summaryrefslogtreecommitdiff
path: root/data/templates/macsec/wpa_supplicant.conf.tmpl
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/macsec/wpa_supplicant.conf.tmpl')
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl21
1 files changed, 21 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index eee215418..a614d23f5 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -47,6 +47,7 @@ network={
# 1: Integrity only
macsec_integ_only={{ '0' if security_encrypt else '1' }}
+{% if security_encrypt %}
# mka_cak, mka_ckn, and mka_priority: IEEE 802.1X/MACsec pre-shared key mode
# This allows to configure MACsec with a pre-shared key using a (CAK,CKN) pair.
# In this mode, instances of wpa_supplicant can act as MACsec peers. The peer
@@ -61,5 +62,25 @@ network={
# mka_priority (Priority of MKA Actor) is in 0..255 range with 255 being
# default priority
mka_priority={{ security_mka_priority }}
+{% endif %}
+{% if security_replay_window %}
+ # macsec_replay_protect: IEEE 802.1X/MACsec replay protection
+ # This setting applies only when MACsec is in use, i.e.,
+ # - macsec_policy is enabled
+ # - the key server has decided to enable MACsec
+ # 0: Replay protection disabled (default)
+ # 1: Replay protection enabled
+ macsec_replay_protect={{ '1' if security_replay_window else '0' }}
+
+ # macsec_replay_window: IEEE 802.1X/MACsec replay protection window
+ # This determines a window in which replay is tolerated, to allow receipt
+ # of frames that have been misordered by the network.
+ # This setting applies only when MACsec replay protection active, i.e.,
+ # - macsec_replay_protect is enabled
+ # - the key server has decided to enable MACsec
+ # 0: No replay window, strict check (default)
+ # 1..2^32-1: number of packets that could be misordered
+ macsec_replay_window={{ security_replay_window }}
+{% endif %}
}