1415b7cefSSabrina Dubroca#!/bin/bash 2415b7cefSSabrina Dubroca# SPDX-License-Identifier: GPL-2.0-only 3415b7cefSSabrina Dubroca 4415b7cefSSabrina Dubrocasource ethtool-common.sh 5415b7cefSSabrina Dubroca 6415b7cefSSabrina DubrocaNSIM_NETDEV=$(make_netdev) 7415b7cefSSabrina DubrocaMACSEC_NETDEV=macsec_nsim 8415b7cefSSabrina Dubroca 9415b7cefSSabrina Dubrocaset -o pipefail 10415b7cefSSabrina Dubroca 11415b7cefSSabrina Dubrocaif ! ethtool -k $NSIM_NETDEV | grep -q 'macsec-hw-offload: on'; then 12415b7cefSSabrina Dubroca echo "SKIP: netdevsim doesn't support MACsec offload" 13415b7cefSSabrina Dubroca exit 4 14415b7cefSSabrina Dubrocafi 15415b7cefSSabrina Dubroca 16415b7cefSSabrina Dubrocaif ! ip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec offload mac 2>/dev/null; then 17415b7cefSSabrina Dubroca echo "SKIP: couldn't create macsec device" 18415b7cefSSabrina Dubroca exit 4 19415b7cefSSabrina Dubrocafi 20415b7cefSSabrina Dubrocaip link del $MACSEC_NETDEV 21415b7cefSSabrina Dubroca 22415b7cefSSabrina Dubroca# 23415b7cefSSabrina Dubroca# test macsec offload API 24415b7cefSSabrina Dubroca# 25415b7cefSSabrina Dubroca 26415b7cefSSabrina Dubrocaip link add link $NSIM_NETDEV "${MACSEC_NETDEV}" type macsec port 4 offload mac 27415b7cefSSabrina Dubrocacheck $? 28415b7cefSSabrina Dubroca 29415b7cefSSabrina Dubrocaip link add link $NSIM_NETDEV "${MACSEC_NETDEV}2" type macsec address "aa:bb:cc:dd:ee:ff" port 5 offload mac 30415b7cefSSabrina Dubrocacheck $? 31415b7cefSSabrina Dubroca 32415b7cefSSabrina Dubrocaip link add link $NSIM_NETDEV "${MACSEC_NETDEV}3" type macsec sci abbacdde01020304 offload mac 33415b7cefSSabrina Dubrocacheck $? 34415b7cefSSabrina Dubroca 35415b7cefSSabrina Dubrocaip link add link $NSIM_NETDEV "${MACSEC_NETDEV}4" type macsec port 8 offload mac 2> /dev/null 36415b7cefSSabrina Dubrocacheck $? '' '' 1 37415b7cefSSabrina Dubroca 38415b7cefSSabrina Dubrocaip macsec add "${MACSEC_NETDEV}" tx sa 0 pn 1024 on key 01 12345678901234567890123456789012 39415b7cefSSabrina Dubrocacheck $? 40415b7cefSSabrina Dubroca 41415b7cefSSabrina Dubrocaip macsec add "${MACSEC_NETDEV}" rx port 1234 address "1c:ed:de:ad:be:ef" 42415b7cefSSabrina Dubrocacheck $? 43415b7cefSSabrina Dubroca 44415b7cefSSabrina Dubrocaip macsec add "${MACSEC_NETDEV}" rx port 1234 address "1c:ed:de:ad:be:ef" sa 0 pn 1 on \ 45415b7cefSSabrina Dubroca key 00 0123456789abcdef0123456789abcdef 46415b7cefSSabrina Dubrocacheck $? 47415b7cefSSabrina Dubroca 48415b7cefSSabrina Dubrocaip macsec add "${MACSEC_NETDEV}" rx port 1235 address "1c:ed:de:ad:be:ef" 2> /dev/null 49415b7cefSSabrina Dubrocacheck $? '' '' 1 50415b7cefSSabrina Dubroca 5129084ea5SSabrina Dubroca# can't disable macsec offload when SAs are configured 5229084ea5SSabrina Dubrocaip link set "${MACSEC_NETDEV}" type macsec offload off 2> /dev/null 5329084ea5SSabrina Dubrocacheck $? '' '' 1 5429084ea5SSabrina Dubroca 5529084ea5SSabrina Dubrocaip macsec offload "${MACSEC_NETDEV}" off 2> /dev/null 5629084ea5SSabrina Dubrocacheck $? '' '' 1 5729084ea5SSabrina Dubroca 5829084ea5SSabrina Dubroca# toggle macsec offload via rtnetlink 5929084ea5SSabrina Dubrocaip link set "${MACSEC_NETDEV}2" type macsec offload off 6029084ea5SSabrina Dubrocacheck $? 