提交 0a28bfd4 编写于 作者: L Lior Nahmanson 提交者: David S. Miller

net/macsec: Add MACsec skb_metadata_dst Tx Data path support

In the current MACsec offload implementation, MACsec interfaces shares
the same MAC address by default.
Therefore, HW can't distinguish from which MACsec interface the traffic
originated from.

MACsec stack will use skb_metadata_dst to store the SCI value, which is
unique per Macsec interface, skb_metadat_dst will be used by the
offloading device driver to associate the SKB with the corresponding
offloaded interface (SCI).
Signed-off-by: NLior Nahmanson <liorna@nvidia.com>
Reviewed-by: NRaed Salem <raeds@nvidia.com>
Signed-off-by: NSaeed Mahameed <saeedm@nvidia.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 da7d8e65
...@@ -18,6 +18,7 @@ ...@@ -18,6 +18,7 @@
#include <net/sock.h> #include <net/sock.h>
#include <net/gro_cells.h> #include <net/gro_cells.h>
#include <net/macsec.h> #include <net/macsec.h>
#include <net/dst_metadata.h>
#include <linux/phy.h> #include <linux/phy.h>
#include <linux/byteorder/generic.h> #include <linux/byteorder/generic.h>
#include <linux/if_arp.h> #include <linux/if_arp.h>
...@@ -3416,6 +3417,11 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb, ...@@ -3416,6 +3417,11 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
int ret, len; int ret, len;
if (macsec_is_offloaded(netdev_priv(dev))) { if (macsec_is_offloaded(netdev_priv(dev))) {
struct metadata_dst *md_dst = secy->tx_sc.md_dst;
skb_dst_drop(skb);
dst_hold(&md_dst->dst);
skb_dst_set(skb, &md_dst->dst);
skb->dev = macsec->real_dev; skb->dev = macsec->real_dev;
return dev_queue_xmit(skb); return dev_queue_xmit(skb);
} }
...@@ -3743,6 +3749,7 @@ static void macsec_free_netdev(struct net_device *dev) ...@@ -3743,6 +3749,7 @@ static void macsec_free_netdev(struct net_device *dev)
{ {
struct macsec_dev *macsec = macsec_priv(dev); struct macsec_dev *macsec = macsec_priv(dev);
metadata_dst_free(macsec->secy.tx_sc.md_dst);
free_percpu(macsec->stats); free_percpu(macsec->stats);
free_percpu(macsec->secy.tx_sc.stats); free_percpu(macsec->secy.tx_sc.stats);
...@@ -4015,6 +4022,13 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len) ...@@ -4015,6 +4022,13 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
return -ENOMEM; return -ENOMEM;
} }
secy->tx_sc.md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL);
if (!secy->tx_sc.md_dst) {
free_percpu(secy->tx_sc.stats);
free_percpu(macsec->stats);
return -ENOMEM;
}
if (sci == MACSEC_UNDEF_SCI) if (sci == MACSEC_UNDEF_SCI)
sci = dev_to_sci(dev, MACSEC_PORT_ES); sci = dev_to_sci(dev, MACSEC_PORT_ES);
...@@ -4028,6 +4042,7 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len) ...@@ -4028,6 +4042,7 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
secy->xpn = DEFAULT_XPN; secy->xpn = DEFAULT_XPN;
secy->sci = sci; secy->sci = sci;
secy->tx_sc.md_dst->u.macsec_info.sci = sci;
secy->tx_sc.active = true; secy->tx_sc.active = true;
secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA; secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA;
secy->tx_sc.encrypt = DEFAULT_ENCRYPT; secy->tx_sc.encrypt = DEFAULT_ENCRYPT;
......
...@@ -4,11 +4,13 @@ ...@@ -4,11 +4,13 @@
#include <linux/skbuff.h> #include <linux/skbuff.h>
#include <net/ip_tunnels.h> #include <net/ip_tunnels.h>
#include <net/macsec.h>
#include <net/dst.h> #include <net/dst.h>
enum metadata_type { enum metadata_type {
METADATA_IP_TUNNEL, METADATA_IP_TUNNEL,
METADATA_HW_PORT_MUX, METADATA_HW_PORT_MUX,
METADATA_MACSEC,
}; };
struct hw_port_info { struct hw_port_info {
...@@ -16,12 +18,17 @@ struct hw_port_info { ...@@ -16,12 +18,17 @@ struct hw_port_info {
u32 port_id; u32 port_id;
}; };
struct macsec_info {
sci_t sci;
};
struct metadata_dst { struct metadata_dst {
struct dst_entry dst; struct dst_entry dst;
enum metadata_type type; enum metadata_type type;
union { union {
struct ip_tunnel_info tun_info; struct ip_tunnel_info tun_info;
struct hw_port_info port_info; struct hw_port_info port_info;
struct macsec_info macsec_info;
} u; } u;
}; };
...@@ -82,6 +89,9 @@ static inline int skb_metadata_dst_cmp(const struct sk_buff *skb_a, ...@@ -82,6 +89,9 @@ static inline int skb_metadata_dst_cmp(const struct sk_buff *skb_a,
return memcmp(&a->u.tun_info, &b->u.tun_info, return memcmp(&a->u.tun_info, &b->u.tun_info,
sizeof(a->u.tun_info) + sizeof(a->u.tun_info) +
a->u.tun_info.options_len); a->u.tun_info.options_len);
case METADATA_MACSEC:
return memcmp(&a->u.macsec_info, &b->u.macsec_info,
sizeof(a->u.macsec_info));
default: default:
return 1; return 1;
} }
......
...@@ -19,6 +19,8 @@ ...@@ -19,6 +19,8 @@
typedef u64 __bitwise sci_t; typedef u64 __bitwise sci_t;
typedef u32 __bitwise ssci_t; typedef u32 __bitwise ssci_t;
struct metadata_dst;
typedef union salt { typedef union salt {
struct { struct {
u32 ssci; u32 ssci;
...@@ -182,6 +184,7 @@ struct macsec_tx_sa { ...@@ -182,6 +184,7 @@ struct macsec_tx_sa {
* @scb: single copy broadcast flag * @scb: single copy broadcast flag
* @sa: array of secure associations * @sa: array of secure associations
* @stats: stats for this TXSC * @stats: stats for this TXSC
* @md_dst: MACsec offload metadata dst
*/ */
struct macsec_tx_sc { struct macsec_tx_sc {
bool active; bool active;
...@@ -192,6 +195,7 @@ struct macsec_tx_sc { ...@@ -192,6 +195,7 @@ struct macsec_tx_sc {
bool scb; bool scb;
struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN]; struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN];
struct pcpu_tx_sc_stats __percpu *stats; struct pcpu_tx_sc_stats __percpu *stats;
struct metadata_dst *md_dst;
}; };
/** /**
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册