From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from NAM02-CY1-obe.outbound.protection.outlook.com (mail-cys01nam02on0081.outbound.protection.outlook.com [104.47.37.81]) by dpdk.org (Postfix) with ESMTP id F31FD1B38B for ; Mon, 13 Nov 2017 20:25:10 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=CAVIUMNETWORKS.onmicrosoft.com; s=selector1-cavium-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6U8gMjGLNs4JL6mA8DPD7d6aNbHeCXLYx7j4n28NcUQ=; b=kxfF3NpMojom/tOj/hjJX48/ettaiAcKUW5/bfQG8BCroHXHnH6nlOpOEACG0T6jR0uTU01s/gjsMtZSTk/g6RrXf7HnEhwjQuXzK2LQvAjfmJf6ZoddHhjq26K0EBMHcR//jUCtEgMIqbtDdweKH7VBG8cqnDQ3LJOMNeSAC/w= Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=Anoob.Joseph@cavium.com; Received: from [192.168.0.108] (183.82.140.80) by MWHPR0701MB3643.namprd07.prod.outlook.com (2603:10b6:301:7d::36) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.197.13; Mon, 13 Nov 2017 19:25:06 +0000 To: Radu Nicolau , Anoob Joseph , Akhil Goyal , Declan Doherty , Sergio Gonzalez Monroy Cc: narayanaprasad.athreya@cavium.com, jerin.jacobkollanukkaran@cavium.com, dev@dpdk.org References: <1510589635-8868-1-git-send-email-anoob.joseph@cavium.com> <4fa0314b-a402-6588-621a-9374d3b90fa4@intel.com> From: Anoob Joseph Message-ID: Date: Tue, 14 Nov 2017 00:54:52 +0530 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 In-Reply-To: <4fa0314b-a402-6588-621a-9374d3b90fa4@intel.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Content-Language: en-US X-Originating-IP: [183.82.140.80] X-ClientProxiedBy: HK2PR02CA0183.apcprd02.prod.outlook.com (2603:1096:201:21::19) To MWHPR0701MB3643.namprd07.prod.outlook.com (2603:10b6:301:7d::36) X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 02ecc30f-184c-4406-088f-08d52acc40dc X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(4534020)(4602075)(4627115)(201703031133081)(201702281549075)(2017052603258); SRVR:MWHPR0701MB3643; X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3643; 3:mIvhfUdERAWMa6DHO5ErtNR7xp8V5rjKaMCR48Atly338sh+K5bLNpVxy0OQHJLrXqgZrowD9YSRxnEL4bWzFL61ymW8sIyzzGXr5AMNJ+r9dpsEqKm4g+7z9zwxOi7/yWpooJTqa0Fb9kY8haxlqAxcsgrURJo+EnSUkNdzfPJyIlND1H2CjsPDS/lVrV3PbBnbCSWh+Teo3/uMXZhIQCNoBJAMALkP825kHbE4S4inUpGp74tfyaiDTliqE0vs; 25:TadqUvc6YMQ+dTQ9apLknYb+ah98LWfxB8Z08MsrGZPemdUg+tgV59UjZzIkrwE6i5ghbFXumft8OMjrHYxMdLaYwer7Ywu2Bt8vdw3uNEwhI/H80idEQxMByKuQL8v3gFMfHpI+L+UTVJzEj9BEUd070BjK5UWvdGq3VKN0dy/ww5Bv7qF7mknYF2zEWhyW/Ep4hUAjA9Xpd881HF9pOquh396OfciT1TeqVpCPr04eMlUWZm+F3TNKNYNCtOn8JyNlx86779pkxj2WeqLv0PF1zYxrIeS/YvhexrZgVPkin+9NdA4BWVHtxtQG93+DjfRcrxkbdhsCcPisVRrMaQ==; 31:AkBrYhYkpuJkXiZWXvJNZTMD8B7Nq9A09v+FBTA/RK6TCt5NypG8+kmJ2+Xf41TaU4k30i4Oms2ceMYUwOVWZQxQn3EpsrrdyI6XuwjBqT7pg0xklBKBmdmAoy/s3LaLMB7qW2HTM7+7GfWcxZFKx+B9MIGkg2pvxjMAkheF+0kkNaRhPsmn9so8fxqZg4F9cB3e6n7B9K/68yF6mREk1F0gScvtiekaD7186b2zRWs= X-MS-TrafficTypeDiagnostic: MWHPR0701MB3643: X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3643; 20:zFM0mQ9nmPq8n1YZNAdf0u8WET8Dv57Fk5cfVoyMn5iRX3ZAfOu6wmQiZNLGYTKouFnERvi80flHf6r4B93OrQYQesUW5FjibYB4ObnTAlP1Uk/SsVcsrcmLDlb0b0Z9Qte17UHTzbIaWtYid5E0yN2WP5ZEtznELGWaIoI+hOzevxPE7H6Iav+PHuStybuCzH3fNUJa2FRu1HtMK2clTGQWZoS+Pesp0yLevfR2HYVLYPCkWOHNuqQB4tcX5n86eI/0E0OczW+oKGTncqVZVbwbBeC6r9X16hxOWFOns5X7n5FHOjwISKsH6qcnPeRSmyROReR1kQprBLAojhlOcUI7Z0ta4mYYnQ0wtEC8dF2qD6FAAs9tsdagpZD5hMuo6CQwYmYuYYviT9vOKjayBOmGgonMIGz6uXhyFDOxT8LhKrMzKzazrjC3KHW8t9SxSiJ3mp6ni/xGxw6OAHw3Kaj+ZxwSYdvYt29srC7XCtspvCSBTlYmBMcRx8yGgmzXv7wLdkN4U1gplz6jL/v0zEj1U0XhD8bmowG+lNvyAajwhfeqOr4xzqS+IPOioApJgzIYGyH7/ZUTHwyynZhmma/pjz4o2+EA+29+AmfkgDY=; 4:pbl5a+2YVzoiRJGdPNTpWeAdiWLaOaC+JfRoKqZSAcMR1PKAGj22tfkaXBhst0J4dJviMs0YMZ1RSsHqNV6AoK8AG3WRrSOUrTIIJCMLnorJUinWpkMXfevviW9NhIsXGft0U0R5SjaoQv7+zvxYkpaXkzzC23TFLIsC1LQmkR2jYDRrkotmpOGqpWdZVynyehJ4HPiesPORpzhXhEj7xORM5AKG4XSHR8CJ63kSMLLI/rQUaqDtyqPW0uxiTibdmRAAwqJU18sRu2goH+3U4NbB0nRIi4T2Lb/5FvZc33qWa4jI/yXCpoqk5ZAveFOT X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(8121501046)(5005006)(10201501046)(3231022)(93006095)(3002001)(100000703101)(100105400095)(6041248)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095); SRVR:MWHPR0701MB3643; BCL:0; PCL:0; RULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095); SRVR:MWHPR0701MB3643; X-Forefront-PRVS: 0490BBA1F0 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10009020)(6049001)(6009001)(376002)(346002)(24454002)(377424004)(189002)(199003)(52164004)(65806001)(64126003)(3260700006)(305945005)(8676002)(7736002)(4326008)(97736004)(6246003)(25786009)(3846002)(68736007)(53936002)(8656006)(316002)(23676003)(16576012)(229853002)(105586002)(6116002)(106356001)(230700001)(58126008)(2906002)(50466002)(36756003)(67846002)(110136005)(76176999)(65826007)(6666003)(101416001)(5660300001)(66066001)(81156014)(2950100002)(50986999)(54356999)(42882006)(83506002)(31686004)(117156002)(81166006)(189998001)(47776003)(31696002)(8936002)(33646002)(72206003)(16526018)(53546010)(6486002)(478600001)(77096006)(65956001); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR0701MB3643; H:[192.168.0.108]; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (protection.outlook.com: cavium.com does not designate permitted sender hosts) X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtNV0hQUjA3MDFNQjM2NDM7MjM6RmI5VVVqWWxtNjluazJqTzIrVHBBaEdr?= =?utf-8?B?dUVybytTOTFHSHZrSm9qRm9VT1J4bG9vbHJraU9ycnFZUVJXTSt3NDk3TlAw?= =?utf-8?B?Mk9uVGVNTmF0L1RTTXE5NVVoZ0x2ZGx6ei9LQno2dmdLTWNXaXFKK0VSQ3Ns?= =?utf-8?B?NDQ0WTM1clRHV3Z1a0ZJbnI3WmpmbGhIVzJVR2J4N1VZcXRrVTRVQWlYeWhO?= =?utf-8?B?YzlUT1g4aUg2WWt0bk9wL3hiZnRuajBLRzJEcDA3RTZjVi9qaExkOTNMY2g5?