19dbc4e21SMariusz Drost#! /bin/bash 29dbc4e21SMariusz Drost# SPDX-License-Identifier: BSD-3-Clause 39dbc4e21SMariusz Drost 49dbc4e21SMariusz Drost# Usage: /bin/bash linux_test.sh <ip_protocol> <ipsec_mode> 59dbc4e21SMariusz Drost# <ip_protocol> can be set to: 69dbc4e21SMariusz Drost# ipv4-ipv4 - only IPv4 traffic 79dbc4e21SMariusz Drost# ipv4-ipv6 - IPv4 traffic over IPv6 ipsec tunnel (only for tunnel mode) 89dbc4e21SMariusz Drost# ipv6-ipv4 - IPv6 traffic over IPv4 ipsec tunnel (only for tunnel mode) 99dbc4e21SMariusz Drost# ipv6-ipv6 - only IPv6 traffic 109dbc4e21SMariusz Drost# For list of available modes please refer to run_test.sh. 119dbc4e21SMariusz Drost# 129dbc4e21SMariusz Drost# Note that most of them require appropriate crypto PMD/device to be available. 139dbc4e21SMariusz Drost# Also user has to setup properly the following environment variables: 149dbc4e21SMariusz Drost# SGW_PATH - path to the ipsec-secgw binary to test 159dbc4e21SMariusz Drost# REMOTE_HOST - ip/hostname of the DUT 169dbc4e21SMariusz Drost# REMOTE_IFACE - iface name for the test-port on DUT 17*db27370bSStephen Hemminger# ETH_DEV - ethernet device to be used on SUT by DPDK ('-a <pci-id>') 189dbc4e21SMariusz Drost# Also user can optionally setup: 199dbc4e21SMariusz Drost# SGW_LCORE - lcore to run ipsec-secgw on (default value is 0) 209dbc4e21SMariusz Drost# SGW_MODE - run ipsec-secgw in legacy mode or with use of library 219dbc4e21SMariusz Drost# values: legacy/library (legacy on default) 229dbc4e21SMariusz Drost# SGW_ESN - run ipsec-secgw with extended sequence number 239dbc4e21SMariusz Drost# values: esn-on/esn-off (esn-off on default) 249dbc4e21SMariusz Drost# SGW_ATOM - run ipsec-secgw with sequence number atomic behavior 259dbc4e21SMariusz Drost# values: atom-on/atom-off (atom-off on default) 269dbc4e21SMariusz Drost# SGW_CRYPTO - run ipsec-secgw with use of inline crypto 279dbc4e21SMariusz Drost# values: inline (unset on default) 289dbc4e21SMariusz Drost# SGW_CRYPTO_FLBK - run ipsec-secgw with crypto fallback configured 299dbc4e21SMariusz Drost# values: cpu-crypto/lookaside-none (unset on default) 309dbc4e21SMariusz Drost# CRYPTO_PRIM_TYPE - run ipsec-secgw with crypto primary type set 319dbc4e21SMariusz Drost# values: cpu-crypto (unset on default) 32*db27370bSStephen Hemminger# CRYPTO_DEV - crypto device to be used ('-a <pci-id>') 339dbc4e21SMariusz Drost# if none specified appropriate vdevs will be created by the script 349dbc4e21SMariusz Drost# SGW_MULTI_SEG - ipsec-secgw option to enable reassembly support and 359dbc4e21SMariusz Drost# specify size of reassembly table (i.e. SGW_MULTI_SEG=128) 369dbc4e21SMariusz Drost# 379dbc4e21SMariusz Drost# The purpose of the script is to automate ipsec-secgw testing 389dbc4e21SMariusz Drost# using another system running linux as a DUT. 399dbc4e21SMariusz Drost# It expects that SUT and DUT are connected through at least 2 NICs. 409dbc4e21SMariusz Drost# One NIC is expected to be managed by linux both machines, 419dbc4e21SMariusz Drost# and will be used as a control path 429dbc4e21SMariusz Drost# Make sure user from SUT can ssh to DUT without entering password. 439dbc4e21SMariusz Drost# Second NIC (test-port) should be reserved for DPDK on SUT, 449dbc4e21SMariusz Drost# and should be managed by linux on DUT. 459dbc4e21SMariusz Drost# The script starts ipsec-secgw with 2 NIC devices: test-port and tap vdev. 469dbc4e21SMariusz Drost# Then configures local tap iface and remote iface and ipsec policies 479dbc4e21SMariusz Drost# in the following way: 489dbc4e21SMariusz Drost# traffic going over test-port in both directions has to be 499dbc4e21SMariusz Drost# protected by ipsec. 509dbc4e21SMariusz Drost# Traffic going over TAP in both directions doesn't have to be protected. 