xref: /dpdk/examples/ipsec-secgw/test/linux_test.sh (revision db27370b57202632ad8830352c1c0ee2dde4542f) 
1#! /bin/bash
2# SPDX-License-Identifier: BSD-3-Clause
3
4# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode>
5# <ip_protocol> can be set to:
6#  ipv4-ipv4 - only IPv4 traffic
7#  ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode)
8#  ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode)
9#  ipv6-ipv6 - only IPv6 traffic
10# For list of available modes please refer to run_test.sh.
11#
12# Note that most of them require appropriate crypto PMD/device to be available.
13# Also user has to setup properly the following environment variables:
14#  SGW_PATH	- path to the ipsec-secgw binary to test
15#  REMOTE_HOST	- ip/hostname of the DUT
16#  REMOTE_IFACE	- iface name for the test-port on DUT
17#  ETH_DEV	- ethernet device to be used on SUT by DPDK ('-a <pci-id>')
18# Also user can optionally setup:
19#  SGW_LCORE	- lcore to run ipsec-secgw on (default value is 0)
20#  SGW_MODE	- run ipsec-secgw in legacy mode or with use of library
21#		values: legacy/library (legacy on default)
22#  SGW_ESN	- run ipsec-secgw with extended sequence number
23#		values: esn-on/esn-off (esn-off on default)
24#  SGW_ATOM	- run ipsec-secgw with sequence number atomic behavior
25#		values: atom-on/atom-off (atom-off on default)
26#  SGW_CRYPTO	- run ipsec-secgw with use of inline crypto
27#		values: inline (unset on default)
28#  SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured
29#		values: cpu-crypto/lookaside-none (unset on default)
30#  CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set
31#		values: cpu-crypto (unset on default)
32#  CRYPTO_DEV - crypto device to be used ('-a <pci-id>')
33#	       if none specified appropriate vdevs will be created by the script
34#  SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and
35#		specify size of reassembly table (i.e. SGW_MULTI_SEG=128)
36#
37# The purpose of the script is to automate ipsec-secgw testing
38# using another system running linux as a DUT.
39# It expects that SUT and DUT are connected through at least 2 NICs.
40# One NIC is expected to be managed by linux both machines,
41# and will be used as a control path
42# Make sure user from SUT can ssh to DUT without entering password.
43# Second NIC (test-port) should be reserved for DPDK on SUT,
44# and should be managed by linux on DUT.
45# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev.
46# Then configures local tap iface and remote iface and ipsec policies
47# in the following way:
48# traffic going over test-port in both directions has to be
49# protected by ipsec.
50# Traffic going over TAP in both directions doesn't have to be protected.
51# I.E:
52# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS
53# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS
54# Then tries to perform some data transfer using the scheme described above.
55#
56
57DIR=`dirname $0`
58PROTO=$1
59MODE=$2
60
61 . ${DIR}/common_defs.sh
62
63select_mode
64
65 . ${DIR}/${MODE}_defs.sh
66
67if [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then
68	config_secgw
69else
70	config_secgw_mixed
71fi
72
73secgw_start
74
75 . ${DIR}/data_rxtx.sh
76
77if [[ "${PROTO}" == "ipv4-ipv4" ]]; then
78	config_iface
79	config_remote_xfrm_44
80	set_local_mtu ${MTU_LEN}
81	ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
82
83	st=$?
84	if [[ $st -eq 0 ]]; then
85		set_local_mtu ${DEF_MTU_LEN}
86		scp_test1 ${REMOTE_IPV4}
87		st=$?
88	fi
89elif [[ "${PROTO}" == "ipv4-ipv6" ]]; then
90	if [[ "${MODE}" == trs* ]]; then
91		echo "Cannot mix protocols in transport mode"
92		secgw_stop
93		exit 1
94	fi
95	config6_iface
96	config_remote_xfrm_46
97	set_local_mtu ${MTU_LEN}
98	ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN}
99
100	st=$?
101	if [[ $st -eq 0 ]]; then
102		set_local_mtu ${DEF_MTU_LEN}
103		scp_test1 ${REMOTE_IPV4}
104		st=$?
105	fi
106elif [[ "${PROTO}" == "ipv6-ipv4" ]]; then
107	if [[ "${MODE}" == trs* ]]; then
108		echo "Cannot mix protocols in transport mode"
109		secgw_stop
110		exit 1
111	fi
112	config6_iface
113	config_remote_xfrm_64
114
115	set_local_mtu ${MTU_LEN}
116	ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
117	st=$?
118	if [[ $st -eq 0 ]]; then
119		set_local_mtu ${DEF_MTU_LEN}
120		scp_test1 ${REMOTE_IPV6}
121		st=$?
122	fi
123elif [[ "${PROTO}" == "ipv6-ipv6" ]]; then
124	config6_iface
125	config_remote_xfrm_66
126	set_local_mtu ${MTU_LEN}
127	ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN}
128
129	st=$?
130	if [[ $st -eq 0 ]]; then
131		set_local_mtu ${DEF_MTU_LEN}
132		scp_test1 ${REMOTE_IPV6}
133		st=$?
134	fi
135else
136	echo "Invalid <proto>"
137	st=128
138fi
139
140secgw_stop
141exit $st
142