diff --git a/wpa_supplicant/android.config b/wpa_supplicant/android.config index 78fb88e68..fc0614d3b 100644 --- a/wpa_supplicant/android.config +++ b/wpa_supplicant/android.config @@ -55,11 +55,6 @@ # Set include directory to the madwifi source tree #CFLAGS += -I../../madwifi -# Driver interface for Prism54 driver -# (Note: Prism54 is not yet supported, i.e., this will not work as-is and is -# for developers only) -#CONFIG_DRIVER_PRISM54=y - # Driver interface for ndiswrapper # Deprecated; use CONFIG_DRIVER_WEXT=y instead. #CONFIG_DRIVER_NDISWRAPPER=y @@ -83,6 +78,11 @@ #CONFIG_DRIVER_RALINK=y # Driver interface for generic Linux wireless extensions +# Note: WEXT is deprecated in the current Linux kernel version and no new +# functionality is added to it. nl80211-based interface is the new +# replacement for WEXT and its use allows wpa_supplicant to properly control +# the driver to improve existing functionality like roaming and to support new +# functionality. #CONFIG_DRIVER_WEXT=y # Driver interface for Linux drivers using the nl80211 kernel interface @@ -93,6 +93,8 @@ CONFIG_LIBNL20=y #CONFIG_DRIVER_BSD=y #CFLAGS += -I/usr/local/include #LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib # Driver interface for Windows NDIS #CONFIG_DRIVER_NDIS=y @@ -113,11 +115,6 @@ CONFIG_LIBNL20=y # Driver interface for development testing #CONFIG_DRIVER_TEST=y -# Include client MLME (management frame processing) for test driver -# This can be used to test MLME operations in hostapd with the test interface. -# space. -#CONFIG_CLIENT_MLME=y - # Driver interface for wired Ethernet drivers #CONFIG_DRIVER_WIRED=y @@ -127,6 +124,10 @@ CONFIG_LIBNL20=y # Driver interface for no driver (e.g., WPS ER only) #CONFIG_DRIVER_NONE=y +# Solaris libraries +#LIBS += -lsocket -ldlpi -lnsl +#LIBS_c += -lsocket + # Enable IEEE 802.1X Supplicant (automatically included if any EAP method is # included) CONFIG_IEEE8021X_EAPOL=y @@ -165,6 +166,9 @@ CONFIG_EAP_SIM=y # EAP-PSK (experimental; this is _not_ needed for WPA-PSK) #CONFIG_EAP_PSK=y +# EAP-pwd (secure authentication using only a password) +CONFIG_EAP_PWD=y + # EAP-PAX #CONFIG_EAP_PAX=y @@ -196,13 +200,15 @@ CONFIG_EAP_LEAP=y CONFIG_WPS=y # Enable WSC 2.0 support CONFIG_WPS2=y +# Enable WPS external registrar functionality +#CONFIG_WPS_ER=y +# Disable credentials for an open network by default when acting as a WPS +# registrar. +#CONFIG_WPS_REG_DISABLE_OPEN=y # EAP-IKEv2 #CONFIG_EAP_IKEV2=y -# EAP-PWD -CONFIG_EAP_PWD=y - # PKCS#12 (PFX) support (used to read private key and certificate file from # a file that usually has extension .p12 or .pfx) CONFIG_PKCS12=y @@ -215,6 +221,9 @@ CONFIG_SMARTCARD=y # Enable this if EAP-SIM or EAP-AKA is included #CONFIG_PCSC=y +# Support HT overrides (disable HT/HT40, mask MCS rates, etc.) +#CONFIG_HT_OVERRIDES=y + # Development testing #CONFIG_EAPOL_TEST=y @@ -298,6 +307,9 @@ CONFIG_OS=unix # eloop_none = Empty template CONFIG_ELOOP=eloop +# Should we use poll instead of select? Select is used by default. +#CONFIG_ELOOP_POLL=y + # Select layer 2 packet implementation # linux = Linux packet socket (default) # pcap = libpcap/libdnet/WinPcap @@ -318,18 +330,24 @@ CONFIG_PEERKEY=y # Select TLS implementation # openssl = OpenSSL (default) -# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# gnutls = GnuTLS # internal = Internal TLSv1 implementation (experimental) # none = Empty template #CONFIG_TLS=openssl -# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. -# You need CONFIG_TLS=gnutls for this to have any effect. Please note that -# even though the core GnuTLS library is released under LGPL, this extra -# library uses GPL and as such, the terms of GPL apply to the combination -# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not -# apply for distribution of the resulting binary. -#CONFIG_GNUTLS_EXTRA=y +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) +# can be enabled to get a stronger construction of messages when block ciphers +# are used. It should be noted that some existing TLS v1.0 -based +# implementation may not be compatible with TLS v1.1 message (ClientHello is +# sent prior to negotiating which version will be used) +#CONFIG_TLSV11=y + +# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) +# can be enabled to enable use of stronger crypto algorithms. It should