= =?utf-8?B?QUlDdGplZzBkODNqWjBsb0pFbFc5TVVoakFjRllVcFBYZENIK05qclVDMG5C?= =?utf-8?B?TW9MWDR2Y09OLy9Xck41OXFqR3FCRHU1aU5pSDNZKy9KcmhSM0JUWTA4SUN0?= =?utf-8?B?VCtpOUxqZFFkbVRiQ1Rnb2VjdDlkUXJuV3REVkVlNC8ra09PdHRhSWswZ0k5?= =?utf-8?B?bCtkdnh3cGRBUDZYMk1DbWZvV00rcGhhcFlmTVI3TFB2S1o0TVV5QXlpVnJI?= =?utf-8?B?UUZlaGo3MklaM0NINk5jakRYNTdYTUlwZHFkQlZaMGFhZEdIbTUvK0xvb2xz?= =?utf-8?B?NmpiNnhVWkFidVJBOVU1ajk4ejNkSkFjRlIrN2M4Z3hsRE1jREZ0dE5IM28x?= =?utf-8?B?UGYwMFNFZ2lPbTNDWTVFVnFkMlNpZGx2b0NSemdUVzF4djZoMmJIZWRXeXBh?= =?utf-8?B?M3ZDMy9jOTIzUDNhbWtHeDludmFuQXRSQk1QLyttRTNDblJ3ZkprTVVsanpH?= =?utf-8?B?RisrUGlFUWdBdXhrZW51a25LZHZPYVhJdEN2NTA4Mzd5U2srbmJEUUQ3b3d1?= =?utf-8?B?NHlsaGlKYnNHS0R6aWEwN21LUG5BdnNXZDV3R01IbEZvZ1VWMTQzUmtlbmlS?= =?utf-8?B?YjNucWdFQkx2aG1pTG9VMnArVnFlN2FoODJQTStha2xBNGN4MlFZYUNHRFcr?= =?utf-8?B?SzdmL1B1K2piRjVRRCtncUVkTHJMWk15R3lRZ1FibE9DZ1E4TXluaXU0aFd1?= =?utf-8?B?SDZVNkdNQjNkUVJKNWZXazdxbEZQM21pRVd4cTNONk92dHNLSlg3ZnVSUEFV?= =?utf-8?B?WlUzWEdjVzJ1RVR0K09DYTlnRVd1ZGZySndvUlQrOVJ3NzJETmlZNUtHUDlP?= =?utf-8?B?aTdHUldNamdBalZwbHdjZG5tOXNIWFZmKzNMZFczYXJEa01adkZNcFE1bCtU?= =?utf-8?B?OTRRaXpUU0NYVjFkU1VSN3dONEk4c1NWSjlGT3luVWduZEM3cGVwK1ZDT2RH?= =?utf-8?B?d3Y0MXp1TlB6c3dSZHlReHY3WFFYRU9xMCszdnh4N0NjMXJpSzJhblhGWmgz?= =?utf-8?B?T1BNUFRsalNDNWw1cFVHNm1aVkxJUzhJVFB6YVpxNCtCYUc3MVAwaWJBV1dJ?= =?utf-8?B?TGZPdjhoblRsQWdTV1dBSUtxRVhpMU5UbjNpeTVjZzFwdDEyaWxNOVY4RkQ1?= =?utf-8?B?NHFGSFRpWXhGQm03N1hPOWhqcjV5RUd5Qk5OdXU0SjJuSWNhMERuVS9iRGUx?= =?utf-8?B?SVJZMjJsdjRONGpxaXIyUmREMW0wQmI0aVpGRHpibGpCSkh2d0srNlpqQXQ3?= =?utf-8?B?Wk4zdVQ2cGpaQXFHUENwNjJkK0FBektSM1Yxd2ZYVmlEcW9DcWRYTGhXemdZ?= =?utf-8?B?Z1kycmtsUVp6aG1peE01T1c0ZitmK282OG54bUV0eWlOY09zMndpZGFtYUlB?= =?utf-8?B?aXpuMkl4dHhiclhIcjlZQTA0SWhWeG8xZi8wYVBQUmJLTVZYQnFSaTdndTJW?= =?utf-8?B?Si9LQVBFUWtlTWR6c1dFbzIzWTd3UjRrK3RBNVVRaVUzcE5LNlF4M3BkbFB3?= =?utf-8?B?bVBEUjhwMllBT3pWNWtnYjVwM3BQWTkzVVp0K2VoUWJDbC9aRGxaSDhNNlpZ?= =?utf-8?B?bUQyNVEvbldJSWlmR3Uxc3FEV2ZROWhlVm03UXR4L2xsV2U3MWFBdHlEcGlW?= =?utf-8?B?T1dRM0s4dGdWQlFyb3Q2OXQ2QktWeUdxTnVlNmpBTGZqMlJDS2dIMHpFa2F3?= =?utf-8?Q?S2kzM8Sp?= X-Microsoft-Exchange-Diagnostics: 1; MWHPR0701MB3643; 6:HDXhYn2rJiX+x17yGSl+tl0mlLhuZG0HWE+3VwOi6RrGPx/mvDbMrvEsX1RxqFXgusm+gy8V0BI7UvNUIahYf3K+DbdUrMCsdiWfI8rtDPT0Xo0ki8Rzht3TyrNglDB2jjXlon4reSplT02LmgctvhyBeQSHtPepbtWiPlm7D4h1LIZED7vpW0w3jwv3zaE4DNty+iDnd0RdPQrdPuOqLMLlFt1QdW3lp5nN4XLJKvxmW8qazrEaxasTqh8720ceNMisgjWjpub8t7IOJM9A5h73BgdNMRxbXx2xO/0XtoCODQOif4IXNRpKlYMxmhTSdXRnPtx1ZmLctFU24Y9RunSVYYMayO30l8SoZeMgj7g=; 5:83bcDVH96w1GFj13ieGXx+ECgb7ThGMq0VZY1MqXmLtJZEYb0qfqYV1ccf3kaSc3eemTi+cwIpGQCfPRFgXFkwnOMQjgTzmh4uHpsRC4soRwg90v+A5cTkUaUeff2RFxiCOH6N9Wpawd4CCF/wUN+2TVefgZjtuM+AUoibovUaQ=; 24:yejXWYrN5lGrYhGYHs6J5vrJ01E/y7+vJRZDBi0ysHcRLD6A5brrUPEggmfX/9j/JpZvZPnP6rzpEpRg3BmYwcNMoY8tuJu40dMns2IdeYA=; 7:YZWW1izL5Ye1SoY3dXarDGDmNgLHLZXTIeFQY7DZxs1tM7UF5YZeZgzKaP3zBkYCpKL542StewzogeI/8XFQHc6die47RCdprDPjYA8seRPa9U+vQa9REI7Ig7lNeb14xoIANpOt20HNrkxQABuQiBI3V5+aV8v2XgNmylKwhuIRQ9F6dHleB+ubdCqUVp/2xtSGYM3GdNMq2diD5PUHUlYXh58mcAizMxe57F4yEZUEr06GWUKIV+ADb/AwK74r SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: caviumnetworks.