Hi John, See my comments inline. On 26-05-17 08:12, John Glotzer wrote: > Hi Jaap and Sabrina, > > I am trying to replicate what Jaap has described, which is to say to > use wpa_supplicant to drive the MKA between two MACSEC capable hosts. > > I have set up statically configured MACSEC between two virtual > instances using Fedora26-Alpha which has the 4.11 kernel MACSEC > implementation and this all works as expected. > > I don't think that the binary in the Fedora26 is sufficiently new > enough to support all that is needed (for example it rejects the > config line eapol_version=3) but in any case I want to build my own. The required additions were included after hostap/wpa_supplicant 2.6 was released, so you'll need bleeding edge (aka. git HEAD) software build and running on your setup. > When I look at the source HEAD for hostap/wpa_supplicant I see that > while there are a lot of #ifdef checks for CONFIG_MACSEC in the source > I don't see an option in the defconfig file for turning on > CONFIG_MACSEC. Is this omission significant or do I just add the > CONFIG line anyway? > > Also (and most importantly) what are the other CONFIG lines that I > should specify during the build? I've been sitting on a patch exactly with the purpose of documenting these (I was holding back for Jouni to consider my previous pending patch first), but now you've forced my hand. See "[PATCH] Add config information related to MACsec" for the information you seek. > Also is there a way to get the netlink support needed to send the > derived keys to the kernel after MKA completes? That is to say can the > entire end to end workflow be made to succeed up to and including > sending the derived keys to the kernel? Also here you have to have a fairly recent libnl installed, or build. I've been working with libnl 3.2.29, which was not yet packaged, so I did that myself and installed that for testing. > > Thanks very much for any help you guys can offer, and thanks so much > for all of the excellent work in this area. > > John Glotzer > Thanks, Jaap _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
