[v2,1/3] security: add option to configure UDP ports verification
Checks
Commit Message
Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.
Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
doc/guides/rel_notes/release_21_11.rst | 4 ++++
lib/security/rte_security.h | 7 +++++++
2 files changed, 11 insertions(+)
@@ -185,6 +185,10 @@ ABI Changes
``rte_security_ipsec_sa_options`` to indicate whether outer header
verification need to be done as part of inbound IPsec processing.
+* security: A new option ``udp_ports_verify`` was added in structure
+ ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+ verification need to be done as part of inbound IPsec processing.
+
* security: A new structure ``rte_security_ipsec_lifetime`` was added to
replace ``esn_soft_limit`` in IPsec configuration structure
``rte_security_ipsec_xform`` to allow applications to configure SA soft
@@ -223,6 +223,13 @@ struct rte_security_ipsec_sa_options {
* source and destination IP addresses.
*/
uint32_t tunnel_hdr_verify : 2;
+
+ /** Verify UDP encapsulation ports in inbound
+ *
+ * * 1: Match UDP source and destination ports
+ * * 0: Do not match UDP ports
+ */
+ uint32_t udp_ports_verify : 1;
};
/** IPSec security association direction */