summaryrefslogtreecommitdiff
path: root/lib/mpi/mpi-mod.c
diff options
context:
space:
mode:
authorSabrina Dubroca <sd@queasysnail.net>2022-07-22 11:16:29 +0200
committerDavid S. Miller <davem@davemloft.net>2022-07-25 11:49:25 +0100
commitb07a0e2044057f201d694ab474f5c42a02b6465b (patch)
treed6f26638c9c41443a224b7513fd2e59317af46c5 /lib/mpi/mpi-mod.c
parent3240eac4ff20e51b87600dbd586ed814daf313db (diff)
macsec: limit replay window size with XPN
IEEE 802.1AEbw-2013 (section 10.7.8) specifies that the maximum value of the replay window is 2^30-1, to help with recovery of the upper bits of the PN. To avoid leaving the existing macsec device in an inconsistent state if this test fails during changelink, reuse the cleanup mechanism introduced for HW offload. This wasn't needed until now because macsec_changelink_common could not fail during changelink, as modifying the cipher suite was not allowed. Finally, this must happen after handling IFLA_MACSEC_CIPHER_SUITE so that secy->xpn is set. Fixes: 48ef50fa866a ("macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw)") Signed-off-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/mpi/mpi-mod.c')
0 files changed, 0 insertions, 0 deletions