lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZNOCLV6NZvzuPeWB@hog>
Date:   Wed, 9 Aug 2023 14:10:21 +0200
From:   Sabrina Dubroca <sd@...asysnail.net>
To:     "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com>
Cc:     davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
        pabeni@...hat.com, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: macsec: use TX SCI as MAC address

2023-08-09, 09:37:40 +0300, Radu Pirea (OSS) wrote:
> 
> 
> On 08.08.2023 18:22, Sabrina Dubroca wrote:
> > 2023-08-08, 17:14:29 +0300, Radu Pirea (NXP OSS) wrote:
> > > According to IEEE 802.1AE the SCI comprises the MAC address and the port
> > > identifier.
> > 
> > I don't think the SCI needs to be composed of the actual device's MAC
> > address. 8.2.1 says that the MAC address *can* be used to compose the
> > SCI, but doesn't mandate it.
> I used IEEE 802.1AE-2018 as documentation and the text is slightly
> different. However, the purpose of this patch is not to force this match
> between the MAC address and the SCI, is just to have different MAC addresses
> when the interfaces are created with an specific SCI.
> 
> For example, the following command will not set 00:01:be:be:ef:17 as MAC
> address for the new interface. Would you expect that?
> ip link add link enet_p2 macsec0 type macsec address 00:01:be:be:ef:17 port
> 1 encrypt on

Yes, because "address XXX" comes after "type macsec", so it's an
argument of "type macsec", not of "ip link". IMO the manpage is pretty
clear about this.

The command you want is:

ip link add link enet_p2 macsec0 addr 00:01:be:be:ef:17 type macsec port 1 encrypt on

And with this, I don't think your patch is needed at all. It would
even introduce an undesireable behavior, in case an explicit address
is provided (as in my command example) alongside a full SCI (instead
of just the port).

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