[dpdk-dev] [PATCH 1/3] security: add option to configure UDP ports verification

[Tejasree Kondoj]

Add option to indicate whether UDP encapsulation ports
verification need to be done as part of inbound
IPsec processing.

Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
---
 doc/guides/rel_notes/release_21_11.rst | 5 +++++
 lib/security/rte_security.h            | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/doc/guides/rel_notes/release_21_11.rst b/doc/guides/rel_notes/release_21_11.rst
index b0606cb542..afeba0105b 100644
--- a/doc/guides/rel_notes/release_21_11.rst
+++ b/doc/guides/rel_notes/release_21_11.rst
@@ -141,6 +141,11 @@ ABI Changes
   * Added SA option to indicate whether outer header verification need to be
     done as part of inbound IPsec processing.
 
+* security: add IPsec SA option to configure UDP ports verification
+
+  * Added SA option to indicate whether UDP ports verification need to be
+    done as part of inbound IPsec processing.
+
 
 Known Issues
 ------------
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 2a61cad885..18b0f02c44 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
 	 */
 	uint32_t udp_encap : 1;
 
+	/** Verify UDP encapsulation ports in inbound
+	 *
+	 * * 1: Match UDP source and destination ports
+	 * * 0: Do not match UDP ports
+	 */
+	uint32_t udp_ports_verify : 1;
+
 	/** Copy DSCP bits
 	 *
 	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to
-- 
2.27.0