From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org [92.243.14.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 72258A00BE;
	Wed, 30 Oct 2019 14:08:41 +0100 (CET)
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id D899F1BF68;
	Wed, 30 Oct 2019 14:08:40 +0100 (CET)
Received: from mga04.intel.com (mga04.intel.com [192.55.52.120])
 by dpdk.org (Postfix) with ESMTP id 59C051BF55
 for <dev@dpdk.org>; Wed, 30 Oct 2019 14:08:38 +0100 (CET)
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from fmsmga002.fm.intel.com ([10.253.24.26])
 by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 30 Oct 2019 06:08:37 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.68,247,1569308400"; d="scan'208";a="230438150"
Received: from irsmsx107.ger.corp.intel.com ([163.33.3.99])
 by fmsmga002.fm.intel.com with ESMTP; 30 Oct 2019 06:08:36 -0700
Received: from irsmsx156.ger.corp.intel.com (10.108.20.68) by
 IRSMSX107.ger.corp.intel.com (163.33.3.99) with Microsoft SMTP Server (TLS)
 id 14.3.439.0; Wed, 30 Oct 2019 13:08:35 +0000
Received: from irsmsx104.ger.corp.intel.com ([169.254.5.252]) by
 IRSMSX156.ger.corp.intel.com ([169.254.3.227]) with mapi id 14.03.0439.000;
 Wed, 30 Oct 2019 13:08:35 +0000
From: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>
To: Hemant Agrawal <hemant.agrawal@nxp.com>, "dev@dpdk.org" <dev@dpdk.org>,
 "akhil.goyal@nxp.com" <akhil.goyal@nxp.com>
Thread-Topic: [PATCH v3 2/2] ipsec: remove redundant replay_win_sz
Thread-Index: AQHVjwB3UT1qB5vXhk6C9GxrT6+ozadzJ8jQ
Date: Wed, 30 Oct 2019 13:08:35 +0000
Message-ID: <2601191342CEEE43887BDE71AB97725801A8C728B2@IRSMSX104.ger.corp.intel.com>
References: <20191030065703.32068-1-hemant.agrawal@nxp.com>
 <20191030085701.13815-1-hemant.agrawal@nxp.com>
 <20191030085701.13815-2-hemant.agrawal@nxp.com>
In-Reply-To: <20191030085701.13815-2-hemant.agrawal@nxp.com>
Accept-Language: en-IE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODc0NWZjZTktOTIwYS00M2Y0LWJlZmUtYTliYTkxM2E1YWI2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUWRUSjBkcVFnVVltMndGc0pwMDBkdzBxOVFQekhGaVQ5RXUrcE1RdjN6cXlUZmNodU8yUHVOVEJmREdPb3RHZCJ9
x-ctpclassification: CTP_NT
dlp-product: dlpe-windows
dlp-version: 11.2.0.6
dlp-reaction: no-action
x-originating-ip: [163.33.239.182]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [dpdk-dev] [PATCH v3 2/2] ipsec: remove redundant replay_win_sz
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Hi Hemant,

> The rte_security lib has introduced replay_win_sz,
> so it can be removed from the rte_ipsec lib.
>=20
> Also, the relaved tests,app are also update to reflect
> the usages.
>=20
> Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
> v3: fix the compilation issue
>=20
>  app/test/test_ipsec.c                  |  2 +-
>  doc/guides/rel_notes/release_19_11.rst | 10 ++++++++--
>  examples/ipsec-secgw/ipsec.c           |  1 +
>  examples/ipsec-secgw/sa.c              |  2 +-
>  lib/librte_ipsec/Makefile              |  2 +-
>  lib/librte_ipsec/meson.build           |  1 +
>  lib/librte_ipsec/rte_ipsec_sa.h        |  6 ------
>  lib/librte_ipsec/sa.c                  |  4 ++--
>  8 files changed, 15 insertions(+), 13 deletions(-)
>=20
> diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
> index 4007eff19..9e3dabd93 100644
> --- a/app/test/test_ipsec.c
> +++ b/app/test/test_ipsec.c
> @@ -689,7 +689,7 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t fla=
gs)
>=20
>  	prm->userdata =3D 1;
>  	prm->flags =3D flags;
> -	prm->replay_win_sz =3D replay_win_sz;
> +	prm->ipsec_xform.replay_win_sz =3D replay_win_sz;

We need to do it later - as on the next line (see below),
we'll overwrite whole ipsec_xform.=20

>=20
>  	/* setup ipsec xform */
>  	prm->ipsec_xform =3D ut_params->ipsec_xform;

diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 9e3dabd93..7dc83fee7 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -689,11 +689,11 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t fla=
gs)

        prm->userdata =3D 1;
        prm->flags =3D flags;
-       prm->ipsec_xform.replay_win_sz =3D replay_win_sz;

        /* setup ipsec xform */
        prm->ipsec_xform =3D ut_params->ipsec_xform;
        prm->ipsec_xform.salt =3D (uint32_t)rte_rand();
+       prm->ipsec_xform.replay_win_sz =3D replay_win_sz;

