> Add option to indicate whether outer header verification > need to be done as part of inbound IPsec processing. > > With inline IPsec processing, SA lookup would be happening > in the Rx path of rte_ethdev. When rte_flow is configured to > support more than one SA, SPI would be used to lookup SA. > In such cases, additional verification would be required to > ensure duplicate SPIs are not getting processed in the inline path. > > For lookaside cases, the same option can be used by application > to offload tunnel verification to the PMD. > > These verifications would help in averting possible DoS attacks. > > Signed-off-by: Tejasree Kondoj <ktejas...@marvell.com> > Acked-by: Akhil Goyal <gak...@marvell.com> > --- Added Hemant's Ack from v1.
Applied to dpdk-next-crypto Release notes reworked.
