2fc0675683
The purpose of the Lowest Acceptable PN (lpn) parameters in the MACsec SAK Use parameter set is to enforce delay protection. Per IEEE Std 802.1X-2010, Clause 9, "Each SecY uses MKA to communicate the lowest PN used for transmission with the SAK within the last two seconds, allowing receivers to bound transmission delays." When encoding the SAK Use parameter set the KaY should set llpn and olpn to the lowest PN transmitted by the latest SAK and oldest SAK (if active) within the last two seconds. Because MKPDUs are transmitted every 2 seconds (MKA_HELLO_TIME), the solution implemented here calculates lpn based on the txsc->next_pn read during the previous MKPDU transmit. Upon receiving and decoding a SAK Use parameter set with delay protection enabled, the KaY will update the SecY's lpn if the delay protect lpn is greater than the SecY's current lpn (which is a product of last PN received and replay protection and window size). Signed-off-by: Michael Siedzik <msiedzik@extremenetworks.com> |
||
|---|---|---|
| .. | ||
| ap | ||
| common | ||
| crypto | ||
| drivers | ||
| eap_common | ||
| eap_peer | ||
| eap_server | ||
| eapol_auth | ||
| eapol_supp | ||
| fst | ||
| l2_packet | ||
| p2p | ||
| pae | ||
| radius | ||
| rsn_supp | ||
| tls | ||
| utils | ||
| wps | ||
| lib.rules | ||
| Makefile | ||