#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <inttypes.h>
#include <sys/types.h>
#include <sys/queue.h>
#include <setjmp.h>
#include <stdarg.h>
#include <ctype.h>
#include <errno.h>
#include <getopt.h>
#include <signal.h>
#include <stdbool.h>
static volatile bool force_quit;
static int mac_updating;
static int promiscuous_on = 1;
#define RTE_LOGTYPE_L2FWD RTE_LOGTYPE_USER1
#define MAX_PKT_BURST 32
#define BURST_TX_DRAIN_US 100
#define MEMPOOL_CACHE_SIZE 256
#define SESSION_POOL_CACHE_SIZE 0
#define RX_DESC_DEFAULT 1024
#define TX_DESC_DEFAULT 1024
static uint16_t nb_rxd = RX_DESC_DEFAULT;
static uint16_t nb_txd = TX_DESC_DEFAULT;
static struct rte_ether_addr l2fwd_ports_eth_addr[RTE_MAX_ETHPORTS];
static struct rte_ether_hdr port_ether_hdr_config[RTE_MAX_ETHPORTS];
static uint32_t l2fwd_enabled_port_mask;
static uint32_t l2fwd_dst_ports[RTE_MAX_ETHPORTS];
#define NUM_PORTS 2
uint16_t port[NUM_PORTS];
};
static struct port_pair_params port_pair_params_array[RTE_MAX_ETHPORTS / 2];
static struct port_pair_params *port_pair_params;
static uint16_t nb_port_pair_params;
static unsigned int l2fwd_rx_queue_per_lcore = 1;
#define MAX_RX_QUEUE_PER_LCORE 16
#define MAX_TX_QUEUE_PER_PORT 16
unsigned int n_rx_port;
unsigned int rx_port_list[MAX_RX_QUEUE_PER_LCORE];
};
struct lcore_queue_conf lcore_queue_conf[RTE_MAX_LCORE];
},
};
uint64_t tx;
uint64_t rx;
uint64_t dropped;
};
struct l2fwd_port_statistics port_statistics[RTE_MAX_ETHPORTS];
#define MAX_TIMER_PERIOD 86400
static uint64_t timer_period = 10;
#define MCS_MAX_KEY_LEN 32
#define MCS_SALT_LEN 12
struct l2fwd_key {
uint8_t data[MCS_MAX_KEY_LEN];
uint32_t len;
};
struct l2fwd_macsec_options {
unsigned int portmask;
unsigned int tx_portmask;
unsigned int rx_portmask;
unsigned int nb_ports_per_lcore;
unsigned int refresh_period;
unsigned int single_lcore:1;
};
struct l2fwd_macsec_port_params {
uint8_t dev_id;
uint8_t qp_id;
void *sec_ctx;
void *sess;
uint16_t sa_id[4];
uint16_t sc_id;
struct rte_flow *tx_flow;
struct rte_flow *rx_flow;
struct l2fwd_key sa_key;
uint8_t salt[MCS_SALT_LEN];
uint32_t ssci;
uint64_t sci;
uint64_t pn_threshold;
uint32_t xpn;
uint32_t next_pn;
uint32_t mtu;
uint8_t sectag_insert_mode;
bool encrypt;
bool protect_frames;
bool replay_protect;
int val_frames;
uint32_t replay_win_sz;
bool send_sci;
bool end_station;
bool scb;
uint8_t an;
};
struct l2fwd_macsec_port_params mcs_port_params[RTE_MAX_ETHPORTS];
static void
mcs_stats_dump(uint16_t portid)
{
struct rte_security_stats sess_stats = {0};
struct rte_security_macsec_secy_stats *secy_stat;
struct rte_security_macsec_sc_stats sc_stat = {0};
printf("\n********* RX SECY STATS ************\n");
mcs_port_params[portid].sess, &sess_stats);
secy_stat = &sess_stats.macsec;
if (secy_stat->ctl_pkt_bcast_cnt)
printf("RX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_bcast_cnt);
if (secy_stat->ctl_pkt_mcast_cnt)
printf("RX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_mcast_cnt);
if (secy_stat->ctl_pkt_ucast_cnt)
printf("RX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_ucast_cnt);
if (secy_stat->ctl_octet_cnt)
printf("RX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
if (secy_stat->unctl_pkt_bcast_cnt)
printf("RX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_bcast_cnt);
if (secy_stat->unctl_pkt_mcast_cnt)
printf("RX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_mcast_cnt);
if (secy_stat->unctl_pkt_ucast_cnt)
printf("RX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_ucast_cnt);
if (secy_stat->unctl_octet_cnt)
printf("RX: unctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->unctl_octet_cnt);
if (secy_stat->octet_decrypted_cnt)
printf("RX: octet_decrypted_cnt: 0x%" PRIx64 "\n",
secy_stat->octet_decrypted_cnt);
if (secy_stat->octet_validated_cnt)
printf("RX: octet_validated_cnt: 0x%" PRIx64 "\n",
secy_stat->octet_validated_cnt);
if (secy_stat->pkt_port_disabled_cnt)
printf("RX: pkt_port_disabled_cnt: 0x%" PRIx64 "\n",
secy_stat->pkt_port_disabled_cnt);
if (secy_stat->pkt_badtag_cnt)
printf("RX: pkt_badtag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_badtag_cnt);
if (secy_stat->pkt_nosa_cnt)
printf("RX: pkt_nosa_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_nosa_cnt);
if (secy_stat->pkt_nosaerror_cnt)
printf("RX: pkt_nosaerror_cnt: 0x%" PRIx64 "\n",
secy_stat->pkt_nosaerror_cnt);
if (secy_stat->pkt_tagged_ctl_cnt)
printf("RX: pkt_tagged_ctl_cnt: 0x%" PRIx64 "\n",
secy_stat->pkt_tagged_ctl_cnt);
if (secy_stat->pkt_untaged_cnt)
printf("RX: pkt_untaged_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_untaged_cnt);
if (secy_stat->pkt_ctl_cnt)
printf("RX: pkt_ctl_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_ctl_cnt);
if (secy_stat->pkt_notag_cnt)
printf("RX: pkt_notag_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_notag_cnt);
printf("\n");
printf("\n********** RX SC[%u] STATS **************\n",
mcs_port_params[portid].sc_id);
&sc_stat);
if (sc_stat.hit_cnt)
