MACsec/IEEE 802.1AE is useful to secure communication to and from endpoints at Layer 2.
Starting with 4.6, the linux kernel provides a universal macsec driver for authentication and encryption of traffic in a LAN, typically with GCM-AES-128, and optional replay protection. http://standards.ieee.org/getieee802/download/802.1AE-2006.pdf Note: LEDE can utilize MACsec with a static connectivity association key (static PSK) with the ip-full package installed. <http://man7.org/linux/man-pages/man8/ip-macsec.8.html> Signed-off-by: Christian Lamparter <chunk...@gmail.com> --- The patch shows up on the lede-dev archive. But it doesn't look like patchwork picked it up?!. v1->v2 updated author mail and subject. --- package/kernel/linux/modules/netsupport.mk | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/package/kernel/linux/modules/netsupport.mk b/package/kernel/linux/modules/netsupport.mk index 6c9b03be1d..e4740428af 100644 --- a/package/kernel/linux/modules/netsupport.mk +++ b/package/kernel/linux/modules/netsupport.mk @@ -1009,3 +1009,18 @@ define KernelPackage/mdio/description endef $(eval $(call KernelPackage,mdio)) + +define KernelPackage/macsec + SUBMENU:=$(NETWORK_SUPPORT_MENU) + TITLE:=IEEE 802.1AE MAC-level encryption (MAC) + DEPENDS:=+kmod-crypto-gcm @!LINUX_3_18 @!LINUX_4_1 @!LINUX_4_4 + KCONFIG:=CONFIG_MACSEC + FILES:=$(LINUX_DIR)/drivers/net/macsec.ko + AUTOLOAD:=$(call AutoLoad,13,macsec) +endef + +define KernelPackage/macsec/description + MACsec is an encryption standard for Ethernet. +endef + +$(eval $(call KernelPackage,macsec)) -- 2.15.0.rc0 _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
