Merge branch 'macsec-offload' into next

Igor Russkikh  says:

====================

From: Mark Starovoytov <mstarovoitov@marvell.com>

This series adds support for selecting the offloading mode of a MACsec
interface at link creation time.
Available modes are for now 'off', 'phy' and 'mac', 'off' being the default
when an interface is created.

First patch adds support for MAC offloading.

Last patch allows a user to change the offloading mode at runtime
through a new attribute, `ip link add link ... offload`:

  # ip link add link enp1s0 type macsec encrypt on offload off
  # ip link add link enp1s0 type macsec encrypt on offload phy
  # ip link add link enp1s0 type macsec encrypt on offload mac

====================

Signed-off-by: David Ahern <dsahern@gmail.com>

ip/ipmacsec.c

@@ -34,6 +34,7 @@ static const char * const validate_str[] = {
 static const char * const offload_str[] = {
 	[MACSEC_OFFLOAD_OFF] = "off",
 	[MACSEC_OFFLOAD_PHY] = "phy",
+	[MACSEC_OFFLOAD_MAC] = "mac",
 };
 
 struct sci {
@@ -98,7 +99,7 @@ static void ipmacsec_usage(void)
 		"       ip macsec del DEV rx SCI sa { 0..3 }\n"
 		"       ip macsec show\n"
 		"       ip macsec show DEV\n"
-		"       ip macsec offload DEV [ off | phy ]\n"
+		"       ip macsec offload DEV [ off | phy | mac ]\n"
 		"where  OPTS := [ pn <u32> ] [ on | off ]\n"
 		"       ID   := 128-bit hex string\n"
 		"       KEY  := 128-bit or 256-bit hex string\n"
@@ -1219,6 +1220,15 @@ static void macsec_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[])
 			     validate_to_str(val));
 	}
 
+	if (tb[IFLA_MACSEC_OFFLOAD]) {
+		__u8 val = rta_getattr_u8(tb[IFLA_MACSEC_OFFLOAD]);
+
+		print_string(PRINT_ANY,
+			     "offload",
+			     "offload %s ",
+			     offload_to_str(val));
+	}
+
 	const char *inc_sci, *es, *replay;
 
 	if (is_json_context()) {
@@ -1267,6 +1277,7 @@ static void usage(FILE *f)
 		"                  [ replay { on | off} window { 0..2^32-1 } ]\n"
 		"                  [ validate { strict | check | disabled } ]\n"
 		"                  [ encodingsa { 0..3 } ]\n"
+		"                  [ offload { mac | phy | off } ]\n"
 		);
 }
 
@@ -1276,6 +1287,7 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv,
 	int ret;
 	__u8 encoding_sa = 0xff;
 	__u32 window = -1;
+	enum macsec_offload offload;
 	struct cipher_args cipher = {0};
 	enum macsec_validation_type validate;
 	bool es = false, scb = false, send_sci = false;
@@ -1397,6 +1409,15 @@ static int macsec_parse_opt(struct link_util *lu, int argc, char **argv,
 			ret = get_an(&encoding_sa, *argv);
 			if (ret)
 				invarg("expected an { 0..3 }", *argv);
+		} else if (strcmp(*argv, "offload") == 0) {
+			NEXT_ARG();
+			ret = one_of("offload", *argv,
+				     offload_str, ARRAY_SIZE(offload_str),
+				     (int *)&offload);
+			if (ret != 0)
+				return ret;
+			addattr8(n, MACSEC_BUFLEN,
+				 IFLA_MACSEC_OFFLOAD, offload);
 		} else {
 			fprintf(stderr, "macsec: unknown command \"%s\"?\n",
 				*argv);

man/man8/ip-macsec.8

@@ -23,6 +23,8 @@ ip-macsec \- MACsec device configuration
 ] [
 .BR validate " { " strict " | " check " | " disabled " } ] ["
 .BI encodingsa " SA"
+] [
+.BR offload " { " off " | " phy " | " mac " }"
 ]
 
 .BI "ip macsec add " DEV " tx sa"
@@ -54,7 +56,7 @@ ip-macsec \- MACsec device configuration
 .RI "{ " 0..3 " }"
 
 .BI "ip macsec offload " DEV
-.RB "{ " off " | " phy " }"
+.RB "{ " off " | " phy " | " mac " }"
 
 .B ip macsec show
 .RI [ " DEV " ]
@@ -86,7 +88,7 @@ type.
 
 .SH EXAMPLES
 .PP
-.SS Create a MACsec device on link eth0
+.SS Create a MACsec device on link eth0 (offload is disabled by default)
 .nf
 # ip link add link eth0 macsec0 type macsec port 11 encrypt on
 .PP
@@ -109,6 +111,10 @@ type.
 .SS Configure offloading on an interface
 .nf
 # ip macsec offload macsec0 phy
+.PP
+.SS Configure offloading upon MACsec device creation
+.nf
+# ip link add link eth0 macsec0 type macsec port 11 encrypt on offload mac
 
 .SH NOTES
 This tool can be used to configure the 802.1AE keys of the interface. Note that 802.1AE uses GCM-AES