Lines Matching refs:secy
53 #define for_each_rxsc(secy, sc) \ argument
54 for (sc = rcu_dereference_bh(secy->rx_sc); \
57 #define for_each_rxsc_rtnl(secy, sc) \ argument
58 for (sc = rtnl_dereference(secy->rx_sc); \
98 struct macsec_secy secy; member
289 const struct macsec_secy *secy, u32 pn, in macsec_fill_sectag() argument
292 const struct macsec_tx_sc *tx_sc = &secy->tx_sc; in macsec_fill_sectag()
299 memcpy(&h->secure_channel_id, &secy->sci, in macsec_fill_sectag()
313 else if (secy->icv_len != MACSEC_DEFAULT_ICV_LEN) in macsec_fill_sectag()
445 static void __macsec_pn_wrapped(struct macsec_secy *secy, in __macsec_pn_wrapped() argument
450 if (secy->protect_frames) in __macsec_pn_wrapped()
451 secy->operational = false; in __macsec_pn_wrapped()
454 void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa) in macsec_pn_wrapped() argument
457 __macsec_pn_wrapped(secy, tx_sa); in macsec_pn_wrapped()
463 struct macsec_secy *secy) in tx_sa_update_pn() argument
470 if (secy->xpn) in tx_sa_update_pn()
476 __macsec_pn_wrapped(secy, tx_sa); in tx_sa_update_pn()
494 struct macsec_secy *secy = &macsec->secy; in macsec_msdu_len() local
497 return skb->len - macsec_hdr_len(sci_present) - secy->icv_len; in macsec_msdu_len()
536 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa); in macsec_encrypt_done()
589 struct macsec_secy *secy; in macsec_encrypt() local
596 secy = &macsec->secy; in macsec_encrypt()
597 tx_sc = &secy->tx_sc; in macsec_encrypt()
602 secy->operational = false; in macsec_encrypt()
631 sci_present = macsec_send_sci(secy); in macsec_encrypt()
635 pn = tx_sa_update_pn(tx_sa, secy); in macsec_encrypt()
641 macsec_fill_sectag(hh, secy, pn.lower, sci_present); in macsec_encrypt()
644 skb_put(skb, secy->icv_len); in macsec_encrypt()
672 if (secy->xpn) in macsec_encrypt()
675 macsec_fill_iv(iv, secy->sci, pn.lower); in macsec_encrypt()
688 secy->icv_len; in macsec_encrypt()
693 aead_request_set_ad(req, skb->len - secy->icv_len); in macsec_encrypt()
720 static bool macsec_post_decrypt(struct sk_buff *skb, struct macsec_secy *secy, u32 pn) in macsec_post_decrypt() argument
728 if (rx_sa->next_pn_halves.lower >= secy->replay_window) in macsec_post_decrypt()
729 lowest_pn = rx_sa->next_pn_halves.lower - secy->replay_window; in macsec_post_decrypt()
734 if (secy->replay_protect && pn < lowest_pn && in macsec_post_decrypt()
735 (!secy->xpn || pn_same_half(pn, lowest_pn))) { in macsec_post_decrypt()
740 DEV_STATS_INC(secy->netdev, rx_dropped); in macsec_post_decrypt()
744 if (secy->validate_frames != MACSEC_VALIDATE_DISABLED) { in macsec_post_decrypt()
759 secy->validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_post_decrypt()
764 DEV_STATS_INC(secy->netdev, rx_errors); in macsec_post_decrypt()
769 if (secy->validate_frames == MACSEC_VALIDATE_CHECK) { in macsec_post_decrypt()
791 } else if (secy->xpn && in macsec_post_decrypt()
844 if (!macsec_post_decrypt(skb, &macsec->secy, pn)) { in macsec_decrypt_done()
850 macsec_finalize_skb(skb, macsec->secy.icv_len, in macsec_decrypt_done()
