examples/ipsec-secgw: add scripts for functional test
The purpose of these scripts is to automate ipsec-secgw functional testing. The scripts require two machines (SUT and DUT) connected through at least 2 NICs and running linux (so far tested only on Ubuntu 18.04). Introduced test-cases for the following scenarios: - Transport/Tunnel modes - AES-CBC SHA1 - AES-GCM - ESN on/off - legacy/librte_ipsec code path Signed-off-by: Konstantin Ananyev <konstantin.ananyev@intel.com> Acked-by: Radu Nicolau <radu.nicolau@intel.com> Acked-by: Akhil Goyal <akhil.goyal@nxp.com>
This commit is contained in:
parent
3e5f4625dc
commit
9297844520
162
examples/ipsec-secgw/test/common_defs.sh
Normal file
162
examples/ipsec-secgw/test/common_defs.sh
Normal file
@ -0,0 +1,162 @@
|
||||
#! /bin/bash
|
||||
|
||||
#check that env vars are properly defined
|
||||
|
||||
#check SGW_PATH
|
||||
if [[ -z "${SGW_PATH}" || ! -x ${SGW_PATH} ]]; then
|
||||
echo "SGW_PATH is invalid"
|
||||
exit 127
|
||||
fi
|
||||
|
||||
#check ETH_DEV
|
||||
if [[ -z "${ETH_DEV}" ]]; then
|
||||
echo "ETH_DEV is invalid"
|
||||
exit 127
|
||||
fi
|
||||
|
||||
#setup SGW_LCORE
|
||||
SGW_LCORE=${SGW_LCORE:-0}
|
||||
|
||||
#check that REMOTE_HOST is reachable
|
||||
ssh ${REMOTE_HOST} echo
|
||||
st=$?
|
||||
if [[ $st -ne 0 ]]; then
|
||||
echo "host ${REMOTE_HOST} is not reachable"
|
||||
exit $st
|
||||
fi
|
||||
|
||||
#get ether addr of REMOTE_HOST
|
||||
REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
|
||||
st=$?
|
||||
REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
|
||||
if [[ $st -ne 0 || -z "${REMOTE_MAC}" ]]; then
|
||||
echo "coouldn't retrieve ether addr from ${REMOTE_IFACE}"
|
||||
exit 127
|
||||
fi
|
||||
|
||||
LOCAL_IFACE=dtap0
|
||||
|
||||
LOCAL_MAC="00:64:74:61:70:30"
|
||||
|
||||
REMOTE_IPV4=192.168.31.14
|
||||
LOCAL_IPV4=192.168.31.92
|
||||
|
||||
REMOTE_IPV6=fd12:3456:789a:0031:0000:0000:0000:0014
|
||||
LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
|
||||
|
||||
DPDK_PATH=${RTE_SDK:-${PWD}}
|
||||
DPDK_BUILD=${RTE_TARGET:-x86_64-native-linuxapp-gcc}
|
||||
|
||||
SGW_OUT_FILE=./ipsec-secgw.out1
|
||||
|
||||
SGW_CMD_EAL_PRM="--lcores=${SGW_LCORE} -n 4 ${ETH_DEV}"
|
||||
SGW_CMD_CFG="(0,0,${SGW_LCORE}),(1,0,${SGW_LCORE})"
|
||||
SGW_CMD_PRM="-p 0x3 -u 1 -P --config=\"${SGW_CMD_CFG}\""
|
||||
|
||||
SGW_CFG_FILE=$(tempfile)
|
||||
|
||||
# configure local host/ifaces
|
||||
config_local_iface()
|
||||
{
|
||||
ifconfig ${LOCAL_IFACE} ${LOCAL_IPV4}/24 mtu 1400 up
|
||||
ifconfig ${LOCAL_IFACE}
|
||||
|
||||
ip neigh flush dev ${LOCAL_IFACE}
|
||||
ip neigh add ${REMOTE_IPV4} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
|
||||
ip neigh show dev ${LOCAL_IFACE}
|
||||
}
|
||||
|
||||
config6_local_iface()
