From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 2B0C0A04A2; Tue, 5 Nov 2019 23:01:42 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 4F1B21BF6A; Tue, 5 Nov 2019 23:01:41 +0100 (CET) Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-eopbgr60085.outbound.protection.outlook.com [40.107.6.85]) by dpdk.org (Postfix) with ESMTP id 2BFD31BF66 for ; Tue, 5 Nov 2019 23:01:40 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z8XDXxvtfuuN1fJBqEDYLHuUKy876/0wtna/opy8GpXVWtEHCACrNTZqn7C+UJx9Gg0MBR/LmI9UZX1S7uSQaNnV/G7IYQt0UkkA+hJPlO+6MZ/SBzlcmo0ZHELvjE/3ZQIFzFU3DvX+3t7zQKZsUV/3uR2eRzqa9p+4e5jSnF9A6tpY486E1Wk/B9m2rcD/FpqDxGqABkzzcVMmuqBM9y4pf1XfmeLfuAoUDIUw93MatNeOFCmrIswFc7jqGEB0+b/CanZyYatWdH7cuuuO8toz7Cn2whiRdHWx99KKfHIjQHRXu2aSpVdOdMSnttjsJfrRVexTU7EELM/+3QlxoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4NU5JOCioGOjy6sHu49YrbFBvmhAb967pr0XDmiFuQ=; b=JVhQiUV6a4aD9CfGxE3DNvSrLZYUtKRUC4PNd62SMZXr9o221qjGvC/W6XsauaQMpLQ6Nwm+K/EKoTh7Y/zguqVYunIYNO3ut5kTJx4PdqsAfQ7nkbdb2E7MsULsZxpR8/k8Vpa9L7W628+PSdCRp9SuGhTUnYTfBqBQmCG75UmJioDO/PPOpI9pUGLd8J4lqc19rrwwTS8sGdKfFDibiA6ojQ4RYvG7GSm7iETG45Mb5jCqASjTe+6jC+thjXDoxIYqLoEW3Y9evglNe6Ew8aHNdfdj6lvLH6dXkav0JmaMJIxeyVNj/J2pbNaGtPuTgnH7YWVWJk0wmo0kUf+rTA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=N4NU5JOCioGOjy6sHu49YrbFBvmhAb967pr0XDmiFuQ=; b=g5Sc6W1mf9fBHhiwZw6nRv1Si6T1iqQLWwv4Rp26zuig133b2QTpyLEZn+GJgYPioxlWqHoBgeOBl8BfQDMNVcxy6AbIu9zFmrn8heNlBf229eTfvJ6ZP7i9NZfnvHO09a6v/fduzpF6KHU6MIFu3s6uyQozDLdZVlBwe4wwSVs= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6368.eurprd04.prod.outlook.com (20.179.232.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Tue, 5 Nov 2019 22:01:39 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561%6]) with mapi id 15.20.2408.024; Tue, 5 Nov 2019 22:01:39 +0000 From: Akhil Goyal To: Hemant Agrawal , "dev@dpdk.org" CC: "konstantin.ananyev@intel.com" , "anoobj@marvell.com" , Hemant Agrawal Thread-Topic: [PATCH v5 2/3] ipsec: remove redundant replay_win_sz Thread-Index: AQHVj+2mBs2AwixndU2N2eFFBbeMH6d9KFmA Date: Tue, 5 Nov 2019 22:01:39 +0000 Message-ID: References: <20191031045458.29166-1-hemant.agrawal@nxp.com> <20191031131502.12504-1-hemant.agrawal@nxp.com> <20191031131502.12504-2-hemant.agrawal@nxp.com> In-Reply-To: <20191031131502.12504-2-hemant.agrawal@nxp.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [223.190.56.205] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: a1f48020-670b-4653-2eb9-08d7623bbbe7 x-ms-traffictypediagnostic: VE1PR04MB6368:|VE1PR04MB6368: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:9508; x-forefront-prvs: 0212BDE3BE x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(136003)(39860400002)(396003)(366004)(376002)(346002)(199004)(189003)(74316002)(478600001)(11346002)(476003)(5660300002)(6436002)(44832011)(14454004)(486006)(81156014)(71190400001)(2501003)(71200400001)(7736002)(305945005)(7696005)(99286004)(52536014)(229853002)(55016002)(9686003)(6506007)(25786009)(102836004)(76176011)(86362001)(316002)(33656002)(2906002)(54906003)(4326008)(6116002)(6246003)(3846002)(256004)(110136005)(14444005)(66556008)(66476007)(76116006)(66946007)(66066001)(64756008)(66446008)(446003)(8936002)(186003)(26005)(81166006)(8676002); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6368; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: F3kHiq6/8FlFJ5FyClRGbwlxxUgV2WPK49o4LrV9k4dIrZk4QV8hPpaec1KEMdGMs6ng1OMUXfv5U7Kh2CoqHns7lxClK2/xMMhgPxzUyv251vmUI6fHAsAdAw8xGO596eerN/BypvYyL5Iq/Fn0ARC5h/lzLIRrF1BBj8/JzcPEfkLNrpO0H6J52CLsq3qKAeVaSiDrGykwSQDHoKdZvVbad7l02PsF68swcHhYmup3rNGoZJsEitJiYhTG3OsawrYkzQZThxF5GzenYVZ5PA7jPSd4QYc7mumsGCxmXXq8TgGpdJS4KpfU4OYWbeCB5CAjU+afmFC/ld7m2jMwnX+pek63NFaxbRG8qBvPetkhle9dJBxvSyMNU8ex+mI9R3r7MX8wsPMAXX537IRB969nmQhs1IPfZ5Adq5M80QYlur6Nz5i4oFtIjjmSu9JK Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a1f48020-670b-4653-2eb9-08d7623bbbe7 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Nov 2019 22:01:39.0877 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: S5+LyAt5sOjgc03lmSwyfyhppqpiL5439zCoGtYFSqTKz7Atp4wEUI9T/cikmGClMZRJOs4PcKCD+HrltzDSSg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6368 Subject: Re: [dpdk-dev] [PATCH v5 2/3] ipsec: remove redundant replay_win_sz X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Hemant, >=20 > The rte_security lib has introduced replay_win_sz, > so it can be removed from the rte_ipsec lib. >=20 > Also, the relaved tests,app are also update to reflect > the usages. >=20 > Signed-off-by: Hemant Agrawal > Acked-by: Konstantin Ananyev > --- > app/test/test_ipsec.c | 2 +- > doc/guides/rel_notes/release_19_11.rst | 7 +++++-- > examples/ipsec-secgw/ipsec.c | 1 + > examples/ipsec-secgw/sa.c | 2 +- > lib/librte_ipsec/Makefile | 2 +- > lib/librte_ipsec/meson.build | 1 + > lib/librte_ipsec/rte_ipsec_sa.h | 6 ------ > lib/librte_ipsec/sa.c | 4 ++-- > 8 files changed, 12 insertions(+), 13 deletions(-) >=20 > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c > index 4007eff19..7dc83fee7 100644 > --- a/app/test/test_ipsec.c > +++ b/app/test/test_ipsec.c > @@ -689,11 +689,11 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t > flags) >=20 > prm->userdata =3D 1; > prm->flags =3D flags; > - prm->replay_win_sz =3D replay_win_sz; >=20 > /* setup ipsec xform */ > prm->ipsec_xform =3D ut_params->ipsec_xform; > prm->ipsec_xform.salt =3D (uint32_t)rte_rand(); > + prm->ipsec_xform.replay_win_sz =3D replay_win_sz; >=20 > /* setup tunnel related fields */ > prm->tun.hdr_len =3D sizeof(ipv4_outer); > diff --git a/doc/guides/rel_notes/release_19_11.rst > b/doc/guides/rel_notes/release_19_11.rst > index 0508ec545..ca414edb5 100644 > --- a/doc/guides/rel_notes/release_19_11.rst > +++ b/doc/guides/rel_notes/release_19_11.rst > @@ -365,10 +365,13 @@ ABI Changes > align the Ethernet header on receive and all known encapsulations > preserve the alignment of the header. >=20 > -* security: A new field ''replay_win_sz'' has been added to the structur= e > +* security: The field ''replay_win_sz'' has been moved from ipsec librar= y > + based ''rte_ipsec_sa_prm'' structure to security library based structu= re > ``rte_security_ipsec_xform``, which specify the Anti replay window siz= e > to enable sequence replay attack handling. >=20 > +* ipsec: The field ''replay_win_sz'' has been removed from the structure > + ''rte_ipsec_sa_prm'' as it has been added to the security library. >=20 > Shared Library Versions > ----------------------- > @@ -411,7 +414,7 @@ The libraries prepended with a plus sign were > incremented in this version. > librte_gso.so.1 > librte_hash.so.2 > librte_ip_frag.so.1 > - librte_ipsec.so.1 > + + librte_ipsec.so.2 > librte_jobstats.so.1 > librte_kni.so.2 > librte_kvargs.so.1 > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c > index 51fb22e8a..159e81f99 100644 > --- a/examples/ipsec-secgw/ipsec.c > +++ b/examples/ipsec-secgw/ipsec.c > @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct > rte_security_ipsec_xform *ipsec) > /* TODO support for Transport */ > } > ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT; > + ipsec->replay_win_sz =3D app_sa_prm.window_size; The value of window_size is coming from command line and while parsing it, = lib mode Is getting enabled, which means people can use anti replay only when lib mo= de is enabled which is not correct. Also there should be a way to disable anti replay. So when it is not given = as command line It should not be enabled and default value should be 0. > } >=20 > int > diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c > index 14ee94731..3d687c459 100644 > --- a/examples/ipsec-secgw/sa.c > +++ b/examples/ipsec-secgw/sa.c > @@ -1055,7 +1055,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm, >=20 > prm->flags =3D app_prm->flags; > prm->ipsec_xform.options.esn =3D app_prm->enable_esn; > - prm->replay_win_sz =3D app_prm->window_size; > + prm->ipsec_xform.replay_win_sz =3D app_prm->window_size; > } >=20 > static int > diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile > index 81fb99980..161ea9e3d 100644 > --- a/lib/librte_ipsec/Makefile > +++ b/lib/librte_ipsec/Makefile > @@ -14,7 +14,7 @@ LDLIBS +=3D -lrte_cryptodev -lrte_security -lrte_hash >=20 > EXPORT_MAP :=3D rte_ipsec_version.map >=20 > -LIBABIVER :=3D 1 > +LIBABIVER :=3D 2 >=20 > # all source are stored in SRCS-y > SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) +=3D esp_inb.c > diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build > index 70358526b..e8604dadd 100644 > --- a/lib/librte_ipsec/meson.build > +++ b/lib/librte_ipsec/meson.build > @@ -1,6 +1,7 @@ > # SPDX-License-Identifier: BSD-3-Clause > # Copyright(c) 2018 Intel Corporation >=20 > +version =3D 2 > allow_experimental_apis =3D true >=20 > sources =3D files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad= .c') > diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec= _sa.h > index 47ce169d2..1cfde5874 100644 > --- a/lib/librte_ipsec/rte_ipsec_sa.h > +++ b/lib/librte_ipsec/rte_ipsec_sa.h > @@ -47,12 +47,6 @@ struct rte_ipsec_sa_prm { > uint8_t proto; /**< next header protocol */ > } trs; /**< transport mode related parameters */ > }; > - > - /** > - * window size to enable sequence replay attack handling. > - * replay checking is disabled if the window size is 0. > - */ > - uint32_t replay_win_sz; > }; >=20 > /** > diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c > index 23d394b46..6f1d92c3c 100644 > --- a/lib/librte_ipsec/sa.c > +++ b/lib/librte_ipsec/sa.c > @@ -439,7 +439,7 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm) > return rc; >=20 > /* determine required size */ > - wsz =3D prm->replay_win_sz; > + wsz =3D prm->ipsec_xform.replay_win_sz; > return ipsec_sa_size(type, &wsz, &nb); > } >=20 > @@ -461,7 +461,7 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const stru= ct > rte_ipsec_sa_prm *prm, > return rc; >=20 > /* determine required size */ > - wsz =3D prm->replay_win_sz; > + wsz =3D prm->ipsec_xform.replay_win_sz; > sz =3D ipsec_sa_size(type, &wsz, &nb); > if (sz < 0) > return sz; > -- > 2.17.1