leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'macsec-hw-offload'

Browse Source 
Antoine Tenart says:

====================
net: macsec: initial support for hardware offloading

This series intends to add support for offloading MACsec transformations
to hardware enabled devices. The series adds the necessary
infrastructure for offloading MACsec configurations to hardware drivers,
in patches 1 to 5; then introduces MACsec offloading support in the
Microsemi MSCC PHY driver, in patches 6 to 10.

The series can also be found at:
https://github.com/atenart/linux/tree/net-next/macsec

IProute2 modifications can be found at:
https://github.com/atenart/iproute2/tree/macsec

MACsec hardware offloading infrastructure
-----------------------------------------

Linux has a software implementation of the MACsec standard. There are
hardware engines supporting MACsec operations, such as the Intel ixgbe
NIC and some Microsemi PHYs (the one we use in this series). This means
the MACsec offloading infrastructure should support networking PHY and
MAC drivers. Note that MAC driver preliminary support is part of this
series, but should not be merged before we actually have a provider for
this.

We do intend in this series to re-use the logic, netlink API and data
structures of the existing MACsec software implementation. This allows
not to duplicate definitions and structure storing the same information;
as well as using the same userspace tools to configure both software or
hardware offloaded MACsec flows (with `ip macsec`).

When adding a new MACsec virtual interface the existing logic is kept:
offloading is disabled by default. A user driven configuration choice is
needed to switch to offloading mode (a patch in iproute2 is needed for
this). A single MACsec interface can be offloaded for now, and some
limitations are there: no flow can be moved from one implementation to
the other so the decision needs to be done before configuring the
interface.

MACsec offloading ops are called in 2 steps: a preparation one, and a
commit one. The first step is allowed to fail and should be used to
check if a provided configuration is compatible with a given MACsec
capable hardware. The second step is not allowed to fail and should
only be used to enable a given MACsec configuration.

A limitation as of now is the counters and statistics are not reported
back from the hardware to the software MACsec implementation. This
isn't an issue when using offloaded MACsec transformations, but it
should be added in the future so that the MACsec state can be reported
to the user (which would also improve the debug).

Microsemi PHY MACsec support
----------------------------

In order to add support for the MACsec offloading feature in the
Microsemi MSCC PHY driver, the __phy_read_page and __phy_write_page
helpers had to be exported. This is because the initialization of the
PHY is done while holding the MDIO bus lock, and we need to change the
page to configure the MACsec block.

The support itself is then added in three patches. The first one adds
support for configuring the MACsec block within the PHY, so that it is
up, running and available for future configuration, but is not doing any
modification on the traffic passing through the PHY. The second patch
implements the phy_device MACsec ops in the Microsemi MSCC PHY driver,
and introduce helpers to configure MACsec transformations and flows to
match specific packets. The last one adds support for PN rollover.

Thanks!
Antoine

Since v5:
  - Fixed a compilation issue due to an inclusion from an UAPI header.
  - Added an EXPORT_SYMBOL_GPL for the PN rollover helper, to fix module
    compilation issues.
  - Added a dependency for the MSCC driver on MACSEC || MACSEC=n.
  - Removed the patches including the MAC offloading support as they are
    not to be applied for now.

Since v4:
  - Reworked the MACsec read and write functions in the MSCC PHY driver
    to remove the conditional locking.

Since v3:
  - Fixed a check when enabling offloading that was too restrictive.
  - Fixed the propagation of the changelink event to the underlying
    device drivers.

Since v2:
  - Allow selection the offloading from userspace, defaulting to the
    software implementation when adding a new MACsec interface. The
    offloading mode is now also reported through netlink.
  - Added support for letting MKA packets in and out when using MACsec
    (there are rules to let them bypass the MACsec h/w engine within the
    PHY).
  - Added support for PN rollover (following what's currently done in
    the software implementation: the flow is disabled).
  - Split patches to remove MAC offloading support for now, as there are
    no current provider for this (patches are still included).
  - Improved a few parts of the MACsec support within the MSCC PHY
    driver (e.g. default rules now block non-MACsec traffic, depending
    on the configuration).
  - Many cosmetic fixes & small improvements.

Since v1:
  - Reworked the MACsec offloading API, moving from a single helper
    called for all MACsec configuration operations, to a per-operation
    function that is provided by the underlying hardware drivers.
  - Those functions now contain a verb to describe the configuration
    action they're offloading.
  - Improved the error handling in the MACsec genl helpers to revert
    the configuration to its previous state when the offloading call
    failed.
  - Reworked the file inclusions.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2020-01-14 11:31:41 -08:00
commit ec22ab0075
11 changed files with 2485 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

787
drivers/net/macsec.c
View File

File diff suppressed because it is too large Load Diff

3
drivers/net/phy/Kconfig
View File

@ -437,6 +437,9 @@ config MICROCHIP_T1_PHY
config MICROSEMI_PHY
tristate "Microsemi PHYs"
depends on MACSEC || MACSEC=n
select CRYPTO_AES
select CRYPTO_ECB
---help---
Currently supports VSC8514, VSC8530, VSC8531, VSC8540 and VSC8541 PHYs

