From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id E4A6FA0547 for ; Fri, 12 Feb 2021 05:02:47 +0100 (CET) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id 6625622A24A; Fri, 12 Feb 2021 05:02:47 +0100 (CET) Received: from esa.commscope.iphmx.com (esa.commscope.iphmx.com [68.232.142.175]) by mails.dpdk.org (Postfix) with ESMTP id 9033E22A243 for ; Fri, 12 Feb 2021 05:02:45 +0100 (CET) IronPort-SDR: 74gKwmGOpgD3gNtmsEnlqybTGWwC9RWAmj1yyOebLYKGsE21pT3jKpQfv1saOn+koJ6EnyRYu9 irH/ZdYIe7G85LHnlF/cp1rNP7MMY5iU9y9463nCfV4Ju3HxunDe9qVEhILs7E0R8vPvqYnJBI jyHSWHT010eZoN/Gs2AH5mS+1miHieU/xc4fHczF3xhAQFarnMLC/vMfg5X+ZYsTV/XOp6mTk9 mXTecC7WupvAhBzpJQqKusTmhXfvH6jrUKqgJcRexkgy8X9hzCQ9NurDYA7RqshPv4Z0dVS0ST XLs= X-IronPort-AV: E=Sophos;i="5.81,172,1610427600"; d="scan'208,217";a="146393015" Received: from mail-dm6nam12lp2174.outbound.protection.outlook.com (HELO NAM12-DM6-obe.outbound.protection.outlook.com) ([104.47.59.174]) by ob1.commscope.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 11 Feb 2021 23:02:44 -0500 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SUrbCNq+qvDpU57cBrsTJkMTVOo8r+g6O5ipB/E4W9jo+5h+CM8PL62p9rq4+Hkk3NpJwpzKorQVNxAv0tL3yBgqVJeT2HALE59VyDd1La89Nw08BeYcDmviD41Wa5OzzKEpO7tJygCJnOcWjAkWBN2Zo0RcQLr5CjW3Fynpu3CxQm9tJh5BlnJFFDaqUh5c4HTTiTxgbzn4s7UKlnW0UtX4GpYjyFRvCOIyY84jyIPW13tn6TvN4oVbpiClmvLnc1JLmrDIDpEkgn9sXtpqIxJ5ssuu8JOspbYPtrewy/47/ut3OUaL5MQHIKF8hkJwOTHdnRmB6XIe4Qi/DKGuAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=opIHiMAtoscVCt396ADlBEZiI23nWfBE+eLDpe3QN7w=; b=BTCXQi3EI5YhoqsAaW94FVzxLh4hvyBXZMuoZ9oJNaTldmowgFlXLbXDZn+jHlIUi9R3tgMLkOZhYZ0/tn24fbimTev8gnGDaJOddWnv6uSP8cADCnugzCVTs3T4T5NfPpo8bfevt8CgwU6SyDz4WxJuMAreKHGSYNv9WWMV6rKATykq9Mm6OTtT/v+nPB+Mu9D58Me0fo+/h/obvowgab1+15dk1SpuvBGvYVL6yeI9drSpF91BnkM3IIjsvC4mhzx816EFU4rzRhQL2fcJ3zBwcnFCbIKzirZXqNKKkoMNojfuuqhebq1W8IaIwPvMcTiOtR14ZxPI9LMc8yd3mg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=commscope.com; dmarc=pass action=none header.from=commscope.com; dkim=pass header.d=commscope.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=commscope.onmicrosoft.com; s=selector2-commscope-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=opIHiMAtoscVCt396ADlBEZiI23nWfBE+eLDpe3QN7w=; b=I4i+fcUAkZzI4dZYQWxtmiuq0D78hNsoV1Ao1aS2H1I5EnMmJfQfYWQIH9vweLmlZGuCjDIl+BXnQx0DeZJal1hpxmsJlQt2C6+0dgs/4DvD6MDHzodG3WcCtX/CgvgGVYnsVPIL+d5qMwRwbrdzXREX0yb7NUgORlsGfq4DZms= Received: from DM6PR14MB3757.namprd14.prod.outlook.com (2603:10b6:5:1bd::11) by DM5PR1401MB2028.namprd14.prod.outlook.com (2603:10b6:4:4e::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3846.29; Fri, 12 Feb 2021 04:02:42 +0000 Received: from DM6PR14MB3757.namprd14.prod.outlook.com ([fe80::aca4:b698:ee4d:e94a]) by DM6PR14MB3757.namprd14.prod.outlook.com ([fe80::aca4:b698:ee4d:e94a%2]) with mapi id 15.20.3846.025; Fri, 12 Feb 2021 04:02:41 +0000 From: "Das, Surajit" To: users Thread-Topic: DPDK l2fwd-crypto sample app Don't see encrypted icmp packet on the transmit side Thread-Index: AdcAnS4vJCe5hsd4RjSvnwLNTR5gvwAVT+Fw Date: Fri, 12 Feb 2021 04:02:41 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dpdk.org; dkim=none (message not signed) header.d=none;dpdk.org; dmarc=none action=none header.from=commscope.com; x-originating-ip: [198.90.65.30] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 6dc75136-1e00-4584-63df-08d8cf0b0b90 x-ms-traffictypediagnostic: DM5PR1401MB2028: x-microsoft-antispam-prvs: x-ipw-groupmember: False x-ms-oob-tlc-oobclassifiers: OLM:7219; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: EIWYohrPYmF5qTuBEO3979eNnxY3ihyIGA96OuHXnUziWPQRbxkd51y/kz53m0WC64q5SWUi1b4b1Qy0ejm+NflMcyNJ0cR10GCmaTsjc3qKseVQNUMG3cgWOmaXhXds0xfZuvou6Ny49fNHoeOnsTj0POiBnPkeLVyno8NEiKi+WIhKbqjwK/i82UbilWQzuCz9Pm9yphSi1DrhJws7rZEk+sdBOFKpG7UT46k81mmxGKk2uHVAFDSAgUh9nDDdsSx2cy5olEwtUI7hJtpEZEVFXuL4DUuAOJZkQ4Dcr6ToC/SKZbnm0jdcjIDDM1E6OQBjftRwM6sV/ztGJqQNtmHlDPjlDG8c+g28eqFkeEJ2CGnYAFcSq9guqkSU66lgdHpbT1260RSGxirhXGonvnF+JJfPRlbT2vCyN9bXM0UT3/m3TO1IcTfvSNlDmCVyH0drICaIYSdcKUSyZvfBD1ylFaBfG6UVX3eLiijQB0GNViDRe2CQwGWILEelj744kMnMoNiO8t24fGscGyRSSA== x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3757.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(136003)(39860400002)(376002)(396003)(346002)(186003)(26005)(83380400001)(53546011)(71200400001)(55016002)(76116006)(6506007)(2906002)(9686003)(66574015)(33656002)(66446008)(7696005)(66476007)(66946007)(86362001)(66556008)(64756008)(316002)(5660300002)(52536014)(6916009)(8936002)(8676002)(478600001); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?V3k7c/QVqE5nfci8+JZeoSIYPmPogI8WpsPWXwTu20YSHXyoyReLWweHYA2y?= =?us-ascii?Q?pCW5gA+5pF9lwOfg2rteLDIsB0rHLeNQZy0rkQUYCkeUcFgfMlj5hEGYpFan?= =?us-ascii?Q?l+6myUavOSiTta5/nAc7ReFZo3zqy4z8hoVTx4rlVhqksqeigQNt2jLImHlN?= =?us-ascii?Q?bJQVd9SHIYJsh8K+Pk4RVFvsCd8iUAgKRado+7GS1wvTTkj3sDX578YNlhyT?= =?us-ascii?Q?RsaINPCmtHxb0ts+v2aKyMlFCYYHeAhHWPZ15dlv2zrbq3S1KIuCBc4iYG1f?= =?us-ascii?Q?KsQP0WHromc2EqUo11qfBbGN9tb8/Wmxz9aly6CcPYTJ/v4lEFAKDPfqkTTn?= =?us-ascii?Q?FnEg2VychgcmRoCX0I9iFAFT+mGFPwgB4PcjE5euAbP9jMhXU5QZVSr/2TLr?= =?us-ascii?Q?8epGASHBquZUOW8GMwIpoI0M4/87CrWAo5wqBZ/9QguGMs8nr8CK8RCVxDwt?= =?us-ascii?Q?5493yA0gqB2GQdNdR2B2d6fwlvrTqX+JPOqwkwmXp9yAgSL5MUlyqm1Nb/bk?= =?us-ascii?Q?jhY6+0TlwwE4jBQneFK7KGvuK3OVIplr1kLxxK67cC6d/p9zqbwdHAKWThlP?= =?us-ascii?Q?0yULCXptq1orKfKnasLMpgSSylt7DUUpDen86XVlUXG4c12Ak1tYGioc58K8?= =?us-ascii?Q?8DIz2TSqPdqGTorCE5VxIZJK8mvrf0hx/sCrQTp6x2sOWOhBgcdDBYnpFFEo?= =?us-ascii?Q?MLOen0zwS2+KSM1hrs/SPpphUWpnmxRZtfWnk84oFP+HM/PW//auEL0F2A9X?= =?us-ascii?Q?/bEX6YZTTFar7cKHZz0tp4idKVgQ9zkRngCkooI3xlEU6pOKYJFNilKFg2o0?= =?us-ascii?Q?wiy64hfD4l2wsm4PLA/V7UIO/1WCHpfsSDb2MGIgodS7RMqpioQnJKgNosh8?= =?us-ascii?Q?fOo6GDkNHydJQGa4XZ7bJVmOkx2pnZgtVPv82WMTnAlTiVpCTivAVAAgHJ3I?