d/numam-dpdk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

examples/ipsec-secgw: clean up test scripts

Browse Source 
As more test cases are defined for execution, test scripts structure
needs to be reorganized, so fewer files are needed to describe the test.
To achieve that, new environment variables are incorporated into the
scripts.
Additionally, tests for mixed tunnel protocols are added.

Signed-off-by: Mariusz Drost <mariuszx.drost@intel.com>
Tested-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
Acked-by: Konstantin Ananyev <konstantin.ananyev@intel.com>
This commit is contained in:
Mariusz Drost 2020-05-04 12:06:34 +02:00 committed by Akhil Goyal
parent fae347cb34
commit 9dbc4e21e7
53 changed files with 1188 additions and 1030 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
doc/guides/sample_app_ug/ipsec_secgw.rst
View File

@ -870,10 +870,12 @@ Also the user can optionally setup:
* ``CRYPTO_DEV``: crypto device to be used ('-w <pci-id>'). If none specified
appropriate vdevs will be created by the script
* ``MULTI_SEG_TEST``: ipsec-secgw option to enable reassembly support and
specify size of reassembly table (e.g.
``MULTI_SEG_TEST='--reassemble 128'``). This option must be set for
fallback session tests.
Scripts can be used for multiple test scenarios. To check all available
options run:
.. code-block:: console
/bin/bash run_test.sh -h
Note that most of the tests require the appropriate crypto PMD/device to be
available.
@ -917,17 +919,40 @@ SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(IPsec)-->(NIC1)DUT OS
It then tries to perform some data transfer using the scheme described above.
usage
Usage
~~~~~
In the ipsec-secgw/test directory
In the ipsec-secgw/test directory run
to run one test for IPv4 or IPv6
/bin/bash run_test.sh <options> <ipsec_mode>
/bin/bash linux_test(4|6).sh <ipsec_mode>
Available options:
to run all tests for IPv4 or IPv6
* ``-4`` Perform tests with use of IPv4. One or both [-46] options needs to be
selected.
/bin/bash run_test.sh -4|-6
* ``-6`` Perform tests with use of IPv6. One or both [-46] options needs to be
selected.
For the list of available modes please refer to run_test.sh.
* ``-m`` Add IPSec tunnel mixed IP version tests - outer IP version different
than inner. Inner IP version will match selected option [-46].
* ``-i`` Run tests in inline mode. Regular tests will not be invoked.
* ``-f`` Run tests for fallback mechanism. Regular tests will not be invoked.
* ``-l`` Run tests in legacy mode only. It cannot be used with options [-fsc].
On default library mode is used.
* ``-s`` Run all tests with reassembly support. On default only tests for
fallback mechanism use reassembly support.
* ``-c`` Run tests with use of cpu-crypto. For inline tests it will not be
applied. On default lookaside-none is used.
* ``-p`` Perform packet validation tests. Option [-46] is not required.
* ``-h`` Show usage.
If <ipsec_mode> is specified, only tests for that mode will be invoked. For the
list of available modes please refer to run_test.sh.

129
examples/ipsec-secgw/test/common_defs.sh
View File

@ -1,12 +1,13 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
#check ETH_DEV
# check ETH_DEV
if [[ -z "${ETH_DEV}" ]]; then
echo "ETH_DEV is invalid"
exit 127
fi
#check that REMOTE_HOST is reachable
# check that REMOTE_HOST is reachable
ssh ${REMOTE_HOST} echo
st=$?
if [[ $st -ne 0 ]]; then
@ -14,7 +15,7 @@ if [[ $st -ne 0 ]]; then
exit $st
fi
#get ether addr of REMOTE_HOST
# get ether addr of REMOTE_HOST
REMOTE_MAC=`ssh ${REMOTE_HOST} ip addr show dev ${REMOTE_IFACE}`
st=$?
REMOTE_MAC=`echo ${REMOTE_MAC} | sed -e 's/^.*ether //' -e 's/ brd.*$//'`
@ -35,6 +36,7 @@ LOCAL_IPV6=fd12:3456:789a:0031:0000:0000:0000:0092
DPDK_PATH=${RTE_SDK:-${PWD}}
DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}
DPDK_VARS=""
# by default ipsec-secgw can't deal with multi-segment packets
# make sure our local/remote host wouldn't generate fragmented packets
@ -42,40 +44,114 @@ DPDK_BUILD=${RTE_TARGET:-x86_64-native-linux-gcc}
DEF_MTU_LEN=1400
DEF_PING_LEN=1200
#upsate operation mode based on env vars values
