[PATCH v2 0/3] security: support MACsec

Akhil Goyal gakhil at marvell.com
Wed Sep 28 14:52:54 CEST 2022

Previous message (by thread): [PATCH 5/5] test/security: add more MACsec cases
Next message (by thread): [PATCH v3 0/3] security: support MACsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Subject: [PATCH v2 0/3] security: support MACsec
> 
> Added support for MACsec in rte_security for offloading
> MACsec Protocol operation to inline NIC device or a crypto device.
> 
> To support MACsec we cannot just make one security session and
> send with the packet to process it. MACsec specifications suggest,
> it can have 3 different entities - SECY Entity, SC(secure channel) and
> SA(security association). And same SA can be used by multiple SCs and
> similarly many SECY can have same SCs. Hence, in order to support this
> many to one relationships between all entities, 2 new APIs are created -
> rte_security_macsec_sc_create and rte_security_sa_create.
> Flow of execution of the APIs would be as
> - rte_security_macsec_sa_create
> - rte_security_macsec_sc_create
> - rte_security_session_create(for secy)
> And in case of inline protocol processing rte_flow can be created with
> rte_security action similar to IPsec flows except that the flow item
> will be MACsec instead of IPsec.
> 
> A new flow item is added for MACsec header and a set of events are added
> to specify the errors occurred during inline protocol processing.
> 
> New APIs are also created for getting SC and SA stats.
> 
> Patches for PMD implementation and test app are submitted separately
> which can be separately applied after RC1.

WIP Patches are sent to support this series to be merged in RC1.
http://patches.dpdk.org/project/dpdk/list/?series=24879

> 
> Changes in v2:
> - Incorporated comments from Olivier except the one to split tci_an into
>   bitfields.
> - added release notes and removed deprecation notice.
> - added some missing fields in rte_security patch.
> 
> 
> Akhil Goyal (3):
>   net: add MACsec header
>   ethdev: add MACsec flow item
>   security: support MACsec
> 
>  doc/api/doxy-api-index.md              |   3 +-
>  doc/guides/prog_guide/rte_security.rst | 107 ++++++-
>  doc/guides/rel_notes/deprecation.rst   |   5 -
>  doc/guides/rel_notes/release_22_11.rst |  10 +
>  lib/ethdev/rte_ethdev.h                |  55 ++++
>  lib/ethdev/rte_flow.h                  |  18 ++
>  lib/net/meson.build                    |   1 +
>  lib/net/rte_macsec.h                   |  61 ++++
>  lib/security/rte_security.c            |  86 ++++++
>  lib/security/rte_security.h            | 370 ++++++++++++++++++++++++-
>  lib/security/rte_security_driver.h     |  86 ++++++
>  lib/security/version.map               |   6 +
>  12 files changed, 789 insertions(+), 19 deletions(-)
>  create mode 100644 lib/net/rte_macsec.h
> 
> --
> 2.25.1

Previous message (by thread): [PATCH 5/5] test/security: add more MACsec cases
Next message (by thread): [PATCH v3 0/3] security: support MACsec
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list