From: Jakub Kicinski <kuba@kernel.org>
Date: Thu, 28 Aug 2025 01:34:55 +0000 (-0700)
Subject: Merge branch 'macsec-replace-custom-netlink-attribute-checks-with-policy-level-checks'
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef5ca97293ba4a8fd809ad87230a8ec0a0d42dec;p=thirdparty%2Fkernel%2Fstable.git

Merge branch 'macsec-replace-custom-netlink-attribute-checks-with-policy-level-checks'

Sabrina Dubroca says:

====================
macsec: replace custom netlink attribute checks with policy-level checks

We can simplify attribute validation a lot by describing the accepted
ranges more precisely in the policies, using NLA_POLICY_MAX etc.

Some of the checks still need to be done later on, because the
attribute length and acceptable range can vary based on values that
can't be known when the policy is validated (cipher suite determines
the key length and valid ICV length, presence of XPN changes the PN
length, detection of duplicate SCIs or ANs, etc).

As a bonus, we get a few extack messages from the policy
validation. I'll add extack to the rest of the checks (mostly in the
genl commands) in an future series.

v1: https://lore.kernel.org/netdev/cover.1664379352.git.sd@queasysnail.net
====================

Link: https://patch.msgid.link/cover.1756202772.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
---

ef5ca97293ba4a8fd809ad87230a8ec0a0d42dec