[dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops

Ferruh Yigit ferruh.yigit at intel.com
Fri Apr 12 20:26:04 CEST 2019

Previous message: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Next message: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/10/2019 12:18 PM, Igor Russkikh wrote:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops
> 
> Signed-off-by: Igor Russkikh <igor.russkikh at aquantia.com>

<...>

> @@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
>  void *
>  rte_eth_dev_get_sec_ctx(uint16_t port_id);
>  
> +/**
> + * Enable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param encr
> + *    1 - Enable encryption (encrypt and add integrity signature).
> + *    0 - Disable encryption (only add integrity signature).
> + * @param repl_prot
> + *    1 - Enable replay protection.
> + *    0 - Disable replay protection.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_enable(uint16_t port_id,
> +		      uint8_t encr, uint8_t repl_prot);
> +
> +/**
> + * Disable MACsec offload.
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_disable(uint16_t port_id);
> +
> +/**
> + * Configure Rx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the remote side.
> + * @param pi
> + *   The PI (port identifier) on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_rxsc(uint16_t port_id,
> +			   uint8_t *mac, uint16_t pi);
> +
> +/**
> + * Configure Tx SC (Secure Connection).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param mac
> + *   The MAC address on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_txsc(uint16_t port_id,
> +			   uint8_t *mac);
> +
> +/**
> + * Enable Rx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1)
> + * @param an
> + *   The association number on the remote side.
> + * @param pn
> + *   The packet number on the remote side.
> + * @param key
> + *   The key on the remote side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_rxsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
> +/**
> + * Enable Tx SA (Secure Association).
> + *
> + * @param port_id
> + *   The port identifier of the Ethernet device.
> + * @param idx
> + *   The SA to be enabled (0 or 1).
> + * @param an
> + *   The association number on the local side.
> + * @param pn
> + *   The packet number on the local side.
> + * @param key
> + *   The key on the local side.
> + * @return
> + *   - (0) if successful.
> + *   - (-ENODEV) if *port* invalid.
> + *   - (-ENOTSUP) if hardware doesn't support this feature.
> + *   - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_txsa(uint16_t port_id,
> +			   uint8_t idx, uint8_t an,
> +			   uint32_t pn, uint8_t *key);
> +
>  
>  #include <rte_ethdev_core.h>
>  

These are new ethdev APIs, not driver code, that have been sent after rc1, so
these didn't go through a proper review cycle, we didn't get any comment on any
other possible driver can use it, I am for postponing the series to next release.

Also there are some mechanical issues [1] but main thing is adding a set of API
to late in release cycle without proper review.
Thomas, Andrew, what do you think?


[1]
- New APIs must be experimental
- Apis should be exported via linker file (.map)

Previous message: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Next message: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list