macsec: fix endianness for MACSec's 'sci' parameter

Update rc1 with new relevant patches from upstream.
2016-12-16 16:27:40 +01:00 · 2016-12-16 16:27:40 +01:00 · ac14ac36a3
commit ac14ac36a3
parent 7999874a14
2 changed files with 252 additions and 1 deletions
--- a/0001-macsec-sci-endianness.patch
+++ b/0001-macsec-sci-endianness.patch
@ -0,0 +1,245 @@
+From 02b273dec88710459719073ef79ac3fbb9975f24 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Thu, 15 Dec 2016 14:41:54 +0100
+Subject: [PATCH 1/3] Revert "macsec: fix endianness of 'sci' parameter"
+
+The commit changed the API from libnl 3.2.28: restore the old
+behavior.
+
+This reverts commit cd758fbfee07768ff200f46d7090fa8d0e6b300f.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+Signed-off-by: Thomas Haller <thaller@redhat.com>
+---
+ lib/route/link/macsec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/route/link/macsec.c b/lib/route/link/macsec.c
+index 186e8d1..eccfbfa 100644
+--- a/lib/route/link/macsec.c
+++ b/lib/route/link/macsec.c
+@@ -104,7 +104,7 @@ static int macsec_parse(struct rtnl_link *link, struct nlattr *data,
+ 	info = link->l_info;
+ 
+ 	if (tb[IFLA_MACSEC_SCI]) {
+-		info->sci = ntohll(nla_get_u64(tb[IFLA_MACSEC_SCI]));
+		info->sci = nla_get_u64(tb[IFLA_MACSEC_SCI]);
+ 		info->ce_mask |= MACSEC_ATTR_SCI;
+ 	}
+ 
+@@ -277,7 +277,7 @@ static int macsec_put_attrs(struct nl_msg *msg, struct rtnl_link *link)
+ 		return -NLE_MSGSIZE;
+ 
+ 	if (info->ce_mask & MACSEC_ATTR_SCI)
+-		NLA_PUT_U64(msg, IFLA_MACSEC_SCI, htonll(info->sci));
+		NLA_PUT_U64(msg, IFLA_MACSEC_SCI, info->sci);
+ 	else if (info->ce_mask & MACSEC_ATTR_PORT)
+ 		NLA_PUT_U16(msg, IFLA_MACSEC_PORT, htons(info->port));
+ 
+-- 
+2.9.3
+
+
+From c1f41173ed112eca2bb8febc57f4bacf5f3e3287 Mon Sep 17 00:00:00 2001
+From: Beniamino Galvani <bgalvani@redhat.com>
+Date: Thu, 15 Dec 2016 14:41:55 +0100
+Subject: [PATCH 2/3] macsec: document byte order for the SCI and port
+ attributes
+
+Document that the SCI is in network order while the port is in host
+order.
+
+Signed-off-by: Beniamino Galvani <bgalvani@redhat.com>
+Signed-off-by: Thomas Haller <thaller@redhat.com>
+---
+ lib/route/link/macsec.c | 64 ++++++++++++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 63 insertions(+), 1 deletion(-)
+
+diff --git a/lib/route/link/macsec.c b/lib/route/link/macsec.c
+index eccfbfa..d177236 100644
+--- a/lib/route/link/macsec.c
+++ b/lib/route/link/macsec.c
+@@ -9,6 +9,18 @@
+  * Copyright (c) 2016 Sabrina Dubroca <sd@queasysnail.net>
+  */
+ 
+/**
+ * @ingroup link
+ * @defgroup macsec MACsec
+ * MACsec link module
+ *
+ * @details
+ * \b Link Type Name: "macsec"
+ *
+ * @route_doc{link_macsec, MACsec Documentation}
+ *
+ * @{
+ */
+ #include <netlink-private/netlink.h>
+ #include <netlink/netlink.h>
+ #include <netlink/attr.h>
+@@ -20,6 +32,7 @@
+ 
+ #include <linux/if_macsec.h>
+ 
+/** @cond SKIP */
+ #define MACSEC_ATTR_SCI			(1 << 0)