853 macsec_reset_skb(skb, macsec->secy.netdev); in macsec_decrypt_done()
870 struct macsec_secy *secy) in macsec_decrypt() argument
879 u16 icv_len = secy->icv_len; in macsec_decrypt()
900 if (secy->xpn) { in macsec_decrypt()
967 static struct macsec_rx_sc *find_rx_sc(struct macsec_secy *secy, sci_t sci) in find_rx_sc() argument
971 for_each_rxsc(secy, rx_sc) { in find_rx_sc()
979 static struct macsec_rx_sc *find_rx_sc_rtnl(struct macsec_secy *secy, sci_t sci) in find_rx_sc_rtnl() argument
983 for_each_rxsc_rtnl(secy, rx_sc) { in find_rx_sc_rtnl()
1007 struct net_device *ndev = macsec->secy.netdev; in handle_not_macsec()
1016 rx_sc = find_rx_sc(&macsec->secy, md_dst->u.macsec_info.sci); in handle_not_macsec()
1057 if (macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) { in handle_not_macsec()
1061 DEV_STATS_INC(macsec->secy.netdev, rx_dropped); in handle_not_macsec()
1089 struct macsec_secy *secy = NULL; in macsec_handle_frame() local
1148 struct macsec_rx_sc *sc = find_rx_sc(&macsec->secy, sci); in macsec_handle_frame()
1153 secy = &macsec->secy; in macsec_handle_frame()
1159 if (!secy) in macsec_handle_frame()
1162 dev = secy->netdev; in macsec_handle_frame()
1167 if (!macsec_validate_skb(skb, secy->icv_len, secy->xpn)) { in macsec_handle_frame()
1171 DEV_STATS_INC(secy->netdev, rx_errors); in macsec_handle_frame()
1184 secy->validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_handle_frame()
1188 DEV_STATS_INC(secy->netdev, rx_errors); in macsec_handle_frame()
1207 if (secy->replay_protect) { in macsec_handle_frame()
1211 late = rx_sa->next_pn_halves.lower >= secy->replay_window && in macsec_handle_frame()
1212 hdr_pn < (rx_sa->next_pn_halves.lower - secy->replay_window); in macsec_handle_frame()
1214 if (secy->xpn) in macsec_handle_frame()
1222 DEV_STATS_INC(macsec->secy.netdev, rx_dropped); in macsec_handle_frame()
1231 secy->validate_frames != MACSEC_VALIDATE_DISABLED) in macsec_handle_frame()
1232 skb = macsec_decrypt(skb, dev, rx_sa, sci, secy); in macsec_handle_frame()
1245 if (!macsec_post_decrypt(skb, secy, hdr_pn)) in macsec_handle_frame()
1249 macsec_finalize_skb(skb, secy->icv_len, in macsec_handle_frame()
1252 macsec_reset_skb(skb, secy->netdev); in macsec_handle_frame()
1263 DEV_STATS_INC(macsec->secy.netdev, rx_dropped); in macsec_handle_frame()
1296 macsec->secy.validate_frames == MACSEC_VALIDATE_STRICT) { in macsec_handle_frame()
1300 DEV_STATS_INC(macsec->secy.netdev, rx_errors); in macsec_handle_frame()
1311 macsec_reset_skb(nskb, macsec->secy.netdev); in macsec_handle_frame()
1319 DEV_STATS_INC(macsec->secy.netdev, rx_dropped); in macsec_handle_frame()
1396 static struct macsec_rx_sc *del_rx_sc(struct macsec_secy *secy, sci_t sci) in del_rx_sc() argument
1400 for (rx_scp = &secy->rx_sc, rx_sc = rtnl_dereference(*rx_scp); in del_rx_sc()
1405 secy->n_rx_sc--; in del_rx_sc()
1421 struct macsec_secy *secy; in create_rx_sc() local
1424 if (find_rx_sc_rtnl(&macsec->secy, sci)) in create_rx_sc()
1442 secy = &macsec_priv(dev)->secy; in create_rx_sc()
