xref: /dpdk/examples/ipsec-secgw/test/tun_aescbc_sha1_common_defs.sh (revision 9dbc4e21e752ca98e23205c3d1bac53e03e934b3) 
192978445SKonstantin Ananyev#! /bin/bash
21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause
392978445SKonstantin Ananyev
492978445SKonstantin AnanyevCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
592978445SKonstantin Ananyev
692978445SKonstantin Ananyev#generate cfg file for ipsec-secgw
792978445SKonstantin Ananyevconfig_secgw()
892978445SKonstantin Ananyev{
992978445SKonstantin Ananyev	cat <<EOF > ${SGW_CFG_FILE}
1092978445SKonstantin Ananyev#sp in IPv4 rules
1192978445SKonstantin Ananyevsp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
1292978445SKonstantin Ananyevsport 0:65535 dport 0:65535
1392978445SKonstantin Ananyevsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
1492978445SKonstantin Ananyev
1592978445SKonstantin Ananyev#SP out IPv4 rules
1692978445SKonstantin Ananyevsp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
1792978445SKonstantin Ananyevsport 0:65535 dport 0:65535
1892978445SKonstantin Ananyevsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
1992978445SKonstantin Ananyev
2092978445SKonstantin Ananyev#sp in IPv6 rules
2192978445SKonstantin Ananyevsp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
2292978445SKonstantin Ananyevsport 0:65535 dport 0:65535
2392978445SKonstantin Ananyevsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
2492978445SKonstantin Ananyev
2592978445SKonstantin Ananyev#SP out IPv6 rules
2692978445SKonstantin Ananyevsp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
2792978445SKonstantin Ananyevsport 0:65535 dport 0:65535
2892978445SKonstantin Ananyevsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
2992978445SKonstantin Ananyev
3092978445SKonstantin Ananyev#SA in rules
3192978445SKonstantin Ananyevsa in 7 cipher_algo aes-128-cbc \
3292978445SKonstantin Ananyevcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
3392978445SKonstantin Ananyevauth_algo sha1-hmac \
3492978445SKonstantin Ananyevauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
35*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
3692978445SKonstantin Ananyev
3792978445SKonstantin Ananyevsa in 9 cipher_algo aes-128-cbc \
3892978445SKonstantin Ananyevcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
3992978445SKonstantin Ananyevauth_algo sha1-hmac \
4092978445SKonstantin Ananyevauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
41*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
4292978445SKonstantin Ananyev
4392978445SKonstantin Ananyev#SA out rules
4492978445SKonstantin Ananyevsa out 7 cipher_algo aes-128-cbc \
4592978445SKonstantin Ananyevcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
4692978445SKonstantin Ananyevauth_algo sha1-hmac \
4792978445SKonstantin Ananyevauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
48*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
4992978445SKonstantin Ananyev
5092978445SKonstantin Ananyevsa out 9 cipher_algo aes-128-cbc \
5192978445SKonstantin Ananyevcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
5292978445SKonstantin Ananyevauth_algo sha1-hmac \
5392978445SKonstantin Ananyevauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
54*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
55*9dbc4e21SMariusz Drost
56*9dbc4e21SMariusz Drost#Routing rules
57*9dbc4e21SMariusz Drostrt ipv4 dst ${REMOTE_IPV4}/32 port 0
58*9dbc4e21SMariusz Drostrt ipv4 dst ${LOCAL_IPV4}/32 port 1
59*9dbc4e21SMariusz Drost
60*9dbc4e21SMariusz Drostrt ipv6 dst ${REMOTE_IPV6}/128 port 0
61*9dbc4e21SMariusz Drostrt ipv6 dst ${LOCAL_IPV6}/128 port 1
62*9dbc4e21SMariusz Drost
63*9dbc4e21SMariusz Drost#neighbours
64*9dbc4e21SMariusz Drostneigh port 0 ${REMOTE_MAC}
65*9dbc4e21SMariusz Drostneigh port 1 ${LOCAL_MAC}
66*9dbc4e21SMariusz DrostEOF
67*9dbc4e21SMariusz Drost
68*9dbc4e21SMariusz Drost	cat ${SGW_CFG_FILE}
69*9dbc4e21SMariusz Drost}
70*9dbc4e21SMariusz Drost
71*9dbc4e21SMariusz Drostconfig_secgw_mixed()
72*9dbc4e21SMariusz Drost{
73*9dbc4e21SMariusz Drost	cat <<EOF > ${SGW_CFG_FILE}
74*9dbc4e21SMariusz Drost#sp in IPv4 rules
75*9dbc4e21SMariusz Drostsp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
76*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
77*9dbc4e21SMariusz Drostsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
78*9dbc4e21SMariusz Drost
79*9dbc4e21SMariusz Drost#SP out IPv4 rules
80*9dbc4e21SMariusz Drostsp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
81*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
82*9dbc4e21SMariusz Drostsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
83*9dbc4e21SMariusz Drost
84*9dbc4e21SMariusz Drost#sp in IPv6 rules
85*9dbc4e21SMariusz Drostsp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
86*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
87*9dbc4e21SMariusz Drostsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
88*9dbc4e21SMariusz Drost
89*9dbc4e21SMariusz Drost#SP out IPv6 rules
90*9dbc4e21SMariusz Drostsp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
91*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
92*9dbc4e21SMariusz Drostsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
93*9dbc4e21SMariusz Drost
94*9dbc4e21SMariusz Drost#SA in rules
95*9dbc4e21SMariusz Drostsa in 8 cipher_algo aes-128-cbc \
96*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
97*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
98*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
99*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
100*9dbc4e21SMariusz Drost
101*9dbc4e21SMariusz Drostsa in 6 cipher_algo aes-128-cbc \
102*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
103*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
104*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
105*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
106*9dbc4e21SMariusz Drost
107*9dbc4e21SMariusz Drost#SA out rules
108*9dbc4e21SMariusz Drostsa out 8 cipher_algo aes-128-cbc \
109*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
110*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
111*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
112*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
113*9dbc4e21SMariusz Drost
114*9dbc4e21SMariusz Drostsa out 6 cipher_algo aes-128-cbc \
115*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
116*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
117*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
118*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
11992978445SKonstantin Ananyev
12092978445SKonstantin Ananyev#Routing rules
12192978445SKonstantin Ananyevrt ipv4 dst ${REMOTE_IPV4}/32 port 0
12292978445SKonstantin Ananyevrt ipv4 dst ${LOCAL_IPV4}/32 port 1
12392978445SKonstantin Ananyev
12492978445SKonstantin Ananyevrt ipv6 dst ${REMOTE_IPV6}/128 port 0
12592978445SKonstantin Ananyevrt ipv6 dst ${LOCAL_IPV6}/128 port 1
12692978445SKonstantin Ananyev
12792978445SKonstantin Ananyev#neighbours
12892978445SKonstantin Ananyevneigh port 0 ${REMOTE_MAC}
12992978445SKonstantin Ananyevneigh port 1 ${LOCAL_MAC}
13092978445SKonstantin AnanyevEOF
13192978445SKonstantin Ananyev
13292978445SKonstantin Ananyev	cat ${SGW_CFG_FILE}
13392978445SKonstantin Ananyev}
134