X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=doc%2Fguides%2Fsample_app_ug%2Fipsec_secgw.rst;h=81c5d43606159a4cb62d29162f716eebfce2c6c1;hb=9dbc4e21e752ca98e23205c3d1bac53e03e934b3;hp=038f593f4cb0c80c95952cb66fc254d083c969ad;hpb=6118acc29906f8a853d471f28bc1fab503587a57;p=dpdk.git

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 038f593f4c..81c5d43606 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -506,6 +506,7 @@ The SA rule syntax is shown as follows:
 
     sa <dir> <spi> <cipher_algo> <cipher_key> <auth_algo> <auth_key>
     <mode> <src_ip> <dst_ip> <action_type> <port_id> <fallback>
+    <flow-direction> <port_id> <queue_id>
 
 where each options means:
 
@@ -538,6 +539,7 @@ where each options means:
 
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
+   * *aes-192-cbc*: AES-CBC 192-bit algorithm
    * *aes-256-cbc*: AES-CBC 256-bit algorithm
    * *aes-128-ctr*: AES-CTR 128-bit algorithm
    * *3des-cbc*: 3DES-CBC 192-bit algorithm
@@ -593,6 +595,8 @@ where each options means:
  * Available options:
 
    * *aes-128-gcm*: AES-GCM 128-bit algorithm
+   * *aes-192-gcm*: AES-GCM 192-bit algorithm
+   * *aes-256-gcm*: AES-GCM 256-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -604,11 +608,12 @@ where each options means:
    Must be followed by <aead_algo> option
 
  * Syntax: Hexadecimal bytes (0x0-0xFF) concatenate by colon symbol ':'.
-   The number of bytes should be as same as the specified AEAD algorithm
-   key size.
+   Last 4 bytes of the provided key will be used as 'salt' and so, the
+   number of bytes should be same as the sum of specified AEAD algorithm
+   key size and salt size (4 bytes).
 
    For example: *aead_key A1:B2:C3:D4:A1:B2:C3:D4:A1:B2:C3:D4:
-   A1:B2:C3:D4*
+   A1:B2:C3:D4:A1:B2:C3:D4*
 
 ``<mode>``
 
@@ -698,6 +703,18 @@ where each options means:
 
    * *fallback lookaside-none*
 
+``<flow-direction>``
+
+ * Option for redirecting a specific inbound ipsec flow of a port to a specific
+   queue of that port.
+
+ * Optional: Yes.
+
+ * Available options:
+
+   * *port_id*: Port ID of the NIC for which the SA is configured.
+   * *queue_id*: Queue ID to which traffic should be redirected.
+
 Example SA rules:
 
 .. code-block:: console
@@ -727,6 +744,9 @@ Example SA rules:
     mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 \
     type inline-crypto-offload port_id 0
 
+    sa in 117 cipher_algo null auth_algo null mode ipv4-tunnel src 172.16.2.7 \
+    dst 172.16.1.7 flow-direction 0 2
+
 Routing rule syntax
 ^^^^^^^^^^^^^^^^^^^
 
@@ -850,10 +870,12 @@ Also the user can optionally setup:
 *   ``CRYPTO_DEV``: crypto device to be used ('-w <pci-id>'). If none specified
     appropriate vdevs will be created by the script
 
-*   ``MULTI_SEG_TEST``: ipsec-secgw option to enable reassembly support and
-    specify size of reassembly table (e.g.
-    ``MULTI_SEG_TEST='--reassemble 128'``). This option must be set for
-    fallback session tests.
+Scripts can be used for multiple test scenarios. To check all available
+options run:
+
+.. code-block:: console
+
+    /bin/bash run_test.sh -h
 
 Note that most of the tests require the appropriate crypto PMD/device to be
 available.
@@ -897,17 +919,40 @@ SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(IPsec)-->(NIC1)DUT OS
 
 It then tries to perform some data transfer using the scheme described above.
 
-usage
+Usage
 ~~~~~
 
-In the ipsec-secgw/test directory
+In the ipsec-secgw/test directory run
+
+/bin/bash run_test.sh <options> <ipsec_mode>
+
+Available options:
+
+*   ``-4`` Perform tests with use of IPv4. One or both [-46] options needs to be
+    selected.
+
+*   ``-6`` Perform tests with use of IPv6. One or both [-46] options needs to be
+    selected.
+
+*   ``-m`` Add IPSec tunnel mixed IP version tests - outer IP version different
+    than inner. Inner IP version will match selected option [-46].
+
+*   ``-i`` Run tests in inline mode. Regular tests will not be invoked.
+
+*   ``-f`` Run tests for fallback mechanism. Regular tests will not be invoked.
+
+*   ``-l`` Run tests in legacy mode only. It cannot be used with options [-fsc].
+    On default library mode is used.
 
-to run one test for IPv4 or IPv6
+*   ``-s`` Run all tests with reassembly support. On default only tests for
+    fallback mechanism use reassembly support.
 
-/bin/bash linux_test(4|6).sh <ipsec_mode>
+*   ``-c`` Run tests with use of cpu-crypto. For inline tests it will not be
+    applied. On default lookaside-none is used.
 
-to run all tests for IPv4 or IPv6
+*   ``-p`` Perform packet validation tests. Option [-46] is not required.
 
-/bin/bash run_test.sh -4|-6
+*   ``-h`` Show usage.
 
-For the list of available modes please refer to run_test.sh.
+If <ipsec_mode> is specified, only tests for that mode will be invoked. For the
+list of available modes please refer to run_test.sh.
\ No newline at end of file