Received: by 2002:a25:c205:0:0:0:0:0 with SMTP id s5csp5917502ybf; Thu, 5 Mar 2020 09:26:08 -0800 (PST) X-Google-Smtp-Source: ADFU+vuNnKW4YEukta1aCtmj2vwc9Uzkj/odDrAUvbi9YckV7n0ZfYPpxiaNO4vcUTY2kzwYHYnb X-Received: by 2002:a54:4f16:: with SMTP id e22mr103556oiy.170.1583429168203; Thu, 05 Mar 2020 09:26:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1583429168; cv=none; d=google.com; s=arc-20160816; b=nRNOx6MWe+00HuGv6E6TP+Kid41RS42GiqLOXI5y+BWsPwBmm7Eafvaik0YKgiLlbG 2g+u2+yG1uS09OTAQbMEF60jLVCqvaz0gnPDUXKrYfBJa9pwZcNrQCTR+C9m1g/uBahP E03tPmSNbgt9+6wFLwoLCXgJJViv+qrNdY04oX+ahi7krdeU0D0vJxCZN7+h92uloM8l tt9tu9idM7GAujIEymeUzxPLoRop9j1TmAU10G6ecTms3X+D/VmyISe1USa7byuU0xtI gisezfwleZCBYSH+h2eDqvmfTY0Nyb0No54TrEUFjkAlu52IH0dqX7SprU80SV61ebad WmaA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=IyoL/+IgIhrmnNhGF4IDbcAVcWIFoOL1tM3KIC92sFo=; b=B13yycZQnRiWxRKYERj29DOOtBBMO+hecF8wqajJmGPh6ShanziGhNeEfuac7FoVDc 4LXokxMqqlsUQkzkxbPMfE2WqvUBAG3yKUOAb5lG6AUAjabJFnr4qUSu4dDp5g1anh9j 61j+u+C0hs6sWosIEgUKc9XKdAczULZ3ZaFIL3EAAbOuIU6+akTWVFq2skiNgUWb+Bs6 NX0gwpLO61VNvBHQt3FlrvIDlMlgccLNAGqeU6dfmFOLscX2fBBAivfqMZzkvXkaL/dr AdiwvBHULsODb+98rWiOXoKV/NHf0tqqhYuvu/xlaiXVrVsNMJpezhA9pMg/VpZaMo25 BPvw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t18si4070977otd.269.2020.03.05.09.25.56; Thu, 05 Mar 2020 09:26:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727545AbgCERY4 (ORCPT + 99 others); Thu, 5 Mar 2020 12:24:56 -0500 Received: from mx2.suse.de ([195.135.220.15]:57996 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725938AbgCERY4 (ORCPT ); Thu, 5 Mar 2020 12:24:56 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay2.suse.de (unknown [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 66418ABBE; Thu, 5 Mar 2020 17:24:54 +0000 (UTC) Received: by unicorn.suse.cz (Postfix, from userid 1000) id 8AF3DE037F; Thu, 5 Mar 2020 18:24:53 +0100 (CET) Date: Thu, 5 Mar 2020 18:24:53 +0100 From: Michal Kubecek To: Era Mayflower Cc: netdev@vger.kernel.org, davem@davemloft.net, linux-kernel@vger.kernel.org Subject: Re: [PATCH 2/2] macsec: Netlink support of XPN cipher suites (IEEE 802.1AEbw) Message-ID: <20200305172453.GB28693@unicorn.suse.cz> References: <20200305220108.18780-1-mayflowerera@gmail.com> <20200305220108.18780-2-mayflowerera@gmail.com> <20200305140241.GA28693@unicorn.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 05, 2020 at 11:53:29PM +0000, Era Mayflower wrote: > Do you think that inserting those new enum values after *_PAD would be > a good solution? Yes, new attribute identifiers should always be added as last so that you don't change existing values. Michal > On Thu, Mar 5, 2020 at 11:51 PM Era Mayflower wrote: > > > > Do you think that inserting those new enum values after *_PAD would be a good solution? > > > > On Thu, Mar 5, 2020 at 2:02 PM Michal Kubecek wrote: > >> > >> On Thu, Mar 05, 2020 at 10:01:08PM +0000, Era Mayflower wrote: > >> > Netlink support of extended packet number cipher suites, > >> > allows adding and updating XPN macsec interfaces. > >> > > >> > Added support in: > >> > * Creating interfaces