xref: /dpdk/examples/ipsec-secgw/test/tun_3descbc_sha1_common_defs.sh (revision 9dbc4e21e752ca98e23205c3d1bac53e03e934b3) 
1#! /bin/bash
2# SPDX-License-Identifier: BSD-3-Clause
3
4CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
5
6#generate cfg file for ipsec-secgw
7config_secgw()
8{
9	cat <<EOF > ${SGW_CFG_FILE}
10#sp in IPv4 rules
11sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
12sport 0:65535 dport 0:65535
13sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
14
15#SP out IPv4 rules
16sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
17sport 0:65535 dport 0:65535
18sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
19
20#sp in IPv6 rules
21sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
22sport 0:65535 dport 0:65535
23sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
24
25#SP out IPv6 rules
26sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
27sport 0:65535 dport 0:65535
28sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
29
30#SA in rules
31sa in 7 cipher_algo 3des-cbc \
32cipher_key \
33de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
34auth_algo sha1-hmac \
35auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
36mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
37
38sa in 9 cipher_algo 3des-cbc \
39cipher_key \
40de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
41auth_algo sha1-hmac \
42auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
43mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
44
45#SA out rules
46sa out 7 cipher_algo 3des-cbc \
47cipher_key \
48de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
49auth_algo sha1-hmac \
50auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
51mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
52
53sa out 9 cipher_algo 3des-cbc \
54cipher_key \
55de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
56auth_algo sha1-hmac \
57auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
58mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
59
60#Routing rules
61rt ipv4 dst ${REMOTE_IPV4}/32 port 0
62rt ipv4 dst ${LOCAL_IPV4}/32 port 1
63
64rt ipv6 dst ${REMOTE_IPV6}/128 port 0
65rt ipv6 dst ${LOCAL_IPV6}/128 port 1
66
67#neighbours
68neigh port 0 ${REMOTE_MAC}
69neigh port 1 ${LOCAL_MAC}
70EOF
71
72	cat ${SGW_CFG_FILE}
73}
74
75config_secgw_mixed()
76{
77	cat <<EOF > ${SGW_CFG_FILE}
78#sp in IPv4 rules
79sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
80sport 0:65535 dport 0:65535
81sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
82
83#SP out IPv4 rules
84sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
85sport 0:65535 dport 0:65535
86sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
87
88#sp in IPv6 rules
89sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
90sport 0:65535 dport 0:65535
91sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
92
93#SP out IPv6 rules
94sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
95sport 0:65535 dport 0:65535
96sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
97
98#SA in rules
99sa in 8 cipher_algo 3des-cbc \
100cipher_key \
101de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
102auth_algo sha1-hmac \
103auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
104mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
105
106sa in 6 cipher_algo 3des-cbc \
107cipher_key \
108de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
109auth_algo sha1-hmac \
110auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
111mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
112
113#SA out rules
114sa out 8 cipher_algo 3des-cbc \
115cipher_key \
116de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
117auth_algo sha1-hmac \
118auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
119mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
120
121sa out 6 cipher_algo 3des-cbc \
122cipher_key \
123de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
124auth_algo sha1-hmac \
125auth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
126mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
127
128#Routing rules
129rt ipv4 dst ${REMOTE_IPV4}/32 port 0
130rt ipv4 dst ${LOCAL_IPV4}/32 port 1
131
132rt ipv6 dst ${REMOTE_IPV6}/128 port 0
133rt ipv6 dst ${LOCAL_IPV6}/128 port 1
134
135#neighbours
136neigh port 0 ${REMOTE_MAC}
137neigh port 1 ${LOCAL_MAC}
138EOF
139
140	cat ${SGW_CFG_FILE}
141}
142