From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id C4306A04E1; Tue, 22 Sep 2020 09:52:10 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id F15AF1D6AC; Tue, 22 Sep 2020 09:52:09 +0200 (CEST) Received: from nat-hk.nvidia.com (nat-hk.nvidia.com [203.18.50.4]) by dpdk.org (Postfix) with ESMTP id 45D161D64A for ; Tue, 22 Sep 2020 09:52:07 +0200 (CEST) Received: from HKMAIL103.nvidia.com (Not Verified[10.18.92.9]) by nat-hk.nvidia.com (using TLS: TLSv1.2, AES256-SHA) id ; Tue, 22 Sep 2020 15:52:06 +0800 Received: from HKMAIL101.nvidia.com (10.18.16.10) by HKMAIL103.nvidia.com (10.18.16.12) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 22 Sep 2020 07:51:55 +0000 Received: from NAM10-MW2-obe.outbound.protection.outlook.com (104.47.55.102) by HKMAIL101.nvidia.com (10.18.16.10) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Tue, 22 Sep 2020 07:51:55 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HupbzehUxEPvj2E/wCZk15ykSql2xIqHEeoldka+K5zaenv0qJtQtx0GGJtQy61Uaf+zWUemwgs45TSYIy6uhwQ++WxHIwn1DHV6uMw5XnKFN8N5q/is0c9j2fUw3nlmrpwn9U8ESiwx+yY/fhkICwrB4AJqqFwlHBvbcB4oGGIbPDXzMUOoe5fiTFECNIxv29AdgIpIjsOQQBEuWgH/S7168e7g4wCPP/NszVuTc00WrQ8wWlMyYur7yjxq3PLb7vLgIazNUPm16oYzh8s9f8EVgh9B+MG6BUW02sjYuis2V7DZZ3xm8BXvLsj10UEwDZThSkNzlwDP5X8wnbnogA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rdYl50rLlQjvOFIKEM903atByQOPfrPCP4CuXHyl56Q=; b=lA573OafI1R9RLAmxdwUwJYJrR66bjlxh2LPLAWfi6KnnnoJLB+CNdJg3/avPZXByzatlMJu2fC2m8kmtlBq6OliExtG3EQF/i6PBlnSvXAmpFC0x3q98D+9jGxdrWb7f/JTNetY2ZbvtyYiUECMdyiQUjZ/Tjv/7FRvVyDUvtldGN0P3hDZwIXT8ZuahPekV6MBFULWdJ/t60hLr2rtH+eGC57QwAsz8/dHkJN/U8Zw1y/lZCF131P8I9g+SvfEUcDkaxftNonEySNJ2+MpLPt+re63DJB7Z8RI+AMI4Dtd3fI9sgC3DnmSOD4D2zsy7uWptLmeoh/YUskWaMWzQg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none Received: from MN2PR12MB4286.namprd12.prod.outlook.com (2603:10b6:208:199::22) by MN2PR12MB4288.namprd12.prod.outlook.com (2603:10b6:208:1d2::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.19; Tue, 22 Sep 2020 07:51:54 +0000 Received: from MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f]) by MN2PR12MB4286.namprd12.prod.outlook.com ([fe80::61fd:a36e:cf4f:2d3f%9]) with mapi id 15.20.3391.026; Tue, 22 Sep 2020 07:51:54 +0000 From: Ori Kam To: Asaf Penso , Tejasree Kondoj , Stephen Hemminger CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWh4pRZfLbWZ7qe0ynwFOSPm3ATaliFKIAgAqI4wCABj5HgIAAeDEAgAEGxZA= Date: Tue, 22 Sep 2020 07:51:53 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=nvidia.com; x-originating-ip: [147.236.152.129] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: de0006a3-942e-4350-6427-08d85ecc5f76 x-ms-traffictypediagnostic: MN2PR12MB4288: x-ld-processed: 43083d15-7273-40c1-b7db-39efd9ccc17a,ExtAddr x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: cuYEQO9EldRJPs80OS4/8YN53cMI/TcvmAXZhEbBO5qBX8rCtaXouEz0lFCoG0SBj9Ihl4Nox13x7Kp6OYNV42dgqDNMwtxvDNiEJ7hofk1d4g+k/FEsDX71NEwTFU8Ru6xZsxjehx4x1IeNBiS7eL/rLn+8mQU7L7cYmjcfHZW75NjaKS3tckMbst9cv+rCq1iy9hQsnGqwxCX75tz6CVxBhbXcySFX1Jt2/moA+YSEwy8WpIgzO+sNPd+MZ92trs9ULcXltda8SGmwGBhcc5iriD+Mp+k73T5gr3vA1l0aADTi8mhKPtiIOI+he4hcsJNKwldsV7V4n9r4UOMkFg== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR12MB4286.namprd12.