From: "Gowda, Sandesh" <sandesh.gowda@intel.com>
To: "Avi Cohen (A)" <avi.cohen@huawei.com>,
"users@dpdk.org" <users@dpdk.org>
Subject: Re: [dpdk-users] IPSEC-SECGW sample application
Date: Mon, 8 Jan 2018 08:47:07 +0000 [thread overview]
Message-ID: <EDE1359882508442A045AB0CF959E30B70AEC69D@PGSMSX102.gar.corp.intel.com> (raw)
In-Reply-To: <B84047ECBD981D4B93EAE5A6245AA36101594AF3@FRAEML521-MBX.china.huawei.com>
Hi Avi,
The application classifies the ports as Protected and Unprotected. Thus, traffic received on an Unprotected or Protected port is consider Inbound or Outbound respectively.
( Refer : http://dpdk.org/doc/guides/sample_app_ug/ipsec_secgw.html )
The Packets sent on a Unprotected network requires Encryption whereas packets on Protected Network can be plain text.
This is the expected behavior.
Regards,
Sandesh
-----Original Message-----
From: users [mailto:users-bounces@dpdk.org] On Behalf Of Avi Cohen (A)
Sent: Sunday, January 07, 2018 9:12 PM
To: users@dpdk.org
Subject: [dpdk-users] IPSEC-SECGW sample application
Hello
I'm using the DPDK17.11 and running the sample app. Ipsec_secgw.
I have 2 ports port 0 is protected and port 1 is unprotected Traffic is received in the unprotected and should be sent to the protected port for encryption But the traffic processing for the traffic received in the unprotected port is going through the **process_pkts_inbound ** .
I expect that the traffic should be directed to the **process_pkts_outbound** [where ESP headers are added etc.] Can someone help ?
This is the config file:
#SP rules
sp ipv4 in esp protect 5 src 1.1.1.2/32 dst 1.1.2.10/32
#SA rules
sa in 5 cipher_algo aes-128-cbc cipher_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
auth_algo sha1-hmac auth_key 0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0:0 \
mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \
type inline-protocol-offload port_id 0
#Routing rules
rt ipv4 dst 172.16.2.5/32 port 0
rt ipv4 dst 1.1.2.0/24 port 0
rt ipv4 dst 1.1.1.0/24 port 0
and this is the command line to run the applic:
./ipsec-secgw -l 1 -n 2 -- -p 0x3 -P -u 0x2 --config="(0,0,1),(1,0,1)" -f ../ep1.cfg
Best Regards
Avi
next prev parent reply other threads:[~2018-01-08 8:47 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-01-07 15:41 Avi Cohen (A)
2018-01-08 8:47 ` Gowda, Sandesh [this message]
2018-01-08 11:47 ` Avi Cohen (A)
2018-01-08 16:34 ` Avi Cohen (A)
2018-01-08 17:23 ` Gowda, Sandesh
2018-01-09 9:38 ` Avi Cohen (A)
2018-01-09 10:00 ` De Lara Guarch, Pablo
2018-01-09 15:15 ` Avi Cohen (A)
2018-01-14 13:53 ` Avi Cohen (A)
2018-01-15 13:54 ` Avi Cohen (A)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=EDE1359882508442A045AB0CF959E30B70AEC69D@PGSMSX102.gar.corp.intel.com \
--to=sandesh.gowda@intel.com \
--cc=avi.cohen@huawei.com \
--cc=users@dpdk.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).