net/macsec: Add MACsec skb_metadata_dst Tx Data path support

In the current MACsec offload implementation, MACsec interfaces shares
the same MAC address by default.
Therefore, HW can't distinguish from which MACsec interface the traffic
originated from.

MACsec stack will use skb_metadata_dst to store the SCI value, which is
unique per Macsec interface, skb_metadat_dst will be used by the
offloading device driver to associate the SKB with the corresponding
offloaded interface (SCI).

Signed-off-by: Lior Nahmanson <liorna@nvidia.com>
Reviewed-by: Raed Salem <raeds@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c
index adf448a8162b5fd150b6d9203922473311a1ba26..c190dc019717e2d19b56235bd693b404eadf3524 100644 (file)
--- a/drivers/net/macsec.c
+++ b/drivers/net/macsec.c
@@ -18,6 +18,7 @@
 #include <net/sock.h>
 #include <net/gro_cells.h>
 #include <net/macsec.h>
+#include <net/dst_metadata.h>
 #include <linux/phy.h>
 #include <linux/byteorder/generic.h>
 #include <linux/if_arp.h>
@@ -3416,6 +3417,11 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb,
        int ret, len;
 
        if (macsec_is_offloaded(netdev_priv(dev))) {
+               struct metadata_dst *md_dst = secy->tx_sc.md_dst;
+
+               skb_dst_drop(skb);
+               dst_hold(&md_dst->dst);
+               skb_dst_set(skb, &md_dst->dst);
                skb->dev = macsec->real_dev;
                return dev_queue_xmit(skb);
        }
@@ -3743,6 +3749,7 @@ static void macsec_free_netdev(struct net_device *dev)
 {
        struct macsec_dev *macsec = macsec_priv(dev);
 
+       metadata_dst_free(macsec->secy.tx_sc.md_dst);
        free_percpu(macsec->stats);
        free_percpu(macsec->secy.tx_sc.stats);
 
@@ -4015,6 +4022,13 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
                return -ENOMEM;
        }
 
+       secy->tx_sc.md_dst = metadata_dst_alloc(0, METADATA_MACSEC, GFP_KERNEL);
+       if (!secy->tx_sc.md_dst) {
+               free_percpu(secy->tx_sc.stats);
+               free_percpu(macsec->stats);
+               return -ENOMEM;
+       }
+
        if (sci == MACSEC_UNDEF_SCI)
                sci = dev_to_sci(dev, MACSEC_PORT_ES);
 
@@ -4028,6 +4042,7 @@ static int macsec_add_dev(struct net_device *dev, sci_t sci, u8 icv_len)
        secy->xpn = DEFAULT_XPN;
 
        secy->sci = sci;
+       secy->tx_sc.md_dst->u.macsec_info.sci = sci;
        secy->tx_sc.active = true;
        secy->tx_sc.encoding_sa = DEFAULT_ENCODING_SA;
        secy->tx_sc.encrypt = DEFAULT_ENCRYPT;

diff --git a/include/net/dst_metadata.h b/include/net/dst_metadata.h
index adab27ba1ecbf054f5284e4342b1551b104d9a2c..22a6924bf6daaaaaf16d9ea01abb322281f04042 100644 (file)
--- a/include/net/dst_metadata.h
+++ b/include/net/dst_metadata.h
@@ -4,11 +4,13 @@
 
 #include <linux/skbuff.h>
 #include <net/ip_tunnels.h>
+#include <net/macsec.h>
 #include <net/dst.h>
 
 enum metadata_type {
        METADATA_IP_TUNNEL,
        METADATA_HW_PORT_MUX,
+       METADATA_MACSEC,
 };
 
 struct hw_port_info {
@@ -16,12 +18,17 @@ struct hw_port_info {
        u32 port_id;
 };
 
+struct macsec_info {
+       sci_t sci;
+};
+
 struct metadata_dst {
        struct dst_entry                dst;
        enum metadata_type              type;
        union {
                struct ip_tunnel_info   tun_info;
                struct hw_port_info     port_info;
+               struct macsec_info      macsec_info;
        } u;
 };
 
@@ -82,6 +89,9 @@ static inline int skb_metadata_dst_cmp(const struct sk_buff *skb_a,
                return memcmp(&a->u.tun_info, &b->u.tun_info,
                              sizeof(a->u.tun_info) +
                                         a->u.tun_info.options_len);
+       case METADATA_MACSEC:
+               return memcmp(&a->u.macsec_info, &b->u.macsec_info,
+                             sizeof(a->u.macsec_info));
        default:
                return 1;
        }

diff --git a/include/net/macsec.h b/include/net/macsec.h
index 73780aa73644cbaf040f31644bc080d9cb5b5575..8494953fb0de2d8ca96fae570eb5e128ce8b5c4c 100644 (file)
--- a/include/net/macsec.h
+++ b/include/net/macsec.h
@@ -19,6 +19,8 @@
 typedef u64 __bitwise sci_t;
 typedef u32 __bitwise ssci_t;
 
+struct metadata_dst;
+
 typedef union salt {
        struct {
                u32 ssci;
@@ -182,6 +184,7 @@ struct macsec_tx_sa {
  * @scb: single copy broadcast flag
  * @sa: array of secure associations
  * @stats: stats for this TXSC
+ * @md_dst: MACsec offload metadata dst
  */
 struct macsec_tx_sc {
        bool active;
@@ -192,6 +195,7 @@ struct macsec_tx_sc {
        bool scb;
        struct macsec_tx_sa __rcu *sa[MACSEC_NUM_AN];
        struct pcpu_tx_sc_stats __percpu *stats;
+       struct metadata_dst *md_dst;
 };
 
 /**