[PATCH v2 4/4] mka: add driver op to get macsec capabilities
Jouni Malinen
j at w1.fi
Sat Nov 12 08:41:31 PST 2016
On Fri, Oct 07, 2016 at 12:08:12PM +0200, Sabrina Dubroca wrote:
> This also implements the macsec_get_capability for the macsec_qca
> driver to maintain the same behavior.
> diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
> @@ -3056,13 +3056,20 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
> - kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
> + if (secy_get_capability(kay, &kay->macsec_capable) < 0) {
> - kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> + if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
> + kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> + else
> + kay->macsec_confidentiality = MACSEC_CAP_INTEGRITY;
What is this supposed to do? That MACSEC_CAP_INTEGRITY is not a valid
value to use here (it is from enum macsec_cap; not enum
confidentiality_offset). Was this supposed to use CONFIDENTIALITY_NONE
instead? MACSEC_CAP_INTEGRITY happens to have value 1, i.e., this
assigns the same value as CONFIDENTIALITY_OFFSET_0 now..
--
Jouni Malinen PGP id EFC895FA
More information about the Hostap
mailing list