#include <config_ssid.h>
Collaboration diagram for wpa_ssid:
Data Fields | |
| wpa_ssid * | next |
| Next network in global list. | |
| wpa_ssid * | pnext |
| Next network in per-priority list. | |
| int | id |
| Unique id for the network. | |
| int | priority |
| Priority group. | |
| u8 * | ssid |
| Service set identifier (network name). | |
| size_t | ssid_len |
| Length of the SSID. | |
| u8 | bssid [ETH_ALEN] |
| BSSID. | |
| int | bssid_set |
| Whether BSSID is configured for this network. | |
| u8 | psk [PMK_LEN] |
| WPA pre-shared key (256 bits). | |
| int | psk_set |
| Whether PSK field is configured. | |
| char * | passphrase |
| WPA ASCII passphrase. | |
| int | pairwise_cipher |
| Bitfield of allowed pairwise ciphers, WPA_CIPHER_*. | |
| int | group_cipher |
| Bitfield of allowed group ciphers, WPA_CIPHER_*. | |
| int | key_mgmt |
| Bitfield of allowed key management protocols. | |
| int | proto |
| Bitfield of allowed protocols, WPA_PROTO_*. | |
| int | auth_alg |
| Bitfield of allowed authentication algorithms. | |
| int | scan_ssid |
| Scan this SSID with Probe Requests. | |
| u8 * | identity |
| EAP Identity. | |
| size_t | identity_len |
| EAP Identity length. | |
| u8 * | anonymous_identity |
| Anonymous EAP Identity. | |
| size_t | anonymous_identity_len |
| Length of anonymous_identity. | |
| u8 * | eappsk |
| EAP-PSK/PAX/SAKE pre-shared key. | |
| size_t | eappsk_len |
| EAP-PSK/PAX/SAKE pre-shared key length. | |
| u8 * | nai |
| User NAI (for EAP-PSK/PAX/SAKE). | |
| size_t | nai_len |
| Length of nai field. | |
| u8 * | password |
| Password string for EAP. | |
| size_t | password_len |
| Length of password field. | |
| u8 * | ca_cert |
| File path to CA certificate file (PEM/DER). | |
| u8 * | ca_path |
| Directory path for CA certificate files (PEM). | |
| u8 * | client_cert |
| File path to client certificate file (PEM/DER). | |
| u8 * | private_key |
| File path to client private key file (PEM/DER/PFX). | |
| u8 * | private_key_passwd |
| Password for private key file. | |
| u8 * | dh_file |
| File path to DH/DSA parameters file (in PEM format). | |
| u8 * | subject_match |
| Constraint for server certificate subject. | |
| u8 * | altsubject_match |
| u8 * | ca_cert2 |
| File path to CA certificate file (PEM/DER) (Phase 2). | |
| u8 * | ca_path2 |
| Directory path for CA certificate files (PEM) (Phase 2). | |
| u8 * | client_cert2 |
| File path to client certificate file. | |
| u8 * | private_key2 |
| File path to client private key file. | |
| u8 * | private_key2_passwd |
| Password for private key file. | |
| u8 * | dh_file2 |
| File path to DH/DSA parameters file (in PEM format). | |
| u8 * | subject_match2 |
| Constraint for server certificate subject. | |
| u8 * | altsubject_match2 |
| Constraint for server certificate alt. subject. | |
| eap_method_type * | eap_methods |
| Allowed EAP methods. | |
| char * | phase1 |
| Phase 1 (outer authentication) parameters. | |
| char * | phase2 |
| Phase2 (inner authentication with TLS tunnel) parameters. | |
| char * | pcsc |
| Parameters for PC/SC smartcard interface for USIM and GSM SIM. | |
| char * | pin |
| PIN for USIM, GSM SIM, and smartcards. | |
| int | engine |
| Enable OpenSSL engine (e.g., for smartcard access). | |
| char * | engine_id |
| Engine ID for OpenSSL engine. | |
| char * | key_id |
| Key ID for OpenSSL engine. | |
| int | eapol_flags |
| Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*). | |
| u8 | wep_key [NUM_WEP_KEYS][MAX_WEP_KEY_LEN] |
| WEP keys. | |
| size_t | wep_key_len [NUM_WEP_KEYS] |
| WEP key lengths. | |
| int | wep_tx_keyidx |
| Default key index for TX frames using WEP. | |
| int | proactive_key_caching |
| Enable proactive key caching. | |
| u8 * | otp |
| One-time-password. | |
| size_t | otp_len |
| Length of the otp field. | |
| int | pending_req_identity |
| Whether there is a pending identity request. | |
| int | pending_req_password |
| Whether there is a pending password request. | |
| int | pending_req_pin |
| Whether there is a pending PIN request. | |
| int | pending_req_new_password |
| Pending password update request. | |
| int | pending_req_passphrase |
| Pending passphrase request. | |
| char * | pending_req_otp |
| Whether there is a pending OTP request. | |
| size_t | pending_req_otp_len |
| Length of the pending OTP request. | |
| int | leap |
| Number of EAP methods using LEAP. | |
| int | non_leap |
| Number of EAP methods not using LEAP. | |
| unsigned int | eap_workaround |
| EAP workarounds enabled. | |
| char * | pac_file |
| File path or blob name for the PAC entries (EAP-FAST). | |
| int | mode |
| IEEE 802.11 operation mode (Infrastucture/IBSS). | |
| int | mschapv2_retry |
| MSCHAPv2 retry in progress. | |
| u8 * | new_password |
| New password for password update. | |
| size_t | new_password_len |
| Length of new_password field. | |
| int | disabled |
| Whether this network is currently disabled. | |
| int | peerkey |
| Whether PeerKey handshake for direct links is allowed. | |
| int | fragment_size |
| Maximum EAP fragment size in bytes (default 1398). | |
| char * | id_str |
| Network identifier string for external scripts. | |
