Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.
Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com>
---
doc/guides/rel_notes/release_21_11.rst | 5 +++++
lib/security/rte_security.h | 7 +++++++
2 files changed, 12 insertions(+)
diff --git a/doc/guides/rel_notes/release_21_11.rst
b/doc/guides/rel_notes/release_21_11.rst
index b0606cb542..afeba0105b 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -141,6 +141,11 @@ ABI Changes
* Added SA option to indicate whether outer header verification need to be
done as part of inbound IPsec processing.
+* security: add IPsec SA option to configure UDP ports verification
+
+ * Added SA option to indicate whether UDP ports verification need to be
+ done as part of inbound IPsec processing.
+
Known Issues
------------
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2a61cad885..18b0f02c44 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
*/
uint32_t udp_encap : 1;
+ /** Verify UDP encapsulation ports in inbound
+ *
+ * * 1: Match UDP source and destination ports
+ * * 0: Do not match UDP ports
+ */
+ uint32_t udp_ports_verify : 1;
+
/** Copy DSCP bits
*
* * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
--
2.27.0
