From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2C766A04B6; Tue, 22 Sep 2020 15:28:46 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C68421DAE4; Tue, 22 Sep 2020 15:28:44 +0200 (CEST) Received: from nat-hk.nvidia.com (nat-hk.nvidia.com [203.18.50.4]) by dpdk.org (Postfix) with ESMTP id 63CD31DAE3 for ; Tue, 22 Sep 2020 15:28:42 +0200 (CEST) Received: from HKMAIL104.nvidia.com (Not Verified[10.18.92.9]) by nat-hk.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Tue, 22 Sep 2020 21:28:40 +0800 Received: from HKMAIL104.nvidia.com (10.18.16.13) by HKMAIL104.nvidia.com (10.18.16.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 13:28:28 +0000 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (104.47.58.168) by HKMAIL104.nvidia.com (10.18.16.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 22 Sep 2020 13:28:28 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VEamIkuAgqta03a+HKvb9fL2r8t3Jbay/M69eDfuPXzP9npwJTE0mpoH3ASEDTHfJntA9EqLQhm21VcRrGG7yb85LNu6B3xO20+Mr/MPPlOFaJgPYPMphUHwHzfYJxC8RlfPtkztVnj7ay7jgr0wxo+mgxBntN54i60nr8d3Io3VvcE9y9naMpZ9YKpqHs2djvp9KXOP6sd8oMSRhe7DJxgW1kX7trTvuiC5ddfVabuTT/090C5fe1kxFRQEJXe9FuuM4qvABZm53vcuAALH0nkzf8yFq1qd1fXHpxZKxtspPIUfgpMhpUGDfD6tL1EHhIi/D37G9vGnpZWiIGXswg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LP4/iWOxucWFNJ39e5LGhZNMeNxtvZMGrjqu0ntxy6U=; b=b1TIs6HvY17l6HjyyrSANnj1fSH72bXqtcAfSlClmi5/aohrCunzK0Nb9sfpbAVT53/B6OcJt7IWGQRiQDZCCHIAUt9yDBMQXVbqsQ/B5ZwmvKO2NuKaoY1NzTiwAs5fPyI0vUvOts7wJ+AnGo0Fgy5tQ00D0ylH61L2uJo4HvKu0+XJ2uNwu/K0yQT2z95VmavHwRPzkNOgy4OkjjrW1u70VLkNmZ5KJ945fZT5Q2EgbHux6uCMlwCXfh0MS4xXagqBr8OSf43NxC/MO9THN6PIUh6G/lAEVQZLdoqrARN1GjuMBdQipcrWSDg9Hne1jD6TmE3xphkBwFibn/oz0Q== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none Received: from MN2PR12MB4286.namprd12.prod.outlook.com (2603:10b6:208:199::22) by MN2PR12MB4271.namprd12.prod.outlook.com (2603:10b6:208:1d7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.15; Tue, 22 Sep 2020 13:28:25 +0000 Received: from MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f]) by MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f%9]) with mapi id 15.20.3391.026; Tue, 22 Sep 2020 13:28:25 +0000 From: Ori Kam To: Tejasree Kondoj , Asaf Penso , Stephen Hemminger CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWh4pRZfLbWZ7qe0ynwFOSPm3ATaliFKIAgAqI4wCABj5HgIAAeDEAgAEGxZCAABW9AIAAR89Q Date: Tue, 22 Sep 2020 13:28:25 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=nvidia.com; x-originating-ip: [147.236.152.129] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3838f0f5-3901-4c3a-6e19-08d85efb6284 x-ms-traffictypediagnostic: MN2PR12MB4271: x-ld-processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ikjZeX9nwAkGRIQAcA8aKx4rQnyLtAeQW1DVmE/Xlw+rHgzfbjDnbwJkswy1kpiFa9A+aPQqOzm79tmrFApYpd31aUSOQO8ESSqqKS0TTD3WcHDqvqHavlAP3OW2ZNJuN6+dUEVKJs6Mti3yGAUQV1L/7iXJqQZbpJJBAwqV5uxkqqCFlqPY0MobbKaQ5xw44NsyNnUYPDTIJRRQbCU+k/tx3ZDR1x/ZFMNj7McgBYRiO2+8KlKWUxaGrcAdOUAPjfq2EGLuXxpv0ZW3KW31KpjTIS0ohJmXx/WDXx8YBopXSHtIQbbdkQqnXEKQGI7FlGnK8U4WX34y1co6dQIYMA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR12MB4286.