On 4/10/2019 12:18 PM, Igor Russkikh wrote: > MACSEC related device ops, API and parameters are taken from the > existing ixgbe PMD ops > > Signed-off-by: Igor Russkikh <igor.russk...@aquantia.com>
<...> > @@ -3872,6 +3872,121 @@ rte_eth_dev_pool_ops_supported(uint16_t port_id, > const char *pool); > void * > rte_eth_dev_get_sec_ctx(uint16_t port_id); > > +/** > + * Enable MACsec offload. > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @param encr > + * 1 - Enable encryption (encrypt and add integrity signature). > + * 0 - Disable encryption (only add integrity signature). > + * @param repl_prot > + * 1 - Enable replay protection. > + * 0 - Disable replay protection. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + */ > +int > +rte_eth_macsec_enable(uint16_t port_id, > + uint8_t encr, uint8_t repl_prot); > + > +/** > + * Disable MACsec offload. > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + */ > +int > +rte_eth_macsec_disable(uint16_t port_id); > + > +/** > + * Configure Rx SC (Secure Connection). > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @param mac > + * The MAC address on the remote side. > + * @param pi > + * The PI (port identifier) on the remote side. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + */ > +int > +rte_eth_macsec_config_rxsc(uint16_t port_id, > + uint8_t *mac, uint16_t pi); > + > +/** > + * Configure Tx SC (Secure Connection). > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @param mac > + * The MAC address on the local side. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + */ > +int > +rte_eth_macsec_config_txsc(uint16_t port_id, > + uint8_t *mac); > + > +/** > + * Enable Rx SA (Secure Association). > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @param idx > + * The SA to be enabled (0 or 1) > + * @param an > + * The association number on the remote side. > + * @param pn > + * The packet number on the remote side. > + * @param key > + * The key on the remote side. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + * - (-EINVAL) if bad parameter. > + */ > +int > +rte_eth_macsec_select_rxsa(uint16_t port_id, > + uint8_t idx, uint8_t an, > + uint32_t pn, uint8_t *key); > + > +/** > + * Enable Tx SA (Secure Association). > + * > + * @param port_id > + * The port identifier of the Ethernet device. > + * @param idx > + * The SA to be enabled (0 or 1). > + * @param an > + * The association number on the local side. > + * @param pn > + * The packet number on the local side. > + * @param key > + * The key on the local side. > + * @return > + * - (0) if successful. > + * - (-ENODEV) if *port* invalid. > + * - (-ENOTSUP) if hardware doesn't support this feature. > + * - (-EINVAL) if bad parameter. > + */ > +int > +rte_eth_macsec_select_txsa(uint16_t port_id, > + uint8_t idx, uint8_t an, > + uint32_t pn, uint8_t *key); > + > > #include <rte_ethdev_core.h> > These are new ethdev APIs, not driver code, that have been sent after rc1, so these didn't go through a proper review cycle, we didn't get any comment on any other possible driver can use it, I am for postponing the series to next release. Also there are some mechanical issues [1] but main thing is adding a set of API to late in release cycle without proper review. Thomas, Andrew, what do you think? [1] - New APIs must be experimental - Apis should be exported via linker file (.map)