This structure includes all the configuration variables for a network. This data is included in the per-interface configuration data as an element of the network list, struct wpa_config::ssid. Each network block in the configuration is mapped to a struct wpa_ssid instance.
Definition at line 70 of file config_ssid.h.
|
|
Constraint for server certificate alt. subject. This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Definition at line 529 of file config_ssid.h. |
|
|
Anonymous EAP Identity. This field is used for unencrypted use with EAP types that support different tunnelled identity, e.g., EAP-TTLS, in order to reveal the real identity (identity field) only to the authentication server. Definition at line 244 of file config_ssid.h. |
|
|
Bitfield of allowed authentication algorithms. WPA_AUTH_ALG_* Definition at line 210 of file config_ssid.h. |
|
|
BSSID. If set, this network block is used only when associating with the AP using the configured BSSID Definition at line 148 of file config_ssid.h. |
|
|
File path to CA certificate file (PEM/DER). This file can have one or more trusted CA certificates. If ca_cert and ca_path are not included, server certificate will not be verified. This is insecure and a trusted CA certificate should always be configured when using EAP-TLS/TTLS/PEAP. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. On Windows, trusted CA certificates can be loaded from the system certificate store by setting this to cert_store://<name>, e.g., ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service. Definition at line 312 of file config_ssid.h. |
|
|
File path to CA certificate file (PEM/DER) (Phase 2). This file can have one or more trusted CA certificates. If ca_cert2 and ca_path2 are not included, server certificate will not be verified. This is insecure and a trusted CA certificate should always be configured. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. This field is like ca_cert, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 445 of file config_ssid.h. |
|
|
Directory path for CA certificate files (PEM). This path may contain multiple CA certificates in OpenSSL format. Common use for this is to point to system trusted CA list which is often installed into directory like /etc/ssl/certs. If configured, these certificates are added to the list of trusted CAs. ca_cert may also be included in that case, but it is not required. Definition at line 324 of file config_ssid.h. |
|
|
Directory path for CA certificate files (PEM) (Phase 2). This path may contain multiple CA certificates in OpenSSL format. Common use for this is to point to system trusted CA list which is often installed into directory like /etc/ssl/certs. If configured, these certificates are added to the list of trusted CAs. ca_cert may also be included in that case, but it is not required. This field is like ca_path, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Definition at line 460 of file config_ssid.h. |
|
|
File path to client certificate file (PEM/DER). This field is used with EAP method that use TLS authentication. Usually, this is only configured for EAP-TLS, even though this could in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 339 of file config_ssid.h. |
|
|
File path to client certificate file. This field is like client_cert, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 474 of file config_ssid.h. |
|
|
File path to DH/DSA parameters file (in PEM format). This is an optional configuration file for setting parameters for an ephemeral DH key exchange. In most cases, the default RSA authentication does not use this configuration. However, it is possible setup RSA to use ephemeral DH key exchange. In addition, ciphers with DSA keys always use ephemeral DH keys. This can be used to achieve forward secrecy. If the file is in DSA parameters format, it will be automatically converted into DH params. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 394 of file config_ssid.h. |
|
|
File path to DH/DSA parameters file (in PEM format). This field is like dh_file, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 511 of file config_ssid.h. |
|
|
Whether this network is currently disabled. 0 = this network can be used (default). 1 = this network block is disabled (can be enabled through ctrl_iface, e.g., with wpa_cli or wpa_gui). Definition at line 870 of file config_ssid.h. |
|
|
Allowed EAP methods. (vendor=EAP_VENDOR_IETF,method=EAP_TYPE_NONE) terminated list of allowed EAP methods or NULL if all methods are accepted. Definition at line 538 of file config_ssid.h. |
|
|
EAP workarounds enabled. wpa_supplicant supports number of "EAP workarounds" to work around interoperability issues with incorrectly behaving authentication servers. This is recommended to be enabled by default because some of the issues are present in large number of authentication servers. Strict EAP conformance mode can be configured by disabling workarounds with eap_workaround = 0. Definition at line 799 of file config_ssid.h. |
|
|
EAP-PSK/PAX/SAKE pre-shared key length. This field is always 16 for the current version of EAP-PSK/PAX and 32 for EAP-SAKE. Definition at line 265 of file config_ssid.h. |
