From: Sabrina Dubroca <sd@queasysnail.net>
To: Emeel Hakim <ehakim@nvidia.com>
Cc: dsahern@kernel.org, netdev@vger.kernel.org, raeds@nvidia.com,
tariqt@nvidia.com
Subject: Re: [PATCH main v4 1/2] macsec: add Extended Packet Number support
Date: Sun, 11 Sep 2022 10:35:17 +0200 [thread overview]
Message-ID: <Yx2dxUxOt1Dlpy7f@hog> (raw)
In-Reply-To: <20220908105338.30589-1-ehakim@nvidia.com>
2022-09-08, 13:53:37 +0300, Emeel Hakim wrote:
> This patch adds support for extended packet number (XPN).
> XPN can be configured by passing 'xpn on' as part of the ip
"cipher ..."
> link add command using macsec type.
> In addition, using 'xpn' keyword instead of the 'pn', passing a 12
> bytes salt using the 'salt' keyword and passing short secure channel
> id (ssci) using the 'ssci' keyword as part of the ip macsec command
> is required (see example).
>
> e.g:
>
> create a MACsec device on link eth0 with enabled xpn
> # ip link add link eth0 macsec0 type macsec port 11
> encrypt on xpn on
cipher ...
[...]
> @@ -392,9 +439,21 @@ static int do_modify_nl(enum cmd c, enum macsec_nl_commands cmd, int ifindex,
> addattr8(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_AN, sa->an);
>
> if (c != CMD_DEL) {
> - if (sa->pn)
> - addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN,
> - sa->pn);
> + if (sa->xpn) {
> + if (sa->pn.pn64)
> + addattr64(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN,
> + sa->pn.pn64);
> + if (sa->salt[0] != '\0')
if (sa->salt_set)
> + addattr_l(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_SALT,
> + sa->salt, MACSEC_SALT_LEN);
> + if (sa->ssci != 0)
if (sa->ssci_set)
> + addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_SSCI,
> + sa->ssci);
> + } else {
> + if (sa->pn.pn32)
> + addattr32(&req.n, MACSEC_BUFLEN, MACSEC_SA_ATTR_PN,
> + sa->pn.pn32);
> + }
[...]
> @@ -1251,6 +1339,7 @@ static void usage(FILE *f)
> " [ send_sci { on | off } ]\n"
> " [ end_station { on | off } ]\n"
> " [ scb { on | off } ]\n"
> + " [ xpn { on | off } ]\n"
That should be the new "cipher" options instead of "xpn on/off".
> " [ protect { on | off } ]\n"
> " [ replay { on | off} window { 0..2^32-1 } ]\n"
> " [ validate { strict | check | disabled } ]\n"
--
Sabrina
next prev parent reply other threads:[~2022-09-11 8:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-08 10:53 [PATCH main v4 1/2] macsec: add Extended Packet Number support Emeel Hakim
2022-09-08 10:53 ` [PATCH main v4 2/2] macsec: add user manual description for extended packet number feature Emeel Hakim
2022-09-11 8:35 ` Sabrina Dubroca [this message]
2022-09-11 8:57 ` [PATCH main v4 1/2] macsec: add Extended Packet Number support Emeel Hakim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yx2dxUxOt1Dlpy7f@hog \
--to=sd@queasysnail.net \
--cc=dsahern@kernel.org \
--cc=ehakim@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=raeds@nvidia.com \
--cc=tariqt@nvidia.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.