|
||||
{
|
||||
config_local_iface
|
||||
|
||||
sysctl -w net.ipv6.conf.${LOCAL_IFACE}.disable_ipv6=0
|
||||
ip addr add ${LOCAL_IPV6}/64 dev ${LOCAL_IFACE}
|
||||
|
||||
sysctl -w net.ipv6.conf.${LOCAL_IFACE}.mtu=1300
|
||||
|
||||
ip -6 neigh add ${REMOTE_IPV6} dev ${LOCAL_IFACE} lladdr ${REMOTE_MAC}
|
||||
ip neigh show dev ${LOCAL_IFACE}
|
||||
}
|
||||
|
||||
#configure remote host/iface
|
||||
config_remote_iface()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
|
||||
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} ${REMOTE_IPV4}/24 up
|
||||
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE}
|
||||
|
||||
ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
|
||||
|
||||
# by some reason following ip neigh doesn't work for me here properly:
|
||||
#ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
|
||||
# dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
|
||||
# so used arp instead.
|
||||
ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
|
||||
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
|
||||
|
||||
ssh ${REMOTE_HOST} iptables --flush
|
||||
}
|
||||
|
||||
config6_remote_iface()
|
||||
{
|
||||
config_remote_iface
|
||||
|
||||
ssh ${REMOTE_HOST} sysctl -w \
|
||||
net.ipv6.conf.${REMOTE_IFACE}.disable_ipv6=0
|
||||
ssh ${REMOTE_HOST} ip addr add ${REMOTE_IPV6}/64 dev ${REMOTE_IFACE}
|
||||
|
||||
ssh ${REMOTE_HOST} ip -6 neigh add ${LOCAL_IPV6} \
|
||||
dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
|
||||
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
|
||||
|
||||
ssh ${REMOTE_HOST} ip6tables --flush
|
||||
}
|
||||
|
||||
#configure remote and local host/iface
|
||||
config_iface()
|
||||
{
|
||||
config_local_iface
|
||||
config_remote_iface
|
||||
}
|
||||
|
||||
config6_iface()
|
||||
{
|
||||
config6_local_iface
|
||||
config6_remote_iface
|
||||
}
|
||||
|
||||
#start ipsec-secgw
|
||||
secgw_start()
|
||||
{
|
||||
SGW_EXEC_FILE=$(tempfile)
|
||||
cat <<EOF > ${SGW_EXEC_FILE}
|
||||
${SGW_PATH} ${SGW_CMD_EAL_PRM} ${CRYPTO_DEV} \
|
||||
--vdev="net_tap0,mac=fixed" \
|
||||
-- ${SGW_CMD_PRM} ${SGW_CMD_XPRM} -f ${SGW_CFG_FILE} > \
|
||||
${SGW_OUT_FILE} 2>&1 &
|
||||
p=\$!
|
||||
echo \$p
|
||||
EOF
|
||||
|
||||
cat ${SGW_EXEC_FILE}
|
||||
SGW_PID=`/bin/bash -x ${SGW_EXEC_FILE}`
|
||||
|
||||
# wait till ipsec-secgw start properly
|
||||
i=0
|
||||
st=1
|
||||
while [[ $i -ne 10 && st -ne 0 ]]; do
|
||||
sleep 1
|
||||
ifconfig ${LOCAL_IFACE}
|
||||
st=$?
|
||||
let i++
|
||||
done
|
||||
}
|
||||
|
||||
#stop ipsec-secgw and cleanup
|
||||
secgw_stop()
|
||||
{
|
||||
kill ${SGW_PID}
|
||||
rm -f ${SGW_EXEC_FILE}
|
||||
rm -f ${SGW_CFG_FILE}
|
||||
}
|
62
examples/ipsec-secgw/test/data_rxtx.sh
Normal file
62
examples/ipsec-secgw/test/data_rxtx.sh
Normal file
@ -0,0 +1,62 @@
|
||||
#! /bin/bash
|
||||
|
||||
TCP_PORT=22222
|
||||
|
||||
ping_test1()
|
||||
{
|
||||
dst=$1
|
||||
|
||||
i=0
|
||||
st=0
|
||||
while [[ $i -ne 1200 && $st -eq 0 ]];
|
||||
do
|
||||
let i++
|
||||
ping -c 1 -s ${i} ${dst}
|
||||
st=$?
