From: Sabrina Dubroca <sd@queasysnail.net>
To: Igor Russkikh <irusskikh@marvell.com>
Cc: netdev@vger.kernel.org,
Mark Starovoytov <mstarovoitov@marvell.com>,
Antoine Tenart <antoine.tenart@bootlin.com>,
Dmitry Bogdanov <dbogdanov@marvell.com>
Subject: Re: [PATCH net 1/2] net: macsec: update SCI upon MAC address change.
Date: Fri, 17 Apr 2020 11:05:47 +0200 [thread overview]
Message-ID: <20200417090547.GA3874480@bistromath.localdomain> (raw)
In-Reply-To: <20200310152225.2338-2-irusskikh@marvell.com>
Hello,
2020-03-10, 18:22:24 +0300, Igor Russkikh wrote:
> From: Dmitry Bogdanov <dbogdanov@marvell.com>
>
> SCI should be updated, because it contains MAC in its first 6 octets.
Sorry for catching this so late. I don't think this change is correct.
Changing the SCI means wpa_supplicant (or whatever MKA you're using)
will disagree as to which SCI is in use. The peer probably doesn't
have an RXSC for the new SCI either, so the packets will be dropped
anyway.
Plus, if you're using "send_sci on", there's no real reason to change
the SCI, since it's also in the packet, and may or may not have any
relationship to the MAC address of the device.
I'm guessing the issue you're trying to solve is that in the "send_sci
off" case, macsec_encrypt() will use the SCI stored in the secy, but
the receiver will construct the SCI based on the source MAC
address. Can you confirm that? If that's the real problem, I have a
couple of ideas to solve it.
Thanks, and sorry again for the delay in looking at this,
--
Sabrina
next prev parent reply other threads:[~2020-04-17 9:05 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 15:22 [PATCH net 0/2] MACSec bugfixes related to MAC address change Igor Russkikh
2020-03-10 15:22 ` [PATCH net 1/2] net: macsec: update SCI upon " Igor Russkikh
2020-04-17 9:05 ` Sabrina Dubroca [this message]
2020-04-20 9:51 ` [EXT] " Dmitry Bogdanov
2020-04-21 17:02 ` Sabrina Dubroca
2020-03-10 15:22 ` [PATCH net 2/2] net: macsec: invoke mdo_upd_secy callback when mac address changed Igor Russkikh
2020-03-10 23:02 ` [PATCH net 0/2] MACSec bugfixes related to MAC address change David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200417090547.GA3874480@bistromath.localdomain \
--to=sd@queasysnail.net \
--cc=antoine.tenart@bootlin.com \
--cc=dbogdanov@marvell.com \
--cc=irusskikh@marvell.com \
--cc=mstarovoitov@marvell.com \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).