1# Example hostapd build time configuration 2# 3# This file lists the configuration options that are used when building the 4# hostapd binary. All lines starting with # are ignored. Configuration option 5# lines must be commented out complete, if they are not to be included, i.e., 6# just setting VARIABLE=n is not disabling that variable. 7# 8# This file is included in Makefile, so variables like CFLAGS and LIBS can also 9# be modified from here. In most cass, these lines should use += in order not 10# to override previous values of the variables. 11 12# Driver interface for Host AP driver 13CONFIG_DRIVER_HOSTAP=y 14 15# Driver interface for wired authenticator 16#CONFIG_DRIVER_WIRED=y 17 18# Driver interface for madwifi driver 19#CONFIG_DRIVER_MADWIFI=y 20#CFLAGS += -I../../madwifi # change to the madwifi source directory 21 22# Driver interface for drivers using the nl80211 kernel interface 23CONFIG_DRIVER_NL80211=y 24 25# driver_nl80211.c requires libnl. If you are compiling it yourself 26# you may need to point hostapd to your version of libnl. 27# 28#CFLAGS += -I$<path to libnl include files> 29#LIBS += -L$<path to libnl library files> 30 31# Use libnl v2.0 (or 3.0) libraries. 32#CONFIG_LIBNL20=y 33 34# Use libnl 3.2 libraries (if this is selected, CONFIG_LIBNL20 is ignored) 35#CONFIG_LIBNL32=y 36 37 38# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) 39#CONFIG_DRIVER_BSD=y 40#CFLAGS += -I/usr/local/include 41#LIBS += -L/usr/local/lib 42#LIBS_p += -L/usr/local/lib 43#LIBS_c += -L/usr/local/lib 44 45# Driver interface for no driver (e.g., RADIUS server only) 46#CONFIG_DRIVER_NONE=y 47 48# IEEE 802.11F/IAPP 49CONFIG_IAPP=y 50 51# WPA2/IEEE 802.11i RSN pre-authentication 52CONFIG_RSN_PREAUTH=y 53 54# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) 55CONFIG_PEERKEY=y 56 57# IEEE 802.11w (management frame protection) 58CONFIG_IEEE80211W=y 59 60# Integrated EAP server 61CONFIG_EAP=y 62 63# EAP-MD5 for the integrated EAP server 64CONFIG_EAP_MD5=y 65 66# EAP-TLS for the integrated EAP server 67CONFIG_EAP_TLS=y 68 69# EAP-MSCHAPv2 for the integrated EAP server 70CONFIG_EAP_MSCHAPV2=y 71 72# EAP-PEAP for the integrated EAP server 73CONFIG_EAP_PEAP=y 74 75# EAP-GTC for the integrated EAP server 76CONFIG_EAP_GTC=y 77 78# EAP-TTLS for the integrated EAP server 79CONFIG_EAP_TTLS=y 80 81# EAP-SIM for the integrated EAP server 82#CONFIG_EAP_SIM=y 83 84# EAP-AKA for the integrated EAP server 85#CONFIG_EAP_AKA=y 86 87# EAP-AKA' for the integrated EAP server 88# This requires CONFIG_EAP_AKA to be enabled, too. 89#CONFIG_EAP_AKA_PRIME=y 90 91# EAP-PAX for the integrated EAP server 92#CONFIG_EAP_PAX=y 93 94# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) 95#CONFIG_EAP_PSK=y 96 97# EAP-pwd for the integrated EAP server (secure authentication with a password) 98#CONFIG_EAP_PWD=y 99 100# EAP-SAKE for the integrated EAP server 101#CONFIG_EAP_SAKE=y 102 103# EAP-GPSK for the integrated EAP server 104#CONFIG_EAP_GPSK=y 105# Include support for optional SHA256 cipher suite in EAP-GPSK 106#CONFIG_EAP_GPSK_SHA256=y 107 108# EAP-FAST for the integrated EAP server 109# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed 110# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g., 111# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions. 112#CONFIG_EAP_FAST=y 113 114# Wi-Fi Protected Setup (WPS) 115#CONFIG_WPS=y 116# Enable UPnP support for external WPS Registrars 117#CONFIG_WPS_UPNP=y 118# Enable WPS support with NFC config method 119#CONFIG_WPS_NFC=y 120 121# EAP-IKEv2 122#CONFIG_EAP_IKEV2=y 123 124# Trusted Network Connect (EAP-TNC) 125#CONFIG_EAP_TNC=y 126 127# EAP-EKE for the integrated EAP server 128#CONFIG_EAP_EKE=y 129 130# PKCS#12 (PFX) support (used to read private key and certificate file from 131# a file that usually has extension .p12 or .pfx) 132CONFIG_PKCS12=y 133 134# RADIUS authentication server. This provides access to the integrated EAP 135# server from external hosts using RADIUS. 