[PATCH 2/2] macsec_linux: Add support for MACsec hardware offload

Benny Lønstrup Ammitzbøll benny at ammitzboell-consult.dk
Wed Feb 22 00:15:29 PST 2023

I provided a similar patch earlier where the question was asked "why 
does the user need to configure this?" which I found was a valid point 
so I made a second patch that would try first to enable HW offload and 
if that failed would fallback to SW MACsec.

So why is it now a good idea to have this configurable? Fine with me, 
but I'm curious.


On 21.02.2023 18.50, Jouni Malinen wrote:
> On Tue, Feb 21, 2023 at 06:57:51PM +0200, Jouni Malinen wrote:
>> On Wed, Feb 15, 2023 at 08:01:15AM +0000, Emeel Hakim wrote:
>>>> This uses libnl3 to communicate with the macsec module available on Linux. A
>>>> recent enough version of libnl is needed for the hardware offload support.
>>>> diff --git a/src/drivers/driver_macsec_linux.c b/src/drivers/driver_macsec_linux.c
>>>> +		rtnl_link_macsec_set_offload(drv->link,
>>>> +					     drv->offload);
>> This breaks the build for commonly used libnl versions and as such,
>> needs some kind of conditional build option to avoid that. Maybe
>> something based on LIBNL_VER_* unless there is a more convenient option.
> It was actually straightforward to do that with LIBNL_VER_NUM and
> LIBNL_VER(), so I applied these two patches with that conditional build
> support added.

More information about the Hostap mailing list