add sad_process_auth() and sad_append_auth_tlv() to the pmc_recv() and
pmc_send() functions. In addition, add a config pointer & spp to the
pmc structure and add sad_create() & sad_destroy() to functions.
Signed-off-by: Clay Kaiser <clay.kai...@ibm.com>
---
makefile | 14 +++++++-------
phc2sys.8 | 25 ++++++++++++++++++++++++-
phc2sys.c | 5 +++++
pmc.8 | 27 ++++++++++++++++++++++++++-
pmc.c | 6 ++++++
pmc_common.c | 37 +++++++++++++++++++++++++++++++++++--
ts2phc.8 | 25 ++++++++++++++++++++++++-
ts2phc.c | 12 ++++++++++--
tz2alt.8 | 23 +++++++++++++++++++++++
tz2alt.c | 6 ++++++
10 files changed, 166 insertions(+), 14 deletions(-)
diff --git a/makefile b/makefile
index 8c51bed..5f7f53c 100644
--- a/makefile
+++ b/makefile
@@ -64,12 +64,12 @@ ptp4l: $(OBJ)
nsm: config.o $(FILTERS) hash.o interface.o msg.o nsm.o phc.o print.o \
rtnl.o sk.o $(TRANSP) tlv.o tsproc.o util.o version.o
-pmc: config.o hash.o interface.o msg.o phc.o pmc.o pmc_common.o print.o sk.o \
- tlv.o $(TRANSP) util.o version.o
+pmc: config.o hash.o interface.o msg.o phc.o pmc.o pmc_common.o print.o \
+ $(SECURITY) sk.o tlv.o $(TRANSP) util.o version.o
phc2sys: clockadj.o clockcheck.o config.o hash.o interface.o msg.o \
- phc.o phc2sys.o pmc_agent.o pmc_common.o print.o $(SERVOS) sk.o stats.o \
- sysoff.o tlv.o $(TRANSP) util.o version.o
+ phc.o phc2sys.o pmc_agent.o pmc_common.o print.o $(SECURITY) $(SERVOS) \
+ sk.o stats.o sysoff.o tlv.o $(TRANSP) util.o version.o
hwstamp_ctl: hwstamp_ctl.o version.o
@@ -78,11 +78,11 @@ phc_ctl: phc_ctl.o phc.o sk.o util.o clockadj.o sysoff.o
print.o version.o
timemaster: phc.o print.o rtnl.o sk.o timemaster.o util.o version.o
ts2phc: config.o clockadj.o hash.o interface.o msg.o phc.o pmc_agent.o \
- pmc_common.o print.o $(SERVOS) sk.o $(TS2PHC) tlv.o transport.o raw.o \
- udp.o udp6.o uds.o util.o version.o
+ pmc_common.o print.o $(SECURITY) $(SERVOS) sk.o $(TS2PHC) tlv.o transport.o \
+ raw.o udp.o udp6.o uds.o util.o version.o
tz2alt: config.o hash.o interface.o lstab.o msg.o phc.o pmc_common.o print.o \
- sk.o tlv.o $(TRANSP) tz2alt.o util.o version.o
+ $(SECURITY) sk.o tlv.o $(TRANSP) tz2alt.o util.o version.o
version.o: .version version.sh $(filter-out version.d,$(DEPEND))
diff --git a/phc2sys.8 b/phc2sys.8
index 9a37778..11cdf2a 100644
--- a/phc2sys.8
+++ b/phc2sys.8
@@ -1,4 +1,4 @@
-.TH PHC2SYS 8 "February 2023" "linuxptp"
+.TH PHC2SYS 8 "October 2023" "linuxptp"
.SH NAME
phc2sys \- synchronize two or more clocks
@@ -270,6 +270,12 @@ sets the program options. This is the only used option.
.SH FILE OPTIONS
+.TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+
.TP
.B clock_servo
The servo which is used to synchronize the local clock. Valid values
@@ -355,6 +361,14 @@ Same as option
The address of the UNIX domain socket to be used by the refclock_sock servo.
The default is /var/run/refclock.ptp.sock.
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+
.TP
.B sanity_freq_limit
The maximum allowed frequency offset between uncorrected clock and the
@@ -378,6 +392,15 @@ Same as option
.B \-S
(see above).
