[dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Igor Russkikh
Igor.Russkikh at aquantia.com
Wed Apr 10 13:18:40 CEST 2019
MACSEC related device ops, API and parameters are taken from the
existing ixgbe PMD ops
Signed-off-by: Igor Russkikh <igor.russkikh at aquantia.com>
---
lib/librte_ethdev/rte_ethdev.c | 87 +++++++++++++++++++++
lib/librte_ethdev/rte_ethdev.h | 115 ++++++++++++++++++++++++++++
lib/librte_ethdev/rte_ethdev_core.h | 23 ++++++
3 files changed, 225 insertions(+)
diff --git a/lib/librte_ethdev/rte_ethdev.c b/lib/librte_ethdev/rte_ethdev.c
index 243beb4dd5ef..315c31dc667d 100644
--- a/lib/librte_ethdev/rte_ethdev.c
+++ b/lib/librte_ethdev/rte_ethdev.c
@@ -4367,6 +4367,93 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool)
return (*dev->dev_ops->pool_ops_supported)(dev, pool);
}
+int
+rte_eth_macsec_enable(uint16_t port_id,
+ uint8_t encr, uint8_t repl_prot)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_enable, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_enable)
+ (dev, encr, repl_prot));
+}
+
+int
+rte_eth_macsec_disable(uint16_t port_id)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_disable, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_disable)
+ (dev));
+}
+
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+ uint8_t *mac, uint16_t pi)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_rxsc, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_config_rxsc)
+ (dev, mac, pi));
+}
+
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+ uint8_t *mac)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_config_txsc, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_config_txsc)
+ (dev, mac));
+}
+
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_rxsa, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_select_rxsa)
+ (dev, idx, an, pn, key));
+}
+
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key)
+{
+ struct rte_eth_dev *dev;
+
+ RTE_ETH_VALID_PORTID_OR_ERR_RET(port_id, -ENODEV);
+ dev = &rte_eth_devices[port_id];
+
+ RTE_FUNC_PTR_OR_ERR_RET(*dev->dev_ops->macsec_select_txsa, -ENOTSUP);
+ return eth_err(port_id, (*dev->dev_ops->macsec_select_txsa)
+ (dev, idx, an, pn, key));
+}
+
+
+
/**
* A set of values to describe the possible states of a switch domain.
*/
diff --git a/lib/librte_ethdev/rte_ethdev.h b/lib/librte_ethdev/rte_ethdev.h
index 40a068fe8337..0e4e889653ad 100644
--- a/lib/librte_ethdev/rte_ethdev.h
+++ b/lib/librte_ethdev/rte_ethdev.h
@@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
void *
rte_eth_dev_get_sec_ctx(uint16_t port_id);
+/**
+ * Enable MACsec offload.
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param encr
+ * 1 - Enable encryption (encrypt and add integrity signature).
+ * 0 - Disable encryption (only add integrity signature).
+ * @param repl_prot
+ * 1 - Enable replay protection.
+ * 0 - Disable replay protection.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_enable(uint16_t port_id,
+ uint8_t encr, uint8_t repl_prot);
+
+/**
+ * Disable MACsec offload.
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_disable(uint16_t port_id);
+
+/**
+ * Configure Rx SC (Secure Connection).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the remote side.
+ * @param pi
+ * The PI (port identifier) on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_rxsc(uint16_t port_id,
+ uint8_t *mac, uint16_t pi);
+
+/**
+ * Configure Tx SC (Secure Connection).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param mac
+ * The MAC address on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ */
+int
+rte_eth_macsec_config_txsc(uint16_t port_id,
+ uint8_t *mac);
+
+/**
+ * Enable Rx SA (Secure Association).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1)
+ * @param an
+ * The association number on the remote side.
+ * @param pn
+ * The packet number on the remote side.
+ * @param key
+ * The key on the remote side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_rxsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
+/**
+ * Enable Tx SA (Secure Association).
+ *
+ * @param port_id
+ * The port identifier of the Ethernet device.
+ * @param idx
+ * The SA to be enabled (0 or 1).
+ * @param an
+ * The association number on the local side.
+ * @param pn
+ * The packet number on the local side.
+ * @param key
+ * The key on the local side.
+ * @return
+ * - (0) if successful.
+ * - (-ENODEV) if *port* invalid.
+ * - (-ENOTSUP) if hardware doesn't support this feature.
+ * - (-EINVAL) if bad parameter.
+ */
+int
+rte_eth_macsec_select_txsa(uint16_t port_id,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
#include <rte_ethdev_core.h>
diff --git a/lib/librte_ethdev/rte_ethdev_core.h b/lib/librte_ethdev/rte_ethdev_core.h
index 8f03f83f62cf..6434a9065756 100644
--- a/lib/librte_ethdev/rte_ethdev_core.h
+++ b/lib/librte_ethdev/rte_ethdev_core.h
@@ -377,6 +377,20 @@ typedef int (*eth_pool_ops_supported_t)(struct rte_eth_dev *dev,
const char *pool);
/**< @internal Test if a port supports specific mempool ops */
+typedef int (*eth_macsec_enable_t)(struct rte_eth_dev *dev,
+ uint8_t encr, uint8_t repl_prot);
+typedef int (*eth_macsec_disable_t)(struct rte_eth_dev *dev);
+typedef int (*eth_macsec_config_rxsc_t)(struct rte_eth_dev *dev,
+ uint8_t *mac, uint16_t pi);
+typedef int (*eth_macsec_config_txsc_t)(struct rte_eth_dev *dev,
+ uint8_t *mac);
+typedef int (*eth_macsec_select_rxsa_t)(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+typedef int (*eth_macsec_select_txsa_t)(struct rte_eth_dev *dev,
+ uint8_t idx, uint8_t an,
+ uint32_t pn, uint8_t *key);
+
/**
* @internal A structure containing the functions exported by an Ethernet driver.
*/
@@ -509,6 +523,15 @@ struct eth_dev_ops {
eth_pool_ops_supported_t pool_ops_supported;
/**< Test if a port supports specific mempool ops */
+
+ eth_macsec_enable_t macsec_enable; /** macsec function enable */
+ eth_macsec_disable_t macsec_disable; /** macsec function disable */
+ eth_macsec_config_rxsc_t macsec_config_rxsc; /** macsec configure rx */
+ eth_macsec_config_txsc_t macsec_config_txsc; /** macsec configure tx */
+ eth_macsec_select_rxsa_t macsec_select_rxsa;
+ /** macsec select rx security association */
+ eth_macsec_select_txsa_t macsec_select_txsa;
+ /** macsec select tx security association */
};
/**
--
2.17.1
More information about the dev
mailing list