From: Akhil Goyal <gakhil@marvell.com>
To: "Ananyev, Konstantin" <konstantin.ananyev@intel.com>,
Tejasree Kondoj <ktejasree@marvell.com>,
"Nicolau, Radu" <radu.nicolau@intel.com>
Cc: Anoob Joseph <anoobj@marvell.com>,
Ankur Dwivedi <adwivedi@marvell.com>,
Jerin Jacob Kollanukkaran <jerinj@marvell.com>,
"dev@dpdk.org" <dev@dpdk.org>
Subject: Re: [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: add UDP encapsulation support
Date: Tue, 23 Mar 2021 15:06:04 +0000 [thread overview]
Message-ID: <MW2PR18MB2284B928B1C13010A5012539D8649@MW2PR18MB2284.namprd18.prod.outlook.com> (raw)
In-Reply-To: <DM6PR11MB4491F0600BECC8758172E7019A649@DM6PR11MB4491.namprd11.prod.outlook.com>
Hi Konstantin,
>
> Hi Akhil,
> > > > Adding lookaside IPsec UDP encapsulation support
> > > > for NAT traversal.
> > > > Added --udp-encap option for application to specify
> > > > if UDP encapsulation need to be enabled.
> > > > Example secgw command with UDP encapsultation enabled:
> > > > <secgw> -c 0x1 -- -P -p 0x1 --config "(0,0,0)" -f ep0.cfg --udp-encap
> > >
> > > Can we have it not as global, but a per SA option?
> > > Add new keyword for SA/SP into ipsec-secgw config file, etc.
> > > Konstantin
> > >
> >
> > Any specific reason to make udp_encap as per SA?
> > UDP encapsulation is a feature which I believe should be application vide.
> > If it supports the feature it should be enabled for all SAs when the UDP port
> > is 4500 which is reserved for it.
>
> Not sure why it has to be application wide?
> Why it is not possible have let say SA1 in ipv4/ipv6 tunnel mode over port 0,
> and SA2 with udp encap over port 1?
> Note that in DPDK librte_security it is per SA option.
UDP encapsulation can be done only if the UDP port is 4500 as per the specification.
Please correct me if I am wrong. So if UDP port is NOT 4500 and udp-encap is enabled in the
Command line, UDP encapsulation will not work.
Hence it does make sense to make it application vide. It will be tedious for the user to
Add this in every SA.
Regards,
Akhil
next prev parent reply other threads:[~2021-03-23 15:06 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-15 10:36 [dpdk-dev] [PATCH 0/3] add lookaside IPsec UDP encapsulation and transport mode Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 1/3] crypto/octeontx2: add UDP encapsulation support Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 2/3] examples/ipsec-secgw: " Tejasree Kondoj
2021-03-19 16:46 ` Ananyev, Konstantin
2021-03-23 8:02 ` Akhil Goyal
2021-03-23 14:29 ` Ananyev, Konstantin
2021-03-23 15:06 ` Akhil Goyal [this message]
2021-03-23 15:46 ` Ananyev, Konstantin
2021-03-23 17:54 ` Akhil Goyal
2021-03-24 9:45 ` Tejasree Kondoj
2021-03-24 10:39 ` Ananyev, Konstantin
2021-03-25 8:38 ` Tejasree Kondoj
2021-03-15 10:36 ` [dpdk-dev] [PATCH 3/3] crypto/octeontx2: support lookaside IPv4 transport mode Tejasree Kondoj
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MW2PR18MB2284B928B1C13010A5012539D8649@MW2PR18MB2284.namprd18.prod.outlook.com \
--to=gakhil@marvell.com \
--cc=adwivedi@marvell.com \
--cc=anoobj@marvell.com \
--cc=dev@dpdk.org \
--cc=jerinj@marvell.com \
--cc=konstantin.ananyev@intel.com \
--cc=ktejasree@marvell.com \
--cc=radu.nicolau@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).