+.TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+
.TP
.B transportSpecific
The transport specific field. Must be in the range 0 to 255.
diff --git a/phc2sys.c b/phc2sys.c
index 7ea6929..6ea5881 100644
--- a/phc2sys.c
+++ b/phc2sys.c
@@ -49,6 +49,7 @@
#include "pi.h"
#include "pmc_agent.h"
#include "print.h"
+#include "sad.h"
#include "servo.h"
#include "sk.h"
#include "stats.h"
@@ -1433,6 +1434,10 @@ int main(int argc, char *argv[])
n_domains = 1;
}
+ if (sad_create(cfg)) {
+ goto end;
+ }
+
for (i = 0; i < n_domains; i++) {
domains[i] = settings;
domains[i].agent = pmc_agent_create();
diff --git a/pmc.8 b/pmc.8
index 629eadf..afe76e4 100644
--- a/pmc.8
+++ b/pmc.8
@@ -1,4 +1,4 @@
-.TH PMC 8 "February 2023" "linuxptp"
+.TH PMC 8 "October 2023" "linuxptp"
.SH NAME
pmc \- PTP management client
@@ -144,8 +144,22 @@ options. The name of the section is the name of the
configured port (e.g.
.B domainNumber
The domain attribute of the local clock. The default is 0.
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+
.SH PORT OPTIONS
+.TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+
.TP
.B network_transport
Select the network transport. Possible values are UDPv4, UDPv6 and L2. The
default
@@ -155,6 +169,15 @@ is UDPv4.
.B ptp_dst_mac
The MAC address to which PTP management messages should be sent. Relevant only
with L2 transport. The default is 01:1B:19:00:00:00.
+.TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+
.TP
.B transportSpecific
The transport specific field. Must be in the range 0 to 255.
@@ -205,6 +228,8 @@ The default is 0.
.TP
.B PRIORITY2
.TP
+.B SA_REKEY_NP
+.TP
.B SLAVE_ONLY
.TP
.B TIMESCALE_PROPERTIES
diff --git a/pmc.c b/pmc.c
index 6888a9a..ab17b5e 100644
--- a/pmc.c
+++ b/pmc.c
@@ -31,6 +31,7 @@
#include "notification.h"
#include "pmc_common.h"
#include "print.h"
+#include "sad.h"
#include "tlv.h"
#include "uds.h"
#include "util.h"
@@ -804,6 +805,10 @@ int main(int argc, char *argv[])
transport_specific = config_get_int(cfg, NULL, "transportSpecific") <<
4;
domain_number = config_get_int(cfg, NULL, "domainNumber");
+ if (sad_create(cfg)) {
+ goto out;
+ }
+
if (!iface_name) {
if (transport_type == TRANS_UDS) {
snprintf(uds_local, sizeof(uds_local),
@@ -903,6 +908,7 @@ int main(int argc, char *argv[])
msg_cleanup();
out:
+ sad_destroy(cfg);
config_destroy(cfg);
return ret;
}
diff --git a/pmc_common.c b/pmc_common.c
index 80dfe74..2060956 100644
--- a/pmc_common.c
+++ b/pmc_common.c
@@ -25,6 +25,7 @@
#include "notification.h"
#include "print.h"
+#include "sad.h"
#include "tlv.h"
#include "transport.h"
#include "pmc_common.h"
@@ -493,6 +494,7 @@ static void print_help(FILE *fp)
}
struct pmc {
+ struct config *cfg;
UInteger16 sequence_id;
UInteger8 boundary_hops;
UInteger8 domain_number;
@@ -504,6 +506,8 @@ struct pmc {
struct interface *iface;
struct fdarray fdarray;
int zero_length_gets;
+ int spp;
+ UInteger32 active_key_id;
};
struct pmc *pmc_create(struct config *cfg, enum transport_type transport_type,
@@ -532,6 +536,9 @@ struct pmc *pmc_create(struct config *cfg, enum
transport_type transport_type,
pmc->boundary_hops = boundary_hops;
pmc->domain_number = domain_number;
pmc->transport_specific = transport_specific;
+ pmc->cfg = cfg;
+ pmc->spp = config_get_int(cfg, NULL, "spp");
+ pmc->active_key_id = config_get_int(cfg, NULL, "active_key_id");
pmc->transport = transport_create(cfg, transport_type);
if (!pmc->transport) {
@@ -603,7 +610,12 @@ static int pmc_send(struct pmc *pmc, struct ptp_message
*msg)
{
int err;
- err = msg_pre_send(msg);
+ if (pmc->spp >= 0) {
+ err = sad_append_auth_tlv(pmc->cfg, pmc->spp,
+ pmc->active_key_id, msg);
+ } else {
+ err = msg_pre_send(msg);
+ }
if (err) {
pr_err("msg_pre_send failed");
return -1;
@@ -871,7 +883,7 @@ int pmc_send_cmd_action(struct pmc *pmc, int id)
struct ptp_message *pmc_recv(struct pmc *pmc)
{
- struct ptp_message *msg;
+ struct ptp_message *msg, *dup = NULL;
int cnt, err;
msg = msg_allocate();
@@ -885,6 +897,12 @@ struct ptp_message *pmc_recv(struct pmc *pmc)
pr_err("recv message failed");
goto failed;
}
+ if (pmc->spp >= 0) {
+ dup = msg_duplicate(msg, 0);
+ if (!dup) {
+ goto failed;
+ }
+ }
err = msg_post_recv(msg, cnt);
if (err) {
switch (err) {
@@ -902,10 +920,25 @@ struct ptp_message *pmc_recv(struct pmc *pmc)
msg_type_string(msg_type(msg)));
goto failed;
}
+ err = sad_process_auth(pmc->cfg, pmc->spp, msg, dup);
+ if (err) {
+ switch (err) {
+ case -EBADMSG:
+ pr_err("bad message");
+ break;
+ case -EPROTO:
+ pr_debug("ignoring message");
+ break;
+ }
+ goto failed;
+ }
return msg;
failed:
msg_put(msg);
+ if (dup) {
+ msg_put(dup);
+ }
return NULL;
}
diff --git a/ts2phc.8 b/ts2phc.8
index 3c71d47..7c437dd 100644
--- a/ts2phc.8
+++ b/ts2phc.8
@@ -1,4 +1,4 @@
-.TH TS2PHC 8 "February 2023" "linuxptp"
+.TH TS2PHC 8 "October 2023" "linuxptp"
.SH NAME
ts2phc - Synchronizes one or more PTP Hardware Clocks using external time
stamps.
