From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 39D76A0C47; Tue, 12 Oct 2021 12:25:05 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 249DE4113E; Tue, 12 Oct 2021 12:25:05 +0200 (CEST) Received: from mga11.intel.com (mga11.intel.com [192.55.52.93]) by mails.dpdk.org (Postfix) with ESMTP id D3CF041136 for ; Tue, 12 Oct 2021 12:25:03 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10134"; a="224525202" X-IronPort-AV: E=Sophos;i="5.85,367,1624345200"; d="scan'208";a="224525202" Received: from orsmga006.jf.intel.com ([10.7.209.51]) by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 12 Oct 2021 03:25:02 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,367,1624345200"; d="scan'208";a="441170815" Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18]) by orsmga006.jf.intel.com with ESMTP; 12 Oct 2021 03:25:02 -0700 Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Tue, 12 Oct 2021 03:25:02 -0700 Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Tue, 12 Oct 2021 03:25:02 -0700 Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.105) by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Tue, 12 Oct 2021 03:25:01 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IzCORuTEJoxKN8y6LjZqHW9ZwZEDSW8NlbvQYFl5VyAZfU80dkhugbdtYP/V41vJl8MkthzCXMSSCu9e0VEXpGXfEZpP2Oz68GvhQOVn2uP/rfvxYVTESzGEALDL5t57ylRZFAiqZJdwYjOwaQ8AhltRLq8NtPyarWXAVXYF+YEoa3MmKmXBbtBA9TqFDmYN23qtx1JZmTdUdXSgH9DrWOv6zBWoxldy5Ive454MHCDbCZQ5qhL9F2tCWNcWDUxR9Fs0horJpkSFdJ0QNQb1MrhEwEHT+GeXDc2OO7kNFyFTUljoDmB4gzQAYSgp2jDuU5i+BjaJJIJ+NPt+BfmAhA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=KneHe5Icdaqs8jGUSO7cMbJGvyTKt3747BH0Yt6ksEc=; b=OKqXR3VdCP3Qg3uv7xF2FhE4tGICeaypfzKPO7JZCFToDNLCeGVoVQnMzyontUYFMq2LXKn+wjpusbCTwgqnPa5rtDdDyNmgS61ViNwhg0UOaim64ealrBMGCYGYSjNpyG+TBfKYDQdlHqLhBBwhyf7ngUd+UDM1oIDcUvhYB9Zl2gZ94p32rwUukJA2YZd2Cpp+J45zC0c/dnORNA47m+s8JAralzZgn0JDeZIGJNY2BjQKxtglk/5JrXcoO+Gezghgtem2d/Sh70J+DddBypS2MUtb52Uloarg7trpez6P7HZ7fM1nk2TXvKTQGFZ0WyrOozAaPiTcKMWG1BZfIg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KneHe5Icdaqs8jGUSO7cMbJGvyTKt3747BH0Yt6ksEc=; b=DhAclZLxU45bMAfcYNuV3Pj1XCPH++0W3qmiyYzwL4H8zTfbBq+SU1RvF8G23XtQOZcQifg2R6Gj0o0CmG7LyM9d6+KvkFfpRka26hJHnOjQ3BL8vcC7CV48cIUGq6uaqXmD3R0pXHclQrn5EkYUmqKlKMbh1KT9/M6DKInLFRQ= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM6PR11MB4187.namprd11.prod.outlook.com (2603:10b6:5:19e::32) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.25; Tue, 12 Oct 2021 10:24:59 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::740e:126e:c785:c8fd%4]) with mapi id 15.20.4587.026; Tue, 12 Oct 2021 10:24:59 +0000 From: "Ananyev, Konstantin" To: "Nicolau, Radu" , Ray Kinsella , Akhil Goyal , "Doherty, Declan" CC: "dev@dpdk.org" , "Medvedkin, Vladimir" , "Richardson, Bruce" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "anoobj@marvell.com" , "Sinha, Abhijit" , "Buckley, Daniel M" , "marchana@marvell.com" , "ktejasree@marvell.com" , "matan@nvidia.com" Thread-Topic: [PATCH v8 03/10] security: add UDP params for IPsec NAT-T Thread-Index: AQHXvpT1Px9CRxETNkSqmVnLnkI9BKvPKZGw Date: Tue, 12 Oct 2021 10:24:59 +0000 Message-ID: References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20211011112945.2876-1-radu.nicolau@intel.com> <20211011112945.2876-4-radu.nicolau@intel.com> In-Reply-To: <20211011112945.2876-4-radu.nicolau@intel.com> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.6.200.16 authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=intel.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e43123e6-f75c-462f-ad1e-08d98d6a8b42 x-ms-traffictypediagnostic: DM6PR11MB4187: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: QtSPDjJMcZ1/WiF1GvsUkIatfNMT5iCHP5psEzFg7rgFubvEi+iLOpXEvP/Oa8NOa3v07Ai1Tydve7pyRoWiAbg/PV7fnuJp8Pga3IlMbkLXoYOcSUuMGRa9G1LJ5UyI4jgoOg8iT3k/VFHPQ+PslqXlWq+8MAg+cCkNMnpvNPj9mDbGC3nCOpLLz60GAuz2Bqn8Pz429xg3RodLRgdh7+osqay6I2X2P8yfYyRIGlVFJx39RWa3SSl4TH4DUJxiugODRjNPaAgytYLXWvfNUFJUv2snHMBsOng0lJ7HeDzE9YsNAGgaS97OhqLNeP+cCIsDwGKEPTHq3Zw50wlHLGQy2N/VFxwuxYUjFuoqpr1FoLUjO7h9QFzARXniCxZZ3TmVOMF+Dr3Jdlw2KkZ4B3AUAL/0MECWeDvz4PJz89yFWGjAyy24irqxFUhwKY9wo4QtB95FkJTxa2IyKIXVfg+cjDGB070UazzeLn4qbkro7hJm4kz9hjoNh1lQdvRcWto3lH0afBP680QnwuVX72EmcB+XFuwem6mETN0hUdB5R8b5ojyUoG2XB/FjKjLfCCWdWMTryKntlkg2Rvx+hsbXBv1IxKedZza1JUwKmhjpEAywUg4H26VzI38jJKnP5E65U95doQ/gbMM4A28DnJNa/5sIAqgqT3Q6s3IV5auGvgZaoy2deDfD+KX7SC1mHrEAqmPvjadh6pD2wi9F6A== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(38100700002)(8676002)(15650500001)(83380400001)(110136005)(54906003)(8936002)(2906002)(316002)(38070700005)(66946007)(186003)(86362001)(66446008)(64756008)(66556008)(66476007)(33656002)(52536014)(55016002)(76116006)(122000001)(71200400001)(5660300002)(26005)(4326008)(508600001)(7696005)(6506007)(9686003)(55236004)(6636002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lZjakdJ178bGEycmdPQjC+3tzCCYus5T3HtTU4PmJNJ77ERBDcQMQ4Rhdhrg?= =?us-ascii?Q?GSv0RVlxLM3pJGBFW1LSNviv70lEoiMOJLg/up0tpx7g5/ePuplbk7+tCwHJ?= =?us-ascii?Q?fNzS210VEmQTE1tAxNwQdNeRR5iDU+kx4TzBk6ug4CsWaYeiu6UqI6+QmtoO?= =?us-ascii?Q?xBDeq5781rJKp8EUJZ4V+B9KjmKeI5BdU4w5YF5Va+QM0rS6ZK1Sdpuv38lZ?= =?us-ascii?Q?6/YHrnekOwHBaaXvwVnj4RVwrhOzV2k3KA6ey6Qobm1vN+U/7Xf7YoagjVuA?= =?us-ascii?Q?Kd+5tU/nsdR/mwryrHZPxtgpjxRFbosxWeh7qJBV4ENwrSnESfUkTubZ7rfQ?= =?us-ascii?Q?LK19oq1o4Bg9vf2GQ2SKIwzGxhslXXC+bWTwgzYBpWFUjoW1LogoLh7OS1o3?= =?us-ascii?Q?s4ZqARZg9upZkPaAinRHHcdO8mBqc29aTFpF7/Isi6WIbzDW4kP9AoJuvU6L?= =?us-ascii?Q?eiQ93YK5L1F64eUHs0hPHbtDbklOe0ZjJrVSD7pHJOY76MyoI6wqNa1CNz2y?= =?us-ascii?Q?LcyDekC3SlWL/tN3Ec6rBgOnWfNaxB2jGIbIF1gt059KVbOlbCKY8EO8Pg8G?= =?us-ascii?Q?iNGidYKnr7ijfT4hxMdyy/c8gf6PRRYJ9WA33oiIoAqyY/M6SJOtov8jVCU2?= =?us-ascii?Q?AgNDnMYJaPyyFpigh9UaZmEo+IjJoN3EKeQvhYwtTcfjyLgfqw20m5safwAI?= =?us-ascii?Q?wY3NKvFEnM9zo7TLRUpQ0hBecx+zXUXjIZCQEeXyNsc9Wl/xqnWKt8/Wd88K?= =?us-ascii?Q?4Y78oRLv9Cu9//J3A5tmpjNRUOxg10S3236DYsPuyJ4EYk55Vol3Hl9SAFfp?= =?us-ascii?Q?oIv+mQZH7HSpLbAWGVwGWcsBKGNPktXBCv13gCBhJ67xQr6Vo+FB6PPIjQJQ?= =?us-ascii?Q?TmhVW3sTINdmJqeTKMIOCKlGjfmuoYDHsrcDZdyDe5VdpP1OB3g9Z/qvalyc?= =?us-ascii?Q?CrVVhsTJ5gXmphgbE254L/zGjXAjDiI129T0Jbik69izmS2EskPdVJncBz8E?= =?us-ascii?Q?larcp7hZ35IOUueT856cBRzRbVtbRnQLB248q8Ddpa7ODQXcoAvLEHi2sRcq?= =?us-ascii?Q?4SgASYKC8itJwBsQw96K/l9n818RTMzLB7AgHWE2U2psKLT+lGdS4j1ssbCl?= =?us-ascii?Q?KrYq0sTaCU5H4qUobEcwjrQoZDwTqxvqpd64QVJ0uT5qdRzkP3mVfpJPqa2z?= =?us-ascii?Q?2wA4kE0eqmWBIE03Oha4v0DHh8G0IoS8XT2AhNk0pah7JPJfz/35pkaUVr0a?= =?us-ascii?Q?RtPMeyyu1KThnrjNX+KVRu1xEBvBMbWDuOvTqGgLjQX0mtHPxKhN0uEsVa2R?