From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id AF77EA04F1;
	Mon,  9 Dec 2019 14:18:42 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id C92081B13C;
	Mon,  9 Dec 2019 14:18:41 +0100 (CET)
Received: from mga09.intel.com (mga09.intel.com [134.134.136.24])
 by dpdk.org (Postfix) with ESMTP id B66482BAB
 for <dev@dpdk.org>; Mon,  9 Dec 2019 14:18:39 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 09 Dec 2019 05:18:38 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.69,294,1571727600"; d="scan'208";a="206889653"
Received: from orsmsx101.amr.corp.intel.com ([10.22.225.128])
 by orsmga008.jf.intel.com with ESMTP; 09 Dec 2019 05:18:38 -0800
Received: from ORSEDG001.ED.cps.intel.com (10.7.248.4) by
 ORSMSX101.amr.corp.intel.com (10.22.225.128) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 9 Dec 2019 05:18:38 -0800
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.106)
 by edgegateway.intel.com (134.134.137.100) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Mon, 9 Dec 2019 05:18:38 -0800
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=lUc81KP4w153qvc1UNsu99QNNPHMjgoiQ/0bsTfISnfheFfETq48aw+oTjtkLY1cjt7t5S1VRlvTiZqtdO+2zB4eLIYK9trMhGLygKqt5xdAtyQOsGwXwbfmU6/QVZJRlOZo3aWcYY2j+C4/phy3n8ElerUDe0uSX1HW02qiOqc1MmB1eRpBpfZCFJMEFgqaeAqshsadfwAtTjbksR0z7mT5BsOkXzofNQbXyKuBbpgl0IXcC6Qh6YiOzLUjtdc/nTN5zBXl65xi/Up5r2sx4bU3GOqbsrI3bVWNCd9uYs0ZNnE3wyJQqKsvXG5UeAR7v2eM9rmvvDXvUOvq/ZHS6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Q7tO/UJ9tnzJX3z8k3iZGTOPoXl5x90v3U2zeqGzxgg=;
 b=FzEu99zmFLEXofwLUZeP/AXOEyDRTb+Br8zF3qb3cOFRODVkTZb9TczQuK3STp90niGI+UwMdOhEjuQk8C1LnA773RvlsoOARZSu9KyabehUOnjSpM4wE70xjTGWwoJk4iKXWsoOGXzwhOVny4iZwNjIFVdQqyFpsmZmQUZOoNjsZrbmaCQgR5AU9rg8K8Po49YEp6YhH4e/S5nSYw/sT0CbWCdUdFO9+HBz6k6j/Gh/6Lf3nAksDk0pxpoiTVgVd0PIlmqOXfyiKagYeNNUxPBU+nCXXb/7Gpwt2f/eBcwLFidm4HsBV6y6lGiPTdrz8A6Kg9Gz92BZ5dIUi0z+xw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=Q7tO/UJ9tnzJX3z8k3iZGTOPoXl5x90v3U2zeqGzxgg=;
 b=L8rbZTKc2dhCVLkjxF+s2RkzS9FZeab1LppmYeIN1wEcMFYAzirw2Z+XYJQQ64sR2EMwCZ1erqVWeAt75F8PHDNWd1eqVMfUqwzCpUuwh7kJO/MM+X+1I15BVCdq+QRYvSDB6BqoOJyw1NYbVAqDIw9PNx2kIfpdIcW5ROBNK6U=
Received: from BN7PR11MB2547.namprd11.prod.outlook.com (52.135.255.146) by
 BN7PR11MB2849.namprd11.prod.outlook.com (52.135.246.152) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2516.16; Mon, 9 Dec 2019 13:18:35 +0000
Received: from BN7PR11MB2547.namprd11.prod.outlook.com
 ([fe80::5c82:bb6a:d0f0:b802]) by BN7PR11MB2547.namprd11.prod.outlook.com
 ([fe80::5c82:bb6a:d0f0:b802%6]) with mapi id 15.20.2516.018; Mon, 9 Dec 2019
 13:18:35 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Anoob Joseph <anoobj@marvell.com>, Akhil Goyal <akhil.goyal@nxp.com>,
 Adrien Mazarguil <adrien.mazarguil@6wind.com>, "Doherty, Declan"
 <declan.doherty@intel.com>, "Yigit, Ferruh" <ferruh.yigit@intel.com>, "Jerin
 Jacob" <jerinj@marvell.com>, Thomas Monjalon <thomas@monjalon.net>
CC: Ankur Dwivedi <adwivedi@marvell.com>, Hemant Agrawal
 <hemant.agrawal@nxp.com>, Matan Azrad <matan@mellanox.com>, "Nicolau, Radu"
 <radu.nicolau@intel.com>, Shahaf Shuler <shahafs@mellanox.com>, "Narayana
 Prasad" <pathreya@marvell.com>, "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [PATCH] ethdev: allow multiple security sessions to use one rte
 flow
Thread-Index: AQHVrbU6Hm2DnT5vjU6vDGoMxULIsaexx8cA
Date: Mon, 9 Dec 2019 13:18:35 +0000
Message-ID: <BN7PR11MB25478BD0152762D4CB1E16FC9A580@BN7PR11MB2547.namprd11.prod.outlook.com>
References: <1575801683-27269-1-git-send-email-anoobj@marvell.com>
In-Reply-To: <1575801683-27269-1-git-send-email-anoobj@marvell.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiMDUyNGY0N2YtYjI5YS00NDI4LWE5NDQtYTA3OGVlODY3MzFlIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiRGZCY2RDS2F5bTFxSHVDNFhySTY4V2thQWVBUDltc2wzTk41QmlPa2pzRzJNSTY2WmZteWdGaURwcWJ5WFlPSCJ9
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.2.0.6
x-ctpclassification: CTP_NT
authentication-results: spf=none (sender IP is )
 smtp.mailfrom=konstantin.ananyev@intel.com; 
x-originating-ip: [192.198.151.184]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f86de715-f856-4e7e-5a4b-08d77caa4bad
x-ms-traffictypediagnostic: BN7PR11MB2849:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <BN7PR11MB2849E542C2CDB522AE97FC119A580@BN7PR11MB2849.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:2449;
x-forefront-prvs: 02462830BE
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10019020)(396003)(136003)(366004)(376002)(346002)(39860400002)(189003)(199004)(26005)(478600001)(2906002)(86362001)(229853002)(52536014)(76116006)(305945005)(33656002)(316002)(7416002)(8936002)(15650500001)(71190400001)(71200400001)(4326008)(8676002)(66946007)(81166006)(81156014)(66446008)(66476007)(66556008)(110136005)(7696005)(9686003)(6506007)(55016002)(54906003)(186003)(64756008)(5660300002);
 DIR:OUT; SFP:1102; SCL:1; SRVR:BN7PR11MB2849;
 H:BN7PR11MB2547.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: SmQ+tzrbRoThSsDxH4lCdiE+l6/6K3pZpPI1siw500p4sdJYR3NISUmIGcmq6RUrBlreCGV+AfQAN3awry71w4326/z3Xj03YqwwM9SvyR5v3Eh9rMfn6xv4j3kgVMDwIIZ4IDTbDd5OegHH0tjTs3GduqybIi6/sxE+0yYcDjGiG5AM2aBTawDcc9v5IBATSXlvAmaUmGUxFSSyH7paIiQD/cHSWWi1PjEi1IXJ46nz7LRrKNLnWgQH5duKM9QecLUYOYpksxv6vSvN8OQfdPIof/0ylTPzkkFGpU8UICNrd4CovPoaWaoog8oUEbp6tobmy0pPIYhqxwXnI7mgmWe6R9asn0U4AALbpK7NZLEpb2x/QrkvqQKlU3vu2IBXw3Q/PYR9ao44or++CUcdz6UjBzRdH9nh4JjsTVMuP9W7CNOUgaV+qV3hZaqOZD2F
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f86de715-f856-4e7e-5a4b-08d77caa4bad
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2019 13:18:35.0891 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: pYx0yIPzwv9ZA0JaDgOa3OFqB2X4qDgQDGz7+E442ljcTp+e24TpXZwhiCAfGNjTRJQpQZiaxn2C2v8J6hKstdsYAhkL5V0SOAlefv3/4Qw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN7PR11MB2849
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH] ethdev: allow multiple security sessions to
 use one rte flow
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


