wpa_ssid Struct Reference

Network configuration data. More...

#include <config_ssid.h>

Collaboration diagram for wpa_ssid:

Collaboration graph
[legend]

Data Fields

wpa_ssidnext
 Next network in global list.
wpa_ssidpnext
 Next network in per-priority list.
int id
 Unique id for the network.
int priority
 Priority group.
u8 * ssid
 Service set identifier (network name).
size_t ssid_len
 Length of the SSID.
u8 bssid [ETH_ALEN]
 BSSID.
int bssid_set
 Whether BSSID is configured for this network.
u8 psk [PMK_LEN]
 WPA pre-shared key (256 bits).
int psk_set
 Whether PSK field is configured.
char * passphrase
 WPA ASCII passphrase.
int pairwise_cipher
 Bitfield of allowed pairwise ciphers, WPA_CIPHER_*.
int group_cipher
 Bitfield of allowed group ciphers, WPA_CIPHER_*.
int key_mgmt
 Bitfield of allowed key management protocols.
int proto
 Bitfield of allowed protocols, WPA_PROTO_*.
int auth_alg
 Bitfield of allowed authentication algorithms.
int scan_ssid
 Scan this SSID with Probe Requests.
u8 * identity
 EAP Identity.
size_t identity_len
 EAP Identity length.
u8 * anonymous_identity
 Anonymous EAP Identity.
size_t anonymous_identity_len
 Length of anonymous_identity.
u8 * eappsk
 EAP-PSK/PAX/SAKE pre-shared key.
size_t eappsk_len
 EAP-PSK/PAX/SAKE pre-shared key length.
u8 * nai
 User NAI (for EAP-PSK/PAX/SAKE).
size_t nai_len
 Length of nai field.
u8 * password
 Password string for EAP.
size_t password_len
 Length of password field.
u8 * ca_cert
 File path to CA certificate file (PEM/DER).
u8 * ca_path
 Directory path for CA certificate files (PEM).
u8 * client_cert
 File path to client certificate file (PEM/DER).
u8 * private_key
 File path to client private key file (PEM/DER/PFX).
u8 * private_key_passwd
 Password for private key file.
u8 * dh_file
 File path to DH/DSA parameters file (in PEM format).
u8 * subject_match
 Constraint for server certificate subject.
u8 * altsubject_match
u8 * ca_cert2
 File path to CA certificate file (PEM/DER) (Phase 2).
u8 * ca_path2
 Directory path for CA certificate files (PEM) (Phase 2).
u8 * client_cert2
 File path to client certificate file.
u8 * private_key2
 File path to client private key file.
u8 * private_key2_passwd
 Password for private key file.
u8 * dh_file2
 File path to DH/DSA parameters file (in PEM format).
u8 * subject_match2
 Constraint for server certificate subject.
u8 * altsubject_match2
 Constraint for server certificate alt. subject.
eap_method_type * eap_methods
 Allowed EAP methods.
char * phase1
 Phase 1 (outer authentication) parameters.
char * phase2
 Phase2 (inner authentication with TLS tunnel) parameters.
char * pcsc
 Parameters for PC/SC smartcard interface for USIM and GSM SIM.
char * pin
 PIN for USIM, GSM SIM, and smartcards.
int engine
 Enable OpenSSL engine (e.g., for smartcard access).
char * engine_id
 Engine ID for OpenSSL engine.
char * key_id
 Key ID for OpenSSL engine.
int eapol_flags
 Bit field of IEEE 802.1X/EAPOL options (EAPOL_FLAG_*).
u8 wep_key [NUM_WEP_KEYS][MAX_WEP_KEY_LEN]
 WEP keys.
size_t wep_key_len [NUM_WEP_KEYS]
 WEP key lengths.
int wep_tx_keyidx
 Default key index for TX frames using WEP.
int proactive_key_caching
 Enable proactive key caching.
u8 * otp
 One-time-password.
size_t otp_len
 Length of the otp field.
int pending_req_identity
 Whether there is a pending identity request.
int pending_req_password
 Whether there is a pending password request.
int pending_req_pin
 Whether there is a pending PIN request.
int pending_req_new_password
 Pending password update request.
int pending_req_passphrase
 Pending passphrase request.
char * pending_req_otp
 Whether there is a pending OTP request.
size_t pending_req_otp_len
 Length of the pending OTP request.
int leap
 Number of EAP methods using LEAP.
int non_leap
 Number of EAP methods not using LEAP.
unsigned int eap_workaround
 EAP workarounds enabled.
char * pac_file
 File path or blob name for the PAC entries (EAP-FAST).
int mode
 IEEE 802.11 operation mode (Infrastucture/IBSS).
int mschapv2_retry
 MSCHAPv2 retry in progress.
u8 * new_password
 New password for password update.
size_t new_password_len
 Length of new_password field.
int disabled
 Whether this network is currently disabled.
int peerkey
 Whether PeerKey handshake for direct links is allowed.
int fragment_size
 Maximum EAP fragment size in bytes (default 1398).
char * id_str
 Network identifier string for external scripts.

