From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 72258A00BE; Wed, 30 Oct 2019 14:08:41 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id D899F1BF68; Wed, 30 Oct 2019 14:08:40 +0100 (CET) Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by dpdk.org (Postfix) with ESMTP id 59C051BF55 for ; Wed, 30 Oct 2019 14:08:38 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga104.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 30 Oct 2019 06:08:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,247,1569308400"; d="scan'208";a="230438150" Received: from irsmsx107.ger.corp.intel.com ([163.33.3.99]) by fmsmga002.fm.intel.com with ESMTP; 30 Oct 2019 06:08:36 -0700 Received: from irsmsx156.ger.corp.intel.com (10.108.20.68) by IRSMSX107.ger.corp.intel.com (163.33.3.99) with Microsoft SMTP Server (TLS) id 14.3.439.0; Wed, 30 Oct 2019 13:08:35 +0000 Received: from irsmsx104.ger.corp.intel.com ([169.254.5.252]) by IRSMSX156.ger.corp.intel.com ([169.254.3.227]) with mapi id 14.03.0439.000; Wed, 30 Oct 2019 13:08:35 +0000 From: "Ananyev, Konstantin" To: Hemant Agrawal , "dev@dpdk.org" , "akhil.goyal@nxp.com" Thread-Topic: [PATCH v3 2/2] ipsec: remove redundant replay_win_sz Thread-Index: AQHVjwB3UT1qB5vXhk6C9GxrT6+ozadzJ8jQ Date: Wed, 30 Oct 2019 13:08:35 +0000 Message-ID: <2601191342CEEE43887BDE71AB97725801A8C728B2@IRSMSX104.ger.corp.intel.com> References: <20191030065703.32068-1-hemant.agrawal@nxp.com> <20191030085701.13815-1-hemant.agrawal@nxp.com> <20191030085701.13815-2-hemant.agrawal@nxp.com> In-Reply-To: <20191030085701.13815-2-hemant.agrawal@nxp.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiODc0NWZjZTktOTIwYS00M2Y0LWJlZmUtYTliYTkxM2E1YWI2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiUWRUSjBkcVFnVVltMndGc0pwMDBkdzBxOVFQekhGaVQ5RXUrcE1RdjN6cXlUZmNodU8yUHVOVEJmREdPb3RHZCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [163.33.239.182] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v3 2/2] ipsec: remove redundant replay_win_sz X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Hemant, > The rte_security lib has introduced replay_win_sz, > so it can be removed from the rte_ipsec lib. >=20 > Also, the relaved tests,app are also update to reflect > the usages. >=20 > Signed-off-by: Hemant Agrawal > --- > v3: fix the compilation issue >=20 > app/test/test_ipsec.c | 2 +- > doc/guides/rel_notes/release_19_11.rst | 10 ++++++++-- > examples/ipsec-secgw/ipsec.c | 1 + > examples/ipsec-secgw/sa.c | 2 +- > lib/librte_ipsec/Makefile | 2 +- > lib/librte_ipsec/meson.build | 1 + > lib/librte_ipsec/rte_ipsec_sa.h | 6 ------ > lib/librte_ipsec/sa.c | 4 ++-- > 8 files changed, 15 insertions(+), 13 deletions(-) >=20 > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c > index 4007eff19..9e3dabd93 100644 > --- a/app/test/test_ipsec.c > +++ b/app/test/test_ipsec.c > @@ -689,7 +689,7 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t fla= gs) >=20 > prm->userdata =3D 1; > prm->flags =3D flags; > - prm->replay_win_sz =3D replay_win_sz; > + prm->ipsec_xform.replay_win_sz =3D replay_win_sz; We need to do it later - as on the next line (see below), we'll overwrite whole ipsec_xform.=20 >=20 > /* setup ipsec xform */ > prm->ipsec_xform =3D ut_params->ipsec_xform; diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index 9e3dabd93..7dc83fee7 100644 --- a/app/test/test_ipsec.c +++ b/app/test/test_ipsec.c @@ -689,11 +689,11 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t fla= gs) prm->userdata =3D 1; prm->flags =3D flags; - prm->ipsec_xform.replay_win_sz =3D replay_win_sz; /* setup ipsec xform */ prm->ipsec_xform =3D ut_params->ipsec_xform; prm->ipsec_xform.salt =3D (uint32_t)rte_rand(); + prm->ipsec_xform.replay_win_sz =3D replay_win_sz; /* setup tunnel related fields */ prm->tun.hdr_len =3D sizeof(ipv4_outer); > diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_note= s/release_19_11.rst > index ae8e7b2f0..aa16c8422 100644 > --- a/doc/guides/rel_notes/release_19_11.rst > +++ b/doc/guides/rel_notes/release_19_11.rst > @@ -365,6 +365,12 @@ ABI Changes > align the Ethernet header on receive and all known encapsulations > preserve the alignment of the header. >=20 > +* security: A new field ''replay_win_sz'' has been added to the structur= e > + ``rte_security_ipsec_xform``, which specify the Anti replay window siz= e > + to enable sequence replay attack handling. > + > +* ipsec: The field ''replay_win_sz'' has been removed from the structure > + ''rte_ipsec_sa_prm'' as it has been added to the security library. >=20 > Shared Library Versions > ----------------------- > @@ -407,7 +413,7 @@ The libraries prepended with a plus sign were increme= nted in this version. > librte_gso.so.1 > librte_hash.so.2 > librte_ip_frag.so.1 > - librte_ipsec.so.1 > + + librte_ipsec.so.2 > librte_jobstats.so.1 > librte_kni.so.2 > librte_kvargs.so.1 > @@ -437,7 +443,7 @@ The libraries prepended with a plus sign were increme= nted in this version. > librte_reorder.so.1 > librte_ring.so.2 > + librte_sched.so.4 > - librte_security.so.2 > + + librte_security.so.3 > librte_stack.so.1 > librte_table.so.3 > librte_timer.so.1 > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 51fb22e8a..159e81f99 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security= _ipsec_xform *ipsec) > /* TODO support for Transport */ > } > ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT; > + ipsec->replay_win_sz =3D app_sa_prm.window_size; > } >=20 > int > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 14ee94731..3d687c459 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -1055,7 +1055,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm, >=20 > prm->flags =3D app_prm->flags; > prm->ipsec_xform.options.esn =3D app_prm->enable_esn; > - prm->replay_win_sz =3D app_prm->window_size; > + prm->ipsec_xform.replay_win_sz =3D app_prm->window_size; > } >=20 > static int > diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile > index 81fb99980..161ea9e3d 100644 > --- a/lib/librte_ipsec/Makefile > +++ b/lib/librte_ipsec/Makefile > @@ -14,7 +14,7 @@ LDLIBS +=3D -lrte_cryptodev -lrte_security -lrte_hash >=20 > EXPORT_MAP :=3D rte_ipsec_version.map >=20 > -LIBABIVER :=3D 1 > +LIBABIVER :=3D 2 >=20 > # all source are stored in SRCS-y > SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) +=3D esp_inb.c > diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build > index 70358526b..e8604dadd 100644 > --- a/lib/librte_ipsec/meson.build > +++ b/lib/librte_ipsec/meson.build > @@ -1,6 +1,7 @@ > # SPDX-License-Identifier: BSD-3-Clause > # Copyright(c) 2018 Intel Corporation >=20 > +version =3D 2 > allow_experimental_apis =3D true >=20 > sources =3D files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad= .c') > diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec= _sa.h > index 47ce169d2..1cfde5874 100644 > --- a/lib/librte_ipsec/rte_ipsec_sa.h > +++ b/lib/librte_ipsec/rte_ipsec_sa.h > @@ -47,12 +47,6 @@ struct rte_ipsec_sa_prm { > uint8_t proto; /**< next header protocol */ > } trs; /**< transport mode related parameters */ > }; > - > - /** > - * window size to enable sequence replay attack handling. > - * replay checking is disabled if the window size is 0. > - */ > - uint32_t replay_win_sz; > }; >=20 > /** > diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c > index 23d394b46..6f1d92c3c 100644 > --- a/lib/librte_ipsec/sa.c > +++ b/lib/librte_ipsec/sa.c > @@ -439,7 +439,7 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm) > return rc; >=20 > /* determine required size */ > - wsz =3D prm->replay_win_sz; > + wsz =3D prm->ipsec_xform.replay_win_sz; > return ipsec_sa_size(type, &wsz, &nb); > } >=20 > @@ -461,7 +461,7 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const stru= ct rte_ipsec_sa_prm *prm, > return rc; >=20 > /* determine required size */ > - wsz =3D prm->replay_win_sz; > + wsz =3D prm->ipsec_xform.replay_win_sz; > sz =3D ipsec_sa_size(type, &wsz, &nb); > if (sz < 0) > return sz; > -- > 2.17.1