[PATCH 2/2] macsec_linux: Add support for MACsec hardware offload
Emeel Hakim
ehakim at nvidia.com
Wed Feb 15 00:01:15 PST 2023
++ sd at queasysnail.net add missing maintainer of relevant subsystem
> -----Original Message-----
> From: Emeel Hakim <ehakim at nvidia.com>
> Sent: Tuesday, 14 February 2023 10:27
> To: hostap at lists.infradead.org
> Cc: Emeel Hakim <ehakim at nvidia.com>
> Subject: [PATCH 2/2] macsec_linux: Add support for MACsec hardware offload
>
> This uses libnl3 to communicate with the macsec module available on Linux. A
> recent enough version of libnl is needed for the hardware offload support.
>
> Signed-off-by: Emeel Hakim <ehakim at nvidia.com>
> ---
> src/drivers/driver_macsec_linux.c | 34 +++++++++++++++++++++++++++++++
> 1 file changed, 34 insertions(+)
>
> diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c
> index b609bbf38..ac34d7ed9 100644
> --- a/src/drivers/driver_macsec_linux.c
> +++ b/src/drivers/driver_macsec_linux.c
> @@ -73,6 +73,9 @@ struct macsec_drv_data {
> bool replay_protect;
> bool replay_protect_set;
>
> + enum macsec_offload offload;
> + bool offload_set;
> +
> u32 replay_window;
>
> u8 encoding_sa;
> @@ -228,6 +231,14 @@ static int try_commit(struct macsec_drv_data *drv)
> drv->replay_window);
> }
>
> + if (drv->offload_set) {
> + wpa_printf(MSG_DEBUG, DRV_PREFIX
> + "%s: try_commit offload=%d",
> + drv->ifname, drv->offload);
> + rtnl_link_macsec_set_offload(drv->link,
> + drv->offload);
> + }
> +
> if (drv->encoding_sa_set) {
> wpa_printf(MSG_DEBUG, DRV_PREFIX
> "%s: try_commit encoding_sa=%d",
> @@ -455,6 +466,28 @@ static int macsec_drv_set_replay_protect(void *priv, bool
> enabled, }
>
>
> +/**
> + * macsec_drv_set_offload - Set offload status
> + * @priv: Private driver interface data
> + * @offload: 0 = MACSEC_OFFLOAD_OFF
> + * 1 = MACSEC_OFFLOAD_PHY
> + * 2 = MACSEC_OFFLOAD_MAC
> + * Returns: 0 on success, -1 on failure (or if not supported) */
> +static int macsec_drv_set_offload(void *priv, u8 offload) {
> + struct macsec_drv_data *drv = priv;
> +
> +
> + wpa_printf(MSG_DEBUG, "%s -> %02" PRIx8, __func__, offload);
> +
> + drv->offload_set = true;
> + drv->offload = offload;
> +
> + return try_commit(drv);
> +}
> +
> +
> /**
> * macsec_drv_set_current_cipher_suite - Set current cipher suite
> * @priv: Private driver interface data @@ -1648,6 +1681,7 @@ const struct
> wpa_driver_ops wpa_driver_macsec_linux_ops = {
> .enable_protect_frames = macsec_drv_enable_protect_frames,
> .enable_encrypt = macsec_drv_enable_encrypt,
> .set_replay_protect = macsec_drv_set_replay_protect,
> + .set_offload = macsec_drv_set_offload,
> .set_current_cipher_suite = macsec_drv_set_current_cipher_suite,
> .enable_controlled_port = macsec_drv_enable_controlled_port,
> .get_receive_lowest_pn = macsec_drv_get_receive_lowest_pn,
> --
> 2.21.3
More information about the Hostap
mailing list