From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id 18549A0C41; Tue, 28 Sep 2021 18:11:30 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 9C752410D7; Tue, 28 Sep 2021 18:11:29 +0200 (CEST) Received: from mx0b-0016f401.pphosted.com (mx0a-0016f401.pphosted.com [67.231.148.174]) by mails.dpdk.org (Postfix) with ESMTP id AB41D40E3C for ; Tue, 28 Sep 2021 18:11:27 +0200 (CEST) Received: from pps.filterd (m0045849.ppops.net [127.0.0.1]) by mx0a-0016f401.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 18SAIJld020814; Tue, 28 Sep 2021 09:11:26 -0700 Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2169.outbound.protection.outlook.com [104.47.59.169]) by mx0a-0016f401.pphosted.com with ESMTP id 3bc1621hn5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 28 Sep 2021 09:11:26 -0700 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=S8enCEuKA8ZfqjLaMgenpArEFbVjtnIDu4O9X0tOHy3O80BtUHaCM6XG6MXSOm1IXoTHViKikYMipxoL75+ih5DU6/7CL95GUZbyqs13udRTAYtTxPaIidj160Fexmn4UW6HL/MJbUjubAHCwgitNltsFGd6wLk/+T01Cgx2StRy99B6a052ZUgBFpsPw9NtHo5KS0EKginUphB1XFfkNmhlZ6Wlcgjo6Isv7ryrP0QAiwch1oXcDPK1NXpnJ+nonYqUFMJBd0BmSOBiBTqgYeBsk0Kh/fO3grbukY+MzT7hvqJxTD/h49Un2n9J0uTFiM4bSbgJwy1uEkqGpuKnow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=fUSd4upj9skpVXOi61OWKYugJ3NtSC5UYi23HeJShO8=; b=RK2ApcIX78TNHInRtywdvzi3ImnqNOfFhtQmUCGwa4upQf+Kps7UualFkPrJOJKE9f3GscT9wEmYKXAkxr8DOnsQVYv+VuXr2+UTRN/HYG7WK9rMIRCb7xHn83PYGL8HpZp8GrD3rVv7+BKZUmcVIHNJmr7/4ISsG+BO9jfzvZ8s4hIAyLyco7w4weOfYm8H/Yl+1piFPttQ6gnvaIK0P+7QtsV7Dp3k4vXdxzg7JvlCpyOYumED8/fS2Fd/eR2I//V4BopsBWR3CmocvgWenmUFRojb1BsHIs5duP6kNcyOyOA1+Nv42TueFDwXhEsG8WsUUQmMP+qBTx4ME7Bx5A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=marvell.com; dmarc=pass action=none header.from=marvell.com; dkim=pass header.d=marvell.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=marvell.onmicrosoft.com; s=selector1-marvell-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=fUSd4upj9skpVXOi61OWKYugJ3NtSC5UYi23HeJShO8=; b=Cu7G46UCjwo4QRDPAzRu6wELT3Wxhu+C5oN36iy/d/9JqhqE/Kg6CAj2pj0xu3g1QcbSp7cW0ZSkptTJ2DHAQ9a7Phc1wat8Ov6MobhcmuQPKYRFGjg+dJjocrIdwwZPjG2V7FSZo3I9fJXeQ/Xa03uKUeznT4i1kvR0ShwQT+E= Received: from CO6PR18MB4484.namprd18.prod.outlook.com (2603:10b6:5:359::9) by CO1PR18MB4713.namprd18.prod.outlook.com (2603:10b6:303:e8::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4544.14; Tue, 28 Sep 2021 16:11:19 +0000 Received: from CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::6c43:3807:160:5a94]) by CO6PR18MB4484.namprd18.prod.outlook.com ([fe80::6c43:3807:160:5a94%3]) with mapi id 15.20.4544.022; Tue, 28 Sep 2021 16:11:19 +0000 From: Akhil Goyal To: Tejasree Kondoj , Radu Nicolau , Declan Doherty CC: Tejasree Kondoj , Anoob Joseph , Ankur Dwivedi , Jerin Jacob Kollanukkaran , Konstantin Ananyev , Ciara Power , Hemant Agrawal , Gagandeep Singh , Fan Zhang , Archana Muniganti , "dev@dpdk.org" Thread-Topic: [PATCH 1/3] security: add option to configure UDP ports verification Thread-Index: AQHXpIOTA0NS3IQfFkeTvfu8sj/NM6u5vWoA Date: Tue, 28 Sep 2021 16:11:19 +0000 Message-ID: References: <20210908082531.27477-1-ktejasree@marvell.com> <20210908082531.27477-2-ktejasree@marvell.com> In-Reply-To: <20210908082531.27477-2-ktejasree@marvell.