| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 Jan 2020 11:36:02 +0100 From: Sabrina Dubroca <sd@...asysnail.net> To: David Ahern <dsahern@...il.com> Cc: Antoine Tenart <antoine.tenart@...tlin.com>, netdev@...r.kernel.org Subject: Re: [PATCH iproute2-next 2/2] macsec: add support for changing the offloading mode 2020-01-27, 09:44:09 -0700, David Ahern wrote: > On 1/20/20 1:18 PM, Antoine Tenart wrote: > > MacSEC can now be offloaded to specialized hardware devices. Offloading > > is off by default when creating a new MACsec interface, but the mode can > > be updated at runtime. This patch adds a new subcommand, > > `ip macsec offload`, to allow users to select the offloading mode of a > > MACsec interface. It takes the mode to switch to as an argument, which > > can for now either be 'off' or 'phy': > > > > # ip macsec offload macsec0 phy > > # ip macsec offload macsec0 off > > seems like this should fall under 'ip macsec set ...' > > Sabrina: thoughts? The difference is that the other "set" commands also have an "add"/"del" counterpart. "offload" would only have "set", so that would be a bit inconsistent. Either way seems acceptable. Another possibility is to see offloading as a property of the macsec interface. Then it could be set on creation (ip link add ... type macsec offload phy), or modified by link change, like other device-wide properties (say, icvlen). But then I guess the netlink API would need to be different... In that case, the "offload: X" line of the output should also be integrated with the other device properties (icvlen etc). -- Sabrina
Powered by blists - more mailing lists