From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6CA9FA00BE; Fri, 1 Nov 2019 07:16:54 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id C31C81D426; Fri, 1 Nov 2019 07:16:53 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by dpdk.org (Postfix) with ESMTP id 62AA11D150 for ; Fri, 1 Nov 2019 07:16:51 +0100 (CET) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id xA16FPa4010649; Thu, 31 Oct 2019 23:16:50 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=ozfk24IJVt98ckUn96kmobMPz/b32RzcusOioFi0pxY=; b=rnq9lJEsM/SbCxwNoQQc4uOI47945/TglM7lYHasQ2n3GN04dWVBZQ6MHkd72YPkY/Ba D54OBaywyW8afd5U4Jg/Gxkx5bnJaBSLLmCyLBplOb+d4EZOlf71swy4u2B9/Nqatuiw RA8Zj0yw8C9ADCwRGGqEe/mjVdXdO6zw7IOO2ncrWBD0+AC2WI8tmc2PjKHiXHCWGjWk jOGJCjeIdsZ5mYVYUG7aKZnr8RlssikUqcGhXcERmgrzC5G9aAKBTo8KnWD8/snHCTo0 v1LMago+pWrbRQ93g9aibCmVtxixXEk5vLKbsLi8TipSzOb8LCCSn61MNScePlCNL7Kx ng== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0a-0016f401.pphosted.com with ESMTP id 2vxwjmas4k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Thu, 31 Oct 2019 23:16:49 -0700 Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Thu, 31 Oct 2019 23:16:49 -0700 Received: from NAM04-SN1-obe.outbound.protection.outlook.com (104.47.44.59) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Thu, 31 Oct 2019 23:16:48 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n8OPoCF3I7IEv3ecKw35YSRaaC9e+0YHq7ORXRiROtAXvZ1CKMaLAYG3WR+iE4ybLxPMXANjMaxoHdlBaebOwknDzTaSq9m3czSTO9RHYmwIiyFGqfJ9lA0WXbd78B/QZnIIMiwEjazA8J4W1mYoAsQivY4ral6Yc5maHatw54Rk6VLqOfAmruux6sClawRthfkHDPYhAJLc6a7ZauDhzVdYWFbtcWTx2rckHIvGICIAIX2LKYBJaK16pmA92u1F+VK/RZvm3Gg34KrPvFko2HocnfCS4/+pS1r5083epX1I1y0cqgbJXKJXJV/TThrO8hu5AiI0eHhoAGrdfVMclw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ozfk24IJVt98ckUn96kmobMPz/b32RzcusOioFi0pxY=; b=fGuvq4knD43ENhf315bPAA8f/eegi0Veo2SLTvxlhni4YeUtBdslwj5FyuwkS3qwLB7ZYFTi6TC4Mmvm8kS2qzSpPqH09vh1nw3LTUEAVweHdXgSysYa/KMHtPBSYII5tQhC25lqNufqHZ/ThSLf/Oq2aJZy1XL8ONSTmedz8xpbz3muqwpSTOKTGZkLxNdLFPxydOQzEd9baeK24iXg/5t0GKCCSjtjX0wjzlC23cs7P3z9TiwAeqGwD2yQKkDWaSN2s4bY4dsojBuGT4YoVBn9cr40nsGdSfkZ+Sx7KAloRX4ggdTiJ0U2m4ot5n3YwxL5W6Dc2kbvl/N0WiqgJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ozfk24IJVt98ckUn96kmobMPz/b32RzcusOioFi0pxY=; b=C2AnnuF6wj38PEjQWVKP2rN5oOz0YWoGgbs9dQGRAgEgRGnKWEq9QyTnb8iNcXJxmWw2i3858DbnfNgwf3CAnJCIl0kU+Mo4YWkE+9WSrPuGcOeISgToz25dGYpQgENhFmTff1rZNf9Pof08bUEuZ4j+Nbs/wXjxiUHFMdV6vL8= Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by MN2PR18MB2976.namprd18.prod.outlook.com (20.179.20.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Fri, 1 Nov 2019 06:16:46 +0000 Received: from MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::6d15:3367:4c9:5385]) by MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::6d15:3367:4c9:5385%7]) with mapi id 15.20.2387.028; Fri, 1 Nov 2019 06:16:46 +0000 From: Anoob Joseph To: Hemant Agrawal , "dev@dpdk.org" , "akhil.goyal@nxp.com" CC: "konstantin.ananyev@intel.com" Thread-Topic: [EXT] [PATCH v5 1/3] security: add anti replay window size Thread-Index: AQHVj+2ojMXPcv1pL0222ahjBvbEzqd11s7Q Date: Fri, 1 Nov 2019 06:16:46 +0000 Message-ID: References: <20191031045458.29166-1-hemant.agrawal@nxp.com> <20191031131502.12504-1-hemant.agrawal@nxp.com> In-Reply-To: <20191031131502.12504-1-hemant.agrawal@nxp.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [115.110.136.6] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 2426ee9e-c393-499b-3f59-08d75e9312db x-ms-traffictypediagnostic: MN2PR18MB2976: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 020877E0CB x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(396003)(366004)(39860400002)(376002)(346002)(13464003)(199004)(189003)(9686003)(110136005)(2501003)(33656002)(256004)(486006)(229853002)(476003)(446003)(81166006)(14444005)(11346002)(316002)(478600001)(7736002)(305945005)(3846002)(6116002)(8676002)(81156014)(2906002)(4326008)(6246003)(8936002)(25786009)(5660300002)(71200400001)(52536014)(186003)(6436002)(55016002)(26005)(15650500001)(86362001)(102836004)(99286004)(66476007)(66556008)(66446008)(64756008)(53546011)(6506007)(7696005)(76116006)(66946007)(76176011)(66066001)(2201001)(14454004)(74316002)(71190400001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB2976; H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: marvell.