From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1C925A0A02; Wed, 24 Mar 2021 10:45:56 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 086DD4067B; Wed, 24 Mar 2021 10:45:56 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by mails.dpdk.org (Postfix) with ESMTP id 5334E4014F for ; Wed, 24 Mar 2021 10:45:55 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12O9fbIl005943; Wed, 24 Mar 2021 02:45:54 -0700 Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2175.outbound.protection.outlook.com [104.47.56.175]) by mx0b-0016f401.pphosted.com with ESMTP id 37dgjp46cg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 24 Mar 2021 02:45:54 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=HQFadO/0IyKbQb/c2n9u4xl3iypB8MglHLeYQC0S9tfY8TcxaF52Ra8IfO1wj5C8d88jjkfgo/gCawBQsz6tSJhohEixL3rl3RrEkEunNZxLfHA5oMsNk1GlZKc93/gimzg5AugNalUHaLGRe94bY3/uRxRYuFqFEOC03xypUK0hKhkQWS5zPQUVuoL93i3UN9ucfSqtsqsi11tstTd4KoqrwcnP8QwNQoeCLfnbrDVh3fSnBpFBEIcweqI3CJVA44zQS2P138c3CDPa6an5GJfn5mYvaOZuJgYxz9sa6lgsRVRGi0wuayV1VGqlsxdeJud9zabXbQZKx4uipa8/SQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XAifthnFmAW8FNMUocjIYw9aUigMZ4cCfp0PVRbNXrk=; b=ORIquYEAltv0Q5HNPHJ3MUHGdi9AfdoqKVmlCmiw1TUbLmf7NXRbMjMjMdhfPssF3ccpWiNDzUSny9JTqocD6Pdl1UhgS0jbg+KXxbp93B6o+Vh27AGLWaLOMYrIqpMI5F8xwYgJJbonJ5uLdMbDy9XXygLY8jCO3SGVwZAM193fGuSlRk3Fu4Rb/rxkLG48eFKCZtbaRhag3vHH8z941eeQkd0266deqcdHtW+OXXrjR3qeQbxfGhjI6G8DHrL1zDaAU7fRJDsifPIF9N5XM275C0r1yPDIo6f+c63+W7RcZ3PWSE68E1EoUYJGEU39sv8c4uuNL/JLJVeedNOWeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XAifthnFmAW8FNMUocjIYw9aUigMZ4cCfp0PVRbNXrk=; b=rYeyDaRJAz3KZFY8aUeAjUaD0mvQEDjL6rKKw47ItWPsGRQ7MCKg/vqddvdvdaEXQAXaiesTZyM54wXHMHpnhSQQ14Uo9Fi2yCzW0V+8xaMi3TqMa6Ra/fimoyJG0TJTi2wmIC/37S2bXx25bftVTQIgdF+Fdl93yIarT4uT7DA= Received: from PH0PR18MB3864.namprd18.prod.outlook.com (2603:10b6:510:26::6) by PH0PR18MB3861.namprd18.prod.outlook.com (2603:10b6:510:25::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.24; Wed, 24 Mar 2021 09:45:52 +0000 Received: from PH0PR18MB3864.namprd18.prod.outlook.com ([fe80::ad37:a202:280:7732]) by PH0PR18MB3864.namprd18.prod.outlook.com ([fe80::ad37:a202:280:7732%7]) with mapi id 15.20.3955.027; Wed, 24 Mar 2021 09:45:52 +0000 From: Tejasree Kondoj To: Akhil Goyal , "Ananyev, Konstantin" , "Nicolau, Radu" CC: Anoob Joseph , Ankur Dwivedi , Jerin Jacob Kollanukkaran , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support Thread-Index: AQHXGX8sTZRzF1mvxUSJg1AleBCEEqqLi/MAgAW2woCAAGwaAIAACkgAgAALYYCAACOrgIABBU9g Date: Wed, 24 Mar 2021 09:45:51 +0000 Message-ID: References: <20210315103616.31364-1-ktejasree@marvell.com> <20210315103616.31364-3-ktejasree@marvell.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [49.206.33.187] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9d00c423-99da-4689-38a1-08d8eea99cdb x-ms-traffictypediagnostic: PH0PR18MB3861: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:10000; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: LAIaF+wvwzwQrdMt2vVecXjw4JLmjUsgF/4qg5fZTRIfWMxVlY3loGVfjmFr6/oUTcS6VGuSNe1ZCdMoPemfEW3TuvyPGZGaprJDChrcwgjubNha92ZzOvb5TpFqUsqbD1QN+mHWpE3dxr/WLi9+cwqcRzMim40yYrE08iDM1bKwUx81HfQlABEMOw8m5QtS+bIrha2lTklAvod9sJv7x4n/ZKMX+lN/1iDkeM+4/TT7hHWHIIgJJYDcaUe1MXp96dqt9PrImMMinIZBXiM7rgaz/B4sYl2Y+EcCSMQIIZcJ2mLoweiJ22k7b2pOBdbRnKPbYosxQVUkX6csUPxQJbvhz3AAQfjwqqCNcCgQlmfukSLXDahQUI4ZmIt5c0kxO0GfYihXE5178oO91Nc2EYsUnhcpjMbw/D94e5O+ePGzA2TgR0PtnEaXqcxCsO9SWaYENGKlmtyJxdq00FcuFv6+cpHdjdBNIjzzc7TwBqjlACuIv6tHKCV/nfn7shGFPnRbCr6ljKw86qWcIrmBhxid4T/bdQ1+/qV6iIk6EzHv/RRhfR/QLOxJm1Eno44I3K9qB2PTTfRi7m3LuCXNR5h0as7SBor7XizPdN22vtNOrDKBBVFi1iKhSNUo18BjLiGJEr4/nIknhQmkKwKpMH1AumCIM0wZ1SBAfJKDN/g= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH0PR18MB3864.