printf("RX hit_cnt: 0x%" PRIx64 "\n", sc_stat.hit_cnt);
if (sc_stat.pkt_invalid_cnt)
printf("RX pkt_invalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_invalid_cnt);
if (sc_stat.pkt_late_cnt)
printf("RX pkt_late_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_late_cnt);
if (sc_stat.pkt_notvalid_cnt)
printf("RX pkt_notvalid_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_notvalid_cnt);
if (sc_stat.pkt_unchecked_cnt)
printf("RX pkt_unchecked_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_unchecked_cnt);
if (sc_stat.pkt_delay_cnt)
printf("RX pkt_delay_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_delay_cnt);
if (sc_stat.pkt_ok_cnt)
printf("RX pkt_ok_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_ok_cnt);
if (sc_stat.octet_decrypt_cnt)
printf("RX octet_decrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_decrypt_cnt);
if (sc_stat.octet_validate_cnt)
printf("RX octet_validate_cnt: 0x%" PRIx64 "\n",
sc_stat.octet_validate_cnt);
}
memset(&sess_stats, 0, sizeof(struct rte_security_stats));
mcs_port_params[portid].sess, &sess_stats);
secy_stat = &sess_stats.macsec;
printf("\n********* TX SECY STATS ************\n");
if (secy_stat->ctl_pkt_bcast_cnt)
printf("TX: ctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_bcast_cnt);
if (secy_stat->ctl_pkt_mcast_cnt)
printf("TX: ctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_mcast_cnt);
if (secy_stat->ctl_pkt_ucast_cnt)
printf("TX: ctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
secy_stat->ctl_pkt_ucast_cnt);
if (secy_stat->ctl_octet_cnt)
printf("TX: ctl_octet_cnt: 0x%" PRIx64 "\n", secy_stat->ctl_octet_cnt);
if (secy_stat->unctl_pkt_bcast_cnt)
printf("TX: unctl_pkt_bcast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_bcast_cnt);
if (secy_stat->unctl_pkt_mcast_cnt)
printf("TX: unctl_pkt_mcast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_mcast_cnt);
if (secy_stat->unctl_pkt_ucast_cnt)
printf("TX: unctl_pkt_ucast_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_pkt_ucast_cnt);
if (secy_stat->unctl_octet_cnt)
printf("TX: unctl_octet_cnt: 0x%" PRIx64 "\n",
secy_stat->unctl_octet_cnt);
if (secy_stat->octet_encrypted_cnt)
printf("TX: octet_encrypted_cnt: 0x%" PRIx64 "\n",
secy_stat->octet_encrypted_cnt);
if (secy_stat->octet_protected_cnt)
printf("TX: octet_protected_cnt: 0x%" PRIx64 "\n",
secy_stat->octet_protected_cnt);
if (secy_stat->pkt_noactivesa_cnt)
printf("TX: pkt_noactivesa_cnt: 0x%" PRIx64 "\n",
secy_stat->pkt_noactivesa_cnt);
if (secy_stat->pkt_toolong_cnt)
printf("TX: pkt_toolong_cnt: 0x%" PRIx64 "\n", secy_stat->pkt_toolong_cnt);
if (secy_stat->pkt_untagged_cnt)
printf("TX: pkt_untagged_cnt: 0x%" PRIx64 "\n",
secy_stat->pkt_untagged_cnt);
memset(&sc_stat, 0, sizeof(struct rte_security_macsec_sc_stats));
&sc_stat);
printf("\n********** TX SC[%u] STATS **************\n",
mcs_port_params[portid].sc_id);
if (sc_stat.pkt_encrypt_cnt)
printf("TX pkt_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_encrypt_cnt);
if (sc_stat.pkt_protected_cnt)
printf("TX pkt_protected_cnt: 0x%" PRIx64 "\n", sc_stat.pkt_protected_cnt);
if (sc_stat.octet_encrypt_cnt)
printf("TX octet_encrypt_cnt: 0x%" PRIx64 "\n", sc_stat.octet_encrypt_cnt);
}
}
static void
print_stats(void)
{
uint64_t total_packets_dropped, total_packets_tx, total_packets_rx;
unsigned int portid;
total_packets_dropped = 0;
total_packets_tx = 0;
total_packets_rx = 0;
const char clr[] = { 27, '[', '2', 'J', '\0' };
const char topLeft[] = { 27, '[', '1', ';', '1', 'H', '\0' };
printf("%s%s", clr, topLeft);
printf("\nPort statistics ====================================");
for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++) {
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
continue;
printf("\nStatistics for port %u ------------------------------"
"\nPackets sent: %24"PRIu64
"\nPackets received: %20"PRIu64
"\nPackets dropped: %21"PRIu64,
portid,
port_statistics[portid].tx,
port_statistics[portid].rx,
port_statistics[portid].dropped);
total_packets_dropped += port_statistics[portid].dropped;
total_packets_tx += port_statistics[portid].tx;
total_packets_rx += port_statistics[portid].rx;
mcs_stats_dump(portid);
}
printf("\nAggregate statistics ==============================="
"\nTotal packets sent: %18"PRIu64
"\nTotal packets received: %14"PRIu64
"\nTotal packets dropped: %15"PRIu64,
total_packets_tx,
total_packets_rx,
total_packets_dropped);
printf("\n====================================================\n");
fflush(stdout);
}
static void
l2fwd_mac_updating(
struct rte_mbuf *m,
unsigned int dest_portid)
{
void *tmp;
*((uint64_t *)tmp) = 0x000000000002 + ((uint64_t)dest_portid << 40);
}
static void
l2fwd_simple_forward(
struct rte_mbuf *m,
unsigned int portid)
{
unsigned int dst_port;
int sent;
dst_port = l2fwd_dst_ports[portid];
if (mac_updating)
l2fwd_mac_updating(m, dst_port);
buffer = tx_buffer[dst_port];
if (sent)
port_statistics[dst_port].tx += sent;
}
static void
{
sa->
dir = mcs_port_params[portid].dir;
sa->
key.