1133
drivers/net/phy/mscc.c
View File

File diff suppressed because it is too large Load Diff

64
drivers/net/phy/mscc_fc_buffer.h Normal file
View File

@ -0,0 +1,64 @@
/* SPDX-License-Identifier: (GPL-2.0 OR MIT) */
/*
* Microsemi Ocelot Switch driver
*
* Copyright (C) 2019 Microsemi Corporation
*/
#ifndef _MSCC_OCELOT_FC_BUFFER_H_
#define _MSCC_OCELOT_FC_BUFFER_H_
#define MSCC_FCBUF_ENA_CFG 0x00
#define MSCC_FCBUF_MODE_CFG 0x01
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG 0x02
#define MSCC_FCBUF_TX_CTRL_QUEUE_CFG 0x03
#define MSCC_FCBUF_TX_DATA_QUEUE_CFG 0x04
#define MSCC_FCBUF_RX_DATA_QUEUE_CFG 0x05
#define MSCC_FCBUF_TX_BUFF_XON_XOFF_THRESH_CFG 0x06
#define MSCC_FCBUF_FC_READ_THRESH_CFG 0x07
#define MSCC_FCBUF_TX_FRM_GAP_COMP 0x08
#define MSCC_FCBUF_ENA_CFG_TX_ENA BIT(0)
#define MSCC_FCBUF_ENA_CFG_RX_ENA BIT(4)
#define MSCC_FCBUF_MODE_CFG_DROP_BEHAVIOUR BIT(4)
#define MSCC_FCBUF_MODE_CFG_PAUSE_REACT_ENA BIT(8)
#define MSCC_FCBUF_MODE_CFG_RX_PPM_RATE_ADAPT_ENA BIT(12)
#define MSCC_FCBUF_MODE_CFG_TX_PPM_RATE_ADAPT_ENA BIT(16)
#define MSCC_FCBUF_MODE_CFG_TX_CTRL_QUEUE_ENA BIT(20)
#define MSCC_FCBUF_MODE_CFG_PAUSE_GEN_ENA BIT(24)
#define MSCC_FCBUF_MODE_CFG_INCLUDE_PAUSE_RCVD_IN_PAUSE_GEN BIT(28)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_TX_THRESH(x) (x)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_TX_THRESH_M GENMASK(15, 0)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_TX_OFFSET(x) ((x) << 16)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_TX_OFFSET_M GENMASK(19, 16)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_RX_THRESH(x) ((x) << 20)
#define MSCC_FCBUF_PPM_RATE_ADAPT_THRESH_CFG_RX_THRESH_M GENMASK(31, 20)
#define MSCC_FCBUF_TX_CTRL_QUEUE_CFG_START(x) (x)
#define MSCC_FCBUF_TX_CTRL_QUEUE_CFG_START_M GENMASK(15, 0)
#define MSCC_FCBUF_TX_CTRL_QUEUE_CFG_END(x) ((x) << 16)
#define MSCC_FCBUF_TX_CTRL_QUEUE_CFG_END_M GENMASK(31, 16)
#define MSCC_FCBUF_TX_DATA_QUEUE_CFG_START(x) (x)
#define MSCC_FCBUF_TX_DATA_QUEUE_CFG_START_M GENMASK(15, 0)
#define MSCC_FCBUF_TX_DATA_QUEUE_CFG_END(x) ((x) << 16)
#define MSCC_FCBUF_TX_DATA_QUEUE_CFG_END_M GENMASK(31, 16)
#define MSCC_FCBUF_RX_DATA_QUEUE_CFG_START(x) (x)
#define MSCC_FCBUF_RX_DATA_QUEUE_CFG_START_M GENMASK(15, 0)
#define MSCC_FCBUF_RX_DATA_QUEUE_CFG_END(x) ((x) << 16)
#define MSCC_FCBUF_RX_DATA_QUEUE_CFG_END_M GENMASK(31, 16)
#define MSCC_FCBUF_TX_BUFF_XON_XOFF_THRESH_CFG_XOFF_THRESH(x) (x)
#define MSCC_FCBUF_TX_BUFF_XON_XOFF_THRESH_CFG_XOFF_THRESH_M GENMASK(15, 0)
#define MSCC_FCBUF_TX_BUFF_XON_XOFF_THRESH_CFG_XON_THRESH(x) ((x) << 16)
#define MSCC_FCBUF_TX_BUFF_XON_XOFF_THRESH_CFG_XON_THRESH_M GENMASK(31, 16)
#define MSCC_FCBUF_FC_READ_THRESH_CFG_TX_THRESH(x) (x)
#define MSCC_FCBUF_FC_READ_THRESH_CFG_TX_THRESH_M GENMASK(15, 0)
#define MSCC_FCBUF_FC_READ_THRESH_CFG_RX_THRESH(x) ((x) << 16)
#define MSCC_FCBUF_FC_READ_THRESH_CFG_RX_THRESH_M GENMASK(31, 16)
#endif

