xref: /dpdk/examples/ipsec-secgw/test/bypass_defs.sh (revision 1dc48bce518de1d8cb73f961404a47311c4a248d) 
1ba3f1603SKonstantin Ananyev#! /bin/bash
2*1dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause
3ba3f1603SKonstantin Ananyev
4ba3f1603SKonstantin AnanyevCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_null0"'}
5ba3f1603SKonstantin Ananyev
6ba3f1603SKonstantin Ananyev#generate cfg file for ipsec-secgw
7ba3f1603SKonstantin Ananyevconfig_secgw()
8ba3f1603SKonstantin Ananyev{
9ba3f1603SKonstantin Ananyev	cat <<EOF > ${SGW_CFG_FILE}
10ba3f1603SKonstantin Ananyev
11ba3f1603SKonstantin Ananyevsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
12ba3f1603SKonstantin Ananyevsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
13ba3f1603SKonstantin Ananyev
14ba3f1603SKonstantin Ananyevsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
15ba3f1603SKonstantin Ananyevsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
16ba3f1603SKonstantin Ananyev
17ba3f1603SKonstantin Ananyev#Routing rules
18ba3f1603SKonstantin Ananyevrt ipv4 dst ${REMOTE_IPV4}/32 port 0
19ba3f1603SKonstantin Ananyevrt ipv4 dst ${LOCAL_IPV4}/32 port 1
20ba3f1603SKonstantin Ananyev
21ba3f1603SKonstantin Ananyevrt ipv6 dst ${REMOTE_IPV6}/128 port 0
22ba3f1603SKonstantin Ananyevrt ipv6 dst ${LOCAL_IPV6}/128 port 1
23ba3f1603SKonstantin Ananyev
24ba3f1603SKonstantin Ananyev#neighbours
25ba3f1603SKonstantin Ananyevneigh port 0 ${REMOTE_MAC}
26ba3f1603SKonstantin Ananyevneigh port 1 ${LOCAL_MAC}
27ba3f1603SKonstantin AnanyevEOF
28ba3f1603SKonstantin Ananyev
29ba3f1603SKonstantin Ananyev	cat ${SGW_CFG_FILE}
30ba3f1603SKonstantin Ananyev}
31ba3f1603SKonstantin Ananyev
3269090149SKonstantin AnanyevSGW_CMD_XPRM='-w 300 -l'
33ba3f1603SKonstantin Ananyev
34ba3f1603SKonstantin Ananyevconfig_remote_xfrm()
35ba3f1603SKonstantin Ananyev{
36ba3f1603SKonstantin Ananyev	ssh ${REMOTE_HOST} ip xfrm policy flush
37ba3f1603SKonstantin Ananyev	ssh ${REMOTE_HOST} ip xfrm state flush
38ba3f1603SKonstantin Ananyev
39ba3f1603SKonstantin Ananyev	ssh ${REMOTE_HOST} ip xfrm policy list
40ba3f1603SKonstantin Ananyev	ssh ${REMOTE_HOST} ip xfrm state list
41ba3f1603SKonstantin Ananyev}
42ba3f1603SKonstantin Ananyev
43ba3f1603SKonstantin Ananyevconfig6_remote_xfrm()
44ba3f1603SKonstantin Ananyev{
45ba3f1603SKonstantin Ananyev	config_remote_xfrm
46ba3f1603SKonstantin Ananyev}
47