Comments (3)
stolsma
commented on June 9, 2024
1
If the 'host loopback' arrow is eliminated, would it be possible for a packet to skip message processing by using recirculation?
@rst0git As I recall correctly (but I could be wrong here) the current spec doesn't allow recirculation to enter the other pipeline direction (net-to-host -> recirculate -> host-to-net) currently it stays in the same direction (net-to-host -> recirculate -> net-to-host and host-to-net -> recirculate -> host-to-net). My opinion is that changing this recirculate requirement would not be the right way to 'solve' the host loopback path question...
from pna.
rst0git
commented on June 9, 2024
If the 'host loopback' arrow is eliminated, would it be possible for a packet to skip message processing by using recirculation?
from pna.
stolsma
commented on June 9, 2024
After thinking about this question a long time I came to the following opinion, hopefully it will help...
If it means that this decision will also remove the packet-from-host-loopback packetpath type indication its a definitive no go for me because it then will be impossible to separate host originating packets from host side recirculated packets. We can add packet headers field indicating host recirculated packets but that would be not so nice as it will use precious parsing and control code space.
Also, if the recirculated packets go through the message processing block, the message processing block (and maybe future host side loaded MP block programs) must obey the host-loopback indication given by the from-net-to-host pipeline. In the case of separate control of the pipeline and message processing module (as described at the end of paragraph 1.2 'Message processing') that could be not the case and and my gut feeling says this may result in a serious security risk (again, gut feeling...).
Very curious what other opinions are!
from pna.
Related Issues (20)
- Any desire to define behavior of add_on_miss=true table WITHOUT data plane deletions of expired entries? HOT 2
- Create functionally correct example demonstrating IPsec encryption and decryption
- Full payload checksum
- Should PNA support resubmit operation? Also: document details of recirculate operation behavior
- What do crypto offsets apply to? Packet as parsed, or packet after deparsing?
- The types of the generics in crypto_accelerator extern maybe should be a static type instead of a generics
- Add text to PNA specification on encrypt/decrypt operations HOT 4
- Add XOR hash function(s)
- Address the issue of pipelines that can have packets "pass each other up" in the middle of the pipeline HOT 1
- Add text explaining how to delete entries from the dataplane, and describe `ExpireTimeProfileId_t`.
- Minor bug in IPsec example program
- Remove last remaining occurrences of HOST_TO_NET and NET_TO_HOST from spec
- Add glossary, and consider using "inline accelerator" consistently when referring to encrypt/decrypt block
- Devise an explicit convention to document which parts of pna.p4 are intended to be vendor-customizable vs. not
- Proposal for setting packets and bytes counter widths separately HOT 5
- Lack of documentation on the optional bytes counter increment parameter HOT 7
- Should it be possible to recirculate mirrored copies of a packet ? HOT 1
- How to pass an extern object instance of type X as a parameter to a method call that is a method of type X HOT 1
- PNA spec declares headers on deparser are RO HOT 2
- PNA/PSA extern restrictions HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pna.