159
drivers/net/phy/mscc_mac.h Normal file
View File

@ -0,0 +1,159 @@
/* SPDX-License-Identifier: (GPL-2.0 OR MIT) */
/*
* Microsemi Ocelot Switch driver
*
* Copyright (c) 2017 Microsemi Corporation
*/
#ifndef _MSCC_OCELOT_LINE_MAC_H_
#define _MSCC_OCELOT_LINE_MAC_H_
#define MSCC_MAC_CFG_ENA_CFG 0x00
#define MSCC_MAC_CFG_MODE_CFG 0x01
#define MSCC_MAC_CFG_MAXLEN_CFG 0x02
#define MSCC_MAC_CFG_NUM_TAGS_CFG 0x03
#define MSCC_MAC_CFG_TAGS_CFG 0x04
#define MSCC_MAC_CFG_ADV_CHK_CFG 0x07
#define MSCC_MAC_CFG_LFS_CFG 0x08
#define MSCC_MAC_CFG_LB_CFG 0x09
#define MSCC_MAC_CFG_PKTINF_CFG 0x0a
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL 0x0b
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_2 0x0c
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL 0x0d
#define MSCC_MAC_PAUSE_CFG_STATE 0x0e
#define MSCC_MAC_PAUSE_CFG_MAC_ADDRESS_LSB 0x0f
#define MSCC_MAC_PAUSE_CFG_MAC_ADDRESS_MSB 0x10
#define MSCC_MAC_STATUS_RX_LANE_STICKY_0 0x11
#define MSCC_MAC_STATUS_RX_LANE_STICKY_1 0x12
#define MSCC_MAC_STATUS_TX_MONITOR_STICKY 0x13
#define MSCC_MAC_STATUS_TX_MONITOR_STICKY_MASK 0x14
#define MSCC_MAC_STATUS_STICKY 0x15
#define MSCC_MAC_STATUS_STICKY_MASK 0x16
#define MSCC_MAC_STATS_32BIT_RX_HIH_CKSM_ERR_CNT 0x17
#define MSCC_MAC_STATS_32BIT_RX_XGMII_PROT_ERR_CNT 0x18
#define MSCC_MAC_STATS_32BIT_RX_SYMBOL_ERR_CNT 0x19
#define MSCC_MAC_STATS_32BIT_RX_PAUSE_CNT 0x1a
#define MSCC_MAC_STATS_32BIT_RX_UNSUP_OPCODE_CNT 0x1b
#define MSCC_MAC_STATS_32BIT_RX_UC_CNT 0x1c
#define MSCC_MAC_STATS_32BIT_RX_MC_CNT 0x1d
#define MSCC_MAC_STATS_32BIT_RX_BC_CNT 0x1e
#define MSCC_MAC_STATS_32BIT_RX_CRC_ERR_CNT 0x1f
#define MSCC_MAC_STATS_32BIT_RX_UNDERSIZE_CNT 0x20
#define MSCC_MAC_STATS_32BIT_RX_FRAGMENTS_CNT 0x21
#define MSCC_MAC_STATS_32BIT_RX_IN_RANGE_LEN_ERR_CNT 0x22
#define MSCC_MAC_STATS_32BIT_RX_OUT_OF_RANGE_LEN_ERR_CNT 0x23
#define MSCC_MAC_STATS_32BIT_RX_OVERSIZE_CNT 0x24
#define MSCC_MAC_STATS_32BIT_RX_JABBERS_CNT 0x25
#define MSCC_MAC_STATS_32BIT_RX_SIZE64_CNT 0x26
#define MSCC_MAC_STATS_32BIT_RX_SIZE65TO127_CNT 0x27
#define MSCC_MAC_STATS_32BIT_RX_SIZE128TO255_CNT 0x28
#define MSCC_MAC_STATS_32BIT_RX_SIZE256TO511_CNT 0x29
#define MSCC_MAC_STATS_32BIT_RX_SIZE512TO1023_CNT 0x2a
#define MSCC_MAC_STATS_32BIT_RX_SIZE1024TO1518_CNT 0x2b
#define MSCC_MAC_STATS_32BIT_RX_SIZE1519TOMAX_CNT 0x2c
#define MSCC_MAC_STATS_32BIT_RX_IPG_SHRINK_CNT 0x2d
#define MSCC_MAC_STATS_32BIT_TX_PAUSE_CNT 0x2e
#define MSCC_MAC_STATS_32BIT_TX_UC_CNT 0x2f
#define MSCC_MAC_STATS_32BIT_TX_MC_CNT 0x30
#define MSCC_MAC_STATS_32BIT_TX_BC_CNT 0x31
#define MSCC_MAC_STATS_32BIT_TX_SIZE64_CNT 0x32
#define MSCC_MAC_STATS_32BIT_TX_SIZE65TO127_CNT 0x33
#define MSCC_MAC_STATS_32BIT_TX_SIZE128TO255_CNT 0x34
#define MSCC_MAC_STATS_32BIT_TX_SIZE256TO511_CNT 0x35
#define MSCC_MAC_STATS_32BIT_TX_SIZE512TO1023_CNT 0x36
#define MSCC_MAC_STATS_32BIT_TX_SIZE1024TO1518_CNT 0x37
#define MSCC_MAC_STATS_32BIT_TX_SIZE1519TOMAX_CNT 0x38
#define MSCC_MAC_STATS_40BIT_RX_BAD_BYTES_CNT 0x39
#define MSCC_MAC_STATS_40BIT_RX_BAD_BYTES_MSB_CNT 0x3a
#define MSCC_MAC_STATS_40BIT_RX_OK_BYTES_CNT 0x3b
#define MSCC_MAC_STATS_40BIT_RX_OK_BYTES_MSB_CNT 0x3c
#define MSCC_MAC_STATS_40BIT_RX_IN_BYTES_CNT 0x3d
#define MSCC_MAC_STATS_40BIT_RX_IN_BYTES_MSB_CNT 0x3e
#define MSCC_MAC_STATS_40BIT_TX_OK_BYTES_CNT 0x3f
#define MSCC_MAC_STATS_40BIT_TX_OK_BYTES_MSB_CNT 0x40
#define MSCC_MAC_STATS_40BIT_TX_OUT_BYTES_CNT 0x41
#define MSCC_MAC_STATS_40BIT_TX_OUT_BYTES_MSB_CNT 0x42
#define MSCC_MAC_CFG_ENA_CFG_RX_CLK_ENA BIT(0)
#define MSCC_MAC_CFG_ENA_CFG_TX_CLK_ENA BIT(4)
#define MSCC_MAC_CFG_ENA_CFG_RX_SW_RST BIT(8)
#define MSCC_MAC_CFG_ENA_CFG_TX_SW_RST BIT(12)
#define MSCC_MAC_CFG_ENA_CFG_RX_ENA BIT(16)
#define MSCC_MAC_CFG_ENA_CFG_TX_ENA BIT(20)
#define MSCC_MAC_CFG_MODE_CFG_FORCE_CW_UPDATE_INTERVAL(x) ((x) << 20)
