[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5d42d6c9-2f0c-8913-49ec-50a25860c49f@oss.nxp.com>
Date: Mon, 28 Aug 2023 16:46:02 +0300
From: "Radu Pirea (OSS)" <radu-nicolae.pirea@....nxp.com>
To: Sabrina Dubroca <sd@...asysnail.net>
Cc: andrew@...n.ch, hkallweit1@...il.com, linux@...linux.org.uk,
davem@...emloft.net, edumazet@...gle.com, kuba@...nel.org,
pabeni@...hat.com, richardcochran@...il.com, sebastian.tobuschat@....com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC net-next v2 5/5] net: phy: nxp-c45-tja11xx: implement
mdo_insert_tx_tag
On 28.08.2023 13:17, Sabrina Dubroca wrote:
> 2023-08-24, 12:16:15 +0300, Radu Pirea (NXP OSS) wrote:
>> Implement mdo_insert_tx_tag to insert the TLV header in the ethernet
>> frame.
>>
>> If extscs parameter is set to 1, then the TLV header will contain the
>> TX SC that will be used to encrypt the frame, otherwise the TX SC will
>> be selected using the MAC source address.
>
> In which case would a user choose not to use the SCI? Using the MAC
> address is probably fine in basic setups, but having to fiddle with a
> module parameter (so unloading and reloading the module, which means
> losing network connectivity) to make things work when the setup
> evolves is really not convenient.
>
> Is there a drawback to always using the SCI?
>
I see your concern. If the PHY driver is reloaded, then the offloaded
MACsec configuration will vanish from the hardware. Actually, just a
call to phy_disconnect is enough to break an offloaded MACsec iface and
can be achieved by:
ip link set eth0 down && ip link set eth0 up
The only drawback is related to the PTP frames encryption. Due to
hardware limitations, PHY timestamping + MACsec will not work if the
custom header is inserted. The only way to get this work is by using the
MAC SA selection and running PTP on the real netdev.
--
Radu P.
Powered by blists - more mailing lists