From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 7680AA04B1; Thu, 24 Sep 2020 07:30:50 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0C0661DD1A; Thu, 24 Sep 2020 07:30:50 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 1C6111DD16 for ; Thu, 24 Sep 2020 07:30:47 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08O5PtoV001602; Wed, 23 Sep 2020 22:30:47 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0220; bh=rcSpDwSdHwtJAhoOSRJPUVuKOnoAkj9U+rd/ScaQ5ys=; b=LCE+3WmaFdEfjmW75wZp1aKXS6RCKPJKE7JoO0WJMa0GiJgSpPBskit4PI7mS8LsiI8t 54ZT5a/+XwsWTfhioaprv+LCApnZw6xTpNLaM5+Svum4mJO0XRpa1/bdadHrZ7TAt9tf JCzZ8mRdDG9tsxDRfEoQma5A4aca4f1RnLjnQ/v5IwQyZ3715moN/ME714jTHfbQUyJv 0OlpV8ofJmYyRM1uCvO/clQyavd/55xic3neoqLogWzeAd1VCNt6EiAucO/ZZ5PhxiKH K10xSfJ8AFYDkfjkTIBvy/VGicpV9E+wujmkvySdDwjz7Jzamk77bZDfjTirq8iQGzpw cA== Received: from sc-exch02.marvell.com ([199.233.58.182]) by mx0a-0016f401.pphosted.com with ESMTP id 33nfbq2qa9-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 23 Sep 2020 22:30:47 -0700 Received: from SC-EXCH03.marvell.com (10.93.176.83) by SC-EXCH02.marvell.com (10.93.176.82) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 23 Sep 2020 22:30:46 -0700 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (104.47.55.168) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Wed, 23 Sep 2020 22:30:46 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B0+0zG1jE7srYYZO8hNc92li04a7T3djgXerEMtnwjkldbM8MVODUBgLNZSIGHwSNc1ENdB/UYOJoQEs74OTds3X0refa/vlyzVsKqEeR6b+AnZxL4bGoZxxjcVaQBCwbf+vbXnEhLemAQUwYjPYKT7/LFyzmvLrUXmM5ec5dxLEtx8HZkDEILR5HXXxhAcwBptbRB9tJRCvknMSUnifaiL4/4BU80h51xuZ6hMoGpGENSnjI5jLtnzyCfdjaOYPZJorBTLQasRw59rXxUhprLNWsIWnVODL3KrR4zD7FpEcWesLzYsk1IzAPKm7mYxdnWy1MkKchv17npF9yqt8Qw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rcSpDwSdHwtJAhoOSRJPUVuKOnoAkj9U+rd/ScaQ5ys=; b=SeZOtKJKoLmcz79Hu7XKqV7TP63x1PRNmF6HMBHNO4Pns2q2g3r+gDFF6+szMwM70ELxmh8P25uFhQgzxdPVUq3apfdddMONJl2CxUMdePFcPNMqEjYJ5L6O2/rxLObSn9kdvYbdsJvQR+SOeUuVLn2V58dfODYvCJLfPObdojh8e+BdZKvsuAZRdrnbAmavP3ttk5VViBfOqcNcmXN3krDhc6Xb+Fq8YUKdbc2WevaQy5mpFEi7EmNNtm5jm53kkD4Ay3nV/k2NXHET3e608C+K9PhcKXHrWVbWXv7a5SSB12jeVAzDGgD7TouT5ctqSHCieW8Z7ZczzhiS00SRHw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rcSpDwSdHwtJAhoOSRJPUVuKOnoAkj9U+rd/ScaQ5ys=; b=IDYWKGhX8lBkBRZQbCozDH0QpYgRed/1+7q0Xo3/QaZlgXplk5Kk8YLF75J0gXg61HWPHKPdTePAsMgQLlJYH+4TVsI1PDrtQfMT16geAiSjJ+t63PLNky33VhLSkk/QDED7iQOkeOMezU8+84OsHidaLrs2kyGHhKO0EdXkay4= Received: from MWHPR18MB1104.namprd18.prod.outlook.com (2603:10b6:300:a5::19) by MWHPR18MB1246.namprd18.prod.outlook.com (2603:10b6:320:2b::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.11; Thu, 24 Sep 2020 05:30:43 +0000 Received: from MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b]) by MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b%7]) with mapi id 15.20.3391.027; Thu, 24 Sep 2020 05:30:43 +0000 From: Tejasree Kondoj To: Ori Kam , Asaf Penso , "Stephen Hemminger" CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWjNZf0TBFrI4k8kC8OuGRv6Hd3alyykWAgAB/IACAAQdmgIAADNnwgABcHfCAAZiiAIAA8huA Date: Thu, 24 Sep 2020 05:30:43 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [49.206.51.234] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c1d2c270-f66c-4b9d-1fd2-08d8604afb48 x-ms-traffictypediagnostic: MWHPR18MB1246: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ldeMEgjrib1But16mukxlXocRTmlFiigEW7ie09kiNvU/yAhzNKTb3Yr8FZQHzsRT3azCJW/ddLIu6sr7y1zSN4igmLSL0Wsu8uPv1hxYCLV1dMYsRB3NVkVHS/xZzMcfv43/IYUy8XJMwysc/gJ0k5QeQwK8pQv99cnT43WDEWvPmA8Hqpo3RCskW6JLTsUj6f002juAdmBBexik1wWmSCqYBqEr6txi51/BdSJtfJMDhCpwCKZKRtG432ecQq4JrKiABTx01xqoppuaFJR5etgmB/pQ258LQpS8v44gp4DVleEMHtcKt0U2USVBtdks/Hm6rqgjHXBw7IvTVzi2RNAv3Icy2WPXpp4Rb0HlgXEW0v0awWbDKYnvPlwaFhv x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR18MB1104.