[PATCH v2 0/3] security: support MACsec
Akhil Goyal
gakhil at marvell.com
Wed Sep 28 14:52:54 CEST 2022
> Subject: [PATCH v2 0/3] security: support MACsec
>
> Added support for MACsec in rte_security for offloading
> MACsec Protocol operation to inline NIC device or a crypto device.
>
> To support MACsec we cannot just make one security session and
> send with the packet to process it. MACsec specifications suggest,
> it can have 3 different entities - SECY Entity, SC(secure channel) and
> SA(security association). And same SA can be used by multiple SCs and
> similarly many SECY can have same SCs. Hence, in order to support this
> many to one relationships between all entities, 2 new APIs are created -
> rte_security_macsec_sc_create and rte_security_sa_create.
> Flow of execution of the APIs would be as
> - rte_security_macsec_sa_create
> - rte_security_macsec_sc_create
> - rte_security_session_create(for secy)
> And in case of inline protocol processing rte_flow can be created with
> rte_security action similar to IPsec flows except that the flow item
> will be MACsec instead of IPsec.
>
> A new flow item is added for MACsec header and a set of events are added
> to specify the errors occurred during inline protocol processing.
>
> New APIs are also created for getting SC and SA stats.
>
> Patches for PMD implementation and test app are submitted separately
> which can be separately applied after RC1.
WIP Patches are sent to support this series to be merged in RC1.
http://patches.dpdk.org/project/dpdk/list/?series=24879
>
> Changes in v2:
> - Incorporated comments from Olivier except the one to split tci_an into
> bitfields.
> - added release notes and removed deprecation notice.
> - added some missing fields in rte_security patch.
>
>
> Akhil Goyal (3):
> net: add MACsec header
> ethdev: add MACsec flow item
> security: support MACsec
>
> doc/api/doxy-api-index.md | 3 +-
> doc/guides/prog_guide/rte_security.rst | 107 ++++++-
> doc/guides/rel_notes/deprecation.rst | 5 -
> doc/guides/rel_notes/release_22_11.rst | 10 +
> lib/ethdev/rte_ethdev.h | 55 ++++
> lib/ethdev/rte_flow.h | 18 ++
> lib/net/meson.build | 1 +
> lib/net/rte_macsec.h | 61 ++++
> lib/security/rte_security.c | 86 ++++++
> lib/security/rte_security.h | 370 ++++++++++++++++++++++++-
> lib/security/rte_security_driver.h | 86 ++++++
> lib/security/version.map | 6 +
> 12 files changed, 789 insertions(+), 19 deletions(-)
> create mode 100644 lib/net/rte_macsec.h
>
> --
> 2.25.1
More information about the dev
mailing list