lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CO1PR18MB46669260F623B69ABBC275E1A1609@CO1PR18MB4666.namprd18.prod.outlook.com>
Date:   Fri, 21 Apr 2023 05:55:19 +0000
From:   Subbaraya Sundeep Bhatta <sbhatta@...vell.com>
To:     "ehakim@...dia.com" <ehakim@...dia.com>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "kuba@...nel.org" <kuba@...nel.org>,
        "pabeni@...hat.com" <pabeni@...hat.com>,
        "edumazet@...gle.com" <edumazet@...gle.com>,
        "sd@...asysnail.net" <sd@...asysnail.net>
CC:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "leon@...nel.org" <leon@...nel.org>
Subject: RE: [PATCH net-next v7 5/5] macsec: Don't rely solely on the dst MAC
 address to identify destination MACsec device



>-----Original Message-----
>From: Emeel Hakim <ehakim@...dia.com> <ehakim@...dia.com>
>Sent: Wednesday, April 19, 2023 7:51 PM
>To: davem@...emloft.net; kuba@...nel.org; pabeni@...hat.com;
>edumazet@...gle.com; sd@...asysnail.net
>Cc: netdev@...r.kernel.org; leon@...nel.org; Emeel Hakim
><ehakim@...dia.com>
>Subject: [PATCH net-next v7 5/5] macsec: Don't rely solely on the dst MAC
>address to identify destination MACsec device
>
>Offloading device drivers will mark offloaded MACsec SKBs with the
>corresponding SCI in the skb_metadata_dst so the macsec rx handler will
>know to which interface to divert those skbs, in case of a marked skb and a
>mismatch on the dst MAC address, divert the skb to the macsec net_device
>where the macsec rx_handler will be called to consider cases where relying
>solely on the dst MAC address is insufficient.
>
>One such instance is when using MACsec with a VLAN as an inner header,
>where the packet structure is ETHERNET | SECTAG | VLAN.
>In such a scenario, the dst MAC address in the ethernet header will
>correspond to the VLAN MAC address, resulting in a mismatch.
>
>Signed-off-by: Emeel Hakim <ehakim@...dia.com>

Reviewed-by: Subbaraya Sundeep <sbhatta@...vell.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