From 40ec6b742a5200cf768686d7aa28ea64fbd538c1 Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Fri, 22 May 2020 11:09:16 +0200
Subject: macsec: add replay protection

---
 docs/interfaces/macsec.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'docs')

diff --git a/docs/interfaces/macsec.rst b/docs/interfaces/macsec.rst
index 33e72cfe..d7af0c16 100644
--- a/docs/interfaces/macsec.rst
+++ b/docs/interfaces/macsec.rst
@@ -55,6 +55,18 @@ individual peers.
   The peer with lower priority will become the key server and start
   distributing SAKs.
 
+Replay protection
+-----------------
+
+.. cfgcmd:: set interfaces macsec <interface> security replay-window <window>
+
+  IEEE 802.1X/MACsec replay protection window. This determines a window in which
+  replay is tolerated, to allow receipt of frames that have been misordered by
+  the network.
+
+  - ``0``: No replay window, strict check
+  - ``1-4294967295``: Number of packets that could be misordered
+
 Operation
 =========
 
-- 
cgit v1.2.3