Re: [dpdk-dev] [PATCH 2/2] lib/security: add SA lifetime configuration

DPDK patches and discussions
 help / color / mirror / Atom feed

From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Anoob Joseph <anoobj@marvell.com>,
	Akhil Goyal <gakhil@marvell.com>,
	"Doherty, Declan" <declan.doherty@intel.com>,
	"Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
	"hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>
Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	Tejasree Kondoj <ktejasree@marvell.com>,
	"dev@dpdk.org" <dev@dpdk.org>,
	Archana Muniganti <marchana@marvell.com>
Subject: Re: [dpdk-dev] [PATCH 2/2] lib/security: add SA lifetime configuration
Date: Thu, 29 Jul 2021 10:23:34 +0000	[thread overview]
Message-ID: <DM6PR11MB44913E42AE538B3A4C63CF169AEB9@DM6PR11MB4491.namprd11.prod.outlook.com> (raw)
In-Reply-To: <PH0PR18MB46729D81515AB312131B14E7DFEA9@PH0PR18MB4672.namprd18.prod.outlook.com>

Hi Anoob,

> Now that we have an agreement on bitfields (hoping no one else has an objection), I would like to discuss one more topic. It is more related
> to checksum offload, but it's better that we discuss along with other similar items (like soft expiry).
> 
> L3 & L4 checksum can be tristate (CSUM_OK, CSUM_ERROR, CSUM_UNKOWN)
> 
> 1. Application didn't request. Nothing computed.
> 2. Application requested. Checksum verification success.
> 3. Application requested. Checksum verification failed.
> 4. Application requested. Checksum could not be computed (PMD limitations etc).
> 
> How would we indicate each case?
> 
> My proposal would be, let's call the field that we called "warning" as "aux_flags" (auxiliary or secondary information from the operation).
> 
> Sequence in the application would be,
> 
> if (op.status != SUCCESS) {
>     /* handle errors */
> }
> 
> #define RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECKSUM_COMPUTED (1 << 0)
> #define RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECSUM_GOOD (1 << 1)
> 
> if (op.aux_flags & RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECKSUM_COMPUTED) {
> 	if (op.aux_flags & RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECSUM_GOOD)
> 		mbuf->l4_checksum_good = 1;
> 	else
> 		mbuf->l4_checksum_good = 0;
> } else {
> 	if (verify_l4_checksum(mbuf) == SUCCESS) {
> 		mbuf->l4_checksum_good = 1;
> 	else
> 		mbuf->l4_checksum_good = 0;
> }
> 
> For an application not worried about aux_flags (ex: ipsec-secgw), additional checks are not required. For applications not interested in
> checksum, a blind check on op.aux_flags would be enough to bail out early. For applications interested in checksum, it can follow above
> sequence (kinds, for demonstration purpose only).
> 
> Would something like above fine? Or if we want to restrict additional fields for just warnings, (L4_CHECKSUM_ERROR), how would
> application differentiate between checksum good & checksum not computed? In that case, what should be PMDs treatment of "could not
> compute" v/s "computed and wrong".

I am ok with what you suggest.
My only thought - we already have CSUM flags in mbuf itself,
so why not to use them instead to pass this information from crypto PMD to user?
That way it would be compliant with ethdev CSUM approach and no need to spend 
2 bits in 'aux_flags'.
Konstantin

next prev parent reply	other threads:[~2021-07-29 10:23 UTC|newest]

Thread overview: 15+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-20  5:46 [dpdk-dev] [PATCH 0/2] Improvements to rte_security Anoob Joseph
2021-07-20  5:46 ` [dpdk-dev] [PATCH 1/2] lib/security: add IV generation Anoob Joseph
2021-07-20  5:46 ` [dpdk-dev] [PATCH 2/2] lib/security: add SA lifetime configuration Anoob Joseph
2021-07-20  6:20   ` Anoob Joseph
2021-07-26 13:50     ` Ananyev, Konstantin
2021-07-26 15:50       ` Akhil Goyal
2021-07-27 11:40         ` Ananyev, Konstantin
2021-07-27 19:29           ` Akhil Goyal
2021-07-28 10:59             ` Ananyev, Konstantin
2021-07-28 12:58               ` Akhil Goyal
2021-07-28 14:38                 ` Anoob Joseph
2021-07-29 10:23                   ` Ananyev, Konstantin [this message]
2021-08-02  7:07                     ` Anoob Joseph
2021-08-03 11:51                       ` Ananyev, Konstantin
2021-08-03 12:03                         ` Anoob Joseph

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=DM6PR11MB44913E42AE538B3A4C63CF169AEB9@DM6PR11MB4491.namprd11.prod.outlook.com \
    --to=konstantin.ananyev@intel.com \
    --cc=adwivedi@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=declan.doherty@intel.com \
    --cc=dev@dpdk.org \
    --cc=gakhil@marvell.com \
    --cc=hemant.agrawal@nxp.com \
    --cc=jerinj@marvell.com \
    --cc=ktejasree@marvell.com \
    --cc=marchana@marvell.com \
    --cc=roy.fan.zhang@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).