[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <66729b32d6391_276353294be@willemb.c.googlers.com.notmuch>
Date: Wed, 19 Jun 2024 04:47:46 -0400
From: Willem de Bruijn <willemdebruijn.kernel@...il.com>
To: Willem de Bruijn <willemdebruijn.kernel@...il.com>,
"Singhai, Anjali" <anjali.singhai@...el.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Cc: Paolo Abeni <pabeni@...hat.com>,
"willemdebruijn.kernel@...il.com" <willemdebruijn.kernel@...il.com>,
Boris Pismenny <borisp@...dia.com>,
"gal@...dia.com" <gal@...dia.com>,
"cratiu@...dia.com" <cratiu@...dia.com>,
"rrameshbabu@...dia.com" <rrameshbabu@...dia.com>,
"steffen.klassert@...unet.com" <steffen.klassert@...unet.com>,
"tariqt@...dia.com" <tariqt@...dia.com>,
Jakub Kicinski <kuba@...nel.org>,
"Samudrala, Sridhar" <sridhar.samudrala@...el.com>,
"Acharya, Arun Kumar" <arun.kumar.acharya@...el.com>
Subject: Re: [RFC net-next 00/15] add basic PSP encryption for TCP connections
> > 3. About the PSP and UDP header addition, why is the driver doing it? I guess it's because the SW equivalent for PSP support in the kernel does not exist and just an offload for the device. Again in this case the assumption is either the driver does it or the device will do it.
> > Hope that is irrelevant for the stack. In our case most likely it will be the device doing it.
> >
> > 4. Why is the driver adding the PSP trailer? Hoping this is between the driver and the device, in our case it's the device that will add the trailer.
>
> This does not adhere to the spec:
>
> "An option must be provided that enables upper-level software to send packets that are
> pre-formatted to include the headers required for PSP encapsulation. In this case, the
> NIC will modify the contents of the headers appropriately, apply
> encryption/authentication, and add the PSP trailer to the packet."
>
> https://raw.githubusercontent.com/google/psp/main/doc/PSP_Arch_Spec.pdf
I responded to the wrong statement. This is in response to point 3.
In general, PSP can work in tunnel and transport mode. In transport
mode, it is here assumed to be not transparent, but under control of
the operating system. That inserts the outer encapsulation headers and
prepares all fields as it sees fit. E.g., using the inner 4-tuple as
entropy for the outer UDP source port, and selecting the right SPI.
Powered by blists - more mailing lists