提交 e82c649e 编写于 作者: S Sabrina Dubroca 提交者: Jakub Kicinski

Revert "net: macsec: update SCI upon MAC address change."

This reverts commit 6fc498bc.

Commit 6fc498bc states:

    SCI should be updated, because it contains MAC in its first 6
    octets.

That's not entirely correct. The SCI can be based on the MAC address,
but doesn't have to be. We can also use any 64-bit number as the
SCI. When the SCI based on the MAC address, it uses a 16-bit "port
number" provided by userspace, which commit 6fc498bc overwrites
with 1.

In addition, changing the SCI after macsec has been setup can just
confuse the receiver. If we configure the RXSC on the peer based on
the original SCI, we should keep the same SCI on TX.

When the macsec device is being managed by a userspace key negotiation
daemon such as wpa_supplicant, commit 6fc498bc would also
overwrite the SCI defined by userspace.

Fixes: 6fc498bc ("net: macsec: update SCI upon MAC address change.")
Signed-off-by: NSabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/9b1a9d28327e7eb54550a92eebda45d25e54dd0d.1660667033.git.sd@queasysnail.netSigned-off-by: NJakub Kicinski <kuba@kernel.org>
上级 9dbdfd4a
...@@ -462,11 +462,6 @@ static struct macsec_eth_header *macsec_ethhdr(struct sk_buff *skb) ...@@ -462,11 +462,6 @@ static struct macsec_eth_header *macsec_ethhdr(struct sk_buff *skb)
return (struct macsec_eth_header *)skb_mac_header(skb); return (struct macsec_eth_header *)skb_mac_header(skb);
} }
static sci_t dev_to_sci(struct net_device *dev, __be16 port)
{
return make_sci(dev->dev_addr, port);
}
static void __macsec_pn_wrapped(struct macsec_secy *secy, static void __macsec_pn_wrapped(struct macsec_secy *secy,
struct macsec_tx_sa *tx_sa) struct macsec_tx_sa *tx_sa)
{ {
...@@ -3661,7 +3656,6 @@ static int macsec_set_mac_address(struct net_device *dev, void *p) ...@@ -3661,7 +3656,6 @@ static int macsec_set_mac_address(struct net_device *dev, void *p)
out: out:
eth_hw_addr_set(dev, addr->sa_data); eth_hw_addr_set(dev, addr->sa_data);
macsec->secy.sci = dev_to_sci(dev, MACSEC_PORT_ES);
/* If h/w offloading is available, propagate to the device */ /* If h/w offloading is available, propagate to the device */
if (macsec_is_offloaded(macsec)) { if (macsec_is_offloaded(macsec)) {
...@@ -4000,6 +3994,11 @@ static bool sci_exists(struct net_device *dev, sci_t sci) ...@@ -4000,6 +3994,11 @@ static bool sci_exists(struct net_device *dev, sci_t sci)
return false; return false;
} }
static sci_t dev_to_sci(struct net_device *dev, __be16 port)
{
return make_sci(dev->dev_addr, port);
}
static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len) static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
{ {
struct macsec_dev *macsec = macsec_priv(dev); struct macsec_dev *macsec = macsec_priv(dev);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册