From 92b24e70e6fcab01b180052c3b869d0986e0bff1 Mon Sep 17 00:00:00 2001 From: Koen Vandeputte Date: Tue, 24 Oct 2023 14:36:15 +0200 Subject: [PATCH] hostapd: sync config files with upstream Sync all config files, without changing current behaviour This removes some upstream deprecated options while introducing new ones. Signed-off-by: Koen Vandeputte --- .../hostapd/files/hostapd-basic.config | 59 +++++++++++----- .../hostapd/files/hostapd-full.config | 59 +++++++++++----- .../hostapd/files/hostapd-mini.config | 59 +++++++++++----- .../hostapd/files/wpa_supplicant-basic.config | 65 ++++++++++++++---- .../hostapd/files/wpa_supplicant-full.config | 65 ++++++++++++++---- .../hostapd/files/wpa_supplicant-mini.config | 67 +++++++++++++++---- .../hostapd/files/wpa_supplicant-p2p.config | 65 ++++++++++++++---- 7 files changed, 338 insertions(+), 101 deletions(-) diff --git a/package/network/services/hostapd/files/hostapd-basic.config b/package/network/services/hostapd/files/hostapd-basic.config index 3d19d8f902..3b36c64335 100644 --- a/package/network/services/hostapd/files/hostapd-basic.config +++ b/package/network/services/hostapd/files/hostapd-basic.config @@ -44,15 +44,9 @@ CONFIG_DRIVER_NL80211=y # Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y -# IEEE 802.11F/IAPP -#CONFIG_IAPP=y - # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# IEEE 802.11w (management frame protection) -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation CONFIG_OCV=y @@ -154,9 +148,6 @@ CONFIG_IEEE80211R=y # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y -# IEEE 802.11n (High Throughput) support -CONFIG_IEEE80211N=y - # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -165,10 +156,20 @@ CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the -# final IEEE 802.11ax version. -#CONFIG_IEEE80211AX=y +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +#CONFIG_SAE=y + +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging @@ -355,12 +356,12 @@ CONFIG_TLS=internal # * ath10k # # For more details refer to: -# http://wireless.kernel.org/en/users/Documentation/acs +# https://wireless.wiki.kernel.org/en/users/documentation/acs # #CONFIG_ACS=y # Multiband Operation support -# These extentions facilitate efficient use of multiple frequency bands +# These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y @@ -386,13 +387,39 @@ CONFIG_TLS=internal # Airtime policy support CONFIG_AIRTIME_POLICY=y -# Proxy ARP support -#CONFIG_PROXYARP=y - # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current hostapd +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y + +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) +#CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config index 9076ebc44f..f0f459e046 100644 --- a/package/network/services/hostapd/files/hostapd-full.config +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -44,15 +44,9 @@ CONFIG_DRIVER_NL80211=y # Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y -# IEEE 802.11F/IAPP -CONFIG_IAPP=y - # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# IEEE 802.11w (management frame protection) -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation CONFIG_OCV=y @@ -154,9 +148,6 @@ CONFIG_IEEE80211R=y # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y -# IEEE 802.11n (High Throughput) support -CONFIG_IEEE80211N=y - # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. CONFIG_WNM=y @@ -165,10 +156,20 @@ CONFIG_WNM=y CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the -# final IEEE 802.11ax version. -#CONFIG_IEEE80211AX=y +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +#CONFIG_SAE=y + +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging @@ -355,12 +356,12 @@ CONFIG_HS20=y # * ath10k # # For more details refer to: -# http://wireless.kernel.org/en/users/Documentation/acs +# https://wireless.wiki.kernel.org/en/users/documentation/acs # #CONFIG_ACS=y # Multiband Operation support -# These extentions facilitate efficient use of multiple frequency bands +# These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y @@ -386,13 +387,39 @@ CONFIG_TAXONOMY=y # Airtime policy support CONFIG_AIRTIME_POLICY=y -# Proxy ARP support -CONFIG_PROXYARP=y - # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current hostapd +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y + +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) +#CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config index f2ed071ec0..c639cc878b 100644 --- a/package/network/services/hostapd/files/hostapd-mini.config +++ b/package/network/services/hostapd/files/hostapd-mini.config @@ -44,15 +44,9 @@ CONFIG_DRIVER_NL80211=y # Driver interface for no driver (e.g., RADIUS server only) #CONFIG_DRIVER_NONE=y -# IEEE 802.11F/IAPP -#CONFIG_IAPP=y - # WPA2/IEEE 802.11i RSN pre-authentication CONFIG_RSN_PREAUTH=y -# IEEE 802.11w (management frame protection) -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation #CONFIG_OCV=y @@ -154,9 +148,6 @@ CONFIG_RSN_PREAUTH=y # the IEEE 802.11 Management capability (e.g., FreeBSD/net80211) #CONFIG_DRIVER_RADIUS_ACL=y -# IEEE 802.11n (High Throughput) support -CONFIG_IEEE80211N=y - # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -165,10 +156,20 @@ CONFIG_IEEE80211N=y CONFIG_IEEE80211AC=y # IEEE 802.11ax HE support +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. # Note: This is experimental and work in progress. The definitions are still # subject to change and this should not be expected to interoperate with the -# final IEEE 802.11ax version. -#CONFIG_IEEE80211AX=y +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + +# Simultaneous Authentication of Equals (SAE), WPA3-Personal +#CONFIG_SAE=y + +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y # Remove debugging code that is printing out debug messages to stdout. # This can be used to reduce the size of the hostapd considerably if debugging @@ -355,12 +356,12 @@ CONFIG_TLS=internal # * ath10k # # For more details refer to: -# http://wireless.kernel.org/en/users/Documentation/acs +# https://wireless.wiki.kernel.org/en/users/documentation/acs # #CONFIG_ACS=y # Multiband Operation support -# These extentions facilitate efficient use of multiple frequency bands +# These extensions facilitate efficient use of multiple frequency bands # available to the AP and the devices that may associate with it. #CONFIG_MBO=y @@ -386,13 +387,39 @@ CONFIG_TLS=internal # Airtime policy support #CONFIG_AIRTIME_POLICY=y -# Proxy ARP support -#CONFIG_PROXYARP=y - # Override default value for the wpa_disable_eapol_key_retries configuration # parameter. See that parameter in hostapd.conf for more details. #CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1 +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current hostapd +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y + +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) +#CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + # uBus IPC/RPC System # Services can connect to the bus and provide methods # that can be called by other services or clients. diff --git a/package/network/services/hostapd/files/wpa_supplicant-basic.config b/package/network/services/hostapd/files/wpa_supplicant-basic.config index 944b4d9287..a78b17dcec 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-basic.config +++ b/package/network/services/hostapd/files/wpa_supplicant-basic.config @@ -101,6 +101,9 @@ CONFIG_DRIVER_WIRED=y # EAP-TLS #CONFIG_EAP_TLS=y +# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly +# enabled in network configuration) +#CONFIG_EAP_TLSV1_3=y # EAL-PEAP #CONFIG_EAP_PEAP=y @@ -203,6 +206,9 @@ CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) CONFIG_VHT_OVERRIDES=y +# Support HE overrides +CONFIG_HE_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -248,7 +254,10 @@ CONFIG_CTRL_IFACE=y # Simultaneous Authentication of Equals (SAE), WPA3-Personal #CONFIG_SAE=y -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y + +# Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -310,10 +319,6 @@ CONFIG_ELOOP_EPOLL=y # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation CONFIG_OCV=y @@ -366,7 +371,7 @@ CONFIG_TLS=internal #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) +# (fi.w1.wpa_supplicant1) #CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface @@ -475,13 +480,19 @@ CONFIG_NO_RANDOM_POOL=y # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. CONFIG_GETRANDOM=y -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) #CONFIG_IEEE80211AC=y +# IEEE 802.11ax HE support (mainly for AP mode) +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support (mainly for AP mode) +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -538,6 +549,8 @@ CONFIG_GETRANDOM=y # # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y +# File-based backend to read passwords from an external file. +#CONFIG_EXT_PASSWORD_FILE=y # Enable Fast Session Transfer (FST) #CONFIG_FST=y @@ -609,10 +622,36 @@ CONFIG_GETRANDOM=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y -# Device