From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id C0594A2EFC
	for <public@inbox.dpdk.org>; Thu, 19 Sep 2019 04:50:58 +0200 (CEST)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id A42521E53B;
	Thu, 19 Sep 2019 04:50:57 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 4A6171E4E9
 for <dev@dpdk.org>; Thu, 19 Sep 2019 04:50:56 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id
 x8J2oD7b008833; Wed, 18 Sep 2019 19:50:55 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : references : in-reply-to : content-type :
 content-transfer-encoding : mime-version; s=pfpt0818;
 bh=vAI0mmBATiLMBj6eZE0A5mcvCWD4Y5drg9XDt2Eld70=;
 b=D67+IT02HiL7kEEnlxwJJlL7+iz93dIiezA130Rf55SyGxIiSqA/oqAuBtNJBk++gIAX
 2Fo0VBRrHujDWF3I6/K+ahmRnm0GJr8UmzHYiUyDyuzVIfgDv3PinVhRkmBUugE4c2n1
 /eQISUnzxBZ/D0yjy2Nsc83TOGfQ3N+DiwkjnSJDo6OAw55V+Ab53i/H5UumP2dLRXpn
 BP3YV5ibP9Ia1e9vZTdsKRau6pYPsSE0Dythg7PdcQAPQ/hrwdZ9VzRIGe9peBLlgzaB
 FnSeq17alt1gjGlk7YPd+8XFI9VaKloyef0f/f216emkkq92vspfI4GXY++iZ2/V0sGz lQ== 
Received: from sc-exch02.marvell.com ([199.233.58.182])
 by mx0b-0016f401.pphosted.com with ESMTP id 2v3vcfgxpp-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Wed, 18 Sep 2019 19:50:54 -0700
Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH02.marvell.com
 (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 18 Sep
 2019 19:50:53 -0700
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (104.47.48.56) by
 SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server
 (TLS) id
 15.0.1367.3 via Frontend Transport; Wed, 18 Sep 2019 19:50:53 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=EWqYFFjdPYajiAmyeoKFagg/GLntne4rQq2DIO8hdBVUA2AXmT7AKBMRWlmZDO6lIW8glRN3wHHozwkWSi4PHt1OLmdn8ZRNnWGAYgd3sehoKDa+ZgD64gNCKoHlep/0dM259/8JjKAADqKKMUh0N3mqnP4Ro5/WNxUySGHMiPFEyd71NKxB7aD4QQi14alNDhN1cc9PEDyyD+IwJx0gVA6iefqXlujtqo3Lb/nS9paLbx6iBDpSKu1YFbpvyF/9Mwt3UiG2BSiYB59rNH3MEd9DOokLsrH5kKWSda5jbX4eIYQdw2/qeSfwb9F2uWEPw99HAIoc35SR6d3/R/gH+Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=vAI0mmBATiLMBj6eZE0A5mcvCWD4Y5drg9XDt2Eld70=;
 b=PsSczamo2dh8lFBWFS87XkuC4JQDZk8mQfD2pjJjxt7OyiUkC8lE/ap6WfQGUTDHNetd5Y/R6FdNa4kx4uidvXzB2SscK7wfd5GMv5xHMmANcbWKheAx1NvpLKerSokQLNQkvRWDGbjE+YKAQ5+wStNM19yR3Rhy7JOP6omIm8MHl+vRQZ7zptxQ6/x5uW7qG6nVwIQ5ICerL7G0MNUMSbEWWKEhsJMxKJEjXf5nZE/JYYZpLzHkUea2DXF9wUETiodY6x3OoBChynUuvrGxVZhFTXNZmxd1tR64nsXwFK3Wi2xzXztzg6phxMin+qP/jSHvCx6tQCv0zpYWB1XG8w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com;
 dkim=pass header.d=marvell.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=vAI0mmBATiLMBj6eZE0A5mcvCWD4Y5drg9XDt2Eld70=;
 b=H9sTsisZHKxN0Mne4yAm+Ffc1cI69XnPcaVq9a0b8nvKcOaZCGnfXzPS9QSMviNIB59HXp2fHLI7sUvK9JEkr5c2oYN2gGZUQ4vPWgH3FtEGcx3O3qR6M6ZoMEb2ILG/jziOD3qwZG1KnWIcIj2FDJl67LD8dW29XEo5DdFMK/Q=
Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by
 MN2PR18MB3022.namprd18.prod.outlook.com (20.179.81.79) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.2284.20; Thu, 19 Sep 2019 02:50:52 +0000
Received: from MN2PR18MB2877.namprd18.prod.outlook.com
 ([fe80::5007:2282:4aff:5baa]) by MN2PR18MB2877.namprd18.prod.outlook.com
 ([fe80::5007:2282:4aff:5baa%7]) with mapi id 15.20.2263.023; Thu, 19 Sep 2019
 02:50:51 +0000
From: Anoob Joseph <anoobj@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>, "Smoczynski,
 MarcinX" <marcinx.smoczynski@intel.com>, "akhil.goyal@nxp.com"
 <akhil.goyal@nxp.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, Narayana Prasad Raju Athreya
 <pathreya@marvell.com>, Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
