From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 84BE9A04A2; Wed, 6 Nov 2019 06:16:51 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 5F18D2BC8; Wed, 6 Nov 2019 06:16:51 +0100 (CET) Received: from EUR03-DB5-obe.outbound.protection.outlook.com (mail-eopbgr40073.outbound.protection.outlook.com [40.107.4.73]) by dpdk.org (Postfix) with ESMTP id CB80BA69 for ; Wed, 6 Nov 2019 06:16:50 +0100 (CET) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RAY9e1ckDHy7CeZyXt/L0K5PAOM+prqEVcA5qRlKbfmU8Ucp+QMnWMHa0ek6CJlskoaOTOVV3pud4TwjpUN34Fi18vyDJXPTR/QSnu5X8uevqQUjY8SqfaeBLFS+5s5zu+IMwpSVFbNVgXC2MKiM/qU6fIzG4bsJygKw9b7tHhHUM1pBa5LOEhtnAfBcFNURMoLohLellN5DEJCAMsQ2OWtgfntGSOG7M6HbSksQ0DnCPcZyRVq89iT0LBP+xLCcd51Y3/6OGy++HAgpUnipy+hCwy0yUKAR0E/oQfpCHLDWq8PT90wxXzHx7t6MrrYynGLQfJ8QNmfH5kNDQ6LZiw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AQ9JiDTsX1uNwoIZl7AxCdJNF7ikG4xDGgl3h63HWF4=; b=So3OJShMbcMQ+ZxtSsappTq9E8trhWFwuwpCMrsrm3M2EzxMceBQy3+fivshdbZTAubL03/Qd1LEvoTUJzUhTP4GsGTpfkQVuL6jFnDINOwiV2irFET93cfRfbuN6BcwG59b/0vwNHXnkPzK/3W01ed7MbQNAdQc2bEYt87Y7FHHuBveA3VTnqtxYomrvolu6RKLqLKf08F3roxDRnqepfSWCEvfzCxR+EtHWCsAdUlFNTHDMqra4JqvmpAvAfrDlPBkoS4NfbssKI5vZCtdifl25T9XiiRuaaQ4j+Z/GSYnUgJJUFv9H3qREHKfANYqeWR4QuGRaGGIxfcrBcq0gw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nxp.com; dmarc=pass action=none header.from=nxp.com; dkim=pass header.d=nxp.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nxp.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=AQ9JiDTsX1uNwoIZl7AxCdJNF7ikG4xDGgl3h63HWF4=; b=EiyA2MsHa8Jhk+zLZq7vRp1bjEU4kqSalqeatBy7auZTHDGRLgAob1BwfjPDZPtWFv7kJzVyDexAaOs7ezFFt7eHzh3WcLLvwmXzxd5wkZKv7TGRJnTr0KLOfVMprJ5bZOATYHnwAqFZKumn9G8dhBKxhjWVVfgp9YDaWqJyXrA= Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com (10.168.62.139) by VI1PR0401MB2365.eurprd04.prod.outlook.com (10.169.134.6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2408.24; Wed, 6 Nov 2019 05:16:50 +0000 Received: from VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::7012:936f:53fb:f7b6]) by VI1PR0401MB2541.eurprd04.prod.outlook.com ([fe80::7012:936f:53fb:f7b6%5]) with mapi id 15.20.2430.020; Wed, 6 Nov 2019 05:16:50 +0000 From: Hemant Agrawal To: Akhil Goyal , "dev@dpdk.org" CC: "konstantin.ananyev@intel.com" , "anoobj@marvell.com" Thread-Topic: [PATCH v5 2/3] ipsec: remove redundant replay_win_sz Thread-Index: AQHVj+2mUV2CoIA9mUGHZpsC2QGD7ad9KVeAgAB5bJA= Date: Wed, 6 Nov 2019 05:16:49 +0000 Message-ID: References: <20191031045458.29166-1-hemant.agrawal@nxp.com> <20191031131502.12504-1-hemant.agrawal@nxp.com> <20191031131502.12504-2-hemant.agrawal@nxp.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=hemant.agrawal@nxp.com; x-originating-ip: [92.120.1.66] x-ms-publictraffictype: Email x-ms-office365-filtering-ht: Tenant x-ms-office365-filtering-correlation-id: cdf84ba5-9d61-4af0-087b-08d762788736 x-ms-traffictypediagnostic: VI1PR0401MB2365:|VI1PR0401MB2365: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6430; x-forefront-prvs: 02135EB356 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(376002)(136003)(396003)(366004)(346002)(39860400002)(13464003)(189003)(199004)(102836004)(86362001)(66446008)(76176011)(66066001)(2501003)(110136005)(186003)(54906003)(478600001)(26005)(66476007)(66946007)(316002)(64756008)(446003)(486006)(14454004)(11346002)(7696005)(6506007)(44832011)(53546011)(476003)(3846002)(6116002)(33656002)(2906002)(66556008)(5660300002)(76116006)(99286004)(229853002)(8936002)(14444005)(256004)(81166006)(4326008)(7736002)(55016002)(305945005)(6436002)(74316002)(9686003)(52536014)(25786009)(71190400001)(71200400001)(8676002)(81156014)(6246003); DIR:OUT; SFP:1101; SCL:1; SRVR:VI1PR0401MB2365; H:VI1PR0401MB2541.eurprd04.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: nxp.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: ckmV+sWD3/SWquRyE3PTECoh0c8EuYMdYClBrIChpQjO7P2GX5wztRwUgb3izFMHCu0VVy1iFhMGW2fUrKEznNnPt0Ulrp6lQff4Dc5UHAc5H9i43qqoP2R1zLJI1JExNLczcoaRSCDjYrcaKOx8ZhgSMk1QNI/t3TjyRMEQre/k2LVrQ0JmOhXdD/+XvCiJmdRllwUL37K6oJeV+HF8xXB++zV67SSkrY+bagdmqBQsMqiG6OtxffvVlg0/2ZUVL9DgbK8DFVOfElO4qBIzOS1reslzumYFTKxhqPC/nMWNx5q04828DhoWv3KAOB92KE0/HTDcy5xtk+pB9lH16ibCoqOjXApwWg6fAGtfdz2kXBD9/Ylkpkvvg84mpH1TQi/K4wtw40mOUigm5FVgBiCcgH9+KPHIz2n3uhilR5i1X2RU6Zh6d8Zev3GbYs0g Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: nxp.com X-MS-Exchange-CrossTenant-Network-Message-Id: cdf84ba5-9d61-4af0-087b-08d762788736 X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Nov 2019 05:16:49.8967 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 686ea1d3-bc2b-4c6f-a92c-d99c5c301635 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 8BworQrRpkp/m6e8+zP4NBLINStjCZvwrwVh9LNtMLA4GKv1zhpdfx73PKM72Yb2gpKnlQUoPzM0mPQV0fityw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0401MB2365 Subject: Re: [dpdk-dev] [PATCH v5 2/3] ipsec: remove redundant replay_win_sz X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > -----Original Message----- > From: Akhil Goyal > Sent: Wednesday, November 6, 2019 3:32 AM > To: Hemant Agrawal ; dev@dpdk.org > Cc: konstantin.ananyev@intel.com; anoobj@marvell.com; Hemant Agrawal > > Subject: RE: [PATCH v5 2/3] ipsec: remove redundant replay_win_sz > Importance: High >=20 > Hi Hemant, > > > > The rte_security lib has introduced replay_win_sz, so it can be > > removed from the rte_ipsec lib. > > > > Also, the relaved tests,app are also update to reflect the usages. > > > > Signed-off-by: Hemant Agrawal > > Acked-by: Konstantin Ananyev > > --- > > app/test/test_ipsec.c | 2 +- > > doc/guides/rel_notes/release_19_11.rst | 7 +++++-- > > examples/ipsec-secgw/ipsec.c | 1 + > > examples/ipsec-secgw/sa.c | 2 +- > > lib/librte_ipsec/Makefile | 2 +- > > lib/librte_ipsec/meson.build | 1 + > > lib/librte_ipsec/rte_ipsec_sa.h | 6 ------ > > lib/librte_ipsec/sa.c | 4 ++-- > > 8 files changed, 12 insertions(+), 13 deletions(-) > > > > diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index > > 4007eff19..7dc83fee7 100644 > > --- a/app/test/test_ipsec.c > > +++ b/app/test/test_ipsec.c > > @@ -689,11 +689,11 @@ fill_ipsec_param(uint32_t replay_win_sz, > > uint64_t > > flags) > > > > prm->userdata =3D 1; > > prm->flags =3D flags; > > - prm->replay_win_sz =3D replay_win_sz; > > > > /* setup ipsec xform */ > > prm->ipsec_xform =3D ut_params->ipsec_xform; > > prm->ipsec_xform.salt =3D (uint32_t)rte_rand(); > > + prm->ipsec_xform.replay_win_sz =3D replay_win_sz; > > > > /* setup tunnel related fields */ > > prm->tun.hdr_len =3D sizeof(ipv4_outer); diff --git > > a/doc/guides/rel_notes/release_19_11.rst > > b/doc/guides/rel_notes/release_19_11.rst > > index 0508ec545..ca414edb5 100644 > > --- a/doc/guides/rel_notes/release_19_11.rst > > +++ b/doc/guides/rel_notes/release_19_11.rst > > @@ -365,10 +365,13 @@ ABI Changes > > align the Ethernet header on receive and all known encapsulations > > preserve the alignment of the header. > > > > -* security: A new field ''replay_win_sz'' has been added to the > > structure > > +* security: The field ''replay_win_sz'' has been moved from ipsec > > +library > > + based ''rte_ipsec_sa_prm'' structure to security library based > > +structure > > ``rte_security_ipsec_xform``, which specify the Anti replay window s= ize > > to enable sequence replay attack handling. > > > > +* ipsec: The field ''replay_win_sz'' has been removed from the > > +structure > > + ''rte_ipsec_sa_prm'' as it has been added to the security library. > > > > Shared Library Versions > > ----------------------- > > @@ -411,7 +414,7 @@ The libraries prepended with a plus sign were > > incremented in this version. > > librte_gso.so.1 > > librte_hash.so.2 > > librte_ip_frag.so.1 > > - librte_ipsec.so.1 > > + + librte_ipsec.so.2 > > librte_jobstats.so.1 > > librte_kni.so.2 > > librte_kvargs.so.1 > > diff --git a/examples/ipsec-secgw/ipsec.c > > b/examples/ipsec-secgw/ipsec.c index 51fb22e8a..159e81f99 100644 > > --- a/examples/ipsec-secgw/ipsec.c > > +++ b/examples/ipsec-secgw/ipsec.c > > @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct > > rte_security_ipsec_xform *ipsec) > > /* TODO support for Transport */ > > } > > ipsec->esn_soft_limit =3D IPSEC_OFFLOAD_ESN_SOFTLIMIT; > > + ipsec->replay_win_sz =3D app_sa_prm.window_size; >=20 > The value of window_size is coming from command line and while parsing it= , > lib mode Is getting enabled, which means people can use anti replay only > when lib mode is enabled which is not correct. > Also there should be a way to disable anti replay. So when it is not give= n as > command line It should not be enabled and default value should be 0. >=20 [Hemant] Ok. I will look into it.