diff --git a/src/ap/ieee802_1x.c b/src/ap/ieee802_1x.c index 0edf74394..1a9a35ba2 100644 --- a/src/ap/ieee802_1x.c +++ b/src/ap/ieee802_1x.c @@ -64,6 +64,10 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta, xhdr = (struct ieee802_1x_hdr *) buf; xhdr->version = hapd->conf->eapol_version; +#ifdef CONFIG_MACSEC + if (xhdr->version > 2 && hapd->conf->macsec_policy == 0) + xhdr->version = 2; +#endif /* CONFIG_MACSEC */ xhdr->type = type; xhdr->length = host_to_be16(datalen); @@ -213,6 +217,10 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd, /* This header is needed here for HMAC-MD5, but it will be regenerated * in ieee802_1x_send() */ hdr->version = hapd->conf->eapol_version; +#ifdef CONFIG_MACSEC + if (hdr->version > 2) + hdr->version = 2; +#endif /* CONFIG_MACSEC */ hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; hdr->length = host_to_be16(len); hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len, diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 45172c69a..0800a8748 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -53,6 +53,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, wconf->rsn_pairwise = conf->rsn_pairwise; wconf->rsn_preauth = conf->rsn_preauth; wconf->eapol_version = conf->eapol_version; +#ifdef CONFIG_MACSEC + if (wconf->eapol_version > 2) + wconf->eapol_version = 2; +#endif /* CONFIG_MACSEC */ wconf->wmm_enabled = conf->wmm_enabled; wconf->wmm_uapsd = conf->wmm_uapsd; wconf->disable_pmksa_caching = conf->disable_pmksa_caching;