 Archana Muniganti <marchana@marvell.com>
Thread-Topic: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add fallback
 session
Thread-Index: AQHVYytvQTM+ragIcUyjA1ZmuGIqT6cxEoawgAAiKYCAAALJ0IAA4FuAgABIw8A=
Date: Thu, 19 Sep 2019 02:50:51 +0000
Message-ID: <MN2PR18MB2877C0F8EED2207F84FC882BDF890@MN2PR18MB2877.namprd18.prod.outlook.com>
References: <20190814204847.15600-1-marcinx.smoczynski@intel.com>
 <20190904141642.14820-1-marcinx.smoczynski@intel.com>
 <MN2PR18MB287794C6774A2E55E3214FC6DF8E0@MN2PR18MB2877.namprd18.prod.outlook.com>
 <2601191342CEEE43887BDE71AB9772580191966C6D@irsmsx105.ger.corp.intel.com>
 <MN2PR18MB28779572F08E15EA6F8FD41EDF8E0@MN2PR18MB2877.namprd18.prod.outlook.com>
 <2601191342CEEE43887BDE71AB9772580191966FFC@irsmsx105.ger.corp.intel.com>
In-Reply-To: <2601191342CEEE43887BDE71AB9772580191966FFC@irsmsx105.ger.corp.intel.com>
Accept-Language: en-IN, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [122.175.97.189]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f312eeed-3a7e-454a-fbbb-08d73cac2f1c
x-microsoft-antispam: BCL:0; PCL:0;
 RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600167)(711020)(4605104)(1401327)(2017052603328)(7193020);
 SRVR:MN2PR18MB3022; 
x-ms-traffictypediagnostic: MN2PR18MB3022:
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <MN2PR18MB3022C0D572CE0475E5AC7454DF890@MN2PR18MB3022.namprd18.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 016572D96D
x-forefront-antispam-report: SFV:NSPM;
 SFS:(10009020)(4636009)(366004)(39860400002)(396003)(346002)(376002)(136003)(189003)(199004)(13464003)(66556008)(66946007)(64756008)(66476007)(81166006)(33656002)(229853002)(66066001)(316002)(6116002)(3846002)(11346002)(2906002)(256004)(25786009)(186003)(102836004)(6506007)(53546011)(446003)(26005)(7696005)(476003)(107886003)(486006)(99286004)(86362001)(6246003)(76176011)(14444005)(71190400001)(76116006)(71200400001)(7736002)(110136005)(8936002)(8676002)(5660300002)(561944003)(478600001)(66446008)(74316002)(81156014)(4326008)(6436002)(305945005)(14454004)(9686003)(2501003)(55016002)(54906003)(52536014);
 DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB3022;
 H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en;
 PTR:InfoNoRecords; MX:1; A:1; 
received-spf: None (protection.outlook.com: marvell.com does not designate
 permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: vu3fQEtdUxz32dPWGL2FqNqnwNoSnx0jElqFpaqvhopSiDwgozV8XQ/SGKShXWZzbIOAcC9DjesR9Hu4lolXmE/txoCNcWPey6LD68haK6CSkFviprHvVpd6HKnXss3cB9QI9wJlXTAsnj2aBY9JvAOdUnU9YRXsONVSCdHLxs4a/za5lq2EBl+zrS1cBcUtKkiwZ/V9UCJEbXDTRUOK+srYmUWtG982PmnTyOVRlA5E/b4XISZTZqlvYooBc16ul0GQyEE5hgU7q5HztyXGnw2EEkh2XHvC6RAVIHHsx+33UC4LY7T/8mUA8O9mAhlL2KIjtgPeEy0guwgIBE1p3poRNqGnbRFgX1X+wAe3smu1HDmj0o4XOcDQ1leUsF6jLI5R57w77cnLzXPg8PLQU985jFcFyuQJfYbGZ+r72wg=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: f312eeed-3a7e-454a-fbbb-08d73cac2f1c
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Sep 2019 02:50:51.6745 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: QMcGa+7oYQPmpxyaJ/af6PA6Ei9wxPvP20NWBzyBM2btZtcNMP6SLTKWO3XFgdjoLOUk2YwbQShjFgWbpakEgQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB3022
X-OriginatorOrg: marvell.com
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.70,1.0.8
 definitions=2019-09-19_01:2019-09-18,2019-09-19 signatures=0
Subject: Re: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add fallback
 session
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Konstantin,=20

