From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 40AE7A04E1; Tue, 22 Sep 2020 11:07:34 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 263011DB7D; Tue, 22 Sep 2020 11:07:34 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 149C21DB75 for ; Tue, 22 Sep 2020 11:07:31 +0200 (CEST) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 08M96Mba003452; Tue, 22 Sep 2020 02:07:31 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0220; bh=UcwPOClT7Vo8tbopCkfSl9ZAVzc+8cZ5vlyr1ngPRps=; b=Bgz1KZ0WZgFZTzZQluM9ADZUAFW/LSgwUE3O4H3MXfjOfukWBxlXys35jOaNcQ6tmGG5 QKXUXYBtm4dC5u5GxA7a1ut/qPciR8/tALE0C8Mryi+JiiPDN0I4YvnnL4Oc58k1hpeB 3MC4xqPdH7wJBGejE1oKeFmbzLfjB6VtUOrTpwPBuN3Fn4YHyz4FsqzLTZnNBKpiHaN7 +k3MBoqA3yIpftL9STu0LzKELx7H9pPVIJRqJrRYpLhq+Ls9pLJyp8/kDoSoaFMXNkpt qt/z1zDcj7sqQXMOt7BOfWdt+c30hARDRZd/armcqcmKmPaLqf2kILmgykKn5b6VyuHF Hw== Received: from sc-exch03.marvell.com ([199.233.58.183]) by mx0b-0016f401.pphosted.com with ESMTP id 33nhgn9f2k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 22 Sep 2020 02:07:31 -0700 Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH03.marvell.com (10.93.176.83) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 02:07:29 -0700 Received: from SC-EXCH01.marvell.com (10.93.176.81) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 22 Sep 2020 02:07:29 -0700 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (104.47.36.53) by SC-EXCH01.marvell.com (10.93.176.81) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 22 Sep 2020 02:07:29 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SYohszxMIK2DFQlo7eYE5nF045xsuY9rkqYN0qoCRuZl/gEkV6Fna2hU6mZTiMtb0y/gNommABRJPDgMisSiXw62miUraqDHh1axqDvQHQTBQUlZ8kb9bRnA2YCZFPVDQ4r911A2AumvuK0NVrpguqynAo/7t84BfzQdtacglA67xXmPsEojbyJg6UExLQb9ZjKZgBLVtW4NOOcblCDaihcA3rOBf0HtaL4QXKftr8QC4CtPYNPIQiXMVPQNTxjkLOnCBTUPCH+TUb7zHQn/Ccqa0/ePtMqdXYacIrDwo8owiQPGRXw0HGj5DWZ4NoLK2Gev+tqqCPhQXJ00YxzTdg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UcwPOClT7Vo8tbopCkfSl9ZAVzc+8cZ5vlyr1ngPRps=; b=GKuh57yCl8cZXOfPwKuDCK63GNtzGSvkifd3ga30nS6gCt54fxNMq0hz2+zP7uGbvP8sOiZJA/AzoF1UvJwIyyFMrAb/8awIggCm0/tQEDhnlXd1it9pRtYnBlzCJ/Fj5025QAaa8v0avCVjhl8/k881hOichsIuGIvMYJtdb4oheA87gviZKi9sOCopZBrBwZVP7kNAyjrbPgzNHrKRNp+WJHv6wBibqXMd8NDdDipF6AltdpxQJy7AkoarCHtSLeDDnJQlzaI29blLS55vOHXSbVqKRZ4zRMPTWF2sXNxwO25BhiBPdat8c2eeBAvDTk5COAAkFleuH5XF92Zckg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UcwPOClT7Vo8tbopCkfSl9ZAVzc+8cZ5vlyr1ngPRps=; b=KNMCXcAEedevpaQT42GDzctJw6wNeVxHWgcB3F2j0lVPPJ3zgG+ekhxfq6tCKWOcPi+wCNn7sHenmFv9uvS48TmH8NratNieYKhrNAqlI/1iqs7+cMi5D/9bT3IELfG4yZQK3oATWes7u01hQea+gOo7Y7EiI5bZW7HqxG4cmV4= Received: from MWHPR18MB1104.namprd18.prod.outlook.com (2603:10b6:300:a5::19) by MW3PR18MB3465.namprd18.prod.outlook.com (2603:10b6:303:5f::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3391.14; Tue, 22 Sep 2020 09:07:26 +0000 Received: from MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b]) by MWHPR18MB1104.namprd18.prod.outlook.com ([fe80::2920:4b19:fd68:c93b%7]) with mapi id 15.20.3391.027; Tue, 22 Sep 2020 09:07:26 +0000 From: Tejasree Kondoj To: Ori Kam , Asaf Penso , "Stephen Hemminger" CC: Akhil Goyal , Radu Nicolau , Declan Doherty , NBU-Contact-Thomas Monjalon , Ferruh Yigit , "Andrew Rybchenko" , Jerin Jacob Kollanukkaran , Narayana Prasad Raju Athreya , Anoob Joseph , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH] ethdev: add security flow item Thread-Index: AQHWjNZf0TBFrI4k8kC8OuGRv6Hd3alyykWAgAB/IACAAQdmgIAADNnw Date: Tue, 22 Sep 2020 09:07:26 +0000 