MACsec: wpa_supplicant integration
Add MACsec to the wpa_supplicant build system and configuration file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
Hu Wang
Jouni Malinen
parent
887d9d01ab
commit
dd10abccc8
10 changed files with 488 additions and 2 deletions
|
|
@ -81,6 +81,8 @@ ctrl_interface=/var/run/wpa_supplicant
|
|||
# to make wpa_supplicant interoperate with these APs, the version number is set
|
||||
# to 1 by default. This configuration value can be used to set it to the new
|
||||
# version (2).
|
||||
# Note: When using MACsec, eapol_version shall be set to 3, which is
|
||||
# defined in IEEE Std 802.1X-2010.
|
||||
eapol_version=1
|
||||
|
||||
# AP scanning/selection
|
||||
|
|
@ -97,6 +99,8 @@ eapol_version=1
|
|||
# non-WPA drivers when using IEEE 802.1X mode; do not try to associate with
|
||||
# APs (i.e., external program needs to control association). This mode must
|
||||
# also be used when using wired Ethernet drivers.
|
||||
# Note: macsec_qca driver is one type of Ethernet driver which implements
|
||||
# macsec feature.
|
||||
# 2: like 0, but associate with APs using security policy and SSID (but not
|
||||
# BSSID); this can be used, e.g., with ndiswrapper and NDIS drivers to
|
||||
# enable operation with hidden SSIDs and optimized roaming; in this mode,
|
||||
|
|
@ -675,8 +679,16 @@ fast_reauth=1
|
|||
# bit0 (1): require dynamically generated unicast WEP key
|
||||
# bit1 (2): require dynamically generated broadcast WEP key
|
||||
# (3 = require both keys; default)
|
||||
# Note: When using wired authentication, eapol_flags must be set to 0 for the
|
||||
# authentication to be completed successfully.
|
||||
# Note: When using wired authentication (including macsec_qca driver),
|
||||
# eapol_flags must be set to 0 for the authentication to be completed
|
||||
# successfully.
|
||||
#
|
||||
# macsec_policy: IEEE 802.1X/MACsec options
|
||||
# This determines how sessions are secured with MACsec. It is currently
|
||||
# applicable only when using the macsec_qca driver interface.
|
||||
# 0: MACsec not in use (default)
|
||||
# 1: MACsec enabled - Should secure, accept key server's advice to
|
||||
# determine whether to use a secure session or not.
|
||||
#
|
||||
# mixed_cell: This option can be used to configure whether so called mixed
|
||||
# cells, i.e., networks that use both plaintext and encryption in the same
|
||||
|
|
@ -1341,3 +1353,17 @@ freq_list=5180
|
|||
network={
|
||||
key_mgmt=NONE
|
||||
}
|
||||
|
||||
|
||||
# Example MACsec configuration
|
||||
#network={
|
||||
# key_mgmt=IEEE8021X
|
||||
# eap=TTLS
|
||||
# phase2="auth=PAP"
|
||||
# anonymous_identity="anonymous@example.com"
|
||||
# identity="user@example.com"
|
||||
# password="secretr"
|
||||
# ca_cert="/etc/cert/ca.pem"
|
||||
# eapol_flags=0
|
||||
# macsec_policy=1
|
||||
#}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue