add sad_process_auth() and sad_append_auth_tlv() to the nsm_recv() and
nsm_request() functions. In addition, add spp to the nsm structure and
add sad_create() & sad_destroy() to functions.

Signed-off-by: Clay Kaiser <clay.kai...@ibm.com>
---
 makefile |  2 +-
 nsm.8    | 21 +++++++++++++++++++++
 nsm.c    | 44 +++++++++++++++++++++++++++++++++++++++++---
 3 files changed, 63 insertions(+), 4 deletions(-)

diff --git a/makefile b/makefile
index 5f7f53c..bca5130 100644
--- a/makefile
+++ b/makefile
@@ -62,7 +62,7 @@ all: $(PRG)
 ptp4l: $(OBJ)
 
 nsm: config.o $(FILTERS) hash.o interface.o msg.o nsm.o phc.o print.o \
- rtnl.o sk.o $(TRANSP) tlv.o tsproc.o util.o version.o
+ rtnl.o $(SECURITY) sk.o $(TRANSP) tlv.o tsproc.o util.o version.o
 
 pmc: config.o hash.o interface.o msg.o phc.o pmc.o pmc_common.o print.o \
  $(SECURITY) sk.o tlv.o $(TRANSP) util.o version.o
diff --git a/nsm.8 b/nsm.8
index ec0b077..a0b8bc4 100644
--- a/nsm.8
+++ b/nsm.8
@@ -85,6 +85,11 @@ options. The name of the section is the name of the 
configured port (e.g.
 
 .SH PORT OPTIONS
 .TP
+.B active_key_id
+Each port must define an active_key_id when using security. This key_id is
+used to determine which key should be used for outbound icv calculations.
+Must be in the range of 0 to 2^32-1, inclusive. The default is 0 (disabled).
+.TP
 .B delayAsymmetry
 The time difference in nanoseconds of the transmit and receive
 paths. This value should be positive when the master-to-slave
@@ -95,6 +100,14 @@ is longer. The default is 0 nanoseconds.
 Select the network transport. Possible values are UDPv4 and L2. The default
 is UDPv4.
 .TP
+.B spp
+Specifies the security parameters pointer for the desired security association
+to be used for authentication tlv support. If specified, the port owning the
+spp will attempt to attach (outbound) and check (inbound) authentication tlvs
+for all messages in accordance to the corresponding security association
+sourced via the \fBsa_file\fR directive. Not compatible with one step ports.
+Must be in the range of -1 to 255, inclusive. The default is -1 (disabled).
+.TP
 .B transportSpecific
 The transport specific field. Must be in the range 0 to 255.
 The default is 0.
@@ -104,6 +117,14 @@ The default is 0.
 .TP
 .B domainNumber
 The domain attribute of the local clock. The default is 0.
+.TP
+.B sa_file
+Specifies the location of the file containing Security Associations used
+for immediate security processing of the Authentication TLV in support of
+the optional security mechanism defined in ieee1588-2019 ch 14.16. See
+\fBSECURITY ASSOCIATION OPTIONS\fR for more info on file contents.
+The default is an empty string. (disabled).
+.TP
 .B time_stamping
 The time stamping method. The allowed values are hardware, software and legacy.
 The default is hardware.
diff --git a/nsm.c b/nsm.c
index 9f9db5e..eeb75c9 100644
--- a/nsm.c
+++ b/nsm.c
@@ -29,6 +29,7 @@
 #include "config.h"
 #include "print.h"
 #include "rtnl.h"
+#include "sad.h"
 #include "util.h"
 #include "version.h"
 
@@ -51,6 +52,8 @@ struct nsm {
        struct PortIdentity     port_identity;
        UInteger16              sequence_id;
        const char              *name;
+       int                     spp;
+       UInteger32              active_key_id;
 } the_nsm;
 
 static void nsm_help(FILE *fp);
@@ -285,6 +288,8 @@ static int nsm_open(struct nsm *nsm, struct config *cfg)
        iface = STAILQ_FIRST(&cfg->interfaces);
        nsm->name = name = interface_name(iface);
        nsm->cfg = cfg;
+       nsm->spp = config_get_int(cfg, name, "spp");
+       nsm->active_key_id = config_get_int(cfg, name, "active_key_id");
 
        transport = config_get_int(cfg, name, "network_transport");
 
@@ -321,7 +326,7 @@ no_tsproc:
 
 static struct ptp_message *nsm_recv(struct nsm *nsm, int fd)
 {
-       struct ptp_message *msg;
+       struct ptp_message *msg, *dup = NULL;
        int cnt, err;
 
        msg = msg_allocate();
@@ -336,6 +341,12 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int 
fd)
                pr_err("recv message failed");
                goto failed;
        }
+       if (nsm->spp >= 0) {
+               dup = msg_duplicate(msg, 0);
+               if (!dup) {
+                       goto failed;
+               }
+       }
        err = msg_post_recv(msg, cnt);
        if (err) {
                switch (err) {
@@ -353,10 +364,27 @@ static struct ptp_message *nsm_recv(struct nsm *nsm, int 
fd)
                       msg_type_string(msg_type(msg)));
                goto failed;
        }
-
+       err = sad_process_auth(nsm->cfg, nsm->spp, msg, dup);
+       if (err) {
+               switch (err) {
+               case -EBADMSG:
+                       pr_err("bad message");
+                       break;
+               case -EPROTO:
+                       pr_debug("ignoring message");
+                       break;
+               }
+               goto failed;
+       }
+       if (dup) {
+               msg_put(dup);
+       }
        return msg;
 failed:
        msg_put(msg);
+       if (dup) {
+               msg_put(dup);
+       }
        return NULL;
 }
 
@@ -407,7 +435,12 @@ static int nsm_request(struct nsm *nsm, char *target)
        extra->tlv->type = TLV_PTPMON_REQ;
        extra->tlv->length = 0;
 
-       err = msg_pre_send(msg);
+       if (nsm->spp >= 0) {
+               err = sad_append_auth_tlv(nsm->cfg, nsm->spp,
+                                         nsm->active_key_id, msg);
+       } else {
+               err = msg_pre_send(msg);
+       }
        if (err) {
                pr_err("msg_pre_send failed");
                goto out;
@@ -531,6 +564,10 @@ int main(int argc, char *argv[])
        print_set_tag(config_get_string(cfg, NULL, "message_tag"));
        print_set_level(config_get_int(cfg, NULL, "logging_level"));
 
+       if (sad_create(cfg)) {
+               goto out;
+       }
+
        err = nsm_open(nsm, cfg);
        if (err) {
                goto out;
@@ -620,6 +657,7 @@ int main(int argc, char *argv[])
        nsm_close(nsm);
 out:
        msg_cleanup();
+       sad_destroy(cfg);
        config_destroy(cfg);
        return err;
 }
-- 
2.42.1



_______________________________________________
Linuxptp-devel mailing list
Linuxptp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linuxptp-devel

Reply via email to