Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp1770625imu;
        Thu, 24 Jan 2019 01:24:30 -0800 (PST)
X-Google-Smtp-Source: ALg8bN6gMi2RN6mdlMtYWrujGU4ZRhlegyv3SX+AUifGjnRfm/U7sAd20xi2cjbIk0pL/qgCvdNo
X-Received: by 2002:a63:5723:: with SMTP id l35mr5059918pgb.228.1548321870433;
        Thu, 24 Jan 2019 01:24:30 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1548321870; cv=none;
        d=google.com; s=arc-20160816;
        b=I0P+b/c9bs3apEqs+ypCEoQY3K8wi9hEiYBQS+AYRPVaHE0dV2QJEoE5vM1pwuOf/D
         BxcY41IzSaVWnH17D2YZSCemj0gNlPVyWji24swz6SET7C+ffBeFv4qN/fKu3P/fIkTz
         gq2JYK+xPzz3LrVCKjyfjQ1GteGItcEzSC5PR/S1cmZJTRXZgGa4cFN7S7dZ9SZVuWaX
         F3bhTV2p4cLKzON7TXoRSn2A2tr0AwTiXpW+FIiT5kKMp/1VnFw/3/N6qkCGO2K1ZBAS
         8ijCrjBX6XxFK4M1eZXmtHvOktye8pu5kqvp+e7o+W4rdEZIH7ThF9ZgZumoS9N3AbCj
         efxQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-transfer-encoding:content-disposition:mime-version
         :references:message-id:subject:cc:to:from:date;
        bh=ln2GRw1+BKBCY5XWwWdknuZlHqP5cSHDGJ6D7c/r3FA=;
        b=P3g5XhcZwJBKLVT/YsPa/1/uiEcDrfQeYjJfcM1vO6aIp+ROOnYkBbhXRyzZoC5IXz
         NGom3CFpWwk46yFZXzAwj7RlNDVsAbHKZzvXcKR4h2hSYt8s65Xgz0pL2yIlptj8/CQS
         InXwonzS9y913Nwixeky9PlJeU8phbDnGMTMM7MhVrwNjVZpzvW4DpzePjTNesRQDaTg
         Apx6abwg9owZ6PR0LLCbgUzvYJ14TykpQIap+cSllvzJEYbI2/825Fa4rfDj4iKQlD7G
         qPuPyYEdvlVNUvejMrD63v2nyGNiWu9GQ1EEVmomMwxf7qF0E9c0IHU14W5+szIoxD9u
         5Kpw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id r7si17357310ple.281.2019.01.24.01.24.14;
        Thu, 24 Jan 2019 01:24:30 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727183AbfAXJYC (ORCPT <rfc822;shmalave.kernel@gmail.com>
        + 99 others); Thu, 24 Jan 2019 04:24:02 -0500
Received: from mail.bootlin.com ([62.4.15.54]:57864 "EHLO mail.bootlin.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725987AbfAXJYB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 24 Jan 2019 04:24:01 -0500
Received: by mail.bootlin.com (Postfix, from userid 110)
        id 90C43207B6; Thu, 24 Jan 2019 10:23:59 +0100 (CET)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.bootlin.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED,SHORTCIRCUIT,
        URIBL_BLOCKED shortcircuit=ham autolearn=disabled version=3.4.2
Received: from localhost (aaubervilliers-681-1-87-206.w90-88.abo.wanadoo.fr [90.88.29.206])
        by mail.bootlin.com (Postfix) with ESMTPSA id 622A120746;
        Thu, 24 Jan 2019 10:23:49 +0100 (CET)
Date:   Thu, 24 Jan 2019 10:23:49 +0100
From:   Antoine Tenart <antoine.tenart@bootlin.com>
To:     Florian Fainelli <f.fainelli@gmail.com>
Cc:     Antoine Tenart <antoine.tenart@bootlin.com>, davem@davemloft.net,
        sd@queasysnail.net, andrew@lunn.ch, hkallweit1@gmail.com,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
        thomas.petazzoni@bootlin.com, alexandre.belloni@bootlin.com,
        quentin.schulz@bootlin.com, allan.nielsen@microchip.com
Subject: Re: [PATCH net-next 06/10] net: introduce a net_device_ops macsec
 helper
Message-ID: <20190124092349.GE3662@kwain>
References: <20190123155638.13852-1-antoine.tenart@bootlin.com>
 <20190123155638.13852-7-antoine.tenart@bootlin.com>
 <6ebf0541-0830-3df9-121f-ac560822bf1c@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <6ebf0541-0830-3df9-121f-ac560822bf1c@gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Hi Florian,

On Wed, Jan 23, 2019 at 12:16:08PM -0800, Florian Fainelli wrote:
> On 1/23/19 7:56 AM, Antoine Tenart wrote:
> > This patch introduces a net_device_ops MACsec helper to allow net device
> > drivers to implement a MACsec offloading solution.
> > 
> > Signed-off-by: Antoine Tenart <antoine.tenart@bootlin.com>
> > ---
> >  include/linux/netdevice.h | 8 ++++++++
> >  1 file changed, 8 insertions(+)
> > 
> > diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> > index e675ef97a426..ee2f40dca515 100644
> > --- a/include/linux/netdevice.h
> > +++ b/include/linux/netdevice.h
> > @@ -53,6 +53,10 @@
> >  #include <uapi/linux/pkt_cls.h>
> >  #include <linux/hashtable.h>
> >  
> > +#ifdef CONFIG_MACSEC
> > +#include <net/macsec.h>
> > +#endif
> 
> You can provide a forward declaration for struct netdev_macsec and not
> have to include that header file.

OK.

> > +
> >  struct netpoll_info;
> >  struct device;
> >  struct phy_device;
> > @@ -1441,6 +1445,10 @@ struct net_device_ops {
> >  						u32 flags);
> >  	int			(*ndo_xsk_async_xmit)(struct net_device *dev,
> >  						      u32 queue_id);
> > +#ifdef CONFIG_MACSEC
> > +	int			(*ndo_macsec)(struct net_device *dev,
> > +					      struct netdev_macsec *macsec);
> 
> You would really want to define an API which is more oriented towards
> configuring/deconfiguring a MACsec association here, e.g.: similar to
> what the IPsec offload ndos offer.

This means mostly moving from a single function using a command field to
multiple specialized functions to add/remove each element of MACsec
configuration.

I don't have strong opinion on the single helper vs a structure
containing pointers to specialized ones, but out of curiosity what's the
benefit of such a move? Future additions and maintainability?

> It is not clear to me whether after your patch series we still need to
> create a macsec virtual device, and that gets offloaded onto its real
> device/PHY device, or if we don't need that all?

After this series, we will still need the virtual MACsec interface. When
using hardware offloading this interface isn't doing much, but it's the
interface used to configure all the MACsec connexions.

This is because, and that's specific to MACsec (vs IPsec), a software
implementation is already supported and it's using a virtual interface
to perform all the MACsec related operations (vs hooks in the Rx/Tx
paths). I really wanted to avoid having two interfaces and ways of
configuring MACsec depending on if the offloading is used.

This should also allow in the future to disable at run-time the
offloading on a given interface, and to still have MACsec working in
software (or the opposite, with extra work). For this to work, the
virtual interface still has to provide an Rx and a Tx functions so that
programs can bind onto the same interface, regardless of if the
offloading is enabled.

Thanks!
Antoine

-- 
Antoine T?nart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com