[dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support

Ananyev, Konstantin konstantin.ananyev at intel.com
Tue Mar 23 15:29:16 CET 2021

Previous message (by thread): [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Next message (by thread): [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Akhil,
 
> Hi Konstantin,
> > Hi,
> > > Adding lookaside IPsec UDP encapsulation support
> > > for NAT traversal.
> > > Added --udp-encap option for application to specify
> > > if UDP encapsulation need to be enabled.
> > > Example secgw command with UDP encapsultation enabled:
> > > <secgw> -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap
> >
> > Can we have it not as global, but a per SA option?
> > Add new keyword for SA/SP into ipsec-secgw config file, etc.
> > Konstantin
> >
> 
> Any specific reason to make udp_encap as per SA?
> UDP encapsulation is a feature which I believe should be application vide.
> If it supports the feature it should be enabled for all SAs when the UDP port
> is 4500 which is reserved for it.

Not sure why it has to be application wide?
Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over port 0,
and SA2 with udp encap over port 1?
Note that in DPDK librte_security it is per SA option.
Konstantin

Previous message (by thread): [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Next message (by thread): [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the dev mailing list