* [PATCH 1/2] macsec: Backward compatibility bugfix of consts values
@ 2020-03-06 2:55 Era Mayflower
2020-03-06 2:55 ` [PATCH 2/2] macsec: Fix frame loss in XPN mode when PN=0 bug Era Mayflower
2020-03-07 6:39 ` [PATCH 1/2] macsec: Backward compatibility bugfix of consts values David Miller
0 siblings, 2 replies; 3+ messages in thread
From: Era Mayflower @ 2020-03-06 2:55 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-kernel, Era Mayflower
Fixed a compatibility bug, the value of the following consts changes:
* IFLA_MACSEC_PAD (include/uapi/linux/if_link.h)
* MACSEC_SECY_ATTR_PAD (include/uapi/linux/if_macsec.h)
* MACSEC_RXSC_ATTR_PAD (include/uapi/linux/if_macsec.h)
Depends on: macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)
Signed-off-by: Era Mayflower <mayflowerera@gmail.com>
---
include/uapi/linux/if_link.h | 2 +-
include/uapi/linux/if_macsec.h | 4 ++--
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index ee424d915..383316421 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -462,9 +462,9 @@ enum {
IFLA_MACSEC_SCB,
IFLA_MACSEC_REPLAY_PROTECT,
IFLA_MACSEC_VALIDATION,
+ IFLA_MACSEC_PAD,
IFLA_MACSEC_SSCI,
IFLA_MACSEC_SALT,
- IFLA_MACSEC_PAD,
__IFLA_MACSEC_MAX,
};
diff --git a/include/uapi/linux/if_macsec.h b/include/uapi/linux/if_macsec.h
index c8fab9673..a1132107d 100644
--- a/include/uapi/linux/if_macsec.h
+++ b/include/uapi/linux/if_macsec.h
@@ -68,9 +68,9 @@ enum macsec_secy_attrs {
MACSEC_SECY_ATTR_INC_SCI,
MACSEC_SECY_ATTR_ES,
MACSEC_SECY_ATTR_SCB,
+ MACSEC_SECY_ATTR_PAD,
MACSEC_SECY_ATTR_SSCI,
MACSEC_SECY_ATTR_SALT,
- MACSEC_SECY_ATTR_PAD,
__MACSEC_SECY_ATTR_END,
NUM_MACSEC_SECY_ATTR = __MACSEC_SECY_ATTR_END,
MACSEC_SECY_ATTR_MAX = __MACSEC_SECY_ATTR_END - 1,
@@ -82,8 +82,8 @@ enum macsec_rxsc_attrs {
MACSEC_RXSC_ATTR_ACTIVE, /* config/dump, u8 0..1 */
MACSEC_RXSC_ATTR_SA_LIST, /* dump, nested */
MACSEC_RXSC_ATTR_STATS, /* dump, nested, macsec_rxsc_stats_attr */
- MACSEC_RXSC_ATTR_SSCI, /* config/dump, u32 */
MACSEC_RXSC_ATTR_PAD,
+ MACSEC_RXSC_ATTR_SSCI, /* config/dump, u32 */
__MACSEC_RXSC_ATTR_END,
NUM_MACSEC_RXSC_ATTR = __MACSEC_RXSC_ATTR_END,
MACSEC_RXSC_ATTR_MAX = __MACSEC_RXSC_ATTR_END - 1,
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* [PATCH 2/2] macsec: Fix frame loss in XPN mode when PN=0 bug
2020-03-06 2:55 [PATCH 1/2] macsec: Backward compatibility bugfix of consts values Era Mayflower
@ 2020-03-06 2:55 ` Era Mayflower
2020-03-07 6:39 ` [PATCH 1/2] macsec: Backward compatibility bugfix of consts values David Miller
1 sibling, 0 replies; 3+ messages in thread
From: Era Mayflower @ 2020-03-06 2:55 UTC (permalink / raw)
To: davem; +Cc: netdev, linux-kernel, Era Mayflower
According to IEEE 802.1aebw figure 10-5,
the PN of incoming frame can be 0 when XPN cipher suite is used.
Fixed `macsec_validate_skb` to fail on PN=0 only if we are not using XPN.
Depends on: macsec: Backward compatibility bugfix of consts values
Signed-off-by: Era Mayflower <mayflowerera@gmail.com>
---
drivers/net/macsec.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index aff28ee89..418e1b126 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -386,7 +386,7 @@ static const struct macsec_ops *macsec_get_ops(struct macsec_dev *macsec,
}
/* validate MACsec packet according to IEEE 802.1AE-2006 9.12 */
-static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
+static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len, bool xpn)
{
struct macsec_eth_header *h = (struct macsec_eth_header *)skb->data;
int len = skb->len - 2 * ETH_ALEN;
@@ -411,8 +411,8 @@ static bool macsec_validate_skb(struct sk_buff *skb, u16 icv_len)
if (h->unused)
return false;
- /* rx.pn != 0 (figure 10-5) */
- if (!h->packet_number)
+ /* rx.pn != 0 if not XPN (figure 10-5) */
+ if (!h->packet_number && !xpn)
return false;
/* length check, f) g) h) i) */
@@ -1117,7 +1117,7 @@ static rx_handler_result_t macsec_handle_frame(struct sk_buff **pskb)
secy_stats = this_cpu_ptr(macsec->stats);
rxsc_stats = this_cpu_ptr(rx_sc->stats);
- if (!macsec_validate_skb(skb, secy->icv_len)) {
+ if (!macsec_validate_skb(skb, secy->icv_len, secy->xpn)) {
u64_stats_update_begin(&secy_stats->syncp);
secy_stats->stats.InPktsBadTag++;
u64_stats_update_end(&secy_stats->syncp);
--
2.20.1
^ permalink raw reply related [flat|nested] 3+ messages in thread* Re: [PATCH 1/2] macsec: Backward compatibility bugfix of consts values
2020-03-06 2:55 [PATCH 1/2] macsec: Backward compatibility bugfix of consts values Era Mayflower
2020-03-06 2:55 ` [PATCH 2/2] macsec: Fix frame loss in XPN mode when PN=0 bug Era Mayflower
@ 2020-03-07 6:39 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2020-03-07 6:39 UTC (permalink / raw)
To: mayflowerera; +Cc: netdev, linux-kernel
From: Era Mayflower <mayflowerera@gmail.com>
Date: Fri, 6 Mar 2020 02:55:22 +0000
> Fixed a compatibility bug, the value of the following consts changes:
> * IFLA_MACSEC_PAD (include/uapi/linux/if_link.h)
> * MACSEC_SECY_ATTR_PAD (include/uapi/linux/if_macsec.h)
> * MACSEC_RXSC_ATTR_PAD (include/uapi/linux/if_macsec.h)
>
> Depends on: macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)
>
> Signed-off-by: Era Mayflower <mayflowerera@gmail.com>
Fix your original patches so that they don't have these bugs, and then
resubmit that.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2020-03-07 6:39 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-03-06 2:55 [PATCH 1/2] macsec: Backward compatibility bugfix of consts values Era Mayflower
2020-03-06 2:55 ` [PATCH 2/2] macsec: Fix frame loss in XPN mode when PN=0 bug Era Mayflower
2020-03-07 6:39 ` [PATCH 1/2] macsec: Backward compatibility bugfix of consts values David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.