From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id B096DA0547;
	Mon, 27 Sep 2021 11:16:49 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 2DA7940686;
	Mon, 27 Sep 2021 11:16:49 +0200 (CEST)
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 by mails.dpdk.org (Postfix) with ESMTP id A4D2C4003D
 for <dev@dpdk.org>; Mon, 27 Sep 2021 11:16:46 +0200 (CEST)
X-IronPort-AV: E=McAfee;i="6200,9189,10119"; a="204593282"
X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; 
 d="scan'208,217";a="204593282"
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384;
 27 Sep 2021 02:16:45 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.85,326,1624345200"; 
 d="scan'208,217";a="707054050"
Received: from fmsmsx606.amr.corp.intel.com ([10.18.126.86])
 by fmsmga005.fm.intel.com with ESMTP; 27 Sep 2021 02:16:45 -0700
Received: from fmsmsx601.amr.corp.intel.com (10.18.126.81) by
 fmsmsx606.amr.corp.intel.com (10.18.126.86) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12; Mon, 27 Sep 2021 02:16:44 -0700
Received: from fmsedg602.ED.cps.intel.com (10.1.192.136) by
 fmsmsx601.amr.corp.intel.com (10.18.126.81) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2242.12 via Frontend Transport; Mon, 27 Sep 2021 02:16:44 -0700
Received: from NAM12-DM6-obe.outbound.protection.outlook.com (104.47.59.169)
 by edgegateway.intel.com (192.55.55.71) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.1.2242.12; Mon, 27 Sep 2021 02:16:44 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=dKGu29zyucQ2i5OSAl+IAYXgOIoM0uFjCoZb0dou0EkckfaowL6fzV4sPO5VJVbdzPjyg/Ffejf/Q6zFX7TtSkKarwmV4f6wkWLZRBDbs0LesK9K5YsF5Gjas3ChcZaVZcwuwGw/JOzLg7ROQM6bVKyFY0f5aG1gn0YDskt+m3xh9gIV2Zj2eO8w07AmeujS0gCySDxaE9EolMeG3v3M3rABFDGxa6oyWgTxZAMwgt5s6vQXDttodfckXe+Zv9P2EiReCwh43K9vLzSf/L1znZ4l6cTNcecHPK3iy69V9LlFSdp3FTSeoqlh4ux9wHmyswYMPRDw9YLQUSC4aPz60w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; 
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; 
 bh=ivHJ8vkFJ/6D81+1ve0wRrH0hGXKG8nlUsfYFF0j5Kk=;
 b=OKbl1HTLWg3OaweFP53xfAuFvDBdCTEFE340xT+U5clUY/3T9id5YW9VY8iOAMsePlbeMICQOWf7nV007MaHjEOtOaBaXPC6E2czQN7PXwOEcNwtpL1ubO80ClQxkVyacx8265uRJnxn/lgaBo6cCFHUJM/bUFMeBM4fD5zmUJdvvADn9wWYBwmdao+UqtEyCsxY479o/suYRDzBFQ9gSTU3liWX3B3OltQeTigX09KAvFkUmiZWVDgm1+GPuR2MvMc8r37MHS37+TOhBSxPcov6USrSScFVR8wkQnfNHAyArfUIfz2lVKcnH2EMszv5o4pGnWY/a3eBK6SsPtNJug==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
 smtp.mailfrom=intel.com; dmarc=pass action=none header.from=intel.com;
 dkim=pass header.d=intel.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel.onmicrosoft.com; 
 s=selector2-intel-onmicrosoft-com;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=ivHJ8vkFJ/6D81+1ve0wRrH0hGXKG8nlUsfYFF0j5Kk=;
 b=c9W6vhDYBO5qjAY3UnEdd+E/Mku1wd4cjYvHjq5AiSLxK9qZ43dZbFsTnBYoWWw2Dk8ldQ8V3AQkyOe6Ca+eLzDyBKCTyX2TdPoq2BTPcrJEf+h1cpqyjOAmCLkbX/s+U4cX6KK2CjXTHM8zC0Yz/xiJbxGp6uBKIgv/RUxSbJ8=
Authentication-Results: nvidia.com; dkim=none (message not signed)
 header.d=none;nvidia.com; dmarc=none action=none header.from=intel.com;
Received: from CO1PR11MB4868.namprd11.prod.outlook.com (2603:10b6:303:90::19)
 by MWHPR11MB1806.namprd11.prod.outlook.com (2603:10b6:300:10e::21)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.14; Mon, 27 Sep
 2021 09:16:40 +0000
Received: from CO1PR11MB4868.namprd11.prod.outlook.com
 ([fe80::4dcc:489e:1d86:47cb]) by CO1PR11MB4868.namprd11.prod.outlook.com
 ([fe80::4dcc:489e:1d86:47cb%9]) with mapi id 15.20.4544.021; Mon, 27 Sep 2021
 09:16:40 +0000
To: <hemant.agrawal@nxp.com>, Akhil Goyal <gakhil@marvell.com>, Declan Doherty
 <declan.doherty@intel.com>
CC: "dev@dpdk.org" <dev@dpdk.org>, "mdr@ashroe.eu" <mdr@ashroe.eu>,
 "konstantin.ananyev@intel.com" <konstantin.ananyev@intel.com>,
 "vladimir.medvedkin@intel.com" <vladimir.medvedkin@intel.com>,
 "bruce.richardson@intel.com" <bruce.richardson@intel.com>,
 "roy.fan.zhang@intel.com" <roy.fan.zhang@intel.com>, Anoob Joseph
 <anoobj@marvell.com>, "abhijit.sinha@intel.com" <abhijit.sinha@intel.com>,
 "daniel.m.buckley@intel.com" <daniel.m.buckley@intel.com>, Archana Muniganti
 <marchana@marvell.com>, Tejasree Kondoj <ktejasree@marvell.com>,
 "matan@nvidia.com" <matan@nvidia.com>
References: <20210713133542.3550525-1-radu.nicolau@intel.com>
 <20210903112626.304692-1-radu.nicolau@intel.com>
 <20210903112626.304692-3-radu.nicolau@intel.com>
 <CO6PR18MB448480A373ECBBD1EF20E8E9D8D19@CO6PR18MB4484.namprd18.prod.outlook.com>
 <b45604bc-1ac4-375a-9ed8-a98756438a3b@intel.com>
 <9a96d2b8-522e-94d9-86fa-278b908fd872@oss.nxp.com>
From: "Nicolau, Radu" <radu.nicolau@intel.com>
Message-ID: <da65bf4a-1f7e-1ba1-7ee1-cb5fe3d9be4f@intel.com>
Date: Mon, 27 Sep 2021 10:16:32 +0100
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101
 Firefox/78.0 Thunderbird/78.14.0
In-Reply-To: <9a96d2b8-522e-94d9-86fa-278b908fd872@oss.nxp.com>
Content-Language: en-GB
X-ClientProxiedBy: DB6PR0201CA0034.eurprd02.prod.outlook.com
 (2603:10a6:4:3f::44) To CO1PR11MB4868.namprd11.prod.outlook.com
 (2603:10b6:303:90::19)
MIME-Version: 1.0
Received: from [192.168.1.12] (109.255.186.106) by
 DB6PR0201CA0034.eurprd02.prod.outlook.com (2603:10a6:4:3f::44) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.4544.13 via Frontend Transport; Mon, 27 Sep 2021 09:16:37 +0000
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 7982ab8f-448c-4433-9a85-08d9819783cc
X-MS-TrafficTypeDiagnostic: MWHPR11MB1806:
X-LD-Processed: 46c98d88-e344-4ed4-8496-4ed7712e255d,ExtAddr
X-MS-Exchange-Transport-Forked: True
X-Microsoft-Antispam-PRVS: <MWHPR11MB1806EB9B85B4EF9FC6786EFF90A79@MWHPR11MB1806.namprd11.prod.outlook.com>
X-MS-Oob-TLC-OOBClassifiers: OLM:8882;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 9n1RwfpCD3+UUK/bQ3GL5uYd6sJTKidwvfPecaMSIMSLzjYHSsJNWiJAitV0uSF9JO2Qfj7WrcJmscK5Ii0ZOiMvBX9KGdArMGN6mlAGJM0Oq/LNT5HeF6MoD7Ey2lGlmuFkGD6rpV0J/TE4NkRkEwnhKicJMxx9cLwRfg2BajEMoFkieFaSx6Q87n47wD1NG2XSyVfh1pzGTE4wD0g+9AJxGEJskBmwLLk1LlaZTJbnE4oIAN09Vf+yAXbEprRk3s65fGArinoq1U+EO63yqvKNMIYC0YYb+qxeCX3QAXqT6LGugf+VaTX4JtbfSCE98XGjcOqONTvqzE0z5ZdrDCh1UU873er9cHsjzOZ/PEgcAe9XLFKh4BzLM4vcrFfGtPz6drQYVNBGKSkI4SbEPaVOJT29/YCXF9pSn8wcivFqSAELvBNYs0ngIonshW4f3BPZcEzOU29oGj/fbA51fn+OUm+5oepg/eYFk0bAAOXpE7R0QDqDHV9iK3ah3Y78nHnjVfFj20N/r9u/O3By/nZJLP0Hkxl6Spaqi5XwmAkgvaIqQPjjJJmmFiOrLwjEvSlmHApXP6HYDSXb/JK6XWdO1IXjzbA8Vv2VQogjsAH6olNQMjw4Rz/ZCztogNCmh++sPdYYNfs5Dgo76QrCcknrnAfyM+FILJcgA8BDhzwfipmV0YUeDHdcYCg12Uj/A/R1+XIKotVyriaLxd1TyBUtZsfwy20OfukV8dcIj7w9dkNNxuW0ZRK13fAoSNN9EQxcsLvxsS5sBdJeyLqY1OJQF3HFZWESrGBYJT7m6X98UUMYPobiMblOV2yeVqr+fH6hNwJShWXDBUJSnBSGlulx1ZXz/fwqsnOASmlP5QY=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:CO1PR11MB4868.namprd11.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(4636009)(366004)(6636002)(31686004)(8936002)(66476007)(66556008)(4326008)(66946007)(8676002)(54906003)(36756003)(38100700002)(16576012)(6486002)(5660300002)(110136005)(316002)(2616005)(26005)(33964004)(186003)(966005)(508600001)(31696002)(2906002)(166002)(956004)(6666004)(86362001)(53546011)(55236004)(45980500001)(43740500002);
 DIR:OUT; SFP:1102; 
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?ZnZ0TSt3NXJ2bUpENzdGamh5am5oOHJRY0tFNU5VMkUxdXhYVnBlNUQ0TXp4?=
 =?utf-8?B?dHpzQUMvb2FZNHBCakh6NWtNQVN1UDQzSFdBQnVjdGppM1dHRXVJLzJRak9j?=
 =?utf-8?B?WksvOUZsd0NhOFpydExOWUdralBuWFJLRVFUVVRQK0JpYWQ5aFgzdFpGMXFr?=
 =?utf-8?B?SGRNbXFCa0pNbmUwS2NXRlBGNUtyOFFhRndZalV1L2RGV3JBUGFPL2R0MHpi?=
 =?utf-8?B?SndXVHRUZ05Yay81TUFqMkU4aXFiZUhUeVR1OHNiZ1pEMVJqK21PYXZUaTZV?=
 =?utf-8?B?cUNUOFlHRWRWcjJuelliV2VoLzNDcWFRWCtvajJTLzhwT0xkNUhYSXdtQ2Jm?=
 =?utf-8?B?T3U1cDR0Yk1tTlJLaURMMzZDcHplUCsxWFBUNmRVTUJmODdaa3hBYWttR2t0?=
 =?utf-8?B?YWZXZ3NqWEhRTHM1bVBobWNDT2FYUG1lbTBKREd6MVM3K0lOOVBBQkhad1hs?=
 =?utf-8?B?a3pUN2l6TTU1ZDVmTEgzQW5PRjc1SXJEVDZ1dmpsSzMwN3FvbHNySG9qSmVz?=
 =?utf-8?B?MFJKbGhGb1FZeXBxd2hpeDNta3k2SDVTMkF0ZTVZdGQ1c1lZa001ekEyQmJE?=
 =?utf-8?B?WUsrSGptNXhtVVQ5bkVtRm5RdHRiYUVCNDVkSm5CZnkvS3FwZWk5U05JMXNG?=
 =?utf-8?B?TlZjZTI3NFd6dlp2L0dMZmdJQi9pZUJYTEQ5ZnhiYm9aRXNpWXUxbkZBb01p?=
 =?utf-8?B?N1Vob2wrcFAwblU5QnJWYk9UWWNtMEczR0JSUDBQQS9rSERBNzNJRklpNG45?=
 =?utf-8?B?TGF5WU1TNHdZRmpDSWdRdUV3L0IxNS9Oa1Y1WXMwZHFYazBCRG1JYWZHTDJK?=
 =?utf-8?B?emkyZEtWUjBHRjRZSWd6dlNCSkxKRk00M2l0K2U3QlBQaER6VFFvMmxZRWRO?=
 =?utf-8?B?dEFBMFBLUitHaWcwV2w2Q2Z5bE1LVWdyaCtzdjhsVlgrM0dVK1BSa2xCRkVo?=
 =?utf-8?B?eDhOYndIOE9BUG5GdjhCYzhqekc5NWhaZnRMRkxPTE40bzFrV1ZNQUhDcDda?=
 =?utf-8?B?UDZaM05ESTBOTU9qTzZZYWtJWVhPaGZ4YXN5Ti9SQVlkL010dkNMV3ZPZkd5?=
 =?utf-8?B?eFhPS0NBY2kvc0psaWJnaG1ZcWcxZ29teEJZdi9QUDI0bjRad25SelhaYlZM?=
 =?utf-8?B?SVBLOXR2THRaNEFBeXJOQnBPbzVGYkMyR0JCdmxvUGFhYXpTMlFNa1hyejZk?=
 =?utf-8?B?dFFwSVF4azdNcmxPU29pa2c1S1ArZ3dqVFgxUVlsdCs4ZUdlVnhtTUFROHl5?=
 =?utf-8?B?QWVUWkZxVFdUUHhZdmRPczB4dkgzRmloNTY3OTVtcU9nYUhEb1R3WVpBVE1Q?=
 =?utf-8?B?RWxIYk42L0hZakRWMDVseDF2Q1ZvaGp1b2s3NmkrN1FkcFhmdDQzU2p6cmZj?=
 =?utf-8?B?ZFhIWFBIZDRzVUVwbXhtbER0WDNLc3QvTlZRK3FDVXppRy9QVWZpMkxUYysr?=
 =?utf-8?B?UlprbEZzd29xNW16eUEwSVhMdlg5ZTQ5ZGpTSVBDS0dtc0FWZ2E1cEQreEJH?=
 =?utf-8?B?cXE4czFJbjA2Vk1Eemh4OWFJaFRmSi96SStsV0F4YnFHalp4bmJmUzJaZXVv?=
 =?utf-8?B?bFNWb0dPb0tOVFE5bFFVT2hpOUZCV3doc2NQN1NTTDcvbEFoQXJPcW4vMWFa?=
 =?utf-8?B?MjNFWEFVV0t1c1M0OE5vUDJYL084TTBoTU5LMktBeGh6Qi95cTEwWTJub01H?=
 =?utf-8?B?R05xc2p1ZDhoZnhINEM4d0o2eE9janB3Y2dDa2xwQnZWcjJKaXU3R3hoTDJq?=
 =?utf-8?Q?Qin1xMjA8vCUlEyktBL4T4dYLntJLmVGeWqwc5C?=
X-MS-Exchange-CrossTenant-Network-Message-Id: 7982ab8f-448c-4433-9a85-08d9819783cc
X-MS-Exchange-CrossTenant-AuthSource: CO1PR11MB4868.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Sep 2021 09:16:40.4698 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 46c98d88-e344-4ed4-8496-4ed7712e255d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: uFiHBrspIXYUsb/XxdBy4Xzp5jpgPMo+263CbXtvubLZz+x/1RAktCoENd4Cd3T8dBQRlALLZxSFOefNMi6G0w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1806
X-OriginatorOrg: intel.com
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [dpdk-dev] [EXT] [PATCH v4 02/10] security: add UDP params for
 IPsec NAT-T
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>


On 9/24/2021 10:11 AM, Hemant Agrawal wrote:
>
>
> On 9/6/2021 4:39 PM, Nicolau, Radu wrote:
>>
>> On 9/5/2021 3:19 PM, Akhil Goyal wrote:
>>> Hi Radu,
>>>
>>>> Add support for specifying UDP port params for UDP encapsulation 
>>>> option.
>>>>
>>>> Signed-off-by: Declan Doherty <declan.doherty@intel.com>
>>>> Signed-off-by: Radu Nicolau <radu.nicolau@intel.com>
>>>> Signed-off-by: Abhijit Sinha <abhijit.sinha@intel.com>
>>>> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley@intel.com>
>>> Do we really need to specify the port numbers for NAT-T?
>>> I suppose they are fixed as 4500.
>>> Could you please specify what the user need to set here for session
>>> creation?
>>
>> From what I'm seeing here 
>> https://datatracker.ietf.org/doc/html/rfc3948#section-2.1 there is no 
>> requirement in general for UDP encapsulation so I think it's better 
>> to make the API flexible as to allow any port to be used.
>
>
> This section states that :
>
> o  the Source Port and Destination Port MUST be the same as that used by IKE traffic,
>
> IKE usages port 4500
>
> am I missing something?


I think there's enough confusion in the RFCs so I think it's better to 
keep this option flexible:

For example https://datatracker.ietf.org/doc/html/rfc5996#section-2.23:

>     It is a common practice of NATs to translate TCP and UDP port numbers
>     as well as addresses and use the port numbers of inbound packets to
>     decide which internal node should get a given packet.  For this
>     reason, even though IKE packets MUST be sent to and from UDP port 500
>     or 4500, they MUST be accepted coming from any port and responses
>     MUST be sent to the port from whence they came.  This is because the
>     ports may be modified as the packets pass through NATs.  Similarly,
>     IP addresses of the IKE endpoints are generally not included in the
>     IKE payloads because the payloads are cryptographically protected and
>     could not be transparently modified by NATs.