Hi Satya, Inline ipsec is only supported by the ixgbe NIC, it is not supported by the i40e or e1000 NIC's.
Regards, Bernard. > -----Original Message----- > From: dev <dev-boun...@dpdk.org> On Behalf Of Pathak, Pravin > Sent: Monday, August 31, 2020 1:47 PM > To: Anoob Joseph <ano...@marvell.com>; satyavalli rama > <satyavalli.r...@gmail.com> > Cc: dev@dpdk.org; us...@dpdk.org > Subject: Re: [dpdk-dev] [EXT] Re: Ipsec-secgw packet processing > > HI Satya - > > Do you mean packets are not at all seen at the output OR packets are seen > but data is not encrypted with just ESP headers added? > This is what I see with Cypto NULL device and I think is expected behavior of > NULL device. > > Pravin > > -----Original Message----- > From: users <users-boun...@dpdk.org> On Behalf Of Anoob Joseph > Sent: Monday, August 31, 2020 1:17 AM > To: satyavalli rama <satyavalli.r...@gmail.com> > Cc: dev@dpdk.org; us...@dpdk.org > Subject: Re: [dpdk-users] [EXT] Re: [dpdk-dev] Ipsec-secgw packet > processing > > Hi Satya, > > What you are attempting is lookaside crypto offload. So in that case the > mbuf->ol_flags fields won’t be used. Also, I’m not sure what all algos are > available in ‘crypto_null’. In lookaside crypto offload model, packets are > received in ipsec-secgw and lookup happens in ipsec-secgw. The packets > would be then submitted to cryptodev for crypto processing. The cryptodev > would be able to process the packet only if the algos specified are supported > by it. IPsec processing also would be done in the application (ie, ipsec- > secgw). Once all this done, it is submitted to ethdev for Tx. You can check > the > code and you will be able to figure out what I have described above. > > Please do check ipsec-secgw documentation, if you haven’t done it already. > > Thanks, > Anoob > > From: satyavalli rama <satyavalli.r...@gmail.com> > Sent: Wednesday, August 26, 2020 4:54 PM > To: Anoob Joseph <ano...@marvell.com> > Cc: dev@dpdk.org; us...@dpdk.org > Subject: [EXT] Re: [dpdk-dev] Ipsec-secgw packet processing > > External Email > ________________________________ > Hi Anoob, > Do you need any more info.. Kindly help us.. We are totally stuck.. > Thanks > > On Wed, 19 Aug, 2020, 4:38 pm satyavalli rama, > <satyavalli.r...@gmail.com<mailto:satyavalli.r...@gmail.com>> wrote: > Hi Anoob > > We are using the following hardware details, > HOST: x722 (i40e) intel. > VM: e1000 (82540) intel. > > We have launched Virtual machine on host , and executing ipsec-secgw > application on VM. > > Please find below the CLI and configuration for TRANSPORT MODE. > > CLI: > > ./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" -- -p > 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg > > #TRANSPORT: > > #SP IPv4 rules > sp ipv4 out esp protect 10 pri 1 dst > 192.168.122.0/24<https://urldefense.proofpoint.com/v2/url?u=http- > 3A__192.168.122.0_24&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8 > rwwviRSxyLWs2n6B- > WYLn1v9SyTMrT5EQqh2TU&m=UljpWEF8dI3bZcYKgM0AqP1ViNQsN- > w4rZ1ZvTPc9Fw&s=UR36mFZdcNaE_w6k- > jBS_XvmgSgAQzga2yAHh2jrIl4&e=> sport 0:65535 dport 0:65535 > > #SA rules > sa out 10 cipher_algo aes-128-cbc cipher_key > a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > a1:a1:a1:a1:a1 auth_algo sha1-hmac auth_key > a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:a1:\ > a1:a1:a1:a1:a1:a1:a1:a1:a1 