1443 rcu_assign_pointer(rx_sc->next, secy->rx_sc); in create_rx_sc()
1444 rcu_assign_pointer(secy->rx_sc, rx_sc); in create_rx_sc()
1447 secy->n_rx_sc++; in create_rx_sc()
1533 struct macsec_secy *secy; in get_txsa_from_nl() local
1549 secy = &macsec_priv(dev)->secy; in get_txsa_from_nl()
1550 tx_sc = &secy->tx_sc; in get_txsa_from_nl()
1558 *secyp = secy; in get_txsa_from_nl()
1569 struct macsec_secy *secy; in get_rxsc_from_nl() local
1577 secy = &macsec_priv(dev)->secy; in get_rxsc_from_nl()
1583 rx_sc = find_rx_sc_rtnl(secy, sci); in get_rxsc_from_nl()
1587 *secyp = secy; in get_rxsc_from_nl()
1724 struct macsec_secy *secy; in macsec_add_rxsa() local
1746 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy); in macsec_add_rxsa()
1754 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) { in macsec_add_rxsa()
1756 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len); in macsec_add_rxsa()
1761 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN; in macsec_add_rxsa()
1770 if (secy->xpn) { in macsec_add_rxsa()
1798 secy->key_len, secy->icv_len); in macsec_add_rxsa()
1816 if (secy->xpn) { in macsec_add_rxsa()
1835 ctx.secy = secy; in macsec_add_rxsa()
1837 secy->key_len); in macsec_add_rxsa()
1840 memzero_explicit(ctx.sa.key, secy->key_len); in macsec_add_rxsa()
1878 struct macsec_secy *secy; in macsec_add_rxsc() local
1898 secy = &macsec_priv(dev)->secy; in macsec_add_rxsc()
1921 ctx.secy = secy; in macsec_add_rxsc()
1933 del_rx_sc(secy, sci); in macsec_add_rxsc()
1968 struct macsec_secy *secy; in macsec_add_txsa() local
1993 secy = &macsec_priv(dev)->secy; in macsec_add_txsa()
1994 tx_sc = &secy->tx_sc; in macsec_add_txsa()
1998 if (nla_len(tb_sa[MACSEC_SA_ATTR_KEY]) != secy->key_len) { in macsec_add_txsa()
2000 nla_len(tb_sa[MACSEC_SA_ATTR_KEY]), secy->key_len); in macsec_add_txsa()
2005 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN; in macsec_add_txsa()
2013 if (secy->xpn) { in macsec_add_txsa()
2041 secy->key_len, secy->icv_len); in macsec_add_txsa()
2055 was_operational = secy->operational; in macsec_add_txsa()
2057 secy->operational = true; in macsec_add_txsa()
2059 if (secy->xpn) { in macsec_add_txsa()
2078 ctx.secy = secy; in macsec_add_txsa()
2080 secy->key_len); in macsec_add_txsa()
2083 memzero_explicit(ctx.sa.key, secy->key_len); in macsec_add_txsa()
2096 secy->operational = was_operational; in macsec_add_txsa()
2106 struct macsec_secy *secy; in macsec_del_rxsa() local
2125 &dev, &secy, &rx_sc, &assoc_num); in macsec_del_rxsa()
2149 ctx.secy = secy; in macsec_del_rxsa()
2172 struct macsec_secy *secy; in macsec_del_rxsc() local
2194 secy = &macsec_priv(dev)->secy; in macsec_del_rxsc()
2197 rx_sc = del_rx_sc(secy, sci); in macsec_del_rxsc()
2215 ctx.secy = secy; in macsec_del_rxsc()
2235 struct macsec_secy *secy; in macsec_del_txsa() local
2250 &dev, &secy, &tx_sc, &assoc_num); in macsec_del_txsa()
2274 ctx.secy = secy; in macsec_del_txsa()
2320 struct macsec_secy *secy; in macsec_upd_txsa() local
2342 &dev, &secy, &tx_sc, &assoc_num); in macsec_upd_txsa()
