From nobody Sat Feb 7 08:45:13 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 53FA2EB64DA for ; Thu, 22 Jun 2023 11:56:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230319AbjFVL4A (ORCPT ); Thu, 22 Jun 2023 07:56:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:49746 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbjFVLz6 (ORCPT ); Thu, 22 Jun 2023 07:55:58 -0400 Received: from ultron (136.red-2-136-200.staticip.rima-tde.net [2.136.200.136]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 9C1A4171C; Thu, 22 Jun 2023 04:55:54 -0700 (PDT) Received: from localhost.localdomain (localhost [127.0.0.1]) by ultron (Postfix) with ESMTP id DE00D1AC0361; Thu, 22 Jun 2023 13:55:52 +0200 (CEST) From: carlos.fernandez@technica-engineering.de To: carlos.fernandez@technica-engineering.de, sd@queasysnail.net, davem@davemloft.net, edumazet@google.com, kuba@kernel.org, pabeni@redhat.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v4] net: macsec SCI assignment for ES = 0 Date: Thu, 22 Jun 2023 13:55:51 +0200 Message-Id: <20230622115551.9163-1-carlos.fernandez@technica-engineering.de> X-Mailer: git-send-email 2.17.1 Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" From: Carlos Fernandez According to 802.1AE standard, when ES and SC flags in TCI are zero, used SCI should be the current active SC_RX. Current kernel does not implement it and uses the header MAC address. Without this patch, when ES =3D 0 (using a bridge or switch), header MAC will not fit the SCI and MACSec frames will be discarted. Signed-off-by: Carlos Fernandez --- drivers/net/macsec.c | 28 ++++++++++++++++++++++------ 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 3427993f94f7..46a7776ef9a2 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -256,16 +256,31 @@ static sci_t make_sci(const u8 *addr, __be16 port) return sci; } =20 -static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_pres= ent) +static sci_t macsec_frame_sci(struct macsec_eth_header *hdr, bool sci_pres= ent, + struct macsec_rxh_data *rxd) { + struct macsec_dev *macsec_device; sci_t sci; =20 - if (sci_present) + if (sci_present) { memcpy(&sci, hdr->secure_channel_id, - sizeof(hdr->secure_channel_id)); - else + sizeof(hdr->secure_channel_id));=09 + } else if (!(hdr->tci_an & (MACSEC_TCI_ES | MACSEC_TCI_SC))) { + list_for_each_entry_rcu(macsec_device, &rxd->secys, secys) { + struct macsec_secy *secy =3D &macsec_device->secy; + struct macsec_rx_sc *rx_sc; + + for_each_rxsc(secy, rx_sc) { + rx_sc =3D rx_sc ? macsec_rxsc_get(rx_sc) : NULL; + if (rx_sc && rx_sc->active) + return rx_sc->sci; + } + } + /* If not found, use MAC in hdr as default*/ sci =3D make_sci(hdr->eth.h_source, MACSEC_PORT_ES); - + } else { + sci =3D make_sci(hdr->eth.h_source, MACSEC_PORT_ES); + } return sci; } =20 @@ -1150,11 +1165,12 @@ static rx_handler_result_t macsec_handle_frame(stru= ct sk_buff **pskb) =20 macsec_skb_cb(skb)->has_sci =3D !!(hdr->tci_an & MACSEC_TCI_SC); macsec_skb_cb(skb)->assoc_num =3D hdr->tci_an & MACSEC_AN_MASK; - sci =3D macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci); =20 rcu_read_lock(); rxd =3D macsec_data_rcu(skb->dev); =20 + sci =3D macsec_frame_sci(hdr, macsec_skb_cb(skb)->has_sci, rxd); + list_for_each_entry_rcu(macsec, &rxd->secys, secys) { struct macsec_rx_sc *sc =3D find_rx_sc(&macsec->secy, sci); =20 --=20 2.34.1