+ #define MACSEC_ATTR_ICV_LEN		(1 << 1)
+ #define MACSEC_ATTR_CIPHER_SUITE	(1 << 2)
+@@ -49,6 +62,10 @@ struct macsec_info {
+ 	uint32_t ce_mask;
+ };
+ 
+#define DEFAULT_ICV_LEN 16
+
+/** @endcond */
+
+ static struct nla_policy macsec_policy[IFLA_MACSEC_MAX+1] = {
+ 	[IFLA_MACSEC_SCI] = { .type = NLA_U64 },
+ 	[IFLA_MACSEC_ICV_LEN] = { .type = NLA_U8 },
+@@ -64,8 +81,16 @@ static struct nla_policy macsec_policy[IFLA_MACSEC_MAX+1] = {
+ 	[IFLA_MACSEC_VALIDATION] = { .type = NLA_U8 },
+ };
+ 
+-#define DEFAULT_ICV_LEN 16
+/**
+ * @name MACsec Object
+ * @{
+ */
+ 
+/**
+ * Allocate link object of type MACsec
+ *
+ * @return Allocated link object or NULL.
+ */
+ static int macsec_alloc(struct rtnl_link *link)
+ {
+ 	struct macsec_info *info;
+@@ -195,7 +220,9 @@ static char *replay_protect_str(char *buf, uint8_t replay_protect, uint8_t windo
+ 	return buf;
+ }
+ 
+/** @cond SKIP */
+ #define PRINT_FLAG(buf, i, field, c) ({ if (i->field == 1) *buf++ = c; })
+/** @endcond */
+ static char *flags_str(char *buf, unsigned char len, struct macsec_info *info)
+ {
+ 	char *tmp = buf;
+@@ -387,11 +414,13 @@ static void __exit macsec_exit(void)
+ 	rtnl_link_unregister_info(&macsec_info_ops);
+ }
+ 
+/** @cond SKIP */
+ #define IS_MACSEC_LINK_ASSERT(link) \
+ 	if ((link)->l_info_ops != &macsec_info_ops) { \
+ 		APPBUG("Link is not a MACsec link. set type \"macsec\" first."); \
+ 		return -NLE_OPNOTSUPP; \
+ 	}
+/** @endcond */
+ 
+ struct rtnl_link *rtnl_link_macsec_alloc(void)
+ {
+@@ -408,6 +437,13 @@ struct rtnl_link *rtnl_link_macsec_alloc(void)
+ 	return link;
+ }
+ 
+/**
+ * Set SCI
+ * @arg link		Link object
+ * @arg sci		Secure Channel Identifier in network byte order
+ *
+ * @return 0 on success or a negative error code.
+ */
+ int rtnl_link_macsec_set_sci(struct rtnl_link *link, uint64_t sci)
+ {
+ 	struct macsec_info *info = link->l_info;
+@@ -420,6 +456,14 @@ int rtnl_link_macsec_set_sci(struct rtnl_link *link, uint64_t sci)
+ 	return 0;
+ }
+ 
+/**
+ * Get SCI
+ * @arg link		Link object
+ * @arg sci		On return points to the Secure Channel Identifier
+ *			in network byte order
+ *
+ * @return 0 on success or a negative error code.
+ */
+ int rtnl_link_macsec_get_sci(struct rtnl_link *link, uint64_t *sci)
+ {
+ 	struct macsec_info *info = link->l_info;
+@@ -435,6 +479,13 @@ int rtnl_link_macsec_get_sci(struct rtnl_link *link, uint64_t *sci)
+ 	return 0;
+ }
+ 
+/**
+ * Set port identifier
+ * @arg link		Link object
+ * @arg port		Port identifier in host byte order
+ *
+ * @return 0 on success or a negative error code.
+ */
+ int rtnl_link_macsec_set_port(struct rtnl_link *link, uint16_t port)
+ {
+ 	struct macsec_info *info = link->l_info;
+@@ -447,6 +498,13 @@ int rtnl_link_macsec_set_port(struct rtnl_link *link, uint16_t port)
+ 	return 0;
+ }
+ 
+/**
+ * Get port identifier
+ * @arg link		Link object
+ * @arg port		On return points to the port identifier in host byte order
+ *
+ * @return 0 on success or a negative error code.
+ */
+ int rtnl_link_macsec_get_port(struct rtnl_link *link, uint16_t *port)
+ {
+ 	struct macsec_info *info = link->l_info;
+@@ -785,3 +843,7 @@ int rtnl_link_macsec_get_scb(struct rtnl_link *link, uint8_t *scb)
+ 
+ 	return 0;
+ }
+
+/** @} */
+
+/** @} */
+-- 
+2.9.3
+
+
+From 928d0cf709f4984b6e6ad37e0d3d44455796534f Mon Sep 17 00:00:00 2001
+From: Thomas Haller <thaller@redhat.com>
+Date: Thu, 15 Dec 2016 19:23:26 +0100
+Subject: [PATCH 3/3] macsec: fix endianness of sci during dump()
+
+Signed-off-by: Thomas Haller <thaller@redhat.com>
+---
+ lib/route/link/macsec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/lib/route/link/macsec.c b/lib/route/link/macsec.c
+index d177236..2b7e58e 100644
+--- a/lib/route/link/macsec.c
+++ b/lib/route/link/macsec.c
+@@ -261,7 +261,7 @@ static void macsec_dump_line(struct rtnl_link *link, struct nl_dump_params *p)
+ 	struct macsec_info *info = link->l_info;
+ 	char tmp[128];
+ 
+-	nl_dump(p, "sci %016llx <%s>", info->sci, flags_str(tmp, sizeof(tmp), info));
+	nl_dump(p, "sci %016llx <%s>", ntohll(info->sci), flags_str(tmp, sizeof(tmp), info));
+ }
+ 
+ static void macsec_dump_details(struct rtnl_link *link, struct nl_dump_params *p)
+@@ -270,7 +270,7 @@ static void macsec_dump_details(struct rtnl_link *link, struct nl_dump_params *p
+ 	char tmp[128];
+ 
+ 	nl_dump(p, "    sci %016llx protect %s encoding_sa %d encrypt %s send_sci %s validate %s %s\n",
+-		info->sci, values_on_off[info->protect], info->encoding_sa, values_on_off[info->encrypt], values_on_off[info->send_sci],
+		ntohll(info->sci), values_on_off[info->protect], info->encoding_sa, values_on_off[info->encrypt], values_on_off[info->send_sci],
+ 		VALIDATE_STR[info->validate],
+ 		replay_protect_str(tmp, info->replay_protect, info->window));
+ 	nl_dump(p, "    cipher suite: %016llx, icv_len %d\n",
+-- 
+2.9.3
+
--- a/libnl3.spec
+++ b/libnl3.spec
@ -1,6 +1,6 @@
 Name: libnl3
 Version: 3.2.29
-Release: 0.1%{?dist}
+Release: 0.2%{?dist}
 Summary: Convenience library for kernel netlink sockets
 Group: Development/Libraries
 License: LGPLv2
@ -11,6 +11,8 @@ URL: http://www.infradead.org/~tgr/libnl/
 Source: http://www.infradead.org/~tgr/libnl/files/libnl-%{fullversion}.tar.gz
 Source1: http://www.infradead.org/~tgr/libnl/files/libnl-doc-%{fullversion}.tar.gz

+Patch1: 0001-macsec-sci-endianness.patch
+
 BuildRequires: flex bison
 BuildRequires: python
 BuildRequires: libtool autoconf automake
@ -68,6 +70,7 @@ Python 3 bindings for libnl3

 %prep
 %setup -q -n libnl-%{fullversion}
+%patch1 -p1

 tar -xzf %SOURCE1

@ -148,6 +151,9 @@ popd
 %{python3_sitearch}/netlink-*.egg-info

 %changelog
+* Fri Dec 16 2016 Thomas Haller <thaller@redhat.com> - 3.2.29-0.2
+- macsec: fix endianness for MACSec's 'sci' parameter
+
 * Mon Dec 12 2016 Thomas Haller <thaller@redhat.com> - 3.2.29-0.1
 - Update to 3.2.29-rc1