data = mcs_port_params[portid].sa_key.data;
sa->
key.
length = mcs_port_params[portid].sa_key.len;
memcpy((uint8_t *)sa->
salt, (
const uint8_t *)mcs_port_params[portid].salt,
sa->
ssci = mcs_port_params[portid].ssci;
sa->
xpn = mcs_port_params[portid].xpn;
sa->
next_pn = mcs_port_params[portid].next_pn;
}
static void
{
uint8_t i;
sc_conf->
dir = mcs_port_params[portid].dir;
sc_conf->
pn_threshold = mcs_port_params[portid].pn_threshold;
sc_conf->
sc_tx.
sa_id = mcs_port_params[portid].sa_id[0];
if (mcs_port_params[portid].sa_id[1] != 0xFFFF) {
sc_conf->sc_tx.
sa_id_rekey = mcs_port_params[portid].sa_id[1];
}
sc_conf->sc_tx.
sci = mcs_port_params[portid].sci;
} else {
if (mcs_port_params[portid].sa_id[i] != 0xFFFF) {
sc_conf->
sc_rx.
sa_id[i] = mcs_port_params[portid].sa_id[i];
}
}
}
}
static int
{
sess_conf->
macsec.
dir = mcs_port_params[portid].dir;
sess_conf->macsec.
alg = mcs_port_params[portid].alg;
sess_conf->macsec.
sci = mcs_port_params[portid].sci;
sess_conf->macsec.
sc_id = mcs_port_params[portid].sc_id;
sess_conf->macsec.
tx_secy.
mtu = mcs_port_params[portid].mtu;
(mcs_port_params[portid].sectag_insert_mode == 1) ?
mcs_port_params[portid].sectag_insert_mode;
sess_conf->macsec.tx_secy.
end_station = mcs_port_params[portid].end_station;
sess_conf->macsec.tx_secy.
send_sci = mcs_port_params[portid].send_sci;
sess_conf->macsec.tx_secy.
scb = mcs_port_params[portid].scb;
sess_conf->macsec.tx_secy.
encrypt = mcs_port_params[portid].encrypt;
sess_conf->macsec.tx_secy.
protect_frames = mcs_port_params[portid].protect_frames;
} else {
sess_conf->macsec.
rx_secy.
replay_win_sz = mcs_port_params[portid].replay_win_sz;
sess_conf->macsec.rx_secy.
replay_protect = mcs_port_params[portid].replay_protect;
sess_conf->macsec.rx_secy.
validate_frames = mcs_port_params[portid].val_frames;
}
return 0;
}
static int
create_default_flow(uint16_t portid)
{
struct rte_flow *flow;
.
hdr.
dst_addr.addr_bytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.hdr.src_addr.addr_bytes = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.hdr.ether_type = RTE_BE16(0xFFFF),
};
int ret;
eth.has_vlan = 0;
portid,
pattern[0].spec = ð
pattern[0].mask = ð_mask;
pattern[0].last = NULL;
action[0].conf = mcs_port_params[portid].sess;
action[1].conf = NULL;
if (ret) {
printf("\nValidate flow failed, ret = %d\n", ret);
return -1;
}
if (flow == NULL) {
printf("\nDefault flow rule create failed\n");
return -1;
}
mcs_port_params[portid].tx_flow = flow;
else
mcs_port_params[portid].rx_flow = flow;
return 0;
}
static void
destroy_default_flow(uint16_t portid)
{
int ret;
if (mcs_port_params[portid].tx_flow) {
if (ret) {
printf("\nDefault Tx flow rule destroy failed\n");
return;
}
mcs_port_params[portid].tx_flow = NULL;
}
if (mcs_port_params[portid].rx_flow) {
if (ret) {
printf("\nDefault Rx flow rule destroy failed\n");
return;
}
mcs_port_params[portid].rx_flow = NULL;
}
}
static void
clean_macsec_resources(uint16_t portid)
{
uint8_t an;
destroy_default_flow(portid);
mcs_port_params[portid].sess);
mcs_port_params[portid].sc_id,
mcs_port_params[portid].dir);
if (mcs_port_params[portid].sa_id[an] != 0xFFFF)
mcs_port_params[portid].sa_id[an],
mcs_port_params[portid].dir);
}
}
static int
initialize_macsec_session(uint8_t portid)
{
int id, ret;
fill_macsec_sa_conf(portid, &sa_conf);
if (id < 0) {
printf("MACsec SA create failed : %d.\n", id);
return -1;
}
mcs_port_params[portid].sa_id[0] = (uint16_t)id;
mcs_port_params[portid].sa_id[1] = 0xFFFF;
mcs_port_params[portid].sa_id[2] = 0xFFFF;
mcs_port_params[portid].sa_id[3] = 0xFFFF;
printf(
"\nsa_id %d created.\n", mcs_port_params[portid].
