tkanteck
commented
4 years ago Hello,
Many thanks for your email.
Yes, of course, it can be used for IPSEC in user space. For example, DPDK Security Gateway sample application does it - see details here https://doc.dpdk.org/guides/sample_app_ug/ipsec_secgw.html. However, this application does it indirectly but through DPDK cryptodev. This library is used as software crypto provider to DPDK cryptodev.
To 2nd part of your question, the library can also be used for other protocols and different layers than IPSEC. There is nothing in the library that makes it IPSEC specific. Just the first versions of the library were IPSEC oriented and thus the name. However, it seems that for the case you describe it may be required to implement/adapt IPSEC stack to work correctly in this scenario (handle SA, IV etc).
Hi,
I am planning to use this software implementation for implementing an IPSec protocol between two of my ubuntu machines. One concern I have is that in the recieving machine one my NICs (I have two physical NICs at both of them) is configured as DPDK interface naming dpdk0. So therefore I wonder if its possible to create an IPSEC in which the encrypted packets are recived through dpdk interface? The last question is can I use these cryptographic library as IPSEC endpoints on application layer rather than IP layer? I am askinng that because my application use a bypass kernel mechanism so basically the normal TCP layer is in user space