On Wed, Oct 05, 2016 at 11:19:00AM +0200, Sabrina Dubroca wrote: > Not really, because (luckily?) this function > (ieee802_1x_kay_change_cipher_suite) is never called. Interesting.. Maybe we should just remove that function unless you had some plans of taking it into use in the future. > In > ieee802_1x_kay_init I added a fallback so that if a driver doesn't > tell us its capability, we assume it can do everything. But, yes, > this is broken. > > I see a few options here: > > 1) fallback in both ieee802_1x_kay_init and > ieee802_1x_kay_change_cipher_suite. > 2) fallback, and implement macsec_get_capability op in > driver_macsec_qca.c. > 3) no fallback, just implement macsec_get_capability op in > driver_macsec_qca.c. > > I'd lean towards option 3 and will update the patch, unless you prefer > something else? Option 3 sounds fine to me. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