#define MSCC_MAC_CFG_MODE_CFG_FORCE_CW_UPDATE_INTERVAL_M GENMASK(29, 20)
#define MSCC_MAC_CFG_MODE_CFG_FORCE_CW_UPDATE BIT(16)
#define MSCC_MAC_CFG_MODE_CFG_TUNNEL_PAUSE_FRAMES BIT(14)
#define MSCC_MAC_CFG_MODE_CFG_MAC_PREAMBLE_CFG(x) ((x) << 10)
#define MSCC_MAC_CFG_MODE_CFG_MAC_PREAMBLE_CFG_M GENMASK(12, 10)
#define MSCC_MAC_CFG_MODE_CFG_MAC_IPG_CFG BIT(6)
#define MSCC_MAC_CFG_MODE_CFG_XGMII_GEN_MODE_ENA BIT(4)
#define MSCC_MAC_CFG_MODE_CFG_HIH_CRC_CHECK BIT(2)
#define MSCC_MAC_CFG_MODE_CFG_UNDERSIZED_FRAME_DROP_DIS BIT(1)
#define MSCC_MAC_CFG_MODE_CFG_DISABLE_DIC BIT(0)
#define MSCC_MAC_CFG_MAXLEN_CFG_MAX_LEN_TAG_CHK BIT(16)
#define MSCC_MAC_CFG_MAXLEN_CFG_MAX_LEN(x) (x)
#define MSCC_MAC_CFG_MAXLEN_CFG_MAX_LEN_M GENMASK(15, 0)
#define MSCC_MAC_CFG_TAGS_CFG_RSZ 0x4
#define MSCC_MAC_CFG_TAGS_CFG_TAG_ID(x) ((x) << 16)
#define MSCC_MAC_CFG_TAGS_CFG_TAG_ID_M GENMASK(31, 16)
#define MSCC_MAC_CFG_TAGS_CFG_TAG_ENA BIT(4)
#define MSCC_MAC_CFG_ADV_CHK_CFG_EXT_EOP_CHK_ENA BIT(24)
#define MSCC_MAC_CFG_ADV_CHK_CFG_EXT_SOP_CHK_ENA BIT(20)
#define MSCC_MAC_CFG_ADV_CHK_CFG_SFD_CHK_ENA BIT(16)
#define MSCC_MAC_CFG_ADV_CHK_CFG_PRM_SHK_CHK_DIS BIT(12)
#define MSCC_MAC_CFG_ADV_CHK_CFG_PRM_CHK_ENA BIT(8)
#define MSCC_MAC_CFG_ADV_CHK_CFG_OOR_ERR_ENA BIT(4)
#define MSCC_MAC_CFG_ADV_CHK_CFG_INR_ERR_ENA BIT(0)
#define MSCC_MAC_CFG_LFS_CFG_LFS_INH_TX BIT(8)
#define MSCC_MAC_CFG_LFS_CFG_LFS_DIS_TX BIT(4)
#define MSCC_MAC_CFG_LFS_CFG_LFS_UNIDIR_ENA BIT(3)
#define MSCC_MAC_CFG_LFS_CFG_USE_LEADING_EDGE_DETECT BIT(2)
#define MSCC_MAC_CFG_LFS_CFG_SPURIOUS_Q_DIS BIT(1)
#define MSCC_MAC_CFG_LFS_CFG_LFS_MODE_ENA BIT(0)
#define MSCC_MAC_CFG_LB_CFG_XGMII_HOST_LB_ENA BIT(4)
#define MSCC_MAC_CFG_LB_CFG_XGMII_PHY_LB_ENA BIT(0)
#define MSCC_MAC_CFG_PKTINF_CFG_STRIP_FCS_ENA BIT(0)
#define MSCC_MAC_CFG_PKTINF_CFG_INSERT_FCS_ENA BIT(4)
#define MSCC_MAC_CFG_PKTINF_CFG_STRIP_PREAMBLE_ENA BIT(8)
#define MSCC_MAC_CFG_PKTINF_CFG_INSERT_PREAMBLE_ENA BIT(12)
#define MSCC_MAC_CFG_PKTINF_CFG_LPI_RELAY_ENA BIT(16)
#define MSCC_MAC_CFG_PKTINF_CFG_LF_RELAY_ENA BIT(20)
#define MSCC_MAC_CFG_PKTINF_CFG_RF_RELAY_ENA BIT(24)
#define MSCC_MAC_CFG_PKTINF_CFG_ENABLE_TX_PADDING BIT(25)
#define MSCC_MAC_CFG_PKTINF_CFG_ENABLE_RX_PADDING BIT(26)
#define MSCC_MAC_CFG_PKTINF_CFG_ENABLE_4BYTE_PREAMBLE BIT(27)
#define MSCC_MAC_CFG_PKTINF_CFG_MACSEC_BYPASS_NUM_PTP_STALL_CLKS(x) ((x) << 28)
#define MSCC_MAC_CFG_PKTINF_CFG_MACSEC_BYPASS_NUM_PTP_STALL_CLKS_M GENMASK(30, 28)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_VALUE(x) ((x) << 16)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_VALUE_M GENMASK(31, 16)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_WAIT_FOR_LPI_LOW BIT(12)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_USE_PAUSE_STALL_ENA BIT(8)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_REPL_MODE BIT(4)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_FRC_FRAME BIT(2)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_MODE(x) (x)
#define MSCC_MAC_PAUSE_CFG_TX_FRAME_CTRL_PAUSE_MODE_M GENMASK(1, 0)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_EARLY_PAUSE_DETECT_ENA BIT(16)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_PRE_CRC_MODE BIT(20)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_PAUSE_TIMER_ENA BIT(12)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_PAUSE_REACT_ENA BIT(8)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_PAUSE_FRAME_DROP_ENA BIT(4)
#define MSCC_MAC_PAUSE_CFG_RX_FRAME_CTRL_PAUSE_MODE BIT(0)
#define MSCC_MAC_PAUSE_CFG_STATE_PAUSE_STATE BIT(0)
#define MSCC_MAC_PAUSE_CFG_STATE_MAC_TX_PAUSE_GEN BIT(4)
#define MSCC_PROC_0_IP_1588_TOP_CFG_STAT_MODE_CTL 0x2
#define MSCC_PROC_0_IP_1588_TOP_CFG_STAT_MODE_CTL_PROTOCOL_MODE(x) (x)
#define MSCC_PROC_0_IP_1588_TOP_CFG_STAT_MODE_CTL_PROTOCOL_MODE_M GENMASK(2, 0)
#endif /* _MSCC_OCELOT_LINE_MAC_H_ */

