3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2025-01-09 08:22:42 +01:00
iwd/src/iwd.config.rst
2022-05-20 10:14:17 -05:00

377 lines
14 KiB
ReStructuredText

============
iwd.config
============
--------------------------------------
Configuration file for wireless daemon
--------------------------------------
:Author: Marcel Holtmann <marcel@holtmann.org>
:Author: Denis Kenzior <denkenz@gmail.com>
:Author: Andrew Zaborowski <andrew.zaborowski@intel.com>
:Author: Tim Kourt <tim.a.kourt@linux.intel.com>
:Author: James Prestwood <prestwoj@gmail.com>
:Copyright: 2013-2019 Intel Corporation
:Version: iwd
:Date: 22 September 2019
:Manual section: 5
:Manual group: Linux Connectivity
SYNOPSIS
========
Configuration file **main.conf**
DESCRIPTION
===========
The *main.conf* configuration file configures the system-wide settings for
**iwd**. This file lives in the configuration directory specified by the
environment variable *$CONFIGURATION_DIRECTORY*, which is normally provided
by **systemd**. In the absence of such an environment variable it defaults
to */etc/iwd*. If no *main.conf* is present, then default values are
chosen. The presence of *main.conf* is not required.
FILE FORMAT
===========
See *iwd.network* for details on the file format.
SETTINGS
========
The settings are split into several categories. Each category has a group
associated with it and described in separate tables below.
General Settings
----------------
The group ``[General]`` contains general settings.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - EnableNetworkConfiguration
- Values: true, **false**
Enable network configuration.
Setting this option to *true* enables **iwd** to configure the network
interfaces with the IP addresses. There are two types IP addressing
supported by **iwd**: static and dynamic. The static IP addresses are
configured through the network configuration files. If no static IP
configuration has been provided for a network, **iwd** will attempt to
obtain the dynamic addresses from the network through the built-in
DHCP client.
This also enables network configuration and the DHCP server when in AP
mode and the AP profile being activated does not override it.
The network configuration feature is disabled by default. See
``[Network]`` settings for additional settings related to network
configuration.
* - APRanges
- Values: <IP in prefix notation>
Sets the range of IP's used for DHCP server (AP mode). The IP should be
in prefix notation e.g. 192.168.1.0/24. AP's which are started in a
profile-less configuration will use this pool of IP's to set the AP's
interface address as well as default DHCP server options. Each AP will
get a new subnet from the range and clients will be addressed in that
subnet to avoid IP conflicts if multiple AP's are started.
* - UseDefaultInterface
- Values: true, **false**
Do not allow **iwd** to destroy / recreate wireless interfaces at
startup, including default interfaces. Enable this behavior if your
wireless card driver is buggy or does not allow such an operation, or
if you do not want **iwd** to manage netdevs for another reason. For
most users with an upstream driver it should be safe to omit/disable
this setting.
* - AddressRandomization
- Values: **disabled**, once, network
If ``AddressRandomization`` is set to ``disabled``, the default kernel
behavior is used. This means the kernel will assign a mac address from
the permanent mac address range provided by the hardware / driver. Thus
it is possible for networks to track the user by the mac address which
is permanent.
If ``AddressRandomization`` is set to ``once``, MAC address is
randomized a single time when **iwd** starts or when the hardware is
detected for the first time (due to hotplug, etc.)
If ``AddressRandomization`` is set to ``network``, the MAC address is
randomized on each connection to a network. The MAC is generated based on
the SSID and permanent address of the adapter. This allows the same MAC
to be generated each time connecting to a given SSID while still hiding
the permanent address.
* - AddressRandomizationRange
- Values: **full**, nic
One can control which part of the address is randomized using this
setting.
When using ``AddressRandomizationRange`` set to ``nic``, only the NIC
specific octets (last 3 octets) are randomized. Note that the
randomization range is limited to 00:00:01 to 00:00:FE. The permanent
mac address of the card is used for the initial 3 octets.
When using ``AddressRandomizationRange`` set to ``full``, all 6 octets
of the address are randomized. The locally-administered bit will be
set.
* - RoamThreshold
- Value: rssi dBm value, from -100 to 1, default: **-70**
This value can be used to control how aggressively **iwd** roams when
connected to a 2.4Ghz access point.
* - RoamThreshold5G
- Value: rssi dBm value, from -100 to 1, default: **-76**
This value can be used to control how aggressively **iwd** roams when
connected to a 5GHz access point.
* - RoamRetryInterval
- Value: unsigned int value in seconds (default: **60**)
Specifies how long **iwd** will wait before attempting to roam again if
the last roam attempt failed, or if the signal of the newly connected BSS
is still considered weak.
* - ManagementFrameProtection
- Values: 0, **1** or 2
When ``ManagementFrameProtection`` is ``0``, MFP is completely turned
off, even if the hardware is capable. This setting is not recommended.
When ``ManagementFrameProtection`` is ``1``, MFP is enabled if the local
hardware and remote AP both support it.
When ``ManagementFrameProtection`` is ``2``, MFP is always required.
This can prevent successful connection establishment on some hardware or
to some networks.
* - ControlPortOverNL80211
- Values: false, **true**
Enable/Disable sending EAPoL packets over NL80211. Enabled by default
if kernel support is available. Doing so sends all EAPoL traffic over
directly to the supplicant process (**iwd**) instead of putting these on
the Ethernet device. Since only the supplicant can usually make
sense / decrypt these packets, enabling this option can save some CPU
cycles on your system and avoids certain long-standing race conditions.
