Hi Radu,
> Hi Akhil, I suppose they can be complementary, with this one being a hard
> ESN limit that the user can enforce by setting the initial ESN value - but
> there
> is no requirement to do so. Also, this change doesn't need explicit support
> added in the PMDs.
What is the actual use case of this field (ESN)? My impression was this is to
allow application to control sequence number. For normal use cases, it can be
like starting sequence number. And this can be used with
``rte_security_session_update`` to allow simulating corner cases (like large
anti-replay windows sizes with ESN enabled etc). Did I capture the intended use
case correctly?
If it is to set max sequence number to be handled by the session, then I guess,
this is getting addressed as part of SA lifetime spec proposal.
Can you confirm what is the intended use case?
Thanks,
Anoob
> -----Original Message-----
> From: Nicolau, Radu <radu.nico...@intel.com>
> Sent: Monday, September 6, 2021 4:51 PM
> To: Akhil Goyal <gak...@marvell.com>; Declan Doherty
> <declan.dohe...@intel.com>
> Cc: dev@dpdk.org; m...@ashroe.eu; konstantin.anan...@intel.com;
> vladimir.medved...@intel.com; bruce.richard...@intel.com;
> roy.fan.zh...@intel.com; hemant.agra...@nxp.com; Anoob Joseph
> <ano...@marvell.com>; abhijit.si...@intel.com;
> daniel.m.buck...@intel.com; Archana Muniganti <march...@marvell.com>;
> Tejasree Kondoj <ktejas...@marvell.com>; ma...@nvidia.com
> Subject: Re: [EXT] [PATCH v4 03/10] security: add ESN field to ipsec_xform
>
>
> On 9/5/2021 3:47 PM, Akhil Goyal wrote:
> > Hi Radu,
> >
> >> ---------------------------------------------------------------------
> >> - Update ipsec_xform definition to include ESN field.
> >>
> >> Signed-off-by: Declan Doherty <declan.dohe...@intel.com>
> >> Signed-off-by: Radu Nicolau <radu.nico...@intel.com>
> >> Signed-off-by: Abhijit Sinha <abhijit.si...@intel.com>
> >> Signed-off-by: Daniel Martin Buckley <daniel.m.buck...@intel.com>
> >> ---
> >> lib/security/rte_security.h | 8 ++++++++
> >> 1 file changed, 8 insertions(+)
> >>
> >> diff --git a/lib/security/rte_security.h
> >> b/lib/security/rte_security.h index 03572b10ab..702de58b48 100644
> >> --- a/lib/security/rte_security.h
> >> +++ b/lib/security/rte_security.h
> >> @@ -240,6 +240,14 @@ struct rte_security_ipsec_xform {
> >> */
> >> uint32_t mss;
> >> /**< IPsec payload Maximum Segment Size */
> >> + union {
> >> + uint64_t value;
> >> + struct {
> >> + uint32_t low;
> >> + uint32_t hi;
> >> + };
> >> + } esn;
> >> + /**< Extended Sequence Number */
> >> };
> > Can we use the following change for monitoring ESN?
> > https://urldefense.proofpoint.com/v2/url?u=http-
> 3A__patches.dpdk.org_p
> > roject_dpdk_patch_1629207767-2D262-2D2-2Dgit-2Dsend-2Demail-
> 2Danoobj-4
> >
> 0marvell.com_&d=DwICaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8rwwviRS
> xyLWs2n6
> > B-
> WYLn1v9SyTMrT5EQqh2TU&m=u4ceKpeCwgpmKFhuny3rjUzauRZVfhlNdxm
> Cy95gHMs&
> > s=OshWh8UBWrxO0abYCUCBhRZBzj423rwddyfzB9Q9rT0&e=
> >
> > I believe ESN is not required to be set as SA parameter, it is
> > normally maintained by the PMD and application should be notified if a limit
> is reached.
> >
> > Regards,
> > Akhil
>
> Hi Akhil, I suppose they can be complementary, with this one being a hard
> ESN limit that the user can enforce by setting the initial ESN value - but
> there
> is no requirement to do so. Also, this change doesn't need explicit support
> added in the PMDs.
>