|
||||
done
|
||||
|
||||
if [[ $st -ne 0 ]]; then
|
||||
echo "ERROR: $0 failed for dst=${dst}, sz=${i}"
|
||||
fi
|
||||
return $st;
|
||||
}
|
||||
|
||||
ping6_test1()
|
||||
{
|
||||
dst=$1
|
||||
|
||||
i=0
|
||||
st=0
|
||||
while [[ $i -ne 1200 && $st -eq 0 ]];
|
||||
do
|
||||
let i++
|
||||
ping6 -c 1 -s ${i} ${dst}
|
||||
st=$?
|
||||
done
|
||||
|
||||
if [[ $st -ne 0 ]]; then
|
||||
echo "ERROR: $0 failed for dst=${dst}, sz=${i}"
|
||||
fi
|
||||
return $st;
|
||||
}
|
||||
|
||||
scp_test1()
|
||||
{
|
||||
dst=$1
|
||||
|
||||
for sz in 1234 23456 345678 4567890 56789102 ; do
|
||||
x=`basename $0`.${sz}
|
||||
dd if=/dev/urandom of=${x} bs=${sz} count=1
|
||||
scp ${x} [${dst}]:${x}
|
||||
scp [${dst}]:${x} ${x}.copy1
|
||||
diff -u ${x} ${x}.copy1
|
||||
st=$?
|
||||
rm -f ${x} ${x}.copy1
|
||||
ssh ${REMOTE_HOST} rm -f ${x}
|
||||
if [[ $st -ne 0 ]]; then
|
||||
return $st
|
||||
fi
|
||||
done
|
||||
|
||||
return 0;
|
||||
}
|
63
examples/ipsec-secgw/test/linux_test4.sh
Normal file
63
examples/ipsec-secgw/test/linux_test4.sh
Normal file
@ -0,0 +1,63 @@
|
||||
#! /bin/bash
|
||||
|
||||
# usage: /bin/bash linux_test4.sh <ipsec_mode>
|
||||
# for list of available modes please refer to run_test.sh.
|
||||
# ipsec-secgw (IPv4 mode) functional test script.
|
||||
#
|
||||
# Note that for most of them you required appropriate crypto PMD/device
|
||||
# to be avaialble.
|
||||
# Also user has to setup properly the following environment variables:
|
||||
# SGW_PATH - path to the ipsec-secgw binary to test
|
||||
# REMOTE_HOST - ip/hostname of the DUT
|
||||
# REMOTE_IFACE - iface name for the test-port on DUT
|
||||
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
|
||||
# Also user can optonally setup:
|
||||
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
|
||||
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
|
||||
# if none specified appropriate vdevs will be created by the scrit
|
||||
#
|
||||
# The purpose of the script is to automate ipsec-secgw testing
|
||||
# using another system running linux as a DUT.
|
||||
# It expects that SUT and DUT are connected through at least 2 NICs.
|
||||
# One NIC is expected to be managed by linux both machines,
|
||||
# and will be used as a control path
|
||||
# Make sure user from SUT can ssh to DUT without entering password.
|
||||
# Second NIC (test-port) should be reserved for DPDK on SUT,
|
||||
# and should be managed by linux on DUT.
|
||||
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
|
||||
# Then configures local tap iface and remote iface and ipsec policies
|
||||
# in the following way:
|
||||
# traffic going over test-port in both directions has to be
|
||||
# protected by ipsec.
|
||||
# raffic going over TAP in both directions doesn't have to be protected.
|
||||
# I.E:
|
||||
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
|
||||
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
|
||||
# Then tries to perorm some data transfer using the scheme decribed above.
|
||||
#
|
||||
|
||||
DIR=`dirname $0`
|
||||
MODE=$1
|
||||
|
||||
. ${DIR}/common_defs.sh
|
||||
. ${DIR}/${MODE}_defs.sh
|
||||
|
||||
config_secgw
|
||||
|
||||
secgw_start
|
||||
|
||||
config_iface
|
||||
|
||||
config_remote_xfrm
|
||||
|
||||
. ${DIR}/data_rxtx.sh
|
||||
|
||||
ping_test1 ${REMOTE_IPV4}
|
||||
st=$?