2351 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN; in macsec_upd_txsa()
2369 was_operational = secy->operational; in macsec_upd_txsa()
2371 secy->operational = tx_sa->active; in macsec_upd_txsa()
2387 ctx.secy = secy; in macsec_upd_txsa()
2405 secy->operational = was_operational; in macsec_upd_txsa()
2414 struct macsec_secy *secy; in macsec_upd_rxsa() local
2440 &dev, &secy, &rx_sc, &assoc_num); in macsec_upd_rxsa()
2449 pn_len = secy->xpn ? MACSEC_XPN_PN_LEN : MACSEC_DEFAULT_PN_LEN; in macsec_upd_rxsa()
2481 ctx.secy = secy; in macsec_upd_rxsa()
2506 struct macsec_secy *secy; in macsec_upd_rxsc() local
2523 rx_sc = get_rxsc_from_nl(genl_info_net(info), attrs, tb_rxsc, &dev, &secy); in macsec_upd_rxsc()
2530 prev_n_rx_sc = secy->n_rx_sc; in macsec_upd_rxsc()
2535 secy->n_rx_sc += new ? 1 : -1; in macsec_upd_rxsc()
2552 ctx.secy = secy; in macsec_upd_rxsc()
2564 secy->n_rx_sc = prev_n_rx_sc; in macsec_upd_rxsc()
2572 struct macsec_secy *secy = &macsec->secy; in macsec_is_configured() local
2573 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in macsec_is_configured()
2576 if (secy->rx_sc) in macsec_is_configured()
2620 ctx.secy = &macsec->secy; in macsec_update_offload()
2689 ctx.secy = &macsec_priv(dev)->secy; in get_tx_sa_stats()
2733 ctx.secy = &macsec_priv(dev)->secy; in get_rx_sa_stats()
2784 ctx.secy = &macsec_priv(dev)->secy; in get_rx_sc_stats()
2866 ctx.secy = &macsec_priv(dev)->secy; in get_tx_sc_stats()
2877 stats = per_cpu_ptr(macsec_priv(dev)->secy.tx_sc.stats, cpu); in get_tx_sc_stats()
2922 ctx.secy = &macsec_priv(dev)->secy; in get_secy_stats()
2981 static int nla_put_secy(struct macsec_secy *secy, struct sk_buff *skb) in nla_put_secy() argument
2983 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in nla_put_secy()
2991 switch (secy->key_len) { in nla_put_secy()
2993 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID; in nla_put_secy()
2996 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256; in nla_put_secy()
3002 if (nla_put_sci(skb, MACSEC_SECY_ATTR_SCI, secy->sci, in nla_put_secy()
3006 nla_put_u8(skb, MACSEC_SECY_ATTR_ICV_LEN, secy->icv_len) || in nla_put_secy()
3007 nla_put_u8(skb, MACSEC_SECY_ATTR_OPER, secy->operational) || in nla_put_secy()
3008 nla_put_u8(skb, MACSEC_SECY_ATTR_PROTECT, secy->protect_frames) || in nla_put_secy()
3009 nla_put_u8(skb, MACSEC_SECY_ATTR_REPLAY, secy->replay_protect) || in nla_put_secy()
3010 nla_put_u8(skb, MACSEC_SECY_ATTR_VALIDATE, secy->validate_frames) || in nla_put_secy()
3018 if (secy->replay_protect) { in nla_put_secy()
3019 if (nla_put_u32(skb, MACSEC_SECY_ATTR_WINDOW, secy->replay_window)) in nla_put_secy()
3032 dump_secy(struct macsec_secy *secy, struct net_device *dev, in dump_secy() argument
3041 struct macsec_tx_sc *tx_sc = &secy->tx_sc; in dump_secy()
3065 if (nla_put_secy(secy, skb)) in dump_secy()
3123 if (secy->xpn) { in dump_secy()
3134 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, tx_sa->ssci)) || in dump_secy()
3150 for_each_rxsc_rtnl(secy, rx_sc) { in dump_secy()
