Hi all, I am using fdio vpp stack 20.05 and am using the vnet/ipsec that is programmed by non-vpp IKEv2 stack. I observe that in the data-path always "esp4-decrypt-tun" is hit for inbound packets while "esp-encrypt-tun" is hit for all outbound packets.
I think these two graph nodes are hit because we create a ipip tunnel interface for the IPSEC and register the rx_db and tx_db at the SA creation time. I would like to use the SPD matching logic written in the graph node ipsec4_output_node/ipsec4_output_feature()? How to enable the outbound packet to pass through this function? Regards.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#20799): https://lists.fd.io/g/vpp-dev/message/20799 Mute This Topic: https://lists.fd.io/mt/88727075/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
