From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 82D07A0A0E; Tue, 23 Mar 2021 18:54:32 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6DBB2140FB5; Tue, 23 Mar 2021 18:54:32 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id 286584069E for ; Tue, 23 Mar 2021 18:54:31 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12NHpWnw027985; Tue, 23 Mar 2021 10:54:30 -0700 Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2103.outbound.protection.outlook.com [104.47.58.103]) by mx0a-0016f401.pphosted.com with ESMTP id 37dedrj3n5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 23 Mar 2021 10:54:30 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=oTBBZu0lcHRmu72nN0r0yfQ1jZDq5M73SCKpRIeQHNQ6QdNET/BRjntU7IW7ZE+LP+XrBF6KFnPcvKT9PiwTqEBYG6F8fRhASI5TmtXNSLKREC0tsoOyTJo0YjirPIyGA62vM+KKehbs8vfDrne3f299vMgE0s1bErD3c5sRXB3JlL81JrhSg0VIUiMpaGk+B3slGeNMp7NKuiLHUn/OX2rJDuHDbBud9W3BnatEFXJ9FiHBDkwlYdUAXbURl53ljWmzIS/awS9sw15mRDpyqAQ7B3gmVxzGJJIDtYh+eQShfyPArvU2b336SfoRRotfGfHcqZPjyQiQ28OR+Ej+Ag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vYkpOxMLLcOSk51Rtc7hHJUmG5wPGUh0XaWOyVuNPhg=; b=oL96Gj6nqBlOzUH8FBP0QSMSYEhmPMmoxTUsYKw1FCeXdpcQoTQb2YrA+SCJ1FWzOdV+cC6HHf5V7uvMbgtYBFsZ+K68N61YkbZQRa9FDhcopaBPwhyl46HKeQGW49UtwOKByValdloqg6NBBt9uD51PPiZh9gycXC9be+fUz5L77VjSlwMjhsOraPHT5OxijhNJv2jCf5kXnQO3kPpAIS35fvCnFV1eMtFxIWK2LZzIVLvdt4zOBRM9AVGD+TDym0kQSV5TEFHoUtbplf9FPoa3yDSmufhvoZopi5xjuiVv0yrChWbuDWFZEbqOcFewR0wI7Hw/xZ0fbVCwPstvSA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vYkpOxMLLcOSk51Rtc7hHJUmG5wPGUh0XaWOyVuNPhg=; b=uPABscs0+u4NblboOPvNFxWkJetvcLgNkaz+oZs5dwQklDFidb7et8brCCLzmze80iFVBystYVrbwqKjHYNGDdSzMtr/lsS0/4APeSTjMu6NBiugDLH+K3uThjM4THyn02UUVGI5KxOsdDb2lrtXQVZwBMyxA2OBBt1/Jcm+rrI= Received: from MW2PR18MB2284.namprd18.prod.outlook.com (2603:10b6:907:10::16) by MWHPR18MB0991.namprd18.prod.outlook.com (2603:10b6:300:a3::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.23; Tue, 23 Mar 2021 17:54:27 +0000 Received: from MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::b40a:1145:2f52:123a]) by MW2PR18MB2284.namprd18.prod.outlook.com ([fe80::b40a:1145:2f52:123a%7]) with mapi id 15.20.3955.027; Tue, 23 Mar 2021 17:54:27 +0000 From: Akhil Goyal To: "Ananyev, Konstantin" , Tejasree Kondoj , "Nicolau, Radu" CC: Anoob Joseph , Ankur Dwivedi , Jerin Jacob Kollanukkaran , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support Thread-Index: AQHXGX8sU8FE6QG6F0awQ3BjF6w2x6qLi/MAgAWiylCAAIASAIAACBqwgAANj4CAABksIA== Date: Tue, 23 Mar 2021 17:54:27 +0000 Message-ID: References: <20210315103616.31364-1-ktejasree@marvell.com> <20210315103616.31364-3-ktejasree@marvell.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: intel.com; dkim=none (message not signed) header.d=none;intel.