From patchwork Wed Sep 28 12:22:52 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Akhil Goyal <gakhil@marvell.com>
X-Patchwork-Id: 117049
X-Patchwork-Delegate: thomas@monjalon.net
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 10384A00C4;
	Wed, 28 Sep 2022 14:23:30 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 6FBA2427F3;
	Wed, 28 Sep 2022 14:23:29 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id 0827B427F3
 for <dev@dpdk.org>; Wed, 28 Sep 2022 14:23:26 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id
 28SA52mc027391;
 Wed, 28 Sep 2022 05:23:26 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=8JVWtA/wDuDCGQEOU4Z9VrI7LEsU1vMP7pfvo2l42JQ=;
 b=VksnpXZndVo5fj+QUFFJAfrn9cfxPDsONZ8gVWvO2ngywENB1p8mF5/gr5/m1YyVqiTG
 YFpWiGVXo8ZV56CJ/SW4Hsp+tXp0udPmDi1VZukUrRh2Nlsos4A3peLe4TUfW46IMFWd
 379kTtQNPbGKzi9hRyT4l4U9IjXMSQnIDCmcFSG5cgzOAoVFLcs4k871rG3WBjFL+As+
 cblSeVzw7sAQPZCRpRMv9Rzf7Eq8wAaFWNtra1evOWq1qhXcw7ED9K3UlV68ctQ1gYaY
 fZ3C9AdJ6AJq7GRu11SGxPPP5VRCAwiExZFJyey3Ml3jnDevMJIT5da1QzeIDHQtu8w2 ag==
Received: from dc5-exch01.marvell.com ([199.233.59.181])
 by mx0b-0016f401.pphosted.com (PPS) with ESMTPS id 3jt1dpee0x-2
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 28 Sep 2022 05:23:26 -0700
Received: from DC5-EXCH01.marvell.com (10.69.176.38) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server (TLS) id 15.0.1497.2;
 Wed, 28 Sep 2022 05:23:12 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH01.marvell.com
 (10.69.176.38) with Microsoft SMTP Server id 15.0.1497.2 via Frontend
 Transport; Wed, 28 Sep 2022 05:23:12 -0700
Received: from localhost.localdomain (unknown [10.28.36.102])
 by maili.marvell.com (Postfix) with ESMTP id 91CDA3F7106;
 Wed, 28 Sep 2022 05:23:07 -0700 (PDT)
From: Akhil Goyal <gakhil@marvell.com>
To: <dev@dpdk.org>
CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>,
 <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>,
 <vattunuru@marvell.com>, <ferruh.yigit@xilinx.com>,
 <andrew.rybchenko@oktetlabs.ru>, <konstantin.v.ananyev@yandex.ru>,
 <jiawenwu@trustnetic.com>, <yisen.zhuang@huawei.com>,
 <irusskikh@marvell.com>, <qiming.yang@intel.com>, <jerinj@marvell.com>,
 <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com>
Subject: [PATCH v2 2/3] ethdev: add MACsec flow item
Date: Wed, 28 Sep 2022 17:52:52 +0530
Message-ID: <20220928122253.23108-3-gakhil@marvell.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20220928122253.23108-1-gakhil@marvell.com>
References: <20220814184620.512343-1-gakhil@marvell.com>
 <20220928122253.23108-1-gakhil@marvell.com>
MIME-Version: 1.0
X-Proofpoint-ORIG-GUID: KkhTLlx6TF4cZouNUczL96iAgPo8OnST
X-Proofpoint-GUID: KkhTLlx6TF4cZouNUczL96iAgPo8OnST
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1
 definitions=2022-09-28_04,2022-09-28_01,2022-06-22_01
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org

A new flow item is defined for MACsec flows which can be
offloaded to an inline device. If the flow matches with
MACsec header, device will process as per the security
session created using rte_security APIs.
If an error comes while MACsec processing in HW, PMD will
notify with the events defined in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ori Kam <orika@nvidia.com>
---
 lib/ethdev/rte_ethdev.h | 55 +++++++++++++++++++++++++++++++++++++++++
 lib/ethdev/rte_flow.h   | 18 ++++++++++++++
 2 files changed, 73 insertions(+)

diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
index 19e2a8eb3f..733165ec6d 100644
--- a/lib/ethdev/rte_ethdev.h
+++ b/lib/ethdev/rte_ethdev.h
@@ -3579,6 +3579,61 @@ rte_eth_tx_buffer_count_callback(struct rte_mbuf **pkts, uint16_t unsent,
 int
 rte_eth_tx_done_cleanup(uint16_t port_id, uint16_t queue_id, uint32_t free_cnt);
 
