From patchwork Fri Apr 24 08:38:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 220628 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C8E27C2BA1A for ; Fri, 24 Apr 2020 08:39:08 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id A119E20728 for ; Fri, 24 Apr 2020 08:39:08 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=marvell.com header.i=@marvell.com header.b="hgNVBG1b" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726699AbgDXIjI (ORCPT ); Fri, 24 Apr 2020 04:39:08 -0400 Received: from mx0b-0016f401.pphosted.com ([67.231.156.173]:20576 "EHLO mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726383AbgDXIjH (ORCPT ); Fri, 24 Apr 2020 04:39:07 -0400 Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03O8ZmwS026536; Fri, 24 Apr 2020 01:39:06 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0818; bh=9QuR3BgF7gSO+TF73rZJRPAEpcka20p8EDsgraG7cr4=; b=hgNVBG1bYCOntlwZeKA9g8zYkuHWesRI2cPVjQP/g6YPga3IKZdQ+jWyKkLTRk5ziE6f RKMI35y9MsHK9rx9KeLm9PZZ1DiwELGsh+LBZ0+LQ+oG6iit2ZzyaZEWC0+3VNqMLGHj dbb79Tei0jyWU7Is5Ca3qJKlMToQ7VmPCIogrzcmb69z0Jk8Z71Eub/J8VKYUHlUIcdc BoUqCyt4FygwjOg6TZeljboJ+S7aQH1ktr26kxhsuCXsb4DkLCgchEfw5ccZvWscaLOK 3hBa86MivxlYlzT8RMg/w0wKafP36lV9iiQ9iWv1EGACuZIAslA3GPiIcQqjaYstXWBl 4A== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0b-0016f401.pphosted.com with ESMTP id 30kfdsbcg9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 01:39:06 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 01:39:03 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 24 Apr 2020 01:39:04 -0700 Received: from NN-LT0019.marvell.com (unknown [10.193.46.2]) by maili.marvell.com (Postfix) with ESMTP id 4DA163F7044; Fri, 24 Apr 2020 01:39:02 -0700 (PDT) From: Igor Russkikh To: CC: , , Mark Starovoytov , Igor Russkikh Subject: [PATCH iproute2-next 1/2] macsec: add support for MAC offload Date: Fri, 24 Apr 2020 11:38:56 +0300 Message-ID: <20200424083857.1265-2-irusskikh@marvell.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200424083857.1265-1-irusskikh@marvell.com> References: <20200424083857.1265-1-irusskikh@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_02:2020-04-23,2020-04-24 signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Mark Starovoytov This patch enables MAC HW offload usage in iproute, since MACSec implementation supports it now. Signed-off-by: Mark Starovoytov Signed-off-by: Igor Russkikh --- ip/ipmacsec.c | 3 ++- man/man8/ip-macsec.8 | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c index 4e500e4e..d214b101 100644 --- a/ip/ipmacsec.c +++ b/ip/ipmacsec.c @@ -34,6 +34,7 @@ static const char * const validate_str[] = { static const char * const offload_str[] = { [MACSEC_OFFLOAD_OFF] = "off", [MACSEC_OFFLOAD_PHY] = "phy", + [MACSEC_OFFLOAD_MAC] = "mac", }; struct sci { @@ -98,7 +99,7 @@ static void ipmacsec_usage(void) " ip macsec del DEV rx SCI sa { 0..3 }\n" " ip macsec show\n" " ip macsec show DEV\n" - " ip macsec offload DEV [ off | phy ]\n" + " ip macsec offload DEV [ off | phy | mac ]\n" "where OPTS := [ pn ] [ on | off ]\n" " ID := 128-bit hex string\n" " KEY := 128-bit or 256-bit hex string\n" diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 index d5f9d240..b2ee7bee 100644 --- a/man/man8/ip-macsec.8 +++ b/man/man8/ip-macsec.8 @@ -54,7 +54,7 @@ ip-macsec \- MACsec device configuration .RI "{ " 0..3 " }" .BI "ip macsec offload " DEV -.RB "{ " off " | " phy " }" +.RB "{ " off " | " phy " | " mac " }" .B ip macsec show .RI [ " DEV " ] From patchwork Fri Apr 24 08:38:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Igor Russkikh X-Patchwork-Id: 220627 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.5 required=3.0 tests=DKIM_INVALID,DKIM_SIGNED, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C0E4DC2BA1A for ; Fri, 24 Apr 2020 08:39:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 9EA5D20728 for ; Fri, 24 Apr 2020 08:39:12 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="key not found in DNS" (0-bit key) header.d=marvell.com header.i=@marvell.com header.b="cud4atK6" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726731AbgDXIjM (ORCPT ); Fri, 24 Apr 2020 04:39:12 -0400 Received: from mx0b-0016f401.pphosted.com ([67.231.156.173]:36752 "EHLO mx0b-0016f401.