[PATCH 3/3] ethdev: add MACsec flow item

[Ori Kam]

> -----Original Message-----
> From: Akhil Goyal <gakhil at marvell.com>
> Sent: Sunday, 14 August 2022 21:46
> 
> A new flow item is defined for MACsec flows which can be
> offloaded to an inline device. If the flow matches with
> MACsec header, device will process as per the security
> session created using rte_security APIs.
> If an error comes while MACsec processing in HW, PMD will
> notify with the events defined in this patch.
> 
> Signed-off-by: Akhil Goyal <gakhil at marvell.com>
> ---
>  lib/ethdev/rte_ethdev.h | 55
> +++++++++++++++++++++++++++++++++++++++++
>  lib/ethdev/rte_flow.h   | 18 ++++++++++++++
>  2 files changed, 73 insertions(+)
> 
> diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
> index de9e970d4d..24661b01e9 100644
> --- a/lib/ethdev/rte_ethdev.h
> +++ b/lib/ethdev/rte_ethdev.h
> @@ -3864,6 +3864,61 @@ rte_eth_tx_buffer_count_callback(struct
> rte_mbuf **pkts, uint16_t unsent,
>  int
>  rte_eth_tx_done_cleanup(uint16_t port_id, uint16_t queue_id, uint32_t
> free_cnt);
> 
> +/**
> + * Subtypes for MACsec offload event(@ref RTE_ETH_EVENT_MACSEC)
> raised by
> + * Ethernet device.
> + */
> +enum rte_eth_macsec_event_subtype {
> +	RTE_ETH_MACSEC_SUBEVENT_UNKNOWN,
> +	/* subevents of RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR sectag
> validation events
> +	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_V_EQ1
> +	 *	Validation check: SecTag.TCI.V = 1
> +	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_E_EQ0_C_EQ1
> +	 *	Validation check: SecTag.TCI.E = 0 && SecTag.TCI.C = 1
> +	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SL_GTE48
> +	 *	Validation check: SecTag.SL >= 'd48
> +	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_ES_EQ1_SC_EQ1
> +	 *	Validation check: SecTag.TCI.ES = 1 && SecTag.TCI.SC = 1
> +	 * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SC_EQ1_SCB_EQ1
> +	 *	Validation check: SecTag.TCI.SC = 1 && SecTag.TCI.SCB = 1
> +	 */
> +	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_V_EQ1,
> +	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_E_EQ0_C_EQ1,
> +	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SL_GTE48,
> +	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_ES_EQ1_SC_EQ1,
> +	RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SC_EQ1_SCB_EQ1,
> +};
> +
> +enum rte_eth_macsec_event_type {
> +	RTE_ETH_MACSEC_EVENT_UNKNOWN,
> +	RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR,
> +	RTE_ETH_MACSEC_EVENT_RX_SA_PN_HARD_EXP,
> +	RTE_ETH_MACSEC_EVENT_RX_SA_PN_SOFT_EXP,
> +	RTE_ETH_MACSEC_EVENT_TX_SA_PN_HARD_EXP,
> +	RTE_ETH_MACSEC_EVENT_TX_SA_PN_SOFT_EXP,
> +	/* Notifies Invalid SA event */
> +	RTE_ETH_MACSEC_EVENT_SA_NOT_VALID,
> +};
> +
> +/**
> + * Descriptor for @ref RTE_ETH_EVENT_MACSEC event. Used by eth dev to
> send extra
> + * information of the MACsec offload event.
> + */
> +struct rte_eth_event_macsec_desc {
> +	enum rte_eth_macsec_event_type type;
> +	enum rte_eth_macsec_event_subtype subtype;
> +	/**
> +	 * Event specific metadata.
> +	 *
> +	 * For the following events, *userdata* registered
> +	 * with the *rte_security_session* would be returned
> +	 * as metadata,
> +	 *
> +	 * @see struct rte_security_session_conf
> +	 */
> +	uint64_t metadata;
> +};
> +
>  /**
>   * Subtypes for IPsec offload event(@ref RTE_ETH_EVENT_IPSEC) raised by
>   * eth device.
> diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h
> index a79f1e7ef0..4114c84a02 100644
> --- a/lib/ethdev/rte_flow.h
> +++ b/lib/ethdev/rte_flow.h
> @@ -35,6 +35,7 @@
>  #include <rte_l2tpv2.h>
>  #include <rte_ppp.h>
>  #include <rte_gre.h>
> +#include <rte_macsec.h>
> 
>  #ifdef __cplusplus
>  extern "C" {
> @@ -668,6 +669,13 @@ enum rte_flow_item_type {
>  	 * See struct rte_flow_item_gre_opt.
>  	 */
>  	RTE_FLOW_ITEM_TYPE_GRE_OPTION,
> +
> +	/**
> +	 * Matches MACsec Ethernet Header.
> +	 *
> +	 * See struct rte_flow_item_macsec.
> +	 */
> +	RTE_FLOW_ITEM_TYPE_MACSEC,
>  };
> 
>  /**
> @@ -1214,6 +1222,16 @@ struct rte_flow_item_gre_opt {
>  	struct rte_gre_hdr_opt_sequence sequence;
>  };
> 
> +/**
> + * RTE_FLOW_ITEM_TYPE_MACSEC.
> + *
> + * Matches MACsec header.
> + */
> +struct rte_flow_item_macsec {
> +	struct rte_macsec_hdr macsec_hdr;
> +};
> +
> +
>  /**
>   * RTE_FLOW_ITEM_TYPE_FUZZY
>   *
> --
> 2.25.1

Acked-by: Ori Kam <orika at nvidia.com>
Best,
Ori