From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 9ECACA04B1; Wed, 23 Sep 2020 16:36:39 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 32BC91D944; Wed, 23 Sep 2020 16:30:24 +0200 (CEST) Received: from hqnvemgate25.nvidia.com (hqnvemgate25.nvidia.com [216.228.121.64]) by dpdk.org (Postfix) with ESMTP id C6F971D938 for ; Wed, 23 Sep 2020 16:30:22 +0200 (CEST) Received: from hqmail.nvidia.com (Not Verified[216.228.121.13]) by hqnvemgate25.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Wed, 23 Sep 2020 07:29:35 -0700 Received: from HQMAIL107.nvidia.com (172.20.187.13) by HQMAIL101.nvidia.com (172.20.187.10) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 23 Sep 2020 14:30:08 +0000 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.170) by HQMAIL107.nvidia.com (172.20.187.13) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 23 Sep 2020 14:30:08 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HrNGQ+z1v95W+lx7VxppltC47gnJfrO9XCWfNTVdzzNDLU/HR8eEt8S+/9nTFXTSfyisuYW3d9uZG8kR/0iUXH7NGcO9xbiE3pgkWAeiwqHyGa/b6vw9jh/G/wjLLCDkb8YWw48teKLJqpRzPYIez1s2fWsFA4T6W6FZyEIp3BAIp0v2C9F1MK+sJTr0KA1fzcKv27wXbFIQyJKCWOE3oeiuKYk+Ku4rkRe8Qj9Gxu+bSN7mHD0XM70EuJD5bUMax9GUCvrKMVfvlFCfRMmCAuWEEd2tsew7uu0Bw0IoBGrBO2+76GfAU94mQzybVR1QeycS33n99mzD0hZHK+45Pg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=hrHgd7TUBdz//X+3Lu6F1r4hE9MgdKp/Ozmlb9iQQKY=; b=JsNySUg4GCjWN/lQj0NmYemVDWW7KQa6sN/tIcgtlHjDKlgYRQTr+qUmcY/9RD0ERI3UxJANLtPcpumj6FxQMKvwbUXbRexy4MwVemhoSJbuOujlYdOJtLKObEAa8mU+S0NIVaH88Q9TxSnu9WaKWc+VAW35SNWXQq6ZCLb09CoYxoF1fCfC60onFLkZ6oYGTmJFgrRpR4b6SXoV4ux6gh7acthIxYPdXnBbKnqC92HCinG9FoZArfgxkkmMWuBowTdGaQkHJgCr7cAuw0VFIIJ9uxd7UAff2rKQa2d2ZqFLLV16cdbACmTVDbG3jefbM2/1om/2e5PcBOmJL2k6FA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none Received: from MN2PR12MB4286.namprd12.prod.outlook.com (2603:10b6:208:199::22) by BL0PR12MB5012.namprd12.prod.outlook.com (2603:10b6:208:1ca::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14; Wed, 23 Sep 2020 14:30:07 +0000 Received: from MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f]) by MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f%9]) with mapi id 15.20.3391.026; Wed, 23 Sep 2020 14:30:07 +0000 From: Ori Kam To: Tejasree Kondoj , Asaf Penso , Stephen Hemminger CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWh4pRZfLbWZ7qe0ynwFOSPm3ATaliFKIAgAqI4wCABj5HgIAAeDEAgAEGxZCAABW9AIAAVs6AgAGUwVA= Date: Wed, 23 Sep 2020 14:30:06 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: marvell.com; dkim=none (message not signed) header.d=none;marvell.com; dmarc=none action=none header.from=nvidia.com; x-originating-ip: [147.236.152.129] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9b818d20-70f3-48ec-1090-08d85fcd2b38 x-ms-traffictypediagnostic: BL0PR12MB5012: x-ld-processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: LKBL1Ttnn70rSe1P1L08rI2/evEzGmHxnK7YKssdljmKrZ5nMLt4Hz4Q12L/3Sigx/rWhxPObjvWZaNx5q5VarngqMSNkpTCL6jmZFN+x2636t4PiJ3UWdT9n9Ok3IruAKcY0etPi1GxUMZ0j3BOWzAo9zqsJ1lQwCMEfrrktG35JOz91LtufQ9Rqcg/0fQARBl73jWWZ1eIKFSbG5WZSZKQLvbxmye/7a2WqusLowChM/v/mFmmiiytjA+Rt9iLUcTz6RV466ILebQIL5ZjeQc7LPD4vCCwTjx4j2MeNzlVESj3Y/chvL3a+Wtu1fMYLFqtlE9AlO66noYn+tG94g== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR12MB4286.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(396003)(366004)(376002)(39860400002)(136003)(8936002)(54906003)(4326008)(33656002)(186003)(110136005)(316002)(26005)(71200400001)(15650500001)(7416002)(83380400001)(66476007)(2906002)(55016002)(9686003)(52536014)(7696005)(66946007)(86362001)(5660300002)(6506007)(8676002)(66556008)(76116006)(478600001)(64756008)(66446008)(53546011); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: SiU4XT8hxh7NM+3YW7EQ+vYLzdaI7DDXuHBVmB1NXg/GR27wQnPoyYDGHRES0qWxcHlee4MukD/s5luWNtDsSnnRoEqYpTorN9vS30ky4k50/acAnCIyaZCamtvcUOoAyNexv9uilueyYnE4PxHb3yZGrDVsgExd5Qe7pKMvUEWLe8Tf86wpdvd2xmXMTa+WSNPhtVDd3IvSjZNn7Bl81dSH8SWE2xFn2yE/Txh4SNrz/f+ObUbrflLZfbsta1ud7gwvE6sicWWhsFF+wJWF4Iy+ISUpiQ0tGfCxqbJLhbE3i4AsVmFA2OwUK7+sWIz3cs4mER1P0uRn4Mr7VmuZDE9qTWsPhEKLWtjEtA7QqDDlCiiQA4mIKpUSLXkQMGzHrjQQBWyfjjPt+9PP+NnxW2Ploj+AkvjStxJVkCMwWumU6CFI3cGOic8ZDUsb7X/nPSMW8nUa0kSQGPFlD7SskjEltyvulTLyipxzXrhelVc6jx730ZkOh4pjwc0DgSiQac+KTAz5O5sDQ6SEBTv03Jq1AE5FF7rkpw8h3Kbz+BN4yUWqGTVgu7r0jWlTWn46cO1QsOcO47xB+5T/AKlXvuUPDy4A1omMDncKH2GNF2w10EkRp5XyDgjLuffnLZyJR4J2rDaJJXHUD7dLImy3Tg== Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB4286.