[dpdk-dev] [PATCH] security: allow application to specify UDP ports to PMD

[Tejasree Kondoj]

Please see inline.

Thanks
Tejasree

> -----Original Message-----
> From: Akhil Goyal <akhil.goyal at nxp.com>
> Sent: Monday, September 21, 2020 3:01 PM
> To: Tejasree Kondoj <ktejasree at marvell.com>; Radu Nicolau
> <radu.nicolau at intel.com>
> Cc: Narayana Prasad Raju Athreya <pathreya at marvell.com>; Anoob Joseph
> <anoobj at marvell.com>; dev at dpdk.org
> Subject: [EXT] RE: [PATCH] security: allow application to specify UDP ports to
> PMD
> 
> External Email
> 
> ----------------------------------------------------------------------
> Hi Tejasree,
> 
> > > > Add UDP source and destination ports in ipsec_xform to allow
> > > > application to specify ports to be used for IPsec UDP
> > > > encapsulation as they are dynamically changed by NAT in between.
> > > > Also adding an extra flag to indicate whether PMD needs to perform
> > > > encapsulation header verification in case of inbound. In case of
> > > > inline IPsec implementation, verification of outer IP headers and
> > > > UDP encapsulation headers need to be handled in the PMD. For
> > > > lookaside IPsec, application can optionally offload this to the PMD.
> > > >
> > > > Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
> > > > ---
> > >
> > > I think we should add some usage of these newly added params
> > > - either in app/test or in examples/ipsec-secgw
> >
> > [Tejasree] You mean adding test case in either of the above apps or
> > addition of PMD implementation also? Also is the proposal sounds fine?
> >
> I would say both, so that the newly added parameters are tested.
> I am ok with the proposal with a minor comment,
> 
> We can have udp_src_port and udp_dst_port directly into
> rte_security_ipsec_xform Instead of adding a new struct
> rte_security_ipsec_udp_encapsulation.
 
[Tejasree] Okay. We'll defer the patch for now.
Will add usage of the params and address the comment later.

> 
> Regards,
> Akhil