Özkan KIRIK
2021-04-27 06:11:03 UTC
Hello,
I'have a Chelsio T62100-LP-CR card. I want to use IPsec acceleration. I'm
using FreeBSD stable/12 (built on 2021-04-12). But when using setkey, I got
"Device not configured" error.
What is the right way to use it ? I'm using both if_ipsec and strongswan.
How to repeat:
# kldload ccr
# dmesg | grep ccr
ccr0: <Chelsio Crypto Accelerator> numa-domain 0 on t6nex0
# pciconf -lv
***@pci0:59:0:0: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:1: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:2: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:3: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:4: class=0x020000 card=0x00001425 chip=0x64071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:5: class=0x010000 card=0x00001425 chip=0x65071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Storage Controller'
class = mass storage
subclass = SCSI
***@pci0:59:0:6: class=0x0c0400 card=0x00001425 chip=0x66071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Storage Controller'
class = serial bus
subclass = Fibre Channel
# ifconfig ipsec0 create reqid 100
# ifconfig ipsec0 inet tunnel 192.168.0.3 192.168.0.5
# ifconfig ipsec0 inet 172.16.0.3/16 172.16.0.5
# cat > setket.conf
add 192.168.0.3 192.168.0.5 esp 10000 -m tunnel -u 100 -E rijndael-cbc
"VerySecureKey!!1";
add 192.168.0.5 192.168.0.3 esp 10001 -m tunnel -u 100 -E rijndael-cbc
"VerySecureKey!!2";
^D
# setkey -vcf setkey.conf
sadb_msg{ version=2 type=3(ADD) errno=0 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212131 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10000 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=128 reserved2=26960 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_msg{ version=2 type=3(ADD) errno=6 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212131 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10000 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=128 reserved2=26960 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
The result of line 1: Device not configured.
sadb_msg{ version=2 type=3(ADD) errno=0 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212132 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10001 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=0 reserved2=26961 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_msg{ version=2 type=3(ADD) errno=6 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212132 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10001 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=0 reserved2=26961 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
The result of line 2: Device not configured.
Thanks!
I'have a Chelsio T62100-LP-CR card. I want to use IPsec acceleration. I'm
using FreeBSD stable/12 (built on 2021-04-12). But when using setkey, I got
"Device not configured" error.
What is the right way to use it ? I'm using both if_ipsec and strongswan.
How to repeat:
# kldload ccr
# dmesg | grep ccr
ccr0: <Chelsio Crypto Accelerator> numa-domain 0 on t6nex0
# pciconf -lv
***@pci0:59:0:0: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:1: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:2: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:3: class=0x020000 card=0x00001425 chip=0x60071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:4: class=0x020000 card=0x00001425 chip=0x64071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Ethernet Controller'
class = network
subclass = ethernet
***@pci0:59:0:5: class=0x010000 card=0x00001425 chip=0x65071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Storage Controller'
class = mass storage
subclass = SCSI
***@pci0:59:0:6: class=0x0c0400 card=0x00001425 chip=0x66071425
rev=0x00 hdr=0x00
vendor = 'Chelsio Communications Inc'
device = 'T62100-LP-CR Unified Wire Storage Controller'
class = serial bus
subclass = Fibre Channel
# ifconfig ipsec0 create reqid 100
# ifconfig ipsec0 inet tunnel 192.168.0.3 192.168.0.5
# ifconfig ipsec0 inet 172.16.0.3/16 172.16.0.5
# cat > setket.conf
add 192.168.0.3 192.168.0.5 esp 10000 -m tunnel -u 100 -E rijndael-cbc
"VerySecureKey!!1";
add 192.168.0.5 192.168.0.3 esp 10001 -m tunnel -u 100 -E rijndael-cbc
"VerySecureKey!!2";
^D
# setkey -vcf setkey.conf
sadb_msg{ version=2 type=3(ADD) errno=0 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212131 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10000 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=128 reserved2=26960 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_msg{ version=2 type=3(ADD) errno=6 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212131 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10000 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=128 reserved2=26960 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
The result of line 1: Device not configured.
sadb_msg{ version=2 type=3(ADD) errno=0 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212132 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10001 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=0 reserved2=26961 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
sadb_msg{ version=2 type=3(ADD) errno=6 satype=3
len=15 reserved=0 seq=0 pid=90711
sadb_ext{ len=3 type=9(KEY_ENCRYPT) }
sadb_key{ bits=128 reserved=0
key= 56657279 53656375 72654b65 79212132 }
sadb_ext{ len=2 type=1(SA) }
sadb_sa{ spi=10001 replay=0 state=0
auth=0 encrypt=12 flags=0x00000040 }
sadb_ext{ len=2 type=19(SA2) }
sadb_x_sa2{ mode=2 reqid=100
reserved1=0 reserved2=26961 sequence=2048 }
sadb_ext{ len=3 type=5(ADDRESS_SRC) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.5 }
sadb_ext{ len=3 type=6(ADDRESS_DST) }
sadb_address{ proto=255 prefixlen=32 reserved=0x0000 }
sockaddr{ len=16 family=2 addr=192.168.0.3 }
The result of line 2: Device not configured.
Thanks!