# set operation mode based on environment variables values
select_mode()
{
echo "Test environment configuration:"
# check which mode to be enabled (library/legacy)
if [[ -n "${SGW_MODE}" && "${SGW_MODE}" == "library" ]]; then
DPDK_MODE="-w 300 -l"
echo "[enabled] library mode"
else
DPDK_MODE=""
echo "[enabled] legacy mode"
fi
# check if esn is demanded
if [[ -n "${SGW_ESN}" && "${SGW_ESN}" == "esn-on" ]]; then
DPDK_VARS="${DPDK_VARS} -e"
XFRM_ESN="flag esn"
echo "[enabled] extended sequence number"
else
XFRM_ESN=""
echo "[disabled] extended sequence number"
fi
# check if atom is demanded
if [[ -n "${SGW_ATOM}" && "${SGW_ATOM}" == "atom-on" ]]; then
DPDK_VARS="${DPDK_VARS} -a"
echo "[enabled] sequence number atomic behavior"
else
echo "[disabled] sequence number atomic behavior"
fi
# check if inline should be enabled
if [[ -n "${SGW_CRYPTO}" && "${SGW_CRYPTO}" == "inline" ]]; then
CRYPTO_DEV='--vdev="crypto_null0"'
SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload"
SGW_CFG_XPRM_OUT="port_id 0 type inline-crypto-offload"
echo "[enabled] inline crypto mode"
else
SGW_CFG_XPRM_IN=""
SGW_CFG_XPRM_OUT=""
echo "[disabled] inline crypto mode"
fi
# check if fallback should be enabled
if [[ -n "${SGW_CRYPTO_FLBK}" ]] && [[ -n ${SGW_CFG_XPRM_IN} ]] \
&& [[ "${SGW_MODE}" == "library" ]] \
&& [[ "${SGW_CRYPTO_FLBK}" == "cpu-crypto" \
|| "${SGW_CRYPTO_FLBK}" == "lookaside-none" ]]; then
CRYPTO_DEV=""
SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} fallback ${SGW_CRYPTO_FLBK}"
SGW_CFG_XPRM_OUT=""
echo "[enabled] crypto fallback ${SGW_CRYPTO_FLBK} mode"
else
if [[ -n "${SGW_CRYPTO_FLBK}" \
&& "${SGW_CRYPTO}" != "inline" ]]; then
echo "SGW_CRYPTO variable needs to be set to \
\"inline\" for ${SGW_CRYPTO_FLBK} fallback setting"
exit 127
elif [[ -n "${SGW_CRYPTO_FLBK}" \
&& "${SGW_MODE}" != "library" ]]; then
echo "SGW_MODE variable needs to be set to \
\"library\" for ${SGW_CRYPTO_FLBK} fallback setting"
exit 127
fi
echo "[disabled] crypto fallback mode"
fi
# select sync/async mode
if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${SGW_CMD_XPRM}" ]]; then
echo "${CRYPTO_PRIM_TYPE} is enabled"
SGW_CFG_XPRM="${SGW_CFG_XPRM} ${CRYPTO_PRIM_TYPE}"
fi
# check if fallback type is needed
if [[ "${MODE}" == *fallback* ]]; then
if [[ -n "${CRYPTO_FLBK_TYPE}" ]]; then
echo "${CRYPTO_FLBK_TYPE} is enabled"
if [[ -n "${CRYPTO_PRIM_TYPE}" && -n "${DPDK_MODE}" ]]; then
echo "[enabled] crypto primary type - ${CRYPTO_PRIM_TYPE}"
SGW_CFG_XPRM_IN="${SGW_CFG_XPRM_IN} type ${CRYPTO_PRIM_TYPE}"
SGW_CFG_XPRM_OUT="${SGW_CFG_XPRM_OUT} type ${CRYPTO_PRIM_TYPE}"
else
if [[ -n "${CRYPTO_PRIM_TYPE}" \
&& "${SGW_MODE}" != "library" ]]; then
echo "SGW_MODE variable needs to be set to \
\"library\" for ${CRYPTO_PRIM_TYPE} crypto primary type setting"
exit 127
fi
fi
#make linux to generate fragmented packets
if [[ -n "${MULTI_SEG_TEST}" && -n "${SGW_CMD_XPRM}" ]]; then
echo "multi-segment test is enabled"
SGW_CMD_XPRM="${SGW_CMD_XPRM} ${MULTI_SEG_TEST}"
# make linux to generate fragmented packets
if [[ -n "${SGW_MULTI_SEG}" && -n "${DPDK_MODE}" ]]; then
echo -e "[enabled] multi-segment test is enabled\n"
SGW_CMD_XPRM="--reassemble ${SGW_MULTI_SEG}"
PING_LEN=5000
MTU_LEN=1500
else
if [[ -z "${MULTI_SEG_TEST}" && "${MODE}" == *fallback* ]]; then
echo "MULTI_SEG_TEST environment variable needs to be \
set for ${MODE} test"
if [[ -z "${SGW_MULTI_SEG}" \
&& "${SGW_CFG_XPRM_IN}" == *fallback* ]]; then
echo "SGW_MULTI_SEG environment variable needs \
to be set for ${SGW_CRYPTO_FLBK} fallback test"
exit 127
elif [[ -n "${SGW_MULTI_SEG}" \
&& "${SGW_MODE}" != "library" ]]; then
echo "SGW_MODE variable needs to be set to \
\"library\" for multiple segment reassemble setting"
exit 127
fi
echo -e "[disabled] multi-segment test\n"
PING_LEN=${DEF_PING_LEN}
MTU_LEN=${DEF_MTU_LEN}
fi
}
#setup mtu on local iface
# setup mtu on local iface
set_local_mtu()
{
mtu=$1
@ -105,7 +181,7 @@ config6_local_iface()
ip neigh show dev ${LOCAL_IFACE}
}
#configure remote host/iface
# configure remote host/iface
config_remote_iface()
{
ssh ${REMOTE_HOST} ifconfig ${REMOTE_IFACE} down
@ -114,11 +190,8 @@ config_remote_iface()
