From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id EBDD3A00C4; Wed, 28 Sep 2022 20:24:24 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 8FFA74113C; Wed, 28 Sep 2022 20:24:24 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 65181410FA for ; Wed, 28 Sep 2022 20:24:22 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28SA51PS027376; Wed, 28 Sep 2022 11:24:21 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : content-type; s=pfpt0220; bh=my/LG8ToLPObnuMJXKu4JCv2jcB6tSA5yPXgrg2GWbo=; b=DWCqV+2ROfD3SzUG+VncB5X55QUsXzCh86an1pxvNsCU0aivI7J+TEATcOQeMj2wQx/k n2JMABGGrQMHlPyCoqKpCemCgKi0ui3AVeUKPLZey5Z79y/N/q8sdY+Vu8lLhGIFkK84 dvJuzy0FwO//nfY2vGcVc12vcKipzQtONwX7lyjR4Br9gf2IbMtDKvnca5+SlKj2DV2P p9KJEMeCUPAeatuLXraWtcyu3RGzHUY9hrcjZOk4jgQz1B4l+OS9f4fdJsKFxdXv7Hxw ae8RvS1qA15E1GDXuLdO7xvGTIQbFbclkY7WdyS/NPr927+8sCFIHbe4HxOIYY2TrRQY /Q== Received: from dc5-exch02.marvell.com ([199.233.59.182]) by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dpfxfb-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 28 Sep 2022 11:24:20 -0700 Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH02.marvell.com (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18; Wed, 28 Sep 2022 11:24:18 -0700 Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend Transport; Wed, 28 Sep 2022 11:24:18 -0700 Received: from localhost.localdomain (unknown [10.28.36.102]) by maili.marvell.com (Postfix) with ESMTP id F17A53F7100; Wed, 28 Sep 2022 11:24:12 -0700 (PDT) From: Akhil Goyal To: CC: , , , , , , , , , , , , , , , Akhil Goyal Subject: [PATCH v3 0/3] security: support MACsec Date: Wed, 28 Sep 2022 23:54:07 +0530 Message-ID: <20220928182410.309053-1-gakhil@marvell.com> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20220928122253.23108-1-gakhil@marvell.com> References: <20220928122253.23108-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain X-Proofpoint-ORIG-GUID: jD1xPGldRIq0JxtGbnzR6piy3qDHty_y X-Proofpoint-GUID: jD1xPGldRIq0JxtGbnzR6piy3qDHty_y X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-28_07,2022-09-28_01,2022-06-22_01 X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Added support for MACsec in rte_security for offloading MACsec Protocol operation to inline NIC device or a crypto device. To support MACsec we cannot just make one security session and send with the packet to process it. MACsec specifications suggest, it can have 3 different entities - SECY Entity, SC(secure channel) and SA(security association). And same SA can be used by multiple SCs and similarly many SECY can have same SCs. Hence, in order to support this many to one relationships between all entities, 2 new APIs are created - rte_security_macsec_sc_create and rte_security_sa_create. Flow of execution of the APIs would be as - rte_security_macsec_sa_create - rte_security_macsec_sc_create - rte_security_session_create(for secy) And in case of inline protocol processing rte_flow can be created with rte_security action similar to IPsec flows except that the flow item will be MACsec instead of IPsec. A new flow item is added for MACsec header and a set of events are added to specify the errors occurred during inline protocol processing. New APIs are also created for getting SC and SA stats. Patches for PMD implementation and test app are submitted separately which can be separately applied after RC1. Changes in v3: - fix doc build in documentation of patch 2/3 - fix checkpatch in patch 3/3 - fix comments - fix namespace in MACsec ethdev events Changes in v2: - Incorporated comments from Olivier except the one to split tci_an into bitfields. - added release notes and removed deprecation notice. - added some missing fields in rte_security patch. Akhil Goyal (3): net: add MACsec header ethdev: add MACsec flow item security: support MACsec doc/api/doxy-api-index.md | 3 +- doc/guides/prog_guide/rte_security.rst | 107 ++++++- doc/guides/rel_notes/deprecation.rst | 5 - doc/guides/rel_notes/release_22_11.rst | 10 + lib/ethdev/rte_ethdev.h | 76 +++++ lib/ethdev/rte_flow.h | 18 ++ lib/net/meson.build | 1 + lib/net/rte_macsec.h | 61 ++++ lib/security/rte_security.c | 86 ++++++ lib/security/rte_security.h | 370 ++++++++++++++++++++++++- lib/security/rte_security_driver.h | 86 ++++++ lib/security/version.map | 6 + 12 files changed, 810 insertions(+), 19 deletions(-) create mode 100644 lib/net/rte_macsec.h -- 2.25.1