= =?us-ascii?Q?lkETlSqGV+uWflg4K2WtRkeXOb6bzsHjzY/u1OrmQKn6rtnJPR6MjeZfTWI0?= =?us-ascii?Q?STeSmN9Aqw85y/O0XX9gQ5vBi4mMbVpUn1Ulye4tRuQe84YLziYNWPWDkP1C?= =?us-ascii?Q?4M/dvjPWWm8TQEr3YsCyspd81oRZ+Mk7j/wuvMp8F9yw3S/gbkYZHFtc2WrU?= =?us-ascii?Q?mq725WTxhsoh8v87+ytmVf+uM5l/tGFZ5xkogpBXWMfqpvgeaflw+4eN3WMO?= =?us-ascii?Q?k3TlJ63CZ/2BVO2XJNsXN7jjNkD0ckp4PNOtVoUzDkTehGMmD8Djy6ZtGv2I?= =?us-ascii?Q?4UC/NfLktJQmcunO/xHSG9ZNOiRLClS8VXz0KVi4LjYlC/6ih3t4bQutjshW?= =?us-ascii?Q?o4E=3D?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: commscope.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3757.namprd14.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 6dc75136-1e00-4584-63df-08d8cf0b0b90 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Feb 2021 04:02:41.7342 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 31472f81-8fe4-49ec-8bc3-fa1c295640d7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: NQcfDtdU2ILpZOGsbo1gOaLikcttOZgyD7efV1nQ5vzHS9+w9x1mVmf2aXO0pXAFF+V9AXAr1aJQZvFcYfja5+VQ7thpsvmODxUnJoLYD20= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1401MB2028 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: Re: [dpdk-users] DPDK l2fwd-crypto sample app Don't see encrypted icmp packet on the transmit side X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org Sender: "users" Hi DPDK Experts, I figured that the l2fwd-crypto app is encrypting packets. Tshark, thinks the packet is ICMP because crypto dev does not modify the ip= v4 header. So ip4_hdr->next_proto_id value remains unchanged, causing tshark to think = it's an ICMP packet. The payload of the ipv4 header, which is the ICMP part does look encrypted. Now, I tried decrypting the packet by using the l2fwd-cypto app on an adjac= ent container. Command with arguments: [root@decrypt-app-deployment-79fdd95b56-h8lxr build]# ./l2fwd-crypto -l 2-3= -n 4 --vdev "crypto_aesni_mb0" --vdev "crypto_aesni_mb1" -w 0000:65:01.0 -= w 0000:65:01.6 -- -p 0x3 --cdev SW --chain HASH_CIPHER --cipher_op DECRYPT = --cipher_algo aes-cbc --cipher_key 00:01:02:03:04:05:06:07:08:09:0a:0b:0c:0= d:0e:0f --auth_op VERIFY --auth_algo aes-xcbc-mac --auth_key 10:11:12:13:14= :15:16:17:18:19:1a:1b:1c:1d:1e:1f On the other end of the receive side after decrypting, I still see the pack= et is encrypted. Packet structure on the decrypted side: Internet Protocol Version 4, Src: 30.30.20.12 (30.30.20.12), Dst: 30.30.20.= 10 (30.30.20.10) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not= -ECT (Not ECN-Capable Transport)) 0000 00.. =3D Differentiated Services Codepoint: Default (0x00) .... ..00 =3D Explicit Congestion Notification: Not-ECT (Not ECN-Ca= pable Transport) (0x00) Total Length: 84 Identification: 0x99cd (39373) Flags: 0x02 (Don't Fragment) 0... .... =3D Reserved bit: Not set .1.. .... =3D Don't fragment: Set ..0. .... =3D More