|
||||
if [[ $st -eq 0 ]]; then
|
||||
scp_test1 ${REMOTE_IPV4}
|
||||
st=$?
|
||||
fi
|
||||
|
||||
secgw_stop
|
||||
exit $st
|
64
examples/ipsec-secgw/test/linux_test6.sh
Normal file
64
examples/ipsec-secgw/test/linux_test6.sh
Normal file
@ -0,0 +1,64 @@
|
||||
#! /bin/bash
|
||||
|
||||
# usage: /bin/bash linux_test6.sh <ipsec_mode>
|
||||
# for list of available modes please refer to run_test.sh.
|
||||
# ipsec-secgw (IPv6 mode) functional test script.
|
||||
#
|
||||
# Note that for most of them you required appropriate crypto PMD/device
|
||||
# to be avaialble.
|
||||
# Also user has to setup properly the following environment variables:
|
||||
# SGW_PATH - path to the ipsec-secgw binary to test
|
||||
# REMOTE_HOST - ip/hostname of the DUT
|
||||
# REMOTE_IFACE - iface name for the test-port on DUT
|
||||
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
|
||||
# Also user can optonally setup:
|
||||
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
|
||||
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
|
||||
# if none specified appropriate vdevs will be created by the scrit
|
||||
#
|
||||
# The purpose of the script is to automate ipsec-secgw testing
|
||||
# using another system running linux as a DUT.
|
||||
# It expects that SUT and DUT are connected through at least 2 NICs.
|
||||
# One NIC is expected to be managed by linux both machines,
|
||||
# and will be used as a control path.
|
||||
# Make sure user from SUT can ssh to DUT without entering password,
|
||||
# also make sure that sshd over ipv6 is enabled.
|
||||
# Second NIC (test-port) should be reserved for DPDK on SUT,
|
||||
# and should be managed by linux on DUT.
|
||||
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
|
||||
# Then configures local tap iface and remote iface and ipsec policies
|
||||
# in the following way:
|
||||
# traffic going over test-port in both directions has to be
|
||||
# protected by ipsec.
|
||||
# raffic going over TAP in both directions doesn't have to be protected.
|
||||
# I.E:
|
||||
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
|
||||
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
|
||||
# Then tries to perorm some data transfer using the scheme decribed above.
|
||||
#
|
||||
|
||||
DIR=`dirname $0`
|
||||
MODE=$1
|
||||
|
||||
. ${DIR}/common_defs.sh
|
||||
. ${DIR}/${MODE}_defs.sh
|
||||
|
||||
config_secgw
|
||||
|
||||
secgw_start
|
||||
|
||||
config6_iface
|
||||
|
||||
config6_remote_xfrm
|
||||
|
||||
. ${DIR}/data_rxtx.sh
|
||||
|
||||
ping6_test1 ${REMOTE_IPV6}
|
||||
st=$?
|
||||
if [[ $st -eq 0 ]]; then
|
||||
scp_test1 ${REMOTE_IPV6}
|
||||
st=$?
