Re: [PATCHv3 net-next 0/7] pktgen IPsec support

[Fan Du <fan.du@windriver.com>]

On 2013年12月17日 21:41, jamal wrote:
> On 12/16/13 21:22, Fan Du wrote:
>>
>>
>> I thought we have reach the consensus on this part in previous discussion
>> (http://www.spinics.net/lists/netdev/msg261411.html), This enhancement
>> patch didn't change original behavior, nor does remove original implementation.
>>
>
> right - thats the agreement. i.e nothing changes by default unless
> some pktgen parameter is set.
> If someone wants to send using original scheme it should work
> as long as they dont set this extra parameter.
>
>> This enhancement expects good encapsulation format for the receiver to
>> de-encapsulation.
>>
>
> Maybe i missed something - receiver wasnt affected in the discussion.
> It was only the sender.

It's in this thread, see: http://www.spinics.net/lists/netdev/msg260537.html


>> This is snippets of doc updates I could come up with. Please check if it's ok
>> for you.
>>
>> @@ -108,7 +108,9 @@ Examples:
>> MPLS_RND, VID_RND, SVID_RND
>> QUEUE_MAP_RND # queue map random
>> QUEUE_MAP_CPU # queue map mirrors smp_processor_id()
>> + IPSEC # Make IPsec encapsulation for packet
>>
>> + pgset spi SPI_VALUE Set specific SA used to transform packet.
>>
>> pgset "udp_src_min 9" set UDP source port min, If < udp_src_max, then
>> cycle through the port range.
>> @@ -177,6 +179,18 @@ Note when adding devices to a specific CPU there good idea to also assign
>> /proc/irq/XX/smp_affinity so the TX-interrupts gets bound to the same CPU.
>> as this reduces cache bouncing when freeing skb's.
>>
>> +Enable IPsec
>> +============
>> +Default IPsec transformation with ESP encapsulation plus Transport mode
>> +could be enabled by simply setting:
>> +
>> +pgset "flag IPSEC"
>> +pgset "flows 1"
>> +
>> +To avoid breaking existing testbed scripts for using AH type and tunnel mode,
>> +user could use "pgset spi SPI_VALUE" to specify which formal of transformation
>> +to employ.
>> +
>>
>
> Thanks. Thats a good starting point. I just realized there's nothing at all on
> ipsec ;-> Maybe you can add even more extensive info to describe all modes?

No, those information does not belong to pktgen at all.

All we need is a 'spi' to point which SA to employ for the transformation. The SA, either
manually created temporally for pktgen test, or using existing one(though with different
tmpl info)will describe specific type(ESP/AH) or mode(Transport/Tunnel) in use.


> cheers,
> jamal
>> Current commands and configuration options
>> ==========================================
>> @@ -225,6 +239,7 @@ flag
>> UDPDST_RND
>> MACSRC_RND
>> MACDST_RND
>> + IPSEC
>>
>> dst_min
>>
>>
>
>

-- 
浮沉随浪只记今朝笑

--fan