ssh ${REMOTE_HOST} ip neigh flush dev ${REMOTE_IFACE}
# by some reason following ip neigh doesn't work for me here properly:
#ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
# dev ${REMOTE_IFACE} lladr ${LOCAL_MAC}
# so used arp instead.
ssh ${REMOTE_HOST} arp -i ${REMOTE_IFACE} -s ${LOCAL_IPV4} ${LOCAL_MAC}
ssh ${REMOTE_HOST} ip neigh add ${LOCAL_IPV4} \
dev ${REMOTE_IFACE} lladdr ${LOCAL_MAC}
ssh ${REMOTE_HOST} ip neigh show dev ${REMOTE_IFACE}
ssh ${REMOTE_HOST} iptables --flush
@ -139,7 +212,7 @@ config6_remote_iface()
ssh ${REMOTE_HOST} ip6tables --flush
}
#configure remote and local host/iface
# configure remote and local host/iface
config_iface()
{
config_local_iface

141
examples/ipsec-secgw/test/linux_test.sh Normal file
View File

@ -0,0 +1,141 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode>
# <ip_protocol> can be set to:
# ipv4-ipv4 - only IPv4 traffic
# ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode)
# ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode)
# ipv6-ipv6 - only IPv6 traffic
# For list of available modes please refer to run_test.sh.
#
# Note that most of them require appropriate crypto PMD/device to be available.
# Also user has to setup properly the following environment variables:
# SGW_PATH - path to the ipsec-secgw binary to test
# REMOTE_HOST - ip/hostname of the DUT
# REMOTE_IFACE - iface name for the test-port on DUT
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
# Also user can optionally setup:
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
# SGW_MODE - run ipsec-secgw in legacy mode or with use of library
# values: legacy/library (legacy on default)
# SGW_ESN - run ipsec-secgw with extended sequence number
# values: esn-on/esn-off (esn-off on default)
# SGW_ATOM - run ipsec-secgw with sequence number atomic behavior
# values: atom-on/atom-off (atom-off on default)
# SGW_CRYPTO - run ipsec-secgw with use of inline crypto
# values: inline (unset on default)
# SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured
# values: cpu-crypto/lookaside-none (unset on default)
# CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set
# values: cpu-crypto (unset on default)
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
# if none specified appropriate vdevs will be created by the script
# SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
#
# The purpose of the script is to automate ipsec-secgw testing
# using another system running linux as a DUT.
# It expects that SUT and DUT are connected through at least 2 NICs.
# One NIC is expected to be managed by linux both machines,
# and will be used as a control path
# Make sure user from SUT can ssh to DUT without entering password.
# Second NIC (test-port) should be reserved for DPDK on SUT,
# and should be managed by linux on DUT.
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
# Then configures local tap iface and remote iface and ipsec policies
# in the following way:
# traffic going over test-port in both directions has to be
# protected by ipsec.
# Traffic going over TAP in both directions doesn't have to be protected.
# I.E:
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
# Then tries to perform some data transfer using the scheme described above.
#
DIR=`dirname $0`
PROTO=$1
MODE=$2
. ${DIR}/common_defs.sh
select_mode
. ${DIR}/${MODE}_defs.sh
if [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then
config_secgw
else
config_secgw_mixed
fi
secgw_start
. ${DIR}/data_rxtx.sh
if [[ "${PROTO}" == "ipv4-ipv4" ]]; then
config_iface
config_remote_xfrm_44
set_local_mtu ${MTU_LEN}
ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV4}
st=$?
fi
elif [[ "${PROTO}" == "ipv4-ipv6" ]]; then
if [[ "${MODE}" == trs* ]]; then
echo "Cannot mix protocols in transport mode"
secgw_stop
exit 1
fi
config6_iface
config_remote_xfrm_46
set_local_mtu ${MTU_LEN}
ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV4}
st=$?
fi
elif [[ "${PROTO}" == "ipv6-ipv4" ]]; then
if [[ "${MODE}" == trs* ]]; then
echo "Cannot mix protocols in transport mode"
secgw_stop
exit 1
fi
config6_iface
config_remote_xfrm_64
set_local_mtu ${MTU_LEN}
ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV6}
st=$?
fi
elif [[ "${PROTO}" == "ipv6-ipv6" ]]; then
config6_iface
config_remote_xfrm_66
set_local_mtu ${MTU_LEN}
ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV6}
st=$?
fi
else
echo "Invalid <proto>"
st=128
fi
secgw_stop
exit $st

70
examples/ipsec-secgw/test/linux_test4.sh
View File

@ -1,70 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
# usage: /bin/bash linux_test4.sh <ipsec_mode>
# for list of available modes please refer to run_test.sh.
# ipsec-secgw (IPv4 mode) functional test script.
#
# Note that for most of them you required appropriate crypto PMD/device
# to be avaialble.
# Also user has to setup properly the following environment variables:
# SGW_PATH - path to the ipsec-secgw binary to test
# REMOTE_HOST - ip/hostname of the DUT
# REMOTE_IFACE - iface name for the test-port on DUT
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
# Also user can optonally setup:
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
# if none specified appropriate vdevs will be created by the scrit
# MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
#
# The purpose of the script is to automate ipsec-secgw testing
# using another system running linux as a DUT.
# It expects that SUT and DUT are connected through at least 2 NICs.
# One NIC is expected to be managed by linux both machines,
# and will be used as a control path
# Make sure user from SUT can ssh to DUT without entering password.
# Second NIC (test-port) should be reserved for DPDK on SUT,
# and should be managed by linux on DUT.
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
# Then configures local tap iface and remote iface and ipsec policies
# in the following way:
# traffic going over test-port in both directions has to be
# protected by ipsec.
# raffic going over TAP in both directions doesn't have to be protected.
# I.E:
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
# Then tries to perorm some data transfer using the scheme decribed above.
#
DIR=`dirname $0`
MODE=$1
. ${DIR}/common_defs.sh
. ${DIR}/${MODE}_defs.sh
select_mode
config_secgw
secgw_start
config_iface
config_remote_xfrm
. ${DIR}/data_rxtx.sh
set_local_mtu ${MTU_LEN}
ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV4}
st=$?