|
|
Enable OpenSSL engine (e.g., for smartcard access). This is used if private key operations for EAP-TLS are performed using a smartcard. Definition at line 616 of file config_ssid.h. |
|
|
Engine ID for OpenSSL engine. "opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 engine. This is used if private key operations for EAP-TLS are performed using a smartcard. Definition at line 628 of file config_ssid.h. |
|
|
Maximum EAP fragment size in bytes (default 1398). This value limits the fragment size for EAP methods that support fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set small enough to make the EAP messages fit in MTU of the network interface used for EAPOL. The default value is suitable for most cases. Definition at line 896 of file config_ssid.h. |
|
|
Unique id for the network. This identifier is used as a unique identifier for each network block when using the control interface. Each network is allocated an id when it is being created, either when reading the configuration file or when a new network is added through the control interface. Definition at line 99 of file config_ssid.h. |
|
|
Network identifier string for external scripts. This value is passed to external ctrl_iface monitors in WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR environment variable for action scripts. Definition at line 908 of file config_ssid.h. |
|
|
Key ID for OpenSSL engine. This is used if private key operations for EAP-TLS are performed using a smartcard. Definition at line 637 of file config_ssid.h. |
|
|
Bitfield of allowed key management protocols. WPA_KEY_MGMT_* Definition at line 196 of file config_ssid.h. |
|
|
Number of EAP methods using LEAP. This field should be set to 1 if LEAP is enabled. This is used to select IEEE 802.11 authentication algorithm. Definition at line 775 of file config_ssid.h. |
|
|
IEEE 802.11 operation mode (Infrastucture/IBSS). 0 = infrastructure (Managed) mode, i.e., associate with an AP. 1 = IBSS (ad-hoc, peer-to-peer) Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has to be set to 2 for IBSS. WPA-None requires following network block options: proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not both), and psk must also be set (either directly or using ASCII passphrase). Definition at line 831 of file config_ssid.h. |
|
|
MSCHAPv2 retry in progress. This field is used internally by EAP-MSCHAPv2 and should not be set as part of configuration. Definition at line 842 of file config_ssid.h. |
|
|
New password for password update. This field is used during MSCHAPv2 password update. This is normally requested from the user through the control interface and not set from configuration. Definition at line 852 of file config_ssid.h. |
|
|
Next network in global list. This pointer can be used to iterate over all networks. The head of this list is stored in the ssid field of struct wpa_config. Definition at line 78 of file config_ssid.h. |
|
|
Number of EAP methods not using LEAP. This field should be set to >0 if any EAP method other than LEAP is enabled. This is used to select IEEE 802.11 authentication algorithm. Definition at line 785 of file config_ssid.h. |
|
|
One-time-password. This field should not be set in configuration step. It is only used internally when OTP is entered through the control interface. Definition at line 694 of file config_ssid.h. |
|
|
File path or blob name for the PAC entries (EAP-FAST). wpa_supplicant will need to be able to create this file and write updates to it when PAC is being provisioned or refreshed. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 812 of file config_ssid.h. |
|
|
WPA ASCII passphrase. If this is set, psk will be generated using the SSID and passphrase configured for the network. ASCII passphrase must be between 8 and 63 characters (inclusive). Definition at line 176 of file config_ssid.h. |
|
|
Parameters for PC/SC smartcard interface for USIM and GSM SIM. This field is used to configure PC/SC smartcard interface. Currently, the only configuration is whether this field is NULL (do not use PC/SC) or non-NULL (e.g., "") to enable PC/SC. This field is used for EAP-SIM and EAP-AKA. Definition at line 595 of file config_ssid.h. |
|
|
Whether PeerKey handshake for direct links is allowed. This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are enabled. 0 = disabled (default) 1 = enabled Definition at line 882 of file config_ssid.h. |
|
|
Whether there is a pending identity request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 710 of file config_ssid.h. |
|
|
Pending password update request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 740 of file config_ssid.h. |
|
|
Whether there is a pending OTP request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 760 of file config_ssid.h. |
|
|
Pending passphrase request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 750 of file config_ssid.h. |
|
|
Whether there is a pending password request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 720 of file config_ssid.h. |
|
|
