From a2fdf309cb8d4cfd77198bbcd6845ec5f31d490a Mon Sep 17 00:00:00 2001
From: Dmitry Bogdanov <logost.boda@gmail.com>
Date: Fri, 17 Apr 2020 14:35:06 +0300
Subject: [PATCH] macsec: not handle MKA packets in case of offload

MKA packets (ETH_P_PAE) are defenitelly not encrypted so
they should not be in macsec interface.

Change-Id: Ie1619471948e2f78a961c712bdfcc56a87d90c57
Signed-off-by: Dmitry Bogdanov <dbogdanov@marvell.com>
Git-commit: 797e7df618e11807ca7f4eac7c84ad4296cdf0e1
Git-repo: https://github.com/aquantia/linux-4.14-atlantic-forwarding
Signed-off-by: Jinesh K. Jayakumar <jineshk@codeaurora.org>
---
 drivers/net/macsec.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index c533dc577ab6..a96c90709be4 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -934,6 +934,9 @@ static enum rx_handler_result handle_not_macsec(struct sk_buff *skb)
 		 * SecTAG, so we have to deduce which port to deliver to.
 		 */
 		if (macsec_get_ops(macsec, NULL) && netif_running(ndev)) {
+			if (hdr->h_proto == htons(ETH_P_PAE))
+				continue;
+
 			if (ndev->flags & IFF_PROMISC) {
 				nskb = skb_clone(skb, GFP_ATOMIC);
 				if (!nskb)