[dpdk-users] IPSEC-SECGW - type no-offload config sample?

Kandy Palanisamy kandy_pal at yahoo.com
Fri Oct 12 21:20:07 CEST 2018


Hi,
I am trying to run ipsec-secgw in dpdk-18.02 for:

type no-offloadencryption aes-cbcauth hmac-sha1
Test config:Port 0 - ProtectedPort 1 - Unprotected
Packets on port 0 get encrypted and sent on 1.But, in the decryption path, esp_inbound is failing returning -EINVAL (payload not multiple of block size). Wireshark seems to show payload is a multiple of block size! I am debugging this.

Can someone provide me a sample working config for me to compare?

Command line:===========
./ipsec-secgw \
        -l 6,7 \
        --vdev crypto_aesni_mb \
        -w 0000:04:00.0 -w 0000:04:00.1 \
        --log-level 8 --socket-mem 1024,0 \
        -- -p 0xf -P -u 0x2 \
        --config="(0,0,6),(1,0,7)" -f /tmp/intel-ep0.cfg


ep config=======
#SP IPv4 rules
sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535

#SA rules
sa out 1005 cipher_algo aes-128-cbc cipher_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d \
auth_algo sha1-hmac auth_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
port_id 1 \

sa in 5 cipher_algo aes-128-cbc cipher_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d \
auth_algo sha1-hmac auth_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \
mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
port_id 1 \

#Routing rules
rt ipv4 dst 172.16.2.5/32 port 1
rt ipv4 dst 192.168.105.10/32 port 0

Thanks,
Kandy




















More information about the users mailing list