|
||||
fi
|
||||
|
||||
secgw_stop
|
||||
exit $st
|
80
examples/ipsec-secgw/test/run_test.sh
Normal file
80
examples/ipsec-secgw/test/run_test.sh
Normal file
@ -0,0 +1,80 @@
|
||||
#! /bin/bash
|
||||
|
||||
# usage: /bin/bash run_test.sh [-46]
|
||||
# Run all defined linux_test[4,6].sh test-cases one by one
|
||||
# user has to setup properly the following environment variables:
|
||||
# SGW_PATH - path to the ipsec-secgw binary to test
|
||||
# REMOTE_HOST - ip/hostname of the DUT
|
||||
# REMOTE_IFACE - iface name for the test-port on DUT
|
||||
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
|
||||
# Also user can optonally setup:
|
||||
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
|
||||
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
|
||||
# if none specified appropriate vdevs will be created by the scrit
|
||||
# refer to linux_test1.sh for more information
|
||||
|
||||
# All supported modes to test.
|
||||
# naming convention:
|
||||
# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)
|
||||
# 'tun/trs' refer to tunnel/transport mode respectively
|
||||
LINUX_TEST="tun_aescbc_sha1 \
|
||||
tun_aescbc_sha1_esn \
|
||||
tun_aescbc_sha1_esn_atom \
|
||||
tun_aesgcm \
|
||||
tun_aesgcm_esn \
|
||||
tun_aesgcm_esn_atom \
|
||||
trs_aescbc_sha1 \
|
||||
trs_aescbc_sha1_esn \
|
||||
trs_aescbc_sha1_esn_atom \
|
||||
trs_aesgcm \
|
||||
trs_aesgcm_esn \
|
||||
trs_aesgcm_esn_atom \
|
||||
tun_aescbc_sha1_old \
|
||||
tun_aesgcm_old \
|
||||
trs_aescbc_sha1_old \
|
||||
trs_aesgcm_old"
|
||||
|
||||
DIR=`dirname $0`
|
||||
|
||||
# get input options
|
||||
st=0
|
||||
run4=0
|
||||
run6=0
|
||||
while [[ ${st} -eq 0 ]]; do
|
||||
getopts ":46" opt
|
||||
st=$?
|
||||
if [[ "${opt}" == "4" ]]; then
|
||||
run4=1
|
||||
elif [[ "${opt}" == "6" ]]; then
|
||||
run6=1
|
||||
fi
|
||||
done
|
||||
|
||||
if [[ ${run4} -eq 0 && {run6} -eq 0 ]]; then
|
||||
exit 127
|
||||
fi
|
||||
|
||||
for i in ${LINUX_TEST}; do
|
||||
|
||||
echo "starting test ${i}"
|
||||
|
||||
st4=0
|
||||
if [[ ${run4} -ne 0 ]]; then
|
||||
/bin/bash ${DIR}/linux_test4.sh ${i}
|
||||
st4=$?
|
||||
echo "test4 ${i} finished with status ${st4}"
|
||||
fi
|
||||
|
||||
st6=0
|
||||
if [[ ${run6} -ne 0 ]]; then
|
||||
/bin/bash ${DIR}/linux_test6.sh ${i}
|
||||
st6=$?
|
||||
echo "test6 ${i} finished with status ${st6}"
|
||||
fi
|
||||
|
||||
let "st = st4 + st6"
|
||||
if [[ $st -ne 0 ]]; then
|
||||
echo "ERROR test ${i} FAILED"
|
||||
exit $st
|
||||
fi
|
||||
done
|
69
examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
Normal file
69
examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
Normal file
@ -0,0 +1,69 @@
|
||||
#! /bin/bash
|
||||
|
||||
CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
|
||||
|
||||
#generate cfg file for ipsec-secgw
|
||||
config_secgw()
|
||||
{
|
||||
cat <<EOF > ${SGW_CFG_FILE}
|
||||
#SP in IPv4 rules
|
||||
sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv4 rules
|
||||
sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#sp in IPv6 rules
|
||||
sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv6 rules
|
||||
sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SA in rules
|
||||
sa in 7 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport
|
||||
|
||||
sa in 9 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport
|
||||
|
||||
#SA out rules
|
||||
sa out 7 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport
|
||||
|
||||
#SA out rules
|
||||
sa out 9 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport
|
||||
|
||||
#Routing rules
|
||||
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
|
||||
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
|
||||
|
||||
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
|
||||
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
|
||||
|
||||
#neighbours
|
||||
neigh port 0 ${REMOTE_MAC}
|
||||
neigh port 1 ${LOCAL_MAC}
|
||||
EOF
|
||||
|
||||
cat ${SGW_CFG_FILE}
|
||||
}
|
67
examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
Normal file
67
examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
Normal file
@ -0,0 +1,67 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aescbc_sha1_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode transport replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode transport replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 4
|
||||
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode transport replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode transport replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aescbc_sha1_esn_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -a -w 300'
|
66
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
Normal file
66
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
Normal file
@ -0,0 +1,66 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aescbc_sha1_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
5
examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
Normal file
5
examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aescbc_sha1_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
60
examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
Normal file
60
examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
Normal file
@ -0,0 +1,60 @@
|
||||
#! /bin/bash
|
||||
|
||||
CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
|
||||
|
||||
#generate cfg file for ipsec-secgw
|
||||
config_secgw()
|
||||
{
|
||||
cat <<EOF > ${SGW_CFG_FILE}
|
||||
#SP in IPv4 rules
|
||||
sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv4 rules
|
||||
sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP in IPv6 rules
|
||||
sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv6 rules
|
||||
sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SA in rules
|
||||
sa in 7 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport ${SGW_CFG_XPRM}
|
||||
|
||||
sa in 9 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport ${SGW_CFG_XPRM}
|
||||
|
||||
#SA out rules
|
||||
sa out 7 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport ${SGW_CFG_XPRM}
|
||||
|
||||
sa out 9 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode transport ${SGW_CFG_XPRM}
|
||||
|
||||
#Routing rules
|
||||
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
|
||||
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
|
||||
|
||||
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
|
||||
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
|
||||
|
||||
#neighbours
|
||||
neigh port 0 ${REMOTE_MAC}
|
||||
neigh port 1 ${LOCAL_MAC}
|
||||
EOF
|
||||
|
||||
cat ${SGW_CFG_FILE}
|
||||
}
|
76
examples/ipsec-secgw/test/trs_aesgcm_defs.sh
Normal file
76
examples/ipsec-secgw/test/trs_aesgcm_defs.sh
Normal file
@ -0,0 +1,76 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode transport replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode transport replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
|
||||
# to overcome problem with ipsec-secgw for inline mode,
|
||||
# when first packet(s) will be always dropped.
|
||||
# note that ping will fail here
|
||||
ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode transport replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode transport replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
|
||||
# to overcome problem with ipsec-secgw for inline mode,
|
||||
# when first packet(s) will be always dropped.
|
||||
# note that ping will fail here
|
||||
ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV6}
|
||||
}
|
5
examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
Normal file
5
examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_esn_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -a -w 300'
|
66
examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
Normal file
66
examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
Normal file
@ -0,0 +1,66 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl proto esp mode transport reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
@ -0,0 +1,6 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_defs.sh
|
||||
|
||||
CRYPTO_DEV='--vdev="crypto_null0"'
|
||||
SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'
|
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_inline_crypto_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
5
examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
Normal file
5
examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/trs_aesgcm_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
68
examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
Normal file
68
examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
Normal file
@ -0,0 +1,68 @@
|
||||
#! /bin/bash
|
||||
|
||||
CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
|
||||
|
||||
#generate cfg file for ipsec-secgw
|
||||
config_secgw()
|
||||
{
|
||||
cat <<EOF > ${SGW_CFG_FILE}
|
||||
#sp in IPv4 rules
|
||||
sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv4 rules
|
||||
sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#sp in IPv6 rules
|
||||
sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv6 rules
|
||||
sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SA in rules
|
||||
sa in 7 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
|
||||
|
||||
sa in 9 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
|
||||
|
||||
#SA out rules
|
||||
sa out 7 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
|
||||
|
||||
sa out 9 cipher_algo aes-128-cbc \
|
||||
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
auth_algo sha1-hmac \
|
||||
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
|
||||
|
||||
#Routing rules
|
||||
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
|
||||
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
|
||||
|
||||
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
|
||||
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
|
||||
|
||||
#neighbours
|
||||
neigh port 0 ${REMOTE_MAC}
|
||||
neigh port 1 ${LOCAL_MAC}
|
||||
EOF
|
||||
|
||||
cat ${SGW_CFG_FILE}
|
||||
}
|
70
examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
Normal file
70
examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
Normal file
@ -0,0 +1,70 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aescbc_sha1_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp mode tunnel reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp mode tunnel reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp mode tunnel reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp mode tunnel reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aescbc_sha1_esn_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -a -w 300'
|
70
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
Normal file
70
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
Normal file