Whether there is a pending PIN request. This field should not be set in configuration step. It is only used internally when control interface is used to request needed information. Definition at line 730 of file config_ssid.h. |
|
|
Phase 1 (outer authentication) parameters. String with field-value pairs, e.g., "peapver=0" or "peapver=1 peaplabel=1". 'peapver' can be used to force which PEAP version (0 or 1) is used. 'peaplabel=1' can be used to force new label, "client PEAP encryption", to be used during key derivation when PEAPv1 or newer. Most existing PEAPv1 implementation seem to be using the old label, "client EAP encryption", and wpa_supplicant is now using that as the default value. Some servers, e.g., Radiator, may require peaplabel=1 configuration to interoperate with PEAPv1; see eap_testing.txt for more details. 'peap_outer_success=0' can be used to terminate PEAP authentication on tunneled EAP-Success. This is required with some RADIUS servers that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode). include_tls_length=1 can be used to force wpa_supplicant to include TLS Message Length field in all TLS messages even if they are not fragmented. sim_min_num_chal=3 can be used to configure EAP-SIM to require three challenges (by default, it accepts 2 or 3). fast_provisioning=1 can be used to enable in-line provisioning of EAP-FAST credentials (PAC) Definition at line 574 of file config_ssid.h. |
|
|
Phase2 (inner authentication with TLS tunnel) parameters. String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS. Definition at line 583 of file config_ssid.h. |
|
|
PIN for USIM, GSM SIM, and smartcards. This field is used to configure PIN for SIM and smartcards for EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a smartcard is used for private key operations. If left out, this will be asked through control interface. Definition at line 607 of file config_ssid.h. |
|
|
Next network in per-priority list. This pointer can be used to iterate over all networks in the same priority class. The heads of these list are stored in the pssid fields of struct wpa_config. Definition at line 88 of file config_ssid.h. |
|
|
Priority group. By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc. Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not using this priority to select the order for scanning. Instead, they try the networks in the order that used in the configuration file. Definition at line 119 of file config_ssid.h. |
|
|
File path to client private key file (PEM/DER/PFX). When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be commented out. Both the private key and certificate will be read from the PKCS#12 file in this case. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Windows certificate store can be used by leaving client_cert out and configuring private_key in one of the following formats: cert://substring_to_match hash://certificate_thumbprint_in_hex For example: private_key="hash://63093aa9c47f56ae88334c7b65a4" Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 367 of file config_ssid.h. |
|
|
File path to client private key file. This field is like private_key, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">. Definition at line 488 of file config_ssid.h. |
|
|
Password for private key file. This field is like private_key_passwd, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Definition at line 497 of file config_ssid.h. |
|
|
Password for private key file. If left out, this will be asked through control interface. Definition at line 375 of file config_ssid.h. |
|
|
Enable proactive key caching. This field can be used to enable proactive key caching which is also known as opportunistic PMKSA caching for WPA2. This is disabled (0) by default. Enable by setting this to 1. Proactive key caching is used to make supplicant assume that the APs are using the same PMK and generate PMKSA cache entries without doing RSN pre-authentication. This requires support from the AP side and is normally used with wireless switches that co-locate the authenticator. Definition at line 683 of file config_ssid.h. |
|
|
Scan this SSID with Probe Requests. scan_ssid can be used to scan for APs using hidden SSIDs. Note: Many drivers do not support this. ap_mode=2 can be used with such drivers to use hidden SSIDs. Definition at line 220 of file config_ssid.h. |
|
|
Service set identifier (network name). This is the SSID for the network. For wireless interfaces, this is used to select which network will be used. If set to NULL (or ssid_len=0), any SSID can be used. For wired interfaces, this must be set to NULL. Note: SSID may contain any characters, even nul (ASCII 0) and as such, this should not be assumed to be a nul terminated string. ssid_len defines how many characters are valid and the ssid field is not guaranteed to be nul terminated. Definition at line 133 of file config_ssid.h. |
|
|
Constraint for server certificate subject. This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format:
/C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as Definition at line 407 of file config_ssid.h. |
|
|
Constraint for server certificate subject. This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Definition at line 520 of file config_ssid.h. |
1.4.2