Hi, I am trying to run ipsec-secgw in dpdk-18.02 for: type no-offloadencryption aes-cbcauth hmac-sha1 Test config:Port 0 - ProtectedPort 1 - Unprotected Packets on port 0 get encrypted and sent on 1.But, in the decryption path, esp_inbound is failing returning -EINVAL (payload not multiple of block size). Wireshark seems to show payload is a multiple of block size! I am debugging this.
Can someone provide me a sample working config for me to compare? Command line:=========== ./ipsec-secgw \ -l 6,7 \ --vdev crypto_aesni_mb \ -w 0000:04:00.0 -w 0000:04:00.1 \ --log-level 8 --socket-mem 1024,0 \ -- -p 0xf -P -u 0x2 \ --config="(0,0,6),(1,0,7)" -f /tmp/intel-ep0.cfg ep config======= #SP IPv4 rules sp ipv4 out esp protect 1005 pri 1 dst 192.168.105.0/24 sport 0:65535 dport 0:65535 #SA rules sa out 1005 cipher_algo aes-128-cbc cipher_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d \ auth_algo sha1-hmac auth_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ sa in 5 cipher_algo aes-128-cbc cipher_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d \ auth_algo sha1-hmac auth_key 2b:7e:15:16:28:ae:d2:a6:ab:f7:15:88:09:cf:4f:3d:de:ad:be:ef \ mode ipv4-tunnel src 172.16.1.5 dst 172.16.2.5 \ port_id 1 \ #Routing rules rt ipv4 dst 172.16.2.5/32 port 1 rt ipv4 dst 192.168.105.10/32 port 0 Thanks, Kandy
