From nobody Sun Feb 8 06:04:56 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 05EEEEB64D8 for ; Fri, 16 Jun 2023 09:24:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1343859AbjFPJYZ (ORCPT ); Fri, 16 Jun 2023 05:24:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40548 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343780AbjFPJYU (ORCPT ); Fri, 16 Jun 2023 05:24:20 -0400 Received: from ultron (136.red-2-136-200.staticip.rima-tde.net [2.136.200.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 777852117; Fri, 16 Jun 2023 02:24:07 -0700 (PDT) Received: from localhost.localdomain (localhost [127.0.0.1]) by ultron (Postfix) with ESMTP id 46BAE1AC5920; Fri, 16 Jun 2023 11:24:06 +0200 (CEST) From: carlos.fernandez@technica-engineering.de To: carlos.fernandez@technica-engineering.de, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2] net: macsec SCI assignment for ES = 0 Date: Fri, 16 Jun 2023 11:24:04 +0200 Message-Id: <20230616092404.12644-1-carlos.fernandez@technica-engineering.de> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Carlos Fernandez According to 802.1AE standard, when ES and SC flags in TCI are zero, used SCI should be the current active SC_RX. Current kernel does not implement it and uses the header MAC address. Without this patch, when ES =3D 0 (using a bridge or switch), header MAC will not fit the SCI and MACSec frames will be discarted. Signed-off-by: Carlos Fernandez --- drivers/net/macsec.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 3427993f94f7..ccecb7eb385c 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -256,16 +256,31 @@ static sci_t make_sci(const u8 *addr, __be16 port) return sci; } =20 -static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_pres= ent) +static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_pres= ent, + struct macsec_rxh_data *rxd) { + struct macsec_dev *macsec_device; sci_t sci; =20 - if (sci_present) + if (sci_present) { memcpy(&sci, hdr->secure_channel_id, - sizeof(hdr->secure_channel_id)); - else + sizeof(hdr->secure_channel_id)); + } else if (0 =3D=3D (hdr->tci_an & (MACSEC_TCI_ES | MACSEC_TCI_SC))) { + list_for_each_entry_rcu(macsec_device, &rxd->secys, secys) { + struct macsec_rx_sc *rx_sc; + struct macsec_secy *secy =3D &macsec_device->secy; + + for_each_rxsc(secy, rx_sc) { + rx_sc =3D rx_sc ? macsec_rxsc_get(rx_sc) : NULL; + if (rx_sc && rx_sc->active) + return rx_sc->sci; + } + /* If not found, use MAC in hdr as default*/ + sci =3D make_sci(hdr->eth.h_source, MACSEC_PORT_ES); + } + } else { sci =3D make_sci(hdr->eth.h_source, MACSEC_PORT_ES); - + } return sci; } =20 @@ -1150,11 +1165,12 @@ static rx_handler_result_t macsec_handle_frame(stru= ct sk_buff **pskb) =20 macsec_skb_cb(skb)->has_sci =3D !!(hdr->tci_an & MACSEC_TCI_SC); macsec_skb_cb(skb)->assoc_num =3D hdr->tci_an & MACSEC_AN_MASK; - sci =3D macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci); =20 rcu_read_lock(); rxd =3D macsec_data_rcu(skb->dev); =20 + sci =3D macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci, rxd); + list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct macsec_rx_sc *sc =3D find_rx_sc(&macsec->secy, sci); =20 --=20 2.34.1