136#CONFIG_RADIUS_SERVER=y 137 138# Build IPv6 support for RADIUS operations 139CONFIG_IPV6=y 140 141# IEEE Std 802.11r-2008 (Fast BSS Transition) 142#CONFIG_IEEE80211R=y 143 144# Use the hostapd's IEEE 802.11 authentication (ACL), but without 145# the IEEE 802.11 Management capability (e.g., madwifi or FreeBSD/net80211) 146#CONFIG_DRIVER_RADIUS_ACL=y 147 148# IEEE 802.11n (High Throughput) support 149#CONFIG_IEEE80211N=y 150 151# Wireless Network Management (IEEE Std 802.11v-2011) 152# Note: This is experimental and not complete implementation. 153#CONFIG_WNM=y 154 155# IEEE 802.11ac (Very High Throughput) support 156#CONFIG_IEEE80211AC=y 157 158# Remove debugging code that is printing out debug messages to stdout. 159# This can be used to reduce the size of the hostapd considerably if debugging 160# code is not needed. 161#CONFIG_NO_STDOUT_DEBUG=y 162 163# Add support for writing debug log to a file: -f /tmp/hostapd.log 164# Disabled by default. 165#CONFIG_DEBUG_FILE=y 166 167# Add support for sending all debug messages (regardless of debug verbosity) 168# to the Linux kernel tracing facility. This helps debug the entire stack by 169# making it easy to record everything happening from the driver up into the 170# same file, e.g., using trace-cmd. 171#CONFIG_DEBUG_LINUX_TRACING=y 172 173# Remove support for RADIUS accounting 174#CONFIG_NO_ACCOUNTING=y 175 176# Remove support for RADIUS 177#CONFIG_NO_RADIUS=y 178 179# Remove support for VLANs 180#CONFIG_NO_VLAN=y 181 182# Enable support for fully dynamic VLANs. This enables hostapd to 183# automatically create bridge and VLAN interfaces if necessary. 184#CONFIG_FULL_DYNAMIC_VLAN=y 185 186# Use netlink-based kernel API for VLAN operations instead of ioctl() 187# Note: This requires libnl 3.1 or newer. 188#CONFIG_VLAN_NETLINK=y 189 190# Remove support for dumping internal state through control interface commands 191# This can be used to reduce binary size at the cost of disabling a debugging 192# option. 193#CONFIG_NO_DUMP_STATE=y 194 195# Enable tracing code for developer debugging 196# This tracks use of memory allocations and other registrations and reports 197# incorrect use with a backtrace of call (or allocation) location. 198#CONFIG_WPA_TRACE=y 199# For BSD, comment out these. 200#LIBS += -lexecinfo 201#LIBS_p += -lexecinfo 202#LIBS_c += -lexecinfo 203 204# Use libbfd to get more details for developer debugging 205# This enables use of libbfd to get more detailed symbols for the backtraces 206# generated by CONFIG_WPA_TRACE=y. 207#CONFIG_WPA_TRACE_BFD=y 208# For BSD, comment out these. 209#LIBS += -lbfd -liberty -lz 210#LIBS_p += -lbfd -liberty -lz 211#LIBS_c += -lbfd -liberty -lz 212 213# hostapd depends on strong random number generation being available from the 214# operating system. os_get_random() function is used to fetch random data when 215# needed, e.g., for key generation. On Linux and BSD systems, this works by 216# reading /dev/urandom. It should be noted that the OS entropy pool needs to be 217# properly initialized before hostapd is started. This is important especially 218# on embedded devices that do not have a hardware random number generator and 219# may by default start up with minimal entropy available for random number 220# generation. 221# 222# As a safety net, hostapd is by default trying to internally collect 223# additional entropy for generating random data to mix in with the data 224# fetched from the OS. This by itself is not considered to be very strong, but 225# it may help in cases where the system pool is not initialized properly. 