From patchwork Wed Oct 30 08:57:01 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hemant Agrawal <hemant.agrawal@nxp.com>
X-Patchwork-Id: 178079
Delivered-To: patch@linaro.org
Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp976106ill;
 Wed, 30 Oct 2019 02:00:12 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzQTcaQONRPsWlWB8V1SNCTlZExyxZrXkPmlKkNlZdqaqAEJBfTdyEZ41H7RkR/hXiaBI+3
X-Received: by 2002:a17:906:1c97:: with SMTP id
 g23mr7748162ejh.66.1572426012438; 
 Wed, 30 Oct 2019 02:00:12 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1572426012; cv=none;
 d=google.com; s=arc-20160816;
 b=DgsRm2XI/2rkrUXET9G6ruS+YIq3BpQYW7aspcE90peFXFICFXQB0T064gBM079FOu
 Wn1ARBbSGa4LWBg5VNVOpiQITDmSLjUSgwK2Ugu/uiOLumiGjxOk6k0+GqcrS0Gwb0wm
 3en5XM4D7t+Ri1MmsGTkbPv9j7sYdomLiwZvb3YAV+IIEso8A/7luYahIaDXEvVVW6hZ
 Q6nAW7m1mmEOuoXiZx40RQvfMXzAZP6pEM/z0eTA4TiGMwowuxiWwX+F9zrO7iXQwhin
 uChb12ffZiRt1qoSrVxPDTYgsUmJGp/Hjit1AsSu6QRv4B0e9WY2iYYVWjQndx0FYi/S
 SdAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816; 
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:subject:references:in-reply-to
 :message-id:date:cc:to:from;
 bh=9fy1SC8xCOMma1ENkqIx5iqNteDx3RdkAO3UYg83qO0=;
 b=l2Wmh5GIGwOM2HNRJxP3cgR9gytC4lAJw1Qubnxcgek1GvWNgbgh0ID2y8LLXW0Yky
 y17cdACRhFMKF34l18s735Wa9xfKzHXkwixN2xirvIwalSwuf6hEPZIkVvA9Db7HpBpg
 CjEdIItVvUhB8B0kcMr/T2sF5MmsMRlY3xHkvjmHVwoWzDGNO/uCbbDZvt95ik1ACaVa
 nJsWUAbgOjJFCu3+0vaZ6Bz846hhfuVnPnBvjYQmvSaWRvkyK4tmXchpIH1zOFhKa6fh
 NFZPHHTv6Cj/d3hm3YObLJthh2le1LZFjVO1NDfXQtNL/81TOEP9onUEk7ZVX+7uKhC1
 h2PQ==
ARC-Authentication-Results: i=1; mx.google.com;
 spf=pass (google.com: domain of dev-bounces@dpdk.org designates
 92.243.14.124 as permitted sender)
 smtp.mailfrom=dev-bounces@dpdk.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com
Return-Path: <dev-bounces@dpdk.org>
Received: from dpdk.org (dpdk.org. [92.243.14.124])
 by mx.google.com with ESMTP id
 s20si1044462edd.294.2019.10.30.02.00.12; 
 Wed, 30 Oct 2019 02:00:12 -0700 (PDT)
Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates
 92.243.14.124 as permitted sender) client-ip=92.243.14.124; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: domain of dev-bounces@dpdk.org designates
 92.243.14.124 as permitted sender)
 smtp.mailfrom=dev-bounces@dpdk.org; 
 dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com
Received: from [92.243.14.124] (localhost [127.0.0.1])
 by dpdk.org (Postfix) with ESMTP id E83341BF49;
 Wed, 30 Oct 2019 10:00:07 +0100 (CET)
Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21])
 by dpdk.org (Postfix) with ESMTP id 393D21BEB5
 for <dev@dpdk.org>; Wed, 30 Oct 2019 10:00:04 +0100 (CET)
Received: from inva021.nxp.com (localhost [127.0.0.1])
 by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 1AC9520000D;
 Wed, 30 Oct 2019 10:00:04 +0100 (CET)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
 [165.114.16.14])
 by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id B0B9E2009A2;
 Wed, 30 Oct 2019 10:00:01 +0100 (CET)
Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net
 [10.232.133.63])
 by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 906A8402C7;
 Wed, 30 Oct 2019 16:59:58 +0800 (SGT)
From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org,
	akhil.goyal@nxp.com
Cc: konstantin.ananyev@intel.com,
	Hemant Agrawal <hemant.agrawal@nxp.com>
Date: Wed, 30 Oct 2019 14:27:01 +0530
Message-Id: <20191030085701.13815-2-hemant.agrawal@nxp.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20191030085701.13815-1-hemant.agrawal@nxp.com>
References: <20191030065703.32068-1-hemant.agrawal@nxp.com>
 <20191030085701.13815-1-hemant.agrawal@nxp.com>
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH v3 2/2] ipsec: remove redundant replay_win_sz
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

The rte_security lib has introduced replay_win_sz,
so it can be removed from the rte_ipsec lib.