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(366004)(39860400002)(346002)(396003)(376002)(316002)(53546011)(54906003)(76116006)(86362001)(83380400001)(5660300002)(38100700001)(55236004)(110136005)(7696005)(6506007)(478600001)(66946007)(4326008)(66556008)(52536014)(8936002)(66476007)(9686003)(186003)(2906002)(71200400001)(26005)(66446008)(64756008)(8676002)(55016002)(33656002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?SY5EcTj4mun4qxT0jvqP8axNDn3W+KveqTbrUlYmxO6lsxqBES4brC/0Ake3?= =?us-ascii?Q?z+v0/3u9Gle8JR/tYiZ7kUDUucO2Cz5lFCj5SleevG5RJiEZRVJdatrXHeP1?= =?us-ascii?Q?n3+peNSXhYLUYIzXaJS17UFj+b2nXs5S9hDnQGujiaJprpoibS8NH0VVM9L+?= =?us-ascii?Q?EgQA/yIPAn3lp+CIcsNREIVhkaNV9ob9W9tmKQ3bnVPkJISszImaydxkYtzG?= =?us-ascii?Q?J8vD0yXQim62QXeE3RFfhT7hw4u0rMorCitkMPHd83fXtzIEusX2nS306ERp?= =?us-ascii?Q?CoJGKVLONkhF208bVrBTGIZzhQ/MsePxPu+4WhVGAW6+M8qP1i7YWzj1JRCD?= =?us-ascii?Q?8bwUSHFzduAdqvVWeSdaru66RiAbP/Ubp9JSlr/ynXtgF0HXl58rR5BgvQDY?= =?us-ascii?Q?evSHPvkF+GKpuIr2ks2jL6UeF4BNf5uxAYFt+Y0TtSiCaax8WosyyRzfykEC?= =?us-ascii?Q?dRfc/1HVQOx5RUrwIN47BLO6oXhX0yL0+l/GipOYCvN2PMg4tYZD0SM+xO95?= =?us-ascii?Q?1/f1XLCcNNDlDfNIfAMgWLk7NDp8FI9Ke74dzZUdOafNCL5SZuiUSXWQjiK+?= =?us-ascii?Q?xvM4i0vx4pW76RJ/pXEIDbc4WHOH5IGAIS93JgPWDE+DX6Jr/A1RVODw+8Cr?= =?us-ascii?Q?PVErilInVHNMk+PEO8zTcqg2y1udLPo4p6dkn4ZBKywXl1vOvHo5a1Vx0wNP?= =?us-ascii?Q?3G+YWE1BptsBXYpUMf7d+2jjPWs2eUR86tB6GaD4+h1l8vL3bnNzWJScQqXa?= =?us-ascii?Q?9EbShh9mGyBf8YnBDhiokk4fplNs/IbgLtsmM6Q8yJiaAiJ+HA4GaZQ2brWY?= =?us-ascii?Q?PYzlmOKHtCPkmB167BLc/gxZB7AGlMZncDT0+diyPDBeLrxclqfVZNO9A2o5?= =?us-ascii?Q?3x9ebhuUp2rYDfSzMo21Go54l3BQezQhW7dXvROOfQMWWCPAyRu7PtzYA9wt?= =?us-ascii?Q?wj8xfRXAvFDmp1N+gUVQBLWCHhj7XEGCie2fnXshdBMvPJWyzVt9yvPuD8ep?= =?us-ascii?Q?ES3FSdcuUcbRcs8UaDbYhqhQAFXSDqbXHNnVkM8jA8UHCr6LqNflHzi2+CV3?= =?us-ascii?Q?KrRyCUCtuZZSDFCFER7XqftbCa+hrzU6L9TGr3rePLhQsEbY3wjawyK8Ootx?= =?us-ascii?Q?zCamTKOAbgMepnlC5dB6JNMmeYpebegJyeOYHI3a+JEYqhhIZL4JRoXCQ0GY?= =?us-ascii?Q?2Fd3KvscJTtYROdcL2IXqaw90dzbSL70T5wkyNBZ5VA9n3WEzSx6Hz6iWJbU?= =?us-ascii?Q?6JGmhLvK01qe/zIPiL1NbXpUoZXePsAb+cCNK45HwlnwSs0Bs8sFGbyz6rXr?= =?us-ascii?Q?a1T06gFiV9FXg4D7O/npT0k2?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: PH0PR18MB3864.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9d00c423-99da-4689-38a1-08d8eea99cdb X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Mar 2021 09:45:51.9579 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zPlVDsNlD6geyU0BZxHFNfR5ZMJxSd0vpuhYdEEOUBEDZz9F7CzJ0wi61uE25GwTviLhv3J0ZorAg8ck8WPzxA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR18MB3861 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-24_05:2021-03-24, 2021-03-24 signatures=0 Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Akhil, Konstantin, Please see inline. Thanks Tejasree > -----Original Message----- > From: Akhil Goyal > Sent: Tuesday, March 23, 2021 11:24 PM > To: Ananyev, Konstantin ; Tejasree Kondoj > ; Nicolau, Radu > Cc: Anoob Joseph ; Ankur Dwivedi > ; Jerin Jacob Kollanukkaran ; > dev@dpdk.org > Subject: RE: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP > encapsulation support >=20 > > > > > Hi Konstantin, > > > > > > > > Hi Akhil, > > > > > > > Adding lookaside IPsec UDP encapsulation support for NAT > > > > > > > traversal. > > > > > > > Added --udp-encap option for application to specify if UDP > > > > > > > encapsulation need to be enabled. > > > > > > > Example secgw command with UDP encapsultation enabled: > > > > > > > -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg > > > > > > > --udp-encap > > > > > > > > > > > > Can we have it not as global, but a per SA option? > > > > > > Add new keyword for SA/SP into ipsec-secgw config file, etc. > > > > > > Konstantin > > > > > > > > > > > > > > > > Any specific reason to make udp_encap as per SA? > > > > > UDP encapsulation is a feature which I believe should be > > > > > application > > vide. > > > > > If it supports the feature it should be enabled for all SAs when > > > > > the UDP > > port > > > > > is 4500 which is reserved for it. > > > > > > > > Not sure why it has to be application wide? > > > > Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode > > > > over port > > 0, > > > > and SA2 with udp encap over port 1? > > > > Note that in DPDK librte_security it is per SA option. > > > > > > UDP encapsulation can be done only if the UDP port is 4500 as per > > > the > > specification. > > > Please correct me if I am wrong. So if UDP port is NOT 4500 and > > > udp-encap > > is enabled in the > > > Command line, UDP encapsulation will not work. > > > > I am not asking you so support multiple UDP ports for IPsec encapsulati= on. >=20 > Multiple ports are not required to be supported as per specification. > UDP encapsulation work only on one port i.e. 4500. > By specification, it says, port 4500 is reserved for NAT traversal and if= a > Packet has this port, then it has to be processed accordingly. >=20 > > What I am saying: it should be possible to use SAs with UDP > > encapsulation along with SAs without (plain tunnel/transport mode). >=20 > Yes it is possible with the current patch. > If a packet has a UDP port =3D 4500 then it is UDP encapsulated otherwise= it is > not. > Hence, a packet with UDP port other than 4500 will work as it is working > without --udp-encap param. >=20 > > As I understand with your patch it is not possible: if user specified > > --udp- encap all SAs (on all crypto-devs) will be treated as UDP > > encapsulated. >=20 > Just to correct this statement. >=20 > If user specified --udp-encap all SAs (on all crypto-devs) will be treate= d as > UDP encapsulated if and only if the UDP port =3D 4500 and not otherwise. >=20 > I hope this statement clears your concern and it makes more sense to make= it > application vide, just like esn and anti-replay. >=20 [Tejasree] Just realized that all SAs are treated as UDP encapsulated=20 if the packet type is other than UDP. Will add per SA support. Concern with per SA support: we cannot have "udp_encap=3D=3D1" check in the= prepare_one_packet() function as SA info is not available at that time and plain UDP packets wit= h port 4500 are treated as IPsec and results could be unpredictable. > Regards, > Akhil