Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24337

[RFE] Support MACSec offload in NetworkManager

    • NetworkManager-1.46.0-1.el9
    • Normal
    • 1
    • sst_network_management
    • ssg_networking
    • 28
    • 2
    • False
    • Hide

      None

      Show
      None
    • Yes
    • NMT - Last NMT changes
    • Hide

      Given a system administrator configuring system with NetworkManager and a NIC capable of MACSec offload,
      When they configure MACSec offload through NetworkManager,
      Then NetworkManager should successfully apply the MACSec offload configuration by interacting with wpa_supplicant

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The fix is part of a downstream build attached to an errata
      • The initial text for this enhancement in the feature-reason-result format (More details here)
      Show
      Given a system administrator configuring system with NetworkManager and a NIC capable of MACSec offload, When they configure MACSec offload through NetworkManager, Then NetworkManager should successfully apply the MACSec offload configuration by interacting with wpa_supplicant Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The fix is part of a downstream build attached to an errata The initial text for this enhancement in the feature-reason-result format (More details  here )
    • Pass
    • None
    • Technology Preview
    • Hide
      .NetworkManager and the Nmstate API support MACsec hardware offload

      You can use both NetworkManager and the Nmstate API to enable MACsec hardware offload if the hardware supports this feature. As a result, you can offload MACsec operations, such as encryption, from the CPU to the network interface card.

      Note that this feature is an unsupported Technology Preview.
      Show
      .NetworkManager and the Nmstate API support MACsec hardware offload You can use both NetworkManager and the Nmstate API to enable MACsec hardware offload if the hardware supports this feature. As a result, you can offload MACsec operations, such as encryption, from the CPU to the network interface card. Note that this feature is an unsupported Technology Preview.
    • Done
    • None

      This feature request focuses on enabling NetworkManager (NM) to configure MACSec offload capabilities directly through interactions with wpa_supplicant. The goal is to leverage hardware acceleration for MACSec operations, such as encryption/decryption and anti-replay, by offloading these tasks from the CPU to the Network Interface Card (NIC).

      This ticket is part of RHEL-22899.

      NetworkManager needs to support new configurations related to MACSec offload. This involves parsing and applying settings from:
      https://w1.fi/cgit/hostap/commit/?id=40c139664
      https://w1.fi/cgit/hostap/commit/?id=6d24673ab

            bgalvani@redhat.com Beniamino Galvani
            rh-ee-sfaye Stanislas Faye
            Vladimir Benes
            Beniamino Galvani Beniamino Galvani
            Filip Pokrývka Filip Pokrývka
            Marc Muehlfeld Marc Muehlfeld
            Votes:
            0 Vote for this issue
            Watchers:
            12 Start watching this issue

              Created:
              Updated:
              Resolved: