* [dpdk-dev] [PATCH] examples/ipsec-secgw: update default configuration
@ 2019-11-06 15:48 Lukasz Bartosik
2019-11-09 11:26 ` Anoob Joseph
0 siblings, 1 reply; 3+ messages in thread
From: Lukasz Bartosik @ 2019-11-06 15:48 UTC (permalink / raw)
To: konstantin.ananyev, akhil.goyal, radu.nicolau
Cc: dev, anoobj, Lukasz Bartosik
Update default configuration of ipsec-secgw:
1.In ep0.cfg change SPI value used by two inbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing inbound
SAs. There are no inbound SAs with SPI value 15, 16.
- In ep1.cfg change SPI value used by two outbound IPv6 security
policies from 15 to 115 and 16 to 116 to point to existing outbound
SAs. There are no outbound SAs with SPI value 15, 16. Add missing
priority parameter in two inbound IPv4 security policies.
Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
---
examples/ipsec-secgw/ep0.cfg | 8 ++++----
examples/ipsec-secgw/ep1.cfg | 12 ++++++------
2 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg
index 299aa9e..dfd4aca 100644
--- a/examples/ipsec-secgw/ep0.cfg
+++ b/examples/ipsec-secgw/ep0.cfg
@@ -49,14 +49,14 @@ sport 0:65535 dport 0:65535
sp ipv6 out esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
sport 0:65535 dport 0:65535
-sp ipv6 in esp protect 15 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
-sport 0:65535 dport 0:65535
-sp ipv6 in esp protect 16 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
-sport 0:65535 dport 0:65535
sp ipv6 in esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
sport 0:65535 dport 0:65535
sp ipv6 in esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 in esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
sp ipv6 in esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
sport 0:65535 dport 0:65535
sp ipv6 in esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg
index 3f6ff81..19bdc68 100644
--- a/examples/ipsec-secgw/ep1.cfg
+++ b/examples/ipsec-secgw/ep1.cfg
@@ -19,8 +19,8 @@ sp ipv4 in esp protect 15 pri 1 dst 192.168.200.0/24 sport 0:65535 dport 0:65535
sp ipv4 in esp protect 16 pri 1 dst 192.168.201.0/24 sport 0:65535 dport 0:65535
sp ipv4 in esp protect 25 pri 1 dst 192.168.55.0/24 sport 0:65535 dport 0:65535
sp ipv4 in esp protect 26 pri 1 dst 192.168.56.0/24 sport 0:65535 dport 0:65535
-sp ipv4 in esp bypass dst 192.168.240.0/24 sport 0:65535 dport 0:65535
-sp ipv4 in esp bypass dst 192.168.241.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport 0:65535
+sp ipv4 in esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535 dport 0:65535
sp ipv4 out esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport 0:65535
sp ipv4 out esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535 dport 0:65535
@@ -49,14 +49,14 @@ sport 0:65535 dport 0:65535
sp ipv6 in esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
sport 0:65535 dport 0:65535
-sp ipv6 out esp protect 15 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
-sport 0:65535 dport 0:65535
-sp ipv6 out esp protect 16 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
-sport 0:65535 dport 0:65535
sp ipv6 out esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96 \
sport 0:65535 dport 0:65535
sp ipv6 out esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96 \
sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 115 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96 \
+sport 0:65535 dport 0:65535
+sp ipv6 out esp protect 116 pri 1 dst ffff:0000:0000:0000:6666:6666:0000:0000/96 \
+sport 0:65535 dport 0:65535
sp ipv6 out esp protect 125 pri 1 dst ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \
sport 0:65535 dport 0:65535
sp ipv6 out esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
--
2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: update default configuration
2019-11-06 15:48 [dpdk-dev] [PATCH] examples/ipsec-secgw: update default configuration Lukasz Bartosik
@ 2019-11-09 11:26 ` Anoob Joseph
2019-11-18 7:54 ` Akhil Goyal
0 siblings, 1 reply; 3+ messages in thread
From: Anoob Joseph @ 2019-11-09 11:26 UTC (permalink / raw)
To: Lukas Bartosik, konstantin.ananyev, akhil.goyal, radu.nicolau
Cc: dev, Lukas Bartosik
@Akhil, do we need this submitted to dpdk-stable?
Acked-by: Anoob Joseph <anoobj@marvell.com>
> -----Original Message-----
> From: Lukasz Bartosik <lbartosik@marvell.com>
> Sent: Wednesday, November 6, 2019 9:18 PM
> To: konstantin.ananyev@intel.com; akhil.goyal@nxp.com;
> radu.nicolau@intel.com
> Cc: dev@dpdk.org; Anoob Joseph <anoobj@marvell.com>; Lukas Bartosik
> <lbartosik@marvell.com>
> Subject: [PATCH] examples/ipsec-secgw: update default configuration
>
> Update default configuration of ipsec-secgw:
> 1.In ep0.cfg change SPI value used by two inbound IPv6 security policies from 15
> to 115 and 16 to 116 to point to existing inbound SAs. There are no inbound SAs
> with SPI value 15, 16.
> - In ep1.cfg change SPI value used by two outbound IPv6 security policies from
> 15 to 115 and 16 to 116 to point to existing outbound SAs. There are no
> outbound SAs with SPI value 15, 16. Add missing priority parameter in two
> inbound IPv4 security policies.