226# However, it is very strongly recommended that the system pool is initialized 227# with enough entropy either by using hardware assisted random number 228# generator or by storing state over device reboots. 229# 230# hostapd can be configured to maintain its own entropy store over restarts to 231# enhance random number generation. This is not perfect, but it is much more 232# secure than using the same sequence of random numbers after every reboot. 233# This can be enabled with -e<entropy file> command line option. The specified 234# file needs to be readable and writable by hostapd. 235# 236# If the os_get_random() is known to provide strong random data (e.g., on 237# Linux/BSD, the board in question is known to have reliable source of random 238# data from /dev/urandom), the internal hostapd random pool can be disabled. 239# This will save some in binary size and CPU use. However, this should only be 240# considered for builds that are known to be used on devices that meet the 241# requirements described above. 242#CONFIG_NO_RANDOM_POOL=y 243 244# Select TLS implementation 245# openssl = OpenSSL (default) 246# gnutls = GnuTLS 247# internal = Internal TLSv1 implementation (experimental) 248# none = Empty template 249#CONFIG_TLS=openssl 250 251# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.1) 252# can be enabled to get a stronger construction of messages when block ciphers 253# are used. 254#CONFIG_TLSV11=y 255 256# TLS-based EAP methods require at least TLS v1.0. Newer version of TLS (v1.2) 257# can be enabled to enable use of stronger crypto algorithms. 258#CONFIG_TLSV12=y 259 260# If CONFIG_TLS=internal is used, additional library and include paths are 261# needed for LibTomMath. Alternatively, an integrated, minimal version of 262# LibTomMath can be used. See beginning of libtommath.c for details on benefits 263# and drawbacks of this option. 264#CONFIG_INTERNAL_LIBTOMMATH=y 265#ifndef CONFIG_INTERNAL_LIBTOMMATH 266#LTM_PATH=/usr/src/libtommath-0.39 267#CFLAGS += -I$(LTM_PATH) 268#LIBS += -L$(LTM_PATH) 269#LIBS_p += -L$(LTM_PATH) 270#endif 271# At the cost of about 4 kB of additional binary size, the internal LibTomMath 272# can be configured to include faster routines for exptmod, sqr, and div to 273# speed up DH and RSA calculation considerably 274#CONFIG_INTERNAL_LIBTOMMATH_FAST=y 275 276# Interworking (IEEE 802.11u) 277# This can be used to enable functionality to improve interworking with 278# external networks. 279#CONFIG_INTERWORKING=y 280 281# Hotspot 2.0 282#CONFIG_HS20=y 283 284# Enable SQLite database support in hlr_auc_gw, EAP-SIM DB, and eap_user_file 285#CONFIG_SQLITE=y 286 287# Testing options 288# This can be used to enable some testing options (see also the example 289# configuration file) that are really useful only for testing clients that 290# connect to this hostapd. These options allow, for example, to drop a 291# certain percentage of probe requests or auth/(re)assoc frames. 292# 293#CONFIG_TESTING_OPTIONS=y 294 295# Automatic Channel Selection 296# This will allow hostapd to pick the channel automatically when channel is set 297# to "acs_survey" or "0". Eventually, other ACS algorithms can be added in 298# similar way. 299# 300# Automatic selection is currently only done through initialization, later on 301# we hope to do background checks to keep us moving to more ideal channels as 302# time goes by. ACS is currently only supported through the nl80211 driver and 303# your driver must have survey dump capability that is filled by the driver 304# during scanning. 305# 306# You can customize the ACS survey algorithm with the hostapd.conf variable 307# acs_num_scans. 308# 309# Supported ACS drivers: 310# * ath9k 311# * ath5k 312# * ath10k 313# 314# For more details refer to: 315# http://wireless.kernel.org/en/users/Documentation/acs 316# 317#CONFIG_ACS=y 318