From: Akhil Goyal <akhil.goyal@nxp.com>
To: Anoob Joseph <anoob.joseph@caviumnetworks.com>,
"Nicolau, Radu" <radu.nicolau@intel.com>
Cc: "Doherty, Declan" <declan.doherty@intel.com>,
"Gonzalez Monroy, Sergio" <sergio.gonzalez.monroy@intel.com>,
Jerin Jacob <jerin.jacob@caviumnetworks.com>,
Narayana Prasad <narayanaprasad.athreya@caviumnetworks.com>,
Nelio Laranjeiro <nelio.laranjeiro@6wind.com>,
"dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [RFC 0/3] set protocol specific metadata using set_pkt_metadata API
Date: Mon, 29 Jan 2018 14:38:05 +0530 [thread overview]
Message-ID: <5a9fe008-03a6-a7df-6a8c-abab60b8ad27@nxp.com> (raw)
In-Reply-To: <cb7c0d18-3b0e-d207-0f70-236f4d9011f1@caviumnetworks.com>
On 1/29/2018 1:33 PM, Anoob Joseph wrote:
> Hi Akhil, Radu,
>
>
> On 01/29/2018 01:02 PM, Akhil Goyal wrote:
>> On 1/26/2018 8:38 PM, Nicolau, Radu wrote:
>>>
>>>
>>>> -----Original Message-----
>>>> From: Anoob Joseph [mailto:anoob.joseph@caviumnetworks.com]
>>>> Sent: Friday, January 26, 2018 2:38 PM
>>>> To: Nicolau, Radu <radu.nicolau@intel.com>; Akhil Goyal
>>>> <akhil.goyal@nxp.com>
>>>> Cc: anoob.joseph@caviumnetworks.com; Doherty, Declan
>>>> <declan.doherty@intel.com>; Gonzalez Monroy, Sergio
>>>> <sergio.gonzalez.monroy@intel.com>; Jerin Jacob
>>>> <jerin.jacob@caviumnetworks.com>; Narayana Prasad
>>>> <narayanaprasad.athreya@caviumnetworks.com>; Nelio Laranjeiro
>>>> <nelio.laranjeiro@6wind.com>; dev@dpdk.org
>>>> Subject: Re: [RFC 0/3] set protocol specific metadata using
>>>> set_pkt_metadata
>>>> API
>>>>
>>>> Hi Radu,
>>>>
>>>> On 01/26/2018 04:52 PM, Nicolau, Radu wrote:
>>>>>
>>>>>> -----Original Message-----
>>>>>> From: Anoob Joseph [mailto:anoob.joseph@caviumnetworks.com]
>>>>>> Sent: Thursday, January 25, 2018 5:13 PM
>>>>>> To: Akhil Goyal <akhil.goyal@nxp.com>; Nicolau, Radu
>>>>>> <radu.nicolau@intel.com>
>>>>>> Cc: Doherty, Declan <declan.doherty@intel.com>; Gonzalez Monroy,
>>>>>> Sergio <sergio.gonzalez.monroy@intel.com>;
>>>>>> anoob.joseph@caviumnetworks.com; Jerin Jacob
>>>>>> <jerin.jacob@caviumnetworks.com>; Narayana Prasad
>>>>>> <narayanaprasad.athreya@caviumnetworks.com>; Nelio Laranjeiro
>>>>>> <nelio.laranjeiro@6wind.com>; dev@dpdk.org
>>>>>> Subject: Re: [RFC 0/3] set protocol specific metadata using
>>>>>> set_pkt_metadata API
>>>>>>
>>>>>> Hi Akhil, Radu,
>>>>>>
>>>>>> Could you review the patch and share your thoughts on the proposed
>>>>>> change?
>>>>>>
>>>>> Hi,
>>>>>
>>>>> I've had a quick look. From what I can see you can do everything
>>>>> you do in
>>>> this patch with the current API. For example you can store an
>>>> internal struct
>>>> pointer in the private section of the security context and you can
>>>> increment
>>>> the ESP SN with every tx or set metadata call.
>>>> With the current API, PMD could store the ESN with the security
>>>> session, but
>>>> there is no means for the application to read this. Application
>>>> should be
>>>> aware of the sequence number used per packet. This is required to
>>>> monitor
>>>> sequence number overflow.In the proposal, the sequence number field is
>>>> IN-OUT. So application could either dictate the sequence number, or
>>>> read
>>>> the value from the PMD.
>>>>
>>>> Thanks,
>>>> Anoob
>>>
>>> My concern is that we are adding too much and too specific to the
>>> security API.
>>> Overflow situation can be monitored with a tx callback event or a
>>> crypto callback event, depending on the device type.
>>>
>> Agreed with Radu, this looks too specific information.
>> Instead, we can do overflow checking in the driver and add a macro in
>> rte_crypto_op_status for overflow.
> We could do the callback when sequence number over flow happens, and
> IPsec processing fails subsequently. But ideally, application should be
> able to detect that the sequence number is about to over flow and
> renegotiate the SA while the original SA is still valid. I agree that we
> would be better off by handling this in the driver. But application
> would need some sort of event which would say, "sequence number is about
> to overflow, renegotiate SA", before the current SA becomes invalid.
>
> Do we have any mechanism to register a callback (acting on mbuf), when a
> particular event occurs (without dropping the mbuf)? If yes, we could
> move to that approach.
>
> rte_crypto_op_status could be leveraged for lookaside_protocol, but can
> we do something similar for inline protocol? Thoughts?
Even in case of inline protocol, what is the issue in doing that?
You can write a similar code in the driver(if hardware doesn't support
that) instead of application for handling the sequence number overflow
as well as anti-replay. Both of these errors are protocol specific and
for full protocol offload, application need not bother about this.
Application should be as clean as possible in case of protocol offload.
- Akhil
next prev parent reply other threads:[~2018-01-29 9:08 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-22 13:11 Anoob Joseph
2018-01-22 13:11 ` [dpdk-dev] [RFC 1/3] lib/security: set/retrieve per packet protocol metadata Anoob Joseph
2018-01-22 13:11 ` [dpdk-dev] [RFC 2/3] net/ixgbe: use structure for passing metadata Anoob Joseph
2018-01-22 13:11 ` [dpdk-dev] [RFC 3/3] examples/ipsec-secgw: support for setting seq no Anoob Joseph
2018-01-25 17:13 ` [dpdk-dev] [RFC 0/3] set protocol specific metadata using set_pkt_metadata API Anoob Joseph
2018-01-26 11:22 ` Nicolau, Radu
2018-01-26 14:38 ` Anoob Joseph
2018-01-26 15:08 ` Nicolau, Radu
2018-01-29 7:32 ` Akhil Goyal
2018-01-29 8:03 ` Anoob Joseph
2018-01-29 9:08 ` Akhil Goyal [this message]
2018-01-29 11:44 ` Anoob Joseph
2018-01-29 10:01 ` Nicolau, Radu
2018-01-29 18:01 ` Anoob Joseph
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5a9fe008-03a6-a7df-6a8c-abab60b8ad27@nxp.com \
--to=akhil.goyal@nxp.com \
--cc=anoob.joseph@caviumnetworks.com \
--cc=declan.doherty@intel.com \
--cc=dev@dpdk.org \
--cc=jerin.jacob@caviumnetworks.com \
--cc=narayanaprasad.athreya@caviumnetworks.com \
--cc=nelio.laranjeiro@6wind.com \
--cc=radu.nicolau@intel.com \
--cc=sergio.gonzalez.monroy@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).