sa_id[0]);
fill_macsec_sc_conf(portid, &sc_conf);
if (id < 0) {
printf("MACsec SC create failed : %d.\n", id);
goto out;
}
mcs_port_params[portid].sc_id = (uint16_t)id;
printf("\nsc_id %d created.\n", mcs_port_params[portid].sc_id);
ret = fill_session_conf(portid, &sess_conf);
if (ret) {
printf("MACsec Session conf failed.\n");
goto out;
}
mcs_port_params[portid].sess =
&sess_conf, mcs_port_params[portid].sess_pool);
if (mcs_port_params[portid].sess == NULL) {
printf(
"MACSEC Session init failed errno: %d.\n",
rte_errno);
goto out;
}
ret = create_default_flow(portid);
if (ret)
goto out;
return 0;
out:
clean_macsec_resources(portid);
return -1;
}
static void
l2fwd_main_loop(void)
{
struct rte_mbuf *pkts_burst[MAX_PKT_BURST];
int sent;
unsigned int lcore_id;
uint64_t prev_tsc, diff_tsc, cur_tsc, timer_tsc;
unsigned int i, j, portid, nb_rx;
struct lcore_queue_conf *qconf;
const uint64_t drain_tsc = (
rte_get_tsc_hz() + US_PER_S - 1) / US_PER_S *
BURST_TX_DRAIN_US;
prev_tsc = 0;
timer_tsc = 0;
qconf = &lcore_queue_conf[lcore_id];
if (qconf->n_rx_port == 0) {
RTE_LOG(INFO, L2FWD,
"lcore %u has nothing to do\n", lcore_id);
return;
}
RTE_LOG(INFO, L2FWD,
"entering main loop on lcore %u\n", lcore_id);
for (i = 0; i < qconf->n_rx_port; i++) {
portid = qconf->rx_port_list[i];
RTE_LOG(INFO, L2FWD,
" -- lcoreid=%u portid=%u\n", lcore_id,
portid);
}
while (!force_quit) {
cur_tsc = rte_rdtsc();
diff_tsc = cur_tsc - prev_tsc;
for (i = 0; i < qconf->n_rx_port; i++) {
portid = l2fwd_dst_ports[qconf->rx_port_list[i]];
buffer = tx_buffer[portid];
if (sent)
port_statistics[portid].tx += sent;
}
if (timer_period > 0) {
timer_tsc += diff_tsc;
if (
unlikely(timer_tsc >= timer_period)) {
print_stats();
timer_tsc = 0;
}
}
}
prev_tsc = cur_tsc;
}
for (i = 0; i < qconf->n_rx_port; i++) {
portid = qconf->rx_port_list[i];
pkts_burst, MAX_PKT_BURST);
continue;
port_statistics[portid].rx += nb_rx;
for (j = 0; j < nb_rx; j++) {
m = pkts_burst[j];
l2fwd_simple_forward(m, portid);
}
}
}
if (force_quit) {
for (i = 0; i < qconf->n_rx_port; i++) {
portid = qconf->rx_port_list[i];
clean_macsec_resources(portid);
}
}
}
static int
{
l2fwd_main_loop();
return 0;
}
static void
l2fwd_usage(const char *prgname)
{
printf("%s [EAL options] -- -p PORTMASK [-q NQ]\n"
" -p PORTMASK: hexadecimal bitmask of ports to configure\n"
" -q NQ: number of queue (=ports) per lcore (default is 1)\n"
" -T PERIOD: statistics will be refreshed each PERIOD seconds (0 to disable, 10 default, 86400 maximum)\n"
" --mcs-tx-portmask: Hexadecimal bitmask for MACsec Tx(Encap) ports\n"
" --mcs-rx-portmask: Hexadecimal bitmask for MACsec Rx(Decap) ports\n"
" --mcs-port-config '(<port>,<src-mac>,<dst-mac>)'\n"
" --portmap: Configure forwarding port pair mapping\n"
" Default: alternate port pairs\n\n",
prgname);
}
static int
l2fwd_parse_portmask(const char *portmask)
{
char *end = NULL;
unsigned long pm;
pm = strtoul(portmask, &end, 16);
if ((portmask[0] == '\0') || (end == NULL) || (*end != '\0'))
return 0;
return pm;
}
static int
l2fwd_parse_port_pair_config(const char *q_arg)
{
enum fieldnames {
FLD_PORT1 = 0,
FLD_PORT2,
_NUM_FLD
};
unsigned long int_fld[_NUM_FLD];
const char *p, *p0 = q_arg;
char *str_fld[_NUM_FLD];
char s[256];
char *end;
int i;
nb_port_pair_params = 0;
while ((p = strchr(p0, '(')) != NULL) {
++p;
p0 = strchr(p, ')');
if (p0 == NULL)
return -1;
return -1;
_NUM_FLD, ',') != _NUM_FLD)
return -1;
for (i = 0; i < _NUM_FLD; i++) {
errno = 0;
int_fld[i] = strtoul(str_fld[i], &end, 0);
if (errno != 0 || end == str_fld[i] ||
int_fld[i] >= RTE_MAX_ETHPORTS)
return -1;
}
if (nb_port_pair_params >= RTE_MAX_ETHPORTS/2) {
printf("exceeded max number of port pair params: %hu\n",
nb_port_pair_params);
return -1;
}
port_pair_params_array[nb_port_pair_params].port[0] =
(uint16_t)int_fld[FLD_PORT1];
port_pair_params_array[nb_port_pair_params].port[1] =
(uint16_t)int_fld[FLD_PORT2];
++nb_port_pair_params;
}
port_pair_params = port_pair_params_array;
return 0;
}
static int
l2fwd_parse_macsec_port_config(const char *q_arg)
{
enum fieldnames {
FLD_PORT = 0,
FLD_SRC,
FLD_DST,
_NUM_FLD
};
unsigned int portid;
struct rte_ether_addr src, dst;
const char *p, *p0 = q_arg;
char *str_fld[_NUM_FLD];
unsigned int size;
char s[256];
char *end;
nb_port_pair_params = 0;
while ((p = strchr(p0, '(')) != NULL) {
++p;
p0 = strchr(p, ')');
if (p0 == NULL)
return -1;
size = p0 - p;
if (size >= sizeof(s))
return -1;
memcpy(s, p, size);
s[size] = '\0';
_NUM_FLD, ',') != _NUM_FLD)
return -1;
errno = 0;
portid = strtoul(str_fld[FLD_PORT], &end, 0);