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: /xieryHCta13oZYSKw1aX46ACqPGIJd7chFuWTiYcIhyFODlinUEhUrG5XSpvEE/gdmC3b3z+3pJu1s8F+gCKfYrJfKWLmbUaFwA3D5QoOylCbg9B1q/S8453RTAVe7maImIzlHKGZiueCsaXpN2xrRrgZFgbP7QGwhzgYg/fn1OMyR2AUngtilZn0gkwoTkpgO+sF+iA8fG3ByFbLsfDrShReuFinK6l+PXB28E6IW9mxLZTywP6knNVtqOQfokq976uoEpzE19Fub/UgFU47Yfe9hCCIdBxz+Lrntv/UgcA85GFpKX6iDsdvCvFHZZCX6zAFrj+jwUXedcKZHrFtg3bPVJHC/e2io/hY7iME2j4OX3sdVKrgtpaJ90TMhf8+jArgfCcST2kPxHHEjppSJRXsnBpaKfsU7l+ifG37C7Te6W0c0a5eyfvC/KwWu+ x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 2426ee9e-c393-499b-3f59-08d75e9312db X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Nov 2019 06:16:46.4207 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: AqHYkbRaSCPKGRdtKG5NkGPeVqlDOWClXSjZ5Dn/qfcJNLFSwxaeIiBhkVkTXZB+EWNvgmyfNo9tpA891+sGXg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2976 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-31_08:2019-10-30,2019-10-31 signatures=0 Subject: Re: [dpdk-dev] [EXT] [PATCH v5 1/3] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Hemant, Please see inline. > -----Original Message----- > From: Hemant Agrawal > Sent: Thursday, October 31, 2019 6:45 PM > To: dev@dpdk.org; akhil.goyal@nxp.com > Cc: konstantin.ananyev@intel.com; Anoob Joseph ; > Hemant Agrawal > Subject: [EXT] [PATCH v5 1/3] security: add anti replay window size >=20 > External Email >=20 > ---------------------------------------------------------------------- > At present the ipsec xfrom is missing the important step to configure the= anti > replay window size. > The newly added field will also help in to enable or disable the anti rep= lay > checking, if available in offload by means of non-zero or zero value. >=20 > Signed-off-by: Hemant Agrawal > Acked-by: Konstantin Ananyev > --- > doc/guides/rel_notes/release_19_11.rst | 6 +++++- > lib/librte_security/Makefile | 2 +- > lib/librte_security/meson.build | 2 +- > lib/librte_security/rte_security.h | 8 ++++++++ > 4 files changed, 15 insertions(+), 3 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_19_11.rst > b/doc/guides/rel_notes/release_19_11.rst > index ae8e7b2f0..0508ec545 100644 > --- a/doc/guides/rel_notes/release_19_11.rst > +++ b/doc/guides/rel_notes/release_19_11.rst > @@ -365,6 +365,10 @@ ABI Changes > align the Ethernet header on receive and all known encapsulations > preserve the alignment of the header. >=20 > +* security: A new field ''replay_win_sz'' has been added to the > +structure > + ``rte_security_ipsec_xform``, which specify the Anti replay window > +size > + to enable sequence replay attack handling. > + >=20 > Shared Library Versions > ----------------------- > @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were > incremented in this version. > librte_reorder.so.1 > librte_ring.so.2 > + librte_sched.so.4 > - librte_security.so.2 > + + librte_security.so.3 > librte_stack.so.1 > librte_table.so.3 > librte_timer.so.1 > diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile = index > 6708effdb..6a268ee2a 100644 > --- a/lib/librte_security/Makefile > +++ b/lib/librte_security/Makefile > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB =3D librte_securit= y.a >=20 > # library version > -LIBABIVER :=3D 2 > +LIBABIVER :=3D 3 >=20 > # build flags > CFLAGS +=3D -O3 > diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.= build > index a5130d2f6..6fed01273 100644 > --- a/lib/librte_security/meson.build > +++ b/lib/librte_security/meson.build > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2017-2019 Intel > Corporation >=20 > -version =3D 2 > +version =3D 3 > sources =3D files('rte_security.c') > headers =3D files('rte_security.h', 'rte_security_driver.h') deps +=3D = ['mempool', > 'cryptodev'] diff --git a/lib/librte_security/rte_security.h > b/lib/librte_security/rte_security.h > index aaafdfcd7..216e5370f 100644 > --- a/lib/librte_security/rte_security.h > +++ b/lib/librte_security/rte_security.h > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { > /**< Tunnel parameters, NULL for transport mode */ > uint64_t esn_soft_limit; > /**< ESN for which the overflow event need to be raised */ > + uint32_t replay_win_sz; > + /**< Anti replay window size to enable sequence replay attack handling. > + * replay checking is disabled if the window size is 0. > + */ > }; >=20 > /** > @@ -563,6 +567,10 @@ struct rte_security_capability { > /**< IPsec SA direction */ > struct rte_security_ipsec_sa_options options; > /**< IPsec SA supported options */ > + uint32_t replay_win_sz_max; > + /**< IPsec Anti Replay Window Size. A '0' value > + * indicates that Anti Replay Window is not supported. [Anoob] Minor comment. Should it be "Anti Replay is not supported."? =20 > + */ > } ipsec; > /**< IPsec capability */ > struct { > -- > 2.17.1=09 Acked-by: Anoob Joseph