From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 39D76A0C47;
	Tue, 12 Oct 2021 12:25:05 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 249DE4113E;
	Tue, 12 Oct 2021 12:25:05 +0200 (CEST)
Received: from mga11.intel.com (mga11.intel.com [192.55.52.93])
 by mails.dpdk.org (Postfix) with ESMTP id D3CF041136
 for <dev@dpdk.org>; Tue, 12 Oct 2021 12:25:03 +0200 (CEST)
X-IronPort-AV: E=McAfee;i="6200,9189,10134"; a="224525202"
X-IronPort-AV: E=Sophos;i="5.85,367,1624345200"; d="scan'208";a="224525202"
Received: from orsmga006.jf.intel.com ([10.7.209.51])
 by fmsmga102.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 12 Oct 2021 03:25:02 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,367,1624345200"; d="scan'208";a="441170815"
Received: from orsmsx605.amr.corp.intel.com ([10.22.229.18])
 by orsmga006.jf.intel.com with ESMTP; 12 Oct 2021 03:25:02 -0700
Received: from orsmsx611.amr.corp.intel.com (10.22.229.24) by
 ORSMSX605.amr.corp.intel.com (10.22.229.18) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Tue, 12 Oct 2021 03:25:02 -0700
Received: from ORSEDG602.ED.cps.intel.com (10.7.248.7) by
 orsmsx611.amr.corp.intel.com (10.22.229.24) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Tue, 12 Oct 2021 03:25:02 -0700
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (104.47.58.105)
 by edgegateway.intel.com (134.134.137.103) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Tue, 12 Oct 2021 03:25:01 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=IzCORuTEJoxKN8y6LjZqHW9ZwZEDSW8NlbvQYFl5VyAZfU80dkhugbdtYP/V41vJl8MkthzCXMSSCu9e0VEXpGXfEZpP2Oz68GvhQOVn2uP/rfvxYVTESzGEALDL5t57ylRZFAiqZJdwYjOwaQ8AhltRLq8NtPyarWXAVXYF+YEoa3MmKmXBbtBA9TqFDmYN23qtx1JZmTdUdXSgH9DrWOv6zBWoxldy5Ive454MHCDbCZQ5qhL9F2tCWNcWDUxR9Fs0horJpkSFdJ0QNQb1MrhEwEHT+GeXDc2OO7kNFyFTUljoDmB4gzQAYSgp2jDuU5i+BjaJJIJ+NPt+BfmAhA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=KneHe5Icdaqs8jGUSO7cMbJGvyTKt3747BH0Yt6ksEc=;
 b=OKqXR3VdCP3Qg3uv7xF2FhE4tGICeaypfzKPO7JZCFToDNLCeGVoVQnMzyontUYFMq2LXKn+wjpusbCTwgqnPa5rtDdDyNmgS61ViNwhg0UOaim64ealrBMGCYGYSjNpyG+TBfKYDQdlHqLhBBwhyf7ngUd+UDM1oIDcUvhYB9Zl2gZ94p32rwUukJA2YZd2Cpp+J45zC0c/dnORNA47m+s8JAralzZgn0JDeZIGJNY2BjQKxtglk/5JrXcoO+Gezghgtem2d/Sh70J+DddBypS2MUtb52Uloarg7trpez6P7HZ7fM1nk2TXvKTQGFZ0WyrOozAaPiTcKMWG1BZfIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=KneHe5Icdaqs8jGUSO7cMbJGvyTKt3747BH0Yt6ksEc=;
 b=DhAclZLxU45bMAfcYNuV3Pj1XCPH++0W3qmiyYzwL4H8zTfbBq+SU1RvF8G23XtQOZcQifg2R6Gj0o0CmG7LyM9d6+KvkFfpRka26hJHnOjQ3BL8vcC7CV48cIUGq6uaqXmD3R0pXHclQrn5EkYUmqKlKMbh1KT9/M6DKInLFRQ=
Received: from DM6PR11MB4491.namprd11.prod.outlook.com (2603:10b6:5:204::19)
 by DM6PR11MB4187.namprd11.prod.outlook.com (2603:10b6:5:19e::32) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4587.25; Tue, 12 Oct
