[PATCH 1/3] net: add MACsec header

Akhil Goyal gakhil at marvell.com
Sun Aug 14 20:46:18 CEST 2022

Previous message (by thread): [PATCH 0/3] security: support MACsec
Next message (by thread): [PATCH 2/3] security: support MACsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Added MACsec protocol header to be used for supporting
MACsec protocol offload in hardware or directly in the application.

Signed-off-by: Akhil Goyal <gakhil at marvell.com>
---
 doc/api/doxy-api-index.md |  3 ++-
 lib/net/meson.build       |  1 +
 lib/net/rte_macsec.h      | 56 +++++++++++++++++++++++++++++++++++++++
 3 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 lib/net/rte_macsec.h

diff --git a/doc/api/doxy-api-index.md b/doc/api/doxy-api-index.md
index 186a258be4..99e49340d3 100644
--- a/doc/api/doxy-api-index.md
+++ b/doc/api/doxy-api-index.md
@@ -126,7 +126,8 @@ The public API headers are grouped by topics:
   [Geneve](@ref rte_geneve.h),
   [eCPRI](@ref rte_ecpri.h),
   [L2TPv2](@ref rte_l2tpv2.h),
-  [PPP](@ref rte_ppp.h)
+  [PPP](@ref rte_ppp.h),
+  [MACsec](@ref rte_macsec.h)
 
 - **QoS**:
   [metering](@ref rte_meter.h),
diff --git a/lib/net/meson.build b/lib/net/meson.build
index e899846578..3e63abaca8 100644
--- a/lib/net/meson.build
+++ b/lib/net/meson.build
@@ -21,6 +21,7 @@ headers = files(
         'rte_geneve.h',
         'rte_l2tpv2.h',
         'rte_ppp.h',
+        'rte_macsec.h',
 )
 
 sources = files(
diff --git a/lib/net/rte_macsec.h b/lib/net/rte_macsec.h
new file mode 100644
index 0000000000..f1b59253f6
--- /dev/null
+++ b/lib/net/rte_macsec.h
@@ -0,0 +1,56 @@
+/* SPDX-License-Identifier: BSD-3-Clause
+ * Copyright(C) 2022 Marvell.
+ */
+
+#ifndef _RTE_MACSEC_H_
+#define _RTE_MACSEC_H_
+
+/**
+ * @file
+ *
+ * MACsec-related defines
+ */
+
+#include <rte_byteorder.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* SecTAG length = macsec ether header without the optional SCI */
+#define RTE_MACSEC_TAG_LEN 6
+#define RTE_MACSEC_SCI_LEN 8
+
+#define RTE_MACSEC_TCI_VERSION	0x80 /**< Version mask for MACsec. Should be 0. */
+#define RTE_MACSEC_TCI_ES	0x40 /**< End station - SCI is not valid */
+#define RTE_MACSEC_TCI_SC	0x20 /**< SCI present */
+#define RTE_MACSEC_TCI_SCB	0x10 /**< Secure channel support EPON single copy broadcast */
+#define RTE_MACSEC_TCI_E	0x08 /**< User data is encrypted */
+#define RTE_MACSEC_TCI_C	0x04 /**< User data was changed (because of encryption) */
+#define RTE_MACSEC_AN_MASK	0x03 /**< Association number mask in tci_an */
+#define RTE_MACSEC_NUM_AN	4    /**< 2 bits for the association number */
+#define RTE_MACSEC_SALT_LEN	12   /**< Salt length for MACsec SA */
+
+/**
+ * MACsec Header
+ */
+struct rte_macsec_hdr {
+	/* SecTAG */
+	uint8_t  tci_an;	/**< Tag control information and Association number of SC */
+#if RTE_BYTE_ORDER == RTE_LITTLE_ENDIAN
+	uint8_t short_length : 6; /**< Short Length */
+	uint8_t unused : 2;
+#elif RTE_BYTE_ORDER == RTE_BIG_ENDIAN
+	uint8_t unused : 2;
+	uint8_t short_length : 6;
+#endif
+	rte_be32_t packet_number; /**< Packet number to support replay protection */
+	uint8_t secure_channel_id[8]; /* optional */
+} __rte_packed;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* RTE_MACSEC_H_ */
-- 
2.25.1

Previous message (by thread): [PATCH 0/3] security: support MACsec
Next message (by thread): [PATCH 2/3] security: support MACsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list