> Add option to indicate whether outer header verification > need to be done as part of inbound IPsec processing. > > With inline IPsec processing, SA lookup would be happening > in the Rx path of rte_ethdev. When rte_flow is configured to > support more than one SA, SPI would be used to lookup SA. > In such cases, additional verification would be required to > ensure duplicate SPIs are not getting processed in the inline path. > > For lookaside cases, the same option can be used by application > to offload tunnel verification to the PMD. > > These verifications would help in averting possible DoS attacks. > > Signed-off-by: Tejasree Kondoj <[email protected]> > Acked-by: Akhil Goyal <[email protected]> > --- Added Hemant's Ack from v1.
Applied to dpdk-next-crypto Release notes reworked.
