> -----Original Message----- > From: Anoob Joseph [mailto:[email protected]] > Sent: Friday, January 26, 2018 2:38 PM > To: Nicolau, Radu <[email protected]>; Akhil Goyal > <[email protected]> > Cc: [email protected]; Doherty, Declan > <[email protected]>; Gonzalez Monroy, Sergio > <[email protected]>; Jerin Jacob > <[email protected]>; Narayana Prasad > <[email protected]>; Nelio Laranjeiro > <[email protected]>; [email protected] > Subject: Re: [RFC 0/3] set protocol specific metadata using set_pkt_metadata > API > > Hi Radu, > > On 01/26/2018 04:52 PM, Nicolau, Radu wrote: > > > >> -----Original Message----- > >> From: Anoob Joseph [mailto:[email protected]] > >> Sent: Thursday, January 25, 2018 5:13 PM > >> To: Akhil Goyal <[email protected]>; Nicolau, Radu > >> <[email protected]> > >> Cc: Doherty, Declan <[email protected]>; Gonzalez Monroy, > >> Sergio <[email protected]>; > >> [email protected]; Jerin Jacob > >> <[email protected]>; Narayana Prasad > >> <[email protected]>; Nelio Laranjeiro > >> <[email protected]>; [email protected] > >> Subject: Re: [RFC 0/3] set protocol specific metadata using > >> set_pkt_metadata API > >> > >> Hi Akhil, Radu, > >> > >> Could you review the patch and share your thoughts on the proposed > >> change? > >> > > Hi, > > > > I've had a quick look. From what I can see you can do everything you do in > this patch with the current API. For example you can store an internal struct > pointer in the private section of the security context and you can increment > the ESP SN with every tx or set metadata call. > With the current API, PMD could store the ESN with the security session, but > there is no means for the application to read this. Application should be > aware of the sequence number used per packet. This is required to monitor > sequence number overflow.In the proposal, the sequence number field is > IN-OUT. So application could either dictate the sequence number, or read > the value from the PMD. > > Thanks, > Anoob
My concern is that we are adding too much and too specific to the security API. Overflow situation can be monitored with a tx callback event or a crypto callback event, depending on the device type.