 2021 10:24:59 +0000
Received: from DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::740e:126e:c785:c8fd]) by DM6PR11MB4491.namprd11.prod.outlook.com
 ([fe80::740e:126e:c785:c8fd%4]) with mapi id 15.20.4587.026; Tue, 12 Oct 2021
 10:24:59 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: "Nicolau, Radu" <radu.nicolau@intel.com>, Ray Kinsella <mdr@ashroe.eu>,
 Akhil Goyal <gakhil@marvell.com>, "Doherty, Declan"
 <declan.doherty@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "Medvedkin, Vladimir"
 <vladimir.medvedkin@intel.com>, "Richardson, Bruce"
 <bruce.richardson@intel.com>, "Zhang, Roy Fan" <roy.fan.zhang@intel.com>,
 "hemant.agrawal@nxp.com" <hemant.agrawal@nxp.com>, "anoobj@marvell.com"
 <anoobj@marvell.com>, "Sinha, Abhijit" <abhijit.sinha@intel.com>, "Buckley,
 Daniel M" <daniel.m.buckley@intel.com>, "marchana@marvell.com"
 <marchana@marvell.com>, "ktejasree@marvell.com" <ktejasree@marvell.com>,
 "matan@nvidia.com" <matan@nvidia.com>
Thread-Topic: [PATCH v8 03/10] security: add UDP params for IPsec NAT-T
Thread-Index: AQHXvpT1Px9CRxETNkSqmVnLnkI9BKvPKZGw
Date: Tue, 12 Oct 2021 10:24:59 +0000
Message-ID: <DM6PR11MB4491744A1A5A1413C0CE87939AB69@DM6PR11MB4491.namprd11.prod.outlook.com>
References: <20210713133542.3550525-1-radu.nicolau@intel.com>
 <20211011112945.2876-1-radu.nicolau@intel.com>
 <20211011112945.2876-4-radu.nicolau@intel.com>
In-Reply-To: <20211011112945.2876-4-radu.nicolau@intel.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-reaction: no-action
dlp-version: 11.6.200.16
authentication-results: intel.com; dkim=none (message not signed)
 header.d=none;intel.com; dmarc=none action=none header.from=intel.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: e43123e6-f75c-462f-ad1e-08d98d6a8b42
x-ms-traffictypediagnostic: DM6PR11MB4187:
x-ld-processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <DM6PR11MB418750889EF2BAD1471803FE9AB69@DM6PR11MB4187.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7691;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QtSPDjJMcZ1/WiF1GvsUkIatfNMT5iCHP5psEzFg7rgFubvEi+iLOpXEvP/Oa8NOa3v07Ai1Tydve7pyRoWiAbg/PV7fnuJp8Pga3IlMbkLXoYOcSUuMGRa9G1LJ5UyI4jgoOg8iT3k/VFHPQ+PslqXlWq+8MAg+cCkNMnpvNPj9mDbGC3nCOpLLz60GAuz2Bqn8Pz429xg3RodLRgdh7+osqay6I2X2P8yfYyRIGlVFJx39RWa3SSl4TH4DUJxiugODRjNPaAgytYLXWvfNUFJUv2snHMBsOng0lJ7HeDzE9YsNAGgaS97OhqLNeP+cCIsDwGKEPTHq3Zw50wlHLGQy2N/VFxwuxYUjFuoqpr1FoLUjO7h9QFzARXniCxZZ3TmVOMF+Dr3Jdlw2KkZ4B3AUAL/0MECWeDvz4PJz89yFWGjAyy24irqxFUhwKY9wo4QtB95FkJTxa2IyKIXVfg+cjDGB070UazzeLn4qbkro7hJm4kz9hjoNh1lQdvRcWto3lH0afBP680QnwuVX72EmcB+XFuwem6mETN0hUdB5R8b5ojyUoG2XB/FjKjLfCCWdWMTryKntlkg2Rvx+hsbXBv1IxKedZza1JUwKmhjpEAywUg4H26VzI38jJKnP5E65U95doQ/gbMM4A28DnJNa/5sIAqgqT3Q6s3IV5auGvgZaoy2deDfD+KX7SC1mHrEAqmPvjadh6pD2wi9F6A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DM6PR11MB4491.