> -----Original Message-----
> From: Akhil Goyal <gak...@marvell.com>
> Sent: Sunday, 14 August 2022 21:46
>
> A new flow item is defined for MACsec flows which can be
> offloaded to an inline device. If the flow matches with
> MACsec header, device will process as per the security
> session created using rte_security APIs.
> If an error comes while MACsec processing in HW, PMD will
> notify with the events defined in this patch.
>
> Signed-off-by: Akhil Goyal <gak...@marvell.com>
> ---
> lib/ethdev/rte_ethdev.h | 55
> +++++++++++++++++++++++++++++++++++++++++
> lib/ethdev/rte_flow.h | 18 ++++++++++++++
> 2 files changed, 73 insertions(+)
>
> diff --git a/lib/ethdev/rte_ethdev.h b/lib/ethdev/rte_ethdev.h
> index de9e970d4d..24661b01e9 100644
> --- a/lib/ethdev/rte_ethdev.h
> +++ b/lib/ethdev/rte_ethdev.h
> @@ -3864,6 +3864,61 @@ rte_eth_tx_buffer_count_callback(struct
> rte_mbuf **pkts, uint16_t unsent,
> int
> rte_eth_tx_done_cleanup(uint16_t port_id, uint16_t queue_id, uint32_t
> free_cnt);
>
> +/**
> + * Subtypes for MACsec offload event(@ref RTE_ETH_EVENT_MACSEC)
> raised by
> + * Ethernet device.
> + */
> +enum rte_eth_macsec_event_subtype {
> + RTE_ETH_MACSEC_SUBEVENT_UNKNOWN,
> + /* subevents of RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR sectag
> validation events
> + * RTE_ETH_MACSEC_EVENT_RX_SECTAG_V_EQ1
> + * Validation check: SecTag.TCI.V = 1
> + * RTE_ETH_MACSEC_EVENT_RX_SECTAG_E_EQ0_C_EQ1
> + * Validation check: SecTag.TCI.E = 0 && SecTag.TCI.C = 1
> + * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SL_GTE48
> + * Validation check: SecTag.SL >= 'd48
> + * RTE_ETH_MACSEC_EVENT_RX_SECTAG_ES_EQ1_SC_EQ1
> + * Validation check: SecTag.TCI.ES = 1 && SecTag.TCI.SC = 1
> + * RTE_ETH_MACSEC_EVENT_RX_SECTAG_SC_EQ1_SCB_EQ1
> + * Validation check: SecTag.TCI.SC = 1 && SecTag.TCI.SCB = 1
> + */
> + RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_V_EQ1,
> + RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_E_EQ0_C_EQ1,
> + RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SL_GTE48,
> + RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_ES_EQ1_SC_EQ1,
> + RTE_ETH_MACSEC_SUBEVENT_RX_SECTAG_SC_EQ1_SCB_EQ1,
> +};
> +
> +enum rte_eth_macsec_event_type {
> + RTE_ETH_MACSEC_EVENT_UNKNOWN,
> + RTE_ETH_MACSEC_EVENT_SECTAG_VAL_ERR,
> + RTE_ETH_MACSEC_EVENT_RX_SA_PN_HARD_EXP,
> + RTE_ETH_MACSEC_EVENT_RX_SA_PN_SOFT_EXP,
> + RTE_ETH_MACSEC_EVENT_TX_SA_PN_HARD_EXP,
> + RTE_ETH_MACSEC_EVENT_TX_SA_PN_SOFT_EXP,
> + /* Notifies Invalid SA event */
> + RTE_ETH_MACSEC_EVENT_SA_NOT_VALID,
> +};
> +
> +/**
> + * Descriptor for @ref RTE_ETH_EVENT_MACSEC event. Used by eth dev to
> send extra
> + * information of the MACsec offload event.
> + */
> +struct rte_eth_event_macsec_desc {
> + enum rte_eth_macsec_event_type type;
> + enum rte_eth_macsec_event_subtype subtype;
> + /**
> + * Event specific metadata.
> + *
> + * For the following events, *userdata* registered
> + * with the *rte_security_session* would be returned
> + * as metadata,
> + *
> + * @see struct rte_security_session_conf
> + */
> + uint64_t metadata;
> +};
> +
> /**
> * Subtypes for IPsec offload event(@ref RTE_ETH_EVENT_IPSEC) raised by
> * eth device.
> diff --git a/lib/ethdev/rte_flow.h b/lib/ethdev/rte_flow.h
> index a79f1e7ef0..4114c84a02 100644
> --- a/lib/ethdev/rte_flow.h
> +++ b/lib/ethdev/rte_flow.h
> @@ -35,6 +35,7 @@
> #include <rte_l2tpv2.h>
> #include <rte_ppp.h>
> #include <rte_gre.h>
> +#include <rte_macsec.h>
>
> #ifdef __cplusplus
> extern "C" {
> @@ -668,6 +669,13 @@ enum rte_flow_item_type {
> * See struct rte_flow_item_gre_opt.
> */
> RTE_FLOW_ITEM_TYPE_GRE_OPTION,
> +
> + /**
> + * Matches MACsec Ethernet Header.
> + *
> + * See struct rte_flow_item_macsec.
> + */
> + RTE_FLOW_ITEM_TYPE_MACSEC,
> };
>
> /**
> @@ -1214,6 +1222,16 @@ struct rte_flow_item_gre_opt {
> struct rte_gre_hdr_opt_sequence sequence;
> };
>
> +/**
> + * RTE_FLOW_ITEM_TYPE_MACSEC.
> + *
> + * Matches MACsec header.
> + */
> +struct rte_flow_item_macsec {
> + struct rte_macsec_hdr macsec_hdr;
> +};
> +
> +
> /**
> * RTE_FLOW_ITEM_TYPE_FUZZY
> *
> --
> 2.25.1
Acked-by: Ori Kam <or...@nvidia.com>
Best,
Ori
