diff options
| author | Davide Caratti <dcaratti@redhat.com> | 2016-07-22 09:07:56 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2016-07-25 13:55:39 -0400 |
| commit | 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c (patch) | |
| tree | b5001d976b145d30c2d90c1de8da6b8b59275594 /include/uapi/linux | |
| parent | baedbe55884c003819f5c8c063ec3d2569414296 (diff) | |
macsec: limit ICV length to 16 octets
IEEE 802.1AE-2006 standard recommends that the ICV element in a MACsec
frame should not exceed 16 octets: add MACSEC_STD_ICV_LEN in uapi
definitions accordingly, and avoid accepting configurations where the ICV
length exceeds the standard value. Leave definition of MACSEC_MAX_ICV_LEN
unchanged for backwards compatibility with userspace programs.
Fixes: dece8d2b78d1 ("uapi: add MACsec bits")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/if_macsec.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/if_macsec.h b/include/uapi/linux/if_macsec.h index f7d4831a2cc7..02fc49cb72d8 100644 --- a/include/uapi/linux/if_macsec.h +++ b/include/uapi/linux/if_macsec.h | |||
| @@ -26,6 +26,8 @@ | |||
| 26 | 26 | ||
| 27 | #define MACSEC_MIN_ICV_LEN 8 | 27 | #define MACSEC_MIN_ICV_LEN 8 |
| 28 | #define MACSEC_MAX_ICV_LEN 32 | 28 | #define MACSEC_MAX_ICV_LEN 32 |
| 29 | /* upper limit for ICV length as recommended by IEEE802.1AE-2006 */ | ||
| 30 | #define MACSEC_STD_ICV_LEN 16 | ||
| 29 | 31 | ||
| 30 | enum macsec_attrs { | 32 | enum macsec_attrs { |
| 31 | MACSEC_ATTR_UNSPEC, | 33 | MACSEC_ATTR_UNSPEC, |