Hi Sergio,
ipsec is actually working(therefore also your patch), my issue was regarding
dpdk and hw setup.
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12237): https://lists.fd.io/g/vpp-dev/message/12237
Mute This Topic: https://list
Hi,
my apologies, forget my last email.. I measured data back and forth (supposed
to be encrypted) and I checked that cpt crypto devices were enabled and
available but the ipsec tunnel was not working(since crypto counters were not
increasing).
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You rec
Hi Sergio,
after tracing the crypto layers a bit I did not find anything suspicious so I
decided to revert a commit around ipsec(git checkout
3553abaec54c2784bc6fdccc890411d586c3997e src/vnet/ipsec/*) and looks to be
working as I would expect(using the HW encrypt/decryption). I guess the issue
Hi all,
reading a piece of code( *src/vnet/llc/node.c* ) I noticed that llc_input is
almost the same as function snap_input( *src/vnet/snap/node.c* )...
but there is a different line and I would like to understand the reason, may be
is the same having or not that line but I am not sure.
*src/vne
Hi Sergio,
thank you for your comment, I will try to debug the problem ASAP.
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12213): https://lists.fd.io/g/vpp-dev/message/12213
Mute This Topic: https://lists.fd.io/mt/29538345/21656
Mute
Yes I did, OpenSSL backend is working.
I can see the esp4-encrypt and esp4-decrypt counters incrementing and there are
no errors.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12206): https://lists.fd.io/g/vpp-dev/message/12206
Mute This Topic: ht
Hi Sergio,
yes, disabling ipsec I successfully get every packet in the receiver side.
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#12203): https://lists.fd.io/g/vpp-dev/message/12203
Mute This Topic: https://lists.fd.io/mt/29538345/21656
Mute #vp
Hi Sergio,
you are right, both boards are connected back to back in the 192.168.30.0/24
net.
I have cleaned up redundant routes, adding what you are proposing and
unfortunately still I am getting the llc-input errors in the receiving interface
vpp# sh errors
See attached files, setup is taking place in the scripts via vppctl instead of
using the 'exec path_to_file' used in startup.cnf
Let me know if you see anything suspicious
BR,
Manuel
start_vpp_ipsec_board_a_xaui30_p2.sh
Description: application/shellscript
start_vpp_ipsec_board_b_xaui50_p2.sh
capture and config. attached
vpp# sh ipsec config
sa 10 spi 1001 mode transport protocol esp
crypto alg aes-cbc-128 key 4a506a794f574265564551694d653768 integrity alg
sha1-96 key 4339314b55523947594d6d3547666b45764e6a58
sa 20 spi 1000 mode transport protocol esp
crypto alg aes-cbc-128 key 4a50
Hi Sergio,
my apologies... I have been carefully testing this morning(to give you logs)
and everything is working perfectly (encrypting/decrypting with cpt and/or
encrypting/decrypting with openssl).
Thanks a lot for your quick fix!
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all mes
Hello Sergio,
>From my side, your patch looks good to me.
Nevertheless I can't manage to properly run encryption/decryption (ipsec
between two boards) with the Octeon CPT hardware. (Same ipsec scenario setup
via openssl is actually working as expected)
Do not know whether the problem is becaus
Hi Sergio,
I prefer you to provide the patch to use 1 qp since I have been inspecting
source code for two days only(I might add other bugs...).
I could test your patch in an Octeon board that is supposed to setup 1 qp.
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to th
Hi Sergio,
thank you for the explanation, I see that there are 2 (or more qps). My concern
was due to dpdk, since there are a few device drivers exporting only one queue
pair for their crypto devices.
(I followed the code assuming one qps, based on a dpdk-18.11 exported value)
So I do not know w
Hello all,
Just tracing a bit the code I noticed that there is a concept of "queue pair"
and every crypto device allocates its own number of queue pairs.
Two questions (version 19.01):
1. Regarding the max_res_idx (ipsec.c) calculation:
max_res_idx = (dev->max_qp / 2) - 1; (if dev->max_qp == 1
Ok, thank you for the clarification. So, as far as I understand, host-stack
preloading is not intended to work with forkable(because of the ldp destructor)
and/or threadable(because of mentioned index) applications.
BR,
Manuel
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this
16 matches
Mail list logo