mode transport > > #Routing rules > rt ipv4 dst > 192.168.122.0/24<https://urldefense.proofpoint.com/v2/url?u=http- > 3A__192.168.122.0_24&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8 > rwwviRSxyLWs2n6B- > WYLn1v9SyTMrT5EQqh2TU&m=UljpWEF8dI3bZcYKgM0AqP1ViNQsN- > w4rZ1ZvTPc9Fw&s=UR36mFZdcNaE_w6k- > jBS_XvmgSgAQzga2yAHh2jrIl4&e=> port 1 > > > Please find below the CLI and configuration for TUNNEL MODE. > > CLI: > > ./build/ipsec-secgw -l 0 -n 4 --socket-mem 1024,0 --vdev "crypto_null" -- -p > 0x3 -P -u 0x1 --config="(0,0,0),(1,0,0)" -f ep0.cfg > > #TUNNEL End Point-0: > > #SP IPv4 rules > sp ipv4 out esp protect 5 pri 1 dst > 192.168.122.0/24<https://urldefense.proofpoint.com/v2/url?u=http- > 3A__192.168.122.0_24&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8 > rwwviRSxyLWs2n6B- > WYLn1v9SyTMrT5EQqh2TU&m=UljpWEF8dI3bZcYKgM0AqP1ViNQsN- > w4rZ1ZvTPc9Fw&s=UR36mFZdcNaE_w6k- > jBS_XvmgSgAQzga2yAHh2jrIl4&e=> sport 0:65535 dport 0:65535 > > #SA rules > sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ > auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \ mode > ipv4-tunnel src 192.168.122.96 dst 192.168.122.213 > > #Routing rules > rt ipv4 dst > 192.168.122.0/24<https://urldefense.proofpoint.com/v2/url?u=http- > 3A__192.168.122.0_24&d=DwMFaQ&c=nKjWec2b6R0mOyPaz7xtfQ&r=jPfB8 > rwwviRSxyLWs2n6B- > WYLn1v9SyTMrT5EQqh2TU&m=UljpWEF8dI3bZcYKgM0AqP1ViNQsN- > w4rZ1ZvTPc9Fw&s=UR36mFZdcNaE_w6k- > jBS_XvmgSgAQzga2yAHh2jrIl4&e=> port 1 > > On Tue, 18 Aug, 2020, 4:29 pm Anoob Joseph, > <ano...@marvell.com<mailto:ano...@marvell.com>> wrote: > Hi Satya, > > Are you attempting to enable inline protocol (IPsec) functionality? If yes, > which PMD (& h/w) are you using for the same? > > Thanks, > Anoob > > > -----Original Message----- > > From: dev <dev-boun...@dpdk.org<mailto:dev-boun...@dpdk.org>> On > > Behalf Of satyavalli rama > > Sent: Tuesday, August 18, 2020 4:08 PM > > To: dev@dpdk.org<mailto:dev@dpdk.org>; > > us...@dpdk.org<mailto:us...@dpdk.org> > > Subject: Re: [dpdk-dev] Ipsec-secgw packet processing > > > > We further debugged and we observed that while running ipsec-secgw > > application in transport-mode dpdk-19.02/11, we found that inline > > packet processing is not happening. > > We observed that ol_flags is not setting from driver level. We are > > expecting that , because of ol_flags not set , inline packet > > processing is not happening.Any idea What could be the reason for > > this, I think ol_flags will be configured from driver level Or else do > > we need to provide any external configuration for setting ol_flags. > > And also we are not observing encrypt/decrypt packets on pdump before > > sending packets out from tx-port(rte_eth_tx_burst()). > > Please help us on this...to proceed further. > > > > Thanks & Regards > > Satya > > > > > > > > On Mon, 17 Aug, 2020, 4:11 pm satyavalli rama, > > <satyavalli.r...@gmail.com<mailto:satyavalli.r...@gmail.com>> > > wrote: > > > > > > > > Hello, > > > > > > While we are running ipsec-secgw application in transport-mode on > > > dpdk-19.02, we found that inline packet processing is not happening. > > > > > > And also we are not observing any encrypt/decrypt packets on pdump > > > before sending packets out from tx-port(rte_eth_tx_burst()). > > > > > > Please help us on how to proceed further. > > > > > > Thanks, > > > Jagadeesh > > > > > >
