[dpdk-dev] [PATCH v3 9/9] examples/ipsec-secgw: update ipsec-secgw guide
Sergio Gonzalez Monroy
sergio.gonzalez.monroy at intel.com
Thu Sep 29 17:44:17 CEST 2016
Update sample guide to reflect support for new algorithms.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy at intel.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst
index 5cce2fe..4f7bd7d 100644
--- a/doc/guides/sample_app_ug/ipsec_secgw.rst
+++ b/doc/guides/sample_app_ug/ipsec_secgw.rst
@@ -79,7 +79,7 @@ Constraints
* No IPv6 options headers.
* No AH mode.
-* Currently only EAS-CBC, HMAC-SHA1 and NULL.
+* Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
* No chained mbufs.
@@ -380,9 +380,6 @@ SA rule syntax
The successfully parsed SA rules will be stored in an array table.
-All SAs configured with AES-CBC and HMAC-SHA1 share the same values for
-cipher block size and key, and authentication digest size and key.
-
The SA rule syntax is shown as follows:
.. code-block:: console
@@ -421,6 +418,8 @@ where each options means:
* *null*: NULL algorithm
* *aes-128-cbc*: AES-CBC 128-bit algorithm
+ * *aes-128-ctr*: AES-CTR 128-bit algorithm
+ * *aes-128-gcm*: AES-GCM 128-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
@@ -447,10 +446,12 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *aes-128-gcm*: AES-GCM 128-bit algorithm
``<auth_key>``
- * Authentication key, NOT available when 'null' algorithm is used
+ * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
+ is used.
* Optional: No, must followed by <auth_algo> option
@@ -514,6 +515,10 @@ Example SA rules:
src 1111:1111:1111:1111:1111:1111:1111:5555 \
dst 2222:2222:2222:2222:2222:2222:2222:5555
+ sa in 105 cipher_algo aes-128-gcm \
+ cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+ auth_algo aes-128-gcm \
+ mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
Routing rule syntax
^^^^^^^^^^^^^^^^^^^
--
2.5.5
More information about the dev
mailing list