MACsec: Fix policy configuration

macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Jouni Malinen 2014-10-30 11:43:47 +02:00 committed by Jouni Malinen
parent 8c00fd00cd
commit 43d8592718

View file

@ -3169,7 +3169,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED; kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED;
kay->macsec_desired = FALSE; kay->macsec_desired = FALSE;
kay->macsec_protect = FALSE; kay->macsec_protect = FALSE;
kay->macsec_validate = FALSE; kay->macsec_validate = Disabled;
kay->macsec_replay_protect = FALSE; kay->macsec_replay_protect = FALSE;
kay->macsec_replay_window = 0; kay->macsec_replay_window = 0;
kay->macsec_confidentiality = CONFIDENTIALITY_NONE; kay->macsec_confidentiality = CONFIDENTIALITY_NONE;
@ -3177,7 +3177,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy,
kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50; kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50;
kay->macsec_desired = TRUE; kay->macsec_desired = TRUE;
kay->macsec_protect = TRUE; kay->macsec_protect = TRUE;
kay->macsec_validate = TRUE; kay->macsec_validate = Strict;
kay->macsec_replay_protect = FALSE; kay->macsec_replay_protect = FALSE;
kay->macsec_replay_window = 0; kay->macsec_replay_window = 0;
kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0; kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0;