From: Davide Caratti <dcaratti@redhat.com>
Date: Mon, 5 Sep 2016 16:20:16 +0000 (+0200)
Subject: macsec: fix maximum ICV length
X-Git-Tag: libnl3_2_29rc1~18^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=6cfe71ef151825681b9106ef34d2346dc94fa1b3;p=libnl

macsec: fix maximum ICV length

Update copy of kernel header 'if_macsec.h' to Linux 4.8-rc5, so that
upstream commit 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c ("macsec: limit
ICV length to 16 octets") is included. Return -NLE_INVAL when trying to
configure an ICV length greater than 16 octets.

Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
---

diff --git a/include/linux-private/linux/if_macsec.h b/include/linux-private/linux/if_macsec.h
index cbd4faa..22939a3 100644
--- a/include/linux-private/linux/if_macsec.h
+++ b/include/linux-private/linux/if_macsec.h
@@ -26,6 +26,8 @@
 
 #define MACSEC_MIN_ICV_LEN 8
 #define MACSEC_MAX_ICV_LEN 32
+/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */
+#define MACSEC_STD_ICV_LEN 16
 
 enum macsec_attrs {
 	MACSEC_ATTR_UNSPEC,
diff --git a/lib/route/link/macsec.c b/lib/route/link/macsec.c
index 2a547a1..b43f176 100644
--- a/lib/route/link/macsec.c
+++ b/lib/route/link/macsec.c
@@ -509,7 +509,7 @@ int rtnl_link_macsec_set_icv_len(struct rtnl_link *link, uint16_t icv_len)
 
 	IS_MACSEC_LINK_ASSERT(link);
 
-	if (icv_len > MACSEC_MAX_ICV_LEN)
+	if (icv_len > MACSEC_STD_ICV_LEN)
 		return -NLE_INVAL;
 
 	info->icv_len = icv_len;