266
drivers/net/phy/mscc_macsec.h Normal file
View File

@ -0,0 +1,266 @@
/* SPDX-License-Identifier: (GPL-2.0 OR MIT) */
/*
* Microsemi Ocelot Switch driver
*
* Copyright (c) 2018 Microsemi Corporation
*/
#ifndef _MSCC_OCELOT_MACSEC_H_
#define _MSCC_OCELOT_MACSEC_H_
#define MSCC_MS_MAX_FLOWS 16
#define CONTROL_TYPE_EGRESS 0x6
#define CONTROL_TYPE_INGRESS 0xf
#define CONTROL_IV0 BIT(5)
#define CONTROL_IV1 BIT(6)
#define CONTROL_IV2 BIT(7)
#define CONTROL_UPDATE_SEQ BIT(13)
#define CONTROL_IV_IN_SEQ BIT(14)
#define CONTROL_ENCRYPT_AUTH BIT(15)
#define CONTROL_KEY_IN_CTX BIT(16)
#define CONTROL_CRYPTO_ALG(x) ((x) << 17)
#define CTRYPTO_ALG_AES_CTR_128 0x5
#define CTRYPTO_ALG_AES_CTR_192 0x6
#define CTRYPTO_ALG_AES_CTR_256 0x7
#define CONTROL_DIGEST_TYPE(x) ((x) << 21)
#define CONTROL_AUTH_ALG(x) ((x) << 23)
#define AUTH_ALG_AES_GHAS 0x4
#define CONTROL_AN(x) ((x) << 26)
#define CONTROL_SEQ_TYPE(x) ((x) << 28)
#define CONTROL_SEQ_MASK BIT(30)
#define CONTROL_CONTEXT_ID BIT(31)
enum mscc_macsec_destination_ports {
MSCC_MS_PORT_COMMON = 0,
MSCC_MS_PORT_RSVD = 1,
MSCC_MS_PORT_CONTROLLED = 2,
MSCC_MS_PORT_UNCONTROLLED = 3,
};
enum mscc_macsec_drop_actions {
MSCC_MS_ACTION_BYPASS_CRC = 0,
MSCC_MS_ACTION_BYPASS_BAD = 1,
MSCC_MS_ACTION_DROP = 2,
MSCC_MS_ACTION_BYPASS = 3,
};
enum mscc_macsec_flow_types {
MSCC_MS_FLOW_BYPASS = 0,
MSCC_MS_FLOW_DROP = 1,
MSCC_MS_FLOW_INGRESS = 2,
MSCC_MS_FLOW_EGRESS = 3,
};
enum mscc_macsec_validate_levels {
MSCC_MS_VALIDATE_DISABLED = 0,
MSCC_MS_VALIDATE_CHECK = 1,
MSCC_MS_VALIDATE_STRICT = 2,
};
#define MSCC_MS_XFORM_REC(x, y) (((x) << 5) + (y))
#define MSCC_MS_ENA_CFG 0x800
#define MSCC_MS_FC_CFG 0x804
#define MSCC_MS_SAM_MAC_SA_MATCH_LO(x) (0x1000 + ((x) << 4))
#define MSCC_MS_SAM_MAC_SA_MATCH_HI(x) (0x1001 + ((x) << 4))
#define MSCC_MS_SAM_MISC_MATCH(x) (0x1004 + ((x) << 4))
#define MSCC_MS_SAM_MATCH_SCI_LO(x) (0x1005 + ((x) << 4))
#define MSCC_MS_SAM_MATCH_SCI_HI(x) (0x1006 + ((x) << 4))
#define MSCC_MS_SAM_MASK(x) (0x1007 + ((x) << 4))
#define MSCC_MS_SAM_ENTRY_SET1 0x1808
#define MSCC_MS_SAM_ENTRY_CLEAR1 0x180c
#define MSCC_MS_SAM_FLOW_CTRL(x) (0x1c00 + (x))
#define MSCC_MS_SAM_CP_TAG 0x1e40
#define MSCC_MS_SAM_NM_FLOW_NCP 0x1e51
#define MSCC_MS_SAM_NM_FLOW_CP 0x1e52
#define MSCC_MS_MISC_CONTROL 0x1e5f
#define MSCC_MS_COUNT_CONTROL 0x3204
#define MSCC_MS_PARAMS2_IG_CC_CONTROL 0x3a10
#define MSCC_MS_PARAMS2_IG_CP_TAG 0x3a14
#define MSCC_MS_VLAN_MTU_CHECK(x) (0x3c40 + (x))
#define MSCC_MS_NON_VLAN_MTU_CHECK 0x3c48
#define MSCC_MS_PP_CTRL 0x3c4b
#define MSCC_MS_STATUS_CONTEXT_CTRL 0x3d02
#define MSCC_MS_INTR_CTRL_STATUS 0x3d04
#define MSCC_MS_BLOCK_CTX_UPDATE 0x3d0c
#define MSCC_MS_AIC_CTRL 0x3e02
/* MACSEC_ENA_CFG */
#define MSCC_MS_ENA_CFG_CLK_ENA BIT(0)
#define MSCC_MS_ENA_CFG_SW_RST BIT(1)
#define MSCC_MS_ENA_CFG_MACSEC_BYPASS_ENA BIT(8)
#define MSCC_MS_ENA_CFG_MACSEC_ENA BIT(9)
#define MSCC_MS_ENA_CFG_MACSEC_SPEED_MODE(x) ((x) << 10)
#define MSCC_MS_ENA_CFG_MACSEC_SPEED_MODE_M GENMASK(12, 10)
/* MACSEC_FC_CFG */
#define MSCC_MS_FC_CFG_FCBUF_ENA BIT(0)
#define MSCC_MS_FC_CFG_USE_PKT_EXPANSION_INDICATION BIT(1)
#define MSCC_MS_FC_CFG_LOW_THRESH(x) ((x) << 4)
#define MSCC_MS_FC_CFG_LOW_THRESH_M GENMASK(7, 4)
#define MSCC_MS_FC_CFG_HIGH_THRESH(x) ((x) << 8)
#define MSCC_MS_FC_CFG_HIGH_THRESH_M GENMASK(11, 8)
#define MSCC_MS_FC_CFG_LOW_BYTES_VAL(x) ((x) << 12)
#define MSCC_MS_FC_CFG_LOW_BYTES_VAL_M GENMASK(14, 12)
#define MSCC_MS_FC_CFG_HIGH_BYTES_VAL(x) ((x) << 16)
#define MSCC_MS_FC_CFG_HIGH_BYTES_VAL_M GENMASK(18, 16)
/* MSCC_MS_SAM_MAC_SA_MATCH_HI */
#define MSCC_MS_SAM_MAC_SA_MATCH_HI_ETYPE(x) ((x) << 16)
#define MSCC_MS_SAM_MAC_SA_MATCH_HI_ETYPE_M GENMASK(31, 16)
