lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 9 Aug 2023 16:35:04 +0300
From: "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
 pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: macsec: use TX SCI as MAC address



On 09.08.2023 15:10, Sabrina Dubroca wrote:
> 2023-08-09, 09:37:40 +0300, Radu Pirea (OSS) wrote:
>>
>>
>> On 08.08.2023 18:22, Sabrina Dubroca wrote:
>>> 2023-08-08, 17:14:29 +0300, Radu Pirea (NXP OSS) wrote:
>>>> According to IEEE 802.1AE the SCI comprises the MAC address and the port
>>>> identifier.
>>>
>>> I don't think the SCI needs to be composed of the actual device's MAC
>>> address. 8.2.1 says that the MAC address *can* be used to compose the
>>> SCI, but doesn't mandate it.
>> I used IEEE 802.1AE-2018 as documentation and the text is slightly
>> different. However, the purpose of this patch is not to force this match
>> between the MAC address and the SCI, is just to have different MAC addresses
>> when the interfaces are created with an specific SCI.
>>
>> For example, the following command will not set 00:01:be:be:ef:17 as MAC
>> address for the new interface. Would you expect that?
>> ip link add link enet_p2 macsec0 type macsec address 00:01:be:be:ef:17 port
>> 1 encrypt on
> 
> Yes, because "address XXX" comes after "type macsec", so it's an
> argument of "type macsec", not of "ip link". IMO the manpage is pretty
> clear about this.
> 
> The command you want is:
> 
> ip link add link enet_p2 macsec0 addr 00:01:be:be:ef:17 type macsec port 1 encrypt on
Now I see...

> 
> And with this, I don't think your patch is needed at all. It would
> even introduce an undesireable behavior, in case an explicit address
> is provided (as in my command example) alongside a full SCI (instead
> of just the port).
> I agree. Thank you.

-- 
Radu P.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