with GCM-AES-XPN-128 and GCM-AES-XPN-256. > >> > * Setting and getting packet numbers with 64bit of SAs. > >> > * Settings and getting ssci of SCs. > >> > * Settings and getting salt of SecYs. > >> > > >> > Depends on: macsec: Support XPN frame handling - IEEE 802.1AEbw. > >> > > >> > Signed-off-by: Era Mayflower > >> > --- > >> [...] > >> > diff --git a/include/net/macsec.h b/include/net/macsec.h > >> > index a0b1d0b5c..3c7914ff1 100644 > >> > --- a/include/net/macsec.h > >> > +++ b/include/net/macsec.h > >> > @@ -11,6 +11,9 @@ > >> > #include > >> > #include > >> > > >> > +#define MACSEC_DEFAULT_PN_LEN 4 > >> > +#define MACSEC_XPN_PN_LEN 8 > >> > + > >> > #define MACSEC_SALT_LEN 12 > >> > > >> > typedef u64 __bitwise sci_t; > >> > diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h > >> > index 024af2d1d..ee424d915 100644 > >> > --- a/include/uapi/linux/if_link.h > >> > +++ b/include/uapi/linux/if_link.h > >> > @@ -462,6 +462,8 @@ enum { > >> > IFLA_MACSEC_SCB, > >> > IFLA_MACSEC_REPLAY_PROTECT, > >> > IFLA_MACSEC_VALIDATION, > >> > + IFLA_MACSEC_SSCI, > >> > + IFLA_MACSEC_SALT, > >> > IFLA_MACSEC_PAD, > >> > __IFLA_MACSEC_MAX, > >> > }; > >> > >> Doesn't this break backword compatibility? You change the value of > >> IFLA_MACSEC_PAD; even if it's only used as padding, if an old client > >> uses it, new kernel will interpret it as IFLA_MACSEC_SSCI (an the same > >> holds for new client with old kernel). > >> > >> > diff --git a/include/uapi/linux/if_macsec.h b/include/uapi/linux/if_macsec.h > >> > index 1d63c43c3..c8fab9673 100644 > >> > --- a/include/uapi/linux/if_macsec.h > >> > +++ b/include/uapi/linux/if_macsec.h > >> > @@ -25,6 +25,8 @@ > >> > /* cipher IDs as per IEEE802.1AEbn-2011 */ > >> > #define MACSEC_CIPHER_ID_GCM_AES_128 0x0080C20001000001ULL > >> > #define MACSEC_CIPHER_ID_GCM_AES_256 0x0080C20001000002ULL > >> > +#define MACSEC_CIPHER_ID_GCM_AES_XPN_128 0x0080C20001000003ULL > >> > +#define MACSEC_CIPHER_ID_GCM_AES_XPN_256 0x0080C20001000004ULL > >> > > >> > /* deprecated cipher ID for GCM-AES-128 */ > >> > #define MACSEC_DEFAULT_CIPHER_ID 0x0080020001000001ULL > >> > @@ -66,6 +68,8 @@ enum macsec_secy_attrs { > >> > MACSEC_SECY_ATTR_INC_SCI, > >> > MACSEC_SECY_ATTR_ES, > >> > MACSEC_SECY_ATTR_SCB, > >> > + MACSEC_SECY_ATTR_SSCI, > >> > + MACSEC_SECY_ATTR_SALT, > >> > MACSEC_SECY_ATTR_PAD, > >> > __MACSEC_SECY_ATTR_END, > >> > NUM_MACSEC_SECY_ATTR = __MACSEC_SECY_ATTR_END, > >> > @@ -78,6 +82,7 @@ enum macsec_rxsc_attrs { > >> > MACSEC_RXSC_ATTR_ACTIVE, /* config/dump, u8 0..1 */ > >> > MACSEC_RXSC_ATTR_SA_LIST, /* dump, nested */ > >> > MACSEC_RXSC_ATTR_STATS, /* dump, nested, macsec_rxsc_stats_attr */ > >> > + MACSEC_RXSC_ATTR_SSCI, /* config/dump, u32 */ > >> > MACSEC_RXSC_ATTR_PAD, > >> > __MACSEC_RXSC_ATTR_END, > >> > NUM_MACSEC_RXSC_ATTR = __MACSEC_RXSC_ATTR_END, > >> > >> The same problem with these two. > >> > >> I'm also a bit unsure about the change of type and length of > >> MACSEC_SA_ATTR_PN but I would have to get more familiar with the code to > >> see if it is really a problem. > >> > >> Michal