[RFC,v2,1/7] security: MACSEC infrastructure data declarations
Checks
Commit Message
From: Pavel Belous <Pavel.Belous@aquantia.com>
This patch extends rte_security framework to support MACSEC operations.
Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: Pavel Belous <pavel.belous@aquantia.com>
---
lib/librte_security/rte_security.h | 143 +++++++++++++++++++++++++++++++++++--
1 file changed, 138 insertions(+), 5 deletions(-)
@@ -29,6 +29,7 @@ extern "C" {
#include <rte_mbuf.h>
#include <rte_memory.h>
#include <rte_mempool.h>
+#include <rte_ether.h>
/** IPSec protocol mode */
enum rte_security_ipsec_sa_mode {
@@ -215,11 +216,109 @@ struct rte_security_ipsec_xform {
};
/**
+ * MACSEC global configuration parameters
+ *
+ */
+struct rte_security_macsec_param {
+ uint8_t enabled;
+ uint32_t ingress_pn_threshold;
+ uint32_t egress_pn_threshold;
+ uint8_t interrupts_enabled;
+ /**< List of bypassed ethertypes */
+ uint32_t ctl_ether_types[8];
+};
+
+/**
+ * MACSEC SC (Secure Connection) parameters
+ *
+ */
+struct rte_security_macsec_txsc_param {
+ struct rte_ether_addr s_mac;
+ /**< local side mac address */
+ struct rte_ether_addr d_mac;
+ /**< remote side mac address */
+ uint64_t sci;
+ uint32_t tci;
+ uint32_t sa_num;
+ uint8_t encrypt;
+ uint8_t protect;
+ uint8_t key_len;
+ uint8_t auto_rollover_enabled;
+
+ uint32_t index;
+ uint32_t curr_an;
+};
+
+struct rte_security_macsec_rxsc_param {
+ struct rte_ether_addr s_mac;
+ struct rte_ether_addr d_mac;
+ uint64_t sci;
+ uint32_t tci;
+ uint32_t sa_num;
+ /**< remote side mac address */
+ uint8_t replay_protection;
+ /**< replay protection */
+ uint32_t anti_replay_window;
+ /**< anti replay window */
+ uint16_t port_ident;
+ /**< remote side port identifier */
+ uint8_t auto_rollover_enabled;
+ uint8_t validate_frames;
+
+ uint32_t index;
+};
+
+struct rte_security_macsec_sa_param {
+ uint8_t sa_idx;
+ uint8_t an;
+ uint32_t packet_number;
+ uint8_t key_len;
+ uint8_t key[32];
+};
+
+struct rte_security_macsec_capabilities {
+ /** Extended Packet Numbers (XPN)
+ *
+ * * 1: Extended (64 bit) packet numbers supported
+ * * 0: Extended (64 bit) packet numbers not supported
+ */
+ uint32_t xpn : 1;
+};
+
+/**
+ * Available operations over MACSEC instance
+ */
+enum rte_security_macsec_op {
+ RTE_SECURITY_MACSEC_OP_CONFIG = 0,
+
+ RTE_SECURITY_MACSEC_OP_ADD_TXSC,
+ RTE_SECURITY_MACSEC_OP_DEL_TXSC,
+ RTE_SECURITY_MACSEC_OP_UPD_TXSC,
+
+ RTE_SECURITY_MACSEC_OP_ADD_RXSC,
+ RTE_SECURITY_MACSEC_OP_DEL_RXSC,
+ RTE_SECURITY_MACSEC_OP_UPD_RXSC,
+
+ RTE_SECURITY_MACSEC_OP_ADD_TXSA,
+ RTE_SECURITY_MACSEC_OP_DEL_TXSA,
+ RTE_SECURITY_MACSEC_OP_UPD_TXSA,
+
+ RTE_SECURITY_MACSEC_OP_ADD_RXSA,
+ RTE_SECURITY_MACSEC_OP_DEL_RXSA,
+ RTE_SECURITY_MACSEC_OP_UPD_RXSA,
+};
+
+/**
* MACsec security session configuration
*/
struct rte_security_macsec_xform {
- /** To be Filled */
- int dummy;
+ enum rte_security_macsec_op op;
+ union {
+ struct rte_security_macsec_param config_options;
+ struct rte_security_macsec_txsc_param txsc_options;
+ struct rte_security_macsec_rxsc_param rxsc_options;
+ struct rte_security_macsec_sa_param sa_options;
+ };
};
/**
@@ -495,7 +594,42 @@ rte_security_attach_session(struct rte_crypto_op *op,
}
struct rte_security_macsec_stats {
- uint64_t reserved;
+ /* Ingress Counters */
+ uint64_t in_ctl_pkts;
+ uint64_t in_tagged_miss_pkts;
+ uint64_t in_untagged_miss_pkts;
+ uint64_t in_notag_pkts;
+ uint64_t in_untagged_pkts;
+ uint64_t in_bad_tag_pkts;
+ uint64_t in_no_sci_pkts;
+ uint64_t in_unknown_sci_pkts;
+
+ /* Egress Counters */
+ uint64_t out_ctl_pkts;
+ uint64_t out_unknown_sa_pkts;
+ uint64_t out_untagged_pkts;
+ uint64_t out_too_long;
+
+ /* Ingress SA Counters */
+ uint64_t in_untagged_hit_pkts;
+ uint64_t in_not_using_sa;
+ uint64_t in_unused_sa;
+ uint64_t in_not_valid_pkts;
+ uint64_t in_invalid_pkts;
+ uint64_t in_ok_pkts;
+ uint64_t in_unchecked_pkts;
+ uint64_t in_validated_octets;
+ uint64_t in_decrypted_octets;
+ /* Egress SC Counters */
+ uint64_t out_sc_protected_pkts;
+ uint64_t out_sc_encrypted_pkts;
+ uint64_t out_sc_protected_octets;
+ uint64_t out_sc_encrypted_octets;
+ /* Egress SA Counters */
+ uint64_t out_sa_hit_drop_redirect;
+ uint64_t out_sa_protected2_pkts;
+ uint64_t out_sa_protected_pkts;
+ uint64_t out_sa_encrypted_pkts;
};
struct rte_security_ipsec_stats {
@@ -566,8 +700,7 @@ struct rte_security_capability {
} ipsec;
/**< IPsec capability */
struct {
- /* To be Filled */
- int dummy;
+ struct rte_security_macsec_capabilities caps;
} macsec;
/**< MACsec capability */
struct {