Please see inline.

Thanks,
Anoob

> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev@intel.com>
> Sent: Thursday, September 19, 2019 3:49 AM
> To: Anoob Joseph <anoobj@marvell.com>; Smoczynski, MarcinX
> <marcinx.smoczynski@intel.com>; akhil.goyal@nxp.com
> Cc: dev@dpdk.org; Narayana Prasad Raju Athreya <pathreya@marvell.com>;
> Jerin Jacob Kollanukkaran <jerinj@marvell.com>; Archana Muniganti
> <marchana@marvell.com>
> Subject: RE: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add fallback
> session
>=20
>=20
>=20
> Hi Anoob,
>=20
> > > > Sorry for the late response. But how do you plan to handle "inline
> protocol"
> > > processed packets?
> > >
> > > Right now that feature is supported for "inline crypto" only.
> >
> > [Anoob] The description says "inline processed" packets. Hence the conf=
usion.
> >
> > > For the case when SA doesn't enable replay window and/or ESN current
> > > patch should also work for "inline proto" too, but this is just my
> > > understanding (not tested, etc.).
> >
> > [Anoob] In case of inline ipsec processing, the ipsec state (which
> > would track sequence number etc) will be internal to the PMDs. So
> > anti- replay/ESN would have to be done either in the h/w or PMD. This w=
ould
> mean application will not have state information regarding ipsec processi=
ng.
> Hence fallback handling with the above scheme will not work in that case.
>=20
> Agree, that's why I wrote above that current wok might work for inline-pr=
oto
> *only* if replay window and ESN is disabled.

[Anoob] Any feature that makes use of protocol "state" would fail with this=
 scheme. In case of inline ipsec, that is anti-replay & ESN. I see that you=
 are not planning for fallback session for outbound. If at all that is plan=
ned, this scheme will fail to co-ordinate sequence number between original =
and fallback sessions.

>=20
> >
> > To address this properly for inline protocol, we will have to come up
> > with some logic to share session private data b/w "eligible" PMDs. This=
 would
> involve library changes to rte_security, etc.
>=20
> Again, totally agree.
> As I remember we already discussed it about a year ago, but didn't come u=
p with
> any concrete proposal.
>=20
> > Once that is proposed, there will be one kind of handling for inline
> > protocol processing and another kind for inline crypto processing. Woul=
d you
> be fine with that?
>=20
> For sure something needs to be changed for inline-proto to sync replay-
> window/ESN related data between HW/PMD and SW.
> What it should be - new function, or something else - hard to tell right =
now.