3228 if (secy->xpn) { in dump_secy()
3239 (secy->xpn && nla_put_ssci(skb, MACSEC_SA_ATTR_SSCI, rx_sa->ssci)) || in dump_secy()
3280 struct macsec_secy *secy; in macsec_dump_txsc() local
3288 secy = &macsec_priv(dev)->secy; in macsec_dump_txsc()
3289 if (dump_secy(secy, dev, skb, cb) < 0) in macsec_dump_txsc()
3386 struct macsec_secy *secy = &macsec->secy; in macsec_start_xmit() local
3391 struct metadata_dst *md_dst = secy->tx_sc.md_dst; in macsec_start_xmit()
3401 if (!secy->protect_frames) { in macsec_start_xmit()
3413 if (!secy->operational) { in macsec_start_xmit()
3427 macsec_count_tx(skb, &macsec->secy.tx_sc, macsec_skb_cb(skb)->tx_sa); in macsec_start_xmit()
3527 ctx.secy = &macsec->secy; in macsec_dev_open()
3560 ctx.secy = &macsec->secy; in macsec_dev_stop()
3631 ctx.secy = &macsec->secy; in macsec_set_mac_address()
3642 unsigned int extra = macsec->secy.icv_len + macsec_extra_len(true); in macsec_change_mtu()
3710 if (macsec->secy.tx_sc.md_dst) in macsec_free_netdev()
3711 metadata_dst_free(macsec->secy.tx_sc.md_dst); in macsec_free_netdev()
3713 free_percpu(macsec->secy.tx_sc.stats); in macsec_free_netdev()
3736 struct macsec_secy *secy; in macsec_changelink_common() local
3739 secy = &macsec_priv(dev)->secy; in macsec_changelink_common()
3740 tx_sc = &secy->tx_sc; in macsec_changelink_common()
3748 secy->operational = tx_sa && tx_sa->active; in macsec_changelink_common()
3755 secy->protect_frames = !!nla_get_u8(data[IFLA_MACSEC_PROTECT]); in macsec_changelink_common()
3767 secy->replay_protect = !!nla_get_u8(data[IFLA_MACSEC_REPLAY_PROTECT]); in macsec_changelink_common()
3770 secy->validate_frames = nla_get_u8(data[IFLA_MACSEC_VALIDATION]); in macsec_changelink_common()
3776 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN; in macsec_changelink_common()
3777 secy->xpn = false; in macsec_changelink_common()
3780 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN; in macsec_changelink_common()
3781 secy->xpn = false; in macsec_changelink_common()
3784 secy->key_len = MACSEC_GCM_AES_128_SAK_LEN; in macsec_changelink_common()
3785 secy->xpn = true; in macsec_changelink_common()
3788 secy->key_len = MACSEC_GCM_AES_256_SAK_LEN; in macsec_changelink_common()
3789 secy->xpn = true; in macsec_changelink_common()
3797 secy->replay_window = nla_get_u32(data[IFLA_MACSEC_WINDOW]); in macsec_changelink_common()
3801 if (secy->xpn && in macsec_changelink_common()
3802 secy->replay_window > MACSEC_XPN_MAX_REPLAY_WINDOW) in macsec_changelink_common()
3817 struct macsec_secy secy; in macsec_changelink() local
3832 memcpy(&secy, &macsec->secy, sizeof(secy)); in macsec_changelink()
3833 memcpy(&tx_sc, &macsec->secy.tx_sc, sizeof(tx_sc)); in macsec_changelink()
3860 ctx.secy = &macsec->secy; in macsec_changelink()
3869 memcpy(&macsec->secy.tx_sc, &tx_sc, sizeof(tx_sc)); in macsec_changelink()
3870 memcpy(&macsec->secy, &secy, sizeof(secy)); in macsec_changelink()
3879 while (macsec->secy.rx_sc) { in macsec_del_dev()
