macsec: Do not change eapol_version for non-MACsec cases in hostapd
It is safer to maintain the old EAPOL version (2) in EAPOL frames that are not related to MACsec and only update the version to 3 for the MACsec specific cases. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
a93b369c17
commit
524dc5bf10
2 changed files with 12 additions and 0 deletions
|
@ -64,6 +64,10 @@ static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
|
|
||||||
xhdr = (struct ieee802_1x_hdr *) buf;
|
xhdr = (struct ieee802_1x_hdr *) buf;
|
||||||
xhdr->version = hapd->conf->eapol_version;
|
xhdr->version = hapd->conf->eapol_version;
|
||||||
|
#ifdef CONFIG_MACSEC
|
||||||
|
if (xhdr->version > 2 && hapd->conf->macsec_policy == 0)
|
||||||
|
xhdr->version = 2;
|
||||||
|
#endif /* CONFIG_MACSEC */
|
||||||
xhdr->type = type;
|
xhdr->type = type;
|
||||||
xhdr->length = host_to_be16(datalen);
|
xhdr->length = host_to_be16(datalen);
|
||||||
|
|
||||||
|
@ -213,6 +217,10 @@ static void ieee802_1x_tx_key_one(struct hostapd_data *hapd,
|
||||||
/* This header is needed here for HMAC-MD5, but it will be regenerated
|
/* This header is needed here for HMAC-MD5, but it will be regenerated
|
||||||
* in ieee802_1x_send() */
|
* in ieee802_1x_send() */
|
||||||
hdr->version = hapd->conf->eapol_version;
|
hdr->version = hapd->conf->eapol_version;
|
||||||
|
#ifdef CONFIG_MACSEC
|
||||||
|
if (hdr->version > 2)
|
||||||
|
hdr->version = 2;
|
||||||
|
#endif /* CONFIG_MACSEC */
|
||||||
hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
|
hdr->type = IEEE802_1X_TYPE_EAPOL_KEY;
|
||||||
hdr->length = host_to_be16(len);
|
hdr->length = host_to_be16(len);
|
||||||
hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,
|
hmac_md5(sm->eap_if->eapKeyData + 32, 32, buf, sizeof(*hdr) + len,
|
||||||
|
|
|
@ -53,6 +53,10 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
|
||||||
wconf->rsn_pairwise = conf->rsn_pairwise;
|
wconf->rsn_pairwise = conf->rsn_pairwise;
|
||||||
wconf->rsn_preauth = conf->rsn_preauth;
|
wconf->rsn_preauth = conf->rsn_preauth;
|
||||||
wconf->eapol_version = conf->eapol_version;
|
wconf->eapol_version = conf->eapol_version;
|
||||||
|
#ifdef CONFIG_MACSEC
|
||||||
|
if (wconf->eapol_version > 2)
|
||||||
|
wconf->eapol_version = 2;
|
||||||
|
#endif /* CONFIG_MACSEC */
|
||||||
wconf->wmm_enabled = conf->wmm_enabled;
|
wconf->wmm_enabled = conf->wmm_enabled;
|
||||||
wconf->wmm_uapsd = conf->wmm_uapsd;
|
wconf->wmm_uapsd = conf->wmm_uapsd;
|
||||||
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
|
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
|
||||||
|
|
Loading…
Reference in a new issue