[v8] Add MACsec support for TJA11XX C45 PHYs

[PATCH net-next v8 0/7] Add MACsec support for TJA11XX C45 PHYs

Posted by Radu Pirea (NXP OSS) 2 years, 2 months ago

This is the MACsec support for TJA11XX PHYs. The MACsec block encrypts
the ethernet frames on the fly and has no buffering. This operation will
grow the frames by 32 bytes. If the frames are sent back to back, the
MACsec block will not have enough room to insert the SecTAG and the ICV
and the frames will be dropped.

To mitigate this, the PHY can parse a specific ethertype with some
padding bytes and replace them with the SecTAG and ICV. These padding
bytes might be dummy or might contain information about TX SC that must
be used to encrypt the frame.

Radu P.

Radu Pirea (NXP OSS) (7):
  net: macsec: move sci_to_cpu to macsec header
  net: macsec: documentation for macsec_context and macsec_ops
  net: macsec: revert the MAC address if mdo_upd_secy fails
  net: macsec: introduce mdo_insert_tx_tag
  net: phy: nxp-c45-tja11xx: add MACsec support
  net: phy: nxp-c45-tja11xx: add MACsec statistics
  net: phy: nxp-c45-tja11xx: implement mdo_insert_tx_tag

 MAINTAINERS                              |    2 +-
 drivers/net/macsec.c                     |  130 +-
 drivers/net/netdevsim/macsec.c           |    5 -
 drivers/net/phy/Kconfig                  |    2 +-
 drivers/net/phy/Makefile                 |    6 +-
 drivers/net/phy/nxp-c45-tja11xx-macsec.c | 1724 ++++++++++++++++++++++
 drivers/net/phy/nxp-c45-tja11xx.c        |   77 +-
 drivers/net/phy/nxp-c45-tja11xx.h        |   62 +
 include/net/macsec.h                     |   54 +
 9 files changed, 2011 insertions(+), 51 deletions(-)
 create mode 100644 drivers/net/phy/nxp-c45-tja11xx-macsec.c
 create mode 100644 drivers/net/phy/nxp-c45-tja11xx.h

-- 
2.34.1

Re: [PATCH net-next v8 0/7] Add MACsec support for TJA11XX C45 PHYs

Posted by Radu Pirea (OSS) 2 years, 2 months ago

Hi,

The state of this patch series was set to "Changes Requested", but no 
change was requested in V8 and I addressed the changes requested in V7. 
Am I missing something or is it a mistake?

On 23.10.2023 12:43, Radu Pirea (NXP OSS) wrote:
> This is the MACsec support for TJA11XX PHYs. The MACsec block encrypts
> the ethernet frames on the fly and has no buffering. This operation will
> grow the frames by 32 bytes. If the frames are sent back to back, the
> MACsec block will not have enough room to insert the SecTAG and the ICV
> and the frames will be dropped.
> 
> To mitigate this, the PHY can parse a specific ethertype with some
> padding bytes and replace them with the SecTAG and ICV. These padding
> bytes might be dummy or might contain information about TX SC that must
> be used to encrypt the frame.
> 
> Radu P.
> 
> Radu Pirea (NXP OSS) (7):
>    net: macsec: move sci_to_cpu to macsec header
>    net: macsec: documentation for macsec_context and macsec_ops
>    net: macsec: revert the MAC address if mdo_upd_secy fails
>    net: macsec: introduce mdo_insert_tx_tag
>    net: phy: nxp-c45-tja11xx: add MACsec support
>    net: phy: nxp-c45-tja11xx: add MACsec statistics
>    net: phy: nxp-c45-tja11xx: implement mdo_insert_tx_tag
> 
>   MAINTAINERS                              |    2 +-
>   drivers/net/macsec.c                     |  130 +-
>   drivers/net/netdevsim/macsec.c           |    5 -
>   drivers/net/phy/Kconfig                  |    2 +-
>   drivers/net/phy/Makefile                 |    6 +-
>   drivers/net/phy/nxp-c45-tja11xx-macsec.c | 1724 ++++++++++++++++++++++
>   drivers/net/phy/nxp-c45-tja11xx.c        |   77 +-
>   drivers/net/phy/nxp-c45-tja11xx.h        |   62 +
>   include/net/macsec.h                     |   54 +
>   9 files changed, 2011 insertions(+), 51 deletions(-)
>   create mode 100644 drivers/net/phy/nxp-c45-tja11xx-macsec.c
>   create mode 100644 drivers/net/phy/nxp-c45-tja11xx.h
> 

-- 
Radu P.

Re: [PATCH net-next v8 0/7] Add MACsec support for TJA11XX C45 PHYs

Posted by Jakub Kicinski 2 years, 2 months ago

On Wed, 25 Oct 2023 19:21:24 +0300 Radu Pirea (OSS) wrote:
> The state of this patch series was set to "Changes Requested", but no 
> change was requested in V8 and I addressed the changes requested in V7. 
> Am I missing something or is it a mistake?

Another series got silently discarded because of a conflict.
This one IDK. Everything looks fine. So let me bring it back, sorry.
-- 
pw-bot: under-review

Re: [PATCH net-next v8 0/7] Add MACsec support for TJA11XX C45 PHYs

Posted by Jakub Kicinski 2 years, 2 months ago

On Wed, 25 Oct 2023 15:18:34 -0700 Jakub Kicinski wrote:
> On Wed, 25 Oct 2023 19:21:24 +0300 Radu Pirea (OSS) wrote:
> > The state of this patch series was set to "Changes Requested", but no 
> > change was requested in V8 and I addressed the changes requested in V7. 
> > Am I missing something or is it a mistake?  
> 
> Another series got silently discarded because of a conflict.
> This one IDK. Everything looks fine. So let me bring it back, sorry.

Ugh, I found out why. It has already been applied :|

Re: [PATCH net-next v8 0/7] Add MACsec support for TJA11XX C45 PHYs

Posted by Jakub Kicinski 2 years, 2 months ago

On Wed, 25 Oct 2023 15:40:44 -0700 Jakub Kicinski wrote:
> On Wed, 25 Oct 2023 15:18:34 -0700 Jakub Kicinski wrote:
> > On Wed, 25 Oct 2023 19:21:24 +0300 Radu Pirea (OSS) wrote:  
> > > The state of this patch series was set to "Changes Requested", but no 
> > > change was requested in V8 and I addressed the changes requested in V7. 
> > > Am I missing something or is it a mistake?    
> > 
> > Another series got silently discarded because of a conflict.
> > This one IDK. Everything looks fine. So let me bring it back, sorry.  
> 
> Ugh, I found out why. It has already been applied :|

Sorry, ignore me 🤦️

I had it applied locally because I was checking if it applies cleanly.