From patchwork Mon Jan 20 20:18:21 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Antoine Tenart X-Patchwork-Id: 1226114 Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=bootlin.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 481jfc1wslz9sPJ for ; Tue, 21 Jan 2020 07:18:31 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726867AbgATUS3 (ORCPT ); Mon, 20 Jan 2020 15:18:29 -0500 Received: from relay5-d.mail.gandi.net ([217.70.183.197]:49295 "EHLO relay5-d.mail.gandi.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726586AbgATUS3 (ORCPT ); Mon, 20 Jan 2020 15:18:29 -0500 X-Originating-IP: 90.76.143.236 Received: from localhost (lfbn-tou-1-1075-236.w90-76.abo.wanadoo.fr [90.76.143.236]) (Authenticated sender: antoine.tenart@bootlin.com) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id 6AEE71C0007; Mon, 20 Jan 2020 20:18:27 +0000 (UTC) From: Antoine Tenart To: dsahern@gmail.com, sd@queasysnail.net Cc: Antoine Tenart , netdev@vger.kernel.org Subject: [PATCH iproute2-next 0/2] macsec: add offloading support Date: Mon, 20 Jan 2020 21:18:21 +0100 Message-Id: <20200120201823.887937-1-antoine.tenart@bootlin.com> X-Mailer: git-send-email 2.24.1 MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Hello, This series adds support for selecting and reporting the offloading mode of a MACsec interface. Available modes are for now 'off' and 'phy', 'off' being the default when an interface is created. Modes are not only 'off' and 'on' as the MACsec operations can be offloaded to multiple kinds of specialized hardware devices, at least to PHYs and Ethernet MACs. The later isn't currently supported in the kernel though. The first patch adds support for reporting the offloading mode currently selected for a given MACsec interface through the `ip macsec show` command: # ip macsec show 18: macsec0: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 3e5035b67c860001 on SA 0 0: PN 1, state on, key 00000000000000000000000000000000 RXSC: b4969112700f0001, state on 0: PN 1, state on, key 01000000000000000000000000000000 -> offload: phy 19: macsec1: protect on validate strict sc off sa off encrypt on send_sci on end_station off scb off replay off cipher suite: GCM-AES-128, using ICV length 16 TXSC: 3e5035b67c880001 on SA 0 1: PN 1, state on, key 00000000000000000000000000000000 RXSC: b4969112700f0001, state on 1: PN 1, state on, key 01000000000000000000000000000000 -> offload: off The second patch allows an user to change the offloading mode at runtime through a new subcommand, `ip macsec offload`: # ip macsec offload macsec0 phy # ip macsec offload macsec0 off If a mode isn't supported, `ip macsec offload` will report an issue (-EOPNOTSUPP). One thing not supported in this series would be the ability to list all supported modes (for now 'off' and 'phy') depending on the h/w interface capabilities. This can come up in a later patch, as this is not critical to get the feature used, but I would like this to be compatible with the current series. I can think of 2 possibilities: either through `ip macsec show` or through `ip macsec offload` (for example when no argument is given). What are your thoughts on this? Thanks! Antoine Antoine Tenart (2): macsec: report the offloading mode currently selected macsec: add support for changing the offloading mode ip/ipmacsec.c | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+)