if (errno != 0 || end == str_fld[FLD_PORT] || portid >= RTE_MAX_ETHPORTS)
return -1;
if (port_ether_hdr_config[portid].ether_type == 0x0800) {
printf("MACsec src-dst MAC addr already parsed for port: %d\n",
portid);
return -1;
}
return -1;
memcpy(&port_ether_hdr_config[portid].src_addr, &src, sizeof(src));
memcpy(&port_ether_hdr_config[portid].dst_addr, &dst, sizeof(dst));
port_ether_hdr_config[portid].ether_type = 0x0800;
}
return 0;
}
static unsigned int
l2fwd_parse_nqueue(const char *q_arg)
{
char *end = NULL;
unsigned long n;
n = strtoul(q_arg, &end, 10);
if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
return 0;
if (n == 0)
return 0;
if (n >= MAX_RX_QUEUE_PER_LCORE)
return 0;
return n;
}
static int
l2fwd_parse_timer_period(const char *q_arg)
{
char *end = NULL;
int n;
n = strtol(q_arg, &end, 10);
if ((q_arg[0] == '\0') || (end == NULL) || (*end != '\0'))
return -1;
if (n >= MAX_TIMER_PERIOD)
return -1;
return n;
}
static const char short_options[] =
"p:"
"P"
"q:"
"T:"
;
#define CMD_LINE_OPT_NO_MAC_UPDATING "no-mac-updating"
#define CMD_LINE_OPT_PORTMAP_CONFIG "portmap"
#define CMD_LINE_OPT_MACSEC_TX_PORTMASK "mcs-tx-portmask"
#define CMD_LINE_OPT_MACSEC_RX_PORTMASK "mcs-rx-portmask"
#define CMD_LINE_OPT_MACSEC_PORT_CONFIG "mcs-port-config"
enum {
CMD_LINE_OPT_NO_MAC_UPDATING_NUM = 256,
CMD_LINE_OPT_PORTMAP_NUM,
CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM,
CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM,
CMD_LINE_OPT_MACSEC_PORT_CFG_NUM,
};
static const struct option lgopts[] = {
{ CMD_LINE_OPT_NO_MAC_UPDATING, no_argument, 0,
CMD_LINE_OPT_NO_MAC_UPDATING_NUM},
{ CMD_LINE_OPT_PORTMAP_CONFIG, 1, 0, CMD_LINE_OPT_PORTMAP_NUM},
{ CMD_LINE_OPT_MACSEC_TX_PORTMASK, required_argument, 0,
CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM},
{ CMD_LINE_OPT_MACSEC_RX_PORTMASK, required_argument, 0,
CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM},
{ CMD_LINE_OPT_MACSEC_PORT_CONFIG, 1, 0, CMD_LINE_OPT_MACSEC_PORT_CFG_NUM},
{NULL, 0, 0, 0}
};
static void
l2fwd_macsec_default_options(struct l2fwd_macsec_options *options)
{
uint16_t portid;
uint8_t salt[MCS_SALT_LEN] = {0};
uint8_t key[16] = {
0x07, 0x1B, 0x11, 0x3B, 0x0C, 0xA7, 0x43, 0xFE,
0xCC, 0xCF, 0x3D, 0x05, 0x1F, 0x73, 0x73, 0x82
};
options->portmask = 0xffffffff;
options->nb_ports_per_lcore = 1;
options->single_lcore = 0;
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
continue;
if ((options->tx_portmask & (1 << portid)) != 0)
if ((options->rx_portmask & (1 << portid)) != 0)
memcpy(mcs_port_params[portid].sa_key.data, key, 16);
mcs_port_params[portid].sa_key.len = 16;
memcpy(mcs_port_params[portid].salt, salt, MCS_SALT_LEN);
memcpy(mcs_port_params[portid].eth_hdr, &port_ether_hdr_config[portid],
mcs_port_params[portid].ssci = 0;
mcs_port_params[portid].pn_threshold = 0xffffffffffffffff;
mcs_port_params[portid].xpn = 0;
mcs_port_params[portid].next_pn = 1;
mcs_port_params[portid].mtu = 1500;
mcs_port_params[portid].sectag_insert_mode = 1;
mcs_port_params[portid].encrypt = true;
mcs_port_params[portid].protect_frames = true;
mcs_port_params[portid].replay_protect = false;
mcs_port_params[portid].send_sci = true;
mcs_port_params[portid].end_station = false;
mcs_port_params[portid].scb = false;
}
}
static int
l2fwd_parse_args(struct l2fwd_macsec_options *options,
int argc, char **argv)
{
int opt, ret, timer_secs;
char **argvopt;
int option_index;
char *prgname = argv[0];
argvopt = argv;
port_pair_params = NULL;
while ((opt = getopt_long(argc, argvopt, short_options,
lgopts, &option_index)) != EOF) {
switch (opt) {
case 'p':
l2fwd_enabled_port_mask = l2fwd_parse_portmask(optarg);
if (l2fwd_enabled_port_mask == 0) {
printf("invalid portmask\n");
l2fwd_usage(prgname);
return -1;
}
break;
case 'P':
promiscuous_on = 1;
break;
case 'q':
l2fwd_rx_queue_per_lcore = l2fwd_parse_nqueue(optarg);
if (l2fwd_rx_queue_per_lcore == 0) {
printf("invalid queue number\n");
l2fwd_usage(prgname);
return -1;
}
break;
case 'T':
timer_secs = l2fwd_parse_timer_period(optarg);
if (timer_secs < 0) {
printf("invalid timer period\n");
l2fwd_usage(prgname);
return -1;
}
timer_period = timer_secs;
break;
case CMD_LINE_OPT_PORTMAP_NUM:
ret = l2fwd_parse_port_pair_config(optarg);
if (ret) {
fprintf(stderr, "Invalid config\n");
l2fwd_usage(prgname);
return -1;
}
break;
case CMD_LINE_OPT_NO_MAC_UPDATING_NUM:
mac_updating = 0;
break;
case CMD_LINE_OPT_MACSEC_TX_PORTMASK_NUM:
options->tx_portmask = l2fwd_parse_portmask(optarg);
if (options->tx_portmask == 0) {
l2fwd_usage(prgname);
return -1;
}
break;
