lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200128103602.GA635468@bistromath.localdomain>
Date:   Tue, 28 Jan 2020 11:36:02 +0100
From:   Sabrina Dubroca <sd@...asysnail.net>
To:     David Ahern <dsahern@...il.com>
Cc:     Antoine Tenart <antoine.tenart@...tlin.com>, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2-next 2/2] macsec: add support for changing the
 offloading mode

2020-01-27, 09:44:09 -0700, David Ahern wrote:
> On 1/20/20 1:18 PM, Antoine Tenart wrote:
> > MacSEC can now be offloaded to specialized hardware devices. Offloading
> > is off by default when creating a new MACsec interface, but the mode can
> > be updated at runtime. This patch adds a new subcommand,
> > `ip macsec offload`, to allow users to select the offloading mode of a
> > MACsec interface. It takes the mode to switch to as an argument, which
> > can for now either be 'off' or 'phy':
> > 
> >   # ip macsec offload macsec0 phy
> >   # ip macsec offload macsec0 off
> 
> seems like this should fall under 'ip macsec set ...'
> 
> Sabrina: thoughts?

The difference is that the other "set" commands also have an
"add"/"del" counterpart. "offload" would only have "set", so that
would be a bit inconsistent. Either way seems acceptable.

Another possibility is to see offloading as a property of the macsec
interface. Then it could be set on creation (ip link add ... type
macsec offload phy), or modified by link change, like other
device-wide properties (say, icvlen). But then I guess the netlink API
would need to be different... In that case, the "offload: X" line of
the output should also be integrated with the other device properties
(icvlen etc).

-- 
Sabrina

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