From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 1D2DAA00D7; Thu, 31 Oct 2019 11:20:56 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id AB19C1C1CE; Thu, 31 Oct 2019 11:20:54 +0100 (CET) Received: from mga09.intel.com (mga09.intel.com [134.134.136.24]) by dpdk.org (Postfix) with ESMTP id 45A8B1C1C5 for ; Thu, 31 Oct 2019 11:20:53 +0100 (CET) X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga008.jf.intel.com ([10.7.209.65]) by orsmga102.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 31 Oct 2019 03:20:52 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.68,250,1569308400"; d="scan'208";a="194276170" Received: from irsmsx103.ger.corp.intel.com ([163.33.3.157]) by orsmga008.jf.intel.com with ESMTP; 31 Oct 2019 03:20:50 -0700 Received: from irsmsx112.ger.corp.intel.com (10.108.20.5) by IRSMSX103.ger.corp.intel.com (163.33.3.157) with Microsoft SMTP Server (TLS) id 14.3.439.0; Thu, 31 Oct 2019 10:20:50 +0000 Received: from irsmsx104.ger.corp.intel.com ([169.254.5.252]) by irsmsx112.ger.corp.intel.com ([169.254.1.60]) with mapi id 14.03.0439.000; Thu, 31 Oct 2019 10:20:50 +0000 From: "Ananyev, Konstantin" To: Hemant Agrawal , "dev@dpdk.org" , "akhil.goyal@nxp.com" Thread-Topic: [PATCH v4 1/3] security: add anti replay window size Thread-Index: AQHVj6fQ892Nc9FhFUm8HS1s1rDI7ad0ihkg Date: Thu, 31 Oct 2019 10:20:49 +0000 Message-ID: <2601191342CEEE43887BDE71AB97725801A8C7369D@IRSMSX104.ger.corp.intel.com> References: <20191030085701.13815-1-hemant.agrawal@nxp.com> <20191031045458.29166-1-hemant.agrawal@nxp.com> In-Reply-To: <20191031045458.29166-1-hemant.agrawal@nxp.com> Accept-Language: en-IE, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNWIyZGJhNTctNDhmYi00ODEzLThjYTctMGE4OWEzODI3ZjYxIiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX05UIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE3LjEwLjE4MDQuNDkiLCJUcnVzdGVkTGFiZWxIYXNoIjoiNU9ZRnE3VDhDMExydzhWUngwU1M2cHp0b2Z5RVpjUzIrSnJJZ0RuaXZsTjhIeXVMMjdSZVdpZ1RVdjZ0RFU2UCJ9 x-ctpclassification: CTP_NT dlp-product: dlpe-windows dlp-version: 11.2.0.6 dlp-reaction: no-action x-originating-ip: [163.33.239.182] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Subject: Re: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > At present the ipsec xfrom is missing the important step > to configure the anti replay window size. > The newly added field will also help in to enable or disable > the anti replay checking, if available in offload by means > of non-zero or zero value. >=20 > Signed-off-by: Hemant Agrawal > --- > doc/guides/rel_notes/release_19_11.rst | 6 +++++- > lib/librte_security/Makefile | 2 +- > lib/librte_security/meson.build | 2 +- > lib/librte_security/rte_security.h | 4 ++++ > 4 files changed, 11 insertions(+), 3 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_note= s/release_19_11.rst > index ae8e7b2f0..0508ec545 100644 > --- a/doc/guides/rel_notes/release_19_11.rst > +++ b/doc/guides/rel_notes/release_19_11.rst > @@ -365,6 +365,10 @@ ABI Changes > align the Ethernet header on receive and all known encapsulations > preserve the alignment of the header. >=20 > +* security: A new field ''replay_win_sz'' has been added to the structur= e > + ``rte_security_ipsec_xform``, which specify the Anti replay window siz= e > + to enable sequence replay attack handling. > + >=20 > Shared Library Versions > ----------------------- > @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were increme= nted in this version. > librte_reorder.so.1 > librte_ring.so.2 > + librte_sched.so.4 > - librte_security.so.2 > + + librte_security.so.3 > librte_stack.so.1 > librte_table.so.3 > librte_timer.so.1 > diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile > index 6708effdb..6a268ee2a 100644 > --- a/lib/librte_security/Makefile > +++ b/lib/librte_security/Makefile > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk > LIB =3D librte_security.a >=20 > # library version > -LIBABIVER :=3D 2 > +LIBABIVER :=3D 3 >=20 > # build flags > CFLAGS +=3D -O3 > diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.= build > index a5130d2f6..6fed01273 100644 > --- a/lib/librte_security/meson.build > +++ b/lib/librte_security/meson.build > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: BSD-3-Clause > # Copyright(c) 2017-2019 Intel Corporation >=20 > -version =3D 2 > +version =3D 3 > sources =3D files('rte_security.c') > headers =3D files('rte_security.h', 'rte_security_driver.h') > deps +=3D ['mempool', 'cryptodev'] > diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte= _security.h > index aaafdfcd7..195ad5645 100644 > --- a/lib/librte_security/rte_security.h > +++ b/lib/librte_security/rte_security.h > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { > /**< Tunnel parameters, NULL for transport mode */ > uint64_t esn_soft_limit; > /**< ESN for which the overflow event need to be raised */ > + uint32_t replay_win_sz; > + /**< Anti replay window size to enable sequence replay attack handling. > + * replay checking is disabled if the window size is 0. > + */ > }; >=20 > /** > -- Acked-by: Konstantin Ananyev > 2.17.1