Hi Jaap and Sabrina, I am trying to replicate what Jaap has described, which is to say to use wpa_supplicant to drive the MKA between two MACSEC capable hosts. I have set up statically configured MACSEC between two virtual instances using Fedora26-Alpha which has the 4.11 kernel MACSEC implementation and this all works as expected. I don't think that the binary in the Fedora26 is sufficiently new enough to support all that is needed (for example it rejects the config line eapol_version=3) but in any case I want to build my own. When I look at the source HEAD for hostap/wpa_supplicant I see that while there are a lot of #ifdef checks for CONFIG_MACSEC in the source I don't see an option in the defconfig file for turning on CONFIG_MACSEC. Is this omission significant or do I just add the CONFIG line anyway? Also (and most importantly) what are the other CONFIG lines that I should specify during the build? Also is there a way to get the netlink support needed to send the derived keys to the kernel after MKA completes? That is to say can the entire end to end workflow be made to succeed up to and including sending the derived keys to the kernel? Thanks very much for any help you guys can offer, and thanks so much for all of the excellent work in this area. John Glotzer _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