Detailed Description

Network configuration data.

This structure includes all the configuration variables for a network. This data is included in the per-interface configuration data as an element of the network list, struct wpa_config::ssid. Each network block in the configuration is mapped to a struct wpa_ssid instance.

Definition at line 70 of file config_ssid.h.


Field Documentation

u8* wpa_ssid::altsubject_match2
 

Constraint for server certificate alt. subject.

This field is like altsubject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

Definition at line 529 of file config_ssid.h.

u8* wpa_ssid::anonymous_identity
 

Anonymous EAP Identity.

This field is used for unencrypted use with EAP types that support different tunnelled identity, e.g., EAP-TTLS, in order to reveal the real identity (identity field) only to the authentication server.

Definition at line 244 of file config_ssid.h.

int wpa_ssid::auth_alg
 

Bitfield of allowed authentication algorithms.

WPA_AUTH_ALG_*

Definition at line 210 of file config_ssid.h.

u8 wpa_ssid::bssid[ETH_ALEN]
 

BSSID.

If set, this network block is used only when associating with the AP using the configured BSSID

Definition at line 148 of file config_ssid.h.

u8* wpa_ssid::ca_cert
 

File path to CA certificate file (PEM/DER).

This file can have one or more trusted CA certificates. If ca_cert and ca_path are not included, server certificate will not be verified. This is insecure and a trusted CA certificate should always be configured when using EAP-TLS/TTLS/PEAP. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

On Windows, trusted CA certificates can be loaded from the system certificate store by setting this to cert_store://<name>, e.g., ca_cert="cert_store://CA" or ca_cert="cert_store://ROOT". Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service.

Definition at line 312 of file config_ssid.h.

u8* wpa_ssid::ca_cert2
 

File path to CA certificate file (PEM/DER) (Phase 2).

This file can have one or more trusted CA certificates. If ca_cert2 and ca_path2 are not included, server certificate will not be verified. This is insecure and a trusted CA certificate should always be configured. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

This field is like ca_cert, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 445 of file config_ssid.h.

u8* wpa_ssid::ca_path
 

Directory path for CA certificate files (PEM).

This path may contain multiple CA certificates in OpenSSL format. Common use for this is to point to system trusted CA list which is often installed into directory like /etc/ssl/certs. If configured, these certificates are added to the list of trusted CAs. ca_cert may also be included in that case, but it is not required.

Definition at line 324 of file config_ssid.h.

u8* wpa_ssid::ca_path2
 

Directory path for CA certificate files (PEM) (Phase 2).

This path may contain multiple CA certificates in OpenSSL format. Common use for this is to point to system trusted CA list which is often installed into directory like /etc/ssl/certs. If configured, these certificates are added to the list of trusted CAs. ca_cert may also be included in that case, but it is not required.

This field is like ca_path, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

Definition at line 460 of file config_ssid.h.

u8* wpa_ssid::client_cert
 

File path to client certificate file (PEM/DER).

This field is used with EAP method that use TLS authentication. Usually, this is only configured for EAP-TLS, even though this could in theory be used with EAP-TTLS and EAP-PEAP, too. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 339 of file config_ssid.h.

u8* wpa_ssid::client_cert2
 

File path to client certificate file.

This field is like client_cert, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 474 of file config_ssid.h.

u8* wpa_ssid::dh_file
 

File path to DH/DSA parameters file (in PEM format).

This is an optional configuration file for setting parameters for an ephemeral DH key exchange. In most cases, the default RSA authentication does not use this configuration. However, it is possible setup RSA to use ephemeral DH key exchange. In addition, ciphers with DSA keys always use ephemeral DH keys. This can be used to achieve forward secrecy. If the file is in DSA parameters format, it will be automatically converted into DH params. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 394 of file config_ssid.h.

u8* wpa_ssid::dh_file2
 

File path to DH/DSA parameters file (in PEM format).