case CMD_LINE_OPT_MACSEC_RX_PORTMASK_NUM:
options->rx_portmask = l2fwd_parse_portmask(optarg);
if (options->rx_portmask == 0) {
l2fwd_usage(prgname);
return -1;
}
break;
case CMD_LINE_OPT_MACSEC_PORT_CFG_NUM:
ret = l2fwd_parse_macsec_port_config(optarg);
if (ret) {
fprintf(stderr, "Invalid MACsec port config\n");
l2fwd_usage(prgname);
return -1;
}
break;
default:
l2fwd_usage(prgname);
return -1;
}
}
l2fwd_macsec_default_options(options);
if (optind >= 0)
argv[optind-1] = prgname;
ret = optind-1;
optind = 1;
return ret;
}
static int
check_port_pair_config(void)
{
uint32_t port_pair_config_mask = 0;
uint32_t port_pair_mask = 0;
uint16_t index, i, portid;
for (index = 0; index < nb_port_pair_params; index++) {
port_pair_mask = 0;
for (i = 0; i < NUM_PORTS; i++) {
portid = port_pair_params[index].port[i];
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0) {
printf("port %u is not enabled in port mask\n",
portid);
return -1;
}
printf("port %u is not present on the board\n",
portid);
return -1;
}
port_pair_mask |= 1 << portid;
}
if (port_pair_config_mask & port_pair_mask) {
printf("port %u is used in other port pairs\n", portid);
return -1;
}
port_pair_config_mask |= port_pair_mask;
}
l2fwd_enabled_port_mask &= port_pair_config_mask;
return 0;
}
static void
check_all_ports_link_status(uint32_t port_mask)
{
#define CHECK_INTERVAL 100
#define MAX_CHECK_TIME 90
uint16_t portid;
uint8_t count, all_ports_up, print_flag = 0;
int ret;
printf("\nChecking link status");
fflush(stdout);
for (count = 0; count <= MAX_CHECK_TIME; count++) {
if (force_quit)
return;
all_ports_up = 1;
if (force_quit)
return;
if ((port_mask & (1 << portid)) == 0)
continue;
memset(&link, 0, sizeof(link));
if (ret < 0) {
all_ports_up = 0;
if (print_flag == 1)
printf("Port %u link get failed: %s\n",
continue;
}
if (print_flag == 1) {
sizeof(link_status_text), &link);
printf("Port %d %s\n", portid,
link_status_text);
continue;
}
all_ports_up = 0;
break;
}
}
if (print_flag == 1)
break;
if (all_ports_up == 0) {
printf(".");
fflush(stdout);
}
if (all_ports_up == 1 || count == (MAX_CHECK_TIME - 1)) {
print_flag = 1;
printf("done\n");
}
}
}
static void
signal_handler(int signum)
{
if (signum == SIGINT || signum == SIGTERM) {
printf("\n\nSignal %d received, preparing to exit...\n",
signum);
force_quit = true;
}
}
int
main(int argc, char **argv)
{
struct l2fwd_macsec_options options = {0};
struct lcore_queue_conf *qconf;
int ret;
uint16_t nb_ports;
uint16_t nb_ports_available = 0;
uint16_t portid, last_port;
unsigned int lcore_id, rx_lcore_id;
unsigned int nb_ports_in_mask = 0;
unsigned int nb_lcores = 0;
unsigned int nb_mbufs;
uint16_t nb_sess = 512;
uint32_t sess_sz;
char s[64];
if (ret < 0)
rte_exit(EXIT_FAILURE,
"Invalid EAL arguments\n");
argc -= ret;
argv += ret;
force_quit = false;
signal(SIGINT, signal_handler);
signal(SIGTERM, signal_handler);
ret = l2fwd_parse_args(&options, argc, argv);
if (ret < 0)
rte_exit(EXIT_FAILURE,
"Invalid L2FWD arguments\n");
printf("MAC updating %s\n", mac_updating ? "enabled" : "disabled");
if (nb_ports == 0)
rte_exit(EXIT_FAILURE,
"No Ethernet ports - bye\n");
if (port_pair_params != NULL) {
if (check_port_pair_config() < 0)
rte_exit(EXIT_FAILURE,
"Invalid port pair config\n");
}
if (l2fwd_enabled_port_mask & ~((1 << nb_ports) - 1))
rte_exit(EXIT_FAILURE,
"Invalid portmask; possible (0x%x)\n",
(1 << nb_ports) - 1);
for (portid = 0; portid < RTE_MAX_ETHPORTS; portid++)
l2fwd_dst_ports[portid] = 0;
last_port = 0;
if (port_pair_params != NULL) {
uint16_t idx, p;
for (idx = 0; idx < (nb_port_pair_params << 1); idx++) {
p = idx & 1;
portid = port_pair_params[idx >> 1].port[p];
l2fwd_dst_ports[portid] =
port_pair_params[idx >> 1].port[p ^ 1];
}
} else {
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
continue;
if (nb_ports_in_mask % 2) {
l2fwd_dst_ports[portid] = last_port;
l2fwd_dst_ports[last_port] = portid;
} else {
last_port = portid;
}
nb_ports_in_mask++;
}
if (nb_ports_in_mask % 2) {
printf("Notice: odd number of ports in portmask.\n");
l2fwd_dst_ports[last_port] = last_port;
}
}
rx_lcore_id = 0;
qconf = NULL;
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
continue;
lcore_queue_conf[rx_lcore_id].n_rx_port ==
l2fwd_rx_queue_per_lcore) {
rx_lcore_id++;
if (rx_lcore_id >= RTE_MAX_LCORE)
rte_exit(EXIT_FAILURE,
"Not enough cores\n");
}
if (qconf != &lcore_queue_conf[rx_lcore_id]) {
qconf = &lcore_queue_conf[rx_lcore_id];
nb_lcores++;
}
qconf->rx_port_list[qconf->n_rx_port] = portid;
qconf->n_rx_port++;
printf("Lcore %u: RX port %u TX port %u\n", rx_lcore_id,
