add sad_process_auth() and sad_append_auth_tlv() to the nsm_recv() and nsm_request() functions. In addition, add spp to the nsm structure and add sad_create() & sad_destroy() to functions.
Signed-off-by: Clay Kaiser <clay.kai...@ibm.com> --- makefile | 2 +- nsm.8 | 21 +++++++++++++++++++++ nsm.c | 44 +++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 63 insertions(+), 4 deletions(-) diff --git a/makefile b/makefile index 5f7f53c..bca5130 100644 --- a/makefile +++ b/makefile @@ -62,7 +62,7 @@ all: $(PRG) ptp4l: $(OBJ) nsm: config.o $(FILTERS) hash.o interface.o msg.o nsm.o phc.o print.o \ - rtnl.o sk.o $(TRANSP) tlv.o tsproc.o util.o version.o + rtnl.o $(SECURITY) sk.o $(TRANSP) tlv.o tsproc.o util.o version.o pmc: config.o hash.o interface.o msg.o phc.o pmc.o pmc_common.o print.o \ $(SECURITY) sk.o tlv.o $(TRANSP) util.o version.o diff --git a/nsm.8 b/nsm.8 index ec0b077..a0b8bc4 100644 --- a/nsm.8 +++ b/nsm.8 @@ -85,6 +85,11 @@ options. The name of the section is the name of the configured port (e.g. .SH PORT OPTIONS .TP +.B active_key_id +Each port must define an active_key_id when using security. This key_id is +used to determine which key should be used for outbound icv calculations. +Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled). +.TP .B delayAsymmetry The time difference in nanoseconds of the transmit and receive paths. This value should be positive when the master-to-slave @@ -95,6 +100,14 @@ is longer. The default is 0 nanoseconds. Select the network transport. Possible values are UDPv4 and L2. The default is UDPv4. .TP +.B spp +Specifies the security parameters pointer for the desired security association +to be used for authentication tlv support. If specified, the port owning the +spp will attempt to attach (outbound) and check (inbound) authentication tlvs +for all messages in accordance to the corresponding security association +sourced via the \fBsa_file\fR directive. Not compatible with one step ports. +Must be in the range of -1 to 255, inclusive. The default is -1 (disabled). +.TP .B transportSpecific The transport specific field. Must be in the range 0 to 255. The default is 0. @@ -104,6 +117,14 @@ The default is 0. .TP .B domainNumber The domain attribute of the local clock. The default is 0. +.TP +.B sa_file +Specifies the location of the file containing Security Associations used +for immediate security processing of the Authentication TLV in support of +the optional security mechanism defined in ieee1588-2019 ch 14.16. See +\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents. +The default is an empty string. (disabled). +.TP .B time_stamping The time stamping method. The allowed values are hardware, software and legacy. The default is hardware. diff --git a/nsm.c b/nsm.c index 9f9db5e..eeb75c9 100644 --- a/nsm.c +++ b/nsm.c @@ -29,6 +29,7 @@ #include "config.h" #include "print.h" #include "rtnl.h" +#include "sad.h" #include "util.h" #include "version.h" @@ -51,6 +52,8 @@ struct nsm { struct PortIdentity port_identity; UInteger16 sequence_id; const char *name; + int spp; + UInteger32 active_key_id; } the_nsm; static void nsm_help(FILE *fp); @@ -285,6 +288,8 @@ static int nsm_open(struct nsm *nsm, struct config *cfg) iface = STAILQ_FIRST(&cfg->interfaces); nsm->name = name = interface_name(iface); nsm->cfg = cfg; + nsm->spp = config_get_int(cfg, name, "spp"); + nsm->active_key_id = config_get_int(cfg, name, "active_key_id"); transport = config_get_int(cfg, name, "network_transport"); @@ -321,7 +326,7 @@ no_tsproc: static struct ptp_message *nsm_recv(struct nsm *nsm, int fd) { - struct ptp_message *msg; + struct ptp_message *msg, *dup = NULL; int cnt, err; msg = msg_allocate(); @@ -336,6 +341,12 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int fd) pr_err("recv message failed"); goto failed; } + if (nsm->spp >= 0) { + dup = msg_duplicate(msg, 0); + if (!dup) { + goto failed; + } + } err = msg_post_recv(msg, cnt); if (err) { switch (err) { @@ -353,10 +364,27 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int fd) msg_type_string(msg_type(msg))); goto failed; } - + err = sad_process_auth(nsm->cfg, nsm->spp, msg, dup); + if (err) { + switch (err) { + case -EBADMSG: + pr_err("bad message"); + break; + case -EPROTO: + pr_debug("ignoring message"); + break; + } + goto failed; + } + if (dup) { + msg_put(dup); + } return msg; failed: msg_put(msg); + if (dup) { + msg_put(dup); + } return NULL; } @@ -407,7 +435,12 @@ static int nsm_request(struct nsm *nsm, char *target) extra->tlv->type = TLV_PTPMON_REQ; extra->tlv->length = 0; - err = msg_pre_send(msg); + if (nsm->spp >= 0) { + err = sad_append_auth_tlv(nsm->cfg, nsm->spp, + nsm->active_key_id, msg); + } else { + err = msg_pre_send(msg); + } if (err) { pr_err("msg_pre_send failed"); goto out; @@ -531,6 +564,10 @@ int main(int argc, char *argv[]) print_set_tag(config_get_string(cfg, NULL, "message_tag")); print_set_level(config_get_int(cfg, NULL, "logging_level")); + if (sad_create(cfg)) { + goto out; + } + err = nsm_open(nsm, cfg); if (err) { goto out; @@ -620,6 +657,7 @@ int main(int argc, char *argv[]) nsm_close(nsm); out: msg_cleanup(); + sad_destroy(cfg); config_destroy(cfg); return err; } -- 2.42.1 _______________________________________________ Linuxptp-devel mailing list Linuxptp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linuxptp-devel