From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 34BF3A0613 for ; Thu, 26 Sep 2019 11:04:41 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 77D7F1BED5; Thu, 26 Sep 2019 11:04:40 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 07AFC1BEC4 for ; Thu, 26 Sep 2019 11:04:38 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x8Q93wcL011719; Thu, 26 Sep 2019 02:04:38 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=lM4QEclIx9PaaWLabKRyko4m9MvoogmhXTE3z2FAm10=; b=X4K0SUL6B15ix4huVtuHehPLANiLh/T5ME5t+J8/fo3FN91PWYhMh1IJvQjpXzLCrOc8 4erz5gwojvBXEvHIMSUZqlYfwEPtrP4gv641oqJyLnFEF0uOA5uegxV9gPxbNHhityAF xLv72eLYYFIo+hXX0Sa4tU8bKlGf4iUc2npV9QKm5nzBi23/sz6JhcDK7OOGpjSJBzet Jhg8ZHHRwONU5NUpLHiDSXkdW+KhluXjAaDuzw60rgLASxKSYpJUzeuIfqgYPMS8u0MG GjFhK/fPghKCmw4RsCOvQQYov9kiIAII3O2TtsB9OO76dzFfOloDQ5vNZWG3jvRB49fO 9A== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0a-0016f401.pphosted.com with ESMTP id 2v8tcdr02x-3 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 26 Sep 2019 02:04:38 -0700 Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 26 Sep 2019 02:04:20 -0700 Received: from NAM05-BY2-obe.outbound.protection.outlook.com (104.47.50.54) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Thu, 26 Sep 2019 02:04:20 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Vt2v7ANn34Vn4iLSx2opBrokn4P9L78qgQNMJtEhFq0vgTK+e4YG+nNgCyoHpQOKMmJzk/9IylZICXyKk1Z+3yK3/8I2httgnmk7rRjNGuSm+M2eVzbfYxVUbE3v0nM0EVuC5OlulKq1pmXup0U/UbQPZ8AdRY2o0eJ8y5H3oT8Fqz2y6pELo9XvVEd+0o7e0b7ADYg56wxDeUS2ZyDH0W477GNP70Oiht9u7RMNPbFb5C2GLleT6UKnJM4BQ7ihX5uARGXlKyBwD8p0enQMVCjUMZdPqzpRXpwMoAt2h3mbyP1dfXcjkAgia4LXzwq3F9rojGjfzaQr7xOIru8H5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lM4QEclIx9PaaWLabKRyko4m9MvoogmhXTE3z2FAm10=; b=UDn1W4Ak9TnRbVykDi2WuGmVbo/HuYGZSw882JxZCTnjBXAqo3xRIdECezZXRThuMp5TXLkK1PdY9doMhA7k1wbFlAjfbm1XYpnHT6a7ZKdVMB+j+6YB8I4xIwmxTbzGlBTcthV9pG8kiB98sjF/UxKdKdBWW3oCC0XHzxTpjGA5FKP8/WyF7AO1fv9ywCo+sa2J6Zi39n5c8l/SOdapUN097o8c2/jdrKFc9mM5ule1UnGKTbhFbdkOY/ojqdDfyltnYCgzRPnYvXiEEWo305uqB+r8JEj6Z4HnVFlfdV7vh935iEkLZTg2CuZngs1+SLDVQ7p3VnlmZefjYiBSqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=lM4QEclIx9PaaWLabKRyko4m9MvoogmhXTE3z2FAm10=; b=cQLJ3qE/MJYZIW6XtZEk+mGcugBE3tdu36EY460uVyRZcTd6uVyo3TFG4WkIG8f8NlzBlOPSr1aGf5z9JbLRO79aJPXJMauJC2wWRaVZyaobmFZ9VFctQ/TqDratlyd/Hm+JBZ8i7Ay8sLrz67hr/GfgbUgI3xM3B157Z+zCVWw= Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by MN2PR18MB3374.namprd18.prod.outlook.com (10.255.238.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.17; Thu, 26 Sep 2019 09:04:19 +0000 Received: from MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::5007:2282:4aff:5baa]) by MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::5007:2282:4aff:5baa%7]) with mapi id 15.20.2284.023; Thu, 26 Sep 2019 09:04:19 +0000 From: Anoob Joseph To: Marcin Smoczynski , "akhil.goyal@nxp.com" , "konstantin.ananyev@intel.com" CC: "dev@dpdk.org" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Archana Muniganti Thread-Topic: [dpdk-dev] [PATCH v3 0/3] add fallback session Thread-Index: AQHVcgRo85zyvQn15EqlYfBjRx4gCqc9gzWQ Date: Thu, 26 Sep 2019 09:04:19 +0000 Message-ID: References: <20190904141642.14820-1-marcinx.smoczynski@intel.com> <20190923114415.17932-1-marcinx.smoczynski@intel.com> In-Reply-To: <20190923114415.17932-1-marcinx.smoczynski@intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [115.113.156.3] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4d1e982f-b0cd-41c9-d8e4-08d74260840d x-ms-traffictypediagnostic: MN2PR18MB3374: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8882; x-forefront-prvs: 0172F0EF77 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(39860400002)(136003)(346002)(376002)(366004)(13464003)(199004)(189003)(4326008)(76116006)(66946007)(2501003)(66476007)(66556008)(66446008)(64756008)(14444005)(256004)(3846002)(6116002)(52536014)(81156014)(8936002)(81166006)(8676002)(66066001)(7736002)(305945005)(74316002)(33656002)(102836004)(53546011)(55236004)(6506007)(7696005)(76176011)(26005)(446003)(99286004)(229853002)(11346002)(186003)(14454004)(478600001)(2201001)(86362001)(54906003)(110136005)(316002)(2906002)(71190400001)(71200400001)(5660300002)(9686003)(476003)(6436002)(107886003)(55016002)(486006)(25786009)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB3374; H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: marvell.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 6IWBW8vGK3P95AgaCoqxDKjK1RdvVb9VMlHC5OMSTzuHbxkOXkj7aLCFn+iFHuBReGpSkJPUPUbcjbrh2tg/L70qxGxRRGOwlm0dKMZmrOowNODTphzWwvTt09X+/SSR6od7wObqz4AZUxKDeDIqT3I5qJkTnFttqVBq/7ACQ+ZP/jN7mtYrmnL0tp4z4LPbaESxE5sVRY9MusWMuSnL0EM8h/NQ+1fXR7AVE5MqRmDCbRqTiWMhHBf0ZKdgDLK7ZmnDzZubgHrBaiXh/DbYepTVamsB753mruPFKev8jNWamSxU9av7qZMp9yQpcDuoWeRwsppyggz0vvCk9bQnrTVcA7FbuNGknPhLT4Q/tGKEl6sS3oyfNSvTtz2spASE5Yo6JBCWXzDztydT/USAX/+tED2Oz7kuN7I5Kc5c6G8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 4d1e982f-b0cd-41c9-d8e4-08d74260840d X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Sep 2019 09:04:19.4908 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 33c/pYOOVgwSkFUQ6B0r9Z8vTdJcvIXF6mbmDyWTPfKunOkTN4BKP6PXukQ+3t7/JMB1RQri5iUmUGaxoDwftw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB3374 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-09-26_04:2019-09-25,2019-09-26 signatures=0 Subject: Re: [dpdk-dev] [PATCH v3 0/3] add fallback session X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Marcin, Konstantin, I've few more observations regarding the proposed feature. 1. From what I understood, if an ESP packet ends up on an unprotected inter= face and doesn't have 'PKT_RX_SEC_OFFLOAD' bit set, then the packet would b= e looked up to see the associated SA and then fallback session is figured o= ut and then further processing is done. Can you confirm if I understood the sequence correctly? If yes, then aren't= we doing an extra lookup in the s/w? The packet may be looked by the h/w u= sing rte_flow and that information could be used to determine the SA. Also,= if the ESP packet is expected to be forwarded, then the above logic will a= dd an unnecessary lookup even after your h/w has detected that the packet n= eed not be security processed. 2. The solution proposed here seems like adding the handling in ipsec-secgw= instead of ipsec library. In other words, this feature is not getting adde= d in ipsec library, which was supposed to simplify the whole ipsec usage in= DPDK, but fails to handle the case of fragmentation. Also, since the fallb= ack feature is entirely done in the application, it begs the question why t= he same feature is omitted for legacy use case. 3. It seems like ordering won't be maintained once this processing is done.= Again, this is the sequence I understood. Please correct me if I missed so= mething, a. Application receives a bunch of packets (let's say 6 packets), in= which few are fragmented (P3 & P4) and the rest can be inline processed. b. Application receives P1->P2->P3->P4->P5->P6 (in this, P1, P2, P5,= P6 are inline processed successfully) and P4 & P5 are the fragments c. Application groups packets. P1->P2->P5->P6 becomes one group and = P3->P4 becomes another and goes for fallback processing. Now how is ordering maintained? I couldn't figure out how that is done in t= his case. Thanks, Anoob > -----Original Message----- > From: dev On Behalf Of Marcin Smoczynski > Sent: Monday, September 23, 2019 5:14 PM > To: Anoob Joseph ; akhil.goyal@nxp.com; > konstantin.ananyev@intel.com > Cc: dev@dpdk.org; Marcin Smoczynski > Subject: [dpdk-dev] [PATCH v3 0/3] add fallback session >=20 > Add fallback session feature allowing to process packets that inline proc= essor > is unable to handle (e.g. fragmented traffic). Processing takes place in = a > secondary session defined for SA in a configuration file. >=20 > This feature is limited to ingress IPsec traffic only. IPsec anti-replay = window > and ESN are supported in conjunction with fallback session when following > conditions are met: > * primary session is 'inline-crypto-offload, > * fallback sessions is 'lookaside-none'. >=20 > v2 to v3 changes: > - doc and commit log update - explicitly state feature limitations >=20 > v1 to v2 changes: > - disable fallback offload for outbound SAs > - add test scripts >=20 > Marcin Smoczynski (3): > examples/ipsec-secgw: ipsec_sa structure cleanup > examples/ipsec-secgw: add fallback session feature > examples/ipsec-secgw: add offload fallback tests >=20 > doc/guides/sample_app_ug/ipsec_secgw.rst | 20 ++- > examples/ipsec-secgw/esp.c | 35 ++-- > examples/ipsec-secgw/ipsec-secgw.c | 16 +- > examples/ipsec-secgw/ipsec.c | 99 ++++++----- > examples/ipsec-secgw/ipsec.h | 61 +++++-- > examples/ipsec-secgw/ipsec_process.c | 113 +++++++----- > examples/ipsec-secgw/sa.c | 164 +++++++++++++----- > .../test/trs_aesgcm_common_defs.sh | 4 +- > .../trs_aesgcm_inline_crypto_fallback_defs.sh | 5 + > .../test/tun_aesgcm_common_defs.sh | 6 +- > .../tun_aesgcm_inline_crypto_fallback_defs.sh | 5 + > 11 files changed, 361 insertions(+), 167 deletions(-) create mode 10064= 4 > examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh > create mode 100644 examples/ipsec- > secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh >=20 > -- > 2.17.1