[PATCH 5/5] wpa_supplicant: allow configuring the MACsec port for MKA

Sabrina Dubroca sd at queasysnail.net
Fri Nov 25 06:18:17 PST 2016


2016-11-19, 23:40:42 +0200, Jouni Malinen wrote:
> On Wed, Nov 02, 2016 at 04:38:39PM +0100, Sabrina Dubroca wrote:
> > Currently, wpa_supplicant only supports port == 1 in the SCI, but
> > users may want to choose a different port.
> 
> > +# macsec_port: IEEE 802.1X/MACsec port
> > +# Port component of the SCI
> > +# Range: 1-65534 (default: 1)
> 
> Where does this range 1-65534 come from? IEEE Std 802.1X-2010, 12.7
> seems to imply that values 1-65535 should be allow and 65534

Seems you're right. I think I was trying to make sure we don't
accidentally get the FF-FF-FF-FF-FF-FF-FF-FF SCI, or I mixed this up
with the end of range for port numbers.

Do you want me to send a patch, or do you prefer to fix it up directly
yourself?

> of those
> values (i.e., 2-65535) are "virtual ports" while 1 identifies the
> "common port".

Not exactly. These are all "controlled ports".
The "common port" is the lower insecure device for all the controlled
ports (with port numbers 1-65535), also shared with the "uncontrolled
port".
This is all a bit confusing.

-- 
Sabrina



More information about the Hostap mailing list