diff mbox series

[v2,1/3] net: add MACsec header

Message ID	20220928122253.23108-2-gakhil@marvell.com (mailing list archive)
State	Superseded, archived
Delegated to:	Thomas Monjalon
Headers	From: Akhil Goyal <gakhil@marvell.com> To: <dev@dpdk.org> CC: <thomas@monjalon.net>, <olivier.matz@6wind.com>, <orika@nvidia.com>, <david.marchand@redhat.com>, <hemant.agrawal@nxp.com>, <vattunuru@marvell.com>, <ferruh.yigit@xilinx.com>, <andrew.rybchenko@oktetlabs.ru>, <konstantin.v.ananyev@yandex.ru>, <jiawenwu@trustnetic.com>, <yisen.zhuang@huawei.com>, <irusskikh@marvell.com>, <qiming.yang@intel.com>, <jerinj@marvell.com>, <adwivedi@marvell.com>, Akhil Goyal <gakhil@marvell.com> Subject: [PATCH v2 1/3] net: add MACsec header Date: Wed, 28 Sep 2022 17:52:51 +0530 Message-ID: <20220928122253.23108-2-gakhil@marvell.com> In-Reply-To: <20220928122253.23108-1-gakhil@marvell.com> References: <20220814184620.512343-1-gakhil@marvell.com> <20220928122253.23108-1-gakhil@marvell.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: list Errors-To: dev-bounces@dpdk.org
Series	security: support MACsec \| [v2,0/3] security: support MACsec [v2,1/3] net: add MACsec header [v2,2/3] ethdev: add MACsec flow item [v2,3/3] security: support MACsec

Checks

Context	Check	Description
ci/checkpatch	success	coding style OK
ci/iol-testing	warning	apply patch failure

Commit Message

Akhil Goyal Sept. 28, 2022, 12:22 p.m. UTC

  Added MACsec protocol header to be used for supporting
MACsec protocol offload in hardware or directly in the application.

Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/api/doxy-api-index.md |  3 +-
 lib/net/meson.build       |  1 +
 lib/net/rte_macsec.h      | 61 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 64 insertions(+), 1 deletion(-)
 create mode 100644 lib/net/rte_macsec.h

Comments

Olivier Matz Sept. 28, 2022, 1:04 p.m. UTC | #1

On Wed, Sep 28, 2022 at 05:52:51PM +0530, Akhil Goyal wrote:
> Added MACsec protocol header to be used for supporting
> MACsec protocol offload in hardware or directly in the application.
> 
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>

Acked-by: Olivier Matz <olivier.matz@6wind.com>

Thanks

Thomas Monjalon Sept. 28, 2022, 1:44 p.m. UTC | #2

28/09/2022 14:22, Akhil Goyal:
> --- /dev/null
> +++ b/lib/net/rte_macsec.h
> +#ifndef _RTE_MACSEC_H_
> +#define _RTE_MACSEC_H_
[...]
> +#endif /* RTE_MACSEC_H_ */

Discrepancy spotted here. Anyway no need of underscores at all.
I'll rename to RTE_MACSEC_H while merging.

Ori Kam Sept. 28, 2022, 2:23 p.m. UTC | #3

> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, 28 September 2022 15:23
> To: dev@dpdk.org

Acked-by: Ori Kam <orika@nvidia.com>
Thanks,
Ori

diff mbox series

Patch

diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index 186a258be4..99e49340d3 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -126,7 +126,8 @@  The public API headers are grouped by topics:
   [Geneve](@ref rte_geneve.h),
   [eCPRI](@ref rte_ecpri.h),
   [L2TPv2](@ref rte_l2tpv2.h),
-  [PPP](@ref rte_ppp.h)
+  [PPP](@ref rte_ppp.h),
+  [MACsec](@ref rte_macsec.h)
 
 - **QoS**:
   [metering](@ref rte_meter.h),
diff --git a/lib/net/meson.build b/lib/net/meson.build
index e899846578..3e63abaca8 100644
--- a/lib/net/meson.build
+++ b/lib/net/meson.build
@@ -21,6 +21,7 @@  headers = files(
         'rte_geneve.h',
         'rte_l2tpv2.h',
         'rte_ppp.h',
+        'rte_macsec.h',
 )
 
 sources = files(
diff --git a/lib/net/rte_macsec.h b/lib/net/rte_macsec.h
new file mode 100644
index 0000000000..b391d21ecd
--- /dev/null
+++ b/lib/net/rte_macsec.h
@@ -0,0 +1,61 @@ 
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+#ifndef _RTE_MACSEC_H_
+#define _RTE_MACSEC_H_
+
+/**
+ * @file
+ *
+ * MACsec-related defines
+ */
+
+#include <rte_byteorder.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define RTE_MACSEC_TCI_VER_MASK	0x80 /**< Version mask for MACsec. Should be 0. */
+#define RTE_MACSEC_TCI_ES	0x40 /**< Mask for End station(ES) bit - SCI is not valid. */
+#define RTE_MACSEC_TCI_SC	0x20 /**< Mask for SCI present bit. */
+#define RTE_MACSEC_TCI_SCB	0x10 /**< Mask for EPON single copy broadcast bit. */
+#define RTE_MACSEC_TCI_E	0x08 /**< Mask for encrypted user data bit. */
+#define RTE_MACSEC_TCI_C	0x04 /**< Mask for changed user data bit (because of encryption). */
+#define RTE_MACSEC_AN_MASK	0x03 /**< Association number mask in tci_an. */
+
+/**
+ * MACsec Header(SecTAG)
+ */
+struct rte_macsec_hdr {
+	/**
+	 * Tag control information and Association number of secure channel.
+	 * Various bits of TCI and AN are masked using RTE_MACSEC_TCI_* and RTE_MACSEC_AN_MASK.
+	 */
+	uint8_t tci_an;
+#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN
+	uint8_t short_length:6; /**< Short Length. */
+	uint8_t unused:2;
+#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+	uint8_t unused:2;
+	uint8_t short_length:6; /**< Short Length. */
+#endif
+	rte_be32_t packet_number; /**< Packet number to support replay protection. */
+} __rte_packed;
+
+/** SCI length in MACsec header if present. */
+#define RTE_MACSEC_SCI_LEN 8
+
+/**
+ * MACsec SCI header(8 bytes) after the MACsec header which is present if SC bit is set in tci_an.
+ */
+struct rte_macsec_sci_hdr {
+	uint8_t sci[RTE_MACSEC_SCI_LEN]; /**< Optional secure channel id. */
+} __rte_packed;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RTE_MACSEC_H_ */