Hi Andrew, On Tue, Aug 13, 2019 at 06:28:23PM +0200, Andrew Lunn wrote: > > 1) With current implementation it's impossible to install SW macsec engine > > onto > > the device which supports HW offload. That could be a strong limitation in > > cases when user sees HW macsec offload is broken or work differently, and > > he/she > > wants to replace it with SW one. > > MACSec is a complex feature, and it may happen something is missing in HW. > > Trivial example is 256bit encryption, which is not always a musthave in HW > > implementations. > > It would also be nice to add extra information to the netlink API to > indicate if HW or SW is being used. In other places where we offload > to accelerators we have such additional information.
Agreed, in addition to being able to enable/disable the offloading we should have a way to know if a MACsec interface is being offloaded or not. Thanks! Antoine -- Antoine Ténart, Bootlin Embedded Linux and Kernel engineering https://bootlin.com