portid, l2fwd_dst_ports[portid]);
}
nb_mbufs =
RTE_MAX(nb_ports * (nb_rxd + nb_txd + MAX_PKT_BURST +
nb_lcores * MEMPOOL_CACHE_SIZE), 8192U);
MEMPOOL_CACHE_SIZE, 0, RTE_MBUF_DEFAULT_BUF_SIZE,
if (l2fwd_pktmbuf_pool == NULL)
rte_exit(EXIT_FAILURE,
"Cannot init mbuf pool\n");
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0) {
printf("Skipping disabled port %u\n", portid);
continue;
}
nb_ports_available++;
printf("Initializing port %u... ", portid);
fflush(stdout);
if (ret != 0)
"Error during getting device (port %u) info: %s\n",
portid, strerror(-ret));
if (ret < 0)
rte_exit(EXIT_FAILURE,
"Cannot configure device: err=%d, port=%u\n",
ret, portid);
&nb_txd);
if (ret < 0)
"Cannot adjust number of descriptors: err=%d, port=%u\n",
ret, portid);
&l2fwd_ports_eth_addr[portid]);
if (ret < 0)
"Cannot get MAC address: err=%d, port=%u\n",
ret, portid);
fflush(stdout);
rxq_conf = dev_info.default_rxconf;
&rxq_conf,
l2fwd_pktmbuf_pool);
if (ret < 0)
rte_exit(EXIT_FAILURE,
"rte_eth_rx_queue_setup:err=%d, port=%u\n",
ret, portid);
fflush(stdout);
txq_conf = dev_info.default_txconf;
&txq_conf);
if (ret < 0)
rte_exit(EXIT_FAILURE,
"rte_eth_tx_queue_setup:err=%d, port=%u\n",
ret, portid);
if (tx_buffer[portid] == NULL)
rte_exit(EXIT_FAILURE,
"Cannot allocate buffer for tx on port %u\n",
portid);
&port_statistics[portid].dropped);
if (ret < 0)
"Cannot set error callback for tx buffer on port %u\n",
portid);
0);
if (ret < 0)
printf("Port %u, Failed to disable Ptype parsing\n",
portid);
if (ret < 0)
rte_exit(EXIT_FAILURE,
"rte_eth_dev_start:err=%d, port=%u\n",
ret, portid);
printf("done:\n");
if (promiscuous_on) {
if (ret != 0)
"rte_eth_promiscuous_enable:err=%s, port=%u\n",
}
portid,
memset(&port_statistics, 0, sizeof(port_statistics));
if (mcs_port_params[portid].sec_ctx == NULL)
rte_exit(EXIT_FAILURE,
"Device does not support Security ctx\n");
if (mcs_port_params[portid].sess_pool == NULL) {
snprintf(s, sizeof(s), "sess_pool_p%d", portid);
nb_sess, sess_sz,
SESSION_POOL_CACHE_SIZE, 0,
NULL, NULL, NULL, NULL,
if (mcs_port_params[portid].sess_pool == NULL)
rte_exit(EXIT_FAILURE,
"Cannot init sess pool\n");
printf("Allocated sess pool\n");
}
if (((options.tx_portmask & (1 << portid)) != 0) ||
((options.rx_portmask & (1 << portid)) != 0)) {
ret = initialize_macsec_session(portid);
if (ret < 0)
"Failed to initialize MACsec session for port: %d\n",
portid);
}
}
if (!nb_ports_available) {
"All available ports are disabled. Please set portmask.\n");
}
check_all_ports_link_status(l2fwd_enabled_port_mask);
ret = 0;
ret = -1;
break;
}
}
if ((l2fwd_enabled_port_mask & (1 << portid)) == 0)
continue;
printf("Closing port %d...", portid);
if (ret != 0)
printf("rte_eth_dev_stop: err=%d, port=%d\n",
ret, portid);
printf(" Done\n");
}
printf("Bye...\n");
return ret;
}
__rte_noreturn void rte_exit(int exit_code, const char *format,...) __rte_format_printf(2
#define __rte_cache_aligned
static uint64_t rte_get_timer_hz(void)
uint64_t rte_get_tsc_hz(void)
static void rte_delay_ms(unsigned ms)
int rte_eal_init(int argc, char **argv)
int rte_eal_cleanup(void)
const char * rte_strerror(int errnum)
static __rte_always_inline uint16_t rte_eth_tx_buffer(uint16_t port_id, uint16_t queue_id, struct rte_eth_dev_tx_buffer *buffer, struct rte_mbuf *tx_pkt)
int rte_eth_dev_configure(uint16_t port_id, uint16_t nb_rx_queue, uint16_t nb_tx_queue, const struct rte_eth_conf *eth_conf)
int rte_eth_dev_is_valid_port(uint16_t port_id)
#define RTE_ETH_LINK_DOWN
int rte_eth_rx_queue_setup(uint16_t port_id, uint16_t rx_queue_id, uint16_t nb_rx_desc, unsigned int socket_id, const struct rte_eth_rxconf *rx_conf, struct rte_mempool *mb_pool)
static uint16_t rte_eth_rx_burst(uint16_t port_id, uint16_t queue_id, struct rte_mbuf **rx_pkts, const uint16_t nb_pkts)
#define RTE_ETH_TX_OFFLOAD_MBUF_FAST_FREE
int rte_eth_dev_info_get(uint16_t port_id, struct rte_eth_dev_info *dev_info) __rte_warn_unused_result
int rte_eth_link_get_nowait(uint16_t port_id, struct rte_eth_link *link) __rte_warn_unused_result
int rte_eth_promiscuous_enable(uint16_t port_id)
__rte_experimental int rte_eth_link_to_str(char *str, size_t len, const struct rte_eth_link *eth_link)
int rte_eth_dev_stop(uint16_t port_id)
int rte_eth_tx_queue_setup(uint16_t port_id, uint16_t tx_queue_id, uint16_t nb_tx_desc, unsigned int socket_id, const struct rte_eth_txconf *tx_conf)
#define RTE_ETH_LINK_MAX_STR_LEN
int rte_eth_macaddr_get(uint16_t port_id, struct rte_ether_addr *mac_addr)
uint16_t rte_eth_dev_count_avail(void)
