[EXT] Re: [PATCH 02/13] security: add MACsec packet number threshold
Akhil Goyal
gakhil at marvell.com
Wed May 24 10:09:17 CEST 2023
> Subject: RE: [EXT] Re: [PATCH 02/13] security: add MACsec packet number
> threshold
>
> > On Wed, 24 May 2023 01:19:07 +0530
> > Akhil Goyal <gakhil at marvell.com> wrote:
> >
> > > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> > > index c7a523b6d6..30bac4e25a 100644
> > > --- a/lib/security/rte_security.h
> > > +++ b/lib/security/rte_security.h
> > > @@ -399,6 +399,8 @@ struct rte_security_macsec_sa {
> > > struct rte_security_macsec_sc {
> > > /** Direction of SC */
> > > enum rte_security_macsec_direction dir;
> > > + /** Packet number threshold */
> > > + uint64_t pn_threshold;
> > > union {
> > > struct {
> > > /** SAs for each association number */
> > > @@ -407,8 +409,10 @@ struct rte_security_macsec_sc {
> > > uint8_t sa_in_use[RTE_SECURITY_MACSEC_NUM_AN];
> > > /** Channel is active */
> > > uint8_t active : 1;
> > > + /** Extended packet number is enabled for SAs */
> > > + uint8_t is_xpn : 1;
> > > /** Reserved bitfields for future */
> > > - uint8_t reserved : 7;
> > > + uint8
> >
> > Is this an ABI change? If so needs to wait for 23.11 release
> rte_security_macsec_sc/sa_create are experimental APIs. So, it won't be an
> issue I believe.
Looking at the ABI issues reported for this patchset.
Even if these APIs are experimental, we cannot really change them.
As all are part of rte_security_ctx which is exposed.
But, user is not required to know its contents and it should not be exposed.
In next release I would make it internal like rte_security_session.
For now, I would defer this MACsec support to next release.
More information about the dev
mailing list