This field is like dh_file, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 511 of file config_ssid.h.

int wpa_ssid::disabled
 

Whether this network is currently disabled.

0 = this network can be used (default). 1 = this network block is disabled (can be enabled through ctrl_iface, e.g., with wpa_cli or wpa_gui).

Definition at line 870 of file config_ssid.h.

struct eap_method_type* wpa_ssid::eap_methods
 

Allowed EAP methods.

(vendor=EAP_VENDOR_IETF,method=EAP_TYPE_NONE) terminated list of allowed EAP methods or NULL if all methods are accepted.

Definition at line 538 of file config_ssid.h.

unsigned int wpa_ssid::eap_workaround
 

EAP workarounds enabled.

wpa_supplicant supports number of "EAP workarounds" to work around interoperability issues with incorrectly behaving authentication servers. This is recommended to be enabled by default because some of the issues are present in large number of authentication servers.

Strict EAP conformance mode can be configured by disabling workarounds with eap_workaround = 0.

Definition at line 799 of file config_ssid.h.

size_t wpa_ssid::eappsk_len
 

EAP-PSK/PAX/SAKE pre-shared key length.

This field is always 16 for the current version of EAP-PSK/PAX and 32 for EAP-SAKE.

Definition at line 265 of file config_ssid.h.

int wpa_ssid::engine
 

Enable OpenSSL engine (e.g., for smartcard access).

This is used if private key operations for EAP-TLS are performed using a smartcard.

Definition at line 616 of file config_ssid.h.

char* wpa_ssid::engine_id
 

Engine ID for OpenSSL engine.

"opensc" to select OpenSC engine or "pkcs11" to select PKCS#11 engine.

This is used if private key operations for EAP-TLS are performed using a smartcard.

Definition at line 628 of file config_ssid.h.

int wpa_ssid::fragment_size
 

Maximum EAP fragment size in bytes (default 1398).

This value limits the fragment size for EAP methods that support fragmentation (e.g., EAP-TLS and EAP-PEAP). This value should be set small enough to make the EAP messages fit in MTU of the network interface used for EAPOL. The default value is suitable for most cases.

Definition at line 896 of file config_ssid.h.

int wpa_ssid::id
 

Unique id for the network.

This identifier is used as a unique identifier for each network block when using the control interface. Each network is allocated an id when it is being created, either when reading the configuration file or when a new network is added through the control interface.

Definition at line 99 of file config_ssid.h.

char* wpa_ssid::id_str
 

Network identifier string for external scripts.

This value is passed to external ctrl_iface monitors in WPA_EVENT_CONNECTED event and wpa_cli sets this as WPA_ID_STR environment variable for action scripts.

Definition at line 908 of file config_ssid.h.

char* wpa_ssid::key_id
 

Key ID for OpenSSL engine.

This is used if private key operations for EAP-TLS are performed using a smartcard.

Definition at line 637 of file config_ssid.h.

int wpa_ssid::key_mgmt
 

Bitfield of allowed key management protocols.

WPA_KEY_MGMT_*

Definition at line 196 of file config_ssid.h.

int wpa_ssid::leap
 

Number of EAP methods using LEAP.

This field should be set to 1 if LEAP is enabled. This is used to select IEEE 802.11 authentication algorithm.

Definition at line 775 of file config_ssid.h.

int wpa_ssid::mode
 

IEEE 802.11 operation mode (Infrastucture/IBSS).

0 = infrastructure (Managed) mode, i.e., associate with an AP.

1 = IBSS (ad-hoc, peer-to-peer)

Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and key_mgmt=WPA-NONE (fixed group key TKIP/CCMP). In addition, ap_scan has to be set to 2 for IBSS. WPA-None requires following network block options: proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not both), and psk must also be set (either directly or using ASCII passphrase).

Definition at line 831 of file config_ssid.h.

int wpa_ssid::mschapv2_retry
 

MSCHAPv2 retry in progress.

This field is used internally by EAP-MSCHAPv2 and should not be set as part of configuration.

Definition at line 842 of file config_ssid.h.

u8* wpa_ssid::new_password
 

New password for password update.

This field is used during MSCHAPv2 password update. This is normally requested from the user through the control interface and not set from configuration.