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9b818d20-70f3-48ec-1090-08d85fcd2b38 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Sep 2020 14:30:06.9470 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: S5gKFZK94QLDJVeQXKA9bG/bHSaCX0Kf/IL91gtwieTE4Dg6af6RkW2f73OFZnMg5NXDN+KNfy+Me3i/DgY71w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR12MB5012 X-OriginatorOrg: Nvidia.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1600871375; bh=hrHgd7TUBdz//X+3Lu6F1r4hE9MgdKp/Ozmlb9iQQKY=; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To: CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:authentication-results:x-originating-ip: x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-ms-traffictypediagnostic:x-ld-processed: x-ms-exchange-transport-forked:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-ms-exchange-senderadcheck: x-microsoft-antispam:x-microsoft-antispam-message-info: x-forefront-antispam-report:x-ms-exchange-antispam-messagedata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-AuthAs: X-MS-Exchange-CrossTenant-AuthSource: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped:X-OriginatorOrg; b=BhggDoh9deHddToYV1humqFVwdOcfGC8FjVAeoKkbyEqW+40wRRb3wmV1jRtQ5hz+ 7uLw5aQURhIAzFk8JXlel90QdMJ0SulbXftp15GC+aRhpFw7neIRYGxfUoG3ADFh6v IVlJ0O4Jlmhavxmb9Mlr4wWjlSTdjX+MO+5nzv0Mj7aElAgMNsBd24yTvPrpOCJwhR ONpzkx8xhqYm/Jaa1C8t9e6fVoWioocdjNhjqSvdkldQQWnnnQPZbEO3wsNkiNzISO czKWf1jMRo1a8JnulBHeyQXEL+x3jfSBfjMKj9nMujgk4ENz1UlqbAtmF2DIiFS/ms z8Q3cjjLXLgng== Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi > -----Original Message----- > From: Tejasree Kondoj > Sent: Tuesday, September 22, 2020 5:18 PM > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 > Hi Ori, >=20 > Please see inline. >=20 > Thanks, > Tejasree >=20 > > -----Original Message----- > > From: Tejasree Kondoj > > Sent: Tuesday, September 22, 2020 2:37 PM > > To: Ori Kam ; Asaf Penso ; Stephen > > Hemminger > > Cc: Akhil Goyal ; Radu Nicolau > > ; Declan Doherty ; > > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > ; Andrew Rybchenko > > ; Jerin Jacob Kollanukkaran > > ; Narayana Prasad Raju Athreya > > ; Anoob Joseph ; > > dev@dpdk.org > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > Please see inline. > > > > Thanks > > Tejasree > > > > > -----Original Message----- > > > From: Ori Kam > > > Sent: Tuesday, September 22, 2020 1:22 PM > > > To: Asaf Penso ; Tejasree Kondoj > > > ; Stephen Hemminger > > > > > > Cc: Akhil Goyal ; Radu Nicolau > > > ; Declan Doherty ; > > > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > ; Andrew Rybchenko > > > ; Jerin Jacob Kollanukkaran > > > ; Narayana Prasad Raju Athreya > > > ; Anoob Joseph ; > > > dev@dpdk.org > > > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > External Email > > > > > > ---------------------------------------------------------------------= - > > > Hi > > > > -----Original Message----- > > > > From: Asaf Penso > > > > Sent: Monday, September 21, 2020 7:09 PM > > > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > > > > > > > > Regards, > > > > Asaf Penso > > > > > > > > >-----Original Message----- > > > > >From: Tejasree Kondoj > > > > >Sent: Monday, September 21, 2020 11:59 AM > > > > >To: Asaf Penso ; Stephen Hemminger > > > > > > > > > >Cc: Akhil Goyal ; Radu Nicolau > > > > >; Declan Doherty > > > > >; Ori Kam ; > > > > >NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > > >; Andrew Rybchenko > > > > >; Jerin Jacob Kollanukkaran > > > > >; Narayana Prasad Raju Athreya > > > > >; Anoob Joseph ; > > > > >dev@dpdk.org > > > > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > >Please see inline. > > > > > > > > > >Thanks > > > > >Tejasree > > > > > > > > > >> -----Original Message----- > > > > >> From: Asaf Penso > > > > >> Sent: Thursday, September 