[dpdk-dev] [PATCH 1/3] security: add option to configure UDP ports verification

[Akhil Goyal]

> Add option to indicate whether UDP encapsulation ports
> verification need to be done as part of inbound
> IPsec processing.
> 
> Signed-off-by: Tejasree Kondoj <ktejasree at marvell.com>
> ---
>  doc/guides/rel_notes/release_21_11.rst | 5 +++++
>  lib/security/rte_security.h            | 7 +++++++
>  2 files changed, 12 insertions(+)
> 
> diff --git a/doc/guides/rel_notes/release_21_11.rst
> b/doc/guides/rel_notes/release_21_11.rst
> index b0606cb542..afeba0105b 100644
> --- a/doc/guides/rel_notes/release_21_11.rst
> +++ b/doc/guides/rel_notes/release_21_11.rst
> @@ -141,6 +141,11 @@ ABI Changes
>    * Added SA option to indicate whether outer header verification need to be
>      done as part of inbound IPsec processing.
> 
> +* security: add IPsec SA option to configure UDP ports verification
> +
> +  * Added SA option to indicate whether UDP ports verification need to be
> +    done as part of inbound IPsec processing.
> +
Reword as 
+* security: A new option ``udp_ports_verify`` is added in structure
+  ``rte_security_ipsec_sa_options`` to indicate whether UDP ports
+  verification need to be done as part of inbound IPsec processing.
+

> 
>  Known Issues
>  ------------
> diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
> index 2a61cad885..18b0f02c44 100644
> --- a/lib/security/rte_security.h
> +++ b/lib/security/rte_security.h
> @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options {
>  	 */
>  	uint32_t udp_encap : 1;
> 
> +	/** Verify UDP encapsulation ports in inbound
> +	 *
> +	 * * 1: Match UDP source and destination ports
> +	 * * 0: Do not match UDP ports
> +	 */
> +	uint32_t udp_ports_verify : 1;
> +
>  	/** Copy DSCP bits
>  	 *
>  	 * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to

All new options should be added in the end of this structure for backward compatibility.