Replicate VXLAN UDP sport security to switch level #2195
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prsunny
reviewed
Aug 21, 2025
prsunny
reviewed
Aug 21, 2025
|
hi @marian-pritsak , would it be possible to accept the spelling change for this one? |
Collaborator
|
@marian-pritsak , gentle reminder to address the comments |
|
hello @marian-pritsak , would you please check this one? TY... |
|
Expected to look at this one tomorrow |
marian-pritsak
force-pushed
the
tunnel-security
branch
from
36cd731 to
0502b78
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
marian-pritsak
changed the title
marian-pritsak
force-pushed
the
tunnel-security
branch
2 times, most recently
from
b36de10 to
b21de56
Compare
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Discussed in meeting w/ @prsunny - AI is to review |
prsunny
reviewed
Nov 13, 2025
inc/saitunnel.h
Outdated
| * @brief Tunnel UDP source port | ||
| * | ||
| * See also SAI_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY. | ||
| * This attribute is applied to VXLAN pockets ingressing the switch. If the incoming |
Contributor
Author
There was a problem hiding this comment.
Fixed, thanks.
prsunny
reviewed
Nov 13, 2025
inc/saiswitch.h
Outdated
| * @brief Tunnel UDP source port | ||
| * | ||
| * See also SAI_SWITCH_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY. | ||
| * This attribute is applied to VXLAN pockets ingressing the switch. If the incoming |
Contributor
Author
There was a problem hiding this comment.
Fixed, thanks.
- Add SAI_SWITCH_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY attribute to drop tunnel packets with UDP source port outside allowed range - Add documentation for UDP source port validation on VXLAN packet ingress - Update both saiswitch.h and saitunnel.h with security clarifications Signed-off-by: Marian Pritsak <[email protected]>
marian-pritsak
force-pushed
the
tunnel-security
branch
from
b21de56 to
488e27e
Compare
prsunny
approved these changes
Nov 20, 2025
Collaborator
|
@tjchadaga , would you help merge? |
Collaborator
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
tjchadaga
approved these changes
Nov 20, 2025
Collaborator
|
@JaiOCP, @ashutosh-agrawal, @rck-innovium - could you please help take a quick look? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.