MACsec: Update protect frames and replay on reauthentication

Some cases like ifconfig down/up may require MACsec restart. To make
sure the appropriate protect frames and replay parameters get configured
in cases where the interface was down, set these parameters from KaY
configuration to the driver before creating a new transmit SC. This
allows MACsec functionality to recover automatically on such restart.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 176a31230065551425f3f156a761d28ec6ddc6a5..ef744304a2bbf00c50cc81c43e551997c0965090 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3351,6 +3351,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
        dl_list_init(&participant->rxsc_list);
        participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
                                                            kay->sc_ch);
+       secy_cp_control_protect_frames(kay, kay->macsec_protect);
+       secy_cp_control_replay(kay, kay->macsec_replay_protect,
+                              kay->macsec_replay_window);
        secy_create_transmit_sc(kay, participant->txsc);
 
        /* to derive KEK from CAK and CKN */