int rte_eth_tx_buffer_set_err_callback(struct rte_eth_dev_tx_buffer *buffer, buffer_tx_error_fn callback, void *userdata)
void * rte_eth_dev_get_sec_ctx(uint16_t port_id)
int rte_eth_dev_close(uint16_t port_id)
void rte_eth_tx_buffer_count_callback(struct rte_mbuf **pkts, uint16_t unsent, void *userdata)
int rte_eth_tx_buffer_init(struct rte_eth_dev_tx_buffer *buffer, uint16_t size)
static uint16_t rte_eth_tx_buffer_flush(uint16_t port_id, uint16_t queue_id, struct rte_eth_dev_tx_buffer *buffer)
int rte_eth_dev_socket_id(uint16_t port_id)
int rte_eth_dev_adjust_nb_rx_tx_desc(uint16_t port_id, uint16_t *nb_rx_desc, uint16_t *nb_tx_desc)
int rte_eth_dev_set_ptypes(uint16_t port_id, uint32_t ptype_mask, uint32_t *set_ptypes, unsigned int num)
#define RTE_ETH_FOREACH_DEV(p)
int rte_eth_dev_start(uint16_t port_id)
#define RTE_ETH_TX_BUFFER_SIZE(sz)
#define RTE_ETHER_ADDR_PRT_FMT
#define RTE_ETHER_ADDR_LEN
#define RTE_ETHER_HDR_LEN
#define RTE_ETHER_ADDR_BYTES(mac_addrs)
int rte_ether_unformat_addr(const char *str, struct rte_ether_addr *eth_addr)
static void rte_ether_addr_copy(const struct rte_ether_addr *__restrict ea_from, struct rte_ether_addr *__restrict ea_to)
int rte_flow_destroy(uint16_t port_id, struct rte_flow *flow, struct rte_flow_error *error)
int rte_flow_validate(uint16_t port_id, const struct rte_flow_attr *attr, const struct rte_flow_item pattern[], const struct rte_flow_action actions[], struct rte_flow_error *error)
@ RTE_FLOW_ACTION_TYPE_END
@ RTE_FLOW_ACTION_TYPE_SECURITY
struct rte_flow * rte_flow_create(uint16_t port_id, const struct rte_flow_attr *attr, const struct rte_flow_item pattern[], const struct rte_flow_action actions[], struct rte_flow_error *error)
int rte_eal_mp_remote_launch(lcore_function_t *f, void *arg, enum rte_rmt_call_main_t call_main)
int rte_eal_wait_lcore(unsigned worker_id)
int rte_lcore_is_enabled(unsigned int lcore_id)
unsigned int rte_get_main_lcore(void)
unsigned int rte_socket_id(void)
#define RTE_LCORE_FOREACH_WORKER(i)
static unsigned rte_lcore_id(void)
#define RTE_LOG(l, t,...)
#define RTE_MACSEC_AN_MASK
void * rte_zmalloc_socket(const char *type, size_t size, unsigned align, int socket) __rte_alloc_size(2) __rte_alloc_align(3) __rte_malloc __rte_dealloc_free
struct rte_mempool * rte_pktmbuf_pool_create(const char *name, unsigned n, unsigned cache_size, uint16_t priv_size, uint16_t data_room_size, int socket_id)
#define rte_pktmbuf_mtod(m, t)
#define RTE_PTYPE_UNKNOWN
struct rte_mempool * rte_mempool_create(const char *name, unsigned n, unsigned elt_size, unsigned cache_size, unsigned private_data_size, rte_mempool_ctor_t *mp_init, void *mp_init_arg, rte_mempool_obj_cb_t *obj_init, void *obj_init_arg, int socket_id, unsigned flags)
static void rte_prefetch0(const volatile void *p)
@ RTE_SECURITY_PROTOCOL_MACSEC
void * rte_security_session_create(void *instance, struct rte_security_session_conf *conf, struct rte_mempool *mp)
int rte_security_session_destroy(void *instance, void *sess)
int rte_security_session_stats_get(void *instance, void *sess, struct rte_security_stats *stats)
rte_security_macsec_direction
@ RTE_SECURITY_MACSEC_DIR_TX
@ RTE_SECURITY_MACSEC_DIR_RX
unsigned int rte_security_session_get_size(void *instance)
#define RTE_SECURITY_MACSEC_SALT_LEN
int rte_security_macsec_sc_create(void *instance, struct rte_security_macsec_sc *conf)
@ RTE_SECURITY_ACTION_TYPE_INLINE_PROTOCOL
#define RTE_SECURITY_MACSEC_VALIDATE_STRICT
#define RTE_SECURITY_MACSEC_NUM_AN
int rte_security_macsec_sa_create(void *instance, struct rte_security_macsec_sa *conf)
@ RTE_SECURITY_MACSEC_ALG_GCM_XPN_128
@ RTE_SECURITY_MACSEC_ALG_GCM_XPN_256
int rte_security_macsec_sa_destroy(void *instance, uint16_t sa_id, enum rte_security_macsec_direction dir)
int rte_security_macsec_sc_destroy(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir)
int rte_security_macsec_sc_stats_get(void *instance, uint16_t sc_id, enum rte_security_macsec_direction dir, struct rte_security_macsec_sc_stats *stats)
int rte_strsplit(char *string, int stringlen, char **tokens, int maxtokens, char delim)
struct rte_eth_txmode txmode
struct rte_eth_rxmode rxmode
enum rte_eth_tx_mq_mode mq_mode
struct rte_ether_addr src_addr
struct rte_ether_addr dst_addr
struct rte_security_macsec_sa::@439 key
uint8_t salt[RTE_SECURITY_MACSEC_SALT_LEN]
enum rte_security_macsec_direction dir
uint16_t sa_id[RTE_SECURITY_MACSEC_NUM_AN]
uint8_t sa_in_use[RTE_SECURITY_MACSEC_NUM_AN]
enum rte_security_macsec_direction dir
enum rte_security_session_action_type action_type
enum rte_security_session_protocol protocol