Message-ID: References: <20200910164441.7245-1-ktejasree@marvell.com> <20200910094558.0398145b@hermes.lan> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=marvell.com; x-originating-ip: [49.206.51.234] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: f79a78a7-ce16-45de-58bf-08d85ed6ed08 x-ms-traffictypediagnostic: MW3PR18MB3465: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: pOTcZOvnOizdeHjyP4LVNmAxJ8g098+cOZ25lS9Iri2lBZVwcHV7Ljg/J46dpuwhO4MRsSADGUwfvqB/kkYaTaXtlW3x3ZJuJ7d6pZYvPQ1tzysXOFH2lb/yOFSAKlxicwAmE4ZlplB+7oZW2WFiccny1SzEFaqwNh/5qXL4u4TvpBSROp6JlwI50S09BBdfIOL0SocrHQvAgmCFWij8F9GMPskp6xM51nPjLHn8lEcWGU9P8RcBS/K1MuPGDWK8p9aXdxjeqRIsp5C2WBSBfQebHWkIG+p4ICH7ZSk+1ViDC0EmnTjbAF6IAKCBiFG8lsjM/99lAXr9qZ9dKHadFA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MWHPR18MB1104.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(376002)(396003)(136003)(39860400002)(366004)(15650500001)(186003)(316002)(6506007)(55016002)(53546011)(7416002)(2906002)(26005)(64756008)(66446008)(5660300002)(66556008)(66946007)(55236004)(54906003)(76116006)(83380400001)(110136005)(4326008)(66476007)(33656002)(86362001)(52536014)(8676002)(478600001)(9686003)(71200400001)(7696005)(8936002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: 8Ox6K8VWf46FMhoFG/1rGplE2gUM4adsxkGY9fESTq0zXlPilE2sgtHN7gvjUTnFD6ayF06dtyN4Kko70YKYmZ2RN60CLfpJXZip2YQ3Vfkvd4FlXkuXdvmoOMaNvs0vZZFKecC8jVteZRsmYgxQFbxYDX2H+kY9uTdE8vtkwaeBZ5RQ4T6XfucEcV762m669rmHLIAwcJjE5iHTx21vPidqXiUmvHsk1eeGHWDMJPT5coR+0+Um4UjAHXWFBic/M5hkF7VDWzv8hcTLwHkpzv0+mCqwFm/j+fIOsr0HM0snl7yAm30gVb3+tBGiMIDeYt2pxw7MnYBNZTuaKrpW8sXU8+8n+z6AjBAbPE3L30r8Sk1gVWla8hXQbBk2AIg6seDlUu7u4BqXCsjeka6hlrARC6E4JxGntuD52cc90qIVaEzUeKuv38gKL9evewWyCaa7c3eLyftBWu5ZA8eLat5l2Ys3ouXyh2VH3xecr4EmmFZjXByKODrzQdoyAoWUpmb4DmvGo7FJ6DcK5Zb0QoKaHY7zu6oGqqJBqIRUh3PqN9qdv7ZMllKPD771xPlrnLwt8XgT1gpFMiCzWogknfjxKd3HE82ORqc44EQ7kTK0Mg5Q1DXXCAH5QTdufESWztk8KgthRglupRi5hznNhA== Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: MWHPR18MB1104.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: f79a78a7-ce16-45de-58bf-08d85ed6ed08 X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Sep 2020 09:07:26.3145 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: fxwMuZxjFJYk58dkiFXD8n618eQIV09K4hotGTQXfCskvyd7x4F+nldOd43I3zDVKnrIMSoswFt/vDGYjqWZbA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW3PR18MB3465 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.235, 18.0.687 definitions=2020-09-22_06:2020-09-21, 2020-09-22 signatures=0 Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Please see inline. Thanks Tejasree > -----Original Message----- > From: Ori Kam > Sent: Tuesday, September 22, 2020 1:22 PM > To: Asaf Penso ; Tejasree Kondoj > ; Stephen Hemminger > > Cc: Akhil Goyal ; Radu Nicolau > ; Declan Doherty ; > NBU-Contact-Thomas Monjalon ; Ferruh Yigit > ; Andrew Rybchenko > ; Jerin Jacob Kollanukkaran > ; Narayana Prasad Raju Athreya > ; Anoob Joseph ; > dev@dpdk.org > Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item >=20 > External Email >=20 > ---------------------------------------------------------------------- > Hi > > -----Original Message----- > > From: Asaf Penso > > Sent: Monday, September 21, 2020 7:09 PM > > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > > > > Regards, > > Asaf Penso > > > > >-----Original Message----- > > >From: Tejasree Kondoj > > >Sent: Monday, September 21, 2020 11:59 AM > > >To: Asaf Penso ; Stephen Hemminger > > > > > >Cc: Akhil Goyal ; Radu Nicolau > > >; Declan Doherty ; > > >Ori