From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id CE3F1A04B6; Tue, 22 Sep 2020 16:18:14 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 3C6C11D8FC; Tue, 22 Sep 2020 16:18:14 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 033271D8E9 for ; Tue, 22 Sep 2020 16:18:11 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08MEGTgw020790; Tue, 22 Sep 2020 07:18:11 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0220; bh=p5sdbm1g772oOfMkn//MgCXtfYLsnquDxX+r6oqqwBo=; b=G94hu8uHrIk3fmO/6+ma+PkP/FYpice1R2GuJJG1YdjIbpaazSqx+iMyC3xwhVuuHAzl uGvTkhU4HvWrltu5a0NiOOdak60A4Vpigh84/U7F0mMsL0kPi8dnW2sokJ2Sk4LYTqY/ 6s/RIZDowddkZLM2n6mJLkghrWc67W06bVd0gXEqrbiNtl2TLA2zdnzusUtHxzx83GvM 7/41S71jz5Y2vHSVhGsNRVKq+QR5WCSM4DI/tmURNEzMTVTaYnBC0kmiX39Rlx9n8Vos gjLfDN9RxsYqBVVnSSnK0b3ypTScvf4tW1OP5jSqibOm2yZgnh9CkD/pcThtd9o6Wxhn PQ== Received: from sc-exch01.marvell.com ([199.233.58.181]) by mx0b-0016f401.pphosted.com with ESMTP id 33nhgnae44-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 22 Sep 2020 07:18:11 -0700 Received: from SC-EXCH02.marvell.com (10.93.176.82) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 07:18:09 -0700 Received: from NAM11-DM6-obe.outbound.protection.outlook.com (104.47.57.168) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 22 Sep 2020 07:18:09 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=aKXz4GVw0Bnd5JEojwGESj1Bn1POeu3tiWszaYU4k3sL3bV6nn2AzUsFuxWg/dPiZI1WlFCtcjPoLUC7StOiOW2bott7kslfyvoH/7qaNK8SfRnWzHmot/vx0jfRKnXVZIShdhz3Q3sjoooa5w7gVU6EZl9H5UoF/I8FUMe5ePguv1EZd57rCg0DVI3f+okWTjrMl2RdBriKSLa0Pjyr++JWraSGwLrmSLwNsCwx44Fqptqn76Ud02eDFnUY3ULAe1uHu/LbLrTMT9NPPLz6Iv+x3Z3i32MTI+O4ErWmphNQr1/HiRVfKy3nCW9Q6CbDcCyG5YYTujj8ksggcgJgtg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5sdbm1g772oOfMkn//MgCXtfYLsnquDxX+r6oqqwBo=; b=DVtHxW0Qt0lTIO8jacSFoW2Zxj6E5f4DwmTCoMlIoS0oNkXyGIZedUz74fVl4W0BVJ4y0QLwuzVI1bqMIjmlm93S2atbfsJS67ZL8Oyum1iweh+U7zpYK4i3Y0wIUrdqYUWu7VPCTuEKH69WiqKPDYjL/fddZtVisVVPoTzc5MrDICi660sQKZ/fVWCSYBAw15346vzeXlCAbMI9MqnhwRYQAq2DbZS8a04UaHumOm4wdMRIzdW1AYKuswoPSAbbw39wxkohLpzumE7mcMFmRFmkXsnPBm/k09TXgKVXiMP+49cExwWz6+W4UBbFhWBM8lPZVdgbiBBK3Bvx+5xsFA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=p5sdbm1g772oOfMkn//MgCXtfYLsnquDxX+r6oqqwBo=; b=fMwG4Jm/gC9rgiw2sgwIaZSF8Z/uibBUtXjfQsjmSO7RtpPN7rchwFQbAdwH4l3TaXqv+qVkcPof5xk9YZzj3/mfYWIhcV3upElfp4Q3ubfTaYjCvieRT/sk0+P3U8dW2wLd2bDt5fK//In/V2fo1jkDal82sqS2y6sLfVePXn4= Received: from MWHPR18MB1104.namprd18.prod.outlook.com (2603:10b6:300:a5::19) by MW3PR18MB3692.namprd18.prod.outlook.com (2603:10b6:303:5c::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Tue, 22 Sep 2020 14:18:07 +0000 Received: from MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b]) by MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b%7]) with mapi id 15.20.3391.027; Tue, 22 Sep 2020 14:18:07 +0000 From: Tejasree Kondoj To: Ori Kam , Asaf Penso , "Stephen Hemminger" CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWjNZf0TBFrI4k8kC8OuGRv6Hd3alyykWAgAB/IACAAQdmgIAADNnwgABcHfA= Date: Tue, 22 Sep 2020 14:18:07 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [49.206.51.234] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4fe07360-3c83-4b90-2a75-08d85f0253bf x-ms-traffictypediagnostic: MW3PR18MB3692: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: m3WXi9bfth8lS3v04i6dfvr42UeOmJfsDP2aEnJBlvBthWslZ9l6WnWsTo/BsnCs+1nquIqzEcFN24GyeB9gl6iTw0ON2NmrJuVVH3WyUM1vHfRqzFH96IcZGK6oMZKPgwenYHS54N6izXubS2tAkwHUEDUKD+mnjlEL12ZJCbuEyYcYC2YQdVLF+Ky7OWBvZTBByAWut1P5jeVwIxaiYxGnJvrf/LJQxmUxQA3aWpVSWQn3kN3aMj/nG6w6HnOTjp11bXCsArNc/EolSPFnqRIGmW6KEphzH7vZgiYj8Zy/X7rKMvzIfAilGSCv5v43UkntBlaJduVywa5cFD1xrQ== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR18MB1104.