MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1) instead of the enum validate_frames values (Disabled(0), Checked(1), Strict(2). This ended up policy == SHOULD_SECURE to be mapped to macsec_validate == Checked instead of Strict. This could have resulted in unintended SecY forwarding of invalid packets rather than dropping them. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
8c00fd00cd
commit
43d8592718
1 changed files with 2 additions and 2 deletions
|
@ -3169,7 +3169,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
|
||||||
kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
|
kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
|
||||||
kay->macsec_desired = FALSE;
|
kay->macsec_desired = FALSE;
|
||||||
kay->macsec_protect = FALSE;
|
kay->macsec_protect = FALSE;
|
||||||
kay->macsec_validate = FALSE;
|
kay->macsec_validate = Disabled;
|
||||||
kay->macsec_replay_protect = FALSE;
|
kay->macsec_replay_protect = FALSE;
|
||||||
kay->macsec_replay_window = 0;
|
kay->macsec_replay_window = 0;
|
||||||
kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
|
kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
|
||||||
|
@ -3177,7 +3177,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
|
||||||
kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
|
kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
|
||||||
kay->macsec_desired = TRUE;
|
kay->macsec_desired = TRUE;
|
||||||
kay->macsec_protect = TRUE;
|
kay->macsec_protect = TRUE;
|
||||||
kay->macsec_validate = TRUE;
|
kay->macsec_validate = Strict;
|
||||||
kay->macsec_replay_protect = FALSE;
|
kay->macsec_replay_protect = FALSE;
|
||||||
kay->macsec_replay_window = 0;
|
kay->macsec_replay_window = 0;
|
||||||
kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
|
kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;
|
||||||
|
|
Loading…
Reference in a new issue