X-Git-Url: http://git.droids-corp.org/?a=blobdiff_plain;f=doc%2Fguides%2Fsample_app_ug%2Fipsec_secgw.rst;h=885c77e397009751358a85875c45b49ea209b1fd;hb=8526571400ff2d81b6d9f93873bb706b7d6dcb39;hp=5cce2fec9afc57694456a327d799a2d36fe595fd;hpb=0d547ed0371780b41f46d300be5bc3812101be51;p=dpdk.git diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 5cce2fec9a..885c77e397 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -79,7 +79,7 @@ Constraints * No IPv6 options headers. * No AH mode. -* Currently only EAS-CBC, HMAC-SHA1 and NULL. +* Supported algorithms: AES-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). * No chained mbufs. @@ -380,9 +380,6 @@ SA rule syntax The successfully parsed SA rules will be stored in an array table. -All SAs configured with AES-CBC and HMAC-SHA1 share the same values for -cipher block size and key, and authentication digest size and key. - The SA rule syntax is shown as follows: .. code-block:: console @@ -421,6 +418,8 @@ where each options means: * *null*: NULL algorithm * *aes-128-cbc*: AES-CBC 128-bit algorithm + * *aes-128-ctr*: AES-CTR 128-bit algorithm + * *aes-128-gcm*: AES-GCM 128-bit algorithm * Syntax: *cipher_algo * @@ -447,10 +446,12 @@ where each options means: * *null*: NULL algorithm * *sha1-hmac*: HMAC SHA1 algorithm + * *aes-128-gcm*: AES-GCM 128-bit algorithm ```` - * Authentication key, NOT available when 'null' algorithm is used + * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm + is used. * Optional: No, must followed by option @@ -514,6 +515,10 @@ Example SA rules: src 1111:1111:1111:1111:1111:1111:1111:5555 \ dst 2222:2222:2222:2222:2222:2222:2222:5555 + sa in 105 cipher_algo aes-128-gcm \ + cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ + auth_algo aes-128-gcm \ + mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 Routing rule syntax ^^^^^^^^^^^^^^^^^^^