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4081b4de-4b81-4ed9-3908-08d9829a9ba1 x-ms-traffictypediagnostic: CO1PR18MB4713: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6790; x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: iDwG2aQNMvk9KdRiA8ckkAb15G4WveEnCN998+DAVuivcvCc9jvDv7S/INWmzjN8vc7rh+q2Z7ZKzEKT99kk8lF5HMZB/pGMKCprlp97f4fcTRCWFFKuDsVFLYvvoLCVYZF/m8IAs0WLs2cfPCUYqRntPJ+fsj9oce3Pir0pqaeIziD9eUxiUvnDF3ImYUxk3la50APucCBNnUwRgwV4Aq7zYUczZXi2YFgrTnCHd2OpHZ67aWYj/f71j2ded/W8Jy3rgYBT6Hy5GNYoqzv3w6sRNluKm/xiPjWzeQjaREYcwoagQc8UjiGvPfXdOr/ED/+EfPAJiOGuF358foSuf9SKMBFv1rUzVA7w+Ugxc+VI2i4JihUnMrBv6xNg6CvXaCqwPUBi4kzzndpQ+TslXDtOZzl3rdL6jKtYr8y91WidLe7/vfKI/uoMeeaouyJmTvL4R63rZnQXyyfshIUDithdSxuvg//xBrlGly/DdY2RMtN9YFflimNhSAO8KvxomSO0qqGMpKxlLAZCBUxsXts9JGQ5RfauGzQ/vYY9fPLmmuwNjvigaOLt0U4sbRSxSos55jo4/Qz1QXh4MrZcJhdx41v/wxb4v2WhDw+HjyMRvE85wOyaTpVduIVKBTSPZaGUgbPw8rmoMTw6UqMm0xtPQjNWmHDns/UXfZrW84Sf5HSA9hNMfQgCYvqujSvPQ+Zx4ZonFGyyyDSMqEUnzA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CO6PR18MB4484.namprd18.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(110136005)(4326008)(66946007)(66476007)(38100700002)(5660300002)(66556008)(8936002)(38070700005)(86362001)(9686003)(2906002)(52536014)(76116006)(15650500001)(122000001)(8676002)(55016002)(64756008)(54906003)(66446008)(6506007)(508600001)(55236004)(83380400001)(7696005)(71200400001)(316002)(26005)(186003)(33656002); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?QV5cMqRScAPTL+b6dV4NsQcqjroKtbigHCaLZo3qzkXKg8nHFW9eG7/ODbUo?= =?us-ascii?Q?GvNnD/fvtZ2Yi4dHZuNLiKB+zldqy5s7/G13LW6nLYiAi0fEu6t4gsBgyQpo?= =?us-ascii?Q?hQryYCwC+5LXcbyEVp7IDL8678hqVgmGob3k7rYvNFhJU1eiwrl7XqB7J5zS?= =?us-ascii?Q?6lOLHfh8rJRzU2zPJj43MdTRKHhL5Vwp/ouCW/H1EeWD506BFzU0zw1v7xyD?= =?us-ascii?Q?gZnhUJJOksn+a/7yy0CglwQU8aoDPQX4Es62BBIPA90E/Ve1CmBeO0MB1sW2?= =?us-ascii?Q?4j8GjF5YMqsC/IVJ28R9OGY/gIJALuMzHIyR5EjmZETOaygpJGEkrkR3EZMN?= =?us-ascii?Q?VSDBzJaUwfH51kiOr9LhQDVTNlEsMcprLJIL9SxxZdmZoNSDjY14uxJUFZ/7?= =?us-ascii?Q?rjGQaFKA87BNXemvx+JL4/V2vt0bC2uTiWcSpDfh1mp18tveU2JLJsTHWI5w?= =?us-ascii?Q?Y/08xmLnSdGd7eFxY3ycB6vG1jfQdBOkgqCGhfY99BljqYkW4WfreqWJ2c/E?= =?us-ascii?Q?ep2EAody5G3WOE6w0EmEEyzxmHmCA96eQ0OiM+AI+pqlhzdsONqSSfEImAx2?= =?us-ascii?Q?w7fX/jaVXdm9G2AsFbSMwMcC7YonqPQitO8SuWY5Ht49afzDEn3pG8u1fdug?= =?us-ascii?Q?U4vbDBCqVRhewsnKE+JOWVZdhKjalokBljkDuQIO6s62LajLLwicypojCfLx?= =?us-ascii?Q?NUeg6TdtOorQc0Raraw91fAC4byhjfIHIN/KfA+ezXMTUJ+kEFqaXnATOfpc?= =?us-ascii?Q?2a/QYF33GmR1o8/+8cQC9HWUAZ2t+Hb4Rrs7hPzyis9eqabOoDTN3suLEka8?= =?us-ascii?Q?vNZKf7zzofDUxJL0hzroeuyI7Ir6Ao0GQdX3xrckbpiwBIggsR7XmyMQCM4V?= =?us-ascii?Q?lnAKO59bqLt3eZg18w+9uRyrgVv5q7mSWzfoKzWjwX7LiQYbQkdIRmTY8lSh?= =?us-ascii?Q?2okLUHA4Vg7GIY73XZmLPYklrpyu4M+qKJTPa9NftqgIuq+QC6Q/MNWynqXN?= =?us-ascii?Q?zy/XBfQ+YZbVnas75tVoXe43lDp12sZZIvU2UgAga9ZaYjc+QFkmE4FTcb0T?= =?us-ascii?Q?0wkoeUeq+w5c3iVJntnqEaZIJW9YCyksK8f3QS9ZCtIfmS3Gkn4RdJ1FJk69?