From patchwork Fri Oct 25 06:20:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hemant Agrawal <hemant.agrawal@nxp.com>
X-Patchwork-Id: 61939
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@dpdk.org
Delivered-To: patchwork@dpdk.org
Received: from [92.243.14.124] (localhost [127.0.0.1])
	by dpdk.org (Postfix) with ESMTP id 408F41E87A;
	Fri, 25 Oct 2019 08:23:18 +0200 (CEST)
Received: from inva021.nxp.com (inva021.nxp.com [92.121.34.21])
	by dpdk.org (Postfix) with ESMTP id CF3D51D44B
	for <dev@dpdk.org>; Fri, 25 Oct 2019 08:23:16 +0200 (CEST)
Received: from inva021.nxp.com (localhost [127.0.0.1])
	by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 38C40200410;
	Fri, 25 Oct 2019 08:23:16 +0200 (CEST)
Received: from invc005.ap-rdc01.nxp.com (invc005.ap-rdc01.nxp.com
	[165.114.16.14])
	by inva021.eu-rdc02.nxp.com (Postfix) with ESMTP id 0B1FA20001C;
	Fri, 25 Oct 2019 08:23:14 +0200 (CEST)
Received: from bf-netperf1.ap.freescale.net (bf-netperf1.ap.freescale.net
	[10.232.133.63])
	by invc005.ap-rdc01.nxp.com (Postfix) with ESMTP id C0916402BC;
	Fri, 25 Oct 2019 14:23:10 +0800 (SGT)
From: Hemant Agrawal <hemant.agrawal@nxp.com>
To: dev@dpdk.org,
	akhil.goyal@nxp.com,
	declan.doherty@intel.com
Cc: Hemant Agrawal <hemant.agrawal@nxp.com>
Date: Fri, 25 Oct 2019 11:50:20 +0530
Message-Id: <20191025062021.18052-1-hemant.agrawal@nxp.com>
X-Mailer: git-send-email 2.17.1
X-Virus-Scanned: ClamAV using ClamSMTP
Subject: [dpdk-dev] [PATCH 1/2] security: add anti replay window size
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
	<mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
	<mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

At present the ipsec xfrom is missing the important step
to configure the anti replay window size.
The newly added field will also help in to enable or disable
the anti replay checking, if available in offload by means
of non-zero or zero value.

Currently similar field is available in rte_ipsec lib for
software ipsec usage. The newly introduced filed can replace
that field as well eventually.

Signed-off-by: Hemant Agrawal <hemant.agrawal@nxp.com>
---
 lib/librte_security/rte_security.h | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index aaafdfcd7..195ad5645 100644
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
 	/**< Tunnel parameters, NULL for transport mode */
 	uint64_t esn_soft_limit;
 	/**< ESN for which the overflow event need to be raised */
+	uint32_t replay_win_sz;
+	/**< Anti replay window size to enable sequence replay attack handling.
+	 * replay checking is disabled if the window size is 0.
+	 */
 };
 
 /**