X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=doc%2Fguides%2Fsample_app_ug%2Fipsec_secgw.rst;h=2dc39aa50ac4ce2b681c8a4db57e59bb28fabefb;hb=9510dd1feb71fac0b71c74e71bd2618ad14301ac;hp=1f37dccf8bb7a66802d5367a6575c2b9082633b3;hpb=e2a94f9ad3ef949c0df3e63699bd4e381b5003d9;p=dpdk.git diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 1f37dccf8b..2dc39aa50a 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -125,7 +125,7 @@ The application has a number of command line options:: .//examples/dpdk-ipsec-secgw [EAL options] -- -p PORTMASK -P -u PORTMASK -j FRAMESIZE - -l -w REPLAY_WINOW_SIZE -e -a + -l -w REPLAY_WINDOW_SIZE -e -a -c SAD_CACHE_SIZE -s NUMBER_OF_MBUFS_IN_PACKET_POOL -f CONFIG_FILE_PATH @@ -161,7 +161,7 @@ Where: * ``-l``: enables code-path that uses librte_ipsec. -* ``-w REPLAY_WINOW_SIZE``: specifies the IPsec sequence number replay window +* ``-w REPLAY_WINDOW_SIZE``: specifies the IPsec sequence number replay window size for each Security Association (available only with librte_ipsec code path). @@ -323,15 +323,15 @@ This means that if the application is using a single core and both hardware and software crypto devices are detected, hardware devices will be used. A way to achieve the case where you want to force the use of virtual crypto -devices is to whitelist the Ethernet devices needed and therefore implicitly -blacklisting all hardware crypto devices. +devices is to only use the Ethernet devices needed (via the allow flag) +and therefore implicitly blocking all hardware crypto devices. For example, something like the following command line: .. code-block:: console .//examples/dpdk-ipsec-secgw -l 20,21 -n 4 --socket-mem 0,2048 \ - -w 81:00.0 -w 81:00.1 -w 81:00.2 -w 81:00.3 \ + -a 81:00.0 -a 81:00.1 -a 81:00.2 -a 81:00.3 \ --vdev "crypto_aesni_mb" --vdev "crypto_null" \ -- \ -p 0xf -P -u 0x3 --config="(0,0,20),(1,0,20),(2,0,21),(3,0,21)" \ @@ -500,7 +500,7 @@ The SA rule syntax is shown as follows: sa - + where each options means: @@ -709,6 +709,17 @@ where each options means: * *port_id*: Port ID of the NIC for which the SA is configured. * *queue_id*: Queue ID to which traffic should be redirected. + ```` + + * Option to enable IPsec UDP encapsulation for NAT Traversal. + Only *lookaside-protocol-offload* mode is supported at the moment. + + * Optional: Yes, it is disabled by default + + * Syntax: + + * *udp-encap* + Example SA rules: .. code-block:: console @@ -929,13 +940,13 @@ The user must setup the following environment variables: * ``REMOTE_IFACE``: interface name for the test-port on the DUT. -* ``ETH_DEV``: ethernet device to be used on the SUT by DPDK ('-w ') +* ``ETH_DEV``: ethernet device to be used on the SUT by DPDK ('-a ') Also the user can optionally setup: * ``SGW_LCORE``: lcore to run ipsec-secgw on (default value is 0) -* ``CRYPTO_DEV``: crypto device to be used ('-w '). If none specified +* ``CRYPTO_DEV``: crypto device to be used ('-a '). If none specified appropriate vdevs will be created by the script Scripts can be used for multiple test scenarios. To check all available @@ -1023,4 +1034,4 @@ Available options: * ``-h`` Show usage. If is specified, only tests for that mode will be invoked. For the -list of available modes please refer to run_test.sh. \ No newline at end of file +list of available modes please refer to run_test.sh.