Definition at line 852 of file config_ssid.h.

struct wpa_ssid* wpa_ssid::next
 

Next network in global list.

This pointer can be used to iterate over all networks. The head of this list is stored in the ssid field of struct wpa_config.

Definition at line 78 of file config_ssid.h.

int wpa_ssid::non_leap
 

Number of EAP methods not using LEAP.

This field should be set to >0 if any EAP method other than LEAP is enabled. This is used to select IEEE 802.11 authentication algorithm.

Definition at line 785 of file config_ssid.h.

u8* wpa_ssid::otp
 

One-time-password.

This field should not be set in configuration step. It is only used internally when OTP is entered through the control interface.

Definition at line 694 of file config_ssid.h.

char* wpa_ssid::pac_file
 

File path or blob name for the PAC entries (EAP-FAST).

wpa_supplicant will need to be able to create this file and write updates to it when PAC is being provisioned or refreshed. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background. Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 812 of file config_ssid.h.

char* wpa_ssid::passphrase
 

WPA ASCII passphrase.

If this is set, psk will be generated using the SSID and passphrase configured for the network. ASCII passphrase must be between 8 and 63 characters (inclusive).

Definition at line 176 of file config_ssid.h.

char* wpa_ssid::pcsc
 

Parameters for PC/SC smartcard interface for USIM and GSM SIM.

This field is used to configure PC/SC smartcard interface. Currently, the only configuration is whether this field is NULL (do not use PC/SC) or non-NULL (e.g., "") to enable PC/SC.

This field is used for EAP-SIM and EAP-AKA.

Definition at line 595 of file config_ssid.h.

int wpa_ssid::peerkey
 

Whether PeerKey handshake for direct links is allowed.

This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are enabled.

0 = disabled (default) 1 = enabled

Definition at line 882 of file config_ssid.h.

int wpa_ssid::pending_req_identity
 

Whether there is a pending identity request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 710 of file config_ssid.h.

int wpa_ssid::pending_req_new_password
 

Pending password update request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 740 of file config_ssid.h.

char* wpa_ssid::pending_req_otp
 

Whether there is a pending OTP request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 760 of file config_ssid.h.

int wpa_ssid::pending_req_passphrase
 

Pending passphrase request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 750 of file config_ssid.h.

int wpa_ssid::pending_req_password
 

Whether there is a pending password request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 720 of file config_ssid.h.

int wpa_ssid::pending_req_pin
 

Whether there is a pending PIN request.

This field should not be set in configuration step. It is only used internally when control interface is used to request needed information.

Definition at line 730 of file config_ssid.h.

char* wpa_ssid::phase1
 

Phase 1 (outer authentication) parameters.

String with field-value pairs, e.g., "peapver=0" or "peapver=1 peaplabel=1".

'peapver' can be used to force which PEAP version (0 or 1) is used.

'peaplabel=1' can be used to force new label, "client PEAP encryption", to be used during key derivation when PEAPv1 or newer.

Most existing PEAPv1 implementation seem to be using the old label, "client EAP encryption", and wpa_supplicant is now using that as the default value.

Some servers, e.g., Radiator, may require peaplabel=1 configuration to interoperate with PEAPv1; see eap_testing.txt for more details.

'peap_outer_success=0' can be used to terminate PEAP authentication on tunneled EAP-Success. This is required with some RADIUS servers that implement draft-josefsson-pppext-eap-tls-eap-05.txt (e.g., Lucent NavisRadius v4.4.0 with PEAP in "IETF Draft 5" mode).

include_tls_length=1 can be used to force wpa_supplicant to include TLS Message Length field in all TLS messages even if they are not fragmented.

sim_min_num_chal=3 can be used to configure EAP-SIM to require three challenges (by default, it accepts 2 or 3).

fast_provisioning=1 can be used to enable in-line provisioning of EAP-FAST credentials (PAC)

Definition at line 574 of file config_ssid.h.

char* wpa_ssid::phase2
 

Phase2 (inner authentication with TLS tunnel) parameters.

String with field-value pairs, e.g., "auth=MSCHAPV2" for EAP-PEAP or "autheap=MSCHAPV2 autheap=MD5" for EAP-TTLS.

Definition at line 583 of file config_ssid.h.

char* wpa_ssid::pin
 

PIN for USIM, GSM SIM, and smartcards.