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(376002)(346002)(396003)(39860400002)(366004)(136003)(2906002)(478600001)(8676002)(5660300002)(15650500001)(316002)(26005)(55016002)(86362001)(110136005)(54906003)(6506007)(53546011)(186003)(8936002)(4326008)(9686003)(7696005)(83380400001)(55236004)(66476007)(7416002)(66556008)(33656002)(66446008)(71200400001)(66946007)(52536014)(76116006)(64756008); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: UFakPRgtZc1leAmRl4/I9/9IuyQluDD+sDZ07xVtJ2DFiv483hjABpTa74qUNulvB1uQGDjdKBy7Qdaq2b5XHSeRrfQ6BKTR+mZdZZIVYFibXeDZ5btm6un3NWyNlddncFgwtbxLCOyeqw8QG56nGkR2EL+IniIs/XzxHx5c3FGrV0PFaM4SOcvfEg3h22QrFQ3PV6+QSgQC11y0fTrC2P3JjW+HF8KnBDj18equWqTewtBXhuy8gd+vtiT5ac0z8Di5Ov2FuF4hhqg73lCAZGbANfJ4WRLP5f/JJwO92TLAoB6JnsNRpM62fJELxH47nGP4hminPdu8Tx+Ug9YRvO2M1nkSpJfEbpQOw9nAlrCEmrF/xvJXTUzzWFC7gI2P8VB1P+2zCRfWl/Wzvd25oUIZJ4zpguK20Laz2hK5iZE/aM4vDN8H1jLonV3zF4B7xrkjioG7/C0GY69magmMX0VqTNIJKjhFgDQAZ5ErShW9MaRwXHIxmQWjP/fS6oO1CWYcKmEREXURi7DEh1yLsr+TsI93pTPyt0v5hHWGolTw1Un5ONDZHK5ImoLTzKJWE6scKoHVWAzLJ/RmPDDsIoxlLpmiYtpjE67Eqbent7YBZFlnfWC23cwHZZCpcvomcxBWrEahpJwAdLXjg7QYSg== Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR18MB1104.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: c1d2c270-f66c-4b9d-1fd2-08d8604afb48 X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Sep 2020 05:30:43.0290 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: TmyL9yMm19cE0UDj7Rf9C3UMN/p78/k12/4adSqlhEBhkrho5Pf7+6UgiplPD1Xvsj0glLPiPRNHOJiOMBq/wg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR18MB1246 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-24_02:2020-09-24, 2020-09-24 signatures=0 Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Thanks, Tejasree > -----Original Message----- > From: Ori Kam > Sent: Wednesday, September 23, 2020 8:00 PM > To: Tejasree Kondoj ; Asaf Penso > ; Stephen Hemminger > Cc: Akhil Goyal ; Radu Nicolau > ; Declan Doherty ; > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > ; Andrew Rybchenko > ; Jerin Jacob Kollanukkaran > ; Narayana Prasad Raju Athreya > ; Anoob Joseph ; > dev@dpdk.org > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 > External Email >=20 > ---------------------------------------------------------------------- > Hi >=20 > > -----Original Message----- > > From: Tejasree Kondoj > > Sent: Tuesday, September 22, 2020 5:18 PM > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > Hi Ori, > > > > Please see inline. > > > > Thanks, > > Tejasree > > > > > -----Original Message----- > > > From: Tejasree Kondoj > > > Sent: Tuesday, September 22, 2020 2:37 PM > > > To: Ori Kam ; Asaf Penso ; > > > Stephen Hemminger > > > Cc: Akhil Goyal ; Radu Nicolau > > > ; Declan Doherty ; > > > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > > ; Andrew Rybchenko > > > ; Jerin Jacob Kollanukkaran > > > ; Narayana Prasad Raju Athreya > > > ; Anoob Joseph ; > > > dev@dpdk.org > > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > Please see inline. > > > > > > Thanks > > > Tejasree > > > > > > > -----Original Message----- > > > > From: Ori Kam > > > > Sent: Tuesday, September 22, 2020 1:22 PM > > > > To: Asaf Penso ; Tejasree Kondoj > > > > ; Stephen Hemminger > > > > > > > > Cc: Akhil Goyal ; Radu Nicolau > > > > ; Declan Doherty > > > > ; NBU-Contact-Thomas Monjalon > > > > ; Ferruh Yigit ; > > > > Andrew Rybchenko ; Jerin Jacob > > > > Kollanukkaran ; Narayana Prasad Raju Athreya > > > > ; Anoob Joseph ; > > > > dev@dpdk.org > > > > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow > > > > item > > > > > > > > External Email > > > > > > > > ------------------------------------------------------------------ > > > > ---- > > > > Hi > > > > > -----Original Message----- > > > > > From: Asaf Penso > > > > > Sent: Monday, September 21, 2020 7:09 PM > > > > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > > > > > > > > > > > > Regards, > > > > > Asaf Penso > > > > > > > > > > >-----Original Message----- > > > > > >From: Tejasree Kondoj > > > > > >Sent: Monday, September 21, 2020 11:59 AM > > > > > >To: Asaf Penso ; Stephen Hemminger > > > > > > > > > > > >Cc: Akhil Goyal ; Radu Nicolau > > > > > >; Declan Doherty > > > > > >; Ori Kam ; > > > > > >NBU-Contact-Thomas Monjalon ; Ferruh > Yigit > > > > > >; Andrew Rybchenko > > > > > >; Jerin Jacob Kollanukkaran > > > > > >; Narayana Prasad Raju Athreya > > > > > >; Anoob Joseph ; > > > > > >dev@dpdk.org > > > > > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > > > > >Please see inline. > > > > > > > > > > > >Thanks > > > > > >Tejasree > > > > > > > > > > > >> -----Original Message----- > > > > > >> From: Asaf Penso > > > > > >> Sent: Thursday, September 17, 2020 3:09 PM > > > > > >> To: Stephen Hemminger ; > Tejasree > > > > > >Kondoj > > > > > >> > > > > > >> Cc: Akhil Goyal ; Radu Nicolau > > > > > >> ; Declan Doherty > > > > > >> ; Ori Kam ; > > > > > >> NBU-Contact-Thomas Monjalon ; Ferruh > > > > > >> Yigit ; Andrew Rybchenko > > > > > >> ; Jerin Jacob Kollanukkaran > > > > > >> ; Narayana Prasad Raju Athreya > > > > > >> ; Anoob Joseph ; > > > > > >> dev@dpdk.org > > > > > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security > > > > > >> flow item > > > > > >> > > > > > >> External Email > > > > > >> > > > > > >> ------------------------------------------------------------- > > > > > >> ---- > > > > > >> -- > > > > > >> --- > > > > > >> >-----Original Message----- > > > > > >> >From: dev On Behalf Of Stephen > > > > Hemminger > > > > > >> >Sent: Thursday, September 10, 2020 7:46 PM > > > > > >> >To: Tejasree Kondoj > > > > > >> >Cc: Akhil Goyal ; Radu Nicolau > > > > > >> >; Declan Doherty > > > > > >> >; Ori Kam ; > > > > > >> >NBU-Contact-Thomas Monjalon ; Ferruh > > > Yigit > > > > > >> >; Andrew Rybchenko > > > > > >> >; Jerin Jacob > > > > > >> >; Narayana Prasad > > > > > >> >; Anoob Joseph > ; > > > > > >> >dev@dpdk.org > > > > > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow > > > > > >> >item > > > > > >> > > > > > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 Tejasree Kondoj > > > > > >> > wrote: > > > > > >> > > > > > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > > > > >> distinguish > > > > > >> >> plain packets from IPsec decrypted plain packets. > > > > > >> >> > > > > > >> >> Signed-off-by: Tejasree Kondoj > > > > > >> > > > > > > >> >Please provide an implementation, API's without any driver > > > > > >> >support should not be accepted. > > > > > >> > > > > > > >> >Also, we need a test for this. > > > > > > > > > > > >[Tejasree] We would like to defer the patch and add > > > > > >implementation, test case in next cycle. > > > > > > > > > > > >> > > > > > >> +1 > > > > > >> Also, I think the word SECURITY is too high-level, and if > > > > > >> specifically you mention here an item for IPSec, perhaps you > > > > > >> can > > > > consider renaming. > > > > > > > > > > > >[Tejasree] This item matches security processed packets and not > > > > > >specific to IPsec. > > > > > >Will change commit description as follows: > > > > > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > > > > >match packets that were security processed. For example, in > > > > > >case of inline IPsec, it can be used to distinguish plain > > > > > >packets from IPsec decrypted > > > > plain packets" > > > > > >Would that be fine? > > > > > > > > > > It would be more clear, yes, thank you, but in this case I > > > > > suggest to have a field in the spec that you can match on it. > > > > > For example, is it viable to know if the packet was processed by > > > > > IPSec and not AES? Maybe you want to have 2 flow with this new > > > > > item, but still differentiate between the types. > > > > > > > > Why not use mark/tag/meta to set this value? > > > > The application will insert a flow that sends to security and mark > > > > the flow with some ID then the application can check this ID. > > > > > > [Tejasree] SECURITY itself wouldn't make distinction on protocol. > > > It would be combined with MARK_ID to know if the packet was > > > processed by IPsec and not AES. > > > > > > MARK_ID alone couldn't be used as we wouldn't know if it is plain > > > packet or security processed plain packet. > > > > > > Rules would be as follows: > > > Rule #1 > > > [ETH] [IP] [ESP] [SPI] =1B$B"*=1B(B [SECURITY] [MARK_ID] [END] Rule #= 2 > > > [SECURITY] [MARK_ID] [ETH] [IP] =1B$B"*=1B(B [QUEUE] [END] > > > > > > I don't understand why in rule #1 you can't have the mark value to > > > also mark the security. > > > From your patch I understand that security is just one bit This > > > means that you can say if MSB bit in mark is set then it comes from > > > security. > > > > [Tejasree] We can use MSB of MARK_ID but that would mean we would be > > reserving it for security. > > > [Ori] but why does the PMD needs it? the application know what it needs s= o > it can use it, It is the application decision to send to the security rig= ht? So it > knows what values to set. >=20 > Also the application can use tag or any other data item. >=20 [Tejasree] PMD needs it to establish connection between security and final = action to be done (queue for example). =20 First rule works on the outer packet where the inner packet would be hidden= by the protocol (like encrypted payload in IPsec) and the second rule will= act on the de-capsulated packet. So the packets itself are different and w= e cannot have one rule. In IPsec it is valid (and a very trivial usage) to have one outer flow con= stitute multiple inner flows. Without this, application will not be able to= configure hardware to treat inner flows differently. >=20 >=20 > > > > > > > > Best, > > > > Ori