Kam ; NBU-Contact-Thomas Monjalon > > >; Ferruh Yigit ; Andrew > > >Rybchenko ; Jerin Jacob Kollanukkaran > > >; Narayana Prasad Raju Athreya > > >; Anoob Joseph ; > > >dev@dpdk.org > > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > > >Please see inline. > > > > > >Thanks > > >Tejasree > > > > > >> -----Original Message----- > > >> From: Asaf Penso > > >> Sent: Thursday, September 17, 2020 3:09 PM > > >> To: Stephen Hemminger ; Tejasree > > >Kondoj > > >> > > >> Cc: Akhil Goyal ; Radu Nicolau > > >> ; Declan Doherty > > >> ; Ori Kam ; > > >> NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > >> ; Andrew Rybchenko > > >> ; Jerin Jacob Kollanukkaran > > >> ; Narayana Prasad Raju Athreya > > >> ; Anoob Joseph ; > > >> dev@dpdk.org > > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow > > >> item > > >> > > >> External Email > > >> > > >> ------------------------------------------------------------------- > > >> --- > > >> >-----Original Message----- > > >> >From: dev On Behalf Of Stephen > Hemminger > > >> >Sent: Thursday, September 10, 2020 7:46 PM > > >> >To: Tejasree Kondoj > > >> >Cc: Akhil Goyal ; Radu Nicolau > > >> >; Declan Doherty > > >> >; Ori Kam ; > > >> >NBU-Contact-Thomas Monjalon ; Ferruh Yigit > > >> >; Andrew Rybchenko > > >> >; Jerin Jacob ; > > >> >Narayana Prasad ; Anoob Joseph > > >> >; dev@dpdk.org > > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > > >> > > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 Tejasree Kondoj > > >> > wrote: > > >> > > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > > >> distinguish > > >> >> plain packets from IPsec decrypted plain packets. > > >> >> > > >> >> Signed-off-by: Tejasree Kondoj > > >> > > > >> >Please provide an implementation, API's without any driver support > > >> >should not be accepted. > > >> > > > >> >Also, we need a test for this. > > > > > >[Tejasree] We would like to defer the patch and add implementation, > > >test case in next cycle. > > > > > >> > > >> +1 > > >> Also, I think the word SECURITY is too high-level, and if > > >> specifically you mention here an item for IPSec, perhaps you can > consider renaming. > > > > > >[Tejasree] This item matches security processed packets and not > > >specific to IPsec. > > >Will change commit description as follows: > > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > > >packets that were security processed. For example, in case of inline > > >IPsec, it can be used to distinguish plain packets from IPsec decrypte= d > plain packets" > > >Would that be fine? > > > > It would be more clear, yes, thank you, but in this case I suggest to > > have a field in the spec that you can match on it. > > For example, is it viable to know if the packet was processed by IPSec > > and not AES? Maybe you want to have 2 flow with this new item, but > > still differentiate between the types. >=20 > Why not use mark/tag/meta to set this value? > The application will insert a flow that sends to security and mark the fl= ow > with some ID then the application can check this ID. [Tejasree] SECURITY itself wouldn't make distinction on protocol. It would be combined with MARK_ID to know if the packet was processed by IPsec and not AES. MARK_ID alone couldn't be used as we wouldn't know if it is plain packet or security processed plain packet. Rules would be as follows: Rule #1 [ETH] [IP] [ESP] [SPI] =1B$B"*=1B(B [SECURITY] [MARK_ID] [END] Rule #2=20 [SECURITY] [MARK_ID] [ETH] [IP] =1B$B"*=1B(B [QUEUE] [END] >=20 > Best, > Ori