[PATCH net-next 0/8] macsec: inherit lower device's features and TSO limits when offloading
When macsec is offloaded to a NIC, we can take advantage of some of its features, mainly TSO and checksumming. This increases performance significantly. Some features cannot be inherited, because they require additional ops that aren't provided by the macsec netdevice.
We also need to inherit TSO limits from the lower device, like VLAN/macvlan devices do.
This series also moves the existing macsec offload selftest to the netdevsim selftests before adding tests for the new features. To allow this new selftest to work, netdevsim's hw_features are expanded.
Sabrina Dubroca (8): netdevsim: add more hw_features selftests: netdevsim: add a test checking ethtool features macsec: add some of the lower device's features when offloading macsec: clean up local variables in macsec_notify macsec: inherit lower device's TSO limits when offloading selftests: move macsec offload tests from net/rtnetlink to drivers/net/netdvesim selftests: netdevsim: add test toggling macsec offload selftests: netdevsim: add ethtool features to macsec offload tests
drivers/net/macsec.c | 64 +++++++--- drivers/net/netdevsim/netdev.c | 6 +- .../selftests/drivers/net/netdevsim/Makefile | 2 + .../selftests/drivers/net/netdevsim/config | 1 + .../drivers/net/netdevsim/ethtool-features.sh | 31 +++++ .../drivers/net/netdevsim/macsec-offload.sh | 117 ++++++++++++++++++ tools/testing/selftests/net/rtnetlink.sh | 68 ---------- 7 files changed, 200 insertions(+), 89 deletions(-) create mode 100644 tools/testing/selftests/drivers/net/netdevsim/ethtool-features.sh create mode 100755 tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh
netdevsim currently only set HW_TC in its hw_features, but other features should also be present to better reflect the behavior of real HW.
In my macsec offload testing, this ends up as HW_CSUM being missing from hw_features, so it doesn't stick in wanted_features when offload is turned off. Then HW_CSUM (and thus TSO, thanks to netdev_fix_features) is not automatically turned back on when offload is re-enabled.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- drivers/net/netdevsim/netdev.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/drivers/net/netdevsim/netdev.c b/drivers/net/netdevsim/netdev.c index cad85bb0cf54..0be47fed4efc 100644 --- a/drivers/net/netdevsim/netdev.c +++ b/drivers/net/netdevsim/netdev.c @@ -663,7 +663,11 @@ static void nsim_setup(struct net_device *dev) NETIF_F_FRAGLIST | NETIF_F_HW_CSUM | NETIF_F_TSO; - dev->hw_features |= NETIF_F_HW_TC; + dev->hw_features |= NETIF_F_HW_TC | + NETIF_F_SG | + NETIF_F_FRAGLIST | + NETIF_F_HW_CSUM | + NETIF_F_TSO; dev->max_mtu = ETH_MAX_MTU; dev->xdp_features = NETDEV_XDP_ACT_HW_OFFLOAD; }
On Thu, Nov 07, 2024 at 12:13:27AM +0100, Sabrina Dubroca wrote:
netdevsim currently only set HW_TC in its hw_features, but other features should also be present to better reflect the behavior of real HW.
In my macsec offload testing, this ends up as HW_CSUM being missing from hw_features, so it doesn't stick in wanted_features when offload is turned off. Then HW_CSUM (and thus TSO, thanks to netdev_fix_features) is not automatically turned back on when offload is re-enabled.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
Add a test checking that some features are active by default and changeable.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- .../selftests/drivers/net/netdevsim/Makefile | 1 + .../drivers/net/netdevsim/ethtool-features.sh | 31 +++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 tools/testing/selftests/drivers/net/netdevsim/ethtool-features.sh
