Skip to content

Replicate VXLAN UDP sport security to switch level #2195

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Replicate VXLAN UDP sport security to switch level #2195

wants to merge 1 commit into from

Conversation

@marian-pritsak
Copy link
Contributor

@marian-pritsak marian-pritsak commented Aug 21, 2025
edited
Loading

  • Add SAI_SWITCH_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY attribute to drop tunnel packets with UDP source port outside allowed range
  • Add documentation for UDP source port validation on VXLAN packet ingress
  • Update both saiswitch.h and saitunnel.h with security clarifications

prsunny
prsunny reviewed Aug 21, 2025
View reviewed changes
prsunny
prsunny reviewed Aug 21, 2025
View reviewed changes
@KrisNey-MSFT
Copy link

KrisNey-MSFT commented Sep 29, 2025

hi @marian-pritsak , would it be possible to accept the spelling change for this one?

@prsunny
Copy link
Collaborator

prsunny commented Oct 7, 2025

@marian-pritsak , gentle reminder to address the comments

@KrisNey-MSFT
Copy link

KrisNey-MSFT commented Oct 22, 2025

hello @marian-pritsak , would you please check this one? TY...

@KrisNey-MSFT
Copy link

KrisNey-MSFT commented Oct 22, 2025

Expected to look at this one tomorrow

@tjchadaga
Copy link
Collaborator

tjchadaga commented Oct 31, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Oct 31, 2025

Azure Pipelines successfully started running 1 pipeline(s).

@marian-pritsak marian-pritsak changed the title Expand the definition of VxLAN UDP SRC Port Replicate VXLAN UDP sport security to switch level Nov 4, 2025
@marian-pritsak
Replicate VXLAN UDP sport security to switch level
b21de56 
- Add SAI_SWITCH_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY attribute to drop tunnel packets with UDP source port outside allowed range
- Add documentation for UDP source port validation on VXLAN packet ingress
- Update both saiswitch.h and saitunnel.h with security clarifications

Signed-off-by: Marian Pritsak <marianp@mellanox.com>
@tjchadaga
Copy link
Collaborator

tjchadaga commented Nov 6, 2025

/azp run

@azure-pipelines
Copy link

azure-pipelines bot commented Nov 6, 2025

Azure Pipelines successfully started running 1 pipeline(s).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@prsunny prsunny prsunny left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@marian-pritsak @KrisNey-MSFT @prsunny @tjchadaga