@ -0,0 +1,70 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aescbc_sha1_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp mode tunnel reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp mode tunnel reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp mode tunnel reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp mode tunnel reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
|
||||
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
|
||||
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
5
examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
Normal file
5
examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aescbc_sha1_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
60
examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
Normal file
60
examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
Normal file
@ -0,0 +1,60 @@
|
||||
#! /bin/bash
|
||||
|
||||
CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
|
||||
|
||||
#generate cfg file for ipsec-secgw
|
||||
config_secgw()
|
||||
{
|
||||
cat <<EOF > ${SGW_CFG_FILE}
|
||||
#sp in IPv4 rules
|
||||
sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv4 rules
|
||||
sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#sp in IPv6 rules
|
||||
sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SP out IPv6 rules
|
||||
sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
|
||||
sport 0:65535 dport 0:65535
|
||||
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
|
||||
|
||||
#SA in rules
|
||||
sa in 7 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
|
||||
|
||||
sa in 9 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
|
||||
|
||||
#SA out rules
|
||||
sa out 7 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
|
||||
|
||||
sa out 9 aead_algo aes-128-gcm \
|
||||
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
|
||||
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
|
||||
|
||||
#Routing rules
|
||||
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
|
||||
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
|
||||
|
||||
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
|
||||
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
|
||||
|
||||
#neighbours
|
||||
neigh port 0 ${REMOTE_MAC}
|
||||
neigh port 1 ${LOCAL_MAC}
|
||||
EOF
|
||||
|
||||
cat ${SGW_CFG_FILE}
|
||||
}
|
80
examples/ipsec-secgw/test/tun_aesgcm_defs.sh
Normal file
80
examples/ipsec-secgw/test/tun_aesgcm_defs.sh
Normal file
@ -0,0 +1,80 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp mode tunnel reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp mode tunnel reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
|
||||
# to overcome problem with ipsec-secgw for inline mode,
|
||||
# when first packet(s) will be always dropped.
|
||||
# note that ping will fail here
|
||||
ssh ${REMOTE_HOST} ping -c 1 ${LOCAL_IPV4}
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp mode tunnel reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp mode tunnel reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
|
||||
# to overcome problem with ipsec-secgw for inline mode,
|
||||
# when first packet(s) will be always dropped.
|
||||
# note that ping will fail here
|
||||
ssh ${REMOTE_HOST} ping6 -c 1 ${LOCAL_IPV6}
|
||||
}
|
5
examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
Normal file
5
examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_esn_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -a -w 300'
|
70
examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
Normal file
70
examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
Normal file
@ -0,0 +1,70 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_common_defs.sh
|
||||
|
||||
SGW_CMD_XPRM='-e -w 300'
|
||||
|
||||
config_remote_xfrm()
|
||||
{
|
||||
ssh ${REMOTE_HOST} ip xfrm policy flush
|
||||
ssh ${REMOTE_HOST} ip xfrm state flush
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp mode tunnel reqid 1
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp mode tunnel reqid 2
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
|
||||
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
|
||||
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
||||
|
||||
config6_remote_xfrm()
|
||||
{
|
||||
config_remote_xfrm
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
dir out ptype main action allow \
|
||||
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp mode tunnel reqid 3
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
dir in ptype main action allow \
|
||||
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp mode tunnel reqid 4
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
|
||||
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm state add \
|
||||
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
|
||||
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
|
||||
aead "rfc4106\(gcm\(aes\)\)" \
|
||||
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
|
||||
|
||||
ssh ${REMOTE_HOST} ip xfrm policy list
|
||||
ssh ${REMOTE_HOST} ip xfrm state list
|
||||
}
|
@ -0,0 +1,6 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_defs.sh
|
||||
|
||||
CRYPTO_DEV='--vdev="crypto_null0"'
|
||||
SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'
|
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_inline_crypto_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
5
examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
Normal file
5
examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
Normal file
@ -0,0 +1,5 @@
|
||||
#! /bin/bash
|
||||
|
||||
. ${DIR}/tun_aesgcm_defs.sh
|
||||
|
||||
SGW_CMD_XPRM=
|
Loading…
x
Reference in New Issue
Block a user