wpa_supplicant / hostapd 2.0
wpa_supplicant configuration data More...
|struct wpa_ssid *||ssid|
|Head of the global network list. |
|struct wpa_ssid **||pssid|
|Per-priority network lists (in priority order) |
|Number of different priorities used in the pssid lists. |
|struct wpa_cred *||cred|
|Head of the credential list. |
|IEEE 802.1X/EAPOL version number. |
|AP scanning/selection. |
|Disable automatic offloading of scan requests. |
|Parameters for the control interface. |
|Control interface group (DEPRECATED) |
|EAP fast re-authentication (session resumption) |
|Path to the OpenSSL engine for opensc. |
|Path to the OpenSSL engine for PKCS#11. |
|Path to the OpenSSL OpenSC/PKCS#11 module. |
|PC/SC reader name prefix. |
|PIN for USIM, GSM SIM, and smartcards. |
|Driver interface parameters. |
|Maximum lifetime of a PMK. |
|PMK re-authentication threshold. |
|Security association timeout. |
|Is wpa_supplicant allowed to update configuration. |
|struct wpa_config_blob *||blobs|
|Configuration blobs. |
|Universally Unique IDentifier (UUID; see RFC 4122) for WPS. |
|Device Name (WPS) |
|Manufacturer (WPS) |
|Model Name (WPS) |
|Model Number (WPS) |
|Serial Number (WPS) |
|Primary Device Type (WPS) |
|Config Methods. |
|OS Version (WPS) |
|Country code. |
|Credential processing. |
|Secondary Device Types (P2P) |
|struct p2p_channel *||p2p_pref_chan|
|struct wpabuf *||wps_vendor_ext_m1|
|struct wpabuf *||wps_vendor_ext [MAX_WPS_VENDOR_EXT]|
|Vendor extension attributes in WPS. |
|Maximum idle time in seconds for P2P group. |
|Maximum number of BSS entries to keep in memory. |
|BSS entry age after which it can be expired. |
|Expire BSS after number of scans. |
|SSID-based scan result filtering. |
|Maximum number of STAs in an AP/P2P GO. |
|Bitmap of changed parameters since last update. |
|Disassocicate stations with massive packet loss. |
|Whether Interworking (IEEE 802.11u) is enabled. |
|Access Network Type. |
|Homogenous ESS identifier. |
wpa_supplicant configuration data
This data structure is presents the per-interface (radio) configuration data. In many cases, there is only one struct wpa_config instance, but if more than one network interface is being controlled, one instance is used for each.
Access Network Type.
When Interworking is enabled, scans will be limited to APs that advertise the specified Access Network Type (0..15; with 15 indicating wildcard match).
By default, wpa_supplicant requests driver to perform AP scanning and then uses the scan results to select a suitable AP. Another alternative is to allow the driver to take care of AP scanning and selection and use wpa_supplicant just to process EAPOL frames based on IEEE 802.11 association information from the driver.
1: wpa_supplicant initiates scanning and AP selection (default).
0: Driver takes care of scanning, AP selection, and IEEE 802.11 association parameters (e.g., WPA IE generation); this mode can also be used with non-WPA drivers when using IEEE 802.1X mode; do not try to associate with APs (i.e., external program needs to control association). This mode must also be used when using wired Ethernet drivers.
2: like 0, but associate with APs using security policy and SSID (but not BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to enable operation with hidden SSIDs and optimized roaming; in this mode, the network blocks in the configuration are tried one by one until the driver reports successful association; each network block should have explicit security policy (i.e., only one option in the lists) for key_mgmt, pairwise, group, proto variables.
|unsigned int wpa_config::bss_expiration_age|
BSS entry age after which it can be expired.
This value controls the time in seconds after which a BSS entry gets removed if it has not been updated or is not in use.
|unsigned int wpa_config::bss_expiration_scan_count|
Expire BSS after number of scans.
If the BSS entry has not been seen in this many scans, it will be removed. A value of 1 means that entry is removed after the first scan in which the BSSID is not seen. Larger values can be used to avoid BSS entries disappearing if they are not visible in every scan (e.g., low signal quality or interference).
This is a space-separated list of supported WPS configuration methods. For example, "label virtual_display virtual_push_button keypad". Available methods: usba ethernet label display ext_nfc_token int_nfc_token nfc_interface push_button keypad virtual_display physical_display virtual_push_button physical_push_button.
This is the ISO/IEC alpha2 country code for which we are operating in
Head of the credential list.
This is the head for the list of all the configured credentials.
Parameters for the control interface.
If this is specified, wpa_supplicant will open a control interface that is available for external programs to manage wpa_supplicant. The meaning of this string depends on which control interface mechanism is used. For all cases, the existence of this parameter in configuration is used to determine whether the control interface is enabled.
For UNIX domain sockets (default on Linux and BSD): This is a directory that will be created for UNIX domain sockets for listening to requests from external programs (CLI/GUI, etc.) for status information and configuration. The socket file will be named based on the interface name, so multiple wpa_supplicant processes can be run at the same time if more than one interface is used. /var/run/wpa_supplicant is the recommended directory for sockets and by default, wpa_cli will use it when trying to connect with wpa_supplicant.
Access control for the control interface can be configured by setting the directory to allow only members of a group to use sockets. This way, it is possible to run wpa_supplicant as root (since it needs to change network configuration and open raw sockets) and still allow GUI/CLI components to be run as non-root users. However, since the control interface can be used to change the network configuration, this access needs to be protected in many cases. By default, wpa_supplicant is configured to use gid 0 (root). If you want to allow non-root users to use the control interface, add a new group and change this value to match with that group. Add users that should have control interface access to this group.
