> a way to make VPP IPsec work better w/ StrongSwan As Damjan said, it would be a control plane adapter. I guess it is also a management plane adapter (translating higher level commands into VPP API commands).
From existing management plane adapters, it reminds me of linux_nl. I read it listens to netlink messages. I like the approach of listening to more standardized messages coming over more standardized communication channel (as opposed to creating a plugin for Linux kernel to call VPP binary API directly). I read StrongSwan can work on Windows (not just Linux), so it has to have some abstraction of dataplane management. What you can do is to create a "remote/userspace dataplane" plugin (contribute to StrongSwan repo, using their GPLv2+) that translates from StrongSwan internals into a standard communication channel (no idea which one, maybe some user-defined netlink protocol), and then on the other side you will have a plugin similar to linux_nl (VPP repo, Apache2 license) translating from that standard communication channel to VPP calls (direct C calls, or binary API). This way you can test the VPP plugin in make test (assuming the standard communication channel is not too exotic for Python to handle) and also StrongSwan plugin in their CI. Vratko. From: vpp-dev@lists.fd.io <vpp-dev@lists.fd.io> On Behalf Of Fan Zhang Sent: Tuesday, 2022-June-14 10:39 To: vpp-dev@lists.fd.io Subject: [vpp-dev] Community meeting today Hi, I was wondering if we can squeeze in a quick topic to discuss in today’s community call? We are working on a way to make VPP IPsec work better w/ StrongSwan and want to discuss the upstream plan of it. Regards, Fan
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#21541): https://lists.fd.io/g/vpp-dev/message/21541 Mute This Topic: https://lists.fd.io/mt/91745080/21656 Group Owner: vpp-dev+ow...@lists.fd.io Unsubscribe: https://lists.fd.io/g/vpp-dev/leave/1480452/21656/631435203/xyzzy [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
