macsec: Fix header length if SCI is added if explicitly disabled - linux-dev - Linux kernel development work

diff options

author	Tobias Brunner <tobias@strongswan.org>	2016-10-24 15:44:26 +0200
committer	David S. Miller <davem@davemloft.net>	2016-10-27 16:21:00 -0400
commit	e0f841f5cbf2a195c63f3441f3d8ef1cd2bdeeed (patch)
tree	dee1989eb0d3ce80167b44b12ee6c6000e26279a /Kconfig
parent	at803x: double check SGMII side autoneg (diff)
download	linux-dev-e0f841f5cbf2a195c63f3441f3d8ef1cd2bdeeed.tar.xz linux-dev-e0f841f5cbf2a195c63f3441f3d8ef1cd2bdeeed.zip

macsec: Fix header length if SCI is added if explicitly disabled

Even if sending SCIs is explicitly disabled, the code that creates the Security Tag might still decide to add it (e.g. if multiple RX SCs are defined on the MACsec interface). But because the header length so far only depended on the configuration option the SCI overwrote the original frame's contents (EtherType and e.g. the beginning of the IP header) and if encrypted did not visibly end up in the packet, while the SC flag in the TCI field of the Security Tag was still set, resulting in invalid MACsec frames. Fixes: c09440f7dcb3 ("macsec: introduce IEEE 802.1AE driver") Signed-off-by: Tobias Brunner <tobias@strongswan.org> Acked-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to '')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: