From 6804bbdaf153f533ac874ed2c937d9cce230f035 Mon Sep 17 00:00:00 2001 From: Yu Watanabe Date: Wed, 30 Oct 2024 00:22:17 +0900 Subject: [PATCH] network/macsec: IFLA_MACSEC_PORT attribute cannot be changed Also, though currently not supported by networkd, IFLA_MACSEC_CIPHER_SUITE, IFLA_MACSEC_ICV_LEN, IFLA_MACSEC_SCI cannot be updated. --- src/network/netdev/macsec.c | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/src/network/netdev/macsec.c b/src/network/netdev/macsec.c index 15d79906f7..6dd434f803 100644 --- a/src/network/netdev/macsec.c +++ b/src/network/netdev/macsec.c @@ -509,12 +509,6 @@ static int netdev_macsec_fill_message_create(NetDev *netdev, Link *link, sd_netl MACsec *v = MACSEC(netdev); int r; - if (v->port > 0) { - r = sd_netlink_message_append_u16(m, IFLA_MACSEC_PORT, v->port); - if (r < 0) - return r; - } - if (v->encrypt >= 0) { r = sd_netlink_message_append_u8(m, IFLA_MACSEC_ENCRYPT, v->encrypt); if (r < 0) @@ -525,6 +519,20 @@ static int netdev_macsec_fill_message_create(NetDev *netdev, Link *link, sd_netl if (r < 0) return r; + /* The properties below cannot be updated, and the kernel refuses the whole request if one of the + * following attributes is set for an existing interface. */ + if (netdev->ifindex > 0) + return 0; + + if (v->port > 0) { + r = sd_netlink_message_append_u16(m, IFLA_MACSEC_PORT, v->port); + if (r < 0) + return r; + } + + /* Currently not supported by networkd, but IFLA_MACSEC_CIPHER_SUITE, IFLA_MACSEC_ICV_LEN, and + * IFLA_MACSEC_SCI can neither set for an existing interface. */ + return 0; } -- 2.25.1