fi
secgw_stop
exit $st

71
examples/ipsec-secgw/test/linux_test6.sh
View File

@ -1,71 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
# usage: /bin/bash linux_test6.sh <ipsec_mode>
# for list of available modes please refer to run_test.sh.
# ipsec-secgw (IPv6 mode) functional test script.
#
# Note that for most of them you required appropriate crypto PMD/device
# to be avaialble.
# Also user has to setup properly the following environment variables:
# SGW_PATH - path to the ipsec-secgw binary to test
# REMOTE_HOST - ip/hostname of the DUT
# REMOTE_IFACE - iface name for the test-port on DUT
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
# Also user can optonally setup:
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
# if none specified appropriate vdevs will be created by the scrit
# MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
#
# The purpose of the script is to automate ipsec-secgw testing
# using another system running linux as a DUT.
# It expects that SUT and DUT are connected through at least 2 NICs.
# One NIC is expected to be managed by linux both machines,
# and will be used as a control path.
# Make sure user from SUT can ssh to DUT without entering password,
# also make sure that sshd over ipv6 is enabled.
# Second NIC (test-port) should be reserved for DPDK on SUT,
# and should be managed by linux on DUT.
# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
# Then configures local tap iface and remote iface and ipsec policies
# in the following way:
# traffic going over test-port in both directions has to be
# protected by ipsec.
# raffic going over TAP in both directions doesn't have to be protected.
# I.E:
# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
# Then tries to perorm some data transfer using the scheme decribed above.
#
DIR=`dirname $0`
MODE=$1
. ${DIR}/common_defs.sh
. ${DIR}/${MODE}_defs.sh
select_mode
config_secgw
secgw_start
config6_iface
config6_remote_xfrm
. ${DIR}/data_rxtx.sh
set_local_mtu ${MTU_LEN}
ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
st=$?
if [[ $st -eq 0 ]]; then
set_local_mtu ${DEF_MTU_LEN}
scp_test1 ${REMOTE_IPV6}
st=$?
fi
secgw_stop
exit $st

121
examples/ipsec-secgw/test/load_env.sh Normal file
View File

@ -0,0 +1,121 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
DIR=`dirname $0`
regular=0
inline_on=0
fallback_on=0
legacy_only=0
fallback_val="lookaside-none"
crypto_prim=""
multi_seg_val=""
while getopts ":iflsrc" opt
do
case $opt in
i)
inline_on=1
;;
f)
fallback_on=1
;;
l)
legacy_only=1
;;
s)
multi_seg_val="SGW_MULTI_SEG=128"
;;
r)
regular=1
;;
c)
crypto_prim="CRYPTO_PRIM_TYPE=cpu-crypto"
fallback_val="cpu-crypto"
;;
esac
done
shift $((OPTIND -1))
PROTO=$1
MODE=$2
# test scenarios to set up for regular test
TEST_MODES_REGULAR="legacy \
library \
library_esn \
library_esn_atom"
# test scenarios to set up for inline test
TEST_MODES_INLINE="legacy_inline \
library_inline"
# test scenarios to set up for fallback test
TEST_MODES_FALLBACK="library_fallback"
# env variables to export for specific test scenarios
default="SGW_MODE=legacy SGW_ESN=esn-off SGW_ATOM=atom-off SGW_CRYPTO=regular \
SGW_CRYPTO_FLBK= ${multi_seg_val}"
legacy="${default} CRYPTO_PRIM_TYPE="
library="${default} SGW_MODE=library ${crypto_prim}"
library_esn="${default} SGW_MODE=library SGW_ESN=esn-on ${crypto_prim}"
library_esn_atom="${default} SGW_MODE=library SGW_ESN=esn-on SGW_ATOM=atom-on \
${crypto_prim}"
legacy_inline="${default} SGW_CRYPTO=inline CRYPTO_PRIM_TYPE="
library_inline="${default} SGW_MODE=library SGW_CRYPTO=inline CRYPTO_PRIM_TYPE="
library_fallback="${default} SGW_MODE=library SGW_CRYPTO=inline \
SGW_CRYPTO_FLBK=${fallback_val} SGW_MULTI_SEG=128 CRYPTO_PRIM_TYPE="
# export needed env variables and run tests
if [[ ${regular} -eq 1 ]]; then
for i in ${TEST_MODES_REGULAR}; do
if [[ ${legacy_only} -eq 1 && "${i}" != *legacy* ]]; then
continue
elif [[ ${legacy_only} -eq 0 && "${i}" == *legacy* ]]; then
continue
fi
for x in ${!i}; do
export ${x}
done
/bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
st=$?
if [[ ${st} -ne 0 ]]; then
exit ${st}
fi
done
elif [[ ${inline_on} -eq 1 || ${fallback_on} -eq 1 ]]; then
if [[ ${inline_on} -eq 1 ]]; then
for i in ${TEST_MODES_INLINE}; do
if [[ ${legacy_only} -eq 1 && "${i}" != *legacy* ]]
then
continue
elif [[ ${legacy_only} -eq 0 && "${i}" == *legacy* ]]
then
continue
fi
for x in ${!i}; do
export ${x}
done
/bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
st=$?