= =?us-ascii?Q?7fqKHI02NCv2ZeKt0atYzkpeIQmfk/GvXPEB1RrVYAMRH8++/eooY868P/KI?= =?us-ascii?Q?penHtgo5iKXNqVN7/4pDgRYR+2v2QF6uThQeBP2gnPKBt8UNnfhLRuDAs64l?= =?us-ascii?Q?TUIZccM10PXQdh+tPBM0ZgDqdbTx2r9SvT1YheU/Kqd2p4/CjxT97H1EgeIE?= =?us-ascii?Q?C5t7HUv8d8+XaAuHeeDYdxMB?= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-OriginatorOrg: marvell.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: CO6PR18MB4484.namprd18.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4081b4de-4b81-4ed9-3908-08d9829a9ba1 X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Sep 2021 16:11:19.4407 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 70e1fb47-1155-421d-87fc-2e58f638b6e0 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 6mVQgWaIw6zPksak5ksWU0vCMxkMJx0uWLHWP+6P+WhOiCYd8dZzgvoV3Jxy9wnP9/UlEyJPTCgqs+93QrMtMQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR18MB4713 X-Proofpoint-ORIG-GUID: bD5vB0eDUQ3uAKxInXWqQM2rtVtZDjrw X-Proofpoint-GUID: bD5vB0eDUQ3uAKxInXWqQM2rtVtZDjrw X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.182.1,Aquarius:18.0.790,Hydra:6.0.391,FMLib:17.0.607.475 definitions=2021-09-28_05,2021-09-28_01,2020-04-07_01 Subject: Re: [dpdk-dev] [PATCH 1/3] security: add option to configure UDP ports verification X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" > Add option to indicate whether UDP encapsulation ports > verification need to be done as part of inbound > IPsec processing. >=20 > Signed-off-by: Tejasree Kondoj > --- > doc/guides/rel_notes/release_21_11.rst | 5 +++++ > lib/security/rte_security.h | 7 +++++++ > 2 files changed, 12 insertions(+) >=20 > diff --git a/doc/guides/rel_notes/release_21_11.rst > b/doc/guides/rel_notes/release_21_11.rst > index b0606cb542..afeba0105b 100644 > --- a/doc/guides/rel_notes/release_21_11.rst > +++ b/doc/guides/rel_notes/release_21_11.rst > @@ -141,6 +141,11 @@ ABI Changes > * Added SA option to indicate whether outer header verification need t= o be > done as part of inbound IPsec processing. >=20 > +* security: add IPsec SA option to configure UDP ports verification > + > + * Added SA option to indicate whether UDP ports verification need to b= e > + done as part of inbound IPsec processing. > + Reword as=20 +* security: A new option ``udp_ports_verify`` is added in structure + ``rte_security_ipsec_sa_options`` to indicate whether UDP ports + verification need to be done as part of inbound IPsec processing. + >=20 > Known Issues > ------------ > diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h > index 2a61cad885..18b0f02c44 100644 > --- a/lib/security/rte_security.h > +++ b/lib/security/rte_security.h > @@ -139,6 +139,13 @@ struct rte_security_ipsec_sa_options { > */ > uint32_t udp_encap : 1; >=20 > + /** Verify UDP encapsulation ports in inbound > + * > + * * 1: Match UDP source and destination ports > + * * 0: Do not match UDP ports > + */ > + uint32_t udp_ports_verify : 1; > + > /** Copy DSCP bits > * > * * 1: Copy IPv4 or IPv6 DSCP bits from inner IP header to All new options should be added in the end of this structure for backward c= ompatibility.