From f68e86a4d610600b8d6e2d791b62eb21392878d3 Mon Sep 17 00:00:00 2001 From: Xiaofei Shen Date: Tue, 9 Dec 2014 16:20:31 +0200 Subject: [PATCH] MACsec: Update protect frames and replay on reauthentication Some cases like ifconfig down/up may require MACsec restart. To make sure the appropriate protect frames and replay parameters get configured in cases where the interface was down, set these parameters from KaY configuration to the driver before creating a new transmit SC. This allows MACsec functionality to recover automatically on such restart. Signed-off-by: Jouni Malinen --- src/pae/ieee802_1x_kay.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c index 176a31230..ef744304a 100644 --- a/src/pae/ieee802_1x_kay.c +++ b/src/pae/ieee802_1x_kay.c @@ -3351,6 +3351,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn, dl_list_init(&participant->rxsc_list); participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci, kay->sc_ch); + secy_cp_control_protect_frames(kay, kay->macsec_protect); + secy_cp_control_replay(kay, kay->macsec_replay_protect, + kay->macsec_replay_window); secy_create_transmit_sc(kay, participant->txsc); /* to derive KEK from CAK and CKN */