On 1/23/19 7:56 AM, Antoine Tenart wrote:
> This patch introduces a net_device_ops MACsec helper to allow net device
> drivers to implement a MACsec offloading solution.
>
> Signed-off-by: Antoine Tenart <antoine.ten...@bootlin.com>
> ---
> include/linux/netdevice.h | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
> index e675ef97a426..ee2f40dca515 100644
> --- a/include/linux/netdevice.h
> +++ b/include/linux/netdevice.h
> @@ -53,6 +53,10 @@
> #include <uapi/linux/pkt_cls.h>
> #include <linux/hashtable.h>
>
> +#ifdef CONFIG_MACSEC
> +#include <net/macsec.h>
> +#endif
You can provide a forward declaration for struct netdev_macsec and not
have to include that header file.
> +
> struct netpoll_info;
> struct device;
> struct phy_device;
> @@ -1441,6 +1445,10 @@ struct net_device_ops {
> u32 flags);
> int (*ndo_xsk_async_xmit)(struct net_device *dev,
> u32 queue_id);
> +#ifdef CONFIG_MACSEC
> + int (*ndo_macsec)(struct net_device *dev,
> + struct netdev_macsec *macsec);
You would really want to define an API which is more oriented towards
configuring/deconfiguring a MACsec association here, e.g.: similar to
what the IPsec offload ndos offer.
It is not clear to me whether after your patch series we still need to
create a macsec virtual device, and that gets offloaded onto its real
device/PHY device, or if we don't need that all?
--
Florian
