From: Igor Russkikh <Igor.Russkikh@aquantia.com>
To: "dev@dpdk.org" <dev@dpdk.org>
Cc: Pavel Belous <Pavel.Belous@aquantia.com>,
Wenzhuo Lu <wenzhuo.lu@intel.com>,
Jingjing Wu <jingjing.wu@intel.com>,
Bernard Iremonger <bernard.iremonger@intel.com>,
John McNamara <john.mcnamara@intel.com>,
Marko Kovacevic <marko.kovacevic@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Ferruh Yigit <ferruh.yigit@intel.com>,
Andrew Rybchenko <arybchenko@solarflare.com>,
Igor Russkikh <Igor.Russkikh@aquantia.com>
Subject: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Date: Wed, 10 Apr 2019 11:18:40 +0000 [thread overview]
Message-ID: <69b3fcf19cb3e11fae93281f40a1bbc0ec5a2e38.1554894242.git.igor.russkikh@aquantia.com> (raw)
Message-ID: <20190410111840.GC2naZWD4KVYvrm-cOpoJWrwmetynW4lX1g90YoK7s0@z> (raw)
In-Reply-To: <cover.1554894242.git.igor.russkikh@aquantia.com>
MACSEC related device ops, API and parameters are taken from the
existing ixgbe PMD ops
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
---
lib/librte_ethdev/rte_ethdev.c | 87 +++++++++++++++++++++
lib/librte_ethdev/rte_ethdev.h | 115 ++++++++++++++++++++++++++++
lib/librte_ethdev/rte_ethdev_core.h | 23 ++++++
3 files changed, 225 insertions(+)
diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 243beb4dd5ef..315c31dc667d 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -4367,6 +4367,93 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool)
return (*dev->dev_ops->pool_ops_supported)(dev, pool);
}
+int
+rte_eth_macsec_enable(uint16_t port_id,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_enable, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_enable)
+ (dev, encr, repl_prot));
+}
+
+int
+rte_eth_macsec_disable(uint16_t port_id)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_disable, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_disable)
+ (dev));
+}
+
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+ uint8_t *mac, uint16_t pi)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_rxsc, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_config_rxsc)
+ (dev, mac, pi));
+}
+
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+ uint8_t *mac)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_txsc, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_config_txsc)
+ (dev, mac));
+}
+
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_rxsa, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_select_rxsa)
+ (dev, idx, an, pn, key));
+}
+
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_txsa, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_select_txsa)
+ (dev, idx, an, pn, key));
+}
+
+
+
/**
* A set of values to describe the possible states of a switch domain.
*/
diff --git a/lib/librte_ethdev/rte_ethdev.h b/lib/librte_ethdev/rte_ethdev.h
index 40a068fe8337..0e4e889653ad 100644
--- a/lib/librte_ethdev/rte_ethdev.h
+++ b/lib/librte_ethdev/rte_ethdev.h
@@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
void *
rte_eth_dev_get_sec_ctx(uint16_t port_id);
+/**
+ * Enable MACsec offload.
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param encr
+ * 1 - Enable encryption (encrypt and add integrity signature).
+ * 0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ * 1 - Enable replay protection.
+ * 0 - Disable replay protection.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_enable(uint16_t port_id,
+ uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_disable(uint16_t port_id);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the remote side.
+ * @param pi
+ * The PI (port identifier) on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+ uint8_t *mac, uint16_t pi);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+ uint8_t *mac);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1)
+ * @param an
+ * The association number on the remote side.
+ * @param pn
+ * The packet number on the remote side.
+ * @param key
+ * The key on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1).
+ * @param an
+ * The association number on the local side.
+ * @param pn
+ * The packet number on the local side.
+ * @param key
+ * The key on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
#include <rte_ethdev_core.h>
diff --git a/lib/librte_ethdev/rte_ethdev_core.h b/lib/librte_ethdev/rte_ethdev_core.h
index 8f03f83f62cf..6434a9065756 100644
--- a/lib/librte_ethdev/rte_ethdev_core.h
+++ b/lib/librte_ethdev/rte_ethdev_core.h
@@ -377,6 +377,20 @@ typedef int (*eth_pool_ops_supported_t)(struct rte_eth_dev *dev,
const char *pool);
/**< @internal Test if a port supports specific mempool ops */
+typedef int (*eth_macsec_enable_t)(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot);
+typedef int (*eth_macsec_disable_t)(struct rte_eth_dev *dev);
+typedef int (*eth_macsec_config_rxsc_t)(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+typedef int (*eth_macsec_config_txsc_t)(struct rte_eth_dev *dev,
+ uint8_t *mac);
+typedef int (*eth_macsec_select_rxsa_t)(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+typedef int (*eth_macsec_select_txsa_t)(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
/**
* @internal A structure containing the functions exported by an Ethernet driver.
*/
@@ -509,6 +523,15 @@ struct eth_dev_ops {
eth_pool_ops_supported_t pool_ops_supported;
/**< Test if a port supports specific mempool ops */
+
+ eth_macsec_enable_t macsec_enable; /** macsec function enable */
+ eth_macsec_disable_t macsec_disable; /** macsec function disable */
+ eth_macsec_config_rxsc_t macsec_config_rxsc; /** macsec configure rx */
+ eth_macsec_config_txsc_t macsec_config_txsc; /** macsec configure tx */
+ eth_macsec_select_rxsa_t macsec_select_rxsa;
+ /** macsec select rx security association */
+ eth_macsec_select_txsa_t macsec_select_txsa;
+ /** macsec select tx security association */
};
/**
--
2.17.1
next prev parent reply other threads:[~2019-04-10 11:18 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh [this message]
2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
2019-04-10 11:46 ` Thomas Monjalon
2019-04-10 11:46 ` Thomas Monjalon
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 21:15 ` Thomas Monjalon
2019-04-11 21:15 ` Thomas Monjalon
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 18:26 ` Ferruh Yigit
2019-04-12 18:26 ` Ferruh Yigit
2019-04-13 7:24 ` Igor Russkikh
2019-04-13 7:24 ` Igor Russkikh
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:19 ` Igor Russkikh
2019-04-16 10:19 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
2019-04-10 11:18 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
2019-04-10 11:19 ` Igor Russkikh
2019-04-10 11:47 ` Thomas Monjalon
2019-04-10 11:47 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=69b3fcf19cb3e11fae93281f40a1bbc0ec5a2e38.1554894242.git.igor.russkikh@aquantia.com \
--to=igor.russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=arybchenko@solarflare.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=ferruh.yigit@intel.com \
--cc=jingjing.wu@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=marko.kovacevic@intel.com \
--cc=thomas@monjalon.net \
--cc=wenzhuo.lu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).