From: Antoine Tenart <antoine.tenart@bootlin.com>
To: dsahern@gmail.com, sd@queasysnail.net
Cc: Antoine Tenart <antoine.tenart@bootlin.com>, netdev@vger.kernel.org
Subject: [PATCH iproute2-next v2 0/4] macsec: add offloading support
Date: Tue, 3 Mar 2020 11:36:15 +0100 [thread overview]
Message-ID: <20200303103619.818985-1-antoine.tenart@bootlin.com> (raw)
Hello,
This series adds support for selecting and reporting the offloading mode
of a MACsec interface. Available modes are for now 'off' and 'phy',
'off' being the default when an interface is created. Modes are not only
'off' and 'on' as the MACsec operations can be offloaded to multiple
kinds of specialized hardware devices, at least to PHYs and Ethernet
MACs. The later isn't currently supported in the kernel though.
The first patch adds support for reporting the offloading mode currently
selected for a given MACsec interface through the `ip macsec show`
command:
# ip macsec show
18: macsec0: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off
cipher suite: GCM-AES-128, using ICV length 16
TXSC: 3e5035b67c860001 on SA 0
0: PN 1, state on, key 00000000000000000000000000000000
RXSC: b4969112700f0001, state on
0: PN 1, state on, key 01000000000000000000000000000000
-> offload: phy
19: macsec1: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off
cipher suite: GCM-AES-128, using ICV length 16
TXSC: 3e5035b67c880001 on SA 0
1: PN 1, state on, key 00000000000000000000000000000000
RXSC: b4969112700f0001, state on
1: PN 1, state on, key 01000000000000000000000000000000
-> offload: off
The second patch allows an user to change the offloading mode at runtime
through a new subcommand, `ip macsec offload`:
# ip macsec offload macsec0 phy
# ip macsec offload macsec0 off
If a mode isn't supported, `ip macsec offload` will report an issue
(-EOPNOTSUPP).
Giving the offloading mode when a macsec interface is created was
discussed; it is not implemented in this series. It could come later
on, when needed, as we'll still want to support updating the offloading
mode at runtime (what's implemented in this series).
Thanks!
Antoine
Since v1:
- Added an accessor when accessing the offload_str array. Likewise
added an accessor for the existing validate_str array.
- Added a description of the new `macsec offload` command in the man
page.
Antoine Tenart (4):
macsec: report the offloading mode currently selected
macsec: add support for changing the offloading mode
man: document the ip macsec offload command
macsec: add an accessor for validate_str
ip/ipmacsec.c | 83 ++++++++++++++++++++++++++++++++++++++++++--
man/man8/ip-macsec.8 | 7 ++++
2 files changed, 88 insertions(+), 2 deletions(-)
--
2.24.1
next reply other threads:[~2020-03-03 10:36 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-03 10:36 Antoine Tenart [this message]
2020-03-03 10:36 ` [PATCH iproute2-next v2 1/4] macsec: report the offloading mode currently selected Antoine Tenart
2020-03-03 10:36 ` [PATCH iproute2-next v2 2/4] macsec: add support for changing the offloading mode Antoine Tenart
2020-03-03 10:36 ` [PATCH iproute2-next v2 3/4] man: document the ip macsec offload command Antoine Tenart
2020-03-03 10:36 ` [PATCH iproute2-next v2 4/4] macsec: add an accessor for validate_str Antoine Tenart
2020-03-04 20:00 ` [PATCH iproute2-next v2 0/4] macsec: add offloading support David Ahern
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200303103619.818985-1-antoine.tenart@bootlin.com \
--to=antoine.tenart@bootlin.com \
--cc=dsahern@gmail.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).