[dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform

Nicolau, Radu radu.nicolau at intel.com
Mon Sep 6 15:39:03 CEST 2021

Previous message (by thread): [dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform
Next message (by thread): [dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 9/6/2021 12:36 PM, Anoob Joseph wrote:
> Hi Radu,
>
>> Hi Akhil, I suppose they can be complementary, with this one being a hard
>> ESN limit that the user can enforce by setting the initial ESN value - but there
>> is no requirement to do so. Also, this change doesn't need explicit support
>> added in the PMDs.
> What is the actual use case of this field (ESN)? My impression was this is to allow application to control sequence number. For normal use cases, it can be like starting sequence number. And this can be used with ``rte_security_session_update`` to allow simulating corner cases (like large anti-replay windows sizes with ESN enabled etc). Did I capture the intended use case correctly?
>
> If it is to set max sequence number to be handled by the session, then I guess, this is getting addressed as part of SA lifetime spec proposal.
>
> Can you confirm what is the intended use case?
>
> Thanks,
> Anoob

Hi Anoob, the purpose was to have a starting value controlled by the app 
and I think you're right, it can be achieved with 
rte_security_session_update.

Thanks,
Radu

Previous message (by thread): [dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform
Next message (by thread): [dpdk-dev] [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list