From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 66A9BA0471 for ; Wed, 14 Aug 2019 13:07:23 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id F04FE378B; Wed, 14 Aug 2019 13:07:21 +0200 (CEST) Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70049.outbound.protection.outlook.com [40.107.7.49]) by dpdk.org (Postfix) with ESMTP id EEC32375B for ; Wed, 14 Aug 2019 13:07:20 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YsXF65OTLpVYqVp2Mc7HkjGF/Mu6jjkgeL28aATG3rWo9ZpOJtolgLlQhM3Lk26+z1/039KlnQqnCpGasrhAML6HuYOwA92fnBjrpqQOCqO3Kd+84DWm1kSvQySqX1gQlVbMjQybkQOg6l0Egm+O7+8HzsbpaEp0m5A4NPdXlF0Z1SWm8DiuomCXKfKsRIwjlKmYinoCfsGqala2YJHX+o7oTI8kW5J3Cq4nyz1x/DI3Z8MP9KmR6G6r+4JAdDMxy4WjyR8Fiie4xvd3tqNcd3PGTJu4Mq9t2z9pknOncK5sWzEDbtvtrwes3o7JFaimYrVtDS9e2yKm/or/c8jlSg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jDsrxwn44kODGwiruWSw6kj9bktRFA+biI4uuMAaRRs=; b=P6Hl6UdUf7JagwwwVf/5BShUPLOuNqWimEDsZeV64bKfD4ZrlyZhOalKLiY6/IEeVTnTBPgBmwFV+AsxkVTJmrt9u1X7R3xvxej5BFXwaqoWeGfMznsWpUfGb4NStxUMXZ3H4wAcwNrgHXeiKYk8VRgU1ZuE2VVW0aMLUNb7grch/JzCkF1EZGJumvu8zCn5BOh9RnO5YkqVZRYtCoaZ66pY8saLJrHGGILQm8Ul4TLgUVZLIF5KfvsIbTJrJ4Tyweim7OAF+UHMtXaxJuMSb/+lkSMJIhPl5SPDUKbgDQ2njjV9CP0ww65mDyv+EvFKeR6yXumX/kteLkrwlstnfw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jDsrxwn44kODGwiruWSw6kj9bktRFA+biI4uuMAaRRs=; b=Jncxq8ILdmDbDRlX5c07cLl8TgU+FuhcWRfxJvZUWNirJP/IZG/Hp0QtMbYCBxSaRqlUXzRIE4iSwpSVCEQrhx0GZcpyKBN93nyv8r6E941NULMshQTl7cOgTYDZuYNvzmezud07oo2KAkbniEJHRojtKCkZMxofx4+fUhrfR5s= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (20.179.235.82) by VE1PR04MB6734.eurprd04.prod.outlook.com (20.179.234.33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2157.23; Wed, 14 Aug 2019 11:07:18 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::964:4ddc:346b:e2ec]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::964:4ddc:346b:e2ec%7]) with mapi id 15.20.2157.022; Wed, 14 Aug 2019 11:07:18 +0000 From: Akhil Goyal To: Anoob Joseph , Adrien Mazarguil , Declan Doherty , Pablo de Lara , Thomas Monjalon CC: Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Ankur Dwivedi , Shahaf Shuler , Hemant Agrawal , Matan Azrad , Yongseok Koh , Wenzhuo Lu , Konstantin Ananyev , Radu Nicolau , "dev@dpdk.org" Thread-Topic: [RFC] ethdev: allow multiple security sessions to use one rte flow Thread-Index: AQHVQiqiQXkSuDRH0UWTk2TJNfxPTqbnY7gAgBMbf4CAABnksA== Date: Wed, 14 Aug 2019 11:07:18 +0000 Message-ID: References: <1563977848-30101-1-git-send-email-anoobj@marvell.com> In-Reply-To: Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 75e0e2b7-a544-43a2-8c9d-08d720a79286 x-ms-office365-filtering-ht: Tenant x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600148)(711020)(4605104)(1401327)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:VE1PR04MB6734; x-ms-traffictypediagnostic: VE1PR04MB6734: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7219; x-forefront-prvs: 01294F875B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(39860400002)(396003)(136003)(376002)(366004)(346002)(189003)(199004)(53754006)(13464003)(44832011)(11346002)(316002)(478600001)(110136005)(66476007)(446003)(54906003)(66556008)(76116006)(14444005)(256004)(486006)(64756008)(66446008)(14454004)(66946007)(26005)(66066001)(71200400001)(186003)(71190400001)(53546011)(86362001)(7696005)(6506007)(76176011)(102836004)(15650500001)(6116002)(3846002)(33656002)(7736002)(561944003)(4326008)(6246003)(7416002)(74316002)(53936002)(52536014)(476003)(305945005)(25786009)(6436002)(2906002)(99286004)(9686003)(55016002)(229853002)(5660300002)(81156014)(81166006)(8676002)(8936002); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6734; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: AyIwJzgIz1/RKG0JxxEUxgV81s/wuWmMkAUtAudb7mZm/kakYKYyTBFjwhUJNJ9bp9bTBImZPElox4rhMMQfbaBspzO+ShNBPTYYDvsacc8dW5/QdE1h81UDteouVweBzxHe8pWNy6duEZah36Iqb1374bkvCYWuTsi4FrqInk5wmCPscJRj7/h1PjewPwabkTm4uYAqIBE0NY0QUHLKq5WGeAFPPETexm7Dc+ZFJssotc5w0gCErsfB+0JuYPt0TIc0Ex9VMdc7QwkVQYLZ+YLtBYc5o8ze36MDgpvMD4eYPDrux353faaBl403ZAsbeu46VuGt6ECY5pmAtzvw9jh9+PF4U2hjVs8ou3Osgi9gkrHHA1n8TIOkWxFWeG1YLnVwSeGucdwVNVMyXDx8TiVxDYQjHbxBGbK+AQ/QOAk= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 75e0e2b7-a544-43a2-8c9d-08d720a79286 