fragments: Not set Fragment offset: 0 Time to live: 64 Protocol: ICMP (1) Header checksum: 0x3c8a [validation disabled] [Good: False] [Bad: False] Source: 30.30.20.12 (30.30.20.12) Destination: 30.30.20.10 (30.30.20.10) Internet Control Message Protocol Type: 169 (Unknown ICMP (obsolete or malformed?)) Code: 121 Checksum: 0xb89e [incorrect, should be 0xee1d] As you can see, the ICMP part still looks encrypted. Is there anything in the command line arguments, that I am missing? Regards, Surajit From: Das, Surajit Sent: Thursday, February 11, 2021 11:26 PM To: users Subject: DPDK l2fwd-crypto sample app Don't see encrypted icmp packet on th= e transmit side Hi DPDK Experts, I am running l2fwd-crypto app on SR-IOV VFs. I am sending ICMP ping on ipv4 to the l2fwd-crypto. On the transmit side, I am not receiving any encrypted packet. Instead I am just receiving the very same icmp packet. The only change I made, is to the l2fwd_mac_updating function, to set the d= estination mac to broadcast, to make sure the packet reaches destination VF= . Command to send packet: arp -s 30.30.20.10 -i dev0 3a:fc:e6:60:a9:d3 ping -I dev0 30.30.20.10 -c1 Command to run l2fwd-crypto: ./l2fwd-crypto -l 0-1 -n 4 --vdev "crypto_aesni_mb0" --vdev "crypto_aesni_m= b1" -w 0000:65:00.4 -w 0000:65:00.5 -- -p 0x3 --cdev SW --chain CIPHER_HASH= --cipher_op ENCRYPT --cipher_algo aes-cbc --cipher_key 00:01:02:03:04:05:0= 6:07:08:09:0a:0b:0c:0d:0e:0f --auth_op GENERATE --auth_algo aes-xcbc-mac --= auth_key 10:11:12:13:14:15:16:17:18:19:1a:1b:1c:1d:1e:1f Output Counter suggests encryption was done: Port statistics =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Statistics for port 0 ------------------------------ Packets sent: 1 Packets received: 0 Packets dropped: 0 Statistics for port 1 ------------------------------ Packets sent: 0 Packets received: 1 Packets dropped: 0 Crypto statistics =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Statistics for cryptodev 0 ------------------------- Packets enqueued: 0 Packets dequeued: 0 Packets errors: 0 Statistics for cryptodev 1 ------------------------- Packets enqueued: 1 Packets dequeued: 1 Packets errors: 0 Aggregate statistics =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Total packets received: 1 Total packets enqueued: 1 Total packets dequeued: 1 Total packets sent: 1 Total packets dropped: 0 Total packets crypto errors: 0 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D What the received packet looks like: [root@decrypt-app-deployment-79fdd95b56-h8lxr ~]# tshark -i dev4 Running as user "root" and group "root". This could be dangerous. Capturing on 'dev4' 1 0.000000000 30.30.20.12 -> 30.30.20.10 ICMP 110 Unknown ICMP (obsolet= e or malformed?) [ETHERNET FRAME CHECK SEQUENCE INCORRECT] ^C1 packet captured Can anyone suggest what I could be missing here? Regards, Surajit