macsec: limit ICV length to 16 octets IEEE 802.1AE-2006 standard recommends that the ICV element in a MACsec frame should not exceed 16 octets: add MACSEC_STD_ICV_LEN in uapi definitions accordingly, and avoid accepting configurations where the ICV length exceeds the standard value. Leave definition of MACSEC_MAX_ICV_LEN unchanged for backwards compatibility with userspace programs. Fixes: dece8d2b78d1 ("uapi: add MACsec bits") Signed-off-by: Davide Caratti <dcaratti@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 2ccbe2cb79f2f74ab739252299b6f9ff27586f2c [log] [tgz]
author: Davide Caratti <dcaratti@redhat.com> Fri Jul 22 15:07:56 2016 +0200
committer: David S. Miller <davem@davemloft.net> Mon Jul 25 10:55:39 2016 -0700
tree: b5001d976b145d30c2d90c1de8da6b8b59275594
parent: baedbe55884c003819f5c8c063ec3d2569414296 [diff] [blame]
diff --git a/include/uapi/linux/if_macsec.h b/include/uapi/linux/if_macsec.h
index f7d4831..02fc49c 100644
--- a/include/uapi/linux/if_macsec.h
+++ b/include/uapi/linux/if_macsec.h

@@ -26,6 +26,8 @@
 
 #define MACSEC_MIN_ICV_LEN 8
 #define MACSEC_MAX_ICV_LEN 32
+/* upper limit for ICV length as recommended by IEEE802.1AE-2006 */
+#define MACSEC_STD_ICV_LEN 16
 
 enum macsec_attrs {
 	MACSEC_ATTR_UNSPEC,
commit	2ccbe2cb79f2f74ab739252299b6f9ff27586f2c	[log] [tgz]
author	Davide Caratti <dcaratti@redhat.com>	Fri Jul 22 15:07:56 2016 +0200
committer	David S. Miller <davem@davemloft.net>	Mon Jul 25 10:55:39 2016 -0700
tree	b5001d976b145d30c2d90c1de8da6b8b59275594
parent	baedbe55884c003819f5c8c063ec3d2569414296 [diff] [blame]