above. +CONFIG_NO_RANDOM_POOL=y + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +#CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. +#CONFIG_TLSV12=y + +# Select which ciphers to use by default with OpenSSL if the user does not +# specify them. +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks. +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file +#CONFIG_SQLITE=y + +# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + +# Testing options +# This can be used to enable some testing options (see also the example +# configuration file) that are really useful only for testing clients that +# connect to this hostapd. These options allow, for example, to drop a +# certain percentage of probe requests or auth/(re)assoc frames. +# +#CONFIG_TESTING_OPTIONS=y + +# Automatic Channel Selection +# This will allow hostapd to pick the channel automatically when channel is set +# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# You can customize the ACS survey algorithm with the hostapd.conf variable +# acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +# +#CONFIG_ACS=y + +# Multiband Operation support +# These extentions facilitate efficient use of multiple frequency bands +# available to the AP and the devices that may associate with it. +#CONFIG_MBO=y + +# Client Taxonomy +# Has the AP retain the Probe Request and (Re)Association Request frames from +# a client, from which a signature can be produced which can identify the model +# of client device like "Nexus 6P" or "iPhone 5s". +#CONFIG_TAXONOMY=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +# Note: This is an experimental and not yet complete implementation. This +# should not be enabled for production use. +#CONFIG_FILS=y +# FILS shared key authentication with PFS +#CONFIG_FILS_SK_PFS=y + +# Include internal line edit mode in hostapd_cli. This can be used to provide +# limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y + +# uBus IPC/RPC System +# Services can connect to the bus and provide methods +# that can be called by other services or clients. +CONFIG_UBUS=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config new file mode 100644 index 0000000000..7c33996691 --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config @@ -0,0 +1,593 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# wpa_supplicant binary. All lines starting with # are ignored. Configuration +# option lines must be commented out complete, if they are not to be included, +# i.e., just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# QCA vendor extensions to nl80211 +#CONFIG_DRIVER_NL80211_QCA=y + +# driver_nl80211.c requires libnl. If you are compiling it yourself +# you may need to point hostapd to your version of libnl. +# +#CFLAGS += -I$ +#LIBS += -L$ + +# Use libnl v2.0 (or 3.0) libraries. +#CONFIG_LIBNL20=y + +# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) +#CONFIG_LIBNL32=y + + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +#CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +#CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +#CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +#CONFIG_EAP_TLS=y + +# EAL-PEAP +#CONFIG_EAP_PEAP=y + +# EAP-TTLS +#CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed +# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., +# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +#CONFIG_EAP_GTC=y + +# EAP-OTP +#CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-pwd (secure authentication using only a password) +#CONFIG_EAP_PWD=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +#CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y +# Enable WPS support with NFC config method +#CONFIG_WPS_NFC=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# EAP-EKE +#CONFIG_EAP_EKE=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +#CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +#CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +CONFIG_HT_OVERRIDES=y + +# Support VHT overrides (disable VHT, mask MCS rates, etc.) +CONFIG_VHT_OVERRIDES=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# udp6 = UDP IPv6 sockets using localhost (::1) +# named_pipe = Windows Named Pipe (default for Windows) +# udp-remote = UDP sockets with remote access (only for tests systems/purpose) +# udp6-remote = UDP IPv6 sockets with remote access (only for tests purpose) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Include internal line edit mode in wpa_cli. This can be used as a replacement +# for GNU Readline to provide limited command line editing and history support. +#CONFIG_WPA_CLI_EDIT=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operating system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +#CONFIG_ELOOP=eloop + +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + +# Should we use epoll instead of select? Select is used by default. +#CONFIG_ELOOP_EPOLL=y + +# Should we use kqueue instead of select? Select is used by default. +#CONFIG_ELOOP_KQUEUE=y + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# Disable Linux packet socket workaround applicable for station interface +# in a bridge for EAPOL frames. This should be uncommented only if the kernel +# is known to not have the regression issue in packet socket behavior with +# bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). +#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +#CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection), also known as PMF +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS +# internal = Internal TLSv1 implementation (experimental) +# linux = Linux kernel AF_ALG and internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y + +# Select which ciphers to use by default with OpenSSL if the user does not +# specify them. +#CONFIG_TLS_DEFAULT_CIPHERS="DEFAULT:!EXP:!LOW" + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_=y) or dynamically (CONFIG_EAP_=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) for station mode +CONFIG_IEEE80211R=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) for AP mode (implies +# CONFIG_IEEE80211R). +#CONFIG_IEEE80211R_AP=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output +#CONFIG_ANDROID_LOG=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +#CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) +# (depends on CONFIG_IEEE80211N) +#CONFIG_IEEE80211AC=y + +# Wireless Network Management (IEEE Std 802.11v-2011) +# Note: This is experimental and not complete implementation. +#CONFIG_WNM=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + +# Hotspot 2.0 +#CONFIG_HS20=y + +# Enable interface matching in wpa_supplicant +#CONFIG_MATCH_IFACE=y + +# Disable roaming in wpa_supplicant +#CONFIG_NO_ROAMING=y + +# AP mode operations with wpa_supplicant +# This can be used for controlling AP mode operations with wpa_supplicant. It +# should be noted that this is mainly aimed at simple cases like +# WPA2-Personal while more complex configurations like WPA2-Enterprise with an +# external RADIUS server can be supported with hostapd. +#CONFIG_AP=y + +# P2P (Wi-Fi Direct) +# This can be used to enable P2P support in wpa_supplicant. See README-P2P for +# more information on P2P operations. +#CONFIG_P2P=y + +# Enable TDLS support +#CONFIG_TDLS=y + +# Wi-Fi Direct +# This can be used to enable Wi-Fi Direct extensions for P2P using an external +# program to control the additional information exchanges in the messages. +#CONFIG_WIFI_DISPLAY=y + +# Autoscan +# This can be used to enable automatic scan support in wpa_supplicant. +# See wpa_supplicant.conf for more information on autoscan usage. +# +# Enabling directly a module will enable autoscan support. +# For exponential module: +#CONFIG_AUTOSCAN_EXPONENTIAL=y +# For periodic module: +#CONFIG_AUTOSCAN_PERIODIC=y + +# Password (and passphrase, etc.) backend for external storage +# These optional mechanisms can be used to add support for storing passwords +# and other secrets in external (to wpa_supplicant) location. This allows, for +# example, operating system specific key storage to be used +# +# External password backend for testing purposes (developer use) +#CONFIG_EXT_PASSWORD_TEST=y + +# Enable Fast Session Transfer (FST) +#CONFIG_FST=y + +# Enable CLI commands for FST testing +#CONFIG_FST_TEST=y + +# OS X builds. This is only for building eapol_test. +#CONFIG_OSX=y + +# Automatic Channel Selection +# This will allow wpa_supplicant to pick the channel automatically when channel +# is set to "0". +# +# TODO: Extend parser to be able to parse "channel=acs_survey" as an alternative +# to "channel=0". This would enable us to eventually add other ACS algorithms in +# similar way. +# +# Automatic selection is currently only done through initialization, later on +# we hope to do background checks to keep us moving to more ideal channels as +# time goes by. ACS is currently only supported through the nl80211 driver and +# your driver must have survey dump capability that is filled by the driver +# during scanning. +# +# TODO: In analogy to hostapd be able to customize the ACS survey algorithm with +# a newly to create wpa_supplicant.conf variable acs_num_scans. +# +# Supported ACS drivers: +# * ath9k +# * ath5k +# * ath10k +# +# For more details refer to: +# http://wireless.kernel.org/en/users/Documentation/acs +#CONFIG_ACS=y + +# Support Multi Band Operation +#CONFIG_MBO=y + +# Fast Initial Link Setup (FILS) (IEEE 802.11ai) +# Note: This is an experimental and not yet complete implementation. This +# should not be enabled for production use. +#CONFIG_FILS=y +# FILS shared key authentication with PFS +#CONFIG_FILS_SK_PFS=y + +# Support RSN on IBSS networks +# This is needed to be able to use mode=1 network profile with proto=RSN and +# key_mgmt=WPA-PSK (i.e., full key management instead of WPA-None). +#CONFIG_IBSS_RSN=y + +# External PMKSA cache control +# This can be used to enable control interface commands that allow the current +# PMKSA cache entries to be fetched and new entries to be added. +#CONFIG_PMKSA_CACHE_EXTERNAL=y + +# Mesh Networking (IEEE 802.11s) +#CONFIG_MESH=y + +# Background scanning modules +# These can be used to request wpa_supplicant to perform background scanning +# operations for roaming within an ESS (same SSID). See the bgscan parameter in +# the wpa_supplicant.conf file for more details. +# Periodic background scans based on signal strength +#CONFIG_BGSCAN_SIMPLE=y +# Learn channels used by the network and try to avoid bgscans on other +# channels (experimental) +#CONFIG_BGSCAN_LEARN=y + +# Opportunistic Wireless Encryption (OWE) +# Experimental implementation of draft-harkins-owe-07.txt +#CONFIG_OWE=y