[P4-dev] match against TLS/DTLS

Antonin Bas antonin at barefootnetworks.com
Wed Jun 7 13:36:33 EDT 2017

Hi Aldo,

There is no native support for any encryption / decryption primitive in P4.
However, the P4_16 version of the language (http://p4lang.github.io/p4-
spec/docs/P4-16-v1.0.0-spec.html) introduces the "extern" construct, which
is a way to expose target-specific capabilities to a P4 programmer.
As an example, the architecture exposed to the P4 programmer could define
the following extern:
extern T decrypt<T>(T data);

If you are not familiar with the P4_16 terminology (architecture, extern,
etc...) I encourage you to read the spec.
A few important points:
- a P4 program is written for a given architecture. The architecture file
is usually provided by the P4 hardware vendor, and the P4 programmer is not
at liberty to modify it.
- for a given hardware & architecture, a P4 compiler backend needs to be
available. The compiler takes your P4 programs written for the architecture
and compile them for the hardware target. The compiler backend understands
the extern types in your architecture (e.g. encrypt / decrypt) and can
configure the hardware appropriately.
- the bmv2 software switch (https://github.com/p4lang/behavioral-model) is
meant to be a convenient way to experiment with new architectures & new
externs. The software switch is a special target as it enables us to have a
single compiler backend that is able to support all architectures. However,
at this stage, support is still somewhat incomplete.



On Tue, Jun 6, 2017 at 11:05 PM, Aldo Febro <af12abw at gmail.com> wrote:

> Hi All,
> I'm wondering whether it is possible to do a match against a TLS or DTLS
> packet?
> Is there a way to do decryption as part of the pipeline i.e. decrypt ->
> match-action -> encrypt?
> Thanks a lot!
> Aldo
> _______________________________________________
> P4-dev mailing list
> P4-dev at lists.p4.org
> http://lists.p4.org/mailman/listinfo/p4-dev_lists.p4.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20170607/26bc5947/attachment-0002.html>

More information about the P4-dev mailing list