From 7e941e7a1560699a18c5890cb6e1309161bc01af Mon Sep 17 00:00:00 2001 Message-ID: <7e941e7a1560699a18c5890cb6e1309161bc01af.1706279136.git.davide.caratti@gmail.com> From: leiwei Date: Mon, 15 Nov 2021 18:43:33 +0800 Subject: [PATCH] macsec_linux: Support cipher suite configuration Set the cipher suite for the link. Unlike the other parameters, this needs to be done with the first rtnl_link_add() call (NLM_F_CREATE)) instead of the update in try_commit() since the kernel is rejecting changes to the cipher suite after the link is first added. Signed-off-by: leiwei --- src/drivers/driver_macsec_linux.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) --- a/src/drivers/driver_macsec_linux.c +++ b/src/drivers/driver_macsec_linux.c @@ -77,6 +77,9 @@ struct macsec_drv_data { u8 encoding_sa; bool encoding_sa_set; + + u64 cipher_suite; + bool cipher_suite_set; }; @@ -460,8 +463,14 @@ static int macsec_drv_set_replay_protect */ static int macsec_drv_set_current_cipher_suite(void *priv, u64 cs) { + struct macsec_drv_data *drv = priv; + wpa_printf(MSG_DEBUG, "%s -> %016" PRIx64, __func__, cs); - return 0; + + drv->cipher_suite_set = true; + drv->cipher_suite = cs; + + return try_commit(drv); } @@ -1063,7 +1072,8 @@ static int macsec_drv_disable_receive_sa } -static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci) +static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci, + u64 cs) { struct rtnl_link *needle; void *match; @@ -1074,6 +1084,8 @@ static struct rtnl_link * lookup_sc(stru rtnl_link_set_link(needle, parent); rtnl_link_macsec_set_sci(needle, sci); + if (cs) + rtnl_link_macsec_set_cipher_suite(needle, cs); match = nl_cache_find(cache, (struct nl_object *) needle); rtnl_link_put(needle); @@ -1098,6 +1110,7 @@ static int macsec_drv_create_transmit_sc char *ifname; u64 sci; int err; + u64 cs = 0; wpa_printf(MSG_DEBUG, DRV_PREFIX "%s: create_transmit_sc -> " SCISTR " (conf_offset=%d)", @@ -1122,6 +1135,12 @@ static int macsec_drv_create_transmit_sc drv->created_link = true; + if (drv->cipher_suite_set) { + cs = drv->cipher_suite; + drv->cipher_suite_set = false; + rtnl_link_macsec_set_cipher_suite(link, cs); + } + err = rtnl_link_add(drv->sk, link, NLM_F_CREATE); if (err == -NLE_BUSY) { wpa_printf(MSG_INFO, @@ -1137,7 +1156,7 @@ static int macsec_drv_create_transmit_sc rtnl_link_put(link); nl_cache_refill(drv->sk, drv->link_cache); - link = lookup_sc(drv->link_cache, drv->parent_ifi, sci); + link = lookup_sc(drv->link_cache, drv->parent_ifi, sci, cs); if (!link) { wpa_printf(MSG_ERROR, DRV_PREFIX "couldn't find link"); return -1;