From: Yilin Shieh <ylshieh@gmail.com>
To: users@dpdk.org
Subject: [dpdk-users] ipsec_secgw ep1 can't get the inbound message (dpdk-stable-17.11.6)
Date: Sun, 9 Jun 2019 11:42:14 +0800 [thread overview]
Message-ID: <CAHAdFQa+2bRXGXnoczpjHgEoJuYG9bu1xsx+cF59=bHUG31Kxg@mail.gmail.com> (raw)
Hi all,
I tested the ipsec_secgw with openssl.
I use the test-center connected the EP0 and EP1' s port 1 and port0
connected with each other.
then send one way packet 10.10.27.2 => 10.9.141.2.
But the packet can' be received by test-center
The EP0 port 0 and port 1 's ethernet act led was flashing.
And EP1 only port 0' ethernet act led was flashing.
I tried add debug message at process_pkts() function in ipsec-secgw.c.
But no message be print out. It seems the packets not pass to ipsec-secgw.
Are there any ways to find out why?
Or any problem with my cfg file and command option?
test1_ep0.cfg:
#SP IPv4 rules
sp ipv4 out esp protect 5 pri 1 dst 10.9.141.0/24 sport 0:65535 dport
0:65535
sp ipv4 in esp protect 105 pri 1 dst 10.10.27.0/24 sport 0:65535 dport
0:65535
#SA rules
sa out 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0
\
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 51.15.139.201 dst 51.15.44.48
sa in 105 cipher_algo aes-128-cbc cipher_key
0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 51.15.44.48 dst 51.15.139.201
#Routing rules
rt ipv4 dst 51.15.44.48/32 port 0
rt ipv4 dst 10.10.27.0/24 port 1
execute with:
/build/ipsec-secgw -l 7,8 -n 4 --socket-mem 512,0 --vdev "crypto_openssl"
-- -p 0xf -P -u 0x1 --config="(0,0,7),(1,0,8)" -f test1_ep0.cfg
test1_ep1.cfg:
#SP IPv4 rules
sp ipv4 in esp protect 5 pri 1 dst 10.9.141.0/24 sport 0:65535 dport 0:65535
sp ipv4 out esp protect 105 pri 1 dst 10.10.27.0/24 sport 0:65535 dport
0:65535
#SA rules
sa in 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 51.15.139.201 dst 51.15.44.48
sa out 105 cipher_algo aes-128-cbc cipher_key
0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 51.15.44.48 dst 51.15.139.201
#Routing rules
rt ipv4 dst 51.15.139.201/32 port 0
rt ipv4 dst 10.9.141.0/24 port 1
command:
./build/ipsec-secgw -l 7,8 -n 4 --socket-mem 512,0 --vdev "crypto_openssl"
-- -p 0xf -P -u 0x1 --config="(0,0,7),(1,0,8)" -f test1_ep1.cfg
Any advice and suggestion will be appreciated.
Yi-Lin
reply other threads:[~2019-06-12 16:11 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHAdFQa+2bRXGXnoczpjHgEoJuYG9bu1xsx+cF59=bHUG31Kxg@mail.gmail.com' \
--to=ylshieh@gmail.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).