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [122.162.28.216] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 5562afd4-15d4-4f8e-b03f-08d8ee24b3a7 x-ms-traffictypediagnostic: MWHPR18MB0991: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: PnovBl1GTskVDOxIuM9oD+Ju2jBf6PbZMFlGRggTFYrxB9xyyPMuqEWCVpKRm2yjM8edOiiysX68nAVIB96jUOu2bQYMwG4D0MlK2j42n/ddlY2rfzfnRktRNp0WohgO7JCr/SlyYSJ+PhH4HyrlmsMtpZ1+W35Xqc5pciNqutcJc/5r7fhsqcjfzvEm07Zf9+ur8MNY/NyPQljJk7YhUJSkUvw4mtVWB0kKMHsBz950XVJYMsfFc6O036uvs76O0ac2lIKAB+tPdZvz4XO4mc43YHa1oQoH5O0NRoR6ruTFLpW98myejqYNDBUhX3asDGX1/aBhpkJ5PJQCWLoXwjkZDWC/F4JXrjx+fGvfZqwngIzFEM2WopEJF1VPVr3xj5ZmRrOPZ5cQVLGlaSmojt6FOf4PEPfbypE0odB/mU/1XbdB4KO1FtCjFePgq5OePbjkXzVOdBgLd5o+b+lJ3ztJhMTnBNYZvnFc9YcBoRkiafYvsntCNr+kE4LOXe4cNKShQ6sHS3M3e0LLANxnnpMZeImWwLDUZYBSq2twULZHmAeXNxCdNNhspk9L6qV0VXoEGnJE11AgTeiGhdID1WuRWZj2EC1EX0U1Htd/P9zV+RnLengrv8QLnYA94addVGoR5fOudVzGcCHUoN01yBB3ZmDp9HwOG5W2PSjpIxM= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MW2PR18MB2284.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39850400004)(346002)(136003)(376002)(396003)(366004)(86362001)(8676002)(66946007)(64756008)(478600001)(66556008)(66476007)(66446008)(186003)(6506007)(110136005)(71200400001)(26005)(2906002)(76116006)(8936002)(316002)(54906003)(9686003)(5660300002)(7696005)(33656002)(38100700001)(52536014)(83380400001)(4326008)(55016002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?H7d4oDnF4dJA1o4YeXOzyOs0DLq7dZjNrhTI0LDBM2IL+eFB4U48j8jnADKy?= =?us-ascii?Q?JLWMLu7dTZDKQEMBI8+MpZlBxoB1pjUMvFza/eIq+HBd1V8bPbD5rS1vv3XL?= =?us-ascii?Q?q0yDHrwA4Lm+4aot44ScOsGbaEhBAqIzGDvlPNXcKeNolf4eOjygrULNLPj1?= =?us-ascii?Q?7/5GheD2mq68p91+MMOxhZIlhQiAuOAzIpJjaPWCu6odv6+lFIQp3mNxNj3S?= =?us-ascii?Q?TQ1+gssS2BG/77ykuCEGyCEZI0HeD+69Mog0Fi4sgXR+mgpmyUB6nDY6iLtJ?= =?us-ascii?Q?kObmargX2y6eWFG0h+On1AUWY7qCgu2ThzW9zOatKGMmBElVBO/AKPntvnTX?= =?us-ascii?Q?mA93jPjcaCicSpjCgzAF+QZSv+OM+NxYyCgRMwUI3u1O9qVwmJM3YEvnkABl?= =?us-ascii?Q?Q0D7Cn0nSSxSn+pBzoLrpQDQ76lJ1eSe6dZ0W2dQw3PFrGttAAsbrqc73Tzn?= =?us-ascii?Q?wTfn9aX8GhplEo70YZa6bBcbOiIftm23sZueKHY+AKMCrZ4Tn+jsrkC8p5rT?= =?us-ascii?Q?TvfvRe6xYba6PJ5Nls2o+BTgIblvyf8Y2fgkXPBuq5qOLVhjA6J1Ap7IoFAj?= =?us-ascii?Q?z/bcp4rU8dqiiI1qqiBN785qd6aRIO2qNcmPIUI9kXGluoR7BzcENCrXHY0m?= =?us-ascii?Q?Pe0CWaI0IMFQL9mAbtiTK64hsQ638veKh2c3cbJMEepnFT/I4QWzearx8YDq?= =?us-ascii?Q?80DFVHsKNYpYdjd6sjSHjQm9fDmNwULAZx5Ti2xird9jvF4l2fz3BDBzAS4H?= =?us-ascii?Q?yJrKa07MuPJU12NZO2fwKU7Y1OSBEXIyimMqc8bwCsh5vAwQJzulZgQ0X2cm?= =?us-ascii?Q?nRGCU7R69UGqpakdir0qapCdtMmA6Mbgb1TOu2csFzE91l1WsjKBprETFIl7?= =?us-ascii?Q?NkxvwiBnDLTR2fpQbQ8KFGqfB27G+EG1Bhk4XWmQiedBS0hcLFn0RQJLIIhE?= =?us-ascii?Q?B/ov8M9F8Qg68teieZS7rpVl84SR5MyOHhq0TlGfG1Am7Y4yv34Is0521cXX?= =?us-ascii?Q?e/2SB3zk3hiohuRSJadScefPh3T0mxkSXRRyPXLvZCiJzpwi2f2o8dxk5BKw?= =?us-ascii?Q?05NXx3+ng3nsbiXM89OW6Pa76hmJDtiR+uDTrNu1muWtfIOzTBPZrdFpz7Gf?= =?us-ascii?Q?ylyS+b8KB/I4AMb0UIu7hafcTYpWDoXa43PRvO4me/uiyrXTj4OvfBIb4So3?= =?us-ascii?Q?tOd3o5XP9u5E2dtbrVt0eYHmbgaSq1CP6gpI11ycVu7KWs1nkJ54jpUTTGCM?= =?us-ascii?Q?20GVRY7PnnXQ3UQXFwjEEBdhnOEUdYl67d/ZQkcfyHfeAZZJN3tlJSevOH8N?= =?us-ascii?Q?BJp4K9ybL4HSorleYYuQh1lD?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MW2PR18MB2284.