[1/3] security: add option to configure UDP ports verification
Checks
Commit Message
Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
doc/guides/rel_notes/release_21_11.rst | 5 +++++
lib/security/rte_security.h | 7 +++++++
2 files changed, 12 insertions(+)
Comments
On 9/8/2021 1:55 PM, Tejasree Kondoj wrote:
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
> ---
> doc/guides/rel_notes/release_21_11.rst | 5 +++++
> lib/security/rte_security.h | 7 +++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
> * Added SA option to indicate whether outer header verification need to be
> done as part of inbound IPsec processing.
>
> +* security: add IPsec SA option to configure UDP ports verification
> +
> + * Added SA option to indicate whether UDP ports verification need to be
> + done as part of inbound IPsec processing.
> +
>
> Known Issues
> ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
> */
> uint32_t udp_encap : 1;
>
> + /** Verify UDP encapsulation ports in inbound
> + *
> + * * 1: Match UDP source and destination ports
> + * * 0: Do not match UDP ports
> + */
> + uint32_t udp_ports_verify : 1;
> +
> /** Copy DSCP bits
> *
> * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
Acked-by: Akhil Goyal <gakhil@marvell.com>
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
> doc/guides/rel_notes/release_21_11.rst | 5 +++++
> lib/security/rte_security.h | 7 +++++++
> 2 files changed, 12 insertions(+)
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst
> b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
> * Added SA option to indicate whether outer header verification need to be
> done as part of inbound IPsec processing.
>
> +* security: add IPsec SA option to configure UDP ports verification
> +
> + * Added SA option to indicate whether UDP ports verification need to be
> + done as part of inbound IPsec processing.
> +
Reword as
+* security: A new option ``udp_ports_verify`` is added in structure
+ ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+ verification need to be done as part of inbound IPsec processing.
+
>
> Known Issues
> ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
> */
> uint32_t udp_encap : 1;
>
> + /** Verify UDP encapsulation ports in inbound
> + *
> + * * 1: Match UDP source and destination ports
> + * * 0: Do not match UDP ports
> + */
> + uint32_t udp_ports_verify : 1;
> +
> /** Copy DSCP bits
> *
> * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
All new options should be added in the end of this structure for backward compatibility.
@@ -141,6 +141,11 @@ ABI Changes
* Added SA option to indicate whether outer header verification need to be
done as part of inbound IPsec processing.
+* security: add IPsec SA option to configure UDP ports verification
+
+ * Added SA option to indicate whether UDP ports verification need to be
+ done as part of inbound IPsec processing.
+
Known Issues
------------
@@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
*/
uint32_t udp_encap : 1;
+ /** Verify UDP encapsulation ports in inbound
+ *
+ * * 1: Match UDP source and destination ports
+ * * 0: Do not match UDP ports
+ */
+ uint32_t udp_ports_verify : 1;
+
/** Copy DSCP bits
*
* * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to