* - DisableANQP
- Values: false, **true**
Enable/disable ANQP queries. The way IWD does ANQP queries is dependent
on a recent kernel patch (available in Kernel 5.3). If your kernel does
not have this functionality this should be disabled (default). Some
drivers also do a terrible job of sending public action frames
(freezing or crashes) which is another reason why this has been turned
off by default. If you want to easily utilize Hotspot 2.0 networks,
then setting ``DisableANQP`` to ``false`` is recommended.
* - DisableOCV
- Value: **false**, true
Disable Operating Channel Validation. Support for this is not advertised
by the kernel so if kernels/drivers exist which don't support OCV it can
be disabled here.
* - SystemdEncrypt
**Warning: This is a highly experimental feature**
- Value: Systemd key ID
Enables network profile encryption using a systemd provided secret key.
Once enabled all PSK/8021x network profiles will be encrypted
automatically. Once the profile is encrypted there is no way of going
back using IWD alone. A tool, **iwd-decrypt-profile**, is provided
assuming the secret is known which will decrypt a profile. This
decrypted profile could manually be set to /var/lib/iwd to 'undo' any
profile encryption, but its going to be a manual process.
Setting up systemd to provide the secret is left up to the user as IWD
has no way of performing this automatically. The systemd options
required are LoadCredentialEncrypted or SetCredentialEncrypted, and the
secret identifier should be named whatever SystemdEncrypt is set to.
Network
-------
The group ``[Network]`` contains network configuration related settings.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - EnableIPv6
- Values: true, **false**
Sets the global default that tells **iwd** whether it should configure
IPv6 addresses and routes (either provided via static settings,
Router Advertisements or DHCPv6 protocol). This setting is disabled
by default. This setting can also be overridden on a per-network basis.
* - NameResolvingService
- Values: resolvconf, **systemd**, none
Configures a DNS resolution method used by the system.
This configuration option must be used in conjunction with
``EnableNetworkConfiguration`` and provides the choice of system
resolver integration.
If not specified, ``systemd`` is used as default.
If ``none`` is specified, then DNS and domain name information is
ignored.
* - RoutePriorityOffset
- Values: uint32 value (default: **300**)
Configures a route priority offset used by the system to prioritize
the default routes. The route with lower priority offset is preferred.
If not specified, ``300`` is used as default.
* - MulticastDNS
- Values: true, false, resolve
Configures multicast DNS on each interface. If not specified,
systemd-resolved's default value will remain untouched.
See ``man 5 systemd.network`` for details.
Only applies when ``NameResolvingService=systemd``.
Blacklist
---------
The group ``[Blacklist]`` contains settings related to blacklisting of BSSes.
If **iwd** determines that a connection to a BSS fails for a reason that
indicates the BSS is currently misbehaving or misconfigured (e.g. timeouts,
unexpected status/reason codes, etc), then **iwd** will blacklist this BSS
and avoid connecting to it for a period of time. These options let the user
control how long a misbehaved BSS spends on the blacklist.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - InitialTimeout
- Values: uint64 value in seconds (default: **60**)
The initial time that a BSS spends on the blacklist.
* - Multiplier
- Values: unsigned int value in seconds (default: **30**)
If the BSS was blacklisted previously and another connection attempt
has failed after the initial timeout has expired, then the BSS blacklist
time will be extended by a multiple of *Multiplier* for each
unsuccessful attempt up to *MaxiumTimeout* time in seconds.
* - MaximumTimeout
- Values: uint64 value in seconds (default: **86400**)
Maximum time that a BSS is blacklisted.
Rank
----
The group ``[Rank]`` contains settings related to ranking of networks for
autoconnect purposes.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - BandModifier5Ghz
- Values: floating point value (default: **1.0**)
Increase or decrease the preference for 5GHz access points by increasing
or decreasing the value of this modifier. 5GHz networks are already
preferred due to their increase throughput / data rate. However, 5GHz
networks are highly RSSI sensitive, so it is still possible for IWD to
prefer 2.4Ghz APs in certain circumstances.
Scan
----
The group ``[Scan]`` contains settings related to scanning functionality.
No modification from defaults is normally required.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - DisablePeriodicScan
- Values: true, **false**
Disable periodic scan. Setting this option to 'true' will prevent
**iwd** from issuing the periodic scans for the available networks while
disconnected. The behavior of the user-initiated scans isn't affected.
The periodic scan is enabled by default.
* - InitialPeriodicScanInterval
- Values: unsigned int value in seconds (default: **10**)
The initial periodic scan interval upon disconnect.
* - MaximumPeriodicScanInterval
- Values: unsigned int value in seconds (default: **300**)
The maximum periodic scan interval.
* - DisableRoamingScan
- Values: true, **false**
Disable roaming scan. Setting this option to 'true' will prevent **iwd**
from trying to scan when roaming decisions are activated. This can
prevent **iwd** from roaming properly, but can be useful for networks
operating under extremely low rssi levels where roaming isn't possible.
IPv4
----
The group ``[IPv4]`` contains settings related to IPv4 network configuration.
.. list-table::
:header-rows: 0
:stub-columns: 0
:widths: 20 80
:align: left
* - APAddressPool
- Values: comma-separated list of prefix-notation IP strings
Defines the space of IPs used for the Access Point-mode subnet addresses
and the DHCP server. Defaults to 192.168.0.0/16. The prefix length
decides the size of the pool from which an address is selected but the
actual subnet size (netmask) is based on the AP profile being activated
and defaults to 28 bits. The AP profile's ``[IPv4].Address`` setting
overrides the global value set here. Setting a too small address space
will limit the number of access points that can be running
simultaneously on different interfaces.
SEE ALSO
========
iwd(8), iwd.network(5)