Please see inline. Thanks Tejasree
> -----Original Message----- > From: Akhil Goyal <akhil.go...@nxp.com> > Sent: Monday, September 21, 2020 3:01 PM > To: Tejasree Kondoj <ktejas...@marvell.com>; Radu Nicolau > <radu.nico...@intel.com> > Cc: Narayana Prasad Raju Athreya <pathr...@marvell.com>; Anoob Joseph > <ano...@marvell.com>; dev@dpdk.org > Subject: [EXT] RE: [PATCH] security: allow application to specify UDP ports to > PMD > > External Email > > ---------------------------------------------------------------------- > Hi Tejasree, > > > > > Add UDP source and destination ports in ipsec_xform to allow > > > > application to specify ports to be used for IPsec UDP > > > > encapsulation as they are dynamically changed by NAT in between. > > > > Also adding an extra flag to indicate whether PMD needs to perform > > > > encapsulation header verification in case of inbound. In case of > > > > inline IPsec implementation, verification of outer IP headers and > > > > UDP encapsulation headers need to be handled in the PMD. For > > > > lookaside IPsec, application can optionally offload this to the PMD. > > > > > > > > Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com> > > > > --- > > > > > > I think we should add some usage of these newly added params > > > - either in app/test or in examples/ipsec-secgw > > > > [Tejasree] You mean adding test case in either of the above apps or > > addition of PMD implementation also? Also is the proposal sounds fine? > > > I would say both, so that the newly added parameters are tested. > I am ok with the proposal with a minor comment, > > We can have udp_src_port and udp_dst_port directly into > rte_security_ipsec_xform Instead of adding a new struct > rte_security_ipsec_udp_encapsulation. [Tejasree] Okay. We'll defer the patch for now. Will add usage of the params and address the comment later. > > Regards, > Akhil
