DPDK patches and discussions
 help / color / mirror / Atom feed
From: Akhil Goyal <gakhil@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
	Tejasree Kondoj <ktejasree@marvell.com>,
	"Nicolau, Radu" <radu.nicolau@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
	Ankur Dwivedi <adwivedi@marvell.com>,
	Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
	"dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Date: Tue, 23 Mar 2021 15:06:04 +0000
Message-ID: <MW2PR18MB2284B928B1C13010A5012539D8649@MW2PR18MB2284.namprd18.prod.outlook.com> (raw)
In-Reply-To: <DM6PR11MB4491F0600BECC8758172E7019A649@DM6PR11MB4491.namprd11.prod.outlook.com>

Hi Konstantin,
> 
> Hi Akhil,
> > > > Adding lookaside IPsec UDP encapsulation support
> > > > for NAT traversal.
> > > > Added --udp-encap option for application to specify
> > > > if UDP encapsulation need to be enabled.
> > > > Example secgw command with UDP encapsultation enabled:
> > > > <secgw> -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap
> > >
> > > Can we have it not as global, but a per SA option?
> > > Add new keyword for SA/SP into ipsec-secgw config file, etc.
> > > Konstantin
> > >
> >
> > Any specific reason to make udp_encap as per SA?
> > UDP encapsulation is a feature which I believe should be application vide.
> > If it supports the feature it should be enabled for all SAs when the UDP port
> > is 4500 which is reserved for it.
> 
> Not sure why it has to be application wide?
> Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over port 0,
> and SA2 with udp encap over port 1?
> Note that in DPDK librte_security it is per SA option.

UDP encapsulation can be done only if the UDP port is 4500 as per the specification.
Please correct me if I am wrong. So if UDP port is NOT 4500 and udp-encap is enabled in the
Command line, UDP encapsulation will not work.

Hence it does make sense to make it application vide. It will be tedious for the user to
Add this in every SA.

Regards,
Akhil



  reply	other threads:[~2021-03-23 15:06 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-15 10:36 [dpdk-dev] [PATCH 0/3] add lookaside IPsec UDP encapsulation and transport mode Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 1/3] crypto/octeontx2: add UDP encapsulation support Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: " Tejasree Kondoj
2021-03-19 16:46   ` Ananyev, Konstantin
2021-03-23  8:02     ` Akhil Goyal
2021-03-23 14:29       ` Ananyev, Konstantin
2021-03-23 15:06         ` Akhil Goyal [this message]
2021-03-23 15:46           ` Ananyev, Konstantin
2021-03-23 17:54             ` Akhil Goyal
2021-03-24  9:45               ` Tejasree Kondoj
2021-03-24 10:39                 ` Ananyev, Konstantin
2021-03-25  8:38                   ` Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 3/3] crypto/octeontx2: support lookaside IPv4 transport mode Tejasree Kondoj

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=MW2PR18MB2284B928B1C13010A5012539D8649@MW2PR18MB2284.namprd18.prod.outlook.com \
    --to=gakhil@marvell.com \
    --cc=adwivedi@marvell.com \
    --cc=anoobj@marvell.com \
    --cc=dev@dpdk.org \
    --cc=jerinj@marvell.com \
    --cc=konstantin.ananyev@intel.com \
    --cc=ktejasree@marvell.com \
    --cc=radu.nicolau@intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

DPDK patches and discussions

This inbox may be cloned and mirrored by anyone:

	git clone --mirror https://inbox.dpdk.org/dev/0 dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 dev dev/ https://inbox.dpdk.org/dev \
		dev@dpdk.org
	public-inbox-index dev

Example config snippet for mirrors.
Newsgroup available over NNTP:
	nntp://inbox.dpdk.org/inbox.dpdk.dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git