if [[ ${st} -ne 0 ]]; then
exit ${st}
fi
done
fi
if [[ ${fallback_on} -eq 1 ]]; then
for i in ${TEST_MODES_FALLBACK}; do
for x in ${!i}; do
export ${x}
done
/bin/bash ${DIR}/linux_test.sh ${PROTO} ${MODE}
st=$?
if [[ ${st} -ne 0 ]]; then
exit ${st}
fi
done
fi
fi
exit 0

201
examples/ipsec-secgw/test/run_test.sh
View File

@ -1,69 +1,67 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
# usage: /bin/bash run_test.sh [-46]
# Run all defined linux_test[4,6].sh test-cases one by one
# user has to setup properly the following environment variables:
# Usage: /bin/bash run_test.sh [-46miflscph] <ipsec_mode>
# Run all defined linux_test.sh test-cases one by one
# If <ipsec_mode> is specified, run only that test case
# User has to setup properly the following environment variables:
# SGW_PATH - path to the ipsec-secgw binary to test
# REMOTE_HOST - ip/hostname of the DUT
# REMOTE_IFACE - iface name for the test-port on DUT
# ETH_DEV - ethernet device to be used on SUT by DPDK ('-w <pci-id>')
# Also user can optonally setup:
# Also user can optionally setup:
# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0)
# CRYPTO_DEV - crypto device to be used ('-w <pci-id>')
# if none specified appropriate vdevs will be created by the scrit
# MULTI_SEG_TEST - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. MULTI_SEG_TEST="--reassemble 128")
# refer to linux_test[4,6].sh for more information
# if none specified appropriate vdevs will be created by the script
# SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
# specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
# Refer to linux_test.sh for more information
# All supported modes to test.
# naming convention:
# 'old' means that ipsec-secgw will run in legacy (non-librte_ipsec mode)
# All supported modes to test:
# trs_3descbc_sha1
# trs_aescbc_sha1
# trs_aesctr_sha1
# trs_aesgcm
# tun_3descbc_sha1
# tun_aescbc_sha1
# tun_aesctr_sha1
# tun_aesgcm
# Naming convention:
# 'tun/trs' refer to tunnel/transport mode respectively
usage()
{
echo "Usage:"
echo -e "\t$0 -[46p]"
echo -e "\t$0 -[46miflscph] <ipsec_mode>"
echo -e "\t\t-4 Perform Linux IPv4 network tests"
echo -e "\t\t-6 Perform Linux IPv6 network tests"
echo -e "\t\t-m Add mixed IP protocol tests to IPv4/IPv6 \
(only with option [-46])"
echo -e "\t\t-i Run inline tests (only with option [-46])"
echo -e "\t\t-f Run fallback tests (only with option [-46])"
echo -e "\t\t-l Run tests in legacy mode"
echo -e "\t\t-s Run all tests with reassembly support \
(on default only fallback tests use reassembly support)"
echo -e "\t\t-c Run tests with use of cpu-crypto \
(on default lookaside-none is used)"
echo -e "\t\t-p Perform packet validation tests"
echo -e "\t\t-h Display this help"
echo -e "\t\t<ipsec_mode> Run only specified test case i.e. tun_aesgcm"
}
LINUX_TEST="tun_aescbc_sha1 \
tun_aescbc_sha1_esn \
tun_aescbc_sha1_esn_atom \
tun_aesgcm \
tun_aesgcm_esn \
tun_aesgcm_esn_atom \
LINUX_TEST="trs_3descbc_sha1 \
trs_aescbc_sha1 \
trs_aescbc_sha1_esn \
trs_aescbc_sha1_esn_atom \
trs_aesgcm \
trs_aesgcm_esn \
trs_aesgcm_esn_atom \
tun_aescbc_sha1_old \
tun_aesgcm_old \
trs_aescbc_sha1_old \
trs_aesgcm_old \
tun_aesctr_sha1 \
tun_aesctr_sha1_old \
tun_aesctr_sha1_esn \
tun_aesctr_sha1_esn_atom \
trs_aesctr_sha1 \
trs_aesctr_sha1_old \
trs_aesctr_sha1_esn \
trs_aesctr_sha1_esn_atom \
trs_aesgcm \
tun_3descbc_sha1 \
tun_3descbc_sha1_old \
tun_3descbc_sha1_esn \
tun_3descbc_sha1_esn_atom \
trs_3descbc_sha1 \
trs_3descbc_sha1_old \
trs_3descbc_sha1_esn \
trs_3descbc_sha1_esn_atom"
tun_aescbc_sha1 \
tun_aesctr_sha1 \
tun_aesgcm"
LINUX_TEST_INLINE_FALLBACK="trs_aesgcm \
tun_aesgcm"
LINUX_TEST_RUN=""
PKT_TESTS="trs_ipv6opts \
tun_null_header_reconstruct"
@ -74,7 +72,14 @@ DIR=$(dirname $0)
run4=0
run6=0
runpkt=0
while getopts ":46ph" opt
mixed=0
inline=0
fallback=0
legacy=0
multi_seg=0
cpu_crypto=0
options=""
while getopts ":46miflscph" opt
do
case $opt in
4)
@ -83,6 +88,27 @@ do
6)
run6=1
;;
m)
mixed=1
;;
i)
inline=1
;;
f)
fallback=1
;;
l)
legacy=1
options="${options} -l"
;;
s)
multi_seg=1
options="${options} -s"
;;
c)
cpu_crypto=1
options="${options} -c"
;;
p)
runpkt=1
;;
@ -98,12 +124,27 @@ do
esac
done
shift $((OPTIND -1))
LINUX_TEST_RUN=$*
# no test suite has been selected
if [[ ${run4} -eq 0 && ${run6} -eq 0 && ${runpkt} -eq 0 ]]; then
usage
exit 127
fi
# check parameters
if [[ ${legacy} -eq 1 ]] && [[ ${multi_seg} -eq 1 || ${fallback} -eq 1 \
|| ${cpu_crypto} -eq 1 ]]; then
echo "Fallback/reassembly/cpu-crypto cannot be used with legacy mode"
exit 127
fi
if [[ ${cpu_crypto} -eq 1 && ${inline} -eq 1 && ${fallback} -eq 0 ]]; then
echo "cpu-crypto cannot be used with inline mode"
exit 127
fi
# perform packet processing validation tests
st=0
if [ $runpkt -eq 1 ]; then
@ -118,30 +159,84 @@ if [ $runpkt -eq 1 ]; then
fi
fi
# perform network tests
if [[ ${run4} -eq 1 || ${run6} -eq 1 ]]; then
for i in ${LINUX_TEST}; do
desc=""
echo "starting test ${i}"
# set inline/fallback tests if needed
if [[ ${inline} -eq 1 || ${fallback} -eq 1 ]]; then
# add inline option if needed
if [[ ${inline} -eq 1 ]]; then
options="${options} -i"
desc="inline"
fi
# add fallback option if needed
if [[ ${fallback} -eq 1 ]]; then
options="${options} -f"
if [[ "${desc}" == "inline" ]]; then
desc="${desc} and fallback"
else
desc="fallback"
fi
fi
# select tests to run
if [[ -z "${LINUX_TEST_RUN}" ]]; then
LINUX_TEST_RUN="${LINUX_TEST_INLINE_FALLBACK}"
fi
else
options="${options} -r"
fi
# select tests to run
if [[ -z "${LINUX_TEST_RUN}" ]]; then
LINUX_TEST_RUN="${LINUX_TEST}"
fi
# perform selected tests
if [[ ${run4} -eq 1 || ${run6} -eq 1 ]] ; then
for i in ${LINUX_TEST_RUN}; do
echo "starting ${desc} test ${i}"
st4=0
st4m=0
if [[ ${run4} -ne 0 ]]; then
/bin/bash ${DIR}/linux_test4.sh ${i}
/bin/bash ${DIR}/load_env.sh ${options} ipv4-ipv4 ${i}
st4=$?
echo "test4 ${i} finished with status ${st4}"
echo "${desc} test IPv4 ${i} finished with status \
${st4}"
if [[ ${mixed} -ne 0 ]] && [[ "${i}" == tun* ]]; then
/bin/bash ${DIR}/load_env.sh ${options} \
ipv4-ipv6 ${i}
st4m=$?
echo "${desc} test IPv4-IPv6 ${i} finished with\
