[PATCH 0/2] RFC DRAFT - Allow customisation of EAPOL dest MAC

[Jouni Malinen]

On Wed, Oct 23, 2024 at 05:35:01PM +0100, Tim Small wrote:
> 1. If a Linux MACsec link is set up with wpa_supplicant, then `wpa_cli
> status` still shows a "bssid" of 01:80:C2:00:00:03 - because this is
> hard coded. I assume it would be better to use the value of
> eapol_dest_addr instead. If-so, what would be a reasonable way of
> altering the code to feed the eapol_dest_addr config value through to
> the macsec_linux (and other macsec) drivers?

I don't think this really makes much of a difference and I would not
change that value. If anything, the bssid line could be removed from any
case where MACsec is used since clearly there is no BSSID involved with
such session even when the internal implementation of wpa_supplicant
happens to be using this for convenience.

> 2. Which of the built-in tests and related code should I run and/or
> modify in relation to this (and any subsequent related) patch? I haven't
> as-yet attempted to run any of the tests in the code base, but instead
> have just created a manual test environment whilst developing (see
> below).

All MACsec testing is covered within tests/hwsim/test_macsec.py. Once
patch 2/2 is in acceptable state, it would be appreciated if a new test
case were added there to cover a case where a different group address is
used.

> 3. I assume that adding an equivalent eapol_dest_addr setting to hostapd
> would also be useful, but this looks like a potentially more complex
> task. Again, any guidance would be welcome.

I provided some comments on patch 2/2 for this.

-- 
Jouni Malinen                                            PGP id EFC895FA