@@ -117,6 +117,12 @@ command line option.
.SH GLOBAL OPTIONS
+.TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+
.TP
.B first_step_threshold
The maximum offset, specified in seconds, that the servo will correct by
@@ -159,6 +165,14 @@ The tag which is added to all messages printed to the
standard output
or system log. The default is an empty string (which cannot be set in
the configuration file as the option requires an argument).
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+
.TP
.B step_threshold
The maximum offset, specified in seconds, that the servo will correct
@@ -166,6 +180,15 @@ by changing the clock frequency instead of stepping the
clock. When
set to 0.0, the servo will never step the clock except on start.
The default is 0.0.
+.TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+
.TP
.B ts2phc.nmea_remote_host, ts2phc.nmea_remote_port
Specifies the remote host providing ToD information when using the
diff --git a/ts2phc.c b/ts2phc.c
index 3bbbbd3..c13538f 100644
--- a/ts2phc.c
+++ b/ts2phc.c
@@ -18,6 +18,7 @@
#include "interface.h"
#include "phc.h"
#include "print.h"
+#include "sad.h"
#include "ts2phc.h"
#include "version.h"
@@ -35,9 +36,10 @@ static void ts2phc_cleanup(struct ts2phc_private *priv)
ts2phc_pps_sink_cleanup(priv);
if (priv->src)
ts2phc_pps_source_destroy(priv->src);
- if (priv->cfg)
+ if (priv->cfg) {
+ sad_destroy(priv->cfg);
config_destroy(priv->cfg);
-
+ }
if (priv->agent)
pmc_agent_destroy(priv->agent);
@@ -664,6 +666,12 @@ int main(int argc, char *argv[])
STAILQ_INIT(&priv.sinks);
+ if (sad_create(cfg)) {
+ fprintf(stderr, "failed to get security associations\n");
+ ts2phc_cleanup(&priv);
+ return -1;
+ }
+
snprintf(uds_local, sizeof(uds_local), "/var/run/ts2phc.%d",
getpid());
diff --git a/tz2alt.8 b/tz2alt.8
index 66a6605..e277f3a 100644
--- a/tz2alt.8
+++ b/tz2alt.8
@@ -72,6 +72,12 @@ starting with # are ignored.
.SH GLOBAL OPTIONS
+.TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+
.TP
.B domainNumber
The domain attribute of the local clock.
@@ -97,6 +103,23 @@ The tag which is added to all messages printed to the
standard output
or system log. The default is an empty string (which cannot be set in
the configuration file as the option requires an argument).
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+
+.TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+
.TP
.B transportSpecific
The transport specific field. Must be in the range 0 to 255.
diff --git a/tz2alt.c b/tz2alt.c
index feb77a5..76d3c75 100644
--- a/tz2alt.c
+++ b/tz2alt.c
@@ -15,6 +15,7 @@
#include "lstab.h"
#include "pmc_common.h"
#include "print.h"
+#include "sad.h"
#include "version.h"
#include "tz.h"
@@ -367,6 +368,10 @@ int main(int argc, char *argv[])
goto out;
}
+ if (sad_create(cfg)) {
+ goto out;
+ }
+
print_set_progname(progname);
print_set_tag(config_get_string(cfg, NULL, "message_tag"));
print_set_level(config_get_int(cfg, NULL, "logging_level"));
@@ -374,6 +379,7 @@ int main(int argc, char *argv[])
err = do_tztool(timezone);
out:
+ sad_destroy(cfg);
config_destroy(cfg);
return err;
}
--
2.42.1
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
