diff options
Diffstat (limited to 'recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README')
-rw-r--r-- | recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README new file mode 100644 index 00000000..9578982d --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README @@ -0,0 +1,77 @@ +test_setkey script usage + +The scripts in this directory may be used for testing +native Linux IPsec with the talitos driver as a loadable module. + +It's assumed that these scripts have been placed in the directory +named /test_setkey. + +The scripts setup_left and setup_right configure the ip addresses +for two boards named 'left' and 'right', which are two gateways for +an IPsec tunnel. Connect the eth1 interfaces of left and right boards together. +For smartbits testing, connect eth0 on each board to a smartbits port. +For other testing (ping, netperf, iperf), connect eth0 on each board to another system. + +The scripts named left.conf-* and right.conf-* are setkey scripts +which configure the IPsec SA and SPD entries. +The scripts ending in -tunnel use tunnel mode IPsec, and the scripts +ending in -transport used transport mode IPsec. +Transport mode is useful for quickly testing security functionality +using ping or netperf between two boards. +Tunnel mode can be used for testing throughput using smartbits or other +performance test equipment. + +There is a top level script called 'setup' which +is used for a one-step setup on the left and right boards. +'setup' uses two or three parameters. The first parameter is the side, left or right. +The second parameter is the setkey suffix for the left.conf- and right.conf- files. +If the third parameter is supplied, the setup will modprobe that name, so +typically you should provide talitos as the third parameter if you want to load the driver. +If you have built the talitos driver into the kernel, omit the third parameter to setup. +You may test software encryption if talitos is built as a module and you omit the third parameter. + +Below are example uses of the 'setup' script. + +1) One-step setup for smartbits + Use a tunnel mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-tunnel talitos + Right side: + /test_setkey/setup right aes-sha1-tunnel talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-tunnel talitos + Right side: + /test_setkey/setup right 3des-sha1-tunnel talitos + +2) One-step setup for testing ping, netperf, or iperf between two boards. + Use a transport mode setup on each side. + AES-HMAC-SHA1: + Left side: + /test_setkey/setup left aes-sha1-transport talitos + Right side: + /test_setkey/setup right aes-sha1-transport talitos + + 3DES-HMAC-SHA1: + Left side: + /test_setkey/setup left 3des-sha1-transport talitos + Right side: + /test_setkey/setup right 3des-sha1-transport talitos + +3) Testing ipv4 + To test ipv4 (with no security) over the two gateways, use steps below. + Testing ipv4 is helpful to get your smartbits configuration verified + and also establish a baseline performance for throughput. + + On the left board: + cd /test_setkey + ./setup_left + ./left.ipv4 + + On the right board: + cd /test_setkey + ./setup_right + ./right.ipv4 + |