519dbc4e21SMariusz Drost# I.E: 529dbc4e21SMariusz Drost# DUT OS(NIC1)--(ipsec)-->(NIC1)ipsec-secgw(TAP)--(plain)-->(TAP)SUT OS 539dbc4e21SMariusz Drost# SUT OS(TAP)--(plain)-->(TAP)psec-secgw(NIC1)--(ipsec)-->(NIC1)DUT OS 549dbc4e21SMariusz Drost# Then tries to perform some data transfer using the scheme described above. 559dbc4e21SMariusz Drost# 569dbc4e21SMariusz Drost 579dbc4e21SMariusz DrostDIR=`dirname $0` 589dbc4e21SMariusz DrostPROTO=$1 599dbc4e21SMariusz DrostMODE=$2 609dbc4e21SMariusz Drost 619dbc4e21SMariusz Drost . ${DIR}/common_defs.sh 629dbc4e21SMariusz Drost 639dbc4e21SMariusz Drostselect_mode 649dbc4e21SMariusz Drost 659dbc4e21SMariusz Drost . ${DIR}/${MODE}_defs.sh 669dbc4e21SMariusz Drost 679dbc4e21SMariusz Drostif [[ "${PROTO}" == "ipv4-ipv4" ]] || [[ "${PROTO}" == "ipv6-ipv6" ]]; then 689dbc4e21SMariusz Drost config_secgw 699dbc4e21SMariusz Drostelse 709dbc4e21SMariusz Drost config_secgw_mixed 719dbc4e21SMariusz Drostfi 729dbc4e21SMariusz Drost 739dbc4e21SMariusz Drostsecgw_start 749dbc4e21SMariusz Drost 759dbc4e21SMariusz Drost . ${DIR}/data_rxtx.sh 769dbc4e21SMariusz Drost 779dbc4e21SMariusz Drostif [[ "${PROTO}" == "ipv4-ipv4" ]]; then 789dbc4e21SMariusz Drost config_iface 799dbc4e21SMariusz Drost config_remote_xfrm_44 809dbc4e21SMariusz Drost set_local_mtu ${MTU_LEN} 819dbc4e21SMariusz Drost ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN} 829dbc4e21SMariusz Drost 839dbc4e21SMariusz Drost st=$? 849dbc4e21SMariusz Drost if [[ $st -eq 0 ]]; then 859dbc4e21SMariusz Drost set_local_mtu ${DEF_MTU_LEN} 869dbc4e21SMariusz Drost scp_test1 ${REMOTE_IPV4} 879dbc4e21SMariusz Drost st=$? 889dbc4e21SMariusz Drost fi 899dbc4e21SMariusz Drostelif [[ "${PROTO}" == "ipv4-ipv6" ]]; then 909dbc4e21SMariusz Drost if [[ "${MODE}" == trs* ]]; then 919dbc4e21SMariusz Drost echo "Cannot mix protocols in transport mode" 929dbc4e21SMariusz Drost secgw_stop 939dbc4e21SMariusz Drost exit 1 949dbc4e21SMariusz Drost fi 959dbc4e21SMariusz Drost config6_iface 969dbc4e21SMariusz Drost config_remote_xfrm_46 979dbc4e21SMariusz Drost set_local_mtu ${MTU_LEN} 989dbc4e21SMariusz Drost ping_test1 ${REMOTE_IPV4} 0 ${PING_LEN} 999dbc4e21SMariusz Drost 1009dbc4e21SMariusz Drost st=$? 1019dbc4e21SMariusz Drost if [[ $st -eq 0 ]]; then 1029dbc4e21SMariusz Drost set_local_mtu ${DEF_MTU_LEN} 1039dbc4e21SMariusz Drost scp_test1 ${REMOTE_IPV4} 1049dbc4e21SMariusz Drost st=$? 1059dbc4e21SMariusz Drost fi 1069dbc4e21SMariusz Drostelif [[ "${PROTO}" == "ipv6-ipv4" ]]; then 1079dbc4e21SMariusz Drost if [[ "${MODE}" == trs* ]]; then 1089dbc4e21SMariusz Drost echo "Cannot mix protocols in transport mode" 1099dbc4e21SMariusz Drost secgw_stop 1109dbc4e21SMariusz Drost exit 1 1119dbc4e21SMariusz Drost fi 1129dbc4e21SMariusz Drost config6_iface 1139dbc4e21SMariusz Drost config_remote_xfrm_64 1149dbc4e21SMariusz Drost 1159dbc4e21SMariusz Drost set_local_mtu ${MTU_LEN} 1169dbc4e21SMariusz Drost ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN} 1179dbc4e21SMariusz Drost st=$? 1189dbc4e21SMariusz Drost if [[ $st -eq 0 ]]; then 1199dbc4e21SMariusz Drost set_local_mtu ${DEF_MTU_LEN} 1209dbc4e21SMariusz Drost scp_test1 ${REMOTE_IPV6} 1219dbc4e21SMariusz Drost st=$? 1229dbc4e21SMariusz Drost fi 1239dbc4e21SMariusz Drostelif [[ "${PROTO}" == "ipv6-ipv6" ]]; then 1249dbc4e21SMariusz Drost config6_iface 1259dbc4e21SMariusz Drost config_remote_xfrm_66 1269dbc4e21SMariusz Drost set_local_mtu ${MTU_LEN} 1279dbc4e21SMariusz Drost ping6_test1 ${REMOTE_IPV6} 0 ${PING_LEN} 1289dbc4e21SMariusz Drost 1299dbc4e21SMariusz Drost st=$? 1309dbc4e21SMariusz Drost if [[ $st -eq 0 ]]; then 1319dbc4e21SMariusz Drost set_local_mtu ${DEF_MTU_LEN} 1329dbc4e21SMariusz Drost scp_test1 ${REMOTE_IPV6} 1339dbc4e21SMariusz Drost st=$? 1349dbc4e21SMariusz Drost fi 1359dbc4e21SMariusz Drostelse 1369dbc4e21SMariusz Drost echo "Invalid <proto>" 1379dbc4e21SMariusz Drost st=128 1389dbc4e21SMariusz Drostfi 1399dbc4e21SMariusz Drost 1409dbc4e21SMariusz Drostsecgw_stop 1419dbc4e21SMariusz Drostexit $st 142