Expand the definition of VxLAN UDP SRC Port

marian-pritsak · marian-pritsak · commit 36cd731d377b · 2025-08-21T20:10:41.000+03:00
The VxLAN UDP SRC Port attributes in the switch define
the range in which the UDP SRC Port needs to be generated
both for entropy and security purposes.

The purpose of this change is to expand the definition
to also drop incoming VxLAN packets that do not match the
defined range, since it's an end to end feature.

Signed-off-by: Marian Pritsak &lt;marianp@mellanox.com&gt;
diff --git a/inc/saiswitch.h b/inc/saiswitch.h
@@ -504,6 +504,10 @@ typedef enum _sai_switch_tunnel_attr_t
     /**
      * @brief Tunnel UDP source port
      *
+     * This attribute is used to set the UDP source port for VXLAN tunnels.
+     * It is also applied to VxLAN pockets ingressing the switch. If the incoming
+     * packet does not match the configured UDP source port, the packet is dropped.
+     *
      * @type sai_uint16_t
      * @flags CREATE_AND_SET
      * @isvlan false
@@ -517,6 +521,9 @@ typedef enum _sai_switch_tunnel_attr_t
      *
      * Sport mask defining the number of least significant bits
      * reserved for the calculated hash value. 0 means a fixed value.
+     * It is also applied to VxLAN pockets ingressing the switch. If the incoming
+     * packet does not match the configured UDP source port range,
+     * the packet is dropped.
      *
      * @type sai_uint8_t
      * @flags CREATE_AND_SET
