diff mbox series

[1/3] security: add option to configure UDP ports verification

Message ID 20210908082531.27477-2-ktejasree@marvell.com (mailing list archive)
State Changes Requested
Delegated to: akhil goyal
Headers show
Series add option to configure UDP ports verification | expand

Checks

Context Check Description
ci/iol-testing warning apply patch failure
ci/checkpatch warning coding style issues

Commit Message

Tejasree Kondoj Sept. 8, 2021, 8:25 a.m. UTC
Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
---
 doc/guides/rel_notes/release_21_11.rst | 5 +++++
 lib/security/rte_security.h            | 7 +++++++
 2 files changed, 12 insertions(+)

Comments

Hemant Agrawal Sept. 8, 2021, 7:42 a.m. UTC | #1
On 9/8/2021 1:55 PM, Tejasree Kondoj wrote:
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
>
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>

Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>


> ---
>   doc/guides/rel_notes/release_21_11.rst | 5 +++++
>   lib/security/rte_security.h            | 7 +++++++
>   2 files changed, 12 insertions(+)
>
> diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
>     * Added SA option to indicate whether outer header verification need to be
>       done as part of inbound IPsec processing.
>   
> +* security: add IPsec SA option to configure UDP ports verification
> +
> +  * Added SA option to indicate whether UDP ports verification need to be
> +    done as part of inbound IPsec processing.
> +
>   
>   Known Issues
>   ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
>   	 */
>   	uint32_t udp_encap : 1;
>   
> +	/** Verify UDP encapsulation ports in inbound
> +	 *
> +	 * * 1: Match UDP source and destination ports
> +	 * * 0: Do not match UDP ports
> +	 */
> +	uint32_t udp_ports_verify : 1;
> +
>   	/** Copy DSCP bits
>   	 *
>   	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
Akhil Goyal Sept. 8, 2021, 10:45 a.m. UTC | #2
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
Acked-by: Akhil Goyal <gakhil@marvell.com>
Akhil Goyal Sept. 28, 2021, 4:11 p.m. UTC | #3
> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
> ---
>  doc/guides/rel_notes/release_21_11.rst | 5 +++++
>  lib/security/rte_security.h            | 7 +++++++
>  2 files changed, 12 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_21_11.rst
> b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
>    * Added SA option to indicate whether outer header verification need to be
>      done as part of inbound IPsec processing.
> 
> +* security: add IPsec SA option to configure UDP ports verification
> +
> +  * Added SA option to indicate whether UDP ports verification need to be
> +    done as part of inbound IPsec processing.
> +
Reword as 
+* security: A new option ``udp_ports_verify`` is added in structure
+  ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+  verification need to be done as part of inbound IPsec processing.
+

> 
>  Known Issues
>  ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
>  	 */
>  	uint32_t udp_encap : 1;
> 
> +	/** Verify UDP encapsulation ports in inbound
> +	 *
> +	 * * 1: Match UDP source and destination ports
> +	 * * 0: Do not match UDP ports
> +	 */
> +	uint32_t udp_ports_verify : 1;
> +
>  	/** Copy DSCP bits
>  	 *
>  	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to

All new options should be added in the end of this structure for backward compatibility.
diff mbox series

Patch

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index b0606cb542..afeba0105b 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -141,6 +141,11 @@  ABI Changes
   * Added SA option to indicate whether outer header verification need to be
     done as part of inbound IPsec processing.
 
+* security: add IPsec SA option to configure UDP ports verification
+
+  * Added SA option to indicate whether UDP ports verification need to be
+    done as part of inbound IPsec processing.
+
 
 Known Issues
 ------------
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2a61cad885..18b0f02c44 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -139,6 +139,13 @@  struct rte_security_ipsec_sa_options {
 	 */
 	uint32_t udp_encap : 1;
 
+	/** Verify UDP encapsulation ports in inbound
+	 *
+	 * * 1: Match UDP source and destination ports
+	 * * 0: Do not match UDP ports
+	 */
+	uint32_t udp_ports_verify : 1;
+
 	/** Copy DSCP bits
 	 *
 	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to