/* MACSEC_SAM_MISC_MATCH */
#define MSCC_MS_SAM_MISC_MATCH_VLAN_VALID BIT(0)
#define MSCC_MS_SAM_MISC_MATCH_QINQ_FOUND BIT(1)
#define MSCC_MS_SAM_MISC_MATCH_STAG_VALID BIT(2)
#define MSCC_MS_SAM_MISC_MATCH_QTAG_VALID BIT(3)
#define MSCC_MS_SAM_MISC_MATCH_VLAN_UP(x) ((x) << 4)
#define MSCC_MS_SAM_MISC_MATCH_VLAN_UP_M GENMASK(6, 4)
#define MSCC_MS_SAM_MISC_MATCH_CONTROL_PACKET BIT(7)
#define MSCC_MS_SAM_MISC_MATCH_UNTAGGED BIT(8)
#define MSCC_MS_SAM_MISC_MATCH_TAGGED BIT(9)
#define MSCC_MS_SAM_MISC_MATCH_BAD_TAG BIT(10)
#define MSCC_MS_SAM_MISC_MATCH_KAY_TAG BIT(11)
#define MSCC_MS_SAM_MISC_MATCH_SOURCE_PORT(x) ((x) << 12)
#define MSCC_MS_SAM_MISC_MATCH_SOURCE_PORT_M GENMASK(13, 12)
#define MSCC_MS_SAM_MISC_MATCH_PRIORITY(x) ((x) << 16)
#define MSCC_MS_SAM_MISC_MATCH_PRIORITY_M GENMASK(19, 16)
#define MSCC_MS_SAM_MISC_MATCH_AN(x) ((x) << 24)
#define MSCC_MS_SAM_MISC_MATCH_TCI(x) ((x) << 26)
/* MACSEC_SAM_MASK */
#define MSCC_MS_SAM_MASK_MAC_SA_MASK(x) (x)
#define MSCC_MS_SAM_MASK_MAC_SA_MASK_M GENMASK(5, 0)
#define MSCC_MS_SAM_MASK_MAC_DA_MASK(x) ((x) << 6)
#define MSCC_MS_SAM_MASK_MAC_DA_MASK_M GENMASK(11, 6)
#define MSCC_MS_SAM_MASK_MAC_ETYPE_MASK BIT(12)
#define MSCC_MS_SAM_MASK_VLAN_VLD_MASK BIT(13)
#define MSCC_MS_SAM_MASK_QINQ_FOUND_MASK BIT(14)
#define MSCC_MS_SAM_MASK_STAG_VLD_MASK BIT(15)
#define MSCC_MS_SAM_MASK_QTAG_VLD_MASK BIT(16)
#define MSCC_MS_SAM_MASK_VLAN_UP_MASK BIT(17)
#define MSCC_MS_SAM_MASK_VLAN_ID_MASK BIT(18)
#define MSCC_MS_SAM_MASK_SOURCE_PORT_MASK BIT(19)
#define MSCC_MS_SAM_MASK_CTL_PACKET_MASK BIT(20)
#define MSCC_MS_SAM_MASK_VLAN_UP_INNER_MASK BIT(21)
#define MSCC_MS_SAM_MASK_VLAN_ID_INNER_MASK BIT(22)
#define MSCC_MS_SAM_MASK_SCI_MASK BIT(23)
#define MSCC_MS_SAM_MASK_AN_MASK(x) ((x) << 24)
#define MSCC_MS_SAM_MASK_TCI_MASK(x) ((x) << 26)
/* MACSEC_SAM_FLOW_CTRL_EGR */
#define MSCC_MS_SAM_FLOW_CTRL_FLOW_TYPE(x) (x)
#define MSCC_MS_SAM_FLOW_CTRL_FLOW_TYPE_M GENMASK(1, 0)
#define MSCC_MS_SAM_FLOW_CTRL_DEST_PORT(x) ((x) << 2)
#define MSCC_MS_SAM_FLOW_CTRL_DEST_PORT_M GENMASK(3, 2)
#define MSCC_MS_SAM_FLOW_CTRL_RESV_4 BIT(4)
#define MSCC_MS_SAM_FLOW_CTRL_FLOW_CRYPT_AUTH BIT(5)
#define MSCC_MS_SAM_FLOW_CTRL_DROP_ACTION(x) ((x) << 6)
#define MSCC_MS_SAM_FLOW_CTRL_DROP_ACTION_M GENMASK(7, 6)
#define MSCC_MS_SAM_FLOW_CTRL_RESV_15_TO_8(x) ((x) << 8)
#define MSCC_MS_SAM_FLOW_CTRL_RESV_15_TO_8_M GENMASK(15, 8)
#define MSCC_MS_SAM_FLOW_CTRL_PROTECT_FRAME BIT(16)
#define MSCC_MS_SAM_FLOW_CTRL_REPLAY_PROTECT BIT(16)
#define MSCC_MS_SAM_FLOW_CTRL_SA_IN_USE BIT(17)
#define MSCC_MS_SAM_FLOW_CTRL_INCLUDE_SCI BIT(18)
#define MSCC_MS_SAM_FLOW_CTRL_USE_ES BIT(19)
#define MSCC_MS_SAM_FLOW_CTRL_USE_SCB BIT(20)
#define MSCC_MS_SAM_FLOW_CTRL_VALIDATE_FRAMES(x) ((x) << 19)
#define MSCC_MS_SAM_FLOW_CTRL_TAG_BYPASS_SIZE(x) ((x) << 21)
#define MSCC_MS_SAM_FLOW_CTRL_TAG_BYPASS_SIZE_M GENMASK(22, 21)
#define MSCC_MS_SAM_FLOW_CTRL_RESV_23 BIT(23)
#define MSCC_MS_SAM_FLOW_CTRL_CONFIDENTIALITY_OFFSET(x) ((x) << 24)
#define MSCC_MS_SAM_FLOW_CTRL_CONFIDENTIALITY_OFFSET_M GENMASK(30, 24)
#define MSCC_MS_SAM_FLOW_CTRL_CONF_PROTECT BIT(31)
/* MACSEC_SAM_CP_TAG */
#define MSCC_MS_SAM_CP_TAG_MAP_TBL(x) (x)
#define MSCC_MS_SAM_CP_TAG_MAP_TBL_M GENMASK(23, 0)
#define MSCC_MS_SAM_CP_TAG_DEF_UP(x) ((x) << 24)
#define MSCC_MS_SAM_CP_TAG_DEF_UP_M GENMASK(26, 24)
#define MSCC_MS_SAM_CP_TAG_STAG_UP_EN BIT(27)
#define MSCC_MS_SAM_CP_TAG_QTAG_UP_EN BIT(28)
#define MSCC_MS_SAM_CP_TAG_PARSE_QINQ BIT(29)
#define MSCC_MS_SAM_CP_TAG_PARSE_STAG BIT(30)
#define MSCC_MS_SAM_CP_TAG_PARSE_QTAG BIT(31)
/* MACSEC_SAM_NM_FLOW_NCP */
#define MSCC_MS_SAM_NM_FLOW_NCP_UNTAGGED_FLOW_TYPE(x) (x)
