From: Igor Russkikh <irusskikh@marvell.com>
To: <netdev@vger.kernel.org>
Cc: Mark Starovoytov <mstarovoitov@marvell.com>,
Sabrina Dubroca <sd@queasysnail.net>,
Antoine Tenart <antoine.tenart@bootlin.com>,
"Igor Russkikh" <irusskikh@marvell.com>
Subject: [PATCH v2 net-next 00/17] net: atlantic: MACSec support for AQC devices
Date: Wed, 25 Mar 2020 15:52:29 +0300 [thread overview]
Message-ID: <20200325125246.987-1-irusskikh@marvell.com> (raw)
This patchset introduces MACSec HW offloading support in
Marvell(Aquantia) AQC atlantic driver.
This implementation is a joint effort of Marvell developers on top of
the work started by Antoine Tenart.
v2:
* clean up the generated code (removed useless bit operations);
* use WARN_ONCE to avoid log spam;
* use put_unaligned_be64;
* removed trailing \0 and length limit for format strings;
v1: https://patchwork.ozlabs.org/cover/1259998/
RFC v2: https://patchwork.ozlabs.org/cover/1252204/
RFC v1: https://patchwork.ozlabs.org/cover/1238082/
Several patches introduce backward-incompatible changes and are
subject for discussion/drop:
1) patch 0007:
multicast/broadcast when offloading is needed to handle ARP requests,
because they have broadcast destination address;
With this patch we also match and encrypt/decrypt packets between macsec
hw and realdev based on device's mac address.
This can potentially be used to support multiple macsec offloaded
interfaces on top of one realdev.
However in some environments this could lead to problems, e.g. the
'bridge over macsec' configuration will expect the packets with unknown
src MAC should come through macsec.
The patch is questionable, we've used it because our current hw setup
and requirements both assume that the decryption is done based on mac
address match only.
This could be changed by encrypting/decripting all the traffic (except
control).
2) patch 0009:
real_dev features are now propagated to macsec device (when HW
offloading is enabled), otherwise feature set might lead to HW
reconfiguration during MACSec configuration.
Also, HW offloaded macsec should be able to keep LRO LSO features,
since they are transparent for macsec engine (at least in our hardware).
Antoine Tenart (4):
net: introduce the MACSEC netdev feature
net: add a reference to MACsec ops in net_device
net: macsec: allow to reference a netdev from a MACsec context
net: macsec: add support for offloading to the MAC
Dmitry Bogdanov (8):
net: macsec: init secy pointer in macsec_context
net: macsec: allow multiple macsec devices with offload
net: macsec: add support for getting offloaded stats
net: atlantic: MACSec offload skeleton
net: atlantic: MACSec egress offload HW bindings
net: atlantic: MACSec egress offload implementation
net: atlantic: MACSec offload statistics HW bindings
net: atlantic: MACSec offload statistics implementation
Mark Starovoytov (5):
net: macsec: support multicast/broadcast when offloading
net: macsec: report real_dev features when HW offloading is enabled
net: atlantic: MACSec ingress offload HW bindings
net: atlantic: MACSec ingress offload implementation
net: atlantic: add XPN handling
drivers/net/ethernet/aquantia/Kconfig | 1 +
.../net/ethernet/aquantia/atlantic/Makefile | 7 +-
.../ethernet/aquantia/atlantic/aq_ethtool.c | 160 +-
.../net/ethernet/aquantia/atlantic/aq_hw.h | 6 +
.../ethernet/aquantia/atlantic/aq_macsec.c | 1777 ++++++++++++
.../ethernet/aquantia/atlantic/aq_macsec.h | 133 +
.../net/ethernet/aquantia/atlantic/aq_nic.c | 21 +-
.../net/ethernet/aquantia/atlantic/aq_nic.h | 6 +-
.../ethernet/aquantia/atlantic/aq_pci_func.c | 5 +
.../aquantia/atlantic/hw_atl/hw_atl_utils.h | 51 +-
.../atlantic/hw_atl/hw_atl_utils_fw2x.c | 69 +
.../atlantic/macsec/MSS_Egress_registers.h | 73 +
.../atlantic/macsec/MSS_Ingress_registers.h | 77 +
.../aquantia/atlantic/macsec/macsec_api.c | 2473 +++++++++++++++++
.../aquantia/atlantic/macsec/macsec_api.h | 323 +++
.../aquantia/atlantic/macsec/macsec_struct.h | 914 ++++++
drivers/net/macsec.c | 452 ++-
include/linux/netdev_features.h | 3 +
include/linux/netdevice.h | 9 +
include/net/macsec.h | 29 +-
include/uapi/linux/if_link.h | 1 +
net/ethtool/common.c | 1 +
tools/include/uapi/linux/if_link.h | 1 +
23 files changed, 6411 insertions(+), 181 deletions(-)
create mode 100644 drivers/net/ethernet/aquantia/atlantic/aq_macsec.c
create mode 100644 drivers/net/ethernet/aquantia/atlantic/aq_macsec.h
create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/MSS_Egress_registers.h
create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/MSS_Ingress_registers.h
create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.c
create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_api.h
create mode 100644 drivers/net/ethernet/aquantia/atlantic/macsec/macsec_struct.h
--
2.17.1
next reply other threads:[~2020-03-25 12:52 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-25 12:52 Igor Russkikh [this message]
2020-03-25 12:52 ` [PATCH v2 net-next 01/17] net: introduce the MACSEC netdev feature Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 02/17] net: add a reference to MACsec ops in net_device Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 03/17] net: macsec: allow to reference a netdev from a MACsec context Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 04/17] net: macsec: add support for offloading to the MAC Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 05/17] net: macsec: init secy pointer in macsec_context Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 06/17] net: macsec: allow multiple macsec devices with offload Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 07/17] net: macsec: support multicast/broadcast when offloading Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 08/17] net: macsec: add support for getting offloaded stats Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 09/17] net: macsec: report real_dev features when HW offloading is enabled Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 10/17] net: atlantic: MACSec offload skeleton Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 11/17] net: atlantic: MACSec egress offload HW bindings Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 12/17] net: atlantic: MACSec egress offload implementation Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 13/17] net: atlantic: MACSec ingress offload HW bindings Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 14/17] net: atlantic: MACSec ingress offload implementation Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 15/17] net: atlantic: MACSec offload statistics HW bindings Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 16/17] net: atlantic: MACSec offload statistics implementation Igor Russkikh
2020-03-25 12:52 ` [PATCH v2 net-next 17/17] net: atlantic: add XPN handling Igor Russkikh
2020-03-27 3:18 ` [PATCH v2 net-next 00/17] net: atlantic: MACSec support for AQC devices David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200325125246.987-1-irusskikh@marvell.com \
--to=irusskikh@marvell.com \
--cc=antoine.tenart@bootlin.com \
--cc=mstarovoitov@marvell.com \
--cc=netdev@vger.kernel.org \
--cc=sd@queasysnail.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).