From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mails.dpdk.org (mails.dpdk.org [217.70.189.124]) by inbox.dpdk.org (Postfix) with ESMTP id D9CCCA0C41 for ; Mon, 5 Apr 2021 17:22:57 +0200 (CEST) Received: from [217.70.189.124] (localhost [127.0.0.1]) by mails.dpdk.org (Postfix) with ESMTP id A8AEA4068C; Mon, 5 Apr 2021 17:22:57 +0200 (CEST) Received: from esa.commscope.iphmx.com (esa.commscope.iphmx.com [68.232.142.175]) by mails.dpdk.org (Postfix) with ESMTP id A72474014E for ; Mon, 5 Apr 2021 17:22:55 +0200 (CEST) IronPort-SDR: pjhSUsC9onoJ7eoCuKBvnopU8JMaGVf/7w425IEZyHKY0kBA/oRA1vNdARTo/QyW618faphGS2 bmDyHHmCmOptCVmOpsJ2V0IVz2eRXnwzDPWUvNJqWGv9hBNrEddVQRJ8+NWA6vVNMnRKNmmJid 1mJPigJcga4wtbD8rzf91fB8/oOilaBibdu4Bhrpb9CvWyO9BnqnMlyyhv4cX5KSzG87VpQate EeGGG7PZunbZsaAyamyPlFTxxx82U3oGjcaeIqgTAttb5MvbXxT5RtIefEbaf6zooyAjVLVc8C ZTY= X-IronPort-AV: E=Sophos;i="5.81,306,1610427600"; d="scan'208,217";a="148706537" Received: from mail-co1nam11lp2172.outbound.protection.outlook.com (HELO NAM11-CO1-obe.outbound.protection.outlook.com) ([104.47.56.172]) by ob1.commscope.iphmx.com with ESMTP/TLS/ECDHE-RSA-AES128-GCM-SHA256; 05 Apr 2021 11:22:54 -0400 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JzbcBPJgcZuVauLxt6F1LcvPIi4IKDUlZgF08Wg4385gzRGV17evkbY7YsAWm3qCKmYW1EVa/ucL2/5wxzVSL4W/UryyPbkXMPJ07tyJYw0pUl59ZH40tcijBD4yH4uCFuwYu6+j9Wnyy0RNnB+OGTl0SnRRAxAIcXz590jszLM4diRd9YUAVEZS7WJaqu9bs6MUhq3i57cEtxHvJj2H2C+HOvqPkFJBtBichQ/BgVEaUWsoRpg5JYdWgPizfhihzD/YZDHwBp/bSujiupm6M4PqK7A1MtAXOE5iquUTismSwLXNwGbJP18bZPJ8tHiQsKSxuH9JgaSyawwBZ5RmiA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ExZLqUTtZKournJHfA8dmjNEbSOrLE7apcPMFbwMK9w=; b=W3jBAkHojKa7VsC+SrEHzEnq6Rp3EEvTYNY9irK5A9eT2ATpta01bgOsSdbIirSTXsxyRim9ktQ2CaKfE/iVP52sXql9s3lwkxRTxhRbW2k9+23JqIeJgAuvpZrYwRZHYcb2v+tK+8q2bOcllD1vr1rmUUAKa+r7xyJU+IP8msH9qhkVzmNhKKHKCDyc1IFnt6TktebB8GO6LsI1gfIk0gzN/dS22VA4EoCJAwxTeKIigKE2SY8cv05Gvq0PcpK/ydMTXPtAcy8XPZUK7dPmvMSOmI3TNdYkMJ6zc1zzeioRe5GRi1hQWdSJ0OrHu2pSss+931z4WrfaH5VsgaVBKg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=commscope.com; dmarc=pass action=none header.from=commscope.com; dkim=pass header.d=commscope.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=commscope.onmicrosoft.com; s=selector2-commscope-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ExZLqUTtZKournJHfA8dmjNEbSOrLE7apcPMFbwMK9w=; b=5Z4JrUvpCymTFyYr8Tj77E/iIHIP7pJlw6J/l9erJwC0LCf/ZqFXKT2Z7glHfgABMY2SMq4B5IPzY1axzeMUsVEUciLwFd91na/43/cvcn7H8ZBxTiIJ1ELkd9wzfNnvlxd+M8J0kpR0NQJCo7040RPakOZ0ZV/BVZBRJH6/iF8= Received: from DM6PR14MB3757.namprd14.prod.outlook.com (2603:10b6:5:1bd::11) by DM5PR14MB1499.namprd14.prod.outlook.com (2603:10b6:3:d3::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3999.27; Mon, 5 Apr 2021 15:22:53 +0000 Received: from DM6PR14MB3757.namprd14.prod.outlook.com ([fe80::51d6:9398:efdc:bd31]) by DM6PR14MB3757.namprd14.prod.outlook.com ([fe80::51d6:9398:efdc:bd31%7]) with mapi id 15.20.3999.032; Mon, 5 Apr 2021 