add sad_process_auth() and sad_append_auth_tlv() to the nsm_recv() and
nsm_request() functions. In addition, add spp to the nsm structure and
add sad_create() & sad_destroy() to functions.
Signed-off-by: Clay Kaiser <clay.kai...@ibm.com>
---
makefile | 2 +-
nsm.8 | 21 +++++++++++++++++++++
nsm.c | 44 +++++++++++++++++++++++++++++++++++++++++---
3 files changed, 63 insertions(+), 4 deletions(-)
diff --git a/makefile b/makefile
index 5f7f53c..bca5130 100644
--- a/makefile
+++ b/makefile
@@ -62,7 +62,7 @@ all: $(PRG)
ptp4l: $(OBJ)
nsm: config.o $(FILTERS) hash.o interface.o msg.o nsm.o phc.o print.o \
- rtnl.o sk.o $(TRANSP) tlv.o tsproc.o util.o version.o
+ rtnl.o $(SECURITY) sk.o $(TRANSP) tlv.o tsproc.o util.o version.o
pmc: config.o hash.o interface.o msg.o phc.o pmc.o pmc_common.o print.o \
$(SECURITY) sk.o tlv.o $(TRANSP) util.o version.o
diff --git a/nsm.8 b/nsm.8
index ec0b077..a0b8bc4 100644
--- a/nsm.8
+++ b/nsm.8
@@ -85,6 +85,11 @@ options. The name of the section is the name of the
configured port (e.g.
.SH PORT OPTIONS
.TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+.TP
.B delayAsymmetry
The time difference in nanoseconds of the transmit and receive
paths. This value should be positive when the master-to-slave
@@ -95,6 +100,14 @@ is longer. The default is 0 nanoseconds.
Select the network transport. Possible values are UDPv4 and L2. The default
is UDPv4.
.TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+.TP
.B transportSpecific
The transport specific field. Must be in the range 0 to 255.
The default is 0.
@@ -104,6 +117,14 @@ The default is 0.
.TP
.B domainNumber
The domain attribute of the local clock. The default is 0.
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+.TP
.B time_stamping
The time stamping method. The allowed values are hardware, software and legacy.
The default is hardware.
diff --git a/nsm.c b/nsm.c
index 9f9db5e..eeb75c9 100644
--- a/nsm.c
+++ b/nsm.c
@@ -29,6 +29,7 @@
#include "config.h"
#include "print.h"
#include "rtnl.h"
+#include "sad.h"
#include "util.h"
#include "version.h"
@@ -51,6 +52,8 @@ struct nsm {
struct PortIdentity port_identity;
UInteger16 sequence_id;
const char *name;
+ int spp;
+ UInteger32 active_key_id;
} the_nsm;
static void nsm_help(FILE *fp);
@@ -285,6 +288,8 @@ static int nsm_open(struct nsm *nsm, struct config *cfg)
iface = STAILQ_FIRST(&cfg->interfaces);
nsm->name = name = interface_name(iface);
nsm->cfg = cfg;
+ nsm->spp = config_get_int(cfg, name, "spp");
+ nsm->active_key_id = config_get_int(cfg, name, "active_key_id");
transport = config_get_int(cfg, name, "network_transport");
@@ -321,7 +326,7 @@ no_tsproc:
static struct ptp_message *nsm_recv(struct nsm *nsm, int fd)
{
- struct ptp_message *msg;
+ struct ptp_message *msg, *dup = NULL;
int cnt, err;
msg = msg_allocate();
@@ -336,6 +341,12 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int
fd)
pr_err("recv message failed");
goto failed;
}
+ if (nsm->spp >= 0) {
+ dup = msg_duplicate(msg, 0);
+ if (!dup) {
+ goto failed;
+ }
+ }
err = msg_post_recv(msg, cnt);
if (err) {
switch (err) {
@@ -353,10 +364,27 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int
fd)
msg_type_string(msg_type(msg)));
goto failed;
}
-
+ err = sad_process_auth(nsm->cfg, nsm->spp, msg, dup);
+ if (err) {
+ switch (err) {
+ case -EBADMSG:
+ pr_err("bad message");
+ break;
+ case -EPROTO:
+ pr_debug("ignoring message");
+ break;
+ }
+ goto failed;
+ }
+ if (dup) {
+ msg_put(dup);
+ }
return msg;
failed:
msg_put(msg);
+ if (dup) {
+ msg_put(dup);
+ }
return NULL;
}
@@ -407,7 +435,12 @@ static int nsm_request(struct nsm *nsm, char *target)
extra->tlv->type = TLV_PTPMON_REQ;
extra->tlv->length = 0;
- err = msg_pre_send(msg);
+ if (nsm->spp >= 0) {
+ err = sad_append_auth_tlv(nsm->cfg, nsm->spp,
+ nsm->active_key_id, msg);
+ } else {
+ err = msg_pre_send(msg);
+ }
if (err) {
pr_err("msg_pre_send failed");
goto out;
@@ -531,6 +564,10 @@ int main(int argc, char *argv[])
print_set_tag(config_get_string(cfg, NULL, "message_tag"));
print_set_level(config_get_int(cfg, NULL, "logging_level"));
+ if (sad_create(cfg)) {
+ goto out;
+ }
+
err = nsm_open(nsm, cfg);
if (err) {
goto out;
@@ -620,6 +657,7 @@ int main(int argc, char *argv[])
nsm_close(nsm);
out:
msg_cleanup();
+ sad_destroy(cfg);
config_destroy(cfg);
return err;
}
--
2.42.1
_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel
