- 08 Sep, 2022 2 commits
-
-
Heiner Kallweit authored
These chip versions are closely related and all of them have no chip-specific MAC/PHY initialization. Therefore merge support for the three chip versions. Signed-off-by:
Heiner Kallweit <hkallweit1@gmail.com> Link: https://lore.kernel.org/r/469d27e0-1d06-9b15-6c96-6098b3a52e35@gmail.comSigned-off-by:
Paolo Abeni <pabeni@redhat.com>
-
Kurt Kanzenbach authored
The stmmac has the possibility to automatically strip the padding/FCS for IEEE 802.3 type frames. This feature is enabled conditionally. Therefore, the stmmac receive path has to have a determination logic whether the FCS has to be stripped in software or not. In fact, for DSA this ACS feature is disabled and the determination logic doesn't check for it properly. For instance, when using DSA in combination with an older stmmac (pre version 4), the FCS is not stripped by hardware or software which is problematic. So either add another check for DSA to the fast path or simply disable ACS feature completely. The latter approach has been chosen, because most of the time the FCS is stripped in software anyway and it removes conditionals from the receive fast path. Signed-off-by:
Kurt Kanzenbach <kurt@linutronix.de> Reviewed-by:
Florian Fainelli <f.fainelli@gmail.com> Link: https://lore.kernel.org/r/87v8q8jjgh.fsf@kurt/ Link: https://lore.kernel.org/r/20220905130155.193640-1-kurt@linutronix.deSigned-off-by:
-
- 07 Sep, 2022 38 commits
-
-
David S. Miller authored
Guangbin Huang says: ==================== hns3: add some new features This series adds some new features for the HNS3 ethernet driver. Patches #1~#3 support configuring dscp map to tc. Patch 4# supports querying FEC statistics by command "ethtool -I --show-fec eth0". Patch 5# supports querying and setting Serdes lane number. Change logs: V1 -> V2: - fix build error of patch 1# reported by robot lkp@intel.com. ==================== Signed-off-by:David S. Miller <davem@davemloft.net>
-
Hao Chen authored
When serdes lane support setting 25Gb/s or 50Gb/s speed and user wants to set port speed as 50Gb/s, it can be setted as one 50Gb/s serdes lane or two 25Gb/s serdes lanes. So, this patch adds support to query and set lane number by ethtool to satisfy this scenario. Signed-off-by:
Hao Chen <chenhao418@huawei.com> Signed-off-by:
Guangbin Huang <huangguangbin2@huawei.com> Signed-off-by:
-
Hao Lan authored
FEC statistics can be used to check the transmission quality of links. This patch implements the get_fec_stats callback of ethtool_ops to support querying FEC statistics by command "ethtool -I --show-fec eth0". Signed-off-by:
Hao Lan <lanhao@huawei.com> Signed-off-by:
-
Guangbin Huang authored
This patch add dump the map relation for dscp, priority and TC, and the current tc map mode. Signed-off-by:
-
Guangbin Huang authored
To support tx packets to select queue according to its dscp field after setting dscp and tc map relationship, this patch implements ndo_select_queue() to set skb->priority according to the user's setting dscp and priority map relationship. Signed-off-by:
-
Guangbin Huang authored
This patch add support config dscp map to tc by implementing ieee_setapp and ieee_delapp of struct dcbnl_rtnl_ops. Driver will convert mapping relationship from dscp-prio to dscp-tc. Signed-off-by:
kernel test robot <lkp@intel.com> Signed-off-by:
-
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queueDavid S. Miller authored
Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2022-09-06 (i40e, iavf) This series contains updates to i40e and iavf drivers. Stanislaw adds support for new device id for i40e. Jaroslaw tidies up some code around MSI-X configuration by adding/ reworking comments and introducing a couple of macros for i40e. Michal resolves some races around reset and close by deferring and deleting some pending AdminQ operations and reworking filter additions and deletions during these operations for iavf. ==================== Signed-off-by: -
git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queueDavid S. Miller authored
Tony Nguyen says: ==================== Intel Wired LAN Driver Updates 2022-09-06 (ice) This series contains updates to ice driver only. Tony reduces device MSI-X request/usage when entire request can't be fulfilled. Michal adds check for reset when waiting for PTP offsets. Paul refactors firmware version checks to use a common helper. Christophe Jaillet changes a couple of local memory allocation to not use the devm variant. ==================== Signed-off-by: -
Liu Shixin authored
The variable long_max is replaced by bpf_jit_limit_max and no longer be used. So remove it. No functional change. Signed-off-by:
Liu Shixin <liushixin2@huawei.com> Signed-off-by:
-
Lorenzo Bianconi authored
Get rid of mtk_foe_entry_timestamp routine since it is no longer used. Signed-off-by:
Lorenzo Bianconi <lorenzo@kernel.org> Signed-off-by:
-
David S. Miller authored
Saeed Mahameed says: ==================== Introduce MACsec skb_metadata_dst and mlx5 macsec offload v1->v2: - attach mlx5 implementation patches. This patchset introduces MACsec skb_metadata_dst to lay the ground for MACsec HW offload. MACsec is an IEEE standard (IEEE 802.1AE) for MAC security. It defines a way to establish a protocol independent connection between two hosts with data confidentiality, authenticity and/or integrity, using GCM-AES. MACsec operates on the Ethernet layer and as such is a layer 2 protocol, which means it’s designed to secure traffic within a layer 2 network, including DHCP or ARP requests. Linux has a software implementation of the MACsec standard and HW offloading support. The offloading is re-using the logic, netlink API and data structures of the existing MACsec software implementation. For Tx: In the current MACsec offload implementation, MACsec interfaces shares the same MAC address by default. Therefore, HW can't distinguish from which MACsec interface the traffic originated from. MACsec stack will use skb_metadata_dst to store the SCI value, which is unique per MACsec interface, skb_metadat_dst will be used later by the offloading device driver to associate the SKB with the corresponding offloaded interface (SCI) to facilitate HW MACsec offload. For Rx: Like in the Tx changes, if there are more than one MACsec device with the same MAC address as in the packet's destination MAC, the packet will be forward only to one of the devices and not neccessarly to the desired one. Offloading device driver sets the MACsec skb_metadata_dst sci field with the appropriaate Rx SCI for each SKB so the MACsec rx handler will know to which port to divert those skbs, instead of wrongly solely relaying on dst MAC address comparison. 1) patch 1,2, Add support to skb_metadata_dst in MACsec code: net/macsec: Add MACsec skb_metadata_dst Tx Data path support net/macsec: Add MACsec skb_metadata_dst Rx Data path support 2) patch 3, Move some MACsec driver code for sharing with various drivers that implements offload: net/macsec: Move some code for sharing with various drivers that implements offload 3) The rest of the patches introduce mlx5 implementation for macsec offloads TX and RX via steering tables. a) TX, intercept skbs with macsec offlad mark in skb_metadata_dst and mark the descriptor for offload. b) RX, intercept offloaded frames and prepare the proper skb_metadata_dst to mark offloaded rx frames. ==================== Signed-off-by: -
Lior Nahmanson authored
Add the ability to add up to 16 MACsec offload interfaces over the same physical interface Signed-off-by:
Lior Nahmanson <liorna@nvidia.com> Reviewed-by:
Raed Salem <raeds@nvidia.com> Signed-off-by:
Saeed Mahameed <saeedm@nvidia.com> Signed-off-by:
-
Lior Nahmanson authored
Add the following statistics: RX successfully decrypted MACsec packets: macsec_rx_pkts : Number of packets decrypted successfully macsec_rx_bytes : Number of bytes decrypted successfully Rx dropped MACsec packets: macsec_rx_pkts_drop : Number of MACsec packets dropped macsec_rx_bytes_drop : Number of MACsec bytes dropped TX successfully encrypted MACsec packets: macsec_tx_pkts : Number of packets encrypted/authenticated successfully macsec_tx_bytes : Number of bytes encrypted/authenticated successfully Tx dropped MACsec packets: macsec_tx_pkts_drop : Number of MACsec packets dropped macsec_tx_bytes_drop : Number of MACsec bytes dropped The above can be seen using: ethtool -S <ifc> |grep macsec Signed-off-by:
-
Lior Nahmanson authored
Add offload support for MACsec SecY callbacks - add/update/delete. add_secy is called when need to create a new MACsec interface. upd_secy is called when source MAC address or tx SC was changed. del_secy is called when need to destroy the MACsec interface. Signed-off-by:
-
Lior Nahmanson authored
MACsec driver need to distinguish to which offload device the MACsec is target to, in order to handle them correctly. This can be done by attaching a metadata_dst to a SKB with a SCI, when there is a match on MACsec rule. To achieve that, there is a map between fs_id to SCI, so for each RX SC, there is a unique fs_id allocated when creating RX SC. fs_id passed to device driver as metadata for packets that passed Rx MACsec offload to aid the driver to retrieve the matching SCI. Signed-off-by:
-
Lior Nahmanson authored
Rx flow steering consists of two flow tables (FTs). The first FT (crypto table) have one default miss rule so non MACsec offloaded packets bypass the MACSec tables. All others flow table entries (FTEs) are divided to two equal groups size, both of them are for MACsec packets: The first group is for MACsec packets which contains SCI field in the SecTAG header. The second group is for MACsec packets which doesn't contain SCI, where need to match on the source MAC address (only if the SCI is built from default MACsec port). Destination MAC address, ethertype and some of SecTAG fields are also matched for both groups. In case of match, invoke decrypt action on the packet. For each MACsec Rx offloaded SA two rules are created: one with SCI and one without SCI. The second FT (check table) has two fixed rules: One rule is for verifying that the previous offload actions were finished successfully. In this case, need to decap the SecTAG header and forward the packet for further processing. Another default rule for dropping packets that failed in the previous decrypt actions. The MACsec FTs are created on demand when the first MACsec rule is added and destroyed when the last MACsec rule is deleted. Signed-off-by:
-
Lior Nahmanson authored
Add new namespace for MACsec RX flows. Encrypted MACsec packets should be first decrypted and stripped from MACsec header and then continues with the kernel's steering pipeline. Signed-off-by:
-
Lior Nahmanson authored
Add a support for Connect-X MACsec offload Rx SA & SC commands: add, update and delete. SCs are created on demend and aren't limited by number and unique by SCI. Each Rx SA must be associated with Rx SC according to SCI. Follow-up patches will implement the Rx steering. Signed-off-by:
-
Lior Nahmanson authored
MACsec driver marks Tx packets for device offload using a dedicated skb_metadata_dst which holds a 64 bits SCI number. A previously set rule will match on this number so the correct SA is used for the MACsec operation. As device driver can only provide 32 bits of metadata to flow tables, need to used a mapping from 64 bit to 32 bits marker or id, which is can be achieved by provide a 32 bit unique flow id in the control path, and used a hash table to map 64 bit to the unique id in the datapath. Signed-off-by:
-
Lior Nahmanson authored
Tx flow steering consists of two flow tables (FTs). The first FT (crypto table) has two fixed rules: One default miss rule so non MACsec offloaded packets bypass the MACSec tables, another rule to make sure that MACsec key exchange (MKE) traffic passes unencrypted as expected (matched of ethertype). On each new MACsec offload flow, a new MACsec rule is added. This rule is matched on metadata_reg_a (which contains the id of the flow) and invokes the MACsec offload action on match. The second FT (check table) has two fixed rules: One rule for verifying that the previous offload actions were finished successfully and packet need to be transmitted. Another default rule for dropping packets that were failed in the offload actions. The MACsec FTs should be created on demand when the first MACsec rule is added and destroyed when the last MACsec rule is deleted. Signed-off-by:
-
Lior Nahmanson authored
Changed EGRESS_KERNEL namespace to EGRESS_IPSEC and add new namespace for MACsec TX. This namespace should be the last namespace for transmitted packets. Signed-off-by:
-
Lior Nahmanson authored
This patch adds support for Connect-X MACsec offload Tx SA commands: add, update and delete. In Connect-X MACsec, a Security Association (SA) is added or deleted via allocating a HW context of an encryption/decryption key and a HW context of a matching SA (MACsec object). When new SA is added: - Use a separate crypto key HW context. - Create a separate MACsec context in HW to include the SA properties. Introduce a new compilation flag MLX5_EN_MACSEC for it. Follow-up patches will implement the Tx steering. Signed-off-by:
-
Lior Nahmanson authored
Add MACsec offload related IFC structs, layouts and enumerations. Signed-off-by:
-
Lior Nahmanson authored
In order to support MACsec offload (and maybe some other crypto features in the future), generalize flow action parameters / defines to be used by crypto offlaods other than IPsec. The following changes made: ipsec_obj_id field at flow action context was changed to crypto_obj_id, intreduced a new crypto_type field where IPsec is the default zero type for backward compatibility. Action ipsec_decrypt was changed to crypto_decrypt. Action ipsec_encrypt was changed to crypto_encrypt. IPsec offload code was updated accordingly for backward compatibility. Signed-off-by:
-
Lior Nahmanson authored
esp_id is no longer in used Signed-off-by:
-
Lior Nahmanson authored
Move some MACsec infrastructure like defines and functions, in order to avoid code duplication for future drivers which implements MACsec offload. Signed-off-by:
Jiri Pirko <jiri@nvidia.com> Reviewed-by:
Ben Ben-Ishay <benishay@nvidia.com> Signed-off-by:
-
Lior Nahmanson authored
Like in the Tx changes, if there are more than one MACsec device with the same MAC address as in the packet's destination MAC, the packet will be forward only to this device and not neccessarly to the desired one. Offloading device drivers will mark offloaded MACsec SKBs with the corresponding SCI in the skb_metadata_dst so the macsec rx handler will know to which port to divert those skbs, instead of wrongly solely relaying on dst MAC address comparison. Signed-off-by:
-
Lior Nahmanson authored
In the current MACsec offload implementation, MACsec interfaces shares the same MAC address by default. Therefore, HW can't distinguish from which MACsec interface the traffic originated from. MACsec stack will use skb_metadata_dst to store the SCI value, which is unique per Macsec interface, skb_metadat_dst will be used by the offloading device driver to associate the SKB with the corresponding offloaded interface (SCI). Signed-off-by:
-
David S. Miller authored
Signed-off-by: -
Florian Westphal authored
Now that nla_policy allows range checks for bigendian data make use of this to reject such attributes. At this time, reject happens later from the init or select_ops callbacks, but its prone to errors. In the future, new attributes can be handled via NLA_POLICY_MAX_BE and exiting ones can be converted one by one. Signed-off-by:
Florian Westphal <fw@strlen.de> Signed-off-by:
-
Florian Westphal authored
netlink allows to specify allowed ranges for integer types. Unfortunately, nfnetlink passes integers in big endian, so the existing NLA_POLICY_MAX() cannot be used. At the moment, nfnetlink users, such as nf_tables, need to resort to programmatic checking via helpers such as nft_parse_u32_check(). This is both cumbersome and error prone. This adds NLA_POLICY_MAX_BE which adds range check support for BE16, BE32 and BE64 integers. Signed-off-by:
-
David S. Miller authored
Edward Cree says: ==================== sfc: add support for PTP over IPv6 and 802.3 Most recent cards (8000 series and newer) had enough hardware support for this, but it was not enabled in the driver. The transmission of PTP packets over these protocols was already added in commit bd4a2697 ("sfc: use hardware tx timestamps for more than PTP"), but receiving them was already unsupported so synchronization didn't happen. These patches add support for timestamping received packets over IPv6/UPD and IEEE802.3. v2: fixed weird indentation in efx_ptp_init_filter v3: fixed bug caused by usage of htons in PTP_EVENT_PORT definition. It was used in more places, where htons was used too, so using it 2 times leave it again in host order. I didn't detected it in my tests because it only affected if timestamping through the MC, but the model I used do it through the MAC. Detected by kernel test robot <lkp@intel.com> v4: removed `inline` specifiers from 2 local functions v5: restored deleted comment with useful explanation about packets reordering. Deleted useless whitespaces. ==================== Reviewed-by:
Edward Cree <ecree.xilinx@gmail.com> Signed-off-by:
-
Íñigo Huguet authored
The previous patch add support for PTP over IPv6/UDP (only for 8000 series and newer) and this one add support for PTP over 802.3. Tested: sync as master and as slave is correct with ptp4l. PTP over IPv4 and IPv6 still works fine. Suggested-by:
Íñigo Huguet <ihuguet@redhat.com> Signed-off-by:
-
Íñigo Huguet authored
commit bd4a2697 ("sfc: use hardware tx timestamps for more than PTP") added support for hardware timestamping on TX for cards of the 8000 series and newer, in an effort to provide support for other transports other than IPv4/UDP. However, timestamping was still not working on RX for these other transports. This patch add support for PTP over IPv6/UDP. Tested: sync as master and as slave is correct using ptp4l from linuxptp package, both with IPv4 and IPv6. Suggested-by:
-
Íñigo Huguet authored
In preparation for the support of PTP over IPv6/UDP and Ethernet in next patches, allow a more flexible way of adding and removing RX filters for PTP. Right now, only 2 filters are allowed, which are the ones needed for PTP over IPv4/UDP. Signed-off-by:
-
Jerry Ray authored
Adding support for the LAN9354 device by allowing it to use the LAN9303 DSA driver. These devices have the same underlying access and control methods and from a feature set point of view the LAN9354 is a superset of the LAN9303. The MDIO access method has been tested on a SAMA5D3-EDS board with a LAN9354 RMII daughter card. While the SPI access method should also be the same, it has not been tested and as such is not included at this time. Signed-off-by:
Jerry Ray <jerry.ray@microchip.com> Signed-off-by:
-
Jerry Ray authored
Add initial BYTE_ORDER read to sync the 32-bit accesses over the 16-bit mdio bus to improve driver robustness. The lan9303 expects two mdio read transactions back-to-back to read a 32-bit register. The first read transaction causes the other half of the 32-bit register to get latched. The subsequent read returns the latched second half of the 32-bit read. The BYTE_ORDER register is an exception to this rule. As it is a constant value, there is no need to latch the second half. We read this register first in case there were reads during the boot loader process that might have occurred prior to this driver taking over ownership of accessing this device. This patch has been tested on the SAMA5D3-EDS with a LAN9303 RMII daughter card. Signed-off-by:
-
Romain Naour authored
Add register validation for KSZ9896. Signed-off-by:
Romain Naour <romain.naour@skf.com> Signed-off-by:
-
