[dpdk-dev] [PATCH v3 9/9] examples/ipsec-secgw: update ipsec-secgw guide

Sergio Gonzalez Monroy sergio.gonzalez.monroy at intel.com
Thu Sep 29 17:44:17 CEST 2016


Update sample guide to reflect support for new algorithms.

Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
---
 doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cce2fe..4f7bd7d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -79,7 +79,7 @@ Constraints
 
 *  No IPv6 options headers.
 *  No AH mode.
-*  Currently only EAS-CBC, HMAC-SHA1 and NULL.
+*  Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
 *  Each SA must be handle by a unique lcore (*1 RX queue per port*).
 *  No chained mbufs.
 
@@ -380,9 +380,6 @@ SA rule syntax
 
 The successfully parsed SA rules will be stored in an array table.
 
-All SAs configured with AES-CBC and HMAC-SHA1 share the same values for
-cipher block size and key, and authentication digest size and key.
-
 The SA rule syntax is shown as follows:
 
 .. code-block:: console
@@ -421,6 +418,8 @@ where each options means:
 
    * *null*: NULL algorithm
    * *aes-128-cbc*: AES-CBC 128-bit algorithm
+   * *aes-128-ctr*: AES-CTR 128-bit algorithm
+   * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
  * Syntax: *cipher_algo <your algorithm>*
 
@@ -447,10 +446,12 @@ where each options means:
 
     * *null*: NULL algorithm
     * *sha1-hmac*: HMAC SHA1 algorithm
+    * *aes-128-gcm*: AES-GCM 128-bit algorithm
 
 ``<auth_key>``
 
- * Authentication key, NOT available when 'null' algorithm is used
+ * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
+   is used.
 
  * Optional: No, must followed by <auth_algo> option
 
@@ -514,6 +515,10 @@ Example SA rules:
     src 1111:1111:1111:1111:1111:1111:1111:5555 \
     dst 2222:2222:2222:2222:2222:2222:2222:5555
 
+    sa in 105 cipher_algo aes-128-gcm \
+    cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+    auth_algo aes-128-gcm \
+    mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
 
 Routing rule syntax
 ^^^^^^^^^^^^^^^^^^^
-- 
2.5.5



More information about the dev mailing list