Provisioning Protocol (DPP) -# This requires CONFIG_IEEE80211W=y to be enabled, too. (see -# wpa_supplicant/README-DPP for details) +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) #CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current wpa_supplicant +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y # uBus IPC/RPC System # Services can connect to the bus and provide methods diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config index b39dabca06..4aa9c08653 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-full.config +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y +# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly +# enabled in network configuration) +#CONFIG_EAP_TLSV1_3=y # EAL-PEAP CONFIG_EAP_PEAP=y @@ -203,6 +206,9 @@ CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) CONFIG_VHT_OVERRIDES=y +# Support HE overrides +CONFIG_HE_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -248,7 +254,10 @@ CONFIG_CTRL_IFACE=y # Simultaneous Authentication of Equals (SAE), WPA3-Personal #CONFIG_SAE=y -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y + +# Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -310,10 +319,6 @@ CONFIG_ELOOP_EPOLL=y # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation CONFIG_OCV=y @@ -366,7 +371,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) +# (fi.w1.wpa_supplicant1) #CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface @@ -475,13 +480,19 @@ CONFIG_NO_RANDOM_POOL=y # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. CONFIG_GETRANDOM=y -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) #CONFIG_IEEE80211AC=y +# IEEE 802.11ax HE support (mainly for AP mode) +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support (mainly for AP mode) +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. CONFIG_WNM=y @@ -538,6 +549,8 @@ CONFIG_HS20=y # # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y +# File-based backend to read passwords from an external file. +#CONFIG_EXT_PASSWORD_FILE=y # Enable Fast Session Transfer (FST) #CONFIG_FST=y @@ -609,10 +622,36 @@ CONFIG_IBSS_RSN=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y -# Device Provisioning Protocol (DPP) -# This requires CONFIG_IEEE80211W=y to be enabled, too. (see -# wpa_supplicant/README-DPP for details) +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) #CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current wpa_supplicant +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y # uBus IPC/RPC System # Services can connect to the bus and provide methods diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config index 2a3f8fb69d..0b628957f9 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-mini.config +++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config @@ -101,6 +101,9 @@ CONFIG_DRIVER_WIRED=y # EAP-TLS #CONFIG_EAP_TLS=y +# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly +# enabled in network configuration) +#CONFIG_EAP_TLSV1_3=y # EAL-PEAP #CONFIG_EAP_PEAP=y @@ -203,6 +206,9 @@ CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) CONFIG_VHT_OVERRIDES=y +# Support HE overrides +CONFIG_HE_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -248,7 +254,10 @@ CONFIG_CTRL_IFACE=y # Simultaneous Authentication of Equals (SAE), WPA3-Personal #CONFIG_SAE=y -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y + +# Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -310,12 +319,8 @@ CONFIG_ELOOP_EPOLL=y # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -#CONFIG_IEEE80211W=y - # Support Operating Channel Validation -#CONFIG_OCV=y +CONFIG_OCV=y # Select TLS implementation # openssl = OpenSSL (default) @@ -366,7 +371,7 @@ CONFIG_TLS=internal #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) +# (fi.w1.wpa_supplicant1) #CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface @@ -475,13 +480,19 @@ CONFIG_NO_RANDOM_POOL=y # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. CONFIG_GETRANDOM=y -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) #CONFIG_IEEE80211AC=y +# IEEE 802.11ax HE support (mainly for AP mode) +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support (mainly for AP mode) +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -538,6 +549,8 @@ CONFIG_GETRANDOM=y # # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y +# File-based backend to read passwords from an external file. +#CONFIG_EXT_PASSWORD_FILE=y # Enable Fast Session Transfer (FST) #CONFIG_FST=y @@ -609,10 +622,36 @@ CONFIG_GETRANDOM=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y -# Device Provisioning Protocol (DPP) -# This requires CONFIG_IEEE80211W=y to be enabled, too. (see -# wpa_supplicant/README-DPP for details) +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) #CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current wpa_supplicant +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y # uBus IPC/RPC System # Services can connect to the bus and provide methods diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config index 7f5140622c..8648b1657b 100644 --- a/package/network/services/hostapd/files/wpa_supplicant-p2p.config +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -101,6 +101,9 @@ CONFIG_EAP_MSCHAPV2=y # EAP-TLS CONFIG_EAP_TLS=y +# Enable EAP-TLSv1.3 support by default (currently disabled unless explicitly +# enabled in network configuration) +#CONFIG_EAP_TLSV1_3=y # EAL-PEAP CONFIG_EAP_PEAP=y @@ -203,6 +206,9 @@ CONFIG_HT_OVERRIDES=y # Support VHT overrides (disable VHT, mask MCS rates, etc.) CONFIG_VHT_OVERRIDES=y +# Support HE overrides +CONFIG_HE_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -248,7 +254,10 @@ CONFIG_CTRL_IFACE=y # Simultaneous Authentication of Equals (SAE), WPA3-Personal #CONFIG_SAE=y -# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# SAE Public Key, WPA3-Personal +#CONFIG_SAE_PK=y + +# Disable scan result processing (ap_scan=1) to save code size by about 1 kB. # This can be used if ap_scan=1 mode is never enabled. #CONFIG_NO_SCAN_PROCESSING=y @@ -310,10 +319,6 @@ CONFIG_ELOOP_EPOLL=y # bridge interfaces (commit 'bridge: respect RFC2863 operational state')'). CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y -# IEEE 802.11w (management frame protection), also known as PMF -# Driver support is also needed for IEEE 802.11w. -CONFIG_IEEE80211W=y - # Support Operating Channel Validation #CONFIG_OCV=y @@ -366,7 +371,7 @@ CONFIG_INTERNAL_LIBTOMMATH_FAST=y #PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" # Add support for new DBus control interface -# (fi.w1.hostap.wpa_supplicant1) +# (fi.w1.wpa_supplicant1) #CONFIG_CTRL_IFACE_DBUS_NEW=y # Add introspection support for new DBus control interface @@ -475,13 +480,19 @@ CONFIG_NO_RANDOM_POOL=y # Requires glibc 2.25 to build, falls back to /dev/random if unavailable. CONFIG_GETRANDOM=y -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -#CONFIG_IEEE80211N=y - # IEEE 802.11ac (Very High Throughput) support (mainly for AP mode) -# (depends on CONFIG_IEEE80211N) #CONFIG_IEEE80211AC=y +# IEEE 802.11ax HE support (mainly for AP mode) +#CONFIG_IEEE80211AX=y + +# IEEE 802.11be EHT support (mainly for AP mode) +# CONFIG_IEEE80211AX is mandatory for setting CONFIG_IEEE80211BE. +# Note: This is experimental and work in progress. The definitions are still +# subject to change and this should not be expected to interoperate with the +# final IEEE 802.11be version. +#CONFIG_IEEE80211BE=y + # Wireless Network Management (IEEE Std 802.11v-2011) # Note: This is experimental and not complete implementation. #CONFIG_WNM=y @@ -538,6 +549,8 @@ CONFIG_P2P=y # # External password backend for testing purposes (developer use) #CONFIG_EXT_PASSWORD_TEST=y +# File-based backend to read passwords from an external file. +#CONFIG_EXT_PASSWORD_FILE=y # Enable Fast Session Transfer (FST) #CONFIG_FST=y @@ -609,10 +622,36 @@ CONFIG_IBSS_RSN=y # Experimental implementation of draft-harkins-owe-07.txt #CONFIG_OWE=y -# Device Provisioning Protocol (DPP) -# This requires CONFIG_IEEE80211W=y to be enabled, too. (see -# wpa_supplicant/README-DPP for details) +# Device Provisioning Protocol (DPP) (also known as Wi-Fi Easy Connect) #CONFIG_DPP=y +# DPP version 2 support +#CONFIG_DPP2=y +# DPP version 3 support (experimental and still changing; do not enable for +# production use) +#CONFIG_DPP3=y + +# Wired equivalent privacy (WEP) +# WEP is an obsolete cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used for anything anymore. The +# functionality needed to use WEP is available in the current wpa_supplicant +# release under this optional build parameter. This functionality is subject to +# be completely removed in a future release. +#CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + +# Pre-Association Security Negotiation (PASN) +# Experimental implementation based on IEEE P802.11z/D2.6 and the protocol +# design is still subject to change. As such, this should not yet be enabled in +# production use. +#CONFIG_PASN=y # uBus IPC/RPC System # Services can connect to the bus and provide methods -- 2.30.2