From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 08221A2EFC for ; Tue, 15 Oct 2019 16:33:12 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 760A61EC00; Tue, 15 Oct 2019 16:33:11 +0200 (CEST) Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150059.outbound.protection.outlook.com [40.107.15.59]) by dpdk.org (Postfix) with ESMTP id 58C081EAE9 for ; Tue, 15 Oct 2019 16:33:10 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=k7n0dx8scC3wsr5dmi++AAQvNAULNtvd5Xy9iyNbcHK958FpdgBgJXBvyWdnr9wpligLM9dYS6Gpg6adwT+WrF9UqvOC+HmC6NnexUFNGRbWQbtDOEOqmSW3PCr9ZJv832U6fyvwPNYToyJUrsKvAmY2Mgn9Ls+51ft/AUO04aNMpx/sheHOiqd8AJ8f/UyBuBo70C/0EnTnyADJVxyUNKOc9fUWvqwYcFE5DY0rXAYJ2KjZbJ3J6O8S9UAf/hcdbK+pBAUlaDAeyn/InZBx96cOLY4J2uGNKc85Zk45wuY2lfaS5USMDJIOyMY5kdlFEYSXoqFrbsNnPV4cj/XKiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mqoDAusVYLQp4wwDGrLILJFhV4XakE3/9eTP3VCE7W8=; b=nCDcTZC355UiLUIF4iOnpY5s4ub0NZWkI9lOogIRV8hKHqZPgc71KqBhP775O0f5BgQe/Nd9FkO/aSMbx9h64312tY3Tu6SfRoXVmfOi913IlNH5TpoubPfP8DSpJNGcG1K82IJw5r9BmTFxG/085bfX3SnzwI3TkALZb2FmsZTlT0zFv8mcrUcqXyqwNsPQLE2uHfFnQgZ5zkSQ4y6gGXnKUuDMVTk2ewcgw7Bbwq0kv2rd69ofV2/9A1HiTPsXVI7WO1RpAOuV6HAS2AQY+DAGEzBPHLdkjdXy/ANyPkf3YRfq+/uj88g+GkCDSJXCRppPNVJ22B2+Abuhb+SExw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mqoDAusVYLQp4wwDGrLILJFhV4XakE3/9eTP3VCE7W8=; b=kjw8CIBdzFEzelkwNao4qM4X5hfps6B46iyKit0jQKyQegt1DzirJOC+YAfRSkUZH8FBksogyuTz9pk/xLxn4DuFlhffrM6P54eseNqD0EQzMcokOu2XDH/0zkeNB4IMedEp6A+vBlrAIHoXsLoFm9KZgtfeQXoOAr/UA7M4cDE= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6429.eurprd04.prod.outlook.com (20.179.232.93) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Tue, 15 Oct 2019 14:33:08 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::c045:5df2:ba1f:c3ee]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::c045:5df2:ba1f:c3ee%5]) with mapi id 15.20.2347.023; Tue, 15 Oct 2019 14:33:08 +0000 From: Akhil Goyal To: "Ananyev, Konstantin" , "Smoczynski, MarcinX" , "anoobj@marvell.com" CC: "dev@dpdk.org" , "Iremonger, Bernard" Thread-Topic: [PATCH v6 2/4] examples/ipsec-secgw: add fallback session feature Thread-Index: AQHVfQ+f6n+h9q1Je0OlT9XliJfw5KdVg9MAgAAM+QCABj6h0A== Date: Tue, 15 Oct 2019 14:33:08 +0000 Message-ID: References: <20190927155446.19136-1-marcinx.smoczynski@intel.com> <20191007130254.3064-1-marcinx.smoczynski@intel.com> <20191007130254.3064-3-marcinx.smoczynski@intel.com> <2601191342CEEE43887BDE71AB9772580191975B26@irsmsx105.ger.corp.intel.com> In-Reply-To: <2601191342CEEE43887BDE71AB9772580191975B26@irsmsx105.ger.corp.intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 72440527-826e-4f9f-be83-08d7517c9969 x-ms-office365-filtering-ht: Tenant x-ms-traffictypediagnostic: VE1PR04MB6429: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-forefront-prvs: 01917B1794 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(346002)(376002)(136003)(396003)(366004)(189003)(199004)(446003)(66066001)(52536014)(5660300002)(186003)(44832011)(11346002)(486006)(76176011)(7696005)(99286004)(229853002)(76116006)(102836004)(26005)(6506007)(476003)(3846002)(478600001)(6116002)(86362001)(33656002)(8936002)(14454004)(6246003)(4326008)(2906002)(7736002)(305945005)(25786009)(8676002)(9686003)(54906003)(110136005)(6436002)(66556008)(316002)(55016002)(71200400001)(71190400001)(66946007)(2501003)(66476007)(74316002)(256004)(64756008)(81156014)(81166006)(66446008); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6429; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: U96jbyrHpMODUoV0GRk0l5Bzk4LnGq5JbTm4Cvi4Dv3Wk2Ku/sP2uyxYfiLoFyfwuXPiSCu6hj24Ow7EVMbuCWAqW7bJDOw7rOxFyMqImUK24DbIK3ogpzBIASD3zg/OvL+12/1ex24YVxZN7g+t3OlVadPw31/sch08KcZz+IjDr8bY2ecH3sVlZlYe3Pvc04vxEUfQWf3q5xoN3NzZnGO9B3cRkLUt1kLrg2YVVQSw/kDd8pB+IomZFgYWFpwsdEpE8b7VPlz8khngwdnp5iuiUKD/OowYTQvy5D1WFz320aSJzh2Qz8/7S9wVsXnR6oCgQOYuMzWampVKE+kKZO5TkDx0IpOXNFL8DusQFNqBBoE/S2tqfQe8v13GTFOeWFpI7mam6oFDY4iK4OW+I+JIrhNhPn/e4+QvPHwnnwc= x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 72440527-826e-4f9f-be83-08d7517c9969 X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Oct 2019 14:33:08.6573 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: RJRWfzsqOs/PbO85PfZ8s95HjAhttUR+nQELXL2uBet43zu864P6aGo5hw98Tfb8wLpthd6ds12C21MM3ZzILA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6429 Subject: Re: [dpdk-dev] [PATCH v6 2/4] examples/ipsec-secgw: add fallback session feature X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstantin, >=20 > Hi Akhil, >=20 > > > > > > Inline processing is limited to a specified subset of traffic. It is > > > often unable to handle more complicated situations, such as fragmente= d > > > traffic. When using inline processing such traffic is dropped. > > > > > > Introduce fallback session for inline processing allowing processing > > > packets that normally would be dropped. A fallback session is > > > configured by adding 'fallback' keyword with 'lookaside-none' or > > > 'lookaside-protocol' parameter to an SA configuration. > > > > > > Using IPsec anti-replay window or ESN feature with fallback session i= s > > > not yet supported when primary session is of type > > > 'inline-protocol-offload' or fallback session is 'lookaside-protocol' > > > because SA sequence number is not synchronized between software and > > > hardware sessions. Fallback sessions are also limited to ingress IPse= c > > > traffic. > > > > > > Fallback session feature is not available in the legacy mode. > > > > > I started looking this patch, but some initial thoughts looking at the = patch > description. > > > > When you say a fallback session will be a lookaside none or lookaside p= rotocol, > > the packet will be processed asynchronously and might as well reorder. >=20 > Yes, we documented it as one of limitations. > Though as I already mentioned for some use-cases some reordering it is > acceptable. Which usecases allow reordering. I think most stacks have replay window of = less than 256/128 frames. >=20 > > The best possible solution for this would be the synchronous API which= are in > talks >=20 > Agree, that would be a way to avoid reordering, but it is not there yet. >=20 > > in another patchset or use a SW PMD(eg. Openssl etc.) session and wait = till you > get the packet dequeued. > > So effectively async APIs will be used to behave synchronously. > > You can not use hardware PMD session as it will perform very badly for > fallback packets > > Because you have to wait till the packet is not getting dequeued back. >=20 > We don't plan to support that model because of great performance penalty = you > mentioned. So what is currently supported with this patchset. - cpu crypto is not there yet. - SW PMD you are not supporting that model. >=20 > > > > Having said that, you won't find a device or a scenario where you can u= se > > Inline crypto as primary and lookaside proto as fallback. > > It can only be like inline crypto as primary and lookaside none as fall= back. >=20 > Yes, correct. > I thought that we already removed lookaside-proto from supported types. > If we didn't - will certainly do that. >=20 > > > > BTW, I am ok with Patch 1/4 and 3/4. If no objections from the communit= y, I > can pick those. >=20 > Great to hear. > What obstacles do you see with others two? I believe there are some discussion going on between you and Anoob. > Konstantin >=20 > > > > -Akhil > > > > > Acked-by: Konstantin Ananyev > > > Tested-by: Bernard Iremonger > > > Signed-off-by: Marcin Smoczynski > > > ---