>
> Signed-off-by: Lukasz Bartosik <lbartosik@marvell.com>
> ---
> examples/ipsec-secgw/ep0.cfg | 8 ++++---- examples/ipsec-secgw/ep1.cfg |
> 12 ++++++------
> 2 files changed, 10 insertions(+), 10 deletions(-)
>
> diff --git a/examples/ipsec-secgw/ep0.cfg b/examples/ipsec-secgw/ep0.cfg
> index 299aa9e..dfd4aca 100644
> --- a/examples/ipsec-secgw/ep0.cfg
> +++ b/examples/ipsec-secgw/ep0.cfg
> @@ -49,14 +49,14 @@ sport 0:65535 dport 0:65535 sp ipv6 out esp protect 26
> pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \ sport 0:65535 dport
> 0:65535
>
> -sp ipv6 in esp protect 15 pri 1 dst ffff:0000:0000:0000:5555:5555:0000:0000/96
> \ -sport 0:65535 dport 0:65535 -sp ipv6 in esp protect 16 pri 1 dst
> ffff:0000:0000:0000:6666:6666:0000:0000/96 \ -sport 0:65535 dport 0:65535
> sp ipv6 in esp protect 110 pri 1 dst ffff:0000:1111:1111:0000:0000:0000:0000/96
> \ sport 0:65535 dport 0:65535 sp ipv6 in esp protect 111 pri 1 dst
> ffff:0000:1111:1111:1111:1111:0000:0000/96 \ sport 0:65535 dport 0:65535
> +sp ipv6 in esp protect 115 pri 1 dst
> +ffff:0000:0000:0000:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 in esp protect 116 pri 1 dst
> +ffff:0000:0000:0000:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> sp ipv6 in esp protect 125 pri 1 dst
> ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport 0:65535 sp
> ipv6 in esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96 \
> diff --git a/examples/ipsec-secgw/ep1.cfg b/examples/ipsec-secgw/ep1.cfg
> index 3f6ff81..19bdc68 100644
> --- a/examples/ipsec-secgw/ep1.cfg
> +++ b/examples/ipsec-secgw/ep1.cfg
> @@ -19,8 +19,8 @@ sp ipv4 in esp protect 15 pri 1 dst 192.168.200.0/24 sport
> 0:65535 dport 0:65535 sp ipv4 in esp protect 16 pri 1 dst 192.168.201.0/24 sport
> 0:65535 dport 0:65535 sp ipv4 in esp protect 25 pri 1 dst 192.168.55.0/24 sport
> 0:65535 dport 0:65535 sp ipv4 in esp protect 26 pri 1 dst 192.168.56.0/24 sport
> 0:65535 dport 0:65535 -sp ipv4 in esp bypass dst 192.168.240.0/24 sport
> 0:65535 dport 0:65535 -sp ipv4 in esp bypass dst 192.168.241.0/24 sport
> 0:65535 dport 0:65535
> +sp ipv4 in esp bypass pri 1 dst 192.168.240.0/24 sport 0:65535 dport
> +0:65535 sp ipv4 in esp bypass pri 1 dst 192.168.241.0/24 sport 0:65535
> +dport 0:65535
>
> sp ipv4 out esp protect 105 pri 1 dst 192.168.115.0/24 sport 0:65535 dport
> 0:65535 sp ipv4 out esp protect 106 pri 1 dst 192.168.116.0/24 sport 0:65535
> dport 0:65535 @@ -49,14 +49,14 @@ sport 0:65535 dport 0:65535 sp ipv6 in
> esp protect 26 pri 1 dst 0000:0000:0000:0000:bbbb:bbbb:0000:0000/96 \ sport
> 0:65535 dport 0:65535
>
> -sp ipv6 out esp protect 15 pri 1 dst
> ffff:0000:0000:0000:5555:5555:0000:0000/96 \ -sport 0:65535 dport 0:65535 -
> sp ipv6 out esp protect 16 pri 1 dst
> ffff:0000:0000:0000:6666:6666:0000:0000/96 \ -sport 0:65535 dport 0:65535
> sp ipv6 out esp protect 110 pri 1 dst
> ffff:0000:1111:1111:0000:0000:0000:0000/96 \ sport 0:65535 dport 0:65535 sp
> ipv6 out esp protect 111 pri 1 dst ffff:0000:1111:1111:1111:1111:0000:0000/96
> \ sport 0:65535 dport 0:65535
> +sp ipv6 out esp protect 115 pri 1 dst
> +ffff:0000:0000:0000:5555:5555:0000:0000/96 \ sport 0:65535 dport
> +0:65535 sp ipv6 out esp protect 116 pri 1 dst
> +ffff:0000:0000:0000:6666:6666:0000:0000/96 \ sport 0:65535 dport
> +0:65535
> sp ipv6 out esp protect 125 pri 1 dst
> ffff:0000:0000:0000:aaaa:aaaa:0000:0000/96 \ sport 0:65535 dport 0:65535 sp
> ipv6 out esp protect 126 pri 1 dst ffff:0000:0000:0000:bbbb:bbbb:0000:0000/96
> \
> --
> 2.7.4
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [dpdk-dev] [PATCH] examples/ipsec-secgw: update default configuration
2019-11-09 11:26 ` Anoob Joseph
@ 2019-11-18 7:54 ` Akhil Goyal
0 siblings, 0 replies; 3+ messages in thread
From: Akhil Goyal @ 2019-11-18 7:54 UTC (permalink / raw)
To: Anoob Joseph, Lukas Bartosik, konstantin.ananyev, radu.nicolau
Cc: dev, Lukas Bartosik, stable
>
> @Akhil, do we need this submitted to dpdk-stable?
>
Yes this is a candidate for stable.
> Acked-by: Anoob Joseph <anoobj@marvell.com>
>
Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
Fixed title and tagged for stable.
Applied to dpdk-next-crypto
Thanks.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-18 7:54 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-06 15:48 [dpdk-dev] [PATCH] examples/ipsec-secgw: update default configuration Lukasz Bartosik
2019-11-09 11:26 ` Anoob Joseph
2019-11-18 7:54 ` Akhil Goyal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).