From: Antoine Tenart <antoine.tenart@bootlin.com>
To: Igor Russkikh <Igor.Russkikh@aquantia.com>
Cc: Andrew Lunn <andrew@lunn.ch>,
Antoine Tenart <antoine.tenart@bootlin.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"sd@queasysnail.net" <sd@queasysnail.net>,
"f.fainelli@gmail.com" <f.fainelli@gmail.com>,
"hkallweit1@gmail.com" <hkallweit1@gmail.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"thomas.petazzoni@bootlin.com" <thomas.petazzoni@bootlin.com>,
"alexandre.belloni@bootlin.com" <alexandre.belloni@bootlin.com>,
"allan.nielsen@microchip.com" <allan.nielsen@microchip.com>,
"camelia.groza@nxp.com" <camelia.groza@nxp.com>,
Simon Edelhaus <Simon.Edelhaus@aquantia.com>,
Pavel Belous <Pavel.Belous@aquantia.com>
Subject: Re: [PATCH net-next v2 6/9] net: macsec: hardware offloading infrastructure
Date: Wed, 14 Aug 2019 10:31:38 +0200 [thread overview]
Message-ID: <20190814083138.GE3200@kwain> (raw)
In-Reply-To: <2e3c2307-d414-a531-26cb-064e05fa01fc@aquantia.com>
Hi Igor,
On Tue, Aug 13, 2019 at 04:18:40PM +0000, Igor Russkikh wrote:
> On 13.08.2019 16:17, Andrew Lunn wrote:
> > On Tue, Aug 13, 2019 at 10:58:17AM +0200, Antoine Tenart wrote:
> >> I think this question is linked to the use of a MACsec virtual interface
> >> when using h/w offloading. The starting point for me was that I wanted
> >> to reuse the data structures and the API exposed to the userspace by the
> >> s/w implementation of MACsec. I then had two choices: keeping the exact
> >> same interface for the user (having a virtual MACsec interface), or
> >> registering the MACsec genl ops onto the real net devices (and making
> >> the s/w implementation a virtual net dev and a provider of the MACsec
> >> "offloading" ops).
> >>
> >> The advantages of the first option were that nearly all the logic of the
> >> s/w implementation could be kept and especially that it would be
> >> transparent for the user to use both implementations of MACsec.
> >
> > We have always talked about offloading operations to the hardware,
> > accelerating what the linux stack can do by making use of hardware
> > accelerators. The basic user API should not change because of
> > acceleration. Those are the general guidelines.
> >
> > It would however be interesting to get comments from those who did the
> > software implementation and what they think of this architecture. I've
> > no personal experience with MACSec, so it is hard for me to say if the
> > current architecture makes sense when using accelerators.
>
> In terms of overall concepts, I'd add the following:
>
> 1) With current implementation it's impossible to install SW macsec engine onto
> the device which supports HW offload. That could be a strong limitation in
> cases when user sees HW macsec offload is broken or work differently, and he/she
> wants to replace it with SW one.
> MACSec is a complex feature, and it may happen something is missing in HW.
> Trivial example is 256bit encryption, which is not always a musthave in HW
> implementations.
Agreed. I'm not sure it would be possible to have both used at the same
time but there should be a way to switch between the two
implementations. That is not supported for now, but I think that would
be a good thing, and can probably come later on.
> 2) I think, Antoine, its not totally true that otherwise the user macsec API
> will be broken/changed. netlink api is the same, the only thing we may want to
> add is an optional parameter to force selection of SW macsec engine.
I meant that we can either have a virtual net device representing the
MACsec feature and being the iface used to configure it, or we could
have it only when s/w MACsec is used. That to me is part of the "API",
or at least part of what's exposed to the user.
> I'm also eager to hear from sw macsec users/devs on whats better here.
I'd like more comments as well :)
Thanks!
Antoine
--
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-08-14 8:31 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-08 14:05 [PATCH net-next v2 0/9] net: macsec: initial support for hardware offloading Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 1/9] net: introduce the MACSEC netdev feature Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 2/9] net: macsec: move some definitions in a dedicated header Antoine Tenart
2019-08-10 12:19 ` Igor Russkikh
2019-08-12 8:17 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 3/9] net: macsec: introduce the macsec_context structure Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 4/9] net: introduce MACsec ops and add a reference in net_device Antoine Tenart
2019-08-09 20:35 ` Jakub Kicinski
2019-08-12 8:18 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 5/9] net: phy: add MACsec ops in phy_device Antoine Tenart
2019-08-14 23:15 ` Florian Fainelli
2019-08-20 10:07 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 6/9] net: macsec: hardware offloading infrastructure Antoine Tenart
2019-08-10 13:20 ` Igor Russkikh
2019-08-13 8:58 ` Antoine Tenart
2019-08-13 13:17 ` Andrew Lunn
2019-08-13 16:18 ` Igor Russkikh
2019-08-13 16:28 ` Andrew Lunn
2019-08-14 8:32 ` Antoine Tenart
2019-08-14 23:28 ` Florian Fainelli
2019-08-16 13:26 ` Sabrina Dubroca
2019-08-20 10:03 ` Antoine Tenart
2019-08-14 8:31 ` Antoine Tenart [this message]
2019-08-16 13:29 ` Sabrina Dubroca
2019-08-20 10:01 ` Antoine Tenart
2019-08-20 14:41 ` Sabrina Dubroca
2019-08-21 0:01 ` Andrew Lunn
2019-08-21 9:20 ` Igor Russkikh
2019-08-21 9:27 ` allan.nielsen
2019-08-21 9:24 ` allan.nielsen
2019-08-21 10:01 ` Antoine Tenart
2019-08-21 12:01 ` Igor Russkikh
2019-08-16 13:25 ` Sabrina Dubroca
2019-08-20 10:07 ` Antoine Tenart
2019-08-10 16:34 ` Andrew Lunn
2019-08-12 8:15 ` Antoine Tenart
2019-08-13 11:46 ` Igor Russkikh
2019-08-08 14:05 ` [PATCH net-next v2 7/9] net: phy: export __phy_read_page/__phy_write_page Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 8/9] net: phy: mscc: macsec initialization Antoine Tenart
2019-08-10 16:53 ` Andrew Lunn
2019-08-12 8:12 ` Antoine Tenart
2019-08-08 14:06 ` [PATCH net-next v2 9/9] net: phy: mscc: macsec support Antoine Tenart
2019-08-09 11:23 ` [PATCH net-next v2 0/9] net: macsec: initial support for hardware offloading Allan W. Nielsen
2019-08-09 11:40 ` Antoine Tenart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814083138.GE3200@kwain \
--to=antoine.tenart@bootlin.com \
--cc=Igor.Russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=Simon.Edelhaus@aquantia.com \
--cc=alexandre.belloni@bootlin.com \
--cc=allan.nielsen@microchip.com \
--cc=andrew@lunn.ch \
--cc=camelia.groza@nxp.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=hkallweit1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.