From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B2F82A00C4; Wed, 28 Sep 2022 14:23:07 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 5CA464113D; Wed, 28 Sep 2022 14:23:07 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 160A14113C for ; Wed, 28 Sep 2022 14:23:05 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28SA4tNu003258; Wed, 28 Sep 2022 05:23:04 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=q5dJldE1CA8TfsCZ/H5YAOEKvIJeX4vXoDvqJOk070U=; b=BT8IfeWwu3LtwOg2tugYcQyvBTToOa1fCQH0+GirKyiSFTQcnmoG6h8AW0TxdXIy3+2/ uZPXfMmgOUXuxWl8LzTfv3fkRgLz3OqftmyM8SBtIIDeHL5+Bam5oREZbPi1MY/V3Rrh rApmnDch2d3RPGGSRoOj2xJxd0OEsyTlGncUANtSdoFZRkU2GBk9SZc3vHfaxw9CGui6 FBDvmwl2x1TjxgnhpznnRKTYefTgTx+eMKaiEIOjdlziwVDHslQfVGT33ZY+GX2CMTH7 ZbPPlBCSnR7EyfW6Az4Fke+cznPmgqK5Q/9xqYhFkldJSrf63O5QRGlj/CcavJDtmctt lw== Received: from dc5-exch01.marvell.com ([199.233.59.181]) by mx0a-0016f401.pphosted.com (PPS) with ESMTPS id 3jvjkk8q9b-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 28 Sep 2022 05:23:04 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 28 Sep 2022 05:23:02 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 28 Sep 2022 05:23:02 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id 8DF253F7106; Wed, 28 Sep 2022 05:22:57 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , Akhil Goyal Subject: [PATCH v2 0/3] security: support MACsec Date: Wed, 28 Sep 2022 17:52:50 +0530 Message-ID: <20220928122253.23108-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220814184620.512343-1-gakhil@marvell.com> References: <20220814184620.512343-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-GUID: ssykUVHqVXOQMZOS0UXEJTXFeKzdeMP2 X-Proofpoint-ORIG-GUID: ssykUVHqVXOQMZOS0UXEJTXFeKzdeMP2 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-28_05,2022-09-28_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added support for MACsec in rte_security for offloading MACsec Protocol operation to inline NIC device or a crypto device. To support MACsec we cannot just make one security session and send with the packet to process it. MACsec specifications suggest, it can have 3 different entities - SECY Entity, SC(secure channel) and SA(security association). And same SA can be used by multiple SCs and similarly many SECY can have same SCs. Hence, in order to support this many to one relationships between all entities, 2 new APIs are created - rte_security_macsec_sc_create and rte_security_sa_create. Flow of execution of the APIs would be as - rte_security_macsec_sa_create - rte_security_macsec_sc_create - rte_security_session_create(for secy) And in case of inline protocol processing rte_flow can be created with rte_security action similar to IPsec flows except that the flow item will be MACsec instead of IPsec. A new flow item is added for MACsec header and a set of events are added to specify the errors occurred during inline protocol processing. New APIs are also created for getting SC and SA stats. Patches for PMD implementation and test app are submitted separately which can be separately applied after RC1. Changes in v2: - Incorporated comments from Olivier except the one to split tci_an into bitfields. - added release notes and removed deprecation notice. - added some missing fields in rte_security patch. Akhil Goyal (3): net: add MACsec header ethdev: add MACsec flow item security: support MACsec doc/api/doxy-api-index.md | 3 +- doc/guides/prog_guide/rte_security.rst | 107 ++++++- doc/guides/rel_notes/deprecation.rst | 5 - doc/guides/rel_notes/release_22_11.rst | 10 + lib/ethdev/rte_ethdev.h | 55 ++++ lib/ethdev/rte_flow.h | 18 ++ lib/net/meson.build | 1 + lib/net/rte_macsec.h | 61 ++++ lib/security/rte_security.c | 86 ++++++ lib/security/rte_security.h | 370 ++++++++++++++++++++++++- lib/security/rte_security_driver.h | 86 ++++++ lib/security/version.map | 6 + 12 files changed, 789 insertions(+), 19 deletions(-) create mode 100644 lib/net/rte_macsec.h -- 2.25.1