Skip to content

Commit e82c649

Browse files
qsnkuba-moo
qsn
authored and
kuba-moo
committed
Revert "net: macsec: update SCI upon MAC address change."
This reverts commit 6fc498b. Commit 6fc498b states: SCI should be updated, because it contains MAC in its first 6 octets. That's not entirely correct. The SCI can be based on the MAC address, but doesn't have to be. We can also use any 64-bit number as the SCI. When the SCI based on the MAC address, it uses a 16-bit "port number" provided by userspace, which commit 6fc498b overwrites with 1. In addition, changing the SCI after macsec has been setup can just confuse the receiver. If we configure the RXSC on the peer based on the original SCI, we should keep the same SCI on TX. When the macsec device is being managed by a userspace key negotiation daemon such as wpa_supplicant, commit 6fc498b would also overwrite the SCI defined by userspace. Fixes: 6fc498b ("net: macsec: update SCI upon MAC address change.") Signed-off-by: Sabrina Dubroca <[email protected]> Link: https://lore.kernel.org/r/9b1a9d28327e7eb54550a92eebda45d25e54dd0d.1660667033.git.sd@queasysnail.net Signed-off-by: Jakub Kicinski <[email protected]>
1 parent 9dbdfd4 commit e82c649

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

drivers/net/macsec.c

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -462,11 +462,6 @@ static struct macsec_eth_header *macsec_ethhdr(struct sk_buff *skb)
462462
return (struct macsec_eth_header *)skb_mac_header(skb);
463463
}
464464

465-
static sci_t dev_to_sci(struct net_device *dev, __be16 port)
466-
{
467-
return make_sci(dev->dev_addr, port);
468-
}
469-
470465
static void __macsec_pn_wrapped(struct macsec_secy *secy,
471466
struct macsec_tx_sa *tx_sa)
472467
{
@@ -3661,7 +3656,6 @@ static int macsec_set_mac_address(struct net_device *dev, void *p)
36613656

36623657
out:
36633658
eth_hw_addr_set(dev, addr->sa_data);
3664-
macsec->secy.sci = dev_to_sci(dev, MACSEC_PORT_ES);
36653659

36663660
/* If h/w offloading is available, propagate to the device */
36673661
if (macsec_is_offloaded(macsec)) {
@@ -4000,6 +3994,11 @@ static bool sci_exists(struct net_device *dev, sci_t sci)
40003994
return false;
40013995
}
40023996

3997+
static sci_t dev_to_sci(struct net_device *dev, __be16 port)
3998+
{
3999+
return make_sci(dev->dev_addr, port);
4000+
}
4001+
40034002
static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
40044003
{
40054004
struct macsec_dev *macsec = macsec_priv(dev);

0 commit comments

Comments
 (0)