From: Antoine Tenart <antoine.tenart@bootlin.com>
To: Igor Russkikh <Igor.Russkikh@aquantia.com>
Cc: Andrew Lunn <andrew@lunn.ch>,
Antoine Tenart <antoine.tenart@bootlin.com>,
"davem@davemloft.net" <davem@davemloft.net>,
"sd@queasysnail.net" <sd@queasysnail.net>,
"f.fainelli@gmail.com" <f.fainelli@gmail.com>,
"hkallweit1@gmail.com" <hkallweit1@gmail.com>,
"netdev@vger.kernel.org" <netdev@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"thomas.petazzoni@bootlin.com" <thomas.petazzoni@bootlin.com>,
"alexandre.belloni@bootlin.com" <alexandre.belloni@bootlin.com>,
"allan.nielsen@microchip.com" <allan.nielsen@microchip.com>,
"camelia.groza@nxp.com" <camelia.groza@nxp.com>,
Simon Edelhaus <Simon.Edelhaus@aquantia.com>,
Pavel Belous <Pavel.Belous@aquantia.com>
Subject: Re: [PATCH net-next v2 6/9] net: macsec: hardware offloading infrastructure
Date: Wed, 14 Aug 2019 10:31:38 +0200 [thread overview]
Message-ID: <20190814083138.GE3200@kwain> (raw)
In-Reply-To: <2e3c2307-d414-a531-26cb-064e05fa01fc@aquantia.com>
Hi Igor,
On Tue, Aug 13, 2019 at 04:18:40PM +0000, Igor Russkikh wrote:
> On 13.08.2019 16:17, Andrew Lunn wrote:
> > On Tue, Aug 13, 2019 at 10:58:17AM +0200, Antoine Tenart wrote:
> >> I think this question is linked to the use of a MACsec virtual interface
> >> when using h/w offloading. The starting point for me was that I wanted
> >> to reuse the data structures and the API exposed to the userspace by the
> >> s/w implementation of MACsec. I then had two choices: keeping the exact
> >> same interface for the user (having a virtual MACsec interface), or
> >> registering the MACsec genl ops onto the real net devices (and making
> >> the s/w implementation a virtual net dev and a provider of the MACsec
> >> "offloading" ops).
> >>
> >> The advantages of the first option were that nearly all the logic of the
> >> s/w implementation could be kept and especially that it would be
> >> transparent for the user to use both implementations of MACsec.
> >
> > We have always talked about offloading operations to the hardware,
> > accelerating what the linux stack can do by making use of hardware
> > accelerators. The basic user API should not change because of
> > acceleration. Those are the general guidelines.
> >
> > It would however be interesting to get comments from those who did the
> > software implementation and what they think of this architecture. I've
> > no personal experience with MACSec, so it is hard for me to say if the
> > current architecture makes sense when using accelerators.
>
> In terms of overall concepts, I'd add the following:
>
> 1) With current implementation it's impossible to install SW macsec engine onto
> the device which supports HW offload. That could be a strong limitation in
> cases when user sees HW macsec offload is broken or work differently, and he/she
> wants to replace it with SW one.
> MACSec is a complex feature, and it may happen something is missing in HW.
> Trivial example is 256bit encryption, which is not always a musthave in HW
> implementations.
Agreed. I'm not sure it would be possible to have both used at the same
time but there should be a way to switch between the two
implementations. That is not supported for now, but I think that would
be a good thing, and can probably come later on.
> 2) I think, Antoine, its not totally true that otherwise the user macsec API
> will be broken/changed. netlink api is the same, the only thing we may want to
> add is an optional parameter to force selection of SW macsec engine.
I meant that we can either have a virtual net device representing the
MACsec feature and being the iface used to configure it, or we could
have it only when s/w MACsec is used. That to me is part of the "API",
or at least part of what's exposed to the user.
> I'm also eager to hear from sw macsec users/devs on whats better here.
I'd like more comments as well :)
Thanks!
Antoine
--
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-08-14 8:31 UTC|newest]
Thread overview: 44+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-08 14:05 [PATCH net-next v2 0/9] net: macsec: initial support for hardware offloading Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 1/9] net: introduce the MACSEC netdev feature Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 2/9] net: macsec: move some definitions in a dedicated header Antoine Tenart
2019-08-10 12:19 ` Igor Russkikh
2019-08-12 8:17 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 3/9] net: macsec: introduce the macsec_context structure Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 4/9] net: introduce MACsec ops and add a reference in net_device Antoine Tenart
2019-08-09 20:35 ` Jakub Kicinski
2019-08-12 8:18 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 5/9] net: phy: add MACsec ops in phy_device Antoine Tenart
2019-08-14 23:15 ` Florian Fainelli
2019-08-20 10:07 ` Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 6/9] net: macsec: hardware offloading infrastructure Antoine Tenart
2019-08-10 13:20 ` Igor Russkikh
2019-08-13 8:58 ` Antoine Tenart
2019-08-13 13:17 ` Andrew Lunn
2019-08-13 16:18 ` Igor Russkikh
2019-08-13 16:28 ` Andrew Lunn
2019-08-14 8:32 ` Antoine Tenart
2019-08-14 23:28 ` Florian Fainelli
2019-08-16 13:26 ` Sabrina Dubroca
2019-08-20 10:03 ` Antoine Tenart
2019-08-14 8:31 ` Antoine Tenart [this message]
2019-08-16 13:29 ` Sabrina Dubroca
2019-08-20 10:01 ` Antoine Tenart
2019-08-20 14:41 ` Sabrina Dubroca
2019-08-21 0:01 ` Andrew Lunn
2019-08-21 9:20 ` Igor Russkikh
2019-08-21 9:27 ` allan.nielsen
2019-08-21 9:24 ` allan.nielsen
2019-08-21 10:01 ` Antoine Tenart
2019-08-21 12:01 ` Igor Russkikh
2019-08-16 13:25 ` Sabrina Dubroca
2019-08-20 10:07 ` Antoine Tenart
2019-08-10 16:34 ` Andrew Lunn
2019-08-12 8:15 ` Antoine Tenart
2019-08-13 11:46 ` Igor Russkikh
2019-08-08 14:05 ` [PATCH net-next v2 7/9] net: phy: export __phy_read_page/__phy_write_page Antoine Tenart
2019-08-08 14:05 ` [PATCH net-next v2 8/9] net: phy: mscc: macsec initialization Antoine Tenart
2019-08-10 16:53 ` Andrew Lunn
2019-08-12 8:12 ` Antoine Tenart
2019-08-08 14:06 ` [PATCH net-next v2 9/9] net: phy: mscc: macsec support Antoine Tenart
2019-08-09 11:23 ` [PATCH net-next v2 0/9] net: macsec: initial support for hardware offloading Allan W. Nielsen
2019-08-09 11:40 ` Antoine Tenart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190814083138.GE3200@kwain \
--to=antoine.tenart@bootlin.com \
--cc=Igor.Russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=Simon.Edelhaus@aquantia.com \
--cc=alexandre.belloni@bootlin.com \
--cc=allan.nielsen@microchip.com \
--cc=andrew@lunn.ch \
--cc=camelia.groza@nxp.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=hkallweit1@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).