aboutsummaryrefslogtreecommitdiffstats
path: root/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
diff options
context:
space:
mode:
Diffstat (limited to 'dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README')
-rw-r--r--dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README77
1 files changed, 77 insertions, 0 deletions
diff --git a/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
new file mode 100644
index 00000000..9578982d
--- /dev/null
+++ b/dynamic-layers/networking-layer/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README
@@ -0,0 +1,77 @@
+test_setkey script usage
+
+The scripts in this directory may be used for testing
+native Linux IPsec with the talitos driver as a loadable module.
+
+It's assumed that these scripts have been placed in the directory
+named /test_setkey.
+
+The scripts setup_left and setup_right configure the ip addresses
+for two boards named 'left' and 'right', which are two gateways for
+an IPsec tunnel. Connect the eth1 interfaces of left and right boards together.
+For smartbits testing, connect eth0 on each board to a smartbits port.
+For other testing (ping, netperf, iperf), connect eth0 on each board to another system.
+
+The scripts named left.conf-* and right.conf-* are setkey scripts
+which configure the IPsec SA and SPD entries.
+The scripts ending in -tunnel use tunnel mode IPsec, and the scripts
+ending in -transport used transport mode IPsec.
+Transport mode is useful for quickly testing security functionality
+using ping or netperf between two boards.
+Tunnel mode can be used for testing throughput using smartbits or other
+performance test equipment.
+
+There is a top level script called 'setup' which
+is used for a one-step setup on the left and right boards.
+'setup' uses two or three parameters. The first parameter is the side, left or right.
+The second parameter is the setkey suffix for the left.conf- and right.conf- files.
+If the third parameter is supplied, the setup will modprobe that name, so
+typically you should provide talitos as the third parameter if you want to load the driver.
+If you have built the talitos driver into the kernel, omit the third parameter to setup.
+You may test software encryption if talitos is built as a module and you omit the third parameter.
+
+Below are example uses of the 'setup' script.
+
+1) One-step setup for smartbits
+ Use a tunnel mode setup on each side.
+ AES-HMAC-SHA1:
+ Left side:
+ /test_setkey/setup left aes-sha1-tunnel talitos
+ Right side:
+ /test_setkey/setup right aes-sha1-tunnel talitos
+
+ 3DES-HMAC-SHA1:
+ Left side:
+ /test_setkey/setup left 3des-sha1-tunnel talitos
+ Right side:
+ /test_setkey/setup right 3des-sha1-tunnel talitos
+
+2) One-step setup for testing ping, netperf, or iperf between two boards.
+ Use a transport mode setup on each side.
+ AES-HMAC-SHA1:
+ Left side:
+ /test_setkey/setup left aes-sha1-transport talitos
+ Right side:
+ /test_setkey/setup right aes-sha1-transport talitos
+
+ 3DES-HMAC-SHA1:
+ Left side:
+ /test_setkey/setup left 3des-sha1-transport talitos
+ Right side:
+ /test_setkey/setup right 3des-sha1-transport talitos
+
+3) Testing ipv4
+ To test ipv4 (with no security) over the two gateways, use steps below.
+ Testing ipv4 is helpful to get your smartbits configuration verified
+ and also establish a baseline performance for throughput.
+
+ On the left board:
+ cd /test_setkey
+ ./setup_left
+ ./left.ipv4
+
+ On the right board:
+ cd /test_setkey
+ ./setup_right
+ ./right.ipv4
+