This field is used to configure PIN for SIM and smartcards for EAP-SIM and EAP-AKA. In addition, this is used with EAP-TLS if a smartcard is used for private key operations.

If left out, this will be asked through control interface.

Definition at line 607 of file config_ssid.h.

struct wpa_ssid* wpa_ssid::pnext
 

Next network in per-priority list.

This pointer can be used to iterate over all networks in the same priority class. The heads of these list are stored in the pssid fields of struct wpa_config.

Definition at line 88 of file config_ssid.h.

int wpa_ssid::priority
 

Priority group.

By default, all networks will get same priority group (0). If some of the networks are more desirable, this field can be used to change the order in which wpa_supplicant goes through the networks when selecting a BSS. The priority groups will be iterated in decreasing priority (i.e., the larger the priority value, the sooner the network is matched against the scan results). Within each priority group, networks will be selected based on security policy, signal strength, etc.

Please note that AP scanning with scan_ssid=1 and ap_scan=2 mode are not using this priority to select the order for scanning. Instead, they try the networks in the order that used in the configuration file.

Definition at line 119 of file config_ssid.h.

u8* wpa_ssid::private_key
 

File path to client private key file (PEM/DER/PFX).

When PKCS#12/PFX file (.p12/.pfx) is used, client_cert should be commented out. Both the private key and certificate will be read from the PKCS#12 file in this case. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Windows certificate store can be used by leaving client_cert out and configuring private_key in one of the following formats:

cert://substring_to_match

hash://certificate_thumbprint_in_hex

For example: private_key="hash://63093aa9c47f56ae88334c7b65a4"

Note that when running wpa_supplicant as an application, the user certificate store (My user account) is used, whereas computer store (Computer account) is used when running wpasvc as a service.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 367 of file config_ssid.h.

u8* wpa_ssid::private_key2
 

File path to client private key file.

This field is like private_key, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication. Full path to the file should be used since working directory may change when wpa_supplicant is run in the background.

Alternatively, a named configuration blob can be used by setting this to blob://<blob name="">.

Definition at line 488 of file config_ssid.h.

u8* wpa_ssid::private_key2_passwd
 

Password for private key file.

This field is like private_key_passwd, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

Definition at line 497 of file config_ssid.h.

u8* wpa_ssid::private_key_passwd
 

Password for private key file.

If left out, this will be asked through control interface.

Definition at line 375 of file config_ssid.h.

int wpa_ssid::proactive_key_caching
 

Enable proactive key caching.

This field can be used to enable proactive key caching which is also known as opportunistic PMKSA caching for WPA2. This is disabled (0) by default. Enable by setting this to 1.

Proactive key caching is used to make supplicant assume that the APs are using the same PMK and generate PMKSA cache entries without doing RSN pre-authentication. This requires support from the AP side and is normally used with wireless switches that co-locate the authenticator.

Definition at line 683 of file config_ssid.h.

int wpa_ssid::scan_ssid
 

Scan this SSID with Probe Requests.

scan_ssid can be used to scan for APs using hidden SSIDs. Note: Many drivers do not support this. ap_mode=2 can be used with such drivers to use hidden SSIDs.

Definition at line 220 of file config_ssid.h.

u8* wpa_ssid::ssid
 

Service set identifier (network name).

This is the SSID for the network. For wireless interfaces, this is used to select which network will be used. If set to NULL (or ssid_len=0), any SSID can be used. For wired interfaces, this must be set to NULL. Note: SSID may contain any characters, even nul (ASCII 0) and as such, this should not be assumed to be a nul terminated string. ssid_len defines how many characters are valid and the ssid field is not guaranteed to be nul terminated.

Definition at line 133 of file config_ssid.h.

u8* wpa_ssid::subject_match
 

Constraint for server certificate subject.

This substring is matched against the subject of the authentication server certificate. If this string is set, the server sertificate is only accepted if it contains this string in the subject. The subject string is in following format:

/C=US/ST=CA/L=San Francisco/CN=Test AS/emailAddress=as
.example.com

Definition at line 407 of file config_ssid.h.

u8* wpa_ssid::subject_match2
 

Constraint for server certificate subject.

This field is like subject_match, but used for phase 2 (inside EAP-TTLS/PEAP/FAST tunnel) authentication.

Definition at line 520 of file config_ssid.h.


The documentation for this struct was generated from the following file:
Generated on Sun Dec 31 13:55:59 2006 for wpa_supplicant by  doxygen 1.4.2