git.droids-corp.org - dpdk.git/commit

author	Tejasree Kondoj <ktejasree@marvell.com>
	Tue, 28 Sep 2021 12:07:39 +0000 (17:37 +0530)
committer	Akhil Goyal <gakhil@marvell.com>
	Tue, 28 Sep 2021 15:40:52 +0000 (17:40 +0200)
commit	f0b538a5f8c808c805dd6968537cb60f1cf0912c
tree	1aee3692a56280864edf3c458091cfdae93998cd	tree \| snapshot
parent	5d05af555755912954af03eb6228babdbe4c96fb	commit \| diff

security: add option to configure tunnel header verification

Add option to indicate whether outer header verification
need to be done as part of inbound IPsec processing.

With inline IPsec processing, SA lookup would be happening
in the Rx path of rte_ethdev. When rte_flow is configured to
support more than one SA, SPI would be used to lookup SA.
In such cases, additional verification would be required to
ensure duplicate SPIs are not getting processed in the inline path.

For lookaside cases, the same option can be used by application
to offload tunnel verification to the PMD.

These verifications would help in averting possible DoS attacks.

Signed-off-by: Tejasree Kondoj <ktejasree@marvell.com>
Acked-by: Hemant Agrawal <hemant.agrawal@nxp.com>
Acked-by: Akhil Goyal <gakhil@marvell.com>

doc/guides/rel_notes/deprecation.rst		diff \| blob \| history
doc/guides/rel_notes/release_21_11.rst		diff \| blob \| history
lib/security/rte_security.h		diff \| blob \| history