| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 26 Mar 2023 10:26:33 +0300
From: Emeel Hakim <ehakim@...dia.com>
To: <davem@...emloft.net>, <kuba@...nel.org>, <pabeni@...hat.com>,
<edumazet@...gle.com>, <sd@...asysnail.net>
CC: <netdev@...r.kernel.org>, Emeel Hakim <ehakim@...dia.com>
Subject: [PATCH net-next 1/4] vlan: Add MACsec offload operations for VLAN interface
Add support for MACsec offload operations for VLAN driver
to allow offloading MACsec when VLAN's real device supports
Macsec offload by forwarding the offload request to it.
Signed-off-by: Emeel Hakim <ehakim@...dia.com>
---
net/8021q/vlan_dev.c | 54 +++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 53 insertions(+), 1 deletion(-)
diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c
index 5920544e93e8..7cf1f15340d7 100644
--- a/net/8021q/vlan_dev.c
+++ b/net/8021q/vlan_dev.c
@@ -26,6 +26,7 @@
#include <linux/ethtool.h>
#include <linux/phy.h>
#include <net/arp.h>
+#include <net/macsec.h>
#include "vlan.h"
#include "vlanproc.h"
@@ -572,6 +573,9 @@ static int vlan_dev_init(struct net_device *dev)
NETIF_F_HIGHDMA | NETIF_F_SCTP_CRC |
NETIF_F_ALL_FCOE;
+ if (real_dev->features & NETIF_F_HW_MACSEC)
+ dev->hw_features |= NETIF_F_HW_MACSEC;
+
dev->features |= dev->hw_features | NETIF_F_LLTX;
netif_inherit_tso_max(dev, real_dev);
if (dev->features & NETIF_F_VLAN_FEATURES)
@@ -660,6 +664,9 @@ static netdev_features_t vlan_dev_fix_features(struct net_device *dev,
features |= old_features & (NETIF_F_SOFT_FEATURES | NETIF_F_GSO_SOFTWARE);
features |= NETIF_F_LLTX;
+ if (real_dev->features & NETIF_F_HW_MACSEC)
+ features |= NETIF_F_HW_MACSEC;
+
return features;
}
@@ -803,6 +810,49 @@ static int vlan_dev_fill_forward_path(struct net_device_path_ctx *ctx,
return 0;
}
+#if IS_ENABLED(CONFIG_MACSEC)
+#define VLAN_MACSEC_MDO(mdo) \
+static int vlan_macsec_ ## mdo(struct macsec_context *ctx) \
+{ \
+ const struct macsec_ops *ops; \
+ ops = vlan_dev_priv(ctx->netdev)->real_dev->macsec_ops; \
+ return ops ? ops->mdo_ ## mdo(ctx) : -EOPNOTSUPP; \
+}
+
+#define VLAN_MACSEC_DECLARE_MDO(mdo) vlan_macsec_ ## mdo
+
+VLAN_MACSEC_MDO(add_txsa);
+VLAN_MACSEC_MDO(upd_txsa);
+VLAN_MACSEC_MDO(del_txsa);
+
+VLAN_MACSEC_MDO(add_rxsa);
+VLAN_MACSEC_MDO(upd_rxsa);
+VLAN_MACSEC_MDO(del_rxsa);
+
+VLAN_MACSEC_MDO(add_rxsc);
+VLAN_MACSEC_MDO(upd_rxsc);
+VLAN_MACSEC_MDO(del_rxsc);
+
+VLAN_MACSEC_MDO(add_secy);
+VLAN_MACSEC_MDO(upd_secy);
+VLAN_MACSEC_MDO(del_secy);
+
+static const struct macsec_ops macsec_offload_ops = {
+ .mdo_add_txsa = VLAN_MACSEC_DECLARE_MDO(add_txsa),
+ .mdo_upd_txsa = VLAN_MACSEC_DECLARE_MDO(upd_txsa),
+ .mdo_del_txsa = VLAN_MACSEC_DECLARE_MDO(del_txsa),
+ .mdo_add_rxsc = VLAN_MACSEC_DECLARE_MDO(add_rxsc),
+ .mdo_upd_rxsc = VLAN_MACSEC_DECLARE_MDO(upd_rxsc),
+ .mdo_del_rxsc = VLAN_MACSEC_DECLARE_MDO(del_rxsc),
+ .mdo_add_rxsa = VLAN_MACSEC_DECLARE_MDO(add_rxsa),
+ .mdo_upd_rxsa = VLAN_MACSEC_DECLARE_MDO(upd_rxsa),
+ .mdo_del_rxsa = VLAN_MACSEC_DECLARE_MDO(del_rxsa),
+ .mdo_add_secy = VLAN_MACSEC_DECLARE_MDO(add_secy),
+ .mdo_upd_secy = VLAN_MACSEC_DECLARE_MDO(upd_secy),
+ .mdo_del_secy = VLAN_MACSEC_DECLARE_MDO(del_secy),
+};
+#endif
+
static const struct ethtool_ops vlan_ethtool_ops = {
.get_link_ksettings = vlan_ethtool_get_link_ksettings,
.get_drvinfo = vlan_ethtool_get_drvinfo,
@@ -868,7 +918,9 @@ void vlan_setup(struct net_device *dev)
dev->needs_free_netdev = true;
dev->priv_destructor = vlan_dev_free;
dev->ethtool_ops = &vlan_ethtool_ops;
-
+#if IS_ENABLED(CONFIG_MACSEC)
+ dev->macsec_ops = &macsec_offload_ops;
+#endif
dev->min_mtu = 0;
dev->max_mtu = ETH_MAX_MTU;
--
2.21.3
Powered by blists - more mailing lists