xref: /dpdk/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh (revision 9dbc4e21e752ca98e23205c3d1bac53e03e934b3) 
192978445SKonstantin Ananyev#! /bin/bash
21dc48bceSStephen Hemminger# SPDX-License-Identifier: BSD-3-Clause
392978445SKonstantin Ananyev
492978445SKonstantin AnanyevCRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
592978445SKonstantin Ananyev
692978445SKonstantin Ananyev#generate cfg file for ipsec-secgw
792978445SKonstantin Ananyevconfig_secgw()
892978445SKonstantin Ananyev{
992978445SKonstantin Ananyev	cat <<EOF > ${SGW_CFG_FILE}
1092978445SKonstantin Ananyev#sp in IPv4 rules
1192978445SKonstantin Ananyevsp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
1292978445SKonstantin Ananyevsport 0:65535 dport 0:65535
1392978445SKonstantin Ananyevsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
1492978445SKonstantin Ananyev
1592978445SKonstantin Ananyev#SP out IPv4 rules
1692978445SKonstantin Ananyevsp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
1792978445SKonstantin Ananyevsport 0:65535 dport 0:65535
1892978445SKonstantin Ananyevsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
1992978445SKonstantin Ananyev
2092978445SKonstantin Ananyev#sp in IPv6 rules
2192978445SKonstantin Ananyevsp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
2292978445SKonstantin Ananyevsport 0:65535 dport 0:65535
2392978445SKonstantin Ananyevsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
2492978445SKonstantin Ananyev
2592978445SKonstantin Ananyev#SP out IPv6 rules
2692978445SKonstantin Ananyevsp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
2792978445SKonstantin Ananyevsport 0:65535 dport 0:65535
2892978445SKonstantin Ananyevsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
2992978445SKonstantin Ananyev
3092978445SKonstantin Ananyev#SA in rules
3192978445SKonstantin Ananyevsa in 7 aead_algo aes-128-gcm \
3292978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
33*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
3492978445SKonstantin Ananyev
3592978445SKonstantin Ananyevsa in 9 aead_algo aes-128-gcm \
3692978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
37*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
3892978445SKonstantin Ananyev
3992978445SKonstantin Ananyev#SA out rules
4092978445SKonstantin Ananyevsa out 7 aead_algo aes-128-gcm \
4192978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
42*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
4392978445SKonstantin Ananyev
4492978445SKonstantin Ananyevsa out 9 aead_algo aes-128-gcm \
4592978445SKonstantin Ananyevaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
46*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
47*9dbc4e21SMariusz Drost
48*9dbc4e21SMariusz Drost#Routing rules
49*9dbc4e21SMariusz Drostrt ipv4 dst ${REMOTE_IPV4}/32 port 0
50*9dbc4e21SMariusz Drostrt ipv4 dst ${LOCAL_IPV4}/32 port 1
51*9dbc4e21SMariusz Drost
52*9dbc4e21SMariusz Drostrt ipv6 dst ${REMOTE_IPV6}/128 port 0
53*9dbc4e21SMariusz Drostrt ipv6 dst ${LOCAL_IPV6}/128 port 1
54*9dbc4e21SMariusz Drost
55*9dbc4e21SMariusz Drost#neighbours
56*9dbc4e21SMariusz Drostneigh port 0 ${REMOTE_MAC}
57*9dbc4e21SMariusz Drostneigh port 1 ${LOCAL_MAC}
58*9dbc4e21SMariusz DrostEOF
59*9dbc4e21SMariusz Drost
60*9dbc4e21SMariusz Drost	cat ${SGW_CFG_FILE}
61*9dbc4e21SMariusz Drost}
62*9dbc4e21SMariusz Drost
63*9dbc4e21SMariusz Drostconfig_secgw_mixed()
64*9dbc4e21SMariusz Drost{
65*9dbc4e21SMariusz Drost	cat <<EOF > ${SGW_CFG_FILE}
66*9dbc4e21SMariusz Drost#sp in IPv4 rules
67*9dbc4e21SMariusz Drostsp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
68*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
69*9dbc4e21SMariusz Drostsp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
70*9dbc4e21SMariusz Drost
71*9dbc4e21SMariusz Drost#SP out IPv4 rules
72*9dbc4e21SMariusz Drostsp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
73*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
74*9dbc4e21SMariusz Drostsp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
75*9dbc4e21SMariusz Drost
76*9dbc4e21SMariusz Drost#sp in IPv6 rules
77*9dbc4e21SMariusz Drostsp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
78*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
79*9dbc4e21SMariusz Drostsp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
80*9dbc4e21SMariusz Drost
81*9dbc4e21SMariusz Drost#SP out IPv6 rules
82*9dbc4e21SMariusz Drostsp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
83*9dbc4e21SMariusz Drostsport 0:65535 dport 0:65535
84*9dbc4e21SMariusz Drostsp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
85*9dbc4e21SMariusz Drost
86*9dbc4e21SMariusz Drost#SA in rules
87*9dbc4e21SMariusz Drostsa in 8 aead_algo aes-128-gcm \
88*9dbc4e21SMariusz Drostaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
89*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
90*9dbc4e21SMariusz Drost
91*9dbc4e21SMariusz Drostsa in 6 aead_algo aes-128-gcm \
92*9dbc4e21SMariusz Drostaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
93*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
94*9dbc4e21SMariusz Drost
95*9dbc4e21SMariusz Drost#SA out rules
96*9dbc4e21SMariusz Drostsa out 8 aead_algo aes-128-gcm \
97*9dbc4e21SMariusz Drostaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
98*9dbc4e21SMariusz Drostmode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
99*9dbc4e21SMariusz Drost
100*9dbc4e21SMariusz Drostsa out 6 aead_algo aes-128-gcm \
101*9dbc4e21SMariusz Drostaead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
102*9dbc4e21SMariusz Drostmode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
10392978445SKonstantin Ananyev
10492978445SKonstantin Ananyev#Routing rules
10592978445SKonstantin Ananyevrt ipv4 dst ${REMOTE_IPV4}/32 port 0
10692978445SKonstantin Ananyevrt ipv4 dst ${LOCAL_IPV4}/32 port 1
10792978445SKonstantin Ananyev
10892978445SKonstantin Ananyevrt ipv6 dst ${REMOTE_IPV6}/128 port 0
10992978445SKonstantin Ananyevrt ipv6 dst ${LOCAL_IPV6}/128 port 1
11092978445SKonstantin Ananyev
11192978445SKonstantin Ananyev#neighbours
11292978445SKonstantin Ananyevneigh port 0 ${REMOTE_MAC}
11392978445SKonstantin Ananyevneigh port 1 ${LOCAL_MAC}
11492978445SKonstantin AnanyevEOF
11592978445SKonstantin Ananyev
11692978445SKonstantin Ananyev	cat ${SGW_CFG_FILE}
11792978445SKonstantin Ananyev}
118