[dpdk-dev,v3,9/9] doc: update ipsec-secgw sample app guide
Commit Message
Update sample guide to reflect support for new algorithms.
Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
---
doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++-----
1 file changed, 10 insertions(+), 5 deletions(-)
Comments
> -----Original Message-----
> From: dev [mailto:dev-bounces@dpdk.org] On Behalf Of Sergio Gonzalez
> Monroy
> Sent: Thursday, September 29, 2016 4:44 PM
> To: dev@dpdk.org
> Cc: De Lara Guarch, Pablo <pablo.de.lara.guarch@intel.com>
> Subject: [dpdk-dev] [PATCH v3 9/9] doc: update ipsec-secgw sample app
> guide
>
> Update sample guide to reflect support for new algorithms.
>
> Signed-off-by: Sergio Gonzalez Monroy <sergio.gonzalez.monroy@intel.com>
Acked-by: John McNamara <john.mcnamara@intel.com>
@@ -79,7 +79,7 @@ Constraints
* No IPv6 options headers.
* No AH mode.
-* Currently only EAS-CBC, HMAC-SHA1 and NULL.
+* Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL.
* Each SA must be handle by a unique lcore (*1 RX queue per port*).
* No chained mbufs.
@@ -380,9 +380,6 @@ SA rule syntax
The successfully parsed SA rules will be stored in an array table.
-All SAs configured with AES-CBC and HMAC-SHA1 share the same values for
-cipher block size and key, and authentication digest size and key.
-
The SA rule syntax is shown as follows:
.. code-block:: console
@@ -421,6 +418,8 @@ where each options means:
* *null*: NULL algorithm
* *aes-128-cbc*: AES-CBC 128-bit algorithm
+ * *aes-128-ctr*: AES-CTR 128-bit algorithm
+ * *aes-128-gcm*: AES-GCM 128-bit algorithm
* Syntax: *cipher_algo <your algorithm>*
@@ -447,10 +446,12 @@ where each options means:
* *null*: NULL algorithm
* *sha1-hmac*: HMAC SHA1 algorithm
+ * *aes-128-gcm*: AES-GCM 128-bit algorithm
``<auth_key>``
- * Authentication key, NOT available when 'null' algorithm is used
+ * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm
+ is used.
* Optional: No, must followed by <auth_algo> option
@@ -514,6 +515,10 @@ Example SA rules:
src 1111:1111:1111:1111:1111:1111:1111:5555 \
dst 2222:2222:2222:2222:2222:2222:2222:5555
+ sa in 105 cipher_algo aes-128-gcm \
+ cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
+ auth_algo aes-128-gcm \
+ mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5
Routing rule syntax
^^^^^^^^^^^^^^^^^^^