MACsec: Update protect frames and replay on reauthentication

Some cases like ifconfig down/up may require MACsec restart. To make
sure the appropriate protect frames and replay parameters get configured
in cases where the interface was down, set these parameters from KaY
configuration to the driver before creating a new transmit SC. This
allows MACsec functionality to recover automatically on such restart.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/pae/ieee802_1x_kay.c b/src/pae/ieee802_1x_kay.c
index 176a312..ef74430 100644 (file)
--- a/src/pae/ieee802_1x_kay.c
+++ b/src/pae/ieee802_1x_kay.c
@@ -3351,6 +3351,9 @@ ieee802_1x_kay_create_mka(struct ieee802_1x_kay *kay, struct mka_key_name *ckn,
        dl_list_init(&participant->rxsc_list);
        participant->txsc = ieee802_1x_kay_init_transmit_sc(&kay->actor_sci,
                                                            kay->sc_ch);
+       secy_cp_control_protect_frames(kay, kay->macsec_protect);
+       secy_cp_control_replay(kay, kay->macsec_replay_protect,
+                              kay->macsec_replay_window);
        secy_create_transmit_sc(kay, participant->txsc);
 
        /* to derive KEK from CAK and CKN */