1IWD.CONFIG(5) Linux Connectivity IWD.CONFIG(5)
2
6 iwd.config - Configuration file for wireless daemon
7
9 Configuration file main.conf
10
12 The main.conf configuration file configures the system-wide settings
13 for iwd. This file lives in the configuration directory specified by
14 the environment variable $CONFIGURATION_DIRECTORY, which is normally
15 provided by systemd. In the absence of such an environment variable it
16 defaults to /etc/iwd. If no main.conf is present, then default values
17 are chosen. The presence of main.conf is not required.
18
20 See iwd.network for details on the file format.
21
23 The settings are split into several categories. Each category has a
24 group associated with it and described in separate tables below.
25 General Settings
27 The group [General] contains general settings.
28 ┌───────────────────────────┬────────────────────────────┐
30 │EnableNetworkConfiguration │ Values: true, false │
31 │ │ │
32 │ │ Enable network configura‐ │
33 │ │ tion. │
34 │ │ │
35 │ │ Setting this option to │
36 │ │ true enables iwd to con‐ │
37 │ │ figure the network inter‐ │
38 │ │ faces with the IP │
39 │ │ addresses. There are two │
40 │ │ types IP addressing sup‐ │
41 │ │ ported by iwd: static and │
42 │ │ dynamic. The static IP │
43 │ │ addresses are configured │
44 │ │ through the network con‐ │
45 │ │ figuration files. If no │
46 │ │ static IP configuration │
47 │ │ has been provided for a │
48 │ │ network, iwd will attempt │
49 │ │ to obtain the dynamic │
50 │ │ addresses from the network │
51 │ │ through the built-in DHCP │
52 │ │ client. │
53 │ │ │
54 │ │ The network configuration │
55 │ │ feature is disabled by │
56 │ │ default. See [Network] │
57 │ │ settings for additional │
58 │ │ settings related to net‐ │
59 │ │ work configuration. │
60 └───────────────────────────┴────────────────────────────┘
61 │UseDefaultInterface │ Values: true, false │
68 │ │ │
69 │ │ Do not allow iwd to │
70 │ │ destroy / recreate wire‐ │
71 │ │ less interfaces at │
72 │ │ startup, including default │
73 │ │ interfaces. Enable this │
74 │ │ behavior if your wireless │
75 │ │ card driver is buggy or │
76 │ │ does not allow such an │
77 │ │ operation, or if you do │
78 │ │ not want iwd to manage │
79 │ │ netdevs for another rea‐ │
80 │ │ son. For most users with │
81 │ │ an upstream driver it │
82 │ │ should be safe to │
83 │ │ omit/disable this setting. │
84 ├───────────────────────────┼────────────────────────────┤
85 │AddressRandomization │ Values: disabled, once, │
86 │ │ network │
87 │ │ │
88 │ │ If AddressRandomization is │
89 │ │ set to disabled, the │
90 │ │ default kernel behavior is │
91 │ │ used. This means the ker‐ │
92 │ │ nel will assign a mac │
93 │ │ address from the permanent │
94 │ │ mac address range provided │
95 │ │ by the hardware / driver. │
96 │ │ Thus it is possible for │
97 │ │ networks to track the user │
98 │ │ by the mac address which │
99 │ │ is permanent. │
100 │ │ │
101 │ │ If AddressRandomization is │
102 │ │ set to once, MAC address │
103 │ │ is randomized a single │
104 │ │ time when iwd starts or │
105 │ │ when the hardware is │
106 │ │ detected for the first │
107 │ │ time (due to hotplug, │
108 │ │ etc.) │
109 │ │ │
110 │ │ If AddressRandomization is │
111 │ │ set to network, the MAC │
112 │ │ address is randomized on │
113 │ │ each connection to a net‐ │
114 │ │ work. The MAC is generated │
115 │ │ based on the SSID and per‐ │
116 │ │ manent address of the │
117 │ │ adapter. This allows the │
118 │ │ same MAC to be generated │
119 │ │ each time connecting to a │
120 │ │ given SSID while still │
121 │ │ hiding the permanent │
122 │ │ address. │
123 └───────────────────────────┴────────────────────────────┘
124 │AddressRandomizationRange │ Values: full, nic │
134 │ │ │
135 │ │ One can control which part │
136 │ │ of the address is random‐ │
137 │ │ ized using this setting. │
138 │ │ │
139 │ │ When using AddressRandom‐ │
140 │ │ izationRange set to nic, │
141 │ │ only the NIC specific │
142 │ │ octets (last 3 octets) are │
143 │ │ randomized. Note that the │
144 │ │ randomization range is │
145 │ │ limited to 00:00:01 to │
146 │ │ 00:00:FE. The permanent │
