summaryrefslogtreecommitdiff
path: root/data/templates/macsec
diff options
context:
space:
mode:
Diffstat (limited to 'data/templates/macsec')
-rw-r--r--data/templates/macsec/wpa_supplicant.conf.tmpl19
1 files changed, 19 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl
index c3a8d9686..a614d23f5 100644
--- a/data/templates/macsec/wpa_supplicant.conf.tmpl
+++ b/data/templates/macsec/wpa_supplicant.conf.tmpl
@@ -63,5 +63,24 @@ network={
# default priority
mka_priority={{ security_mka_priority }}
{% endif %}
+{% if security_replay_window %}
+ # macsec_replay_protect: IEEE 802.1X/MACsec replay protection
+ # This setting applies only when MACsec is in use, i.e.,
+ # - macsec_policy is enabled
+ # - the key server has decided to enable MACsec
+ # 0: Replay protection disabled (default)
+ # 1: Replay protection enabled
+ macsec_replay_protect={{ '1' if security_replay_window else '0' }}
+
+ # macsec_replay_window: IEEE 802.1X/MACsec replay protection window
+ # This determines a window in which replay is tolerated, to allow receipt
+ # of frames that have been misordered by the network.
+ # This setting applies only when MACsec replay protection active, i.e.,
+ # - macsec_replay_protect is enabled
+ # - the key server has decided to enable MACsec
+ # 0: No replay window, strict check (default)
+ # 1..2^32-1: number of packets that could be misordered
+ macsec_replay_window={{ security_replay_window }}
+{% endif %}
}