From patchwork Wed Sep 29 03:25:12 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tejasree Kondoj <ktejasree@marvell.com>
X-Patchwork-Id: 99953
X-Patchwork-Delegate: gakhil@marvell.com
Return-Path: <dev-bounces@dpdk.org>
X-Original-To: patchwork@inbox.dpdk.org
Delivered-To: patchwork@inbox.dpdk.org
Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124])
	by inbox.dpdk.org (Postfix) with ESMTP id 5DB82A0547;
	Wed, 29 Sep 2021 04:31:51 +0200 (CEST)
Received: from [217.70.189.124] (localhost [127.0.0.1])
	by mails.dpdk.org (Postfix) with ESMTP id 4F11F410F4;
	Wed, 29 Sep 2021 04:31:48 +0200 (CEST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com
 [67.231.156.173])
 by mails.dpdk.org (Postfix) with ESMTP id C32084068F
 for <dev@dpdk.org>; Wed, 29 Sep 2021 04:31:46 +0200 (CEST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1])
 by mx0b-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id
 18T2SeOx017570;
 Tue, 28 Sep 2021 19:31:46 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.com;
 h=from : to : cc :
 subject : date : message-id : in-reply-to : references : mime-version :
 content-transfer-encoding : content-type; s=pfpt0220;
 bh=ZMwO6mt+1J3lGTiYLnWkLgGV/4iqLIKiWeOY+jGiCLg=;
 b=QVcRxtL1VGcE99K/SfD4pLtzcBAkWuDcaJcCIvb1w6MlvihgRgXcYcdkeGV5eXaGG95H
 jL4gyUE46D7F1Cbb/HvuPlWXFztoAKmA+ITAk3RH7cCQVYOCBy4qDlP2EeudpKSgHfMl
 Ayvi2/N8oZvnx9vDB7sd6SLVVH4U8oC6wbUA5xkJJ7h0dCx2vi7gHrMna58x+XeNLmZc
 XygqCoulQW9TV+kqNJBWhPeVfyHvNyaLdRLKGLxQ5D6EXP1wnCddcAsHvYYMPJ7qhSH0
 UdrL7cQWbbd3VabPFvD1pv5Dshxm31XIat/9nIKlUXC72XLdNH+s6TwO5Y6zT1UV91RJ 5A==
Received: from dc5-exch02.marvell.com ([199.233.59.182])
 by mx0b-0016f401.pphosted.com with ESMTP id 3bcfd480am-1
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT);
 Tue, 28 Sep 2021 19:31:46 -0700
Received: from DC5-EXCH02.marvell.com (10.69.176.39) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server (TLS) id 15.0.1497.18;
 Tue, 28 Sep 2021 19:31:44 -0700
Received: from maili.marvell.com (10.69.176.80) by DC5-EXCH02.marvell.com
 (10.69.176.39) with Microsoft SMTP Server id 15.0.1497.18 via Frontend
 Transport; Tue, 28 Sep 2021 19:31:44 -0700
Received: from hyd1554T5810.caveonetworks.com.com (unknown [10.29.57.11])
 by maili.marvell.com (Postfix) with ESMTP id 479263F7099;
 Tue, 28 Sep 2021 19:31:40 -0700 (PDT)
From: Tejasree Kondoj <ktejasree@marvell.com>
To: Akhil Goyal <gakhil@marvell.com>, Radu Nicolau <radu.nicolau@intel.com>,
 Declan Doherty <declan.doherty@intel.com>
CC: Tejasree Kondoj <ktejasree@marvell.com>,
 Anoob Joseph <anoobj@marvell.com>,
 Ankur Dwivedi <adwivedi@marvell.com>, Jerin Jacob <jerinj@marvell.com>,
 Konstantin Ananyev <konstantin.ananyev@intel.com>,
 Ciara Power <ciara.power@intel.com>,
 Hemant Agrawal <hemant.agrawal@nxp.com>,
 Gagandeep Singh <g.singh@nxp.com>, Fan Zhang <roy.fan.zhang@intel.com>,
 Archana Muniganti <marchana@marvell.com>, <dev@dpdk.org>
Date: Wed, 29 Sep 2021 08:55:12 +0530
Message-ID: <20210929032514.9416-2-ktejasree@marvell.com>
X-Mailer: git-send-email 2.27.0
In-Reply-To: <20210929032514.9416-1-ktejasree@marvell.com>
References: <20210929032514.9416-1-ktejasree@marvell.com>
MIME-Version: 1.0
X-Proofpoint-GUID: Mc1zkU45554WT59ue7hX4UbbEUxFKFuk
X-Proofpoint-ORIG-GUID: Mc1zkU45554WT59ue7hX4UbbEUxFKFuk
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475
 definitions=2021-09-28_11,2021-09-28_01,2020-04-07_01
Subject: [dpdk-dev] [PATCH v2 1/3] security: add option to configure UDP
 ports verification
X-BeenThere: dev@dpdk.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: DPDK patches and discussions <dev.dpdk.org>
List-Unsubscribe: <https://mails.dpdk.org/options/dev>,
 <mailto:dev-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://mails.dpdk.org/archives/dev/>
List-Post: <mailto:dev@dpdk.org>
List-Help: <mailto:dev-request@dpdk.org?subject=help>
List-Subscribe: <https://mails.dpdk.org/listinfo/dev>,
 <mailto:dev-request@dpdk.org?subject=subscribe>
Errors-To: dev-bounces@dpdk.org
Sender: "dev" <dev-bounces@dpdk.org>

Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>
---
 doc/guides/rel_notes/release_21_11.rst | 4 ++++
 lib/security/rte_security.h            | 7 +++++++
 2 files changed, 11 insertions(+)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index f85dc99c8b..8da851cccc 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -185,6 +185,10 @@ ABI Changes
   ``rte_security_ipsec_sa_options`` to indicate whether outer header
   verification need to be done as part of inbound IPsec processing.
 
+* security: A new option ``udp_ports_verify`` was added in structure
+  ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+  verification need to be done as part of inbound IPsec processing.
+
 * security: A new structure ``rte_security_ipsec_lifetime`` was added to
   replace ``esn_soft_limit`` in IPsec configuration structure
   ``rte_security_ipsec_xform`` to allow applications to configure SA soft
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index a10c9b5f00..ab1a6e1f65 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -223,6 +223,13 @@ struct rte_security_ipsec_sa_options {
 	 *   source and destination IP addresses.
 	 */
 	uint32_t tunnel_hdr_verify : 2;
+
+	/** Verify UDP encapsulation ports in inbound
+	 *
+	 * * 1: Match UDP source and destination ports
+	 * * 0: Do not match UDP ports
+	 */
+	uint32_t udp_ports_verify : 1;
 };
 
 /** IPSec security association direction */