From patchwork Wed Oct 30 08:57:01 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hemant Agrawal X-Patchwork-Id: 178079 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp976106ill; Wed, 30 Oct 2019 02:00:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqzQTcaQONRPsWlWB8V1SNCTlZExyxZrXkPmlKkNlZdqaqAEJBfTdyEZ41H7RkR/hXiaBI+3 X-Received: by 2002:a17:906:1c97:: with SMTP id g23mr7748162ejh.66.1572426012438; Wed, 30 Oct 2019 02:00:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1572426012; cv=none; d=google.com; s=arc-20160816; b=DgsRm2XI/2rkrUXET9G6ruS+YIq3BpQYW7aspcE90peFXFICFXQB0T064gBM079FOu Wn1ARBbSGa4LWBg5VNVOpiQITDmSLjUSgwK2Ugu/uiOLumiGjxOk6k0+GqcrS0Gwb0wm 3en5XM4D7t+Ri1MmsGTkbPv9j7sYdomLiwZvb3YAV+IIEso8A/7luYahIaDXEvVVW6hZ Q6nAW7m1mmEOuoXiZx40RQvfMXzAZP6pEM/z0eTA4TiGMwowuxiWwX+F9zrO7iXQwhin uChb12ffZiRt1qoSrVxPDTYgsUmJGp/Hjit1AsSu6QRv4B0e9WY2iYYVWjQndx0FYi/S SdAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:cc:to:from; bh=9fy1SC8xCOMma1ENkqIx5iqNteDx3RdkAO3UYg83qO0=; b=l2Wmh5GIGwOM2HNRJxP3cgR9gytC4lAJw1Qubnxcgek1GvWNgbgh0ID2y8LLXW0Yky y17cdACRhFMKF34l18s735Wa9xfKzHXkwixN2xirvIwalSwuf6hEPZIkVvA9Db7HpBpg CjEdIItVvUhB8B0kcMr/T2sF5MmsMRlY3xHkvjmHVwoWzDGNO/uCbbDZvt95ik1ACaVa nJsWUAbgOjJFCu3+0vaZ6Bz846hhfuVnPnBvjYQmvSaWRvkyK4tmXchpIH1zOFhKa6fh NFZPHHTv6Cj/d3hm3YObLJthh2le1LZFjVO1NDfXQtNL/81TOEP9onUEk7ZVX+7uKhC1 h2PQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from dpdk.org (dpdk.org. [92.243.14.124]) by mx.google.com with ESMTP id s20si1044462edd.294.2019.10.30.02.00.12; Wed, 30 Oct 2019 02:00:12 -0700 (PDT) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) client-ip=92.243.14.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id E83341BF49; Wed, 30 Oct 2019 10:00:07 +0100 (CET) Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21]) by dpdk.org (Postfix) with ESMTP id 393D21BEB5 for ; Wed, 30 Oct 2019 10:00:04 +0100 (CET) Received: from inva021.nxp.com (localhost [127.0.0.1]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 1AC9520000D; Wed, 30 Oct 2019 10:00:04 +0100 (CET) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id B0B9E2009A2; Wed, 30 Oct 2019 10:00:01 +0100 (CET) Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net [10.232.133.63]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 906A8402C7; Wed, 30 Oct 2019 16:59:58 +0800 (SGT) From: Hemant Agrawal To: dev@dpdk.org, akhil.goyal@nxp.com Cc: konstantin.ananyev@intel.com, Hemant Agrawal Date: Wed, 30 Oct 2019 14:27:01 +0530 Message-Id: <20191030085701.13815-2-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191030085701.13815-1-hemant.agrawal@nxp.com> References: <20191030065703.32068-1-hemant.agrawal@nxp.com> <20191030085701.13815-1-hemant.agrawal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH v3 2/2] ipsec: remove redundant replay_win_sz X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" The rte_security lib has introduced replay_win_sz, so it can be removed from the rte_ipsec lib. Also, the relaved tests,app are also update to reflect the usages. Signed-off-by: Hemant Agrawal --- v3: fix the compilation issue app/test/test_ipsec.c | 2 +- doc/guides/rel_notes/release_19_11.rst | 10 ++++++++-- examples/ipsec-secgw/ipsec.c | 1 + examples/ipsec-secgw/sa.c | 2 +- lib/librte_ipsec/Makefile | 2 +- lib/librte_ipsec/meson.build | 1 + lib/librte_ipsec/rte_ipsec_sa.h | 6 ------ lib/librte_ipsec/sa.c | 4 ++-- 8 files changed, 15 insertions(+), 13 deletions(-) -- 2.17.1 diff --git a/app/test/test_ipsec.c b/app/test/test_ipsec.c index 4007eff19..9e3dabd93 100644 --- a/app/test/test_ipsec.c +++ b/app/test/test_ipsec.c @@ -689,7 +689,7 @@ fill_ipsec_param(uint32_t replay_win_sz, uint64_t flags) prm->userdata = 1; prm->flags = flags; - prm->replay_win_sz = replay_win_sz; + prm->ipsec_xform.replay_win_sz = replay_win_sz; /* setup ipsec xform */ prm->ipsec_xform = ut_params->ipsec_xform; diff --git a/doc/guides/rel_notes/release_19_11.rst b/doc/guides/rel_notes/release_19_11.rst index ae8e7b2f0..aa16c8422 100644 --- a/doc/guides/rel_notes/release_19_11.rst +++ b/doc/guides/rel_notes/release_19_11.rst @@ -365,6 +365,12 @@ ABI Changes align the Ethernet header on receive and all known encapsulations preserve the alignment of the header. +* security: A new field ''replay_win_sz'' has been added to the structure + ``rte_security_ipsec_xform``, which specify the Anti replay window size + to enable sequence replay attack handling. + +* ipsec: The field ''replay_win_sz'' has been removed from the structure + ''rte_ipsec_sa_prm'' as it has been added to the security library. Shared Library Versions ----------------------- @@ -407,7 +413,7 @@ The libraries prepended with a plus sign were incremented in this version. librte_gso.so.1 librte_hash.so.2 librte_ip_frag.so.1 - librte_ipsec.so.1 + + librte_ipsec.so.2 librte_jobstats.so.1 librte_kni.so.2 librte_kvargs.so.1 @@ -437,7 +443,7 @@ The libraries prepended with a plus sign were incremented in this version. librte_reorder.so.1 librte_ring.so.2 + librte_sched.so.4 - librte_security.so.2 + + librte_security.so.3 librte_stack.so.1 librte_table.so.3 librte_timer.so.1 diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 51fb22e8a..159e81f99 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) /* TODO support for Transport */ } ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; + ipsec->replay_win_sz = app_sa_prm.window_size; } int diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 14ee94731..3d687c459 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1055,7 +1055,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm, prm->flags = app_prm->flags; prm->ipsec_xform.options.esn = app_prm->enable_esn; - prm->replay_win_sz = app_prm->window_size; + prm->ipsec_xform.replay_win_sz = app_prm->window_size; } static int diff --git a/lib/librte_ipsec/Makefile b/lib/librte_ipsec/Makefile index 81fb99980..161ea9e3d 100644 --- a/lib/librte_ipsec/Makefile +++ b/lib/librte_ipsec/Makefile @@ -14,7 +14,7 @@ LDLIBS += -lrte_cryptodev -lrte_security -lrte_hash EXPORT_MAP := rte_ipsec_version.map -LIBABIVER := 1 +LIBABIVER := 2 # all source are stored in SRCS-y SRCS-$(CONFIG_RTE_LIBRTE_IPSEC) += esp_inb.c diff --git a/lib/librte_ipsec/meson.build b/lib/librte_ipsec/meson.build index 70358526b..e8604dadd 100644 --- a/lib/librte_ipsec/meson.build +++ b/lib/librte_ipsec/meson.build @@ -1,6 +1,7 @@ # SPDX-License-Identifier: BSD-3-Clause # Copyright(c) 2018 Intel Corporation +version = 2 allow_experimental_apis = true sources = files('esp_inb.c', 'esp_outb.c', 'sa.c', 'ses.c', 'ipsec_sad.c') diff --git a/lib/librte_ipsec/rte_ipsec_sa.h b/lib/librte_ipsec/rte_ipsec_sa.h index 47ce169d2..1cfde5874 100644 --- a/lib/librte_ipsec/rte_ipsec_sa.h +++ b/lib/librte_ipsec/rte_ipsec_sa.h @@ -47,12 +47,6 @@ struct rte_ipsec_sa_prm { uint8_t proto; /**< next header protocol */ } trs; /**< transport mode related parameters */ }; - - /** - * window size to enable sequence replay attack handling. - * replay checking is disabled if the window size is 0. - */ - uint32_t replay_win_sz; }; /** diff --git a/lib/librte_ipsec/sa.c b/lib/librte_ipsec/sa.c index 23d394b46..6f1d92c3c 100644 --- a/lib/librte_ipsec/sa.c +++ b/lib/librte_ipsec/sa.c @@ -439,7 +439,7 @@ rte_ipsec_sa_size(const struct rte_ipsec_sa_prm *prm) return rc; /* determine required size */ - wsz = prm->replay_win_sz; + wsz = prm->ipsec_xform.replay_win_sz; return ipsec_sa_size(type, &wsz, &nb); } @@ -461,7 +461,7 @@ rte_ipsec_sa_init(struct rte_ipsec_sa *sa, const struct rte_ipsec_sa_prm *prm, return rc; /* determine required size */ - wsz = prm->replay_win_sz; + wsz = prm->ipsec_xform.replay_win_sz; sz = ipsec_sa_size(type, &wsz, &nb); if (sz < 0) return sz;