diff options
Diffstat (limited to 'data/templates/macsec')
-rw-r--r-- | data/templates/macsec/wpa_supplicant.conf.tmpl | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/data/templates/macsec/wpa_supplicant.conf.tmpl b/data/templates/macsec/wpa_supplicant.conf.tmpl index c3a8d9686..a614d23f5 100644 --- a/data/templates/macsec/wpa_supplicant.conf.tmpl +++ b/data/templates/macsec/wpa_supplicant.conf.tmpl @@ -63,5 +63,24 @@ network={ # default priority mka_priority={{ security_mka_priority }} {% endif %} +{% if security_replay_window %} + # macsec_replay_protect: IEEE 802.1X/MACsec replay protection + # This setting applies only when MACsec is in use, i.e., + # - macsec_policy is enabled + # - the key server has decided to enable MACsec + # 0: Replay protection disabled (default) + # 1: Replay protection enabled + macsec_replay_protect={{ '1' if security_replay_window else '0' }} + + # macsec_replay_window: IEEE 802.1X/MACsec replay protection window + # This determines a window in which replay is tolerated, to allow receipt + # of frames that have been misordered by the network. + # This setting applies only when MACsec replay protection active, i.e., + # - macsec_replay_protect is enabled + # - the key server has decided to enable MACsec + # 0: No replay window, strict check (default) + # 1..2^32-1: number of packets that could be misordered + macsec_replay_window={{ security_replay_window }} +{% endif %} } |