From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 3B0C1A0A0A; Tue, 23 Mar 2021 16:46:56 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 987C1140F40; Tue, 23 Mar 2021 16:46:55 +0100 (CET) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id 6615E4069E for ; Tue, 23 Mar 2021 16:46:53 +0100 (CET) IronPort-SDR: jBuJFNEpsa5mgvY9eElpenXOJOOY/eJVTLrnu2rDOc+v5fGaT8Ulvj/AFf/A4sfhYPA1OSx5XM 6FxgL3K2Zkwg== X-IronPort-AV: E=McAfee;i="6000,8403,9932"; a="170470439" X-IronPort-AV: E=Sophos;i="5.81,272,1610438400"; d="scan'208";a="170470439" Received: from fmsmga008.fm.intel.com ([10.253.24.58]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 23 Mar 2021 08:46:51 -0700 IronPort-SDR: A4GL1mJrV9rkzPtE1sn0ATNmuBI/nJPmeLBwl9p7OblUlmHYWo1NmRaB9LPysOP3FOACSYcnrL WvhRZJPz1yfw== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.81,272,1610438400"; d="scan'208";a="408383006" Received: from fmsmsx604.amr.corp.intel.com ([10.18.126.84]) by fmsmga008.fm.intel.com with ESMTP; 23 Mar 2021 08:46:51 -0700 Received: from fmsmsx609.amr.corp.intel.com (10.18.126.89) by fmsmsx604.amr.corp.intel.com (10.18.126.84) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Tue, 23 Mar 2021 08:46:51 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx609.amr.corp.intel.com (10.18.126.89) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2 via Frontend Transport; Tue, 23 Mar 2021 08:46:51 -0700 Received: from NAM10-BN7-obe.outbound.protection.outlook.com (104.47.70.105) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2106.2; Tue, 23 Mar 2021 08:46:51 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xvg24O8qTbgxQuRLvy/1IbTgmM5pnnQ94E8ovg/1e7lUcuwrfvGYoxxZQYhhTjlquUl2F8ADC36SSAdU7ZwEcjFpHRnC+CVdWJN4H9yYk0PVtLTwUEj2TY74fPuCQwNW47t5QKt1cg9d7rVFHk9PeTJebayy7KJ+NoQX/XHxLTyuc3AAb+Qj93S8c/x53VVD/bdpinucbCt0wF0xIrZX0V/WILWGuzKjdV34/dmtoyDi3oFBcHCIcKClbGrg8mXWlbXH6H5FhEo+otLwpk/5GwSGrTmsR1o7wzSNEYSpbiToXZol/MagYvM79g/I+lDtPCtXzDb3WfFzcZ3mfZ9gYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0g3vfLviCHj/GcsD1a128NxRS52paPU7FbI4o77Epvg=; b=DfCbGaLe5R8SGBrFOZq4aLJL7oBuZujzZQ0427g8Sp3GjvBPyP3RTGQRyxVmw0a/AFr29oe9YVPFiHQezxagFPcB47kWlSnUoDt8tQK1kVuiSrtwnRN+4eONtM21xedmA2iWi/Kq8jZKQRHru74urTbkGz+gfYt7yU5GfJlBDk+kXbj/oS76x6d9WaMLfkRhrillwZ7mkPJdT397nq46/eUfnLGaN1JZB80BswQ4sR3Znw5iyo2PP9ivUhmXS/0RJ4eiOssxbOZgPe8zIDaOr8A9BpV5RlUER72haog0xE87efaSZNEo94Oldn/uCA3h9kR5Y2tHbxTGQYUHJnYNjA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=0g3vfLviCHj/GcsD1a128NxRS52paPU7FbI4o77Epvg=; b=EHC2d+/t6vXlobf3SDT8otqts1sJ5KqmqaoiWqjLKi3YXtsrDx5Im5yJjO/gu9BTOMXIsmC5iIZ18+2q08elMmJ1T7uMqbMra7bMqaOxT1fcPkXnfArNAA5RBXMCUfj0LplNN9Gs5oSnEmoja3dttxlzqKf4Ds1cS1tpgc1uXJA= Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19) by DM4PR11MB5392.namprd11.prod.outlook.com (2603:10b6:5:397::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3977.24; Tue, 23 Mar 2021 15:46:48 +0000 Received: from DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::3182:6da2:8c64:f07a]) by