From: Antoine Tenart <antoine.tenart@bootlin.com>
To: David Miller <davem@davemloft.net>
Cc: antoine.tenart@bootlin.com, sd@queasysnail.net, andrew@lunn.ch,
f.fainelli@gmail.com, hkallweit1@gmail.com,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
thomas.petazzoni@bootlin.com, alexandre.belloni@bootlin.com,
allan.nielsen@microchip.com, camelia.groza@nxp.com,
Simon.Edelhaus@aquantia.com, Igor.Russkikh@aquantia.com,
jakub.kicinski@netronome.com
Subject: Re: [PATCH net-next v3 06/15] net: macsec: add nla support for changing the offloading selection
Date: Mon, 16 Dec 2019 09:46:41 +0100 [thread overview]
Message-ID: <20191216084641.GA288774@kwain> (raw)
In-Reply-To: <20191215.134452.1354053731963113491.davem@davemloft.net>
Hello David,
On Sun, Dec 15, 2019 at 01:44:52PM -0800, David Miller wrote:
> From: Antoine Tenart <antoine.tenart@bootlin.com>
> Date: Fri, 13 Dec 2019 16:48:35 +0100
>
> > +static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
> > +{
>
> This function is over the top and in fact confusing.
>
> Really, if you want to make semantics sane, you have to require that no
> rules are installed when enabling offloading. The required sequence of
> events if "enable offloading, add initial rules".
>
> > + /* Check the physical interface isn't offloading another interface
> > + * first.
> > + */
> > + for_each_net(loop_net) {
> > + for_each_netdev(loop_net, loop_dev) {
> > + struct macsec_dev *priv;
> > +
> > + if (!netif_is_macsec(loop_dev))
> > + continue;
> > +
> > + priv = macsec_priv(loop_dev);
> > +
> > + if (!macsec_check_offload(MACSEC_OFFLOAD_PHY, priv))
> > + continue;
> > +
> > + if (priv->offload != MACSEC_OFFLOAD_OFF)
> > + return -EBUSY;
> > + }
> > + }
>
> You are rejecting the enabling of offloading on one interface if any
> interface in the entire system is doing macsec offload? That doesn't
> make any sense at all.
You're right, it doesn't make sense to check all the interfaces in the
entire system.
> Really, just require that a macsec interface is "clean" (no rules installed
> yet) in order to enable offloading.
This would allow two different virtual MACsec interfaces with the same
underlying hardware device to be offloaded. This is problematic as we
would have no way to distinguish ingress packets between the two: once
an ingress packet has been processed by the MACsec hardware block we
have no way to retrieve the MACsec parameters specific to this packet,
and we can't know to which MACsec flow the packet is related.
The above check was in fact reworked in between v2 and v3 and an
important part disappeared: the idea was to check the underlying
interface was not already offloading another virtual MACsec interface.
The last check (was and) should be:
if (priv->real_dev == real_dev && priv->offload != MACSEC_OFFLOAD_OFF)
return -EBUSY;
Thanks!
Antoine
--
Antoine Ténart, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
next prev parent reply other threads:[~2019-12-16 8:46 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-12-13 15:48 [PATCH net-next v3 00/15] net: macsec: initial support for hardware offloading Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 01/15] net: macsec: move some definitions in a dedicated header Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 02/15] net: macsec: introduce the macsec_context structure Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 03/15] net: macsec: introduce MACsec ops Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 04/15] net: phy: add MACsec ops in phy_device Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 05/15] net: macsec: hardware offloading infrastructure Antoine Tenart
2019-12-18 13:40 ` [EXT] " Igor Russkikh
2019-12-18 14:01 ` Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 06/15] net: macsec: add nla support for changing the offloading selection Antoine Tenart
2019-12-15 21:44 ` David Miller
2019-12-16 8:46 ` Antoine Tenart [this message]
2019-12-13 15:48 ` [PATCH net-next v3 07/15] net: phy: export __phy_read_page/__phy_write_page Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 08/15] net: phy: mscc: macsec initialization Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 09/15] net: phy: mscc: macsec support Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 10/15] net: macsec: PN wrap callback Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 11/15] net: phy: mscc: PN rollover support Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 12/15] net: introduce the MACSEC netdev feature Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 13/15] net: add a reference to MACsec ops in net_device Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 14/15] net: macsec: allow to reference a netdev from a MACsec context Antoine Tenart
2019-12-13 15:48 ` [PATCH net-next v3 15/15] net: macsec: add support for offloading to the MAC Antoine Tenart
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191216084641.GA288774@kwain \
--to=antoine.tenart@bootlin.com \
--cc=Igor.Russkikh@aquantia.com \
--cc=Simon.Edelhaus@aquantia.com \
--cc=alexandre.belloni@bootlin.com \
--cc=allan.nielsen@microchip.com \
--cc=andrew@lunn.ch \
--cc=camelia.groza@nxp.com \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=hkallweit1@gmail.com \
--cc=jakub.kicinski@netronome.com \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
--cc=thomas.petazzoni@bootlin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).