From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 5F066A00BE; Thu, 31 Oct 2019 07:29:17 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 416361C1B5; Thu, 31 Oct 2019 07:29:16 +0100 (CET) Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by dpdk.org (Postfix) with ESMTP id 511DF1C10A for ; Thu, 31 Oct 2019 07:29:15 +0100 (CET) Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id x9V6P17t013026; Wed, 30 Oct 2019 23:29:14 -0700 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=pfpt0818; bh=ERCyH2nSXl6PN9GuKcC2Plf2SGaIBMDIqQQzD2W4EUY=; b=OvHb8e6bYm78LRvSOCqXm0xkma8qUEWkoEyU0OQdxSkWcu+DifMdngwCZxNbkYdaiU+q ld1ns+2/RotIw0nJJmsL0B9vILQMs3QSjB2t82XWzygxX3Je0pfc8QaAQ4s3crjMgutN Pw5Giq1nXVm0W31+pGbiTKoPXW6F0NMd/+M0U/FZ0JRopif306Hp0WhliPJStKo+EyDS pTg7fLMJjz3RYNNqUnz8W35rIEnRf695CJmfF1ANMp5wn5lhOjh6M5aYygokMMs8DG6b +qkZZkih8Y/D4O9742Zo7z5B0xk/f1Hyft2Bw/06I22dNsXYSicKfF8Lfz/l1O2bytaw +g== Received: from sc-exch04.marvell.com ([199.233.58.184]) by mx0b-0016f401.pphosted.com with ESMTP id 2vxwjqdrka-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 30 Oct 2019 23:29:14 -0700 Received: from SC-EXCH04.marvell.com (10.93.176.84) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3; Wed, 30 Oct 2019 23:29:12 -0700 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (104.47.32.51) by SC-EXCH04.marvell.com (10.93.176.84) with Microsoft SMTP Server (TLS) id 15.0.1367.3 via Frontend Transport; Wed, 30 Oct 2019 23:29:12 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=duTVaRPZ/KwetgOpQuhPVIDc3MDrRcmOKNvMC+UMtb9px6FOO7r8G/j34UlwLKSwy0KhxYP32OES38uZ8+PCpV7OKhWFnxr4PpvNjpVesmrfKxATsjmlSBJM/n+ij1XLIrl2yECgmmuMMZFc+IfZ+2gc5XVhSpbEODkkYEIcVRwxJgoBXPusxVsARPgc2ErS1XRJNLQyzsGcO4sjypyWoGlN0aneUhJLteWankVKu6kC2goTJ6ZYtVCigqBCIJq0DZQ08CjGzEj6ZLs3m1yASt0T+AoR/RfDCOrLe/OD3j19ar4S8GKkx22cXXnZL3V8lpfflfOGTMAdW/rsRjG2hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ERCyH2nSXl6PN9GuKcC2Plf2SGaIBMDIqQQzD2W4EUY=; b=Pm/r1i7qtvQ3KXudcEqgndcNFSVG4w/ojs2fwlUJZqtfXBiMsBn32d5PFyHUkqDiB/YvMSAH0YlN8580wfNukJcXpJxFNiql+Fsy7pjGbSZABKu7kTwjMCd7NsqVbOy/vIzgUGHJAnGPq/g3t8CUNEBhnA9dXRtKxRsxWQkDjXVYk6/Flr+7G/uOm4IUeQxtho/LUS++CiSDg8+d1Yl4YULbeR/1vcb5I8Y1+WE6WIbiLQN0L15xPV7G7HWzUNvekttJSXX6BTvWl+15fHi+JilS9h+Rn5XEkT9VoN48bPI4sz+LUEPIpSwzZrn2AoSaTlygH5dhnRk5F47kibCEmQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector2-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ERCyH2nSXl6PN9GuKcC2Plf2SGaIBMDIqQQzD2W4EUY=; b=b8e88TrxVhKE8ncf8LKtC+Kt6mvPbyaEHMOmG/yvClGuoEAGSU4nDiepzma30MUNvhZvHwKIe16tKJAo6iKBjez7UVyyL2dwKCejhaHsIAocHuGqXlggZLtdz/W+ebvMh+JzIJtWIrpV4tP17OQZaw/PPTBhfEERiHis7C+RVUQ= Received: from MN2PR18MB2877.namprd18.prod.outlook.com (20.179.20.218) by MN2PR18MB2591.namprd18.prod.outlook.com (20.179.82.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2387.24; Thu, 31 Oct 2019 06:29:11 +0000 Received: from MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::6d15:3367:4c9:5385]) by MN2PR18MB2877.namprd18.prod.outlook.com ([fe80::6d15:3367:4c9:5385%7]) with mapi id 15.20.2387.028; Thu, 31 Oct 2019 06:29:11 +0000 From: Anoob Joseph To: Hemant Agrawal , "dev@dpdk.org" , "akhil.goyal@nxp.com" CC: "konstantin.ananyev@intel.com" Thread-Topic: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size Thread-Index: AQHVj6fKePU4HRGT6EWXkI11EMMSu6d0SCQg Date: Thu, 31 Oct 2019 06:29:11 +0000 Message-ID: References: <20191030085701.13815-1-hemant.agrawal@nxp.com> <20191031045458.29166-1-hemant.agrawal@nxp.com> In-Reply-To: <20191031045458.29166-1-hemant.agrawal@nxp.com> Accept-Language: en-IN, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [14.140.231.66] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 361c85b7-8244-46c9-9989-08d75dcba478 x-ms-traffictypediagnostic: MN2PR18MB2591: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:7691; x-forefront-prvs: 02070414A1 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(4636009)(346002)(366004)(396003)(39860400002)(376002)(136003)(199004)(189003)(13464003)(446003)(11346002)(15650500001)(55236004)(14444005)(6506007)(99286004)(2501003)(71200400001)(256004)(66066001)(74316002)(186003)(4326008)(71190400001)(110136005)(102836004)(53546011)(6246003)(316002)(3846002)(6116002)(2906002)(478600001)(64756008)(6436002)(7696005)(486006)(66556008)(33656002)(52536014)(66446008)(66476007)(8676002)(81166006)(76176011)(81156014)(66946007)(14454004)(229853002)(7736002)(2201001)(5660300002)(9686003)(8936002)(76116006)(305945005)(55016002)(26005)(476003)(25786009)(86362001); DIR:OUT; SFP:1101; SCL:1; SRVR:MN2PR18MB2591; H:MN2PR18MB2877.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: marvell.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: RCcIyFcpGMvz2w/C5GW4rbPG1vPcI7QVSrQ+owXDwfK+VenJyj5xjIA7S1uCFDfgaBWfDhcMn4iBZEznC/6llw+9eoOsExKCPHvwmD8A9xn1Q5iAdHQzeIkDOoh1/S4QX6BCWW/KTa9F4S00zbi41KyuGYNBVJ3PeM5uUSYk0TtnT7O637E1JNqLFcI1gGNBwEESuG4gpAQMSRCItbELDrP07QahV1ugb41vxsD4Vch03+QHXGSETauF0AMNo0o/eEvCYqhAJPkh4/HTpJLgz5/koydDKLSN9ekIrZuZhohMaGSYaaEQIrxlTvhpbUxg0kiqbjFud2GgPH44291N/j1Egu5ZyrCFj5hl1x9Kpuk8XJ/axXR8JNxNZfezA3CV3VfgaZUuvAls4mNNxytS8RoEWMvlP//wuJz6vqLcbp+NGonfi0btKjb1RlyvuO9V x-ms-exchange-transport-forked: True Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 361c85b7-8244-46c9-9989-08d75dcba478 X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Oct 2019 06:29:11.3476 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: CJC12CNWFIQcX96xCfcJclOacCje95MWCh2/hi+q9AZTx/D3LFmHFR4lY2Sj6cA4ebBYt9F51E0mqubqRoeiow== X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR18MB2591 X-OriginatorOrg: marvell.com X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.95,1.0.8 definitions=2019-10-31_02:2019-10-30,2019-10-31 signatures=0 Subject: Re: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" Hi Hemant, How would the PMD specify whether anit-replay is supported or not? Do you h= ave plans to introduce it as a capability? Or do you expect the session cre= ation to fail if the feature is not supported by underlying PMD and the ant= i replay window size is set. Thanks, Anoob > -----Original Message----- > From: dev On Behalf Of Hemant Agrawal > Sent: Thursday, October 31, 2019 10:25 AM > To: dev@dpdk.org; akhil.goyal@nxp.com > Cc: konstantin.ananyev@intel.com; Hemant Agrawal > > Subject: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size >=20 > At present the ipsec xfrom is missing the important step to configure the= anti > replay window size. > The newly added field will also help in to enable or disable the anti rep= lay > checking, if available in offload by means of non-zero or zero value. >=20 > Signed-off-by: Hemant Agrawal > --- > doc/guides/rel_notes/release_19_11.rst | 6 +++++- > lib/librte_security/Makefile | 2 +- > lib/librte_security/meson.build | 2 +- > lib/librte_security/rte_security.h | 4 ++++ > 4 files changed, 11 insertions(+), 3 deletions(-) >=20 > diff --git a/doc/guides/rel_notes/release_19_11.rst > b/doc/guides/rel_notes/release_19_11.rst > index ae8e7b2f0..0508ec545 100644 > --- a/doc/guides/rel_notes/release_19_11.rst > +++ b/doc/guides/rel_notes/release_19_11.rst > @@ -365,6 +365,10 @@ ABI Changes > align the Ethernet header on receive and all known encapsulations > preserve the alignment of the header. >=20 > +* security: A new field ''replay_win_sz'' has been added to the > +structure > + ``rte_security_ipsec_xform``, which specify the Anti replay window > +size > + to enable sequence replay attack handling. > + >=20 > Shared Library Versions > ----------------------- > @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were > incremented in this version. > librte_reorder.so.1 > librte_ring.so.2 > + librte_sched.so.4 > - librte_security.so.2 > + + librte_security.so.3 > librte_stack.so.1 > librte_table.so.3 > librte_timer.so.1 > diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile = index > 6708effdb..6a268ee2a 100644 > --- a/lib/librte_security/Makefile > +++ b/lib/librte_security/Makefile > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB =3D librte_securit= y.a >=20 > # library version > -LIBABIVER :=3D 2 > +LIBABIVER :=3D 3 >=20 > # build flags > CFLAGS +=3D -O3 > diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.= build > index a5130d2f6..6fed01273 100644 > --- a/lib/librte_security/meson.build > +++ b/lib/librte_security/meson.build > @@ -1,7 +1,7 @@ > # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2017-2019 Intel > Corporation >=20 > -version =3D 2 > +version =3D 3 > sources =3D files('rte_security.c') > headers =3D files('rte_security.h', 'rte_security_driver.h') deps +=3D = ['mempool', > 'cryptodev'] diff --git a/lib/librte_security/rte_security.h > b/lib/librte_security/rte_security.h > index aaafdfcd7..195ad5645 100644 > --- a/lib/librte_security/rte_security.h > +++ b/lib/librte_security/rte_security.h > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { > /**< Tunnel parameters, NULL for transport mode */ > uint64_t esn_soft_limit; > /**< ESN for which the overflow event need to be raised */ > + uint32_t replay_win_sz; > + /**< Anti replay window size to enable sequence replay attack handling. > + * replay checking is disabled if the window size is 0. > + */ > }; >=20 > /** > -- > 2.17.1