#
4dcf38ae |
|
05-Oct-2023 |
Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> |
octeontx2-pf: mcs: update PN only when update_pn is true When updating SA, update the PN only when the update_pn flag is true. Otherwise, the PN will be reset to its previous value using the following command and this should not happen: $ ip macsec set macsec0 tx sa 0 on Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Radu Pirea (NXP OSS) <radu-nicolae.pirea@oss.nxp.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
e7002b3b |
|
17-Jul-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Generate hash key using ecb(aes) Hardware generated encryption and ICV tags are found to be wrong when tested with IEEE MACSEC test vectors. This is because as per the HRM, the hash key (derived by AES-ECB block encryption of an all 0s block with the SAK) has to be programmed by the software in MCSX_RS_MCS_CPM_TX_SLAVE_SA_PLCY_MEM_4X register. Hence fix this by generating hash key in software and configuring in hardware. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Reviewed-by: Kalesh AP <kalesh-anakkur.purayil@broadcom.com> Link: https://lore.kernel.org/r/1689574603-28093-1-git-send-email-sbhatta@marvell.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
#
030d71fd |
|
16-May-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Support VLAN in clear text Detect whether macsec secy is running on top of VLAN which implies transmitting VLAN tag in clear text before macsec SecTag. In this case configure hardware to insert SecTag after VLAN tag. Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Kovvuri Goutham <sgoutham@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
d1e4632b |
|
15-May-2023 |
Yang Li <yang.lee@linux.alibaba.com> |
octeontx2-pf: mcs: Remove unneeded semicolon ./drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c:242:2-3: Unneeded semicolon ./drivers/net/ethernet/marvell/octeontx2/nic/cn10k_macsec.c:476:2-3: Unneeded semicolon Reported-by: Abaci Robot <abaci@linux.alibaba.com> Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=4947 Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
48c0db05 |
|
11-May-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Offload extended packet number(XPN) feature The macsec hardware block supports XPN cipher suites also. Hence added changes to offload XPN feature. Changes include configuring SecY policy to XPN cipher suite, Salt and SSCI values. 64 bit packet number is passed instead of 32 bit packet number. Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Kovvuri Goutham <sgoutham@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
bd9424ef |
|
10-May-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
macsec: Use helper macsec_netdev_priv for offload drivers Now macsec on top of vlan can be offloaded to macsec offloading devices so that VLAN tag is sent in clear text on wire i.e, packet structure is DMAC|SMAC|VLAN|SECTAG. Offloading devices can simply enable NETIF_F_HW_MACSEC feature in netdev->vlan_features for this to work. But the logic in offloading drivers to retrieve the private structure from netdev needs to be changed to check whether the netdev received is real device or a vlan device and get private structure accordingly. This patch changes the offloading drivers to use helper macsec_netdev_priv instead of netdev_priv. Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
3c99bace |
|
26-Apr-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Do not reset PN while updating secy After creating SecYs, SCs and SAs a SecY can be modified to change attributes like validation mode, protect frames mode etc. During this SecY update, packet number is reset to initial user given value by mistake. Hence do not reset PN when updating SecY parameters. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Goutham <sgoutham@marvell.com> Signed-off-by: Geetha sowjanya <gakula@marvell.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
9bdfe610 |
|
26-Apr-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Fix shared counters logic Macsec stats like InPktsLate and InPktsDelayed share same counter in hardware. If SecY replay_protect is true then counter represents InPktsLate otherwise InPktsDelayed. This mode change was tracked based on protect_frames instead of replay_protect mistakenly. Similarly InPktsUnchecked and InPktsOk share same counter and mode change was tracked based on validate_check instead of validate_disabled. This patch fixes those problems. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Goutham <sgoutham@marvell.com> Signed-off-by: Geetha sowjanya <gakula@marvell.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
815debbb |
|
26-Apr-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Clear stats before freeing resource When freeing MCS hardware resources like SecY, SC and SA the corresponding stats needs to be cleared. Otherwise previous stats are shown in newly created macsec interfaces. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Goutham <sgoutham@marvell.com> Signed-off-by: Geetha sowjanya <gakula@marvell.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
57d00d43 |
|
26-Apr-2023 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Match macsec ethertype along with DMAC On CN10KB silicon a single hardware macsec block is present and offloads macsec operations for all the ethernet LMACs. TCAM match with macsec ethertype 0x88e5 alone at RX side is not sufficient to distinguish all the macsec interfaces created on top of netdevs. Hence append the DMAC of the macsec interface too. Otherwise the first created macsec interface only receives all the macsec traffic. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Goutham <sgoutham@marvell.com> Signed-off-by: Geetha sowjanya <gakula@marvell.com> Reviewed-by: Leon Romanovsky <leonro@nvidia.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
|
#
7b55c2ed |
|
17-Oct-2022 |
Manank Patel <pmanank200502@gmail.com> |
ethernet: marvell: octeontx2 Fix resource not freed after malloc fix rxsc and txsc not getting freed before going out of scope Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Manank Patel <pmanank200502@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
897fab7a |
|
08-Oct-2022 |
Yang Yingliang <yangyingliang@huawei.com> |
octeontx2-pf: mcs: fix missing unlock in some error paths Add the missing unlock in some error paths. Fixes: c54ffc73601c ("octeontx2-pf: mcs: Introduce MACSEC hardware offloading") Signed-off-by: Yang Yingliang <yangyingliang@huawei.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
7305e780 |
|
06-Oct-2022 |
Yang Li <yang.lee@linux.alibaba.com> |
octeontx2-pf: mcs: remove unneeded semicolon Semicolon is not required after curly braces. Link: https://bugzilla.openanolis.cn/show_bug.cgi?id=2332 Reported-by: Abaci Robot <abaci@linux.alibaba.com> Signed-off-by: Yang Li <yang.lee@linux.alibaba.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|
#
c54ffc73 |
|
30-Sep-2022 |
Subbaraya Sundeep <sbhatta@marvell.com> |
octeontx2-pf: mcs: Introduce MACSEC hardware offloading This patch introduces the macsec offload feature to cn10k PF netdev driver. The macsec offload ops like adding, deleting and updating SecYs, SCs, SAs and stats are supported. XPN support will be added in later patches. Some stats use same counter in hardware which means based on the SecY mode the same counter represents different stat. Hence when SecY mode/policy is changed then snapshot of current stats are captured. Also there is no provision to specify the unique flow-id/SCI per packet to hardware hence different mac address needs to be set for macsec interfaces. Signed-off-by: Subbaraya Sundeep <sbhatta@marvell.com> Signed-off-by: Sunil Goutham <sgoutham@marvell.com> Signed-off-by: David S. Miller <davem@davemloft.net>
|