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 13 Nov 2017 19:25:06.7802 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: 02ecc30f-184c-4406-088f-08d52acc40dc X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 711e4ccf-2e9b-4bcf-a551-4094005b6194 X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR0701MB3643 X-Mailman-Approved-At: Mon, 13 Nov 2017 22:35:58 +0100 Subject: Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: fix usage of incorrect port X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Nov 2017 19:25:11 -0000 Hi, Comments below On 13-11-2017 22:53, Radu Nicolau wrote: > Hi, > > Comments below > > On 11/13/2017 4:13 PM, Anoob Joseph wrote: >> When security offload is enabled, the packet should be forwarded on the >> port configured in the SA. Security session will be configured on that >> port only, and sending the packet on other ports could result in >> unencrypted packets being sent out. > With a properly configured SP, SA and routing rule this will not > happen, so we don't need to do this fix to make up for a wrongly > written configuration file. > I'm almost sure that the app will behave in the same way (i.e. forward > unencrypted) for lookaside crypto if the configuration is incorrect. The lookaside crypto will ensure encryption, even if the LPM port is different. >> >> This would have performance improvements too, as the per packet LPM >> lookup would be avoided for IPsec packets, in inline mode. > Yes, there will be some performance gain, but not sure how much > considering that LPM lookup is reasonably fast. The 2nd lookup is significant for inline protocol for which I plan to submit some patches. In case of inline protocol, the packet need not have final headers by the time it is submitted to the ethernet driver. For example, in case of ESP in tunnel mode, tunnel IPs from the SA need to be used for LPM lookup. So all such cases(tunnel/transport, ipv4 tunnel in ipv6 and vice versa etc) need to be valuated and the final addresses need to be determined before an LPM lookup can be done, which adds significant overhead per packet. > > So I'm not sure if ack or nack, maybe Sergio can give a second opinion. > But if ack, you will have to update the patch to include in the doc > this behavior, the port configured in the SA takes precedence over the > one in the routing rule. > > Regards, > Radu Thanks, Anoob