94 lines
2.7 KiB
Diff
94 lines
2.7 KiB
Diff
From 7e941e7a1560699a18c5890cb6e1309161bc01af Mon Sep 17 00:00:00 2001
|
|
Message-ID: <7e941e7a1560699a18c5890cb6e1309161bc01af.1706279136.git.davide.caratti@gmail.com>
|
|
From: leiwei <quic_leiwei@quicinc.com>
|
|
Date: Mon, 15 Nov 2021 18:43:33 +0800
|
|
Subject: [PATCH] macsec_linux: Support cipher suite configuration
|
|
|
|
Set the cipher suite for the link. Unlike the other parameters, this
|
|
needs to be done with the first rtnl_link_add() call (NLM_F_CREATE))
|
|
instead of the update in try_commit() since the kernel is rejecting
|
|
changes to the cipher suite after the link is first added.
|
|
|
|
Signed-off-by: leiwei <quic_leiwei@quicinc.com>
|
|
---
|
|
src/drivers/driver_macsec_linux.c | 25 ++++++++++++++++++++++---
|
|
1 file changed, 22 insertions(+), 3 deletions(-)
|
|
|
|
--- a/src/drivers/driver_macsec_linux.c
|
|
+++ b/src/drivers/driver_macsec_linux.c
|
|
@@ -77,6 +77,9 @@ struct macsec_drv_data {
|
|
|
|
u8 encoding_sa;
|
|
bool encoding_sa_set;
|
|
+
|
|
+ u64 cipher_suite;
|
|
+ bool cipher_suite_set;
|
|
};
|
|
|
|
|
|
@@ -460,8 +463,14 @@ static int macsec_drv_set_replay_protect
|
|
*/
|
|
static int macsec_drv_set_current_cipher_suite(void *priv, u64 cs)
|
|
{
|
|
+ struct macsec_drv_data *drv = priv;
|
|
+
|
|
wpa_printf(MSG_DEBUG, "%s -> %016" PRIx64, __func__, cs);
|
|
- return 0;
|
|
+
|
|
+ drv->cipher_suite_set = true;
|
|
+ drv->cipher_suite = cs;
|
|
+
|
|
+ return try_commit(drv);
|
|
}
|
|
|
|
|
|
@@ -1063,7 +1072,8 @@ static int macsec_drv_disable_receive_sa
|
|
}
|
|
|
|
|
|
-static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci)
|
|
+static struct rtnl_link * lookup_sc(struct nl_cache *cache, int parent, u64 sci,
|
|
+ u64 cs)
|
|
{
|
|
struct rtnl_link *needle;
|
|
void *match;
|
|
@@ -1074,6 +1084,8 @@ static struct rtnl_link * lookup_sc(stru
|
|
|
|
rtnl_link_set_link(needle, parent);
|
|
rtnl_link_macsec_set_sci(needle, sci);
|
|
+ if (cs)
|
|
+ rtnl_link_macsec_set_cipher_suite(needle, cs);
|
|
|
|
match = nl_cache_find(cache, (struct nl_object *) needle);
|
|
rtnl_link_put(needle);
|
|
@@ -1098,6 +1110,7 @@ static int macsec_drv_create_transmit_sc
|
|
char *ifname;
|
|
u64 sci;
|
|
int err;
|
|
+ u64 cs = 0;
|
|
|
|
wpa_printf(MSG_DEBUG, DRV_PREFIX
|
|
"%s: create_transmit_sc -> " SCISTR " (conf_offset=%d)",
|
|
@@ -1122,6 +1135,12 @@ static int macsec_drv_create_transmit_sc
|
|
|
|
drv->created_link = true;
|
|
|
|
+ if (drv->cipher_suite_set) {
|
|
+ cs = drv->cipher_suite;
|
|
+ drv->cipher_suite_set = false;
|
|
+ rtnl_link_macsec_set_cipher_suite(link, cs);
|
|
+ }
|
|
+
|
|
err = rtnl_link_add(drv->sk, link, NLM_F_CREATE);
|
|
if (err == -NLE_BUSY) {
|
|
wpa_printf(MSG_INFO,
|
|
@@ -1137,7 +1156,7 @@ static int macsec_drv_create_transmit_sc
|
|
rtnl_link_put(link);
|
|
|
|
nl_cache_refill(drv->sk, drv->link_cache);
|
|
- link = lookup_sc(drv->link_cache, drv->parent_ifi, sci);
|
|
+ link = lookup_sc(drv->link_cache, drv->parent_ifi, sci, cs);
|
|
if (!link) {
|
|
wpa_printf(MSG_ERROR, DRV_PREFIX "couldn't find link");
|
|
return -1;
|