147 │ │ mac address of the card is │
148 │ │ used for the initial 3 │
149 │ │ octets. │
150 │ │ │
151 │ │ When using AddressRandom‐ │
152 │ │ izationRange set to full, │
153 │ │ all 6 octets of the │
154 │ │ address are randomized. │
155 │ │ The locally-administered │
156 │ │ bit will be set. │
157 ├───────────────────────────┼────────────────────────────┤
158 │RoamThreshold │ Value: rssi dBm value, │
159 │ │ from -100 to 1, default: │
160 │ │ -70 │
161 │ │ │
162 │ │ This can be used to con‐ │
163 │ │ trol how aggressively iwd │
164 │ │ roams. │
165 ├───────────────────────────┼────────────────────────────┤
166 │ManagementFrameProtection │ Values: 0, 1 or 2 │
167 │ │ │
168 │ │ When ManagementFramePro‐ │
169 │ │ tection is 0, MFP is com‐ │
170 │ │ pletely turned off, even │
171 │ │ if the hardware is capa‐ │
172 │ │ ble. This setting is not │
173 │ │ recommended. │
174 │ │ │
175 │ │ When ManagementFramePro‐ │
176 │ │ tection is 1, MFP is │
177 │ │ enabled if the local hard‐ │
178 │ │ ware and remote AP both │
179 │ │ support it. │
180 │ │ │
181 │ │ When ManagementFramePro‐ │
182 │ │ tection is 2, MFP is │
183 │ │ always required. This can │
184 │ │ prevent successful connec‐ │
185 │ │ tion establishment on some │
186 │ │ hardware or to some net‐ │
187 │ │ works. │
188 └───────────────────────────┴────────────────────────────┘
189 │ControlPortOverNL80211 │ Values: false, true │
200 │ │ │
201 │ │ Enable/Disable sending │
202 │ │ EAPoL packets over │
203 │ │ NL80211. Enabled by │
204 │ │ default if kernel support │
205 │ │ is available. Doing so │
206 │ │ sends all EAPoL traffic │
207 │ │ over directly to the sup‐ │
208 │ │ plicant process (iwd) │
209 │ │ instead of putting these │
210 │ │ on the Ethernet device. │
211 │ │ Since only the supplicant │
212 │ │ can usually make sense / │
213 │ │ decrypt these packets, │
214 │ │ enabling this option can │
215 │ │ save some CPU cycles on │
216 │ │ your system and avoids │
217 │ │ certain long-standing race │
218 │ │ conditions. │
219 ├───────────────────────────┼────────────────────────────┤
220 │DisableANQP │ Values: false, true │
221 │ │ │
222 │ │ Enable/disable ANQP │
223 │ │ queries. The way IWD does │
224 │ │ ANQP queries is dependent │
225 │ │ on a recent kernel patch │
226 │ │ (available in Kernel 5.3). │
227 │ │ If your kernel does not │
228 │ │ have this functionality │
229 │ │ this should be disabled │
230 │ │ (default). Some drivers │
231 │ │ also do a terrible job of │
232 │ │ sending public action │
233 │ │ frames (freezing or │
234 │ │ crashes) which is another │
235 │ │ reason why this has been │
236 │ │ turned off by default. If │
237 │ │ you want to easily utilize │
238 │ │ Hotspot 2.0 networks, then │
239 │ │ setting DisableANQP to │
240 │ │ false is recommended. │
241 └───────────────────────────┴────────────────────────────┘
242 Network
244 The group [Network] contains network configuration related settings.
245 ┌─────────────────────┬────────────────────────────┐
247 │NameResolvingService │ Values: resolvconf, sys‐ │
248 │ │ temd │
249 │ │ │
250 │ │ Configures a DNS resolu‐ │
251 │ │ tion method used by the │
252 │ │ system. │
253 │ │ │
254 │ │ This configuration option │
255 │ │ must be used in conjunc‐ │
256 │ │ tion with EnableNetwork‐ │
257 │ │ Configuration and provides │
258 │ │ the choice of system │
259 │ │ resolver integration. │
260 │ │ │
261 │ │ If not specified, systemd │
262 │ │ is used as default. │
263 └─────────────────────┴────────────────────────────┘
264 │RoutePriorityOffset │ Values: uint32 value │
266 │ │ (default: 300) │
267 │ │ │
268 │ │ Configures a route prior‐ │
269 │ │ ity offset used by the │
270 │ │ system to prioritize the │
271 │ │ default routes. The route │
272 │ │ with lower priority offset │
273 │ │ is preferred. │
274 │ │ │
275 │ │ If not specified, 300 is │
276 │ │ used as default. │
277 └─────────────────────┴────────────────────────────┘
278 Blacklist
280 The group [Blacklist] contains settings related to blacklisting of
281 BSSes. If iwd determines that a connection to a BSS fails for a reason
282 that indicates the BSS is currently misbehaving or misconfigured (e.g.