17, 2020 3:09 PM > > > > >> To: Stephen Hemminger ; Tejasree > > > > >Kondoj > > > > >> > > > > >> Cc: Akhil Goyal ; Radu Nicolau > > > > >> ; Declan Doherty > > > > >> ; Ori Kam ; > > > > >> NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > > >> ; Andrew Rybchenko > > > > >> ; Jerin Jacob Kollanukkaran > > > > >> ; Narayana Prasad Raju Athreya > > > > >> ; Anoob Joseph ; > > > > >> dev@dpdk.org > > > > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow > > > > >> item > > > > >> > > > > >> External Email > > > > >> > > > > >> ----------------------------------------------------------------= - > > > > >> -- > > > > >> --- > > > > >> >-----Original Message----- > > > > >> >From: dev On Behalf Of Stephen > > > Hemminger > > > > >> >Sent: Thursday, September 10, 2020 7:46 PM > > > > >> >To: Tejasree Kondoj > > > > >> >Cc: Akhil Goyal ; Radu Nicolau > > > > >> >; Declan Doherty > > > > >> >; Ori Kam ; > > > > >> >NBU-Contact-Thomas Monjalon ; Ferruh > > Yigit > > > > >> >; Andrew Rybchenko > > > > >> >; Jerin Jacob ; > > > > >> >Narayana Prasad ; Anoob Joseph > > > > >> >; dev@dpdk.org > > > > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > >> > > > > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 Tejasree Kondoj > > > > >> > wrote: > > > > >> > > > > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > > > >> distinguish > > > > >> >> plain packets from IPsec decrypted plain packets. > > > > >> >> > > > > >> >> Signed-off-by: Tejasree Kondoj > > > > >> > > > > > >> >Please provide an implementation, API's without any driver > > > > >> >support should not be accepted. > > > > >> > > > > > >> >Also, we need a test for this. > > > > > > > > > >[Tejasree] We would like to defer the patch and add implementation= , > > > > >test case in next cycle. > > > > > > > > > >> > > > > >> +1 > > > > >> Also, I think the word SECURITY is too high-level, and if > > > > >> specifically you mention here an item for IPSec, perhaps you can > > > consider renaming. > > > > > > > > > >[Tejasree] This item matches security processed packets and not > > > > >specific to IPsec. > > > > >Will change commit description as follows: > > > > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > > > > >packets that were security processed. For example, in case of > > > > >inline IPsec, it can be used to distinguish plain packets from > > > > >IPsec decrypted > > > plain packets" > > > > >Would that be fine? > > > > > > > > It would be more clear, yes, thank you, but in this case I suggest > > > > to have a field in the spec that you can match on it. > > > > For example, is it viable to know if the packet was processed by > > > > IPSec and not AES? Maybe you want to have 2 flow with this new item= , > > > > but still differentiate between the types. > > > > > > Why not use mark/tag/meta to set this value? > > > The application will insert a flow that sends to security and mark th= e > > > flow with some ID then the application can check this ID. > > > > [Tejasree] SECURITY itself wouldn't make distinction on protocol. > > It would be combined with MARK_ID to know if the packet was processed b= y > > IPsec and not AES. > > > > MARK_ID alone couldn't be used as we wouldn't know if it is plain packe= t or > > security processed plain packet. > > > > Rules would be as follows: > > Rule #1 > > [ETH] [IP] [ESP] [SPI] =1B$B"*=1B(B [SECURITY] [MARK_ID] [END] Rule #2 = [SECURITY] > > [MARK_ID] [ETH] [IP] =1B$B"*=1B(B [QUEUE] [END] > > > > I don't understand why in rule #1 you can't have the mark value > > to also mark the security. > > From your patch I understand that security is just one bit > > This means that you can say if MSB bit in mark is set then it comes fro= m > > security. >=20 > [Tejasree] We can use MSB of MARK_ID but that would mean we would be > reserving it for security. >=20 [Ori] but why does the PMD needs it? the application know what it needs so = it can use it, It is the application decision to send to the security right? So it knows w= hat values to set. Also the application can use tag or any other data item. > > > > > > Best, > > > Ori