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(136003)(366004)(39860400002)(376002)(53546011)(110136005)(316002)(5660300002)(33656002)(52536014)(54906003)(86362001)(26005)(83380400001)(186003)(9686003)(8936002)(7416002)(6506007)(2906002)(4326008)(15650500001)(76116006)(8676002)(66556008)(64756008)(66946007)(7696005)(66476007)(478600001)(71200400001)(66446008)(55016002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: Yj66LEaF2+Fqs0FC61eOBCPU7jwRs3XANJtSkZPXLG0JpbBKrvpYvIT8/8/Lrejqmv//6J7jLiNN9Ty2n7Thbkil8/J+MY3feVILRo6womfPAXPkYN1I37rkx/iXcR1Cjxd0T9vqRfNf9DNFheCoIE6RvWUB5uVago6pz8yEH2RoJDudBuSUdLORC4R8OpoxlMAHfWGZ43j/BDuR1JHQENa52g0TbstzOP1tsFO2LD294183YfQjdKbWTmUliLrF3mRw5i5+h+dsI6y/sSOBqdYZ+Iy5CW6mLSCgW/x+ocKEEqH08wfCaiLRedqNm4ql9uRYFPXQ994UIWSMm3jm4aNNRikiL6LP/oGYlvZGrH7vH/IlCtgiocQ4onYRGoXkNvy+BqTw9Z9rN2TILBb8V92EHlJTMOyrBC5Mr7kK9JXwc/W1H6/BW0QOiYefEkvlyzJMpq0ZIYQz+H/pEvXU2RSYUxinoaoLJhucJQ3hbPfwtDA+VRjBPAXSOc3J4cKzxojaGWSZIuPybCcmpM3okihTX/PKcaZFMvxZrA+aEqAD7roONzqnIsL1d8GXWGDXGmIDvL3HKTscDM5FsGcnLg24KIGUwMGkvCkOou3Hgv/Oik7wC80H69OiZniQ6HSR8jYiBNeF2u6PEEEb9xkK8w== Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB4286.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 3838f0f5-3901-4c3a-6e19-08d85efb6284 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 13:28:25.4558 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: mqCh1TsGF/WjvpTdNFVfTYPDjtu/hlK5sLILCc0pLcwhEYbXFY5yajqMIeMPiN8cOy+Ppdqx6iaJNDPrnKmuuA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4271 X-OriginatorOrg: Nvidia.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1600781320; bh=LP4/iWOxucWFNJ39e5LGhZNMeNxtvZMGrjqu0ntxy6U=; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To: CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:authentication-results:x-originating-ip: x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-ms-traffictypediagnostic:x-ld-processed: x-ms-exchange-transport-forked:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-ms-exchange-senderadcheck: x-microsoft-antispam:x-microsoft-antispam-message-info: x-forefront-antispam-report:x-ms-exchange-antispam-messagedata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-AuthAs: X-MS-Exchange-CrossTenant-AuthSource: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped:X-OriginatorOrg; b=PYJMvStubv1vtta8ULe2rXM7O7NbqmKoSYW4TpZFd7ZgXxh4QgGKVgXqanhNE4Viz I78YqoA8MBmg02e/vPbreOvIbF4IyylRQYGAD3VKvxoRXykCeQGj3Vu/rqOeIIWpOH gES0PHlIyF92xTmBTZmsk77d4rAZ1bFlMkEx3PYhelRqSQPd/AkcN+Mkxl10G7z/VI 7L2DrmR2R3WX84S3Q+2ENJs8ThcW+BCXs0zUTVo0MCJw5WFi77eYOBrFg/EWH9dgsA Cjj56BoJCzEHSiGXuZosH2R9K+1kXksv1W6QBqGghYbkm7aMEi5L9Ffls80iO8CtxK V46CWE/aAaHXg== Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Tejasree, PSB > -----Original Message----- > From: Tejasree Kondoj > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 > Please see inline. >=20 > Thanks > Tejasree >=20 > > -----Original Message----- > > From: Ori Kam > > Sent: Tuesday, September 22, 2020 1:22 PM > > To: Asaf Penso ; Tejasree Kondoj > > ; Stephen Hemminger > > > > Cc: Akhil Goyal ; Radu Nicolau > > ; Declan Doherty ; > > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > ; Andrew Rybchenko > > ; Jerin Jacob Kollanukkaran > > ; Narayana Prasad Raju Athreya > > ; Anoob Joseph ; > > dev@dpdk.org > > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > External Email > > > > ---------------------------------------------------------------------- > > Hi > > > -----Original Message----- > > > From: Asaf Penso > > > Sent: Monday, September 21, 2020 7:09 PM > > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > > > > Regards, > > > Asaf Penso > > > > > > >-----Original Message----- > > > >From: Tejasree Kondoj > > > >Sent: Monday, September 21, 2020 11:59 AM > > > >To: Asaf Penso ; Stephen Hemminger > > > > > > > >Cc: Akhil Goyal ; Radu Nicolau > > > >; Declan Doherty ; > > > >Ori Kam ; NBU-Contact-Thomas Monjalon > > > >; Ferruh Yigit ; Andrew > > > >Rybchenko ; Jerin Jacob Kollanukkaran > > > >; Narayana Prasad Raju Athreya > > > >; Anoob Joseph ; > > > >dev@dpdk.org > > > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > >Please see inline. > > > > > > > >Thanks > > > >Tejasree > > > > > > > >> -----Original Message----- > > > >> From: Asaf Penso > > > >> Sent: Thursday, September 17, 2020 3:09 PM > > > >> To: Stephen Hemminger ; Tejasree > > > >Kondoj > > > >> > > > >> Cc: Akhil Goyal ; Radu Nicolau > > > >> ; Declan Doherty > > > >> ; Ori Kam ; > > > >> NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > >> ; Andrew Rybchenko > > > >> ; Jerin Jacob Kollanukkaran > > > >> ; Narayana Prasad Raju Athreya > > > >> ; Anoob Joseph ; > > > >> dev@dpdk.org > > > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow > > > >> item > > > >> > > > >> External Email > > > >> > > > >> ------------------------------------------------------------------= - > > > >> --- > > > >> >-----Original Message----- > > > >> >From: dev On Behalf Of Stephen > > Hemminger > > > >> >Sent: Thursday, September 10, 2020 7:46 PM > > > >> >To: Tejasree Kondoj > > > >> >Cc: Akhil Goyal ; Radu Nicolau > > > >> >; Declan Doherty > > > >> >; Ori Kam ; > > > >> >NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > >> >; Andrew Rybchenko > > > >> >; Jerin Jacob ; > > > >> >Narayana Prasad ; Anoob Joseph > > > >> >; dev@dpdk.org > > > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > > > >> > > > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 Tejasree Kondoj > > > >> > wrote: > > > >> > > > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > > >> distinguish > > > >> >> plain packets from IPsec decrypted plain packets. > > > >> >> > > > >> >> Signed-off-by: Tejasree Kondoj > > > >> > > > > >> >Please provide an implementation, API's without any driver suppor= t > > > >> >should not be accepted. > > > >> > > > > >> >Also, we need a test for this. > > > > > > > >[Tejasree] We would like to defer the patch and add implementation, > > > >test case in next cycle. > > > > > > > >> > > > >> +1 > > > >> Also, I think the word SECURITY is too high-level, and if > > > >> specifically you mention here an item for IPSec, perhaps you can > > consider renaming. > > > > > > > >[Tejasree] This item matches security processed packets and not > > > >specific to IPsec. > > > >Will change commit description as follows: > > > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > > > >packets that were security processed. For example, in case of inline > > > >IPsec, it can be used to distinguish plain packets from IPsec decryp= ted > > plain packets" > > > >Would that be fine? > > > > > > It would be more clear, yes, thank you, but in this case I suggest to > > > have a field in the spec that you can match on it. > > > For example, is it viable to know if the packet was processed by IPSe= c > > > and not AES? Maybe you want to have 2 flow with this new item, but > > > still differentiate between the types. > > > > Why not use mark/tag/meta to set this value? > > The application will insert a flow that sends to security and mark the = flow > > with some ID then the application can check this ID. >=20 > [Tejasree] SECURITY itself wouldn't make distinction on protocol. > It would be combined with MARK_ID to know if the packet > was processed by IPsec and not AES. >=20 > MARK_ID alone couldn't be used as we wouldn't know if it is > plain packet or security processed plain packet. >=20 > Rules would be as follows: > Rule #1 > [ETH] [IP] [ESP] [SPI] =1B$B"*=1B(B [SECURITY] [MARK_ID] [END] > Rule #2 > [SECURITY] [MARK_ID] [ETH] [IP] =1B$B"*=1B(B [QUEUE] [END] >=20 I don't understand why in rule #1 you can't have the mark value to also mark the security. >From your patch I understand that security is just one bit This means that you can say if MSB bit in mark is set then it comes from security. Ori, > > > > Best, > > Ori