When configuring both the directory and group, use following format: DIR=/var/run/wpa_supplicant GROUP=wheel DIR=/var/run/wpa_supplicant GROUP=0 (group can be either group name or gid)
For UDP connections (default on Windows): The value will be ignored. This variable is just used to select that the control interface is to be created. The value can be set to, e.g., udp (ctrl_interface=udp).
For Windows Named Pipe: This value can be used to set the security descriptor for controlling access to the control interface. Security descriptor can be set using Security Descriptor String Format (see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/security_descriptor_string_format.asp). The descriptor string needs to be prefixed with SDDL=. For example, ctrl_interface=SDDL=D: would set an empty DACL (which will reject all connections).
Control interface group (DEPRECATED)
This variable is only used for backwards compatibility. Group for UNIX domain sockets should now be specified using GROUP=group in ctrl_interface variable.
Device Name (WPS)
User-friendly description of device; up to 32 octets encoded in UTF-8
Disable automatic offloading of scan requests.
By default, wpa_supplicant tries to offload scanning if the driver indicates support for this (sched_scan). This configuration parameter can be used to disable this offloading mechanism.
|unsigned int wpa_config::dot11RSNAConfigPMKLifetime|
Maximum lifetime of a PMK.
dot11 MIB variable for the maximum lifetime of a PMK in the PMK cache (unit: seconds).
|unsigned int wpa_config::dot11RSNAConfigPMKReauthThreshold|
PMK re-authentication threshold.
dot11 MIB variable for the percentage of the PMK lifetime that should expire before an IEEE 802.1X reauthentication occurs.
|unsigned int wpa_config::dot11RSNAConfigSATimeout|
Security association timeout.
dot11 MIB variable for the maximum time a security association shall take to set up (unit: seconds).
Driver interface parameters.
This text string is passed to the selected driver interface with the optional struct wpa_driver_ops::set_param() handler. This can be used to configure driver specific options without having to add new driver interface functionality.
IEEE 802.1X/EAPOL version number.
wpa_supplicant is implemented based on IEEE Std 802.1X-2004 which defines EAPOL version 2. However, there are many APs that do not handle the new version number correctly (they seem to drop the frames completely). In order to make wpa_supplicant interoperate with these APs, the version number is set to 1 by default. This configuration value can be used to set it to the new version (2).
EAP fast re-authentication (session resumption)
By default, fast re-authentication is enabled for all EAP methods that support it. This variable can be used to disable fast re-authentication (by setting fast_reauth=0). Normally, there is no need to disable fast re-authentication.
SSID-based scan result filtering.
0 = do not filter scan results 1 = only include configured SSIDs in scan results/BSS table
Homogenous ESS identifier.
If this is set (any octet is non-zero), scans will be used to request response only from BSSes belonging to the specified Homogeneous ESS. This is used only if interworking is enabled.
The manufacturer of the device (up to 64 ASCII characters)
Model Name (WPS)
Model of the device (up to 32 ASCII characters)
Model Number (WPS)
Additional device description (up to 32 ASCII characters)
Number of different priorities used in the pssid lists.
This indicates how many per-priority network lists are included in pssid.
Path to the OpenSSL engine for opensc.
This is an OpenSSL specific configuration option for loading OpenSC engine (engine_opensc.so); if NULL, this engine is not loaded.
OS Version (WPS)
4-octet operating system version number
Maximum idle time in seconds for P2P group.
This value controls how long a P2P group is maintained after there is no other members in the group. As a GO, this means no associated stations in the group. As a P2P client, this means no GO seen in scan results. The maximum idle time is specified in seconds with 0 indicating no time limit, i.e., the P2P group remains in active state indefinitely until explicitly removed. As a P2P client, the maximum idle time of P2P_MAX_CLIENT_IDLE seconds is enforced, i.e., this parameter is mainly meant for GO use and for P2P client, it can only be used to reduce the default timeout to smaller value. A special value -1 can be used to configure immediate removal of the group for P2P client role on any disconnection after the data connection has been established.
PIN for USIM, GSM SIM, and smartcards.
This field is used to configure PIN for SIM/USIM for EAP-SIM and EAP-AKA. If left out, this will be asked through control interface.
PC/SC reader name prefix.
If not NULL, PC/SC reader with a name that matches this prefix is initialized for SIM/USIM access. Empty string can be used to match the first available reader.
Path to the OpenSSL engine for PKCS#11.
This is an OpenSSL specific configuration option for loading PKCS#11 engine (engine_pkcs11.so); if NULL, this engine is not loaded.
Path to the OpenSSL OpenSC/PKCS#11 module.
This is an OpenSSL specific configuration option for configuring path to OpenSC/PKCS#11 engine (opensc-pkcs11.so); if NULL, this module is not loaded.
Serial Number (WPS)
Serial number of the device (up to 32 characters)
Head of the global network list.
This is the head for the list of all the configured networks.
Is wpa_supplicant allowed to update configuration.
This variable control whether wpa_supplicant is allow to re-write its configuration with wpa_config_write(). If this is zero, configuration data is only changed in memory and the external data is not overriden. If this is non-zero, wpa_supplicant will update the configuration data (e.g., a file) whenever configuration is changed. This update may replace the old configuration which can remove comments from it in case of a text file configuration.
0 = process received credentials internally 1 = do not process received credentials; just pass them over ctrl_iface to external program(s) 2 = process received credentials internally and pass them over ctrl_iface to external program(s)