Visible to Intel only — GUID: mix1655336802470
Ixiasoft
Visible to Intel only — GUID: mix1655336802470
Ixiasoft
6.4.2.1. Bypass Packet
During the MACsec secure frame verification check, there are a few cases where the IP can bypass the whole Crypto process and redirect the packet to the Controlled port. For example, when there is no SA found for the packet and the validateFrames is not equal to STRICT.
In order to simplify the MACsec IP implementation, the MACsec IP sends the packet with the AAD_Len = FFFF_FFFF. The Crypto AES treats all the payloads as AAD and returns the payloads as cleartext together with the 16B ICV. The MACsec IP then discards the 16B ICV on the Crypto Egress.
TID[31:26] - Stream ID Packet 1 | X | X |
TID[25:16] - Channel Packet 1 | X | X |
TID[15:10] - Stream Packet 0 | 0 | 0 |
TID[9:0] - Channel Packet 0 | 23 | 6 |
Data[127:0] | IV + AAD_Len (FFFF_FFFF) | DATA (Pkt 0) |
Data[255:128] | DATA (Pkt 0) | DATA (Pkt 0) |
Data[383:256] | DATA (Pkt 0) | DATA (Pkt 0) |
Data[511:384] | DATA (Pkt 0) | IDLE |
TID[31:26] - Stream ID Packet 1 | X | X |
TID[25:16] - Channel Packet 1 | X | X |
TID[15:10] - Stream Packet 0 | 0 | 0 |
TID[9:0] - Channel Packet 0 | 23 | 6 |
Data[127:0] | DATA (Pkt 0) | DATA (Pkt 0) |
Data[255:128] | DATA (Pkt 0) | DATA (Pkt 0) |
Data[383:256] | DATA (Pkt 0) | MAC (Discard) |
Data[511:384] | DATA (Pkt 0) | IDLE |