net: macsec: add support for specifying offload upon link creation
This patch adds new netlink attribute to allow a user to (optionally) specify the desired offload mode immediately upon MACSec link creation. Separate iproute patch will be required to support this from user space. Signed-off-by: Mark Starovoytov <mstarovoitov@marvell.com> Signed-off-by: Igor Russkikh <irusskikh@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Mark Starovoytov
David S. Miller
parent
f0b5989745
commit
791bb3fcaf
3 changed files with 31 additions and 2 deletions
|
|
@ -1469,6 +1469,11 @@ static struct net_device *get_dev_from_nl(struct net *net,
|
||||||
return dev;
|
return dev;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static enum macsec_offload nla_get_offload(const struct nlattr *nla)
|
||||||
|
{
|
||||||
|
return (__force enum macsec_offload)nla_get_u8(nla);
|
||||||
|
}
|
||||||
|
|
||||||
static sci_t nla_get_sci(const struct nlattr *nla)
|
static sci_t nla_get_sci(const struct nlattr *nla)
|
||||||
{
|
{
|
||||||
return (__force sci_t)nla_get_u64(nla);
|
return (__force sci_t)nla_get_u64(nla);
|
||||||
|
|
@ -4012,8 +4017,16 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
|
||||||
|
|
||||||
macsec->real_dev = real_dev;
|
macsec->real_dev = real_dev;
|
||||||
|
|
||||||
/* MACsec offloading is off by default */
|
if (data && data[IFLA_MACSEC_OFFLOAD])
|
||||||
macsec->offload = MACSEC_OFFLOAD_OFF;
|
macsec->offload = nla_get_offload(data[IFLA_MACSEC_OFFLOAD]);
|
||||||
|
else
|
||||||
|
/* MACsec offloading is off by default */
|
||||||
|
macsec->offload = MACSEC_OFFLOAD_OFF;
|
||||||
|
|
||||||
|
/* Check if the offloading mode is supported by the underlying layers */
|
||||||
|
if (macsec->offload != MACSEC_OFFLOAD_OFF &&
|
||||||
|
!macsec_check_offload(macsec->offload, macsec))
|
||||||
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
if (data && data[IFLA_MACSEC_ICV_LEN])
|
if (data && data[IFLA_MACSEC_ICV_LEN])
|
||||||
icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
|
icv_len = nla_get_u8(data[IFLA_MACSEC_ICV_LEN]);
|
||||||
|
|
@ -4056,6 +4069,20 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
|
||||||
goto del_dev;
|
goto del_dev;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* If h/w offloading is available, propagate to the device */
|
||||||
|
if (macsec_is_offloaded(macsec)) {
|
||||||
|
const struct macsec_ops *ops;
|
||||||
|
struct macsec_context ctx;
|
||||||
|
|
||||||
|
ops = macsec_get_ops(macsec, &ctx);
|
||||||
|
if (ops) {
|
||||||
|
ctx.secy = &macsec->secy;
|
||||||
|
err = macsec_offload(ops->mdo_add_secy, &ctx);
|
||||||
|
if (err)
|
||||||
|
goto del_dev;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
err = register_macsec_dev(real_dev, dev);
|
err = register_macsec_dev(real_dev, dev);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto del_dev;
|
goto del_dev;
|
||||||
|
|
|
||||||
|
|
@ -463,6 +463,7 @@ enum {
|
||||||
IFLA_MACSEC_REPLAY_PROTECT,
|
IFLA_MACSEC_REPLAY_PROTECT,
|
||||||
IFLA_MACSEC_VALIDATION,
|
IFLA_MACSEC_VALIDATION,
|
||||||
IFLA_MACSEC_PAD,
|
IFLA_MACSEC_PAD,
|
||||||
|
IFLA_MACSEC_OFFLOAD,
|
||||||
__IFLA_MACSEC_MAX,
|
__IFLA_MACSEC_MAX,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -463,6 +463,7 @@ enum {
|
||||||
IFLA_MACSEC_REPLAY_PROTECT,
|
IFLA_MACSEC_REPLAY_PROTECT,
|
||||||
IFLA_MACSEC_VALIDATION,
|
IFLA_MACSEC_VALIDATION,
|
||||||
IFLA_MACSEC_PAD,
|
IFLA_MACSEC_PAD,
|
||||||
|
IFLA_MACSEC_OFFLOAD,
|
||||||
__IFLA_MACSEC_MAX,
|
__IFLA_MACSEC_MAX,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue