summaryrefslogtreecommitdiff
path: root/drivers/net/macsec.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/net/macsec.c')
-rw-r--r--drivers/net/macsec.c75
1 files changed, 45 insertions, 30 deletions
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 3ea47f28e143..f83cf6696820 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -397,6 +397,14 @@ static struct macsec_cb *macsec_skb_cb(struct sk_buff *skb)
#define DEFAULT_ENCRYPT false
#define DEFAULT_ENCODING_SA 0
+static bool send_sci(const struct macsec_secy *secy)
+{
+ const struct macsec_tx_sc *tx_sc = &secy->tx_sc;
+
+ return tx_sc->send_sci ||
+ (secy->n_rx_sc > 1 && !tx_sc->end_station && !tx_sc->scb);
+}
+
static sci_t make_sci(u8 *addr, __be16 port)
{
sci_t sci;
@@ -437,15 +445,15 @@ static unsigned int macsec_extra_len(bool sci_present)
/* Fill SecTAG according to IEEE 802.1AE-2006 10.5.3 */
static void macsec_fill_sectag(struct macsec_eth_header *h,
- const struct macsec_secy *secy, u32 pn)
+ const struct macsec_secy *secy, u32 pn,
+ bool sci_present)
{
const struct macsec_tx_sc *tx_sc = &secy->tx_sc;
- memset(&h->tci_an, 0, macsec_sectag_len(tx_sc->send_sci));
+ memset(&h->tci_an, 0, macsec_sectag_len(sci_present));
h->eth.h_proto = htons(ETH_P_MACSEC);
- if (tx_sc->send_sci ||
- (secy->n_rx_sc > 1 && !tx_sc->end_station && !tx_sc->scb)) {
+ if (sci_present) {
h->tci_an |= MACSEC_TCI_SC;
memcpy(&h->secure_channel_id, &secy->sci,
sizeof(h->secure_channel_id));
@@ -650,6 +658,7 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
struct macsec_tx_sc *tx_sc;
struct macsec_tx_sa *tx_sa;
struct macsec_dev *macsec = macsec_priv(dev);
+ bool sci_present;
u32 pn;
secy = &macsec->secy;
@@ -687,7 +696,8 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
unprotected_len = skb->len;
eth = eth_hdr(skb);
- hh = (struct macsec_eth_header *)skb_push(skb, macsec_extra_len(tx_sc->send_sci));
+ sci_present = send_sci(secy);
+ hh = (struct macsec_eth_header *)skb_push(skb, macsec_extra_len(sci_present));
memmove(hh, eth, 2 * ETH_ALEN);
pn = tx_sa_update_pn(tx_sa, secy);
@@ -696,7 +706,7 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
kfree_skb(skb);
return ERR_PTR(-ENOLINK);
}
- macsec_fill_sectag(hh, secy, pn);
+ macsec_fill_sectag(hh, secy, pn, sci_present);
macsec_set_shortlen(hh, unprotected_len - 2 * ETH_ALEN);
skb_put(skb, secy->icv_len);
@@ -726,10 +736,10 @@ static struct sk_buff *macsec_encrypt(struct sk_buff *skb,
skb_to_sgvec(skb, sg, 0, skb->len);
if (tx_sc->encrypt) {
- int len = skb->len - macsec_hdr_len(tx_sc->send_sci) -
+ int len = skb->len - macsec_hdr_len(sci_present) -
secy->icv_len;
aead_request_set_crypt(req, sg, sg, len, iv);
- aead_request_set_ad(req, macsec_hdr_len(tx_sc->send_sci));
+ aead_request_set_ad(req, macsec_hdr_len(sci_present));
} else {
aead_request_set_crypt(req, sg, sg, 0, iv);
aead_request_set_ad(req, skb->len - secy->icv_len);
@@ -1421,14 +1431,7 @@ static void clear_tx_sa(struct macsec_tx_sa *tx_sa)
macsec_txsa_put(tx_sa);
}
-static struct genl_family macsec_fam = {
- .id = GENL_ID_GENERATE,
- .name = MACSEC_GENL_NAME,
- .hdrsize = 0,
- .version = MACSEC_GENL_VERSION,
- .maxattr = MACSEC_ATTR_MAX,
- .netnsok = true,
-};
+static struct genl_family macsec_fam;
static struct net_device *get_dev_from_nl(struct net *net,
struct nlattr **attrs)
@@ -2655,6 +2658,17 @@ static const struct genl_ops macsec_genl_ops[] = {
},
};
+static struct genl_family macsec_fam __ro_after_init = {
+ .name = MACSEC_GENL_NAME,
+ .hdrsize = 0,
+ .version = MACSEC_GENL_VERSION,
+ .maxattr = MACSEC_ATTR_MAX,
+ .netnsok = true,
+ .module = THIS_MODULE,
+ .ops = macsec_genl_ops,
+ .n_ops = ARRAY_SIZE(macsec_genl_ops),
+};
+
static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
struct net_device *dev)
{
@@ -2970,6 +2984,8 @@ static void macsec_free_netdev(struct net_device *dev)
static void macsec_setup(struct net_device *dev)
{
ether_setup(dev);
+ dev->min_mtu = 0;
+ dev->max_mtu = ETH_MAX_MTU;
dev->priv_flags |= IFF_NO_QUEUE;
dev->netdev_ops = &macsec_netdev_ops;
dev->destructor = macsec_free_netdev;
@@ -3330,19 +3346,18 @@ static struct net *macsec_get_link_net(const struct net_device *dev)
static size_t macsec_get_size(const struct net_device *dev)
{
- return 0 +
- nla_total_size_64bit(8) + /* SCI */
- nla_total_size(1) + /* ICV_LEN */
- nla_total_size_64bit(8) + /* CIPHER_SUITE */
- nla_total_size(4) + /* WINDOW */
- nla_total_size(1) + /* ENCODING_SA */
- nla_total_size(1) + /* ENCRYPT */
- nla_total_size(1) + /* PROTECT */
- nla_total_size(1) + /* INC_SCI */
- nla_total_size(1) + /* ES */
- nla_total_size(1) + /* SCB */
- nla_total_size(1) + /* REPLAY_PROTECT */
- nla_total_size(1) + /* VALIDATION */
+ return nla_total_size_64bit(8) + /* IFLA_MACSEC_SCI */
+ nla_total_size(1) + /* IFLA_MACSEC_ICV_LEN */
+ nla_total_size_64bit(8) + /* IFLA_MACSEC_CIPHER_SUITE */
+ nla_total_size(4) + /* IFLA_MACSEC_WINDOW */
+ nla_total_size(1) + /* IFLA_MACSEC_ENCODING_SA */
+ nla_total_size(1) + /* IFLA_MACSEC_ENCRYPT */
+ nla_total_size(1) + /* IFLA_MACSEC_PROTECT */
+ nla_total_size(1) + /* IFLA_MACSEC_INC_SCI */
+ nla_total_size(1) + /* IFLA_MACSEC_ES */
+ nla_total_size(1) + /* IFLA_MACSEC_SCB */
+ nla_total_size(1) + /* IFLA_MACSEC_REPLAY_PROTECT */
+ nla_total_size(1) + /* IFLA_MACSEC_VALIDATION */
0;
}
@@ -3460,7 +3475,7 @@ static int __init macsec_init(void)
if (err)
goto notifier;
- err = genl_register_family_with_ops(&macsec_fam, macsec_genl_ops);
+ err = genl_register_family(&macsec_fam);
if (err)
goto rtnl;
generated by cgit v1.2.3 (git 2.39.0) at 2025-02-06 07:53:37 +0300