hostapd: use getrandom syscall

[openwrt/staging/dedeckeh.git] / package / network / services / hostapd / files / hostapd-full.config

diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config
index 355a70b9e181c5af6f08c2741f8b18c569dbd8fd..5c9fbed2e48d97868eb44f2fef89fc52838c138e 100644 (file)
--- a/package/network/services/hostapd/files/hostapd-full.config
+++ b/package/network/services/hostapd/files/hostapd-full.config
@@ -50,13 +50,12 @@ CONFIG_IAPP=y
 # WPA2/IEEE 802.11i RSN pre-authentication
 CONFIG_RSN_PREAUTH=y
 
-# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
-CONFIG_PEERKEY=y
-
 # IEEE 802.11w (management frame protection)
-# Driver support is also needed for IEEE 802.11w.
 #CONFIG_IEEE80211W=y
 
+# Support Operating Channel Validation
+#CONFIG_OCV=y
+
 # Integrated EAP server
 CONFIG_EAP=y
 
@@ -109,11 +108,18 @@ CONFIG_EAP_TTLS=y
 #CONFIG_EAP_GPSK_SHA256=y
 
 # EAP-FAST for the integrated EAP server
-# Note: If OpenSSL is used as the TLS library, OpenSSL 1.0 or newer is needed
-# for EAP-FAST support. Older OpenSSL releases would need to be patched, e.g.,
-# with openssl-0.9.8x-tls-extensions.patch, to add the needed functions.
 CONFIG_EAP_FAST=y
 
+# EAP-TEAP for the integrated EAP server
+# Note: The current EAP-TEAP implementation is experimental and should not be
+# enabled for production use. The IETF RFC 7170 that defines EAP-TEAP has number
+# of conflicting statements and missing details and the implementation has
+# vendor specific workarounds for those and as such, may not interoperate with
+# any other implementation. This should not be used for anything else than
+# experimentation and interoperability testing until those issues has been
+# resolved.
+#CONFIG_EAP_TEAP=y
+
 # Wi-Fi Protected Setup (WPS)
 CONFIG_WPS=y
 # Enable UPnP support for external WPS Registrars
@@ -253,6 +259,11 @@ CONFIG_NO_DUMP_STATE=y
 # requirements described above.
 CONFIG_NO_RANDOM_POOL=y
 
+# Should we attempt to use the getrandom(2) call that provides more reliable
+# yet secure randomness source than /dev/random on Linux 3.17 and newer.
+# Requires glibc 2.25 to build, falls back to /dev/random if unavailable.
+CONFIG_GETRANDOM=y
+
 # Should we use poll instead of select? Select is used by default.
 #CONFIG_ELOOP_POLL=y
 
@@ -360,8 +371,6 @@ CONFIG_INTERNAL_LIBTOMMATH=y
 CONFIG_TAXONOMY=y
 
 # Fast Initial Link Setup (FILS) (IEEE 802.11ai)
-# Note: This is an experimental and not yet complete implementation. This
-# should not be enabled for production use.
 #CONFIG_FILS=y
 # FILS shared key authentication with PFS
 #CONFIG_FILS_SK_PFS=y
@@ -374,6 +383,13 @@ CONFIG_TAXONOMY=y
 # Experimental implementation of draft-harkins-owe-07.txt
 #CONFIG_OWE=y
 
+# Airtime policy support
+#CONFIG_AIRTIME_POLICY=y
+
+# Override default value for the wpa_disable_eapol_key_retries configuration
+# parameter. See that parameter in hostapd.conf for more details.
+#CFLAGS += -DDEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES=1
+
 # uBus IPC/RPC System
 # Services can connect to the bus and provide methods
 # that can be called by other services or clients.