[dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform

[Nicolau, Radu]

On 9/5/2021 3:47 PM, Akhil Goyal wrote:
> Hi Radu,
>
>> ----------------------------------------------------------------------
>> Update ipsec_xform definition to include ESN field.
>>
>> Signed-off-by: Declan Doherty <declan.doherty at intel.com>
>> Signed-off-by: Radu Nicolau <radu.nicolau at intel.com>
>> Signed-off-by: Abhijit Sinha <abhijit.sinha at intel.com>
>> Signed-off-by: Daniel Martin Buckley <daniel.m.buckley at intel.com>
>> ---
>>   lib/security/rte_security.h | 8 ++++++++
>>   1 file changed, 8 insertions(+)
>>
>> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
>> index 03572b10ab..702de58b48 100644
>> --- a/lib/security/rte_security.h
>> +++ b/lib/security/rte_security.h
>> @@ -240,6 +240,14 @@ struct rte_security_ipsec_xform {
>>   	 */
>>   	uint32_t mss;
>>   	/**< IPsec payload Maximum Segment Size */
>> +	union {
>> +		uint64_t value;
>> +		struct {
>> +			uint32_t low;
>> +			uint32_t hi;
>> +		};
>> +	} esn;
>> +	/**< Extended Sequence Number */
>>   };
> Can we use the following change for monitoring ESN?
> http://patches.dpdk.org/project/dpdk/patch/1629207767-262-2-git-send-email-anoobj@marvell.com/
>
> I believe ESN is not required to be set as SA parameter, it is normally
> maintained by the PMD and application should be notified if a limit is reached.
>
> Regards,
> Akhil

Hi Akhil, I suppose they can be complementary, with this one being a 
hard ESN limit that the user can enforce by setting the initial ESN 
value - but there is no requirement to do so. Also, this change doesn't 
need explicit support added in the PMDs.