be +# noted that some existing TLS v1.0 -based implementation may not be compatible +# with TLS v1.2 message (ClientHello is sent prior to negotiating which version +# will be used) +#CONFIG_TLSV12=y # If CONFIG_TLS=internal is used, additional library and include paths are # needed for LibTomMath. Alternatively, an integrated, minimal version of @@ -361,7 +379,7 @@ CONFIG_PEERKEY=y # (fi.w1.hostap.wpa_supplicant1) #CONFIG_CTRL_IFACE_DBUS_NEW=y -# Add introspection support for new DBus control interface (requires libxml2) +# Add introspection support for new DBus control interface #CONFIG_CTRL_IFACE_DBUS_INTRO=y # Add support for loading EAP methods dynamically as shared libraries. @@ -391,7 +409,19 @@ CONFIG_PEERKEY=y # Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) #CONFIG_DEBUG_FILE=y -# Add support for writing debug log to Android logcat instead of standard output +# Send debug messages to syslog instead of stdout +#CONFIG_DEBUG_SYSLOG=y +# Set syslog facility for debug messages +#CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON + +# Add support for sending all debug messages (regardless of debug verbosity) +# to the Linux kernel tracing facility. This helps debug the entire stack by +# making it easy to record everything happening from the driver up into the +# same file, e.g., using trace-cmd. +#CONFIG_DEBUG_LINUX_TRACING=y + +# Add support for writing debug log to Android logcat instead of standard +# output CONFIG_ANDROID_LOG=y # Enable privilege separation (see README 'Privilege separation' for details) @@ -401,11 +431,67 @@ CONFIG_ANDROID_LOG=y # MIC error reports by a random amount of time between 0 and 60 seconds #CONFIG_DELAYED_MIC_ERROR_REPORT=y +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, uncomment these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, uncomment these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +# wpa_supplicant depends on strong random number generation being available +# from the operating system. os_get_random() function is used to fetch random +# data when needed, e.g., for key generation. On Linux and BSD systems, this +# works by reading /dev/urandom. It should be noted that the OS entropy pool +# needs to be properly initialized before wpa_supplicant is started. This is +# important especially on embedded devices that do not have a hardware random +# number generator and may by default start up with minimal entropy available +# for random number generation. +# +# As a safety net, wpa_supplicant is by default trying to internally collect +# additional entropy for generating random data to mix in with the data fetched +# from the OS. This by itself is not considered to be very strong, but it may +# help in cases where the system pool is not initialized properly. However, it +# is very strongly recommended that the system pool is initialized with enough +# entropy either by using hardware assisted random number generator or by +# storing state over device reboots. +# +# wpa_supplicant can be configured to maintain its own entropy store over +# restarts to enhance random number generation. This is not perfect, but it is +# much more secure than using the same sequence of random numbers after every +# reboot. This can be enabled with -e command line option. The +# specified file needs to be readable and writable by wpa_supplicant. +# +# If the os_get_random() is known to provide strong random data (e.g., on +# Linux/BSD, the board in question is known to have reliable source of random +# data from /dev/urandom), the internal wpa_supplicant random pool can be +# disabled. This will save some in binary size and CPU use. However, this +# should only be considered for builds that are known to be used on devices +# that meet the requirements described above. +#CONFIG_NO_RANDOM_POOL=y + +# IEEE 802.11n (High Throughput) support (mainly for AP mode) +CONFIG_IEEE80211N=y + +# Interworking (IEEE 802.11u) +# This can be used to enable functionality to improve interworking with +# external networks (GAS/ANQP to learn more about the networks and network +# selection based on available credentials). +#CONFIG_INTERWORKING=y + # Disable roaming in wpa_supplicant CONFIG_NO_ROAMING=y # Enable P2P -# IEEE 802.11n (High Throughput) support (mainly for AP mode) -CONFIG_IEEE80211N=y CONFIG_P2P=y CONFIG_AP=y