From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id B096DA0547; Mon, 27 Sep 2021 11:16:49 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 2DA7940686; Mon, 27 Sep 2021 11:16:49 +0200 (CEST) Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) by mails.dpdk.org (Postfix) with ESMTP id A4D2C4003D for ; Mon, 27 Sep 2021 11:16:46 +0200 (CEST) X-IronPort-AV: E=McAfee;i="6200,9189,10119"; a="204593282" X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208,217";a="204593282" Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Sep 2021 02:16:45 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; d="scan'208,217";a="707054050" Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86]) by fmsmga005.fm.intel.com with ESMTP; 27 Sep 2021 02:16:45 -0700 Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12; Mon, 27 Sep 2021 02:16:44 -0700 Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 02:16:44 -0700 Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169) by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2242.12; Mon, 27 Sep 2021 02:16:44 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dKGu29zyucQ2i5OSAl+IAYXgOIoM0uFjCoZb0dou0EkckfaowL6fzV4sPO5VJVbdzPjyg/Ffejf/Q6zFX7TtSkKarwmV4f6wkWLZRBDbs0LesK9K5YsF5Gjas3ChcZaVZcwuwGw/JOzLg7ROQM6bVKyFY0f5aG1gn0YDskt+m3xh9gIV2Zj2eO8w07AmeujS0gCySDxaE9EolMeG3v3M3rABFDGxa6oyWgTxZAMwgt5s6vQXDttodfckXe+Zv9P2EiReCwh43K9vLzSf/L1znZ4l6cTNcecHPK3iy69V9LlFSdp3FTSeoqlh4ux9wHmyswYMPRDw9YLQUSC4aPz60w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=ivHJ8vkFJ/6D81+1ve0wRrH0hGXKG8nlUsfYFF0j5Kk=; b=OKbl1HTLWg3OaweFP53xfAuFvDBdCTEFE340xT+U5clUY/3T9id5YW9VY8iOAMsePlbeMICQOWf7nV007MaHjEOtOaBaXPC6E2czQN7PXwOEcNwtpL1ubO80ClQxkVyacx8265uRJnxn/lgaBo6cCFHUJM/bUFMeBM4fD5zmUJdvvADn9wWYBwmdao+UqtEyCsxY479o/suYRDzBFQ9gSTU3liWX3B3OltQeTigX09KAvFkUmiZWVDgm1+GPuR2MvMc8r37MHS37+TOhBSxPcov6USrSScFVR8wkQnfNHAyArfUIfz2lVKcnH2EMszv5o4pGnWY/a3eBK6SsPtNJug== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com; dkim=pass header.d=intel.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; s=selector2-intel-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ivHJ8vkFJ/6D81+1ve0wRrH0hGXKG8nlUsfYFF0j5Kk=; b=c9W6vhDYBO5qjAY3UnEdd+E/Mku1wd4cjYvHjq5AiSLxK9qZ43dZbFsTnBYoWWw2Dk8ldQ8V3AQkyOe6Ca+eLzDyBKCTyX2TdPoq2BTPcrJEf+h1cpqyjOAmCLkbX/s+U4cX6KK2CjXTHM8zC0Yz/xiJbxGp6uBKIgv/RUxSbJ8= Authentication-Results: nvidia.com; dkim=none (message not signed) header.d=none;nvidia.com; dmarc=none action=none header.from=intel.com; Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) by MWHPR11MB1806.namprd11.prod.outlook.com (2603:10b6:300:10e::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.14; Mon, 27 Sep 2021 09:16:40 +0000 Received: from CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb]) by CO1PR11MB4868.namprd11.prod.outlook.com ([fe80::4dcc:489e:1d86:47cb%9]) with mapi id 15.20.4544.021; Mon, 27 Sep 2021 09:16:40 +0000 To: , Akhil Goyal , Declan Doherty CC: "dev@dpdk.org" , "mdr@ashroe.eu" , "konstantin.ananyev@intel.com" , "vladimir.medvedkin@intel.com" , "bruce.richardson@intel.com" , "roy.fan.zhang@intel.com" , Anoob Joseph , "abhijit.sinha@intel.com" , "daniel.m.buckley@intel.com" , Archana Muniganti , Tejasree Kondoj , "matan@nvidia.com" References: <20210713133542.3550525-1-radu.nicolau@intel.com> <20210903112626.304692-1-radu.nicolau@intel.com> <20210903112626.304692-3-radu.nicolau@intel.com> <9a96d2b8-522e-94d9-86fa-278b908fd872@oss.nxp.com> From: "Nicolau, Radu" Message-ID: Date: Mon, 27 Sep 2021 10:16:32 +0100 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0 Thunderbird/78.14.0 In-Reply-To: <9a96d2b8-522e-94d9-86fa-278b908fd872@oss.nxp.com> Content-Language: en-GB X-ClientProxiedBy: DB6PR0201CA0034.eurprd02.prod.outlook.com (2603:10a6:4:3f::44) To CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19) MIME-Version: 1.0 Received: from [192.168.1.12] (109.255.186.106) by DB6PR0201CA0034.eurprd02.prod.outlook.com (2603:10a6:4:3f::44) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.13 via Frontend Transport; Mon, 27 Sep 2021 09:16:37 +0000 X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id: 7982ab8f-448c-4433-9a85-08d9819783cc X-MS-TrafficTypeDiagnostic: MWHPR11MB1806: X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr X-MS-Exchange-Transport-Forked: True X-Microsoft-Antispam-PRVS: X-MS-Oob-TLC-OOBClassifiers: OLM:8882; X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 9n1RwfpCD3+UUK/bQ3GL5uYd6sJTKidwvfPecaMSIMSLzjYHSsJNWiJAitV0uSF9JO2Qfj7WrcJmscK5Ii0ZOiMvBX9KGdArMGN6mlAGJM0Oq/LNT5HeF6MoD7Ey2lGlmuFkGD6rpV0J/TE4NkRkEwnhKicJMxx9cLwRfg2BajEMoFkieFaSx6Q87n47wD1NG2XSyVfh1pzGTE4wD0g+9AJxGEJskBmwLLk1LlaZTJbnE4oIAN09Vf+yAXbEprRk3s65fGArinoq1U+EO63yqvKNMIYC0YYb+qxeCX3QAXqT6LGugf+VaTX4JtbfSCE98XGjcOqONTvqzE0z5ZdrDCh1UU873er9cHsjzOZ/PEgcAe9XLFKh4BzLM4vcrFfGtPz6drQYVNBGKSkI4SbEPaVOJT29/YCXF9pSn8wcivFqSAELvBNYs0ngIonshW4f3BPZcEzOU29oGj/fbA51fn+OUm+5oepg/eYFk0bAAOXpE7R0QDqDHV9iK3ah3Y78nHnjVfFj20N/r9u/O3By/nZJLP0Hkxl6Spaqi5XwmAkgvaIqQPjjJJmmFiOrLwjEvSlmHApXP6HYDSXb/JK6XWdO1IXjzbA8Vv2VQogjsAH6olNQMjw4Rz/ZCztogNCmh++sPdYYNfs5Dgo76QrCcknrnAfyM+FILJcgA8BDhzwfipmV0YUeDHdcYCg12Uj/A/R1+XIKotVyriaLxd1TyBUtZsfwy20OfukV8dcIj7w9dkNNxuW0ZRK13fAoSNN9EQxcsLvxsS5sBdJeyLqY1OJQF3HFZWESrGBYJT7m6X98UUMYPobiMblOV2yeVqr+fH6hNwJShWXDBUJSnBSGlulx1ZXz/fwqsnOASmlP5QY= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(6636002)(31686004)(8936002)(66476007)(66556008)(4326008)(66946007)(8676002)(54906003)(36756003)(38100700002)(16576012)(6486002)(5660300002)(110136005)(316002)(2616005)(26005)(33964004)(186003)(966005)(508600001)(31696002)(2906002)(166002)(956004)(6666004)(86362001)(53546011)(55236004)(45980500001)(43740500002); DIR:OUT; SFP:1102; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZnZ0TSt3NXJ2bUpENzdGamh5am5oOHJRY0tFNU5VMkUxdXhYVnBlNUQ0TXp4?= =?utf-8?B?dHpzQUMvb2FZNHBCakh6NWtNQVN1UDQzSFdBQnVjdGppM1dHRXVJLzJRak9j?= =?utf-8?B?WksvOUZsd0NhOFpydExOWUdralBuWFJLRVFUVVRQK0JpYWQ5aFgzdFpGMXFr?= =?utf-8?B?SGRNbXFCa0pNbmUwS2NXRlBGNUtyOFFhRndZalV1L2RGV3JBUGFPL2R0MHpi?= =?utf-8?B?SndXVHRUZ05Yay81TUFqMkU4aXFiZUhUeVR1OHNiZ1pEMVJqK21PYXZUaTZV?= =?utf-8?B?cUNUOFlHRWRWcjJuelliV2VoLzNDcWFRWCtvajJTLzhwT0xkNUhYSXdtQ2Jm?= =?utf-8?B?T3U1cDR0Yk1tTlJLaURMMzZDcHplUCsxWFBUNmRVTUJmODdaa3hBYWttR2t0?= =?utf-8?B?YWZXZ3NqWEhRTHM1bVBobWNDT2FYUG1lbTBKREd6MVM3K0lOOVBBQkhad1hs?= =?utf-8?B?a3pUN2l6TTU1ZDVmTEgzQW5PRjc1SXJEVDZ1dmpsSzMwN3FvbHNySG9qSmVz?= =?utf-8?B?MFJKbGhGb1FZeXBxd2hpeDNta3k2SDVTMkF0ZTVZdGQ1c1lZa001ekEyQmJE?= =?utf-8?B?WUsrSGptNXhtVVQ5bkVtRm5RdHRiYUVCNDVkSm5CZnkvS3FwZWk5U05JMXNG?= =?utf-8?B?TlZjZTI3NFd6dlp2L0dMZmdJQi9pZUJYTEQ5ZnhiYm9aRXNpWXUxbkZBb01p?= =?utf-8?B?N1Vob2wrcFAwblU5QnJWYk9UWWNtMEczR0JSUDBQQS9rSERBNzNJRklpNG45?= =?utf-8?B?TGF5WU1TNHdZRmpDSWdRdUV3L0IxNS9Oa1Y1WXMwZHFYazBCRG1JYWZHTDJK?= =?utf-8?B?emkyZEtWUjBHRjRZSWd6dlNCSkxKRk00M2l0K2U3QlBQaER6VFFvMmxZRWRO?= =?utf-8?B?dEFBMFBLUitHaWcwV2w2Q2Z5bE1LVWdyaCtzdjhsVlgrM0dVK1BSa2xCRkVo?= =?utf-8?B?eDhOYndIOE9BUG5GdjhCYzhqekc5NWhaZnRMRkxPTE40bzFrV1ZNQUhDcDda?= =?utf-8?B?UDZaM05ESTBOTU9qTzZZYWtJWVhPaGZ4YXN5Ti9SQVlkL010dkNMV3ZPZkd5?= =?utf-8?B?eFhPS0NBY2kvc0psaWJnaG1ZcWcxZ29teEJZdi9QUDI0bjRad25SelhaYlZM?= =?utf-8?B?SVBLOXR2THRaNEFBeXJOQnBPbzVGYkMyR0JCdmxvUGFhYXpTMlFNa1hyejZk?= =?utf-8?B?dFFwSVF4azdNcmxPU29pa2c1S1ArZ3dqVFgxUVlsdCs4ZUdlVnhtTUFROHl5?= =?utf-8?B?QWVUWkZxVFdUUHhZdmRPczB4dkgzRmloNTY3OTVtcU9nYUhEb1R3WVpBVE1Q?= =?utf-8?B?RWxIYk42L0hZakRWMDVseDF2Q1ZvaGp1b2s3NmkrN1FkcFhmdDQzU2p6cmZj?= =?utf-8?B?ZFhIWFBIZDRzVUVwbXhtbER0WDNLc3QvTlZRK3FDVXppRy9QVWZpMkxUYysr?= =?utf-8?B?UlprbEZzd29xNW16eUEwSVhMdlg5ZTQ5ZGpTSVBDS0dtc0FWZ2E1cEQreEJH?= =?utf-8?B?cXE4czFJbjA2Vk1Eemh4OWFJaFRmSi96SStsV0F4YnFHalp4bmJmUzJaZXVv?= =?utf-8?B?bFNWb0dPb0tOVFE5bFFVT2hpOUZCV3doc2NQN1NTTDcvbEFoQXJPcW4vMWFa?= =?utf-8?B?MjNFWEFVV0t1c1M0OE5vUDJYL084TTBoTU5LMktBeGh6Qi95cTEwWTJub01H?= =?utf-8?B?R05xc2p1ZDhoZnhINEM4d0o2eE9janB3Y2dDa2xwQnZWcjJKaXU3R3hoTDJq?= =?utf-8?Q?Qin1xMjA8vCUlEyktBL4T4dYLntJLmVGeWqwc5C?= X-MS-Exchange-CrossTenant-Network-Message-Id: 7982ab8f-448c-4433-9a85-08d9819783cc X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 09:16:40.4698 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: uFiHBrspIXYUsb/XxdBy4Xzp5jpgPMo+263CbXtvubLZz+x/1RAktCoENd4Cd3T8dBQRlALLZxSFOefNMi6G0w== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1806 X-OriginatorOrg: intel.com Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [dpdk-dev] [EXT] [PATCH v4 02/10] security: add UDP params for IPsec NAT-T X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" On 9/24/2021 10:11 AM, Hemant Agrawal wrote: > > > On 9/6/2021 4:39 PM, Nicolau, Radu wrote: >> >> On 9/5/2021 3:19 PM, Akhil Goyal wrote: >>> Hi Radu, >>> >>>> Add support for specifying UDP port params for UDP encapsulation >>>> option. >>>> >>>> Signed-off-by: Declan Doherty >>>> Signed-off-by: Radu Nicolau >>>> Signed-off-by: Abhijit Sinha >>>> Signed-off-by: Daniel Martin Buckley >>> Do we really need to specify the port numbers for NAT-T? >>> I suppose they are fixed as 4500. >>> Could you please specify what the user need to set here for session >>> creation? >> >> From what I'm seeing here >> https://datatracker.ietf.org/doc/html/rfc3948#section-2.1 there is no >> requirement in general for UDP encapsulation so I think it's better >> to make the API flexible as to allow any port to be used. > > > This section states that : > > o the Source Port and Destination Port MUST be the same as that used by IKE traffic, > > IKE usages port 4500 > > am I missing something? I think there's enough confusion in the RFCs so I think it's better to keep this option flexible: For example https://datatracker.ietf.org/doc/html/rfc5996#section-2.23: > It is a common practice of NATs to translate TCP and UDP port numbers > as well as addresses and use the port numbers of inbound packets to > decide which internal node should get a given packet. For this > reason, even though IKE packets MUST be sent to and from UDP port 500 > or 4500, they MUST be accepted coming from any port and responses > MUST be sent to the port from whence they came. This is because the > ports may be modified as the packets pass through NATs. Similarly, > IP addresses of the IKE endpoints are generally not included in the > IKE payloads because the payloads are cryptographically protected and > could not be transparently modified by NATs.