Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1770625imu; Thu, 24 Jan 2019 01:24:30 -0800 (PST) X-Google-Smtp-Source: ALg8bN6gMi2RN6mdlMtYWrujGU4ZRhlegyv3SX+AUifGjnRfm/U7sAd20xi2cjbIk0pL/qgCvdNo X-Received: by 2002:a63:5723:: with SMTP id l35mr5059918pgb.228.1548321870433; Thu, 24 Jan 2019 01:24:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1548321870; cv=none; d=google.com; s=arc-20160816; b=I0P+b/c9bs3apEqs+ypCEoQY3K8wi9hEiYBQS+AYRPVaHE0dV2QJEoE5vM1pwuOf/D BxcY41IzSaVWnH17D2YZSCemj0gNlPVyWji24swz6SET7C+ffBeFv4qN/fKu3P/fIkTz gq2JYK+xPzz3LrVCKjyfjQ1GteGItcEzSC5PR/S1cmZJTRXZgGa4cFN7S7dZ9SZVuWaX F3bhTV2p4cLKzON7TXoRSn2A2tr0AwTiXpW+FIiT5kKMp/1VnFw/3/N6qkCGO2K1ZBAS 8ijCrjBX6XxFK4M1eZXmtHvOktye8pu5kqvp+e7o+W4rdEZIH7ThF9ZgZumoS9N3AbCj efxQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=ln2GRw1+BKBCY5XWwWdknuZlHqP5cSHDGJ6D7c/r3FA=; b=P3g5XhcZwJBKLVT/YsPa/1/uiEcDrfQeYjJfcM1vO6aIp+ROOnYkBbhXRyzZoC5IXz NGom3CFpWwk46yFZXzAwj7RlNDVsAbHKZzvXcKR4h2hSYt8s65Xgz0pL2yIlptj8/CQS InXwonzS9y913Nwixeky9PlJeU8phbDnGMTMM7MhVrwNjVZpzvW4DpzePjTNesRQDaTg Apx6abwg9owZ6PR0LLCbgUzvYJ14TykpQIap+cSllvzJEYbI2/825Fa4rfDj4iKQlD7G qPuPyYEdvlVNUvejMrD63v2nyGNiWu9GQ1EEVmomMwxf7qF0E9c0IHU14W5+szIoxD9u 5Kpw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r7si17357310ple.281.2019.01.24.01.24.14; Thu, 24 Jan 2019 01:24:30 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727183AbfAXJYC (ORCPT + 99 others); Thu, 24 Jan 2019 04:24:02 -0500 Received: from mail.bootlin.com ([62.4.15.54]:57864 "EHLO mail.bootlin.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725987AbfAXJYB (ORCPT ); Thu, 24 Jan 2019 04:24:01 -0500 Received: by mail.bootlin.com (Postfix, from userid 110) id 90C43207B6; Thu, 24 Jan 2019 10:23:59 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.bootlin.com X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT, URIBL_BLOCKED shortcircuit=ham autolearn=disabled version=3.4.2 Received: from localhost (aaubervilliers-681-1-87-206.w90-88.abo.wanadoo.fr [90.88.29.206]) by mail.bootlin.com (Postfix) with ESMTPSA id 622A120746; Thu, 24 Jan 2019 10:23:49 +0100 (CET) Date: Thu, 24 Jan 2019 10:23:49 +0100 From: Antoine Tenart To: Florian Fainelli Cc: Antoine Tenart , davem@davemloft.net, sd@queasysnail.net, andrew@lunn.ch, hkallweit1@gmail.com, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, thomas.petazzoni@bootlin.com, alexandre.belloni@bootlin.com, quentin.schulz@bootlin.com, allan.nielsen@microchip.com Subject: Re: [PATCH net-next 06/10] net: introduce a net_device_ops macsec helper Message-ID: <20190124092349.GE3662@kwain> References: <20190123155638.13852-1-antoine.tenart@bootlin.com> <20190123155638.13852-7-antoine.tenart@bootlin.com> <6ebf0541-0830-3df9-121f-ac560822bf1c@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <6ebf0541-0830-3df9-121f-ac560822bf1c@gmail.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Florian, On Wed, Jan 23, 2019 at 12:16:08PM -0800, Florian Fainelli wrote: > On 1/23/19 7:56 AM, Antoine Tenart wrote: > > This patch introduces a net_device_ops MACsec helper to allow net device > > drivers to implement a MACsec offloading solution. > > > > Signed-off-by: Antoine Tenart > > --- > > include/linux/netdevice.h | 8 ++++++++ > > 1 file changed, 8 insertions(+) > > > > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h > > index e675ef97a426..ee2f40dca515 100644 > > --- a/include/linux/netdevice.h > > +++ b/include/linux/netdevice.h > > @@ -53,6 +53,10 @@ > > #include > > #include > > > > +#ifdef CONFIG_MACSEC > > +#include > > +#endif > > You can provide a forward declaration for struct netdev_macsec and not > have to include that header file. OK. > > + > > struct netpoll_info; > > struct device; > > struct phy_device; > > @@ -1441,6 +1445,10 @@ struct net_device_ops { > > u32 flags); > > int (*ndo_xsk_async_xmit)(struct net_device *dev, > > u32 queue_id); > > +#ifdef CONFIG_MACSEC > > + int (*ndo_macsec)(struct net_device *dev, > > + struct netdev_macsec *macsec); > > You would really want to define an API which is more oriented towards > configuring/deconfiguring a MACsec association here, e.g.: similar to > what the IPsec offload ndos offer. This means mostly moving from a single function using a command field to multiple specialized functions to add/remove each element of MACsec configuration. I don't have strong opinion on the single helper vs a structure containing pointers to specialized ones, but out of curiosity what's the benefit of such a move? Future additions and maintainability? > It is not clear to me whether after your patch series we still need to > create a macsec virtual device, and that gets offloaded onto its real > device/PHY device, or if we don't need that all? After this series, we will still need the virtual MACsec interface. When using hardware offloading this interface isn't doing much, but it's the interface used to configure all the MACsec connexions. This is because, and that's specific to MACsec (vs IPsec), a software implementation is already supported and it's using a virtual interface to perform all the MACsec related operations (vs hooks in the Rx/Tx paths). I really wanted to avoid having two interfaces and ways of configuring MACsec depending on if the offloading is used. This should also allow in the future to disable at run-time the offloading on a given interface, and to still have MACsec working in software (or the opposite, with extra work). For this to work, the virtual interface still has to provide an Rx and a Tx functions so that programs can bind onto the same interface, regardless of if the offloading is enabled. Thanks! Antoine -- Antoine T?nart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com