git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Rahul Rameshbabu <rrameshbabu@nvidia.com>
	Tue, 30 Apr 2024 00:43:04 +0000 (17:43 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 2 May 2024 14:32:50 +0000 (16:32 +0200)
commit	6c3020dc817f8d08fc0ea48dd004782e7c204d92
tree	c7cde3c82da59f89152d2dfe0250959bc624bca4	tree
parent	ee5dde3aa2fd887a240146a000075a72eeedea04	commit \| diff

macsec: Detect if Rx skb is macsec-related for offloading devices that update md_dst

commit 642c984dd0e37dbaec9f87bd1211e5fac1f142bf upstream.

Can now correctly identify where the packets should be delivered by using
md_dst or its absence on devices that provide it.

This detection is not possible without device drivers that update md_dst. A
fallback pattern should be used for supporting such device drivers. This
fallback mode causes multicast messages to be cloned to both the non-macsec
and macsec ports, independent of whether the multicast message received was
encrypted over MACsec or not. Other non-macsec traffic may also fail to be
handled correctly for devices in promiscuous mode.

Link: https://lore.kernel.org/netdev/ZULRxX9eIbFiVi7v@hog/
Cc: Sabrina Dubroca <sd@queasysnail.net>
Cc: stable@vger.kernel.org
Fixes: 860ead89b851 ("net/macsec: Add MACsec skb_metadata_dst Rx Data path support")
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
Reviewed-by: Benjamin Poirier <bpoirier@nvidia.com>
Reviewed-by: Cosmin Ratiu <cratiu@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Link: https://lore.kernel.org/r/20240423181319.115860-4-rrameshbabu@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>