[dpdk-dev] [EXT] [PATCH v5 1/3] security: add anti replay window size
Anoob Joseph
anoobj at marvell.com
Fri Nov 1 07:16:46 CET 2019
Hi Hemant,
Please see inline.
> -----Original Message-----
> From: Hemant Agrawal <hemant.agrawal at nxp.com>
> Sent: Thursday, October 31, 2019 6:45 PM
> To: dev at dpdk.org; akhil.goyal at nxp.com
> Cc: konstantin.ananyev at intel.com; Anoob Joseph <anoobj at marvell.com>;
> Hemant Agrawal <hemant.agrawal at nxp.com>
> Subject: [EXT] [PATCH v5 1/3] security: add anti replay window size
>
> External Email
>
> ----------------------------------------------------------------------
> At present the ipsec xfrom is missing the important step to configure the anti
> replay window size.
> The newly added field will also help in to enable or disable the anti replay
> checking, if available in offload by means of non-zero or zero value.
>
> Signed-off-by: Hemant Agrawal <hemant.agrawal at nxp.com>
> Acked-by: Konstantin Ananyev <konstantin.ananyev at intel.com>
> ---
> doc/guides/rel_notes/release_19_11.rst | 6 +++++-
> lib/librte_security/Makefile | 2 +-
> lib/librte_security/meson.build | 2 +-
> lib/librte_security/rte_security.h | 8 ++++++++
> 4 files changed, 15 insertions(+), 3 deletions(-)
>
> diff --git a/doc/guides/rel_notes/release_19_11.rst
> b/doc/guides/rel_notes/release_19_11.rst
> index ae8e7b2f0..0508ec545 100644
> --- a/doc/guides/rel_notes/release_19_11.rst
> +++ b/doc/guides/rel_notes/release_19_11.rst
> @@ -365,6 +365,10 @@ ABI Changes
> align the Ethernet header on receive and all known encapsulations
> preserve the alignment of the header.
>
> +* security: A new field ''replay_win_sz'' has been added to the
> +structure
> + ``rte_security_ipsec_xform``, which specify the Anti replay window
> +size
> + to enable sequence replay attack handling.
> +
>
> Shared Library Versions
> -----------------------
> @@ -437,7 +441,7 @@ The libraries prepended with a plus sign were
> incremented in this version.
> librte_reorder.so.1
> librte_ring.so.2
> + librte_sched.so.4
> - librte_security.so.2
> + + librte_security.so.3
> librte_stack.so.1
> librte_table.so.3
> librte_timer.so.1
> diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile index
> 6708effdb..6a268ee2a 100644
> --- a/lib/librte_security/Makefile
> +++ b/lib/librte_security/Makefile
> @@ -7,7 +7,7 @@ include $(RTE_SDK)/mk/rte.vars.mk LIB = librte_security.a
>
> # library version
> -LIBABIVER := 2
> +LIBABIVER := 3
>
> # build flags
> CFLAGS += -O3
> diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
> index a5130d2f6..6fed01273 100644
> --- a/lib/librte_security/meson.build
> +++ b/lib/librte_security/meson.build
> @@ -1,7 +1,7 @@
> # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2017-2019 Intel
> Corporation
>
> -version = 2
> +version = 3
> sources = files('rte_security.c')
> headers = files('rte_security.h', 'rte_security_driver.h') deps += ['mempool',
> 'cryptodev'] diff --git a/lib/librte_security/rte_security.h
> b/lib/librte_security/rte_security.h
> index aaafdfcd7..216e5370f 100644
> --- a/lib/librte_security/rte_security.h
> +++ b/lib/librte_security/rte_security.h
> @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
> /**< Tunnel parameters, NULL for transport mode */
> uint64_t esn_soft_limit;
> /**< ESN for which the overflow event need to be raised */
> + uint32_t replay_win_sz;
> + /**< Anti replay window size to enable sequence replay attack handling.
> + * replay checking is disabled if the window size is 0.
> + */
> };
>
> /**
> @@ -563,6 +567,10 @@ struct rte_security_capability {
> /**< IPsec SA direction */
> struct rte_security_ipsec_sa_options options;
> /**< IPsec SA supported options */
> + uint32_t replay_win_sz_max;
> + /**< IPsec Anti Replay Window Size. A '0' value
> + * indicates that Anti Replay Window is not supported.
[Anoob] Minor comment. Should it be "Anti Replay is not supported."?
> + */
> } ipsec;
> /**< IPsec capability */
> struct {
> --
> 2.17.1
Acked-by: Anoob Joseph <anoobj at marvell.com>
More information about the dev
mailing list