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39840400004)(366004)(396003)(346002)(376002)(136003)(33656002)(2940100002)(76116006)(5660300002)(53546011)(110136005)(54906003)(15650500001)(55236004)(2906002)(66476007)(86362001)(66556008)(64756008)(66446008)(478600001)(66946007)(7696005)(6506007)(4326008)(55016002)(71200400001)(9686003)(83380400001)(8676002)(8936002)(7416002)(186003)(26005)(52536014)(316002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: ReCBJ4bXxgpXNVhtH7CfOeNQSdwwkVQlkny+J0naMTEWFEhrIsqPJPTjbnIKVAevnOm4cKMZPUJU1P6RMhxg76Mol4SG/dJSK6bkfvIO81GXQNV7WZUgWyqXJN9csWIFpXEJ94ShFpd+077dg2/yeYyU4tLNVaAO1i8ZxnR/7uhh3AGRwoXP88GdkLiWqSzxdNFlZiUYpPJ0DiVizlRvwN6QzZqN5zWksm6JTBmJkFKGzgNzdM//dsH6CWlcfoxV6sDJfvnyUF7f7u75gh5BLCd0oSuVkrEsthlEjyzPYyKNZY7BqfzcMTD02CwbJybbFduzWWEl5cr3lrWl+MJVi3IGp099AyXdViJ1l7J0xV2NIARv/a9arVbcuuTMUvG+0Ols1Unj5l9O/u8JEUxNbk1lDogpKs9aWIPOFHGvkWQJ97yJFKocs6VY8pICDyl7C2NcI2YgxTW5yaO41HbHfNYT8BZrkhqskKsJ7QeO61tpEBAltD/JRISzW6nBh3RpvnV23+TJrXdnWudLSZBmuYiWKq5bIc/pgSX5gVCT5l0QncUpREp0+lmxLZLKeokx8pGwkL4mGMm1gHCfCTYTX7FBLKwX/9Rf1kbMciLdHC2lX7AMt81DsCbv9394pFU90UctZV1RX3kc0jiVeNpZ+w== Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR18MB1104.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4fe07360-3c83-4b90-2a75-08d85f0253bf X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 14:18:07.1256 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: hlcPFy8DRRuwQ6Pxhqun8LQeYlha8T5JIe0izztrltLrHDibSzVXxVy30nU85I7O//mrcrp3F40W03LHZOEZQQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR18MB3692 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-22_13:2020-09-21, 2020-09-22 signatures=0 Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Ori, Please see inline. Thanks, Tejasree > -----Original Message----- > From: Tejasree Kondoj > Sent: Tuesday, September 22, 2020 2:37 PM > To: Ori Kam ; Asaf Penso ; Stephen > Hemminger > Cc: Akhil Goyal ; Radu Nicolau > ; Declan Doherty ; > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > ; Andrew Rybchenko > ; Jerin Jacob Kollanukkaran > ; Narayana Prasad Raju Athreya > ; Anoob Joseph ; > dev@dpdk.org > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 > Please see inline. >=20 > Thanks > Tejasree >=20 > > -----Original Message----- > > From: Ori Kam > > Sent: Tuesday, September 22, 2020 1:22 PM > > To: Asaf Penso ; Tejasree Kondoj > > ; Stephen Hemminger > > > > Cc: Akhil Goyal ; Radu Nicolau > > ; Declan Doherty ; > > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > ; Andrew Rybchenko > > ; Jerin Jacob Kollanukkaran > > ; Narayana Prasad Raju Athreya > > ; Anoob Joseph ; > > dev@dpdk.org > > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > External Email > > > > ---------------------------------------------------------------------- > > Hi > > > -----Original Message----- > > > From: Asaf Penso > > > Sent: Monday, September 21, 2020 7:09 PM > > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > > > > Regards, > > > Asaf Penso > > > > > > >-----Original Message----- > > > >From: Tejasree Kondoj > > > >Sent: Monday, September 21, 2020 11:59 AM > > > >To: Asaf Penso ; Stephen Hemminger > > > > > > > >Cc: Akhil Goyal ; Radu Nicolau > > > >; Declan Doherty > > > >; Ori Kam ; > > > >NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > >; Andrew Rybchenko > > > >; Jerin Jacob Kollanukkaran > > > >; Narayana Prasad Raju Athreya > > > >; Anoob Joseph ; > > > >dev@dpdk.org > > > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > >Please see inline. > > > > > > > >Thanks > > > >Tejasree > > > > > > > >> -----Original Message----- > > > >> From: Asaf Penso > > > >> Sent: Thursday, September 17, 2020 3:09 PM > > > >> To: Stephen Hemminger ; Tejasree > > > >Kondoj > > > >> > > > >> Cc: Akhil Goyal ; Radu Nicolau > > > >> ; Declan Doherty > > > >> ; Ori Kam ; > > > >> NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > >> ; Andrew Rybchenko > > > >> ; Jerin Jacob Kollanukkaran > > > >> ; Narayana Prasad Raju Athreya > > > >> ; Anoob Joseph ; > > > >> dev@dpdk.org > > > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow > > > >> item > > > >> > > > >> External Email > > > >> > > > >> ----------------------------------------------------------------- > > > >> -- > > > >> --- > > > >> >-----Original Message----- > > > >> >From: dev On Behalf Of Stephen > > Hemminger > > > >> >Sent: Thursday, September 10, 2020 7:46 PM > > > >> >To: Tejasree Kondoj > > > >> >Cc: Akhil Goyal ; Radu Nicolau > > > >> >; Declan Doherty > > > >> >; Ori Kam ; > > > >> >NBU-Contact-Thomas Monjalon ; Ferruh > Yigit > > > >> >; Andrew Rybchenko > > > >> >; Jerin Jacob ; > > > >> >Narayana Prasad ; Anoob Joseph > > > >> >; dev@dpdk.org > > > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > > > >> > > > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 Tejasree Kondoj > > > >> > wrote: > > > >> > > > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > > >> distinguish > > > >> >> plain packets from IPsec decrypted plain packets. > > > >> >> > > > >> >> Signed-off-by: Tejasree Kondoj > > > >> > > > > >> >Please provide an implementation, API's without any driver > > > >> >support should not be accepted. > > > >> > > > > >> >Also, we need a test for this. > > > > > > > >[Tejasree] We would like to defer the patch and add implementation, > > > >test case in next cycle. > > > > > > > >> > > > >> +1 > > > >> Also, I think the word SECURITY is too high-level, and if > > > >> specifically you mention here an item for IPSec, perhaps you can > > consider renaming. > > > > > > > >[Tejasree] This item matches security processed packets and not > > > >specific to IPsec. > > > >Will change commit description as follows: > > > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > > > >packets that were security processed. For example, in case of > > > >inline IPsec, it can be used to distinguish plain packets from > > > >IPsec decrypted > > plain packets" > > > >Would that be fine? > > > > > > It would be more clear, yes, thank you, but in this case I suggest > > > to have a field in the spec that you can match on it. > > > For example, is it viable to know if the packet was processed by > > > IPSec and not AES? Maybe you want to have 2 flow with this new item, > > > but still differentiate between the types. > > > > Why not use mark/tag/meta to set this value? > > The application will insert a flow that sends to security and mark the > > flow with some ID then the application can check this ID. >=20 > [Tejasree] SECURITY itself wouldn't make distinction on protocol. > It would be combined with MARK_ID to know if the packet was processed by > IPsec and not AES. >=20 > MARK_ID alone couldn't be used as we wouldn't know if it is plain packet = or > security processed plain packet. >=20 > Rules would be as follows: > Rule #1 > [ETH] [IP] [ESP] [SPI] =1B$B"*=1B(B [SECURITY] [MARK_ID] [END] Rule #2 [S= ECURITY] > [MARK_ID] [ETH] [IP] =1B$B"*=1B(B [QUEUE] [END] >=20 > I don't understand why in rule #1 you can't have the mark value > to also mark the security. > From your patch I understand that security is just one bit > This means that you can say if MSB bit in mark is set then it comes from > security. [Tejasree] We can use MSB of MARK_ID but that would mean we would be reserv= ing it for security. > > > > Best, > > Ori