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(366004)(38100700002)(8676002)(15650500001)(83380400001)(110136005)(54906003)(8936002)(2906002)(316002)(38070700005)(66946007)(186003)(86362001)(66446008)(64756008)(66556008)(66476007)(33656002)(52536014)(55016002)(76116006)(122000001)(71200400001)(5660300002)(26005)(4326008)(508600001)(7696005)(6506007)(9686003)(55236004)(6636002);
 DIR:OUT; SFP:1102; 
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?lZjakdJ178bGEycmdPQjC+3tzCCYus5T3HtTU4PmJNJ77ERBDcQMQ4Rhdhrg?=
 =?us-ascii?Q?GSv0RVlxLM3pJGBFW1LSNviv70lEoiMOJLg/up0tpx7g5/ePuplbk7+tCwHJ?=
 =?us-ascii?Q?fNzS210VEmQTE1tAxNwQdNeRR5iDU+kx4TzBk6ug4CsWaYeiu6UqI6+QmtoO?=
 =?us-ascii?Q?xBDeq5781rJKp8EUJZ4V+B9KjmKeI5BdU4w5YF5Va+QM0rS6ZK1Sdpuv38lZ?=
 =?us-ascii?Q?6/YHrnekOwHBaaXvwVnj4RVwrhOzV2k3KA6ey6Qobm1vN+U/7Xf7YoagjVuA?=
 =?us-ascii?Q?Kd+5tU/nsdR/mwryrHZPxtgpjxRFbosxWeh7qJBV4ENwrSnESfUkTubZ7rfQ?=
 =?us-ascii?Q?LK19oq1o4Bg9vf2GQ2SKIwzGxhslXXC+bWTwgzYBpWFUjoW1LogoLh7OS1o3?=
 =?us-ascii?Q?s4ZqARZg9upZkPaAinRHHcdO8mBqc29aTFpF7/Isi6WIbzDW4kP9AoJuvU6L?=
 =?us-ascii?Q?eiQ93YK5L1F64eUHs0hPHbtDbklOe0ZjJrVSD7pHJOY76MyoI6wqNa1CNz2y?=
 =?us-ascii?Q?LcyDekC3SlWL/tN3Ec6rBgOnWfNaxB2jGIbIF1gt059KVbOlbCKY8EO8Pg8G?=
 =?us-ascii?Q?iNGidYKnr7ijfT4hxMdyy/c8gf6PRRYJ9WA33oiIoAqyY/M6SJOtov8jVCU2?=
 =?us-ascii?Q?AgNDnMYJaPyyFpigh9UaZmEo+IjJoN3EKeQvhYwtTcfjyLgfqw20m5safwAI?=
 =?us-ascii?Q?wY3NKvFEnM9zo7TLRUpQ0hBecx+zXUXjIZCQEeXyNsc9Wl/xqnWKt8/Wd88K?=
 =?us-ascii?Q?4Y78oRLv9Cu9//J3A5tmpjNRUOxg10S3236DYsPuyJ4EYk55Vol3Hl9SAFfp?=
 =?us-ascii?Q?oIv+mQZH7HSpLbAWGVwGWcsBKGNPktXBCv13gCBhJ67xQr6Vo+FB6PPIjQJQ?=
 =?us-ascii?Q?TmhVW3sTINdmJqeTKMIOCKlGjfmuoYDHsrcDZdyDe5VdpP1OB3g9Z/qvalyc?=
 =?us-ascii?Q?CrVVhsTJ5gXmphgbE254L/zGjXAjDiI129T0Jbik69izmS2EskPdVJncBz8E?=
 =?us-ascii?Q?larcp7hZ35IOUueT856cBRzRbVtbRnQLB248q8Ddpa7ODQXcoAvLEHi2sRcq?=
 =?us-ascii?Q?4SgASYKC8itJwBsQw96K/l9n818RTMzLB7AgHWE2U2psKLT+lGdS4j1ssbCl?=
 =?us-ascii?Q?KrYq0sTaCU5H4qUobEcwjrQoZDwTqxvqpd64QVJ0uT5qdRzkP3mVfpJPqa2z?=
 =?us-ascii?Q?2wA4kE0eqmWBIE03Oha4v0DHh8G0IoS8XT2AhNk0pah7JPJfz/35pkaUVr0a?=
 =?us-ascii?Q?RtPMeyyu1KThnrjNX+KVRu1xEBvBMbWDuOvTqGgLjQX0mtHPxKhN0uEsVa2R?=
 =?us-ascii?Q?x6d6oJdyVhrXMmXnQAc+F8EQ?=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4491.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e43123e6-f75c-462f-ad1e-08d98d6a8b42
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Oct 2021 10:24:59.0499 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m3L5+T88+7ecHWmINz1d2YLJQzIXOy6ef2PQfDG9Mt70t6rIoId37gZSvGTb9W/VMklv0Y+HbExyhE47x/gMcSGAGJxJKvZhffUVD4x+t3I=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4187
X-OriginatorOrg: intel.com