        /* setup tunnel related fields */
        prm->tun.hdr_len =3D sizeof(ipv4_outer);


> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_note=
s/release_19_11.rst
> index ae8e7b2f0..aa16c8422 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -365,6 +365,12 @@ ABI Changes
>    align the Ethernet header on receive and all known encapsulations
>    preserve the alignment of the header.
>=20
> +* security: A new field ''replay_win_sz'' has been added to the structur=
e
> +  ``rte_security_ipsec_xform``, which specify the Anti replay window siz=
e
> +  to enable sequence replay attack handling.
> +
> +* ipsec: The field ''replay_win_sz'' has been removed from the structure
> +  ''rte_ipsec_sa_prm'' as it has been added to the security library.
>=20
>  Shared Library Versions
>  -----------------------
> @@ -407,7 +413,7 @@ The libraries prepended with a plus sign were increme=
nted in this version.
>       librte_gso.so.1
>       librte_hash.so.2
>       librte_ip_frag.so.1
> -     librte_ipsec.so.1
> +   + librte_ipsec.so.2
>       librte_jobstats.so.1
>       librte_kni.so.2
>       librte_kvargs.so.1
> @@ -437,7 +443,7 @@ The libraries prepended with a plus sign were increme=
nted in this version.
>       librte_reorder.so.1
>       librte_ring.so.2
>     + librte_sched.so.4
> -     librte_security.so.2
> +   + librte_security.so.3
>       librte_stack.so.1
>       librte_table.so.3
>       librte_timer.so.1
> diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
> index 51fb22e8a..159e81f99 100644
> --- a/examples/ipsec-secgw/ipsec.c
> +++ b/examples/ipsec-secgw/ipsec.c
> @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security=
_ipsec_xform *ipsec)
>  		/* TODO support for Transport */
>  	}
>  	ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT;
> +	ipsec->replay_win_sz =3D app_sa_prm.window_size;
>  }
>=20
>  int
> diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
> index 14ee94731..3d687c459 100644
> --- a/examples/ipsec-secgw/sa.c
> +++ b/examples/ipsec-secgw/sa.c
> @@ -1055,7 +1055,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm,
>=20
>  	prm->flags =3D app_prm->flags;
>  	prm->ipsec_xform.options.esn =3D app_prm->enable_esn;
> -	prm->replay_win_sz =3D app_prm->window_size;
> +	prm->ipsec_xform.replay_win_sz =3D app_prm->window_size;
>  }
>=20
>  static int
> diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
> index 81fb99980..161ea9e3d 100644
> --- a/lib/librte_ipsec/Makefile
> +++ b/lib/librte_ipsec/Makefile
> @@ -14,7 +14,7 @@ LDLIBS +=3D -lrte_cryptodev -lrte_security -lrte_hash
>=20
>  EXPORT_MAP :=3D rte_ipsec_version.map
>=20
> -LIBABIVER :=3D 1
> +LIBABIVER :=3D 2
>=20
>  # all source are stored in SRCS-y
>  SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) +=3D esp_inb.c
> diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
> index 70358526b..e8604dadd 100644
> --- a/lib/librte_ipsec/meson.build
> +++ b/lib/librte_ipsec/meson.build
> @@ -1,6 +1,7 @@
>  # SPDX-License-Identifier: BSD-3-Clause
>  # Copyright(c) 2018 Intel Corporation
>=20
> +version =3D 2
>  allow_experimental_apis =3D true
>=20
>  sources =3D files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad=
.c')
> diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec=
_sa.h
> index 47ce169d2..1cfde5874 100644
> --- a/lib/librte_ipsec/rte_ipsec_sa.h
> +++ b/lib/librte_ipsec/rte_ipsec_sa.h
> @@ -47,12 +47,6 @@ struct rte_ipsec_sa_prm {
>  			uint8_t proto;  /**< next header protocol */
>  		} trs; /**< transport mode related parameters */
>  	};
> -
> -	/**
> -	 * window size to enable sequence replay attack handling.
> -	 * replay checking is disabled if the window size is 0.
> -	 */
> -	uint32_t replay_win_sz;
>  };
>=20
>  /**
> diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c
> index 23d394b46..6f1d92c3c 100644
> --- a/lib/librte_ipsec/sa.c
> +++ b/lib/librte_ipsec/sa.c
> @@ -439,7 +439,7 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm)
>  		return rc;
>=20
>  	/* determine required size */
> -	wsz =3D prm->replay_win_sz;
> +	wsz =3D prm->ipsec_xform.replay_win_sz;
>  	return ipsec_sa_size(type, &wsz, &nb);
>  }
>=20
> @@ -461,7 +461,7 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const stru=
ct rte_ipsec_sa_prm *prm,
>  		return rc;
>=20
>  	/* determine required size */
> -	wsz =3D prm->replay_win_sz;
> +	wsz =3D prm->ipsec_xform.replay_win_sz;
>  	sz =3D ipsec_sa_size(type, &wsz, &nb);
>  	if (sz < 0)
>  		return sz;
> --
> 2.17.1