>=20
> The rte_security API which enables inline protocol/crypto feature
> mandates that for every security session an rte_flow is created. This
> would internally translate to a rule in the hardware which would do
> packet classification.
>=20
> In rte_securty, one SA would be one security session. And if an rte_flow
> need to be created for every session, the number of SAs supported by an
> inline implementation would be limited by the number of rte_flows the
> PMD would be able to support.
>=20
> If the fields SPI & IP addresses are allowed to be a range, then this
> limitation can be overcome. Multiple flows will be able to use one rule
> for SECURITY processing. In this case, the security session provided as
> conf would be NULL.

Wonder what will be the usage model for it?
AFAIK,  RFC 4301 clearly states that either SPI value alone=20
or in conjunction with dst (and src) IP should clearly identify SA
for inbound SAD lookup.
Am I missing something obvious here?

>=20
> Application should do an rte_flow_validate() to make sure the flow is
> supported on the PMD.
>=20
> Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> ---
>  lib/librte_ethdev/rte_flow.h | 6 ++++++
>  1 file changed, 6 insertions(+)
>=20
> diff --git a/lib/librte_ethdev/rte_flow.h b/lib/librte_ethdev/rte_flow.h
> index 452d359..21fa7ed 100644
> --- a/lib/librte_ethdev/rte_flow.h
> +++ b/lib/librte_ethdev/rte_flow.h
> @@ -2239,6 +2239,12 @@ struct rte_flow_action_meter {
>   * direction.
>   *
>   * Multiple flows can be configured to use the same security session.
> + *
> + * The NULL value is allowed for security session. If security session i=
s NULL,
> + * then SPI field in ESP flow item and IP addresses in flow items 'IPv4'=
 and
> + * 'IPv6' will be allowed to be a range. The rule thus created can enabl=
e
> + * SECURITY processing on multiple flows.
> + *
>   */
>  struct rte_flow_action_security {
>  	void *security_session; /**< Pointer to security session structure. */
> --
> 2.7.4