Subject: Re: [dpdk-dev] [PATCH v8 03/10] security: add UDP params for IPsec
 NAT-T
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


=20
> Add support for specifying UDP port params for UDP encapsulation option.
> RFC3948 section-2.1 does not enforce using specific the UDP ports for
> UDP-Encapsulated ESP Header
>=20
> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
> Acked-by: Fan Zhang <roy.fan.zhang@intel.com>
> Acked-by: Anoob Joseph <anoobj@marvell.com>
> ---
>  doc/guides/rel_notes/deprecation.rst   | 5 ++---
>  doc/guides/rel_notes/release_21_11.rst | 5 +++++
>  lib/security/rte_security.h            | 7 +++++++
>  3 files changed, 14 insertions(+), 3 deletions(-)
>=20
> diff --git a/doc/guides/rel_notes/deprecation.rst b/doc/guides/rel_notes/=
deprecation.rst
> index 8b7b0beee2..d24d69b669 100644
> --- a/doc/guides/rel_notes/deprecation.rst
> +++ b/doc/guides/rel_notes/deprecation.rst
> @@ -210,9 +210,8 @@ Deprecation Notices
>    pointer for the private data to the application which can be attached
>    to the packet while enqueuing.
>=20
> -* security: The structure ``rte_security_ipsec_xform`` will be extended =
with
> -  multiple fields: source and destination port of UDP encapsulation,
> -  IPsec payload MSS (Maximum Segment Size).
> +* security: The structure ``rte_security_ipsec_xform`` will be extended =
with:
> +  new field: IPsec payload MSS (Maximum Segment Size).
>=20
>  * security: The IPsec SA config options ``struct rte_security_ipsec_sa_o=
ptions``
>    will be updated with new fields to support new features like IPsec inn=
er
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_note=
s/release_21_11.rst
> index 8ac6632abf..1a29640eea 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -238,6 +238,11 @@ ABI Changes
>    application to start from an arbitrary ESN value for debug and SA life=
time
>    enforcement purposes.
>=20
> +* security: A new structure ``udp`` was added in structure
> +  ``rte_security_ipsec_xform`` to allow setting the source and destinati=
on ports
> +  for UDP encapsulated IPsec traffic.
> +
> +
>  Known Issues
>  ------------
>=20
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 371d64647a..b30425e206 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -128,6 +128,11 @@ struct rte_security_ipsec_tunnel_param {
>  	};
>  };
>=20
> +struct rte_security_ipsec_udp_param {
> +	uint16_t sport;
> +	uint16_t dport;
> +};
> +
>  /**
>   * IPsec Security Association option flags
>   */
> @@ -288,6 +293,8 @@ struct rte_security_ipsec_xform {
>  		};
>  	} esn;
>  	/**< Extended Sequence Number */
> +	struct rte_security_ipsec_udp_param udp;
> +	/**< UDP parameters, ignored when udp_encap option not specified */
>  };
>=20
>  /**
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>

> 2.25.1