DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

macsec_linux: Support cipher suite configuration

Browse source 
Set the cipher suite for the link. Unlike the other parameters, this
needs to be done with the first rtnl_link_add() call (NLM_F_CREATE))
instead of the update in try_commit() since the kernel is rejecting
changes to the cipher suite after the link is first added.

Signed-off-by: leiwei <quic_leiwei@quicinc.com>
This commit is contained in:
leiwei 2021-11-15 18:43:33 +08:00 committed by Jouni Malinen
parent 46c635910a
commit 7e941e7a15
1 changed files with 22 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
src/drivers/driver_macsec_linux.c
View file

@ -77,6 +77,9 @@ struct macsec_drv_data {
u8 encoding_sa; u8 encoding_sa;
bool encoding_sa_set; bool encoding_sa_set;
u64 cipher_suite;
bool cipher_suite_set;
}; };
@ -460,8 +463,14 @@ static int macsec_drv_set_replay_protect(void *priv, bool enabled,
*/ */
static int macsec_drv_set_current_cipher_suite(void *priv, u64 cs) static int macsec_drv_set_current_cipher_suite(void *priv, u64 cs)
{ {
struct macsec_drv_data *drv = priv;
wpa_printf(MSG_DEBUG, "%s -> %016" PRIx64, __func__, cs); wpa_printf(MSG_DEBUG, "%s -> %016" PRIx64, __func__, cs);
return 0;
drv->cipher_suite_set = true;
drv->cipher_suite = cs;
return try_commit(drv);
} }
@ -1063,7 +1072,8 @@ static int macsec_drv_disable_receive_sa(void *priv, struct receive_sa *sa)
} }
static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci) static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci,
u64 cs)
{ {
struct rtnl_link *needle; struct rtnl_link *needle;
void *match; void *match;
@ -1074,6 +1084,8 @@ static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci)
rtnl_link_set_link(needle, parent); rtnl_link_set_link(needle, parent);
rtnl_link_macsec_set_sci(needle, sci); rtnl_link_macsec_set_sci(needle, sci);
if (cs)
rtnl_link_macsec_set_cipher_suite(needle, cs);
match = nl_cache_find(cache, (struct nl_object *) needle); match = nl_cache_find(cache, (struct nl_object *) needle);
rtnl_link_put(needle); rtnl_link_put(needle);
@ -1098,6 +1110,7 @@ static int macsec_drv_create_transmit_sc(
char *ifname; char *ifname;
u64 sci; u64 sci;
int err; int err;
u64 cs = 0;
wpa_printf(MSG_DEBUG, DRV_PREFIX wpa_printf(MSG_DEBUG, DRV_PREFIX
"%s: create_transmit_sc -> " SCISTR " (conf_offset=%d)", "%s: create_transmit_sc -> " SCISTR " (conf_offset=%d)",
@ -1122,6 +1135,12 @@ static int macsec_drv_create_transmit_sc(
drv->created_link = true; drv->created_link = true;
if (drv->cipher_suite_set) {
cs = drv->cipher_suite;
drv->cipher_suite_set = false;
rtnl_link_macsec_set_cipher_suite(link, cs);
}
err = rtnl_link_add(drv->sk, link, NLM_F_CREATE); err = rtnl_link_add(drv->sk, link, NLM_F_CREATE);
if (err == -NLE_BUSY) { if (err == -NLE_BUSY) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
@ -1137,7 +1156,7 @@ static int macsec_drv_create_transmit_sc(
rtnl_link_put(link); rtnl_link_put(link);
nl_cache_refill(drv->sk, drv->link_cache); nl_cache_refill(drv->sk, drv->link_cache);
link = lookup_sc(drv->link_cache, drv->parent_ifi, sci); link = lookup_sc(drv->link_cache, drv->parent_ifi, sci, cs);
if (!link) { if (!link) {
wpa_printf(MSG_ERROR, DRV_PREFIX "couldn't find link"); wpa_printf(MSG_ERROR, DRV_PREFIX "couldn't find link");
return -1; return -1;