IPSec support for NDK

Hi Mark,

Unfortunately, I don't think the NDK supports IPSec.  I inspected the code just to be sure and I see that the following defines in socket.h:

//
// Protocols
//
#define IPPROTO_IP      0               // IP Placeholder
#define IPPROTO_ICMP    1               // ICMP
#define IPPROTO_IGMP    2               // IGMP
#define IPPROTO_TCP     6               // TCP
#define IPPROTO_UDP     17              // UDP
#define IPPROTO_IPV6    41              // IPV6
#define IPPROTO_ICMPV6  58              // ICMPV6 Header.

I also see the switch statement which handles IP packets received (IPRxPacket() in ipin.c) does not handle IPSec (protocol number 0x50):

            // Dispatch the IP packet
            switch( pIpHdr->Protocol )
            {
            case IPPROTO_TCP:
                TcpInput( pPkt );
                break;
            case IPPROTO_UDP:
                UdpInput( pPkt );
                break;
            case IPPROTO_ICMP:
                ICMPInput( pPkt );
                break;
            case IPPROTO_IGMP:
                IGMPInput( pPkt );
                break;
            default:
                ips.Delivered--;
                ips.Noproto++;
                RawInput( pPkt );
                break;
            }

Steve

Steve

I have successfully enabled IPSec support in DM648EVM with NDK.Please help me with the following,

I am using NDK 2 with EVMDM648 HelloWorld Application in switch mode (ALEBypass). http://processors.wiki.ti.com/index.php/Network_Developers_Kit_FAQ states that due to EMAC limitation DM648 can only support Jumbo Packets upto 2047 bytes. However Marvell Alaska 88E1111 PHY which is used in DM648 gives full Jumbo Packet support. I just want to activate the Jumbo Frames on my board even if it only gives me 2047 bytes compatiblity as described on the NDK FAQ page refered above because I will still have more bytes than 1514 in standard packets.

Regards

Mark

Please refer to the link below for more details -

http://processors.wiki.ti.com/index.php/Network_Developers_Kit_FAQ#Q:_Does_NDK_support_Jumbo_Packets.3F

http://processors.wiki.ti.com/index.php/Network_Developers_Kit_FAQ#Q:_C6455_EVM_has_a_Gigabit_EMAC._Does_the_hardware_support_Jumbo_Packets.3F

Steve

I am waiting for your response.

Sorry Mark -- Steve is actually out until Monday.  Did the links I pointed you to help?

David

No they only tell that only Mezanine board of C6455 has the Jumbo frame capability. However according to those pages DM648 can support Jumbo upto 2047 bytes. I require that feature how can i enable it using the HelloWorld Applicaition in switch mode? I hope you or Steve will help me out.

Hi Mark,

Sorry, I was on vacation and so I didn't see your forum posts.

The NDK's jumbo packet support and stack code is surrounded by #if statements like the following:

#ifdef _INCLUDE_JUMBOFRAME_SUPPORT

/* <some jumbo packet code or call...> */

#endif

Unfortunately, the standard NDK libraries that are shipped in the product were not built with _INCLUDE_JUMBOFRAME_SUPPORT defined.

So, you would need to rebuild the NDK libraries and specify this define as an option to the compiler (i.e. "-D_INCLUDE_JUMBOFRAME_SUPPORT")

Please see this wiki for steps on how to rebuild the NDK libraries.

http://processors.wiki.ti.com/index.php/Rebuilding_the_NDK_Core

Steve

Steve

The page you referred about rebuilding the ndk core describes the process for CCSv4. Can i have one for CCSv3.3.

Also please tell me that are these the only 2(giving the compiler option & rebuilding the core) required steps and after that the jumbo packet will be routed?

Regards

Mark

Mark,

I apologize, I misinformed you somewhat because I thought that you were on the latest NDK.  I see from your original post that you are on NDK 2.0. This makes things easier actually.

NDK 2.0 comes with the jumbo libraries.  You should only need to link them into your application in place of the "normal" ones.  The libraries are:

• netctrl_jumbo.lib
• nettool_jumbo.lib
• os_jumbo.lib
• os_sem_jumbo.lib

Steve

Hello Steve

I removed the netctrl.lib, nettool.lib, os.lib and os_sem.lib from the project and added the ones you refered. Then compiled the project but still i m unable to route a packet of jumbo category. I passed the packet of around 1900 bytes keeping in view the 2047byte restriction for DM648 EMAC buffer. However I recieved the EMAC_send() packet returned 3000028 error. Please tell me what is missing here. Also note that when i incresed the buffer size in ethdriver.c the emac failed to register upon program execution. I also tried to increase the rxbuffer size in ethdriver.c and RXMAXLEN in cpsw3g_init_cfg.h file but in vain the packet was returned.

Regards

Mark

Hi Mark,

I'm not sure that you need to change the sizes of the buffers in ethdriver.c; that doesn't sound right to me.

Can you put break points at each of the jumbo APIs to make sure that they are being called (and to make sure that they are linked into your app)?

_jumbo_mmInit()
jumbo_mmAlloc()
jumbo_mmFree()
_jumbo_mmCheck()

Thanks,

Steve

Steve

I cannot find the function definitions or calling to these functions in my whole code. I can only find their declaration as external functions such as _extern _jumbo_mmAlloc().

Please tell me in which file they are present so that i can put the break point and tell you.

Regards

Mark

Hi Mark/Steve,

I am not clear about enabling IPSec with NDK . Is NDK able to receive IPSEC and transmit IPSEC packets?

Is NDK will do the IPSEC for the IP packets?

Thanks in advance.

Regards,

K. Lakshmanan

K. Lakshmanan,

The NDK does not support IPSec.  Mark must have updated the NDK sources himself to add this feature to the stack.  The NDK ships with full source code that is buildable so you can try this yourself, but we won't be able to provide much support with that.

Steve

Hello Steve

Do you know if there is any intention to add IPSEC to NDK or third party stack compatible with TIRTOS which supports IPSEC?

This is something we may require and I am not sure we have capacity to add ourselves.

Thanks

Barry

Hi Barry,

We will be adding support for SSL (working with a 3rd party) in an upcoming release of TIRTOS.  I don't believe we have IPSEC on our roadmap.

Steve