./build/ipsec-secgw [EAL options] --
-p PORTMASK -P -u PORTMASK -j FRAMESIZE
-l -w REPLAY_WINOW_SIZE -e -a
+ -c SAD_CACHE_SIZE
--config (port,queue,lcore)[,(port,queue,lcore]
--single-sa SAIDX
--rxoffload MASK
* ``-a``: enables Security Association sequence number atomic behavior
(available only with librte_ipsec code path).
+* ``-c``: specifies the SAD cache size. Stores the most recent SA in a per
+ lcore cache. Cache represents flat array containing SA's indexed by SPI.
+ Zero value disables cache.
+ Default value: 128.
+
* ``--config (port,queue,lcore)[,(port,queue,lcore)]``: determines which queues
from which ports are mapped to which cores.
Incoming packets with length bigger then MTU will be discarded.
Default value: 1500.
+* ``--frag-ttl FRAG_TTL_NS``: fragment lifetime (in nanoseconds).
+ If packet is not reassembled within this time, received fragments
+ will be discarded. Fragment lifetime should be decreased when
+ there is a high fragmented traffic loss in high bandwidth networks.
+ Should be lower for low number of reassembly buckets.
+ Valid values: from 1 ns to 10 s. Default value: 10000000 (10 s).
+
* ``--reassemble NUM``: max number of entries in reassemble fragment table.
Zero value disables reassembly functionality.
Default value: 0.
* ``CRYPTO_DEV``: crypto device to be used ('-w <pci-id>'). If none specified
appropriate vdevs will be created by the script
+* ``MULTI_SEG_TEST``: ipsec-secgw option to enable reassembly support and
+ specify size of reassembly table (e.g.
+ ``MULTI_SEG_TEST='--reassemble 128'``). This option must be set for
+ fallback session tests.
+
Note that most of the tests require the appropriate crypto PMD/device to be
available.