6129084ea5SSabrina Dubroca 6229084ea5SSabrina Dubrocaip link set "${MACSEC_NETDEV}2" type macsec offload mac 6329084ea5SSabrina Dubrocacheck $? 6429084ea5SSabrina Dubroca 6529084ea5SSabrina Dubroca# toggle macsec offload via genetlink 6629084ea5SSabrina Dubrocaip macsec offload "${MACSEC_NETDEV}2" off 6729084ea5SSabrina Dubrocacheck $? 6829084ea5SSabrina Dubroca 6929084ea5SSabrina Dubrocaip macsec offload "${MACSEC_NETDEV}2" mac 7029084ea5SSabrina Dubrocacheck $? 7129084ea5SSabrina Dubroca 72415b7cefSSabrina Dubrocafor dev in ${MACSEC_NETDEV}{,2,3} ; do 73415b7cefSSabrina Dubroca ip link del $dev 74415b7cefSSabrina Dubroca check $? 75415b7cefSSabrina Dubrocadone 76415b7cefSSabrina Dubroca 77415b7cefSSabrina Dubroca 78*0f8800ebSSabrina Dubroca# 79*0f8800ebSSabrina Dubroca# test ethtool features when toggling offload 80*0f8800ebSSabrina Dubroca# 81*0f8800ebSSabrina Dubroca 82*0f8800ebSSabrina Dubrocaip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec offload mac 83*0f8800ebSSabrina DubrocaTMP_FEATS_ON_1="$(ethtool -k $MACSEC_NETDEV)" 84*0f8800ebSSabrina Dubroca 85*0f8800ebSSabrina Dubrocaip link set $MACSEC_NETDEV type macsec offload off 86*0f8800ebSSabrina DubrocaTMP_FEATS_OFF_1="$(ethtool -k $MACSEC_NETDEV)" 87*0f8800ebSSabrina Dubroca 88*0f8800ebSSabrina Dubrocaip link set $MACSEC_NETDEV type macsec offload mac 89*0f8800ebSSabrina DubrocaTMP_FEATS_ON_2="$(ethtool -k $MACSEC_NETDEV)" 90*0f8800ebSSabrina Dubroca 91*0f8800ebSSabrina Dubroca[ "$TMP_FEATS_ON_1" = "$TMP_FEATS_ON_2" ] 92*0f8800ebSSabrina Dubrocacheck $? 93*0f8800ebSSabrina Dubroca 94*0f8800ebSSabrina Dubrocaip link del $MACSEC_NETDEV 95*0f8800ebSSabrina Dubroca 96*0f8800ebSSabrina Dubrocaip link add link $NSIM_NETDEV $MACSEC_NETDEV type macsec 97*0f8800ebSSabrina Dubrocacheck $? 98*0f8800ebSSabrina Dubroca 99*0f8800ebSSabrina DubrocaTMP_FEATS_OFF_2="$(ethtool -k $MACSEC_NETDEV)" 100*0f8800ebSSabrina Dubroca[ "$TMP_FEATS_OFF_1" = "$TMP_FEATS_OFF_2" ] 101*0f8800ebSSabrina Dubrocacheck $? 102*0f8800ebSSabrina Dubroca 103*0f8800ebSSabrina Dubrocaip link set $MACSEC_NETDEV type macsec offload mac 104*0f8800ebSSabrina Dubrocacheck $? 105*0f8800ebSSabrina Dubroca 106*0f8800ebSSabrina DubrocaTMP_FEATS_ON_3="$(ethtool -k $MACSEC_NETDEV)" 107*0f8800ebSSabrina Dubroca[ "$TMP_FEATS_ON_1" = "$TMP_FEATS_ON_3" ] 108*0f8800ebSSabrina Dubrocacheck $? 109*0f8800ebSSabrina Dubroca 110*0f8800ebSSabrina Dubroca 111415b7cefSSabrina Dubrocaif [ $num_errors -eq 0 ]; then 112415b7cefSSabrina Dubroca echo "PASSED all $((num_passes)) checks" 113415b7cefSSabrina Dubroca exit 0 114415b7cefSSabrina Dubrocaelse 115415b7cefSSabrina Dubroca echo "FAILED $num_errors/$((num_errors+num_passes)) checks" 116415b7cefSSabrina Dubroca exit 1 117415b7cefSSabrina Dubrocafi 118