hi
I meet the issue that I have tried many method, but failed to enable ipsec crypto offload.
- the device info I used:
CX6231016AN-CDAT_06 - the ipsec offload info shown from the network card:
- ethtool -k ens61f0np0 | grep esp
tx-esp-segmentation: off [fixed]
esp-hw-offload: off[fixed]
esp-tx-csum-hw-offload: off [fixed] - dmesg | grep -i ipsec
no “IPsec ESP acceleration enabled” log
- which I have tried
- enable esp-hw-offload by ethtool
ethtool -K ens61f0np0 esp-hw-offload on
Actual changes:
esp-hw-offload: off [requested on]
could not change any device feature - using xfrm tool to enable esp offload
as the NVIDIA MLNX OFED document said: ip xfrm state add src 192.168.1.64/24 dst 192.168.1.65/24 proto esp spi 0x46dc6204 reqid 0x46dc6204 mode transport aead ‘rfc4106(gcm(aes))’ 0x60bd6c3eafba371a46411830fd56c53af93883261ed1fb26767820ff493f43ba35b0dcca 128
offload dev ens61f0np0 dir out sel src 192.168.1.64 dst 192.168.1.65
both in and out dir were configured, the result captured from ens61f0np0 by wireshark shown that, the TX has been encrypted while the RX was decrypted, which is not meet the expected result: both TX and RX are cleartext.
my questions:
- is this network card model support ipsec crypto offload? if not, which one?
- if yes, how to enable ipsec crypto correctly? why using xfrm tool lead to such phenomenon?
Thank you