git.ipfire.org Git - thirdparty/kernel/linux.git/commit

Merge branch 'macsec-replace-custom-netlink-attribute-checks-with-policy-level-checks'

Sabrina Dubroca says:

====================
macsec: replace custom netlink attribute checks with policy-level checks

We can simplify attribute validation a lot by describing the accepted
ranges more precisely in the policies, using NLA_POLICY_MAX etc.

Some of the checks still need to be done later on, because the
attribute length and acceptable range can vary based on values that
can't be known when the policy is validated (cipher suite determines
the key length and valid ICV length, presence of XPN changes the PN
length, detection of duplicate SCIs or ANs, etc).

As a bonus, we get a few extack messages from the policy
validation. I'll add extack to the rest of the checks (mostly in the
genl commands) in an future series.

v1: https://lore.kernel.org/netdev/cover.1664379352.git.sd@queasysnail.net
====================

Link: https://patch.msgid.link/cover.1756202772.git.sd@queasysnail.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

author	Jakub Kicinski <kuba@kernel.org>
	Thu, 28 Aug 2025 01:34:55 +0000 (18:34 -0700)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 28 Aug 2025 01:34:56 +0000 (18:34 -0700)
commit	ef5ca97293ba4a8fd809ad87230a8ec0a0d42dec
tree	e7ab5a2e16c5d1567528e913f27a552cead84f2d	tree \| snapshot
parent	86b26768167ad030b9d4885d484e08a30e6b8df9	commit \| diff
parent	db9dfc4d30dd844a616cec3a087eaa0a808712d0	commit \| diff