xref: /dpdk/examples/ipsec-secgw/test/tun_aesgcm_common_defs.sh (revision 68a03efeed657e6e05f281479b33b51102797e15) 
1#! /bin/bash
2# SPDX-License-Identifier: BSD-3-Clause
3
4CRYPTO_DEV=${CRYPTO_DEV:-'--vdev="crypto_aesni_gcm0"'}
5
6#generate cfg file for ipsec-secgw
7config_secgw()
8{
9	cat <<EOF > ${SGW_CFG_FILE}
10#sp in IPv4 rules
11sp ipv4 in esp protect 7 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
12sport 0:65535 dport 0:65535
13sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
14
15#SP out IPv4 rules
16sp ipv4 out esp protect 7 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
17sport 0:65535 dport 0:65535
18sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
19
20#sp in IPv6 rules
21sp ipv6 in esp protect 9 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
22sport 0:65535 dport 0:65535
23sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
24
25#SP out IPv6 rules
26sp ipv6 out esp protect 9 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
27sport 0:65535 dport 0:65535
28sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
29
30#SA in rules
31sa in 7 aead_algo aes-128-gcm \
32aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
33mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
34
35sa in 9 aead_algo aes-128-gcm \
36aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
37mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
38
39#SA out rules
40sa out 7 aead_algo aes-128-gcm \
41aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
42mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
43
44sa out 9 aead_algo aes-128-gcm \
45aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
46mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
47
48#Routing rules
49rt ipv4 dst ${REMOTE_IPV4}/32 port 0
50rt ipv4 dst ${LOCAL_IPV4}/32 port 1
51
52rt ipv6 dst ${REMOTE_IPV6}/128 port 0
53rt ipv6 dst ${LOCAL_IPV6}/128 port 1
54
55#neighbours
56neigh port 0 ${REMOTE_MAC}
57neigh port 1 ${LOCAL_MAC}
58EOF
59
60	cat ${SGW_CFG_FILE}
61}
62
63config_secgw_mixed()
64{
65	cat <<EOF > ${SGW_CFG_FILE}
66#sp in IPv4 rules
67sp ipv4 in esp protect 6 pri 2 src ${REMOTE_IPV4}/32 dst ${LOCAL_IPV4}/32 \
68sport 0:65535 dport 0:65535
69sp ipv4 in esp bypass pri 1 sport 0:65535 dport 0:65535
70
71#SP out IPv4 rules
72sp ipv4 out esp protect 6 pri 2 src ${LOCAL_IPV4}/32 dst ${REMOTE_IPV4}/32 \
73sport 0:65535 dport 0:65535
74sp ipv4 out esp bypass pri 1 sport 0:65535 dport 0:65535
75
76#sp in IPv6 rules
77sp ipv6 in esp protect 8 pri 2 src ${REMOTE_IPV6}/128 dst ${LOCAL_IPV6}/128 \
78sport 0:65535 dport 0:65535
79sp ipv6 in esp bypass pri 1 sport 0:65535 dport 0:65535
80
81#SP out IPv6 rules
82sp ipv6 out esp protect 8 pri 2 src ${LOCAL_IPV6}/128 dst ${REMOTE_IPV6}/128 \
83sport 0:65535 dport 0:65535
84sp ipv6 out esp bypass pri 1 sport 0:65535 dport 0:65535
85
86#SA in rules
87sa in 8 aead_algo aes-128-gcm \
88aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
89mode ipv4-tunnel src ${REMOTE_IPV4} dst ${LOCAL_IPV4} ${SGW_CFG_XPRM_IN}
90
91sa in 6 aead_algo aes-128-gcm \
92aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
93mode ipv6-tunnel src ${REMOTE_IPV6} dst ${LOCAL_IPV6} ${SGW_CFG_XPRM_IN}
94
95#SA out rules
96sa out 8 aead_algo aes-128-gcm \
97aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
98mode ipv4-tunnel src ${LOCAL_IPV4} dst ${REMOTE_IPV4} ${SGW_CFG_XPRM_OUT}
99
100sa out 6 aead_algo aes-128-gcm \
101aead_key de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef:de:ad:be:ef \
102mode ipv6-tunnel src ${LOCAL_IPV6} dst ${REMOTE_IPV6} ${SGW_CFG_XPRM_OUT}
103
104#Routing rules
105rt ipv4 dst ${REMOTE_IPV4}/32 port 0
106rt ipv4 dst ${LOCAL_IPV4}/32 port 1
107
108rt ipv6 dst ${REMOTE_IPV6}/128 port 0
109rt ipv6 dst ${LOCAL_IPV6}/128 port 1
110
111#neighbours
112neigh port 0 ${REMOTE_MAC}
113neigh port 1 ${LOCAL_MAC}
114EOF
115
116	cat ${SGW_CFG_FILE}
117}
118