From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 6E927A32A4 for ; Fri, 25 Oct 2019 17:56:38 +0200 (CEST) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 159901D44D; Fri, 25 Oct 2019 17:56:38 +0200 (CEST) Received: from EUR03-AM5-obe.outbound.protection.outlook.com (mail-eopbgr30054.outbound.protection.outlook.com [40.107.3.54]) by dpdk.org (Postfix) with ESMTP id C21901D444 for ; Fri, 25 Oct 2019 17:56:36 +0200 (CEST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OrTEkQnHTemj14OBE7NsdijjvQ1atmINCGfhhFaLsJ1oMpQNl0Ply8PosmiN9SVA3GBfuR93GRc6fVMRJ1OZNb3I1Cq5it+PCQFA0OrNlXKyfIwjS96uZ0rrnFhd/VyuQxVFJ+T0EYhZQ17RLC/2AH9Xyb1tZC02gjTQrE6Zp66qDCqVZALLfRtoY+bWdG20jy6nYNeXSDa5xrLwjwnpbjwMBLWJ4H5zLWo3Utr7Ml9/yRySU8e25prXNA/Ou0ZMTkBh0e9Uq8gnUSx+G5UO+x6yTzLDjfhYwHRhvfzD+yY2QzLQeCm0zetCiSgO2bCGVlwo7C2Ny+PNRtDNxAvdoQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q8R+Xa/yY8JcOeixVfazMMhhWypMTyI8Joymph46zH0=; b=JV/N8wVN/b8ToDt7/MF1QogzU6ffJyCG16Ko2wD3+izaTP+604jQlujUfAc4ROsLtQ9/dkl3m8sy+0iKf3wk/BwR+elUfAUjoWseCnciMztDRRSH9E/OmFlXWIEuHgPDzoVQ2ipv4cG/MbkAW38DcsbgRgCVDcdacYtaex5txV4IrmwM/MWqY4v1F/DgjHKGEE5ZbrQsEUMHcpyKpkxvgWcAI6/mICJ4RYiaNzO5CsTdcUos/c4Ay09gZ4bpal5UaYxLFFsMAUyHEWlF4LCLTfJCHBVu49vELf8JVL6kgkq8SafQ5u25ukyCCRg5M64XzvCO/MyzSjw4J29nsZdyJA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=q8R+Xa/yY8JcOeixVfazMMhhWypMTyI8Joymph46zH0=; b=rziXRdeydROd09/1DVsknlXY5FrWbI9LGwxeDY7moQMq38UofNKvCD3xALn8gRn258966P81CA09M3A3qLji5BBSr9zEc7hm7PaqNNmEdkx+SVocPZDV/r+YE9sKlqOfw6S1MRymD2i4ZLFfYqo1mfiVq4DmiYk79Q19OxLHdmE= Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com (10.168.62.139) by VI1PR0401MB2384.eurprd04.prod.outlook.com (10.169.131.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.22; Fri, 25 Oct 2019 15:56:35 +0000 Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::b0c5:3e17:6ab7:5c26]) by VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::b0c5:3e17:6ab7:5c26%10]) with mapi id 15.20.2347.030; Fri, 25 Oct 2019 15:56:35 +0000 From: Hemant Agrawal To: "Ananyev, Konstantin" , "dev@dpdk.org" , Akhil Goyal , "Doherty, Declan" Thread-Topic: [dpdk-dev] [PATCH 1/2] security: add anti replay window size Thread-Index: AQHVivywPxY0GU2B5k+tu3qp0SR3uqdrIBSAgABiVEA= Date: Fri, 25 Oct 2019 15:56:35 +0000 Message-ID: References: <20191025062021.18052-1-hemant.agrawal@nxp.com> <2601191342CEEE43887BDE71AB97725801A8C701D1@IRSMSX104.ger.corp.intel.com> In-Reply-To: <2601191342CEEE43887BDE71AB97725801A8C701D1@IRSMSX104.ger.corp.intel.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hemant.agrawal@nxp.com; x-originating-ip: [132.154.99.74] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: a34b16ff-3e68-4df8-0033-08d75963e9ee x-ms-traffictypediagnostic: VI1PR0401MB2384:|VI1PR0401MB2384: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:8273; x-forefront-prvs: 02015246A9 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(396003)(136003)(346002)(376002)(39860400002)(366004)(189003)(13464003)(199004)(86362001)(33656002)(25786009)(14444005)(66556008)(66476007)(66446008)(71200400001)(71190400001)(76116006)(66946007)(2906002)(15650500001)(66066001)(64756008)(6246003)(6436002)(9686003)(99286004)(110136005)(55016002)(316002)(76176011)(446003)(229853002)(26005)(6506007)(44832011)(2501003)(7696005)(486006)(102836004)(11346002)(53546011)(186003)(476003)(7736002)(305945005)(74316002)(81156014)(81166006)(8936002)(8676002)(52536014)(5660300002)(478600001)(14454004)(3846002)(6116002)(256004); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2384; H:VI1PR0401MB2541.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: 7tAwnbpbaCXaLwBFSqvsSvAHYCx4MGH8JX5TnNVhEXc6TAob5Mq0zrqdk/LA0LD/kwoigVd2rN/V8CH5fd8UDeeg4ixHUJappcvMox/DbTuT4SWC4vaUbGXkmJSIRKNeG0q51UeAktSN+QMoU5ehHUz8CYe/01mLFqJVSYvlpXcX/xrR6EFMZqMrS7KSpuYHK66vTxXbqIuPDGxrddzRU+qaWx2OKaYVGqdAgVtj//GwUF1EBfIf5FC35XRbnJ3mS5ly/nY6SGnvzyv9TRc4Ocnx3dK6M6ddDq16pbGekqJ0t8CLGrbZOW8iw/xgYQwXg5L6LobwfKEupnbtnFSsHraKzG+rJ0eNPRH3IY5XYHi/588e0EY3p3vI5rROdffwD5UfeBAMy2GrXqoefb4rby7FJJhfKMyIxr/UMut2a06waEroiMZEwMqAuo2N7QFd Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: a34b16ff-3e68-4df8-0033-08d75963e9ee X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Oct 2019 15:56:35.5738 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: tN/rf0TUwiZ9R3JYpqozljwhDlhgAMyw1cKf1/xZpUsSER1Af0TA1Vcqhi5xPl81RGSJEuxSs4ooFJRzLc34yg== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2384 Subject: Re: [dpdk-dev] [PATCH 1/2] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Konstantin, > -----Original Message----- > From: Ananyev, Konstantin > Sent: Friday, October 25, 2019 3:30 PM > To: Hemant Agrawal ; dev@dpdk.org; Akhil > Goyal ; Doherty, Declan > Subject: RE: [dpdk-dev] [PATCH 1/2] security: add anti replay window size > Importance: High >=20 > Hi Hemant, >=20 > > > > At present the ipsec xfrom is missing the important step to configure > > the anti replay window size. > > The newly added field will also help in to enable or disable the anti > > replay checking, if available in offload by means of non-zero or zero > > value. >=20 > +1 for those changes. > Though AFAIK, it will be an ABI breakage, right? > So probably deserves changes in release notes. [Hemant] ok >=20 > > > > Currently similar field is available in rte_ipsec lib for software > > ipsec usage. >=20 > Yep, the only thing why it was put here - to avoid ABI breakage within > rte_security. > Having it in the rte_security_ipsec_xform makes much more sense. >=20 > >The newly introduced filed can replace > > that field as well eventually. >=20 > My suggestion would be to update librte_ipsec as part of these patch seri= es. >=20 [Hemant] will do it in v2 > > > > Signed-off-by: Hemant Agrawal > > --- > > lib/librte_security/rte_security.h | 4 ++++ > > 1 file changed, 4 insertions(+) > > > > diff --git a/lib/librte_security/rte_security.h > > b/lib/librte_security/rte_security.h > > index aaafdfcd7..195ad5645 100644 > > --- a/lib/librte_security/rte_security.h > > +++ b/lib/librte_security/rte_security.h > > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { > > /**< Tunnel parameters, NULL for transport mode */ > > uint64_t esn_soft_limit; > > /**< ESN for which the overflow event need to be raised */ > > + uint32_t replay_win_sz; > > + /**< Anti replay window size to enable sequence replay attack > handling. > > + * replay checking is disabled if the window size is 0. > > + */ > > }; >=20 >=20 >=20