From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B97A2A0C41; Mon, 2 Aug 2021 09:07:29 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 4929540143; Mon, 2 Aug 2021 09:07:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id C609940140 for ; Mon, 2 Aug 2021 09:07:27 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 17274rQf013037; Mon, 2 Aug 2021 00:07:26 -0700 Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2177.outbound.protection.outlook.com [104.47.59.177]) by mx0a-0016f401.pphosted.com with ESMTP id 3a62651ask-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Mon, 02 Aug 2021 00:07:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=eSRFW53B/gAT36znqc16xxHiuUD40AahXrz4Ee+eUNbCTlPYAOsOu2K3VdWzIbSk0bmMNyZ/1RGjNBofSYzlJxSpQp36ZWFWB/H+tFivOsEWmhEqXrtf3l17WIzEyonoCfpb5TnM1m5+y+RZOBZBKcPzKTUhQPP3vO5xw3849UHcMg4QOlQZ67mjbMUEu/8ciFPDxYLUGW8JBc7SSYmaFGnbc7wTCa8XDCpqmo3lyfk7SBvAlUfkwTIcONc+NS2C4KIVN+CetFSjTlC3nxjQMQgHrqsddCxTOpq5Ns1CbwpDTToQNY2kaaXDS/fBQpzU1Tc8TpF/W4kwQpaZUxODLA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZEwM7GUhlk9b/4kWTARIl0zIMtColIRNpX5yt+mVWMk=; b=JsXncv2tIRP4/wi3CZ0ntnHeKjKF6uYZzp6qSe6bcQpkBGKAKf1gI6D+eJTpSANHHkumO+GllXwsTEUVZqU5ca9QiXyeeJXF2ZoDRTAJGKfe3BmDzJN7D4Rw98VGw0k1ObORnesmbEeZ/crDJhiTe22fonSIIyK8twcHJXdJyAsv/svYJPvjAgYJT7cwMRWFHXcZwhpUWFCyl1uiEWlTGLsM8uUUbuGVqNnHu4CcsGXcEAYTxIVbjyIvpiskTruerdwXafSVmJXPRXcmCALZjJ9BdcUvy6LkcnG/hj8vjS0uAo3jDvxQKHFO9JNtg53jkKg5s6dGdrEnaQmtf+8G3w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZEwM7GUhlk9b/4kWTARIl0zIMtColIRNpX5yt+mVWMk=; b=EinEQMAvLHO05nONxVimUt/R7+f3b8rsokBWiorX0D/0LgHMrx9rq3IqBMPekOJlcHNBfRJSvrElxg+sAvqPxY0kUI72ucR9NBGJqgjIDJCTUUcZHVKJi1XonB0yJ8EfWlE9X3uim3lhvDCx1Yxuk5I7JJGAknNi5d+EMdRhjIE= Received: from PH0PR18MB4672.namprd18.prod.outlook.com (2603:10b6:510:c9::16) by PH0PR18MB4671.namprd18.prod.outlook.com (2603:10b6:510:c8::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.21; Mon, 2 Aug 2021 07:07:24 +0000 Received: from PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::b5e6:2157:8ceb:2197]) by PH0PR18MB4672.namprd18.prod.outlook.com ([fe80::b5e6:2157:8ceb:2197%6]) with mapi id 15.20.4373.026; Mon, 2 Aug 2021 07:07:24 +0000 From: Anoob Joseph To: "Ananyev, Konstantin" , Akhil Goyal , "Doherty, Declan" , "Zhang, Roy Fan" , "hemant.agrawal@nxp.com" , "ferruh.yigit@intel.com" CC: Jerin Jacob Kollanukkaran , Ankur Dwivedi , Tejasree Kondoj , "dev@dpdk.org" , Archana Muniganti Thread-Topic: [PATCH 2/2] lib/security: add SA lifetime configuration Thread-Index: AQHXfSwXL7es0wlhlEaNZgD4WrFrVatLXl5ggAnxoACAACF0AIABTI2AgACDB4CAAQP+AIAAITqAgAAWptCAAVBVAIAAB6/Q Date: Mon, 2 Aug 2021 07:07:24 +0000 Message-ID: References: <1626759974-334-1-git-send-email-anoobj@marvell.com> <1626759974-334-3-git-send-email-anoobj@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=marvell.com; x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 25b5e182-58d9-4fd5-f987-08d955842de7 x-ms-traffictypediagnostic: PH0PR18MB4671: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: efpp6laNeI/kPgt5wwbRwdPvPGTc6KfjWRrw2DxxE7bGAuhAIrNJGVenyj9Wqg7UFOVtSR7GSZBstMszwuYQQpTdcAjO43lh+wfe21dSzHUUPkMkwJA29iqRGoTsthHcgUU3mio4ZQSBJyJ+moL4G7PLKxBmA1tRNne7gXnxLUBVWTiu0tpNB1M4ZnDw8RQNMkHvLFKW1XDKv2bEuHVJ5cGUhvT/kr3D0Y9bDotybKj10Fbdok8lmBcnqb8DU9bzCsvTmWGFf3MBMkF7BILIDarnLP0AMv+8/ZSqAmw0b/nj/KkuEX1WWO1w964N6LcX2oyvg6Guikwbg4BBeMHz9YRn7JL4MuUHQcDEG6My9nyhn5bIDK302d0nhD0UloqGOt6TRv0ZiWhMNZqcMjHcFghT0n3qD6d8l9T8wiGKRSAIo2MCs1V+Y64BnKO/2CuifTn/zuXjRTNuNNysPQmJ+IGp//6PjS5RXLQLDMPtf9JQNTH1ivOLGa5yy07LeJedi7AiuGt7jxNY3NegSLi4tKX8XZbWbR4sJa6nKmh0FZwQnWFPXtmlX90zcCdsTwsD+EqYQjAje4Nqcr1rl8BS/8MZ7Tuh9hJJdnWxPKLIhSzpFKvOslv25xObTYujccdPGKUsIneMDMbiJ/MDxZN1+41TNk4rANFP6iFRpWkmUb/JbQbJg9YNfOfh461HrEtwAtpkbQUhnLuQ3hbI+fV8hw== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB4672.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(366004)(396003)(346002)(376002)(136003)(55016002)(38070700005)(71200400001)(122000001)(4326008)(8936002)(8676002)(66446008)(86362001)(66556008)(38100700002)(33656002)(66476007)(64756008)(9686003)(316002)(52536014)(2906002)(26005)(6506007)(66946007)(54906003)(5660300002)(76116006)(107886003)(186003)(110136005)(15650500001)(478600001)(83380400001)(7696005); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?vXfjIz/TQ33NVNoGA72QFUV6ikUsSnVhcVwQ75v2UEo8nhi/JcmmR3oYA8KZ?= =?us-ascii?Q?JRKr0P7fCkDXHrFg1iTMPTxBMBEs1j1ykMOhJbg/d/L6TaFx6qmoqAhAUe8y?= =?us-ascii?Q?YL8DIXcdMvcdQjJSeG8Hp/dWLoq2cXpnrmXJfwXaCkD3eYYry/TZMHp3A4zL?= =?us-ascii?Q?E16MRS/2273VIhz/EHaXsU1FZkhyGcEVj3v0FBsVCktpGZBtTS0UVO/rxX0R?= =?us-ascii?Q?Pv0IHnz8wytxIidgHjC0bXpJDDcf6HG7tiZQ/XqUIuMSsRfqaSVhUVYeqkNK?= =?us-ascii?Q?jtLp0UpyoDUtLoVHoPG98o79KSh7xBThFwInmsbDNS/2CtmVOh6fZcVFsky0?= =?us-ascii?Q?xaBTKpIlQ+HBQtiBdxHkiQxtPSdJ1c5Lb0ku5rUUoO6D24FNPO91JnF9V8ZP?= =?us-ascii?Q?sVAt7XVlvaTMFLj4Jcv8p9m0yo38VbY2WcK4JNCaMpnR0JxlJrdkQGCCJ0fc?= =?us-ascii?Q?xNErWVe7ENjEWttrB26BHF6mZqRJuGI92E8Lft3zwnyeu58rGgUdt9dHK2AB?= =?us-ascii?Q?xrre/ORRS418bRlYb8I4C82Ln802e9O4CR8yMb20Qcj5alC1Q9AWRRBR1XcY?= =?us-ascii?Q?1aa0fQP5HteMn6a5M4SgEWiw7GIm5shtFHqmojeRTDvU7hDX6zZ+C10VTQLt?= =?us-ascii?Q?23emvwx+zGpaTVf+weJ7P+RYVFSLZFa546/FsQiujcqyZpnhGxG8Wzv05p84?= =?us-ascii?Q?/N0ZRkAN78BN6/Wk9HD4iKEmusbwbb07hWbvusVOb3mOueiAU/36YZ9hTaQk?= =?us-ascii?Q?fdQHLcn2v5Dv3BP0IzevYTHxQ+GrzDsm/3M5pdpI1/gH4YGOxBL0Sh2W9I58?= =?us-ascii?Q?OFMfMmonJad6RYJg22hKTgLCy/c2PDUi7xH4U0Tcsi/q4RDY2UYALW8kLHXf?= =?us-ascii?Q?0v6WT5QqDvfLL6QIpR6ZBNBSNGcthL84PqJiESGIKtmMN4i1pSTNnVlBDxvL?