Re: wpa_supplicant triggers macsec_newlink without config data for hardware offload module

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello, all,

First minor correction: using strace, I observed that "macsec_newlink"
is triggered from "macsec_create_transmit_sc", rather than from
"macsec_drv_macsec_init" (the latter only prepares some initial
settings without actually sending a message). That said,
"macsec_newlink" is still invoked with offloading unset, so all calls
to "macsec_is_offloading" remain false.

Reviewing the relevant changes in git history:

In the initial commit 3cf3227a21d1fb020fe26128e60321bd2151e922 ("net:
macsec: hardware offloading infrastructure"), MACsec offloading was
hardcoded to be off by default in macsec_newlink:

/* MACsec offloading is off by default */
macsec->offload = MACSEC_OFFLOAD_OFF;

At that time, I guess it had to be manually set with OFFLOAD_PHY.

Later, commit dcb780fb279514f268826f2e9f4df3bc75610703 ("net: macsec:
add nla support for changing the offloading selection") introduced NLA
support (macsec_upd_offload), making the offload selection switchable
and calling mdo_add_secy or mdo_del_secy as needed.
Subsequently, commit 791bb3fcafcedd11f9066da9fee9342ecb6904d0 ("net:
macsec: add support for specifying offload upon link creation") made
offload configurable, but it is still set at macsec_newlink.

I believe all these flows have been well tested with iproute2. To
support wpa_supplicant, there are two possible ways to address the
issue:

1) Fix the missing offload at the first newlink message.
2) Keep the current flow in wpa_supplicant, but detect offload config
change in macsec.c (change_link_common) and handle it similarly to
macsec_upd_offload.

Between the two, I favor the first option as it is simpler and more
appropriate for where the change should occur. The patch is
straightforward:

--- wpa_supplicant-2.11/src/drivers/driver_macsec_linux.c
2024-07-20 20:04:37.000000000 +0200
+++ wpa_supplicant-2.11_new/src/drivers/driver_macsec_linux.c
2025-07-17 17:05:47.118890103 +0200
@@ -1176,10 +1176,18 @@
                return -1;
        }

        rtnl_link_set_link(link, drv->parent_ifi);

+       #ifdef LIBNL_HAS_OFFLOAD
+       if (drv->offload_set) {
+               wpa_printf(MSG_DEBUG, DRV_PREFIX
+                          "setting offload=%d", drv->offload);
+           rtnl_link_macsec_set_offload(link, drv->offload);
+       }
+    #endif /* LIBNL_HAS_OFFLOAD */
+
        sci = mka_sci_u64(&sc->sci);
        rtnl_link_macsec_set_sci(link, sci);

        drv->created_link = true;

Any feedback or comments are appreciated :-)

Best regards,
Beilu

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux