[dpdk-dev] [PATCH 1/2] security: add anti replay window size

Hemant Agrawal hemant.agrawal at nxp.com
Fri Oct 25 17:56:35 CEST 2019

Previous message: [dpdk-dev] [PATCH 1/2] security: add anti replay window size
Next message: [dpdk-dev] [PATCH v2 1/2] security: add anti replay window size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Konstantin,

> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.ananyev at intel.com>
> Sent: Friday, October 25, 2019 3:30 PM
> To: Hemant Agrawal <hemant.agrawal at nxp.com>; dev at dpdk.org; Akhil
> Goyal <akhil.goyal at nxp.com>; Doherty, Declan <declan.doherty at intel.com>
> Subject: RE: [dpdk-dev] [PATCH 1/2] security: add anti replay window size
> Importance: High
> 
> Hi Hemant,
> 
> >
> > At present the ipsec xfrom is missing the important step to configure
> > the anti replay window size.
> > The newly added field will also help in to enable or disable the anti
> > replay checking, if available in offload by means of non-zero or zero
> > value.
> 
> +1 for those changes.
> Though AFAIK, it will be an ABI breakage, right?
> So probably deserves changes in release notes.

[Hemant] ok
> 
> >
> > Currently similar field is available in rte_ipsec lib for software
> > ipsec usage.
> 
> Yep, the only thing why it was put here - to avoid ABI breakage within
> rte_security.
> Having it in the rte_security_ipsec_xform makes much more sense.
> 
> >The newly introduced filed can replace
> > that field as well eventually.
> 
> My suggestion would be to update librte_ipsec as part of these patch series.
> 
[Hemant] will do it in v2

> >
> > Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> > ---
> >  lib/librte_security/rte_security.h | 4 ++++
> >  1 file changed, 4 insertions(+)
> >
> > diff --git a/lib/librte_security/rte_security.h
> > b/lib/librte_security/rte_security.h
> > index aaafdfcd7..195ad5645 100644
> > --- a/lib/librte_security/rte_security.h
> > +++ b/lib/librte_security/rte_security.h
> > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
> >  	/**< Tunnel parameters, NULL for transport mode */
> >  	uint64_t esn_soft_limit;
> >  	/**< ESN for which the overflow event need to be raised */
> > +	uint32_t replay_win_sz;
> > +	/**< Anti replay window size to enable sequence replay attack
> handling.
> > +	 * replay checking is disabled if the window size is 0.
> > +	 */
> >  };
> 
> 
>

Previous message: [dpdk-dev] [PATCH 1/2] security: add anti replay window size
Next message: [dpdk-dev] [PATCH v2 1/2] security: add anti replay window size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list