git.baikalelectronics.ru Git - kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Wed, 17 Aug 2022 12:54:36 +0000 (14:54 +0200)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 19 Aug 2022 23:50:36 +0000 (16:50 -0700)
commit	40ff2a581c83937114fc52380897a937883eb2bb
tree	6853ae0db1837ee3c7ba4a6df816c607f92e9a3b	tree \| snapshot
parent	0f6adcb2c433e6cbf79871f9dce882761f4295e9	commit \| diff

Revert "net: macsec: update SCI upon MAC address change."

This reverts commit ce6b22679cfdb8455478ed555073ef3bceb8805f.

Commit ce6b22679cfd states:

SCI should be updated, because it contains MAC in its first 6
octets.

That's not entirely correct. The SCI can be based on the MAC address,
but doesn't have to be. We can also use any 64-bit number as the
SCI. When the SCI based on the MAC address, it uses a 16-bit "port
number" provided by userspace, which commit ce6b22679cfd overwrites
with 1.

In addition, changing the SCI after macsec has been setup can just
confuse the receiver. If we configure the RXSC on the peer based on
the original SCI, we should keep the same SCI on TX.

When the macsec device is being managed by a userspace key negotiation
daemon such as wpa_supplicant, commit ce6b22679cfd would also
overwrite the SCI defined by userspace.

Fixes: ce6b22679cfd ("net: macsec: update SCI upon MAC address change.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/9b1a9d28327e7eb54550a92eebda45d25e54dd0d.1660667033.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>