DM6PR11MB4491.namprd11.prod.outlook.com ([fe80::3182:6da2:8c64:f07a%3]) with mapi id 15.20.3955.027; Tue, 23 Mar 2021 15:46:48 +0000 From: "Ananyev, Konstantin" To: Akhil Goyal , Tejasree Kondoj , "Nicolau, Radu" CC: Anoob Joseph , Ankur Dwivedi , Jerin Jacob Kollanukkaran , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support Thread-Index: AQHXGX88kpfR1IrPZ0aUAC3IvRtRz6qLijxggAW4eYCAAGgxgIAADjEAgAAJfvA= Date: Tue, 23 Mar 2021 15:46:47 +0000 Message-ID: References: <20210315103616.31364-1-ktejasree@marvell.com> <20210315103616.31364-3-ktejasree@marvell.com> In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.5.1.3 authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=intel.com; x-originating-ip: [109.255.184.192] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 727434ee-61b7-4410-369c-08d8ee12de79 x-ms-traffictypediagnostic: DM4PR11MB5392: x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: bR3s+YMPe1hx60PfiSUzJa1nQc1BTOdJlavHbrNazy7zQK74MuEh3iCUEjKbydTorQbUD4Uauy5/Xx58WUDbsyPCbf7DU2TbF3Hz7BmXjcdvaHgiQh7Jf6y0FXdOt85gLFxHmZtEDHW/kyVUram8ZhbVcwqfkRvw6gpBfpmJlG3wP5JHmWMtiLwRMgtrEsZmuqx2BDtj8oQF4TBI2ahXjC0goYY4MLdBUqpgFMbQaZaliQUmATPRBSmm25fvdezq5+3N8natk6rQfmeWZ4J3PLGDcIkljukuUO0SY8DtPIqIR5LYLPGVRpSwCP5UzKDPjK/+qqGF1IJIPs20nk9rBoTcK+5LuPZA+qG4T+3RncWd/I+jWWl2V9zSITKu9Dje8TM+ONgChWW0vb4Ro647V05LSU5v2T4037DdRkKWuXT6a05D9pMUwltwSAGE3jVEOfENArCsjInECcxkFkasu7p3ObGH2xe0TRUY9dfvrvsoUdA0YFdHOAW+ijNOAejezxjP1G/W6UDJa6JKcyJuCb8x61sYyVfUE06qZZr2SvOhHVOxqsWXClhd8GqS6hi1cj1XblaoeDQXPL0h7IdnDBQHyGioSHekVxzTaKhegIG5jGEnszs0zzATpxhOTPpQaLj4KqytPiJ6chL0krra9hITOstAQQyXm3h84tPzN58= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(366004)(376002)(136003)(39860400002)(396003)(346002)(38100700001)(478600001)(6636002)(186003)(26005)(316002)(55236004)(8936002)(8676002)(7696005)(6506007)(5660300002)(52536014)(4326008)(71200400001)(66556008)(66476007)(64756008)(55016002)(2906002)(66446008)(76116006)(66946007)(9686003)(83380400001)(86362001)(54906003)(110136005)(33656002); DIR:OUT; SFP:1102; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?7quw3hPIdFLJGlCqTspF7RVh9TLIba13YgFwIPZ/0HQqe6RlvYdyCtc54Vbm?= =?us-ascii?Q?DWUFGD4IHd/QPVMwmpaFzcwxd/j/sGLutIWuGCAbijfHlJWhn21oh6dMUMOn?= =?us-ascii?Q?DraCPbmVZ65b0LCQ9N3Gq9rt6DflAE3pFS+HxwuAsgFtftxKlXVe0ytofYa8?= =?us-ascii?Q?A1xhLyrpmPk1+EoeQUSxOcxtEUXSKI4P7rzgsscosgNhguk1pDgGWUM1/d2C?= =?us-ascii?Q?D9OCtN6/fntgLi+oFKF6pnOTPyt/tfKBwU3Im28r2dPNVjxEPPPwpSv4nuA8?= =?us-ascii?Q?i0sjwjd/o8iaIBQLn/fko0/c7VLyptNFsBivmrKCeM6aqqtpqjLRTmecLqF/?= =?us-ascii?Q?zbfnf86u+HOp0wFePtuAlJm83FKQi6fEH57zkaDVV8fn7uqj0sVuJ+xWosdz?= =?us-ascii?Q?Sxyz6OgP1D7xhswPbdAQ9Bu1lgxWFjQmRepMcHpDXLIICQOmPp3mIg2dUUFB?= =?us-ascii?Q?xijVkzLDnciozKCcCVaS3WvneRaLNhNnCeUYuzr3hHaQV/t/83BQNIy245Cq?= =?us-ascii?Q?JOuslUYLURlbYNMWecwOTEZ0Tvu7pO61jHfZLiOQ/cjPDeQdmfUMg3+UF1Jb?= =?us-ascii?Q?KYpGxAbWE3lq7amKy9qoq8/RPMErlCfKrhkV1lFuxWXsyDgyEDogvKzvvPxW?= =?us-ascii?Q?oI023FAybuJwl7wzkz61fA5q4fsKolbKPNstbugTPudaxiFYLu6FQsKIyLNv?= =?us-ascii?Q?hf7I9A1oW8HMZV4sktG5vuWjTpO2Twht8ZMkrMtc1CWZHeBpyl3uzoUFQtMe?= =?us-ascii?Q?hR5I6EcDrqkjkiDfkaYh/zekHZr94A8DUFIdEzO/LTTHQRtcB8J5vhEMqpj/?= =?us-ascii?Q?M/3lVq4nCS5nEb3S6mRunE5wj8yP/Oy3NDzfvdlN7aOtkFSW77wTANaTLei5?= =?us-ascii?Q?Xd474Iac5HJrnHv4i4TeHVHmlzgaL12VxeFCb9UwOApfIg1EP4fLVydm3FVU?= =?us-ascii?Q?y1caoSNjd5n6ekgtqOQ44PlC/ZBH9eg0CNUE1wb+yySIm0v57XMdqxu2LGNz?= =?us-ascii?Q?JzluqET790mqfTWfm91BIMq093LV6z8tvBx3aI2hBCmO5yozJ72FkX6o+db9?= =?us-ascii?Q?8VuZKieDa7vPd1sBL0H27cszPuKmlFst9ojecth8bUsGg55xUTYD960qCBbN?= =?us-ascii?Q?+ZDn9xd+UVshoVxgbw3DwrdRCIpEjOgL71M1zqd7hJvytIh7sphujXEaBzDV?= =?us-ascii?Q?heoKrWtL6sLS7NTB1BX1WAXqkRzFATzSRXDh1nFl8tiUhC4nSOBZAysBJif6?= =?us-ascii?Q?zymsTg5fQrz9uFxzxzrHn/ceSUifzhPd/hgGpxz3jZjurvldBfiJpAMxKAAq?= =?us-ascii?Q?qm0bVaBpsUUFibS3Q0DhIo5T?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 727434ee-61b7-4410-369c-08d8ee12de79 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2021 15:46:48.1513 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: o5nCbN7gvnKRSNbFQF9wrYHEoJu92GMYpYQBtcB8mzbT7kWDOnoHEnOx0QCVawZ77L+0B0coAiq0wgANB7RXPk4S1eTL7Vzbuc8wGI+4ECI= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5392 X-OriginatorOrg: intel.com Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Hi Konstantin, > > > > Hi Akhil, > > > > > Adding lookaside IPsec UDP encapsulation support > > > > > for NAT traversal. > > > > > Added --udp-encap option for application to specify > > > > > if UDP encapsulation need to be enabled. > > > > > Example secgw command with UDP encapsultation enabled: > > > > > -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-e= ncap > > > > > > > > Can we have it not as global, but a per SA option? > > > > Add new keyword for SA/SP into ipsec-secgw config file, etc. > > > > Konstantin > > > > > > > > > > Any specific reason to make udp_encap as per SA? > > > UDP encapsulation is a feature which I believe should be application = vide. > > > If it supports the feature it should be enabled for all SAs when the = UDP port > > > is 4500 which is reserved for it. > > > > Not sure why it has to be application wide? > > Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over p= ort 0, > > and SA2 with udp encap over port 1? > > Note that in DPDK librte_security it is per SA option. >=20 > UDP encapsulation can be done only if the UDP port is 4500 as per the spe= cification. > Please correct me if I am wrong. So if UDP port is NOT 4500 and udp-encap= is enabled in the > Command line, UDP encapsulation will not work. I am not asking you so support multiple UDP ports for IPsec encapsulation. What I am saying: it should be possible to use SAs with UDP encapsulation along with SAs without (plain tunnel/transport mode). As I understand with your patch it is not possible: if user specified --udp= -encap all SAs (on all crypto-devs) will be treated as UDP encapsulated.=20 >=20 > Hence it does make sense to make it application vide. It will be tedious = for the user to > Add this in every SA. >=20 > Regards, > Akhil >=20