X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=doc%2Fguides%2Fsample_app_ug%2Fipsec_secgw.rst;h=81c5d43606159a4cb62d29162f716eebfce2c6c1;hb=9dbc4e21e752ca98e23205c3d1bac53e03e934b3;hp=038f593f4cb0c80c95952cb66fc254d083c969ad;hpb=6118acc29906f8a853d471f28bc1fab503587a57;p=dpdk.git
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 038f593f4c..81c5d43606 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -506,6 +506,7 @@ The SA rule syntax is shown as follows:
sa
+
where each options means:
@@ -538,6 +539,7 @@ where each options means:
* *null*: NULL algorithm
* *aes-128-cbc*: AES-CBC 128-bit algorithm
+ * *aes-192-cbc*: AES-CBC 192-bit algorithm
* *aes-256-cbc*: AES-CBC 256-bit algorithm
* *aes-128-ctr*: AES-CTR 128-bit algorithm
* *3des-cbc*: 3DES-CBC 192-bit algorithm
@@ -593,6 +595,8 @@ where each options means:
* Available options:
* *aes-128-gcm*: AES-GCM 128-bit algorithm
+ * *aes-192-gcm*: AES-GCM 192-bit algorithm
+ * *aes-256-gcm*: AES-GCM 256-bit algorithm
* Syntax: *cipher_algo *
@@ -604,11 +608,12 @@ where each options means:
Must be followed by option
* Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
- The number of bytes should be as same as the specified AEAD algorithm
- key size.
+ Last 4 bytes of the provided key will be used as 'salt' and so, the
+ number of bytes should be same as the sum of specified AEAD algorithm
+ key size and salt size (4 bytes).
For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
- A1:B2:C3:D4*
+ A1:B2:C3:D4:A1:B2:C3:D4*
````
@@ -698,6 +703,18 @@ where each options means:
* *fallback lookaside-none*
+````
+
+ * Option for redirecting a specific inbound ipsec flow of a port to a specific
+ queue of that port.
+
+ * Optional: Yes.
+
+ * Available options:
+
+ * *port_id*: Port ID of the NIC for which the SA is configured.
+ * *queue_id*: Queue ID to which traffic should be redirected.
+
Example SA rules:
.. code-block:: console
@@ -727,6 +744,9 @@ Example SA rules:
mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 \
type inline-crypto-offload port_id 0
+ sa in 117 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.7 \
+ dst 172.16.1.7 flow-direction 0 2
+
Routing rule syntax
^^^^^^^^^^^^^^^^^^^
@@ -850,10 +870,12 @@ Also the user can optionally setup:
* ``CRYPTO_DEV``: crypto device to be used ('-w '). If none specified
appropriate vdevs will be created by the script
-* ``MULTI_SEG_TEST``: ipsec-secgw option to enable reassembly support and
- specify size of reassembly table (e.g.
- ``MULTI_SEG_TEST='--reassemble 128'``). This option must be set for
- fallback session tests.
+Scripts can be used for multiple test scenarios. To check all available
+options run:
+
+.. code-block:: console
+
+ /bin/bash run_test.sh -h
Note that most of the tests require the appropriate crypto PMD/device to be
available.
@@ -897,17 +919,40 @@ SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(IPsec)-->(NIC1)DUT OS
It then tries to perform some data transfer using the scheme described above.
-usage
+Usage
~~~~~
-In the ipsec-secgw/test directory
+In the ipsec-secgw/test directory run
+
+/bin/bash run_test.sh
+
+Available options:
+
+* ``-4`` Perform tests with use of IPv4. One or both [-46] options needs to be
+ selected.
+
+* ``-6`` Perform tests with use of IPv6. One or both [-46] options needs to be
+ selected.
+
+* ``-m`` Add IPSec tunnel mixed IP version tests - outer IP version different
+ than inner. Inner IP version will match selected option [-46].
+
+* ``-i`` Run tests in inline mode. Regular tests will not be invoked.
+
+* ``-f`` Run tests for fallback mechanism. Regular tests will not be invoked.
+
+* ``-l`` Run tests in legacy mode only. It cannot be used with options [-fsc].
+ On default library mode is used.
-to run one test for IPv4 or IPv6
+* ``-s`` Run all tests with reassembly support. On default only tests for
+ fallback mechanism use reassembly support.
-/bin/bash linux_test(4|6).sh
+* ``-c`` Run tests with use of cpu-crypto. For inline tests it will not be
+ applied. On default lookaside-none is used.
-to run all tests for IPv4 or IPv6
+* ``-p`` Perform packet validation tests. Option [-46] is not required.
-/bin/bash run_test.sh -4|-6
+* ``-h`` Show usage.
-For the list of available modes please refer to run_test.sh.
+If is specified, only tests for that mode will be invoked. For the
+list of available modes please refer to run_test.sh.
\ No newline at end of file