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 5562afd4-15d4-4f8e-b03f-08d8ee24b3a7 X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Mar 2021 17:54:27.1840 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: b0cuS+KUXVREBLshjrnU2ud2qj3bD5xYIVx6w9iLT4Q9y/a/903sX/zMW44TjTOAmzwxtNNFnWgPObbYehRlng== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR18MB0991 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-23_09:2021-03-22, 2021-03-23 signatures=0 Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > > Hi Konstantin, > > > > > > Hi Akhil, > > > > > > Adding lookaside IPsec UDP encapsulation support > > > > > > for NAT traversal. > > > > > > Added --udp-encap option for application to specify > > > > > > if UDP encapsulation need to be enabled. > > > > > > Example secgw command with UDP encapsultation enabled: > > > > > > -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp= -encap > > > > > > > > > > Can we have it not as global, but a per SA option? > > > > > Add new keyword for SA/SP into ipsec-secgw config file, etc. > > > > > Konstantin > > > > > > > > > > > > > Any specific reason to make udp_encap as per SA? > > > > UDP encapsulation is a feature which I believe should be applicatio= n > vide. > > > > If it supports the feature it should be enabled for all SAs when th= e UDP > port > > > > is 4500 which is reserved for it. > > > > > > Not sure why it has to be application wide? > > > Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over= port > 0, > > > and SA2 with udp encap over port 1? > > > Note that in DPDK librte_security it is per SA option. > > > > UDP encapsulation can be done only if the UDP port is 4500 as per the > specification. > > Please correct me if I am wrong. So if UDP port is NOT 4500 and udp-enc= ap > is enabled in the > > Command line, UDP encapsulation will not work. >=20 > I am not asking you so support multiple UDP ports for IPsec encapsulation= . Multiple ports are not required to be supported as per specification. UDP encapsulation work only on one port i.e. 4500. By specification, it says, port 4500 is reserved for NAT traversal and if a Packet has this port, then it has to be processed accordingly. > What I am saying: it should be possible to use SAs with UDP encapsulation > along with SAs without (plain tunnel/transport mode). Yes it is possible with the current patch. If a packet has a UDP port =3D 4500 then it is UDP encapsulated otherwise i= t is not. Hence, a packet with UDP port other than 4500 will work as it is working wi= thout --udp-encap param. > As I understand with your patch it is not possible: if user specified --u= dp- > encap > all SAs (on all crypto-devs) will be treated as UDP encapsulated. Just to correct this statement. If user specified --udp-encap all SAs (on all crypto-devs) will be treated = as UDP encapsulated if and only if the UDP port =3D 4500 and not otherwise. I hope this statement clears your concern and it makes more sense to make i= t application vide, just like esn and anti-replay. Regards, Akhil