status ${st4m}"
fi
fi
st6=0
st6m=0
if [[ ${run6} -ne 0 ]]; then
/bin/bash ${DIR}/linux_test6.sh ${i}
/bin/bash ${DIR}/load_env.sh ${options} ipv6-ipv6 ${i}
st6=$?
echo "test6 ${i} finished with status ${st6}"
echo "${desc} test IPv6 ${i} finished with status \
${st6}"
if [[ ${mixed} -ne 0 ]] && [[ "${i}" == tun* ]]; then
/bin/bash ${DIR}/load_env.sh ${options} \
ipv6-ipv4 ${i}
st6m=$?
echo "${desc} test IPv6-IPv4 ${i} finished with\
status ${st6m}"
fi
fi
let "st = st4 + st6"
let "st = st4 + st6 + st4m + st6m"
if [[ $st -ne 0 ]]; then
echo "ERROR test ${i} FAILED"
echo "ERROR ${desc} test ${i} FAILED"
exit $st
fi
done
fi
echo "All tests have ended successfully"

8
examples/ipsec-secgw/test/trs_3descbc_sha1_common_defs.sh
View File

@ -33,14 +33,14 @@ cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo 3des-cbc \
@ -48,7 +48,7 @@ cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#SA out rules
sa out 9 cipher_algo 3des-cbc \
@ -56,7 +56,7 @@ cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

17
examples/ipsec-secgw/test/trs_3descbc_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/trs_3descbc_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 \
proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 \
proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
@ -36,9 +36,10 @@ enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_66()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 \
proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 \
proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/trs_3descbc_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_3descbc_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

67
examples/ipsec-secgw/test/trs_3descbc_sha1_esn_defs.sh
View File

@ -1,67 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_3descbc_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/trs_3descbc_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_3descbc_sha1_defs.sh
SGW_CMD_XPRM=

8
examples/ipsec-secgw/test/trs_aescbc_sha1_common_defs.sh
View File

@ -32,27 +32,27 @@ sa in 7 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#SA out rules
sa out 9 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

17
examples/ipsec-secgw/test/trs_aescbc_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/trs_aescbc_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 \
proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 \
proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
@ -36,9 +36,10 @@ enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_66()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 \
proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 \
proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aescbc_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

67
examples/ipsec-secgw/test/trs_aescbc_sha1_esn_defs.sh
View File

@ -1,67 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aescbc_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/trs_aescbc_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aescbc_sha1_defs.sh
SGW_CMD_XPRM=

8
examples/ipsec-secgw/test/trs_aesctr_sha1_common_defs.sh
View File

@ -32,27 +32,27 @@ sa in 7 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#SA out rules
sa out 9 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

17
examples/ipsec-secgw/test/trs_aesctr_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/trs_aesctr_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 \
proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 \
proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
@ -36,9 +36,10 @@ enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_66()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -53,13 +54,13 @@ tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 \
proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 \
proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/trs_aesctr_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesctr_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

67
examples/ipsec-secgw/test/trs_aesctr_sha1_esn_defs.sh
View File

@ -1,67 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesctr_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/trs_aesctr_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesctr_sha1_defs.sh
SGW_CMD_XPRM=

8
examples/ipsec-secgw/test/trs_aesgcm_common_defs.sh
View File

@ -30,20 +30,20 @@ sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 7 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM} ${SGW_CFG_XPRM_IN}
mode transport ${SGW_CFG_XPRM_IN}
sa in 9 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM} ${SGW_CFG_XPRM_IN}
mode transport ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
sa out 9 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode transport ${SGW_CFG_XPRM}
mode transport ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

17
examples/ipsec-secgw/test/trs_aesgcm_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/trs_aesgcm_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -22,13 +22,13 @@ tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 \
proto esp spi 7 reqid 1 mode transport replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 \
proto esp spi 7 reqid 2 mode transport replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
@ -36,9 +36,10 @@ aead "rfc4106\(gcm\(aes\)\)" \
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_66()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -52,13 +53,13 @@ tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 \
proto esp spi 9 reqid 3 mode transport replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 \
proto esp spi 9 reqid 4 mode transport replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128

6
examples/ipsec-secgw/test/trs_aesgcm_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

67
examples/ipsec-secgw/test/trs_aesgcm_esn_defs.sh
View File

