[dpdk-dev] [PATCH v4 1/3] security: add anti replay window size

Hemant Agrawal hemant.agrawal at nxp.com
Thu Oct 31 08:30:07 CET 2019

Previous message: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size
Next message: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Anoop,


> -----Original Message-----
> Hi Hemant,
> 
> How would the PMD specify whether anit-replay is supported or not? Do you
> have plans to introduce it as a capability? Or do you expect the session
> creation to fail if the feature is not supported by underlying PMD and the anti
> replay window size is set.
[Hemant]  We can add it as part of capability set. 

I believe following should help:

uint32_t  max_replay_win_sz; 

Sending it as 0 will indicate the app that replay_win is not support.
> 
> Thanks,
> Anoob
> 
> > -----Original Message-----
> > From: dev <dev-bounces at dpdk.org> On Behalf Of Hemant Agrawal
> > Sent: Thursday, October 31, 2019 10:25 AM
> > To: dev at dpdk.org; akhil.goyal at nxp.com
> > Cc: konstantin.ananyev at intel.com; Hemant Agrawal
> > <hemant.agrawal at nxp.com>
> > Subject: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window
> > size
> >
> > At present the ipsec xfrom is missing the important step to configure
> > the anti replay window size.
> > The newly added field will also help in to enable or disable the anti
> > replay checking, if available in offload by means of non-zero or zero value.
> >
> > Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> > ---
> >  doc/guides/rel_notes/release_19_11.rst | 6 +++++-
> >  lib/librte_security/Makefile           | 2 +-
> >  lib/librte_security/meson.build        | 2 +-
> >  lib/librte_security/rte_security.h     | 4 ++++
> >  4 files changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/doc/guides/rel_notes/release_19_11.rst
> > b/doc/guides/rel_notes/release_19_11.rst
> > index ae8e7b2f0..0508ec545 100644
> > --- a/doc/guides/rel_notes/release_19_11.rst
> > +++ b/doc/guides/rel_notes/release_19_11.rst
> > @@ -365,6 +365,10 @@ ABI Changes
> >    align the Ethernet header on receive and all known encapsulations
> >    preserve the alignment of the header.
> >
> > +* security: A new field ''replay_win_sz'' has been added to the
> > +structure
> > +  ``rte_security_ipsec_xform``, which specify the Anti replay window
> > +size
> > +  to enable sequence replay attack handling.
> > +
> >
> >  Shared Library Versions
> >  -----------------------
> > @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were
> > incremented in this version.
> >       librte_reorder.so.1
> >       librte_ring.so.2
> >     + librte_sched.so.4
> > -     librte_security.so.2
> > +   + librte_security.so.3
> >       librte_stack.so.1
> >       librte_table.so.3
> >       librte_timer.so.1
> > diff --git a/lib/librte_security/Makefile
> > b/lib/librte_security/Makefile index 6708effdb..6a268ee2a 100644
> > --- a/lib/librte_security/Makefile
> > +++ b/lib/librte_security/Makefile
> > @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk  LIB =
> > librte_security.a
> >
> >  # library version
> > -LIBABIVER := 2
> > +LIBABIVER := 3
> >
> >  # build flags
> >  CFLAGS += -O3
> > diff --git a/lib/librte_security/meson.build
> > b/lib/librte_security/meson.build index a5130d2f6..6fed01273 100644
> > --- a/lib/librte_security/meson.build
> > +++ b/lib/librte_security/meson.build
> > @@ -1,7 +1,7 @@
> >  # SPDX-License-Identifier: BSD-3-Clause  # Copyright(c) 2017-2019
> > Intel Corporation
> >
> > -version = 2
> > +version = 3
> >  sources = files('rte_security.c')
> >  headers = files('rte_security.h', 'rte_security_driver.h')  deps +=
> > ['mempool', 'cryptodev'] diff --git
> > a/lib/librte_security/rte_security.h
> > b/lib/librte_security/rte_security.h
> > index aaafdfcd7..195ad5645 100644
> > --- a/lib/librte_security/rte_security.h
> > +++ b/lib/librte_security/rte_security.h
> > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
> >  	/**< Tunnel parameters, NULL for transport mode */
> >  	uint64_t esn_soft_limit;
> >  	/**< ESN for which the overflow event need to be raised */
> > +	uint32_t replay_win_sz;
> > +	/**< Anti replay window size to enable sequence replay attack
> handling.
> > +	 * replay checking is disabled if the window size is 0.
> > +	 */
> >  };
> >
> >  /**
> > --
> > 2.17.1

Previous message: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size
Next message: [dpdk-dev] [PATCH v4 1/3] security: add anti replay window size
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list