= =?us-ascii?Q?XFyvHu75bpF5ZtAICBxQ/7UBwgQ+Uc4rmLA8J8RLzNe2bn2rvATwF7vXYZQ2?= =?us-ascii?Q?EIftd+gQoeAMtaatubCPHa3/sgDb0FnBnCeY1oami4YqsBE0yJlPMBF567gD?= =?us-ascii?Q?xZOHgIrivBjt+vWB988BVZA/Q85UeKdLyVauZEmnrPe0WY7Tg0L6NJ6atiU4?= =?us-ascii?Q?2W8pGN8eAPi7bPnoeA23y0GxNWIk41aPb/54ZMcW+thCIvT/FM1tV4JWYH7f?= =?us-ascii?Q?KTrRp0TuFUsOM4bmGbqTUfeWLayhwXSMlWbRxTzZhU46fw+Ls0IwXBlNneKe?= =?us-ascii?Q?VfudvADS5TpoBRSo4gO4BJXQ/X+Zlbt01OiGz01uU10bPOZHwMKbqTc25V9k?= =?us-ascii?Q?fGJqrRg1diF93uX8kJqcH7dt?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB4672.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 25b5e182-58d9-4fd5-f987-08d955842de7 X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Aug 2021 07:07:24.2503 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: nW4myDnPgAK/RUHrahCicVh9l3hVtlPBTnLWLjC8bPgRRS728BlWebzPx/tNENpGYA/O4E/NSoVuYbe/WLrecw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB4671 X-Proofpoint-ORIG-GUID: -BmS_7WWZmZ8a7Phv2BlmwqjxAkXM4op X-Proofpoint-GUID: -BmS_7WWZmZ8a7Phv2BlmwqjxAkXM4op X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-08-02_01:2021-08-02, 2021-08-02 signatures=0 Subject: Re: [dpdk-dev] [PATCH 2/2] lib/security: add SA lifetime configuration X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstantin, > Subject: [EXT] RE: [PATCH 2/2] lib/security: add SA lifetime configuratio= n >=20 > External Email >=20 > ---------------------------------------------------------------------- > Hi Anoob, >=20 > > Now that we have an agreement on bitfields (hoping no one else has an > > objection), I would like to discuss one more topic. It is more related = to > checksum offload, but it's better that we discuss along with other simila= r > items (like soft expiry). > > > > L3 & L4 checksum can be tristate (CSUM_OK, CSUM_ERROR, > CSUM_UNKOWN) > > > > 1. Application didn't request. Nothing computed. > > 2. Application requested. Checksum verification success. > > 3. Application requested. Checksum verification failed. > > 4. Application requested. Checksum could not be computed (PMD > limitations etc). > > > > How would we indicate each case? > > > > My proposal would be, let's call the field that we called "warning" as > "aux_flags" (auxiliary or secondary information from the operation). > > > > Sequence in the application would be, > > > > if (op.status !=3D SUCCESS) { > > /* handle errors */ > > } > > > > #define RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECKSUM_COMPUTED (1 << 0) > #define > > RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECSUM_GOOD (1 << 1) > > > > if (op.aux_flags & > RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECKSUM_COMPUTED) { > > if (op.aux_flags & > RTE_SEC_IPSEC_AUX_FLAGS_L4_CHECSUM_GOOD) > > mbuf->l4_checksum_good =3D 1; > > else > > mbuf->l4_checksum_good =3D 0; > > } else { > > if (verify_l4_checksum(mbuf) =3D=3D SUCCESS) { > > mbuf->l4_checksum_good =3D 1; > > else > > mbuf->l4_checksum_good =3D 0; > > } > > > > For an application not worried about aux_flags (ex: ipsec-secgw), > > additional checks are not required. For applications not interested in > > checksum, a blind check on op.aux_flags would be enough to bail out ear= ly. > For applications interested in checksum, it can follow above sequence (ki= nds, > for demonstration purpose only). > > > > Would something like above fine? Or if we want to restrict additional > > fields for just warnings, (L4_CHECKSUM_ERROR), how would application > > differentiate between checksum good & checksum not computed? In that > case, what should be PMDs treatment of "could not compute" v/s > "computed and wrong". >=20 > I am ok with what you suggest. > My only thought - we already have CSUM flags in mbuf itself, so why not t= o > use them instead to pass this information from crypto PMD to user? > That way it would be compliant with ethdev CSUM approach and no need to > spend > 2 bits in 'aux_flags'. > Konstantin [Anoob] You are right. We do have CSUM flags in mbuf and that would fully s= uite our requirement here.=20 Our problem was, it's called PKT_RX_ and the description text refers to RX. /** * Mask of bits used to determine the status of RX IP checksum. * - PKT_RX_IP_CKSUM_UNKNOWN: no information about the RX IP checksum * - PKT_RX_IP_CKSUM_BAD: the IP checksum in the packet is wrong * - PKT_RX_IP_CKSUM_GOOD: the IP checksum in the packet is valid * - PKT_RX_IP_CKSUM_NONE: the IP checksum is not correct in the packet * data, but the integrity of the IP header is verified. */ But if we overlook that (& may be update documentation), it's a rather grea= t idea. We could use similar PKT_TX_* flags for requesting checksum generat= ion with outbound operations (checksum generation for plain packet before I= Psec processing). /** * Offload the IP checksum in the hardware. The flag PKT_TX_IPV4 should * also be set by the application, although a PMD will only check * PKT_TX_IP_CKSUM. * - fill the mbuf offload information: l2_len, l3_len */ #define PKT_TX_IP_CKSUM (1ULL << 54) /** * Packet is IPv4. This flag must be set when using any offload feature * (TSO, L3 or L4 checksum) to tell the NIC that the packet is an IPv4 * packet. If the packet is a tunneled packet, this flag is related to * the inner headers. */ #define PKT_TX_IPV4 (1ULL << 55) Do you think above might require some modifications to document behavior wi= th lookaside IPsec? Also, these flags are probably the best way for checksum for inner packet w= ith inline IPsec. So this looks like overall better idea. Do you agree? Thanks, Anoob