Tunnel UDP SRC PORT security

inc/saidebugcounter.h

@@ -264,7 +264,7 @@ typedef enum _sai_in_drop_reason_t
     /**
      * @brief Packet decapsulation failed
      *
-     * e.g.: need to decap too many bytes, remaining packet is too short
+     * e.g.: need to decap too many bytes, remaining packet is too short, UDP port out of defined range
      */
     SAI_IN_DROP_REASON_DECAP_ERROR,
 

inc/saitunnel.h

@@ -736,6 +736,20 @@ typedef enum _sai_tunnel_attr_t
      */
     SAI_TUNNEL_ATTR_DECAP_QOS_TC_TO_PRIORITY_GROUP_MAP,
 
+    /**
+     * @brief Drop tunnel packets with not allowed UDP source port
+     *
+     * Upon enabling this feature, if the tunnel packet ingresses with
+     * UDP source port outside of range defined for this tunnel, it
+     * will be dropped.
+     *
+     * @type bool
+     * @flags CREATE_AND_SET
+     * @default false
+     * @validonly SAI_TUNNEL_ATTR_TYPE == SAI_TUNNEL_TYPE_VXLAN and SAI_TUNNEL_ATTR_VXLAN_UDP_SPORT_MODE == SAI_TUNNEL_VXLAN_UDP_SPORT_MODE_USER_DEFINED
+     */
+    SAI_TUNNEL_ATTR_VXLAN_UDP_SPORT_SECURITY,
+
     /**
      * @brief End of attributes
      */