[dpdk-users] IPsec offload

[De Lara Guarch, Pablo]

Hi Avi,

> -----Original Message-----
> From: Avi Cohen (A) [mailto:avi.cohen at huawei.com]
> Sent: Tuesday, November 7, 2017 8:55 AM
> To: De Lara Guarch, Pablo <pablo.de.lara.guarch at intel.com>; Thomas
> Monjalon <thomas at monjalon.net>
> Cc: users at dpdk.org; olgas at mellanox.com
> Subject: RE: [dpdk-users] IPsec offload
> 
> 
> > > Thank you Pablo
> > > Can you supply an example command line to run the ipsec-secgw ?
> >
> > ./examples/ipsec-secgw/build/ipsec-secgw -l 10,11 -n 4 --
> > vdev="crypto_aesni_gcm0" /
> > -- -p 0x1 -P --config="(0,0,10)" -f ep-sample.cfg
> >
> > Where ep-sample.cfg contains:
> >
> > sp ipv4 out esp protect 0010 pri 1 dst 001.0.0.0/24 sport 0:65535
> > dport 0:65535 sa out 0010 aead_algo aes-128-gcm aead_key
> de:ad:be:ef:de:ad:be:ef:de:ad:be:
> > ef:de:ad:be:ef:de:ad:be:ef mode ipv4-tunnel src 20.0.0.0 dst 21.0.0.0
> > rt ipv4 dst
> > 21.0.0.0/8 port 0
> >
> [Avi Cohen (A)]
> 
> When running it almost all parameters from the config file starting from "
> sa out 0010"  are not recognized by the application Do I have to create any
> additional objects before running it ? I don't see it in the documentation .
> I want to run IPsec offload over ethernet port Best Regards Avi

You need to make sure that you have a crypto device (SW or HW) that support
the algorithms set in the sa lines.
For instance, the "SA line" above is using AES-GCM, so you could use the AESNI GCM PMD,
with the command line above (using --vdev).

Regards,
Pablo