[PATCH v2 4/4] mka: add driver op to get macsec capabilities
Sabrina Dubroca
sd at queasysnail.net
Tue Nov 15 04:26:28 PST 2016
2016-11-12, 18:41:31 +0200, Jouni Malinen wrote:
> On Fri, Oct 07, 2016 at 12:08:12PM +0200, Sabrina Dubroca wrote:
> > This also implements the macsec_get_capability for the macsec_qca
> > driver to maintain the same behavior.
>
> > diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
> > @@ -3056,13 +3056,20 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
>
> > - kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
> > + if (secy_get_capability(kay, &kay->macsec_capable) < 0) {
>
> > - kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> > + if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
> > + kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> > + else
> > + kay->macsec_confidentiality = MACSEC_CAP_INTEGRITY;
>
> What is this supposed to do? That MACSEC_CAP_INTEGRITY is not a valid
> value to use here (it is from enum macsec_cap; not enum
> confidentiality_offset). Was this supposed to use CONFIDENTIALITY_NONE
> instead? MACSEC_CAP_INTEGRITY happens to have value 1, i.e., this
> assigns the same value as CONFIDENTIALITY_OFFSET_0 now..
Yes, you're right. I noticed another thing that could be improved
around there, I'll send a patch.
Thanks.
--
Sabrina
More information about the Hostap
mailing list