diff --git a/tools/testing/selftests/drivers/net/netdevsim/Makefile b/tools/testing/selftests/drivers/net/netdevsim/Makefile index cc08b220323f..df167c637af9 100644 --- a/tools/testing/selftests/drivers/net/netdevsim/Makefile +++ b/tools/testing/selftests/drivers/net/netdevsim/Makefile @@ -4,6 +4,7 @@ TEST_PROGS = devlink.sh \ devlink_in_netns.sh \ devlink_trap.sh \ ethtool-coalesce.sh \ + ethtool-features.sh \ ethtool-fec.sh \ ethtool-pause.sh \ ethtool-ring.sh \ diff --git a/tools/testing/selftests/drivers/net/netdevsim/ethtool-features.sh b/tools/testing/selftests/drivers/net/netdevsim/ethtool-features.sh new file mode 100644 index 000000000000..bc210dc6ad2d --- /dev/null +++ b/tools/testing/selftests/drivers/net/netdevsim/ethtool-features.sh @@ -0,0 +1,31 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only + +source ethtool-common.sh + +NSIM_NETDEV=$(make_netdev) + +set -o pipefail + +FEATS=" + tx-checksum-ip-generic + tx-scatter-gather + tx-tcp-segmentation + generic-segmentation-offload + generic-receive-offload" + +for feat in $FEATS ; do + s=$(ethtool --json -k $NSIM_NETDEV | jq ".[]."$feat".active" 2>/dev/null) + check $? "$s" true + + s=$(ethtool --json -k $NSIM_NETDEV | jq ".[]."$feat".fixed" 2>/dev/null) + check $? "$s" false +done + +if [ $num_errors -eq 0 ]; then + echo "PASSED all $((num_passes)) checks" + exit 0 +else + echo "FAILED $num_errors/$((num_errors+num_passes)) checks" + exit 1 +fi
On Thu, Nov 07, 2024 at 12:13:28AM +0100, Sabrina Dubroca wrote:
Add a test checking that some features are active by default and changeable.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
This commit extends the set of netdevice features supported by macsec devices when offload is enabled, which increases performance significantly (for a single TCP stream: 17.5Gbps to 38.5Gbps on my test machines).
Commit c850240b6c41 ("net: macsec: report real_dev features when HW offloading is enabled") previously attempted something similar, but had to be reverted (commit 8bcd560ae878 ("Revert "net: macsec: report real_dev features when HW offloading is enabled"")) because the set of features it exposed was too large.
During initialization, all features are set, and they're then removed via ndo_fix_features (macsec_fix_features). This allows the offloadable features to be automatically enabled if offloading is turned on after device creation.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- drivers/net/macsec.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index ee2159282573..bee1e0f95d2a 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -2666,6 +2666,8 @@ static int macsec_update_offload(struct net_device *dev, enum macsec_offload off macsec_set_head_tail_room(dev); macsec->insert_tx_tag = macsec_needs_tx_tag(macsec, ops);
+ netdev_update_features(dev); + return ret; }
@@ -3521,6 +3523,10 @@ static netdev_tx_t macsec_start_xmit(struct sk_buff *skb, #define MACSEC_FEATURES \ (NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_FRAGLIST)
+#define MACSEC_OFFLOAD_FEATURES \ + (MACSEC_FEATURES | NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES | \ + NETIF_F_LRO | NETIF_F_RXHASH | NETIF_F_CSUM_MASK | NETIF_F_RXCSUM) + static int macsec_dev_init(struct net_device *dev) { struct macsec_dev *macsec = macsec_priv(dev); @@ -3531,7 +3537,10 @@ static int macsec_dev_init(struct net_device *dev) if (err) return err;
- dev->features = real_dev->features & MACSEC_FEATURES; + dev->hw_features = real_dev->hw_features & MACSEC_OFFLOAD_FEATURES; + dev->hw_features |= NETIF_F_GSO_SOFTWARE; + + dev->features = real_dev->features & MACSEC_OFFLOAD_FEATURES; dev->features |= NETIF_F_GSO_SOFTWARE; dev->lltx = true; dev->pcpu_stat_type = NETDEV_PCPU_STAT_TSTATS; @@ -3561,8 +3570,12 @@ static netdev_features_t macsec_fix_features(struct net_device *dev, { struct macsec_dev *macsec = macsec_priv(dev); struct net_device *real_dev = macsec->real_dev; + netdev_features_t mask; + + mask = macsec_is_offloaded(macsec) ? MACSEC_OFFLOAD_FEATURES + : MACSEC_FEATURES;
- features &= (real_dev->features & MACSEC_FEATURES) | + features &= (real_dev->features & mask) | NETIF_F_GSO_SOFTWARE | NETIF_F_SOFT_FEATURES;
return features;
On Thu, Nov 07, 2024 at 12:13:29AM +0100, Sabrina Dubroca wrote:
This commit extends the set of netdevice features supported by macsec devices when offload is enabled, which increases performance significantly (for a single TCP stream: 17.5Gbps to 38.5Gbps on my test machines).
Commit c850240b6c41 ("net: macsec: report real_dev features when HW offloading is enabled") previously attempted something similar, but had to be reverted (commit 8bcd560ae878 ("Revert "net: macsec: report real_dev features when HW offloading is enabled"")) because the set of features it exposed was too large.
