From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B2F82A00C4;
	Wed, 28 Sep 2022 14:23:07 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 5CA464113D;
	Wed, 28 Sep 2022 14:23:07 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com
 [67.231.148.174])
 by mails.dpdk.org (Postfix) with ESMTP id 160A14113C
 for <dev@dpdk.org>; Wed, 28 Sep 2022 14:23:05 +0200 (CEST)
Received: from pps.filterd (m0045849.ppops.net [127.0.0.1])
 by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28SA4tNu003258;
 Wed, 28 Sep 2022 05:23:04 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=q5dJldE1CA8TfsCZ/H5YAOEKvIJeX4vXoDvqJOk070U=;
 b=BT8IfeWwu3LtwOg2tugYcQyvBTToOa1fCQH0+GirKyiSFTQcnmoG6h8AW0TxdXIy3+2/
 uZPXfMmgOUXuxWl8LzTfv3fkRgLz3OqftmyM8SBtIIDeHL5+Bam5oREZbPi1MY/V3Rrh
 rApmnDch2d3RPGGSRoOj2xJxd0OEsyTlGncUANtSdoFZRkU2GBk9SZc3vHfaxw9CGui6
 FBDvmwl2x1TjxgnhpznnRKTYefTgTx+eMKaiEIOjdlziwVDHslQfVGT33ZY+GX2CMTH7
 ZbPPlBCSnR7EyfW6Az4Fke+cznPmgqK5Q/9xqYhFkldJSrf63O5QRGlj/CcavJDtmctt lw== 
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jvjkk8q9b-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 28 Sep 2022 05:23:04 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Wed, 28 Sep 2022 05:23:02 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Wed, 28 Sep 2022 05:23:02 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 8DF253F7106;
 Wed, 28 Sep 2022 05:22:57 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,
 <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,
 <vattunuru@marvell.com>, <ferruh.yigit@xilinx.com>,
 <andrew.rybchenko@oktetlabs.ru>, <konstantin.v.ananyev@yandex.ru>,
 <jiawenwu@trustnetic.com>, <yisen.zhuang@huawei.com>,
 <irusskikh@marvell.com>, <qiming.yang@intel.com>, <jerinj@marvell.com>,
 <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 0/3] security: support MACsec
Date: Wed, 28 Sep 2022 17:52:50 +0530
Message-ID: <20220928122253.23108-1-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20220814184620.512343-1-gakhil@marvell.com>
References: <20220814184620.512343-1-gakhil@marvell.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Proofpoint-GUID: ssykUVHqVXOQMZOS0UXEJTXFeKzdeMP2
X-Proofpoint-ORIG-GUID: ssykUVHqVXOQMZOS0UXEJTXFeKzdeMP2
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1
 definitions=2022-09-28_05,2022-09-28_01,2022-06-22_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

Added support for MACsec in rte_security for offloading
MACsec Protocol operation to inline NIC device or a crypto device.

To support MACsec we cannot just make one security session and
send with the packet to process it. MACsec specifications suggest,
it can have 3 different entities - SECY Entity, SC(secure channel) and
SA(security association). And same SA can be used by multiple SCs and
similarly many SECY can have same SCs. Hence, in order to support this
many to one relationships between all entities, 2 new APIs are created -
rte_security_macsec_sc_create and rte_security_sa_create.
Flow of execution of the APIs would be as
- rte_security_macsec_sa_create
- rte_security_macsec_sc_create
- rte_security_session_create(for secy)
And in case of inline protocol processing rte_flow can be created with
rte_security action similar to IPsec flows except that the flow item
will be MACsec instead of IPsec.

A new flow item is added for MACsec header and a set of events are added
to specify the errors occurred during inline protocol processing.

New APIs are also created for getting SC and SA stats.

Patches for PMD implementation and test app are submitted separately
which can be separately applied after RC1.

Changes in v2:
- Incorporated comments from Olivier except the one to split tci_an into
  bitfields.
- added release notes and removed deprecation notice.
- added some missing fields in rte_security patch.


Akhil Goyal (3):
  net: add MACsec header
  ethdev: add MACsec flow item
  security: support MACsec

 doc/api/doxy-api-index.md              |   3 +-
 doc/guides/prog_guide/rte_security.rst | 107 ++++++-
 doc/guides/rel_notes/deprecation.rst   |   5 -
 doc/guides/rel_notes/release_22_11.rst |  10 +
 lib/ethdev/rte_ethdev.h                |  55 ++++
 lib/ethdev/rte_flow.h                  |  18 ++
 lib/net/meson.build                    |   1 +
 lib/net/rte_macsec.h                   |  61 ++++
 lib/security/rte_security.c            |  86 ++++++
 lib/security/rte_security.h            | 370 ++++++++++++++++++++++++-
 lib/security/rte_security_driver.h     |  86 ++++++
 lib/security/version.map               |   6 +
 12 files changed, 789 insertions(+), 19 deletions(-)
 create mode 100644 lib/net/rte_macsec.h

-- 
2.25.1