lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Mar 2020 16:13:31 +0300 From: Igor Russkikh <irusskikh@...vell.com> To: <netdev@...r.kernel.org> CC: Mark Starovoytov <mstarovoitov@...vell.com>, Sabrina Dubroca <sd@...asysnail.net>, Antoine Tenart <antoine.tenart@...tlin.com>, "Igor Russkikh" <irusskikh@...vell.com> Subject: [PATCH net-next 00/17] net: atlantic: MACSec support for AQC devices This patchset introduces MACSec HW offloading support in Marvell(Aquantia) AQC atlantic driver. This implementation is a joint effort of Marvell developers on top of the work started by Antoine Tenart. The patchset itself was gathered by Mark, macsec functinality itself is implemented by Dmitry, Mark and Pavel Belous. RFC v2: https://patchwork.ozlabs.org/cover/1252204/ RFC v1: https://patchwork.ozlabs.org/cover/1238082/ Several patches introduce backward-incompatible changes and are subject for discussion/drop: 1) patch 0007: multicast/broadcast when offloading is needed to handle ARP requests, because they have broadcast destination address; With this patch we also match and encrypt/decrypt packets between macsec hw and realdev based on device's mac address. This can potentially be used to support multiple macsec offloaded interfaces on top of one realdev. However in some environments this could lead to problems, e.g. the 'bridge over macsec' configuration will expect the packets with unknown src MAC should come through macsec. The patch is questionable, we've used it because our current hw setup and requirements both assume that the decryption is done based on mac address match only. This could be changed by encrypting/decripting all the traffic (except control). 2) patch 0009: real_dev features are now propagated to macsec device (when HW offloading is enabled), otherwise feature set might lead to HW reconfiguration during MACSec configuration. Also, HW offloaded macsec should be able to keep LRO LSO features, since they are transparent for macsec engine (at least in our hardware). Antoine Tenart (4): net: introduce the MACSEC netdev feature net: add a reference to MACsec ops in net_device net: macsec: allow to reference a netdev from a MACsec context net: macsec: add support for offloading to the MAC Dmitry Bogdanov (8): net: macsec: init secy pointer in macsec_context net: macsec: allow multiple macsec devices with offload net: macsec: add support for getting offloaded stats net: atlantic: MACSec offload skeleton net: atlantic: MACSec egress offload HW bindings net: atlantic: MACSec egress offload implementation net: atlantic: MACSec offload statistics HW bindings net: atlantic: MACSec offload statistics implementation Mark Starovoytov (5): net: macsec: support multicast/broadcast when offloading net: macsec: report real_dev features when HW offloading is enabled net: atlantic: MACSec ingress offload HW bindings net: atlantic: MACSec ingress offload implementation net: atlantic: add XPN handling drivers/net/ethernet/aquantia/Kconfig | 1 + .../net/ethernet/aquantia/atlantic/Makefile | 7 +- .../ethernet/aquantia/atlantic/aq_ethtool.c | 160 +- .../net/ethernet/aquantia/atlantic/aq_hw.h | 6 + .../ethernet/aquantia/atlantic/aq_macsec.c | 1840 +++++++++++ .../ethernet/aquantia/atlantic/aq_macsec.h | 133 + .../net/ethernet/aquantia/atlantic/aq_nic.c | 21 +- .../net/ethernet/aquantia/atlantic/aq_nic.h | 6 +- .../ethernet/aquantia/atlantic/aq_pci_func.c | 5 + .../aquantia/atlantic/hw_atl/hw_atl_utils.h | 51 +- .../atlantic/hw_atl/hw_atl_utils_fw2x.c | 69 + .../atlantic/macsec/MSS_Egress_registers.h | 73 + .../atlantic/macsec/MSS_Ingress_registers.h | 77 + .../aquantia/atlantic/macsec/macsec_api.c | 2933 +++++++++++++++++ .../aquantia/atlantic/macsec/macsec_api.h | 323 ++ .../aquantia/atlantic/macsec/macsec_struct.h | 914 +++++ drivers/net/macsec.c | 452 ++- include/linux/netdev_features.h | 3 + include/linux/netdevice.h | 9 + include/net/macsec.h | 29 +- include/uapi/linux/if_link.h | 1 + net/ethtool/common.c | 1 + tools/include/uapi/linux/if_link.h | 1 + 23 files changed, 6934 insertions(+), 181 deletions(-) create mode 100644 drivers/net/ethernet/aquantia/atlantic/aq_macsec.c create mode 100644 drivers/net/ethernet/aquantia/atlantic/aq_macsec.h create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/MSS_Egress_registers.h create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/MSS_Ingress_registers.h create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.c create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.h create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_struct.h -- 2.17.1
Powered by blists - more mailing lists