Also, the relaved tests,app are also update to reflect
the usages.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
v3: fix the compilation issue

 app/test/test_ipsec.c                  |  2 +-
 doc/guides/rel_notes/release_19_11.rst | 10 ++++++++--
 examples/ipsec-secgw/ipsec.c           |  1 +
 examples/ipsec-secgw/sa.c              |  2 +-
 lib/librte_ipsec/Makefile              |  2 +-
 lib/librte_ipsec/meson.build           |  1 +
 lib/librte_ipsec/rte_ipsec_sa.h        |  6 ------
 lib/librte_ipsec/sa.c                  |  4 ++--
 8 files changed, 15 insertions(+), 13 deletions(-)

-- 
2.17.1

diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c
index 4007eff19..9e3dabd93 100644
--- a/app/test/test_ipsec.c
+++ b/app/test/test_ipsec.c
@@ -689,7 +689,7 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags)
 
 	prm->userdata = 1;
 	prm->flags = flags;
-	prm->replay_win_sz = replay_win_sz;
+	prm->ipsec_xform.replay_win_sz = replay_win_sz;
 
 	/* setup ipsec xform */
 	prm->ipsec_xform = ut_params->ipsec_xform;
diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst
index ae8e7b2f0..aa16c8422 100644
--- a/doc/guides/rel_notes/release_19_11.rst
+++ b/doc/guides/rel_notes/release_19_11.rst
@@ -365,6 +365,12 @@ ABI Changes
   align the Ethernet header on receive and all known encapsulations
   preserve the alignment of the header.
 
+* security: A new field ''replay_win_sz'' has been added to the structure
+  ``rte_security_ipsec_xform``, which specify the Anti replay window size
+  to enable sequence replay attack handling.
+
+* ipsec: The field ''replay_win_sz'' has been removed from the structure
+  ''rte_ipsec_sa_prm'' as it has been added to the security library.
 
 Shared Library Versions
 -----------------------
@@ -407,7 +413,7 @@ The libraries prepended with a plus sign were incremented in this version.
      librte_gso.so.1
      librte_hash.so.2
      librte_ip_frag.so.1
-     librte_ipsec.so.1
+   + librte_ipsec.so.2
      librte_jobstats.so.1
      librte_kni.so.2
      librte_kvargs.so.1
@@ -437,7 +443,7 @@ The libraries prepended with a plus sign were incremented in this version.
      librte_reorder.so.1
      librte_ring.so.2
    + librte_sched.so.4
-     librte_security.so.2
+   + librte_security.so.3
      librte_stack.so.1
      librte_table.so.3
      librte_timer.so.1
diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c
index 51fb22e8a..159e81f99 100644
--- a/examples/ipsec-secgw/ipsec.c
+++ b/examples/ipsec-secgw/ipsec.c
@@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec)
 		/* TODO support for Transport */
 	}
 	ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT;
+	ipsec->replay_win_sz = app_sa_prm.window_size;
 }
 
 int
diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c
index 14ee94731..3d687c459 100644
--- a/examples/ipsec-secgw/sa.c
+++ b/examples/ipsec-secgw/sa.c
@@ -1055,7 +1055,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm,
 
 	prm->flags = app_prm->flags;
 	prm->ipsec_xform.options.esn = app_prm->enable_esn;
-	prm->replay_win_sz = app_prm->window_size;
+	prm->ipsec_xform.replay_win_sz = app_prm->window_size;
 }
 
 static int
diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile
index 81fb99980..161ea9e3d 100644
--- a/lib/librte_ipsec/Makefile
+++ b/lib/librte_ipsec/Makefile
@@ -14,7 +14,7 @@ LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash
 
 EXPORT_MAP := rte_ipsec_version.map
 
-LIBABIVER := 1
+LIBABIVER := 2
 
 # all source are stored in SRCS-y
 SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += esp_inb.c
diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build
index 70358526b..e8604dadd 100644
--- a/lib/librte_ipsec/meson.build
+++ b/lib/librte_ipsec/meson.build
@@ -1,6 +1,7 @@
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2018 Intel Corporation
 
+version = 2
 allow_experimental_apis = true
 
 sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c')
diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec_sa.h
index 47ce169d2..1cfde5874 100644
--- a/lib/librte_ipsec/rte_ipsec_sa.h
+++ b/lib/librte_ipsec/rte_ipsec_sa.h
@@ -47,12 +47,6 @@ struct rte_ipsec_sa_prm {
 			uint8_t proto;  /**< next header protocol */
 		} trs; /**< transport mode related parameters */
 	};
-
-	/**
-	 * window size to enable sequence replay attack handling.
-	 * replay checking is disabled if the window size is 0.
-	 */
-	uint32_t replay_win_sz;
 };
 
 /**
diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c
index 23d394b46..6f1d92c3c 100644
--- a/lib/librte_ipsec/sa.c
+++ b/lib/librte_ipsec/sa.c
@@ -439,7 +439,7 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm)
 		return rc;
 
 	/* determine required size */
-	wsz = prm->replay_win_sz;
+	wsz = prm->ipsec_xform.replay_win_sz;
 	return ipsec_sa_size(type, &wsz, &nb);
 }
 
@@ -461,7 +461,7 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm,
 		return rc;
 
 	/* determine required size */
-	wsz = prm->replay_win_sz;
+	wsz = prm->ipsec_xform.replay_win_sz;
 	sz = ipsec_sa_size(type, &wsz, &nb);
 	if (sz < 0)
 		return sz;