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726383AbgDXIjL (ORCPT ); Fri, 24 Apr 2020 04:39:11 -0400 Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03O8a2jN026673; Fri, 24 Apr 2020 01:39:09 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-type; s=pfpt0818; bh=0a52gfI0mDrT3jOTxWY44wvZqA1iaR7BjoKPP92+7Rk=; b=cud4atK6X4AA6bOoHUfvqNXlwo3KLgyyb73EBwQGWFsscHIzbCuWTOiWaMSOhJ38DuJx Lr/GWqlaoEXBeBIHptVOiuY3oG4EhFyD6mREVyTq1mx7E3sDqbN37ZEXmE5EFa4lHpuw f4zsgRIOoKa1TdD8OLvDG6keD7N6GIV5hP4Xo4wYpz6e+8KSP0ROkGiAZ9rtPDctBhkT FfyIXviboxnzEYCGX6dvVoLE5KqwFCDLemkAPyfvoJV7Di2VmkXDinoSER00/a0z0TGX 2gbxFSXzeZRcJMYjqoebpzidhaYFTzP77u8HvElrKsHQ57G9OdtdJO5PWTbhAgq8o9l5 jA== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0b-0016f401.pphosted.com with ESMTP id 30kfdsbcgd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Fri, 24 Apr 2020 01:39:09 -0700 Received: from DC5-EXCH02.marvell.com (10.69.176.39) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 01:39:07 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Fri, 24 Apr 2020 01:39:06 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Fri, 24 Apr 2020 01:39:06 -0700 Received: from NN-LT0019.marvell.com (unknown [10.193.46.2]) by maili.marvell.com (Postfix) with ESMTP id B1FDA3F703F; Fri, 24 Apr 2020 01:39:04 -0700 (PDT) From: Igor Russkikh To: CC: , , Mark Starovoytov , Igor Russkikh Subject: [PATCH iproute2-next 2/2] macsec: add support for specifying offload at link add time Date: Fri, 24 Apr 2020 11:38:57 +0300 Message-ID: <20200424083857.1265-3-irusskikh@marvell.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200424083857.1265-1-irusskikh@marvell.com> References: <20200424083857.1265-1-irusskikh@marvell.com> MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138, 18.0.676 definitions=2020-04-24_02:2020-04-23,2020-04-24 signatures=0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Mark Starovoytov This patch adds support for configuring offload mode upon MACsec device creation. If offload mode is not specified, then netlink attribute is not added. Default behavior on the kernel side in this case is backward-compatible (offloading is disabled by default). Example: $ ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac Signed-off-by: Mark Starovoytov Signed-off-by: Igor Russkikh --- ip/ipmacsec.c | 20 ++++++++++++++++++++ man/man8/ip-macsec.8 | 8 +++++++- 2 files changed, 27 insertions(+), 1 deletion(-) diff --git a/ip/ipmacsec.c b/ip/ipmacsec.c index d214b101..18289ecd 100644 --- a/ip/ipmacsec.c +++ b/ip/ipmacsec.c @@ -1220,6 +1220,15 @@ static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) validate_to_str(val)); } + if (tb[IFLA_MACSEC_OFFLOAD]) { + __u8 val = rta_getattr_u8(tb[IFLA_MACSEC_OFFLOAD]); + + print_string(PRINT_ANY, + "offload", + "offload %s ", + offload_to_str(val)); + } + const char *inc_sci, *es, *replay; if (is_json_context()) { @@ -1268,6 +1277,7 @@ static void usage(FILE *f) " [ replay { on | off} window { 0..2^32-1 } ]\n" " [ validate { strict | check | disabled } ]\n" " [ encodingsa { 0..3 } ]\n" + " [ offload { mac | phy | off } ]\n" ); } @@ -1277,6 +1287,7 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, int ret; __u8 encoding_sa = 0xff; __u32 window = -1; + enum macsec_offload offload; struct cipher_args cipher = {0}; enum macsec_validation_type validate; bool es = false, scb = false, send_sci = false; @@ -1398,6 +1409,15 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv, ret = get_an(&encoding_sa, *argv); if (ret) invarg("expected an { 0..3 }", *argv); + } else if (strcmp(*argv, "offload") == 0) { + NEXT_ARG(); + ret = one_of("offload", *argv, + offload_str, ARRAY_SIZE(offload_str), + (int *)&offload); + if (ret != 0) + return ret; + addattr8(n, MACSEC_BUFLEN, + IFLA_MACSEC_OFFLOAD, offload); } else { fprintf(stderr, "macsec: unknown command \"%s\"?\n", *argv); diff --git a/man/man8/ip-macsec.8 b/man/man8/ip-macsec.8 index b2ee7bee..8e9175c5 100644 --- a/man/man8/ip-macsec.8 +++ b/man/man8/ip-macsec.8 @@ -23,6 +23,8 @@ ip-macsec \- MACsec device configuration ] [ .BR validate " { " strict " | " check " | " disabled " } ] [" .BI encodingsa " SA" +] [ +.BR offload " { " off " | " phy " | " mac " }" ] .BI "ip macsec add " DEV " tx sa" @@ -86,7 +88,7 @@ type. .SH EXAMPLES .PP -.SS Create a MACsec device on link eth0 +.SS Create a MACsec device on link eth0 (offload is disabled by default) .nf # ip link add link eth0 macsec0 type macsec port 11 encrypt on .PP @@ -109,6 +111,10 @@ type. .SS Configure offloading on an interface .nf # ip macsec offload macsec0 phy +.PP +.SS Configure offloading upon MACsec device creation +.nf +# ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac .SH NOTES This tool can be used to configure the 802.1AE keys of the interface. Note that 802.1AE uses GCM-AES