@ -1,67 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode transport replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode transport replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl proto esp mode transport reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl proto esp mode transport reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode transport replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode transport replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

7
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_defs.sh
View File

@ -1,7 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_defs.sh
CRYPTO_DEV='--vdev="crypto_null0"'
SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'

10
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_fallback_defs.sh
View File

@ -1,10 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_defs.sh
if [[ -z "${CRYPTO_FLBK_TYPE}" ]]; then
CRYPTO_FLBK_TYPE="fallback lookaside-none"
fi
SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload ${CRYPTO_FLBK_TYPE}"

6
examples/ipsec-secgw/test/trs_aesgcm_inline_crypto_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_inline_crypto_defs.sh
SGW_CMD_XPRM=

6
examples/ipsec-secgw/test/trs_aesgcm_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/trs_aesgcm_defs.sh
SGW_CMD_XPRM=

76
examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh
View File

@ -33,14 +33,14 @@ cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo 3des-cbc \
@ -48,14 +48,82 @@ cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
sa out 9 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
#neighbours
neigh port 0 ${REMOTE_MAC}
neigh port 1 ${LOCAL_MAC}
EOF
cat ${SGW_CFG_FILE}
}
config_secgw_mixed()
{
cat <<EOF > ${SGW_CFG_FILE}
#sp in IPv4 rules
sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv4 rules
sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
#sp in IPv6 rules
sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv6 rules
sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 8 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
sa in 6 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
#SA out rules
sa out 8 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
sa out 6 cipher_algo 3des-cbc \
cipher_key \
de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

87
examples/ipsec-secgw/test/tun_3descbc_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/tun_3descbc_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
@ -38,9 +38,80 @@ enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_46()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_64()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_66()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/tun_3descbc_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_3descbc_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

71
examples/ipsec-secgw/test/tun_3descbc_sha1_esn_defs.sh
View File

@ -1,71 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_3descbc_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "cbc\(des3_ede\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/tun_3descbc_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_3descbc_sha1_defs.sh
SGW_CMD_XPRM=

72
examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh
View File

@ -32,26 +32,90 @@ sa in 7 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
sa out 9 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
#neighbours
neigh port 0 ${REMOTE_MAC}
neigh port 1 ${LOCAL_MAC}
EOF
cat ${SGW_CFG_FILE}
}
config_secgw_mixed()
{
cat <<EOF > ${SGW_CFG_FILE}
#sp in IPv4 rules
sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv4 rules
sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
#sp in IPv6 rules
sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv6 rules
sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 8 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
sa in 6 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
#SA out rules
sa out 8 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
sa out 6 cipher_algo aes-128-cbc \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

87
examples/ipsec-secgw/test/tun_aescbc_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/tun_aescbc_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
@ -38,9 +38,80 @@ enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_46()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_64()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_66()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aescbc_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

71
examples/ipsec-secgw/test/tun_aescbc_sha1_esn_defs.sh
View File

@ -1,71 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aescbc_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc aes 0xdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/tun_aescbc_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aescbc_sha1_defs.sh
SGW_CMD_XPRM=

72
examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh
View File

@ -32,26 +32,90 @@ sa in 7 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
sa in 9 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
sa out 9 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
#neighbours
neigh port 0 ${REMOTE_MAC}
neigh port 1 ${LOCAL_MAC}
EOF
cat ${SGW_CFG_FILE}
}
config_secgw_mixed()
{
cat <<EOF > ${SGW_CFG_FILE}
#sp in IPv4 rules
sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv4 rules
sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
#sp in IPv6 rules
sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv6 rules
sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 8 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
sa in 6 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
#SA out rules
sa out 8 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
sa out 6 cipher_algo aes-128-ctr \
cipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
auth_algo sha1-hmac \
auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

87
examples/ipsec-secgw/test/tun_aesctr_sha1_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/tun_aesctr_sha1_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
@ -38,9 +38,80 @@ enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_46()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_64()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_66()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef

6
examples/ipsec-secgw/test/tun_aesctr_sha1_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesctr_sha1_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

71
examples/ipsec-secgw/test/tun_aesctr_sha1_esn_defs.sh
View File

@ -1,71 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesctr_sha1_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
auth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \
enc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

6
examples/ipsec-secgw/test/tun_aesctr_sha1_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesctr_sha1_defs.sh
SGW_CMD_XPRM=

66
examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh
View File

@ -30,22 +30,76 @@ sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 7 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM} \
${SGW_CFG_XPRM_IN}
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
sa in 9 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM} \
${SGW_CFG_XPRM_IN}
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 7 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM}
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
sa out 9 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM}
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0
rt ipv4 dst ${LOCAL_IPV4}/32 port 1
rt ipv6 dst ${REMOTE_IPV6}/128 port 0
rt ipv6 dst ${LOCAL_IPV6}/128 port 1
#neighbours
neigh port 0 ${REMOTE_MAC}
neigh port 1 ${LOCAL_MAC}
EOF
cat ${SGW_CFG_FILE}
}
config_secgw_mixed()
{
cat <<EOF > ${SGW_CFG_FILE}
#sp in IPv4 rules
sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv4 rules
sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
sport 0:65535 dport 0:65535
sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
#sp in IPv6 rules
sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
#SP out IPv6 rules
sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
sport 0:65535 dport 0:65535
sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
#SA in rules
sa in 8 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
sa in 6 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
#SA out rules
sa out 8 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
sa out 6 aead_algo aes-128-gcm \
aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
#Routing rules
rt ipv4 dst ${REMOTE_IPV4}/32 port 0

87
examples/ipsec-secgw/test/tun_aesgcm_defs.sh
View File

@ -3,9 +3,9 @@
. ${DIR}/tun_aesgcm_common_defs.sh
SGW_CMD_XPRM='-w 300 -l'
SGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}"
config_remote_xfrm()
config_remote_xfrm_44()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
@ -24,13 +24,13 @@ proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
@ -38,9 +38,80 @@ aead "rfc4106\(gcm\(aes\)\)" \
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
config_remote_xfrm_46()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
sel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
sel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_64()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
sel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128 \
sel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config_remote_xfrm_66()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
@ -56,13 +127,13 @@ proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128

6
examples/ipsec-secgw/test/tun_aesgcm_esn_atom_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_esn_defs.sh
SGW_CMD_XPRM='-e -a -w 300 -l'

71
examples/ipsec-secgw/test/tun_aesgcm_esn_defs.sh
View File

@ -1,71 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_common_defs.sh
SGW_CMD_XPRM='-e -w 300 -l'
config_remote_xfrm()
{
ssh ${REMOTE_HOST} ip xfrm policy flush
ssh ${REMOTE_HOST} ip xfrm state flush
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp mode tunnel reqid 1
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp mode tunnel reqid 2
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \
proto esp spi 7 reqid 1 mode tunnel replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \
proto esp spi 7 reqid 2 mode tunnel replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}
config6_remote_xfrm()
{
config_remote_xfrm
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
dir out ptype main action allow \
tmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp mode tunnel reqid 3
ssh ${REMOTE_HOST} ip xfrm policy add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
dir in ptype main action allow \
tmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp mode tunnel reqid 4
ssh ${REMOTE_HOST} ip xfrm state add \
src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \
proto esp spi 9 reqid 3 mode tunnel replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm state add \
src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \
proto esp spi 9 reqid 4 mode tunnel replay-window 64 flag esn \
aead "rfc4106\(gcm\(aes\)\)" \
0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 128
ssh ${REMOTE_HOST} ip xfrm policy list
ssh ${REMOTE_HOST} ip xfrm state list
}

7
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_defs.sh
View File

@ -1,7 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_defs.sh
CRYPTO_DEV='--vdev="crypto_null0"'
SGW_CFG_XPRM='port_id 0 type inline-crypto-offload'

10
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_fallback_defs.sh
View File

@ -1,10 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_defs.sh
if [[ -z "${CRYPTO_FLBK_TYPE}" ]]; then
CRYPTO_FLBK_TYPE="fallback lookaside-none"
fi
SGW_CFG_XPRM_IN="port_id 0 type inline-crypto-offload ${CRYPTO_FLBK_TYPE}"

6
examples/ipsec-secgw/test/tun_aesgcm_inline_crypto_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_inline_crypto_defs.sh
SGW_CMD_XPRM=

6
examples/ipsec-secgw/test/tun_aesgcm_old_defs.sh
View File

@ -1,6 +0,0 @@
#! /bin/bash
# SPDX-License-Identifier: BSD-3-Clause
. ${DIR}/tun_aesgcm_defs.sh
SGW_CMD_XPRM=