lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 16 Nov 2023 10:28:58 -0800
From: Rahul Rameshbabu <rrameshbabu@...dia.com>
To: netdev@...r.kernel.org
Cc: Leon Romanovsky <leon@...nel.org>,
	Saeed Mahameed <saeed@...nel.org>,
	Gal Pressman <gal@...dia.com>,
	Tariq Toukan <tariqt@...dia.com>,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Rahul Rameshbabu <rrameshbabu@...dia.com>,
	Sabrina Dubroca <sd@...asysnail.net>
Subject: [PATCH RFC net-next v1 1/3] macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads

Cannot know whether a Rx skb missing md_dst is intended for MACsec or not
without knowing whether the device is able to update this field during an
offload. Assume that an offload to a MACsec device cannot support updating
md_dst by default. Capable devices can advertise that they do indicate that
an skb is related to a MACsec offloaded packet using the md_dst.

Cc: Sabrina Dubroca <sd@...asysnail.net>
Signed-off-by: Rahul Rameshbabu <rrameshbabu@...dia.com>
---
 drivers/net/macsec.c | 3 +++
 include/net/macsec.h | 1 +
 2 files changed, 4 insertions(+)

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index 9663050a852d..8c0b12490e89 100644
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -93,6 +93,7 @@ struct pcpu_secy_stats {
  * @secys: linked list of SecY's on the underlying device
  * @gro_cells: pointer to the Generic Receive Offload cell
  * @offload: status of offloading on the MACsec device
+ * @offload_md_dst: whether MACsec device offload supports sk_buff md_dst
  */
 struct macsec_dev {
 	struct macsec_secy secy;
@@ -102,6 +103,7 @@ struct macsec_dev {
 	struct list_head secys;
 	struct gro_cells gro_cells;
 	enum macsec_offload offload;
+	bool offload_md_dst;
 };
 
 /**
@@ -3525,6 +3527,7 @@ static int macsec_dev_open(struct net_device *dev)
 		}
 
 		ctx.secy = &macsec->secy;
+		ctx.offload_md_dst = &macsec->offload_md_dst;
 		err = macsec_offload(ops->mdo_dev_open, &ctx);
 		if (err)
 			goto clear_allmulti;
diff --git a/include/net/macsec.h b/include/net/macsec.h
index ebf9bc54036a..09ca118d2df6 100644
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -255,6 +255,7 @@ struct macsec_context {
 	};
 	enum macsec_offload offload;
 
+	bool *offload_md_dst;
 	struct macsec_secy *secy;
 	struct macsec_rx_sc *rx_sc;
 	struct {
-- 
2.40.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