283 timeouts, unexpected status/reason codes, etc), then iwd will blacklist
284 this BSS and avoid connecting to it for a period of time. These
285 options let the user control how long a misbehaved BSS spends on the
286 blacklist.
287 ┌───────────────┬────────────────────────────┐
289 │InitialTimeout │ Values: uint64 value in │
290 │ │ seconds (default: 60) │
291 │ │ │
292 │ │ The initial time that a │
293 │ │ BSS spends on the black‐ │
294 │ │ list. │
295 ├───────────────┼────────────────────────────┤
296 │Multiplier │ Values: unsigned int value │
297 │ │ in seconds (default: 30) │
298 │ │ │
299 │ │ If the BSS was blacklisted │
300 │ │ previously and another │
301 │ │ connection attempt has │
302 │ │ failed after the initial │
303 │ │ timeout has expired, then │
304 │ │ the BSS blacklist time │
305 │ │ will be extended by a mul‐ │
306 │ │ tiple of Multiplier for │
307 │ │ each unsuccessful attempt │
308 │ │ up to MaxiumTimeout time │
309 │ │ in seconds. │
310 ├───────────────┼────────────────────────────┤
311 │MaximumTimeout │ Values: uint64 value in │
312 │ │ seconds (default: 86400) │
313 │ │ │
314 │ │ Maximum time that a BSS is │
315 │ │ blacklisted. │
316 └───────────────┴────────────────────────────┘
317 Rank
319 The group [Rank] contains settings related to ranking of networks for
320 autoconnect purposes.
321 ┌─────────────────┬────────────────────────────┐
332 │BandModifier5Ghz │ Values: floating point │
333 │ │ value (default: 1.0) │
334 │ │ │
335 │ │ Increase or decrease the │
336 │ │ preference for 5GHz access │
337 │ │ points by increasing or │
338 │ │ decreasing the value of │
339 │ │ this modifier. 5GHz net‐ │
340 │ │ works are already pre‐ │
341 │ │ ferred due to their │
342 │ │ increase throughput / data │
343 │ │ rate. However, 5GHz net‐ │
344 │ │ works are highly RSSI sen‐ │
345 │ │ sitive, so it is still │
346 │ │ possible for IWD to prefer │
347 │ │ 2.4Ghz APs in certain cir‐ │
348 │ │ cumstances. │
349 └─────────────────┴────────────────────────────┘
350 Scan
352 The group [Scan] contains settings related to scanning functionality.
353 No modification from defaults is normally required.
354 ┌────────────────────┬────────────────────────────┐
356 │DisablePeriodicScan │ Values: true, false │
357 │ │ │
358 │ │ Disable periodic scan. │
359 │ │ Setting this option to │
360 │ │ 'true' will prevent iwd │
361 │ │ from issuing the periodic │
362 │ │ scans for the available │
363 │ │ networks while discon‐ │
364 │ │ nected. The behavior of │
365 │ │ the user-initiated scans │
366 │ │ isn't affected. The peri‐ │
367 │ │ odic scan is enabled by │
368 │ │ default. │
369 ├────────────────────┼────────────────────────────┤
370 │DisableRoamingScan │ Values: true, false │
371 │ │ │
372 │ │ Disable roaming scan. Set‐ │
373 │ │ ting this option to 'true' │
374 │ │ will prevent iwd from try‐ │
375 │ │ ing to scan when roaming │
376 │ │ decisions are activated. │
377 │ │ This can prevent iwd from │
378 │ │ roaming properly, but can │
379 │ │ be useful for networks │
380 │ │ operating under extremely │
381 │ │ low rssi levels where │
382 │ │ roaming isn't possible. │
383 └────────────────────┴────────────────────────────┘
384
386 iwd(8), iwd.network(5)
387
389 Marcel Holtmann <marcel@holtmann.org>, Denis Kenzior
390 <denkenz@gmail.com>, Andrew Zaborowski <andrew.zaborowski@intel.com>,
391 Tim Kourt <tim.a.kourt@linux.intel.com>, James Prestwood <prest‐
392 woj@gmail.com>
393
395 2013-2019 Intel Corporation
396iwd 22 September 2019 IWD.CONFIG(5)