On Fri, Aug 25, 2017 at 05:40:28PM +0100, Ian Stokes wrote: > This patch introduces a new tunnel port type 'vxlanipsec'. This port > combines vxlan tunnelling with IPsec operating in transport mode. > > Ciphering and authentication actions ares provided by a DPDK cryptodev. > The cryptodev operates as a vdev and is associated with the vxlan tunnel > port. Upon tunnel encapsulation packets are encrypted and a hash digest > attached to the packet as per RFC4303. Upon decapsulation a packet is > first verified via the hash and then decrypted. > > The cipher algorithm used is 128 AES-CBC and the authentication algorithm > is HMAC-SHA1-96. Note this work is in progress and is not meant for > upstream. It's purpose is to solicit feedback on the approach and known > issues flagged in the accompanying cover letter to the patch series. > > Signed-off-by: Ian Stokes <ian.sto...@intel.com>
Thanks a lot for working on this feature! When I compile without dpdk enabled, I now get: ../lib/netdev-vport.c:31:10: fatal error: 'rte_config.h' file not found ../lib/netdev-native-tnl.c:35:10: fatal error: 'rte_config.h' file not found "sparse" complains: ../lib/netdev-vport.h:40:22: warning: symbol 'spi_map' was not declared. Should it be static? There is obviously a lot of code here to review, but I have not started on that yet. _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev