[dpdk-dev] [PATCH] ethdev: add security flow item

[Asaf Penso]

Regards,
Asaf Penso

>-----Original Message-----
>From: Tejasree Kondoj <ktejasree at marvell.com>
>Sent: Monday, September 21, 2020 11:59 AM
>To: Asaf Penso <asafp at nvidia.com>; Stephen Hemminger
><stephen at networkplumber.org>
>Cc: Akhil Goyal <akhil.goyal at nxp.com>; Radu Nicolau
><radu.nicolau at intel.com>; Declan Doherty <declan.doherty at intel.com>; Ori
>Kam <orika at nvidia.com>; NBU-Contact-Thomas Monjalon
><thomas at monjalon.net>; Ferruh Yigit <ferruh.yigit at intel.com>; Andrew
>Rybchenko <arybchenko at solarflare.com>; Jerin Jacob Kollanukkaran
><jerinj at marvell.com>; Narayana Prasad Raju Athreya
><pathreya at marvell.com>; Anoob Joseph <anoobj at marvell.com>;
>dev at dpdk.org
>Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item
>
>Please see inline.
>
>Thanks
>Tejasree
>
>> -----Original Message-----
>> From: Asaf Penso <asafp at nvidia.com>
>> Sent: Thursday, September 17, 2020 3:09 PM
>> To: Stephen Hemminger <stephen at networkplumber.org>; Tejasree
>Kondoj
>> <ktejasree at marvell.com>
>> Cc: Akhil Goyal <akhil.goyal at nxp.com>; Radu Nicolau
>> <radu.nicolau at intel.com>; Declan Doherty <declan.doherty at intel.com>;
>> Ori Kam <orika at nvidia.com>; NBU-Contact-Thomas Monjalon
>> <thomas at monjalon.net>; Ferruh Yigit <ferruh.yigit at intel.com>; Andrew
>> Rybchenko <arybchenko at solarflare.com>; Jerin Jacob Kollanukkaran
>> <jerinj at marvell.com>; Narayana Prasad Raju Athreya
>> <pathreya at marvell.com>; Anoob Joseph <anoobj at marvell.com>;
>> dev at dpdk.org
>> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item
>>
>> External Email
>>
>> ----------------------------------------------------------------------
>> >-----Original Message-----
>> >From: dev <dev-bounces at dpdk.org> On Behalf Of Stephen Hemminger
>> >Sent: Thursday, September 10, 2020 7:46 PM
>> >To: Tejasree Kondoj <ktejasree at marvell.com>
>> >Cc: Akhil Goyal <akhil.goyal at nxp.com>; Radu Nicolau
>> ><radu.nicolau at intel.com>; Declan Doherty <declan.doherty at intel.com>;
>> >Ori Kam <orika at mellanox.com>; NBU-Contact-Thomas Monjalon
>> ><thomas at monjalon.net>; Ferruh Yigit <ferruh.yigit at intel.com>; Andrew
>> >Rybchenko <arybchenko at solarflare.com>; Jerin Jacob
>> ><jerinj at marvell.com>; Narayana Prasad <pathreya at marvell.com>; Anoob
>> >Joseph <anoobj at marvell.com>; dev at dpdk.org
>> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item
>> >
>> >On Thu, 10 Sep 2020 22:14:41 +0530
>> >Tejasree Kondoj <ktejasree at marvell.com> wrote:
>> >
>> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to
>> distinguish
>> >> plain packets from IPsec decrypted plain packets.
>> >>
>> >> Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
>> >
>> >Please provide an implementation, API's without any driver support
>> >should not be accepted.
>> >
>> >Also, we need a test for this.
>
>[Tejasree] We would like to defer the patch and add implementation, test
>case in next cycle.
>
>>
>> +1
>> Also, I think the word SECURITY is too high-level, and if specifically
>> you mention here an item for IPSec, perhaps you can consider renaming.
>
>[Tejasree] This item matches security processed packets and not specific to
>IPsec.
>Will change commit description as follows:
>" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match
>packets that were security processed. For example, in case of inline IPsec, it
>can be used to distinguish plain packets from IPsec decrypted plain packets"
>Would that be fine?

It would be more clear, yes, thank you, but in this case I suggest to have a field in the spec that you can match on it.
For example, is it viable to know if the packet was processed by IPSec and not AES? Maybe you want to have 2 flow with this new item, but still differentiate between the types.