During initialization, all features are set, and they're then removed via ndo_fix_features (macsec_fix_features). This allows the offloadable features to be automatically enabled if offloading is turned on after device creation.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
For all events, we need to loop over the list of secys, so let's move the common variables out of the switch/case.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- drivers/net/macsec.c | 25 +++++++------------------ 1 file changed, 7 insertions(+), 18 deletions(-)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index bee1e0f95d2a..e6670e876ff6 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -4441,31 +4441,26 @@ static int macsec_notify(struct notifier_block *this, unsigned long event, void *ptr) { struct net_device *real_dev = netdev_notifier_info_to_dev(ptr); + struct macsec_rxh_data *rxd; + struct macsec_dev *m, *n; LIST_HEAD(head);
if (!is_macsec_master(real_dev)) return NOTIFY_DONE;
+ rxd = macsec_data_rtnl(real_dev); + switch (event) { case NETDEV_DOWN: case NETDEV_UP: - case NETDEV_CHANGE: { - struct macsec_dev *m, *n; - struct macsec_rxh_data *rxd; - - rxd = macsec_data_rtnl(real_dev); + case NETDEV_CHANGE: list_for_each_entry_safe(m, n, &rxd->secys, secys) { struct net_device *dev = m->secy.netdev;
netif_stacked_transfer_operstate(real_dev, dev); } break; - } - case NETDEV_UNREGISTER: { - struct macsec_dev *m, *n; - struct macsec_rxh_data *rxd; - - rxd = macsec_data_rtnl(real_dev); + case NETDEV_UNREGISTER: list_for_each_entry_safe(m, n, &rxd->secys, secys) { macsec_common_dellink(m->secy.netdev, &head); } @@ -4475,12 +4470,7 @@ static int macsec_notify(struct notifier_block *this, unsigned long event,
unregister_netdevice_many(&head); break; - } - case NETDEV_CHANGEMTU: { - struct macsec_dev *m; - struct macsec_rxh_data *rxd; - - rxd = macsec_data_rtnl(real_dev); + case NETDEV_CHANGEMTU: list_for_each_entry(m, &rxd->secys, secys) { struct net_device *dev = m->secy.netdev; unsigned int mtu = real_dev->mtu - (m->secy.icv_len + @@ -4490,7 +4480,6 @@ static int macsec_notify(struct notifier_block *this, unsigned long event, dev_set_mtu(dev, mtu); } } - }
return NOTIFY_OK; }
On Thu, Nov 07, 2024 at 12:13:30AM +0100, Sabrina Dubroca wrote:
For all events, we need to loop over the list of secys, so let's move the common variables out of the switch/case.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
If macsec is offloaded, we need to follow the lower device's capabilities, like VLAN devices do.
Leave the limits unchanged when the offload is disabled.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- drivers/net/macsec.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index e6670e876ff6..24c190d9b959 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -2621,6 +2621,17 @@ static void macsec_set_head_tail_room(struct net_device *dev) dev->needed_tailroom = real_dev->needed_tailroom + needed_tailroom; }
+static void macsec_inherit_tso_max(struct net_device *dev) +{ + struct macsec_dev *macsec = macsec_priv(dev); + + /* if macsec is offloaded, we need to follow the lower + * device's capabilities. otherwise, we can ignore them. + */ + if (macsec_is_offloaded(macsec)) + netif_inherit_tso_max(dev, macsec->real_dev); +} + static int macsec_update_offload(struct net_device *dev, enum macsec_offload offload) { enum macsec_offload prev_offload; @@ -2666,6 +2677,8 @@ static int macsec_update_offload(struct net_device *dev, enum macsec_offload off macsec_set_head_tail_room(dev); macsec->insert_tx_tag = macsec_needs_tx_tag(macsec, ops);
+ macsec_inherit_tso_max(dev); + netdev_update_features(dev);
return ret; @@ -3537,6 +3550,8 @@ static int macsec_dev_init(struct net_device *dev) if (err) return err;
+ macsec_inherit_tso_max(dev); + dev->hw_features = real_dev->hw_features & MACSEC_OFFLOAD_FEATURES; dev->hw_features |= NETIF_F_GSO_SOFTWARE;
@@ -4479,6 +4494,13 @@ static int macsec_notify(struct notifier_block *this, unsigned long event, if (dev->mtu > mtu) dev_set_mtu(dev, mtu); } + break; + case NETDEV_FEAT_CHANGE: + list_for_each_entry(m, &rxd->secys, secys) { + macsec_inherit_tso_max(m->secy.netdev); + netdev_update_features(m->secy.netdev); + } + break; }
return NOTIFY_OK;
On Thu, Nov 07, 2024 at 12:13:31AM +0100, Sabrina Dubroca wrote:
If macsec is offloaded, we need to follow the lower device's capabilities, like VLAN devices do.
