[dpdk-dev] [PATCH v4 1/3] security: add anti replay window size

[Ananyev, Konstantin]

> At present the ipsec xfrom is missing the important step
> to configure the anti replay window size.
> The newly added field will also help in to enable or disable
> the anti replay checking, if available in offload by means
> of non-zero or zero value.
> 
> Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> ---
>  doc/guides/rel_notes/release_19_11.rst | 6 +++++-
>  lib/librte_security/Makefile           | 2 +-
>  lib/librte_security/meson.build        | 2 +-
>  lib/librte_security/rte_security.h     | 4 ++++
>  4 files changed, 11 insertions(+), 3 deletions(-)
> 
> diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
> index ae8e7b2f0..0508ec545 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -365,6 +365,10 @@ ABI Changes
>    align the Ethernet header on receive and all known encapsulations
>    preserve the alignment of the header.
> 
> +* security: A new field ''replay_win_sz'' has been added to the structure
> +  ``rte_security_ipsec_xform``, which specify the Anti replay window size
> +  to enable sequence replay attack handling.
> +
> 
>  Shared Library Versions
>  -----------------------
> @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were incremented in this version.
>       librte_reorder.so.1
>       librte_ring.so.2
>     + librte_sched.so.4
> -     librte_security.so.2
> +   + librte_security.so.3
>       librte_stack.so.1
>       librte_table.so.3
>       librte_timer.so.1
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
> index 6708effdb..6a268ee2a 100644
> --- a/lib/librte_security/Makefile
> +++ b/lib/librte_security/Makefile
> @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk
>  LIB = librte_security.a
> 
>  # library version
> -LIBABIVER := 2
> +LIBABIVER := 3
> 
>  # build flags
>  CFLAGS += -O3
> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> index a5130d2f6..6fed01273 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -1,7 +1,7 @@
>  # SPDX-License-Identifier: BSD-3-Clause
>  # Copyright(c) 2017-2019 Intel Corporation
> 
> -version = 2
> +version = 3
>  sources = files('rte_security.c')
>  headers = files('rte_security.h', 'rte_security_driver.h')
>  deps += ['mempool', 'cryptodev']
> diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
> index aaafdfcd7..195ad5645 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
>  	/**< Tunnel parameters, NULL for transport mode */
>  	uint64_t esn_soft_limit;
>  	/**< ESN for which the overflow event need to be raised */
> +	uint32_t replay_win_sz;
> +	/**< Anti replay window size to enable sequence replay attack handling.
> +	 * replay checking is disabled if the window size is 0.
> +	 */
>  };
> 
>  /**
> --

Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>

> 2.17.1