[PATCH v2 4/4] mka: add driver op to get macsec capabilities

Jouni Malinen j at w1.fi
Sat Nov 12 08:41:31 PST 2016


On Fri, Oct 07, 2016 at 12:08:12PM +0200, Sabrina Dubroca wrote:
> This also implements the macsec_get_capability for the macsec_qca
> driver to maintain the same behavior.

> diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
> @@ -3056,13 +3056,20 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,

> -		kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
> +		if (secy_get_capability(kay, &kay->macsec_capable) < 0) {

> -		kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> +		if (kay->macsec_capable >= MACSEC_CAP_INTEG_AND_CONF)
> +			kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
> +		else
> +			kay->macsec_confidentiality = MACSEC_CAP_INTEGRITY;

What is this supposed to do? That MACSEC_CAP_INTEGRITY is not a valid
value to use here (it is from enum macsec_cap; not enum
confidentiality_offset). Was this supposed to use CONFIDENTIALITY_NONE
instead? MACSEC_CAP_INTEGRITY happens to have value 1, i.e., this
assigns the same value as CONFIDENTIALITY_OFFSET_0 now..

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list