From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id DCA06A00BE; Thu, 31 Oct 2019 08:30:11 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 2471B1C1E4; Thu, 31 Oct 2019 08:30:10 +0100 (CET) Received: from EUR03-VE1-obe.outbound.protection.outlook.com (mail-eopbgr50053.outbound.protection.outlook.com [40.107.5.53]) by dpdk.org (Postfix) with ESMTP id 71A5F1C112 for ; Thu, 31 Oct 2019 08:30:08 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=cnOsMQk7PpW5Zdx6MeFxU85kIEGIn6ilQ8/F6sUYm3TSEY8IVMiLb2h4TyWr8Wnu7TgITy9HDi5l3L+EWrR+LtLz1d3nOAa4Q4bsmf/4j4BEBGNDaeeF0LA12jLB1b8F14u16iARID2UFWnKsOShTEV+nJTAK6XFBEOIWtAdVDiXh12d7ZmzMJrW+QSfQnheHuFCVk/SRaleZZV0fTnvRiJE0qoJKos/Lljsh0XnDVPWpAIRMed+J9MK7rud7zO0l43snwQeIG5tu0+F/HR2RxnpwRpf2VeLZi/2tNi2LQ1qC/5D3Yi7pPM7zqJIcOOFVZkcwtfCfnATpVMr90zL0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0D58y0PaE3JhrMaO8QaWEbOB6yIRk6BKpBw89X9Zjs=; b=ZsLQegaUoeahMVj7j5V0O5mem0ChN1Xr1kuNxoGL8N1nBPA0Omrls+ZjHDd/xZSppfQZPsIS/iHR3hcCpYQvU07IFBaDneRWRxZe/ojmPvhAVAeOvTsfQoh1RKbg1AIabp6lTMVMwIUe1lzS8blnSXW7kodXYWDZotbwyGT9Gf8mOWCu08O82D57RosYZwECs9JfDybZMz/dHXOgasW2N93xI7PDMB43m3Vzc+kEVvBVdGMbPtI6JC4lAVhQ0CGSepRkJYboooTdalVaz/QDeAZj5EYka/mwu2LnLBGgK7EqIjM3m/Rv+dTNBfUSTRM4PR/w/O5P3Z1BUKxsM/fl3A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=G0D58y0PaE3JhrMaO8QaWEbOB6yIRk6BKpBw89X9Zjs=; b=PnUya0nwZWj3QHfswHTQnhri6O2IfSzsHDWtouDTBuv5R9iPcuQnVuXxv0wOfUkGZih+hdfatxe7zZuOArwEb/cpYNtSUbs+DVnLs2GHkCCF1YKDiEUaVVCh6JEv3dePOHnKBu/BcRRqi3z/IhiTjI65J7XtruAbNA1I0bVkuYk= Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com (10.168.62.139) by VI1PR0401MB2288.eurprd04.prod.outlook.com (10.169.133.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Thu, 31 Oct 2019 07:30:07 +0000 Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::b0c5:3e17:6ab7:5c26]) by VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::b0c5:3e17:6ab7:5c26%10]) with mapi id 15.20.2408.019; Thu, 31 Oct 2019 07:30:07 +0000 From: Hemant Agrawal To: Anoob Joseph , "dev@dpdk.org" , Akhil Goyal CC: "konstantin.ananyev@intel.com" Thread-Topic: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size Thread-Index: AQHVj6fGfOQIDCnLwESByvqc+A9Wy6d0SbOAgAAPoOA= Date: Thu, 31 Oct 2019 07:30:07 +0000 Message-ID: References: <20191030085701.13815-1-hemant.agrawal@nxp.com> <20191031045458.29166-1-hemant.agrawal@nxp.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hemant.agrawal@nxp.com; x-originating-ip: [92.120.1.69] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: 8fbbb1cf-d9c2-45b5-c53c-08d75dd4277e x-ms-traffictypediagnostic: VI1PR0401MB2288:|VI1PR0401MB2288: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(366004)(346002)(39860400002)(396003)(376002)(136003)(199004)(189003)(13464003)(7736002)(25786009)(476003)(44832011)(110136005)(6116002)(3846002)(446003)(2906002)(33656002)(305945005)(486006)(66066001)(15650500001)(52536014)(11346002)(102836004)(26005)(55016002)(6636002)(9686003)(81156014)(8676002)(6246003)(6436002)(81166006)(2501003)(14454004)(8936002)(86362001)(186003)(76116006)(66946007)(6506007)(5660300002)(53546011)(14444005)(7696005)(74316002)(71200400001)(76176011)(71190400001)(256004)(66556008)(99286004)(66446008)(478600001)(64756008)(316002)(4326008)(66476007)(229853002); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2288; H:VI1PR0401MB2541.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: j+qrDHXjEmpFLLHtgjxVqEOmbuGh9GqA6zHuCbniacC9NkomwOMr0A967PWgKsXN9daR/KNPgg769Qr4l/jLFSOHMMhVMZR5fOM6gJmi68iiuX6EYqwFBnTXPtqPgJMJIkvhWnIOwubNMQAm60c/9bI1o/E+oTzILgADD52ExTFvmItTjLe/JCycsehMjGpR4LQcdVaaMYO5mED2aTHfVSSzWxHKjEEUZ9pp2FmnaU62idAR75tA9Z2xNy8FMMyUtSo3cNNZmTaL4MK6ma20IHvcXs06Ir66N7Uj3OJBW9nOvuDGzgl6NInW+Y8yV1gAJriVLzLpajLasOy+KvPRftB7JuAt8NCHUn5Fv2knNvfnC8O4UQ7Ggvc4gDxHosLHucYX8NA0NlK0dhJMzfVw1Di8hLhsmm1GQBk/JUmixFps0GhqjOTTi+wkcv3LNnW2 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8fbbb1cf-d9c2-45b5-c53c-08d75dd4277e X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 07:30:07.1454 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: gHES8T2hLJdXGN5UR9ibyHUT4/aLg6o9lTcQeqpzXN/JBlyL3xTEyfiuyhJRtNiDLXKLuz5yvYv2AJGRpBLYlQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2288 Subject: Re: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Anoop, > -----Original Message----- > Hi Hemant, >=20 > How would the PMD specify whether anit-replay is supported or not? Do you > have plans to introduce it as a capability? Or do you expect the session > creation to fail if the feature is not supported by underlying PMD and th= e anti > replay window size is set. [Hemant] We can add it as part of capability set.