path: root/wpa_supplicant/wpa_supplicant.conf
diff options
authorSabrina Dubroca <sd@queasysnail.net>2016-11-02 15:38:37 (GMT)
committerJouni Malinen <j@w1.fi>2016-11-19 22:35:16 (GMT)
commit7b4d546e3dae57a39e50a91e47b8fcf3447b4978 (patch)
tree928f2ba7065ef6d3b14c306114806fd3c9154519 /wpa_supplicant/wpa_supplicant.conf
parent008e224dbb518f44aac46b0c8e55448bd907e43d (diff)
wpa_supplicant: Add macsec_integ_only setting for MKA
So that the user can turn encryption on (MACsec provides confidentiality+integrity) or off (MACsec provides integrity only). This commit adds the configuration parameter while the actual behavior change to disable encryption in the driver is handled in the following commit. Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.conf')
1 files changed, 7 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf
index 8fa740b..b23c5e6 100644
--- a/wpa_supplicant/wpa_supplicant.conf
+++ b/wpa_supplicant/wpa_supplicant.conf
@@ -892,6 +892,13 @@ fast_reauth=1
# 1: MACsec enabled - Should secure, accept key server's advice to
# determine whether to use a secure session or not.
+# macsec_integ_only: IEEE 802.1X/MACsec transmit mode
+# This setting applies only when MACsec is in use, i.e.,
+# - macsec_policy is enabled
+# - the key server has decided to enable MACsec
+# 0: Encrypt traffic (default)
+# 1: Integrity only
# mka_cak and mka_ckn: IEEE 802.1X/MACsec pre-shared authentication mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as peers, one of