macsec: fix maximum ICV length

Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>

diff --git a/include/linux-private/linux/if_macsec.h b/include/linux-private/linux/if_macsec.h
index cbd4faa353f41a52989c36491155b6a2b66c5a73..22939a3ec8ea2730f06537703469a1b47e48d37b 100644 (file)
--- a/include/linux-private/linux/if_macsec.h
+++ b/include/linux-private/linux/if_macsec.h
@@ -26,6 +26,8 @@
 
 #define MACSEC_MIN_ICV_LEN 8
 #define MACSEC_MAX_ICV_LEN 32
+/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */
+#define MACSEC_STD_ICV_LEN 16
 
 enum macsec_attrs {
        MACSEC_ATTR_UNSPEC,

diff --git a/lib/route/link/macsec.c b/lib/route/link/macsec.c
index 2a547a1f9da76d49dc204e3d4cdc0faf957508b8..b43f1767285b89f77336eac51417cdc404207e3a 100644 (file)
--- a/lib/route/link/macsec.c
+++ b/lib/route/link/macsec.c
@@ -509,7 +509,7 @@ int rtnl_link_macsec_set_icv_len(struct rtnl_link *link, uint16_t icv_len)
 
        IS_MACSEC_LINK_ASSERT(link);
 
-       if (icv_len > MACSEC_MAX_ICV_LEN)
+       if (icv_len > MACSEC_STD_ICV_LEN)
                return -NLE_INVAL;
 
        info->icv_len = icv_len;