macsec: add support for IFLA_MACSEC_OFFLOAD in macsec_changelink
Add support for changing Macsec offload selection through the
netlink layer by implementing the relevant changes in
macsec_changelink.
Since the handling in macsec_changelink is similar to macsec_upd_offload,
update macsec_upd_offload to use a common helper function to avoid
duplication.
Example for setting offload for a macsec device:
ip link set macsec0 type macsec offload mac
Signed-off-by: Emeel Hakim <ehakim@nvidia.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Emeel Hakim
Jakub Kicinski
parent
5bee990f49
commit
15f1735520
@ -2583,18 +2583,58 @@ static bool macsec_is_configured(struct macsec_dev *macsec)
|
||||
return false;
|
||||
}
|
||||
|
||||
static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
|
||||
static int macsec_update_offload(struct net_device *dev, enum macsec_offload offload)
|
||||
{
|
||||
struct nlattr *tb_offload[MACSEC_OFFLOAD_ATTR_MAX + 1];
|
||||
enum macsec_offload offload, prev_offload;
|
||||
int (*func)(struct macsec_context *ctx);
|
||||
struct nlattr **attrs = info->attrs;
|
||||
struct net_device *dev;
|
||||
enum macsec_offload prev_offload;
|
||||
const struct macsec_ops *ops;
|
||||
struct macsec_context ctx;
|
||||
struct macsec_dev *macsec;
|
||||
int ret = 0;
|
||||
|
||||
macsec = macsec_priv(dev);
|
||||
|
||||
/* Check if the offloading mode is supported by the underlying layers */
|
||||
if (offload != MACSEC_OFFLOAD_OFF &&
|
||||
!macsec_check_offload(offload, macsec))
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
/* Check if the net device is busy. */
|
||||
if (netif_running(dev))
|
||||
return -EBUSY;
|
||||
|
||||
/* Check if the device already has rules configured: we do not support
|
||||
* rules migration.
|
||||
*/
|
||||
if (macsec_is_configured(macsec))
|
||||
return -EBUSY;
|
||||
|
||||
prev_offload = macsec->offload;
|
||||
|
||||
ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : offload,
|
||||
macsec, &ctx);
|
||||
if (!ops)
|
||||
return -EOPNOTSUPP;
|
||||
|
||||
macsec->offload = offload;
|
||||
|
||||
ctx.secy = &macsec->secy;
|
||||
ret = offload == MACSEC_OFFLOAD_OFF ? macsec_offload(ops->mdo_del_secy, &ctx)
|
||||
: macsec_offload(ops->mdo_add_secy, &ctx);
|
||||
if (ret)
|
||||
macsec->offload = prev_offload;
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
|
||||
{
|
||||
struct nlattr *tb_offload[MACSEC_OFFLOAD_ATTR_MAX + 1];
|
||||
struct nlattr **attrs = info->attrs;
|
||||
enum macsec_offload offload;
|
||||
struct macsec_dev *macsec;
|
||||
struct net_device *dev;
|
||||
int ret = 0;
|
||||
|
||||
if (!attrs[MACSEC_ATTR_IFINDEX])
|
||||
return -EINVAL;
|
||||
|
||||
@ -2621,55 +2661,9 @@ static int macsec_upd_offload(struct sk_buff *skb, struct genl_info *info)
|
||||
}
|
||||
|
||||
offload = nla_get_u8(tb_offload[MACSEC_OFFLOAD_ATTR_TYPE]);
|
||||
if (macsec->offload == offload)
|
||||
goto out;
|
||||
|
||||
/* Check if the offloading mode is supported by the underlying layers */
|
||||
if (offload != MACSEC_OFFLOAD_OFF &&
|
||||
!macsec_check_offload(offload, macsec)) {
|
||||
ret = -EOPNOTSUPP;
|
||||
goto out;
|
||||
}
|
||||
|
||||
/* Check if the net device is busy. */
|
||||
if (netif_running(dev)) {
|
||||
ret = -EBUSY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
prev_offload = macsec->offload;
|
||||
macsec->offload = offload;
|
||||
|
||||
/* Check if the device already has rules configured: we do not support
|
||||
* rules migration.
|
||||
*/
|
||||
if (macsec_is_configured(macsec)) {
|
||||
ret = -EBUSY;
|
||||
goto rollback;
|
||||
}
|
||||
|
||||
ops = __macsec_get_ops(offload == MACSEC_OFFLOAD_OFF ? prev_offload : offload,
|
||||
macsec, &ctx);
|
||||
if (!ops) {
|
||||
ret = -EOPNOTSUPP;
|
||||
goto rollback;
|
||||
}
|
||||
|
||||
if (prev_offload == MACSEC_OFFLOAD_OFF)
|
||||
func = ops->mdo_add_secy;
|
||||
else
|
||||
func = ops->mdo_del_secy;
|
||||
|
||||
ctx.secy = &macsec->secy;
|
||||
ret = macsec_offload(func, &ctx);
|
||||
if (ret)
|
||||
goto rollback;
|
||||
|
||||
rtnl_unlock();
|
||||
return 0;
|
||||
|
||||
rollback:
|
||||
macsec->offload = prev_offload;
|
||||
if (macsec->offload != offload)
|
||||
ret = macsec_update_offload(dev, offload);
|
||||
out:
|
||||
rtnl_unlock();
|
||||
return ret;
|
||||
@ -3817,6 +3811,8 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[],
|
||||
struct netlink_ext_ack *extack)
|
||||
{
|
||||
struct macsec_dev *macsec = macsec_priv(dev);
|
||||
bool macsec_offload_state_change = false;
|
||||
enum macsec_offload offload;
|
||||
struct macsec_tx_sc tx_sc;
|
||||
struct macsec_secy secy;
|
||||
int ret;
|
||||
@ -3840,8 +3836,18 @@ static int macsec_changelink(struct net_device *dev, struct nlattr *tb[],
|
||||
if (ret)
|
||||
goto cleanup;
|
||||
|
||||
if (data[IFLA_MACSEC_OFFLOAD]) {
|
||||
offload = nla_get_u8(data[IFLA_MACSEC_OFFLOAD]);
|
||||
if (macsec->offload != offload) {
|
||||
macsec_offload_state_change = true;
|
||||
ret = macsec_update_offload(dev, offload);
|
||||
if (ret)
|
||||
goto cleanup;
|
||||
}
|
||||
}
|
||||
|
||||
/* If h/w offloading is available, propagate to the device */
|
||||
if (macsec_is_offloaded(macsec)) {
|
||||
if (!macsec_offload_state_change && macsec_is_offloaded(macsec)) {
|
||||
const struct macsec_ops *ops;
|
||||
struct macsec_context ctx;
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user