diff mbox series

[v3,2/3] ethdev: add MACsec flow item

Message ID 20220928182410.309053-3-gakhil@marvell.com (mailing list archive)
State Accepted, archived
Delegated to: Thomas Monjalon
Headers show
Series security: support MACsec | expand

Checks

Context Check Description
ci/checkpatch success coding style OK

Commit Message

Akhil Goyal Sept. 28, 2022, 6:24 p.m. UTC
A new flow item is defined for MACsec flows which can be
offloaded to an inline device. If the flow matches with
MACsec header, device will process as per the security
session created using rte_security APIs.
If an error comes while MACsec processing in HW, PMD will
notify with the events defined in this patch.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Ori Kam <orika@nvidia.com>
---
 lib/ethdev/rte_ethdev.h | 76 +++++++++++++++++++++++++++++++++++++++++
 lib/ethdev/rte_flow.h   | 18 ++++++++++
 2 files changed, 94 insertions(+)
diff mbox series

Patch

diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
index 19e2a8eb3f..8082d5e9e2 100644
--- a/lib/ethdev/rte_ethdev.h
+++ b/lib/ethdev/rte_ethdev.h
@@ -3579,6 +3579,82 @@  rte_eth_tx_buffer_count_callback(struct rte_mbuf **pkts, uint16_t unsent,
 int
 rte_eth_tx_done_cleanup(uint16_t port_id, uint16_t queue_id, uint32_t free_cnt);
 
+/**
+ * Subtypes for MACsec offload event(@ref RTE_ETH_EVENT_MACSEC) raised by
+ * Ethernet device.
+ */
+enum rte_eth_event_macsec_subtype {
+	/** Notifies unknown MACsec subevent. */
+	RTE_ETH_SUBEVENT_MACSEC_UNKNOWN,
+	/**
+	 * Subevent of RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR sectag validation events
+	 *	Validation check: SecTag.TCI.V = 1
+	 */
+	RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_V_EQ1,
+	/**
+	 * Subevent of RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR sectag validation events
+	 *	Validation check: SecTag.TCI.E = 0 && SecTag.TCI.C = 1
+	 */
+	RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_E_EQ0_C_EQ1,
+	/**
+	 * Subevent of RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR sectag validation events
+	 *	Validation check: SecTag.SL >= 'd48
+	 */
+	RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SL_GTE48,
+	/**
+	 * Subevent of RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR sectag validation events
+	 *	Validation check: SecTag.TCI.ES = 1 && SecTag.TCI.SC = 1
+	 */
+	RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_ES_EQ1_SC_EQ1,
+	/**
+	 * Subevent of RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR sectag validation events
+	 *	Validation check: SecTag.TCI.SC = 1 && SecTag.TCI.SCB = 1
+	 */
+	RTE_ETH_SUBEVENT_MACSEC_RX_SECTAG_SC_EQ1_SCB_EQ1,
+};
+
+/**
+ * Event types for MACsec offload event(@ref RTE_ETH_EVENT_MACSEC) raised by
+ * eth device.
+ */
+enum rte_eth_event_macsec_type {
+	/** Notifies unknown MACsec event. */
+	RTE_ETH_EVENT_MACSEC_UNKNOWN,
+	/** Notifies Sectag validation failure events. */
+	RTE_ETH_EVENT_MACSEC_SECTAG_VAL_ERR,
+	/** Notifies Rx SA hard expiry events. */
+	RTE_ETH_EVENT_MACSEC_RX_SA_PN_HARD_EXP,
+	/** Notifies Rx SA soft expiry events. */
+	RTE_ETH_EVENT_MACSEC_RX_SA_PN_SOFT_EXP,
+	/** Notifies Tx SA hard expiry events. */
+	RTE_ETH_EVENT_MACSEC_TX_SA_PN_HARD_EXP,
+	/** Notifies Tx SA soft events. */
+	RTE_ETH_EVENT_MACSEC_TX_SA_PN_SOFT_EXP,
+	/** Notifies Invalid SA event. */
+	RTE_ETH_EVENT_MACSEC_SA_NOT_VALID,
+};
+
+/**
+ * Descriptor for @ref RTE_ETH_EVENT_MACSEC event. Used by eth dev to send extra
+ * information of the MACsec offload event.
+ */
+struct rte_eth_event_macsec_desc {
+	/** Type of RTE_ETH_EVENT_MACSEC_* event. */
+	enum rte_eth_event_macsec_type type;
+	/** Type of RTE_ETH_SUBEVENT_MACSEC_* subevent. */
+	enum rte_eth_event_macsec_subtype subtype;
+	/**
+	 * Event specific metadata.
+	 *
+	 * For the following events, *userdata* registered
+	 * with the *rte_security_session* would be returned
+	 * as metadata,
+	 *
+	 * @see struct rte_security_session_conf.
+	 */
+	uint64_t metadata;
+};
+
 /**
  * Subtypes for IPsec offload event(@ref RTE_ETH_EVENT_IPSEC) raised by
  * eth device.
diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h
index 96147a149a..e966488965 100644
--- a/lib/ethdev/rte_flow.h
+++ b/lib/ethdev/rte_flow.h
@@ -35,6 +35,7 @@ 
 #include <rte_l2tpv2.h>
 #include <rte_ppp.h>
 #include <rte_gre.h>
+#include <rte_macsec.h>
 
 #ifdef __cplusplus
 extern "C" {
@@ -626,6 +627,13 @@  enum rte_flow_item_type {
 	 * See struct rte_flow_item_gre_opt.
 	 */
 	RTE_FLOW_ITEM_TYPE_GRE_OPTION,
+
+	/**
+	 * Matches MACsec Ethernet Header.
+	 *
+	 * See struct rte_flow_item_macsec.
+	 */
+	RTE_FLOW_ITEM_TYPE_MACSEC,
 };
 
 /**
@@ -1099,6 +1107,16 @@  struct rte_flow_item_gre_opt {
 	struct rte_gre_hdr_opt_sequence sequence;
 };
 
+/**
+ * RTE_FLOW_ITEM_TYPE_MACSEC.
+ *
+ * Matches MACsec header.
+ */
+struct rte_flow_item_macsec {
+	struct rte_macsec_hdr macsec_hdr;
+};
+
+
 /**
  * RTE_FLOW_ITEM_TYPE_FUZZY
  *