Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-24337

[RFE] Support MACSec offload in NetworkManager

    • NetworkManager-1.46.0-1.el9
    • Medium
    • 1
    • rhel-sst-network-management
    • ssg_networking
    • 28
    • 2
    • False
    • Hide

      None

      Show
      None
    • Yes
    • NMT - Last NMT changes
    • Hide

      Given a system administrator configuring system with NetworkManager and a NIC capable of MACSec offload,
      When they configure MACSec offload through NetworkManager,
      Then NetworkManager should successfully apply the MACSec offload configuration by interacting with wpa_supplicant

      Definition of Done:

      • The implementation meets the acceptance criteria
      • Unit test and integration test are written and pass
      • The fix is part of a downstream build attached to an errata
      • The initial text for this enhancement in the feature-reason-result format (More detailsĀ here)
      Show
      Given a system administrator configuring system with NetworkManager and a NIC capable of MACSec offload, When they configure MACSec offload through NetworkManager, Then NetworkManager should successfully apply the MACSec offload configuration by interacting with wpa_supplicant Definition of Done: The implementation meets the acceptance criteria Unit test and integration test are written and pass The fix is part of a downstream build attached to an errata The initial text for this enhancement in the feature-reason-result format (More detailsĀ  here )
    • Pass
    • None
    • Technology Preview
    • Hide
      .NetworkManager and the Nmstate API support MACsec hardware offload

      You can use both NetworkManager and the Nmstate API to enable MACsec hardware offload if the hardware supports this feature. As a result, you can offload MACsec operations, such as encryption, from the CPU to the network interface card.

      Note that this feature is an unsupported Technology Preview.
      Show
      .NetworkManager and the Nmstate API support MACsec hardware offload You can use both NetworkManager and the Nmstate API to enable MACsec hardware offload if the hardware supports this feature. As a result, you can offload MACsec operations, such as encryption, from the CPU to the network interface card. Note that this feature is an unsupported Technology Preview.
    • Done
    • None

      This feature request focuses on enabling NetworkManager (NM) to configure MACSec offload capabilities directly through interactions with wpa_supplicant. The goal is to leverage hardware acceleration for MACSec operations, such as encryption/decryption and anti-replay, by offloading these tasks from the CPU to the Network Interface Card (NIC).

      This ticket is part of RHEL-22899.

      NetworkManager needs to support new configurations related to MACSec offload. This involves parsing and applying settings from:
      https://w1.fi/cgit/hostap/commit/?id=40c139664
      https://w1.fi/cgit/hostap/commit/?id=6d24673ab

              bgalvani@redhat.com Beniamino Galvani
              rh-ee-sfaye Stanislas Faye
              Vladimir Benes
              Beniamino Galvani Beniamino Galvani
              Filip Pokryvka Filip Pokryvka
              Marc Muehlfeld Marc Muehlfeld
              Votes:
              0 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated:
                Resolved: