From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id E9DC2A0471
	for <public@inbox.dpdk.org>; Wed, 14 Aug 2019 11:22:27 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id B745937B7;
	Wed, 14 Aug 2019 11:22:27 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id D70B8375B
 for <dev@dpdk.org>; Wed, 14 Aug 2019 11:22:25 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 x7E9JiX2018666; Wed, 14 Aug 2019 02:22:24 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : references : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=pfpt0818;
 bh=ZWrmpELhLSdgFWweGGLvPRCrNmrYb5ZeLTt/qUqkE/A=;
 b=e4j+G86C9ecxWEkexQVkGKXIqoddVQ0ZvDzws2+G+nwzDHrJehfHeq0DYh/fyE4AiQMJ
 u9G/fuJW04BgNOhTbr0/ZvdQdo8rGcc1Rm7i0IT+K6Bwwa2GJHnVGiYz6FpOVIZIFg29
 BnnoMLVgA4R2Qw7Llqv+QNTr0H6JHGaGuVr8KvP8fCMleXgqgaYOHrJ1iszJ7qjEGFeM
 vrAWPiRDlKTBXoR72EyLN4EiXMrVw7gUUhOf/nWgGYHb1rHhKrz5wtPYGpqwAf6g66MT
 b2VeiTfZJlK+YgTLxTvlTxtoDaqu/C0EkhZ8SXQT57mUrhM5elMUqACbSnAW1yAixvnt xA== 
Received: from sc-exch04.marvell.com ([199.233.58.184])
 by mx0b-0016f401.pphosted.com with ESMTP id 2ubfabeej7-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 14 Aug 2019 02:22:24 -0700
Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH04.marvell.com
 (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 14 Aug
 2019 02:22:22 -0700
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (104.47.48.53) by
 SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server
 (TLS) id
 15.0.1367.3 via Frontend Transport; Wed, 14 Aug 2019 02:22:22 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=Fa2VGsYTmAd48lGtiQyjgfrE5SslTLtyGwczHf4uzjljCv5wPQz20kSct5P0Q+BbjUdkktA9CyTcYAyr4y6Y7midNt0LyBbzn/CLZvwyoLXuVEDf8HShlAZfvUKxYJaIXChpXVrqbF1OvRLki+gDs0DyQ6dMRwmFTyYxJ4lAr+6w+ki79k+N+6lNpbmU7oCn7nSWeXMJDasy9CinG2jvNmpXy1DO6d/rwD0p8ARvtDybkayDgRmIapupdEmCvZ93UbA3iysX6rGhDBNwvn6bkkYvi1wBFy77v/5Z41tYez/8RGWp4+waZrJqrdACJ0sZm3AI/2RpdTHCjGtksGUk4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ZWrmpELhLSdgFWweGGLvPRCrNmrYb5ZeLTt/qUqkE/A=;
 b=UmtnGwiDwlK5a4r7IdubfaxoDAVX9GxBwe64PA++OytO7M+NIdh4ebsmhQ8Vy+PuKBDVSX1X1LPhW9IGHnn+qcFA3PqVoGcVkQF9zD/4Ofd5/dbgFSGFCxQocG0oRLvnDHAe8CjspMFGCli9cH4dh8oSx2uNgkSwJfoG7esju0NHsqMP/Xrs+GgOrhySDHKj9afx9DCFLTqaChmjqRiXo2bBtM2pehJeVtudorCDorSfs3UUArivSztnNOlUewl/dY4wQpTSi14s0PiOfCSEPcgG8Qs1Lbcfj1tVmtSMLKxBI1F/1h0Ojo/D21/nBgksBEV5BHC+7S4dpETY5+8QnA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com;
 dkim=pass header.d=marvell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ZWrmpELhLSdgFWweGGLvPRCrNmrYb5ZeLTt/qUqkE/A=;
 b=SNWQZn5U6hlrKV870Oq7mJ6ScBTVHR5q6F1Or1LBhJF2NiEE+J3PNG7Of1qvkSriQ0d6/6QnsoTcNKg8iZwbZVoT0pIVmd85hV59oYJ4hQmn5lRRg+LLa1uQYI8+UK0XG3gbDMEoikM9+1K2byHbCv+UyTv9k3r9XTIPFR7s+WI=
Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by
 MN2PR18MB2526.namprd18.prod.outlook.com (20.179.83.11) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2157.13; Wed, 14 Aug 2019 09:22:21 +0000
Received: from MN2PR18MB2877.namprd18.prod.outlook.com
 ([fe80::7cdd:71d0:6771:4bed]) by MN2PR18MB2877.namprd18.prod.outlook.com
 ([fe80::7cdd:71d0:6771:4bed%6]) with mapi id 15.20.2157.015; Wed, 14 Aug 2019
 09:22:21 +0000
From: Anoob Joseph <anoobj@marvell.com>
To: Akhil Goyal <akhil.goyal@nxp.com>, Adrien Mazarguil
 <adrien.mazarguil@6wind.com>, Declan Doherty <declan.doherty@intel.com>,
 Pablo de Lara <pablo.de.lara.guarch@intel.com>, Thomas Monjalon
 <thomas@monjalon.net>
CC: Jerin Jacob Kollanukkaran <jerinj@marvell.com>, "Narayana Prasad Raju
 Athreya" <pathreya@marvell.com>, Ankur Dwivedi <adwivedi@marvell.com>,
 "Shahaf Shuler" <shahafs@mellanox.com>, Hemant Agrawal
 <hemant.agrawal@nxp.com>, "Matan Azrad" <matan@mellanox.com>, Yongseok Koh
 <yskoh@mellanox.com>, Wenzhuo Lu <wenzhuo.lu@intel.com>, Konstantin Ananyev
 <konstantin.ananyev@intel.com>,
 Radu Nicolau <radu.nicolau@intel.com>, "dev@dpdk.org" <dev@dpdk.org>
Thread-Topic: [RFC] ethdev: allow multiple security sessions to use one rte
 flow
Thread-Index: AQHVQiqb+Q3LzHQ2jE6n11KGx7fifKbnYxIAgBMawVA=
Date: Wed, 14 Aug 2019 09:22:21 +0000
Message-ID: <MN2PR18MB2877CF711F317781CBAB1FCDDFAD0@MN2PR18MB2877.namprd18.prod.outlook.com>
References: <1563977848-30101-1-git-send-email-anoobj@marvell.com>
 <BN8PR18MB2868AD3752E5C20D04D05413DFD90@BN8PR18MB2868.namprd18.prod.outlook.com>
In-Reply-To: <BN8PR18MB2868AD3752E5C20D04D05413DFD90@BN8PR18MB2868.namprd18.prod.outlook.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [115.113.156.3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3e450162-51cc-4af8-9ea2-08d72098e91f
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(7168020)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:MN2PR18MB2526; 
x-ms-traffictypediagnostic: MN2PR18MB2526:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR18MB25264DFA7538838C4EA42717DFAD0@MN2PR18MB2526.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 01294F875B
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(346002)(396003)(376002)(39860400002)(136003)(366004)(189003)(199004)(53754006)(13464003)(66476007)(305945005)(11346002)(14444005)(6436002)(186003)(54906003)(6116002)(64756008)(8676002)(316002)(76176011)(3846002)(110136005)(66556008)(486006)(66446008)(561944003)(14454004)(66066001)(256004)(55016002)(7696005)(7416002)(446003)(33656002)(53936002)(9686003)(25786009)(476003)(5660300002)(52536014)(81166006)(81156014)(99286004)(26005)(8936002)(6246003)(478600001)(71200400001)(2906002)(53546011)(15650500001)(7736002)(6506007)(55236004)(102836004)(4326008)(66946007)(71190400001)(76116006)(86362001)(229853002)(74316002);
 DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB2526;
 H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: marvell.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: WGbOkunl8IHAdhfRyXR7C2+O4IbcM7dgM7afiAUgS96F91EcEMpuCzBAyAnO2UcCP6/GrBM1IfQ+XHOMyZdO0UxMfziCySKtz81ipMrvpYGIVzua8AKQtK51O2CqClsHPLildaxOFKFTVU+V3ZCGAZvSB3GKPaReqhPFGnf0GInAhkwkG4+oWRIgp0MOt4lBLyhSQoghDIYbMxlxc4d9Y5iHhShCOpRcoSm1y9ElDnkhy0lSO6OpWsd9YUTNFzNWUAhE2/vSmTYVclkeQdiWU3o0rXypiWG3YCAg8v9ezYa2OpXugd9ZMVI7djlxN8WDsLONt+vBilqzjAB+mDgsRH6j2Ftr+Xt0j15VhDYPFbzLkRArJtlZFjjubvD6QaPS707jQV9LDJH/RnIqA6X/PBv/2TbQi5Jf0I7mRdwfkQ8=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e450162-51cc-4af8-9ea2-08d72098e91f
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2019 09:22:21.3406 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 2LX+G34qFwv/CtTRPvqAxnqCT9jve/n1QPP1jvakBxFKHfFGMpreQJhP+qskTDCG78CPn+Pb1epHOZKUA859qw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2526
X-OriginatorOrg: marvell.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:5.22.84,1.0.8
 definitions=2019-08-14_03:2019-08-14,2019-08-14 signatures=0
Subject: Re: [dpdk-dev] [RFC] ethdev: allow multiple security sessions to
 use one rte flow
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi all,

Reminder...!

If there are no concerns, I'll send the patch after adding the required cha=
nges in ipsec-secgw as well.

