From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 365D1A04AB; Wed, 6 Nov 2019 15:29:34 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 0FEC81C230; Wed, 6 Nov 2019 15:29:34 +0100 (CET) Received: from EUR01-VE1-obe.outbound.protection.outlook.com (mail-eopbgr140052.outbound.protection.outlook.com [40.107.14.52]) by dpdk.org (Postfix) with ESMTP id 7CDE41C22B for ; Wed, 6 Nov 2019 15:29:33 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=IJjuhbyBQ+Wt6XN1TUVtodtp693G184biOgfxajNxY7/dTCsXSpwFlPIHtL+RQrUIJMOcvNiOQEwVjOYkbvSP0v+Pmghf+ofaxl09UDZKfBzHXogUiSx6jORaNmC/xPIaDHLAhSSGi/oEhHl/Cw9gTWuSFxUM7IL53OsmXLU0k86cbtYAp6EDysrZQbCauEdriyoZdyd/Ca62dKqRTmvpGUFnqd4UksNzIgUxhEQfbUY7OcC8Ojwx3AjpuYlyL/Sj29vFqRW79milIyRiUpSwrf5yXzbvl0V2b858tEKKWbEriYpwgenwfa6E9fyQn+9aNJU37MgG/14wBYC2BvfDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZYj7p466QZF74W53k/lHu2iBqz2zR+J/xf2uUP9Ui6g=; b=U3OpleTv8jVJAF6jv0OVPzT/8fEHq2hdYimeWMoGM6z+OtzsVfNWDGzKYfSRn4X1xpKrFhkuHuO4P3MzlmNrDvN6q+9csbyFkRdqR/64tlCHIk+haFdj0jS/xZfsVr66Mq2pr3y7XDUxaMKXqOHXwrr3Gw9XkzmA5KPqwtvBZ3it2dxIUuOFsa6ge/3Abhq6w4Mvq743SIChLmtdm15imR/hO0LnZF/z4a2dfT7ozeAXmwWdzd4BXYi/oT4FdUJpzpLNtfULqgjYkIvZ2SgEQy4Vcb8PuXTHOihqzyYcw79+ppj+d7tX54Uhfy6lKLD9SpSO7rR+XU8+lfVWGVR86w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZYj7p466QZF74W53k/lHu2iBqz2zR+J/xf2uUP9Ui6g=; b=lap2VEbLXcgHzqzgmbwIZiuXZ4Gtsd/jgitao6nybGlXG9ArFl4HbmWlJy1KUYxpVh7V+MEYvL1v7adHqI8vaY8Orm7HnmPFKZWAGBmr+pKQWgyfAGYR4FZtJJViZIqxZQLypJMAf0Pz0LP+G88b9Tl54DNkFebOUEd6Zl3DvBs= Received: from VE1PR04MB6639.eurprd04.prod.outlook.com (10.255.118.11) by VE1PR04MB6526.eurprd04.prod.outlook.com (20.179.233.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2430.20; Wed, 6 Nov 2019 14:29:31 +0000 Received: from VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561]) by VE1PR04MB6639.eurprd04.prod.outlook.com ([fe80::9dc:aa5c:2bb8:b561%6]) with mapi id 15.20.2408.025; Wed, 6 Nov 2019 14:29:31 +0000 From: Akhil Goyal To: "Ananyev, Konstantin" , Hemant Agrawal , "dev@dpdk.org" Thread-Topic: [dpdk-dev] [PATCH v6 2/3] ipsec: remove redundant replay_win_sz Thread-Index: AQHVlG9xtT/ZqM3zQUKftRhp9vKDcad+JBMAgAAAY9CAAA8xgIAAADDQ Date: Wed, 6 Nov 2019 14:29:31 +0000 Message-ID: References: <20191031131502.12504-1-hemant.agrawal@nxp.com> <20191106065414.4311-1-hemant.agrawal@nxp.com> <20191106065414.4311-2-hemant.agrawal@nxp.com> <2601191342CEEE43887BDE71AB97725801A8C810FD@IRSMSX104.ger.corp.intel.com> <2601191342CEEE43887BDE71AB97725801A8C811FB@IRSMSX104.ger.corp.intel.com> In-Reply-To: <2601191342CEEE43887BDE71AB97725801A8C811FB@IRSMSX104.ger.corp.intel.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=akhil.goyal@nxp.com; x-originating-ip: [92.120.1.65] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 10f02604-1dc7-42ac-48a3-08d762c5bce7 x-ms-traffictypediagnostic: VE1PR04MB6526:|VE1PR04MB6526: x-ms-exchange-purlcount: 1 x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:3383; x-forefront-prvs: 02135EB356 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(4636009)(346002)(376002)(136003)(396003)(366004)(39860400002)(199004)(189003)(6506007)(476003)(186003)(8936002)(71190400001)(14444005)(86362001)(81166006)(7736002)(66066001)(81156014)(74316002)(44832011)(305945005)(99286004)(446003)(11346002)(478600001)(25786009)(71200400001)(486006)(6116002)(76116006)(6246003)(316002)(2906002)(66476007)(66556008)(256004)(66446008)(110136005)(33656002)(64756008)(966005)(5660300002)(6306002)(52536014)(8676002)(6436002)(14454004)(9686003)(3846002)(55016002)(7696005)(26005)(2501003)(76176011)(66946007)(102836004)(229853002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:VE1PR04MB6526; H:VE1PR04MB6639.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7nR32f5yyhJRY11xotfm7piUk2OwOtuEd1O0ijpx248ke2MgHnfHyQPkzOFfOa/kFmuaT/TT2TSwLkD3xqYgccfBClDPxWV+orT4IrzQgitBw8eQpgFaswJgjX3Shv5MM2z+Z72IcrjMXX1UiUCZP0A0pO/WDc3g6Qzk4yNy971E+BIkovwZcm3/cS34V9k+pGfBVG5en3kczXZIG+auW26qkwj0OrHzFXOTC4tznUMWqHMCjE3Xt36K2ENSIMK44kkBWjuxThUH7NYIDSVvAmhnqE8wTBA2mlTObh8yuPztI0po8F+iELgXp5AQS+MAVCSTVQUInL5yepASvKJTILFvEpEBnGHvU3hJxRL6npvFr6iBUED0YSRV/tPBhtUus2d6UlVWsSc+rlZ4XjfIpGbjUhc/+NsD1LARjXFjgKn92fFbDVc1nNNsgCG4UfMs7D4f+AXgbIE+ze4cUZ3+Kx1Fjr0hLd6n/5iQTIxrwEM= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 10f02604-1dc7-42ac-48a3-08d762c5bce7 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 14:29:31.2308 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 1/kM0uCqRjVCkXKmFnt+q8qs6cC1UWwUEZ956p/9BCRDqQcaq/KsslWxo+sZ9TohYyVTzdm4GN4A+GMdG7ckbg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR04MB6526 Subject: Re: [dpdk-dev] [PATCH v6 2/3] ipsec: remove redundant replay_win_sz X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" >=20 > > > > The rte_security lib has introduced replay_win_sz, > > > > so it can be removed from the rte_ipsec lib. > > > > > > > > The relaved tests,app are also update to reflect > > > > the usages. > > > > > > > > Note that esn and anti-replay fileds were earlier used > > > > only for ipsec library, they were enabling the libipsec > > > > by default. With this change esn and anti-replay setting > > > > will not automatically enabled libipsec. > > > > > > > > Signed-off-by: Hemant Agrawal > > > > Acked-by: Konstantin Ananyev > > > > --- > > > > app/test/test_ipsec.c | 2 +- > > > > doc/guides/rel_notes/release_19_11.rst | 7 +++++-- > > > > examples/ipsec-secgw/ipsec-secgw.c | 5 ----- > > > > examples/ipsec-secgw/ipsec.c | 4 ++++ > > > > examples/ipsec-secgw/sa.c | 2 +- > > > > lib/librte_ipsec/Makefile | 2 +- > > > > lib/librte_ipsec/meson.build | 1 + > > > > lib/librte_ipsec/rte_ipsec_sa.h | 6 ------ > > > > lib/librte_ipsec/sa.c | 4 ++-- > > > > 9 files changed, 15 insertions(+), 18 deletions(-) > > > > > > > > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c > > > > index 4007eff19..7dc83fee7 100644 > > > > --- a/app/test/test_ipsec.c > > > > +++ b/app/test/test_ipsec.c > > > > @@ -689,11 +689,11 @@ fill_ipsec_param(uint32_t replay_win_sz, > uint64_t > > > flags) > > > > > > > > prm->userdata =3D 1; > > > > prm->flags =3D flags; > > > > - prm->replay_win_sz =3D replay_win_sz; > > > > > > > > /* setup ipsec xform */ > > > > prm->ipsec_xform =3D ut_params->ipsec_xform; > > > > prm->ipsec_xform.salt =3D (uint32_t)rte_rand(); > > > > + prm->ipsec_xform.replay_win_sz =3D replay_win_sz; > > > > > > > > /* setup tunnel related fields */ > > > > prm->tun.hdr_len =3D sizeof(ipv4_outer); > > > > diff --git a/doc/guides/rel_notes/release_19_11.rst > > > b/doc/guides/rel_notes/release_19_11.rst > > > > index dcae08002..0504a3443 100644 > > > > --- a/doc/guides/rel_notes/release_19_11.rst > > > > +++ b/doc/guides/rel_notes/release_19_11.rst > > > > @@ -369,10 +369,13 @@ ABI Changes > > > > align the Ethernet header on receive and all known encapsulation= s > > > > preserve the alignment of the header. > > > > > > > > -* security: A new field ''replay_win_sz'' has been added to the st= ructure > > > > +* security: The field ''replay_win_sz'' has been moved from ipsec = library > > > > + based ''rte_ipsec_sa_prm'' structure to security library based s= tructure > > > > ``rte_security_ipsec_xform``, which specify the Anti replay wind= ow size > > > > to enable sequence replay attack handling. > > > > > > > > +* ipsec: The field ''replay_win_sz'' has been removed from the str= ucture > > > > + ''rte_ipsec_sa_prm'' as it has been added to the security librar= y. > > > > > > > > Shared Library Versions > > > > ----------------------- > > > > @@ -415,7 +418,7 @@ The libraries prepended with a plus sign were > > > incremented in this version. > > > > librte_gso.so.1 > > > > librte_hash.so.2 > > > > librte_ip_frag.so.1 > > > > - librte_ipsec.so.1 > > > > + + librte_ipsec.so.2 > > > > librte_jobstats.so.1 > > > > librte_kni.so.2 > > > > librte_kvargs.so.1 > > > > diff --git a/examples/ipsec-secgw/ipsec-secgw.c b/examples/ipsec- > > > secgw/ipsec-secgw.c > > > > index b12936470..3b5aaf683 100644 > > > > --- a/examples/ipsec-secgw/ipsec-secgw.c > > > > +++ b/examples/ipsec-secgw/ipsec-secgw.c > > > > @@ -1424,9 +1424,6 @@ print_app_sa_prm(const struct app_sa_prm > *prm) > > > > printf("librte_ipsec usage: %s\n", > > > > (prm->enable =3D=3D 0) ? "disabled" : "enabled"); > > > > > > > > - if (prm->enable =3D=3D 0) > > > > - return; > > > > - > > > > printf("replay window size: %u\n", prm->window_size); > > > > printf("ESN: %s\n", (prm->enable_esn =3D=3D 0) ? "disabled" : "en= abled"); > > > > printf("SA flags: %#" PRIx64 "\n", prm->flags); > > > > @@ -1495,11 +1492,9 @@ parse_args(int32_t argc, char **argv) > > > > app_sa_prm.enable =3D 1; > > > > break; > > > > case 'w': > > > > - app_sa_prm.enable =3D 1; > > > > > > That actually will break lib-mode functional tests at: > > > examples/ipsec-secgw/test/ > > > Due to my laziness I enabled in them library mode via '-w' option, > > > as that moment legacy mode didn't support replay window... > > > As these patches already applied, I'll send the fix in a new one in n= ext few. > > > > No issues, I will squash your changes with the original patch as it is = not applied > > On master. >=20 > Ok, thanks. > Patch at: > http://patches.dpdk.org/patch/62540/=20 Removed the fixes line for this patch. Rebased the tree so that script patc= h is just after this patch. Applied >=20 > > > > > > > > > app_sa_prm.window_size =3D parse_decimal(optarg); > > > > break; > > > > case 'e': > > > > - app_sa_prm.enable =3D 1; > > > > app_sa_prm.enable_esn =3D 1; > > > > break; > > > > case 'a': > > > > diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ip= sec.c > > > > index d7761e966..d4b57121a 100644 > > > > --- a/examples/ipsec-secgw/ipsec.c > > > > +++ b/examples/ipsec-secgw/ipsec.c > > > > @@ -49,6 +49,8 @@ set_ipsec_conf(struct ipsec_sa *sa, struct > > > rte_security_ipsec_xform *ipsec) > > > > /* TODO support for Transport */ > > > > } > > > > ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT; > > > > + ipsec->replay_win_sz =3D app_sa_prm.window_size; > > > > + ipsec->options.esn =3D app_sa_prm.enable_esn; > > > > > > Ok, but what to do for the devices that don't support esn or replay_w= in_sz? > > > Should we add some check? Either to the app, or preferably into rte_s= ecurity > > > level at rte_security_session_create()? > > > > Ideally app should check the capability of the device before setting it= . >=20 > Yes... after another thought - as right now we do create session at run-t= ime, > probably we need to check these device capabilities at init stage and rep= ort an > error. Agreed