Leave the limits unchanged when the offload is disabled.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
We're going to expand this test, and macsec offload is only lightly related to rtnetlink.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- .../selftests/drivers/net/netdevsim/Makefile | 1 + .../selftests/drivers/net/netdevsim/config | 1 + .../drivers/net/netdevsim/macsec-offload.sh | 63 +++++++++++++++++ tools/testing/selftests/net/rtnetlink.sh | 68 ------------------- 4 files changed, 65 insertions(+), 68 deletions(-) create mode 100755 tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh
diff --git a/tools/testing/selftests/drivers/net/netdevsim/Makefile b/tools/testing/selftests/drivers/net/netdevsim/Makefile index df167c637af9..07b7c46d3311 100644 --- a/tools/testing/selftests/drivers/net/netdevsim/Makefile +++ b/tools/testing/selftests/drivers/net/netdevsim/Makefile @@ -11,6 +11,7 @@ TEST_PROGS = devlink.sh \ fib.sh \ fib_notifications.sh \ hw_stats_l3.sh \ + macsec-offload.sh \ nexthop.sh \ peer.sh \ psample.sh \ diff --git a/tools/testing/selftests/drivers/net/netdevsim/config b/tools/testing/selftests/drivers/net/netdevsim/config index adf45a3a78b4..5117c78ddf0a 100644 --- a/tools/testing/selftests/drivers/net/netdevsim/config +++ b/tools/testing/selftests/drivers/net/netdevsim/config @@ -1,6 +1,7 @@ CONFIG_DUMMY=y CONFIG_GENEVE=m CONFIG_IPV6=y +CONFIG_MACSEC=m CONFIG_NETDEVSIM=m CONFIG_NET_SCH_MQPRIO=y CONFIG_NET_SCH_MULTIQ=y diff --git a/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh new file mode 100755 index 000000000000..7babcfd76b22 --- /dev/null +++ b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh @@ -0,0 +1,63 @@ +#!/bin/bash +# SPDX-License-Identifier: GPL-2.0-only + +source ethtool-common.sh + +NSIM_NETDEV=$(make_netdev) +MACSEC_NETDEV=macsec_nsim + +set -o pipefail + +if ! ethtool -k $NSIM_NETDEV | grep -q 'macsec-hw-offload: on'; then + echo "SKIP: netdevsim doesn't support MACsec offload" + exit 4 +fi + +if ! ip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec offload mac 2>/dev/null; then + echo "SKIP: couldn't create macsec device" + exit 4 +fi +ip link del $MACSEC_NETDEV + +# +# test macsec offload API +# + +ip link add link $NSIM_NETDEV "${MACSEC_NETDEV}" type macsec port 4 offload mac +check $? + +ip link add link $NSIM_NETDEV "${MACSEC_NETDEV}2" type macsec address "aa:bb:cc:dd:ee:ff" port 5 offload mac +check $? + +ip link add link $NSIM_NETDEV "${MACSEC_NETDEV}3" type macsec sci abbacdde01020304 offload mac +check $? + +ip link add link $NSIM_NETDEV "${MACSEC_NETDEV}4" type macsec port 8 offload mac 2> /dev/null +check $? '' '' 1 + +ip macsec add "${MACSEC_NETDEV}" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 +check $? + +ip macsec add "${MACSEC_NETDEV}" rx port 1234 address "1c:ed:de:ad:be:ef" +check $? + +ip macsec add "${MACSEC_NETDEV}" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on \ + key 00 0123456789abcdef0123456789abcdef +check $? + +ip macsec add "${MACSEC_NETDEV}" rx port 1235 address "1c:ed:de:ad:be:ef" 2> /dev/null +check $? '' '' 1 + +for dev in ${MACSEC_NETDEV}{,2,3} ; do + ip link del $dev + check $? +done + + +if [ $num_errors -eq 0 ]; then + echo "PASSED all $((num_passes)) checks" + exit 0 +else + echo "FAILED $num_errors/$((num_errors+num_passes)) checks" + exit 1 +fi diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftests/net/rtnetlink.sh index 87dce3efe31e..d28b7e0ca205 100755 --- a/tools/testing/selftests/net/rtnetlink.sh +++ b/tools/testing/selftests/net/rtnetlink.sh @@ -21,7 +21,6 @@ ALL_TESTS=" kci_test_vrf kci_test_encap kci_test_macsec - kci_test_macsec_offload kci_test_ipsec kci_test_ipsec_offload kci_test_fdb_get @@ -559,73 +558,6 @@ kci_test_macsec() end_test "PASS: macsec" }