Thanks,
Anoob

> -----Original Message-----
> From: Anoob Joseph <anoobj@marvell.com>
> Sent: Friday, August 2, 2019 11:05 AM
> To: Anoob Joseph <anoobj@marvell.com>; Akhil Goyal
> <akhil.goyal@nxp.com>; Adrien Mazarguil <adrien.mazarguil@6wind.com>;
> Declan Doherty <declan.doherty@intel.com>; Pablo de Lara
> <pablo.de.lara.guarch@intel.com>; Thomas Monjalon
> <thomas@monjalon.net>
> Cc: Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Narayana Prasad Raju
> Athreya <pathreya@marvell.com>; Ankur Dwivedi
> <adwivedi@marvell.com>; Shahaf Shuler <shahafs@mellanox.com>;
> Hemant Agrawal <hemant.agrawal@nxp.com>; Matan Azrad
> <matan@mellanox.com>; Yongseok Koh <yskoh@mellanox.com>; Wenzhuo
> Lu <wenzhuo.lu@intel.com>; Konstantin Ananyev
> <konstantin.ananyev@intel.com>; Radu Nicolau <radu.nicolau@intel.com>;
> dev@dpdk.org
> Subject: RE: [RFC] ethdev: allow multiple security sessions to use one rt=
e
> flow
>=20
> Hi Akhil, Adrien, Declan, Pablo,
>=20
> Can you review this proposal and share your feedback?
>=20
> Thanks,
> Anoob
>=20
> > -----Original Message-----
> > From: Anoob Joseph <anoobj@marvell.com>
> > Sent: Wednesday, July 24, 2019 7:47 PM
> > To: Akhil Goyal <akhil.goyal@nxp.com>; Adrien Mazarguil
> > <adrien.mazarguil@6wind.com>; Declan Doherty
> > <declan.doherty@intel.com>; Pablo de Lara
> > <pablo.de.lara.guarch@intel.com>; Thomas Monjalon
> > <thomas@monjalon.net>
> > Cc: Anoob Joseph <anoobj@marvell.com>; Jerin Jacob Kollanukkaran
> > <jerinj@marvell.com>; Narayana Prasad Raju Athreya
> > <pathreya@marvell.com>; Ankur Dwivedi <adwivedi@marvell.com>;
> Shahaf
> > Shuler <shahafs@mellanox.com>; Hemant Agrawal
> > <hemant.agrawal@nxp.com>; Matan Azrad <matan@mellanox.com>;
> Yongseok
> > Koh <yskoh@mellanox.com>; Wenzhuo Lu <wenzhuo.lu@intel.com>;
> > Konstantin Ananyev <konstantin.ananyev@intel.com>; Radu Nicolau
> > <radu.nicolau@intel.com>; dev@dpdk.org
> > Subject: [RFC] ethdev: allow multiple security sessions to use one rte
> > flow
> >
> > The rte_security API which enables inline protocol/crypto feature
> > mandates that for every security session an rte_flow is created. This
> > would internally translate to a rule in the hardware which would do pac=
ket
> classification.
> >
> > In rte_securty, one SA would be one security session. And if an
> > rte_flow need to be created for every session, the number of SAs
> > supported by an inline implementation would be limited by the number
> > of rte_flows the PMD would be able to support.
> >
> > If the fields SPI & IP addresses are allowed to be a range, then this
> > limitation can be overcome. Multiple flows will be able to use one
> > rule for SECURITY processing. In this case, the security session provid=
ed as
> conf would be NULL.
> >
> > Application should do an rte_flow_validate() to make sure the flow is
> > supported on the PMD.
> >
> > Signed-off-by: Anoob Joseph <anoobj@marvell.com>
> > ---
> >  lib/librte_ethdev/rte_flow.h | 6 ++++++
> >  1 file changed, 6 insertions(+)
> >
> > diff --git a/lib/librte_ethdev/rte_flow.h
> > b/lib/librte_ethdev/rte_flow.h index f3a8fb1..4977d3c 100644
> > --- a/lib/librte_ethdev/rte_flow.h
> > +++ b/lib/librte_ethdev/rte_flow.h
> > @@ -1879,6 +1879,12 @@ struct rte_flow_action_meter {
> >   * direction.
> >   *
> >   * Multiple flows can be configured to use the same security session.
> > + *
> > + * The NULL value is allowed for security session. If security
> > + session is NULL,
> > + * then SPI field in ESP flow item and IP addresses in flow items
> > + 'IPv4' and
> > + * 'IPv6' will be allowed to be a range. The rule thus created can
> > + enable
> > + * SECURITY processing on multiple flows.
> > + *
> >   */
> >  struct rte_flow_action_security {
> >  	void *security_session; /**< Pointer to security session structure.
> > */
> > --
> > 2.7.4