git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/commit

author	Sabrina Dubroca <sd@queasysnail.net>
	Wed, 17 Aug 2022 12:54:36 +0000 (14:54 +0200)
committer	Stefan Bader <stefan.bader@canonical.com>
	Fri, 7 Oct 2022 08:39:20 +0000 (10:39 +0200)
commit	6388cbd24ab6d656e8ec35eace8759d1c4fbb069
tree	ed29e622bdaf1a18b8b607174a21c2d4cb08eccb	tree
parent	79edc4aa5c6ac650efdf911c60cb13d271a67ab9	commit \| diff

Revert "net: macsec: update SCI upon MAC address change."

BugLink: https://bugs.launchpad.net/bugs/1991717
[ Upstream commit e82c649e851c9c25367fb7a2a6cf3479187de467 ]

This reverts commit 6fc498bc82929ee23aa2f35a828c6178dfd3f823.

Commit 6fc498bc8292 states:

SCI should be updated, because it contains MAC in its first 6
octets.

That's not entirely correct. The SCI can be based on the MAC address,
but doesn't have to be. We can also use any 64-bit number as the
SCI. When the SCI based on the MAC address, it uses a 16-bit "port
number" provided by userspace, which commit 6fc498bc8292 overwrites
with 1.

In addition, changing the SCI after macsec has been setup can just
confuse the receiver. If we configure the RXSC on the peer based on
the original SCI, we should keep the same SCI on TX.

When the macsec device is being managed by a userspace key negotiation
daemon such as wpa_supplicant, commit 6fc498bc8292 would also
overwrite the SCI defined by userspace.

Fixes: 6fc498bc8292 ("net: macsec: update SCI upon MAC address change.")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/9b1a9d28327e7eb54550a92eebda45d25e54dd0d.1660667033.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>