-kci_test_macsec_offload() -{ - sysfsd=/sys/kernel/debug/netdevsim/netdevsim0/ports/0/ - sysfsnet=/sys/bus/netdevsim/devices/netdevsim0/net/ - probed=false - local ret=0 - run_cmd_grep "^Usage: ip macsec" ip macsec help - if [ $? -ne 0 ]; then - end_test "SKIP: macsec: iproute2 too old" - return $ksft_skip - fi - - if ! mount | grep -q debugfs; then - mount -t debugfs none /sys/kernel/debug/ &> /dev/null - fi - - # setup netdevsim since dummydev doesn't have offload support - if [ ! -w /sys/bus/netdevsim/new_device ] ; then - run_cmd modprobe -q netdevsim - - if [ $ret -ne 0 ]; then - end_test "SKIP: macsec_offload can't load netdevsim" - return $ksft_skip - fi - probed=true - fi - - echo "0" > /sys/bus/netdevsim/new_device - while [ ! -d $sysfsnet ] ; do :; done - udevadm settle - dev=`ls $sysfsnet` - - ip link set $dev up - if [ ! -d $sysfsd ] ; then - end_test "FAIL: macsec_offload can't create device $dev" - return 1 - fi - run_cmd_grep 'macsec-hw-offload: on' ethtool -k $dev - if [ $? -eq 1 ] ; then - end_test "FAIL: macsec_offload netdevsim doesn't support MACsec offload" - return 1 - fi - run_cmd ip link add link $dev kci_macsec1 type macsec port 4 offload mac - run_cmd ip link add link $dev kci_macsec2 type macsec address "aa:bb:cc:dd:ee:ff" port 5 offload mac - run_cmd ip link add link $dev kci_macsec3 type macsec sci abbacdde01020304 offload mac - run_cmd_fail ip link add link $dev kci_macsec4 type macsec port 8 offload mac - - msname=kci_macsec1 - run_cmd ip macsec add "$msname" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 - run_cmd ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" - run_cmd ip macsec add "$msname" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on \ - key 00 0123456789abcdef0123456789abcdef - run_cmd_fail ip macsec add "$msname" rx port 1235 address "1c:ed:de:ad:be:ef" - # clean up any leftovers - for msdev in kci_macsec{1,2,3,4} ; do - ip link del $msdev 2> /dev/null - done - echo 0 > /sys/bus/netdevsim/del_device - $probed && rmmod netdevsim - - if [ $ret -ne 0 ]; then - end_test "FAIL: macsec_offload" - return 1 - fi - end_test "PASS: macsec_offload" -} - #------------------------------------------------------------------- # Example commands # ip x s add proto esp src 14.0.0.52 dst 14.0.0.70 \
On Thu, Nov 07, 2024 at 12:13:32AM +0100, Sabrina Dubroca wrote:
We're going to expand this test, and macsec offload is only lightly related to rtnetlink.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
The test verifies that toggling offload works (both via rtnetlink and macsec's genetlink APIs). This is only possible when no SA is configured.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- .../drivers/net/netdevsim/macsec-offload.sh | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+)
diff --git a/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh index 7babcfd76b22..1f2775846ea0 100755 --- a/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh +++ b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh @@ -48,6 +48,27 @@ check $? ip macsec add "${MACSEC_NETDEV}" rx port 1235 address "1c:ed:de:ad:be:ef" 2> /dev/null check $? '' '' 1
+# can't disable macsec offload when SAs are configured +ip link set "${MACSEC_NETDEV}" type macsec offload off 2> /dev/null +check $? '' '' 1 + +ip macsec offload "${MACSEC_NETDEV}" off 2> /dev/null +check $? '' '' 1 + +# toggle macsec offload via rtnetlink +ip link set "${MACSEC_NETDEV}2" type macsec offload off +check $? + +ip link set "${MACSEC_NETDEV}2" type macsec offload mac +check $? + +# toggle macsec offload via genetlink +ip macsec offload "${MACSEC_NETDEV}2" off +check $? + +ip macsec offload "${MACSEC_NETDEV}2" mac +check $? + for dev in ${MACSEC_NETDEV}{,2,3} ; do ip link del $dev check $?
On Thu, Nov 07, 2024 at 12:13:33AM +0100, Sabrina Dubroca wrote:
The test verifies that toggling offload works (both via rtnetlink and macsec's genetlink APIs). This is only possible when no SA is configured.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
The test verifies that available features aren't changed by toggling offload on the device. Creating a device with offload off and then enabling it later should result in the same features as creating the device with offload enabled directly.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net --- .../drivers/net/netdevsim/macsec-offload.sh | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+)
diff --git a/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh index 1f2775846ea0..98033e6667d2 100755 --- a/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh +++ b/tools/testing/selftests/drivers/net/netdevsim/macsec-offload.sh @@ -75,6 +75,39 @@ for dev in ${MACSEC_NETDEV}{,2,3} ; do done
+# +# test ethtool features when toggling offload +# + +ip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec offload mac +TMP_FEATS_ON_1="$(ethtool -k $MACSEC_NETDEV)" + +ip link set $MACSEC_NETDEV type macsec offload off +TMP_FEATS_OFF_1="$(ethtool -k $MACSEC_NETDEV)" + +ip link set $MACSEC_NETDEV type macsec offload mac +TMP_FEATS_ON_2="$(ethtool -k $MACSEC_NETDEV)" + +[ "$TMP_FEATS_ON_1" = "$TMP_FEATS_ON_2" ] +check $? + +ip link del $MACSEC_NETDEV + +ip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec +check $? + +TMP_FEATS_OFF_2="$(ethtool -k $MACSEC_NETDEV)" +[ "$TMP_FEATS_OFF_1" = "$TMP_FEATS_OFF_2" ] +check $? + +ip link set $MACSEC_NETDEV type macsec offload mac +check $? + +TMP_FEATS_ON_3="$(ethtool -k $MACSEC_NETDEV)" +[ "$TMP_FEATS_ON_1" = "$TMP_FEATS_ON_3" ] +check $? + + if [ $num_errors -eq 0 ]; then echo "PASSED all $((num_passes)) checks" exit 0
On Thu, Nov 07, 2024 at 12:13:34AM +0100, Sabrina Dubroca wrote:
The test verifies that available features aren't changed by toggling offload on the device. Creating a device with offload off and then enabling it later should result in the same features as creating the device with offload enabled directly.
Signed-off-by: Sabrina Dubroca sd@queasysnail.net
Reviewed-by: Simon Horman horms@kernel.org
Hello:
This series was applied to netdev/net-next.git (main) by Jakub Kicinski kuba@kernel.org:
On Thu, 7 Nov 2024 00:13:26 +0100 you wrote:
When macsec is offloaded to a NIC, we can take advantage of some of its features, mainly TSO and checksumming. This increases performance significantly. Some features cannot be inherited, because they require additional ops that aren't provided by the macsec netdevice.
We also need to inherit TSO limits from the lower device, like VLAN/macvlan devices do.
[...]
Here is the summary with links: - [net-next,1/8] netdevsim: add more hw_features https://git.kernel.org/netdev/net-next/c/494bd83bb519 - [net-next,2/8] selftests: netdevsim: add a test checking ethtool features https://git.kernel.org/netdev/net-next/c/0189270117c3 - [net-next,3/8] macsec: add some of the lower device's features when offloading https://git.kernel.org/netdev/net-next/c/bd97c29f7e9e - [net-next,4/8] macsec: clean up local variables in macsec_notify https://git.kernel.org/netdev/net-next/c/f29d24a2106a - [net-next,5/8] macsec: inherit lower device's TSO limits when offloading https://git.kernel.org/netdev/net-next/c/de187a390838 - [net-next,6/8] selftests: move macsec offload tests from net/rtnetlink to drivers/net/netdvesim https://git.kernel.org/netdev/net-next/c/415b7cef1c73 - [net-next,7/8] selftests: netdevsim: add test toggling macsec offload https://git.kernel.org/netdev/net-next/c/29084ea5d0e8 - [net-next,8/8] selftests: netdevsim: add ethtool features to macsec offload tests https://git.kernel.org/netdev/net-next/c/0f8800eb67ae
You are awesome, thank you!
linux-kselftest-mirror@lists.linaro.org
-
patchwork-bot+netdevbpf@kernel.org -
Sabrina Dubroca -
Simon Horman