From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga01.intel.com (mga01.intel.com [192.55.52.88]) by dpdk.org (Postfix) with ESMTP id 86B6A58D8 for ; Thu, 29 Sep 2016 17:45:00 +0200 (CEST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by fmsmga101.fm.intel.com with ESMTP; 29 Sep 2016 08:44:32 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.30,415,1470726000"; d="scan'208";a="14587649" Received: from sie-lab-212-109.ir.intel.com (HELO silpixa00389029.ir.intel.com) ([10.237.212.109]) by fmsmga005.fm.intel.com with ESMTP; 29 Sep 2016 08:44:29 -0700 From: Sergio Gonzalez Monroy To: dev@dpdk.org Cc: pablo.de.lara.guarch@intel.com Date: Thu, 29 Sep 2016 16:44:17 +0100 Message-Id: <1475163857-142366-12-git-send-email-sergio.gonzalez.monroy@intel.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1475163857-142366-1-git-send-email-sergio.gonzalez.monroy@intel.com> References: <1474616734-118291-1-git-send-email-sergio.gonzalez.monroy@intel.com> <1475163857-142366-1-git-send-email-sergio.gonzalez.monroy@intel.com> Subject: [dpdk-dev] [PATCH v3 9/9] examples/ipsec-secgw: update ipsec-secgw guide X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches and discussions about DPDK List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 29 Sep 2016 15:45:01 -0000 Update sample guide to reflect support for new algorithms. Signed-off-by: Sergio Gonzalez Monroy --- doc/guides/sample_app_ug/ipsec_secgw.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/doc/guides/sample_app_ug/ipsec_secgw.rst b/doc/guides/sample_app_ug/ipsec_secgw.rst index 5cce2fe..4f7bd7d 100644 --- a/doc/guides/sample_app_ug/ipsec_secgw.rst +++ b/doc/guides/sample_app_ug/ipsec_secgw.rst @@ -79,7 +79,7 @@ Constraints * No IPv6 options headers. * No AH mode. -* Currently only EAS-CBC, HMAC-SHA1 and NULL. +* Supported algorithms: EAS-CBC, AES-CTR, AES-GCM, HMAC-SHA1 and NULL. * Each SA must be handle by a unique lcore (*1 RX queue per port*). * No chained mbufs. @@ -380,9 +380,6 @@ SA rule syntax The successfully parsed SA rules will be stored in an array table. -All SAs configured with AES-CBC and HMAC-SHA1 share the same values for -cipher block size and key, and authentication digest size and key. - The SA rule syntax is shown as follows: .. code-block:: console @@ -421,6 +418,8 @@ where each options means: * *null*: NULL algorithm * *aes-128-cbc*: AES-CBC 128-bit algorithm + * *aes-128-ctr*: AES-CTR 128-bit algorithm + * *aes-128-gcm*: AES-GCM 128-bit algorithm * Syntax: *cipher_algo * @@ -447,10 +446,12 @@ where each options means: * *null*: NULL algorithm * *sha1-hmac*: HMAC SHA1 algorithm + * *aes-128-gcm*: AES-GCM 128-bit algorithm ```` - * Authentication key, NOT available when 'null' algorithm is used + * Authentication key, NOT available when 'null' or 'aes-128-gcm' algorithm + is used. * Optional: No, must followed by option @@ -514,6 +515,10 @@ Example SA rules: src 1111:1111:1111:1111:1111:1111:1111:5555 \ dst 2222:2222:2222:2222:2222:2222:2222:5555 + sa in 105 cipher_algo aes-128-gcm \ + cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \ + auth_algo aes-128-gcm \ + mode ipv4-tunnel src 172.16.2.5 dst 172.16.1.5 Routing rule syntax ^^^^^^^^^^^^^^^^^^^ -- 2.5.5