15:22:53 +0000 From: "Das, Surajit" To: "users@dpdk.org" Thread-Topic: ipsec-secgw sample app not seem to be able to decode ESP packets whose keys were generated by strongswan Thread-Index: AdcqLngxNeg/d2IORuWKFVJQLtRqUw== Date: Mon, 5 Apr 2021 15:22:53 +0000 Message-ID: Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: dpdk.org; dkim=none (message not signed) header.d=none;dpdk.org; dmarc=none action=none header.from=commscope.com; x-originating-ip: [14.141.56.230] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 53994fdf-1c2a-4f2c-7f07-08d8f846aed0 x-ms-traffictypediagnostic: DM5PR14MB1499: x-microsoft-antispam-prvs: x-ipw-groupmember: False x-ms-oob-tlc-oobclassifiers: OLM:7691; x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: U+I5Hce6UAmySEVU2V9kII6b7T8Uxc1ACv5iBLaEGsC2i951wqVO3RbFV3N+CV72UQi/L0PnJSySK4X8/ySKswR4BjQeK0/7Uf60MPnbei2RIXn2gZEMjQdCrLhiTrDIgN1xxOOg3TXDOQGv0ADsMN1f5U3476jKoTsF/SeuF9vYmtlwLB5KSe6AEyAjoeVAX9a1uENj9X5Z3RPDCOSffJhj/3Pa2Z96OxgcGwncGxw0DjBDjBDGw3bnlTLDBnQeTaZ8aWLlDniEjM1ezlrJYN+191P/asTRb0Dtk7MMcZE1LysvyrNm/whAQo3aK6NKhh41SWeZZr7L7T3vHtfwbYgjvaEtjIXcbJ4NJhTR6uzqkqlvdCvKqHve2OC4B1aW4UVLJL6MER3RnaxvJGmx0j4ZXKDo93J9krRqVl2JF65pzWfVk8o2tz5wolytaQODwPnq4r4rmnafc49vDRAHpHBIMmoXGYiEc/DNIlF+QkZGdyL6H74Plog1dAOfzfcb0xNSICQ62bOxfvtP9vVEqAPqkq/TW+8T+n0mwNgewcv+U23bUHY88De+fjxDUO08qSzvfiy6NGHTbMwvRi+MeAENl5pl0IKZm3oOPiE8Vwsq9AmcJpVVIH6i/Aud+X6/TMCbVMEDIt6FOwkzGodREjQBrFHzb4tlMWP3m0GAnaQ= x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR14MB3757.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(396003)(376002)(39860400002)(366004)(346002)(5660300002)(71200400001)(64756008)(9686003)(186003)(7696005)(2906002)(8676002)(316002)(66556008)(66446008)(9326002)(38100700001)(8936002)(26005)(66476007)(55016002)(6506007)(33656002)(6916009)(86362001)(66946007)(76116006)(55236004)(83380400001)(478600001)(52536014); DIR:OUT; SFP:1101; x-ms-exchange-antispam-messagedata: =?us-ascii?Q?F+p4Zf5xjTmdNRnG2YvJL+ONB9whDVF+82DmU3xHf0ShIPbBR6FGrHhk010x?= =?us-ascii?Q?RBIgR7zm4FVXdETW0rzMvWnptPW07f/ET1UJfpDJdk+vrtqqbbDmikPsRFYE?= =?us-ascii?Q?FHlGV/QhPXuZONN0gfQ4t1Hddvgk/uF1r1ki2AjdxPrPkZDXhctbtoaj9yvD?= =?us-ascii?Q?GevxWGRJS4oK3PKxwLcQzTMCdCtLV1GH22pc/pSvdZEi2elghXAFY8+HlX2F?= =?us-ascii?Q?qX00CJxAyAknRk/aJiKprhMY/SVRr/Fk9XSpXHcsCW1zh+mJL5tYYLIoLpk4?= =?us-ascii?Q?+kbUrpTW0Agw+rU65z/fa0Hfg+pi9zMucRYK7jZksL9vTvPas/zPg4UrH+jp?= =?us-ascii?Q?cphaVYPTPE+w8YM0yrVhW8fbk1BwqEnFRM2YeFtsmSq4VbJhH6g6XvqxRTk2?= =?us-ascii?Q?9KCNOdwysXx0GHd5yCjCPfCz+DgUbWms76e7C/2nCLvOUOwr01J1oSsRnttF?= =?us-ascii?Q?hVlixHHoO/nKboeneBxmE1VzNMNhdx/8FNEuV2aQbVs/aYoRZcT/NSPG5Hxm?= =?us-ascii?Q?L6aS7HY/Xuw4C/ywMcXa/DuvL0Wf+dg1jMqpfPXxxvSohCDApslrLd8xGa+H?= =?us-ascii?Q?6s6ld4jQbPXQac/Um3HVhT5iyxvXiWLg9Ske7gmPB9oZhYVPNan1eCGcgimR?= =?us-ascii?Q?Kr4aExROe3szaUjNsEXAKxlII5BeCTqhiamtk1vEyU1HIdP6ZItCOQ7N21xl?= =?us-ascii?Q?ghQ7xuNjEhBS9mdfTMBQSKAWwnuzrd29Gtxx4a1GsR1p3rdKnzAncEMA4UdM?= =?us-ascii?Q?f01MnRorlAc9SVyInJ5C3ZorjPggJNOpyouUCjqEPFD5Fa+p9jjvR6wiPOaU?