diff options
Diffstat (limited to 'recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README')
-rw-r--r-- | recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README new file mode 100644 index 0000000..9578982 --- /dev/null +++ b/recipes-connectivity/ipsec-demo/ipsec-demo/test_setkey/README | |||
@@ -0,0 +1,77 @@ | |||
1 | test_setkey script usage | ||
2 | |||
3 | The scripts in this directory may be used for testing | ||
4 | native Linux IPsec with the talitos driver as a loadable module. | ||
5 | |||
6 | It's assumed that these scripts have been placed in the directory | ||
7 | named /test_setkey. | ||
8 | |||
9 | The scripts setup_left and setup_right configure the ip addresses | ||
10 | for two boards named 'left' and 'right', which are two gateways for | ||
11 | an IPsec tunnel. Connect the eth1 interfaces of left and right boards together. | ||
12 | For smartbits testing, connect eth0 on each board to a smartbits port. | ||
13 | For other testing (ping, netperf, iperf), connect eth0 on each board to another system. | ||
14 | |||
15 | The scripts named left.conf-* and right.conf-* are setkey scripts | ||
16 | which configure the IPsec SA and SPD entries. | ||
17 | The scripts ending in -tunnel use tunnel mode IPsec, and the scripts | ||
18 | ending in -transport used transport mode IPsec. | ||
19 | Transport mode is useful for quickly testing security functionality | ||
20 | using ping or netperf between two boards. | ||
21 | Tunnel mode can be used for testing throughput using smartbits or other | ||
22 | performance test equipment. | ||
23 | |||
24 | There is a top level script called 'setup' which | ||
25 | is used for a one-step setup on the left and right boards. | ||
26 | 'setup' uses two or three parameters. The first parameter is the side, left or right. | ||
27 | The second parameter is the setkey suffix for the left.conf- and right.conf- files. | ||
28 | If the third parameter is supplied, the setup will modprobe that name, so | ||
29 | typically you should provide talitos as the third parameter if you want to load the driver. | ||
30 | If you have built the talitos driver into the kernel, omit the third parameter to setup. | ||
31 | You may test software encryption if talitos is built as a module and you omit the third parameter. | ||
32 | |||
33 | Below are example uses of the 'setup' script. | ||
34 | |||
35 | 1) One-step setup for smartbits | ||
36 | Use a tunnel mode setup on each side. | ||
37 | AES-HMAC-SHA1: | ||
38 | Left side: | ||
39 | /test_setkey/setup left aes-sha1-tunnel talitos | ||
40 | Right side: | ||
41 | /test_setkey/setup right aes-sha1-tunnel talitos | ||
42 | |||
43 | 3DES-HMAC-SHA1: | ||
44 | Left side: | ||
45 | /test_setkey/setup left 3des-sha1-tunnel talitos | ||
46 | Right side: | ||
47 | /test_setkey/setup right 3des-sha1-tunnel talitos | ||
48 | |||
49 | 2) One-step setup for testing ping, netperf, or iperf between two boards. | ||
50 | Use a transport mode setup on each side. | ||
51 | AES-HMAC-SHA1: | ||
52 | Left side: | ||
53 | /test_setkey/setup left aes-sha1-transport talitos | ||
54 | Right side: | ||
55 | /test_setkey/setup right aes-sha1-transport talitos | ||
56 | |||
57 | 3DES-HMAC-SHA1: | ||
58 | Left side: | ||
59 | /test_setkey/setup left 3des-sha1-transport talitos | ||
60 | Right side: | ||
61 | /test_setkey/setup right 3des-sha1-transport talitos | ||
62 | |||
63 | 3) Testing ipv4 | ||
64 | To test ipv4 (with no security) over the two gateways, use steps below. | ||
65 | Testing ipv4 is helpful to get your smartbits configuration verified | ||
66 | and also establish a baseline performance for throughput. | ||
67 | |||
68 | On the left board: | ||
69 | cd /test_setkey | ||
70 | ./setup_left | ||
71 | ./left.ipv4 | ||
72 | |||
73 | On the right board: | ||
74 | cd /test_setkey | ||
75 | ./setup_right | ||
76 | ./right.ipv4 | ||
77 | |||