[Anoob] No disagreement. My only concern is the incompleteness of this solu=
tion. We will have to propose a totally new scheme for inline protocol. You=
 do agree that this approach will not help inline protocol offloading, righ=
t? If you are okay with having different solutions for inline crypto & inli=
ne protocol, I don't have any issue with this series.

Also, how do you plan to pass "state" info to lookaside protocol session? T=
hat will be required to handle ESN/anti-replay in lookaside protocol capabl=
e PMD as well.
=20
> Konstantin
>=20
> >
> > > Konstantin
> > >
> > > >
> > > > Thanks,
> > > > Anoob
> > > >
> > > > > -----Original Message-----
> > > > > From: dev <dev-bounces@dpdk.org> On Behalf Of Marcin Smoczynski
> > > > > Sent: Wednesday, September 4, 2019 7:47 PM
> > > > > To: konstantin.ananyev@intel.com; akhil.goyal@nxp.com
> > > > > Cc: dev@dpdk.org; Marcin Smoczynski
> > > > > <marcinx.smoczynski@intel.com>
> > > > > Subject: [dpdk-dev] [PATCH v2 0/3] examples/ipsec-secgw: add
> > > > > fallback session
> > > > >
> > > > > Inline processing is limited to a specified subset of traffic.
> > > > > It is often unable to handle more complicated situations, such
> > > > > as fragmented traffic. When using inline processing such traffic =
is
> dropped.
> > > > >
> > > > > Introduce multiple sessions per SA allowing to configure a
> > > > > fallback lookaside session for packets that normally would be dro=
pped.
> > > > > A fallback session type in the SA configuration by adding 'fallba=
ck'
> > > > > with 'lookaside-none' or 'lookaside-protocol' parameter to
> > > > > determine type of session.
> > > > >
> > > > > Fallback session feature is available only when using librte_ipse=
c.
> > > > >
> > > > > v1 to v2 changes:
> > > > >  - disable fallback offload for outbound SAs
> > > > >  - add test scripts
> > > > >
> > > > > Marcin Smoczynski (3):
> > > > >   examples/ipsec-secgw: ipsec_sa structure cleanup
> > > > >   examples/ipsec-secgw: add fallback session feature
> > > > >   examples/ipsec-secgw: add offload fallback tests
> > > > >
> > > > >  doc/guides/sample_app_ug/ipsec_secgw.rst      |  17 +-
> > > > >  examples/ipsec-secgw/esp.c                    |  35 ++--
> > > > >  examples/ipsec-secgw/ipsec-secgw.c            |  16 +-
> > > > >  examples/ipsec-secgw/ipsec.c                  |  99 ++++++-----
> > > > >  examples/ipsec-secgw/ipsec.h                  |  61 +++++--
> > > > >  examples/ipsec-secgw/ipsec_process.c          | 113 +++++++-----
> > > > >  examples/ipsec-secgw/sa.c                     | 164 ++++++++++++=
+-----
> > > > >  .../test/trs_aesgcm_common_defs.sh            |   4 +-
> > > > >  .../trs_aesgcm_inline_crypto_fallback_defs.sh |   5 +
> > > > >  .../test/tun_aesgcm_common_defs.sh            |   6 +-
> > > > >  .../tun_aesgcm_inline_crypto_fallback_defs.sh |   5 +
> > > > >  11 files changed, 358 insertions(+), 167 deletions(-)  create
> > > > > mode
> > > > > 100644
> > > > > examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs
> > > > > .sh  create mode 100644 examples/ipsec-
> > > > > secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
> > > > >
> > > > > --
> > > > > 2.21.0.windows.1