build: remove individual library versions

[dpdk.git] / lib / librte_security / rte_security.h

diff --git a/lib/librte_security/rte_security.h b/lib/librte_security/rte_security.h
index 2d064f4..546779d 100644 (file)
--- a/lib/librte_security/rte_security.h
+++ b/lib/librte_security/rte_security.h
@@ -1,5 +1,5 @@
 /* SPDX-License-Identifier: BSD-3-Clause
- * Copyright 2017 NXP.
+ * Copyright 2017,2019 NXP
  * Copyright(c) 2017 Intel Corporation.
  */
 
@@ -212,6 +212,10 @@ struct rte_security_ipsec_xform {
        /**< Tunnel parameters, NULL for transport mode */
        uint64_t esn_soft_limit;
        /**< ESN for which the overflow event need to be raised */
+       uint32_t replay_win_sz;
+       /**< Anti replay window size to enable sequence replay attack handling.
+        * replay checking is disabled if the window size is 0.
+        */
 };
 
 /**
@@ -278,6 +282,15 @@ struct rte_security_pdcp_xform {
        uint32_t hfn;
        /** HFN Threshold for key renegotiation */
        uint32_t hfn_threshold;
+       /** HFN can be given as a per packet value also.
+        * As we do not have IV in case of PDCP, and HFN is
+        * used to generate IV. IV field can be used to get the
+        * per packet HFN while enq/deq.
+        * If hfn_ovrd field is set, user is expected to set the
+        * per packet HFN in place of IV. PMDs will extract the HFN
+        * and perform operations accordingly.
+        */
+       uint32_t hfn_ovrd;
 };
 
 /**
@@ -554,6 +567,10 @@ struct rte_security_capability {
                        /**< IPsec SA direction */
                        struct rte_security_ipsec_sa_options options;
                        /**< IPsec SA supported options */
+                       uint32_t replay_win_sz_max;
+                       /**< IPsec Anti Replay Window Size. A '0' value
+                        * indicates that Anti Replay is not supported.
+                        */
                } ipsec;
                /**< IPsec capability */
                struct {