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(39860400002)(346002)(136003)(396003)(376002)(8676002)(66446008)(64756008)(110136005)(8936002)(7696005)(5660300002)(83380400001)(4326008)(52536014)(186003)(26005)(71200400001)(66946007)(66556008)(76116006)(7416002)(2906002)(66476007)(15650500001)(316002)(6506007)(33656002)(478600001)(9686003)(86362001)(53546011)(54906003)(55016002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: jFIyQD6Rp1KWqJnYhD61JjJPPazc8GuD9StFfBfY8dE3cahVb3u4lG1nd/O03m8cM3EEfCMuDDSCQvasCmlbnTkG+KkTphnQeX1db1czlpRWe0IIhuOJfRWTnWom9Er+gAkF90Z3cBcsLpzka+C9sAkBlNvktqFbCzLwCPUBfZrOkiOlst0M/jEvAxVfT1I8GyXB1Jzh4sp5sgrT9sQmD4CLirjXqb1WRl9wPw+7SI240WH454r7YFgJnJpUVeIAmj/3znzKkBt1tFiRJ19pIFjiL7mCdx0p25jr6K8CprK+J0AslJ5cDeDDQyY5ky6bAGezJHvbGCIQ7qYcUi462gy85gtoewfHxwIfEukJQ4qUYxrFx9hBKJOSmCTKtVyexBsSDdpER0kfeAlnN5g5cQ2tiY/LmT3Jz/HLdLNT9q7Lc2TfHmAlJ099LniQPaINBx1b5OgUfEttcilM+qiT2Tm3/fceJ9jEltzt2lpK0/ZzveI+FapVGHj2oi6Ua4RzET0ytaKqs5wTWJmTB4/A+jzJNnqefNub96zC1XgsNQ8LvXY8aAJqTKFq6rKvYyyrI6GIz0fXEzMGuh39N1UNvsbYZNXg+e0Neij7wGO81Ot2ILn+WJnbN2lhu3xlB3TV0+NTz0tLvpAqOKjy4xpSYQ== Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MN2PR12MB4286.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: de0006a3-942e-4350-6427-08d85ecc5f76 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 07:51:53.9684 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CS8xpkme2Y77KyTr83MYzEWCU1LyyCsK9tI30X5cDUa8JhXgAzonEZKa+ALlV0d0nVofDD9JrovxMhNL95w3Sw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR12MB4288 X-OriginatorOrg: Nvidia.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nvidia.com; s=n1; t=1600761126; bh=rdYl50rLlQjvOFIKEM903atByQOPfrPCP4CuXHyl56Q=; h=ARC-Seal:ARC-Message-Signature:ARC-Authentication-Results:From:To: CC:Subject:Thread-Topic:Thread-Index:Date:Message-ID:References: In-Reply-To:Accept-Language:Content-Language:X-MS-Has-Attach: X-MS-TNEF-Correlator:authentication-results:x-originating-ip: x-ms-publictraffictype:x-ms-office365-filtering-correlation-id: x-ms-traffictypediagnostic:x-ld-processed: x-ms-exchange-transport-forked:x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers:x-ms-exchange-senderadcheck: x-microsoft-antispam:x-microsoft-antispam-message-info: x-forefront-antispam-report:x-ms-exchange-antispam-messagedata: Content-Type:Content-Transfer-Encoding:MIME-Version: X-MS-Exchange-CrossTenant-AuthAs: X-MS-Exchange-CrossTenant-AuthSource: X-MS-Exchange-CrossTenant-Network-Message-Id: X-MS-Exchange-CrossTenant-originalarrivaltime: X-MS-Exchange-CrossTenant-fromentityheader: X-MS-Exchange-CrossTenant-id:X-MS-Exchange-CrossTenant-mailboxtype: X-MS-Exchange-CrossTenant-userprincipalname: X-MS-Exchange-Transport-CrossTenantHeadersStamped:X-OriginatorOrg; b=ZutDH7zMVpK00TAfXhID/8SGWRSEWg725jC8yU7HttQXgtaD4dkTkx4FOaQNCY9ZI HCj732MCZP42drrQDcaOf5ReEBZTQDmQF02PQS0w/roz6bcBvL+JpkCkaOKgfGOLn/ Zrr4eDwjpCBUZRBhmJBjt+mGFjSKy4fWs6H/rar5H2VKcJixRNXqSysGqwefoA80jD J43ErqIbjM8F2Z2nfmUHvKLvyMgfLqDl9bC+luSdx3lyPAu4huGNaWSswqK1P9cHFj yqryNoyHiMdsJepsd4w6l7phDxk4VNvZA5L4AZXJTk8yKeVrNagifxr+yNVzLN22dP hc7EPo6azJVfg== Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi=20 > -----Original Message----- > From: Asaf Penso > Sent: Monday, September 21, 2020 7:09 PM > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 >=20 >=20 > Regards, > Asaf Penso >=20 > >-----Original Message----- > >From: Tejasree Kondoj > >Sent: Monday, September 21, 2020 11:59 AM > >To: Asaf Penso ; Stephen Hemminger > > > >Cc: Akhil Goyal ; Radu Nicolau > >; Declan Doherty ; Ori > >Kam ; NBU-Contact-Thomas Monjalon > >; Ferruh Yigit ; Andrew > >Rybchenko ; Jerin Jacob Kollanukkaran > >; Narayana Prasad Raju Athreya > >; Anoob Joseph ; > >dev@dpdk.org > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > >Please see inline. > > > >Thanks > >Tejasree > > > >> -----Original Message----- > >> From: Asaf Penso > >> Sent: Thursday, September 17, 2020 3:09 PM > >> To: Stephen Hemminger ; Tejasree > >Kondoj > >> > >> Cc: Akhil Goyal ; Radu Nicolau > >> ; Declan Doherty ; > >> Ori Kam ; NBU-Contact-Thomas Monjalon > >> ; Ferruh Yigit ; Andrew > >> Rybchenko ; Jerin Jacob Kollanukkaran > >> ; Narayana Prasad Raju Athreya > >> ; Anoob Joseph ; > >> dev@dpdk.org > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item > >> > >> External Email > >> > >> ---------------------------------------------------------------------- > >> >-----Original Message----- > >> >From: dev On Behalf Of Stephen Hemminger > >> >Sent: Thursday, September 10, 2020 7:46 PM > >> >To: Tejasree Kondoj > >> >Cc: Akhil Goyal ; Radu Nicolau > >> >; Declan Doherty ; > >> >Ori Kam ; NBU-Contact-Thomas Monjalon > >> >; Ferruh Yigit ; Andrew > >> >Rybchenko ; Jerin Jacob > >> >; Narayana Prasad ; Anoob > >> >Joseph ; dev@dpdk.org > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > >> > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 > >> >Tejasree Kondoj wrote: > >> > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > >> distinguish > >> >> plain packets from IPsec decrypted plain packets. > >> >> > >> >> Signed-off-by: Tejasree Kondoj > >> > > >> >Please provide an implementation, API's without any driver support > >> >should not be accepted. > >> > > >> >Also, we need a test for this. > > > >[Tejasree] We would like to defer the patch and add implementation, test > >case in next cycle. > > > >> > >> +1 > >> Also, I think the word SECURITY is too high-level, and if specifically > >> you mention here an item for IPSec, perhaps you can consider renaming. > > > >[Tejasree] This item matches security processed packets and not specific= to > >IPsec. > >Will change commit description as follows: > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > >packets that were security processed. For example, in case of inline IPs= ec, it > >can be used to distinguish plain packets from IPsec decrypted plain pack= ets" > >Would that be fine? >=20 > It would be more clear, yes, thank you, but in this case I suggest to hav= e a field > in the spec that you can match on it. > For example, is it viable to know if the packet was processed by IPSec an= d not > AES? Maybe you want to have 2 flow with this new item, but still differen= tiate > between the types. Why not use mark/tag/meta to set this value? The application will insert a flow that sends to security and mark the flow= with some ID then the application can check this ID. Best, Ori