From patchwork Fri Oct 25 06:20:20 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hemant Agrawal X-Patchwork-Id: 177614 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp3219977ill; Thu, 24 Oct 2019 23:23:20 -0700 (PDT) X-Google-Smtp-Source: APXvYqw9Kgo6fuwBqT4b7ug+rgGevFsSDdVRYEXHdx46NL2AGzG5kUSOUDUCt2sKJGkLQlUz7kDj X-Received: by 2002:a17:906:32cc:: with SMTP id k12mr1885033ejk.196.1571984600156; Thu, 24 Oct 2019 23:23:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571984600; cv=none; d=google.com; s=arc-20160816; b=o/mubxttmFUnXtEVXfDsgmJyRr2Swm0d9aJEBkpjliR2gT2mwzkPeFvpgg5VZCUnf5 Up7v5swwUmB7FQb+rbIy1i03jbADzkquz5dMJ/x3WRD8PxAwzBtk9SG+5BhorqcZnKgF DJXPE6zJFReKxBCZ5q3ZlZ+URoPWtpSXD0sonPni2XeIJS1+ah9GyNb3JLBIc+8nTgsU tU/td6s6/CfYqYc3yBd0iAR8qic5o3MuyKyJwZrI9qE7Y3E6dcOHAn/kQHPAA/rbzBOB CI2SOI7TSGK0RbdF5JXfJFRzN+Qo+/v5fc4Do903jp2wGbndmrkaeh/yZftxkluZM4ia rDZw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:message-id:date:cc:to :from; bh=5xsl1N7NG7ykdW21jcRnMfoYvm0hIWneWOLV0+dllq0=; b=BTE6mkMXqWXH+KDdEBbfLD4OE3Z23GiOEg/l3vgvPH2vpZJEifbUg86SBwPOn2yI2J NIuKXUQXvLfNE+2OjImaKA48CNZrJcOZAJuwiAEiMjPzBIZaxkjgYkKoX2TSA011tx5a 9sQ/nCBDZicQU3I322/T70JyxOhqo9RAkenLZlnMTCgj5f22wq68T339B9Gld6WyzO98 7LQK4gFOQwIC0wI6FJlNuyTHb7J0qa5G7zvZ0Oqjeh8QBn2Z6SPWE3EUJKJSIi/2Liaj bdHwDnIISdkKifP0SGMvebyOtMiHNDN+BCepbJHxSc0JGgBQ73CL2fb+mKeXW3zx00j5 oVuQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from dpdk.org (dpdk.org. [92.243.14.124]) by mx.google.com with ESMTP id h91si634267edd.270.2019.10.24.23.23.19; Thu, 24 Oct 2019 23:23:20 -0700 (PDT) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) client-ip=92.243.14.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 408F41E87A; Fri, 25 Oct 2019 08:23:18 +0200 (CEST) Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21]) by dpdk.org (Postfix) with ESMTP id CF3D51D44B for ; Fri, 25 Oct 2019 08:23:16 +0200 (CEST) Received: from inva021.nxp.com (localhost [127.0.0.1]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 38C40200410; Fri, 25 Oct 2019 08:23:16 +0200 (CEST) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 0B1FA20001C; Fri, 25 Oct 2019 08:23:14 +0200 (CEST) Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net [10.232.133.63]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id C0916402BC; Fri, 25 Oct 2019 14:23:10 +0800 (SGT) From: Hemant Agrawal To: dev@dpdk.org, akhil.goyal@nxp.com, declan.doherty@intel.com Cc: Hemant Agrawal Date: Fri, 25 Oct 2019 11:50:20 +0530 Message-Id: <20191025062021.18052-1-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.17.1 X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH 1/2] security: add anti replay window size X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" At present the ipsec xfrom is missing the important step to configure the anti replay window size. The newly added field will also help in to enable or disable the anti replay checking, if available in offload by means of non-zero or zero value. Currently similar field is available in rte_ipsec lib for software ipsec usage. The newly introduced filed can replace that field as well eventually. Signed-off-by: Hemant Agrawal --- lib/librte_security/rte_security.h | 4 ++++ 1 file changed, 4 insertions(+) -- 2.17.1 diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h index aaafdfcd7..195ad5645 100644 --- a/lib/librte_security/rte_security.h +++ b/lib/librte_security/rte_security.h @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform { /**< Tunnel parameters, NULL for transport mode */ uint64_t esn_soft_limit; /**< ESN for which the overflow event need to be raised */ + uint32_t replay_win_sz; + /**< Anti replay window size to enable sequence replay attack handling. + * replay checking is disabled if the window size is 0. + */ }; /** From patchwork Fri Oct 25 06:20:21 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hemant Agrawal X-Patchwork-Id: 177615 Delivered-To: patch@linaro.org Received: by 2002:a92:409a:0:0:0:0:0 with SMTP id d26csp3220081ill; Thu, 24 Oct 2019 23:23:26 -0700 (PDT) X-Google-Smtp-Source: APXvYqy33qpCuF/ams9CIkZOJhRvhFmh96HUfvEeLynX89tQw1uREDhm/adOq53dF8w/0eJAO2oA X-Received: by 2002:a17:906:9391:: with SMTP id l17mr1784260ejx.315.1571984606335; Thu, 24 Oct 2019 23:23:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571984606; cv=none; d=google.com; s=arc-20160816; b=X5eL0B+ZpsWr3hAbwjY60SG6bZJvk8XJRqGAz5boqN/DamkKMWoo8WKHnkN6oRE19I S+JpWplX82XPWQUJY546DJtDELAinRlPpCN3QOYNKsHNKd2+7yy0l0fFOOwITqUqGnrS rPj/LNjHvOEpqARDGo+2Zogz3ZE5vq7widNHbl4x3uq+R1fiIQOZ+F5aCdM/i9LMPydD kvxgXtQ0txbk9xlzQ5c26F813PfHQeRutIEGYIns0vpZvEaqvaTwK6t/uBAsJLJ/k7Z2 D2yxTUdyl2MSPyHr0rzPUvWLdyi9DA9NfK0W2Lq9/97KMt/XPiaOerXH5TZ3DRLWneQT ZBFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject:references:in-reply-to :message-id:date:cc:to:from; bh=Yyc1brgMDSAVGKWjGjoT5nlfA5AlmjETNyDdbe+x+dg=; b=OM4Na+qNHXLxLWKl4GRHm5rRQMWVkApDJSUKxYPDrbJ0aehfixVlmKMYKca/CyAAyT cKNvOig9iTBwS5q9Izh7DHOYcbvWU9IdXB3mOXBSBVkuQyVMdAuPIcDpzc2h0YatFWGK uLQI1GUW6M3mC5F45iom6vGOVNG5u7vwrWpSu6JxS9syMan+nmHR+heABOjuW1uFvEGZ LIb2Ne0He2nQL98mk9PRN5AX9K4L/nkvYcmUf5o8git3MrzEGLdA0E6DHQYPj8gMJpTb 4JZRbVu7FqBdIj9zD3e7gO5CF4EIL77ey57NEHO4jhgWsZ2Z03S/LdIc+uuD+M/wc1uN qrYQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Return-Path: Received: from dpdk.org (dpdk.org. [92.243.14.124]) by mx.google.com with ESMTP id c7si598538ejm.375.2019.10.24.23.23.25; Thu, 24 Oct 2019 23:23:26 -0700 (PDT) Received-SPF: pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) client-ip=92.243.14.124; Authentication-Results: mx.google.com; spf=pass (google.com: domain of dev-bounces@dpdk.org designates 92.243.14.124 as permitted sender) smtp.mailfrom=dev-bounces@dpdk.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nxp.com Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id 476E81E8CF; Fri, 25 Oct 2019 08:23:21 +0200 (CEST) Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21]) by dpdk.org (Postfix) with ESMTP id 6F9911D44B for ; Fri, 25 Oct 2019 08:23:17 +0200 (CEST) Received: from inva021.nxp.com (localhost [127.0.0.1]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 1049B20041A; Fri, 25 Oct 2019 08:23:17 +0200 (CEST) Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com [165.114.16.14]) by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id D5E7D200037; Fri, 25 Oct 2019 08:23:14 +0200 (CEST) Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net [10.232.133.63]) by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id 97515402DA; Fri, 25 Oct 2019 14:23:11 +0800 (SGT) From: Hemant Agrawal To: dev@dpdk.org, akhil.goyal@nxp.com, declan.doherty@intel.com Cc: Hemant Agrawal Date: Fri, 25 Oct 2019 11:50:21 +0530 Message-Id: <20191025062021.18052-2-hemant.agrawal@nxp.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20191025062021.18052-1-hemant.agrawal@nxp.com> References: <20191025062021.18052-1-hemant.agrawal@nxp.com> X-Virus-Scanned: ClamAV using ClamSMTP Subject: [dpdk-dev] [PATCH 2/2] examples/ipsec-secgw: add support for replay win for lookaside X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" This patch extend the support for window size config to lookaside based ipsec offload as well. Signed-off-by: Hemant Agrawal --- examples/ipsec-secgw/ipsec.c | 1 + examples/ipsec-secgw/sa.c | 1 + 2 files changed, 2 insertions(+) -- 2.17.1 diff --git a/examples/ipsec-secgw/ipsec.c b/examples/ipsec-secgw/ipsec.c index 51fb22e8a..159e81f99 100644 --- a/examples/ipsec-secgw/ipsec.c +++ b/examples/ipsec-secgw/ipsec.c @@ -49,6 +49,7 @@ set_ipsec_conf(struct ipsec_sa *sa, struct rte_security_ipsec_xform *ipsec) /* TODO support for Transport */ } ipsec->esn_soft_limit = IPSEC_OFFLOAD_ESN_SOFTLIMIT; + ipsec->replay_win_sz = app_sa_prm.window_size; } int diff --git a/examples/ipsec-secgw/sa.c b/examples/ipsec-secgw/sa.c index 14ee94731..9a57e3eac 100644 --- a/examples/ipsec-secgw/sa.c +++ b/examples/ipsec-secgw/sa.c @@ -1056,6 +1056,7 @@ fill_ipsec_app_sa_prm(struct rte_ipsec_sa_prm *prm, prm->flags = app_prm->flags; prm->ipsec_xform.options.esn = app_prm->enable_esn; prm->replay_win_sz = app_prm->window_size; + prm->ipsec_xform.replay_win_sz = prm->replay_win_sz; } static int