[PATCH 2/2] macsec_linux: Add support for MACsec hardware offload

Jouni Malinen j at w1.fi
Wed Feb 22 02:14:23 PST 2023

On Wed, Feb 22, 2023 at 09:15:29AM +0100, Benny Lønstrup Ammitzbøll wrote:
> I provided a similar patch earlier where the question was asked "why does
> the user need to configure this?" which I found was a valid point so I made
> a second patch that would try first to enable HW offload and if that failed
> would fallback to SW MACsec.
> So why is it now a good idea to have this configurable? Fine with me, but
> I'm curious.

Maybe due to not remembering and mixing two contributions and there
being no pending patch in the queue for doing this differently.. I'm not
convinced this is good to require/need configuration, but I have no
convenient ways of testing this myself and I don't fully understand how
and why the kernel interface for offload was designed in this manner for
MACsec. As such, it felt safer to get things available for testing in
this manner. Anyway, I'd welcome a followup patch to allow the offload
mechanism to be enabled automatically based on kernel/driver/hardware

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list