X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Aug 2019 11:07:18.4983 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6K1aVHDHl1tzvREWFPgU1CYfoRChfxOy6EYkSxSo4T7FLYIYi0KyhTFOelL0JVkxpL1RoW6ilu2fFKL0VyUZUA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6734 Subject: Re: [dpdk-dev] [RFC] ethdev: allow multiple security sessions to use one rte flow X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Anoob, >=20 > Hi all, >=20 > Reminder...! >=20 Sorry for a delayed response. > If there are no concerns, I'll send the patch after adding the required c= hanges in > ipsec-secgw as well. >=20 > Thanks, > Anoob >=20 > > -----Original Message----- > > From: Anoob Joseph > > Sent: Friday, August 2, 2019 11:05 AM > > To: Anoob Joseph ; Akhil Goyal > > ; Adrien Mazarguil ; > > Declan Doherty ; Pablo de Lara > > ; Thomas Monjalon > > > > Cc: Jerin Jacob Kollanukkaran ; Narayana Prasad Raj= u > > Athreya ; Ankur Dwivedi > > ; Shahaf Shuler ; > > Hemant Agrawal ; Matan Azrad > > ; Yongseok Koh ; Wenzhuo > > Lu ; Konstantin Ananyev > > ; Radu Nicolau ; > > dev@dpdk.org > > Subject: RE: [RFC] ethdev: allow multiple security sessions to use one = rte > > flow > > > > Hi Akhil, Adrien, Declan, Pablo, > > > > Can you review this proposal and share your feedback? > > > > Thanks, > > Anoob > > > > > -----Original Message----- > > > From: Anoob Joseph > > > Sent: Wednesday, July 24, 2019 7:47 PM > > > To: Akhil Goyal ; Adrien Mazarguil > > > ; Declan Doherty > > > ; Pablo de Lara > > > ; Thomas Monjalon > > > > > > Cc: Anoob Joseph ; Jerin Jacob Kollanukkaran > > > ; Narayana Prasad Raju Athreya > > > ; Ankur Dwivedi ; > > Shahaf > > > Shuler ; Hemant Agrawal > > > ; Matan Azrad ; > > Yongseok > > > Koh ; Wenzhuo Lu ; > > > Konstantin Ananyev ; Radu Nicolau > > > ; dev@dpdk.org > > > Subject: [RFC] ethdev: allow multiple security sessions to use one rt= e > > > flow > > > > > > The rte_security API which enables inline protocol/crypto feature > > > mandates that for every security session an rte_flow is created. This > > > would internally translate to a rule in the hardware which would do p= acket > > classification. > > > > > > In rte_securty, one SA would be one security session. And if an > > > rte_flow need to be created for every session, the number of SAs > > > supported by an inline implementation would be limited by the number > > > of rte_flows the PMD would be able to support. > > > > > > If the fields SPI & IP addresses are allowed to be a range, then this > > > limitation can be overcome. Multiple flows will be able to use one > > > rule for SECURITY processing. In this case, the security session prov= ided as > > conf would be NULL. SPI values are normally used to uniquely identify the SA that need to be ap= plied on a particular flow. I believe SPI value should not be a range for applying a particular SA or s= ession. Plain packet IP addresses can be a range. That is not an issue. Multiple pl= ain packet flows can use the same session/SA. Why do you feel that security session provided should be NULL to support mu= ltiple flows. How will the keys and other SA related info will be passed to the driver/HW= . > > > > > > Application should do an rte_flow_validate() to make sure the flow is > > > supported on the PMD. > > > > > > Signed-off-by: Anoob Joseph > > > --- > > > lib/librte_ethdev/rte_flow.h | 6 ++++++ > > > 1 file changed, 6 insertions(+) > > > > > > diff --git a/lib/librte_ethdev/rte_flow.h > > > b/lib/librte_ethdev/rte_flow.h index f3a8fb1..4977d3c 100644 > > > --- a/lib/librte_ethdev/rte_flow.h > > > +++ b/lib/librte_ethdev/rte_flow.h > > > @@ -1879,6 +1879,12 @@ struct rte_flow_action_meter { > > > * direction. > > > * > > > * Multiple flows can be configured to use the same security session= . > > > + * > > > + * The NULL value is allowed for security session. If security > > > + session is NULL, > > > + * then SPI field in ESP flow item and IP addresses in flow items > > > + 'IPv4' and > > > + * 'IPv6' will be allowed to be a range. The rule thus created can > > > + enable > > > + * SECURITY processing on multiple flows. > > > + * > > > */ > > > struct rte_flow_action_security { > > > void *security_session; /**< Pointer to security session structure. > > > */ > > > -- > > > 2.7.4