aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/config_ssid.h
diff options
context:
space:
mode:
authorAndrey Kartashev <andrey.kartashev@afconsult.com>2018-11-02 18:02:14 (GMT)
committerJouni Malinen <j@w1.fi>2018-12-26 14:42:25 (GMT)
commite49b78c0d584dcc3b9d6811e702e6c32fa7011cb (patch)
tree3b690b975c23273b0982bca574b0c6bfe11c837a /wpa_supplicant/config_ssid.h
parente47c5227bdc1696d537588af1f3b654952570835 (diff)
downloadhostap-e49b78c0d584dcc3b9d6811e702e6c32fa7011cb.zip
hostap-e49b78c0d584dcc3b9d6811e702e6c32fa7011cb.tar.gz
hostap-e49b78c0d584dcc3b9d6811e702e6c32fa7011cb.tar.bz2
mka: Allow configuration of MACsec replay protection
Add new configuration parameters macsec_replay_protect and macsec_replay_window to allow user to set up MACsec replay protection feature. Note that according to IEEE Std 802.1X-2010 replay protection and delay protection are different features: replay protection is related only to SecY and does not appear on MKA level while delay protection is something that KaY can use to manage SecY state. Signed-off-by: Andrey Kartashev <andrey.kartashev@afconsult.com>
Diffstat (limited to 'wpa_supplicant/config_ssid.h')
-rw-r--r--wpa_supplicant/config_ssid.h27
1 files changed, 27 insertions, 0 deletions
diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h
index 665437d..3da3ed4 100644
--- a/wpa_supplicant/config_ssid.h
+++ b/wpa_supplicant/config_ssid.h
@@ -803,6 +803,33 @@ struct wpa_ssid {
int macsec_integ_only;
/**
+ * macsec_replay_protect - Enable MACsec replay protection
+ *
+ * This setting applies only when MACsec is in use, i.e.,
+ * - macsec_policy is enabled
+ * - the key server has decided to enable MACsec
+ *
+ * 0: Replay protection disabled (default)
+ * 1: Replay protection enabled
+ */
+ int macsec_replay_protect;
+
+ /**
+ * macsec_replay_window - MACsec replay protection window
+ *
+ * A window in which replay is tolerated, to allow receipt of frames
+ * that have been misordered by the network.
+ *
+ * This setting applies only when MACsec replay protection active, i.e.,
+ * - macsec_replay_protect is enabled
+ * - the key server has decided to enable MACsec
+ *
+ * 0: No replay window, strict check (default)
+ * 1..2^32-1: number of packets that could be misordered
+ */
+ u32 macsec_replay_window;
+
+ /**
* macsec_port - MACsec port (in SCI)
*
* Port component of the SCI.