Hi Neale, I was looking at* ipsec_sa_add_and_lock*() function which is called by ikev2 to install IPSEC SA but I was NOT able to find anywhere the IKEv2 negotiated traffic selectors: IP addr range (start, stop) and port range (start, stop) being programmed to the vnet/ipsec. In such a case, how does the SPD processing happen in case *esp4-encrypt-tun*()?
Only in the case of ipsec4_output_node() function, I was seeing that the function *ipsec_output_policy_match*() is invoked which will do TS matching with the packet addr and port fields. But in the case of esp4-encrypt-tun() I do not see this policy (spd) matching happen? Regards.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#19950): https://lists.fd.io/g/vpp-dev/message/19950 Mute This Topic: https://lists.fd.io/mt/84813588/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