#define MSCC_MS_SAM_NM_FLOW_NCP_UNTAGGED_DEST_PORT(x) ((x) << 2)
#define MSCC_MS_SAM_NM_FLOW_NCP_UNTAGGED_DROP_ACTION(x) ((x) << 6)
#define MSCC_MS_SAM_NM_FLOW_NCP_TAGGED_FLOW_TYPE(x) ((x) << 8)
#define MSCC_MS_SAM_NM_FLOW_NCP_TAGGED_DEST_PORT(x) ((x) << 10)
#define MSCC_MS_SAM_NM_FLOW_NCP_TAGGED_DROP_ACTION(x) ((x) << 14)
#define MSCC_MS_SAM_NM_FLOW_NCP_BADTAG_FLOW_TYPE(x) ((x) << 16)
#define MSCC_MS_SAM_NM_FLOW_NCP_BADTAG_DEST_PORT(x) ((x) << 18)
#define MSCC_MS_SAM_NM_FLOW_NCP_BADTAG_DROP_ACTION(x) ((x) << 22)
#define MSCC_MS_SAM_NM_FLOW_NCP_KAY_FLOW_TYPE(x) ((x) << 24)
#define MSCC_MS_SAM_NM_FLOW_NCP_KAY_DEST_PORT(x) ((x) << 26)
#define MSCC_MS_SAM_NM_FLOW_NCP_KAY_DROP_ACTION(x) ((x) << 30)
/* MACSEC_SAM_NM_FLOW_CP */
#define MSCC_MS_SAM_NM_FLOW_CP_UNTAGGED_FLOW_TYPE(x) (x)
#define MSCC_MS_SAM_NM_FLOW_CP_UNTAGGED_DEST_PORT(x) ((x) << 2)
#define MSCC_MS_SAM_NM_FLOW_CP_UNTAGGED_DROP_ACTION(x) ((x) << 6)
#define MSCC_MS_SAM_NM_FLOW_CP_TAGGED_FLOW_TYPE(x) ((x) << 8)
#define MSCC_MS_SAM_NM_FLOW_CP_TAGGED_DEST_PORT(x) ((x) << 10)
#define MSCC_MS_SAM_NM_FLOW_CP_TAGGED_DROP_ACTION(x) ((x) << 14)
#define MSCC_MS_SAM_NM_FLOW_CP_BADTAG_FLOW_TYPE(x) ((x) << 16)
#define MSCC_MS_SAM_NM_FLOW_CP_BADTAG_DEST_PORT(x) ((x) << 18)
#define MSCC_MS_SAM_NM_FLOW_CP_BADTAG_DROP_ACTION(x) ((x) << 22)
#define MSCC_MS_SAM_NM_FLOW_CP_KAY_FLOW_TYPE(x) ((x) << 24)
#define MSCC_MS_SAM_NM_FLOW_CP_KAY_DEST_PORT(x) ((x) << 26)
#define MSCC_MS_SAM_NM_FLOW_CP_KAY_DROP_ACTION(x) ((x) << 30)
/* MACSEC_MISC_CONTROL */
#define MSCC_MS_MISC_CONTROL_MC_LATENCY_FIX(x) (x)
#define MSCC_MS_MISC_CONTROL_MC_LATENCY_FIX_M GENMASK(5, 0)
#define MSCC_MS_MISC_CONTROL_STATIC_BYPASS BIT(8)
#define MSCC_MS_MISC_CONTROL_NM_MACSEC_EN BIT(9)
#define MSCC_MS_MISC_CONTROL_VALIDATE_FRAMES(x) ((x) << 10)
#define MSCC_MS_MISC_CONTROL_VALIDATE_FRAMES_M GENMASK(11, 10)
#define MSCC_MS_MISC_CONTROL_XFORM_REC_SIZE(x) ((x) << 24)
#define MSCC_MS_MISC_CONTROL_XFORM_REC_SIZE_M GENMASK(25, 24)
/* MACSEC_COUNT_CONTROL */
#define MSCC_MS_COUNT_CONTROL_RESET_ALL BIT(0)
#define MSCC_MS_COUNT_CONTROL_DEBUG_ACCESS BIT(1)
#define MSCC_MS_COUNT_CONTROL_SATURATE_CNTRS BIT(2)
#define MSCC_MS_COUNT_CONTROL_AUTO_CNTR_RESET BIT(3)
/* MACSEC_PARAMS2_IG_CC_CONTROL */
#define MSCC_MS_PARAMS2_IG_CC_CONTROL_NON_MATCH_CTRL_ACT BIT(14)
#define MSCC_MS_PARAMS2_IG_CC_CONTROL_NON_MATCH_ACT BIT(15)
/* MACSEC_PARAMS2_IG_CP_TAG */
#define MSCC_MS_PARAMS2_IG_CP_TAG_MAP_TBL(x) (x)
#define MSCC_MS_PARAMS2_IG_CP_TAG_MAP_TBL_M GENMASK(23, 0)
#define MSCC_MS_PARAMS2_IG_CP_TAG_DEF_UP(x) ((x) << 24)
#define MSCC_MS_PARAMS2_IG_CP_TAG_DEF_UP_M GENMASK(26, 24)
#define MSCC_MS_PARAMS2_IG_CP_TAG_STAG_UP_EN BIT(27)
#define MSCC_MS_PARAMS2_IG_CP_TAG_QTAG_UP_EN BIT(28)
#define MSCC_MS_PARAMS2_IG_CP_TAG_PARSE_QINQ BIT(29)
#define MSCC_MS_PARAMS2_IG_CP_TAG_PARSE_STAG BIT(30)
#define MSCC_MS_PARAMS2_IG_CP_TAG_PARSE_QTAG BIT(31)
/* MACSEC_VLAN_MTU_CHECK */
#define MSCC_MS_VLAN_MTU_CHECK_MTU_COMPARE(x) (x)
#define MSCC_MS_VLAN_MTU_CHECK_MTU_COMPARE_M GENMASK(14, 0)
#define MSCC_MS_VLAN_MTU_CHECK_MTU_COMP_DROP BIT(15)
/* MACSEC_NON_VLAN_MTU_CHECK */
#define MSCC_MS_NON_VLAN_MTU_CHECK_NV_MTU_COMPARE(x) (x)
#define MSCC_MS_NON_VLAN_MTU_CHECK_NV_MTU_COMPARE_M GENMASK(14, 0)
#define MSCC_MS_NON_VLAN_MTU_CHECK_NV_MTU_COMP_DROP BIT(15)
/* MACSEC_PP_CTRL */
#define MSCC_MS_PP_CTRL_MACSEC_OCTET_INCR_MODE BIT(0)
/* MACSEC_INTR_CTRL_STATUS */
#define MSCC_MS_INTR_CTRL_STATUS_INTR_CLR_STATUS(x) (x)
#define MSCC_MS_INTR_CTRL_STATUS_INTR_CLR_STATUS_M GENMASK(15, 0)
#define MSCC_MS_INTR_CTRL_STATUS_INTR_ENABLE(x) ((x) << 16)
#define MSCC_MS_INTR_CTRL_STATUS_INTR_ENABLE_M GENMASK(31, 16)
#define MACSEC_INTR_CTRL_STATUS_ROLLOVER BIT(5)
#endif

