[v2,1/3] net: add MACsec header
Checks
Commit Message
Added MACsec protocol header to be used for supporting
MACsec protocol offload in hardware or directly in the application.
Signed-off-by: Akhil Goyal <gakhil@marvell.com>
---
doc/api/doxy-api-index.md | 3 +-
lib/net/meson.build | 1 +
lib/net/rte_macsec.h | 61 +++++++++++++++++++++++++++++++++++++++
3 files changed, 64 insertions(+), 1 deletion(-)
create mode 100644 lib/net/rte_macsec.h
Comments
On Wed, Sep 28, 2022 at 05:52:51PM +0530, Akhil Goyal wrote:
> Added MACsec protocol header to be used for supporting
> MACsec protocol offload in hardware or directly in the application.
>
> Signed-off-by: Akhil Goyal <gakhil@marvell.com>
Acked-by: Olivier Matz <olivier.matz@6wind.com>
Thanks
28/09/2022 14:22, Akhil Goyal:
> --- /dev/null
> +++ b/lib/net/rte_macsec.h
> +#ifndef _RTE_MACSEC_H_
> +#define _RTE_MACSEC_H_
[...]
> +#endif /* RTE_MACSEC_H_ */
Discrepancy spotted here. Anyway no need of underscores at all.
I'll rename to RTE_MACSEC_H while merging.
> -----Original Message-----
> From: Akhil Goyal <gakhil@marvell.com>
> Sent: Wednesday, 28 September 2022 15:23
> To: dev@dpdk.org
Acked-by: Ori Kam <orika@nvidia.com>
Thanks,
Ori
@@ -126,7 +126,8 @@ The public API headers are grouped by topics:
[Geneve](@ref rte_geneve.h),
[eCPRI](@ref rte_ecpri.h),
[L2TPv2](@ref rte_l2tpv2.h),
- [PPP](@ref rte_ppp.h)
+ [PPP](@ref rte_ppp.h),
+ [MACsec](@ref rte_macsec.h)
- **QoS**:
[metering](@ref rte_meter.h),
@@ -21,6 +21,7 @@ headers = files(
'rte_geneve.h',
'rte_l2tpv2.h',
'rte_ppp.h',
+ 'rte_macsec.h',
)
sources = files(
new file mode 100644
@@ -0,0 +1,61 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+#ifndef _RTE_MACSEC_H_
+#define _RTE_MACSEC_H_
+
+/**
+ * @file
+ *
+ * MACsec-related defines
+ */
+
+#include <rte_byteorder.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define RTE_MACSEC_TCI_VER_MASK 0x80 /**< Version mask for MACsec. Should be 0. */
+#define RTE_MACSEC_TCI_ES 0x40 /**< Mask for End station(ES) bit - SCI is not valid. */
+#define RTE_MACSEC_TCI_SC 0x20 /**< Mask for SCI present bit. */
+#define RTE_MACSEC_TCI_SCB 0x10 /**< Mask for EPON single copy broadcast bit. */
+#define RTE_MACSEC_TCI_E 0x08 /**< Mask for encrypted user data bit. */
+#define RTE_MACSEC_TCI_C 0x04 /**< Mask for changed user data bit (because of encryption). */
+#define RTE_MACSEC_AN_MASK 0x03 /**< Association number mask in tci_an. */
+
+/**
+ * MACsec Header(SecTAG)
+ */
+struct rte_macsec_hdr {
+ /**
+ * Tag control information and Association number of secure channel.
+ * Various bits of TCI and AN are masked using RTE_MACSEC_TCI_* and RTE_MACSEC_AN_MASK.
+ */
+ uint8_t tci_an;
+#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN
+ uint8_t short_length:6; /**< Short Length. */
+ uint8_t unused:2;
+#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+ uint8_t unused:2;
+ uint8_t short_length:6; /**< Short Length. */
+#endif
+ rte_be32_t packet_number; /**< Packet number to support replay protection. */
+} __rte_packed;
+
+/** SCI length in MACsec header if present. */
+#define RTE_MACSEC_SCI_LEN 8
+
+/**
+ * MACsec SCI header(8 bytes) after the MACsec header which is present if SC bit is set in tci_an.
+ */
+struct rte_macsec_sci_hdr {
+ uint8_t sci[RTE_MACSEC_SCI_LEN]; /**< Optional secure channel id. */
+} __rte_packed;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RTE_MACSEC_H_ */