This patch adds a new MACsec offloading option, MACSEC_OFFLOAD_MAC,
allowing a user to select a MAC as a provider for MACsec offloading
operations.
Signed-off-by: Antoine Tenart <[email protected]>
---
drivers/net/macsec.c | 13 +++++++++++--
include/uapi/linux/if_link.h | 1 +
tools/include/uapi/linux/if_link.h | 1 +
3 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index fc481616632c..7653ad67cb90 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -324,7 +324,8 @@ static void macsec_set_shortlen(struct macsec_eth_header *h, size_t data_len)
/* Checks if a MACsec interface is being offloaded to an hardware engine */
static bool macsec_is_offloaded(struct macsec_dev *macsec)
{
- if (macsec->offload == MACSEC_OFFLOAD_PHY)
+ if (macsec->offload == MACSEC_OFFLOAD_MAC ||
+ macsec->offload == MACSEC_OFFLOAD_PHY)
return true;
return false;
@@ -340,6 +341,9 @@ static bool macsec_check_offload(enum macsec_offload offload,
if (offload == MACSEC_OFFLOAD_PHY)
return macsec->real_dev->phydev &&
macsec->real_dev->phydev->macsec_ops;
+ else if (offload == MACSEC_OFFLOAD_MAC)
+ return macsec->real_dev->features & NETIF_F_HW_MACSEC &&
+ macsec->real_dev->macsec_ops;
return false;
}
@@ -354,9 +358,14 @@ static const struct macsec_ops *__macsec_get_ops(enum macsec_offload offload,
if (offload == MACSEC_OFFLOAD_PHY)
ctx->phydev = macsec->real_dev->phydev;
+ else if (offload == MACSEC_OFFLOAD_MAC)
+ ctx->netdev = macsec->real_dev;
}
- return macsec->real_dev->phydev->macsec_ops;
+ if (offload == MACSEC_OFFLOAD_PHY)
+ return macsec->real_dev->phydev->macsec_ops;
+ else
+ return macsec->real_dev->macsec_ops;
}
/* Returns a pointer to the MACsec ops struct if any and updates the MACsec
diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
index 024af2d1d0af..771371d5b996 100644
--- a/include/uapi/linux/if_link.h
+++ b/include/uapi/linux/if_link.h
@@ -489,6 +489,7 @@ enum macsec_validation_type {
enum macsec_offload {
MACSEC_OFFLOAD_OFF = 0,
MACSEC_OFFLOAD_PHY = 1,
+ MACSEC_OFFLOAD_MAC = 2,
__MACSEC_OFFLOAD_END,
MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
};
diff --git a/tools/include/uapi/linux/if_link.h b/tools/include/uapi/linux/if_link.h
index 42efdb84d189..7bf406d3ce62 100644
--- a/tools/include/uapi/linux/if_link.h
+++ b/tools/include/uapi/linux/if_link.h
@@ -488,6 +488,7 @@ enum macsec_validation_type {
enum macsec_offload {
MACSEC_OFFLOAD_OFF = 0,
MACSEC_OFFLOAD_PHY = 1,
+ MACSEC_OFFLOAD_MAC = 2,
__MACSEC_OFFLOAD_END,
MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
};
--
2.24.1
> diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
> index 024af2d1d0af..771371d5b996 100644
> --- a/include/uapi/linux/if_link.h
> +++ b/include/uapi/linux/if_link.h
> @@ -489,6 +489,7 @@ enum macsec_validation_type {
> enum macsec_offload {
> MACSEC_OFFLOAD_OFF = 0,
> MACSEC_OFFLOAD_PHY = 1,
> + MACSEC_OFFLOAD_MAC = 2,
> __MACSEC_OFFLOAD_END,
> MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
Hi Antoine,
So from uapi perspective user have to explicitly specify "offload mac"
or "offload phy"? And from non experienced user perspective he always
have to try these two before rolling back to "offload none" ?
I'm not saying this is wrong, just trying to understand if there any
more streamlined way to do this..
Regards,
Igor
Hi Igor,
On Mon, Dec 23, 2019 at 11:36:48AM +0000, Igor Russkikh wrote:
>
> > diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h
> > index 024af2d1d0af..771371d5b996 100644
> > --- a/include/uapi/linux/if_link.h
> > +++ b/include/uapi/linux/if_link.h
> > @@ -489,6 +489,7 @@ enum macsec_validation_type {
> > enum macsec_offload {
> > MACSEC_OFFLOAD_OFF = 0,
> > MACSEC_OFFLOAD_PHY = 1,
> > + MACSEC_OFFLOAD_MAC = 2,
> > __MACSEC_OFFLOAD_END,
> > MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
>
> So from uapi perspective user have to explicitly specify "offload mac"
> or "offload phy"? And from non experienced user perspective he always
> have to try these two before rolling back to "offload none" ?
>
> I'm not saying this is wrong, just trying to understand if there any
> more streamlined way to do this..
That is the idea, the commands will be:
# ip macsec offload macsec0 off
# ip macsec offload macsec0 phy
# ip macsec offload macsec0 mac
We should be able to report what's supported for a given interface, for
a more user friendly experience though. (We could include the
information in `ip macsec show` for example). Would that improve things?
Thanks!
Antoine
--
Antoine T?nart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com