Hi Konstantin,
> -----Original Message-----
> From: Ananyev, Konstantin <konstantin.anan...@intel.com>
> Sent: Friday, October 25, 2019 3:30 PM
> To: Hemant Agrawal <hemant.agra...@nxp.com>; dev@dpdk.org; Akhil
> Goyal <akhil.go...@nxp.com>; Doherty, Declan <declan.dohe...@intel.com>
> Subject: RE: [dpdk-dev] [PATCH 1/2] security: add anti replay window size
> Importance: High
>
> Hi Hemant,
>
> >
> > At present the ipsec xfrom is missing the important step to configure
> > the anti replay window size.
> > The newly added field will also help in to enable or disable the anti
> > replay checking, if available in offload by means of non-zero or zero
> > value.
>
> +1 for those changes.
> Though AFAIK, it will be an ABI breakage, right?
> So probably deserves changes in release notes.
[Hemant] ok
>
> >
> > Currently similar field is available in rte_ipsec lib for software
> > ipsec usage.
>
> Yep, the only thing why it was put here - to avoid ABI breakage within
> rte_security.
> Having it in the rte_security_ipsec_xform makes much more sense.
>
> >The newly introduced filed can replace
> > that field as well eventually.
>
> My suggestion would be to update librte_ipsec as part of these patch series.
>
[Hemant] will do it in v2
> >
> > Signed-off-by: Hemant Agrawal <hemant.agra...@nxp.com>
> > ---
> > lib/librte_security/rte_security.h | 4 ++++
> > 1 file changed, 4 insertions(+)
> >
> > diff --git a/lib/librte_security/rte_security.h
> > b/lib/librte_security/rte_security.h
> > index aaafdfcd7..195ad5645 100644
> > --- a/lib/librte_security/rte_security.h
> > +++ b/lib/librte_security/rte_security.h
> > @@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
> > /**< Tunnel parameters, NULL for transport mode */
> > uint64_t esn_soft_limit;
> > /**< ESN for which the overflow event need to be raised */
> > + uint32_t replay_win_sz;
> > + /**< Anti replay window size to enable sequence replay attack
> handling.
> > + * replay checking is disabled if the window size is 0.
> > + */
> > };
>
>
>
