> Subject: [PATCH v2 0/3] security: support MACsec > > Added support for MACsec in rte_security for offloading > MACsec Protocol operation to inline NIC device or a crypto device. > > To support MACsec we cannot just make one security session and > send with the packet to process it. MACsec specifications suggest, > it can have 3 different entities - SECY Entity, SC(secure channel) and > SA(security association). And same SA can be used by multiple SCs and > similarly many SECY can have same SCs. Hence, in order to support this > many to one relationships between all entities, 2 new APIs are created - > rte_security_macsec_sc_create and rte_security_sa_create. > Flow of execution of the APIs would be as > - rte_security_macsec_sa_create > - rte_security_macsec_sc_create > - rte_security_session_create(for secy) > And in case of inline protocol processing rte_flow can be created with > rte_security action similar to IPsec flows except that the flow item > will be MACsec instead of IPsec. > > A new flow item is added for MACsec header and a set of events are added > to specify the errors occurred during inline protocol processing. > > New APIs are also created for getting SC and SA stats. > > Patches for PMD implementation and test app are submitted separately > which can be separately applied after RC1.
WIP Patches are sent to support this series to be merged in RC1. http://patches.dpdk.org/project/dpdk/list/?series=24879 > > Changes in v2: > - Incorporated comments from Olivier except the one to split tci_an into > bitfields. > - added release notes and removed deprecation notice. > - added some missing fields in rte_security patch. > > > Akhil Goyal (3): > net: add MACsec header > ethdev: add MACsec flow item > security: support MACsec > > doc/api/doxy-api-index.md | 3 +- > doc/guides/prog_guide/rte_security.rst | 107 ++++++- > doc/guides/rel_notes/deprecation.rst | 5 - > doc/guides/rel_notes/release_22_11.rst | 10 + > lib/ethdev/rte_ethdev.h | 55 ++++ > lib/ethdev/rte_flow.h | 18 ++ > lib/net/meson.build | 1 + > lib/net/rte_macsec.h | 61 ++++ > lib/security/rte_security.c | 86 ++++++ > lib/security/rte_security.h | 370 ++++++++++++++++++++++++- > lib/security/rte_security_driver.h | 86 ++++++ > lib/security/version.map | 6 + > 12 files changed, 789 insertions(+), 19 deletions(-) > create mode 100644 lib/net/rte_macsec.h > > -- > 2.25.1
