Hi > -----Original Message----- > From: Asaf Penso <as...@nvidia.com> > Sent: Monday, September 21, 2020 7:09 PM > Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > > Regards, > Asaf Penso > > >-----Original Message----- > >From: Tejasree Kondoj <ktejas...@marvell.com> > >Sent: Monday, September 21, 2020 11:59 AM > >To: Asaf Penso <as...@nvidia.com>; Stephen Hemminger > ><step...@networkplumber.org> > >Cc: Akhil Goyal <akhil.go...@nxp.com>; Radu Nicolau > ><radu.nico...@intel.com>; Declan Doherty <declan.dohe...@intel.com>; Ori > >Kam <or...@nvidia.com>; NBU-Contact-Thomas Monjalon > ><tho...@monjalon.net>; Ferruh Yigit <ferruh.yi...@intel.com>; Andrew > >Rybchenko <arybche...@solarflare.com>; Jerin Jacob Kollanukkaran > ><jer...@marvell.com>; Narayana Prasad Raju Athreya > ><pathr...@marvell.com>; Anoob Joseph <ano...@marvell.com>; > >dev@dpdk.org > >Subject: RE: [dpdk-dev] [PATCH] ethdev: add security flow item > > > >Please see inline. > > > >Thanks > >Tejasree > > > >> -----Original Message----- > >> From: Asaf Penso <as...@nvidia.com> > >> Sent: Thursday, September 17, 2020 3:09 PM > >> To: Stephen Hemminger <step...@networkplumber.org>; Tejasree > >Kondoj > >> <ktejas...@marvell.com> > >> Cc: Akhil Goyal <akhil.go...@nxp.com>; Radu Nicolau > >> <radu.nico...@intel.com>; Declan Doherty <declan.dohe...@intel.com>; > >> Ori Kam <or...@nvidia.com>; NBU-Contact-Thomas Monjalon > >> <tho...@monjalon.net>; Ferruh Yigit <ferruh.yi...@intel.com>; Andrew > >> Rybchenko <arybche...@solarflare.com>; Jerin Jacob Kollanukkaran > >> <jer...@marvell.com>; Narayana Prasad Raju Athreya > >> <pathr...@marvell.com>; Anoob Joseph <ano...@marvell.com>; > >> dev@dpdk.org > >> Subject: [EXT] RE: [dpdk-dev] [PATCH] ethdev: add security flow item > >> > >> External Email > >> > >> ---------------------------------------------------------------------- > >> >-----Original Message----- > >> >From: dev <dev-boun...@dpdk.org> On Behalf Of Stephen Hemminger > >> >Sent: Thursday, September 10, 2020 7:46 PM > >> >To: Tejasree Kondoj <ktejas...@marvell.com> > >> >Cc: Akhil Goyal <akhil.go...@nxp.com>; Radu Nicolau > >> ><radu.nico...@intel.com>; Declan Doherty <declan.dohe...@intel.com>; > >> >Ori Kam <or...@mellanox.com>; NBU-Contact-Thomas Monjalon > >> ><tho...@monjalon.net>; Ferruh Yigit <ferruh.yi...@intel.com>; Andrew > >> >Rybchenko <arybche...@solarflare.com>; Jerin Jacob > >> ><jer...@marvell.com>; Narayana Prasad <pathr...@marvell.com>; Anoob > >> >Joseph <ano...@marvell.com>; dev@dpdk.org > >> >Subject: Re: [dpdk-dev] [PATCH] ethdev: add security flow item > >> > > >> >On Thu, 10 Sep 2020 22:14:41 +0530 > >> >Tejasree Kondoj <ktejas...@marvell.com> wrote: > >> > > >> >> Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to > >> distinguish > >> >> plain packets from IPsec decrypted plain packets. > >> >> > >> >> Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com> > >> > > >> >Please provide an implementation, API's without any driver support > >> >should not be accepted. > >> > > >> >Also, we need a test for this. > > > >[Tejasree] We would like to defer the patch and add implementation, test > >case in next cycle. > > > >> > >> +1 > >> Also, I think the word SECURITY is too high-level, and if specifically > >> you mention here an item for IPSec, perhaps you can consider renaming. > > > >[Tejasree] This item matches security processed packets and not specific to > >IPsec. > >Will change commit description as follows: > >" Introduce a new item type RTE_FLOW_ITEM_TYPE_SECURITY to match > >packets that were security processed. For example, in case of inline IPsec, > >it > >can be used to distinguish plain packets from IPsec decrypted plain packets" > >Would that be fine? > > It would be more clear, yes, thank you, but in this case I suggest to have a > field > in the spec that you can match on it. > For example, is it viable to know if the packet was processed by IPSec and not > AES? Maybe you want to have 2 flow with this new item, but still differentiate > between the types.
Why not use mark/tag/meta to set this value? The application will insert a flow that sends to security and mark the flow with some ID then the application can check this ID. Best, Ori
