[v3,1/2] security: add anti replay window size

Message ID	20191030085701.13815-1-hemant.agrawal@nxp.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) client-ip=92.243.14.124; From: Hemant Agrawal <hemant.agrawal@nxp.com> To: dev@dpdk.org, akhil.goyal@nxp.com Cc: konstantin.ananyev@intel.com, Hemant Agrawal <hemant.agrawal@nxp.com> Date: Wed, 30 Oct 2019 14:27:00 +0530 Message-Id: <20191030085701.13815-1-hemant.agrawal@nxp.com> In-Reply-To: <20191030065703.32068-1-hemant.agrawal@nxp.com> References: <20191030065703.32068-1-hemant.agrawal@nxp.com> Subject: [dpdk-dev] [PATCH v3 1/2] security: add anti replay window size Precedence: list Errors-To: dev-bounces@dpdk.org Sender: "dev" <dev-bounces@dpdk.org>
Series	[v3,1/2] security: add anti replay window size \| expand [v3,1/2] security: add anti replay window size [v3,2/2] ipsec: remove redundant replay_win_sz

Message ID

20191030085701.13815-1-hemant.agrawal@nxp.com

State

New

Headers

Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates
	92.243.14.124 as permitted sender) client-ip=92.243.14.124; 
From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org,
	akhil.goyal@nxp.com
Cc: konstantin.ananyev@intel.com,
	Hemant Agrawal <hemant.agrawal@nxp.com>
Date: Wed, 30 Oct 2019 14:27:00 +0530
Message-Id: <20191030085701.13815-1-hemant.agrawal@nxp.com>
In-Reply-To: <20191030065703.32068-1-hemant.agrawal@nxp.com>
References: <20191030065703.32068-1-hemant.agrawal@nxp.com>
Subject: [dpdk-dev] [PATCH v3 1/2] security: add anti replay window size
Precedence: list
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Series

[v3,1/2] security: add anti replay window size | expand

Commit Message

Hemant Agrawal Oct. 30, 2019, 8:57 a.m. UTC

At present the ipsec xfrom is missing the important step
to configure the anti replay window size.
The newly added field will also help in to enable or disable
the anti replay checking, if available in offload by means
of non-zero or zero value.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>

---
 lib/librte_security/Makefile       | 2 +-
 lib/librte_security/meson.build    | 2 +-
 lib/librte_security/rte_security.h | 4 ++++
 3 files changed, 6 insertions(+), 2 deletions(-)

-- 
2.17.1

diff --git a/lib/librte_security/Makefile b/lib/librte_security/Makefile
index 6708effdb..6a268ee2a 100644
--- a/lib/librte_security/Makefile
+++ b/lib/librte_security/Makefile
@@ -7,7 +7,7 @@  include $(RTE_SDK)/mk/rte.vars.mk
 LIB = librte_security.a
 
 # library version
-LIBABIVER := 2
+LIBABIVER := 3
 
 # build flags
 CFLAGS += -O3
diff --git a/lib/librte_security/meson.build b/lib/librte_security/meson.build
index a5130d2f6..6fed01273 100644
--- a/lib/librte_security/meson.build
+++ b/lib/librte_security/meson.build
@@ -1,7 +1,7 @@ 
 # SPDX-License-Identifier: BSD-3-Clause
 # Copyright(c) 2017-2019 Intel Corporation
 
-version = 2
+version = 3
 sources = files('rte_security.c')
 headers = files('rte_security.h', 'rte_security_driver.h')
 deps += ['mempool', 'cryptodev']
diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index aaafdfcd7..195ad5645 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -212,6 +212,10 @@  struct rte_security_ipsec_xform {
 	/**< Tunnel parameters, NULL for transport mode */
 	uint64_t esn_soft_limit;
 	/**< ESN for which the overflow event need to be raised */
+	uint32_t replay_win_sz;
+	/**< Anti replay window size to enable sequence replay attack handling.
+	 * replay checking is disabled if the window size is 0.
+	 */
 };
 
 /**

[v3,1/2] security: add anti replay window size

Commit Message

Patch