[dpdk-dev] [PATCH v2 1/3] security: add option to configure UDP ports verification
From: Tejasree Kondoj <hidden>
Date: 2021-09-29 02:31:52
Subsystem:
library code, the rest · Maintainers:
Andrew Morton, Linus Torvalds
Add option to indicate whether UDP encapsulation ports verification need to be done as part of inbound IPsec processing. Signed-off-by: Tejasree Kondoj <redacted> Acked-by: Hemant Agrawal <redacted> Acked-by: Akhil Goyal <redacted> --- doc/guides/rel_notes/release_21_11.rst | 4 ++++ lib/security/rte_security.h | 7 +++++++ 2 files changed, 11 insertions(+)
diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index f85dc99c8b..8da851cccc 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst@@ -185,6 +185,10 @@ ABI Changes ``rte_security_ipsec_sa_options`` to indicate whether outer header verification need to be done as part of inbound IPsec processing. +* security: A new option ``udp_ports_verify`` was added in structure + ``rte_security_ipsec_sa_options`` to indicate whether UDP ports + verification need to be done as part of inbound IPsec processing. + * security: A new structure ``rte_security_ipsec_lifetime`` was added to replace ``esn_soft_limit`` in IPsec configuration structure ``rte_security_ipsec_xform`` to allow applications to configure SA soft
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index a10c9b5f00..ab1a6e1f65 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h@@ -223,6 +223,13 @@ struct rte_security_ipsec_sa_options { * source and destination IP addresses. */ uint32_t tunnel_hdr_verify : 2; + + /** Verify UDP encapsulation ports in inbound + * + * * 1: Match UDP source and destination ports + * * 0: Do not match UDP ports + */ + uint32_t udp_ports_verify : 1; }; /** IPSec security association direction */
--
2.27.0