From: Ferruh Yigit <ferruh.yigit@intel.com>
To: Igor Russkikh <Igor.Russkikh@aquantia.com>,
"dev@dpdk.org" <dev@dpdk.org>
Cc: Pavel Belous <Pavel.Belous@aquantia.com>,
Wenzhuo Lu <wenzhuo.lu@intel.com>,
Jingjing Wu <jingjing.wu@intel.com>,
Bernard Iremonger <bernard.iremonger@intel.com>,
John McNamara <john.mcnamara@intel.com>,
Marko Kovacevic <marko.kovacevic@intel.com>,
Konstantin Ananyev <konstantin.ananyev@intel.com>,
Thomas Monjalon <thomas@monjalon.net>,
Andrew Rybchenko <arybchenko@solarflare.com>
Subject: Re: [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops
Date: Fri, 12 Apr 2019 19:26:04 +0100 [thread overview]
Message-ID: <429e73da-ca5b-1e97-7098-e720be3fae09@intel.com> (raw)
In-Reply-To: <69b3fcf19cb3e11fae93281f40a1bbc0ec5a2e38.1554894242.git.igor.russkikh@aquantia.com>
On 4/10/2019 12:18 PM, Igor Russkikh wrote:
> MACSEC related device ops, API and parameters are taken from the
> existing ixgbe PMD ops
>
> Signed-off-by: Igor Russkikh <igor.russkikh@aquantia.com>
<...>
> @@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, const char *pool);
> void *
> rte_eth_dev_get_sec_ctx(uint16_t port_id);
>
> +/**
> + * Enable MACsec offload.
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @param encr
> + * 1 - Enable encryption (encrypt and add integrity signature).
> + * 0 - Disable encryption (only add integrity signature).
> + * @param repl_prot
> + * 1 - Enable replay protection.
> + * 0 - Disable replay protection.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_enable(uint16_t port_id,
> + uint8_t encr, uint8_t repl_prot);
> +
> +/**
> + * Disable MACsec offload.
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_disable(uint16_t port_id);
> +
> +/**
> + * Configure Rx SC (Secure Connection).
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @param mac
> + * The MAC address on the remote side.
> + * @param pi
> + * The PI (port identifier) on the remote side.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_rxsc(uint16_t port_id,
> + uint8_t *mac, uint16_t pi);
> +
> +/**
> + * Configure Tx SC (Secure Connection).
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @param mac
> + * The MAC address on the local side.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + */
> +int
> +rte_eth_macsec_config_txsc(uint16_t port_id,
> + uint8_t *mac);
> +
> +/**
> + * Enable Rx SA (Secure Association).
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @param idx
> + * The SA to be enabled (0 or 1)
> + * @param an
> + * The association number on the remote side.
> + * @param pn
> + * The packet number on the remote side.
> + * @param key
> + * The key on the remote side.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + * - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_rxsa(uint16_t port_id,
> + uint8_t idx, uint8_t an,
> + uint32_t pn, uint8_t *key);
> +
> +/**
> + * Enable Tx SA (Secure Association).
> + *
> + * @param port_id
> + * The port identifier of the Ethernet device.
> + * @param idx
> + * The SA to be enabled (0 or 1).
> + * @param an
> + * The association number on the local side.
> + * @param pn
> + * The packet number on the local side.
> + * @param key
> + * The key on the local side.
> + * @return
> + * - (0) if successful.
> + * - (-ENODEV) if *port* invalid.
> + * - (-ENOTSUP) if hardware doesn't support this feature.
> + * - (-EINVAL) if bad parameter.
> + */
> +int
> +rte_eth_macsec_select_txsa(uint16_t port_id,
> + uint8_t idx, uint8_t an,
> + uint32_t pn, uint8_t *key);
> +
>
> #include <rte_ethdev_core.h>
>
These are new ethdev APIs, not driver code, that have been sent after rc1, so
these didn't go through a proper review cycle, we didn't get any comment on any
other possible driver can use it, I am for postponing the series to next release.
Also there are some mechanical issues [1] but main thing is adding a set of API
to late in release cycle without proper review.
Thomas, Andrew, what do you think?
[1]
- New APIs must be experimental
- Apis should be exported via linker file (.map)
next prev parent reply other threads:[~2019-04-12 18:26 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-10 11:18 [dpdk-dev] [PATCH 00/10] add MACSEC hw offload to atlantic PMD Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 01/10] ethdev: introduce MACSEC device ops Igor Russkikh
2019-04-10 11:46 ` Thomas Monjalon
2019-04-11 12:37 ` Igor Russkikh
2019-04-11 21:15 ` Thomas Monjalon
2019-04-12 8:50 ` Igor Russkikh
2019-04-12 11:22 ` Thomas Monjalon
2019-04-12 18:26 ` Ferruh Yigit [this message]
2019-04-13 7:24 ` Igor Russkikh
2019-04-16 9:43 ` Ferruh Yigit
2019-04-16 9:58 ` Andrew Rybchenko
2019-04-16 10:11 ` Thomas Monjalon
2019-04-16 10:19 ` Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 02/10] app/testpmd: use generic MACSEC API calls Igor Russkikh
2019-04-10 11:50 ` Thomas Monjalon
2019-04-10 11:18 ` [dpdk-dev] [PATCH 03/10] net/ixgbe: macsec callbacks implementation Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 04/10] net/atlantic: macsec hardware structures declaration Igor Russkikh
2019-04-10 11:18 ` [dpdk-dev] [PATCH 05/10] net/atlantic: macsec configuration code Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 06/10] net/atlantic: macsec firmware interface Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 07/10] net/atlantic: interrupt handling of macsec events Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 08/10] net/atlantic: implement macsec statistics Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 09/10] net/atlantic: bump internal driver version Igor Russkikh
2019-04-10 11:19 ` [dpdk-dev] [PATCH 10/10] net/atlantic: indicate macsec in NIC docs Igor Russkikh
2019-04-10 11:47 ` Thomas Monjalon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=429e73da-ca5b-1e97-7098-e720be3fae09@intel.com \
--to=ferruh.yigit@intel.com \
--cc=Igor.Russkikh@aquantia.com \
--cc=Pavel.Belous@aquantia.com \
--cc=arybchenko@solarflare.com \
--cc=bernard.iremonger@intel.com \
--cc=dev@dpdk.org \
--cc=jingjing.wu@intel.com \
--cc=john.mcnamara@intel.com \
--cc=konstantin.ananyev@intel.com \
--cc=marko.kovacevic@intel.com \
--cc=thomas@monjalon.net \
--cc=wenzhuo.lu@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.