= =?us-ascii?Q?6i+0VMP9kot3zJTNYiCWawkFtUotAvqltWlhi4/uYx5O0Y9ggPImmBm7rAGy?= =?us-ascii?Q?DtKEyEuwYcuHQoSlM0NOBL6yv4AtrgUJLcz0pFuttdnMVwi+qN5eGpaYnMjj?= =?us-ascii?Q?R+BFKLTiXvxhWmLJvhCxJSzrOTBhJr/85ACv31vAM622cPz/aFBdmoflA8EW?= =?us-ascii?Q?0ky9VYJ3DZbEAr6e0RlzygQxOHanZrMYLgHah/yTL350fpgu/ohJ9RlCS+RA?= =?us-ascii?Q?s8TLh9VLe8Qxd5bPlZkCqYZa9Os2wOENEatBC/U6lFP//044nE38aYo8AnIn?= =?us-ascii?Q?PwELN5RGvRJ3WJcw2AXTV6QQcwdY+cRN8zJx8PLEZQKRHSN6ZK0j2vKRAgWh?= =?us-ascii?Q?GmnxZehkZnP4ZcEdLOeu4gNuHxvnEAQFX/epOdmgUoLiS5E6LMstwCPP3Ph3?= =?us-ascii?Q?kGJrO30YYFORXYycky0rYtRi3ECQ/d1WYV9VMgZyYQbpmTm7x9+c4yCmzOfh?= =?us-ascii?Q?BzSL+HdRfc0wJAH8IYIpf2Yw?= x-ms-exchange-transport-forked: True MIME-Version: 1.0 X-OriginatorOrg: commscope.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: DM6PR14MB3757.namprd14.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 53994fdf-1c2a-4f2c-7f07-08d8f846aed0 X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Apr 2021 15:22:53.5680 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 31472f81-8fe4-49ec-8bc3-fa1c295640d7 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: 4j27m0hbVXHEcRiSqcQnjk78xPqRP9U81ZkqNJBXOICk7SCOp1TFEcZKZHwQoK37vif+tRJVObtjZtx0EKyJL8EZACNVrk+Mk2HPnGGprJw= X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR14MB1499 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 Subject: [dpdk-users] ipsec-secgw sample app not seem to be able to decode ESP packets whose keys were generated by strongswan X-BeenThere: users@dpdk.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: DPDK usage discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: users-bounces@dpdk.org Sender: "users" Hi, I tried decoding ESP packets using ipsec-secgw. Security association was done using strongswan. Some issues I noticed was that the security key (aes) was 192 bit (not 128 = of 256) Similarly the authentication key (hmac sha) was 384 instead of 128 or 256. Is this sample app capable of decrypting and authenticating ESP packets wit= h such keys? This is what SA looked like: src 30.30.20.11 dst 30.30.30.10 proto esp spi 0xcaa695f2 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha384) 0x55a470aaa48e5100494ce02cdbea1856436b8f88b= 9daf1072469dc5ab5ae6056be4eaa574254b1667b418e977c92ea74 192 enc cbc(aes) 0x43ed51b8bf2ab8f3d9a7477e9c542dae7ab8fe2bf404a1ad anti-replay context: seq 0x0, oseq 0x0, bitmap 0x00000000 This is the configuration I pushed to file for decoding: #SP IPv4 rules #Decryption rule sp ipv4 in esp protect 3399914994 pri 3 dst 10.220.42.0/24 sport 0:65535 dp= ort 0:65535 sa in 3399914994 cipher_algo aes-256-cbc cipher_key 00:00:00:00:00:00:00= :00:43:ED:51:B8:BF:2A:B8:F3:D9:A7:47:7E:9C:54:2D:AE:7A:B8:FE:2B:F4:04:A1:AD= \ auth_algo null \ mode ipv4-tunnel src 30.30.20.11 dst 30.30.30.10 \ port_id 1 \ type no-offload \ #Routing rules rt ipv4 dst 10.220.42.0/24 port 0 #Neighbour rule syntax neigh port 0 f2:e0:f6:21:e0:70 Regards, Surajit