+/**
+ * Subtypes for MACsec offload event(@ref RTE_ETH_EVENT_MACSEC) raised by
+ * Ethernet device.
+ */
+enum rte_eth_macsec_event_subtype {
+	RTE_ETH_MACSEC_SUBEVENT_UNKNOWN,
+	/* subevents of RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR sectag validation events
+	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_V_EQ1
+	 *	Validation check: SecTag.TCI.V = 1
+	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_E_EQ0_C_EQ1
+	 *	Validation check: SecTag.TCI.E = 0 && SecTag.TCI.C = 1
+	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SL_GTE48
+	 *	Validation check: SecTag.SL >= 'd48
+	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_ES_EQ1_SC_EQ1
+	 *	Validation check: SecTag.TCI.ES = 1 && SecTag.TCI.SC = 1
+	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SC_EQ1_SCB_EQ1
+	 *	Validation check: SecTag.TCI.SC = 1 && SecTag.TCI.SCB = 1
+	 */
+	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_V_EQ1,
+	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_E_EQ0_C_EQ1,
+	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SL_GTE48,
+	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_ES_EQ1_SC_EQ1,
+	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SC_EQ1_SCB_EQ1,
+};
+
+enum rte_eth_macsec_event_type {
+	RTE_ETH_MACSEC_EVENT_UNKNOWN,
+	RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR,
+	RTE_ETH_MACSEC_EVENT_RX_SA_PN_HARD_EXP,
+	RTE_ETH_MACSEC_EVENT_RX_SA_PN_SOFT_EXP,
+	RTE_ETH_MACSEC_EVENT_TX_SA_PN_HARD_EXP,
+	RTE_ETH_MACSEC_EVENT_TX_SA_PN_SOFT_EXP,
+	/* Notifies Invalid SA event */
+	RTE_ETH_MACSEC_EVENT_SA_NOT_VALID,
+};
+
+/**
+ * Descriptor for @ref RTE_ETH_EVENT_MACSEC event. Used by eth dev to send extra
+ * information of the MACsec offload event.
+ */
+struct rte_eth_event_macsec_desc {
+	enum rte_eth_macsec_event_type type;
+	enum rte_eth_macsec_event_subtype subtype;
+	/**
+	 * Event specific metadata.
+	 *
+	 * For the following events, *userdata* registered
+	 * with the *rte_security_session* would be returned
+	 * as metadata,
+	 *
+	 * @see struct rte_security_session_conf
+	 */
+	uint64_t metadata;
+};
+
 /**
  * Subtypes for IPsec offload event(@ref RTE_ETH_EVENT_IPSEC) raised by
  * eth device.
diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h
index 96147a149a..e966488965 100644
--- a/lib/ethdev/rte_flow.h
+++ b/lib/ethdev/rte_flow.h
@@ -35,6 +35,7 @@
 #include <rte_l2tpv2.h>
 #include <rte_ppp.h>
 #include <rte_gre.h>
+#include <rte_macsec.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -626,6 +627,13 @@ enum rte_flow_item_type {
 	 * See struct rte_flow_item_gre_opt.
 	 */
 	RTE_FLOW_ITEM_TYPE_GRE_OPTION,
+
+	/**
+	 * Matches MACsec Ethernet Header.
+	 *
+	 * See struct rte_flow_item_macsec.
+	 */
+	RTE_FLOW_ITEM_TYPE_MACSEC,
 };
 
 /**
@@ -1099,6 +1107,16 @@ struct rte_flow_item_gre_opt {
 	struct rte_gre_hdr_opt_sequence sequence;
 };
 
+/**
+ * RTE_FLOW_ITEM_TYPE_MACSEC.
+ *
+ * Matches MACsec header.
+ */
+struct rte_flow_item_macsec {
+	struct rte_macsec_hdr macsec_hdr;
+};
+
+
 /**
  * RTE_FLOW_ITEM_TYPE_FUZZY
  *