18f600988SFan Zhang#! /bin/bash 21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause 38f600988SFan Zhang 48f600988SFan Zhang. ${DIR}/tun_aesctr_sha1_common_defs.sh 58f600988SFan Zhang 6*9dbc4e21SMariusz DrostSGW_CMD_XPRM="${DPDK_VARS} ${DPDK_MODE} ${SGW_CMD_XPRM}" 78f600988SFan Zhang 8*9dbc4e21SMariusz Drostconfig_remote_xfrm_44() 98f600988SFan Zhang{ 108f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy flush 118f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state flush 128f600988SFan Zhang 138f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy add \ 148f600988SFan Zhangsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 158f600988SFan Zhangdir out ptype main action allow \ 168f600988SFan Zhangtmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 178f600988SFan Zhangproto esp mode tunnel reqid 1 188f600988SFan Zhang 198f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy add \ 208f600988SFan Zhangsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 218f600988SFan Zhangdir in ptype main action allow \ 228f600988SFan Zhangtmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 238f600988SFan Zhangproto esp mode tunnel reqid 2 248f600988SFan Zhang 258f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state add \ 268f600988SFan Zhangsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 27*9dbc4e21SMariusz Drostproto esp spi 7 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 288f600988SFan Zhangauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 298f600988SFan Zhangenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 308f600988SFan Zhang 318f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state add \ 328f600988SFan Zhangsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 33*9dbc4e21SMariusz Drostproto esp spi 7 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 348f600988SFan Zhangauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 358f600988SFan Zhangenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 368f600988SFan Zhang 378f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy list 388f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state list 398f600988SFan Zhang} 408f600988SFan Zhang 41*9dbc4e21SMariusz Drostconfig_remote_xfrm_46() 428f600988SFan Zhang{ 43*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 44*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 45*9dbc4e21SMariusz Drost 46*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 47*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 48*9dbc4e21SMariusz Drostdir out ptype main action allow \ 49*9dbc4e21SMariusz Drosttmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 50*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 1 51*9dbc4e21SMariusz Drost 52*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 53*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 54*9dbc4e21SMariusz Drostdir in ptype main action allow \ 55*9dbc4e21SMariusz Drosttmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 56*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 2 57*9dbc4e21SMariusz Drost 58*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 59*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 60*9dbc4e21SMariusz Drostproto esp spi 6 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 61*9dbc4e21SMariusz Drostauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 62*9dbc4e21SMariusz Drostenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 63*9dbc4e21SMariusz Drostsel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} 64*9dbc4e21SMariusz Drost 65*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 66*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 67*9dbc4e21SMariusz Drostproto esp spi 6 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 68*9dbc4e21SMariusz Drostauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 69*9dbc4e21SMariusz Drostenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 70*9dbc4e21SMariusz Drostsel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} 71*9dbc4e21SMariusz Drost 72*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy list 73*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state list 74*9dbc4e21SMariusz Drost} 75*9dbc4e21SMariusz Drost 76*9dbc4e21SMariusz Drostconfig_remote_xfrm_64() 77*9dbc4e21SMariusz Drost{ 78*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 79*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 80*9dbc4e21SMariusz Drost 81*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 82*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 83*9dbc4e21SMariusz Drostdir out ptype main action allow \ 84*9dbc4e21SMariusz Drosttmpl src ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 85*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 1 86*9dbc4e21SMariusz Drost 87*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy add \ 88*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 89*9dbc4e21SMariusz Drostdir in ptype main action allow \ 90*9dbc4e21SMariusz Drosttmpl src ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 91*9dbc4e21SMariusz Drostproto esp mode tunnel reqid 2 92*9dbc4e21SMariusz Drost 93*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 94*9dbc4e21SMariusz Drostsrc ${REMOTE_IPV4} dst ${LOCAL_IPV4} \ 95*9dbc4e21SMariusz Drostproto esp spi 8 reqid 1 mode tunnel replay-window 64 ${XFRM_ESN} \ 96*9dbc4e21SMariusz Drostauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 97*9dbc4e21SMariusz Drostenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 98*9dbc4e21SMariusz Drostsel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} 99*9dbc4e21SMariusz Drost 100*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state add \ 101*9dbc4e21SMariusz Drostsrc ${LOCAL_IPV4} dst ${REMOTE_IPV4} \ 102*9dbc4e21SMariusz Drostproto esp spi 8 reqid 2 mode tunnel replay-window 64 ${XFRM_ESN} \ 103*9dbc4e21SMariusz Drostauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 104*9dbc4e21SMariusz Drostenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 105*9dbc4e21SMariusz Drostsel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} 106*9dbc4e21SMariusz Drost 107*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy list 108*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state list 109*9dbc4e21SMariusz Drost} 110*9dbc4e21SMariusz Drost 111*9dbc4e21SMariusz Drostconfig_remote_xfrm_66() 112*9dbc4e21SMariusz Drost{ 113*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm policy flush 114*9dbc4e21SMariusz Drost ssh ${REMOTE_HOST} ip xfrm state flush 1158f600988SFan Zhang 1168f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy add \ 1178f600988SFan Zhangsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 1188f600988SFan Zhangdir out ptype main action allow \ 1198f600988SFan Zhangtmpl src ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 1208f600988SFan Zhangproto esp mode tunnel reqid 3 1218f600988SFan Zhang 1228f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy add \ 1238f600988SFan Zhangsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 1248f600988SFan Zhangdir in ptype main action allow \ 1258f600988SFan Zhangtmpl src ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 1268f600988SFan Zhangproto esp mode tunnel reqid 4 1278f600988SFan Zhang 1288f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state add \ 1298f600988SFan Zhangsrc ${REMOTE_IPV6} dst ${LOCAL_IPV6} \ 130*9dbc4e21SMariusz Drostproto esp spi 9 reqid 3 mode tunnel replay-window 64 ${XFRM_ESN} \ 1318f600988SFan Zhangauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 1328f600988SFan Zhangenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 1338f600988SFan Zhang 1348f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state add \ 1358f600988SFan Zhangsrc ${LOCAL_IPV6} dst ${REMOTE_IPV6} \ 136*9dbc4e21SMariusz Drostproto esp spi 9 reqid 4 mode tunnel replay-window 64 ${XFRM_ESN} \ 1378f600988SFan Zhangauth sha1 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef \ 1388f600988SFan Zhangenc "rfc3686\(ctr\(aes\)\)" 0xdeadbeefdeadbeefdeadbeefdeadbeefdeadbeef 1398f600988SFan Zhang 1408f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm policy list 1418f600988SFan Zhang ssh ${REMOTE_HOST} ip xfrm state list 1428f600988SFan Zhang} 143