lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <6ebf0541-0830-3df9-121f-ac560822bf1c@gmail.com>
Date:   Wed, 23 Jan 2019 12:16:08 -0800
From:   Florian Fainelli <f.fainelli@...il.com>
To:     Antoine Tenart <antoine.tenart@...tlin.com>, davem@...emloft.net,
        sd@...asysnail.net, andrew@...n.ch, hkallweit1@...il.com
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        thomas.petazzoni@...tlin.com, alexandre.belloni@...tlin.com,
        quentin.schulz@...tlin.com, allan.nielsen@...rochip.com
Subject: Re: [PATCH net-next 06/10] net: introduce a net_device_ops macsec
 helper

On 1/23/19 7:56 AM, Antoine Tenart wrote:
> This patch introduces a net_device_ops MACsec helper to allow net device
> drivers to implement a MACsec offloading solution.
> 
> Signed-off-by: Antoine Tenart <antoine.tenart@...tlin.com>
> ---
>  include/linux/netdevice.h | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index e675ef97a426..ee2f40dca515 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -53,6 +53,10 @@
>  #include <uapi/linux/pkt_cls.h>
>  #include <linux/hashtable.h>
>  
> +#ifdef CONFIG_MACSEC
> +#include <net/macsec.h>
> +#endif

You can provide a forward declaration for struct netdev_macsec and not
have to include that header file.

> +
>  struct netpoll_info;
>  struct device;
>  struct phy_device;
> @@ -1441,6 +1445,10 @@ struct net_device_ops {
>  						u32 flags);
>  	int			(*ndo_xsk_async_xmit)(struct net_device *dev,
>  						      u32 queue_id);
> +#ifdef CONFIG_MACSEC
> +	int			(*ndo_macsec)(struct net_device *dev,
> +					      struct netdev_macsec *macsec);

You would really want to define an API which is more oriented towards
configuring/deconfiguring a MACsec association here, e.g.: similar to
what the IPsec offload ndos offer.

It is not clear to me whether after your patch series we still need to
create a macsec virtual device, and that gets offloaded onto its real
device/PHY device, or if we don't need that all?
-- 
Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