9
include/linux/phy.h
View File

@ -332,6 +332,9 @@ struct phy_c45_device_ids {
u32 device_ids[8];
};
struct macsec_context;
struct macsec_ops;
/* phy_device: An instance of a PHY
*
* drv: Pointer to the driver for this PHY instance
@ -354,6 +357,7 @@ struct phy_c45_device_ids {
* attached_dev: The attached enet driver's device instance ptr
* adjust_link: Callback for the enet controller to respond to
* changes in the link state.
* macsec_ops: MACsec offloading ops.
*
* speed, duplex, pause, supported, advertising, lp_advertising,
* and autoneg are used like in mii_if_info
@ -453,6 +457,11 @@ struct phy_device {
void (*phy_link_change)(struct phy_device *, bool up, bool do_carrier);
void (*adjust_link)(struct net_device *dev);
#if IS_ENABLED(CONFIG_MACSEC)
/* MACsec management functions */
const struct macsec_ops *macsec_ops;
#endif
};
#define to_phy_device(d) container_of(to_mdio_device(d), \
struct phy_device, mdio)

224
include/net/macsec.h Normal file
View File

@ -0,0 +1,224 @@
/* SPDX-License-Identifier: GPL-2.0+ */
/*
* MACsec netdev header, used for h/w accelerated implementations.
*
* Copyright (c) 2015 Sabrina Dubroca <sd@queasysnail.net>
*/
#ifndef _NET_MACSEC_H_
#define _NET_MACSEC_H_
#include <linux/u64_stats_sync.h>
#include <uapi/linux/if_link.h>
#include <uapi/linux/if_macsec.h>
typedef u64 __bitwise sci_t;
#define MACSEC_NUM_AN 4 /* 2 bits for the association number */
/**
* struct macsec_key - SA key
* @id: user-provided key identifier
* @tfm: crypto struct, key storage
*/
struct macsec_key {
u8 id[MACSEC_KEYID_LEN];
struct crypto_aead *tfm;
};
struct macsec_rx_sc_stats {
__u64 InOctetsValidated;
__u64 InOctetsDecrypted;
__u64 InPktsUnchecked;
__u64 InPktsDelayed;
__u64 InPktsOK;
__u64 InPktsInvalid;
__u64 InPktsLate;
__u64 InPktsNotValid;
__u64 InPktsNotUsingSA;
__u64 InPktsUnusedSA;
};
struct macsec_rx_sa_stats {
__u32 InPktsOK;
__u32 InPktsInvalid;
__u32 InPktsNotValid;
__u32 InPktsNotUsingSA;
__u32 InPktsUnusedSA;
};
struct macsec_tx_sa_stats {
__u32 OutPktsProtected;
__u32 OutPktsEncrypted;
};
struct macsec_tx_sc_stats {
__u64 OutPktsProtected;
__u64 OutPktsEncrypted;
__u64 OutOctetsProtected;
__u64 OutOctetsEncrypted;
};
/**
* struct macsec_rx_sa - receive secure association
* @active:
* @next_pn: packet number expected for the next packet
* @lock: protects next_pn manipulations
* @key: key structure
* @stats: per-SA stats
*/
struct macsec_rx_sa {
struct macsec_key key;
spinlock_t lock;
u32 next_pn;
refcount_t refcnt;
bool active;
struct macsec_rx_sa_stats __percpu *stats;
struct macsec_rx_sc *sc;
struct rcu_head rcu;
};
struct pcpu_rx_sc_stats {
struct macsec_rx_sc_stats stats;
struct u64_stats_sync syncp;
};
struct pcpu_tx_sc_stats {
struct macsec_tx_sc_stats stats;
struct u64_stats_sync syncp;
};
/**
* struct macsec_rx_sc - receive secure channel
* @sci: secure channel identifier for this SC
* @active: channel is active
* @sa: array of secure associations
* @stats: per-SC stats
*/
struct macsec_rx_sc {
struct macsec_rx_sc __rcu *next;
sci_t sci;
bool active;
struct macsec_rx_sa __rcu *sa[MACSEC_NUM_AN];
struct pcpu_rx_sc_stats __percpu *stats;
refcount_t refcnt;
struct rcu_head rcu_head;
};
/**
* struct macsec_tx_sa - transmit secure association
* @active:
* @next_pn: packet number to use for the next packet
* @lock: protects next_pn manipulations
* @key: key structure
* @stats: per-SA stats
*/
struct macsec_tx_sa {
struct macsec_key key;
spinlock_t lock;
u32 next_pn;
refcount_t refcnt;
bool active;
struct macsec_tx_sa_stats __percpu *stats;
struct rcu_head rcu;
};
/**
* struct macsec_tx_sc - transmit secure channel
* @active:
* @encoding_sa: association number of the SA currently in use
* @encrypt: encrypt packets on transmit, or authenticate only
* @send_sci: always include the SCI in the SecTAG
* @end_station:
* @scb: single copy broadcast flag
* @sa: array of secure associations
* @stats: stats for this TXSC
*/
struct macsec_tx_sc {
bool active;
u8 encoding_sa;
bool encrypt;
bool send_sci;
bool end_station;
bool scb;
struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN];
struct pcpu_tx_sc_stats __percpu *stats;
};
/**
* struct macsec_secy - MACsec Security Entity
* @netdev: netdevice for this SecY
* @n_rx_sc: number of receive secure channels configured on this SecY
* @sci: secure channel identifier used for tx
* @key_len: length of keys used by the cipher suite
* @icv_len: length of ICV used by the cipher suite
* @validate_frames: validation mode
* @operational: MAC_Operational flag
* @protect_frames: enable protection for this SecY
* @replay_protect: enable packet number checks on receive
* @replay_window: size of the replay window
* @tx_sc: transmit secure channel
* @rx_sc: linked list of receive secure channels
*/
struct macsec_secy {
struct net_device *netdev;
unsigned int n_rx_sc;
sci_t sci;
u16 key_len;
u16 icv_len;
enum macsec_validation_type validate_frames;
bool operational;
bool protect_frames;
bool replay_protect;
u32 replay_window;
struct macsec_tx_sc tx_sc;
struct macsec_rx_sc __rcu *rx_sc;
};
/**
* struct macsec_context - MACsec context for hardware offloading
*/
struct macsec_context {
struct phy_device *phydev;
enum macsec_offload offload;
struct macsec_secy *secy;
struct macsec_rx_sc *rx_sc;
struct {
unsigned char assoc_num;
u8 key[MACSEC_KEYID_LEN];
union {
struct macsec_rx_sa *rx_sa;
struct macsec_tx_sa *tx_sa;
};
} sa;
u8 prepare:1;
};
/**
* struct macsec_ops - MACsec offloading operations
*/
struct macsec_ops {
/* Device wide */
int (*mdo_dev_open)(struct macsec_context *ctx);
int (*mdo_dev_stop)(struct macsec_context *ctx);
/* SecY */
int (*mdo_add_secy)(struct macsec_context *ctx);
int (*mdo_upd_secy)(struct macsec_context *ctx);
int (*mdo_del_secy)(struct macsec_context *ctx);
/* Security channels */
int (*mdo_add_rxsc)(struct macsec_context *ctx);
int (*mdo_upd_rxsc)(struct macsec_context *ctx);
int (*mdo_del_rxsc)(struct macsec_context *ctx);
/* Security associations */
int (*mdo_add_rxsa)(struct macsec_context *ctx);
int (*mdo_upd_rxsa)(struct macsec_context *ctx);
int (*mdo_del_rxsa)(struct macsec_context *ctx);
int (*mdo_add_txsa)(struct macsec_context *ctx);
int (*mdo_upd_txsa)(struct macsec_context *ctx);
int (*mdo_del_txsa)(struct macsec_context *ctx);
};
void macsec_pn_wrapped(struct macsec_secy *secy, struct macsec_tx_sa *tx_sa);
#endif /* _NET_MACSEC_H_ */

7
include/uapi/linux/if_link.h
View File

@ -486,6 +486,13 @@ enum macsec_validation_type {
MACSEC_VALIDATE_MAX = __MACSEC_VALIDATE_END - 1,
};
enum macsec_offload {
MACSEC_OFFLOAD_OFF = 0,
MACSEC_OFFLOAD_PHY = 1,
__MACSEC_OFFLOAD_END,
MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
};
/* IPVLAN section */
enum {
IFLA_IPVLAN_UNSPEC,

11
include/uapi/linux/if_macsec.h
View File

@ -45,6 +45,7 @@ enum macsec_attrs {
MACSEC_ATTR_RXSC_LIST, /* dump, nested, macsec_rxsc_attrs for each RXSC */
MACSEC_ATTR_TXSC_STATS, /* dump, nested, macsec_txsc_stats_attr */
MACSEC_ATTR_SECY_STATS, /* dump, nested, macsec_secy_stats_attr */
MACSEC_ATTR_OFFLOAD, /* config, nested, macsec_offload_attrs */
__MACSEC_ATTR_END,
NUM_MACSEC_ATTR = __MACSEC_ATTR_END,
MACSEC_ATTR_MAX = __MACSEC_ATTR_END - 1,
@ -97,6 +98,15 @@ enum macsec_sa_attrs {
MACSEC_SA_ATTR_MAX = __MACSEC_SA_ATTR_END - 1,
};
enum macsec_offload_attrs {
MACSEC_OFFLOAD_ATTR_UNSPEC,
MACSEC_OFFLOAD_ATTR_TYPE, /* config/dump, u8 0..2 */
MACSEC_OFFLOAD_ATTR_PAD,
__MACSEC_OFFLOAD_ATTR_END,
NUM_MACSEC_OFFLOAD_ATTR = __MACSEC_OFFLOAD_ATTR_END,
MACSEC_OFFLOAD_ATTR_MAX = __MACSEC_OFFLOAD_ATTR_END - 1,
};
enum macsec_nl_commands {
MACSEC_CMD_GET_TXSC,
MACSEC_CMD_ADD_RXSC,
@ -108,6 +118,7 @@ enum macsec_nl_commands {
MACSEC_CMD_ADD_RXSA,
MACSEC_CMD_DEL_RXSA,
MACSEC_CMD_UPD_RXSA,
MACSEC_CMD_UPD_OFFLOAD,
};
/* u64 per-RXSC stats */

7
tools/include/uapi/linux/if_link.h
View File

@ -485,6 +485,13 @@ enum macsec_validation_type {
MACSEC_VALIDATE_MAX = __MACSEC_VALIDATE_END - 1,
};
enum macsec_offload {
MACSEC_OFFLOAD_OFF = 0,
MACSEC_OFFLOAD_PHY = 1,
__MACSEC_OFFLOAD_END,
MACSEC_OFFLOAD_MAX = __MACSEC_OFFLOAD_END - 1,
};
/* IPVLAN section */
enum {
IFLA_IPVLAN_UNSPEC,