xref: /dpdk/examples/ipsec-secgw/test/tun_aesctr_sha1_common_defs.sh (revision 9dbc4e21e752ca98e23205c3d1bac53e03e934b3) 
18f600988SFan Zhang#! /bin/bash
21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause
38f600988SFan Zhang
48f600988SFan ZhangCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_mb0"'}
58f600988SFan Zhang
68f600988SFan Zhang#generate cfg file for ipsec-secgw
78f600988SFan Zhangconfig_secgw()
88f600988SFan Zhang{
98f600988SFan Zhang	cat <<EOF > ${SGW_CFG_FILE}
108f600988SFan Zhang#sp in IPv4 rules
118f600988SFan Zhangsp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
128f600988SFan Zhangsport 0:65535 dport 0:65535
138f600988SFan Zhangsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
148f600988SFan Zhang
158f600988SFan Zhang#SP out IPv4 rules
168f600988SFan Zhangsp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
178f600988SFan Zhangsport 0:65535 dport 0:65535
188f600988SFan Zhangsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
198f600988SFan Zhang
208f600988SFan Zhang#sp in IPv6 rules
218f600988SFan Zhangsp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
228f600988SFan Zhangsport 0:65535 dport 0:65535
238f600988SFan Zhangsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
248f600988SFan Zhang
258f600988SFan Zhang#SP out IPv6 rules
268f600988SFan Zhangsp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
278f600988SFan Zhangsport 0:65535 dport 0:65535
288f600988SFan Zhangsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
298f600988SFan Zhang
308f600988SFan Zhang#SA in rules
318f600988SFan Zhangsa in 7 cipher_algo aes-128-ctr \
328f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
338f600988SFan Zhangauth_algo sha1-hmac \
348f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
35*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
368f600988SFan Zhang
378f600988SFan Zhangsa in 9 cipher_algo aes-128-ctr \
388f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
398f600988SFan Zhangauth_algo sha1-hmac \
408f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
41*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
428f600988SFan Zhang
438f600988SFan Zhang#SA out rules
448f600988SFan Zhangsa out 7 cipher_algo aes-128-ctr \
458f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
468f600988SFan Zhangauth_algo sha1-hmac \
478f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
48*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
498f600988SFan Zhang
508f600988SFan Zhangsa out 9 cipher_algo aes-128-ctr \
518f600988SFan Zhangcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
528f600988SFan Zhangauth_algo sha1-hmac \
538f600988SFan Zhangauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
54*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
55*9dbc4e21SMariusz Drost
56*9dbc4e21SMariusz Drost#Routing rules
57*9dbc4e21SMariusz Drostrt ipv4 dst ${REMOTE_IPV4}/32 port 0
58*9dbc4e21SMariusz Drostrt ipv4 dst ${LOCAL_IPV4}/32 port 1
59*9dbc4e21SMariusz Drost
60*9dbc4e21SMariusz Drostrt ipv6 dst ${REMOTE_IPV6}/128 port 0
61*9dbc4e21SMariusz Drostrt ipv6 dst ${LOCAL_IPV6}/128 port 1
62*9dbc4e21SMariusz Drost
63*9dbc4e21SMariusz Drost#neighbours
64*9dbc4e21SMariusz Drostneigh port 0 ${REMOTE_MAC}
65*9dbc4e21SMariusz Drostneigh port 1 ${LOCAL_MAC}
66*9dbc4e21SMariusz DrostEOF
67*9dbc4e21SMariusz Drost
68*9dbc4e21SMariusz Drost	cat ${SGW_CFG_FILE}
69*9dbc4e21SMariusz Drost}
70*9dbc4e21SMariusz Drost
71*9dbc4e21SMariusz Drostconfig_secgw_mixed()
72*9dbc4e21SMariusz Drost{
73*9dbc4e21SMariusz Drost	cat <<EOF > ${SGW_CFG_FILE}
74*9dbc4e21SMariusz Drost#sp in IPv4 rules
75*9dbc4e21SMariusz Drostsp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
76*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
77*9dbc4e21SMariusz Drostsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
78*9dbc4e21SMariusz Drost
79*9dbc4e21SMariusz Drost#SP out IPv4 rules
80*9dbc4e21SMariusz Drostsp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
81*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
82*9dbc4e21SMariusz Drostsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
83*9dbc4e21SMariusz Drost
84*9dbc4e21SMariusz Drost#sp in IPv6 rules
85*9dbc4e21SMariusz Drostsp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
86*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
87*9dbc4e21SMariusz Drostsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
88*9dbc4e21SMariusz Drost
89*9dbc4e21SMariusz Drost#SP out IPv6 rules
90*9dbc4e21SMariusz Drostsp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
91*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
92*9dbc4e21SMariusz Drostsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
93*9dbc4e21SMariusz Drost
94*9dbc4e21SMariusz Drost#SA in rules
95*9dbc4e21SMariusz Drostsa in 8 cipher_algo aes-128-ctr \
96*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
97*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
98*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
99*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4}
100*9dbc4e21SMariusz Drost
101*9dbc4e21SMariusz Drostsa in 6 cipher_algo aes-128-ctr \
102*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
103*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
104*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
105*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6}
106*9dbc4e21SMariusz Drost
107*9dbc4e21SMariusz Drost#SA out rules
108*9dbc4e21SMariusz Drostsa out 8 cipher_algo aes-128-ctr \
109*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
110*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
111*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
112*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4}
113*9dbc4e21SMariusz Drost
114*9dbc4e21SMariusz Drostsa out 6 cipher_algo aes-128-ctr \
115*9dbc4e21SMariusz Drostcipher_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
116*9dbc4e21SMariusz Drostauth_algo sha1-hmac \
117*9dbc4e21SMariusz Drostauth_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
118*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6}
1198f600988SFan Zhang
1208f600988SFan Zhang#Routing rules
1218f600988SFan Zhangrt ipv4 dst ${REMOTE_IPV4}/32 port 0
1228f600988SFan Zhangrt ipv4 dst ${LOCAL_IPV4}/32 port 1
1238f600988SFan Zhang
1248f600988SFan Zhangrt ipv6 dst ${REMOTE_IPV6}/128 port 0
1258f600988SFan Zhangrt ipv6 dst ${LOCAL_IPV6}/128 port 1
1268f600988SFan Zhang
1278f600988SFan Zhang#neighbours
1288f600988SFan Zhangneigh port 0 ${REMOTE_MAC}
1298f600988SFan Zhangneigh port 1 ${LOCAL_MAC}
1308f600988SFan ZhangEOF
1318f600988SFan Zhang
1328f600988SFan Zhang	cat ${SGW_CFG_FILE}
1338f600988SFan Zhang}
134