=20 I believe following should help: uint32_t max_replay_win_sz;=20 Sending it as 0 will indicate the app that replay_win is not support. >=20 > Thanks, > Anoob >=20 > > -----Original Message----- > > From: dev On Behalf Of Hemant Agrawal > > Sent: Thursday, October 31, 2019 10:25 AM > > To: dev@dpdk.org; akhil.goyal@nxp.com > > Cc: konstantin.ananyev@intel.com; Hemant Agrawal > > > > Subject: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window > > size > > > > At present the ipsec xfrom is missing the important step to configure > > the anti replay window size. > > The newly added field will also help in to enable or disable the anti > > replay checking, if available in offload by means of non-zero or zero v= alue. > > > > Signed-off-by: Hemant Agrawal > > --- > > doc/guides/rel_notes/release_19_11.rst | 6 +++++- > > lib/librte_security/Makefile | 2 +- > > lib/librte_security/meson.build | 2 +- > > lib/librte_security/rte_security.h | 4 ++++ > > 4 files changed, 11 insertions(+), 3 deletions(-) > > > > diff --git a/doc/guides/rel_notes/release_19_11.rst > > b/doc/guides/rel_notes/release_19_11.rst > > index ae8e7b2f0..0508ec545 100644 > > --- a/doc/guides/rel_notes/release_19_11.rst > > +++ b/doc/guides/rel_notes/release_19_11.rst > > @@ -365,6 +365,10 @@ ABI Changes > > align the Ethernet header on receive and all known encapsulations > > preserve the alignment of the header. > > > > +* security: A new field ''replay_win_sz'' has been added to the > > +structure > > + ``rte_security_ipsec_xform``, which specify the Anti replay window > > +size > > + to enable sequence replay attack handling. > > + > > > > Shared Library Versions > > ----------------------- > > @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were > > incremented in this version. > > librte_reorder.so.1 > > librte_ring.so.2 > > + librte_sched.so.4 > > - librte_security.so.2 > > + + librte_security.so.3 > > librte_stack.so.1 > > librte_table.so.3 > > librte_timer.so.1 > > diff --git a/lib/librte_security/Makefile > > b/lib/librte_security/Makefile index 6708effdb..6a268ee2a 100644 > > --- a/lib/librte_security/Makefile > > +++ b/lib/librte_security/Makefile > > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB =3D > > librte_security.a > > > > # library version > > -LIBABIVER :=3D 2 > > +LIBABIVER :=3D 3 > > > > # build flags > > CFLAGS +=3D -O3 > > diff --git a/lib/librte_security/meson.build > > b/lib/librte_security/meson.build index a5130d2f6..6fed01273 100644 > > --- a/lib/librte_security/meson.build > > +++ b/lib/librte_security/meson.build > > @@ -1,7 +1,7 @@ > > # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2017-2019 > > Intel Corporation > > > > -version =3D 2 > > +version =3D 3 > > sources =3D files('rte_security.c') > > headers =3D files('rte_security.h', 'rte_security_driver.h') deps += =3D > > ['mempool', 'cryptodev'] diff --git > > a/lib/librte_security/rte_security.h > > b/lib/librte_security/rte_security.h > > index aaafdfcd7..195ad5645 100644 > > --- a/lib/librte_security/rte_security.h > > +++ b/lib/librte_security/rte_security.h > > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { > > /**< Tunnel parameters, NULL for transport mode */ > > uint64_t esn_soft_limit; > > /**< ESN for which the overflow event need to be raised */ > > + uint32_t replay_win_sz; > > + /**< Anti replay window size to enable sequence replay attack > handling. > > + * replay checking is disabled if the window size is 0. > > + */ > > }; > > > > /** > > -- > > 2.17.1