diff options
author | Jouni Malinen <jouni@qca.qualcomm.com> | 2014-10-30 09:43:47 (GMT) |
---|---|---|
committer | Jouni Malinen <j@w1.fi> | 2014-10-30 09:43:47 (GMT) |
commit | 43d859271894f83c5de6294685b5919889541bab (patch) | |
tree | 9b67e87f63ecbf33369684110908b56a5df4729e /src | |
parent | 8c00fd00cd941a789d8b2a8ae5ce374831db63c3 (diff) | |
download | hostap-43d859271894f83c5de6294685b5919889541bab.zip hostap-43d859271894f83c5de6294685b5919889541bab.tar.gz hostap-43d859271894f83c5de6294685b5919889541bab.tar.bz2 |
MACsec: Fix policy configuration
macsec_validate variable was set incorrectly to FALSE(0) or TRUE(1)
instead of the enum validate_frames values (Disabled(0), Checked(1),
Strict(2). This ended up policy == SHOULD_SECURE to be mapped to
macsec_validate == Checked instead of Strict. This could have resulted
in unintended SecY forwarding of invalid packets rather than dropping
them.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/pae/ieee802_1x_kay.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 7069c20..176a312 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -3169,7 +3169,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, kay->macsec_capable = MACSEC_CAP_NOT_IMPLEMENTED; kay->macsec_desired = FALSE; kay->macsec_protect = FALSE; - kay->macsec_validate = FALSE; + kay->macsec_validate = Disabled; kay->macsec_replay_protect = FALSE; kay->macsec_replay_window = 0; kay->macsec_confidentiality = CONFIDENTIALITY_NONE; @@ -3177,7 +3177,7 @@ ieee802_1x_kay_init(struct ieee802_1x_kay_ctx *ctx, enum macsec_policy policy, kay->macsec_capable = MACSEC_CAP_INTEG_AND_CONF_0_30_50; kay->macsec_desired = TRUE; kay->macsec_protect = TRUE; - kay->macsec_validate = TRUE; + kay->macsec_validate = Strict; kay->macsec_replay_protect = FALSE; kay->macsec_replay_window = 0; kay->macsec_confidentiality = CONFIDENTIALITY_OFFSET_0; |