3880 struct macsec_rx_sc *rx_sc = rtnl_dereference(macsec->secy.rx_sc); in macsec_del_dev()
3882 rcu_assign_pointer(macsec->secy.rx_sc, rx_sc->next); in macsec_del_dev()
3887 struct macsec_tx_sa *sa = rtnl_dereference(macsec->secy.tx_sc.sa[i]); in macsec_del_dev()
3890 RCU_INIT_POINTER(macsec->secy.tx_sc.sa[i], NULL); in macsec_del_dev()
3908 ctx.secy = &macsec->secy; in macsec_common_dellink()
3968 if (macsec->secy.sci == sci) in sci_exists()
3983 struct macsec_secy *secy = &macsec->secy; in macsec_add_dev() local
3989 secy->tx_sc.stats = netdev_alloc_pcpu_stats(struct pcpu_tx_sc_stats); in macsec_add_dev()
3990 if (!secy->tx_sc.stats) in macsec_add_dev()
3993 secy->tx_sc.md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL); in macsec_add_dev()
3994 if (!secy->tx_sc.md_dst) in macsec_add_dev()
4003 secy->netdev = dev; in macsec_add_dev()
4004 secy->operational = true; in macsec_add_dev()
4005 secy->key_len = DEFAULT_SAK_LEN; in macsec_add_dev()
4006 secy->icv_len = icv_len; in macsec_add_dev()
4007 secy->validate_frames = MACSEC_VALIDATE_DEFAULT; in macsec_add_dev()
4008 secy->protect_frames = true; in macsec_add_dev()
4009 secy->replay_protect = false; in macsec_add_dev()
4010 secy->xpn = DEFAULT_XPN; in macsec_add_dev()
4012 secy->sci = sci; in macsec_add_dev()
4013 secy->tx_sc.md_dst->u.macsec_info.sci = sci; in macsec_add_dev()
4014 secy->tx_sc.active = true; in macsec_add_dev()
4015 secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA; in macsec_add_dev()
4016 secy->tx_sc.encrypt = DEFAULT_ENCRYPT; in macsec_add_dev()
4017 secy->tx_sc.send_sci = DEFAULT_SEND_SCI; in macsec_add_dev()
4018 secy->tx_sc.end_station = false; in macsec_add_dev()
4019 secy->tx_sc.scb = false; in macsec_add_dev()
4125 ctx.secy = &macsec->secy; in macsec_newlink()
4268 struct macsec_secy *secy; in macsec_fill_info() local
4272 secy = &macsec->secy; in macsec_fill_info()
4273 tx_sc = &secy->tx_sc; in macsec_fill_info()
4275 switch (secy->key_len) { in macsec_fill_info()
4277 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_128 : MACSEC_DEFAULT_CIPHER_ID; in macsec_fill_info()
4280 csid = secy->xpn ? MACSEC_CIPHER_ID_GCM_AES_XPN_256 : MACSEC_CIPHER_ID_GCM_AES_256; in macsec_fill_info()
4286 if (nla_put_sci(skb, IFLA_MACSEC_SCI, secy->sci, in macsec_fill_info()
4288 nla_put_u8(skb, IFLA_MACSEC_ICV_LEN, secy->icv_len) || in macsec_fill_info()
4293 nla_put_u8(skb, IFLA_MACSEC_PROTECT, secy->protect_frames) || in macsec_fill_info()
4297 nla_put_u8(skb, IFLA_MACSEC_REPLAY_PROTECT, secy->replay_protect) || in macsec_fill_info()
4298 nla_put_u8(skb, IFLA_MACSEC_VALIDATION, secy->validate_frames) || in macsec_fill_info()
4303 if (secy->replay_protect) { in macsec_fill_info()
4304 if (nla_put_u32(skb, IFLA_MACSEC_WINDOW, secy->replay_window)) in macsec_fill_info()
4352 struct net_device *dev = m->secy.netdev; in macsec_notify()
4364 macsec_common_dellink(m->secy.netdev, &head); in macsec_notify()
4379 struct net_device *dev = m->secy.netdev; in macsec_notify()
4380 unsigned int mtu = real_dev->mtu - (m->secy.icv_len + in macsec_notify()