[P4-dev] match against TLS/DTLS

Aldo Febro af12abw at gmail.com
Thu Jun 8 10:31:49 EDT 2017


Thanks Antonin for your reply.

Looking forward for extern support in bmv2 ... sounds really interesting!

Regards,
Aldo

On Wed, Jun 7, 2017 at 10:36 AM, Antonin Bas <antonin at barefootnetworks.com>
wrote:

> Hi Aldo,
>
> There is no native support for any encryption / decryption primitive in
> P4. However, the P4_16 version of the language (
> http://p4lang.github.io/p4-spec/docs/P4-16-v1.0.0-spec.html) introduces
> the "extern" construct, which is a way to expose target-specific
> capabilities to a P4 programmer.
> As an example, the architecture exposed to the P4 programmer could define
> the following extern:
> extern T decrypt<T>(T data);
>
> If you are not familiar with the P4_16 terminology (architecture, extern,
> etc...) I encourage you to read the spec.
> A few important points:
> - a P4 program is written for a given architecture. The architecture file
> is usually provided by the P4 hardware vendor, and the P4 programmer is not
> at liberty to modify it.
> - for a given hardware & architecture, a P4 compiler backend needs to be
> available. The compiler takes your P4 programs written for the architecture
> and compile them for the hardware target. The compiler backend understands
> the extern types in your architecture (e.g. encrypt / decrypt) and can
> configure the hardware appropriately.
> - the bmv2 software switch (https://github.com/p4lang/behavioral-model)
> is meant to be a convenient way to experiment with new architectures & new
> externs. The software switch is a special target as it enables us to have a
> single compiler backend that is able to support all architectures. However,
> at this stage, support is still somewhat incomplete.
>
> Thanks,
>
> Antonin
>
> On Tue, Jun 6, 2017 at 11:05 PM, Aldo Febro <af12abw at gmail.com> wrote:
>
>> Hi All,
>>
>> I'm wondering whether it is possible to do a match against a TLS or DTLS
>> packet?
>>
>> Is there a way to do decryption as part of the pipeline i.e. decrypt ->
>> match-action -> encrypt?
>>
>> Thanks a lot!
>> Aldo
>>
>>
>>
>> _______________________________________________
>> P4-dev mailing list
>> P4-dev at lists.p4.org
>> http://lists.p4.org/mailman/listinfo/p4-dev_lists.p4.org
>>
>
>
>
> --
> Antonin
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.p4.org/pipermail/p4-dev_lists.p4.org/attachments/20170608/b03b8a7d/attachment-0002.html>


More information about the P4-dev mailing list