Hi Akhil, > Hi Konstantin, > > Hi, > > > Adding lookaside IPsec UDP encapsulation support > > > for NAT traversal. > > > Added --udp-encap option for application to specify > > > if UDP encapsulation need to be enabled. > > > Example secgw command with UDP encapsultation enabled: > > > <secgw> -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap > > > > Can we have it not as global, but a per SA option? > > Add new keyword for SA/SP into ipsec-secgw config file, etc. > > Konstantin > > > > Any specific reason to make udp_encap as per SA? > UDP encapsulation is a feature which I believe should be application vide. > If it supports the feature it should be enabled for all SAs when the UDP port > is 4500 which is reserved for it.
Not sure why it has to be application wide? Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over port 0, and SA2 with udp encap over port 1? Note that in DPDK librte_security it is per SA option. Konstantin