= =?us-ascii?Q?x6d6oJdyVhrXMmXnQAc+F8EQ?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: e43123e6-f75c-462f-ad1e-08d98d6a8b42 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2021 10:24:59.0499 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: m3L5+T88+7ecHWmINz1d2YLJQzIXOy6ef2PQfDG9Mt70t6rIoId37gZSvGTb9W/VMklv0Y+HbExyhE47x/gMcSGAGJxJKvZhffUVD4x+t3I= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4187 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH v8 03/10] security: add UDP params for IPsec NAT-T X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" =20 > Add support for specifying UDP port params for UDP encapsulation option. > RFC3948 section-2.1 does not enforce using specific the UDP ports for > UDP-Encapsulated ESP Header >=20 > Signed-off-by: Declan Doherty > Signed-off-by: Radu Nicolau > Signed-off-by: Abhijit Sinha > Signed-off-by: Daniel Martin Buckley > Acked-by: Fan Zhang > Acked-by: Anoob Joseph > --- > doc/guides/rel_notes/deprecation.rst | 5 ++--- > doc/guides/rel_notes/release_21_11.rst | 5 +++++ > lib/security/rte_security.h | 7 +++++++ > 3 files changed, 14 insertions(+), 3 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/= deprecation.rst > index 8b7b0beee2..d24d69b669 100644 > --- a/doc/guides/rel_notes/deprecation.rst > +++ b/doc/guides/rel_notes/deprecation.rst > @@ -210,9 +210,8 @@ Deprecation Notices > pointer for the private data to the application which can be attached > to the packet while enqueuing. >=20 > -* security: The structure ``rte_security_ipsec_xform`` will be extended = with > - multiple fields: source and destination port of UDP encapsulation, > - IPsec payload MSS (Maximum Segment Size). > +* security: The structure ``rte_security_ipsec_xform`` will be extended = with: > + new field: IPsec payload MSS (Maximum Segment Size). >=20 > * security: The IPsec SA config options ``struct rte_security_ipsec_sa_o= ptions`` > will be updated with new fields to support new features like IPsec inn= er > diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_note= s/release_21_11.rst > index 8ac6632abf..1a29640eea 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -238,6 +238,11 @@ ABI Changes > application to start from an arbitrary ESN value for debug and SA life= time > enforcement purposes. >=20 > +* security: A new structure ``udp`` was added in structure > + ``rte_security_ipsec_xform`` to allow setting the source and destinati= on ports > + for UDP encapsulated IPsec traffic. > + > + > Known Issues > ------------ >=20 > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > index 371d64647a..b30425e206 100644 > --- a/lib/security/rte_security.h > +++ b/lib/security/rte_security.h > @@ -128,6 +128,11 @@ struct rte_security_ipsec_tunnel_param { > }; > }; >=20 > +struct rte_security_ipsec_udp_param { > + uint16_t sport; > + uint16_t dport; > +}; > + > /** > * IPsec Security Association option flags > */ > @@ -288,6 +293,8 @@ struct rte_security_ipsec_xform { > }; > } esn; > /**< Extended Sequence Number */ > + struct rte_security_ipsec_udp_param udp; > + /**< UDP parameters, ignored when udp_encap option not specified */ > }; >=20 > /** > -- Acked-by: Konstantin Ananyev > 2.25.1